@@ -52,7 +52,7 @@ func TestBuildPodSpec_MultiService(t *testing.T) {
5252 },
5353 }
5454
55- spec := buildPodSpec (req )
55+ spec := buildPodSpec (req , nil )
5656
5757 // Init goes to initContainers[]; Main + Sidecar to containers[].
5858 if len (spec .InitContainers ) != 1 {
@@ -98,7 +98,7 @@ func TestBuildDeployment_ReplicasFromMain(t *testing.T) {
9898 },
9999 }
100100
101- dep := buildDeployment (req , "default" , map [string ]string {})
101+ dep := buildDeployment (req , "default" , map [string ]string {}, nil )
102102
103103 if dep .Spec .Replicas == nil {
104104 t .Fatalf ("expected replicas pointer, got nil" )
@@ -131,7 +131,7 @@ func TestBuildStatefulSet_PVCTemplates(t *testing.T) {
131131 },
132132 }
133133
134- ss := buildStatefulSet (req , "default" , map [string ]string {})
134+ ss := buildStatefulSet (req , "default" , map [string ]string {}, nil )
135135
136136 if len (ss .Spec .VolumeClaimTemplates ) != 1 {
137137 t .Fatalf ("volume claim templates: want 1, got %d" , len (ss .Spec .VolumeClaimTemplates ))
@@ -171,7 +171,7 @@ func TestBuildService_HeadlessForStatefulSet(t *testing.T) {
171171 },
172172 }
173173
174- svc := buildService (req , "default" , map [string ]string {}, true )
174+ svc := buildService (req , "default" , map [string ]string {}, true /*headless*/ )
175175 if svc == nil {
176176 t .Fatalf ("expected Service, got nil" )
177177 }
@@ -217,3 +217,114 @@ func TestBuildConfigMaps_PerService(t *testing.T) {
217217 t .Fatalf ("config maps: want 2 (main + logger), got %d" , len (cms ))
218218 }
219219}
220+
221+ // TestBuildPodSpec_ImagePullSecrets verifies that imagePullSecrets are
222+ // forwarded to the PodSpec so private registry images can be pulled.
223+ func TestBuildPodSpec_ImagePullSecrets (t * testing.T ) {
224+ t .Parallel ()
225+
226+ req := provider.ProvisionRequest {
227+ InstanceID : id .New (id .PrefixInstance ),
228+ TenantID : "ten_test" ,
229+ Services : []provider.ServiceSpec {
230+ {
231+ Name : "main" ,
232+ Image : "ghcr.io/private/app:1.0" ,
233+ Role : provider .RoleMain ,
234+ },
235+ },
236+ }
237+
238+ spec := buildPodSpec (req , []string {"ghcr-pull" })
239+
240+ if len (spec .ImagePullSecrets ) != 1 {
241+ t .Fatalf ("imagePullSecrets: want 1, got %d" , len (spec .ImagePullSecrets ))
242+ }
243+
244+ if spec .ImagePullSecrets [0 ].Name != "ghcr-pull" {
245+ t .Fatalf ("imagePullSecrets[0].Name: want ghcr-pull, got %q" , spec .ImagePullSecrets [0 ].Name )
246+ }
247+ }
248+
249+ // TestBuildDeployment_ImagePullSecrets verifies that imagePullSecrets
250+ // propagate through buildDeployment into the pod template spec.
251+ func TestBuildDeployment_ImagePullSecrets (t * testing.T ) {
252+ t .Parallel ()
253+
254+ req := provider.ProvisionRequest {
255+ InstanceID : id .New (id .PrefixInstance ),
256+ TenantID : "ten_test" ,
257+ Kind : provider .KindDeployment ,
258+ Services : []provider.ServiceSpec {
259+ {
260+ Name : "main" ,
261+ Image : "ghcr.io/private/app:1.0" ,
262+ Role : provider .RoleMain ,
263+ Ports : []provider.PortSpec {
264+ {Container : 7903 , Protocol : "TCP" },
265+ },
266+ },
267+ },
268+ }
269+
270+ dep := buildDeployment (req , "default" , map [string ]string {}, []string {"ghcr-pull" })
271+
272+ got := dep .Spec .Template .Spec .ImagePullSecrets
273+ if len (got ) != 1 {
274+ t .Fatalf ("deployment imagePullSecrets: want 1, got %d" , len (got ))
275+ }
276+
277+ if got [0 ].Name != "ghcr-pull" {
278+ t .Fatalf ("deployment imagePullSecrets[0].Name: want ghcr-pull, got %q" , got [0 ].Name )
279+ }
280+ }
281+
282+ // TestBuildEndpoints verifies that buildEndpoints produces the correct
283+ // in-cluster DNS URL for each service with ports.
284+ func TestBuildEndpoints (t * testing.T ) {
285+ t .Parallel ()
286+
287+ req := provider.ProvisionRequest {
288+ InstanceID : id .New (id .PrefixInstance ),
289+ TenantID : "ten_test" ,
290+ Services : []provider.ServiceSpec {
291+ {
292+ Name : "main" ,
293+ Image : "app:1" ,
294+ Role : provider .RoleMain ,
295+ Ports : []provider.PortSpec {
296+ {Container : 7903 , Protocol : "TCP" },
297+ },
298+ },
299+ {
300+ // No ports — should not produce an endpoint.
301+ Name : "init-db" ,
302+ Image : "alpine:3" ,
303+ Role : provider .RoleInit ,
304+ },
305+ },
306+ }
307+
308+ endpoints := buildEndpoints (req , "staging" )
309+
310+ if len (endpoints ) != 1 {
311+ t .Fatalf ("endpoints: want 1 (main only), got %d" , len (endpoints ))
312+ }
313+
314+ ep := endpoints [0 ]
315+
316+ if ep .ServiceName != "main" {
317+ t .Fatalf ("endpoint ServiceName: want main, got %q" , ep .ServiceName )
318+ }
319+
320+ if ep .Port != 7903 {
321+ t .Fatalf ("endpoint Port: want 7903, got %d" , ep .Port )
322+ }
323+
324+ svcName := serviceName (req .InstanceID )
325+ wantURL := "http://" + svcName + ".staging.svc.cluster.local:7903"
326+
327+ if ep .URL != wantURL {
328+ t .Fatalf ("endpoint URL:\n want %q\n got %q" , wantURL , ep .URL )
329+ }
330+ }
0 commit comments