You've already forked athens-proxy-charts
							
							Compare commits
	
		
			122 Commits
		
	
	
		
			0.1.4
			...
			d7222794ca
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| d7222794ca | |||
| 4974d63a8c | |||
| 1bbd0352c3 | |||
| ccdf377aaa | |||
| 64790fc316 | |||
| 2c88d6698b | |||
| 9abdb1ca3a | |||
| 81f14405fd | |||
| 7b37bfc373 | |||
| bba0df90ff | |||
| cb312817c3 | |||
| fe428d83d2 | |||
| 4c94529eab | |||
| 297f36920a | |||
| 4102fc9014 | |||
| be923ed95f | |||
| f07ff039ce | |||
| a11be194cc | |||
| 7908de9313 | |||
| adfe40a9c7 | |||
| eadbcf243b | |||
| 0caa188bb1 | |||
| 3bce806ed6 | |||
| 5c09cf8c79 | |||
| d4b5c0c86f | |||
| 74598b4ee0 | |||
| b06c1962cc | |||
| 991c545c93 | |||
| 7c60c70244 | |||
| 0e048cdf4b | |||
| 89604cbe64 | |||
| f63450aec4 | |||
| d1e5accccb | |||
| fbd846784c | |||
| bab5282617 | |||
| 307660c767 | |||
| 59b43aac79 | |||
| 85a38e7d22 | |||
| 2005fb8e05 | |||
| 5f78a0f071 | |||
| c157c8c210 | |||
| 5b9fa88dd6 | |||
| 458037db70 | |||
| b1bb94f0bd | |||
| 62a92fdabb | |||
| a01b0143c0 | |||
| 953fd85f53 | |||
| bf721d8af1 | |||
| 60fdfd90e1 | |||
| 71164d60ae | |||
| a00d40b792 | |||
| d02f63be7a | |||
| 744938f8f4 | |||
| e3185b2482 | |||
| e2fab050d3 | |||
| 83336c7f87 | |||
| 1e2a31edaa | |||
| 0b39de958a | |||
| a0abe49b23 | |||
| cc46ad7af1 | |||
| cd9a843a96 | |||
| 6b0d2ff350 | |||
| ccd7c9a1cd | |||
| b169136c37 | |||
| 9b4a708f29 | |||
| 053036bcd5 | |||
| 783e244cd3 | |||
| 41da943040 | |||
| 9ef0317677 | |||
| 5a890741e4 | |||
| cd16ddc5d8 | |||
| fd4c9d7e62 | |||
| 265ac3d9a9 | |||
| 7d20373804 | |||
| 2117bbed96 | |||
| a47f528585 | |||
| 716f6b06c3 | |||
| ee5111da20 | |||
| d954b2e3e7 | |||
| 840ee10717 | |||
| c5772856e3 | |||
| f047c145e2 | |||
| 7c0c6f4270 | |||
| 3cab48dd3c | |||
| 50e21e10d8 | |||
| 5b70f5e5fa | |||
| 09d205316e | |||
| c1e686fc2d | |||
| cfb5978593 | |||
| e04a9baec1 | |||
| 72908cae0b | |||
| 8c6f4db7f5 | |||
| 5eae090f40 | |||
| 60ed4abe97 | |||
| 1179b51895 | |||
| 1fcf9e7d4b | |||
| 00c2f285b1 | |||
| 1077afb673 | |||
| a4d1611f44 | |||
| 0950a51229 | |||
| ee9fa20df4 | |||
| 848f9c9fd8 | |||
| 2889a5390c | |||
| 14987d7265 | |||
| f9c03e8be4 | |||
| 055bcadd16 | |||
| 45d2cf7183 | |||
| 07c2bc6b72 | |||
| 9a58ec7806 | |||
| 55bb771c26 | |||
| e709d68cb8 | |||
| 1c22e90d85 | |||
| 6ef34f5f60 | |||
| 76593b2109 | |||
| cb9612fe74 | |||
| bd3e0cf62f | |||
| 560234e9c0 | |||
| 9707a79840 | |||
| 5dbc250d7f | |||
| 603fe6c96d | |||
| 122e2e1417 | |||
| d571c1e027 | 
							
								
								
									
										106
									
								
								.drone.yml
									
									
									
									
									
								
							
							
						
						
									
										106
									
								
								.drone.yml
									
									
									
									
									
								
							| @@ -1,106 +0,0 @@ | |||||||
| --- |  | ||||||
| kind: pipeline |  | ||||||
| type: kubernetes |  | ||||||
| name: linter |  | ||||||
|  |  | ||||||
| clone: |  | ||||||
|   disable: true |  | ||||||
|  |  | ||||||
| platform: |  | ||||||
|   os: linux |  | ||||||
|   arch: amd64 |  | ||||||
|  |  | ||||||
| steps: |  | ||||||
| - name: clone |  | ||||||
|   image: git.cryptic.systems/volker.raschek/git:1.3.1 |  | ||||||
|  |  | ||||||
| - name: helm lint |  | ||||||
|   commands: |  | ||||||
|   - helm lint |  | ||||||
|   image: git.cryptic.systems/volker.raschek/helm:3.14.1 |  | ||||||
|   resources: |  | ||||||
|     limits: |  | ||||||
|       cpu: 150 |  | ||||||
|       memory: 150M |  | ||||||
|  |  | ||||||
| - name: markdown lint |  | ||||||
|   commands: |  | ||||||
|   - markdownlint *.md |  | ||||||
|   image: git.cryptic.systems/volker.raschek/markdownlint:0.39.0 |  | ||||||
|   resources: |  | ||||||
|     limits: |  | ||||||
|       cpu: 150 |  | ||||||
|       memory: 150M |  | ||||||
|  |  | ||||||
| - name: helm template |  | ||||||
|   commands: |  | ||||||
|   - helm template . |  | ||||||
|   image: git.cryptic.systems/volker.raschek/helm:3.14.1 |  | ||||||
|   resources: |  | ||||||
|     limits: |  | ||||||
|       cpu: 150 |  | ||||||
|       memory: 150M |  | ||||||
|  |  | ||||||
| - name: email-notification |  | ||||||
|   environment: |  | ||||||
|     SMTP_FROM_ADDRESS: |  | ||||||
|       from_secret: smtp_from_address |  | ||||||
|     SMTP_FROM_NAME: |  | ||||||
|       from_secret: smtp_from_name |  | ||||||
|     SMTP_HOST: |  | ||||||
|       from_secret: smtp_host |  | ||||||
|     SMTP_USERNAME: |  | ||||||
|       from_secret: smtp_username |  | ||||||
|     SMTP_PASSWORD: |  | ||||||
|       from_secret: smtp_password |  | ||||||
|   image: git.cryptic.systems/volker.raschek/drone-email:0.1.5 |  | ||||||
|   resources: |  | ||||||
|     limits: |  | ||||||
|       cpu: 150 |  | ||||||
|       memory: 150M |  | ||||||
|   when: |  | ||||||
|     status: |  | ||||||
|     - changed |  | ||||||
|     - failure |  | ||||||
|  |  | ||||||
| trigger: |  | ||||||
|   event: |  | ||||||
|     exclude: |  | ||||||
|     - tag |  | ||||||
|  |  | ||||||
| --- |  | ||||||
| kind: pipeline |  | ||||||
| type: kubernetes |  | ||||||
| name: release |  | ||||||
|  |  | ||||||
| clone: |  | ||||||
|   disable: true |  | ||||||
|  |  | ||||||
| platform: |  | ||||||
|   os: linux |  | ||||||
|  |  | ||||||
| steps: |  | ||||||
| - name: clone |  | ||||||
|   image: git.cryptic.systems/volker.raschek/git:1.3.1 |  | ||||||
|  |  | ||||||
| - name: release-helm-chart |  | ||||||
|   commands: |  | ||||||
|   - helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek |  | ||||||
|   - helm package --version ${DRONE_TAG} . |  | ||||||
|   - helm cm-push ${DRONE_REPO_NAME%-charts}-${DRONE_TAG}.tgz volker.raschek |  | ||||||
|   environment: |  | ||||||
|     HELM_REPO_PASSWORD: |  | ||||||
|       from_secret: helm_repo_password |  | ||||||
|     HELM_REPO_USERNAME: |  | ||||||
|       from_secret: helm_repo_username |  | ||||||
|   image: git.cryptic.systems/volker.raschek/helm:3.14.1 |  | ||||||
|   resources: |  | ||||||
|     limits: |  | ||||||
|       cpu: 150 |  | ||||||
|       memory: 150M |  | ||||||
|  |  | ||||||
| trigger: |  | ||||||
|   event: |  | ||||||
|   - tag |  | ||||||
|   repo: |  | ||||||
|   - volker.raschek/athens-proxy-charts |  | ||||||
| @@ -1,6 +1,3 @@ | |||||||
| # EditorConfig is awesome: https://EditorConfig.org |  | ||||||
|  |  | ||||||
| # top-most EditorConfig file |  | ||||||
| root = true | root = true | ||||||
|  |  | ||||||
| [*] | [*] | ||||||
| @@ -10,3 +7,6 @@ end_of_line = lf | |||||||
| charset = utf-8 | charset = utf-8 | ||||||
| trim_trailing_whitespace = true | trim_trailing_whitespace = true | ||||||
| insert_final_newline = false | insert_final_newline = false | ||||||
|  |  | ||||||
|  | [Makefile] | ||||||
|  | indent_style = tab | ||||||
							
								
								
									
										114
									
								
								.gitea/scripts/add-annotations.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										114
									
								
								.gitea/scripts/add-annotations.sh
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,114 @@ | |||||||
|  | #!/bin/bash | ||||||
|  |  | ||||||
|  | set -e | ||||||
|  |  | ||||||
|  | CHART_FILE="Chart.yaml" | ||||||
|  | if [ ! -f "${CHART_FILE}" ]; then | ||||||
|  |   echo "ERROR: ${CHART_FILE} not found!" 1>&2 | ||||||
|  |   exit 1 | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)" | ||||||
|  | DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)" | ||||||
|  |  | ||||||
|  | if [ -z "${1}" ]; then | ||||||
|  |   read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG | ||||||
|  |   if [ -z "${OLD_TAG}" ]; then | ||||||
|  |     OLD_TAG="${DEFAULT_OLD_TAG}" | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   while [ -z "$(git tag --list "${OLD_TAG}")" ]; do | ||||||
|  |     echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2 | ||||||
|  |     read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG | ||||||
|  |     if [ -z "${OLD_TAG}" ]; then | ||||||
|  |       OLD_TAG="${DEFAULT_OLD_TAG}" | ||||||
|  |     fi | ||||||
|  |   done | ||||||
|  | else | ||||||
|  |   OLD_TAG=${1} | ||||||
|  |   if [ -z "$(git tag --list "${OLD_TAG}")" ]; then | ||||||
|  |     echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2 | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | if [ -z "${2}" ]; then | ||||||
|  |   read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG | ||||||
|  |   if [ -z "${NEW_TAG}" ]; then | ||||||
|  |     NEW_TAG="${DEFAULT_NEW_TAG}" | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   while [ -z "$(git tag --list "${NEW_TAG}")" ]; do | ||||||
|  |     echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2 | ||||||
|  |     read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG | ||||||
|  |     if [ -z "${NEW_TAG}" ]; then | ||||||
|  |       NEW_TAG="${DEFAULT_NEW_TAG}" | ||||||
|  |     fi | ||||||
|  |   done | ||||||
|  | else | ||||||
|  |   NEW_TAG=${2} | ||||||
|  |  | ||||||
|  |   if [ -z "$(git tag --list "${NEW_TAG}")" ]; then | ||||||
|  |     echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2 | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | CHANGE_LOG_YAML=$(mktemp) | ||||||
|  | echo "[]" > "${CHANGE_LOG_YAML}" | ||||||
|  |  | ||||||
|  | function map_type_to_kind() { | ||||||
|  |   case "${1}" in | ||||||
|  |     feat) | ||||||
|  |       echo "added" | ||||||
|  |     ;; | ||||||
|  |     fix) | ||||||
|  |       echo "fixed" | ||||||
|  |     ;; | ||||||
|  |     chore|style|test|ci|docs|refac) | ||||||
|  |       echo "changed" | ||||||
|  |     ;; | ||||||
|  |     revert) | ||||||
|  |       echo "removed" | ||||||
|  |     ;; | ||||||
|  |     sec) | ||||||
|  |       echo "security" | ||||||
|  |     ;; | ||||||
|  |     *) | ||||||
|  |       echo "skip" | ||||||
|  |     ;; | ||||||
|  |   esac | ||||||
|  | } | ||||||
|  |  | ||||||
|  | COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")" | ||||||
|  |  | ||||||
|  | echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}" | ||||||
|  |  | ||||||
|  | while IFS= read -r line; do | ||||||
|  |   if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then | ||||||
|  |     TYPE="${BASH_REMATCH[1]}" | ||||||
|  |     KIND=$(map_type_to_kind "${TYPE}") | ||||||
|  |  | ||||||
|  |     if [ "${KIND}" == "skip" ]; then | ||||||
|  |       continue | ||||||
|  |     fi | ||||||
|  |  | ||||||
|  |     DESC="${BASH_REMATCH[3]}" | ||||||
|  |  | ||||||
|  |     echo "- ${KIND}: ${DESC}" | ||||||
|  |  | ||||||
|  |     jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new" | ||||||
|  |     mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}" | ||||||
|  |  | ||||||
|  |   fi | ||||||
|  | done <<< "${COMMIT_TITLES}" | ||||||
|  |  | ||||||
|  | if [ -s "${CHANGE_LOG_YAML}" ]; then | ||||||
|  |   yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}" | ||||||
|  |   yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}" | ||||||
|  | else | ||||||
|  |   echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2 | ||||||
|  |   exit 1 | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | rm "${CHANGE_LOG_YAML}" | ||||||
							
								
								
									
										32
									
								
								.gitea/workflows/generate-readme.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								.gitea/workflows/generate-readme.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,32 @@ | |||||||
|  | name: Generate README | ||||||
|  |  | ||||||
|  | on: | ||||||
|  |   pull_request: | ||||||
|  |     paths: [ "README.md", "values.yaml" ] | ||||||
|  |     types: [ "opened", "reopened", "synchronize" ] | ||||||
|  |   push: | ||||||
|  |     branches: | ||||||
|  |     - '**' | ||||||
|  |     paths: [ "README.md", "values.yaml" ] | ||||||
|  |     tags-ignore: | ||||||
|  |     - '**' | ||||||
|  |   workflow_dispatch: {} | ||||||
|  |  | ||||||
|  | jobs: | ||||||
|  |   generate-parameters: | ||||||
|  |     container: | ||||||
|  |       image: docker.io/library/node:25.0.0-alpine | ||||||
|  |     runs-on: | ||||||
|  |     - ubuntu-latest | ||||||
|  |     steps: | ||||||
|  |     - name: Install tooling | ||||||
|  |       run: | | ||||||
|  |         apk update | ||||||
|  |         apk add git npm | ||||||
|  |     - uses: actions/checkout@v5.0.0 | ||||||
|  |     - name: Generate parameter section in README | ||||||
|  |       run: | | ||||||
|  |         npm install | ||||||
|  |         npm run readme:parameters | ||||||
|  |     - name: Compare diff | ||||||
|  |       run: git diff --exit-code --name-only README.md | ||||||
							
								
								
									
										42
									
								
								.gitea/workflows/helm.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										42
									
								
								.gitea/workflows/helm.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,42 @@ | |||||||
|  | name: Helm | ||||||
|  |  | ||||||
|  | on: | ||||||
|  |   pull_request: | ||||||
|  |     types: [ "opened", "reopened", "synchronize" ] | ||||||
|  |   push: | ||||||
|  |     branches: | ||||||
|  |     - '**' | ||||||
|  |     tags-ignore: | ||||||
|  |     - '**' | ||||||
|  |   workflow_dispatch: {} | ||||||
|  |  | ||||||
|  | jobs: | ||||||
|  |   helm-lint: | ||||||
|  |     container: | ||||||
|  |       image: docker.io/volkerraschek/helm:3.19.0 | ||||||
|  |     runs-on: | ||||||
|  |     - ubuntu-latest | ||||||
|  |     steps: | ||||||
|  |     - name: Install tooling | ||||||
|  |       run: | | ||||||
|  |         apk update | ||||||
|  |         apk add git npm | ||||||
|  |     - uses: actions/checkout@v5.0.0 | ||||||
|  |     - name: Lint helm files | ||||||
|  |       run: | | ||||||
|  |         helm lint --values values.yaml . | ||||||
|  |  | ||||||
|  |   helm-unittest: | ||||||
|  |     container: | ||||||
|  |       image: docker.io/volkerraschek/helm:3.19.0 | ||||||
|  |     runs-on: | ||||||
|  |     - ubuntu-latest | ||||||
|  |     steps: | ||||||
|  |     - name: Install tooling | ||||||
|  |       run: | | ||||||
|  |         apk update | ||||||
|  |         apk add git npm | ||||||
|  |     - uses: actions/checkout@v5.0.0 | ||||||
|  |     - name: Unittest | ||||||
|  |       run: | | ||||||
|  |         helm unittest --strict --file 'unittests/**/*.yaml' ./ | ||||||
							
								
								
									
										46
									
								
								.gitea/workflows/markdown-linters.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										46
									
								
								.gitea/workflows/markdown-linters.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,46 @@ | |||||||
|  | name: Markdown linter | ||||||
|  |  | ||||||
|  | on: | ||||||
|  |   pull_request: | ||||||
|  |     paths: [ "**/*.md" ] | ||||||
|  |     types: [ "opened", "reopened", "synchronize" ] | ||||||
|  |   push: | ||||||
|  |     branches: | ||||||
|  |     - '**' | ||||||
|  |     paths: [ "**/*.md" ] | ||||||
|  |     tags-ignore: | ||||||
|  |     - '**' | ||||||
|  |   workflow_dispatch: {} | ||||||
|  |  | ||||||
|  | jobs: | ||||||
|  |   markdown-link-checker: | ||||||
|  |     container: | ||||||
|  |       image: docker.io/library/node:25.0.0-alpine | ||||||
|  |     runs-on: | ||||||
|  |     - ubuntu-latest | ||||||
|  |     steps: | ||||||
|  |     - name: Install tooling | ||||||
|  |       run: | | ||||||
|  |         apk update | ||||||
|  |         apk add git npm | ||||||
|  |     - uses: actions/checkout@v5.0.0 | ||||||
|  |     - name: Verify links in markdown files | ||||||
|  |       run: | | ||||||
|  |         npm install | ||||||
|  |         npm run readme:link | ||||||
|  |  | ||||||
|  |   markdown-lint: | ||||||
|  |     container: | ||||||
|  |       image: docker.io/library/node:25.0.0-alpine | ||||||
|  |     runs-on: | ||||||
|  |     - ubuntu-latest | ||||||
|  |     steps: | ||||||
|  |     - name: Install tooling | ||||||
|  |       run: | | ||||||
|  |         apk update | ||||||
|  |         apk add git | ||||||
|  |     - uses: actions/checkout@v5.0.0 | ||||||
|  |     - name: Lint markdown files | ||||||
|  |       run: | | ||||||
|  |         npm install | ||||||
|  |         npm run readme:lint | ||||||
							
								
								
									
										61
									
								
								.gitea/workflows/release.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										61
									
								
								.gitea/workflows/release.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,61 @@ | |||||||
|  | name: Release | ||||||
|  |  | ||||||
|  | on: | ||||||
|  |   push: | ||||||
|  |     tags: | ||||||
|  |     - "**" | ||||||
|  |  | ||||||
|  | jobs: | ||||||
|  |   publish-chart: | ||||||
|  |     container: | ||||||
|  |       image: docker.io/volkerraschek/helm:3.19.0 | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     steps: | ||||||
|  |       - name: Install packages via apk | ||||||
|  |         run: | | ||||||
|  |           apk update | ||||||
|  |           apk add git npm jq yq | ||||||
|  |  | ||||||
|  |       - uses: actions/checkout@v5.0.0 | ||||||
|  |         with: | ||||||
|  |           fetch-depth: 0 | ||||||
|  |  | ||||||
|  |       - name: Add Artifacthub.io annotations | ||||||
|  |         run: | | ||||||
|  |           NEW_TAG="$(git tag --sort=-version:refname | head -n 1)" | ||||||
|  |           OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)" | ||||||
|  |           .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}" | ||||||
|  |  | ||||||
|  |       - name: Extract meta information | ||||||
|  |         run: | | ||||||
|  |           echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | ||||||
|  |           echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV | ||||||
|  |           echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV | ||||||
|  |  | ||||||
|  |       - name: Update Helm Chart version in README.md | ||||||
|  |         run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md | ||||||
|  |  | ||||||
|  |       - name: Package chart | ||||||
|  |         run: | | ||||||
|  |           helm dependency build | ||||||
|  |           helm package --version "${PACKAGE_VERSION}" ./ | ||||||
|  |  | ||||||
|  |       - name: Upload Chart to ChartMuseum | ||||||
|  |         env: | ||||||
|  |           CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }} | ||||||
|  |           CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} | ||||||
|  |           CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }} | ||||||
|  |           CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }} | ||||||
|  |         run: | | ||||||
|  |           helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY} | ||||||
|  |           helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum | ||||||
|  |           helm repo remove chartmuseum | ||||||
|  |  | ||||||
|  |       - name: Upload Chart to Gitea | ||||||
|  |         env: | ||||||
|  |           GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} | ||||||
|  |           GITEA_SERVER_URL: ${{ github.server_url }} | ||||||
|  |         run: | | ||||||
|  |           helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm | ||||||
|  |           helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea | ||||||
|  |           helm repo remove gitea | ||||||
							
								
								
									
										8
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										8
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @@ -1,3 +1,9 @@ | |||||||
| *.tgz | charts | ||||||
|  | node_modules | ||||||
|  | target | ||||||
| values2.yml | values2.yml | ||||||
| values2.yaml | values2.yaml | ||||||
|  | *.tgz | ||||||
|  |  | ||||||
|  | install.sh | ||||||
|  | uninstall.sh | ||||||
							
								
								
									
										32
									
								
								.helmignore
									
									
									
									
									
								
							
							
						
						
									
										32
									
								
								.helmignore
									
									
									
									
									
								
							| @@ -2,6 +2,7 @@ | |||||||
| # This supports shell glob matching, relative path matching, and | # This supports shell glob matching, relative path matching, and | ||||||
| # negation (prefixed with !). Only one pattern per line. | # negation (prefixed with !). Only one pattern per line. | ||||||
| .DS_Store | .DS_Store | ||||||
|  |  | ||||||
| # Common VCS dirs | # Common VCS dirs | ||||||
| .git/ | .git/ | ||||||
| .gitignore | .gitignore | ||||||
| @@ -10,23 +11,50 @@ | |||||||
| .hg/ | .hg/ | ||||||
| .hgignore | .hgignore | ||||||
| .svn/ | .svn/ | ||||||
|  |  | ||||||
| # Common backup files | # Common backup files | ||||||
| *.swp | *.swp | ||||||
| *.bak | *.bak | ||||||
| *.tmp | *.tmp | ||||||
| *.orig | *.orig | ||||||
| *~ | *~ | ||||||
|  |  | ||||||
| # Various IDEs | # Various IDEs | ||||||
| .project | .project | ||||||
| .idea/ | .idea/ | ||||||
| *.tmproj | *.tmproj | ||||||
| .vscode/ | .vscode/ | ||||||
|  |  | ||||||
| # drone | # drone | ||||||
| .drone.yml | .drone.yml | ||||||
| # markdownlint |  | ||||||
| .markdownlint.yaml | # editorconfig | ||||||
|  | .editorconfig | ||||||
|  |  | ||||||
| # customized values | # customized values | ||||||
| values2.yml | values2.yml | ||||||
| values2.yaml | values2.yaml | ||||||
|  |  | ||||||
| # helm packages | # helm packages | ||||||
| *.tgz | *.tgz | ||||||
|  | .helmignore | ||||||
|  | unittests | ||||||
|  |  | ||||||
|  | # markdownlint | ||||||
|  | .markdownlint.yml | ||||||
|  | .markdownlint.yaml | ||||||
|  | .markdownlintignore | ||||||
|  |  | ||||||
|  | # npm | ||||||
|  | .prettierignore | ||||||
|  | .npmrc | ||||||
|  | package* | ||||||
|  |  | ||||||
|  | # yamllint | ||||||
|  | .yamllint.yaml | ||||||
|  |  | ||||||
|  | # Others | ||||||
|  | CONTRIBUTING.md | ||||||
|  | CODEOWNERS | ||||||
|  | Makefile | ||||||
|  | renovate.json | ||||||
|   | |||||||
| @@ -45,9 +45,9 @@ MD012: | |||||||
| # MD013/line-length - Line length | # MD013/line-length - Line length | ||||||
| MD013: | MD013: | ||||||
|   # Number of characters |   # Number of characters | ||||||
|   line_length: 80 |   line_length: 120 | ||||||
|   # Number of characters for headings |   # Number of characters for headings | ||||||
|   heading_line_length: 80 |   heading_line_length: 120 | ||||||
|   # Number of characters for code blocks |   # Number of characters for code blocks | ||||||
|   code_block_line_length: 80 |   code_block_line_length: 80 | ||||||
|   # Include code blocks |   # Include code blocks | ||||||
| @@ -56,8 +56,6 @@ MD013: | |||||||
|   tables: false |   tables: false | ||||||
|   # Include headings |   # Include headings | ||||||
|   headings: true |   headings: true | ||||||
|   # Include headings |  | ||||||
|   headers: true |  | ||||||
|   # Strict length checking |   # Strict length checking | ||||||
|   strict: false |   strict: false | ||||||
|   # Stern length checking |   # Stern length checking | ||||||
| @@ -73,7 +71,7 @@ MD022: | |||||||
| # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content | # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content | ||||||
| MD024: | MD024: | ||||||
|   # Only check sibling headings |   # Only check sibling headings | ||||||
|   allow_different_nesting: true |   siblings_only: true | ||||||
|  |  | ||||||
| # MD025/single-title/single-h1 - Multiple top-level headings in the same document | # MD025/single-title/single-h1 - Multiple top-level headings in the same document | ||||||
| MD025: | MD025: | ||||||
| @@ -129,7 +127,20 @@ MD041: | |||||||
| MD044: | MD044: | ||||||
|   # List of proper names |   # List of proper names | ||||||
|   names: |   names: | ||||||
|   - gitea |     - Git | ||||||
|  |     - GitDevOps | ||||||
|  |     - Gitea | ||||||
|  |     - GitHub | ||||||
|  |     - GitLab | ||||||
|  |     - GitOps | ||||||
|  |     - kube-prometheus-stack | ||||||
|  |     - Memcached | ||||||
|  |     - Oracle | ||||||
|  |     - PostgreSQL | ||||||
|  |     - Prometheus | ||||||
|  |     - prometheus-exporter | ||||||
|  |     - SSL | ||||||
|  |     - TLS | ||||||
|   # Include code blocks |   # Include code blocks | ||||||
|   code_blocks: false |   code_blocks: false | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										4
									
								
								.markdownlintignore
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								.markdownlintignore
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | |||||||
|  | .github/ | ||||||
|  | Chart.lock | ||||||
|  | charts/ | ||||||
|  | node_modules/ | ||||||
							
								
								
									
										1
									
								
								.prettierignore
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								.prettierignore
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1 @@ | |||||||
|  | Chart.lock | ||||||
							
								
								
									
										8
									
								
								.vscode/extensions.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								.vscode/extensions.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | |||||||
|  | { | ||||||
|  |   "recommendations": [ | ||||||
|  |     "DavidAnson.vscode-markdownlint", | ||||||
|  |     "esbenp.prettier-vscode", | ||||||
|  |     "Tim-Koehler.helm-intellisense", | ||||||
|  |     "yzhang.markdown-all-in-one" | ||||||
|  |   ] | ||||||
|  | } | ||||||
							
								
								
									
										8
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | |||||||
|  | { | ||||||
|  |   "yaml.schemas": { | ||||||
|  |     "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [ | ||||||
|  |       "/unittests/**/*.yaml" | ||||||
|  |     ] | ||||||
|  |   }, | ||||||
|  |   "yaml.schemaStore.enable": true | ||||||
|  | } | ||||||
							
								
								
									
										20
									
								
								.yamllint.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								.yamllint.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,20 @@ | |||||||
|  | --- | ||||||
|  | extends: default | ||||||
|  |  | ||||||
|  | ignore: | | ||||||
|  |   .yamllint | ||||||
|  |   node_modules | ||||||
|  |   templates | ||||||
|  |  | ||||||
|  |  | ||||||
|  | rules: | ||||||
|  |   truthy: | ||||||
|  |     allowed-values: ['true', 'false'] | ||||||
|  |     check-keys: False | ||||||
|  |     level: error | ||||||
|  |   line-length: disable | ||||||
|  |   document-start: disable | ||||||
|  |   comments: | ||||||
|  |     min-spaces-from-content: 1 | ||||||
|  |   braces: | ||||||
|  |     max-spaces-inside: 2 | ||||||
							
								
								
									
										1
									
								
								CODEOWNERS
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								CODEOWNERS
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1 @@ | |||||||
|  | * @volker.raschek | ||||||
							
								
								
									
										82
									
								
								CONTRIBUTING.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										82
									
								
								CONTRIBUTING.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,82 @@ | |||||||
|  | # Contributing | ||||||
|  |  | ||||||
|  | I am very happy if you would like to provide a pull request 👍 | ||||||
|  |  | ||||||
|  | The content of this file describes which requirements contributors should fulfill before submitting a pull request (PR). | ||||||
|  |  | ||||||
|  | 1. [Valid Git commits](#valid-git-commits) | ||||||
|  |  | ||||||
|  | ## Valid Git commits | ||||||
|  |  | ||||||
|  | ### Commit message | ||||||
|  |  | ||||||
|  | The repository is subject to a strict commit message template. This states that there are several types of commits. For | ||||||
|  | example, `fix`, `chore`, `refac`, `test` or `doc`. All types are described in more detail below. | ||||||
|  |  | ||||||
|  | | type                | description                                                       | | ||||||
|  | | ------------------- | ----------------------------------------------------------------- | | ||||||
|  | | `feat`              | New feature.                                                      | | ||||||
|  | | `fix`               | Fixes a bug.                                                      | | ||||||
|  | | `refac`             | Refactoring production code.                                      | | ||||||
|  | | `style`             | Fixes formatting issues. No production code change.               | | ||||||
|  | | `docs`              | Adapt documentation. No production code change.                   | | ||||||
|  | | `test`              | Adds new or modifies existing tests. No production code change.   | | ||||||
|  | | `chore`             | Updating grunt tasks. Is everything which the user does not see.  | | ||||||
|  |  | ||||||
|  | Based on these types, commit messaged can then be created. Here are a few examples: | ||||||
|  |  | ||||||
|  | ```text | ||||||
|  | style(README): Wrong indentation | ||||||
|  | feat(deployment): support restartPolicy | ||||||
|  | fix(my-app): Add missing volume | ||||||
|  | docs(CONTRIBUTING): Describe how to commit correctly | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | This type of commit message makes it easier for me as maintainer to keep an overview and does not cause the commits of a | ||||||
|  | pull request PR to be combined into one commit (squashing). | ||||||
|  |  | ||||||
|  | ### Smart commits | ||||||
|  |  | ||||||
|  | Smart commits are excellent when it comes to tracking bugs or issues. In this repository, however, the rebasing of | ||||||
|  | commits is prohibited, which means that only merge commits are possible. This means that a smart commit message only | ||||||
|  | needs to be added to the merge commit. | ||||||
|  |  | ||||||
|  | This has the advantage that the maintainer can use the smart commit to find the merge commit and undo the entire history | ||||||
|  | of a merge without having to select individual commits. The following history illustrates the correct use of smart commits. | ||||||
|  |  | ||||||
|  | ```text | ||||||
|  | * 823edbc7 Volker Raschek (G) | [Close #2] feat(deployment): support additional containers | ||||||
|  | |\ | ||||||
|  | | * 321aebc3 Volker Raschek (G) | doc(README): generate README with new deployment attributes | ||||||
|  | | * 8d101dd3 Volker Raschek (G) | test(deployment): Extend unittest of additional containers | ||||||
|  | | * 6f2abd93 Volker Raschek (G) | fix(deployment): Extend deployment of additional containers | ||||||
|  | |/ | ||||||
|  | * aa5ebda bob (N) | [Close #1] feat(deployment): support initContainers | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Commit signing | ||||||
|  |  | ||||||
|  | Another problem with Git is the chain of trust. Git allows the configuration of any name and e-mail address. An attacker | ||||||
|  | can impersonate any person and submit pull requests under a false identity. For as Linux Torvalds, the maintainer of the | ||||||
|  | Linux kernel. | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | git config --global user.name 'Linux Torvalds' | ||||||
|  | git config --global user.email 'torvalds@linux-foundation.org' | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | To avoid this, some Git repositories expect signed commits. In particular, repositories that are subject to direct | ||||||
|  | delivery to customers. For this reason, the repository is subject to a branch protection rule that only allows signed | ||||||
|  | commits. *Until* there is *no verified* and *no signed* commit, the pull request is blocked. | ||||||
|  |  | ||||||
|  | The following articles describes how Git can be configured to sign commits. Please keep in mind, that the e-mail | ||||||
|  | address, which is used as UID of the GPG keyring must also be defined in the profile settings of your GitHub account. | ||||||
|  | Otherwise will be marked the Git commit as *Unverified*. | ||||||
|  |  | ||||||
|  | 1. [Signing Commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) | ||||||
|  | 2. [Tell Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key) | ||||||
|  |  | ||||||
|  | Inspect your Git commit via `git log`. There should be mentioned, that your commit is signed. | ||||||
|  |  | ||||||
|  | Furthermore, the GPG key is unique. **Don't loose your private GPG key**. Backup your private key on a safe device. For | ||||||
|  | example an external USB drive. | ||||||
							
								
								
									
										14
									
								
								Chart.yaml
									
									
									
									
									
								
							
							
						
						
									
										14
									
								
								Chart.yaml
									
									
									
									
									
								
							| @@ -1,9 +1,15 @@ | |||||||
|  | annotations: | ||||||
|  |   artifacthub.io/links: | | ||||||
|  |     - name: Athens proxy (binary) | ||||||
|  |       url: https://github.com/gomods/athens | ||||||
|  |     - name: support | ||||||
|  |       url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues | ||||||
| apiVersion: v2 | apiVersion: v2 | ||||||
| name: athens-proxy | name: athens-proxy | ||||||
| description: Athens proxy server for golang | description: Athens proxy server for golang | ||||||
| type: application | type: application | ||||||
| version: "0.1.0" | version: "0.1.0" | ||||||
| appVersion: "v0.13.1" | appVersion: "v0.16.1" | ||||||
| icon: https://github.com/gomods/athens/blob/main/docs/static/banner.png?raw=true | icon: https://github.com/gomods/athens/blob/main/docs/static/banner.png?raw=true | ||||||
|  |  | ||||||
| keywords: | keywords: | ||||||
| @@ -13,10 +19,6 @@ keywords: | |||||||
| - go-proxy | - go-proxy | ||||||
|  |  | ||||||
| sources: | sources: | ||||||
| - https://github.com/volker-raschek/athens-proxy-charts | - https://git.cryptic.systems/volker.raschek/athens-proxy-charts | ||||||
| - https://github.com/gomods/athens | - https://github.com/gomods/athens | ||||||
| - https://hub.docker.com/r/gomods/athens | - https://hub.docker.com/r/gomods/athens | ||||||
|  |  | ||||||
| maintainers: |  | ||||||
| - name: Markus Pesch |  | ||||||
|   email: markus.pesch+apps@cryptic.systems |  | ||||||
|   | |||||||
							
								
								
									
										28
									
								
								LICENSE
									
									
									
									
									
								
							
							
						
						
									
										28
									
								
								LICENSE
									
									
									
									
									
								
							| @@ -1,13 +1,21 @@ | |||||||
| Copyright 2022 Markus Pesch | MIT License | ||||||
|  |  | ||||||
| Licensed under the Apache License, Version 2.0 (the "License"); | Copyright (c) 2025 Markus Pesch | ||||||
| you may not use this file except in compliance with the License. |  | ||||||
| You may obtain a copy of the License at |  | ||||||
|  |  | ||||||
|     http://www.apache.org/licenses/LICENSE-2.0 | Permission is hereby granted, free of charge, to any person obtaining a copy | ||||||
|  | of this software and associated documentation files (the "Software"), to deal | ||||||
|  | in the Software without restriction, including without limitation the rights | ||||||
|  | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||||||
|  | copies of the Software, and to permit persons to whom the Software is | ||||||
|  | furnished to do so, subject to the following conditions: | ||||||
|  |  | ||||||
| Unless required by applicable law or agreed to in writing, software | The above copyright notice and this permission notice shall be included in all | ||||||
| distributed under the License is distributed on an "AS IS" BASIS, | copies or substantial portions of the Software. | ||||||
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |  | ||||||
| See the License for the specific language governing permissions and | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||||||
| limitations under the License. | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||||||
|  | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||||||
|  | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||||||
|  | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||||||
|  | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||||||
|  | SOFTWARE. | ||||||
|   | |||||||
							
								
								
									
										91
									
								
								Makefile
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										91
									
								
								Makefile
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,91 @@ | |||||||
|  | # CONTAINER_RUNTIME | ||||||
|  | CONTAINER_RUNTIME?=$(shell which podman) | ||||||
|  |  | ||||||
|  | # HELM_IMAGE | ||||||
|  | HELM_IMAGE_REGISTRY_HOST?=docker.io | ||||||
|  | HELM_IMAGE_REPOSITORY?=volkerraschek/helm | ||||||
|  | HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm | ||||||
|  | HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION} | ||||||
|  |  | ||||||
|  | # NODE_IMAGE | ||||||
|  | NODE_IMAGE_REGISTRY_HOST?=docker.io | ||||||
|  | NODE_IMAGE_REPOSITORY?=library/node | ||||||
|  | NODE_IMAGE_VERSION?=25.0.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node | ||||||
|  | NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION} | ||||||
|  |  | ||||||
|  | # MISSING DOT | ||||||
|  | # ============================================================================== | ||||||
|  | missing-dot: | ||||||
|  | 	grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml | ||||||
|  |  | ||||||
|  | # CONTAINER RUN - README | ||||||
|  | # ============================================================================== | ||||||
|  | PHONY+=container-run/readme | ||||||
|  | container-run/readme: container-run/readme/link container-run/readme/lint container-run/readme/parameters | ||||||
|  |  | ||||||
|  | container-run/readme/link: | ||||||
|  | 	${CONTAINER_RUNTIME} run \ | ||||||
|  | 		--rm \ | ||||||
|  | 		--volume $(shell pwd):$(shell pwd) \ | ||||||
|  | 		--workdir $(shell pwd) \ | ||||||
|  | 			${NODE_IMAGE_FULLY_QUALIFIED} \ | ||||||
|  | 				npm install && npm run readme:link | ||||||
|  |  | ||||||
|  | container-run/readme/lint: | ||||||
|  | 	${CONTAINER_RUNTIME} run \ | ||||||
|  | 		--rm \ | ||||||
|  | 		--volume $(shell pwd):$(shell pwd) \ | ||||||
|  | 		--workdir $(shell pwd) \ | ||||||
|  | 			${NODE_IMAGE_FULLY_QUALIFIED} \ | ||||||
|  | 				npm install && npm run readme:lint | ||||||
|  |  | ||||||
|  | container-run/readme/parameters: | ||||||
|  | 	${CONTAINER_RUNTIME} run \ | ||||||
|  | 		--rm \ | ||||||
|  | 		--volume $(shell pwd):$(shell pwd) \ | ||||||
|  | 		--workdir $(shell pwd) \ | ||||||
|  | 			${NODE_IMAGE_FULLY_QUALIFIED} \ | ||||||
|  | 				npm install && npm run readme:parameters | ||||||
|  |  | ||||||
|  | # CONTAINER RUN - HELM UNITTESTS | ||||||
|  | # ============================================================================== | ||||||
|  | PHONY+=container-run/helm-unittests | ||||||
|  | container-run/helm-unittests: | ||||||
|  | 	${CONTAINER_RUNTIME} run \ | ||||||
|  | 		--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \ | ||||||
|  | 		--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \ | ||||||
|  | 		--rm \ | ||||||
|  | 		--volume $(shell pwd):$(shell pwd) \ | ||||||
|  | 		--workdir $(shell pwd) \ | ||||||
|  | 			${HELM_IMAGE_FULLY_QUALIFIED} \ | ||||||
|  | 				unittest --strict --file 'unittests/**/*.yaml' ./ | ||||||
|  |  | ||||||
|  | # CONTAINER RUN - HELM UPDATE DEPENDENCIES | ||||||
|  | # ============================================================================== | ||||||
|  | PHONY+=container-run/helm-update-dependencies | ||||||
|  | container-run/helm-update-dependencies: | ||||||
|  | 	${CONTAINER_RUNTIME} run \ | ||||||
|  | 		--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \ | ||||||
|  | 		--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \ | ||||||
|  | 		--rm \ | ||||||
|  | 		--volume $(shell pwd):$(shell pwd) \ | ||||||
|  | 		--workdir $(shell pwd) \ | ||||||
|  | 			${HELM_IMAGE_FULLY_QUALIFIED} \ | ||||||
|  | 				dependency update | ||||||
|  |  | ||||||
|  | # CONTAINER RUN - MARKDOWN-LINT | ||||||
|  | # ============================================================================== | ||||||
|  | PHONY+=container-run/helm-lint | ||||||
|  | container-run/helm-lint: | ||||||
|  | 	${CONTAINER_RUNTIME} run \ | ||||||
|  | 		--rm \ | ||||||
|  | 		--volume $(shell pwd):$(shell pwd) \ | ||||||
|  | 		--workdir $(shell pwd) \ | ||||||
|  | 		${HELM_IMAGE_FULLY_QUALIFIED} \ | ||||||
|  | 			lint --values values.yaml . | ||||||
|  |  | ||||||
|  | # PHONY | ||||||
|  | # ============================================================================== | ||||||
|  | # Declare the contents of the PHONY variable as phony. We keep that information | ||||||
|  | # in a variable so we can use it in if_changed. | ||||||
|  | .PHONY: ${PHONY} | ||||||
							
								
								
									
										553
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										553
									
								
								README.md
									
									
									
									
									
								
							| @@ -1,167 +1,456 @@ | |||||||
| # athens-proxy-charts | # athens-proxy-charts | ||||||
|  |  | ||||||
| [](https://drone.cryptic.systems/volker.raschek/athens-proxy-charts) |  | ||||||
| [](https://artifacthub.io/packages/search?repo=volker-raschek) | [](https://artifacthub.io/packages/search?repo=volker-raschek) | ||||||
|  |  | ||||||
| This is an inofficial helm chart of the go-proxy | > [!NOTE] | ||||||
| [athens](https://github.com/gomods/athens) which supports more complex | > This is not the official helm chart of Athens Go Proxy. If you are looking for the official helm chart, checkout the | ||||||
| configuration options. | > GitHub project [gomods/athens-charts](https://github.com/gomods/athens-charts). | ||||||
|  |  | ||||||
| This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and | This helm chart enables the deployment of [Athens Go Proxy](https://github.com/gomods/athens), a module datastore and | ||||||
| can be installed via helm. | proxy for Golang. | ||||||
|  |  | ||||||
|  | The helm chart supports the individual configuration of additional containers/initContainers, mounting of volumes, | ||||||
|  | defining additional environment variables and much more. | ||||||
|  |  | ||||||
|  | Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure | ||||||
|  | helm and use it to deploy the exporter. It also contains further configuration examples. | ||||||
|  |  | ||||||
|  | Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this | ||||||
|  | helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the | ||||||
|  | *[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)* | ||||||
|  | concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a | ||||||
|  | separate [chapter](#argocd). | ||||||
|  |  | ||||||
|  | ## Helm: configuration and installation | ||||||
|  |  | ||||||
|  | 1. A helm chart repository must be configured, to pull the helm charts from. | ||||||
|  | 2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm | ||||||
|  |    `--set` flag or directly as part of a `values.yaml` file. The following example defines the repository and use the | ||||||
|  |    `--set` flag for a basic deployment. | ||||||
|  |  | ||||||
| ```bash | ```bash | ||||||
| helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek | helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek | ||||||
|  | helm repo update | ||||||
| helm install athens-proxy volker.raschek/athens-proxy | helm install athens-proxy volker.raschek/athens-proxy | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ## Customization | Instead of passing all parameters via the *set* flag, it is also possible to define them as part of the `values.yaml`. | ||||||
|  | The following command downloads the `values.yaml` for a specific version of this chart. Please keep in mind, that the | ||||||
|  | version of the chart must be in sync with the `values.yaml`. Newer *minor* versions can have new features. New *major* | ||||||
|  | versions can break something! | ||||||
|  |  | ||||||
| The complete deployment can be adapted via the `values.yaml` files. The | ```bash | ||||||
| configuration of the proxy can be done via the environment variables described | CHART_VERSION=1.1.1 | ||||||
| below or via mounting the config.toml as additional persistent volume to | helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml | ||||||
| `/config/config.toml` |  | ||||||
|  |  | ||||||
| ## Access private repositories via SSH |  | ||||||
|  |  | ||||||
| Create a `configmap.yaml` with multiple keys. One key describe the content of |  | ||||||
| the `.gitconfig` file and another of `config` of the ssh client. All requests |  | ||||||
| git clone comands with the prefix `http://github.com/` will be replaced by |  | ||||||
| `git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a |  | ||||||
| separate secret. |  | ||||||
|  |  | ||||||
| ```yaml |  | ||||||
| apiVersion: v1 |  | ||||||
| kind: ConfigMap |  | ||||||
| metadata: |  | ||||||
|   name: custom-configs |  | ||||||
| data: |  | ||||||
|   sshconfig: | |  | ||||||
|     Host github.com |  | ||||||
|       IdentityFile /root/.ssh/id_ed25519 |  | ||||||
|       StrictHostKeyChecking no |  | ||||||
|   gitconfig: | |  | ||||||
|     [url "git@github.com:"] |  | ||||||
|       insteadOf = https://github.com/ |  | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| The secret definition below contains the SSH private and public key. | A complete list of available helm chart versions can be displayed via the following command: | ||||||
|  |  | ||||||
| ```yaml | ```bash | ||||||
| apiVersion: v1 | helm search repo reposilite --versions | ||||||
| kind: Secret |  | ||||||
| metadata: |  | ||||||
|   name: custom-ssh-keys |  | ||||||
| type: Opaque |  | ||||||
| stringData: |  | ||||||
|   id_ed25519: | |  | ||||||
|     -----BEGIN OPENSSH PRIVATE KEY----- |  | ||||||
|     b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW |  | ||||||
|     QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj |  | ||||||
|     XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg |  | ||||||
|     AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M |  | ||||||
|     a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ== |  | ||||||
|     -----END OPENSSH PRIVATE KEY----- |  | ||||||
|   id_ed25519.pub: | |  | ||||||
|     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe |  | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| The item `config` of the configmap will be merged with the items of the secret | The helm chart also contains a persistent volume claim definition. It persistent volume claim is not enabled by default. | ||||||
| as virtual volume. This volume can than be mounted with special permissions | Use the `--set` argument to persist your data. | ||||||
| required for the ssh client. |  | ||||||
|  |  | ||||||
| ```yaml | ```bash | ||||||
| extraVolumes: | CHART_VERSION=1.1.1 | ||||||
| - name: ssh | helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||||
|   projected: |   persistence.enabled=true | ||||||
|     defaultMode: 0644 |  | ||||||
|     sources: |  | ||||||
|     - configMap: |  | ||||||
|         name: custom-configs |  | ||||||
|         items: |  | ||||||
|         - key: sshconfig |  | ||||||
|           path: config |  | ||||||
|     - secret: |  | ||||||
|         name: custom-ssh-keys |  | ||||||
|         items: |  | ||||||
|         - key: id_ed25519 |  | ||||||
|           path: id_ed25519 |  | ||||||
|           mode: 0600 |  | ||||||
|         - key: id_ed25519.pub |  | ||||||
|           path: id_ed25519.pub |  | ||||||
| - name: gitconfig |  | ||||||
|   configMap: |  | ||||||
|     name: custom-configs |  | ||||||
|     items: |  | ||||||
|     - key: gitconfig |  | ||||||
|       path: config |  | ||||||
|       mode: 0644 |  | ||||||
|  |  | ||||||
| extraVolumeMounts: |  | ||||||
| - name: ssh |  | ||||||
|   mountPath: /root/.ssh |  | ||||||
| - name: gitconfig |  | ||||||
|   mountPath: /root/.config/git |  | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ## Access private github.com repositories via developer token | ### Examples | ||||||
|  |  | ||||||
| Another way to access private github repositories is via a github token, which | The following examples serve as individual configurations and as inspiration for how deployment problems can be solved. | ||||||
| can be set via the environment variable `GITHUB_TOKEN`. Athens automatically |  | ||||||
| creates a `.netrc` file to access private github repositories. |  | ||||||
|  |  | ||||||
| ## Access private repositories via .netrc configuration | #### Avoid CPU throttling by defining a CPU limit | ||||||
|  |  | ||||||
| As describe above, a `.netrc` file is responsible for the authentication via | If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the | ||||||
| HTTP. The file can also be defined via a custom secret and mounted into the home | application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but | ||||||
| directory of `root` for general authentication purpose. | cannot use the available CPU time to perform computing operations. | ||||||
|  |  | ||||||
| The example below describe the definition and mounting of a custom `.netrc` file | The application must be informed that despite several CPUs only a part (limit) of the available computing time is | ||||||
| to access private repositories hosted on github and gitlab. | available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way | ||||||
|  | of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS | ||||||
|  | rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling. | ||||||
|  |  | ||||||
| ```yaml | Further information about this topic can be found in one of Kanishk's blog | ||||||
| apiVersion: v1 | [posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/). | ||||||
| kind: Secret |  | ||||||
| metadata: | > [!NOTE] | ||||||
|   name: custom-netrc | > The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is | ||||||
| type: Opaque | > not anymore required. | ||||||
| stringData: | > | ||||||
|   netrc: | | > Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully. | ||||||
|     machine github.com login USERNAME password API-KEY |  | ||||||
|     machine gitlab.com login USERNAME password API-KEY | ```bash | ||||||
|  | CHART_VERSION=1.1.1 | ||||||
|  | helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||||
|  |   --set 'deployment.athensProxy.env.name=GOMAXPROCS' \ | ||||||
|  |   --set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \ | ||||||
|  |   --set 'deployment.athensProxy.resources.limits.cpu=1000m' | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| The file must then be mounted via extraVolumes and extraVolumeMounts. | #### TLS encryption | ||||||
|  |  | ||||||
| ```yaml | The example shows how to deploy the application with TLS encryption. For example when **no** HTTP ingress is used for | ||||||
| extraVolumes: | TLS determination and instead the application it self should determinate the TLS handshake. To generate the TLS | ||||||
| - name: netrc | certificate can be used the [cert-manager](https://cert-manager.io/). The chart supports the creation of such a TLS | ||||||
|   secret: | certificate via `cert-manager.io/v1 Certificate` resource. Alternatively can be mounted a TLS certificate from a secret. | ||||||
|     secretName: custom-netrc | The secret must be from type `kubernetes.io/tls`. | ||||||
|     items: |  | ||||||
|     - key: netrc |  | ||||||
|       path: .netrc |  | ||||||
|       mode: 0600 |  | ||||||
|  |  | ||||||
| extraVolumeMounts: | > [!WARNING] | ||||||
| - name: netrc | > The following example expects that the [cert-manager](https://cert-manager.io/) is deployed and the `Issuer` named | ||||||
|   mountPath: /root | > `athens-proxy-ca` is present in the same namespace of the helm deployment. | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | CHART_VERSION=1.1.1 | ||||||
|  | helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||||
|  |   --set 'config.certificate.enabled=true' \ | ||||||
|  |   --set 'config.certificate.new.issuerRef.kind=Issuer' \ | ||||||
|  |   --set 'config.certificate.new.issuerRef.name=athens-proxy-ca' | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ## Persistent storage | The environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` are automatically added and the TLS certificate | ||||||
|  | and private key are mounted to a pre-defined destination inside the container file system. | ||||||
|  |  | ||||||
| Unlike the athens default, the default here is `disk` - i.e. the files are | #### TLS certificate rotation | ||||||
| written to the container. Therefore, it is advisable to outsource the |  | ||||||
| corresponding storage location to persistent storage. The following example | If the application uses TLS certificates that are mounted as a secret in the container file system like the example | ||||||
| describes the integration of a persistent storage claim. | [above](#tls-encryption), the application will not automatically apply them when the TLS certificates are rotated. Such | ||||||
|  | a rotation can be for example triggered, when the [cert-manager](https://cert-manager.io/) issues new TLS certificates | ||||||
|  | before expiring. | ||||||
|  |  | ||||||
|  | Until the exporter does not support rotating TLS certificate a workaround can be applied. For example stakater's | ||||||
|  | [reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update. The following | ||||||
|  | annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted configMaps | ||||||
|  | and secrets have been changed. | ||||||
|  |  | ||||||
| ```yaml | ```yaml | ||||||
| extraVolumes: | deployment: | ||||||
| - name: gomodules |   annotations: | ||||||
|   persistentVolumeClaim: |     reloader.stakater.com/auto: "true" | ||||||
|     claimName: custom-gomodules-pvc |  | ||||||
|  |  | ||||||
| extraVolumeMounts: |  | ||||||
| - name: gomodules |  | ||||||
|   mountPath: /var/lib/athens |  | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | Instead of triggering a rolling update for configMap and secret resources, this action can also be defined for | ||||||
|  | individual items. For example, when the secret named `athens-proxy-tls` is mounted and the reloader controller should | ||||||
|  | only listen for changes of this secret: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | deployment: | ||||||
|  |   annotations: | ||||||
|  |     secret.reloader.stakater.com/reload: "athens-proxy-tls" | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | #### Network policies | ||||||
|  |  | ||||||
|  | Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom | ||||||
|  | network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`. | ||||||
|  |  | ||||||
|  | The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming | ||||||
|  | traffic from an ingress controller. Additionally two egress rules are defined. The first one to allow the application | ||||||
|  | outgoing access to the internal running DNS server `core-dns`. The second rule to be able to access the upstream Go | ||||||
|  | proxy `https://proxy.golang.org` via HTTPS. | ||||||
|  |  | ||||||
|  | > [!IMPORTANT] | ||||||
|  | > Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For | ||||||
|  | > this reason, there is are not default network policy rules defined. | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | networkPolicies: | ||||||
|  |   enabled: true | ||||||
|  |   annotations: {} | ||||||
|  |   labels: {} | ||||||
|  |   policyTypes: | ||||||
|  |   - Egress | ||||||
|  |   - Ingress | ||||||
|  |   egress: | ||||||
|  |   - to: | ||||||
|  |     - namespaceSelector: | ||||||
|  |         matchLabels: | ||||||
|  |           kubernetes.io/metadata.name: kube-system | ||||||
|  |       podSelector: | ||||||
|  |         matchLabels: | ||||||
|  |           k8s-app: kube-dns | ||||||
|  |     ports: | ||||||
|  |     - port: 53 | ||||||
|  |       protocol: TCP | ||||||
|  |     - port: 53 | ||||||
|  |       protocol: UDP | ||||||
|  |   - ports: | ||||||
|  |     - port: 443 | ||||||
|  |       protocol: TCP | ||||||
|  |  | ||||||
|  |   ingress: | ||||||
|  |   - from: | ||||||
|  |     - namespaceSelector: | ||||||
|  |         matchLabels: | ||||||
|  |           kubernetes.io/metadata.name: ingress-nginx | ||||||
|  |       podSelector: | ||||||
|  |         matchLabels: | ||||||
|  |           app.kubernetes.io/name: ingress-nginx | ||||||
|  |     ports: | ||||||
|  |     - port: http | ||||||
|  |       protocol: TCP | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## ArgoCD | ||||||
|  |  | ||||||
|  | ### Daily execution of rolling updates | ||||||
|  |  | ||||||
|  | The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in | ||||||
|  | connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll | ||||||
|  | Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments). Please ensure, that no | ||||||
|  | third party application modifies the config maps or secret afterwards. | ||||||
|  |  | ||||||
|  | The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the | ||||||
|  | content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version, | ||||||
|  | Helm render order, different timestamps). | ||||||
|  |  | ||||||
|  | This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this | ||||||
|  | can lead to unnecessary notifications from ArgoCD. | ||||||
|  |  | ||||||
|  | To avoid this, the annotation with the shasum can be ignored. However, this negates the mechanism of [Automatically Roll | ||||||
|  | Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments). | ||||||
|  |  | ||||||
|  | Below is a diff that adds the `Application` to ignore all annotations with the prefix `checksum`. | ||||||
|  |  | ||||||
|  | > [!WARNING] | ||||||
|  | > Configurations of `ignoreDifferences` always refer to the determination of a drift and whether a possible sync is | ||||||
|  | > necessary. If the selected attributes should also be ignored in deployment afterwards, define | ||||||
|  | > `RespectIgnoreDifferences=true` in your `Application` resource. Further information can be found in the ArgoCD | ||||||
|  | > [documentation](https://argo-cd.readthedocs.io/en/latest/user-guide/sync-options/#respect-ignore-differences-configs). | ||||||
|  |  | ||||||
|  | ```diff | ||||||
|  |   apiVersion: argoproj.io/v1alpha1 | ||||||
|  |   kind: Application | ||||||
|  |   spec: | ||||||
|  | +   ignoreDifferences: | ||||||
|  | +   - group: apps | ||||||
|  | +     kind: Deployment | ||||||
|  | +     jqPathExpressions: | ||||||
|  | +     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))' | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | The definition of ignoreDifferences ensures that annotations with the prefix checksum are ignored during a diff. | ||||||
|  |  | ||||||
|  | > [!TIP] | ||||||
|  | > If the [reloader](https://github.com/stakater/Reloader) is configured as described in section [TLS certificate | ||||||
|  | > rotation](#tls-certificate-rotation), ensure that the shasum defined as annotation or environment variable is also | ||||||
|  | > ignored. The [reloader](https://github.com/stakater/Reloader) will modify the deployment based on his configuration | ||||||
|  | > and append additional annotations or environment variables containing the shasum. Below are some examples how to adapt | ||||||
|  | > the `ignoreDifferences` configuration to ignore only the annotations and environment variables of stakater's | ||||||
|  | > [reloader](https://github.com/stakater/Reloader). | ||||||
|  |  | ||||||
|  | ```diff | ||||||
|  |   apiVersion: argoproj.io/v1alpha1 | ||||||
|  |   kind: Application | ||||||
|  |   spec: | ||||||
|  |     ignoreDifferences: | ||||||
|  |     - group: apps | ||||||
|  |       kind: Deployment | ||||||
|  |       jqPathExpressions: | ||||||
|  | +     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("reloader")))' | ||||||
|  | +     - '.spec.template.spec.containers[].env[] | select(.name | startswith("STAKATER_"))' | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Parameters | ||||||
|  |  | ||||||
|  | ### Global | ||||||
|  |  | ||||||
|  | | Name               | Description                               | Value | | ||||||
|  | | ------------------ | ----------------------------------------- | ----- | | ||||||
|  | | `nameOverride`     | Individual release name suffix.           | `""`  | | ||||||
|  | | `fullnameOverride` | Override the complete release name logic. | `""`  | | ||||||
|  |  | ||||||
|  | ### Certificate | ||||||
|  |  | ||||||
|  | | Name                                          | Description                                                                                                                                                 | Value                           | | ||||||
|  | | --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- | | ||||||
|  | | `certificate.enabled`                         | Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added. | `false`                         | | ||||||
|  | | `certificate.existingSecret.enabled`          | Use an existing secret of the type `kubernetes.io/tls`.                                                                                                     | `false`                         | | ||||||
|  | | `certificate.existingSecret.secretName`       | Name of the secret containing the TLS certificate and private key.                                                                                          | `""`                            | | ||||||
|  | | `certificate.new.annotations`                 | Additional certificate annotations.                                                                                                                         | `{}`                            | | ||||||
|  | | `certificate.new.labels`                      | Additional certificate labels.                                                                                                                              | `{}`                            | | ||||||
|  | | `certificate.new.duration`                    | Duration of the TLS certificate.                                                                                                                            | `744h`                          | | ||||||
|  | | `certificate.new.renewBefore`                 | Renew TLS certificate before expiring.                                                                                                                      | `672h`                          | | ||||||
|  | | `certificate.new.dnsNames`                    | Overwrites the default of the subject alternative DNS names.                                                                                                | `[]`                            | | ||||||
|  | | `certificate.new.ipAddresses`                 | Overwrites the default of the subject alternative IP addresses.                                                                                             | `[]`                            | | ||||||
|  | | `certificate.new.issuerRef.kind`              | Issuer kind. Can be `Issuer` or `ClusterIssuer`.                                                                                                            | `""`                            | | ||||||
|  | | `certificate.new.issuerRef.name`              | Name of the `Issuer` or `ClusterIssuer`.                                                                                                                    | `""`                            | | ||||||
|  | | `certificate.new.privateKey.algorithm`        | Algorithm of the private TLS key.                                                                                                                           | `RSA`                           | | ||||||
|  | | `certificate.new.privateKey.rotationPolicy`   | Rotation of the private TLS key.                                                                                                                            | `Never`                         | | ||||||
|  | | `certificate.new.privateKey.size`             | Size of the private TLS key.                                                                                                                                | `4096`                          | | ||||||
|  | | `certificate.new.secretTemplate.annotations`  | Additional annotation of the created secret.                                                                                                                | `{}`                            | | ||||||
|  | | `certificate.new.secretTemplate.labels`       | Additional labels of the created secret.                                                                                                                    | `{}`                            | | ||||||
|  | | `certificate.new.subject.countries`           | List of countries.                                                                                                                                          | `[]`                            | | ||||||
|  | | `certificate.new.subject.localities`          | List of localities.                                                                                                                                         | `[]`                            | | ||||||
|  | | `certificate.new.subject.organizationalUnits` | List of organizationalUnits.                                                                                                                                | `[]`                            | | ||||||
|  | | `certificate.new.subject.organizations`       | List of organizations.                                                                                                                                      | `[]`                            | | ||||||
|  | | `certificate.new.subject.postalCodes`         | List of postalCodes.                                                                                                                                        | `[]`                            | | ||||||
|  | | `certificate.new.subject.provinces`           | List of provinces.                                                                                                                                          | `[]`                            | | ||||||
|  | | `certificate.new.subject.serialNumber`        | Serial number.                                                                                                                                              | `""`                            | | ||||||
|  | | `certificate.new.subject.streetAddresses`     | List of streetAddresses.                                                                                                                                    | `[]`                            | | ||||||
|  | | `certificate.new.usages`                      | Define the usage of the TLS key.                                                                                                                            | `["client auth","server auth"]` | | ||||||
|  |  | ||||||
|  | ### Configuration | ||||||
|  |  | ||||||
|  | | Name                                                    | Description                                                                                                                                       | Value            | | ||||||
|  | | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | | ||||||
|  | | `config.env.enabled`                                    | Enable mounting of the secret as environment variables.                                                                                           | `false`          | | ||||||
|  | | `config.env.existingSecret.enabled`                     | Mount an existing secret containing the application specific environment variables.                                                               | `false`          | | ||||||
|  | | `config.env.existingSecret.secretName`                  | Name of the existing secret containing the application specific environment variables.                                                            | `""`             | | ||||||
|  | | `config.env.secret.annotations`                         | Additional annotations of the secret containing the database credentials.                                                                         | `{}`             | | ||||||
|  | | `config.env.secret.labels`                              | Additional labels of the secret containing the database credentials.                                                                              | `{}`             | | ||||||
|  | | `config.env.secret.envs`                                | List of environment variables stored in a secret and mounted into the container.                                                                  | `{}`             | | ||||||
|  | | `config.downloadMode.enabled`                           | Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined. | `false`          | | ||||||
|  | | `config.downloadMode.existingConfigMap.enabled`         | Enable to use an external config map for mounting the download mode file.                                                                         | `false`          | | ||||||
|  | | `config.downloadMode.existingConfigMap.configMapName`   | The name of the existing config map which should be used to mount the download mode file.                                                         | `""`             | | ||||||
|  | | `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored.                                                  | `downloadMode`   | | ||||||
|  | | `config.downloadMode.configMap.annotations`             | Additional annotations of the config map containing the download mode file.                                                                       | `{}`             | | ||||||
|  | | `config.downloadMode.configMap.labels`                  | Additional labels of the config map containing the download mode file.                                                                            | `{}`             | | ||||||
|  | | `config.gitConfig.enabled`                              | Enable mounting of a .gitconfig file into the container file system.                                                                              | `false`          | | ||||||
|  | | `config.gitConfig.existingConfigMap.enabled`            | Enable to use an external config map for mounting the .gitconfig file.                                                                            | `false`          | | ||||||
|  | | `config.gitConfig.existingConfigMap.configMapName`      | The name of the existing config map which should be used to mount the .gitconfig file.                                                            | `""`             | | ||||||
|  | | `config.gitConfig.existingConfigMap.gitConfigKey`       | The name of the key inside the config map where the content of the .gitconfig file is stored.                                                     | `nil`            | | ||||||
|  | | `config.gitConfig.configMap.annotations`                | Additional annotations of the config map containing the .gitconfig file.                                                                          | `{}`             | | ||||||
|  | | `config.gitConfig.configMap.labels`                     | Additional labels of the config map containing the .gitconfig file.                                                                               | `{}`             | | ||||||
|  | | `config.netrc.enabled`                                  | Enable mounting of a .netrc file into the container file system.                                                                                  | `false`          | | ||||||
|  | | `config.netrc.existingSecret.enabled`                   | Enable to use an external secret for mounting the .netrc file.                                                                                    | `false`          | | ||||||
|  | | `config.netrc.existingSecret.secretName`                | The name of the existing secret which should be used to mount the .netrc file.                                                                    | `""`             | | ||||||
|  | | `config.netrc.existingSecret.netrcKey`                  | The name of the key inside the secret where the content of the .netrc file is stored.                                                             | `.netrc`         | | ||||||
|  | | `config.netrc.secret.annotations`                       | Additional annotations of the secret containing the database credentials.                                                                         | `{}`             | | ||||||
|  | | `config.netrc.secret.labels`                            | Additional labels of the secret containing the database credentials.                                                                              | `{}`             | | ||||||
|  | | `config.ssh.enabled`                                    | Enable mounting of a .netrc file into the container file system.                                                                                  | `false`          | | ||||||
|  | | `config.ssh.existingSecret.enabled`                     | Enable to use an external secret for mounting the public and private SSH key files.                                                               | `false`          | | ||||||
|  | | `config.ssh.existingSecret.secretName`                  | The name of the existing secret which should be used to mount the public and private SSH key files.                                               | `""`             | | ||||||
|  | | `config.ssh.existingSecret.configKey`                   | The name of the key inside the secret where the content of the SSH client config file is stored.                                                  | `config`         | | ||||||
|  | | `config.ssh.existingSecret.id_ed25519Key`               | The name of the key inside the secret where the content of the id_ed25519 key file is stored.                                                     | `id_ed25519`     | | ||||||
|  | | `config.ssh.existingSecret.id_ed25519PubKey`            | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.                                                 | `id_ed25519.pub` | | ||||||
|  | | `config.ssh.existingSecret.id_rsaKey`                   | The name of the key inside the secret where the content of the id_rsa key file is stored.                                                         | `id_rsa`         | | ||||||
|  | | `config.ssh.existingSecret.id_rsaPubKey`                | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.                                                 | `id_rsa.pub`     | | ||||||
|  | | `config.ssh.secret.annotations`                         | Additional annotations of the secret containing the public and private SSH key files.                                                             | `{}`             | | ||||||
|  | | `config.ssh.secret.labels`                              | Additional labels of the secret containing the public and private SSH key files.                                                                  | `{}`             | | ||||||
|  |  | ||||||
|  | ### Deployment | ||||||
|  |  | ||||||
|  | | Name                                               | Description                                                                                                | Value           | | ||||||
|  | | -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------- | | ||||||
|  | | `deployment.annotations`                           | Additional deployment annotations.                                                                         | `{}`            | | ||||||
|  | | `deployment.labels`                                | Additional deployment labels.                                                                              | `{}`            | | ||||||
|  | | `deployment.additionalContainers`                  | List of additional containers.                                                                             | `[]`            | | ||||||
|  | | `deployment.affinity`                              | Affinity for the athens-proxy deployment.                                                                  | `{}`            | | ||||||
|  | | `deployment.initContainers`                        | List of additional init containers.                                                                        | `[]`            | | ||||||
|  | | `deployment.dnsConfig`                             | dnsConfig of the athens-proxy deployment.                                                                  | `{}`            | | ||||||
|  | | `deployment.dnsPolicy`                             | dnsPolicy of the athens-proxy deployment.                                                                  | `""`            | | ||||||
|  | | `deployment.hostname`                              | Individual hostname of the pod.                                                                            | `""`            | | ||||||
|  | | `deployment.subdomain`                             | Individual domain of the pod.                                                                              | `""`            | | ||||||
|  | | `deployment.hostNetwork`                           | Use the kernel network namespace of the host system.                                                       | `false`         | | ||||||
|  | | `deployment.imagePullSecrets`                      | Secret to use for pulling the image.                                                                       | `[]`            | | ||||||
|  | | `deployment.athensProxy.args`                      | Arguments passed to the athens-proxy container.                                                            | `[]`            | | ||||||
|  | | `deployment.athensProxy.command`                   | Command passed to the athens-proxy container.                                                              | `[]`            | | ||||||
|  | | `deployment.athensProxy.env`                       | List of environment variables for the athens-proxy container.                                              | `[]`            | | ||||||
|  | | `deployment.athensProxy.envFrom`                   | List of environment variables mounted from configMaps or secrets for the athens-proxy container.           | `[]`            | | ||||||
|  | | `deployment.athensProxy.image.registry`            | Image registry, eg. `docker.io`.                                                                           | `docker.io`     | | ||||||
|  | | `deployment.athensProxy.image.repository`          | Image repository, eg. `library/busybox`.                                                                   | `gomods/athens` | | ||||||
|  | | `deployment.athensProxy.image.tag`                 | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`.                                                   | `""`            | | ||||||
|  | | `deployment.athensProxy.image.pullPolicy`          | Image pull policy.                                                                                         | `IfNotPresent`  | | ||||||
|  | | `deployment.athensProxy.resources`                 | CPU and memory resources of the pod.                                                                       | `{}`            | | ||||||
|  | | `deployment.athensProxy.securityContext`           | Security context of the container of the deployment.                                                       | `{}`            | | ||||||
|  | | `deployment.athensProxy.volumeMounts`              | Additional volume mounts.                                                                                  | `[]`            | | ||||||
|  | | `deployment.nodeSelector`                          | NodeSelector of the athens-proxy deployment.                                                               | `{}`            | | ||||||
|  | | `deployment.priorityClassName`                     | PriorityClassName of the athens-proxy deployment.                                                          | `""`            | | ||||||
|  | | `deployment.replicas`                              | Number of replicas for the athens-proxy deployment.                                                        | `1`             | | ||||||
|  | | `deployment.restartPolicy`                         | Restart policy of the athens-proxy deployment.                                                             | `""`            | | ||||||
|  | | `deployment.securityContext`                       | Security context of the athens-proxy deployment.                                                           | `{}`            | | ||||||
|  | | `deployment.strategy.type`                         | Strategy type - `Recreate` or `RollingUpdate`.                                                             | `RollingUpdate` | | ||||||
|  | | `deployment.strategy.rollingUpdate.maxSurge`       | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1`             | | ||||||
|  | | `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update.                                | `1`             | | ||||||
|  | | `deployment.terminationGracePeriodSeconds`         | How long to wait until forcefully kill the pod.                                                            | `60`            | | ||||||
|  | | `deployment.tolerations`                           | Tolerations of the athens-proxy deployment.                                                                | `[]`            | | ||||||
|  | | `deployment.topologySpreadConstraints`             | TopologySpreadConstraints of the athens-proxy deployment.                                                  | `[]`            | | ||||||
|  | | `deployment.volumes`                               | Additional volumes to mount into the pods of the athens-proxy deployment.                                  | `[]`            | | ||||||
|  |  | ||||||
|  | ### Horizontal Pod Autoscaler (HPA) | ||||||
|  |  | ||||||
|  | | Name              | Description                                                                                        | Value       | | ||||||
|  | | ----------------- | -------------------------------------------------------------------------------------------------- | ----------- | | ||||||
|  | | `hpa.enabled`     | Enable the horizontal pod autoscaler (HPA).                                                        | `false`     | | ||||||
|  | | `hpa.annotations` | Additional annotations for the HPA.                                                                | `{}`        | | ||||||
|  | | `hpa.labels`      | Additional labels for the HPA.                                                                     | `{}`        | | ||||||
|  | | `hpa.metrics`     | Metrics contains the specifications for which to use to calculate the desired replica count.       | `undefined` | | ||||||
|  | | `hpa.minReplicas` | Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down. | `1`         | | ||||||
|  | | `hpa.maxReplicas` | Upper limit for the number of pods that can be set by the autoscaler.                              | `10`        | | ||||||
|  |  | ||||||
|  | ### Ingress | ||||||
|  |  | ||||||
|  | | Name                  | Description                                                                                                          | Value   | | ||||||
|  | | --------------------- | -------------------------------------------------------------------------------------------------------------------- | ------- | | ||||||
|  | | `ingress.enabled`     | Enable creation of an ingress resource. Requires, that the http service is also enabled.                             | `false` | | ||||||
|  | | `ingress.className`   | Ingress class.                                                                                                       | `nginx` | | ||||||
|  | | `ingress.annotations` | Additional ingress annotations.                                                                                      | `{}`    | | ||||||
|  | | `ingress.labels`      | Additional ingress labels.                                                                                           | `{}`    | | ||||||
|  | | `ingress.hosts`       | Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. | `[]`    | | ||||||
|  | | `ingress.tls`         | Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``.         | `[]`    | | ||||||
|  |  | ||||||
|  | ### Persistence | ||||||
|  |  | ||||||
|  | | Name                                                                       | Description                                                                                                                                                                                                             | Value                        | | ||||||
|  | | -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | | ||||||
|  | | `persistence.enabled`                                                      | Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. | `false`                      | | ||||||
|  | | `persistence.data.mountPath`                                               | The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`.                                                                                 | `/var/www/athens-proxy/data` | | ||||||
|  | | `persistence.data.existingPersistentVolumeClaim.enabled`                   | Use an existing persistent volume claim.                                                                                                                                                                                | `false`                      | | ||||||
|  | | `persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName` | The name of the existing persistent volume claim.                                                                                                                                                                       | `""`                         | | ||||||
|  | | `persistence.data.persistentVolumeClaim.annotations`                       | Additional persistent volume claim annotations.                                                                                                                                                                         | `{}`                         | | ||||||
|  | | `persistence.data.persistentVolumeClaim.labels`                            | Additional persistent volume claim labels.                                                                                                                                                                              | `{}`                         | | ||||||
|  | | `persistence.data.persistentVolumeClaim.accessModes`                       | Access modes of the persistent volume claim.                                                                                                                                                                            | `["ReadWriteMany"]`          | | ||||||
|  | | `persistence.data.persistentVolumeClaim.storageClassName`                  | Storage class of the persistent volume claim.                                                                                                                                                                           | `""`                         | | ||||||
|  | | `persistence.data.persistentVolumeClaim.storageSize`                       | Size of the persistent volume claim.                                                                                                                                                                                    | `5Gi`                        | | ||||||
|  |  | ||||||
|  | ### Network | ||||||
|  |  | ||||||
|  | | Name            | Description                                                              | Value           | | ||||||
|  | | --------------- | ------------------------------------------------------------------------ | --------------- | | ||||||
|  | | `clusterDomain` | Domain of the Cluster. Domain is part of internally issued certificates. | `cluster.local` | | ||||||
|  |  | ||||||
|  | ### Network Policy | ||||||
|  |  | ||||||
|  | | Name                        | Description                                                               | Value   | | ||||||
|  | | --------------------------- | ------------------------------------------------------------------------- | ------- | | ||||||
|  | | `networkPolicy.enabled`     | Enable network policies in general.                                       | `false` | | ||||||
|  | | `networkPolicy.annotations` | Additional network policy annotations.                                    | `{}`    | | ||||||
|  | | `networkPolicy.labels`      | Additional network policy labels.                                         | `{}`    | | ||||||
|  | | `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]`    | | ||||||
|  | | `networkPolicy.egress`      | Concrete egress network policy implementation.                            | `[]`    | | ||||||
|  | | `networkPolicy.ingress`     | Concrete ingress network policy implementation.                           | `[]`    | | ||||||
|  |  | ||||||
|  | ### Service | ||||||
|  |  | ||||||
|  | | Name                                     | Description                                                                                                                                                                                                | Value       | | ||||||
|  | | ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | ||||||
|  | | `services.http.enabled`                  | Enable the service.                                                                                                                                                                                        | `true`      | | ||||||
|  | | `services.http.annotations`              | Additional service annotations.                                                                                                                                                                            | `{}`        | | ||||||
|  | | `services.http.externalIPs`              | External IPs for the service.                                                                                                                                                                              | `[]`        | | ||||||
|  | | `services.http.externalTrafficPolicy`    | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster`   | | ||||||
|  | | `services.http.internalTrafficPolicy`    | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic.                                                   | `Cluster`   | | ||||||
|  | | `services.http.ipFamilies`               | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization.         | `[]`        | | ||||||
|  | | `services.http.labels`                   | Additional service labels.                                                                                                                                                                                 | `{}`        | | ||||||
|  | | `services.http.loadBalancerClass`        | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`.                                                                     | `""`        | | ||||||
|  | | `services.http.loadBalancerIP`           | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.                                                                                              | `""`        | | ||||||
|  | | `services.http.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.                                                                                                                           | `[]`        | | ||||||
|  | | `services.http.port`                     | Port to forward the traffic to.                                                                                                                                                                            | `3000`      | | ||||||
|  | | `services.http.sessionAffinity`          | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.                                                                                                                    | `None`      | | ||||||
|  | | `services.http.sessionAffinityConfig`    | Contains the configuration of the session affinity.                                                                                                                                                        | `{}`        | | ||||||
|  | | `services.http.type`                     | Kubernetes service type for the traffic.                                                                                                                                                                   | `ClusterIP` | | ||||||
|  |  | ||||||
|  | ### ServiceAccount | ||||||
|  |  | ||||||
|  | | Name                                              | Description                                                                                                                                         | Value   | | ||||||
|  | | ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | | ||||||
|  | | `serviceAccount.existing.enabled`                 | Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations.           | `false` | | ||||||
|  | | `serviceAccount.existing.serviceAccountName`      | Name of the existing service account.                                                                                                               | `""`    | | ||||||
|  | | `serviceAccount.new.annotations`                  | Additional service account annotations.                                                                                                             | `{}`    | | ||||||
|  | | `serviceAccount.new.labels`                       | Additional service account labels.                                                                                                                  | `{}`    | | ||||||
|  | | `serviceAccount.new.automountServiceAccountToken` | Enable/disable auto mounting of the service account token.                                                                                          | `true`  | | ||||||
|  | | `serviceAccount.new.imagePullSecrets`             | ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount. | `[]`    | | ||||||
|  | | `serviceAccount.new.secrets`                      | Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.                                                        | `[]`    | | ||||||
|   | |||||||
| @@ -1,12 +0,0 @@ | |||||||
| apiVersion: v1 |  | ||||||
| kind: ConfigMap |  | ||||||
| metadata: |  | ||||||
|   name: custom-configs |  | ||||||
| data: |  | ||||||
|   sshconfig: | |  | ||||||
|     Host github.com |  | ||||||
|       IdentityFile /root/.ssh/id_ed25519 |  | ||||||
|       StrictHostKeyChecking no |  | ||||||
|   gitconfig: | |  | ||||||
|     [url "git@github.com:"] |  | ||||||
|       insteadOf = https://github.com/ |  | ||||||
| @@ -1,26 +0,0 @@ | |||||||
| apiVersion: v1 |  | ||||||
| kind: Secret |  | ||||||
| metadata: |  | ||||||
|   name: custom-ssh-keys |  | ||||||
| type: Opaque |  | ||||||
| stringData: |  | ||||||
|   id_ed25519: | |  | ||||||
|     -----BEGIN OPENSSH PRIVATE KEY----- |  | ||||||
|     b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW |  | ||||||
|     QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj |  | ||||||
|     XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg |  | ||||||
|     AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M |  | ||||||
|     a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ== |  | ||||||
|     -----END OPENSSH PRIVATE KEY----- |  | ||||||
|   id_ed25519.pub: | |  | ||||||
|     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe |  | ||||||
| --- |  | ||||||
| apiVersion: v1 |  | ||||||
| kind: Secret |  | ||||||
| metadata: |  | ||||||
|   name: custom-netrc |  | ||||||
| type: Opaque |  | ||||||
| stringData: |  | ||||||
|   netrc: | |  | ||||||
|     machine github.com login USERNAME password API-KEY |  | ||||||
|     machine gitlab.com login USERNAME password API-KEY |  | ||||||
							
								
								
									
										2617
									
								
								package-lock.json
									
									
									
										generated
									
									
									
										Normal file
									
								
							
							
						
						
									
										2617
									
								
								package-lock.json
									
									
									
										generated
									
									
									
										Normal file
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							
							
								
								
									
										21
									
								
								package.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								package.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,21 @@ | |||||||
|  | { | ||||||
|  |   "name": "athens-proxy-charts", | ||||||
|  |   "homepage": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts.git", | ||||||
|  |   "license": "MIT", | ||||||
|  |   "private": true, | ||||||
|  |   "engineStrict": true, | ||||||
|  |   "engines": { | ||||||
|  |     "node": ">=16.0.0", | ||||||
|  |     "npm": ">=8.0.0" | ||||||
|  |   }, | ||||||
|  |   "scripts": { | ||||||
|  |     "readme:link": "markdown-link-check *.md", | ||||||
|  |     "readme:lint": "markdownlint *.md -f", | ||||||
|  |     "readme:parameters": "readme-generator -v values.yaml -r README.md" | ||||||
|  |   }, | ||||||
|  |   "devDependencies": { | ||||||
|  |     "@bitnami/readme-generator-for-helm": "^2.5.0", | ||||||
|  |     "markdown-link-check": "^3.13.6", | ||||||
|  |     "markdownlint-cli": "^0.45.0" | ||||||
|  |   } | ||||||
|  | } | ||||||
							
								
								
									
										114
									
								
								renovate.json
									
									
									
									
									
								
							
							
						
						
									
										114
									
								
								renovate.json
									
									
									
									
									
								
							| @@ -1,26 +1,15 @@ | |||||||
| { | { | ||||||
|   "$schema": "https://docs.renovatebot.com/renovate-schema.json", |   "$schema": "https://docs.renovatebot.com/renovate-schema.json", | ||||||
|   "assignees": [ "volker.raschek" ], |   "extends": [ | ||||||
|   "labels": [ "renovate" ], |     "local>volker.raschek/renovate-config:default#master", | ||||||
|   "packageRules": [ |     "local>volker.raschek/renovate-config:container#master", | ||||||
|     { |     "local>volker.raschek/renovate-config:actions#master", | ||||||
|       "addLabels": [ "renovate/athens-proxy", "renovate/automerge" ], |     "local>volker.raschek/renovate-config:npm#master", | ||||||
|       "automerge": true, |     "local>volker.raschek/renovate-config:regexp#master" | ||||||
|       "matchManagers": "droneci", |  | ||||||
|       "matchUpdateTypes": [ "minor", "patch"] |  | ||||||
|     }, |  | ||||||
|     { |  | ||||||
|       "addLabels": [ "renovate/athens-proxy", "renovate/automerge" ], |  | ||||||
|       "automerge": false, |  | ||||||
|       "matchPackageNames": [ "gomods/athens" ], |  | ||||||
|       "matchManagers": [ "regex" ] |  | ||||||
|     } |  | ||||||
|   ], |   ], | ||||||
|   "rebaseLabel": "renovate/rebase", |   "customManagers": [ | ||||||
|   "rebaseWhen": "behind-base-branch", |  | ||||||
|   "regexManagers": [ |  | ||||||
|     { |     { | ||||||
|       "description": "Update container image reference", |       "customType": "regex", | ||||||
|       "fileMatch": [ |       "fileMatch": [ | ||||||
|         "^Chart\\.yaml$" |         "^Chart\\.yaml$" | ||||||
|       ], |       ], | ||||||
| @@ -28,7 +17,92 @@ | |||||||
|         "appVersion: \"(?<currentValue>.*?)\"\\s+" |         "appVersion: \"(?<currentValue>.*?)\"\\s+" | ||||||
|       ], |       ], | ||||||
|       "datasourceTemplate": "docker", |       "datasourceTemplate": "docker", | ||||||
|       "depNameTemplate": "gomods/athens" |       "depNameTemplate": "gomods/athens", | ||||||
|  |       "lookupNameTemplate": "docker.io/gomods/athens", | ||||||
|  |       "versioningTemplate": "semver" | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       "customType": "regex", | ||||||
|  |       "fileMatch": ["^README\\.md$"], | ||||||
|  |       "matchStrings": [ | ||||||
|  |         "VERSION=(?<currentValue>.*)" | ||||||
|  |       ], | ||||||
|  |       "depNameTemplate": "volker.raschek/athens-proxy-charts", | ||||||
|  |       "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts", | ||||||
|  |       "datasourceTemplate": "git-tags", | ||||||
|  |       "versioningTemplate": "semver" | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       "customType": "regex", | ||||||
|  |       "datasourceTemplate": "github-releases", | ||||||
|  |       "fileMatch": [ | ||||||
|  |         ".vscode/settings\\.json$" | ||||||
|  |       ], | ||||||
|  |       "matchStrings": [ | ||||||
|  |         "https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json" | ||||||
|  |       ] | ||||||
|  |     } | ||||||
|  |   ], | ||||||
|  |   "packageRules": [ | ||||||
|  |     { | ||||||
|  |       "groupName": "Update docker.io/volkerraschek/helm", | ||||||
|  |       "matchDepNames": [ | ||||||
|  |         "docker.io/volkerraschek/helm", | ||||||
|  |         "volkerraschek/helm" | ||||||
|  |       ] | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       "automerge": true, | ||||||
|  |       "groupName": "Update helm plugin 'unittest'", | ||||||
|  |       "matchDepNames": [ | ||||||
|  |         "helm-unittest/helm-unittest" | ||||||
|  |       ], | ||||||
|  |       "matchDatasources": [ | ||||||
|  |         "github-releases" | ||||||
|  |       ], | ||||||
|  |       "matchUpdateTypes": [ | ||||||
|  |         "minor", | ||||||
|  |         "patch" | ||||||
|  |       ] | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       "groupName": "Update docker.io/library/node", | ||||||
|  |       "matchDepNames": [ | ||||||
|  |         "docker.io/library/node", | ||||||
|  |         "library/node" | ||||||
|  |       ] | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       "addLabels": [ | ||||||
|  |         "renovate/automerge", | ||||||
|  |         "renovate/container" | ||||||
|  |       ], | ||||||
|  |       "automerge": true, | ||||||
|  |       "excludePackagePatterns": [ | ||||||
|  |         "gomods/athens" | ||||||
|  |       ], | ||||||
|  |       "matchDatasources": [ | ||||||
|  |         "docker" | ||||||
|  |       ], | ||||||
|  |       "matchUpdateTypes": [ | ||||||
|  |         "minor", | ||||||
|  |         "patch" | ||||||
|  |       ] | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       "addLabels": [ | ||||||
|  |         "renovate/automerge", | ||||||
|  |         "renovate/documentation" | ||||||
|  |       ], | ||||||
|  |       "automerge": true, | ||||||
|  |       "matchDepNames": [ | ||||||
|  |         "volker.raschek/athens-proxy-charts" | ||||||
|  |       ], | ||||||
|  |       "matchUpdateTypes": [ | ||||||
|  |         "major", | ||||||
|  |         "minor", | ||||||
|  |         "patch" | ||||||
|  |       ] | ||||||
|     } |     } | ||||||
|   ] |   ] | ||||||
| } | } | ||||||
|   | |||||||
							
								
								
									
										25
									
								
								templates/_certificate.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								templates/_certificate.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | |||||||
|  | {{/* vim: set filetype=mustache: */}} | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.certificates.server.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if .Values.certificate.new.annotations }} | ||||||
|  | {{ toYaml .Values.certificate.new.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.certificates.server.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- if .Values.certificate.new.labels }} | ||||||
|  | {{ toYaml .Values.certificate.new.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* names */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.certificates.server.name" -}} | ||||||
|  | {{ include "athens-proxy.fullname" . }}-tls | ||||||
|  | {{- end -}} | ||||||
| @@ -1,3 +1,4 @@ | |||||||
|  | {{/* vim: set filetype=mustache: */}} | ||||||
| {{/* | {{/* | ||||||
| Expand the name of the chart. | Expand the name of the chart. | ||||||
| */}} | */}} | ||||||
| @@ -30,20 +31,26 @@ Create chart name and version as used by the chart label. | |||||||
| {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} | ||||||
| {{- end }} | {{- end }} | ||||||
| 
 | 
 | ||||||
|  | {{/* | ||||||
|  | Common annotations | ||||||
|  | */}} | ||||||
|  | {{- define "athens-proxy.annotations" -}} | ||||||
|  | {{- end }} | ||||||
|  | 
 | ||||||
| {{/* | {{/* | ||||||
| Common labels | Common labels | ||||||
| */}} | */}} | ||||||
| {{- define "athens-proxy.labels" -}} | {{- define "athens-proxy.labels" -}} | ||||||
| helm.sh/chart: {{ include "athens-proxy.chart" . }} |  | ||||||
| {{ include "athens-proxy.selectorLabels" . }} | {{ include "athens-proxy.selectorLabels" . }} | ||||||
| {{- if .Chart.AppVersion }} | {{- if .Chart.AppVersion }} | ||||||
| app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} | ||||||
| {{- end }} | {{- end }} | ||||||
| app.kubernetes.io/managed-by: {{ .Release.Service }} | app.kubernetes.io/managed-by: {{ .Release.Service }} | ||||||
|  | helm.sh/chart: {{ include "athens-proxy.chart" . }} | ||||||
| {{- end }} | {{- end }} | ||||||
| 
 | 
 | ||||||
| {{/* | {{/* | ||||||
| Selector labels | Common selector labels | ||||||
| */}} | */}} | ||||||
| {{- define "athens-proxy.selectorLabels" -}} | {{- define "athens-proxy.selectorLabels" -}} | ||||||
| app.kubernetes.io/name: {{ include "athens-proxy.name" . }} | app.kubernetes.io/name: {{ include "athens-proxy.name" . }} | ||||||
							
								
								
									
										43
									
								
								templates/_configMap.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										43
									
								
								templates/_configMap.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,43 @@ | |||||||
|  | --- | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.configMap.downloadMode.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if .Values.config.downloadMode.configMap.annotations }} | ||||||
|  | {{ toYaml .Values.config.downloadMode.configMap.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.configMap.gitConfig.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if .Values.config.gitConfig.configMap.annotations }} | ||||||
|  | {{ toYaml .Values.config.gitConfig.configMap.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.configMap.downloadMode.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- if .Values.config.downloadMode.configMap.labels }} | ||||||
|  | {{ toYaml .Values.config.downloadMode.configMap.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.configMap.gitConfig.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- if .Values.config.gitConfig.configMap.labels }} | ||||||
|  | {{ toYaml .Values.config.gitConfig.configMap.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* name */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.configMap.downloadMode.name" -}} | ||||||
|  | {{ include "athens-proxy.fullname" . }}-download-mode-file | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.configMap.gitConfig.name" -}} | ||||||
|  | {{ include "athens-proxy.fullname" . }}-gitconfig | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										279
									
								
								templates/_deployment.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										279
									
								
								templates/_deployment.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,279 @@ | |||||||
|  | {{/* vim: set filetype=mustache: */}} | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.deployment.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if .Values.deployment.annotations }} | ||||||
|  | {{ toYaml .Values.deployment.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* env */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.deployment.env" -}} | ||||||
|  | {{- $env := .Values.deployment.athensProxy.env | default (list) }} | ||||||
|  |  | ||||||
|  | {{- if and .Values.persistence.enabled }} | ||||||
|  | {{- $env = concat $env (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if .Values.config.downloadMode.enabled }} | ||||||
|  | {{- $env = concat $env (list (dict "name" "ATHENS_DOWNLOAD_MODE" "value" "file:/etc/athens/config/download-mode.d/download-mode")) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }} | ||||||
|  | {{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if .Values.certificate.enabled }} | ||||||
|  | {{- $env = concat $env (list | ||||||
|  |       (dict "name" "ATHENS_TLSCERT_FILE" "value" "/etc/athens-proxy/tls/tls.crt") | ||||||
|  |       (dict "name" "ATHENS_TLSKEY_FILE" "value" "/etc/athens-proxy/tls/tls.key") | ||||||
|  |     ) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{ toYaml (dict "env" $env) }} | ||||||
|  |  | ||||||
|  | {{- end -}} | ||||||
|  |  | ||||||
|  |  | ||||||
|  | {{/* envFrom */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.deployment.envFrom" -}} | ||||||
|  | {{- $envFrom := .Values.deployment.athensProxy.envFrom | default (list) }} | ||||||
|  |  | ||||||
|  | {{- if .Values.config.env.enabled }} | ||||||
|  | {{- $secretName := include "athens-proxy.secrets.env.name" $ }} | ||||||
|  | {{- if and .Values.config.env.existingSecret.enabled (gt (len .Values.config.env.existingSecret.secretName) 0)}} | ||||||
|  | {{- $secretName = .Values.config.env.existingSecret.secretName }} | ||||||
|  | {{- end }} | ||||||
|  | {{- $envFrom = concat $envFrom (list (dict "secretRef" (dict "name" $secretName))) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{ toYaml (dict "envFrom" $envFrom) }} | ||||||
|  |  | ||||||
|  | {{- end -}} | ||||||
|  |  | ||||||
|  | {{/* image */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.deployment.images.athens-proxy.fqin" -}} | ||||||
|  | {{- $registry := .Values.deployment.athensProxy.image.registry -}} | ||||||
|  | {{- $repository := .Values.deployment.athensProxy.image.repository -}} | ||||||
|  | {{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}} | ||||||
|  | {{- printf "%s/%s:%s" $registry $repository $tag -}} | ||||||
|  | {{- end -}} | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.deployment.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- if .Values.deployment.labels }} | ||||||
|  | {{ toYaml .Values.deployment.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* serviceAccount */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.deployment.serviceAccount" -}} | ||||||
|  | {{- if .Values.serviceAccount.existing.enabled -}} | ||||||
|  | {{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}} | ||||||
|  | {{- else -}} | ||||||
|  | {{- include "athens-proxy.fullname" . -}} | ||||||
|  | {{- end -}} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* volumeMounts */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.deployment.volumeMounts" -}} | ||||||
|  | {{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }} | ||||||
|  |  | ||||||
|  | {{- if .Values.persistence.enabled }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* volumes (download mode) */}} | ||||||
|  | {{- if .Values.config.downloadMode.enabled }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "download-mode" "mountPath" "/etc/athens/config/download-mode.d" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* volumeMount (git config) */}} | ||||||
|  | {{- if .Values.config.gitConfig.enabled }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.gitconfig" "subPath" ".gitconfig" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* volumeMount (netrc) */}} | ||||||
|  | {{- if .Values.config.netrc.enabled }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.netrc" "subPath" ".netrc" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* volumeMount (ssh) */}} | ||||||
|  | {{- if and .Values.config.ssh.enabled }} | ||||||
|  | {{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.config) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.configKey) 0)) }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/config" "subPath" "config" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0)) }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519" "subPath" "id_ed25519" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0)) }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519.pub" "subPath" "id_ed25519.pub" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0)) }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa" "subPath" "id_rsa" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0)) }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa.pub" "subPath" "id_rsa.pub" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  |  | ||||||
|  | {{/* volumeMounts (tls) */}} | ||||||
|  | {{- if .Values.certificate.enabled }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "tls" "mountPath" "/etc/athens-proxy/tls" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{ toYaml (dict "volumeMounts" $volumeMounts) }} | ||||||
|  | {{- end -}} | ||||||
|  |  | ||||||
|  | {{/* volumes */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.deployment.volumes" -}} | ||||||
|  | {{- $volumes := .Values.deployment.volumes | default (list) }} | ||||||
|  |  | ||||||
|  |  | ||||||
|  | {{/* volumes (data) */}} | ||||||
|  | {{- if .Values.persistence.enabled }} | ||||||
|  | {{- $claimName := include "athens-proxy.persistentVolumeClaim.data.name" $ }} | ||||||
|  | {{- if .Values.persistence.data.existingPersistentVolumeClaim.enabled }} | ||||||
|  | {{- $claimName = .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName }} | ||||||
|  | {{- end }} | ||||||
|  | {{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $claimName))) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  |  | ||||||
|  | {{/* volumes (download mode) */}} | ||||||
|  | {{- if .Values.config.downloadMode.enabled }} | ||||||
|  | {{- $itemList := list (dict "key" "downloadMode" "path" "download-mode" "mode" 0644) }} | ||||||
|  | {{- $configMapName := include "athens-proxy.configMap.downloadMode.name" $ }} | ||||||
|  | {{- if and .Values.config.downloadMode.existingConfigMap.enabled (gt (len .Values.config.downloadMode.existingConfigMap.configMapName) 0) }} | ||||||
|  | {{- $itemList = list (dict "key" .Values.config.downloadMode.existingConfigMap.downloadModeKey "path" "download-mode" "mode" 0644) }} | ||||||
|  | {{- $configMapName = .Values.config.downloadMode.existingConfigMap.configMapName }} | ||||||
|  | {{- end }} | ||||||
|  | {{- $volumes = concat $volumes (list (dict "name" "download-mode" "configMap" (dict "name" $configMapName "items" $itemList))) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  |  | ||||||
|  | {{/* volumes (git config) */}} | ||||||
|  | {{- $projectedSecretSources := list -}} | ||||||
|  |  | ||||||
|  | {{- if .Values.config.gitConfig.enabled }} | ||||||
|  | {{- $itemList := list (dict "key" ".gitconfig" "path" ".gitconfig" "mode" 0644) }} | ||||||
|  | {{- $configMapName := include "athens-proxy.configMap.gitConfig.name" . }} | ||||||
|  | {{- if .Values.config.gitConfig.existingConfigMap.enabled }} | ||||||
|  | {{- $itemList = list (dict "key" .Values.config.gitConfig.existingConfigMap.gitConfigKey "path" ".gitconfig" "mode" 0644) }} | ||||||
|  | {{- $configMapName = .Values.config.gitConfig.existingConfigMap.configMapName }} | ||||||
|  | {{- end }} | ||||||
|  | {{- $projectedSecretSources = concat $projectedSecretSources (list (dict "configMap" (dict "name" $configMapName "items" $itemList))) }} | ||||||
|  |  | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* volumes (netrc) */}} | ||||||
|  |  | ||||||
|  | {{- if .Values.config.netrc.enabled }} | ||||||
|  | {{- $itemList := list (dict "key" ".netrc" "path" ".netrc" "mode" 0600) }} | ||||||
|  | {{- $secretName := include "athens-proxy.secrets.netrc.name" . }} | ||||||
|  | {{- if .Values.config.netrc.existingSecret.enabled }} | ||||||
|  | {{- $itemList = list (dict "key" .Values.config.netrc.existingSecret.netrcKey "path" ".netrc" "mode" 0600) }} | ||||||
|  | {{- $secretName = .Values.config.netrc.existingSecret.secretName }} | ||||||
|  | {{- end }} | ||||||
|  | {{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }} | ||||||
|  |  | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* volumes (ssh) */}} | ||||||
|  | {{- if .Values.config.ssh.enabled }} | ||||||
|  |  | ||||||
|  | {{- $itemList := list -}} | ||||||
|  | {{- $secretName := include "athens-proxy.secrets.ssh.name" . }} | ||||||
|  |  | ||||||
|  | {{- if and .Values.config.ssh.existingSecret.enabled .Values.config.ssh.existingSecret.secretName }} | ||||||
|  | {{- $secretName = .Values.config.ssh.existingSecret.secretName }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.existingSecret.configKey) 0 }} | ||||||
|  | {{- $configItem := dict "key" .Values.config.ssh.existingSecret.configKey "path" "config" "mode" 0600 }} | ||||||
|  | {{- $itemList = concat $itemList (list $configItem) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0 }} | ||||||
|  | {{- $idED25519Item := dict "key" .Values.config.ssh.existingSecret.id_ed25519Key "path" "id_ed25519" "mode" 0600 }} | ||||||
|  | {{- $itemList = concat $itemList (list $idED25519Item) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0 }} | ||||||
|  | {{- $idED25519PubItem := dict "key" .Values.config.ssh.existingSecret.id_ed25519PubKey "path" "id_ed25519.pub" "mode" 0644 }} | ||||||
|  | {{- $itemList = concat $itemList (list $idED25519PubItem) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0 }} | ||||||
|  | {{- $idRSAItem := dict "key" .Values.config.ssh.existingSecret.id_rsaKey "path" "id_rsa" "mode" 0600 }} | ||||||
|  | {{- $itemList = concat $itemList (list $idRSAItem) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0 }} | ||||||
|  | {{- $idRSAPubItem := dict "key" .Values.config.ssh.existingSecret.id_rsaPubKey "path" "id_rsa.pub" "mode" 0644 }} | ||||||
|  | {{- $itemList = concat $itemList (list $idRSAPubItem) }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if not .Values.config.ssh.existingSecret.enabled }} | ||||||
|  | {{- if gt (len .Values.config.ssh.secret.config) 0 }} | ||||||
|  | {{- $configItem := dict "key" "config" "path" "config" "mode" 0600 }} | ||||||
|  | {{- $itemList = concat $itemList (list $configItem) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.secret.id_ed25519) 0 }} | ||||||
|  | {{- $idED25519Item := dict "key" "id_ed25519" "path" "id_ed25519" "mode" 0600 }} | ||||||
|  | {{- $itemList = concat $itemList (list $idED25519Item) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.secret.id_ed25519_pub) 0 }} | ||||||
|  | {{- $idED25519PubItem := dict "key" "id_ed25519.pub" "path" "id_ed25519.pub" "mode" 0644 }} | ||||||
|  | {{- $itemList = concat $itemList (list $idED25519PubItem) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.secret.id_rsa) 0 }} | ||||||
|  | {{- $idRSAItem := dict "key" "id_rsa" "path" "id_rsa" "mode" 0600 }} | ||||||
|  | {{- $itemList = concat $itemList (list $idRSAItem) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.secret.id_rsa_pub) 0 }} | ||||||
|  | {{- $idRSAPubItem := dict "key" "id_rsa.pub" "path" "id_rsa.pub" "mode" 0644 }} | ||||||
|  | {{- $itemList = concat $itemList (list $idRSAPubItem) }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len $projectedSecretSources) 0 }} | ||||||
|  | {{- $projectedSecretVolume := dict "name" "secrets" "projected" (dict "sources" $projectedSecretSources) }} | ||||||
|  | {{- $volumes = concat $volumes (list $projectedSecretVolume) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* volumes (tls) */}} | ||||||
|  | {{- if .Values.certificate.enabled }} | ||||||
|  | {{- $secretName := include "athens-proxy.certificates.server.name" $ }} | ||||||
|  | {{- if .Values.certificate.existingSecret.enabled }} | ||||||
|  | {{- $secretName := .Values.certificate.existingSecret.secretName }} | ||||||
|  | {{- end }} | ||||||
|  | {{- $volumes = concat $volumes (list (dict "name" "tls" "secret" (dict "secretName" $secretName))) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  |  | ||||||
|  | {{ toYaml (dict "volumes" $volumes) }} | ||||||
|  | {{- end -}} | ||||||
							
								
								
									
										19
									
								
								templates/_hpa.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								templates/_hpa.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | |||||||
|  | --- | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.hpa.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if .Values.hpa.annotations }} | ||||||
|  | {{ toYaml .Values.hpa.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.hpa.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- if .Values.hpa.labels }} | ||||||
|  | {{ toYaml .Values.hpa.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										19
									
								
								templates/_ingress.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								templates/_ingress.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | |||||||
|  | {{/* vim: set filetype=mustache: */}} | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.ingress.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if .Values.ingress.annotations }} | ||||||
|  | {{ toYaml .Values.ingress.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.ingress.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- if .Values.ingress.labels }} | ||||||
|  | {{ toYaml .Values.ingress.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										19
									
								
								templates/_networkPolicy.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								templates/_networkPolicy.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | |||||||
|  | {{/* vim: set filetype=mustache: */}} | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.networkPolicy.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if .Values.networkPolicy.annotations }} | ||||||
|  | {{ toYaml .Values.networkPolicy.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.networkPolicy.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- if .Values.networkPolicy.labels }} | ||||||
|  | {{ toYaml .Values.networkPolicy.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										25
									
								
								templates/_persistentVolumeClaim.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								templates/_persistentVolumeClaim.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | |||||||
|  | {{/* vim: set filetype=mustache: */}} | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.persistentVolumeClaim.data.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if .Values.persistence.data.persistentVolumeClaim.annotations }} | ||||||
|  | {{ toYaml .Values.persistence.data.persistentVolumeClaim.annotations}} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.persistentVolumeClaim.data.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- if .Values.persistence.data.persistentVolumeClaim.labels }} | ||||||
|  | {{ toYaml .Values.persistence.data.persistentVolumeClaim.labels}} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* name */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.persistentVolumeClaim.data.name" -}} | ||||||
|  | {{ include "athens-proxy.fullname" . }}-data | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										34
									
								
								templates/_pod.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										34
									
								
								templates/_pod.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,34 @@ | |||||||
|  | --- | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.pod.annotations" }} | ||||||
|  | {{- include "athens-proxy.annotations" . }} | ||||||
|  | {{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }} | ||||||
|  | {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }} | ||||||
|  | {{- end }} | ||||||
|  | {{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }} | ||||||
|  | {{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }} | ||||||
|  | {{- end }} | ||||||
|  | {{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }} | ||||||
|  | {{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }} | ||||||
|  | {{- end }} | ||||||
|  | {{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }} | ||||||
|  | {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }} | ||||||
|  | {{- end }} | ||||||
|  | {{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }} | ||||||
|  | {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.pod.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.pod.selectorLabels" -}} | ||||||
|  | {{ include "athens-proxy.selectorLabels" . }} | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										61
									
								
								templates/_secrets.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										61
									
								
								templates/_secrets.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,61 @@ | |||||||
|  | {{/* vim: set filetype=mustache: */}} | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.secrets.env.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if .Values.config.env.secret.annotations }} | ||||||
|  | {{ toYaml .Values.config.env.secret.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.secrets.netrc.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if .Values.config.netrc.secret.annotations }} | ||||||
|  | {{ toYaml .Values.config.netrc.secret.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.secrets.ssh.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if .Values.config.ssh.secret.annotations }} | ||||||
|  | {{ toYaml .Values.config.ssh.secret.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.secrets.env.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- if .Values.config.env.secret.labels }} | ||||||
|  | {{ toYaml .Values.config.env.secret.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.secrets.netrc.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- if .Values.config.netrc.secret.labels }} | ||||||
|  | {{ toYaml .Values.config.netrc.secret.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.secrets.ssh.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- if .Values.config.ssh.secret.labels }} | ||||||
|  | {{ toYaml .Values.config.ssh.secret.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* name */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.secrets.env.name" -}} | ||||||
|  | {{ include "athens-proxy.fullname" . }}-env | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.secrets.netrc.name" -}} | ||||||
|  | {{ include "athens-proxy.fullname" . }}-netrc | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.secrets.ssh.name" -}} | ||||||
|  | {{ include "athens-proxy.fullname" . }}-ssh | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										17
									
								
								templates/_serviceAccount.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										17
									
								
								templates/_serviceAccount.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,17 @@ | |||||||
|  | {{/* vim: set filetype=mustache: */}} | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.serviceAccount.annotations" -}} | ||||||
|  | {{- if .Values.serviceAccount.new.annotations }} | ||||||
|  | {{ toYaml .Values.serviceAccount.new.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.serviceAccount.labels" -}} | ||||||
|  | {{- if .Values.serviceAccount.new.labels }} | ||||||
|  | {{ toYaml .Values.serviceAccount.new.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										29
									
								
								templates/_services.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								templates/_services.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | |||||||
|  | {{/* vim: set filetype=mustache: */}} | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.services.http.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if .Values.services.http.annotations }} | ||||||
|  | {{ toYaml .Values.services.http.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.services.http.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}} | ||||||
|  | app.kubernetes.io/service-name: http | ||||||
|  | {{- if .Values.services.http.labels }} | ||||||
|  | {{ toYaml .Values.services.http.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* names */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.services.http.name" -}} | ||||||
|  | {{- if .Values.services.http.enabled -}} | ||||||
|  | {{ include "athens-proxy.fullname" . }}-http | ||||||
|  | {{- end -}} | ||||||
|  | {{- end -}} | ||||||
							
								
								
									
										97
									
								
								templates/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										97
									
								
								templates/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,97 @@ | |||||||
|  | {{- if and .Values.certificate.enabled (not .Values.certificate.existingSecret.enabled) -}} | ||||||
|  | --- | ||||||
|  | apiVersion: cert-manager.io/v1 | ||||||
|  | kind: Certificate | ||||||
|  | metadata: | ||||||
|  |   {{- with (include "athens-proxy.certificates.server.annotations" . | fromYaml) }} | ||||||
|  |   annotations: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with (include "athens-proxy.certificates.server.labels" . | fromYaml) }} | ||||||
|  |   labels: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   name: {{ include "athens-proxy.certificates.server.name" . }} | ||||||
|  |   namespace: {{ .Release.Namespace }} | ||||||
|  | spec: | ||||||
|  |   commonName: {{ include "athens-proxy.fullname" . }} | ||||||
|  |   {{- if empty .Values.certificate.new.dnsNames }} | ||||||
|  |   dnsNames: | ||||||
|  |   - {{ include "athens-proxy.fullname" . }} | ||||||
|  |   - {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }} | ||||||
|  |   - {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc | ||||||
|  |   - {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} | ||||||
|  |   {{- else }} | ||||||
|  |   dnsNames: | ||||||
|  |   {{- range .Values.certificate.new.dnsNames }} | ||||||
|  |   - {{ . }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- end }} | ||||||
|  |   duration: {{ .Values.certificate.new.duration }} | ||||||
|  |   {{- if not (empty .Values.certificate.new.ipAddresses) }} | ||||||
|  |   ipAddresses: | ||||||
|  |   {{- range .Values.certificate.new.ipAddresses }} | ||||||
|  |   - {{ . }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- end }} | ||||||
|  |   isCA: false | ||||||
|  |   issuerRef: | ||||||
|  |     kind: {{ required "No certificate issuer kind defined!" .Values.certificate.new.issuerRef.kind }} | ||||||
|  |     name: {{ required "No certificate issuer name defined!" .Values.certificate.new.issuerRef.name }} | ||||||
|  |   privateKey: | ||||||
|  |     algorithm: {{ .Values.certificate.new.privateKey.algorithm }} | ||||||
|  |     rotationPolicy: {{ .Values.certificate.new.privateKey.rotationPolicy }} | ||||||
|  |     size: {{ .Values.certificate.new.privateKey.size }} | ||||||
|  |   renewBefore: {{ .Values.certificate.new.renewBefore }} | ||||||
|  |   secretName: {{ include "athens-proxy.certificates.server.name" . }} | ||||||
|  |   {{- with .Values.certificate.new.secretTemplate }} | ||||||
|  |   secretTemplate: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- if or .Values.certificate.new.subject.countries | ||||||
|  |             .Values.certificate.new.subject.localities | ||||||
|  |             .Values.certificate.new.subject.organizationalUnits | ||||||
|  |             .Values.certificate.new.subject.organizations | ||||||
|  |             .Values.certificate.new.subject.postalCodes | ||||||
|  |             .Values.certificate.new.subject.provinces | ||||||
|  |             .Values.certificate.new.subject.serialNumber | ||||||
|  |             .Values.certificate.new.subject.streetAddresses | ||||||
|  |   }} | ||||||
|  |   subject: | ||||||
|  |     {{- with .Values.certificate.new.subject.countries }} | ||||||
|  |     countries: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- with .Values.certificate.new.subject.localities }} | ||||||
|  |     localities: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- with .Values.certificate.new.subject.organizationalUnits }} | ||||||
|  |     organizationalUnits: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- with .Values.certificate.new.subject.organizations }} | ||||||
|  |     organizations: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- with .Values.certificate.new.subject.postalCodes }} | ||||||
|  |     postalCodes: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- with .Values.certificate.new.subject.provinces }} | ||||||
|  |     provinces: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- if .Values.certificate.new.subject.serialNumber }} | ||||||
|  |     serialNumber: {{ .Values.certificate.new.subject.serialNumber }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- with .Values.certificate.new.subject.streetAddresses }} | ||||||
|  |     streetAddresses: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|  |   {{- end }} | ||||||
|  |   usages: | ||||||
|  |   {{- range .Values.certificate.new.usages }} | ||||||
|  |   - {{ . }} | ||||||
|  |   {{- end }} | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										19
									
								
								templates/configMapDownloadMode.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								templates/configMapDownloadMode.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | |||||||
|  | {{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }} | ||||||
|  | --- | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: ConfigMap | ||||||
|  | metadata: | ||||||
|  |   {{- with (include "athens-proxy.configMap.downloadMode.annotations" . | fromYaml) }} | ||||||
|  |   annotations: | ||||||
|  |     {{- tpl (toYaml .) $ | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with (include "athens-proxy.configMap.downloadMode.labels" . | fromYaml) }} | ||||||
|  |   labels: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   name: {{ include "athens-proxy.configMap.downloadMode.name" . }} | ||||||
|  |   namespace: {{ .Release.Namespace }} | ||||||
|  | data: | ||||||
|  |   downloadMode: | | ||||||
|  |     {{- tpl .Values.config.downloadMode.configMap.content . | nindent 4 }} | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										19
									
								
								templates/configMapGitConfig.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								templates/configMapGitConfig.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | |||||||
|  | {{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }} | ||||||
|  | --- | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: ConfigMap | ||||||
|  | metadata: | ||||||
|  |   {{- with (include "athens-proxy.configMap.gitConfig.annotations" . | fromYaml) }} | ||||||
|  |   annotations: | ||||||
|  |     {{- tpl (toYaml .) $ | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with (include "athens-proxy.configMap.gitConfig.labels" . | fromYaml) }} | ||||||
|  |   labels: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   name: {{ include "athens-proxy.configMap.gitConfig.name" . }} | ||||||
|  |   namespace: {{ .Release.Namespace }} | ||||||
|  | data: | ||||||
|  |   .gitconfig: | | ||||||
|  |     {{- tpl .Values.config.gitConfig.configMap.content . | nindent 4 }} | ||||||
|  | {{- end }} | ||||||
| @@ -1,74 +1,143 @@ | |||||||
| apiVersion: apps/v1 | apiVersion: apps/v1 | ||||||
| kind: Deployment | kind: Deployment | ||||||
| metadata: | metadata: | ||||||
|   name: {{ include "athens-proxy.fullname" . }} |   {{- with (include "athens-proxy.deployment.annotations" . | fromYaml) }} | ||||||
|  |   annotations: | ||||||
|  |     {{- tpl (toYaml .) $ | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with (include "athens-proxy.deployment.labels" . | fromYaml) }} | ||||||
|   labels: |   labels: | ||||||
|     {{- include "athens-proxy.labels" . | nindent 4 }} |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   name: {{ include "athens-proxy.fullname" . }} | ||||||
|  |   namespace: {{ .Release.Namespace }} | ||||||
| spec: | spec: | ||||||
|  |   replicas: {{ .Values.deployment.replicas }} | ||||||
|   selector: |   selector: | ||||||
|     matchLabels: |     matchLabels: | ||||||
|       {{- include "athens-proxy.selectorLabels" . | nindent 6 }} |       {{- include "athens-proxy.pod.selectorLabels" . | nindent 6 }} | ||||||
|   template: |   template: | ||||||
|     metadata: |     metadata: | ||||||
|       {{- with .Values.podAnnotations }} |  | ||||||
|       annotations: |       annotations: | ||||||
|         {{- toYaml . | nindent 8 }} |         {{- include "athens-proxy.pod.annotations" . | nindent 8 }} | ||||||
|       {{- end }} |  | ||||||
|       labels: |       labels: | ||||||
|         {{- include "athens-proxy.selectorLabels" . | nindent 8 }} |         {{- include "athens-proxy.pod.labels" . | nindent 8 }} | ||||||
|     spec: |     spec: | ||||||
|       containers: |       {{- with .Values.deployment.affinity }} | ||||||
|         - name: {{ .Chart.Name }} |  | ||||||
|           envFrom: |  | ||||||
|           - secretRef: |  | ||||||
|               name: {{ include "athens-proxy.fullname" . }} |  | ||||||
|           securityContext: |  | ||||||
|             {{- toYaml .Values.securityContext | nindent 12 }} |  | ||||||
|           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" |  | ||||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} |  | ||||||
|           livenessProbe: |  | ||||||
|             httpGet: |  | ||||||
|               scheme: HTTP |  | ||||||
|               path: /healthz |  | ||||||
|               port: http |  | ||||||
|           ports: |  | ||||||
|           - name: http |  | ||||||
|             containerPort: {{ .Values.config.ATHENS_PORT | default 3000 }} |  | ||||||
|             protocol: TCP |  | ||||||
|           readinessProbe: |  | ||||||
|             httpGet: |  | ||||||
|               scheme: HTTP |  | ||||||
|               path: /healthz |  | ||||||
|               port: http |  | ||||||
|           resources: |  | ||||||
|             {{- toYaml .Values.resources | nindent 12 }} |  | ||||||
|           {{- with .Values.extraVolumeMounts }} |  | ||||||
|           volumeMounts: |  | ||||||
|             {{- toYaml . | nindent 10 }} |  | ||||||
|           {{- end }} |  | ||||||
|       {{- with .Values.affinity }} |  | ||||||
|       affinity: |       affinity: | ||||||
|         {{- toYaml . | nindent 8 }} |         {{- toYaml . | nindent 8 }} | ||||||
|       {{- end }} |       {{- end }} | ||||||
|       {{- with .Values.imagePullSecrets }} |       containers: | ||||||
|  |       - name: athens-proxy | ||||||
|  |         {{- with .Values.deployment.athensProxy.args }} | ||||||
|  |         args: | ||||||
|  |         {{- toYaml . | nindent 8 }} | ||||||
|  |         {{- end }} | ||||||
|  |         {{- with .Values.deployment.athensProxy.command }} | ||||||
|  |         command: | ||||||
|  |         {{- toYaml . | nindent 8 }} | ||||||
|  |         {{- end }} | ||||||
|  |         {{- $env := (include "athens-proxy.deployment.env" . | fromYaml) }} | ||||||
|  |         {{- if and (hasKey $env "env") (gt (len $env.env) 0) }} | ||||||
|  |         env: | ||||||
|  |         {{- toYaml $env.env | nindent 8 }} | ||||||
|  |         {{- end }} | ||||||
|  |         {{- $envFrom := (include "athens-proxy.deployment.envFrom" . | fromYaml) }} | ||||||
|  |         {{- if and (hasKey $envFrom "envFrom") (gt (len $envFrom.envFrom) 0) }} | ||||||
|  |         envFrom: | ||||||
|  |         {{- toYaml $envFrom.envFrom | nindent 8 }} | ||||||
|  |         {{- end }} | ||||||
|  |         image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }} | ||||||
|  |         imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }} | ||||||
|  |         livenessProbe: | ||||||
|  |           exec: | ||||||
|  |             {{- if not .Values.certificate.enabled }} | ||||||
|  |             command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ] | ||||||
|  |             {{- else }} | ||||||
|  |             command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ] | ||||||
|  |             {{- end }} | ||||||
|  |           failureThreshold: 3 | ||||||
|  |           initialDelaySeconds: 5 | ||||||
|  |           periodSeconds: 60 | ||||||
|  |           successThreshold: 1 | ||||||
|  |           timeoutSeconds: 3 | ||||||
|  |         readinessProbe: | ||||||
|  |           exec: | ||||||
|  |             {{- if not .Values.certificate.enabled }} | ||||||
|  |             command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ] | ||||||
|  |             {{- else }} | ||||||
|  |             command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ] | ||||||
|  |             {{- end }} | ||||||
|  |           failureThreshold: 3 | ||||||
|  |           initialDelaySeconds: 5 | ||||||
|  |           periodSeconds: 15 | ||||||
|  |           successThreshold: 1 | ||||||
|  |           timeoutSeconds: 3 | ||||||
|  |         ports: | ||||||
|  |         - name: http | ||||||
|  |           containerPort: 3000 | ||||||
|  |           protocol: TCP | ||||||
|  |         {{- with .Values.deployment.athensProxy.resources }} | ||||||
|  |         resources: | ||||||
|  |           {{- toYaml . | nindent 10 }} | ||||||
|  |         {{- end }} | ||||||
|  |         {{- with .Values.deployment.athensProxy.securityContext }} | ||||||
|  |         securityContext: | ||||||
|  |           {{- toYaml . | nindent 10 }} | ||||||
|  |         {{- end }} | ||||||
|  |         {{- $volumeMounts := (include "athens-proxy.deployment.volumeMounts" . | fromYaml) }} | ||||||
|  |         {{- if and (hasKey $volumeMounts "volumeMounts") (gt (len $volumeMounts.volumeMounts) 0) }} | ||||||
|  |         volumeMounts: | ||||||
|  |         {{- toYaml $volumeMounts.volumeMounts | nindent 8 }} | ||||||
|  |         {{- end }} | ||||||
|  |       {{- with .Values.deployment.dnsConfig }} | ||||||
|  |       dnsConfig: | ||||||
|  |         {{- toYaml . | nindent 8 }} | ||||||
|  |       {{- end }} | ||||||
|  |       {{- if .Values.deployment.dnsPolicy }} | ||||||
|  |       dnsPolicy: {{ .Values.deployment.dnsPolicy }} | ||||||
|  |       {{- end }} | ||||||
|  |       {{- if .Values.deployment.hostname }} | ||||||
|  |       hostname: {{ .Values.deployment.hostname }} | ||||||
|  |       {{- end }} | ||||||
|  |       hostNetwork: {{ .Values.deployment.hostNetwork }} | ||||||
|  |       {{- with .Values.deployment.imagePullSecrets }} | ||||||
|       imagePullSecrets: |       imagePullSecrets: | ||||||
|         {{- toYaml . | nindent 8 }} |         {{- toYaml . | nindent 8 }} | ||||||
|       {{- end }} |       {{- end }} | ||||||
|       {{- with .Values.nodeSelector }} |       {{- with .Values.deployment.nodeSelector }} | ||||||
|       nodeSelector: |       nodeSelector: | ||||||
|         {{- toYaml . | nindent 8 }} |         {{- toYaml . | nindent 8 }} | ||||||
|       {{- end }} |       {{- end }} | ||||||
|       {{- if .Values.podPriorityClassName }} |       {{- if .Values.deployment.priorityClassName }} | ||||||
|       priorityClassName: {{ .Values.podPriorityClassName }} |       priorityClassName: {{ .Values.deployment.priorityClassName }} | ||||||
|       {{- end }} |       {{- end }} | ||||||
|  |       {{- if .Values.deployment.restartPolicy }} | ||||||
|  |       restartPolicy: {{ .Values.deployment.restartPolicy }} | ||||||
|  |       {{- end }} | ||||||
|  |       {{- with .Values.deployment.securityContext }} | ||||||
|       securityContext: |       securityContext: | ||||||
|         {{- toYaml .Values.podSecurityContext | nindent 8 }} |         {{- toYaml . | nindent 8 }} | ||||||
|       serviceAccountName: {{ include "athens-proxy.fullname" . }} |       {{- end }} | ||||||
|       {{- with .Values.tolerations }} |       serviceAccount: {{ include "athens-proxy.deployment.serviceAccount" . }} | ||||||
|  |       {{- if .Values.deployment.subdomain }} | ||||||
|  |       subdomain: {{ .Values.deployment.subdomain }} | ||||||
|  |       {{- end }} | ||||||
|  |       terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }} | ||||||
|  |       {{- with .Values.deployment.tolerations }} | ||||||
|       tolerations: |       tolerations: | ||||||
|         {{- toYaml . | nindent 8 }} |       {{- toYaml . | nindent 6 }} | ||||||
|       {{- end }} |       {{- end }} | ||||||
|       {{- with .Values.extraVolumes }} |       {{- with .Values.deployment.topologySpreadConstraints }} | ||||||
|  |       topologySpreadConstraints: | ||||||
|  |       {{- toYaml . | nindent 6 }} | ||||||
|  |       {{- end }} | ||||||
|  |       {{- $volumes := (include "athens-proxy.deployment.volumes" . | fromYaml) }} | ||||||
|  |       {{- if and (hasKey $volumes "volumes") (gt (len $volumes.volumes) 0) }} | ||||||
|       volumes: |       volumes: | ||||||
|         {{- toYaml . | nindent 8 }} |       {{- toYaml $volumes.volumes | nindent 6 }} | ||||||
|       {{- end }} |       {{- end }} | ||||||
|  |   {{- with .Values.deployment.strategy }} | ||||||
|  |   strategy: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
							
								
								
									
										25
									
								
								templates/hpa.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								templates/hpa.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | |||||||
|  | {{- if .Values.hpa.enabled -}} | ||||||
|  | --- | ||||||
|  | apiVersion: autoscaling/v2 | ||||||
|  | kind: HorizontalPodAutoscaler | ||||||
|  | metadata: | ||||||
|  |   {{- with (include "athens-proxy.hpa.annotations" . | fromYaml) }} | ||||||
|  |   annotations: | ||||||
|  |     {{- tpl (toYaml .) $ | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with (include "athens-proxy.hpa.labels" . | fromYaml) }} | ||||||
|  |   labels: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   name: {{ include "athens-proxy.fullname" . }} | ||||||
|  |   namespace: {{ .Release.Namespace }} | ||||||
|  | spec: | ||||||
|  |   metrics: | ||||||
|  |   {{- toYaml .Values.hpa.metrics | nindent 2 }} | ||||||
|  |   maxReplicas: {{ .Values.hpa.maxReplicas }} | ||||||
|  |   minReplicas: {{ .Values.hpa.minReplicas }} | ||||||
|  |   scaleTargetRef: | ||||||
|  |     apiVersion: apps/v1 | ||||||
|  |     kind: Deployment | ||||||
|  |     name: {{ include "athens-proxy.fullname" . }} | ||||||
|  | {{- end -}} | ||||||
| @@ -1,61 +1,45 @@ | |||||||
| {{- if .Values.ingress.enabled -}} | {{- if and .Values.services.http.enabled .Values.ingress.enabled }} | ||||||
| {{- $fullName := include "athens-proxy.fullname" . -}} | --- | ||||||
| {{- $svcPort := .Values.service.port -}} |  | ||||||
| {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} |  | ||||||
|   {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} |  | ||||||
|   {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} |  | ||||||
|   {{- end }} |  | ||||||
| {{- end }} |  | ||||||
| {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} |  | ||||||
| apiVersion: networking.k8s.io/v1 | apiVersion: networking.k8s.io/v1 | ||||||
| {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} |  | ||||||
| apiVersion: networking.k8s.io/v1beta1 |  | ||||||
| {{- else -}} |  | ||||||
| apiVersion: extensions/v1beta1 |  | ||||||
| {{- end }} |  | ||||||
| kind: Ingress | kind: Ingress | ||||||
| metadata: | metadata: | ||||||
|   name: {{ $fullName }} |   {{- with (include "athens-proxy.ingress.annotations" . | fromYaml) }} | ||||||
|   labels: |  | ||||||
|     {{- include "athens-proxy.labels" . | nindent 4 }} |  | ||||||
|   {{- with .Values.ingress.annotations }} |  | ||||||
|   annotations: |   annotations: | ||||||
|  |     {{- tpl (toYaml .) $ | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with (include "athens-proxy.ingress.labels" . | fromYaml) }} | ||||||
|  |   labels: | ||||||
|     {{- toYaml . | nindent 4 }} |     {{- toYaml . | nindent 4 }} | ||||||
|   {{- end }} |   {{- end }} | ||||||
|  |   name: {{ include "athens-proxy.fullname" . }} | ||||||
|  |   namespace: {{ .Release.Namespace }} | ||||||
| spec: | spec: | ||||||
|   {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} |  | ||||||
|   ingressClassName: {{ .Values.ingress.className }} |   ingressClassName: {{ .Values.ingress.className }} | ||||||
|  |   rules: | ||||||
|  |   {{- range .Values.ingress.hosts }} | ||||||
|  |   - host: {{ tpl .host $ | quote }} | ||||||
|  |     http: | ||||||
|  |       paths: | ||||||
|  |       {{- range .paths }} | ||||||
|  |       - path: {{ .path }} | ||||||
|  |         {{- if .pathType }} | ||||||
|  |         pathType: {{ .pathType }} | ||||||
|  |         {{- end }} | ||||||
|  |         backend: | ||||||
|  |           service: | ||||||
|  |             name: {{ include "athens-proxy.services.http.name" $ }} | ||||||
|  |             port: | ||||||
|  |               number: {{ $.Values.services.http.port }} | ||||||
|  |       {{- end }} | ||||||
|   {{- end }} |   {{- end }} | ||||||
|   {{- if .Values.ingress.tls }} |   {{- if .Values.ingress.tls }} | ||||||
|   tls: |   tls: | ||||||
|     {{- range .Values.ingress.tls }} |   {{- range .Values.ingress.tls }} | ||||||
|     - hosts: |   - hosts: | ||||||
|         {{- range .hosts }} |     {{- range .hosts }} | ||||||
|         - {{ . | quote }} |     - {{ tpl . $ | quote }} | ||||||
|         {{- end }} |  | ||||||
|       secretName: {{ .secretName }} |  | ||||||
|     {{- end }} |     {{- end }} | ||||||
|  |     secretName: {{ .secretName | quote }} | ||||||
|   {{- end }} |   {{- end }} | ||||||
|   rules: | {{- end }} | ||||||
|     {{- range .Values.ingress.hosts }} |  | ||||||
|     - host: {{ .host | quote }} |  | ||||||
|       http: |  | ||||||
|         paths: |  | ||||||
|           {{- range .paths }} |  | ||||||
|           - path: {{ .path }} |  | ||||||
|             {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} |  | ||||||
|             pathType: {{ .pathType }} |  | ||||||
|             {{- end }} |  | ||||||
|             backend: |  | ||||||
|               {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} |  | ||||||
|               service: |  | ||||||
|                 name: {{ $fullName }} |  | ||||||
|                 port: |  | ||||||
|                   number: {{ $svcPort }} |  | ||||||
|               {{- else }} |  | ||||||
|               serviceName: {{ $fullName }} |  | ||||||
|               servicePort: {{ $svcPort }} |  | ||||||
|               {{- end }} |  | ||||||
|           {{- end }} |  | ||||||
|     {{- end }} |  | ||||||
| {{- end }} | {{- end }} | ||||||
							
								
								
									
										32
									
								
								templates/networkPolicy.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								templates/networkPolicy.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,32 @@ | |||||||
|  | {{- if .Values.networkPolicy.enabled }} | ||||||
|  | --- | ||||||
|  | apiVersion: networking.k8s.io/v1 | ||||||
|  | kind: NetworkPolicy | ||||||
|  | metadata: | ||||||
|  |   {{- with (include "athens-proxy.networkPolicy.annotations" . | fromYaml) }} | ||||||
|  |   annotations: | ||||||
|  |     {{- tpl (toYaml .) $ | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with (include "athens-proxy.networkPolicy.labels" . | fromYaml) }} | ||||||
|  |   labels: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   name: {{ include "athens-proxy.fullname" . }} | ||||||
|  |   namespace: {{ .Release.Namespace }} | ||||||
|  | spec: | ||||||
|  |   podSelector: | ||||||
|  |     matchLabels: | ||||||
|  |       {{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }} | ||||||
|  |   {{- with .Values.networkPolicy.policyTypes }} | ||||||
|  |   policyTypes: | ||||||
|  |   {{- toYaml . | nindent 2 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with .Values.networkPolicy.egress }} | ||||||
|  |   egress: | ||||||
|  |   {{- toYaml . | nindent 2 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with .Values.networkPolicy.ingress }} | ||||||
|  |   ingress: | ||||||
|  |   {{- toYaml . | nindent 2 }} | ||||||
|  |   {{- end }} | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										26
									
								
								templates/persistentVolumeClaim.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										26
									
								
								templates/persistentVolumeClaim.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,26 @@ | |||||||
|  | {{- if and .Values.persistence.enabled (not .Values.persistence.data.existingPersistentVolumeClaim.enabled) }} | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: PersistentVolumeClaim | ||||||
|  | metadata: | ||||||
|  |   {{- with (include "athens-proxy.persistentVolumeClaim.data.annotations" . | fromYaml) }} | ||||||
|  |   annotations: | ||||||
|  |     {{- tpl (toYaml .) $ | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with (include "athens-proxy.persistentVolumeClaim.data.labels" . | fromYaml) }} | ||||||
|  |   labels: | ||||||
|  |     {{- tpl (toYaml .) $ | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   name: {{ include "athens-proxy.persistentVolumeClaim.data.name" . }} | ||||||
|  |   namespace: {{ $.Release.Namespace }} | ||||||
|  | spec: | ||||||
|  |   {{- with .Values.persistence.data.persistentVolumeClaim.accessModes }} | ||||||
|  |   accessModes: | ||||||
|  |     {{ toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   resources: | ||||||
|  |     requests: | ||||||
|  |       storage: {{ .Values.persistence.data.persistentVolumeClaim.storageSize }} | ||||||
|  |   {{- if .Values.persistence.data.persistentVolumeClaim.storageClassName }} | ||||||
|  |   storageClassName: {{ .Values.persistence.data.persistentVolumeClaim.storageClassName }} | ||||||
|  |   {{- end }} | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										20
									
								
								templates/secretEnv.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								templates/secretEnv.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,20 @@ | |||||||
|  | {{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }} | ||||||
|  | --- | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: Secret | ||||||
|  | metadata: | ||||||
|  |   {{- with (include "athens-proxy.secrets.env.annotations" . | fromYaml) }} | ||||||
|  |   annotations: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with (include "athens-proxy.secrets.env.labels" . | fromYaml) }} | ||||||
|  |   labels: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   name: {{ include "athens-proxy.secrets.env.name" . }} | ||||||
|  |   namespace: {{ .Release.Namespace }} | ||||||
|  | stringData: | ||||||
|  |   {{- range $key, $value := .Values.config.env.secret.envs }} | ||||||
|  |   {{ upper $key }}: {{ quote $value }} | ||||||
|  |   {{- end }} | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										19
									
								
								templates/secretNetRC.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								templates/secretNetRC.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | |||||||
|  | {{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }} | ||||||
|  | --- | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: Secret | ||||||
|  | metadata: | ||||||
|  |   {{- with (include "athens-proxy.secrets.netrc.annotations" . | fromYaml) }} | ||||||
|  |   annotations: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with (include "athens-proxy.secrets.netrc.labels" . | fromYaml) }} | ||||||
|  |   labels: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   name: {{ include "athens-proxy.secrets.netrc.name" . }} | ||||||
|  |   namespace: {{ .Release.Namespace }} | ||||||
|  | stringData: | ||||||
|  |   .netrc: | | ||||||
|  |     {{- tpl .Values.config.netrc.secret.content . | nindent 4 }} | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										35
									
								
								templates/secretSSH.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										35
									
								
								templates/secretSSH.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,35 @@ | |||||||
|  | {{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }} | ||||||
|  | --- | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: Secret | ||||||
|  | metadata: | ||||||
|  |   {{- with (include "athens-proxy.secrets.ssh.annotations" . | fromYaml) }} | ||||||
|  |   annotations: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with (include "athens-proxy.secrets.ssh.labels" . | fromYaml) }} | ||||||
|  |   labels: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   name: {{ include "athens-proxy.secrets.ssh.name" . }} | ||||||
|  |   namespace: {{ .Release.Namespace }} | ||||||
|  | stringData: | ||||||
|  |   config: | | ||||||
|  |     {{- tpl $.Values.config.ssh.secret.config $ | nindent 4 }} | ||||||
|  |   {{- if .Values.config.ssh.secret.id_ed25519 }} | ||||||
|  |   id_ed25519: | | ||||||
|  |     {{- .Values.config.ssh.secret.id_ed25519 | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- if .Values.config.ssh.secret.id_ed25519_pub }} | ||||||
|  |   id_ed25519.pub: | | ||||||
|  |     {{- .Values.config.ssh.secret.id_ed25519_pub | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- if .Values.config.ssh.secret.id_rsa }} | ||||||
|  |   id_rsa: | | ||||||
|  |     {{- .Values.config.ssh.secret.id_rsa | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- if .Values.config.ssh.secret.id_rsa_pub }} | ||||||
|  |   id_rsa.pub: | | ||||||
|  |     {{- .Values.config.ssh.secret.id_rsa_pub | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  | {{- end }} | ||||||
| @@ -1,23 +0,0 @@ | |||||||
| apiVersion: v1 |  | ||||||
| kind: Secret |  | ||||||
| metadata: |  | ||||||
|   name: {{ include "athens-proxy.fullname" . }} |  | ||||||
| type: Opaque |  | ||||||
| stringData: |  | ||||||
|  |  | ||||||
|   {{- if not (hasKey .Values "config") -}} |  | ||||||
|   {{- $_ := set .Values "config" dict -}} |  | ||||||
|   {{- end -}} |  | ||||||
|  |  | ||||||
|   {{- if not (hasKey .Values.config "ATHENS_DISK_STORAGE_ROOT") -}} |  | ||||||
|   {{- $_ := set .Values.config "ATHENS_DISK_STORAGE_ROOT" "/var/lib/athens" -}} |  | ||||||
|   {{- end -}} |  | ||||||
|  |  | ||||||
|   {{- if not (hasKey .Values.config "ATHENS_STORAGE_TYPE") -}} |  | ||||||
|   {{- $_ := set .Values.config "ATHENS_STORAGE_TYPE" "disk" -}} |  | ||||||
|   {{- end -}} |  | ||||||
|  |  | ||||||
|   {{/* SETUP CONFIG */}} |  | ||||||
|   {{ range $key, $value := .Values.config }} |  | ||||||
|   {{ upper $key}}: {{ quote $value }} |  | ||||||
|   {{ end }} |  | ||||||
| @@ -1,36 +0,0 @@ | |||||||
| apiVersion: v1 |  | ||||||
| kind: Service |  | ||||||
| metadata: |  | ||||||
|   {{- with .Values.service.annotations }} |  | ||||||
|   annotations: |  | ||||||
|     {{- toYaml . | nindent 4 }} |  | ||||||
|   {{- end }} |  | ||||||
|   labels: |  | ||||||
|     {{- include "athens-proxy.labels" . | nindent 4 }} |  | ||||||
|   name: {{ include "athens-proxy.fullname" . }} |  | ||||||
| spec: |  | ||||||
|   {{- with .Values.service.externalIPs }} |  | ||||||
|   externalIPs: |  | ||||||
|   {{- toYaml . | nindent 2 }} |  | ||||||
|   {{- end }} |  | ||||||
|   {{- if .Values.service.externalTrafficPolicy }} |  | ||||||
|   externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} |  | ||||||
|   {{- end }} |  | ||||||
|   {{- if and .Values.service.loadBalancerClass (eq .Values.service.type "LoadBalancer") }} |  | ||||||
|   loadBalancerClass: {{ .Values.service.loadBalancerClass }} |  | ||||||
|   {{- end }} |  | ||||||
|   {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} |  | ||||||
|   loadBalancerIP: {{ .Values.service.loadBalancerIP }} |  | ||||||
|   {{- end }} |  | ||||||
|   {{- with .Values.service.loadBalancerSourceRanges }} |  | ||||||
|   loadBalancerSourceRanges: |  | ||||||
|   {{- toYaml . | nindent 2 }} |  | ||||||
|   {{- end }} |  | ||||||
|   type: {{ .Values.service.type }} |  | ||||||
|   ports: |  | ||||||
|     - port: {{ .Values.service.port }} |  | ||||||
|       targetPort: {{ .Values.service.targetPort }} |  | ||||||
|       protocol: TCP |  | ||||||
|       name: {{ .Values.service.name }} |  | ||||||
|   selector: |  | ||||||
|     {{- include "athens-proxy.selectorLabels" . | nindent 4 }} |  | ||||||
| @@ -1,10 +1,25 @@ | |||||||
|  | {{- if not .Values.serviceAccount.existing.enabled }} | ||||||
|  | --- | ||||||
| apiVersion: v1 | apiVersion: v1 | ||||||
| kind: ServiceAccount | kind: ServiceAccount | ||||||
| metadata: | metadata: | ||||||
|   {{- with .Values.serviceAccount.annotations }} |   {{- with (include "athens-proxy.serviceAccount.annotations" . | fromYaml) }} | ||||||
|   annotations: |   annotations: | ||||||
|     {{- toYaml . | nindent 4 }} |     {{- toYaml . | nindent 4 }} | ||||||
|   {{- end }} |   {{- end }} | ||||||
|  |   {{- with (include "athens-proxy.serviceAccount.labels" . | fromYaml) }} | ||||||
|   labels: |   labels: | ||||||
|     {{- include "athens-proxy.labels" . | nindent 4 }} |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|   name: {{ include "athens-proxy.fullname" . }} |   name: {{ include "athens-proxy.fullname" . }} | ||||||
|  |   namespace: {{ .Release.Namespace }} | ||||||
|  | automountServiceAccountToken: {{ .Values.serviceAccount.new.automountServiceAccountToken }} | ||||||
|  | {{- with .Values.serviceAccount.new.imagePullSecrets }} | ||||||
|  | imagePullSecrets: | ||||||
|  |   {{- toYaml . | nindent 4 }} | ||||||
|  | {{- end }} | ||||||
|  | {{- with .Values.serviceAccount.new.secrets }} | ||||||
|  | secrets: | ||||||
|  |   {{- toYaml . | nindent 4 }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										57
									
								
								templates/serviceHTTP.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										57
									
								
								templates/serviceHTTP.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,57 @@ | |||||||
|  | {{- if .Values.services.http.enabled }} | ||||||
|  | --- | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: Service | ||||||
|  | metadata: | ||||||
|  |   {{- with (include "athens-proxy.services.http.annotations" . | fromYaml) }} | ||||||
|  |   annotations: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with (include "athens-proxy.services.http.labels" . | fromYaml) }} | ||||||
|  |   labels: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   name: {{ include "athens-proxy.services.http.name" . }} | ||||||
|  |   namespace: {{ .Release.Namespace }} | ||||||
|  | spec: | ||||||
|  |   {{- if not (empty .Values.services.http.externalIPs) }} | ||||||
|  |   externalIPs: | ||||||
|  |   {{- range .Values.services.http.externalIPs }} | ||||||
|  |   - {{ . }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- if and (or (eq .Values.services.http.type "LoadBalancer") (eq .Values.services.http.type "NodePort") ) .Values.services.http.externalTrafficPolicy }} | ||||||
|  |   externalTrafficPolicy: {{ .Values.services.http.externalTrafficPolicy }} | ||||||
|  |   {{- end }} | ||||||
|  |   internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.services.http.internalTrafficPolicy }} | ||||||
|  |   {{- if .Values.services.http.ipFamilies }} | ||||||
|  |   ipFamilies: | ||||||
|  |   {{- range .Values.services.http.ipFamilies }} | ||||||
|  |   - {{ . }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerClass }} | ||||||
|  |   loadBalancerClass: {{ .Values.services.http.loadBalancerClass }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerIP }} | ||||||
|  |   loadBalancerIP: {{ .Values.services.http.loadBalancerIP }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- if eq .Values.services.http.type "LoadBalancer" }} | ||||||
|  |   loadBalancerSourceRanges: | ||||||
|  |   {{- range .Values.services.http.loadBalancerSourceRanges }} | ||||||
|  |   - {{ . }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- end }} | ||||||
|  |   ports: | ||||||
|  |   - name: http | ||||||
|  |     protocol: TCP | ||||||
|  |     port: {{ required "No service port defined!" .Values.services.http.port }} | ||||||
|  |   selector: | ||||||
|  |     {{- include "athens-proxy.pod.selectorLabels" . | nindent 4 }} | ||||||
|  |   sessionAffinity: {{ required "No session affinity defined!" .Values.services.http.sessionAffinity }} | ||||||
|  |   {{- with .Values.services.http.sessionAffinityConfig }} | ||||||
|  |   sessionAffinityConfig: | ||||||
|  |     {{- toYaml . | nindent 4}} | ||||||
|  |   {{- end }} | ||||||
|  |   type: {{ required "No service type defined!" .Values.services.http.type }} | ||||||
|  | {{- end }} | ||||||
| @@ -1,15 +0,0 @@ | |||||||
| apiVersion: v1 |  | ||||||
| kind: Pod |  | ||||||
| metadata: |  | ||||||
|   name: "{{ include "athens-proxy.fullname" . }}-test-connection" |  | ||||||
|   labels: |  | ||||||
|     {{- include "athens-proxy.labels" . | nindent 4 }} |  | ||||||
|   annotations: |  | ||||||
|     "helm.sh/hook": test |  | ||||||
| spec: |  | ||||||
|   containers: |  | ||||||
|     - name: wget |  | ||||||
|       image: busybox |  | ||||||
|       command: ['wget'] |  | ||||||
|       args: ['{{ include "athens-proxy.fullname" . }}:{{ .Values.service.port }}'] |  | ||||||
|   restartPolicy: Never |  | ||||||
							
								
								
									
										300
									
								
								unittests/certificates/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										300
									
								
								unittests/certificates/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,300 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Certificate athens-proxy template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/certificate.yaml | ||||||
|  | tests: | ||||||
|  | - it: Skip rendering by default. | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Skip rendering for existing certificate | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.existingSecret.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Throw error when issuerKind and IssuerName is not defined | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - failedTemplate: | ||||||
|  |       errorMessage: "No certificate issuer kind defined!" | ||||||
|  |  | ||||||
|  | - it: Throw error when issuerKind and IssuerName is not defined | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - failedTemplate: {} | ||||||
|  |  | ||||||
|  | - it: Throw error when issuerKind not defined | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.name: "my-issuer" | ||||||
|  |   asserts: | ||||||
|  |   - failedTemplate: | ||||||
|  |       errorMessage: "No certificate issuer kind defined!" | ||||||
|  |  | ||||||
|  | - it: Throw error when issuerName not defined | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: "ClusterIssuer" | ||||||
|  |   asserts: | ||||||
|  |   - failedTemplate: | ||||||
|  |       errorMessage: "No certificate issuer name defined!" | ||||||
|  |  | ||||||
|  | - it: Rendering Certificate object when certificate.enabled=true (default) | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: cert-manager.io/v1 | ||||||
|  |       kind: Certificate | ||||||
|  |       name: athens-proxy-unittest-tls | ||||||
|  |       namespace: testing | ||||||
|  |   - equal: | ||||||
|  |       path: spec.commonName | ||||||
|  |       value: athens-proxy-unittest | ||||||
|  |   - equal: | ||||||
|  |       path: spec.duration | ||||||
|  |       value: 744h | ||||||
|  |   - equal: | ||||||
|  |       path: spec.dnsNames | ||||||
|  |       value: [ "athens-proxy-unittest", "athens-proxy-unittest.testing", "athens-proxy-unittest.testing.svc", "athens-proxy-unittest.testing.svc.cluster.local" ] | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.ipAddresses | ||||||
|  |   - equal: | ||||||
|  |       path: spec.isCA | ||||||
|  |       value: false | ||||||
|  |   - equal: | ||||||
|  |       path: spec.issuerRef.kind | ||||||
|  |       value: ClusterIssuer | ||||||
|  |   - equal: | ||||||
|  |       path: spec.issuerRef.name | ||||||
|  |       value: my-issuer | ||||||
|  |   - equal: | ||||||
|  |       path: spec.privateKey.algorithm | ||||||
|  |       value: RSA | ||||||
|  |   - equal: | ||||||
|  |       path: spec.privateKey.size | ||||||
|  |       value: 4096 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.privateKey.rotationPolicy | ||||||
|  |       value: Never | ||||||
|  |   - equal: | ||||||
|  |       path: spec.secretName | ||||||
|  |       value: athens-proxy-unittest-tls | ||||||
|  |   - exists: | ||||||
|  |       path: spec.secretTemplate.annotations | ||||||
|  |   - exists: | ||||||
|  |       path: spec.secretTemplate.labels | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject.countries | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject.localities | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject.organizationalUnits | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject.organizations | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject.postalCodes | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject.provinces | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject.serialNumber | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject.streetAddresses | ||||||
|  |   - equal: | ||||||
|  |       path: spec.renewBefore | ||||||
|  |       value: 672h | ||||||
|  |   - equal: | ||||||
|  |       path: spec.usages | ||||||
|  |       value: [ "client auth", "server auth" ] | ||||||
|  |  | ||||||
|  | # metadata.annotations | ||||||
|  | - it: Rendering Certificate object with additional annotations and labels | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.annotations: | ||||||
|  |       foo: bar | ||||||
|  |     certificate.new.labels: | ||||||
|  |       bar: foo | ||||||
|  |   asserts: | ||||||
|  |   - isSubset: | ||||||
|  |       path: metadata.annotations | ||||||
|  |       content: | ||||||
|  |         foo: bar | ||||||
|  |   - isSubset: | ||||||
|  |       path: metadata.labels | ||||||
|  |       content: | ||||||
|  |         bar: foo | ||||||
|  |  | ||||||
|  | # spec.duration | ||||||
|  | - it: Rendering Certificate object with custom `.Values.certificate.new.duration`. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.duration: 3000h | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.duration | ||||||
|  |       value: 3000h | ||||||
|  |  | ||||||
|  | # spec.dnsNames | ||||||
|  | - it: Rendering Certificate object with custom `.Values.certificate.new.dnsNames`. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.dnsNames: [ "app", "app.example.local" ] | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.dnsNames | ||||||
|  |       value: [ "app", "app.example.local" ] | ||||||
|  |  | ||||||
|  | # spec.dnsNames | ||||||
|  | - it: Rendering Certificate object with custom `.Values.clusterDomain` as domain. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     clusterDomain: k8s.example.local | ||||||
|  |   asserts: | ||||||
|  |   - contains: | ||||||
|  |       path: spec.dnsNames | ||||||
|  |       content: | ||||||
|  |         athens-proxy-unittest.testing.svc.k8s.example.local | ||||||
|  |       count: 1 | ||||||
|  |  | ||||||
|  | # spec.ipAddresses | ||||||
|  | - it: RRendering Certificate object with custom `.Values.certificate.new.ipAddresses`. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.ipAddresses: [ "10.11.12.13", "fe00:xxyy:xxyy" ] | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.ipAddresses | ||||||
|  |       value: [ "10.11.12.13", "fe00:xxyy:xxyy" ] | ||||||
|  |  | ||||||
|  | # spec.privateKey | ||||||
|  | - it: Rendering Certificate object with custom `.Values.certificate.new.privateKey` values. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.privateKey.algorithm: ED25519 | ||||||
|  |     certificate.new.privateKey.rotationPolicy: Never | ||||||
|  |     certificate.new.privateKey.size: 512 | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.privateKey.algorithm | ||||||
|  |       value: ED25519 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.privateKey.rotationPolicy | ||||||
|  |       value: Never | ||||||
|  |   - equal: | ||||||
|  |       path: spec.privateKey.size | ||||||
|  |       value: 512 | ||||||
|  |  | ||||||
|  | # spec.renewBefore | ||||||
|  | - it: Rendering Certificate object with custom `.Values.certificate.new.renewBefore`. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.renewBefore: 2000h | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.renewBefore | ||||||
|  |       value: 2000h | ||||||
|  |  | ||||||
|  | # spec.secretTemplate | ||||||
|  | - it: Rendering Certificate object with custom `.Values.certificate.new.secretTemplate` values. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.secretTemplate: | ||||||
|  |       annotations: | ||||||
|  |         foo: bar | ||||||
|  |       labels: | ||||||
|  |         bar: foo | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.secretTemplate.annotations | ||||||
|  |       value: | ||||||
|  |         foo: bar | ||||||
|  |   - equal: | ||||||
|  |       path: spec.secretTemplate.labels | ||||||
|  |       value: | ||||||
|  |         bar: foo | ||||||
|  |  | ||||||
|  | # spec.secretTemplate | ||||||
|  | - it: Rendering Certificate object with custom `.Values.certificate.new.subject` values. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.subject.countries: [ "Country" ] | ||||||
|  |     certificate.new.subject.localities: [ "City" ] | ||||||
|  |     certificate.new.subject.organizationalUnits: [ "IT department" ] | ||||||
|  |     certificate.new.subject.organizations: [ "My organization" ] | ||||||
|  |     certificate.new.subject.postalCodes: [ "AB12345", "12345AB" ] | ||||||
|  |     certificate.new.subject.provinces: [ "Provinces" ] | ||||||
|  |     certificate.new.subject.serialNumber: "MyNumber" | ||||||
|  |     certificate.new.subject.streetAddresses: [ "ExampleStreet 1", "StreetExample 2" ] | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.subject.countries | ||||||
|  |       value: [ "Country" ] | ||||||
|  |   - equal: | ||||||
|  |       path: spec.subject.localities | ||||||
|  |       value: [ "City" ] | ||||||
|  |   - equal: | ||||||
|  |       path: spec.subject.organizationalUnits | ||||||
|  |       value: [ "IT department" ] | ||||||
|  |   - equal: | ||||||
|  |       path: spec.subject.organizations | ||||||
|  |       value: [ "My organization" ] | ||||||
|  |   - equal: | ||||||
|  |       path: spec.subject.postalCodes | ||||||
|  |       value: [ "AB12345", "12345AB" ] | ||||||
|  |   - equal: | ||||||
|  |       path: spec.subject.provinces | ||||||
|  |       value: [ "Provinces" ] | ||||||
|  |   - equal: | ||||||
|  |       path: spec.subject.serialNumber | ||||||
|  |       value: "MyNumber" | ||||||
|  |   - equal: | ||||||
|  |       path: spec.subject.streetAddresses | ||||||
|  |       value: [ "ExampleStreet 1", "StreetExample 2" ] | ||||||
|  |  | ||||||
|  | # spec.usages | ||||||
|  | - it: Rendering Certificate object with custom `.Values.certificate.new.usages`. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.usages: [ "client auth" ] | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.usages | ||||||
|  |       value: [ "client auth" ] | ||||||
							
								
								
									
										98
									
								
								unittests/configMaps/downloadMode.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										98
									
								
								unittests/configMaps/downloadMode.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,98 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: ConfigMap downloadMode | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/configMapDownloadMode.yaml | ||||||
|  | tests: | ||||||
|  | - it: Skip rending by default. | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Skip rending by using existing config map. | ||||||
|  |   set: | ||||||
|  |     config.downloadMode.enabled: true | ||||||
|  |     config.downloadMode.existingConfigMap.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Rendering with default values | ||||||
|  |   set: | ||||||
|  |     config.downloadMode.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: v1 | ||||||
|  |       kind: ConfigMap | ||||||
|  |       name: athens-proxy-unittest-download-mode-file | ||||||
|  |       namespace: testing | ||||||
|  |   - notExists: | ||||||
|  |       path: metadata.annotations | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|  |   - equal: | ||||||
|  |       path: data.downloadMode | ||||||
|  |       value: | | ||||||
|  |         downloadURL = "https://proxy.golang.org" | ||||||
|  |  | ||||||
|  |         mode = "async_redirect" | ||||||
|  |  | ||||||
|  |         # download "github.com/gomods/*" { | ||||||
|  |         #     mode = "sync" | ||||||
|  |         # } | ||||||
|  |         # | ||||||
|  |         # download "golang.org/x/*" { | ||||||
|  |         #     mode = "none" | ||||||
|  |         # } | ||||||
|  |         # | ||||||
|  |         # download "github.com/pkg/*" { | ||||||
|  |         #     mode = "redirect" | ||||||
|  |         #     downloadURL = "https://proxy.golang.org" | ||||||
|  |         # } | ||||||
|  |  | ||||||
|  | - it: Rendering custom annotations and labels. | ||||||
|  |   set: | ||||||
|  |     config.downloadMode.enabled: true | ||||||
|  |     config.downloadMode.configMap.annotations: | ||||||
|  |       foo: bar | ||||||
|  |       bar: foo | ||||||
|  |     config.downloadMode.configMap.labels: | ||||||
|  |       foo: bar | ||||||
|  |       bar: foo | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.annotations | ||||||
|  |       value: | ||||||
|  |         foo: bar | ||||||
|  |         bar: foo | ||||||
|  |   - isSubset: | ||||||
|  |       path: metadata.labels | ||||||
|  |       content: | ||||||
|  |         foo: bar | ||||||
|  |         bar: foo | ||||||
|  |  | ||||||
|  | - it: Rendering custom configuration | ||||||
|  |   set: | ||||||
|  |     config.downloadMode.enabled: true | ||||||
|  |     config.downloadMode.configMap.content: | | ||||||
|  |       downloadURL = "https://proxy.golang.org" | ||||||
|  |       mode = "async_redirect" | ||||||
|  |  | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: data.downloadMode | ||||||
|  |       value: | | ||||||
|  |         downloadURL = "https://proxy.golang.org" | ||||||
|  |         mode = "async_redirect" | ||||||
							
								
								
									
										93
									
								
								unittests/configMaps/gitConfig.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										93
									
								
								unittests/configMaps/gitConfig.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,93 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: ConfigMap gitConfig | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | tests: | ||||||
|  | - it: Skip rending by default. | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Skip rending by using existing config map. | ||||||
|  |   set: | ||||||
|  |     config.gitConfig.enabled: true | ||||||
|  |     config.gitConfig.existingConfigMap.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Rendering by default. | ||||||
|  |   set: | ||||||
|  |     config.gitConfig.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: v1 | ||||||
|  |       kind: ConfigMap | ||||||
|  |       name: athens-proxy-unittest-gitconfig | ||||||
|  |       namespace: testing | ||||||
|  |   - notExists: | ||||||
|  |       path: metadata.annotations | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|  |   - equal: | ||||||
|  |       path: data[".gitconfig"] | ||||||
|  |       value: | | ||||||
|  |         # The .gitconfig file | ||||||
|  |         # | ||||||
|  |         # The .gitconfig file contains the user specific git configuration. It generally resides in the user's home | ||||||
|  |         # directory. | ||||||
|  |         # | ||||||
|  |         # [url "git@github.com:"] insteadOf = https://github.com/ | ||||||
|  |  | ||||||
|  | - it: Rendering custom annotations and labels. | ||||||
|  |   set: | ||||||
|  |     config.gitConfig.enabled: true | ||||||
|  |     config.gitConfig.configMap.annotations: | ||||||
|  |       foo: bar | ||||||
|  |       bar: foo | ||||||
|  |     config.gitConfig.configMap.labels: | ||||||
|  |       foo: bar | ||||||
|  |       bar: foo | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.annotations | ||||||
|  |       value: | ||||||
|  |         foo: bar | ||||||
|  |         bar: foo | ||||||
|  |   - isSubset: | ||||||
|  |       path: metadata.labels | ||||||
|  |       content: | ||||||
|  |         foo: bar | ||||||
|  |         bar: foo | ||||||
|  |  | ||||||
|  | - it: Rendering custom configuration | ||||||
|  |   set: | ||||||
|  |     config.gitConfig.enabled: true | ||||||
|  |     config.gitConfig.configMap.content: | | ||||||
|  |       [url "git@github.com:"] | ||||||
|  |       insteadOf = https://github.com/ | ||||||
|  |  | ||||||
|  |       [url "git@git.cryptic.systems:"] | ||||||
|  |       insteadOf = https://git.cryptic.systems/ | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: data[".gitconfig"] | ||||||
|  |       value: | | ||||||
|  |         [url "git@github.com:"] | ||||||
|  |         insteadOf = https://github.com/ | ||||||
|  |  | ||||||
|  |         [url "git@git.cryptic.systems:"] | ||||||
|  |         insteadOf = https://git.cryptic.systems/ | ||||||
							
								
								
									
										73
									
								
								unittests/deployment/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										73
									
								
								unittests/deployment/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,73 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Deployment template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
|  | tests: | ||||||
|  | - it: Rendering default without tls config | ||||||
|  |   asserts: | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_TLSCERT_FILE | ||||||
|  |           value: /etc/athens-proxy/tls/tls.crt | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_TLSKEY_FILE | ||||||
|  |           value: /etc/athens-proxy/tls/tls.key | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: tls | ||||||
|  |           mountPath: /etc/athens-proxy/tls | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: tls | ||||||
|  |           secretRef: | ||||||
|  |             name: athens-proxy-unittest-tls | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering with tls config | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: MyIssuer | ||||||
|  |   asserts: | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_TLSCERT_FILE | ||||||
|  |           value: /etc/athens-proxy/tls/tls.crt | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_TLSKEY_FILE | ||||||
|  |           value: /etc/athens-proxy/tls/tls.key | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: tls | ||||||
|  |           mountPath: /etc/athens-proxy/tls | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: tls | ||||||
|  |           secret: | ||||||
|  |             secretName: athens-proxy-unittest-tls | ||||||
|  |       template: templates/deployment.yaml | ||||||
							
								
								
									
										472
									
								
								unittests/deployment/deployment.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										472
									
								
								unittests/deployment/deployment.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,472 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Deployment template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/deployment.yaml | ||||||
|  | tests: | ||||||
|  | - it: Rendering default | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: apps/v1 | ||||||
|  |       kind: Deployment | ||||||
|  |       name: athens-proxy-unittest | ||||||
|  |       namespace: testing | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: metadata.annotations | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - equal: | ||||||
|  |       path: spec.replicas | ||||||
|  |       value: 1 | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.affinity | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.containers[0].args | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.containers[0].command | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.containers[0].envFrom | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.containers[0].image | ||||||
|  |       value: docker.io/gomods/athens:0.1.0 | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.containers[0].imagePullPolicy | ||||||
|  |       value: IfNotPresent | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.containers[0].resources | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.containers[0].securityContext | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.dnsConfig | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.dnsPolicy | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.hostname | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.hostNetwork | ||||||
|  |       value: false | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.imagePullSecrets | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.nodeSelector | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.priorityClassName | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.restartPolicy | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.subdomain | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.terminationGracePeriodSeconds | ||||||
|  |       value: 60 | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.tolerations | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.template.spec.topologySpreadConstraints | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - equal: | ||||||
|  |       path: spec.strategy | ||||||
|  |       value: | ||||||
|  |         type: "RollingUpdate" | ||||||
|  |         rollingUpdate: | ||||||
|  |           maxSurge: 1 | ||||||
|  |           maxUnavailable: 1 | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test custom replicas | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.replicas: 3 | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.replicas | ||||||
|  |       value: 3 | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test custom affinity | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.affinity: | ||||||
|  |       nodeAffinity: | ||||||
|  |         requiredDuringSchedulingIgnoredDuringExecution: | ||||||
|  |           nodeSelectorTerms: | ||||||
|  |           - matchExpressions: | ||||||
|  |             - key: topology.kubernetes.io/zone | ||||||
|  |               operator: In | ||||||
|  |               values: | ||||||
|  |               - antarctica-east1 | ||||||
|  |               - antarctica-west1 | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.affinity | ||||||
|  |       value: | ||||||
|  |         nodeAffinity: | ||||||
|  |           requiredDuringSchedulingIgnoredDuringExecution: | ||||||
|  |             nodeSelectorTerms: | ||||||
|  |             - matchExpressions: | ||||||
|  |               - key: topology.kubernetes.io/zone | ||||||
|  |                 operator: In | ||||||
|  |                 values: | ||||||
|  |                 - antarctica-east1 | ||||||
|  |                 - antarctica-west1 | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test additional arguments | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.athensProxy.args: | ||||||
|  |     - "--foo=bar" | ||||||
|  |     - "--bar=foo" | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.containers[0].args | ||||||
|  |       value: | ||||||
|  |       - --foo=bar | ||||||
|  |       - --bar=foo | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test additional command | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.athensProxy.command: | ||||||
|  |     - "/bin/sh" | ||||||
|  |     - "-c" | ||||||
|  |     - "echo hello" | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.containers[0].command | ||||||
|  |       value: | ||||||
|  |       - "/bin/sh" | ||||||
|  |       - "-c" | ||||||
|  |       - "echo hello" | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test custom imageRegistry and imageRepository | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.athensProxy.image.registry: registry.example.local | ||||||
|  |     deployment.athensProxy.image.repository: path/special/athens-proxy | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.containers[0].image | ||||||
|  |       value: registry.example.local/path/special/athens-proxy:0.1.0 | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test custom imagePullPolicy | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.athensProxy.image.pullPolicy: Always | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.containers[0].imagePullPolicy | ||||||
|  |       value: Always | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test custom resource limits and requests | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.athensProxy.resources: | ||||||
|  |       limits: | ||||||
|  |         cpu: 100m | ||||||
|  |         memory: 250MB | ||||||
|  |       requests: | ||||||
|  |         cpu: 25m | ||||||
|  |         memory: 100MB | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.containers[0].env | ||||||
|  |       value: | ||||||
|  |       - name: GOMAXPROCS | ||||||
|  |         valueFrom: | ||||||
|  |           resourceFieldRef: | ||||||
|  |             divisor: "1" | ||||||
|  |             resource: limits.cpu | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.containers[0].resources | ||||||
|  |       value: | ||||||
|  |         limits: | ||||||
|  |           cpu: 100m | ||||||
|  |           memory: 250MB | ||||||
|  |         requests: | ||||||
|  |           cpu: 25m | ||||||
|  |           memory: 100MB | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test custom securityContext | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.athensProxy.securityContext: | ||||||
|  |       capabilities: | ||||||
|  |         add: | ||||||
|  |         - NET_RAW | ||||||
|  |         drop: | ||||||
|  |         - ALL | ||||||
|  |       privileged: false | ||||||
|  |       readOnlyRootFilesystem: true | ||||||
|  |       runAsNonRoot: true | ||||||
|  |       runAsUser: 1000 | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.containers[0].securityContext | ||||||
|  |       value: | ||||||
|  |         capabilities: | ||||||
|  |           add: | ||||||
|  |           - NET_RAW | ||||||
|  |           drop: | ||||||
|  |           - ALL | ||||||
|  |         privileged: false | ||||||
|  |         readOnlyRootFilesystem: true | ||||||
|  |         runAsNonRoot: true | ||||||
|  |         runAsUser: 1000 | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test dnsConfig | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.dnsConfig: | ||||||
|  |       nameservers: | ||||||
|  |       - "8.8.8.8" | ||||||
|  |       - "8.8.4.4" | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.dnsConfig | ||||||
|  |       value: | ||||||
|  |         nameservers: | ||||||
|  |         - "8.8.8.8" | ||||||
|  |         - "8.8.4.4" | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test dnsPolicy | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.dnsPolicy: ClusterFirst | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.dnsPolicy | ||||||
|  |       value: ClusterFirst | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test hostNetwork, hostname, subdomain | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.hostNetwork: true | ||||||
|  |     deployment.hostname: pg-exporter | ||||||
|  |     deployment.subdomain: exporters.internal | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.hostNetwork | ||||||
|  |       value: true | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.hostname | ||||||
|  |       value: pg-exporter | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.subdomain | ||||||
|  |       value: exporters.internal | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test imagePullSecrets | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.imagePullSecrets: | ||||||
|  |     - name: my-pull-secret | ||||||
|  |     - name: my-special-secret | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.imagePullSecrets | ||||||
|  |       value: | ||||||
|  |       - name: my-pull-secret | ||||||
|  |       - name: my-special-secret | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test nodeSelector | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.nodeSelector: | ||||||
|  |       foo: bar | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.nodeSelector | ||||||
|  |       value: | ||||||
|  |         foo: bar | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test priorityClassName | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.priorityClassName: my-priority | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.priorityClassName | ||||||
|  |       value: my-priority | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test restartPolicy | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.restartPolicy: Always | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.restartPolicy | ||||||
|  |       value: Always | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test terminationGracePeriodSeconds | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.terminationGracePeriodSeconds: 120 | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.terminationGracePeriodSeconds | ||||||
|  |       value: 120 | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test tolerations | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.tolerations: | ||||||
|  |     - key: database/type | ||||||
|  |       operator: Equal | ||||||
|  |       value: postgres | ||||||
|  |       effect: NoSchedule | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.tolerations | ||||||
|  |       value: | ||||||
|  |       - key: database/type | ||||||
|  |         operator: Equal | ||||||
|  |         value: postgres | ||||||
|  |         effect: NoSchedule | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test topologySpreadConstraints | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.topologySpreadConstraints: | ||||||
|  |     - topologyKey: kubernetes.io/hostname | ||||||
|  |       whenUnsatisfiable: DoNotSchedule | ||||||
|  |       labelSelector: | ||||||
|  |         matchLabels: | ||||||
|  |           app.kubernetes.io/instance: athens-proxy | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.topologySpreadConstraints | ||||||
|  |       value: | ||||||
|  |       - topologyKey: kubernetes.io/hostname | ||||||
|  |         whenUnsatisfiable: DoNotSchedule | ||||||
|  |         labelSelector: | ||||||
|  |           matchLabels: | ||||||
|  |             app.kubernetes.io/instance: athens-proxy | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test additional volumeMounts and volumes | ||||||
|  |   set: | ||||||
|  |     # Ensure that the secrets and config maps are well configured. | ||||||
|  |  | ||||||
|  |     # Normal test values | ||||||
|  |     deployment.athensProxy.volumeMounts: | ||||||
|  |     - name: data | ||||||
|  |       mountPath: /usr/lib/athens-proxy/data | ||||||
|  |     deployment.volumes: | ||||||
|  |     - name: data | ||||||
|  |       hostPath: | ||||||
|  |         path: /usr/lib/athens-proxy/data | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |       value: | ||||||
|  |       - name: data | ||||||
|  |         mountPath: /usr/lib/athens-proxy/data | ||||||
|  |     template: templates/deployment.yaml | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.volumes | ||||||
|  |       value: | ||||||
|  |       - name: data | ||||||
|  |         hostPath: | ||||||
|  |           path: /usr/lib/athens-proxy/data | ||||||
|  |     template: templates/deployment.yaml | ||||||
							
								
								
									
										105
									
								
								unittests/deployment/downloadMode.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										105
									
								
								unittests/deployment/downloadMode.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,105 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Deployment template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
|  | tests: | ||||||
|  | - it: Rendering default without mounted download mode config map | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_DOWNLOAD_MODE | ||||||
|  |           value: file:/etc/athens/config/download-mode.d/download-mode | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: download-mode | ||||||
|  |           mountPath: /etc/athens/config/download-mode.d | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: download-mode | ||||||
|  |           configMap: | ||||||
|  |             name: athens-proxy-unittest-download-mode-file | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering default with mounted gitconfig configMap | ||||||
|  |   set: | ||||||
|  |     config.downloadMode.enabled: true | ||||||
|  |     persistence.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - exists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_DOWNLOAD_MODE | ||||||
|  |           value: file:/etc/athens/config/download-mode.d/download-mode | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: download-mode | ||||||
|  |           mountPath: /etc/athens/config/download-mode.d | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: download-mode | ||||||
|  |           configMap: | ||||||
|  |             items: | ||||||
|  |               - key: downloadMode | ||||||
|  |                 mode: 0644 | ||||||
|  |                 path: download-mode | ||||||
|  |             name: athens-proxy-unittest-download-mode-file | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering with custom download mode configMap | ||||||
|  |   set: | ||||||
|  |     config.downloadMode.enabled: true | ||||||
|  |     config.downloadMode.existingConfigMap.enabled: true | ||||||
|  |     config.downloadMode.existingConfigMap.configMapName: "my-custom-configmap" | ||||||
|  |     config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key" | ||||||
|  |     persistence.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_DOWNLOAD_MODE | ||||||
|  |           value: file:/etc/athens/config/download-mode.d/download-mode | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: download-mode | ||||||
|  |           mountPath: /etc/athens/config/download-mode.d | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: download-mode | ||||||
|  |           configMap: | ||||||
|  |             items: | ||||||
|  |             - key: "my-custom-download-mode-filename-key" | ||||||
|  |               path: "download-mode" | ||||||
|  |               mode: 0644 | ||||||
|  |             name: my-custom-configmap | ||||||
|  |       template: templates/deployment.yaml | ||||||
							
								
								
									
										51
									
								
								unittests/deployment/env.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										51
									
								
								unittests/deployment/env.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,51 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Deployment template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretEnv.yaml | ||||||
|  | tests: | ||||||
|  | - it: Rendering default without mounted env secret | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].envFrom | ||||||
|  |         content: | ||||||
|  |           secretRef: | ||||||
|  |             name: athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering default with mounted env secret | ||||||
|  |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - exists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].envFrom | ||||||
|  |         content: | ||||||
|  |           secretRef: | ||||||
|  |             name: athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering default with mounted env secret | ||||||
|  |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|  |     config.env.existingSecret.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].envFrom | ||||||
|  |         content: | ||||||
|  |           secretRef: | ||||||
|  |             name: athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
							
								
								
									
										100
									
								
								unittests/deployment/gitConfig.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										100
									
								
								unittests/deployment/gitConfig.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,100 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Deployment template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
|  | tests: | ||||||
|  | - it: Rendering default without mounted git config map | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.gitconfig | ||||||
|  |           subPath: .gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           projected: | ||||||
|  |             sources: | ||||||
|  |             - configMap: | ||||||
|  |                 items: | ||||||
|  |                 - key: .gitconfig | ||||||
|  |                   path: .gitconfig | ||||||
|  |                   mode: 0600 | ||||||
|  |                 name: athens-proxy-unittest-gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering default with mounted gitconfig configMap | ||||||
|  |   set: | ||||||
|  |     config.gitConfig.enabled: true | ||||||
|  |     persistence.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - exists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.gitconfig | ||||||
|  |           subPath: .gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           projected: | ||||||
|  |             sources: | ||||||
|  |             - configMap: | ||||||
|  |                 items: | ||||||
|  |                 - key: .gitconfig | ||||||
|  |                   path: .gitconfig | ||||||
|  |                   mode: 0644 | ||||||
|  |                 name: athens-proxy-unittest-gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering with custom gitconfig configMap | ||||||
|  |   set: | ||||||
|  |     config.gitConfig.enabled: true | ||||||
|  |     config.gitConfig.existingConfigMap.enabled: true | ||||||
|  |     config.gitConfig.existingConfigMap.configMapName: "my-custom-configmap" | ||||||
|  |     config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key" | ||||||
|  |     persistence.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.gitconfig | ||||||
|  |           subPath: .gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           projected: | ||||||
|  |             sources: | ||||||
|  |             - configMap: | ||||||
|  |                 items: | ||||||
|  |                 - key: my-gitconfig-key | ||||||
|  |                   path: .gitconfig | ||||||
|  |                   mode: 0644 | ||||||
|  |                 name: my-custom-configmap | ||||||
|  |       template: templates/deployment.yaml | ||||||
							
								
								
									
										99
									
								
								unittests/deployment/netrc.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										99
									
								
								unittests/deployment/netrc.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,99 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Deployment template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
|  | tests: | ||||||
|  | - it: Rendering default without mounted netrc secret | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: netrc | ||||||
|  |           mountPath: /root | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           projected: | ||||||
|  |             sources: | ||||||
|  |             - secret: | ||||||
|  |                 items: | ||||||
|  |                 - key: .netrc | ||||||
|  |                   path: .netrc | ||||||
|  |                   mode: 0600 | ||||||
|  |                 name: athens-proxy-unittest-netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering default with mounted netrc secret | ||||||
|  |   set: | ||||||
|  |     config.netrc.enabled: true | ||||||
|  |     persistence.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - exists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.netrc | ||||||
|  |           subPath: .netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           projected: | ||||||
|  |             sources: | ||||||
|  |             - secret: | ||||||
|  |                 items: | ||||||
|  |                 - key: .netrc | ||||||
|  |                   path: .netrc | ||||||
|  |                   mode: 0600 | ||||||
|  |                 name: athens-proxy-unittest-netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering with custom netrc secret | ||||||
|  |   set: | ||||||
|  |     config.netrc.enabled: true | ||||||
|  |     config.netrc.existingSecret.enabled: true | ||||||
|  |     config.netrc.existingSecret.secretName: "my-custom-secret" | ||||||
|  |     config.netrc.existingSecret.netrcKey: "my-netrc-key" | ||||||
|  |     persistence.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.netrc | ||||||
|  |           subPath: .netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           projected: | ||||||
|  |             sources: | ||||||
|  |             - secret: | ||||||
|  |                 items: | ||||||
|  |                 - key: my-netrc-key | ||||||
|  |                   path: .netrc | ||||||
|  |                   mode: 0600 | ||||||
|  |                 name: my-custom-secret | ||||||
|  |       template: templates/deployment.yaml | ||||||
							
								
								
									
										77
									
								
								unittests/deployment/persistentVolumeClaim.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										77
									
								
								unittests/deployment/persistentVolumeClaim.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,77 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Deployment template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
|  | tests: | ||||||
|  | - it: Test persistent volume claim | ||||||
|  |   set: | ||||||
|  |     persistence.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_STORAGE_TYPE | ||||||
|  |           value: disk | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_DISK_STORAGE_ROOT | ||||||
|  |           value: /var/www/athens-proxy/data | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: data | ||||||
|  |           mountPath: /var/www/athens-proxy/data | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: data | ||||||
|  |           persistentVolumeClaim: | ||||||
|  |             claimName: athens-proxy-unittest-data | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Test existing persistent volume claim | ||||||
|  |   set: | ||||||
|  |     config.netrc.enabled: true | ||||||
|  |     persistence.enabled: true | ||||||
|  |     persistence.data.mountPath: "/mnt/go-proxy/data" | ||||||
|  |     persistence.data.existingPersistentVolumeClaim.enabled: true | ||||||
|  |     persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName: "my-special-pvc" | ||||||
|  |   asserts: | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_STORAGE_TYPE | ||||||
|  |           value: disk | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_DISK_STORAGE_ROOT | ||||||
|  |           value: /mnt/go-proxy/data | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: data | ||||||
|  |           mountPath: /mnt/go-proxy/data | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: data | ||||||
|  |           persistentVolumeClaim: | ||||||
|  |             claimName: my-special-pvc | ||||||
|  |       template: templates/deployment.yaml | ||||||
							
								
								
									
										254
									
								
								unittests/deployment/ssh.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										254
									
								
								unittests/deployment/ssh.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,254 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Deployment template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
|  | tests: | ||||||
|  | - it: Rendering default without mounted ssh secret | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/config | ||||||
|  |           subPath: config | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_ed25519 | ||||||
|  |           subPath: id_ed25519 | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_ed25519.pub | ||||||
|  |           subPath: id_ed25519.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_rsa | ||||||
|  |           subPath: id_rsa | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_rsa.pub | ||||||
|  |           subPath: id_rsa.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           projected: | ||||||
|  |             sources: | ||||||
|  |             - secret: | ||||||
|  |                 items: | ||||||
|  |                 - key: config | ||||||
|  |                   path: config | ||||||
|  |                   mode: 0644 | ||||||
|  |                 - key: id_ed25519 | ||||||
|  |                   path: id_ed25519 | ||||||
|  |                   mode: 0600 | ||||||
|  |                 - key: id_ed25519.pub | ||||||
|  |                   path: id_ed25519.pub | ||||||
|  |                   mode: 0644 | ||||||
|  |                 - key: id_rsa | ||||||
|  |                   path: id_rsa | ||||||
|  |                   mode: 0600 | ||||||
|  |                 - key: id_rsa.pub | ||||||
|  |                   path: id_rsa.pub | ||||||
|  |                   mode: 0644 | ||||||
|  |                 name: athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering default with mounted ssh config | ||||||
|  |   set: | ||||||
|  |     config.ssh.enabled: true | ||||||
|  |     persistence.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/config | ||||||
|  |           subPath: config | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           projected: | ||||||
|  |             sources: | ||||||
|  |             - secret: | ||||||
|  |                 items: | ||||||
|  |                 - key: config | ||||||
|  |                   path: config | ||||||
|  |                   mode: 0600 | ||||||
|  |                 name: athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering default with mounted ssh keys | ||||||
|  |   set: | ||||||
|  |     config.ssh.enabled: true | ||||||
|  |     config.ssh.secret.id_ed25519: foo | ||||||
|  |     config.ssh.secret.id_ed25519_pub: bar | ||||||
|  |     config.ssh.secret.id_rsa: foo | ||||||
|  |     config.ssh.secret.id_rsa_pub: bar | ||||||
|  |     persistence.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - exists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/config | ||||||
|  |           subPath: config | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_ed25519 | ||||||
|  |           subPath: id_ed25519 | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_ed25519.pub | ||||||
|  |           subPath: id_ed25519.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_rsa | ||||||
|  |           subPath: id_rsa | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_rsa.pub | ||||||
|  |           subPath: id_rsa.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           projected: | ||||||
|  |             sources: | ||||||
|  |             - secret: | ||||||
|  |                 items: | ||||||
|  |                 - key: config | ||||||
|  |                   path: config | ||||||
|  |                   mode: 0600 | ||||||
|  |                 - key: id_ed25519 | ||||||
|  |                   path: id_ed25519 | ||||||
|  |                   mode: 0600 | ||||||
|  |                 - key: id_ed25519.pub | ||||||
|  |                   path: id_ed25519.pub | ||||||
|  |                   mode: 0644 | ||||||
|  |                 - key: id_rsa | ||||||
|  |                   path: id_rsa | ||||||
|  |                   mode: 0600 | ||||||
|  |                 - key: id_rsa.pub | ||||||
|  |                   path: id_rsa.pub | ||||||
|  |                   mode: 0644 | ||||||
|  |                 name: athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering with custom ssh secret | ||||||
|  |   set: | ||||||
|  |     config.ssh.enabled: true | ||||||
|  |     config.ssh.existingSecret.enabled: true | ||||||
|  |     config.ssh.existingSecret.secretName: "my-custom-secret" | ||||||
|  |     config.ssh.existingSecret.configKey : "my-config-key" | ||||||
|  |     config.ssh.existingSecret.id_ed25519Key : "my-private-ed25519-key" | ||||||
|  |     config.ssh.existingSecret.id_ed25519PubKey : "my-public-ed25519-key" | ||||||
|  |     config.ssh.existingSecret.id_rsaKey : "my-private-rsa-key" | ||||||
|  |     config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key" | ||||||
|  |     persistence.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/config | ||||||
|  |           subPath: config | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_ed25519 | ||||||
|  |           subPath: id_ed25519 | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_ed25519.pub | ||||||
|  |           subPath: id_ed25519.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_rsa | ||||||
|  |           subPath: id_rsa | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_rsa.pub | ||||||
|  |           subPath: id_rsa.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           projected: | ||||||
|  |             sources: | ||||||
|  |             - secret: | ||||||
|  |                 items: | ||||||
|  |                 - key: my-config-key | ||||||
|  |                   path: config | ||||||
|  |                   mode: 0600 | ||||||
|  |                 - key: my-private-ed25519-key | ||||||
|  |                   path: id_ed25519 | ||||||
|  |                   mode: 0600 | ||||||
|  |                 - key: my-public-ed25519-key | ||||||
|  |                   path: id_ed25519.pub | ||||||
|  |                   mode: 0644 | ||||||
|  |                 - key: my-private-rsa-key | ||||||
|  |                   path: id_rsa | ||||||
|  |                   mode: 0600 | ||||||
|  |                 - key: my-public-rsa-key | ||||||
|  |                   path: id_rsa.pub | ||||||
|  |                   mode: 0644 | ||||||
|  |                 name: my-custom-secret | ||||||
|  |       template: templates/deployment.yaml | ||||||
							
								
								
									
										116
									
								
								unittests/hpa/default.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										116
									
								
								unittests/hpa/default.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,116 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: HPA template (basic) | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/hpa.yaml | ||||||
|  | tests: | ||||||
|  | - it: Skip rendering by default. | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Rendering when enabled - default | ||||||
|  |   set: | ||||||
|  |     hpa.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: autoscaling/v2 | ||||||
|  |       kind: HorizontalPodAutoscaler | ||||||
|  |       name: athens-proxy-unittest | ||||||
|  |       namespace: testing | ||||||
|  |   - notExists: | ||||||
|  |       path: metadata.annotations | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|  |   - contains: | ||||||
|  |       path: spec.metrics | ||||||
|  |       content: | ||||||
|  |         resource: | ||||||
|  |           name: cpu | ||||||
|  |           target: | ||||||
|  |             averageUtilization: 65 | ||||||
|  |             type: Utilization | ||||||
|  |         type: Resource | ||||||
|  |   - equal: | ||||||
|  |       path: spec.maxReplicas | ||||||
|  |       value: 10 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.minReplicas | ||||||
|  |       value: 1 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.scaleTargetRef | ||||||
|  |       value: | ||||||
|  |         apiVersion: apps/v1 | ||||||
|  |         kind: Deployment | ||||||
|  |         name: athens-proxy-unittest | ||||||
|  |  | ||||||
|  | - it: Rendering when enabled - custom values | ||||||
|  |   set: | ||||||
|  |     hpa.enabled: true | ||||||
|  |     hpa.annotations: | ||||||
|  |       foo: bar | ||||||
|  |     hpa.labels: | ||||||
|  |       bar: foo | ||||||
|  |     hpa.maxReplicas: 25 | ||||||
|  |     hpa.minReplicas: 5 | ||||||
|  |     hpa.metrics: | ||||||
|  |     - resource: | ||||||
|  |         name: memory | ||||||
|  |         target: | ||||||
|  |           averageUtilization: 65 | ||||||
|  |           type: Utilization | ||||||
|  |       type: Resource | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: autoscaling/v2 | ||||||
|  |       kind: HorizontalPodAutoscaler | ||||||
|  |       name: athens-proxy-unittest | ||||||
|  |       namespace: testing | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.annotations | ||||||
|  |       value: | ||||||
|  |         foo: bar | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         bar: foo | ||||||
|  |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|  |   - contains: | ||||||
|  |       path: spec.metrics | ||||||
|  |       content: | ||||||
|  |         resource: | ||||||
|  |           name: memory | ||||||
|  |           target: | ||||||
|  |             averageUtilization: 65 | ||||||
|  |             type: Utilization | ||||||
|  |         type: Resource | ||||||
|  |   - equal: | ||||||
|  |       path: spec.maxReplicas | ||||||
|  |       value: 25 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.minReplicas | ||||||
|  |       value: 5 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.scaleTargetRef | ||||||
|  |       value: | ||||||
|  |         apiVersion: apps/v1 | ||||||
|  |         kind: Deployment | ||||||
|  |         name: athens-proxy-unittest | ||||||
							
								
								
									
										139
									
								
								unittests/ingress/ingress.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										139
									
								
								unittests/ingress/ingress.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,139 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Ingress template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/ingress.yaml | ||||||
|  | tests: | ||||||
|  | - it: Skip ingress by default. | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Skip ingress, when service is disabled. | ||||||
|  |   set: | ||||||
|  |     services.http.enabled: false | ||||||
|  |     ingress.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Render ingress with default values. | ||||||
|  |   set: | ||||||
|  |     ingress.enabled: true | ||||||
|  |     ingress.hosts: | ||||||
|  |     - host: athens-proxy.example.local | ||||||
|  |       paths: | ||||||
|  |       - path: / | ||||||
|  |         pathType: Prefix | ||||||
|  |     ingress.tls: | ||||||
|  |     - secretName: athens-proxy-http-tls | ||||||
|  |       hosts: | ||||||
|  |       - athens-proxy.example.local | ||||||
|  |  | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: networking.k8s.io/v1 | ||||||
|  |       kind: Ingress | ||||||
|  |       name: athens-proxy-unittest | ||||||
|  |       namespace: testing | ||||||
|  |   - notExists: | ||||||
|  |       path: metadata.annotations | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.ingressClassName | ||||||
|  |       value: nginx | ||||||
|  |   - contains: | ||||||
|  |       path: spec.rules | ||||||
|  |       content: | ||||||
|  |         host: athens-proxy.example.local | ||||||
|  |         http: | ||||||
|  |           paths: | ||||||
|  |           - path: / | ||||||
|  |             pathType: Prefix | ||||||
|  |             backend: | ||||||
|  |               service: | ||||||
|  |                 name: athens-proxy-unittest-http | ||||||
|  |                 port: | ||||||
|  |                   number: 3000 | ||||||
|  |   - contains: | ||||||
|  |       path: spec.tls | ||||||
|  |       content: | ||||||
|  |         hosts: | ||||||
|  |         - athens-proxy.example.local | ||||||
|  |         secretName: athens-proxy-http-tls | ||||||
|  |  | ||||||
|  | - it: Render ingress with custom values. | ||||||
|  |   set: | ||||||
|  |     ingress.enabled: true | ||||||
|  |     ingress.annotations: | ||||||
|  |       foo: bar | ||||||
|  |     ingress.className: nginx | ||||||
|  |     ingress.labels: | ||||||
|  |       bar: foo | ||||||
|  |     ingress.hosts: | ||||||
|  |     - host: athens-proxy.example.local | ||||||
|  |       paths: | ||||||
|  |       - path: / | ||||||
|  |         pathType: Prefix | ||||||
|  |     ingress.tls: | ||||||
|  |     - secretName: athens-proxy-http-tls | ||||||
|  |       hosts: | ||||||
|  |       - athens-proxy.example.local | ||||||
|  |     services.http.port: 8080 | ||||||
|  |  | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: networking.k8s.io/v1 | ||||||
|  |       kind: Ingress | ||||||
|  |       name: athens-proxy-unittest | ||||||
|  |       namespace: testing | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.annotations | ||||||
|  |       value: | ||||||
|  |         foo: bar | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|  |         bar: foo | ||||||
|  |   - equal: | ||||||
|  |       path: spec.ingressClassName | ||||||
|  |       value: nginx | ||||||
|  |   - contains: | ||||||
|  |       path: spec.rules | ||||||
|  |       content: | ||||||
|  |         host: athens-proxy.example.local | ||||||
|  |         http: | ||||||
|  |           paths: | ||||||
|  |           - path: / | ||||||
|  |             pathType: Prefix | ||||||
|  |             backend: | ||||||
|  |               service: | ||||||
|  |                 name: athens-proxy-unittest-http | ||||||
|  |                 port: | ||||||
|  |                   number: 8080 | ||||||
|  |   - contains: | ||||||
|  |       path: spec.tls | ||||||
|  |       content: | ||||||
|  |         hosts: | ||||||
|  |         - athens-proxy.example.local | ||||||
|  |         secretName: athens-proxy-http-tls | ||||||
							
								
								
									
										98
									
								
								unittests/networkPolicy/networkPolicy.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										98
									
								
								unittests/networkPolicy/networkPolicy.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,98 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: NetworkPolicy template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/networkPolicy.yaml | ||||||
|  | tests: | ||||||
|  | - it: Skip rendering networkPolicy | ||||||
|  |   set: | ||||||
|  |     networkPolicy.enabled: false | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Render default networkPolicy | ||||||
|  |   set: | ||||||
|  |     networkPolicy.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count:  1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: networking.k8s.io/v1 | ||||||
|  |       kind: NetworkPolicy | ||||||
|  |       name: athens-proxy-unittest | ||||||
|  |       namespace: testing | ||||||
|  |   - notExists: | ||||||
|  |       path: metadata.annotations | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.podSelector.matchLabels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.policyTypes | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.egress | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.ingress | ||||||
|  |  | ||||||
|  | - it: Template networkPolicy with policyTypes, egress and ingress configuration | ||||||
|  |   set: | ||||||
|  |     networkPolicy.enabled: true | ||||||
|  |     networkPolicy.policyTypes: | ||||||
|  |     - Egress | ||||||
|  |     - Ingress | ||||||
|  |     networkPolicy.ingress: | ||||||
|  |     - from: | ||||||
|  |       - namespaceSelector: | ||||||
|  |           matchLabels: | ||||||
|  |             kubernetes.io/metadata.name: monitoring | ||||||
|  |         podSelector: | ||||||
|  |           matchLabels: | ||||||
|  |             app.kubernetes.io/name: prometheus | ||||||
|  |     networkPolicy.egress: | ||||||
|  |     - to: | ||||||
|  |       - namespaceSelector: | ||||||
|  |           matchLabels: | ||||||
|  |             kubernetes.io/metadata.name: ingress-nginx | ||||||
|  |         podSelector: | ||||||
|  |           matchLabels: | ||||||
|  |             app.kubernetes.io/name: ingress-nginx | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.policyTypes | ||||||
|  |       value: | ||||||
|  |       - Egress | ||||||
|  |       - Ingress | ||||||
|  |   - equal: | ||||||
|  |       path: spec.egress | ||||||
|  |       value: | ||||||
|  |       - to: | ||||||
|  |         - namespaceSelector: | ||||||
|  |             matchLabels: | ||||||
|  |               kubernetes.io/metadata.name: ingress-nginx | ||||||
|  |           podSelector: | ||||||
|  |             matchLabels: | ||||||
|  |               app.kubernetes.io/name: ingress-nginx | ||||||
|  |   - equal: | ||||||
|  |       path: spec.ingress | ||||||
|  |       value: | ||||||
|  |       - from: | ||||||
|  |         - namespaceSelector: | ||||||
|  |             matchLabels: | ||||||
|  |               kubernetes.io/metadata.name: monitoring | ||||||
|  |           podSelector: | ||||||
|  |             matchLabels: | ||||||
|  |               app.kubernetes.io/name: prometheus | ||||||
							
								
								
									
										90
									
								
								unittests/persistentVolumeClaim/persistentVolumeClaim.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										90
									
								
								unittests/persistentVolumeClaim/persistentVolumeClaim.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,90 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: PersistentVolumeClaim template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/persistentVolumeClaim.yaml | ||||||
|  | tests: | ||||||
|  | - it: Rendering default | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Rendering with enabled persistent storage | ||||||
|  |   set: | ||||||
|  |     persistence.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: v1 | ||||||
|  |       kind: PersistentVolumeClaim | ||||||
|  |       name: athens-proxy-unittest-data | ||||||
|  |       namespace: testing | ||||||
|  |   - notExists: | ||||||
|  |       path: metadata.annotations | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.accessModes | ||||||
|  |       value: | ||||||
|  |       - ReadWriteMany | ||||||
|  |   - isSubset: | ||||||
|  |       path: spec.resources | ||||||
|  |       content: | ||||||
|  |         requests: | ||||||
|  |           storage: 5Gi | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.storageClassName | ||||||
|  |  | ||||||
|  | - it: Rendering with custom enabled persistent storage | ||||||
|  |   set: | ||||||
|  |     persistence.enabled: true | ||||||
|  |     persistence.data.persistentVolumeClaim.annotations: | ||||||
|  |       foo: bar | ||||||
|  |     persistence.data.persistentVolumeClaim.labels: | ||||||
|  |       bar: foo | ||||||
|  |     persistence.data.persistentVolumeClaim.storageClassName: my-storage-class | ||||||
|  |     persistence.data.persistentVolumeClaim.storageSize: 10Gi | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: v1 | ||||||
|  |       kind: PersistentVolumeClaim | ||||||
|  |       name: athens-proxy-unittest-data | ||||||
|  |       namespace: testing | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.annotations | ||||||
|  |       value: | ||||||
|  |         foo: bar | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         bar: foo | ||||||
|  |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.accessModes | ||||||
|  |       value: | ||||||
|  |       - ReadWriteMany | ||||||
|  |   - isSubset: | ||||||
|  |       path: spec.resources | ||||||
|  |       content: | ||||||
|  |         requests: | ||||||
|  |           storage: 10Gi | ||||||
|  |   - equal: | ||||||
|  |       path: spec.storageClassName | ||||||
|  |       value: my-storage-class | ||||||
							
								
								
									
										77
									
								
								unittests/secrets/env.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										77
									
								
								unittests/secrets/env.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,77 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Secret environment variables | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/secretEnv.yaml | ||||||
|  | tests: | ||||||
|  | - it: Skip rendering by default | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Skip rendering by using existing secret. | ||||||
|  |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|  |     config.env.existingSecret.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Rendering env secret with default values. | ||||||
|  |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: v1 | ||||||
|  |       kind: Secret | ||||||
|  |       name: athens-proxy-unittest-env | ||||||
|  |       namespace: testing | ||||||
|  |   - notExists: | ||||||
|  |       path: metadata.annotations | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|  |   - isNullOrEmpty: | ||||||
|  |       path: stringData | ||||||
|  |  | ||||||
|  | - it: Rendering env secret with custom values. | ||||||
|  |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|  |     config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token | ||||||
|  |   asserts: | ||||||
|  |   - isSubset: | ||||||
|  |       path: stringData | ||||||
|  |       content: | ||||||
|  |         ATHENS_GITHUB_TOKEN: my-secret-token | ||||||
|  |  | ||||||
|  | - it: Rendering custom annotations and labels. | ||||||
|  |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|  |     config.env.secret.annotations: | ||||||
|  |       foo: bar | ||||||
|  |       bar: foo | ||||||
|  |     config.env.secret.labels: | ||||||
|  |       foo: bar | ||||||
|  |       bar: foo | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.annotations | ||||||
|  |       value: | ||||||
|  |         foo: bar | ||||||
|  |         bar: foo | ||||||
|  |   - isSubset: | ||||||
|  |       path: metadata.labels | ||||||
|  |       content: | ||||||
|  |         foo: bar | ||||||
|  |         bar: foo | ||||||
							
								
								
									
										93
									
								
								unittests/secrets/netrc.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										93
									
								
								unittests/secrets/netrc.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,93 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Secret netrc template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | tests: | ||||||
|  | - it: Skip rendering by default | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Skip rendering by using existing secret. | ||||||
|  |   set: | ||||||
|  |     config.netrc.enabled: true | ||||||
|  |     config.netrc.existingSecret.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Rendering netrc secret with default values. | ||||||
|  |   set: | ||||||
|  |     config.netrc.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: v1 | ||||||
|  |       kind: Secret | ||||||
|  |       name: athens-proxy-unittest-netrc | ||||||
|  |       namespace: testing | ||||||
|  |   - notExists: | ||||||
|  |       path: metadata.annotations | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|  |   - equal: | ||||||
|  |       path: stringData[".netrc"] | ||||||
|  |       value: | | ||||||
|  |         # The .netrc file | ||||||
|  |         # | ||||||
|  |         # The .netrc file contains login and initialization information used by the auto-login process. It generally | ||||||
|  |         # resides in the user's home directory, but a location outside of the home directory can be set using the | ||||||
|  |         # environment variable NETRC. Both locations are overridden by the command line option -N. The selected file | ||||||
|  |         # must be a regular file, or access will be denied. | ||||||
|  |         # | ||||||
|  |         # https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html | ||||||
|  |         # | ||||||
|  |         # default login           [name]     password  [password/token] | ||||||
|  |         # machine github.com      [octocat]  password  [PAT] | ||||||
|  |         # machine api.github.com  [octocat]  password  [PAT] | ||||||
|  |  | ||||||
|  | - it: Rendering netrc secret with custom values. | ||||||
|  |   set: | ||||||
|  |     config.netrc.enabled: true | ||||||
|  |     config.netrc.secret.content: | | ||||||
|  |       default github.com hugo password kinnock | ||||||
|  |       default api.github.com hugo password kinnock | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: stringData[".netrc"] | ||||||
|  |       value: | | ||||||
|  |         default github.com hugo password kinnock | ||||||
|  |         default api.github.com hugo password kinnock | ||||||
|  |  | ||||||
|  | - it: Rendering custom annotations and labels. | ||||||
|  |   set: | ||||||
|  |     config.netrc.enabled: true | ||||||
|  |     config.netrc.secret.annotations: | ||||||
|  |       foo: bar | ||||||
|  |       bar: foo | ||||||
|  |     config.netrc.secret.labels: | ||||||
|  |       foo: bar | ||||||
|  |       bar: foo | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.annotations | ||||||
|  |       value: | ||||||
|  |         foo: bar | ||||||
|  |         bar: foo | ||||||
|  |   - isSubset: | ||||||
|  |       path: metadata.labels | ||||||
|  |       content: | ||||||
|  |         foo: bar | ||||||
|  |         bar: foo | ||||||
							
								
								
									
										119
									
								
								unittests/secrets/ssh.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										119
									
								
								unittests/secrets/ssh.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,119 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Secret ssh template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/secretSSH.yaml | ||||||
|  | tests: | ||||||
|  | - it: Skip rending by default. | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Skip rendering by using existing secret. | ||||||
|  |   set: | ||||||
|  |     config.ssh.enabled: true | ||||||
|  |     config.ssh.existingSecret.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Rendering ssh secret with default values. | ||||||
|  |   set: | ||||||
|  |     config.ssh.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: v1 | ||||||
|  |       kind: Secret | ||||||
|  |       name: athens-proxy-unittest-ssh | ||||||
|  |       namespace: testing | ||||||
|  |   - notExists: | ||||||
|  |       path: metadata.annotations | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|  |   - equal: | ||||||
|  |       path: stringData.config | ||||||
|  |       value: | | ||||||
|  |         # Host * | ||||||
|  |         #   IdentityFile ~/.ssh/id_ed25519 | ||||||
|  |         #   IdentityFile ~/.ssh/id_rsa | ||||||
|  |   - notExists: | ||||||
|  |       path: stringData.id_ed25519 | ||||||
|  |   - notExists: | ||||||
|  |       path: stringData["id_ed25519.pub"] | ||||||
|  |   - notExists: | ||||||
|  |       path: stringData.id_rsa | ||||||
|  |   - notExists: | ||||||
|  |       path: stringData["id_rsa.pub"] | ||||||
|  |  | ||||||
|  | - it: Rendering ssh secret with custom values. | ||||||
|  |   set: | ||||||
|  |     config.ssh.enabled: true | ||||||
|  |     config.ssh.secret.config: | | ||||||
|  |       Host * | ||||||
|  |         IdentityFile ~/.ssh/id_ed25519 | ||||||
|  |         IdentityFile ~/.ssh/id_rsa | ||||||
|  |     config.ssh.secret.id_ed25519: | | ||||||
|  |       my-private-25519-key | ||||||
|  |     config.ssh.secret.id_ed25519_pub: | | ||||||
|  |       my-public-25519-key | ||||||
|  |     config.ssh.secret.id_rsa: | | ||||||
|  |       my-private-rsa-key | ||||||
|  |     config.ssh.secret.id_rsa_pub: | | ||||||
|  |       my-public-rsa-key | ||||||
|  |  | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: stringData.config | ||||||
|  |       value: | | ||||||
|  |         Host * | ||||||
|  |           IdentityFile ~/.ssh/id_ed25519 | ||||||
|  |           IdentityFile ~/.ssh/id_rsa | ||||||
|  |   - equal: | ||||||
|  |       path: stringData.id_ed25519 | ||||||
|  |       value: | | ||||||
|  |         my-private-25519-key | ||||||
|  |   - equal: | ||||||
|  |       path: stringData["id_ed25519.pub"] | ||||||
|  |       value: | | ||||||
|  |         my-public-25519-key | ||||||
|  |   - equal: | ||||||
|  |       path: stringData.id_rsa | ||||||
|  |       value: | | ||||||
|  |         my-private-rsa-key | ||||||
|  |   - equal: | ||||||
|  |       path: stringData["id_rsa.pub"] | ||||||
|  |       value: | | ||||||
|  |         my-public-rsa-key | ||||||
|  |  | ||||||
|  | - it: Rendering custom annotations and labels. | ||||||
|  |   set: | ||||||
|  |     config.ssh.enabled: true | ||||||
|  |     config.ssh.secret.annotations: | ||||||
|  |       foo: bar | ||||||
|  |       bar: foo | ||||||
|  |     config.ssh.secret.labels: | ||||||
|  |       foo: bar | ||||||
|  |       bar: foo | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.annotations | ||||||
|  |       value: | ||||||
|  |         foo: bar | ||||||
|  |         bar: foo | ||||||
|  |   - isSubset: | ||||||
|  |       path: metadata.labels | ||||||
|  |       content: | ||||||
|  |         foo: bar | ||||||
|  |         bar: foo | ||||||
							
								
								
									
										79
									
								
								unittests/serviceAccounts/serviceAccount.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										79
									
								
								unittests/serviceAccounts/serviceAccount.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,79 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: ServiceAccount athens-proxy template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/serviceAccount.yaml | ||||||
|  | tests: | ||||||
|  | - it: Skip rendering. | ||||||
|  |   set: | ||||||
|  |     serviceAccount.existing.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Rendering serviceAccount with default values. | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: v1 | ||||||
|  |       kind: ServiceAccount | ||||||
|  |       name: athens-proxy-unittest | ||||||
|  |       namespace: testing | ||||||
|  |   - notExists: | ||||||
|  |       path: metadata.annotations | ||||||
|  |   - notExists: | ||||||
|  |       path: metadata.labels | ||||||
|  |   - equal: | ||||||
|  |       path: automountServiceAccountToken | ||||||
|  |       value: true | ||||||
|  |   - notExists: | ||||||
|  |       path: imagePullSecrets | ||||||
|  |   - notExists: | ||||||
|  |       path: secrets | ||||||
|  |  | ||||||
|  |  | ||||||
|  | - it: Rendering serviceAccount with custom values. | ||||||
|  |   set: | ||||||
|  |     serviceAccount.new.annotations: | ||||||
|  |       foo: bar | ||||||
|  |     serviceAccount.new.labels: | ||||||
|  |       bar: foo | ||||||
|  |     serviceAccount.new.automountServiceAccountToken: false | ||||||
|  |     serviceAccount.new.imagePullSecrets: | ||||||
|  |     - name: "my-pull-secret" | ||||||
|  |     serviceAccount.new.secrets: | ||||||
|  |     - name: "my-secret" | ||||||
|  |       namespace: "my-namespace" | ||||||
|  |       fieldPath: "my-path" | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.annotations | ||||||
|  |       value: | ||||||
|  |         foo: bar | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         bar: foo | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.name | ||||||
|  |       value: athens-proxy-unittest | ||||||
|  |   - equal: | ||||||
|  |       path: automountServiceAccountToken | ||||||
|  |       value: false | ||||||
|  |   - equal: | ||||||
|  |       path: imagePullSecrets | ||||||
|  |       value: | ||||||
|  |         - name: "my-pull-secret" | ||||||
|  |   - equal: | ||||||
|  |       path: secrets | ||||||
|  |       value: | ||||||
|  |       - name: "my-secret" | ||||||
|  |         namespace: "my-namespace" | ||||||
|  |         fieldPath: "my-path" | ||||||
							
								
								
									
										174
									
								
								unittests/services/http.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										174
									
								
								unittests/services/http.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,174 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Service http template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/serviceHTTP.yaml | ||||||
|  | tests: | ||||||
|  | - it: Skip service when disabled. | ||||||
|  |   set: | ||||||
|  |     services.http.enabled: false | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Rendering service with default values. | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: v1 | ||||||
|  |       kind: Service | ||||||
|  |       name: athens-proxy-unittest-http | ||||||
|  |       namespace: testing | ||||||
|  |   - notExists: | ||||||
|  |       path: metadata.annotations | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |         app.kubernetes.io/service-name: http | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.externalIPs | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.externalTrafficPolicy | ||||||
|  |   - equal: | ||||||
|  |       path: spec.internalTrafficPolicy | ||||||
|  |       value: Cluster | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.ipFamilies | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.loadBalancerClass | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.loadBalancerIP | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.loadBalancerSourceRanges | ||||||
|  |   - equal: | ||||||
|  |       path: spec.ports[0].name | ||||||
|  |       value: http | ||||||
|  |   - equal: | ||||||
|  |       path: spec.ports[0].protocol | ||||||
|  |       value: TCP | ||||||
|  |   - equal: | ||||||
|  |       path: spec.ports[0].port | ||||||
|  |       value: 3000 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.selector | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |   - equal: | ||||||
|  |       path: spec.sessionAffinity | ||||||
|  |       value: None | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.sessionAffinityConfig | ||||||
|  |   - equal: | ||||||
|  |       path: spec.type | ||||||
|  |       value: ClusterIP | ||||||
|  |  | ||||||
|  | - it: Require internalTrafficPolicy. | ||||||
|  |   set: | ||||||
|  |     services.http.internalTrafficPolicy: "" | ||||||
|  |   asserts: | ||||||
|  |   - failedTemplate: | ||||||
|  |       errorMessage: No internal traffic policy defined! | ||||||
|  |  | ||||||
|  | - it: Require port. | ||||||
|  |   set: | ||||||
|  |     services.http.port: "" | ||||||
|  |   asserts: | ||||||
|  |   - failedTemplate: | ||||||
|  |       errorMessage: No service port defined! | ||||||
|  |  | ||||||
|  | - it: Require sessionAffinity. | ||||||
|  |   set: | ||||||
|  |     services.http.sessionAffinity: "" | ||||||
|  |   asserts: | ||||||
|  |   - failedTemplate: | ||||||
|  |       errorMessage: No session affinity defined! | ||||||
|  |  | ||||||
|  | - it: Require service type. | ||||||
|  |   set: | ||||||
|  |     services.http.type: "" | ||||||
|  |   asserts: | ||||||
|  |   - failedTemplate: | ||||||
|  |       errorMessage: No service type defined! | ||||||
|  |  | ||||||
|  | - it: Render service with custom annotations and labels. | ||||||
|  |   set: | ||||||
|  |     services.http.annotations: | ||||||
|  |       foo: bar | ||||||
|  |     services.http.labels: | ||||||
|  |       bar: foo | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.annotations | ||||||
|  |       value: | ||||||
|  |         foo: bar | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: athens-proxy-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: athens-proxy | ||||||
|  |         app.kubernetes.io/service-name: http | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|  |         bar: foo | ||||||
|  |  | ||||||
|  | - it: Change defaults | ||||||
|  |   set: | ||||||
|  |     services.http.externalIPs: | ||||||
|  |     - "10.11.12.13/32" | ||||||
|  |     services.http.externalTrafficPolicy: Local | ||||||
|  |     services.http.internalTrafficPolicy: Local | ||||||
|  |     services.http.ipFamilies: | ||||||
|  |     - IPv4 | ||||||
|  |     services.http.loadBalancerClass: aws | ||||||
|  |     services.http.loadBalancerIP: "11.12.13.14" | ||||||
|  |     services.http.loadBalancerSourceRanges: | ||||||
|  |     - "11.12.0.0/17" | ||||||
|  |     services.http.port: 10443 | ||||||
|  |     services.http.sessionAffinity: ClientIP | ||||||
|  |     services.http.type: LoadBalancer | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.externalIPs | ||||||
|  |       value: | ||||||
|  |       - 10.11.12.13/32 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.externalTrafficPolicy | ||||||
|  |       value: Local | ||||||
|  |   - equal: | ||||||
|  |       path: spec.internalTrafficPolicy | ||||||
|  |       value: Local | ||||||
|  |   - equal: | ||||||
|  |       path: spec.ipFamilies | ||||||
|  |       value: | ||||||
|  |       - IPv4 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.loadBalancerClass | ||||||
|  |       value: aws | ||||||
|  |   - equal: | ||||||
|  |       path: spec.loadBalancerIP | ||||||
|  |       value: "11.12.13.14" | ||||||
|  |   - equal: | ||||||
|  |       path: spec.loadBalancerSourceRanges | ||||||
|  |       value: | ||||||
|  |       - "11.12.0.0/17" | ||||||
|  |   - equal: | ||||||
|  |       path: spec.ports[0].port | ||||||
|  |       value: 10443 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.sessionAffinity | ||||||
|  |       value: ClientIP | ||||||
|  |   - equal: | ||||||
|  |       path: spec.type | ||||||
|  |       value: LoadBalancer | ||||||
							
								
								
									
										838
									
								
								values.yaml
									
									
									
									
									
								
							
							
						
						
									
										838
									
								
								values.yaml
									
									
									
									
									
								
							| @@ -1,187 +1,695 @@ | |||||||
| affinity: {} | # Declare variables to be passed into your templates. | ||||||
|  | ## @section Global | ||||||
| image: | ## @param nameOverride Individual release name suffix. | ||||||
|   repository: docker.io/gomods/athens | ## @param fullnameOverride Override the complete release name logic. | ||||||
|   pullPolicy: IfNotPresent |  | ||||||
|   # Overrides the image tag whose default is the chart appVersion. |  | ||||||
|   tag: "" |  | ||||||
|  |  | ||||||
| imagePullSecrets: [] |  | ||||||
| nameOverride: "" | nameOverride: "" | ||||||
| fullnameOverride: "" | fullnameOverride: "" | ||||||
|  |  | ||||||
| podAnnotations: {} | ## @section Certificate | ||||||
|  | certificate: | ||||||
|  |   ## @param certificate.enabled Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added. | ||||||
|  |   enabled: false | ||||||
|  |  | ||||||
| podPriorityClassName: "" |   ## @param certificate.existingSecret.enabled Use an existing secret of the type `kubernetes.io/tls`. | ||||||
|  |   ## @param certificate.existingSecret.secretName Name of the secret containing the TLS certificate and private key. | ||||||
|  |   existingSecret: | ||||||
|  |     enabled: false | ||||||
|  |     secretName: "" | ||||||
|  |  | ||||||
| podSecurityContext: {} |   ## @param certificate.new.annotations Additional certificate annotations. | ||||||
|   # fsGroup: 2000 |   ## @param certificate.new.labels Additional certificate labels. | ||||||
|  |   ## @param certificate.new.duration Duration of the TLS certificate. | ||||||
|  |   ## @param certificate.new.renewBefore Renew TLS certificate before expiring. | ||||||
|  |   ## @param certificate.new.dnsNames Overwrites the default of the subject alternative DNS names. | ||||||
|  |   ## @param certificate.new.ipAddresses Overwrites the default of the subject alternative IP addresses. | ||||||
|  |   ## @param certificate.new.issuerRef.kind Issuer kind. Can be `Issuer` or `ClusterIssuer`. | ||||||
|  |   ## @param certificate.new.issuerRef.name Name of the `Issuer` or `ClusterIssuer`. | ||||||
|  |   ## @param certificate.new.privateKey.algorithm Algorithm of the private TLS key. | ||||||
|  |   ## @param certificate.new.privateKey.rotationPolicy Rotation of the private TLS key. | ||||||
|  |   ## @param certificate.new.privateKey.size Size of the private TLS key. | ||||||
|  |   ## @param certificate.new.secretTemplate.annotations Additional annotation of the created secret. | ||||||
|  |   ## @param certificate.new.secretTemplate.labels Additional labels of the created secret. | ||||||
|  |   ## @param certificate.new.subject.countries List of countries. | ||||||
|  |   ## @param certificate.new.subject.localities List of localities. | ||||||
|  |   ## @param certificate.new.subject.organizationalUnits List of organizationalUnits. | ||||||
|  |   ## @param certificate.new.subject.organizations List of organizations. | ||||||
|  |   ## @param certificate.new.subject.postalCodes List of postalCodes. | ||||||
|  |   ## @param certificate.new.subject.provinces List of provinces. | ||||||
|  |   ## @param certificate.new.subject.serialNumber Serial number. | ||||||
|  |   ## @param certificate.new.subject.streetAddresses List of streetAddresses. | ||||||
|  |   ## @param certificate.new.usages Define the usage of the TLS key. | ||||||
|  |   new: | ||||||
|  |     annotations: {} | ||||||
|  |     labels: {} | ||||||
|  |     duration: "744h"      # 31 days | ||||||
|  |     renewBefore: "672h"   # 28 days | ||||||
|  |     dnsNames: [] | ||||||
|  |     # The following DNS names are already part of the SAN's and serves only as example. | ||||||
|  |     # - "athens-proxy" | ||||||
|  |     # - "athens-proxy.svc" | ||||||
|  |     # - "athens-proxy.svc.namespace" | ||||||
|  |     # - "athens-proxy.svc.namespace.cluster.local" | ||||||
|  |     ipAddresses: [] | ||||||
|  |     # The following IP addresses serves only as example. | ||||||
|  |     # - "10.92.1.10" | ||||||
|  |     # - "2001:0db8:85a3:08d3:1319:8a2e:0370:7344" | ||||||
|  |     issuerRef: | ||||||
|  |       kind: "" | ||||||
|  |       name: "" | ||||||
|  |     privateKey: | ||||||
|  |       algorithm: "RSA" | ||||||
|  |       rotationPolicy: "Never" | ||||||
|  |       size: 4096 | ||||||
|  |     secretTemplate: | ||||||
|  |       annotations: {} | ||||||
|  |       labels: {} | ||||||
|  |     subject: | ||||||
|  |       countries: [] | ||||||
|  |       localities: [] | ||||||
|  |       organizationalUnits: [] | ||||||
|  |       organizations: [] | ||||||
|  |       postalCodes: [] | ||||||
|  |       provinces: [] | ||||||
|  |       serialNumber: "" | ||||||
|  |       streetAddresses: [] | ||||||
|  |     usages: | ||||||
|  |     - "client auth" | ||||||
|  |     - "server auth" | ||||||
|  |  | ||||||
| securityContext: {} | ## @section Configuration | ||||||
|   # capabilities: | config: | ||||||
|   #   drop: |   env: | ||||||
|   #   - ALL |     ## @param config.env.enabled Enable mounting of the secret as environment variables. | ||||||
|   # readOnlyRootFilesystem: true |     enabled: false | ||||||
|   # runAsNonRoot: true |  | ||||||
|   # runAsUser: 1000 |  | ||||||
|  |  | ||||||
| config: {} |     ## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables. | ||||||
|   # ATHENS_AZURE_ACCOUNT_KEY: |     ## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables. | ||||||
|   # ATHENS_AZURE_ACCOUNT_NAME: |     existingSecret: | ||||||
|   # ATHENS_AZURE_CONTAINER_NAME: |       enabled: false | ||||||
|   # ATHENS_CLOUD_RUNTIME: |       secretName: "" | ||||||
|   # ATHENS_DOWNLOAD_MODE: |  | ||||||
|   # ATHENS_DOWNLOAD_URL: |  | ||||||
|   # ATHENS_ETCD_ENDPOINTS: |  | ||||||
|   # ATHENS_EXTERNAL_STORAGE_URL: |  | ||||||
|   # ATHENS_FILTER_FILE: |  | ||||||
|   # ATHENS_GITHUB_TOKEN: |  | ||||||
|   # ATHENS_GLOBAL_ENDPOINT: |  | ||||||
|   # ATHENS_GO_BINARY_ENV_VARS: |  | ||||||
|   # ATHENS_GOGET_DIR: |  | ||||||
|   # ATHENS_GOGET_WORKERS: |  | ||||||
|   # ATHENS_GONOSUM_PATTERNS: |  | ||||||
|   # ATHENS_HGRC_PATH: |  | ||||||
|   # ATHENS_INDEX_MYSQL_DATABASE: |  | ||||||
|   # ATHENS_INDEX_MYSQL_HOST: |  | ||||||
|   # ATHENS_INDEX_MYSQL_PARAMS: |  | ||||||
|   # ATHENS_INDEX_MYSQL_PASSWORD: |  | ||||||
|   # ATHENS_INDEX_MYSQL_PORT: |  | ||||||
|   # ATHENS_INDEX_MYSQL_PROTOCOL: |  | ||||||
|   # ATHENS_INDEX_MYSQL_USER: |  | ||||||
|   # ATHENS_INDEX_POSTGRES_DATABASE: |  | ||||||
|   # ATHENS_INDEX_POSTGRES_HOST: |  | ||||||
|   # ATHENS_INDEX_POSTGRES_PARAMS: |  | ||||||
|   # ATHENS_INDEX_POSTGRES_PASSWORD: |  | ||||||
|   # ATHENS_INDEX_POSTGRES_PORT: |  | ||||||
|   # ATHENS_INDEX_POSTGRES_USER: |  | ||||||
|   # ATHENS_INDEX_TYPE: |  | ||||||
|   # ATHENS_LOG_LEVEL: |  | ||||||
|   # ATHENS_MINIO_ACCESS_KEY_ID: |  | ||||||
|   # ATHENS_MINIO_BUCKET_NAME: |  | ||||||
|   # ATHENS_MINIO_ENDPOINT: |  | ||||||
|   # ATHENS_MINIO_REGION: |  | ||||||
|   # ATHENS_MINIO_SECRET_ACCESS_KEY: |  | ||||||
|   # ATHENS_MINIO_USE_SSL: |  | ||||||
|   # ATHENS_MONGO_CERT_PATH: |  | ||||||
|   # ATHENS_MONGO_DEFAULT_DATABASE: |  | ||||||
|   # ATHENS_MONGO_INSECURE: |  | ||||||
|   # ATHENS_MONGO_STORAGE_URL: |  | ||||||
|   # ATHENS_NETRC_PATH: |  | ||||||
|   # ATHENS_PATH_PREFIX: |  | ||||||
|   # ATHENS_PORT: |  | ||||||
|   # ATHENS_PROTOCOL_WORKERS: |  | ||||||
|   # ATHENS_PROXY_VALIDATOR: |  | ||||||
|   # ATHENS_REDIS_ENDPOINT: |  | ||||||
|   # ATHENS_REDIS_PASSWORD: |  | ||||||
|   # ATHENS_REDIS_SENTINEL_ENDPOINTS: |  | ||||||
|   # ATHENS_ROBOTS_FILE: |  | ||||||
|   # ATHENS_SINGLE_FLIGHT_TYPE: |  | ||||||
|   # ATHENS_STATS_EXPORTER: |  | ||||||
|   # ATHENS_STORAGE_GCP_BUCKET: |  | ||||||
|   # ATHENS_STORAGE_GCP_JSON_KEY: |  | ||||||
|   # ATHENS_STORAGE_TYPE: |  | ||||||
|   # ATHENS_SUM_DBS: |  | ||||||
|   # ATHENS_TIMEOUT: |  | ||||||
|   # ATHENS_TLSCERT_FILE: |  | ||||||
|   # ATHENS_TLSKEY_FILE: |  | ||||||
|   # ATHENS_TRACE_EXPORTER_URL: |  | ||||||
|   # ATHENS_TRACE_EXPORTER: |  | ||||||
|   # AWS_ACCESS_KEY_ID: |  | ||||||
|   # AWS_ENDPOINT: |  | ||||||
|   # AWS_FORCE_PATH_STYLE: |  | ||||||
|   # AWS_REGION: |  | ||||||
|   # AWS_SECRET_ACCESS_KEY: |  | ||||||
|   # AWS_SESSION_TOKEN: |  | ||||||
|   # BASIC_AUTH_PASS: |  | ||||||
|   # BASIC_AUTH_USER: |  | ||||||
|   # CDN_ENDPOINT: |  | ||||||
|   # GO_BINARY_PATH: |  | ||||||
|   # GO_ENV: |  | ||||||
|   # GOOGLE_CLOUD_PROJECT: |  | ||||||
|   # MY_S3_BUCKET_NAME: |  | ||||||
|   # PROXY_FORCE_SSL: |  | ||||||
|  |  | ||||||
| replicaCount: 1 |     ## @param config.env.secret.annotations Additional annotations of the secret containing the database credentials. | ||||||
|  |     ## @param config.env.secret.labels Additional labels of the secret containing the database credentials. | ||||||
|  |     ## @param config.env.secret.envs List of environment variables stored in a secret and mounted into the container. | ||||||
|  |     secret: | ||||||
|  |       annotations: {} | ||||||
|  |       labels: {} | ||||||
|  |       envs: {} | ||||||
|  |         # ATHENS_AZURE_ACCOUNT_KEY: | ||||||
|  |         # ATHENS_AZURE_ACCOUNT_NAME: | ||||||
|  |         # ATHENS_AZURE_CONTAINER_NAME: | ||||||
|  |         # ATHENS_CLOUD_RUNTIME: | ||||||
|  |         # ATHENS_DOWNLOAD_URL: | ||||||
|  |         # ATHENS_ETCD_ENDPOINTS: | ||||||
|  |         # ATHENS_EXTERNAL_STORAGE_URL: | ||||||
|  |         # ATHENS_FILTER_FILE: | ||||||
|  |         # ATHENS_GITHUB_TOKEN: | ||||||
|  |         # ATHENS_GLOBAL_ENDPOINT: | ||||||
|  |         # ATHENS_GO_BINARY_ENV_VARS: | ||||||
|  |         # ATHENS_GOGET_DIR: | ||||||
|  |         # ATHENS_GOGET_WORKERS: | ||||||
|  |         # ATHENS_GONOSUM_PATTERNS: | ||||||
|  |         # ATHENS_HGRC_PATH: | ||||||
|  |         # ATHENS_INDEX_MYSQL_DATABASE: | ||||||
|  |         # ATHENS_INDEX_MYSQL_HOST: | ||||||
|  |         # ATHENS_INDEX_MYSQL_PARAMS: | ||||||
|  |         # ATHENS_INDEX_MYSQL_PASSWORD: | ||||||
|  |         # ATHENS_INDEX_MYSQL_PORT: | ||||||
|  |         # ATHENS_INDEX_MYSQL_PROTOCOL: | ||||||
|  |         # ATHENS_INDEX_MYSQL_USER: | ||||||
|  |         # ATHENS_INDEX_POSTGRES_DATABASE: | ||||||
|  |         # ATHENS_INDEX_POSTGRES_HOST: | ||||||
|  |         # ATHENS_INDEX_POSTGRES_PARAMS: | ||||||
|  |         # ATHENS_INDEX_POSTGRES_PASSWORD: | ||||||
|  |         # ATHENS_INDEX_POSTGRES_PORT: | ||||||
|  |         # ATHENS_INDEX_POSTGRES_USER: | ||||||
|  |         # ATHENS_INDEX_TYPE: | ||||||
|  |         # ATHENS_LOG_LEVEL: | ||||||
|  |         # ATHENS_MINIO_ACCESS_KEY_ID: | ||||||
|  |         # ATHENS_MINIO_BUCKET_NAME: | ||||||
|  |         # ATHENS_MINIO_ENDPOINT: | ||||||
|  |         # ATHENS_MINIO_REGION: | ||||||
|  |         # ATHENS_MINIO_SECRET_ACCESS_KEY: | ||||||
|  |         # ATHENS_MINIO_USE_SSL: | ||||||
|  |         # ATHENS_MONGO_CERT_PATH: | ||||||
|  |         # ATHENS_MONGO_DEFAULT_DATABASE: | ||||||
|  |         # ATHENS_MONGO_INSECURE: | ||||||
|  |         # ATHENS_MONGO_STORAGE_URL: | ||||||
|  |         # ATHENS_PATH_PREFIX: | ||||||
|  |         # ATHENS_PORT: | ||||||
|  |         # ATHENS_PROTOCOL_WORKERS: | ||||||
|  |         # ATHENS_PROXY_VALIDATOR: | ||||||
|  |         # ATHENS_REDIS_ENDPOINT: | ||||||
|  |         # ATHENS_REDIS_PASSWORD: | ||||||
|  |         # ATHENS_REDIS_SENTINEL_ENDPOINTS: | ||||||
|  |         # ATHENS_ROBOTS_FILE: | ||||||
|  |         # ATHENS_SINGLE_FLIGHT_TYPE: | ||||||
|  |         # ATHENS_STATS_EXPORTER: | ||||||
|  |         # ATHENS_STORAGE_GCP_BUCKET: | ||||||
|  |         # ATHENS_STORAGE_GCP_JSON_KEY: | ||||||
|  |         # ATHENS_SUM_DBS: | ||||||
|  |         # ATHENS_TIMEOUT: | ||||||
|  |         # ATHENS_TRACE_EXPORTER_URL: | ||||||
|  |         # ATHENS_TRACE_EXPORTER: | ||||||
|  |         # AWS_ACCESS_KEY_ID: | ||||||
|  |         # AWS_ENDPOINT: | ||||||
|  |         # AWS_FORCE_PATH_STYLE: | ||||||
|  |         # AWS_REGION: | ||||||
|  |         # AWS_SECRET_ACCESS_KEY: | ||||||
|  |         # AWS_SESSION_TOKEN: | ||||||
|  |         # BASIC_AUTH_PASS: | ||||||
|  |         # BASIC_AUTH_USER: | ||||||
|  |         # CDN_ENDPOINT: | ||||||
|  |         # GO_BINARY_PATH: | ||||||
|  |         # GO_ENV: | ||||||
|  |         # GOOGLE_CLOUD_PROJECT: | ||||||
|  |         # MY_S3_BUCKET_NAME: | ||||||
|  |         # PROXY_FORCE_SSL: | ||||||
|  |  | ||||||
| serviceAccount: |   downloadMode: | ||||||
|  |     ## @param config.downloadMode.enabled Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined. | ||||||
|  |     enabled: false | ||||||
|  |  | ||||||
|  |     ## @param config.downloadMode.existingConfigMap.enabled Enable to use an external config map for mounting the download mode file. | ||||||
|  |     ## @param config.downloadMode.existingConfigMap.configMapName The name of the existing config map which should be used to mount the download mode file. | ||||||
|  |     ## @param config.downloadMode.existingConfigMap.downloadModeKey The name of the key inside the config map where the content of the download mode file is stored. | ||||||
|  |     existingConfigMap: | ||||||
|  |       enabled: false | ||||||
|  |       configMapName: "" | ||||||
|  |       downloadModeKey: "downloadMode" | ||||||
|  |  | ||||||
|  |     ## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file. | ||||||
|  |     ## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file. | ||||||
|  |     ## @skip config.downloadMode.configMap.content The content of the download mode file. | ||||||
|  |     configMap: | ||||||
|  |       annotations: {} | ||||||
|  |       labels: {} | ||||||
|  |       content: | | ||||||
|  |         downloadURL = "https://proxy.golang.org" | ||||||
|  |  | ||||||
|  |         mode = "async_redirect" | ||||||
|  |  | ||||||
|  |         # download "github.com/gomods/*" { | ||||||
|  |         #     mode = "sync" | ||||||
|  |         # } | ||||||
|  |         # | ||||||
|  |         # download "golang.org/x/*" { | ||||||
|  |         #     mode = "none" | ||||||
|  |         # } | ||||||
|  |         # | ||||||
|  |         # download "github.com/pkg/*" { | ||||||
|  |         #     mode = "redirect" | ||||||
|  |         #     downloadURL = "https://proxy.golang.org" | ||||||
|  |         # } | ||||||
|  |  | ||||||
|  |   gitConfig: | ||||||
|  |     ## @param config.gitConfig.enabled Enable mounting of a .gitconfig file into the container file system. | ||||||
|  |     enabled: false | ||||||
|  |  | ||||||
|  |     ## @param config.gitConfig.existingConfigMap.enabled Enable to use an external config map for mounting the .gitconfig file. | ||||||
|  |     ## @param config.gitConfig.existingConfigMap.configMapName The name of the existing config map which should be used to mount the .gitconfig file. | ||||||
|  |     ## @param config.gitConfig.existingConfigMap.gitConfigKey The name of the key inside the config map where the content of the .gitconfig file is stored. | ||||||
|  |     existingConfigMap: | ||||||
|  |       enabled: false | ||||||
|  |       configMapName: "" | ||||||
|  |       gitConfigKey: | ||||||
|  |  | ||||||
|  |     ## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the .gitconfig file. | ||||||
|  |     ## @param config.gitConfig.configMap.labels Additional labels of the config map containing the .gitconfig file. | ||||||
|  |     ## @skip config.gitConfig.configMap.content The content of the .gitconfig file. | ||||||
|  |     configMap: | ||||||
|  |       annotations: {} | ||||||
|  |       labels: {} | ||||||
|  |       content: | | ||||||
|  |         # The .gitconfig file | ||||||
|  |         # | ||||||
|  |         # The .gitconfig file contains the user specific git configuration. It generally resides in the user's home | ||||||
|  |         # directory. | ||||||
|  |         # | ||||||
|  |         # [url "git@github.com:"] insteadOf = https://github.com/ | ||||||
|  |  | ||||||
|  |   netrc: | ||||||
|  |     ## @param config.netrc.enabled Enable mounting of a .netrc file into the container file system. | ||||||
|  |     enabled: false | ||||||
|  |  | ||||||
|  |     ## @param config.netrc.existingSecret.enabled Enable to use an external secret for mounting the .netrc file. | ||||||
|  |     ## @param config.netrc.existingSecret.secretName The name of the existing secret which should be used to mount the .netrc file. | ||||||
|  |     ## @param config.netrc.existingSecret.netrcKey The name of the key inside the secret where the content of the .netrc file is stored. | ||||||
|  |     existingSecret: | ||||||
|  |       enabled: false | ||||||
|  |       secretName: "" | ||||||
|  |       netrcKey: ".netrc" | ||||||
|  |  | ||||||
|  |     ## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials. | ||||||
|  |     ## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials. | ||||||
|  |     ## @skip config.netrc.secret.content The content of the .netrc file. | ||||||
|  |     secret: | ||||||
|  |       annotations: {} | ||||||
|  |       labels: {} | ||||||
|  |       content: | | ||||||
|  |         # The .netrc file | ||||||
|  |         # | ||||||
|  |         # The .netrc file contains login and initialization information used by the auto-login process. It generally | ||||||
|  |         # resides in the user's home directory, but a location outside of the home directory can be set using the | ||||||
|  |         # environment variable NETRC. Both locations are overridden by the command line option -N. The selected file | ||||||
|  |         # must be a regular file, or access will be denied. | ||||||
|  |         # | ||||||
|  |         # https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html | ||||||
|  |         # | ||||||
|  |         # default login           [name]     password  [password/token] | ||||||
|  |         # machine github.com      [octocat]  password  [PAT] | ||||||
|  |         # machine api.github.com  [octocat]  password  [PAT] | ||||||
|  |  | ||||||
|  |   ssh: | ||||||
|  |     ## @param config.ssh.enabled Enable mounting of a .netrc file into the container file system. | ||||||
|  |     enabled: false | ||||||
|  |  | ||||||
|  |     ## @param config.ssh.existingSecret.enabled Enable to use an external secret for mounting the public and private SSH key files. | ||||||
|  |     ## @param config.ssh.existingSecret.secretName The name of the existing secret which should be used to mount the public and private SSH key files. | ||||||
|  |     ## @param config.ssh.existingSecret.configKey The name of the key inside the secret where the content of the SSH client config file is stored. | ||||||
|  |     ## @param config.ssh.existingSecret.id_ed25519Key The name of the key inside the secret where the content of the id_ed25519 key file is stored. | ||||||
|  |     ## @param config.ssh.existingSecret.id_ed25519PubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | ||||||
|  |     ## @param config.ssh.existingSecret.id_rsaKey The name of the key inside the secret where the content of the id_rsa key file is stored. | ||||||
|  |     ## @param config.ssh.existingSecret.id_rsaPubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | ||||||
|  |     existingSecret: | ||||||
|  |       enabled: false | ||||||
|  |       secretName: "" | ||||||
|  |       configKey: "config" | ||||||
|  |       id_ed25519Key: "id_ed25519" | ||||||
|  |       id_ed25519PubKey: "id_ed25519.pub" | ||||||
|  |       id_rsaKey: "id_rsa" | ||||||
|  |       id_rsaPubKey: "id_rsa.pub" | ||||||
|  |  | ||||||
|  |     ## @param config.ssh.secret.annotations Additional annotations of the secret containing the public and private SSH key files. | ||||||
|  |     ## @param config.ssh.secret.labels Additional labels of the secret containing the public and private SSH key files. | ||||||
|  |     ## @skip config.ssh.secret.config The content of the SSH client config file. | ||||||
|  |     ## @skip config.ssh.secret.id_ed25519 The content of the private SSH ed25519 key. | ||||||
|  |     ## @skip config.ssh.secret.id_ed25519_pub The content of the public SSH ed25519 key. | ||||||
|  |     ## @skip config.ssh.secret.id_rsa The content of the private SSH RSA key. | ||||||
|  |     ## @skip config.ssh.secret.id_rsa_pub The content of the public SSH RSA key. | ||||||
|  |     secret: | ||||||
|  |       annotations: {} | ||||||
|  |       labels: {} | ||||||
|  |       config: | | ||||||
|  |         # Host * | ||||||
|  |         #   IdentityFile ~/.ssh/id_ed25519 | ||||||
|  |         #   IdentityFile ~/.ssh/id_rsa | ||||||
|  |       id_ed25519: "" | ||||||
|  |       id_ed25519_pub: "" | ||||||
|  |       id_rsa: "" | ||||||
|  |       id_rsa_pub: "" | ||||||
|  |  | ||||||
|  | ## @section Deployment | ||||||
|  | deployment: | ||||||
|  |   ## @param deployment.annotations Additional deployment annotations. | ||||||
|  |   ## @param deployment.labels Additional deployment labels. | ||||||
|   annotations: {} |   annotations: {} | ||||||
|  |   labels: {} | ||||||
|  |  | ||||||
| service: |   ## @param deployment.additionalContainers List of additional containers. | ||||||
|  |   additionalContainers: [] | ||||||
|  |   # - command: [ "sh", "-c", "echo hello world" ] | ||||||
|  |   #   image: "docker.io/library/busybox:latest" | ||||||
|  |   #   name: side-car | ||||||
|  |  | ||||||
|  |   ## @param deployment.affinity Affinity for the athens-proxy deployment. | ||||||
|  |   affinity: {} | ||||||
|  |     # nodeAffinity: | ||||||
|  |     #   requiredDuringSchedulingIgnoredDuringExecution: | ||||||
|  |     #     nodeSelectorTerms: | ||||||
|  |     #     - matchExpressions: | ||||||
|  |     #       - key: kubernetes.io/os | ||||||
|  |     #         operator: In | ||||||
|  |     #         values: | ||||||
|  |     #         - linux | ||||||
|  |     #   preferredDuringSchedulingIgnoredDuringExecution: | ||||||
|  |     #   - weight: 20 | ||||||
|  |     #     preference: | ||||||
|  |     #       matchExpressions: | ||||||
|  |     #       - key: kubernetes.io/arch | ||||||
|  |     #         operator: In | ||||||
|  |     #         values: | ||||||
|  |     #         - amd64 | ||||||
|  |  | ||||||
|  |   ## @param deployment.initContainers List of additional init containers. | ||||||
|  |   initContainers: [] | ||||||
|  |   # - command: [ "sh", "-c", "echo hello world" ] | ||||||
|  |   #   image: "docker.io/library/busybox:latest" | ||||||
|  |   #   name: init | ||||||
|  |  | ||||||
|  |   ## @param deployment.dnsConfig dnsConfig of the athens-proxy deployment. | ||||||
|  |   dnsConfig: {} | ||||||
|  |     # nameservers: | ||||||
|  |     # - 192.0.2.1 # this is an example | ||||||
|  |     # searches: | ||||||
|  |     # - ns1.svc.cluster-domain.example | ||||||
|  |     # - my.dns.search.suffix | ||||||
|  |     # options: | ||||||
|  |     # - name: ndots | ||||||
|  |     #   value: "2" | ||||||
|  |     # - name: edns0 | ||||||
|  |  | ||||||
|  |   ## @param deployment.dnsPolicy dnsPolicy of the athens-proxy deployment. | ||||||
|  |   dnsPolicy: "" | ||||||
|  |  | ||||||
|  |   ## @param deployment.hostname Individual hostname of the pod. | ||||||
|  |   ## @param deployment.subdomain Individual domain of the pod. | ||||||
|  |   hostname: "" | ||||||
|  |   subdomain: "" | ||||||
|  |  | ||||||
|  |   ## @param deployment.hostNetwork Use the kernel network namespace of the host system. | ||||||
|  |   hostNetwork: false | ||||||
|  |  | ||||||
|  |   ## @param deployment.imagePullSecrets Secret to use for pulling the image. | ||||||
|  |   imagePullSecrets: [] | ||||||
|  |   # - name: "my-custom-secret" | ||||||
|  |  | ||||||
|  |   athensProxy: | ||||||
|  |     ## @param deployment.athensProxy.args Arguments passed to the athens-proxy container. | ||||||
|  |     args: [] | ||||||
|  |  | ||||||
|  |     ## @param deployment.athensProxy.command Command passed to the athens-proxy container. | ||||||
|  |     command: [] | ||||||
|  |  | ||||||
|  |     ## @param deployment.athensProxy.env List of environment variables for the athens-proxy container. | ||||||
|  |     env: [] | ||||||
|  |     # - name: SPECIAL_ENV_A | ||||||
|  |     #   value: special-key | ||||||
|  |     # - name: SPECIAL_ENV | ||||||
|  |     #   valueFrom: | ||||||
|  |     #     configMapKeyRef: | ||||||
|  |     #       name: special-config | ||||||
|  |     #       key: special-key | ||||||
|  |     # - name: SPECIAL_ENV | ||||||
|  |     #   valueFrom: | ||||||
|  |     #     secretKeyRef: | ||||||
|  |     #       name: special-secret | ||||||
|  |     #       key: special-key | ||||||
|  |  | ||||||
|  |     ## @param deployment.athensProxy.envFrom List of environment variables mounted from configMaps or secrets for the athens-proxy container. | ||||||
|  |     envFrom: [] | ||||||
|  |     # - configMapRef: | ||||||
|  |     #     name: special-config | ||||||
|  |     # - secretRef: | ||||||
|  |     #     name: special-secret | ||||||
|  |  | ||||||
|  |     ## @param deployment.athensProxy.image.registry Image registry, eg. `docker.io`. | ||||||
|  |     ## @param deployment.athensProxy.image.repository Image repository, eg. `library/busybox`. | ||||||
|  |     ## @param deployment.athensProxy.image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | ||||||
|  |     ## @param deployment.athensProxy.image.pullPolicy Image pull policy. | ||||||
|  |     image: | ||||||
|  |       registry: docker.io | ||||||
|  |       repository: gomods/athens | ||||||
|  |       tag: "" | ||||||
|  |       pullPolicy: IfNotPresent | ||||||
|  |  | ||||||
|  |     ## @param deployment.athensProxy.resources CPU and memory resources of the pod. | ||||||
|  |     resources: {} | ||||||
|  |       # limits: | ||||||
|  |       #   cpu: | ||||||
|  |       #   ephemeral-storage: | ||||||
|  |       #   memory: | ||||||
|  |       # requests: | ||||||
|  |       #   cpu: | ||||||
|  |       #   ephemeral-storage: | ||||||
|  |       #   memory: | ||||||
|  |  | ||||||
|  |     ## @param deployment.athensProxy.securityContext Security context of the container of the deployment. | ||||||
|  |     securityContext: {} | ||||||
|  |       # capabilities: | ||||||
|  |       #   add: | ||||||
|  |       #   - NET_RAW | ||||||
|  |       #   drop: | ||||||
|  |       #   - ALL | ||||||
|  |       # privileged: false | ||||||
|  |       # readOnlyRootFilesystem: true | ||||||
|  |       # runAsNonRoot: true | ||||||
|  |       # runAsUser: 1000 | ||||||
|  |  | ||||||
|  |     ## @param deployment.athensProxy.volumeMounts Additional volume mounts. | ||||||
|  |     volumeMounts: [] | ||||||
|  |     # - name: my-configmap-volume | ||||||
|  |     #   mountPath: /configmap | ||||||
|  |     #   readOnly: true | ||||||
|  |  | ||||||
|  |   ## @param deployment.nodeSelector NodeSelector of the athens-proxy deployment. | ||||||
|  |   nodeSelector: {} | ||||||
|  |  | ||||||
|  |   ## @param deployment.priorityClassName PriorityClassName of the athens-proxy deployment. | ||||||
|  |   priorityClassName: "" | ||||||
|  |  | ||||||
|  |   ## @param deployment.replicas Number of replicas for the athens-proxy deployment. | ||||||
|  |   replicas: 1 | ||||||
|  |  | ||||||
|  |   ## @param deployment.restartPolicy Restart policy of the athens-proxy deployment. | ||||||
|  |   restartPolicy: "" | ||||||
|  |  | ||||||
|  |   ## @param deployment.securityContext Security context of the athens-proxy deployment. | ||||||
|  |   securityContext: {} | ||||||
|  |     # fsGroup: 2000 | ||||||
|  |  | ||||||
|  |   ## @param deployment.strategy.type Strategy type - `Recreate` or `RollingUpdate`. | ||||||
|  |   ## @param deployment.strategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | ||||||
|  |   ## @param deployment.strategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update. | ||||||
|  |   strategy: | ||||||
|  |     type: "RollingUpdate" | ||||||
|  |     rollingUpdate: | ||||||
|  |       maxSurge: 1 | ||||||
|  |       maxUnavailable: 1 | ||||||
|  |  | ||||||
|  |   ## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod. | ||||||
|  |   terminationGracePeriodSeconds: 60 | ||||||
|  |  | ||||||
|  |   ## @param deployment.tolerations Tolerations of the athens-proxy deployment. | ||||||
|  |   tolerations: [] | ||||||
|  |   # - key: database/type | ||||||
|  |   #   operator: Equal | ||||||
|  |   #   value: postgres | ||||||
|  |   #   effect: NoSchedule | ||||||
|  |  | ||||||
|  |   ## @param deployment.topologySpreadConstraints TopologySpreadConstraints of the athens-proxy deployment. | ||||||
|  |   topologySpreadConstraints: [] | ||||||
|  |   # - topologyKey: kubernetes.io/hostname | ||||||
|  |   #   whenUnsatisfiable: DoNotSchedule | ||||||
|  |   #   labelSelector: | ||||||
|  |   #     matchLabels: | ||||||
|  |   #       app.kubernetes.io/instance: athens-proxy | ||||||
|  |  | ||||||
|  |   ## @param deployment.volumes Additional volumes to mount into the pods of the athens-proxy deployment. | ||||||
|  |   volumes: [] | ||||||
|  |   # - name: my-configmap-volume | ||||||
|  |   #   config: | ||||||
|  |   #     name: my-configmap | ||||||
|  |   # - name: my-secret-volume | ||||||
|  |   #   secret: | ||||||
|  |   #     secretName: my-secret | ||||||
|  |  | ||||||
|  | ## @section Horizontal Pod Autoscaler (HPA) | ||||||
|  | # In order for the HPA to function successfully, a metric server is required, especially for resource consumption. The | ||||||
|  | # metric server enables the CPU and memory utilisation to be recorded. If such a metric server is not available, the HPA | ||||||
|  | # cannot scale pods based on CPU or memory utilisation. Further information be be found here: | ||||||
|  | # https://github.com/kubernetes-sigs/metrics-server#deployment | ||||||
|  | hpa: | ||||||
|  |   ## @param hpa.enabled Enable the horizontal pod autoscaler (HPA). | ||||||
|  |   ## @param hpa.annotations Additional annotations for the HPA. | ||||||
|  |   ## @param hpa.labels Additional labels for the HPA. | ||||||
|  |   ## @param hpa.metrics Metrics contains the specifications for which to use to calculate the desired replica count. | ||||||
|  |   ## @skip hpa.metrics Skip individual HPA metric configurations. | ||||||
|  |   ## @param hpa.minReplicas Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down. | ||||||
|  |   ## @param hpa.maxReplicas Upper limit for the number of pods that can be set by the autoscaler. | ||||||
|  |   enabled: false | ||||||
|   annotations: {} |   annotations: {} | ||||||
|   # externalIPs: [] |   labels: {} | ||||||
|   # externalTrafficPolicy: "Cluster" |   metrics: | ||||||
|   # loadBalancerClass: "" |   - resource: | ||||||
|   # loadBalancerIP: "" |       name: cpu | ||||||
|   # loadBalancerSourceRanges: [] |       target: | ||||||
|   # internalTrafficPolicy: "Cluster" |         averageUtilization: 65 | ||||||
|   name: http |         type: Utilization | ||||||
|   targetPort: 3000 |     type: Resource | ||||||
|   type: ClusterIP |   # - resource: | ||||||
|   port: 3000 |   #     name: memory | ||||||
|  |   #     target: | ||||||
|  |   #       averageUtilization: 65 | ||||||
|  |   #       type: Utilization | ||||||
|  |   minReplicas: 1 | ||||||
|  |   maxReplicas: 10 | ||||||
|  |  | ||||||
|  | ## @section Ingress | ||||||
| ingress: | ingress: | ||||||
|  |   ## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled. | ||||||
|  |   ## @param ingress.className Ingress class. | ||||||
|  |   ## @param ingress.annotations Additional ingress annotations. | ||||||
|  |   ## @param ingress.labels Additional ingress labels. | ||||||
|   enabled: false |   enabled: false | ||||||
|   className: "nginx" |   className: "nginx" | ||||||
|   annotations: {} |   annotations: {} | ||||||
|     # kubernetes.io/ingress.class: nginx |   labels: {} | ||||||
|     # cert-manager.io/issuer: |  | ||||||
|     # kubernetes.io/tls-acme: "true" |  | ||||||
|   hosts: |  | ||||||
|   - host: "your-hostname" |  | ||||||
|     paths: |  | ||||||
|     - path: / |  | ||||||
|       pathType: ImplementationSpecific |  | ||||||
|   tls: |  | ||||||
|   - secretName: "your-tls-secret" |  | ||||||
|     hosts: |  | ||||||
|     - "your-hostname" |  | ||||||
|  |  | ||||||
| resources: {} |   ## @param ingress.hosts Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. | ||||||
|   # We usually recommend not to specify default resources and to leave this as a conscious |   ## @skip ingress.hosts Skip individual host configuration. | ||||||
|   # choice for the user. This also increases chances charts run on environments with little |   hosts: [] | ||||||
|   # resources, such as Minikube. If you do want to specify resources, uncomment the following |   # - host: athens-proxy.example.local | ||||||
|   # lines, adjust them as necessary, and remove the curly braces after 'resources:'. |   #   paths: | ||||||
|   # limits: |   #   - path: / | ||||||
|   #   cpu: 100m |   #     pathType: Prefix | ||||||
|   #   memory: 128Mi |  | ||||||
|   # requests: |  | ||||||
|   #   cpu: 100m |  | ||||||
|   #   memory: 128Mi |  | ||||||
|  |  | ||||||
| nodeSelector: |   ## @param ingress.tls Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``. | ||||||
|   kubernetes.io/arch: amd64 |   ## @skip ingress.tls Skip individual TLS configuration. | ||||||
|  |   tls: [] | ||||||
|  |   # - secretName: athens-proxy-http-tls | ||||||
|  |   #   hosts: | ||||||
|  |   #   - athens-proxy.example.local | ||||||
|  |  | ||||||
| tolerations: [] | ## @section Persistence | ||||||
|  | persistence: | ||||||
|  |   ## @param persistence.enabled Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. | ||||||
|  |   enabled: false | ||||||
|  |  | ||||||
| # extra volumes for the pod |   data: | ||||||
| extraVolumes: {} |     ## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`. | ||||||
| # The following example mount the same secret, which contains tls certificates |     mountPath: "/var/www/athens-proxy/data" | ||||||
| # under different names. Each volume mount contains only selected items of the |  | ||||||
| # secret. This make it easier to place the items on different locations inside the |  | ||||||
| # container filesystem via extraVolumeMounts. |  | ||||||
| # - name: custom-ca-anchor |  | ||||||
| #   secret: |  | ||||||
| #     secretName: athens-proxy-custom-tls-certificates |  | ||||||
| #     items: |  | ||||||
| #     - key: ca.crt |  | ||||||
| #       path: ca.crt |  | ||||||
| #       mode: 0444 |  | ||||||
| # - name: custom-tls-certificates |  | ||||||
| #   secret: |  | ||||||
| #     secretName: athens-proxy-custom-tls-certificates |  | ||||||
| #     items: |  | ||||||
| #     - key: tls.key |  | ||||||
| #       path: tls.key |  | ||||||
| #       mode: 0400 |  | ||||||
| #     - key: tls.crt |  | ||||||
| #       path: tls.crt |  | ||||||
| #       mode: 0444 |  | ||||||
|  |  | ||||||
| extraVolumeMounts: {} |     ## @param persistence.data.existingPersistentVolumeClaim.enabled Use an existing persistent volume claim. | ||||||
| # The following example follows the example of extraVolumes and mounts the |     ## @param persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName The name of the existing persistent volume claim. | ||||||
| # volumes to the corresponding paths in the container filesystem. |     existingPersistentVolumeClaim: | ||||||
| # - name: custom-ca-anchor |       enabled: false | ||||||
| #   mountPath: /usr/local/share/ca-certificates |       persistentVolumeClaimName: "" | ||||||
| # - name: custom-tls-certificates |  | ||||||
| #   mountPath: /etc/athens-proxy/tls |     ## @param persistence.data.persistentVolumeClaim.annotations Additional persistent volume claim annotations. | ||||||
|  |     ## @param persistence.data.persistentVolumeClaim.labels Additional persistent volume claim labels. | ||||||
|  |     ## @param persistence.data.persistentVolumeClaim.accessModes Access modes of the persistent volume claim. | ||||||
|  |     ## @param persistence.data.persistentVolumeClaim.storageClassName Storage class of the persistent volume claim. | ||||||
|  |     ## @param persistence.data.persistentVolumeClaim.storageSize Size of the persistent volume claim. | ||||||
|  |     persistentVolumeClaim: | ||||||
|  |       annotations: {} | ||||||
|  |       labels: {} | ||||||
|  |       accessModes: | ||||||
|  |       - ReadWriteMany | ||||||
|  |       storageClassName: "" | ||||||
|  |       storageSize: "5Gi" | ||||||
|  |  | ||||||
|  | ## @section Network | ||||||
|  | ## @param clusterDomain Domain of the Cluster. Domain is part of internally issued certificates. | ||||||
|  | clusterDomain: "cluster.local" | ||||||
|  |  | ||||||
|  | ## @section Network Policy | ||||||
|  | networkPolicy: | ||||||
|  |   ## @param networkPolicy.enabled Enable network policies in general. | ||||||
|  |   ## @param networkPolicy.annotations Additional network policy annotations. | ||||||
|  |   ## @param networkPolicy.labels Additional network policy labels. | ||||||
|  |   ## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress. | ||||||
|  |   ## @param networkPolicy.egress Concrete egress network policy implementation. | ||||||
|  |   ## @skip networkPolicy.egress Skip individual egress configuration. | ||||||
|  |   ## @param networkPolicy.ingress Concrete ingress network policy implementation. | ||||||
|  |   ## @skip networkPolicy.ingress Skip individual ingress configuration. | ||||||
|  |   enabled: false | ||||||
|  |   annotations: {} | ||||||
|  |   labels: {} | ||||||
|  |   policyTypes: [] | ||||||
|  |   # - Egress | ||||||
|  |   # - Ingress | ||||||
|  |   egress: [] | ||||||
|  |   # Allow outgoing HTTPS traffic to external go module servers | ||||||
|  |   # | ||||||
|  |   # - ports: | ||||||
|  |   #   - port: 443 | ||||||
|  |   #     protocol: TCP | ||||||
|  |  | ||||||
|  |   # Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns. | ||||||
|  |   # | ||||||
|  |   # - to: | ||||||
|  |   #   - namespaceSelector: | ||||||
|  |   #       matchLabels: | ||||||
|  |   #         kubernetes.io/metadata.name: kube-system | ||||||
|  |   #     podSelector: | ||||||
|  |   #       matchLabels: | ||||||
|  |   #        k8s-app: kube-dns | ||||||
|  |   #   ports: | ||||||
|  |   #   - port: 53 | ||||||
|  |   #     protocol: TCP | ||||||
|  |   #   - port: 53 | ||||||
|  |   #     protocol: UDP | ||||||
|  |  | ||||||
|  |   ingress: [] | ||||||
|  |   # Allow incoming HTTP traffic from prometheus. | ||||||
|  |   # | ||||||
|  |   # - from: | ||||||
|  |   #   - namespaceSelector: | ||||||
|  |   #       matchLabels: | ||||||
|  |   #         kubernetes.io/metadata.name: monitoring | ||||||
|  |   #     podSelector: | ||||||
|  |   #       matchLabels: | ||||||
|  |   #         app.kubernetes.io/name: prometheus | ||||||
|  |   #   ports: | ||||||
|  |   #   - port: http | ||||||
|  |   #     protocol: TCP | ||||||
|  |  | ||||||
|  |   # Allow incoming HTTP traffic from ingress-nginx. | ||||||
|  |   # | ||||||
|  |   # - from: | ||||||
|  |   #   - namespaceSelector: | ||||||
|  |   #       matchLabels: | ||||||
|  |   #         kubernetes.io/metadata.name: ingress-nginx | ||||||
|  |   #     podSelector: | ||||||
|  |   #       matchLabels: | ||||||
|  |   #         app.kubernetes.io/name: ingress-nginx | ||||||
|  |   #   ports: | ||||||
|  |   #   - port: http | ||||||
|  |   #     protocol: TCP | ||||||
|  |  | ||||||
|  | ## @section Service | ||||||
|  | ## @param services.http.enabled Enable the service. | ||||||
|  | ## @param services.http.annotations Additional service annotations. | ||||||
|  | ## @param services.http.externalIPs External IPs for the service. | ||||||
|  | ## @param services.http.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | ||||||
|  | ## @param services.http.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | ||||||
|  | ## @param services.http.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | ||||||
|  | ## @param services.http.labels Additional service labels. | ||||||
|  | ## @param services.http.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | ||||||
|  | ## @param services.http.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | ||||||
|  | ## @param services.http.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | ||||||
|  | ## @param services.http.port Port to forward the traffic to. | ||||||
|  | ## @param services.http.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | ||||||
|  | ## @param services.http.sessionAffinityConfig Contains the configuration of the session affinity. | ||||||
|  | ## @param services.http.type Kubernetes service type for the traffic. | ||||||
|  | services: | ||||||
|  |   http: | ||||||
|  |     enabled: true | ||||||
|  |     annotations: {} | ||||||
|  |     externalIPs: [] | ||||||
|  |     externalTrafficPolicy: "Cluster" | ||||||
|  |     internalTrafficPolicy: "Cluster" | ||||||
|  |     ipFamilies: [] | ||||||
|  |     labels: {} | ||||||
|  |     loadBalancerClass: "" | ||||||
|  |     loadBalancerIP: "" | ||||||
|  |     loadBalancerSourceRanges: [] | ||||||
|  |     port: 3000 | ||||||
|  |     sessionAffinity: "None" | ||||||
|  |     sessionAffinityConfig: {} | ||||||
|  |     type: "ClusterIP" | ||||||
|  |  | ||||||
|  | ## @section ServiceAccount | ||||||
|  | serviceAccount: | ||||||
|  |   ## @param serviceAccount.existing.enabled Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations. | ||||||
|  |   ## @param serviceAccount.existing.serviceAccountName Name of the existing service account. | ||||||
|  |   existing: | ||||||
|  |     enabled: false | ||||||
|  |     serviceAccountName: "" | ||||||
|  |  | ||||||
|  |   ## @param serviceAccount.new.annotations Additional service account annotations. | ||||||
|  |   ## @param serviceAccount.new.labels Additional service account labels. | ||||||
|  |   ## @param serviceAccount.new.automountServiceAccountToken Enable/disable auto mounting of the service account token. | ||||||
|  |   ## @param serviceAccount.new.imagePullSecrets ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount. | ||||||
|  |   ## @param serviceAccount.new.secrets Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. | ||||||
|  |   new: | ||||||
|  |     annotations: {} | ||||||
|  |     labels: {} | ||||||
|  |     automountServiceAccountToken: true | ||||||
|  |     imagePullSecrets: [] | ||||||
|  |     # - name: "my-image-pull-secret" | ||||||
|  |     secrets: [] | ||||||
|  |     # - name: "my-secret" | ||||||
|  |     #   namespace: "my-namespace" | ||||||
|  |     #   fieldPath: "my-field" | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user