Added custom image pull secrets integ test

.changelog/3808.changed.txt

@@ -0,0 +1 @@
+test: Added custom image pull secrets tests for global configuration attributes

deploy/helm/sumologic/templates/instrumentation/otelcol-instrumentation/statefulset.yaml

@@ -44,7 +44,7 @@ spec:
 {{- if $otelcolInstrumentation.statefulset.podLabels }}
 {{ toYaml $otelcolInstrumentation.statefulset.podLabels | indent 8 }}
 {{- end }}
-    spec:
+    spec:  
       serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }}
 {{- if not (empty (include "otelcolInstrumentation.statefulset.nodeSelector" .)) }}
       nodeSelector:

deploy/helm/sumologic/templates/instrumentation/traces-gateway/deployment.yaml

@@ -45,7 +45,7 @@ spec:
 {{- if $tracesGateway.deployment.podLabels }}
 {{ toYaml $tracesGateway.deployment.podLabels | indent 8 }}
 {{- end }}
-    spec:
+    spec: 
       serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }}
 {{- if not (empty (include "tracesGateway.deployment.nodeSelector" .)) }}
       nodeSelector:

deploy/helm/sumologic/templates/logs/collector/otelcol/daemonset.yaml

@@ -3,7 +3,7 @@
 {{- $instance := "" -}}
 {{- $defaultTolerations := (include "sumologic.logs.collector.tolerations" .) }}
 {{- $defaultAffinity := (include "kubernetes.defaultAffinity" .) }}
-{{- $daemonsets := dict "" $.Values.otellogs.daemonset  -}}
+{{- $daemonsets := dict "" $.Values.otellogs.daemonset -}}
 {{- $daemonsets = deepCopy $daemonsets | merge $.Values.otellogs.additionalDaemonSets -}}
 {{- range $name, $daemonset := $daemonsets }}
 {{- $defaultDaemonset := deepCopy $.Values.otellogs.daemonset }}
@@ -29,17 +29,17 @@ apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: {{ printf "%s%s" (include "sumologic.metadata.name.logs.collector.daemonset" $ctx) $instance | trunc 63 | trimSuffix "-" }}
-  namespace: {{ template "sumologic.namespace"  $ctx }}
+  namespace: {{ template "sumologic.namespace" $ctx }}
   {{- if $daemonset.annotations }}
   annotations:
-{{ toYaml $daemonset.annotations| indent 4 }}
-{{- end }}
+{{ toYaml $daemonset.annotations | indent 4 }}
+  {{- end }}
   labels:
     app: {{ template "sumologic.labels.app.logs.collector.daemonset" $ctx }}
     {{- include "sumologic.labels.common" $ctx | nindent 4 }}
-{{- if $daemonset.labels }}
+    {{- if $daemonset.labels }}
 {{ toYaml $daemonset.labels | indent 4 }}
-{{- end }}
+    {{- end }}
 spec:
   selector:
     matchLabels:
@@ -48,35 +48,35 @@ spec:
     metadata:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/logs/collector/otelcol/configmap.yaml") $ctx | sha256sum }}
-{{- if $.Values.sumologic.podAnnotations }}
+        {{- if $.Values.sumologic.podAnnotations }}
 {{ toYaml $.Values.sumologic.podAnnotations | indent 8 }}
-{{- end }}
-{{- if $daemonset.podAnnotations }}
+        {{- end }}
+        {{- if $daemonset.podAnnotations }}
 {{ toYaml $daemonset.podAnnotations | indent 8 }}
-{{- end }}
+        {{- end }}
       labels:
         app.kubernetes.io/name: {{ printf "%s%s" (include "sumologic.labels.app.logs.collector.pod" $ctx) $instance | trunc 63 | trimSuffix "-" }}
         app.kubernetes.io/app-name: {{ (include "sumologic.labels.app.logs.collector.pod" $ctx) | trunc 63 | trimSuffix "-" }}
         {{- include "sumologic.labels.common" $ctx | nindent 8 }}
-{{- if $.Values.sumologic.podLabels }}
+        {{- if $.Values.sumologic.podLabels }}
 {{ toYaml $.Values.sumologic.podLabels | indent 8 }}
-{{- end }}
-{{- if $daemonset.podLabels }}
+        {{- end }}
+        {{- if $daemonset.podLabels }}
 {{ toYaml $daemonset.podLabels | indent 8 }}
-{{- end }}
+        {{- end }}
     spec:
-{{- if $nodeSelector }}
+      {{- if $nodeSelector }}
       nodeSelector:
 {{ $nodeSelector | indent 8 }}
-{{- end }}
-{{- if $affinity }}
+      {{- end }}
+      {{- if $affinity }}
       affinity:
 {{ $affinity | indent 8 }}
-{{- end }}
-{{- if $tolerations }}
+      {{- end }}
+      {{- if $tolerations }}
       tolerations:
 {{ $tolerations | indent 8 }}
-{{- end }}
+      {{- end }}
       securityContext:
         {{- toYaml $daemonset.securityContext | nindent 8 }}
       {{- if $daemonset.priorityClassName }}
@@ -114,9 +114,9 @@ spec:
         - mountPath: /var/log/journal
           name: varlogjournal
           readOnly: true
-{{- if $daemonset.extraVolumeMounts }}
+        {{- if $daemonset.extraVolumeMounts }}
 {{ toYaml $daemonset.extraVolumeMounts | indent 8 }}
-{{- end }}
+        {{- end }}
         env:
         - name: LOGS_METADATA_SVC
           valueFrom:
@@ -127,9 +127,9 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-{{- if $daemonset.extraEnvVars }}
+        {{- if $daemonset.extraEnvVars }}
 {{ toYaml $daemonset.extraEnvVars | nindent 8 }}
-{{- end }}
+        {{- end }}
         securityContext:
           {{- toYaml $daemonset.containers.otelcol.securityContext | nindent 10 }}
         ports:
@@ -180,13 +180,13 @@ spec:
           path: /var/log/journal/
           type: ""
         name: varlogjournal
-{{- if $daemonset.extraVolumes }}
+        {{- if $daemonset.extraVolumes }}
 {{ toYaml $daemonset.extraVolumes | indent 6 }}
-{{- end }}
+        {{- end }}
       serviceAccountName: {{ template "sumologic.metadata.name.logs.collector.serviceaccount" $ctx }}
-{{- if $daemonset.updateStrategy }}
+      {{- if $daemonset.updateStrategy }}
   updateStrategy:
 {{ toYaml $daemonset.updateStrategy | indent 4 }}
-{{- end }}
-{{- end }}
-{{- end }}
+      {{- end }}
+    {{- end }}
+  {{- end }}

deploy/helm/sumologic/values.yaml

@@ -1081,6 +1081,7 @@ kube-prometheus-stack:
     customLabels: {}
     ## Additional annotations for pods in the DaemonSet
     podAnnotations: {}
+
     resources:
       {}
       # limits:
@@ -2347,7 +2348,7 @@ telegraf-operator:
 ## Configure Falco
 ## Please note that Falco is embedded in this Helm Chart for user convenience only - Sumo Logic does not provide production support for it
 ## This is an experimental configuration and shouldn't be used in production environment
-## https://github.com/falcosecurity/charts/tree/master/falco
+## https://github.com/falcosecurity/charts/blob/master/charts/falco/values.yaml
 falco:
   enabled: false
 

docs/working-with-container-registries.md

@@ -18,7 +18,7 @@ kubectl create secret docker-registry ${SECRET_NAME} \
   --docker-password=$(aws ecr-public --region us-east-1 get-login-password)
 ```
 
-After creating the secret one can use it in the following way:
+After creating the secret, one can use it in the following way:
 
 ```yaml
 sumologic:

tests/helm/common_test.go

@@ -475,6 +475,24 @@ func GetTolerations(object unstructured.Unstructured) ([]corev1.Toleration, erro
 	return nil, nil
 }
 
+func ContainsImagePullSecret(imagePullSecrets []corev1.LocalObjectReference, expectedSecret string) bool {
+	for _, secret := range imagePullSecrets {
+		if secret.Name == expectedSecret {
+			return true
+		}
+	}
+	return false
+}
+
+func ObjectUsesPullSecrets(objectName string, namesToCheck map[string]struct{}) bool {
+	for name := range namesToCheck {
+		if strings.Contains(objectName, name) {
+			return true
+		}
+	}
+	return false
+}
+
 func TestNamespaceOverride(t *testing.T) {
 	valuesFilePath := path.Join(testDataDirectory, "everything-enabled.yaml")
 	namespaceOverride := "override"
@@ -692,3 +710,62 @@ func TestCustomServiceAccountAnnotations(t *testing.T) {
 		}
 	}
 }
+
+func TestCustomImagePullSecrets(t *testing.T) {
+	//t.Parallel()
+	valuesFilePath := path.Join(testDataDirectory, "custom-global-config-attributes.yaml")
+	renderedYamlString := RenderTemplate(
+		t,
+		&helm.Options{
+			ValuesFiles: []string{valuesFilePath},
+			SetStrValues: map[string]string{
+				"sumologic.accessId":  "accessId",
+				"sumologic.accessKey": "accessKey",
+			},
+			Logger: logger.Discard,
+		},
+		chartDirectory,
+		releaseName,
+		[]string{},
+		true,
+		"--namespace",
+		defaultNamespace,
+	)
+
+	renderedObjects := UnmarshalMultipleFromYaml[unstructured.Unstructured](t, renderedYamlString)
+
+	for _, renderedObject := range renderedObjects {
+		kind := renderedObject.GetObjectKind().GroupVersionKind().Kind
+		name := renderedObject.GetName()
+
+		if !ObjectUsesPullSecrets(name, namesToCheck) {
+			continue
+		}
+
+		// have a test for service account pull secrets: TestServiceAccountPullSecrets
+		if kind == "ServiceAccount" {
+			continue
+		}
+
+		podTemplateSpec, err := GetPodTemplateSpec(renderedObject)
+		if err != nil {
+			t.Logf("Error getting PodTemplateSpec for object %s: %v", renderedObject.GetName(), err)
+			continue
+		}
+
+		if podTemplateSpec == nil {
+			t.Logf("PodTemplateSpec is nil for object %s", renderedObject.GetName())
+			continue
+		}
+
+		require.NotEmpty(t, podTemplateSpec.Spec.ImagePullSecrets, "%s %s should have imagePullSecrets", kind, renderedObject.GetName())
+		assert.True(
+			t,
+			ContainsImagePullSecret(podTemplateSpec.Spec.ImagePullSecrets, customImagePullSecrets),
+			"Expected imagePullSecret %v not found in %s %s",
+			customImagePullSecrets,
+			kind,
+			renderedObject.GetName(),
+		)
+	}
+}

tests/helm/const.go

@@ -23,6 +23,7 @@ const (
 	customLabelValue         = "customLabelValue"
 	customAnnotationsKey     = "customAnnotationsKey"
 	customAnnotationsValue   = "customAnnotationsValue"
+	customImagePullSecrets   = "customImagePullSecrets"
 )
 
 var subChartNames []string = []string{
@@ -36,6 +37,16 @@ var subChartNames []string = []string{
 	"opentelemetry-operator",
 }
 
+// https://github.com/SumoLogic/sumologic-kubernetes-collection/blob/2ea0cff52579d3e77059eed94731770f8f16e402/docs/working-with-container-registries.md?plain=1#L37-L50
+var namesToCheck = map[string]struct{}{
+	"setup-job":                    {},
+	"remote-write-proxy":           {},
+	"kube-prometheus-s-prometheus": {},
+	"metrics-server":               {},
+	"telegraf-operator":            {},
+	"falco":                        {},
+}
+
 var expectedAnnotations = map[string]string{
 	"customServiceAccountAnnotationKey": "customServiceAccountAnnotationValue",
 }

tests/helm/testdata/custom-global-config-attributes.yaml

@@ -1,17 +1,25 @@
 sumologic:
+  pullSecrets:
+    - name: customImagePullSecrets
   metrics:
     remoteWriteProxy:
       enabled: true
-
   podLabels:
     customLabelKey: customLabelValue
   podAnnotations:
     customAnnotationsKey: customAnnotationsValue
   serviceAccount:
     annotations:
       customServiceAccountAnnotationKey: customServiceAccountAnnotationValue
+  setup:
+    job:
+      pullSecrets:
+        - name: customImagePullSecrets
 
 kube-prometheus-stack:
+  global:
+    imagePullSecrets:
+      - name: customImagePullSecrets
   kube-state-metrics:
     customLabels:
       customLabelKey: customLabelValue
@@ -26,6 +34,7 @@ kube-prometheus-stack:
         annotations:
           customAnnotationsKey: customAnnotationsValue
   prometheus-node-exporter:
+    enabled: true
     podLabels:
       customLabelKey: customLabelValue
     podAnnotations:
@@ -37,9 +46,13 @@ opentelemetry-operator:
       customLabelKey: customLabelValue
     podAnnotations:
       customAnnotationsKey: customAnnotationsValue
+  imagePullSecrets:
+    - name: customImagePullSecrets
 
 falco:
   enabled: true
+  imagePullSecrets:
+    - name: customImagePullSecrets
   podLabels:
     customLabelKey: customLabelValue
   podAnnotations:
@@ -51,3 +64,12 @@ prometheus-windows-exporter:
     customLabelKey: customLabelValue
   podAnnotations:
     customAnnotationsKey: customAnnotationsValue
+
+metrics-server:
+  image:
+    pullSecrets:
+      - name: customImagePullSecrets
+
+telegraf-operator:
+  imagePullSecrets:
+    - name: customImagePullSecrets