test-kubeconfig.yaml•4.73 kB
{{- if ne .Values.kubeconfig.provider "serviceaccount" }}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "mcp-server-kubernetes.fullname" . }}-test-kubeconfig"
labels:
{{- include "mcp-server-kubernetes.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
"helm.sh/hook-weight": "5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- $commonAnnotations := include "mcp-server-kubernetes.annotations" . }}
{{- if $commonAnnotations }}
{{- $commonAnnotations | nindent 4 }}
{{- end }}
spec:
restartPolicy: Never
securityContext:
{{- toYaml .Values.security.podSecurityContext | nindent 4 }}
{{- if eq (include "mcp-server-kubernetes.needsInitContainer" .) "true" }}
initContainers:
- name: kubeconfig-test-fetcher
image: {{ include "mcp-server-kubernetes.initImage" . }}
securityContext:
{{- toYaml .Values.security.securityContext | nindent 8 }}
{{- if eq .Values.kubeconfig.provider "aws" }}
command: ["/bin/sh"]
args: ["/scripts/test-aws-kubeconfig.sh"]
{{- else if eq .Values.kubeconfig.provider "gcp" }}
command: ["/bin/sh"]
args: ["/scripts/test-gcp-kubeconfig.sh"]
{{- else if eq .Values.kubeconfig.provider "url" }}
command: ["/bin/sh"]
args: ["/scripts/test-url-kubeconfig.sh"]
{{- else if eq .Values.kubeconfig.provider "custom" }}
command: ["/bin/sh"]
args: ["/scripts/test-custom-kubeconfig.sh"]
{{- end }}
env:
{{- range $key, $value := .Values.kubeconfig.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
volumeMounts:
- name: kubeconfig-volume
mountPath: /kubeconfig
- name: kubeconfig-test-scripts
mountPath: /scripts
{{- end }}
containers:
- name: kubeconfig-test
image: bitnami/kubectl:latest
securityContext:
{{- toYaml .Values.security.securityContext | nindent 6 }}
env:
{{- if ne .Values.kubeconfig.provider "serviceaccount" }}
{{- $kubeconfigPath := include "mcp-server-kubernetes.kubeconfigEnv" . }}
{{- if $kubeconfigPath }}
- name: KUBECONFIG
value: {{ $kubeconfigPath | quote }}
{{- end }}
{{- end }}
{{- if eq .Values.kubeconfig.provider "content" }}
- name: KUBECONFIG_YAML
valueFrom:
secretKeyRef:
name: {{ include "mcp-server-kubernetes.fullname" . }}-kubeconfig
key: kubeconfig.yaml
{{- end }}
command:
- /bin/bash
- -c
- |
set -e
echo "Testing kubeconfig functionality..."
{{- if eq .Values.kubeconfig.provider "content" }}
# For content provider, decode and use the kubeconfig
echo "$KUBECONFIG_YAML" | base64 -d > /tmp/kubeconfig
export KUBECONFIG=/tmp/kubeconfig
{{- end }}
# Test basic kubectl connectivity
echo "Testing kubectl connectivity..."
kubectl cluster-info --request-timeout=10s || {
echo "ERROR: kubectl cluster-info failed"
echo "Kubeconfig provider: {{ .Values.kubeconfig.provider }}"
{{- if .Values.kubeconfig.provider }}
echo "KUBECONFIG: $KUBECONFIG"
{{- end }}
exit 1
}
echo "✓ kubectl cluster-info successful"
# Test basic API access
echo "Testing API server access..."
kubectl get nodes --request-timeout=10s >/dev/null 2>&1 && \
echo "✓ Can access cluster nodes" || \
echo "WARNING: Cannot access nodes (may be RBAC limited)"
# Test namespace access
kubectl get namespaces --request-timeout=10s >/dev/null 2>&1 && \
echo "✓ Can list namespaces" || \
echo "WARNING: Cannot list namespaces (may be RBAC limited)"
# Show available contexts
echo "Available contexts:"
kubectl config get-contexts 2>/dev/null || echo "No contexts available"
echo "Kubeconfig test completed successfully"
{{- if ne .Values.kubeconfig.provider "serviceaccount" }}
volumeMounts:
- name: kubeconfig-volume
mountPath: /kubeconfig
readOnly: true
{{- end }}
volumes:
{{- if eq (include "mcp-server-kubernetes.needsInitContainer" .) "true" }}
- name: kubeconfig-volume
emptyDir: {}
- name: kubeconfig-test-scripts
configMap:
name: {{ include "mcp-server-kubernetes.fullname" . }}-test-scripts
defaultMode: 0755
{{- else if eq .Values.kubeconfig.provider "content" }}
- name: kubeconfig-volume
secret:
secretName: {{ include "mcp-server-kubernetes.fullname" . }}-kubeconfig
defaultMode: 0600
{{- end }}
{{- end }}