You've already forked athens-proxy-charts
							
							Compare commits
	
		
			124 Commits
		
	
	
		
			0.1.3
			...
			3f7476afc6
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 3f7476afc6 | |||
| 530316e910 | |||
| 4974d63a8c | |||
| 1bbd0352c3 | |||
| ccdf377aaa | |||
| 64790fc316 | |||
| 2c88d6698b | |||
| 9abdb1ca3a | |||
| 81f14405fd | |||
| 7b37bfc373 | |||
| bba0df90ff | |||
| cb312817c3 | |||
| fe428d83d2 | |||
| 4c94529eab | |||
| 297f36920a | |||
| 4102fc9014 | |||
| be923ed95f | |||
| f07ff039ce | |||
| a11be194cc | |||
| 7908de9313 | |||
| adfe40a9c7 | |||
| eadbcf243b | |||
| 0caa188bb1 | |||
| 3bce806ed6 | |||
| 5c09cf8c79 | |||
| d4b5c0c86f | |||
| 74598b4ee0 | |||
| b06c1962cc | |||
| 991c545c93 | |||
| 7c60c70244 | |||
| 0e048cdf4b | |||
| 89604cbe64 | |||
| f63450aec4 | |||
| d1e5accccb | |||
| fbd846784c | |||
| bab5282617 | |||
| 307660c767 | |||
| 59b43aac79 | |||
| 85a38e7d22 | |||
| 2005fb8e05 | |||
| 5f78a0f071 | |||
| c157c8c210 | |||
| 5b9fa88dd6 | |||
| 458037db70 | |||
| b1bb94f0bd | |||
| 62a92fdabb | |||
| a01b0143c0 | |||
| 953fd85f53 | |||
| bf721d8af1 | |||
| 60fdfd90e1 | |||
| 71164d60ae | |||
| a00d40b792 | |||
| d02f63be7a | |||
| 744938f8f4 | |||
| e3185b2482 | |||
| e2fab050d3 | |||
| 83336c7f87 | |||
| 1e2a31edaa | |||
| 0b39de958a | |||
| a0abe49b23 | |||
| cc46ad7af1 | |||
| cd9a843a96 | |||
| 6b0d2ff350 | |||
| ccd7c9a1cd | |||
| b169136c37 | |||
| 9b4a708f29 | |||
| 053036bcd5 | |||
| 783e244cd3 | |||
| 41da943040 | |||
| 9ef0317677 | |||
| 5a890741e4 | |||
| cd16ddc5d8 | |||
| fd4c9d7e62 | |||
| 265ac3d9a9 | |||
| 7d20373804 | |||
| 2117bbed96 | |||
| a47f528585 | |||
| 716f6b06c3 | |||
| ee5111da20 | |||
| d954b2e3e7 | |||
| 840ee10717 | |||
| c5772856e3 | |||
| f047c145e2 | |||
| 7c0c6f4270 | |||
| 3cab48dd3c | |||
| 50e21e10d8 | |||
| 5b70f5e5fa | |||
| 09d205316e | |||
| c1e686fc2d | |||
| cfb5978593 | |||
| e04a9baec1 | |||
| 72908cae0b | |||
| 8c6f4db7f5 | |||
| 5eae090f40 | |||
| 60ed4abe97 | |||
| 1179b51895 | |||
| 1fcf9e7d4b | |||
| 00c2f285b1 | |||
| 1077afb673 | |||
| a4d1611f44 | |||
| 0950a51229 | |||
| ee9fa20df4 | |||
| 848f9c9fd8 | |||
| 2889a5390c | |||
| 14987d7265 | |||
| f9c03e8be4 | |||
| 055bcadd16 | |||
| 45d2cf7183 | |||
| 07c2bc6b72 | |||
| 9a58ec7806 | |||
| 55bb771c26 | |||
| e709d68cb8 | |||
| 1c22e90d85 | |||
| 6ef34f5f60 | |||
| 76593b2109 | |||
| cb9612fe74 | |||
| bd3e0cf62f | |||
| 560234e9c0 | |||
| 9707a79840 | |||
| 5dbc250d7f | |||
| 603fe6c96d | |||
| 122e2e1417 | |||
| d571c1e027 | |||
| e48c837d4b | 
							
								
								
									
										106
									
								
								.drone.yml
									
									
									
									
									
								
							
							
						
						
									
										106
									
								
								.drone.yml
									
									
									
									
									
								
							| @@ -1,106 +0,0 @@ | ||||
| --- | ||||
| kind: pipeline | ||||
| type: kubernetes | ||||
| name: linter | ||||
|  | ||||
| clone: | ||||
|   disable: true | ||||
|  | ||||
| platform: | ||||
|   os: linux | ||||
|   arch: amd64 | ||||
|  | ||||
| steps: | ||||
| - name: clone | ||||
|   image: git.cryptic.systems/volker.raschek/git:1.3.1 | ||||
|  | ||||
| - name: helm lint | ||||
|   commands: | ||||
|   - helm lint | ||||
|   image: git.cryptic.systems/volker.raschek/helm:3.14.1 | ||||
|   resources: | ||||
|     limits: | ||||
|       cpu: 150 | ||||
|       memory: 150M | ||||
|  | ||||
| - name: markdown lint | ||||
|   commands: | ||||
|   - markdownlint *.md | ||||
|   image: git.cryptic.systems/volker.raschek/markdownlint:0.39.0 | ||||
|   resources: | ||||
|     limits: | ||||
|       cpu: 150 | ||||
|       memory: 150M | ||||
|  | ||||
| - name: helm template | ||||
|   commands: | ||||
|   - helm template . | ||||
|   image: git.cryptic.systems/volker.raschek/helm:3.14.1 | ||||
|   resources: | ||||
|     limits: | ||||
|       cpu: 150 | ||||
|       memory: 150M | ||||
|  | ||||
| - name: email-notification | ||||
|   environment: | ||||
|     SMTP_FROM_ADDRESS: | ||||
|       from_secret: smtp_from_address | ||||
|     SMTP_FROM_NAME: | ||||
|       from_secret: smtp_from_name | ||||
|     SMTP_HOST: | ||||
|       from_secret: smtp_host | ||||
|     SMTP_USERNAME: | ||||
|       from_secret: smtp_username | ||||
|     SMTP_PASSWORD: | ||||
|       from_secret: smtp_password | ||||
|   image: git.cryptic.systems/volker.raschek/drone-email:0.1.5 | ||||
|   resources: | ||||
|     limits: | ||||
|       cpu: 150 | ||||
|       memory: 150M | ||||
|   when: | ||||
|     status: | ||||
|     - changed | ||||
|     - failure | ||||
|  | ||||
| trigger: | ||||
|   event: | ||||
|     exclude: | ||||
|     - tag | ||||
|  | ||||
| --- | ||||
| kind: pipeline | ||||
| type: kubernetes | ||||
| name: release | ||||
|  | ||||
| clone: | ||||
|   disable: true | ||||
|  | ||||
| platform: | ||||
|   os: linux | ||||
|  | ||||
| steps: | ||||
| - name: clone | ||||
|   image: git.cryptic.systems/volker.raschek/git:1.3.1 | ||||
|  | ||||
| - name: release-helm-chart | ||||
|   commands: | ||||
|   - helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek | ||||
|   - helm package --version ${DRONE_TAG} . | ||||
|   - helm cm-push ${DRONE_REPO_NAME%-charts}-${DRONE_TAG}.tgz volker.raschek | ||||
|   environment: | ||||
|     HELM_REPO_PASSWORD: | ||||
|       from_secret: helm_repo_password | ||||
|     HELM_REPO_USERNAME: | ||||
|       from_secret: helm_repo_username | ||||
|   image: git.cryptic.systems/volker.raschek/helm:3.14.1 | ||||
|   resources: | ||||
|     limits: | ||||
|       cpu: 150 | ||||
|       memory: 150M | ||||
|  | ||||
| trigger: | ||||
|   event: | ||||
|   - tag | ||||
|   repo: | ||||
|   - volker.raschek/athens-proxy-charts | ||||
| @@ -1,6 +1,3 @@ | ||||
| # EditorConfig is awesome: https://EditorConfig.org | ||||
|  | ||||
| # top-most EditorConfig file | ||||
| root = true | ||||
|  | ||||
| [*] | ||||
| @@ -9,4 +6,7 @@ indent_size = 2 | ||||
| end_of_line = lf | ||||
| charset = utf-8 | ||||
| trim_trailing_whitespace = true | ||||
| insert_final_newline = false | ||||
| insert_final_newline = false | ||||
|  | ||||
| [Makefile] | ||||
| indent_style = tab | ||||
							
								
								
									
										114
									
								
								.gitea/scripts/add-annotations.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										114
									
								
								.gitea/scripts/add-annotations.sh
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,114 @@ | ||||
| #!/bin/bash | ||||
|  | ||||
| set -e | ||||
|  | ||||
| CHART_FILE="Chart.yaml" | ||||
| if [ ! -f "${CHART_FILE}" ]; then | ||||
|   echo "ERROR: ${CHART_FILE} not found!" 1>&2 | ||||
|   exit 1 | ||||
| fi | ||||
|  | ||||
| DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)" | ||||
| DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)" | ||||
|  | ||||
| if [ -z "${1}" ]; then | ||||
|   read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG | ||||
|   if [ -z "${OLD_TAG}" ]; then | ||||
|     OLD_TAG="${DEFAULT_OLD_TAG}" | ||||
|   fi | ||||
|  | ||||
|   while [ -z "$(git tag --list "${OLD_TAG}")" ]; do | ||||
|     echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2 | ||||
|     read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG | ||||
|     if [ -z "${OLD_TAG}" ]; then | ||||
|       OLD_TAG="${DEFAULT_OLD_TAG}" | ||||
|     fi | ||||
|   done | ||||
| else | ||||
|   OLD_TAG=${1} | ||||
|   if [ -z "$(git tag --list "${OLD_TAG}")" ]; then | ||||
|     echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2 | ||||
|     exit 1 | ||||
|   fi | ||||
| fi | ||||
|  | ||||
| if [ -z "${2}" ]; then | ||||
|   read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG | ||||
|   if [ -z "${NEW_TAG}" ]; then | ||||
|     NEW_TAG="${DEFAULT_NEW_TAG}" | ||||
|   fi | ||||
|  | ||||
|   while [ -z "$(git tag --list "${NEW_TAG}")" ]; do | ||||
|     echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2 | ||||
|     read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG | ||||
|     if [ -z "${NEW_TAG}" ]; then | ||||
|       NEW_TAG="${DEFAULT_NEW_TAG}" | ||||
|     fi | ||||
|   done | ||||
| else | ||||
|   NEW_TAG=${2} | ||||
|  | ||||
|   if [ -z "$(git tag --list "${NEW_TAG}")" ]; then | ||||
|     echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2 | ||||
|     exit 1 | ||||
|   fi | ||||
| fi | ||||
|  | ||||
| CHANGE_LOG_YAML=$(mktemp) | ||||
| echo "[]" > "${CHANGE_LOG_YAML}" | ||||
|  | ||||
| function map_type_to_kind() { | ||||
|   case "${1}" in | ||||
|     feat) | ||||
|       echo "added" | ||||
|     ;; | ||||
|     fix) | ||||
|       echo "fixed" | ||||
|     ;; | ||||
|     chore|style|test|ci|docs|refac) | ||||
|       echo "changed" | ||||
|     ;; | ||||
|     revert) | ||||
|       echo "removed" | ||||
|     ;; | ||||
|     sec) | ||||
|       echo "security" | ||||
|     ;; | ||||
|     *) | ||||
|       echo "skip" | ||||
|     ;; | ||||
|   esac | ||||
| } | ||||
|  | ||||
| COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")" | ||||
|  | ||||
| echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}" | ||||
|  | ||||
| while IFS= read -r line; do | ||||
|   if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then | ||||
|     TYPE="${BASH_REMATCH[1]}" | ||||
|     KIND=$(map_type_to_kind "${TYPE}") | ||||
|  | ||||
|     if [ "${KIND}" == "skip" ]; then | ||||
|       continue | ||||
|     fi | ||||
|  | ||||
|     DESC="${BASH_REMATCH[3]}" | ||||
|  | ||||
|     echo "- ${KIND}: ${DESC}" | ||||
|  | ||||
|     jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new" | ||||
|     mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}" | ||||
|  | ||||
|   fi | ||||
| done <<< "${COMMIT_TITLES}" | ||||
|  | ||||
| if [ -s "${CHANGE_LOG_YAML}" ]; then | ||||
|   yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}" | ||||
|   yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}" | ||||
| else | ||||
|   echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2 | ||||
|   exit 1 | ||||
| fi | ||||
|  | ||||
| rm "${CHANGE_LOG_YAML}" | ||||
							
								
								
									
										32
									
								
								.gitea/workflows/generate-readme.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								.gitea/workflows/generate-readme.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,32 @@ | ||||
| name: Generate README | ||||
|  | ||||
| on: | ||||
|   pull_request: | ||||
|     paths: [ "README.md", "values.yaml" ] | ||||
|     types: [ "opened", "reopened", "synchronize" ] | ||||
|   push: | ||||
|     branches: | ||||
|     - '**' | ||||
|     paths: [ "README.md", "values.yaml" ] | ||||
|     tags-ignore: | ||||
|     - '**' | ||||
|   workflow_dispatch: {} | ||||
|  | ||||
| jobs: | ||||
|   generate-parameters: | ||||
|     container: | ||||
|       image: docker.io/library/node:25.0.0-alpine | ||||
|     runs-on: | ||||
|     - ubuntu-latest | ||||
|     steps: | ||||
|     - name: Install tooling | ||||
|       run: | | ||||
|         apk update | ||||
|         apk add git npm | ||||
|     - uses: actions/checkout@v5.0.0 | ||||
|     - name: Generate parameter section in README | ||||
|       run: | | ||||
|         npm install | ||||
|         npm run readme:parameters | ||||
|     - name: Compare diff | ||||
|       run: git diff --exit-code --name-only README.md | ||||
							
								
								
									
										42
									
								
								.gitea/workflows/helm.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										42
									
								
								.gitea/workflows/helm.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,42 @@ | ||||
| name: Helm | ||||
|  | ||||
| on: | ||||
|   pull_request: | ||||
|     types: [ "opened", "reopened", "synchronize" ] | ||||
|   push: | ||||
|     branches: | ||||
|     - '**' | ||||
|     tags-ignore: | ||||
|     - '**' | ||||
|   workflow_dispatch: {} | ||||
|  | ||||
| jobs: | ||||
|   helm-lint: | ||||
|     container: | ||||
|       image: docker.io/volkerraschek/helm:3.19.0 | ||||
|     runs-on: | ||||
|     - ubuntu-latest | ||||
|     steps: | ||||
|     - name: Install tooling | ||||
|       run: | | ||||
|         apk update | ||||
|         apk add git npm | ||||
|     - uses: actions/checkout@v5.0.0 | ||||
|     - name: Lint helm files | ||||
|       run: | | ||||
|         helm lint --values values.yaml . | ||||
|  | ||||
|   helm-unittest: | ||||
|     container: | ||||
|       image: docker.io/volkerraschek/helm:3.19.0 | ||||
|     runs-on: | ||||
|     - ubuntu-latest | ||||
|     steps: | ||||
|     - name: Install tooling | ||||
|       run: | | ||||
|         apk update | ||||
|         apk add git npm | ||||
|     - uses: actions/checkout@v5.0.0 | ||||
|     - name: Unittest | ||||
|       run: | | ||||
|         helm unittest --strict --file 'unittests/**/*.yaml' ./ | ||||
							
								
								
									
										46
									
								
								.gitea/workflows/markdown-linters.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										46
									
								
								.gitea/workflows/markdown-linters.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,46 @@ | ||||
| name: Markdown linter | ||||
|  | ||||
| on: | ||||
|   pull_request: | ||||
|     paths: [ "**/*.md" ] | ||||
|     types: [ "opened", "reopened", "synchronize" ] | ||||
|   push: | ||||
|     branches: | ||||
|     - '**' | ||||
|     paths: [ "**/*.md" ] | ||||
|     tags-ignore: | ||||
|     - '**' | ||||
|   workflow_dispatch: {} | ||||
|  | ||||
| jobs: | ||||
|   markdown-link-checker: | ||||
|     container: | ||||
|       image: docker.io/library/node:25.0.0-alpine | ||||
|     runs-on: | ||||
|     - ubuntu-latest | ||||
|     steps: | ||||
|     - name: Install tooling | ||||
|       run: | | ||||
|         apk update | ||||
|         apk add git npm | ||||
|     - uses: actions/checkout@v5.0.0 | ||||
|     - name: Verify links in markdown files | ||||
|       run: | | ||||
|         npm install | ||||
|         npm run readme:link | ||||
|  | ||||
|   markdown-lint: | ||||
|     container: | ||||
|       image: docker.io/library/node:25.0.0-alpine | ||||
|     runs-on: | ||||
|     - ubuntu-latest | ||||
|     steps: | ||||
|     - name: Install tooling | ||||
|       run: | | ||||
|         apk update | ||||
|         apk add git | ||||
|     - uses: actions/checkout@v5.0.0 | ||||
|     - name: Lint markdown files | ||||
|       run: | | ||||
|         npm install | ||||
|         npm run readme:lint | ||||
							
								
								
									
										61
									
								
								.gitea/workflows/release.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										61
									
								
								.gitea/workflows/release.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,61 @@ | ||||
| name: Release | ||||
|  | ||||
| on: | ||||
|   push: | ||||
|     tags: | ||||
|     - "**" | ||||
|  | ||||
| jobs: | ||||
|   publish-chart: | ||||
|     container: | ||||
|       image: docker.io/volkerraschek/helm:3.19.0 | ||||
|     runs-on: ubuntu-latest | ||||
|     steps: | ||||
|       - name: Install packages via apk | ||||
|         run: | | ||||
|           apk update | ||||
|           apk add git npm jq yq | ||||
|  | ||||
|       - uses: actions/checkout@v5.0.0 | ||||
|         with: | ||||
|           fetch-depth: 0 | ||||
|  | ||||
|       - name: Add Artifacthub.io annotations | ||||
|         run: | | ||||
|           NEW_TAG="$(git tag --sort=-version:refname | head -n 1)" | ||||
|           OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)" | ||||
|           .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}" | ||||
|  | ||||
|       - name: Extract meta information | ||||
|         run: | | ||||
|           echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | ||||
|           echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV | ||||
|           echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV | ||||
|  | ||||
|       - name: Update Helm Chart version in README.md | ||||
|         run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md | ||||
|  | ||||
|       - name: Package chart | ||||
|         run: | | ||||
|           helm dependency build | ||||
|           helm package --version "${PACKAGE_VERSION}" ./ | ||||
|  | ||||
|       - name: Upload Chart to ChartMuseum | ||||
|         env: | ||||
|           CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }} | ||||
|           CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} | ||||
|           CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }} | ||||
|           CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }} | ||||
|         run: | | ||||
|           helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY} | ||||
|           helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum | ||||
|           helm repo remove chartmuseum | ||||
|  | ||||
|       - name: Upload Chart to Gitea | ||||
|         env: | ||||
|           GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} | ||||
|           GITEA_SERVER_URL: ${{ github.server_url }} | ||||
|         run: | | ||||
|           helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm | ||||
|           helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea | ||||
|           helm repo remove gitea | ||||
							
								
								
									
										10
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										10
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @@ -1,3 +1,9 @@ | ||||
| *.tgz | ||||
| charts | ||||
| node_modules | ||||
| target | ||||
| values2.yml | ||||
| values2.yaml | ||||
| values2.yaml | ||||
| *.tgz | ||||
|  | ||||
| install.sh | ||||
| uninstall.sh | ||||
							
								
								
									
										34
									
								
								.helmignore
									
									
									
									
									
								
							
							
						
						
									
										34
									
								
								.helmignore
									
									
									
									
									
								
							| @@ -2,6 +2,7 @@ | ||||
| # This supports shell glob matching, relative path matching, and | ||||
| # negation (prefixed with !). Only one pattern per line. | ||||
| .DS_Store | ||||
|  | ||||
| # Common VCS dirs | ||||
| .git/ | ||||
| .gitignore | ||||
| @@ -10,23 +11,50 @@ | ||||
| .hg/ | ||||
| .hgignore | ||||
| .svn/ | ||||
|  | ||||
| # Common backup files | ||||
| *.swp | ||||
| *.bak | ||||
| *.tmp | ||||
| *.orig | ||||
| *~ | ||||
|  | ||||
| # Various IDEs | ||||
| .project | ||||
| .idea/ | ||||
| *.tmproj | ||||
| .vscode/ | ||||
|  | ||||
| # drone | ||||
| .drone.yml | ||||
| # markdownlint | ||||
| .markdownlint.yaml | ||||
|  | ||||
| # editorconfig | ||||
| .editorconfig | ||||
|  | ||||
| # customized values | ||||
| values2.yml | ||||
| values2.yaml | ||||
|  | ||||
| # helm packages | ||||
| *.tgz | ||||
| *.tgz | ||||
| .helmignore | ||||
| unittests | ||||
|  | ||||
| # markdownlint | ||||
| .markdownlint.yml | ||||
| .markdownlint.yaml | ||||
| .markdownlintignore | ||||
|  | ||||
| # npm | ||||
| .prettierignore | ||||
| .npmrc | ||||
| package* | ||||
|  | ||||
| # yamllint | ||||
| .yamllint.yaml | ||||
|  | ||||
| # Others | ||||
| CONTRIBUTING.md | ||||
| CODEOWNERS | ||||
| Makefile | ||||
| renovate.json | ||||
|   | ||||
| @@ -45,9 +45,9 @@ MD012: | ||||
| # MD013/line-length - Line length | ||||
| MD013: | ||||
|   # Number of characters | ||||
|   line_length: 80 | ||||
|   line_length: 120 | ||||
|   # Number of characters for headings | ||||
|   heading_line_length: 80 | ||||
|   heading_line_length: 120 | ||||
|   # Number of characters for code blocks | ||||
|   code_block_line_length: 80 | ||||
|   # Include code blocks | ||||
| @@ -56,8 +56,6 @@ MD013: | ||||
|   tables: false | ||||
|   # Include headings | ||||
|   headings: true | ||||
|   # Include headings | ||||
|   headers: true | ||||
|   # Strict length checking | ||||
|   strict: false | ||||
|   # Stern length checking | ||||
| @@ -73,7 +71,7 @@ MD022: | ||||
| # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content | ||||
| MD024: | ||||
|   # Only check sibling headings | ||||
|   allow_different_nesting: true | ||||
|   siblings_only: true | ||||
|  | ||||
| # MD025/single-title/single-h1 - Multiple top-level headings in the same document | ||||
| MD025: | ||||
| @@ -129,7 +127,20 @@ MD041: | ||||
| MD044: | ||||
|   # List of proper names | ||||
|   names: | ||||
|   - gitea | ||||
|     - Git | ||||
|     - GitDevOps | ||||
|     - Gitea | ||||
|     - GitHub | ||||
|     - GitLab | ||||
|     - GitOps | ||||
|     - kube-prometheus-stack | ||||
|     - Memcached | ||||
|     - Oracle | ||||
|     - PostgreSQL | ||||
|     - Prometheus | ||||
|     - prometheus-exporter | ||||
|     - SSL | ||||
|     - TLS | ||||
|   # Include code blocks | ||||
|   code_blocks: false | ||||
|  | ||||
| @@ -141,4 +152,4 @@ MD046: | ||||
| # MD048/code-fence-style - Code fence style | ||||
| MD048: | ||||
|   # Code fence syle | ||||
|   style: "backtick" | ||||
|   style: "backtick" | ||||
|   | ||||
							
								
								
									
										4
									
								
								.markdownlintignore
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								.markdownlintignore
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | ||||
| .github/ | ||||
| Chart.lock | ||||
| charts/ | ||||
| node_modules/ | ||||
							
								
								
									
										1
									
								
								.prettierignore
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								.prettierignore
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1 @@ | ||||
| Chart.lock | ||||
							
								
								
									
										8
									
								
								.vscode/extensions.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								.vscode/extensions.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| { | ||||
|   "recommendations": [ | ||||
|     "DavidAnson.vscode-markdownlint", | ||||
|     "esbenp.prettier-vscode", | ||||
|     "Tim-Koehler.helm-intellisense", | ||||
|     "yzhang.markdown-all-in-one" | ||||
|   ] | ||||
| } | ||||
							
								
								
									
										8
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| { | ||||
|   "yaml.schemas": { | ||||
|     "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [ | ||||
|       "/unittests/**/*.yaml" | ||||
|     ] | ||||
|   }, | ||||
|   "yaml.schemaStore.enable": true | ||||
| } | ||||
							
								
								
									
										20
									
								
								.yamllint.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								.yamllint.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,20 @@ | ||||
| --- | ||||
| extends: default | ||||
|  | ||||
| ignore: | | ||||
|   .yamllint | ||||
|   node_modules | ||||
|   templates | ||||
|  | ||||
|  | ||||
| rules: | ||||
|   truthy: | ||||
|     allowed-values: ['true', 'false'] | ||||
|     check-keys: False | ||||
|     level: error | ||||
|   line-length: disable | ||||
|   document-start: disable | ||||
|   comments: | ||||
|     min-spaces-from-content: 1 | ||||
|   braces: | ||||
|     max-spaces-inside: 2 | ||||
							
								
								
									
										1
									
								
								CODEOWNERS
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								CODEOWNERS
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1 @@ | ||||
| * @volker.raschek | ||||
							
								
								
									
										82
									
								
								CONTRIBUTING.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										82
									
								
								CONTRIBUTING.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,82 @@ | ||||
| # Contributing | ||||
|  | ||||
| I am very happy if you would like to provide a pull request 👍 | ||||
|  | ||||
| The content of this file describes which requirements contributors should fulfill before submitting a pull request (PR). | ||||
|  | ||||
| 1. [Valid Git commits](#valid-git-commits) | ||||
|  | ||||
| ## Valid Git commits | ||||
|  | ||||
| ### Commit message | ||||
|  | ||||
| The repository is subject to a strict commit message template. This states that there are several types of commits. For | ||||
| example, `fix`, `chore`, `refac`, `test` or `doc`. All types are described in more detail below. | ||||
|  | ||||
| | type                | description                                                       | | ||||
| | ------------------- | ----------------------------------------------------------------- | | ||||
| | `feat`              | New feature.                                                      | | ||||
| | `fix`               | Fixes a bug.                                                      | | ||||
| | `refac`             | Refactoring production code.                                      | | ||||
| | `style`             | Fixes formatting issues. No production code change.               | | ||||
| | `docs`              | Adapt documentation. No production code change.                   | | ||||
| | `test`              | Adds new or modifies existing tests. No production code change.   | | ||||
| | `chore`             | Updating grunt tasks. Is everything which the user does not see.  | | ||||
|  | ||||
| Based on these types, commit messaged can then be created. Here are a few examples: | ||||
|  | ||||
| ```text | ||||
| style(README): Wrong indentation | ||||
| feat(deployment): support restartPolicy | ||||
| fix(my-app): Add missing volume | ||||
| docs(CONTRIBUTING): Describe how to commit correctly | ||||
| ``` | ||||
|  | ||||
| This type of commit message makes it easier for me as maintainer to keep an overview and does not cause the commits of a | ||||
| pull request PR to be combined into one commit (squashing). | ||||
|  | ||||
| ### Smart commits | ||||
|  | ||||
| Smart commits are excellent when it comes to tracking bugs or issues. In this repository, however, the rebasing of | ||||
| commits is prohibited, which means that only merge commits are possible. This means that a smart commit message only | ||||
| needs to be added to the merge commit. | ||||
|  | ||||
| This has the advantage that the maintainer can use the smart commit to find the merge commit and undo the entire history | ||||
| of a merge without having to select individual commits. The following history illustrates the correct use of smart commits. | ||||
|  | ||||
| ```text | ||||
| * 823edbc7 Volker Raschek (G) | [Close #2] feat(deployment): support additional containers | ||||
| |\ | ||||
| | * 321aebc3 Volker Raschek (G) | doc(README): generate README with new deployment attributes | ||||
| | * 8d101dd3 Volker Raschek (G) | test(deployment): Extend unittest of additional containers | ||||
| | * 6f2abd93 Volker Raschek (G) | fix(deployment): Extend deployment of additional containers | ||||
| |/ | ||||
| * aa5ebda bob (N) | [Close #1] feat(deployment): support initContainers | ||||
| ``` | ||||
|  | ||||
| ### Commit signing | ||||
|  | ||||
| Another problem with Git is the chain of trust. Git allows the configuration of any name and e-mail address. An attacker | ||||
| can impersonate any person and submit pull requests under a false identity. For as Linux Torvalds, the maintainer of the | ||||
| Linux kernel. | ||||
|  | ||||
| ```bash | ||||
| git config --global user.name 'Linux Torvalds' | ||||
| git config --global user.email 'torvalds@linux-foundation.org' | ||||
| ``` | ||||
|  | ||||
| To avoid this, some Git repositories expect signed commits. In particular, repositories that are subject to direct | ||||
| delivery to customers. For this reason, the repository is subject to a branch protection rule that only allows signed | ||||
| commits. *Until* there is *no verified* and *no signed* commit, the pull request is blocked. | ||||
|  | ||||
| The following articles describes how Git can be configured to sign commits. Please keep in mind, that the e-mail | ||||
| address, which is used as UID of the GPG keyring must also be defined in the profile settings of your GitHub account. | ||||
| Otherwise will be marked the Git commit as *Unverified*. | ||||
|  | ||||
| 1. [Signing Commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) | ||||
| 2. [Tell Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key) | ||||
|  | ||||
| Inspect your Git commit via `git log`. There should be mentioned, that your commit is signed. | ||||
|  | ||||
| Furthermore, the GPG key is unique. **Don't loose your private GPG key**. Backup your private key on a safe device. For | ||||
| example an external USB drive. | ||||
							
								
								
									
										14
									
								
								Chart.yaml
									
									
									
									
									
								
							
							
						
						
									
										14
									
								
								Chart.yaml
									
									
									
									
									
								
							| @@ -1,9 +1,15 @@ | ||||
| annotations: | ||||
|   artifacthub.io/links: | | ||||
|     - name: Athens proxy (binary) | ||||
|       url: https://github.com/gomods/athens | ||||
|     - name: support | ||||
|       url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues | ||||
| apiVersion: v2 | ||||
| name: athens-proxy | ||||
| description: Athens proxy server for golang | ||||
| type: application | ||||
| version: "0.1.0" | ||||
| appVersion: "v0.13.0" | ||||
| appVersion: "v0.16.1" | ||||
| icon: https://github.com/gomods/athens/blob/main/docs/static/banner.png?raw=true | ||||
|  | ||||
| keywords: | ||||
| @@ -13,10 +19,6 @@ keywords: | ||||
| - go-proxy | ||||
|  | ||||
| sources: | ||||
| - https://github.com/volker-raschek/athens-proxy-charts | ||||
| - https://git.cryptic.systems/volker.raschek/athens-proxy-charts | ||||
| - https://github.com/gomods/athens | ||||
| - https://hub.docker.com/r/gomods/athens | ||||
|  | ||||
| maintainers: | ||||
| - name: Markus Pesch | ||||
|   email: markus.pesch+apps@cryptic.systems | ||||
|   | ||||
							
								
								
									
										28
									
								
								LICENSE
									
									
									
									
									
								
							
							
						
						
									
										28
									
								
								LICENSE
									
									
									
									
									
								
							| @@ -1,13 +1,21 @@ | ||||
| Copyright 2022 Markus Pesch | ||||
| MIT License | ||||
|  | ||||
| Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| you may not use this file except in compliance with the License. | ||||
| You may obtain a copy of the License at | ||||
| Copyright (c) 2025 Markus Pesch | ||||
|  | ||||
|     http://www.apache.org/licenses/LICENSE-2.0 | ||||
| Permission is hereby granted, free of charge, to any person obtaining a copy | ||||
| of this software and associated documentation files (the "Software"), to deal | ||||
| in the Software without restriction, including without limitation the rights | ||||
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||||
| copies of the Software, and to permit persons to whom the Software is | ||||
| furnished to do so, subject to the following conditions: | ||||
|  | ||||
| Unless required by applicable law or agreed to in writing, software | ||||
| distributed under the License is distributed on an "AS IS" BASIS, | ||||
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| See the License for the specific language governing permissions and | ||||
| limitations under the License. | ||||
| The above copyright notice and this permission notice shall be included in all | ||||
| copies or substantial portions of the Software. | ||||
|  | ||||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||||
| IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||||
| FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||||
| AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||||
| LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||||
| OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||||
| SOFTWARE. | ||||
|   | ||||
							
								
								
									
										91
									
								
								Makefile
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										91
									
								
								Makefile
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,91 @@ | ||||
| # CONTAINER_RUNTIME | ||||
| CONTAINER_RUNTIME?=$(shell which podman) | ||||
|  | ||||
| # HELM_IMAGE | ||||
| HELM_IMAGE_REGISTRY_HOST?=docker.io | ||||
| HELM_IMAGE_REPOSITORY?=volkerraschek/helm | ||||
| HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm | ||||
| HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION} | ||||
|  | ||||
| # NODE_IMAGE | ||||
| NODE_IMAGE_REGISTRY_HOST?=docker.io | ||||
| NODE_IMAGE_REPOSITORY?=library/node | ||||
| NODE_IMAGE_VERSION?=25.0.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node | ||||
| NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION} | ||||
|  | ||||
| # MISSING DOT | ||||
| # ============================================================================== | ||||
| missing-dot: | ||||
| 	grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml | ||||
|  | ||||
| # CONTAINER RUN - README | ||||
| # ============================================================================== | ||||
| PHONY+=container-run/readme | ||||
| container-run/readme: container-run/readme/link container-run/readme/lint container-run/readme/parameters | ||||
|  | ||||
| container-run/readme/link: | ||||
| 	${CONTAINER_RUNTIME} run \ | ||||
| 		--rm \ | ||||
| 		--volume $(shell pwd):$(shell pwd) \ | ||||
| 		--workdir $(shell pwd) \ | ||||
| 			${NODE_IMAGE_FULLY_QUALIFIED} \ | ||||
| 				npm install && npm run readme:link | ||||
|  | ||||
| container-run/readme/lint: | ||||
| 	${CONTAINER_RUNTIME} run \ | ||||
| 		--rm \ | ||||
| 		--volume $(shell pwd):$(shell pwd) \ | ||||
| 		--workdir $(shell pwd) \ | ||||
| 			${NODE_IMAGE_FULLY_QUALIFIED} \ | ||||
| 				npm install && npm run readme:lint | ||||
|  | ||||
| container-run/readme/parameters: | ||||
| 	${CONTAINER_RUNTIME} run \ | ||||
| 		--rm \ | ||||
| 		--volume $(shell pwd):$(shell pwd) \ | ||||
| 		--workdir $(shell pwd) \ | ||||
| 			${NODE_IMAGE_FULLY_QUALIFIED} \ | ||||
| 				npm install && npm run readme:parameters | ||||
|  | ||||
| # CONTAINER RUN - HELM UNITTESTS | ||||
| # ============================================================================== | ||||
| PHONY+=container-run/helm-unittests | ||||
| container-run/helm-unittests: | ||||
| 	${CONTAINER_RUNTIME} run \ | ||||
| 		--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \ | ||||
| 		--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \ | ||||
| 		--rm \ | ||||
| 		--volume $(shell pwd):$(shell pwd) \ | ||||
| 		--workdir $(shell pwd) \ | ||||
| 			${HELM_IMAGE_FULLY_QUALIFIED} \ | ||||
| 				unittest --strict --file 'unittests/**/*.yaml' ./ | ||||
|  | ||||
| # CONTAINER RUN - HELM UPDATE DEPENDENCIES | ||||
| # ============================================================================== | ||||
| PHONY+=container-run/helm-update-dependencies | ||||
| container-run/helm-update-dependencies: | ||||
| 	${CONTAINER_RUNTIME} run \ | ||||
| 		--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \ | ||||
| 		--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \ | ||||
| 		--rm \ | ||||
| 		--volume $(shell pwd):$(shell pwd) \ | ||||
| 		--workdir $(shell pwd) \ | ||||
| 			${HELM_IMAGE_FULLY_QUALIFIED} \ | ||||
| 				dependency update | ||||
|  | ||||
| # CONTAINER RUN - MARKDOWN-LINT | ||||
| # ============================================================================== | ||||
| PHONY+=container-run/helm-lint | ||||
| container-run/helm-lint: | ||||
| 	${CONTAINER_RUNTIME} run \ | ||||
| 		--rm \ | ||||
| 		--volume $(shell pwd):$(shell pwd) \ | ||||
| 		--workdir $(shell pwd) \ | ||||
| 		${HELM_IMAGE_FULLY_QUALIFIED} \ | ||||
| 			lint --values values.yaml . | ||||
|  | ||||
| # PHONY | ||||
| # ============================================================================== | ||||
| # Declare the contents of the PHONY variable as phony. We keep that information | ||||
| # in a variable so we can use it in if_changed. | ||||
| .PHONY: ${PHONY} | ||||
							
								
								
									
										553
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										553
									
								
								README.md
									
									
									
									
									
								
							| @@ -1,167 +1,456 @@ | ||||
| # athens-proxy-charts | ||||
|  | ||||
| [](https://drone.cryptic.systems/volker.raschek/athens-proxy-charts) | ||||
| [](https://artifacthub.io/packages/search?repo=volker-raschek) | ||||
|  | ||||
| This is an inofficial helm chart of the go-proxy | ||||
| [athens](https://github.com/gomods/athens) which supports more complex | ||||
| configuration options. | ||||
| > [!NOTE] | ||||
| > This is not the official helm chart of Athens Go Proxy. If you are looking for the official helm chart, checkout the | ||||
| > GitHub project [gomods/athens-charts](https://github.com/gomods/athens-charts). | ||||
|  | ||||
| This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and | ||||
| can be installed via helm. | ||||
| This helm chart enables the deployment of [Athens Go Proxy](https://github.com/gomods/athens), a module datastore and | ||||
| proxy for Golang. | ||||
|  | ||||
| The helm chart supports the individual configuration of additional containers/initContainers, mounting of volumes, | ||||
| defining additional environment variables and much more. | ||||
|  | ||||
| Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure | ||||
| helm and use it to deploy the exporter. It also contains further configuration examples. | ||||
|  | ||||
| Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this | ||||
| helm chart is tested for deployment scenarios with **ArgoCD**. | ||||
|  | ||||
| ## Helm: configuration and installation | ||||
|  | ||||
| 1. A helm chart repository must be configured, to pull the helm charts from. | ||||
| 2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm | ||||
|    `--set` flag or directly as part of a `values.yaml` file. The following example defines the repository and use the | ||||
|    `--set` flag for a basic deployment. | ||||
|  | ||||
| ```bash | ||||
| helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek | ||||
| helm repo update | ||||
| helm install athens-proxy volker.raschek/athens-proxy | ||||
| ``` | ||||
|  | ||||
| ## Customization | ||||
| Instead of passing all parameters via the *set* flag, it is also possible to define them as part of the `values.yaml`. | ||||
| The following command downloads the `values.yaml` for a specific version of this chart. Please keep in mind, that the | ||||
| version of the chart must be in sync with the `values.yaml`. Newer *minor* versions can have new features. New *major* | ||||
| versions can break something! | ||||
|  | ||||
| The complete deployment can be adapted via the `values.yaml` files. The | ||||
| configuration of the proxy can be done via the environment variables described | ||||
| below or via mounting the config.toml as additional persistent volume to | ||||
| `/config/config.toml` | ||||
|  | ||||
| ## Access private repositories via SSH | ||||
|  | ||||
| Create a `configmap.yaml` with multiple keys. One key describe the content of | ||||
| the `.gitconfig` file and another of `config` of the ssh client. All requests | ||||
| git clone comands with the prefix `http://github.com/` will be replaced by | ||||
| `git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a | ||||
| separate secret. | ||||
|  | ||||
| ```yaml | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: custom-configs | ||||
| data: | ||||
|   sshconfig: | | ||||
|     Host github.com | ||||
|       IdentityFile /root/.ssh/id_ed25519 | ||||
|       StrictHostKeyChecking no | ||||
|   gitconfig: | | ||||
|     [url "git@github.com:"] | ||||
|       insteadOf = https://github.com/ | ||||
| ```bash | ||||
| CHART_VERSION=1.1.1 | ||||
| helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml | ||||
| ``` | ||||
|  | ||||
| The secret definition below contains the SSH private and public key. | ||||
| A complete list of available helm chart versions can be displayed via the following command: | ||||
|  | ||||
| ```yaml | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: custom-ssh-keys | ||||
| type: Opaque | ||||
| stringData: | ||||
|   id_ed25519: | | ||||
|     -----BEGIN OPENSSH PRIVATE KEY----- | ||||
|     b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW | ||||
|     QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj | ||||
|     XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg | ||||
|     AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M | ||||
|     a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ== | ||||
|     -----END OPENSSH PRIVATE KEY----- | ||||
|   id_ed25519.pub: | | ||||
|     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe | ||||
| ```bash | ||||
| helm search repo athens-proxy --versions | ||||
| ``` | ||||
|  | ||||
| The item `config` of the configmap will be merged with the items of the secret | ||||
| as virtual volume. This volume can than be mounted with special permissions | ||||
| required for the ssh client. | ||||
| The helm chart also contains a persistent volume claim definition. It persistent volume claim is not enabled by default. | ||||
| Use the `--set` argument to persist your data. | ||||
|  | ||||
| ```yaml | ||||
| extraVolumes: | ||||
| - name: ssh | ||||
|   projected: | ||||
|     defaultMode: 0644 | ||||
|     sources: | ||||
|     - configMap: | ||||
|         name: custom-configs | ||||
|         items: | ||||
|         - key: sshconfig | ||||
|           path: config | ||||
|     - secret: | ||||
|         name: custom-ssh-keys | ||||
|         items: | ||||
|         - key: id_ed25519 | ||||
|           path: id_ed25519 | ||||
|           mode: 0600 | ||||
|         - key: id_ed25519.pub | ||||
|           path: id_ed25519.pub | ||||
| - name: gitconfig | ||||
|   configMap: | ||||
|     name: custom-configs | ||||
|     items: | ||||
|     - key: gitconfig | ||||
|       path: config | ||||
|       mode: 0644 | ||||
|  | ||||
| extraVolumeMounts: | ||||
| - name: ssh | ||||
|   mountPath: /root/.ssh | ||||
| - name: gitconfig | ||||
|   mountPath: /root/.config/git | ||||
| ```bash | ||||
| CHART_VERSION=1.1.1 | ||||
| helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||
|   persistence.enabled=true | ||||
| ``` | ||||
|  | ||||
| ## Access private github.com repositories via developer token | ||||
| ### Examples | ||||
|  | ||||
| Another way to access private github repositories is via a github token, which | ||||
| can be set via the environment variable `GITHUB_TOKEN`. Athens automatically | ||||
| creates a `.netrc` file to access private github repositories. | ||||
| The following examples serve as individual configurations and as inspiration for how deployment problems can be solved. | ||||
|  | ||||
| ## Access private repositories via .netrc configuration | ||||
| #### Avoid CPU throttling by defining a CPU limit | ||||
|  | ||||
| As describe above, a `.netrc` file is responsible for the authentication via | ||||
| HTTP. The file can also be defined via a custom secret and mounted into the home | ||||
| directory of `root` for general authentication purpose. | ||||
| If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the | ||||
| application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but | ||||
| cannot use the available CPU time to perform computing operations. | ||||
|  | ||||
| The example below describe the definition and mounting of a custom `.netrc` file | ||||
| to access private repositories hosted on github and gitlab. | ||||
| The application must be informed that despite several CPUs only a part (limit) of the available computing time is | ||||
| available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way | ||||
| of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS | ||||
| rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling. | ||||
|  | ||||
| ```yaml | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: custom-netrc | ||||
| type: Opaque | ||||
| stringData: | ||||
|   netrc: | | ||||
|     machine github.com login USERNAME password API-KEY | ||||
|     machine gitlab.com login USERNAME password API-KEY | ||||
| Further information about this topic can be found in one of Kanishk's blog | ||||
| [posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/). | ||||
|  | ||||
| > [!NOTE] | ||||
| > The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is | ||||
| > not anymore required. | ||||
| > | ||||
| > Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully. | ||||
|  | ||||
| ```bash | ||||
| CHART_VERSION=1.1.1 | ||||
| helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||
|   --set 'deployment.athensProxy.env.name=GOMAXPROCS' \ | ||||
|   --set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \ | ||||
|   --set 'deployment.athensProxy.resources.limits.cpu=1000m' | ||||
| ``` | ||||
|  | ||||
| The file must then be mounted via extraVolumes and extraVolumeMounts. | ||||
| #### TLS encryption | ||||
|  | ||||
| ```yaml | ||||
| extraVolumes: | ||||
| - name: netrc | ||||
|   secret: | ||||
|     secretName: custom-netrc | ||||
|     items: | ||||
|     - key: netrc | ||||
|       path: .netrc | ||||
|       mode: 0600 | ||||
| The example shows how to deploy the application with TLS encryption. For example when **no** HTTP ingress is used for | ||||
| TLS determination and instead the application it self should determinate the TLS handshake. To generate the TLS | ||||
| certificate can be used the [cert-manager](https://cert-manager.io/). The chart supports the creation of such a TLS | ||||
| certificate via `cert-manager.io/v1 Certificate` resource. Alternatively can be mounted a TLS certificate from a secret. | ||||
| The secret must be from type `kubernetes.io/tls`. | ||||
|  | ||||
| extraVolumeMounts: | ||||
| - name: netrc | ||||
|   mountPath: /root | ||||
| > [!WARNING] | ||||
| > The following example expects that the [cert-manager](https://cert-manager.io/) is deployed and the `Issuer` named | ||||
| > `athens-proxy-ca` is present in the same namespace of the helm deployment. | ||||
|  | ||||
| ```bash | ||||
| CHART_VERSION=1.1.1 | ||||
| helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||
|   --set 'config.certificate.enabled=true' \ | ||||
|   --set 'config.certificate.new.issuerRef.kind=Issuer' \ | ||||
|   --set 'config.certificate.new.issuerRef.name=athens-proxy-ca' | ||||
| ``` | ||||
|  | ||||
| ## Persistent storage | ||||
| The environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` are automatically added and the TLS certificate | ||||
| and private key are mounted to a pre-defined destination inside the container file system. | ||||
|  | ||||
| Unlike the athens default, the default here is `disk` - i.e. the files are | ||||
| written to the container. Therefore, it is advisable to outsource the | ||||
| corresponding storage location to persistent storage. The following example | ||||
| describes the integration of a persistent storage claim. | ||||
| #### TLS certificate rotation | ||||
|  | ||||
| If the application uses TLS certificates that are mounted as a secret in the container file system like the example | ||||
| [above](#tls-encryption), the application will not automatically apply them when the TLS certificates are rotated. Such | ||||
| a rotation can be for example triggered, when the [cert-manager](https://cert-manager.io/) issues new TLS certificates | ||||
| before expiring. | ||||
|  | ||||
| Until the exporter does not support rotating TLS certificate a workaround can be applied. For example stakater's | ||||
| [reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update. The following | ||||
| annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted configMaps | ||||
| and secrets have been changed. | ||||
|  | ||||
| ```yaml | ||||
| extraVolumes: | ||||
| - name: gomodules | ||||
|   persistentVolumeClaim: | ||||
|     claimName: custom-gomodules-pvc | ||||
|  | ||||
| extraVolumeMounts: | ||||
| - name: gomodules | ||||
|   mountPath: /var/lib/athens | ||||
| deployment: | ||||
|   annotations: | ||||
|     reloader.stakater.com/auto: "true" | ||||
| ``` | ||||
|  | ||||
| Instead of triggering a rolling update for configMap and secret resources, this action can also be defined for | ||||
| individual items. For example, when the secret named `athens-proxy-tls` is mounted and the reloader controller should | ||||
| only listen for changes of this secret: | ||||
|  | ||||
| ```yaml | ||||
| deployment: | ||||
|   annotations: | ||||
|     secret.reloader.stakater.com/reload: "athens-proxy-tls" | ||||
| ``` | ||||
|  | ||||
| If the application is rolled out using ArgoCD, a rolling update from stakater's | ||||
| [reloader](https://github.com/stakater/Reloader) can lead to a drift. ArgoCD will attempt to restore the original state | ||||
| with a rolling update. To avoid this, instead of a rolling update triggered by the reloader, a restart of the pod can be | ||||
| initiated. Further information are available in the official | ||||
| [README](https://github.com/stakater/Reloader?tab=readme-ov-file#4-%EF%B8%8F-workload-specific-rollout-strategy) of | ||||
| stakater's reloader. | ||||
|  | ||||
| ```diff | ||||
|   deployment: | ||||
|     annotations: | ||||
|       reloader.stakater.com/auto: "true" | ||||
| +     reloader.stakater.com/rollout-strategy: "restart" | ||||
| ``` | ||||
|  | ||||
| #### Network policies | ||||
|  | ||||
| Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom | ||||
| network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`. | ||||
|  | ||||
| The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming | ||||
| traffic from an ingress controller. Additionally two egress rules are defined. The first one to allow the application | ||||
| outgoing access to the internal running DNS server `core-dns`. The second rule to be able to access the upstream Go | ||||
| proxy `https://proxy.golang.org` via HTTPS. | ||||
|  | ||||
| > [!IMPORTANT] | ||||
| > Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For | ||||
| > this reason, there is are not default network policy rules defined. | ||||
|  | ||||
| ```yaml | ||||
| networkPolicies: | ||||
|   enabled: true | ||||
|   annotations: {} | ||||
|   labels: {} | ||||
|   policyTypes: | ||||
|   - Egress | ||||
|   - Ingress | ||||
|   egress: | ||||
|   - to: | ||||
|     - namespaceSelector: | ||||
|         matchLabels: | ||||
|           kubernetes.io/metadata.name: kube-system | ||||
|       podSelector: | ||||
|         matchLabels: | ||||
|           k8s-app: kube-dns | ||||
|     ports: | ||||
|     - port: 53 | ||||
|       protocol: TCP | ||||
|     - port: 53 | ||||
|       protocol: UDP | ||||
|   - ports: | ||||
|     - port: 443 | ||||
|       protocol: TCP | ||||
|  | ||||
|   ingress: | ||||
|   - from: | ||||
|     - namespaceSelector: | ||||
|         matchLabels: | ||||
|           kubernetes.io/metadata.name: ingress-nginx | ||||
|       podSelector: | ||||
|         matchLabels: | ||||
|           app.kubernetes.io/name: ingress-nginx | ||||
|     ports: | ||||
|     - port: http | ||||
|       protocol: TCP | ||||
| ``` | ||||
|  | ||||
| ## ArgoCD | ||||
|  | ||||
| ### Example Application | ||||
|  | ||||
| An application resource for the Helm chart is defined below. It serves as an example for your own deployment. | ||||
|  | ||||
| ```yaml | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| spec: | ||||
|   destination: | ||||
|     server: https://kubernetes.default.svc | ||||
|     namespace: athens-proxy | ||||
|   ignoreDifferences: | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     # When HPA is enabled, ensure that a modification of the replicas does not lead to a | ||||
|     # drift. | ||||
|       - '.spec.replicas' | ||||
|     # Ensure that changes of the annotations or environment variables added or modified by | ||||
|     # stakater's reloader does not lead to a drift. | ||||
|     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("reloader")))' | ||||
|     - '.spec.template.spec.containers[].env[] | select(.name | startswith("STAKATER_"))' | ||||
|   sources: | ||||
|   - repoURL: https://charts.cryptic.systems/volker.raschek | ||||
|     chart: athens-proxy | ||||
|     targetRevision: '0.*' | ||||
|     helm: | ||||
|       valueFiles: | ||||
|       - $values/values.yaml | ||||
|       releaseName: athens-proxy | ||||
|   syncPolicy: | ||||
|     automated: | ||||
|       prune: true | ||||
|       selfHeal: true | ||||
|     managedNamespaceMetadata: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
|     syncOptions: | ||||
|     - ApplyOutOfSyncOnly=true | ||||
|     - CreateNamespace=true | ||||
|     - FailOnSharedResource=false | ||||
|     - Replace=false | ||||
|     - RespectIgnoreDifferences=false | ||||
|     - ServerSideApply=true | ||||
|     - Validate=true | ||||
| ``` | ||||
|  | ||||
| ## Parameters | ||||
|  | ||||
| ### Global | ||||
|  | ||||
| | Name               | Description                               | Value | | ||||
| | ------------------ | ----------------------------------------- | ----- | | ||||
| | `nameOverride`     | Individual release name suffix.           | `""`  | | ||||
| | `fullnameOverride` | Override the complete release name logic. | `""`  | | ||||
|  | ||||
| ### Certificate | ||||
|  | ||||
| | Name                                          | Description                                                                                                                                                 | Value                           | | ||||
| | --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- | | ||||
| | `certificate.enabled`                         | Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added. | `false`                         | | ||||
| | `certificate.existingSecret.enabled`          | Use an existing secret of the type `kubernetes.io/tls`.                                                                                                     | `false`                         | | ||||
| | `certificate.existingSecret.secretName`       | Name of the secret containing the TLS certificate and private key.                                                                                          | `""`                            | | ||||
| | `certificate.new.annotations`                 | Additional certificate annotations.                                                                                                                         | `{}`                            | | ||||
| | `certificate.new.labels`                      | Additional certificate labels.                                                                                                                              | `{}`                            | | ||||
| | `certificate.new.duration`                    | Duration of the TLS certificate.                                                                                                                            | `744h`                          | | ||||
| | `certificate.new.renewBefore`                 | Renew TLS certificate before expiring.                                                                                                                      | `672h`                          | | ||||
| | `certificate.new.dnsNames`                    | Overwrites the default of the subject alternative DNS names.                                                                                                | `[]`                            | | ||||
| | `certificate.new.ipAddresses`                 | Overwrites the default of the subject alternative IP addresses.                                                                                             | `[]`                            | | ||||
| | `certificate.new.issuerRef.kind`              | Issuer kind. Can be `Issuer` or `ClusterIssuer`.                                                                                                            | `""`                            | | ||||
| | `certificate.new.issuerRef.name`              | Name of the `Issuer` or `ClusterIssuer`.                                                                                                                    | `""`                            | | ||||
| | `certificate.new.privateKey.algorithm`        | Algorithm of the private TLS key.                                                                                                                           | `RSA`                           | | ||||
| | `certificate.new.privateKey.rotationPolicy`   | Rotation of the private TLS key.                                                                                                                            | `Never`                         | | ||||
| | `certificate.new.privateKey.size`             | Size of the private TLS key.                                                                                                                                | `4096`                          | | ||||
| | `certificate.new.secretTemplate.annotations`  | Additional annotation of the created secret.                                                                                                                | `{}`                            | | ||||
| | `certificate.new.secretTemplate.labels`       | Additional labels of the created secret.                                                                                                                    | `{}`                            | | ||||
| | `certificate.new.subject.countries`           | List of countries.                                                                                                                                          | `[]`                            | | ||||
| | `certificate.new.subject.localities`          | List of localities.                                                                                                                                         | `[]`                            | | ||||
| | `certificate.new.subject.organizationalUnits` | List of organizationalUnits.                                                                                                                                | `[]`                            | | ||||
| | `certificate.new.subject.organizations`       | List of organizations.                                                                                                                                      | `[]`                            | | ||||
| | `certificate.new.subject.postalCodes`         | List of postalCodes.                                                                                                                                        | `[]`                            | | ||||
| | `certificate.new.subject.provinces`           | List of provinces.                                                                                                                                          | `[]`                            | | ||||
| | `certificate.new.subject.serialNumber`        | Serial number.                                                                                                                                              | `""`                            | | ||||
| | `certificate.new.subject.streetAddresses`     | List of streetAddresses.                                                                                                                                    | `[]`                            | | ||||
| | `certificate.new.usages`                      | Define the usage of the TLS key.                                                                                                                            | `["client auth","server auth"]` | | ||||
|  | ||||
| ### Configuration | ||||
|  | ||||
| | Name                                                    | Description                                                                                                                                       | Value            | | ||||
| | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | | ||||
| | `config.env.enabled`                                    | Enable mounting of the secret as environment variables.                                                                                           | `false`          | | ||||
| | `config.env.existingSecret.enabled`                     | Mount an existing secret containing the application specific environment variables.                                                               | `false`          | | ||||
| | `config.env.existingSecret.secretName`                  | Name of the existing secret containing the application specific environment variables.                                                            | `""`             | | ||||
| | `config.env.secret.annotations`                         | Additional annotations of the secret containing the database credentials.                                                                         | `{}`             | | ||||
| | `config.env.secret.labels`                              | Additional labels of the secret containing the database credentials.                                                                              | `{}`             | | ||||
| | `config.env.secret.envs`                                | List of environment variables stored in a secret and mounted into the container.                                                                  | `{}`             | | ||||
| | `config.downloadMode.enabled`                           | Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined. | `false`          | | ||||
| | `config.downloadMode.existingConfigMap.enabled`         | Enable to use an external config map for mounting the download mode file.                                                                         | `false`          | | ||||
| | `config.downloadMode.existingConfigMap.configMapName`   | The name of the existing config map which should be used to mount the download mode file.                                                         | `""`             | | ||||
| | `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored.                                                  | `downloadMode`   | | ||||
| | `config.downloadMode.configMap.annotations`             | Additional annotations of the config map containing the download mode file.                                                                       | `{}`             | | ||||
| | `config.downloadMode.configMap.labels`                  | Additional labels of the config map containing the download mode file.                                                                            | `{}`             | | ||||
| | `config.gitConfig.enabled`                              | Enable mounting of a .gitconfig file into the container file system.                                                                              | `false`          | | ||||
| | `config.gitConfig.existingConfigMap.enabled`            | Enable to use an external config map for mounting the .gitconfig file.                                                                            | `false`          | | ||||
| | `config.gitConfig.existingConfigMap.configMapName`      | The name of the existing config map which should be used to mount the .gitconfig file.                                                            | `""`             | | ||||
| | `config.gitConfig.existingConfigMap.gitConfigKey`       | The name of the key inside the config map where the content of the .gitconfig file is stored.                                                     | `nil`            | | ||||
| | `config.gitConfig.configMap.annotations`                | Additional annotations of the config map containing the .gitconfig file.                                                                          | `{}`             | | ||||
| | `config.gitConfig.configMap.labels`                     | Additional labels of the config map containing the .gitconfig file.                                                                               | `{}`             | | ||||
| | `config.netrc.enabled`                                  | Enable mounting of a .netrc file into the container file system.                                                                                  | `false`          | | ||||
| | `config.netrc.existingSecret.enabled`                   | Enable to use an external secret for mounting the .netrc file.                                                                                    | `false`          | | ||||
| | `config.netrc.existingSecret.secretName`                | The name of the existing secret which should be used to mount the .netrc file.                                                                    | `""`             | | ||||
| | `config.netrc.existingSecret.netrcKey`                  | The name of the key inside the secret where the content of the .netrc file is stored.                                                             | `.netrc`         | | ||||
| | `config.netrc.secret.annotations`                       | Additional annotations of the secret containing the database credentials.                                                                         | `{}`             | | ||||
| | `config.netrc.secret.labels`                            | Additional labels of the secret containing the database credentials.                                                                              | `{}`             | | ||||
| | `config.ssh.enabled`                                    | Enable mounting of a .netrc file into the container file system.                                                                                  | `false`          | | ||||
| | `config.ssh.existingSecret.enabled`                     | Enable to use an external secret for mounting the public and private SSH key files.                                                               | `false`          | | ||||
| | `config.ssh.existingSecret.secretName`                  | The name of the existing secret which should be used to mount the public and private SSH key files.                                               | `""`             | | ||||
| | `config.ssh.existingSecret.configKey`                   | The name of the key inside the secret where the content of the SSH client config file is stored.                                                  | `config`         | | ||||
| | `config.ssh.existingSecret.id_ed25519Key`               | The name of the key inside the secret where the content of the id_ed25519 key file is stored.                                                     | `id_ed25519`     | | ||||
| | `config.ssh.existingSecret.id_ed25519PubKey`            | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.                                                 | `id_ed25519.pub` | | ||||
| | `config.ssh.existingSecret.id_rsaKey`                   | The name of the key inside the secret where the content of the id_rsa key file is stored.                                                         | `id_rsa`         | | ||||
| | `config.ssh.existingSecret.id_rsaPubKey`                | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.                                                 | `id_rsa.pub`     | | ||||
| | `config.ssh.secret.annotations`                         | Additional annotations of the secret containing the public and private SSH key files.                                                             | `{}`             | | ||||
| | `config.ssh.secret.labels`                              | Additional labels of the secret containing the public and private SSH key files.                                                                  | `{}`             | | ||||
|  | ||||
| ### Deployment | ||||
|  | ||||
| | Name                                               | Description                                                                                                | Value           | | ||||
| | -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------- | | ||||
| | `deployment.annotations`                           | Additional deployment annotations.                                                                         | `{}`            | | ||||
| | `deployment.labels`                                | Additional deployment labels.                                                                              | `{}`            | | ||||
| | `deployment.additionalContainers`                  | List of additional containers.                                                                             | `[]`            | | ||||
| | `deployment.affinity`                              | Affinity for the athens-proxy deployment.                                                                  | `{}`            | | ||||
| | `deployment.initContainers`                        | List of additional init containers.                                                                        | `[]`            | | ||||
| | `deployment.dnsConfig`                             | dnsConfig of the athens-proxy deployment.                                                                  | `{}`            | | ||||
| | `deployment.dnsPolicy`                             | dnsPolicy of the athens-proxy deployment.                                                                  | `""`            | | ||||
| | `deployment.hostname`                              | Individual hostname of the pod.                                                                            | `""`            | | ||||
| | `deployment.subdomain`                             | Individual domain of the pod.                                                                              | `""`            | | ||||
| | `deployment.hostNetwork`                           | Use the kernel network namespace of the host system.                                                       | `false`         | | ||||
| | `deployment.imagePullSecrets`                      | Secret to use for pulling the image.                                                                       | `[]`            | | ||||
| | `deployment.athensProxy.args`                      | Arguments passed to the athens-proxy container.                                                            | `[]`            | | ||||
| | `deployment.athensProxy.command`                   | Command passed to the athens-proxy container.                                                              | `[]`            | | ||||
| | `deployment.athensProxy.env`                       | List of environment variables for the athens-proxy container.                                              | `[]`            | | ||||
| | `deployment.athensProxy.envFrom`                   | List of environment variables mounted from configMaps or secrets for the athens-proxy container.           | `[]`            | | ||||
| | `deployment.athensProxy.image.registry`            | Image registry, eg. `docker.io`.                                                                           | `docker.io`     | | ||||
| | `deployment.athensProxy.image.repository`          | Image repository, eg. `library/busybox`.                                                                   | `gomods/athens` | | ||||
| | `deployment.athensProxy.image.tag`                 | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`.                                                   | `""`            | | ||||
| | `deployment.athensProxy.image.pullPolicy`          | Image pull policy.                                                                                         | `IfNotPresent`  | | ||||
| | `deployment.athensProxy.resources`                 | CPU and memory resources of the pod.                                                                       | `{}`            | | ||||
| | `deployment.athensProxy.securityContext`           | Security context of the container of the deployment.                                                       | `{}`            | | ||||
| | `deployment.athensProxy.volumeMounts`              | Additional volume mounts.                                                                                  | `[]`            | | ||||
| | `deployment.nodeSelector`                          | NodeSelector of the athens-proxy deployment.                                                               | `{}`            | | ||||
| | `deployment.priorityClassName`                     | PriorityClassName of the athens-proxy deployment.                                                          | `""`            | | ||||
| | `deployment.replicas`                              | Number of replicas for the athens-proxy deployment.                                                        | `1`             | | ||||
| | `deployment.restartPolicy`                         | Restart policy of the athens-proxy deployment.                                                             | `""`            | | ||||
| | `deployment.securityContext`                       | Security context of the athens-proxy deployment.                                                           | `{}`            | | ||||
| | `deployment.strategy.type`                         | Strategy type - `Recreate` or `RollingUpdate`.                                                             | `RollingUpdate` | | ||||
| | `deployment.strategy.rollingUpdate.maxSurge`       | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1`             | | ||||
| | `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update.                                | `1`             | | ||||
| | `deployment.terminationGracePeriodSeconds`         | How long to wait until forcefully kill the pod.                                                            | `60`            | | ||||
| | `deployment.tolerations`                           | Tolerations of the athens-proxy deployment.                                                                | `[]`            | | ||||
| | `deployment.topologySpreadConstraints`             | TopologySpreadConstraints of the athens-proxy deployment.                                                  | `[]`            | | ||||
| | `deployment.volumes`                               | Additional volumes to mount into the pods of the athens-proxy deployment.                                  | `[]`            | | ||||
|  | ||||
| ### Horizontal Pod Autoscaler (HPA) | ||||
|  | ||||
| | Name              | Description                                                                                        | Value       | | ||||
| | ----------------- | -------------------------------------------------------------------------------------------------- | ----------- | | ||||
| | `hpa.enabled`     | Enable the horizontal pod autoscaler (HPA).                                                        | `false`     | | ||||
| | `hpa.annotations` | Additional annotations for the HPA.                                                                | `{}`        | | ||||
| | `hpa.labels`      | Additional labels for the HPA.                                                                     | `{}`        | | ||||
| | `hpa.metrics`     | Metrics contains the specifications for which to use to calculate the desired replica count.       | `undefined` | | ||||
| | `hpa.minReplicas` | Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down. | `1`         | | ||||
| | `hpa.maxReplicas` | Upper limit for the number of pods that can be set by the autoscaler.                              | `10`        | | ||||
|  | ||||
| ### Ingress | ||||
|  | ||||
| | Name                  | Description                                                                                                          | Value   | | ||||
| | --------------------- | -------------------------------------------------------------------------------------------------------------------- | ------- | | ||||
| | `ingress.enabled`     | Enable creation of an ingress resource. Requires, that the http service is also enabled.                             | `false` | | ||||
| | `ingress.className`   | Ingress class.                                                                                                       | `nginx` | | ||||
| | `ingress.annotations` | Additional ingress annotations.                                                                                      | `{}`    | | ||||
| | `ingress.labels`      | Additional ingress labels.                                                                                           | `{}`    | | ||||
| | `ingress.hosts`       | Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. | `[]`    | | ||||
| | `ingress.tls`         | Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``.         | `[]`    | | ||||
|  | ||||
| ### Persistence | ||||
|  | ||||
| | Name                                                                       | Description                                                                                                                                                                                                             | Value                        | | ||||
| | -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | | ||||
| | `persistence.enabled`                                                      | Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. | `false`                      | | ||||
| | `persistence.data.mountPath`                                               | The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`.                                                                                 | `/var/www/athens-proxy/data` | | ||||
| | `persistence.data.existingPersistentVolumeClaim.enabled`                   | Use an existing persistent volume claim.                                                                                                                                                                                | `false`                      | | ||||
| | `persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName` | The name of the existing persistent volume claim.                                                                                                                                                                       | `""`                         | | ||||
| | `persistence.data.persistentVolumeClaim.annotations`                       | Additional persistent volume claim annotations.                                                                                                                                                                         | `{}`                         | | ||||
| | `persistence.data.persistentVolumeClaim.labels`                            | Additional persistent volume claim labels.                                                                                                                                                                              | `{}`                         | | ||||
| | `persistence.data.persistentVolumeClaim.accessModes`                       | Access modes of the persistent volume claim.                                                                                                                                                                            | `["ReadWriteMany"]`          | | ||||
| | `persistence.data.persistentVolumeClaim.storageClassName`                  | Storage class of the persistent volume claim.                                                                                                                                                                           | `""`                         | | ||||
| | `persistence.data.persistentVolumeClaim.storageSize`                       | Size of the persistent volume claim.                                                                                                                                                                                    | `5Gi`                        | | ||||
|  | ||||
| ### Network | ||||
|  | ||||
| | Name            | Description                                                              | Value           | | ||||
| | --------------- | ------------------------------------------------------------------------ | --------------- | | ||||
| | `clusterDomain` | Domain of the Cluster. Domain is part of internally issued certificates. | `cluster.local` | | ||||
|  | ||||
| ### Network Policy | ||||
|  | ||||
| | Name                        | Description                                                               | Value   | | ||||
| | --------------------------- | ------------------------------------------------------------------------- | ------- | | ||||
| | `networkPolicy.enabled`     | Enable network policies in general.                                       | `false` | | ||||
| | `networkPolicy.annotations` | Additional network policy annotations.                                    | `{}`    | | ||||
| | `networkPolicy.labels`      | Additional network policy labels.                                         | `{}`    | | ||||
| | `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]`    | | ||||
| | `networkPolicy.egress`      | Concrete egress network policy implementation.                            | `[]`    | | ||||
| | `networkPolicy.ingress`     | Concrete ingress network policy implementation.                           | `[]`    | | ||||
|  | ||||
| ### Service | ||||
|  | ||||
| | Name                                     | Description                                                                                                                                                                                                | Value       | | ||||
| | ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | ||||
| | `services.http.enabled`                  | Enable the service.                                                                                                                                                                                        | `true`      | | ||||
| | `services.http.annotations`              | Additional service annotations.                                                                                                                                                                            | `{}`        | | ||||
| | `services.http.externalIPs`              | External IPs for the service.                                                                                                                                                                              | `[]`        | | ||||
| | `services.http.externalTrafficPolicy`    | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster`   | | ||||
| | `services.http.internalTrafficPolicy`    | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic.                                                   | `Cluster`   | | ||||
| | `services.http.ipFamilies`               | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization.         | `[]`        | | ||||
| | `services.http.labels`                   | Additional service labels.                                                                                                                                                                                 | `{}`        | | ||||
| | `services.http.loadBalancerClass`        | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`.                                                                     | `""`        | | ||||
| | `services.http.loadBalancerIP`           | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.                                                                                              | `""`        | | ||||
| | `services.http.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.                                                                                                                           | `[]`        | | ||||
| | `services.http.port`                     | Port to forward the traffic to.                                                                                                                                                                            | `3000`      | | ||||
| | `services.http.sessionAffinity`          | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.                                                                                                                    | `None`      | | ||||
| | `services.http.sessionAffinityConfig`    | Contains the configuration of the session affinity.                                                                                                                                                        | `{}`        | | ||||
| | `services.http.type`                     | Kubernetes service type for the traffic.                                                                                                                                                                   | `ClusterIP` | | ||||
|  | ||||
| ### ServiceAccount | ||||
|  | ||||
| | Name                                              | Description                                                                                                                                         | Value   | | ||||
| | ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | | ||||
| | `serviceAccount.existing.enabled`                 | Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations.           | `false` | | ||||
| | `serviceAccount.existing.serviceAccountName`      | Name of the existing service account.                                                                                                               | `""`    | | ||||
| | `serviceAccount.new.annotations`                  | Additional service account annotations.                                                                                                             | `{}`    | | ||||
| | `serviceAccount.new.labels`                       | Additional service account labels.                                                                                                                  | `{}`    | | ||||
| | `serviceAccount.new.automountServiceAccountToken` | Enable/disable auto mounting of the service account token.                                                                                          | `true`  | | ||||
| | `serviceAccount.new.imagePullSecrets`             | ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount. | `[]`    | | ||||
| | `serviceAccount.new.secrets`                      | Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.                                                        | `[]`    | | ||||
|   | ||||
| @@ -1,12 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: custom-configs | ||||
| data: | ||||
|   sshconfig: | | ||||
|     Host github.com | ||||
|       IdentityFile /root/.ssh/id_ed25519 | ||||
|       StrictHostKeyChecking no | ||||
|   gitconfig: | | ||||
|     [url "git@github.com:"] | ||||
|       insteadOf = https://github.com/ | ||||
| @@ -1,26 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: custom-ssh-keys | ||||
| type: Opaque | ||||
| stringData: | ||||
|   id_ed25519: | | ||||
|     -----BEGIN OPENSSH PRIVATE KEY----- | ||||
|     b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW | ||||
|     QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj | ||||
|     XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg | ||||
|     AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M | ||||
|     a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ== | ||||
|     -----END OPENSSH PRIVATE KEY----- | ||||
|   id_ed25519.pub: | | ||||
|     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: custom-netrc | ||||
| type: Opaque | ||||
| stringData: | ||||
|   netrc: | | ||||
|     machine github.com login USERNAME password API-KEY | ||||
|     machine gitlab.com login USERNAME password API-KEY | ||||
							
								
								
									
										2617
									
								
								package-lock.json
									
									
									
										generated
									
									
									
										Normal file
									
								
							
							
						
						
									
										2617
									
								
								package-lock.json
									
									
									
										generated
									
									
									
										Normal file
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							
							
								
								
									
										21
									
								
								package.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								package.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,21 @@ | ||||
| { | ||||
|   "name": "athens-proxy-charts", | ||||
|   "homepage": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts.git", | ||||
|   "license": "MIT", | ||||
|   "private": true, | ||||
|   "engineStrict": true, | ||||
|   "engines": { | ||||
|     "node": ">=16.0.0", | ||||
|     "npm": ">=8.0.0" | ||||
|   }, | ||||
|   "scripts": { | ||||
|     "readme:link": "markdown-link-check *.md", | ||||
|     "readme:lint": "markdownlint *.md -f", | ||||
|     "readme:parameters": "readme-generator -v values.yaml -r README.md" | ||||
|   }, | ||||
|   "devDependencies": { | ||||
|     "@bitnami/readme-generator-for-helm": "^2.5.0", | ||||
|     "markdown-link-check": "^3.13.6", | ||||
|     "markdownlint-cli": "^0.45.0" | ||||
|   } | ||||
| } | ||||
							
								
								
									
										114
									
								
								renovate.json
									
									
									
									
									
								
							
							
						
						
									
										114
									
								
								renovate.json
									
									
									
									
									
								
							| @@ -1,26 +1,15 @@ | ||||
| { | ||||
|   "$schema": "https://docs.renovatebot.com/renovate-schema.json", | ||||
|   "assignees": [ "volker.raschek" ], | ||||
|   "labels": [ "renovate" ], | ||||
|   "packageRules": [ | ||||
|     { | ||||
|       "addLabels": [ "renovate/athens-proxy", "renovate/automerge" ], | ||||
|       "automerge": true, | ||||
|       "matchManagers": "droneci", | ||||
|       "matchUpdateTypes": [ "minor", "patch"] | ||||
|     }, | ||||
|     { | ||||
|       "addLabels": [ "renovate/athens-proxy", "renovate/automerge" ], | ||||
|       "automerge": false, | ||||
|       "matchPackageNames": [ "gomods/athens" ], | ||||
|       "matchManagers": [ "regex" ] | ||||
|     } | ||||
|   "extends": [ | ||||
|     "local>volker.raschek/renovate-config:default#master", | ||||
|     "local>volker.raschek/renovate-config:container#master", | ||||
|     "local>volker.raschek/renovate-config:actions#master", | ||||
|     "local>volker.raschek/renovate-config:npm#master", | ||||
|     "local>volker.raschek/renovate-config:regexp#master" | ||||
|   ], | ||||
|   "rebaseLabel": "renovate/rebase", | ||||
|   "rebaseWhen": "behind-base-branch", | ||||
|   "regexManagers": [ | ||||
|   "customManagers": [ | ||||
|     { | ||||
|       "description": "Update container image reference", | ||||
|       "customType": "regex", | ||||
|       "fileMatch": [ | ||||
|         "^Chart\\.yaml$" | ||||
|       ], | ||||
| @@ -28,7 +17,92 @@ | ||||
|         "appVersion: \"(?<currentValue>.*?)\"\\s+" | ||||
|       ], | ||||
|       "datasourceTemplate": "docker", | ||||
|       "depNameTemplate": "gomods/athens" | ||||
|       "depNameTemplate": "gomods/athens", | ||||
|       "lookupNameTemplate": "docker.io/gomods/athens", | ||||
|       "versioningTemplate": "semver" | ||||
|     }, | ||||
|     { | ||||
|       "customType": "regex", | ||||
|       "fileMatch": ["^README\\.md$"], | ||||
|       "matchStrings": [ | ||||
|         "VERSION=(?<currentValue>.*)" | ||||
|       ], | ||||
|       "depNameTemplate": "volker.raschek/athens-proxy-charts", | ||||
|       "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts", | ||||
|       "datasourceTemplate": "git-tags", | ||||
|       "versioningTemplate": "semver" | ||||
|     }, | ||||
|     { | ||||
|       "customType": "regex", | ||||
|       "datasourceTemplate": "github-releases", | ||||
|       "fileMatch": [ | ||||
|         ".vscode/settings\\.json$" | ||||
|       ], | ||||
|       "matchStrings": [ | ||||
|         "https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json" | ||||
|       ] | ||||
|     } | ||||
|   ], | ||||
|   "packageRules": [ | ||||
|     { | ||||
|       "groupName": "Update docker.io/volkerraschek/helm", | ||||
|       "matchDepNames": [ | ||||
|         "docker.io/volkerraschek/helm", | ||||
|         "volkerraschek/helm" | ||||
|       ] | ||||
|     }, | ||||
|     { | ||||
|       "automerge": true, | ||||
|       "groupName": "Update helm plugin 'unittest'", | ||||
|       "matchDepNames": [ | ||||
|         "helm-unittest/helm-unittest" | ||||
|       ], | ||||
|       "matchDatasources": [ | ||||
|         "github-releases" | ||||
|       ], | ||||
|       "matchUpdateTypes": [ | ||||
|         "minor", | ||||
|         "patch" | ||||
|       ] | ||||
|     }, | ||||
|     { | ||||
|       "groupName": "Update docker.io/library/node", | ||||
|       "matchDepNames": [ | ||||
|         "docker.io/library/node", | ||||
|         "library/node" | ||||
|       ] | ||||
|     }, | ||||
|     { | ||||
|       "addLabels": [ | ||||
|         "renovate/automerge", | ||||
|         "renovate/container" | ||||
|       ], | ||||
|       "automerge": true, | ||||
|       "excludePackagePatterns": [ | ||||
|         "gomods/athens" | ||||
|       ], | ||||
|       "matchDatasources": [ | ||||
|         "docker" | ||||
|       ], | ||||
|       "matchUpdateTypes": [ | ||||
|         "minor", | ||||
|         "patch" | ||||
|       ] | ||||
|     }, | ||||
|     { | ||||
|       "addLabels": [ | ||||
|         "renovate/automerge", | ||||
|         "renovate/documentation" | ||||
|       ], | ||||
|       "automerge": true, | ||||
|       "matchDepNames": [ | ||||
|         "volker.raschek/athens-proxy-charts" | ||||
|       ], | ||||
|       "matchUpdateTypes": [ | ||||
|         "major", | ||||
|         "minor", | ||||
|         "patch" | ||||
|       ] | ||||
|     } | ||||
|   ] | ||||
| } | ||||
|   | ||||
							
								
								
									
										25
									
								
								templates/_certificate.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								templates/_certificate.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| {{/* vim: set filetype=mustache: */}} | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.certificates.server.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" . }} | ||||
| {{- if .Values.certificate.new.annotations }} | ||||
| {{ toYaml .Values.certificate.new.annotations }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "athens-proxy.certificates.server.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{- if .Values.certificate.new.labels }} | ||||
| {{ toYaml .Values.certificate.new.labels }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* names */}} | ||||
|  | ||||
| {{- define "athens-proxy.certificates.server.name" -}} | ||||
| {{ include "athens-proxy.fullname" . }}-tls | ||||
| {{- end -}} | ||||
| @@ -1,3 +1,4 @@ | ||||
| {{/* vim: set filetype=mustache: */}} | ||||
| {{/* | ||||
| Expand the name of the chart. | ||||
| */}} | ||||
| @@ -30,20 +31,26 @@ Create chart name and version as used by the chart label. | ||||
| {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} | ||||
| {{- end }} | ||||
| 
 | ||||
| {{/* | ||||
| Common annotations | ||||
| */}} | ||||
| {{- define "athens-proxy.annotations" -}} | ||||
| {{- end }} | ||||
| 
 | ||||
| {{/* | ||||
| Common labels | ||||
| */}} | ||||
| {{- define "athens-proxy.labels" -}} | ||||
| helm.sh/chart: {{ include "athens-proxy.chart" . }} | ||||
| {{ include "athens-proxy.selectorLabels" . }} | ||||
| {{- if .Chart.AppVersion }} | ||||
| app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} | ||||
| {{- end }} | ||||
| app.kubernetes.io/managed-by: {{ .Release.Service }} | ||||
| helm.sh/chart: {{ include "athens-proxy.chart" . }} | ||||
| {{- end }} | ||||
| 
 | ||||
| {{/* | ||||
| Selector labels | ||||
| Common selector labels | ||||
| */}} | ||||
| {{- define "athens-proxy.selectorLabels" -}} | ||||
| app.kubernetes.io/name: {{ include "athens-proxy.name" . }} | ||||
							
								
								
									
										43
									
								
								templates/_configMap.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										43
									
								
								templates/_configMap.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,43 @@ | ||||
| --- | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.configMap.downloadMode.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" . }} | ||||
| {{- if .Values.config.downloadMode.configMap.annotations }} | ||||
| {{ toYaml .Values.config.downloadMode.configMap.annotations }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- define "athens-proxy.configMap.gitConfig.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" . }} | ||||
| {{- if .Values.config.gitConfig.configMap.annotations }} | ||||
| {{ toYaml .Values.config.gitConfig.configMap.annotations }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "athens-proxy.configMap.downloadMode.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{- if .Values.config.downloadMode.configMap.labels }} | ||||
| {{ toYaml .Values.config.downloadMode.configMap.labels }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- define "athens-proxy.configMap.gitConfig.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{- if .Values.config.gitConfig.configMap.labels }} | ||||
| {{ toYaml .Values.config.gitConfig.configMap.labels }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* name */}} | ||||
|  | ||||
| {{- define "athens-proxy.configMap.downloadMode.name" -}} | ||||
| {{ include "athens-proxy.fullname" . }}-download-mode-file | ||||
| {{- end }} | ||||
|  | ||||
| {{- define "athens-proxy.configMap.gitConfig.name" -}} | ||||
| {{ include "athens-proxy.fullname" . }}-gitconfig | ||||
| {{- end }} | ||||
							
								
								
									
										279
									
								
								templates/_deployment.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										279
									
								
								templates/_deployment.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,279 @@ | ||||
| {{/* vim: set filetype=mustache: */}} | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.deployment.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" . }} | ||||
| {{- if .Values.deployment.annotations }} | ||||
| {{ toYaml .Values.deployment.annotations }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* env */}} | ||||
|  | ||||
| {{- define "athens-proxy.deployment.env" -}} | ||||
| {{- $env := .Values.deployment.athensProxy.env | default (list) }} | ||||
|  | ||||
| {{- if and .Values.persistence.enabled }} | ||||
| {{- $env = concat $env (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if .Values.config.downloadMode.enabled }} | ||||
| {{- $env = concat $env (list (dict "name" "ATHENS_DOWNLOAD_MODE" "value" "file:/etc/athens/config/download-mode.d/download-mode")) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }} | ||||
| {{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if .Values.certificate.enabled }} | ||||
| {{- $env = concat $env (list | ||||
|       (dict "name" "ATHENS_TLSCERT_FILE" "value" "/etc/athens-proxy/tls/tls.crt") | ||||
|       (dict "name" "ATHENS_TLSKEY_FILE" "value" "/etc/athens-proxy/tls/tls.key") | ||||
|     ) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{ toYaml (dict "env" $env) }} | ||||
|  | ||||
| {{- end -}} | ||||
|  | ||||
|  | ||||
| {{/* envFrom */}} | ||||
|  | ||||
| {{- define "athens-proxy.deployment.envFrom" -}} | ||||
| {{- $envFrom := .Values.deployment.athensProxy.envFrom | default (list) }} | ||||
|  | ||||
| {{- if .Values.config.env.enabled }} | ||||
| {{- $secretName := include "athens-proxy.secrets.env.name" $ }} | ||||
| {{- if and .Values.config.env.existingSecret.enabled (gt (len .Values.config.env.existingSecret.secretName) 0)}} | ||||
| {{- $secretName = .Values.config.env.existingSecret.secretName }} | ||||
| {{- end }} | ||||
| {{- $envFrom = concat $envFrom (list (dict "secretRef" (dict "name" $secretName))) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{ toYaml (dict "envFrom" $envFrom) }} | ||||
|  | ||||
| {{- end -}} | ||||
|  | ||||
| {{/* image */}} | ||||
|  | ||||
| {{- define "athens-proxy.deployment.images.athens-proxy.fqin" -}} | ||||
| {{- $registry := .Values.deployment.athensProxy.image.registry -}} | ||||
| {{- $repository := .Values.deployment.athensProxy.image.repository -}} | ||||
| {{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}} | ||||
| {{- printf "%s/%s:%s" $registry $repository $tag -}} | ||||
| {{- end -}} | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "athens-proxy.deployment.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{- if .Values.deployment.labels }} | ||||
| {{ toYaml .Values.deployment.labels }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* serviceAccount */}} | ||||
|  | ||||
| {{- define "athens-proxy.deployment.serviceAccount" -}} | ||||
| {{- if .Values.serviceAccount.existing.enabled -}} | ||||
| {{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}} | ||||
| {{- else -}} | ||||
| {{- include "athens-proxy.fullname" . -}} | ||||
| {{- end -}} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* volumeMounts */}} | ||||
|  | ||||
| {{- define "athens-proxy.deployment.volumeMounts" -}} | ||||
| {{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }} | ||||
|  | ||||
| {{- if .Values.persistence.enabled }} | ||||
| {{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* volumes (download mode) */}} | ||||
| {{- if .Values.config.downloadMode.enabled }} | ||||
| {{- $volumeMounts = concat $volumeMounts (list (dict "name" "download-mode" "mountPath" "/etc/athens/config/download-mode.d" )) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* volumeMount (git config) */}} | ||||
| {{- if .Values.config.gitConfig.enabled }} | ||||
| {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.gitconfig" "subPath" ".gitconfig" )) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* volumeMount (netrc) */}} | ||||
| {{- if .Values.config.netrc.enabled }} | ||||
| {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.netrc" "subPath" ".netrc" )) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* volumeMount (ssh) */}} | ||||
| {{- if and .Values.config.ssh.enabled }} | ||||
| {{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.config) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.configKey) 0)) }} | ||||
| {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/config" "subPath" "config" )) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0)) }} | ||||
| {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519" "subPath" "id_ed25519" )) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0)) }} | ||||
| {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519.pub" "subPath" "id_ed25519.pub" )) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0)) }} | ||||
| {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa" "subPath" "id_rsa" )) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0)) }} | ||||
| {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa.pub" "subPath" "id_rsa.pub" )) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- end }} | ||||
|  | ||||
|  | ||||
| {{/* volumeMounts (tls) */}} | ||||
| {{- if .Values.certificate.enabled }} | ||||
| {{- $volumeMounts = concat $volumeMounts (list (dict "name" "tls" "mountPath" "/etc/athens-proxy/tls" )) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{ toYaml (dict "volumeMounts" $volumeMounts) }} | ||||
| {{- end -}} | ||||
|  | ||||
| {{/* volumes */}} | ||||
|  | ||||
| {{- define "athens-proxy.deployment.volumes" -}} | ||||
| {{- $volumes := .Values.deployment.volumes | default (list) }} | ||||
|  | ||||
|  | ||||
| {{/* volumes (data) */}} | ||||
| {{- if .Values.persistence.enabled }} | ||||
| {{- $claimName := include "athens-proxy.persistentVolumeClaim.data.name" $ }} | ||||
| {{- if .Values.persistence.data.existingPersistentVolumeClaim.enabled }} | ||||
| {{- $claimName = .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName }} | ||||
| {{- end }} | ||||
| {{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $claimName))) }} | ||||
| {{- end }} | ||||
|  | ||||
|  | ||||
| {{/* volumes (download mode) */}} | ||||
| {{- if .Values.config.downloadMode.enabled }} | ||||
| {{- $itemList := list (dict "key" "downloadMode" "path" "download-mode" "mode" 0644) }} | ||||
| {{- $configMapName := include "athens-proxy.configMap.downloadMode.name" $ }} | ||||
| {{- if and .Values.config.downloadMode.existingConfigMap.enabled (gt (len .Values.config.downloadMode.existingConfigMap.configMapName) 0) }} | ||||
| {{- $itemList = list (dict "key" .Values.config.downloadMode.existingConfigMap.downloadModeKey "path" "download-mode" "mode" 0644) }} | ||||
| {{- $configMapName = .Values.config.downloadMode.existingConfigMap.configMapName }} | ||||
| {{- end }} | ||||
| {{- $volumes = concat $volumes (list (dict "name" "download-mode" "configMap" (dict "name" $configMapName "items" $itemList))) }} | ||||
| {{- end }} | ||||
|  | ||||
|  | ||||
| {{/* volumes (git config) */}} | ||||
| {{- $projectedSecretSources := list -}} | ||||
|  | ||||
| {{- if .Values.config.gitConfig.enabled }} | ||||
| {{- $itemList := list (dict "key" ".gitconfig" "path" ".gitconfig" "mode" 0644) }} | ||||
| {{- $configMapName := include "athens-proxy.configMap.gitConfig.name" . }} | ||||
| {{- if .Values.config.gitConfig.existingConfigMap.enabled }} | ||||
| {{- $itemList = list (dict "key" .Values.config.gitConfig.existingConfigMap.gitConfigKey "path" ".gitconfig" "mode" 0644) }} | ||||
| {{- $configMapName = .Values.config.gitConfig.existingConfigMap.configMapName }} | ||||
| {{- end }} | ||||
| {{- $projectedSecretSources = concat $projectedSecretSources (list (dict "configMap" (dict "name" $configMapName "items" $itemList))) }} | ||||
|  | ||||
| {{- end }} | ||||
|  | ||||
| {{/* volumes (netrc) */}} | ||||
|  | ||||
| {{- if .Values.config.netrc.enabled }} | ||||
| {{- $itemList := list (dict "key" ".netrc" "path" ".netrc" "mode" 0600) }} | ||||
| {{- $secretName := include "athens-proxy.secrets.netrc.name" . }} | ||||
| {{- if .Values.config.netrc.existingSecret.enabled }} | ||||
| {{- $itemList = list (dict "key" .Values.config.netrc.existingSecret.netrcKey "path" ".netrc" "mode" 0600) }} | ||||
| {{- $secretName = .Values.config.netrc.existingSecret.secretName }} | ||||
| {{- end }} | ||||
| {{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }} | ||||
|  | ||||
| {{- end }} | ||||
|  | ||||
| {{/* volumes (ssh) */}} | ||||
| {{- if .Values.config.ssh.enabled }} | ||||
|  | ||||
| {{- $itemList := list -}} | ||||
| {{- $secretName := include "athens-proxy.secrets.ssh.name" . }} | ||||
|  | ||||
| {{- if and .Values.config.ssh.existingSecret.enabled .Values.config.ssh.existingSecret.secretName }} | ||||
| {{- $secretName = .Values.config.ssh.existingSecret.secretName }} | ||||
|  | ||||
| {{- if gt (len .Values.config.ssh.existingSecret.configKey) 0 }} | ||||
| {{- $configItem := dict "key" .Values.config.ssh.existingSecret.configKey "path" "config" "mode" 0600 }} | ||||
| {{- $itemList = concat $itemList (list $configItem) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0 }} | ||||
| {{- $idED25519Item := dict "key" .Values.config.ssh.existingSecret.id_ed25519Key "path" "id_ed25519" "mode" 0600 }} | ||||
| {{- $itemList = concat $itemList (list $idED25519Item) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0 }} | ||||
| {{- $idED25519PubItem := dict "key" .Values.config.ssh.existingSecret.id_ed25519PubKey "path" "id_ed25519.pub" "mode" 0644 }} | ||||
| {{- $itemList = concat $itemList (list $idED25519PubItem) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0 }} | ||||
| {{- $idRSAItem := dict "key" .Values.config.ssh.existingSecret.id_rsaKey "path" "id_rsa" "mode" 0600 }} | ||||
| {{- $itemList = concat $itemList (list $idRSAItem) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0 }} | ||||
| {{- $idRSAPubItem := dict "key" .Values.config.ssh.existingSecret.id_rsaPubKey "path" "id_rsa.pub" "mode" 0644 }} | ||||
| {{- $itemList = concat $itemList (list $idRSAPubItem) }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if not .Values.config.ssh.existingSecret.enabled }} | ||||
| {{- if gt (len .Values.config.ssh.secret.config) 0 }} | ||||
| {{- $configItem := dict "key" "config" "path" "config" "mode" 0600 }} | ||||
| {{- $itemList = concat $itemList (list $configItem) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if gt (len .Values.config.ssh.secret.id_ed25519) 0 }} | ||||
| {{- $idED25519Item := dict "key" "id_ed25519" "path" "id_ed25519" "mode" 0600 }} | ||||
| {{- $itemList = concat $itemList (list $idED25519Item) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if gt (len .Values.config.ssh.secret.id_ed25519_pub) 0 }} | ||||
| {{- $idED25519PubItem := dict "key" "id_ed25519.pub" "path" "id_ed25519.pub" "mode" 0644 }} | ||||
| {{- $itemList = concat $itemList (list $idED25519PubItem) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if gt (len .Values.config.ssh.secret.id_rsa) 0 }} | ||||
| {{- $idRSAItem := dict "key" "id_rsa" "path" "id_rsa" "mode" 0600 }} | ||||
| {{- $itemList = concat $itemList (list $idRSAItem) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if gt (len .Values.config.ssh.secret.id_rsa_pub) 0 }} | ||||
| {{- $idRSAPubItem := dict "key" "id_rsa.pub" "path" "id_rsa.pub" "mode" 0644 }} | ||||
| {{- $itemList = concat $itemList (list $idRSAPubItem) }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if gt (len $projectedSecretSources) 0 }} | ||||
| {{- $projectedSecretVolume := dict "name" "secrets" "projected" (dict "sources" $projectedSecretSources) }} | ||||
| {{- $volumes = concat $volumes (list $projectedSecretVolume) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* volumes (tls) */}} | ||||
| {{- if .Values.certificate.enabled }} | ||||
| {{- $secretName := include "athens-proxy.certificates.server.name" $ }} | ||||
| {{- if .Values.certificate.existingSecret.enabled }} | ||||
| {{- $secretName := .Values.certificate.existingSecret.secretName }} | ||||
| {{- end }} | ||||
| {{- $volumes = concat $volumes (list (dict "name" "tls" "secret" (dict "secretName" $secretName))) }} | ||||
| {{- end }} | ||||
|  | ||||
|  | ||||
| {{ toYaml (dict "volumes" $volumes) }} | ||||
| {{- end -}} | ||||
							
								
								
									
										19
									
								
								templates/_hpa.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								templates/_hpa.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | ||||
| --- | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.hpa.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" . }} | ||||
| {{- if .Values.hpa.annotations }} | ||||
| {{ toYaml .Values.hpa.annotations }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "athens-proxy.hpa.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{- if .Values.hpa.labels }} | ||||
| {{ toYaml .Values.hpa.labels }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
							
								
								
									
										19
									
								
								templates/_ingress.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								templates/_ingress.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | ||||
| {{/* vim: set filetype=mustache: */}} | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.ingress.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" . }} | ||||
| {{- if .Values.ingress.annotations }} | ||||
| {{ toYaml .Values.ingress.annotations }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "athens-proxy.ingress.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{- if .Values.ingress.labels }} | ||||
| {{ toYaml .Values.ingress.labels }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
							
								
								
									
										19
									
								
								templates/_networkPolicy.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								templates/_networkPolicy.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | ||||
| {{/* vim: set filetype=mustache: */}} | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.networkPolicy.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" . }} | ||||
| {{- if .Values.networkPolicy.annotations }} | ||||
| {{ toYaml .Values.networkPolicy.annotations }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "athens-proxy.networkPolicy.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{- if .Values.networkPolicy.labels }} | ||||
| {{ toYaml .Values.networkPolicy.labels }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
							
								
								
									
										25
									
								
								templates/_persistentVolumeClaim.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								templates/_persistentVolumeClaim.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| {{/* vim: set filetype=mustache: */}} | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.persistentVolumeClaim.data.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" . }} | ||||
| {{- if .Values.persistence.data.persistentVolumeClaim.annotations }} | ||||
| {{ toYaml .Values.persistence.data.persistentVolumeClaim.annotations}} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "athens-proxy.persistentVolumeClaim.data.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{- if .Values.persistence.data.persistentVolumeClaim.labels }} | ||||
| {{ toYaml .Values.persistence.data.persistentVolumeClaim.labels}} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* name */}} | ||||
|  | ||||
| {{- define "athens-proxy.persistentVolumeClaim.data.name" -}} | ||||
| {{ include "athens-proxy.fullname" . }}-data | ||||
| {{- end }} | ||||
							
								
								
									
										34
									
								
								templates/_pod.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										34
									
								
								templates/_pod.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,34 @@ | ||||
| --- | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.pod.annotations" }} | ||||
| {{- include "athens-proxy.annotations" . }} | ||||
| {{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }} | ||||
| {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }} | ||||
| {{- end }} | ||||
| {{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }} | ||||
| {{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }} | ||||
| {{- end }} | ||||
| {{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }} | ||||
| {{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }} | ||||
| {{- end }} | ||||
| {{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }} | ||||
| {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }} | ||||
| {{- end }} | ||||
| {{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }} | ||||
| {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
|  | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "athens-proxy.pod.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- define "athens-proxy.pod.selectorLabels" -}} | ||||
| {{ include "athens-proxy.selectorLabels" . }} | ||||
| {{- end }} | ||||
							
								
								
									
										61
									
								
								templates/_secrets.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										61
									
								
								templates/_secrets.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,61 @@ | ||||
| {{/* vim: set filetype=mustache: */}} | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.secrets.env.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" . }} | ||||
| {{- if .Values.config.env.secret.annotations }} | ||||
| {{ toYaml .Values.config.env.secret.annotations }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- define "athens-proxy.secrets.netrc.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" . }} | ||||
| {{- if .Values.config.netrc.secret.annotations }} | ||||
| {{ toYaml .Values.config.netrc.secret.annotations }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- define "athens-proxy.secrets.ssh.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" . }} | ||||
| {{- if .Values.config.ssh.secret.annotations }} | ||||
| {{ toYaml .Values.config.ssh.secret.annotations }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "athens-proxy.secrets.env.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{- if .Values.config.env.secret.labels }} | ||||
| {{ toYaml .Values.config.env.secret.labels }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- define "athens-proxy.secrets.netrc.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{- if .Values.config.netrc.secret.labels }} | ||||
| {{ toYaml .Values.config.netrc.secret.labels }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- define "athens-proxy.secrets.ssh.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{- if .Values.config.ssh.secret.labels }} | ||||
| {{ toYaml .Values.config.ssh.secret.labels }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* name */}} | ||||
|  | ||||
| {{- define "athens-proxy.secrets.env.name" -}} | ||||
| {{ include "athens-proxy.fullname" . }}-env | ||||
| {{- end }} | ||||
|  | ||||
| {{- define "athens-proxy.secrets.netrc.name" -}} | ||||
| {{ include "athens-proxy.fullname" . }}-netrc | ||||
| {{- end }} | ||||
|  | ||||
| {{- define "athens-proxy.secrets.ssh.name" -}} | ||||
| {{ include "athens-proxy.fullname" . }}-ssh | ||||
| {{- end }} | ||||
							
								
								
									
										17
									
								
								templates/_serviceAccount.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										17
									
								
								templates/_serviceAccount.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,17 @@ | ||||
| {{/* vim: set filetype=mustache: */}} | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.serviceAccount.annotations" -}} | ||||
| {{- if .Values.serviceAccount.new.annotations }} | ||||
| {{ toYaml .Values.serviceAccount.new.annotations }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "athens-proxy.serviceAccount.labels" -}} | ||||
| {{- if .Values.serviceAccount.new.labels }} | ||||
| {{ toYaml .Values.serviceAccount.new.labels }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
							
								
								
									
										29
									
								
								templates/_services.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								templates/_services.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| {{/* vim: set filetype=mustache: */}} | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.services.http.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" . }} | ||||
| {{- if .Values.services.http.annotations }} | ||||
| {{ toYaml .Values.services.http.annotations }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "athens-proxy.services.http.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}} | ||||
| app.kubernetes.io/service-name: http | ||||
| {{- if .Values.services.http.labels }} | ||||
| {{ toYaml .Values.services.http.labels }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* names */}} | ||||
|  | ||||
| {{- define "athens-proxy.services.http.name" -}} | ||||
| {{- if .Values.services.http.enabled -}} | ||||
| {{ include "athens-proxy.fullname" . }}-http | ||||
| {{- end -}} | ||||
| {{- end -}} | ||||
							
								
								
									
										97
									
								
								templates/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										97
									
								
								templates/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,97 @@ | ||||
| {{- if and .Values.certificate.enabled (not .Values.certificate.existingSecret.enabled) -}} | ||||
| --- | ||||
| apiVersion: cert-manager.io/v1 | ||||
| kind: Certificate | ||||
| metadata: | ||||
|   {{- with (include "athens-proxy.certificates.server.annotations" . | fromYaml) }} | ||||
|   annotations: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- with (include "athens-proxy.certificates.server.labels" . | fromYaml) }} | ||||
|   labels: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ include "athens-proxy.certificates.server.name" . }} | ||||
|   namespace: {{ .Release.Namespace }} | ||||
| spec: | ||||
|   commonName: {{ include "athens-proxy.fullname" . }} | ||||
|   {{- if empty .Values.certificate.new.dnsNames }} | ||||
|   dnsNames: | ||||
|   - {{ include "athens-proxy.fullname" . }} | ||||
|   - {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }} | ||||
|   - {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc | ||||
|   - {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} | ||||
|   {{- else }} | ||||
|   dnsNames: | ||||
|   {{- range .Values.certificate.new.dnsNames }} | ||||
|   - {{ . }} | ||||
|   {{- end }} | ||||
|   {{- end }} | ||||
|   duration: {{ .Values.certificate.new.duration }} | ||||
|   {{- if not (empty .Values.certificate.new.ipAddresses) }} | ||||
|   ipAddresses: | ||||
|   {{- range .Values.certificate.new.ipAddresses }} | ||||
|   - {{ . }} | ||||
|   {{- end }} | ||||
|   {{- end }} | ||||
|   isCA: false | ||||
|   issuerRef: | ||||
|     kind: {{ required "No certificate issuer kind defined!" .Values.certificate.new.issuerRef.kind }} | ||||
|     name: {{ required "No certificate issuer name defined!" .Values.certificate.new.issuerRef.name }} | ||||
|   privateKey: | ||||
|     algorithm: {{ .Values.certificate.new.privateKey.algorithm }} | ||||
|     rotationPolicy: {{ .Values.certificate.new.privateKey.rotationPolicy }} | ||||
|     size: {{ .Values.certificate.new.privateKey.size }} | ||||
|   renewBefore: {{ .Values.certificate.new.renewBefore }} | ||||
|   secretName: {{ include "athens-proxy.certificates.server.name" . }} | ||||
|   {{- with .Values.certificate.new.secretTemplate }} | ||||
|   secretTemplate: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- if or .Values.certificate.new.subject.countries | ||||
|             .Values.certificate.new.subject.localities | ||||
|             .Values.certificate.new.subject.organizationalUnits | ||||
|             .Values.certificate.new.subject.organizations | ||||
|             .Values.certificate.new.subject.postalCodes | ||||
|             .Values.certificate.new.subject.provinces | ||||
|             .Values.certificate.new.subject.serialNumber | ||||
|             .Values.certificate.new.subject.streetAddresses | ||||
|   }} | ||||
|   subject: | ||||
|     {{- with .Values.certificate.new.subject.countries }} | ||||
|     countries: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|     {{- with .Values.certificate.new.subject.localities }} | ||||
|     localities: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|     {{- with .Values.certificate.new.subject.organizationalUnits }} | ||||
|     organizationalUnits: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|     {{- with .Values.certificate.new.subject.organizations }} | ||||
|     organizations: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|     {{- with .Values.certificate.new.subject.postalCodes }} | ||||
|     postalCodes: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|     {{- with .Values.certificate.new.subject.provinces }} | ||||
|     provinces: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|     {{- if .Values.certificate.new.subject.serialNumber }} | ||||
|     serialNumber: {{ .Values.certificate.new.subject.serialNumber }} | ||||
|     {{- end }} | ||||
|     {{- with .Values.certificate.new.subject.streetAddresses }} | ||||
|     streetAddresses: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|   {{- end }} | ||||
|   usages: | ||||
|   {{- range .Values.certificate.new.usages }} | ||||
|   - {{ . }} | ||||
|   {{- end }} | ||||
| {{- end }} | ||||
							
								
								
									
										19
									
								
								templates/configMapDownloadMode.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								templates/configMapDownloadMode.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | ||||
| {{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   {{- with (include "athens-proxy.configMap.downloadMode.annotations" . | fromYaml) }} | ||||
|   annotations: | ||||
|     {{- tpl (toYaml .) $ | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- with (include "athens-proxy.configMap.downloadMode.labels" . | fromYaml) }} | ||||
|   labels: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ include "athens-proxy.configMap.downloadMode.name" . }} | ||||
|   namespace: {{ .Release.Namespace }} | ||||
| data: | ||||
|   downloadMode: | | ||||
|     {{- tpl .Values.config.downloadMode.configMap.content . | nindent 4 }} | ||||
| {{- end }} | ||||
							
								
								
									
										19
									
								
								templates/configMapGitConfig.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								templates/configMapGitConfig.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | ||||
| {{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   {{- with (include "athens-proxy.configMap.gitConfig.annotations" . | fromYaml) }} | ||||
|   annotations: | ||||
|     {{- tpl (toYaml .) $ | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- with (include "athens-proxy.configMap.gitConfig.labels" . | fromYaml) }} | ||||
|   labels: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ include "athens-proxy.configMap.gitConfig.name" . }} | ||||
|   namespace: {{ .Release.Namespace }} | ||||
| data: | ||||
|   .gitconfig: | | ||||
|     {{- tpl .Values.config.gitConfig.configMap.content . | nindent 4 }} | ||||
| {{- end }} | ||||
| @@ -1,74 +1,143 @@ | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: {{ include "athens-proxy.fullname" . }} | ||||
|   {{- with (include "athens-proxy.deployment.annotations" . | fromYaml) }} | ||||
|   annotations: | ||||
|     {{- tpl (toYaml .) $ | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- with (include "athens-proxy.deployment.labels" . | fromYaml) }} | ||||
|   labels: | ||||
|     {{- include "athens-proxy.labels" . | nindent 4 }} | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ include "athens-proxy.fullname" . }} | ||||
|   namespace: {{ .Release.Namespace }} | ||||
| spec: | ||||
|   replicas: {{ .Values.deployment.replicas }} | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       {{- include "athens-proxy.selectorLabels" . | nindent 6 }} | ||||
|       {{- include "athens-proxy.pod.selectorLabels" . | nindent 6 }} | ||||
|   template: | ||||
|     metadata: | ||||
|       {{- with .Values.podAnnotations }} | ||||
|       annotations: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|       {{- end }} | ||||
|         {{- include "athens-proxy.pod.annotations" . | nindent 8 }} | ||||
|       labels: | ||||
|         {{- include "athens-proxy.selectorLabels" . | nindent 8 }} | ||||
|         {{- include "athens-proxy.pod.labels" . | nindent 8 }} | ||||
|     spec: | ||||
|       containers: | ||||
|         - name: {{ .Chart.Name }} | ||||
|           envFrom: | ||||
|           - secretRef: | ||||
|               name: {{ include "athens-proxy.fullname" . }} | ||||
|           securityContext: | ||||
|             {{- toYaml .Values.securityContext | nindent 12 }} | ||||
|           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" | ||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} | ||||
|           livenessProbe: | ||||
|             httpGet: | ||||
|               scheme: HTTP | ||||
|               path: /healthz | ||||
|               port: http | ||||
|           ports: | ||||
|           - name: http | ||||
|             containerPort: {{ .Values.config.ATHENS_PORT | default 3000 }} | ||||
|             protocol: TCP | ||||
|           readinessProbe: | ||||
|             httpGet: | ||||
|               scheme: HTTP | ||||
|               path: /healthz | ||||
|               port: http | ||||
|           resources: | ||||
|             {{- toYaml .Values.resources | nindent 12 }} | ||||
|           {{- with .Values.extraVolumeMounts }} | ||||
|           volumeMounts: | ||||
|             {{- toYaml . | nindent 10 }} | ||||
|           {{- end }} | ||||
|       {{- with .Values.affinity }} | ||||
|       {{- with .Values.deployment.affinity }} | ||||
|       affinity: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|       {{- end }} | ||||
|       {{- with .Values.imagePullSecrets }} | ||||
|       containers: | ||||
|       - name: athens-proxy | ||||
|         {{- with .Values.deployment.athensProxy.args }} | ||||
|         args: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|         {{- end }} | ||||
|         {{- with .Values.deployment.athensProxy.command }} | ||||
|         command: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|         {{- end }} | ||||
|         {{- $env := (include "athens-proxy.deployment.env" . | fromYaml) }} | ||||
|         {{- if and (hasKey $env "env") (gt (len $env.env) 0) }} | ||||
|         env: | ||||
|         {{- toYaml $env.env | nindent 8 }} | ||||
|         {{- end }} | ||||
|         {{- $envFrom := (include "athens-proxy.deployment.envFrom" . | fromYaml) }} | ||||
|         {{- if and (hasKey $envFrom "envFrom") (gt (len $envFrom.envFrom) 0) }} | ||||
|         envFrom: | ||||
|         {{- toYaml $envFrom.envFrom | nindent 8 }} | ||||
|         {{- end }} | ||||
|         image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }} | ||||
|         imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }} | ||||
|         livenessProbe: | ||||
|           exec: | ||||
|             {{- if not .Values.certificate.enabled }} | ||||
|             command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ] | ||||
|             {{- else }} | ||||
|             command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ] | ||||
|             {{- end }} | ||||
|           failureThreshold: 3 | ||||
|           initialDelaySeconds: 5 | ||||
|           periodSeconds: 60 | ||||
|           successThreshold: 1 | ||||
|           timeoutSeconds: 3 | ||||
|         readinessProbe: | ||||
|           exec: | ||||
|             {{- if not .Values.certificate.enabled }} | ||||
|             command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ] | ||||
|             {{- else }} | ||||
|             command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ] | ||||
|             {{- end }} | ||||
|           failureThreshold: 3 | ||||
|           initialDelaySeconds: 5 | ||||
|           periodSeconds: 15 | ||||
|           successThreshold: 1 | ||||
|           timeoutSeconds: 3 | ||||
|         ports: | ||||
|         - name: http | ||||
|           containerPort: 3000 | ||||
|           protocol: TCP | ||||
|         {{- with .Values.deployment.athensProxy.resources }} | ||||
|         resources: | ||||
|           {{- toYaml . | nindent 10 }} | ||||
|         {{- end }} | ||||
|         {{- with .Values.deployment.athensProxy.securityContext }} | ||||
|         securityContext: | ||||
|           {{- toYaml . | nindent 10 }} | ||||
|         {{- end }} | ||||
|         {{- $volumeMounts := (include "athens-proxy.deployment.volumeMounts" . | fromYaml) }} | ||||
|         {{- if and (hasKey $volumeMounts "volumeMounts") (gt (len $volumeMounts.volumeMounts) 0) }} | ||||
|         volumeMounts: | ||||
|         {{- toYaml $volumeMounts.volumeMounts | nindent 8 }} | ||||
|         {{- end }} | ||||
|       {{- with .Values.deployment.dnsConfig }} | ||||
|       dnsConfig: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|       {{- end }} | ||||
|       {{- if .Values.deployment.dnsPolicy }} | ||||
|       dnsPolicy: {{ .Values.deployment.dnsPolicy }} | ||||
|       {{- end }} | ||||
|       {{- if .Values.deployment.hostname }} | ||||
|       hostname: {{ .Values.deployment.hostname }} | ||||
|       {{- end }} | ||||
|       hostNetwork: {{ .Values.deployment.hostNetwork }} | ||||
|       {{- with .Values.deployment.imagePullSecrets }} | ||||
|       imagePullSecrets: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|       {{- end }} | ||||
|       {{- with .Values.nodeSelector }} | ||||
|       {{- with .Values.deployment.nodeSelector }} | ||||
|       nodeSelector: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|       {{- end }} | ||||
|       {{- if .Values.podPriorityClassName }} | ||||
|       priorityClassName: {{ .Values.podPriorityClassName }} | ||||
|       {{- if .Values.deployment.priorityClassName }} | ||||
|       priorityClassName: {{ .Values.deployment.priorityClassName }} | ||||
|       {{- end }} | ||||
|       {{- if .Values.deployment.restartPolicy }} | ||||
|       restartPolicy: {{ .Values.deployment.restartPolicy }} | ||||
|       {{- end }} | ||||
|       {{- with .Values.deployment.securityContext }} | ||||
|       securityContext: | ||||
|         {{- toYaml .Values.podSecurityContext | nindent 8 }} | ||||
|       serviceAccountName: {{ include "athens-proxy.fullname" . }} | ||||
|       {{- with .Values.tolerations }} | ||||
|       tolerations: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|       {{- end }} | ||||
|       {{- with .Values.extraVolumes }} | ||||
|       serviceAccount: {{ include "athens-proxy.deployment.serviceAccount" . }} | ||||
|       {{- if .Values.deployment.subdomain }} | ||||
|       subdomain: {{ .Values.deployment.subdomain }} | ||||
|       {{- end }} | ||||
|       terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }} | ||||
|       {{- with .Values.deployment.tolerations }} | ||||
|       tolerations: | ||||
|       {{- toYaml . | nindent 6 }} | ||||
|       {{- end }} | ||||
|       {{- with .Values.deployment.topologySpreadConstraints }} | ||||
|       topologySpreadConstraints: | ||||
|       {{- toYaml . | nindent 6 }} | ||||
|       {{- end }} | ||||
|       {{- $volumes := (include "athens-proxy.deployment.volumes" . | fromYaml) }} | ||||
|       {{- if and (hasKey $volumes "volumes") (gt (len $volumes.volumes) 0) }} | ||||
|       volumes: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|       {{- end }} | ||||
|       {{- toYaml $volumes.volumes | nindent 6 }} | ||||
|       {{- end }} | ||||
|   {{- with .Values.deployment.strategy }} | ||||
|   strategy: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
							
								
								
									
										25
									
								
								templates/hpa.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								templates/hpa.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| {{- if .Values.hpa.enabled -}} | ||||
| --- | ||||
| apiVersion: autoscaling/v2 | ||||
| kind: HorizontalPodAutoscaler | ||||
| metadata: | ||||
|   {{- with (include "athens-proxy.hpa.annotations" . | fromYaml) }} | ||||
|   annotations: | ||||
|     {{- tpl (toYaml .) $ | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- with (include "athens-proxy.hpa.labels" . | fromYaml) }} | ||||
|   labels: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ include "athens-proxy.fullname" . }} | ||||
|   namespace: {{ .Release.Namespace }} | ||||
| spec: | ||||
|   metrics: | ||||
|   {{- toYaml .Values.hpa.metrics | nindent 2 }} | ||||
|   maxReplicas: {{ .Values.hpa.maxReplicas }} | ||||
|   minReplicas: {{ .Values.hpa.minReplicas }} | ||||
|   scaleTargetRef: | ||||
|     apiVersion: apps/v1 | ||||
|     kind: Deployment | ||||
|     name: {{ include "athens-proxy.fullname" . }} | ||||
| {{- end -}} | ||||
| @@ -1,61 +1,45 @@ | ||||
| {{- if .Values.ingress.enabled -}} | ||||
| {{- $fullName := include "athens-proxy.fullname" . -}} | ||||
| {{- $svcPort := .Values.service.port -}} | ||||
| {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} | ||||
|   {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} | ||||
|   {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} | ||||
|   {{- end }} | ||||
| {{- end }} | ||||
| {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} | ||||
| {{- if and .Values.services.http.enabled .Values.ingress.enabled }} | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} | ||||
| apiVersion: networking.k8s.io/v1beta1 | ||||
| {{- else -}} | ||||
| apiVersion: extensions/v1beta1 | ||||
| {{- end }} | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: {{ $fullName }} | ||||
|   labels: | ||||
|     {{- include "athens-proxy.labels" . | nindent 4 }} | ||||
|   {{- with .Values.ingress.annotations }} | ||||
|   {{- with (include "athens-proxy.ingress.annotations" . | fromYaml) }} | ||||
|   annotations: | ||||
|     {{- tpl (toYaml .) $ | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- with (include "athens-proxy.ingress.labels" . | fromYaml) }} | ||||
|   labels: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ include "athens-proxy.fullname" . }} | ||||
|   namespace: {{ .Release.Namespace }} | ||||
| spec: | ||||
|   {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} | ||||
|   ingressClassName: {{ .Values.ingress.className }} | ||||
|   rules: | ||||
|   {{- range .Values.ingress.hosts }} | ||||
|   - host: {{ tpl .host $ | quote }} | ||||
|     http: | ||||
|       paths: | ||||
|       {{- range .paths }} | ||||
|       - path: {{ .path }} | ||||
|         {{- if .pathType }} | ||||
|         pathType: {{ .pathType }} | ||||
|         {{- end }} | ||||
|         backend: | ||||
|           service: | ||||
|             name: {{ include "athens-proxy.services.http.name" $ }} | ||||
|             port: | ||||
|               number: {{ $.Values.services.http.port }} | ||||
|       {{- end }} | ||||
|   {{- end }} | ||||
|   {{- if .Values.ingress.tls }} | ||||
|   tls: | ||||
|     {{- range .Values.ingress.tls }} | ||||
|     - hosts: | ||||
|         {{- range .hosts }} | ||||
|         - {{ . | quote }} | ||||
|         {{- end }} | ||||
|       secretName: {{ .secretName }} | ||||
|   {{- range .Values.ingress.tls }} | ||||
|   - hosts: | ||||
|     {{- range .hosts }} | ||||
|     - {{ tpl . $ | quote }} | ||||
|     {{- end }} | ||||
|     secretName: {{ .secretName | quote }} | ||||
|   {{- end }} | ||||
|   rules: | ||||
|     {{- range .Values.ingress.hosts }} | ||||
|     - host: {{ .host | quote }} | ||||
|       http: | ||||
|         paths: | ||||
|           {{- range .paths }} | ||||
|           - path: {{ .path }} | ||||
|             {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} | ||||
|             pathType: {{ .pathType }} | ||||
|             {{- end }} | ||||
|             backend: | ||||
|               {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} | ||||
|               service: | ||||
|                 name: {{ $fullName }} | ||||
|                 port: | ||||
|                   number: {{ $svcPort }} | ||||
|               {{- else }} | ||||
|               serviceName: {{ $fullName }} | ||||
|               servicePort: {{ $svcPort }} | ||||
|               {{- end }} | ||||
|           {{- end }} | ||||
|     {{- end }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
							
								
								
									
										32
									
								
								templates/networkPolicy.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								templates/networkPolicy.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,32 @@ | ||||
| {{- if .Values.networkPolicy.enabled }} | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: NetworkPolicy | ||||
| metadata: | ||||
|   {{- with (include "athens-proxy.networkPolicy.annotations" . | fromYaml) }} | ||||
|   annotations: | ||||
|     {{- tpl (toYaml .) $ | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- with (include "athens-proxy.networkPolicy.labels" . | fromYaml) }} | ||||
|   labels: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ include "athens-proxy.fullname" . }} | ||||
|   namespace: {{ .Release.Namespace }} | ||||
| spec: | ||||
|   podSelector: | ||||
|     matchLabels: | ||||
|       {{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }} | ||||
|   {{- with .Values.networkPolicy.policyTypes }} | ||||
|   policyTypes: | ||||
|   {{- toYaml . | nindent 2 }} | ||||
|   {{- end }} | ||||
|   {{- with .Values.networkPolicy.egress }} | ||||
|   egress: | ||||
|   {{- toYaml . | nindent 2 }} | ||||
|   {{- end }} | ||||
|   {{- with .Values.networkPolicy.ingress }} | ||||
|   ingress: | ||||
|   {{- toYaml . | nindent 2 }} | ||||
|   {{- end }} | ||||
| {{- end }} | ||||
							
								
								
									
										26
									
								
								templates/persistentVolumeClaim.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										26
									
								
								templates/persistentVolumeClaim.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,26 @@ | ||||
| {{- if and .Values.persistence.enabled (not .Values.persistence.data.existingPersistentVolumeClaim.enabled) }} | ||||
| apiVersion: v1 | ||||
| kind: PersistentVolumeClaim | ||||
| metadata: | ||||
|   {{- with (include "athens-proxy.persistentVolumeClaim.data.annotations" . | fromYaml) }} | ||||
|   annotations: | ||||
|     {{- tpl (toYaml .) $ | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- with (include "athens-proxy.persistentVolumeClaim.data.labels" . | fromYaml) }} | ||||
|   labels: | ||||
|     {{- tpl (toYaml .) $ | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ include "athens-proxy.persistentVolumeClaim.data.name" . }} | ||||
|   namespace: {{ $.Release.Namespace }} | ||||
| spec: | ||||
|   {{- with .Values.persistence.data.persistentVolumeClaim.accessModes }} | ||||
|   accessModes: | ||||
|     {{ toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   resources: | ||||
|     requests: | ||||
|       storage: {{ .Values.persistence.data.persistentVolumeClaim.storageSize }} | ||||
|   {{- if .Values.persistence.data.persistentVolumeClaim.storageClassName }} | ||||
|   storageClassName: {{ .Values.persistence.data.persistentVolumeClaim.storageClassName }} | ||||
|   {{- end }} | ||||
| {{- end }} | ||||
							
								
								
									
										20
									
								
								templates/secretEnv.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								templates/secretEnv.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,20 @@ | ||||
| {{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   {{- with (include "athens-proxy.secrets.env.annotations" . | fromYaml) }} | ||||
|   annotations: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- with (include "athens-proxy.secrets.env.labels" . | fromYaml) }} | ||||
|   labels: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ include "athens-proxy.secrets.env.name" . }} | ||||
|   namespace: {{ .Release.Namespace }} | ||||
| stringData: | ||||
|   {{- range $key, $value := .Values.config.env.secret.envs }} | ||||
|   {{ upper $key }}: {{ quote $value }} | ||||
|   {{- end }} | ||||
| {{- end }} | ||||
							
								
								
									
										19
									
								
								templates/secretNetRC.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								templates/secretNetRC.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | ||||
| {{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   {{- with (include "athens-proxy.secrets.netrc.annotations" . | fromYaml) }} | ||||
|   annotations: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- with (include "athens-proxy.secrets.netrc.labels" . | fromYaml) }} | ||||
|   labels: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ include "athens-proxy.secrets.netrc.name" . }} | ||||
|   namespace: {{ .Release.Namespace }} | ||||
| stringData: | ||||
|   .netrc: | | ||||
|     {{- tpl .Values.config.netrc.secret.content . | nindent 4 }} | ||||
| {{- end }} | ||||
							
								
								
									
										35
									
								
								templates/secretSSH.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										35
									
								
								templates/secretSSH.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,35 @@ | ||||
| {{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   {{- with (include "athens-proxy.secrets.ssh.annotations" . | fromYaml) }} | ||||
|   annotations: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- with (include "athens-proxy.secrets.ssh.labels" . | fromYaml) }} | ||||
|   labels: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ include "athens-proxy.secrets.ssh.name" . }} | ||||
|   namespace: {{ .Release.Namespace }} | ||||
| stringData: | ||||
|   config: | | ||||
|     {{- tpl $.Values.config.ssh.secret.config $ | nindent 4 }} | ||||
|   {{- if .Values.config.ssh.secret.id_ed25519 }} | ||||
|   id_ed25519: | | ||||
|     {{- .Values.config.ssh.secret.id_ed25519 | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- if .Values.config.ssh.secret.id_ed25519_pub }} | ||||
|   id_ed25519.pub: | | ||||
|     {{- .Values.config.ssh.secret.id_ed25519_pub | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- if .Values.config.ssh.secret.id_rsa }} | ||||
|   id_rsa: | | ||||
|     {{- .Values.config.ssh.secret.id_rsa | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- if .Values.config.ssh.secret.id_rsa_pub }} | ||||
|   id_rsa.pub: | | ||||
|     {{- .Values.config.ssh.secret.id_rsa_pub | nindent 4 }} | ||||
|   {{- end }} | ||||
| {{- end }} | ||||
| @@ -1,23 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: {{ include "athens-proxy.fullname" . }} | ||||
| type: Opaque | ||||
| stringData: | ||||
|  | ||||
|   {{- if not (hasKey .Values "config") -}} | ||||
|   {{- $_ := set .Values "config" dict -}} | ||||
|   {{- end -}} | ||||
|  | ||||
|   {{- if not (hasKey .Values.config "ATHENS_DISK_STORAGE_ROOT") -}} | ||||
|   {{- $_ := set .Values.config "ATHENS_DISK_STORAGE_ROOT" "/var/lib/athens" -}} | ||||
|   {{- end -}} | ||||
|  | ||||
|   {{- if not (hasKey .Values.config "ATHENS_STORAGE_TYPE") -}} | ||||
|   {{- $_ := set .Values.config "ATHENS_STORAGE_TYPE" "disk" -}} | ||||
|   {{- end -}} | ||||
|  | ||||
|   {{/* SETUP CONFIG */}} | ||||
|   {{ range $key, $value := .Values.config }} | ||||
|   {{ upper $key}}: {{ quote $value }} | ||||
|   {{ end }} | ||||
| @@ -1,36 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   {{- with .Values.service.annotations }} | ||||
|   annotations: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   labels: | ||||
|     {{- include "athens-proxy.labels" . | nindent 4 }} | ||||
|   name: {{ include "athens-proxy.fullname" . }} | ||||
| spec: | ||||
|   {{- with .Values.service.externalIPs }} | ||||
|   externalIPs: | ||||
|   {{- toYaml . | nindent 2 }} | ||||
|   {{- end }} | ||||
|   {{- if .Values.service.externalTrafficPolicy }} | ||||
|   externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} | ||||
|   {{- end }} | ||||
|   {{- if and .Values.service.loadBalancerClass (eq .Values.service.type "LoadBalancer") }} | ||||
|   loadBalancerClass: {{ .Values.service.loadBalancerClass }} | ||||
|   {{- end }} | ||||
|   {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} | ||||
|   loadBalancerIP: {{ .Values.service.loadBalancerIP }} | ||||
|   {{- end }} | ||||
|   {{- with .Values.service.loadBalancerSourceRanges }} | ||||
|   loadBalancerSourceRanges: | ||||
|   {{- toYaml . | nindent 2 }} | ||||
|   {{- end }} | ||||
|   type: {{ .Values.service.type }} | ||||
|   ports: | ||||
|     - port: {{ .Values.service.port }} | ||||
|       targetPort: {{ .Values.service.targetPort }} | ||||
|       protocol: TCP | ||||
|       name: {{ .Values.service.name }} | ||||
|   selector: | ||||
|     {{- include "athens-proxy.selectorLabels" . | nindent 4 }} | ||||
| @@ -1,10 +1,25 @@ | ||||
| {{- if not .Values.serviceAccount.existing.enabled }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   {{- with .Values.serviceAccount.annotations }} | ||||
|   {{- with (include "athens-proxy.serviceAccount.annotations" . | fromYaml) }} | ||||
|   annotations: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- with (include "athens-proxy.serviceAccount.labels" . | fromYaml) }} | ||||
|   labels: | ||||
|     {{- include "athens-proxy.labels" . | nindent 4 }} | ||||
|   name: {{ include "athens-proxy.fullname" . }} | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ include "athens-proxy.fullname" . }} | ||||
|   namespace: {{ .Release.Namespace }} | ||||
| automountServiceAccountToken: {{ .Values.serviceAccount.new.automountServiceAccountToken }} | ||||
| {{- with .Values.serviceAccount.new.imagePullSecrets }} | ||||
| imagePullSecrets: | ||||
|   {{- toYaml . | nindent 4 }} | ||||
| {{- end }} | ||||
| {{- with .Values.serviceAccount.new.secrets }} | ||||
| secrets: | ||||
|   {{- toYaml . | nindent 4 }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
							
								
								
									
										57
									
								
								templates/serviceHTTP.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										57
									
								
								templates/serviceHTTP.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,57 @@ | ||||
| {{- if .Values.services.http.enabled }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   {{- with (include "athens-proxy.services.http.annotations" . | fromYaml) }} | ||||
|   annotations: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- with (include "athens-proxy.services.http.labels" . | fromYaml) }} | ||||
|   labels: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ include "athens-proxy.services.http.name" . }} | ||||
|   namespace: {{ .Release.Namespace }} | ||||
| spec: | ||||
|   {{- if not (empty .Values.services.http.externalIPs) }} | ||||
|   externalIPs: | ||||
|   {{- range .Values.services.http.externalIPs }} | ||||
|   - {{ . }} | ||||
|   {{- end }} | ||||
|   {{- end }} | ||||
|   {{- if and (or (eq .Values.services.http.type "LoadBalancer") (eq .Values.services.http.type "NodePort") ) .Values.services.http.externalTrafficPolicy }} | ||||
|   externalTrafficPolicy: {{ .Values.services.http.externalTrafficPolicy }} | ||||
|   {{- end }} | ||||
|   internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.services.http.internalTrafficPolicy }} | ||||
|   {{- if .Values.services.http.ipFamilies }} | ||||
|   ipFamilies: | ||||
|   {{- range .Values.services.http.ipFamilies }} | ||||
|   - {{ . }} | ||||
|   {{- end }} | ||||
|   {{- end }} | ||||
|   {{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerClass }} | ||||
|   loadBalancerClass: {{ .Values.services.http.loadBalancerClass }} | ||||
|   {{- end }} | ||||
|   {{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerIP }} | ||||
|   loadBalancerIP: {{ .Values.services.http.loadBalancerIP }} | ||||
|   {{- end }} | ||||
|   {{- if eq .Values.services.http.type "LoadBalancer" }} | ||||
|   loadBalancerSourceRanges: | ||||
|   {{- range .Values.services.http.loadBalancerSourceRanges }} | ||||
|   - {{ . }} | ||||
|   {{- end }} | ||||
|   {{- end }} | ||||
|   ports: | ||||
|   - name: http | ||||
|     protocol: TCP | ||||
|     port: {{ required "No service port defined!" .Values.services.http.port }} | ||||
|   selector: | ||||
|     {{- include "athens-proxy.pod.selectorLabels" . | nindent 4 }} | ||||
|   sessionAffinity: {{ required "No session affinity defined!" .Values.services.http.sessionAffinity }} | ||||
|   {{- with .Values.services.http.sessionAffinityConfig }} | ||||
|   sessionAffinityConfig: | ||||
|     {{- toYaml . | nindent 4}} | ||||
|   {{- end }} | ||||
|   type: {{ required "No service type defined!" .Values.services.http.type }} | ||||
| {{- end }} | ||||
| @@ -1,15 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Pod | ||||
| metadata: | ||||
|   name: "{{ include "athens-proxy.fullname" . }}-test-connection" | ||||
|   labels: | ||||
|     {{- include "athens-proxy.labels" . | nindent 4 }} | ||||
|   annotations: | ||||
|     "helm.sh/hook": test | ||||
| spec: | ||||
|   containers: | ||||
|     - name: wget | ||||
|       image: busybox | ||||
|       command: ['wget'] | ||||
|       args: ['{{ include "athens-proxy.fullname" . }}:{{ .Values.service.port }}'] | ||||
|   restartPolicy: Never | ||||
							
								
								
									
										300
									
								
								unittests/certificates/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										300
									
								
								unittests/certificates/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,300 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Certificate athens-proxy template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/certificate.yaml | ||||
| tests: | ||||
| - it: Skip rendering by default. | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Skip rendering for existing certificate | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.existingSecret.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Throw error when issuerKind and IssuerName is not defined | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|       errorMessage: "No certificate issuer kind defined!" | ||||
|  | ||||
| - it: Throw error when issuerKind and IssuerName is not defined | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|   asserts: | ||||
|   - failedTemplate: {} | ||||
|  | ||||
| - it: Throw error when issuerKind not defined | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.name: "my-issuer" | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|       errorMessage: "No certificate issuer kind defined!" | ||||
|  | ||||
| - it: Throw error when issuerName not defined | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: "ClusterIssuer" | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|       errorMessage: "No certificate issuer name defined!" | ||||
|  | ||||
| - it: Rendering Certificate object when certificate.enabled=true (default) | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: cert-manager.io/v1 | ||||
|       kind: Certificate | ||||
|       name: athens-proxy-unittest-tls | ||||
|       namespace: testing | ||||
|   - equal: | ||||
|       path: spec.commonName | ||||
|       value: athens-proxy-unittest | ||||
|   - equal: | ||||
|       path: spec.duration | ||||
|       value: 744h | ||||
|   - equal: | ||||
|       path: spec.dnsNames | ||||
|       value: [ "athens-proxy-unittest", "athens-proxy-unittest.testing", "athens-proxy-unittest.testing.svc", "athens-proxy-unittest.testing.svc.cluster.local" ] | ||||
|   - notExists: | ||||
|       path: spec.ipAddresses | ||||
|   - equal: | ||||
|       path: spec.isCA | ||||
|       value: false | ||||
|   - equal: | ||||
|       path: spec.issuerRef.kind | ||||
|       value: ClusterIssuer | ||||
|   - equal: | ||||
|       path: spec.issuerRef.name | ||||
|       value: my-issuer | ||||
|   - equal: | ||||
|       path: spec.privateKey.algorithm | ||||
|       value: RSA | ||||
|   - equal: | ||||
|       path: spec.privateKey.size | ||||
|       value: 4096 | ||||
|   - equal: | ||||
|       path: spec.privateKey.rotationPolicy | ||||
|       value: Never | ||||
|   - equal: | ||||
|       path: spec.secretName | ||||
|       value: athens-proxy-unittest-tls | ||||
|   - exists: | ||||
|       path: spec.secretTemplate.annotations | ||||
|   - exists: | ||||
|       path: spec.secretTemplate.labels | ||||
|   - notExists: | ||||
|       path: spec.subject | ||||
|   - notExists: | ||||
|       path: spec.subject.countries | ||||
|   - notExists: | ||||
|       path: spec.subject.localities | ||||
|   - notExists: | ||||
|       path: spec.subject.organizationalUnits | ||||
|   - notExists: | ||||
|       path: spec.subject.organizations | ||||
|   - notExists: | ||||
|       path: spec.subject.postalCodes | ||||
|   - notExists: | ||||
|       path: spec.subject.provinces | ||||
|   - notExists: | ||||
|       path: spec.subject.serialNumber | ||||
|   - notExists: | ||||
|       path: spec.subject.streetAddresses | ||||
|   - equal: | ||||
|       path: spec.renewBefore | ||||
|       value: 672h | ||||
|   - equal: | ||||
|       path: spec.usages | ||||
|       value: [ "client auth", "server auth" ] | ||||
|  | ||||
| # metadata.annotations | ||||
| - it: Rendering Certificate object with additional annotations and labels | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.annotations: | ||||
|       foo: bar | ||||
|     certificate.new.labels: | ||||
|       bar: foo | ||||
|   asserts: | ||||
|   - isSubset: | ||||
|       path: metadata.annotations | ||||
|       content: | ||||
|         foo: bar | ||||
|   - isSubset: | ||||
|       path: metadata.labels | ||||
|       content: | ||||
|         bar: foo | ||||
|  | ||||
| # spec.duration | ||||
| - it: Rendering Certificate object with custom `.Values.certificate.new.duration`. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.duration: 3000h | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.duration | ||||
|       value: 3000h | ||||
|  | ||||
| # spec.dnsNames | ||||
| - it: Rendering Certificate object with custom `.Values.certificate.new.dnsNames`. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.dnsNames: [ "app", "app.example.local" ] | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.dnsNames | ||||
|       value: [ "app", "app.example.local" ] | ||||
|  | ||||
| # spec.dnsNames | ||||
| - it: Rendering Certificate object with custom `.Values.clusterDomain` as domain. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     clusterDomain: k8s.example.local | ||||
|   asserts: | ||||
|   - contains: | ||||
|       path: spec.dnsNames | ||||
|       content: | ||||
|         athens-proxy-unittest.testing.svc.k8s.example.local | ||||
|       count: 1 | ||||
|  | ||||
| # spec.ipAddresses | ||||
| - it: RRendering Certificate object with custom `.Values.certificate.new.ipAddresses`. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.ipAddresses: [ "10.11.12.13", "fe00:xxyy:xxyy" ] | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.ipAddresses | ||||
|       value: [ "10.11.12.13", "fe00:xxyy:xxyy" ] | ||||
|  | ||||
| # spec.privateKey | ||||
| - it: Rendering Certificate object with custom `.Values.certificate.new.privateKey` values. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.privateKey.algorithm: ED25519 | ||||
|     certificate.new.privateKey.rotationPolicy: Never | ||||
|     certificate.new.privateKey.size: 512 | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.privateKey.algorithm | ||||
|       value: ED25519 | ||||
|   - equal: | ||||
|       path: spec.privateKey.rotationPolicy | ||||
|       value: Never | ||||
|   - equal: | ||||
|       path: spec.privateKey.size | ||||
|       value: 512 | ||||
|  | ||||
| # spec.renewBefore | ||||
| - it: Rendering Certificate object with custom `.Values.certificate.new.renewBefore`. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.renewBefore: 2000h | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.renewBefore | ||||
|       value: 2000h | ||||
|  | ||||
| # spec.secretTemplate | ||||
| - it: Rendering Certificate object with custom `.Values.certificate.new.secretTemplate` values. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.secretTemplate: | ||||
|       annotations: | ||||
|         foo: bar | ||||
|       labels: | ||||
|         bar: foo | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.secretTemplate.annotations | ||||
|       value: | ||||
|         foo: bar | ||||
|   - equal: | ||||
|       path: spec.secretTemplate.labels | ||||
|       value: | ||||
|         bar: foo | ||||
|  | ||||
| # spec.secretTemplate | ||||
| - it: Rendering Certificate object with custom `.Values.certificate.new.subject` values. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.subject.countries: [ "Country" ] | ||||
|     certificate.new.subject.localities: [ "City" ] | ||||
|     certificate.new.subject.organizationalUnits: [ "IT department" ] | ||||
|     certificate.new.subject.organizations: [ "My organization" ] | ||||
|     certificate.new.subject.postalCodes: [ "AB12345", "12345AB" ] | ||||
|     certificate.new.subject.provinces: [ "Provinces" ] | ||||
|     certificate.new.subject.serialNumber: "MyNumber" | ||||
|     certificate.new.subject.streetAddresses: [ "ExampleStreet 1", "StreetExample 2" ] | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.subject.countries | ||||
|       value: [ "Country" ] | ||||
|   - equal: | ||||
|       path: spec.subject.localities | ||||
|       value: [ "City" ] | ||||
|   - equal: | ||||
|       path: spec.subject.organizationalUnits | ||||
|       value: [ "IT department" ] | ||||
|   - equal: | ||||
|       path: spec.subject.organizations | ||||
|       value: [ "My organization" ] | ||||
|   - equal: | ||||
|       path: spec.subject.postalCodes | ||||
|       value: [ "AB12345", "12345AB" ] | ||||
|   - equal: | ||||
|       path: spec.subject.provinces | ||||
|       value: [ "Provinces" ] | ||||
|   - equal: | ||||
|       path: spec.subject.serialNumber | ||||
|       value: "MyNumber" | ||||
|   - equal: | ||||
|       path: spec.subject.streetAddresses | ||||
|       value: [ "ExampleStreet 1", "StreetExample 2" ] | ||||
|  | ||||
| # spec.usages | ||||
| - it: Rendering Certificate object with custom `.Values.certificate.new.usages`. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.usages: [ "client auth" ] | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.usages | ||||
|       value: [ "client auth" ] | ||||
							
								
								
									
										98
									
								
								unittests/configMaps/downloadMode.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										98
									
								
								unittests/configMaps/downloadMode.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,98 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: ConfigMap downloadMode | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/configMapDownloadMode.yaml | ||||
| tests: | ||||
| - it: Skip rending by default. | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Skip rending by using existing config map. | ||||
|   set: | ||||
|     config.downloadMode.enabled: true | ||||
|     config.downloadMode.existingConfigMap.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Rendering with default values | ||||
|   set: | ||||
|     config.downloadMode.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: v1 | ||||
|       kind: ConfigMap | ||||
|       name: athens-proxy-unittest-download-mode-file | ||||
|       namespace: testing | ||||
|   - notExists: | ||||
|       path: metadata.annotations | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|   - equal: | ||||
|       path: data.downloadMode | ||||
|       value: | | ||||
|         downloadURL = "https://proxy.golang.org" | ||||
|  | ||||
|         mode = "async_redirect" | ||||
|  | ||||
|         # download "github.com/gomods/*" { | ||||
|         #     mode = "sync" | ||||
|         # } | ||||
|         # | ||||
|         # download "golang.org/x/*" { | ||||
|         #     mode = "none" | ||||
|         # } | ||||
|         # | ||||
|         # download "github.com/pkg/*" { | ||||
|         #     mode = "redirect" | ||||
|         #     downloadURL = "https://proxy.golang.org" | ||||
|         # } | ||||
|  | ||||
| - it: Rendering custom annotations and labels. | ||||
|   set: | ||||
|     config.downloadMode.enabled: true | ||||
|     config.downloadMode.configMap.annotations: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
|     config.downloadMode.configMap.labels: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: metadata.annotations | ||||
|       value: | ||||
|         foo: bar | ||||
|         bar: foo | ||||
|   - isSubset: | ||||
|       path: metadata.labels | ||||
|       content: | ||||
|         foo: bar | ||||
|         bar: foo | ||||
|  | ||||
| - it: Rendering custom configuration | ||||
|   set: | ||||
|     config.downloadMode.enabled: true | ||||
|     config.downloadMode.configMap.content: | | ||||
|       downloadURL = "https://proxy.golang.org" | ||||
|       mode = "async_redirect" | ||||
|  | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: data.downloadMode | ||||
|       value: | | ||||
|         downloadURL = "https://proxy.golang.org" | ||||
|         mode = "async_redirect" | ||||
							
								
								
									
										93
									
								
								unittests/configMaps/gitConfig.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										93
									
								
								unittests/configMaps/gitConfig.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,93 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: ConfigMap gitConfig | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/configMapGitConfig.yaml | ||||
| tests: | ||||
| - it: Skip rending by default. | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Skip rending by using existing config map. | ||||
|   set: | ||||
|     config.gitConfig.enabled: true | ||||
|     config.gitConfig.existingConfigMap.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Rendering by default. | ||||
|   set: | ||||
|     config.gitConfig.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: v1 | ||||
|       kind: ConfigMap | ||||
|       name: athens-proxy-unittest-gitconfig | ||||
|       namespace: testing | ||||
|   - notExists: | ||||
|       path: metadata.annotations | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|   - equal: | ||||
|       path: data[".gitconfig"] | ||||
|       value: | | ||||
|         # The .gitconfig file | ||||
|         # | ||||
|         # The .gitconfig file contains the user specific git configuration. It generally resides in the user's home | ||||
|         # directory. | ||||
|         # | ||||
|         # [url "git@github.com:"] insteadOf = https://github.com/ | ||||
|  | ||||
| - it: Rendering custom annotations and labels. | ||||
|   set: | ||||
|     config.gitConfig.enabled: true | ||||
|     config.gitConfig.configMap.annotations: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
|     config.gitConfig.configMap.labels: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: metadata.annotations | ||||
|       value: | ||||
|         foo: bar | ||||
|         bar: foo | ||||
|   - isSubset: | ||||
|       path: metadata.labels | ||||
|       content: | ||||
|         foo: bar | ||||
|         bar: foo | ||||
|  | ||||
| - it: Rendering custom configuration | ||||
|   set: | ||||
|     config.gitConfig.enabled: true | ||||
|     config.gitConfig.configMap.content: | | ||||
|       [url "git@github.com:"] | ||||
|       insteadOf = https://github.com/ | ||||
|  | ||||
|       [url "git@git.cryptic.systems:"] | ||||
|       insteadOf = https://git.cryptic.systems/ | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: data[".gitconfig"] | ||||
|       value: | | ||||
|         [url "git@github.com:"] | ||||
|         insteadOf = https://github.com/ | ||||
|  | ||||
|         [url "git@git.cryptic.systems:"] | ||||
|         insteadOf = https://git.cryptic.systems/ | ||||
							
								
								
									
										73
									
								
								unittests/deployment/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										73
									
								
								unittests/deployment/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,73 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Deployment template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/configMapDownloadMode.yaml | ||||
| - templates/configMapGitConfig.yaml | ||||
| - templates/deployment.yaml | ||||
| - templates/secretNetRC.yaml | ||||
| - templates/secretSSH.yaml | ||||
| tests: | ||||
| - it: Rendering default without tls config | ||||
|   asserts: | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_TLSCERT_FILE | ||||
|           value: /etc/athens-proxy/tls/tls.crt | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_TLSKEY_FILE | ||||
|           value: /etc/athens-proxy/tls/tls.key | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: tls | ||||
|           mountPath: /etc/athens-proxy/tls | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: tls | ||||
|           secretRef: | ||||
|             name: athens-proxy-unittest-tls | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering with tls config | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: MyIssuer | ||||
|   asserts: | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_TLSCERT_FILE | ||||
|           value: /etc/athens-proxy/tls/tls.crt | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_TLSKEY_FILE | ||||
|           value: /etc/athens-proxy/tls/tls.key | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: tls | ||||
|           mountPath: /etc/athens-proxy/tls | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: tls | ||||
|           secret: | ||||
|             secretName: athens-proxy-unittest-tls | ||||
|       template: templates/deployment.yaml | ||||
							
								
								
									
										472
									
								
								unittests/deployment/deployment.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										472
									
								
								unittests/deployment/deployment.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,472 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Deployment template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/deployment.yaml | ||||
| tests: | ||||
| - it: Rendering default | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|     template: templates/deployment.yaml | ||||
|   - containsDocument: | ||||
|       apiVersion: apps/v1 | ||||
|       kind: Deployment | ||||
|       name: athens-proxy-unittest | ||||
|       namespace: testing | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: metadata.annotations | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.replicas | ||||
|       value: 1 | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.affinity | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.containers[0].args | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.containers[0].command | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.containers[0].envFrom | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.containers[0].volumeMounts | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.spec.containers[0].image | ||||
|       value: docker.io/gomods/athens:0.1.0 | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.spec.containers[0].imagePullPolicy | ||||
|       value: IfNotPresent | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.containers[0].resources | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.containers[0].securityContext | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.dnsConfig | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.dnsPolicy | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.hostname | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.spec.hostNetwork | ||||
|       value: false | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.imagePullSecrets | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.nodeSelector | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.priorityClassName | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.restartPolicy | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.subdomain | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.spec.terminationGracePeriodSeconds | ||||
|       value: 60 | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.tolerations | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.topologySpreadConstraints | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.strategy | ||||
|       value: | ||||
|         type: "RollingUpdate" | ||||
|         rollingUpdate: | ||||
|           maxSurge: 1 | ||||
|           maxUnavailable: 1 | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test custom replicas | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.replicas: 3 | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.replicas | ||||
|       value: 3 | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test custom affinity | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.affinity: | ||||
|       nodeAffinity: | ||||
|         requiredDuringSchedulingIgnoredDuringExecution: | ||||
|           nodeSelectorTerms: | ||||
|           - matchExpressions: | ||||
|             - key: topology.kubernetes.io/zone | ||||
|               operator: In | ||||
|               values: | ||||
|               - antarctica-east1 | ||||
|               - antarctica-west1 | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.affinity | ||||
|       value: | ||||
|         nodeAffinity: | ||||
|           requiredDuringSchedulingIgnoredDuringExecution: | ||||
|             nodeSelectorTerms: | ||||
|             - matchExpressions: | ||||
|               - key: topology.kubernetes.io/zone | ||||
|                 operator: In | ||||
|                 values: | ||||
|                 - antarctica-east1 | ||||
|                 - antarctica-west1 | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test additional arguments | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.athensProxy.args: | ||||
|     - "--foo=bar" | ||||
|     - "--bar=foo" | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.containers[0].args | ||||
|       value: | ||||
|       - --foo=bar | ||||
|       - --bar=foo | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test additional command | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.athensProxy.command: | ||||
|     - "/bin/sh" | ||||
|     - "-c" | ||||
|     - "echo hello" | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.containers[0].command | ||||
|       value: | ||||
|       - "/bin/sh" | ||||
|       - "-c" | ||||
|       - "echo hello" | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test custom imageRegistry and imageRepository | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.athensProxy.image.registry: registry.example.local | ||||
|     deployment.athensProxy.image.repository: path/special/athens-proxy | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.containers[0].image | ||||
|       value: registry.example.local/path/special/athens-proxy:0.1.0 | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test custom imagePullPolicy | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.athensProxy.image.pullPolicy: Always | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.containers[0].imagePullPolicy | ||||
|       value: Always | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test custom resource limits and requests | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.athensProxy.resources: | ||||
|       limits: | ||||
|         cpu: 100m | ||||
|         memory: 250MB | ||||
|       requests: | ||||
|         cpu: 25m | ||||
|         memory: 100MB | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.containers[0].env | ||||
|       value: | ||||
|       - name: GOMAXPROCS | ||||
|         valueFrom: | ||||
|           resourceFieldRef: | ||||
|             divisor: "1" | ||||
|             resource: limits.cpu | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.spec.containers[0].resources | ||||
|       value: | ||||
|         limits: | ||||
|           cpu: 100m | ||||
|           memory: 250MB | ||||
|         requests: | ||||
|           cpu: 25m | ||||
|           memory: 100MB | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test custom securityContext | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.athensProxy.securityContext: | ||||
|       capabilities: | ||||
|         add: | ||||
|         - NET_RAW | ||||
|         drop: | ||||
|         - ALL | ||||
|       privileged: false | ||||
|       readOnlyRootFilesystem: true | ||||
|       runAsNonRoot: true | ||||
|       runAsUser: 1000 | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.containers[0].securityContext | ||||
|       value: | ||||
|         capabilities: | ||||
|           add: | ||||
|           - NET_RAW | ||||
|           drop: | ||||
|           - ALL | ||||
|         privileged: false | ||||
|         readOnlyRootFilesystem: true | ||||
|         runAsNonRoot: true | ||||
|         runAsUser: 1000 | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test dnsConfig | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.dnsConfig: | ||||
|       nameservers: | ||||
|       - "8.8.8.8" | ||||
|       - "8.8.4.4" | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.dnsConfig | ||||
|       value: | ||||
|         nameservers: | ||||
|         - "8.8.8.8" | ||||
|         - "8.8.4.4" | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test dnsPolicy | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.dnsPolicy: ClusterFirst | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.dnsPolicy | ||||
|       value: ClusterFirst | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test hostNetwork, hostname, subdomain | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.hostNetwork: true | ||||
|     deployment.hostname: pg-exporter | ||||
|     deployment.subdomain: exporters.internal | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.hostNetwork | ||||
|       value: true | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.spec.hostname | ||||
|       value: pg-exporter | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.spec.subdomain | ||||
|       value: exporters.internal | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test imagePullSecrets | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.imagePullSecrets: | ||||
|     - name: my-pull-secret | ||||
|     - name: my-special-secret | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.imagePullSecrets | ||||
|       value: | ||||
|       - name: my-pull-secret | ||||
|       - name: my-special-secret | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test nodeSelector | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.nodeSelector: | ||||
|       foo: bar | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.nodeSelector | ||||
|       value: | ||||
|         foo: bar | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test priorityClassName | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.priorityClassName: my-priority | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.priorityClassName | ||||
|       value: my-priority | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test restartPolicy | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.restartPolicy: Always | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.restartPolicy | ||||
|       value: Always | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test terminationGracePeriodSeconds | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.terminationGracePeriodSeconds: 120 | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.terminationGracePeriodSeconds | ||||
|       value: 120 | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test tolerations | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.tolerations: | ||||
|     - key: database/type | ||||
|       operator: Equal | ||||
|       value: postgres | ||||
|       effect: NoSchedule | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.tolerations | ||||
|       value: | ||||
|       - key: database/type | ||||
|         operator: Equal | ||||
|         value: postgres | ||||
|         effect: NoSchedule | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test topologySpreadConstraints | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.topologySpreadConstraints: | ||||
|     - topologyKey: kubernetes.io/hostname | ||||
|       whenUnsatisfiable: DoNotSchedule | ||||
|       labelSelector: | ||||
|         matchLabels: | ||||
|           app.kubernetes.io/instance: athens-proxy | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.topologySpreadConstraints | ||||
|       value: | ||||
|       - topologyKey: kubernetes.io/hostname | ||||
|         whenUnsatisfiable: DoNotSchedule | ||||
|         labelSelector: | ||||
|           matchLabels: | ||||
|             app.kubernetes.io/instance: athens-proxy | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test additional volumeMounts and volumes | ||||
|   set: | ||||
|     # Ensure that the secrets and config maps are well configured. | ||||
|  | ||||
|     # Normal test values | ||||
|     deployment.athensProxy.volumeMounts: | ||||
|     - name: data | ||||
|       mountPath: /usr/lib/athens-proxy/data | ||||
|     deployment.volumes: | ||||
|     - name: data | ||||
|       hostPath: | ||||
|         path: /usr/lib/athens-proxy/data | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.containers[0].volumeMounts | ||||
|       value: | ||||
|       - name: data | ||||
|         mountPath: /usr/lib/athens-proxy/data | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.spec.volumes | ||||
|       value: | ||||
|       - name: data | ||||
|         hostPath: | ||||
|           path: /usr/lib/athens-proxy/data | ||||
|     template: templates/deployment.yaml | ||||
							
								
								
									
										105
									
								
								unittests/deployment/downloadMode.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										105
									
								
								unittests/deployment/downloadMode.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,105 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Deployment template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/configMapDownloadMode.yaml | ||||
| - templates/configMapGitConfig.yaml | ||||
| - templates/deployment.yaml | ||||
| - templates/secretNetRC.yaml | ||||
| - templates/secretSSH.yaml | ||||
| tests: | ||||
| - it: Rendering default without mounted download mode config map | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_DOWNLOAD_MODE | ||||
|           value: file:/etc/athens/config/download-mode.d/download-mode | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: download-mode | ||||
|           mountPath: /etc/athens/config/download-mode.d | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: download-mode | ||||
|           configMap: | ||||
|             name: athens-proxy-unittest-download-mode-file | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering default with mounted gitconfig configMap | ||||
|   set: | ||||
|     config.downloadMode.enabled: true | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - exists: | ||||
|         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_DOWNLOAD_MODE | ||||
|           value: file:/etc/athens/config/download-mode.d/download-mode | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: download-mode | ||||
|           mountPath: /etc/athens/config/download-mode.d | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: download-mode | ||||
|           configMap: | ||||
|             items: | ||||
|               - key: downloadMode | ||||
|                 mode: 0644 | ||||
|                 path: download-mode | ||||
|             name: athens-proxy-unittest-download-mode-file | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering with custom download mode configMap | ||||
|   set: | ||||
|     config.downloadMode.enabled: true | ||||
|     config.downloadMode.existingConfigMap.enabled: true | ||||
|     config.downloadMode.existingConfigMap.configMapName: "my-custom-configmap" | ||||
|     config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key" | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_DOWNLOAD_MODE | ||||
|           value: file:/etc/athens/config/download-mode.d/download-mode | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: download-mode | ||||
|           mountPath: /etc/athens/config/download-mode.d | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: download-mode | ||||
|           configMap: | ||||
|             items: | ||||
|             - key: "my-custom-download-mode-filename-key" | ||||
|               path: "download-mode" | ||||
|               mode: 0644 | ||||
|             name: my-custom-configmap | ||||
|       template: templates/deployment.yaml | ||||
							
								
								
									
										51
									
								
								unittests/deployment/env.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										51
									
								
								unittests/deployment/env.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,51 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Deployment template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/deployment.yaml | ||||
| - templates/secretEnv.yaml | ||||
| tests: | ||||
| - it: Rendering default without mounted env secret | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].envFrom | ||||
|         content: | ||||
|           secretRef: | ||||
|             name: athens-proxy-unittest-env | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering default with mounted env secret | ||||
|   set: | ||||
|     config.env.enabled: true | ||||
|   asserts: | ||||
|     - exists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].envFrom | ||||
|         content: | ||||
|           secretRef: | ||||
|             name: athens-proxy-unittest-env | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering default with mounted env secret | ||||
|   set: | ||||
|     config.env.enabled: true | ||||
|     config.env.existingSecret.enabled: true | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].envFrom | ||||
|         content: | ||||
|           secretRef: | ||||
|             name: athens-proxy-unittest-env | ||||
|       template: templates/deployment.yaml | ||||
							
								
								
									
										100
									
								
								unittests/deployment/gitConfig.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										100
									
								
								unittests/deployment/gitConfig.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,100 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Deployment template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/configMapDownloadMode.yaml | ||||
| - templates/configMapGitConfig.yaml | ||||
| - templates/deployment.yaml | ||||
| - templates/secretNetRC.yaml | ||||
| - templates/secretSSH.yaml | ||||
| tests: | ||||
| - it: Rendering default without mounted git config map | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.gitconfig | ||||
|           subPath: .gitconfig | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: secrets | ||||
|           projected: | ||||
|             sources: | ||||
|             - configMap: | ||||
|                 items: | ||||
|                 - key: .gitconfig | ||||
|                   path: .gitconfig | ||||
|                   mode: 0600 | ||||
|                 name: athens-proxy-unittest-gitconfig | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering default with mounted gitconfig configMap | ||||
|   set: | ||||
|     config.gitConfig.enabled: true | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - exists: | ||||
|         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.gitconfig | ||||
|           subPath: .gitconfig | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: secrets | ||||
|           projected: | ||||
|             sources: | ||||
|             - configMap: | ||||
|                 items: | ||||
|                 - key: .gitconfig | ||||
|                   path: .gitconfig | ||||
|                   mode: 0644 | ||||
|                 name: athens-proxy-unittest-gitconfig | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering with custom gitconfig configMap | ||||
|   set: | ||||
|     config.gitConfig.enabled: true | ||||
|     config.gitConfig.existingConfigMap.enabled: true | ||||
|     config.gitConfig.existingConfigMap.configMapName: "my-custom-configmap" | ||||
|     config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key" | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.gitconfig | ||||
|           subPath: .gitconfig | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: secrets | ||||
|           projected: | ||||
|             sources: | ||||
|             - configMap: | ||||
|                 items: | ||||
|                 - key: my-gitconfig-key | ||||
|                   path: .gitconfig | ||||
|                   mode: 0644 | ||||
|                 name: my-custom-configmap | ||||
|       template: templates/deployment.yaml | ||||
							
								
								
									
										99
									
								
								unittests/deployment/netrc.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										99
									
								
								unittests/deployment/netrc.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,99 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Deployment template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/configMapDownloadMode.yaml | ||||
| - templates/configMapGitConfig.yaml | ||||
| - templates/deployment.yaml | ||||
| - templates/secretNetRC.yaml | ||||
| - templates/secretSSH.yaml | ||||
| tests: | ||||
| - it: Rendering default without mounted netrc secret | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: netrc | ||||
|           mountPath: /root | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: secrets | ||||
|           projected: | ||||
|             sources: | ||||
|             - secret: | ||||
|                 items: | ||||
|                 - key: .netrc | ||||
|                   path: .netrc | ||||
|                   mode: 0600 | ||||
|                 name: athens-proxy-unittest-netrc | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering default with mounted netrc secret | ||||
|   set: | ||||
|     config.netrc.enabled: true | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - exists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.netrc | ||||
|           subPath: .netrc | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: secrets | ||||
|           projected: | ||||
|             sources: | ||||
|             - secret: | ||||
|                 items: | ||||
|                 - key: .netrc | ||||
|                   path: .netrc | ||||
|                   mode: 0600 | ||||
|                 name: athens-proxy-unittest-netrc | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering with custom netrc secret | ||||
|   set: | ||||
|     config.netrc.enabled: true | ||||
|     config.netrc.existingSecret.enabled: true | ||||
|     config.netrc.existingSecret.secretName: "my-custom-secret" | ||||
|     config.netrc.existingSecret.netrcKey: "my-netrc-key" | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netc | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.netrc | ||||
|           subPath: .netrc | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: secrets | ||||
|           projected: | ||||
|             sources: | ||||
|             - secret: | ||||
|                 items: | ||||
|                 - key: my-netrc-key | ||||
|                   path: .netrc | ||||
|                   mode: 0600 | ||||
|                 name: my-custom-secret | ||||
|       template: templates/deployment.yaml | ||||
							
								
								
									
										77
									
								
								unittests/deployment/persistentVolumeClaim.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										77
									
								
								unittests/deployment/persistentVolumeClaim.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,77 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Deployment template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/configMapDownloadMode.yaml | ||||
| - templates/configMapGitConfig.yaml | ||||
| - templates/deployment.yaml | ||||
| - templates/secretNetRC.yaml | ||||
| - templates/secretSSH.yaml | ||||
| tests: | ||||
| - it: Test persistent volume claim | ||||
|   set: | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_STORAGE_TYPE | ||||
|           value: disk | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_DISK_STORAGE_ROOT | ||||
|           value: /var/www/athens-proxy/data | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: data | ||||
|           mountPath: /var/www/athens-proxy/data | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: data | ||||
|           persistentVolumeClaim: | ||||
|             claimName: athens-proxy-unittest-data | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test existing persistent volume claim | ||||
|   set: | ||||
|     config.netrc.enabled: true | ||||
|     persistence.enabled: true | ||||
|     persistence.data.mountPath: "/mnt/go-proxy/data" | ||||
|     persistence.data.existingPersistentVolumeClaim.enabled: true | ||||
|     persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName: "my-special-pvc" | ||||
|   asserts: | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_STORAGE_TYPE | ||||
|           value: disk | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_DISK_STORAGE_ROOT | ||||
|           value: /mnt/go-proxy/data | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: data | ||||
|           mountPath: /mnt/go-proxy/data | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: data | ||||
|           persistentVolumeClaim: | ||||
|             claimName: my-special-pvc | ||||
|       template: templates/deployment.yaml | ||||
							
								
								
									
										254
									
								
								unittests/deployment/ssh.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										254
									
								
								unittests/deployment/ssh.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,254 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Deployment template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/configMapDownloadMode.yaml | ||||
| - templates/configMapGitConfig.yaml | ||||
| - templates/deployment.yaml | ||||
| - templates/secretNetRC.yaml | ||||
| - templates/secretSSH.yaml | ||||
| tests: | ||||
| - it: Rendering default without mounted ssh secret | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/config | ||||
|           subPath: config | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_ed25519 | ||||
|           subPath: id_ed25519 | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_ed25519.pub | ||||
|           subPath: id_ed25519.pub | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_rsa | ||||
|           subPath: id_rsa | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_rsa.pub | ||||
|           subPath: id_rsa.pub | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: secrets | ||||
|           projected: | ||||
|             sources: | ||||
|             - secret: | ||||
|                 items: | ||||
|                 - key: config | ||||
|                   path: config | ||||
|                   mode: 0644 | ||||
|                 - key: id_ed25519 | ||||
|                   path: id_ed25519 | ||||
|                   mode: 0600 | ||||
|                 - key: id_ed25519.pub | ||||
|                   path: id_ed25519.pub | ||||
|                   mode: 0644 | ||||
|                 - key: id_rsa | ||||
|                   path: id_rsa | ||||
|                   mode: 0600 | ||||
|                 - key: id_rsa.pub | ||||
|                   path: id_rsa.pub | ||||
|                   mode: 0644 | ||||
|                 name: athens-proxy-unittest-ssh | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering default with mounted ssh config | ||||
|   set: | ||||
|     config.ssh.enabled: true | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/config | ||||
|           subPath: config | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: secrets | ||||
|           projected: | ||||
|             sources: | ||||
|             - secret: | ||||
|                 items: | ||||
|                 - key: config | ||||
|                   path: config | ||||
|                   mode: 0600 | ||||
|                 name: athens-proxy-unittest-ssh | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering default with mounted ssh keys | ||||
|   set: | ||||
|     config.ssh.enabled: true | ||||
|     config.ssh.secret.id_ed25519: foo | ||||
|     config.ssh.secret.id_ed25519_pub: bar | ||||
|     config.ssh.secret.id_rsa: foo | ||||
|     config.ssh.secret.id_rsa_pub: bar | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - exists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/config | ||||
|           subPath: config | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_ed25519 | ||||
|           subPath: id_ed25519 | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_ed25519.pub | ||||
|           subPath: id_ed25519.pub | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_rsa | ||||
|           subPath: id_rsa | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_rsa.pub | ||||
|           subPath: id_rsa.pub | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: secrets | ||||
|           projected: | ||||
|             sources: | ||||
|             - secret: | ||||
|                 items: | ||||
|                 - key: config | ||||
|                   path: config | ||||
|                   mode: 0600 | ||||
|                 - key: id_ed25519 | ||||
|                   path: id_ed25519 | ||||
|                   mode: 0600 | ||||
|                 - key: id_ed25519.pub | ||||
|                   path: id_ed25519.pub | ||||
|                   mode: 0644 | ||||
|                 - key: id_rsa | ||||
|                   path: id_rsa | ||||
|                   mode: 0600 | ||||
|                 - key: id_rsa.pub | ||||
|                   path: id_rsa.pub | ||||
|                   mode: 0644 | ||||
|                 name: athens-proxy-unittest-ssh | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering with custom ssh secret | ||||
|   set: | ||||
|     config.ssh.enabled: true | ||||
|     config.ssh.existingSecret.enabled: true | ||||
|     config.ssh.existingSecret.secretName: "my-custom-secret" | ||||
|     config.ssh.existingSecret.configKey : "my-config-key" | ||||
|     config.ssh.existingSecret.id_ed25519Key : "my-private-ed25519-key" | ||||
|     config.ssh.existingSecret.id_ed25519PubKey : "my-public-ed25519-key" | ||||
|     config.ssh.existingSecret.id_rsaKey : "my-private-rsa-key" | ||||
|     config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key" | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/config | ||||
|           subPath: config | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_ed25519 | ||||
|           subPath: id_ed25519 | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_ed25519.pub | ||||
|           subPath: id_ed25519.pub | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_rsa | ||||
|           subPath: id_rsa | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_rsa.pub | ||||
|           subPath: id_rsa.pub | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: secrets | ||||
|           projected: | ||||
|             sources: | ||||
|             - secret: | ||||
|                 items: | ||||
|                 - key: my-config-key | ||||
|                   path: config | ||||
|                   mode: 0600 | ||||
|                 - key: my-private-ed25519-key | ||||
|                   path: id_ed25519 | ||||
|                   mode: 0600 | ||||
|                 - key: my-public-ed25519-key | ||||
|                   path: id_ed25519.pub | ||||
|                   mode: 0644 | ||||
|                 - key: my-private-rsa-key | ||||
|                   path: id_rsa | ||||
|                   mode: 0600 | ||||
|                 - key: my-public-rsa-key | ||||
|                   path: id_rsa.pub | ||||
|                   mode: 0644 | ||||
|                 name: my-custom-secret | ||||
|       template: templates/deployment.yaml | ||||
							
								
								
									
										116
									
								
								unittests/hpa/default.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										116
									
								
								unittests/hpa/default.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,116 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: HPA template (basic) | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/hpa.yaml | ||||
| tests: | ||||
| - it: Skip rendering by default. | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Rendering when enabled - default | ||||
|   set: | ||||
|     hpa.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: autoscaling/v2 | ||||
|       kind: HorizontalPodAutoscaler | ||||
|       name: athens-proxy-unittest | ||||
|       namespace: testing | ||||
|   - notExists: | ||||
|       path: metadata.annotations | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|   - contains: | ||||
|       path: spec.metrics | ||||
|       content: | ||||
|         resource: | ||||
|           name: cpu | ||||
|           target: | ||||
|             averageUtilization: 65 | ||||
|             type: Utilization | ||||
|         type: Resource | ||||
|   - equal: | ||||
|       path: spec.maxReplicas | ||||
|       value: 10 | ||||
|   - equal: | ||||
|       path: spec.minReplicas | ||||
|       value: 1 | ||||
|   - equal: | ||||
|       path: spec.scaleTargetRef | ||||
|       value: | ||||
|         apiVersion: apps/v1 | ||||
|         kind: Deployment | ||||
|         name: athens-proxy-unittest | ||||
|  | ||||
| - it: Rendering when enabled - custom values | ||||
|   set: | ||||
|     hpa.enabled: true | ||||
|     hpa.annotations: | ||||
|       foo: bar | ||||
|     hpa.labels: | ||||
|       bar: foo | ||||
|     hpa.maxReplicas: 25 | ||||
|     hpa.minReplicas: 5 | ||||
|     hpa.metrics: | ||||
|     - resource: | ||||
|         name: memory | ||||
|         target: | ||||
|           averageUtilization: 65 | ||||
|           type: Utilization | ||||
|       type: Resource | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: autoscaling/v2 | ||||
|       kind: HorizontalPodAutoscaler | ||||
|       name: athens-proxy-unittest | ||||
|       namespace: testing | ||||
|   - equal: | ||||
|       path: metadata.annotations | ||||
|       value: | ||||
|         foo: bar | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         bar: foo | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|   - contains: | ||||
|       path: spec.metrics | ||||
|       content: | ||||
|         resource: | ||||
|           name: memory | ||||
|           target: | ||||
|             averageUtilization: 65 | ||||
|             type: Utilization | ||||
|         type: Resource | ||||
|   - equal: | ||||
|       path: spec.maxReplicas | ||||
|       value: 25 | ||||
|   - equal: | ||||
|       path: spec.minReplicas | ||||
|       value: 5 | ||||
|   - equal: | ||||
|       path: spec.scaleTargetRef | ||||
|       value: | ||||
|         apiVersion: apps/v1 | ||||
|         kind: Deployment | ||||
|         name: athens-proxy-unittest | ||||
							
								
								
									
										139
									
								
								unittests/ingress/ingress.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										139
									
								
								unittests/ingress/ingress.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,139 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Ingress template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/ingress.yaml | ||||
| tests: | ||||
| - it: Skip ingress by default. | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Skip ingress, when service is disabled. | ||||
|   set: | ||||
|     services.http.enabled: false | ||||
|     ingress.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Render ingress with default values. | ||||
|   set: | ||||
|     ingress.enabled: true | ||||
|     ingress.hosts: | ||||
|     - host: athens-proxy.example.local | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: Prefix | ||||
|     ingress.tls: | ||||
|     - secretName: athens-proxy-http-tls | ||||
|       hosts: | ||||
|       - athens-proxy.example.local | ||||
|  | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: networking.k8s.io/v1 | ||||
|       kind: Ingress | ||||
|       name: athens-proxy-unittest | ||||
|       namespace: testing | ||||
|   - notExists: | ||||
|       path: metadata.annotations | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|   - equal: | ||||
|       path: spec.ingressClassName | ||||
|       value: nginx | ||||
|   - contains: | ||||
|       path: spec.rules | ||||
|       content: | ||||
|         host: athens-proxy.example.local | ||||
|         http: | ||||
|           paths: | ||||
|           - path: / | ||||
|             pathType: Prefix | ||||
|             backend: | ||||
|               service: | ||||
|                 name: athens-proxy-unittest-http | ||||
|                 port: | ||||
|                   number: 3000 | ||||
|   - contains: | ||||
|       path: spec.tls | ||||
|       content: | ||||
|         hosts: | ||||
|         - athens-proxy.example.local | ||||
|         secretName: athens-proxy-http-tls | ||||
|  | ||||
| - it: Render ingress with custom values. | ||||
|   set: | ||||
|     ingress.enabled: true | ||||
|     ingress.annotations: | ||||
|       foo: bar | ||||
|     ingress.className: nginx | ||||
|     ingress.labels: | ||||
|       bar: foo | ||||
|     ingress.hosts: | ||||
|     - host: athens-proxy.example.local | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: Prefix | ||||
|     ingress.tls: | ||||
|     - secretName: athens-proxy-http-tls | ||||
|       hosts: | ||||
|       - athens-proxy.example.local | ||||
|     services.http.port: 8080 | ||||
|  | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: networking.k8s.io/v1 | ||||
|       kind: Ingress | ||||
|       name: athens-proxy-unittest | ||||
|       namespace: testing | ||||
|   - equal: | ||||
|       path: metadata.annotations | ||||
|       value: | ||||
|         foo: bar | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|         bar: foo | ||||
|   - equal: | ||||
|       path: spec.ingressClassName | ||||
|       value: nginx | ||||
|   - contains: | ||||
|       path: spec.rules | ||||
|       content: | ||||
|         host: athens-proxy.example.local | ||||
|         http: | ||||
|           paths: | ||||
|           - path: / | ||||
|             pathType: Prefix | ||||
|             backend: | ||||
|               service: | ||||
|                 name: athens-proxy-unittest-http | ||||
|                 port: | ||||
|                   number: 8080 | ||||
|   - contains: | ||||
|       path: spec.tls | ||||
|       content: | ||||
|         hosts: | ||||
|         - athens-proxy.example.local | ||||
|         secretName: athens-proxy-http-tls | ||||
							
								
								
									
										98
									
								
								unittests/networkPolicy/networkPolicy.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										98
									
								
								unittests/networkPolicy/networkPolicy.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,98 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: NetworkPolicy template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/networkPolicy.yaml | ||||
| tests: | ||||
| - it: Skip rendering networkPolicy | ||||
|   set: | ||||
|     networkPolicy.enabled: false | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Render default networkPolicy | ||||
|   set: | ||||
|     networkPolicy.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count:  1 | ||||
|   - containsDocument: | ||||
|       apiVersion: networking.k8s.io/v1 | ||||
|       kind: NetworkPolicy | ||||
|       name: athens-proxy-unittest | ||||
|       namespace: testing | ||||
|   - notExists: | ||||
|       path: metadata.annotations | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|   - equal: | ||||
|       path: spec.podSelector.matchLabels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|   - notExists: | ||||
|       path: spec.policyTypes | ||||
|   - notExists: | ||||
|       path: spec.egress | ||||
|   - notExists: | ||||
|       path: spec.ingress | ||||
|  | ||||
| - it: Template networkPolicy with policyTypes, egress and ingress configuration | ||||
|   set: | ||||
|     networkPolicy.enabled: true | ||||
|     networkPolicy.policyTypes: | ||||
|     - Egress | ||||
|     - Ingress | ||||
|     networkPolicy.ingress: | ||||
|     - from: | ||||
|       - namespaceSelector: | ||||
|           matchLabels: | ||||
|             kubernetes.io/metadata.name: monitoring | ||||
|         podSelector: | ||||
|           matchLabels: | ||||
|             app.kubernetes.io/name: prometheus | ||||
|     networkPolicy.egress: | ||||
|     - to: | ||||
|       - namespaceSelector: | ||||
|           matchLabels: | ||||
|             kubernetes.io/metadata.name: ingress-nginx | ||||
|         podSelector: | ||||
|           matchLabels: | ||||
|             app.kubernetes.io/name: ingress-nginx | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.policyTypes | ||||
|       value: | ||||
|       - Egress | ||||
|       - Ingress | ||||
|   - equal: | ||||
|       path: spec.egress | ||||
|       value: | ||||
|       - to: | ||||
|         - namespaceSelector: | ||||
|             matchLabels: | ||||
|               kubernetes.io/metadata.name: ingress-nginx | ||||
|           podSelector: | ||||
|             matchLabels: | ||||
|               app.kubernetes.io/name: ingress-nginx | ||||
|   - equal: | ||||
|       path: spec.ingress | ||||
|       value: | ||||
|       - from: | ||||
|         - namespaceSelector: | ||||
|             matchLabels: | ||||
|               kubernetes.io/metadata.name: monitoring | ||||
|           podSelector: | ||||
|             matchLabels: | ||||
|               app.kubernetes.io/name: prometheus | ||||
							
								
								
									
										90
									
								
								unittests/persistentVolumeClaim/persistentVolumeClaim.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										90
									
								
								unittests/persistentVolumeClaim/persistentVolumeClaim.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,90 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: PersistentVolumeClaim template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/persistentVolumeClaim.yaml | ||||
| tests: | ||||
| - it: Rendering default | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Rendering with enabled persistent storage | ||||
|   set: | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: v1 | ||||
|       kind: PersistentVolumeClaim | ||||
|       name: athens-proxy-unittest-data | ||||
|       namespace: testing | ||||
|   - notExists: | ||||
|       path: metadata.annotations | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|   - equal: | ||||
|       path: spec.accessModes | ||||
|       value: | ||||
|       - ReadWriteMany | ||||
|   - isSubset: | ||||
|       path: spec.resources | ||||
|       content: | ||||
|         requests: | ||||
|           storage: 5Gi | ||||
|   - notExists: | ||||
|       path: spec.storageClassName | ||||
|  | ||||
| - it: Rendering with custom enabled persistent storage | ||||
|   set: | ||||
|     persistence.enabled: true | ||||
|     persistence.data.persistentVolumeClaim.annotations: | ||||
|       foo: bar | ||||
|     persistence.data.persistentVolumeClaim.labels: | ||||
|       bar: foo | ||||
|     persistence.data.persistentVolumeClaim.storageClassName: my-storage-class | ||||
|     persistence.data.persistentVolumeClaim.storageSize: 10Gi | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: v1 | ||||
|       kind: PersistentVolumeClaim | ||||
|       name: athens-proxy-unittest-data | ||||
|       namespace: testing | ||||
|   - equal: | ||||
|       path: metadata.annotations | ||||
|       value: | ||||
|         foo: bar | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         bar: foo | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|   - equal: | ||||
|       path: spec.accessModes | ||||
|       value: | ||||
|       - ReadWriteMany | ||||
|   - isSubset: | ||||
|       path: spec.resources | ||||
|       content: | ||||
|         requests: | ||||
|           storage: 10Gi | ||||
|   - equal: | ||||
|       path: spec.storageClassName | ||||
|       value: my-storage-class | ||||
							
								
								
									
										77
									
								
								unittests/secrets/env.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										77
									
								
								unittests/secrets/env.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,77 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Secret environment variables | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/secretEnv.yaml | ||||
| tests: | ||||
| - it: Skip rendering by default | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Skip rendering by using existing secret. | ||||
|   set: | ||||
|     config.env.enabled: true | ||||
|     config.env.existingSecret.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Rendering env secret with default values. | ||||
|   set: | ||||
|     config.env.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: v1 | ||||
|       kind: Secret | ||||
|       name: athens-proxy-unittest-env | ||||
|       namespace: testing | ||||
|   - notExists: | ||||
|       path: metadata.annotations | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|   - isNullOrEmpty: | ||||
|       path: stringData | ||||
|  | ||||
| - it: Rendering env secret with custom values. | ||||
|   set: | ||||
|     config.env.enabled: true | ||||
|     config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token | ||||
|   asserts: | ||||
|   - isSubset: | ||||
|       path: stringData | ||||
|       content: | ||||
|         ATHENS_GITHUB_TOKEN: my-secret-token | ||||
|  | ||||
| - it: Rendering custom annotations and labels. | ||||
|   set: | ||||
|     config.env.enabled: true | ||||
|     config.env.secret.annotations: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
|     config.env.secret.labels: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: metadata.annotations | ||||
|       value: | ||||
|         foo: bar | ||||
|         bar: foo | ||||
|   - isSubset: | ||||
|       path: metadata.labels | ||||
|       content: | ||||
|         foo: bar | ||||
|         bar: foo | ||||
							
								
								
									
										93
									
								
								unittests/secrets/netrc.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										93
									
								
								unittests/secrets/netrc.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,93 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Secret netrc template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/secretNetRC.yaml | ||||
| tests: | ||||
| - it: Skip rendering by default | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Skip rendering by using existing secret. | ||||
|   set: | ||||
|     config.netrc.enabled: true | ||||
|     config.netrc.existingSecret.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Rendering netrc secret with default values. | ||||
|   set: | ||||
|     config.netrc.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: v1 | ||||
|       kind: Secret | ||||
|       name: athens-proxy-unittest-netrc | ||||
|       namespace: testing | ||||
|   - notExists: | ||||
|       path: metadata.annotations | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|   - equal: | ||||
|       path: stringData[".netrc"] | ||||
|       value: | | ||||
|         # The .netrc file | ||||
|         # | ||||
|         # The .netrc file contains login and initialization information used by the auto-login process. It generally | ||||
|         # resides in the user's home directory, but a location outside of the home directory can be set using the | ||||
|         # environment variable NETRC. Both locations are overridden by the command line option -N. The selected file | ||||
|         # must be a regular file, or access will be denied. | ||||
|         # | ||||
|         # https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html | ||||
|         # | ||||
|         # default login           [name]     password  [password/token] | ||||
|         # machine github.com      [octocat]  password  [PAT] | ||||
|         # machine api.github.com  [octocat]  password  [PAT] | ||||
|  | ||||
| - it: Rendering netrc secret with custom values. | ||||
|   set: | ||||
|     config.netrc.enabled: true | ||||
|     config.netrc.secret.content: | | ||||
|       default github.com hugo password kinnock | ||||
|       default api.github.com hugo password kinnock | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: stringData[".netrc"] | ||||
|       value: | | ||||
|         default github.com hugo password kinnock | ||||
|         default api.github.com hugo password kinnock | ||||
|  | ||||
| - it: Rendering custom annotations and labels. | ||||
|   set: | ||||
|     config.netrc.enabled: true | ||||
|     config.netrc.secret.annotations: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
|     config.netrc.secret.labels: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: metadata.annotations | ||||
|       value: | ||||
|         foo: bar | ||||
|         bar: foo | ||||
|   - isSubset: | ||||
|       path: metadata.labels | ||||
|       content: | ||||
|         foo: bar | ||||
|         bar: foo | ||||
							
								
								
									
										119
									
								
								unittests/secrets/ssh.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										119
									
								
								unittests/secrets/ssh.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,119 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Secret ssh template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/secretSSH.yaml | ||||
| tests: | ||||
| - it: Skip rending by default. | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Skip rendering by using existing secret. | ||||
|   set: | ||||
|     config.ssh.enabled: true | ||||
|     config.ssh.existingSecret.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Rendering ssh secret with default values. | ||||
|   set: | ||||
|     config.ssh.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: v1 | ||||
|       kind: Secret | ||||
|       name: athens-proxy-unittest-ssh | ||||
|       namespace: testing | ||||
|   - notExists: | ||||
|       path: metadata.annotations | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|   - equal: | ||||
|       path: stringData.config | ||||
|       value: | | ||||
|         # Host * | ||||
|         #   IdentityFile ~/.ssh/id_ed25519 | ||||
|         #   IdentityFile ~/.ssh/id_rsa | ||||
|   - notExists: | ||||
|       path: stringData.id_ed25519 | ||||
|   - notExists: | ||||
|       path: stringData["id_ed25519.pub"] | ||||
|   - notExists: | ||||
|       path: stringData.id_rsa | ||||
|   - notExists: | ||||
|       path: stringData["id_rsa.pub"] | ||||
|  | ||||
| - it: Rendering ssh secret with custom values. | ||||
|   set: | ||||
|     config.ssh.enabled: true | ||||
|     config.ssh.secret.config: | | ||||
|       Host * | ||||
|         IdentityFile ~/.ssh/id_ed25519 | ||||
|         IdentityFile ~/.ssh/id_rsa | ||||
|     config.ssh.secret.id_ed25519: | | ||||
|       my-private-25519-key | ||||
|     config.ssh.secret.id_ed25519_pub: | | ||||
|       my-public-25519-key | ||||
|     config.ssh.secret.id_rsa: | | ||||
|       my-private-rsa-key | ||||
|     config.ssh.secret.id_rsa_pub: | | ||||
|       my-public-rsa-key | ||||
|  | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: stringData.config | ||||
|       value: | | ||||
|         Host * | ||||
|           IdentityFile ~/.ssh/id_ed25519 | ||||
|           IdentityFile ~/.ssh/id_rsa | ||||
|   - equal: | ||||
|       path: stringData.id_ed25519 | ||||
|       value: | | ||||
|         my-private-25519-key | ||||
|   - equal: | ||||
|       path: stringData["id_ed25519.pub"] | ||||
|       value: | | ||||
|         my-public-25519-key | ||||
|   - equal: | ||||
|       path: stringData.id_rsa | ||||
|       value: | | ||||
|         my-private-rsa-key | ||||
|   - equal: | ||||
|       path: stringData["id_rsa.pub"] | ||||
|       value: | | ||||
|         my-public-rsa-key | ||||
|  | ||||
| - it: Rendering custom annotations and labels. | ||||
|   set: | ||||
|     config.ssh.enabled: true | ||||
|     config.ssh.secret.annotations: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
|     config.ssh.secret.labels: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: metadata.annotations | ||||
|       value: | ||||
|         foo: bar | ||||
|         bar: foo | ||||
|   - isSubset: | ||||
|       path: metadata.labels | ||||
|       content: | ||||
|         foo: bar | ||||
|         bar: foo | ||||
							
								
								
									
										79
									
								
								unittests/serviceAccounts/serviceAccount.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										79
									
								
								unittests/serviceAccounts/serviceAccount.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,79 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: ServiceAccount athens-proxy template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/serviceAccount.yaml | ||||
| tests: | ||||
| - it: Skip rendering. | ||||
|   set: | ||||
|     serviceAccount.existing.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Rendering serviceAccount with default values. | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: v1 | ||||
|       kind: ServiceAccount | ||||
|       name: athens-proxy-unittest | ||||
|       namespace: testing | ||||
|   - notExists: | ||||
|       path: metadata.annotations | ||||
|   - notExists: | ||||
|       path: metadata.labels | ||||
|   - equal: | ||||
|       path: automountServiceAccountToken | ||||
|       value: true | ||||
|   - notExists: | ||||
|       path: imagePullSecrets | ||||
|   - notExists: | ||||
|       path: secrets | ||||
|  | ||||
|  | ||||
| - it: Rendering serviceAccount with custom values. | ||||
|   set: | ||||
|     serviceAccount.new.annotations: | ||||
|       foo: bar | ||||
|     serviceAccount.new.labels: | ||||
|       bar: foo | ||||
|     serviceAccount.new.automountServiceAccountToken: false | ||||
|     serviceAccount.new.imagePullSecrets: | ||||
|     - name: "my-pull-secret" | ||||
|     serviceAccount.new.secrets: | ||||
|     - name: "my-secret" | ||||
|       namespace: "my-namespace" | ||||
|       fieldPath: "my-path" | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - equal: | ||||
|       path: metadata.annotations | ||||
|       value: | ||||
|         foo: bar | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         bar: foo | ||||
|   - equal: | ||||
|       path: metadata.name | ||||
|       value: athens-proxy-unittest | ||||
|   - equal: | ||||
|       path: automountServiceAccountToken | ||||
|       value: false | ||||
|   - equal: | ||||
|       path: imagePullSecrets | ||||
|       value: | ||||
|         - name: "my-pull-secret" | ||||
|   - equal: | ||||
|       path: secrets | ||||
|       value: | ||||
|       - name: "my-secret" | ||||
|         namespace: "my-namespace" | ||||
|         fieldPath: "my-path" | ||||
							
								
								
									
										174
									
								
								unittests/services/http.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										174
									
								
								unittests/services/http.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,174 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Service http template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/serviceHTTP.yaml | ||||
| tests: | ||||
| - it: Skip service when disabled. | ||||
|   set: | ||||
|     services.http.enabled: false | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Rendering service with default values. | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: v1 | ||||
|       kind: Service | ||||
|       name: athens-proxy-unittest-http | ||||
|       namespace: testing | ||||
|   - notExists: | ||||
|       path: metadata.annotations | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/service-name: http | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|   - notExists: | ||||
|       path: spec.externalIPs | ||||
|   - notExists: | ||||
|       path: spec.externalTrafficPolicy | ||||
|   - equal: | ||||
|       path: spec.internalTrafficPolicy | ||||
|       value: Cluster | ||||
|   - notExists: | ||||
|       path: spec.ipFamilies | ||||
|   - notExists: | ||||
|       path: spec.loadBalancerClass | ||||
|   - notExists: | ||||
|       path: spec.loadBalancerIP | ||||
|   - notExists: | ||||
|       path: spec.loadBalancerSourceRanges | ||||
|   - equal: | ||||
|       path: spec.ports[0].name | ||||
|       value: http | ||||
|   - equal: | ||||
|       path: spec.ports[0].protocol | ||||
|       value: TCP | ||||
|   - equal: | ||||
|       path: spec.ports[0].port | ||||
|       value: 3000 | ||||
|   - equal: | ||||
|       path: spec.selector | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|   - equal: | ||||
|       path: spec.sessionAffinity | ||||
|       value: None | ||||
|   - notExists: | ||||
|       path: spec.sessionAffinityConfig | ||||
|   - equal: | ||||
|       path: spec.type | ||||
|       value: ClusterIP | ||||
|  | ||||
| - it: Require internalTrafficPolicy. | ||||
|   set: | ||||
|     services.http.internalTrafficPolicy: "" | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|       errorMessage: No internal traffic policy defined! | ||||
|  | ||||
| - it: Require port. | ||||
|   set: | ||||
|     services.http.port: "" | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|       errorMessage: No service port defined! | ||||
|  | ||||
| - it: Require sessionAffinity. | ||||
|   set: | ||||
|     services.http.sessionAffinity: "" | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|       errorMessage: No session affinity defined! | ||||
|  | ||||
| - it: Require service type. | ||||
|   set: | ||||
|     services.http.type: "" | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|       errorMessage: No service type defined! | ||||
|  | ||||
| - it: Render service with custom annotations and labels. | ||||
|   set: | ||||
|     services.http.annotations: | ||||
|       foo: bar | ||||
|     services.http.labels: | ||||
|       bar: foo | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: metadata.annotations | ||||
|       value: | ||||
|         foo: bar | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: athens-proxy-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/service-name: http | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|         bar: foo | ||||
|  | ||||
| - it: Change defaults | ||||
|   set: | ||||
|     services.http.externalIPs: | ||||
|     - "10.11.12.13/32" | ||||
|     services.http.externalTrafficPolicy: Local | ||||
|     services.http.internalTrafficPolicy: Local | ||||
|     services.http.ipFamilies: | ||||
|     - IPv4 | ||||
|     services.http.loadBalancerClass: aws | ||||
|     services.http.loadBalancerIP: "11.12.13.14" | ||||
|     services.http.loadBalancerSourceRanges: | ||||
|     - "11.12.0.0/17" | ||||
|     services.http.port: 10443 | ||||
|     services.http.sessionAffinity: ClientIP | ||||
|     services.http.type: LoadBalancer | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.externalIPs | ||||
|       value: | ||||
|       - 10.11.12.13/32 | ||||
|   - equal: | ||||
|       path: spec.externalTrafficPolicy | ||||
|       value: Local | ||||
|   - equal: | ||||
|       path: spec.internalTrafficPolicy | ||||
|       value: Local | ||||
|   - equal: | ||||
|       path: spec.ipFamilies | ||||
|       value: | ||||
|       - IPv4 | ||||
|   - equal: | ||||
|       path: spec.loadBalancerClass | ||||
|       value: aws | ||||
|   - equal: | ||||
|       path: spec.loadBalancerIP | ||||
|       value: "11.12.13.14" | ||||
|   - equal: | ||||
|       path: spec.loadBalancerSourceRanges | ||||
|       value: | ||||
|       - "11.12.0.0/17" | ||||
|   - equal: | ||||
|       path: spec.ports[0].port | ||||
|       value: 10443 | ||||
|   - equal: | ||||
|       path: spec.sessionAffinity | ||||
|       value: ClientIP | ||||
|   - equal: | ||||
|       path: spec.type | ||||
|       value: LoadBalancer | ||||
							
								
								
									
										838
									
								
								values.yaml
									
									
									
									
									
								
							
							
						
						
									
										838
									
								
								values.yaml
									
									
									
									
									
								
							| @@ -1,187 +1,695 @@ | ||||
| affinity: {} | ||||
|  | ||||
| image: | ||||
|   repository: docker.io/gomods/athens | ||||
|   pullPolicy: IfNotPresent | ||||
|   # Overrides the image tag whose default is the chart appVersion. | ||||
|   tag: "" | ||||
|  | ||||
| imagePullSecrets: [] | ||||
| # Declare variables to be passed into your templates. | ||||
| ## @section Global | ||||
| ## @param nameOverride Individual release name suffix. | ||||
| ## @param fullnameOverride Override the complete release name logic. | ||||
| nameOverride: "" | ||||
| fullnameOverride: "" | ||||
|  | ||||
| podAnnotations: {} | ||||
| ## @section Certificate | ||||
| certificate: | ||||
|   ## @param certificate.enabled Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added. | ||||
|   enabled: false | ||||
|  | ||||
| podPriorityClassName: "" | ||||
|   ## @param certificate.existingSecret.enabled Use an existing secret of the type `kubernetes.io/tls`. | ||||
|   ## @param certificate.existingSecret.secretName Name of the secret containing the TLS certificate and private key. | ||||
|   existingSecret: | ||||
|     enabled: false | ||||
|     secretName: "" | ||||
|  | ||||
| podSecurityContext: {} | ||||
|   # fsGroup: 2000 | ||||
|   ## @param certificate.new.annotations Additional certificate annotations. | ||||
|   ## @param certificate.new.labels Additional certificate labels. | ||||
|   ## @param certificate.new.duration Duration of the TLS certificate. | ||||
|   ## @param certificate.new.renewBefore Renew TLS certificate before expiring. | ||||
|   ## @param certificate.new.dnsNames Overwrites the default of the subject alternative DNS names. | ||||
|   ## @param certificate.new.ipAddresses Overwrites the default of the subject alternative IP addresses. | ||||
|   ## @param certificate.new.issuerRef.kind Issuer kind. Can be `Issuer` or `ClusterIssuer`. | ||||
|   ## @param certificate.new.issuerRef.name Name of the `Issuer` or `ClusterIssuer`. | ||||
|   ## @param certificate.new.privateKey.algorithm Algorithm of the private TLS key. | ||||
|   ## @param certificate.new.privateKey.rotationPolicy Rotation of the private TLS key. | ||||
|   ## @param certificate.new.privateKey.size Size of the private TLS key. | ||||
|   ## @param certificate.new.secretTemplate.annotations Additional annotation of the created secret. | ||||
|   ## @param certificate.new.secretTemplate.labels Additional labels of the created secret. | ||||
|   ## @param certificate.new.subject.countries List of countries. | ||||
|   ## @param certificate.new.subject.localities List of localities. | ||||
|   ## @param certificate.new.subject.organizationalUnits List of organizationalUnits. | ||||
|   ## @param certificate.new.subject.organizations List of organizations. | ||||
|   ## @param certificate.new.subject.postalCodes List of postalCodes. | ||||
|   ## @param certificate.new.subject.provinces List of provinces. | ||||
|   ## @param certificate.new.subject.serialNumber Serial number. | ||||
|   ## @param certificate.new.subject.streetAddresses List of streetAddresses. | ||||
|   ## @param certificate.new.usages Define the usage of the TLS key. | ||||
|   new: | ||||
|     annotations: {} | ||||
|     labels: {} | ||||
|     duration: "744h"      # 31 days | ||||
|     renewBefore: "672h"   # 28 days | ||||
|     dnsNames: [] | ||||
|     # The following DNS names are already part of the SAN's and serves only as example. | ||||
|     # - "athens-proxy" | ||||
|     # - "athens-proxy.svc" | ||||
|     # - "athens-proxy.svc.namespace" | ||||
|     # - "athens-proxy.svc.namespace.cluster.local" | ||||
|     ipAddresses: [] | ||||
|     # The following IP addresses serves only as example. | ||||
|     # - "10.92.1.10" | ||||
|     # - "2001:0db8:85a3:08d3:1319:8a2e:0370:7344" | ||||
|     issuerRef: | ||||
|       kind: "" | ||||
|       name: "" | ||||
|     privateKey: | ||||
|       algorithm: "RSA" | ||||
|       rotationPolicy: "Never" | ||||
|       size: 4096 | ||||
|     secretTemplate: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
|     subject: | ||||
|       countries: [] | ||||
|       localities: [] | ||||
|       organizationalUnits: [] | ||||
|       organizations: [] | ||||
|       postalCodes: [] | ||||
|       provinces: [] | ||||
|       serialNumber: "" | ||||
|       streetAddresses: [] | ||||
|     usages: | ||||
|     - "client auth" | ||||
|     - "server auth" | ||||
|  | ||||
| securityContext: {} | ||||
|   # capabilities: | ||||
|   #   drop: | ||||
|   #   - ALL | ||||
|   # readOnlyRootFilesystem: true | ||||
|   # runAsNonRoot: true | ||||
|   # runAsUser: 1000 | ||||
| ## @section Configuration | ||||
| config: | ||||
|   env: | ||||
|     ## @param config.env.enabled Enable mounting of the secret as environment variables. | ||||
|     enabled: false | ||||
|  | ||||
| config: {} | ||||
|   # ATHENS_AZURE_ACCOUNT_KEY: | ||||
|   # ATHENS_AZURE_ACCOUNT_NAME: | ||||
|   # ATHENS_AZURE_CONTAINER_NAME: | ||||
|   # ATHENS_CLOUD_RUNTIME: | ||||
|   # ATHENS_DOWNLOAD_MODE: | ||||
|   # ATHENS_DOWNLOAD_URL: | ||||
|   # ATHENS_ETCD_ENDPOINTS: | ||||
|   # ATHENS_EXTERNAL_STORAGE_URL: | ||||
|   # ATHENS_FILTER_FILE: | ||||
|   # ATHENS_GITHUB_TOKEN: | ||||
|   # ATHENS_GLOBAL_ENDPOINT: | ||||
|   # ATHENS_GO_BINARY_ENV_VARS: | ||||
|   # ATHENS_GOGET_DIR: | ||||
|   # ATHENS_GOGET_WORKERS: | ||||
|   # ATHENS_GONOSUM_PATTERNS: | ||||
|   # ATHENS_HGRC_PATH: | ||||
|   # ATHENS_INDEX_MYSQL_DATABASE: | ||||
|   # ATHENS_INDEX_MYSQL_HOST: | ||||
|   # ATHENS_INDEX_MYSQL_PARAMS: | ||||
|   # ATHENS_INDEX_MYSQL_PASSWORD: | ||||
|   # ATHENS_INDEX_MYSQL_PORT: | ||||
|   # ATHENS_INDEX_MYSQL_PROTOCOL: | ||||
|   # ATHENS_INDEX_MYSQL_USER: | ||||
|   # ATHENS_INDEX_POSTGRES_DATABASE: | ||||
|   # ATHENS_INDEX_POSTGRES_HOST: | ||||
|   # ATHENS_INDEX_POSTGRES_PARAMS: | ||||
|   # ATHENS_INDEX_POSTGRES_PASSWORD: | ||||
|   # ATHENS_INDEX_POSTGRES_PORT: | ||||
|   # ATHENS_INDEX_POSTGRES_USER: | ||||
|   # ATHENS_INDEX_TYPE: | ||||
|   # ATHENS_LOG_LEVEL: | ||||
|   # ATHENS_MINIO_ACCESS_KEY_ID: | ||||
|   # ATHENS_MINIO_BUCKET_NAME: | ||||
|   # ATHENS_MINIO_ENDPOINT: | ||||
|   # ATHENS_MINIO_REGION: | ||||
|   # ATHENS_MINIO_SECRET_ACCESS_KEY: | ||||
|   # ATHENS_MINIO_USE_SSL: | ||||
|   # ATHENS_MONGO_CERT_PATH: | ||||
|   # ATHENS_MONGO_DEFAULT_DATABASE: | ||||
|   # ATHENS_MONGO_INSECURE: | ||||
|   # ATHENS_MONGO_STORAGE_URL: | ||||
|   # ATHENS_NETRC_PATH: | ||||
|   # ATHENS_PATH_PREFIX: | ||||
|   # ATHENS_PORT: | ||||
|   # ATHENS_PROTOCOL_WORKERS: | ||||
|   # ATHENS_PROXY_VALIDATOR: | ||||
|   # ATHENS_REDIS_ENDPOINT: | ||||
|   # ATHENS_REDIS_PASSWORD: | ||||
|   # ATHENS_REDIS_SENTINEL_ENDPOINTS: | ||||
|   # ATHENS_ROBOTS_FILE: | ||||
|   # ATHENS_SINGLE_FLIGHT_TYPE: | ||||
|   # ATHENS_STATS_EXPORTER: | ||||
|   # ATHENS_STORAGE_GCP_BUCKET: | ||||
|   # ATHENS_STORAGE_GCP_JSON_KEY: | ||||
|   # ATHENS_STORAGE_TYPE: | ||||
|   # ATHENS_SUM_DBS: | ||||
|   # ATHENS_TIMEOUT: | ||||
|   # ATHENS_TLSCERT_FILE: | ||||
|   # ATHENS_TLSKEY_FILE: | ||||
|   # ATHENS_TRACE_EXPORTER_URL: | ||||
|   # ATHENS_TRACE_EXPORTER: | ||||
|   # AWS_ACCESS_KEY_ID: | ||||
|   # AWS_ENDPOINT: | ||||
|   # AWS_FORCE_PATH_STYLE: | ||||
|   # AWS_REGION: | ||||
|   # AWS_SECRET_ACCESS_KEY: | ||||
|   # AWS_SESSION_TOKEN: | ||||
|   # BASIC_AUTH_PASS: | ||||
|   # BASIC_AUTH_USER: | ||||
|   # CDN_ENDPOINT: | ||||
|   # GO_BINARY_PATH: | ||||
|   # GO_ENV: | ||||
|   # GOOGLE_CLOUD_PROJECT: | ||||
|   # MY_S3_BUCKET_NAME: | ||||
|   # PROXY_FORCE_SSL: | ||||
|     ## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables. | ||||
|     ## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables. | ||||
|     existingSecret: | ||||
|       enabled: false | ||||
|       secretName: "" | ||||
|  | ||||
| replicaCount: 1 | ||||
|     ## @param config.env.secret.annotations Additional annotations of the secret containing the database credentials. | ||||
|     ## @param config.env.secret.labels Additional labels of the secret containing the database credentials. | ||||
|     ## @param config.env.secret.envs List of environment variables stored in a secret and mounted into the container. | ||||
|     secret: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
|       envs: {} | ||||
|         # ATHENS_AZURE_ACCOUNT_KEY: | ||||
|         # ATHENS_AZURE_ACCOUNT_NAME: | ||||
|         # ATHENS_AZURE_CONTAINER_NAME: | ||||
|         # ATHENS_CLOUD_RUNTIME: | ||||
|         # ATHENS_DOWNLOAD_URL: | ||||
|         # ATHENS_ETCD_ENDPOINTS: | ||||
|         # ATHENS_EXTERNAL_STORAGE_URL: | ||||
|         # ATHENS_FILTER_FILE: | ||||
|         # ATHENS_GITHUB_TOKEN: | ||||
|         # ATHENS_GLOBAL_ENDPOINT: | ||||
|         # ATHENS_GO_BINARY_ENV_VARS: | ||||
|         # ATHENS_GOGET_DIR: | ||||
|         # ATHENS_GOGET_WORKERS: | ||||
|         # ATHENS_GONOSUM_PATTERNS: | ||||
|         # ATHENS_HGRC_PATH: | ||||
|         # ATHENS_INDEX_MYSQL_DATABASE: | ||||
|         # ATHENS_INDEX_MYSQL_HOST: | ||||
|         # ATHENS_INDEX_MYSQL_PARAMS: | ||||
|         # ATHENS_INDEX_MYSQL_PASSWORD: | ||||
|         # ATHENS_INDEX_MYSQL_PORT: | ||||
|         # ATHENS_INDEX_MYSQL_PROTOCOL: | ||||
|         # ATHENS_INDEX_MYSQL_USER: | ||||
|         # ATHENS_INDEX_POSTGRES_DATABASE: | ||||
|         # ATHENS_INDEX_POSTGRES_HOST: | ||||
|         # ATHENS_INDEX_POSTGRES_PARAMS: | ||||
|         # ATHENS_INDEX_POSTGRES_PASSWORD: | ||||
|         # ATHENS_INDEX_POSTGRES_PORT: | ||||
|         # ATHENS_INDEX_POSTGRES_USER: | ||||
|         # ATHENS_INDEX_TYPE: | ||||
|         # ATHENS_LOG_LEVEL: | ||||
|         # ATHENS_MINIO_ACCESS_KEY_ID: | ||||
|         # ATHENS_MINIO_BUCKET_NAME: | ||||
|         # ATHENS_MINIO_ENDPOINT: | ||||
|         # ATHENS_MINIO_REGION: | ||||
|         # ATHENS_MINIO_SECRET_ACCESS_KEY: | ||||
|         # ATHENS_MINIO_USE_SSL: | ||||
|         # ATHENS_MONGO_CERT_PATH: | ||||
|         # ATHENS_MONGO_DEFAULT_DATABASE: | ||||
|         # ATHENS_MONGO_INSECURE: | ||||
|         # ATHENS_MONGO_STORAGE_URL: | ||||
|         # ATHENS_PATH_PREFIX: | ||||
|         # ATHENS_PORT: | ||||
|         # ATHENS_PROTOCOL_WORKERS: | ||||
|         # ATHENS_PROXY_VALIDATOR: | ||||
|         # ATHENS_REDIS_ENDPOINT: | ||||
|         # ATHENS_REDIS_PASSWORD: | ||||
|         # ATHENS_REDIS_SENTINEL_ENDPOINTS: | ||||
|         # ATHENS_ROBOTS_FILE: | ||||
|         # ATHENS_SINGLE_FLIGHT_TYPE: | ||||
|         # ATHENS_STATS_EXPORTER: | ||||
|         # ATHENS_STORAGE_GCP_BUCKET: | ||||
|         # ATHENS_STORAGE_GCP_JSON_KEY: | ||||
|         # ATHENS_SUM_DBS: | ||||
|         # ATHENS_TIMEOUT: | ||||
|         # ATHENS_TRACE_EXPORTER_URL: | ||||
|         # ATHENS_TRACE_EXPORTER: | ||||
|         # AWS_ACCESS_KEY_ID: | ||||
|         # AWS_ENDPOINT: | ||||
|         # AWS_FORCE_PATH_STYLE: | ||||
|         # AWS_REGION: | ||||
|         # AWS_SECRET_ACCESS_KEY: | ||||
|         # AWS_SESSION_TOKEN: | ||||
|         # BASIC_AUTH_PASS: | ||||
|         # BASIC_AUTH_USER: | ||||
|         # CDN_ENDPOINT: | ||||
|         # GO_BINARY_PATH: | ||||
|         # GO_ENV: | ||||
|         # GOOGLE_CLOUD_PROJECT: | ||||
|         # MY_S3_BUCKET_NAME: | ||||
|         # PROXY_FORCE_SSL: | ||||
|  | ||||
| serviceAccount: | ||||
|   downloadMode: | ||||
|     ## @param config.downloadMode.enabled Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined. | ||||
|     enabled: false | ||||
|  | ||||
|     ## @param config.downloadMode.existingConfigMap.enabled Enable to use an external config map for mounting the download mode file. | ||||
|     ## @param config.downloadMode.existingConfigMap.configMapName The name of the existing config map which should be used to mount the download mode file. | ||||
|     ## @param config.downloadMode.existingConfigMap.downloadModeKey The name of the key inside the config map where the content of the download mode file is stored. | ||||
|     existingConfigMap: | ||||
|       enabled: false | ||||
|       configMapName: "" | ||||
|       downloadModeKey: "downloadMode" | ||||
|  | ||||
|     ## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file. | ||||
|     ## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file. | ||||
|     ## @skip config.downloadMode.configMap.content The content of the download mode file. | ||||
|     configMap: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
|       content: | | ||||
|         downloadURL = "https://proxy.golang.org" | ||||
|  | ||||
|         mode = "async_redirect" | ||||
|  | ||||
|         # download "github.com/gomods/*" { | ||||
|         #     mode = "sync" | ||||
|         # } | ||||
|         # | ||||
|         # download "golang.org/x/*" { | ||||
|         #     mode = "none" | ||||
|         # } | ||||
|         # | ||||
|         # download "github.com/pkg/*" { | ||||
|         #     mode = "redirect" | ||||
|         #     downloadURL = "https://proxy.golang.org" | ||||
|         # } | ||||
|  | ||||
|   gitConfig: | ||||
|     ## @param config.gitConfig.enabled Enable mounting of a .gitconfig file into the container file system. | ||||
|     enabled: false | ||||
|  | ||||
|     ## @param config.gitConfig.existingConfigMap.enabled Enable to use an external config map for mounting the .gitconfig file. | ||||
|     ## @param config.gitConfig.existingConfigMap.configMapName The name of the existing config map which should be used to mount the .gitconfig file. | ||||
|     ## @param config.gitConfig.existingConfigMap.gitConfigKey The name of the key inside the config map where the content of the .gitconfig file is stored. | ||||
|     existingConfigMap: | ||||
|       enabled: false | ||||
|       configMapName: "" | ||||
|       gitConfigKey: | ||||
|  | ||||
|     ## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the .gitconfig file. | ||||
|     ## @param config.gitConfig.configMap.labels Additional labels of the config map containing the .gitconfig file. | ||||
|     ## @skip config.gitConfig.configMap.content The content of the .gitconfig file. | ||||
|     configMap: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
|       content: | | ||||
|         # The .gitconfig file | ||||
|         # | ||||
|         # The .gitconfig file contains the user specific git configuration. It generally resides in the user's home | ||||
|         # directory. | ||||
|         # | ||||
|         # [url "git@github.com:"] insteadOf = https://github.com/ | ||||
|  | ||||
|   netrc: | ||||
|     ## @param config.netrc.enabled Enable mounting of a .netrc file into the container file system. | ||||
|     enabled: false | ||||
|  | ||||
|     ## @param config.netrc.existingSecret.enabled Enable to use an external secret for mounting the .netrc file. | ||||
|     ## @param config.netrc.existingSecret.secretName The name of the existing secret which should be used to mount the .netrc file. | ||||
|     ## @param config.netrc.existingSecret.netrcKey The name of the key inside the secret where the content of the .netrc file is stored. | ||||
|     existingSecret: | ||||
|       enabled: false | ||||
|       secretName: "" | ||||
|       netrcKey: ".netrc" | ||||
|  | ||||
|     ## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials. | ||||
|     ## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials. | ||||
|     ## @skip config.netrc.secret.content The content of the .netrc file. | ||||
|     secret: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
|       content: | | ||||
|         # The .netrc file | ||||
|         # | ||||
|         # The .netrc file contains login and initialization information used by the auto-login process. It generally | ||||
|         # resides in the user's home directory, but a location outside of the home directory can be set using the | ||||
|         # environment variable NETRC. Both locations are overridden by the command line option -N. The selected file | ||||
|         # must be a regular file, or access will be denied. | ||||
|         # | ||||
|         # https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html | ||||
|         # | ||||
|         # default login           [name]     password  [password/token] | ||||
|         # machine github.com      [octocat]  password  [PAT] | ||||
|         # machine api.github.com  [octocat]  password  [PAT] | ||||
|  | ||||
|   ssh: | ||||
|     ## @param config.ssh.enabled Enable mounting of a .netrc file into the container file system. | ||||
|     enabled: false | ||||
|  | ||||
|     ## @param config.ssh.existingSecret.enabled Enable to use an external secret for mounting the public and private SSH key files. | ||||
|     ## @param config.ssh.existingSecret.secretName The name of the existing secret which should be used to mount the public and private SSH key files. | ||||
|     ## @param config.ssh.existingSecret.configKey The name of the key inside the secret where the content of the SSH client config file is stored. | ||||
|     ## @param config.ssh.existingSecret.id_ed25519Key The name of the key inside the secret where the content of the id_ed25519 key file is stored. | ||||
|     ## @param config.ssh.existingSecret.id_ed25519PubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | ||||
|     ## @param config.ssh.existingSecret.id_rsaKey The name of the key inside the secret where the content of the id_rsa key file is stored. | ||||
|     ## @param config.ssh.existingSecret.id_rsaPubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | ||||
|     existingSecret: | ||||
|       enabled: false | ||||
|       secretName: "" | ||||
|       configKey: "config" | ||||
|       id_ed25519Key: "id_ed25519" | ||||
|       id_ed25519PubKey: "id_ed25519.pub" | ||||
|       id_rsaKey: "id_rsa" | ||||
|       id_rsaPubKey: "id_rsa.pub" | ||||
|  | ||||
|     ## @param config.ssh.secret.annotations Additional annotations of the secret containing the public and private SSH key files. | ||||
|     ## @param config.ssh.secret.labels Additional labels of the secret containing the public and private SSH key files. | ||||
|     ## @skip config.ssh.secret.config The content of the SSH client config file. | ||||
|     ## @skip config.ssh.secret.id_ed25519 The content of the private SSH ed25519 key. | ||||
|     ## @skip config.ssh.secret.id_ed25519_pub The content of the public SSH ed25519 key. | ||||
|     ## @skip config.ssh.secret.id_rsa The content of the private SSH RSA key. | ||||
|     ## @skip config.ssh.secret.id_rsa_pub The content of the public SSH RSA key. | ||||
|     secret: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
|       config: | | ||||
|         # Host * | ||||
|         #   IdentityFile ~/.ssh/id_ed25519 | ||||
|         #   IdentityFile ~/.ssh/id_rsa | ||||
|       id_ed25519: "" | ||||
|       id_ed25519_pub: "" | ||||
|       id_rsa: "" | ||||
|       id_rsa_pub: "" | ||||
|  | ||||
| ## @section Deployment | ||||
| deployment: | ||||
|   ## @param deployment.annotations Additional deployment annotations. | ||||
|   ## @param deployment.labels Additional deployment labels. | ||||
|   annotations: {} | ||||
|   labels: {} | ||||
|  | ||||
| service: | ||||
|   ## @param deployment.additionalContainers List of additional containers. | ||||
|   additionalContainers: [] | ||||
|   # - command: [ "sh", "-c", "echo hello world" ] | ||||
|   #   image: "docker.io/library/busybox:latest" | ||||
|   #   name: side-car | ||||
|  | ||||
|   ## @param deployment.affinity Affinity for the athens-proxy deployment. | ||||
|   affinity: {} | ||||
|     # nodeAffinity: | ||||
|     #   requiredDuringSchedulingIgnoredDuringExecution: | ||||
|     #     nodeSelectorTerms: | ||||
|     #     - matchExpressions: | ||||
|     #       - key: kubernetes.io/os | ||||
|     #         operator: In | ||||
|     #         values: | ||||
|     #         - linux | ||||
|     #   preferredDuringSchedulingIgnoredDuringExecution: | ||||
|     #   - weight: 20 | ||||
|     #     preference: | ||||
|     #       matchExpressions: | ||||
|     #       - key: kubernetes.io/arch | ||||
|     #         operator: In | ||||
|     #         values: | ||||
|     #         - amd64 | ||||
|  | ||||
|   ## @param deployment.initContainers List of additional init containers. | ||||
|   initContainers: [] | ||||
|   # - command: [ "sh", "-c", "echo hello world" ] | ||||
|   #   image: "docker.io/library/busybox:latest" | ||||
|   #   name: init | ||||
|  | ||||
|   ## @param deployment.dnsConfig dnsConfig of the athens-proxy deployment. | ||||
|   dnsConfig: {} | ||||
|     # nameservers: | ||||
|     # - 192.0.2.1 # this is an example | ||||
|     # searches: | ||||
|     # - ns1.svc.cluster-domain.example | ||||
|     # - my.dns.search.suffix | ||||
|     # options: | ||||
|     # - name: ndots | ||||
|     #   value: "2" | ||||
|     # - name: edns0 | ||||
|  | ||||
|   ## @param deployment.dnsPolicy dnsPolicy of the athens-proxy deployment. | ||||
|   dnsPolicy: "" | ||||
|  | ||||
|   ## @param deployment.hostname Individual hostname of the pod. | ||||
|   ## @param deployment.subdomain Individual domain of the pod. | ||||
|   hostname: "" | ||||
|   subdomain: "" | ||||
|  | ||||
|   ## @param deployment.hostNetwork Use the kernel network namespace of the host system. | ||||
|   hostNetwork: false | ||||
|  | ||||
|   ## @param deployment.imagePullSecrets Secret to use for pulling the image. | ||||
|   imagePullSecrets: [] | ||||
|   # - name: "my-custom-secret" | ||||
|  | ||||
|   athensProxy: | ||||
|     ## @param deployment.athensProxy.args Arguments passed to the athens-proxy container. | ||||
|     args: [] | ||||
|  | ||||
|     ## @param deployment.athensProxy.command Command passed to the athens-proxy container. | ||||
|     command: [] | ||||
|  | ||||
|     ## @param deployment.athensProxy.env List of environment variables for the athens-proxy container. | ||||
|     env: [] | ||||
|     # - name: SPECIAL_ENV_A | ||||
|     #   value: special-key | ||||
|     # - name: SPECIAL_ENV | ||||
|     #   valueFrom: | ||||
|     #     configMapKeyRef: | ||||
|     #       name: special-config | ||||
|     #       key: special-key | ||||
|     # - name: SPECIAL_ENV | ||||
|     #   valueFrom: | ||||
|     #     secretKeyRef: | ||||
|     #       name: special-secret | ||||
|     #       key: special-key | ||||
|  | ||||
|     ## @param deployment.athensProxy.envFrom List of environment variables mounted from configMaps or secrets for the athens-proxy container. | ||||
|     envFrom: [] | ||||
|     # - configMapRef: | ||||
|     #     name: special-config | ||||
|     # - secretRef: | ||||
|     #     name: special-secret | ||||
|  | ||||
|     ## @param deployment.athensProxy.image.registry Image registry, eg. `docker.io`. | ||||
|     ## @param deployment.athensProxy.image.repository Image repository, eg. `library/busybox`. | ||||
|     ## @param deployment.athensProxy.image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | ||||
|     ## @param deployment.athensProxy.image.pullPolicy Image pull policy. | ||||
|     image: | ||||
|       registry: docker.io | ||||
|       repository: gomods/athens | ||||
|       tag: "" | ||||
|       pullPolicy: IfNotPresent | ||||
|  | ||||
|     ## @param deployment.athensProxy.resources CPU and memory resources of the pod. | ||||
|     resources: {} | ||||
|       # limits: | ||||
|       #   cpu: | ||||
|       #   ephemeral-storage: | ||||
|       #   memory: | ||||
|       # requests: | ||||
|       #   cpu: | ||||
|       #   ephemeral-storage: | ||||
|       #   memory: | ||||
|  | ||||
|     ## @param deployment.athensProxy.securityContext Security context of the container of the deployment. | ||||
|     securityContext: {} | ||||
|       # capabilities: | ||||
|       #   add: | ||||
|       #   - NET_RAW | ||||
|       #   drop: | ||||
|       #   - ALL | ||||
|       # privileged: false | ||||
|       # readOnlyRootFilesystem: true | ||||
|       # runAsNonRoot: true | ||||
|       # runAsUser: 1000 | ||||
|  | ||||
|     ## @param deployment.athensProxy.volumeMounts Additional volume mounts. | ||||
|     volumeMounts: [] | ||||
|     # - name: my-configmap-volume | ||||
|     #   mountPath: /configmap | ||||
|     #   readOnly: true | ||||
|  | ||||
|   ## @param deployment.nodeSelector NodeSelector of the athens-proxy deployment. | ||||
|   nodeSelector: {} | ||||
|  | ||||
|   ## @param deployment.priorityClassName PriorityClassName of the athens-proxy deployment. | ||||
|   priorityClassName: "" | ||||
|  | ||||
|   ## @param deployment.replicas Number of replicas for the athens-proxy deployment. | ||||
|   replicas: 1 | ||||
|  | ||||
|   ## @param deployment.restartPolicy Restart policy of the athens-proxy deployment. | ||||
|   restartPolicy: "" | ||||
|  | ||||
|   ## @param deployment.securityContext Security context of the athens-proxy deployment. | ||||
|   securityContext: {} | ||||
|     # fsGroup: 2000 | ||||
|  | ||||
|   ## @param deployment.strategy.type Strategy type - `Recreate` or `RollingUpdate`. | ||||
|   ## @param deployment.strategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | ||||
|   ## @param deployment.strategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update. | ||||
|   strategy: | ||||
|     type: "RollingUpdate" | ||||
|     rollingUpdate: | ||||
|       maxSurge: 1 | ||||
|       maxUnavailable: 1 | ||||
|  | ||||
|   ## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod. | ||||
|   terminationGracePeriodSeconds: 60 | ||||
|  | ||||
|   ## @param deployment.tolerations Tolerations of the athens-proxy deployment. | ||||
|   tolerations: [] | ||||
|   # - key: database/type | ||||
|   #   operator: Equal | ||||
|   #   value: postgres | ||||
|   #   effect: NoSchedule | ||||
|  | ||||
|   ## @param deployment.topologySpreadConstraints TopologySpreadConstraints of the athens-proxy deployment. | ||||
|   topologySpreadConstraints: [] | ||||
|   # - topologyKey: kubernetes.io/hostname | ||||
|   #   whenUnsatisfiable: DoNotSchedule | ||||
|   #   labelSelector: | ||||
|   #     matchLabels: | ||||
|   #       app.kubernetes.io/instance: athens-proxy | ||||
|  | ||||
|   ## @param deployment.volumes Additional volumes to mount into the pods of the athens-proxy deployment. | ||||
|   volumes: [] | ||||
|   # - name: my-configmap-volume | ||||
|   #   config: | ||||
|   #     name: my-configmap | ||||
|   # - name: my-secret-volume | ||||
|   #   secret: | ||||
|   #     secretName: my-secret | ||||
|  | ||||
| ## @section Horizontal Pod Autoscaler (HPA) | ||||
| # In order for the HPA to function successfully, a metric server is required, especially for resource consumption. The | ||||
| # metric server enables the CPU and memory utilisation to be recorded. If such a metric server is not available, the HPA | ||||
| # cannot scale pods based on CPU or memory utilisation. Further information be be found here: | ||||
| # https://github.com/kubernetes-sigs/metrics-server#deployment | ||||
| hpa: | ||||
|   ## @param hpa.enabled Enable the horizontal pod autoscaler (HPA). | ||||
|   ## @param hpa.annotations Additional annotations for the HPA. | ||||
|   ## @param hpa.labels Additional labels for the HPA. | ||||
|   ## @param hpa.metrics Metrics contains the specifications for which to use to calculate the desired replica count. | ||||
|   ## @skip hpa.metrics Skip individual HPA metric configurations. | ||||
|   ## @param hpa.minReplicas Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down. | ||||
|   ## @param hpa.maxReplicas Upper limit for the number of pods that can be set by the autoscaler. | ||||
|   enabled: false | ||||
|   annotations: {} | ||||
|   # externalIPs: [] | ||||
|   # externalTrafficPolicy: "Cluster" | ||||
|   # loadBalancerClass: "" | ||||
|   # loadBalancerIP: "" | ||||
|   # loadBalancerSourceRanges: [] | ||||
|   # internalTrafficPolicy: "Cluster" | ||||
|   name: http | ||||
|   targetPort: 3000 | ||||
|   type: ClusterIP | ||||
|   port: 3000 | ||||
|   labels: {} | ||||
|   metrics: | ||||
|   - resource: | ||||
|       name: cpu | ||||
|       target: | ||||
|         averageUtilization: 65 | ||||
|         type: Utilization | ||||
|     type: Resource | ||||
|   # - resource: | ||||
|   #     name: memory | ||||
|   #     target: | ||||
|   #       averageUtilization: 65 | ||||
|   #       type: Utilization | ||||
|   minReplicas: 1 | ||||
|   maxReplicas: 10 | ||||
|  | ||||
| ## @section Ingress | ||||
| ingress: | ||||
|   ## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled. | ||||
|   ## @param ingress.className Ingress class. | ||||
|   ## @param ingress.annotations Additional ingress annotations. | ||||
|   ## @param ingress.labels Additional ingress labels. | ||||
|   enabled: false | ||||
|   className: "nginx" | ||||
|   annotations: {} | ||||
|     # kubernetes.io/ingress.class: nginx | ||||
|     # cert-manager.io/issuer: | ||||
|     # kubernetes.io/tls-acme: "true" | ||||
|   hosts: | ||||
|   - host: "your-hostname" | ||||
|     paths: | ||||
|     - path: / | ||||
|       pathType: ImplementationSpecific | ||||
|   tls: | ||||
|   - secretName: "your-tls-secret" | ||||
|     hosts: | ||||
|     - "your-hostname" | ||||
|   labels: {} | ||||
|  | ||||
| resources: {} | ||||
|   # We usually recommend not to specify default resources and to leave this as a conscious | ||||
|   # choice for the user. This also increases chances charts run on environments with little | ||||
|   # resources, such as Minikube. If you do want to specify resources, uncomment the following | ||||
|   # lines, adjust them as necessary, and remove the curly braces after 'resources:'. | ||||
|   # limits: | ||||
|   #   cpu: 100m | ||||
|   #   memory: 128Mi | ||||
|   # requests: | ||||
|   #   cpu: 100m | ||||
|   #   memory: 128Mi | ||||
|   ## @param ingress.hosts Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. | ||||
|   ## @skip ingress.hosts Skip individual host configuration. | ||||
|   hosts: [] | ||||
|   # - host: athens-proxy.example.local | ||||
|   #   paths: | ||||
|   #   - path: / | ||||
|   #     pathType: Prefix | ||||
|  | ||||
| nodeSelector: | ||||
|   kubernetes.io/arch: amd64 | ||||
|   ## @param ingress.tls Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``. | ||||
|   ## @skip ingress.tls Skip individual TLS configuration. | ||||
|   tls: [] | ||||
|   # - secretName: athens-proxy-http-tls | ||||
|   #   hosts: | ||||
|   #   - athens-proxy.example.local | ||||
|  | ||||
| tolerations: [] | ||||
| ## @section Persistence | ||||
| persistence: | ||||
|   ## @param persistence.enabled Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. | ||||
|   enabled: false | ||||
|  | ||||
| # extra volumes for the pod | ||||
| extraVolumes: {} | ||||
| # The following example mount the same secret, which contains tls certificates | ||||
| # under different names. Each volume mount contains only selected items of the | ||||
| # secret. This make it easier to place the items on different locations inside the | ||||
| # container filesystem via extraVolumeMounts. | ||||
| # - name: custom-ca-anchor | ||||
| #   secret: | ||||
| #     secretName: athens-proxy-custom-tls-certificates | ||||
| #     items: | ||||
| #     - key: ca.crt | ||||
| #       path: ca.crt | ||||
| #       mode: 0444 | ||||
| # - name: custom-tls-certificates | ||||
| #   secret: | ||||
| #     secretName: athens-proxy-custom-tls-certificates | ||||
| #     items: | ||||
| #     - key: tls.key | ||||
| #       path: tls.key | ||||
| #       mode: 0400 | ||||
| #     - key: tls.crt | ||||
| #       path: tls.crt | ||||
| #       mode: 0444 | ||||
|   data: | ||||
|     ## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`. | ||||
|     mountPath: "/var/www/athens-proxy/data" | ||||
|  | ||||
| extraVolumeMounts: {} | ||||
| # The following example follows the example of extraVolumes and mounts the | ||||
| # volumes to the corresponding paths in the container filesystem. | ||||
| # - name: custom-ca-anchor | ||||
| #   mountPath: /usr/local/share/ca-certificates | ||||
| # - name: custom-tls-certificates | ||||
| #   mountPath: /etc/athens-proxy/tls | ||||
|     ## @param persistence.data.existingPersistentVolumeClaim.enabled Use an existing persistent volume claim. | ||||
|     ## @param persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName The name of the existing persistent volume claim. | ||||
|     existingPersistentVolumeClaim: | ||||
|       enabled: false | ||||
|       persistentVolumeClaimName: "" | ||||
|  | ||||
|     ## @param persistence.data.persistentVolumeClaim.annotations Additional persistent volume claim annotations. | ||||
|     ## @param persistence.data.persistentVolumeClaim.labels Additional persistent volume claim labels. | ||||
|     ## @param persistence.data.persistentVolumeClaim.accessModes Access modes of the persistent volume claim. | ||||
|     ## @param persistence.data.persistentVolumeClaim.storageClassName Storage class of the persistent volume claim. | ||||
|     ## @param persistence.data.persistentVolumeClaim.storageSize Size of the persistent volume claim. | ||||
|     persistentVolumeClaim: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
|       accessModes: | ||||
|       - ReadWriteMany | ||||
|       storageClassName: "" | ||||
|       storageSize: "5Gi" | ||||
|  | ||||
| ## @section Network | ||||
| ## @param clusterDomain Domain of the Cluster. Domain is part of internally issued certificates. | ||||
| clusterDomain: "cluster.local" | ||||
|  | ||||
| ## @section Network Policy | ||||
| networkPolicy: | ||||
|   ## @param networkPolicy.enabled Enable network policies in general. | ||||
|   ## @param networkPolicy.annotations Additional network policy annotations. | ||||
|   ## @param networkPolicy.labels Additional network policy labels. | ||||
|   ## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress. | ||||
|   ## @param networkPolicy.egress Concrete egress network policy implementation. | ||||
|   ## @skip networkPolicy.egress Skip individual egress configuration. | ||||
|   ## @param networkPolicy.ingress Concrete ingress network policy implementation. | ||||
|   ## @skip networkPolicy.ingress Skip individual ingress configuration. | ||||
|   enabled: false | ||||
|   annotations: {} | ||||
|   labels: {} | ||||
|   policyTypes: [] | ||||
|   # - Egress | ||||
|   # - Ingress | ||||
|   egress: [] | ||||
|   # Allow outgoing HTTPS traffic to external go module servers | ||||
|   # | ||||
|   # - ports: | ||||
|   #   - port: 443 | ||||
|   #     protocol: TCP | ||||
|  | ||||
|   # Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns. | ||||
|   # | ||||
|   # - to: | ||||
|   #   - namespaceSelector: | ||||
|   #       matchLabels: | ||||
|   #         kubernetes.io/metadata.name: kube-system | ||||
|   #     podSelector: | ||||
|   #       matchLabels: | ||||
|   #        k8s-app: kube-dns | ||||
|   #   ports: | ||||
|   #   - port: 53 | ||||
|   #     protocol: TCP | ||||
|   #   - port: 53 | ||||
|   #     protocol: UDP | ||||
|  | ||||
|   ingress: [] | ||||
|   # Allow incoming HTTP traffic from prometheus. | ||||
|   # | ||||
|   # - from: | ||||
|   #   - namespaceSelector: | ||||
|   #       matchLabels: | ||||
|   #         kubernetes.io/metadata.name: monitoring | ||||
|   #     podSelector: | ||||
|   #       matchLabels: | ||||
|   #         app.kubernetes.io/name: prometheus | ||||
|   #   ports: | ||||
|   #   - port: http | ||||
|   #     protocol: TCP | ||||
|  | ||||
|   # Allow incoming HTTP traffic from ingress-nginx. | ||||
|   # | ||||
|   # - from: | ||||
|   #   - namespaceSelector: | ||||
|   #       matchLabels: | ||||
|   #         kubernetes.io/metadata.name: ingress-nginx | ||||
|   #     podSelector: | ||||
|   #       matchLabels: | ||||
|   #         app.kubernetes.io/name: ingress-nginx | ||||
|   #   ports: | ||||
|   #   - port: http | ||||
|   #     protocol: TCP | ||||
|  | ||||
| ## @section Service | ||||
| ## @param services.http.enabled Enable the service. | ||||
| ## @param services.http.annotations Additional service annotations. | ||||
| ## @param services.http.externalIPs External IPs for the service. | ||||
| ## @param services.http.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | ||||
| ## @param services.http.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | ||||
| ## @param services.http.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | ||||
| ## @param services.http.labels Additional service labels. | ||||
| ## @param services.http.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | ||||
| ## @param services.http.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | ||||
| ## @param services.http.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | ||||
| ## @param services.http.port Port to forward the traffic to. | ||||
| ## @param services.http.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | ||||
| ## @param services.http.sessionAffinityConfig Contains the configuration of the session affinity. | ||||
| ## @param services.http.type Kubernetes service type for the traffic. | ||||
| services: | ||||
|   http: | ||||
|     enabled: true | ||||
|     annotations: {} | ||||
|     externalIPs: [] | ||||
|     externalTrafficPolicy: "Cluster" | ||||
|     internalTrafficPolicy: "Cluster" | ||||
|     ipFamilies: [] | ||||
|     labels: {} | ||||
|     loadBalancerClass: "" | ||||
|     loadBalancerIP: "" | ||||
|     loadBalancerSourceRanges: [] | ||||
|     port: 3000 | ||||
|     sessionAffinity: "None" | ||||
|     sessionAffinityConfig: {} | ||||
|     type: "ClusterIP" | ||||
|  | ||||
| ## @section ServiceAccount | ||||
| serviceAccount: | ||||
|   ## @param serviceAccount.existing.enabled Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations. | ||||
|   ## @param serviceAccount.existing.serviceAccountName Name of the existing service account. | ||||
|   existing: | ||||
|     enabled: false | ||||
|     serviceAccountName: "" | ||||
|  | ||||
|   ## @param serviceAccount.new.annotations Additional service account annotations. | ||||
|   ## @param serviceAccount.new.labels Additional service account labels. | ||||
|   ## @param serviceAccount.new.automountServiceAccountToken Enable/disable auto mounting of the service account token. | ||||
|   ## @param serviceAccount.new.imagePullSecrets ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount. | ||||
|   ## @param serviceAccount.new.secrets Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. | ||||
|   new: | ||||
|     annotations: {} | ||||
|     labels: {} | ||||
|     automountServiceAccountToken: true | ||||
|     imagePullSecrets: [] | ||||
|     # - name: "my-image-pull-secret" | ||||
|     secrets: [] | ||||
|     # - name: "my-secret" | ||||
|     #   namespace: "my-namespace" | ||||
|     #   fieldPath: "my-field" | ||||
|   | ||||
		Reference in New Issue
	
	Block a user