volker.raschek/athens-proxy-charts
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

fix(config): support netrc

Browse Source
This commit is contained in:
Markus Pesch
2025-10-03 16:13:15 +02:00
parent d02f63be7a
commit a00d40b792
10 changed files with 222 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
templates/athens-proxy/_deployment.tpl
View File

@@ -12,14 +12,14 @@
{{/* env */}} {{/* env */}}
{{- define "athens-proxy.deployment.env" -}} {{- define "athens-proxy.deployment.env" -}}
{{- $env := dict "env" (.Values.deployment.athensProxy.env | default (list) ) }} {{- $env := .Values.deployment.athensProxy.env | default (list) }}
{{- if and .Values.persistence.enabled }} {{- if and .Values.persistence.enabled }}
{{- $env = merge $env (dict "env" (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)))}} {{- $env = concat $env (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)) }}
{{- end }} {{- end }}
{{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }} {{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }}
{{- $env = merge $env (dict "env" (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu"))))) }} {{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }}
{{- end }} {{- end }}
{{ toYaml $env }} {{ toYaml (dict "env" $env) }}
{{- end -}} {{- end -}}
@@ -59,21 +59,45 @@
{{/* volumeMounts */}} {{/* volumeMounts */}}
{{- define "athens-proxy.deployment.volumeMounts" -}} {{- define "athens-proxy.deployment.volumeMounts" -}}
{{- $volumeMounts := dict "volumeMounts" (.Values.deployment.athensProxy.volumeMounts | default (list) ) }} {{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }}
{{- if .Values.persistence.enabled }} {{- if .Values.persistence.enabled }}
{{- $volumeMounts = merge $volumeMounts (dict "volumeMounts" (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath))) }} {{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }}
{{- end }} {{- end }}
{{ toYaml $volumeMounts }}
{{- if .Values.config.netrc.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.netrc" "subPath" ".netrc" )) }}
{{- end }}
{{ toYaml (dict "volumeMounts" $volumeMounts) }}
{{- end -}} {{- end -}}
{{/* volumes */}} {{/* volumes */}}
{{- define "athens-proxy.deployment.volumes" -}} {{- define "athens-proxy.deployment.volumes" -}}
{{- $volumes := dict "volumes" (.Values.deployment.athensProxy.volumes | default (list) ) }} {{- $volumes := .Values.deployment.athensProxy.volumes | default (list) }}
{{- if and .Values.persistence.enabled (not .Values.persistence.data.existingPersistentVolumeClaim.enabled) }}
{{- $volumes = merge $volumes (dict "volumes" (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" (include "athens-proxy.persistentVolumeClaim.data.name" $))))) }} {{- if .Values.persistence.enabled }}
{{- else if and .Values.persistence.enabled .Values.persistence.data.existingPersistentVolumeClaim.enabled }} {{- $claimName := include "athens-proxy.persistentVolumeClaim.data.name" $ }}
{{- $volumes = merge $volumes (dict "volumes" (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName)))) }} {{- if .Values.persistence.data.existingPersistentVolumeClaim.enabled }}
{{- $claimName = .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName }}
{{- end }} {{- end }}
{{ toYaml $volumes }} {{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $claimName))) }}
{{- end }}
{{- if .Values.config.netrc.enabled }}
{{- $projectedSources := list -}}
{{- $itemList := list (dict "key" ".netrc" "path" ".netrc" "mode" 0600) }}
{{- $secretName := include "athens-proxy.secrets.netrc.name" . }}
{{- if .Values.config.netrc.existingSecret.enabled }}
{{- $itemList = list (dict "key" .Values.config.netrc.existingSecret.netrcKey "path" ".netrc" "mode" 0600) }}
{{- $secretName = .Values.config.netrc.existingSecret.secretName }}
{{- end }}
{{- $projectedSources = concat $projectedSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
{{- $volumes = concat $volumes (list (dict "name" "secrets" "projected" (dict "sources" $projectedSources)))}}
{{- end }}
{{ toYaml (dict "volumes" $volumes) }}
{{- end -}} {{- end -}}

14
templates/athens-proxy/_secrets.tpl
View File

@@ -45,3 +45,17 @@
{{ toYaml .Values.config.ssh.secret.labels }} {{ toYaml .Values.config.ssh.secret.labels }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/* name */}}
{{- define "athens-proxy.secrets.env.name" -}}
{{ include "athens-proxy.fullname" . }}-env
{{- end }}
{{- define "athens-proxy.secrets.netrc.name" -}}
{{ include "athens-proxy.fullname" . }}-netrc
{{- end }}
{{- define "athens-proxy.secrets.ssh.name" -}}
{{ include "athens-proxy.fullname" . }}-ssh
{{- end }}

2
templates/athens-proxy/secretEnv.yaml
View File

@@ -11,7 +11,7 @@ metadata:
labels: labels:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "athens-proxy.fullname" . }}-env name: {{ include "athens-proxy.secrets.env.name" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
stringData: stringData:
{{- range $key, $value := .Values.config.env.secret.envs }} {{- range $key, $value := .Values.config.env.secret.envs }}

4
templates/athens-proxy/secretNetRC.yaml
View File

@@ -1,4 +1,4 @@
{{- if not .Values.config.netrc.existingSecret.enabled }} {{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
@@ -11,7 +11,7 @@ metadata:
labels: labels:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "athens-proxy.fullname" . }}-netrc name: {{ include "athens-proxy.secrets.netrc.name" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
stringData: stringData:
.netrc: | .netrc: |

2
templates/athens-proxy/secretSSH.yaml
View File

@@ -11,7 +11,7 @@ metadata:
labels: labels:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "athens-proxy.fullname" . }}-ssh name: {{ include "athens-proxy.secrets.ssh.name" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
stringData: stringData:
config: | config: |

62
unittests/deployment/deployment.yaml
View File

@@ -464,65 +464,3 @@ tests:
mountPath: /usr/lib/athens-proxy/data mountPath: /usr/lib/athens-proxy/data
template: templates/athens-proxy/deployment.yaml template: templates/athens-proxy/deployment.yaml
- it: Test persistent volume claim
set:
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_STORAGE_TYPE
value: disk
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DISK_STORAGE_ROOT
value: /var/www/athens-proxy/data
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /var/www/athens-proxy/data
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: athens-proxy-unittest-data
template: templates/athens-proxy/deployment.yaml
- it: Test existing persistent volume claim
set:
persistence.enabled: true
persistence.data.mountPath: "/mnt/go-proxy/data"
persistence.data.existingPersistentVolumeClaim.enabled: true
persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName: "my-special-pvc"
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_STORAGE_TYPE
value: disk
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DISK_STORAGE_ROOT
value: /mnt/go-proxy/data
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /mnt/go-proxy/data
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: my-special-pvc
template: templates/athens-proxy/deployment.yaml

80
unittests/deployment/netrc.yaml Normal file
View File

@@ -0,0 +1,80 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/deployment.yaml
tests:
- it: Rendering default without mounted netrc secret
asserts:
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: netrc
mountPath: /root
- notContains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: .netrc
path: .netrc
mode: 0600
name: athens-proxy-unittest-netrc
- it: Rendering default with mounted netrc secret
set:
config.netrc.enabled: true
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.netrc
subPath: .netrc
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: .netrc
path: .netrc
mode: 0600
name: athens-proxy-unittest-netrc
- it: Rendering with custom netrc secret
set:
config.netrc.enabled: true
config.netrc.existingSecret.enabled: true
config.netrc.existingSecret.secretName: "my-custom-secret"
config.netrc.existingSecret.netrcKey: "my-netrc-key"
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.netrc
subPath: .netrc
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: my-netrc-key
path: .netrc
mode: 0600
name: my-custom-secret

73
unittests/deployment/persistentVolumeClaim.yaml Normal file
View File

@@ -0,0 +1,73 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/deployment.yaml
tests:
- it: Test persistent volume claim
set:
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_STORAGE_TYPE
value: disk
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DISK_STORAGE_ROOT
value: /var/www/athens-proxy/data
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /var/www/athens-proxy/data
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: athens-proxy-unittest-data
template: templates/athens-proxy/deployment.yaml
- it: Test existing persistent volume claim
set:
config.netrc.enabled: true
persistence.enabled: true
persistence.data.mountPath: "/mnt/go-proxy/data"
persistence.data.existingPersistentVolumeClaim.enabled: true
persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName: "my-special-pvc"
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_STORAGE_TYPE
value: disk
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DISK_STORAGE_ROOT
value: /mnt/go-proxy/data
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /mnt/go-proxy/data
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: my-special-pvc
template: templates/athens-proxy/deployment.yaml

10
unittests/secrets/netrc.yaml
View File

@@ -8,14 +8,22 @@ release:
templates: templates:
- templates/athens-proxy/secretNetRC.yaml - templates/athens-proxy/secretNetRC.yaml
tests: tests:
- it: Skip rendering by default
asserts:
- hasDocuments:
count: 0
- it: Skip rendering by using existing secret. - it: Skip rendering by using existing secret.
set: set:
config.netrc.enabled: true
config.netrc.existingSecret.enabled: true config.netrc.existingSecret.enabled: true
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 0 count: 0
- it: Rendering netrc secret with default values. - it: Rendering netrc secret with default values.
set:
config.netrc.enabled: true
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
@@ -52,6 +60,7 @@ tests:
- it: Rendering netrc secret with custom values. - it: Rendering netrc secret with custom values.
set: set:
config.netrc.enabled: true
config.netrc.secret.content: | config.netrc.secret.content: |
default github.com hugo password kinnock default github.com hugo password kinnock
default api.github.com hugo password kinnock default api.github.com hugo password kinnock
@@ -64,6 +73,7 @@ tests:
- it: Rendering custom annotations and labels. - it: Rendering custom annotations and labels.
set: set:
config.netrc.enabled: true
config.netrc.secret.annotations: config.netrc.secret.annotations:
foo: bar foo: bar
bar: foo bar: foo

6
values.yaml
View File

@@ -62,7 +62,6 @@ config:
# ATHENS_MONGO_DEFAULT_DATABASE: # ATHENS_MONGO_DEFAULT_DATABASE:
# ATHENS_MONGO_INSECURE: # ATHENS_MONGO_INSECURE:
# ATHENS_MONGO_STORAGE_URL: # ATHENS_MONGO_STORAGE_URL:
# ATHENS_NETRC_PATH:
# ATHENS_PATH_PREFIX: # ATHENS_PATH_PREFIX:
# ATHENS_PORT: # ATHENS_PORT:
# ATHENS_PROTOCOL_WORKERS: # ATHENS_PROTOCOL_WORKERS:
@@ -75,7 +74,6 @@ config:
# ATHENS_STATS_EXPORTER: # ATHENS_STATS_EXPORTER:
# ATHENS_STORAGE_GCP_BUCKET: # ATHENS_STORAGE_GCP_BUCKET:
# ATHENS_STORAGE_GCP_JSON_KEY: # ATHENS_STORAGE_GCP_JSON_KEY:
# ATHENS_STORAGE_TYPE:
# ATHENS_SUM_DBS: # ATHENS_SUM_DBS:
# ATHENS_TIMEOUT: # ATHENS_TIMEOUT:
# ATHENS_TLSCERT_FILE: # ATHENS_TLSCERT_FILE:
@@ -144,11 +142,15 @@ config:
content: | content: |
netrc: netrc:
## @param config.netrc.enabled Enable mounting of a .netrc file into the container file system.
enabled: false
## @param config.netrc.existingSecret.enabled TODO:. ## @param config.netrc.existingSecret.enabled TODO:.
## @param config.netrc.existingSecret.secretName TODO: ## @param config.netrc.existingSecret.secretName TODO:
existingSecret: existingSecret:
enabled: false enabled: false
secretName: "" secretName: ""
netrcKey: ".netrc"
## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials. ## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials.
## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials. ## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials.