1
2
3
4 package krusty_test
5
6 import (
7 "testing"
8
9 kusttest_test "sigs.k8s.io/kustomize/api/testutils/kusttest"
10 )
11
12 func TestIssue3489Simplified(t *testing.T) {
13 th := kusttest_test.MakeHarness(t)
14 th.WriteK(".", `
15 namespace: kube-system
16 resources:
17 - aa
18 - bb
19 `)
20 th.WriteK("aa", `
21 resources:
22 - ../base
23 `)
24 th.WriteK("bb", `
25 resources:
26 - ../base
27 nameSuffix: -private
28 `)
29 th.WriteK("base", `
30 resources:
31 - deployment.yaml
32 - serviceAccount.yaml
33 `)
34 th.WriteF("base/deployment.yaml", `
35 apiVersion: apps/v1
36 kind: Deployment
37 metadata:
38 name: myDep
39 spec:
40 template:
41 spec:
42 serviceAccountName: mySvcAcct
43 containers:
44 - name: whatever
45 image: registry.k8s.io/governmentCheese
46 `)
47 th.WriteF("base/serviceAccount.yaml", `
48 apiVersion: v1
49 kind: ServiceAccount
50 metadata:
51 name: mySvcAcct
52 `)
53 m := th.Run(".", th.MakeDefaultOptions())
54 th.AssertActualEqualsExpected(m, `
55 apiVersion: apps/v1
56 kind: Deployment
57 metadata:
58 name: myDep
59 namespace: kube-system
60 spec:
61 template:
62 spec:
63 containers:
64 - image: registry.k8s.io/governmentCheese
65 name: whatever
66 serviceAccountName: mySvcAcct
67 ---
68 apiVersion: v1
69 kind: ServiceAccount
70 metadata:
71 name: mySvcAcct
72 namespace: kube-system
73 ---
74 apiVersion: apps/v1
75 kind: Deployment
76 metadata:
77 name: myDep-private
78 namespace: kube-system
79 spec:
80 template:
81 spec:
82 containers:
83 - image: registry.k8s.io/governmentCheese
84 name: whatever
85 serviceAccountName: mySvcAcct-private
86 ---
87 apiVersion: v1
88 kind: ServiceAccount
89 metadata:
90 name: mySvcAcct-private
91 namespace: kube-system
92 `)
93 }
94
95 func TestIssue3489(t *testing.T) {
96 const assets = `{
97 "tenantId": "XXXXX-XXXXXX-XXXXX-XXXXXX-XXXXXX",
98 "subscriptionId": "XXXXX-XXXXXX-XXXXX-XXXXXX-XXXXXX",
99 "resourceGroup": "DNS-EUW-XXX-RG",
100 "useManagedIdentityExtension": true,
101 "userAssignedIdentityID": "XXXXX-XXXXXX-XXXXX-XXXXXX-XXXXXX"
102 }
103 `
104 th := kusttest_test.MakeHarness(t)
105 th.WriteK(".", `
106 namespace: kube-system
107 resources:
108 - external-dns
109 - external-dns-private
110 `)
111 th.WriteK("external-dns", `
112 resources:
113 - ../base
114 commonLabels:
115 app: external-dns
116 instance: public
117 images:
118 - name: registry.k8s.io/external-dns/external-dns
119 newName: xxx.azurecr.io/external-dns
120 newTag: v0.7.4_sylr.1
121 - name: quay.io/sylr/external-dns
122 newName: xxx.azurecr.io/external-dns
123 newTag: v0.7.4_sylr.1
124 secretGenerator:
125 - name: azure-config-file
126 behavior: replace
127 files:
128 - assets/azure.json
129 patches:
130 - target:
131 group: apps
132 version: v1
133 kind: Deployment
134 name: external-dns
135 patch: |-
136 - op: replace
137 path: /spec/template/spec/containers/0/args
138 value:
139 - --txt-owner-id="aks"
140 - --txt-prefix=external-dns-
141 - --source=service
142 - --provider=azure
143 - --registry=txt
144 - --domain-filter=dev.company.com
145 `)
146
147 th.WriteF("external-dns/assets/azure.json", assets)
148 th.WriteK("external-dns-private", `
149 resources:
150 - ../base
151 nameSuffix: -private
152 commonLabels:
153 app: external-dns
154 instance: private
155 images:
156 - name: registry.k8s.io/external-dns/external-dns
157 newName: xxx.azurecr.io/external-dns
158 newTag: v0.7.4_sylr.1
159 - name: quay.io/sylr/external-dns
160 newName: xxx.azurecr.io/external-dns
161 newTag: v0.7.4_sylr.1
162 secretGenerator:
163 - name: azure-config-file
164 behavior: replace
165 files:
166 - assets/azure.json
167 patches:
168 - target:
169 group: apps
170 version: v1
171 kind: Deployment
172 name: external-dns
173 patch: |-
174 - op: replace
175 path: /spec/template/spec/containers/0/args
176 value:
177 - --txt-owner-id="aks"
178 - --txt-prefix=external-dns-private-
179 - --source=service
180 - --provider=azure-private-dns
181 - --registry=txt
182 - --domain-filter=static.company.az
183 `)
184 th.WriteF("external-dns-private/assets/azure.json", assets)
185 th.WriteK("base", `
186 resources:
187 - clusterrole.yaml
188 - clusterrolebinding.yaml
189 - deployment.yaml
190 - serviceaccount.yaml
191 commonLabels:
192 app: external-dns
193 instance: public
194 images:
195 - name: registry.k8s.io/external-dns/external-dns
196 newName: quay.io/sylr/external-dns
197 newTag: v0.7.4-73-g00a9a0c7
198 secretGenerator:
199 - name: azure-config-file
200 files:
201 - assets/azure.json
202 `)
203 th.WriteF("base/assets/azure.json", assets)
204 th.WriteF("base/clusterrolebinding.yaml", `
205 apiVersion: rbac.authorization.k8s.io/v1
206 kind: ClusterRoleBinding
207 metadata:
208 name: external-dns-viewer
209 roleRef:
210 apiGroup: rbac.authorization.k8s.io
211 kind: ClusterRole
212 name: external-dns
213 subjects:
214 - kind: ServiceAccount
215 name: external-dns
216 `)
217 th.WriteF("base/clusterrole.yaml", `
218 apiVersion: rbac.authorization.k8s.io/v1
219 kind: ClusterRole
220 metadata:
221 name: external-dns
222 rules:
223 - apiGroups: ['']
224 resources: ['endpoints', 'pods', 'services', 'nodes']
225 verbs: ['get', 'watch', 'list']
226 - apiGroups: ['extensions', 'networking.k8s.io']
227 resources: ['ingresses']
228 verbs: ['get', 'watch', 'list']
229 `)
230 th.WriteF("base/deployment.yaml", `
231 apiVersion: apps/v1
232 kind: Deployment
233 metadata:
234 name: external-dns
235 spec:
236 strategy:
237 type: Recreate
238 selector:
239 matchLabels: {}
240 template:
241 metadata: {}
242 spec:
243 serviceAccountName: external-dns
244 containers:
245 - name: external-dns
246 image: registry.k8s.io/external-dns/external-dns
247 args:
248 - --domain-filter=""
249 - --txt-owner-id=""
250 - --txt-prefix=external-dns-
251 - --source=service
252 - --provider=azure
253 - --registry=txt
254 resources: {}
255 volumeMounts:
256 - name: azure-config-file
257 mountPath: /etc/kubernetes
258 readOnly: true
259 volumes:
260 - name: azure-config-file
261 secret:
262 secretName: azure-config-file
263 `)
264 th.WriteF("base/serviceaccount.yaml", `
265 apiVersion: v1
266 kind: ServiceAccount
267 metadata:
268 name: external-dns
269 `)
270 m := th.Run(".", th.MakeDefaultOptions())
271 th.AssertActualEqualsExpected(
272 m, `
273 apiVersion: rbac.authorization.k8s.io/v1
274 kind: ClusterRole
275 metadata:
276 labels:
277 app: external-dns
278 instance: public
279 name: external-dns
280 rules:
281 - apiGroups:
282 - ""
283 resources:
284 - endpoints
285 - pods
286 - services
287 - nodes
288 verbs:
289 - get
290 - watch
291 - list
292 - apiGroups:
293 - extensions
294 - networking.k8s.io
295 resources:
296 - ingresses
297 verbs:
298 - get
299 - watch
300 - list
301 ---
302 apiVersion: rbac.authorization.k8s.io/v1
303 kind: ClusterRoleBinding
304 metadata:
305 labels:
306 app: external-dns
307 instance: public
308 name: external-dns-viewer
309 roleRef:
310 apiGroup: rbac.authorization.k8s.io
311 kind: ClusterRole
312 name: external-dns
313 subjects:
314 - kind: ServiceAccount
315 name: external-dns
316 namespace: kube-system
317 ---
318 apiVersion: apps/v1
319 kind: Deployment
320 metadata:
321 labels:
322 app: external-dns
323 instance: public
324 name: external-dns
325 namespace: kube-system
326 spec:
327 selector:
328 matchLabels:
329 app: external-dns
330 instance: public
331 strategy:
332 type: Recreate
333 template:
334 metadata:
335 labels:
336 app: external-dns
337 instance: public
338 spec:
339 containers:
340 - args:
341 - --txt-owner-id="aks"
342 - --txt-prefix=external-dns-
343 - --source=service
344 - --provider=azure
345 - --registry=txt
346 - --domain-filter=dev.company.com
347 image: xxx.azurecr.io/external-dns:v0.7.4_sylr.1
348 name: external-dns
349 resources: {}
350 volumeMounts:
351 - mountPath: /etc/kubernetes
352 name: azure-config-file
353 readOnly: true
354 serviceAccountName: external-dns
355 volumes:
356 - name: azure-config-file
357 secret:
358 secretName: azure-config-file-66cc4224mm
359 ---
360 apiVersion: v1
361 kind: ServiceAccount
362 metadata:
363 labels:
364 app: external-dns
365 instance: public
366 name: external-dns
367 namespace: kube-system
368 ---
369 apiVersion: v1
370 data:
371 azure.json: |
372 ewoJInRlbmFudElkIjogIlhYWFhYLVhYWFhYWC1YWFhYWC1YWFhYWFgtWFhYWFhYIiwKCS
373 JzdWJzY3JpcHRpb25JZCI6ICJYWFhYWC1YWFhYWFgtWFhYWFgtWFhYWFhYLVhYWFhYWCIs
374 CgkicmVzb3VyY2VHcm91cCI6ICJETlMtRVVXLVhYWC1SRyIsCgkidXNlTWFuYWdlZElkZW
375 50aXR5RXh0ZW5zaW9uIjogdHJ1ZSwKCSJ1c2VyQXNzaWduZWRJZGVudGl0eUlEIjogIlhY
376 WFhYLVhYWFhYWC1YWFhYWC1YWFhYWFgtWFhYWFhYIgp9Cg==
377 kind: Secret
378 metadata:
379 labels:
380 app: external-dns
381 instance: public
382 name: azure-config-file-66cc4224mm
383 namespace: kube-system
384 type: Opaque
385 ---
386 apiVersion: rbac.authorization.k8s.io/v1
387 kind: ClusterRole
388 metadata:
389 labels:
390 app: external-dns
391 instance: private
392 name: external-dns-private
393 rules:
394 - apiGroups:
395 - ""
396 resources:
397 - endpoints
398 - pods
399 - services
400 - nodes
401 verbs:
402 - get
403 - watch
404 - list
405 - apiGroups:
406 - extensions
407 - networking.k8s.io
408 resources:
409 - ingresses
410 verbs:
411 - get
412 - watch
413 - list
414 ---
415 apiVersion: rbac.authorization.k8s.io/v1
416 kind: ClusterRoleBinding
417 metadata:
418 labels:
419 app: external-dns
420 instance: private
421 name: external-dns-viewer-private
422 roleRef:
423 apiGroup: rbac.authorization.k8s.io
424 kind: ClusterRole
425 name: external-dns-private
426 subjects:
427 - kind: ServiceAccount
428 name: external-dns-private
429 namespace: kube-system
430 ---
431 apiVersion: apps/v1
432 kind: Deployment
433 metadata:
434 labels:
435 app: external-dns
436 instance: private
437 name: external-dns-private
438 namespace: kube-system
439 spec:
440 selector:
441 matchLabels:
442 app: external-dns
443 instance: private
444 strategy:
445 type: Recreate
446 template:
447 metadata:
448 labels:
449 app: external-dns
450 instance: private
451 spec:
452 containers:
453 - args:
454 - --txt-owner-id="aks"
455 - --txt-prefix=external-dns-private-
456 - --source=service
457 - --provider=azure-private-dns
458 - --registry=txt
459 - --domain-filter=static.company.az
460 image: xxx.azurecr.io/external-dns:v0.7.4_sylr.1
461 name: external-dns
462 resources: {}
463 volumeMounts:
464 - mountPath: /etc/kubernetes
465 name: azure-config-file
466 readOnly: true
467 serviceAccountName: external-dns-private
468 volumes:
469 - name: azure-config-file
470 secret:
471 secretName: azure-config-file-private-66cc4224mm
472 ---
473 apiVersion: v1
474 kind: ServiceAccount
475 metadata:
476 labels:
477 app: external-dns
478 instance: private
479 name: external-dns-private
480 namespace: kube-system
481 ---
482 apiVersion: v1
483 data:
484 azure.json: |
485 ewoJInRlbmFudElkIjogIlhYWFhYLVhYWFhYWC1YWFhYWC1YWFhYWFgtWFhYWFhYIiwKCS
486 JzdWJzY3JpcHRpb25JZCI6ICJYWFhYWC1YWFhYWFgtWFhYWFgtWFhYWFhYLVhYWFhYWCIs
487 CgkicmVzb3VyY2VHcm91cCI6ICJETlMtRVVXLVhYWC1SRyIsCgkidXNlTWFuYWdlZElkZW
488 50aXR5RXh0ZW5zaW9uIjogdHJ1ZSwKCSJ1c2VyQXNzaWduZWRJZGVudGl0eUlEIjogIlhY
489 WFhYLVhYWFhYWC1YWFhYWC1YWFhYWFgtWFhYWFhYIgp9Cg==
490 kind: Secret
491 metadata:
492 labels:
493 app: external-dns
494 instance: private
495 name: azure-config-file-private-66cc4224mm
496 namespace: kube-system
497 type: Opaque
498 `)
499 }
500
501 func TestEmptyFieldSpecValue(t *testing.T) {
502 th := kusttest_test.MakeHarness(t)
503 th.WriteK(".", `
504 generators:
505 - generators.yaml
506 configurations:
507 - kustomizeconfig.yaml
508 `)
509 th.WriteF("generators.yaml", `
510 apiVersion: builtin
511 kind: ConfigMapGenerator
512 metadata:
513 name: secret-example
514 labels:
515 app.kubernetes.io/name: secret-example
516 literals:
517 - this_is_a_secret_name=
518 `)
519 th.WriteF("kustomizeconfig.yaml", `
520 nameReference:
521 - kind: Secret
522 version: v1
523 fieldSpecs:
524 - path: data/this_is_a_secret_name
525 kind: ConfigMap
526 `)
527 m := th.Run(".", th.MakeDefaultOptions())
528 th.AssertActualEqualsExpected(m, `
529 apiVersion: v1
530 data:
531 this_is_a_secret_name: ""
532 kind: ConfigMap
533 metadata:
534 name: secret-example-7hf4fh868h
535 `)
536 }
537
538 func TestUnrelatedNameReferenceReplacement_Issue4254_Issue3418(t *testing.T) {
539 th := kusttest_test.MakeHarness(t)
540
541
542 th.WriteF("role.yaml", `
543 apiVersion: rbac.authorization.k8s.io/v1
544 kind: ClusterRole
545 metadata:
546 name: cluster-autoscaler
547 rules:
548 - apiGroups: ["coordination.k8s.io"]
549 resources: ["leases"]
550 resourceNames: ["cluster-autoscaler"]
551 verbs: ["get","update"]
552 `)
553
554 th.WriteK(".", `
555 resources:
556 - role.yaml
557 configMapGenerator:
558 - name: cluster-autoscaler
559 namespace: kube-system
560 literals:
561 - AWS_REGION="us-east-1"
562 `)
563
564
565
566 m := th.Run(".", th.MakeDefaultOptions())
567 th.AssertActualEqualsExpected(m, `
568 apiVersion: rbac.authorization.k8s.io/v1
569 kind: ClusterRole
570 metadata:
571 name: cluster-autoscaler
572 rules:
573 - apiGroups:
574 - coordination.k8s.io
575 resourceNames:
576 - cluster-autoscaler-h8mmcct52k
577 resources:
578 - leases
579 verbs:
580 - get
581 - update
582 ---
583 apiVersion: v1
584 data:
585 AWS_REGION: us-east-1
586 kind: ConfigMap
587 metadata:
588 name: cluster-autoscaler-h8mmcct52k
589 namespace: kube-system
590 `)
591 }
592
593 func TestIssue4682_NameReferencesToSelfInAnnotations(t *testing.T) {
594 th := kusttest_test.MakeHarness(t)
595 th.WriteK(".", `
596 namespace: newNs
597 resources:
598 - resources.yaml
599
600 nameSuffix: -updated
601
602 configurations:
603 - kustomize-nameref.yaml
604 `)
605 th.WriteF("kustomize-nameref.yaml", `
606 nameReference:
607 - kind: Namespace
608 fieldSpecs:
609 - path: data/theNamespace
610 kind: ConfigMap
611 version: v1
612 - path: metadata/annotations/theNamespace
613 kind: ConfigMap
614 version: v1
615 - path: metadata/annotations/theNamespace
616 kind: Namespace
617 version: v1
618 - kind: ConfigMap
619 fieldSpecs:
620 - path: data/theConfigMap
621 kind: ConfigMap
622 version: v1
623 - path: metadata/annotations/theConfigMap
624 kind: ConfigMap
625 version: v1
626 - path: metadata/annotations/theConfigMap
627 kind: Namespace
628 version: v1
629 `)
630 th.WriteF("resources.yaml", `
631 apiVersion: v1
632 kind: ConfigMap
633 metadata:
634 annotations:
635 theConfigMap: cm
636 theNamespace: oldNs
637 name: cm
638 namespace: oldNs
639 data:
640 theConfigMap: cm
641 theNamespace: oldNs
642 ---
643 apiVersion: v1
644 kind: Namespace
645 metadata:
646 annotations:
647 theConfigMap: cm
648 theNamespace: oldNs
649 name: oldNs
650 `)
651 m := th.Run(".", th.MakeDefaultOptions())
652 th.AssertActualEqualsExpected(m, `
653 apiVersion: v1
654 data:
655 theConfigMap: cm-updated
656 theNamespace: newNs
657 kind: ConfigMap
658 metadata:
659 annotations:
660 theConfigMap: cm-updated
661 theNamespace: newNs
662 name: cm-updated
663 namespace: newNs
664 ---
665 apiVersion: v1
666 kind: Namespace
667 metadata:
668 annotations:
669 theConfigMap: cm-updated
670 theNamespace: newNs
671 name: newNs
672 `)
673 }
674
675 func TestIssue4884_UseLocalConfigAsNameRefSource(t *testing.T) {
676 th := kusttest_test.MakeHarness(t)
677 th.WriteK(".", `
678 resources:
679 - resources.yaml
680
681 namePrefix: prefix-
682
683 configurations:
684 - kustomize-nameref.yaml
685 `)
686 th.WriteF("kustomize-nameref.yaml", `
687 nameReference:
688 - kind: IngressHost
689 fieldSpecs:
690 - path: spec/rules/host
691 kind: Ingress
692 - path: spec/tls/hosts
693 kind: Ingress
694 - path: spec/template/spec/containers/env/value
695 kind: Deployment
696 - kind: IngressSecret
697 fieldSpecs:
698 - path: spec/tls/secretName
699 kind: Ingress
700 namePrefix:
701 - path: metadata/name
702 kind: IngressHost
703 - path: metadata/name
704 kind: IngressSecret
705
706 `)
707 th.WriteF("resources.yaml", `
708 apiVersion: local/v1
709 kind: IngressHost
710 metadata:
711 name: test.fakedomain.com
712 namespace: test
713 annotations:
714 config.kubernetes.io/local-config: "true"
715 ---
716 apiVersion: local/v1
717 kind: IngressSecret
718 metadata:
719 name: test-secret
720 namespace: test
721 annotations:
722 config.kubernetes.io/local-config: "true"
723 ---
724 apiVersion: v1
725 kind: Ingress
726 metadata:
727 name: test-ingress
728 namespace: test
729 spec:
730 rules:
731 - host: test.fakedomain.com
732 - host: do-not-touch.otherdomain.com
733 tls:
734 - hosts:
735 - test.fakedomain.com
736 secretName: test-secret
737 - hosts:
738 - do-not-touch.otherdomain.com
739 secretname: do-not-touch
740 ---
741 apiVersion: apps/v1
742 kind: Deployment
743 metadata:
744 name: test-deployment
745 namespace: test
746 spec:
747 template:
748 spec:
749 containers:
750 - name: tester
751 env:
752 - name: domain-name
753 value: test.fakedomain.com
754 `)
755 m := th.Run(".", th.MakeDefaultOptions())
756 th.AssertActualEqualsExpected(m, `
757 apiVersion: v1
758 kind: Ingress
759 metadata:
760 name: test-ingress
761 namespace: test
762 spec:
763 rules:
764 - host: prefix-test.fakedomain.com
765 - host: do-not-touch.otherdomain.com
766 tls:
767 - hosts:
768 - prefix-test.fakedomain.com
769 secretName: prefix-test-secret
770 - hosts:
771 - do-not-touch.otherdomain.com
772 secretname: do-not-touch
773 ---
774 apiVersion: apps/v1
775 kind: Deployment
776 metadata:
777 name: test-deployment
778 namespace: test
779 spec:
780 template:
781 spec:
782 containers:
783 - env:
784 - name: domain-name
785 value: prefix-test.fakedomain.com
786 name: tester
787 `)
788 }
789
View as plain text