fix: improve chart

This commit is contained in:
2025-10-03 13:04:20 +02:00
parent 744938f8f4
commit d02f63be7a
52 changed files with 3193 additions and 405 deletions

114
.gitea/scripts/add-annotations.sh Executable file
View File

@@ -0,0 +1,114 @@
#!/bin/bash
set -e
CHART_FILE="Chart.yaml"
if [ ! -f "${CHART_FILE}" ]; then
echo "ERROR: ${CHART_FILE} not found!" 1>&2
exit 1
fi
DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
if [ -z "${1}" ]; then
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
if [ -z "${OLD_TAG}" ]; then
OLD_TAG="${DEFAULT_OLD_TAG}"
fi
while [ -z "$(git tag --list "${OLD_TAG}")" ]; do
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
if [ -z "${OLD_TAG}" ]; then
OLD_TAG="${DEFAULT_OLD_TAG}"
fi
done
else
OLD_TAG=${1}
if [ -z "$(git tag --list "${OLD_TAG}")" ]; then
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
exit 1
fi
fi
if [ -z "${2}" ]; then
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
if [ -z "${NEW_TAG}" ]; then
NEW_TAG="${DEFAULT_NEW_TAG}"
fi
while [ -z "$(git tag --list "${NEW_TAG}")" ]; do
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
if [ -z "${NEW_TAG}" ]; then
NEW_TAG="${DEFAULT_NEW_TAG}"
fi
done
else
NEW_TAG=${2}
if [ -z "$(git tag --list "${NEW_TAG}")" ]; then
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
exit 1
fi
fi
CHANGE_LOG_YAML=$(mktemp)
echo "[]" > "${CHANGE_LOG_YAML}"
function map_type_to_kind() {
case "${1}" in
feat)
echo "added"
;;
fix)
echo "fixed"
;;
chore|style|test|ci|docs|refac)
echo "changed"
;;
revert)
echo "removed"
;;
sec)
echo "security"
;;
*)
echo "skip"
;;
esac
}
COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")"
echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}"
while IFS= read -r line; do
if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then
TYPE="${BASH_REMATCH[1]}"
KIND=$(map_type_to_kind "${TYPE}")
if [ "${KIND}" == "skip" ]; then
continue
fi
DESC="${BASH_REMATCH[3]}"
echo "- ${KIND}: ${DESC}"
jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new"
mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}"
fi
done <<< "${COMMIT_TITLES}"
if [ -s "${CHANGE_LOG_YAML}" ]; then
yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}"
yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}"
else
echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2
exit 1
fi
rm "${CHANGE_LOG_YAML}"

View File

@@ -11,12 +11,12 @@ jobs:
image: docker.io/volkerraschek/helm:3.19.0 image: docker.io/volkerraschek/helm:3.19.0
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Install tooling - name: Install packages via apk
run: | run: |
apk update apk update
apk add git npm yq apk add git npm jq yq
- uses: actions/checkout@v5 - uses: actions/checkout@v5.0.0
with: with:
fetch-depth: 0 fetch-depth: 0
@@ -26,7 +26,21 @@ jobs:
OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)" OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}" .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
- name: Extract meta information
run: |
echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
- name: Update Helm Chart version in README.md
run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md
- name: Package chart - name: Package chart
run: |
helm dependency build
helm package --version "${PACKAGE_VERSION}" ./
- name: Upload Chart to ChartMuseum
env: env:
CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }} CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
@@ -48,7 +62,11 @@ jobs:
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
helm repo remove chartmuseum helm repo remove chartmuseum
# gitea - name: Upload Chart to Gitea
env:
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
GITEA_SERVER_URL: ${{ github.server_url }}
run: |
helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
helm repo remove gitea helm repo remove gitea

3
.gitignore vendored
View File

@@ -4,3 +4,6 @@ target
values2.yml values2.yml
values2.yaml values2.yaml
*.tgz *.tgz
install.sh
uninstall.sh

8
.vscode/extensions.json vendored Normal file
View File

@@ -0,0 +1,8 @@
{
"recommendations": [
"DavidAnson.vscode-markdownlint",
"esbenp.prettier-vscode",
"Tim-Koehler.helm-intellisense",
"yzhang.markdown-all-in-one"
]
}

8
.vscode/settings.json vendored Normal file
View File

@@ -0,0 +1,8 @@
{
"yaml.schemas": {
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [
"/unittests/**/*.yaml"
]
},
"yaml.schemaStore.enable": true
}

20
.yamllint.yaml Normal file
View File

@@ -0,0 +1,20 @@
---
extends: default
ignore: |
.yamllint
node_modules
templates
rules:
truthy:
allowed-values: ['true', 'false']
check-keys: False
level: error
line-length: disable
document-start: disable
comments:
min-spaces-from-content: 1
braces:
max-spaces-inside: 2

View File

@@ -1,3 +1,9 @@
annotations:
artifacthub.io/links: |
- name: Athens proxy (binary)
url: https://github.com/gomods/athens
- name: support
url: https://git.cryptic.systems/volker.raschek/athens-proxy/issues
apiVersion: v2 apiVersion: v2
name: athens-proxy name: athens-proxy
description: Athens proxy server for golang description: Athens proxy server for golang

4
package-lock.json generated
View File

@@ -1,10 +1,10 @@
{ {
"name": "athens-proxy-chart", "name": "athens-proxy-charts",
"lockfileVersion": 3, "lockfileVersion": 3,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "athens-proxy-chart", "name": "athens-proxy-charts",
"license": "MIT", "license": "MIT",
"devDependencies": { "devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.5.0", "@bitnami/readme-generator-for-helm": "^2.5.0",

View File

@@ -1,6 +1,6 @@
{ {
"name": "athens-proxy-chart", "name": "athens-proxy-charts",
"homepage": "https://git.cryptic.systems/volker.raschek/athens-proxy-chart.git", "homepage": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts.git",
"license": "MIT", "license": "MIT",
"private": true, "private": true,
"engineStrict": true, "engineStrict": true,

View File

@@ -25,8 +25,8 @@
"matchStrings": [ "matchStrings": [
"VERSION=(?<currentValue>.*)" "VERSION=(?<currentValue>.*)"
], ],
"depNameTemplate": "volker.raschek/athens-proxy-chart", "depNameTemplate": "volker.raschek/athens-proxy-charts",
"packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-chart", "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts",
"datasourceTemplate": "git-tags", "datasourceTemplate": "git-tags",
"versioningTemplate": "semver" "versioningTemplate": "semver"
} }
@@ -56,7 +56,7 @@
], ],
"automerge": true, "automerge": true,
"matchDepNames": [ "matchDepNames": [
"volker.raschek/athens-proxy-chart" "volker.raschek/athens-proxy-charts"
], ],
"matchUpdateTypes": [ "matchUpdateTypes": [
"major", "major",

View File

@@ -1,3 +1,4 @@
{{/* vim: set filetype=mustache: */}}
{{/* {{/*
Expand the name of the chart. Expand the name of the chart.
*/}} */}}
@@ -30,20 +31,26 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }} {{- end }}
{{/*
Common annotations
*/}}
{{- define "athens-proxy.annotations" -}}
{{- end }}
{{/* {{/*
Common labels Common labels
*/}} */}}
{{- define "athens-proxy.labels" -}} {{- define "athens-proxy.labels" -}}
helm.sh/chart: {{ include "athens-proxy.chart" . }}
{{ include "athens-proxy.selectorLabels" . }} {{ include "athens-proxy.selectorLabels" . }}
{{- if .Chart.AppVersion }} {{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }} {{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "athens-proxy.chart" . }}
{{- end }} {{- end }}
{{/* {{/*
Selector labels Common selector labels
*/}} */}}
{{- define "athens-proxy.selectorLabels" -}} {{- define "athens-proxy.selectorLabels" -}}
app.kubernetes.io/name: {{ include "athens-proxy.name" . }} app.kubernetes.io/name: {{ include "athens-proxy.name" . }}

View File

@@ -0,0 +1,33 @@
---
{{/* annotations */}}
{{- define "athens-proxy.configMap.downloadMode.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.downloadMode.configMap.annotations }}
{{ toYaml .Values.config.downloadMode.configMap.annotations }}
{{- end }}
{{- end }}
{{- define "athens-proxy.configMap.gitConfig.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.gitConfig.configMap.annotations }}
{{ toYaml .Values.config.gitConfig.configMap.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.configMap.downloadMode.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.downloadMode.configMap.labels }}
{{ toYaml .Values.config.downloadMode.configMap.labels }}
{{- end }}
{{- end }}
{{- define "athens-proxy.configMap.gitConfig.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.gitConfig.configMap.labels }}
{{ toYaml .Values.config.gitConfig.configMap.labels }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,79 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.deployment.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.deployment.annotations }}
{{ toYaml .Values.deployment.annotations }}
{{- end }}
{{- end }}
{{/* env */}}
{{- define "athens-proxy.deployment.env" -}}
{{- $env := dict "env" (.Values.deployment.athensProxy.env | default (list) ) }}
{{- if and .Values.persistence.enabled }}
{{- $env = merge $env (dict "env" (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)))}}
{{- end }}
{{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }}
{{- $env = merge $env (dict "env" (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu"))))) }}
{{- end }}
{{ toYaml $env }}
{{- end -}}
{{/* envFrom */}}
{{- define "athens-proxy.deployment.envFrom" -}}
{{- end -}}
{{/* image */}}
{{- define "athens-proxy.deployment.images.athens-proxy.fqin" -}}
{{- $registry := .Values.deployment.athensProxy.image.registry -}}
{{- $repository := .Values.deployment.athensProxy.image.repository -}}
{{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}}
{{- printf "%s/%s:v%s" $registry $repository $tag -}}
{{- end -}}
{{/* labels */}}
{{- define "athens-proxy.deployment.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.deployment.labels }}
{{ toYaml .Values.deployment.labels }}
{{- end }}
{{- end }}
{{/* serviceAccount */}}
{{- define "athens-proxy.deployment.serviceAccount" -}}
{{- if .Values.serviceAccount.existing.enabled -}}
{{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}}
{{- else -}}
{{- include "athens-proxy.fullname" . -}}
{{- end -}}
{{- end }}
{{/* volumeMounts */}}
{{- define "athens-proxy.deployment.volumeMounts" -}}
{{- $volumeMounts := dict "volumeMounts" (.Values.deployment.athensProxy.volumeMounts | default (list) ) }}
{{- if .Values.persistence.enabled }}
{{- $volumeMounts = merge $volumeMounts (dict "volumeMounts" (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath))) }}
{{- end }}
{{ toYaml $volumeMounts }}
{{- end -}}
{{/* volumes */}}
{{- define "athens-proxy.deployment.volumes" -}}
{{- $volumes := dict "volumes" (.Values.deployment.athensProxy.volumes | default (list) ) }}
{{- if and .Values.persistence.enabled (not .Values.persistence.data.existingPersistentVolumeClaim.enabled) }}
{{- $volumes = merge $volumes (dict "volumes" (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" (include "athens-proxy.persistentVolumeClaim.data.name" $))))) }}
{{- else if and .Values.persistence.enabled .Values.persistence.data.existingPersistentVolumeClaim.enabled }}
{{- $volumes = merge $volumes (dict "volumes" (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName)))) }}
{{- end }}
{{ toYaml $volumes }}
{{- end -}}

View File

@@ -0,0 +1,19 @@
---
{{/* annotations */}}
{{- define "athens-proxy.hpa.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.hpa.annotations }}
{{ toYaml .Values.hpa.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.hpa.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.hpa.labels }}
{{ toYaml .Values.hpa.labels }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,19 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.ingress.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.ingress.annotations }}
{{ toYaml .Values.ingress.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.ingress.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.ingress.labels }}
{{ toYaml .Values.ingress.labels }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,19 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.networkPolicies.annotations" -}}
{{ include "athens-proxy.annotations" .context }}
{{- if .networkPolicy.annotations }}
{{ toYaml .networkPolicy.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.networkPolicies.labels" -}}
{{ include "athens-proxy.labels" .context }}
{{- if .networkPolicy.labels }}
{{ toYaml .networkPolicy.labels }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,25 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.persistentVolumeClaim.data.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.persistence.data.persistentVolumeClaim.annotations }}
{{ toYaml .Values.persistence.data.persistentVolumeClaim.annotations}}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.persistentVolumeClaim.data.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.persistence.data.persistentVolumeClaim.labels }}
{{ toYaml .Values.persistence.data.persistentVolumeClaim.labels}}
{{- end }}
{{- end }}
{{/* name */}}
{{- define "athens-proxy.persistentVolumeClaim.data.name" -}}
{{ include "athens-proxy.fullname" . }}-data
{{- end }}

View File

@@ -0,0 +1,17 @@
---
{{/* annotations */}}
{{- define "athens-proxy.pod.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.pod.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- end }}
{{- define "athens-proxy.pod.selectorLabels" -}}
{{ include "athens-proxy.selectorLabels" . }}
{{- end }}

View File

@@ -0,0 +1,47 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.secrets.env.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.env.secret.annotations }}
{{ toYaml .Values.config.env.secret.annotations }}
{{- end }}
{{- end }}
{{- define "athens-proxy.secrets.netrc.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.netrc.secret.annotations }}
{{ toYaml .Values.config.netrc.secret.annotations }}
{{- end }}
{{- end }}
{{- define "athens-proxy.secrets.ssh.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.ssh.secret.annotations }}
{{ toYaml .Values.config.ssh.secret.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.secrets.env.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.env.secret.labels }}
{{ toYaml .Values.config.env.secret.labels }}
{{- end }}
{{- end }}
{{- define "athens-proxy.secrets.netrc.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.netrc.secret.labels }}
{{ toYaml .Values.config.netrc.secret.labels }}
{{- end }}
{{- end }}
{{- define "athens-proxy.secrets.ssh.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.ssh.secret.labels }}
{{ toYaml .Values.config.ssh.secret.labels }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,17 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.serviceAccount.annotations" -}}
{{- if .Values.serviceAccount.new.annotations }}
{{ toYaml .Values.serviceAccount.new.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.serviceAccount.labels" -}}
{{- if .Values.serviceAccount.new.labels }}
{{ toYaml .Values.serviceAccount.new.labels }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,29 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.services.http.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.services.http.annotations }}
{{ toYaml .Values.services.http.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.services.http.labels" -}}
{{ include "athens-proxy.labels" . }}
{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}}
app.kubernetes.io/service-name: http
{{- if .Values.services.http.labels }}
{{ toYaml .Values.services.http.labels }}
{{- end }}
{{- end }}
{{/* names */}}
{{- define "athens-proxy.services.http.name" -}}
{{- if .Values.services.http.enabled -}}
{{ include "athens-proxy.fullname" . }}-http
{{- end -}}
{{- end -}}

View File

@@ -0,0 +1,19 @@
{{- if not .Values.config.downloadMode.existingConfigMap.enabled }}
---
apiVersion: v1
kind: ConfigMap
metadata:
{{- with (include "athens-proxy.configMap.downloadMode.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.configMap.downloadMode.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}-download-mode-file
namespace: {{ .Release.Namespace }}
data:
downloadMode: |
{{- tpl .Values.config.downloadMode.configMap.content . | nindent 4 }}
{{- end }}

View File

@@ -0,0 +1,19 @@
{{- if not .Values.config.gitConfig.existingConfigMap.enabled }}
---
apiVersion: v1
kind: ConfigMap
metadata:
{{- with (include "athens-proxy.configMap.gitConfig.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.configMap.gitConfig.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}-git-config
namespace: {{ .Release.Namespace }}
data:
.gitconfig: |
{{- tpl .Values.config.gitConfig.configMap.content . | nindent 4 }}
{{- end }}

View File

@@ -0,0 +1,135 @@
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (include "athens-proxy.deployment.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.deployment.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
replicas: {{ .Values.deployment.replicas }}
selector:
matchLabels:
{{- include "athens-proxy.pod.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- include "athens-proxy.pod.annotations" . | nindent 8 }}
labels:
{{- include "athens-proxy.pod.labels" . | nindent 8 }}
spec:
{{- with .Values.deployment.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: athens-proxy
{{- with .Values.deployment.athensProxy.args }}
args:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.deployment.athensProxy.command }}
command:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- $env := (include "athens-proxy.deployment.env" . | fromYaml) }}
{{- if and (hasKey $env "env") (gt (len $env.env) 0) }}
env:
{{- toYaml $env.env | nindent 8 }}
{{- end }}
{{- $envFrom := (include "athens-proxy.deployment.envFrom" . | fromYaml) }}
{{- if and (hasKey $envFrom "envFrom") (gt (len $envFrom.envFrom) 0) }}
envFrom:
{{- toYaml $envFrom.envFrom | nindent 8 }}
{{- end }}
image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }}
imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }}
livenessProbe:
tcpSocket:
port: http
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 3
readinessProbe:
tcpSocket:
port: http
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 3
ports:
- name: http
containerPort: 3000
protocol: TCP
{{- with .Values.deployment.athensProxy.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.deployment.athensProxy.securityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- $volumeMounts := (include "athens-proxy.deployment.volumeMounts" . | fromYaml) }}
{{- if and (hasKey $volumeMounts "volumeMounts") (gt (len $volumeMounts.volumeMounts) 0) }}
volumeMounts:
{{- toYaml $volumeMounts.volumeMounts | nindent 8 }}
{{- end }}
{{- with .Values.deployment.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.deployment.dnsPolicy }}
dnsPolicy: {{ .Values.deployment.dnsPolicy }}
{{- end }}
{{- if .Values.deployment.hostname }}
hostname: {{ .Values.deployment.hostname }}
{{- end }}
hostNetwork: {{ .Values.deployment.hostNetwork }}
{{- with .Values.deployment.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.deployment.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.deployment.priorityClassName }}
priorityClassName: {{ .Values.deployment.priorityClassName }}
{{- end }}
{{- if .Values.deployment.restartPolicy }}
restartPolicy: {{ .Values.deployment.restartPolicy }}
{{- end }}
{{- with .Values.deployment.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccount: {{ include "athens-proxy.deployment.serviceAccount" . }}
{{- if .Values.deployment.subdomain }}
subdomain: {{ .Values.deployment.subdomain }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }}
{{- with .Values.deployment.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.deployment.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- $volumes := (include "athens-proxy.deployment.volumes" . | fromYaml) }}
{{- if and (hasKey $volumes "volumes") (gt (len $volumes.volumes) 0) }}
volumes:
{{- toYaml $volumes.volumes | nindent 6 }}
{{- end }}
{{- with .Values.deployment.strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}

View File

@@ -0,0 +1,25 @@
{{- if .Values.hpa.enabled -}}
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
{{- with (include "athens-proxy.hpa.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.hpa.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
metrics:
{{- toYaml .Values.hpa.metrics | nindent 2 }}
maxReplicas: {{ .Values.hpa.maxReplicas }}
minReplicas: {{ .Values.hpa.minReplicas }}
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "athens-proxy.fullname" . }}
{{- end -}}

View File

@@ -0,0 +1,45 @@
{{- if and .Values.services.http.enabled .Values.ingress.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
{{- with (include "athens-proxy.ingress.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.ingress.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
ingressClassName: {{ .Values.ingress.className }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ include "athens-proxy.services.http.name" $ }}
port:
number: {{ $.Values.services.http.port }}
{{- end }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
secretName: {{ .secretName | quote }}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,36 @@
{{- if .Values.networkPolicies.enabled }}
{{- range $key, $value := .Values.networkPolicies -}}
{{- if and (not (eq $key "enabled")) $value.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
{{- with (include "athens-proxy.networkPolicies.annotations" (dict "networkPolicy" $value "context" $) | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.networkPolicies.labels" (dict "networkPolicy" $value "context" $) | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ printf "%s-%s" (include "athens-proxy.fullname" $ ) $key }}
namespace: {{ $.Release.Namespace }}
spec:
podSelector:
matchLabels:
{{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }}
{{- with $value.policyTypes }}
policyTypes:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with $value.egress }}
egress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with $value.ingress }}
ingress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,26 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.data.existingPersistentVolumeClaim.enabled) }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- with (include "athens-proxy.persistentVolumeClaim.data.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.persistentVolumeClaim.data.labels" . | fromYaml) }}
labels:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.persistentVolumeClaim.data.name" . }}
namespace: {{ $.Release.Namespace }}
spec:
{{- with .Values.persistence.data.persistentVolumeClaim.accessModes }}
accessModes:
{{ toYaml . | nindent 4 }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.data.persistentVolumeClaim.storageSize }}
{{- if .Values.persistence.data.persistentVolumeClaim.storageClassName }}
storageClassName: {{ .Values.persistence.data.persistentVolumeClaim.storageClassName }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,20 @@
{{- if not .Values.config.env.existingSecret.enabled }}
---
apiVersion: v1
kind: Secret
metadata:
{{- with (include "athens-proxy.secrets.env.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.secrets.env.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}-env
namespace: {{ .Release.Namespace }}
stringData:
{{- range $key, $value := .Values.config.env.secret.envs }}
{{ upper $key }}: {{ quote $value }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,19 @@
{{- if not .Values.config.netrc.existingSecret.enabled }}
---
apiVersion: v1
kind: Secret
metadata:
{{- with (include "athens-proxy.secrets.netrc.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.secrets.netrc.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}-netrc
namespace: {{ .Release.Namespace }}
stringData:
.netrc: |
{{- tpl .Values.config.netrc.secret.content . | nindent 4 }}
{{- end }}

View File

@@ -0,0 +1,35 @@
{{- if not .Values.config.ssh.existingSecret.enabled }}
---
apiVersion: v1
kind: Secret
metadata:
{{- with (include "athens-proxy.secrets.ssh.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.secrets.ssh.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}-ssh
namespace: {{ .Release.Namespace }}
stringData:
config: |
{{- tpl $.Values.config.ssh.secret.config $ | nindent 4 }}
{{- if .Values.config.ssh.secret.id_ed25519 }}
id_ed25519: |
{{- .Values.config.ssh.secret.id_ed25519 | nindent 4 }}
{{- end }}
{{- if .Values.config.ssh.secret.id_ed25519_pub }}
id_ed25519.pub: |
{{- .Values.config.ssh.secret.id_ed25519_pub | nindent 4 }}
{{- end }}
{{- if .Values.config.ssh.secret.id_rsa }}
id_rsa: |
{{- .Values.config.ssh.secret.id_rsa | nindent 4 }}
{{- end }}
{{- if .Values.config.ssh.secret.id_rsa_pub }}
id_rsa.pub: |
{{- .Values.config.ssh.secret.id_rsa_pub | nindent 4 }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,25 @@
{{- if not .Values.serviceAccount.existing.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
{{- with (include "athens-proxy.serviceAccount.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.serviceAccount.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
automountServiceAccountToken: {{ .Values.serviceAccount.new.automountServiceAccountToken }}
{{- with .Values.serviceAccount.new.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.serviceAccount.new.secrets }}
secrets:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,57 @@
{{- if .Values.services.http.enabled }}
---
apiVersion: v1
kind: Service
metadata:
{{- with (include "athens-proxy.services.http.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.services.http.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.services.http.name" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- if not (empty .Values.services.http.externalIPs) }}
externalIPs:
{{- range .Values.services.http.externalIPs }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (or (eq .Values.services.http.type "LoadBalancer") (eq .Values.services.http.type "NodePort") ) .Values.services.http.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.services.http.externalTrafficPolicy }}
{{- end }}
internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.services.http.internalTrafficPolicy }}
{{- if .Values.services.http.ipFamilies }}
ipFamilies:
{{- range .Values.services.http.ipFamilies }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerClass }}
loadBalancerClass: {{ .Values.services.http.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerIP }}
loadBalancerIP: {{ .Values.services.http.loadBalancerIP }}
{{- end }}
{{- if eq .Values.services.http.type "LoadBalancer" }}
loadBalancerSourceRanges:
{{- range .Values.services.http.loadBalancerSourceRanges }}
- {{ . }}
{{- end }}
{{- end }}
ports:
- name: http
protocol: TCP
port: {{ required "No service port defined!" .Values.services.http.port }}
selector:
{{- include "athens-proxy.pod.selectorLabels" . | nindent 4 }}
sessionAffinity: {{ required "No session affinity defined!" .Values.services.http.sessionAffinity }}
{{- with .Values.services.http.sessionAffinityConfig }}
sessionAffinityConfig:
{{- toYaml . | nindent 4}}
{{- end }}
type: {{ required "No service type defined!" .Values.services.http.type }}
{{- end }}

View File

@@ -1,72 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "athens-proxy.fullname" . }}
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "athens-proxy.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "athens-proxy.selectorLabels" . | nindent 8 }}
spec:
containers:
- name: {{ .Chart.Name }}
envFrom:
- secretRef:
name: {{ include "athens-proxy.fullname" . }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.config.ATHENS_PORT | default 3000 }}
protocol: TCP
{{- with .Values.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.extraVolumeMounts }}
volumeMounts:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.podPriorityClassName }}
priorityClassName: {{ .Values.podPriorityClassName }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
serviceAccountName: {{ include "athens-proxy.fullname" . }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.extraVolumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}

View File

@@ -1,61 +0,0 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "athens-proxy.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -1,23 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "athens-proxy.fullname" . }}
type: Opaque
stringData:
{{- if not (hasKey .Values "config") -}}
{{- $_ := set .Values "config" dict -}}
{{- end -}}
{{- if not (hasKey .Values.config "ATHENS_DISK_STORAGE_ROOT") -}}
{{- $_ := set .Values.config "ATHENS_DISK_STORAGE_ROOT" "/var/lib/athens" -}}
{{- end -}}
{{- if not (hasKey .Values.config "ATHENS_STORAGE_TYPE") -}}
{{- $_ := set .Values.config "ATHENS_STORAGE_TYPE" "disk" -}}
{{- end -}}
{{/* SETUP CONFIG */}}
{{ range $key, $value := .Values.config }}
{{ upper $key}}: {{ quote $value }}
{{ end }}

View File

@@ -1,36 +0,0 @@
apiVersion: v1
kind: Service
metadata:
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
name: {{ include "athens-proxy.fullname" . }}
spec:
{{- with .Values.service.externalIPs }}
externalIPs:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- if .Values.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
{{- end }}
{{- if and .Values.service.loadBalancerClass (eq .Values.service.type "LoadBalancer") }}
loadBalancerClass: {{ .Values.service.loadBalancerClass }}
{{- end }}
{{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- with .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml . | nindent 2 }}
{{- end }}
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.service.targetPort }}
protocol: TCP
name: {{ .Values.service.name }}
selector:
{{- include "athens-proxy.selectorLabels" . | nindent 4 }}

View File

@@ -1,10 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
name: {{ include "athens-proxy.fullname" . }}

View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "athens-proxy.fullname" . }}-test-connection"
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "athens-proxy.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

View File

@@ -0,0 +1,88 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ConfigMap downloadMode
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/configMapDownloadMode.yaml
tests:
- it: Skip rending by using existing config map.
set:
config.downloadMode.existingConfigMap.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering by default.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ConfigMap
name: athens-proxy-unittest-download-mode-file
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: data.downloadMode
value: |
# downloadURL = "https://proxy.golang.org"
#
# mode = "async_redirect"
#
# download "github.com/gomods/*" {
# mode = "sync"
# }
#
# download "golang.org/x/*" {
# mode = "none"
# }
#
# download "github.com/pkg/*" {
# mode = "redirect"
# downloadURL = "https://gocenter.io"
# }
- it: Rendering custom annotations and labels.
set:
config.downloadMode.configMap.annotations:
foo: bar
bar: foo
config.downloadMode.configMap.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo
- it: Rendering custom configuration
set:
config.downloadMode.configMap.content: |
downloadURL = "https://proxy.golang.org"
mode = "async_redirect"
asserts:
- equal:
path: data.downloadMode
value: |
downloadURL = "https://proxy.golang.org"
mode = "async_redirect"

View File

@@ -0,0 +1,77 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ConfigMap gitConfig
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/configMapGitConfig.yaml
tests:
- it: Skip rending by using existing config map.
set:
config.gitConfig.existingConfigMap.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering by default.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ConfigMap
name: athens-proxy-unittest-git-config
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- isNullOrEmpty:
path: data[".gitconfig"]
- it: Rendering custom annotations and labels.
set:
config.gitConfig.configMap.annotations:
foo: bar
bar: foo
config.gitConfig.configMap.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo
- it: Rendering custom configuration
set:
config.gitConfig.configMap.content: |
[url "git@github.com:"]
insteadOf = https://github.com/
[url "git@git.cryptic.systems:"]
insteadOf = https://git.cryptic.systems/
asserts:
- equal:
path: data[".gitconfig"]
value: |
[url "git@github.com:"]
insteadOf = https://github.com/
[url "git@git.cryptic.systems:"]
insteadOf = https://git.cryptic.systems/

View File

@@ -0,0 +1,528 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/deployment.yaml
tests:
- it: Rendering default
asserts:
- hasDocuments:
count: 1
template: templates/athens-proxy/deployment.yaml
- containsDocument:
apiVersion: apps/v1
kind: Deployment
name: athens-proxy-unittest
namespace: testing
template: templates/athens-proxy/deployment.yaml
- notExists:
path: metadata.annotations
template: templates/athens-proxy/deployment.yaml
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.replicas
value: 1
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.template.metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.affinity
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].args
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].command
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].envFrom
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].volumeMounts
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.template.spec.containers[0].image
value: docker.io/gomods/athens:v0.1.0
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].resources
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].securityContext
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.dnsConfig
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.dnsPolicy
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.hostname
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.template.spec.hostNetwork
value: false
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.imagePullSecrets
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.nodeSelector
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.priorityClassName
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.restartPolicy
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.subdomain
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 60
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.tolerations
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.topologySpreadConstraints
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.strategy
value:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template: templates/athens-proxy/deployment.yaml
- it: Test custom replicas
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.replicas: 3
asserts:
- equal:
path: spec.replicas
value: 3
template: templates/athens-proxy/deployment.yaml
- it: Test custom affinity
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: topology.kubernetes.io/zone
operator: In
values:
- antarctica-east1
- antarctica-west1
asserts:
- equal:
path: spec.template.spec.affinity
value:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: topology.kubernetes.io/zone
operator: In
values:
- antarctica-east1
- antarctica-west1
template: templates/athens-proxy/deployment.yaml
- it: Test additional arguments
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.args:
- "--foo=bar"
- "--bar=foo"
asserts:
- equal:
path: spec.template.spec.containers[0].args
value:
- --foo=bar
- --bar=foo
template: templates/athens-proxy/deployment.yaml
- it: Test additional command
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.command:
- "/bin/sh"
- "-c"
- "echo hello"
asserts:
- equal:
path: spec.template.spec.containers[0].command
value:
- "/bin/sh"
- "-c"
- "echo hello"
template: templates/athens-proxy/deployment.yaml
- it: Test custom imageRegistry and imageRepository
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.image.registry: registry.example.local
deployment.athensProxy.image.repository: path/special/athens-proxy
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: registry.example.local/path/special/athens-proxy:v0.1.0
template: templates/athens-proxy/deployment.yaml
- it: Test custom imagePullPolicy
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.image.pullPolicy: Always
asserts:
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: Always
template: templates/athens-proxy/deployment.yaml
- it: Test custom resource limits and requests
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.resources:
limits:
cpu: 100m
memory: 250MB
requests:
cpu: 25m
memory: 100MB
asserts:
- equal:
path: spec.template.spec.containers[0].env
value:
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
divisor: "1"
resource: limits.cpu
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.template.spec.containers[0].resources
value:
limits:
cpu: 100m
memory: 250MB
requests:
cpu: 25m
memory: 100MB
template: templates/athens-proxy/deployment.yaml
- it: Test custom securityContext
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.securityContext:
capabilities:
add:
- NET_RAW
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
capabilities:
add:
- NET_RAW
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
template: templates/athens-proxy/deployment.yaml
- it: Test dnsConfig
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.dnsConfig:
nameservers:
- "8.8.8.8"
- "8.8.4.4"
asserts:
- equal:
path: spec.template.spec.dnsConfig
value:
nameservers:
- "8.8.8.8"
- "8.8.4.4"
template: templates/athens-proxy/deployment.yaml
- it: Test dnsPolicy
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.dnsPolicy: ClusterFirst
asserts:
- equal:
path: spec.template.spec.dnsPolicy
value: ClusterFirst
template: templates/athens-proxy/deployment.yaml
- it: Test hostNetwork, hostname, subdomain
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.hostNetwork: true
deployment.hostname: pg-exporter
deployment.subdomain: exporters.internal
asserts:
- equal:
path: spec.template.spec.hostNetwork
value: true
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.template.spec.hostname
value: pg-exporter
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.template.spec.subdomain
value: exporters.internal
template: templates/athens-proxy/deployment.yaml
- it: Test imagePullSecrets
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.imagePullSecrets:
- name: my-pull-secret
- name: my-special-secret
asserts:
- equal:
path: spec.template.spec.imagePullSecrets
value:
- name: my-pull-secret
- name: my-special-secret
template: templates/athens-proxy/deployment.yaml
- it: Test nodeSelector
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.nodeSelector:
foo: bar
asserts:
- equal:
path: spec.template.spec.nodeSelector
value:
foo: bar
template: templates/athens-proxy/deployment.yaml
- it: Test priorityClassName
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.priorityClassName: my-priority
asserts:
- equal:
path: spec.template.spec.priorityClassName
value: my-priority
template: templates/athens-proxy/deployment.yaml
- it: Test restartPolicy
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.restartPolicy: Always
asserts:
- equal:
path: spec.template.spec.restartPolicy
value: Always
template: templates/athens-proxy/deployment.yaml
- it: Test terminationGracePeriodSeconds
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.terminationGracePeriodSeconds: 120
asserts:
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 120
template: templates/athens-proxy/deployment.yaml
- it: Test tolerations
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.tolerations:
- key: database/type
operator: Equal
value: postgres
effect: NoSchedule
asserts:
- equal:
path: spec.template.spec.tolerations
value:
- key: database/type
operator: Equal
value: postgres
effect: NoSchedule
template: templates/athens-proxy/deployment.yaml
- it: Test topologySpreadConstraints
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.topologySpreadConstraints:
- topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: athens-proxy
asserts:
- equal:
path: spec.template.spec.topologySpreadConstraints
value:
- topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: athens-proxy
template: templates/athens-proxy/deployment.yaml
- it: Test additional volumeMounts and volumes
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.volumeMounts:
- name: data
mountPath: /usr/lib/athens-proxy/data
deployment.volumes:
- name: data
hostPath:
path: /usr/lib/athens-proxy/data
asserts:
- equal:
path: spec.template.spec.containers[0].volumeMounts
value:
- name: data
mountPath: /usr/lib/athens-proxy/data
template: templates/athens-proxy/deployment.yaml
- it: Test persistent volume claim
set:
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_STORAGE_TYPE
value: disk
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DISK_STORAGE_ROOT
value: /var/www/athens-proxy/data
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /var/www/athens-proxy/data
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: athens-proxy-unittest-data
template: templates/athens-proxy/deployment.yaml
- it: Test existing persistent volume claim
set:
persistence.enabled: true
persistence.data.mountPath: "/mnt/go-proxy/data"
persistence.data.existingPersistentVolumeClaim.enabled: true
persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName: "my-special-pvc"
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_STORAGE_TYPE
value: disk
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DISK_STORAGE_ROOT
value: /mnt/go-proxy/data
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /mnt/go-proxy/data
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: my-special-pvc
template: templates/athens-proxy/deployment.yaml

116
unittests/hpa/default.yaml Normal file
View File

@@ -0,0 +1,116 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: HPA template (basic)
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/hpa.yaml
tests:
- it: Skip rendering by default.
asserts:
- hasDocuments:
count: 0
- it: Rendering when enabled - default
set:
hpa.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- contains:
path: spec.metrics
content:
resource:
name: cpu
target:
averageUtilization: 65
type: Utilization
type: Resource
- equal:
path: spec.maxReplicas
value: 10
- equal:
path: spec.minReplicas
value: 1
- equal:
path: spec.scaleTargetRef
value:
apiVersion: apps/v1
kind: Deployment
name: athens-proxy-unittest
- it: Rendering when enabled - custom values
set:
hpa.enabled: true
hpa.annotations:
foo: bar
hpa.labels:
bar: foo
hpa.maxReplicas: 25
hpa.minReplicas: 5
hpa.metrics:
- resource:
name: memory
target:
averageUtilization: 65
type: Utilization
type: Resource
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
name: athens-proxy-unittest
namespace: testing
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
bar: foo
helm.sh/chart: athens-proxy-0.1.0
- contains:
path: spec.metrics
content:
resource:
name: memory
target:
averageUtilization: 65
type: Utilization
type: Resource
- equal:
path: spec.maxReplicas
value: 25
- equal:
path: spec.minReplicas
value: 5
- equal:
path: spec.scaleTargetRef
value:
apiVersion: apps/v1
kind: Deployment
name: athens-proxy-unittest

View File

@@ -0,0 +1,139 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Ingress template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/ingress.yaml
tests:
- it: Skip ingress by default.
asserts:
- hasDocuments:
count: 0
- it: Skip ingress, when service is disabled.
set:
services.http.enabled: false
ingress.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Render ingress with default values.
set:
ingress.enabled: true
ingress.hosts:
- host: athens-proxy.example.local
paths:
- path: /
pathType: Prefix
ingress.tls:
- secretName: athens-proxy-http-tls
hosts:
- athens-proxy.example.local
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: Ingress
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: spec.ingressClassName
value: nginx
- contains:
path: spec.rules
content:
host: athens-proxy.example.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: athens-proxy-unittest-http
port:
number: 3000
- contains:
path: spec.tls
content:
hosts:
- athens-proxy.example.local
secretName: athens-proxy-http-tls
- it: Render ingress with custom values.
set:
ingress.enabled: true
ingress.annotations:
foo: bar
ingress.className: nginx
ingress.labels:
bar: foo
ingress.hosts:
- host: athens-proxy.example.local
paths:
- path: /
pathType: Prefix
ingress.tls:
- secretName: athens-proxy-http-tls
hosts:
- athens-proxy.example.local
services.http.port: 8080
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: Ingress
name: athens-proxy-unittest
namespace: testing
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
bar: foo
- equal:
path: spec.ingressClassName
value: nginx
- contains:
path: spec.rules
content:
host: athens-proxy.example.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: athens-proxy-unittest-http
port:
number: 8080
- contains:
path: spec.tls
content:
hosts:
- athens-proxy.example.local
secretName: athens-proxy-http-tls

View File

@@ -0,0 +1,118 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: NetworkPolicies template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/networkPolicies.yaml
tests:
- it: Skip networkPolicies in general disabled.
set:
networkPolicies.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip networkPolicy 'default' when disabled.
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Loop over networkPolicies
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: false
networkPolicies.nginx.enabled: true
networkPolicies.prometheus.enabled: true
asserts:
- hasDocuments:
count: 2
- it: Template networkPolicy 'default' without policyTypes, egress and ingress configuration
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
name: athens-proxy-unittest-default
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: spec.podSelector.matchLabels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/name: athens-proxy
- notExists:
path: spec.policyTypes
- notExists:
path: spec.egress
- notExists:
path: spec.ingress
- it: Template networkPolicy 'default' with policyTypes, egress and ingress configuration
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: true
networkPolicies.default.policyTypes:
- Egress
- Ingress
networkPolicies.default.ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: khv-production
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
networkPolicies.default.egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: database
podSelector:
matchLabels:
app.kubernetes.io/name: oracle
asserts:
- equal:
path: spec.policyTypes
value:
- Egress
- Ingress
- equal:
path: spec.egress
value:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: database
podSelector:
matchLabels:
app.kubernetes.io/name: oracle
- equal:
path: spec.ingress
value:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: khv-production
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus

View File

@@ -0,0 +1,90 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: PersistentVolumeClaim template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/persistentVolumeClaim.yaml
tests:
- it: Rendering default
asserts:
- hasDocuments:
count: 0
- it: Rendering with enabled persistent storage
set:
persistence.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: PersistentVolumeClaim
name: athens-proxy-unittest-data
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: spec.accessModes
value:
- ReadWriteMany
- isSubset:
path: spec.resources
content:
requests:
storage: 5Gi
- notExists:
path: spec.storageClassName
- it: Rendering with custom enabled persistent storage
set:
persistence.enabled: true
persistence.data.persistentVolumeClaim.annotations:
foo: bar
persistence.data.persistentVolumeClaim.labels:
bar: foo
persistence.data.persistentVolumeClaim.storageClassName: my-storage-class
persistence.data.persistentVolumeClaim.storageSize: 10Gi
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: PersistentVolumeClaim
name: athens-proxy-unittest-data
namespace: testing
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
bar: foo
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: spec.accessModes
value:
- ReadWriteMany
- isSubset:
path: spec.resources
content:
requests:
storage: 10Gi
- equal:
path: spec.storageClassName
value: my-storage-class

View File

@@ -0,0 +1,67 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Secret environment variables
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/secretEnv.yaml
tests:
- it: Skip rendering by using existing secret.
set:
config.env.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering env secret with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Secret
name: athens-proxy-unittest-env
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- isNullOrEmpty:
path: stringData
- it: Rendering env secret with custom values.
set:
config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token
asserts:
- isSubset:
path: stringData
content:
ATHENS_GITHUB_TOKEN: my-secret-token
- it: Rendering custom annotations and labels.
set:
config.env.secret.annotations:
foo: bar
bar: foo
config.env.secret.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo

View File

@@ -0,0 +1,83 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Secret netrc template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/secretNetRC.yaml
tests:
- it: Skip rendering by using existing secret.
set:
config.netrc.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering netrc secret with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Secret
name: athens-proxy-unittest-netrc
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: stringData[".netrc"]
value: |
# The .netrc file
#
# The .netrc file contains login and initialization information used by the auto-login process. It generally
# resides in the user's home directory, but a location outside of the home directory can be set using the
# environment variable NETRC. Both locations are overridden by the command line option -N. The selected file
# must be a regular file, or access will be denied.
#
# https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
#
# default login [name] password [password/token]
# machine github.com [octocat] password [PAT]
# machine api.github.com [octocat] password [PAT]
- it: Rendering netrc secret with custom values.
set:
config.netrc.secret.content: |
default github.com hugo password kinnock
default api.github.com hugo password kinnock
asserts:
- equal:
path: stringData[".netrc"]
value: |
default github.com hugo password kinnock
default api.github.com hugo password kinnock
- it: Rendering custom annotations and labels.
set:
config.netrc.secret.annotations:
foo: bar
bar: foo
config.netrc.secret.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo

109
unittests/secrets/ssh.yaml Normal file
View File

@@ -0,0 +1,109 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Secret ssh template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/secretSSH.yaml
tests:
- it: Skip rendering by using existing secret.
set:
config.ssh.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering ssh secret with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Secret
name: athens-proxy-unittest-ssh
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: stringData.config
value: |
# Host *
# IdentityFile ~/.ssh/id_ed25519
# IdentityFile ~/.ssh/id_rsa
- notExists:
path: stringData.id_ed25519
- notExists:
path: stringData["id_ed25519.pub"]
- notExists:
path: stringData.id_rsa
- notExists:
path: stringData["id_rsa.pub"]
- it: Rendering ssh secret with custom values.
set:
config.ssh.secret.config: |
Host *
IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_rsa
config.ssh.secret.id_ed25519: |
my-private-25519-key
config.ssh.secret.id_ed25519_pub: |
my-public-25519-key
config.ssh.secret.id_rsa: |
my-private-rsa-key
config.ssh.secret.id_rsa_pub: |
my-public-rsa-key
asserts:
- equal:
path: stringData.config
value: |
Host *
IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_rsa
- equal:
path: stringData.id_ed25519
value: |
my-private-25519-key
- equal:
path: stringData["id_ed25519.pub"]
value: |
my-public-25519-key
- equal:
path: stringData.id_rsa
value: |
my-private-rsa-key
- equal:
path: stringData["id_rsa.pub"]
value: |
my-public-rsa-key
- it: Rendering custom annotations and labels.
set:
config.ssh.secret.annotations:
foo: bar
bar: foo
config.ssh.secret.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo

View File

@@ -0,0 +1,79 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ServiceAccount athens-proxy template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/serviceAccount.yaml
tests:
- it: Skip rendering.
set:
serviceAccount.existing.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering serviceAccount with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ServiceAccount
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- notExists:
path: metadata.labels
- equal:
path: automountServiceAccountToken
value: true
- notExists:
path: imagePullSecrets
- notExists:
path: secrets
- it: Rendering serviceAccount with custom values.
set:
serviceAccount.new.annotations:
foo: bar
serviceAccount.new.labels:
bar: foo
serviceAccount.new.automountServiceAccountToken: false
serviceAccount.new.imagePullSecrets:
- name: "my-pull-secret"
serviceAccount.new.secrets:
- name: "my-secret"
namespace: "my-namespace"
fieldPath: "my-path"
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
bar: foo
- equal:
path: metadata.name
value: athens-proxy-unittest
- equal:
path: automountServiceAccountToken
value: false
- equal:
path: imagePullSecrets
value:
- name: "my-pull-secret"
- equal:
path: secrets
value:
- name: "my-secret"
namespace: "my-namespace"
fieldPath: "my-path"

View File

@@ -0,0 +1,174 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Service http template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/serviceHTTP.yaml
tests:
- it: Skip service when disabled.
set:
services.http.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Rendering service with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Service
name: athens-proxy-unittest-http
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/service-name: http
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- notExists:
path: spec.externalIPs
- notExists:
path: spec.externalTrafficPolicy
- equal:
path: spec.internalTrafficPolicy
value: Cluster
- notExists:
path: spec.ipFamilies
- notExists:
path: spec.loadBalancerClass
- notExists:
path: spec.loadBalancerIP
- notExists:
path: spec.loadBalancerSourceRanges
- equal:
path: spec.ports[0].name
value: http
- equal:
path: spec.ports[0].protocol
value: TCP
- equal:
path: spec.ports[0].port
value: 3000
- equal:
path: spec.selector
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/name: athens-proxy
- equal:
path: spec.sessionAffinity
value: None
- notExists:
path: spec.sessionAffinityConfig
- equal:
path: spec.type
value: ClusterIP
- it: Require internalTrafficPolicy.
set:
services.http.internalTrafficPolicy: ""
asserts:
- failedTemplate:
errorMessage: No internal traffic policy defined!
- it: Require port.
set:
services.http.port: ""
asserts:
- failedTemplate:
errorMessage: No service port defined!
- it: Require sessionAffinity.
set:
services.http.sessionAffinity: ""
asserts:
- failedTemplate:
errorMessage: No session affinity defined!
- it: Require service type.
set:
services.http.type: ""
asserts:
- failedTemplate:
errorMessage: No service type defined!
- it: Render service with custom annotations and labels.
set:
services.http.annotations:
foo: bar
services.http.labels:
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/service-name: http
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
bar: foo
- it: Change defaults
set:
services.http.externalIPs:
- "10.11.12.13/32"
services.http.externalTrafficPolicy: Local
services.http.internalTrafficPolicy: Local
services.http.ipFamilies:
- IPv4
services.http.loadBalancerClass: aws
services.http.loadBalancerIP: "11.12.13.14"
services.http.loadBalancerSourceRanges:
- "11.12.0.0/17"
services.http.port: 10443
services.http.sessionAffinity: ClientIP
services.http.type: LoadBalancer
asserts:
- equal:
path: spec.externalIPs
value:
- 10.11.12.13/32
- equal:
path: spec.externalTrafficPolicy
value: Local
- equal:
path: spec.internalTrafficPolicy
value: Local
- equal:
path: spec.ipFamilies
value:
- IPv4
- equal:
path: spec.loadBalancerClass
value: aws
- equal:
path: spec.loadBalancerIP
value: "11.12.13.14"
- equal:
path: spec.loadBalancerSourceRanges
value:
- "11.12.0.0/17"
- equal:
path: spec.ports[0].port
value: 10443
- equal:
path: spec.sessionAffinity
value: ClientIP
- equal:
path: spec.type
value: LoadBalancer

View File

@@ -1,199 +1,587 @@
affinity: {} # Declare variables to be passed into your templates.
## @section Global
image: ## @param nameOverride Individual release name suffix.
repository: docker.io/gomods/athens ## @param fullnameOverride Override the complete release name logic.
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
podAnnotations: {} ## @section Configuration
config:
env:
## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables.
## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables.
existingSecret:
enabled: false
secretName: ""
podPriorityClassName: "" ## @param config.env.secret.annotations Additional annotations of the secret containing the database credentials.
## @param config.env.secret.labels Additional labels of the secret containing the database credentials.
## @param config.env.secret.envs List of environment variables stored in a secret and mounted into the container.
secret:
annotations: {}
labels: {}
envs: {}
# ATHENS_AZURE_ACCOUNT_KEY:
# ATHENS_AZURE_ACCOUNT_NAME:
# ATHENS_AZURE_CONTAINER_NAME:
# ATHENS_CLOUD_RUNTIME:
# ATHENS_DOWNLOAD_MODE:
# ATHENS_DOWNLOAD_URL:
# ATHENS_ETCD_ENDPOINTS:
# ATHENS_EXTERNAL_STORAGE_URL:
# ATHENS_FILTER_FILE:
# ATHENS_GITHUB_TOKEN:
# ATHENS_GLOBAL_ENDPOINT:
# ATHENS_GO_BINARY_ENV_VARS:
# ATHENS_GOGET_DIR:
# ATHENS_GOGET_WORKERS:
# ATHENS_GONOSUM_PATTERNS:
# ATHENS_HGRC_PATH:
# ATHENS_INDEX_MYSQL_DATABASE:
# ATHENS_INDEX_MYSQL_HOST:
# ATHENS_INDEX_MYSQL_PARAMS:
# ATHENS_INDEX_MYSQL_PASSWORD:
# ATHENS_INDEX_MYSQL_PORT:
# ATHENS_INDEX_MYSQL_PROTOCOL:
# ATHENS_INDEX_MYSQL_USER:
# ATHENS_INDEX_POSTGRES_DATABASE:
# ATHENS_INDEX_POSTGRES_HOST:
# ATHENS_INDEX_POSTGRES_PARAMS:
# ATHENS_INDEX_POSTGRES_PASSWORD:
# ATHENS_INDEX_POSTGRES_PORT:
# ATHENS_INDEX_POSTGRES_USER:
# ATHENS_INDEX_TYPE:
# ATHENS_LOG_LEVEL:
# ATHENS_MINIO_ACCESS_KEY_ID:
# ATHENS_MINIO_BUCKET_NAME:
# ATHENS_MINIO_ENDPOINT:
# ATHENS_MINIO_REGION:
# ATHENS_MINIO_SECRET_ACCESS_KEY:
# ATHENS_MINIO_USE_SSL:
# ATHENS_MONGO_CERT_PATH:
# ATHENS_MONGO_DEFAULT_DATABASE:
# ATHENS_MONGO_INSECURE:
# ATHENS_MONGO_STORAGE_URL:
# ATHENS_NETRC_PATH:
# ATHENS_PATH_PREFIX:
# ATHENS_PORT:
# ATHENS_PROTOCOL_WORKERS:
# ATHENS_PROXY_VALIDATOR:
# ATHENS_REDIS_ENDPOINT:
# ATHENS_REDIS_PASSWORD:
# ATHENS_REDIS_SENTINEL_ENDPOINTS:
# ATHENS_ROBOTS_FILE:
# ATHENS_SINGLE_FLIGHT_TYPE:
# ATHENS_STATS_EXPORTER:
# ATHENS_STORAGE_GCP_BUCKET:
# ATHENS_STORAGE_GCP_JSON_KEY:
# ATHENS_STORAGE_TYPE:
# ATHENS_SUM_DBS:
# ATHENS_TIMEOUT:
# ATHENS_TLSCERT_FILE:
# ATHENS_TLSKEY_FILE:
# ATHENS_TRACE_EXPORTER_URL:
# ATHENS_TRACE_EXPORTER:
# AWS_ACCESS_KEY_ID:
# AWS_ENDPOINT:
# AWS_FORCE_PATH_STYLE:
# AWS_REGION:
# AWS_SECRET_ACCESS_KEY:
# AWS_SESSION_TOKEN:
# BASIC_AUTH_PASS:
# BASIC_AUTH_USER:
# CDN_ENDPOINT:
# GO_BINARY_PATH:
# GO_ENV:
# GOOGLE_CLOUD_PROJECT:
# MY_S3_BUCKET_NAME:
# PROXY_FORCE_SSL:
podSecurityContext: {} downloadMode:
# fsGroup: 2000 ## @param config.downloadMode.existingConfigMap.enabled TODO:
## @param config.downloadMode.existingConfigMap.secretName TODO:
existingConfigMap:
enabled: false
secretName: ""
securityContext: {} ## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file.
# capabilities: ## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file.
# drop: ## @param config.downloadMode.configMap.content Additional labels of the config map containing the download mode file.
# - ALL configMap:
# readOnlyRootFilesystem: true annotations: {}
# runAsNonRoot: true labels: {}
# runAsUser: 1000 content: |
# downloadURL = "https://proxy.golang.org"
#
# mode = "async_redirect"
#
# download "github.com/gomods/*" {
# mode = "sync"
# }
#
# download "golang.org/x/*" {
# mode = "none"
# }
#
# download "github.com/pkg/*" {
# mode = "redirect"
# downloadURL = "https://gocenter.io"
# }
config: {} gitConfig:
# ATHENS_AZURE_ACCOUNT_KEY: ## @param config.gitConfig.existingConfigMap.enabled TODO:
# ATHENS_AZURE_ACCOUNT_NAME: ## @param config.gitConfig.existingConfigMap.secretName TODO:
# ATHENS_AZURE_CONTAINER_NAME: existingConfigMap:
# ATHENS_CLOUD_RUNTIME: enabled: false
# ATHENS_DOWNLOAD_MODE: secretName: ""
# ATHENS_DOWNLOAD_URL:
# ATHENS_ETCD_ENDPOINTS:
# ATHENS_EXTERNAL_STORAGE_URL:
# ATHENS_FILTER_FILE:
# ATHENS_GITHUB_TOKEN:
# ATHENS_GLOBAL_ENDPOINT:
# ATHENS_GO_BINARY_ENV_VARS:
# ATHENS_GOGET_DIR:
# ATHENS_GOGET_WORKERS:
# ATHENS_GONOSUM_PATTERNS:
# ATHENS_HGRC_PATH:
# ATHENS_INDEX_MYSQL_DATABASE:
# ATHENS_INDEX_MYSQL_HOST:
# ATHENS_INDEX_MYSQL_PARAMS:
# ATHENS_INDEX_MYSQL_PASSWORD:
# ATHENS_INDEX_MYSQL_PORT:
# ATHENS_INDEX_MYSQL_PROTOCOL:
# ATHENS_INDEX_MYSQL_USER:
# ATHENS_INDEX_POSTGRES_DATABASE:
# ATHENS_INDEX_POSTGRES_HOST:
# ATHENS_INDEX_POSTGRES_PARAMS:
# ATHENS_INDEX_POSTGRES_PASSWORD:
# ATHENS_INDEX_POSTGRES_PORT:
# ATHENS_INDEX_POSTGRES_USER:
# ATHENS_INDEX_TYPE:
# ATHENS_LOG_LEVEL:
# ATHENS_MINIO_ACCESS_KEY_ID:
# ATHENS_MINIO_BUCKET_NAME:
# ATHENS_MINIO_ENDPOINT:
# ATHENS_MINIO_REGION:
# ATHENS_MINIO_SECRET_ACCESS_KEY:
# ATHENS_MINIO_USE_SSL:
# ATHENS_MONGO_CERT_PATH:
# ATHENS_MONGO_DEFAULT_DATABASE:
# ATHENS_MONGO_INSECURE:
# ATHENS_MONGO_STORAGE_URL:
# ATHENS_NETRC_PATH:
# ATHENS_PATH_PREFIX:
# ATHENS_PORT:
# ATHENS_PROTOCOL_WORKERS:
# ATHENS_PROXY_VALIDATOR:
# ATHENS_REDIS_ENDPOINT:
# ATHENS_REDIS_PASSWORD:
# ATHENS_REDIS_SENTINEL_ENDPOINTS:
# ATHENS_ROBOTS_FILE:
# ATHENS_SINGLE_FLIGHT_TYPE:
# ATHENS_STATS_EXPORTER:
# ATHENS_STORAGE_GCP_BUCKET:
# ATHENS_STORAGE_GCP_JSON_KEY:
# ATHENS_STORAGE_TYPE:
# ATHENS_SUM_DBS:
# ATHENS_TIMEOUT:
# ATHENS_TLSCERT_FILE:
# ATHENS_TLSKEY_FILE:
# ATHENS_TRACE_EXPORTER_URL:
# ATHENS_TRACE_EXPORTER:
# AWS_ACCESS_KEY_ID:
# AWS_ENDPOINT:
# AWS_FORCE_PATH_STYLE:
# AWS_REGION:
# AWS_SECRET_ACCESS_KEY:
# AWS_SESSION_TOKEN:
# BASIC_AUTH_PASS:
# BASIC_AUTH_USER:
# CDN_ENDPOINT:
# GO_BINARY_PATH:
# GO_ENV:
# GOOGLE_CLOUD_PROJECT:
# MY_S3_BUCKET_NAME:
# PROXY_FORCE_SSL:
livenessProbe: ## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the download mode file.
httpGet: ## @param config.gitConfig.configMap.labels Additional labels of the config map containing the download mode file.
scheme: HTTP ## @param config.gitConfig.configMap.content TODO:
path: /healthz configMap:
port: http annotations: {}
labels: {}
content: |
replicaCount: 1 netrc:
## @param config.netrc.existingSecret.enabled TODO:.
## @param config.netrc.existingSecret.secretName TODO:
existingSecret:
enabled: false
secretName: ""
serviceAccount: ## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials.
## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials.
## @param config.netrc.secret.content TODO:
secret:
annotations: {}
labels: {}
content: |
# The .netrc file
#
# The .netrc file contains login and initialization information used by the auto-login process. It generally
# resides in the user's home directory, but a location outside of the home directory can be set using the
# environment variable NETRC. Both locations are overridden by the command line option -N. The selected file
# must be a regular file, or access will be denied.
#
# https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
#
# default login [name] password [password/token]
# machine github.com [octocat] password [PAT]
# machine api.github.com [octocat] password [PAT]
ssh:
## @param config.ssh.existingSecret.enabled TODO:.
## @param config.ssh.existingSecret.secretName TODO:
existingSecret:
enabled: false
## @param config.ssh.secret.annotations Additional annotations of the secret containing the database credentials.
## @param config.ssh.secret.labels Additional labels of the secret containing the database credentials.
## @param config.ssh.secret.files TODO:
## @skip config.ssh.secret.id_ed25519 TODO:
## @skip config.ssh.secret.id_ed25519_pub TODO:
## @skip config.ssh.secret.id_rsa TODO:
## @skip config.ssh.secret.id_rsa_pub TODO:
secret:
annotations: {}
labels: {}
config: |
# Host *
# IdentityFile ~/.ssh/id_ed25519
# IdentityFile ~/.ssh/id_rsa
id_ed25519: ""
id_ed25519_pub: ""
id_rsa: ""
id_rsa_pub: ""
## @section Deployment
deployment:
## @param deployment.annotations Additional deployment annotations.
## @param deployment.labels Additional deployment labels.
annotations: {} annotations: {}
labels: {}
service: ## @param deployment.additionalContainers List of additional containers.
additionalContainers: []
# - command: [ "sh", "-c", "echo hello world" ]
# image: "docker.io/library/busybox:latest"
# name: side-car
## @param deployment.affinity Affinity for the athens-proxy deployment.
affinity: {}
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/os
# operator: In
# values:
# - linux
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 20
# preference:
# matchExpressions:
# - key: kubernetes.io/arch
# operator: In
# values:
# - amd64
## @param deployment.initContainers List of additional init containers.
initContainers: []
# - command: [ "sh", "-c", "echo hello world" ]
# image: "docker.io/library/busybox:latest"
# name: init
## @param deployment.dnsConfig dnsConfig of the athens-proxy deployment.
dnsConfig: {}
# nameservers:
# - 192.0.2.1 # this is an example
# searches:
# - ns1.svc.cluster-domain.example
# - my.dns.search.suffix
# options:
# - name: ndots
# value: "2"
# - name: edns0
## @param deployment.dnsPolicy dnsPolicy of the athens-proxy deployment.
dnsPolicy: ""
## @param deployment.hostname Individual hostname of the pod.
## @param deployment.subdomain Individual domain of the pod.
hostname: ""
subdomain: ""
## @param deployment.hostNetwork Use the kernel network namespace of the host system.
hostNetwork: false
## @param deployment.imagePullSecrets Secret to use for pulling the image.
imagePullSecrets: []
# - name: "my-custom-secret"
athensProxy:
## @param deployment.athensProxy.args Arguments passed to the athens-proxy container.
args: []
## @param deployment.athensProxy.command Command passed to the athens-proxy container.
command: []
## @param deployment.athensProxy.env List of environment variables for the athens-proxy container.
env: []
# - name: SPECIAL_ENV_A
# value: special-key
# - name: SPECIAL_ENV
# valueFrom:
# configMapKeyRef:
# name: special-config
# key: special-key
# - name: SPECIAL_ENV
# valueFrom:
# secretKeyRef:
# name: special-secret
# key: special-key
## @param deployment.athensProxy.envFrom List of environment variables mounted from configMaps or secrets for the athens-proxy container.
envFrom: []
# - configMapRef:
# name: special-config
# - secretRef:
# name: special-secret
## @param deployment.athensProxy.image.registry Image registry, eg. `docker.io`.
## @param deployment.athensProxy.image.repository Image repository, eg. `library/busybox`.
## @param deployment.athensProxy.image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`.
## @param deployment.athensProxy.image.pullPolicy Image pull policy.
image:
registry: docker.io
repository: gomods/athens
tag: ""
pullPolicy: IfNotPresent
## @param deployment.athensProxy.resources CPU and memory resources of the pod.
resources: {}
# limits:
# cpu:
# ephemeral-storage:
# memory:
# requests:
# cpu:
# ephemeral-storage:
# memory:
## @param deployment.athensProxy.securityContext Security context of the container of the deployment.
securityContext: {}
# capabilities:
# add:
# - NET_RAW
# drop:
# - ALL
# privileged: false
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
## @param deployment.athensProxy.volumeMounts Additional volume mounts.
volumeMounts: []
# - name: my-configmap-volume
# mountPath: /configmap
# readOnly: true
## @param deployment.nodeSelector NodeSelector of the athens-proxy deployment.
nodeSelector: {}
## @param deployment.priorityClassName PriorityClassName of the athens-proxy deployment.
priorityClassName: ""
## @param deployment.replicas Number of replicas for the athens-proxy deployment.
replicas: 1
## @param deployment.restartPolicy Restart policy of the athens-proxy deployment.
restartPolicy: ""
## @param deployment.securityContext Security context of the athens-proxy deployment.
securityContext: {}
# fsGroup: 2000
## @param deployment.strategy.type Strategy type - `Recreate` or `RollingUpdate`.
## @param deployment.strategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update.
## @param deployment.strategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update.
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod.
terminationGracePeriodSeconds: 60
## @param deployment.tolerations Tolerations of the athens-proxy deployment.
tolerations: []
# - key: database/type
# operator: Equal
# value: postgres
# effect: NoSchedule
## @param deployment.topologySpreadConstraints TopologySpreadConstraints of the athens-proxy deployment.
topologySpreadConstraints: []
# - topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/instance: prometheus-athens-proxy
## @param deployment.volumes Additional volumes to mount into the pods of the prometheus-exporter deployment.
volumes: []
# - name: my-configmap-volume
# config:
# name: my-configmap
# - name: my-secret-volume
# secret:
# secretName: my-secret
## @section Horizontal Pod Autoscaler (HPA)
# In order for the HPA to function successfully, a metric server is required, especially for resource consumption. The
# metric server enables the CPU and memory utilisation to be recorded. If such a metric server is not available, the HPA
# cannot scale pods based on CPU or memory utilisation. Further information be be found here:
# https://github.com/kubernetes-sigs/metrics-server#deployment
hpa:
## @param hpa.enabled Enable the horizontal pod autoscaler (HPA).
## @param hpa.annotations Additional annotations for the HPA.
## @param hpa.labels Additional labels for the HPA.
## @param hpa.metrics Metrics contains the specifications for which to use to calculate the desired replica count.
## @skip hpa.metrics Skip individual HPA metric configurations.
## @param hpa.minReplicas Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down.
## @param hpa.maxReplicas Upper limit for the number of pods that can be set by the autoscaler.
enabled: false
annotations: {} annotations: {}
# externalIPs: [] labels: {}
# externalTrafficPolicy: "Cluster" metrics:
# loadBalancerClass: "" - resource:
# loadBalancerIP: "" name: cpu
# loadBalancerSourceRanges: [] target:
# internalTrafficPolicy: "Cluster" averageUtilization: 65
name: http type: Utilization
targetPort: 3000 type: Resource
type: ClusterIP # - resource:
port: 3000 # name: memory
# target:
# averageUtilization: 65
# type: Utilization
minReplicas: 1
maxReplicas: 10
## @section Ingress
ingress: ingress:
## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled.
## @param ingress.className Ingress class.
## @param ingress.annotations Additional ingress annotations.
## @param ingress.labels Additional ingress labels.
enabled: false enabled: false
className: "nginx" className: "nginx"
annotations: {} annotations: {}
# kubernetes.io/ingress.class: nginx labels: {}
# cert-manager.io/issuer:
# kubernetes.io/tls-acme: "true"
hosts:
- host: "your-hostname"
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: "your-tls-secret"
hosts:
- "your-hostname"
readinessProbe: ## @param ingress.hosts Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k.
httpGet: ## @skip ingress.hosts Skip individual host configuration.
scheme: HTTP hosts: []
path: /healthz # - host: athens-proxy.example.local
port: http # paths:
# - path: /
# pathType: Prefix
resources: {} ## @param ingress.tls Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``.
# We usually recommend not to specify default resources and to leave this as a conscious ## @skip ingress.tls Skip individual TLS configuration.
# choice for the user. This also increases chances charts run on environments with little tls: []
# resources, such as Minikube. If you do want to specify resources, uncomment the following # - secretName: athens-proxy-http-tls
# lines, adjust them as necessary, and remove the curly braces after 'resources:'. # hosts:
# limits: # - athens-proxy.example.local
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: ## @section Persistence
kubernetes.io/arch: amd64 persistence:
## @param persistence.enabled Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined.
enabled: false
tolerations: [] data:
## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`.
mountPath: "/var/www/athens-proxy/data"
# extra volumes for the pod existingPersistentVolumeClaim:
extraVolumes: {} enabled: false
# The following example mount the same secret, which contains tls certificates persistentVolumeClaimName: ""
# under different names. Each volume mount contains only selected items of the
# secret. This make it easier to place the items on different locations inside the
# container filesystem via extraVolumeMounts.
# - name: custom-ca-anchor
# secret:
# secretName: athens-proxy-custom-tls-certificates
# items:
# - key: ca.crt
# path: ca.crt
# mode: 0444
# - name: custom-tls-certificates
# secret:
# secretName: athens-proxy-custom-tls-certificates
# items:
# - key: tls.key
# path: tls.key
# mode: 0400
# - key: tls.crt
# path: tls.crt
# mode: 0444
extraVolumeMounts: {} persistentVolumeClaim:
# The following example follows the example of extraVolumes and mounts the annotations: {}
# volumes to the corresponding paths in the container filesystem. labels: {}
# - name: custom-ca-anchor accessModes:
# mountPath: /usr/local/share/ca-certificates - ReadWriteMany
# - name: custom-tls-certificates storageClass: ""
# mountPath: /etc/athens-proxy/tls storageSize: "5Gi"
## @section NetworkPolicies
## @param networkPolicies.enabled Enable network policies in general.
networkPolicies:
enabled: false
## @param networkPolicies.default.enabled Enable the network policy for accessing the application by default. For example to scape the metrics.
## @param networkPolicies.default.annotations Additional network policy annotations.
## @param networkPolicies.default.labels Additional network policy labels.
## @param networkPolicies.default.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
## @param networkPolicies.default.egress Concrete egress network policy implementation.
## @skip networkPolicies.default.egress Skip individual egress configuration.
## @param networkPolicies.default.ingress Concrete ingress network policy implementation.
## @skip networkPolicies.default.ingress Skip individual ingress configuration.
default:
enabled: false
annotations: {}
labels: {}
policyTypes: []
# - Egress
# - Ingress
egress: []
# Allow outgoing traffic to database host
#
# - to:
# - ipBlock:
# cidr: 192.168.179.1/32
# ports:
# - port: 5432
# protocol: TCP
# Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
#
# - to:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: kube-system
# podSelector:
# matchLabels:
# k8s-app: kube-dns
# ports:
# - port: 53
# protocol: TCP
# - port: 53
# protocol: UDP
ingress: []
# Allow incoming HTTP traffic from prometheus.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: monitoring
# podSelector:
# matchLabels:
# app.kubernetes.io/name: prometheus
# ports:
# - port: http
# protocol: TCP
# Allow incoming HTTP traffic from ingress-nginx.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: ingress-nginx
# podSelector:
# matchLabels:
# app.kubernetes.io/name: ingress-nginx
# ports:
# - port: http
# protocol: TCP
## @section Service
## @param services.http.enabled Enable the service.
## @param services.http.annotations Additional service annotations.
## @param services.http.externalIPs External IPs for the service.
## @param services.http.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation.
## @param services.http.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic.
## @param services.http.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization.
## @param services.http.labels Additional service labels.
## @param services.http.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`.
## @param services.http.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.
## @param services.http.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.
## @param services.http.port Port to forward the traffic to.
## @param services.http.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.
## @param services.http.sessionAffinityConfig Contains the configuration of the session affinity.
## @param services.http.type Kubernetes service type for the traffic.
services:
http:
enabled: true
annotations: {}
externalIPs: []
externalTrafficPolicy: "Cluster"
internalTrafficPolicy: "Cluster"
ipFamilies: []
labels: {}
loadBalancerClass: ""
loadBalancerIP: ""
loadBalancerSourceRanges: []
port: 3000
sessionAffinity: "None"
sessionAffinityConfig: {}
type: "ClusterIP"
## @section ServiceAccount
serviceAccount:
## @param serviceAccount.existing.enabled Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations.
## @param serviceAccount.existing.serviceAccountName Name of the existing service account.
existing:
enabled: false
serviceAccountName: ""
## @param serviceAccount.new.annotations Additional service account annotations.
## @param serviceAccount.new.labels Additional service account labels.
## @param serviceAccount.new.automountServiceAccountToken Enable/disable auto mounting of the service account token.
## @param serviceAccount.new.imagePullSecrets ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount.
## @param serviceAccount.new.secrets Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.
new:
annotations: {}
labels: {}
automountServiceAccountToken: true
imagePullSecrets: []
# - name: "my-image-pull-secret"
secrets: []
# - name: "my-secret"
# namespace: "my-namespace"
# fieldPath: "my-field"