commit 64e21d43ab6d2cda810c082d6e494fe7128af15c Author: Markus Pesch Date: Sat May 21 11:09:39 2022 +0200 Initial Commit diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..cfca5de --- /dev/null +++ b/.drone.yml @@ -0,0 +1,83 @@ +--- +kind: pipeline +type: kubernetes +name: linter + +platform: + os: linux + arch: amd64 + +steps: +- name: helm lint + commands: + - helm lint + image: docker.io/volkerraschek/helm:3.8.0 + resources: + limits: + cpu: 150 + memory: 150M + +- name: markdown lint + commands: + - markdownlint *.md + image: docker.io/volkerraschek/markdownlint:0.30.0 + resources: + limits: + cpu: 150 + memory: 150M + +- name: email-notification + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + image: docker.io/drillster/drone-email:latest + resources: + limits: + cpu: 50 + memory: 25M + when: + status: + - changed + - failure + +trigger: + event: + exclude: + - tag + +--- +kind: pipeline +type: kubernetes +name: release + +platform: + os: linux + +steps: +- name: release-helm-chart + commands: + - helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek + - helm package --version ${DRONE_TAG} . + - helm cm-push ${DRONE_REPO_NAME%-charts}-${DRONE_TAG}.tgz volker.raschek + environment: + HELM_REPO_PASSWORD: + from_secret: helm_repo_password + HELM_REPO_USERNAME: + from_secret: helm_repo_username + image: docker.io/volkerraschek/helm:3.8.0 + resources: + limits: + cpu: 150 + memory: 150M + +trigger: + event: + - tag + repo: + - volker.raschek/drone-charts diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..1166a4a --- /dev/null +++ b/.editorconfig @@ -0,0 +1,12 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = false \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cdcaed9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.tgz +values2.yml +values2.yaml \ No newline at end of file diff --git a/.helmignore b/.helmignore new file mode 100644 index 0000000..22b5ff9 --- /dev/null +++ b/.helmignore @@ -0,0 +1,32 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# drone +.drone.yml +# markdownlint +.markdownlint.yaml +# customized values +values2.yml +values2.yaml +# helm packages +*.tgz \ No newline at end of file diff --git a/.markdownlint.yaml b/.markdownlint.yaml new file mode 100644 index 0000000..3406b43 --- /dev/null +++ b/.markdownlint.yaml @@ -0,0 +1,144 @@ +# markdownlint YAML configuration +# https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml + +# Default state for all rules +default: true + +# Path to configuration file to extend +extends: null + +# MD003/heading-style/header-style - Heading style +MD003: + # Heading style + style: "atx" + +# MD004/ul-style - Unordered list style +MD004: + style: "dash" + +# MD007/ul-indent - Unordered list indentation +MD007: + # Spaces for indent + indent: 2 + # Whether to indent the first level of the list + start_indented: false + +# MD009/no-trailing-spaces - Trailing spaces +MD009: + # Spaces for line break + br_spaces: 2 + # Allow spaces for empty lines in list items + list_item_empty_lines: false + # Include unnecessary breaks + strict: false + +# MD010/no-hard-tabs - Hard tabs +MD010: + # Include code blocks + code_blocks: true + +# MD012/no-multiple-blanks - Multiple consecutive blank lines +MD012: + # Consecutive blank lines + maximum: 1 + +# MD013/line-length - Line length +MD013: + # Number of characters + line_length: 80 + # Number of characters for headings + heading_line_length: 80 + # Number of characters for code blocks + code_block_line_length: 80 + # Include code blocks + code_blocks: false + # Include tables + tables: false + # Include headings + headings: true + # Include headings + headers: true + # Strict length checking + strict: false + # Stern length checking + stern: false + +# MD022/blanks-around-headings/blanks-around-headers - Headings should be surrounded by blank lines +MD022: + # Blank lines above heading + lines_above: 1 + # Blank lines below heading + lines_below: 1 + +# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content +MD024: + # Only check sibling headings + allow_different_nesting: true + +# MD025/single-title/single-h1 - Multiple top-level headings in the same document +MD025: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD026/no-trailing-punctuation - Trailing punctuation in heading +MD026: + # Punctuation characters + punctuation: ".,;:!。,;:!" + +# MD029/ol-prefix - Ordered list item prefix +MD029: + # List style + style: "one_or_ordered" + +# MD030/list-marker-space - Spaces after list markers +MD030: + # Spaces for single-line unordered list items + ul_single: 1 + # Spaces for single-line ordered list items + ol_single: 1 + # Spaces for multi-line unordered list items + ul_multi: 1 + # Spaces for multi-line ordered list items + ol_multi: 1 + +# MD033/no-inline-html - Inline HTML +MD033: + # Allowed elements + allowed_elements: [] + +# MD035/hr-style - Horizontal rule style +MD035: + # Horizontal rule style + style: "---" + +# MD036/no-emphasis-as-heading/no-emphasis-as-header - Emphasis used instead of a heading +MD036: + # Punctuation characters + punctuation: ".,;:!?。,;:!?" + +# MD041/first-line-heading/first-line-h1 - First line in a file should be a top-level heading +MD041: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD044/proper-names - Proper names should have the correct capitalization +MD044: + # List of proper names + names: + - gitea + # Include code blocks + code_blocks: false + +# MD046/code-block-style - Code block style +MD046: + # Block style + style: "fenced" + +# MD048/code-fence-style - Code fence style +MD048: + # Code fence syle + style: "backtick" \ No newline at end of file diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..aced3df --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +name: athens-proxy +description: Athens proxy server for golang +type: application +version: "0.1.0" +appVersion: "0.11.0" +icon: https://github.com/gomods/athens/blob/main/docs/static/banner.png?raw=true + +keywords: +- golang +- athens +- gomod +- go-proxy + +sources: +- https://github.com/volker-raschek/athens-proxy-charts +- https://github.com/gomods/athens +- https://hub.docker.com/r/gomods/athens + +maintainers: +- name: Markus Pesch + email: markus.pesch+apps@cryptic.systems diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..9ce8f76 --- /dev/null +++ b/LICENSE @@ -0,0 +1,13 @@ +Copyright 2022 Markus Pesch + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..30c1617 --- /dev/null +++ b/README.md @@ -0,0 +1,167 @@ +# athens-proxy-charts + +[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/athens-proxy-charts/status.svg)](https://drone.cryptic.systems/volker.raschek/athens-proxy-charts) +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek) + +This is an inofficial helm chart of the go-proxy +[athens](https://github.com/gomods/athens) which supports more complex +configuration options. + +This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and +can be installed via helm. + +```bash +helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek +helm install athens-proxy volker.raschek/athens-proxy +``` + +## Customization + +The complete deployment can be adapted via the `values.yaml` files. The +configuration of the proxy can be done via the environment variables described +below or via mounting the config.toml as additional persistent volume to +`/config/config.toml` + +## Access private repositories via SSH + +Create a `configmap.yaml` with multiple keys. One key describe the content of +the `.gitconfig` file and another of `config` of the ssh client. All requests +git clone comands with the prefix `http://github.com/` will be replaced by +`git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a +separate secret. + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-configs +data: + sshconfig: | + Host github.com + IdentifyFile /root/.ssh/id_ed25519 + StrictHostKeyChecking no + gitconfig: | + [url "git@github.com:"] + insteadOf = https://github.com/ +``` + +The secret definition below contains the SSH private and public key. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: custom-ssh-keys +type: Opaque +stringData: + id_ed25519: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj + XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg + AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M + a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ== + -----END OPENSSH PRIVATE KEY----- + id_ed25519.pub: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe +``` + +The item `config` of the configmap will be merged with the items of the secret +as virtual volume. This volume can than be mounted with special permissions +required for the ssh client. + +```yaml +extraVolumes: +- name: ssh + projected: + defaultMode: 0644 + sources: + - configMap: + name: custom-configs + items: + - key: sshconfig + path: config + - secret: + name: custom-ssh-keys + items: + - key: id_ed25519 + path: id_ed25519 + mode: 0600 + - key: id_ed25519.pub + path: id_ed25519.pub +- name: gitconfig + configMap: + name: custom-configs + items: + - key: gitconfig + path: config + mode: 0644 + +extraVolumeMounts: +- name: ssh + mountPath: /root/.ssh +- name: gitconfig + mountPath: /root/.config/git +``` + +## Access private github.com repositories via developer token + +Another way to access private github repositories is via a github token, which +can be set via the environment variable `GITHUB_TOKEN`. Athens automatically +creates a `.netrc` file to access private github repositories. + +## Access private repositories via .netrc configuration + +As describe above, a `.netrc` file is responsible for the authentication via +HTTP. The file can also be defined via a custom secret and mounted into the home +directory of `root` for general authentication purpose. + +The example below describe the definition and mounting of a custom `.netrc` file +to access private repositories hosted on github and gitlab. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: custom-netrc +type: Opaque +stringData: + netrc: | + machine github.com login USERNAME password API-KEY + machine gitlab.com login USERNAME password API-KEY +``` + +The file must then be mounted via extraVolumes and extraVolumeMounts. + +```yaml +extraVolumes: +- name: netrc + secret: + secretName: custom-netrc + items: + - key: netrc + path: .netrc + mode: 0600 + +extraVolumeMounts: +- name: netrc + mountPath: /root +``` + +## Persistent storage + +Unlike the athens default, the default here is `disk` - i.e. the files are +written to the container. Therefore, it is advisable to outsource the +corresponding storage location to persistent storage. The following example +describes the integration of a persistent storage claim. + +```yaml +extraVolumes: +- name: gomodules + persistentVolumeClaim: + claimName: custom-gomodules-pvc + +extraVolumeMounts: +- name: gomodules + mountPath: /var/lib/athens +``` diff --git a/examples/configmap.yaml b/examples/configmap.yaml new file mode 100644 index 0000000..763c4b9 --- /dev/null +++ b/examples/configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-configs +data: + sshconfig: | + Host github.com + IdentifyFile /root/.ssh/id_ed25519 + StrictHostKeyChecking no + gitconfig: | + [url "git@github.com:"] + insteadOf = https://github.com/ \ No newline at end of file diff --git a/examples/secret.yaml b/examples/secret.yaml new file mode 100644 index 0000000..c7ea838 --- /dev/null +++ b/examples/secret.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Secret +metadata: + name: custom-ssh-keys +type: Opaque +stringData: + id_ed25519: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj + XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg + AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M + a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ== + -----END OPENSSH PRIVATE KEY----- + id_ed25519.pub: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe +--- +apiVersion: v1 +kind: Secret +metadata: + name: custom-netrc +type: Opaque +stringData: + netrc: | + machine github.com login USERNAME password API-KEY + machine gitlab.com login USERNAME password API-KEY \ No newline at end of file diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..6fa938b --- /dev/null +++ b/renovate.json @@ -0,0 +1,36 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "automergeStrategy": "merge-commit", + "automergeType": "pr", + "assignees": [ "volker.raschek" ], + "labels": [ "renovate" ], + "packageRules": [ + { + "addLabels": [ "renovate/athens-proxy", "renovate/automerge" ], + "automerge": true, + "matchManagers": "drone", + "matchUpdateTypes": [ "minor", "patch"] + }, + { + "addLabels": [ "renovate/athens-proxy", "renovate/automerge" ], + "automerge": false, + "matchPackageNames": [ "gomods/athens" ], + "matchManagers": [ "regex" ] + } + ], + "rebaseLabel": "renovate/rebase", + "rebaseWhen": "behind-base-branch", + "regexManagers": [ + { + "description": "Update container image reference", + "fileMatch": [ + "^Chart\\.yaml$" + ], + "matchStrings": [ + "appVersion: \"(?.*?)\"\\s+" + ], + "datasourceTemplate": "docker", + "depNameTemplate": "gomods/athens" + } + ] +} diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl new file mode 100644 index 0000000..dc9ff3c --- /dev/null +++ b/templates/_helpers.tpl @@ -0,0 +1,51 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "athens-proxy.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "athens-proxy.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "athens-proxy.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "athens-proxy.labels" -}} +helm.sh/chart: {{ include "athens-proxy.chart" . }} +{{ include "athens-proxy.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "athens-proxy.selectorLabels" -}} +app.kubernetes.io/name: {{ include "athens-proxy.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/templates/deployment.yaml b/templates/deployment.yaml new file mode 100644 index 0000000..491ee51 --- /dev/null +++ b/templates/deployment.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "athens-proxy.fullname" . }} + labels: + {{- include "athens-proxy.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "athens-proxy.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "athens-proxy.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: {{ .Chart.Name }} + envFrom: + - secretRef: + name: {{ include "athens-proxy.fullname" . }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:v{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + livenessProbe: + httpGet: + scheme: HTTP + path: /healthz + port: http + ports: + - name: http + containerPort: {{ .Values.config.ATHENS_PORT | default 3000 }} + protocol: TCP + readinessProbe: + httpGet: + scheme: HTTP + path: /healthz + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.podPriorityClassName }} + priorityClassName: {{ .Values.podPriorityClassName }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + serviceAccountName: {{ include "athens-proxy.fullname" . }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.extraVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/templates/ingress.yaml b/templates/ingress.yaml new file mode 100644 index 0000000..ac3c97e --- /dev/null +++ b/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "athens-proxy.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "athens-proxy.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/templates/secrets.yaml b/templates/secrets.yaml new file mode 100644 index 0000000..50614fb --- /dev/null +++ b/templates/secrets.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "athens-proxy.fullname" . }} +type: Opaque +stringData: + + {{- if not (hasKey .Values "config") -}} + {{- $_ := set .Values "config" dict -}} + {{- end -}} + + {{- if not (hasKey .Values.config "ATHENS_DISK_STORAGE_ROOT") -}} + {{- $_ := set .Values.config "ATHENS_DISK_STORAGE_ROOT" "/var/lib/athens" -}} + {{- end -}} + + {{- if not (hasKey .Values.config "ATHENS_STORAGE_TYPE") -}} + {{- $_ := set .Values.config "ATHENS_STORAGE_TYPE" "disk" -}} + {{- end -}} + + {{/* SETUP CONFIG */}} + {{ range $key, $value := .Values.config }} + {{ upper $key}}: {{ quote $value }} + {{ end }} \ No newline at end of file diff --git a/templates/service.yaml b/templates/service.yaml new file mode 100644 index 0000000..0de41ac --- /dev/null +++ b/templates/service.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "athens-proxy.labels" . | nindent 4 }} + name: {{ include "athens-proxy.fullname" . }} +spec: + {{- with .Values.service.externalIPs }} + externalIPs: + {{- toYaml . | nindent 2 }} + {{- end }} + {{- if .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} + {{- end }} + {{- if and .Values.service.loadBalancerClass (eq .Values.service.type "LoadBalancer") }} + loadBalancerClass: {{ .Values.service.loadBalancerClass }} + {{- end }} + {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- with .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml . | nindent 2 }} + {{- end }} + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + protocol: TCP + name: {{ .Values.service.name }} + selector: + {{- include "athens-proxy.selectorLabels" . | nindent 4 }} diff --git a/templates/serviceAccount.yaml b/templates/serviceAccount.yaml new file mode 100644 index 0000000..e4e03da --- /dev/null +++ b/templates/serviceAccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "athens-proxy.labels" . | nindent 4 }} + name: {{ include "athens-proxy.fullname" . }} \ No newline at end of file diff --git a/templates/tests/test-connection.yaml b/templates/tests/test-connection.yaml new file mode 100644 index 0000000..707965a --- /dev/null +++ b/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "athens-proxy.fullname" . }}-test-connection" + labels: + {{- include "athens-proxy.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "athens-proxy.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..10d6d20 --- /dev/null +++ b/values.yaml @@ -0,0 +1,187 @@ +affinity: {} + +image: + repository: docker.io/gomods/athens + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +podAnnotations: {} + +podPriorityClassName: "" + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +config: {} + # ATHENS_AZURE_ACCOUNT_KEY: + # ATHENS_AZURE_ACCOUNT_NAME: + # ATHENS_AZURE_CONTAINER_NAME: + # ATHENS_CLOUD_RUNTIME: + # ATHENS_DOWNLOAD_MODE: + # ATHENS_DOWNLOAD_URL: + # ATHENS_ETCD_ENDPOINTS: + # ATHENS_EXTERNAL_STORAGE_URL: + # ATHENS_FILTER_FILE: + # ATHENS_GITHUB_TOKEN: + # ATHENS_GLOBAL_ENDPOINT: + # ATHENS_GO_BINARY_ENV_VARS: + # ATHENS_GOGET_DIR: + # ATHENS_GOGET_WORKERS: + # ATHENS_GONOSUM_PATTERNS: + # ATHENS_HGRC_PATH: + # ATHENS_INDEX_MYSQL_DATABASE: + # ATHENS_INDEX_MYSQL_HOST: + # ATHENS_INDEX_MYSQL_PARAMS: + # ATHENS_INDEX_MYSQL_PASSWORD: + # ATHENS_INDEX_MYSQL_PORT: + # ATHENS_INDEX_MYSQL_PROTOCOL: + # ATHENS_INDEX_MYSQL_USER: + # ATHENS_INDEX_POSTGRES_DATABASE: + # ATHENS_INDEX_POSTGRES_HOST: + # ATHENS_INDEX_POSTGRES_PARAMS: + # ATHENS_INDEX_POSTGRES_PASSWORD: + # ATHENS_INDEX_POSTGRES_PORT: + # ATHENS_INDEX_POSTGRES_USER: + # ATHENS_INDEX_TYPE: + # ATHENS_LOG_LEVEL: + # ATHENS_MINIO_ACCESS_KEY_ID: + # ATHENS_MINIO_BUCKET_NAME: + # ATHENS_MINIO_ENDPOINT: + # ATHENS_MINIO_REGION: + # ATHENS_MINIO_SECRET_ACCESS_KEY: + # ATHENS_MINIO_USE_SSL: + # ATHENS_MONGO_CERT_PATH: + # ATHENS_MONGO_DEFAULT_DATABASE: + # ATHENS_MONGO_INSECURE: + # ATHENS_MONGO_STORAGE_URL: + # ATHENS_NETRC_PATH: + # ATHENS_PATH_PREFIX: + # ATHENS_PORT: + # ATHENS_PROTOCOL_WORKERS: + # ATHENS_PROXY_VALIDATOR: + # ATHENS_REDIS_ENDPOINT: + # ATHENS_REDIS_PASSWORD: + # ATHENS_REDIS_SENTINEL_ENDPOINTS: + # ATHENS_ROBOTS_FILE: + # ATHENS_SINGLE_FLIGHT_TYPE: + # ATHENS_STATS_EXPORTER: + # ATHENS_STORAGE_GCP_BUCKET: + # ATHENS_STORAGE_GCP_JSON_KEY: + # ATHENS_STORAGE_TYPE: + # ATHENS_SUM_DBS: + # ATHENS_TIMEOUT: + # ATHENS_TLSCERT_FILE: + # ATHENS_TLSKEY_FILE: + # ATHENS_TRACE_EXPORTER_URL: + # ATHENS_TRACE_EXPORTER: + # AWS_ACCESS_KEY_ID: + # AWS_ENDPOINT: + # AWS_FORCE_PATH_STYLE: + # AWS_REGION: + # AWS_SECRET_ACCESS_KEY: + # AWS_SESSION_TOKEN: + # BASIC_AUTH_PASS: + # BASIC_AUTH_USER: + # CDN_ENDPOINT: + # GO_BINARY_PATH: + # GO_ENV: + # GOOGLE_CLOUD_PROJECT: + # MY_S3_BUCKET_NAME: + # PROXY_FORCE_SSL: + +replicaCount: 1 + +serviceAccount: + annotations: {} + +service: + annotations: {} + # externalIPs: [] + # externalTrafficPolicy: "Cluster" + # loadBalancerClass: "" + # loadBalancerIP: "" + # loadBalancerSourceRanges: [] + # internalTrafficPolicy: "Cluster" + name: http + targetPort: 3000 + type: ClusterIP + port: 3000 + +ingress: + enabled: false + className: "nginx" + annotations: {} + # kubernetes.io/ingress.class: nginx + # cert-manager.io/issuer: + # kubernetes.io/tls-acme: "true" + hosts: + - host: "your-hostname" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: "your-tls-secret" + hosts: + - "your-hostname" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + kubernetes.io/arch: amd64 + +tolerations: [] + +# extra volumes for the pod +extraVolumes: {} +# The following example mount the same secret, which contains tls certificates +# under different names. Each volume mount contains only selected items of the +# secret. This make it easier to place the items on different locations inside the +# container filesystem via extraVolumeMounts. +# - name: custom-ca-anchor +# secret: +# secretName: athens-proxy-custom-tls-certificates +# items: +# - key: ca.crt +# path: ca.crt +# mode: 0444 +# - name: custom-tls-certificates +# secret: +# secretName: athens-proxy-custom-tls-certificates +# items: +# - key: tls.key +# path: tls.key +# mode: 0400 +# - key: tls.crt +# path: tls.crt +# mode: 0444 + +extraVolumeMounts: {} +# The following example follows the example of extraVolumes and mounts the +# volumes to the corresponding paths in the container filesystem. +# - name: custom-ca-anchor +# mountPath: /usr/local/share/ca-certificates +# - name: custom-tls-certificates +# mountPath: /etc/athens-proxy/tls