You've already forked athens-proxy-charts
Compare commits
123 Commits
0.1.4
...
3f7476afc6
Author | SHA1 | Date | |
---|---|---|---|
3f7476afc6 | |||
530316e910
|
|||
4974d63a8c
|
|||
1bbd0352c3
|
|||
ccdf377aaa
|
|||
64790fc316
|
|||
2c88d6698b
|
|||
9abdb1ca3a
|
|||
81f14405fd | |||
7b37bfc373
|
|||
bba0df90ff
|
|||
cb312817c3
|
|||
fe428d83d2 | |||
4c94529eab
|
|||
297f36920a
|
|||
4102fc9014
|
|||
be923ed95f | |||
f07ff039ce
|
|||
a11be194cc
|
|||
7908de9313
|
|||
adfe40a9c7
|
|||
eadbcf243b
|
|||
0caa188bb1
|
|||
3bce806ed6
|
|||
5c09cf8c79
|
|||
d4b5c0c86f
|
|||
74598b4ee0
|
|||
b06c1962cc
|
|||
991c545c93
|
|||
7c60c70244
|
|||
0e048cdf4b
|
|||
89604cbe64
|
|||
f63450aec4
|
|||
d1e5accccb
|
|||
fbd846784c
|
|||
bab5282617
|
|||
307660c767
|
|||
59b43aac79
|
|||
85a38e7d22
|
|||
2005fb8e05
|
|||
5f78a0f071
|
|||
c157c8c210
|
|||
5b9fa88dd6 | |||
458037db70 | |||
b1bb94f0bd | |||
62a92fdabb
|
|||
a01b0143c0
|
|||
953fd85f53
|
|||
bf721d8af1
|
|||
60fdfd90e1
|
|||
71164d60ae
|
|||
a00d40b792
|
|||
d02f63be7a
|
|||
744938f8f4 | |||
e3185b2482
|
|||
e2fab050d3 | |||
83336c7f87
|
|||
1e2a31edaa | |||
0b39de958a | |||
a0abe49b23
|
|||
cc46ad7af1
|
|||
cd9a843a96 | |||
6b0d2ff350
|
|||
ccd7c9a1cd | |||
b169136c37
|
|||
9b4a708f29 | |||
053036bcd5 | |||
783e244cd3
|
|||
41da943040
|
|||
9ef0317677 | |||
5a890741e4 | |||
cd16ddc5d8
|
|||
fd4c9d7e62
|
|||
265ac3d9a9 | |||
7d20373804
|
|||
2117bbed96 | |||
a47f528585
|
|||
716f6b06c3 | |||
ee5111da20 | |||
d954b2e3e7
|
|||
840ee10717
|
|||
c5772856e3 | |||
f047c145e2
|
|||
7c0c6f4270 | |||
3cab48dd3c | |||
50e21e10d8
|
|||
5b70f5e5fa
|
|||
09d205316e
|
|||
c1e686fc2d
|
|||
cfb5978593
|
|||
e04a9baec1
|
|||
72908cae0b
|
|||
8c6f4db7f5
|
|||
5eae090f40
|
|||
60ed4abe97
|
|||
1179b51895
|
|||
1fcf9e7d4b
|
|||
00c2f285b1
|
|||
1077afb673
|
|||
a4d1611f44
|
|||
0950a51229
|
|||
ee9fa20df4
|
|||
848f9c9fd8
|
|||
2889a5390c
|
|||
14987d7265
|
|||
f9c03e8be4
|
|||
055bcadd16
|
|||
45d2cf7183
|
|||
07c2bc6b72
|
|||
9a58ec7806
|
|||
55bb771c26
|
|||
e709d68cb8
|
|||
1c22e90d85
|
|||
6ef34f5f60
|
|||
76593b2109
|
|||
cb9612fe74
|
|||
bd3e0cf62f
|
|||
560234e9c0
|
|||
9707a79840
|
|||
5dbc250d7f
|
|||
603fe6c96d
|
|||
122e2e1417 | |||
d571c1e027
|
106
.drone.yml
106
.drone.yml
@@ -1,106 +0,0 @@
|
|||||||
---
|
|
||||||
kind: pipeline
|
|
||||||
type: kubernetes
|
|
||||||
name: linter
|
|
||||||
|
|
||||||
clone:
|
|
||||||
disable: true
|
|
||||||
|
|
||||||
platform:
|
|
||||||
os: linux
|
|
||||||
arch: amd64
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: clone
|
|
||||||
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
|
||||||
|
|
||||||
- name: helm lint
|
|
||||||
commands:
|
|
||||||
- helm lint
|
|
||||||
image: git.cryptic.systems/volker.raschek/helm:3.14.1
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: 150
|
|
||||||
memory: 150M
|
|
||||||
|
|
||||||
- name: markdown lint
|
|
||||||
commands:
|
|
||||||
- markdownlint *.md
|
|
||||||
image: git.cryptic.systems/volker.raschek/markdownlint:0.39.0
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: 150
|
|
||||||
memory: 150M
|
|
||||||
|
|
||||||
- name: helm template
|
|
||||||
commands:
|
|
||||||
- helm template .
|
|
||||||
image: git.cryptic.systems/volker.raschek/helm:3.14.1
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: 150
|
|
||||||
memory: 150M
|
|
||||||
|
|
||||||
- name: email-notification
|
|
||||||
environment:
|
|
||||||
SMTP_FROM_ADDRESS:
|
|
||||||
from_secret: smtp_from_address
|
|
||||||
SMTP_FROM_NAME:
|
|
||||||
from_secret: smtp_from_name
|
|
||||||
SMTP_HOST:
|
|
||||||
from_secret: smtp_host
|
|
||||||
SMTP_USERNAME:
|
|
||||||
from_secret: smtp_username
|
|
||||||
SMTP_PASSWORD:
|
|
||||||
from_secret: smtp_password
|
|
||||||
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: 150
|
|
||||||
memory: 150M
|
|
||||||
when:
|
|
||||||
status:
|
|
||||||
- changed
|
|
||||||
- failure
|
|
||||||
|
|
||||||
trigger:
|
|
||||||
event:
|
|
||||||
exclude:
|
|
||||||
- tag
|
|
||||||
|
|
||||||
---
|
|
||||||
kind: pipeline
|
|
||||||
type: kubernetes
|
|
||||||
name: release
|
|
||||||
|
|
||||||
clone:
|
|
||||||
disable: true
|
|
||||||
|
|
||||||
platform:
|
|
||||||
os: linux
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: clone
|
|
||||||
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
|
||||||
|
|
||||||
- name: release-helm-chart
|
|
||||||
commands:
|
|
||||||
- helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
|
|
||||||
- helm package --version ${DRONE_TAG} .
|
|
||||||
- helm cm-push ${DRONE_REPO_NAME%-charts}-${DRONE_TAG}.tgz volker.raschek
|
|
||||||
environment:
|
|
||||||
HELM_REPO_PASSWORD:
|
|
||||||
from_secret: helm_repo_password
|
|
||||||
HELM_REPO_USERNAME:
|
|
||||||
from_secret: helm_repo_username
|
|
||||||
image: git.cryptic.systems/volker.raschek/helm:3.14.1
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: 150
|
|
||||||
memory: 150M
|
|
||||||
|
|
||||||
trigger:
|
|
||||||
event:
|
|
||||||
- tag
|
|
||||||
repo:
|
|
||||||
- volker.raschek/athens-proxy-charts
|
|
@@ -1,6 +1,3 @@
|
|||||||
# EditorConfig is awesome: https://EditorConfig.org
|
|
||||||
|
|
||||||
# top-most EditorConfig file
|
|
||||||
root = true
|
root = true
|
||||||
|
|
||||||
[*]
|
[*]
|
||||||
@@ -10,3 +7,6 @@ end_of_line = lf
|
|||||||
charset = utf-8
|
charset = utf-8
|
||||||
trim_trailing_whitespace = true
|
trim_trailing_whitespace = true
|
||||||
insert_final_newline = false
|
insert_final_newline = false
|
||||||
|
|
||||||
|
[Makefile]
|
||||||
|
indent_style = tab
|
114
.gitea/scripts/add-annotations.sh
Executable file
114
.gitea/scripts/add-annotations.sh
Executable file
@@ -0,0 +1,114 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
CHART_FILE="Chart.yaml"
|
||||||
|
if [ ! -f "${CHART_FILE}" ]; then
|
||||||
|
echo "ERROR: ${CHART_FILE} not found!" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
|
||||||
|
DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
|
||||||
|
|
||||||
|
if [ -z "${1}" ]; then
|
||||||
|
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
|
||||||
|
if [ -z "${OLD_TAG}" ]; then
|
||||||
|
OLD_TAG="${DEFAULT_OLD_TAG}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
while [ -z "$(git tag --list "${OLD_TAG}")" ]; do
|
||||||
|
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
|
||||||
|
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
|
||||||
|
if [ -z "${OLD_TAG}" ]; then
|
||||||
|
OLD_TAG="${DEFAULT_OLD_TAG}"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
else
|
||||||
|
OLD_TAG=${1}
|
||||||
|
if [ -z "$(git tag --list "${OLD_TAG}")" ]; then
|
||||||
|
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "${2}" ]; then
|
||||||
|
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
|
||||||
|
if [ -z "${NEW_TAG}" ]; then
|
||||||
|
NEW_TAG="${DEFAULT_NEW_TAG}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
while [ -z "$(git tag --list "${NEW_TAG}")" ]; do
|
||||||
|
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
|
||||||
|
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
|
||||||
|
if [ -z "${NEW_TAG}" ]; then
|
||||||
|
NEW_TAG="${DEFAULT_NEW_TAG}"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
else
|
||||||
|
NEW_TAG=${2}
|
||||||
|
|
||||||
|
if [ -z "$(git tag --list "${NEW_TAG}")" ]; then
|
||||||
|
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
CHANGE_LOG_YAML=$(mktemp)
|
||||||
|
echo "[]" > "${CHANGE_LOG_YAML}"
|
||||||
|
|
||||||
|
function map_type_to_kind() {
|
||||||
|
case "${1}" in
|
||||||
|
feat)
|
||||||
|
echo "added"
|
||||||
|
;;
|
||||||
|
fix)
|
||||||
|
echo "fixed"
|
||||||
|
;;
|
||||||
|
chore|style|test|ci|docs|refac)
|
||||||
|
echo "changed"
|
||||||
|
;;
|
||||||
|
revert)
|
||||||
|
echo "removed"
|
||||||
|
;;
|
||||||
|
sec)
|
||||||
|
echo "security"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "skip"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")"
|
||||||
|
|
||||||
|
echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}"
|
||||||
|
|
||||||
|
while IFS= read -r line; do
|
||||||
|
if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then
|
||||||
|
TYPE="${BASH_REMATCH[1]}"
|
||||||
|
KIND=$(map_type_to_kind "${TYPE}")
|
||||||
|
|
||||||
|
if [ "${KIND}" == "skip" ]; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
DESC="${BASH_REMATCH[3]}"
|
||||||
|
|
||||||
|
echo "- ${KIND}: ${DESC}"
|
||||||
|
|
||||||
|
jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new"
|
||||||
|
mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}"
|
||||||
|
|
||||||
|
fi
|
||||||
|
done <<< "${COMMIT_TITLES}"
|
||||||
|
|
||||||
|
if [ -s "${CHANGE_LOG_YAML}" ]; then
|
||||||
|
yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}"
|
||||||
|
yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}"
|
||||||
|
else
|
||||||
|
echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
rm "${CHANGE_LOG_YAML}"
|
32
.gitea/workflows/generate-readme.yaml
Normal file
32
.gitea/workflows/generate-readme.yaml
Normal file
@@ -0,0 +1,32 @@
|
|||||||
|
name: Generate README
|
||||||
|
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
paths: [ "README.md", "values.yaml" ]
|
||||||
|
types: [ "opened", "reopened", "synchronize" ]
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- '**'
|
||||||
|
paths: [ "README.md", "values.yaml" ]
|
||||||
|
tags-ignore:
|
||||||
|
- '**'
|
||||||
|
workflow_dispatch: {}
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
generate-parameters:
|
||||||
|
container:
|
||||||
|
image: docker.io/library/node:25.0.0-alpine
|
||||||
|
runs-on:
|
||||||
|
- ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Install tooling
|
||||||
|
run: |
|
||||||
|
apk update
|
||||||
|
apk add git npm
|
||||||
|
- uses: actions/checkout@v5.0.0
|
||||||
|
- name: Generate parameter section in README
|
||||||
|
run: |
|
||||||
|
npm install
|
||||||
|
npm run readme:parameters
|
||||||
|
- name: Compare diff
|
||||||
|
run: git diff --exit-code --name-only README.md
|
42
.gitea/workflows/helm.yaml
Normal file
42
.gitea/workflows/helm.yaml
Normal file
@@ -0,0 +1,42 @@
|
|||||||
|
name: Helm
|
||||||
|
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
types: [ "opened", "reopened", "synchronize" ]
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- '**'
|
||||||
|
tags-ignore:
|
||||||
|
- '**'
|
||||||
|
workflow_dispatch: {}
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
helm-lint:
|
||||||
|
container:
|
||||||
|
image: docker.io/volkerraschek/helm:3.19.0
|
||||||
|
runs-on:
|
||||||
|
- ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Install tooling
|
||||||
|
run: |
|
||||||
|
apk update
|
||||||
|
apk add git npm
|
||||||
|
- uses: actions/checkout@v5.0.0
|
||||||
|
- name: Lint helm files
|
||||||
|
run: |
|
||||||
|
helm lint --values values.yaml .
|
||||||
|
|
||||||
|
helm-unittest:
|
||||||
|
container:
|
||||||
|
image: docker.io/volkerraschek/helm:3.19.0
|
||||||
|
runs-on:
|
||||||
|
- ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Install tooling
|
||||||
|
run: |
|
||||||
|
apk update
|
||||||
|
apk add git npm
|
||||||
|
- uses: actions/checkout@v5.0.0
|
||||||
|
- name: Unittest
|
||||||
|
run: |
|
||||||
|
helm unittest --strict --file 'unittests/**/*.yaml' ./
|
46
.gitea/workflows/markdown-linters.yaml
Normal file
46
.gitea/workflows/markdown-linters.yaml
Normal file
@@ -0,0 +1,46 @@
|
|||||||
|
name: Markdown linter
|
||||||
|
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
paths: [ "**/*.md" ]
|
||||||
|
types: [ "opened", "reopened", "synchronize" ]
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- '**'
|
||||||
|
paths: [ "**/*.md" ]
|
||||||
|
tags-ignore:
|
||||||
|
- '**'
|
||||||
|
workflow_dispatch: {}
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
markdown-link-checker:
|
||||||
|
container:
|
||||||
|
image: docker.io/library/node:25.0.0-alpine
|
||||||
|
runs-on:
|
||||||
|
- ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Install tooling
|
||||||
|
run: |
|
||||||
|
apk update
|
||||||
|
apk add git npm
|
||||||
|
- uses: actions/checkout@v5.0.0
|
||||||
|
- name: Verify links in markdown files
|
||||||
|
run: |
|
||||||
|
npm install
|
||||||
|
npm run readme:link
|
||||||
|
|
||||||
|
markdown-lint:
|
||||||
|
container:
|
||||||
|
image: docker.io/library/node:25.0.0-alpine
|
||||||
|
runs-on:
|
||||||
|
- ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Install tooling
|
||||||
|
run: |
|
||||||
|
apk update
|
||||||
|
apk add git
|
||||||
|
- uses: actions/checkout@v5.0.0
|
||||||
|
- name: Lint markdown files
|
||||||
|
run: |
|
||||||
|
npm install
|
||||||
|
npm run readme:lint
|
61
.gitea/workflows/release.yaml
Normal file
61
.gitea/workflows/release.yaml
Normal file
@@ -0,0 +1,61 @@
|
|||||||
|
name: Release
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
tags:
|
||||||
|
- "**"
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
publish-chart:
|
||||||
|
container:
|
||||||
|
image: docker.io/volkerraschek/helm:3.19.0
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Install packages via apk
|
||||||
|
run: |
|
||||||
|
apk update
|
||||||
|
apk add git npm jq yq
|
||||||
|
|
||||||
|
- uses: actions/checkout@v5.0.0
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Add Artifacthub.io annotations
|
||||||
|
run: |
|
||||||
|
NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
|
||||||
|
OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
|
||||||
|
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
|
||||||
|
|
||||||
|
- name: Extract meta information
|
||||||
|
run: |
|
||||||
|
echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
|
||||||
|
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
|
||||||
|
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
- name: Update Helm Chart version in README.md
|
||||||
|
run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md
|
||||||
|
|
||||||
|
- name: Package chart
|
||||||
|
run: |
|
||||||
|
helm dependency build
|
||||||
|
helm package --version "${PACKAGE_VERSION}" ./
|
||||||
|
|
||||||
|
- name: Upload Chart to ChartMuseum
|
||||||
|
env:
|
||||||
|
CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
|
||||||
|
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
|
||||||
|
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
|
||||||
|
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
|
||||||
|
run: |
|
||||||
|
helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
|
||||||
|
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
|
||||||
|
helm repo remove chartmuseum
|
||||||
|
|
||||||
|
- name: Upload Chart to Gitea
|
||||||
|
env:
|
||||||
|
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
|
||||||
|
GITEA_SERVER_URL: ${{ github.server_url }}
|
||||||
|
run: |
|
||||||
|
helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
|
||||||
|
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
|
||||||
|
helm repo remove gitea
|
8
.gitignore
vendored
8
.gitignore
vendored
@@ -1,3 +1,9 @@
|
|||||||
*.tgz
|
charts
|
||||||
|
node_modules
|
||||||
|
target
|
||||||
values2.yml
|
values2.yml
|
||||||
values2.yaml
|
values2.yaml
|
||||||
|
*.tgz
|
||||||
|
|
||||||
|
install.sh
|
||||||
|
uninstall.sh
|
32
.helmignore
32
.helmignore
@@ -2,6 +2,7 @@
|
|||||||
# This supports shell glob matching, relative path matching, and
|
# This supports shell glob matching, relative path matching, and
|
||||||
# negation (prefixed with !). Only one pattern per line.
|
# negation (prefixed with !). Only one pattern per line.
|
||||||
.DS_Store
|
.DS_Store
|
||||||
|
|
||||||
# Common VCS dirs
|
# Common VCS dirs
|
||||||
.git/
|
.git/
|
||||||
.gitignore
|
.gitignore
|
||||||
@@ -10,23 +11,50 @@
|
|||||||
.hg/
|
.hg/
|
||||||
.hgignore
|
.hgignore
|
||||||
.svn/
|
.svn/
|
||||||
|
|
||||||
# Common backup files
|
# Common backup files
|
||||||
*.swp
|
*.swp
|
||||||
*.bak
|
*.bak
|
||||||
*.tmp
|
*.tmp
|
||||||
*.orig
|
*.orig
|
||||||
*~
|
*~
|
||||||
|
|
||||||
# Various IDEs
|
# Various IDEs
|
||||||
.project
|
.project
|
||||||
.idea/
|
.idea/
|
||||||
*.tmproj
|
*.tmproj
|
||||||
.vscode/
|
.vscode/
|
||||||
|
|
||||||
# drone
|
# drone
|
||||||
.drone.yml
|
.drone.yml
|
||||||
# markdownlint
|
|
||||||
.markdownlint.yaml
|
# editorconfig
|
||||||
|
.editorconfig
|
||||||
|
|
||||||
# customized values
|
# customized values
|
||||||
values2.yml
|
values2.yml
|
||||||
values2.yaml
|
values2.yaml
|
||||||
|
|
||||||
# helm packages
|
# helm packages
|
||||||
*.tgz
|
*.tgz
|
||||||
|
.helmignore
|
||||||
|
unittests
|
||||||
|
|
||||||
|
# markdownlint
|
||||||
|
.markdownlint.yml
|
||||||
|
.markdownlint.yaml
|
||||||
|
.markdownlintignore
|
||||||
|
|
||||||
|
# npm
|
||||||
|
.prettierignore
|
||||||
|
.npmrc
|
||||||
|
package*
|
||||||
|
|
||||||
|
# yamllint
|
||||||
|
.yamllint.yaml
|
||||||
|
|
||||||
|
# Others
|
||||||
|
CONTRIBUTING.md
|
||||||
|
CODEOWNERS
|
||||||
|
Makefile
|
||||||
|
renovate.json
|
||||||
|
@@ -45,9 +45,9 @@ MD012:
|
|||||||
# MD013/line-length - Line length
|
# MD013/line-length - Line length
|
||||||
MD013:
|
MD013:
|
||||||
# Number of characters
|
# Number of characters
|
||||||
line_length: 80
|
line_length: 120
|
||||||
# Number of characters for headings
|
# Number of characters for headings
|
||||||
heading_line_length: 80
|
heading_line_length: 120
|
||||||
# Number of characters for code blocks
|
# Number of characters for code blocks
|
||||||
code_block_line_length: 80
|
code_block_line_length: 80
|
||||||
# Include code blocks
|
# Include code blocks
|
||||||
@@ -56,8 +56,6 @@ MD013:
|
|||||||
tables: false
|
tables: false
|
||||||
# Include headings
|
# Include headings
|
||||||
headings: true
|
headings: true
|
||||||
# Include headings
|
|
||||||
headers: true
|
|
||||||
# Strict length checking
|
# Strict length checking
|
||||||
strict: false
|
strict: false
|
||||||
# Stern length checking
|
# Stern length checking
|
||||||
@@ -73,7 +71,7 @@ MD022:
|
|||||||
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
|
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
|
||||||
MD024:
|
MD024:
|
||||||
# Only check sibling headings
|
# Only check sibling headings
|
||||||
allow_different_nesting: true
|
siblings_only: true
|
||||||
|
|
||||||
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
|
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
|
||||||
MD025:
|
MD025:
|
||||||
@@ -129,7 +127,20 @@ MD041:
|
|||||||
MD044:
|
MD044:
|
||||||
# List of proper names
|
# List of proper names
|
||||||
names:
|
names:
|
||||||
- gitea
|
- Git
|
||||||
|
- GitDevOps
|
||||||
|
- Gitea
|
||||||
|
- GitHub
|
||||||
|
- GitLab
|
||||||
|
- GitOps
|
||||||
|
- kube-prometheus-stack
|
||||||
|
- Memcached
|
||||||
|
- Oracle
|
||||||
|
- PostgreSQL
|
||||||
|
- Prometheus
|
||||||
|
- prometheus-exporter
|
||||||
|
- SSL
|
||||||
|
- TLS
|
||||||
# Include code blocks
|
# Include code blocks
|
||||||
code_blocks: false
|
code_blocks: false
|
||||||
|
|
||||||
|
4
.markdownlintignore
Normal file
4
.markdownlintignore
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
.github/
|
||||||
|
Chart.lock
|
||||||
|
charts/
|
||||||
|
node_modules/
|
1
.prettierignore
Normal file
1
.prettierignore
Normal file
@@ -0,0 +1 @@
|
|||||||
|
Chart.lock
|
8
.vscode/extensions.json
vendored
Normal file
8
.vscode/extensions.json
vendored
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
{
|
||||||
|
"recommendations": [
|
||||||
|
"DavidAnson.vscode-markdownlint",
|
||||||
|
"esbenp.prettier-vscode",
|
||||||
|
"Tim-Koehler.helm-intellisense",
|
||||||
|
"yzhang.markdown-all-in-one"
|
||||||
|
]
|
||||||
|
}
|
8
.vscode/settings.json
vendored
Normal file
8
.vscode/settings.json
vendored
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
{
|
||||||
|
"yaml.schemas": {
|
||||||
|
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [
|
||||||
|
"/unittests/**/*.yaml"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"yaml.schemaStore.enable": true
|
||||||
|
}
|
20
.yamllint.yaml
Normal file
20
.yamllint.yaml
Normal file
@@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
extends: default
|
||||||
|
|
||||||
|
ignore: |
|
||||||
|
.yamllint
|
||||||
|
node_modules
|
||||||
|
templates
|
||||||
|
|
||||||
|
|
||||||
|
rules:
|
||||||
|
truthy:
|
||||||
|
allowed-values: ['true', 'false']
|
||||||
|
check-keys: False
|
||||||
|
level: error
|
||||||
|
line-length: disable
|
||||||
|
document-start: disable
|
||||||
|
comments:
|
||||||
|
min-spaces-from-content: 1
|
||||||
|
braces:
|
||||||
|
max-spaces-inside: 2
|
1
CODEOWNERS
Normal file
1
CODEOWNERS
Normal file
@@ -0,0 +1 @@
|
|||||||
|
* @volker.raschek
|
82
CONTRIBUTING.md
Normal file
82
CONTRIBUTING.md
Normal file
@@ -0,0 +1,82 @@
|
|||||||
|
# Contributing
|
||||||
|
|
||||||
|
I am very happy if you would like to provide a pull request 👍
|
||||||
|
|
||||||
|
The content of this file describes which requirements contributors should fulfill before submitting a pull request (PR).
|
||||||
|
|
||||||
|
1. [Valid Git commits](#valid-git-commits)
|
||||||
|
|
||||||
|
## Valid Git commits
|
||||||
|
|
||||||
|
### Commit message
|
||||||
|
|
||||||
|
The repository is subject to a strict commit message template. This states that there are several types of commits. For
|
||||||
|
example, `fix`, `chore`, `refac`, `test` or `doc`. All types are described in more detail below.
|
||||||
|
|
||||||
|
| type | description |
|
||||||
|
| ------------------- | ----------------------------------------------------------------- |
|
||||||
|
| `feat` | New feature. |
|
||||||
|
| `fix` | Fixes a bug. |
|
||||||
|
| `refac` | Refactoring production code. |
|
||||||
|
| `style` | Fixes formatting issues. No production code change. |
|
||||||
|
| `docs` | Adapt documentation. No production code change. |
|
||||||
|
| `test` | Adds new or modifies existing tests. No production code change. |
|
||||||
|
| `chore` | Updating grunt tasks. Is everything which the user does not see. |
|
||||||
|
|
||||||
|
Based on these types, commit messaged can then be created. Here are a few examples:
|
||||||
|
|
||||||
|
```text
|
||||||
|
style(README): Wrong indentation
|
||||||
|
feat(deployment): support restartPolicy
|
||||||
|
fix(my-app): Add missing volume
|
||||||
|
docs(CONTRIBUTING): Describe how to commit correctly
|
||||||
|
```
|
||||||
|
|
||||||
|
This type of commit message makes it easier for me as maintainer to keep an overview and does not cause the commits of a
|
||||||
|
pull request PR to be combined into one commit (squashing).
|
||||||
|
|
||||||
|
### Smart commits
|
||||||
|
|
||||||
|
Smart commits are excellent when it comes to tracking bugs or issues. In this repository, however, the rebasing of
|
||||||
|
commits is prohibited, which means that only merge commits are possible. This means that a smart commit message only
|
||||||
|
needs to be added to the merge commit.
|
||||||
|
|
||||||
|
This has the advantage that the maintainer can use the smart commit to find the merge commit and undo the entire history
|
||||||
|
of a merge without having to select individual commits. The following history illustrates the correct use of smart commits.
|
||||||
|
|
||||||
|
```text
|
||||||
|
* 823edbc7 Volker Raschek (G) | [Close #2] feat(deployment): support additional containers
|
||||||
|
|\
|
||||||
|
| * 321aebc3 Volker Raschek (G) | doc(README): generate README with new deployment attributes
|
||||||
|
| * 8d101dd3 Volker Raschek (G) | test(deployment): Extend unittest of additional containers
|
||||||
|
| * 6f2abd93 Volker Raschek (G) | fix(deployment): Extend deployment of additional containers
|
||||||
|
|/
|
||||||
|
* aa5ebda bob (N) | [Close #1] feat(deployment): support initContainers
|
||||||
|
```
|
||||||
|
|
||||||
|
### Commit signing
|
||||||
|
|
||||||
|
Another problem with Git is the chain of trust. Git allows the configuration of any name and e-mail address. An attacker
|
||||||
|
can impersonate any person and submit pull requests under a false identity. For as Linux Torvalds, the maintainer of the
|
||||||
|
Linux kernel.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
git config --global user.name 'Linux Torvalds'
|
||||||
|
git config --global user.email 'torvalds@linux-foundation.org'
|
||||||
|
```
|
||||||
|
|
||||||
|
To avoid this, some Git repositories expect signed commits. In particular, repositories that are subject to direct
|
||||||
|
delivery to customers. For this reason, the repository is subject to a branch protection rule that only allows signed
|
||||||
|
commits. *Until* there is *no verified* and *no signed* commit, the pull request is blocked.
|
||||||
|
|
||||||
|
The following articles describes how Git can be configured to sign commits. Please keep in mind, that the e-mail
|
||||||
|
address, which is used as UID of the GPG keyring must also be defined in the profile settings of your GitHub account.
|
||||||
|
Otherwise will be marked the Git commit as *Unverified*.
|
||||||
|
|
||||||
|
1. [Signing Commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
|
||||||
|
2. [Tell Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)
|
||||||
|
|
||||||
|
Inspect your Git commit via `git log`. There should be mentioned, that your commit is signed.
|
||||||
|
|
||||||
|
Furthermore, the GPG key is unique. **Don't loose your private GPG key**. Backup your private key on a safe device. For
|
||||||
|
example an external USB drive.
|
14
Chart.yaml
14
Chart.yaml
@@ -1,9 +1,15 @@
|
|||||||
|
annotations:
|
||||||
|
artifacthub.io/links: |
|
||||||
|
- name: Athens proxy (binary)
|
||||||
|
url: https://github.com/gomods/athens
|
||||||
|
- name: support
|
||||||
|
url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
name: athens-proxy
|
name: athens-proxy
|
||||||
description: Athens proxy server for golang
|
description: Athens proxy server for golang
|
||||||
type: application
|
type: application
|
||||||
version: "0.1.0"
|
version: "0.1.0"
|
||||||
appVersion: "v0.13.1"
|
appVersion: "v0.16.1"
|
||||||
icon: https://github.com/gomods/athens/blob/main/docs/static/banner.png?raw=true
|
icon: https://github.com/gomods/athens/blob/main/docs/static/banner.png?raw=true
|
||||||
|
|
||||||
keywords:
|
keywords:
|
||||||
@@ -13,10 +19,6 @@ keywords:
|
|||||||
- go-proxy
|
- go-proxy
|
||||||
|
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/volker-raschek/athens-proxy-charts
|
- https://git.cryptic.systems/volker.raschek/athens-proxy-charts
|
||||||
- https://github.com/gomods/athens
|
- https://github.com/gomods/athens
|
||||||
- https://hub.docker.com/r/gomods/athens
|
- https://hub.docker.com/r/gomods/athens
|
||||||
|
|
||||||
maintainers:
|
|
||||||
- name: Markus Pesch
|
|
||||||
email: markus.pesch+apps@cryptic.systems
|
|
||||||
|
28
LICENSE
28
LICENSE
@@ -1,13 +1,21 @@
|
|||||||
Copyright 2022 Markus Pesch
|
MIT License
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Copyright (c) 2025 Markus Pesch
|
||||||
you may not use this file except in compliance with the License.
|
|
||||||
You may obtain a copy of the License at
|
|
||||||
|
|
||||||
http://www.apache.org/licenses/LICENSE-2.0
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
The above copyright notice and this permission notice shall be included in all
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
copies or substantial portions of the Software.
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
See the License for the specific language governing permissions and
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
limitations under the License.
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
|
SOFTWARE.
|
||||||
|
91
Makefile
Normal file
91
Makefile
Normal file
@@ -0,0 +1,91 @@
|
|||||||
|
# CONTAINER_RUNTIME
|
||||||
|
CONTAINER_RUNTIME?=$(shell which podman)
|
||||||
|
|
||||||
|
# HELM_IMAGE
|
||||||
|
HELM_IMAGE_REGISTRY_HOST?=docker.io
|
||||||
|
HELM_IMAGE_REPOSITORY?=volkerraschek/helm
|
||||||
|
HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm
|
||||||
|
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
|
||||||
|
|
||||||
|
# NODE_IMAGE
|
||||||
|
NODE_IMAGE_REGISTRY_HOST?=docker.io
|
||||||
|
NODE_IMAGE_REPOSITORY?=library/node
|
||||||
|
NODE_IMAGE_VERSION?=25.0.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
|
||||||
|
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
|
||||||
|
|
||||||
|
# MISSING DOT
|
||||||
|
# ==============================================================================
|
||||||
|
missing-dot:
|
||||||
|
grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml
|
||||||
|
|
||||||
|
# CONTAINER RUN - README
|
||||||
|
# ==============================================================================
|
||||||
|
PHONY+=container-run/readme
|
||||||
|
container-run/readme: container-run/readme/link container-run/readme/lint container-run/readme/parameters
|
||||||
|
|
||||||
|
container-run/readme/link:
|
||||||
|
${CONTAINER_RUNTIME} run \
|
||||||
|
--rm \
|
||||||
|
--volume $(shell pwd):$(shell pwd) \
|
||||||
|
--workdir $(shell pwd) \
|
||||||
|
${NODE_IMAGE_FULLY_QUALIFIED} \
|
||||||
|
npm install && npm run readme:link
|
||||||
|
|
||||||
|
container-run/readme/lint:
|
||||||
|
${CONTAINER_RUNTIME} run \
|
||||||
|
--rm \
|
||||||
|
--volume $(shell pwd):$(shell pwd) \
|
||||||
|
--workdir $(shell pwd) \
|
||||||
|
${NODE_IMAGE_FULLY_QUALIFIED} \
|
||||||
|
npm install && npm run readme:lint
|
||||||
|
|
||||||
|
container-run/readme/parameters:
|
||||||
|
${CONTAINER_RUNTIME} run \
|
||||||
|
--rm \
|
||||||
|
--volume $(shell pwd):$(shell pwd) \
|
||||||
|
--workdir $(shell pwd) \
|
||||||
|
${NODE_IMAGE_FULLY_QUALIFIED} \
|
||||||
|
npm install && npm run readme:parameters
|
||||||
|
|
||||||
|
# CONTAINER RUN - HELM UNITTESTS
|
||||||
|
# ==============================================================================
|
||||||
|
PHONY+=container-run/helm-unittests
|
||||||
|
container-run/helm-unittests:
|
||||||
|
${CONTAINER_RUNTIME} run \
|
||||||
|
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
|
||||||
|
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
|
||||||
|
--rm \
|
||||||
|
--volume $(shell pwd):$(shell pwd) \
|
||||||
|
--workdir $(shell pwd) \
|
||||||
|
${HELM_IMAGE_FULLY_QUALIFIED} \
|
||||||
|
unittest --strict --file 'unittests/**/*.yaml' ./
|
||||||
|
|
||||||
|
# CONTAINER RUN - HELM UPDATE DEPENDENCIES
|
||||||
|
# ==============================================================================
|
||||||
|
PHONY+=container-run/helm-update-dependencies
|
||||||
|
container-run/helm-update-dependencies:
|
||||||
|
${CONTAINER_RUNTIME} run \
|
||||||
|
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
|
||||||
|
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
|
||||||
|
--rm \
|
||||||
|
--volume $(shell pwd):$(shell pwd) \
|
||||||
|
--workdir $(shell pwd) \
|
||||||
|
${HELM_IMAGE_FULLY_QUALIFIED} \
|
||||||
|
dependency update
|
||||||
|
|
||||||
|
# CONTAINER RUN - MARKDOWN-LINT
|
||||||
|
# ==============================================================================
|
||||||
|
PHONY+=container-run/helm-lint
|
||||||
|
container-run/helm-lint:
|
||||||
|
${CONTAINER_RUNTIME} run \
|
||||||
|
--rm \
|
||||||
|
--volume $(shell pwd):$(shell pwd) \
|
||||||
|
--workdir $(shell pwd) \
|
||||||
|
${HELM_IMAGE_FULLY_QUALIFIED} \
|
||||||
|
lint --values values.yaml .
|
||||||
|
|
||||||
|
# PHONY
|
||||||
|
# ==============================================================================
|
||||||
|
# Declare the contents of the PHONY variable as phony. We keep that information
|
||||||
|
# in a variable so we can use it in if_changed.
|
||||||
|
.PHONY: ${PHONY}
|
555
README.md
555
README.md
@@ -1,167 +1,456 @@
|
|||||||
# athens-proxy-charts
|
# athens-proxy-charts
|
||||||
|
|
||||||
[](https://drone.cryptic.systems/volker.raschek/athens-proxy-charts)
|
|
||||||
[](https://artifacthub.io/packages/search?repo=volker-raschek)
|
[](https://artifacthub.io/packages/search?repo=volker-raschek)
|
||||||
|
|
||||||
This is an inofficial helm chart of the go-proxy
|
> [!NOTE]
|
||||||
[athens](https://github.com/gomods/athens) which supports more complex
|
> This is not the official helm chart of Athens Go Proxy. If you are looking for the official helm chart, checkout the
|
||||||
configuration options.
|
> GitHub project [gomods/athens-charts](https://github.com/gomods/athens-charts).
|
||||||
|
|
||||||
This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and
|
This helm chart enables the deployment of [Athens Go Proxy](https://github.com/gomods/athens), a module datastore and
|
||||||
can be installed via helm.
|
proxy for Golang.
|
||||||
|
|
||||||
|
The helm chart supports the individual configuration of additional containers/initContainers, mounting of volumes,
|
||||||
|
defining additional environment variables and much more.
|
||||||
|
|
||||||
|
Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure
|
||||||
|
helm and use it to deploy the exporter. It also contains further configuration examples.
|
||||||
|
|
||||||
|
Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
|
||||||
|
helm chart is tested for deployment scenarios with **ArgoCD**.
|
||||||
|
|
||||||
|
## Helm: configuration and installation
|
||||||
|
|
||||||
|
1. A helm chart repository must be configured, to pull the helm charts from.
|
||||||
|
2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm
|
||||||
|
`--set` flag or directly as part of a `values.yaml` file. The following example defines the repository and use the
|
||||||
|
`--set` flag for a basic deployment.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
|
helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
|
||||||
|
helm repo update
|
||||||
helm install athens-proxy volker.raschek/athens-proxy
|
helm install athens-proxy volker.raschek/athens-proxy
|
||||||
```
|
```
|
||||||
|
|
||||||
## Customization
|
Instead of passing all parameters via the *set* flag, it is also possible to define them as part of the `values.yaml`.
|
||||||
|
The following command downloads the `values.yaml` for a specific version of this chart. Please keep in mind, that the
|
||||||
|
version of the chart must be in sync with the `values.yaml`. Newer *minor* versions can have new features. New *major*
|
||||||
|
versions can break something!
|
||||||
|
|
||||||
The complete deployment can be adapted via the `values.yaml` files. The
|
```bash
|
||||||
configuration of the proxy can be done via the environment variables described
|
CHART_VERSION=1.1.1
|
||||||
below or via mounting the config.toml as additional persistent volume to
|
helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml
|
||||||
`/config/config.toml`
|
|
||||||
|
|
||||||
## Access private repositories via SSH
|
|
||||||
|
|
||||||
Create a `configmap.yaml` with multiple keys. One key describe the content of
|
|
||||||
the `.gitconfig` file and another of `config` of the ssh client. All requests
|
|
||||||
git clone comands with the prefix `http://github.com/` will be replaced by
|
|
||||||
`git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a
|
|
||||||
separate secret.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: custom-configs
|
|
||||||
data:
|
|
||||||
sshconfig: |
|
|
||||||
Host github.com
|
|
||||||
IdentityFile /root/.ssh/id_ed25519
|
|
||||||
StrictHostKeyChecking no
|
|
||||||
gitconfig: |
|
|
||||||
[url "git@github.com:"]
|
|
||||||
insteadOf = https://github.com/
|
|
||||||
```
|
```
|
||||||
|
|
||||||
The secret definition below contains the SSH private and public key.
|
A complete list of available helm chart versions can be displayed via the following command:
|
||||||
|
|
||||||
```yaml
|
```bash
|
||||||
apiVersion: v1
|
helm search repo athens-proxy --versions
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: custom-ssh-keys
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
id_ed25519: |
|
|
||||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
||||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
|
||||||
QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
|
|
||||||
XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
|
|
||||||
AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
|
|
||||||
a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
|
|
||||||
-----END OPENSSH PRIVATE KEY-----
|
|
||||||
id_ed25519.pub: |
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe
|
|
||||||
```
|
```
|
||||||
|
|
||||||
The item `config` of the configmap will be merged with the items of the secret
|
The helm chart also contains a persistent volume claim definition. It persistent volume claim is not enabled by default.
|
||||||
as virtual volume. This volume can than be mounted with special permissions
|
Use the `--set` argument to persist your data.
|
||||||
required for the ssh client.
|
|
||||||
|
```bash
|
||||||
|
CHART_VERSION=1.1.1
|
||||||
|
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
|
||||||
|
persistence.enabled=true
|
||||||
|
```
|
||||||
|
|
||||||
|
### Examples
|
||||||
|
|
||||||
|
The following examples serve as individual configurations and as inspiration for how deployment problems can be solved.
|
||||||
|
|
||||||
|
#### Avoid CPU throttling by defining a CPU limit
|
||||||
|
|
||||||
|
If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the
|
||||||
|
application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but
|
||||||
|
cannot use the available CPU time to perform computing operations.
|
||||||
|
|
||||||
|
The application must be informed that despite several CPUs only a part (limit) of the available computing time is
|
||||||
|
available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way
|
||||||
|
of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS
|
||||||
|
rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
|
||||||
|
|
||||||
|
Further information about this topic can be found in one of Kanishk's blog
|
||||||
|
[posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
|
||||||
|
|
||||||
|
> [!NOTE]
|
||||||
|
> The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is
|
||||||
|
> not anymore required.
|
||||||
|
>
|
||||||
|
> Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
CHART_VERSION=1.1.1
|
||||||
|
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
|
||||||
|
--set 'deployment.athensProxy.env.name=GOMAXPROCS' \
|
||||||
|
--set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
|
||||||
|
--set 'deployment.athensProxy.resources.limits.cpu=1000m'
|
||||||
|
```
|
||||||
|
|
||||||
|
#### TLS encryption
|
||||||
|
|
||||||
|
The example shows how to deploy the application with TLS encryption. For example when **no** HTTP ingress is used for
|
||||||
|
TLS determination and instead the application it self should determinate the TLS handshake. To generate the TLS
|
||||||
|
certificate can be used the [cert-manager](https://cert-manager.io/). The chart supports the creation of such a TLS
|
||||||
|
certificate via `cert-manager.io/v1 Certificate` resource. Alternatively can be mounted a TLS certificate from a secret.
|
||||||
|
The secret must be from type `kubernetes.io/tls`.
|
||||||
|
|
||||||
|
> [!WARNING]
|
||||||
|
> The following example expects that the [cert-manager](https://cert-manager.io/) is deployed and the `Issuer` named
|
||||||
|
> `athens-proxy-ca` is present in the same namespace of the helm deployment.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
CHART_VERSION=1.1.1
|
||||||
|
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
|
||||||
|
--set 'config.certificate.enabled=true' \
|
||||||
|
--set 'config.certificate.new.issuerRef.kind=Issuer' \
|
||||||
|
--set 'config.certificate.new.issuerRef.name=athens-proxy-ca'
|
||||||
|
```
|
||||||
|
|
||||||
|
The environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` are automatically added and the TLS certificate
|
||||||
|
and private key are mounted to a pre-defined destination inside the container file system.
|
||||||
|
|
||||||
|
#### TLS certificate rotation
|
||||||
|
|
||||||
|
If the application uses TLS certificates that are mounted as a secret in the container file system like the example
|
||||||
|
[above](#tls-encryption), the application will not automatically apply them when the TLS certificates are rotated. Such
|
||||||
|
a rotation can be for example triggered, when the [cert-manager](https://cert-manager.io/) issues new TLS certificates
|
||||||
|
before expiring.
|
||||||
|
|
||||||
|
Until the exporter does not support rotating TLS certificate a workaround can be applied. For example stakater's
|
||||||
|
[reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update. The following
|
||||||
|
annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted configMaps
|
||||||
|
and secrets have been changed.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
extraVolumes:
|
deployment:
|
||||||
- name: ssh
|
annotations:
|
||||||
projected:
|
reloader.stakater.com/auto: "true"
|
||||||
defaultMode: 0644
|
```
|
||||||
|
|
||||||
|
Instead of triggering a rolling update for configMap and secret resources, this action can also be defined for
|
||||||
|
individual items. For example, when the secret named `athens-proxy-tls` is mounted and the reloader controller should
|
||||||
|
only listen for changes of this secret:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
deployment:
|
||||||
|
annotations:
|
||||||
|
secret.reloader.stakater.com/reload: "athens-proxy-tls"
|
||||||
|
```
|
||||||
|
|
||||||
|
If the application is rolled out using ArgoCD, a rolling update from stakater's
|
||||||
|
[reloader](https://github.com/stakater/Reloader) can lead to a drift. ArgoCD will attempt to restore the original state
|
||||||
|
with a rolling update. To avoid this, instead of a rolling update triggered by the reloader, a restart of the pod can be
|
||||||
|
initiated. Further information are available in the official
|
||||||
|
[README](https://github.com/stakater/Reloader?tab=readme-ov-file#4-%EF%B8%8F-workload-specific-rollout-strategy) of
|
||||||
|
stakater's reloader.
|
||||||
|
|
||||||
|
```diff
|
||||||
|
deployment:
|
||||||
|
annotations:
|
||||||
|
reloader.stakater.com/auto: "true"
|
||||||
|
+ reloader.stakater.com/rollout-strategy: "restart"
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Network policies
|
||||||
|
|
||||||
|
Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
|
||||||
|
network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`.
|
||||||
|
|
||||||
|
The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming
|
||||||
|
traffic from an ingress controller. Additionally two egress rules are defined. The first one to allow the application
|
||||||
|
outgoing access to the internal running DNS server `core-dns`. The second rule to be able to access the upstream Go
|
||||||
|
proxy `https://proxy.golang.org` via HTTPS.
|
||||||
|
|
||||||
|
> [!IMPORTANT]
|
||||||
|
> Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For
|
||||||
|
> this reason, there is are not default network policy rules defined.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
networkPolicies:
|
||||||
|
enabled: true
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
policyTypes:
|
||||||
|
- Egress
|
||||||
|
- Ingress
|
||||||
|
egress:
|
||||||
|
- to:
|
||||||
|
- namespaceSelector:
|
||||||
|
matchLabels:
|
||||||
|
kubernetes.io/metadata.name: kube-system
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
k8s-app: kube-dns
|
||||||
|
ports:
|
||||||
|
- port: 53
|
||||||
|
protocol: TCP
|
||||||
|
- port: 53
|
||||||
|
protocol: UDP
|
||||||
|
- ports:
|
||||||
|
- port: 443
|
||||||
|
protocol: TCP
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
- from:
|
||||||
|
- namespaceSelector:
|
||||||
|
matchLabels:
|
||||||
|
kubernetes.io/metadata.name: ingress-nginx
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
ports:
|
||||||
|
- port: http
|
||||||
|
protocol: TCP
|
||||||
|
```
|
||||||
|
|
||||||
|
## ArgoCD
|
||||||
|
|
||||||
|
### Example Application
|
||||||
|
|
||||||
|
An application resource for the Helm chart is defined below. It serves as an example for your own deployment.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
namespace: athens-proxy
|
||||||
|
ignoreDifferences:
|
||||||
|
- group: apps
|
||||||
|
kind: Deployment
|
||||||
|
jqPathExpressions:
|
||||||
|
# When HPA is enabled, ensure that a modification of the replicas does not lead to a
|
||||||
|
# drift.
|
||||||
|
- '.spec.replicas'
|
||||||
|
# Ensure that changes of the annotations or environment variables added or modified by
|
||||||
|
# stakater's reloader does not lead to a drift.
|
||||||
|
- '.spec.template.metadata.annotations | with_entries(select(.key | startswith("reloader")))'
|
||||||
|
- '.spec.template.spec.containers[].env[] | select(.name | startswith("STAKATER_"))'
|
||||||
sources:
|
sources:
|
||||||
- configMap:
|
- repoURL: https://charts.cryptic.systems/volker.raschek
|
||||||
name: custom-configs
|
chart: athens-proxy
|
||||||
items:
|
targetRevision: '0.*'
|
||||||
- key: sshconfig
|
helm:
|
||||||
path: config
|
valueFiles:
|
||||||
- secret:
|
- $values/values.yaml
|
||||||
name: custom-ssh-keys
|
releaseName: athens-proxy
|
||||||
items:
|
syncPolicy:
|
||||||
- key: id_ed25519
|
automated:
|
||||||
path: id_ed25519
|
prune: true
|
||||||
mode: 0600
|
selfHeal: true
|
||||||
- key: id_ed25519.pub
|
managedNamespaceMetadata:
|
||||||
path: id_ed25519.pub
|
annotations: {}
|
||||||
- name: gitconfig
|
labels: {}
|
||||||
configMap:
|
syncOptions:
|
||||||
name: custom-configs
|
- ApplyOutOfSyncOnly=true
|
||||||
items:
|
- CreateNamespace=true
|
||||||
- key: gitconfig
|
- FailOnSharedResource=false
|
||||||
path: config
|
- Replace=false
|
||||||
mode: 0644
|
- RespectIgnoreDifferences=false
|
||||||
|
- ServerSideApply=true
|
||||||
extraVolumeMounts:
|
- Validate=true
|
||||||
- name: ssh
|
|
||||||
mountPath: /root/.ssh
|
|
||||||
- name: gitconfig
|
|
||||||
mountPath: /root/.config/git
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Access private github.com repositories via developer token
|
## Parameters
|
||||||
|
|
||||||
Another way to access private github repositories is via a github token, which
|
### Global
|
||||||
can be set via the environment variable `GITHUB_TOKEN`. Athens automatically
|
|
||||||
creates a `.netrc` file to access private github repositories.
|
|
||||||
|
|
||||||
## Access private repositories via .netrc configuration
|
| Name | Description | Value |
|
||||||
|
| ------------------ | ----------------------------------------- | ----- |
|
||||||
|
| `nameOverride` | Individual release name suffix. | `""` |
|
||||||
|
| `fullnameOverride` | Override the complete release name logic. | `""` |
|
||||||
|
|
||||||
As describe above, a `.netrc` file is responsible for the authentication via
|
### Certificate
|
||||||
HTTP. The file can also be defined via a custom secret and mounted into the home
|
|
||||||
directory of `root` for general authentication purpose.
|
|
||||||
|
|
||||||
The example below describe the definition and mounting of a custom `.netrc` file
|
| Name | Description | Value |
|
||||||
to access private repositories hosted on github and gitlab.
|
| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- |
|
||||||
|
| `certificate.enabled` | Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added. | `false` |
|
||||||
|
| `certificate.existingSecret.enabled` | Use an existing secret of the type `kubernetes.io/tls`. | `false` |
|
||||||
|
| `certificate.existingSecret.secretName` | Name of the secret containing the TLS certificate and private key. | `""` |
|
||||||
|
| `certificate.new.annotations` | Additional certificate annotations. | `{}` |
|
||||||
|
| `certificate.new.labels` | Additional certificate labels. | `{}` |
|
||||||
|
| `certificate.new.duration` | Duration of the TLS certificate. | `744h` |
|
||||||
|
| `certificate.new.renewBefore` | Renew TLS certificate before expiring. | `672h` |
|
||||||
|
| `certificate.new.dnsNames` | Overwrites the default of the subject alternative DNS names. | `[]` |
|
||||||
|
| `certificate.new.ipAddresses` | Overwrites the default of the subject alternative IP addresses. | `[]` |
|
||||||
|
| `certificate.new.issuerRef.kind` | Issuer kind. Can be `Issuer` or `ClusterIssuer`. | `""` |
|
||||||
|
| `certificate.new.issuerRef.name` | Name of the `Issuer` or `ClusterIssuer`. | `""` |
|
||||||
|
| `certificate.new.privateKey.algorithm` | Algorithm of the private TLS key. | `RSA` |
|
||||||
|
| `certificate.new.privateKey.rotationPolicy` | Rotation of the private TLS key. | `Never` |
|
||||||
|
| `certificate.new.privateKey.size` | Size of the private TLS key. | `4096` |
|
||||||
|
| `certificate.new.secretTemplate.annotations` | Additional annotation of the created secret. | `{}` |
|
||||||
|
| `certificate.new.secretTemplate.labels` | Additional labels of the created secret. | `{}` |
|
||||||
|
| `certificate.new.subject.countries` | List of countries. | `[]` |
|
||||||
|
| `certificate.new.subject.localities` | List of localities. | `[]` |
|
||||||
|
| `certificate.new.subject.organizationalUnits` | List of organizationalUnits. | `[]` |
|
||||||
|
| `certificate.new.subject.organizations` | List of organizations. | `[]` |
|
||||||
|
| `certificate.new.subject.postalCodes` | List of postalCodes. | `[]` |
|
||||||
|
| `certificate.new.subject.provinces` | List of provinces. | `[]` |
|
||||||
|
| `certificate.new.subject.serialNumber` | Serial number. | `""` |
|
||||||
|
| `certificate.new.subject.streetAddresses` | List of streetAddresses. | `[]` |
|
||||||
|
| `certificate.new.usages` | Define the usage of the TLS key. | `["client auth","server auth"]` |
|
||||||
|
|
||||||
```yaml
|
### Configuration
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: custom-netrc
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
netrc: |
|
|
||||||
machine github.com login USERNAME password API-KEY
|
|
||||||
machine gitlab.com login USERNAME password API-KEY
|
|
||||||
```
|
|
||||||
|
|
||||||
The file must then be mounted via extraVolumes and extraVolumeMounts.
|
| Name | Description | Value |
|
||||||
|
| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
|
||||||
|
| `config.env.enabled` | Enable mounting of the secret as environment variables. | `false` |
|
||||||
|
| `config.env.existingSecret.enabled` | Mount an existing secret containing the application specific environment variables. | `false` |
|
||||||
|
| `config.env.existingSecret.secretName` | Name of the existing secret containing the application specific environment variables. | `""` |
|
||||||
|
| `config.env.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
|
||||||
|
| `config.env.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
|
||||||
|
| `config.env.secret.envs` | List of environment variables stored in a secret and mounted into the container. | `{}` |
|
||||||
|
| `config.downloadMode.enabled` | Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined. | `false` |
|
||||||
|
| `config.downloadMode.existingConfigMap.enabled` | Enable to use an external config map for mounting the download mode file. | `false` |
|
||||||
|
| `config.downloadMode.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the download mode file. | `""` |
|
||||||
|
| `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored. | `downloadMode` |
|
||||||
|
| `config.downloadMode.configMap.annotations` | Additional annotations of the config map containing the download mode file. | `{}` |
|
||||||
|
| `config.downloadMode.configMap.labels` | Additional labels of the config map containing the download mode file. | `{}` |
|
||||||
|
| `config.gitConfig.enabled` | Enable mounting of a .gitconfig file into the container file system. | `false` |
|
||||||
|
| `config.gitConfig.existingConfigMap.enabled` | Enable to use an external config map for mounting the .gitconfig file. | `false` |
|
||||||
|
| `config.gitConfig.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the .gitconfig file. | `""` |
|
||||||
|
| `config.gitConfig.existingConfigMap.gitConfigKey` | The name of the key inside the config map where the content of the .gitconfig file is stored. | `nil` |
|
||||||
|
| `config.gitConfig.configMap.annotations` | Additional annotations of the config map containing the .gitconfig file. | `{}` |
|
||||||
|
| `config.gitConfig.configMap.labels` | Additional labels of the config map containing the .gitconfig file. | `{}` |
|
||||||
|
| `config.netrc.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
|
||||||
|
| `config.netrc.existingSecret.enabled` | Enable to use an external secret for mounting the .netrc file. | `false` |
|
||||||
|
| `config.netrc.existingSecret.secretName` | The name of the existing secret which should be used to mount the .netrc file. | `""` |
|
||||||
|
| `config.netrc.existingSecret.netrcKey` | The name of the key inside the secret where the content of the .netrc file is stored. | `.netrc` |
|
||||||
|
| `config.netrc.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
|
||||||
|
| `config.netrc.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
|
||||||
|
| `config.ssh.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
|
||||||
|
| `config.ssh.existingSecret.enabled` | Enable to use an external secret for mounting the public and private SSH key files. | `false` |
|
||||||
|
| `config.ssh.existingSecret.secretName` | The name of the existing secret which should be used to mount the public and private SSH key files. | `""` |
|
||||||
|
| `config.ssh.existingSecret.configKey` | The name of the key inside the secret where the content of the SSH client config file is stored. | `config` |
|
||||||
|
| `config.ssh.existingSecret.id_ed25519Key` | The name of the key inside the secret where the content of the id_ed25519 key file is stored. | `id_ed25519` |
|
||||||
|
| `config.ssh.existingSecret.id_ed25519PubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_ed25519.pub` |
|
||||||
|
| `config.ssh.existingSecret.id_rsaKey` | The name of the key inside the secret where the content of the id_rsa key file is stored. | `id_rsa` |
|
||||||
|
| `config.ssh.existingSecret.id_rsaPubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_rsa.pub` |
|
||||||
|
| `config.ssh.secret.annotations` | Additional annotations of the secret containing the public and private SSH key files. | `{}` |
|
||||||
|
| `config.ssh.secret.labels` | Additional labels of the secret containing the public and private SSH key files. | `{}` |
|
||||||
|
|
||||||
```yaml
|
### Deployment
|
||||||
extraVolumes:
|
|
||||||
- name: netrc
|
|
||||||
secret:
|
|
||||||
secretName: custom-netrc
|
|
||||||
items:
|
|
||||||
- key: netrc
|
|
||||||
path: .netrc
|
|
||||||
mode: 0600
|
|
||||||
|
|
||||||
extraVolumeMounts:
|
| Name | Description | Value |
|
||||||
- name: netrc
|
| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------- |
|
||||||
mountPath: /root
|
| `deployment.annotations` | Additional deployment annotations. | `{}` |
|
||||||
```
|
| `deployment.labels` | Additional deployment labels. | `{}` |
|
||||||
|
| `deployment.additionalContainers` | List of additional containers. | `[]` |
|
||||||
|
| `deployment.affinity` | Affinity for the athens-proxy deployment. | `{}` |
|
||||||
|
| `deployment.initContainers` | List of additional init containers. | `[]` |
|
||||||
|
| `deployment.dnsConfig` | dnsConfig of the athens-proxy deployment. | `{}` |
|
||||||
|
| `deployment.dnsPolicy` | dnsPolicy of the athens-proxy deployment. | `""` |
|
||||||
|
| `deployment.hostname` | Individual hostname of the pod. | `""` |
|
||||||
|
| `deployment.subdomain` | Individual domain of the pod. | `""` |
|
||||||
|
| `deployment.hostNetwork` | Use the kernel network namespace of the host system. | `false` |
|
||||||
|
| `deployment.imagePullSecrets` | Secret to use for pulling the image. | `[]` |
|
||||||
|
| `deployment.athensProxy.args` | Arguments passed to the athens-proxy container. | `[]` |
|
||||||
|
| `deployment.athensProxy.command` | Command passed to the athens-proxy container. | `[]` |
|
||||||
|
| `deployment.athensProxy.env` | List of environment variables for the athens-proxy container. | `[]` |
|
||||||
|
| `deployment.athensProxy.envFrom` | List of environment variables mounted from configMaps or secrets for the athens-proxy container. | `[]` |
|
||||||
|
| `deployment.athensProxy.image.registry` | Image registry, eg. `docker.io`. | `docker.io` |
|
||||||
|
| `deployment.athensProxy.image.repository` | Image repository, eg. `library/busybox`. | `gomods/athens` |
|
||||||
|
| `deployment.athensProxy.image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` |
|
||||||
|
| `deployment.athensProxy.image.pullPolicy` | Image pull policy. | `IfNotPresent` |
|
||||||
|
| `deployment.athensProxy.resources` | CPU and memory resources of the pod. | `{}` |
|
||||||
|
| `deployment.athensProxy.securityContext` | Security context of the container of the deployment. | `{}` |
|
||||||
|
| `deployment.athensProxy.volumeMounts` | Additional volume mounts. | `[]` |
|
||||||
|
| `deployment.nodeSelector` | NodeSelector of the athens-proxy deployment. | `{}` |
|
||||||
|
| `deployment.priorityClassName` | PriorityClassName of the athens-proxy deployment. | `""` |
|
||||||
|
| `deployment.replicas` | Number of replicas for the athens-proxy deployment. | `1` |
|
||||||
|
| `deployment.restartPolicy` | Restart policy of the athens-proxy deployment. | `""` |
|
||||||
|
| `deployment.securityContext` | Security context of the athens-proxy deployment. | `{}` |
|
||||||
|
| `deployment.strategy.type` | Strategy type - `Recreate` or `RollingUpdate`. | `RollingUpdate` |
|
||||||
|
| `deployment.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` |
|
||||||
|
| `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` |
|
||||||
|
| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` |
|
||||||
|
| `deployment.tolerations` | Tolerations of the athens-proxy deployment. | `[]` |
|
||||||
|
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the athens-proxy deployment. | `[]` |
|
||||||
|
| `deployment.volumes` | Additional volumes to mount into the pods of the athens-proxy deployment. | `[]` |
|
||||||
|
|
||||||
## Persistent storage
|
### Horizontal Pod Autoscaler (HPA)
|
||||||
|
|
||||||
Unlike the athens default, the default here is `disk` - i.e. the files are
|
| Name | Description | Value |
|
||||||
written to the container. Therefore, it is advisable to outsource the
|
| ----------------- | -------------------------------------------------------------------------------------------------- | ----------- |
|
||||||
corresponding storage location to persistent storage. The following example
|
| `hpa.enabled` | Enable the horizontal pod autoscaler (HPA). | `false` |
|
||||||
describes the integration of a persistent storage claim.
|
| `hpa.annotations` | Additional annotations for the HPA. | `{}` |
|
||||||
|
| `hpa.labels` | Additional labels for the HPA. | `{}` |
|
||||||
|
| `hpa.metrics` | Metrics contains the specifications for which to use to calculate the desired replica count. | `undefined` |
|
||||||
|
| `hpa.minReplicas` | Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down. | `1` |
|
||||||
|
| `hpa.maxReplicas` | Upper limit for the number of pods that can be set by the autoscaler. | `10` |
|
||||||
|
|
||||||
```yaml
|
### Ingress
|
||||||
extraVolumes:
|
|
||||||
- name: gomodules
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: custom-gomodules-pvc
|
|
||||||
|
|
||||||
extraVolumeMounts:
|
| Name | Description | Value |
|
||||||
- name: gomodules
|
| --------------------- | -------------------------------------------------------------------------------------------------------------------- | ------- |
|
||||||
mountPath: /var/lib/athens
|
| `ingress.enabled` | Enable creation of an ingress resource. Requires, that the http service is also enabled. | `false` |
|
||||||
```
|
| `ingress.className` | Ingress class. | `nginx` |
|
||||||
|
| `ingress.annotations` | Additional ingress annotations. | `{}` |
|
||||||
|
| `ingress.labels` | Additional ingress labels. | `{}` |
|
||||||
|
| `ingress.hosts` | Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. | `[]` |
|
||||||
|
| `ingress.tls` | Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``. | `[]` |
|
||||||
|
|
||||||
|
### Persistence
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- |
|
||||||
|
| `persistence.enabled` | Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. | `false` |
|
||||||
|
| `persistence.data.mountPath` | The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`. | `/var/www/athens-proxy/data` |
|
||||||
|
| `persistence.data.existingPersistentVolumeClaim.enabled` | Use an existing persistent volume claim. | `false` |
|
||||||
|
| `persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName` | The name of the existing persistent volume claim. | `""` |
|
||||||
|
| `persistence.data.persistentVolumeClaim.annotations` | Additional persistent volume claim annotations. | `{}` |
|
||||||
|
| `persistence.data.persistentVolumeClaim.labels` | Additional persistent volume claim labels. | `{}` |
|
||||||
|
| `persistence.data.persistentVolumeClaim.accessModes` | Access modes of the persistent volume claim. | `["ReadWriteMany"]` |
|
||||||
|
| `persistence.data.persistentVolumeClaim.storageClassName` | Storage class of the persistent volume claim. | `""` |
|
||||||
|
| `persistence.data.persistentVolumeClaim.storageSize` | Size of the persistent volume claim. | `5Gi` |
|
||||||
|
|
||||||
|
### Network
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| --------------- | ------------------------------------------------------------------------ | --------------- |
|
||||||
|
| `clusterDomain` | Domain of the Cluster. Domain is part of internally issued certificates. | `cluster.local` |
|
||||||
|
|
||||||
|
### Network Policy
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| --------------------------- | ------------------------------------------------------------------------- | ------- |
|
||||||
|
| `networkPolicy.enabled` | Enable network policies in general. | `false` |
|
||||||
|
| `networkPolicy.annotations` | Additional network policy annotations. | `{}` |
|
||||||
|
| `networkPolicy.labels` | Additional network policy labels. | `{}` |
|
||||||
|
| `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]` |
|
||||||
|
| `networkPolicy.egress` | Concrete egress network policy implementation. | `[]` |
|
||||||
|
| `networkPolicy.ingress` | Concrete ingress network policy implementation. | `[]` |
|
||||||
|
|
||||||
|
### Service
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
|
||||||
|
| `services.http.enabled` | Enable the service. | `true` |
|
||||||
|
| `services.http.annotations` | Additional service annotations. | `{}` |
|
||||||
|
| `services.http.externalIPs` | External IPs for the service. | `[]` |
|
||||||
|
| `services.http.externalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster` |
|
||||||
|
| `services.http.internalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | `Cluster` |
|
||||||
|
| `services.http.ipFamilies` | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | `[]` |
|
||||||
|
| `services.http.labels` | Additional service labels. | `{}` |
|
||||||
|
| `services.http.loadBalancerClass` | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | `""` |
|
||||||
|
| `services.http.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` |
|
||||||
|
| `services.http.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` |
|
||||||
|
| `services.http.port` | Port to forward the traffic to. | `3000` |
|
||||||
|
| `services.http.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` |
|
||||||
|
| `services.http.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` |
|
||||||
|
| `services.http.type` | Kubernetes service type for the traffic. | `ClusterIP` |
|
||||||
|
|
||||||
|
### ServiceAccount
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
|
||||||
|
| `serviceAccount.existing.enabled` | Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations. | `false` |
|
||||||
|
| `serviceAccount.existing.serviceAccountName` | Name of the existing service account. | `""` |
|
||||||
|
| `serviceAccount.new.annotations` | Additional service account annotations. | `{}` |
|
||||||
|
| `serviceAccount.new.labels` | Additional service account labels. | `{}` |
|
||||||
|
| `serviceAccount.new.automountServiceAccountToken` | Enable/disable auto mounting of the service account token. | `true` |
|
||||||
|
| `serviceAccount.new.imagePullSecrets` | ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount. | `[]` |
|
||||||
|
| `serviceAccount.new.secrets` | Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. | `[]` |
|
||||||
|
@@ -1,12 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: custom-configs
|
|
||||||
data:
|
|
||||||
sshconfig: |
|
|
||||||
Host github.com
|
|
||||||
IdentityFile /root/.ssh/id_ed25519
|
|
||||||
StrictHostKeyChecking no
|
|
||||||
gitconfig: |
|
|
||||||
[url "git@github.com:"]
|
|
||||||
insteadOf = https://github.com/
|
|
@@ -1,26 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: custom-ssh-keys
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
id_ed25519: |
|
|
||||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
||||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
|
||||||
QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
|
|
||||||
XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
|
|
||||||
AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
|
|
||||||
a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
|
|
||||||
-----END OPENSSH PRIVATE KEY-----
|
|
||||||
id_ed25519.pub: |
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: custom-netrc
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
netrc: |
|
|
||||||
machine github.com login USERNAME password API-KEY
|
|
||||||
machine gitlab.com login USERNAME password API-KEY
|
|
2617
package-lock.json
generated
Normal file
2617
package-lock.json
generated
Normal file
File diff suppressed because it is too large
Load Diff
21
package.json
Normal file
21
package.json
Normal file
@@ -0,0 +1,21 @@
|
|||||||
|
{
|
||||||
|
"name": "athens-proxy-charts",
|
||||||
|
"homepage": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts.git",
|
||||||
|
"license": "MIT",
|
||||||
|
"private": true,
|
||||||
|
"engineStrict": true,
|
||||||
|
"engines": {
|
||||||
|
"node": ">=16.0.0",
|
||||||
|
"npm": ">=8.0.0"
|
||||||
|
},
|
||||||
|
"scripts": {
|
||||||
|
"readme:link": "markdown-link-check *.md",
|
||||||
|
"readme:lint": "markdownlint *.md -f",
|
||||||
|
"readme:parameters": "readme-generator -v values.yaml -r README.md"
|
||||||
|
},
|
||||||
|
"devDependencies": {
|
||||||
|
"@bitnami/readme-generator-for-helm": "^2.5.0",
|
||||||
|
"markdown-link-check": "^3.13.6",
|
||||||
|
"markdownlint-cli": "^0.45.0"
|
||||||
|
}
|
||||||
|
}
|
114
renovate.json
114
renovate.json
@@ -1,26 +1,15 @@
|
|||||||
{
|
{
|
||||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||||
"assignees": [ "volker.raschek" ],
|
"extends": [
|
||||||
"labels": [ "renovate" ],
|
"local>volker.raschek/renovate-config:default#master",
|
||||||
"packageRules": [
|
"local>volker.raschek/renovate-config:container#master",
|
||||||
{
|
"local>volker.raschek/renovate-config:actions#master",
|
||||||
"addLabels": [ "renovate/athens-proxy", "renovate/automerge" ],
|
"local>volker.raschek/renovate-config:npm#master",
|
||||||
"automerge": true,
|
"local>volker.raschek/renovate-config:regexp#master"
|
||||||
"matchManagers": "droneci",
|
|
||||||
"matchUpdateTypes": [ "minor", "patch"]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"addLabels": [ "renovate/athens-proxy", "renovate/automerge" ],
|
|
||||||
"automerge": false,
|
|
||||||
"matchPackageNames": [ "gomods/athens" ],
|
|
||||||
"matchManagers": [ "regex" ]
|
|
||||||
}
|
|
||||||
],
|
],
|
||||||
"rebaseLabel": "renovate/rebase",
|
"customManagers": [
|
||||||
"rebaseWhen": "behind-base-branch",
|
|
||||||
"regexManagers": [
|
|
||||||
{
|
{
|
||||||
"description": "Update container image reference",
|
"customType": "regex",
|
||||||
"fileMatch": [
|
"fileMatch": [
|
||||||
"^Chart\\.yaml$"
|
"^Chart\\.yaml$"
|
||||||
],
|
],
|
||||||
@@ -28,7 +17,92 @@
|
|||||||
"appVersion: \"(?<currentValue>.*?)\"\\s+"
|
"appVersion: \"(?<currentValue>.*?)\"\\s+"
|
||||||
],
|
],
|
||||||
"datasourceTemplate": "docker",
|
"datasourceTemplate": "docker",
|
||||||
"depNameTemplate": "gomods/athens"
|
"depNameTemplate": "gomods/athens",
|
||||||
|
"lookupNameTemplate": "docker.io/gomods/athens",
|
||||||
|
"versioningTemplate": "semver"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"customType": "regex",
|
||||||
|
"fileMatch": ["^README\\.md$"],
|
||||||
|
"matchStrings": [
|
||||||
|
"VERSION=(?<currentValue>.*)"
|
||||||
|
],
|
||||||
|
"depNameTemplate": "volker.raschek/athens-proxy-charts",
|
||||||
|
"packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts",
|
||||||
|
"datasourceTemplate": "git-tags",
|
||||||
|
"versioningTemplate": "semver"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"customType": "regex",
|
||||||
|
"datasourceTemplate": "github-releases",
|
||||||
|
"fileMatch": [
|
||||||
|
".vscode/settings\\.json$"
|
||||||
|
],
|
||||||
|
"matchStrings": [
|
||||||
|
"https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"packageRules": [
|
||||||
|
{
|
||||||
|
"groupName": "Update docker.io/volkerraschek/helm",
|
||||||
|
"matchDepNames": [
|
||||||
|
"docker.io/volkerraschek/helm",
|
||||||
|
"volkerraschek/helm"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"automerge": true,
|
||||||
|
"groupName": "Update helm plugin 'unittest'",
|
||||||
|
"matchDepNames": [
|
||||||
|
"helm-unittest/helm-unittest"
|
||||||
|
],
|
||||||
|
"matchDatasources": [
|
||||||
|
"github-releases"
|
||||||
|
],
|
||||||
|
"matchUpdateTypes": [
|
||||||
|
"minor",
|
||||||
|
"patch"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"groupName": "Update docker.io/library/node",
|
||||||
|
"matchDepNames": [
|
||||||
|
"docker.io/library/node",
|
||||||
|
"library/node"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"addLabels": [
|
||||||
|
"renovate/automerge",
|
||||||
|
"renovate/container"
|
||||||
|
],
|
||||||
|
"automerge": true,
|
||||||
|
"excludePackagePatterns": [
|
||||||
|
"gomods/athens"
|
||||||
|
],
|
||||||
|
"matchDatasources": [
|
||||||
|
"docker"
|
||||||
|
],
|
||||||
|
"matchUpdateTypes": [
|
||||||
|
"minor",
|
||||||
|
"patch"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"addLabels": [
|
||||||
|
"renovate/automerge",
|
||||||
|
"renovate/documentation"
|
||||||
|
],
|
||||||
|
"automerge": true,
|
||||||
|
"matchDepNames": [
|
||||||
|
"volker.raschek/athens-proxy-charts"
|
||||||
|
],
|
||||||
|
"matchUpdateTypes": [
|
||||||
|
"major",
|
||||||
|
"minor",
|
||||||
|
"patch"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
25
templates/_certificate.tpl
Normal file
25
templates/_certificate.tpl
Normal file
@@ -0,0 +1,25 @@
|
|||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
|
|
||||||
|
{{/* annotations */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.certificates.server.annotations" -}}
|
||||||
|
{{ include "athens-proxy.annotations" . }}
|
||||||
|
{{- if .Values.certificate.new.annotations }}
|
||||||
|
{{ toYaml .Values.certificate.new.annotations }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* labels */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.certificates.server.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{- if .Values.certificate.new.labels }}
|
||||||
|
{{ toYaml .Values.certificate.new.labels }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* names */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.certificates.server.name" -}}
|
||||||
|
{{ include "athens-proxy.fullname" . }}-tls
|
||||||
|
{{- end -}}
|
@@ -1,3 +1,4 @@
|
|||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
{{/*
|
{{/*
|
||||||
Expand the name of the chart.
|
Expand the name of the chart.
|
||||||
*/}}
|
*/}}
|
||||||
@@ -30,20 +31,26 @@ Create chart name and version as used by the chart label.
|
|||||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Common annotations
|
||||||
|
*/}}
|
||||||
|
{{- define "athens-proxy.annotations" -}}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
{{/*
|
{{/*
|
||||||
Common labels
|
Common labels
|
||||||
*/}}
|
*/}}
|
||||||
{{- define "athens-proxy.labels" -}}
|
{{- define "athens-proxy.labels" -}}
|
||||||
helm.sh/chart: {{ include "athens-proxy.chart" . }}
|
|
||||||
{{ include "athens-proxy.selectorLabels" . }}
|
{{ include "athens-proxy.selectorLabels" . }}
|
||||||
{{- if .Chart.AppVersion }}
|
{{- if .Chart.AppVersion }}
|
||||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
helm.sh/chart: {{ include "athens-proxy.chart" . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{/*
|
{{/*
|
||||||
Selector labels
|
Common selector labels
|
||||||
*/}}
|
*/}}
|
||||||
{{- define "athens-proxy.selectorLabels" -}}
|
{{- define "athens-proxy.selectorLabels" -}}
|
||||||
app.kubernetes.io/name: {{ include "athens-proxy.name" . }}
|
app.kubernetes.io/name: {{ include "athens-proxy.name" . }}
|
43
templates/_configMap.tpl
Normal file
43
templates/_configMap.tpl
Normal file
@@ -0,0 +1,43 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
{{/* annotations */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.configMap.downloadMode.annotations" -}}
|
||||||
|
{{ include "athens-proxy.annotations" . }}
|
||||||
|
{{- if .Values.config.downloadMode.configMap.annotations }}
|
||||||
|
{{ toYaml .Values.config.downloadMode.configMap.annotations }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.configMap.gitConfig.annotations" -}}
|
||||||
|
{{ include "athens-proxy.annotations" . }}
|
||||||
|
{{- if .Values.config.gitConfig.configMap.annotations }}
|
||||||
|
{{ toYaml .Values.config.gitConfig.configMap.annotations }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* labels */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.configMap.downloadMode.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{- if .Values.config.downloadMode.configMap.labels }}
|
||||||
|
{{ toYaml .Values.config.downloadMode.configMap.labels }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.configMap.gitConfig.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{- if .Values.config.gitConfig.configMap.labels }}
|
||||||
|
{{ toYaml .Values.config.gitConfig.configMap.labels }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* name */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.configMap.downloadMode.name" -}}
|
||||||
|
{{ include "athens-proxy.fullname" . }}-download-mode-file
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.configMap.gitConfig.name" -}}
|
||||||
|
{{ include "athens-proxy.fullname" . }}-gitconfig
|
||||||
|
{{- end }}
|
279
templates/_deployment.tpl
Normal file
279
templates/_deployment.tpl
Normal file
@@ -0,0 +1,279 @@
|
|||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
|
|
||||||
|
{{/* annotations */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.deployment.annotations" -}}
|
||||||
|
{{ include "athens-proxy.annotations" . }}
|
||||||
|
{{- if .Values.deployment.annotations }}
|
||||||
|
{{ toYaml .Values.deployment.annotations }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* env */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.deployment.env" -}}
|
||||||
|
{{- $env := .Values.deployment.athensProxy.env | default (list) }}
|
||||||
|
|
||||||
|
{{- if and .Values.persistence.enabled }}
|
||||||
|
{{- $env = concat $env (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.config.downloadMode.enabled }}
|
||||||
|
{{- $env = concat $env (list (dict "name" "ATHENS_DOWNLOAD_MODE" "value" "file:/etc/athens/config/download-mode.d/download-mode")) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }}
|
||||||
|
{{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.certificate.enabled }}
|
||||||
|
{{- $env = concat $env (list
|
||||||
|
(dict "name" "ATHENS_TLSCERT_FILE" "value" "/etc/athens-proxy/tls/tls.crt")
|
||||||
|
(dict "name" "ATHENS_TLSKEY_FILE" "value" "/etc/athens-proxy/tls/tls.key")
|
||||||
|
) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{ toYaml (dict "env" $env) }}
|
||||||
|
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
|
||||||
|
{{/* envFrom */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.deployment.envFrom" -}}
|
||||||
|
{{- $envFrom := .Values.deployment.athensProxy.envFrom | default (list) }}
|
||||||
|
|
||||||
|
{{- if .Values.config.env.enabled }}
|
||||||
|
{{- $secretName := include "athens-proxy.secrets.env.name" $ }}
|
||||||
|
{{- if and .Values.config.env.existingSecret.enabled (gt (len .Values.config.env.existingSecret.secretName) 0)}}
|
||||||
|
{{- $secretName = .Values.config.env.existingSecret.secretName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $envFrom = concat $envFrom (list (dict "secretRef" (dict "name" $secretName))) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{ toYaml (dict "envFrom" $envFrom) }}
|
||||||
|
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/* image */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.deployment.images.athens-proxy.fqin" -}}
|
||||||
|
{{- $registry := .Values.deployment.athensProxy.image.registry -}}
|
||||||
|
{{- $repository := .Values.deployment.athensProxy.image.repository -}}
|
||||||
|
{{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}}
|
||||||
|
{{- printf "%s/%s:%s" $registry $repository $tag -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/* labels */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.deployment.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{- if .Values.deployment.labels }}
|
||||||
|
{{ toYaml .Values.deployment.labels }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* serviceAccount */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.deployment.serviceAccount" -}}
|
||||||
|
{{- if .Values.serviceAccount.existing.enabled -}}
|
||||||
|
{{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- include "athens-proxy.fullname" . -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* volumeMounts */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.deployment.volumeMounts" -}}
|
||||||
|
{{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }}
|
||||||
|
|
||||||
|
{{- if .Values.persistence.enabled }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* volumes (download mode) */}}
|
||||||
|
{{- if .Values.config.downloadMode.enabled }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "download-mode" "mountPath" "/etc/athens/config/download-mode.d" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* volumeMount (git config) */}}
|
||||||
|
{{- if .Values.config.gitConfig.enabled }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.gitconfig" "subPath" ".gitconfig" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* volumeMount (netrc) */}}
|
||||||
|
{{- if .Values.config.netrc.enabled }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.netrc" "subPath" ".netrc" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* volumeMount (ssh) */}}
|
||||||
|
{{- if and .Values.config.ssh.enabled }}
|
||||||
|
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.config) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.configKey) 0)) }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/config" "subPath" "config" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0)) }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519" "subPath" "id_ed25519" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0)) }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519.pub" "subPath" "id_ed25519.pub" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0)) }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa" "subPath" "id_rsa" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0)) }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa.pub" "subPath" "id_rsa.pub" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
{{/* volumeMounts (tls) */}}
|
||||||
|
{{- if .Values.certificate.enabled }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "tls" "mountPath" "/etc/athens-proxy/tls" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{ toYaml (dict "volumeMounts" $volumeMounts) }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/* volumes */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.deployment.volumes" -}}
|
||||||
|
{{- $volumes := .Values.deployment.volumes | default (list) }}
|
||||||
|
|
||||||
|
|
||||||
|
{{/* volumes (data) */}}
|
||||||
|
{{- if .Values.persistence.enabled }}
|
||||||
|
{{- $claimName := include "athens-proxy.persistentVolumeClaim.data.name" $ }}
|
||||||
|
{{- if .Values.persistence.data.existingPersistentVolumeClaim.enabled }}
|
||||||
|
{{- $claimName = .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $claimName))) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
{{/* volumes (download mode) */}}
|
||||||
|
{{- if .Values.config.downloadMode.enabled }}
|
||||||
|
{{- $itemList := list (dict "key" "downloadMode" "path" "download-mode" "mode" 0644) }}
|
||||||
|
{{- $configMapName := include "athens-proxy.configMap.downloadMode.name" $ }}
|
||||||
|
{{- if and .Values.config.downloadMode.existingConfigMap.enabled (gt (len .Values.config.downloadMode.existingConfigMap.configMapName) 0) }}
|
||||||
|
{{- $itemList = list (dict "key" .Values.config.downloadMode.existingConfigMap.downloadModeKey "path" "download-mode" "mode" 0644) }}
|
||||||
|
{{- $configMapName = .Values.config.downloadMode.existingConfigMap.configMapName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $volumes = concat $volumes (list (dict "name" "download-mode" "configMap" (dict "name" $configMapName "items" $itemList))) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
{{/* volumes (git config) */}}
|
||||||
|
{{- $projectedSecretSources := list -}}
|
||||||
|
|
||||||
|
{{- if .Values.config.gitConfig.enabled }}
|
||||||
|
{{- $itemList := list (dict "key" ".gitconfig" "path" ".gitconfig" "mode" 0644) }}
|
||||||
|
{{- $configMapName := include "athens-proxy.configMap.gitConfig.name" . }}
|
||||||
|
{{- if .Values.config.gitConfig.existingConfigMap.enabled }}
|
||||||
|
{{- $itemList = list (dict "key" .Values.config.gitConfig.existingConfigMap.gitConfigKey "path" ".gitconfig" "mode" 0644) }}
|
||||||
|
{{- $configMapName = .Values.config.gitConfig.existingConfigMap.configMapName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "configMap" (dict "name" $configMapName "items" $itemList))) }}
|
||||||
|
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* volumes (netrc) */}}
|
||||||
|
|
||||||
|
{{- if .Values.config.netrc.enabled }}
|
||||||
|
{{- $itemList := list (dict "key" ".netrc" "path" ".netrc" "mode" 0600) }}
|
||||||
|
{{- $secretName := include "athens-proxy.secrets.netrc.name" . }}
|
||||||
|
{{- if .Values.config.netrc.existingSecret.enabled }}
|
||||||
|
{{- $itemList = list (dict "key" .Values.config.netrc.existingSecret.netrcKey "path" ".netrc" "mode" 0600) }}
|
||||||
|
{{- $secretName = .Values.config.netrc.existingSecret.secretName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
|
||||||
|
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* volumes (ssh) */}}
|
||||||
|
{{- if .Values.config.ssh.enabled }}
|
||||||
|
|
||||||
|
{{- $itemList := list -}}
|
||||||
|
{{- $secretName := include "athens-proxy.secrets.ssh.name" . }}
|
||||||
|
|
||||||
|
{{- if and .Values.config.ssh.existingSecret.enabled .Values.config.ssh.existingSecret.secretName }}
|
||||||
|
{{- $secretName = .Values.config.ssh.existingSecret.secretName }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.existingSecret.configKey) 0 }}
|
||||||
|
{{- $configItem := dict "key" .Values.config.ssh.existingSecret.configKey "path" "config" "mode" 0600 }}
|
||||||
|
{{- $itemList = concat $itemList (list $configItem) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0 }}
|
||||||
|
{{- $idED25519Item := dict "key" .Values.config.ssh.existingSecret.id_ed25519Key "path" "id_ed25519" "mode" 0600 }}
|
||||||
|
{{- $itemList = concat $itemList (list $idED25519Item) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0 }}
|
||||||
|
{{- $idED25519PubItem := dict "key" .Values.config.ssh.existingSecret.id_ed25519PubKey "path" "id_ed25519.pub" "mode" 0644 }}
|
||||||
|
{{- $itemList = concat $itemList (list $idED25519PubItem) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0 }}
|
||||||
|
{{- $idRSAItem := dict "key" .Values.config.ssh.existingSecret.id_rsaKey "path" "id_rsa" "mode" 0600 }}
|
||||||
|
{{- $itemList = concat $itemList (list $idRSAItem) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0 }}
|
||||||
|
{{- $idRSAPubItem := dict "key" .Values.config.ssh.existingSecret.id_rsaPubKey "path" "id_rsa.pub" "mode" 0644 }}
|
||||||
|
{{- $itemList = concat $itemList (list $idRSAPubItem) }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if not .Values.config.ssh.existingSecret.enabled }}
|
||||||
|
{{- if gt (len .Values.config.ssh.secret.config) 0 }}
|
||||||
|
{{- $configItem := dict "key" "config" "path" "config" "mode" 0600 }}
|
||||||
|
{{- $itemList = concat $itemList (list $configItem) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.secret.id_ed25519) 0 }}
|
||||||
|
{{- $idED25519Item := dict "key" "id_ed25519" "path" "id_ed25519" "mode" 0600 }}
|
||||||
|
{{- $itemList = concat $itemList (list $idED25519Item) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.secret.id_ed25519_pub) 0 }}
|
||||||
|
{{- $idED25519PubItem := dict "key" "id_ed25519.pub" "path" "id_ed25519.pub" "mode" 0644 }}
|
||||||
|
{{- $itemList = concat $itemList (list $idED25519PubItem) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.secret.id_rsa) 0 }}
|
||||||
|
{{- $idRSAItem := dict "key" "id_rsa" "path" "id_rsa" "mode" 0600 }}
|
||||||
|
{{- $itemList = concat $itemList (list $idRSAItem) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.secret.id_rsa_pub) 0 }}
|
||||||
|
{{- $idRSAPubItem := dict "key" "id_rsa.pub" "path" "id_rsa.pub" "mode" 0644 }}
|
||||||
|
{{- $itemList = concat $itemList (list $idRSAPubItem) }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len $projectedSecretSources) 0 }}
|
||||||
|
{{- $projectedSecretVolume := dict "name" "secrets" "projected" (dict "sources" $projectedSecretSources) }}
|
||||||
|
{{- $volumes = concat $volumes (list $projectedSecretVolume) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* volumes (tls) */}}
|
||||||
|
{{- if .Values.certificate.enabled }}
|
||||||
|
{{- $secretName := include "athens-proxy.certificates.server.name" $ }}
|
||||||
|
{{- if .Values.certificate.existingSecret.enabled }}
|
||||||
|
{{- $secretName := .Values.certificate.existingSecret.secretName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $volumes = concat $volumes (list (dict "name" "tls" "secret" (dict "secretName" $secretName))) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
{{ toYaml (dict "volumes" $volumes) }}
|
||||||
|
{{- end -}}
|
19
templates/_hpa.tpl
Normal file
19
templates/_hpa.tpl
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
{{/* annotations */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.hpa.annotations" -}}
|
||||||
|
{{ include "athens-proxy.annotations" . }}
|
||||||
|
{{- if .Values.hpa.annotations }}
|
||||||
|
{{ toYaml .Values.hpa.annotations }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* labels */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.hpa.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{- if .Values.hpa.labels }}
|
||||||
|
{{ toYaml .Values.hpa.labels }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
19
templates/_ingress.tpl
Normal file
19
templates/_ingress.tpl
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
|
|
||||||
|
{{/* annotations */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.ingress.annotations" -}}
|
||||||
|
{{ include "athens-proxy.annotations" . }}
|
||||||
|
{{- if .Values.ingress.annotations }}
|
||||||
|
{{ toYaml .Values.ingress.annotations }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* labels */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.ingress.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{- if .Values.ingress.labels }}
|
||||||
|
{{ toYaml .Values.ingress.labels }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
19
templates/_networkPolicy.tpl
Normal file
19
templates/_networkPolicy.tpl
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
|
|
||||||
|
{{/* annotations */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.networkPolicy.annotations" -}}
|
||||||
|
{{ include "athens-proxy.annotations" . }}
|
||||||
|
{{- if .Values.networkPolicy.annotations }}
|
||||||
|
{{ toYaml .Values.networkPolicy.annotations }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* labels */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.networkPolicy.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{- if .Values.networkPolicy.labels }}
|
||||||
|
{{ toYaml .Values.networkPolicy.labels }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
25
templates/_persistentVolumeClaim.tpl
Normal file
25
templates/_persistentVolumeClaim.tpl
Normal file
@@ -0,0 +1,25 @@
|
|||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
|
|
||||||
|
{{/* annotations */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.persistentVolumeClaim.data.annotations" -}}
|
||||||
|
{{ include "athens-proxy.annotations" . }}
|
||||||
|
{{- if .Values.persistence.data.persistentVolumeClaim.annotations }}
|
||||||
|
{{ toYaml .Values.persistence.data.persistentVolumeClaim.annotations}}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* labels */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.persistentVolumeClaim.data.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{- if .Values.persistence.data.persistentVolumeClaim.labels }}
|
||||||
|
{{ toYaml .Values.persistence.data.persistentVolumeClaim.labels}}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* name */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.persistentVolumeClaim.data.name" -}}
|
||||||
|
{{ include "athens-proxy.fullname" . }}-data
|
||||||
|
{{- end }}
|
34
templates/_pod.tpl
Normal file
34
templates/_pod.tpl
Normal file
@@ -0,0 +1,34 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
{{/* annotations */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.pod.annotations" }}
|
||||||
|
{{- include "athens-proxy.annotations" . }}
|
||||||
|
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
|
||||||
|
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
|
||||||
|
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
|
||||||
|
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
|
||||||
|
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
|
||||||
|
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
{{/* labels */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.pod.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.pod.selectorLabels" -}}
|
||||||
|
{{ include "athens-proxy.selectorLabels" . }}
|
||||||
|
{{- end }}
|
61
templates/_secrets.tpl
Normal file
61
templates/_secrets.tpl
Normal file
@@ -0,0 +1,61 @@
|
|||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
|
|
||||||
|
{{/* annotations */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.secrets.env.annotations" -}}
|
||||||
|
{{ include "athens-proxy.annotations" . }}
|
||||||
|
{{- if .Values.config.env.secret.annotations }}
|
||||||
|
{{ toYaml .Values.config.env.secret.annotations }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.secrets.netrc.annotations" -}}
|
||||||
|
{{ include "athens-proxy.annotations" . }}
|
||||||
|
{{- if .Values.config.netrc.secret.annotations }}
|
||||||
|
{{ toYaml .Values.config.netrc.secret.annotations }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.secrets.ssh.annotations" -}}
|
||||||
|
{{ include "athens-proxy.annotations" . }}
|
||||||
|
{{- if .Values.config.ssh.secret.annotations }}
|
||||||
|
{{ toYaml .Values.config.ssh.secret.annotations }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* labels */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.secrets.env.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{- if .Values.config.env.secret.labels }}
|
||||||
|
{{ toYaml .Values.config.env.secret.labels }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.secrets.netrc.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{- if .Values.config.netrc.secret.labels }}
|
||||||
|
{{ toYaml .Values.config.netrc.secret.labels }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.secrets.ssh.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{- if .Values.config.ssh.secret.labels }}
|
||||||
|
{{ toYaml .Values.config.ssh.secret.labels }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* name */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.secrets.env.name" -}}
|
||||||
|
{{ include "athens-proxy.fullname" . }}-env
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.secrets.netrc.name" -}}
|
||||||
|
{{ include "athens-proxy.fullname" . }}-netrc
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.secrets.ssh.name" -}}
|
||||||
|
{{ include "athens-proxy.fullname" . }}-ssh
|
||||||
|
{{- end }}
|
17
templates/_serviceAccount.tpl
Normal file
17
templates/_serviceAccount.tpl
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
|
|
||||||
|
{{/* annotations */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.serviceAccount.annotations" -}}
|
||||||
|
{{- if .Values.serviceAccount.new.annotations }}
|
||||||
|
{{ toYaml .Values.serviceAccount.new.annotations }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* labels */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.serviceAccount.labels" -}}
|
||||||
|
{{- if .Values.serviceAccount.new.labels }}
|
||||||
|
{{ toYaml .Values.serviceAccount.new.labels }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
29
templates/_services.tpl
Normal file
29
templates/_services.tpl
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
|
|
||||||
|
{{/* annotations */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.services.http.annotations" -}}
|
||||||
|
{{ include "athens-proxy.annotations" . }}
|
||||||
|
{{- if .Values.services.http.annotations }}
|
||||||
|
{{ toYaml .Values.services.http.annotations }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* labels */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.services.http.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}}
|
||||||
|
app.kubernetes.io/service-name: http
|
||||||
|
{{- if .Values.services.http.labels }}
|
||||||
|
{{ toYaml .Values.services.http.labels }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* names */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.services.http.name" -}}
|
||||||
|
{{- if .Values.services.http.enabled -}}
|
||||||
|
{{ include "athens-proxy.fullname" . }}-http
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
97
templates/certificate.yaml
Normal file
97
templates/certificate.yaml
Normal file
@@ -0,0 +1,97 @@
|
|||||||
|
{{- if and .Values.certificate.enabled (not .Values.certificate.existingSecret.enabled) -}}
|
||||||
|
---
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
{{- with (include "athens-proxy.certificates.server.annotations" . | fromYaml) }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with (include "athens-proxy.certificates.server.labels" . | fromYaml) }}
|
||||||
|
labels:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ include "athens-proxy.certificates.server.name" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
spec:
|
||||||
|
commonName: {{ include "athens-proxy.fullname" . }}
|
||||||
|
{{- if empty .Values.certificate.new.dnsNames }}
|
||||||
|
dnsNames:
|
||||||
|
- {{ include "athens-proxy.fullname" . }}
|
||||||
|
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}
|
||||||
|
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc
|
||||||
|
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
|
||||||
|
{{- else }}
|
||||||
|
dnsNames:
|
||||||
|
{{- range .Values.certificate.new.dnsNames }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
duration: {{ .Values.certificate.new.duration }}
|
||||||
|
{{- if not (empty .Values.certificate.new.ipAddresses) }}
|
||||||
|
ipAddresses:
|
||||||
|
{{- range .Values.certificate.new.ipAddresses }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
isCA: false
|
||||||
|
issuerRef:
|
||||||
|
kind: {{ required "No certificate issuer kind defined!" .Values.certificate.new.issuerRef.kind }}
|
||||||
|
name: {{ required "No certificate issuer name defined!" .Values.certificate.new.issuerRef.name }}
|
||||||
|
privateKey:
|
||||||
|
algorithm: {{ .Values.certificate.new.privateKey.algorithm }}
|
||||||
|
rotationPolicy: {{ .Values.certificate.new.privateKey.rotationPolicy }}
|
||||||
|
size: {{ .Values.certificate.new.privateKey.size }}
|
||||||
|
renewBefore: {{ .Values.certificate.new.renewBefore }}
|
||||||
|
secretName: {{ include "athens-proxy.certificates.server.name" . }}
|
||||||
|
{{- with .Values.certificate.new.secretTemplate }}
|
||||||
|
secretTemplate:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if or .Values.certificate.new.subject.countries
|
||||||
|
.Values.certificate.new.subject.localities
|
||||||
|
.Values.certificate.new.subject.organizationalUnits
|
||||||
|
.Values.certificate.new.subject.organizations
|
||||||
|
.Values.certificate.new.subject.postalCodes
|
||||||
|
.Values.certificate.new.subject.provinces
|
||||||
|
.Values.certificate.new.subject.serialNumber
|
||||||
|
.Values.certificate.new.subject.streetAddresses
|
||||||
|
}}
|
||||||
|
subject:
|
||||||
|
{{- with .Values.certificate.new.subject.countries }}
|
||||||
|
countries:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.certificate.new.subject.localities }}
|
||||||
|
localities:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.certificate.new.subject.organizationalUnits }}
|
||||||
|
organizationalUnits:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.certificate.new.subject.organizations }}
|
||||||
|
organizations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.certificate.new.subject.postalCodes }}
|
||||||
|
postalCodes:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.certificate.new.subject.provinces }}
|
||||||
|
provinces:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.certificate.new.subject.serialNumber }}
|
||||||
|
serialNumber: {{ .Values.certificate.new.subject.serialNumber }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.certificate.new.subject.streetAddresses }}
|
||||||
|
streetAddresses:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
usages:
|
||||||
|
{{- range .Values.certificate.new.usages }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
19
templates/configMapDownloadMode.yaml
Normal file
19
templates/configMapDownloadMode.yaml
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
{{- with (include "athens-proxy.configMap.downloadMode.annotations" . | fromYaml) }}
|
||||||
|
annotations:
|
||||||
|
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with (include "athens-proxy.configMap.downloadMode.labels" . | fromYaml) }}
|
||||||
|
labels:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ include "athens-proxy.configMap.downloadMode.name" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
data:
|
||||||
|
downloadMode: |
|
||||||
|
{{- tpl .Values.config.downloadMode.configMap.content . | nindent 4 }}
|
||||||
|
{{- end }}
|
19
templates/configMapGitConfig.yaml
Normal file
19
templates/configMapGitConfig.yaml
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
{{- with (include "athens-proxy.configMap.gitConfig.annotations" . | fromYaml) }}
|
||||||
|
annotations:
|
||||||
|
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with (include "athens-proxy.configMap.gitConfig.labels" . | fromYaml) }}
|
||||||
|
labels:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ include "athens-proxy.configMap.gitConfig.name" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
data:
|
||||||
|
.gitconfig: |
|
||||||
|
{{- tpl .Values.config.gitConfig.configMap.content . | nindent 4 }}
|
||||||
|
{{- end }}
|
@@ -1,74 +1,143 @@
|
|||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "athens-proxy.fullname" . }}
|
{{- with (include "athens-proxy.deployment.annotations" . | fromYaml) }}
|
||||||
|
annotations:
|
||||||
|
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with (include "athens-proxy.deployment.labels" . | fromYaml) }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "athens-proxy.labels" . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ include "athens-proxy.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
spec:
|
spec:
|
||||||
|
replicas: {{ .Values.deployment.replicas }}
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
{{- include "athens-proxy.selectorLabels" . | nindent 6 }}
|
{{- include "athens-proxy.pod.selectorLabels" . | nindent 6 }}
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
{{- with .Values.podAnnotations }}
|
|
||||||
annotations:
|
annotations:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- include "athens-proxy.pod.annotations" . | nindent 8 }}
|
||||||
{{- end }}
|
|
||||||
labels:
|
labels:
|
||||||
{{- include "athens-proxy.selectorLabels" . | nindent 8 }}
|
{{- include "athens-proxy.pod.labels" . | nindent 8 }}
|
||||||
spec:
|
spec:
|
||||||
containers:
|
{{- with .Values.deployment.affinity }}
|
||||||
- name: {{ .Chart.Name }}
|
|
||||||
envFrom:
|
|
||||||
- secretRef:
|
|
||||||
name: {{ include "athens-proxy.fullname" . }}
|
|
||||||
securityContext:
|
|
||||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
|
||||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
|
||||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
scheme: HTTP
|
|
||||||
path: /healthz
|
|
||||||
port: http
|
|
||||||
ports:
|
|
||||||
- name: http
|
|
||||||
containerPort: {{ .Values.config.ATHENS_PORT | default 3000 }}
|
|
||||||
protocol: TCP
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
scheme: HTTP
|
|
||||||
path: /healthz
|
|
||||||
port: http
|
|
||||||
resources:
|
|
||||||
{{- toYaml .Values.resources | nindent 12 }}
|
|
||||||
{{- with .Values.extraVolumeMounts }}
|
|
||||||
volumeMounts:
|
|
||||||
{{- toYaml . | nindent 10 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.affinity }}
|
|
||||||
affinity:
|
affinity:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.imagePullSecrets }}
|
containers:
|
||||||
|
- name: athens-proxy
|
||||||
|
{{- with .Values.deployment.athensProxy.args }}
|
||||||
|
args:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.deployment.athensProxy.command }}
|
||||||
|
command:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $env := (include "athens-proxy.deployment.env" . | fromYaml) }}
|
||||||
|
{{- if and (hasKey $env "env") (gt (len $env.env) 0) }}
|
||||||
|
env:
|
||||||
|
{{- toYaml $env.env | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $envFrom := (include "athens-proxy.deployment.envFrom" . | fromYaml) }}
|
||||||
|
{{- if and (hasKey $envFrom "envFrom") (gt (len $envFrom.envFrom) 0) }}
|
||||||
|
envFrom:
|
||||||
|
{{- toYaml $envFrom.envFrom | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }}
|
||||||
|
imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }}
|
||||||
|
livenessProbe:
|
||||||
|
exec:
|
||||||
|
{{- if not .Values.certificate.enabled }}
|
||||||
|
command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ]
|
||||||
|
{{- else }}
|
||||||
|
command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ]
|
||||||
|
{{- end }}
|
||||||
|
failureThreshold: 3
|
||||||
|
initialDelaySeconds: 5
|
||||||
|
periodSeconds: 60
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 3
|
||||||
|
readinessProbe:
|
||||||
|
exec:
|
||||||
|
{{- if not .Values.certificate.enabled }}
|
||||||
|
command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ]
|
||||||
|
{{- else }}
|
||||||
|
command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ]
|
||||||
|
{{- end }}
|
||||||
|
failureThreshold: 3
|
||||||
|
initialDelaySeconds: 5
|
||||||
|
periodSeconds: 15
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 3
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 3000
|
||||||
|
protocol: TCP
|
||||||
|
{{- with .Values.deployment.athensProxy.resources }}
|
||||||
|
resources:
|
||||||
|
{{- toYaml . | nindent 10 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.deployment.athensProxy.securityContext }}
|
||||||
|
securityContext:
|
||||||
|
{{- toYaml . | nindent 10 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $volumeMounts := (include "athens-proxy.deployment.volumeMounts" . | fromYaml) }}
|
||||||
|
{{- if and (hasKey $volumeMounts "volumeMounts") (gt (len $volumeMounts.volumeMounts) 0) }}
|
||||||
|
volumeMounts:
|
||||||
|
{{- toYaml $volumeMounts.volumeMounts | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.deployment.dnsConfig }}
|
||||||
|
dnsConfig:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.deployment.dnsPolicy }}
|
||||||
|
dnsPolicy: {{ .Values.deployment.dnsPolicy }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.deployment.hostname }}
|
||||||
|
hostname: {{ .Values.deployment.hostname }}
|
||||||
|
{{- end }}
|
||||||
|
hostNetwork: {{ .Values.deployment.hostNetwork }}
|
||||||
|
{{- with .Values.deployment.imagePullSecrets }}
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.nodeSelector }}
|
{{- with .Values.deployment.nodeSelector }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.podPriorityClassName }}
|
{{- if .Values.deployment.priorityClassName }}
|
||||||
priorityClassName: {{ .Values.podPriorityClassName }}
|
priorityClassName: {{ .Values.deployment.priorityClassName }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.deployment.restartPolicy }}
|
||||||
|
restartPolicy: {{ .Values.deployment.restartPolicy }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.deployment.securityContext }}
|
||||||
securityContext:
|
securityContext:
|
||||||
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
serviceAccountName: {{ include "athens-proxy.fullname" . }}
|
{{- end }}
|
||||||
{{- with .Values.tolerations }}
|
serviceAccount: {{ include "athens-proxy.deployment.serviceAccount" . }}
|
||||||
|
{{- if .Values.deployment.subdomain }}
|
||||||
|
subdomain: {{ .Values.deployment.subdomain }}
|
||||||
|
{{- end }}
|
||||||
|
terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }}
|
||||||
|
{{- with .Values.deployment.tolerations }}
|
||||||
tolerations:
|
tolerations:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 6 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.extraVolumes }}
|
{{- with .Values.deployment.topologySpreadConstraints }}
|
||||||
|
topologySpreadConstraints:
|
||||||
|
{{- toYaml . | nindent 6 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $volumes := (include "athens-proxy.deployment.volumes" . | fromYaml) }}
|
||||||
|
{{- if and (hasKey $volumes "volumes") (gt (len $volumes.volumes) 0) }}
|
||||||
volumes:
|
volumes:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml $volumes.volumes | nindent 6 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.deployment.strategy }}
|
||||||
|
strategy:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
25
templates/hpa.yaml
Normal file
25
templates/hpa.yaml
Normal file
@@ -0,0 +1,25 @@
|
|||||||
|
{{- if .Values.hpa.enabled -}}
|
||||||
|
---
|
||||||
|
apiVersion: autoscaling/v2
|
||||||
|
kind: HorizontalPodAutoscaler
|
||||||
|
metadata:
|
||||||
|
{{- with (include "athens-proxy.hpa.annotations" . | fromYaml) }}
|
||||||
|
annotations:
|
||||||
|
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with (include "athens-proxy.hpa.labels" . | fromYaml) }}
|
||||||
|
labels:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ include "athens-proxy.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
spec:
|
||||||
|
metrics:
|
||||||
|
{{- toYaml .Values.hpa.metrics | nindent 2 }}
|
||||||
|
maxReplicas: {{ .Values.hpa.maxReplicas }}
|
||||||
|
minReplicas: {{ .Values.hpa.minReplicas }}
|
||||||
|
scaleTargetRef:
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
name: {{ include "athens-proxy.fullname" . }}
|
||||||
|
{{- end -}}
|
@@ -1,61 +1,45 @@
|
|||||||
{{- if .Values.ingress.enabled -}}
|
{{- if and .Values.services.http.enabled .Values.ingress.enabled }}
|
||||||
{{- $fullName := include "athens-proxy.fullname" . -}}
|
---
|
||||||
{{- $svcPort := .Values.service.port -}}
|
|
||||||
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
|
|
||||||
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
|
|
||||||
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
|
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
|
||||||
apiVersion: networking.k8s.io/v1beta1
|
|
||||||
{{- else -}}
|
|
||||||
apiVersion: extensions/v1beta1
|
|
||||||
{{- end }}
|
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ $fullName }}
|
{{- with (include "athens-proxy.ingress.annotations" . | fromYaml) }}
|
||||||
labels:
|
|
||||||
{{- include "athens-proxy.labels" . | nindent 4 }}
|
|
||||||
{{- with .Values.ingress.annotations }}
|
|
||||||
annotations:
|
annotations:
|
||||||
|
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with (include "athens-proxy.ingress.labels" . | fromYaml) }}
|
||||||
|
labels:
|
||||||
{{- toYaml . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
name: {{ include "athens-proxy.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
spec:
|
spec:
|
||||||
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
|
|
||||||
ingressClassName: {{ .Values.ingress.className }}
|
ingressClassName: {{ .Values.ingress.className }}
|
||||||
|
rules:
|
||||||
|
{{- range .Values.ingress.hosts }}
|
||||||
|
- host: {{ tpl .host $ | quote }}
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
{{- range .paths }}
|
||||||
|
- path: {{ .path }}
|
||||||
|
{{- if .pathType }}
|
||||||
|
pathType: {{ .pathType }}
|
||||||
|
{{- end }}
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: {{ include "athens-proxy.services.http.name" $ }}
|
||||||
|
port:
|
||||||
|
number: {{ $.Values.services.http.port }}
|
||||||
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.ingress.tls }}
|
{{- if .Values.ingress.tls }}
|
||||||
tls:
|
tls:
|
||||||
{{- range .Values.ingress.tls }}
|
{{- range .Values.ingress.tls }}
|
||||||
- hosts:
|
- hosts:
|
||||||
{{- range .hosts }}
|
{{- range .hosts }}
|
||||||
- {{ . | quote }}
|
- {{ tpl . $ | quote }}
|
||||||
{{- end }}
|
|
||||||
secretName: {{ .secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
rules:
|
|
||||||
{{- range .Values.ingress.hosts }}
|
|
||||||
- host: {{ .host | quote }}
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
{{- range .paths }}
|
|
||||||
- path: {{ .path }}
|
|
||||||
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
|
|
||||||
pathType: {{ .pathType }}
|
|
||||||
{{- end }}
|
|
||||||
backend:
|
|
||||||
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
|
|
||||||
service:
|
|
||||||
name: {{ $fullName }}
|
|
||||||
port:
|
|
||||||
number: {{ $svcPort }}
|
|
||||||
{{- else }}
|
|
||||||
serviceName: {{ $fullName }}
|
|
||||||
servicePort: {{ $svcPort }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
secretName: {{ .secretName | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
32
templates/networkPolicy.yaml
Normal file
32
templates/networkPolicy.yaml
Normal file
@@ -0,0 +1,32 @@
|
|||||||
|
{{- if .Values.networkPolicy.enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: NetworkPolicy
|
||||||
|
metadata:
|
||||||
|
{{- with (include "athens-proxy.networkPolicy.annotations" . | fromYaml) }}
|
||||||
|
annotations:
|
||||||
|
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with (include "athens-proxy.networkPolicy.labels" . | fromYaml) }}
|
||||||
|
labels:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ include "athens-proxy.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
spec:
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }}
|
||||||
|
{{- with .Values.networkPolicy.policyTypes }}
|
||||||
|
policyTypes:
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.networkPolicy.egress }}
|
||||||
|
egress:
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.networkPolicy.ingress }}
|
||||||
|
ingress:
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
26
templates/persistentVolumeClaim.yaml
Normal file
26
templates/persistentVolumeClaim.yaml
Normal file
@@ -0,0 +1,26 @@
|
|||||||
|
{{- if and .Values.persistence.enabled (not .Values.persistence.data.existingPersistentVolumeClaim.enabled) }}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
{{- with (include "athens-proxy.persistentVolumeClaim.data.annotations" . | fromYaml) }}
|
||||||
|
annotations:
|
||||||
|
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with (include "athens-proxy.persistentVolumeClaim.data.labels" . | fromYaml) }}
|
||||||
|
labels:
|
||||||
|
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ include "athens-proxy.persistentVolumeClaim.data.name" . }}
|
||||||
|
namespace: {{ $.Release.Namespace }}
|
||||||
|
spec:
|
||||||
|
{{- with .Values.persistence.data.persistentVolumeClaim.accessModes }}
|
||||||
|
accessModes:
|
||||||
|
{{ toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: {{ .Values.persistence.data.persistentVolumeClaim.storageSize }}
|
||||||
|
{{- if .Values.persistence.data.persistentVolumeClaim.storageClassName }}
|
||||||
|
storageClassName: {{ .Values.persistence.data.persistentVolumeClaim.storageClassName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
20
templates/secretEnv.yaml
Normal file
20
templates/secretEnv.yaml
Normal file
@@ -0,0 +1,20 @@
|
|||||||
|
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
{{- with (include "athens-proxy.secrets.env.annotations" . | fromYaml) }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with (include "athens-proxy.secrets.env.labels" . | fromYaml) }}
|
||||||
|
labels:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ include "athens-proxy.secrets.env.name" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
stringData:
|
||||||
|
{{- range $key, $value := .Values.config.env.secret.envs }}
|
||||||
|
{{ upper $key }}: {{ quote $value }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
19
templates/secretNetRC.yaml
Normal file
19
templates/secretNetRC.yaml
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
{{- with (include "athens-proxy.secrets.netrc.annotations" . | fromYaml) }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with (include "athens-proxy.secrets.netrc.labels" . | fromYaml) }}
|
||||||
|
labels:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ include "athens-proxy.secrets.netrc.name" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
stringData:
|
||||||
|
.netrc: |
|
||||||
|
{{- tpl .Values.config.netrc.secret.content . | nindent 4 }}
|
||||||
|
{{- end }}
|
35
templates/secretSSH.yaml
Normal file
35
templates/secretSSH.yaml
Normal file
@@ -0,0 +1,35 @@
|
|||||||
|
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
{{- with (include "athens-proxy.secrets.ssh.annotations" . | fromYaml) }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with (include "athens-proxy.secrets.ssh.labels" . | fromYaml) }}
|
||||||
|
labels:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ include "athens-proxy.secrets.ssh.name" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
stringData:
|
||||||
|
config: |
|
||||||
|
{{- tpl $.Values.config.ssh.secret.config $ | nindent 4 }}
|
||||||
|
{{- if .Values.config.ssh.secret.id_ed25519 }}
|
||||||
|
id_ed25519: |
|
||||||
|
{{- .Values.config.ssh.secret.id_ed25519 | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.ssh.secret.id_ed25519_pub }}
|
||||||
|
id_ed25519.pub: |
|
||||||
|
{{- .Values.config.ssh.secret.id_ed25519_pub | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.ssh.secret.id_rsa }}
|
||||||
|
id_rsa: |
|
||||||
|
{{- .Values.config.ssh.secret.id_rsa | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.ssh.secret.id_rsa_pub }}
|
||||||
|
id_rsa.pub: |
|
||||||
|
{{- .Values.config.ssh.secret.id_rsa_pub | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
@@ -1,23 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: {{ include "athens-proxy.fullname" . }}
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
|
|
||||||
{{- if not (hasKey .Values "config") -}}
|
|
||||||
{{- $_ := set .Values "config" dict -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- if not (hasKey .Values.config "ATHENS_DISK_STORAGE_ROOT") -}}
|
|
||||||
{{- $_ := set .Values.config "ATHENS_DISK_STORAGE_ROOT" "/var/lib/athens" -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- if not (hasKey .Values.config "ATHENS_STORAGE_TYPE") -}}
|
|
||||||
{{- $_ := set .Values.config "ATHENS_STORAGE_TYPE" "disk" -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/* SETUP CONFIG */}}
|
|
||||||
{{ range $key, $value := .Values.config }}
|
|
||||||
{{ upper $key}}: {{ quote $value }}
|
|
||||||
{{ end }}
|
|
@@ -1,36 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
{{- with .Values.service.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{- toYaml . | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
labels:
|
|
||||||
{{- include "athens-proxy.labels" . | nindent 4 }}
|
|
||||||
name: {{ include "athens-proxy.fullname" . }}
|
|
||||||
spec:
|
|
||||||
{{- with .Values.service.externalIPs }}
|
|
||||||
externalIPs:
|
|
||||||
{{- toYaml . | nindent 2 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.service.externalTrafficPolicy }}
|
|
||||||
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if and .Values.service.loadBalancerClass (eq .Values.service.type "LoadBalancer") }}
|
|
||||||
loadBalancerClass: {{ .Values.service.loadBalancerClass }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }}
|
|
||||||
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.service.loadBalancerSourceRanges }}
|
|
||||||
loadBalancerSourceRanges:
|
|
||||||
{{- toYaml . | nindent 2 }}
|
|
||||||
{{- end }}
|
|
||||||
type: {{ .Values.service.type }}
|
|
||||||
ports:
|
|
||||||
- port: {{ .Values.service.port }}
|
|
||||||
targetPort: {{ .Values.service.targetPort }}
|
|
||||||
protocol: TCP
|
|
||||||
name: {{ .Values.service.name }}
|
|
||||||
selector:
|
|
||||||
{{- include "athens-proxy.selectorLabels" . | nindent 4 }}
|
|
@@ -1,10 +1,25 @@
|
|||||||
|
{{- if not .Values.serviceAccount.existing.enabled }}
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
{{- with .Values.serviceAccount.annotations }}
|
{{- with (include "athens-proxy.serviceAccount.annotations" . | fromYaml) }}
|
||||||
annotations:
|
annotations:
|
||||||
{{- toYaml . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- with (include "athens-proxy.serviceAccount.labels" . | fromYaml) }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "athens-proxy.labels" . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
name: {{ include "athens-proxy.fullname" . }}
|
name: {{ include "athens-proxy.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
automountServiceAccountToken: {{ .Values.serviceAccount.new.automountServiceAccountToken }}
|
||||||
|
{{- with .Values.serviceAccount.new.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.serviceAccount.new.secrets }}
|
||||||
|
secrets:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
57
templates/serviceHTTP.yaml
Normal file
57
templates/serviceHTTP.yaml
Normal file
@@ -0,0 +1,57 @@
|
|||||||
|
{{- if .Values.services.http.enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
{{- with (include "athens-proxy.services.http.annotations" . | fromYaml) }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with (include "athens-proxy.services.http.labels" . | fromYaml) }}
|
||||||
|
labels:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ include "athens-proxy.services.http.name" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
spec:
|
||||||
|
{{- if not (empty .Values.services.http.externalIPs) }}
|
||||||
|
externalIPs:
|
||||||
|
{{- range .Values.services.http.externalIPs }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and (or (eq .Values.services.http.type "LoadBalancer") (eq .Values.services.http.type "NodePort") ) .Values.services.http.externalTrafficPolicy }}
|
||||||
|
externalTrafficPolicy: {{ .Values.services.http.externalTrafficPolicy }}
|
||||||
|
{{- end }}
|
||||||
|
internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.services.http.internalTrafficPolicy }}
|
||||||
|
{{- if .Values.services.http.ipFamilies }}
|
||||||
|
ipFamilies:
|
||||||
|
{{- range .Values.services.http.ipFamilies }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerClass }}
|
||||||
|
loadBalancerClass: {{ .Values.services.http.loadBalancerClass }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerIP }}
|
||||||
|
loadBalancerIP: {{ .Values.services.http.loadBalancerIP }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if eq .Values.services.http.type "LoadBalancer" }}
|
||||||
|
loadBalancerSourceRanges:
|
||||||
|
{{- range .Values.services.http.loadBalancerSourceRanges }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
protocol: TCP
|
||||||
|
port: {{ required "No service port defined!" .Values.services.http.port }}
|
||||||
|
selector:
|
||||||
|
{{- include "athens-proxy.pod.selectorLabels" . | nindent 4 }}
|
||||||
|
sessionAffinity: {{ required "No session affinity defined!" .Values.services.http.sessionAffinity }}
|
||||||
|
{{- with .Values.services.http.sessionAffinityConfig }}
|
||||||
|
sessionAffinityConfig:
|
||||||
|
{{- toYaml . | nindent 4}}
|
||||||
|
{{- end }}
|
||||||
|
type: {{ required "No service type defined!" .Values.services.http.type }}
|
||||||
|
{{- end }}
|
@@ -1,15 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Pod
|
|
||||||
metadata:
|
|
||||||
name: "{{ include "athens-proxy.fullname" . }}-test-connection"
|
|
||||||
labels:
|
|
||||||
{{- include "athens-proxy.labels" . | nindent 4 }}
|
|
||||||
annotations:
|
|
||||||
"helm.sh/hook": test
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: wget
|
|
||||||
image: busybox
|
|
||||||
command: ['wget']
|
|
||||||
args: ['{{ include "athens-proxy.fullname" . }}:{{ .Values.service.port }}']
|
|
||||||
restartPolicy: Never
|
|
300
unittests/certificates/certificate.yaml
Normal file
300
unittests/certificates/certificate.yaml
Normal file
@@ -0,0 +1,300 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Certificate athens-proxy template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/certificate.yaml
|
||||||
|
tests:
|
||||||
|
- it: Skip rendering by default.
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Skip rendering for existing certificate
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.existingSecret.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Throw error when issuerKind and IssuerName is not defined
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
asserts:
|
||||||
|
- failedTemplate:
|
||||||
|
errorMessage: "No certificate issuer kind defined!"
|
||||||
|
|
||||||
|
- it: Throw error when issuerKind and IssuerName is not defined
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
asserts:
|
||||||
|
- failedTemplate: {}
|
||||||
|
|
||||||
|
- it: Throw error when issuerKind not defined
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.name: "my-issuer"
|
||||||
|
asserts:
|
||||||
|
- failedTemplate:
|
||||||
|
errorMessage: "No certificate issuer kind defined!"
|
||||||
|
|
||||||
|
- it: Throw error when issuerName not defined
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: "ClusterIssuer"
|
||||||
|
asserts:
|
||||||
|
- failedTemplate:
|
||||||
|
errorMessage: "No certificate issuer name defined!"
|
||||||
|
|
||||||
|
- it: Rendering Certificate object when certificate.enabled=true (default)
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
name: athens-proxy-unittest-tls
|
||||||
|
namespace: testing
|
||||||
|
- equal:
|
||||||
|
path: spec.commonName
|
||||||
|
value: athens-proxy-unittest
|
||||||
|
- equal:
|
||||||
|
path: spec.duration
|
||||||
|
value: 744h
|
||||||
|
- equal:
|
||||||
|
path: spec.dnsNames
|
||||||
|
value: [ "athens-proxy-unittest", "athens-proxy-unittest.testing", "athens-proxy-unittest.testing.svc", "athens-proxy-unittest.testing.svc.cluster.local" ]
|
||||||
|
- notExists:
|
||||||
|
path: spec.ipAddresses
|
||||||
|
- equal:
|
||||||
|
path: spec.isCA
|
||||||
|
value: false
|
||||||
|
- equal:
|
||||||
|
path: spec.issuerRef.kind
|
||||||
|
value: ClusterIssuer
|
||||||
|
- equal:
|
||||||
|
path: spec.issuerRef.name
|
||||||
|
value: my-issuer
|
||||||
|
- equal:
|
||||||
|
path: spec.privateKey.algorithm
|
||||||
|
value: RSA
|
||||||
|
- equal:
|
||||||
|
path: spec.privateKey.size
|
||||||
|
value: 4096
|
||||||
|
- equal:
|
||||||
|
path: spec.privateKey.rotationPolicy
|
||||||
|
value: Never
|
||||||
|
- equal:
|
||||||
|
path: spec.secretName
|
||||||
|
value: athens-proxy-unittest-tls
|
||||||
|
- exists:
|
||||||
|
path: spec.secretTemplate.annotations
|
||||||
|
- exists:
|
||||||
|
path: spec.secretTemplate.labels
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject.countries
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject.localities
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject.organizationalUnits
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject.organizations
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject.postalCodes
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject.provinces
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject.serialNumber
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject.streetAddresses
|
||||||
|
- equal:
|
||||||
|
path: spec.renewBefore
|
||||||
|
value: 672h
|
||||||
|
- equal:
|
||||||
|
path: spec.usages
|
||||||
|
value: [ "client auth", "server auth" ]
|
||||||
|
|
||||||
|
# metadata.annotations
|
||||||
|
- it: Rendering Certificate object with additional annotations and labels
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.annotations:
|
||||||
|
foo: bar
|
||||||
|
certificate.new.labels:
|
||||||
|
bar: foo
|
||||||
|
asserts:
|
||||||
|
- isSubset:
|
||||||
|
path: metadata.annotations
|
||||||
|
content:
|
||||||
|
foo: bar
|
||||||
|
- isSubset:
|
||||||
|
path: metadata.labels
|
||||||
|
content:
|
||||||
|
bar: foo
|
||||||
|
|
||||||
|
# spec.duration
|
||||||
|
- it: Rendering Certificate object with custom `.Values.certificate.new.duration`.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.duration: 3000h
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.duration
|
||||||
|
value: 3000h
|
||||||
|
|
||||||
|
# spec.dnsNames
|
||||||
|
- it: Rendering Certificate object with custom `.Values.certificate.new.dnsNames`.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.dnsNames: [ "app", "app.example.local" ]
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.dnsNames
|
||||||
|
value: [ "app", "app.example.local" ]
|
||||||
|
|
||||||
|
# spec.dnsNames
|
||||||
|
- it: Rendering Certificate object with custom `.Values.clusterDomain` as domain.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
clusterDomain: k8s.example.local
|
||||||
|
asserts:
|
||||||
|
- contains:
|
||||||
|
path: spec.dnsNames
|
||||||
|
content:
|
||||||
|
athens-proxy-unittest.testing.svc.k8s.example.local
|
||||||
|
count: 1
|
||||||
|
|
||||||
|
# spec.ipAddresses
|
||||||
|
- it: RRendering Certificate object with custom `.Values.certificate.new.ipAddresses`.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.ipAddresses: [ "10.11.12.13", "fe00:xxyy:xxyy" ]
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.ipAddresses
|
||||||
|
value: [ "10.11.12.13", "fe00:xxyy:xxyy" ]
|
||||||
|
|
||||||
|
# spec.privateKey
|
||||||
|
- it: Rendering Certificate object with custom `.Values.certificate.new.privateKey` values.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.privateKey.algorithm: ED25519
|
||||||
|
certificate.new.privateKey.rotationPolicy: Never
|
||||||
|
certificate.new.privateKey.size: 512
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.privateKey.algorithm
|
||||||
|
value: ED25519
|
||||||
|
- equal:
|
||||||
|
path: spec.privateKey.rotationPolicy
|
||||||
|
value: Never
|
||||||
|
- equal:
|
||||||
|
path: spec.privateKey.size
|
||||||
|
value: 512
|
||||||
|
|
||||||
|
# spec.renewBefore
|
||||||
|
- it: Rendering Certificate object with custom `.Values.certificate.new.renewBefore`.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.renewBefore: 2000h
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.renewBefore
|
||||||
|
value: 2000h
|
||||||
|
|
||||||
|
# spec.secretTemplate
|
||||||
|
- it: Rendering Certificate object with custom `.Values.certificate.new.secretTemplate` values.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.secretTemplate:
|
||||||
|
annotations:
|
||||||
|
foo: bar
|
||||||
|
labels:
|
||||||
|
bar: foo
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.secretTemplate.annotations
|
||||||
|
value:
|
||||||
|
foo: bar
|
||||||
|
- equal:
|
||||||
|
path: spec.secretTemplate.labels
|
||||||
|
value:
|
||||||
|
bar: foo
|
||||||
|
|
||||||
|
# spec.secretTemplate
|
||||||
|
- it: Rendering Certificate object with custom `.Values.certificate.new.subject` values.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.subject.countries: [ "Country" ]
|
||||||
|
certificate.new.subject.localities: [ "City" ]
|
||||||
|
certificate.new.subject.organizationalUnits: [ "IT department" ]
|
||||||
|
certificate.new.subject.organizations: [ "My organization" ]
|
||||||
|
certificate.new.subject.postalCodes: [ "AB12345", "12345AB" ]
|
||||||
|
certificate.new.subject.provinces: [ "Provinces" ]
|
||||||
|
certificate.new.subject.serialNumber: "MyNumber"
|
||||||
|
certificate.new.subject.streetAddresses: [ "ExampleStreet 1", "StreetExample 2" ]
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.subject.countries
|
||||||
|
value: [ "Country" ]
|
||||||
|
- equal:
|
||||||
|
path: spec.subject.localities
|
||||||
|
value: [ "City" ]
|
||||||
|
- equal:
|
||||||
|
path: spec.subject.organizationalUnits
|
||||||
|
value: [ "IT department" ]
|
||||||
|
- equal:
|
||||||
|
path: spec.subject.organizations
|
||||||
|
value: [ "My organization" ]
|
||||||
|
- equal:
|
||||||
|
path: spec.subject.postalCodes
|
||||||
|
value: [ "AB12345", "12345AB" ]
|
||||||
|
- equal:
|
||||||
|
path: spec.subject.provinces
|
||||||
|
value: [ "Provinces" ]
|
||||||
|
- equal:
|
||||||
|
path: spec.subject.serialNumber
|
||||||
|
value: "MyNumber"
|
||||||
|
- equal:
|
||||||
|
path: spec.subject.streetAddresses
|
||||||
|
value: [ "ExampleStreet 1", "StreetExample 2" ]
|
||||||
|
|
||||||
|
# spec.usages
|
||||||
|
- it: Rendering Certificate object with custom `.Values.certificate.new.usages`.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.usages: [ "client auth" ]
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.usages
|
||||||
|
value: [ "client auth" ]
|
98
unittests/configMaps/downloadMode.yaml
Normal file
98
unittests/configMaps/downloadMode.yaml
Normal file
@@ -0,0 +1,98 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: ConfigMap downloadMode
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/configMapDownloadMode.yaml
|
||||||
|
tests:
|
||||||
|
- it: Skip rending by default.
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Skip rending by using existing config map.
|
||||||
|
set:
|
||||||
|
config.downloadMode.enabled: true
|
||||||
|
config.downloadMode.existingConfigMap.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Rendering with default values
|
||||||
|
set:
|
||||||
|
config.downloadMode.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
name: athens-proxy-unittest-download-mode-file
|
||||||
|
namespace: testing
|
||||||
|
- notExists:
|
||||||
|
path: metadata.annotations
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
app.kubernetes.io/version: 0.1.0
|
||||||
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
|
- equal:
|
||||||
|
path: data.downloadMode
|
||||||
|
value: |
|
||||||
|
downloadURL = "https://proxy.golang.org"
|
||||||
|
|
||||||
|
mode = "async_redirect"
|
||||||
|
|
||||||
|
# download "github.com/gomods/*" {
|
||||||
|
# mode = "sync"
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# download "golang.org/x/*" {
|
||||||
|
# mode = "none"
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# download "github.com/pkg/*" {
|
||||||
|
# mode = "redirect"
|
||||||
|
# downloadURL = "https://proxy.golang.org"
|
||||||
|
# }
|
||||||
|
|
||||||
|
- it: Rendering custom annotations and labels.
|
||||||
|
set:
|
||||||
|
config.downloadMode.enabled: true
|
||||||
|
config.downloadMode.configMap.annotations:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
config.downloadMode.configMap.labels:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: metadata.annotations
|
||||||
|
value:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
- isSubset:
|
||||||
|
path: metadata.labels
|
||||||
|
content:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
|
||||||
|
- it: Rendering custom configuration
|
||||||
|
set:
|
||||||
|
config.downloadMode.enabled: true
|
||||||
|
config.downloadMode.configMap.content: |
|
||||||
|
downloadURL = "https://proxy.golang.org"
|
||||||
|
mode = "async_redirect"
|
||||||
|
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: data.downloadMode
|
||||||
|
value: |
|
||||||
|
downloadURL = "https://proxy.golang.org"
|
||||||
|
mode = "async_redirect"
|
93
unittests/configMaps/gitConfig.yaml
Normal file
93
unittests/configMaps/gitConfig.yaml
Normal file
@@ -0,0 +1,93 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: ConfigMap gitConfig
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/configMapGitConfig.yaml
|
||||||
|
tests:
|
||||||
|
- it: Skip rending by default.
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Skip rending by using existing config map.
|
||||||
|
set:
|
||||||
|
config.gitConfig.enabled: true
|
||||||
|
config.gitConfig.existingConfigMap.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Rendering by default.
|
||||||
|
set:
|
||||||
|
config.gitConfig.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
name: athens-proxy-unittest-gitconfig
|
||||||
|
namespace: testing
|
||||||
|
- notExists:
|
||||||
|
path: metadata.annotations
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
app.kubernetes.io/version: 0.1.0
|
||||||
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
|
- equal:
|
||||||
|
path: data[".gitconfig"]
|
||||||
|
value: |
|
||||||
|
# The .gitconfig file
|
||||||
|
#
|
||||||
|
# The .gitconfig file contains the user specific git configuration. It generally resides in the user's home
|
||||||
|
# directory.
|
||||||
|
#
|
||||||
|
# [url "git@github.com:"] insteadOf = https://github.com/
|
||||||
|
|
||||||
|
- it: Rendering custom annotations and labels.
|
||||||
|
set:
|
||||||
|
config.gitConfig.enabled: true
|
||||||
|
config.gitConfig.configMap.annotations:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
config.gitConfig.configMap.labels:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: metadata.annotations
|
||||||
|
value:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
- isSubset:
|
||||||
|
path: metadata.labels
|
||||||
|
content:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
|
||||||
|
- it: Rendering custom configuration
|
||||||
|
set:
|
||||||
|
config.gitConfig.enabled: true
|
||||||
|
config.gitConfig.configMap.content: |
|
||||||
|
[url "git@github.com:"]
|
||||||
|
insteadOf = https://github.com/
|
||||||
|
|
||||||
|
[url "git@git.cryptic.systems:"]
|
||||||
|
insteadOf = https://git.cryptic.systems/
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: data[".gitconfig"]
|
||||||
|
value: |
|
||||||
|
[url "git@github.com:"]
|
||||||
|
insteadOf = https://github.com/
|
||||||
|
|
||||||
|
[url "git@git.cryptic.systems:"]
|
||||||
|
insteadOf = https://git.cryptic.systems/
|
73
unittests/deployment/certificate.yaml
Normal file
73
unittests/deployment/certificate.yaml
Normal file
@@ -0,0 +1,73 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Deployment template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/configMapDownloadMode.yaml
|
||||||
|
- templates/configMapGitConfig.yaml
|
||||||
|
- templates/deployment.yaml
|
||||||
|
- templates/secretNetRC.yaml
|
||||||
|
- templates/secretSSH.yaml
|
||||||
|
tests:
|
||||||
|
- it: Rendering default without tls config
|
||||||
|
asserts:
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_TLSCERT_FILE
|
||||||
|
value: /etc/athens-proxy/tls/tls.crt
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_TLSKEY_FILE
|
||||||
|
value: /etc/athens-proxy/tls/tls.key
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: tls
|
||||||
|
mountPath: /etc/athens-proxy/tls
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: tls
|
||||||
|
secretRef:
|
||||||
|
name: athens-proxy-unittest-tls
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering with tls config
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: MyIssuer
|
||||||
|
asserts:
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_TLSCERT_FILE
|
||||||
|
value: /etc/athens-proxy/tls/tls.crt
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_TLSKEY_FILE
|
||||||
|
value: /etc/athens-proxy/tls/tls.key
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: tls
|
||||||
|
mountPath: /etc/athens-proxy/tls
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: tls
|
||||||
|
secret:
|
||||||
|
secretName: athens-proxy-unittest-tls
|
||||||
|
template: templates/deployment.yaml
|
472
unittests/deployment/deployment.yaml
Normal file
472
unittests/deployment/deployment.yaml
Normal file
@@ -0,0 +1,472 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Deployment template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/deployment.yaml
|
||||||
|
tests:
|
||||||
|
- it: Rendering default
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: metadata.annotations
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
app.kubernetes.io/version: 0.1.0
|
||||||
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- equal:
|
||||||
|
path: spec.replicas
|
||||||
|
value: 1
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- equal:
|
||||||
|
path: spec.template.metadata.labels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
app.kubernetes.io/version: 0.1.0
|
||||||
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.affinity
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.containers[0].args
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.containers[0].command
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.containers[0].envFrom
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.containers[0].image
|
||||||
|
value: docker.io/gomods/athens:0.1.0
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.containers[0].imagePullPolicy
|
||||||
|
value: IfNotPresent
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.containers[0].resources
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.containers[0].securityContext
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.dnsConfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.dnsPolicy
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.hostname
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.hostNetwork
|
||||||
|
value: false
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.imagePullSecrets
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.nodeSelector
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.priorityClassName
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.restartPolicy
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.subdomain
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.terminationGracePeriodSeconds
|
||||||
|
value: 60
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.tolerations
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.spec.topologySpreadConstraints
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- equal:
|
||||||
|
path: spec.strategy
|
||||||
|
value:
|
||||||
|
type: "RollingUpdate"
|
||||||
|
rollingUpdate:
|
||||||
|
maxSurge: 1
|
||||||
|
maxUnavailable: 1
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test custom replicas
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.replicas: 3
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.replicas
|
||||||
|
value: 3
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test custom affinity
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.affinity:
|
||||||
|
nodeAffinity:
|
||||||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
nodeSelectorTerms:
|
||||||
|
- matchExpressions:
|
||||||
|
- key: topology.kubernetes.io/zone
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- antarctica-east1
|
||||||
|
- antarctica-west1
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.affinity
|
||||||
|
value:
|
||||||
|
nodeAffinity:
|
||||||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
nodeSelectorTerms:
|
||||||
|
- matchExpressions:
|
||||||
|
- key: topology.kubernetes.io/zone
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- antarctica-east1
|
||||||
|
- antarctica-west1
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test additional arguments
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.athensProxy.args:
|
||||||
|
- "--foo=bar"
|
||||||
|
- "--bar=foo"
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.containers[0].args
|
||||||
|
value:
|
||||||
|
- --foo=bar
|
||||||
|
- --bar=foo
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test additional command
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.athensProxy.command:
|
||||||
|
- "/bin/sh"
|
||||||
|
- "-c"
|
||||||
|
- "echo hello"
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.containers[0].command
|
||||||
|
value:
|
||||||
|
- "/bin/sh"
|
||||||
|
- "-c"
|
||||||
|
- "echo hello"
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test custom imageRegistry and imageRepository
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.athensProxy.image.registry: registry.example.local
|
||||||
|
deployment.athensProxy.image.repository: path/special/athens-proxy
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.containers[0].image
|
||||||
|
value: registry.example.local/path/special/athens-proxy:0.1.0
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test custom imagePullPolicy
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.athensProxy.image.pullPolicy: Always
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.containers[0].imagePullPolicy
|
||||||
|
value: Always
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test custom resource limits and requests
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.athensProxy.resources:
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 250MB
|
||||||
|
requests:
|
||||||
|
cpu: 25m
|
||||||
|
memory: 100MB
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
value:
|
||||||
|
- name: GOMAXPROCS
|
||||||
|
valueFrom:
|
||||||
|
resourceFieldRef:
|
||||||
|
divisor: "1"
|
||||||
|
resource: limits.cpu
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.containers[0].resources
|
||||||
|
value:
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 250MB
|
||||||
|
requests:
|
||||||
|
cpu: 25m
|
||||||
|
memory: 100MB
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test custom securityContext
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.athensProxy.securityContext:
|
||||||
|
capabilities:
|
||||||
|
add:
|
||||||
|
- NET_RAW
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
privileged: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.containers[0].securityContext
|
||||||
|
value:
|
||||||
|
capabilities:
|
||||||
|
add:
|
||||||
|
- NET_RAW
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
privileged: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test dnsConfig
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.dnsConfig:
|
||||||
|
nameservers:
|
||||||
|
- "8.8.8.8"
|
||||||
|
- "8.8.4.4"
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.dnsConfig
|
||||||
|
value:
|
||||||
|
nameservers:
|
||||||
|
- "8.8.8.8"
|
||||||
|
- "8.8.4.4"
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test dnsPolicy
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.dnsPolicy: ClusterFirst
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.dnsPolicy
|
||||||
|
value: ClusterFirst
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test hostNetwork, hostname, subdomain
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.hostNetwork: true
|
||||||
|
deployment.hostname: pg-exporter
|
||||||
|
deployment.subdomain: exporters.internal
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.hostNetwork
|
||||||
|
value: true
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.hostname
|
||||||
|
value: pg-exporter
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.subdomain
|
||||||
|
value: exporters.internal
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test imagePullSecrets
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.imagePullSecrets:
|
||||||
|
- name: my-pull-secret
|
||||||
|
- name: my-special-secret
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.imagePullSecrets
|
||||||
|
value:
|
||||||
|
- name: my-pull-secret
|
||||||
|
- name: my-special-secret
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test nodeSelector
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.nodeSelector:
|
||||||
|
foo: bar
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.nodeSelector
|
||||||
|
value:
|
||||||
|
foo: bar
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test priorityClassName
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.priorityClassName: my-priority
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.priorityClassName
|
||||||
|
value: my-priority
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test restartPolicy
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.restartPolicy: Always
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.restartPolicy
|
||||||
|
value: Always
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test terminationGracePeriodSeconds
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.terminationGracePeriodSeconds: 120
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.terminationGracePeriodSeconds
|
||||||
|
value: 120
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test tolerations
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.tolerations:
|
||||||
|
- key: database/type
|
||||||
|
operator: Equal
|
||||||
|
value: postgres
|
||||||
|
effect: NoSchedule
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.tolerations
|
||||||
|
value:
|
||||||
|
- key: database/type
|
||||||
|
operator: Equal
|
||||||
|
value: postgres
|
||||||
|
effect: NoSchedule
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test topologySpreadConstraints
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.topologySpreadConstraints:
|
||||||
|
- topologyKey: kubernetes.io/hostname
|
||||||
|
whenUnsatisfiable: DoNotSchedule
|
||||||
|
labelSelector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/instance: athens-proxy
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.topologySpreadConstraints
|
||||||
|
value:
|
||||||
|
- topologyKey: kubernetes.io/hostname
|
||||||
|
whenUnsatisfiable: DoNotSchedule
|
||||||
|
labelSelector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/instance: athens-proxy
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test additional volumeMounts and volumes
|
||||||
|
set:
|
||||||
|
# Ensure that the secrets and config maps are well configured.
|
||||||
|
|
||||||
|
# Normal test values
|
||||||
|
deployment.athensProxy.volumeMounts:
|
||||||
|
- name: data
|
||||||
|
mountPath: /usr/lib/athens-proxy/data
|
||||||
|
deployment.volumes:
|
||||||
|
- name: data
|
||||||
|
hostPath:
|
||||||
|
path: /usr/lib/athens-proxy/data
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
value:
|
||||||
|
- name: data
|
||||||
|
mountPath: /usr/lib/athens-proxy/data
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
value:
|
||||||
|
- name: data
|
||||||
|
hostPath:
|
||||||
|
path: /usr/lib/athens-proxy/data
|
||||||
|
template: templates/deployment.yaml
|
105
unittests/deployment/downloadMode.yaml
Normal file
105
unittests/deployment/downloadMode.yaml
Normal file
@@ -0,0 +1,105 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Deployment template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/configMapDownloadMode.yaml
|
||||||
|
- templates/configMapGitConfig.yaml
|
||||||
|
- templates/deployment.yaml
|
||||||
|
- templates/secretNetRC.yaml
|
||||||
|
- templates/secretSSH.yaml
|
||||||
|
tests:
|
||||||
|
- it: Rendering default without mounted download mode config map
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_DOWNLOAD_MODE
|
||||||
|
value: file:/etc/athens/config/download-mode.d/download-mode
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: download-mode
|
||||||
|
mountPath: /etc/athens/config/download-mode.d
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: download-mode
|
||||||
|
configMap:
|
||||||
|
name: athens-proxy-unittest-download-mode-file
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering default with mounted gitconfig configMap
|
||||||
|
set:
|
||||||
|
config.downloadMode.enabled: true
|
||||||
|
persistence.enabled: true
|
||||||
|
asserts:
|
||||||
|
- exists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_DOWNLOAD_MODE
|
||||||
|
value: file:/etc/athens/config/download-mode.d/download-mode
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: download-mode
|
||||||
|
mountPath: /etc/athens/config/download-mode.d
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: download-mode
|
||||||
|
configMap:
|
||||||
|
items:
|
||||||
|
- key: downloadMode
|
||||||
|
mode: 0644
|
||||||
|
path: download-mode
|
||||||
|
name: athens-proxy-unittest-download-mode-file
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering with custom download mode configMap
|
||||||
|
set:
|
||||||
|
config.downloadMode.enabled: true
|
||||||
|
config.downloadMode.existingConfigMap.enabled: true
|
||||||
|
config.downloadMode.existingConfigMap.configMapName: "my-custom-configmap"
|
||||||
|
config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key"
|
||||||
|
persistence.enabled: true
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_DOWNLOAD_MODE
|
||||||
|
value: file:/etc/athens/config/download-mode.d/download-mode
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: download-mode
|
||||||
|
mountPath: /etc/athens/config/download-mode.d
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: download-mode
|
||||||
|
configMap:
|
||||||
|
items:
|
||||||
|
- key: "my-custom-download-mode-filename-key"
|
||||||
|
path: "download-mode"
|
||||||
|
mode: 0644
|
||||||
|
name: my-custom-configmap
|
||||||
|
template: templates/deployment.yaml
|
51
unittests/deployment/env.yaml
Normal file
51
unittests/deployment/env.yaml
Normal file
@@ -0,0 +1,51 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Deployment template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/deployment.yaml
|
||||||
|
- templates/secretEnv.yaml
|
||||||
|
tests:
|
||||||
|
- it: Rendering default without mounted env secret
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].envFrom
|
||||||
|
content:
|
||||||
|
secretRef:
|
||||||
|
name: athens-proxy-unittest-env
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering default with mounted env secret
|
||||||
|
set:
|
||||||
|
config.env.enabled: true
|
||||||
|
asserts:
|
||||||
|
- exists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].envFrom
|
||||||
|
content:
|
||||||
|
secretRef:
|
||||||
|
name: athens-proxy-unittest-env
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering default with mounted env secret
|
||||||
|
set:
|
||||||
|
config.env.enabled: true
|
||||||
|
config.env.existingSecret.enabled: true
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].envFrom
|
||||||
|
content:
|
||||||
|
secretRef:
|
||||||
|
name: athens-proxy-unittest-env
|
||||||
|
template: templates/deployment.yaml
|
100
unittests/deployment/gitConfig.yaml
Normal file
100
unittests/deployment/gitConfig.yaml
Normal file
@@ -0,0 +1,100 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Deployment template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/configMapDownloadMode.yaml
|
||||||
|
- templates/configMapGitConfig.yaml
|
||||||
|
- templates/deployment.yaml
|
||||||
|
- templates/secretNetRC.yaml
|
||||||
|
- templates/secretSSH.yaml
|
||||||
|
tests:
|
||||||
|
- it: Rendering default without mounted git config map
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.gitconfig
|
||||||
|
subPath: .gitconfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- configMap:
|
||||||
|
items:
|
||||||
|
- key: .gitconfig
|
||||||
|
path: .gitconfig
|
||||||
|
mode: 0600
|
||||||
|
name: athens-proxy-unittest-gitconfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering default with mounted gitconfig configMap
|
||||||
|
set:
|
||||||
|
config.gitConfig.enabled: true
|
||||||
|
persistence.enabled: true
|
||||||
|
asserts:
|
||||||
|
- exists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.gitconfig
|
||||||
|
subPath: .gitconfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- configMap:
|
||||||
|
items:
|
||||||
|
- key: .gitconfig
|
||||||
|
path: .gitconfig
|
||||||
|
mode: 0644
|
||||||
|
name: athens-proxy-unittest-gitconfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering with custom gitconfig configMap
|
||||||
|
set:
|
||||||
|
config.gitConfig.enabled: true
|
||||||
|
config.gitConfig.existingConfigMap.enabled: true
|
||||||
|
config.gitConfig.existingConfigMap.configMapName: "my-custom-configmap"
|
||||||
|
config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key"
|
||||||
|
persistence.enabled: true
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.gitconfig
|
||||||
|
subPath: .gitconfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- configMap:
|
||||||
|
items:
|
||||||
|
- key: my-gitconfig-key
|
||||||
|
path: .gitconfig
|
||||||
|
mode: 0644
|
||||||
|
name: my-custom-configmap
|
||||||
|
template: templates/deployment.yaml
|
99
unittests/deployment/netrc.yaml
Normal file
99
unittests/deployment/netrc.yaml
Normal file
@@ -0,0 +1,99 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Deployment template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/configMapDownloadMode.yaml
|
||||||
|
- templates/configMapGitConfig.yaml
|
||||||
|
- templates/deployment.yaml
|
||||||
|
- templates/secretNetRC.yaml
|
||||||
|
- templates/secretSSH.yaml
|
||||||
|
tests:
|
||||||
|
- it: Rendering default without mounted netrc secret
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: netrc
|
||||||
|
mountPath: /root
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
items:
|
||||||
|
- key: .netrc
|
||||||
|
path: .netrc
|
||||||
|
mode: 0600
|
||||||
|
name: athens-proxy-unittest-netrc
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering default with mounted netrc secret
|
||||||
|
set:
|
||||||
|
config.netrc.enabled: true
|
||||||
|
persistence.enabled: true
|
||||||
|
asserts:
|
||||||
|
- exists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.netrc
|
||||||
|
subPath: .netrc
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
items:
|
||||||
|
- key: .netrc
|
||||||
|
path: .netrc
|
||||||
|
mode: 0600
|
||||||
|
name: athens-proxy-unittest-netrc
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering with custom netrc secret
|
||||||
|
set:
|
||||||
|
config.netrc.enabled: true
|
||||||
|
config.netrc.existingSecret.enabled: true
|
||||||
|
config.netrc.existingSecret.secretName: "my-custom-secret"
|
||||||
|
config.netrc.existingSecret.netrcKey: "my-netrc-key"
|
||||||
|
persistence.enabled: true
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netc
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.netrc
|
||||||
|
subPath: .netrc
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
items:
|
||||||
|
- key: my-netrc-key
|
||||||
|
path: .netrc
|
||||||
|
mode: 0600
|
||||||
|
name: my-custom-secret
|
||||||
|
template: templates/deployment.yaml
|
77
unittests/deployment/persistentVolumeClaim.yaml
Normal file
77
unittests/deployment/persistentVolumeClaim.yaml
Normal file
@@ -0,0 +1,77 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Deployment template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/configMapDownloadMode.yaml
|
||||||
|
- templates/configMapGitConfig.yaml
|
||||||
|
- templates/deployment.yaml
|
||||||
|
- templates/secretNetRC.yaml
|
||||||
|
- templates/secretSSH.yaml
|
||||||
|
tests:
|
||||||
|
- it: Test persistent volume claim
|
||||||
|
set:
|
||||||
|
persistence.enabled: true
|
||||||
|
asserts:
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_STORAGE_TYPE
|
||||||
|
value: disk
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_DISK_STORAGE_ROOT
|
||||||
|
value: /var/www/athens-proxy/data
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: data
|
||||||
|
mountPath: /var/www/athens-proxy/data
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: data
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: athens-proxy-unittest-data
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Test existing persistent volume claim
|
||||||
|
set:
|
||||||
|
config.netrc.enabled: true
|
||||||
|
persistence.enabled: true
|
||||||
|
persistence.data.mountPath: "/mnt/go-proxy/data"
|
||||||
|
persistence.data.existingPersistentVolumeClaim.enabled: true
|
||||||
|
persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName: "my-special-pvc"
|
||||||
|
asserts:
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_STORAGE_TYPE
|
||||||
|
value: disk
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_DISK_STORAGE_ROOT
|
||||||
|
value: /mnt/go-proxy/data
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: data
|
||||||
|
mountPath: /mnt/go-proxy/data
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: data
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: my-special-pvc
|
||||||
|
template: templates/deployment.yaml
|
254
unittests/deployment/ssh.yaml
Normal file
254
unittests/deployment/ssh.yaml
Normal file
@@ -0,0 +1,254 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Deployment template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/configMapDownloadMode.yaml
|
||||||
|
- templates/configMapGitConfig.yaml
|
||||||
|
- templates/deployment.yaml
|
||||||
|
- templates/secretNetRC.yaml
|
||||||
|
- templates/secretSSH.yaml
|
||||||
|
tests:
|
||||||
|
- it: Rendering default without mounted ssh secret
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/config
|
||||||
|
subPath: config
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_ed25519
|
||||||
|
subPath: id_ed25519
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_ed25519.pub
|
||||||
|
subPath: id_ed25519.pub
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_rsa
|
||||||
|
subPath: id_rsa
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_rsa.pub
|
||||||
|
subPath: id_rsa.pub
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
items:
|
||||||
|
- key: config
|
||||||
|
path: config
|
||||||
|
mode: 0644
|
||||||
|
- key: id_ed25519
|
||||||
|
path: id_ed25519
|
||||||
|
mode: 0600
|
||||||
|
- key: id_ed25519.pub
|
||||||
|
path: id_ed25519.pub
|
||||||
|
mode: 0644
|
||||||
|
- key: id_rsa
|
||||||
|
path: id_rsa
|
||||||
|
mode: 0600
|
||||||
|
- key: id_rsa.pub
|
||||||
|
path: id_rsa.pub
|
||||||
|
mode: 0644
|
||||||
|
name: athens-proxy-unittest-ssh
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering default with mounted ssh config
|
||||||
|
set:
|
||||||
|
config.ssh.enabled: true
|
||||||
|
persistence.enabled: true
|
||||||
|
asserts:
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/config
|
||||||
|
subPath: config
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
items:
|
||||||
|
- key: config
|
||||||
|
path: config
|
||||||
|
mode: 0600
|
||||||
|
name: athens-proxy-unittest-ssh
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering default with mounted ssh keys
|
||||||
|
set:
|
||||||
|
config.ssh.enabled: true
|
||||||
|
config.ssh.secret.id_ed25519: foo
|
||||||
|
config.ssh.secret.id_ed25519_pub: bar
|
||||||
|
config.ssh.secret.id_rsa: foo
|
||||||
|
config.ssh.secret.id_rsa_pub: bar
|
||||||
|
persistence.enabled: true
|
||||||
|
asserts:
|
||||||
|
- exists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/config
|
||||||
|
subPath: config
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_ed25519
|
||||||
|
subPath: id_ed25519
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_ed25519.pub
|
||||||
|
subPath: id_ed25519.pub
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_rsa
|
||||||
|
subPath: id_rsa
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_rsa.pub
|
||||||
|
subPath: id_rsa.pub
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
items:
|
||||||
|
- key: config
|
||||||
|
path: config
|
||||||
|
mode: 0600
|
||||||
|
- key: id_ed25519
|
||||||
|
path: id_ed25519
|
||||||
|
mode: 0600
|
||||||
|
- key: id_ed25519.pub
|
||||||
|
path: id_ed25519.pub
|
||||||
|
mode: 0644
|
||||||
|
- key: id_rsa
|
||||||
|
path: id_rsa
|
||||||
|
mode: 0600
|
||||||
|
- key: id_rsa.pub
|
||||||
|
path: id_rsa.pub
|
||||||
|
mode: 0644
|
||||||
|
name: athens-proxy-unittest-ssh
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering with custom ssh secret
|
||||||
|
set:
|
||||||
|
config.ssh.enabled: true
|
||||||
|
config.ssh.existingSecret.enabled: true
|
||||||
|
config.ssh.existingSecret.secretName: "my-custom-secret"
|
||||||
|
config.ssh.existingSecret.configKey : "my-config-key"
|
||||||
|
config.ssh.existingSecret.id_ed25519Key : "my-private-ed25519-key"
|
||||||
|
config.ssh.existingSecret.id_ed25519PubKey : "my-public-ed25519-key"
|
||||||
|
config.ssh.existingSecret.id_rsaKey : "my-private-rsa-key"
|
||||||
|
config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key"
|
||||||
|
persistence.enabled: true
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/config
|
||||||
|
subPath: config
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_ed25519
|
||||||
|
subPath: id_ed25519
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_ed25519.pub
|
||||||
|
subPath: id_ed25519.pub
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_rsa
|
||||||
|
subPath: id_rsa
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_rsa.pub
|
||||||
|
subPath: id_rsa.pub
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
items:
|
||||||
|
- key: my-config-key
|
||||||
|
path: config
|
||||||
|
mode: 0600
|
||||||
|
- key: my-private-ed25519-key
|
||||||
|
path: id_ed25519
|
||||||
|
mode: 0600
|
||||||
|
- key: my-public-ed25519-key
|
||||||
|
path: id_ed25519.pub
|
||||||
|
mode: 0644
|
||||||
|
- key: my-private-rsa-key
|
||||||
|
path: id_rsa
|
||||||
|
mode: 0600
|
||||||
|
- key: my-public-rsa-key
|
||||||
|
path: id_rsa.pub
|
||||||
|
mode: 0644
|
||||||
|
name: my-custom-secret
|
||||||
|
template: templates/deployment.yaml
|
116
unittests/hpa/default.yaml
Normal file
116
unittests/hpa/default.yaml
Normal file
@@ -0,0 +1,116 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: HPA template (basic)
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/hpa.yaml
|
||||||
|
tests:
|
||||||
|
- it: Skip rendering by default.
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Rendering when enabled - default
|
||||||
|
set:
|
||||||
|
hpa.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: autoscaling/v2
|
||||||
|
kind: HorizontalPodAutoscaler
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
- notExists:
|
||||||
|
path: metadata.annotations
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
app.kubernetes.io/version: 0.1.0
|
||||||
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
|
- contains:
|
||||||
|
path: spec.metrics
|
||||||
|
content:
|
||||||
|
resource:
|
||||||
|
name: cpu
|
||||||
|
target:
|
||||||
|
averageUtilization: 65
|
||||||
|
type: Utilization
|
||||||
|
type: Resource
|
||||||
|
- equal:
|
||||||
|
path: spec.maxReplicas
|
||||||
|
value: 10
|
||||||
|
- equal:
|
||||||
|
path: spec.minReplicas
|
||||||
|
value: 1
|
||||||
|
- equal:
|
||||||
|
path: spec.scaleTargetRef
|
||||||
|
value:
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
|
||||||
|
- it: Rendering when enabled - custom values
|
||||||
|
set:
|
||||||
|
hpa.enabled: true
|
||||||
|
hpa.annotations:
|
||||||
|
foo: bar
|
||||||
|
hpa.labels:
|
||||||
|
bar: foo
|
||||||
|
hpa.maxReplicas: 25
|
||||||
|
hpa.minReplicas: 5
|
||||||
|
hpa.metrics:
|
||||||
|
- resource:
|
||||||
|
name: memory
|
||||||
|
target:
|
||||||
|
averageUtilization: 65
|
||||||
|
type: Utilization
|
||||||
|
type: Resource
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: autoscaling/v2
|
||||||
|
kind: HorizontalPodAutoscaler
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
- equal:
|
||||||
|
path: metadata.annotations
|
||||||
|
value:
|
||||||
|
foo: bar
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
app.kubernetes.io/version: 0.1.0
|
||||||
|
bar: foo
|
||||||
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
|
- contains:
|
||||||
|
path: spec.metrics
|
||||||
|
content:
|
||||||
|
resource:
|
||||||
|
name: memory
|
||||||
|
target:
|
||||||
|
averageUtilization: 65
|
||||||
|
type: Utilization
|
||||||
|
type: Resource
|
||||||
|
- equal:
|
||||||
|
path: spec.maxReplicas
|
||||||
|
value: 25
|
||||||
|
- equal:
|
||||||
|
path: spec.minReplicas
|
||||||
|
value: 5
|
||||||
|
- equal:
|
||||||
|
path: spec.scaleTargetRef
|
||||||
|
value:
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
name: athens-proxy-unittest
|
139
unittests/ingress/ingress.yaml
Normal file
139
unittests/ingress/ingress.yaml
Normal file
@@ -0,0 +1,139 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Ingress template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/ingress.yaml
|
||||||
|
tests:
|
||||||
|
- it: Skip ingress by default.
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Skip ingress, when service is disabled.
|
||||||
|
set:
|
||||||
|
services.http.enabled: false
|
||||||
|
ingress.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Render ingress with default values.
|
||||||
|
set:
|
||||||
|
ingress.enabled: true
|
||||||
|
ingress.hosts:
|
||||||
|
- host: athens-proxy.example.local
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
ingress.tls:
|
||||||
|
- secretName: athens-proxy-http-tls
|
||||||
|
hosts:
|
||||||
|
- athens-proxy.example.local
|
||||||
|
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
- notExists:
|
||||||
|
path: metadata.annotations
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
app.kubernetes.io/version: 0.1.0
|
||||||
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
|
- equal:
|
||||||
|
path: spec.ingressClassName
|
||||||
|
value: nginx
|
||||||
|
- contains:
|
||||||
|
path: spec.rules
|
||||||
|
content:
|
||||||
|
host: athens-proxy.example.local
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: athens-proxy-unittest-http
|
||||||
|
port:
|
||||||
|
number: 3000
|
||||||
|
- contains:
|
||||||
|
path: spec.tls
|
||||||
|
content:
|
||||||
|
hosts:
|
||||||
|
- athens-proxy.example.local
|
||||||
|
secretName: athens-proxy-http-tls
|
||||||
|
|
||||||
|
- it: Render ingress with custom values.
|
||||||
|
set:
|
||||||
|
ingress.enabled: true
|
||||||
|
ingress.annotations:
|
||||||
|
foo: bar
|
||||||
|
ingress.className: nginx
|
||||||
|
ingress.labels:
|
||||||
|
bar: foo
|
||||||
|
ingress.hosts:
|
||||||
|
- host: athens-proxy.example.local
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
ingress.tls:
|
||||||
|
- secretName: athens-proxy-http-tls
|
||||||
|
hosts:
|
||||||
|
- athens-proxy.example.local
|
||||||
|
services.http.port: 8080
|
||||||
|
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
- equal:
|
||||||
|
path: metadata.annotations
|
||||||
|
value:
|
||||||
|
foo: bar
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
app.kubernetes.io/version: 0.1.0
|
||||||
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
|
bar: foo
|
||||||
|
- equal:
|
||||||
|
path: spec.ingressClassName
|
||||||
|
value: nginx
|
||||||
|
- contains:
|
||||||
|
path: spec.rules
|
||||||
|
content:
|
||||||
|
host: athens-proxy.example.local
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: athens-proxy-unittest-http
|
||||||
|
port:
|
||||||
|
number: 8080
|
||||||
|
- contains:
|
||||||
|
path: spec.tls
|
||||||
|
content:
|
||||||
|
hosts:
|
||||||
|
- athens-proxy.example.local
|
||||||
|
secretName: athens-proxy-http-tls
|
98
unittests/networkPolicy/networkPolicy.yaml
Normal file
98
unittests/networkPolicy/networkPolicy.yaml
Normal file
@@ -0,0 +1,98 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: NetworkPolicy template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/networkPolicy.yaml
|
||||||
|
tests:
|
||||||
|
- it: Skip rendering networkPolicy
|
||||||
|
set:
|
||||||
|
networkPolicy.enabled: false
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Render default networkPolicy
|
||||||
|
set:
|
||||||
|
networkPolicy.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: NetworkPolicy
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
- notExists:
|
||||||
|
path: metadata.annotations
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
app.kubernetes.io/version: 0.1.0
|
||||||
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
|
- equal:
|
||||||
|
path: spec.podSelector.matchLabels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
- notExists:
|
||||||
|
path: spec.policyTypes
|
||||||
|
- notExists:
|
||||||
|
path: spec.egress
|
||||||
|
- notExists:
|
||||||
|
path: spec.ingress
|
||||||
|
|
||||||
|
- it: Template networkPolicy with policyTypes, egress and ingress configuration
|
||||||
|
set:
|
||||||
|
networkPolicy.enabled: true
|
||||||
|
networkPolicy.policyTypes:
|
||||||
|
- Egress
|
||||||
|
- Ingress
|
||||||
|
networkPolicy.ingress:
|
||||||
|
- from:
|
||||||
|
- namespaceSelector:
|
||||||
|
matchLabels:
|
||||||
|
kubernetes.io/metadata.name: monitoring
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: prometheus
|
||||||
|
networkPolicy.egress:
|
||||||
|
- to:
|
||||||
|
- namespaceSelector:
|
||||||
|
matchLabels:
|
||||||
|
kubernetes.io/metadata.name: ingress-nginx
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.policyTypes
|
||||||
|
value:
|
||||||
|
- Egress
|
||||||
|
- Ingress
|
||||||
|
- equal:
|
||||||
|
path: spec.egress
|
||||||
|
value:
|
||||||
|
- to:
|
||||||
|
- namespaceSelector:
|
||||||
|
matchLabels:
|
||||||
|
kubernetes.io/metadata.name: ingress-nginx
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
- equal:
|
||||||
|
path: spec.ingress
|
||||||
|
value:
|
||||||
|
- from:
|
||||||
|
- namespaceSelector:
|
||||||
|
matchLabels:
|
||||||
|
kubernetes.io/metadata.name: monitoring
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: prometheus
|
90
unittests/persistentVolumeClaim/persistentVolumeClaim.yaml
Normal file
90
unittests/persistentVolumeClaim/persistentVolumeClaim.yaml
Normal file
@@ -0,0 +1,90 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: PersistentVolumeClaim template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/persistentVolumeClaim.yaml
|
||||||
|
tests:
|
||||||
|
- it: Rendering default
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Rendering with enabled persistent storage
|
||||||
|
set:
|
||||||
|
persistence.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
name: athens-proxy-unittest-data
|
||||||
|
namespace: testing
|
||||||
|
- notExists:
|
||||||
|
path: metadata.annotations
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
app.kubernetes.io/version: 0.1.0
|
||||||
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
|
- equal:
|
||||||
|
path: spec.accessModes
|
||||||
|
value:
|
||||||
|
- ReadWriteMany
|
||||||
|
- isSubset:
|
||||||
|
path: spec.resources
|
||||||
|
content:
|
||||||
|
requests:
|
||||||
|
storage: 5Gi
|
||||||
|
- notExists:
|
||||||
|
path: spec.storageClassName
|
||||||
|
|
||||||
|
- it: Rendering with custom enabled persistent storage
|
||||||
|
set:
|
||||||
|
persistence.enabled: true
|
||||||
|
persistence.data.persistentVolumeClaim.annotations:
|
||||||
|
foo: bar
|
||||||
|
persistence.data.persistentVolumeClaim.labels:
|
||||||
|
bar: foo
|
||||||
|
persistence.data.persistentVolumeClaim.storageClassName: my-storage-class
|
||||||
|
persistence.data.persistentVolumeClaim.storageSize: 10Gi
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
name: athens-proxy-unittest-data
|
||||||
|
namespace: testing
|
||||||
|
- equal:
|
||||||
|
path: metadata.annotations
|
||||||
|
value:
|
||||||
|
foo: bar
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
app.kubernetes.io/version: 0.1.0
|
||||||
|
bar: foo
|
||||||
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
|
- equal:
|
||||||
|
path: spec.accessModes
|
||||||
|
value:
|
||||||
|
- ReadWriteMany
|
||||||
|
- isSubset:
|
||||||
|
path: spec.resources
|
||||||
|
content:
|
||||||
|
requests:
|
||||||
|
storage: 10Gi
|
||||||
|
- equal:
|
||||||
|
path: spec.storageClassName
|
||||||
|
value: my-storage-class
|
77
unittests/secrets/env.yaml
Normal file
77
unittests/secrets/env.yaml
Normal file
@@ -0,0 +1,77 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Secret environment variables
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/secretEnv.yaml
|
||||||
|
tests:
|
||||||
|
- it: Skip rendering by default
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Skip rendering by using existing secret.
|
||||||
|
set:
|
||||||
|
config.env.enabled: true
|
||||||
|
config.env.existingSecret.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Rendering env secret with default values.
|
||||||
|
set:
|
||||||
|
config.env.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
name: athens-proxy-unittest-env
|
||||||
|
namespace: testing
|
||||||
|
- notExists:
|
||||||
|
path: metadata.annotations
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
app.kubernetes.io/version: 0.1.0
|
||||||
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
|
- isNullOrEmpty:
|
||||||
|
path: stringData
|
||||||
|
|
||||||
|
- it: Rendering env secret with custom values.
|
||||||
|
set:
|
||||||
|
config.env.enabled: true
|
||||||
|
config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token
|
||||||
|
asserts:
|
||||||
|
- isSubset:
|
||||||
|
path: stringData
|
||||||
|
content:
|
||||||
|
ATHENS_GITHUB_TOKEN: my-secret-token
|
||||||
|
|
||||||
|
- it: Rendering custom annotations and labels.
|
||||||
|
set:
|
||||||
|
config.env.enabled: true
|
||||||
|
config.env.secret.annotations:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
config.env.secret.labels:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: metadata.annotations
|
||||||
|
value:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
- isSubset:
|
||||||
|
path: metadata.labels
|
||||||
|
content:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
93
unittests/secrets/netrc.yaml
Normal file
93
unittests/secrets/netrc.yaml
Normal file
@@ -0,0 +1,93 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Secret netrc template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/secretNetRC.yaml
|
||||||
|
tests:
|
||||||
|
- it: Skip rendering by default
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Skip rendering by using existing secret.
|
||||||
|
set:
|
||||||
|
config.netrc.enabled: true
|
||||||
|
config.netrc.existingSecret.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Rendering netrc secret with default values.
|
||||||
|
set:
|
||||||
|
config.netrc.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
name: athens-proxy-unittest-netrc
|
||||||
|
namespace: testing
|
||||||
|
- notExists:
|
||||||
|
path: metadata.annotations
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
app.kubernetes.io/version: 0.1.0
|
||||||
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
|
- equal:
|
||||||
|
path: stringData[".netrc"]
|
||||||
|
value: |
|
||||||
|
# The .netrc file
|
||||||
|
#
|
||||||
|
# The .netrc file contains login and initialization information used by the auto-login process. It generally
|
||||||
|
# resides in the user's home directory, but a location outside of the home directory can be set using the
|
||||||
|
# environment variable NETRC. Both locations are overridden by the command line option -N. The selected file
|
||||||
|
# must be a regular file, or access will be denied.
|
||||||
|
#
|
||||||
|
# https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
|
||||||
|
#
|
||||||
|
# default login [name] password [password/token]
|
||||||
|
# machine github.com [octocat] password [PAT]
|
||||||
|
# machine api.github.com [octocat] password [PAT]
|
||||||
|
|
||||||
|
- it: Rendering netrc secret with custom values.
|
||||||
|
set:
|
||||||
|
config.netrc.enabled: true
|
||||||
|
config.netrc.secret.content: |
|
||||||
|
default github.com hugo password kinnock
|
||||||
|
default api.github.com hugo password kinnock
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: stringData[".netrc"]
|
||||||
|
value: |
|
||||||
|
default github.com hugo password kinnock
|
||||||
|
default api.github.com hugo password kinnock
|
||||||
|
|
||||||
|
- it: Rendering custom annotations and labels.
|
||||||
|
set:
|
||||||
|
config.netrc.enabled: true
|
||||||
|
config.netrc.secret.annotations:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
config.netrc.secret.labels:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: metadata.annotations
|
||||||
|
value:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
- isSubset:
|
||||||
|
path: metadata.labels
|
||||||
|
content:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
119
unittests/secrets/ssh.yaml
Normal file
119
unittests/secrets/ssh.yaml
Normal file
@@ -0,0 +1,119 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Secret ssh template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/secretSSH.yaml
|
||||||
|
tests:
|
||||||
|
- it: Skip rending by default.
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Skip rendering by using existing secret.
|
||||||
|
set:
|
||||||
|
config.ssh.enabled: true
|
||||||
|
config.ssh.existingSecret.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Rendering ssh secret with default values.
|
||||||
|
set:
|
||||||
|
config.ssh.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
name: athens-proxy-unittest-ssh
|
||||||
|
namespace: testing
|
||||||
|
- notExists:
|
||||||
|
path: metadata.annotations
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
app.kubernetes.io/version: 0.1.0
|
||||||
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
|
- equal:
|
||||||
|
path: stringData.config
|
||||||
|
value: |
|
||||||
|
# Host *
|
||||||
|
# IdentityFile ~/.ssh/id_ed25519
|
||||||
|
# IdentityFile ~/.ssh/id_rsa
|
||||||
|
- notExists:
|
||||||
|
path: stringData.id_ed25519
|
||||||
|
- notExists:
|
||||||
|
path: stringData["id_ed25519.pub"]
|
||||||
|
- notExists:
|
||||||
|
path: stringData.id_rsa
|
||||||
|
- notExists:
|
||||||
|
path: stringData["id_rsa.pub"]
|
||||||
|
|
||||||
|
- it: Rendering ssh secret with custom values.
|
||||||
|
set:
|
||||||
|
config.ssh.enabled: true
|
||||||
|
config.ssh.secret.config: |
|
||||||
|
Host *
|
||||||
|
IdentityFile ~/.ssh/id_ed25519
|
||||||
|
IdentityFile ~/.ssh/id_rsa
|
||||||
|
config.ssh.secret.id_ed25519: |
|
||||||
|
my-private-25519-key
|
||||||
|
config.ssh.secret.id_ed25519_pub: |
|
||||||
|
my-public-25519-key
|
||||||
|
config.ssh.secret.id_rsa: |
|
||||||
|
my-private-rsa-key
|
||||||
|
config.ssh.secret.id_rsa_pub: |
|
||||||
|
my-public-rsa-key
|
||||||
|
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: stringData.config
|
||||||
|
value: |
|
||||||
|
Host *
|
||||||
|
IdentityFile ~/.ssh/id_ed25519
|
||||||
|
IdentityFile ~/.ssh/id_rsa
|
||||||
|
- equal:
|
||||||
|
path: stringData.id_ed25519
|
||||||
|
value: |
|
||||||
|
my-private-25519-key
|
||||||
|
- equal:
|
||||||
|
path: stringData["id_ed25519.pub"]
|
||||||
|
value: |
|
||||||
|
my-public-25519-key
|
||||||
|
- equal:
|
||||||
|
path: stringData.id_rsa
|
||||||
|
value: |
|
||||||
|
my-private-rsa-key
|
||||||
|
- equal:
|
||||||
|
path: stringData["id_rsa.pub"]
|
||||||
|
value: |
|
||||||
|
my-public-rsa-key
|
||||||
|
|
||||||
|
- it: Rendering custom annotations and labels.
|
||||||
|
set:
|
||||||
|
config.ssh.enabled: true
|
||||||
|
config.ssh.secret.annotations:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
config.ssh.secret.labels:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: metadata.annotations
|
||||||
|
value:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
||||||
|
- isSubset:
|
||||||
|
path: metadata.labels
|
||||||
|
content:
|
||||||
|
foo: bar
|
||||||
|
bar: foo
|
79
unittests/serviceAccounts/serviceAccount.yaml
Normal file
79
unittests/serviceAccounts/serviceAccount.yaml
Normal file
@@ -0,0 +1,79 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: ServiceAccount athens-proxy template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/serviceAccount.yaml
|
||||||
|
tests:
|
||||||
|
- it: Skip rendering.
|
||||||
|
set:
|
||||||
|
serviceAccount.existing.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Rendering serviceAccount with default values.
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
- notExists:
|
||||||
|
path: metadata.annotations
|
||||||
|
- notExists:
|
||||||
|
path: metadata.labels
|
||||||
|
- equal:
|
||||||
|
path: automountServiceAccountToken
|
||||||
|
value: true
|
||||||
|
- notExists:
|
||||||
|
path: imagePullSecrets
|
||||||
|
- notExists:
|
||||||
|
path: secrets
|
||||||
|
|
||||||
|
|
||||||
|
- it: Rendering serviceAccount with custom values.
|
||||||
|
set:
|
||||||
|
serviceAccount.new.annotations:
|
||||||
|
foo: bar
|
||||||
|
serviceAccount.new.labels:
|
||||||
|
bar: foo
|
||||||
|
serviceAccount.new.automountServiceAccountToken: false
|
||||||
|
serviceAccount.new.imagePullSecrets:
|
||||||
|
- name: "my-pull-secret"
|
||||||
|
serviceAccount.new.secrets:
|
||||||
|
- name: "my-secret"
|
||||||
|
namespace: "my-namespace"
|
||||||
|
fieldPath: "my-path"
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- equal:
|
||||||
|
path: metadata.annotations
|
||||||
|
value:
|
||||||
|
foo: bar
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels
|
||||||
|
value:
|
||||||
|
bar: foo
|
||||||
|
- equal:
|
||||||
|
path: metadata.name
|
||||||
|
value: athens-proxy-unittest
|
||||||
|
- equal:
|
||||||
|
path: automountServiceAccountToken
|
||||||
|
value: false
|
||||||
|
- equal:
|
||||||
|
path: imagePullSecrets
|
||||||
|
value:
|
||||||
|
- name: "my-pull-secret"
|
||||||
|
- equal:
|
||||||
|
path: secrets
|
||||||
|
value:
|
||||||
|
- name: "my-secret"
|
||||||
|
namespace: "my-namespace"
|
||||||
|
fieldPath: "my-path"
|
174
unittests/services/http.yaml
Normal file
174
unittests/services/http.yaml
Normal file
@@ -0,0 +1,174 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Service http template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/serviceHTTP.yaml
|
||||||
|
tests:
|
||||||
|
- it: Skip service when disabled.
|
||||||
|
set:
|
||||||
|
services.http.enabled: false
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Rendering service with default values.
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
name: athens-proxy-unittest-http
|
||||||
|
namespace: testing
|
||||||
|
- notExists:
|
||||||
|
path: metadata.annotations
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
app.kubernetes.io/service-name: http
|
||||||
|
app.kubernetes.io/version: 0.1.0
|
||||||
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
|
- notExists:
|
||||||
|
path: spec.externalIPs
|
||||||
|
- notExists:
|
||||||
|
path: spec.externalTrafficPolicy
|
||||||
|
- equal:
|
||||||
|
path: spec.internalTrafficPolicy
|
||||||
|
value: Cluster
|
||||||
|
- notExists:
|
||||||
|
path: spec.ipFamilies
|
||||||
|
- notExists:
|
||||||
|
path: spec.loadBalancerClass
|
||||||
|
- notExists:
|
||||||
|
path: spec.loadBalancerIP
|
||||||
|
- notExists:
|
||||||
|
path: spec.loadBalancerSourceRanges
|
||||||
|
- equal:
|
||||||
|
path: spec.ports[0].name
|
||||||
|
value: http
|
||||||
|
- equal:
|
||||||
|
path: spec.ports[0].protocol
|
||||||
|
value: TCP
|
||||||
|
- equal:
|
||||||
|
path: spec.ports[0].port
|
||||||
|
value: 3000
|
||||||
|
- equal:
|
||||||
|
path: spec.selector
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
- equal:
|
||||||
|
path: spec.sessionAffinity
|
||||||
|
value: None
|
||||||
|
- notExists:
|
||||||
|
path: spec.sessionAffinityConfig
|
||||||
|
- equal:
|
||||||
|
path: spec.type
|
||||||
|
value: ClusterIP
|
||||||
|
|
||||||
|
- it: Require internalTrafficPolicy.
|
||||||
|
set:
|
||||||
|
services.http.internalTrafficPolicy: ""
|
||||||
|
asserts:
|
||||||
|
- failedTemplate:
|
||||||
|
errorMessage: No internal traffic policy defined!
|
||||||
|
|
||||||
|
- it: Require port.
|
||||||
|
set:
|
||||||
|
services.http.port: ""
|
||||||
|
asserts:
|
||||||
|
- failedTemplate:
|
||||||
|
errorMessage: No service port defined!
|
||||||
|
|
||||||
|
- it: Require sessionAffinity.
|
||||||
|
set:
|
||||||
|
services.http.sessionAffinity: ""
|
||||||
|
asserts:
|
||||||
|
- failedTemplate:
|
||||||
|
errorMessage: No session affinity defined!
|
||||||
|
|
||||||
|
- it: Require service type.
|
||||||
|
set:
|
||||||
|
services.http.type: ""
|
||||||
|
asserts:
|
||||||
|
- failedTemplate:
|
||||||
|
errorMessage: No service type defined!
|
||||||
|
|
||||||
|
- it: Render service with custom annotations and labels.
|
||||||
|
set:
|
||||||
|
services.http.annotations:
|
||||||
|
foo: bar
|
||||||
|
services.http.labels:
|
||||||
|
bar: foo
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: metadata.annotations
|
||||||
|
value:
|
||||||
|
foo: bar
|
||||||
|
- equal:
|
||||||
|
path: metadata.labels
|
||||||
|
value:
|
||||||
|
app.kubernetes.io/instance: athens-proxy-unittest
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: athens-proxy
|
||||||
|
app.kubernetes.io/service-name: http
|
||||||
|
app.kubernetes.io/version: 0.1.0
|
||||||
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
|
bar: foo
|
||||||
|
|
||||||
|
- it: Change defaults
|
||||||
|
set:
|
||||||
|
services.http.externalIPs:
|
||||||
|
- "10.11.12.13/32"
|
||||||
|
services.http.externalTrafficPolicy: Local
|
||||||
|
services.http.internalTrafficPolicy: Local
|
||||||
|
services.http.ipFamilies:
|
||||||
|
- IPv4
|
||||||
|
services.http.loadBalancerClass: aws
|
||||||
|
services.http.loadBalancerIP: "11.12.13.14"
|
||||||
|
services.http.loadBalancerSourceRanges:
|
||||||
|
- "11.12.0.0/17"
|
||||||
|
services.http.port: 10443
|
||||||
|
services.http.sessionAffinity: ClientIP
|
||||||
|
services.http.type: LoadBalancer
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.externalIPs
|
||||||
|
value:
|
||||||
|
- 10.11.12.13/32
|
||||||
|
- equal:
|
||||||
|
path: spec.externalTrafficPolicy
|
||||||
|
value: Local
|
||||||
|
- equal:
|
||||||
|
path: spec.internalTrafficPolicy
|
||||||
|
value: Local
|
||||||
|
- equal:
|
||||||
|
path: spec.ipFamilies
|
||||||
|
value:
|
||||||
|
- IPv4
|
||||||
|
- equal:
|
||||||
|
path: spec.loadBalancerClass
|
||||||
|
value: aws
|
||||||
|
- equal:
|
||||||
|
path: spec.loadBalancerIP
|
||||||
|
value: "11.12.13.14"
|
||||||
|
- equal:
|
||||||
|
path: spec.loadBalancerSourceRanges
|
||||||
|
value:
|
||||||
|
- "11.12.0.0/17"
|
||||||
|
- equal:
|
||||||
|
path: spec.ports[0].port
|
||||||
|
value: 10443
|
||||||
|
- equal:
|
||||||
|
path: spec.sessionAffinity
|
||||||
|
value: ClientIP
|
||||||
|
- equal:
|
||||||
|
path: spec.type
|
||||||
|
value: LoadBalancer
|
698
values.yaml
698
values.yaml
@@ -1,36 +1,104 @@
|
|||||||
affinity: {}
|
# Declare variables to be passed into your templates.
|
||||||
|
## @section Global
|
||||||
image:
|
## @param nameOverride Individual release name suffix.
|
||||||
repository: docker.io/gomods/athens
|
## @param fullnameOverride Override the complete release name logic.
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
# Overrides the image tag whose default is the chart appVersion.
|
|
||||||
tag: ""
|
|
||||||
|
|
||||||
imagePullSecrets: []
|
|
||||||
nameOverride: ""
|
nameOverride: ""
|
||||||
fullnameOverride: ""
|
fullnameOverride: ""
|
||||||
|
|
||||||
podAnnotations: {}
|
## @section Certificate
|
||||||
|
certificate:
|
||||||
|
## @param certificate.enabled Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added.
|
||||||
|
enabled: false
|
||||||
|
|
||||||
podPriorityClassName: ""
|
## @param certificate.existingSecret.enabled Use an existing secret of the type `kubernetes.io/tls`.
|
||||||
|
## @param certificate.existingSecret.secretName Name of the secret containing the TLS certificate and private key.
|
||||||
|
existingSecret:
|
||||||
|
enabled: false
|
||||||
|
secretName: ""
|
||||||
|
|
||||||
podSecurityContext: {}
|
## @param certificate.new.annotations Additional certificate annotations.
|
||||||
# fsGroup: 2000
|
## @param certificate.new.labels Additional certificate labels.
|
||||||
|
## @param certificate.new.duration Duration of the TLS certificate.
|
||||||
|
## @param certificate.new.renewBefore Renew TLS certificate before expiring.
|
||||||
|
## @param certificate.new.dnsNames Overwrites the default of the subject alternative DNS names.
|
||||||
|
## @param certificate.new.ipAddresses Overwrites the default of the subject alternative IP addresses.
|
||||||
|
## @param certificate.new.issuerRef.kind Issuer kind. Can be `Issuer` or `ClusterIssuer`.
|
||||||
|
## @param certificate.new.issuerRef.name Name of the `Issuer` or `ClusterIssuer`.
|
||||||
|
## @param certificate.new.privateKey.algorithm Algorithm of the private TLS key.
|
||||||
|
## @param certificate.new.privateKey.rotationPolicy Rotation of the private TLS key.
|
||||||
|
## @param certificate.new.privateKey.size Size of the private TLS key.
|
||||||
|
## @param certificate.new.secretTemplate.annotations Additional annotation of the created secret.
|
||||||
|
## @param certificate.new.secretTemplate.labels Additional labels of the created secret.
|
||||||
|
## @param certificate.new.subject.countries List of countries.
|
||||||
|
## @param certificate.new.subject.localities List of localities.
|
||||||
|
## @param certificate.new.subject.organizationalUnits List of organizationalUnits.
|
||||||
|
## @param certificate.new.subject.organizations List of organizations.
|
||||||
|
## @param certificate.new.subject.postalCodes List of postalCodes.
|
||||||
|
## @param certificate.new.subject.provinces List of provinces.
|
||||||
|
## @param certificate.new.subject.serialNumber Serial number.
|
||||||
|
## @param certificate.new.subject.streetAddresses List of streetAddresses.
|
||||||
|
## @param certificate.new.usages Define the usage of the TLS key.
|
||||||
|
new:
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
duration: "744h" # 31 days
|
||||||
|
renewBefore: "672h" # 28 days
|
||||||
|
dnsNames: []
|
||||||
|
# The following DNS names are already part of the SAN's and serves only as example.
|
||||||
|
# - "athens-proxy"
|
||||||
|
# - "athens-proxy.svc"
|
||||||
|
# - "athens-proxy.svc.namespace"
|
||||||
|
# - "athens-proxy.svc.namespace.cluster.local"
|
||||||
|
ipAddresses: []
|
||||||
|
# The following IP addresses serves only as example.
|
||||||
|
# - "10.92.1.10"
|
||||||
|
# - "2001:0db8:85a3:08d3:1319:8a2e:0370:7344"
|
||||||
|
issuerRef:
|
||||||
|
kind: ""
|
||||||
|
name: ""
|
||||||
|
privateKey:
|
||||||
|
algorithm: "RSA"
|
||||||
|
rotationPolicy: "Never"
|
||||||
|
size: 4096
|
||||||
|
secretTemplate:
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
subject:
|
||||||
|
countries: []
|
||||||
|
localities: []
|
||||||
|
organizationalUnits: []
|
||||||
|
organizations: []
|
||||||
|
postalCodes: []
|
||||||
|
provinces: []
|
||||||
|
serialNumber: ""
|
||||||
|
streetAddresses: []
|
||||||
|
usages:
|
||||||
|
- "client auth"
|
||||||
|
- "server auth"
|
||||||
|
|
||||||
securityContext: {}
|
## @section Configuration
|
||||||
# capabilities:
|
config:
|
||||||
# drop:
|
env:
|
||||||
# - ALL
|
## @param config.env.enabled Enable mounting of the secret as environment variables.
|
||||||
# readOnlyRootFilesystem: true
|
enabled: false
|
||||||
# runAsNonRoot: true
|
|
||||||
# runAsUser: 1000
|
|
||||||
|
|
||||||
config: {}
|
## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables.
|
||||||
|
## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables.
|
||||||
|
existingSecret:
|
||||||
|
enabled: false
|
||||||
|
secretName: ""
|
||||||
|
|
||||||
|
## @param config.env.secret.annotations Additional annotations of the secret containing the database credentials.
|
||||||
|
## @param config.env.secret.labels Additional labels of the secret containing the database credentials.
|
||||||
|
## @param config.env.secret.envs List of environment variables stored in a secret and mounted into the container.
|
||||||
|
secret:
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
envs: {}
|
||||||
# ATHENS_AZURE_ACCOUNT_KEY:
|
# ATHENS_AZURE_ACCOUNT_KEY:
|
||||||
# ATHENS_AZURE_ACCOUNT_NAME:
|
# ATHENS_AZURE_ACCOUNT_NAME:
|
||||||
# ATHENS_AZURE_CONTAINER_NAME:
|
# ATHENS_AZURE_CONTAINER_NAME:
|
||||||
# ATHENS_CLOUD_RUNTIME:
|
# ATHENS_CLOUD_RUNTIME:
|
||||||
# ATHENS_DOWNLOAD_MODE:
|
|
||||||
# ATHENS_DOWNLOAD_URL:
|
# ATHENS_DOWNLOAD_URL:
|
||||||
# ATHENS_ETCD_ENDPOINTS:
|
# ATHENS_ETCD_ENDPOINTS:
|
||||||
# ATHENS_EXTERNAL_STORAGE_URL:
|
# ATHENS_EXTERNAL_STORAGE_URL:
|
||||||
@@ -67,7 +135,6 @@ config: {}
|
|||||||
# ATHENS_MONGO_DEFAULT_DATABASE:
|
# ATHENS_MONGO_DEFAULT_DATABASE:
|
||||||
# ATHENS_MONGO_INSECURE:
|
# ATHENS_MONGO_INSECURE:
|
||||||
# ATHENS_MONGO_STORAGE_URL:
|
# ATHENS_MONGO_STORAGE_URL:
|
||||||
# ATHENS_NETRC_PATH:
|
|
||||||
# ATHENS_PATH_PREFIX:
|
# ATHENS_PATH_PREFIX:
|
||||||
# ATHENS_PORT:
|
# ATHENS_PORT:
|
||||||
# ATHENS_PROTOCOL_WORKERS:
|
# ATHENS_PROTOCOL_WORKERS:
|
||||||
@@ -80,11 +147,8 @@ config: {}
|
|||||||
# ATHENS_STATS_EXPORTER:
|
# ATHENS_STATS_EXPORTER:
|
||||||
# ATHENS_STORAGE_GCP_BUCKET:
|
# ATHENS_STORAGE_GCP_BUCKET:
|
||||||
# ATHENS_STORAGE_GCP_JSON_KEY:
|
# ATHENS_STORAGE_GCP_JSON_KEY:
|
||||||
# ATHENS_STORAGE_TYPE:
|
|
||||||
# ATHENS_SUM_DBS:
|
# ATHENS_SUM_DBS:
|
||||||
# ATHENS_TIMEOUT:
|
# ATHENS_TIMEOUT:
|
||||||
# ATHENS_TLSCERT_FILE:
|
|
||||||
# ATHENS_TLSKEY_FILE:
|
|
||||||
# ATHENS_TRACE_EXPORTER_URL:
|
# ATHENS_TRACE_EXPORTER_URL:
|
||||||
# ATHENS_TRACE_EXPORTER:
|
# ATHENS_TRACE_EXPORTER:
|
||||||
# AWS_ACCESS_KEY_ID:
|
# AWS_ACCESS_KEY_ID:
|
||||||
@@ -102,86 +166,530 @@ config: {}
|
|||||||
# MY_S3_BUCKET_NAME:
|
# MY_S3_BUCKET_NAME:
|
||||||
# PROXY_FORCE_SSL:
|
# PROXY_FORCE_SSL:
|
||||||
|
|
||||||
replicaCount: 1
|
downloadMode:
|
||||||
|
## @param config.downloadMode.enabled Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined.
|
||||||
|
enabled: false
|
||||||
|
|
||||||
serviceAccount:
|
## @param config.downloadMode.existingConfigMap.enabled Enable to use an external config map for mounting the download mode file.
|
||||||
|
## @param config.downloadMode.existingConfigMap.configMapName The name of the existing config map which should be used to mount the download mode file.
|
||||||
|
## @param config.downloadMode.existingConfigMap.downloadModeKey The name of the key inside the config map where the content of the download mode file is stored.
|
||||||
|
existingConfigMap:
|
||||||
|
enabled: false
|
||||||
|
configMapName: ""
|
||||||
|
downloadModeKey: "downloadMode"
|
||||||
|
|
||||||
|
## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file.
|
||||||
|
## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file.
|
||||||
|
## @skip config.downloadMode.configMap.content The content of the download mode file.
|
||||||
|
configMap:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
content: |
|
||||||
|
downloadURL = "https://proxy.golang.org"
|
||||||
|
|
||||||
service:
|
mode = "async_redirect"
|
||||||
|
|
||||||
|
# download "github.com/gomods/*" {
|
||||||
|
# mode = "sync"
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# download "golang.org/x/*" {
|
||||||
|
# mode = "none"
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# download "github.com/pkg/*" {
|
||||||
|
# mode = "redirect"
|
||||||
|
# downloadURL = "https://proxy.golang.org"
|
||||||
|
# }
|
||||||
|
|
||||||
|
gitConfig:
|
||||||
|
## @param config.gitConfig.enabled Enable mounting of a .gitconfig file into the container file system.
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
## @param config.gitConfig.existingConfigMap.enabled Enable to use an external config map for mounting the .gitconfig file.
|
||||||
|
## @param config.gitConfig.existingConfigMap.configMapName The name of the existing config map which should be used to mount the .gitconfig file.
|
||||||
|
## @param config.gitConfig.existingConfigMap.gitConfigKey The name of the key inside the config map where the content of the .gitconfig file is stored.
|
||||||
|
existingConfigMap:
|
||||||
|
enabled: false
|
||||||
|
configMapName: ""
|
||||||
|
gitConfigKey:
|
||||||
|
|
||||||
|
## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the .gitconfig file.
|
||||||
|
## @param config.gitConfig.configMap.labels Additional labels of the config map containing the .gitconfig file.
|
||||||
|
## @skip config.gitConfig.configMap.content The content of the .gitconfig file.
|
||||||
|
configMap:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
# externalIPs: []
|
labels: {}
|
||||||
# externalTrafficPolicy: "Cluster"
|
content: |
|
||||||
# loadBalancerClass: ""
|
# The .gitconfig file
|
||||||
# loadBalancerIP: ""
|
#
|
||||||
# loadBalancerSourceRanges: []
|
# The .gitconfig file contains the user specific git configuration. It generally resides in the user's home
|
||||||
# internalTrafficPolicy: "Cluster"
|
# directory.
|
||||||
name: http
|
#
|
||||||
targetPort: 3000
|
# [url "git@github.com:"] insteadOf = https://github.com/
|
||||||
type: ClusterIP
|
|
||||||
port: 3000
|
|
||||||
|
|
||||||
|
netrc:
|
||||||
|
## @param config.netrc.enabled Enable mounting of a .netrc file into the container file system.
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
## @param config.netrc.existingSecret.enabled Enable to use an external secret for mounting the .netrc file.
|
||||||
|
## @param config.netrc.existingSecret.secretName The name of the existing secret which should be used to mount the .netrc file.
|
||||||
|
## @param config.netrc.existingSecret.netrcKey The name of the key inside the secret where the content of the .netrc file is stored.
|
||||||
|
existingSecret:
|
||||||
|
enabled: false
|
||||||
|
secretName: ""
|
||||||
|
netrcKey: ".netrc"
|
||||||
|
|
||||||
|
## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials.
|
||||||
|
## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials.
|
||||||
|
## @skip config.netrc.secret.content The content of the .netrc file.
|
||||||
|
secret:
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
content: |
|
||||||
|
# The .netrc file
|
||||||
|
#
|
||||||
|
# The .netrc file contains login and initialization information used by the auto-login process. It generally
|
||||||
|
# resides in the user's home directory, but a location outside of the home directory can be set using the
|
||||||
|
# environment variable NETRC. Both locations are overridden by the command line option -N. The selected file
|
||||||
|
# must be a regular file, or access will be denied.
|
||||||
|
#
|
||||||
|
# https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
|
||||||
|
#
|
||||||
|
# default login [name] password [password/token]
|
||||||
|
# machine github.com [octocat] password [PAT]
|
||||||
|
# machine api.github.com [octocat] password [PAT]
|
||||||
|
|
||||||
|
ssh:
|
||||||
|
## @param config.ssh.enabled Enable mounting of a .netrc file into the container file system.
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
## @param config.ssh.existingSecret.enabled Enable to use an external secret for mounting the public and private SSH key files.
|
||||||
|
## @param config.ssh.existingSecret.secretName The name of the existing secret which should be used to mount the public and private SSH key files.
|
||||||
|
## @param config.ssh.existingSecret.configKey The name of the key inside the secret where the content of the SSH client config file is stored.
|
||||||
|
## @param config.ssh.existingSecret.id_ed25519Key The name of the key inside the secret where the content of the id_ed25519 key file is stored.
|
||||||
|
## @param config.ssh.existingSecret.id_ed25519PubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.
|
||||||
|
## @param config.ssh.existingSecret.id_rsaKey The name of the key inside the secret where the content of the id_rsa key file is stored.
|
||||||
|
## @param config.ssh.existingSecret.id_rsaPubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.
|
||||||
|
existingSecret:
|
||||||
|
enabled: false
|
||||||
|
secretName: ""
|
||||||
|
configKey: "config"
|
||||||
|
id_ed25519Key: "id_ed25519"
|
||||||
|
id_ed25519PubKey: "id_ed25519.pub"
|
||||||
|
id_rsaKey: "id_rsa"
|
||||||
|
id_rsaPubKey: "id_rsa.pub"
|
||||||
|
|
||||||
|
## @param config.ssh.secret.annotations Additional annotations of the secret containing the public and private SSH key files.
|
||||||
|
## @param config.ssh.secret.labels Additional labels of the secret containing the public and private SSH key files.
|
||||||
|
## @skip config.ssh.secret.config The content of the SSH client config file.
|
||||||
|
## @skip config.ssh.secret.id_ed25519 The content of the private SSH ed25519 key.
|
||||||
|
## @skip config.ssh.secret.id_ed25519_pub The content of the public SSH ed25519 key.
|
||||||
|
## @skip config.ssh.secret.id_rsa The content of the private SSH RSA key.
|
||||||
|
## @skip config.ssh.secret.id_rsa_pub The content of the public SSH RSA key.
|
||||||
|
secret:
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
config: |
|
||||||
|
# Host *
|
||||||
|
# IdentityFile ~/.ssh/id_ed25519
|
||||||
|
# IdentityFile ~/.ssh/id_rsa
|
||||||
|
id_ed25519: ""
|
||||||
|
id_ed25519_pub: ""
|
||||||
|
id_rsa: ""
|
||||||
|
id_rsa_pub: ""
|
||||||
|
|
||||||
|
## @section Deployment
|
||||||
|
deployment:
|
||||||
|
## @param deployment.annotations Additional deployment annotations.
|
||||||
|
## @param deployment.labels Additional deployment labels.
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
|
||||||
|
## @param deployment.additionalContainers List of additional containers.
|
||||||
|
additionalContainers: []
|
||||||
|
# - command: [ "sh", "-c", "echo hello world" ]
|
||||||
|
# image: "docker.io/library/busybox:latest"
|
||||||
|
# name: side-car
|
||||||
|
|
||||||
|
## @param deployment.affinity Affinity for the athens-proxy deployment.
|
||||||
|
affinity: {}
|
||||||
|
# nodeAffinity:
|
||||||
|
# requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
# nodeSelectorTerms:
|
||||||
|
# - matchExpressions:
|
||||||
|
# - key: kubernetes.io/os
|
||||||
|
# operator: In
|
||||||
|
# values:
|
||||||
|
# - linux
|
||||||
|
# preferredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
# - weight: 20
|
||||||
|
# preference:
|
||||||
|
# matchExpressions:
|
||||||
|
# - key: kubernetes.io/arch
|
||||||
|
# operator: In
|
||||||
|
# values:
|
||||||
|
# - amd64
|
||||||
|
|
||||||
|
## @param deployment.initContainers List of additional init containers.
|
||||||
|
initContainers: []
|
||||||
|
# - command: [ "sh", "-c", "echo hello world" ]
|
||||||
|
# image: "docker.io/library/busybox:latest"
|
||||||
|
# name: init
|
||||||
|
|
||||||
|
## @param deployment.dnsConfig dnsConfig of the athens-proxy deployment.
|
||||||
|
dnsConfig: {}
|
||||||
|
# nameservers:
|
||||||
|
# - 192.0.2.1 # this is an example
|
||||||
|
# searches:
|
||||||
|
# - ns1.svc.cluster-domain.example
|
||||||
|
# - my.dns.search.suffix
|
||||||
|
# options:
|
||||||
|
# - name: ndots
|
||||||
|
# value: "2"
|
||||||
|
# - name: edns0
|
||||||
|
|
||||||
|
## @param deployment.dnsPolicy dnsPolicy of the athens-proxy deployment.
|
||||||
|
dnsPolicy: ""
|
||||||
|
|
||||||
|
## @param deployment.hostname Individual hostname of the pod.
|
||||||
|
## @param deployment.subdomain Individual domain of the pod.
|
||||||
|
hostname: ""
|
||||||
|
subdomain: ""
|
||||||
|
|
||||||
|
## @param deployment.hostNetwork Use the kernel network namespace of the host system.
|
||||||
|
hostNetwork: false
|
||||||
|
|
||||||
|
## @param deployment.imagePullSecrets Secret to use for pulling the image.
|
||||||
|
imagePullSecrets: []
|
||||||
|
# - name: "my-custom-secret"
|
||||||
|
|
||||||
|
athensProxy:
|
||||||
|
## @param deployment.athensProxy.args Arguments passed to the athens-proxy container.
|
||||||
|
args: []
|
||||||
|
|
||||||
|
## @param deployment.athensProxy.command Command passed to the athens-proxy container.
|
||||||
|
command: []
|
||||||
|
|
||||||
|
## @param deployment.athensProxy.env List of environment variables for the athens-proxy container.
|
||||||
|
env: []
|
||||||
|
# - name: SPECIAL_ENV_A
|
||||||
|
# value: special-key
|
||||||
|
# - name: SPECIAL_ENV
|
||||||
|
# valueFrom:
|
||||||
|
# configMapKeyRef:
|
||||||
|
# name: special-config
|
||||||
|
# key: special-key
|
||||||
|
# - name: SPECIAL_ENV
|
||||||
|
# valueFrom:
|
||||||
|
# secretKeyRef:
|
||||||
|
# name: special-secret
|
||||||
|
# key: special-key
|
||||||
|
|
||||||
|
## @param deployment.athensProxy.envFrom List of environment variables mounted from configMaps or secrets for the athens-proxy container.
|
||||||
|
envFrom: []
|
||||||
|
# - configMapRef:
|
||||||
|
# name: special-config
|
||||||
|
# - secretRef:
|
||||||
|
# name: special-secret
|
||||||
|
|
||||||
|
## @param deployment.athensProxy.image.registry Image registry, eg. `docker.io`.
|
||||||
|
## @param deployment.athensProxy.image.repository Image repository, eg. `library/busybox`.
|
||||||
|
## @param deployment.athensProxy.image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`.
|
||||||
|
## @param deployment.athensProxy.image.pullPolicy Image pull policy.
|
||||||
|
image:
|
||||||
|
registry: docker.io
|
||||||
|
repository: gomods/athens
|
||||||
|
tag: ""
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
## @param deployment.athensProxy.resources CPU and memory resources of the pod.
|
||||||
|
resources: {}
|
||||||
|
# limits:
|
||||||
|
# cpu:
|
||||||
|
# ephemeral-storage:
|
||||||
|
# memory:
|
||||||
|
# requests:
|
||||||
|
# cpu:
|
||||||
|
# ephemeral-storage:
|
||||||
|
# memory:
|
||||||
|
|
||||||
|
## @param deployment.athensProxy.securityContext Security context of the container of the deployment.
|
||||||
|
securityContext: {}
|
||||||
|
# capabilities:
|
||||||
|
# add:
|
||||||
|
# - NET_RAW
|
||||||
|
# drop:
|
||||||
|
# - ALL
|
||||||
|
# privileged: false
|
||||||
|
# readOnlyRootFilesystem: true
|
||||||
|
# runAsNonRoot: true
|
||||||
|
# runAsUser: 1000
|
||||||
|
|
||||||
|
## @param deployment.athensProxy.volumeMounts Additional volume mounts.
|
||||||
|
volumeMounts: []
|
||||||
|
# - name: my-configmap-volume
|
||||||
|
# mountPath: /configmap
|
||||||
|
# readOnly: true
|
||||||
|
|
||||||
|
## @param deployment.nodeSelector NodeSelector of the athens-proxy deployment.
|
||||||
|
nodeSelector: {}
|
||||||
|
|
||||||
|
## @param deployment.priorityClassName PriorityClassName of the athens-proxy deployment.
|
||||||
|
priorityClassName: ""
|
||||||
|
|
||||||
|
## @param deployment.replicas Number of replicas for the athens-proxy deployment.
|
||||||
|
replicas: 1
|
||||||
|
|
||||||
|
## @param deployment.restartPolicy Restart policy of the athens-proxy deployment.
|
||||||
|
restartPolicy: ""
|
||||||
|
|
||||||
|
## @param deployment.securityContext Security context of the athens-proxy deployment.
|
||||||
|
securityContext: {}
|
||||||
|
# fsGroup: 2000
|
||||||
|
|
||||||
|
## @param deployment.strategy.type Strategy type - `Recreate` or `RollingUpdate`.
|
||||||
|
## @param deployment.strategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update.
|
||||||
|
## @param deployment.strategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update.
|
||||||
|
strategy:
|
||||||
|
type: "RollingUpdate"
|
||||||
|
rollingUpdate:
|
||||||
|
maxSurge: 1
|
||||||
|
maxUnavailable: 1
|
||||||
|
|
||||||
|
## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod.
|
||||||
|
terminationGracePeriodSeconds: 60
|
||||||
|
|
||||||
|
## @param deployment.tolerations Tolerations of the athens-proxy deployment.
|
||||||
|
tolerations: []
|
||||||
|
# - key: database/type
|
||||||
|
# operator: Equal
|
||||||
|
# value: postgres
|
||||||
|
# effect: NoSchedule
|
||||||
|
|
||||||
|
## @param deployment.topologySpreadConstraints TopologySpreadConstraints of the athens-proxy deployment.
|
||||||
|
topologySpreadConstraints: []
|
||||||
|
# - topologyKey: kubernetes.io/hostname
|
||||||
|
# whenUnsatisfiable: DoNotSchedule
|
||||||
|
# labelSelector:
|
||||||
|
# matchLabels:
|
||||||
|
# app.kubernetes.io/instance: athens-proxy
|
||||||
|
|
||||||
|
## @param deployment.volumes Additional volumes to mount into the pods of the athens-proxy deployment.
|
||||||
|
volumes: []
|
||||||
|
# - name: my-configmap-volume
|
||||||
|
# config:
|
||||||
|
# name: my-configmap
|
||||||
|
# - name: my-secret-volume
|
||||||
|
# secret:
|
||||||
|
# secretName: my-secret
|
||||||
|
|
||||||
|
## @section Horizontal Pod Autoscaler (HPA)
|
||||||
|
# In order for the HPA to function successfully, a metric server is required, especially for resource consumption. The
|
||||||
|
# metric server enables the CPU and memory utilisation to be recorded. If such a metric server is not available, the HPA
|
||||||
|
# cannot scale pods based on CPU or memory utilisation. Further information be be found here:
|
||||||
|
# https://github.com/kubernetes-sigs/metrics-server#deployment
|
||||||
|
hpa:
|
||||||
|
## @param hpa.enabled Enable the horizontal pod autoscaler (HPA).
|
||||||
|
## @param hpa.annotations Additional annotations for the HPA.
|
||||||
|
## @param hpa.labels Additional labels for the HPA.
|
||||||
|
## @param hpa.metrics Metrics contains the specifications for which to use to calculate the desired replica count.
|
||||||
|
## @skip hpa.metrics Skip individual HPA metric configurations.
|
||||||
|
## @param hpa.minReplicas Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down.
|
||||||
|
## @param hpa.maxReplicas Upper limit for the number of pods that can be set by the autoscaler.
|
||||||
|
enabled: false
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
metrics:
|
||||||
|
- resource:
|
||||||
|
name: cpu
|
||||||
|
target:
|
||||||
|
averageUtilization: 65
|
||||||
|
type: Utilization
|
||||||
|
type: Resource
|
||||||
|
# - resource:
|
||||||
|
# name: memory
|
||||||
|
# target:
|
||||||
|
# averageUtilization: 65
|
||||||
|
# type: Utilization
|
||||||
|
minReplicas: 1
|
||||||
|
maxReplicas: 10
|
||||||
|
|
||||||
|
## @section Ingress
|
||||||
ingress:
|
ingress:
|
||||||
|
## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled.
|
||||||
|
## @param ingress.className Ingress class.
|
||||||
|
## @param ingress.annotations Additional ingress annotations.
|
||||||
|
## @param ingress.labels Additional ingress labels.
|
||||||
enabled: false
|
enabled: false
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations: {}
|
annotations: {}
|
||||||
# kubernetes.io/ingress.class: nginx
|
labels: {}
|
||||||
# cert-manager.io/issuer:
|
|
||||||
# kubernetes.io/tls-acme: "true"
|
|
||||||
hosts:
|
|
||||||
- host: "your-hostname"
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: ImplementationSpecific
|
|
||||||
tls:
|
|
||||||
- secretName: "your-tls-secret"
|
|
||||||
hosts:
|
|
||||||
- "your-hostname"
|
|
||||||
|
|
||||||
resources: {}
|
## @param ingress.hosts Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k.
|
||||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
## @skip ingress.hosts Skip individual host configuration.
|
||||||
# choice for the user. This also increases chances charts run on environments with little
|
hosts: []
|
||||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
# - host: athens-proxy.example.local
|
||||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
# paths:
|
||||||
# limits:
|
# - path: /
|
||||||
# cpu: 100m
|
# pathType: Prefix
|
||||||
# memory: 128Mi
|
|
||||||
# requests:
|
|
||||||
# cpu: 100m
|
|
||||||
# memory: 128Mi
|
|
||||||
|
|
||||||
nodeSelector:
|
## @param ingress.tls Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``.
|
||||||
kubernetes.io/arch: amd64
|
## @skip ingress.tls Skip individual TLS configuration.
|
||||||
|
tls: []
|
||||||
|
# - secretName: athens-proxy-http-tls
|
||||||
|
# hosts:
|
||||||
|
# - athens-proxy.example.local
|
||||||
|
|
||||||
tolerations: []
|
## @section Persistence
|
||||||
|
persistence:
|
||||||
|
## @param persistence.enabled Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined.
|
||||||
|
enabled: false
|
||||||
|
|
||||||
# extra volumes for the pod
|
data:
|
||||||
extraVolumes: {}
|
## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`.
|
||||||
# The following example mount the same secret, which contains tls certificates
|
mountPath: "/var/www/athens-proxy/data"
|
||||||
# under different names. Each volume mount contains only selected items of the
|
|
||||||
# secret. This make it easier to place the items on different locations inside the
|
|
||||||
# container filesystem via extraVolumeMounts.
|
|
||||||
# - name: custom-ca-anchor
|
|
||||||
# secret:
|
|
||||||
# secretName: athens-proxy-custom-tls-certificates
|
|
||||||
# items:
|
|
||||||
# - key: ca.crt
|
|
||||||
# path: ca.crt
|
|
||||||
# mode: 0444
|
|
||||||
# - name: custom-tls-certificates
|
|
||||||
# secret:
|
|
||||||
# secretName: athens-proxy-custom-tls-certificates
|
|
||||||
# items:
|
|
||||||
# - key: tls.key
|
|
||||||
# path: tls.key
|
|
||||||
# mode: 0400
|
|
||||||
# - key: tls.crt
|
|
||||||
# path: tls.crt
|
|
||||||
# mode: 0444
|
|
||||||
|
|
||||||
extraVolumeMounts: {}
|
## @param persistence.data.existingPersistentVolumeClaim.enabled Use an existing persistent volume claim.
|
||||||
# The following example follows the example of extraVolumes and mounts the
|
## @param persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName The name of the existing persistent volume claim.
|
||||||
# volumes to the corresponding paths in the container filesystem.
|
existingPersistentVolumeClaim:
|
||||||
# - name: custom-ca-anchor
|
enabled: false
|
||||||
# mountPath: /usr/local/share/ca-certificates
|
persistentVolumeClaimName: ""
|
||||||
# - name: custom-tls-certificates
|
|
||||||
# mountPath: /etc/athens-proxy/tls
|
## @param persistence.data.persistentVolumeClaim.annotations Additional persistent volume claim annotations.
|
||||||
|
## @param persistence.data.persistentVolumeClaim.labels Additional persistent volume claim labels.
|
||||||
|
## @param persistence.data.persistentVolumeClaim.accessModes Access modes of the persistent volume claim.
|
||||||
|
## @param persistence.data.persistentVolumeClaim.storageClassName Storage class of the persistent volume claim.
|
||||||
|
## @param persistence.data.persistentVolumeClaim.storageSize Size of the persistent volume claim.
|
||||||
|
persistentVolumeClaim:
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteMany
|
||||||
|
storageClassName: ""
|
||||||
|
storageSize: "5Gi"
|
||||||
|
|
||||||
|
## @section Network
|
||||||
|
## @param clusterDomain Domain of the Cluster. Domain is part of internally issued certificates.
|
||||||
|
clusterDomain: "cluster.local"
|
||||||
|
|
||||||
|
## @section Network Policy
|
||||||
|
networkPolicy:
|
||||||
|
## @param networkPolicy.enabled Enable network policies in general.
|
||||||
|
## @param networkPolicy.annotations Additional network policy annotations.
|
||||||
|
## @param networkPolicy.labels Additional network policy labels.
|
||||||
|
## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
|
||||||
|
## @param networkPolicy.egress Concrete egress network policy implementation.
|
||||||
|
## @skip networkPolicy.egress Skip individual egress configuration.
|
||||||
|
## @param networkPolicy.ingress Concrete ingress network policy implementation.
|
||||||
|
## @skip networkPolicy.ingress Skip individual ingress configuration.
|
||||||
|
enabled: false
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
policyTypes: []
|
||||||
|
# - Egress
|
||||||
|
# - Ingress
|
||||||
|
egress: []
|
||||||
|
# Allow outgoing HTTPS traffic to external go module servers
|
||||||
|
#
|
||||||
|
# - ports:
|
||||||
|
# - port: 443
|
||||||
|
# protocol: TCP
|
||||||
|
|
||||||
|
# Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
|
||||||
|
#
|
||||||
|
# - to:
|
||||||
|
# - namespaceSelector:
|
||||||
|
# matchLabels:
|
||||||
|
# kubernetes.io/metadata.name: kube-system
|
||||||
|
# podSelector:
|
||||||
|
# matchLabels:
|
||||||
|
# k8s-app: kube-dns
|
||||||
|
# ports:
|
||||||
|
# - port: 53
|
||||||
|
# protocol: TCP
|
||||||
|
# - port: 53
|
||||||
|
# protocol: UDP
|
||||||
|
|
||||||
|
ingress: []
|
||||||
|
# Allow incoming HTTP traffic from prometheus.
|
||||||
|
#
|
||||||
|
# - from:
|
||||||
|
# - namespaceSelector:
|
||||||
|
# matchLabels:
|
||||||
|
# kubernetes.io/metadata.name: monitoring
|
||||||
|
# podSelector:
|
||||||
|
# matchLabels:
|
||||||
|
# app.kubernetes.io/name: prometheus
|
||||||
|
# ports:
|
||||||
|
# - port: http
|
||||||
|
# protocol: TCP
|
||||||
|
|
||||||
|
# Allow incoming HTTP traffic from ingress-nginx.
|
||||||
|
#
|
||||||
|
# - from:
|
||||||
|
# - namespaceSelector:
|
||||||
|
# matchLabels:
|
||||||
|
# kubernetes.io/metadata.name: ingress-nginx
|
||||||
|
# podSelector:
|
||||||
|
# matchLabels:
|
||||||
|
# app.kubernetes.io/name: ingress-nginx
|
||||||
|
# ports:
|
||||||
|
# - port: http
|
||||||
|
# protocol: TCP
|
||||||
|
|
||||||
|
## @section Service
|
||||||
|
## @param services.http.enabled Enable the service.
|
||||||
|
## @param services.http.annotations Additional service annotations.
|
||||||
|
## @param services.http.externalIPs External IPs for the service.
|
||||||
|
## @param services.http.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation.
|
||||||
|
## @param services.http.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic.
|
||||||
|
## @param services.http.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization.
|
||||||
|
## @param services.http.labels Additional service labels.
|
||||||
|
## @param services.http.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`.
|
||||||
|
## @param services.http.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.
|
||||||
|
## @param services.http.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.
|
||||||
|
## @param services.http.port Port to forward the traffic to.
|
||||||
|
## @param services.http.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.
|
||||||
|
## @param services.http.sessionAffinityConfig Contains the configuration of the session affinity.
|
||||||
|
## @param services.http.type Kubernetes service type for the traffic.
|
||||||
|
services:
|
||||||
|
http:
|
||||||
|
enabled: true
|
||||||
|
annotations: {}
|
||||||
|
externalIPs: []
|
||||||
|
externalTrafficPolicy: "Cluster"
|
||||||
|
internalTrafficPolicy: "Cluster"
|
||||||
|
ipFamilies: []
|
||||||
|
labels: {}
|
||||||
|
loadBalancerClass: ""
|
||||||
|
loadBalancerIP: ""
|
||||||
|
loadBalancerSourceRanges: []
|
||||||
|
port: 3000
|
||||||
|
sessionAffinity: "None"
|
||||||
|
sessionAffinityConfig: {}
|
||||||
|
type: "ClusterIP"
|
||||||
|
|
||||||
|
## @section ServiceAccount
|
||||||
|
serviceAccount:
|
||||||
|
## @param serviceAccount.existing.enabled Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations.
|
||||||
|
## @param serviceAccount.existing.serviceAccountName Name of the existing service account.
|
||||||
|
existing:
|
||||||
|
enabled: false
|
||||||
|
serviceAccountName: ""
|
||||||
|
|
||||||
|
## @param serviceAccount.new.annotations Additional service account annotations.
|
||||||
|
## @param serviceAccount.new.labels Additional service account labels.
|
||||||
|
## @param serviceAccount.new.automountServiceAccountToken Enable/disable auto mounting of the service account token.
|
||||||
|
## @param serviceAccount.new.imagePullSecrets ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount.
|
||||||
|
## @param serviceAccount.new.secrets Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.
|
||||||
|
new:
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
automountServiceAccountToken: true
|
||||||
|
imagePullSecrets: []
|
||||||
|
# - name: "my-image-pull-secret"
|
||||||
|
secrets: []
|
||||||
|
# - name: "my-secret"
|
||||||
|
# namespace: "my-namespace"
|
||||||
|
# fieldPath: "my-field"
|
||||||
|
Reference in New Issue
Block a user