From d02f63be7ad9bb0dd2ab2183630c565efdd7001a Mon Sep 17 00:00:00 2001 From: Markus Pesch Date: Fri, 3 Oct 2025 13:04:20 +0200 Subject: [PATCH] fix: improve chart --- .gitea/scripts/add-annotations.sh | 114 +++ .gitea/workflows/release.yaml | 26 +- .gitignore | 3 + .vscode/extensions.json | 8 + .vscode/settings.json | 8 + .yamllint.yaml | 20 + Chart.yaml | 6 + package-lock.json | 4 +- package.json | 4 +- renovate.json | 6 +- .../_common.tpl} | 11 +- templates/athens-proxy/_configMap.tpl | 33 + templates/athens-proxy/_deployment.tpl | 79 ++ templates/athens-proxy/_hpa.tpl | 19 + templates/athens-proxy/_ingress.tpl | 19 + templates/athens-proxy/_networkPolicies.tpl | 19 + .../athens-proxy/_persistentVolumeClaim.tpl | 25 + templates/athens-proxy/_pod.tpl | 17 + templates/athens-proxy/_secrets.tpl | 47 ++ templates/athens-proxy/_serviceAccount.tpl | 17 + templates/athens-proxy/_services.tpl | 29 + .../athens-proxy/configMapDownloadMode.yaml | 19 + .../athens-proxy/configMapGitConfig.yaml | 19 + templates/athens-proxy/deployment.yaml | 135 ++++ templates/athens-proxy/hpa.yaml | 25 + templates/athens-proxy/ingress.yaml | 45 ++ templates/athens-proxy/networkPolicies.yaml | 36 + .../athens-proxy/persistentVolumeClaim.yaml | 26 + templates/athens-proxy/secretEnv.yaml | 20 + templates/athens-proxy/secretNetRC.yaml | 19 + templates/athens-proxy/secretSSH.yaml | 35 + templates/athens-proxy/serviceAccount.yaml | 25 + templates/athens-proxy/serviceHTTP.yaml | 57 ++ templates/deployment.yaml | 72 -- templates/ingress.yaml | 61 -- templates/secrets.yaml | 23 - templates/service.yaml | 36 - templates/serviceAccount.yaml | 10 - templates/tests/test-connection.yaml | 15 - unittests/configMaps/downloadMode.yaml | 88 +++ unittests/configMaps/gitConfig.yaml | 77 ++ unittests/deployment/deployment.yaml | 528 +++++++++++++ unittests/hpa/default.yaml | 116 +++ unittests/ingress/ingress.yaml | 139 ++++ unittests/networkPolicies/default.yaml | 118 +++ .../persistentVolumeClaim.yaml | 90 +++ unittests/secrets/env.yaml | 67 ++ unittests/secrets/netrc.yaml | 83 ++ unittests/secrets/ssh.yaml | 109 +++ unittests/serviceAccounts/serviceAccount.yaml | 79 ++ unittests/services/http.yaml | 174 +++++ values.yaml | 738 +++++++++++++----- 52 files changed, 3193 insertions(+), 405 deletions(-) create mode 100755 .gitea/scripts/add-annotations.sh create mode 100644 .vscode/extensions.json create mode 100644 .vscode/settings.json create mode 100644 .yamllint.yaml rename templates/{_helpers.tpl => athens-proxy/_common.tpl} (91%) create mode 100644 templates/athens-proxy/_configMap.tpl create mode 100644 templates/athens-proxy/_deployment.tpl create mode 100644 templates/athens-proxy/_hpa.tpl create mode 100644 templates/athens-proxy/_ingress.tpl create mode 100644 templates/athens-proxy/_networkPolicies.tpl create mode 100644 templates/athens-proxy/_persistentVolumeClaim.tpl create mode 100644 templates/athens-proxy/_pod.tpl create mode 100644 templates/athens-proxy/_secrets.tpl create mode 100644 templates/athens-proxy/_serviceAccount.tpl create mode 100644 templates/athens-proxy/_services.tpl create mode 100644 templates/athens-proxy/configMapDownloadMode.yaml create mode 100644 templates/athens-proxy/configMapGitConfig.yaml create mode 100644 templates/athens-proxy/deployment.yaml create mode 100644 templates/athens-proxy/hpa.yaml create mode 100644 templates/athens-proxy/ingress.yaml create mode 100644 templates/athens-proxy/networkPolicies.yaml create mode 100644 templates/athens-proxy/persistentVolumeClaim.yaml create mode 100644 templates/athens-proxy/secretEnv.yaml create mode 100644 templates/athens-proxy/secretNetRC.yaml create mode 100644 templates/athens-proxy/secretSSH.yaml create mode 100644 templates/athens-proxy/serviceAccount.yaml create mode 100644 templates/athens-proxy/serviceHTTP.yaml delete mode 100644 templates/deployment.yaml delete mode 100644 templates/ingress.yaml delete mode 100644 templates/secrets.yaml delete mode 100644 templates/service.yaml delete mode 100644 templates/serviceAccount.yaml delete mode 100644 templates/tests/test-connection.yaml create mode 100644 unittests/configMaps/downloadMode.yaml create mode 100644 unittests/configMaps/gitConfig.yaml create mode 100644 unittests/deployment/deployment.yaml create mode 100644 unittests/hpa/default.yaml create mode 100644 unittests/ingress/ingress.yaml create mode 100644 unittests/networkPolicies/default.yaml create mode 100644 unittests/persistentVolumeClaim/persistentVolumeClaim.yaml create mode 100644 unittests/secrets/env.yaml create mode 100644 unittests/secrets/netrc.yaml create mode 100644 unittests/secrets/ssh.yaml create mode 100644 unittests/serviceAccounts/serviceAccount.yaml create mode 100644 unittests/services/http.yaml diff --git a/.gitea/scripts/add-annotations.sh b/.gitea/scripts/add-annotations.sh new file mode 100755 index 0000000..b22cf91 --- /dev/null +++ b/.gitea/scripts/add-annotations.sh @@ -0,0 +1,114 @@ +#!/bin/bash + +set -e + +CHART_FILE="Chart.yaml" +if [ ! -f "${CHART_FILE}" ]; then + echo "ERROR: ${CHART_FILE} not found!" 1>&2 + exit 1 +fi + +DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)" +DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)" + +if [ -z "${1}" ]; then + read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG + if [ -z "${OLD_TAG}" ]; then + OLD_TAG="${DEFAULT_OLD_TAG}" + fi + + while [ -z "$(git tag --list "${OLD_TAG}")" ]; do + echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2 + read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG + if [ -z "${OLD_TAG}" ]; then + OLD_TAG="${DEFAULT_OLD_TAG}" + fi + done +else + OLD_TAG=${1} + if [ -z "$(git tag --list "${OLD_TAG}")" ]; then + echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2 + exit 1 + fi +fi + +if [ -z "${2}" ]; then + read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG + if [ -z "${NEW_TAG}" ]; then + NEW_TAG="${DEFAULT_NEW_TAG}" + fi + + while [ -z "$(git tag --list "${NEW_TAG}")" ]; do + echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2 + read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG + if [ -z "${NEW_TAG}" ]; then + NEW_TAG="${DEFAULT_NEW_TAG}" + fi + done +else + NEW_TAG=${2} + + if [ -z "$(git tag --list "${NEW_TAG}")" ]; then + echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2 + exit 1 + fi +fi + +CHANGE_LOG_YAML=$(mktemp) +echo "[]" > "${CHANGE_LOG_YAML}" + +function map_type_to_kind() { + case "${1}" in + feat) + echo "added" + ;; + fix) + echo "fixed" + ;; + chore|style|test|ci|docs|refac) + echo "changed" + ;; + revert) + echo "removed" + ;; + sec) + echo "security" + ;; + *) + echo "skip" + ;; + esac +} + +COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")" + +echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}" + +while IFS= read -r line; do + if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then + TYPE="${BASH_REMATCH[1]}" + KIND=$(map_type_to_kind "${TYPE}") + + if [ "${KIND}" == "skip" ]; then + continue + fi + + DESC="${BASH_REMATCH[3]}" + + echo "- ${KIND}: ${DESC}" + + jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new" + mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}" + + fi +done <<< "${COMMIT_TITLES}" + +if [ -s "${CHANGE_LOG_YAML}" ]; then + yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}" + yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}" +else + echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2 + exit 1 +fi + +rm "${CHANGE_LOG_YAML}" diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml index f5ad497..888efef 100644 --- a/.gitea/workflows/release.yaml +++ b/.gitea/workflows/release.yaml @@ -11,12 +11,12 @@ jobs: image: docker.io/volkerraschek/helm:3.19.0 runs-on: ubuntu-latest steps: - - name: Install tooling + - name: Install packages via apk run: | apk update - apk add git npm yq + apk add git npm jq yq - - uses: actions/checkout@v5 + - uses: actions/checkout@v5.0.0 with: fetch-depth: 0 @@ -26,7 +26,21 @@ jobs: OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)" .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}" + - name: Extract meta information + run: | + echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV + echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV + echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV + + - name: Update Helm Chart version in README.md + run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md + - name: Package chart + run: | + helm dependency build + helm package --version "${PACKAGE_VERSION}" ./ + + - name: Upload Chart to ChartMuseum env: CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }} CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} @@ -48,7 +62,11 @@ jobs: helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum helm repo remove chartmuseum - # gitea + - name: Upload Chart to Gitea + env: + GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} + GITEA_SERVER_URL: ${{ github.server_url }} + run: | helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea helm repo remove gitea diff --git a/.gitignore b/.gitignore index ba69fff..35e453f 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,6 @@ target values2.yml values2.yaml *.tgz + +install.sh +uninstall.sh \ No newline at end of file diff --git a/.vscode/extensions.json b/.vscode/extensions.json new file mode 100644 index 0000000..08a5b51 --- /dev/null +++ b/.vscode/extensions.json @@ -0,0 +1,8 @@ +{ + "recommendations": [ + "DavidAnson.vscode-markdownlint", + "esbenp.prettier-vscode", + "Tim-Koehler.helm-intellisense", + "yzhang.markdown-all-in-one" + ] +} \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..7ed7716 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,8 @@ +{ + "yaml.schemas": { + "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [ + "/unittests/**/*.yaml" + ] + }, + "yaml.schemaStore.enable": true +} \ No newline at end of file diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 0000000..375e365 --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,20 @@ +--- +extends: default + +ignore: | + .yamllint + node_modules + templates + + +rules: + truthy: + allowed-values: ['true', 'false'] + check-keys: False + level: error + line-length: disable + document-start: disable + comments: + min-spaces-from-content: 1 + braces: + max-spaces-inside: 2 diff --git a/Chart.yaml b/Chart.yaml index 7e44670..4be5dfa 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,3 +1,9 @@ +annotations: + artifacthub.io/links: | + - name: Athens proxy (binary) + url: https://github.com/gomods/athens + - name: support + url: https://git.cryptic.systems/volker.raschek/athens-proxy/issues apiVersion: v2 name: athens-proxy description: Athens proxy server for golang diff --git a/package-lock.json b/package-lock.json index 89cb7d6..8a0a33f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,10 +1,10 @@ { - "name": "athens-proxy-chart", + "name": "athens-proxy-charts", "lockfileVersion": 3, "requires": true, "packages": { "": { - "name": "athens-proxy-chart", + "name": "athens-proxy-charts", "license": "MIT", "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", diff --git a/package.json b/package.json index 3813b84..57ff5ca 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { - "name": "athens-proxy-chart", - "homepage": "https://git.cryptic.systems/volker.raschek/athens-proxy-chart.git", + "name": "athens-proxy-charts", + "homepage": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts.git", "license": "MIT", "private": true, "engineStrict": true, diff --git a/renovate.json b/renovate.json index b80c07b..994db28 100644 --- a/renovate.json +++ b/renovate.json @@ -25,8 +25,8 @@ "matchStrings": [ "VERSION=(?.*)" ], - "depNameTemplate": "volker.raschek/athens-proxy-chart", - "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-chart", + "depNameTemplate": "volker.raschek/athens-proxy-charts", + "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts", "datasourceTemplate": "git-tags", "versioningTemplate": "semver" } @@ -56,7 +56,7 @@ ], "automerge": true, "matchDepNames": [ - "volker.raschek/athens-proxy-chart" + "volker.raschek/athens-proxy-charts" ], "matchUpdateTypes": [ "major", diff --git a/templates/_helpers.tpl b/templates/athens-proxy/_common.tpl similarity index 91% rename from templates/_helpers.tpl rename to templates/athens-proxy/_common.tpl index dc9ff3c..3ecbbe0 100644 --- a/templates/_helpers.tpl +++ b/templates/athens-proxy/_common.tpl @@ -1,3 +1,4 @@ +{{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} @@ -30,20 +31,26 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} +{{/* +Common annotations +*/}} +{{- define "athens-proxy.annotations" -}} +{{- end }} + {{/* Common labels */}} {{- define "athens-proxy.labels" -}} -helm.sh/chart: {{ include "athens-proxy.chart" . }} {{ include "athens-proxy.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} +helm.sh/chart: {{ include "athens-proxy.chart" . }} {{- end }} {{/* -Selector labels +Common selector labels */}} {{- define "athens-proxy.selectorLabels" -}} app.kubernetes.io/name: {{ include "athens-proxy.name" . }} diff --git a/templates/athens-proxy/_configMap.tpl b/templates/athens-proxy/_configMap.tpl new file mode 100644 index 0000000..9b484d7 --- /dev/null +++ b/templates/athens-proxy/_configMap.tpl @@ -0,0 +1,33 @@ +--- + +{{/* annotations */}} + +{{- define "athens-proxy.configMap.downloadMode.annotations" -}} +{{ include "athens-proxy.annotations" . }} +{{- if .Values.config.downloadMode.configMap.annotations }} +{{ toYaml .Values.config.downloadMode.configMap.annotations }} +{{- end }} +{{- end }} + +{{- define "athens-proxy.configMap.gitConfig.annotations" -}} +{{ include "athens-proxy.annotations" . }} +{{- if .Values.config.gitConfig.configMap.annotations }} +{{ toYaml .Values.config.gitConfig.configMap.annotations }} +{{- end }} +{{- end }} + +{{/* labels */}} + +{{- define "athens-proxy.configMap.downloadMode.labels" -}} +{{ include "athens-proxy.labels" . }} +{{- if .Values.config.downloadMode.configMap.labels }} +{{ toYaml .Values.config.downloadMode.configMap.labels }} +{{- end }} +{{- end }} + +{{- define "athens-proxy.configMap.gitConfig.labels" -}} +{{ include "athens-proxy.labels" . }} +{{- if .Values.config.gitConfig.configMap.labels }} +{{ toYaml .Values.config.gitConfig.configMap.labels }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/templates/athens-proxy/_deployment.tpl b/templates/athens-proxy/_deployment.tpl new file mode 100644 index 0000000..b043736 --- /dev/null +++ b/templates/athens-proxy/_deployment.tpl @@ -0,0 +1,79 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* annotations */}} + +{{- define "athens-proxy.deployment.annotations" -}} +{{ include "athens-proxy.annotations" . }} +{{- if .Values.deployment.annotations }} +{{ toYaml .Values.deployment.annotations }} +{{- end }} +{{- end }} + +{{/* env */}} + +{{- define "athens-proxy.deployment.env" -}} +{{- $env := dict "env" (.Values.deployment.athensProxy.env | default (list) ) }} +{{- if and .Values.persistence.enabled }} +{{- $env = merge $env (dict "env" (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)))}} +{{- end }} +{{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }} +{{- $env = merge $env (dict "env" (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu"))))) }} +{{- end }} +{{ toYaml $env }} +{{- end -}} + + +{{/* envFrom */}} + +{{- define "athens-proxy.deployment.envFrom" -}} +{{- end -}} + +{{/* image */}} + +{{- define "athens-proxy.deployment.images.athens-proxy.fqin" -}} +{{- $registry := .Values.deployment.athensProxy.image.registry -}} +{{- $repository := .Values.deployment.athensProxy.image.repository -}} +{{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}} +{{- printf "%s/%s:v%s" $registry $repository $tag -}} +{{- end -}} + +{{/* labels */}} + +{{- define "athens-proxy.deployment.labels" -}} +{{ include "athens-proxy.labels" . }} +{{- if .Values.deployment.labels }} +{{ toYaml .Values.deployment.labels }} +{{- end }} +{{- end }} + +{{/* serviceAccount */}} + +{{- define "athens-proxy.deployment.serviceAccount" -}} +{{- if .Values.serviceAccount.existing.enabled -}} +{{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}} +{{- else -}} +{{- include "athens-proxy.fullname" . -}} +{{- end -}} +{{- end }} + +{{/* volumeMounts */}} + +{{- define "athens-proxy.deployment.volumeMounts" -}} +{{- $volumeMounts := dict "volumeMounts" (.Values.deployment.athensProxy.volumeMounts | default (list) ) }} +{{- if .Values.persistence.enabled }} +{{- $volumeMounts = merge $volumeMounts (dict "volumeMounts" (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath))) }} +{{- end }} +{{ toYaml $volumeMounts }} +{{- end -}} + +{{/* volumes */}} + +{{- define "athens-proxy.deployment.volumes" -}} +{{- $volumes := dict "volumes" (.Values.deployment.athensProxy.volumes | default (list) ) }} +{{- if and .Values.persistence.enabled (not .Values.persistence.data.existingPersistentVolumeClaim.enabled) }} +{{- $volumes = merge $volumes (dict "volumes" (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" (include "athens-proxy.persistentVolumeClaim.data.name" $))))) }} +{{- else if and .Values.persistence.enabled .Values.persistence.data.existingPersistentVolumeClaim.enabled }} +{{- $volumes = merge $volumes (dict "volumes" (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName)))) }} +{{- end }} +{{ toYaml $volumes }} +{{- end -}} \ No newline at end of file diff --git a/templates/athens-proxy/_hpa.tpl b/templates/athens-proxy/_hpa.tpl new file mode 100644 index 0000000..b8b867b --- /dev/null +++ b/templates/athens-proxy/_hpa.tpl @@ -0,0 +1,19 @@ +--- + +{{/* annotations */}} + +{{- define "athens-proxy.hpa.annotations" -}} +{{ include "athens-proxy.annotations" . }} +{{- if .Values.hpa.annotations }} +{{ toYaml .Values.hpa.annotations }} +{{- end }} +{{- end }} + +{{/* labels */}} + +{{- define "athens-proxy.hpa.labels" -}} +{{ include "athens-proxy.labels" . }} +{{- if .Values.hpa.labels }} +{{ toYaml .Values.hpa.labels }} +{{- end }} +{{- end }} diff --git a/templates/athens-proxy/_ingress.tpl b/templates/athens-proxy/_ingress.tpl new file mode 100644 index 0000000..7907524 --- /dev/null +++ b/templates/athens-proxy/_ingress.tpl @@ -0,0 +1,19 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* annotations */}} + +{{- define "athens-proxy.ingress.annotations" -}} +{{ include "athens-proxy.annotations" . }} +{{- if .Values.ingress.annotations }} +{{ toYaml .Values.ingress.annotations }} +{{- end }} +{{- end }} + +{{/* labels */}} + +{{- define "athens-proxy.ingress.labels" -}} +{{ include "athens-proxy.labels" . }} +{{- if .Values.ingress.labels }} +{{ toYaml .Values.ingress.labels }} +{{- end }} +{{- end }} diff --git a/templates/athens-proxy/_networkPolicies.tpl b/templates/athens-proxy/_networkPolicies.tpl new file mode 100644 index 0000000..adaca16 --- /dev/null +++ b/templates/athens-proxy/_networkPolicies.tpl @@ -0,0 +1,19 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* annotations */}} + +{{- define "athens-proxy.networkPolicies.annotations" -}} +{{ include "athens-proxy.annotations" .context }} +{{- if .networkPolicy.annotations }} +{{ toYaml .networkPolicy.annotations }} +{{- end }} +{{- end }} + +{{/* labels */}} + +{{- define "athens-proxy.networkPolicies.labels" -}} +{{ include "athens-proxy.labels" .context }} +{{- if .networkPolicy.labels }} +{{ toYaml .networkPolicy.labels }} +{{- end }} +{{- end }} diff --git a/templates/athens-proxy/_persistentVolumeClaim.tpl b/templates/athens-proxy/_persistentVolumeClaim.tpl new file mode 100644 index 0000000..8397bea --- /dev/null +++ b/templates/athens-proxy/_persistentVolumeClaim.tpl @@ -0,0 +1,25 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* annotations */}} + +{{- define "athens-proxy.persistentVolumeClaim.data.annotations" -}} +{{ include "athens-proxy.annotations" . }} +{{- if .Values.persistence.data.persistentVolumeClaim.annotations }} +{{ toYaml .Values.persistence.data.persistentVolumeClaim.annotations}} +{{- end }} +{{- end }} + +{{/* labels */}} + +{{- define "athens-proxy.persistentVolumeClaim.data.labels" -}} +{{ include "athens-proxy.labels" . }} +{{- if .Values.persistence.data.persistentVolumeClaim.labels }} +{{ toYaml .Values.persistence.data.persistentVolumeClaim.labels}} +{{- end }} +{{- end }} + +{{/* name */}} + +{{- define "athens-proxy.persistentVolumeClaim.data.name" -}} +{{ include "athens-proxy.fullname" . }}-data +{{- end }} diff --git a/templates/athens-proxy/_pod.tpl b/templates/athens-proxy/_pod.tpl new file mode 100644 index 0000000..7dc589e --- /dev/null +++ b/templates/athens-proxy/_pod.tpl @@ -0,0 +1,17 @@ +--- + +{{/* annotations */}} + +{{- define "athens-proxy.pod.annotations" -}} +{{ include "athens-proxy.annotations" . }} +{{- end }} + +{{/* labels */}} + +{{- define "athens-proxy.pod.labels" -}} +{{ include "athens-proxy.labels" . }} +{{- end }} + +{{- define "athens-proxy.pod.selectorLabels" -}} +{{ include "athens-proxy.selectorLabels" . }} +{{- end }} \ No newline at end of file diff --git a/templates/athens-proxy/_secrets.tpl b/templates/athens-proxy/_secrets.tpl new file mode 100644 index 0000000..006987b --- /dev/null +++ b/templates/athens-proxy/_secrets.tpl @@ -0,0 +1,47 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* annotations */}} + +{{- define "athens-proxy.secrets.env.annotations" -}} +{{ include "athens-proxy.annotations" . }} +{{- if .Values.config.env.secret.annotations }} +{{ toYaml .Values.config.env.secret.annotations }} +{{- end }} +{{- end }} + +{{- define "athens-proxy.secrets.netrc.annotations" -}} +{{ include "athens-proxy.annotations" . }} +{{- if .Values.config.netrc.secret.annotations }} +{{ toYaml .Values.config.netrc.secret.annotations }} +{{- end }} +{{- end }} + +{{- define "athens-proxy.secrets.ssh.annotations" -}} +{{ include "athens-proxy.annotations" . }} +{{- if .Values.config.ssh.secret.annotations }} +{{ toYaml .Values.config.ssh.secret.annotations }} +{{- end }} +{{- end }} + +{{/* labels */}} + +{{- define "athens-proxy.secrets.env.labels" -}} +{{ include "athens-proxy.labels" . }} +{{- if .Values.config.env.secret.labels }} +{{ toYaml .Values.config.env.secret.labels }} +{{- end }} +{{- end }} + +{{- define "athens-proxy.secrets.netrc.labels" -}} +{{ include "athens-proxy.labels" . }} +{{- if .Values.config.netrc.secret.labels }} +{{ toYaml .Values.config.netrc.secret.labels }} +{{- end }} +{{- end }} + +{{- define "athens-proxy.secrets.ssh.labels" -}} +{{ include "athens-proxy.labels" . }} +{{- if .Values.config.ssh.secret.labels }} +{{ toYaml .Values.config.ssh.secret.labels }} +{{- end }} +{{- end }} diff --git a/templates/athens-proxy/_serviceAccount.tpl b/templates/athens-proxy/_serviceAccount.tpl new file mode 100644 index 0000000..5135489 --- /dev/null +++ b/templates/athens-proxy/_serviceAccount.tpl @@ -0,0 +1,17 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* annotations */}} + +{{- define "athens-proxy.serviceAccount.annotations" -}} +{{- if .Values.serviceAccount.new.annotations }} +{{ toYaml .Values.serviceAccount.new.annotations }} +{{- end }} +{{- end }} + +{{/* labels */}} + +{{- define "athens-proxy.serviceAccount.labels" -}} +{{- if .Values.serviceAccount.new.labels }} +{{ toYaml .Values.serviceAccount.new.labels }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/templates/athens-proxy/_services.tpl b/templates/athens-proxy/_services.tpl new file mode 100644 index 0000000..996e3a7 --- /dev/null +++ b/templates/athens-proxy/_services.tpl @@ -0,0 +1,29 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* annotations */}} + +{{- define "athens-proxy.services.http.annotations" -}} +{{ include "athens-proxy.annotations" . }} +{{- if .Values.services.http.annotations }} +{{ toYaml .Values.services.http.annotations }} +{{- end }} +{{- end }} + +{{/* labels */}} + +{{- define "athens-proxy.services.http.labels" -}} +{{ include "athens-proxy.labels" . }} +{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}} +app.kubernetes.io/service-name: http +{{- if .Values.services.http.labels }} +{{ toYaml .Values.services.http.labels }} +{{- end }} +{{- end }} + +{{/* names */}} + +{{- define "athens-proxy.services.http.name" -}} +{{- if .Values.services.http.enabled -}} +{{ include "athens-proxy.fullname" . }}-http +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/templates/athens-proxy/configMapDownloadMode.yaml b/templates/athens-proxy/configMapDownloadMode.yaml new file mode 100644 index 0000000..a51be97 --- /dev/null +++ b/templates/athens-proxy/configMapDownloadMode.yaml @@ -0,0 +1,19 @@ +{{- if not .Values.config.downloadMode.existingConfigMap.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + {{- with (include "athens-proxy.configMap.downloadMode.annotations" . | fromYaml) }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- with (include "athens-proxy.configMap.downloadMode.labels" . | fromYaml) }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "athens-proxy.fullname" . }}-download-mode-file + namespace: {{ .Release.Namespace }} +data: + downloadMode: | + {{- tpl .Values.config.downloadMode.configMap.content . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/templates/athens-proxy/configMapGitConfig.yaml b/templates/athens-proxy/configMapGitConfig.yaml new file mode 100644 index 0000000..04b537e --- /dev/null +++ b/templates/athens-proxy/configMapGitConfig.yaml @@ -0,0 +1,19 @@ +{{- if not .Values.config.gitConfig.existingConfigMap.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + {{- with (include "athens-proxy.configMap.gitConfig.annotations" . | fromYaml) }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- with (include "athens-proxy.configMap.gitConfig.labels" . | fromYaml) }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "athens-proxy.fullname" . }}-git-config + namespace: {{ .Release.Namespace }} +data: + .gitconfig: | + {{- tpl .Values.config.gitConfig.configMap.content . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/templates/athens-proxy/deployment.yaml b/templates/athens-proxy/deployment.yaml new file mode 100644 index 0000000..37b835c --- /dev/null +++ b/templates/athens-proxy/deployment.yaml @@ -0,0 +1,135 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (include "athens-proxy.deployment.annotations" . | fromYaml) }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- with (include "athens-proxy.deployment.labels" . | fromYaml) }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "athens-proxy.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "athens-proxy.pod.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- include "athens-proxy.pod.annotations" . | nindent 8 }} + labels: + {{- include "athens-proxy.pod.labels" . | nindent 8 }} + spec: + {{- with .Values.deployment.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: athens-proxy + {{- with .Values.deployment.athensProxy.args }} + args: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.deployment.athensProxy.command }} + command: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- $env := (include "athens-proxy.deployment.env" . | fromYaml) }} + {{- if and (hasKey $env "env") (gt (len $env.env) 0) }} + env: + {{- toYaml $env.env | nindent 8 }} + {{- end }} + {{- $envFrom := (include "athens-proxy.deployment.envFrom" . | fromYaml) }} + {{- if and (hasKey $envFrom "envFrom") (gt (len $envFrom.envFrom) 0) }} + envFrom: + {{- toYaml $envFrom.envFrom | nindent 8 }} + {{- end }} + image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }} + imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }} + livenessProbe: + tcpSocket: + port: http + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 60 + successThreshold: 1 + timeoutSeconds: 3 + readinessProbe: + tcpSocket: + port: http + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 3 + ports: + - name: http + containerPort: 3000 + protocol: TCP + {{- with .Values.deployment.athensProxy.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.deployment.athensProxy.securityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- $volumeMounts := (include "athens-proxy.deployment.volumeMounts" . | fromYaml) }} + {{- if and (hasKey $volumeMounts "volumeMounts") (gt (len $volumeMounts.volumeMounts) 0) }} + volumeMounts: + {{- toYaml $volumeMounts.volumeMounts | nindent 8 }} + {{- end }} + {{- with .Values.deployment.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.deployment.dnsPolicy }} + dnsPolicy: {{ .Values.deployment.dnsPolicy }} + {{- end }} + {{- if .Values.deployment.hostname }} + hostname: {{ .Values.deployment.hostname }} + {{- end }} + hostNetwork: {{ .Values.deployment.hostNetwork }} + {{- with .Values.deployment.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.deployment.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.deployment.priorityClassName }} + priorityClassName: {{ .Values.deployment.priorityClassName }} + {{- end }} + {{- if .Values.deployment.restartPolicy }} + restartPolicy: {{ .Values.deployment.restartPolicy }} + {{- end }} + {{- with .Values.deployment.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccount: {{ include "athens-proxy.deployment.serviceAccount" . }} + {{- if .Values.deployment.subdomain }} + subdomain: {{ .Values.deployment.subdomain }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }} + {{- with .Values.deployment.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.deployment.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- $volumes := (include "athens-proxy.deployment.volumes" . | fromYaml) }} + {{- if and (hasKey $volumes "volumes") (gt (len $volumes.volumes) 0) }} + volumes: + {{- toYaml $volumes.volumes | nindent 6 }} + {{- end }} + {{- with .Values.deployment.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} \ No newline at end of file diff --git a/templates/athens-proxy/hpa.yaml b/templates/athens-proxy/hpa.yaml new file mode 100644 index 0000000..e8fd2a5 --- /dev/null +++ b/templates/athens-proxy/hpa.yaml @@ -0,0 +1,25 @@ +{{- if .Values.hpa.enabled -}} +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + {{- with (include "athens-proxy.hpa.annotations" . | fromYaml) }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- with (include "athens-proxy.hpa.labels" . | fromYaml) }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "athens-proxy.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + metrics: + {{- toYaml .Values.hpa.metrics | nindent 2 }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + minReplicas: {{ .Values.hpa.minReplicas }} + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "athens-proxy.fullname" . }} +{{- end -}} \ No newline at end of file diff --git a/templates/athens-proxy/ingress.yaml b/templates/athens-proxy/ingress.yaml new file mode 100644 index 0000000..dcec043 --- /dev/null +++ b/templates/athens-proxy/ingress.yaml @@ -0,0 +1,45 @@ +{{- if and .Values.services.http.enabled .Values.ingress.enabled }} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + {{- with (include "athens-proxy.ingress.annotations" . | fromYaml) }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- with (include "athens-proxy.ingress.labels" . | fromYaml) }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "athens-proxy.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + ingressClassName: {{ .Values.ingress.className }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ include "athens-proxy.services.http.name" $ }} + port: + number: {{ $.Values.services.http.port }} + {{- end }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + secretName: {{ .secretName | quote }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/templates/athens-proxy/networkPolicies.yaml b/templates/athens-proxy/networkPolicies.yaml new file mode 100644 index 0000000..e92e9fd --- /dev/null +++ b/templates/athens-proxy/networkPolicies.yaml @@ -0,0 +1,36 @@ +{{- if .Values.networkPolicies.enabled }} +{{- range $key, $value := .Values.networkPolicies -}} +{{- if and (not (eq $key "enabled")) $value.enabled }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + {{- with (include "athens-proxy.networkPolicies.annotations" (dict "networkPolicy" $value "context" $) | fromYaml) }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (include "athens-proxy.networkPolicies.labels" (dict "networkPolicy" $value "context" $) | fromYaml) }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ printf "%s-%s" (include "athens-proxy.fullname" $ ) $key }} + namespace: {{ $.Release.Namespace }} +spec: + podSelector: + matchLabels: + {{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }} + {{- with $value.policyTypes }} + policyTypes: + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with $value.egress }} + egress: + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with $value.ingress }} + ingress: + {{- toYaml . | nindent 2 }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/templates/athens-proxy/persistentVolumeClaim.yaml b/templates/athens-proxy/persistentVolumeClaim.yaml new file mode 100644 index 0000000..1b94ced --- /dev/null +++ b/templates/athens-proxy/persistentVolumeClaim.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.data.existingPersistentVolumeClaim.enabled) }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + {{- with (include "athens-proxy.persistentVolumeClaim.data.annotations" . | fromYaml) }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- with (include "athens-proxy.persistentVolumeClaim.data.labels" . | fromYaml) }} + labels: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + name: {{ include "athens-proxy.persistentVolumeClaim.data.name" . }} + namespace: {{ $.Release.Namespace }} +spec: + {{- with .Values.persistence.data.persistentVolumeClaim.accessModes }} + accessModes: + {{ toYaml . | nindent 4 }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.data.persistentVolumeClaim.storageSize }} + {{- if .Values.persistence.data.persistentVolumeClaim.storageClassName }} + storageClassName: {{ .Values.persistence.data.persistentVolumeClaim.storageClassName }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/templates/athens-proxy/secretEnv.yaml b/templates/athens-proxy/secretEnv.yaml new file mode 100644 index 0000000..91ea9b3 --- /dev/null +++ b/templates/athens-proxy/secretEnv.yaml @@ -0,0 +1,20 @@ +{{- if not .Values.config.env.existingSecret.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + {{- with (include "athens-proxy.secrets.env.annotations" . | fromYaml) }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (include "athens-proxy.secrets.env.labels" . | fromYaml) }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "athens-proxy.fullname" . }}-env + namespace: {{ .Release.Namespace }} +stringData: + {{- range $key, $value := .Values.config.env.secret.envs }} + {{ upper $key }}: {{ quote $value }} + {{- end }} +{{- end }} diff --git a/templates/athens-proxy/secretNetRC.yaml b/templates/athens-proxy/secretNetRC.yaml new file mode 100644 index 0000000..500a79c --- /dev/null +++ b/templates/athens-proxy/secretNetRC.yaml @@ -0,0 +1,19 @@ +{{- if not .Values.config.netrc.existingSecret.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + {{- with (include "athens-proxy.secrets.netrc.annotations" . | fromYaml) }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (include "athens-proxy.secrets.netrc.labels" . | fromYaml) }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "athens-proxy.fullname" . }}-netrc + namespace: {{ .Release.Namespace }} +stringData: + .netrc: | + {{- tpl .Values.config.netrc.secret.content . | nindent 4 }} +{{- end }} diff --git a/templates/athens-proxy/secretSSH.yaml b/templates/athens-proxy/secretSSH.yaml new file mode 100644 index 0000000..ced5569 --- /dev/null +++ b/templates/athens-proxy/secretSSH.yaml @@ -0,0 +1,35 @@ +{{- if not .Values.config.ssh.existingSecret.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + {{- with (include "athens-proxy.secrets.ssh.annotations" . | fromYaml) }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (include "athens-proxy.secrets.ssh.labels" . | fromYaml) }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "athens-proxy.fullname" . }}-ssh + namespace: {{ .Release.Namespace }} +stringData: + config: | + {{- tpl $.Values.config.ssh.secret.config $ | nindent 4 }} + {{- if .Values.config.ssh.secret.id_ed25519 }} + id_ed25519: | + {{- .Values.config.ssh.secret.id_ed25519 | nindent 4 }} + {{- end }} + {{- if .Values.config.ssh.secret.id_ed25519_pub }} + id_ed25519.pub: | + {{- .Values.config.ssh.secret.id_ed25519_pub | nindent 4 }} + {{- end }} + {{- if .Values.config.ssh.secret.id_rsa }} + id_rsa: | + {{- .Values.config.ssh.secret.id_rsa | nindent 4 }} + {{- end }} + {{- if .Values.config.ssh.secret.id_rsa_pub }} + id_rsa.pub: | + {{- .Values.config.ssh.secret.id_rsa_pub | nindent 4 }} + {{- end }} +{{- end }} diff --git a/templates/athens-proxy/serviceAccount.yaml b/templates/athens-proxy/serviceAccount.yaml new file mode 100644 index 0000000..fc7f83d --- /dev/null +++ b/templates/athens-proxy/serviceAccount.yaml @@ -0,0 +1,25 @@ +{{- if not .Values.serviceAccount.existing.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with (include "athens-proxy.serviceAccount.annotations" . | fromYaml) }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (include "athens-proxy.serviceAccount.labels" . | fromYaml) }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "athens-proxy.fullname" . }} + namespace: {{ .Release.Namespace }} +automountServiceAccountToken: {{ .Values.serviceAccount.new.automountServiceAccountToken }} +{{- with .Values.serviceAccount.new.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.serviceAccount.new.secrets }} +secrets: + {{- toYaml . | nindent 4 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/templates/athens-proxy/serviceHTTP.yaml b/templates/athens-proxy/serviceHTTP.yaml new file mode 100644 index 0000000..5baeaf5 --- /dev/null +++ b/templates/athens-proxy/serviceHTTP.yaml @@ -0,0 +1,57 @@ +{{- if .Values.services.http.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + {{- with (include "athens-proxy.services.http.annotations" . | fromYaml) }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (include "athens-proxy.services.http.labels" . | fromYaml) }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "athens-proxy.services.http.name" . }} + namespace: {{ .Release.Namespace }} +spec: + {{- if not (empty .Values.services.http.externalIPs) }} + externalIPs: + {{- range .Values.services.http.externalIPs }} + - {{ . }} + {{- end }} + {{- end }} + {{- if and (or (eq .Values.services.http.type "LoadBalancer") (eq .Values.services.http.type "NodePort") ) .Values.services.http.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.services.http.externalTrafficPolicy }} + {{- end }} + internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.services.http.internalTrafficPolicy }} + {{- if .Values.services.http.ipFamilies }} + ipFamilies: + {{- range .Values.services.http.ipFamilies }} + - {{ . }} + {{- end }} + {{- end }} + {{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerClass }} + loadBalancerClass: {{ .Values.services.http.loadBalancerClass }} + {{- end }} + {{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerIP }} + loadBalancerIP: {{ .Values.services.http.loadBalancerIP }} + {{- end }} + {{- if eq .Values.services.http.type "LoadBalancer" }} + loadBalancerSourceRanges: + {{- range .Values.services.http.loadBalancerSourceRanges }} + - {{ . }} + {{- end }} + {{- end }} + ports: + - name: http + protocol: TCP + port: {{ required "No service port defined!" .Values.services.http.port }} + selector: + {{- include "athens-proxy.pod.selectorLabels" . | nindent 4 }} + sessionAffinity: {{ required "No session affinity defined!" .Values.services.http.sessionAffinity }} + {{- with .Values.services.http.sessionAffinityConfig }} + sessionAffinityConfig: + {{- toYaml . | nindent 4}} + {{- end }} + type: {{ required "No service type defined!" .Values.services.http.type }} +{{- end }} \ No newline at end of file diff --git a/templates/deployment.yaml b/templates/deployment.yaml deleted file mode 100644 index 52374de..0000000 --- a/templates/deployment.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "athens-proxy.fullname" . }} - labels: - {{- include "athens-proxy.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "athens-proxy.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "athens-proxy.selectorLabels" . | nindent 8 }} - spec: - containers: - - name: {{ .Chart.Name }} - envFrom: - - secretRef: - name: {{ include "athens-proxy.fullname" . }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- with .Values.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.config.ATHENS_PORT | default 3000 }} - protocol: TCP - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.extraVolumeMounts }} - volumeMounts: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.podPriorityClassName }} - priorityClassName: {{ .Values.podPriorityClassName }} - {{- end }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - serviceAccountName: {{ include "athens-proxy.fullname" . }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.extraVolumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} \ No newline at end of file diff --git a/templates/ingress.yaml b/templates/ingress.yaml deleted file mode 100644 index ac3c97e..0000000 --- a/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "athens-proxy.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "athens-proxy.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/templates/secrets.yaml b/templates/secrets.yaml deleted file mode 100644 index 50614fb..0000000 --- a/templates/secrets.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "athens-proxy.fullname" . }} -type: Opaque -stringData: - - {{- if not (hasKey .Values "config") -}} - {{- $_ := set .Values "config" dict -}} - {{- end -}} - - {{- if not (hasKey .Values.config "ATHENS_DISK_STORAGE_ROOT") -}} - {{- $_ := set .Values.config "ATHENS_DISK_STORAGE_ROOT" "/var/lib/athens" -}} - {{- end -}} - - {{- if not (hasKey .Values.config "ATHENS_STORAGE_TYPE") -}} - {{- $_ := set .Values.config "ATHENS_STORAGE_TYPE" "disk" -}} - {{- end -}} - - {{/* SETUP CONFIG */}} - {{ range $key, $value := .Values.config }} - {{ upper $key}}: {{ quote $value }} - {{ end }} \ No newline at end of file diff --git a/templates/service.yaml b/templates/service.yaml deleted file mode 100644 index 0de41ac..0000000 --- a/templates/service.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "athens-proxy.labels" . | nindent 4 }} - name: {{ include "athens-proxy.fullname" . }} -spec: - {{- with .Values.service.externalIPs }} - externalIPs: - {{- toYaml . | nindent 2 }} - {{- end }} - {{- if .Values.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} - {{- end }} - {{- if and .Values.service.loadBalancerClass (eq .Values.service.type "LoadBalancer") }} - loadBalancerClass: {{ .Values.service.loadBalancerClass }} - {{- end }} - {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- toYaml . | nindent 2 }} - {{- end }} - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - {{- include "athens-proxy.selectorLabels" . | nindent 4 }} diff --git a/templates/serviceAccount.yaml b/templates/serviceAccount.yaml deleted file mode 100644 index e4e03da..0000000 --- a/templates/serviceAccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "athens-proxy.labels" . | nindent 4 }} - name: {{ include "athens-proxy.fullname" . }} \ No newline at end of file diff --git a/templates/tests/test-connection.yaml b/templates/tests/test-connection.yaml deleted file mode 100644 index 707965a..0000000 --- a/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "athens-proxy.fullname" . }}-test-connection" - labels: - {{- include "athens-proxy.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "athens-proxy.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/unittests/configMaps/downloadMode.yaml b/unittests/configMaps/downloadMode.yaml new file mode 100644 index 0000000..ce646ee --- /dev/null +++ b/unittests/configMaps/downloadMode.yaml @@ -0,0 +1,88 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: ConfigMap downloadMode +release: + name: athens-proxy-unittest + namespace: testing +templates: +- templates/athens-proxy/configMapDownloadMode.yaml +tests: +- it: Skip rending by using existing config map. + set: + config.downloadMode.existingConfigMap.enabled: true + asserts: + - hasDocuments: + count: 0 + +- it: Rendering by default. + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: v1 + kind: ConfigMap + name: athens-proxy-unittest-download-mode-file + namespace: testing + - notExists: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: athens-proxy + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: athens-proxy-0.1.0 + - equal: + path: data.downloadMode + value: | + # downloadURL = "https://proxy.golang.org" + # + # mode = "async_redirect" + # + # download "github.com/gomods/*" { + # mode = "sync" + # } + # + # download "golang.org/x/*" { + # mode = "none" + # } + # + # download "github.com/pkg/*" { + # mode = "redirect" + # downloadURL = "https://gocenter.io" + # } + +- it: Rendering custom annotations and labels. + set: + config.downloadMode.configMap.annotations: + foo: bar + bar: foo + config.downloadMode.configMap.labels: + foo: bar + bar: foo + asserts: + - equal: + path: metadata.annotations + value: + foo: bar + bar: foo + - isSubset: + path: metadata.labels + content: + foo: bar + bar: foo + +- it: Rendering custom configuration + set: + config.downloadMode.configMap.content: | + downloadURL = "https://proxy.golang.org" + mode = "async_redirect" + + asserts: + - equal: + path: data.downloadMode + value: | + downloadURL = "https://proxy.golang.org" + mode = "async_redirect" diff --git a/unittests/configMaps/gitConfig.yaml b/unittests/configMaps/gitConfig.yaml new file mode 100644 index 0000000..d4144f8 --- /dev/null +++ b/unittests/configMaps/gitConfig.yaml @@ -0,0 +1,77 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: ConfigMap gitConfig +release: + name: athens-proxy-unittest + namespace: testing +templates: +- templates/athens-proxy/configMapGitConfig.yaml +tests: +- it: Skip rending by using existing config map. + set: + config.gitConfig.existingConfigMap.enabled: true + asserts: + - hasDocuments: + count: 0 + +- it: Rendering by default. + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: v1 + kind: ConfigMap + name: athens-proxy-unittest-git-config + namespace: testing + - notExists: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: athens-proxy + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: athens-proxy-0.1.0 + - isNullOrEmpty: + path: data[".gitconfig"] + +- it: Rendering custom annotations and labels. + set: + config.gitConfig.configMap.annotations: + foo: bar + bar: foo + config.gitConfig.configMap.labels: + foo: bar + bar: foo + asserts: + - equal: + path: metadata.annotations + value: + foo: bar + bar: foo + - isSubset: + path: metadata.labels + content: + foo: bar + bar: foo + +- it: Rendering custom configuration + set: + config.gitConfig.configMap.content: | + [url "git@github.com:"] + insteadOf = https://github.com/ + + [url "git@git.cryptic.systems:"] + insteadOf = https://git.cryptic.systems/ + + asserts: + - equal: + path: data[".gitconfig"] + value: | + [url "git@github.com:"] + insteadOf = https://github.com/ + + [url "git@git.cryptic.systems:"] + insteadOf = https://git.cryptic.systems/ diff --git a/unittests/deployment/deployment.yaml b/unittests/deployment/deployment.yaml new file mode 100644 index 0000000..187d6bb --- /dev/null +++ b/unittests/deployment/deployment.yaml @@ -0,0 +1,528 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: Deployment template +release: + name: athens-proxy-unittest + namespace: testing +templates: +- templates/athens-proxy/deployment.yaml +tests: +- it: Rendering default + asserts: + - hasDocuments: + count: 1 + template: templates/athens-proxy/deployment.yaml + - containsDocument: + apiVersion: apps/v1 + kind: Deployment + name: athens-proxy-unittest + namespace: testing + template: templates/athens-proxy/deployment.yaml + - notExists: + path: metadata.annotations + template: templates/athens-proxy/deployment.yaml + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: athens-proxy + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: athens-proxy-0.1.0 + template: templates/athens-proxy/deployment.yaml + - equal: + path: spec.replicas + value: 1 + template: templates/athens-proxy/deployment.yaml + - equal: + path: spec.template.metadata.labels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: athens-proxy + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: athens-proxy-0.1.0 + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.affinity + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.containers[0].args + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.containers[0].command + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.containers[0].envFrom + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.containers[0].volumeMounts + template: templates/athens-proxy/deployment.yaml + - equal: + path: spec.template.spec.containers[0].image + value: docker.io/gomods/athens:v0.1.0 + template: templates/athens-proxy/deployment.yaml + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: IfNotPresent + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.containers[0].resources + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.containers[0].securityContext + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.dnsConfig + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.dnsPolicy + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.hostname + template: templates/athens-proxy/deployment.yaml + - equal: + path: spec.template.spec.hostNetwork + value: false + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.imagePullSecrets + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.nodeSelector + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.priorityClassName + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.restartPolicy + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.subdomain + template: templates/athens-proxy/deployment.yaml + - equal: + path: spec.template.spec.terminationGracePeriodSeconds + value: 60 + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.tolerations + template: templates/athens-proxy/deployment.yaml + - notExists: + path: spec.template.spec.topologySpreadConstraints + template: templates/athens-proxy/deployment.yaml + - equal: + path: spec.strategy + value: + type: "RollingUpdate" + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + template: templates/athens-proxy/deployment.yaml + +- it: Test custom replicas + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.replicas: 3 + asserts: + - equal: + path: spec.replicas + value: 3 + template: templates/athens-proxy/deployment.yaml + +- it: Test custom affinity + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - antarctica-east1 + - antarctica-west1 + asserts: + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - antarctica-east1 + - antarctica-west1 + template: templates/athens-proxy/deployment.yaml + +- it: Test additional arguments + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.athensProxy.args: + - "--foo=bar" + - "--bar=foo" + asserts: + - equal: + path: spec.template.spec.containers[0].args + value: + - --foo=bar + - --bar=foo + template: templates/athens-proxy/deployment.yaml + +- it: Test additional command + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.athensProxy.command: + - "/bin/sh" + - "-c" + - "echo hello" + asserts: + - equal: + path: spec.template.spec.containers[0].command + value: + - "/bin/sh" + - "-c" + - "echo hello" + template: templates/athens-proxy/deployment.yaml + +- it: Test custom imageRegistry and imageRepository + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.athensProxy.image.registry: registry.example.local + deployment.athensProxy.image.repository: path/special/athens-proxy + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: registry.example.local/path/special/athens-proxy:v0.1.0 + template: templates/athens-proxy/deployment.yaml + +- it: Test custom imagePullPolicy + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.athensProxy.image.pullPolicy: Always + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + template: templates/athens-proxy/deployment.yaml + +- it: Test custom resource limits and requests + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.athensProxy.resources: + limits: + cpu: 100m + memory: 250MB + requests: + cpu: 25m + memory: 100MB + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.cpu + template: templates/athens-proxy/deployment.yaml + - equal: + path: spec.template.spec.containers[0].resources + value: + limits: + cpu: 100m + memory: 250MB + requests: + cpu: 25m + memory: 100MB + template: templates/athens-proxy/deployment.yaml + +- it: Test custom securityContext + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.athensProxy.securityContext: + capabilities: + add: + - NET_RAW + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext + value: + capabilities: + add: + - NET_RAW + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + template: templates/athens-proxy/deployment.yaml + +- it: Test dnsConfig + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.dnsConfig: + nameservers: + - "8.8.8.8" + - "8.8.4.4" + asserts: + - equal: + path: spec.template.spec.dnsConfig + value: + nameservers: + - "8.8.8.8" + - "8.8.4.4" + template: templates/athens-proxy/deployment.yaml + +- it: Test dnsPolicy + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.dnsPolicy: ClusterFirst + asserts: + - equal: + path: spec.template.spec.dnsPolicy + value: ClusterFirst + template: templates/athens-proxy/deployment.yaml + +- it: Test hostNetwork, hostname, subdomain + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.hostNetwork: true + deployment.hostname: pg-exporter + deployment.subdomain: exporters.internal + asserts: + - equal: + path: spec.template.spec.hostNetwork + value: true + template: templates/athens-proxy/deployment.yaml + - equal: + path: spec.template.spec.hostname + value: pg-exporter + template: templates/athens-proxy/deployment.yaml + - equal: + path: spec.template.spec.subdomain + value: exporters.internal + template: templates/athens-proxy/deployment.yaml + +- it: Test imagePullSecrets + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.imagePullSecrets: + - name: my-pull-secret + - name: my-special-secret + asserts: + - equal: + path: spec.template.spec.imagePullSecrets + value: + - name: my-pull-secret + - name: my-special-secret + template: templates/athens-proxy/deployment.yaml + +- it: Test nodeSelector + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.nodeSelector: + foo: bar + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + foo: bar + template: templates/athens-proxy/deployment.yaml + +- it: Test priorityClassName + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.priorityClassName: my-priority + asserts: + - equal: + path: spec.template.spec.priorityClassName + value: my-priority + template: templates/athens-proxy/deployment.yaml + +- it: Test restartPolicy + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.restartPolicy: Always + asserts: + - equal: + path: spec.template.spec.restartPolicy + value: Always + template: templates/athens-proxy/deployment.yaml + +- it: Test terminationGracePeriodSeconds + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.terminationGracePeriodSeconds: 120 + asserts: + - equal: + path: spec.template.spec.terminationGracePeriodSeconds + value: 120 + template: templates/athens-proxy/deployment.yaml + +- it: Test tolerations + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.tolerations: + - key: database/type + operator: Equal + value: postgres + effect: NoSchedule + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: database/type + operator: Equal + value: postgres + effect: NoSchedule + template: templates/athens-proxy/deployment.yaml + +- it: Test topologySpreadConstraints + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.topologySpreadConstraints: + - topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/instance: athens-proxy + asserts: + - equal: + path: spec.template.spec.topologySpreadConstraints + value: + - topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/instance: athens-proxy + template: templates/athens-proxy/deployment.yaml + +- it: Test additional volumeMounts and volumes + set: + # Ensure that the secrets and config maps are well configured. + + # Normal test values + deployment.athensProxy.volumeMounts: + - name: data + mountPath: /usr/lib/athens-proxy/data + deployment.volumes: + - name: data + hostPath: + path: /usr/lib/athens-proxy/data + asserts: + - equal: + path: spec.template.spec.containers[0].volumeMounts + value: + - name: data + mountPath: /usr/lib/athens-proxy/data + template: templates/athens-proxy/deployment.yaml + +- it: Test persistent volume claim + set: + persistence.enabled: true + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ATHENS_STORAGE_TYPE + value: disk + template: templates/athens-proxy/deployment.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: ATHENS_DISK_STORAGE_ROOT + value: /var/www/athens-proxy/data + template: templates/athens-proxy/deployment.yaml + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: data + mountPath: /var/www/athens-proxy/data + template: templates/athens-proxy/deployment.yaml + - contains: + path: spec.template.spec.volumes + content: + name: data + persistentVolumeClaim: + claimName: athens-proxy-unittest-data + template: templates/athens-proxy/deployment.yaml + +- it: Test existing persistent volume claim + set: + persistence.enabled: true + persistence.data.mountPath: "/mnt/go-proxy/data" + persistence.data.existingPersistentVolumeClaim.enabled: true + persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName: "my-special-pvc" + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ATHENS_STORAGE_TYPE + value: disk + template: templates/athens-proxy/deployment.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: ATHENS_DISK_STORAGE_ROOT + value: /mnt/go-proxy/data + template: templates/athens-proxy/deployment.yaml + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: data + mountPath: /mnt/go-proxy/data + template: templates/athens-proxy/deployment.yaml + - contains: + path: spec.template.spec.volumes + content: + name: data + persistentVolumeClaim: + claimName: my-special-pvc + template: templates/athens-proxy/deployment.yaml \ No newline at end of file diff --git a/unittests/hpa/default.yaml b/unittests/hpa/default.yaml new file mode 100644 index 0000000..2e5dd0c --- /dev/null +++ b/unittests/hpa/default.yaml @@ -0,0 +1,116 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: HPA template (basic) +release: + name: athens-proxy-unittest + namespace: testing +templates: +- templates/athens-proxy/hpa.yaml +tests: +- it: Skip rendering by default. + asserts: + - hasDocuments: + count: 0 + +- it: Rendering when enabled - default + set: + hpa.enabled: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: autoscaling/v2 + kind: HorizontalPodAutoscaler + name: athens-proxy-unittest + namespace: testing + - notExists: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: athens-proxy + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: athens-proxy-0.1.0 + - contains: + path: spec.metrics + content: + resource: + name: cpu + target: + averageUtilization: 65 + type: Utilization + type: Resource + - equal: + path: spec.maxReplicas + value: 10 + - equal: + path: spec.minReplicas + value: 1 + - equal: + path: spec.scaleTargetRef + value: + apiVersion: apps/v1 + kind: Deployment + name: athens-proxy-unittest + +- it: Rendering when enabled - custom values + set: + hpa.enabled: true + hpa.annotations: + foo: bar + hpa.labels: + bar: foo + hpa.maxReplicas: 25 + hpa.minReplicas: 5 + hpa.metrics: + - resource: + name: memory + target: + averageUtilization: 65 + type: Utilization + type: Resource + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: autoscaling/v2 + kind: HorizontalPodAutoscaler + name: athens-proxy-unittest + namespace: testing + - equal: + path: metadata.annotations + value: + foo: bar + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: athens-proxy + app.kubernetes.io/version: 0.1.0 + bar: foo + helm.sh/chart: athens-proxy-0.1.0 + - contains: + path: spec.metrics + content: + resource: + name: memory + target: + averageUtilization: 65 + type: Utilization + type: Resource + - equal: + path: spec.maxReplicas + value: 25 + - equal: + path: spec.minReplicas + value: 5 + - equal: + path: spec.scaleTargetRef + value: + apiVersion: apps/v1 + kind: Deployment + name: athens-proxy-unittest \ No newline at end of file diff --git a/unittests/ingress/ingress.yaml b/unittests/ingress/ingress.yaml new file mode 100644 index 0000000..03d0594 --- /dev/null +++ b/unittests/ingress/ingress.yaml @@ -0,0 +1,139 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: Ingress template +release: + name: athens-proxy-unittest + namespace: testing +templates: +- templates/athens-proxy/ingress.yaml +tests: +- it: Skip ingress by default. + asserts: + - hasDocuments: + count: 0 + +- it: Skip ingress, when service is disabled. + set: + services.http.enabled: false + ingress.enabled: true + asserts: + - hasDocuments: + count: 0 + +- it: Render ingress with default values. + set: + ingress.enabled: true + ingress.hosts: + - host: athens-proxy.example.local + paths: + - path: / + pathType: Prefix + ingress.tls: + - secretName: athens-proxy-http-tls + hosts: + - athens-proxy.example.local + + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: networking.k8s.io/v1 + kind: Ingress + name: athens-proxy-unittest + namespace: testing + - notExists: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: athens-proxy + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: athens-proxy-0.1.0 + - equal: + path: spec.ingressClassName + value: nginx + - contains: + path: spec.rules + content: + host: athens-proxy.example.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: athens-proxy-unittest-http + port: + number: 3000 + - contains: + path: spec.tls + content: + hosts: + - athens-proxy.example.local + secretName: athens-proxy-http-tls + +- it: Render ingress with custom values. + set: + ingress.enabled: true + ingress.annotations: + foo: bar + ingress.className: nginx + ingress.labels: + bar: foo + ingress.hosts: + - host: athens-proxy.example.local + paths: + - path: / + pathType: Prefix + ingress.tls: + - secretName: athens-proxy-http-tls + hosts: + - athens-proxy.example.local + services.http.port: 8080 + + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: networking.k8s.io/v1 + kind: Ingress + name: athens-proxy-unittest + namespace: testing + - equal: + path: metadata.annotations + value: + foo: bar + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: athens-proxy + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: athens-proxy-0.1.0 + bar: foo + - equal: + path: spec.ingressClassName + value: nginx + - contains: + path: spec.rules + content: + host: athens-proxy.example.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: athens-proxy-unittest-http + port: + number: 8080 + - contains: + path: spec.tls + content: + hosts: + - athens-proxy.example.local + secretName: athens-proxy-http-tls diff --git a/unittests/networkPolicies/default.yaml b/unittests/networkPolicies/default.yaml new file mode 100644 index 0000000..ed5deb5 --- /dev/null +++ b/unittests/networkPolicies/default.yaml @@ -0,0 +1,118 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: NetworkPolicies template +release: + name: athens-proxy-unittest + namespace: testing +templates: +- templates/athens-proxy/networkPolicies.yaml +tests: +- it: Skip networkPolicies in general disabled. + set: + networkPolicies.enabled: false + asserts: + - hasDocuments: + count: 0 + +- it: Skip networkPolicy 'default' when disabled. + set: + networkPolicies.enabled: true + networkPolicies.default.enabled: false + asserts: + - hasDocuments: + count: 0 + +- it: Loop over networkPolicies + set: + networkPolicies.enabled: true + networkPolicies.default.enabled: false + networkPolicies.nginx.enabled: true + networkPolicies.prometheus.enabled: true + asserts: + - hasDocuments: + count: 2 + +- it: Template networkPolicy 'default' without policyTypes, egress and ingress configuration + set: + networkPolicies.enabled: true + networkPolicies.default.enabled: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + name: athens-proxy-unittest-default + namespace: testing + - notExists: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: athens-proxy + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: athens-proxy-0.1.0 + - equal: + path: spec.podSelector.matchLabels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/name: athens-proxy + - notExists: + path: spec.policyTypes + - notExists: + path: spec.egress + - notExists: + path: spec.ingress + +- it: Template networkPolicy 'default' with policyTypes, egress and ingress configuration + set: + networkPolicies.enabled: true + networkPolicies.default.enabled: true + networkPolicies.default.policyTypes: + - Egress + - Ingress + networkPolicies.default.ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: khv-production + podSelector: + matchLabels: + app.kubernetes.io/name: prometheus + networkPolicies.default.egress: + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: database + podSelector: + matchLabels: + app.kubernetes.io/name: oracle + asserts: + - equal: + path: spec.policyTypes + value: + - Egress + - Ingress + - equal: + path: spec.egress + value: + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: database + podSelector: + matchLabels: + app.kubernetes.io/name: oracle + - equal: + path: spec.ingress + value: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: khv-production + podSelector: + matchLabels: + app.kubernetes.io/name: prometheus diff --git a/unittests/persistentVolumeClaim/persistentVolumeClaim.yaml b/unittests/persistentVolumeClaim/persistentVolumeClaim.yaml new file mode 100644 index 0000000..fd411f3 --- /dev/null +++ b/unittests/persistentVolumeClaim/persistentVolumeClaim.yaml @@ -0,0 +1,90 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: PersistentVolumeClaim template +release: + name: athens-proxy-unittest + namespace: testing +templates: +- templates/athens-proxy/persistentVolumeClaim.yaml +tests: +- it: Rendering default + asserts: + - hasDocuments: + count: 0 + +- it: Rendering with enabled persistent storage + set: + persistence.enabled: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: v1 + kind: PersistentVolumeClaim + name: athens-proxy-unittest-data + namespace: testing + - notExists: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: athens-proxy + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: athens-proxy-0.1.0 + - equal: + path: spec.accessModes + value: + - ReadWriteMany + - isSubset: + path: spec.resources + content: + requests: + storage: 5Gi + - notExists: + path: spec.storageClassName + +- it: Rendering with custom enabled persistent storage + set: + persistence.enabled: true + persistence.data.persistentVolumeClaim.annotations: + foo: bar + persistence.data.persistentVolumeClaim.labels: + bar: foo + persistence.data.persistentVolumeClaim.storageClassName: my-storage-class + persistence.data.persistentVolumeClaim.storageSize: 10Gi + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: v1 + kind: PersistentVolumeClaim + name: athens-proxy-unittest-data + namespace: testing + - equal: + path: metadata.annotations + value: + foo: bar + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: athens-proxy + app.kubernetes.io/version: 0.1.0 + bar: foo + helm.sh/chart: athens-proxy-0.1.0 + - equal: + path: spec.accessModes + value: + - ReadWriteMany + - isSubset: + path: spec.resources + content: + requests: + storage: 10Gi + - equal: + path: spec.storageClassName + value: my-storage-class diff --git a/unittests/secrets/env.yaml b/unittests/secrets/env.yaml new file mode 100644 index 0000000..f9da139 --- /dev/null +++ b/unittests/secrets/env.yaml @@ -0,0 +1,67 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: Secret environment variables +release: + name: athens-proxy-unittest + namespace: testing +templates: +- templates/athens-proxy/secretEnv.yaml +tests: +- it: Skip rendering by using existing secret. + set: + config.env.existingSecret.enabled: true + asserts: + - hasDocuments: + count: 0 + +- it: Rendering env secret with default values. + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: v1 + kind: Secret + name: athens-proxy-unittest-env + namespace: testing + - notExists: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: athens-proxy + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: athens-proxy-0.1.0 + - isNullOrEmpty: + path: stringData + +- it: Rendering env secret with custom values. + set: + config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token + asserts: + - isSubset: + path: stringData + content: + ATHENS_GITHUB_TOKEN: my-secret-token + +- it: Rendering custom annotations and labels. + set: + config.env.secret.annotations: + foo: bar + bar: foo + config.env.secret.labels: + foo: bar + bar: foo + asserts: + - equal: + path: metadata.annotations + value: + foo: bar + bar: foo + - isSubset: + path: metadata.labels + content: + foo: bar + bar: foo \ No newline at end of file diff --git a/unittests/secrets/netrc.yaml b/unittests/secrets/netrc.yaml new file mode 100644 index 0000000..a20816a --- /dev/null +++ b/unittests/secrets/netrc.yaml @@ -0,0 +1,83 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: Secret netrc template +release: + name: athens-proxy-unittest + namespace: testing +templates: +- templates/athens-proxy/secretNetRC.yaml +tests: +- it: Skip rendering by using existing secret. + set: + config.netrc.existingSecret.enabled: true + asserts: + - hasDocuments: + count: 0 + +- it: Rendering netrc secret with default values. + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: v1 + kind: Secret + name: athens-proxy-unittest-netrc + namespace: testing + - notExists: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: athens-proxy + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: athens-proxy-0.1.0 + - equal: + path: stringData[".netrc"] + value: | + # The .netrc file + # + # The .netrc file contains login and initialization information used by the auto-login process. It generally + # resides in the user's home directory, but a location outside of the home directory can be set using the + # environment variable NETRC. Both locations are overridden by the command line option -N. The selected file + # must be a regular file, or access will be denied. + # + # https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html + # + # default login [name] password [password/token] + # machine github.com [octocat] password [PAT] + # machine api.github.com [octocat] password [PAT] + +- it: Rendering netrc secret with custom values. + set: + config.netrc.secret.content: | + default github.com hugo password kinnock + default api.github.com hugo password kinnock + asserts: + - equal: + path: stringData[".netrc"] + value: | + default github.com hugo password kinnock + default api.github.com hugo password kinnock + +- it: Rendering custom annotations and labels. + set: + config.netrc.secret.annotations: + foo: bar + bar: foo + config.netrc.secret.labels: + foo: bar + bar: foo + asserts: + - equal: + path: metadata.annotations + value: + foo: bar + bar: foo + - isSubset: + path: metadata.labels + content: + foo: bar + bar: foo \ No newline at end of file diff --git a/unittests/secrets/ssh.yaml b/unittests/secrets/ssh.yaml new file mode 100644 index 0000000..a4d0be0 --- /dev/null +++ b/unittests/secrets/ssh.yaml @@ -0,0 +1,109 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: Secret ssh template +release: + name: athens-proxy-unittest + namespace: testing +templates: +- templates/athens-proxy/secretSSH.yaml +tests: +- it: Skip rendering by using existing secret. + set: + config.ssh.existingSecret.enabled: true + asserts: + - hasDocuments: + count: 0 + +- it: Rendering ssh secret with default values. + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: v1 + kind: Secret + name: athens-proxy-unittest-ssh + namespace: testing + - notExists: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: athens-proxy + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: athens-proxy-0.1.0 + - equal: + path: stringData.config + value: | + # Host * + # IdentityFile ~/.ssh/id_ed25519 + # IdentityFile ~/.ssh/id_rsa + - notExists: + path: stringData.id_ed25519 + - notExists: + path: stringData["id_ed25519.pub"] + - notExists: + path: stringData.id_rsa + - notExists: + path: stringData["id_rsa.pub"] + +- it: Rendering ssh secret with custom values. + set: + config.ssh.secret.config: | + Host * + IdentityFile ~/.ssh/id_ed25519 + IdentityFile ~/.ssh/id_rsa + config.ssh.secret.id_ed25519: | + my-private-25519-key + config.ssh.secret.id_ed25519_pub: | + my-public-25519-key + config.ssh.secret.id_rsa: | + my-private-rsa-key + config.ssh.secret.id_rsa_pub: | + my-public-rsa-key + + asserts: + - equal: + path: stringData.config + value: | + Host * + IdentityFile ~/.ssh/id_ed25519 + IdentityFile ~/.ssh/id_rsa + - equal: + path: stringData.id_ed25519 + value: | + my-private-25519-key + - equal: + path: stringData["id_ed25519.pub"] + value: | + my-public-25519-key + - equal: + path: stringData.id_rsa + value: | + my-private-rsa-key + - equal: + path: stringData["id_rsa.pub"] + value: | + my-public-rsa-key + +- it: Rendering custom annotations and labels. + set: + config.ssh.secret.annotations: + foo: bar + bar: foo + config.ssh.secret.labels: + foo: bar + bar: foo + asserts: + - equal: + path: metadata.annotations + value: + foo: bar + bar: foo + - isSubset: + path: metadata.labels + content: + foo: bar + bar: foo \ No newline at end of file diff --git a/unittests/serviceAccounts/serviceAccount.yaml b/unittests/serviceAccounts/serviceAccount.yaml new file mode 100644 index 0000000..3ede81f --- /dev/null +++ b/unittests/serviceAccounts/serviceAccount.yaml @@ -0,0 +1,79 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: ServiceAccount athens-proxy template +release: + name: athens-proxy-unittest + namespace: testing +templates: +- templates/athens-proxy/serviceAccount.yaml +tests: +- it: Skip rendering. + set: + serviceAccount.existing.enabled: true + asserts: + - hasDocuments: + count: 0 + +- it: Rendering serviceAccount with default values. + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: v1 + kind: ServiceAccount + name: athens-proxy-unittest + namespace: testing + - notExists: + path: metadata.annotations + - notExists: + path: metadata.labels + - equal: + path: automountServiceAccountToken + value: true + - notExists: + path: imagePullSecrets + - notExists: + path: secrets + + +- it: Rendering serviceAccount with custom values. + set: + serviceAccount.new.annotations: + foo: bar + serviceAccount.new.labels: + bar: foo + serviceAccount.new.automountServiceAccountToken: false + serviceAccount.new.imagePullSecrets: + - name: "my-pull-secret" + serviceAccount.new.secrets: + - name: "my-secret" + namespace: "my-namespace" + fieldPath: "my-path" + asserts: + - hasDocuments: + count: 1 + - equal: + path: metadata.annotations + value: + foo: bar + - equal: + path: metadata.labels + value: + bar: foo + - equal: + path: metadata.name + value: athens-proxy-unittest + - equal: + path: automountServiceAccountToken + value: false + - equal: + path: imagePullSecrets + value: + - name: "my-pull-secret" + - equal: + path: secrets + value: + - name: "my-secret" + namespace: "my-namespace" + fieldPath: "my-path" diff --git a/unittests/services/http.yaml b/unittests/services/http.yaml new file mode 100644 index 0000000..7ec2fed --- /dev/null +++ b/unittests/services/http.yaml @@ -0,0 +1,174 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: Service http template +release: + name: athens-proxy-unittest + namespace: testing +templates: +- templates/athens-proxy/serviceHTTP.yaml +tests: +- it: Skip service when disabled. + set: + services.http.enabled: false + asserts: + - hasDocuments: + count: 0 + +- it: Rendering service with default values. + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: v1 + kind: Service + name: athens-proxy-unittest-http + namespace: testing + - notExists: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: athens-proxy + app.kubernetes.io/service-name: http + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: athens-proxy-0.1.0 + - notExists: + path: spec.externalIPs + - notExists: + path: spec.externalTrafficPolicy + - equal: + path: spec.internalTrafficPolicy + value: Cluster + - notExists: + path: spec.ipFamilies + - notExists: + path: spec.loadBalancerClass + - notExists: + path: spec.loadBalancerIP + - notExists: + path: spec.loadBalancerSourceRanges + - equal: + path: spec.ports[0].name + value: http + - equal: + path: spec.ports[0].protocol + value: TCP + - equal: + path: spec.ports[0].port + value: 3000 + - equal: + path: spec.selector + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/name: athens-proxy + - equal: + path: spec.sessionAffinity + value: None + - notExists: + path: spec.sessionAffinityConfig + - equal: + path: spec.type + value: ClusterIP + +- it: Require internalTrafficPolicy. + set: + services.http.internalTrafficPolicy: "" + asserts: + - failedTemplate: + errorMessage: No internal traffic policy defined! + +- it: Require port. + set: + services.http.port: "" + asserts: + - failedTemplate: + errorMessage: No service port defined! + +- it: Require sessionAffinity. + set: + services.http.sessionAffinity: "" + asserts: + - failedTemplate: + errorMessage: No session affinity defined! + +- it: Require service type. + set: + services.http.type: "" + asserts: + - failedTemplate: + errorMessage: No service type defined! + +- it: Render service with custom annotations and labels. + set: + services.http.annotations: + foo: bar + services.http.labels: + bar: foo + asserts: + - equal: + path: metadata.annotations + value: + foo: bar + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: athens-proxy-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: athens-proxy + app.kubernetes.io/service-name: http + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: athens-proxy-0.1.0 + bar: foo + +- it: Change defaults + set: + services.http.externalIPs: + - "10.11.12.13/32" + services.http.externalTrafficPolicy: Local + services.http.internalTrafficPolicy: Local + services.http.ipFamilies: + - IPv4 + services.http.loadBalancerClass: aws + services.http.loadBalancerIP: "11.12.13.14" + services.http.loadBalancerSourceRanges: + - "11.12.0.0/17" + services.http.port: 10443 + services.http.sessionAffinity: ClientIP + services.http.type: LoadBalancer + asserts: + - equal: + path: spec.externalIPs + value: + - 10.11.12.13/32 + - equal: + path: spec.externalTrafficPolicy + value: Local + - equal: + path: spec.internalTrafficPolicy + value: Local + - equal: + path: spec.ipFamilies + value: + - IPv4 + - equal: + path: spec.loadBalancerClass + value: aws + - equal: + path: spec.loadBalancerIP + value: "11.12.13.14" + - equal: + path: spec.loadBalancerSourceRanges + value: + - "11.12.0.0/17" + - equal: + path: spec.ports[0].port + value: 10443 + - equal: + path: spec.sessionAffinity + value: ClientIP + - equal: + path: spec.type + value: LoadBalancer \ No newline at end of file diff --git a/values.yaml b/values.yaml index 43ef460..15888ee 100644 --- a/values.yaml +++ b/values.yaml @@ -1,199 +1,587 @@ -affinity: {} - -image: - repository: docker.io/gomods/athens - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] +# Declare variables to be passed into your templates. +## @section Global +## @param nameOverride Individual release name suffix. +## @param fullnameOverride Override the complete release name logic. nameOverride: "" fullnameOverride: "" -podAnnotations: {} +## @section Configuration +config: + env: + ## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables. + ## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables. + existingSecret: + enabled: false + secretName: "" -podPriorityClassName: "" + ## @param config.env.secret.annotations Additional annotations of the secret containing the database credentials. + ## @param config.env.secret.labels Additional labels of the secret containing the database credentials. + ## @param config.env.secret.envs List of environment variables stored in a secret and mounted into the container. + secret: + annotations: {} + labels: {} + envs: {} + # ATHENS_AZURE_ACCOUNT_KEY: + # ATHENS_AZURE_ACCOUNT_NAME: + # ATHENS_AZURE_CONTAINER_NAME: + # ATHENS_CLOUD_RUNTIME: + # ATHENS_DOWNLOAD_MODE: + # ATHENS_DOWNLOAD_URL: + # ATHENS_ETCD_ENDPOINTS: + # ATHENS_EXTERNAL_STORAGE_URL: + # ATHENS_FILTER_FILE: + # ATHENS_GITHUB_TOKEN: + # ATHENS_GLOBAL_ENDPOINT: + # ATHENS_GO_BINARY_ENV_VARS: + # ATHENS_GOGET_DIR: + # ATHENS_GOGET_WORKERS: + # ATHENS_GONOSUM_PATTERNS: + # ATHENS_HGRC_PATH: + # ATHENS_INDEX_MYSQL_DATABASE: + # ATHENS_INDEX_MYSQL_HOST: + # ATHENS_INDEX_MYSQL_PARAMS: + # ATHENS_INDEX_MYSQL_PASSWORD: + # ATHENS_INDEX_MYSQL_PORT: + # ATHENS_INDEX_MYSQL_PROTOCOL: + # ATHENS_INDEX_MYSQL_USER: + # ATHENS_INDEX_POSTGRES_DATABASE: + # ATHENS_INDEX_POSTGRES_HOST: + # ATHENS_INDEX_POSTGRES_PARAMS: + # ATHENS_INDEX_POSTGRES_PASSWORD: + # ATHENS_INDEX_POSTGRES_PORT: + # ATHENS_INDEX_POSTGRES_USER: + # ATHENS_INDEX_TYPE: + # ATHENS_LOG_LEVEL: + # ATHENS_MINIO_ACCESS_KEY_ID: + # ATHENS_MINIO_BUCKET_NAME: + # ATHENS_MINIO_ENDPOINT: + # ATHENS_MINIO_REGION: + # ATHENS_MINIO_SECRET_ACCESS_KEY: + # ATHENS_MINIO_USE_SSL: + # ATHENS_MONGO_CERT_PATH: + # ATHENS_MONGO_DEFAULT_DATABASE: + # ATHENS_MONGO_INSECURE: + # ATHENS_MONGO_STORAGE_URL: + # ATHENS_NETRC_PATH: + # ATHENS_PATH_PREFIX: + # ATHENS_PORT: + # ATHENS_PROTOCOL_WORKERS: + # ATHENS_PROXY_VALIDATOR: + # ATHENS_REDIS_ENDPOINT: + # ATHENS_REDIS_PASSWORD: + # ATHENS_REDIS_SENTINEL_ENDPOINTS: + # ATHENS_ROBOTS_FILE: + # ATHENS_SINGLE_FLIGHT_TYPE: + # ATHENS_STATS_EXPORTER: + # ATHENS_STORAGE_GCP_BUCKET: + # ATHENS_STORAGE_GCP_JSON_KEY: + # ATHENS_STORAGE_TYPE: + # ATHENS_SUM_DBS: + # ATHENS_TIMEOUT: + # ATHENS_TLSCERT_FILE: + # ATHENS_TLSKEY_FILE: + # ATHENS_TRACE_EXPORTER_URL: + # ATHENS_TRACE_EXPORTER: + # AWS_ACCESS_KEY_ID: + # AWS_ENDPOINT: + # AWS_FORCE_PATH_STYLE: + # AWS_REGION: + # AWS_SECRET_ACCESS_KEY: + # AWS_SESSION_TOKEN: + # BASIC_AUTH_PASS: + # BASIC_AUTH_USER: + # CDN_ENDPOINT: + # GO_BINARY_PATH: + # GO_ENV: + # GOOGLE_CLOUD_PROJECT: + # MY_S3_BUCKET_NAME: + # PROXY_FORCE_SSL: -podSecurityContext: {} - # fsGroup: 2000 + downloadMode: + ## @param config.downloadMode.existingConfigMap.enabled TODO: + ## @param config.downloadMode.existingConfigMap.secretName TODO: + existingConfigMap: + enabled: false + secretName: "" -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 + ## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file. + ## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file. + ## @param config.downloadMode.configMap.content Additional labels of the config map containing the download mode file. + configMap: + annotations: {} + labels: {} + content: | + # downloadURL = "https://proxy.golang.org" + # + # mode = "async_redirect" + # + # download "github.com/gomods/*" { + # mode = "sync" + # } + # + # download "golang.org/x/*" { + # mode = "none" + # } + # + # download "github.com/pkg/*" { + # mode = "redirect" + # downloadURL = "https://gocenter.io" + # } -config: {} - # ATHENS_AZURE_ACCOUNT_KEY: - # ATHENS_AZURE_ACCOUNT_NAME: - # ATHENS_AZURE_CONTAINER_NAME: - # ATHENS_CLOUD_RUNTIME: - # ATHENS_DOWNLOAD_MODE: - # ATHENS_DOWNLOAD_URL: - # ATHENS_ETCD_ENDPOINTS: - # ATHENS_EXTERNAL_STORAGE_URL: - # ATHENS_FILTER_FILE: - # ATHENS_GITHUB_TOKEN: - # ATHENS_GLOBAL_ENDPOINT: - # ATHENS_GO_BINARY_ENV_VARS: - # ATHENS_GOGET_DIR: - # ATHENS_GOGET_WORKERS: - # ATHENS_GONOSUM_PATTERNS: - # ATHENS_HGRC_PATH: - # ATHENS_INDEX_MYSQL_DATABASE: - # ATHENS_INDEX_MYSQL_HOST: - # ATHENS_INDEX_MYSQL_PARAMS: - # ATHENS_INDEX_MYSQL_PASSWORD: - # ATHENS_INDEX_MYSQL_PORT: - # ATHENS_INDEX_MYSQL_PROTOCOL: - # ATHENS_INDEX_MYSQL_USER: - # ATHENS_INDEX_POSTGRES_DATABASE: - # ATHENS_INDEX_POSTGRES_HOST: - # ATHENS_INDEX_POSTGRES_PARAMS: - # ATHENS_INDEX_POSTGRES_PASSWORD: - # ATHENS_INDEX_POSTGRES_PORT: - # ATHENS_INDEX_POSTGRES_USER: - # ATHENS_INDEX_TYPE: - # ATHENS_LOG_LEVEL: - # ATHENS_MINIO_ACCESS_KEY_ID: - # ATHENS_MINIO_BUCKET_NAME: - # ATHENS_MINIO_ENDPOINT: - # ATHENS_MINIO_REGION: - # ATHENS_MINIO_SECRET_ACCESS_KEY: - # ATHENS_MINIO_USE_SSL: - # ATHENS_MONGO_CERT_PATH: - # ATHENS_MONGO_DEFAULT_DATABASE: - # ATHENS_MONGO_INSECURE: - # ATHENS_MONGO_STORAGE_URL: - # ATHENS_NETRC_PATH: - # ATHENS_PATH_PREFIX: - # ATHENS_PORT: - # ATHENS_PROTOCOL_WORKERS: - # ATHENS_PROXY_VALIDATOR: - # ATHENS_REDIS_ENDPOINT: - # ATHENS_REDIS_PASSWORD: - # ATHENS_REDIS_SENTINEL_ENDPOINTS: - # ATHENS_ROBOTS_FILE: - # ATHENS_SINGLE_FLIGHT_TYPE: - # ATHENS_STATS_EXPORTER: - # ATHENS_STORAGE_GCP_BUCKET: - # ATHENS_STORAGE_GCP_JSON_KEY: - # ATHENS_STORAGE_TYPE: - # ATHENS_SUM_DBS: - # ATHENS_TIMEOUT: - # ATHENS_TLSCERT_FILE: - # ATHENS_TLSKEY_FILE: - # ATHENS_TRACE_EXPORTER_URL: - # ATHENS_TRACE_EXPORTER: - # AWS_ACCESS_KEY_ID: - # AWS_ENDPOINT: - # AWS_FORCE_PATH_STYLE: - # AWS_REGION: - # AWS_SECRET_ACCESS_KEY: - # AWS_SESSION_TOKEN: - # BASIC_AUTH_PASS: - # BASIC_AUTH_USER: - # CDN_ENDPOINT: - # GO_BINARY_PATH: - # GO_ENV: - # GOOGLE_CLOUD_PROJECT: - # MY_S3_BUCKET_NAME: - # PROXY_FORCE_SSL: + gitConfig: + ## @param config.gitConfig.existingConfigMap.enabled TODO: + ## @param config.gitConfig.existingConfigMap.secretName TODO: + existingConfigMap: + enabled: false + secretName: "" -livenessProbe: - httpGet: - scheme: HTTP - path: /healthz - port: http + ## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the download mode file. + ## @param config.gitConfig.configMap.labels Additional labels of the config map containing the download mode file. + ## @param config.gitConfig.configMap.content TODO: + configMap: + annotations: {} + labels: {} + content: | -replicaCount: 1 + netrc: + ## @param config.netrc.existingSecret.enabled TODO:. + ## @param config.netrc.existingSecret.secretName TODO: + existingSecret: + enabled: false + secretName: "" -serviceAccount: + ## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials. + ## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials. + ## @param config.netrc.secret.content TODO: + secret: + annotations: {} + labels: {} + content: | + # The .netrc file + # + # The .netrc file contains login and initialization information used by the auto-login process. It generally + # resides in the user's home directory, but a location outside of the home directory can be set using the + # environment variable NETRC. Both locations are overridden by the command line option -N. The selected file + # must be a regular file, or access will be denied. + # + # https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html + # + # default login [name] password [password/token] + # machine github.com [octocat] password [PAT] + # machine api.github.com [octocat] password [PAT] + + ssh: + ## @param config.ssh.existingSecret.enabled TODO:. + ## @param config.ssh.existingSecret.secretName TODO: + existingSecret: + enabled: false + + ## @param config.ssh.secret.annotations Additional annotations of the secret containing the database credentials. + ## @param config.ssh.secret.labels Additional labels of the secret containing the database credentials. + ## @param config.ssh.secret.files TODO: + ## @skip config.ssh.secret.id_ed25519 TODO: + ## @skip config.ssh.secret.id_ed25519_pub TODO: + ## @skip config.ssh.secret.id_rsa TODO: + ## @skip config.ssh.secret.id_rsa_pub TODO: + secret: + annotations: {} + labels: {} + config: | + # Host * + # IdentityFile ~/.ssh/id_ed25519 + # IdentityFile ~/.ssh/id_rsa + id_ed25519: "" + id_ed25519_pub: "" + id_rsa: "" + id_rsa_pub: "" + +## @section Deployment +deployment: + ## @param deployment.annotations Additional deployment annotations. + ## @param deployment.labels Additional deployment labels. annotations: {} + labels: {} -service: + ## @param deployment.additionalContainers List of additional containers. + additionalContainers: [] + # - command: [ "sh", "-c", "echo hello world" ] + # image: "docker.io/library/busybox:latest" + # name: side-car + + ## @param deployment.affinity Affinity for the athens-proxy deployment. + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/os + # operator: In + # values: + # - linux + # preferredDuringSchedulingIgnoredDuringExecution: + # - weight: 20 + # preference: + # matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + + ## @param deployment.initContainers List of additional init containers. + initContainers: [] + # - command: [ "sh", "-c", "echo hello world" ] + # image: "docker.io/library/busybox:latest" + # name: init + + ## @param deployment.dnsConfig dnsConfig of the athens-proxy deployment. + dnsConfig: {} + # nameservers: + # - 192.0.2.1 # this is an example + # searches: + # - ns1.svc.cluster-domain.example + # - my.dns.search.suffix + # options: + # - name: ndots + # value: "2" + # - name: edns0 + + ## @param deployment.dnsPolicy dnsPolicy of the athens-proxy deployment. + dnsPolicy: "" + + ## @param deployment.hostname Individual hostname of the pod. + ## @param deployment.subdomain Individual domain of the pod. + hostname: "" + subdomain: "" + + ## @param deployment.hostNetwork Use the kernel network namespace of the host system. + hostNetwork: false + + ## @param deployment.imagePullSecrets Secret to use for pulling the image. + imagePullSecrets: [] + # - name: "my-custom-secret" + + athensProxy: + ## @param deployment.athensProxy.args Arguments passed to the athens-proxy container. + args: [] + + ## @param deployment.athensProxy.command Command passed to the athens-proxy container. + command: [] + + ## @param deployment.athensProxy.env List of environment variables for the athens-proxy container. + env: [] + # - name: SPECIAL_ENV_A + # value: special-key + # - name: SPECIAL_ENV + # valueFrom: + # configMapKeyRef: + # name: special-config + # key: special-key + # - name: SPECIAL_ENV + # valueFrom: + # secretKeyRef: + # name: special-secret + # key: special-key + + ## @param deployment.athensProxy.envFrom List of environment variables mounted from configMaps or secrets for the athens-proxy container. + envFrom: [] + # - configMapRef: + # name: special-config + # - secretRef: + # name: special-secret + + ## @param deployment.athensProxy.image.registry Image registry, eg. `docker.io`. + ## @param deployment.athensProxy.image.repository Image repository, eg. `library/busybox`. + ## @param deployment.athensProxy.image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. + ## @param deployment.athensProxy.image.pullPolicy Image pull policy. + image: + registry: docker.io + repository: gomods/athens + tag: "" + pullPolicy: IfNotPresent + + ## @param deployment.athensProxy.resources CPU and memory resources of the pod. + resources: {} + # limits: + # cpu: + # ephemeral-storage: + # memory: + # requests: + # cpu: + # ephemeral-storage: + # memory: + + ## @param deployment.athensProxy.securityContext Security context of the container of the deployment. + securityContext: {} + # capabilities: + # add: + # - NET_RAW + # drop: + # - ALL + # privileged: false + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + ## @param deployment.athensProxy.volumeMounts Additional volume mounts. + volumeMounts: [] + # - name: my-configmap-volume + # mountPath: /configmap + # readOnly: true + + ## @param deployment.nodeSelector NodeSelector of the athens-proxy deployment. + nodeSelector: {} + + ## @param deployment.priorityClassName PriorityClassName of the athens-proxy deployment. + priorityClassName: "" + + ## @param deployment.replicas Number of replicas for the athens-proxy deployment. + replicas: 1 + + ## @param deployment.restartPolicy Restart policy of the athens-proxy deployment. + restartPolicy: "" + + ## @param deployment.securityContext Security context of the athens-proxy deployment. + securityContext: {} + # fsGroup: 2000 + + ## @param deployment.strategy.type Strategy type - `Recreate` or `RollingUpdate`. + ## @param deployment.strategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. + ## @param deployment.strategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update. + strategy: + type: "RollingUpdate" + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + + ## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod. + terminationGracePeriodSeconds: 60 + + ## @param deployment.tolerations Tolerations of the athens-proxy deployment. + tolerations: [] + # - key: database/type + # operator: Equal + # value: postgres + # effect: NoSchedule + + ## @param deployment.topologySpreadConstraints TopologySpreadConstraints of the athens-proxy deployment. + topologySpreadConstraints: [] + # - topologyKey: kubernetes.io/hostname + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # app.kubernetes.io/instance: prometheus-athens-proxy + + ## @param deployment.volumes Additional volumes to mount into the pods of the prometheus-exporter deployment. + volumes: [] + # - name: my-configmap-volume + # config: + # name: my-configmap + # - name: my-secret-volume + # secret: + # secretName: my-secret + +## @section Horizontal Pod Autoscaler (HPA) +# In order for the HPA to function successfully, a metric server is required, especially for resource consumption. The +# metric server enables the CPU and memory utilisation to be recorded. If such a metric server is not available, the HPA +# cannot scale pods based on CPU or memory utilisation. Further information be be found here: +# https://github.com/kubernetes-sigs/metrics-server#deployment +hpa: + ## @param hpa.enabled Enable the horizontal pod autoscaler (HPA). + ## @param hpa.annotations Additional annotations for the HPA. + ## @param hpa.labels Additional labels for the HPA. + ## @param hpa.metrics Metrics contains the specifications for which to use to calculate the desired replica count. + ## @skip hpa.metrics Skip individual HPA metric configurations. + ## @param hpa.minReplicas Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down. + ## @param hpa.maxReplicas Upper limit for the number of pods that can be set by the autoscaler. + enabled: false annotations: {} - # externalIPs: [] - # externalTrafficPolicy: "Cluster" - # loadBalancerClass: "" - # loadBalancerIP: "" - # loadBalancerSourceRanges: [] - # internalTrafficPolicy: "Cluster" - name: http - targetPort: 3000 - type: ClusterIP - port: 3000 + labels: {} + metrics: + - resource: + name: cpu + target: + averageUtilization: 65 + type: Utilization + type: Resource + # - resource: + # name: memory + # target: + # averageUtilization: 65 + # type: Utilization + minReplicas: 1 + maxReplicas: 10 +## @section Ingress ingress: + ## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled. + ## @param ingress.className Ingress class. + ## @param ingress.annotations Additional ingress annotations. + ## @param ingress.labels Additional ingress labels. enabled: false className: "nginx" annotations: {} - # kubernetes.io/ingress.class: nginx - # cert-manager.io/issuer: - # kubernetes.io/tls-acme: "true" - hosts: - - host: "your-hostname" - paths: - - path: / - pathType: ImplementationSpecific - tls: - - secretName: "your-tls-secret" - hosts: - - "your-hostname" + labels: {} -readinessProbe: - httpGet: - scheme: HTTP - path: /healthz - port: http + ## @param ingress.hosts Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. + ## @skip ingress.hosts Skip individual host configuration. + hosts: [] + # - host: athens-proxy.example.local + # paths: + # - path: / + # pathType: Prefix -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + ## @param ingress.tls Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``. + ## @skip ingress.tls Skip individual TLS configuration. + tls: [] + # - secretName: athens-proxy-http-tls + # hosts: + # - athens-proxy.example.local -nodeSelector: - kubernetes.io/arch: amd64 +## @section Persistence +persistence: + ## @param persistence.enabled Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. + enabled: false -tolerations: [] + data: + ## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`. + mountPath: "/var/www/athens-proxy/data" -# extra volumes for the pod -extraVolumes: {} -# The following example mount the same secret, which contains tls certificates -# under different names. Each volume mount contains only selected items of the -# secret. This make it easier to place the items on different locations inside the -# container filesystem via extraVolumeMounts. -# - name: custom-ca-anchor -# secret: -# secretName: athens-proxy-custom-tls-certificates -# items: -# - key: ca.crt -# path: ca.crt -# mode: 0444 -# - name: custom-tls-certificates -# secret: -# secretName: athens-proxy-custom-tls-certificates -# items: -# - key: tls.key -# path: tls.key -# mode: 0400 -# - key: tls.crt -# path: tls.crt -# mode: 0444 + existingPersistentVolumeClaim: + enabled: false + persistentVolumeClaimName: "" -extraVolumeMounts: {} -# The following example follows the example of extraVolumes and mounts the -# volumes to the corresponding paths in the container filesystem. -# - name: custom-ca-anchor -# mountPath: /usr/local/share/ca-certificates -# - name: custom-tls-certificates -# mountPath: /etc/athens-proxy/tls + persistentVolumeClaim: + annotations: {} + labels: {} + accessModes: + - ReadWriteMany + storageClass: "" + storageSize: "5Gi" + +## @section NetworkPolicies +## @param networkPolicies.enabled Enable network policies in general. +networkPolicies: + enabled: false + + ## @param networkPolicies.default.enabled Enable the network policy for accessing the application by default. For example to scape the metrics. + ## @param networkPolicies.default.annotations Additional network policy annotations. + ## @param networkPolicies.default.labels Additional network policy labels. + ## @param networkPolicies.default.policyTypes List of policy types. Supported is ingress, egress or ingress and egress. + ## @param networkPolicies.default.egress Concrete egress network policy implementation. + ## @skip networkPolicies.default.egress Skip individual egress configuration. + ## @param networkPolicies.default.ingress Concrete ingress network policy implementation. + ## @skip networkPolicies.default.ingress Skip individual ingress configuration. + default: + enabled: false + annotations: {} + labels: {} + policyTypes: [] + # - Egress + # - Ingress + egress: [] + # Allow outgoing traffic to database host + # + # - to: + # - ipBlock: + # cidr: 192.168.179.1/32 + # ports: + # - port: 5432 + # protocol: TCP + + # Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns. + # + # - to: + # - namespaceSelector: + # matchLabels: + # kubernetes.io/metadata.name: kube-system + # podSelector: + # matchLabels: + # k8s-app: kube-dns + # ports: + # - port: 53 + # protocol: TCP + # - port: 53 + # protocol: UDP + + ingress: [] + # Allow incoming HTTP traffic from prometheus. + # + # - from: + # - namespaceSelector: + # matchLabels: + # kubernetes.io/metadata.name: monitoring + # podSelector: + # matchLabels: + # app.kubernetes.io/name: prometheus + # ports: + # - port: http + # protocol: TCP + + # Allow incoming HTTP traffic from ingress-nginx. + # + # - from: + # - namespaceSelector: + # matchLabels: + # kubernetes.io/metadata.name: ingress-nginx + # podSelector: + # matchLabels: + # app.kubernetes.io/name: ingress-nginx + # ports: + # - port: http + # protocol: TCP + +## @section Service +## @param services.http.enabled Enable the service. +## @param services.http.annotations Additional service annotations. +## @param services.http.externalIPs External IPs for the service. +## @param services.http.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. +## @param services.http.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. +## @param services.http.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. +## @param services.http.labels Additional service labels. +## @param services.http.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. +## @param services.http.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. +## @param services.http.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. +## @param services.http.port Port to forward the traffic to. +## @param services.http.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. +## @param services.http.sessionAffinityConfig Contains the configuration of the session affinity. +## @param services.http.type Kubernetes service type for the traffic. +services: + http: + enabled: true + annotations: {} + externalIPs: [] + externalTrafficPolicy: "Cluster" + internalTrafficPolicy: "Cluster" + ipFamilies: [] + labels: {} + loadBalancerClass: "" + loadBalancerIP: "" + loadBalancerSourceRanges: [] + port: 3000 + sessionAffinity: "None" + sessionAffinityConfig: {} + type: "ClusterIP" + +## @section ServiceAccount +serviceAccount: + ## @param serviceAccount.existing.enabled Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations. + ## @param serviceAccount.existing.serviceAccountName Name of the existing service account. + existing: + enabled: false + serviceAccountName: "" + + ## @param serviceAccount.new.annotations Additional service account annotations. + ## @param serviceAccount.new.labels Additional service account labels. + ## @param serviceAccount.new.automountServiceAccountToken Enable/disable auto mounting of the service account token. + ## @param serviceAccount.new.imagePullSecrets ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount. + ## @param serviceAccount.new.secrets Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. + new: + annotations: {} + labels: {} + automountServiceAccountToken: true + imagePullSecrets: [] + # - name: "my-image-pull-secret" + secrets: [] + # - name: "my-secret" + # namespace: "my-namespace" + # fieldPath: "my-field"