From a00d40b7927df38d59e57ad186615a90dd941070 Mon Sep 17 00:00:00 2001 From: Markus Pesch Date: Fri, 3 Oct 2025 16:13:15 +0200 Subject: [PATCH] fix(config): support netrc --- templates/athens-proxy/_deployment.tpl | 50 +++++++++--- templates/athens-proxy/_secrets.tpl | 14 ++++ templates/athens-proxy/secretEnv.yaml | 2 +- templates/athens-proxy/secretNetRC.yaml | 4 +- templates/athens-proxy/secretSSH.yaml | 2 +- unittests/deployment/deployment.yaml | 62 -------------- unittests/deployment/netrc.yaml | 80 +++++++++++++++++++ .../deployment/persistentVolumeClaim.yaml | 73 +++++++++++++++++ unittests/secrets/netrc.yaml | 10 +++ values.yaml | 6 +- 10 files changed, 222 insertions(+), 81 deletions(-) create mode 100644 unittests/deployment/netrc.yaml create mode 100644 unittests/deployment/persistentVolumeClaim.yaml diff --git a/templates/athens-proxy/_deployment.tpl b/templates/athens-proxy/_deployment.tpl index b043736..a9b2d84 100644 --- a/templates/athens-proxy/_deployment.tpl +++ b/templates/athens-proxy/_deployment.tpl @@ -12,14 +12,14 @@ {{/* env */}} {{- define "athens-proxy.deployment.env" -}} -{{- $env := dict "env" (.Values.deployment.athensProxy.env | default (list) ) }} +{{- $env := .Values.deployment.athensProxy.env | default (list) }} {{- if and .Values.persistence.enabled }} -{{- $env = merge $env (dict "env" (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)))}} +{{- $env = concat $env (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)) }} {{- end }} {{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }} -{{- $env = merge $env (dict "env" (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu"))))) }} +{{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }} {{- end }} -{{ toYaml $env }} +{{ toYaml (dict "env" $env) }} {{- end -}} @@ -59,21 +59,45 @@ {{/* volumeMounts */}} {{- define "athens-proxy.deployment.volumeMounts" -}} -{{- $volumeMounts := dict "volumeMounts" (.Values.deployment.athensProxy.volumeMounts | default (list) ) }} +{{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }} {{- if .Values.persistence.enabled }} -{{- $volumeMounts = merge $volumeMounts (dict "volumeMounts" (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath))) }} +{{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }} {{- end }} -{{ toYaml $volumeMounts }} + +{{- if .Values.config.netrc.enabled }} +{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.netrc" "subPath" ".netrc" )) }} +{{- end }} + +{{ toYaml (dict "volumeMounts" $volumeMounts) }} {{- end -}} {{/* volumes */}} {{- define "athens-proxy.deployment.volumes" -}} -{{- $volumes := dict "volumes" (.Values.deployment.athensProxy.volumes | default (list) ) }} -{{- if and .Values.persistence.enabled (not .Values.persistence.data.existingPersistentVolumeClaim.enabled) }} -{{- $volumes = merge $volumes (dict "volumes" (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" (include "athens-proxy.persistentVolumeClaim.data.name" $))))) }} -{{- else if and .Values.persistence.enabled .Values.persistence.data.existingPersistentVolumeClaim.enabled }} -{{- $volumes = merge $volumes (dict "volumes" (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName)))) }} +{{- $volumes := .Values.deployment.athensProxy.volumes | default (list) }} + +{{- if .Values.persistence.enabled }} +{{- $claimName := include "athens-proxy.persistentVolumeClaim.data.name" $ }} +{{- if .Values.persistence.data.existingPersistentVolumeClaim.enabled }} +{{- $claimName = .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName }} {{- end }} -{{ toYaml $volumes }} +{{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $claimName))) }} +{{- end }} + +{{- if .Values.config.netrc.enabled }} +{{- $projectedSources := list -}} + +{{- $itemList := list (dict "key" ".netrc" "path" ".netrc" "mode" 0600) }} +{{- $secretName := include "athens-proxy.secrets.netrc.name" . }} +{{- if .Values.config.netrc.existingSecret.enabled }} +{{- $itemList = list (dict "key" .Values.config.netrc.existingSecret.netrcKey "path" ".netrc" "mode" 0600) }} +{{- $secretName = .Values.config.netrc.existingSecret.secretName }} +{{- end }} +{{- $projectedSources = concat $projectedSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }} + + +{{- $volumes = concat $volumes (list (dict "name" "secrets" "projected" (dict "sources" $projectedSources)))}} +{{- end }} + +{{ toYaml (dict "volumes" $volumes) }} {{- end -}} \ No newline at end of file diff --git a/templates/athens-proxy/_secrets.tpl b/templates/athens-proxy/_secrets.tpl index 006987b..0dfd804 100644 --- a/templates/athens-proxy/_secrets.tpl +++ b/templates/athens-proxy/_secrets.tpl @@ -45,3 +45,17 @@ {{ toYaml .Values.config.ssh.secret.labels }} {{- end }} {{- end }} + +{{/* name */}} + +{{- define "athens-proxy.secrets.env.name" -}} +{{ include "athens-proxy.fullname" . }}-env +{{- end }} + +{{- define "athens-proxy.secrets.netrc.name" -}} +{{ include "athens-proxy.fullname" . }}-netrc +{{- end }} + +{{- define "athens-proxy.secrets.ssh.name" -}} +{{ include "athens-proxy.fullname" . }}-ssh +{{- end }} diff --git a/templates/athens-proxy/secretEnv.yaml b/templates/athens-proxy/secretEnv.yaml index 91ea9b3..8997bf5 100644 --- a/templates/athens-proxy/secretEnv.yaml +++ b/templates/athens-proxy/secretEnv.yaml @@ -11,7 +11,7 @@ metadata: labels: {{- toYaml . | nindent 4 }} {{- end }} - name: {{ include "athens-proxy.fullname" . }}-env + name: {{ include "athens-proxy.secrets.env.name" . }} namespace: {{ .Release.Namespace }} stringData: {{- range $key, $value := .Values.config.env.secret.envs }} diff --git a/templates/athens-proxy/secretNetRC.yaml b/templates/athens-proxy/secretNetRC.yaml index 500a79c..6101fba 100644 --- a/templates/athens-proxy/secretNetRC.yaml +++ b/templates/athens-proxy/secretNetRC.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.config.netrc.existingSecret.enabled }} +{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }} --- apiVersion: v1 kind: Secret @@ -11,7 +11,7 @@ metadata: labels: {{- toYaml . | nindent 4 }} {{- end }} - name: {{ include "athens-proxy.fullname" . }}-netrc + name: {{ include "athens-proxy.secrets.netrc.name" . }} namespace: {{ .Release.Namespace }} stringData: .netrc: | diff --git a/templates/athens-proxy/secretSSH.yaml b/templates/athens-proxy/secretSSH.yaml index ced5569..41b7fb7 100644 --- a/templates/athens-proxy/secretSSH.yaml +++ b/templates/athens-proxy/secretSSH.yaml @@ -11,7 +11,7 @@ metadata: labels: {{- toYaml . | nindent 4 }} {{- end }} - name: {{ include "athens-proxy.fullname" . }}-ssh + name: {{ include "athens-proxy.secrets.ssh.name" . }} namespace: {{ .Release.Namespace }} stringData: config: | diff --git a/unittests/deployment/deployment.yaml b/unittests/deployment/deployment.yaml index 187d6bb..d158e50 100644 --- a/unittests/deployment/deployment.yaml +++ b/unittests/deployment/deployment.yaml @@ -464,65 +464,3 @@ tests: mountPath: /usr/lib/athens-proxy/data template: templates/athens-proxy/deployment.yaml -- it: Test persistent volume claim - set: - persistence.enabled: true - asserts: - - contains: - path: spec.template.spec.containers[0].env - content: - name: ATHENS_STORAGE_TYPE - value: disk - template: templates/athens-proxy/deployment.yaml - - contains: - path: spec.template.spec.containers[0].env - content: - name: ATHENS_DISK_STORAGE_ROOT - value: /var/www/athens-proxy/data - template: templates/athens-proxy/deployment.yaml - - contains: - path: spec.template.spec.containers[0].volumeMounts - content: - name: data - mountPath: /var/www/athens-proxy/data - template: templates/athens-proxy/deployment.yaml - - contains: - path: spec.template.spec.volumes - content: - name: data - persistentVolumeClaim: - claimName: athens-proxy-unittest-data - template: templates/athens-proxy/deployment.yaml - -- it: Test existing persistent volume claim - set: - persistence.enabled: true - persistence.data.mountPath: "/mnt/go-proxy/data" - persistence.data.existingPersistentVolumeClaim.enabled: true - persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName: "my-special-pvc" - asserts: - - contains: - path: spec.template.spec.containers[0].env - content: - name: ATHENS_STORAGE_TYPE - value: disk - template: templates/athens-proxy/deployment.yaml - - contains: - path: spec.template.spec.containers[0].env - content: - name: ATHENS_DISK_STORAGE_ROOT - value: /mnt/go-proxy/data - template: templates/athens-proxy/deployment.yaml - - contains: - path: spec.template.spec.containers[0].volumeMounts - content: - name: data - mountPath: /mnt/go-proxy/data - template: templates/athens-proxy/deployment.yaml - - contains: - path: spec.template.spec.volumes - content: - name: data - persistentVolumeClaim: - claimName: my-special-pvc - template: templates/athens-proxy/deployment.yaml \ No newline at end of file diff --git a/unittests/deployment/netrc.yaml b/unittests/deployment/netrc.yaml new file mode 100644 index 0000000..4190e74 --- /dev/null +++ b/unittests/deployment/netrc.yaml @@ -0,0 +1,80 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: Deployment template +release: + name: athens-proxy-unittest + namespace: testing +templates: +- templates/athens-proxy/deployment.yaml +tests: +- it: Rendering default without mounted netrc secret + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: netrc + mountPath: /root + - notContains: + path: spec.template.spec.volumes + content: + name: secrets + projected: + sources: + - secret: + items: + - key: .netrc + path: .netrc + mode: 0600 + name: athens-proxy-unittest-netrc + +- it: Rendering default with mounted netrc secret + set: + config.netrc.enabled: true + persistence.enabled: true + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: secrets + mountPath: /root/.netrc + subPath: .netrc + - contains: + path: spec.template.spec.volumes + content: + name: secrets + projected: + sources: + - secret: + items: + - key: .netrc + path: .netrc + mode: 0600 + name: athens-proxy-unittest-netrc + +- it: Rendering with custom netrc secret + set: + config.netrc.enabled: true + config.netrc.existingSecret.enabled: true + config.netrc.existingSecret.secretName: "my-custom-secret" + config.netrc.existingSecret.netrcKey: "my-netrc-key" + persistence.enabled: true + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: secrets + mountPath: /root/.netrc + subPath: .netrc + - contains: + path: spec.template.spec.volumes + content: + name: secrets + projected: + sources: + - secret: + items: + - key: my-netrc-key + path: .netrc + mode: 0600 + name: my-custom-secret \ No newline at end of file diff --git a/unittests/deployment/persistentVolumeClaim.yaml b/unittests/deployment/persistentVolumeClaim.yaml new file mode 100644 index 0000000..d851bb8 --- /dev/null +++ b/unittests/deployment/persistentVolumeClaim.yaml @@ -0,0 +1,73 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: Deployment template +release: + name: athens-proxy-unittest + namespace: testing +templates: +- templates/athens-proxy/deployment.yaml +tests: +- it: Test persistent volume claim + set: + persistence.enabled: true + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ATHENS_STORAGE_TYPE + value: disk + template: templates/athens-proxy/deployment.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: ATHENS_DISK_STORAGE_ROOT + value: /var/www/athens-proxy/data + template: templates/athens-proxy/deployment.yaml + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: data + mountPath: /var/www/athens-proxy/data + template: templates/athens-proxy/deployment.yaml + - contains: + path: spec.template.spec.volumes + content: + name: data + persistentVolumeClaim: + claimName: athens-proxy-unittest-data + template: templates/athens-proxy/deployment.yaml + +- it: Test existing persistent volume claim + set: + config.netrc.enabled: true + persistence.enabled: true + persistence.data.mountPath: "/mnt/go-proxy/data" + persistence.data.existingPersistentVolumeClaim.enabled: true + persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName: "my-special-pvc" + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ATHENS_STORAGE_TYPE + value: disk + template: templates/athens-proxy/deployment.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: ATHENS_DISK_STORAGE_ROOT + value: /mnt/go-proxy/data + template: templates/athens-proxy/deployment.yaml + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: data + mountPath: /mnt/go-proxy/data + template: templates/athens-proxy/deployment.yaml + - contains: + path: spec.template.spec.volumes + content: + name: data + persistentVolumeClaim: + claimName: my-special-pvc + template: templates/athens-proxy/deployment.yaml \ No newline at end of file diff --git a/unittests/secrets/netrc.yaml b/unittests/secrets/netrc.yaml index a20816a..147d553 100644 --- a/unittests/secrets/netrc.yaml +++ b/unittests/secrets/netrc.yaml @@ -8,14 +8,22 @@ release: templates: - templates/athens-proxy/secretNetRC.yaml tests: +- it: Skip rendering by default + asserts: + - hasDocuments: + count: 0 + - it: Skip rendering by using existing secret. set: + config.netrc.enabled: true config.netrc.existingSecret.enabled: true asserts: - hasDocuments: count: 0 - it: Rendering netrc secret with default values. + set: + config.netrc.enabled: true asserts: - hasDocuments: count: 1 @@ -52,6 +60,7 @@ tests: - it: Rendering netrc secret with custom values. set: + config.netrc.enabled: true config.netrc.secret.content: | default github.com hugo password kinnock default api.github.com hugo password kinnock @@ -64,6 +73,7 @@ tests: - it: Rendering custom annotations and labels. set: + config.netrc.enabled: true config.netrc.secret.annotations: foo: bar bar: foo diff --git a/values.yaml b/values.yaml index 15888ee..a03bcaf 100644 --- a/values.yaml +++ b/values.yaml @@ -62,7 +62,6 @@ config: # ATHENS_MONGO_DEFAULT_DATABASE: # ATHENS_MONGO_INSECURE: # ATHENS_MONGO_STORAGE_URL: - # ATHENS_NETRC_PATH: # ATHENS_PATH_PREFIX: # ATHENS_PORT: # ATHENS_PROTOCOL_WORKERS: @@ -75,7 +74,6 @@ config: # ATHENS_STATS_EXPORTER: # ATHENS_STORAGE_GCP_BUCKET: # ATHENS_STORAGE_GCP_JSON_KEY: - # ATHENS_STORAGE_TYPE: # ATHENS_SUM_DBS: # ATHENS_TIMEOUT: # ATHENS_TLSCERT_FILE: @@ -144,11 +142,15 @@ config: content: | netrc: + ## @param config.netrc.enabled Enable mounting of a .netrc file into the container file system. + enabled: false + ## @param config.netrc.existingSecret.enabled TODO:. ## @param config.netrc.existingSecret.secretName TODO: existingSecret: enabled: false secretName: "" + netrcKey: ".netrc" ## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials. ## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials.