Alternative helm chart of the golang proxy athens https://artifacthub.io/packages/helm/volker-raschek/athens-proxy
Go to file
CSRBot 560234e9c0
continuous-integration/drone/pr Build is passing Details
continuous-integration/drone/push Build is passing Details
chore(deps): update git.cryptic.systems/volker.raschek/markdownlint docker tag to v0.41.0
2024-05-27 13:04:04 +00:00
examples fix: typos 2022-05-24 18:35:07 +02:00
templates fix: container image name 2023-05-21 13:26:20 +02:00
.drone.yml chore(deps): update git.cryptic.systems/volker.raschek/markdownlint docker tag to v0.41.0 2024-05-27 13:04:04 +00:00
.editorconfig Initial Commit 2022-05-21 11:45:03 +02:00
.gitignore Initial Commit 2022-05-21 11:45:03 +02:00
.helmignore Initial Commit 2022-05-21 11:45:03 +02:00
.markdownlint.yaml Initial Commit 2022-05-21 11:45:03 +02:00
Chart.yaml chore(deps): update athens docker tag to v1.13.1 2024-02-15 19:05:42 +01:00
LICENSE Initial Commit 2022-05-21 11:45:03 +02:00
README.md fix: typos 2022-05-24 18:35:07 +02:00
renovate.json fix(renovate): remove automerge options 2024-01-21 14:42:46 +01:00
values.yaml Initial Commit 2022-05-21 11:45:03 +02:00

README.md

athens-proxy-charts

Build Status Artifact Hub

This is an inofficial helm chart of the go-proxy athens which supports more complex configuration options.

This helm chart can be found on artifacthub.io and can be installed via helm.

helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
helm install athens-proxy volker.raschek/athens-proxy

Customization

The complete deployment can be adapted via the values.yaml files. The configuration of the proxy can be done via the environment variables described below or via mounting the config.toml as additional persistent volume to /config/config.toml

Access private repositories via SSH

Create a configmap.yaml with multiple keys. One key describe the content of the .gitconfig file and another of config of the ssh client. All requests git clone comands with the prefix http://github.com/ will be replaced by git@github.com: to use SSH instead of HTTPS. The SSH keys are stored in a separate secret.

apiVersion: v1
kind: ConfigMap
metadata:
  name: custom-configs
data:
  sshconfig: |
    Host github.com
      IdentityFile /root/.ssh/id_ed25519
      StrictHostKeyChecking no    
  gitconfig: |
    [url "git@github.com:"]
      insteadOf = https://github.com/    

The secret definition below contains the SSH private and public key.

apiVersion: v1
kind: Secret
metadata:
  name: custom-ssh-keys
type: Opaque
stringData:
  id_ed25519: |
    -----BEGIN OPENSSH PRIVATE KEY-----
    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
    QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
    XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
    AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
    a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
    -----END OPENSSH PRIVATE KEY-----    
  id_ed25519.pub: |
    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe    

The item config of the configmap will be merged with the items of the secret as virtual volume. This volume can than be mounted with special permissions required for the ssh client.

extraVolumes:
- name: ssh
  projected:
    defaultMode: 0644
    sources:
    - configMap:
        name: custom-configs
        items:
        - key: sshconfig
          path: config
    - secret:
        name: custom-ssh-keys
        items:
        - key: id_ed25519
          path: id_ed25519
          mode: 0600
        - key: id_ed25519.pub
          path: id_ed25519.pub
- name: gitconfig
  configMap:
    name: custom-configs
    items:
    - key: gitconfig
      path: config
      mode: 0644

extraVolumeMounts:
- name: ssh
  mountPath: /root/.ssh
- name: gitconfig
  mountPath: /root/.config/git

Access private github.com repositories via developer token

Another way to access private github repositories is via a github token, which can be set via the environment variable GITHUB_TOKEN. Athens automatically creates a .netrc file to access private github repositories.

Access private repositories via .netrc configuration

As describe above, a .netrc file is responsible for the authentication via HTTP. The file can also be defined via a custom secret and mounted into the home directory of root for general authentication purpose.

The example below describe the definition and mounting of a custom .netrc file to access private repositories hosted on github and gitlab.

apiVersion: v1
kind: Secret
metadata:
  name: custom-netrc
type: Opaque
stringData:
  netrc: |
    machine github.com login USERNAME password API-KEY
    machine gitlab.com login USERNAME password API-KEY    

The file must then be mounted via extraVolumes and extraVolumeMounts.

extraVolumes:
- name: netrc
  secret:
    secretName: custom-netrc
    items:
    - key: netrc
      path: .netrc
      mode: 0600

extraVolumeMounts:
- name: netrc
  mountPath: /root

Persistent storage

Unlike the athens default, the default here is disk - i.e. the files are written to the container. Therefore, it is advisable to outsource the corresponding storage location to persistent storage. The following example describes the integration of a persistent storage claim.

extraVolumes:
- name: gomodules
  persistentVolumeClaim:
    claimName: custom-gomodules-pvc

extraVolumeMounts:
- name: gomodules
  mountPath: /var/lib/athens