From 1375f209d3be0ce923e909c194ef66905778789d Mon Sep 17 00:00:00 2001 From: Prathamesh Musale Date: Tue, 10 Mar 2026 05:06:31 +0000 Subject: [PATCH] test(k8s): add tests for jobs, secrets, labels, and namespace isolation Add a job compose file for the test stack and extend the k8s deploy test to verify new features: - Namespace isolation: pod exists in laconic-{id}, not default - Stack labels: app.kubernetes.io/stack label set on pods - Job completion: test-job runs to completion (status.succeeded=1) - Secrets: spec secrets: key results in envFrom secretRef on pod Co-Authored-By: Claude Opus 4.6 --- .../compose-jobs/docker-compose-test-job.yml | 5 ++ stack_orchestrator/data/stacks/test/stack.yml | 2 + tests/k8s-deploy/run-deploy-test.sh | 59 +++++++++++++++++++ 3 files changed, 66 insertions(+) create mode 100644 stack_orchestrator/data/compose-jobs/docker-compose-test-job.yml diff --git a/stack_orchestrator/data/compose-jobs/docker-compose-test-job.yml b/stack_orchestrator/data/compose-jobs/docker-compose-test-job.yml new file mode 100644 index 00000000..10ccf4b4 --- /dev/null +++ b/stack_orchestrator/data/compose-jobs/docker-compose-test-job.yml @@ -0,0 +1,5 @@ +services: + test-job: + image: cerc/test-container:local + entrypoint: /bin/sh + command: ["-c", "echo 'Job completed successfully'"] diff --git a/stack_orchestrator/data/stacks/test/stack.yml b/stack_orchestrator/data/stacks/test/stack.yml index 93d3ecd3..224590ff 100644 --- a/stack_orchestrator/data/stacks/test/stack.yml +++ b/stack_orchestrator/data/stacks/test/stack.yml @@ -7,3 +7,5 @@ containers: - cerc/test-container pods: - test +jobs: + - test-job diff --git a/tests/k8s-deploy/run-deploy-test.sh b/tests/k8s-deploy/run-deploy-test.sh index e482a5b7..5cee371a 100755 --- a/tests/k8s-deploy/run-deploy-test.sh +++ b/tests/k8s-deploy/run-deploy-test.sh @@ -105,6 +105,17 @@ fi # Add a config file to be picked up by the ConfigMap before starting. echo "dbfc7a4d-44a7-416d-b5f3-29842cc47650" > $test_deployment_dir/configmaps/test-config/test_config +# Add secrets to the deployment spec (references a pre-existing k8s Secret by name) +deployment_spec_file=${test_deployment_dir}/spec.yml +cat << EOF >> ${deployment_spec_file} +secrets: + test-secret: + - TEST_SECRET_KEY +EOF + +# Get the deployment ID for kubectl queries +deployment_id=$(cat ${test_deployment_dir}/deployment.yml | cut -d ' ' -f 2) + echo "deploy create output file test: passed" # Try to start the deployment $TEST_TARGET_SO deployment --dir $test_deployment_dir start @@ -166,6 +177,54 @@ else delete_cluster_exit fi +# --- New feature tests: namespace, labels, jobs, secrets --- + +# Check that the pod is in the deployment-specific namespace (not default) +ns_pod_count=$(kubectl get pods -n laconic-${deployment_id} -l app=${deployment_id} --no-headers 2>/dev/null | wc -l) +if [ "$ns_pod_count" -gt 0 ]; then + echo "namespace isolation test: passed" +else + echo "namespace isolation test: FAILED" + echo "Expected pod in namespace laconic-${deployment_id}" + delete_cluster_exit +fi + +# Check that the stack label is set on the pod +stack_label_count=$(kubectl get pods -n laconic-${deployment_id} -l app.kubernetes.io/stack=test --no-headers 2>/dev/null | wc -l) +if [ "$stack_label_count" -gt 0 ]; then + echo "stack label test: passed" +else + echo "stack label test: FAILED" + delete_cluster_exit +fi + +# Check that the job completed successfully +for i in {1..30}; do + job_status=$(kubectl get job ${deployment_id}-job-test-job -n laconic-${deployment_id} -o jsonpath='{.status.succeeded}' 2>/dev/null) + if [ "$job_status" == "1" ]; then + break + fi + sleep 2 +done +if [ "$job_status" == "1" ]; then + echo "job completion test: passed" +else + echo "job completion test: FAILED" + echo "Job status.succeeded: ${job_status}" + delete_cluster_exit +fi + +# Check that the secrets spec results in an envFrom secretRef on the pod +secret_ref=$(kubectl get pod -n laconic-${deployment_id} -l app=${deployment_id} \ + -o jsonpath='{.items[0].spec.containers[0].envFrom[?(@.secretRef.name=="test-secret")].secretRef.name}' 2>/dev/null) +if [ "$secret_ref" == "test-secret" ]; then + echo "secrets envFrom test: passed" +else + echo "secrets envFrom test: FAILED" + echo "Expected secretRef 'test-secret', got: ${secret_ref}" + delete_cluster_exit +fi + # Stop then start again and check the volume was preserved $TEST_TARGET_SO deployment --dir $test_deployment_dir stop # Sleep a bit just in case