Merge pull request #82 from snyk/fix/cra-deployments

fix: DRA helm chart installs failing
snyk · Oct 16, 2023 · 09a7505 · 09a7505
2 parents abf2d26 + f82e66d
commit 09a7505
Show file tree

Hide file tree

Showing 12 changed files with 306 additions and 29 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,2 +1,6 @@
 * @snyk/team-broker
 
+charts/snyk-broker/templates/cra_deployment.yaml @snyk/container-integration
+charts/snyk-broker/tests/broker_cra_deployment_test.yaml @snyk/container-integration
+charts/snyk-broker/tests/cra_deployment_test.yaml @snyk/container-integration
+charts/snyk-broker/tests/fixtures/default_values_cra.yaml @snyk/container-integration
diff --git a/charts/snyk-broker/Chart.yaml b/charts/snyk-broker/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
 name: snyk-broker
-version: 2.0.1
+version: 2.0.2
 description: A Helm chart for Kubernetes
 type: application
diff --git a/charts/snyk-broker/templates/broker_deployment.yaml b/charts/snyk-broker/templates/broker_deployment.yaml
@@ -270,7 +270,7 @@ spec:
                   name: {{ .Values.scmType}}-broker-token-{{ .Release.Name }}
                   key: "{{ .Values.scmType}}-broker-token-key"
             - name: CR_AGENT_URL
-              value: http://cra-service:{{ .Values.deployment.container.crSnykPort | toString }}
+              value: http://cra-service-{{ .Release.Name }}:{{ .Values.deployment.container.crSnykPort | toString }}
             - name: CR_TYPE
               value: {{ .Values.crType }}
             - name: CR_BASE
@@ -298,7 +298,7 @@ spec:
             - name: BROKER_CLIENT_URL
               value: {{ .Values.brokerClientUrl }}
             - name: BROKER_CLIENT_VALIDATION_URL
-              value: http://cra-service:{{ .Values.deployment.container.crSnykPort | toString }}/healthcheck
+              value: http://cra-service-{{ .Release.Name }}:{{ .Values.deployment.container.crSnykPort | toString }}/healthcheck
           {{- end }}
          {{- if .Values.enableCodeAgent }}
          # Code Agent

diff --git a/charts/snyk-broker/templates/cra_deployment.yaml b/charts/snyk-broker/templates/cra_deployment.yaml
@@ -29,7 +29,7 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      serviceAccountName: {{ include "snyk-broker.serviceAccountName" . }}
+      serviceAccountName: {{ include "snyk-broker.serviceAccountName" . }}-{{ .Release.Name }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
@@ -77,6 +77,6 @@ spec:
     - port: {{ .Values.deployment.container.crSnykPort }}
       targetPort: {{ .Values.deployment.container.crSnykPort}}
   selector:
-    app.kubernetes.io/name: {{ .Release.Name }}-cr
+    app.kubernetes.io/name: {{ .Release.Name }}-cr-{{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
diff --git a/charts/snyk-broker/tests/__snapshot__/broker_cra_deployment_test.yaml.snap b/charts/snyk-broker/tests/__snapshot__/broker_cra_deployment_test.yaml.snap
@@ -0,0 +1,152 @@
+with CRA:
+  1: |
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      labels:
+        app.kubernetes.io/instance: RELEASE-NAME
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: snyk-broker-RELEASE-NAME
+        helm.sh/chart: snyk-broker-2.0.2
+      name: container-registry-agent-broker-RELEASE-NAME
+      namespace: NAMESPACE
+    spec:
+      replicas: 1
+      selector:
+        matchLabels:
+          app.kubernetes.io/instance: RELEASE-NAME
+          app.kubernetes.io/name: snyk-broker-RELEASE-NAME
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/instance: RELEASE-NAME
+            app.kubernetes.io/name: snyk-broker-RELEASE-NAME
+        spec:
+          containers:
+            - env:
+                - name: BROKER_SERVER_URL
+                  value: https://broker.test.snyk.io
+                - name: BROKER_HEALTHCHECK_PATH
+                  value: /healthcheck
+                - name: BROKER_SYSTEMCHECK_PATH
+                  value: /systemcheck
+                - name: BROKER_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      key: container-registry-agent-broker-token-key
+                      name: container-registry-agent-broker-token-RELEASE-NAME
+                - name: CR_AGENT_URL
+                  value: http://cra-service-RELEASE-NAME:8081
+                - name: CR_TYPE
+                  value: null
+                - name: CR_BASE
+                  value: null
+                - name: CR_USERNAME
+                  value: null
+                - name: CR_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      key: container-registry-agent-token-key
+                      name: container-registry-agent-token-RELEASE-NAME
+                - name: CR_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      key: container-registry-agent-token-key
+                      name: container-registry-agent-token-RELEASE-NAME
+                - name: CR_ROLE_ARN
+                  value: arn:aws-us-gov:iam::123456789012:role
+                - name: CR_REGION
+                  value: eu-west
+                - name: CR_EXTERNAL_ID
+                  value: 11111111-1111-1111-1111-111111111111
+                - name: PORT
+                  value: "8000"
+                - name: BROKER_CLIENT_URL
+                  value: http://brokerclient
+                - name: BROKER_CLIENT_VALIDATION_URL
+                  value: http://cra-service-RELEASE-NAME:8081/healthcheck
+                - name: LOG_LEVEL
+                  value: info
+                - name: LOG_ENABLE_BODY
+                  value: "false"
+                - name: BROKER_DISPATCHER_BASE_URL
+                  value: https://api.test.snyk.io
+              image: snyk/broker:container-registry-agent
+              imagePullPolicy: Always
+              livenessProbe:
+                failureThreshold: 3
+                httpGet:
+                  path: /healthcheck
+                  port: 8000
+                initialDelaySeconds: 3
+                periodSeconds: 10
+                timeoutSeconds: 1
+              name: container-registry-agent-broker-RELEASE-NAME
+              ports:
+                - containerPort: 8000
+                  name: http
+              readinessProbe:
+                failureThreshold: 3
+                httpGet:
+                  path: /healthcheck
+                  port: 8000
+                initialDelaySeconds: 3
+                periodSeconds: 10
+                timeoutSeconds: 1
+              resources:
+                limits:
+                  cpu: 1
+                  memory: 256Mi
+                requests:
+                  cpu: 1
+                  memory: 256Mi
+              securityContext:
+                allowPrivilegeEscalation: false
+                capabilities:
+                  drop:
+                    - ALL
+                readOnlyRootFilesystem: true
+                runAsNonRoot: true
+                runAsUser: 1000
+              volumeMounts: null
+          securityContext: {}
+          serviceAccountName: snyk-broker-RELEASE-NAME
+          volumes: null
+  2: |
+    apiVersion: v1
+    kind: Service
+    metadata:
+      labels:
+        app.kubernetes.io/instance: RELEASE-NAME
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: snyk-broker-RELEASE-NAME
+        helm.sh/chart: snyk-broker-2.0.2
+      name: container-registry-agent-broker-service-RELEASE-NAME
+      namespace: NAMESPACE
+    spec:
+      ports:
+        - port: 8000
+          targetPort: 8000
+      selector:
+        app.kubernetes.io/instance: RELEASE-NAME
+        app.kubernetes.io/name: snyk-broker-RELEASE-NAME
+      type: ClusterIP
+  3: |
+    apiVersion: v1
+    data:
+      container-registry-agent-broker-token-key: MTIz
+    kind: Secret
+    metadata:
+      name: container-registry-agent-broker-token-RELEASE-NAME
+    type: Opaque
+  4: |
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      labels:
+        app.kubernetes.io/instance: RELEASE-NAME
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: snyk-broker-RELEASE-NAME
+        helm.sh/chart: snyk-broker-2.0.2
+      name: snyk-broker-RELEASE-NAME
+      namespace: NAMESPACE
diff --git a/charts/snyk-broker/tests/__snapshot__/broker_deployment_configmap_test.yaml.snap b/charts/snyk-broker/tests/__snapshot__/broker_deployment_configmap_test.yaml.snap
@@ -7,7 +7,7 @@ cacert:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: snyk-broker-RELEASE-NAME
-        helm.sh/chart: snyk-broker-2.0.1
+        helm.sh/chart: snyk-broker-2.0.2
       name: github-com-broker-RELEASE-NAME
       namespace: NAMESPACE
     spec:
@@ -111,7 +111,7 @@ cacert:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: snyk-broker-RELEASE-NAME
-        helm.sh/chart: snyk-broker-2.0.1
+        helm.sh/chart: snyk-broker-2.0.2
       name: github-com-broker-service-RELEASE-NAME
       namespace: NAMESPACE
     spec:
@@ -153,7 +153,7 @@ cacert:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: snyk-broker-RELEASE-NAME
-        helm.sh/chart: snyk-broker-2.0.1
+        helm.sh/chart: snyk-broker-2.0.2
       name: RELEASE-NAME-snyk-broker-cacert-configmap-RELEASE-NAME
       namespace: NAMESPACE
   4: |
@@ -172,7 +172,7 @@ cacert:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: snyk-broker-RELEASE-NAME
-        helm.sh/chart: snyk-broker-2.0.1
+        helm.sh/chart: snyk-broker-2.0.2
       name: snyk-broker-RELEASE-NAME
       namespace: NAMESPACE
 cacertfile:
@@ -184,7 +184,7 @@ cacertfile:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: snyk-broker-RELEASE-NAME
-        helm.sh/chart: snyk-broker-2.0.1
+        helm.sh/chart: snyk-broker-2.0.2
       name: github-com-broker-RELEASE-NAME
       namespace: NAMESPACE
     spec:
@@ -280,7 +280,7 @@ cacertfile:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: snyk-broker-RELEASE-NAME
-        helm.sh/chart: snyk-broker-2.0.1
+        helm.sh/chart: snyk-broker-2.0.2
       name: github-com-broker-service-RELEASE-NAME
       namespace: NAMESPACE
     spec:
@@ -301,7 +301,7 @@ cacertfile:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: snyk-broker-RELEASE-NAME
-        helm.sh/chart: snyk-broker-2.0.1
+        helm.sh/chart: snyk-broker-2.0.2
       name: RELEASE-NAME-snyk-broker-cacert-configmap-RELEASE-NAME
       namespace: NAMESPACE
   4: |
@@ -320,6 +320,6 @@ cacertfile:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: snyk-broker-RELEASE-NAME
-        helm.sh/chart: snyk-broker-2.0.1
+        helm.sh/chart: snyk-broker-2.0.2
       name: snyk-broker-RELEASE-NAME
       namespace: NAMESPACE
diff --git a/charts/snyk-broker/tests/__snapshot__/broker_deployment_ingress_test.yaml.snap b/charts/snyk-broker/tests/__snapshot__/broker_deployment_ingress_test.yaml.snap
@@ -7,7 +7,7 @@ ingress:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: snyk-broker-RELEASE-NAME
-        helm.sh/chart: snyk-broker-2.0.1
+        helm.sh/chart: snyk-broker-2.0.2
       name: github-com-broker-RELEASE-NAME
       namespace: NAMESPACE
     spec:
@@ -103,7 +103,7 @@ ingress:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: snyk-broker-RELEASE-NAME
-        helm.sh/chart: snyk-broker-2.0.1
+        helm.sh/chart: snyk-broker-2.0.2
       name: RELEASE-NAME-snyk-broker-RELEASE-NAME
       namespace: NAMESPACE
     spec:
@@ -123,7 +123,7 @@ ingress:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: snyk-broker-RELEASE-NAME
-        helm.sh/chart: snyk-broker-2.0.1
+        helm.sh/chart: snyk-broker-2.0.2
       name: github-com-broker-service-RELEASE-NAME
       namespace: NAMESPACE
     spec:
@@ -150,6 +150,6 @@ ingress:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: snyk-broker-RELEASE-NAME
-        helm.sh/chart: snyk-broker-2.0.1
+        helm.sh/chart: snyk-broker-2.0.2
       name: snyk-broker-RELEASE-NAME
       namespace: NAMESPACE