Skip to content

Commit

Permalink
Add lint and dry run checks for the Helm chart (kubernetes-sigs#2099)
Browse files Browse the repository at this point in the history
  • Loading branch information
Fawad Khaliq authored Jun 24, 2021
1 parent a03084b commit b43e566
Show file tree
Hide file tree
Showing 4 changed files with 245 additions and 1 deletion.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
*.so
*.dylib
bin
build

# mkdocs generated live docs
site
Expand Down
7 changes: 6 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@

MAKEFILE_PATH = $(dir $(realpath -s $(firstword $(MAKEFILE_LIST))))

# Image URL to use all building/pushing image targets
IMG ?= amazon/aws-alb-ingress-controller:v2.2.0

Expand All @@ -14,7 +16,7 @@ endif
all: controller

# Run tests
test: generate fmt vet manifests
test: generate fmt vet manifests helm-lint
go test -race ./pkg/... ./webhooks/... -coverprofile cover.out

# Build controller binary
Expand Down Expand Up @@ -51,6 +53,9 @@ fmt:
vet:
go vet ./...

helm-lint:
${MAKEFILE_PATH}/test/helm/helm-lint.sh

# Generate code
generate: controller-gen
$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
Expand Down
181 changes: 181 additions & 0 deletions helm/aws-load-balancer-controller/test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,181 @@
# Default values for aws-load-balancer-controller.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

replicaCount: 2

image:
repository: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller
tag: v2.2.0
pullPolicy: IfNotPresent

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

# The name of the Kubernetes cluster. A non-empty value is required
clusterName: test-cluster

serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
# Automount API credentials for a Service Account.
automountServiceAccountToken: true

rbac:
# Specifies whether rbac resources should be created
create: true

podSecurityContext:
fsGroup: 65534

securityContext:
# capabilities:
# drop:
# - ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
allowPrivilegeEscalation: false

# Time period for the controller pod to do a graceful shutdown
terminationGracePeriodSeconds: 10

resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi

# priorityClassName specifies the PriorityClass to indicate the importance of controller pods
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
priorityClassName: system-cluster-critical

nodeSelector: {}

tolerations: []

affinity: {}

podAnnotations: {}

podLabels: {}

# Enable cert-manager
enableCertManager: false

# The ingress class this controller will satisfy. If not specified, controller will match all
# ingresses without ingress class annotation and ingresses of type alb
ingressClass: alb

# The AWS region for the kubernetes cluster. Set to use KIAM or kube2iam for example.
region:

# The VPC ID for the Kubernetes cluster. Set this manually when your pods are unable to use the metadata service to determine this automatically
vpcId:

# Maximum retries for AWS APIs (default 10)
awsMaxRetries:

# If enabled, targetHealth readiness gate will get injected to the pod spec for the matching endpoint pods (default true)
enablePodReadinessGateInject:

# Enable Shield addon for ALB (default true)
enableShield:

# Enable WAF addon for ALB (default true)
enableWaf:

# Enable WAF V2 addon for ALB (default true)
enableWafv2:

# Maximum number of concurrently running reconcile loops for ingress (default 3)
ingressMaxConcurrentReconciles:

# Set the controller log level - info(default), debug (default "info")
logLevel:

# The address the metric endpoint binds to. (default ":8080")
metricsBindAddr: ""

# The TCP port the Webhook server binds to. (default 9443)
webhookBindPort:

# Maximum number of concurrently running reconcile loops for service (default 3)
serviceMaxConcurrentReconciles:

# Maximum number of concurrently running reconcile loops for targetGroupBinding
targetgroupbindingMaxConcurrentReconciles:

# Period at which the controller forces the repopulation of its local object stores. (default 1h0m0s)
syncPeriod:

# Namespace the controller watches for updates to Kubernetes objects, If empty, all namespaces are watched.
watchNamespace:

# disableIngressClassAnnotation disables the usage of kubernetes.io/ingress.class annotation, false by default
disableIngressClassAnnotation:

# disableIngressGroupNameAnnotation disables the usage of alb.ingress.kubernetes.io/group.name annotation, false by default
disableIngressGroupNameAnnotation:

# defaultSSLPolicy specifies the default SSL policy to use for TLS/HTTPS listeners
defaultSSLPolicy:

# Liveness probe configuration for the controller
livenessProbe:
failureThreshold: 2
httpGet:
path: /healthz
port: 61779
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 10

# Environment variables to set for aws-load-balancer-controller pod.
# We strongly discourage programming access credentials in the controller environment. You should setup IRSA or
# comparable solutions like kube2iam, kiam etc instead.
env:

# Specifies if aws-load-balancer-controller should be started in hostNetwork mode.
#
# This is required if using a custom CNI where the managed control plane nodes are unable to initiate
# network connections to the pods, for example using Calico CNI plugin on EKS. This is not required or
# recommended if using the Amazon VPC CNI plugin.
hostNetwork: false

# extraVolumeMounts are the additional volume mounts. This enables setting up IRSA on non-EKS Kubernetes cluster
extraVolumeMounts:
- name: aws-iam-token
mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount
readOnly: true

# extraVolumes for the extraVolumeMounts. Useful to mount a projected service account token for example.
extraVolumes:
- name: aws-iam-token
projected:
defaultMode: 420
sources:
- serviceAccountToken:
audience: sts.amazonaws.com
expirationSeconds: 86400
path: token

# defaultTags are the tags to apply to all AWS resources managed by this controller
defaultTags:
default_tag1: value1
default_tag2: value2

# podDisruptionBudget specifies the disruption budget for the controller pods.
# Disruption budget will be configured only when the replicaCount is greater than 1
podDisruptionBudget:
maxUnavailable: 1

# externalManagedTags is the list of tag keys on AWS resources that will be managed externally
externalManagedTags: []
57 changes: 57 additions & 0 deletions test/helm/helm-lint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
#!/usr/bin/env bash
set -euo pipefail

set +x

SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )"
TMP_DIR="$SCRIPTPATH/../../build"
PLATFORM=$(uname | tr '[:upper:]' '[:lower:]')
HELM3_VERSION="3.3.1"
HELM2_VERSION="2.16.10"
HELM_DIR="${SCRIPTPATH}/../../helm"
LB_HELM_CHART=${HELM_DIR}/aws-load-balancer-controller

mkdir -p $TMP_DIR

if [ ! -x "$TMP_DIR/helm" ]; then
echo " Downloading the \"helm3\" binary"
curl -L https://get.helm.sh/helm-v$HELM3_VERSION-$PLATFORM-amd64.tar.gz | tar zxf - -C $TMP_DIR
mv $TMP_DIR/$PLATFORM-amd64/helm $TMP_DIR/.
chmod +x $TMP_DIR/helm
echo " Downloaded the \"helm\" binary"
fi

if [ ! -x "$TMP_DIR/helm2" ]; then
echo " Downloading the \"helm2\" binary"
curl -L https://get.helm.sh/helm-v$HELM2_VERSION-$PLATFORM-amd64.tar.gz | tar zxf - -C $TMP_DIR
mv $TMP_DIR/$PLATFORM-amd64/helm $TMP_DIR/helm2
chmod +x $TMP_DIR/helm2
echo " Downloaded the \"helm2\" binary"
fi
export PATH=$TMP_DIR:$PATH

echo "=============================================================================="
echo " Linting Helm Chart w/ Helm v3"
echo "=============================================================================="
helm lint $LB_HELM_CHART

echo "=============================================================================="
echo " Linting Helm Chart w/ Helm v2"
echo "=============================================================================="
helm2 lint $LB_HELM_CHART

echo " Helm Linting for v2 and v3 have successfully completed!"

echo "=============================================================================="
echo " Generate Template w/ Helm v3"
echo "=============================================================================="

helm template aws-load-balancer-controller "${LB_HELM_CHART}" --debug --namespace=kube-system -f "${LB_HELM_CHART}/test.yaml" > /dev/null

echo "=============================================================================="
echo " Generate Template w/ Helm v2"
echo "=============================================================================="

helm2 template --name aws-load-balancer-controller "${LB_HELM_CHART}" --debug --namespace=kube-system -f "${LB_HELM_CHART}/test.yaml" > /dev/null

echo " Helm template generation for v2 and v3 have successfully completed!"

0 comments on commit b43e566

Please sign in to comment.