Fix tests

Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
spiffe · Jul 20, 2023 · e625894 · e625894
1 parent c5dc08b
commit e625894
Show file tree

Hide file tree

Showing 3 changed files with 80 additions and 2 deletions.
diff --git a/charts/spire/charts/spire-server/templates/pre-delete-hook.yaml b/charts/spire/charts/spire-server/templates/pre-delete-hook.yaml
@@ -0,0 +1,75 @@
+{{- if .Values.upstreamAuthority.spire.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "spire-server.serviceAccountName" . }}-pre-delete
+  namespace: {{ include "spire-server.namespace" . }}
+  labels:
+    {{- include "spire-server.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "spire-server.fullname" . }}-pre-delete
+  namespace: {{ include "spire-server.namespace" . }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed
+rules:
+  - apiGroups: ["apps"]
+    resources: ["statefulsets"]
+    resourceNames: [{{ include "spire-server.fullname" . | quote }}]
+    verbs: ["get", "delete"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "spire-server.fullname" . }}-pre-delete
+  namespace: {{ include "spire-server.namespace" . }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "spire-server.serviceAccountName" . }}-pre-delete
+    namespace: {{ include "spire-server.namespace" . }}
+roleRef:
+  kind: Role
+  name: {{ include "spire-server.fullname" . }}-pre-delete
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "spire-server.fullname" . }}-pre-delete
+  namespace: {{ include "spire-server.namespace" . }}
+  labels:
+    {{- include "spire-server.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed
+spec:
+  template:
+    metadata:
+      name: {{ include "spire-server.fullname" . }}-pre-delete
+    spec:
+      restartPolicy: Never
+      serviceAccountName: {{ include "spire-server.serviceAccountName" . }}-pre-delete
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+      - name: pre-delete-job
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 10 }}
+        image: {{ template "spire-lib.kubectl-image" (dict "appVersion" $.Chart.AppVersion "image" .Values.tools.kubectl.image "global" .Values.global "KubeVersion" .Capabilities.KubeVersion.Version) }}
+        args:
+          - delete
+          - -n
+          - {{ include "spire-server.namespace" . }}
+          - statefulset
+          - {{ include "spire-server.fullname" . }}
+          - --wait
+{{- end }}
diff --git a/charts/spire/values.yaml b/charts/spire/values.yaml
@@ -52,6 +52,9 @@ upstream-spire-agent:
     name: spire-agent-upstream
   healthChecks:
     port: 9981
+  telemetry:
+    prometheus:
+      port: 9989
 
 spiffe-csi-driver:
   # -- Enables deployment of CSI driver

diff --git a/examples/nested/run-tests.sh b/examples/nested/run-tests.sh
@@ -19,8 +19,8 @@ teardown() {
   helm uninstall --namespace "${ns}" spire 2>/dev/null || true
   kubectl delete ns "${ns}" 2>/dev/null || true
 
-  helm uninstall --namespace mysql mysql 2>/dev/null || true
-  kubectl delete ns mysql 2>/dev/null || true
+  helm uninstall --namespace mysql spire-root-server 2>/dev/null || true
+  kubectl delete ns spire-root-server 2>/dev/null || true
 }
 
 trap 'trap - SIGTERM && teardown' SIGINT SIGTERM EXIT