diff --git a/charts/newrelic-logging/templates/_helpers.tpl b/charts/newrelic-logging/templates/_helpers.tpl index 03ecb8f6aa..d4c42e0197 100644 --- a/charts/newrelic-logging/templates/_helpers.tpl +++ b/charts/newrelic-logging/templates/_helpers.tpl @@ -48,14 +48,12 @@ Create the name of the fluent bit config Return the licenseKey */}} {{- define "newrelic-logging.licenseKey" -}} -{{- if .Values.global}} +{{- if .Values.licenseKey }} + {{- .Values.licenseKey -}} +{{- else if .Values.global }} {{- if .Values.global.licenseKey }} - {{- .Values.global.licenseKey -}} - {{- else -}} - {{- .Values.licenseKey | default "" -}} + {{- .Values.global.licenseKey -}} {{- end -}} -{{- else -}} - {{- .Values.licenseKey | default "" -}} {{- end -}} {{- end -}} @@ -63,14 +61,12 @@ Return the licenseKey Return the cluster name */}} {{- define "newrelic-logging.cluster" -}} -{{- if .Values.global}} +{{- if .Values.cluster }} + {{- .Values.cluster -}} +{{- else if .Values.global }} {{- if .Values.global.cluster }} {{- .Values.global.cluster -}} - {{- else -}} - {{- .Values.cluster | default "" -}} {{- end -}} -{{- else -}} - {{- .Values.cluster | default "" -}} {{- end -}} {{- end -}} @@ -78,14 +74,12 @@ Return the cluster name Return the customSecretName */}} {{- define "newrelic-logging.customSecretName" -}} -{{- if .Values.global }} +{{- if .Values.customSecretName }} + {{- .Values.customSecretName -}} +{{- else if .Values.global }} {{- if .Values.global.customSecretName }} - {{- .Values.global.customSecretName -}} - {{- else -}} - {{- .Values.customSecretName | default "" -}} + {{- .Values.global.customSecretName -}} {{- end -}} -{{- else -}} - {{- .Values.customSecretName | default "" -}} {{- end -}} {{- end -}} @@ -93,21 +87,15 @@ Return the customSecretName Return the customSecretLicenseKey */}} {{- define "newrelic-logging.customSecretKey" -}} -{{- if .Values.global }} +{{- if .Values.customSecretLicenseKey }} + {{- .Values.customSecretLicenseKey -}} +{{- else if .Values.customSecretKey }} + {{- .Values.customSecretKey -}} +{{- else if .Values.global }} {{- if .Values.global.customSecretLicenseKey }} - {{- .Values.global.customSecretLicenseKey -}} - {{- else -}} - {{- if .Values.global.customSecretKey }} - {{- .Values.global.customSecretKey -}} - {{- else -}} - {{- .Values.customSecretKey | default "" -}} - {{- end -}} - {{- end -}} -{{- else -}} - {{- if .Values.customSecretLicenseKey }} - {{- .Values.customSecretLicenseKey -}} - {{- else -}} - {{- .Values.customSecretKey | default "" -}} + {{- .Values.global.customSecretLicenseKey -}} + {{- else if .Values.global.customSecretKey }} + {{- .Values.global.customSecretKey -}} {{- end -}} {{- end -}} {{- end -}} @@ -116,12 +104,12 @@ Return the customSecretLicenseKey Returns nrStaging */}} {{- define "newrelic.nrStaging" -}} -{{- if .Values.global }} +{{- if .Values.nrStaging }} + {{- .Values.nrStaging -}} +{{- else if .Values.global }} {{- if .Values.global.nrStaging }} {{- .Values.global.nrStaging -}} {{- end -}} -{{- else if .Values.nrStaging }} - {{- .Values.nrStaging -}} {{- end -}} {{- end -}} @@ -129,12 +117,12 @@ Returns nrStaging Returns fargate */}} {{- define "newrelic.fargate" -}} -{{- if .Values.global }} +{{- if .Values.fargate }} + {{- .Values.fargate -}} +{{- else if .Values.global }} {{- if .Values.global.fargate }} {{- .Values.global.fargate -}} {{- end -}} -{{- else if .Values.fargate }} - {{- .Values.fargate -}} {{- end -}} {{- end -}} @@ -284,4 +272,60 @@ If additionalEnvVariables is set, renames to extraEnv. Returns extraEnv. {{- end -}} {{- end -}} +{{/* +Returns the image for the persistence init container. +Precedence: chart-specific repository > global.images.registry + default > chart default (busybox) +*/}} +{{- define "newrelic-logging.persistenceInitContainerImage" -}} +{{- $repository := .Values.fluentBit.persistenceInitContainerImage.repository -}} +{{- $defaultRepository := "busybox" -}} +{{- $registry := "" -}} +{{- if and .Values.global .Values.global.images }} + {{- $registry = .Values.global.images.registry | default "" -}} +{{- end -}} +{{- if and $registry (eq $repository $defaultRepository) -}} + {{- printf "%s/%s" $registry $defaultRepository -}} +{{- else -}} + {{- $repository -}} +{{- end -}} +{{- end -}} + +{{/* +Returns the pull policy for main image. +Precedence: chart-specific value > global.images.pullPolicy > default (IfNotPresent) +*/}} +{{- define "newrelic-logging.imagePullPolicy" -}} +{{- $globalPullPolicy := "" -}} +{{- if and .Values.global .Values.global.images -}} + {{- $globalPullPolicy = .Values.global.images.pullPolicy | default "" -}} +{{- end -}} +{{- $chartPullPolicy := .Values.image.pullPolicy | default "" -}} +{{- if $chartPullPolicy -}} + {{- $chartPullPolicy -}} +{{- else if $globalPullPolicy -}} + {{- $globalPullPolicy -}} +{{- else -}} + IfNotPresent +{{- end -}} +{{- end -}} + +{{/* +Returns the pull policy for persistence init container. +Precedence: chart-specific value > global.images.pullPolicy > default (IfNotPresent) +*/}} +{{- define "newrelic-logging.persistenceInitContainerImagePullPolicy" -}} +{{- $globalPullPolicy := "" -}} +{{- if and .Values.global .Values.global.images -}} + {{- $globalPullPolicy = .Values.global.images.pullPolicy | default "" -}} +{{- end -}} +{{- $chartPullPolicy := .Values.fluentBit.persistenceInitContainerImage.pullPolicy | default "" -}} +{{- if $chartPullPolicy -}} + {{- $chartPullPolicy -}} +{{- else if $globalPullPolicy -}} + {{- $globalPullPolicy -}} +{{- else -}} + IfNotPresent +{{- end -}} +{{- end -}} + diff --git a/charts/newrelic-logging/templates/daemonset-windows.yaml b/charts/newrelic-logging/templates/daemonset-windows.yaml index 573ea860fd..73e43bed12 100644 --- a/charts/newrelic-logging/templates/daemonset-windows.yaml +++ b/charts/newrelic-logging/templates/daemonset-windows.yaml @@ -6,7 +6,7 @@ metadata: namespace: {{ $.Release.Namespace }} labels: kubernetes.io/os: windows -{{ include "newrelic-logging.labels" $ | indent 4 }} + {{- include "newrelic.common.labels" $ | nindent 4 }} name: {{ template "newrelic-logging.fullname" $ }}-windows-{{ .version }} annotations: {{- if $.Values.daemonSet.annotations }} @@ -17,8 +17,7 @@ spec: type: {{ $.Values.updateStrategy }} selector: matchLabels: - app: {{ template "newrelic-logging.name" $ }} - release: {{ $.Release.Name }} + {{- include "newrelic.common.labels.selectorLabels" $ | nindent 6 }} kubernetes.io/os: windows template: metadata: @@ -28,13 +27,8 @@ spec: {{ toYaml $.Values.podAnnotations | indent 8}} {{- end }} labels: - app: {{ template "newrelic-logging.name" $ }} - release: {{ $.Release.Name }} kubernetes.io/os: windows - app.kubernetes.io/name: {{ template "newrelic-logging.name" $ }} - {{- if $.Values.podLabels}} -{{ toYaml $.Values.podLabels | indent 8 }} - {{- end }} + {{- include "newrelic.common.labels.podLabels" $ | nindent 8 }} spec: serviceAccountName: {{ include "newrelic.common.serviceAccount.name" $ }} {{- with include "newrelic.common.dnsConfig" $ }} @@ -47,8 +41,16 @@ spec: imagePullSecrets: {{- . | nindent 8 }} {{- end }} - {{- if $.Values.hostNetwork }} - hostNetwork: {{ $.Values.hostNetwork }} + {{- $hostNetwork := false }} + {{- if not (kindIs "invalid" $.Values.hostNetwork) }} + {{- $hostNetwork = $.Values.hostNetwork }} + {{- else if $.Values.global }} + {{- if not (kindIs "invalid" $.Values.global.hostNetwork) }} + {{- $hostNetwork = $.Values.global.hostNetwork }} + {{- end }} + {{- end }} + {{- if $hostNetwork }} + hostNetwork: {{ $hostNetwork }} {{- end }} {{- if $.Values.windows.initContainers }} initContainers: @@ -78,8 +80,18 @@ spec: {{- end }} - name: CLUSTER_NAME value: {{ include "newrelic-logging.cluster" $ }} + {{- $verboseLog := include "newrelic.common.verboseLog" $ -}} + {{- $logLevel := $.Values.fluentBit.logLevel | default "" -}} + {{- if $logLevel }} + - name: LOG_LEVEL + value: {{ $logLevel | quote }} + {{- else if $verboseLog }} - name: LOG_LEVEL - value: {{ $.Values.fluentBit.logLevel | quote }} + value: "debug" + {{- else }} + - name: LOG_LEVEL + value: "info" + {{- end }} - name: LOG_PARSER {{- if $.Values.fluentBit.criEnabled }} value: "cri,docker" @@ -115,7 +127,18 @@ spec: value: {{ $.Values.fluentBit.sendMetrics | default "false" | quote }} - name: METRICS_HOST value: {{ include "newrelic-logging.metricsHost" $ | quote }} - - name: FLUENTBIT_METRICS_TIER + {{- $globalProxy := "" }} + {{- if $.Values.global }} + {{- $globalProxy = $.Values.global.proxy | default "" }} + {{- end }} + {{- $proxy := $.Values.proxy | default $globalProxy | default "" }} + {{- if $proxy }} + - name: HTTP_PROXY + value: {{ $proxy | quote }} + - name: HTTPS_PROXY + value: {{ $proxy | quote }} + {{- end }} + - name: FLUENTBIT_METRICS_TIER value: {{ $.Values.fluentBit.fluentBitMetrics | default "basic" | quote }} {{- include "newrelic-logging.extraEnv" $ | nindent 12 }} - name: DAEMONSET_NAME @@ -181,20 +204,28 @@ spec: - name: progdata hostPath: path: C:\ProgramData - {{- if $.Values.priorityClassName }} - priorityClassName: {{ $.Values.priorityClassName }} + {{- with include "newrelic.common.priorityClassName" $ }} + priorityClassName: {{ . }} + {{- end }} + {{- with include "newrelic.common.affinity" $ }} + affinity: + {{- . | nindent 8 }} {{- end }} + {{- $nodeSelector := include "newrelic.common.nodeSelector" $ }} nodeSelector: + {{- if $nodeSelector }} + {{- $nodeSelector | nindent 8 }} + {{- end }} {{- if $.Values.windowsNodeSelector }} -{{ toYaml $.Values.windowsNodeSelector | indent 8 }} + {{- toYaml $.Values.windowsNodeSelector | nindent 8 }} {{- else }} kubernetes.io/os: windows # Windows containers can only be executed on hosts running the exact same Windows version and build number node.kubernetes.io/windows-build: {{ .buildNumber }} {{- end }} - {{- if $.Values.tolerations }} + {{- with include "newrelic.common.tolerations" $ }} tolerations: -{{ toYaml $.Values.tolerations | indent 8 }} + {{- . | nindent 8 }} {{- end }} --- {{- end }} diff --git a/charts/newrelic-logging/templates/daemonset.yaml b/charts/newrelic-logging/templates/daemonset.yaml index af6480c352..18b1a6eef1 100644 --- a/charts/newrelic-logging/templates/daemonset.yaml +++ b/charts/newrelic-logging/templates/daemonset.yaml @@ -3,7 +3,8 @@ apiVersion: apps/v1 kind: DaemonSet metadata: namespace: {{ .Release.Namespace }} - labels: {{ include "newrelic-logging.labels" . | indent 4 }} + labels: + {{- include "newrelic.common.labels" . | nindent 4 }} name: {{ template "newrelic-logging.fullname" . }} annotations: {{- if .Values.daemonSet.annotations }} @@ -14,8 +15,7 @@ spec: type: {{ .Values.updateStrategy }} selector: matchLabels: - app: {{ template "newrelic-logging.name" . }} - release: {{.Release.Name }} + {{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }} template: metadata: annotations: @@ -24,13 +24,8 @@ spec: {{ toYaml .Values.podAnnotations | indent 8}} {{- end }} labels: - app: {{ template "newrelic-logging.name" . }} - release: {{.Release.Name }} kubernetes.io/os: linux - app.kubernetes.io/name: {{ template "newrelic-logging.name" . }} - {{- if .Values.podLabels}} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} + {{- include "newrelic.common.labels.podLabels" . | nindent 8 }} spec: serviceAccountName: {{ include "newrelic.common.serviceAccount.name" . }} {{- with include "newrelic.common.dnsConfig" . }} @@ -47,13 +42,22 @@ spec: securityContext: {{- . | nindent 8 }} {{- end }} - {{- if .Values.hostNetwork }} - hostNetwork: {{ .Values.hostNetwork }} + {{- $hostNetwork := false }} + {{- if not (kindIs "invalid" .Values.hostNetwork) }} + {{- $hostNetwork = .Values.hostNetwork }} + {{- else if .Values.global }} + {{- if not (kindIs "invalid" .Values.global.hostNetwork) }} + {{- $hostNetwork = .Values.global.hostNetwork }} + {{- end }} + {{- end }} + {{- if $hostNetwork }} + hostNetwork: {{ $hostNetwork }} {{- end }} initContainers: {{- if and (.Values.fluentBit.persistence) (eq .Values.fluentBit.persistence.mode "persistentVolume") }} - name: init - image: busybox:1.36 + image: {{ include "newrelic-logging.persistenceInitContainerImage" . }}:{{ .Values.fluentBit.persistenceInitContainerImage.tag }} + imagePullPolicy: {{ include "newrelic-logging.persistenceInitContainerImagePullPolicy" . }} {{- with include "newrelic.common.securityContext.container" . }} securityContext: {{- . | nindent 12 }} @@ -74,7 +78,7 @@ spec: {{- . | nindent 12 }} {{- end }} image: {{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.image "context" .) }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" + imagePullPolicy: {{ include "newrelic-logging.imagePullPolicy" . }} env: - name: ENDPOINT value: {{ include "newrelic-logging.logsEndpoint" . | quote }} @@ -92,8 +96,18 @@ spec: {{- end }} - name: CLUSTER_NAME value: {{ include "newrelic-logging.cluster" . }} + {{- $verboseLog := include "newrelic.common.verboseLog" . -}} + {{- $logLevel := .Values.fluentBit.logLevel | default "" -}} + {{- if $logLevel }} + - name: LOG_LEVEL + value: {{ $logLevel | quote }} + {{- else if $verboseLog }} - name: LOG_LEVEL - value: {{ .Values.fluentBit.logLevel | quote }} + value: "debug" + {{- else }} + - name: LOG_LEVEL + value: "info" + {{- end }} - name: LOG_PARSER {{- if .Values.fluentBit.criEnabled }} value: "cri,docker" @@ -133,6 +147,17 @@ spec: value: {{ $.Values.fluentBit.sendMetrics | default "false" | quote }} - name: METRICS_HOST value: {{ include "newrelic-logging.metricsHost" . | quote }} + {{- $globalProxy := "" }} + {{- if .Values.global }} + {{- $globalProxy = .Values.global.proxy | default "" }} + {{- end }} + {{- $proxy := .Values.proxy | default $globalProxy | default "" }} + {{- if $proxy }} + - name: HTTP_PROXY + value: {{ $proxy | quote }} + - name: HTTPS_PROXY + value: {{ $proxy | quote }} + {{- end }} {{- include "newrelic-logging.extraEnv" . | nindent 12 }} - name: FLUENTBIT_METRICS_TIER value: {{ $.Values.fluentBit.fluentBitMetrics | default "basic" | quote }} @@ -209,14 +234,17 @@ spec: {{- if .Values.extraVolumes }} {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} - {{- if $.Values.priorityClassName }} - priorityClassName: {{ $.Values.priorityClassName }} + {{- with include "newrelic.common.priorityClassName" . }} + priorityClassName: {{ . }} {{- end }} - {{- if .Values.nodeAffinity }} + {{- $affinity := include "newrelic.common.affinity" . }} + {{- if or .Values.nodeAffinity $affinity (include "newrelic.fargate" .) }} affinity: + {{- if .Values.nodeAffinity }} nodeAffinity: {{ .Values.nodeAffinity | toYaml | nindent 10 }} - {{- else if include "newrelic.fargate" . }} - affinity: + {{- else if $affinity }} + {{- $affinity | nindent 8 }} + {{- else if include "newrelic.fargate" . }} nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: @@ -225,19 +253,24 @@ spec: operator: NotIn values: - fargate + {{- end }} {{- end }} + {{- $nodeSelector := include "newrelic.common.nodeSelector" . }} + {{- if or $nodeSelector $.Values.enableWindows }} nodeSelector: - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- else if $.Values.enableWindows }} + {{- if $nodeSelector }} + {{- $nodeSelector | nindent 8 }} + {{- end }} + {{- if $.Values.enableWindows }} # We add this only if Windows is enabled to keep backwards-compatibility. Prior to version 1.14, this label was # named beta.kubernetes.io/os. In version 1.14, it was deprecated and replaced by this one. Version 1.14 also # introduces Windows support. Therefore, anyone wishing to use Windows containers must bet at version >=1.14 and # are going to need this label, in order to avoid placing a linux container on a windows node, and vice-versa. kubernetes.io/os: linux {{- end }} - {{- if .Values.tolerations }} + {{- end }} + {{- with include "newrelic.common.tolerations" . }} tolerations: -{{ toYaml .Values.tolerations | indent 8 }} + {{- . | nindent 8 }} {{- end }} {{- end }} diff --git a/charts/newrelic-logging/tests/global-inheritance_test.yaml b/charts/newrelic-logging/tests/global-inheritance_test.yaml new file mode 100644 index 0000000000..3c1553ba90 --- /dev/null +++ b/charts/newrelic-logging/tests/global-inheritance_test.yaml @@ -0,0 +1,1076 @@ +suite: global value inheritance +templates: + - templates/configmap.yaml + - templates/daemonset.yaml + - templates/daemonset-windows.yaml + - templates/serviceaccount.yaml +release: + name: my-release + namespace: my-namespace +tests: + # ==================== + # Proxy Tests (3) + # ==================== + - it: proxy not set when neither global nor local provided + set: &base + licenseKey: nr_license_key + asserts: + - notContains: + path: spec.template.spec.containers[0].env + content: + name: HTTP_PROXY + template: templates/daemonset.yaml + - notContains: + path: spec.template.spec.containers[0].env + content: + name: HTTPS_PROXY + template: templates/daemonset.yaml + + - it: uses global.proxy when set + set: + <<: *base + enableWindows: true + global: + proxy: http://global-proxy.corp.net:3128 + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: HTTP_PROXY + value: http://global-proxy.corp.net:3128 + template: templates/daemonset.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: HTTPS_PROXY + value: http://global-proxy.corp.net:3128 + template: templates/daemonset.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: HTTP_PROXY + value: http://global-proxy.corp.net:3128 + template: templates/daemonset-windows.yaml + + - it: local proxy overrides global.proxy + set: + <<: *base + enableWindows: true + global: + proxy: http://global-proxy.corp.net:3128 + proxy: http://local-proxy.corp.net:8080 + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: HTTP_PROXY + value: http://local-proxy.corp.net:8080 + template: templates/daemonset.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: HTTPS_PROXY + value: http://local-proxy.corp.net:8080 + template: templates/daemonset.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: HTTP_PROXY + value: http://local-proxy.corp.net:8080 + template: templates/daemonset-windows.yaml + + # ==================== + # PriorityClassName Tests (3) + # ==================== + - it: priorityClassName not set when neither global nor local provided + set: + <<: *base + asserts: + - notExists: + path: spec.template.spec.priorityClassName + template: templates/daemonset.yaml + + - it: uses global.priorityClassName when set + set: + <<: *base + enableWindows: true + global: + priorityClassName: high-priority + asserts: + - equal: + path: spec.template.spec.priorityClassName + value: high-priority + template: templates/daemonset.yaml + - equal: + path: spec.template.spec.priorityClassName + value: high-priority + template: templates/daemonset-windows.yaml + + - it: local priorityClassName overrides global + set: + <<: *base + enableWindows: true + global: + priorityClassName: high-priority + priorityClassName: critical-priority + asserts: + - equal: + path: spec.template.spec.priorityClassName + value: critical-priority + template: templates/daemonset.yaml + - equal: + path: spec.template.spec.priorityClassName + value: critical-priority + template: templates/daemonset-windows.yaml + + # ==================== + # NodeSelector Tests (3) + # ==================== + - it: nodeSelector inherits global when no local provided + set: + <<: *base + enableWindows: true + global: + nodeSelector: + node.role/monitoring: "true" + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + node.role/monitoring: "true" + kubernetes.io/os: linux + template: templates/daemonset.yaml + - isSubset: + path: spec.template.spec.nodeSelector + content: + node.role/monitoring: "true" + template: templates/daemonset-windows.yaml + + - it: local nodeSelector overrides global + set: + <<: *base + enableWindows: true + global: + nodeSelector: + node.role/monitoring: "true" + nodeSelector: + node.role/logging: "true" + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + kubernetes.io/os: linux + node.role/logging: "true" + template: templates/daemonset.yaml + + - it: nodeSelector not set when neither global nor local provided and Windows disabled + set: + <<: *base + enableWindows: false + asserts: + - notExists: + path: spec.template.spec.nodeSelector + template: templates/daemonset.yaml + + # ==================== + # Tolerations Tests (3) + # ==================== + - it: tolerations inherit global when no local provided + set: + <<: *base + enableWindows: true + tolerations: [] + global: + tolerations: + - key: monitoring-taint + operator: Equal + value: "true" + effect: NoSchedule + asserts: + - contains: + path: spec.template.spec.tolerations + content: + key: monitoring-taint + operator: Equal + value: "true" + effect: NoSchedule + template: templates/daemonset.yaml + - contains: + path: spec.template.spec.tolerations + content: + key: monitoring-taint + operator: Equal + value: "true" + effect: NoSchedule + template: templates/daemonset-windows.yaml + + - it: local tolerations override global + set: + <<: *base + global: + tolerations: + - key: global-taint + operator: Exists + tolerations: + - key: local-taint + operator: Exists + asserts: + - contains: + path: spec.template.spec.tolerations + content: + key: local-taint + operator: Exists + template: templates/daemonset.yaml + - notContains: + path: spec.template.spec.tolerations + content: + key: global-taint + template: templates/daemonset.yaml + + - it: default tolerations apply when neither global nor local provided + set: + <<: *base + asserts: + - contains: + path: spec.template.spec.tolerations + content: + operator: Exists + effect: NoSchedule + template: templates/daemonset.yaml + - contains: + path: spec.template.spec.tolerations + content: + operator: Exists + effect: NoExecute + template: templates/daemonset.yaml + + # ==================== + # Affinity Tests (4) + # ==================== + - it: affinity not set when neither global nor local provided + set: + <<: *base + asserts: + - notExists: + path: spec.template.spec.affinity + template: templates/daemonset.yaml + + - it: uses global.affinity when set + set: + <<: *base + enableWindows: true + global: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node.type + operator: In + values: + - logging + asserts: + - isSubset: + path: spec.template.spec.affinity + content: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node.type + operator: In + values: + - logging + template: templates/daemonset.yaml + - isSubset: + path: spec.template.spec.affinity + content: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node.type + operator: In + values: + - logging + template: templates/daemonset-windows.yaml + + - it: local nodeAffinity overrides global.affinity + set: + <<: *base + global: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: global.key + operator: In + values: + - global + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: local.key + operator: In + values: + - local + asserts: + - equal: + path: spec.template.spec.affinity.nodeAffinity + value: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: local.key + operator: In + values: + - local + template: templates/daemonset.yaml + + - it: Fargate exclusion affinity applies when global.fargate is true + set: + <<: *base + global: + fargate: true + asserts: + - equal: + path: spec.template.spec.affinity.nodeAffinity + value: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: eks.amazonaws.com/compute-type + operator: NotIn + values: + - fargate + template: templates/daemonset.yaml + + # ==================== + # HostNetwork Tests (4) + # ==================== + - it: hostNetwork not set when neither global nor local provided + set: + <<: *base + asserts: + - notExists: + path: spec.template.spec.hostNetwork + template: templates/daemonset.yaml + + - it: hostNetwork not set when explicitly false + set: + <<: *base + hostNetwork: false + asserts: + - notExists: + path: spec.template.spec.hostNetwork + template: templates/daemonset.yaml + + - it: uses global.hostNetwork when set to true + set: + <<: *base + enableWindows: true + global: + hostNetwork: true + asserts: + - equal: + path: spec.template.spec.hostNetwork + value: true + template: templates/daemonset.yaml + - equal: + path: spec.template.spec.hostNetwork + value: true + template: templates/daemonset-windows.yaml + + - it: local hostNetwork overrides global + set: + <<: *base + enableWindows: true + global: + hostNetwork: false + hostNetwork: true + asserts: + - equal: + path: spec.template.spec.hostNetwork + value: true + template: templates/daemonset.yaml + - equal: + path: spec.template.spec.hostNetwork + value: true + template: templates/daemonset-windows.yaml + + # ==================== + # VerboseLog Tests (4) + # ==================== + - it: uses default log level when neither global.verboseLog nor local provided + set: + <<: *base + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: LOG_LEVEL + value: "info" + template: templates/daemonset.yaml + + - it: sets LOG_LEVEL to debug when global.verboseLog is true + set: + <<: *base + enableWindows: true + fluentBit: + logLevel: null + global: + verboseLog: true + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: LOG_LEVEL + value: "debug" + template: templates/daemonset.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: LOG_LEVEL + value: "debug" + template: templates/daemonset-windows.yaml + + - it: local fluentBit.logLevel overrides global.verboseLog + set: + <<: *base + global: + verboseLog: true + fluentBit: + logLevel: warn + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: LOG_LEVEL + value: "warn" + template: templates/daemonset.yaml + + - it: global.verboseLog false does not override local logLevel + set: + <<: *base + global: + verboseLog: false + fluentBit: + logLevel: error + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: LOG_LEVEL + value: "error" + template: templates/daemonset.yaml + + # ==================== + # LowDataMode Tests (3) + # ==================== + - it: lowDataMode defaults to false when not set + set: + <<: *base + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: LOW_DATA_MODE + value: "false" + template: templates/daemonset.yaml + + - it: uses global.lowDataMode when set + set: + <<: *base + enableWindows: true + global: + lowDataMode: true + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: LOW_DATA_MODE + value: "true" + template: templates/daemonset.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: LOW_DATA_MODE + value: "true" + template: templates/daemonset-windows.yaml + + - it: local lowDataMode overrides global + set: + <<: *base + global: + lowDataMode: true + lowDataMode: false + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: LOW_DATA_MODE + value: "false" + template: templates/daemonset.yaml + + # ==================== + # NrStaging Tests (2) + # ==================== + - it: uses prod endpoint when nrStaging not set + set: + <<: *base + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ENDPOINT + value: https://log-api.newrelic.com/log/v1 + template: templates/daemonset.yaml + + - it: uses staging endpoint when global.nrStaging is true + set: + <<: *base + global: + nrStaging: true + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ENDPOINT + value: https://staging-log-api.newrelic.com/log/v1 + template: templates/daemonset.yaml + + # ==================== + # Cluster Tests (2) + # ==================== + - it: uses global.cluster when set + set: + <<: *base + global: + cluster: global-cluster-01 + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: CLUSTER_NAME + value: global-cluster-01 + template: templates/daemonset.yaml + + - it: local cluster overrides global.cluster + set: + <<: *base + global: + cluster: global-cluster-01 + cluster: local-cluster-02 + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: CLUSTER_NAME + value: local-cluster-02 + template: templates/daemonset.yaml + + # ==================== + # LicenseKey Tests (2) + # ==================== + - it: uses global.licenseKey when set + set: + global: + licenseKey: global-license-key + asserts: + - equal: + path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.name + value: my-release-newrelic-logging-config + template: templates/daemonset.yaml + + - it: local licenseKey overrides global.licenseKey + set: + global: + licenseKey: global-license-key + licenseKey: local-license-key + asserts: + - equal: + path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.name + value: my-release-newrelic-logging-config + template: templates/daemonset.yaml + + # ==================== + # DnsConfig Tests (2) + # ==================== + - it: dnsConfig inherits from global + set: + <<: *base + global: + dnsConfig: + options: + - name: ndots + value: "1" + asserts: + - equal: + path: spec.template.spec.dnsConfig.options[0].name + value: ndots + template: templates/daemonset.yaml + + - it: local dnsConfig overrides global + set: + <<: *base + global: + dnsConfig: + options: + - name: ndots + value: "1" + dnsConfig: + options: + - name: ndots + value: "2" + asserts: + - equal: + path: spec.template.spec.dnsConfig.options[0].value + value: "2" + template: templates/daemonset.yaml + + # ==================== + # PodLabels Tests (2) + # ==================== + - it: pod inherits global.podLabels + set: + <<: *base + global: + podLabels: + global-label: global-value + asserts: + - isSubset: + path: spec.template.metadata.labels + content: + global-label: global-value + template: templates/daemonset.yaml + + - it: local podLabels merge with global + set: + <<: *base + global: + podLabels: + global-label: global-value + podLabels: + local-label: local-value + asserts: + - isSubset: + path: spec.template.metadata.labels + content: + global-label: global-value + local-label: local-value + template: templates/daemonset.yaml + + # ==================== + # Labels Tests (2) + # ==================== + - it: resource inherits global.labels + set: + <<: *base + global: + labels: + global-resource-label: global-value + asserts: + - isSubset: + path: metadata.labels + content: + global-resource-label: global-value + template: templates/daemonset.yaml + + - it: resource labels are applied + set: + <<: *base + global: + labels: + team: platform + asserts: + - isSubset: + path: metadata.labels + content: + team: platform + template: templates/daemonset.yaml + + # ==================== + # ServiceAccount Tests (3) + # ==================== + - it: uses global serviceAccount name when set + set: + <<: *base + global: + serviceAccount: + name: global-sa + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: global-sa + template: templates/daemonset.yaml + + - it: local serviceAccount name overrides global + set: + <<: *base + global: + serviceAccount: + name: global-sa + serviceAccount: + name: local-sa + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: local-sa + template: templates/daemonset.yaml + + - it: serviceAccount create is honored + set: + <<: *base + serviceAccount: + create: true + name: custom-sa + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: custom-sa + template: templates/daemonset.yaml + + # ==================== + # PodSecurityContext Tests (2) + # ==================== + - it: pod inherits global.podSecurityContext + set: + <<: *base + global: + podSecurityContext: + runAsUser: 1000 + fsGroup: 2000 + asserts: + - isSubset: + path: spec.template.spec.securityContext + content: + runAsUser: 1000 + fsGroup: 2000 + template: templates/daemonset.yaml + + - it: local podSecurityContext overrides global + set: + <<: *base + global: + podSecurityContext: + runAsUser: 1000 + podSecurityContext: + runAsUser: 3000 + asserts: + - isSubset: + path: spec.template.spec.securityContext + content: + runAsUser: 3000 + template: templates/daemonset.yaml + + # ==================== + # ContainerSecurityContext Tests (2) + # ==================== + - it: container inherits global.containerSecurityContext + set: + <<: *base + global: + containerSecurityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + asserts: + - isSubset: + path: spec.template.spec.containers[0].securityContext + content: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + template: templates/daemonset.yaml + + - it: local containerSecurityContext overrides global + set: + <<: *base + global: + containerSecurityContext: + readOnlyRootFilesystem: true + containerSecurityContext: + readOnlyRootFilesystem: false + asserts: + - isSubset: + path: spec.template.spec.containers[0].securityContext + content: + readOnlyRootFilesystem: false + template: templates/daemonset.yaml + + # ==================== + # images.registry Tests (2) + # ==================== + - it: should inherit global.images.registry when local not set + set: + <<: *base + global: + images: + registry: global-registry.io + asserts: + - matchRegex: + path: spec.template.spec.containers[0].image + pattern: ^global-registry\.io/ + template: templates/daemonset.yaml + + - it: should use local image.registry when both global and local are set + set: + <<: *base + global: + images: + registry: global-registry.io + image: + registry: local-registry.io + asserts: + - matchRegex: + path: spec.template.spec.containers[0].image + pattern: ^local-registry\.io/ + template: templates/daemonset.yaml + + # ==================== + # images.pullSecrets Tests (2) + # ==================== + - it: should inherit global.images.pullSecrets when local not set + set: + <<: *base + global: + images: + pullSecrets: + - name: global-secret + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: global-secret + template: templates/daemonset.yaml + + - it: should use local image.pullSecrets when both global and local are set + set: + <<: *base + global: + images: + pullSecrets: + - name: global-secret + image: + pullSecrets: + - name: local-secret + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: local-secret + template: templates/daemonset.yaml + + # ==================== + # serviceAccount.create Tests (2) + # ==================== + - it: should inherit global.serviceAccount.create when local not set + set: + <<: *base + global: + serviceAccount: + create: false + asserts: + - hasDocuments: + count: 0 + template: templates/serviceaccount.yaml + + - it: should use local serviceAccount.create when both global and local are set + set: + <<: *base + global: + serviceAccount: + create: false + serviceAccount: + create: true + asserts: + - hasDocuments: + count: 1 + template: templates/serviceaccount.yaml + + # ==================== + # serviceAccount.annotations Tests (2) + # ==================== + - it: should inherit global.serviceAccount.annotations when local not set + set: + <<: *base + global: + serviceAccount: + annotations: + global-annotation: global-value + asserts: + - equal: + path: metadata.annotations.global-annotation + value: global-value + template: templates/serviceaccount.yaml + + - it: should use local serviceAccount.annotations when both global and local are set + set: + <<: *base + global: + serviceAccount: + annotations: + global-annotation: global-value + serviceAccount: + annotations: + local-annotation: local-value + asserts: + - equal: + path: metadata.annotations.local-annotation + value: local-value + template: templates/serviceaccount.yaml + + # ==================== + # customSecretName Tests (2) + # ==================== + - it: should inherit global.customSecretName when local not set + set: + global: + customSecretName: global-secret + customSecretLicenseKey: global-key + asserts: + - equal: + path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.name + value: global-secret + template: templates/daemonset.yaml + - equal: + path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.key + value: global-key + template: templates/daemonset.yaml + + - it: should use local customSecretName when both global and local are set + set: + global: + customSecretName: global-secret + customSecretLicenseKey: global-key + customSecretName: local-secret + customSecretLicenseKey: local-key + asserts: + - equal: + path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.name + value: local-secret + template: templates/daemonset.yaml + - equal: + path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.key + value: local-key + template: templates/daemonset.yaml + + # ==================== + # dnsConfig Tests (2) + # ==================== + - it: should inherit global.dnsConfig when local not set + set: + <<: *base + global: + dnsConfig: + options: + - name: ndots + value: "1" + asserts: + - equal: + path: spec.template.spec.dnsConfig.options[0].name + value: ndots + template: templates/daemonset.yaml + + - it: should use local dnsConfig when both global and local are set + set: + <<: *base + global: + dnsConfig: + options: + - name: ndots + value: "1" + dnsConfig: + options: + - name: ndots + value: "2" + asserts: + - equal: + path: spec.template.spec.dnsConfig.options[0].value + value: "2" + template: templates/daemonset.yaml + + # ==================== + # nrStaging Tests (2) + # ==================== + - it: local nrStaging uses staging endpoint + set: + licenseKey: nr_license_key + nrStaging: true + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ENDPOINT + value: https://staging-log-api.newrelic.com/log/v1 + template: templates/daemonset.yaml + + - it: local nrStaging works alongside global values + set: + global: + licenseKey: eu_global_license_key + nrStaging: true + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ENDPOINT + value: https://staging-log-api.newrelic.com/log/v1 + template: templates/daemonset.yaml + + # ==================== + # fargate Tests (2) + # ==================== + - it: local fargate applies fargate exclusion affinity + set: + <<: *base + fargate: true + asserts: + - equal: + path: spec.template.spec.affinity.nodeAffinity + value: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: eks.amazonaws.com/compute-type + operator: NotIn + values: + - fargate + template: templates/daemonset.yaml + + - it: local fargate works when no global fargate set + set: + <<: *base + fargate: true + asserts: + - exists: + path: spec.template.spec.affinity + template: templates/daemonset.yaml + + # ==================== + # licenseKey Endpoint Tests (2) + # ==================== + - it: local licenseKey EU prefix selects EU endpoint even when global key is non-EU + set: + global: + licenseKey: us_global_license_key + licenseKey: eu_local_license_key + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ENDPOINT + value: https://log-api.eu.newrelic.com/log/v1 + template: templates/daemonset.yaml + + - it: global licenseKey EU prefix selects EU endpoint when no local key + set: + global: + licenseKey: eu_global_license_key + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ENDPOINT + value: https://log-api.eu.newrelic.com/log/v1 + template: templates/daemonset.yaml diff --git a/charts/newrelic-logging/tests/images_test.yaml b/charts/newrelic-logging/tests/images_test.yaml index fbd5879807..6e7e98a5f3 100644 --- a/charts/newrelic-logging/tests/images_test.yaml +++ b/charts/newrelic-logging/tests/images_test.yaml @@ -94,3 +94,183 @@ tests: - equal: path: spec.template.spec.imagePullSecrets[1].name value: regsecret + + # --------------------------------------------------------------------------- + # LICENSE_KEY env — verify secret name and key value, not just structure + # --------------------------------------------------------------------------- + - it: LICENSE_KEY env references the correct secret name and key + templates: + - templates/daemonset.yaml + set: + licenseKey: nr_license_key + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: LICENSE_KEY + valueFrom: + secretKeyRef: + name: my-release-newrelic-logging-config + key: license + + - it: LICENSE_KEY env uses customSecretName and customSecretLicenseKey when set + templates: + - templates/daemonset.yaml + set: + customSecretName: my-custom-secret + customSecretLicenseKey: my-custom-key + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: LICENSE_KEY + valueFrom: + secretKeyRef: + name: my-custom-secret + key: my-custom-key + + # --------------------------------------------------------------------------- + # Main image pullPolicy + # Precedence: chart-specific value > global.images.pullPolicy > default (IfNotPresent) + # --------------------------------------------------------------------------- + - it: Main image pullPolicy defaults to IfNotPresent when nothing set + templates: + - templates/daemonset.yaml + set: &main_pullpolicy_base + licenseKey: nr_license_key + image: + pullPolicy: "" + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: IfNotPresent + + - it: Main image pullPolicy uses global when no chart-specific value + templates: + - templates/daemonset.yaml + set: + <<: *main_pullpolicy_base + global: + images: + pullPolicy: Always + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + + - it: Main image chart-specific pullPolicy overrides global + templates: + - templates/daemonset.yaml + set: + <<: *main_pullpolicy_base + image: + pullPolicy: Never + global: + images: + pullPolicy: Always + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Never + + # --------------------------------------------------------------------------- + # Persistence init container — image and pullPolicy + # Precedence: chart-specific value > global.images.* > default + # --------------------------------------------------------------------------- + - it: Init container uses default busybox image when no global registry set + templates: + - templates/daemonset.yaml + set: &pvc_base + licenseKey: nr_license_key + fluentBit: + persistence: + mode: persistentVolume + persistentVolume: + storageClass: sample-rwx + asserts: + - equal: + path: spec.template.spec.initContainers[0].image + value: busybox:1.36 + + - it: Init container uses global registry when set and repository is default + templates: + - templates/daemonset.yaml + set: + <<: *pvc_base + global: + images: + registry: my-registry.com + asserts: + - equal: + path: spec.template.spec.initContainers[0].image + value: my-registry.com/busybox:1.36 + + - it: Init container chart-specific repository overrides global registry + templates: + - templates/daemonset.yaml + set: + <<: *pvc_base + global: + images: + registry: my-registry.com + fluentBit: + persistence: + mode: persistentVolume + persistentVolume: + storageClass: sample-rwx + persistenceInitContainerImage: + repository: my-mirror.com/busybox + asserts: + - matchRegex: + path: spec.template.spec.initContainers[0].image + pattern: "^my-mirror.com/busybox:" + + - it: Init container pullPolicy defaults to IfNotPresent when nothing set + templates: + - templates/daemonset.yaml + set: &init_pullpolicy_base + licenseKey: nr_license_key + fluentBit: + persistence: + mode: persistentVolume + persistentVolume: + storageClass: sample-rwx + persistenceInitContainerImage: + pullPolicy: "" + asserts: + - equal: + path: spec.template.spec.initContainers[0].imagePullPolicy + value: IfNotPresent + + - it: Init container pullPolicy uses global when no chart-specific value + templates: + - templates/daemonset.yaml + set: + <<: *init_pullpolicy_base + global: + images: + pullPolicy: Always + asserts: + - equal: + path: spec.template.spec.initContainers[0].imagePullPolicy + value: Always + + - it: Init container chart-specific pullPolicy overrides global + templates: + - templates/daemonset.yaml + set: + <<: *init_pullpolicy_base + fluentBit: + persistence: + mode: persistentVolume + persistentVolume: + storageClass: sample-rwx + persistenceInitContainerImage: + pullPolicy: Never + global: + images: + pullPolicy: Always + asserts: + - equal: + path: spec.template.spec.initContainers[0].imagePullPolicy + value: Never diff --git a/charts/newrelic-logging/values.yaml b/charts/newrelic-logging/values.yaml index eb0cee6d25..91ade820ac 100644 --- a/charts/newrelic-logging/values.yaml +++ b/charts/newrelic-logging/values.yaml @@ -25,8 +25,15 @@ # # endpoint: https://log-api.newrelic.com/log/v1 # metricsEndpoint: metric-api.newrelic.com + +# -- HTTP/HTTPS proxy URL for Fluent Bit to reach New Relic. Can be configured also with `global.proxy` +proxy: "" + fluentBit: - logLevel: "info" + # logLevel: Set the log level for Fluent Bit (trace, debug, info, warn, error, off) + # When empty, defaults to "info" unless global.verboseLog is true (then "debug") + # Override this to explicitly set a log level, which takes precedence over global.verboseLog + logLevel: "" path: "/var/log/containers/*.log" linuxMountPath: /var windowsPath: "C:\\var\\log\\containers\\*.log" @@ -60,6 +67,12 @@ fluentBit: # - name: MY_TEMPLATIZED_ENV # value: "templatization example {{ .Values.someValue }}" + # -- Image for the persistence init container (busybox). Defaults to busybox. If global.images.registry is set, it will be used instead. + persistenceInitContainerImage: + repository: busybox + tag: "1.36" + pullPolicy: "" + # Indicates how fluent-bit database is persisted persistence: # Define the persistent mode for fluent-bit db, allowed options are `hostPath` (default), `none`, `persistentVolume`.