volker.raschek/athens-proxy-charts
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(pod): add switch to enable checksum annotation
All checks were successful
Generate README / generate-parameters (push) Successful in 9s
Details
Helm / helm-lint (push) Successful in 10s
Details
Helm / helm-unittest (push) Successful in 8s
Details
Markdown linter / markdown-lint (push) Successful in 10s
Details
Markdown linter / markdown-link-checker (push) Successful in 30s
Details
Release / publish-chart (push) Successful in 21s
Details

Browse Source 
Depending on the environment or tooling in which the chart is deployed, you may
or may not want to have the checksum annotation.

In the past, these were enforced. The default remains that the checksum
annotation is added. It now only contains a switch that allows you to optionally
disable it.
This commit is contained in:
Markus Pesch
2025-11-30 15:04:35 +01:00
parent c5dcab2be1
commit 9f7b549b9b
8 changed files with 322 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
templates/_pod.tpl
View File

@@ -4,29 +4,65 @@
{{- define "athens-proxy.pod.annotations" }}
{{- include "athens-proxy.annotations" . }}
{{- if and .Values.certificate.enabled }}
{{- if and .Values.certificate.enabled .Values.certificate.addSHASumAnnotation }}
{{- $secretName := include "athens-proxy.certificates.server.name" $ }}
{{- if and .Values.certificate.existingSecret.enabled (gt (len .Values.certificate.existingSecret.secretName) 0) }}
{{- $secretName = .Values.certificate.existingSecret.secretName }}
{{- end }}
{{- $secret := lookup "v1" "Secret" .Release.Namespace $secretName }}
{{ printf "checksum/secret-%s: %s" $secretName ($secret | toYaml | sha256sum) }}
{{- $secret := lookup "v1" "Secret" .Release.Namespace $secretName | toYaml }}
{{ printf "checksum/secret-%s: %s" $secretName ($secret | sha256sum) }}
{{- end }}
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }}
{{- if and .Values.config.env.enabled .Values.config.env.addSHASumAnnotation }}
{{- $secretName := include "athens-proxy.secrets.env.name" $ }}
{{- $secret := include (print $.Template.BasePath "/secretEnv.yaml") $ }}
{{- if and .Values.config.env.existingSecret.enabled (gt (len .Values.config.env.existingSecret.secretName) 0) }}
{{- $secretName = .Values.config.env.existingSecret.secretName }}
{{- $secret := lookup "v1" "Secret" .Release.Namespace $secretName | toYaml }}
{{- end }}
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }}
{{ printf "checksum/secret-%s: %s" $secretName ($secret | sha256sum) }}
{{- end }}
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }}
{{- if and .Values.config.downloadMode.enabled .Values.config.downloadMode.addSHASumAnnotation }}
{{- $configMapName := include "athens-proxy.configMap.downloadMode.name" $ }}
{{- $configMap := include (print $.Template.BasePath "/configMapDownloadMode.yaml") . }}
{{- if and .Values.config.downloadMode.existingConfigMap.enabled (gt (len .Values.config.downloadMode.existingConfigMap.configMapName) 0) }}
{{- $configMapName = .Values.config.downloadMode.existingConfigMap.configMapName }}
{{- $configMap := lookup "v1" "ConfigMap" .Release.Namespace $configMapName | toYaml }}
{{- end }}
{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }}
{{ printf "checksum/config-map-%s: %s" $configMapName ($configMap | sha256sum) }}
{{- end }}
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }}
{{- if and .Values.config.gitConfig.enabled .Values.config.gitConfig.addSHASumAnnotation }}
{{- $configMapName := include "athens-proxy.configMap.gitConfig.name" $ }}
{{- $configMap := include (print $.Template.BasePath "/configMapGitConfig.yaml") . }}
{{- if and .Values.config.gitConfig.existingConfigMap.enabled (gt (len .Values.config.gitConfig.existingConfigMap.configMapName) 0) }}
{{- $configMapName = .Values.config.gitConfig.existingConfigMap.configMapName }}
{{- $configMap := lookup "v1" "ConfigMap" .Release.Namespace $configMapName | toYaml }}
{{- end }}
{{ printf "checksum/config-map-%s: %s" $configMapName ($configMap | sha256sum) }}
{{- end }}
{{- if and .Values.config.netrc.enabled .Values.config.netrc.addSHASumAnnotation }}
{{- $secretName := include "athens-proxy.secrets.netrc.name" $ }}
{{- $secret := include (print $.Template.BasePath "/secretNetRC.yaml") $ }}
{{- if and .Values.config.netrc.existingSecret.enabled (gt (len .Values.config.netrc.existingSecret.secretName) 0) }}
{{- $secretName = .Values.config.netrc.existingSecret.secretName }}
{{- $secret := lookup "v1" "Secret" .Release.Namespace $secretName | toYaml }}
{{- end }}
{{ printf "checksum/secret-%s: %s" $secretName ($secret | sha256sum) }}
{{- end }}
{{- if and .Values.config.ssh.enabled .Values.config.ssh.addSHASumAnnotation }}
{{- $secretName := include "athens-proxy.secrets.ssh.name" $ }}
{{- $secret := include (print $.Template.BasePath "/secretSSH.yaml") $ }}
{{- if and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.secretName) 0) }}
{{- $secretName = .Values.config.ssh.existingSecret.secretName }}
{{- $secret := lookup "v1" "Secret" .Release.Namespace $secretName | toYaml }}
{{- end }}
{{ printf "checksum/secret-%s: %s" $secretName ($secret | sha256sum) }}
{{- end }}
{{- end }}
{{/* labels */}}