From 64e21d43ab6d2cda810c082d6e494fe7128af15c Mon Sep 17 00:00:00 2001 From: Markus Pesch Date: Sat, 21 May 2022 11:09:39 +0200 Subject: [PATCH] Initial Commit --- .drone.yml | 83 ++++++++++++ .editorconfig | 12 ++ .gitignore | 3 + .helmignore | 32 +++++ .markdownlint.yaml | 144 +++++++++++++++++++++ Chart.yaml | 22 ++++ LICENSE | 13 ++ README.md | 167 ++++++++++++++++++++++++ examples/configmap.yaml | 12 ++ examples/secret.yaml | 26 ++++ renovate.json | 36 ++++++ templates/_helpers.tpl | 51 ++++++++ templates/deployment.yaml | 74 +++++++++++ templates/ingress.yaml | 61 +++++++++ templates/secrets.yaml | 23 ++++ templates/service.yaml | 36 ++++++ templates/serviceAccount.yaml | 10 ++ templates/tests/test-connection.yaml | 15 +++ values.yaml | 187 +++++++++++++++++++++++++++ 19 files changed, 1007 insertions(+) create mode 100644 .drone.yml create mode 100644 .editorconfig create mode 100644 .gitignore create mode 100644 .helmignore create mode 100644 .markdownlint.yaml create mode 100644 Chart.yaml create mode 100644 LICENSE create mode 100644 README.md create mode 100644 examples/configmap.yaml create mode 100644 examples/secret.yaml create mode 100644 renovate.json create mode 100644 templates/_helpers.tpl create mode 100644 templates/deployment.yaml create mode 100644 templates/ingress.yaml create mode 100644 templates/secrets.yaml create mode 100644 templates/service.yaml create mode 100644 templates/serviceAccount.yaml create mode 100644 templates/tests/test-connection.yaml create mode 100644 values.yaml diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..cfca5de --- /dev/null +++ b/.drone.yml @@ -0,0 +1,83 @@ +--- +kind: pipeline +type: kubernetes +name: linter + +platform: + os: linux + arch: amd64 + +steps: +- name: helm lint + commands: + - helm lint + image: docker.io/volkerraschek/helm:3.8.0 + resources: + limits: + cpu: 150 + memory: 150M + +- name: markdown lint + commands: + - markdownlint *.md + image: docker.io/volkerraschek/markdownlint:0.30.0 + resources: + limits: + cpu: 150 + memory: 150M + +- name: email-notification + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + image: docker.io/drillster/drone-email:latest + resources: + limits: + cpu: 50 + memory: 25M + when: + status: + - changed + - failure + +trigger: + event: + exclude: + - tag + +--- +kind: pipeline +type: kubernetes +name: release + +platform: + os: linux + +steps: +- name: release-helm-chart + commands: + - helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek + - helm package --version ${DRONE_TAG} . + - helm cm-push ${DRONE_REPO_NAME%-charts}-${DRONE_TAG}.tgz volker.raschek + environment: + HELM_REPO_PASSWORD: + from_secret: helm_repo_password + HELM_REPO_USERNAME: + from_secret: helm_repo_username + image: docker.io/volkerraschek/helm:3.8.0 + resources: + limits: + cpu: 150 + memory: 150M + +trigger: + event: + - tag + repo: + - volker.raschek/drone-charts diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..1166a4a --- /dev/null +++ b/.editorconfig @@ -0,0 +1,12 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = false \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cdcaed9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.tgz +values2.yml +values2.yaml \ No newline at end of file diff --git a/.helmignore b/.helmignore new file mode 100644 index 0000000..22b5ff9 --- /dev/null +++ b/.helmignore @@ -0,0 +1,32 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# drone +.drone.yml +# markdownlint +.markdownlint.yaml +# customized values +values2.yml +values2.yaml +# helm packages +*.tgz \ No newline at end of file diff --git a/.markdownlint.yaml b/.markdownlint.yaml new file mode 100644 index 0000000..3406b43 --- /dev/null +++ b/.markdownlint.yaml @@ -0,0 +1,144 @@ +# markdownlint YAML configuration +# https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml + +# Default state for all rules +default: true + +# Path to configuration file to extend +extends: null + +# MD003/heading-style/header-style - Heading style +MD003: + # Heading style + style: "atx" + +# MD004/ul-style - Unordered list style +MD004: + style: "dash" + +# MD007/ul-indent - Unordered list indentation +MD007: + # Spaces for indent + indent: 2 + # Whether to indent the first level of the list + start_indented: false + +# MD009/no-trailing-spaces - Trailing spaces +MD009: + # Spaces for line break + br_spaces: 2 + # Allow spaces for empty lines in list items + list_item_empty_lines: false + # Include unnecessary breaks + strict: false + +# MD010/no-hard-tabs - Hard tabs +MD010: + # Include code blocks + code_blocks: true + +# MD012/no-multiple-blanks - Multiple consecutive blank lines +MD012: + # Consecutive blank lines + maximum: 1 + +# MD013/line-length - Line length +MD013: + # Number of characters + line_length: 80 + # Number of characters for headings + heading_line_length: 80 + # Number of characters for code blocks + code_block_line_length: 80 + # Include code blocks + code_blocks: false + # Include tables + tables: false + # Include headings + headings: true + # Include headings + headers: true + # Strict length checking + strict: false + # Stern length checking + stern: false + +# MD022/blanks-around-headings/blanks-around-headers - Headings should be surrounded by blank lines +MD022: + # Blank lines above heading + lines_above: 1 + # Blank lines below heading + lines_below: 1 + +# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content +MD024: + # Only check sibling headings + allow_different_nesting: true + +# MD025/single-title/single-h1 - Multiple top-level headings in the same document +MD025: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD026/no-trailing-punctuation - Trailing punctuation in heading +MD026: + # Punctuation characters + punctuation: ".,;:!。,;:!" + +# MD029/ol-prefix - Ordered list item prefix +MD029: + # List style + style: "one_or_ordered" + +# MD030/list-marker-space - Spaces after list markers +MD030: + # Spaces for single-line unordered list items + ul_single: 1 + # Spaces for single-line ordered list items + ol_single: 1 + # Spaces for multi-line unordered list items + ul_multi: 1 + # Spaces for multi-line ordered list items + ol_multi: 1 + +# MD033/no-inline-html - Inline HTML +MD033: + # Allowed elements + allowed_elements: [] + +# MD035/hr-style - Horizontal rule style +MD035: + # Horizontal rule style + style: "---" + +# MD036/no-emphasis-as-heading/no-emphasis-as-header - Emphasis used instead of a heading +MD036: + # Punctuation characters + punctuation: ".,;:!?。,;:!?" + +# MD041/first-line-heading/first-line-h1 - First line in a file should be a top-level heading +MD041: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD044/proper-names - Proper names should have the correct capitalization +MD044: + # List of proper names + names: + - gitea + # Include code blocks + code_blocks: false + +# MD046/code-block-style - Code block style +MD046: + # Block style + style: "fenced" + +# MD048/code-fence-style - Code fence style +MD048: + # Code fence syle + style: "backtick" \ No newline at end of file diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..aced3df --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +name: athens-proxy +description: Athens proxy server for golang +type: application +version: "0.1.0" +appVersion: "0.11.0" +icon: https://github.com/gomods/athens/blob/main/docs/static/banner.png?raw=true + +keywords: +- golang +- athens +- gomod +- go-proxy + +sources: +- https://github.com/volker-raschek/athens-proxy-charts +- https://github.com/gomods/athens +- https://hub.docker.com/r/gomods/athens + +maintainers: +- name: Markus Pesch + email: markus.pesch+apps@cryptic.systems diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..9ce8f76 --- /dev/null +++ b/LICENSE @@ -0,0 +1,13 @@ +Copyright 2022 Markus Pesch + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..30c1617 --- /dev/null +++ b/README.md @@ -0,0 +1,167 @@ +# athens-proxy-charts + +[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/athens-proxy-charts/status.svg)](https://drone.cryptic.systems/volker.raschek/athens-proxy-charts) +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek) + +This is an inofficial helm chart of the go-proxy +[athens](https://github.com/gomods/athens) which supports more complex +configuration options. + +This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and +can be installed via helm. + +```bash +helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek +helm install athens-proxy volker.raschek/athens-proxy +``` + +## Customization + +The complete deployment can be adapted via the `values.yaml` files. The +configuration of the proxy can be done via the environment variables described +below or via mounting the config.toml as additional persistent volume to +`/config/config.toml` + +## Access private repositories via SSH + +Create a `configmap.yaml` with multiple keys. One key describe the content of +the `.gitconfig` file and another of `config` of the ssh client. All requests +git clone comands with the prefix `http://github.com/` will be replaced by +`git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a +separate secret. + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-configs +data: + sshconfig: | + Host github.com + IdentifyFile /root/.ssh/id_ed25519 + StrictHostKeyChecking no + gitconfig: | + [url "git@github.com:"] + insteadOf = https://github.com/ +``` + +The secret definition below contains the SSH private and public key. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: custom-ssh-keys +type: Opaque +stringData: + id_ed25519: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj + XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg + AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M + a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ== + -----END OPENSSH PRIVATE KEY----- + id_ed25519.pub: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe +``` + +The item `config` of the configmap will be merged with the items of the secret +as virtual volume. This volume can than be mounted with special permissions +required for the ssh client. + +```yaml +extraVolumes: +- name: ssh + projected: + defaultMode: 0644 + sources: + - configMap: + name: custom-configs + items: + - key: sshconfig + path: config + - secret: + name: custom-ssh-keys + items: + - key: id_ed25519 + path: id_ed25519 + mode: 0600 + - key: id_ed25519.pub + path: id_ed25519.pub +- name: gitconfig + configMap: + name: custom-configs + items: + - key: gitconfig + path: config + mode: 0644 + +extraVolumeMounts: +- name: ssh + mountPath: /root/.ssh +- name: gitconfig + mountPath: /root/.config/git +``` + +## Access private github.com repositories via developer token + +Another way to access private github repositories is via a github token, which +can be set via the environment variable `GITHUB_TOKEN`. Athens automatically +creates a `.netrc` file to access private github repositories. + +## Access private repositories via .netrc configuration + +As describe above, a `.netrc` file is responsible for the authentication via +HTTP. The file can also be defined via a custom secret and mounted into the home +directory of `root` for general authentication purpose. + +The example below describe the definition and mounting of a custom `.netrc` file +to access private repositories hosted on github and gitlab. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: custom-netrc +type: Opaque +stringData: + netrc: | + machine github.com login USERNAME password API-KEY + machine gitlab.com login USERNAME password API-KEY +``` + +The file must then be mounted via extraVolumes and extraVolumeMounts. + +```yaml +extraVolumes: +- name: netrc + secret: + secretName: custom-netrc + items: + - key: netrc + path: .netrc + mode: 0600 + +extraVolumeMounts: +- name: netrc + mountPath: /root +``` + +## Persistent storage + +Unlike the athens default, the default here is `disk` - i.e. the files are +written to the container. Therefore, it is advisable to outsource the +corresponding storage location to persistent storage. The following example +describes the integration of a persistent storage claim. + +```yaml +extraVolumes: +- name: gomodules + persistentVolumeClaim: + claimName: custom-gomodules-pvc + +extraVolumeMounts: +- name: gomodules + mountPath: /var/lib/athens +``` diff --git a/examples/configmap.yaml b/examples/configmap.yaml new file mode 100644 index 0000000..763c4b9 --- /dev/null +++ b/examples/configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-configs +data: + sshconfig: | + Host github.com + IdentifyFile /root/.ssh/id_ed25519 + StrictHostKeyChecking no + gitconfig: | + [url "git@github.com:"] + insteadOf = https://github.com/ \ No newline at end of file diff --git a/examples/secret.yaml b/examples/secret.yaml new file mode 100644 index 0000000..c7ea838 --- /dev/null +++ b/examples/secret.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Secret +metadata: + name: custom-ssh-keys +type: Opaque +stringData: + id_ed25519: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj + XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg + AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M + a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ== + -----END OPENSSH PRIVATE KEY----- + id_ed25519.pub: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe +--- +apiVersion: v1 +kind: Secret +metadata: + name: custom-netrc +type: Opaque +stringData: + netrc: | + machine github.com login USERNAME password API-KEY + machine gitlab.com login USERNAME password API-KEY \ No newline at end of file diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..6fa938b --- /dev/null +++ b/renovate.json @@ -0,0 +1,36 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "automergeStrategy": "merge-commit", + "automergeType": "pr", + "assignees": [ "volker.raschek" ], + "labels": [ "renovate" ], + "packageRules": [ + { + "addLabels": [ "renovate/athens-proxy", "renovate/automerge" ], + "automerge": true, + "matchManagers": "drone", + "matchUpdateTypes": [ "minor", "patch"] + }, + { + "addLabels": [ "renovate/athens-proxy", "renovate/automerge" ], + "automerge": false, + "matchPackageNames": [ "gomods/athens" ], + "matchManagers": [ "regex" ] + } + ], + "rebaseLabel": "renovate/rebase", + "rebaseWhen": "behind-base-branch", + "regexManagers": [ + { + "description": "Update container image reference", + "fileMatch": [ + "^Chart\\.yaml$" + ], + "matchStrings": [ + "appVersion: \"(?.*?)\"\\s+" + ], + "datasourceTemplate": "docker", + "depNameTemplate": "gomods/athens" + } + ] +} diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl new file mode 100644 index 0000000..dc9ff3c --- /dev/null +++ b/templates/_helpers.tpl @@ -0,0 +1,51 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "athens-proxy.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "athens-proxy.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "athens-proxy.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "athens-proxy.labels" -}} +helm.sh/chart: {{ include "athens-proxy.chart" . }} +{{ include "athens-proxy.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "athens-proxy.selectorLabels" -}} +app.kubernetes.io/name: {{ include "athens-proxy.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/templates/deployment.yaml b/templates/deployment.yaml new file mode 100644 index 0000000..491ee51 --- /dev/null +++ b/templates/deployment.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "athens-proxy.fullname" . }} + labels: + {{- include "athens-proxy.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "athens-proxy.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "athens-proxy.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: {{ .Chart.Name }} + envFrom: + - secretRef: + name: {{ include "athens-proxy.fullname" . }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:v{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + livenessProbe: + httpGet: + scheme: HTTP + path: /healthz + port: http + ports: + - name: http + containerPort: {{ .Values.config.ATHENS_PORT | default 3000 }} + protocol: TCP + readinessProbe: + httpGet: + scheme: HTTP + path: /healthz + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.podPriorityClassName }} + priorityClassName: {{ .Values.podPriorityClassName }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + serviceAccountName: {{ include "athens-proxy.fullname" . }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.extraVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/templates/ingress.yaml b/templates/ingress.yaml new file mode 100644 index 0000000..ac3c97e --- /dev/null +++ b/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "athens-proxy.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "athens-proxy.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/templates/secrets.yaml b/templates/secrets.yaml new file mode 100644 index 0000000..50614fb --- /dev/null +++ b/templates/secrets.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "athens-proxy.fullname" . }} +type: Opaque +stringData: + + {{- if not (hasKey .Values "config") -}} + {{- $_ := set .Values "config" dict -}} + {{- end -}} + + {{- if not (hasKey .Values.config "ATHENS_DISK_STORAGE_ROOT") -}} + {{- $_ := set .Values.config "ATHENS_DISK_STORAGE_ROOT" "/var/lib/athens" -}} + {{- end -}} + + {{- if not (hasKey .Values.config "ATHENS_STORAGE_TYPE") -}} + {{- $_ := set .Values.config "ATHENS_STORAGE_TYPE" "disk" -}} + {{- end -}} + + {{/* SETUP CONFIG */}} + {{ range $key, $value := .Values.config }} + {{ upper $key}}: {{ quote $value }} + {{ end }} \ No newline at end of file diff --git a/templates/service.yaml b/templates/service.yaml new file mode 100644 index 0000000..0de41ac --- /dev/null +++ b/templates/service.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "athens-proxy.labels" . | nindent 4 }} + name: {{ include "athens-proxy.fullname" . }} +spec: + {{- with .Values.service.externalIPs }} + externalIPs: + {{- toYaml . | nindent 2 }} + {{- end }} + {{- if .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} + {{- end }} + {{- if and .Values.service.loadBalancerClass (eq .Values.service.type "LoadBalancer") }} + loadBalancerClass: {{ .Values.service.loadBalancerClass }} + {{- end }} + {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- with .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml . | nindent 2 }} + {{- end }} + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + protocol: TCP + name: {{ .Values.service.name }} + selector: + {{- include "athens-proxy.selectorLabels" . | nindent 4 }} diff --git a/templates/serviceAccount.yaml b/templates/serviceAccount.yaml new file mode 100644 index 0000000..e4e03da --- /dev/null +++ b/templates/serviceAccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "athens-proxy.labels" . | nindent 4 }} + name: {{ include "athens-proxy.fullname" . }} \ No newline at end of file diff --git a/templates/tests/test-connection.yaml b/templates/tests/test-connection.yaml new file mode 100644 index 0000000..707965a --- /dev/null +++ b/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "athens-proxy.fullname" . }}-test-connection" + labels: + {{- include "athens-proxy.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "athens-proxy.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..10d6d20 --- /dev/null +++ b/values.yaml @@ -0,0 +1,187 @@ +affinity: {} + +image: + repository: docker.io/gomods/athens + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +podAnnotations: {} + +podPriorityClassName: "" + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +config: {} + # ATHENS_AZURE_ACCOUNT_KEY: + # ATHENS_AZURE_ACCOUNT_NAME: + # ATHENS_AZURE_CONTAINER_NAME: + # ATHENS_CLOUD_RUNTIME: + # ATHENS_DOWNLOAD_MODE: + # ATHENS_DOWNLOAD_URL: + # ATHENS_ETCD_ENDPOINTS: + # ATHENS_EXTERNAL_STORAGE_URL: + # ATHENS_FILTER_FILE: + # ATHENS_GITHUB_TOKEN: + # ATHENS_GLOBAL_ENDPOINT: + # ATHENS_GO_BINARY_ENV_VARS: + # ATHENS_GOGET_DIR: + # ATHENS_GOGET_WORKERS: + # ATHENS_GONOSUM_PATTERNS: + # ATHENS_HGRC_PATH: + # ATHENS_INDEX_MYSQL_DATABASE: + # ATHENS_INDEX_MYSQL_HOST: + # ATHENS_INDEX_MYSQL_PARAMS: + # ATHENS_INDEX_MYSQL_PASSWORD: + # ATHENS_INDEX_MYSQL_PORT: + # ATHENS_INDEX_MYSQL_PROTOCOL: + # ATHENS_INDEX_MYSQL_USER: + # ATHENS_INDEX_POSTGRES_DATABASE: + # ATHENS_INDEX_POSTGRES_HOST: + # ATHENS_INDEX_POSTGRES_PARAMS: + # ATHENS_INDEX_POSTGRES_PASSWORD: + # ATHENS_INDEX_POSTGRES_PORT: + # ATHENS_INDEX_POSTGRES_USER: + # ATHENS_INDEX_TYPE: + # ATHENS_LOG_LEVEL: + # ATHENS_MINIO_ACCESS_KEY_ID: + # ATHENS_MINIO_BUCKET_NAME: + # ATHENS_MINIO_ENDPOINT: + # ATHENS_MINIO_REGION: + # ATHENS_MINIO_SECRET_ACCESS_KEY: + # ATHENS_MINIO_USE_SSL: + # ATHENS_MONGO_CERT_PATH: + # ATHENS_MONGO_DEFAULT_DATABASE: + # ATHENS_MONGO_INSECURE: + # ATHENS_MONGO_STORAGE_URL: + # ATHENS_NETRC_PATH: + # ATHENS_PATH_PREFIX: + # ATHENS_PORT: + # ATHENS_PROTOCOL_WORKERS: + # ATHENS_PROXY_VALIDATOR: + # ATHENS_REDIS_ENDPOINT: + # ATHENS_REDIS_PASSWORD: + # ATHENS_REDIS_SENTINEL_ENDPOINTS: + # ATHENS_ROBOTS_FILE: + # ATHENS_SINGLE_FLIGHT_TYPE: + # ATHENS_STATS_EXPORTER: + # ATHENS_STORAGE_GCP_BUCKET: + # ATHENS_STORAGE_GCP_JSON_KEY: + # ATHENS_STORAGE_TYPE: + # ATHENS_SUM_DBS: + # ATHENS_TIMEOUT: + # ATHENS_TLSCERT_FILE: + # ATHENS_TLSKEY_FILE: + # ATHENS_TRACE_EXPORTER_URL: + # ATHENS_TRACE_EXPORTER: + # AWS_ACCESS_KEY_ID: + # AWS_ENDPOINT: + # AWS_FORCE_PATH_STYLE: + # AWS_REGION: + # AWS_SECRET_ACCESS_KEY: + # AWS_SESSION_TOKEN: + # BASIC_AUTH_PASS: + # BASIC_AUTH_USER: + # CDN_ENDPOINT: + # GO_BINARY_PATH: + # GO_ENV: + # GOOGLE_CLOUD_PROJECT: + # MY_S3_BUCKET_NAME: + # PROXY_FORCE_SSL: + +replicaCount: 1 + +serviceAccount: + annotations: {} + +service: + annotations: {} + # externalIPs: [] + # externalTrafficPolicy: "Cluster" + # loadBalancerClass: "" + # loadBalancerIP: "" + # loadBalancerSourceRanges: [] + # internalTrafficPolicy: "Cluster" + name: http + targetPort: 3000 + type: ClusterIP + port: 3000 + +ingress: + enabled: false + className: "nginx" + annotations: {} + # kubernetes.io/ingress.class: nginx + # cert-manager.io/issuer: + # kubernetes.io/tls-acme: "true" + hosts: + - host: "your-hostname" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: "your-tls-secret" + hosts: + - "your-hostname" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + kubernetes.io/arch: amd64 + +tolerations: [] + +# extra volumes for the pod +extraVolumes: {} +# The following example mount the same secret, which contains tls certificates +# under different names. Each volume mount contains only selected items of the +# secret. This make it easier to place the items on different locations inside the +# container filesystem via extraVolumeMounts. +# - name: custom-ca-anchor +# secret: +# secretName: athens-proxy-custom-tls-certificates +# items: +# - key: ca.crt +# path: ca.crt +# mode: 0444 +# - name: custom-tls-certificates +# secret: +# secretName: athens-proxy-custom-tls-certificates +# items: +# - key: tls.key +# path: tls.key +# mode: 0400 +# - key: tls.crt +# path: tls.crt +# mode: 0444 + +extraVolumeMounts: {} +# The following example follows the example of extraVolumes and mounts the +# volumes to the corresponding paths in the container filesystem. +# - name: custom-ca-anchor +# mountPath: /usr/local/share/ca-certificates +# - name: custom-tls-certificates +# mountPath: /etc/athens-proxy/tls