diff --git a/dynatrace-operator/tests/Common/webhook/clusterrole-webhook_test.yaml b/dynatrace-operator/tests/Common/webhook/clusterrole-webhook_test.yaml deleted file mode 100644 index 41431297..00000000 --- a/dynatrace-operator/tests/Common/webhook/clusterrole-webhook_test.yaml +++ /dev/null @@ -1,49 +0,0 @@ -suit: test clusterrole for webhook -templates: - - Common/webhook/clusterrole-webhook.yaml -tests: - - it: should exist - set: - platform: kubernetes - asserts: - - isKind: - of: ClusterRole - - equal: - path: metadata.name - value: dynatrace-webhook - - isNotEmpty: - path: metadata.labels - - contains: - path: rules - content: - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - - contains: - path: rules - content: - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - verbs: - - list - - create - - watch - - contains: - path: rules - content: - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - resourceNames: - - dynatrace-webhook - verbs: - - get - - update diff --git a/dynatrace-operator/tests/Common/webhook/clusterrolebinding-webhook_test.yaml b/dynatrace-operator/tests/Common/webhook/clusterrolebinding-webhook_test.yaml deleted file mode 100644 index 5a8fa88b..00000000 --- a/dynatrace-operator/tests/Common/webhook/clusterrolebinding-webhook_test.yaml +++ /dev/null @@ -1,27 +0,0 @@ -suit: test clusterrolebinding for the webhook -templates: - - Common/webhook/clusterrolebinding-webhook.yaml -tests: - - it: should exist - set: - platform: kubernetes - asserts: - - isKind: - of: ClusterRoleBinding - - equal: - path: metadata.name - value: dynatrace-webhook - - isNotEmpty: - path: metadata.labels - - equal: - path: subjects - value: - - kind: ServiceAccount - name: dynatrace-webhook - namespace: NAMESPACE - - equal: - path: roleRef - value: - kind: ClusterRole - name: dynatrace-webhook - apiGroup: rbac.authorization.k8s.io diff --git a/dynatrace-operator/tests/Common/webhook/deployment-webhook_test.yaml b/dynatrace-operator/tests/Common/webhook/deployment-webhook_test.yaml deleted file mode 100644 index 19c3cfae..00000000 --- a/dynatrace-operator/tests/Common/webhook/deployment-webhook_test.yaml +++ /dev/null @@ -1,151 +0,0 @@ -suit: test deployment of webhook -templates: - - Common/webhook/deployment-webhook.yaml -tests: - - it: should exist - set: - platform: kubernetes - operator.image: image-name - asserts: - - isKind: - of: Deployment - - equal: - path: metadata - value: - name: dynatrace-webhook - namespace: NAMESPACE - labels: - dynatrace.com/operator: dynakube - - equal: - path: spec - value: - replicas: 1 - revisionHistoryLimit: 1 - selector: - matchLabels: - internal.dynatrace.com/component: webhook - internal.dynatrace.com/app: webhook - strategy: - type: Recreate - template: - metadata: - labels: - dynatrace.com/operator: oneagent - internal.dynatrace.com/component: webhook - internal.dynatrace.com/app: webhook - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - key: beta.kubernetes.io/os - operator: In - values: - - linux - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - key: kubernetes.io/os - operator: In - values: - - linux - containers: - - name: webhook - args: - - webhook-server - image: image-name - imagePullPolicy: Always - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - readinessProbe: - httpGet: - path: /healthz - port: server-port - scheme: HTTPS - initialDelaySeconds: 60 - periodSeconds: 10 - livenessProbe: - httpGet: - path: /healthz - port: server-port - scheme: HTTPS - initialDelaySeconds: 60 - periodSeconds: 10 - ports: - - name: metrics - containerPort: 8383 - - name: server-port - containerPort: 8443 - resources: - requests: - cpu: 10m - memory: 64Mi - limits: - cpu: 100m - memory: 256Mi - volumeMounts: - - name: certs-volume - mountPath: /mnt/webhook-certs - - name: bootstrapper - args: - - webhook-bootstrapper - image: image-name - imagePullPolicy: Always - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ports: - - name: metrics - containerPort: 8484 - - name: server-port - containerPort: 9080 - readinessProbe: - httpGet: - path: /healthz - port: server-port - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - livenessProbe: - httpGet: - path: /healthz - port: server-port - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - resources: - requests: - cpu: 10m - memory: 64Mi - limits: - cpu: 100m - memory: 256Mi - volumeMounts: - - name: certs-volume - mountPath: /mnt/webhook-certs - serviceAccountName: dynatrace-webhook - volumes: - - name: certs-volume - emptyDir: { } diff --git a/dynatrace-operator/tests/Common/webhook/mutatingwebhookconfiguration_test.yaml b/dynatrace-operator/tests/Common/webhook/mutatingwebhookconfiguration_test.yaml deleted file mode 100644 index 010f06e3..00000000 --- a/dynatrace-operator/tests/Common/webhook/mutatingwebhookconfiguration_test.yaml +++ /dev/null @@ -1,33 +0,0 @@ -suit: test mutating webhook configuration -templates: - - Common/webhook/mutatingwebhookconfiguration.yaml -tests: - - it: should exist - asserts: - - isKind: - of: MutatingWebhookConfiguration - - equal: - path: metadata.name - value: dynatrace-webhook - - isNotEmpty: - path: metadata.labels - - equal: - path: webhooks - value: - - name: webhook.dynatrace.com - rules: - - apiGroups: [ "" ] - apiVersions: [ "v1" ] - operations: [ "CREATE" ] - resources: [ "pods" ] - scope: Namespaced - namespaceSelector: - matchExpressions: - - key: oneagent.dynatrace.com/instance - operator: Exists - clientConfig: - service: - name: dynatrace-webhook - namespace: NAMESPACE - path: /inject - admissionReviewVersions: [ "v1beta1" ] diff --git a/dynatrace-operator/tests/Common/webhook/role-webhook_test.yaml b/dynatrace-operator/tests/Common/webhook/role-webhook_test.yaml deleted file mode 100644 index 46a7c3b5..00000000 --- a/dynatrace-operator/tests/Common/webhook/role-webhook_test.yaml +++ /dev/null @@ -1,80 +0,0 @@ -suite: test role for webhook on kubernetes -templates: - - Common/webhook/role-webhook.yaml -tests: - - it: should not exist if platform is not kubernetes - set: - platform: openshift - asserts: - - hasDocuments: - count: 0 - - - it: should exist - set: - platform: kubernetes - asserts: - - isKind: - of: Role - - equal: - path: metadata.name - value: dynatrace-webhook - - equal: - path: metadata.namespace - value: NAMESPACE - - isNotEmpty: - path: metadata.labels - - equal: - path: rules - value: - - apiGroups: - - "" - resources: - - services - - configmaps - - secrets - verbs: - - get - - list - - watch - - create - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - dynatrace.com - resources: - - dynakubes - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - list - - create - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - update - - create - - apiGroups: - - policy - resources: - - podsecuritypolicies - resourceNames: - - dynatrace-webhook - verbs: - - use - diff --git a/dynatrace-operator/tests/Common/webhook/rolebinding-webhook_test.yaml b/dynatrace-operator/tests/Common/webhook/rolebinding-webhook_test.yaml deleted file mode 100644 index 9eeea697..00000000 --- a/dynatrace-operator/tests/Common/webhook/rolebinding-webhook_test.yaml +++ /dev/null @@ -1,26 +0,0 @@ -suit: test rolebinding of webhook -templates: - - Common/webhook/rolebinding-webhook.yaml -tests: - - it: should exist - asserts: - - isKind: - of: RoleBinding - - equal: - path: metadata.name - value: dynatrace-webhook - - equal: - path: metadata.namespace - value: NAMESPACE - - contains: - path: subjects - content: - kind: ServiceAccount - name: dynatrace-webhook - namespace: NAMESPACE - - equal: - path: roleRef - value: - kind: Role - name: dynatrace-webhook - apiGroup: rbac.authorization.k8s.io diff --git a/dynatrace-operator/tests/Common/webhook/service_test.yaml b/dynatrace-operator/tests/Common/webhook/service_test.yaml deleted file mode 100644 index e6806850..00000000 --- a/dynatrace-operator/tests/Common/webhook/service_test.yaml +++ /dev/null @@ -1,43 +0,0 @@ -#apiVersion: v1 -#kind: Service -#metadata: -# name: dynatrace-webhook -# namespace: dynatrace -# labels: -# dynatrace.com/operator: dynakube -# internal.dynatrace.com/component: webhook -#spec: -# selector: -# internal.dynatrace.com/app: webhook -# internal.dynatrace.com/component: webhook -# ports: -# - port: 443 -# protocol: TCP -# targetPort: server-port - -suit: test service of webhook -templates: - - Common/webhook/service.yaml -tests: - - it: should exist - asserts: - - isKind: - of: Service - - equal: - path: metadata.name - value: dynatrace-webhook - - equal: - path: metadata.namespace - value: NAMESPACE - - isNotEmpty: - path: metadata.labels - - equal: - path: spec - value: - selector: - internal.dynatrace.com/app: webhook - internal.dynatrace.com/component: webhook - ports: - - port: 443 - protocol: TCP - targetPort: server-port diff --git a/dynatrace-operator/tests/Kubernetes/webhook/podsecuritypolicy-webhook_test.yaml b/dynatrace-operator/tests/Kubernetes/webhook/podsecuritypolicy-webhook_test.yaml deleted file mode 100644 index 7fea5fb2..00000000 --- a/dynatrace-operator/tests/Kubernetes/webhook/podsecuritypolicy-webhook_test.yaml +++ /dev/null @@ -1,60 +0,0 @@ -suit: test pod security policy for webhook on kubernetes -templates: - - Kubernetes/webhook/podsecuritypolicy-webhook.yaml -tests: - - it: should not exist if platform is not kubernetes - set: - platform: openshift - asserts: - - hasDocuments: - count: 0 - - - it: should not exist if createPodSecurityPolicies is false - set: - platform: kubernetes - createPodSecurityPolicies: false - asserts: - - hasDocuments: - count: 0 - - - it: should exist - set: - platform: kubernetes - asserts: - - isKind: - of: PodSecurityPolicy - - equal: - path: metadata - value: - name: dynatrace-webhook - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: "docker/default" - apparmor.security.beta.kubernetes.io/allowedProfileNames: "runtime/default" - seccomp.security.alpha.kubernetes.io/defaultProfileName: "docker/default" - apparmor.security.beta.kubernetes.io/defaultProfileName: "runtime/default" - - equal: - path: spec - value: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - requiredDropCapabilities: - - ALL - volumes: - - "configMap" - - "emptyDir" - - "projected" - - "secret" - - "downwardAPI" - - "persistentVolumeClaim" - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: "MustRunAsNonRoot" - seLinux: - rule: "RunAsAny" - supplementalGroups: - rule: "RunAsAny" - fsGroup: - rule: "RunAsAny" diff --git a/dynatrace-operator/tests/Kubernetes/webhook/serviceaccount-webhook_test.yaml b/dynatrace-operator/tests/Kubernetes/webhook/serviceaccount-webhook_test.yaml deleted file mode 100644 index ac9e16ee..00000000 --- a/dynatrace-operator/tests/Kubernetes/webhook/serviceaccount-webhook_test.yaml +++ /dev/null @@ -1,24 +0,0 @@ -suite: test serviceaccount for webhook -templates: - - Kubernetes/webhook/serviceaccount-webhook.yaml -tests: - - it: should not exist if platform is openshift - set: - platform: openshift - asserts: - - hasDocuments: - count: 0 - - - it: should exist - set: - platform: kubernetes - asserts: - - isKind: - of: ServiceAccount - - equal: - path: metadata.name - value: dynatrace-webhook - - equal: - path: metadata.namespace - value: NAMESPACE - diff --git a/dynatrace-operator/tests/Openshift/webhook/role-webhook_test.yaml b/dynatrace-operator/tests/Openshift/webhook/role-webhook_test.yaml deleted file mode 100644 index 456bf6cb..00000000 --- a/dynatrace-operator/tests/Openshift/webhook/role-webhook_test.yaml +++ /dev/null @@ -1,73 +0,0 @@ -suite: test role for webhook on opneshift -templates: - - Openshift/webhook/role-webhook.yaml -tests: - - it: should exist - set: - platform: openshift - asserts: - - isKind: - of: Role - - equal: - path: metadata.name - value: dynatrace-webhook - - equal: - path: metadata.namespace - value: NAMESPACE - - isNotEmpty: - path: metadata.labels - - equal: - path: rules - value: - - apiGroups: - - "" - resources: - - services - - configmaps - - secrets - verbs: - - get - - list - - watch - - create - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - dynatrace.com - resources: - - dynakubes - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - list - - create - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - update - - create - - apiGroups: - - policy - resources: - - podsecuritypolicies - resourceNames: - - dynatrace-webhook - verbs: - - use - diff --git a/dynatrace-operator/tests/Openshift/webhook/serviceaccount-webhook_test.yaml b/dynatrace-operator/tests/Openshift/webhook/serviceaccount-webhook_test.yaml deleted file mode 100644 index 4bd3aa07..00000000 --- a/dynatrace-operator/tests/Openshift/webhook/serviceaccount-webhook_test.yaml +++ /dev/null @@ -1,28 +0,0 @@ -suite: test serviceaccount for webhook -templates: - - Openshift/webhook/serviceaccount-webhook.yaml -tests: - - it: should not exist if platform is not openshift - set: - platform: kubernetes - asserts: - - hasDocuments: - count: 0 - - - it: should exist - set: - platform: openshift - asserts: - - isKind: - of: ServiceAccount - - equal: - path: metadata.name - value: dynatrace-webhook - - equal: - path: metadata.namespace - value: NAMESPACE - - equal: - path: imagePullSecrets - value: - - name: redhat-connect - - name: redhat-connect-sso