From ae21097386443ecc492e013d01a97b3e357b7af8 Mon Sep 17 00:00:00 2001 From: Viet Nguyen Duc Date: Mon, 7 Apr 2025 23:59:55 +0700 Subject: [PATCH 1/2] K8s: Strictly handle `basicAuth.enabled` in template Signed-off-by: Viet Nguyen Duc --- charts/selenium-grid/templates/_helpers.tpl | 6 ++++++ charts/selenium-grid/templates/basic-auth-secret.yaml | 2 +- charts/selenium-grid/templates/distributor-deployment.yaml | 2 ++ charts/selenium-grid/templates/event-bus-deployment.yaml | 6 ++++-- charts/selenium-grid/templates/hub-deployment.yaml | 6 ++++-- charts/selenium-grid/templates/router-deployment.yaml | 6 ++++-- charts/selenium-grid/templates/session-map-deployment.yaml | 6 ++++-- .../selenium-grid/templates/session-queue-deployment.yaml | 6 ++++-- charts/selenium-grid/templates/trigger-auth.yaml | 2 ++ 9 files changed, 31 insertions(+), 11 deletions(-) diff --git a/charts/selenium-grid/templates/_helpers.tpl b/charts/selenium-grid/templates/_helpers.tpl index f35657353b..c48c2e590b 100644 --- a/charts/selenium-grid/templates/_helpers.tpl +++ b/charts/selenium-grid/templates/_helpers.tpl @@ -419,8 +419,10 @@ template: name: {{ template "seleniumGrid.server.configmap.fullname" $ }} - secretRef: name: {{ template "seleniumGrid.common.secrets.fullname" $ }} + {{- if $.Values.basicAuth.enabled }} - secretRef: name: {{ template "seleniumGrid.basicAuth.secrets.fullname" $ }} + {{- end }} {{- with .node.extraEnvFrom }} {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} @@ -547,8 +549,10 @@ template: name: {{ template "seleniumGrid.recorder.configmap.fullname" $ }} - configMapRef: name: {{ template "seleniumGrid.server.configmap.fullname" $ }} + {{- if $.Values.basicAuth.enabled }} - secretRef: name: {{ template "seleniumGrid.basicAuth.secrets.fullname" $ }} + {{- end }} {{- if and .recorder.uploader.enabled (empty .recorder.uploader.name) }} - secretRef: name: {{ tpl (default (include "seleniumGrid.common.secrets.fullname" $) $.Values.uploaderConfigMap.secretVolumeMountName) $ }} @@ -606,8 +610,10 @@ template: envFrom: - configMapRef: name: {{ template "seleniumGrid.uploader.configmap.fullname" $ }} + {{- if $.Values.basicAuth.enabled }} - secretRef: name: {{ template "seleniumGrid.basicAuth.secrets.fullname" $ }} + {{- end }} - secretRef: name: {{ tpl (default (include "seleniumGrid.common.secrets.fullname" $) $.Values.uploaderConfigMap.secretVolumeMountName) $ }} {{- with .uploader.extraEnvFrom }} diff --git a/charts/selenium-grid/templates/basic-auth-secret.yaml b/charts/selenium-grid/templates/basic-auth-secret.yaml index 93e85d9127..afedba018d 100644 --- a/charts/selenium-grid/templates/basic-auth-secret.yaml +++ b/charts/selenium-grid/templates/basic-auth-secret.yaml @@ -1,4 +1,4 @@ -{{- if $.Values.basicAuth.create }} +{{- if and $.Values.basicAuth.create $.Values.basicAuth.enabled }} apiVersion: v1 kind: Secret metadata: diff --git a/charts/selenium-grid/templates/distributor-deployment.yaml b/charts/selenium-grid/templates/distributor-deployment.yaml index 2f1064211b..c04697a35d 100644 --- a/charts/selenium-grid/templates/distributor-deployment.yaml +++ b/charts/selenium-grid/templates/distributor-deployment.yaml @@ -93,8 +93,10 @@ spec: name: {{ template "seleniumGrid.server.configmap.fullname" . }} - secretRef: name: {{ template "seleniumGrid.common.secrets.fullname" $ }} + {{- if $.Values.basicAuth.enabled }} - secretRef: name: {{ template "seleniumGrid.basicAuth.secrets.fullname" $ }} + {{- end }} {{- with .Values.components.extraEnvFrom }} {{- toYaml . | nindent 12 }} {{- end }} diff --git a/charts/selenium-grid/templates/event-bus-deployment.yaml b/charts/selenium-grid/templates/event-bus-deployment.yaml index 1e60038ba0..02f4e77b8e 100644 --- a/charts/selenium-grid/templates/event-bus-deployment.yaml +++ b/charts/selenium-grid/templates/event-bus-deployment.yaml @@ -72,8 +72,10 @@ spec: name: {{ template "seleniumGrid.server.configmap.fullname" $ }} - secretRef: name: {{ template "seleniumGrid.common.secrets.fullname" $ }} + {{- if $.Values.basicAuth.enabled }} - secretRef: name: {{ template "seleniumGrid.basicAuth.secrets.fullname" $ }} + {{- end }} {{- with .Values.components.extraEnvFrom }} {{- toYaml . | nindent 12 }} {{- end }} @@ -99,8 +101,8 @@ spec: {{- $affinityYaml := default .Values.global.seleniumGrid.affinity .Values.components.eventBus.affinity }} affinity: {{- toYaml $affinityYaml | nindent 8 }} {{- end }} - {{- if or .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.distributor.topologySpreadConstraints }} - {{- $topologySpreadConstraints := default .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.distributor.topologySpreadConstraints }} + {{- if or .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.eventBus.topologySpreadConstraints }} + {{- $topologySpreadConstraints := default .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.eventBus.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := $topologySpreadConstraints }} - {{ toYaml $constraint | nindent 10 | trim }} diff --git a/charts/selenium-grid/templates/hub-deployment.yaml b/charts/selenium-grid/templates/hub-deployment.yaml index 890c0f91cd..55abce2cc2 100644 --- a/charts/selenium-grid/templates/hub-deployment.yaml +++ b/charts/selenium-grid/templates/hub-deployment.yaml @@ -145,8 +145,10 @@ spec: name: {{ template "seleniumGrid.server.configmap.fullname" $ }} - secretRef: name: {{ template "seleniumGrid.common.secrets.fullname" $ }} + {{- if $.Values.basicAuth.enabled }} - secretRef: name: {{ template "seleniumGrid.basicAuth.secrets.fullname" $ }} + {{- end }} {{- with .Values.hub.extraEnvFrom }} {{- toYaml . | nindent 12 }} {{- end }} @@ -182,8 +184,8 @@ spec: {{- $affinityYaml := default .Values.global.seleniumGrid.affinity .Values.hub.affinity }} affinity: {{- toYaml $affinityYaml | nindent 8 }} {{- end }} - {{- if or .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.distributor.topologySpreadConstraints }} - {{- $topologySpreadConstraints := default .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.distributor.topologySpreadConstraints }} + {{- if or .Values.global.seleniumGrid.topologySpreadConstraints .Values.hub.topologySpreadConstraints }} + {{- $topologySpreadConstraints := default .Values.global.seleniumGrid.topologySpreadConstraints .Values.hub.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := $topologySpreadConstraints }} - {{ toYaml $constraint | nindent 10 | trim }} diff --git a/charts/selenium-grid/templates/router-deployment.yaml b/charts/selenium-grid/templates/router-deployment.yaml index dcfb297b0e..f2b5198753 100644 --- a/charts/selenium-grid/templates/router-deployment.yaml +++ b/charts/selenium-grid/templates/router-deployment.yaml @@ -86,8 +86,10 @@ spec: name: {{ template "seleniumGrid.server.configmap.fullname" $ }} - secretRef: name: {{ template "seleniumGrid.common.secrets.fullname" $ }} + {{- if $.Values.basicAuth.enabled }} - secretRef: name: {{ template "seleniumGrid.basicAuth.secrets.fullname" $ }} + {{- end }} {{- with .Values.components.extraEnvFrom }} {{- toYaml . | nindent 12 }} {{- end }} @@ -172,8 +174,8 @@ spec: {{- $affinityYaml := default .Values.global.seleniumGrid.affinity .Values.components.router.affinity }} affinity: {{- toYaml $affinityYaml | nindent 8 }} {{- end }} - {{- if or .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.distributor.topologySpreadConstraints }} - {{- $topologySpreadConstraints := default .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.distributor.topologySpreadConstraints }} + {{- if or .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.router.topologySpreadConstraints }} + {{- $topologySpreadConstraints := default .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.router.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := $topologySpreadConstraints }} - {{ toYaml $constraint | nindent 10 | trim }} diff --git a/charts/selenium-grid/templates/session-map-deployment.yaml b/charts/selenium-grid/templates/session-map-deployment.yaml index 91f2887aca..a49b2b5085 100644 --- a/charts/selenium-grid/templates/session-map-deployment.yaml +++ b/charts/selenium-grid/templates/session-map-deployment.yaml @@ -68,8 +68,10 @@ spec: name: {{ template "seleniumGrid.server.configmap.fullname" $ }} - secretRef: name: {{ template "seleniumGrid.common.secrets.fullname" $ }} + {{- if $.Values.basicAuth.enabled }} - secretRef: name: {{ template "seleniumGrid.basicAuth.secrets.fullname" $ }} + {{- end }} - configMapRef: name: {{ template "seleniumGrid.eventBus.configmap.fullname" $ }} {{- with .Values.components.extraEnvFrom }} @@ -100,8 +102,8 @@ spec: {{- $affinityYaml := default .Values.global.seleniumGrid.affinity .Values.components.sessionMap.affinity }} affinity: {{- toYaml $affinityYaml | nindent 8 }} {{- end }} - {{- if or .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.distributor.topologySpreadConstraints }} - {{- $topologySpreadConstraints := default .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.distributor.topologySpreadConstraints }} + {{- if or .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.sessionMap.topologySpreadConstraints }} + {{- $topologySpreadConstraints := default .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.sessionMap.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := $topologySpreadConstraints }} - {{ toYaml $constraint | nindent 10 | trim }} diff --git a/charts/selenium-grid/templates/session-queue-deployment.yaml b/charts/selenium-grid/templates/session-queue-deployment.yaml index 0ab20f5ac9..17e0e216ca 100644 --- a/charts/selenium-grid/templates/session-queue-deployment.yaml +++ b/charts/selenium-grid/templates/session-queue-deployment.yaml @@ -65,8 +65,10 @@ spec: name: {{ template "seleniumGrid.server.configmap.fullname" $ }} - secretRef: name: {{ template "seleniumGrid.common.secrets.fullname" $ }} + {{- if $.Values.basicAuth.enabled }} - secretRef: name: {{ template "seleniumGrid.basicAuth.secrets.fullname" $ }} + {{- end }} {{- with .Values.components.extraEnvFrom }} {{- toYaml . | nindent 12 }} {{- end }} @@ -95,8 +97,8 @@ spec: {{- $affinityYaml := default .Values.global.seleniumGrid.affinity .Values.components.sessionQueue.affinity }} affinity: {{- toYaml $affinityYaml | nindent 8 }} {{- end }} - {{- if or .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.distributor.topologySpreadConstraints }} - {{- $topologySpreadConstraints := default .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.distributor.topologySpreadConstraints }} + {{- if or .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.sessionQueue.topologySpreadConstraints }} + {{- $topologySpreadConstraints := default .Values.global.seleniumGrid.topologySpreadConstraints .Values.components.sessionQueue.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := $topologySpreadConstraints }} - {{ toYaml $constraint | nindent 10 | trim }} diff --git a/charts/selenium-grid/templates/trigger-auth.yaml b/charts/selenium-grid/templates/trigger-auth.yaml index 4fbf64dde5..6d2872f3b6 100644 --- a/charts/selenium-grid/templates/trigger-auth.yaml +++ b/charts/selenium-grid/templates/trigger-auth.yaml @@ -18,10 +18,12 @@ spec: - parameter: url name: {{ template "seleniumGrid.common.secrets.fullname" $ }} key: SE_NODE_GRID_GRAPHQL_URL + {{- if $.Values.basicAuth.enabled }} - parameter: username name: {{ template "seleniumGrid.basicAuth.secrets.fullname" $ }} key: SE_ROUTER_USERNAME - parameter: password name: {{ template "seleniumGrid.basicAuth.secrets.fullname" $ }} key: SE_ROUTER_PASSWORD + {{- end }} {{- end }} From 264d9563d022c171f3b40e1b587c6ed0bb6056ca Mon Sep 17 00:00:00 2001 From: Viet Nguyen Duc Date: Tue, 8 Apr 2025 00:52:09 +0700 Subject: [PATCH 2/2] K8s: Strictly handle redundant configs in output YAML Signed-off-by: Viet Nguyen Duc --- charts/selenium-grid/templates/event-bus-deployment.yaml | 4 ++-- .../templates/patch-keda/patch-keda-objects-cm.yaml | 6 +++--- charts/selenium-grid/templates/session-map-deployment.yaml | 4 ++-- .../selenium-grid/templates/session-queue-deployment.yaml | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/selenium-grid/templates/event-bus-deployment.yaml b/charts/selenium-grid/templates/event-bus-deployment.yaml index 02f4e77b8e..0094bf44c6 100644 --- a/charts/selenium-grid/templates/event-bus-deployment.yaml +++ b/charts/selenium-grid/templates/event-bus-deployment.yaml @@ -82,8 +82,8 @@ spec: {{- with .Values.components.eventBus.extraEnvFrom }} {{- toYaml . | nindent 12 }} {{- end }} - volumeMounts: {{- if eq (include "seleniumGrid.server.secureConnection" $) "true" }} + volumeMounts: - name: {{ include "seleniumGrid.tls.fullname" . | quote }} mountPath: {{ .Values.tls.certVolumeMountPath | quote }} readOnly: true @@ -123,8 +123,8 @@ spec: {{- with .Values.components.eventBus.priorityClassName }} priorityClassName: {{ . }} {{- end }} - volumes: {{- if eq (include "seleniumGrid.server.secureConnection" $) "true" }} + volumes: - name: {{ include "seleniumGrid.tls.fullname" . | quote }} secret: secretName: {{ include "seleniumGrid.tls.fullname" . | quote }} diff --git a/charts/selenium-grid/templates/patch-keda/patch-keda-objects-cm.yaml b/charts/selenium-grid/templates/patch-keda/patch-keda-objects-cm.yaml index 7cbc212b4f..57b1c93cb0 100644 --- a/charts/selenium-grid/templates/patch-keda/patch-keda-objects-cm.yaml +++ b/charts/selenium-grid/templates/patch-keda/patch-keda-objects-cm.yaml @@ -29,21 +29,21 @@ data: -o jsonpath='{.items[*].metadata.name}{"\n"}'); do if [ -n "$i" ]; then - kubectl delete ScaledObjects $i -n {{ .Release.Namespace }} + kubectl delete ScaledObjects $i -n {{ .Release.Namespace }} --wait=false --cascade=foreground fi done for i in $(kubectl get ScaledJobs -n {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} \ -o jsonpath='{.items[*].metadata.name}{"\n"}'); do if [ -n "$i" ]; then - kubectl delete ScaledJobs $i -n {{ .Release.Namespace }} + kubectl delete ScaledJobs $i -n {{ .Release.Namespace }} --wait=false fi done for i in $(kubectl get TriggerAuthentication -n {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} \ -o jsonpath='{.items[*].metadata.name}{"\n"}'); do if [ -n "$i" ]; then - kubectl delete TriggerAuthentication $i -n {{ .Release.Namespace }} + kubectl delete TriggerAuthentication $i -n {{ .Release.Namespace }} --wait=false fi done {{- end }} diff --git a/charts/selenium-grid/templates/session-map-deployment.yaml b/charts/selenium-grid/templates/session-map-deployment.yaml index a49b2b5085..4ed214f4d8 100644 --- a/charts/selenium-grid/templates/session-map-deployment.yaml +++ b/charts/selenium-grid/templates/session-map-deployment.yaml @@ -80,8 +80,8 @@ spec: {{- with .Values.components.sessionMap.extraEnvFrom }} {{- toYaml . | nindent 12 }} {{- end }} - volumeMounts: {{- if eq (include "seleniumGrid.server.secureConnection" $) "true" }} + volumeMounts: - name: {{ include "seleniumGrid.tls.fullname" . | quote }} mountPath: {{ .Values.tls.certVolumeMountPath | quote }} readOnly: true @@ -124,8 +124,8 @@ spec: {{- with .Values.components.sessionMap.priorityClassName }} priorityClassName: {{ . }} {{- end }} - volumes: {{- if eq (include "seleniumGrid.server.secureConnection" $) "true" }} + volumes: - name: {{ include "seleniumGrid.tls.fullname" . | quote }} secret: secretName: {{ include "seleniumGrid.tls.fullname" . | quote }} diff --git a/charts/selenium-grid/templates/session-queue-deployment.yaml b/charts/selenium-grid/templates/session-queue-deployment.yaml index 17e0e216ca..337ff90b52 100644 --- a/charts/selenium-grid/templates/session-queue-deployment.yaml +++ b/charts/selenium-grid/templates/session-queue-deployment.yaml @@ -75,8 +75,8 @@ spec: {{- with .Values.components.sessionQueue.extraEnvFrom }} {{- toYaml . | nindent 12 }} {{- end }} - volumeMounts: {{- if eq (include "seleniumGrid.server.secureConnection" $) "true" }} + volumeMounts: - name: {{ include "seleniumGrid.tls.fullname" . | quote }} mountPath: {{ .Values.tls.certVolumeMountPath | quote }} readOnly: true @@ -119,8 +119,8 @@ spec: {{- with .Values.components.sessionQueue.priorityClassName }} priorityClassName: {{ . }} {{- end }} - volumes: {{- if eq (include "seleniumGrid.server.secureConnection" $) "true" }} + volumes: - name: {{ include "seleniumGrid.tls.fullname" . | quote }} secret: secretName: {{ include "seleniumGrid.tls.fullname" . | quote }}