diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl index 1f459cac..ac230034 100644 --- a/chart/templates/_helpers.tpl +++ b/chart/templates/_helpers.tpl @@ -7,7 +7,7 @@ Expand the name of the chart. */}} {{- define "vso.chart.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- default .Chart.Name .Values.nameOverride | trunc 27 | trimSuffix "-" }} {{- end }} {{/* @@ -17,13 +17,13 @@ If release name contains chart name it will be used as a full name. */}} {{- define "vso.chart.fullname" -}} {{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- .Values.fullnameOverride | trunc 27 | trimSuffix "-" }} {{- else }} {{- $name := default .Chart.Name .Values.nameOverride }} {{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- .Release.Name | trunc 27 | trimSuffix "-" }} {{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- printf "%s-%s" .Release.Name $name | trunc 27 | trimSuffix "-" }} {{- end }} {{- end }} {{- end }} diff --git a/chart/templates/default-transit-auth-method.yaml b/chart/templates/default-transit-auth-method.yaml index 72946695..7983421c 100644 --- a/chart/templates/default-transit-auth-method.yaml +++ b/chart/templates/default-transit-auth-method.yaml @@ -7,7 +7,7 @@ apiVersion: secrets.hashicorp.com/v1beta1 kind: VaultAuth metadata: - name: {{ include "vso.chart.fullname" . }}-default-transit-auth + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "default-transit-auth" | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} labels: control-plane: controller-manager @@ -20,7 +20,7 @@ spec: namespace: {{ .Values.controller.manager.clientCache.storageEncryption.namespace }} method: {{ .Values.controller.manager.clientCache.storageEncryption.method }} mount: {{ .Values.controller.manager.clientCache.storageEncryption.mount }} - {{- $kubeServiceAccount := .Values.controller.manager.clientCache.storageEncryption.kubernetes.serviceAccount | default (printf "%s-controller-manager" (include "vso.chart.fullname" .)) -}} + {{- $kubeServiceAccount := .Values.controller.manager.clientCache.storageEncryption.kubernetes.serviceAccount | default (printf "%s-controller-manager" (include "vso.chart.fullname" .)) | trunc 63 | trimSuffix "-" -}} {{- include "vso.vaultAuthMethod" (list .Values.controller.manager.clientCache.storageEncryption $kubeServiceAccount . ) }} storageEncryption: keyName: {{ .Values.controller.manager.clientCache.storageEncryption.keyName }} diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index 92b61c75..592da50e 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -6,7 +6,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "vso.chart.fullname" . }}-controller-manager + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "controller-manager" | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} labels: {{- include "vso.chart.labels" . | nindent 4 }} @@ -15,7 +15,7 @@ metadata: apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "vso.chart.fullname" . }}-controller-manager + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "controller-manager" | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} labels: control-plane: controller-manager @@ -115,7 +115,7 @@ spec: name: podinfo securityContext: {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} - serviceAccountName: {{ include "vso.chart.fullname" . }}-controller-manager + serviceAccountName: {{ printf "%s-%s" (include "vso.chart.fullname" .) "controller-manager" | trunc 63 | trimSuffix "-" }} terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} {{- if .Values.controller.hostAliases }} hostAliases: @@ -147,7 +147,7 @@ spec: apiVersion: batch/v1 kind: Job metadata: - name: {{ include "vso.chart.fullname" . }}-pre-delete-controller-cleanup + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "pre-delete-controller-cleanup" | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} labels: {{- include "vso.chart.labels" . | nindent 4 }} @@ -159,9 +159,9 @@ metadata: spec: template: metadata: - name: {{ include "vso.chart.fullname" . }}-pre-delete-controller-cleanup + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "pre-delete-controller-cleanup" | trunc 63 | trimSuffix "-" }} spec: - serviceAccountName: {{ include "vso.chart.fullname" . }}-controller-manager + serviceAccountName: {{ printf "%s-%s" (include "vso.chart.fullname" .) "controller-manager" | trunc 63 | trimSuffix "-" }} securityContext: {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} containers: diff --git a/chart/templates/leader-election-rbac.yaml b/chart/templates/leader-election-rbac.yaml index 3417f034..ec8f556e 100644 --- a/chart/templates/leader-election-rbac.yaml +++ b/chart/templates/leader-election-rbac.yaml @@ -6,7 +6,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ include "vso.chart.fullname" . }}-leader-election-role + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "leader-election-role" | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/component: controller-manager @@ -47,7 +47,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ include "vso.chart.fullname" . }}-leader-election-rolebinding + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "leader-election-rolebinding" | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/component: controller-manager @@ -55,8 +55,8 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: '{{ include "vso.chart.fullname" . }}-leader-election-role' + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "leader-election-role" | trunc 63 | trimSuffix "-" }} subjects: - kind: ServiceAccount - name: '{{ include "vso.chart.fullname" . }}-controller-manager' + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "controller-manager" | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} diff --git a/chart/templates/manager-config.yaml b/chart/templates/manager-config.yaml index b2c9c9ba..eca8e4d2 100644 --- a/chart/templates/manager-config.yaml +++ b/chart/templates/manager-config.yaml @@ -6,7 +6,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "vso.chart.fullname" . }}-manager-config + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "manager-config" | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/component: controller-manager diff --git a/chart/templates/manager-rbac.yaml b/chart/templates/manager-rbac.yaml index 94d714dc..50968214 100644 --- a/chart/templates/manager-rbac.yaml +++ b/chart/templates/manager-rbac.yaml @@ -5,7 +5,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ include "vso.chart.fullname" . }}-manager-role + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "manager-role" | trunc 63 | trimSuffix "-" }} labels: app.kubernetes.io/component: controller-manager {{- include "vso.chart.labels" . | nindent 4 }} @@ -268,15 +268,15 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "vso.chart.fullname" . }}-manager-rolebinding + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "manager-rolebinding" | trunc 63 | trimSuffix "-" }} labels: app.kubernetes.io/component: controller-manager {{- include "vso.chart.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: '{{ include "vso.chart.fullname" . }}-manager-role' + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "manager-role" | trunc 63 | trimSuffix "-" }} subjects: - kind: ServiceAccount - name: '{{ include "vso.chart.fullname" . }}-controller-manager' + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "controller-manager" | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} diff --git a/chart/templates/metrics-reader-rbac.yaml b/chart/templates/metrics-reader-rbac.yaml index c5f5cdde..d072ca64 100644 --- a/chart/templates/metrics-reader-rbac.yaml +++ b/chart/templates/metrics-reader-rbac.yaml @@ -6,7 +6,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ include "vso.chart.fullname" . }}-metrics-reader + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "metrics-reader" | trunc 63 | trimSuffix "-" }} labels: app.kubernetes.io/component: controller-manager {{- include "vso.chart.labels" . | nindent 4 }} diff --git a/chart/templates/metrics-service.yaml b/chart/templates/metrics-service.yaml index 183f2c00..84535f7d 100644 --- a/chart/templates/metrics-service.yaml +++ b/chart/templates/metrics-service.yaml @@ -6,7 +6,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "vso.chart.fullname" . }}-metrics-service + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "metrics-service" | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/component: controller-manager diff --git a/chart/templates/prometheus-servicemonitor.yaml b/chart/templates/prometheus-servicemonitor.yaml index d2cfb834..ea79ffb0 100644 --- a/chart/templates/prometheus-servicemonitor.yaml +++ b/chart/templates/prometheus-servicemonitor.yaml @@ -8,7 +8,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ include "vso.chart.fullname" . }}-controller-manager-metrics-monitor + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "controller-manager-metrics-monitor" | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} labels: control-plane: controller-manager diff --git a/chart/templates/proxy-rbac.yaml b/chart/templates/proxy-rbac.yaml index 7f938bcc..5ced65aa 100644 --- a/chart/templates/proxy-rbac.yaml +++ b/chart/templates/proxy-rbac.yaml @@ -6,7 +6,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ include "vso.chart.fullname" . }}-proxy-role + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "proxy-role" | trunc 63 | trimSuffix "-" }} labels: app.kubernetes.io/component: controller-manager {{- include "vso.chart.labels" . | nindent 4 }} @@ -27,15 +27,15 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "vso.chart.fullname" . }}-proxy-rolebinding + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "proxy-rolebinding" | trunc 63 | trimSuffix "-" }} labels: app.kubernetes.io/component: controller-manager {{- include "vso.chart.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: '{{ include "vso.chart.fullname" . }}-proxy-role' + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "proxy-role" | trunc 63 | trimSuffix "-" }} subjects: - kind: ServiceAccount - name: '{{ include "vso.chart.fullname" . }}-controller-manager' + name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "controller-manager" | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} diff --git a/test/unit/default-transit-auth-method.bats b/test/unit/default-transit-auth-method.bats index 6d5706c8..c632eb77 100755 --- a/test/unit/default-transit-auth-method.bats +++ b/test/unit/default-transit-auth-method.bats @@ -35,7 +35,7 @@ load _helpers . | tee /dev/stderr) actual=$(echo "$object" | yq '.spec.kubernetes.serviceAccount' | tee /dev/stderr) - [ "${actual}" = "release-name-vault-secrets-operator-controller-manager" ] + [ "${actual}" = "release-name-vault-secrets-controller-manager" ] } @test "defaultTransitAuthMethod/CR: default vaultConnectionRef is used by default" { @@ -58,7 +58,7 @@ load _helpers . | tee /dev/stderr) local actual=$(echo "$object" | yq '.metadata.name' | tee /dev/stderr) - [ "${actual}" = "release-name-vault-secrets-operator-default-transit-auth" ] + [ "${actual}" = "release-name-vault-secrets-default-transit-auth" ] actual=$(echo "$object" | yq '.metadata.namespace' | tee /dev/stderr) [ "${actual}" = "default" ] @@ -67,7 +67,7 @@ load _helpers actual=$(echo "$object" | yq '.spec.mount' | tee /dev/stderr) [ "${actual}" = "kubernetes" ] actual=$(echo "$object" | yq '.spec.kubernetes.serviceAccount' | tee /dev/stderr) - [ "${actual}" = "release-name-vault-secrets-operator-controller-manager" ] + [ "${actual}" = "release-name-vault-secrets-controller-manager" ] } @test "defaultTransitAuthMethod/CR: settings can be modified for kubernetes auth method" { @@ -122,7 +122,7 @@ load _helpers . | tee /dev/stderr) local actual=$(echo "$object" | yq '.metadata.name' | tee /dev/stderr) - [ "${actual}" = "release-name-vault-secrets-operator-default-transit-auth" ] + [ "${actual}" = "release-name-vault-secrets-default-transit-auth" ] actual=$(echo "$object" | yq '.metadata.namespace' | tee /dev/stderr) [ "${actual}" = "default" ] diff --git a/test/unit/deployment.bats b/test/unit/deployment.bats index 0ae43e03..27e8c87b 100755 --- a/test/unit/deployment.bats +++ b/test/unit/deployment.bats @@ -24,6 +24,61 @@ load _helpers [ "${actual}" = "2" ] } +#-------------------------------------------------------------------- +# resource names + +@test "controller/Deployment: resource names are correct when release name is short" { + cd `chart_dir` + local actual=$(helm template \ + -s templates/deployment.yaml \ + --set fullnameOverride=foo \ + . | tee /dev/stderr) + + # ServiceAccount + local object=$(echo "$actual" | yq 'select(.kind == "ServiceAccount") .metadata.name' | tee /dev/stderr) + [ "${object}" = "foo-controller-manager" ] + + # Deployment + object=$(echo "$actual" | yq 'select(.kind == "Deployment" and .metadata.labels."control-plane" == "controller-manager") .metadata.name' | tee /dev/stderr) + [ "${object}" = "foo-controller-manager" ] + object=$(echo "$actual" | yq 'select(.kind == "Deployment" and .metadata.labels."control-plane" == "controller-manager") .spec.template.spec.serviceAccountName' | tee /dev/stderr) + [ "${object}" = "foo-controller-manager" ] + + # Pre-Delete Job + object=$(echo "$actual" | yq 'select(.kind == "Job") .metadata.name' | tee /dev/stderr) + [ "${object}" = "foo-pre-delete-controller-cleanup" ] + object=$(echo "$actual" | yq 'select(.kind == "Job") .spec.template.metadata.name' | tee /dev/stderr) + [ "${object}" = "foo-pre-delete-controller-cleanup" ] + object=$(echo "$actual" | yq 'select(.kind == "Job") .spec.template.spec.serviceAccountName' | tee /dev/stderr) + [ "${object}" = "foo-controller-manager" ] +} + +@test "controller/Deployment: resource names are correct when release name is >30 chars" { + cd `chart_dir` + local actual=$(helm template \ + -s templates/deployment.yaml \ + --set fullnameOverride=abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz \ + . | tee /dev/stderr) + + # ServiceAccount + local object=$(echo "$actual" | yq 'select(.kind == "ServiceAccount") .metadata.name' | tee /dev/stderr) + [ "${object}" = "abcdefghijklmnopqrstuvwxyza-controller-manager" ] + + # Deployment + object=$(echo "$actual" | yq 'select(.kind == "Deployment" and .metadata.labels."control-plane" == "controller-manager") .metadata.name' | tee /dev/stderr) + [ "${object}" = "abcdefghijklmnopqrstuvwxyza-controller-manager" ] + object=$(echo "$actual" | yq 'select(.kind == "Deployment" and .metadata.labels."control-plane" == "controller-manager") .spec.template.spec.serviceAccountName' | tee /dev/stderr) + [ "${object}" = "abcdefghijklmnopqrstuvwxyza-controller-manager" ] + + # Pre-Delete Job + object=$(echo "$actual" | yq 'select(.kind == "Job") .metadata.name' | tee /dev/stderr) + [ "${object}" = "abcdefghijklmnopqrstuvwxyza-pre-delete-controller-cleanup" ] + object=$(echo "$actual" | yq 'select(.kind == "Job") .spec.template.metadata.name' | tee /dev/stderr) + [ "${object}" = "abcdefghijklmnopqrstuvwxyza-pre-delete-controller-cleanup" ] + object=$(echo "$actual" | yq 'select(.kind == "Job") .spec.template.spec.serviceAccountName' | tee /dev/stderr) + [ "${object}" = "abcdefghijklmnopqrstuvwxyza-controller-manager" ] +} + #-------------------------------------------------------------------- # resources diff --git a/test/unit/helpers.bats b/test/unit/helpers.bats index 699ef6dc..5c1f2fb5 100644 --- a/test/unit/helpers.bats +++ b/test/unit/helpers.bats @@ -8,13 +8,13 @@ load _helpers # These tests use test-runner.yaml to test the chart.fullname helper # since we need an existing template that calls the chart.fullname helper. -@test "helper/chart.fullname: defaults to release-name-vault-secrets-operator-test" { +@test "helper/chart.fullname: defaults to release-name-vault-secrets-test" { cd `chart_dir` local actual=$(helm template \ -s templates/tests/test-runner.yaml \ . | tee /dev/stderr | yq -r '.metadata.name' | tee /dev/stderr) - [ "${actual}" = "release-name-vault-secrets-operator-test" ] + [ "${actual}" = "release-name-vault-secrets-test" ] } @test "helper/chart.fullname: fullnameOverride overrides the name" { @@ -27,14 +27,14 @@ load _helpers [ "${actual}" = "override-test" ] } -@test "helper/chart.fullname: fullnameOverride is truncated to 63 chars" { +@test "helper/chart.fullname: fullnameOverride is truncated to 27 chars" { cd `chart_dir` local actual=$(helm template \ -s templates/tests/test-runner.yaml \ --set fullnameOverride=abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz \ . | tee /dev/stderr | yq -r '.metadata.name' | tee /dev/stderr) - [ "${actual}" = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijk-test" ] + [ "${actual}" = "abcdefghijklmnopqrstuvwxyza-test" ] } @test "helper/chart.fullname: fullnameOverride has trailing '-' trimmed" {