build: update Helm and plugin versions in CI and Dockerfiles (#2059)
* build: update Helm and plugin versions in CI and Dockerfiles Signed-off-by: yxxhero <aiopsclub@163.com>
This commit is contained in:
yxxhero
GitHub
parent
3429901363
commit
fe1e51e5ef
|
|
@ -57,7 +57,7 @@ jobs:
|
||||||
- helm-version: v3.17.3
|
- helm-version: v3.17.3
|
||||||
kustomize-version: v5.2.1
|
kustomize-version: v5.2.1
|
||||||
plugin-secrets-version: 4.6.5
|
plugin-secrets-version: 4.6.5
|
||||||
plugin-diff-version: 3.10.0
|
plugin-diff-version: 3.11.0
|
||||||
extra-helmfile-flags: ''
|
extra-helmfile-flags: ''
|
||||||
- helm-version: v3.17.3
|
- helm-version: v3.17.3
|
||||||
kustomize-version: v5.4.3
|
kustomize-version: v5.4.3
|
||||||
|
|
@ -67,24 +67,24 @@ jobs:
|
||||||
# we will mark this combination as failable,
|
# we will mark this combination as failable,
|
||||||
# and instruct users to upgrade helm and helm-secrets at once.
|
# and instruct users to upgrade helm and helm-secrets at once.
|
||||||
plugin-secrets-version: 4.6.5
|
plugin-secrets-version: 4.6.5
|
||||||
plugin-diff-version: 3.11.0
|
plugin-diff-version: 3.12.1
|
||||||
extra-helmfile-flags: ''
|
extra-helmfile-flags: ''
|
||||||
- helm-version: v3.18.0
|
- helm-version: v3.18.1
|
||||||
kustomize-version: v5.2.1
|
kustomize-version: v5.2.1
|
||||||
plugin-secrets-version: 4.6.5
|
plugin-secrets-version: 4.6.5
|
||||||
plugin-diff-version: 3.10.0
|
plugin-diff-version: 3.11.0
|
||||||
extra-helmfile-flags: ''
|
extra-helmfile-flags: ''
|
||||||
- helm-version: v3.18.0
|
- helm-version: v3.18.1
|
||||||
kustomize-version: v5.4.3
|
kustomize-version: v5.4.3
|
||||||
plugin-secrets-version: 4.6.5
|
plugin-secrets-version: 4.6.5
|
||||||
plugin-diff-version: 3.11.0
|
plugin-diff-version: 3.12.1
|
||||||
extra-helmfile-flags: ''
|
extra-helmfile-flags: ''
|
||||||
# In case you need to test some optional helmfile features,
|
# In case you need to test some optional helmfile features,
|
||||||
# enable it via extra-helmfile-flags below.
|
# enable it via extra-helmfile-flags below.
|
||||||
- helm-version: v3.18.0
|
- helm-version: v3.18.1
|
||||||
kustomize-version: v5.4.3
|
kustomize-version: v5.4.3
|
||||||
plugin-secrets-version: 4.6.5
|
plugin-secrets-version: 4.6.5
|
||||||
plugin-diff-version: 3.11.0
|
plugin-diff-version: 3.12.1
|
||||||
extra-helmfile-flags: '--enable-live-output'
|
extra-helmfile-flags: '--enable-live-output'
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
|
|
@ -95,6 +95,8 @@ jobs:
|
||||||
- uses: actions/download-artifact@v4
|
- uses: actions/download-artifact@v4
|
||||||
with:
|
with:
|
||||||
name: built-binaries-${{ github.run_id }}
|
name: built-binaries-${{ github.run_id }}
|
||||||
|
- name: install semver
|
||||||
|
run: go install github.com/ffurrer2/semver/v2/cmd/semver@latest
|
||||||
- name: Extract tar to get built binaries
|
- name: Extract tar to get built binaries
|
||||||
run: tar -xvf built-binaries.tar
|
run: tar -xvf built-binaries.tar
|
||||||
- name: Display built binaries
|
- name: Display built binaries
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,7 @@ ENV HELM_CONFIG_HOME="${HELM_CONFIG_HOME}"
|
||||||
ARG HELM_DATA_HOME="${HOME}/.local/share/helm"
|
ARG HELM_DATA_HOME="${HOME}/.local/share/helm"
|
||||||
ENV HELM_DATA_HOME="${HELM_DATA_HOME}"
|
ENV HELM_DATA_HOME="${HELM_DATA_HOME}"
|
||||||
|
|
||||||
ARG HELM_VERSION="v3.18.0"
|
ARG HELM_VERSION="v3.18.1"
|
||||||
ENV HELM_VERSION="${HELM_VERSION}"
|
ENV HELM_VERSION="${HELM_VERSION}"
|
||||||
ARG HELM_LOCATION="https://get.helm.sh"
|
ARG HELM_LOCATION="https://get.helm.sh"
|
||||||
ARG HELM_FILENAME="helm-${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz"
|
ARG HELM_FILENAME="helm-${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz"
|
||||||
|
|
@ -38,8 +38,8 @@ RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO "${HELM_LOCATION}/${HELM_FILENAME}" && \
|
curl --retry 5 --retry-connrefused -LO "${HELM_LOCATION}/${HELM_FILENAME}" && \
|
||||||
echo Verifying ${HELM_FILENAME}... && \
|
echo Verifying ${HELM_FILENAME}... && \
|
||||||
case ${TARGETPLATFORM} in \
|
case ${TARGETPLATFORM} in \
|
||||||
"linux/amd64") HELM_SHA256="961e587fc2c03807f8a99ac25ef063fa9e6915f1894729399cbb95d2a79af931" ;; \
|
"linux/amd64") HELM_SHA256="b1c7e8e261fd30f34c617282813ecafc63628fcd59a255a9fc51b1fe43394c05" ;; \
|
||||||
"linux/arm64") HELM_SHA256="489c9d2d3ea4e095331249d74b4407fb5ac1d338c28429d70cdedccfe6e2b029" ;; \
|
"linux/arm64") HELM_SHA256="5ddc8fbd4b17857754a95be799543ceafa5aa9532b05f738ee590a76bb049988" ;; \
|
||||||
esac && \
|
esac && \
|
||||||
echo "${HELM_SHA256} ${HELM_FILENAME}" | sha256sum -c && \
|
echo "${HELM_SHA256} ${HELM_FILENAME}" | sha256sum -c && \
|
||||||
echo Extracting ${HELM_FILENAME}... && \
|
echo Extracting ${HELM_FILENAME}... && \
|
||||||
|
|
@ -93,7 +93,7 @@ RUN set -x && \
|
||||||
[ "$(age --version)" = "${AGE_VERSION}" ] && \
|
[ "$(age --version)" = "${AGE_VERSION}" ] && \
|
||||||
[ "$(age-keygen --version)" = "${AGE_VERSION}" ]
|
[ "$(age-keygen --version)" = "${AGE_VERSION}" ]
|
||||||
|
|
||||||
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.11.0 && \
|
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.12.1 && \
|
||||||
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.6.5 && \
|
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.6.5 && \
|
||||||
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.16.3 && \
|
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.16.3 && \
|
||||||
helm plugin install https://github.com/aslafy-z/helm-git.git --version v1.3.0 && \
|
helm plugin install https://github.com/aslafy-z/helm-git.git --version v1.3.0 && \
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,7 @@ ENV HELM_CONFIG_HOME="${HELM_CONFIG_HOME}"
|
||||||
ARG HELM_DATA_HOME="${HOME}/.local/share/helm"
|
ARG HELM_DATA_HOME="${HOME}/.local/share/helm"
|
||||||
ENV HELM_DATA_HOME="${HELM_DATA_HOME}"
|
ENV HELM_DATA_HOME="${HELM_DATA_HOME}"
|
||||||
|
|
||||||
ARG HELM_VERSION="v3.18.0"
|
ARG HELM_VERSION="v3.18.1"
|
||||||
ENV HELM_VERSION="${HELM_VERSION}"
|
ENV HELM_VERSION="${HELM_VERSION}"
|
||||||
ARG HELM_LOCATION="https://get.helm.sh"
|
ARG HELM_LOCATION="https://get.helm.sh"
|
||||||
ARG HELM_FILENAME="helm-${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz"
|
ARG HELM_FILENAME="helm-${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz"
|
||||||
|
|
@ -43,8 +43,8 @@ RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO "${HELM_LOCATION}/${HELM_FILENAME}" && \
|
curl --retry 5 --retry-connrefused -LO "${HELM_LOCATION}/${HELM_FILENAME}" && \
|
||||||
echo Verifying ${HELM_FILENAME}... && \
|
echo Verifying ${HELM_FILENAME}... && \
|
||||||
case ${TARGETPLATFORM} in \
|
case ${TARGETPLATFORM} in \
|
||||||
"linux/amd64") HELM_SHA256="961e587fc2c03807f8a99ac25ef063fa9e6915f1894729399cbb95d2a79af931" ;; \
|
"linux/amd64") HELM_SHA256="b1c7e8e261fd30f34c617282813ecafc63628fcd59a255a9fc51b1fe43394c05" ;; \
|
||||||
"linux/arm64") HELM_SHA256="489c9d2d3ea4e095331249d74b4407fb5ac1d338c28429d70cdedccfe6e2b029" ;; \
|
"linux/arm64") HELM_SHA256="5ddc8fbd4b17857754a95be799543ceafa5aa9532b05f738ee590a76bb049988" ;; \
|
||||||
esac && \
|
esac && \
|
||||||
echo "${HELM_SHA256} ${HELM_FILENAME}" | sha256sum -c && \
|
echo "${HELM_SHA256} ${HELM_FILENAME}" | sha256sum -c && \
|
||||||
echo Extracting ${HELM_FILENAME}... && \
|
echo Extracting ${HELM_FILENAME}... && \
|
||||||
|
|
@ -99,7 +99,7 @@ RUN set -x && \
|
||||||
[ "$(age --version)" = "${AGE_VERSION}" ] && \
|
[ "$(age --version)" = "${AGE_VERSION}" ] && \
|
||||||
[ "$(age-keygen --version)" = "${AGE_VERSION}" ]
|
[ "$(age-keygen --version)" = "${AGE_VERSION}" ]
|
||||||
|
|
||||||
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.11.0 && \
|
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.12.1 && \
|
||||||
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.6.5 && \
|
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.6.5 && \
|
||||||
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.16.3 && \
|
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.16.3 && \
|
||||||
helm plugin install https://github.com/aslafy-z/helm-git.git --version v1.3.0 && \
|
helm plugin install https://github.com/aslafy-z/helm-git.git --version v1.3.0 && \
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,7 @@ ENV HELM_CONFIG_HOME="${HELM_CONFIG_HOME}"
|
||||||
ARG HELM_DATA_HOME="${HOME}/.local/share/helm"
|
ARG HELM_DATA_HOME="${HOME}/.local/share/helm"
|
||||||
ENV HELM_DATA_HOME="${HELM_DATA_HOME}"
|
ENV HELM_DATA_HOME="${HELM_DATA_HOME}"
|
||||||
|
|
||||||
ARG HELM_VERSION="v3.18.0"
|
ARG HELM_VERSION="v3.18.1"
|
||||||
ENV HELM_VERSION="${HELM_VERSION}"
|
ENV HELM_VERSION="${HELM_VERSION}"
|
||||||
ARG HELM_LOCATION="https://get.helm.sh"
|
ARG HELM_LOCATION="https://get.helm.sh"
|
||||||
ARG HELM_FILENAME="helm-${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz"
|
ARG HELM_FILENAME="helm-${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz"
|
||||||
|
|
@ -43,8 +43,8 @@ RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO "${HELM_LOCATION}/${HELM_FILENAME}" && \
|
curl --retry 5 --retry-connrefused -LO "${HELM_LOCATION}/${HELM_FILENAME}" && \
|
||||||
echo Verifying ${HELM_FILENAME}... && \
|
echo Verifying ${HELM_FILENAME}... && \
|
||||||
case ${TARGETPLATFORM} in \
|
case ${TARGETPLATFORM} in \
|
||||||
"linux/amd64") HELM_SHA256="961e587fc2c03807f8a99ac25ef063fa9e6915f1894729399cbb95d2a79af931" ;; \
|
"linux/amd64") HELM_SHA256="b1c7e8e261fd30f34c617282813ecafc63628fcd59a255a9fc51b1fe43394c05" ;; \
|
||||||
"linux/arm64") HELM_SHA256="489c9d2d3ea4e095331249d74b4407fb5ac1d338c28429d70cdedccfe6e2b029" ;; \
|
"linux/arm64") HELM_SHA256="5ddc8fbd4b17857754a95be799543ceafa5aa9532b05f738ee590a76bb049988" ;; \
|
||||||
esac && \
|
esac && \
|
||||||
echo "${HELM_SHA256} ${HELM_FILENAME}" | sha256sum -c && \
|
echo "${HELM_SHA256} ${HELM_FILENAME}" | sha256sum -c && \
|
||||||
echo Extracting ${HELM_FILENAME}... && \
|
echo Extracting ${HELM_FILENAME}... && \
|
||||||
|
|
@ -99,7 +99,7 @@ RUN set -x && \
|
||||||
[ "$(age --version)" = "${AGE_VERSION}" ] && \
|
[ "$(age --version)" = "${AGE_VERSION}" ] && \
|
||||||
[ "$(age-keygen --version)" = "${AGE_VERSION}" ]
|
[ "$(age-keygen --version)" = "${AGE_VERSION}" ]
|
||||||
|
|
||||||
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.11.0 && \
|
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.12.1 && \
|
||||||
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.6.5 && \
|
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.6.5 && \
|
||||||
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.16.3 && \
|
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.16.3 && \
|
||||||
helm plugin install https://github.com/aslafy-z/helm-git.git --version v1.3.0 && \
|
helm plugin install https://github.com/aslafy-z/helm-git.git --version v1.3.0 && \
|
||||||
|
|
|
||||||
6
go.mod
6
go.mod
|
|
@ -13,7 +13,7 @@ require (
|
||||||
github.com/gosuri/uitable v0.0.4
|
github.com/gosuri/uitable v0.0.4
|
||||||
github.com/hashicorp/go-getter v1.7.8
|
github.com/hashicorp/go-getter v1.7.8
|
||||||
github.com/hashicorp/hcl/v2 v2.23.0
|
github.com/hashicorp/hcl/v2 v2.23.0
|
||||||
github.com/helmfile/chartify v0.24.1
|
github.com/helmfile/chartify v0.24.2
|
||||||
github.com/helmfile/vals v0.41.1
|
github.com/helmfile/vals v0.41.1
|
||||||
github.com/spf13/cobra v1.9.1
|
github.com/spf13/cobra v1.9.1
|
||||||
github.com/spf13/pflag v1.0.6
|
github.com/spf13/pflag v1.0.6
|
||||||
|
|
@ -29,7 +29,7 @@ require (
|
||||||
golang.org/x/term v0.32.0
|
golang.org/x/term v0.32.0
|
||||||
gopkg.in/yaml.v2 v2.4.0
|
gopkg.in/yaml.v2 v2.4.0
|
||||||
gopkg.in/yaml.v3 v3.0.1
|
gopkg.in/yaml.v3 v3.0.1
|
||||||
helm.sh/helm/v3 v3.18.0
|
helm.sh/helm/v3 v3.18.1
|
||||||
k8s.io/apimachinery v0.33.1
|
k8s.io/apimachinery v0.33.1
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -182,7 +182,7 @@ require (
|
||||||
github.com/danieljoos/wincred v1.2.2 // indirect
|
github.com/danieljoos/wincred v1.2.2 // indirect
|
||||||
github.com/dustin/go-humanize v1.0.1 // indirect
|
github.com/dustin/go-humanize v1.0.1 // indirect
|
||||||
github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a // indirect
|
github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a // indirect
|
||||||
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
|
github.com/emicklei/go-restful/v3 v3.12.1 // indirect
|
||||||
github.com/envoyproxy/go-control-plane v0.13.1 // indirect
|
github.com/envoyproxy/go-control-plane v0.13.1 // indirect
|
||||||
github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
|
github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
|
||||||
github.com/evanphx/json-patch v5.9.11+incompatible // indirect
|
github.com/evanphx/json-patch v5.9.11+incompatible // indirect
|
||||||
|
|
|
||||||
12
go.sum
12
go.sum
|
|
@ -895,8 +895,8 @@ github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkp
|
||||||
github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
|
github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
|
||||||
github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a h1:UwSIFv5g5lIvbGgtf3tVwC7Ky9rmMFBp0RMs+6f6YqE=
|
github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a h1:UwSIFv5g5lIvbGgtf3tVwC7Ky9rmMFBp0RMs+6f6YqE=
|
||||||
github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a/go.mod h1:C8DzXehI4zAbrdlbtOByKX6pfivJTBiV9Jjqv56Yd9Q=
|
github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a/go.mod h1:C8DzXehI4zAbrdlbtOByKX6pfivJTBiV9Jjqv56Yd9Q=
|
||||||
github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
|
github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
|
||||||
github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
|
github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
|
||||||
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||||
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||||
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
|
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
|
||||||
|
|
@ -1203,8 +1203,8 @@ github.com/hashicorp/jsonapi v1.3.1 h1:GtPvnmcWgYwCuDGvYT5VZBHcUyFdq9lSyCzDjn1Dd
|
||||||
github.com/hashicorp/jsonapi v1.3.1/go.mod h1:kWfdn49yCjQvbpnvY1dxxAuAFzISwrrMDQOcu6NsFoM=
|
github.com/hashicorp/jsonapi v1.3.1/go.mod h1:kWfdn49yCjQvbpnvY1dxxAuAFzISwrrMDQOcu6NsFoM=
|
||||||
github.com/hashicorp/vault/api v1.16.0 h1:nbEYGJiAPGzT9U4oWgaaB0g+Rj8E59QuHKyA5LhwQN4=
|
github.com/hashicorp/vault/api v1.16.0 h1:nbEYGJiAPGzT9U4oWgaaB0g+Rj8E59QuHKyA5LhwQN4=
|
||||||
github.com/hashicorp/vault/api v1.16.0/go.mod h1:KhuUhzOD8lDSk29AtzNjgAu2kxRA9jL9NAbkFlqvkBA=
|
github.com/hashicorp/vault/api v1.16.0/go.mod h1:KhuUhzOD8lDSk29AtzNjgAu2kxRA9jL9NAbkFlqvkBA=
|
||||||
github.com/helmfile/chartify v0.24.1 h1:Ejif7pRkuOI8xf0wt8tVwZLR2FYVUrdw52+FfuS0ZUY=
|
github.com/helmfile/chartify v0.24.2 h1:tEM+ohiQewQFVqdetHEKegK6Nyh08MuHs0TFB5ScC8k=
|
||||||
github.com/helmfile/chartify v0.24.1/go.mod h1:ry7KM6350oLff7GnjmskvRNsyMaOoci552c9z9voyLE=
|
github.com/helmfile/chartify v0.24.2/go.mod h1:zyckAr5KGQQiTTFPTLP2DzAJ4dvaUcE6/pfkY/6demU=
|
||||||
github.com/helmfile/vals v0.41.1 h1:8vQQETrqaCjondpqsoVgOLT69Gy6r2BWttEOiOj3bnQ=
|
github.com/helmfile/vals v0.41.1 h1:8vQQETrqaCjondpqsoVgOLT69Gy6r2BWttEOiOj3bnQ=
|
||||||
github.com/helmfile/vals v0.41.1/go.mod h1:mmfj2R731IR0iuRt/owyt9yOUjHZqf7kx9OlWH9EYZo=
|
github.com/helmfile/vals v0.41.1/go.mod h1:mmfj2R731IR0iuRt/owyt9yOUjHZqf7kx9OlWH9EYZo=
|
||||||
github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec h1:qv2VnGeEQHchGaZ/u7lxST/RaJw+cv273q79D81Xbog=
|
github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec h1:qv2VnGeEQHchGaZ/u7lxST/RaJw+cv273q79D81Xbog=
|
||||||
|
|
@ -2284,8 +2284,8 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
|
||||||
gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||||
helm.sh/helm/v3 v3.18.0 h1:ItOAm3Quo0dus3NUHjs+lluqWWEIO7xrSW+zKWCrvlw=
|
helm.sh/helm/v3 v3.18.1 h1:qLhXmtqXOHQb0Xv9HJolOLlah8RWbgyzt50xrtTWAlg=
|
||||||
helm.sh/helm/v3 v3.18.0/go.mod h1:43QHS1W97RcoFJRk36ZBhHdTfykqBlJdsWp3yhzdq8w=
|
helm.sh/helm/v3 v3.18.1/go.mod h1:43QHS1W97RcoFJRk36ZBhHdTfykqBlJdsWp3yhzdq8w=
|
||||||
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||||
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||||
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||||
|
|
|
||||||
|
|
@ -18,8 +18,8 @@ import (
|
||||||
|
|
||||||
const (
|
const (
|
||||||
HelmRequiredVersion = "v3.17.3"
|
HelmRequiredVersion = "v3.17.3"
|
||||||
HelmRecommendedVersion = "v3.18.0"
|
HelmRecommendedVersion = "v3.18.1"
|
||||||
HelmDiffRecommendedVersion = "v3.11.0"
|
HelmDiffRecommendedVersion = "v3.12.1"
|
||||||
HelmSecretsRecommendedVersion = "v4.6.5"
|
HelmSecretsRecommendedVersion = "v4.6.5"
|
||||||
HelmGitRecommendedVersion = "v1.3.0"
|
HelmGitRecommendedVersion = "v1.3.0"
|
||||||
HelmS3RecommendedVersion = "v0.16.3"
|
HelmS3RecommendedVersion = "v0.16.3"
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,7 @@ export HELM_DATA_HOME="${helm_dir}/data"
|
||||||
export HELM_HOME="${HELM_DATA_HOME}"
|
export HELM_HOME="${HELM_DATA_HOME}"
|
||||||
export HELM_PLUGINS="${HELM_DATA_HOME}/plugins"
|
export HELM_PLUGINS="${HELM_DATA_HOME}/plugins"
|
||||||
export HELM_CONFIG_HOME="${helm_dir}/config"
|
export HELM_CONFIG_HOME="${helm_dir}/config"
|
||||||
HELM_DIFF_VERSION="${HELM_DIFF_VERSION:-3.11.0}"
|
HELM_DIFF_VERSION="${HELM_DIFF_VERSION:-3.12.1}"
|
||||||
HELM_GIT_VERSION="${HELM_GIT_VERSION:-1.3.0}"
|
HELM_GIT_VERSION="${HELM_GIT_VERSION:-1.3.0}"
|
||||||
HELM_SECRETS_VERSION="${HELM_SECRETS_VERSION:-3.15.0}"
|
HELM_SECRETS_VERSION="${HELM_SECRETS_VERSION:-3.15.0}"
|
||||||
export GNUPGHOME="${PWD}/${dir}/.gnupg"
|
export GNUPGHOME="${PWD}/${dir}/.gnupg"
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,8 @@ done
|
||||||
|
|
||||||
for i in $(seq 10); do
|
for i in $(seq 10); do
|
||||||
info "Comparing diff/chart-needs #$i"
|
info "Comparing diff/chart-needs #$i"
|
||||||
${helmfile} -f ${chart_need_case_input_dir}/${config_file} diff --include-needs | grep -Ev "Comparing release=azuredisk-csi-storageclass, chart=/tmp/.*/azuredisk-csi-storageclass" > ${chart_needs_diff_reverse} || fail "\"helmfile diff\" shouldn't fail"
|
${helmfile} -f ${chart_need_case_input_dir}/${config_file} diff --include-needs | grep -Ev "Comparing release=azuredisk-csi-storageclass, chart=/tmp/.*/azuredisk-csi-storageclass" > ${chart_needs_diff_reverse}.tmp || fail "\"helmfile diff\" shouldn't fail"
|
||||||
|
cat ${chart_needs_diff_reverse}.tmp | sed -E '/\*{20}/,/\*{20}/d' > ${chart_needs_diff_reverse}
|
||||||
diff -u ${diff_out_file} ${chart_needs_diff_reverse} || fail "\"helmfile diff\" should be consistent"
|
diff -u ${diff_out_file} ${chart_needs_diff_reverse} || fail "\"helmfile diff\" should be consistent"
|
||||||
echo code=$?
|
echo code=$?
|
||||||
done
|
done
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,3 @@
|
||||||
********************
|
|
||||||
|
|
||||||
Release was not present in Helm. Diff will show entire contents as new.
|
|
||||||
|
|
||||||
********************
|
|
||||||
helmfile-tests, managed-csi, StorageClass (storage.k8s.io) has been added:
|
helmfile-tests, managed-csi, StorageClass (storage.k8s.io) has been added:
|
||||||
-
|
-
|
||||||
+ # Source: azuredisk-csi-storageclass/templates/azuredisk-csi-storageclass.yaml
|
+ # Source: azuredisk-csi-storageclass/templates/azuredisk-csi-storageclass.yaml
|
||||||
|
|
@ -20,11 +15,6 @@ helmfile-tests, managed-csi, StorageClass (storage.k8s.io) has been added:
|
||||||
+ allowVolumeExpansion: true
|
+ allowVolumeExpansion: true
|
||||||
|
|
||||||
Comparing release=azuredisk-csi-driver, chart=azuredisk-csi-driver/azuredisk-csi-driver, namespace=helmfile-tests
|
Comparing release=azuredisk-csi-driver, chart=azuredisk-csi-driver/azuredisk-csi-driver, namespace=helmfile-tests
|
||||||
********************
|
|
||||||
|
|
||||||
Release was not present in Helm. Diff will show entire contents as new.
|
|
||||||
|
|
||||||
********************
|
|
||||||
helmfile-tests, azuredisk-csi-attacher-binding, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
|
helmfile-tests, azuredisk-csi-attacher-binding, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
|
||||||
-
|
-
|
||||||
+ # Source: azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml
|
+ # Source: azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,4 @@
|
||||||
"azuredisk-csi-driver" has been added to your repositories
|
"azuredisk-csi-driver" has been added to your repositories
|
||||||
********************
|
|
||||||
|
|
||||||
Release was not present in Helm. Diff will show entire contents as new.
|
|
||||||
|
|
||||||
********************
|
|
||||||
********************
|
|
||||||
|
|
||||||
Release was not present in Helm. Diff will show entire contents as new.
|
|
||||||
|
|
||||||
********************
|
|
||||||
helmfile-tests, managed-csi, StorageClass (storage.k8s.io) has been added:
|
helmfile-tests, managed-csi, StorageClass (storage.k8s.io) has been added:
|
||||||
-
|
-
|
||||||
+ # Source: azuredisk-csi-storageclass/templates/azuredisk-csi-storageclass.yaml
|
+ # Source: azuredisk-csi-storageclass/templates/azuredisk-csi-storageclass.yaml
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,8 @@ test_start "$case_title"
|
||||||
info "Comparing ${case_title} diff for output ${chartify_with_non_chart_dirt_reverse} with ${diff_out_file}"
|
info "Comparing ${case_title} diff for output ${chartify_with_non_chart_dirt_reverse} with ${diff_out_file}"
|
||||||
for i in $(seq 10); do
|
for i in $(seq 10); do
|
||||||
info "Comparing chartify-with-non-chart-dir diff log #$i"
|
info "Comparing chartify-with-non-chart-dir diff log #$i"
|
||||||
${helmfile} -f ${chartify_with_non_chart_dirt_input_dir}/helmfiles/helmfile.yaml diff | grep -v "^Comparing release" > ${chartify_with_non_chart_dirt_reverse} || fail "\"helmfile diff\" shouldn't fail"
|
${helmfile} -f ${chartify_with_non_chart_dirt_input_dir}/helmfiles/helmfile.yaml diff | grep -v "^Comparing release" > ${chartify_with_non_chart_dirt_reverse}.tmp || fail "\"helmfile diff\" shouldn't fail"
|
||||||
|
cat ${chartify_with_non_chart_dirt_reverse}.tmp | sed -E '/\*{20}/,/\*{20}/d' > ${chartify_with_non_chart_dirt_reverse}
|
||||||
diff -u ${diff_out_file} ${chartify_with_non_chart_dirt_reverse} || fail "\"helmfile diff\" should be consistent"
|
diff -u ${diff_out_file} ${chartify_with_non_chart_dirt_reverse} || fail "\"helmfile diff\" should be consistent"
|
||||||
echo code=$?
|
echo code=$?
|
||||||
done
|
done
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,3 @@
|
||||||
********************
|
|
||||||
|
|
||||||
Release was not present in Helm. Diff will show entire contents as new.
|
|
||||||
|
|
||||||
********************
|
|
||||||
helmfile-tests, configmap, ConfigMap (v1) has been added:
|
helmfile-tests, configmap, ConfigMap (v1) has been added:
|
||||||
-
|
-
|
||||||
+ # Source: manifests/templates/configmap.yaml
|
+ # Source: manifests/templates/configmap.yaml
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,3 @@
|
||||||
********************
|
|
||||||
|
|
||||||
Release was not present in Helm. Diff will show entire contents as new.
|
|
||||||
|
|
||||||
********************
|
|
||||||
helmfile-tests, configmap, ConfigMap (v1) has been added:
|
helmfile-tests, configmap, ConfigMap (v1) has been added:
|
||||||
-
|
-
|
||||||
+ # Source: manifests/templates/configmap.yaml
|
+ # Source: manifests/templates/configmap.yaml
|
||||||
|
|
|
||||||
|
|
@ -22,14 +22,16 @@ info "Comparing ${case_title} diff for output ${diff_args_reverse} with ${diff_o
|
||||||
info "Comparing ${case_title} diff for output ${diff_args_reverse_stderr} with ${diff_out_stderr_file}"
|
info "Comparing ${case_title} diff for output ${diff_args_reverse_stderr} with ${diff_out_stderr_file}"
|
||||||
for i in $(seq 10); do
|
for i in $(seq 10); do
|
||||||
info "Comparing diff-args diff log #$i"
|
info "Comparing diff-args diff log #$i"
|
||||||
${helmfile} -f ${diff_args_input_dir}/helmfile.yaml diff 1> ${diff_args_reverse} 2> ${diff_args_reverse_stderr} || fail "\"helmfile diff\" shouldn't fail"
|
${helmfile} -f ${diff_args_input_dir}/helmfile.yaml diff 1> ${diff_args_reverse}.tmp 2> ${diff_args_reverse_stderr} || fail "\"helmfile diff\" shouldn't fail"
|
||||||
|
cat ${diff_args_reverse}.tmp | sed -E '/\*{20}/,/\*{20}/d' > ${diff_args_reverse}
|
||||||
diff -u ${diff_out_file} ${diff_args_reverse} || fail "\"helmfile diff\" should be consistent"
|
diff -u ${diff_out_file} ${diff_args_reverse} || fail "\"helmfile diff\" should be consistent"
|
||||||
diff -u ${diff_out_stderr_file} ${diff_args_reverse_stderr} || fail "\"helmfile diff\" should be consistent (stderr)"
|
diff -u ${diff_out_stderr_file} ${diff_args_reverse_stderr} || fail "\"helmfile diff\" should be consistent (stderr)"
|
||||||
echo code=$?
|
echo code=$?
|
||||||
done
|
done
|
||||||
info "Comparing ${case_title} apply for output ${diff_args_reverse} with ${apply_out_file}"
|
info "Comparing ${case_title} apply for output ${diff_args_reverse} with ${apply_out_file}"
|
||||||
info "Comparing ${case_title} apply for stdout ${diff_args_reverse_stderr} with ${apply_out_stderr_file}"
|
info "Comparing ${case_title} apply for stdout ${diff_args_reverse_stderr} with ${apply_out_stderr_file}"
|
||||||
${helmfile} -f ${diff_args_input_dir}/helmfile.yaml apply 1> ${diff_args_reverse} 2> ${diff_args_reverse_stderr} || fail "\"helmfile apply\" shouldn't fail"
|
${helmfile} -f ${diff_args_input_dir}/helmfile.yaml apply 1> ${diff_args_reverse}.tmp 2> ${diff_args_reverse_stderr} || fail "\"helmfile apply\" shouldn't fail"
|
||||||
|
cat ${diff_args_reverse}.tmp | sed -E '/\*{20}/,/\*{20}/d' > ${diff_args_reverse}
|
||||||
diff -u ${apply_out_file} <(grep -vE "^(LAST DEPLOYED|installed)" ${diff_args_reverse}) || fail "\"helmfile apply\" should be consistent"
|
diff -u ${apply_out_file} <(grep -vE "^(LAST DEPLOYED|installed)" ${diff_args_reverse}) || fail "\"helmfile apply\" should be consistent"
|
||||||
diff -u ${apply_out_stderr_file} <(grep -vE "^(LAST DEPLOYED|installed)" ${diff_args_reverse_stderr}) || fail "\"helmfile apply\" should be consistent (stderr)"
|
diff -u ${apply_out_stderr_file} <(grep -vE "^(LAST DEPLOYED|installed)" ${diff_args_reverse_stderr}) || fail "\"helmfile apply\" should be consistent (stderr)"
|
||||||
echo "clean up diff args resources"
|
echo "clean up diff args resources"
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,4 @@
|
||||||
Comparing release=installed, chart=../../../charts/httpbin, namespace=helmfile-tests
|
Comparing release=installed, chart=../../../charts/httpbin, namespace=helmfile-tests
|
||||||
********************
|
|
||||||
|
|
||||||
Release was not present in Helm. Diff will show entire contents as new.
|
|
||||||
|
|
||||||
********************
|
|
||||||
helmfile-tests, installed-httpbin, Deployment (apps) has been added:
|
helmfile-tests, installed-httpbin, Deployment (apps) has been added:
|
||||||
-
|
-
|
||||||
+ apiVersion: apps/v1
|
+ apiVersion: apps/v1
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,3 @@
|
||||||
********************
|
|
||||||
|
|
||||||
Release was not present in Helm. Diff will show entire contents as new.
|
|
||||||
|
|
||||||
********************
|
|
||||||
helmfile-tests, installed-httpbin, Deployment (apps) has been added:
|
helmfile-tests, installed-httpbin, Deployment (apps) has been added:
|
||||||
-
|
-
|
||||||
+ apiVersion: apps/v1
|
+ apiVersion: apps/v1
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,4 @@
|
||||||
Comparing release=installed, chart=../../../charts/httpbin, namespace=helmfile-tests
|
Comparing release=installed, chart=../../../charts/httpbin, namespace=helmfile-tests
|
||||||
********************
|
|
||||||
|
|
||||||
Release was not present in Helm. Diff will show entire contents as new.
|
|
||||||
|
|
||||||
********************
|
|
||||||
helmfile-tests, installed-httpbin, Deployment (apps) has been added:
|
helmfile-tests, installed-httpbin, Deployment (apps) has been added:
|
||||||
-
|
-
|
||||||
+ apiVersion: apps/v1
|
+ apiVersion: apps/v1
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,3 @@
|
||||||
********************
|
|
||||||
|
|
||||||
Release was not present in Helm. Diff will show entire contents as new.
|
|
||||||
|
|
||||||
********************
|
|
||||||
helmfile-tests, installed-httpbin, Deployment (apps) has been added:
|
helmfile-tests, installed-httpbin, Deployment (apps) has been added:
|
||||||
-
|
-
|
||||||
+ apiVersion: apps/v1
|
+ apiVersion: apps/v1
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,8 @@ test_start "postrender diff"
|
||||||
info "Comparing postrender diff output ${postrender_diff_reverse} with ${postrender_case_output_dir}/result.yaml"
|
info "Comparing postrender diff output ${postrender_diff_reverse} with ${postrender_case_output_dir}/result.yaml"
|
||||||
for i in $(seq 10); do
|
for i in $(seq 10); do
|
||||||
info "Comparing build/postrender-diff #$i"
|
info "Comparing build/postrender-diff #$i"
|
||||||
${helmfile} -f ${postrender_case_input_dir}/${config_file} diff --concurrency 1 --post-renderer ./add-cm.bash --post-renderer-args cm1 &> ${postrender_diff_reverse} || fail "\"helmfile diff\" shouldn't fail"
|
${helmfile} -f ${postrender_case_input_dir}/${config_file} diff --concurrency 1 --post-renderer ./add-cm.bash --post-renderer-args cm1 &> ${postrender_diff_reverse}.tmp || fail "\"helmfile diff\" shouldn't fail"
|
||||||
|
cat ${postrender_diff_reverse}.tmp | sed -E '/\*{20}/,/\*{20}/d' > ${postrender_diff_reverse}
|
||||||
diff -u ${postrender_diff_out_file} ${postrender_diff_reverse} || fail "\"helmfile diff\" should be consistent"
|
diff -u ${postrender_diff_out_file} ${postrender_diff_reverse} || fail "\"helmfile diff\" should be consistent"
|
||||||
echo code=$?
|
echo code=$?
|
||||||
done
|
done
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,6 @@
|
||||||
Building dependency release=foo, chart=../../../charts/raw
|
Building dependency release=foo, chart=../../../charts/raw
|
||||||
Building dependency release=baz, chart=../../../charts/raw
|
Building dependency release=baz, chart=../../../charts/raw
|
||||||
Comparing release=foo, chart=../../../charts/raw, namespace=helmfile-tests
|
Comparing release=foo, chart=../../../charts/raw, namespace=helmfile-tests
|
||||||
********************
|
|
||||||
|
|
||||||
Release was not present in Helm. Diff will show entire contents as new.
|
|
||||||
|
|
||||||
********************
|
|
||||||
helmfile-tests, cm2, ConfigMap (v1) has been added:
|
helmfile-tests, cm2, ConfigMap (v1) has been added:
|
||||||
-
|
-
|
||||||
+ apiVersion: v1
|
+ apiVersion: v1
|
||||||
|
|
@ -26,11 +21,6 @@ helmfile-tests, foo-1, ConfigMap (v1) has been added:
|
||||||
+ foo: FOO
|
+ foo: FOO
|
||||||
|
|
||||||
Comparing release=baz, chart=../../../charts/raw, namespace=helmfile-tests
|
Comparing release=baz, chart=../../../charts/raw, namespace=helmfile-tests
|
||||||
********************
|
|
||||||
|
|
||||||
Release was not present in Helm. Diff will show entire contents as new.
|
|
||||||
|
|
||||||
********************
|
|
||||||
helmfile-tests, baz-3, ConfigMap (v1) has been added:
|
helmfile-tests, baz-3, ConfigMap (v1) has been added:
|
||||||
-
|
-
|
||||||
+ # Source: raw/templates/resources.yaml
|
+ # Source: raw/templates/resources.yaml
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,6 @@
|
||||||
Live output is enabled
|
Live output is enabled
|
||||||
Building dependency release=foo, chart=../../../charts/raw
|
Building dependency release=foo, chart=../../../charts/raw
|
||||||
Building dependency release=baz, chart=../../../charts/raw
|
Building dependency release=baz, chart=../../../charts/raw
|
||||||
********************
|
|
||||||
|
|
||||||
Release was not present in Helm. Diff will show entire contents as new.
|
|
||||||
|
|
||||||
********************
|
|
||||||
helmfile-tests, cm2, ConfigMap (v1) has been added:
|
helmfile-tests, cm2, ConfigMap (v1) has been added:
|
||||||
-
|
-
|
||||||
+ apiVersion: v1
|
+ apiVersion: v1
|
||||||
|
|
@ -24,11 +19,6 @@ helmfile-tests, foo-1, ConfigMap (v1) has been added:
|
||||||
+ namespace: helmfile-tests
|
+ namespace: helmfile-tests
|
||||||
+ data:
|
+ data:
|
||||||
+ foo: FOO
|
+ foo: FOO
|
||||||
********************
|
|
||||||
|
|
||||||
Release was not present in Helm. Diff will show entire contents as new.
|
|
||||||
|
|
||||||
********************
|
|
||||||
helmfile-tests, baz-3, ConfigMap (v1) has been added:
|
helmfile-tests, baz-3, ConfigMap (v1) has been added:
|
||||||
-
|
-
|
||||||
+ # Source: raw/templates/resources.yaml
|
+ # Source: raw/templates/resources.yaml
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,8 @@ test_start "$case_title"
|
||||||
info "Comparing ${case_title} diff for output ${skip_diff_output_reverse} with ${diff_out_file}"
|
info "Comparing ${case_title} diff for output ${skip_diff_output_reverse} with ${diff_out_file}"
|
||||||
for i in $(seq 10); do
|
for i in $(seq 10); do
|
||||||
info "Comparing skip-diff-output diff log #$i"
|
info "Comparing skip-diff-output diff log #$i"
|
||||||
${helmfile} -f ${skip_diff_output_input_dir}/helmfile.yaml.gotmpl diff > ${skip_diff_output_reverse} || fail "\"helmfile diff\" shouldn't fail"
|
${helmfile} -f ${skip_diff_output_input_dir}/helmfile.yaml.gotmpl diff > ${skip_diff_output_reverse}.tmp || fail "\"helmfile diff\" shouldn't fail"
|
||||||
|
cat ${skip_diff_output_reverse}.tmp | sed -E '/\*{20}/,/\*{20}/d' > ${skip_diff_output_reverse}
|
||||||
diff -u ${diff_out_file} ${skip_diff_output_reverse} || fail "\"helmfile diff\" should be consistent"
|
diff -u ${diff_out_file} ${skip_diff_output_reverse} || fail "\"helmfile diff\" should be consistent"
|
||||||
echo code=$?
|
echo code=$?
|
||||||
done
|
done
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,4 @@
|
||||||
Comparing release=baz, chart=../../../charts/raw, namespace=helmfile-tests
|
Comparing release=baz, chart=../../../charts/raw, namespace=helmfile-tests
|
||||||
********************
|
|
||||||
|
|
||||||
Release was not present in Helm. Diff will show entire contents as new.
|
|
||||||
|
|
||||||
********************
|
|
||||||
helmfile-tests, baz-2, ConfigMap (v1) has been added:
|
helmfile-tests, baz-2, ConfigMap (v1) has been added:
|
||||||
-
|
-
|
||||||
+ # Source: raw/templates/resources.yaml
|
+ # Source: raw/templates/resources.yaml
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,3 @@
|
||||||
********************
|
|
||||||
|
|
||||||
Release was not present in Helm. Diff will show entire contents as new.
|
|
||||||
|
|
||||||
********************
|
|
||||||
helmfile-tests, baz-2, ConfigMap (v1) has been added:
|
helmfile-tests, baz-2, ConfigMap (v1) has been added:
|
||||||
-
|
-
|
||||||
+ # Source: raw/templates/resources.yaml
|
+ # Source: raw/templates/resources.yaml
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,10 @@ if [[ $EXTRA_HELMFILE_FLAGS == *--enable-live-output* ]]; then
|
||||||
diff_out_file=${suppress_output_line_regex_output_dir}/diff-live
|
diff_out_file=${suppress_output_line_regex_output_dir}/diff-live
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ $(semver compare $HELM_DIFF_VERSION "3.11.0") == "1" ]]; then
|
||||||
|
diff_out_file=${diff_out_file}-after-helm-diff-3.11.0
|
||||||
|
fi
|
||||||
|
|
||||||
if version_lt $HELM_DIFF_VERSION "3.9.0"; then
|
if version_lt $HELM_DIFF_VERSION "3.9.0"; then
|
||||||
echo "Skipping ${case_title} because helm-diff version is less than 3.9.0"
|
echo "Skipping ${case_title} because helm-diff version is less than 3.9.0"
|
||||||
else
|
else
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,530 @@
|
||||||
|
Comparing release=ingress-nginx, chart=ingress-nginx/ingress-nginx, namespace=helmfile-tests
|
||||||
|
helmfile-tests, ingress-nginx, ClusterRole (rbac.authorization.k8s.io) has changed, but diff is empty after suppression.
|
||||||
|
helmfile-tests, ingress-nginx, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
|
||||||
|
# Source: ingress-nginx/templates/clusterrolebinding.yaml
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
name: ingress-nginx
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: ingress-nginx
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: ingress-nginx
|
||||||
|
- namespace: "helmfile-tests"
|
||||||
|
+ namespace: helmfile-tests
|
||||||
|
helmfile-tests, ingress-nginx, Role (rbac.authorization.k8s.io) has changed:
|
||||||
|
# Source: ingress-nginx/templates/controller-role.yaml
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: controller
|
||||||
|
name: ingress-nginx
|
||||||
|
namespace: helmfile-tests
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- namespaces
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- configmaps
|
||||||
|
- pods
|
||||||
|
- secrets
|
||||||
|
- endpoints
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- services
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- networking.k8s.io
|
||||||
|
resources:
|
||||||
|
- ingresses
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
+ # Omit Ingress status permissions if `--update-status` is disabled.
|
||||||
|
- apiGroups:
|
||||||
|
- networking.k8s.io
|
||||||
|
resources:
|
||||||
|
- ingresses/status
|
||||||
|
verbs:
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- networking.k8s.io
|
||||||
|
resources:
|
||||||
|
- ingressclasses
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- coordination.k8s.io
|
||||||
|
resources:
|
||||||
|
- leases
|
||||||
|
resourceNames:
|
||||||
|
- ingress-nginx-leader
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- coordination.k8s.io
|
||||||
|
resources:
|
||||||
|
- leases
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- events
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- discovery.k8s.io
|
||||||
|
resources:
|
||||||
|
- endpointslices
|
||||||
|
verbs:
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- get
|
||||||
|
helmfile-tests, ingress-nginx, RoleBinding (rbac.authorization.k8s.io) has changed:
|
||||||
|
# Source: ingress-nginx/templates/controller-rolebinding.yaml
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: controller
|
||||||
|
name: ingress-nginx
|
||||||
|
namespace: helmfile-tests
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: ingress-nginx
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: ingress-nginx
|
||||||
|
- namespace: "helmfile-tests"
|
||||||
|
+ namespace: helmfile-tests
|
||||||
|
helmfile-tests, ingress-nginx, ServiceAccount (v1) has changed, but diff is empty after suppression.
|
||||||
|
helmfile-tests, ingress-nginx-admission, ClusterRole (rbac.authorization.k8s.io) has changed, but diff is empty after suppression.
|
||||||
|
helmfile-tests, ingress-nginx-admission, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
|
||||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: ingress-nginx-admission
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: admission-webhook
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: ingress-nginx-admission
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: ingress-nginx-admission
|
||||||
|
- namespace: "helmfile-tests"
|
||||||
|
+ namespace: helmfile-tests
|
||||||
|
helmfile-tests, ingress-nginx-admission, Role (rbac.authorization.k8s.io) has changed:
|
||||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
- name: ingress-nginx-admission
|
||||||
|
+ name: ingress-nginx-admission
|
||||||
|
namespace: helmfile-tests
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: admission-webhook
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- secrets
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- create
|
||||||
|
helmfile-tests, ingress-nginx-admission, RoleBinding (rbac.authorization.k8s.io) has changed:
|
||||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: ingress-nginx-admission
|
||||||
|
namespace: helmfile-tests
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: admission-webhook
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: ingress-nginx-admission
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: ingress-nginx-admission
|
||||||
|
- namespace: "helmfile-tests"
|
||||||
|
+ namespace: helmfile-tests
|
||||||
|
helmfile-tests, ingress-nginx-admission, ServiceAccount (v1) has changed, but diff is empty after suppression.
|
||||||
|
helmfile-tests, ingress-nginx-admission, ValidatingWebhookConfiguration (admissionregistration.k8s.io) has changed:
|
||||||
|
# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
|
||||||
|
# before changing this value, check the required kubernetes version
|
||||||
|
# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
|
||||||
|
apiVersion: admissionregistration.k8s.io/v1
|
||||||
|
kind: ValidatingWebhookConfiguration
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: admission-webhook
|
||||||
|
name: ingress-nginx-admission
|
||||||
|
webhooks:
|
||||||
|
- name: validate.nginx.ingress.kubernetes.io
|
||||||
|
matchPolicy: Equivalent
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- networking.k8s.io
|
||||||
|
apiVersions:
|
||||||
|
- v1
|
||||||
|
operations:
|
||||||
|
- CREATE
|
||||||
|
- UPDATE
|
||||||
|
resources:
|
||||||
|
- ingresses
|
||||||
|
failurePolicy: Fail
|
||||||
|
sideEffects: None
|
||||||
|
admissionReviewVersions:
|
||||||
|
- v1
|
||||||
|
clientConfig:
|
||||||
|
service:
|
||||||
|
- namespace: "helmfile-tests"
|
||||||
|
name: ingress-nginx-controller-admission
|
||||||
|
+ namespace: helmfile-tests
|
||||||
|
path: /networking/v1/ingresses
|
||||||
|
helmfile-tests, ingress-nginx-admission-create, Job (batch) has changed:
|
||||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: ingress-nginx-admission-create
|
||||||
|
namespace: helmfile-tests
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": pre-install,pre-upgrade
|
||||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: admission-webhook
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
name: ingress-nginx-admission-create
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: admission-webhook
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: create
|
||||||
|
- image: "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80"
|
||||||
|
+ image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
args:
|
||||||
|
- create
|
||||||
|
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
|
||||||
|
- --namespace=$(POD_NAMESPACE)
|
||||||
|
- --secret-name=ingress-nginx-admission
|
||||||
|
env:
|
||||||
|
- name: POD_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
+ capabilities:
|
||||||
|
+ drop:
|
||||||
|
+ - ALL
|
||||||
|
+ readOnlyRootFilesystem: true
|
||||||
|
+ runAsNonRoot: true
|
||||||
|
+ runAsUser: 65532
|
||||||
|
+ seccompProfile:
|
||||||
|
+ type: RuntimeDefault
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
serviceAccountName: ingress-nginx-admission
|
||||||
|
nodeSelector:
|
||||||
|
kubernetes.io/os: linux
|
||||||
|
- securityContext:
|
||||||
|
- fsGroup: 2000
|
||||||
|
- runAsNonRoot: true
|
||||||
|
- runAsUser: 2000
|
||||||
|
helmfile-tests, ingress-nginx-admission-patch, Job (batch) has changed:
|
||||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: ingress-nginx-admission-patch
|
||||||
|
namespace: helmfile-tests
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": post-install,post-upgrade
|
||||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: admission-webhook
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
name: ingress-nginx-admission-patch
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: admission-webhook
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: patch
|
||||||
|
- image: "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80"
|
||||||
|
+ image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
args:
|
||||||
|
- patch
|
||||||
|
- --webhook-name=ingress-nginx-admission
|
||||||
|
- --namespace=$(POD_NAMESPACE)
|
||||||
|
- --patch-mutating=false
|
||||||
|
- --secret-name=ingress-nginx-admission
|
||||||
|
- --patch-failure-policy=Fail
|
||||||
|
env:
|
||||||
|
- name: POD_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
+ capabilities:
|
||||||
|
+ drop:
|
||||||
|
+ - ALL
|
||||||
|
+ readOnlyRootFilesystem: true
|
||||||
|
+ runAsNonRoot: true
|
||||||
|
+ runAsUser: 65532
|
||||||
|
+ seccompProfile:
|
||||||
|
+ type: RuntimeDefault
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
serviceAccountName: ingress-nginx-admission
|
||||||
|
nodeSelector:
|
||||||
|
kubernetes.io/os: linux
|
||||||
|
- securityContext:
|
||||||
|
- fsGroup: 2000
|
||||||
|
- runAsNonRoot: true
|
||||||
|
- runAsUser: 2000
|
||||||
|
helmfile-tests, ingress-nginx-controller, ConfigMap (v1) has changed, but diff is empty after suppression.
|
||||||
|
helmfile-tests, ingress-nginx-controller, Deployment (apps) has changed:
|
||||||
|
# Source: ingress-nginx/templates/controller-deployment.yaml
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: controller
|
||||||
|
name: ingress-nginx-controller
|
||||||
|
namespace: helmfile-tests
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/component: controller
|
||||||
|
replicas: 1
|
||||||
|
revisionHistoryLimit: 10
|
||||||
|
minReadySeconds: 0
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: controller
|
||||||
|
spec:
|
||||||
|
dnsPolicy: ClusterFirst
|
||||||
|
containers:
|
||||||
|
- name: controller
|
||||||
|
- image: "registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3"
|
||||||
|
+ image: registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
lifecycle:
|
||||||
|
preStop:
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- /wait-shutdown
|
||||||
|
- args:
|
||||||
|
+ args:
|
||||||
|
- /nginx-ingress-controller
|
||||||
|
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
|
||||||
|
- --election-id=ingress-nginx-leader
|
||||||
|
- --controller-class=k8s.io/ingress-nginx
|
||||||
|
- --ingress-class=nginx
|
||||||
|
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
|
||||||
|
- --validating-webhook=:8443
|
||||||
|
- --validating-webhook-certificate=/usr/local/certificates/cert
|
||||||
|
- --validating-webhook-key=/usr/local/certificates/key
|
||||||
|
securityContext:
|
||||||
|
+ runAsNonRoot: true
|
||||||
|
+ runAsUser: 101
|
||||||
|
+ allowPrivilegeEscalation: false
|
||||||
|
+ seccompProfile:
|
||||||
|
+ type: RuntimeDefault
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
add:
|
||||||
|
- NET_BIND_SERVICE
|
||||||
|
- runAsUser: 101
|
||||||
|
- allowPrivilegeEscalation: true
|
||||||
|
+ readOnlyRootFilesystem: false
|
||||||
|
env:
|
||||||
|
- name: POD_NAME
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.name
|
||||||
|
- name: POD_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
- name: LD_PRELOAD
|
||||||
|
value: /usr/local/lib/libmimalloc.so
|
||||||
|
livenessProbe:
|
||||||
|
failureThreshold: 5
|
||||||
|
httpGet:
|
||||||
|
path: /healthz
|
||||||
|
port: 10254
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 1
|
||||||
|
readinessProbe:
|
||||||
|
failureThreshold: 3
|
||||||
|
httpGet:
|
||||||
|
path: /healthz
|
||||||
|
port: 10254
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 1
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 80
|
||||||
|
protocol: TCP
|
||||||
|
- name: https
|
||||||
|
containerPort: 443
|
||||||
|
protocol: TCP
|
||||||
|
- name: webhook
|
||||||
|
containerPort: 8443
|
||||||
|
protocol: TCP
|
||||||
|
volumeMounts:
|
||||||
|
- name: webhook-cert
|
||||||
|
mountPath: /usr/local/certificates/
|
||||||
|
readOnly: true
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 90Mi
|
||||||
|
nodeSelector:
|
||||||
|
kubernetes.io/os: linux
|
||||||
|
serviceAccountName: ingress-nginx
|
||||||
|
terminationGracePeriodSeconds: 300
|
||||||
|
volumes:
|
||||||
|
- name: webhook-cert
|
||||||
|
secret:
|
||||||
|
secretName: ingress-nginx-admission
|
||||||
|
helmfile-tests, ingress-nginx-controller, Service (v1) has changed, but diff is empty after suppression.
|
||||||
|
helmfile-tests, ingress-nginx-controller-admission, Service (v1) has changed, but diff is empty after suppression.
|
||||||
|
helmfile-tests, nginx, IngressClass (networking.k8s.io) has changed, but diff is empty after suppression.
|
||||||
|
helmfile-tests, ingress-nginx-admission, NetworkPolicy (networking.k8s.io) has been removed:
|
||||||
|
- # Source: ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml
|
||||||
|
- apiVersion: networking.k8s.io/v1
|
||||||
|
- kind: NetworkPolicy
|
||||||
|
- metadata:
|
||||||
|
- name: ingress-nginx-admission
|
||||||
|
- namespace: helmfile-tests
|
||||||
|
- annotations:
|
||||||
|
- "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||||
|
- "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||||
|
- labels:
|
||||||
|
- app.kubernetes.io/name: ingress-nginx
|
||||||
|
- app.kubernetes.io/instance: ingress-nginx
|
||||||
|
- app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
- app.kubernetes.io/managed-by: Helm
|
||||||
|
- app.kubernetes.io/component: admission-webhook
|
||||||
|
- spec:
|
||||||
|
- podSelector:
|
||||||
|
- matchLabels:
|
||||||
|
- app.kubernetes.io/name: ingress-nginx
|
||||||
|
- app.kubernetes.io/instance: ingress-nginx
|
||||||
|
- app.kubernetes.io/component: admission-webhook
|
||||||
|
- policyTypes:
|
||||||
|
- - Ingress
|
||||||
|
- - Egress
|
||||||
|
- egress:
|
||||||
|
- - {}
|
||||||
|
+
|
||||||
|
|
||||||
|
|
@ -0,0 +1,530 @@
|
||||||
|
"ingress-nginx" has been added to your repositories
|
||||||
|
helmfile-tests, ingress-nginx, ClusterRole (rbac.authorization.k8s.io) has changed, but diff is empty after suppression.
|
||||||
|
helmfile-tests, ingress-nginx, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
|
||||||
|
# Source: ingress-nginx/templates/clusterrolebinding.yaml
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
name: ingress-nginx
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: ingress-nginx
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: ingress-nginx
|
||||||
|
- namespace: "helmfile-tests"
|
||||||
|
+ namespace: helmfile-tests
|
||||||
|
helmfile-tests, ingress-nginx, Role (rbac.authorization.k8s.io) has changed:
|
||||||
|
# Source: ingress-nginx/templates/controller-role.yaml
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: controller
|
||||||
|
name: ingress-nginx
|
||||||
|
namespace: helmfile-tests
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- namespaces
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- configmaps
|
||||||
|
- pods
|
||||||
|
- secrets
|
||||||
|
- endpoints
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- services
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- networking.k8s.io
|
||||||
|
resources:
|
||||||
|
- ingresses
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
+ # Omit Ingress status permissions if `--update-status` is disabled.
|
||||||
|
- apiGroups:
|
||||||
|
- networking.k8s.io
|
||||||
|
resources:
|
||||||
|
- ingresses/status
|
||||||
|
verbs:
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- networking.k8s.io
|
||||||
|
resources:
|
||||||
|
- ingressclasses
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- coordination.k8s.io
|
||||||
|
resources:
|
||||||
|
- leases
|
||||||
|
resourceNames:
|
||||||
|
- ingress-nginx-leader
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- coordination.k8s.io
|
||||||
|
resources:
|
||||||
|
- leases
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- events
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- discovery.k8s.io
|
||||||
|
resources:
|
||||||
|
- endpointslices
|
||||||
|
verbs:
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- get
|
||||||
|
helmfile-tests, ingress-nginx, RoleBinding (rbac.authorization.k8s.io) has changed:
|
||||||
|
# Source: ingress-nginx/templates/controller-rolebinding.yaml
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: controller
|
||||||
|
name: ingress-nginx
|
||||||
|
namespace: helmfile-tests
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: ingress-nginx
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: ingress-nginx
|
||||||
|
- namespace: "helmfile-tests"
|
||||||
|
+ namespace: helmfile-tests
|
||||||
|
helmfile-tests, ingress-nginx, ServiceAccount (v1) has changed, but diff is empty after suppression.
|
||||||
|
helmfile-tests, ingress-nginx-admission, ClusterRole (rbac.authorization.k8s.io) has changed, but diff is empty after suppression.
|
||||||
|
helmfile-tests, ingress-nginx-admission, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
|
||||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: ingress-nginx-admission
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: admission-webhook
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: ingress-nginx-admission
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: ingress-nginx-admission
|
||||||
|
- namespace: "helmfile-tests"
|
||||||
|
+ namespace: helmfile-tests
|
||||||
|
helmfile-tests, ingress-nginx-admission, Role (rbac.authorization.k8s.io) has changed:
|
||||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
- name: ingress-nginx-admission
|
||||||
|
+ name: ingress-nginx-admission
|
||||||
|
namespace: helmfile-tests
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: admission-webhook
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- secrets
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- create
|
||||||
|
helmfile-tests, ingress-nginx-admission, RoleBinding (rbac.authorization.k8s.io) has changed:
|
||||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: ingress-nginx-admission
|
||||||
|
namespace: helmfile-tests
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: admission-webhook
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: ingress-nginx-admission
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: ingress-nginx-admission
|
||||||
|
- namespace: "helmfile-tests"
|
||||||
|
+ namespace: helmfile-tests
|
||||||
|
helmfile-tests, ingress-nginx-admission, ServiceAccount (v1) has changed, but diff is empty after suppression.
|
||||||
|
helmfile-tests, ingress-nginx-admission, ValidatingWebhookConfiguration (admissionregistration.k8s.io) has changed:
|
||||||
|
# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
|
||||||
|
# before changing this value, check the required kubernetes version
|
||||||
|
# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
|
||||||
|
apiVersion: admissionregistration.k8s.io/v1
|
||||||
|
kind: ValidatingWebhookConfiguration
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: admission-webhook
|
||||||
|
name: ingress-nginx-admission
|
||||||
|
webhooks:
|
||||||
|
- name: validate.nginx.ingress.kubernetes.io
|
||||||
|
matchPolicy: Equivalent
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- networking.k8s.io
|
||||||
|
apiVersions:
|
||||||
|
- v1
|
||||||
|
operations:
|
||||||
|
- CREATE
|
||||||
|
- UPDATE
|
||||||
|
resources:
|
||||||
|
- ingresses
|
||||||
|
failurePolicy: Fail
|
||||||
|
sideEffects: None
|
||||||
|
admissionReviewVersions:
|
||||||
|
- v1
|
||||||
|
clientConfig:
|
||||||
|
service:
|
||||||
|
- namespace: "helmfile-tests"
|
||||||
|
name: ingress-nginx-controller-admission
|
||||||
|
+ namespace: helmfile-tests
|
||||||
|
path: /networking/v1/ingresses
|
||||||
|
helmfile-tests, ingress-nginx-admission-create, Job (batch) has changed:
|
||||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: ingress-nginx-admission-create
|
||||||
|
namespace: helmfile-tests
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": pre-install,pre-upgrade
|
||||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: admission-webhook
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
name: ingress-nginx-admission-create
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: admission-webhook
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: create
|
||||||
|
- image: "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80"
|
||||||
|
+ image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
args:
|
||||||
|
- create
|
||||||
|
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
|
||||||
|
- --namespace=$(POD_NAMESPACE)
|
||||||
|
- --secret-name=ingress-nginx-admission
|
||||||
|
env:
|
||||||
|
- name: POD_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
+ capabilities:
|
||||||
|
+ drop:
|
||||||
|
+ - ALL
|
||||||
|
+ readOnlyRootFilesystem: true
|
||||||
|
+ runAsNonRoot: true
|
||||||
|
+ runAsUser: 65532
|
||||||
|
+ seccompProfile:
|
||||||
|
+ type: RuntimeDefault
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
serviceAccountName: ingress-nginx-admission
|
||||||
|
nodeSelector:
|
||||||
|
kubernetes.io/os: linux
|
||||||
|
- securityContext:
|
||||||
|
- fsGroup: 2000
|
||||||
|
- runAsNonRoot: true
|
||||||
|
- runAsUser: 2000
|
||||||
|
helmfile-tests, ingress-nginx-admission-patch, Job (batch) has changed:
|
||||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: ingress-nginx-admission-patch
|
||||||
|
namespace: helmfile-tests
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": post-install,post-upgrade
|
||||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: admission-webhook
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
name: ingress-nginx-admission-patch
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: admission-webhook
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: patch
|
||||||
|
- image: "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80"
|
||||||
|
+ image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
args:
|
||||||
|
- patch
|
||||||
|
- --webhook-name=ingress-nginx-admission
|
||||||
|
- --namespace=$(POD_NAMESPACE)
|
||||||
|
- --patch-mutating=false
|
||||||
|
- --secret-name=ingress-nginx-admission
|
||||||
|
- --patch-failure-policy=Fail
|
||||||
|
env:
|
||||||
|
- name: POD_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
+ capabilities:
|
||||||
|
+ drop:
|
||||||
|
+ - ALL
|
||||||
|
+ readOnlyRootFilesystem: true
|
||||||
|
+ runAsNonRoot: true
|
||||||
|
+ runAsUser: 65532
|
||||||
|
+ seccompProfile:
|
||||||
|
+ type: RuntimeDefault
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
serviceAccountName: ingress-nginx-admission
|
||||||
|
nodeSelector:
|
||||||
|
kubernetes.io/os: linux
|
||||||
|
- securityContext:
|
||||||
|
- fsGroup: 2000
|
||||||
|
- runAsNonRoot: true
|
||||||
|
- runAsUser: 2000
|
||||||
|
helmfile-tests, ingress-nginx-controller, ConfigMap (v1) has changed, but diff is empty after suppression.
|
||||||
|
helmfile-tests, ingress-nginx-controller, Deployment (apps) has changed:
|
||||||
|
# Source: ingress-nginx/templates/controller-deployment.yaml
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: controller
|
||||||
|
name: ingress-nginx-controller
|
||||||
|
namespace: helmfile-tests
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/component: controller
|
||||||
|
replicas: 1
|
||||||
|
revisionHistoryLimit: 10
|
||||||
|
minReadySeconds: 0
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/component: controller
|
||||||
|
spec:
|
||||||
|
dnsPolicy: ClusterFirst
|
||||||
|
containers:
|
||||||
|
- name: controller
|
||||||
|
- image: "registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3"
|
||||||
|
+ image: registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
lifecycle:
|
||||||
|
preStop:
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- /wait-shutdown
|
||||||
|
- args:
|
||||||
|
+ args:
|
||||||
|
- /nginx-ingress-controller
|
||||||
|
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
|
||||||
|
- --election-id=ingress-nginx-leader
|
||||||
|
- --controller-class=k8s.io/ingress-nginx
|
||||||
|
- --ingress-class=nginx
|
||||||
|
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
|
||||||
|
- --validating-webhook=:8443
|
||||||
|
- --validating-webhook-certificate=/usr/local/certificates/cert
|
||||||
|
- --validating-webhook-key=/usr/local/certificates/key
|
||||||
|
securityContext:
|
||||||
|
+ runAsNonRoot: true
|
||||||
|
+ runAsUser: 101
|
||||||
|
+ allowPrivilegeEscalation: false
|
||||||
|
+ seccompProfile:
|
||||||
|
+ type: RuntimeDefault
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
add:
|
||||||
|
- NET_BIND_SERVICE
|
||||||
|
- runAsUser: 101
|
||||||
|
- allowPrivilegeEscalation: true
|
||||||
|
+ readOnlyRootFilesystem: false
|
||||||
|
env:
|
||||||
|
- name: POD_NAME
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.name
|
||||||
|
- name: POD_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
- name: LD_PRELOAD
|
||||||
|
value: /usr/local/lib/libmimalloc.so
|
||||||
|
livenessProbe:
|
||||||
|
failureThreshold: 5
|
||||||
|
httpGet:
|
||||||
|
path: /healthz
|
||||||
|
port: 10254
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 1
|
||||||
|
readinessProbe:
|
||||||
|
failureThreshold: 3
|
||||||
|
httpGet:
|
||||||
|
path: /healthz
|
||||||
|
port: 10254
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 1
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 80
|
||||||
|
protocol: TCP
|
||||||
|
- name: https
|
||||||
|
containerPort: 443
|
||||||
|
protocol: TCP
|
||||||
|
- name: webhook
|
||||||
|
containerPort: 8443
|
||||||
|
protocol: TCP
|
||||||
|
volumeMounts:
|
||||||
|
- name: webhook-cert
|
||||||
|
mountPath: /usr/local/certificates/
|
||||||
|
readOnly: true
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 90Mi
|
||||||
|
nodeSelector:
|
||||||
|
kubernetes.io/os: linux
|
||||||
|
serviceAccountName: ingress-nginx
|
||||||
|
terminationGracePeriodSeconds: 300
|
||||||
|
volumes:
|
||||||
|
- name: webhook-cert
|
||||||
|
secret:
|
||||||
|
secretName: ingress-nginx-admission
|
||||||
|
helmfile-tests, ingress-nginx-controller, Service (v1) has changed, but diff is empty after suppression.
|
||||||
|
helmfile-tests, ingress-nginx-controller-admission, Service (v1) has changed, but diff is empty after suppression.
|
||||||
|
helmfile-tests, nginx, IngressClass (networking.k8s.io) has changed, but diff is empty after suppression.
|
||||||
|
helmfile-tests, ingress-nginx-admission, NetworkPolicy (networking.k8s.io) has been removed:
|
||||||
|
- # Source: ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml
|
||||||
|
- apiVersion: networking.k8s.io/v1
|
||||||
|
- kind: NetworkPolicy
|
||||||
|
- metadata:
|
||||||
|
- name: ingress-nginx-admission
|
||||||
|
- namespace: helmfile-tests
|
||||||
|
- annotations:
|
||||||
|
- "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||||
|
- "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||||
|
- labels:
|
||||||
|
- app.kubernetes.io/name: ingress-nginx
|
||||||
|
- app.kubernetes.io/instance: ingress-nginx
|
||||||
|
- app.kubernetes.io/part-of: ingress-nginx
|
||||||
|
- app.kubernetes.io/managed-by: Helm
|
||||||
|
- app.kubernetes.io/component: admission-webhook
|
||||||
|
- spec:
|
||||||
|
- podSelector:
|
||||||
|
- matchLabels:
|
||||||
|
- app.kubernetes.io/name: ingress-nginx
|
||||||
|
- app.kubernetes.io/instance: ingress-nginx
|
||||||
|
- app.kubernetes.io/component: admission-webhook
|
||||||
|
- policyTypes:
|
||||||
|
- - Ingress
|
||||||
|
- - Egress
|
||||||
|
- egress:
|
||||||
|
- - {}
|
||||||
|
+
|
||||||
|
Comparing release=ingress-nginx, chart=ingress-nginx/ingress-nginx, namespace=helmfile-tests
|
||||||
Loading…
Reference in New Issue