Test: More tests

Author: linktohack

Makefile

@@ -5,20 +5,28 @@ all:
 
 .PHONY: test
 test:
-	helm -n com-linktohack-redmine template redmine . -f docker-compose-redmine.yaml -f docker-compose-redmine-override.yaml \
+	# redmine kitchen sink
+	helm -n com-linktohack-redmine template redmine . -f test/docker-compose-redmine.yaml -f test/docker-compose-redmine-override.yaml \
 		--set services.db.expose={3306:3306} \
 		--set services.db.ports={3306:3306} \
 		--set services.db.deploy.placement.constraints={node.role==manager} \
 		--set services.redmine.deploy.placement.constraints={node.role==manager} \
-		--set chdir=/stack | yq -sy 'sort_by(.kind, .metadata.name) | .[]' > stack2.yaml
-	cmp stack1.yaml stack2.yaml
+		--set chdir=/stack | yq -sy 'sort_by(.kind, .metadata.name) | .[]' > test/docker-compose-redmine.spec2.yaml
+	diff -u test/docker-compose-redmine.spec.yaml test/docker-compose-redmine.spec2.yaml
 
-.PHONY: diff
-diff:
-	helm -n com-linktohack-redmine template redmine . -f docker-compose-redmine.yaml -f docker-compose-redmine-override.yaml \
-		--set services.db.expose={3306:3306} \
-		--set services.db.ports={3306:3306} \
-		--set services.db.deploy.placement.constraints={node.role==manager} \
-		--set services.redmine.deploy.placement.constraints={node.role==manager} \
-		--set chdir=/stack | yq -sy 'sort_by(.kind, .metadata.name) | .[]' > stack2.yaml
-	diff -u stack1.yaml stack2.yaml
+	# dockersamples
+	helm -n com-linktohack-dockersamples template dockersamples . -f test/docker-compose-dockersamples.yaml \
+		| yq -sy 'sort_by(.kind, .metadata.name) | .[]' > test/docker-compose-dockersamples.spec2.yaml
+	diff -u test/docker-compose-dockersamples.spec.yaml test/docker-compose-dockersamples.spec2.yaml
+
+	# kubernetes dashboard
+	helm -n com-linktohack-kubernetes-dashboard template kubernetes-dashboard . -f test/docker-compose-kubernetes-dashboard.yaml \
+		| yq -sy 'sort_by(.kind, .metadata.name) | .[]' > test/docker-compose-kubernetes-dashboard.spec2.yaml
+	diff -u test/docker-compose-kubernetes-dashboard.spec.yaml test/docker-compose-kubernetes-dashboard.spec2.yaml
+
+	# traefik
+	helm -n com-linktohack-traefik template traefik . \
+		-f test/docker-compose-traefik.yaml \
+		-f test/docker-compose-traefik-override.yaml \
+		| yq -sy 'sort_by(.kind, .metadata.name) | .[]' > test/docker-compose-traefik.spec2.yaml
+	diff -u test/docker-compose-traefik.spec.yaml test/docker-compose-traefik.spec2.yaml	

README.md

@@ -14,9 +14,9 @@ helm -n your-stack upgrade --install your-stack link/stack -f docker-compose.yam
 While the inter-container communication is enabled in `swarm` either by `network` or `link`, in `k8s` if you have more than one service and they need to communicate together, you will need to expose the ports explicitly by `--set services.XXX.expose={YYYY}`
 
 # Features (complete)
-The chart is quite features complete and I was able to deploy complex stacks with it including `traefik` and `kubernetes-dashboard`. In all cases, there is a mechanism to override the generated manifests with full possibilities of `k8s` API (see below.)
+The chart is features complete and I was able to deploy complex stacks with it including `traefik` and `kubernetes-dashboard`. In all cases, there is a mechanism to override the generated manifests with full possibilities of `k8s` API (see below.)
 
-Acceptable configurations can be found in the [test](./docker-compose-redmine.yaml):.
+Acceptable configurations can be found in the [test](./test/docker-compose-redmine.yaml):.
 
 - [X] Deployment: 
   - Default to `Deployment`
@@ -31,31 +31,30 @@ Acceptable configurations can be found in the [test](./docker-compose-redmine.ya
 - [X] Resources:
   - `deploy.resources.reservations` map to `request` and
   - `deploy.resources.limits` map to `limit` (accept both `cpus` and `cpu` keys)
-- [X] Toleration: via extra key `deploy.placement.tolerations` with `kubectl taint` syntax
-- [X] Resources: `deploy.resource.reservations` map to `request` and `deploy.resource.limits` map to `limit` (accept both `cpus` and `cpu`!)
+- [X] Toleration: via [extra key](#extra-keys) `deploy.placement.tolerations` with `kubectl taint` syntax
 - [X] Service:
   - `ports` expose `LoadBlancer` by default
   - `expose` exposes `ClusterIP` services
   - `nodePorts` expose `NodePort` services
 - [X] Ingress
-  - Support `traefik` (1.7) labels (`deploy.labels`) as input with annotations including basic auth
-  - Support `CertManager` `Issuer` and `ClusterIssuer` via extra labels `traefik.issuer` and `traefik.cluster-issuer`
+  - Support `traefik` (1.7) labels (`deploy.labels`) as input with annotations support, including basic auth, `PathPrefixStrip`, `customRequestHeaders`, `customResponseHeaders`...
+  - Support `CertManager`'s `Issuer` and `ClusterIssuer` via extra labels `traefik.issuer` and `traefik.cluster-issuer`
   - Support `Ingress` class via extra label `traefik.ingress-class`
   - Support `segment` labels for services that expose multiple ports `traefik.port`, `traefik.first.port`, `traefik.second.port`...
-  - Advanced features (`PathPrefixStrip`, custom headers...) will set the Ingress class to `traefik`, but again it can be overwritten.
-- [X] Volume: Handle inline/top-level volumes/external volumes
+- [X] Volume: Support inline/top-level volumes/external volumes
+  - Support both short and long syntax
   - Automatic switch to `volumeClaimTemplates` for `StatefulSet` (really useful if combine with cloud provider's dynamic provisioner).
-  - Dynamic provisioner should work as expected `volumes.XXX.driver_opts.type` maps directly to `storageClassName` including treatments for
+  - Dynamic provisioner should work as expected. `volumes.XXX.driver_opts.type` maps directly to `storageClassName` including treatments for:
     - `none` (default storage class)
     - `nfs`
     - `emptyDir`
-  - Support `none` (map to `hostPath` if `volumes.XXX.driver_opts.device` presents) and `nfs` (support `addr` in `volumes.XXX.driver_opts.o`, `volumes.XXX.driver_opts.device`) static provisioner. 
-  - Support `readOnly` attribute (`volume:/path:ro`)
-- [X] Config: Handle top-level configs/external configs
+  - Support `none` (map to `hostPath` if `volumes.XXX.driver_opts.device` presents) and `nfs` (if `addr` presents in `volumes.XXX.driver_opts.o` and `volumes.XXX.driver_opts.device` prensents) static provisioner. 
+  - Support `readOnly` attribute (`volume:/path:ro` style)
+- [X] Config: Support top-level configs/external configs
   - Support both short and long syntax
   - Data can be integrated directly via `data` external key
   - Support mouting as directory by setting `file` to null. See [Advance: full override](#advance-full-override) to see how to insert more than one files
-- [X] Secret: Handle top-level secrets/external secrets
+- [X] Secret: Support top-level secrets/external secrets
   - Support both short and long syntax
   - Data can be integrated directly via `data` and `stringData` external keys
   - Support mouting as directory by setting `file` to null. See [Advance: full override](#advance-full-override) to see how to insert more than one files
@@ -70,7 +69,7 @@ Acceptable configurations can be found in the [test](./docker-compose-redmine.ya
 Tested in a K3s cluster with `local-path` provisioner.
 
 ```sh
-❯ helm -n com-linktohack-docker-on-compose upgrade --install sample link/stack -f docker-compose-dockersamples.yaml
+❯ helm -n com-linktohack-docker-on-compose upgrade --install sample link/stack -f test/docker-compose-dockersamples.yaml
 Release "sample" does not exist. Installing it now.
 NAME: sample
 LAST DEPLOYED: Tue Jan 14 18:38:42 2020
@@ -158,18 +157,18 @@ services:
       tcp: {}
       upd: {}
     Ingress:
-      default: {}
-      seg: {}
+      default: {} # default segement
+      seg1: {} # segment seg1
     Auth:
       default: {}
-      seg: {}
+      seg: {} # segment seg1
     Deployment:
       spec:
         template:
           spec:
             containers:
               - name: override-name
-                imagePullPolicy: Always
+                imagePullPolicy: Always # supported as an extra key already
     DaemonSet:
       spec:
     StatefulSe:
@@ -178,26 +177,26 @@ services:
       spec:
     CronJob:
       spec:
-        schedule: '*/1 * * * *'
+        schedule: '*/1 * * * *' # mostly require
 volumes:
   db:
     PV:
       spec:
         capacity:
-          storage: 10Gi
+          storage: 10Gi # supported as an extra key already
         persistentVolumeReclaimPolicy: Retain
     PVC:
       spec:
         resources:
           requests:
-            storage: 10Gi
+            storage: 10Gi # supported as an extra key already
 configs:
   redmine_config:
     ConfigMap:
       data:
         hello.yaml: there
 secrets:
-  tested:
+  with_string_data:
     Secret:
       stringData: ""
 ```
@@ -217,13 +216,14 @@ The same technique can be applied via a proper language instead of using a Helm
 # Contribution
 - More `traefik` headers
 - JSON schema of `docker-compose` and extra keys
+- More tests
 
 # More examples
 ## Redmine + MySQL
 This example contains almost all the possible configurations of this stack.
 
 ```sh
-helm -n com-linktohack-redmine upgrade --install redmine link/stack -f docker-compose-redmine.yaml -f docker-compose-redmine-override.yaml \
+helm -n com-linktohack-redmine upgrade --install redmine link/stack -f test/docker-compose-redmine.yaml -f test/docker-compose-redmine-override.yaml \
     --set services.db.expose={3306:3306} \
     --set services.db.ports={3306:3306} \
     --set services.db.deploy.placement.constraints={node.role==manager} \
@@ -236,26 +236,26 @@ helm -n com-linktohack-redmine upgrade --install redmine link/stack -f docker-co
 
 ## Traefik ingress
 ```sh   
-helm -n kube-system upgrade --install traefik link/stack -f docker-compose-traefik.yml -f docker-compose-traefik-override.yml
+helm -n kube-system upgrade --install traefik link/stack -f test/docker-compose-traefik.yml -f test/docker-compose-traefik-override.yml
 ```
 
 ## Kubernetes dashboard (with basic auth and skip login)
 - Create `kubernetes-dashboard` service account
 - Bind it with `cluster-admin` role
 
 ```sh
-helm -n kubernetes-dashboard upgrade --install dashboard link/stack -f docker-compose-kubernetes-dashboard.yml 
+helm -n kubernetes-dashboard upgrade --install dashboard link/stack -f test/docker-compose-kubernetes-dashboard.yml 
 ```
 
 ## Via template
 ```sh
-helm -n com-linktohack-redmine template redmine link/stack -f docker-compose-redmine.yaml -f docker-compose-redmine-override.yaml \
+helm -n com-linktohack-redmine template redmine link/stack -f test/docker-compose-redmine.yaml -f test/docker-compose-redmine-override.yaml \
     --set services.db.expose={3306:3306} \
     --set services.db.ports={3306:3306} \
     --set services.db.deploy.placement.constraints={node.role==manager} \
     --set services.redmine.deploy.placement.constraints={node.role==manager} \
-    --set chdir=/stack --debug > stack1.yaml
-kubectl -n com-linktohack-redmine apply -f stack1.yaml
+    --set chdir=/stack --debug > test/docker-compose-redmine.manifest.yaml
+kubectl -n com-linktohack-redmine apply -f test/docker-compose-redmine.manifest.yaml
 ```
 
 # Changelog

test/docker-compose-dockersamples.spec.yaml

@@ -0,0 +1,65 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: db
+spec:
+  selector:
+    matchLabels:
+      service: db
+  template:
+    metadata:
+      labels:
+        service: db
+    spec:
+      containers:
+        - image: dockersamples/k8s-wordsmith-db
+          name: db
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: web
+spec:
+  selector:
+    matchLabels:
+      service: web
+  template:
+    metadata:
+      labels:
+        service: web
+    spec:
+      containers:
+        - image: dockersamples/k8s-wordsmith-web
+          name: web
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: words
+spec:
+  replicas: 5
+  selector:
+    matchLabels:
+      service: words
+  template:
+    metadata:
+      labels:
+        service: words
+    spec:
+      containers:
+        - image: dockersamples/k8s-wordsmith-api
+          name: words
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: web-loadbalancer-tcp
+spec:
+  ports:
+    - name: tcp-33000
+      port: 33000
+      protocol: TCP
+      targetPort: 80
+  selector:
+    service: web
+  type: LoadBalancer

docker-compose-dockersamples.yaml test/docker-compose-dockersamples.yaml

@@ -0,0 +1,130 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kubernetes-dashboard-settings
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dashboard-metrics-scraper
+spec:
+  selector:
+    matchLabels:
+      service: dashboard-metrics-scraper
+  template:
+    metadata:
+      labels:
+        service: dashboard-metrics-scraper
+    spec:
+      containers:
+        - image: kubernetesui/metrics-scraper:v1.0.1
+          name: dashboard-metrics-scraper
+          volumeMounts:
+            - mountPath: /tmp
+              name: tmp-volume2
+      serviceAccountName: kubernetes-dashboard
+      volumes:
+        - emptyDir: {}
+          name: tmp-volume2
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kubernetes-dashboard
+spec:
+  selector:
+    matchLabels:
+      service: kubernetes-dashboard
+  template:
+    metadata:
+      labels:
+        service: kubernetes-dashboard
+    spec:
+      containers:
+        - args:
+            - --auto-generate-certificates
+            - --namespace=kubernetes-dashboard
+            - --enable-skip-login
+          image: kubernetesui/dashboard:v2.0.0-beta8
+          imagePullPolicy: Always
+          name: kubernetes-dashboard
+          volumeMounts:
+            - mountPath: /tmp
+              name: tmp-volume1
+            - mountPath: /certs
+              name: kubernetes-dashboard-certs
+      serviceAccountName: kubernetes-dashboard
+      volumes:
+        - name: kubernetes-dashboard-certs
+          secret:
+            secretName: kubernetes-dashboard-certs
+        - emptyDir: {}
+          name: tmp-volume1
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/auth-realm: traefik
+    ingress.kubernetes.io/auth-remove-header: 'true'
+    ingress.kubernetes.io/auth-secret: kubernetes-dashboard-default-basic-auth
+    ingress.kubernetes.io/auth-type: basic
+    ingress.kubernetes.io/protocol: https
+  name: kubernetes-dashboard-default
+spec:
+  rules:
+    - host: REDACTED
+      http:
+        paths:
+          - backend:
+              serviceName: kubernetes-dashboard
+              servicePort: tcp-8443
+            path: /
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kubernetes-dashboard-certs
+type: Opaque
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kubernetes-dashboard-csrf
+type: Opaque
+---
+apiVersion: v1
+data:
+  auth: UkVEQUNURUQ=
+kind: Secret
+metadata:
+  name: kubernetes-dashboard-default-basic-auth
+type: Opaque
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dashboard-metrics-scraper
+spec:
+  ports:
+    - name: tcp-8000
+      port: 8000
+      protocol: TCP
+      targetPort: 8000
+  selector:
+    service: dashboard-metrics-scraper
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kubernetes-dashboard
+spec:
+  ports:
+    - name: tcp-8443
+      port: 8443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    service: kubernetes-dashboard
+  type: ClusterIP

test/docker-compose-kubernetes-dashboard.spec.yaml

@@ -0,0 +1,136 @@
+apiVersion: v1
+data:
+  rules.toml: ''
+kind: ConfigMap
+metadata:
+  name: rules-toml
+---
+apiVersion: v1
+data:
+  traefik.toml: "debug = true\nlogLevel = \"DEBUG\"\ninsecureSkipVerify = true\ndefaultEntryPoints\
+    \ = [\"http\", \"https\"]\n\n[entryPoints]\n  [entryPoints.http]\n  address =\
+    \ \":80\"\n    [entryPoints.http.redirect]\n    entryPoint = \"https\"\n  [entryPoints.https]\n\
+    \  address = \":443\"\n  [entryPoints.https.tls]\n\n[web]\n[web.auth.basic]\n\
+    users = [\"REDACTED.\"]\n\n[docker]\n  endpoint = \"unix:///var/run/docker.sock\"\
+    \n  domain = \"docker.localhost\"\n  watch = true\n  exposedByDefault = true\n\
+    \  swarmMode = true\n  network = \"web\"\n\n[kubernetes]\n\n[file]\n  filename\
+    \ = \"rules.toml\"\n  watch = true\n\n[acme]\n  email = \"REDACTED\"\n  storage\
+    \ = \"acme.json\"\n  entryPoint = \"https\"\n  onHostRule = true\n  [acme.httpChallenge]\n\
+    \    entryPoint = \"http\""
+kind: ConfigMap
+metadata:
+  name: traefik-toml
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: traefik
+spec:
+  selector:
+    matchLabels:
+      service: traefik
+  template:
+    metadata:
+      labels:
+        service: traefik
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: node-role.kubernetes.io/master
+                    operator: In
+                    values:
+                      - 'true'
+      containers:
+        - image: traefik:1.7
+          name: traefik
+          volumeMounts:
+            - mountPath: /var/run/docker.sock
+              name: volume-0
+            - mountPath: /acme.json
+              name: volume-1
+            - mountPath: /traefik.toml
+              name: traefik-toml
+              subPath: traefik.toml
+            - mountPath: /rules.toml
+              name: rules-toml
+              subPath: rules.toml
+      serviceAccountName: admin-user
+      terminationGracePeriodSeconds: 60
+      volumes:
+        - configMap:
+            name: rules-toml
+          name: rules-toml
+        - configMap:
+            name: traefik-toml
+          name: traefik-toml
+        - hostPath:
+            path: /var/run/docker.sock
+          name: volume-0
+        - hostPath:
+            path: /path/to/traefik/acme.json
+          name: volume-1
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/auth-realm: traefik
+    ingress.kubernetes.io/auth-secret: traefik-default-basic-auth
+    ingress.kubernetes.io/auth-type: basic
+  name: traefik-default
+spec:
+  rules:
+    - host: REDACTED
+      http:
+        paths:
+          - backend:
+              serviceName: traefik
+              servicePort: tcp-8080
+            path: /
+---
+apiVersion: v1
+data:
+  auth: UkVEQUNURUQ=
+kind: Secret
+metadata:
+  name: traefik-default-basic-auth
+type: Opaque
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik
+spec:
+  ports:
+    - name: tcp-8080
+      port: 8080
+      protocol: TCP
+      targetPort: 8080
+  selector:
+    service: traefik
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik-loadbalancer-tcp
+spec:
+  ports:
+    - name: tcp-80
+      port: 80
+      protocol: TCP
+      targetPort: 80
+    - name: tcp-443
+      port: 443
+      protocol: TCP
+      targetPort: 443
+    - name: tcp-8080
+      port: 8080
+      protocol: TCP
+      targetPort: 8080
+  selector:
+    service: traefik
+  type: LoadBalancer