lcy
/
truenas


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482
							suite: container envFixed test
templates:
  - common.yaml
tests:
  - it: should create the correct fixed envs
    set:
      image: &image
        repository: nginx
        tag: 1.19.0
        pullPolicy: IfNotPresent
      TZ: Europe/London
      workload:
        workload-name:
          enabled: true
          primary: true
          type: Deployment
          podSpec:
            containers:
              container-name1:
                enabled: true
                primary: true
                imageSelector: image
                probes: &probes
                  liveness:
                    enabled: false
                  readiness:
                    enabled: false
                  startup:
                    enabled: false
    asserts:
      - documentIndex: &deploymentDoc 0
        isKind:
          of: Deployment
      - documentIndex: *deploymentDoc
        isAPIVersion:
          of: apps/v1
      - documentIndex: *deploymentDoc
        isSubset:
          path: spec.template.spec.containers[0]
          content:
            env:
              - name: TZ
                value: Europe/London
              - name: UMASK
                value: "002"
              - name: UMASK_SET
                value: "002"
              - name: NVIDIA_VISIBLE_DEVICES
                value: "void"
              - name: S6_READ_ONLY_ROOT
                value: "1"

  - it: should create the correct fixed envs when running as root
    set:
      image: *image
      TZ: Europe/London
      securityContext:
        container:
          runAsUser: 0
          runAsGroup: 0
          runAsNonRoot: false
      workload:
        workload-name:
          enabled: true
          primary: true
          type: Deployment
          podSpec:
            containers:
              container-name1:
                enabled: true
                primary: true
                imageSelector: image
                probes: *probes
    asserts:
      - documentIndex: &deploymentDoc 0
        isKind:
          of: Deployment
      - documentIndex: *deploymentDoc
        isAPIVersion:
          of: apps/v1
      - documentIndex: *deploymentDoc
        isSubset:
          path: spec.template.spec.containers[0]
          content:
            env:
              - name: TZ
                value: Europe/London
              - name: UMASK
                value: "002"
              - name: UMASK_SET
                value: "002"
              - name: NVIDIA_VISIBLE_DEVICES
                value: "void"
              - name: PUID
                value: "568"
              - name: USER_ID
                value: "568"
              - name: UID
                value: "568"
              - name: PGID
                value: "568"
              - name: GROUP_ID
                value: "568"
              - name: GID
                value: "568"
              - name: S6_READ_ONLY_ROOT
                value: "1"

  - it: should create the correct fixed envs when running as root and changed fsGroup
    set:
      image: *image
      TZ: Europe/London
      securityContext:
        container:
          runAsUser: 0
          runAsGroup: 0
          runAsNonRoot: false
      workload:
        workload-name:
          enabled: true
          primary: true
          type: Deployment
          podSpec:
            securityContext:
              fsGroup: 1000
            containers:
              container-name1:
                enabled: true
                primary: true
                imageSelector: image
                probes: *probes
    asserts:
      - documentIndex: &deploymentDoc 0
        isKind:
          of: Deployment
      - documentIndex: *deploymentDoc
        isAPIVersion:
          of: apps/v1
      - documentIndex: *deploymentDoc
        isSubset:
          path: spec.template.spec.containers[0]
          content:
            env:
              - name: TZ
                value: Europe/London
              - name: UMASK
                value: "002"
              - name: UMASK_SET
                value: "002"
              - name: NVIDIA_VISIBLE_DEVICES
                value: "void"
              - name: PUID
                value: "568"
              - name: USER_ID
                value: "568"
              - name: UID
                value: "568"
              - name: PGID
                value: "1000"
              - name: GROUP_ID
                value: "1000"
              - name: GID
                value: "1000"
              - name: S6_READ_ONLY_ROOT
                value: "1"

  - it: should create the correct fixed envs when running as root and not readonly
    set:
      image: *image
      TZ: Europe/London
      securityContext:
        container:
          runAsUser: 0
          runAsGroup: 0
          runAsNonRoot: false
          readOnlyRootFilesystem: false
      workload:
        workload-name:
          enabled: true
          primary: true
          type: Deployment
          podSpec:
            containers:
              container-name1:
                enabled: true
                primary: true
                imageSelector: image
                probes: *probes
    asserts:
      - documentIndex: &deploymentDoc 0
        isKind:
          of: Deployment
      - documentIndex: *deploymentDoc
        isAPIVersion:
          of: apps/v1
      - documentIndex: *deploymentDoc
        isSubset:
          path: spec.template.spec.containers[0]
          content:
            env:
              - name: TZ
                value: Europe/London
              - name: UMASK
                value: "002"
              - name: UMASK_SET
                value: "002"
              - name: NVIDIA_VISIBLE_DEVICES
                value: "void"
              - name: PUID
                value: "568"
              - name: USER_ID
                value: "568"
              - name: UID
                value: "568"
              - name: PGID
                value: "568"
              - name: GROUP_ID
                value: "568"
              - name: GID
                value: "568"

  - it: should create the correct fixed envs with GPU
    set:
      scaleGPU:
        - gpu:
            nvidia.com/gpu: 1
          targetSelector:
            workload-name:
              - container-name1
      image: *image
      TZ: Europe/London
      resources:
        NVIDIA_CAPS:
          - compute
          - video
      workload:
        workload-name:
          enabled: true
          primary: true
          type: Deployment
          podSpec:
            containers:
              container-name1:
                enabled: true
                primary: true
                imageSelector: image
                probes: *probes
    asserts:
      - documentIndex: &deploymentDoc 0
        isKind:
          of: Deployment
      - documentIndex: *deploymentDoc
        isAPIVersion:
          of: apps/v1
      - documentIndex: *deploymentDoc
        isSubset:
          path: spec.template.spec.containers[0]
          content:
            env:
              - name: TZ
                value: Europe/London
              - name: UMASK
                value: "002"
              - name: UMASK_SET
                value: "002"
              - name: NVIDIA_DRIVER_CAPABILITIES
                value: "compute,video"
              - name: S6_READ_ONLY_ROOT
                value: "1"

  - it: should create the correct fixed envs with GPU and overridden on container level
    set:
      scaleGPU:
        - gpu:
            nvidia.com/gpu: 1
          targetSelector:
            workload-name:
              - container-name1
      image: *image
      TZ: Europe/London
      resources:
        NVIDIA_CAPS:
          - compute
          - video
      workload:
        workload-name:
          enabled: true
          primary: true
          type: Deployment
          podSpec:
            containers:
              container-name1:
                enabled: true
                primary: true
                imageSelector: image
                probes: *probes
                fixedEnv:
                  NVIDIA_CAPS:
                    - all
    asserts:
      - documentIndex: &deploymentDoc 0
        isKind:
          of: Deployment
      - documentIndex: *deploymentDoc
        isAPIVersion:
          of: apps/v1
      - documentIndex: *deploymentDoc
        isSubset:
          path: spec.template.spec.containers[0]
          content:
            env:
              - name: TZ
                value: Europe/London
              - name: UMASK
                value: "002"
              - name: UMASK_SET
                value: "002"
              - name: NVIDIA_DRIVER_CAPABILITIES
                value: "all"
              - name: S6_READ_ONLY_ROOT
                value: "1"

  - it: should create the correct fixed envs with PUID set to 0 on container level
    set:
      image: *image
      workload:
        workload-name:
          enabled: true
          primary: true
          type: Deployment
          podSpec:
            containers:
              container-name1:
                enabled: true
                primary: true
                imageSelector: image
                probes: *probes
                fixedEnv:
                  PUID: 0
                securityContext:
                  runAsUser: 0
                  runAsGroup: 0
                  runAsNonRoot: false
    asserts:
      - documentIndex: &deploymentDoc 0
        isKind:
          of: Deployment
      - documentIndex: *deploymentDoc
        isAPIVersion:
          of: apps/v1
      - documentIndex: *deploymentDoc
        isSubset:
          path: spec.template.spec.containers[0]
          content:
            env:
              - name: TZ
                value: UTC
              - name: UMASK
                value: "002"
              - name: UMASK_SET
                value: "002"
              - name: NVIDIA_VISIBLE_DEVICES
                value: "void"
              - name: PUID
                value: "0"
              - name: USER_ID
                value: "0"
              - name: UID
                value: "0"
              - name: PGID
                value: "568"
              - name: GROUP_ID
                value: "568"
              - name: GID
                value: "568"
              - name: S6_READ_ONLY_ROOT
                value: "1"

  - it: should create the correct fixed envs with large int values
    set:
      image: *image
      workload:
        workload-name:
          enabled: true
          primary: true
          type: Deployment
          podSpec:
            securityContext:
              fsGroup: 100000514
            containers:
              container-name1:
                enabled: true
                primary: true
                imageSelector: image
                probes: *probes
                fixedEnv:
                  PUID: 200000514
                securityContext:
                  runAsUser: 0
                  runAsGroup: 0
                  runAsNonRoot: false
    asserts:
      - documentIndex: &deploymentDoc 0
        isKind:
          of: Deployment
      - documentIndex: *deploymentDoc
        isAPIVersion:
          of: apps/v1
      - documentIndex: *deploymentDoc
        isSubset:
          path: spec.template.spec.containers[0]
          content:
            env:
              - name: TZ
                value: UTC
              - name: UMASK
                value: "002"
              - name: UMASK_SET
                value: "002"
              - name: NVIDIA_VISIBLE_DEVICES
                value: "void"
              - name: PUID
                value: "200000514"
              - name: USER_ID
                value: "200000514"
              - name: UID
                value: "200000514"
              - name: PGID
                value: "100000514"
              - name: GROUP_ID
                value: "100000514"
              - name: GID
                value: "100000514"
              - name: S6_READ_ONLY_ROOT
                value: "1"

  # # Failures
  - it: it should fail with NVIDIA_CAPS having invalid values
    set:
      image: *image
      workload:
        workload-name:
          enabled: true
          primary: true
          type: Deployment
          podSpec:
            containers:
              container-name1:
                enabled: true
                primary: true
                imageSelector: image
                probes: *probes
                fixedEnv:
                  NVIDIA_CAPS:
                    - invalid
                    - compute
    asserts:
      - failedTemplate:
          errorMessage: Container - Expected <fixedEnv.NVIDIA_CAPS> entry to be one of [all, compute, utility, graphics, video], but got [invalid]

  - it: it should fail with NVIDIA_CAPS not having unique values
    set:
      image: *image
      workload:
        workload-name:
          enabled: true
          primary: true
          type: Deployment
          podSpec:
            containers:
              container-name1:
                enabled: true
                primary: true
                imageSelector: image
                probes: *probes
                fixedEnv:
                  NVIDIA_CAPS:
                    - compute
                    - compute
    asserts:
      - failedTemplate:
          errorMessage: Container - Expected <fixedEnv.NVIDIA_CAPS> to have only unique values, but got [compute, compute]