Various fixes (#11)

evgkrsk · Jul 3, 2022 · 60ef7d1 · 60ef7d1
1 parent 67a9e41
commit 60ef7d1
Show file tree

Hide file tree

Showing 24 changed files with 152 additions and 80 deletions.
diff --git a/charts/universal-chart/CHANGELOG.md b/charts/universal-chart/CHANGELOG.md
@@ -1,4 +1,10 @@
 # Changelog
+## 3.4.1 - Jul 3, 2022
+* fix: bool variables quoting in configmaps
+* fix: set up valid default schedule for cronjobs
+* fix: validate all samples
+* fix: lowercase some Kind's names
+
 ## 3.4.0 - Jun 25, 2022
 * feat: optional namespaceSelector for servicemonitors
 

diff --git a/charts/universal-chart/Chart.yaml b/charts/universal-chart/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 description: Nixys universal Helm chart for deploy your apps to Kubernetes
 name: universal-chart
-version: 3.4.0
+version: 3.4.1
 maintainers:
 - name: Roman Andreev
   email: [email protected]

diff --git a/charts/universal-chart/README.md b/charts/universal-chart/README.md
@@ -224,6 +224,8 @@ Secret `data` object is a map where value can be a string, json or base64 encode
 | `annotations`      | Extra ConfigMap annotations                     | `{}`      |
 | `data`             | Map of ConfigMap data                           | `{}`      |
 
+N.B.: boolean values in `data` MUST be quoted
+
 ### PersistentVolumeClaims parameters
 
 `pvcs` is a map of the PersistentVolumeClaim parameters, where key is a name of PersistentVolumeClaim.
@@ -366,6 +368,7 @@ Secret `data` object is a map where value can be a string, json or base64 encode
 | `labels`                     | Extra CronJob labels                                                                    | `{}`      |
 | `annotations`                | Extra CronJob annotations                                                               | `{}`      |
 | `singleOnly`                 | Forbid concurrency policy                                                               | `"false"` |
+| `schedule`                   | Schedule in Cron format, see https://en.wikipedia.org/wiki/Cron                         | `""`      |
 | `startingDeadlineSeconds`    | Duration for starting CronJob                                                           | ``        |
 | `successfulJobsHistoryLimit` | Limitation of completed jobs should be kept                                             | `3`       |
 | `failedJobsHistoryLimit`     | Limitation of failed jobs should be kept                                                | `1`       |

diff --git a/charts/universal-chart/results/configmap.yaml b/charts/universal-chart/results/configmap.yaml
@@ -0,0 +1,53 @@
+
+---
+# Source: universal-chart/templates/configmap.yml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test-envs
+  namespace: "default"
+  labels:
+    app.kubernetes.io/name: test
+    app.kubernetes.io/instance: test
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    helm.sh/hook: "pre-install,pre-upgrade"
+    helm.sh/hook-weight: "-999"
+    helm.sh/hook-delete-policy: before-hook-creation
+data:  
+  TEST1: "False"
+  TEST2: "True"
+  TEST3: "false"
+  TEST4: "true"
+  TEST5: "false"
+  TEST6: "true"
+  TEST7: "false"
+  TEST8: "true"  
+  TEST10: "True"
+  TEST11: "false"
+  TEST12: "true"
+  TEST13: "false"
+  TEST14: "true"
+  TEST15: "false"
+  TEST16: "true"
+  TEST9: "False"
+---
+# Source: universal-chart/templates/configmap.yml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test-env
+  namespace: "default"
+  labels:
+    app.kubernetes.io/name: test
+    app.kubernetes.io/instance: test
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    helm.sh/hook: "pre-install,pre-upgrade"
+    helm.sh/hook-weight: "-999"
+    helm.sh/hook-delete-policy: before-hook-creation
+data:
+  TEST17: "False"
+  TEST18: "True"
+  TEST19: "false"
+  TEST20: "true"
diff --git a/charts/universal-chart/results/cronJobs.yaml b/charts/universal-chart/results/cronJobs.yaml
@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/managed-by: Helm
   annotations:    
 spec:
-  schedule: "null"
+  schedule: "*/60 * * * *"
   jobTemplate:
     spec:
       template:
@@ -75,7 +75,7 @@ metadata:
     app.kubernetes.io/managed-by: Helm
   annotations:    
 spec:
-  schedule: "null"
+  schedule: "*/60 * * * *"
   jobTemplate:
     spec:
       template:
@@ -109,25 +109,8 @@ spec:
                   topologyKey: kubernetes.io/hostname
                 weight: 1
           securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-              - AUDIT_WRITE
-              - CHOWN
-              - DAC_OVERRIDE
-              - FOWNER
-              - FSETID
-              - KILL
-              - MKNOD
-              - NET_ADMIN
-              - NET_BIND_SERVICE
-              - NET_RAW
-              - SETFCAP
-              - SETGID
-              - SETPCAP
-              - SETUID
-              - SYS_CHROOT
-            readOnlyRootFilesystem: false
+            fsGroup: 1000
+            runAsGroup: 1000
             runAsNonRoot: true
             runAsUser: 1000
 

diff --git a/charts/universal-chart/results/pdb.yaml b/charts/universal-chart/results/pdb.yaml
@@ -3,36 +3,36 @@
 kind: PodDisruptionBudget
 apiVersion: policy/v1
 metadata:
-  name: test-pdb1
+  name: test-PDB2
   namespace: "default"
   labels:
     app.kubernetes.io/name: test
     app.kubernetes.io/instance: test
     app.kubernetes.io/managed-by: Helm
-    foo: bar
+    bar: foo
 spec:
-  minAvailable: 1
+  maxUnavailable: 2
   selector:
     matchLabels:
       app.kubernetes.io/name: test
       app.kubernetes.io/instance: test
-      foo: bar
+      bar: foo
 ---
 # Source: universal-chart/templates/pdb.yaml
 kind: PodDisruptionBudget
 apiVersion: policy/v1
 metadata:
-  name: test-pdb2
+  name: test-pdb1
   namespace: "default"
   labels:
     app.kubernetes.io/name: test
     app.kubernetes.io/instance: test
     app.kubernetes.io/managed-by: Helm
-    bar: foo
+    foo: bar
 spec:
-  maxUnavailable: 2
+  minAvailable: 1
   selector:
     matchLabels:
       app.kubernetes.io/name: test
       app.kubernetes.io/instance: test
-      bar: foo
+      foo: bar
diff --git a/charts/universal-chart/results/servicemonitors.yml b/charts/universal-chart/results/servicemonitors.yml
@@ -3,13 +3,12 @@
 kind: ServiceMonitor
 apiVersion: monitoring.coreos.com/v1
 metadata:
-  name: test-mysm
+  name: test-sm3
   namespace: "default"
   labels:
     app.kubernetes.io/name: test
     app.kubernetes.io/instance: test
     app.kubernetes.io/managed-by: Helm
-    foo: foo
 spec:
   endpoints:
     - interval: 30s
@@ -19,18 +18,21 @@ spec:
     matchLabels:
       app.kubernetes.io/name: test
       app.kubernetes.io/instance: test
-      app: nginx
+  namespaceSelector:
+    matchNames:
+    - production
 ---
 # Source: universal-chart/templates/servicemonitor.yml
 kind: ServiceMonitor
 apiVersion: monitoring.coreos.com/v1
 metadata:
-  name: test-sm2
+  name: test-mysm
   namespace: "default"
   labels:
     app.kubernetes.io/name: test
     app.kubernetes.io/instance: test
     app.kubernetes.io/managed-by: Helm
+    foo: foo
 spec:
   endpoints:
     - interval: 30s
@@ -40,14 +42,13 @@ spec:
     matchLabels:
       app.kubernetes.io/name: test
       app.kubernetes.io/instance: test
-  namespaceSelector:
-    any: true
+      app: nginx
 ---
 # Source: universal-chart/templates/servicemonitor.yml
 kind: ServiceMonitor
 apiVersion: monitoring.coreos.com/v1
 metadata:
-  name: test-sm3
+  name: test-sm2
   namespace: "default"
   labels:
     app.kubernetes.io/name: test
@@ -63,5 +64,4 @@ spec:
       app.kubernetes.io/name: test
       app.kubernetes.io/instance: test
   namespaceSelector:
-    matchNames:
-    - production
+    any: true
diff --git a/charts/universal-chart/results/web-app.values.yml b/charts/universal-chart/results/web-app.values.yml
@@ -269,9 +269,9 @@ metadata:
     helm.sh/hook-delete-policy: before-hook-creation
 data:  
   BAR: foo
-  TEST: true  
+  TEST: "true"  
   BAR2: foo2
-  TEST2: false
+  TEST2: "false"
 ---
 # Source: universal-chart/templates/configmap.yml
 apiVersion: v1

diff --git a/charts/universal-chart/samples/configmap.yaml b/charts/universal-chart/samples/configmap.yaml
@@ -0,0 +1,32 @@
+envs:
+  TEST1: "False"
+  TEST2: "True"
+  TEST3: "false"
+  TEST4: "true"
+  TEST5: False
+  TEST6: True
+  TEST7: false
+  TEST8: true
+
+envsString: |
+  TEST9: "False"
+  TEST10: "True"
+  TEST11: "false"
+  TEST12: "true"
+  TEST13: False
+  TEST14: True
+  TEST15: false
+  TEST16: true
+
+configMaps:
+  ENV:
+    data:
+      TEST17: "False"
+      TEST18: "True"
+      TEST19: "false"
+      TEST20: "true"
+      # invalid values:
+      # TEST21: False
+      # TEST22: True
+      # TEST23: false
+      # TEST24: true
diff --git a/charts/universal-chart/samples/cronJobs.yaml b/charts/universal-chart/samples/cronJobs.yaml
@@ -1,5 +1,5 @@
 cronJobs:
-  check:
+  CHECK:
     command: "just check"
     envSecrets:
     - secret-envs
@@ -9,24 +9,7 @@ cronJobs:
     name: check22
     command: "just check2"
     podSecurityContext:
-      capabilities:
-        drop: # ref: https://raw.githubusercontent.com/FairwindsOps/polaris/master/checks/insecureCapabilities.yaml
-        - AUDIT_WRITE
-        - CHOWN
-        - DAC_OVERRIDE
-        - FOWNER
-        - FSETID
-        - KILL
-        - MKNOD
-        - NET_ADMIN
-        - NET_BIND_SERVICE
-        - NET_RAW
-        - SETFCAP
-        - SETGID
-        - SETPCAP
-        - SETUID
-        - SYS_CHROOT
+      fsGroup: 1000
+      runAsGroup: 1000
       runAsNonRoot: true
       runAsUser: 1000
-      allowPrivilegeEscalation: false
-      readOnlyRootFilesystem: false
diff --git a/charts/universal-chart/samples/hpas.yaml b/charts/universal-chart/samples/hpas.yaml
@@ -1,5 +1,5 @@
 hpas:
-  hpa0:
+  HPA0:
     scaleTargetRef:
       name: dep
     targetCPU: 50

diff --git a/charts/universal-chart/samples/jobs.yaml b/charts/universal-chart/samples/jobs.yaml
@@ -1,5 +1,5 @@
 jobs:
-  migrations:
+  MIGRATIONS:
     activeDeadlineSeconds: 120
     backoffLimit: 2
     command: "alembic upgrade head"

diff --git a/charts/universal-chart/samples/pdb.yaml b/charts/universal-chart/samples/pdb.yaml
@@ -6,7 +6,7 @@ pdbs:
     maxUnavailable: 2
     extraSelectorLabels:
       foo: bar
-  pdb2:
+  PDB2:
     labels:
       bar: foo
     maxUnavailable: 2

diff --git a/charts/universal-chart/samples/prometheusrules.yaml b/charts/universal-chart/samples/prometheusrules.yaml
@@ -1,5 +1,5 @@
 prometheusrules:
-  promrule:
+  PROMRULE:
     labels:
       foo: bar
     groups:

diff --git a/charts/universal-chart/samples/sample.yml b/charts/universal-chart/samples/sample.yml
@@ -20,9 +20,9 @@ secretEnvs:
   DB_PASSWORD: password
 
 deployments:
-  api:
+  API:
     containers:
-    - name: api
+    - name: API
       envSecrets:
       - secret-envs
       envConfigmaps:

diff --git a/charts/universal-chart/samples/servicemonitors.yml b/charts/universal-chart/samples/servicemonitors.yml
@@ -15,7 +15,7 @@ servicemonitors:
       path: /metrics
     namespaceSelector:
       any: true
-  sm3:
+  SM3:
     endpoints:
     - interval: 30s
       port: exporter

diff --git a/charts/universal-chart/templates/configmap.yml b/charts/universal-chart/templates/configmap.yml
@@ -18,7 +18,7 @@ data:
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "helpers.app.fullname" (dict "name" $cName "context" $) }}
+  name: {{ lower (include "helpers.app.fullname" (dict "name" $cName "context" $)) }}
   namespace: {{ $.Release.Namespace | quote }}
   labels:
     {{- include "helpers.app.labels" $ | nindent 4 }}