build: update Helm and plugin versions in CI and Dockerfiles (#2059)
* build: update Helm and plugin versions in CI and Dockerfiles Signed-off-by: yxxhero <aiopsclub@163.com>
This commit is contained in:
yxxhero
GitHub
parent
3429901363
commit
fe1e51e5ef
|
|
@ -57,7 +57,7 @@ jobs:
|
|||
- helm-version: v3.17.3
|
||||
kustomize-version: v5.2.1
|
||||
plugin-secrets-version: 4.6.5
|
||||
plugin-diff-version: 3.10.0
|
||||
plugin-diff-version: 3.11.0
|
||||
extra-helmfile-flags: ''
|
||||
- helm-version: v3.17.3
|
||||
kustomize-version: v5.4.3
|
||||
|
|
@ -67,24 +67,24 @@ jobs:
|
|||
# we will mark this combination as failable,
|
||||
# and instruct users to upgrade helm and helm-secrets at once.
|
||||
plugin-secrets-version: 4.6.5
|
||||
plugin-diff-version: 3.11.0
|
||||
plugin-diff-version: 3.12.1
|
||||
extra-helmfile-flags: ''
|
||||
- helm-version: v3.18.0
|
||||
- helm-version: v3.18.1
|
||||
kustomize-version: v5.2.1
|
||||
plugin-secrets-version: 4.6.5
|
||||
plugin-diff-version: 3.10.0
|
||||
plugin-diff-version: 3.11.0
|
||||
extra-helmfile-flags: ''
|
||||
- helm-version: v3.18.0
|
||||
- helm-version: v3.18.1
|
||||
kustomize-version: v5.4.3
|
||||
plugin-secrets-version: 4.6.5
|
||||
plugin-diff-version: 3.11.0
|
||||
plugin-diff-version: 3.12.1
|
||||
extra-helmfile-flags: ''
|
||||
# In case you need to test some optional helmfile features,
|
||||
# enable it via extra-helmfile-flags below.
|
||||
- helm-version: v3.18.0
|
||||
- helm-version: v3.18.1
|
||||
kustomize-version: v5.4.3
|
||||
plugin-secrets-version: 4.6.5
|
||||
plugin-diff-version: 3.11.0
|
||||
plugin-diff-version: 3.12.1
|
||||
extra-helmfile-flags: '--enable-live-output'
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
|
@ -95,6 +95,8 @@ jobs:
|
|||
- uses: actions/download-artifact@v4
|
||||
with:
|
||||
name: built-binaries-${{ github.run_id }}
|
||||
- name: install semver
|
||||
run: go install github.com/ffurrer2/semver/v2/cmd/semver@latest
|
||||
- name: Extract tar to get built binaries
|
||||
run: tar -xvf built-binaries.tar
|
||||
- name: Display built binaries
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ ENV HELM_CONFIG_HOME="${HELM_CONFIG_HOME}"
|
|||
ARG HELM_DATA_HOME="${HOME}/.local/share/helm"
|
||||
ENV HELM_DATA_HOME="${HELM_DATA_HOME}"
|
||||
|
||||
ARG HELM_VERSION="v3.18.0"
|
||||
ARG HELM_VERSION="v3.18.1"
|
||||
ENV HELM_VERSION="${HELM_VERSION}"
|
||||
ARG HELM_LOCATION="https://get.helm.sh"
|
||||
ARG HELM_FILENAME="helm-${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz"
|
||||
|
|
@ -38,8 +38,8 @@ RUN set -x && \
|
|||
curl --retry 5 --retry-connrefused -LO "${HELM_LOCATION}/${HELM_FILENAME}" && \
|
||||
echo Verifying ${HELM_FILENAME}... && \
|
||||
case ${TARGETPLATFORM} in \
|
||||
"linux/amd64") HELM_SHA256="961e587fc2c03807f8a99ac25ef063fa9e6915f1894729399cbb95d2a79af931" ;; \
|
||||
"linux/arm64") HELM_SHA256="489c9d2d3ea4e095331249d74b4407fb5ac1d338c28429d70cdedccfe6e2b029" ;; \
|
||||
"linux/amd64") HELM_SHA256="b1c7e8e261fd30f34c617282813ecafc63628fcd59a255a9fc51b1fe43394c05" ;; \
|
||||
"linux/arm64") HELM_SHA256="5ddc8fbd4b17857754a95be799543ceafa5aa9532b05f738ee590a76bb049988" ;; \
|
||||
esac && \
|
||||
echo "${HELM_SHA256} ${HELM_FILENAME}" | sha256sum -c && \
|
||||
echo Extracting ${HELM_FILENAME}... && \
|
||||
|
|
@ -93,7 +93,7 @@ RUN set -x && \
|
|||
[ "$(age --version)" = "${AGE_VERSION}" ] && \
|
||||
[ "$(age-keygen --version)" = "${AGE_VERSION}" ]
|
||||
|
||||
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.11.0 && \
|
||||
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.12.1 && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.6.5 && \
|
||||
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.16.3 && \
|
||||
helm plugin install https://github.com/aslafy-z/helm-git.git --version v1.3.0 && \
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ ENV HELM_CONFIG_HOME="${HELM_CONFIG_HOME}"
|
|||
ARG HELM_DATA_HOME="${HOME}/.local/share/helm"
|
||||
ENV HELM_DATA_HOME="${HELM_DATA_HOME}"
|
||||
|
||||
ARG HELM_VERSION="v3.18.0"
|
||||
ARG HELM_VERSION="v3.18.1"
|
||||
ENV HELM_VERSION="${HELM_VERSION}"
|
||||
ARG HELM_LOCATION="https://get.helm.sh"
|
||||
ARG HELM_FILENAME="helm-${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz"
|
||||
|
|
@ -43,8 +43,8 @@ RUN set -x && \
|
|||
curl --retry 5 --retry-connrefused -LO "${HELM_LOCATION}/${HELM_FILENAME}" && \
|
||||
echo Verifying ${HELM_FILENAME}... && \
|
||||
case ${TARGETPLATFORM} in \
|
||||
"linux/amd64") HELM_SHA256="961e587fc2c03807f8a99ac25ef063fa9e6915f1894729399cbb95d2a79af931" ;; \
|
||||
"linux/arm64") HELM_SHA256="489c9d2d3ea4e095331249d74b4407fb5ac1d338c28429d70cdedccfe6e2b029" ;; \
|
||||
"linux/amd64") HELM_SHA256="b1c7e8e261fd30f34c617282813ecafc63628fcd59a255a9fc51b1fe43394c05" ;; \
|
||||
"linux/arm64") HELM_SHA256="5ddc8fbd4b17857754a95be799543ceafa5aa9532b05f738ee590a76bb049988" ;; \
|
||||
esac && \
|
||||
echo "${HELM_SHA256} ${HELM_FILENAME}" | sha256sum -c && \
|
||||
echo Extracting ${HELM_FILENAME}... && \
|
||||
|
|
@ -99,7 +99,7 @@ RUN set -x && \
|
|||
[ "$(age --version)" = "${AGE_VERSION}" ] && \
|
||||
[ "$(age-keygen --version)" = "${AGE_VERSION}" ]
|
||||
|
||||
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.11.0 && \
|
||||
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.12.1 && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.6.5 && \
|
||||
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.16.3 && \
|
||||
helm plugin install https://github.com/aslafy-z/helm-git.git --version v1.3.0 && \
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ ENV HELM_CONFIG_HOME="${HELM_CONFIG_HOME}"
|
|||
ARG HELM_DATA_HOME="${HOME}/.local/share/helm"
|
||||
ENV HELM_DATA_HOME="${HELM_DATA_HOME}"
|
||||
|
||||
ARG HELM_VERSION="v3.18.0"
|
||||
ARG HELM_VERSION="v3.18.1"
|
||||
ENV HELM_VERSION="${HELM_VERSION}"
|
||||
ARG HELM_LOCATION="https://get.helm.sh"
|
||||
ARG HELM_FILENAME="helm-${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz"
|
||||
|
|
@ -43,8 +43,8 @@ RUN set -x && \
|
|||
curl --retry 5 --retry-connrefused -LO "${HELM_LOCATION}/${HELM_FILENAME}" && \
|
||||
echo Verifying ${HELM_FILENAME}... && \
|
||||
case ${TARGETPLATFORM} in \
|
||||
"linux/amd64") HELM_SHA256="961e587fc2c03807f8a99ac25ef063fa9e6915f1894729399cbb95d2a79af931" ;; \
|
||||
"linux/arm64") HELM_SHA256="489c9d2d3ea4e095331249d74b4407fb5ac1d338c28429d70cdedccfe6e2b029" ;; \
|
||||
"linux/amd64") HELM_SHA256="b1c7e8e261fd30f34c617282813ecafc63628fcd59a255a9fc51b1fe43394c05" ;; \
|
||||
"linux/arm64") HELM_SHA256="5ddc8fbd4b17857754a95be799543ceafa5aa9532b05f738ee590a76bb049988" ;; \
|
||||
esac && \
|
||||
echo "${HELM_SHA256} ${HELM_FILENAME}" | sha256sum -c && \
|
||||
echo Extracting ${HELM_FILENAME}... && \
|
||||
|
|
@ -99,7 +99,7 @@ RUN set -x && \
|
|||
[ "$(age --version)" = "${AGE_VERSION}" ] && \
|
||||
[ "$(age-keygen --version)" = "${AGE_VERSION}" ]
|
||||
|
||||
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.11.0 && \
|
||||
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.12.1 && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.6.5 && \
|
||||
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.16.3 && \
|
||||
helm plugin install https://github.com/aslafy-z/helm-git.git --version v1.3.0 && \
|
||||
|
|
|
|||
6
go.mod
6
go.mod
|
|
@ -13,7 +13,7 @@ require (
|
|||
github.com/gosuri/uitable v0.0.4
|
||||
github.com/hashicorp/go-getter v1.7.8
|
||||
github.com/hashicorp/hcl/v2 v2.23.0
|
||||
github.com/helmfile/chartify v0.24.1
|
||||
github.com/helmfile/chartify v0.24.2
|
||||
github.com/helmfile/vals v0.41.1
|
||||
github.com/spf13/cobra v1.9.1
|
||||
github.com/spf13/pflag v1.0.6
|
||||
|
|
@ -29,7 +29,7 @@ require (
|
|||
golang.org/x/term v0.32.0
|
||||
gopkg.in/yaml.v2 v2.4.0
|
||||
gopkg.in/yaml.v3 v3.0.1
|
||||
helm.sh/helm/v3 v3.18.0
|
||||
helm.sh/helm/v3 v3.18.1
|
||||
k8s.io/apimachinery v0.33.1
|
||||
)
|
||||
|
||||
|
|
@ -182,7 +182,7 @@ require (
|
|||
github.com/danieljoos/wincred v1.2.2 // indirect
|
||||
github.com/dustin/go-humanize v1.0.1 // indirect
|
||||
github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a // indirect
|
||||
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
|
||||
github.com/emicklei/go-restful/v3 v3.12.1 // indirect
|
||||
github.com/envoyproxy/go-control-plane v0.13.1 // indirect
|
||||
github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
|
||||
github.com/evanphx/json-patch v5.9.11+incompatible // indirect
|
||||
|
|
|
|||
12
go.sum
12
go.sum
|
|
@ -895,8 +895,8 @@ github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkp
|
|||
github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
|
||||
github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a h1:UwSIFv5g5lIvbGgtf3tVwC7Ky9rmMFBp0RMs+6f6YqE=
|
||||
github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a/go.mod h1:C8DzXehI4zAbrdlbtOByKX6pfivJTBiV9Jjqv56Yd9Q=
|
||||
github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
|
||||
github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
|
||||
github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
|
||||
github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
|
||||
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
|
||||
|
|
@ -1203,8 +1203,8 @@ github.com/hashicorp/jsonapi v1.3.1 h1:GtPvnmcWgYwCuDGvYT5VZBHcUyFdq9lSyCzDjn1Dd
|
|||
github.com/hashicorp/jsonapi v1.3.1/go.mod h1:kWfdn49yCjQvbpnvY1dxxAuAFzISwrrMDQOcu6NsFoM=
|
||||
github.com/hashicorp/vault/api v1.16.0 h1:nbEYGJiAPGzT9U4oWgaaB0g+Rj8E59QuHKyA5LhwQN4=
|
||||
github.com/hashicorp/vault/api v1.16.0/go.mod h1:KhuUhzOD8lDSk29AtzNjgAu2kxRA9jL9NAbkFlqvkBA=
|
||||
github.com/helmfile/chartify v0.24.1 h1:Ejif7pRkuOI8xf0wt8tVwZLR2FYVUrdw52+FfuS0ZUY=
|
||||
github.com/helmfile/chartify v0.24.1/go.mod h1:ry7KM6350oLff7GnjmskvRNsyMaOoci552c9z9voyLE=
|
||||
github.com/helmfile/chartify v0.24.2 h1:tEM+ohiQewQFVqdetHEKegK6Nyh08MuHs0TFB5ScC8k=
|
||||
github.com/helmfile/chartify v0.24.2/go.mod h1:zyckAr5KGQQiTTFPTLP2DzAJ4dvaUcE6/pfkY/6demU=
|
||||
github.com/helmfile/vals v0.41.1 h1:8vQQETrqaCjondpqsoVgOLT69Gy6r2BWttEOiOj3bnQ=
|
||||
github.com/helmfile/vals v0.41.1/go.mod h1:mmfj2R731IR0iuRt/owyt9yOUjHZqf7kx9OlWH9EYZo=
|
||||
github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec h1:qv2VnGeEQHchGaZ/u7lxST/RaJw+cv273q79D81Xbog=
|
||||
|
|
@ -2284,8 +2284,8 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
|
|||
gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
helm.sh/helm/v3 v3.18.0 h1:ItOAm3Quo0dus3NUHjs+lluqWWEIO7xrSW+zKWCrvlw=
|
||||
helm.sh/helm/v3 v3.18.0/go.mod h1:43QHS1W97RcoFJRk36ZBhHdTfykqBlJdsWp3yhzdq8w=
|
||||
helm.sh/helm/v3 v3.18.1 h1:qLhXmtqXOHQb0Xv9HJolOLlah8RWbgyzt50xrtTWAlg=
|
||||
helm.sh/helm/v3 v3.18.1/go.mod h1:43QHS1W97RcoFJRk36ZBhHdTfykqBlJdsWp3yhzdq8w=
|
||||
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
|
|
|
|||
|
|
@ -18,8 +18,8 @@ import (
|
|||
|
||||
const (
|
||||
HelmRequiredVersion = "v3.17.3"
|
||||
HelmRecommendedVersion = "v3.18.0"
|
||||
HelmDiffRecommendedVersion = "v3.11.0"
|
||||
HelmRecommendedVersion = "v3.18.1"
|
||||
HelmDiffRecommendedVersion = "v3.12.1"
|
||||
HelmSecretsRecommendedVersion = "v4.6.5"
|
||||
HelmGitRecommendedVersion = "v1.3.0"
|
||||
HelmS3RecommendedVersion = "v0.16.3"
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ export HELM_DATA_HOME="${helm_dir}/data"
|
|||
export HELM_HOME="${HELM_DATA_HOME}"
|
||||
export HELM_PLUGINS="${HELM_DATA_HOME}/plugins"
|
||||
export HELM_CONFIG_HOME="${helm_dir}/config"
|
||||
HELM_DIFF_VERSION="${HELM_DIFF_VERSION:-3.11.0}"
|
||||
HELM_DIFF_VERSION="${HELM_DIFF_VERSION:-3.12.1}"
|
||||
HELM_GIT_VERSION="${HELM_GIT_VERSION:-1.3.0}"
|
||||
HELM_SECRETS_VERSION="${HELM_SECRETS_VERSION:-3.15.0}"
|
||||
export GNUPGHOME="${PWD}/${dir}/.gnupg"
|
||||
|
|
|
|||
|
|
@ -34,7 +34,8 @@ done
|
|||
|
||||
for i in $(seq 10); do
|
||||
info "Comparing diff/chart-needs #$i"
|
||||
${helmfile} -f ${chart_need_case_input_dir}/${config_file} diff --include-needs | grep -Ev "Comparing release=azuredisk-csi-storageclass, chart=/tmp/.*/azuredisk-csi-storageclass" > ${chart_needs_diff_reverse} || fail "\"helmfile diff\" shouldn't fail"
|
||||
${helmfile} -f ${chart_need_case_input_dir}/${config_file} diff --include-needs | grep -Ev "Comparing release=azuredisk-csi-storageclass, chart=/tmp/.*/azuredisk-csi-storageclass" > ${chart_needs_diff_reverse}.tmp || fail "\"helmfile diff\" shouldn't fail"
|
||||
cat ${chart_needs_diff_reverse}.tmp | sed -E '/\*{20}/,/\*{20}/d' > ${chart_needs_diff_reverse}
|
||||
diff -u ${diff_out_file} ${chart_needs_diff_reverse} || fail "\"helmfile diff\" should be consistent"
|
||||
echo code=$?
|
||||
done
|
||||
|
|
|
|||
|
|
@ -1,8 +1,3 @@
|
|||
********************
|
||||
|
||||
Release was not present in Helm. Diff will show entire contents as new.
|
||||
|
||||
********************
|
||||
helmfile-tests, managed-csi, StorageClass (storage.k8s.io) has been added:
|
||||
-
|
||||
+ # Source: azuredisk-csi-storageclass/templates/azuredisk-csi-storageclass.yaml
|
||||
|
|
@ -20,11 +15,6 @@ helmfile-tests, managed-csi, StorageClass (storage.k8s.io) has been added:
|
|||
+ allowVolumeExpansion: true
|
||||
|
||||
Comparing release=azuredisk-csi-driver, chart=azuredisk-csi-driver/azuredisk-csi-driver, namespace=helmfile-tests
|
||||
********************
|
||||
|
||||
Release was not present in Helm. Diff will show entire contents as new.
|
||||
|
||||
********************
|
||||
helmfile-tests, azuredisk-csi-attacher-binding, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
|
||||
-
|
||||
+ # Source: azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml
|
||||
|
|
|
|||
|
|
@ -1,14 +1,4 @@
|
|||
"azuredisk-csi-driver" has been added to your repositories
|
||||
********************
|
||||
|
||||
Release was not present in Helm. Diff will show entire contents as new.
|
||||
|
||||
********************
|
||||
********************
|
||||
|
||||
Release was not present in Helm. Diff will show entire contents as new.
|
||||
|
||||
********************
|
||||
helmfile-tests, managed-csi, StorageClass (storage.k8s.io) has been added:
|
||||
-
|
||||
+ # Source: azuredisk-csi-storageclass/templates/azuredisk-csi-storageclass.yaml
|
||||
|
|
|
|||
|
|
@ -17,7 +17,8 @@ test_start "$case_title"
|
|||
info "Comparing ${case_title} diff for output ${chartify_with_non_chart_dirt_reverse} with ${diff_out_file}"
|
||||
for i in $(seq 10); do
|
||||
info "Comparing chartify-with-non-chart-dir diff log #$i"
|
||||
${helmfile} -f ${chartify_with_non_chart_dirt_input_dir}/helmfiles/helmfile.yaml diff | grep -v "^Comparing release" > ${chartify_with_non_chart_dirt_reverse} || fail "\"helmfile diff\" shouldn't fail"
|
||||
${helmfile} -f ${chartify_with_non_chart_dirt_input_dir}/helmfiles/helmfile.yaml diff | grep -v "^Comparing release" > ${chartify_with_non_chart_dirt_reverse}.tmp || fail "\"helmfile diff\" shouldn't fail"
|
||||
cat ${chartify_with_non_chart_dirt_reverse}.tmp | sed -E '/\*{20}/,/\*{20}/d' > ${chartify_with_non_chart_dirt_reverse}
|
||||
diff -u ${diff_out_file} ${chartify_with_non_chart_dirt_reverse} || fail "\"helmfile diff\" should be consistent"
|
||||
echo code=$?
|
||||
done
|
||||
|
|
|
|||
|
|
@ -1,8 +1,3 @@
|
|||
********************
|
||||
|
||||
Release was not present in Helm. Diff will show entire contents as new.
|
||||
|
||||
********************
|
||||
helmfile-tests, configmap, ConfigMap (v1) has been added:
|
||||
-
|
||||
+ # Source: manifests/templates/configmap.yaml
|
||||
|
|
|
|||
|
|
@ -1,8 +1,3 @@
|
|||
********************
|
||||
|
||||
Release was not present in Helm. Diff will show entire contents as new.
|
||||
|
||||
********************
|
||||
helmfile-tests, configmap, ConfigMap (v1) has been added:
|
||||
-
|
||||
+ # Source: manifests/templates/configmap.yaml
|
||||
|
|
|
|||
|
|
@ -22,14 +22,16 @@ info "Comparing ${case_title} diff for output ${diff_args_reverse} with ${diff_o
|
|||
info "Comparing ${case_title} diff for output ${diff_args_reverse_stderr} with ${diff_out_stderr_file}"
|
||||
for i in $(seq 10); do
|
||||
info "Comparing diff-args diff log #$i"
|
||||
${helmfile} -f ${diff_args_input_dir}/helmfile.yaml diff 1> ${diff_args_reverse} 2> ${diff_args_reverse_stderr} || fail "\"helmfile diff\" shouldn't fail"
|
||||
${helmfile} -f ${diff_args_input_dir}/helmfile.yaml diff 1> ${diff_args_reverse}.tmp 2> ${diff_args_reverse_stderr} || fail "\"helmfile diff\" shouldn't fail"
|
||||
cat ${diff_args_reverse}.tmp | sed -E '/\*{20}/,/\*{20}/d' > ${diff_args_reverse}
|
||||
diff -u ${diff_out_file} ${diff_args_reverse} || fail "\"helmfile diff\" should be consistent"
|
||||
diff -u ${diff_out_stderr_file} ${diff_args_reverse_stderr} || fail "\"helmfile diff\" should be consistent (stderr)"
|
||||
echo code=$?
|
||||
done
|
||||
info "Comparing ${case_title} apply for output ${diff_args_reverse} with ${apply_out_file}"
|
||||
info "Comparing ${case_title} apply for stdout ${diff_args_reverse_stderr} with ${apply_out_stderr_file}"
|
||||
${helmfile} -f ${diff_args_input_dir}/helmfile.yaml apply 1> ${diff_args_reverse} 2> ${diff_args_reverse_stderr} || fail "\"helmfile apply\" shouldn't fail"
|
||||
${helmfile} -f ${diff_args_input_dir}/helmfile.yaml apply 1> ${diff_args_reverse}.tmp 2> ${diff_args_reverse_stderr} || fail "\"helmfile apply\" shouldn't fail"
|
||||
cat ${diff_args_reverse}.tmp | sed -E '/\*{20}/,/\*{20}/d' > ${diff_args_reverse}
|
||||
diff -u ${apply_out_file} <(grep -vE "^(LAST DEPLOYED|installed)" ${diff_args_reverse}) || fail "\"helmfile apply\" should be consistent"
|
||||
diff -u ${apply_out_stderr_file} <(grep -vE "^(LAST DEPLOYED|installed)" ${diff_args_reverse_stderr}) || fail "\"helmfile apply\" should be consistent (stderr)"
|
||||
echo "clean up diff args resources"
|
||||
|
|
|
|||
|
|
@ -1,9 +1,4 @@
|
|||
Comparing release=installed, chart=../../../charts/httpbin, namespace=helmfile-tests
|
||||
********************
|
||||
|
||||
Release was not present in Helm. Diff will show entire contents as new.
|
||||
|
||||
********************
|
||||
helmfile-tests, installed-httpbin, Deployment (apps) has been added:
|
||||
-
|
||||
+ apiVersion: apps/v1
|
||||
|
|
|
|||
|
|
@ -1,8 +1,3 @@
|
|||
********************
|
||||
|
||||
Release was not present in Helm. Diff will show entire contents as new.
|
||||
|
||||
********************
|
||||
helmfile-tests, installed-httpbin, Deployment (apps) has been added:
|
||||
-
|
||||
+ apiVersion: apps/v1
|
||||
|
|
|
|||
|
|
@ -1,9 +1,4 @@
|
|||
Comparing release=installed, chart=../../../charts/httpbin, namespace=helmfile-tests
|
||||
********************
|
||||
|
||||
Release was not present in Helm. Diff will show entire contents as new.
|
||||
|
||||
********************
|
||||
helmfile-tests, installed-httpbin, Deployment (apps) has been added:
|
||||
-
|
||||
+ apiVersion: apps/v1
|
||||
|
|
|
|||
|
|
@ -1,8 +1,3 @@
|
|||
********************
|
||||
|
||||
Release was not present in Helm. Diff will show entire contents as new.
|
||||
|
||||
********************
|
||||
helmfile-tests, installed-httpbin, Deployment (apps) has been added:
|
||||
-
|
||||
+ apiVersion: apps/v1
|
||||
|
|
|
|||
|
|
@ -20,7 +20,8 @@ test_start "postrender diff"
|
|||
info "Comparing postrender diff output ${postrender_diff_reverse} with ${postrender_case_output_dir}/result.yaml"
|
||||
for i in $(seq 10); do
|
||||
info "Comparing build/postrender-diff #$i"
|
||||
${helmfile} -f ${postrender_case_input_dir}/${config_file} diff --concurrency 1 --post-renderer ./add-cm.bash --post-renderer-args cm1 &> ${postrender_diff_reverse} || fail "\"helmfile diff\" shouldn't fail"
|
||||
${helmfile} -f ${postrender_case_input_dir}/${config_file} diff --concurrency 1 --post-renderer ./add-cm.bash --post-renderer-args cm1 &> ${postrender_diff_reverse}.tmp || fail "\"helmfile diff\" shouldn't fail"
|
||||
cat ${postrender_diff_reverse}.tmp | sed -E '/\*{20}/,/\*{20}/d' > ${postrender_diff_reverse}
|
||||
diff -u ${postrender_diff_out_file} ${postrender_diff_reverse} || fail "\"helmfile diff\" should be consistent"
|
||||
echo code=$?
|
||||
done
|
||||
|
|
|
|||
|
|
@ -1,11 +1,6 @@
|
|||
Building dependency release=foo, chart=../../../charts/raw
|
||||
Building dependency release=baz, chart=../../../charts/raw
|
||||
Comparing release=foo, chart=../../../charts/raw, namespace=helmfile-tests
|
||||
********************
|
||||
|
||||
Release was not present in Helm. Diff will show entire contents as new.
|
||||
|
||||
********************
|
||||
helmfile-tests, cm2, ConfigMap (v1) has been added:
|
||||
-
|
||||
+ apiVersion: v1
|
||||
|
|
@ -26,11 +21,6 @@ helmfile-tests, foo-1, ConfigMap (v1) has been added:
|
|||
+ foo: FOO
|
||||
|
||||
Comparing release=baz, chart=../../../charts/raw, namespace=helmfile-tests
|
||||
********************
|
||||
|
||||
Release was not present in Helm. Diff will show entire contents as new.
|
||||
|
||||
********************
|
||||
helmfile-tests, baz-3, ConfigMap (v1) has been added:
|
||||
-
|
||||
+ # Source: raw/templates/resources.yaml
|
||||
|
|
|
|||
|
|
@ -1,11 +1,6 @@
|
|||
Live output is enabled
|
||||
Building dependency release=foo, chart=../../../charts/raw
|
||||
Building dependency release=baz, chart=../../../charts/raw
|
||||
********************
|
||||
|
||||
Release was not present in Helm. Diff will show entire contents as new.
|
||||
|
||||
********************
|
||||
helmfile-tests, cm2, ConfigMap (v1) has been added:
|
||||
-
|
||||
+ apiVersion: v1
|
||||
|
|
@ -24,11 +19,6 @@ helmfile-tests, foo-1, ConfigMap (v1) has been added:
|
|||
+ namespace: helmfile-tests
|
||||
+ data:
|
||||
+ foo: FOO
|
||||
********************
|
||||
|
||||
Release was not present in Helm. Diff will show entire contents as new.
|
||||
|
||||
********************
|
||||
helmfile-tests, baz-3, ConfigMap (v1) has been added:
|
||||
-
|
||||
+ # Source: raw/templates/resources.yaml
|
||||
|
|
|
|||
|
|
@ -17,7 +17,8 @@ test_start "$case_title"
|
|||
info "Comparing ${case_title} diff for output ${skip_diff_output_reverse} with ${diff_out_file}"
|
||||
for i in $(seq 10); do
|
||||
info "Comparing skip-diff-output diff log #$i"
|
||||
${helmfile} -f ${skip_diff_output_input_dir}/helmfile.yaml.gotmpl diff > ${skip_diff_output_reverse} || fail "\"helmfile diff\" shouldn't fail"
|
||||
${helmfile} -f ${skip_diff_output_input_dir}/helmfile.yaml.gotmpl diff > ${skip_diff_output_reverse}.tmp || fail "\"helmfile diff\" shouldn't fail"
|
||||
cat ${skip_diff_output_reverse}.tmp | sed -E '/\*{20}/,/\*{20}/d' > ${skip_diff_output_reverse}
|
||||
diff -u ${diff_out_file} ${skip_diff_output_reverse} || fail "\"helmfile diff\" should be consistent"
|
||||
echo code=$?
|
||||
done
|
||||
|
|
|
|||
|
|
@ -1,9 +1,4 @@
|
|||
Comparing release=baz, chart=../../../charts/raw, namespace=helmfile-tests
|
||||
********************
|
||||
|
||||
Release was not present in Helm. Diff will show entire contents as new.
|
||||
|
||||
********************
|
||||
helmfile-tests, baz-2, ConfigMap (v1) has been added:
|
||||
-
|
||||
+ # Source: raw/templates/resources.yaml
|
||||
|
|
|
|||
|
|
@ -1,8 +1,3 @@
|
|||
********************
|
||||
|
||||
Release was not present in Helm. Diff will show entire contents as new.
|
||||
|
||||
********************
|
||||
helmfile-tests, baz-2, ConfigMap (v1) has been added:
|
||||
-
|
||||
+ # Source: raw/templates/resources.yaml
|
||||
|
|
|
|||
|
|
@ -10,6 +10,10 @@ if [[ $EXTRA_HELMFILE_FLAGS == *--enable-live-output* ]]; then
|
|||
diff_out_file=${suppress_output_line_regex_output_dir}/diff-live
|
||||
fi
|
||||
|
||||
if [[ $(semver compare $HELM_DIFF_VERSION "3.11.0") == "1" ]]; then
|
||||
diff_out_file=${diff_out_file}-after-helm-diff-3.11.0
|
||||
fi
|
||||
|
||||
if version_lt $HELM_DIFF_VERSION "3.9.0"; then
|
||||
echo "Skipping ${case_title} because helm-diff version is less than 3.9.0"
|
||||
else
|
||||
|
|
|
|||
|
|
@ -0,0 +1,530 @@
|
|||
Comparing release=ingress-nginx, chart=ingress-nginx/ingress-nginx, namespace=helmfile-tests
|
||||
helmfile-tests, ingress-nginx, ClusterRole (rbac.authorization.k8s.io) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
|
||||
# Source: ingress-nginx/templates/clusterrolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: ingress-nginx
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ingress-nginx
|
||||
- namespace: "helmfile-tests"
|
||||
+ namespace: helmfile-tests
|
||||
helmfile-tests, ingress-nginx, Role (rbac.authorization.k8s.io) has changed:
|
||||
# Source: ingress-nginx/templates/controller-role.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
namespace: helmfile-tests
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- namespaces
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
- pods
|
||||
- secrets
|
||||
- endpoints
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
+ # Omit Ingress status permissions if `--update-status` is disabled.
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingressclasses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
- leases
|
||||
resourceNames:
|
||||
- ingress-nginx-leader
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
- leases
|
||||
verbs:
|
||||
- create
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
- apiGroups:
|
||||
- discovery.k8s.io
|
||||
resources:
|
||||
- endpointslices
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- get
|
||||
helmfile-tests, ingress-nginx, RoleBinding (rbac.authorization.k8s.io) has changed:
|
||||
# Source: ingress-nginx/templates/controller-rolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
namespace: helmfile-tests
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: ingress-nginx
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ingress-nginx
|
||||
- namespace: "helmfile-tests"
|
||||
+ namespace: helmfile-tests
|
||||
helmfile-tests, ingress-nginx, ServiceAccount (v1) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx-admission, ClusterRole (rbac.authorization.k8s.io) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx-admission, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
|
||||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: ingress-nginx-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: ingress-nginx-admission
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ingress-nginx-admission
|
||||
- namespace: "helmfile-tests"
|
||||
+ namespace: helmfile-tests
|
||||
helmfile-tests, ingress-nginx-admission, Role (rbac.authorization.k8s.io) has changed:
|
||||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
- name: ingress-nginx-admission
|
||||
+ name: ingress-nginx-admission
|
||||
namespace: helmfile-tests
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
helmfile-tests, ingress-nginx-admission, RoleBinding (rbac.authorization.k8s.io) has changed:
|
||||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: ingress-nginx-admission
|
||||
namespace: helmfile-tests
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: ingress-nginx-admission
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ingress-nginx-admission
|
||||
- namespace: "helmfile-tests"
|
||||
+ namespace: helmfile-tests
|
||||
helmfile-tests, ingress-nginx-admission, ServiceAccount (v1) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx-admission, ValidatingWebhookConfiguration (admissionregistration.k8s.io) has changed:
|
||||
# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
|
||||
# before changing this value, check the required kubernetes version
|
||||
# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
annotations:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
name: ingress-nginx-admission
|
||||
webhooks:
|
||||
- name: validate.nginx.ingress.kubernetes.io
|
||||
matchPolicy: Equivalent
|
||||
rules:
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
apiVersions:
|
||||
- v1
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
resources:
|
||||
- ingresses
|
||||
failurePolicy: Fail
|
||||
sideEffects: None
|
||||
admissionReviewVersions:
|
||||
- v1
|
||||
clientConfig:
|
||||
service:
|
||||
- namespace: "helmfile-tests"
|
||||
name: ingress-nginx-controller-admission
|
||||
+ namespace: helmfile-tests
|
||||
path: /networking/v1/ingresses
|
||||
helmfile-tests, ingress-nginx-admission-create, Job (batch) has changed:
|
||||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: ingress-nginx-admission-create
|
||||
namespace: helmfile-tests
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
name: ingress-nginx-admission-create
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
containers:
|
||||
- name: create
|
||||
- image: "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80"
|
||||
+ image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80
|
||||
imagePullPolicy: IfNotPresent
|
||||
args:
|
||||
- create
|
||||
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
|
||||
- --namespace=$(POD_NAMESPACE)
|
||||
- --secret-name=ingress-nginx-admission
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
+ capabilities:
|
||||
+ drop:
|
||||
+ - ALL
|
||||
+ readOnlyRootFilesystem: true
|
||||
+ runAsNonRoot: true
|
||||
+ runAsUser: 65532
|
||||
+ seccompProfile:
|
||||
+ type: RuntimeDefault
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: ingress-nginx-admission
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
- securityContext:
|
||||
- fsGroup: 2000
|
||||
- runAsNonRoot: true
|
||||
- runAsUser: 2000
|
||||
helmfile-tests, ingress-nginx-admission-patch, Job (batch) has changed:
|
||||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: ingress-nginx-admission-patch
|
||||
namespace: helmfile-tests
|
||||
annotations:
|
||||
"helm.sh/hook": post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
name: ingress-nginx-admission-patch
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
containers:
|
||||
- name: patch
|
||||
- image: "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80"
|
||||
+ image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80
|
||||
imagePullPolicy: IfNotPresent
|
||||
args:
|
||||
- patch
|
||||
- --webhook-name=ingress-nginx-admission
|
||||
- --namespace=$(POD_NAMESPACE)
|
||||
- --patch-mutating=false
|
||||
- --secret-name=ingress-nginx-admission
|
||||
- --patch-failure-policy=Fail
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
+ capabilities:
|
||||
+ drop:
|
||||
+ - ALL
|
||||
+ readOnlyRootFilesystem: true
|
||||
+ runAsNonRoot: true
|
||||
+ runAsUser: 65532
|
||||
+ seccompProfile:
|
||||
+ type: RuntimeDefault
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: ingress-nginx-admission
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
- securityContext:
|
||||
- fsGroup: 2000
|
||||
- runAsNonRoot: true
|
||||
- runAsUser: 2000
|
||||
helmfile-tests, ingress-nginx-controller, ConfigMap (v1) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx-controller, Deployment (apps) has changed:
|
||||
# Source: ingress-nginx/templates/controller-deployment.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
namespace: helmfile-tests
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/component: controller
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 10
|
||||
minReadySeconds: 0
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
spec:
|
||||
dnsPolicy: ClusterFirst
|
||||
containers:
|
||||
- name: controller
|
||||
- image: "registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3"
|
||||
+ image: registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e
|
||||
imagePullPolicy: IfNotPresent
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
- /wait-shutdown
|
||||
- args:
|
||||
+ args:
|
||||
- /nginx-ingress-controller
|
||||
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
|
||||
- --election-id=ingress-nginx-leader
|
||||
- --controller-class=k8s.io/ingress-nginx
|
||||
- --ingress-class=nginx
|
||||
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
|
||||
- --validating-webhook=:8443
|
||||
- --validating-webhook-certificate=/usr/local/certificates/cert
|
||||
- --validating-webhook-key=/usr/local/certificates/key
|
||||
securityContext:
|
||||
+ runAsNonRoot: true
|
||||
+ runAsUser: 101
|
||||
+ allowPrivilegeEscalation: false
|
||||
+ seccompProfile:
|
||||
+ type: RuntimeDefault
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
add:
|
||||
- NET_BIND_SERVICE
|
||||
- runAsUser: 101
|
||||
- allowPrivilegeEscalation: true
|
||||
+ readOnlyRootFilesystem: false
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: LD_PRELOAD
|
||||
value: /usr/local/lib/libmimalloc.so
|
||||
livenessProbe:
|
||||
failureThreshold: 5
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 10254
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
readinessProbe:
|
||||
failureThreshold: 3
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 10254
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
protocol: TCP
|
||||
- name: https
|
||||
containerPort: 443
|
||||
protocol: TCP
|
||||
- name: webhook
|
||||
containerPort: 8443
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: webhook-cert
|
||||
mountPath: /usr/local/certificates/
|
||||
readOnly: true
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 90Mi
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
serviceAccountName: ingress-nginx
|
||||
terminationGracePeriodSeconds: 300
|
||||
volumes:
|
||||
- name: webhook-cert
|
||||
secret:
|
||||
secretName: ingress-nginx-admission
|
||||
helmfile-tests, ingress-nginx-controller, Service (v1) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx-controller-admission, Service (v1) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, nginx, IngressClass (networking.k8s.io) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx-admission, NetworkPolicy (networking.k8s.io) has been removed:
|
||||
- # Source: ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml
|
||||
- apiVersion: networking.k8s.io/v1
|
||||
- kind: NetworkPolicy
|
||||
- metadata:
|
||||
- name: ingress-nginx-admission
|
||||
- namespace: helmfile-tests
|
||||
- annotations:
|
||||
- "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
- "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
- labels:
|
||||
- app.kubernetes.io/name: ingress-nginx
|
||||
- app.kubernetes.io/instance: ingress-nginx
|
||||
- app.kubernetes.io/part-of: ingress-nginx
|
||||
- app.kubernetes.io/managed-by: Helm
|
||||
- app.kubernetes.io/component: admission-webhook
|
||||
- spec:
|
||||
- podSelector:
|
||||
- matchLabels:
|
||||
- app.kubernetes.io/name: ingress-nginx
|
||||
- app.kubernetes.io/instance: ingress-nginx
|
||||
- app.kubernetes.io/component: admission-webhook
|
||||
- policyTypes:
|
||||
- - Ingress
|
||||
- - Egress
|
||||
- egress:
|
||||
- - {}
|
||||
+
|
||||
|
||||
|
|
@ -0,0 +1,530 @@
|
|||
"ingress-nginx" has been added to your repositories
|
||||
helmfile-tests, ingress-nginx, ClusterRole (rbac.authorization.k8s.io) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
|
||||
# Source: ingress-nginx/templates/clusterrolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: ingress-nginx
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ingress-nginx
|
||||
- namespace: "helmfile-tests"
|
||||
+ namespace: helmfile-tests
|
||||
helmfile-tests, ingress-nginx, Role (rbac.authorization.k8s.io) has changed:
|
||||
# Source: ingress-nginx/templates/controller-role.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
namespace: helmfile-tests
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- namespaces
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
- pods
|
||||
- secrets
|
||||
- endpoints
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
+ # Omit Ingress status permissions if `--update-status` is disabled.
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingressclasses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
- leases
|
||||
resourceNames:
|
||||
- ingress-nginx-leader
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
- leases
|
||||
verbs:
|
||||
- create
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
- apiGroups:
|
||||
- discovery.k8s.io
|
||||
resources:
|
||||
- endpointslices
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- get
|
||||
helmfile-tests, ingress-nginx, RoleBinding (rbac.authorization.k8s.io) has changed:
|
||||
# Source: ingress-nginx/templates/controller-rolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
namespace: helmfile-tests
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: ingress-nginx
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ingress-nginx
|
||||
- namespace: "helmfile-tests"
|
||||
+ namespace: helmfile-tests
|
||||
helmfile-tests, ingress-nginx, ServiceAccount (v1) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx-admission, ClusterRole (rbac.authorization.k8s.io) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx-admission, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
|
||||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: ingress-nginx-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: ingress-nginx-admission
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ingress-nginx-admission
|
||||
- namespace: "helmfile-tests"
|
||||
+ namespace: helmfile-tests
|
||||
helmfile-tests, ingress-nginx-admission, Role (rbac.authorization.k8s.io) has changed:
|
||||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
- name: ingress-nginx-admission
|
||||
+ name: ingress-nginx-admission
|
||||
namespace: helmfile-tests
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
helmfile-tests, ingress-nginx-admission, RoleBinding (rbac.authorization.k8s.io) has changed:
|
||||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: ingress-nginx-admission
|
||||
namespace: helmfile-tests
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: ingress-nginx-admission
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ingress-nginx-admission
|
||||
- namespace: "helmfile-tests"
|
||||
+ namespace: helmfile-tests
|
||||
helmfile-tests, ingress-nginx-admission, ServiceAccount (v1) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx-admission, ValidatingWebhookConfiguration (admissionregistration.k8s.io) has changed:
|
||||
# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
|
||||
# before changing this value, check the required kubernetes version
|
||||
# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
annotations:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
name: ingress-nginx-admission
|
||||
webhooks:
|
||||
- name: validate.nginx.ingress.kubernetes.io
|
||||
matchPolicy: Equivalent
|
||||
rules:
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
apiVersions:
|
||||
- v1
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
resources:
|
||||
- ingresses
|
||||
failurePolicy: Fail
|
||||
sideEffects: None
|
||||
admissionReviewVersions:
|
||||
- v1
|
||||
clientConfig:
|
||||
service:
|
||||
- namespace: "helmfile-tests"
|
||||
name: ingress-nginx-controller-admission
|
||||
+ namespace: helmfile-tests
|
||||
path: /networking/v1/ingresses
|
||||
helmfile-tests, ingress-nginx-admission-create, Job (batch) has changed:
|
||||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: ingress-nginx-admission-create
|
||||
namespace: helmfile-tests
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
name: ingress-nginx-admission-create
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
containers:
|
||||
- name: create
|
||||
- image: "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80"
|
||||
+ image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80
|
||||
imagePullPolicy: IfNotPresent
|
||||
args:
|
||||
- create
|
||||
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
|
||||
- --namespace=$(POD_NAMESPACE)
|
||||
- --secret-name=ingress-nginx-admission
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
+ capabilities:
|
||||
+ drop:
|
||||
+ - ALL
|
||||
+ readOnlyRootFilesystem: true
|
||||
+ runAsNonRoot: true
|
||||
+ runAsUser: 65532
|
||||
+ seccompProfile:
|
||||
+ type: RuntimeDefault
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: ingress-nginx-admission
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
- securityContext:
|
||||
- fsGroup: 2000
|
||||
- runAsNonRoot: true
|
||||
- runAsUser: 2000
|
||||
helmfile-tests, ingress-nginx-admission-patch, Job (batch) has changed:
|
||||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: ingress-nginx-admission-patch
|
||||
namespace: helmfile-tests
|
||||
annotations:
|
||||
"helm.sh/hook": post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
name: ingress-nginx-admission-patch
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
containers:
|
||||
- name: patch
|
||||
- image: "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80"
|
||||
+ image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80
|
||||
imagePullPolicy: IfNotPresent
|
||||
args:
|
||||
- patch
|
||||
- --webhook-name=ingress-nginx-admission
|
||||
- --namespace=$(POD_NAMESPACE)
|
||||
- --patch-mutating=false
|
||||
- --secret-name=ingress-nginx-admission
|
||||
- --patch-failure-policy=Fail
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
+ capabilities:
|
||||
+ drop:
|
||||
+ - ALL
|
||||
+ readOnlyRootFilesystem: true
|
||||
+ runAsNonRoot: true
|
||||
+ runAsUser: 65532
|
||||
+ seccompProfile:
|
||||
+ type: RuntimeDefault
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: ingress-nginx-admission
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
- securityContext:
|
||||
- fsGroup: 2000
|
||||
- runAsNonRoot: true
|
||||
- runAsUser: 2000
|
||||
helmfile-tests, ingress-nginx-controller, ConfigMap (v1) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx-controller, Deployment (apps) has changed:
|
||||
# Source: ingress-nginx/templates/controller-deployment.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
namespace: helmfile-tests
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/component: controller
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 10
|
||||
minReadySeconds: 0
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
spec:
|
||||
dnsPolicy: ClusterFirst
|
||||
containers:
|
||||
- name: controller
|
||||
- image: "registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3"
|
||||
+ image: registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e
|
||||
imagePullPolicy: IfNotPresent
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
- /wait-shutdown
|
||||
- args:
|
||||
+ args:
|
||||
- /nginx-ingress-controller
|
||||
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
|
||||
- --election-id=ingress-nginx-leader
|
||||
- --controller-class=k8s.io/ingress-nginx
|
||||
- --ingress-class=nginx
|
||||
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
|
||||
- --validating-webhook=:8443
|
||||
- --validating-webhook-certificate=/usr/local/certificates/cert
|
||||
- --validating-webhook-key=/usr/local/certificates/key
|
||||
securityContext:
|
||||
+ runAsNonRoot: true
|
||||
+ runAsUser: 101
|
||||
+ allowPrivilegeEscalation: false
|
||||
+ seccompProfile:
|
||||
+ type: RuntimeDefault
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
add:
|
||||
- NET_BIND_SERVICE
|
||||
- runAsUser: 101
|
||||
- allowPrivilegeEscalation: true
|
||||
+ readOnlyRootFilesystem: false
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: LD_PRELOAD
|
||||
value: /usr/local/lib/libmimalloc.so
|
||||
livenessProbe:
|
||||
failureThreshold: 5
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 10254
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
readinessProbe:
|
||||
failureThreshold: 3
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 10254
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
protocol: TCP
|
||||
- name: https
|
||||
containerPort: 443
|
||||
protocol: TCP
|
||||
- name: webhook
|
||||
containerPort: 8443
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: webhook-cert
|
||||
mountPath: /usr/local/certificates/
|
||||
readOnly: true
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 90Mi
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
serviceAccountName: ingress-nginx
|
||||
terminationGracePeriodSeconds: 300
|
||||
volumes:
|
||||
- name: webhook-cert
|
||||
secret:
|
||||
secretName: ingress-nginx-admission
|
||||
helmfile-tests, ingress-nginx-controller, Service (v1) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx-controller-admission, Service (v1) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, nginx, IngressClass (networking.k8s.io) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx-admission, NetworkPolicy (networking.k8s.io) has been removed:
|
||||
- # Source: ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml
|
||||
- apiVersion: networking.k8s.io/v1
|
||||
- kind: NetworkPolicy
|
||||
- metadata:
|
||||
- name: ingress-nginx-admission
|
||||
- namespace: helmfile-tests
|
||||
- annotations:
|
||||
- "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
- "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
- labels:
|
||||
- app.kubernetes.io/name: ingress-nginx
|
||||
- app.kubernetes.io/instance: ingress-nginx
|
||||
- app.kubernetes.io/part-of: ingress-nginx
|
||||
- app.kubernetes.io/managed-by: Helm
|
||||
- app.kubernetes.io/component: admission-webhook
|
||||
- spec:
|
||||
- podSelector:
|
||||
- matchLabels:
|
||||
- app.kubernetes.io/name: ingress-nginx
|
||||
- app.kubernetes.io/instance: ingress-nginx
|
||||
- app.kubernetes.io/component: admission-webhook
|
||||
- policyTypes:
|
||||
- - Ingress
|
||||
- - Egress
|
||||
- egress:
|
||||
- - {}
|
||||
+
|
||||
Comparing release=ingress-nginx, chart=ingress-nginx/ingress-nginx, namespace=helmfile-tests
|
||||
Loading…
Reference in New Issue