Adding dependencies, binary autostart

opencloud/charts/grafana/templates/tests/test-configmap.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.testFramework.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "grafana.fullname" . }}-test
+  namespace: {{ include "grafana.namespace" . }}
+  annotations:
+    "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }}
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    {{- include "grafana.labels" . | nindent 4 }}
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://{{ include "grafana.fullname" . }}/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+{{- end }}

opencloud/charts/grafana/templates/tests/test-podsecuritypolicy.yaml

@@ -0,0 +1,32 @@
+{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ include "grafana.fullname" . }}-test
+  annotations:
+    "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }}
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    {{- include "grafana.labels" . | nindent 4 }}
+spec:
+  allowPrivilegeEscalation: true
+  privileged: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  fsGroup:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  runAsUser:
+    rule: RunAsAny
+  volumes:
+    - configMap
+    - downwardAPI
+    - emptyDir
+    - projected
+    - csi
+    - secret
+{{- end }}

opencloud/charts/grafana/templates/tests/test-role.yaml

@@ -0,0 +1,17 @@
+{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "grafana.fullname" . }}-test
+  namespace: {{ include "grafana.namespace" . }}
+  annotations:
+    "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }}
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    {{- include "grafana.labels" . | nindent 4 }}
+rules:
+  - apiGroups:      ['policy']
+    resources:      ['podsecuritypolicies']
+    verbs:          ['use']
+    resourceNames:  [{{ include "grafana.fullname" . }}-test]
+{{- end }}

opencloud/charts/grafana/templates/tests/test-rolebinding.yaml

@@ -0,0 +1,20 @@
+{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "grafana.fullname" . }}-test
+  namespace: {{ include "grafana.namespace" . }}
+  annotations:
+    "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }}
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    {{- include "grafana.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "grafana.fullname" . }}-test
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "grafana.serviceAccountNameTest" . }}
+    namespace: {{ include "grafana.namespace" . }}
+{{- end }}

opencloud/charts/grafana/templates/tests/test-serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if and .Values.testFramework.enabled .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    {{- include "grafana.labels" . | nindent 4 }}
+  name: {{ include "grafana.serviceAccountNameTest" . }}
+  namespace: {{ include "grafana.namespace" . }}
+  annotations:
+    "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }}
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+{{- end }}

opencloud/charts/grafana/templates/tests/test.yaml

@@ -0,0 +1,53 @@
+{{- if .Values.testFramework.enabled }}
+{{- $root := . }}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ include "grafana.fullname" . }}-test
+  labels:
+    {{- include "grafana.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }}
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  namespace: {{ include "grafana.namespace" . }}
+spec:
+  serviceAccountName: {{ include "grafana.serviceAccountNameTest" . }}
+  {{- with .Values.testFramework.securityContext }}
+  securityContext:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- if or .Values.image.pullSecrets .Values.global.imagePullSecrets }}
+  imagePullSecrets:
+    {{- include "grafana.imagePullSecrets" (dict "root" $root "imagePullSecrets" .Values.image.pullSecrets) | nindent 4 }}
+  {{- end }}
+  {{- with .Values.nodeSelector }}
+  nodeSelector:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.affinity }}
+  affinity:
+    {{- tpl (toYaml .) $root | nindent 4 }}
+  {{- end }}
+  {{- with .Values.tolerations }}
+  tolerations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  containers:
+    - name: {{ .Release.Name }}-test
+      image: "{{ .Values.global.imageRegistry | default .Values.testFramework.image.registry }}/{{ .Values.testFramework.image.repository }}:{{ .Values.testFramework.image.tag }}"
+      imagePullPolicy: "{{ .Values.testFramework.imagePullPolicy}}"
+      command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
+      volumeMounts:
+        - mountPath: /tests
+          name: tests
+          readOnly: true
+      {{- with .Values.testFramework.resources }}
+      resources:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+  volumes:
+    - name: tests
+      configMap:
+        name: {{ include "grafana.fullname" . }}-test
+  restartPolicy: Never
+{{- end }}