diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 7ff4abaf..778c30af 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -1122,6 +1122,12 @@ Example usage: {{/* Generate imagePullSecrets block Accepts a dictionary with "root" (the top-level chart context) and "image" (the component's image configuration object) + +Fallback chain: +1. Component-specific: .image.pullSecrets +2. Defaults: .root.Values.defaults.image.pullSecrets +3. Deprecated root-level: .root.Values.imagePullSecrets + Example usage: {{- include "cloudzero-agent.generateImagePullSecrets" (dict "root" . @@ -1131,7 +1137,7 @@ Example usage: {{- define "cloudzero-agent.generateImagePullSecrets" -}} {{- include "cloudzero-agent.maybeGenerateSection" (dict "name" "imagePullSecrets" - "value" (.image.pullSecrets | default .root.Values.defaults.image.pullSecrets) + "value" (.image.pullSecrets | default .root.Values.defaults.image.pullSecrets | default .root.Values.imagePullSecrets) ) -}} {{- end -}} diff --git a/helm/templates/agent-daemonset.yaml b/helm/templates/agent-daemonset.yaml index e5422a37..d9d6f8cb 100644 --- a/helm/templates/agent-daemonset.yaml +++ b/helm/templates/agent-daemonset.yaml @@ -187,7 +187,7 @@ spec: (.Values.components.agent.federatedNode.securityContext | default (dict)) ) | nindent 6 }} {{- include "cloudzero-agent.generateDNSInfo" (dict "defaults" .Values.defaults.dns) | nindent 6 }} - {{- include "cloudzero-agent.server.imagePullSecrets" . | nindent 6 -}} + {{- include "cloudzero-agent.generateImagePullSecrets" (dict "root" . "image" .Values.components.prometheus.image) | nindent 6 }} {{- include "cloudzero-agent.generateNodeSelector" (dict "default" .Values.defaults.nodeSelector "nodeSelector" .Values.server.nodeSelector) | nindent 6 }} {{- include "cloudzero-agent.generateTolerations" (concat .Values.defaults.tolerations .Values.server.tolerations) | nindent 6 }} {{- include "cloudzero-agent.generateAffinity" (dict "default" .Values.defaults.affinity "affinity" .Values.server.affinity) | nindent 6 }} diff --git a/helm/templates/agent-deploy.yaml b/helm/templates/agent-deploy.yaml index 691e38fd..4660d1cf 100644 --- a/helm/templates/agent-deploy.yaml +++ b/helm/templates/agent-deploy.yaml @@ -307,7 +307,7 @@ spec: (.Values.components.agent.securityContext | default (dict)) ) | nindent 6 }} {{- include "cloudzero-agent.generateDNSInfo" (dict "defaults" .Values.defaults.dns) | nindent 6 }} - {{- include "cloudzero-agent.server.imagePullSecrets" . | nindent 6 -}} + {{- include "cloudzero-agent.generateImagePullSecrets" (dict "root" . "image" .Values.components.prometheus.image) | nindent 6 }} {{- include "cloudzero-agent.generateNodeSelector" (dict "default" .Values.defaults.nodeSelector "nodeSelector" .Values.server.nodeSelector) | nindent 6 }} {{- include "cloudzero-agent.generateTolerations" (concat .Values.defaults.tolerations .Values.server.tolerations) | nindent 6 }} {{- include "cloudzero-agent.generateAffinity" (dict "default" .Values.defaults.affinity "affinity" .Values.server.affinity) | nindent 6 }} diff --git a/helm/templates/aggregator-deploy.yaml b/helm/templates/aggregator-deploy.yaml index 149a9a67..6badcc8b 100644 --- a/helm/templates/aggregator-deploy.yaml +++ b/helm/templates/aggregator-deploy.yaml @@ -156,7 +156,7 @@ spec: (.Values.components.aggregator.securityContext | default (dict)) ) | nindent 6 }} {{- include "cloudzero-agent.generateDNSInfo" (dict "defaults" .Values.defaults.dns) | nindent 6 }} - {{- include "cloudzero-agent.server.imagePullSecrets" . | nindent 6 -}} + {{- include "cloudzero-agent.generateImagePullSecrets" (dict "root" . "image" .Values.components.agent.image) | nindent 6 }} {{- include "cloudzero-agent.generateNodeSelector" (dict "default" .Values.defaults.nodeSelector "nodeSelector" .Values.aggregator.nodeSelector) | nindent 6 }} {{- include "cloudzero-agent.generateAffinity" (dict "default" .Values.defaults.affinity) | nindent 6 }} {{- include "cloudzero-agent.generateTolerations" (concat .Values.defaults.tolerations) | nindent 6 }} diff --git a/helm/templates/aggregator-service.yaml b/helm/templates/aggregator-service.yaml index add6465a..25436100 100644 --- a/helm/templates/aggregator-service.yaml +++ b/helm/templates/aggregator-service.yaml @@ -3,8 +3,15 @@ kind: Service metadata: namespace: {{ .Release.Namespace }} name: {{ include "cloudzero-agent.aggregator.name" . }} - labels: - {{- include "cloudzero-agent.aggregator.labels" . | nindent 4 }} + {{- include "cloudzero-agent.generateLabels" (dict + "root" . + "name" "aggregator" + "labels" (list + .Values.defaults.labels + .Values.commonMetaLabels + .Values.components.aggregator.labels + ) + ) | nindent 2 }} {{- include "cloudzero-agent.generateAnnotations" (dict "root" . "annotations" (list diff --git a/helm/templates/backfill-job.yaml b/helm/templates/backfill-job.yaml index 6df47ee4..b612de60 100644 --- a/helm/templates/backfill-job.yaml +++ b/helm/templates/backfill-job.yaml @@ -119,7 +119,7 @@ spec: serviceAccountName: {{ include "cloudzero-agent.serviceAccountName" $ }} restartPolicy: OnFailure {{- include "cloudzero-agent.generateDNSInfo" (dict "defaults" $.Values.defaults.dns) | nindent 10 }} - {{- include "cloudzero-agent.initBackfillJob.imagePullSecrets" $ | nindent 10 }} + {{- include "cloudzero-agent.generateImagePullSecrets" (dict "root" $ "image" $.Values.components.agent.image) | nindent 10 }} {{- include "cloudzero-agent.generatePriorityClassName" $.Values.defaults.priorityClassName | nindent 10 }} {{- include "cloudzero-agent.generatePodSecurityContext" (mergeOverwrite ($.Values.defaults.securityContext | default (dict)) diff --git a/helm/templates/init-cert-job.yaml b/helm/templates/init-cert-job.yaml index 123b94f2..b6408a41 100644 --- a/helm/templates/init-cert-job.yaml +++ b/helm/templates/init-cert-job.yaml @@ -51,7 +51,7 @@ spec: serviceAccountName: {{ include "cloudzero-agent.initCertJob.serviceAccountName" . }} restartPolicy: Never {{- include "cloudzero-agent.generateDNSInfo" (dict "defaults" .Values.defaults.dns) | nindent 6 }} - {{- include "cloudzero-agent.initCertJob.imagePullSecrets" . | nindent 6 }} + {{- include "cloudzero-agent.generateImagePullSecrets" (dict "root" . "image" .Values.components.agent.image) | nindent 6 }} {{- include "cloudzero-agent.generatePriorityClassName" .Values.defaults.priorityClassName | nindent 6 }} {{- include "cloudzero-agent.generatePodSecurityContext" (mergeOverwrite (.Values.defaults.securityContext | default (dict)) diff --git a/helm/templates/webhook-deploy.yaml b/helm/templates/webhook-deploy.yaml index d50909bd..0f9eab5a 100644 --- a/helm/templates/webhook-deploy.yaml +++ b/helm/templates/webhook-deploy.yaml @@ -83,7 +83,7 @@ spec: ) | nindent 6 }} spec: serviceAccountName: {{ include "cloudzero-agent.serviceAccountName" . }} - {{- include "cloudzero-agent.insightsController.server.imagePullSecrets" . | nindent 6 }} + {{- include "cloudzero-agent.generateImagePullSecrets" (dict "root" . "image" .Values.components.agent.image) | nindent 6 }} {{- include "cloudzero-agent.generatePodSecurityContext" (mergeOverwrite (.Values.defaults.securityContext | default (dict)) (.Values.components.webhookServer.securityContext | default (dict)) diff --git a/helm/tests/config_loader_job_labels_annotations_test.yaml b/helm/tests/config_loader_job_labels_annotations_test.yaml index b81324f3..5c1089cb 100644 --- a/helm/tests/config_loader_job_labels_annotations_test.yaml +++ b/helm/tests/config_loader_job_labels_annotations_test.yaml @@ -1,35 +1,12 @@ -suite: test config-loader job labels and annotations +# Test config-loader job label/annotation merge and override behavior +# +# This file tests that component-specific labels/annotations properly merge with +# and override defaults. For basic "defaults apply" tests, see defaults_job_test.yaml +# and defaults_labels_annotations_all_resources_test.yaml. +suite: test config-loader job labels and annotations merge behavior templates: - templates/config-loader-job.yaml tests: - # Test default labels are applied - - it: should apply default labels to Job metadata - set: - defaults.labels: - custom-label: "default-value" - team: "platform" - asserts: - - equal: - path: metadata.labels["custom-label"] - value: "default-value" - - equal: - path: metadata.labels["team"] - value: "platform" - - # Test default labels are applied to Pod template - - it: should apply default labels to Pod template metadata - set: - defaults.labels: - custom-label: "default-value" - team: "platform" - asserts: - - equal: - path: spec.template.metadata.labels["custom-label"] - value: "default-value" - - equal: - path: spec.template.metadata.labels["team"] - value: "platform" - # Test component-specific labels override defaults - it: should merge component-specific labels with defaults on Job metadata set: @@ -70,34 +47,6 @@ tests: path: spec.template.metadata.labels["environment"] value: "production" - # Test default annotations are applied - - it: should apply default annotations to Job metadata - set: - defaults.annotations: - prometheus.io/scrape: "true" - monitoring.io/alert: "critical" - asserts: - - equal: - path: metadata.annotations["prometheus.io/scrape"] - value: "true" - - equal: - path: metadata.annotations["monitoring.io/alert"] - value: "critical" - - # Test default annotations are applied to Pod template - - it: should apply default annotations to Pod template metadata - set: - defaults.annotations: - prometheus.io/scrape: "true" - monitoring.io/alert: "critical" - asserts: - - equal: - path: spec.template.metadata.annotations["prometheus.io/scrape"] - value: "true" - - equal: - path: spec.template.metadata.annotations["monitoring.io/alert"] - value: "critical" - # Test component-specific annotations override defaults - it: should merge component-specific annotations with defaults on Job metadata set: diff --git a/helm/tests/defaults_certificate_test.yaml b/helm/tests/defaults_certificate_test.yaml new file mode 100644 index 00000000..d12bd7d7 --- /dev/null +++ b/helm/tests/defaults_certificate_test.yaml @@ -0,0 +1,41 @@ +# Test defaults.* properties for Certificate resources +# +# This test validates that Certificate resources properly inherit +# defaults.labels and defaults.annotations from the chart's defaults section. +# +# Certificates only support metadata-level defaults (labels and annotations). +# PodSpec defaults (affinity, tolerations, etc.) do not apply to Certificates. +# +# Templates tested: +# - webhook-certificate.yaml (only renders when insightsController.tls.useCertManager is true) +suite: defaults.* properties apply to Certificate resources +templates: + - webhook-certificate.yaml +tests: + # ============================================================================ + # defaults.labels tests (resource metadata) + # ============================================================================ + - it: should apply defaults.labels to Certificate metadata + set: + defaults.labels: + test-defaults-label: sentinel-value-label + insightsController.enabled: true + insightsController.tls.useCertManager: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + # ============================================================================ + # defaults.annotations tests (resource metadata) + # ============================================================================ + - it: should apply defaults.annotations to Certificate metadata + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + insightsController.enabled: true + insightsController.tls.useCertManager: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation diff --git a/helm/tests/defaults_clusterrole_test.yaml b/helm/tests/defaults_clusterrole_test.yaml new file mode 100644 index 00000000..b2edc5c4 --- /dev/null +++ b/helm/tests/defaults_clusterrole_test.yaml @@ -0,0 +1,101 @@ +# Test defaults.* properties for ClusterRole resources +# +# This test validates that ClusterRole resources properly inherit +# defaults.labels and defaults.annotations from the chart's defaults section. +# +# ClusterRoles only support metadata-level defaults (labels and annotations). +# PodSpec defaults (affinity, tolerations, etc.) do not apply to ClusterRoles. +# +# Templates tested: +# - agent-clusterrole.yaml +# - init-cert-clusterrole.yaml +suite: defaults.* properties apply to ClusterRole resources +templates: + - agent-clusterrole.yaml + - init-cert-clusterrole.yaml +tests: + # ============================================================================ + # defaults.labels tests (resource metadata) + # ============================================================================ + - it: should apply defaults.labels to all ClusterRole metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: ClusterRole + set: + defaults.labels: + test-defaults-label: sentinel-value-label + rbac.create: true + initCertJob.enabled: true + initCertJob.rbac.create: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to agent-clusterrole metadata + template: agent-clusterrole.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + rbac.create: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to init-cert-clusterrole metadata + template: init-cert-clusterrole.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + initCertJob.enabled: true + initCertJob.rbac.create: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + # ============================================================================ + # defaults.annotations tests (resource metadata) + # ============================================================================ + - it: should apply defaults.annotations to all ClusterRole metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: ClusterRole + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + rbac.create: true + initCertJob.enabled: true + initCertJob.rbac.create: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to agent-clusterrole metadata + template: agent-clusterrole.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + rbac.create: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to init-cert-clusterrole metadata + template: init-cert-clusterrole.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + initCertJob.enabled: true + initCertJob.rbac.create: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation diff --git a/helm/tests/defaults_clusterrolebinding_test.yaml b/helm/tests/defaults_clusterrolebinding_test.yaml new file mode 100644 index 00000000..0c9996b2 --- /dev/null +++ b/helm/tests/defaults_clusterrolebinding_test.yaml @@ -0,0 +1,101 @@ +# Test defaults.* properties for ClusterRoleBinding resources +# +# This test validates that ClusterRoleBinding resources properly inherit +# defaults.labels and defaults.annotations from the chart's defaults section. +# +# ClusterRoleBindings only support metadata-level defaults (labels and annotations). +# PodSpec defaults (affinity, tolerations, etc.) do not apply to ClusterRoleBindings. +# +# Templates tested: +# - agent-clusterrolebinding.yaml +# - init-cert-clusterrolebinding.yaml +suite: defaults.* properties apply to ClusterRoleBinding resources +templates: + - agent-clusterrolebinding.yaml + - init-cert-clusterrolebinding.yaml +tests: + # ============================================================================ + # defaults.labels tests (resource metadata) + # ============================================================================ + - it: should apply defaults.labels to all ClusterRoleBinding metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: ClusterRoleBinding + set: + defaults.labels: + test-defaults-label: sentinel-value-label + rbac.create: true + initCertJob.enabled: true + initCertJob.rbac.create: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to agent-clusterrolebinding metadata + template: agent-clusterrolebinding.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + rbac.create: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to init-cert-clusterrolebinding metadata + template: init-cert-clusterrolebinding.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + initCertJob.enabled: true + initCertJob.rbac.create: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + # ============================================================================ + # defaults.annotations tests (resource metadata) + # ============================================================================ + - it: should apply defaults.annotations to all ClusterRoleBinding metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: ClusterRoleBinding + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + rbac.create: true + initCertJob.enabled: true + initCertJob.rbac.create: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to agent-clusterrolebinding metadata + template: agent-clusterrolebinding.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + rbac.create: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to init-cert-clusterrolebinding metadata + template: init-cert-clusterrolebinding.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + initCertJob.enabled: true + initCertJob.rbac.create: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation diff --git a/helm/tests/defaults_configmap_test.yaml b/helm/tests/defaults_configmap_test.yaml new file mode 100644 index 00000000..b8235320 --- /dev/null +++ b/helm/tests/defaults_configmap_test.yaml @@ -0,0 +1,185 @@ +# Test defaults.* properties for ConfigMap resources +# +# This test validates that ConfigMap resources properly inherit +# defaults.labels and defaults.annotations from the chart's defaults section. +# +# ConfigMaps only support metadata-level defaults (labels and annotations). +# PodSpec defaults (affinity, tolerations, etc.) do not apply to ConfigMaps. +# +# Templates tested: +# - agent-cm.yaml +# - aggregator-cm.yaml +# - webhook-cm.yaml +# - validator-cm.yaml +# - helmless-cm.yaml +# - agent-daemonset-cm.yaml +suite: defaults.* properties apply to ConfigMap resources +templates: + - agent-cm.yaml + - aggregator-cm.yaml + - webhook-cm.yaml + - validator-cm.yaml + - helmless-cm.yaml + - agent-daemonset-cm.yaml +tests: + # ============================================================================ + # defaults.labels tests (resource metadata) + # ============================================================================ + - it: should apply defaults.labels to all ConfigMap metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: ConfigMap + set: + defaults.labels: + test-defaults-label: sentinel-value-label + insightsController.enabled: true + components.agent.mode: federated + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to agent-cm metadata + template: agent-cm.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to aggregator-cm metadata + template: aggregator-cm.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to webhook-cm metadata + template: webhook-cm.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + insightsController.enabled: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to validator-cm metadata + template: validator-cm.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to helmless-cm metadata + template: helmless-cm.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to agent-daemonset-cm metadata + template: agent-daemonset-cm.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + components.agent.mode: federated + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + # ============================================================================ + # defaults.annotations tests (resource metadata) + # ============================================================================ + - it: should apply defaults.annotations to all ConfigMap metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: ConfigMap + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + insightsController.enabled: true + components.agent.mode: federated + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to agent-cm metadata + template: agent-cm.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to aggregator-cm metadata + template: aggregator-cm.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to webhook-cm metadata + template: webhook-cm.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + insightsController.enabled: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to validator-cm metadata + template: validator-cm.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to helmless-cm metadata + template: helmless-cm.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to agent-daemonset-cm metadata + template: agent-daemonset-cm.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + components.agent.mode: federated + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation diff --git a/helm/tests/defaults_cronjob_test.yaml b/helm/tests/defaults_cronjob_test.yaml new file mode 100644 index 00000000..f10bd738 --- /dev/null +++ b/helm/tests/defaults_cronjob_test.yaml @@ -0,0 +1,227 @@ +# Test defaults.* properties for CronJob resources +# +# This test validates that CronJob resources properly inherit all applicable +# defaults from the chart's defaults section, including: +# - Metadata defaults: labels, annotations +# - PodSpec defaults: affinity, tolerations, nodeSelector, priorityClassName, +# dns.policy, dns.config, securityContext, image settings +# +# Note: CronJob has nested job template, so paths are deeper: +# - Pod template: spec.jobTemplate.spec.template +# - Pod spec: spec.jobTemplate.spec.template.spec +# +# Templates tested: +# - backfill-job.yaml (produces CronJob at document index 0) +suite: defaults.* properties apply to CronJob resources +templates: + - backfill-job.yaml +tests: + # ============================================================================ + # defaults.labels tests (resource metadata) + # ============================================================================ + - it: should apply defaults.labels to CronJob metadata + documentSelector: + path: kind + value: CronJob + set: + defaults.labels: + test-defaults-label: sentinel-value-label + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + # ============================================================================ + # defaults.annotations tests (resource metadata) + # ============================================================================ + - it: should apply defaults.annotations to CronJob metadata + documentSelector: + path: kind + value: CronJob + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + # ============================================================================ + # defaults.affinity tests + # ============================================================================ + - it: should apply defaults.affinity to CronJob resources + documentSelector: + path: kind + value: CronJob + set: + defaults.affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: test-defaults-affinity + operator: In + values: + - test-value + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.jobTemplate.spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key + value: test-defaults-affinity + + # ============================================================================ + # defaults.tolerations tests + # ============================================================================ + - it: should apply defaults.tolerations to CronJob resources + documentSelector: + path: kind + value: CronJob + set: + defaults.tolerations: + - key: test-defaults-toleration + operator: Equal + value: test-value + effect: NoSchedule + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.jobTemplate.spec.template.spec.tolerations[0].key + value: test-defaults-toleration + + # ============================================================================ + # defaults.nodeSelector tests + # ============================================================================ + - it: should apply defaults.nodeSelector to CronJob resources + documentSelector: + path: kind + value: CronJob + set: + defaults.nodeSelector: + test-defaults-node-selector: test-value + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.jobTemplate.spec.template.spec.nodeSelector.test-defaults-node-selector + value: test-value + + # ============================================================================ + # defaults.priorityClassName tests + # ============================================================================ + - it: should apply defaults.priorityClassName to CronJob resources + documentSelector: + path: kind + value: CronJob + set: + defaults.priorityClassName: test-defaults-priority-class + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.jobTemplate.spec.template.spec.priorityClassName + value: test-defaults-priority-class + + # ============================================================================ + # defaults.dns.policy tests + # ============================================================================ + - it: should apply defaults.dns.policy to CronJob resources + documentSelector: + path: kind + value: CronJob + set: + defaults.dns.policy: None + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.jobTemplate.spec.template.spec.dnsPolicy + value: None + + # ============================================================================ + # defaults.dns.config tests + # ============================================================================ + - it: should apply defaults.dns.config to CronJob resources + documentSelector: + path: kind + value: CronJob + set: + defaults.dns.config: + nameservers: + - "1.2.3.4" + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.jobTemplate.spec.template.spec.dnsConfig.nameservers[0] + value: "1.2.3.4" + + # ============================================================================ + # defaults.securityContext tests + # ============================================================================ + - it: should apply defaults.securityContext to CronJob pod specs + documentSelector: + path: kind + value: CronJob + set: + defaults.securityContext: + runAsUser: 12345 + runAsNonRoot: true + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.jobTemplate.spec.template.spec.securityContext.runAsUser + value: 12345 + + # ============================================================================ + # defaults.image.pullPolicy tests + # ============================================================================ + - it: should apply defaults.image.pullPolicy to CronJob containers + documentSelector: + path: kind + value: CronJob + set: + defaults.image.pullPolicy: Always + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].imagePullPolicy + value: Always + + # ============================================================================ + # defaults.image.pullSecrets tests + # ============================================================================ + - it: should apply defaults.image.pullSecrets to CronJob resources + documentSelector: + path: kind + value: CronJob + set: + defaults.image.pullSecrets: + - name: test-defaults-pull-secret + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.jobTemplate.spec.template.spec.imagePullSecrets[0].name + value: test-defaults-pull-secret + + - it: should fall back to deprecated imagePullSecrets when defaults.image.pullSecrets is not set + documentSelector: + path: kind + value: CronJob + set: + imagePullSecrets: + - name: deprecated-pull-secret + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.jobTemplate.spec.template.spec.imagePullSecrets[0].name + value: deprecated-pull-secret diff --git a/helm/tests/defaults_daemonset_test.yaml b/helm/tests/defaults_daemonset_test.yaml new file mode 100644 index 00000000..fbbd5f72 --- /dev/null +++ b/helm/tests/defaults_daemonset_test.yaml @@ -0,0 +1,177 @@ +# Test defaults.* properties for DaemonSet resources +# +# This test validates that DaemonSet resources properly inherit all applicable +# defaults from the chart's defaults section, including: +# - Metadata defaults: labels, annotations +# - PodSpec defaults: affinity, tolerations, nodeSelector, priorityClassName, +# dns.policy, dns.config, securityContext, image settings +# +# Note: DaemonSets do not support replicas (they run on all matching nodes). +# +# Templates tested: +# - agent-daemonset.yaml (only renders when components.agent.mode is "federated") +suite: defaults.* properties apply to DaemonSet resources +templates: + - agent-daemonset.yaml +tests: + # ============================================================================ + # defaults.labels tests (resource metadata) + # ============================================================================ + - it: should apply defaults.labels to DaemonSet metadata + set: + defaults.labels: + test-defaults-label: sentinel-value-label + components.agent.mode: federated + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + # ============================================================================ + # defaults.annotations tests (resource metadata) + # ============================================================================ + - it: should apply defaults.annotations to DaemonSet metadata + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + components.agent.mode: federated + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + # ============================================================================ + # defaults.affinity tests + # ============================================================================ + - it: should apply defaults.affinity to DaemonSet resources + set: + defaults.affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: test-defaults-affinity + operator: In + values: + - test-value + components.agent.mode: federated + asserts: + - equal: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key + value: test-defaults-affinity + + # ============================================================================ + # defaults.tolerations tests + # ============================================================================ + - it: should apply defaults.tolerations to DaemonSet resources + set: + defaults.tolerations: + - key: test-defaults-toleration + operator: Equal + value: test-value + effect: NoSchedule + components.agent.mode: federated + asserts: + - equal: + path: spec.template.spec.tolerations[0].key + value: test-defaults-toleration + + # ============================================================================ + # defaults.nodeSelector tests + # ============================================================================ + - it: should apply defaults.nodeSelector to DaemonSet resources + set: + defaults.nodeSelector: + test-defaults-node-selector: test-value + components.agent.mode: federated + asserts: + - equal: + path: spec.template.spec.nodeSelector.test-defaults-node-selector + value: test-value + + # ============================================================================ + # defaults.priorityClassName tests + # ============================================================================ + - it: should apply defaults.priorityClassName to DaemonSet resources + set: + defaults.priorityClassName: test-defaults-priority-class + components.agent.mode: federated + asserts: + - equal: + path: spec.template.spec.priorityClassName + value: test-defaults-priority-class + + # ============================================================================ + # defaults.dns.policy tests + # ============================================================================ + - it: should apply defaults.dns.policy to DaemonSet resources + set: + defaults.dns.policy: None + components.agent.mode: federated + asserts: + - equal: + path: spec.template.spec.dnsPolicy + value: None + + # ============================================================================ + # defaults.dns.config tests + # ============================================================================ + - it: should apply defaults.dns.config to DaemonSet resources + set: + defaults.dns.config: + nameservers: + - "1.2.3.4" + components.agent.mode: federated + asserts: + - equal: + path: spec.template.spec.dnsConfig.nameservers[0] + value: "1.2.3.4" + + # ============================================================================ + # defaults.securityContext tests + # ============================================================================ + - it: should apply defaults.securityContext to DaemonSet pod specs + set: + defaults.securityContext: + runAsUser: 12345 + runAsNonRoot: true + components.agent.mode: federated + asserts: + - equal: + path: spec.template.spec.securityContext.runAsUser + value: 12345 + + # ============================================================================ + # defaults.image.pullPolicy tests + # ============================================================================ + - it: should apply defaults.image.pullPolicy to DaemonSet containers + set: + defaults.image.pullPolicy: Always + components.agent.mode: federated + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + + # ============================================================================ + # defaults.image.pullSecrets tests + # ============================================================================ + - it: should apply defaults.image.pullSecrets to DaemonSet resources + set: + defaults.image.pullSecrets: + - name: test-defaults-pull-secret + components.agent.mode: federated + asserts: + - equal: + path: spec.template.spec.imagePullSecrets[0].name + value: test-defaults-pull-secret + + - it: should fall back to deprecated imagePullSecrets when defaults.image.pullSecrets is not set + set: + imagePullSecrets: + - name: deprecated-pull-secret + components.agent.mode: federated + asserts: + - equal: + path: spec.template.spec.imagePullSecrets[0].name + value: deprecated-pull-secret diff --git a/helm/tests/defaults_deployment_test.yaml b/helm/tests/defaults_deployment_test.yaml new file mode 100644 index 00000000..5ef7031f --- /dev/null +++ b/helm/tests/defaults_deployment_test.yaml @@ -0,0 +1,268 @@ +# Test defaults.* properties for Deployment resources +# +# This test validates that Deployment resources properly inherit all applicable +# defaults from the chart's defaults section, including: +# - Metadata defaults: labels, annotations +# - PodSpec defaults: affinity, tolerations, nodeSelector, priorityClassName, +# dns.policy, dns.config, securityContext, image settings +# +# Note: Pod template metadata (podLabels, podAnnotations) is set at the component +# level, not the defaults level. +# +# Templates tested: +# - agent-deploy.yaml +# - aggregator-deploy.yaml +# - webhook-deploy.yaml +suite: defaults.* properties apply to Deployment resources +templates: + - agent-deploy.yaml + - aggregator-deploy.yaml + - webhook-deploy.yaml +tests: + # ============================================================================ + # defaults.labels tests (resource metadata) + # ============================================================================ + - it: should apply defaults.labels to all Deployment metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Deployment + set: + defaults.labels: + test-defaults-label: sentinel-value-label + components.agent.mode: agent + insightsController.enabled: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + # ============================================================================ + # defaults.annotations tests (resource metadata) + # ============================================================================ + - it: should apply defaults.annotations to all Deployment metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Deployment + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + components.agent.mode: agent + insightsController.enabled: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + # ============================================================================ + # defaults.affinity tests + # ============================================================================ + - it: should apply defaults.affinity to all Deployment resources + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Deployment + set: + defaults.affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: test-defaults-affinity + operator: In + values: + - test-value + components.agent.mode: agent + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key + value: test-defaults-affinity + + # ============================================================================ + # defaults.tolerations tests + # ============================================================================ + - it: should apply defaults.tolerations to all Deployment resources + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Deployment + set: + defaults.tolerations: + - key: test-defaults-toleration + operator: Equal + value: test-value + effect: NoSchedule + components.agent.mode: agent + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.tolerations[0].key + value: test-defaults-toleration + + # ============================================================================ + # defaults.nodeSelector tests + # ============================================================================ + - it: should apply defaults.nodeSelector to all Deployment resources + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Deployment + set: + defaults.nodeSelector: + test-defaults-node-selector: test-value + components.agent.mode: agent + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.nodeSelector.test-defaults-node-selector + value: test-value + + # ============================================================================ + # defaults.priorityClassName tests + # ============================================================================ + - it: should apply defaults.priorityClassName to all Deployment resources + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Deployment + set: + defaults.priorityClassName: test-defaults-priority-class + components.agent.mode: agent + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.priorityClassName + value: test-defaults-priority-class + + # ============================================================================ + # defaults.dns.policy tests + # ============================================================================ + - it: should apply defaults.dns.policy to all Deployment resources + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Deployment + set: + defaults.dns.policy: None + components.agent.mode: agent + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.dnsPolicy + value: None + + # ============================================================================ + # defaults.dns.config tests + # ============================================================================ + - it: should apply defaults.dns.config to all Deployment resources + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Deployment + set: + defaults.dns.config: + nameservers: + - "1.2.3.4" + components.agent.mode: agent + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.dnsConfig.nameservers[0] + value: "1.2.3.4" + + # ============================================================================ + # defaults.securityContext tests + # ============================================================================ + - it: should apply defaults.securityContext to all Deployment pod specs + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Deployment + set: + defaults.securityContext: + runAsUser: 12345 + runAsNonRoot: true + components.agent.mode: agent + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.securityContext.runAsUser + value: 12345 + + # ============================================================================ + # defaults.image.pullPolicy tests + # ============================================================================ + - it: should apply defaults.image.pullPolicy to agent-deploy containers + template: agent-deploy.yaml + set: + defaults.image.pullPolicy: Always + components.agent.mode: agent + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + + - it: should apply defaults.image.pullPolicy to aggregator-deploy containers + template: aggregator-deploy.yaml + set: + defaults.image.pullPolicy: Always + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + + - it: should apply defaults.image.pullPolicy to webhook-deploy containers + template: webhook-deploy.yaml + set: + defaults.image.pullPolicy: Always + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + + # ============================================================================ + # defaults.image.pullSecrets tests + # ============================================================================ + - it: should apply defaults.image.pullSecrets to all Deployment resources + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Deployment + set: + defaults.image.pullSecrets: + - name: test-defaults-pull-secret + components.agent.mode: agent + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.imagePullSecrets[0].name + value: test-defaults-pull-secret + + - it: should fall back to deprecated imagePullSecrets when defaults.image.pullSecrets is not set + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Deployment + set: + imagePullSecrets: + - name: deprecated-pull-secret + components.agent.mode: agent + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.imagePullSecrets[0].name + value: deprecated-pull-secret diff --git a/helm/tests/defaults_horizontalpodautoscaler_test.yaml b/helm/tests/defaults_horizontalpodautoscaler_test.yaml new file mode 100644 index 00000000..02ae7655 --- /dev/null +++ b/helm/tests/defaults_horizontalpodautoscaler_test.yaml @@ -0,0 +1,105 @@ +# Test defaults.* properties for HorizontalPodAutoscaler resources +# +# This test validates that HorizontalPodAutoscaler resources properly inherit +# defaults.labels and defaults.annotations from the chart's defaults section. +# +# HPAs only support metadata-level defaults (labels and annotations). +# PodSpec defaults (affinity, tolerations, etc.) do not apply to HPAs. +# +# Templates tested: +# - agent-hpa.yaml (only renders when components.agent.mode is "clustered" and autoscaling enabled) +# - webhook-hpa.yaml (only renders when insightsController and autoscaling enabled) +suite: defaults.* properties apply to HorizontalPodAutoscaler resources +templates: + - agent-hpa.yaml + - webhook-hpa.yaml +tests: + # ============================================================================ + # defaults.labels tests (resource metadata) + # ============================================================================ + - it: should apply defaults.labels to all HorizontalPodAutoscaler metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: HorizontalPodAutoscaler + set: + defaults.labels: + test-defaults-label: sentinel-value-label + components.agent.mode: clustered + components.agent.autoscaling.enabled: true + insightsController.enabled: true + components.webhookServer.autoscaling.enabled: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to agent-hpa metadata + template: agent-hpa.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + components.agent.mode: clustered + components.agent.autoscaling.enabled: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to webhook-hpa metadata + template: webhook-hpa.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + insightsController.enabled: true + components.webhookServer.autoscaling.enabled: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + # ============================================================================ + # defaults.annotations tests (resource metadata) + # ============================================================================ + - it: should apply defaults.annotations to all HorizontalPodAutoscaler metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: HorizontalPodAutoscaler + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + components.agent.mode: clustered + components.agent.autoscaling.enabled: true + insightsController.enabled: true + components.webhookServer.autoscaling.enabled: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to agent-hpa metadata + template: agent-hpa.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + components.agent.mode: clustered + components.agent.autoscaling.enabled: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to webhook-hpa metadata + template: webhook-hpa.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + insightsController.enabled: true + components.webhookServer.autoscaling.enabled: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation diff --git a/helm/tests/defaults_issuer_test.yaml b/helm/tests/defaults_issuer_test.yaml new file mode 100644 index 00000000..ff402736 --- /dev/null +++ b/helm/tests/defaults_issuer_test.yaml @@ -0,0 +1,41 @@ +# Test defaults.* properties for Issuer resources +# +# This test validates that Issuer resources properly inherit +# defaults.labels and defaults.annotations from the chart's defaults section. +# +# Issuers only support metadata-level defaults (labels and annotations). +# PodSpec defaults (affinity, tolerations, etc.) do not apply to Issuers. +# +# Templates tested: +# - agent-issuer.yaml (only renders when insightsController.tls.useCertManager is true) +suite: defaults.* properties apply to Issuer resources +templates: + - agent-issuer.yaml +tests: + # ============================================================================ + # defaults.labels tests (resource metadata) + # ============================================================================ + - it: should apply defaults.labels to Issuer metadata + set: + defaults.labels: + test-defaults-label: sentinel-value-label + insightsController.enabled: true + insightsController.tls.useCertManager: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + # ============================================================================ + # defaults.annotations tests (resource metadata) + # ============================================================================ + - it: should apply defaults.annotations to Issuer metadata + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + insightsController.enabled: true + insightsController.tls.useCertManager: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation diff --git a/helm/tests/defaults_job_test.yaml b/helm/tests/defaults_job_test.yaml new file mode 100644 index 00000000..f37d1eea --- /dev/null +++ b/helm/tests/defaults_job_test.yaml @@ -0,0 +1,277 @@ +# Test defaults.* properties for Job resources +# +# This test validates that Job resources properly inherit all applicable +# defaults from the chart's defaults section, including: +# - Metadata defaults: labels, annotations +# - PodSpec defaults: affinity, tolerations, nodeSelector, priorityClassName, +# dns.policy, dns.config, securityContext, image settings +# +# Templates tested: +# - config-loader-job.yaml +# - helmless-job.yaml +# - init-cert-job.yaml +# - backfill-job.yaml (produces both CronJob at index 0 and Job at index 1) +suite: defaults.* properties apply to Job resources +templates: + - config-loader-job.yaml + - helmless-job.yaml + - init-cert-job.yaml + - backfill-job.yaml +tests: + # ============================================================================ + # defaults.labels tests (resource metadata) + # ============================================================================ + - it: should apply defaults.labels to all Job metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Job + set: + defaults.labels: + test-defaults-label: sentinel-value-label + initCertJob.enabled: true + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + # ============================================================================ + # defaults.annotations tests (resource metadata) + # ============================================================================ + - it: should apply defaults.annotations to all Job metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Job + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + initCertJob.enabled: true + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + # ============================================================================ + # defaults.affinity tests + # ============================================================================ + - it: should apply defaults.affinity to all Job resources + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Job + set: + defaults.affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: test-defaults-affinity + operator: In + values: + - test-value + initCertJob.enabled: true + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key + value: test-defaults-affinity + + # ============================================================================ + # defaults.tolerations tests + # ============================================================================ + - it: should apply defaults.tolerations to all Job resources + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Job + set: + defaults.tolerations: + - key: test-defaults-toleration + operator: Equal + value: test-value + effect: NoSchedule + initCertJob.enabled: true + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.tolerations[0].key + value: test-defaults-toleration + + # ============================================================================ + # defaults.nodeSelector tests + # ============================================================================ + - it: should apply defaults.nodeSelector to all Job resources + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Job + set: + defaults.nodeSelector: + test-defaults-node-selector: test-value + initCertJob.enabled: true + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.nodeSelector.test-defaults-node-selector + value: test-value + + # ============================================================================ + # defaults.priorityClassName tests + # ============================================================================ + - it: should apply defaults.priorityClassName to all Job resources + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Job + set: + defaults.priorityClassName: test-defaults-priority-class + initCertJob.enabled: true + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.priorityClassName + value: test-defaults-priority-class + + # ============================================================================ + # defaults.dns.policy tests + # ============================================================================ + - it: should apply defaults.dns.policy to all Job resources + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Job + set: + defaults.dns.policy: None + initCertJob.enabled: true + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.dnsPolicy + value: None + + # ============================================================================ + # defaults.dns.config tests + # ============================================================================ + - it: should apply defaults.dns.config to all Job resources + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Job + set: + defaults.dns.config: + nameservers: + - "1.2.3.4" + initCertJob.enabled: true + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.dnsConfig.nameservers[0] + value: "1.2.3.4" + + # ============================================================================ + # defaults.securityContext tests + # ============================================================================ + - it: should apply defaults.securityContext to all Job pod specs + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Job + set: + defaults.securityContext: + runAsUser: 12345 + runAsNonRoot: true + initCertJob.enabled: true + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.securityContext.runAsUser + value: 12345 + + # ============================================================================ + # defaults.image.pullPolicy tests + # ============================================================================ + - it: should apply defaults.image.pullPolicy to config-loader-job containers + template: config-loader-job.yaml + set: + defaults.image.pullPolicy: Always + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + + - it: should apply defaults.image.pullPolicy to helmless-job containers + template: helmless-job.yaml + set: + defaults.image.pullPolicy: Always + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + + - it: should apply defaults.image.pullPolicy to init-cert-job containers + template: init-cert-job.yaml + set: + defaults.image.pullPolicy: Always + initCertJob.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + + # ============================================================================ + # defaults.image.pullSecrets tests + # ============================================================================ + - it: should apply defaults.image.pullSecrets to all Job resources + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Job + set: + defaults.image.pullSecrets: + - name: test-defaults-pull-secret + initCertJob.enabled: true + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.imagePullSecrets[0].name + value: test-defaults-pull-secret + + - it: should fall back to deprecated imagePullSecrets when defaults.image.pullSecrets is not set + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Job + set: + imagePullSecrets: + - name: deprecated-pull-secret + initCertJob.enabled: true + initBackfillJob.enabled: true + insightsController.enabled: true + asserts: + - equal: + path: spec.template.spec.imagePullSecrets[0].name + value: deprecated-pull-secret diff --git a/helm/tests/defaults_persistentvolumeclaim_test.yaml b/helm/tests/defaults_persistentvolumeclaim_test.yaml new file mode 100644 index 00000000..d1ca5e27 --- /dev/null +++ b/helm/tests/defaults_persistentvolumeclaim_test.yaml @@ -0,0 +1,39 @@ +# Test defaults.* properties for PersistentVolumeClaim resources +# +# This test validates that PersistentVolumeClaim resources properly inherit +# defaults.labels and defaults.annotations from the chart's defaults section. +# +# PVCs only support metadata-level defaults (labels and annotations). +# PodSpec defaults (affinity, tolerations, etc.) do not apply to PVCs. +# +# Templates tested: +# - agent-pvc.yaml +suite: defaults.* properties apply to PersistentVolumeClaim resources +templates: + - agent-pvc.yaml +tests: + # ============================================================================ + # defaults.labels tests (resource metadata) + # ============================================================================ + - it: should apply defaults.labels to PersistentVolumeClaim metadata + set: + defaults.labels: + test-defaults-label: sentinel-value-label + server.persistentVolume.enabled: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + # ============================================================================ + # defaults.annotations tests (resource metadata) + # ============================================================================ + - it: should apply defaults.annotations to PersistentVolumeClaim metadata + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + server.persistentVolume.enabled: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation diff --git a/helm/tests/defaults_secret_test.yaml b/helm/tests/defaults_secret_test.yaml new file mode 100644 index 00000000..3fd34281 --- /dev/null +++ b/helm/tests/defaults_secret_test.yaml @@ -0,0 +1,109 @@ +# Test defaults.* properties for Secret resources +# +# This test validates that Secret resources properly inherit +# defaults.labels and defaults.annotations from the chart's defaults section. +# +# Secrets only support metadata-level defaults (labels and annotations). +# PodSpec defaults (affinity, tolerations, etc.) do not apply to Secrets. +# +# Templates tested: +# - aggregator-secret.yaml (only renders when apiKey is set) +# - webhook-tls-secret.yaml (only renders when insightsController.tls.secret.create is true) +suite: defaults.* properties apply to Secret resources +templates: + - aggregator-secret.yaml + - webhook-tls-secret.yaml +tests: + # ============================================================================ + # defaults.labels tests (resource metadata) + # ============================================================================ + - it: should apply defaults.labels to all Secret metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Secret + set: + defaults.labels: + test-defaults-label: sentinel-value-label + apiKey: test-api-key-for-secret + existingSecretName: null + insightsController.enabled: true + insightsController.tls.secret.create: true + insightsController.tls.useCertManager: false + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to aggregator-secret metadata + template: aggregator-secret.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + apiKey: test-api-key-for-secret + existingSecretName: null + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to webhook-tls-secret metadata + template: webhook-tls-secret.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + insightsController.enabled: true + insightsController.tls.secret.create: true + insightsController.tls.useCertManager: false + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + # ============================================================================ + # defaults.annotations tests (resource metadata) + # ============================================================================ + - it: should apply defaults.annotations to all Secret metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Secret + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + apiKey: test-api-key-for-secret + existingSecretName: null + insightsController.enabled: true + insightsController.tls.secret.create: true + insightsController.tls.useCertManager: false + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to aggregator-secret metadata + template: aggregator-secret.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + apiKey: test-api-key-for-secret + existingSecretName: null + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to webhook-tls-secret metadata + template: webhook-tls-secret.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + insightsController.enabled: true + insightsController.tls.secret.create: true + insightsController.tls.useCertManager: false + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation diff --git a/helm/tests/defaults_service_test.yaml b/helm/tests/defaults_service_test.yaml new file mode 100644 index 00000000..9aa083d5 --- /dev/null +++ b/helm/tests/defaults_service_test.yaml @@ -0,0 +1,93 @@ +# Test defaults.* properties for Service resources +# +# This test validates that Service resources properly inherit +# defaults.labels and defaults.annotations from the chart's defaults section. +# +# Services only support metadata-level defaults (labels and annotations). +# PodSpec defaults (affinity, tolerations, etc.) do not apply to Services. +# +# Templates tested: +# - aggregator-service.yaml +# - webhook-service.yaml +suite: defaults.* properties apply to Service resources +templates: + - aggregator-service.yaml + - webhook-service.yaml +tests: + # ============================================================================ + # defaults.labels tests (resource metadata) + # ============================================================================ + - it: should apply defaults.labels to all Service metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Service + set: + defaults.labels: + test-defaults-label: sentinel-value-label + insightsController.enabled: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to aggregator-service metadata + template: aggregator-service.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to webhook-service metadata + template: webhook-service.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + insightsController.enabled: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + # ============================================================================ + # defaults.annotations tests (resource metadata) + # ============================================================================ + - it: should apply defaults.annotations to all Service metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: Service + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + insightsController.enabled: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to aggregator-service metadata + template: aggregator-service.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to webhook-service metadata + template: webhook-service.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + insightsController.enabled: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation diff --git a/helm/tests/defaults_serviceaccount_test.yaml b/helm/tests/defaults_serviceaccount_test.yaml new file mode 100644 index 00000000..11d7f569 --- /dev/null +++ b/helm/tests/defaults_serviceaccount_test.yaml @@ -0,0 +1,97 @@ +# Test defaults.* properties for ServiceAccount resources +# +# This test validates that ServiceAccount resources properly inherit +# defaults.labels and defaults.annotations from the chart's defaults section. +# +# ServiceAccounts only support metadata-level defaults (labels and annotations). +# PodSpec defaults (affinity, tolerations, etc.) do not apply to ServiceAccounts. +# +# Templates tested: +# - agent-serviceaccount.yaml +# - webhook-serviceaccount.yaml +suite: defaults.* properties apply to ServiceAccount resources +templates: + - agent-serviceaccount.yaml + - webhook-serviceaccount.yaml +tests: + # ============================================================================ + # defaults.labels tests (resource metadata) + # ============================================================================ + - it: should apply defaults.labels to all ServiceAccount metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: ServiceAccount + set: + defaults.labels: + test-defaults-label: sentinel-value-label + serviceAccount.create: true + insightsController.enabled: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to agent-serviceaccount metadata + template: agent-serviceaccount.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + serviceAccount.create: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + - it: should apply defaults.labels to webhook-serviceaccount metadata + template: webhook-serviceaccount.yaml + set: + defaults.labels: + test-defaults-label: sentinel-value-label + insightsController.enabled: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + # ============================================================================ + # defaults.annotations tests (resource metadata) + # ============================================================================ + - it: should apply defaults.annotations to all ServiceAccount metadata + documentSelector: + matchMany: true + path: kind + skipEmptyTemplates: true + value: ServiceAccount + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + serviceAccount.create: true + insightsController.enabled: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to agent-serviceaccount metadata + template: agent-serviceaccount.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + serviceAccount.create: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation + + - it: should apply defaults.annotations to webhook-serviceaccount metadata + template: webhook-serviceaccount.yaml + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + insightsController.enabled: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation diff --git a/helm/tests/defaults_validatingwebhookconfiguration_test.yaml b/helm/tests/defaults_validatingwebhookconfiguration_test.yaml new file mode 100644 index 00000000..7b3e2225 --- /dev/null +++ b/helm/tests/defaults_validatingwebhookconfiguration_test.yaml @@ -0,0 +1,39 @@ +# Test defaults.* properties for ValidatingWebhookConfiguration resources +# +# This test validates that ValidatingWebhookConfiguration resources properly inherit +# defaults.labels and defaults.annotations from the chart's defaults section. +# +# ValidatingWebhookConfigurations only support metadata-level defaults (labels and annotations). +# PodSpec defaults (affinity, tolerations, etc.) do not apply to ValidatingWebhookConfigurations. +# +# Templates tested: +# - webhook-validating-config.yaml +suite: defaults.* properties apply to ValidatingWebhookConfiguration resources +templates: + - webhook-validating-config.yaml +tests: + # ============================================================================ + # defaults.labels tests (resource metadata) + # ============================================================================ + - it: should apply defaults.labels to ValidatingWebhookConfiguration metadata + set: + defaults.labels: + test-defaults-label: sentinel-value-label + insightsController.enabled: true + asserts: + - equal: + path: metadata.labels.test-defaults-label + value: sentinel-value-label + + # ============================================================================ + # defaults.annotations tests (resource metadata) + # ============================================================================ + - it: should apply defaults.annotations to ValidatingWebhookConfiguration metadata + set: + defaults.annotations: + test-defaults-annotation: sentinel-value-annotation + insightsController.enabled: true + asserts: + - equal: + path: metadata.annotations.test-defaults-annotation + value: sentinel-value-annotation diff --git a/helm/tests/helmless_job_labels_annotations_test.yaml b/helm/tests/helmless_job_labels_annotations_test.yaml index 49b04e7a..d6c467b4 100644 --- a/helm/tests/helmless_job_labels_annotations_test.yaml +++ b/helm/tests/helmless_job_labels_annotations_test.yaml @@ -1,35 +1,12 @@ -suite: test helmless job labels and annotations +# Test helmless job label/annotation merge and override behavior +# +# This file tests that component-specific labels/annotations properly merge with +# and override defaults. For basic "defaults apply" tests, see defaults_job_test.yaml +# and defaults_labels_annotations_all_resources_test.yaml. +suite: test helmless job labels and annotations merge behavior templates: - templates/helmless-job.yaml tests: - # Test default labels are applied - - it: should apply default labels to Job metadata - set: - defaults.labels: - custom-label: "default-value" - team: "platform" - asserts: - - equal: - path: metadata.labels["custom-label"] - value: "default-value" - - equal: - path: metadata.labels["team"] - value: "platform" - - # Test default labels are applied to Pod template - - it: should apply default labels to Pod template metadata - set: - defaults.labels: - custom-label: "default-value" - team: "platform" - asserts: - - equal: - path: spec.template.metadata.labels["custom-label"] - value: "default-value" - - equal: - path: spec.template.metadata.labels["team"] - value: "platform" - # Test component-specific labels override defaults - it: should merge component-specific labels with defaults on Job metadata set: @@ -70,34 +47,6 @@ tests: path: spec.template.metadata.labels["environment"] value: "production" - # Test default annotations are applied - - it: should apply default annotations to Job metadata - set: - defaults.annotations: - prometheus.io/scrape: "true" - monitoring.io/alert: "critical" - asserts: - - equal: - path: metadata.annotations["prometheus.io/scrape"] - value: "true" - - equal: - path: metadata.annotations["monitoring.io/alert"] - value: "critical" - - # Test default annotations are applied to Pod template - - it: should apply default annotations to Pod template metadata - set: - defaults.annotations: - prometheus.io/scrape: "true" - monitoring.io/alert: "critical" - asserts: - - equal: - path: spec.template.metadata.annotations["prometheus.io/scrape"] - value: "true" - - equal: - path: spec.template.metadata.annotations["monitoring.io/alert"] - value: "critical" - # Test component-specific annotations override defaults - it: should merge component-specific annotations with defaults on Job metadata set: diff --git a/helm/tests/defaults_labels_annotations_all_resources_test.yaml b/helm/tests/pod_template_metadata_test.yaml similarity index 60% rename from helm/tests/defaults_labels_annotations_all_resources_test.yaml rename to helm/tests/pod_template_metadata_test.yaml index 3e4a4604..fa5f14f1 100644 --- a/helm/tests/defaults_labels_annotations_all_resources_test.yaml +++ b/helm/tests/pod_template_metadata_test.yaml @@ -1,108 +1,53 @@ -# Test that all resources inherit defaults.labels and defaults.annotations +# Test pod template metadata propagation # -# This test validates that every Kubernetes resource generated by the Helm chart -# properly inherits labels and annotations set in defaults.labels and defaults.annotations. -# This ensures consistent metadata across all resources for organizational tagging, -# monitoring, and cost tracking requirements. +# This test validates that workload resources (Deployments, DaemonSets, Jobs, CronJobs) +# properly propagate defaults.labels and defaults.annotations to their pod template +# metadata (spec.template.metadata), not just the resource metadata. # -# The test sets a sentinel label/annotation (foo: "bar") and verifies it appears in -# all resource metadata. Optional features are enabled to ensure conditional templates -# render for testing. +# Pod template spec properties (affinity, tolerations, nodeSelector, securityContext, +# etc.) are tested in the per-type defaults_*_test.yaml files. This file focuses +# specifically on pod template metadata propagation. # -# Note: aggregator-secret.yaml is excluded because it only renders when apiKey is set, -# which is mutually exclusive with existingSecretName used in the test values. +# Templates tested: +# - Deployments: agent-deploy.yaml, aggregator-deploy.yaml, webhook-deploy.yaml +# - DaemonSets: agent-daemonset.yaml +# - Jobs: config-loader-job.yaml, helmless-job.yaml, init-cert-job.yaml +# - CronJobs: backfill-job.yaml (document index 0) +# - Jobs from backfill: backfill-job.yaml (document index 1) # -suite: test that all resources inherit defaults.labels and defaults.annotations +suite: pod template metadata inherits defaults.labels and defaults.annotations templates: - - agent-clusterrole.yaml - - agent-clusterrolebinding.yaml - - agent-cm.yaml - # agent-daemonset-cm.yaml and agent-daemonset.yaml are tested in component_labels_hierarchy_test.yaml - agent-deploy.yaml - - agent-pdb.yaml - - agent-pvc.yaml - - agent-serviceaccount.yaml - - aggregator-cm.yaml + - agent-daemonset.yaml - aggregator-deploy.yaml - - aggregator-pdb.yaml - # aggregator-secret.yaml - only renders when apiKey is set (mutually exclusive with existingSecretName) - - aggregator-service.yaml - - backfill-job.yaml + - webhook-deploy.yaml - config-loader-job.yaml - - helmless-cm.yaml - helmless-job.yaml - - init-cert-clusterrole.yaml - - init-cert-clusterrolebinding.yaml - init-cert-job.yaml - - validator-cm.yaml - - webhook-cm.yaml - - webhook-deploy.yaml - - webhook-pdb.yaml - - webhook-service.yaml - - webhook-serviceaccount.yaml - - webhook-tls-secret.yaml - - webhook-validating-config.yaml + - backfill-job.yaml tests: - - it: should apply defaults.labels foo=bar to all resource metadata - # Validates that defaults.labels propagates to every resource's metadata.labels. - # Uses a sentinel label (foo: "bar") to verify inheritance. - # - # Optional features enabled to render conditional templates: - # - insightsController.enabled: Renders webhook-related resources - # - insightsController.tls.secret.create: Renders webhook-tls-secret.yaml - # - initCertJob.enabled: Renders init-cert-job and related RBAC resources - # - components.agent.mode: agent: Renders agent-deploy.yaml (test uses non-federated mode to include deployment) - # - server.persistentVolume.enabled: Renders agent-pvc.yaml + - it: should apply defaults.labels to agent deployment pod template metadata set: defaults.labels: foo: "bar" - insightsController.enabled: true - insightsController.tls.secret.create: true - insightsController.tls.useCertManager: false - initCertJob.enabled: true components.agent.mode: agent - server.persistentVolume.enabled: true - asserts: - - equal: - path: metadata.labels.foo - value: "bar" - - - it: should apply defaults.annotations foo=bar to all resource metadata - # Validates that defaults.annotations propagates to every resource's metadata.annotations. - # Uses a sentinel annotation (foo: "bar") to verify inheritance. - # - # Tested separately from labels to ensure both metadata types are properly handled. - set: - defaults.annotations: - foo: "bar" - insightsController.enabled: true - insightsController.tls.secret.create: true - insightsController.tls.useCertManager: false - initCertJob.enabled: true - components.agent.mode: agent - server.persistentVolume.enabled: true + template: agent-deploy.yaml asserts: - equal: - path: metadata.annotations.foo + path: spec.template.metadata.labels.foo value: "bar" - # Pod template metadata tests - ensuring defaults propagate to pod-level metadata - # These tests verify that defaults.labels and defaults.annotations appear not just - # on resource metadata, but also on spec.template.metadata for workload resources. - - - it: should apply defaults.labels to agent deployment pod template metadata + - it: should apply defaults.labels to agent daemonset pod template metadata set: defaults.labels: foo: "bar" - components.agent.mode: agent - template: agent-deploy.yaml + components.agent.mode: federated + template: agent-daemonset.yaml asserts: - equal: path: spec.template.metadata.labels.foo value: "bar" - # agent daemonset tests are in component_labels_hierarchy_test.yaml - - it: should apply defaults.labels to aggregator deployment pod template metadata set: defaults.labels: @@ -192,7 +137,16 @@ tests: path: spec.template.metadata.annotations.foo value: "bar" - # agent daemonset tests are in component_labels_hierarchy_test.yaml + - it: should apply defaults.annotations to agent daemonset pod template metadata + set: + defaults.annotations: + foo: "bar" + components.agent.mode: federated + template: agent-daemonset.yaml + asserts: + - equal: + path: spec.template.metadata.annotations.foo + value: "bar" - it: should apply defaults.annotations to aggregator deployment pod template metadata set: diff --git a/tests/helm/template/alloy.yaml b/tests/helm/template/alloy.yaml index b370ff20..6de488c4 100644 --- a/tests/helm/template/alloy.yaml +++ b/tests/helm/template/alloy.yaml @@ -2095,10 +2095,9 @@ metadata: namespace: cz-agent name: cz-agent-cz-aggregator labels: - app.kubernetes.io/component: aggregator app.kubernetes.io/instance: cz-agent app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: cz-agent-cz-aggregator + app.kubernetes.io/name: aggregator app.kubernetes.io/part-of: cloudzero-agent app.kubernetes.io/version: v3.7.3 helm.sh/chart: cloudzero-agent-1.1.0-dev diff --git a/tests/helm/template/cert-manager.yaml b/tests/helm/template/cert-manager.yaml index fcaad8af..4303b5a9 100644 --- a/tests/helm/template/cert-manager.yaml +++ b/tests/helm/template/cert-manager.yaml @@ -2056,10 +2056,9 @@ metadata: namespace: cz-agent name: cz-agent-cz-aggregator labels: - app.kubernetes.io/component: aggregator app.kubernetes.io/instance: cz-agent app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: cz-agent-cz-aggregator + app.kubernetes.io/name: aggregator app.kubernetes.io/part-of: cloudzero-agent app.kubernetes.io/version: v3.7.3 helm.sh/chart: cloudzero-agent-1.1.0-dev diff --git a/tests/helm/template/federated.yaml b/tests/helm/template/federated.yaml index 1553b531..3d59d77b 100644 --- a/tests/helm/template/federated.yaml +++ b/tests/helm/template/federated.yaml @@ -2123,10 +2123,9 @@ metadata: namespace: cz-agent name: cz-agent-cz-aggregator labels: - app.kubernetes.io/component: aggregator app.kubernetes.io/instance: cz-agent app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: cz-agent-cz-aggregator + app.kubernetes.io/name: aggregator app.kubernetes.io/part-of: cloudzero-agent app.kubernetes.io/version: v3.7.3 helm.sh/chart: cloudzero-agent-1.1.0-dev diff --git a/tests/helm/template/manifest.yaml b/tests/helm/template/manifest.yaml index 481e74e8..cc81a800 100644 --- a/tests/helm/template/manifest.yaml +++ b/tests/helm/template/manifest.yaml @@ -2071,10 +2071,9 @@ metadata: namespace: cz-agent name: cz-agent-cz-aggregator labels: - app.kubernetes.io/component: aggregator app.kubernetes.io/instance: cz-agent app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: cz-agent-cz-aggregator + app.kubernetes.io/name: aggregator app.kubernetes.io/part-of: cloudzero-agent app.kubernetes.io/version: v3.7.3 helm.sh/chart: cloudzero-agent-1.1.0-dev