diff --git a/Makefile b/Makefile index 4948b70e3..2468e0224 100644 --- a/Makefile +++ b/Makefile @@ -913,7 +913,7 @@ chart_test_autoscaling_disabled: chart_test_autoscaling_deployment_https: PLATFORMS=$(PLATFORMS) CHART_FULL_DISTRIBUTED_MODE=true CHART_ENABLE_BASIC_AUTH=true \ SECURE_INGRESS_ONLY_DEFAULT=true INGRESS_DISABLE_USE_HTTP2=true SELENIUM_GRID_PROTOCOL=https CHART_ENABLE_INGRESS_HOSTNAME=true SELENIUM_GRID_PORT=443 \ - SELENIUM_GRID_AUTOSCALING_MIN_REPLICA=1 MAX_SESSIONS_FIREFOX=3 MAX_SESSIONS_EDGE=2 MAX_SESSIONS_CHROME=1 \ + SELENIUM_GRID_AUTOSCALING_MIN_REPLICA=1 MAX_SESSIONS_FIREFOX=3 MAX_SESSIONS_EDGE=2 MAX_SESSIONS_CHROME=1 TEST_NAME_OVERRIDE=true \ VERSION=$(TAG_VERSION) VIDEO_TAG=$(FFMPEG_TAG_VERSION)-$(BUILD_DATE) KEDA_BASED_NAME=$(KEDA_BASED_NAME) KEDA_BASED_TAG=$(KEDA_BASED_TAG) NAMESPACE=$(NAMESPACE) BINDING_VERSION=$(BINDING_VERSION) \ TEMPLATE_OUTPUT_FILENAME="k8s_fullDistributed_basicAuth_secureIngress_defaultCerts_ingressHostName_disableHttp2_autoScaling_scaledObject_subPath.yaml" \ ./tests/charts/make/chart_test.sh DeploymentAutoscaling @@ -929,7 +929,7 @@ chart_test_autoscaling_deployment: chart_test_autoscaling_job_https: PLATFORMS=$(PLATFORMS) TEST_EXISTING_KEDA=true RELEASE_NAME=selenium CHART_ENABLE_BASIC_AUTH=true \ SECURE_CONNECTION_SERVER=true SELENIUM_GRID_PROTOCOL=https SELENIUM_GRID_PORT=443 SUB_PATH=/ \ - MAX_SESSIONS_FIREFOX=1 MAX_SESSIONS_EDGE=2 MAX_SESSIONS_CHROME=3 \ + MAX_SESSIONS_FIREFOX=1 MAX_SESSIONS_EDGE=2 MAX_SESSIONS_CHROME=3 TEST_NAME_OVERRIDE=true \ VERSION=$(TAG_VERSION) VIDEO_TAG=$(FFMPEG_TAG_VERSION)-$(BUILD_DATE) KEDA_BASED_NAME=$(KEDA_BASED_NAME) KEDA_BASED_TAG=$(KEDA_BASED_TAG) NAMESPACE=$(NAMESPACE) BINDING_VERSION=$(BINDING_VERSION) EXTERNAL_UPLOADER_CONFIG=true \ TEMPLATE_OUTPUT_FILENAME="k8s_prefixSelenium_basicAuth_secureServer_autoScaling_scaledJob_existingKEDA.yaml" \ ./tests/charts/make/chart_test.sh JobAutoscaling @@ -955,6 +955,11 @@ chart_test_language_bindings: VERSION=$(TAG_VERSION) VIDEO_TAG=$(FFMPEG_TAG_VERSION)-$(BUILD_DATE) KEDA_BASED_NAME=$(KEDA_BASED_NAME) KEDA_BASED_TAG=$(KEDA_BASED_TAG) NAMESPACE=$(NAMESPACE) BINDING_VERSION=$(BINDING_VERSION) \ ./tests/charts/make/chart_test.sh DeploymentAutoscaling +chart_test_delete: + helm del test -n selenium || true + helm del selenium -n selenium || true + helm del keda -n keda || true + .PHONY: \ all \ base \ diff --git a/charts/selenium-grid/CONFIGURATION.md b/charts/selenium-grid/CONFIGURATION.md index 6359c1d87..e71cb97ce 100644 --- a/charts/selenium-grid/CONFIGURATION.md +++ b/charts/selenium-grid/CONFIGURATION.md @@ -47,6 +47,7 @@ A Helm chart for creating a Selenium Grid Server in Kubernetes | global.seleniumGrid.affinity | object | `{}` | Specify affinity for all components, can be overridden individually | | global.seleniumGrid.topologySpreadConstraints | list | `[]` | Specify topologySpreadConstraints for all components, can be overridden individually | | global.seleniumGrid.nodeMaxSessions | int | `1` | Specify number of max sessions per node. Can be overridden by individual component (this is also set to scaler trigger parameter `nodeMaxSessions` if `autoscaling` is enabled) | +| tls.create | bool | `true` | Create a Secret resource for TLS certificate and key. If using an external secret set to false and provide its name in `nameOverride` below | | tls.nameOverride | string | `nil` | Name of external secret containing the TLS certificate and key | | tls.enabled | bool | `false` | Enable or disable TLS for the server components (and ingress proxy) | | tls.ingress.enabled | bool | `false` | Enable or disable TLS for the ingress proxy only | @@ -67,18 +68,23 @@ A Helm chart for creating a Selenium Grid Server in Kubernetes | tls.disableHostnameVerification | bool | `true` | Disable verification the hostname included in the server's TLS/SSL certificates matches the hostnames provided | | registrationSecret.enabled | bool | `false` | Enable feature node registration secret to make sure that the node is one you control and not a rouge node | | registrationSecret.value | string | `"HappyTesting"` | The secret value to be used for node registration | -| basicAuth.nameOverride | string | `""` | External secret containing the basic auth username and password for reference | +| basicAuth.create | bool | `true` | Create a secret resource for basic auth. If using an external secret, set to false and provide its name in `nameOverride` below | +| basicAuth.nameOverride | string | `nil` | External secret containing the basic auth username and password for reference | | basicAuth.enabled | bool | `false` | Enable or disable basic auth for the Hub/Router | | basicAuth.username | string | `"admin"` | Username for basic auth | | basicAuth.password | string | `"admin"` | Password for basic auth | | basicAuth.embeddedUrl | bool | `false` | Embed the basic auth "username:password@" in few URLs e.g. SE_NODE_GRID_URL | | basicAuth.annotations | object | `{}` | Annotations for basic auth secret resource | | isolateComponents | bool | `false` | Deploy Router, Distributor, EventBus, SessionMap and Nodes separately | -| serviceAccount.create | bool | `true` | Create a service account for all components | +| serviceAccount.create | bool | `true` | Create a service account for all components. If using an external service account, set to false and provide its name in `nameOverride` below | | serviceAccount.nameOverride | string | `nil` | Override to use an external service account | | serviceAccount.annotations | object | `{}` | Annotations for the service account | -| rbacRole | object | `{"annotations":{},"nameOverride":null,"rules":[{"apiGroups":["keda.sh"],"resources":["scaledjobs"],"verbs":["get","list","patch","update","delete"]},{"apiGroups":["keda.sh"],"resources":["scaledobjects"],"verbs":["get","list","patch","update","delete"]},{"apiGroups":["autoscaling"],"resources":["horizontalpodautoscalers"],"verbs":["get","list","patch","update","delete"]}]}` | RBAC settings for patching finalizers KEDA scaled resources | -| rbacRoleBinding | object | `{"annotations":{},"nameOverride":null,"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"Role"}}` | RBAC role binding settings for patching finalizers KEDA scaled resources | +| rbacRole | object | `{"annotations":{},"create":true,"nameOverride":null,"rules":[{"apiGroups":["keda.sh"],"resources":["scaledjobs"],"verbs":["get","list","patch","update","delete"]},{"apiGroups":["keda.sh"],"resources":["scaledobjects"],"verbs":["get","list","patch","update","delete"]},{"apiGroups":["autoscaling"],"resources":["horizontalpodautoscalers"],"verbs":["get","list","patch","update","delete"]}]}` | RBAC settings for patching finalizers KEDA scaled resources | +| rbacRole.create | bool | `true` | Enable to create RBAC role to access few KEDA resources. If using an external role, set to false and provide its name in `nameOverride` below | +| rbacRole.nameOverride | string | `nil` | Override resource name or provide an external role name | +| rbacRoleBinding | object | `{"annotations":{},"create":true,"nameOverride":null,"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"Role"},"subjects":[{"kind":"ServiceAccount"}]}` | RBAC role binding settings for patching finalizers KEDA scaled resources | +| rbacRoleBinding.create | bool | `true` | Enable to create RBAC role binding to a service account. If using an external role binding, set to false and provide its name in `nameOverride` below | +| rbacRoleBinding.nameOverride | string | `nil` | Override resource name or provide an external role binding name | | ingress.enabled | bool | `true` | Enable to create ingress resource | | ingress.enableWithController | bool | `false` | Enable ingress resource with automatically installing Ingress NGINX Controller | | ingress.className | string | `""` | Name of ingress class to select which controller will implement ingress resource | @@ -154,7 +160,7 @@ A Helm chart for creating a Selenium Grid Server in Kubernetes | serverConfigMap.nameOverride | string | `nil` | Override the name of the server configMap | | serverConfigMap.env | object | `{"SE_JAVA_OPTS":"-Djdk.httpclient.keepalive.timeout=300 -Djdk.httpclient.maxstreams=10000 -XX:+UseZGC","SE_SUPERVISORD_LOG_LEVEL":"info"}` | Extra common environment variables for Server (https://www.selenium.dev/documentation/grid/configuration/cli_options/#server) to server configMap | | serverConfigMap.annotations | object | `{}` | Custom annotations for configmap | -| secrets.create | bool | `true` | Create the default secret for all components | +| secrets.create | bool | `true` | Create the default secret for all components. If using an external secret, set to false and provide its name in `nameOverride` below | | secrets.nameOverride | string | `nil` | Override to use an external secret | | secrets.env | object | `{"SE_VNC_PASSWORD":"secret"}` | Extra environment variables set to the secret | | secrets.annotations | object | `{}` | Custom annotations for secret | @@ -304,12 +310,13 @@ A Helm chart for creating a Selenium Grid Server in Kubernetes | autoscaling.enabled | bool | `false` | Enable autoscaling. Implies installing KEDA | | autoscaling.enableWithExistingKEDA | bool | `false` | Enable autoscaling without automatically installing KEDA | | autoscaling.scalingType | string | `"job"` | Which type of KEDA scaling to use: job or deployment | -| autoscaling.authenticationRef | object | `{"name":""}` | Specify an external KEDA TriggerAuthentication resource is used for scaler triggers config. Apply for all browser nodes | +| autoscaling.authenticationRef | object | `{"annotations":{"helm.sh/hook":"post-install,post-upgrade,post-rollback","helm.sh/hook-weight":"-2"},"name":""}` | Specify an external KEDA TriggerAuthentication resource is used for scaler triggers config. Apply for all browser nodes | | autoscaling.annotations | object | `{"helm.sh/hook":"post-install,post-upgrade,post-rollback","helm.sh/hook-weight":"1"}` | Annotations for KEDA resources: ScaledObject and ScaledJob | | autoscaling.patchObjectFinalizers.nameOverride | string | `nil` | Override the name of the patch job | | autoscaling.patchObjectFinalizers.enabled | bool | `true` | Enable patching finalizers for KEDA scaled resources. Workaround for Hook post-upgrade selenium-grid/templates/x-node-hpa.yaml failed: object is being deleted: scaledobjects.keda.sh "x" already exists | | autoscaling.patchObjectFinalizers.activeDeadlineSeconds | int | `120` | Deadline (in seconds) for patch job to complete | | autoscaling.patchObjectFinalizers.annotations | object | `{"helm.sh/hook":"post-install,post-upgrade,post-rollback,pre-delete","helm.sh/hook-delete-policy":"hook-succeeded,before-hook-creation","helm.sh/hook-weight":"-1"}` | Annotations for patch job | +| autoscaling.patchObjectFinalizers.serviceAccount | string | `""` | Define an external service account name contains permissions to patch KEDA scaled resources | | autoscaling.patchObjectFinalizers.imagePullSecret | string | `""` | Custom pull secret for container in patch job | | autoscaling.patchObjectFinalizers.resources | object | `{"limits":{"cpu":"50m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}` | Define resources for container in patch job | | autoscaling.scaledOptions | object | `{"maxReplicaCount":8,"minReplicaCount":0,"pollingInterval":10}` | Options for KEDA scaled resources (keep only common options used for both ScaledJob and ScaledObject) | @@ -498,7 +505,7 @@ A Helm chart for creating a Selenium Grid Server in Kubernetes | videoRecorder.lifecycle | object | `{}` | Define lifecycle events for video recorder | | videoRecorder.extraVolumeMounts | list | `[]` | Custom video recorder back-end scripts (video.sh, video_ready.py, etc.) further by ConfigMap. NOTE: For the mount point with the name "video", or "video-scripts", it will override the default. For other names, it will be appended. | | videoRecorder.extraVolumes | list | `[]` | Extra volumes for video recorder pod | -| videoRecorder.s3 | object | `{"args":[],"command":[],"extraEnvironmentVariables":null,"imageName":"bitnami/aws-cli","imagePullPolicy":"IfNotPresent","imageRegistry":"public.ecr.aws","imageTag":"latest","securityContext":{"runAsUser":0}}` | Container spec for the uploader if above it is defined as "uploader.name: s3" | +| videoRecorder.s3 | object | `{"args":[],"command":[],"extraEnvironmentVariables":null,"imageName":"aws-cli","imagePullPolicy":"IfNotPresent","imageRegistry":"bitnami","imageTag":"latest","securityContext":{"runAsUser":0}}` | Container spec for the uploader if above it is defined as "uploader.name: s3" | | customLabels | object | `{}` | Custom labels for k8s resources | | keda.image | object | `{"keda":{"registry":"selenium","repository":"keda","tag":"2.15.1-selenium-grid-20240907"},"metricsApiServer":{"registry":"selenium","repository":"keda-metrics-apiserver","tag":"2.15.1-selenium-grid-20240907"},"webhooks":{"registry":"selenium","repository":"keda-admission-webhooks","tag":"2.15.1-selenium-grid-20240907"}}` | Specify image for KEDA components | | keda.additionalAnnotations | string | `nil` | Annotations for KEDA resources | diff --git a/charts/selenium-grid/README.md b/charts/selenium-grid/README.md index c30841da5..c3e51f6dd 100644 --- a/charts/selenium-grid/README.md +++ b/charts/selenium-grid/README.md @@ -672,7 +672,7 @@ There are multiple ways to insert your certificate, private key, truststore to t --from-file=server.pass=/path/to/your/server.pass # Deploy chart with your external TLS Secret helm upgrade -i $RELEASENAME -n $NAMESPACE docker-selenium/selenium-grid \ - --set tls.enabled=true --set tls.nameOverride=my-external-tls-secret + --set tls.enabled=true --set tls.create=false --set tls.nameOverride=my-external-tls-secret ``` In case your external secret contains key file names are different with default, you can instruct server to use them via following values: @@ -717,6 +717,7 @@ helm upgrade -i $RELEASENAME -n $NAMESPACE docker-selenium/selenium-grid \ --set isolateComponents=true \ --set components.router.serviceType=NodePort \ --set tls.enabled=true \ + --set tls.create=false \ --set tls.nameOverride=my-external-tls-secret ``` @@ -770,6 +771,7 @@ helm upgrade -i $RELEASENAME -n $NAMESPACE docker-selenium/selenium-grid \ --set ingress.enabled=true \ --set ingress.hostname="selenium-grid.prod.domain.com" \ --set tls.ingress.enabled=true \ + --set tls.create=false \ --set tls.nameOverride=my-external-tls-secret ``` @@ -795,6 +797,7 @@ For example (replace `$RELEASENAME` and `$NAMESPACE` with your values): helm upgrade -i $RELEASENAME -n $NAMESPACE docker-selenium/selenium-grid \ --set global.K8S_PUBLIC_IP=$(hostname -i) \ --set tls.ingress.enableWithController=true \ + --set tls.create=false \ --set tls.nameOverride=my-external-tls-secret \ --set ingress-nginx.controller.extraArgs.default-ssl-certificate=$NAMESPACE/my-external-tls-secret ``` diff --git a/charts/selenium-grid/templates/basic-auth-secret.yaml b/charts/selenium-grid/templates/basic-auth-secret.yaml index 70c9b19c0..93e85d912 100644 --- a/charts/selenium-grid/templates/basic-auth-secret.yaml +++ b/charts/selenium-grid/templates/basic-auth-secret.yaml @@ -1,4 +1,4 @@ -{{- if (not $.Values.basicAuth.nameOverride) }} +{{- if $.Values.basicAuth.create }} apiVersion: v1 kind: Secret metadata: diff --git a/charts/selenium-grid/templates/patch-keda/patch-keda-objects-job.yaml b/charts/selenium-grid/templates/patch-keda/patch-keda-objects-job.yaml index 408319ea4..326f52fcb 100644 --- a/charts/selenium-grid/templates/patch-keda/patch-keda-objects-job.yaml +++ b/charts/selenium-grid/templates/patch-keda/patch-keda-objects-job.yaml @@ -25,10 +25,10 @@ spec: name: {{ template "seleniumGrid.keda.patchObjectsJob.fullname" $ }} spec: activeDeadlineSeconds: {{ $.Values.autoscaling.patchObjectFinalizers.activeDeadlineSeconds }} - serviceAccountName: {{ template "seleniumGrid.serviceAccount.fullname" $ }} - serviceAccount: {{ template "seleniumGrid.serviceAccount.fullname" $ }} + serviceAccountName: {{ default (include "seleniumGrid.serviceAccount.fullname" $) $.Values.autoscaling.patchObjectFinalizers.serviceAccount }} + serviceAccount: {{ default (include "seleniumGrid.serviceAccount.fullname" $) $.Values.autoscaling.patchObjectFinalizers.serviceAccount }} containers: - - name: {{ template "seleniumGrid.keda.patchObjectsJob.fullname" $ }} + - name: kubectl image: {{ $.Values.global.seleniumGrid.kubectlImage }} command: ["/bin/sh", "-c"] args: diff --git a/charts/selenium-grid/templates/patch-keda/rbac-role.yaml b/charts/selenium-grid/templates/patch-keda/rbac-role.yaml index 088b89e76..131a0079f 100644 --- a/charts/selenium-grid/templates/patch-keda/rbac-role.yaml +++ b/charts/selenium-grid/templates/patch-keda/rbac-role.yaml @@ -1,4 +1,4 @@ -{{- if and (eq (include "seleniumGrid.useKEDA" $) "true") $.Values.autoscaling.patchObjectFinalizers.enabled }} +{{- if and (eq (include "seleniumGrid.useKEDA" $) "true") $.Values.autoscaling.patchObjectFinalizers.enabled (not $.Values.autoscaling.patchObjectFinalizers.serviceAccount) }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/charts/selenium-grid/templates/patch-keda/rbac-rolebinding.yaml b/charts/selenium-grid/templates/patch-keda/rbac-rolebinding.yaml index 535d0e255..6e5592401 100644 --- a/charts/selenium-grid/templates/patch-keda/rbac-rolebinding.yaml +++ b/charts/selenium-grid/templates/patch-keda/rbac-rolebinding.yaml @@ -1,4 +1,4 @@ -{{- if and (eq (include "seleniumGrid.useKEDA" $) "true") $.Values.autoscaling.patchObjectFinalizers.enabled }} +{{- if and (eq (include "seleniumGrid.useKEDA" $) "true") $.Values.autoscaling.patchObjectFinalizers.enabled (not $.Values.autoscaling.patchObjectFinalizers.serviceAccount) }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -9,17 +9,18 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} labels: - deploymentName: {{ template "seleniumGrid.rbac.roleBinding.fullname" $ }} + app: {{ template "seleniumGrid.rbac.roleBinding.fullname" $ }} + app.kubernetes.io/name: {{ template "seleniumGrid.rbac.roleBinding.fullname" $ }} {{- include "seleniumGrid.commonLabels" $ | nindent 4 }} {{- with $.Values.customLabels }} {{- toYaml . | nindent 4 }} {{- end }} subjects: - kind: ServiceAccount - name: {{ template "seleniumGrid.serviceAccount.fullname" $ }} + name: {{ default (include "seleniumGrid.serviceAccount.fullname" $) $.Values.autoscaling.patchObjectFinalizers.serviceAccount }} {{ with $.Values.rbacRoleBinding.roleRef }} {{- $roleRef := merge (dict "name" (include "seleniumGrid.rbac.role.fullname" $)) . -}} roleRef: - {{ $roleRef | toYaml | nindent 2 }} + {{- $roleRef | toYaml | nindent 2 }} {{- end }} {{- end }} diff --git a/charts/selenium-grid/templates/serviceaccount.yaml b/charts/selenium-grid/templates/serviceaccount.yaml index 384cfb2a1..9b6691809 100644 --- a/charts/selenium-grid/templates/serviceaccount.yaml +++ b/charts/selenium-grid/templates/serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if .Values.serviceAccount.create }} +{{- if $.Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/charts/selenium-grid/templates/tls-cert-secret.yaml b/charts/selenium-grid/templates/tls-cert-secret.yaml index e04cfc970..cc26ca0a7 100644 --- a/charts/selenium-grid/templates/tls-cert-secret.yaml +++ b/charts/selenium-grid/templates/tls-cert-secret.yaml @@ -1,4 +1,4 @@ -{{- if and (not $.Values.tls.nameOverride) (or (eq (include "seleniumGrid.ingress.secureConnection" $) "true") (eq (include "seleniumGrid.server.secureConnection" $) "true")) }} +{{- if and $.Values.tls.create (or (eq (include "seleniumGrid.ingress.secureConnection" $) "true") (eq (include "seleniumGrid.server.secureConnection" $) "true")) }} apiVersion: v1 kind: Secret metadata: diff --git a/charts/selenium-grid/templates/trigger-auth.yaml b/charts/selenium-grid/templates/trigger-auth.yaml index 7872ec02b..92dcded30 100644 --- a/charts/selenium-grid/templates/trigger-auth.yaml +++ b/charts/selenium-grid/templates/trigger-auth.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "seleniumGrid.autoscaling.authenticationRef.fullname" $ }} namespace: {{ .Release.Namespace }} annotations: - {{- with $.Values.autoscaling.annotations }} + {{- with $.Values.autoscaling.authenticationRef.annotations }} {{- toYaml . | nindent 4 }} {{- end }} labels: diff --git a/charts/selenium-grid/values.yaml b/charts/selenium-grid/values.yaml index 20088478e..e9f65085d 100644 --- a/charts/selenium-grid/values.yaml +++ b/charts/selenium-grid/values.yaml @@ -52,6 +52,8 @@ global: nodeMaxSessions: 1 tls: + # -- Create a Secret resource for TLS certificate and key. If using an external secret set to false and provide its name in `nameOverride` below + create: true # -- Name of external secret containing the TLS certificate and key nameOverride: # -- Enable or disable TLS for the server components (and ingress proxy) @@ -105,8 +107,10 @@ registrationSecret: # Basic auth settings for Selenium Grid basicAuth: + # -- Create a secret resource for basic auth. If using an external secret, set to false and provide its name in `nameOverride` below + create: true # -- External secret containing the basic auth username and password for reference - nameOverride: "" + nameOverride: # -- Enable or disable basic auth for the Hub/Router enabled: false # -- Username for basic auth @@ -123,7 +127,7 @@ isolateComponents: false # Service Account for all components serviceAccount: - # -- Create a service account for all components + # -- Create a service account for all components. If using an external service account, set to false and provide its name in `nameOverride` below create: true # -- Override to use an external service account nameOverride: @@ -133,6 +137,9 @@ serviceAccount: # -- RBAC settings for patching finalizers KEDA scaled resources rbacRole: + # -- Enable to create RBAC role to access few KEDA resources. If using an external role, set to false and provide its name in `nameOverride` below + create: true + # -- Override resource name or provide an external role name nameOverride: annotations: {} rules: @@ -154,8 +161,13 @@ rbacRole: # -- RBAC role binding settings for patching finalizers KEDA scaled resources rbacRoleBinding: + # -- Enable to create RBAC role binding to a service account. If using an external role binding, set to false and provide its name in `nameOverride` below + create: true + # -- Override resource name or provide an external role binding name nameOverride: annotations: {} + subjects: + - kind: ServiceAccount roleRef: kind: Role apiGroup: rbac.authorization.k8s.io @@ -347,7 +359,7 @@ serverConfigMap: # Secrets for all components. Component environment variables contain sensitive data should be stored in secrets. secrets: - # -- Create the default secret for all components + # -- Create the default secret for all components. If using an external secret, set to false and provide its name in `nameOverride` below create: true # -- Override to use an external secret nameOverride: @@ -791,6 +803,9 @@ autoscaling: # -- Specify an external KEDA TriggerAuthentication resource is used for scaler triggers config. Apply for all browser nodes authenticationRef: name: "" + annotations: + "helm.sh/hook": post-install,post-upgrade,post-rollback + "helm.sh/hook-weight": "-2" # -- Annotations for KEDA resources: ScaledObject and ScaledJob annotations: "helm.sh/hook": post-install,post-upgrade,post-rollback @@ -807,6 +822,8 @@ autoscaling: "helm.sh/hook": post-install,post-upgrade,post-rollback,pre-delete "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation "helm.sh/hook-weight": "-1" + # -- Define an external service account name contains permissions to patch KEDA scaled resources + serviceAccount: "" # -- Custom pull secret for container in patch job imagePullSecret: "" # -- Define resources for container in patch job @@ -1504,8 +1521,8 @@ videoRecorder: # -- Container spec for the uploader if above it is defined as "uploader.name: s3" s3: - imageRegistry: public.ecr.aws - imageName: bitnami/aws-cli + imageRegistry: bitnami + imageName: aws-cli imageTag: latest imagePullPolicy: IfNotPresent securityContext: diff --git a/tests/charts/ci/DeploymentAutoscaling-values.yaml b/tests/charts/ci/DeploymentAutoscaling-values.yaml index d947de48f..bf02551cc 100644 --- a/tests/charts/ci/DeploymentAutoscaling-values.yaml +++ b/tests/charts/ci/DeploymentAutoscaling-values.yaml @@ -32,7 +32,6 @@ chromeNode: port: 7900 targetPort: 7900 # NodePort will be assigned randomly if not set - nameOverride: my-chrome-name extraEnvironmentVariables: &extraEnvironmentVariables - name: SE_BROWSER_ARGS_DISABLE_FEATURES value: "--disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints" @@ -64,7 +63,6 @@ edgeNode: - containerPort: 7900 name: novnc protocol: TCP - nameOverride: my-edge-name extraEnvironmentVariables: *extraEnvironmentVariables # (test): user is able to override probe method startupProbe: @@ -79,7 +77,6 @@ edgeNode: # Configuration for firefox nodes firefoxNode: port: 7777 - nameOverride: my-firefox-name extraEnvironmentVariables: *extraEnvironmentVariables readinessProbe: enabled: *readinessProbe diff --git a/tests/charts/ci/JobAutoscaling-values.yaml b/tests/charts/ci/JobAutoscaling-values.yaml index 3c2a64ec1..118344258 100644 --- a/tests/charts/ci/JobAutoscaling-values.yaml +++ b/tests/charts/ci/JobAutoscaling-values.yaml @@ -11,7 +11,6 @@ autoscaling: pollingInterval: 10 # Configuration for chrome nodes chromeNode: - nameOverride: my-chrome-name extraEnvironmentVariables: &extraEnvironmentVariables - name: SE_NODE_ENABLE_MANAGED_DOWNLOADS value: "${SELENIUM_ENABLE_MANAGED_DOWNLOADS}" @@ -29,7 +28,6 @@ chromeNode: enabled: &livenessProbe true # Configuration for edge nodes edgeNode: - nameOverride: my-edge-name extraEnvironmentVariables: *extraEnvironmentVariables readinessProbe: enabled: *readinessProbe @@ -37,7 +35,6 @@ edgeNode: enabled: *livenessProbe # Configuration for firefox nodes firefoxNode: - nameOverride: my-firefox-name extraEnvironmentVariables: *extraEnvironmentVariables readinessProbe: enabled: *readinessProbe diff --git a/tests/charts/ci/NoAutoscaling-values.yaml b/tests/charts/ci/NoAutoscaling-values.yaml index 7f08d1109..29e9f20de 100644 --- a/tests/charts/ci/NoAutoscaling-values.yaml +++ b/tests/charts/ci/NoAutoscaling-values.yaml @@ -2,7 +2,6 @@ # Configuration for chrome nodes chromeNode: port: 6666 - nameOverride: my-chrome-name extraEnvironmentVariables: &extraEnvironmentVariables - name: SE_NODE_ENABLE_MANAGED_DOWNLOADS value: "${SELENIUM_ENABLE_MANAGED_DOWNLOADS}" @@ -21,7 +20,6 @@ chromeNode: # Configuration for edge nodes edgeNode: port: 8888 - nameOverride: my-edge-name extraEnvironmentVariables: *extraEnvironmentVariables readinessProbe: enabled: *readinessProbe @@ -30,7 +28,6 @@ edgeNode: # Configuration for firefox nodes firefoxNode: port: 7777 - nameOverride: my-firefox-name extraEnvironmentVariables: *extraEnvironmentVariables readinessProbe: enabled: *readinessProbe diff --git a/tests/charts/ci/nameOverride-values.yaml b/tests/charts/ci/nameOverride-values.yaml new file mode 100644 index 000000000..0d156cb08 --- /dev/null +++ b/tests/charts/ci/nameOverride-values.yaml @@ -0,0 +1,31 @@ +tls: + nameOverride: "selenium-grid-tls" +basicAuth: + nameOverride: "selenium-grid-basic-auth" +serviceAccount: + nameOverride: "selenium-grid-service-account" +rbacRole: + nameOverride: "selenium-grid-role" +rbacRoleBinding: + nameOverride: "selenium-grid-role-binding" +busConfigMap: + nameOverride: "selenium-grid-event-bus-config" +distributorConfigMap: + nameOverride: "selenium-grid-distributor-config" +routerConfigMap: + nameOverride: "selenium-grid-router-config" +nodeConfigMap: + nameOverride: "selenium-grid-node-config" +recorderConfigMap: + nameOverride: "selenium-grid-recorder-config" +uploaderConfigMap: + nameOverride: "selenium-grid-uploader-config" +loggingConfigMap: + nameOverride: "selenium-grid-logger-config" +serverConfigMap: + nameOverride: "selenium-grid-server-config" +secrets: + nameOverride: "selenium-grid-common-secrets" +autoscaling: + patchObjectFinalizers: + nameOverride: "selenium-grid-job-patch-objects" diff --git a/tests/charts/make/chart_test.sh b/tests/charts/make/chart_test.sh index b4aefb5ea..5724ed066 100755 --- a/tests/charts/make/chart_test.sh +++ b/tests/charts/make/chart_test.sh @@ -52,6 +52,7 @@ SELENIUM_ENABLE_MANAGED_DOWNLOADS=${SELENIUM_ENABLE_MANAGED_DOWNLOADS:-"true"} MAX_SESSIONS_CHROME=${MAX_SESSIONS_CHROME:-"1"} MAX_SESSIONS_FIREFOX=${MAX_SESSIONS_FIREFOX:-"1"} MAX_SESSIONS_EDGE=${MAX_SESSIONS_EDGE:-"1"} +TEST_NAME_OVERRIDE=${TEST_NAME_OVERRIDE:-"false"} cleanup() { # Get the list of pods @@ -119,6 +120,13 @@ if [ "${TEST_UPGRADE_CHART}" != "true" ] && [ "${RENDER_HELM_TEMPLATE_ONLY}" != kubectl describe pod,svc,pv,pvc -n ${SELENIUM_NAMESPACE} -l app=ftp-server fi +if [ "${TEST_NAME_OVERRIDE}" = "true" ]; then + HELM_COMMAND_SET_BASE_VALUES="${HELM_COMMAND_SET_BASE_VALUES} \ + --values ${TEST_VALUES_PATH}/nameOverride-values.yaml \ + " + SELENIUM_TLS_SECRET_NAME="selenium-grid-tls" +fi + HELM_COMMAND_SET_IMAGES=" \ --set global.seleniumGrid.imageRegistry=${NAMESPACE} \ --set global.seleniumGrid.imageTag=${VERSION} \ @@ -238,6 +246,7 @@ fi if [ "${SECURE_USE_EXTERNAL_CERT}" = "true" ] && [ "${RENDER_HELM_TEMPLATE_ONLY}" != "true" ]; then HELM_COMMAND_SET_IMAGES="${HELM_COMMAND_SET_IMAGES} \ + --set tls.create=false --set tls.nameOverride=${EXTERNAL_TLS_SECRET_NAME} \ --set ingress.nginx.sslSecret="${SELENIUM_NAMESPACE}/${EXTERNAL_TLS_SECRET_NAME}" \ " @@ -290,7 +299,7 @@ if [ "${EXTERNAL_UPLOADER_CONFIG}" = "true" ]; then " fi -HELM_COMMAND_SET_BASE_VALUES=" \ +HELM_COMMAND_SET_BASE_VALUES="${HELM_COMMAND_SET_BASE_VALUES} \ --values ${TEST_VALUES_PATH}/base-auth-ingress-values.yaml \ --values ${RECORDER_VALUES_FILE} \ " diff --git a/tests/charts/templates/render/dummy.yaml b/tests/charts/templates/render/dummy.yaml index c481dc4f0..fa868ff62 100644 --- a/tests/charts/templates/render/dummy.yaml +++ b/tests/charts/templates/render/dummy.yaml @@ -24,6 +24,7 @@ autoscaling: scalingType: deployment basicAuth: + create: false nameOverride: "my-external-basic-auth-secret" enabled: true username: sysadmin diff --git a/tests/charts/templates/render/dummy_solution.yaml b/tests/charts/templates/render/dummy_solution.yaml index b42936cd9..194dd5542 100644 --- a/tests/charts/templates/render/dummy_solution.yaml +++ b/tests/charts/templates/render/dummy_solution.yaml @@ -25,6 +25,7 @@ selenium-grid: scalingType: deployment basicAuth: + create: false nameOverride: "my-external-basic-auth-secret" enabled: true username: sysadmin