diff --git a/pkg/commands/testdata/testcase-variable-ref/expected.diff b/pkg/commands/testdata/testcase-variable-ref/expected.diff new file mode 100644 index 000000000..124aca43e --- /dev/null +++ b/pkg/commands/testdata/testcase-variable-ref/expected.diff @@ -0,0 +1,150 @@ +diff -u -N /tmp/noop/apps_v1beta1_StatefulSet_cockroachdb.yaml /tmp/transformed/apps_v1beta1_StatefulSet_cockroachdb.yaml +--- /tmp/noop/apps_v1beta1_StatefulSet_cockroachdb.yaml YYYY-MM-DD HH:MM:SS ++++ /tmp/transformed/apps_v1beta1_StatefulSet_cockroachdb.yaml YYYY-MM-DD HH:MM:SS +@@ -1,10 +1,10 @@ + apiVersion: apps/v1beta1 + kind: StatefulSet + metadata: +- name: base-cockroachdb ++ name: dev-base-cockroachdb + spec: + replicas: 3 +- serviceName: base-cockroachdb ++ serviceName: dev-base-cockroachdb + template: + metadata: + labels: +@@ -27,7 +27,7 @@ + - /bin/bash + - -ecx + - exec /cockroach/cockroach start --logtostderr --certs-dir /cockroach/cockroach-certs +- --host $(hostname -f) --http-host 0.0.0.0 --join base-cockroachdb-0.base-cockroachdb,base-cockroachdb-1.base-cockroachdb,base-cockroachdb-2.base-cockroachdb ++ --host $(hostname -f) --http-host 0.0.0.0 --join dev-base-cockroachdb-0.dev-base-cockroachdb,dev-base-cockroachdb-1.dev-base-cockroachdb,dev-base-cockroachdb-2.dev-base-cockroachdb + --cache 25% --max-sql-memory 25% + image: cockroachdb/cockroach:v1.1.5 + imagePullPolicy: IfNotPresent +@@ -48,7 +48,7 @@ + - -ecx + - /request-cert -namespace=${POD_NAMESPACE} -certs-dir=/cockroach-certs -type=node + -addresses=localhost,127.0.0.1,${POD_IP},$(hostname -f),$(hostname -f|cut +- -f 1-2 -d '.'),base-cockroachdb-public -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt ++ -f 1-2 -d '.'),dev-base-cockroachdb-public -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + env: + - name: POD_IP + valueFrom: +@@ -64,7 +64,7 @@ + volumeMounts: + - mountPath: /cockroach-certs + name: certs +- serviceAccountName: base-cockroachdb ++ serviceAccountName: dev-base-cockroachdb + terminationGracePeriodSeconds: 60 + volumes: + - name: datadir +diff -u -N /tmp/noop/policy_v1beta1_PodDisruptionBudget_cockroachdb-budget.yaml /tmp/transformed/policy_v1beta1_PodDisruptionBudget_cockroachdb-budget.yaml +--- /tmp/noop/policy_v1beta1_PodDisruptionBudget_cockroachdb-budget.yaml YYYY-MM-DD HH:MM:SS ++++ /tmp/transformed/policy_v1beta1_PodDisruptionBudget_cockroachdb-budget.yaml YYYY-MM-DD HH:MM:SS +@@ -3,7 +3,7 @@ + metadata: + labels: + app: cockroachdb +- name: base-cockroachdb-budget ++ name: dev-base-cockroachdb-budget + spec: + maxUnavailable: 1 + selector: +diff -u -N /tmp/noop/rbac.authorization.k8s.io_v1beta1_ClusterRoleBinding_cockroachdb.yaml /tmp/transformed/rbac.authorization.k8s.io_v1beta1_ClusterRoleBinding_cockroachdb.yaml +--- /tmp/noop/rbac.authorization.k8s.io_v1beta1_ClusterRoleBinding_cockroachdb.yaml YYYY-MM-DD HH:MM:SS ++++ /tmp/transformed/rbac.authorization.k8s.io_v1beta1_ClusterRoleBinding_cockroachdb.yaml YYYY-MM-DD HH:MM:SS +@@ -3,12 +3,12 @@ + metadata: + labels: + app: cockroachdb +- name: base-cockroachdb ++ name: dev-base-cockroachdb + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +- name: base-cockroachdb ++ name: dev-base-cockroachdb + subjects: + - kind: ServiceAccount +- name: base-cockroachdb ++ name: dev-base-cockroachdb + namespace: default +diff -u -N /tmp/noop/rbac.authorization.k8s.io_v1beta1_ClusterRole_cockroachdb.yaml /tmp/transformed/rbac.authorization.k8s.io_v1beta1_ClusterRole_cockroachdb.yaml +--- /tmp/noop/rbac.authorization.k8s.io_v1beta1_ClusterRole_cockroachdb.yaml YYYY-MM-DD HH:MM:SS ++++ /tmp/transformed/rbac.authorization.k8s.io_v1beta1_ClusterRole_cockroachdb.yaml YYYY-MM-DD HH:MM:SS +@@ -3,7 +3,7 @@ + metadata: + labels: + app: cockroachdb +- name: base-cockroachdb ++ name: dev-base-cockroachdb + rules: + - apiGroups: + - certificates.k8s.io +diff -u -N /tmp/noop/rbac.authorization.k8s.io_v1beta1_RoleBinding_cockroachdb.yaml /tmp/transformed/rbac.authorization.k8s.io_v1beta1_RoleBinding_cockroachdb.yaml +--- /tmp/noop/rbac.authorization.k8s.io_v1beta1_RoleBinding_cockroachdb.yaml YYYY-MM-DD HH:MM:SS ++++ /tmp/transformed/rbac.authorization.k8s.io_v1beta1_RoleBinding_cockroachdb.yaml YYYY-MM-DD HH:MM:SS +@@ -3,12 +3,12 @@ + metadata: + labels: + app: cockroachdb +- name: base-cockroachdb ++ name: dev-base-cockroachdb + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +- name: base-cockroachdb ++ name: dev-base-cockroachdb + subjects: + - kind: ServiceAccount +- name: base-cockroachdb ++ name: dev-base-cockroachdb + namespace: default +diff -u -N /tmp/noop/rbac.authorization.k8s.io_v1beta1_Role_cockroachdb.yaml /tmp/transformed/rbac.authorization.k8s.io_v1beta1_Role_cockroachdb.yaml +--- /tmp/noop/rbac.authorization.k8s.io_v1beta1_Role_cockroachdb.yaml YYYY-MM-DD HH:MM:SS ++++ /tmp/transformed/rbac.authorization.k8s.io_v1beta1_Role_cockroachdb.yaml YYYY-MM-DD HH:MM:SS +@@ -3,7 +3,7 @@ + metadata: + labels: + app: cockroachdb +- name: base-cockroachdb ++ name: dev-base-cockroachdb + rules: + - apiGroups: + - "" +diff -u -N /tmp/noop/v1_ServiceAccount_cockroachdb.yaml /tmp/transformed/v1_ServiceAccount_cockroachdb.yaml +--- /tmp/noop/v1_ServiceAccount_cockroachdb.yaml YYYY-MM-DD HH:MM:SS ++++ /tmp/transformed/v1_ServiceAccount_cockroachdb.yaml YYYY-MM-DD HH:MM:SS +@@ -3,4 +3,4 @@ + metadata: + labels: + app: cockroachdb +- name: base-cockroachdb ++ name: dev-base-cockroachdb +diff -u -N /tmp/noop/v1_Service_cockroachdb-public.yaml /tmp/transformed/v1_Service_cockroachdb-public.yaml +--- /tmp/noop/v1_Service_cockroachdb-public.yaml YYYY-MM-DD HH:MM:SS ++++ /tmp/transformed/v1_Service_cockroachdb-public.yaml YYYY-MM-DD HH:MM:SS +@@ -3,7 +3,7 @@ + metadata: + labels: + app: cockroachdb +- name: base-cockroachdb-public ++ name: dev-base-cockroachdb-public + spec: + ports: + - name: grpc +diff -u -N /tmp/noop/v1_Service_cockroachdb.yaml /tmp/transformed/v1_Service_cockroachdb.yaml +--- /tmp/noop/v1_Service_cockroachdb.yaml YYYY-MM-DD HH:MM:SS ++++ /tmp/transformed/v1_Service_cockroachdb.yaml YYYY-MM-DD HH:MM:SS +@@ -8,7 +8,7 @@ + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + labels: + app: cockroachdb +- name: base-cockroachdb ++ name: dev-base-cockroachdb + spec: + clusterIP: None + ports: diff --git a/pkg/commands/testdata/testcase-variable-ref/expected.yaml b/pkg/commands/testdata/testcase-variable-ref/expected.yaml new file mode 100644 index 000000000..74b64270a --- /dev/null +++ b/pkg/commands/testdata/testcase-variable-ref/expected.yaml @@ -0,0 +1,205 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/path: _status/vars + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + labels: + app: cockroachdb + name: dev-base-cockroachdb +spec: + clusterIP: None + ports: + - name: grpc + port: 26257 + targetPort: 26257 + - name: http + port: 8080 + targetPort: 8080 + selector: + app: cockroachdb +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: cockroachdb + name: dev-base-cockroachdb-public +spec: + ports: + - name: grpc + port: 26257 + targetPort: 26257 + - name: http + port: 8080 + targetPort: 8080 + selector: + app: cockroachdb +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: cockroachdb + name: dev-base-cockroachdb +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: dev-base-cockroachdb +spec: + replicas: 3 + serviceName: dev-base-cockroachdb + template: + metadata: + labels: + app: cockroachdb + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - cockroachdb + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - command: + - /bin/bash + - -ecx + - exec /cockroach/cockroach start --logtostderr --certs-dir /cockroach/cockroach-certs + --host $(hostname -f) --http-host 0.0.0.0 --join dev-base-cockroachdb-0.dev-base-cockroachdb,dev-base-cockroachdb-1.dev-base-cockroachdb,dev-base-cockroachdb-2.dev-base-cockroachdb + --cache 25% --max-sql-memory 25% + image: cockroachdb/cockroach:v1.1.5 + imagePullPolicy: IfNotPresent + name: cockroachdb + ports: + - containerPort: 26257 + name: grpc + - containerPort: 8080 + name: http + volumeMounts: + - mountPath: /cockroach/cockroach-data + name: datadir + - mountPath: /cockroach/cockroach-certs + name: certs + initContainers: + - command: + - /bin/ash + - -ecx + - /request-cert -namespace=${POD_NAMESPACE} -certs-dir=/cockroach-certs -type=node + -addresses=localhost,127.0.0.1,${POD_IP},$(hostname -f),$(hostname -f|cut + -f 1-2 -d '.'),dev-base-cockroachdb-public -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: cockroachdb/cockroach-k8s-request-cert:0.2 + imagePullPolicy: IfNotPresent + name: init-certs + volumeMounts: + - mountPath: /cockroach-certs + name: certs + serviceAccountName: dev-base-cockroachdb + terminationGracePeriodSeconds: 60 + volumes: + - name: datadir + persistentVolumeClaim: + claimName: datadir + - emptyDir: {} + name: certs + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: cockroachdb + name: dev-base-cockroachdb-budget +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: cockroachdb +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cockroachdb + name: dev-base-cockroachdb +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - create + - get + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cockroachdb + name: dev-base-cockroachdb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dev-base-cockroachdb +subjects: +- kind: ServiceAccount + name: dev-base-cockroachdb + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: cockroachdb + name: dev-base-cockroachdb +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: cockroachdb + name: dev-base-cockroachdb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: dev-base-cockroachdb +subjects: +- kind: ServiceAccount + name: dev-base-cockroachdb + namespace: default diff --git a/pkg/commands/testdata/testcase-variable-ref/in/overlay/kustomization.yaml b/pkg/commands/testdata/testcase-variable-ref/in/overlay/kustomization.yaml new file mode 100644 index 000000000..1fccccac8 --- /dev/null +++ b/pkg/commands/testdata/testcase-variable-ref/in/overlay/kustomization.yaml @@ -0,0 +1,4 @@ +namePrefix: dev- +bases: +- ../package + diff --git a/pkg/commands/testdata/testcase-variable-ref/in/package/cockroachdb-statefulset-secure.yaml b/pkg/commands/testdata/testcase-variable-ref/in/package/cockroachdb-statefulset-secure.yaml new file mode 100644 index 000000000..5feb4a669 --- /dev/null +++ b/pkg/commands/testdata/testcase-variable-ref/in/package/cockroachdb-statefulset-secure.yaml @@ -0,0 +1,235 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cockroachdb + labels: + app: cockroachdb +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: cockroachdb + labels: + app: cockroachdb +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: cockroachdb + labels: + app: cockroachdb +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - create + - get + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: cockroachdb + labels: + app: cockroachdb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cockroachdb +subjects: +- kind: ServiceAccount + name: cockroachdb + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: cockroachdb + labels: + app: cockroachdb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cockroachdb +subjects: +- kind: ServiceAccount + name: cockroachdb + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + # This service is meant to be used by clients of the database. It exposes a ClusterIP that will + # automatically load balance connections to the different database pods. + name: cockroachdb-public + labels: + app: cockroachdb +spec: + ports: + # The main port, served by gRPC, serves Postgres-flavor SQL, internode + # traffic and the cli. + - port: 26257 + targetPort: 26257 + name: grpc + # The secondary port serves the UI as well as health and debug endpoints. + - port: 8080 + targetPort: 8080 + name: http + selector: + app: cockroachdb +--- +apiVersion: v1 +kind: Service +metadata: + # This service only exists to create DNS entries for each pod in the stateful + # set such that they can resolve each other's IP addresses. It does not + # create a load-balanced ClusterIP and should not be used directly by clients + # in most circumstances. + name: cockroachdb + labels: + app: cockroachdb + annotations: + # This is needed to make the peer-finder work properly and to help avoid + # edge cases where instance 0 comes up after losing its data and needs to + # decide whether it should create a new cluster or try to join an existing + # one. If it creates a new cluster when it should have joined an existing + # one, we'd end up with two separate clusters listening at the same service + # endpoint, which would be very bad. + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + # Enable automatic monitoring of all instances when Prometheus is running in the cluster. + prometheus.io/scrape: "true" + prometheus.io/path: "_status/vars" + prometheus.io/port: "8080" +spec: + ports: + - port: 26257 + targetPort: 26257 + name: grpc + - port: 8080 + targetPort: 8080 + name: http + clusterIP: None + selector: + app: cockroachdb +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: cockroachdb-budget + labels: + app: cockroachdb +spec: + selector: + matchLabels: + app: cockroachdb + maxUnavailable: 1 +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: cockroachdb +spec: + serviceName: "cockroachdb" + replicas: 3 + template: + metadata: + labels: + app: cockroachdb + spec: + serviceAccountName: cockroachdb + # Init containers are run only once in the lifetime of a pod, before + # it's started up for the first time. It has to exit successfully + # before the pod's main containers are allowed to start. + initContainers: + # The init-certs container sends a certificate signing request to the + # kubernetes cluster. + # You can see pending requests using: kubectl get csr + # CSRs can be approved using: kubectl certificate approve + # + # All addresses used to contact a node must be specified in the --addresses arg. + # + # In addition to the node certificate and key, the init-certs entrypoint will symlink + # the cluster CA to the certs directory. + - name: init-certs + image: cockroachdb/cockroach-k8s-request-cert:0.2 + imagePullPolicy: IfNotPresent + command: + - "/bin/ash" + - "-ecx" + - "/request-cert -namespace=${POD_NAMESPACE} -certs-dir=/cockroach-certs -type=node -addresses=localhost,127.0.0.1,${POD_IP},$(hostname -f),$(hostname -f|cut -f 1-2 -d '.'),$(CDB_PUBLIC_SVC) -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: certs + mountPath: /cockroach-certs + + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - cockroachdb + topologyKey: kubernetes.io/hostname + containers: + - name: cockroachdb + image: cockroachdb/cockroach:v1.1.5 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 26257 + name: grpc + - containerPort: 8080 + name: http + volumeMounts: + - name: datadir + mountPath: /cockroach/cockroach-data + - name: certs + mountPath: /cockroach/cockroach-certs + command: + - "/bin/bash" + - "-ecx" + # The use of qualified `hostname -f` is crucial: + # Other nodes aren't able to look up the unqualified hostname. + # Once 2.0 is out, we should be able to switch from --host to --advertise-host to make port-forwarding work to the main port. + - "exec /cockroach/cockroach start --logtostderr --certs-dir /cockroach/cockroach-certs --host $(hostname -f) --http-host 0.0.0.0 --join $(CDB_STATEFULSET_NAME)-0.$(CDB_STATEFULSET_SVC),$(CDB_STATEFULSET_NAME)-1.$(CDB_STATEFULSET_SVC),$(CDB_STATEFULSET_NAME)-2.$(CDB_STATEFULSET_SVC) --cache 25% --max-sql-memory 25%" + # No pre-stop hook is required, a SIGTERM plus some time is all that's + # needed for graceful shutdown of a node. + terminationGracePeriodSeconds: 60 + volumes: + - name: datadir + persistentVolumeClaim: + claimName: datadir + - name: certs + emptyDir: {} + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: 1Gi diff --git a/pkg/commands/testdata/testcase-variable-ref/in/package/kustomization.yaml b/pkg/commands/testdata/testcase-variable-ref/in/package/kustomization.yaml new file mode 100644 index 000000000..cf7e862bd --- /dev/null +++ b/pkg/commands/testdata/testcase-variable-ref/in/package/kustomization.yaml @@ -0,0 +1,26 @@ +namePrefix: base- +resources: + - cockroachdb-statefulset-secure.yaml +vars: + - name: CDB_PUBLIC_SVC + objref: + kind: Service + name: cockroachdb-public + apiVersion: v1 + fieldref: + fieldpath: metadata.name + - name: CDB_STATEFULSET_NAME + objref: + kind: StatefulSet + name: cockroachdb + apiVersion: apps/v1beta1 + fieldref: + fieldpath: metadata.name + - name: CDB_STATEFULSET_SVC + objref: + kind: Service + name: cockroachdb + apiVersion: v1 + fieldref: + fieldpath: metadata.name + diff --git a/pkg/commands/testdata/testcase-variable-ref/test.yaml b/pkg/commands/testdata/testcase-variable-ref/test.yaml new file mode 100644 index 000000000..7c54440a5 --- /dev/null +++ b/pkg/commands/testdata/testcase-variable-ref/test.yaml @@ -0,0 +1,5 @@ +description: varialbe reference and substitution +args: [] +filename: testdata/testcase-variable-ref/in/overlay/ +expectedStdout: testdata/testcase-variable-ref/expected.yaml +expectedDiff: testdata/testcase-variable-ref/expected.diff