Compare commits
1 Commits
codex/s59-
...
b87df27844
| Author | SHA1 | Date | |
|---|---|---|---|
|
b87df27844 |
@@ -109,7 +109,6 @@ spec:
|
|||||||
prometheus.io/scrape: "true"
|
prometheus.io/scrape: "true"
|
||||||
prometheus.io/port: "8080"
|
prometheus.io/port: "8080"
|
||||||
prometheus.io/path: "/metrics"
|
prometheus.io/path: "/metrics"
|
||||||
flowercore.io/healthz-auth-policy: "allow-anonymous"
|
|
||||||
spec:
|
spec:
|
||||||
# Synology NFS export `/volume1/kubernetes` ACL only allows rke2-server
|
# Synology NFS export `/volume1/kubernetes` ACL only allows rke2-server
|
||||||
# (10.0.56.11) right now. Until the ACL is widened in DSM (admin only),
|
# (10.0.56.11) right now. Until the ACL is widened in DSM (admin only),
|
||||||
|
|||||||
@@ -101,7 +101,6 @@ spec:
|
|||||||
prometheus.io/scrape: "true"
|
prometheus.io/scrape: "true"
|
||||||
prometheus.io/port: "5320"
|
prometheus.io/port: "5320"
|
||||||
prometheus.io/path: "/metrics/prometheus"
|
prometheus.io/path: "/metrics/prometheus"
|
||||||
flowercore.io/healthz-auth-policy: "allow-anonymous"
|
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: dns-web
|
serviceAccountName: dns-web
|
||||||
securityContext:
|
securityContext:
|
||||||
|
|||||||
@@ -131,7 +131,6 @@ spec:
|
|||||||
prometheus.io/scrape: "true"
|
prometheus.io/scrape: "true"
|
||||||
prometheus.io/port: "5200"
|
prometheus.io/port: "5200"
|
||||||
prometheus.io/path: "/metrics"
|
prometheus.io/path: "/metrics"
|
||||||
flowercore.io/healthz-auth-policy: "allow-anonymous"
|
|
||||||
spec:
|
spec:
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
kubernetes.io/hostname: rke2-server
|
kubernetes.io/hostname: rke2-server
|
||||||
|
|||||||
@@ -487,16 +487,16 @@ public sealed class FleetManifestLintTests
|
|||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
public void Distribution_OidcEnforcement_MustKeepHealthzAnonymousContractVisibleInManifest()
|
public void Distribution_OidcEnforcement_MustStayOffUntilHealthzAllowAnonymousProofLands()
|
||||||
{
|
{
|
||||||
var distribution = Inventory.Documents
|
var distribution = Inventory.Documents
|
||||||
.Single(document => document.Kind == "Deployment" && document.Namespace == "fc-distribution" && document.Name == "fc-distribution");
|
.Single(document => document.Kind == "Deployment" && document.Namespace == "fc-distribution" && document.Name == "fc-distribution");
|
||||||
var container = distribution.MainContainerMappings().Should().ContainSingle().Subject;
|
var container = distribution.MainContainerMappings().Should().ContainSingle().Subject;
|
||||||
|
|
||||||
EnvValue(container, "FlowerCore__Auth__Oidc__Enabled").Should().Be("true");
|
EnvValue(container, "FlowerCore__Auth__Oidc__Enabled").Should().Be("true");
|
||||||
EnvValue(container, "FlowerCore__Auth__Enabled").Should().Be("true");
|
EnvValue(container, "FlowerCore__Auth__Enabled").Should().Be("false");
|
||||||
ProbeHttpGetPath(container, "readinessProbe").Should().Be("/healthz");
|
ProbeHttpGetPath(container, "readinessProbe").Should().Be("/healthz");
|
||||||
PodAnnotation(distribution, "flowercore.io/healthz-auth-policy").Should().Be("allow-anonymous");
|
PodAnnotation(distribution, "flowercore.io/healthz-auth-policy").Should().NotBe("allow-anonymous");
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
|
|||||||
Reference in New Issue
Block a user