[TT-13614] Add tests.enabled to values.yaml to allow tests to be turned off

tyk-data-plane/scripts/tests/data-plane-test.sh

@@ -1,5 +1,3 @@
-apk --no-cache add curl jq
-
 TYK_GW_ADDR="${TYK_GW_PROTO}://${TYK_GW_SVC}.${TYK_POD_NAMESPACE}.svc:${TYK_GW_LISTENPORT}"
 TYK_GW_SECRET=${TYK_GW_SECRET}
 

tyk-data-plane/templates/tests/data-plane-test.yaml

@@ -1,16 +1,23 @@
+{{- if .Values.tests.enabled -}}
 apiVersion: v1
 kind: Pod
 metadata:
   name: "{{ include "tyk-data-plane.fullname" . }}-test-tyk-data-plane"
   labels:
     chart: {{ include "tyk-data-plane.chart" . }}
+{{- if .Values.tests.podLabels }}
+{{- toYaml .Values.tests.podLabels | nindent 4 }}
+{{- end }}
   annotations:
     "helm.sh/hook": test
+{{- if .Values.tests.podAnnotations }}
+{{- toYaml .Values.tests.podAnnotations | nindent 4 }}
+{{- end }}
 spec:
   restartPolicy: Never
   containers:
     - name: health-check-container
-      image: alpine:3.17
+      image: zalbiraw/alpine-curl-jq
       command:
         - /bin/sh
         - -c
@@ -34,8 +41,31 @@ spec:
             secretKeyRef:
               name: secrets-{{ include "tyk-data-plane.fullname" . }}
               key: APISecret
+{{- if .Values.tests.containerSecurityContext }}
+      securityContext:
+{{- toYaml .Values.tests.containerSecurityContext | nindent 8 }}
+{{- end }}
+      resources:
+{{ toYaml .Values.tests.resources | indent 8 }}
+{{- if .Values.tests.securityContext }}
+  securityContext:
+{{- toYaml .Values.tests.securityContext | nindent 4 }}
+{{- end }}
+{{- if .Values.tests.nodeSelector }}
+  nodeSelector:
+{{ toYaml .Values.tests.nodeSelector | indent 4 }}
+{{- end }}
+{{- if .Values.tests.tolerations }}
+  tolerations:
+{{ toYaml .Values.tests.tolerations | indent 4 }}
+{{- end }}
+{{- if .Values.tests.affinity }}
+  affinity:
+{{ toYaml .Values.tests.affinity | indent 4 }}
+{{- end }}
   volumes:
     - name: test-tyk-data-plane
       configMap:
         name: test-tyk-data-plane-map
         defaultMode: 0777
+{{- end }}

tyk-data-plane/templates/tests/script-configmap.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.tests.enabled -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -6,4 +7,5 @@ metadata:
     "helm.sh/hook-delete-policy": hook-succeeded,hook-failed
     "helm.sh/hook": test
 data:
-{{ (.Files.Glob "scripts/tests/data-plane-test.sh").AsConfig | indent 2 }}
+{{ (.Files.Glob "scripts/tests/data-plane-test.sh").AsConfig | indent 2 }}
+{{- end }}

tyk-data-plane/values.yaml

@@ -772,3 +772,51 @@ tyk-pump:
     #     mountPath: /etc/ssl/certs/ca-certs.crt
     #     readOnly: true
     extraVolumeMounts: []
+tests:
+  enabled: true
+  resources: {}
+    # We usually recommend not to specify default resources and to leave this
+    # as a conscious choice for the user. This also increases chances charts
+    # run on environments with little resources, such as Minikube. If you do
+    # want to specify resources, uncomment the following lines, adjust them
+    # as necessary, and remove the curly braces after 'resources:'.
+    # limits:
+    #  cpu: 100m
+    #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+  # securityContext holds pod-level security attributes for Tyk tests pod. All fields from PodSecurityContext object can be added here.
+  securityContext:
+    runAsUser: 1000
+    fsGroup: 2000
+    runAsNonRoot: true
+  # containerSecurityContext holds container-level security attributes for Tyk tests pod. All fields from SecurityContext object can be added here.
+  containerSecurityContext:
+    runAsNonRoot: true
+    runAsUser: 1000
+    allowPrivilegeEscalation: false
+    privileged: false
+    readOnlyRootFilesystem: true
+    seccompProfile:
+      type: RuntimeDefault
+    capabilities:
+      drop:
+        - ALL
+  # nodeSelector is a selector which must be true for Tyk tests pod to fit on a specific node.
+  nodeSelector: {}
+  # tolerations specifies tolerations to be applied on Tyk tests pods.
+  tolerations: []
+  # affinity specifies affinity and anti-affinity constraints.
+  affinity: {}
+  # podAnnotations specifies annotations to be added in Tyk tests Pod.
+  # It takes key-value pairs.
+  # There are no required annotation field for Tyk tests Pod.
+  #
+  # podAnnotations:
+  #   yourkey: value
+  #   image: yourhub
+  podAnnotations: {}
+  # podLabels specifies labels to be added in Tyk tests Pod
+  podLabels: {}

tyk-oss/scripts/tests/oss-test.sh

@@ -1,5 +1,3 @@
-apk --no-cache add curl jq
-
 TYK_GW_ADDR="${TYK_GW_PROTO}://${TYK_GW_SVC}.${TYK_POD_NAMESPACE}.svc:${TYK_GW_LISTENPORT}"
 TYK_GW_SECRET=${TYK_GW_SECRET}
 

tyk-oss/templates/tests/oss-test.yaml

@@ -1,17 +1,24 @@
+{{- if .Values.tests.enabled -}}
 apiVersion: v1
 kind: Pod
 metadata:
   name: "{{ include "tyk-oss.fullname" . }}-test-tyk-oss"
   labels:
     chart: {{ include "tyk-oss.chart" . }}
+{{- if .Values.tests.podLabels }}
+{{- toYaml .Values.tests.podLabels | nindent 4 }}
+{{- end }}
   annotations:
     "helm.sh/hook": test
     "helm.sh/hook-delete-policy": hook-succeeded
+{{- if .Values.tests.podAnnotations }}
+{{- toYaml .Values.tests.podAnnotations | nindent 4 }}
+{{- end }}
 spec:
   restartPolicy: Never
   containers:
     - name: health-check-container
-      image: alpine:3.17
+      image: zalbiraw/alpine-curl-jq
       command:
         - /bin/sh
         - -c
@@ -35,8 +42,31 @@ spec:
             secretKeyRef:
               name: secrets-{{ include "tyk-oss.fullname" . }}-tyk-gateway
               key: APISecret
+{{- if .Values.tests.containerSecurityContext }}
+      securityContext:
+{{- toYaml .Values.tests.containerSecurityContext | nindent 8 }}
+{{- end }}
+      resources:
+{{ toYaml .Values.tests.resources | indent 8 }}
+{{- if .Values.tests.securityContext }}
+  securityContext:
+{{- toYaml .Values.tests.securityContext | nindent 4 }}
+{{- end }}
+{{- if .Values.tests.nodeSelector }}
+  nodeSelector:
+{{ toYaml .Values.tests.nodeSelector | indent 4 }}
+{{- end }}
+{{- if .Values.tests.tolerations }}
+  tolerations:
+{{ toYaml .Values.tests.tolerations | indent 4 }}
+{{- end }}
+{{- if .Values.tests.affinity }}
+  affinity:
+{{ toYaml .Values.tests.affinity | indent 4 }}
+{{- end }}
   volumes:
     - name: test-tyk-oss
       configMap:
         name: test-tyk-oss-map
         defaultMode: 0777
+{{- end }}

tyk-oss/templates/tests/script-configmap.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.tests.enabled -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -6,4 +7,5 @@ metadata:
     "helm.sh/hook-delete-policy": hook-succeeded,hook-failed
     "helm.sh/hook": test
 data:
-{{ (.Files.Glob "scripts/tests/oss-test.sh").AsConfig | indent 2 }}
+{{ (.Files.Glob "scripts/tests/oss-test.sh").AsConfig | indent 2 }}
+{{- end }}

tyk-oss/values.yaml

@@ -802,3 +802,51 @@ tyk-pump:
     #     mountPath: /etc/ssl/certs/ca-certs.crt
     #     readOnly: true
     extraVolumeMounts: []
+tests:
+  enabled: true
+  resources: {}
+    # We usually recommend not to specify default resources and to leave this
+    # as a conscious choice for the user. This also increases chances charts
+    # run on environments with little resources, such as Minikube. If you do
+    # want to specify resources, uncomment the following lines, adjust them
+    # as necessary, and remove the curly braces after 'resources:'.
+    # limits:
+    #  cpu: 100m
+    #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+  # securityContext holds pod-level security attributes for Tyk tests pod. All fields from PodSecurityContext object can be added here.
+  securityContext:
+    runAsUser: 1000
+    fsGroup: 2000
+    runAsNonRoot: true
+  # containerSecurityContext holds container-level security attributes for Tyk tests pod. All fields from SecurityContext object can be added here.
+  containerSecurityContext:
+    runAsNonRoot: true
+    runAsUser: 1000
+    allowPrivilegeEscalation: false
+    privileged: false
+    readOnlyRootFilesystem: true
+    seccompProfile:
+      type: RuntimeDefault
+    capabilities:
+      drop:
+        - ALL
+  # nodeSelector is a selector which must be true for Tyk tests pod to fit on a specific node.
+  nodeSelector: {}
+  # tolerations specifies tolerations to be applied on Tyk tests pods.
+  tolerations: []
+  # affinity specifies affinity and anti-affinity constraints.
+  affinity: {}
+  # podAnnotations specifies annotations to be added in Tyk tests Pod.
+  # It takes key-value pairs.
+  # There are no required annotation field for Tyk tests Pod.
+  #
+  # podAnnotations:
+  #   yourkey: value
+  #   image: yourhub
+  podAnnotations: {}
+  # podLabels specifies labels to be added in Tyk tests Pod
+  podLabels: {}

tyk-stack/scripts/tests/tyk-stack-test.sh

@@ -1,5 +1,3 @@
-apk --no-cache add curl jq
-
 TYK_GW_ADDR="${TYK_GW_PROTO}://${TYK_GW_SVC}.${TYK_POD_NAMESPACE}.svc:${TYK_GW_LISTENPORT}"
 TYK_GW_SECRET=${TYK_GW_SECRET}
 

tyk-stack/templates/tests/script-configmap.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.tests.enabled -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -6,4 +7,5 @@ metadata:
     "helm.sh/hook-delete-policy": hook-succeeded,hook-failed
     "helm.sh/hook": test
 data:
-{{ (.Files.Glob "scripts/tests/tyk-stack-test.sh").AsConfig | indent 2 }}
+{{ (.Files.Glob "scripts/tests/tyk-stack-test.sh").AsConfig | indent 2 }}
+{{- end }}

tyk-stack/templates/tests/stack-test.yaml

@@ -1,16 +1,23 @@
+{{- if .Values.tests.enabled -}}
 apiVersion: v1
 kind: Pod
 metadata:
   name: "{{ include "tyk-stack.fullname" . }}-test-tyk-stack"
   labels:
     chart: {{ include "tyk-stack.chart" . }}
+{{- if .Values.tests.podLabels }}
+{{- toYaml .Values.tests.podLabels | nindent 4 }}
+{{- end }}
   annotations:
     "helm.sh/hook": test
+{{- if .Values.tests.podAnnotations }}
+{{- toYaml .Values.tests.podAnnotations | nindent 4 }}
+{{- end }}
 spec:
   restartPolicy: Never
   containers:
     - name: health-check-container
-      image: alpine:3.17
+      image: zalbiraw/alpine-curl-jq
       command:
         - /bin/sh
         - -c
@@ -34,8 +41,31 @@ spec:
             secretKeyRef:
               name: secret-{{ include "tyk-stack.fullname" . }}
               key: APISecret
+{{- if .Values.tests.containerSecurityContext }}
+      securityContext:
+{{- toYaml .Values.tests.containerSecurityContext | nindent 8 }}
+{{- end }}
+      resources:
+{{ toYaml .Values.tests.resources | indent 8 }}
+{{- if .Values.tests.securityContext }}
+  securityContext:
+{{- toYaml .Values.tests.securityContext | nindent 4 }}
+{{- end }}
+{{- if .Values.tests.nodeSelector }}
+  nodeSelector:
+{{ toYaml .Values.tests.nodeSelector | indent 4 }}
+{{- end }}
+{{- if .Values.tests.tolerations }}
+  tolerations:
+{{ toYaml .Values.tests.tolerations | indent 4 }}
+{{- end }}
+{{- if .Values.tests.affinity }}
+  affinity:
+{{ toYaml .Values.tests.affinity | indent 4 }}
+{{- end }}
   volumes:
     - name: test-tyk-stack
       configMap:
         name: test-tyk-stack-map
         defaultMode: 0777
+{{- end }}

tyk-stack/values.yaml

@@ -1479,3 +1479,51 @@ tyk-dev-portal:
 
   # podLabels specifies labels to be added in Tyk Developer Portal Pod
   podLabels: {}
+tests:
+  enabled: true
+  resources: {}
+    # We usually recommend not to specify default resources and to leave this
+    # as a conscious choice for the user. This also increases chances charts
+    # run on environments with little resources, such as Minikube. If you do
+    # want to specify resources, uncomment the following lines, adjust them
+    # as necessary, and remove the curly braces after 'resources:'.
+    # limits:
+    #  cpu: 100m
+    #  memory: 128Mi
+    # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+  # securityContext holds pod-level security attributes for Tyk tests pod. All fields from PodSecurityContext object can be added here.
+  securityContext:
+    runAsUser: 1000
+    fsGroup: 2000
+    runAsNonRoot: true
+  # containerSecurityContext holds container-level security attributes for Tyk tests pod. All fields from SecurityContext object can be added here.
+  containerSecurityContext:
+    runAsNonRoot: true
+    runAsUser: 1000
+    allowPrivilegeEscalation: false
+    privileged: false
+    readOnlyRootFilesystem: true
+    seccompProfile:
+      type: RuntimeDefault
+    capabilities:
+      drop:
+        - ALL
+  # nodeSelector is a selector which must be true for Tyk tests pod to fit on a specific node.
+  nodeSelector: {}
+  # tolerations specifies tolerations to be applied on Tyk tests pods.
+  tolerations: []
+  # affinity specifies affinity and anti-affinity constraints.
+  affinity: {}
+  # podAnnotations specifies annotations to be added in Tyk tests Pod.
+  # It takes key-value pairs.
+  # There are no required annotation field for Tyk tests Pod.
+  #
+  # podAnnotations:
+  #   yourkey: value
+  #   image: yourhub
+  podAnnotations: {}
+  # podLabels specifies labels to be added in Tyk tests Pod
+  podLabels: {}