duynguyen/k8s-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1e6b9190f9b92431f22be64d54421bbacf05d505
k8s-cluster/manifest/sonarqube/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-createSecret_test.yaml
duynguyen e42544c877 add sonarqube
2026-04-27 21:52:01 +07:00

79 lines
3.0 KiB
YAML
Raw Blame History

suite: Admission Webhooks > Patch Job > Create Secret Job
templates:
- admission-webhooks/job-patch/job-createSecret.yaml
tests:
- it: should create a Job with token auto-mounting disabled if `controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken` is false
set:
controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken: false
asserts:
- equal:
path: spec.template.spec.automountServiceAccountToken
value: false
- it: should create a Job with `activeDeadlineSeconds` if `controller.admissionWebhooks.createSecretJob.activeDeadlineSeconds ` is set
set:
controller.admissionWebhooks.createSecretJob.activeDeadlineSeconds: 1
asserts:
- equal:
path: spec.activeDeadlineSeconds
value: 1
- it: should create a Job with custom volumes and volume mounts if `controller.admissionWebhooks.createSecretJob.volumes` and `controller.admissionWebhooks.createSecretJob.volumeMounts` are set
set:
controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken: false
controller.admissionWebhooks.createSecretJob.volumeMounts:
- name: kube-api-access
mountPath: /var/run/secrets/kubernetes.io/serviceaccount
readOnly: true
controller.admissionWebhooks.createSecretJob.volumes:
- name: kube-api-access
projected:
defaultMode: 0444
sources:
- serviceAccountToken:
path: token
expirationSeconds: 3600
- configMap:
name: kube-root-ca.crt
items:
- key: ca.crt
path: ca.crt
- downwardAPI:
items:
- path: namespace
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
asserts:
- equal:
path: spec.template.spec.automountServiceAccountToken
value: false
- equal:
path: spec.template.spec.containers[0].volumeMounts
value:
- name: kube-api-access
mountPath: /var/run/secrets/kubernetes.io/serviceaccount
readOnly: true
- equal:
path: spec.template.spec.volumes
value:
- name: kube-api-access
projected:
defaultMode: 0444
sources:
- serviceAccountToken:
path: token
expirationSeconds: 3600
- configMap:
name: kube-root-ca.crt
items:
- key: ca.crt
path: ca.crt
- downwardAPI:
items:
- path: namespace
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
Reference in New Issue View Git Blame Copy Permalink