diff --git a/charts/.utils/gitlab-ci.yaml b/charts/.utils/gitlab-ci.yaml
index c37298faeacbb8d87d263a23607f5ee6b084c1d4..9295791375048af3af523782214fa2ef000460a1 100644
--- a/charts/.utils/gitlab-ci.yaml
+++ b/charts/.utils/gitlab-ci.yaml
@@ -38,11 +38,11 @@ chart-helm-unittest:
stage: lint
extends: .chart-matrix
image:
- name: docker.io/quintush/helm-unittest:3.10.1-0.2.9
+ name: docker.io/helmunittest/helm-unittest:3.11.2-0.3.1
entrypoint: [""]
script:
- if [ ! -e charts/${CHART}/tests ]; then echo "No helm unittests"; exit 0; fi
- - helm unittest -3 -o helm-unittest-${CHART}.xml -t junit charts/${CHART}
+ - helm unittest -o helm-unittest-${CHART}.xml -t junit charts/${CHART}
artifacts:
when: always
reports:
diff --git a/charts/keycloak/tests/__snapshot__/snapshot_test.yaml.snap b/charts/keycloak/tests/__snapshot__/snapshot_test.yaml.snap
index 45c826300df21915f6989e7710451b04de7379c9..4c87dd93c1389b251f7ad8949e8464748f8143e0 100644
--- a/charts/keycloak/tests/__snapshot__/snapshot_test.yaml.snap
+++ b/charts/keycloak/tests/__snapshot__/snapshot_test.yaml.snap
@@ -25,78 +25,78 @@ should match basic snapshot:
app.kubernetes.io/name: keycloak
spec:
containers:
- - args:
- - start
- - --cache=ispn
- - --cache-config-file=cache-ispn.xml
- - --cache-stack=kubernetes
- - --proxy
- - edge
- env:
- - name: KC_HEALTH_ENABLED
- value: "true"
- - name: KC_HOSTNAME
- value: keycloak.example.com
- - name: JAVA_OPTS_APPEND
- value: -Djgroups.dns.query=RELEASE-NAME-keycloak-headless.NAMESPACE.svc.cluster.local
- - name: KC_DB
- value: postgres
- - name: KC_DB_USERNAME
- valueFrom:
- secretKeyRef:
- key: database-username
- name: RELEASE-NAME-keycloak
- optional: false
- - name: KC_DB_PASSWORD
- valueFrom:
- secretKeyRef:
- key: database-password
- name: RELEASE-NAME-keycloak
- optional: false
- - name: KC_DB_URL
- valueFrom:
- secretKeyRef:
- key: database-url
- name: RELEASE-NAME-keycloak
- optional: false
- image: quay.io/keycloak/keycloak:4.5.6
- imagePullPolicy: IfNotPresent
- livenessProbe:
- failureThreshold: 3
- httpGet:
- path: /health/live
- port: http
- periodSeconds: 10
- name: keycloak
- ports:
- - containerPort: 8080
- name: http
- protocol: TCP
- readinessProbe:
- failureThreshold: 3
- httpGet:
- path: /health/ready
- port: http
- periodSeconds: 10
- resources:
- limits:
- cpu: "1"
- memory: 1.5Gi
- requests:
- cpu: 100m
- memory: 1Gi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- runAsNonRoot: true
- startupProbe:
- failureThreshold: 30
- httpGet:
- path: /health/live
- port: http
- periodSeconds: 10
+ - args:
+ - start
+ - --cache=ispn
+ - --cache-config-file=cache-ispn.xml
+ - --cache-stack=kubernetes
+ - --proxy
+ - edge
+ env:
+ - name: KC_HEALTH_ENABLED
+ value: "true"
+ - name: KC_HOSTNAME
+ value: keycloak.example.com
+ - name: JAVA_OPTS_APPEND
+ value: -Djgroups.dns.query=RELEASE-NAME-keycloak-headless.NAMESPACE.svc.cluster.local
+ - name: KC_DB
+ value: postgres
+ - name: KC_DB_USERNAME
+ valueFrom:
+ secretKeyRef:
+ key: database-username
+ name: RELEASE-NAME-keycloak
+ optional: false
+ - name: KC_DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: database-password
+ name: RELEASE-NAME-keycloak
+ optional: false
+ - name: KC_DB_URL
+ valueFrom:
+ secretKeyRef:
+ key: database-url
+ name: RELEASE-NAME-keycloak
+ optional: false
+ image: quay.io/keycloak/keycloak:4.5.6
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /health/live
+ port: http
+ periodSeconds: 10
+ name: keycloak
+ ports:
+ - containerPort: 8080
+ name: http
+ protocol: TCP
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /health/ready
+ port: http
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: "1"
+ memory: 1.5Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ runAsNonRoot: true
+ startupProbe:
+ failureThreshold: 30
+ httpGet:
+ path: /health/live
+ port: http
+ periodSeconds: 10
securityContext: {}
serviceAccountName: RELEASE-NAME-keycloak
2: |
@@ -128,10 +128,10 @@ should match basic snapshot:
name: RELEASE-NAME-keycloak
spec:
ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http
selector:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: keycloak
@@ -150,10 +150,10 @@ should match basic snapshot:
spec:
clusterIP: None
ports:
- - name: ping
- port: 7800
- protocol: TCP
- targetPort: 7800
+ - name: ping
+ port: 7800
+ protocol: TCP
+ targetPort: 7800
selector:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: keycloak
@@ -195,80 +195,80 @@ should match full snapshot:
app.kubernetes.io/name: keycloak
spec:
containers:
- - args:
- - start
- - --cache=ispn
- - --cache-config-file=cache-ispn.xml
- - --cache-stack=kubernetes
- - --proxy
- - edge
- env:
- - name: KC_HEALTH_ENABLED
- value: "true"
- - name: KC_METRICS_ENABLED
- value: "true"
- - name: KC_HOSTNAME
- value: keycloak.example.com
- - name: JAVA_OPTS_APPEND
- value: -Djgroups.dns.query=RELEASE-NAME-keycloak-headless.NAMESPACE.svc.cluster.local
- - name: KC_DB
- value: postgres
- - name: KC_DB_USERNAME
- valueFrom:
- secretKeyRef:
- key: database-username
- name: RELEASE-NAME-keycloak
- optional: false
- - name: KC_DB_PASSWORD
- valueFrom:
- secretKeyRef:
- key: database-password
- name: RELEASE-NAME-keycloak
- optional: false
- - name: KC_DB_URL
- valueFrom:
- secretKeyRef:
- key: database-url
- name: RELEASE-NAME-keycloak
- optional: false
- image: quay.io/keycloak/keycloak:4.5.6
- imagePullPolicy: IfNotPresent
- livenessProbe:
- failureThreshold: 3
- httpGet:
- path: /health/live
- port: http
- periodSeconds: 10
- name: keycloak
- ports:
- - containerPort: 8080
- name: http
- protocol: TCP
- readinessProbe:
- failureThreshold: 3
- httpGet:
- path: /health/ready
- port: http
- periodSeconds: 10
- resources:
- limits:
- cpu: "1"
- memory: 1.5Gi
- requests:
- cpu: 100m
- memory: 1Gi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- runAsNonRoot: true
- startupProbe:
- failureThreshold: 30
- httpGet:
- path: /health/live
- port: http
- periodSeconds: 10
+ - args:
+ - start
+ - --cache=ispn
+ - --cache-config-file=cache-ispn.xml
+ - --cache-stack=kubernetes
+ - --proxy
+ - edge
+ env:
+ - name: KC_HEALTH_ENABLED
+ value: "true"
+ - name: KC_METRICS_ENABLED
+ value: "true"
+ - name: KC_HOSTNAME
+ value: keycloak.example.com
+ - name: JAVA_OPTS_APPEND
+ value: -Djgroups.dns.query=RELEASE-NAME-keycloak-headless.NAMESPACE.svc.cluster.local
+ - name: KC_DB
+ value: postgres
+ - name: KC_DB_USERNAME
+ valueFrom:
+ secretKeyRef:
+ key: database-username
+ name: RELEASE-NAME-keycloak
+ optional: false
+ - name: KC_DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: database-password
+ name: RELEASE-NAME-keycloak
+ optional: false
+ - name: KC_DB_URL
+ valueFrom:
+ secretKeyRef:
+ key: database-url
+ name: RELEASE-NAME-keycloak
+ optional: false
+ image: quay.io/keycloak/keycloak:4.5.6
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /health/live
+ port: http
+ periodSeconds: 10
+ name: keycloak
+ ports:
+ - containerPort: 8080
+ name: http
+ protocol: TCP
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /health/ready
+ port: http
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: "1"
+ memory: 1.5Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ runAsNonRoot: true
+ startupProbe:
+ failureThreshold: 30
+ httpGet:
+ path: /health/live
+ port: http
+ periodSeconds: 10
securityContext: {}
serviceAccountName: RELEASE-NAME-keycloak
2: |
@@ -300,10 +300,10 @@ should match full snapshot:
name: RELEASE-NAME-keycloak
spec:
ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http
selector:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: keycloak
@@ -322,10 +322,10 @@ should match full snapshot:
spec:
clusterIP: None
ports:
- - name: ping
- port: 7800
- protocol: TCP
- targetPort: 7800
+ - name: ping
+ port: 7800
+ protocol: TCP
+ targetPort: 7800
selector:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: keycloak
diff --git a/charts/keycloak/tests/helmlabels_test.yaml b/charts/keycloak/tests/helmlabels_test.yaml
index e3cdbe501b9adba80a7e696a387512ec0efa305f..f833b86738c107a1a380e678523b4047212f37bd 100644
--- a/charts/keycloak/tests/helmlabels_test.yaml
+++ b/charts/keycloak/tests/helmlabels_test.yaml
@@ -26,11 +26,11 @@ tests:
version: 1.2.3
asserts:
- equal:
- path: metadata.labels.[app.kubernetes.io/instance]
+ path: metadata.labels["app.kubernetes.io/instance"]
value: "test-suite"
- equal:
- path: metadata.labels.[app.kubernetes.io/managed-by]
+ path: metadata.labels["app.kubernetes.io/managed-by"]
value: "Helm"
- equal:
- path: metadata.labels.[app.kubernetes.io/name]
+ path: metadata.labels["app.kubernetes.io/name"]
value: "keycloak"
diff --git a/charts/mastodon/tests/50_sidekiq_test.yaml b/charts/mastodon/tests/50_sidekiq_test.yaml
index 6bcb3b2623ca41ccf4042a3c97989eac62a5117c..37c7a6abb87188454213e6d8b52862f9faab9292 100644
--- a/charts/mastodon/tests/50_sidekiq_test.yaml
+++ b/charts/mastodon/tests/50_sidekiq_test.yaml
@@ -65,17 +65,17 @@ tests:
- mocks/sidekiq.yaml
asserts:
- equal:
- path: spec.selector.matchLabels.app\.kubernetes\.io/component
+ path: spec.selector.matchLabels["app.kubernetes.io/component"]
value: sidekiq-scheduler
documentIndex: 0
template: deployment-sidekiq.yaml
- equal:
- path: spec.selector.matchLabels.app\.kubernetes\.io/component
+ path: spec.selector.matchLabels["app.kubernetes.io/component"]
value: sidekiq-default
documentIndex: 1
template: deployment-sidekiq.yaml
- equal:
- path: spec.selector.matchLabels.app\.kubernetes\.io/part-of
+ path: spec.selector.matchLabels["app.kubernetes.io/part-of"]
value: rails
template: deployment-sidekiq.yaml
diff --git a/charts/mastodon/tests/99_helmlabels_test.yaml b/charts/mastodon/tests/99_helmlabels_test.yaml
index fecc1e2aab2e2fe049f83bb50857dc05b2efabec..26d4dcab2ee77ec75875991a36d7f01900c30956 100644
--- a/charts/mastodon/tests/99_helmlabels_test.yaml
+++ b/charts/mastodon/tests/99_helmlabels_test.yaml
@@ -31,11 +31,11 @@ tests:
version: 1.2.3
asserts:
- equal:
- path: metadata.labels.[app.kubernetes.io/instance]
+ path: metadata.labels["app.kubernetes.io/instance"]
value: "test-suite"
- equal:
- path: metadata.labels.[app.kubernetes.io/managed-by]
+ path: metadata.labels["app.kubernetes.io/managed-by"]
value: "Helm"
- equal:
- path: metadata.labels.[app.kubernetes.io/name]
+ path: metadata.labels["app.kubernetes.io/name"]
value: "mastodon"
diff --git a/charts/mastodon/tests/__snapshot__/50_sidekiq_test.yaml.snap b/charts/mastodon/tests/__snapshot__/50_sidekiq_test.yaml.snap
index bd53acffc71254703967eca07088ec3ab9c10613..f079b253891faf7ee063260a0aa41f9396da8f19 100644
--- a/charts/mastodon/tests/__snapshot__/50_sidekiq_test.yaml.snap
+++ b/charts/mastodon/tests/__snapshot__/50_sidekiq_test.yaml.snap
@@ -72,62 +72,62 @@ should match basic snapshot:
app.kubernetes.io/part-of: rails
spec:
containers:
- - command:
- - bundle
- - exec
- - sidekiq
- - -c
- - "25"
- - -q
- - default,8
- - -q
- - push,6
- - -q
- - ingress,4
- - -q
- - mailers,2
- - -q
- - pull
- - -q
- - scheduler
- env:
- - name: DB_PASS
- valueFrom:
- secretKeyRef:
- key: password
- name: RELEASE-NAME-postgresql
- - name: REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- key: redis-password
- name: RELEASE-NAME-redis
- envFrom:
- - configMapRef:
- name: RELEASE-NAME-mastodon-env
- - secretRef:
- name: RELEASE-NAME-mastodon
- image: ghcr.io/mastodon/mastodon:4.5.6
- imagePullPolicy: IfNotPresent
- name: mastodon
- resources: {}
- securityContext: {}
- volumeMounts:
- - mountPath: /opt/mastodon/public/assets
- name: assets
- - mountPath: /opt/mastodon/public/system
- name: system
+ - command:
+ - bundle
+ - exec
+ - sidekiq
+ - -c
+ - "25"
+ - -q
+ - default,8
+ - -q
+ - push,6
+ - -q
+ - ingress,4
+ - -q
+ - mailers,2
+ - -q
+ - pull
+ - -q
+ - scheduler
+ env:
+ - name: DB_PASS
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: RELEASE-NAME-postgresql
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: redis-password
+ name: RELEASE-NAME-redis
+ envFrom:
+ - configMapRef:
+ name: RELEASE-NAME-mastodon-env
+ - secretRef:
+ name: RELEASE-NAME-mastodon
+ image: ghcr.io/mastodon/mastodon:4.5.6
+ imagePullPolicy: IfNotPresent
+ name: mastodon
+ resources: {}
+ securityContext: {}
+ volumeMounts:
+ - mountPath: /opt/mastodon/public/assets
+ name: assets
+ - mountPath: /opt/mastodon/public/system
+ name: system
securityContext:
fsGroup: 991
runAsGroup: 991
runAsUser: 991
serviceAccountName: RELEASE-NAME-mastodon
volumes:
- - name: assets
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-assets
- - name: system
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-system
+ - name: assets
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-assets
+ - name: system
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-system
3: |
apiVersion: v1
data:
diff --git a/charts/mastodon/tests/__snapshot__/50_web_test.yaml.snap b/charts/mastodon/tests/__snapshot__/50_web_test.yaml.snap
index 5f5ca5e7493aba68246b41826598fbc57e51082e..43b8df2db9816d1266f731ffa0d2bbadd76f175b 100644
--- a/charts/mastodon/tests/__snapshot__/50_web_test.yaml.snap
+++ b/charts/mastodon/tests/__snapshot__/50_web_test.yaml.snap
@@ -68,67 +68,67 @@ should match basic snapshot:
app.kubernetes.io/part-of: rails
spec:
containers:
- - command:
- - bundle
- - exec
- - puma
- - -C
- - config/puma.rb
- env:
- - name: DB_PASS
- valueFrom:
- secretKeyRef:
- key: password
- name: RELEASE-NAME-postgresql
- - name: REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- key: redis-password
- name: RELEASE-NAME-redis
- - name: PORT
- value: "3000"
- envFrom:
- - configMapRef:
- name: RELEASE-NAME-mastodon-env
- - secretRef:
- name: RELEASE-NAME-mastodon
- image: ghcr.io/mastodon/mastodon:4.5.6
- imagePullPolicy: IfNotPresent
- livenessProbe:
- tcpSocket:
- port: http
- name: mastodon-web
- ports:
- - containerPort: 3000
- name: http
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /health
- port: http
- startupProbe:
- failureThreshold: 30
- httpGet:
- path: /health
- port: http
- periodSeconds: 5
- volumeMounts:
- - mountPath: /opt/mastodon/public/assets
- name: assets
- - mountPath: /opt/mastodon/public/system
- name: system
+ - command:
+ - bundle
+ - exec
+ - puma
+ - -C
+ - config/puma.rb
+ env:
+ - name: DB_PASS
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: RELEASE-NAME-postgresql
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: redis-password
+ name: RELEASE-NAME-redis
+ - name: PORT
+ value: "3000"
+ envFrom:
+ - configMapRef:
+ name: RELEASE-NAME-mastodon-env
+ - secretRef:
+ name: RELEASE-NAME-mastodon
+ image: ghcr.io/mastodon/mastodon:4.5.6
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ tcpSocket:
+ port: http
+ name: mastodon-web
+ ports:
+ - containerPort: 3000
+ name: http
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /health
+ port: http
+ startupProbe:
+ failureThreshold: 30
+ httpGet:
+ path: /health
+ port: http
+ periodSeconds: 5
+ volumeMounts:
+ - mountPath: /opt/mastodon/public/assets
+ name: assets
+ - mountPath: /opt/mastodon/public/system
+ name: system
securityContext:
fsGroup: 991
runAsGroup: 991
runAsUser: 991
serviceAccountName: RELEASE-NAME-mastodon
volumes:
- - name: assets
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-assets
- - name: system
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-system
+ - name: assets
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-assets
+ - name: system
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-system
3: |
apiVersion: networking.k8s.io/v1
kind: Ingress
@@ -142,27 +142,27 @@ should match basic snapshot:
name: RELEASE-NAME-mastodon
spec:
rules:
- - host: mastodon.local
- http:
- paths:
- - backend:
- service:
- name: RELEASE-NAME-mastodon-web
- port:
- number: 3000
- path: /
- pathType: Prefix
- - backend:
- service:
- name: RELEASE-NAME-mastodon-streaming
- port:
- number: 4000
- path: /api/v1/streaming
- pathType: Prefix
+ - host: mastodon.local
+ http:
+ paths:
+ - backend:
+ service:
+ name: RELEASE-NAME-mastodon-web
+ port:
+ number: 3000
+ path: /
+ pathType: Prefix
+ - backend:
+ service:
+ name: RELEASE-NAME-mastodon-streaming
+ port:
+ number: 4000
+ path: /api/v1/streaming
+ pathType: Prefix
tls:
- - hosts:
- - mastodon.local
- secretName: mastodon-tls
+ - hosts:
+ - mastodon.local
+ secretName: mastodon-tls
4: |
apiVersion: v1
data:
@@ -193,10 +193,10 @@ should match basic snapshot:
name: RELEASE-NAME-mastodon-web
spec:
ports:
- - name: http
- port: 3000
- protocol: TCP
- targetPort: http
+ - name: http
+ port: 3000
+ protocol: TCP
+ targetPort: http
selector:
app.kubernetes.io/component: web
app.kubernetes.io/instance: RELEASE-NAME
diff --git a/charts/mastodon/tests/__snapshot__/98_snapshot_test.yaml.snap b/charts/mastodon/tests/__snapshot__/98_snapshot_test.yaml.snap
index 92c567d5c92f5fe0f17ce865f4cf368258c997dd..da0bc7881cabbeb41d579a251cf0d9d4c70d8058 100644
--- a/charts/mastodon/tests/__snapshot__/98_snapshot_test.yaml.snap
+++ b/charts/mastodon/tests/__snapshot__/98_snapshot_test.yaml.snap
@@ -57,52 +57,52 @@ should match basic snapshot:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- - labelSelector:
- matchExpressions:
- - key: app.kubernetes.io/part-of
- operator: In
- values:
- - rails
- topologyKey: kubernetes.io/hostname
+ - labelSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/part-of
+ operator: In
+ values:
+ - rails
+ topologyKey: kubernetes.io/hostname
containers:
- - command:
- - bin/tootctl
- - media
- - remove
- env:
- - name: DB_PASS
- valueFrom:
- secretKeyRef:
- key: password
- name: RELEASE-NAME-postgresql
- - name: REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- key: redis-password
- name: RELEASE-NAME-redis
- - name: PORT
- value: "3000"
- envFrom:
- - configMapRef:
- name: RELEASE-NAME-mastodon-env
- - secretRef:
- name: RELEASE-NAME-mastodon
- image: ghcr.io/mastodon/mastodon:4.5.6
- imagePullPolicy: IfNotPresent
- name: RELEASE-NAME-mastodon-media-remove
- volumeMounts:
- - mountPath: /opt/mastodon/public/assets
- name: assets
- - mountPath: /opt/mastodon/public/system
- name: system
+ - command:
+ - bin/tootctl
+ - media
+ - remove
+ env:
+ - name: DB_PASS
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: RELEASE-NAME-postgresql
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: redis-password
+ name: RELEASE-NAME-redis
+ - name: PORT
+ value: "3000"
+ envFrom:
+ - configMapRef:
+ name: RELEASE-NAME-mastodon-env
+ - secretRef:
+ name: RELEASE-NAME-mastodon
+ image: ghcr.io/mastodon/mastodon:4.5.6
+ imagePullPolicy: IfNotPresent
+ name: RELEASE-NAME-mastodon-media-remove
+ volumeMounts:
+ - mountPath: /opt/mastodon/public/assets
+ name: assets
+ - mountPath: /opt/mastodon/public/system
+ name: system
restartPolicy: OnFailure
volumes:
- - name: assets
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-assets
- - name: system
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-system
+ - name: assets
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-assets
+ - name: system
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-system
schedule: 0 0 * * 0
3: |
apiVersion: apps/v1
@@ -140,62 +140,62 @@ should match basic snapshot:
app.kubernetes.io/part-of: rails
spec:
containers:
- - command:
- - bundle
- - exec
- - sidekiq
- - -c
- - "25"
- - -q
- - default,8
- - -q
- - push,6
- - -q
- - ingress,4
- - -q
- - mailers,2
- - -q
- - pull
- - -q
- - scheduler
- env:
- - name: DB_PASS
- valueFrom:
- secretKeyRef:
- key: password
- name: RELEASE-NAME-postgresql
- - name: REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- key: redis-password
- name: RELEASE-NAME-redis
- envFrom:
- - configMapRef:
- name: RELEASE-NAME-mastodon-env
- - secretRef:
- name: RELEASE-NAME-mastodon
- image: ghcr.io/mastodon/mastodon:4.5.6
- imagePullPolicy: IfNotPresent
- name: mastodon
- resources: {}
- securityContext: {}
- volumeMounts:
- - mountPath: /opt/mastodon/public/assets
- name: assets
- - mountPath: /opt/mastodon/public/system
- name: system
+ - command:
+ - bundle
+ - exec
+ - sidekiq
+ - -c
+ - "25"
+ - -q
+ - default,8
+ - -q
+ - push,6
+ - -q
+ - ingress,4
+ - -q
+ - mailers,2
+ - -q
+ - pull
+ - -q
+ - scheduler
+ env:
+ - name: DB_PASS
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: RELEASE-NAME-postgresql
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: redis-password
+ name: RELEASE-NAME-redis
+ envFrom:
+ - configMapRef:
+ name: RELEASE-NAME-mastodon-env
+ - secretRef:
+ name: RELEASE-NAME-mastodon
+ image: ghcr.io/mastodon/mastodon:4.5.6
+ imagePullPolicy: IfNotPresent
+ name: mastodon
+ resources: {}
+ securityContext: {}
+ volumeMounts:
+ - mountPath: /opt/mastodon/public/assets
+ name: assets
+ - mountPath: /opt/mastodon/public/system
+ name: system
securityContext:
fsGroup: 991
runAsGroup: 991
runAsUser: 991
serviceAccountName: RELEASE-NAME-mastodon
volumes:
- - name: assets
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-assets
- - name: system
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-system
+ - name: assets
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-assets
+ - name: system
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-system
4: |
apiVersion: apps/v1
kind: Deployment
@@ -226,42 +226,42 @@ should match basic snapshot:
app.kubernetes.io/name: mastodon
spec:
containers:
- - command:
- - node
- - ./streaming
- env:
- - name: DB_PASS
- valueFrom:
- secretKeyRef:
- key: password
- name: RELEASE-NAME-postgresql
- - name: REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- key: redis-password
- name: RELEASE-NAME-redis
- - name: PORT
- value: "4000"
- envFrom:
- - configMapRef:
- name: RELEASE-NAME-mastodon-env
- - secretRef:
- name: RELEASE-NAME-mastodon
- image: ghcr.io/mastodon/mastodon:4.5.6
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /api/v1/streaming/health
- port: streaming
- name: mastodon-streaming
- ports:
- - containerPort: 4000
- name: streaming
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /api/v1/streaming/health
- port: streaming
+ - command:
+ - node
+ - ./streaming
+ env:
+ - name: DB_PASS
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: RELEASE-NAME-postgresql
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: redis-password
+ name: RELEASE-NAME-redis
+ - name: PORT
+ value: "4000"
+ envFrom:
+ - configMapRef:
+ name: RELEASE-NAME-mastodon-env
+ - secretRef:
+ name: RELEASE-NAME-mastodon
+ image: ghcr.io/mastodon/mastodon:4.5.6
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /api/v1/streaming/health
+ port: streaming
+ name: mastodon-streaming
+ ports:
+ - containerPort: 4000
+ name: streaming
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /api/v1/streaming/health
+ port: streaming
securityContext:
fsGroup: 991
runAsGroup: 991
@@ -299,67 +299,67 @@ should match basic snapshot:
app.kubernetes.io/part-of: rails
spec:
containers:
- - command:
- - bundle
- - exec
- - puma
- - -C
- - config/puma.rb
- env:
- - name: DB_PASS
- valueFrom:
- secretKeyRef:
- key: password
- name: RELEASE-NAME-postgresql
- - name: REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- key: redis-password
- name: RELEASE-NAME-redis
- - name: PORT
- value: "3000"
- envFrom:
- - configMapRef:
- name: RELEASE-NAME-mastodon-env
- - secretRef:
- name: RELEASE-NAME-mastodon
- image: ghcr.io/mastodon/mastodon:4.5.6
- imagePullPolicy: IfNotPresent
- livenessProbe:
- tcpSocket:
- port: http
- name: mastodon-web
- ports:
- - containerPort: 3000
- name: http
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /health
- port: http
- startupProbe:
- failureThreshold: 30
- httpGet:
- path: /health
- port: http
- periodSeconds: 5
- volumeMounts:
- - mountPath: /opt/mastodon/public/assets
- name: assets
- - mountPath: /opt/mastodon/public/system
- name: system
+ - command:
+ - bundle
+ - exec
+ - puma
+ - -C
+ - config/puma.rb
+ env:
+ - name: DB_PASS
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: RELEASE-NAME-postgresql
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: redis-password
+ name: RELEASE-NAME-redis
+ - name: PORT
+ value: "3000"
+ envFrom:
+ - configMapRef:
+ name: RELEASE-NAME-mastodon-env
+ - secretRef:
+ name: RELEASE-NAME-mastodon
+ image: ghcr.io/mastodon/mastodon:4.5.6
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ tcpSocket:
+ port: http
+ name: mastodon-web
+ ports:
+ - containerPort: 3000
+ name: http
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /health
+ port: http
+ startupProbe:
+ failureThreshold: 30
+ httpGet:
+ path: /health
+ port: http
+ periodSeconds: 5
+ volumeMounts:
+ - mountPath: /opt/mastodon/public/assets
+ name: assets
+ - mountPath: /opt/mastodon/public/system
+ name: system
securityContext:
fsGroup: 991
runAsGroup: 991
runAsUser: 991
serviceAccountName: RELEASE-NAME-mastodon
volumes:
- - name: assets
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-assets
- - name: system
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-system
+ - name: assets
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-assets
+ - name: system
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-system
6: |
apiVersion: networking.k8s.io/v1
kind: Ingress
@@ -373,27 +373,27 @@ should match basic snapshot:
name: RELEASE-NAME-mastodon
spec:
rules:
- - host: mastodon.local
- http:
- paths:
- - backend:
- service:
- name: RELEASE-NAME-mastodon-web
- port:
- number: 3000
- path: /
- pathType: Prefix
- - backend:
- service:
- name: RELEASE-NAME-mastodon-streaming
- port:
- number: 4000
- path: /api/v1/streaming
- pathType: Prefix
+ - host: mastodon.local
+ http:
+ paths:
+ - backend:
+ service:
+ name: RELEASE-NAME-mastodon-web
+ port:
+ number: 3000
+ path: /
+ pathType: Prefix
+ - backend:
+ service:
+ name: RELEASE-NAME-mastodon-streaming
+ port:
+ number: 4000
+ path: /api/v1/streaming
+ pathType: Prefix
tls:
- - hosts:
- - mastodon.local
- secretName: mastodon-tls
+ - hosts:
+ - mastodon.local
+ secretName: mastodon-tls
7: |
apiVersion: batch/v1
kind: Job
@@ -415,45 +415,45 @@ should match basic snapshot:
name: RELEASE-NAME-mastodon-assets-precompile
spec:
containers:
- - command:
- - bash
- - -c
- - |
- bundle exec rake assets:precompile && yarn cache clean
- env:
- - name: DB_PASS
- valueFrom:
- secretKeyRef:
- key: password
- name: RELEASE-NAME-postgresql
- - name: REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- key: redis-password
- name: RELEASE-NAME-redis
- - name: PORT
- value: "3000"
- envFrom:
- - configMapRef:
- name: RELEASE-NAME-mastodon-env
- - secretRef:
- name: RELEASE-NAME-mastodon
- image: ghcr.io/mastodon/mastodon:4.5.6
- imagePullPolicy: IfNotPresent
- name: RELEASE-NAME-mastodon-assets-precompile
- volumeMounts:
- - mountPath: /opt/mastodon/public/assets
- name: assets
- - mountPath: /opt/mastodon/public/system
- name: system
+ - command:
+ - bash
+ - -c
+ - |
+ bundle exec rake assets:precompile && yarn cache clean
+ env:
+ - name: DB_PASS
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: RELEASE-NAME-postgresql
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: redis-password
+ name: RELEASE-NAME-redis
+ - name: PORT
+ value: "3000"
+ envFrom:
+ - configMapRef:
+ name: RELEASE-NAME-mastodon-env
+ - secretRef:
+ name: RELEASE-NAME-mastodon
+ image: ghcr.io/mastodon/mastodon:4.5.6
+ imagePullPolicy: IfNotPresent
+ name: RELEASE-NAME-mastodon-assets-precompile
+ volumeMounts:
+ - mountPath: /opt/mastodon/public/assets
+ name: assets
+ - mountPath: /opt/mastodon/public/system
+ name: system
restartPolicy: Never
volumes:
- - name: assets
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-assets
- - name: system
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-system
+ - name: assets
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-assets
+ - name: system
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-system
8: |
apiVersion: batch/v1
kind: Job
@@ -475,45 +475,45 @@ should match basic snapshot:
name: RELEASE-NAME-mastodon-chewy-upgrade
spec:
containers:
- - command:
- - bundle
- - exec
- - rake
- - chewy:upgrade
- env:
- - name: DB_PASS
- valueFrom:
- secretKeyRef:
- key: password
- name: RELEASE-NAME-postgresql
- - name: REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- key: redis-password
- name: RELEASE-NAME-redis
- - name: PORT
- value: "3000"
- envFrom:
- - configMapRef:
- name: RELEASE-NAME-mastodon-env
- - secretRef:
- name: RELEASE-NAME-mastodon
- image: ghcr.io/mastodon/mastodon:4.5.6
- imagePullPolicy: IfNotPresent
- name: RELEASE-NAME-mastodon-chewy-setup
- volumeMounts:
- - mountPath: /opt/mastodon/public/assets
- name: assets
- - mountPath: /opt/mastodon/public/system
- name: system
+ - command:
+ - bundle
+ - exec
+ - rake
+ - chewy:upgrade
+ env:
+ - name: DB_PASS
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: RELEASE-NAME-postgresql
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: redis-password
+ name: RELEASE-NAME-redis
+ - name: PORT
+ value: "3000"
+ envFrom:
+ - configMapRef:
+ name: RELEASE-NAME-mastodon-env
+ - secretRef:
+ name: RELEASE-NAME-mastodon
+ image: ghcr.io/mastodon/mastodon:4.5.6
+ imagePullPolicy: IfNotPresent
+ name: RELEASE-NAME-mastodon-chewy-setup
+ volumeMounts:
+ - mountPath: /opt/mastodon/public/assets
+ name: assets
+ - mountPath: /opt/mastodon/public/system
+ name: system
restartPolicy: Never
volumes:
- - name: assets
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-assets
- - name: system
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-system
+ - name: assets
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-assets
+ - name: system
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-system
9: |
apiVersion: batch/v1
kind: Job
@@ -535,50 +535,50 @@ should match basic snapshot:
name: RELEASE-NAME-mastodon-create-admin
spec:
containers:
- - command:
- - bin/tootctl
- - accounts
- - create
- - not_gargron
- - --email
- - not@example.com
- - --confirmed
- - --role
- - Owner
- env:
- - name: DB_PASS
- valueFrom:
- secretKeyRef:
- key: password
- name: RELEASE-NAME-postgresql
- - name: REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- key: redis-password
- name: RELEASE-NAME-redis
- - name: PORT
- value: "3000"
- envFrom:
- - configMapRef:
- name: RELEASE-NAME-mastodon-env
- - secretRef:
- name: RELEASE-NAME-mastodon
- image: ghcr.io/mastodon/mastodon:4.5.6
- imagePullPolicy: IfNotPresent
- name: RELEASE-NAME-mastodon-create-admin
- volumeMounts:
- - mountPath: /opt/mastodon/public/assets
- name: assets
- - mountPath: /opt/mastodon/public/system
- name: system
+ - command:
+ - bin/tootctl
+ - accounts
+ - create
+ - not_gargron
+ - --email
+ - not@example.com
+ - --confirmed
+ - --role
+ - Owner
+ env:
+ - name: DB_PASS
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: RELEASE-NAME-postgresql
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: redis-password
+ name: RELEASE-NAME-redis
+ - name: PORT
+ value: "3000"
+ envFrom:
+ - configMapRef:
+ name: RELEASE-NAME-mastodon-env
+ - secretRef:
+ name: RELEASE-NAME-mastodon
+ image: ghcr.io/mastodon/mastodon:4.5.6
+ imagePullPolicy: IfNotPresent
+ name: RELEASE-NAME-mastodon-create-admin
+ volumeMounts:
+ - mountPath: /opt/mastodon/public/assets
+ name: assets
+ - mountPath: /opt/mastodon/public/system
+ name: system
restartPolicy: Never
volumes:
- - name: assets
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-assets
- - name: system
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-system
+ - name: assets
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-assets
+ - name: system
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-system
10: |
apiVersion: batch/v1
kind: Job
@@ -600,45 +600,45 @@ should match basic snapshot:
name: RELEASE-NAME-mastodon-db-migrate
spec:
containers:
- - command:
- - bundle
- - exec
- - rake
- - db:migrate
- env:
- - name: DB_PASS
- valueFrom:
- secretKeyRef:
- key: password
- name: RELEASE-NAME-postgresql
- - name: REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- key: redis-password
- name: RELEASE-NAME-redis
- - name: PORT
- value: "3000"
- envFrom:
- - configMapRef:
- name: RELEASE-NAME-mastodon-env
- - secretRef:
- name: RELEASE-NAME-mastodon
- image: ghcr.io/mastodon/mastodon:4.5.6
- imagePullPolicy: IfNotPresent
- name: RELEASE-NAME-mastodon-db-migrate
- volumeMounts:
- - mountPath: /opt/mastodon/public/assets
- name: assets
- - mountPath: /opt/mastodon/public/system
- name: system
+ - command:
+ - bundle
+ - exec
+ - rake
+ - db:migrate
+ env:
+ - name: DB_PASS
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: RELEASE-NAME-postgresql
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: redis-password
+ name: RELEASE-NAME-redis
+ - name: PORT
+ value: "3000"
+ envFrom:
+ - configMapRef:
+ name: RELEASE-NAME-mastodon-env
+ - secretRef:
+ name: RELEASE-NAME-mastodon
+ image: ghcr.io/mastodon/mastodon:4.5.6
+ imagePullPolicy: IfNotPresent
+ name: RELEASE-NAME-mastodon-db-migrate
+ volumeMounts:
+ - mountPath: /opt/mastodon/public/assets
+ name: assets
+ - mountPath: /opt/mastodon/public/system
+ name: system
restartPolicy: Never
volumes:
- - name: assets
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-assets
- - name: system
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-system
+ - name: assets
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-assets
+ - name: system
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-system
11: |
apiVersion: batch/v1
kind: Job
@@ -660,47 +660,47 @@ should match basic snapshot:
name: RELEASE-NAME-mastodon-db-migrate
spec:
containers:
- - command:
- - bundle
- - exec
- - rake
- - db:migrate
- env:
- - name: DB_PASS
- valueFrom:
- secretKeyRef:
- key: password
- name: RELEASE-NAME-postgresql
- - name: REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- key: redis-password
- name: RELEASE-NAME-redis
- - name: PORT
- value: "3000"
- - name: SKIP_POST_DEPLOYMENT_MIGRATIONS
- value: "true"
- envFrom:
- - configMapRef:
- name: RELEASE-NAME-mastodon-env
- - secretRef:
- name: RELEASE-NAME-mastodon
- image: ghcr.io/mastodon/mastodon:4.5.6
- imagePullPolicy: IfNotPresent
- name: RELEASE-NAME-mastodon-db-migrate
- volumeMounts:
- - mountPath: /opt/mastodon/public/assets
- name: assets
- - mountPath: /opt/mastodon/public/system
- name: system
+ - command:
+ - bundle
+ - exec
+ - rake
+ - db:migrate
+ env:
+ - name: DB_PASS
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: RELEASE-NAME-postgresql
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: redis-password
+ name: RELEASE-NAME-redis
+ - name: PORT
+ value: "3000"
+ - name: SKIP_POST_DEPLOYMENT_MIGRATIONS
+ value: "true"
+ envFrom:
+ - configMapRef:
+ name: RELEASE-NAME-mastodon-env
+ - secretRef:
+ name: RELEASE-NAME-mastodon
+ image: ghcr.io/mastodon/mastodon:4.5.6
+ imagePullPolicy: IfNotPresent
+ name: RELEASE-NAME-mastodon-db-migrate
+ volumeMounts:
+ - mountPath: /opt/mastodon/public/assets
+ name: assets
+ - mountPath: /opt/mastodon/public/system
+ name: system
restartPolicy: Never
volumes:
- - name: assets
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-assets
- - name: system
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mastodon-system
+ - name: assets
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-assets
+ - name: system
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mastodon-system
12: |
apiVersion: v1
kind: PersistentVolumeClaim
@@ -714,7 +714,7 @@ should match basic snapshot:
name: RELEASE-NAME-mastodon-assets
spec:
accessModes:
- - ReadWriteOnce
+ - ReadWriteOnce
resources:
requests:
storage: 10Gi
@@ -732,7 +732,7 @@ should match basic snapshot:
name: RELEASE-NAME-mastodon-system
spec:
accessModes:
- - ReadWriteOnce
+ - ReadWriteOnce
resources:
requests:
storage: 100Gi
@@ -778,10 +778,10 @@ should match basic snapshot:
name: RELEASE-NAME-mastodon-streaming
spec:
ports:
- - name: streaming
- port: 4000
- protocol: TCP
- targetPort: streaming
+ - name: streaming
+ port: 4000
+ protocol: TCP
+ targetPort: streaming
selector:
app.kubernetes.io/component: streaming
app.kubernetes.io/instance: RELEASE-NAME
@@ -800,10 +800,10 @@ should match basic snapshot:
name: RELEASE-NAME-mastodon-web
spec:
ports:
- - name: http
- port: 3000
- protocol: TCP
- targetPort: http
+ - name: http
+ port: 3000
+ protocol: TCP
+ targetPort: http
selector:
app.kubernetes.io/component: web
app.kubernetes.io/instance: RELEASE-NAME
diff --git a/charts/mok/tests/__snapshot__/dovecot_test.yaml.snap b/charts/mok/tests/__snapshot__/dovecot_test.yaml.snap
index 41a8bdf3fd4debc5e2e2d582c71f9a9d8c559f35..d524567faaedd1032e31921813d5295e0b600bfc 100644
--- a/charts/mok/tests/__snapshot__/dovecot_test.yaml.snap
+++ b/charts/mok/tests/__snapshot__/dovecot_test.yaml.snap
@@ -12,21 +12,21 @@ should match snapshot:
name: RELEASE-NAME-mok-dovecot
spec:
ports:
- - name: pop3
- port: 110
- protocol: TCP
- - name: imap4
- port: 143
- protocol: TCP
- - name: imaps
- port: 993
- protocol: TCP
- - name: pop3s
- port: 995
- protocol: TCP
- - name: sieve
- port: 4190
- protocol: TCP
+ - name: pop3
+ port: 110
+ protocol: TCP
+ - name: imap4
+ port: 143
+ protocol: TCP
+ - name: imaps
+ port: 993
+ protocol: TCP
+ - name: pop3s
+ port: 995
+ protocol: TCP
+ - name: sieve
+ port: 4190
+ protocol: TCP
selector:
app.kubernetes.io/component: dovecot
app.kubernetes.io/instance: RELEASE-NAME
@@ -45,12 +45,12 @@ should match snapshot:
name: RELEASE-NAME-mok-dovecot-internal
spec:
ports:
- - name: lmtp
- port: 24
- - name: metrics
- port: 9090
- - name: auth
- port: 12345
+ - name: lmtp
+ port: 24
+ - name: metrics
+ port: 9090
+ - name: auth
+ port: 12345
selector:
app.kubernetes.io/component: dovecot
app.kubernetes.io/instance: RELEASE-NAME
@@ -86,68 +86,68 @@ should match snapshot:
app.kubernetes.io/name: mok
spec:
containers:
- - image: quay.io/shivering-isles/dovecot:4.5.6
- imagePullPolicy: IfNotPresent
- name: dovecot
- ports:
- - containerPort: 24
- name: lmtp
- - containerPort: 110
- name: pop3
- - containerPort: 143
- name: imap4
- - containerPort: 993
- name: imaps
- - containerPort: 995
- name: pop3s
- - containerPort: 4190
- name: sieve
- - containerPort: 9090
- name: metrics
- - containerPort: 12345
- name: auth
- resources:
- limits:
- cpu: 500m
- memory: 512Mi
- requests:
- cpu: 100m
- memory: 128Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- add:
- - SYS_CHROOT
- - CHOWN
- - CAP_NET_BIND_SERVICE
- - SETUID
- - SETGID
- - FOWNER
- drop:
- - ALL
- runAsNonRoot: false
- volumeMounts:
- - mountPath: /srv/mail/
- name: vmail
- - mountPath: /srv/passdb/
- name: users
- readOnly: true
- - mountPath: /srv/tls/
- name: tls
- readOnly: true
+ - image: quay.io/shivering-isles/dovecot:4.5.6
+ imagePullPolicy: IfNotPresent
+ name: dovecot
+ ports:
+ - containerPort: 24
+ name: lmtp
+ - containerPort: 110
+ name: pop3
+ - containerPort: 143
+ name: imap4
+ - containerPort: 993
+ name: imaps
+ - containerPort: 995
+ name: pop3s
+ - containerPort: 4190
+ name: sieve
+ - containerPort: 9090
+ name: metrics
+ - containerPort: 12345
+ name: auth
+ resources:
+ limits:
+ cpu: 500m
+ memory: 512Mi
+ requests:
+ cpu: 100m
+ memory: 128Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ add:
+ - SYS_CHROOT
+ - CHOWN
+ - CAP_NET_BIND_SERVICE
+ - SETUID
+ - SETGID
+ - FOWNER
+ drop:
+ - ALL
+ runAsNonRoot: false
+ volumeMounts:
+ - mountPath: /srv/mail/
+ name: vmail
+ - mountPath: /srv/passdb/
+ name: users
+ readOnly: true
+ - mountPath: /srv/tls/
+ name: tls
+ readOnly: true
securityContext: {}
serviceAccountName: RELEASE-NAME-mok
terminationGracePeriodSeconds: 300
volumes:
- - name: vmail
- persistentVolumeClaim:
- claimName: RELEASE-NAME-mok-dovecot-vmail
- - name: users
- secret:
- secretName: RELEASE-NAME-mok-dovecot-users
- - name: tls
- secret:
- secretName: example-tls
+ - name: vmail
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-mok-dovecot-vmail
+ - name: users
+ secret:
+ secretName: RELEASE-NAME-mok-dovecot-users
+ - name: tls
+ secret:
+ secretName: example-tls
4: |
apiVersion: v1
kind: PersistentVolumeClaim
@@ -161,7 +161,7 @@ should match snapshot:
name: RELEASE-NAME-mok-dovecot-vmail
spec:
accessModes:
- - ReadWriteMany
+ - ReadWriteMany
resources:
requests:
storage: 5Gi
diff --git a/charts/mok/tests/__snapshot__/networkpolicies_test.yaml.snap b/charts/mok/tests/__snapshot__/networkpolicies_test.yaml.snap
index f0b0075c5974002754a6aeec6b770f9260d0a1f7..25f7750cc4c31ccc7cb7ed76cf23edb46b6153d4 100644
--- a/charts/mok/tests/__snapshot__/networkpolicies_test.yaml.snap
+++ b/charts/mok/tests/__snapshot__/networkpolicies_test.yaml.snap
@@ -12,38 +12,38 @@ matches snapshot:
name: RELEASE-NAME-mok-dovecot
spec:
ingress:
- - from:
- - podSelector:
- matchLabels:
- app.kubernetes.io/component: postfix
- app.kubernetes.io/instance: RELEASE-NAME
- app.kubernetes.io/name: mok
- ports:
- - port: 24
- protocol: TCP
- - port: 12345
- protocol: TCP
- - from:
- - ipBlock:
- cidr: 0.0.0.0/0
- ports:
- - port: 110
- protocol: TCP
- - port: 143
- protocol: TCP
- - port: 993
- protocol: TCP
- - port: 995
- protocol: TCP
- - port: 4190
- protocol: TCP
+ - from:
+ - podSelector:
+ matchLabels:
+ app.kubernetes.io/component: postfix
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/name: mok
+ ports:
+ - port: 24
+ protocol: TCP
+ - port: 12345
+ protocol: TCP
+ - from:
+ - ipBlock:
+ cidr: 0.0.0.0/0
+ ports:
+ - port: 110
+ protocol: TCP
+ - port: 143
+ protocol: TCP
+ - port: 993
+ protocol: TCP
+ - port: 995
+ protocol: TCP
+ - port: 4190
+ protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/component: dovecot
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: mok
policyTypes:
- - Ingress
+ - Ingress
2: |
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
@@ -57,20 +57,20 @@ matches snapshot:
name: RELEASE-NAME-mok-postfix
spec:
ingress:
- - from:
- - ipBlock:
- cidr: 0.0.0.0/0
- ports:
- - port: 25
- protocol: TCP
- - port: 465
- protocol: TCP
- - port: 587
- protocol: TCP
+ - from:
+ - ipBlock:
+ cidr: 0.0.0.0/0
+ ports:
+ - port: 25
+ protocol: TCP
+ - port: 465
+ protocol: TCP
+ - port: 587
+ protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/component: postfix
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: mok
policyTypes:
- - Ingress
+ - Ingress
diff --git a/charts/mok/tests/__snapshot__/postfix_test.yaml.snap b/charts/mok/tests/__snapshot__/postfix_test.yaml.snap
index eac63ad5e5e857f9ef770200750708810eac14c4..c9f527256d7fd18c72b0fe8fe788a4d8b7d8d8ed 100644
--- a/charts/mok/tests/__snapshot__/postfix_test.yaml.snap
+++ b/charts/mok/tests/__snapshot__/postfix_test.yaml.snap
@@ -13,15 +13,15 @@ should match snapshot:
spec:
externalTrafficPolicy: Local
ports:
- - name: smtp
- port: 25
- protocol: TCP
- - name: submissions
- port: 465
- protocol: TCP
- - name: submission
- port: 587
- protocol: TCP
+ - name: smtp
+ port: 25
+ protocol: TCP
+ - name: submissions
+ port: 465
+ protocol: TCP
+ - name: submission
+ port: 587
+ protocol: TCP
selector:
app.kubernetes.io/component: postfix
app.kubernetes.io/instance: RELEASE-NAME
@@ -56,107 +56,104 @@ should match snapshot:
app.kubernetes.io/name: mok
spec:
containers:
- - env:
- - name: DOVECOT_SERVICE_NAME
- value: RELEASE-NAME-mok-dovecot-internal.NAMESPACE.svc.cluster.local
- image: quay.io/shivering-isles/postfix:4.5.6
- imagePullPolicy: IfNotPresent
- lifecycle:
- preStop:
+ - env:
+ - name: DOVECOT_SERVICE_NAME
+ value: RELEASE-NAME-mok-dovecot-internal.NAMESPACE.svc.cluster.local
+ image: quay.io/shivering-isles/postfix:4.5.6
+ imagePullPolicy: IfNotPresent
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - postqueue
+ - -f
+ livenessProbe:
exec:
command:
- - postqueue
- - -f
- livenessProbe:
- exec:
- command:
- - sh
- - -c
- - ps axf | fgrep -v grep | fgrep -q "supervisord" && ps axf | fgrep -v
- grep | fgrep -q "/usr/libexec/postfix/master"
- failureThreshold: 1
- initialDelaySeconds: 5
- periodSeconds: 5
- name: postfix
- ports:
- - containerPort: 25
- name: smtp
- - containerPort: 465
- name: submissions
- - containerPort: 587
- name: submission
- readinessProbe:
- exec:
- command:
- - sh
- - -c
- - printf "EHLO healthcheck\n" | nc 127.0.0.1 587 | grep -qE "^220.*ESMTP
- Postfix"
- initialDelaySeconds: 5
- periodSeconds: 60
- timeoutSeconds: 5
- resources:
- limits:
- cpu: 500m
- memory: 512Mi
- requests:
- cpu: 100m
- memory: 128Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- add:
- - SYS_CHROOT
- - CHOWN
- - CAP_NET_BIND_SERVICE
- - SETUID
- - SETGID
- - FOWNER
- - DAC_OVERRIDE
- drop:
- - ALL
- runAsNonRoot: false
- startupProbe:
- exec:
- command:
- - sh
- - -c
- - ps axf | fgrep -v grep | fgrep -q "supervisord" && ps axf | fgrep -v
- grep | fgrep -q "/usr/libexec/postfix/master"
- failureThreshold: 12
- initialDelaySeconds: 2
- periodSeconds: 5
- volumeMounts:
- - mountPath: /var/spool/postfix/
- name: spool
- - mountPath: /srv/tmp
- name: cache
- - mountPath: /srv/virtual
- name: maps
- readOnly: true
- - mountPath: /srv/tls
- name: tls
- readOnly: true
+ - sh
+ - -c
+ - ps axf | fgrep -v grep | fgrep -q "supervisord" && ps axf | fgrep -v grep | fgrep -q "/usr/libexec/postfix/master"
+ failureThreshold: 1
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ name: postfix
+ ports:
+ - containerPort: 25
+ name: smtp
+ - containerPort: 465
+ name: submissions
+ - containerPort: 587
+ name: submission
+ readinessProbe:
+ exec:
+ command:
+ - sh
+ - -c
+ - printf "EHLO healthcheck\n" | nc 127.0.0.1 587 | grep -qE "^220.*ESMTP Postfix"
+ initialDelaySeconds: 5
+ periodSeconds: 60
+ timeoutSeconds: 5
+ resources:
+ limits:
+ cpu: 500m
+ memory: 512Mi
+ requests:
+ cpu: 100m
+ memory: 128Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ add:
+ - SYS_CHROOT
+ - CHOWN
+ - CAP_NET_BIND_SERVICE
+ - SETUID
+ - SETGID
+ - FOWNER
+ - DAC_OVERRIDE
+ drop:
+ - ALL
+ runAsNonRoot: false
+ startupProbe:
+ exec:
+ command:
+ - sh
+ - -c
+ - ps axf | fgrep -v grep | fgrep -q "supervisord" && ps axf | fgrep -v grep | fgrep -q "/usr/libexec/postfix/master"
+ failureThreshold: 12
+ initialDelaySeconds: 2
+ periodSeconds: 5
+ volumeMounts:
+ - mountPath: /var/spool/postfix/
+ name: spool
+ - mountPath: /srv/tmp
+ name: cache
+ - mountPath: /srv/virtual
+ name: maps
+ readOnly: true
+ - mountPath: /srv/tls
+ name: tls
+ readOnly: true
securityContext: {}
serviceAccountName: RELEASE-NAME-mok
volumes:
- - name: maps
- secret:
- secretName: RELEASE-NAME-mok-postfix-maps
- - name: tls
- secret:
- secretName: example-tls
- - emptyDir: {}
- name: cache
+ - name: maps
+ secret:
+ secretName: RELEASE-NAME-mok-postfix-maps
+ - name: tls
+ secret:
+ secretName: example-tls
+ - emptyDir: {}
+ name: cache
volumeClaimTemplates:
- - metadata:
- name: spool
- spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
+ - metadata:
+ name: spool
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Gi
3: |
apiVersion: v1
kind: Secret
diff --git a/charts/mok/tests/dovecot_test.yaml b/charts/mok/tests/dovecot_test.yaml
index c170c198ff82611bd6c1da423f2961634878a916..4842c529db3abc73428e864b499cc651a435b7dc 100644
--- a/charts/mok/tests/dovecot_test.yaml
+++ b/charts/mok/tests/dovecot_test.yaml
@@ -96,7 +96,7 @@ tests:
secretName: example-tls
asserts:
- equal:
- path: spec.template.metadata.annotations.[checksum/config]
+ path: spec.template.metadata.annotations["checksum/config"]
value: 66ea930a9b7e50528ddc0aa54786d07f78c7f56d1daea45b21d9eb94f8e5c4f2
documentIndex: 2
template: dovecot.yaml
@@ -113,7 +113,7 @@ tests:
passwordHash: NotReallyAHash
asserts:
- equal:
- path: spec.template.metadata.annotations.[checksum/config]
+ path: spec.template.metadata.annotations["checksum/config"]
value: 9215abccdd6c1f21fd329db0133f6f8e892c50aab3dcde3259ea797e8ad2a959
documentIndex: 2
template: dovecot.yaml
diff --git a/charts/mok/tests/helmlabels_test.yaml b/charts/mok/tests/helmlabels_test.yaml
index cbf438d738d358e46af866d56be7447f78036e0a..e6374a6b8b75889dff4aae57403de32ba15a89a4 100644
--- a/charts/mok/tests/helmlabels_test.yaml
+++ b/charts/mok/tests/helmlabels_test.yaml
@@ -21,11 +21,11 @@ tests:
version: 1.2.3
asserts:
- equal:
- path: metadata.labels.[app.kubernetes.io/instance]
+ path: metadata.labels["app.kubernetes.io/instance"]
value: "test-suite"
- equal:
- path: metadata.labels.[app.kubernetes.io/managed-by]
+ path: metadata.labels["app.kubernetes.io/managed-by"]
value: "Helm"
- equal:
- path: metadata.labels.[app.kubernetes.io/name]
+ path: metadata.labels["app.kubernetes.io/name"]
value: "mok"
diff --git a/charts/mok/tests/networkpolicies_test.yaml b/charts/mok/tests/networkpolicies_test.yaml
index 1e16993c8fb357aff31269f7a7f6c98e08f21ea9..b94489955bb221e19ea056674661c82b56b89358 100644
--- a/charts/mok/tests/networkpolicies_test.yaml
+++ b/charts/mok/tests/networkpolicies_test.yaml
@@ -65,7 +65,7 @@ tests:
value: 0.0.0.0/0
documentIndex: 0
template: networkpolicy.yaml
- - isEmpty:
+ - isNull:
path: spec.ingress[1].from[0].ipBlock.except
documentIndex: 0
template: networkpolicy.yaml
@@ -100,7 +100,7 @@ tests:
value: 0.0.0.0/0
documentIndex: 0
template: networkpolicy.yaml
- - isEmpty:
+ - isNull:
path: spec.ingress[1].from[0].ipBlock.except
documentIndex: 0
template: networkpolicy.yaml
@@ -135,7 +135,7 @@ tests:
value: 0.0.0.0/0
documentIndex: 0
template: networkpolicy.yaml
- - isEmpty:
+ - isNull:
path: spec.ingress[1].from[0].ipBlock.except
documentIndex: 0
template: networkpolicy.yaml
@@ -164,7 +164,7 @@ tests:
value: 0.0.0.0/0
documentIndex: 1
template: networkpolicy.yaml
- - isEmpty:
+ - isNull:
path: spec.ingress[0].from[0].ipBlock.except
documentIndex: 1
template: networkpolicy.yaml
@@ -192,7 +192,7 @@ tests:
value: 0.0.0.0/0
documentIndex: 1
template: networkpolicy.yaml
- - isEmpty:
+ - isNull:
path: spec.ingress[0].from[0].ipBlock.except
documentIndex: 1
template: networkpolicy.yaml
@@ -232,7 +232,7 @@ tests:
value: 127.0.123.123/32
documentIndex: 1
template: networkpolicy.yaml
- - isEmpty:
+ - isNull:
path: spec.ingress[1].from[0].ipBlock.except
documentIndex: 1
template: networkpolicy.yaml
diff --git a/charts/mok/tests/postfix_test.yaml b/charts/mok/tests/postfix_test.yaml
index dbee2ef9f8e5eb44e4798a0e9d7a011e4467faf9..51a23aa5f82471faa190ad93213040e25c28c894 100644
--- a/charts/mok/tests/postfix_test.yaml
+++ b/charts/mok/tests/postfix_test.yaml
@@ -82,7 +82,7 @@ tests:
secretName: example-tls
asserts:
- equal:
- path: spec.template.metadata.annotations.[checksum/config]
+ path: spec.template.metadata.annotations["checksum/config"]
value: 66ea930a9b7e50528ddc0aa54786d07f78c7f56d1daea45b21d9eb94f8e5c4f2
documentIndex: 1
template: postfix.yaml
@@ -99,7 +99,7 @@ tests:
passwordHash: NotReallyAHash
asserts:
- equal:
- path: spec.template.metadata.annotations.[checksum/config]
+ path: spec.template.metadata.annotations["checksum/config"]
value: 9215abccdd6c1f21fd329db0133f6f8e892c50aab3dcde3259ea797e8ad2a959
documentIndex: 1
template: postfix.yaml