volker.raschek/athens-proxy-charts
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(pod): add switch to enable checksum annotation
All checks were successful
Generate README / generate-parameters (push) Successful in 9s
Details
Helm / helm-lint (push) Successful in 10s
Details
Helm / helm-unittest (push) Successful in 8s
Details
Markdown linter / markdown-lint (push) Successful in 10s
Details
Markdown linter / markdown-link-checker (push) Successful in 30s
Details
Release / publish-chart (push) Successful in 21s
Details

Browse Source 
Depending on the environment or tooling in which the chart is deployed, you may
or may not want to have the checksum annotation.

In the past, these were enforced. The default remains that the checksum
annotation is added. It now only contains a switch that allows you to optionally
disable it.
This commit is contained in:
Markus Pesch
2025-11-30 15:04:35 +01:00
parent c5dcab2be1
commit 9f7b549b9b
8 changed files with 322 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
unittests/deployment/downloadMode.yaml
View File

@@ -40,6 +40,7 @@ tests:
- it: Rendering default with mounted gitconfig configMap
set:
config.downloadMode.enabled: true
config.downloadMode.addSHASumAnnotation: true
persistence.enabled: true
asserts:
- exists:
@@ -69,16 +70,87 @@ tests:
name: athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- it: Rendering default with mounted gitconfig configMap
set:
config.downloadMode.enabled: true
config.downloadMode.addSHASumAnnotation: false
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: download-mode
mountPath: /etc/athens/config/download-mode.d
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: download-mode
configMap:
items:
- key: downloadMode
mode: 0644
path: download-mode
name: athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- it: Rendering with custom download mode configMap
set:
config.downloadMode.enabled: true
config.downloadMode.addSHASumAnnotation: true
config.downloadMode.existingConfigMap.enabled: true
config.downloadMode.existingConfigMap.configMapName: "my-custom-configmap"
config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key"
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/config-map-my-custom-configmap
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: download-mode
mountPath: /etc/athens/config/download-mode.d
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: download-mode
configMap:
items:
- key: "my-custom-download-mode-filename-key"
path: "download-mode"
mode: 0644
name: my-custom-configmap
template: templates/deployment.yaml
- it: Rendering with custom download mode configMap, but without sha sum annotation
set:
config.downloadMode.enabled: true
config.downloadMode.addSHASumAnnotation: false
config.downloadMode.existingConfigMap.enabled: true
config.downloadMode.existingConfigMap.configMapName: "my-custom-configmap"
config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
path: spec.template.metadata.annotations.checksum/config-map-my-custom-configmap
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env

37
unittests/deployment/env.yaml
View File

@@ -35,10 +35,10 @@ tests:
name: athens-proxy-unittest-env
template: templates/deployment.yaml
- it: Rendering default with mounted env secret
- it: Rendering default with mounted env secret, but without sha sum annotation
set:
config.env.enabled: true
config.env.existingSecret.enabled: true
config.env.addSHASumAnnotation: false
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
@@ -48,4 +48,37 @@ tests:
content:
secretRef:
name: athens-proxy-unittest-env
template: templates/deployment.yaml
- it: Rendering default with mounted existing env secret
set:
config.env.enabled: true
config.env.existingSecret.enabled: true
config.env.existingSecret.secretName: my-secret
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-my-secret
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: my-secret
template: templates/deployment.yaml
- it: Rendering default with mounted existing env secret, but without sha sum annotation
set:
config.env.enabled: true
config.env.addSHASumAnnotation: false
config.env.existingSecret.enabled: true
config.env.existingSecret.secretName: my-secret
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-my-secret
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: my-secret
template: templates/deployment.yaml

67
unittests/deployment/gitConfig.yaml
View File

@@ -41,6 +41,7 @@ tests:
- it: Rendering default with mounted gitconfig configMap
set:
config.gitConfig.enabled: true
config.gitConfig.addSHASumAnnotation: true
persistence.enabled: true
asserts:
- exists:
@@ -67,16 +68,80 @@ tests:
name: athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- it: Rendering default with mounted gitconfig configMap, but without sha sum annotation
set:
config.gitConfig.enabled: true
config.gitConfig.addSHASumAnnotation: false
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.gitconfig
subPath: .gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- configMap:
items:
- key: .gitconfig
path: .gitconfig
mode: 0644
name: athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- it: Rendering with custom gitconfig configMap
set:
config.gitConfig.enabled: true
config.gitConfig.addSHASumAnnotation: true
config.gitConfig.existingConfigMap.enabled: true
config.gitConfig.existingConfigMap.configMapName: "my-custom-configmap"
config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key"
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/config-map-my-custom-configmap
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.gitconfig
subPath: .gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- configMap:
items:
- key: my-gitconfig-key
path: .gitconfig
mode: 0644
name: my-custom-configmap
template: templates/deployment.yaml
- it: Rendering with custom gitconfig configMap, but without sha sum annotations
set:
config.gitConfig.enabled: true
config.gitConfig.addSHASumAnnotation: false
config.gitConfig.existingConfigMap.enabled: true
config.gitConfig.existingConfigMap.configMapName: "my-custom-configmap"
config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
path: spec.template.metadata.annotations.checksum/config-map-my-custom-configmap
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts

67
unittests/deployment/netrc.yaml
View File

@@ -40,6 +40,7 @@ tests:
- it: Rendering default with mounted netrc secret
set:
config.netrc.enabled: true
config.netrc.addSHASumAnnotation: true
persistence.enabled: true
asserts:
- exists:
@@ -66,16 +67,80 @@ tests:
name: athens-proxy-unittest-netrc
template: templates/deployment.yaml
- it: Rendering default with mounted netrc secret, but without sha sum annotation
set:
config.netrc.enabled: true
config.netrc.addSHASumAnnotation: false
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.netrc
subPath: .netrc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: .netrc
path: .netrc
mode: 0600
name: athens-proxy-unittest-netrc
template: templates/deployment.yaml
- it: Rendering with custom netrc secret
set:
config.netrc.enabled: true
config.netrc.addSHASumAnnotation: true
config.netrc.existingSecret.enabled: true
config.netrc.existingSecret.secretName: "my-custom-secret"
config.netrc.existingSecret.netrcKey: "my-netrc-key"
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-my-custom-secret
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.netrc
subPath: .netrc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: my-netrc-key
path: .netrc
mode: 0600
name: my-custom-secret
template: templates/deployment.yaml
- it: Rendering with custom netrc secret, but without sha sum annotation
set:
config.netrc.enabled: true
config.netrc.addSHASumAnnotation: false
config.netrc.existingSecret.enabled: true
config.netrc.existingSecret.secretName: "my-custom-secret"
config.netrc.existingSecret.netrcKey: "my-netrc-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netc
path: spec.template.metadata.annotations.checksum/secret-my-custom-secret
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts

17
unittests/deployment/ssh.yaml
View File

@@ -107,6 +107,7 @@ tests:
- it: Rendering default with mounted ssh keys
set:
config.ssh.enabled: true
config.ssh.addSHASumAnnotation: true
config.ssh.secret.id_ed25519: foo
config.ssh.secret.id_ed25519_pub: bar
config.ssh.secret.id_rsa: foo
@@ -180,6 +181,7 @@ tests:
- it: Rendering with custom ssh secret
set:
config.ssh.enabled: true
config.ssh.addSHASumAnnotation: true
config.ssh.existingSecret.enabled: true
config.ssh.existingSecret.secretName: "my-custom-secret"
config.ssh.existingSecret.configKey : "my-config-key"
@@ -189,8 +191,8 @@ tests:
config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
- exists:
path: spec.template.metadata.annotations.checksum/secret-my-custom-secret
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
@@ -251,4 +253,15 @@ tests:
path: id_rsa.pub
mode: 0644
name: my-custom-secret
template: templates/deployment.yaml
- it: Rendering with custom ssh secret, but without sha sum annotation
set:
config.ssh.enabled: true
config.ssh.addSHASumAnnotation: false
config.ssh.existingSecret.enabled: true
config.ssh.existingSecret.secretName: "my-custom-secret"
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-my-custom-secret
template: templates/deployment.yaml