diff --git a/.github/workflows/init-branch-release.yaml b/.github/workflows/init-branch-release.yaml new file mode 100644 index 0000000..861f76b --- /dev/null +++ b/.github/workflows/init-branch-release.yaml @@ -0,0 +1,68 @@ +name: Init Release +on: + workflow_dispatch: + inputs: + TARGET_BRANCH: + description: 'TARGET_BRANCH on which release will be based' + required: true + type: string + + TARGET_VERSION: + description: 'TARGET_VERSION to build kubernetes manifests with using Kustomize' + required: true + type: string + +permissions: {} + +jobs: + prepare-release: + permissions: + contents: write # for peter-evans/create-pull-request to create branch + pull-requests: write # for peter-evans/create-pull-request to create a PR + name: Automatically generate version and manifests on ${{ inputs.TARGET_BRANCH }} + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4.2.2 + with: + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + ref: ${{ inputs.TARGET_BRANCH }} + + - name: Check if TARGET_VERSION is well formed. + run: | + set -xue + # Target version must not contain 'v' prefix + if echo "${{ inputs.TARGET_VERSION }}" | grep -e '^v'; then + echo "::error::Target version '${{ inputs.TARGET_VERSION }}' should not begin with a 'v' prefix, refusing to continue." >&2 + exit 1 + fi + + - name: Create VERSION information + run: | + set -ue + echo "Bumping version from $(cat VERSION) to ${{ inputs.TARGET_VERSION }}" + echo "${{ inputs.TARGET_VERSION }}" > VERSION + + - name: Replace latest tag with version from input + run: | + set -ue + VERSION=${{ inputs.TARGET_VERSION }} make update-manifests-version + git diff + + - name: Generate new set of manifests + run: | + set -ue + make k8s-manifests + git diff + + - name: Create pull request + uses: peter-evans/create-pull-request@v7.0.5 + with: + commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}" + title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch" + body: Updating VERSION and manifests to ${{ inputs.TARGET_VERSION }} + branch: update-version + branch-suffix: random + signoff: true + labels: release diff --git a/.github/workflows/pull_request-helm.yaml b/.github/workflows/pull_request-helm.yaml new file mode 100644 index 0000000..8bb5d60 --- /dev/null +++ b/.github/workflows/pull_request-helm.yaml @@ -0,0 +1,72 @@ +name: Pull Request Workflow for Helm Chart changes + +on: + pull_request: + branches: + - master + paths: + - 'deployments/kubernetes/chart/reloader/**' + +env: + DOCKER_FILE_PATH: Dockerfile + DOCKER_UBI_FILE_PATH: Dockerfile.ubi + KUBERNETES_VERSION: "1.30.0" + KIND_VERSION: "0.23.0" + REGISTRY: ghcr.io + +jobs: + + helm-validation: + permissions: + contents: read + + runs-on: ubuntu-latest + name: Helm Chart Validation + + steps: + + - name: Check out code + uses: actions/checkout@v4 + with: + ref: ${{github.event.pull_request.head.sha}} + fetch-depth: 0 + + # Setting up helm binary + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: v3.11.3 + + - name: Helm chart unit tests + uses: d3adb5/helm-unittest-action@v2 + with: + charts: deployments/kubernetes/chart/reloader + + - name: Add Stakater Helm Repo + run: | + helm repo add stakater https://stakater.github.io/stakater-charts + + - name: Get version for chart from helm repo + id: chart_eval + run: | + current_chart_version=$(helm search repo stakater/reloader | tail -n 1 | awk '{print $2}') + echo "CURRENT_CHART_VERSION=$(echo ${current_chart_version})" >> $GITHUB_OUTPUT + + - name: Get Updated Chart version from Chart.yaml + uses: mikefarah/yq@master + id: new_chart_version + with: + cmd: yq e '.version' deployments/kubernetes/chart/reloader/Chart.yaml + + - name: Check Version + uses: aleoyakas/check-semver-increased-action@v1 + id: check-version + with: + current-version: ${{ steps.new_chart_version.outputs.result }} + previous-version: ${{ steps.chart_eval.outputs.CURRENT_CHART_VERSION }} + + - name: Fail if Helm Chart version isnt updated + if: steps.check-version.outputs.is-version-increased != 'true' + run: | + echo "Helm Chart Version wasnt updated" + exit 1 diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index 1392d8a..fbf22b9 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -1,9 +1,10 @@ -name: Pull Request +name: Pull Request Workflow for Code changes on: pull_request: branches: - master + - 'v**' paths: - '**' - '!.markdownlint.yaml' @@ -13,17 +14,18 @@ on: - '!docs/**' - '!theme_common' - '!theme_override' + - '!deployments/kubernetes/chart/reloader/**' env: DOCKER_FILE_PATH: Dockerfile DOCKER_UBI_FILE_PATH: Dockerfile.ubi - KUBERNETES_VERSION: "1.19.0" - KIND_VERSION: "0.17.0" + KUBERNETES_VERSION: "1.30.0" + KIND_VERSION: "0.23.0" REGISTRY: ghcr.io jobs: qa: - uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.97 + uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.99 with: MD_CONFIG: .github/md_config.json DOC_SRC: README.md @@ -46,6 +48,8 @@ jobs: # Setting up helm binary - name: Set up Helm uses: azure/setup-helm@v4 + with: + version: v3.11.3 - name: Helm chart unit tests uses: d3adb5/helm-unittest-action@v2 @@ -86,8 +90,7 @@ jobs: run: | curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl" sudo install ./kubectl /usr/local/bin/ && rm kubectl - kubectl version --short --client - kubectl version --short --client | grep -q ${KUBERNETES_VERSION} + kubectl version --client=true - name: Install Kind run: | diff --git a/.github/workflows/pull_request_docs.yaml b/.github/workflows/pull_request_docs.yaml index 65d8e07..acf88e9 100644 --- a/.github/workflows/pull_request_docs.yaml +++ b/.github/workflows/pull_request_docs.yaml @@ -15,7 +15,7 @@ on: jobs: qa: - uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.97 + uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.99 with: MD_CONFIG: .github/md_config.json DOC_SRC: docs diff --git a/.github/workflows/push-helm-chart.yaml b/.github/workflows/push-helm-chart.yaml new file mode 100644 index 0000000..404bb49 --- /dev/null +++ b/.github/workflows/push-helm-chart.yaml @@ -0,0 +1,106 @@ +name: Push Helm Chart + +on: + pull_request: + types: + - closed + branches: + - master + paths: + - 'deployments/kubernetes/chart/reloader/**' + - '.github/workflows/push-helm-chart.yaml' + +env: + HELM_REGISTRY_URL: "https://stakater.github.io/stakater-charts" + REGISTRY: ghcr.io + +jobs: + build: + + permissions: + contents: read + packages: write # to push artifacts to `ghcr.io` + + name: Build + if: github.event.pull_request.merged == true + runs-on: ubuntu-latest + + steps: + - name: Check out code + uses: actions/checkout@v4 + with: + token: ${{ secrets.PUBLISH_TOKEN }} + fetch-depth: 0 # otherwise, you will fail to push refs to dest repo + submodules: recursive + + # Setting up helm binary + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: v3.11.3 + + - name: Add Stakater Helm Repo + run: | + helm repo add stakater https://stakater.github.io/stakater-charts + + - name: Get version for chart from helm repo + id: chart_eval + run: | + current_chart_version=$(helm search repo stakater/reloader | tail -n 1 | awk '{print $2}') + echo "CURRENT_CHART_VERSION=$(echo ${current_chart_version})" >> $GITHUB_OUTPUT + + - name: Get Updated Chart version from Chart.yaml + uses: mikefarah/yq@master + id: new_chart_version + with: + cmd: yq e '.version' deployments/kubernetes/chart/reloader/Chart.yaml + + - name: Check Version + uses: aleoyakas/check-semver-increased-action@v1 + id: check-version + with: + current-version: ${{ steps.new_chart_version.outputs.result }} + previous-version: ${{ steps.chart_eval.outputs.CURRENT_CHART_VERSION }} + + - name: Fail if Helm Chart version isnt updated + if: steps.check-version.outputs.is-version-increased != 'true' + run: | + echo "Helm Chart Version wasnt updated" + exit 1 + + - name: Login to GHCR Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: stakater-user + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Publish Helm chart to ghcr.io + run: | + helm package ./deployments/kubernetes/chart/reloader --destination ./packaged-chart + helm push ./packaged-chart/*.tgz oci://ghcr.io/stakater/charts + rm -rf ./packaged-chart + + - name: Publish Helm chart to gh-pages + uses: stefanprodan/helm-gh-pages@master + with: + branch: master + repository: stakater-charts + target_dir: docs + token: ${{ secrets.GHCR_TOKEN }} + charts_dir: deployments/kubernetes/chart/ + charts_url: ${{ env.HELM_REGISTRY_URL }} + owner: stakater + linting: on + commit_username: stakater-user + commit_email: stakater@gmail.com + + - name: Notify Slack + uses: 8398a7/action-slack@v3 + if: always() # Pick up events even if the job fails or is canceled. + with: + status: ${{ job.status }} + fields: repo,author,action,eventName,ref,workflow + env: + GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }} + SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }} diff --git a/.github/workflows/push-pr-image.yaml b/.github/workflows/push-pr-image.yaml new file mode 100644 index 0000000..2791744 --- /dev/null +++ b/.github/workflows/push-pr-image.yaml @@ -0,0 +1,86 @@ +name: Push PR Image on Label + +on: + pull_request: + branches: + - master + types: [ labeled ] + +env: + DOCKER_FILE_PATH: Dockerfile + REGISTRY: ghcr.io + +jobs: + + build-and-push-pr-image: + permissions: + contents: read + + runs-on: ubuntu-latest + name: Build and Push PR Image + if: ${{ github.event.label.name == 'build-and-push-pr-image' }} + steps: + - name: Check out code + uses: actions/checkout@v4 + with: + ref: ${{github.event.pull_request.head.sha}} + fetch-depth: 0 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + check-latest: true + cache: true + + - name: Install Dependencies + run: | + make install + + - name: Run golangci-lint + uses: golangci/golangci-lint-action@v5 + with: + version: latest + only-new-issues: false + args: --timeout 10m + + - name: Generate Tags + id: generate_tag + run: | + sha=${{ github.event.pull_request.head.sha }} + tag="SNAPSHOT-PR-${{ github.event.pull_request.number }}-${sha:0:8}" + echo "GIT_TAG=$(echo ${tag})" >> $GITHUB_OUTPUT + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Generate image repository path for ghcr registry + run: | + echo GHCR_IMAGE_REPOSITORY=${{env.REGISTRY}}/$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV + + - name: Login to ghcr registry + uses: docker/login-action@v3 + with: + registry: ${{env.REGISTRY}} + username: stakater-user + password: ${{secrets.GITHUB_TOKEN}} + + - name: Build Docker Image + uses: docker/build-push-action@v6 + with: + context: . + file: ${{ env.DOCKER_FILE_PATH }} + pull: true + push: true + build-args: BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }} + cache-to: type=inline + platforms: linux/amd64,linux/arm,linux/arm64 + tags: | + ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_TAG }} + labels: | + org.opencontainers.image.source=${{ github.event.repository.clone_url }} + org.opencontainers.image.created=${{ steps.prep.outputs.created }} + org.opencontainers.image.revision=${{ github.sha }} diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index dff2989..626e506 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -6,12 +6,13 @@ on: - closed branches: - master + - 'v**' env: DOCKER_FILE_PATH: Dockerfile DOCKER_UBI_FILE_PATH: Dockerfile.ubi - KUBERNETES_VERSION: "1.19.0" - KIND_VERSION: "0.17.0" + KUBERNETES_VERSION: "1.30.0" + KIND_VERSION: "0.23.0" HELM_REGISTRY_URL: "https://stakater.github.io/stakater-charts" REGISTRY: ghcr.io @@ -62,8 +63,7 @@ jobs: run: | curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl" sudo install ./kubectl /usr/local/bin/ && rm kubectl - kubectl version --short --client - kubectl version --short --client | grep -q ${KUBERNETES_VERSION} + kubectl version --client=true - name: Install Kind run: | @@ -207,76 +207,6 @@ jobs: org.opencontainers.image.source=${{ github.event.repository.clone_url }} org.opencontainers.image.revision=${{ github.sha }} - ############################## - ## Add steps to generate required artifacts for a release here(helm chart, operator manifest etc.) - ############################## - - # Skip pushing plain manifests till we decide what to do with them - - # - name: Helm Template - # run: | - # helm template reloader deployments/kubernetes/chart/reloader/ \ - # --set reloader.deployment.resources.limits.cpu=150m \ - # --set reloader.deployment.resources.limits.memory=512Mi \ - # --set reloader.deployment.resources.requests.cpu=10m \ - # --set reloader.deployment.resources.requests.memory=128Mi > deployments/kubernetes/reloader.yaml - - # helm template reloader deployments/kubernetes/chart/reloader/ --output-dir deployments/kubernetes/manifests && mv deployments/kubernetes/manifests/reloader/templates/* deployments/kubernetes/manifests/ && rm -r deployments/kubernetes/manifests/reloader - - # - name: Remove labels and annotations from manifests - # run: make remove-labels-annotations - - # Charts are to be pushed to a separate repo with a separate release cycle - - # # Publish helm chart - # - name: Login to ghcr via helm - # run: | - # echo ${{secrets.GITHUB_TOKEN}} | helm registry login ghcr.io/stakater --username stakater-user --password-stdin - - # - name: Publish Helm chart to ghcr.io - # run: | - # helm package ./deployments/kubernetes/chart/reloader --destination ./packaged-chart - # helm push ./packaged-chart/*.tgz oci://ghcr.io/stakater/charts - # rm -rf ./packaged-chart - - # - name: Publish Helm chart to gh-pages - # uses: stefanprodan/helm-gh-pages@master - # with: - # branch: master - # repository: stakater-charts - # target_dir: docs - # token: ${{ secrets.STAKATER_GITHUB_TOKEN }} - # charts_dir: deployments/kubernetes/chart/ - # charts_url: ${{ env.HELM_REGISTRY_URL }} - # owner: stakater - # linting: on - # commit_username: stakater-user - # commit_email: stakater@gmail.com - - # # Commit back changes - # - name: Log info about `.git` directory permissions - # run: | - # # Debug logging - # echo "Disk usage: " - # df -H - - # echo ".git files not owned by current user or current group:" - # find .git ! -user $(id -u) -o ! -group $(id -g) | xargs ls -lah - - # - name: Commit files - # run: | - # git config --local user.email "stakater@gmail.com" - # git config --local user.name "stakater-user" - # git status - # git add . - # git commit -m "[skip-ci] Update artifacts" -a - - # - name: Push changes - # uses: ad-m/github-push-action@master - # with: - # github_token: ${{ secrets.STAKATER_GITHUB_TOKEN }} - # branch: ${{ github.ref }} - - name: Push Latest Tag uses: anothrNick/github-tag-action@1.71.0 env: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a7a812c..0758597 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,8 +7,8 @@ on: env: DOCKER_FILE_PATH: Dockerfile DOCKER_UBI_FILE_PATH: Dockerfile.ubi - KUBERNETES_VERSION: "1.19.0" - KIND_VERSION: "0.17.0" + KUBERNETES_VERSION: "1.30.0" + KIND_VERSION: "0.23.0" REGISTRY: ghcr.io jobs: @@ -57,8 +57,7 @@ jobs: run: | curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl" sudo install ./kubectl /usr/local/bin/ && rm kubectl - kubectl version --short --client - kubectl version --short --client | grep -q ${KUBERNETES_VERSION} + kubectl version --client=true - name: Install Kind run: | diff --git a/.gitignore b/.gitignore index 95b8b63..73da63e 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ styles/ site/ /mkdocs.yml yq +bin \ No newline at end of file diff --git a/Makefile b/Makefile index 5a2a6c2..5668d59 100644 --- a/Makefile +++ b/Makefile @@ -24,6 +24,75 @@ LDFLAGS = GOPROXY ?= GOPRIVATE ?= +## Location to install dependencies to +LOCALBIN ?= $(shell pwd)/bin +$(LOCALBIN): + mkdir -p $(LOCALBIN) + +## Tool Binaries +KUBECTL ?= kubectl +KUSTOMIZE ?= $(LOCALBIN)/kustomize-$(KUSTOMIZE_VERSION) +CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) +ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION) +GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION) +YQ ?= $(LOCALBIN)/yq + +## Tool Versions +KUSTOMIZE_VERSION ?= v5.3.0 +CONTROLLER_TOOLS_VERSION ?= v0.14.0 +ENVTEST_VERSION ?= release-0.17 +GOLANGCI_LINT_VERSION ?= v1.57.2 + +YQ_VERSION ?= v4.27.5 +YQ_DOWNLOAD_URL = "https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_$(OS)_$(ARCH)" + + +.PHONY: yq +yq: $(YQ) ## Download YQ locally if needed +$(YQ): + @test -d $(LOCALBIN) || mkdir -p $(LOCALBIN) + @curl --retry 3 -fsSL $(YQ_DOWNLOAD_URL) -o $(YQ) || { \ + echo "Failed to download yq from $(YQ_DOWNLOAD_URL). Please check the URL and your network connection."; \ + exit 1; \ + } + @chmod +x $(YQ) + @echo "yq downloaded successfully to $(YQ)." + + +.PHONY: kustomize +kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. +$(KUSTOMIZE): $(LOCALBIN) + $(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION)) + +.PHONY: controller-gen +controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. +$(CONTROLLER_GEN): $(LOCALBIN) + $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION)) + +.PHONY: envtest +envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. +$(ENVTEST): $(LOCALBIN) + $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) + +.PHONY: golangci-lint +golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary. +$(GOLANGCI_LINT): $(LOCALBIN) + $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,${GOLANGCI_LINT_VERSION}) + +# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist +# $1 - target path with name of binary (ideally with version) +# $2 - package url which can be installed +# $3 - specific version of package +define go-install-tool +@[ -f $(1) ] || { \ +set -e; \ +package=$(2)@$(3) ;\ +echo "Downloading $${package}" ;\ +GOBIN=$(LOCALBIN) go install $${package} ;\ +mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\ +} +endef + default: build test install: @@ -80,9 +149,16 @@ apply: deploy: binary-image push apply +.PHONY: k8s-manifests +k8s-manifests: $(KUSTOMIZE) ## Generate k8s manifests using Kustomize from 'manifests' folder + $(KUSTOMIZE) build ./deployments/kubernetes/ -o ./deployments/kubernetes/reloader.yaml + +.PHONY: update-manifests-version +update-manifests-version: ## Generate k8s manifests using Kustomize from 'manifests' folder + sed -i 's/image:.*/image: \"ghcr.io\/stakater\/reloader:v$(VERSION)"/g' deployments/kubernetes/manifests/deployment.yaml + # Bump Chart bump-chart: - sed -i "s/^version:.*/version: $(VERSION)/" deployments/kubernetes/chart/reloader/Chart.yaml sed -i "s/^appVersion:.*/appVersion: v$(VERSION)/" deployments/kubernetes/chart/reloader/Chart.yaml sed -i "s/tag:.*/tag: v$(VERSION)/" deployments/kubernetes/chart/reloader/values.yaml sed -i "s/version:.*/version: v$(VERSION)/" deployments/kubernetes/chart/reloader/values.yaml @@ -98,13 +174,3 @@ yq-install: @curl -sL $(YQ_DOWNLOAD_URL) -o $(YQ_BIN) @chmod +x $(YQ_BIN) @echo "yq $(YQ_VERSION) installed at $(YQ_BIN)" - -remove-labels-annotations: yq-install - @for file in $$(find deployments/kubernetes/manifests -type f -name '*.yaml'); do \ - echo "Processing $$file"; \ - $(YQ_BIN) eval 'del(.metadata.labels, .metadata.annotations)' -i "$$file"; \ - done - $(YQ_BIN) eval 'del(.spec.template.metadata.labels)' -i deployments/kubernetes/manifests/deployment.yaml - $(YQ_BIN) eval 'del(.spec.selector.matchLabels)' -i deployments/kubernetes/manifests/deployment.yaml - $(YQ_BIN) eval '.spec.selector.matchLabels.app = "reloader-reloader"' -i deployments/kubernetes/manifests/deployment.yaml - $(YQ_BIN) eval '.spec.template.metadata.labels.app = "reloader-reloader"' -i deployments/kubernetes/manifests/deployment.yaml diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..1cc5f65 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +1.1.0 \ No newline at end of file diff --git a/deployments/kubernetes/chart/reloader/Chart.yaml b/deployments/kubernetes/chart/reloader/Chart.yaml index 51141e5..28a0922 100644 --- a/deployments/kubernetes/chart/reloader/Chart.yaml +++ b/deployments/kubernetes/chart/reloader/Chart.yaml @@ -3,8 +3,8 @@ apiVersion: v1 name: reloader description: Reloader chart that runs on kubernetes -version: 1.0.122 -appVersion: v1.0.122 +version: 1.2.0 +appVersion: v1.2.0 keywords: - Reloader - kubernetes diff --git a/deployments/kubernetes/chart/reloader/templates/clusterrole.yaml b/deployments/kubernetes/chart/reloader/templates/clusterrole.yaml index e3175fc..ad3465a 100644 --- a/deployments/kubernetes/chart/reloader/templates/clusterrole.yaml +++ b/deployments/kubernetes/chart/reloader/templates/clusterrole.yaml @@ -76,16 +76,6 @@ rules: - get - update - patch - - apiGroups: - - "extensions" - resources: - - deployments - - daemonsets - verbs: - - list - - get - - update - - patch - apiGroups: - "batch" resources: diff --git a/deployments/kubernetes/chart/reloader/values.yaml b/deployments/kubernetes/chart/reloader/values.yaml index 155662c..9e9be80 100644 --- a/deployments/kubernetes/chart/reloader/values.yaml +++ b/deployments/kubernetes/chart/reloader/values.yaml @@ -96,11 +96,11 @@ reloader: labels: provider: stakater group: com.stakater.platform - version: v1.0.121 + version: v1.2.0 image: name: ghcr.io/stakater/reloader base: stakater/reloader - tag: v1.0.121 + tag: v1.2.0 pullPolicy: IfNotPresent # Support for extra environment variables. env: diff --git a/deployments/kubernetes/manifests/deployment.yaml b/deployments/kubernetes/manifests/deployment.yaml index faa06fc..fb80fa4 100644 --- a/deployments/kubernetes/manifests/deployment.yaml +++ b/deployments/kubernetes/manifests/deployment.yaml @@ -17,7 +17,7 @@ spec: app: reloader-reloader spec: containers: - - image: "ghcr.io/stakater/reloader:latest" + - image: "ghcr.io/stakater/reloader:v1.1.0" imagePullPolicy: IfNotPresent name: reloader-reloader env: @@ -53,6 +53,13 @@ spec: successThreshold: 1 initialDelaySeconds: 10 securityContext: {} + resources: + limits: + cpu: "1" + memory: 512Mi + requests: + cpu: 10m + memory: 512Mi securityContext: runAsNonRoot: true runAsUser: 65534 diff --git a/deployments/kubernetes/reloader.yaml b/deployments/kubernetes/reloader.yaml index 4379563..881ba34 100644 --- a/deployments/kubernetes/reloader.yaml +++ b/deployments/kubernetes/reloader.yaml @@ -1,127 +1,81 @@ ---- -# Source: reloader/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - annotations: - meta.helm.sh/release-namespace: "default" - meta.helm.sh/release-name: "reloader" - labels: - app: reloader-reloader - chart: "reloader-1.0.121" - release: "reloader" - heritage: "Helm" - app.kubernetes.io/managed-by: "Helm" name: reloader-reloader namespace: default --- -# Source: reloader/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole metadata: - annotations: - meta.helm.sh/release-namespace: "default" - meta.helm.sh/release-name: "reloader" - labels: - app: reloader-reloader - chart: "reloader-1.0.121" - release: "reloader" - heritage: "Helm" - app.kubernetes.io/managed-by: "Helm" name: reloader-reloader-role rules: - - apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - list - - get - - watch - - apiGroups: - - "apps" - resources: - - deployments - - daemonsets - - statefulsets - verbs: - - list - - get - - update - - patch - - apiGroups: - - "extensions" - resources: - - deployments - - daemonsets - verbs: - - list - - get - - update - - patch - - apiGroups: - - "batch" - resources: - - cronjobs - verbs: - - list - - get - - apiGroups: - - "batch" - resources: - - jobs - verbs: - - create - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - list + - get + - watch +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - statefulsets + verbs: + - list + - get + - update + - patch +- apiGroups: + - extensions + resources: + - deployments + - daemonsets + verbs: + - list + - get + - update + - patch +- apiGroups: + - batch + resources: + - cronjobs + verbs: + - list + - get +- apiGroups: + - batch + resources: + - jobs + verbs: + - create +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- -# Source: reloader/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding metadata: - annotations: - meta.helm.sh/release-namespace: "default" - meta.helm.sh/release-name: "reloader" - labels: - app: reloader-reloader - chart: "reloader-1.0.121" - release: "reloader" - heritage: "Helm" - app.kubernetes.io/managed-by: "Helm" name: reloader-reloader-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: reloader-reloader-role subjects: - - kind: ServiceAccount - name: reloader-reloader - namespace: default +- kind: ServiceAccount + name: reloader-reloader + namespace: default --- -# Source: reloader/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - annotations: - meta.helm.sh/release-namespace: "default" - meta.helm.sh/release-name: "reloader" - labels: - app: reloader-reloader - chart: "reloader-1.0.121" - release: "reloader" - heritage: "Helm" - app.kubernetes.io/managed-by: "Helm" - group: com.stakater.platform - provider: stakater - version: latest name: reloader-reloader namespace: default spec: @@ -130,56 +84,47 @@ spec: selector: matchLabels: app: reloader-reloader - release: "reloader" template: metadata: labels: app: reloader-reloader - chart: "reloader-1.0.121" - release: "reloader" - heritage: "Helm" - app.kubernetes.io/managed-by: "Helm" - group: com.stakater.platform - provider: stakater - version: latest spec: containers: - - image: "ghcr.io/stakater/reloader:latest" - imagePullPolicy: IfNotPresent - name: reloader-reloader - env: + - env: - name: GOMAXPROCS valueFrom: resourceFieldRef: + divisor: "1" resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: + divisor: "1" resource: limits.memory - ports: - - name: http - containerPort: 9090 + image: "ghcr.io/stakater/reloader:latest" + imagePullPolicy: IfNotPresent livenessProbe: + failureThreshold: 5 httpGet: path: /live port: http - timeoutSeconds: 5 - failureThreshold: 5 + initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 - initialDelaySeconds: 10 + timeoutSeconds: 5 + name: reloader-reloader + ports: + - containerPort: 9090 + name: http readinessProbe: + failureThreshold: 5 httpGet: path: /metrics port: http - timeoutSeconds: 5 - failureThreshold: 5 + initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 - initialDelaySeconds: 10 - - securityContext: - {} + timeoutSeconds: 5 resources: limits: cpu: "1" @@ -187,7 +132,8 @@ spec: requests: cpu: 10m memory: 512Mi - securityContext: + securityContext: {} + securityContext: runAsNonRoot: true runAsUser: 65534 seccompProfile: diff --git a/internal/pkg/handler/upgrade.go b/internal/pkg/handler/upgrade.go index 78d675c..ad4e875 100644 --- a/internal/pkg/handler/upgrade.go +++ b/internal/pkg/handler/upgrade.go @@ -199,6 +199,9 @@ func PerformAction(clients kube.Clients, config util.Config, upgradeFuncs callba searchAnnotationValue, foundSearchAnn := annotations[options.AutoSearchAnnotation] reloaderEnabledValue, foundAuto := annotations[options.ReloaderAutoAnnotation] typedAutoAnnotationEnabledValue, foundTypedAuto := annotations[config.TypedAutoAnnotation] + excludeConfigmapAnnotationValue, foundExcludeConfigmap := annotations[options.ConfigmapExcludeReloaderAnnotation] + excludeSecretAnnotationValue, foundExcludeSecret := annotations[options.SecretExcludeReloaderAnnotation] + if !found && !foundAuto && !foundTypedAuto && !foundSearchAnn { annotations = upgradeFuncs.PodAnnotationsFunc(i) annotationValue = annotations[config.Annotation] @@ -206,6 +209,24 @@ func PerformAction(clients kube.Clients, config util.Config, upgradeFuncs callba reloaderEnabledValue = annotations[options.ReloaderAutoAnnotation] typedAutoAnnotationEnabledValue = annotations[config.TypedAutoAnnotation] } + + isResourceExcluded := false + + switch config.Type { + case constants.ConfigmapEnvVarPostfix: + if foundExcludeConfigmap { + isResourceExcluded = checkIfResourceIsExcluded(config.ResourceName, excludeConfigmapAnnotationValue) + } + case constants.SecretEnvVarPostfix: + if foundExcludeSecret { + isResourceExcluded = checkIfResourceIsExcluded(config.ResourceName, excludeSecretAnnotationValue) + } + } + + if isResourceExcluded { + continue + } + result := constants.NotUpdated reloaderEnabled, _ := strconv.ParseBool(reloaderEnabledValue) typedAutoAnnotationEnabled, _ := strconv.ParseBool(typedAutoAnnotationEnabledValue) @@ -275,6 +296,21 @@ func PerformAction(clients kube.Clients, config util.Config, upgradeFuncs callba return nil } +func checkIfResourceIsExcluded(resourceName, excludedResources string) bool { + if excludedResources == "" { + return false + } + + excludedResourcesList := strings.Split(excludedResources, ",") + for _, excludedResource := range excludedResourcesList { + if strings.TrimSpace(excludedResource) == resourceName { + return true + } + } + + return false +} + func getVolumeMountName(volumes []v1.Volume, mountType string, volumeName string) string { for i := range volumes { if mountType == constants.ConfigmapEnvVarPostfix { diff --git a/internal/pkg/handler/upgrade_test.go b/internal/pkg/handler/upgrade_test.go index cd1b81b..2b71740 100644 --- a/internal/pkg/handler/upgrade_test.go +++ b/internal/pkg/handler/upgrade_test.go @@ -26,48 +26,52 @@ import ( var ( clients = kube.Clients{KubernetesClient: testclient.NewSimpleClientset()} - arsNamespace = "test-handler-" + testutil.RandSeq(5) - arsConfigmapName = "testconfigmap-handler-" + testutil.RandSeq(5) - arsSecretName = "testsecret-handler-" + testutil.RandSeq(5) - arsProjectedConfigMapName = "testprojectedconfigmap-handler-" + testutil.RandSeq(5) - arsProjectedSecretName = "testprojectedsecret-handler-" + testutil.RandSeq(5) - arsConfigmapWithInitContainer = "testconfigmapInitContainerhandler-" + testutil.RandSeq(5) - arsSecretWithInitContainer = "testsecretWithInitContainer-handler-" + testutil.RandSeq(5) - arsProjectedConfigMapWithInitContainer = "testProjectedConfigMapWithInitContainer-handler" + testutil.RandSeq(5) - arsProjectedSecretWithInitContainer = "testProjectedSecretWithInitContainer-handler" + testutil.RandSeq(5) - arsConfigmapWithInitEnv = "configmapWithInitEnv-" + testutil.RandSeq(5) - arsSecretWithInitEnv = "secretWithInitEnv-handler-" + testutil.RandSeq(5) - arsConfigmapWithEnvName = "testconfigmapWithEnv-handler-" + testutil.RandSeq(5) - arsConfigmapWithEnvFromName = "testconfigmapWithEnvFrom-handler-" + testutil.RandSeq(5) - arsSecretWithEnvName = "testsecretWithEnv-handler-" + testutil.RandSeq(5) - arsSecretWithEnvFromName = "testsecretWithEnvFrom-handler-" + testutil.RandSeq(5) - arsConfigmapWithPodAnnotations = "testconfigmapPodAnnotations-handler-" + testutil.RandSeq(5) - arsConfigmapWithBothAnnotations = "testconfigmapBothAnnotations-handler-" + testutil.RandSeq(5) - arsConfigmapAnnotated = "testconfigmapAnnotated-handler-" + testutil.RandSeq(5) - arsConfigMapWithNonAnnotatedDeployment = "testconfigmapNonAnnotatedDeployment-handler-" + testutil.RandSeq(5) - arsSecretWithSecretAutoAnnotation = "testsecretwithsecretautoannotationdeployment-handler-" + testutil.RandSeq(5) - arsConfigmapWithConfigMapAutoAnnotation = "testconfigmapwithconfigmapautoannotationdeployment-handler-" + testutil.RandSeq(5) + arsNamespace = "test-handler-" + testutil.RandSeq(5) + arsConfigmapName = "testconfigmap-handler-" + testutil.RandSeq(5) + arsSecretName = "testsecret-handler-" + testutil.RandSeq(5) + arsProjectedConfigMapName = "testprojectedconfigmap-handler-" + testutil.RandSeq(5) + arsProjectedSecretName = "testprojectedsecret-handler-" + testutil.RandSeq(5) + arsConfigmapWithInitContainer = "testconfigmapInitContainerhandler-" + testutil.RandSeq(5) + arsSecretWithInitContainer = "testsecretWithInitContainer-handler-" + testutil.RandSeq(5) + arsProjectedConfigMapWithInitContainer = "testProjectedConfigMapWithInitContainer-handler" + testutil.RandSeq(5) + arsProjectedSecretWithInitContainer = "testProjectedSecretWithInitContainer-handler" + testutil.RandSeq(5) + arsConfigmapWithInitEnv = "configmapWithInitEnv-" + testutil.RandSeq(5) + arsSecretWithInitEnv = "secretWithInitEnv-handler-" + testutil.RandSeq(5) + arsConfigmapWithEnvName = "testconfigmapWithEnv-handler-" + testutil.RandSeq(5) + arsConfigmapWithEnvFromName = "testconfigmapWithEnvFrom-handler-" + testutil.RandSeq(5) + arsSecretWithEnvName = "testsecretWithEnv-handler-" + testutil.RandSeq(5) + arsSecretWithEnvFromName = "testsecretWithEnvFrom-handler-" + testutil.RandSeq(5) + arsConfigmapWithPodAnnotations = "testconfigmapPodAnnotations-handler-" + testutil.RandSeq(5) + arsConfigmapWithBothAnnotations = "testconfigmapBothAnnotations-handler-" + testutil.RandSeq(5) + arsConfigmapAnnotated = "testconfigmapAnnotated-handler-" + testutil.RandSeq(5) + arsConfigMapWithNonAnnotatedDeployment = "testconfigmapNonAnnotatedDeployment-handler-" + testutil.RandSeq(5) + arsSecretWithSecretAutoAnnotation = "testsecretwithsecretautoannotationdeployment-handler-" + testutil.RandSeq(5) + arsConfigmapWithConfigMapAutoAnnotation = "testconfigmapwithconfigmapautoannotationdeployment-handler-" + testutil.RandSeq(5) + arsSecretWithExcludeSecretAnnotation = "testsecretwithsecretexcludeannotationdeployment-handler-" + testutil.RandSeq(5) + arsConfigmapWithExcludeConfigMapAnnotation = "testconfigmapwithconfigmapexcludeannotationdeployment-handler-" + testutil.RandSeq(5) - ersNamespace = "test-handler-" + testutil.RandSeq(5) - ersConfigmapName = "testconfigmap-handler-" + testutil.RandSeq(5) - ersSecretName = "testsecret-handler-" + testutil.RandSeq(5) - ersProjectedConfigMapName = "testprojectedconfigmap-handler-" + testutil.RandSeq(5) - ersProjectedSecretName = "testprojectedsecret-handler-" + testutil.RandSeq(5) - ersConfigmapWithInitContainer = "testconfigmapInitContainerhandler-" + testutil.RandSeq(5) - ersSecretWithInitContainer = "testsecretWithInitContainer-handler-" + testutil.RandSeq(5) - ersProjectedConfigMapWithInitContainer = "testProjectedConfigMapWithInitContainer-handler" + testutil.RandSeq(5) - ersProjectedSecretWithInitContainer = "testProjectedSecretWithInitContainer-handler" + testutil.RandSeq(5) - ersConfigmapWithInitEnv = "configmapWithInitEnv-" + testutil.RandSeq(5) - ersSecretWithInitEnv = "secretWithInitEnv-handler-" + testutil.RandSeq(5) - ersConfigmapWithEnvName = "testconfigmapWithEnv-handler-" + testutil.RandSeq(5) - ersConfigmapWithEnvFromName = "testconfigmapWithEnvFrom-handler-" + testutil.RandSeq(5) - ersSecretWithEnvName = "testsecretWithEnv-handler-" + testutil.RandSeq(5) - ersSecretWithEnvFromName = "testsecretWithEnvFrom-handler-" + testutil.RandSeq(5) - ersConfigmapWithPodAnnotations = "testconfigmapPodAnnotations-handler-" + testutil.RandSeq(5) - ersConfigmapWithBothAnnotations = "testconfigmapBothAnnotations-handler-" + testutil.RandSeq(5) - ersConfigmapAnnotated = "testconfigmapAnnotated-handler-" + testutil.RandSeq(5) - ersSecretWithSecretAutoAnnotation = "testsecretwithsecretautoannotationdeployment-handler-" + testutil.RandSeq(5) - ersConfigmapWithConfigMapAutoAnnotation = "testconfigmapwithconfigmapautoannotationdeployment-handler-" + testutil.RandSeq(5) + ersNamespace = "test-handler-" + testutil.RandSeq(5) + ersConfigmapName = "testconfigmap-handler-" + testutil.RandSeq(5) + ersSecretName = "testsecret-handler-" + testutil.RandSeq(5) + ersProjectedConfigMapName = "testprojectedconfigmap-handler-" + testutil.RandSeq(5) + ersProjectedSecretName = "testprojectedsecret-handler-" + testutil.RandSeq(5) + ersConfigmapWithInitContainer = "testconfigmapInitContainerhandler-" + testutil.RandSeq(5) + ersSecretWithInitContainer = "testsecretWithInitContainer-handler-" + testutil.RandSeq(5) + ersProjectedConfigMapWithInitContainer = "testProjectedConfigMapWithInitContainer-handler" + testutil.RandSeq(5) + ersProjectedSecretWithInitContainer = "testProjectedSecretWithInitContainer-handler" + testutil.RandSeq(5) + ersConfigmapWithInitEnv = "configmapWithInitEnv-" + testutil.RandSeq(5) + ersSecretWithInitEnv = "secretWithInitEnv-handler-" + testutil.RandSeq(5) + ersConfigmapWithEnvName = "testconfigmapWithEnv-handler-" + testutil.RandSeq(5) + ersConfigmapWithEnvFromName = "testconfigmapWithEnvFrom-handler-" + testutil.RandSeq(5) + ersSecretWithEnvName = "testsecretWithEnv-handler-" + testutil.RandSeq(5) + ersSecretWithEnvFromName = "testsecretWithEnvFrom-handler-" + testutil.RandSeq(5) + ersConfigmapWithPodAnnotations = "testconfigmapPodAnnotations-handler-" + testutil.RandSeq(5) + ersConfigmapWithBothAnnotations = "testconfigmapBothAnnotations-handler-" + testutil.RandSeq(5) + ersConfigmapAnnotated = "testconfigmapAnnotated-handler-" + testutil.RandSeq(5) + ersSecretWithSecretAutoAnnotation = "testsecretwithsecretautoannotationdeployment-handler-" + testutil.RandSeq(5) + ersConfigmapWithConfigMapAutoAnnotation = "testconfigmapwithconfigmapautoannotationdeployment-handler-" + testutil.RandSeq(5) + ersSecretWithSecretExcludeAnnotation = "testsecretwithsecretexcludeannotationdeployment-handler-" + testutil.RandSeq(5) + ersConfigmapWithConfigMapExcludeAnnotation = "testconfigmapwithconfigmapexcludeannotationdeployment-handler-" + testutil.RandSeq(5) ) func TestMain(m *testing.M) { @@ -196,6 +200,18 @@ func setupArs() { logrus.Errorf("Error in configmap creation: %v", err) } + // Creating secret used with secret auto annotation + _, err = testutil.CreateSecret(clients.KubernetesClient, arsNamespace, arsSecretWithExcludeSecretAnnotation, data) + if err != nil { + logrus.Errorf("Error in secret creation: %v", err) + } + + // Creating configmap used with configmap auto annotation + _, err = testutil.CreateConfigMap(clients.KubernetesClient, arsNamespace, arsConfigmapWithExcludeConfigMapAnnotation, "www.google.com") + if err != nil { + logrus.Errorf("Error in configmap creation: %v", err) + } + // Creating Deployment with configmap _, err = testutil.CreateDeployment(clients.KubernetesClient, arsConfigmapName, arsNamespace, true) if err != nil { @@ -309,6 +325,18 @@ func setupArs() { logrus.Errorf("Error in Deployment with configmap and with configmap auto annotation: %v", err) } + // Creating Deployment with secret and exclude secret annotation + _, err = testutil.CreateDeploymentWithExcludeAnnotation(clients.KubernetesClient, arsSecretWithExcludeSecretAnnotation, arsNamespace, testutil.SecretResourceType) + if err != nil { + logrus.Errorf("Error in Deployment with secret and with secret exclude annotation: %v", err) + } + + // Creating Deployment with secret and exclude configmap annotation + _, err = testutil.CreateDeploymentWithExcludeAnnotation(clients.KubernetesClient, arsConfigmapWithExcludeConfigMapAnnotation, arsNamespace, testutil.ConfigmapResourceType) + if err != nil { + logrus.Errorf("Error in Deployment with configmap and with configmap exclude annotation: %v", err) + } + // Creating DaemonSet with configmap _, err = testutil.CreateDaemonSet(clients.KubernetesClient, arsConfigmapName, arsNamespace, true) if err != nil { @@ -510,6 +538,18 @@ func teardownArs() { logrus.Errorf("Error while deleting deployment with configmap auto annotation %v", deploymentError) } + // Deleting Deployment with secret and exclude secret annotation + deploymentError = testutil.DeleteDeployment(clients.KubernetesClient, arsNamespace, arsSecretWithExcludeSecretAnnotation) + if deploymentError != nil { + logrus.Errorf("Error while deleting deployment with secret auto annotation %v", deploymentError) + } + + // Deleting Deployment with configmap and exclude configmap annotation + deploymentError = testutil.DeleteDeployment(clients.KubernetesClient, arsNamespace, arsConfigmapWithExcludeConfigMapAnnotation) + if deploymentError != nil { + logrus.Errorf("Error while deleting deployment with configmap auto annotation %v", deploymentError) + } + // Deleting DaemonSet with configmap daemonSetError := testutil.DeleteDaemonSet(clients.KubernetesClient, arsNamespace, arsConfigmapName) if daemonSetError != nil { @@ -683,6 +723,18 @@ func teardownArs() { logrus.Errorf("Error while deleting the configmap used with configmap auto annotations: %v", err) } + // Deleting Secret used with exclude secret annotation + err = testutil.DeleteSecret(clients.KubernetesClient, arsNamespace, arsSecretWithExcludeSecretAnnotation) + if err != nil { + logrus.Errorf("Error while deleting the secret used with secret auto annotations: %v", err) + } + + // Deleting ConfigMap used with exclude configmap annotation + err = testutil.DeleteConfigMap(clients.KubernetesClient, arsNamespace, arsConfigmapWithExcludeConfigMapAnnotation) + if err != nil { + logrus.Errorf("Error while deleting the configmap used with configmap auto annotations: %v", err) + } + // Deleting namespace testutil.DeleteNamespace(arsNamespace, clients.KubernetesClient) @@ -787,6 +839,18 @@ func setupErs() { logrus.Errorf("Error in configmap creation: %v", err) } + // Creating secret used with secret exclude annotation + _, err = testutil.CreateSecret(clients.KubernetesClient, ersNamespace, ersSecretWithSecretExcludeAnnotation, data) + if err != nil { + logrus.Errorf("Error in secret creation: %v", err) + } + + // Creating configmap used with configmap exclude annotation + _, err = testutil.CreateConfigMap(clients.KubernetesClient, ersNamespace, ersConfigmapWithConfigMapExcludeAnnotation, "www.google.com") + if err != nil { + logrus.Errorf("Error in configmap creation: %v", err) + } + // Creating Deployment with configmap _, err = testutil.CreateDeployment(clients.KubernetesClient, ersConfigmapName, ersNamespace, true) if err != nil { @@ -894,6 +958,18 @@ func setupErs() { logrus.Errorf("Error in Deployment with configmap and with configmap auto annotation: %v", err) } + // Creating Deployment with secret and with secret exclude annotation + _, err = testutil.CreateDeploymentWithExcludeAnnotation(clients.KubernetesClient, ersSecretWithSecretExcludeAnnotation, ersNamespace, testutil.SecretResourceType) + if err != nil { + logrus.Errorf("Error in Deployment with secret and with secret exclude annotation: %v", err) + } + + // Creating Deployment with secret and with secret exclude annotation + _, err = testutil.CreateDeploymentWithExcludeAnnotation(clients.KubernetesClient, ersConfigmapWithConfigMapExcludeAnnotation, ersNamespace, testutil.ConfigmapResourceType) + if err != nil { + logrus.Errorf("Error in Deployment with configmap and with configmap exclude annotation: %v", err) + } + // Creating DaemonSet with configmap _, err = testutil.CreateDaemonSet(clients.KubernetesClient, ersConfigmapName, ersNamespace, true) if err != nil { @@ -1094,6 +1170,18 @@ func teardownErs() { logrus.Errorf("Error while deleting deployment with configmap auto annotation %v", deploymentError) } + // Deleting Deployment with secret and secret exclude annotation + deploymentError = testutil.DeleteDeployment(clients.KubernetesClient, ersNamespace, ersSecretWithSecretExcludeAnnotation) + if deploymentError != nil { + logrus.Errorf("Error while deleting deployment with secret exclude annotation %v", deploymentError) + } + + // Deleting Deployment with configmap and configmap exclude annotation + deploymentError = testutil.DeleteDeployment(clients.KubernetesClient, ersNamespace, ersConfigmapWithConfigMapExcludeAnnotation) + if deploymentError != nil { + logrus.Errorf("Error while deleting deployment with configmap exclude annotation %v", deploymentError) + } + // Deleting DaemonSet with configmap daemonSetError := testutil.DeleteDaemonSet(clients.KubernetesClient, ersNamespace, ersConfigmapName) if daemonSetError != nil { @@ -1267,6 +1355,18 @@ func teardownErs() { logrus.Errorf("Error while deleting the configmap used with configmap auto annotation: %v", err) } + // Deleting Secret used with secret exclude annotation + err = testutil.DeleteSecret(clients.KubernetesClient, ersNamespace, ersSecretWithSecretExcludeAnnotation) + if err != nil { + logrus.Errorf("Error while deleting the secret used with secret exclude annotation: %v", err) + } + + // Deleting ConfigMap used with configmap exclude annotation + err = testutil.DeleteConfigMap(clients.KubernetesClient, ersNamespace, ersConfigmapWithConfigMapExcludeAnnotation) + if err != nil { + logrus.Errorf("Error while deleting the configmap used with configmap exclude annotation: %v", err) + } + // Deleting namespace testutil.DeleteNamespace(ersNamespace, clients.KubernetesClient) @@ -1337,8 +1437,8 @@ func TestRollingUpgradeForDeploymentWithConfigmapUsingArs(t *testing.T) { if promtestutil.ToFloat64(collectors.Reloaded.With(labelSucceeded)) != 1 { t.Errorf("Counter was not increased") } - - if promtestutil.ToFloat64(collectors.ReloadedByNamespace.With(prometheus.Labels{"success": "true", "namespace": arsNamespace})) != 1 { + + if promtestutil.ToFloat64(collectors.ReloadedByNamespace.With(prometheus.Labels{"success": "true", "namespace": arsNamespace})) != 1 { t.Errorf("Counter by namespace was not increased") } testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) @@ -1403,9 +1503,9 @@ func TestRollingUpgradeForDeploymentWithConfigmapWithoutReloadAnnotationButWithA if promtestutil.ToFloat64(collectors.ReloadedByNamespace.With(prometheus.Labels{"success": "true", "namespace": arsNamespace})) != 1 { t.Errorf("Counter by namespace was not increased") - } - - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + } + + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithConfigmapInProjectedVolumeUsingArs(t *testing.T) { @@ -1432,11 +1532,11 @@ func TestRollingUpgradeForDeploymentWithConfigmapInProjectedVolumeUsingArs(t *te t.Errorf("Counter was not increased") } - if promtestutil.ToFloat64(collectors.ReloadedByNamespace.With(prometheus.Labels{"success": "true", "namespace": arsNamespace})) != 1 { + if promtestutil.ToFloat64(collectors.ReloadedByNamespace.With(prometheus.Labels{"success": "true", "namespace": arsNamespace})) != 1 { t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithConfigmapViaSearchAnnotationUsingArs(t *testing.T) { @@ -1468,7 +1568,7 @@ func TestRollingUpgradeForDeploymentWithConfigmapViaSearchAnnotationUsingArs(t * t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithConfigmapViaSearchAnnotationNoTriggersUsingArs(t *testing.T) { @@ -1575,7 +1675,7 @@ func TestRollingUpgradeForDeploymentWithConfigmapInInitContainerUsingArs(t *test t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithConfigmapInProjectVolumeInInitContainerUsingArs(t *testing.T) { @@ -1607,7 +1707,7 @@ func TestRollingUpgradeForDeploymentWithConfigmapInProjectVolumeInInitContainerU t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithConfigmapAsEnvVarUsingArs(t *testing.T) { @@ -1639,7 +1739,7 @@ func TestRollingUpgradeForDeploymentWithConfigmapAsEnvVarUsingArs(t *testing.T) t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithConfigmapAsEnvVarInInitContainerUsingArs(t *testing.T) { @@ -1670,8 +1770,8 @@ func TestRollingUpgradeForDeploymentWithConfigmapAsEnvVarInInitContainerUsingArs if promtestutil.ToFloat64(collectors.ReloadedByNamespace.With(prometheus.Labels{"success": "true", "namespace": arsNamespace})) != 1 { t.Errorf("Counter by namespace was not increased") } - - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithConfigmapAsEnvVarFromUsingArs(t *testing.T) { @@ -1703,7 +1803,7 @@ func TestRollingUpgradeForDeploymentWithConfigmapAsEnvVarFromUsingArs(t *testing t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithSecretUsingArs(t *testing.T) { @@ -1735,7 +1835,7 @@ func TestRollingUpgradeForDeploymentWithSecretUsingArs(t *testing.T) { t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithSecretInProjectedVolumeUsingArs(t *testing.T) { @@ -1767,7 +1867,7 @@ func TestRollingUpgradeForDeploymentWithSecretInProjectedVolumeUsingArs(t *testi t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithSecretinInitContainerUsingArs(t *testing.T) { @@ -1799,7 +1899,7 @@ func TestRollingUpgradeForDeploymentWithSecretinInitContainerUsingArs(t *testing t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithSecretInProjectedVolumeinInitContainerUsingArs(t *testing.T) { @@ -1831,7 +1931,7 @@ func TestRollingUpgradeForDeploymentWithSecretInProjectedVolumeinInitContainerUs t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithSecretAsEnvVarUsingArs(t *testing.T) { @@ -1863,7 +1963,7 @@ func TestRollingUpgradeForDeploymentWithSecretAsEnvVarUsingArs(t *testing.T) { t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithSecretAsEnvVarFromUsingArs(t *testing.T) { @@ -1926,7 +2026,28 @@ func TestRollingUpgradeForDeploymentWithSecretAsEnvVarInInitContainerUsingArs(t t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) +} + +func TestRollingUpgradeForDeploymentWithSecretExcludeAnnotationUsingArs(t *testing.T) { + options.ReloadStrategy = constants.AnnotationsReloadStrategy + envVarPostfix := constants.SecretEnvVarPostfix + + shaData := testutil.ConvertResourceToSHA(testutil.SecretResourceType, arsNamespace, arsSecretWithExcludeSecretAnnotation, "dGVzdFVwZGF0ZWRTZWNyZXRFbmNvZGluZ0ZvclJlbG9hZGVy") + config := getConfigWithAnnotations(envVarPostfix, arsSecretWithExcludeSecretAnnotation, shaData, "", options.SecretReloaderAutoAnnotation) + deploymentFuncs := GetDeploymentRollingUpgradeFuncs() + collectors := getCollectors() + + err := PerformAction(clients, config, deploymentFuncs, collectors, nil, invokeReloadStrategy) + if err != nil { + t.Errorf("Rolling upgrade failed for Deployment with Secret") + } + + logrus.Infof("Verifying deployment did not update") + updated := testutil.VerifyResourceAnnotationUpdate(clients, config, deploymentFuncs) + if updated { + t.Errorf("Deployment which had to be exluded was updated") + } } func TestRollingUpgradeForDeploymentWithSecretAutoAnnotationUsingArs(t *testing.T) { @@ -1958,9 +2079,29 @@ func TestRollingUpgradeForDeploymentWithSecretAutoAnnotationUsingArs(t *testing. t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } +func TestRollingUpgradeForDeploymentWithExcludeConfigMapAnnotationUsingArs(t *testing.T) { + options.ReloadStrategy = constants.AnnotationsReloadStrategy + envVarPostfix := constants.ConfigmapEnvVarPostfix + + shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, arsNamespace, arsConfigmapWithExcludeConfigMapAnnotation, "www.facebook.com") + config := getConfigWithAnnotations(envVarPostfix, arsConfigmapWithExcludeConfigMapAnnotation, shaData, "", options.ConfigmapReloaderAutoAnnotation) + deploymentFuncs := GetDeploymentRollingUpgradeFuncs() + collectors := getCollectors() + + err := PerformAction(clients, config, deploymentFuncs, collectors, nil, invokeReloadStrategy) + if err != nil { + t.Errorf("Rolling upgrade failed for Deployment with exclude ConfigMap") + } + + logrus.Infof("Verifying deployment did update") + updated := testutil.VerifyResourceAnnotationUpdate(clients, config, deploymentFuncs) + if updated { + t.Errorf("Deployment which had to be excluded was updated") + } +} func TestRollingUpgradeForDeploymentWithConfigMapAutoAnnotationUsingArs(t *testing.T) { options.ReloadStrategy = constants.AnnotationsReloadStrategy envVarPostfix := constants.ConfigmapEnvVarPostfix @@ -1990,7 +2131,7 @@ func TestRollingUpgradeForDeploymentWithConfigMapAutoAnnotationUsingArs(t *testi t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDaemonSetWithConfigmapUsingArs(t *testing.T) { @@ -2021,8 +2162,8 @@ func TestRollingUpgradeForDaemonSetWithConfigmapUsingArs(t *testing.T) { if promtestutil.ToFloat64(collectors.ReloadedByNamespace.With(prometheus.Labels{"success": "true", "namespace": arsNamespace})) != 1 { t.Errorf("Counter by namespace was not increased") } - - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) + + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDaemonSetWithConfigmapInProjectedVolumeUsingArs(t *testing.T) { @@ -2054,7 +2195,7 @@ func TestRollingUpgradeForDaemonSetWithConfigmapInProjectedVolumeUsingArs(t *tes t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDaemonSetWithConfigmapAsEnvVarUsingArs(t *testing.T) { @@ -2118,7 +2259,7 @@ func TestRollingUpgradeForDaemonSetWithSecretUsingArs(t *testing.T) { t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDaemonSetWithSecretInProjectedVolumeUsingArs(t *testing.T) { @@ -2150,7 +2291,7 @@ func TestRollingUpgradeForDaemonSetWithSecretInProjectedVolumeUsingArs(t *testin t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForStatefulSetWithConfigmapUsingArs(t *testing.T) { @@ -2182,7 +2323,7 @@ func TestRollingUpgradeForStatefulSetWithConfigmapUsingArs(t *testing.T) { t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForStatefulSetWithConfigmapInProjectedVolumeUsingArs(t *testing.T) { @@ -2214,7 +2355,7 @@ func TestRollingUpgradeForStatefulSetWithConfigmapInProjectedVolumeUsingArs(t *t t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForStatefulSetWithSecretUsingArs(t *testing.T) { @@ -2246,7 +2387,7 @@ func TestRollingUpgradeForStatefulSetWithSecretUsingArs(t *testing.T) { t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForStatefulSetWithSecretInProjectedVolumeUsingArs(t *testing.T) { @@ -2278,7 +2419,7 @@ func TestRollingUpgradeForStatefulSetWithSecretInProjectedVolumeUsingArs(t *test t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithPodAnnotationsUsingArs(t *testing.T) { @@ -2437,7 +2578,7 @@ func TestRollingUpgradeForDeploymentWithConfigmapInProjectedVolumeUsingErs(t *te t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithConfigmapViaSearchAnnotationUsingErs(t *testing.T) { @@ -2469,7 +2610,7 @@ func TestRollingUpgradeForDeploymentWithConfigmapViaSearchAnnotationUsingErs(t * t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithConfigmapViaSearchAnnotationNoTriggersUsingErs(t *testing.T) { @@ -2576,7 +2717,7 @@ func TestRollingUpgradeForDeploymentWithConfigmapInInitContainerUsingErs(t *test t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithConfigmapInProjectVolumeInInitContainerUsingErs(t *testing.T) { @@ -2640,7 +2781,7 @@ func TestRollingUpgradeForDeploymentWithConfigmapAsEnvVarUsingErs(t *testing.T) t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithConfigmapAsEnvVarInInitContainerUsingErs(t *testing.T) { @@ -2704,7 +2845,7 @@ func TestRollingUpgradeForDeploymentWithConfigmapAsEnvVarFromUsingErs(t *testing t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithSecretUsingErs(t *testing.T) { @@ -2736,7 +2877,7 @@ func TestRollingUpgradeForDeploymentWithSecretUsingErs(t *testing.T) { t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithSecretInProjectedVolumeUsingErs(t *testing.T) { @@ -2800,7 +2941,7 @@ func TestRollingUpgradeForDeploymentWithSecretinInitContainerUsingErs(t *testing t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithSecretInProjectedVolumeinInitContainerUsingErs(t *testing.T) { @@ -2832,7 +2973,7 @@ func TestRollingUpgradeForDeploymentWithSecretInProjectedVolumeinInitContainerUs t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithSecretAsEnvVarUsingErs(t *testing.T) { @@ -2864,7 +3005,7 @@ func TestRollingUpgradeForDeploymentWithSecretAsEnvVarUsingErs(t *testing.T) { t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithSecretAsEnvVarFromUsingErs(t *testing.T) { @@ -2896,7 +3037,7 @@ func TestRollingUpgradeForDeploymentWithSecretAsEnvVarFromUsingErs(t *testing.T) t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithSecretAsEnvVarInInitContainerUsingErs(t *testing.T) { @@ -2928,7 +3069,29 @@ func TestRollingUpgradeForDeploymentWithSecretAsEnvVarInInitContainerUsingErs(t t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) +} + +func TestRollingUpgradeForDeploymentWithSecretExcludeAnnotationUsingErs(t *testing.T) { + options.ReloadStrategy = constants.EnvVarsReloadStrategy + envVarPostfix := constants.SecretEnvVarPostfix + + shaData := testutil.ConvertResourceToSHA(testutil.SecretResourceType, ersNamespace, ersSecretWithSecretExcludeAnnotation, "dGVzdFVwZGF0ZWRTZWNyZXRFbmNvZGluZ0ZvclJlbG9hZGVy") + config := getConfigWithAnnotations(envVarPostfix, ersSecretWithSecretExcludeAnnotation, shaData, "", options.SecretReloaderAutoAnnotation) + deploymentFuncs := GetDeploymentRollingUpgradeFuncs() + collectors := getCollectors() + + err := PerformAction(clients, config, deploymentFuncs, collectors, nil, invokeReloadStrategy) + time.Sleep(5 * time.Second) + if err != nil { + t.Errorf("Rolling upgrade failed for Deployment with exclude Secret") + } + + logrus.Infof("Verifying deployment did not update") + updated := testutil.VerifyResourceEnvVarUpdate(clients, config, envVarPostfix, deploymentFuncs) + if updated { + t.Errorf("Deployment that had to be excluded was updated") + } } func TestRollingUpgradeForDeploymentWithSecretAutoAnnotationUsingErs(t *testing.T) { @@ -2956,12 +3119,33 @@ func TestRollingUpgradeForDeploymentWithSecretAutoAnnotationUsingErs(t *testing. t.Errorf("Counter was not increased") } - - if promtestutil.ToFloat64(collectors.ReloadedByNamespace.With(prometheus.Labels{"success": "true", "namespace": ersNamespace})) != 1 { + if promtestutil.ToFloat64(collectors.ReloadedByNamespace.With(prometheus.Labels{"success": "true", "namespace": ersNamespace})) != 1 { t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) +} + +func TestRollingUpgradeForDeploymentWithConfigMapExcludeAnnotationUsingErs(t *testing.T) { + options.ReloadStrategy = constants.EnvVarsReloadStrategy + envVarPostfix := constants.ConfigmapEnvVarPostfix + + shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, ersNamespace, ersConfigmapWithConfigMapExcludeAnnotation, "www.facebook.com") + config := getConfigWithAnnotations(envVarPostfix, ersConfigmapWithConfigMapExcludeAnnotation, shaData, "", options.ConfigmapReloaderAutoAnnotation) + deploymentFuncs := GetDeploymentRollingUpgradeFuncs() + collectors := getCollectors() + + err := PerformAction(clients, config, deploymentFuncs, collectors, nil, invokeReloadStrategy) + time.Sleep(5 * time.Second) + if err != nil { + t.Errorf("Rolling upgrade failed for Deployment with exclude ConfigMap") + } + + logrus.Infof("Verifying deployment did not update") + updated := testutil.VerifyResourceEnvVarUpdate(clients, config, envVarPostfix, deploymentFuncs) + if updated { + t.Errorf("Deployment which had to be excluded was updated") + } } func TestRollingUpgradeForDeploymentWithConfigMapAutoAnnotationUsingErs(t *testing.T) { @@ -2993,7 +3177,7 @@ func TestRollingUpgradeForDeploymentWithConfigMapAutoAnnotationUsingErs(t *testi t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDaemonSetWithConfigmapUsingErs(t *testing.T) { @@ -3025,7 +3209,7 @@ func TestRollingUpgradeForDaemonSetWithConfigmapUsingErs(t *testing.T) { t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDaemonSetWithConfigmapInProjectedVolumeUsingErs(t *testing.T) { @@ -3057,7 +3241,7 @@ func TestRollingUpgradeForDaemonSetWithConfigmapInProjectedVolumeUsingErs(t *tes t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDaemonSetWithConfigmapAsEnvVarUsingErs(t *testing.T) { @@ -3089,7 +3273,7 @@ func TestRollingUpgradeForDaemonSetWithConfigmapAsEnvVarUsingErs(t *testing.T) { t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDaemonSetWithSecretUsingErs(t *testing.T) { @@ -3121,7 +3305,7 @@ func TestRollingUpgradeForDaemonSetWithSecretUsingErs(t *testing.T) { t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDaemonSetWithSecretInProjectedVolumeUsingErs(t *testing.T) { @@ -3153,7 +3337,7 @@ func TestRollingUpgradeForDaemonSetWithSecretInProjectedVolumeUsingErs(t *testin t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForStatefulSetWithConfigmapUsingErs(t *testing.T) { @@ -3185,7 +3369,7 @@ func TestRollingUpgradeForStatefulSetWithConfigmapUsingErs(t *testing.T) { t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForStatefulSetWithConfigmapInProjectedVolumeUsingErs(t *testing.T) { @@ -3217,7 +3401,7 @@ func TestRollingUpgradeForStatefulSetWithConfigmapInProjectedVolumeUsingErs(t *t t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForStatefulSetWithSecretUsingErs(t *testing.T) { @@ -3281,7 +3465,7 @@ func TestRollingUpgradeForStatefulSetWithSecretInProjectedVolumeUsingErs(t *test t.Errorf("Counter by namespace was not increased") } - testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix) + testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix) } func TestRollingUpgradeForDeploymentWithPodAnnotationsUsingErs(t *testing.T) { diff --git a/internal/pkg/options/flags.go b/internal/pkg/options/flags.go index a1ae090..c252def 100644 --- a/internal/pkg/options/flags.go +++ b/internal/pkg/options/flags.go @@ -17,6 +17,10 @@ var ( ConfigmapReloaderAutoAnnotation = "configmap.reloader.stakater.com/auto" // SecretReloaderAutoAnnotation is an annotation to detect changes in secrets SecretReloaderAutoAnnotation = "secret.reloader.stakater.com/auto" + // ConfigmapReloaderAutoAnnotation is a comma separated list of configmaps that excludes detecting changes on cms + ConfigmapExcludeReloaderAnnotation = "configmaps.exclude.reloader.stakater.com/reload" + // SecretExcludeReloaderAnnotation is a comma separated list of secrets that excludes detecting changes on secrets + SecretExcludeReloaderAnnotation = "secrets.exclude.reloader.stakater.com/reload" // AutoSearchAnnotation is an annotation to detect changes in // configmaps or triggers with the SearchMatchAnnotation AutoSearchAnnotation = "reloader.stakater.com/search" diff --git a/internal/pkg/testutil/kube.go b/internal/pkg/testutil/kube.go index 52780d1..3faa1d2 100644 --- a/internal/pkg/testutil/kube.go +++ b/internal/pkg/testutil/kube.go @@ -503,6 +503,37 @@ func GetDeploymentWithTypedAutoAnnotation(namespace string, deploymentName strin } } +func GetDeploymentWithExcludeAnnotation(namespace string, deploymentName string, resourceType string) *appsv1.Deployment { + replicaset := int32(1) + + annotation := map[string]string{} + + if resourceType == SecretResourceType { + annotation[options.SecretExcludeReloaderAnnotation] = deploymentName + } else if resourceType == ConfigmapResourceType { + annotation[options.ConfigmapExcludeReloaderAnnotation] = deploymentName + } + + return &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: deploymentName, + Namespace: namespace, + Labels: map[string]string{"firstLabel": "temp"}, + Annotations: annotation, + }, + Spec: appsv1.DeploymentSpec{ + Selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{"secondLabel": "temp"}, + }, + Replicas: &replicaset, + Strategy: appsv1.DeploymentStrategy{ + Type: appsv1.RollingUpdateDeploymentStrategyType, + }, + Template: getPodTemplateSpecWithVolumes(deploymentName), + }, + } +} + // GetDaemonSet provides daemonset for testing func GetDaemonSet(namespace string, daemonsetName string) *appsv1.DaemonSet { return &appsv1.DaemonSet{ @@ -773,6 +804,15 @@ func CreateDeploymentWithTypedAutoAnnotation(client kubernetes.Interface, deploy return deployment, err } +// CreateDeploymentWithExcludeAnnotation creates a deployment in given namespace and returns the Deployment with typed auto annotation +func CreateDeploymentWithExcludeAnnotation(client kubernetes.Interface, deploymentName string, namespace string, resourceType string) (*appsv1.Deployment, error) { + logrus.Infof("Creating Deployment") + deploymentClient := client.AppsV1().Deployments(namespace) + deploymentObj := GetDeploymentWithExcludeAnnotation(namespace, deploymentName, resourceType) + deployment, err := deploymentClient.Create(context.TODO(), deploymentObj, metav1.CreateOptions{}) + return deployment, err +} + // CreateDaemonSet creates a deployment in given namespace and returns the DaemonSet func CreateDaemonSet(client kubernetes.Interface, daemonsetName string, namespace string, volumeMount bool) (*appsv1.DaemonSet, error) { logrus.Infof("Creating DaemonSet")