122 Commits

Author SHA1 Message Date
d7222794ca chore(deps): update docker.io/library/node docker tag to v25
All checks were successful
Generate README / generate-parameters (push) Successful in 42s
Helm / helm-lint (push) Successful in 16s
Helm / helm-unittest (push) Successful in 17s
Markdown linter / markdown-link-checker (push) Successful in 32s
Markdown linter / markdown-lint (push) Successful in 29s
Generate README / generate-parameters (pull_request) Successful in 30s
Helm / helm-lint (pull_request) Successful in 15s
Helm / helm-unittest (pull_request) Successful in 16s
Markdown linter / markdown-link-checker (pull_request) Successful in 31s
Markdown linter / markdown-lint (pull_request) Successful in 28s
2025-10-21 22:01:12 +00:00
4974d63a8c docs(README): adapt jq expression to ignore reloader annotation
All checks were successful
Generate README / generate-parameters (push) Successful in 29s
Helm / helm-lint (push) Successful in 16s
Helm / helm-unittest (push) Successful in 17s
Markdown linter / markdown-link-checker (push) Successful in 30s
Markdown linter / markdown-lint (push) Successful in 28s
2025-10-21 22:32:13 +02:00
1bbd0352c3 docs(README): add tip how to ignore stakater's reloader annotations
Some checks failed
Generate README / generate-parameters (push) Successful in 31s
Helm / helm-lint (push) Successful in 15s
Helm / helm-unittest (push) Successful in 17s
Markdown linter / markdown-link-checker (push) Successful in 31s
Markdown linter / markdown-lint (push) Has been cancelled
2025-10-21 22:29:09 +02:00
ccdf377aaa chore(deps): update dependency helm-unittest/helm-unittest to v1.0.3
All checks were successful
Helm / helm-unittest (pull_request) Successful in 12s
Helm / helm-lint (pull_request) Successful in 14s
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 16s
2025-10-16 22:04:50 +02:00
64790fc316 fix(renovate): update packageRule for helm-unittest/helm-unittest
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 18s
2025-10-16 22:02:31 +02:00
2c88d6698b fix(renovate): update packageRule for helm-unittest/helm-unittest
All checks were successful
Helm / helm-lint (push) Successful in 12s
Helm / helm-unittest (push) Successful in 17s
2025-10-16 21:45:15 +02:00
9abdb1ca3a docs(README): describe existing persistent volume claims
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 7s
Markdown linter / markdown-link-checker (push) Successful in 12s
Generate README / generate-parameters (push) Successful in 29s
Markdown linter / markdown-lint (push) Successful in 9s
2025-10-16 17:23:11 +02:00
81f14405fd Merge pull request 'chore(deps): update dependency volker.raschek/athens-proxy-charts to v1' (#102) from renovate/volker.raschek-athens-proxy-charts-1.x into master
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 7s
Markdown linter / markdown-lint (push) Successful in 8s
Markdown linter / markdown-link-checker (push) Successful in 31s
2025-10-15 22:02:04 +00:00
7b37bfc373 chore(deps): update dependency volker.raschek/athens-proxy-charts to v1
All checks were successful
Markdown linter / markdown-lint (pull_request) Successful in 9s
Markdown linter / markdown-link-checker (pull_request) Successful in 32s
Generate README / generate-parameters (push) Successful in 12s
Helm / helm-lint (push) Successful in 13s
Helm / helm-unittest (push) Successful in 6s
Markdown linter / markdown-lint (push) Successful in 10s
Generate README / generate-parameters (pull_request) Successful in 9s
Helm / helm-lint (pull_request) Successful in 6s
Markdown linter / markdown-link-checker (push) Successful in 34s
Helm / helm-unittest (pull_request) Successful in 6s
2025-10-15 22:01:05 +00:00
bba0df90ff docs(README): add missing backslash
All checks were successful
Generate README / generate-parameters (push) Successful in 28s
Helm / helm-unittest (push) Successful in 7s
Helm / helm-lint (push) Successful in 15s
Markdown linter / markdown-link-checker (push) Successful in 12s
Markdown linter / markdown-lint (push) Successful in 28s
2025-10-15 21:33:57 +02:00
cb312817c3 docs(README): TLS encryption
Some checks failed
Helm / helm-lint (push) Successful in 17s
Generate README / generate-parameters (push) Successful in 20s
Helm / helm-unittest (push) Has been cancelled
Markdown linter / markdown-lint (push) Has been cancelled
Markdown linter / markdown-link-checker (push) Has been cancelled
2025-10-15 21:33:31 +02:00
fe428d83d2 Merge pull request 'chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.1.1' (#101) from renovate/volker.raschek-athens-proxy-charts-1.x into master
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Helm / helm-lint (push) Successful in 6s
Markdown linter / markdown-link-checker (push) Successful in 11s
Helm / helm-unittest (push) Successful in 17s
Markdown linter / markdown-lint (push) Successful in 11s
2025-10-14 22:05:07 +00:00
4c94529eab chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.1.1
All checks were successful
Generate README / generate-parameters (push) Successful in 29s
Helm / helm-unittest (push) Successful in 15s
Helm / helm-lint (push) Successful in 15s
Generate README / generate-parameters (pull_request) Successful in 29s
Markdown linter / markdown-link-checker (push) Successful in 33s
Markdown linter / markdown-lint (push) Successful in 27s
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 15s
Markdown linter / markdown-lint (pull_request) Successful in 23s
Markdown linter / markdown-link-checker (pull_request) Successful in 42s
2025-10-14 22:01:47 +00:00
297f36920a fix(certificate): subject in body must be of type object
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 7s
Release / publish-chart (push) Successful in 18s
2025-10-14 23:26:09 +02:00
4102fc9014 feat(certificates): support certificates
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Helm / helm-lint (push) Successful in 14s
Helm / helm-unittest (push) Successful in 7s
Markdown linter / markdown-lint (push) Successful in 15s
Markdown linter / markdown-link-checker (push) Successful in 32s
Release / publish-chart (push) Successful in 19s
The following patch enables you to generate certificates using cert-manager or,
alternatively, to mount a secret with TLS certificates.

The HTTP server is then automatically configured to use the TLS certificates to
encrypt HTTP traffic.

If an ingress controller is also used, such as the nginx-ingress controller, the
necessary annotations must still be set to inform the nginx-ingress controller
that the HTTP upstream server communicates via HTTPS.
2025-10-14 23:02:28 +02:00
be923ed95f Merge pull request 'chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.0.3' (#100) from renovate/volker.raschek-athens-proxy-charts-1.x into master
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Helm / helm-lint (push) Successful in 8s
Markdown linter / markdown-link-checker (push) Successful in 11s
Helm / helm-unittest (push) Successful in 16s
Markdown linter / markdown-lint (push) Successful in 9s
2025-10-12 22:03:24 +00:00
f07ff039ce chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.0.3
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Helm / helm-lint (push) Successful in 17s
Helm / helm-unittest (push) Successful in 7s
Markdown linter / markdown-lint (push) Successful in 1m0s
Markdown linter / markdown-link-checker (push) Successful in 1m20s
Generate README / generate-parameters (pull_request) Successful in 11s
Helm / helm-unittest (pull_request) Successful in 19s
Helm / helm-lint (pull_request) Successful in 23s
Markdown linter / markdown-link-checker (pull_request) Successful in 16s
Markdown linter / markdown-lint (pull_request) Successful in 34s
2025-10-12 22:01:05 +00:00
a11be194cc docs(Chart): adapt list of sources
All checks were successful
Helm / helm-lint (push) Successful in 1m0s
Helm / helm-unittest (push) Successful in 15s
2025-10-12 22:36:52 +02:00
7908de9313 docs(README): update parameter description
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
Markdown linter / markdown-link-checker (push) Successful in 11s
Generate README / generate-parameters (push) Successful in 28s
Markdown linter / markdown-lint (push) Successful in 10s
2025-10-12 22:34:22 +02:00
adfe40a9c7 docs(README): adapt description of networkPolicy examples
Some checks failed
Helm / helm-lint (push) Successful in 1m4s
Helm / helm-unittest (push) Successful in 7s
Generate README / generate-parameters (push) Failing after 1m21s
2025-10-12 22:24:10 +02:00
eadbcf243b fix(deployment): mount configMap 'gitconfig'
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 20s
Release / publish-chart (push) Successful in 13s
2025-10-12 22:09:03 +02:00
0caa188bb1 fix(deployment): mount additional volumes
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 15s
Release / publish-chart (push) Successful in 8s
2025-10-12 22:03:25 +02:00
3bce806ed6 fix(deployment): mount environment variables and volumes only when enabled
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 15s
Release / publish-chart (push) Successful in 8s
2025-10-12 21:55:31 +02:00
5c09cf8c79 docs(README): skip rendering of file content
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 6s
Generate README / generate-parameters (push) Successful in 28s
Markdown linter / markdown-link-checker (push) Successful in 12s
Markdown linter / markdown-lint (push) Successful in 28s
2025-10-12 21:11:45 +02:00
d4b5c0c86f fix(Chart): adapt annotation 'artifacthub.io/links'
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 15s
2025-10-12 20:54:08 +02:00
74598b4ee0 docs(README): mention upstream https://proxy.golang.org
Some checks failed
Generate README / generate-parameters (push) Successful in 29s
Helm / helm-lint (push) Successful in 17s
Helm / helm-unittest (push) Successful in 15s
Markdown linter / markdown-link-checker (push) Successful in 31s
Markdown linter / markdown-lint (push) Failing after 27s
Release / publish-chart (push) Successful in 1m56s
2025-10-12 19:19:09 +02:00
b06c1962cc docs(README): update chart version to 1.0.0
Some checks failed
Helm / helm-lint (push) Successful in 51s
Generate README / generate-parameters (push) Successful in 1m8s
Helm / helm-unittest (push) Has been cancelled
Markdown linter / markdown-lint (push) Has been cancelled
Markdown linter / markdown-link-checker (push) Has started running
2025-10-12 19:17:49 +02:00
991c545c93 test(deployment): adapt download mode url
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 15s
2025-10-12 19:06:55 +02:00
7c60c70244 docs(README): avoid CPU throttling by defining a CPU limit
Some checks failed
Helm / helm-lint (push) Successful in 11s
Helm / helm-unittest (push) Failing after 7s
Generate README / generate-parameters (push) Successful in 29s
Markdown linter / markdown-link-checker (push) Successful in 12s
Markdown linter / markdown-lint (push) Failing after 27s
2025-10-12 19:04:26 +02:00
0e048cdf4b docs(README): adapt downloadURL
Some checks failed
Generate README / generate-parameters (push) Successful in 10s
Helm / helm-lint (push) Successful in 14s
Helm / helm-unittest (push) Failing after 6s
Markdown linter / markdown-lint (push) Failing after 9s
Markdown linter / markdown-link-checker (push) Successful in 35s
2025-10-12 18:58:24 +02:00
89604cbe64 docs(README): mount secret with environment variables
Some checks failed
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 7s
Generate README / generate-parameters (push) Successful in 30s
Markdown linter / markdown-link-checker (push) Failing after 2m16s
Markdown linter / markdown-lint (push) Failing after 2m10s
2025-10-12 18:48:40 +02:00
f63450aec4 fix(deployment): mount secret with environment variables
Some checks failed
Generate README / generate-parameters (push) Failing after 10s
Helm / helm-lint (push) Has been cancelled
Helm / helm-unittest (push) Has been cancelled
2025-10-12 18:48:18 +02:00
d1e5accccb fix: supprt automatically roll deployments
All checks were successful
Helm / helm-unittest (push) Successful in 8s
Helm / helm-lint (push) Successful in 1m1s
2025-10-12 18:00:06 +02:00
fbd846784c fix(networkPolicy): use single network policy
Some checks failed
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 7s
Markdown linter / markdown-link-checker (push) Successful in 11s
Generate README / generate-parameters (push) Failing after 28s
Markdown linter / markdown-lint (push) Successful in 17s
2025-10-12 17:21:05 +02:00
bab5282617 fix(Chart): remove maintainer section
Some checks failed
Helm / helm-unittest (push) Failing after 19m53s
Helm / helm-lint (push) Failing after 19m55s
2025-10-12 17:07:26 +02:00
307660c767 refac: remove obsolete directory athens-proxy
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 15s
2025-10-12 17:05:51 +02:00
59b43aac79 fix(configMap): enable downloadURL and mode by default
Some checks failed
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
Generate README / generate-parameters (push) Successful in 28s
Markdown linter / markdown-link-checker (push) Failing after 14s
Markdown linter / markdown-lint (push) Failing after 33s
2025-10-12 16:54:36 +02:00
85a38e7d22 fix(deployment): remove leading v of the container image tag
All checks were successful
Helm / helm-lint (push) Successful in 21s
Helm / helm-unittest (push) Successful in 17s
2025-10-12 16:49:43 +02:00
2005fb8e05 fix(ci): update workflows and make targets
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 15s
2025-10-12 16:37:24 +02:00
5f78a0f071 fix(config): support the download mode file
Some checks failed
Helm / helm-lint (push) Successful in 8s
Helm / helm-unittest (push) Successful in 13s
Generate README / generate-parameters (push) Successful in 29s
Markdown linter / markdown-link-checker (push) Failing after 21s
Markdown linter / markdown-lint (push) Failing after 27s
2025-10-12 16:33:21 +02:00
c157c8c210 fix(config): support ssh 2025-10-12 16:33:21 +02:00
5b9fa88dd6 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.10.0' (#98) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
2025-10-12 13:04:19 +00:00
458037db70 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.10.0' (#97) from renovate/actions into master
Some checks failed
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Has been cancelled
2025-10-12 13:03:44 +00:00
b1bb94f0bd Merge pull request 'chore(deps): update dependency markdown-link-check to v3.14.0' (#99) from renovate/markdown-link-check-3.x-lockfile into master
Some checks failed
Helm / helm-lint (push) Has been cancelled
Helm / helm-unittest (push) Has been cancelled
2025-10-12 13:02:48 +00:00
62a92fdabb chore(deps): update docker.io/library/node docker tag to v24.10.0
Some checks failed
Generate README / generate-parameters (push) Failing after 9s
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (push) Successful in 15s
Generate README / generate-parameters (pull_request) Failing after 16s
Helm / helm-unittest (pull_request) Successful in 7s
Helm / helm-lint (pull_request) Successful in 16s
2025-10-12 13:02:25 +00:00
a01b0143c0 chore(deps): update docker.io/library/node docker tag to v24.10.0
Some checks failed
Generate README / generate-parameters (push) Failing after 21s
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (push) Successful in 16s
Generate README / generate-parameters (pull_request) Failing after 9s
Helm / helm-unittest (pull_request) Successful in 6s
Helm / helm-lint (pull_request) Successful in 15s
2025-10-12 13:02:13 +00:00
953fd85f53 chore(deps): update dependency markdown-link-check to v3.14.1
Some checks failed
Generate README / generate-parameters (push) Failing after 10s
Helm / helm-lint (push) Successful in 14s
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (pull_request) Successful in 6s
Helm / helm-unittest (pull_request) Successful in 9s
Generate README / generate-parameters (pull_request) Failing after 40s
2025-10-12 13:02:04 +00:00
bf721d8af1 fix(config): support gitconfig
Some checks failed
Helm / helm-lint (push) Successful in 18s
Generate README / generate-parameters (push) Failing after 21s
Helm / helm-unittest (push) Successful in 15s
2025-10-12 13:00:34 +02:00
60fdfd90e1 test(configMap): gitConfig
All checks were successful
Helm / helm-lint (push) Successful in 8s
Helm / helm-unittest (push) Successful in 6s
2025-10-12 12:25:24 +02:00
71164d60ae docs(README): describe .gitconfig properties
Some checks failed
Helm / helm-lint (push) Successful in 11s
Helm / helm-unittest (push) Failing after 6s
Generate README / generate-parameters (push) Failing after 30s
2025-10-03 16:29:29 +02:00
a00d40b792 fix(config): support netrc 2025-10-03 16:29:29 +02:00
d02f63be7a fix: improve chart 2025-10-03 16:29:27 +02:00
744938f8f4 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.9.0' (#96) from renovate/container-images into master
All checks were successful
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (push) Successful in 13s
2025-09-26 22:02:28 +00:00
e3185b2482 chore(deps): update docker.io/library/node docker tag to v24.9.0
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-lint (pull_request) Successful in 5s
Helm / helm-unittest (pull_request) Successful in 6s
Helm / helm-unittest (push) Successful in 14s
2025-09-26 22:01:55 +00:00
e2fab050d3 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.9.0' (#95) from renovate/actions into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 15s
2025-09-26 19:03:42 +00:00
83336c7f87 chore(deps): update docker.io/library/node docker tag to v24.9.0
All checks were successful
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (push) Successful in 13s
Helm / helm-lint (pull_request) Successful in 5s
Helm / helm-unittest (pull_request) Successful in 15s
2025-09-26 19:02:59 +00:00
1e2a31edaa Merge pull request 'chore(deps): update volkerraschek/helm docker tag to v3.19.0' (#94) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 5s
Helm / helm-unittest (push) Successful in 6s
2025-09-21 13:02:37 +00:00
0b39de958a Merge pull request 'chore(deps): update docker.io/volkerraschek/helm docker tag to v3.19.0' (#93) from renovate/actions into master
Some checks failed
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (push) Has been cancelled
2025-09-21 13:02:14 +00:00
a0abe49b23 chore(deps): update volkerraschek/helm docker tag to v3.19.0
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-lint (pull_request) Successful in 7s
Helm / helm-unittest (push) Successful in 15s
Helm / helm-unittest (pull_request) Successful in 6s
2025-09-21 13:01:47 +00:00
cc46ad7af1 chore(deps): update docker.io/volkerraschek/helm docker tag to v3.19.0
All checks were successful
Helm / helm-lint (push) Successful in 10s
Helm / helm-lint (pull_request) Successful in 7s
Helm / helm-unittest (pull_request) Successful in 6s
Helm / helm-unittest (push) Successful in 28s
2025-09-21 13:01:36 +00:00
cd9a843a96 Merge pull request 'chore(deps): update actions/checkout action to v5' (#92) from renovate/actions-checkout-5.x into master
All checks were successful
Helm / helm-lint (push) Successful in 14s
Helm / helm-unittest (push) Successful in 15s
2025-09-19 20:10:42 +00:00
6b0d2ff350 chore(deps): update actions/checkout action to v5
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (pull_request) Successful in 5s
Helm / helm-unittest (pull_request) Successful in 6s
2025-09-18 16:50:20 +00:00
ccd7c9a1cd Merge pull request 'chore(deps): update gomods/athens docker tag to v0.16.1' (#91) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 13s
Helm / helm-unittest (push) Successful in 15s
2025-09-12 22:03:27 +00:00
b169136c37 chore(deps): update gomods/athens docker tag to v0.16.1
All checks were successful
Helm / helm-lint (push) Successful in 15s
Helm / helm-unittest (push) Successful in 14s
Helm / helm-lint (pull_request) Successful in 15s
Helm / helm-unittest (pull_request) Successful in 15s
2025-09-12 22:02:15 +00:00
9b4a708f29 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.8.0' (#90) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 17s
Helm / helm-unittest (push) Successful in 18s
2025-09-11 01:04:28 +00:00
053036bcd5 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.8.0' (#89) from renovate/actions into master
Some checks failed
Helm / helm-unittest (push) Has been cancelled
Helm / helm-lint (push) Has been cancelled
2025-09-11 01:03:14 +00:00
783e244cd3 chore(deps): update docker.io/library/node docker tag to v24.8.0
All checks were successful
Helm / helm-lint (push) Successful in 15s
Helm / helm-unittest (push) Successful in 16s
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 18s
2025-09-11 01:02:02 +00:00
41da943040 chore(deps): update docker.io/library/node docker tag to v24.8.0
All checks were successful
Helm / helm-lint (push) Successful in 22s
Helm / helm-unittest (push) Successful in 18s
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 18s
2025-09-11 01:01:47 +00:00
9ef0317677 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.7.0' (#88) from renovate/container-images into master
All checks were successful
Helm / helm-unittest (push) Successful in 14s
Helm / helm-lint (push) Successful in 17s
2025-08-28 13:02:54 +00:00
5a890741e4 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.7.0' (#87) from renovate/actions into master
Some checks failed
Helm / helm-unittest (push) Has been cancelled
Helm / helm-lint (push) Has been cancelled
2025-08-28 13:02:21 +00:00
cd16ddc5d8 chore(deps): update docker.io/library/node docker tag to v24.7.0
All checks were successful
Helm / helm-unittest (push) Successful in 15s
Helm / helm-lint (push) Successful in 15s
Helm / helm-lint (pull_request) Successful in 15s
Helm / helm-unittest (pull_request) Successful in 15s
2025-08-28 13:01:48 +00:00
fd4c9d7e62 chore(deps): update docker.io/library/node docker tag to v24.7.0
All checks were successful
Helm / helm-lint (push) Successful in 20s
Helm / helm-unittest (push) Successful in 14s
Helm / helm-lint (pull_request) Successful in 18s
Helm / helm-unittest (pull_request) Successful in 15s
2025-08-28 13:01:33 +00:00
265ac3d9a9 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.6.0' (#86) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 14s
2025-08-15 22:02:05 +00:00
7d20373804 chore(deps): update docker.io/library/node docker tag to v24.6.0
All checks were successful
Helm / helm-lint (push) Successful in 5s
Helm / helm-unittest (pull_request) Successful in 5s
Helm / helm-unittest (push) Successful in 16s
Helm / helm-lint (pull_request) Successful in 14s
2025-08-15 22:01:36 +00:00
2117bbed96 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.6.0' (#85) from renovate/actions into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 16s
2025-08-15 19:02:19 +00:00
a47f528585 chore(deps): update docker.io/library/node docker tag to v24.6.0
All checks were successful
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (push) Successful in 15s
Helm / helm-unittest (pull_request) Successful in 7s
Helm / helm-lint (pull_request) Successful in 22s
2025-08-15 19:01:36 +00:00
716f6b06c3 Merge pull request 'chore(deps): update volkerraschek/helm docker tag to v3.18.5' (#84) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 13s
Helm / helm-unittest (push) Successful in 18s
2025-08-14 16:02:28 +00:00
ee5111da20 Merge pull request 'chore(deps): update docker.io/volkerraschek/helm docker tag to v3.18.5' (#83) from renovate/actions into master
Some checks failed
Helm / helm-unittest (push) Successful in 5s
Helm / helm-lint (push) Has been cancelled
2025-08-14 16:02:11 +00:00
d954b2e3e7 chore(deps): update volkerraschek/helm docker tag to v3.18.5
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
Helm / helm-unittest (pull_request) Successful in 5s
Helm / helm-lint (pull_request) Successful in 15s
2025-08-14 16:01:40 +00:00
840ee10717 chore(deps): update docker.io/volkerraschek/helm docker tag to v3.18.5
All checks were successful
Helm / helm-lint (push) Successful in 11s
Helm / helm-unittest (pull_request) Successful in 8s
Helm / helm-lint (pull_request) Successful in 27s
Helm / helm-unittest (push) Successful in 37s
2025-08-14 16:01:30 +00:00
c5772856e3 Merge pull request 'chore(deps): update actions/checkout action to v4.3.0' (#81) from renovate/actions into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
2025-08-11 13:26:27 +00:00
f047c145e2 chore(deps): update actions/checkout action to v4.3.0
All checks were successful
Helm / helm-lint (push) Successful in 14s
Helm / helm-unittest (push) Successful in 15s
Helm / helm-lint (pull_request) Successful in 15s
Helm / helm-unittest (pull_request) Successful in 13s
2025-08-11 13:04:35 +00:00
7c0c6f4270 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.5.0' (#80) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 16s
Helm / helm-unittest (push) Successful in 16s
2025-08-04 13:02:55 +00:00
3cab48dd3c Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.5.0' (#79) from renovate/actions into master
Some checks failed
Helm / helm-lint (push) Has been cancelled
Helm / helm-unittest (push) Has been cancelled
2025-08-04 13:02:21 +00:00
50e21e10d8 chore(deps): update docker.io/library/node docker tag to v24.5.0
All checks were successful
Helm / helm-lint (push) Successful in 16s
Helm / helm-unittest (push) Successful in 15s
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 15s
2025-08-04 13:01:51 +00:00
5b70f5e5fa chore(deps): update docker.io/library/node docker tag to v24.5.0
All checks were successful
Helm / helm-lint (push) Successful in 15s
Helm / helm-unittest (push) Successful in 17s
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 18s
2025-08-04 13:01:36 +00:00
09d205316e chore(deps): update docker.io/library/node docker tag to v24.4.1
All checks were successful
Helm / helm-lint (pull_request) Successful in 13s
Helm / helm-unittest (pull_request) Successful in 15s
Helm / helm-unittest (push) Successful in 13s
Helm / helm-lint (push) Successful in 15s
2025-07-16 22:01:52 +00:00
c1e686fc2d chore(deps): update docker.io/library/node docker tag to v24.4.1
All checks were successful
Helm / helm-lint (pull_request) Successful in 17s
Helm / helm-unittest (pull_request) Successful in 17s
Helm / helm-unittest (push) Successful in 14s
Helm / helm-lint (push) Successful in 15s
2025-07-16 19:01:21 +00:00
cfb5978593 chore(deps): update dependency @bitnami/readme-generator-for-helm to v2.7.2
All checks were successful
Helm / helm-lint (pull_request) Successful in 15s
Helm / helm-unittest (pull_request) Successful in 16s
Helm / helm-lint (push) Successful in 12s
Helm / helm-unittest (push) Successful in 15s
2025-07-14 10:01:28 +00:00
e04a9baec1 chore(deps): update volkerraschek/helm docker tag to v3.18.4
All checks were successful
Helm / helm-lint (pull_request) Successful in 14s
Helm / helm-unittest (pull_request) Successful in 15s
Helm / helm-unittest (push) Successful in 13s
Helm / helm-lint (push) Successful in 15s
2025-07-13 01:01:41 +00:00
72908cae0b chore(deps): update docker.io/volkerraschek/helm docker tag to v3.18.4
All checks were successful
Helm / helm-lint (pull_request) Successful in 17s
Helm / helm-unittest (pull_request) Successful in 12s
Helm / helm-lint (push) Successful in 15s
Helm / helm-unittest (push) Successful in 16s
2025-07-12 22:01:33 +00:00
8c6f4db7f5 chore(deps): update docker.io/library/node docker tag to v24.4.0
All checks were successful
Helm / helm-unittest (pull_request) Successful in 14s
Helm / helm-lint (pull_request) Successful in 15s
Helm / helm-lint (push) Successful in 15s
Helm / helm-unittest (push) Successful in 15s
2025-07-09 19:37:12 +00:00
5eae090f40 chore(deps): update docker.io/library/node docker tag to v24.4.0
All checks were successful
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 18s
Helm / helm-lint (push) Successful in 13s
Helm / helm-unittest (push) Successful in 15s
2025-07-09 19:01:19 +00:00
60ed4abe97 chore(deps): update docker.io/library/node docker tag to v24.3.0
All checks were successful
Helm / helm-unittest (pull_request) Successful in 6s
Helm / helm-lint (pull_request) Successful in 17s
Helm / helm-lint (push) Successful in 12s
Helm / helm-unittest (push) Successful in 15s
2025-06-25 19:01:38 +00:00
1179b51895 chore(deps): update docker.io/library/node docker tag to v24.3.0
All checks were successful
Helm / helm-lint (pull_request) Successful in 6s
Helm / helm-unittest (pull_request) Successful in 16s
Helm / helm-lint (push) Successful in 13s
Helm / helm-unittest (push) Successful in 15s
2025-06-25 16:01:20 +00:00
1fcf9e7d4b chore(deps): update dependency @bitnami/readme-generator-for-helm to v2.7.1
All checks were successful
Helm / helm-lint (pull_request) Successful in 17s
Helm / helm-unittest (pull_request) Successful in 15s
Helm / helm-unittest (push) Successful in 5s
Helm / helm-lint (push) Successful in 15s
2025-06-25 10:02:32 +00:00
00c2f285b1 chore(deps): update volkerraschek/helm docker tag to v3.18.3
All checks were successful
Helm / helm-lint (pull_request) Successful in 15s
Helm / helm-unittest (pull_request) Successful in 15s
Helm / helm-unittest (push) Successful in 13s
Helm / helm-lint (push) Successful in 15s
2025-06-18 06:44:33 +00:00
1077afb673 chore(deps): update docker.io/volkerraschek/helm docker tag to v3.18.3
All checks were successful
Helm / helm-lint (pull_request) Successful in 17s
Helm / helm-unittest (pull_request) Successful in 15s
Helm / helm-lint (push) Successful in 15s
Helm / helm-unittest (push) Successful in 17s
2025-06-17 19:02:25 +00:00
a4d1611f44 chore(deps): update docker.io/library/node docker tag to v24.2.0
All checks were successful
Helm / helm-lint (pull_request) Successful in 13s
Helm / helm-unittest (pull_request) Successful in 14s
Helm / helm-lint (push) Successful in 12s
Helm / helm-unittest (push) Successful in 16s
2025-06-10 04:01:33 +00:00
0950a51229 chore(deps): update docker.io/library/node docker tag to v24.2.0
All checks were successful
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 15s
Helm / helm-lint (push) Successful in 11s
Helm / helm-unittest (push) Successful in 16s
2025-06-10 01:01:09 +00:00
ee9fa20df4 chore(deps): update gomods/athens docker tag to v0.16.0
All checks were successful
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 24s
Helm / helm-lint (push) Successful in 11s
Helm / helm-unittest (push) Successful in 13s
2025-06-06 07:01:14 +00:00
848f9c9fd8 chore(ci): migrate to GitTea actions 2025-06-06 08:01:11 +02:00
2889a5390c docs(README): remove drone badge 2025-06-01 12:44:32 +02:00
14987d7265 chore(deps): update git.cryptic.systems/volker.raschek/markdownlint docker tag to v0.44.0
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2025-04-01 16:50:28 +00:00
f9c03e8be4 chore(deps): update git.cryptic.systems/volker.raschek/helm docker tag to v3.17.1
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2025-03-30 19:03:05 +00:00
055bcadd16 chore(deps): update gomods/athens docker tag to v0.15.4
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/tag Build is passing
2025-01-16 21:38:00 +01:00
45d2cf7183 chore(deps): update git.cryptic.systems/volker.raschek/helm docker tag to v3.16.4
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2024-12-17 11:04:28 +00:00
07c2bc6b72 chore(deps): update git.cryptic.systems/volker.raschek/markdownlint docker tag to v0.43.0
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2024-12-03 14:03:43 +00:00
9a58ec7806 chore(deps): update git.cryptic.systems/volker.raschek/helm docker tag to v3.16.3
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2024-12-02 11:02:18 +00:00
55bb771c26 chore(deps): update git.cryptic.systems/volker.raschek/git docker tag to v1.4.0
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2024-11-25 23:02:23 +00:00
e709d68cb8 chore(deps): update git.cryptic.systems/volker.raschek/markdownlint docker tag to v0.42.0
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2024-10-14 19:03:12 +00:00
1c22e90d85 feat: add option to customize probes
All checks were successful
continuous-integration/drone/tag Build is passing
continuous-integration/drone/push Build is passing
2024-09-24 21:24:02 +02:00
6ef34f5f60 chore(deps): update gomods/athens docker tag to v0.15.1
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2024-09-16 19:04:14 +00:00
76593b2109 chore(deps): update git.cryptic.systems/volker.raschek/helm docker tag to v3.16.1
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2024-09-16 16:03:45 +00:00
cb9612fe74 chore(deps): update git.cryptic.systems/volker.raschek/helm docker tag to v3.15.4
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2024-08-15 10:02:00 +00:00
bd3e0cf62f chore(deps): update gomods/athens docker tag to v0.14.1
All checks were successful
continuous-integration/drone/push Build is passing
2024-07-18 19:24:52 +02:00
560234e9c0 chore(deps): update git.cryptic.systems/volker.raschek/markdownlint docker tag to v0.41.0
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2024-05-27 13:04:04 +00:00
9707a79840 chore(deps): update git.cryptic.systems/volker.raschek/helm docker tag to v3.15.0
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2024-05-16 10:01:20 +00:00
5dbc250d7f chore(deps): update git.cryptic.systems/volker.raschek/markdownlint docker tag to v0.40.0
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2024-05-07 22:03:55 +00:00
603fe6c96d chore(deps): update git.cryptic.systems/volker.raschek/helm docker tag to v3.14.4
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2024-04-11 07:02:29 +00:00
122e2e1417 chore(deps): update git.cryptic.systems/volker.raschek/helm docker tag to v3.14.3
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2024-03-22 20:00:31 +01:00
d571c1e027 chore(deps): update git.cryptic.systems/volker.raschek/helm docker tag to v3.14.2
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2024-02-23 11:01:49 +00:00
76 changed files with 8225 additions and 667 deletions

View File

@@ -1,106 +0,0 @@
---
kind: pipeline
type: kubernetes
name: linter
clone:
disable: true
platform:
os: linux
arch: amd64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: helm lint
commands:
- helm lint
image: git.cryptic.systems/volker.raschek/helm:3.14.1
resources:
limits:
cpu: 150
memory: 150M
- name: markdown lint
commands:
- markdownlint *.md
image: git.cryptic.systems/volker.raschek/markdownlint:0.39.0
resources:
limits:
cpu: 150
memory: 150M
- name: helm template
commands:
- helm template .
image: git.cryptic.systems/volker.raschek/helm:3.14.1
resources:
limits:
cpu: 150
memory: 150M
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
resources:
limits:
cpu: 150
memory: 150M
when:
status:
- changed
- failure
trigger:
event:
exclude:
- tag
---
kind: pipeline
type: kubernetes
name: release
clone:
disable: true
platform:
os: linux
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: release-helm-chart
commands:
- helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
- helm package --version ${DRONE_TAG} .
- helm cm-push ${DRONE_REPO_NAME%-charts}-${DRONE_TAG}.tgz volker.raschek
environment:
HELM_REPO_PASSWORD:
from_secret: helm_repo_password
HELM_REPO_USERNAME:
from_secret: helm_repo_username
image: git.cryptic.systems/volker.raschek/helm:3.14.1
resources:
limits:
cpu: 150
memory: 150M
trigger:
event:
- tag
repo:
- volker.raschek/athens-proxy-charts

View File

@@ -1,6 +1,3 @@
# EditorConfig is awesome: https://EditorConfig.org
# top-most EditorConfig file
root = true
[*]
@@ -10,3 +7,6 @@ end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = false
[Makefile]
indent_style = tab

114
.gitea/scripts/add-annotations.sh Executable file
View File

@@ -0,0 +1,114 @@
#!/bin/bash
set -e
CHART_FILE="Chart.yaml"
if [ ! -f "${CHART_FILE}" ]; then
echo "ERROR: ${CHART_FILE} not found!" 1>&2
exit 1
fi
DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
if [ -z "${1}" ]; then
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
if [ -z "${OLD_TAG}" ]; then
OLD_TAG="${DEFAULT_OLD_TAG}"
fi
while [ -z "$(git tag --list "${OLD_TAG}")" ]; do
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
if [ -z "${OLD_TAG}" ]; then
OLD_TAG="${DEFAULT_OLD_TAG}"
fi
done
else
OLD_TAG=${1}
if [ -z "$(git tag --list "${OLD_TAG}")" ]; then
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
exit 1
fi
fi
if [ -z "${2}" ]; then
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
if [ -z "${NEW_TAG}" ]; then
NEW_TAG="${DEFAULT_NEW_TAG}"
fi
while [ -z "$(git tag --list "${NEW_TAG}")" ]; do
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
if [ -z "${NEW_TAG}" ]; then
NEW_TAG="${DEFAULT_NEW_TAG}"
fi
done
else
NEW_TAG=${2}
if [ -z "$(git tag --list "${NEW_TAG}")" ]; then
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
exit 1
fi
fi
CHANGE_LOG_YAML=$(mktemp)
echo "[]" > "${CHANGE_LOG_YAML}"
function map_type_to_kind() {
case "${1}" in
feat)
echo "added"
;;
fix)
echo "fixed"
;;
chore|style|test|ci|docs|refac)
echo "changed"
;;
revert)
echo "removed"
;;
sec)
echo "security"
;;
*)
echo "skip"
;;
esac
}
COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")"
echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}"
while IFS= read -r line; do
if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then
TYPE="${BASH_REMATCH[1]}"
KIND=$(map_type_to_kind "${TYPE}")
if [ "${KIND}" == "skip" ]; then
continue
fi
DESC="${BASH_REMATCH[3]}"
echo "- ${KIND}: ${DESC}"
jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new"
mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}"
fi
done <<< "${COMMIT_TITLES}"
if [ -s "${CHANGE_LOG_YAML}" ]; then
yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}"
yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}"
else
echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2
exit 1
fi
rm "${CHANGE_LOG_YAML}"

View File

@@ -0,0 +1,32 @@
name: Generate README
on:
pull_request:
paths: [ "README.md", "values.yaml" ]
types: [ "opened", "reopened", "synchronize" ]
push:
branches:
- '**'
paths: [ "README.md", "values.yaml" ]
tags-ignore:
- '**'
workflow_dispatch: {}
jobs:
generate-parameters:
container:
image: docker.io/library/node:25.0.0-alpine
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v5.0.0
- name: Generate parameter section in README
run: |
npm install
npm run readme:parameters
- name: Compare diff
run: git diff --exit-code --name-only README.md

View File

@@ -0,0 +1,42 @@
name: Helm
on:
pull_request:
types: [ "opened", "reopened", "synchronize" ]
push:
branches:
- '**'
tags-ignore:
- '**'
workflow_dispatch: {}
jobs:
helm-lint:
container:
image: docker.io/volkerraschek/helm:3.19.0
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v5.0.0
- name: Lint helm files
run: |
helm lint --values values.yaml .
helm-unittest:
container:
image: docker.io/volkerraschek/helm:3.19.0
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v5.0.0
- name: Unittest
run: |
helm unittest --strict --file 'unittests/**/*.yaml' ./

View File

@@ -0,0 +1,46 @@
name: Markdown linter
on:
pull_request:
paths: [ "**/*.md" ]
types: [ "opened", "reopened", "synchronize" ]
push:
branches:
- '**'
paths: [ "**/*.md" ]
tags-ignore:
- '**'
workflow_dispatch: {}
jobs:
markdown-link-checker:
container:
image: docker.io/library/node:25.0.0-alpine
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v5.0.0
- name: Verify links in markdown files
run: |
npm install
npm run readme:link
markdown-lint:
container:
image: docker.io/library/node:25.0.0-alpine
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git
- uses: actions/checkout@v5.0.0
- name: Lint markdown files
run: |
npm install
npm run readme:lint

View File

@@ -0,0 +1,61 @@
name: Release
on:
push:
tags:
- "**"
jobs:
publish-chart:
container:
image: docker.io/volkerraschek/helm:3.19.0
runs-on: ubuntu-latest
steps:
- name: Install packages via apk
run: |
apk update
apk add git npm jq yq
- uses: actions/checkout@v5.0.0
with:
fetch-depth: 0
- name: Add Artifacthub.io annotations
run: |
NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
- name: Extract meta information
run: |
echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
- name: Update Helm Chart version in README.md
run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md
- name: Package chart
run: |
helm dependency build
helm package --version "${PACKAGE_VERSION}" ./
- name: Upload Chart to ChartMuseum
env:
CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
run: |
helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
helm repo remove chartmuseum
- name: Upload Chart to Gitea
env:
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
GITEA_SERVER_URL: ${{ github.server_url }}
run: |
helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
helm repo remove gitea

8
.gitignore vendored
View File

@@ -1,3 +1,9 @@
*.tgz
charts
node_modules
target
values2.yml
values2.yaml
*.tgz
install.sh
uninstall.sh

View File

@@ -2,6 +2,7 @@
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
@@ -10,23 +11,50 @@
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# drone
.drone.yml
# markdownlint
.markdownlint.yaml
# editorconfig
.editorconfig
# customized values
values2.yml
values2.yaml
# helm packages
*.tgz
.helmignore
unittests
# markdownlint
.markdownlint.yml
.markdownlint.yaml
.markdownlintignore
# npm
.prettierignore
.npmrc
package*
# yamllint
.yamllint.yaml
# Others
CONTRIBUTING.md
CODEOWNERS
Makefile
renovate.json

View File

@@ -45,9 +45,9 @@ MD012:
# MD013/line-length - Line length
MD013:
# Number of characters
line_length: 80
line_length: 120
# Number of characters for headings
heading_line_length: 80
heading_line_length: 120
# Number of characters for code blocks
code_block_line_length: 80
# Include code blocks
@@ -56,8 +56,6 @@ MD013:
tables: false
# Include headings
headings: true
# Include headings
headers: true
# Strict length checking
strict: false
# Stern length checking
@@ -73,7 +71,7 @@ MD022:
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
MD024:
# Only check sibling headings
allow_different_nesting: true
siblings_only: true
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
MD025:
@@ -129,7 +127,20 @@ MD041:
MD044:
# List of proper names
names:
- gitea
- Git
- GitDevOps
- Gitea
- GitHub
- GitLab
- GitOps
- kube-prometheus-stack
- Memcached
- Oracle
- PostgreSQL
- Prometheus
- prometheus-exporter
- SSL
- TLS
# Include code blocks
code_blocks: false

4
.markdownlintignore Normal file
View File

@@ -0,0 +1,4 @@
.github/
Chart.lock
charts/
node_modules/

1
.npmrc Normal file
View File

@@ -0,0 +1 @@
engine-strict=true

1
.prettierignore Normal file
View File

@@ -0,0 +1 @@
Chart.lock

8
.vscode/extensions.json vendored Normal file
View File

@@ -0,0 +1,8 @@
{
"recommendations": [
"DavidAnson.vscode-markdownlint",
"esbenp.prettier-vscode",
"Tim-Koehler.helm-intellisense",
"yzhang.markdown-all-in-one"
]
}

8
.vscode/settings.json vendored Normal file
View File

@@ -0,0 +1,8 @@
{
"yaml.schemas": {
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [
"/unittests/**/*.yaml"
]
},
"yaml.schemaStore.enable": true
}

20
.yamllint.yaml Normal file
View File

@@ -0,0 +1,20 @@
---
extends: default
ignore: |
.yamllint
node_modules
templates
rules:
truthy:
allowed-values: ['true', 'false']
check-keys: False
level: error
line-length: disable
document-start: disable
comments:
min-spaces-from-content: 1
braces:
max-spaces-inside: 2

1
CODEOWNERS Normal file
View File

@@ -0,0 +1 @@
* @volker.raschek

82
CONTRIBUTING.md Normal file
View File

@@ -0,0 +1,82 @@
# Contributing
I am very happy if you would like to provide a pull request 👍
The content of this file describes which requirements contributors should fulfill before submitting a pull request (PR).
1. [Valid Git commits](#valid-git-commits)
## Valid Git commits
### Commit message
The repository is subject to a strict commit message template. This states that there are several types of commits. For
example, `fix`, `chore`, `refac`, `test` or `doc`. All types are described in more detail below.
| type | description |
| ------------------- | ----------------------------------------------------------------- |
| `feat` | New feature. |
| `fix` | Fixes a bug. |
| `refac` | Refactoring production code. |
| `style` | Fixes formatting issues. No production code change. |
| `docs` | Adapt documentation. No production code change. |
| `test` | Adds new or modifies existing tests. No production code change. |
| `chore` | Updating grunt tasks. Is everything which the user does not see. |
Based on these types, commit messaged can then be created. Here are a few examples:
```text
style(README): Wrong indentation
feat(deployment): support restartPolicy
fix(my-app): Add missing volume
docs(CONTRIBUTING): Describe how to commit correctly
```
This type of commit message makes it easier for me as maintainer to keep an overview and does not cause the commits of a
pull request PR to be combined into one commit (squashing).
### Smart commits
Smart commits are excellent when it comes to tracking bugs or issues. In this repository, however, the rebasing of
commits is prohibited, which means that only merge commits are possible. This means that a smart commit message only
needs to be added to the merge commit.
This has the advantage that the maintainer can use the smart commit to find the merge commit and undo the entire history
of a merge without having to select individual commits. The following history illustrates the correct use of smart commits.
```text
* 823edbc7 Volker Raschek (G) | [Close #2] feat(deployment): support additional containers
|\
| * 321aebc3 Volker Raschek (G) | doc(README): generate README with new deployment attributes
| * 8d101dd3 Volker Raschek (G) | test(deployment): Extend unittest of additional containers
| * 6f2abd93 Volker Raschek (G) | fix(deployment): Extend deployment of additional containers
|/
* aa5ebda bob (N) | [Close #1] feat(deployment): support initContainers
```
### Commit signing
Another problem with Git is the chain of trust. Git allows the configuration of any name and e-mail address. An attacker
can impersonate any person and submit pull requests under a false identity. For as Linux Torvalds, the maintainer of the
Linux kernel.
```bash
git config --global user.name 'Linux Torvalds'
git config --global user.email 'torvalds@linux-foundation.org'
```
To avoid this, some Git repositories expect signed commits. In particular, repositories that are subject to direct
delivery to customers. For this reason, the repository is subject to a branch protection rule that only allows signed
commits. *Until* there is *no verified* and *no signed* commit, the pull request is blocked.
The following articles describes how Git can be configured to sign commits. Please keep in mind, that the e-mail
address, which is used as UID of the GPG keyring must also be defined in the profile settings of your GitHub account.
Otherwise will be marked the Git commit as *Unverified*.
1. [Signing Commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
2. [Tell Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)
Inspect your Git commit via `git log`. There should be mentioned, that your commit is signed.
Furthermore, the GPG key is unique. **Don't loose your private GPG key**. Backup your private key on a safe device. For
example an external USB drive.

View File

@@ -1,9 +1,15 @@
annotations:
artifacthub.io/links: |
- name: Athens proxy (binary)
url: https://github.com/gomods/athens
- name: support
url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues
apiVersion: v2
name: athens-proxy
description: Athens proxy server for golang
type: application
version: "0.1.0"
appVersion: "v0.13.1"
appVersion: "v0.16.1"
icon: https://github.com/gomods/athens/blob/main/docs/static/banner.png?raw=true
keywords:
@@ -13,10 +19,6 @@ keywords:
- go-proxy
sources:
- https://github.com/volker-raschek/athens-proxy-charts
- https://git.cryptic.systems/volker.raschek/athens-proxy-charts
- https://github.com/gomods/athens
- https://hub.docker.com/r/gomods/athens
maintainers:
- name: Markus Pesch
email: markus.pesch+apps@cryptic.systems

28
LICENSE
View File

@@ -1,13 +1,21 @@
Copyright 2022 Markus Pesch
MIT License
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
Copyright (c) 2025 Markus Pesch
http://www.apache.org/licenses/LICENSE-2.0
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

91
Makefile Normal file
View File

@@ -0,0 +1,91 @@
# CONTAINER_RUNTIME
CONTAINER_RUNTIME?=$(shell which podman)
# HELM_IMAGE
HELM_IMAGE_REGISTRY_HOST?=docker.io
HELM_IMAGE_REPOSITORY?=volkerraschek/helm
HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
# NODE_IMAGE
NODE_IMAGE_REGISTRY_HOST?=docker.io
NODE_IMAGE_REPOSITORY?=library/node
NODE_IMAGE_VERSION?=25.0.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
# MISSING DOT
# ==============================================================================
missing-dot:
grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml
# CONTAINER RUN - README
# ==============================================================================
PHONY+=container-run/readme
container-run/readme: container-run/readme/link container-run/readme/lint container-run/readme/parameters
container-run/readme/link:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:link
container-run/readme/lint:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:lint
container-run/readme/parameters:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:parameters
# CONTAINER RUN - HELM UNITTESTS
# ==============================================================================
PHONY+=container-run/helm-unittests
container-run/helm-unittests:
${CONTAINER_RUNTIME} run \
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
unittest --strict --file 'unittests/**/*.yaml' ./
# CONTAINER RUN - HELM UPDATE DEPENDENCIES
# ==============================================================================
PHONY+=container-run/helm-update-dependencies
container-run/helm-update-dependencies:
${CONTAINER_RUNTIME} run \
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
dependency update
# CONTAINER RUN - MARKDOWN-LINT
# ==============================================================================
PHONY+=container-run/helm-lint
container-run/helm-lint:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
lint --values values.yaml .
# PHONY
# ==============================================================================
# Declare the contents of the PHONY variable as phony. We keep that information
# in a variable so we can use it in if_changed.
.PHONY: ${PHONY}

553
README.md
View File

@@ -1,167 +1,456 @@
# athens-proxy-charts
[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/athens-proxy-charts/status.svg)](https://drone.cryptic.systems/volker.raschek/athens-proxy-charts)
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek)
This is an inofficial helm chart of the go-proxy
[athens](https://github.com/gomods/athens) which supports more complex
configuration options.
> [!NOTE]
> This is not the official helm chart of Athens Go Proxy. If you are looking for the official helm chart, checkout the
> GitHub project [gomods/athens-charts](https://github.com/gomods/athens-charts).
This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and
can be installed via helm.
This helm chart enables the deployment of [Athens Go Proxy](https://github.com/gomods/athens), a module datastore and
proxy for Golang.
The helm chart supports the individual configuration of additional containers/initContainers, mounting of volumes,
defining additional environment variables and much more.
Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure
helm and use it to deploy the exporter. It also contains further configuration examples.
Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the
*[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)*
concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a
separate [chapter](#argocd).
## Helm: configuration and installation
1. A helm chart repository must be configured, to pull the helm charts from.
2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm
`--set` flag or directly as part of a `values.yaml` file. The following example defines the repository and use the
`--set` flag for a basic deployment.
```bash
helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
helm repo update
helm install athens-proxy volker.raschek/athens-proxy
```
## Customization
Instead of passing all parameters via the *set* flag, it is also possible to define them as part of the `values.yaml`.
The following command downloads the `values.yaml` for a specific version of this chart. Please keep in mind, that the
version of the chart must be in sync with the `values.yaml`. Newer *minor* versions can have new features. New *major*
versions can break something!
The complete deployment can be adapted via the `values.yaml` files. The
configuration of the proxy can be done via the environment variables described
below or via mounting the config.toml as additional persistent volume to
`/config/config.toml`
## Access private repositories via SSH
Create a `configmap.yaml` with multiple keys. One key describe the content of
the `.gitconfig` file and another of `config` of the ssh client. All requests
git clone comands with the prefix `http://github.com/` will be replaced by
`git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a
separate secret.
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-configs
data:
sshconfig: |
Host github.com
IdentityFile /root/.ssh/id_ed25519
StrictHostKeyChecking no
gitconfig: |
[url "git@github.com:"]
insteadOf = https://github.com/
```bash
CHART_VERSION=1.1.1
helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml
```
The secret definition below contains the SSH private and public key.
A complete list of available helm chart versions can be displayed via the following command:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: custom-ssh-keys
type: Opaque
stringData:
id_ed25519: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
-----END OPENSSH PRIVATE KEY-----
id_ed25519.pub: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe
```bash
helm search repo reposilite --versions
```
The item `config` of the configmap will be merged with the items of the secret
as virtual volume. This volume can than be mounted with special permissions
required for the ssh client.
The helm chart also contains a persistent volume claim definition. It persistent volume claim is not enabled by default.
Use the `--set` argument to persist your data.
```yaml
extraVolumes:
- name: ssh
projected:
defaultMode: 0644
sources:
- configMap:
name: custom-configs
items:
- key: sshconfig
path: config
- secret:
name: custom-ssh-keys
items:
- key: id_ed25519
path: id_ed25519
mode: 0600
- key: id_ed25519.pub
path: id_ed25519.pub
- name: gitconfig
configMap:
name: custom-configs
items:
- key: gitconfig
path: config
mode: 0644
extraVolumeMounts:
- name: ssh
mountPath: /root/.ssh
- name: gitconfig
mountPath: /root/.config/git
```bash
CHART_VERSION=1.1.1
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
persistence.enabled=true
```
## Access private github.com repositories via developer token
### Examples
Another way to access private github repositories is via a github token, which
can be set via the environment variable `GITHUB_TOKEN`. Athens automatically
creates a `.netrc` file to access private github repositories.
The following examples serve as individual configurations and as inspiration for how deployment problems can be solved.
## Access private repositories via .netrc configuration
#### Avoid CPU throttling by defining a CPU limit
As describe above, a `.netrc` file is responsible for the authentication via
HTTP. The file can also be defined via a custom secret and mounted into the home
directory of `root` for general authentication purpose.
If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the
application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but
cannot use the available CPU time to perform computing operations.
The example below describe the definition and mounting of a custom `.netrc` file
to access private repositories hosted on github and gitlab.
The application must be informed that despite several CPUs only a part (limit) of the available computing time is
available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way
of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS
rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
```yaml
apiVersion: v1
kind: Secret
metadata:
name: custom-netrc
type: Opaque
stringData:
netrc: |
machine github.com login USERNAME password API-KEY
machine gitlab.com login USERNAME password API-KEY
Further information about this topic can be found in one of Kanishk's blog
[posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
> [!NOTE]
> The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is
> not anymore required.
>
> Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
```bash
CHART_VERSION=1.1.1
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
--set 'deployment.athensProxy.env.name=GOMAXPROCS' \
--set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
--set 'deployment.athensProxy.resources.limits.cpu=1000m'
```
The file must then be mounted via extraVolumes and extraVolumeMounts.
#### TLS encryption
```yaml
extraVolumes:
- name: netrc
secret:
secretName: custom-netrc
items:
- key: netrc
path: .netrc
mode: 0600
The example shows how to deploy the application with TLS encryption. For example when **no** HTTP ingress is used for
TLS determination and instead the application it self should determinate the TLS handshake. To generate the TLS
certificate can be used the [cert-manager](https://cert-manager.io/). The chart supports the creation of such a TLS
certificate via `cert-manager.io/v1 Certificate` resource. Alternatively can be mounted a TLS certificate from a secret.
The secret must be from type `kubernetes.io/tls`.
extraVolumeMounts:
- name: netrc
mountPath: /root
> [!WARNING]
> The following example expects that the [cert-manager](https://cert-manager.io/) is deployed and the `Issuer` named
> `athens-proxy-ca` is present in the same namespace of the helm deployment.
```bash
CHART_VERSION=1.1.1
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
--set 'config.certificate.enabled=true' \
--set 'config.certificate.new.issuerRef.kind=Issuer' \
--set 'config.certificate.new.issuerRef.name=athens-proxy-ca'
```
## Persistent storage
The environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` are automatically added and the TLS certificate
and private key are mounted to a pre-defined destination inside the container file system.
Unlike the athens default, the default here is `disk` - i.e. the files are
written to the container. Therefore, it is advisable to outsource the
corresponding storage location to persistent storage. The following example
describes the integration of a persistent storage claim.
#### TLS certificate rotation
If the application uses TLS certificates that are mounted as a secret in the container file system like the example
[above](#tls-encryption), the application will not automatically apply them when the TLS certificates are rotated. Such
a rotation can be for example triggered, when the [cert-manager](https://cert-manager.io/) issues new TLS certificates
before expiring.
Until the exporter does not support rotating TLS certificate a workaround can be applied. For example stakater's
[reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update. The following
annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted configMaps
and secrets have been changed.
```yaml
extraVolumes:
- name: gomodules
persistentVolumeClaim:
claimName: custom-gomodules-pvc
extraVolumeMounts:
- name: gomodules
mountPath: /var/lib/athens
deployment:
annotations:
reloader.stakater.com/auto: "true"
```
Instead of triggering a rolling update for configMap and secret resources, this action can also be defined for
individual items. For example, when the secret named `athens-proxy-tls` is mounted and the reloader controller should
only listen for changes of this secret:
```yaml
deployment:
annotations:
secret.reloader.stakater.com/reload: "athens-proxy-tls"
```
#### Network policies
Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`.
The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming
traffic from an ingress controller. Additionally two egress rules are defined. The first one to allow the application
outgoing access to the internal running DNS server `core-dns`. The second rule to be able to access the upstream Go
proxy `https://proxy.golang.org` via HTTPS.
> [!IMPORTANT]
> Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For
> this reason, there is are not default network policy rules defined.
```yaml
networkPolicies:
enabled: true
annotations: {}
labels: {}
policyTypes:
- Egress
- Ingress
egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- port: 53
protocol: TCP
- port: 53
protocol: UDP
- ports:
- port: 443
protocol: TCP
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
ports:
- port: http
protocol: TCP
```
## ArgoCD
### Daily execution of rolling updates
The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in
connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll
Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments). Please ensure, that no
third party application modifies the config maps or secret afterwards.
The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the
content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version,
Helm render order, different timestamps).
This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this
can lead to unnecessary notifications from ArgoCD.
To avoid this, the annotation with the shasum can be ignored. However, this negates the mechanism of [Automatically Roll
Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments).
Below is a diff that adds the `Application` to ignore all annotations with the prefix `checksum`.
> [!WARNING]
> Configurations of `ignoreDifferences` always refer to the determination of a drift and whether a possible sync is
> necessary. If the selected attributes should also be ignored in deployment afterwards, define
> `RespectIgnoreDifferences=true` in your `Application` resource. Further information can be found in the ArgoCD
> [documentation](https://argo-cd.readthedocs.io/en/latest/user-guide/sync-options/#respect-ignore-differences-configs).
```diff
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
+ ignoreDifferences:
+ - group: apps
+ kind: Deployment
+ jqPathExpressions:
+ - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))'
```
The definition of ignoreDifferences ensures that annotations with the prefix checksum are ignored during a diff.
> [!TIP]
> If the [reloader](https://github.com/stakater/Reloader) is configured as described in section [TLS certificate
> rotation](#tls-certificate-rotation), ensure that the shasum defined as annotation or environment variable is also
> ignored. The [reloader](https://github.com/stakater/Reloader) will modify the deployment based on his configuration
> and append additional annotations or environment variables containing the shasum. Below are some examples how to adapt
> the `ignoreDifferences` configuration to ignore only the annotations and environment variables of stakater's
> [reloader](https://github.com/stakater/Reloader).
```diff
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
ignoreDifferences:
- group: apps
kind: Deployment
jqPathExpressions:
+ - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("reloader")))'
+ - '.spec.template.spec.containers[].env[] | select(.name | startswith("STAKATER_"))'
```
## Parameters
### Global
| Name | Description | Value |
| ------------------ | ----------------------------------------- | ----- |
| `nameOverride` | Individual release name suffix. | `""` |
| `fullnameOverride` | Override the complete release name logic. | `""` |
### Certificate
| Name | Description | Value |
| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- |
| `certificate.enabled` | Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added. | `false` |
| `certificate.existingSecret.enabled` | Use an existing secret of the type `kubernetes.io/tls`. | `false` |
| `certificate.existingSecret.secretName` | Name of the secret containing the TLS certificate and private key. | `""` |
| `certificate.new.annotations` | Additional certificate annotations. | `{}` |
| `certificate.new.labels` | Additional certificate labels. | `{}` |
| `certificate.new.duration` | Duration of the TLS certificate. | `744h` |
| `certificate.new.renewBefore` | Renew TLS certificate before expiring. | `672h` |
| `certificate.new.dnsNames` | Overwrites the default of the subject alternative DNS names. | `[]` |
| `certificate.new.ipAddresses` | Overwrites the default of the subject alternative IP addresses. | `[]` |
| `certificate.new.issuerRef.kind` | Issuer kind. Can be `Issuer` or `ClusterIssuer`. | `""` |
| `certificate.new.issuerRef.name` | Name of the `Issuer` or `ClusterIssuer`. | `""` |
| `certificate.new.privateKey.algorithm` | Algorithm of the private TLS key. | `RSA` |
| `certificate.new.privateKey.rotationPolicy` | Rotation of the private TLS key. | `Never` |
| `certificate.new.privateKey.size` | Size of the private TLS key. | `4096` |
| `certificate.new.secretTemplate.annotations` | Additional annotation of the created secret. | `{}` |
| `certificate.new.secretTemplate.labels` | Additional labels of the created secret. | `{}` |
| `certificate.new.subject.countries` | List of countries. | `[]` |
| `certificate.new.subject.localities` | List of localities. | `[]` |
| `certificate.new.subject.organizationalUnits` | List of organizationalUnits. | `[]` |
| `certificate.new.subject.organizations` | List of organizations. | `[]` |
| `certificate.new.subject.postalCodes` | List of postalCodes. | `[]` |
| `certificate.new.subject.provinces` | List of provinces. | `[]` |
| `certificate.new.subject.serialNumber` | Serial number. | `""` |
| `certificate.new.subject.streetAddresses` | List of streetAddresses. | `[]` |
| `certificate.new.usages` | Define the usage of the TLS key. | `["client auth","server auth"]` |
### Configuration
| Name | Description | Value |
| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `config.env.enabled` | Enable mounting of the secret as environment variables. | `false` |
| `config.env.existingSecret.enabled` | Mount an existing secret containing the application specific environment variables. | `false` |
| `config.env.existingSecret.secretName` | Name of the existing secret containing the application specific environment variables. | `""` |
| `config.env.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
| `config.env.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
| `config.env.secret.envs` | List of environment variables stored in a secret and mounted into the container. | `{}` |
| `config.downloadMode.enabled` | Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined. | `false` |
| `config.downloadMode.existingConfigMap.enabled` | Enable to use an external config map for mounting the download mode file. | `false` |
| `config.downloadMode.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the download mode file. | `""` |
| `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored. | `downloadMode` |
| `config.downloadMode.configMap.annotations` | Additional annotations of the config map containing the download mode file. | `{}` |
| `config.downloadMode.configMap.labels` | Additional labels of the config map containing the download mode file. | `{}` |
| `config.gitConfig.enabled` | Enable mounting of a .gitconfig file into the container file system. | `false` |
| `config.gitConfig.existingConfigMap.enabled` | Enable to use an external config map for mounting the .gitconfig file. | `false` |
| `config.gitConfig.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the .gitconfig file. | `""` |
| `config.gitConfig.existingConfigMap.gitConfigKey` | The name of the key inside the config map where the content of the .gitconfig file is stored. | `nil` |
| `config.gitConfig.configMap.annotations` | Additional annotations of the config map containing the .gitconfig file. | `{}` |
| `config.gitConfig.configMap.labels` | Additional labels of the config map containing the .gitconfig file. | `{}` |
| `config.netrc.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
| `config.netrc.existingSecret.enabled` | Enable to use an external secret for mounting the .netrc file. | `false` |
| `config.netrc.existingSecret.secretName` | The name of the existing secret which should be used to mount the .netrc file. | `""` |
| `config.netrc.existingSecret.netrcKey` | The name of the key inside the secret where the content of the .netrc file is stored. | `.netrc` |
| `config.netrc.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
| `config.netrc.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
| `config.ssh.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
| `config.ssh.existingSecret.enabled` | Enable to use an external secret for mounting the public and private SSH key files. | `false` |
| `config.ssh.existingSecret.secretName` | The name of the existing secret which should be used to mount the public and private SSH key files. | `""` |
| `config.ssh.existingSecret.configKey` | The name of the key inside the secret where the content of the SSH client config file is stored. | `config` |
| `config.ssh.existingSecret.id_ed25519Key` | The name of the key inside the secret where the content of the id_ed25519 key file is stored. | `id_ed25519` |
| `config.ssh.existingSecret.id_ed25519PubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_ed25519.pub` |
| `config.ssh.existingSecret.id_rsaKey` | The name of the key inside the secret where the content of the id_rsa key file is stored. | `id_rsa` |
| `config.ssh.existingSecret.id_rsaPubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_rsa.pub` |
| `config.ssh.secret.annotations` | Additional annotations of the secret containing the public and private SSH key files. | `{}` |
| `config.ssh.secret.labels` | Additional labels of the secret containing the public and private SSH key files. | `{}` |
### Deployment
| Name | Description | Value |
| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------- |
| `deployment.annotations` | Additional deployment annotations. | `{}` |
| `deployment.labels` | Additional deployment labels. | `{}` |
| `deployment.additionalContainers` | List of additional containers. | `[]` |
| `deployment.affinity` | Affinity for the athens-proxy deployment. | `{}` |
| `deployment.initContainers` | List of additional init containers. | `[]` |
| `deployment.dnsConfig` | dnsConfig of the athens-proxy deployment. | `{}` |
| `deployment.dnsPolicy` | dnsPolicy of the athens-proxy deployment. | `""` |
| `deployment.hostname` | Individual hostname of the pod. | `""` |
| `deployment.subdomain` | Individual domain of the pod. | `""` |
| `deployment.hostNetwork` | Use the kernel network namespace of the host system. | `false` |
| `deployment.imagePullSecrets` | Secret to use for pulling the image. | `[]` |
| `deployment.athensProxy.args` | Arguments passed to the athens-proxy container. | `[]` |
| `deployment.athensProxy.command` | Command passed to the athens-proxy container. | `[]` |
| `deployment.athensProxy.env` | List of environment variables for the athens-proxy container. | `[]` |
| `deployment.athensProxy.envFrom` | List of environment variables mounted from configMaps or secrets for the athens-proxy container. | `[]` |
| `deployment.athensProxy.image.registry` | Image registry, eg. `docker.io`. | `docker.io` |
| `deployment.athensProxy.image.repository` | Image repository, eg. `library/busybox`. | `gomods/athens` |
| `deployment.athensProxy.image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` |
| `deployment.athensProxy.image.pullPolicy` | Image pull policy. | `IfNotPresent` |
| `deployment.athensProxy.resources` | CPU and memory resources of the pod. | `{}` |
| `deployment.athensProxy.securityContext` | Security context of the container of the deployment. | `{}` |
| `deployment.athensProxy.volumeMounts` | Additional volume mounts. | `[]` |
| `deployment.nodeSelector` | NodeSelector of the athens-proxy deployment. | `{}` |
| `deployment.priorityClassName` | PriorityClassName of the athens-proxy deployment. | `""` |
| `deployment.replicas` | Number of replicas for the athens-proxy deployment. | `1` |
| `deployment.restartPolicy` | Restart policy of the athens-proxy deployment. | `""` |
| `deployment.securityContext` | Security context of the athens-proxy deployment. | `{}` |
| `deployment.strategy.type` | Strategy type - `Recreate` or `RollingUpdate`. | `RollingUpdate` |
| `deployment.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` |
| `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` |
| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` |
| `deployment.tolerations` | Tolerations of the athens-proxy deployment. | `[]` |
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the athens-proxy deployment. | `[]` |
| `deployment.volumes` | Additional volumes to mount into the pods of the athens-proxy deployment. | `[]` |
### Horizontal Pod Autoscaler (HPA)
| Name | Description | Value |
| ----------------- | -------------------------------------------------------------------------------------------------- | ----------- |
| `hpa.enabled` | Enable the horizontal pod autoscaler (HPA). | `false` |
| `hpa.annotations` | Additional annotations for the HPA. | `{}` |
| `hpa.labels` | Additional labels for the HPA. | `{}` |
| `hpa.metrics` | Metrics contains the specifications for which to use to calculate the desired replica count. | `undefined` |
| `hpa.minReplicas` | Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down. | `1` |
| `hpa.maxReplicas` | Upper limit for the number of pods that can be set by the autoscaler. | `10` |
### Ingress
| Name | Description | Value |
| --------------------- | -------------------------------------------------------------------------------------------------------------------- | ------- |
| `ingress.enabled` | Enable creation of an ingress resource. Requires, that the http service is also enabled. | `false` |
| `ingress.className` | Ingress class. | `nginx` |
| `ingress.annotations` | Additional ingress annotations. | `{}` |
| `ingress.labels` | Additional ingress labels. | `{}` |
| `ingress.hosts` | Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. | `[]` |
| `ingress.tls` | Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``. | `[]` |
### Persistence
| Name | Description | Value |
| -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- |
| `persistence.enabled` | Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. | `false` |
| `persistence.data.mountPath` | The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`. | `/var/www/athens-proxy/data` |
| `persistence.data.existingPersistentVolumeClaim.enabled` | Use an existing persistent volume claim. | `false` |
| `persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName` | The name of the existing persistent volume claim. | `""` |
| `persistence.data.persistentVolumeClaim.annotations` | Additional persistent volume claim annotations. | `{}` |
| `persistence.data.persistentVolumeClaim.labels` | Additional persistent volume claim labels. | `{}` |
| `persistence.data.persistentVolumeClaim.accessModes` | Access modes of the persistent volume claim. | `["ReadWriteMany"]` |
| `persistence.data.persistentVolumeClaim.storageClassName` | Storage class of the persistent volume claim. | `""` |
| `persistence.data.persistentVolumeClaim.storageSize` | Size of the persistent volume claim. | `5Gi` |
### Network
| Name | Description | Value |
| --------------- | ------------------------------------------------------------------------ | --------------- |
| `clusterDomain` | Domain of the Cluster. Domain is part of internally issued certificates. | `cluster.local` |
### Network Policy
| Name | Description | Value |
| --------------------------- | ------------------------------------------------------------------------- | ------- |
| `networkPolicy.enabled` | Enable network policies in general. | `false` |
| `networkPolicy.annotations` | Additional network policy annotations. | `{}` |
| `networkPolicy.labels` | Additional network policy labels. | `{}` |
| `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]` |
| `networkPolicy.egress` | Concrete egress network policy implementation. | `[]` |
| `networkPolicy.ingress` | Concrete ingress network policy implementation. | `[]` |
### Service
| Name | Description | Value |
| ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| `services.http.enabled` | Enable the service. | `true` |
| `services.http.annotations` | Additional service annotations. | `{}` |
| `services.http.externalIPs` | External IPs for the service. | `[]` |
| `services.http.externalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster` |
| `services.http.internalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | `Cluster` |
| `services.http.ipFamilies` | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | `[]` |
| `services.http.labels` | Additional service labels. | `{}` |
| `services.http.loadBalancerClass` | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | `""` |
| `services.http.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` |
| `services.http.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` |
| `services.http.port` | Port to forward the traffic to. | `3000` |
| `services.http.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` |
| `services.http.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` |
| `services.http.type` | Kubernetes service type for the traffic. | `ClusterIP` |
### ServiceAccount
| Name | Description | Value |
| ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `serviceAccount.existing.enabled` | Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations. | `false` |
| `serviceAccount.existing.serviceAccountName` | Name of the existing service account. | `""` |
| `serviceAccount.new.annotations` | Additional service account annotations. | `{}` |
| `serviceAccount.new.labels` | Additional service account labels. | `{}` |
| `serviceAccount.new.automountServiceAccountToken` | Enable/disable auto mounting of the service account token. | `true` |
| `serviceAccount.new.imagePullSecrets` | ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount. | `[]` |
| `serviceAccount.new.secrets` | Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. | `[]` |

View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-configs
data:
sshconfig: |
Host github.com
IdentityFile /root/.ssh/id_ed25519
StrictHostKeyChecking no
gitconfig: |
[url "git@github.com:"]
insteadOf = https://github.com/

View File

@@ -1,26 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: custom-ssh-keys
type: Opaque
stringData:
id_ed25519: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
-----END OPENSSH PRIVATE KEY-----
id_ed25519.pub: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe
---
apiVersion: v1
kind: Secret
metadata:
name: custom-netrc
type: Opaque
stringData:
netrc: |
machine github.com login USERNAME password API-KEY
machine gitlab.com login USERNAME password API-KEY

2617
package-lock.json generated Normal file

File diff suppressed because it is too large Load Diff

21
package.json Normal file
View File

@@ -0,0 +1,21 @@
{
"name": "athens-proxy-charts",
"homepage": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts.git",
"license": "MIT",
"private": true,
"engineStrict": true,
"engines": {
"node": ">=16.0.0",
"npm": ">=8.0.0"
},
"scripts": {
"readme:link": "markdown-link-check *.md",
"readme:lint": "markdownlint *.md -f",
"readme:parameters": "readme-generator -v values.yaml -r README.md"
},
"devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.5.0",
"markdown-link-check": "^3.13.6",
"markdownlint-cli": "^0.45.0"
}
}

View File

@@ -1,26 +1,15 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"assignees": [ "volker.raschek" ],
"labels": [ "renovate" ],
"packageRules": [
{
"addLabels": [ "renovate/athens-proxy", "renovate/automerge" ],
"automerge": true,
"matchManagers": "droneci",
"matchUpdateTypes": [ "minor", "patch"]
},
{
"addLabels": [ "renovate/athens-proxy", "renovate/automerge" ],
"automerge": false,
"matchPackageNames": [ "gomods/athens" ],
"matchManagers": [ "regex" ]
}
"extends": [
"local>volker.raschek/renovate-config:default#master",
"local>volker.raschek/renovate-config:container#master",
"local>volker.raschek/renovate-config:actions#master",
"local>volker.raschek/renovate-config:npm#master",
"local>volker.raschek/renovate-config:regexp#master"
],
"rebaseLabel": "renovate/rebase",
"rebaseWhen": "behind-base-branch",
"regexManagers": [
"customManagers": [
{
"description": "Update container image reference",
"customType": "regex",
"fileMatch": [
"^Chart\\.yaml$"
],
@@ -28,7 +17,92 @@
"appVersion: \"(?<currentValue>.*?)\"\\s+"
],
"datasourceTemplate": "docker",
"depNameTemplate": "gomods/athens"
"depNameTemplate": "gomods/athens",
"lookupNameTemplate": "docker.io/gomods/athens",
"versioningTemplate": "semver"
},
{
"customType": "regex",
"fileMatch": ["^README\\.md$"],
"matchStrings": [
"VERSION=(?<currentValue>.*)"
],
"depNameTemplate": "volker.raschek/athens-proxy-charts",
"packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts",
"datasourceTemplate": "git-tags",
"versioningTemplate": "semver"
},
{
"customType": "regex",
"datasourceTemplate": "github-releases",
"fileMatch": [
".vscode/settings\\.json$"
],
"matchStrings": [
"https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json"
]
}
],
"packageRules": [
{
"groupName": "Update docker.io/volkerraschek/helm",
"matchDepNames": [
"docker.io/volkerraschek/helm",
"volkerraschek/helm"
]
},
{
"automerge": true,
"groupName": "Update helm plugin 'unittest'",
"matchDepNames": [
"helm-unittest/helm-unittest"
],
"matchDatasources": [
"github-releases"
],
"matchUpdateTypes": [
"minor",
"patch"
]
},
{
"groupName": "Update docker.io/library/node",
"matchDepNames": [
"docker.io/library/node",
"library/node"
]
},
{
"addLabels": [
"renovate/automerge",
"renovate/container"
],
"automerge": true,
"excludePackagePatterns": [
"gomods/athens"
],
"matchDatasources": [
"docker"
],
"matchUpdateTypes": [
"minor",
"patch"
]
},
{
"addLabels": [
"renovate/automerge",
"renovate/documentation"
],
"automerge": true,
"matchDepNames": [
"volker.raschek/athens-proxy-charts"
],
"matchUpdateTypes": [
"major",
"minor",
"patch"
]
}
]
}

View File

@@ -0,0 +1,25 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.certificates.server.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.certificate.new.annotations }}
{{ toYaml .Values.certificate.new.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.certificates.server.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.certificate.new.labels }}
{{ toYaml .Values.certificate.new.labels }}
{{- end }}
{{- end }}
{{/* names */}}
{{- define "athens-proxy.certificates.server.name" -}}
{{ include "athens-proxy.fullname" . }}-tls
{{- end -}}

View File

@@ -1,3 +1,4 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
@@ -30,20 +31,26 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common annotations
*/}}
{{- define "athens-proxy.annotations" -}}
{{- end }}
{{/*
Common labels
*/}}
{{- define "athens-proxy.labels" -}}
helm.sh/chart: {{ include "athens-proxy.chart" . }}
{{ include "athens-proxy.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "athens-proxy.chart" . }}
{{- end }}
{{/*
Selector labels
Common selector labels
*/}}
{{- define "athens-proxy.selectorLabels" -}}
app.kubernetes.io/name: {{ include "athens-proxy.name" . }}

43
templates/_configMap.tpl Normal file
View File

@@ -0,0 +1,43 @@
---
{{/* annotations */}}
{{- define "athens-proxy.configMap.downloadMode.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.downloadMode.configMap.annotations }}
{{ toYaml .Values.config.downloadMode.configMap.annotations }}
{{- end }}
{{- end }}
{{- define "athens-proxy.configMap.gitConfig.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.gitConfig.configMap.annotations }}
{{ toYaml .Values.config.gitConfig.configMap.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.configMap.downloadMode.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.downloadMode.configMap.labels }}
{{ toYaml .Values.config.downloadMode.configMap.labels }}
{{- end }}
{{- end }}
{{- define "athens-proxy.configMap.gitConfig.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.gitConfig.configMap.labels }}
{{ toYaml .Values.config.gitConfig.configMap.labels }}
{{- end }}
{{- end }}
{{/* name */}}
{{- define "athens-proxy.configMap.downloadMode.name" -}}
{{ include "athens-proxy.fullname" . }}-download-mode-file
{{- end }}
{{- define "athens-proxy.configMap.gitConfig.name" -}}
{{ include "athens-proxy.fullname" . }}-gitconfig
{{- end }}

279
templates/_deployment.tpl Normal file
View File

@@ -0,0 +1,279 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.deployment.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.deployment.annotations }}
{{ toYaml .Values.deployment.annotations }}
{{- end }}
{{- end }}
{{/* env */}}
{{- define "athens-proxy.deployment.env" -}}
{{- $env := .Values.deployment.athensProxy.env | default (list) }}
{{- if and .Values.persistence.enabled }}
{{- $env = concat $env (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)) }}
{{- end }}
{{- if .Values.config.downloadMode.enabled }}
{{- $env = concat $env (list (dict "name" "ATHENS_DOWNLOAD_MODE" "value" "file:/etc/athens/config/download-mode.d/download-mode")) }}
{{- end }}
{{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }}
{{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }}
{{- end }}
{{- if .Values.certificate.enabled }}
{{- $env = concat $env (list
(dict "name" "ATHENS_TLSCERT_FILE" "value" "/etc/athens-proxy/tls/tls.crt")
(dict "name" "ATHENS_TLSKEY_FILE" "value" "/etc/athens-proxy/tls/tls.key")
) }}
{{- end }}
{{ toYaml (dict "env" $env) }}
{{- end -}}
{{/* envFrom */}}
{{- define "athens-proxy.deployment.envFrom" -}}
{{- $envFrom := .Values.deployment.athensProxy.envFrom | default (list) }}
{{- if .Values.config.env.enabled }}
{{- $secretName := include "athens-proxy.secrets.env.name" $ }}
{{- if and .Values.config.env.existingSecret.enabled (gt (len .Values.config.env.existingSecret.secretName) 0)}}
{{- $secretName = .Values.config.env.existingSecret.secretName }}
{{- end }}
{{- $envFrom = concat $envFrom (list (dict "secretRef" (dict "name" $secretName))) }}
{{- end }}
{{ toYaml (dict "envFrom" $envFrom) }}
{{- end -}}
{{/* image */}}
{{- define "athens-proxy.deployment.images.athens-proxy.fqin" -}}
{{- $registry := .Values.deployment.athensProxy.image.registry -}}
{{- $repository := .Values.deployment.athensProxy.image.repository -}}
{{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}}
{{- printf "%s/%s:%s" $registry $repository $tag -}}
{{- end -}}
{{/* labels */}}
{{- define "athens-proxy.deployment.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.deployment.labels }}
{{ toYaml .Values.deployment.labels }}
{{- end }}
{{- end }}
{{/* serviceAccount */}}
{{- define "athens-proxy.deployment.serviceAccount" -}}
{{- if .Values.serviceAccount.existing.enabled -}}
{{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}}
{{- else -}}
{{- include "athens-proxy.fullname" . -}}
{{- end -}}
{{- end }}
{{/* volumeMounts */}}
{{- define "athens-proxy.deployment.volumeMounts" -}}
{{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }}
{{- if .Values.persistence.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }}
{{- end }}
{{/* volumes (download mode) */}}
{{- if .Values.config.downloadMode.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "download-mode" "mountPath" "/etc/athens/config/download-mode.d" )) }}
{{- end }}
{{/* volumeMount (git config) */}}
{{- if .Values.config.gitConfig.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.gitconfig" "subPath" ".gitconfig" )) }}
{{- end }}
{{/* volumeMount (netrc) */}}
{{- if .Values.config.netrc.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.netrc" "subPath" ".netrc" )) }}
{{- end }}
{{/* volumeMount (ssh) */}}
{{- if and .Values.config.ssh.enabled }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.config) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.configKey) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/config" "subPath" "config" )) }}
{{- end }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519" "subPath" "id_ed25519" )) }}
{{- end }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519.pub" "subPath" "id_ed25519.pub" )) }}
{{- end }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa" "subPath" "id_rsa" )) }}
{{- end }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa.pub" "subPath" "id_rsa.pub" )) }}
{{- end }}
{{- end }}
{{/* volumeMounts (tls) */}}
{{- if .Values.certificate.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "tls" "mountPath" "/etc/athens-proxy/tls" )) }}
{{- end }}
{{ toYaml (dict "volumeMounts" $volumeMounts) }}
{{- end -}}
{{/* volumes */}}
{{- define "athens-proxy.deployment.volumes" -}}
{{- $volumes := .Values.deployment.volumes | default (list) }}
{{/* volumes (data) */}}
{{- if .Values.persistence.enabled }}
{{- $claimName := include "athens-proxy.persistentVolumeClaim.data.name" $ }}
{{- if .Values.persistence.data.existingPersistentVolumeClaim.enabled }}
{{- $claimName = .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName }}
{{- end }}
{{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $claimName))) }}
{{- end }}
{{/* volumes (download mode) */}}
{{- if .Values.config.downloadMode.enabled }}
{{- $itemList := list (dict "key" "downloadMode" "path" "download-mode" "mode" 0644) }}
{{- $configMapName := include "athens-proxy.configMap.downloadMode.name" $ }}
{{- if and .Values.config.downloadMode.existingConfigMap.enabled (gt (len .Values.config.downloadMode.existingConfigMap.configMapName) 0) }}
{{- $itemList = list (dict "key" .Values.config.downloadMode.existingConfigMap.downloadModeKey "path" "download-mode" "mode" 0644) }}
{{- $configMapName = .Values.config.downloadMode.existingConfigMap.configMapName }}
{{- end }}
{{- $volumes = concat $volumes (list (dict "name" "download-mode" "configMap" (dict "name" $configMapName "items" $itemList))) }}
{{- end }}
{{/* volumes (git config) */}}
{{- $projectedSecretSources := list -}}
{{- if .Values.config.gitConfig.enabled }}
{{- $itemList := list (dict "key" ".gitconfig" "path" ".gitconfig" "mode" 0644) }}
{{- $configMapName := include "athens-proxy.configMap.gitConfig.name" . }}
{{- if .Values.config.gitConfig.existingConfigMap.enabled }}
{{- $itemList = list (dict "key" .Values.config.gitConfig.existingConfigMap.gitConfigKey "path" ".gitconfig" "mode" 0644) }}
{{- $configMapName = .Values.config.gitConfig.existingConfigMap.configMapName }}
{{- end }}
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "configMap" (dict "name" $configMapName "items" $itemList))) }}
{{- end }}
{{/* volumes (netrc) */}}
{{- if .Values.config.netrc.enabled }}
{{- $itemList := list (dict "key" ".netrc" "path" ".netrc" "mode" 0600) }}
{{- $secretName := include "athens-proxy.secrets.netrc.name" . }}
{{- if .Values.config.netrc.existingSecret.enabled }}
{{- $itemList = list (dict "key" .Values.config.netrc.existingSecret.netrcKey "path" ".netrc" "mode" 0600) }}
{{- $secretName = .Values.config.netrc.existingSecret.secretName }}
{{- end }}
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
{{- end }}
{{/* volumes (ssh) */}}
{{- if .Values.config.ssh.enabled }}
{{- $itemList := list -}}
{{- $secretName := include "athens-proxy.secrets.ssh.name" . }}
{{- if and .Values.config.ssh.existingSecret.enabled .Values.config.ssh.existingSecret.secretName }}
{{- $secretName = .Values.config.ssh.existingSecret.secretName }}
{{- if gt (len .Values.config.ssh.existingSecret.configKey) 0 }}
{{- $configItem := dict "key" .Values.config.ssh.existingSecret.configKey "path" "config" "mode" 0600 }}
{{- $itemList = concat $itemList (list $configItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0 }}
{{- $idED25519Item := dict "key" .Values.config.ssh.existingSecret.id_ed25519Key "path" "id_ed25519" "mode" 0600 }}
{{- $itemList = concat $itemList (list $idED25519Item) }}
{{- end }}
{{- if gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0 }}
{{- $idED25519PubItem := dict "key" .Values.config.ssh.existingSecret.id_ed25519PubKey "path" "id_ed25519.pub" "mode" 0644 }}
{{- $itemList = concat $itemList (list $idED25519PubItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0 }}
{{- $idRSAItem := dict "key" .Values.config.ssh.existingSecret.id_rsaKey "path" "id_rsa" "mode" 0600 }}
{{- $itemList = concat $itemList (list $idRSAItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0 }}
{{- $idRSAPubItem := dict "key" .Values.config.ssh.existingSecret.id_rsaPubKey "path" "id_rsa.pub" "mode" 0644 }}
{{- $itemList = concat $itemList (list $idRSAPubItem) }}
{{- end }}
{{- end }}
{{- if not .Values.config.ssh.existingSecret.enabled }}
{{- if gt (len .Values.config.ssh.secret.config) 0 }}
{{- $configItem := dict "key" "config" "path" "config" "mode" 0600 }}
{{- $itemList = concat $itemList (list $configItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.secret.id_ed25519) 0 }}
{{- $idED25519Item := dict "key" "id_ed25519" "path" "id_ed25519" "mode" 0600 }}
{{- $itemList = concat $itemList (list $idED25519Item) }}
{{- end }}
{{- if gt (len .Values.config.ssh.secret.id_ed25519_pub) 0 }}
{{- $idED25519PubItem := dict "key" "id_ed25519.pub" "path" "id_ed25519.pub" "mode" 0644 }}
{{- $itemList = concat $itemList (list $idED25519PubItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.secret.id_rsa) 0 }}
{{- $idRSAItem := dict "key" "id_rsa" "path" "id_rsa" "mode" 0600 }}
{{- $itemList = concat $itemList (list $idRSAItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.secret.id_rsa_pub) 0 }}
{{- $idRSAPubItem := dict "key" "id_rsa.pub" "path" "id_rsa.pub" "mode" 0644 }}
{{- $itemList = concat $itemList (list $idRSAPubItem) }}
{{- end }}
{{- end }}
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
{{- end }}
{{- if gt (len $projectedSecretSources) 0 }}
{{- $projectedSecretVolume := dict "name" "secrets" "projected" (dict "sources" $projectedSecretSources) }}
{{- $volumes = concat $volumes (list $projectedSecretVolume) }}
{{- end }}
{{/* volumes (tls) */}}
{{- if .Values.certificate.enabled }}
{{- $secretName := include "athens-proxy.certificates.server.name" $ }}
{{- if .Values.certificate.existingSecret.enabled }}
{{- $secretName := .Values.certificate.existingSecret.secretName }}
{{- end }}
{{- $volumes = concat $volumes (list (dict "name" "tls" "secret" (dict "secretName" $secretName))) }}
{{- end }}
{{ toYaml (dict "volumes" $volumes) }}
{{- end -}}

19
templates/_hpa.tpl Normal file
View File

@@ -0,0 +1,19 @@
---
{{/* annotations */}}
{{- define "athens-proxy.hpa.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.hpa.annotations }}
{{ toYaml .Values.hpa.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.hpa.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.hpa.labels }}
{{ toYaml .Values.hpa.labels }}
{{- end }}
{{- end }}

19
templates/_ingress.tpl Normal file
View File

@@ -0,0 +1,19 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.ingress.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.ingress.annotations }}
{{ toYaml .Values.ingress.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.ingress.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.ingress.labels }}
{{ toYaml .Values.ingress.labels }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,19 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.networkPolicy.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.networkPolicy.annotations }}
{{ toYaml .Values.networkPolicy.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.networkPolicy.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.networkPolicy.labels }}
{{ toYaml .Values.networkPolicy.labels }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,25 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.persistentVolumeClaim.data.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.persistence.data.persistentVolumeClaim.annotations }}
{{ toYaml .Values.persistence.data.persistentVolumeClaim.annotations}}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.persistentVolumeClaim.data.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.persistence.data.persistentVolumeClaim.labels }}
{{ toYaml .Values.persistence.data.persistentVolumeClaim.labels}}
{{- end }}
{{- end }}
{{/* name */}}
{{- define "athens-proxy.persistentVolumeClaim.data.name" -}}
{{ include "athens-proxy.fullname" . }}-data
{{- end }}

34
templates/_pod.tpl Normal file
View File

@@ -0,0 +1,34 @@
---
{{/* annotations */}}
{{- define "athens-proxy.pod.annotations" }}
{{- include "athens-proxy.annotations" . }}
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }}
{{- end }}
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }}
{{- end }}
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }}
{{- end }}
{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }}
{{- end }}
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.pod.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- end }}
{{- define "athens-proxy.pod.selectorLabels" -}}
{{ include "athens-proxy.selectorLabels" . }}
{{- end }}

61
templates/_secrets.tpl Normal file
View File

@@ -0,0 +1,61 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.secrets.env.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.env.secret.annotations }}
{{ toYaml .Values.config.env.secret.annotations }}
{{- end }}
{{- end }}
{{- define "athens-proxy.secrets.netrc.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.netrc.secret.annotations }}
{{ toYaml .Values.config.netrc.secret.annotations }}
{{- end }}
{{- end }}
{{- define "athens-proxy.secrets.ssh.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.ssh.secret.annotations }}
{{ toYaml .Values.config.ssh.secret.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.secrets.env.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.env.secret.labels }}
{{ toYaml .Values.config.env.secret.labels }}
{{- end }}
{{- end }}
{{- define "athens-proxy.secrets.netrc.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.netrc.secret.labels }}
{{ toYaml .Values.config.netrc.secret.labels }}
{{- end }}
{{- end }}
{{- define "athens-proxy.secrets.ssh.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.ssh.secret.labels }}
{{ toYaml .Values.config.ssh.secret.labels }}
{{- end }}
{{- end }}
{{/* name */}}
{{- define "athens-proxy.secrets.env.name" -}}
{{ include "athens-proxy.fullname" . }}-env
{{- end }}
{{- define "athens-proxy.secrets.netrc.name" -}}
{{ include "athens-proxy.fullname" . }}-netrc
{{- end }}
{{- define "athens-proxy.secrets.ssh.name" -}}
{{ include "athens-proxy.fullname" . }}-ssh
{{- end }}

View File

@@ -0,0 +1,17 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.serviceAccount.annotations" -}}
{{- if .Values.serviceAccount.new.annotations }}
{{ toYaml .Values.serviceAccount.new.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.serviceAccount.labels" -}}
{{- if .Values.serviceAccount.new.labels }}
{{ toYaml .Values.serviceAccount.new.labels }}
{{- end }}
{{- end }}

29
templates/_services.tpl Normal file
View File

@@ -0,0 +1,29 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.services.http.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.services.http.annotations }}
{{ toYaml .Values.services.http.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.services.http.labels" -}}
{{ include "athens-proxy.labels" . }}
{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}}
app.kubernetes.io/service-name: http
{{- if .Values.services.http.labels }}
{{ toYaml .Values.services.http.labels }}
{{- end }}
{{- end }}
{{/* names */}}
{{- define "athens-proxy.services.http.name" -}}
{{- if .Values.services.http.enabled -}}
{{ include "athens-proxy.fullname" . }}-http
{{- end -}}
{{- end -}}

View File

@@ -0,0 +1,97 @@
{{- if and .Values.certificate.enabled (not .Values.certificate.existingSecret.enabled) -}}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
{{- with (include "athens-proxy.certificates.server.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.certificates.server.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.certificates.server.name" . }}
namespace: {{ .Release.Namespace }}
spec:
commonName: {{ include "athens-proxy.fullname" . }}
{{- if empty .Values.certificate.new.dnsNames }}
dnsNames:
- {{ include "athens-proxy.fullname" . }}
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
{{- else }}
dnsNames:
{{- range .Values.certificate.new.dnsNames }}
- {{ . }}
{{- end }}
{{- end }}
duration: {{ .Values.certificate.new.duration }}
{{- if not (empty .Values.certificate.new.ipAddresses) }}
ipAddresses:
{{- range .Values.certificate.new.ipAddresses }}
- {{ . }}
{{- end }}
{{- end }}
isCA: false
issuerRef:
kind: {{ required "No certificate issuer kind defined!" .Values.certificate.new.issuerRef.kind }}
name: {{ required "No certificate issuer name defined!" .Values.certificate.new.issuerRef.name }}
privateKey:
algorithm: {{ .Values.certificate.new.privateKey.algorithm }}
rotationPolicy: {{ .Values.certificate.new.privateKey.rotationPolicy }}
size: {{ .Values.certificate.new.privateKey.size }}
renewBefore: {{ .Values.certificate.new.renewBefore }}
secretName: {{ include "athens-proxy.certificates.server.name" . }}
{{- with .Values.certificate.new.secretTemplate }}
secretTemplate:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if or .Values.certificate.new.subject.countries
.Values.certificate.new.subject.localities
.Values.certificate.new.subject.organizationalUnits
.Values.certificate.new.subject.organizations
.Values.certificate.new.subject.postalCodes
.Values.certificate.new.subject.provinces
.Values.certificate.new.subject.serialNumber
.Values.certificate.new.subject.streetAddresses
}}
subject:
{{- with .Values.certificate.new.subject.countries }}
countries:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.localities }}
localities:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.organizationalUnits }}
organizationalUnits:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.organizations }}
organizations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.postalCodes }}
postalCodes:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.provinces }}
provinces:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.certificate.new.subject.serialNumber }}
serialNumber: {{ .Values.certificate.new.subject.serialNumber }}
{{- end }}
{{- with .Values.certificate.new.subject.streetAddresses }}
streetAddresses:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
usages:
{{- range .Values.certificate.new.usages }}
- {{ . }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,19 @@
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
---
apiVersion: v1
kind: ConfigMap
metadata:
{{- with (include "athens-proxy.configMap.downloadMode.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.configMap.downloadMode.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.configMap.downloadMode.name" . }}
namespace: {{ .Release.Namespace }}
data:
downloadMode: |
{{- tpl .Values.config.downloadMode.configMap.content . | nindent 4 }}
{{- end }}

View File

@@ -0,0 +1,19 @@
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
---
apiVersion: v1
kind: ConfigMap
metadata:
{{- with (include "athens-proxy.configMap.gitConfig.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.configMap.gitConfig.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.configMap.gitConfig.name" . }}
namespace: {{ .Release.Namespace }}
data:
.gitconfig: |
{{- tpl .Values.config.gitConfig.configMap.content . | nindent 4 }}
{{- end }}

View File

@@ -1,74 +1,143 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "athens-proxy.fullname" . }}
{{- with (include "athens-proxy.deployment.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.deployment.labels" . | fromYaml) }}
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
replicas: {{ .Values.deployment.replicas }}
selector:
matchLabels:
{{- include "athens-proxy.selectorLabels" . | nindent 6 }}
{{- include "athens-proxy.pod.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "athens-proxy.pod.annotations" . | nindent 8 }}
labels:
{{- include "athens-proxy.selectorLabels" . | nindent 8 }}
{{- include "athens-proxy.pod.labels" . | nindent 8 }}
spec:
containers:
- name: {{ .Chart.Name }}
envFrom:
- secretRef:
name: {{ include "athens-proxy.fullname" . }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
livenessProbe:
httpGet:
scheme: HTTP
path: /healthz
port: http
ports:
- name: http
containerPort: {{ .Values.config.ATHENS_PORT | default 3000 }}
protocol: TCP
readinessProbe:
httpGet:
scheme: HTTP
path: /healthz
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.extraVolumeMounts }}
volumeMounts:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.affinity }}
{{- with .Values.deployment.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.imagePullSecrets }}
containers:
- name: athens-proxy
{{- with .Values.deployment.athensProxy.args }}
args:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.deployment.athensProxy.command }}
command:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- $env := (include "athens-proxy.deployment.env" . | fromYaml) }}
{{- if and (hasKey $env "env") (gt (len $env.env) 0) }}
env:
{{- toYaml $env.env | nindent 8 }}
{{- end }}
{{- $envFrom := (include "athens-proxy.deployment.envFrom" . | fromYaml) }}
{{- if and (hasKey $envFrom "envFrom") (gt (len $envFrom.envFrom) 0) }}
envFrom:
{{- toYaml $envFrom.envFrom | nindent 8 }}
{{- end }}
image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }}
imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }}
livenessProbe:
exec:
{{- if not .Values.certificate.enabled }}
command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ]
{{- else }}
command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ]
{{- end }}
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 3
readinessProbe:
exec:
{{- if not .Values.certificate.enabled }}
command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ]
{{- else }}
command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ]
{{- end }}
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 3
ports:
- name: http
containerPort: 3000
protocol: TCP
{{- with .Values.deployment.athensProxy.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.deployment.athensProxy.securityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- $volumeMounts := (include "athens-proxy.deployment.volumeMounts" . | fromYaml) }}
{{- if and (hasKey $volumeMounts "volumeMounts") (gt (len $volumeMounts.volumeMounts) 0) }}
volumeMounts:
{{- toYaml $volumeMounts.volumeMounts | nindent 8 }}
{{- end }}
{{- with .Values.deployment.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.deployment.dnsPolicy }}
dnsPolicy: {{ .Values.deployment.dnsPolicy }}
{{- end }}
{{- if .Values.deployment.hostname }}
hostname: {{ .Values.deployment.hostname }}
{{- end }}
hostNetwork: {{ .Values.deployment.hostNetwork }}
{{- with .Values.deployment.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
{{- with .Values.deployment.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.podPriorityClassName }}
priorityClassName: {{ .Values.podPriorityClassName }}
{{- if .Values.deployment.priorityClassName }}
priorityClassName: {{ .Values.deployment.priorityClassName }}
{{- end }}
{{- if .Values.deployment.restartPolicy }}
restartPolicy: {{ .Values.deployment.restartPolicy }}
{{- end }}
{{- with .Values.deployment.securityContext }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
serviceAccountName: {{ include "athens-proxy.fullname" . }}
{{- with .Values.tolerations }}
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccount: {{ include "athens-proxy.deployment.serviceAccount" . }}
{{- if .Values.deployment.subdomain }}
subdomain: {{ .Values.deployment.subdomain }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }}
{{- with .Values.deployment.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.extraVolumes }}
{{- with .Values.deployment.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- $volumes := (include "athens-proxy.deployment.volumes" . | fromYaml) }}
{{- if and (hasKey $volumes "volumes") (gt (len $volumes.volumes) 0) }}
volumes:
{{- toYaml . | nindent 8 }}
{{- toYaml $volumes.volumes | nindent 6 }}
{{- end }}
{{- with .Values.deployment.strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}

25
templates/hpa.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if .Values.hpa.enabled -}}
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
{{- with (include "athens-proxy.hpa.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.hpa.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
metrics:
{{- toYaml .Values.hpa.metrics | nindent 2 }}
maxReplicas: {{ .Values.hpa.maxReplicas }}
minReplicas: {{ .Values.hpa.minReplicas }}
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "athens-proxy.fullname" . }}
{{- end -}}

View File

@@ -1,61 +1,45 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "athens-proxy.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
{{- if and .Values.services.http.enabled .Values.ingress.enabled }}
---
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
{{- with (include "athens-proxy.ingress.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.ingress.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ include "athens-proxy.services.http.name" $ }}
port:
number: {{ $.Values.services.http.port }}
{{- end }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
- {{ tpl . $ | quote }}
{{- end }}
secretName: {{ .secretName | quote }}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,32 @@
{{- if .Values.networkPolicy.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
{{- with (include "athens-proxy.networkPolicy.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.networkPolicy.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
podSelector:
matchLabels:
{{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }}
{{- with .Values.networkPolicy.policyTypes }}
policyTypes:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.networkPolicy.egress }}
egress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.networkPolicy.ingress }}
ingress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,26 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.data.existingPersistentVolumeClaim.enabled) }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- with (include "athens-proxy.persistentVolumeClaim.data.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.persistentVolumeClaim.data.labels" . | fromYaml) }}
labels:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.persistentVolumeClaim.data.name" . }}
namespace: {{ $.Release.Namespace }}
spec:
{{- with .Values.persistence.data.persistentVolumeClaim.accessModes }}
accessModes:
{{ toYaml . | nindent 4 }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.data.persistentVolumeClaim.storageSize }}
{{- if .Values.persistence.data.persistentVolumeClaim.storageClassName }}
storageClassName: {{ .Values.persistence.data.persistentVolumeClaim.storageClassName }}
{{- end }}
{{- end }}

20
templates/secretEnv.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
---
apiVersion: v1
kind: Secret
metadata:
{{- with (include "athens-proxy.secrets.env.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.secrets.env.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.secrets.env.name" . }}
namespace: {{ .Release.Namespace }}
stringData:
{{- range $key, $value := .Values.config.env.secret.envs }}
{{ upper $key }}: {{ quote $value }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,19 @@
{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
---
apiVersion: v1
kind: Secret
metadata:
{{- with (include "athens-proxy.secrets.netrc.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.secrets.netrc.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.secrets.netrc.name" . }}
namespace: {{ .Release.Namespace }}
stringData:
.netrc: |
{{- tpl .Values.config.netrc.secret.content . | nindent 4 }}
{{- end }}

35
templates/secretSSH.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
---
apiVersion: v1
kind: Secret
metadata:
{{- with (include "athens-proxy.secrets.ssh.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.secrets.ssh.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.secrets.ssh.name" . }}
namespace: {{ .Release.Namespace }}
stringData:
config: |
{{- tpl $.Values.config.ssh.secret.config $ | nindent 4 }}
{{- if .Values.config.ssh.secret.id_ed25519 }}
id_ed25519: |
{{- .Values.config.ssh.secret.id_ed25519 | nindent 4 }}
{{- end }}
{{- if .Values.config.ssh.secret.id_ed25519_pub }}
id_ed25519.pub: |
{{- .Values.config.ssh.secret.id_ed25519_pub | nindent 4 }}
{{- end }}
{{- if .Values.config.ssh.secret.id_rsa }}
id_rsa: |
{{- .Values.config.ssh.secret.id_rsa | nindent 4 }}
{{- end }}
{{- if .Values.config.ssh.secret.id_rsa_pub }}
id_rsa.pub: |
{{- .Values.config.ssh.secret.id_rsa_pub | nindent 4 }}
{{- end }}
{{- end }}

View File

@@ -1,23 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "athens-proxy.fullname" . }}
type: Opaque
stringData:
{{- if not (hasKey .Values "config") -}}
{{- $_ := set .Values "config" dict -}}
{{- end -}}
{{- if not (hasKey .Values.config "ATHENS_DISK_STORAGE_ROOT") -}}
{{- $_ := set .Values.config "ATHENS_DISK_STORAGE_ROOT" "/var/lib/athens" -}}
{{- end -}}
{{- if not (hasKey .Values.config "ATHENS_STORAGE_TYPE") -}}
{{- $_ := set .Values.config "ATHENS_STORAGE_TYPE" "disk" -}}
{{- end -}}
{{/* SETUP CONFIG */}}
{{ range $key, $value := .Values.config }}
{{ upper $key}}: {{ quote $value }}
{{ end }}

View File

@@ -1,36 +0,0 @@
apiVersion: v1
kind: Service
metadata:
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
name: {{ include "athens-proxy.fullname" . }}
spec:
{{- with .Values.service.externalIPs }}
externalIPs:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- if .Values.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
{{- end }}
{{- if and .Values.service.loadBalancerClass (eq .Values.service.type "LoadBalancer") }}
loadBalancerClass: {{ .Values.service.loadBalancerClass }}
{{- end }}
{{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- with .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml . | nindent 2 }}
{{- end }}
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.service.targetPort }}
protocol: TCP
name: {{ .Values.service.name }}
selector:
{{- include "athens-proxy.selectorLabels" . | nindent 4 }}

View File

@@ -1,10 +1,25 @@
{{- if not .Values.serviceAccount.existing.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
{{- with .Values.serviceAccount.annotations }}
{{- with (include "athens-proxy.serviceAccount.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.serviceAccount.labels" . | fromYaml) }}
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
automountServiceAccountToken: {{ .Values.serviceAccount.new.automountServiceAccountToken }}
{{- with .Values.serviceAccount.new.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.serviceAccount.new.secrets }}
secrets:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,57 @@
{{- if .Values.services.http.enabled }}
---
apiVersion: v1
kind: Service
metadata:
{{- with (include "athens-proxy.services.http.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.services.http.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.services.http.name" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- if not (empty .Values.services.http.externalIPs) }}
externalIPs:
{{- range .Values.services.http.externalIPs }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (or (eq .Values.services.http.type "LoadBalancer") (eq .Values.services.http.type "NodePort") ) .Values.services.http.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.services.http.externalTrafficPolicy }}
{{- end }}
internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.services.http.internalTrafficPolicy }}
{{- if .Values.services.http.ipFamilies }}
ipFamilies:
{{- range .Values.services.http.ipFamilies }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerClass }}
loadBalancerClass: {{ .Values.services.http.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerIP }}
loadBalancerIP: {{ .Values.services.http.loadBalancerIP }}
{{- end }}
{{- if eq .Values.services.http.type "LoadBalancer" }}
loadBalancerSourceRanges:
{{- range .Values.services.http.loadBalancerSourceRanges }}
- {{ . }}
{{- end }}
{{- end }}
ports:
- name: http
protocol: TCP
port: {{ required "No service port defined!" .Values.services.http.port }}
selector:
{{- include "athens-proxy.pod.selectorLabels" . | nindent 4 }}
sessionAffinity: {{ required "No session affinity defined!" .Values.services.http.sessionAffinity }}
{{- with .Values.services.http.sessionAffinityConfig }}
sessionAffinityConfig:
{{- toYaml . | nindent 4}}
{{- end }}
type: {{ required "No service type defined!" .Values.services.http.type }}
{{- end }}

View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "athens-proxy.fullname" . }}-test-connection"
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "athens-proxy.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

View File

@@ -0,0 +1,300 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Certificate athens-proxy template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/certificate.yaml
tests:
- it: Skip rendering by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rendering for existing certificate
set:
certificate.enabled: true
certificate.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Throw error when issuerKind and IssuerName is not defined
set:
certificate.enabled: true
asserts:
- failedTemplate:
errorMessage: "No certificate issuer kind defined!"
- it: Throw error when issuerKind and IssuerName is not defined
set:
certificate.enabled: true
asserts:
- failedTemplate: {}
- it: Throw error when issuerKind not defined
set:
certificate.enabled: true
certificate.new.issuerRef.name: "my-issuer"
asserts:
- failedTemplate:
errorMessage: "No certificate issuer kind defined!"
- it: Throw error when issuerName not defined
set:
certificate.enabled: true
certificate.new.issuerRef.kind: "ClusterIssuer"
asserts:
- failedTemplate:
errorMessage: "No certificate issuer name defined!"
- it: Rendering Certificate object when certificate.enabled=true (default)
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: cert-manager.io/v1
kind: Certificate
name: athens-proxy-unittest-tls
namespace: testing
- equal:
path: spec.commonName
value: athens-proxy-unittest
- equal:
path: spec.duration
value: 744h
- equal:
path: spec.dnsNames
value: [ "athens-proxy-unittest", "athens-proxy-unittest.testing", "athens-proxy-unittest.testing.svc", "athens-proxy-unittest.testing.svc.cluster.local" ]
- notExists:
path: spec.ipAddresses
- equal:
path: spec.isCA
value: false
- equal:
path: spec.issuerRef.kind
value: ClusterIssuer
- equal:
path: spec.issuerRef.name
value: my-issuer
- equal:
path: spec.privateKey.algorithm
value: RSA
- equal:
path: spec.privateKey.size
value: 4096
- equal:
path: spec.privateKey.rotationPolicy
value: Never
- equal:
path: spec.secretName
value: athens-proxy-unittest-tls
- exists:
path: spec.secretTemplate.annotations
- exists:
path: spec.secretTemplate.labels
- notExists:
path: spec.subject
- notExists:
path: spec.subject.countries
- notExists:
path: spec.subject.localities
- notExists:
path: spec.subject.organizationalUnits
- notExists:
path: spec.subject.organizations
- notExists:
path: spec.subject.postalCodes
- notExists:
path: spec.subject.provinces
- notExists:
path: spec.subject.serialNumber
- notExists:
path: spec.subject.streetAddresses
- equal:
path: spec.renewBefore
value: 672h
- equal:
path: spec.usages
value: [ "client auth", "server auth" ]
# metadata.annotations
- it: Rendering Certificate object with additional annotations and labels
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.annotations:
foo: bar
certificate.new.labels:
bar: foo
asserts:
- isSubset:
path: metadata.annotations
content:
foo: bar
- isSubset:
path: metadata.labels
content:
bar: foo
# spec.duration
- it: Rendering Certificate object with custom `.Values.certificate.new.duration`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.duration: 3000h
asserts:
- equal:
path: spec.duration
value: 3000h
# spec.dnsNames
- it: Rendering Certificate object with custom `.Values.certificate.new.dnsNames`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.dnsNames: [ "app", "app.example.local" ]
asserts:
- equal:
path: spec.dnsNames
value: [ "app", "app.example.local" ]
# spec.dnsNames
- it: Rendering Certificate object with custom `.Values.clusterDomain` as domain.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
clusterDomain: k8s.example.local
asserts:
- contains:
path: spec.dnsNames
content:
athens-proxy-unittest.testing.svc.k8s.example.local
count: 1
# spec.ipAddresses
- it: RRendering Certificate object with custom `.Values.certificate.new.ipAddresses`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.ipAddresses: [ "10.11.12.13", "fe00:xxyy:xxyy" ]
asserts:
- equal:
path: spec.ipAddresses
value: [ "10.11.12.13", "fe00:xxyy:xxyy" ]
# spec.privateKey
- it: Rendering Certificate object with custom `.Values.certificate.new.privateKey` values.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.privateKey.algorithm: ED25519
certificate.new.privateKey.rotationPolicy: Never
certificate.new.privateKey.size: 512
asserts:
- equal:
path: spec.privateKey.algorithm
value: ED25519
- equal:
path: spec.privateKey.rotationPolicy
value: Never
- equal:
path: spec.privateKey.size
value: 512
# spec.renewBefore
- it: Rendering Certificate object with custom `.Values.certificate.new.renewBefore`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.renewBefore: 2000h
asserts:
- equal:
path: spec.renewBefore
value: 2000h
# spec.secretTemplate
- it: Rendering Certificate object with custom `.Values.certificate.new.secretTemplate` values.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.secretTemplate:
annotations:
foo: bar
labels:
bar: foo
asserts:
- equal:
path: spec.secretTemplate.annotations
value:
foo: bar
- equal:
path: spec.secretTemplate.labels
value:
bar: foo
# spec.secretTemplate
- it: Rendering Certificate object with custom `.Values.certificate.new.subject` values.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.subject.countries: [ "Country" ]
certificate.new.subject.localities: [ "City" ]
certificate.new.subject.organizationalUnits: [ "IT department" ]
certificate.new.subject.organizations: [ "My organization" ]
certificate.new.subject.postalCodes: [ "AB12345", "12345AB" ]
certificate.new.subject.provinces: [ "Provinces" ]
certificate.new.subject.serialNumber: "MyNumber"
certificate.new.subject.streetAddresses: [ "ExampleStreet 1", "StreetExample 2" ]
asserts:
- equal:
path: spec.subject.countries
value: [ "Country" ]
- equal:
path: spec.subject.localities
value: [ "City" ]
- equal:
path: spec.subject.organizationalUnits
value: [ "IT department" ]
- equal:
path: spec.subject.organizations
value: [ "My organization" ]
- equal:
path: spec.subject.postalCodes
value: [ "AB12345", "12345AB" ]
- equal:
path: spec.subject.provinces
value: [ "Provinces" ]
- equal:
path: spec.subject.serialNumber
value: "MyNumber"
- equal:
path: spec.subject.streetAddresses
value: [ "ExampleStreet 1", "StreetExample 2" ]
# spec.usages
- it: Rendering Certificate object with custom `.Values.certificate.new.usages`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.usages: [ "client auth" ]
asserts:
- equal:
path: spec.usages
value: [ "client auth" ]

View File

@@ -0,0 +1,98 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ConfigMap downloadMode
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
tests:
- it: Skip rending by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rending by using existing config map.
set:
config.downloadMode.enabled: true
config.downloadMode.existingConfigMap.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering with default values
set:
config.downloadMode.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ConfigMap
name: athens-proxy-unittest-download-mode-file
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: data.downloadMode
value: |
downloadURL = "https://proxy.golang.org"
mode = "async_redirect"
# download "github.com/gomods/*" {
# mode = "sync"
# }
#
# download "golang.org/x/*" {
# mode = "none"
# }
#
# download "github.com/pkg/*" {
# mode = "redirect"
# downloadURL = "https://proxy.golang.org"
# }
- it: Rendering custom annotations and labels.
set:
config.downloadMode.enabled: true
config.downloadMode.configMap.annotations:
foo: bar
bar: foo
config.downloadMode.configMap.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo
- it: Rendering custom configuration
set:
config.downloadMode.enabled: true
config.downloadMode.configMap.content: |
downloadURL = "https://proxy.golang.org"
mode = "async_redirect"
asserts:
- equal:
path: data.downloadMode
value: |
downloadURL = "https://proxy.golang.org"
mode = "async_redirect"

View File

@@ -0,0 +1,93 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ConfigMap gitConfig
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapGitConfig.yaml
tests:
- it: Skip rending by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rending by using existing config map.
set:
config.gitConfig.enabled: true
config.gitConfig.existingConfigMap.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering by default.
set:
config.gitConfig.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ConfigMap
name: athens-proxy-unittest-gitconfig
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: data[".gitconfig"]
value: |
# The .gitconfig file
#
# The .gitconfig file contains the user specific git configuration. It generally resides in the user's home
# directory.
#
# [url "git@github.com:"] insteadOf = https://github.com/
- it: Rendering custom annotations and labels.
set:
config.gitConfig.enabled: true
config.gitConfig.configMap.annotations:
foo: bar
bar: foo
config.gitConfig.configMap.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo
- it: Rendering custom configuration
set:
config.gitConfig.enabled: true
config.gitConfig.configMap.content: |
[url "git@github.com:"]
insteadOf = https://github.com/
[url "git@git.cryptic.systems:"]
insteadOf = https://git.cryptic.systems/
asserts:
- equal:
path: data[".gitconfig"]
value: |
[url "git@github.com:"]
insteadOf = https://github.com/
[url "git@git.cryptic.systems:"]
insteadOf = https://git.cryptic.systems/

View File

@@ -0,0 +1,73 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Rendering default without tls config
asserts:
- notContains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_TLSCERT_FILE
value: /etc/athens-proxy/tls/tls.crt
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_TLSKEY_FILE
value: /etc/athens-proxy/tls/tls.key
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: tls
mountPath: /etc/athens-proxy/tls
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.volumes
content:
name: tls
secretRef:
name: athens-proxy-unittest-tls
template: templates/deployment.yaml
- it: Rendering with tls config
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: MyIssuer
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_TLSCERT_FILE
value: /etc/athens-proxy/tls/tls.crt
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_TLSKEY_FILE
value: /etc/athens-proxy/tls/tls.key
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: tls
mountPath: /etc/athens-proxy/tls
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: tls
secret:
secretName: athens-proxy-unittest-tls
template: templates/deployment.yaml

View File

@@ -0,0 +1,472 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/deployment.yaml
tests:
- it: Rendering default
asserts:
- hasDocuments:
count: 1
template: templates/deployment.yaml
- containsDocument:
apiVersion: apps/v1
kind: Deployment
name: athens-proxy-unittest
namespace: testing
template: templates/deployment.yaml
- notExists:
path: metadata.annotations
template: templates/deployment.yaml
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
template: templates/deployment.yaml
- equal:
path: spec.replicas
value: 1
template: templates/deployment.yaml
- equal:
path: spec.template.metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.affinity
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].args
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].command
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].envFrom
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].volumeMounts
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[0].image
value: docker.io/gomods/athens:0.1.0
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].resources
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].securityContext
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.dnsConfig
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.dnsPolicy
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.hostname
template: templates/deployment.yaml
- equal:
path: spec.template.spec.hostNetwork
value: false
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.imagePullSecrets
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.nodeSelector
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.priorityClassName
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.restartPolicy
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.subdomain
template: templates/deployment.yaml
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 60
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.tolerations
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.topologySpreadConstraints
template: templates/deployment.yaml
- equal:
path: spec.strategy
value:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template: templates/deployment.yaml
- it: Test custom replicas
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.replicas: 3
asserts:
- equal:
path: spec.replicas
value: 3
template: templates/deployment.yaml
- it: Test custom affinity
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: topology.kubernetes.io/zone
operator: In
values:
- antarctica-east1
- antarctica-west1
asserts:
- equal:
path: spec.template.spec.affinity
value:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: topology.kubernetes.io/zone
operator: In
values:
- antarctica-east1
- antarctica-west1
template: templates/deployment.yaml
- it: Test additional arguments
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.args:
- "--foo=bar"
- "--bar=foo"
asserts:
- equal:
path: spec.template.spec.containers[0].args
value:
- --foo=bar
- --bar=foo
template: templates/deployment.yaml
- it: Test additional command
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.command:
- "/bin/sh"
- "-c"
- "echo hello"
asserts:
- equal:
path: spec.template.spec.containers[0].command
value:
- "/bin/sh"
- "-c"
- "echo hello"
template: templates/deployment.yaml
- it: Test custom imageRegistry and imageRepository
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.image.registry: registry.example.local
deployment.athensProxy.image.repository: path/special/athens-proxy
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: registry.example.local/path/special/athens-proxy:0.1.0
template: templates/deployment.yaml
- it: Test custom imagePullPolicy
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.image.pullPolicy: Always
asserts:
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: Always
template: templates/deployment.yaml
- it: Test custom resource limits and requests
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.resources:
limits:
cpu: 100m
memory: 250MB
requests:
cpu: 25m
memory: 100MB
asserts:
- equal:
path: spec.template.spec.containers[0].env
value:
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
divisor: "1"
resource: limits.cpu
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[0].resources
value:
limits:
cpu: 100m
memory: 250MB
requests:
cpu: 25m
memory: 100MB
template: templates/deployment.yaml
- it: Test custom securityContext
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.securityContext:
capabilities:
add:
- NET_RAW
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
capabilities:
add:
- NET_RAW
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
template: templates/deployment.yaml
- it: Test dnsConfig
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.dnsConfig:
nameservers:
- "8.8.8.8"
- "8.8.4.4"
asserts:
- equal:
path: spec.template.spec.dnsConfig
value:
nameservers:
- "8.8.8.8"
- "8.8.4.4"
template: templates/deployment.yaml
- it: Test dnsPolicy
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.dnsPolicy: ClusterFirst
asserts:
- equal:
path: spec.template.spec.dnsPolicy
value: ClusterFirst
template: templates/deployment.yaml
- it: Test hostNetwork, hostname, subdomain
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.hostNetwork: true
deployment.hostname: pg-exporter
deployment.subdomain: exporters.internal
asserts:
- equal:
path: spec.template.spec.hostNetwork
value: true
template: templates/deployment.yaml
- equal:
path: spec.template.spec.hostname
value: pg-exporter
template: templates/deployment.yaml
- equal:
path: spec.template.spec.subdomain
value: exporters.internal
template: templates/deployment.yaml
- it: Test imagePullSecrets
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.imagePullSecrets:
- name: my-pull-secret
- name: my-special-secret
asserts:
- equal:
path: spec.template.spec.imagePullSecrets
value:
- name: my-pull-secret
- name: my-special-secret
template: templates/deployment.yaml
- it: Test nodeSelector
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.nodeSelector:
foo: bar
asserts:
- equal:
path: spec.template.spec.nodeSelector
value:
foo: bar
template: templates/deployment.yaml
- it: Test priorityClassName
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.priorityClassName: my-priority
asserts:
- equal:
path: spec.template.spec.priorityClassName
value: my-priority
template: templates/deployment.yaml
- it: Test restartPolicy
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.restartPolicy: Always
asserts:
- equal:
path: spec.template.spec.restartPolicy
value: Always
template: templates/deployment.yaml
- it: Test terminationGracePeriodSeconds
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.terminationGracePeriodSeconds: 120
asserts:
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 120
template: templates/deployment.yaml
- it: Test tolerations
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.tolerations:
- key: database/type
operator: Equal
value: postgres
effect: NoSchedule
asserts:
- equal:
path: spec.template.spec.tolerations
value:
- key: database/type
operator: Equal
value: postgres
effect: NoSchedule
template: templates/deployment.yaml
- it: Test topologySpreadConstraints
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.topologySpreadConstraints:
- topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: athens-proxy
asserts:
- equal:
path: spec.template.spec.topologySpreadConstraints
value:
- topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: athens-proxy
template: templates/deployment.yaml
- it: Test additional volumeMounts and volumes
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.volumeMounts:
- name: data
mountPath: /usr/lib/athens-proxy/data
deployment.volumes:
- name: data
hostPath:
path: /usr/lib/athens-proxy/data
asserts:
- equal:
path: spec.template.spec.containers[0].volumeMounts
value:
- name: data
mountPath: /usr/lib/athens-proxy/data
template: templates/deployment.yaml
- equal:
path: spec.template.spec.volumes
value:
- name: data
hostPath:
path: /usr/lib/athens-proxy/data
template: templates/deployment.yaml

View File

@@ -0,0 +1,105 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Rendering default without mounted download mode config map
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: download-mode
mountPath: /etc/athens/config/download-mode.d
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.volumes
content:
name: download-mode
configMap:
name: athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- it: Rendering default with mounted gitconfig configMap
set:
config.downloadMode.enabled: true
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: download-mode
mountPath: /etc/athens/config/download-mode.d
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: download-mode
configMap:
items:
- key: downloadMode
mode: 0644
path: download-mode
name: athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- it: Rendering with custom download mode configMap
set:
config.downloadMode.enabled: true
config.downloadMode.existingConfigMap.enabled: true
config.downloadMode.existingConfigMap.configMapName: "my-custom-configmap"
config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: download-mode
mountPath: /etc/athens/config/download-mode.d
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: download-mode
configMap:
items:
- key: "my-custom-download-mode-filename-key"
path: "download-mode"
mode: 0644
name: my-custom-configmap
template: templates/deployment.yaml

View File

@@ -0,0 +1,51 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/deployment.yaml
- templates/secretEnv.yaml
tests:
- it: Rendering default without mounted env secret
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: athens-proxy-unittest-env
template: templates/deployment.yaml
- it: Rendering default with mounted env secret
set:
config.env.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: athens-proxy-unittest-env
template: templates/deployment.yaml
- it: Rendering default with mounted env secret
set:
config.env.enabled: true
config.env.existingSecret.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: athens-proxy-unittest-env
template: templates/deployment.yaml

View File

@@ -0,0 +1,100 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Rendering default without mounted git config map
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.gitconfig
subPath: .gitconfig
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- configMap:
items:
- key: .gitconfig
path: .gitconfig
mode: 0600
name: athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- it: Rendering default with mounted gitconfig configMap
set:
config.gitConfig.enabled: true
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.gitconfig
subPath: .gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- configMap:
items:
- key: .gitconfig
path: .gitconfig
mode: 0644
name: athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- it: Rendering with custom gitconfig configMap
set:
config.gitConfig.enabled: true
config.gitConfig.existingConfigMap.enabled: true
config.gitConfig.existingConfigMap.configMapName: "my-custom-configmap"
config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.gitconfig
subPath: .gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- configMap:
items:
- key: my-gitconfig-key
path: .gitconfig
mode: 0644
name: my-custom-configmap
template: templates/deployment.yaml

View File

@@ -0,0 +1,99 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Rendering default without mounted netrc secret
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: netrc
mountPath: /root
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: .netrc
path: .netrc
mode: 0600
name: athens-proxy-unittest-netrc
template: templates/deployment.yaml
- it: Rendering default with mounted netrc secret
set:
config.netrc.enabled: true
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.netrc
subPath: .netrc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: .netrc
path: .netrc
mode: 0600
name: athens-proxy-unittest-netrc
template: templates/deployment.yaml
- it: Rendering with custom netrc secret
set:
config.netrc.enabled: true
config.netrc.existingSecret.enabled: true
config.netrc.existingSecret.secretName: "my-custom-secret"
config.netrc.existingSecret.netrcKey: "my-netrc-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.netrc
subPath: .netrc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: my-netrc-key
path: .netrc
mode: 0600
name: my-custom-secret
template: templates/deployment.yaml

View File

@@ -0,0 +1,77 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Test persistent volume claim
set:
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_STORAGE_TYPE
value: disk
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DISK_STORAGE_ROOT
value: /var/www/athens-proxy/data
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /var/www/athens-proxy/data
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: athens-proxy-unittest-data
template: templates/deployment.yaml
- it: Test existing persistent volume claim
set:
config.netrc.enabled: true
persistence.enabled: true
persistence.data.mountPath: "/mnt/go-proxy/data"
persistence.data.existingPersistentVolumeClaim.enabled: true
persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName: "my-special-pvc"
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_STORAGE_TYPE
value: disk
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DISK_STORAGE_ROOT
value: /mnt/go-proxy/data
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /mnt/go-proxy/data
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: my-special-pvc
template: templates/deployment.yaml

View File

@@ -0,0 +1,254 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Rendering default without mounted ssh secret
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/config
subPath: config
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519
subPath: id_ed25519
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519.pub
subPath: id_ed25519.pub
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa
subPath: id_rsa
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa.pub
subPath: id_rsa.pub
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: config
path: config
mode: 0644
- key: id_ed25519
path: id_ed25519
mode: 0600
- key: id_ed25519.pub
path: id_ed25519.pub
mode: 0644
- key: id_rsa
path: id_rsa
mode: 0600
- key: id_rsa.pub
path: id_rsa.pub
mode: 0644
name: athens-proxy-unittest-ssh
template: templates/deployment.yaml
- it: Rendering default with mounted ssh config
set:
config.ssh.enabled: true
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/config
subPath: config
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: config
path: config
mode: 0600
name: athens-proxy-unittest-ssh
template: templates/deployment.yaml
- it: Rendering default with mounted ssh keys
set:
config.ssh.enabled: true
config.ssh.secret.id_ed25519: foo
config.ssh.secret.id_ed25519_pub: bar
config.ssh.secret.id_rsa: foo
config.ssh.secret.id_rsa_pub: bar
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/config
subPath: config
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519
subPath: id_ed25519
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519.pub
subPath: id_ed25519.pub
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa
subPath: id_rsa
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa.pub
subPath: id_rsa.pub
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: config
path: config
mode: 0600
- key: id_ed25519
path: id_ed25519
mode: 0600
- key: id_ed25519.pub
path: id_ed25519.pub
mode: 0644
- key: id_rsa
path: id_rsa
mode: 0600
- key: id_rsa.pub
path: id_rsa.pub
mode: 0644
name: athens-proxy-unittest-ssh
template: templates/deployment.yaml
- it: Rendering with custom ssh secret
set:
config.ssh.enabled: true
config.ssh.existingSecret.enabled: true
config.ssh.existingSecret.secretName: "my-custom-secret"
config.ssh.existingSecret.configKey : "my-config-key"
config.ssh.existingSecret.id_ed25519Key : "my-private-ed25519-key"
config.ssh.existingSecret.id_ed25519PubKey : "my-public-ed25519-key"
config.ssh.existingSecret.id_rsaKey : "my-private-rsa-key"
config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/config
subPath: config
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519
subPath: id_ed25519
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519.pub
subPath: id_ed25519.pub
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa
subPath: id_rsa
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa.pub
subPath: id_rsa.pub
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: my-config-key
path: config
mode: 0600
- key: my-private-ed25519-key
path: id_ed25519
mode: 0600
- key: my-public-ed25519-key
path: id_ed25519.pub
mode: 0644
- key: my-private-rsa-key
path: id_rsa
mode: 0600
- key: my-public-rsa-key
path: id_rsa.pub
mode: 0644
name: my-custom-secret
template: templates/deployment.yaml

116
unittests/hpa/default.yaml Normal file
View File

@@ -0,0 +1,116 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: HPA template (basic)
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/hpa.yaml
tests:
- it: Skip rendering by default.
asserts:
- hasDocuments:
count: 0
- it: Rendering when enabled - default
set:
hpa.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- contains:
path: spec.metrics
content:
resource:
name: cpu
target:
averageUtilization: 65
type: Utilization
type: Resource
- equal:
path: spec.maxReplicas
value: 10
- equal:
path: spec.minReplicas
value: 1
- equal:
path: spec.scaleTargetRef
value:
apiVersion: apps/v1
kind: Deployment
name: athens-proxy-unittest
- it: Rendering when enabled - custom values
set:
hpa.enabled: true
hpa.annotations:
foo: bar
hpa.labels:
bar: foo
hpa.maxReplicas: 25
hpa.minReplicas: 5
hpa.metrics:
- resource:
name: memory
target:
averageUtilization: 65
type: Utilization
type: Resource
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
name: athens-proxy-unittest
namespace: testing
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
bar: foo
helm.sh/chart: athens-proxy-0.1.0
- contains:
path: spec.metrics
content:
resource:
name: memory
target:
averageUtilization: 65
type: Utilization
type: Resource
- equal:
path: spec.maxReplicas
value: 25
- equal:
path: spec.minReplicas
value: 5
- equal:
path: spec.scaleTargetRef
value:
apiVersion: apps/v1
kind: Deployment
name: athens-proxy-unittest

View File

@@ -0,0 +1,139 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Ingress template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/ingress.yaml
tests:
- it: Skip ingress by default.
asserts:
- hasDocuments:
count: 0
- it: Skip ingress, when service is disabled.
set:
services.http.enabled: false
ingress.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Render ingress with default values.
set:
ingress.enabled: true
ingress.hosts:
- host: athens-proxy.example.local
paths:
- path: /
pathType: Prefix
ingress.tls:
- secretName: athens-proxy-http-tls
hosts:
- athens-proxy.example.local
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: Ingress
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: spec.ingressClassName
value: nginx
- contains:
path: spec.rules
content:
host: athens-proxy.example.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: athens-proxy-unittest-http
port:
number: 3000
- contains:
path: spec.tls
content:
hosts:
- athens-proxy.example.local
secretName: athens-proxy-http-tls
- it: Render ingress with custom values.
set:
ingress.enabled: true
ingress.annotations:
foo: bar
ingress.className: nginx
ingress.labels:
bar: foo
ingress.hosts:
- host: athens-proxy.example.local
paths:
- path: /
pathType: Prefix
ingress.tls:
- secretName: athens-proxy-http-tls
hosts:
- athens-proxy.example.local
services.http.port: 8080
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: Ingress
name: athens-proxy-unittest
namespace: testing
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
bar: foo
- equal:
path: spec.ingressClassName
value: nginx
- contains:
path: spec.rules
content:
host: athens-proxy.example.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: athens-proxy-unittest-http
port:
number: 8080
- contains:
path: spec.tls
content:
hosts:
- athens-proxy.example.local
secretName: athens-proxy-http-tls

View File

@@ -0,0 +1,98 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: NetworkPolicy template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/networkPolicy.yaml
tests:
- it: Skip rendering networkPolicy
set:
networkPolicy.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Render default networkPolicy
set:
networkPolicy.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: spec.podSelector.matchLabels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/name: athens-proxy
- notExists:
path: spec.policyTypes
- notExists:
path: spec.egress
- notExists:
path: spec.ingress
- it: Template networkPolicy with policyTypes, egress and ingress configuration
set:
networkPolicy.enabled: true
networkPolicy.policyTypes:
- Egress
- Ingress
networkPolicy.ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: monitoring
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
networkPolicy.egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
asserts:
- equal:
path: spec.policyTypes
value:
- Egress
- Ingress
- equal:
path: spec.egress
value:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
- equal:
path: spec.ingress
value:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: monitoring
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus

View File

@@ -0,0 +1,90 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: PersistentVolumeClaim template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/persistentVolumeClaim.yaml
tests:
- it: Rendering default
asserts:
- hasDocuments:
count: 0
- it: Rendering with enabled persistent storage
set:
persistence.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: PersistentVolumeClaim
name: athens-proxy-unittest-data
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: spec.accessModes
value:
- ReadWriteMany
- isSubset:
path: spec.resources
content:
requests:
storage: 5Gi
- notExists:
path: spec.storageClassName
- it: Rendering with custom enabled persistent storage
set:
persistence.enabled: true
persistence.data.persistentVolumeClaim.annotations:
foo: bar
persistence.data.persistentVolumeClaim.labels:
bar: foo
persistence.data.persistentVolumeClaim.storageClassName: my-storage-class
persistence.data.persistentVolumeClaim.storageSize: 10Gi
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: PersistentVolumeClaim
name: athens-proxy-unittest-data
namespace: testing
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
bar: foo
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: spec.accessModes
value:
- ReadWriteMany
- isSubset:
path: spec.resources
content:
requests:
storage: 10Gi
- equal:
path: spec.storageClassName
value: my-storage-class

View File

@@ -0,0 +1,77 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Secret environment variables
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/secretEnv.yaml
tests:
- it: Skip rendering by default
asserts:
- hasDocuments:
count: 0
- it: Skip rendering by using existing secret.
set:
config.env.enabled: true
config.env.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering env secret with default values.
set:
config.env.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Secret
name: athens-proxy-unittest-env
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- isNullOrEmpty:
path: stringData
- it: Rendering env secret with custom values.
set:
config.env.enabled: true
config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token
asserts:
- isSubset:
path: stringData
content:
ATHENS_GITHUB_TOKEN: my-secret-token
- it: Rendering custom annotations and labels.
set:
config.env.enabled: true
config.env.secret.annotations:
foo: bar
bar: foo
config.env.secret.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo

View File

@@ -0,0 +1,93 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Secret netrc template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/secretNetRC.yaml
tests:
- it: Skip rendering by default
asserts:
- hasDocuments:
count: 0
- it: Skip rendering by using existing secret.
set:
config.netrc.enabled: true
config.netrc.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering netrc secret with default values.
set:
config.netrc.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Secret
name: athens-proxy-unittest-netrc
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: stringData[".netrc"]
value: |
# The .netrc file
#
# The .netrc file contains login and initialization information used by the auto-login process. It generally
# resides in the user's home directory, but a location outside of the home directory can be set using the
# environment variable NETRC. Both locations are overridden by the command line option -N. The selected file
# must be a regular file, or access will be denied.
#
# https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
#
# default login [name] password [password/token]
# machine github.com [octocat] password [PAT]
# machine api.github.com [octocat] password [PAT]
- it: Rendering netrc secret with custom values.
set:
config.netrc.enabled: true
config.netrc.secret.content: |
default github.com hugo password kinnock
default api.github.com hugo password kinnock
asserts:
- equal:
path: stringData[".netrc"]
value: |
default github.com hugo password kinnock
default api.github.com hugo password kinnock
- it: Rendering custom annotations and labels.
set:
config.netrc.enabled: true
config.netrc.secret.annotations:
foo: bar
bar: foo
config.netrc.secret.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo

119
unittests/secrets/ssh.yaml Normal file
View File

@@ -0,0 +1,119 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Secret ssh template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/secretSSH.yaml
tests:
- it: Skip rending by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rendering by using existing secret.
set:
config.ssh.enabled: true
config.ssh.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering ssh secret with default values.
set:
config.ssh.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Secret
name: athens-proxy-unittest-ssh
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: stringData.config
value: |
# Host *
# IdentityFile ~/.ssh/id_ed25519
# IdentityFile ~/.ssh/id_rsa
- notExists:
path: stringData.id_ed25519
- notExists:
path: stringData["id_ed25519.pub"]
- notExists:
path: stringData.id_rsa
- notExists:
path: stringData["id_rsa.pub"]
- it: Rendering ssh secret with custom values.
set:
config.ssh.enabled: true
config.ssh.secret.config: |
Host *
IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_rsa
config.ssh.secret.id_ed25519: |
my-private-25519-key
config.ssh.secret.id_ed25519_pub: |
my-public-25519-key
config.ssh.secret.id_rsa: |
my-private-rsa-key
config.ssh.secret.id_rsa_pub: |
my-public-rsa-key
asserts:
- equal:
path: stringData.config
value: |
Host *
IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_rsa
- equal:
path: stringData.id_ed25519
value: |
my-private-25519-key
- equal:
path: stringData["id_ed25519.pub"]
value: |
my-public-25519-key
- equal:
path: stringData.id_rsa
value: |
my-private-rsa-key
- equal:
path: stringData["id_rsa.pub"]
value: |
my-public-rsa-key
- it: Rendering custom annotations and labels.
set:
config.ssh.enabled: true
config.ssh.secret.annotations:
foo: bar
bar: foo
config.ssh.secret.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo

View File

@@ -0,0 +1,79 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ServiceAccount athens-proxy template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/serviceAccount.yaml
tests:
- it: Skip rendering.
set:
serviceAccount.existing.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering serviceAccount with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ServiceAccount
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- notExists:
path: metadata.labels
- equal:
path: automountServiceAccountToken
value: true
- notExists:
path: imagePullSecrets
- notExists:
path: secrets
- it: Rendering serviceAccount with custom values.
set:
serviceAccount.new.annotations:
foo: bar
serviceAccount.new.labels:
bar: foo
serviceAccount.new.automountServiceAccountToken: false
serviceAccount.new.imagePullSecrets:
- name: "my-pull-secret"
serviceAccount.new.secrets:
- name: "my-secret"
namespace: "my-namespace"
fieldPath: "my-path"
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
bar: foo
- equal:
path: metadata.name
value: athens-proxy-unittest
- equal:
path: automountServiceAccountToken
value: false
- equal:
path: imagePullSecrets
value:
- name: "my-pull-secret"
- equal:
path: secrets
value:
- name: "my-secret"
namespace: "my-namespace"
fieldPath: "my-path"

View File

@@ -0,0 +1,174 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Service http template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/serviceHTTP.yaml
tests:
- it: Skip service when disabled.
set:
services.http.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Rendering service with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Service
name: athens-proxy-unittest-http
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/service-name: http
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- notExists:
path: spec.externalIPs
- notExists:
path: spec.externalTrafficPolicy
- equal:
path: spec.internalTrafficPolicy
value: Cluster
- notExists:
path: spec.ipFamilies
- notExists:
path: spec.loadBalancerClass
- notExists:
path: spec.loadBalancerIP
- notExists:
path: spec.loadBalancerSourceRanges
- equal:
path: spec.ports[0].name
value: http
- equal:
path: spec.ports[0].protocol
value: TCP
- equal:
path: spec.ports[0].port
value: 3000
- equal:
path: spec.selector
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/name: athens-proxy
- equal:
path: spec.sessionAffinity
value: None
- notExists:
path: spec.sessionAffinityConfig
- equal:
path: spec.type
value: ClusterIP
- it: Require internalTrafficPolicy.
set:
services.http.internalTrafficPolicy: ""
asserts:
- failedTemplate:
errorMessage: No internal traffic policy defined!
- it: Require port.
set:
services.http.port: ""
asserts:
- failedTemplate:
errorMessage: No service port defined!
- it: Require sessionAffinity.
set:
services.http.sessionAffinity: ""
asserts:
- failedTemplate:
errorMessage: No session affinity defined!
- it: Require service type.
set:
services.http.type: ""
asserts:
- failedTemplate:
errorMessage: No service type defined!
- it: Render service with custom annotations and labels.
set:
services.http.annotations:
foo: bar
services.http.labels:
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/service-name: http
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
bar: foo
- it: Change defaults
set:
services.http.externalIPs:
- "10.11.12.13/32"
services.http.externalTrafficPolicy: Local
services.http.internalTrafficPolicy: Local
services.http.ipFamilies:
- IPv4
services.http.loadBalancerClass: aws
services.http.loadBalancerIP: "11.12.13.14"
services.http.loadBalancerSourceRanges:
- "11.12.0.0/17"
services.http.port: 10443
services.http.sessionAffinity: ClientIP
services.http.type: LoadBalancer
asserts:
- equal:
path: spec.externalIPs
value:
- 10.11.12.13/32
- equal:
path: spec.externalTrafficPolicy
value: Local
- equal:
path: spec.internalTrafficPolicy
value: Local
- equal:
path: spec.ipFamilies
value:
- IPv4
- equal:
path: spec.loadBalancerClass
value: aws
- equal:
path: spec.loadBalancerIP
value: "11.12.13.14"
- equal:
path: spec.loadBalancerSourceRanges
value:
- "11.12.0.0/17"
- equal:
path: spec.ports[0].port
value: 10443
- equal:
path: spec.sessionAffinity
value: ClientIP
- equal:
path: spec.type
value: LoadBalancer

View File

@@ -1,36 +1,104 @@
affinity: {}
image:
repository: docker.io/gomods/athens
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
# Declare variables to be passed into your templates.
## @section Global
## @param nameOverride Individual release name suffix.
## @param fullnameOverride Override the complete release name logic.
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
## @section Certificate
certificate:
## @param certificate.enabled Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added.
enabled: false
podPriorityClassName: ""
## @param certificate.existingSecret.enabled Use an existing secret of the type `kubernetes.io/tls`.
## @param certificate.existingSecret.secretName Name of the secret containing the TLS certificate and private key.
existingSecret:
enabled: false
secretName: ""
podSecurityContext: {}
# fsGroup: 2000
## @param certificate.new.annotations Additional certificate annotations.
## @param certificate.new.labels Additional certificate labels.
## @param certificate.new.duration Duration of the TLS certificate.
## @param certificate.new.renewBefore Renew TLS certificate before expiring.
## @param certificate.new.dnsNames Overwrites the default of the subject alternative DNS names.
## @param certificate.new.ipAddresses Overwrites the default of the subject alternative IP addresses.
## @param certificate.new.issuerRef.kind Issuer kind. Can be `Issuer` or `ClusterIssuer`.
## @param certificate.new.issuerRef.name Name of the `Issuer` or `ClusterIssuer`.
## @param certificate.new.privateKey.algorithm Algorithm of the private TLS key.
## @param certificate.new.privateKey.rotationPolicy Rotation of the private TLS key.
## @param certificate.new.privateKey.size Size of the private TLS key.
## @param certificate.new.secretTemplate.annotations Additional annotation of the created secret.
## @param certificate.new.secretTemplate.labels Additional labels of the created secret.
## @param certificate.new.subject.countries List of countries.
## @param certificate.new.subject.localities List of localities.
## @param certificate.new.subject.organizationalUnits List of organizationalUnits.
## @param certificate.new.subject.organizations List of organizations.
## @param certificate.new.subject.postalCodes List of postalCodes.
## @param certificate.new.subject.provinces List of provinces.
## @param certificate.new.subject.serialNumber Serial number.
## @param certificate.new.subject.streetAddresses List of streetAddresses.
## @param certificate.new.usages Define the usage of the TLS key.
new:
annotations: {}
labels: {}
duration: "744h" # 31 days
renewBefore: "672h" # 28 days
dnsNames: []
# The following DNS names are already part of the SAN's and serves only as example.
# - "athens-proxy"
# - "athens-proxy.svc"
# - "athens-proxy.svc.namespace"
# - "athens-proxy.svc.namespace.cluster.local"
ipAddresses: []
# The following IP addresses serves only as example.
# - "10.92.1.10"
# - "2001:0db8:85a3:08d3:1319:8a2e:0370:7344"
issuerRef:
kind: ""
name: ""
privateKey:
algorithm: "RSA"
rotationPolicy: "Never"
size: 4096
secretTemplate:
annotations: {}
labels: {}
subject:
countries: []
localities: []
organizationalUnits: []
organizations: []
postalCodes: []
provinces: []
serialNumber: ""
streetAddresses: []
usages:
- "client auth"
- "server auth"
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
## @section Configuration
config:
env:
## @param config.env.enabled Enable mounting of the secret as environment variables.
enabled: false
config: {}
## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables.
## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables.
existingSecret:
enabled: false
secretName: ""
## @param config.env.secret.annotations Additional annotations of the secret containing the database credentials.
## @param config.env.secret.labels Additional labels of the secret containing the database credentials.
## @param config.env.secret.envs List of environment variables stored in a secret and mounted into the container.
secret:
annotations: {}
labels: {}
envs: {}
# ATHENS_AZURE_ACCOUNT_KEY:
# ATHENS_AZURE_ACCOUNT_NAME:
# ATHENS_AZURE_CONTAINER_NAME:
# ATHENS_CLOUD_RUNTIME:
# ATHENS_DOWNLOAD_MODE:
# ATHENS_DOWNLOAD_URL:
# ATHENS_ETCD_ENDPOINTS:
# ATHENS_EXTERNAL_STORAGE_URL:
@@ -67,7 +135,6 @@ config: {}
# ATHENS_MONGO_DEFAULT_DATABASE:
# ATHENS_MONGO_INSECURE:
# ATHENS_MONGO_STORAGE_URL:
# ATHENS_NETRC_PATH:
# ATHENS_PATH_PREFIX:
# ATHENS_PORT:
# ATHENS_PROTOCOL_WORKERS:
@@ -80,11 +147,8 @@ config: {}
# ATHENS_STATS_EXPORTER:
# ATHENS_STORAGE_GCP_BUCKET:
# ATHENS_STORAGE_GCP_JSON_KEY:
# ATHENS_STORAGE_TYPE:
# ATHENS_SUM_DBS:
# ATHENS_TIMEOUT:
# ATHENS_TLSCERT_FILE:
# ATHENS_TLSKEY_FILE:
# ATHENS_TRACE_EXPORTER_URL:
# ATHENS_TRACE_EXPORTER:
# AWS_ACCESS_KEY_ID:
@@ -102,86 +166,530 @@ config: {}
# MY_S3_BUCKET_NAME:
# PROXY_FORCE_SSL:
replicaCount: 1
downloadMode:
## @param config.downloadMode.enabled Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined.
enabled: false
serviceAccount:
## @param config.downloadMode.existingConfigMap.enabled Enable to use an external config map for mounting the download mode file.
## @param config.downloadMode.existingConfigMap.configMapName The name of the existing config map which should be used to mount the download mode file.
## @param config.downloadMode.existingConfigMap.downloadModeKey The name of the key inside the config map where the content of the download mode file is stored.
existingConfigMap:
enabled: false
configMapName: ""
downloadModeKey: "downloadMode"
## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file.
## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file.
## @skip config.downloadMode.configMap.content The content of the download mode file.
configMap:
annotations: {}
labels: {}
content: |
downloadURL = "https://proxy.golang.org"
service:
mode = "async_redirect"
# download "github.com/gomods/*" {
# mode = "sync"
# }
#
# download "golang.org/x/*" {
# mode = "none"
# }
#
# download "github.com/pkg/*" {
# mode = "redirect"
# downloadURL = "https://proxy.golang.org"
# }
gitConfig:
## @param config.gitConfig.enabled Enable mounting of a .gitconfig file into the container file system.
enabled: false
## @param config.gitConfig.existingConfigMap.enabled Enable to use an external config map for mounting the .gitconfig file.
## @param config.gitConfig.existingConfigMap.configMapName The name of the existing config map which should be used to mount the .gitconfig file.
## @param config.gitConfig.existingConfigMap.gitConfigKey The name of the key inside the config map where the content of the .gitconfig file is stored.
existingConfigMap:
enabled: false
configMapName: ""
gitConfigKey:
## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the .gitconfig file.
## @param config.gitConfig.configMap.labels Additional labels of the config map containing the .gitconfig file.
## @skip config.gitConfig.configMap.content The content of the .gitconfig file.
configMap:
annotations: {}
# externalIPs: []
# externalTrafficPolicy: "Cluster"
# loadBalancerClass: ""
# loadBalancerIP: ""
# loadBalancerSourceRanges: []
# internalTrafficPolicy: "Cluster"
name: http
targetPort: 3000
type: ClusterIP
port: 3000
labels: {}
content: |
# The .gitconfig file
#
# The .gitconfig file contains the user specific git configuration. It generally resides in the user's home
# directory.
#
# [url "git@github.com:"] insteadOf = https://github.com/
netrc:
## @param config.netrc.enabled Enable mounting of a .netrc file into the container file system.
enabled: false
## @param config.netrc.existingSecret.enabled Enable to use an external secret for mounting the .netrc file.
## @param config.netrc.existingSecret.secretName The name of the existing secret which should be used to mount the .netrc file.
## @param config.netrc.existingSecret.netrcKey The name of the key inside the secret where the content of the .netrc file is stored.
existingSecret:
enabled: false
secretName: ""
netrcKey: ".netrc"
## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials.
## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials.
## @skip config.netrc.secret.content The content of the .netrc file.
secret:
annotations: {}
labels: {}
content: |
# The .netrc file
#
# The .netrc file contains login and initialization information used by the auto-login process. It generally
# resides in the user's home directory, but a location outside of the home directory can be set using the
# environment variable NETRC. Both locations are overridden by the command line option -N. The selected file
# must be a regular file, or access will be denied.
#
# https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
#
# default login [name] password [password/token]
# machine github.com [octocat] password [PAT]
# machine api.github.com [octocat] password [PAT]
ssh:
## @param config.ssh.enabled Enable mounting of a .netrc file into the container file system.
enabled: false
## @param config.ssh.existingSecret.enabled Enable to use an external secret for mounting the public and private SSH key files.
## @param config.ssh.existingSecret.secretName The name of the existing secret which should be used to mount the public and private SSH key files.
## @param config.ssh.existingSecret.configKey The name of the key inside the secret where the content of the SSH client config file is stored.
## @param config.ssh.existingSecret.id_ed25519Key The name of the key inside the secret where the content of the id_ed25519 key file is stored.
## @param config.ssh.existingSecret.id_ed25519PubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.
## @param config.ssh.existingSecret.id_rsaKey The name of the key inside the secret where the content of the id_rsa key file is stored.
## @param config.ssh.existingSecret.id_rsaPubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.
existingSecret:
enabled: false
secretName: ""
configKey: "config"
id_ed25519Key: "id_ed25519"
id_ed25519PubKey: "id_ed25519.pub"
id_rsaKey: "id_rsa"
id_rsaPubKey: "id_rsa.pub"
## @param config.ssh.secret.annotations Additional annotations of the secret containing the public and private SSH key files.
## @param config.ssh.secret.labels Additional labels of the secret containing the public and private SSH key files.
## @skip config.ssh.secret.config The content of the SSH client config file.
## @skip config.ssh.secret.id_ed25519 The content of the private SSH ed25519 key.
## @skip config.ssh.secret.id_ed25519_pub The content of the public SSH ed25519 key.
## @skip config.ssh.secret.id_rsa The content of the private SSH RSA key.
## @skip config.ssh.secret.id_rsa_pub The content of the public SSH RSA key.
secret:
annotations: {}
labels: {}
config: |
# Host *
# IdentityFile ~/.ssh/id_ed25519
# IdentityFile ~/.ssh/id_rsa
id_ed25519: ""
id_ed25519_pub: ""
id_rsa: ""
id_rsa_pub: ""
## @section Deployment
deployment:
## @param deployment.annotations Additional deployment annotations.
## @param deployment.labels Additional deployment labels.
annotations: {}
labels: {}
## @param deployment.additionalContainers List of additional containers.
additionalContainers: []
# - command: [ "sh", "-c", "echo hello world" ]
# image: "docker.io/library/busybox:latest"
# name: side-car
## @param deployment.affinity Affinity for the athens-proxy deployment.
affinity: {}
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/os
# operator: In
# values:
# - linux
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 20
# preference:
# matchExpressions:
# - key: kubernetes.io/arch
# operator: In
# values:
# - amd64
## @param deployment.initContainers List of additional init containers.
initContainers: []
# - command: [ "sh", "-c", "echo hello world" ]
# image: "docker.io/library/busybox:latest"
# name: init
## @param deployment.dnsConfig dnsConfig of the athens-proxy deployment.
dnsConfig: {}
# nameservers:
# - 192.0.2.1 # this is an example
# searches:
# - ns1.svc.cluster-domain.example
# - my.dns.search.suffix
# options:
# - name: ndots
# value: "2"
# - name: edns0
## @param deployment.dnsPolicy dnsPolicy of the athens-proxy deployment.
dnsPolicy: ""
## @param deployment.hostname Individual hostname of the pod.
## @param deployment.subdomain Individual domain of the pod.
hostname: ""
subdomain: ""
## @param deployment.hostNetwork Use the kernel network namespace of the host system.
hostNetwork: false
## @param deployment.imagePullSecrets Secret to use for pulling the image.
imagePullSecrets: []
# - name: "my-custom-secret"
athensProxy:
## @param deployment.athensProxy.args Arguments passed to the athens-proxy container.
args: []
## @param deployment.athensProxy.command Command passed to the athens-proxy container.
command: []
## @param deployment.athensProxy.env List of environment variables for the athens-proxy container.
env: []
# - name: SPECIAL_ENV_A
# value: special-key
# - name: SPECIAL_ENV
# valueFrom:
# configMapKeyRef:
# name: special-config
# key: special-key
# - name: SPECIAL_ENV
# valueFrom:
# secretKeyRef:
# name: special-secret
# key: special-key
## @param deployment.athensProxy.envFrom List of environment variables mounted from configMaps or secrets for the athens-proxy container.
envFrom: []
# - configMapRef:
# name: special-config
# - secretRef:
# name: special-secret
## @param deployment.athensProxy.image.registry Image registry, eg. `docker.io`.
## @param deployment.athensProxy.image.repository Image repository, eg. `library/busybox`.
## @param deployment.athensProxy.image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`.
## @param deployment.athensProxy.image.pullPolicy Image pull policy.
image:
registry: docker.io
repository: gomods/athens
tag: ""
pullPolicy: IfNotPresent
## @param deployment.athensProxy.resources CPU and memory resources of the pod.
resources: {}
# limits:
# cpu:
# ephemeral-storage:
# memory:
# requests:
# cpu:
# ephemeral-storage:
# memory:
## @param deployment.athensProxy.securityContext Security context of the container of the deployment.
securityContext: {}
# capabilities:
# add:
# - NET_RAW
# drop:
# - ALL
# privileged: false
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
## @param deployment.athensProxy.volumeMounts Additional volume mounts.
volumeMounts: []
# - name: my-configmap-volume
# mountPath: /configmap
# readOnly: true
## @param deployment.nodeSelector NodeSelector of the athens-proxy deployment.
nodeSelector: {}
## @param deployment.priorityClassName PriorityClassName of the athens-proxy deployment.
priorityClassName: ""
## @param deployment.replicas Number of replicas for the athens-proxy deployment.
replicas: 1
## @param deployment.restartPolicy Restart policy of the athens-proxy deployment.
restartPolicy: ""
## @param deployment.securityContext Security context of the athens-proxy deployment.
securityContext: {}
# fsGroup: 2000
## @param deployment.strategy.type Strategy type - `Recreate` or `RollingUpdate`.
## @param deployment.strategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update.
## @param deployment.strategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update.
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod.
terminationGracePeriodSeconds: 60
## @param deployment.tolerations Tolerations of the athens-proxy deployment.
tolerations: []
# - key: database/type
# operator: Equal
# value: postgres
# effect: NoSchedule
## @param deployment.topologySpreadConstraints TopologySpreadConstraints of the athens-proxy deployment.
topologySpreadConstraints: []
# - topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/instance: athens-proxy
## @param deployment.volumes Additional volumes to mount into the pods of the athens-proxy deployment.
volumes: []
# - name: my-configmap-volume
# config:
# name: my-configmap
# - name: my-secret-volume
# secret:
# secretName: my-secret
## @section Horizontal Pod Autoscaler (HPA)
# In order for the HPA to function successfully, a metric server is required, especially for resource consumption. The
# metric server enables the CPU and memory utilisation to be recorded. If such a metric server is not available, the HPA
# cannot scale pods based on CPU or memory utilisation. Further information be be found here:
# https://github.com/kubernetes-sigs/metrics-server#deployment
hpa:
## @param hpa.enabled Enable the horizontal pod autoscaler (HPA).
## @param hpa.annotations Additional annotations for the HPA.
## @param hpa.labels Additional labels for the HPA.
## @param hpa.metrics Metrics contains the specifications for which to use to calculate the desired replica count.
## @skip hpa.metrics Skip individual HPA metric configurations.
## @param hpa.minReplicas Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down.
## @param hpa.maxReplicas Upper limit for the number of pods that can be set by the autoscaler.
enabled: false
annotations: {}
labels: {}
metrics:
- resource:
name: cpu
target:
averageUtilization: 65
type: Utilization
type: Resource
# - resource:
# name: memory
# target:
# averageUtilization: 65
# type: Utilization
minReplicas: 1
maxReplicas: 10
## @section Ingress
ingress:
## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled.
## @param ingress.className Ingress class.
## @param ingress.annotations Additional ingress annotations.
## @param ingress.labels Additional ingress labels.
enabled: false
className: "nginx"
annotations: {}
# kubernetes.io/ingress.class: nginx
# cert-manager.io/issuer:
# kubernetes.io/tls-acme: "true"
hosts:
- host: "your-hostname"
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: "your-tls-secret"
hosts:
- "your-hostname"
labels: {}
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## @param ingress.hosts Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k.
## @skip ingress.hosts Skip individual host configuration.
hosts: []
# - host: athens-proxy.example.local
# paths:
# - path: /
# pathType: Prefix
nodeSelector:
kubernetes.io/arch: amd64
## @param ingress.tls Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``.
## @skip ingress.tls Skip individual TLS configuration.
tls: []
# - secretName: athens-proxy-http-tls
# hosts:
# - athens-proxy.example.local
tolerations: []
## @section Persistence
persistence:
## @param persistence.enabled Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined.
enabled: false
# extra volumes for the pod
extraVolumes: {}
# The following example mount the same secret, which contains tls certificates
# under different names. Each volume mount contains only selected items of the
# secret. This make it easier to place the items on different locations inside the
# container filesystem via extraVolumeMounts.
# - name: custom-ca-anchor
# secret:
# secretName: athens-proxy-custom-tls-certificates
# items:
# - key: ca.crt
# path: ca.crt
# mode: 0444
# - name: custom-tls-certificates
# secret:
# secretName: athens-proxy-custom-tls-certificates
# items:
# - key: tls.key
# path: tls.key
# mode: 0400
# - key: tls.crt
# path: tls.crt
# mode: 0444
data:
## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`.
mountPath: "/var/www/athens-proxy/data"
extraVolumeMounts: {}
# The following example follows the example of extraVolumes and mounts the
# volumes to the corresponding paths in the container filesystem.
# - name: custom-ca-anchor
# mountPath: /usr/local/share/ca-certificates
# - name: custom-tls-certificates
# mountPath: /etc/athens-proxy/tls
## @param persistence.data.existingPersistentVolumeClaim.enabled Use an existing persistent volume claim.
## @param persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName The name of the existing persistent volume claim.
existingPersistentVolumeClaim:
enabled: false
persistentVolumeClaimName: ""
## @param persistence.data.persistentVolumeClaim.annotations Additional persistent volume claim annotations.
## @param persistence.data.persistentVolumeClaim.labels Additional persistent volume claim labels.
## @param persistence.data.persistentVolumeClaim.accessModes Access modes of the persistent volume claim.
## @param persistence.data.persistentVolumeClaim.storageClassName Storage class of the persistent volume claim.
## @param persistence.data.persistentVolumeClaim.storageSize Size of the persistent volume claim.
persistentVolumeClaim:
annotations: {}
labels: {}
accessModes:
- ReadWriteMany
storageClassName: ""
storageSize: "5Gi"
## @section Network
## @param clusterDomain Domain of the Cluster. Domain is part of internally issued certificates.
clusterDomain: "cluster.local"
## @section Network Policy
networkPolicy:
## @param networkPolicy.enabled Enable network policies in general.
## @param networkPolicy.annotations Additional network policy annotations.
## @param networkPolicy.labels Additional network policy labels.
## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
## @param networkPolicy.egress Concrete egress network policy implementation.
## @skip networkPolicy.egress Skip individual egress configuration.
## @param networkPolicy.ingress Concrete ingress network policy implementation.
## @skip networkPolicy.ingress Skip individual ingress configuration.
enabled: false
annotations: {}
labels: {}
policyTypes: []
# - Egress
# - Ingress
egress: []
# Allow outgoing HTTPS traffic to external go module servers
#
# - ports:
# - port: 443
# protocol: TCP
# Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
#
# - to:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: kube-system
# podSelector:
# matchLabels:
# k8s-app: kube-dns
# ports:
# - port: 53
# protocol: TCP
# - port: 53
# protocol: UDP
ingress: []
# Allow incoming HTTP traffic from prometheus.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: monitoring
# podSelector:
# matchLabels:
# app.kubernetes.io/name: prometheus
# ports:
# - port: http
# protocol: TCP
# Allow incoming HTTP traffic from ingress-nginx.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: ingress-nginx
# podSelector:
# matchLabels:
# app.kubernetes.io/name: ingress-nginx
# ports:
# - port: http
# protocol: TCP
## @section Service
## @param services.http.enabled Enable the service.
## @param services.http.annotations Additional service annotations.
## @param services.http.externalIPs External IPs for the service.
## @param services.http.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation.
## @param services.http.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic.
## @param services.http.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization.
## @param services.http.labels Additional service labels.
## @param services.http.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`.
## @param services.http.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.
## @param services.http.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.
## @param services.http.port Port to forward the traffic to.
## @param services.http.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.
## @param services.http.sessionAffinityConfig Contains the configuration of the session affinity.
## @param services.http.type Kubernetes service type for the traffic.
services:
http:
enabled: true
annotations: {}
externalIPs: []
externalTrafficPolicy: "Cluster"
internalTrafficPolicy: "Cluster"
ipFamilies: []
labels: {}
loadBalancerClass: ""
loadBalancerIP: ""
loadBalancerSourceRanges: []
port: 3000
sessionAffinity: "None"
sessionAffinityConfig: {}
type: "ClusterIP"
## @section ServiceAccount
serviceAccount:
## @param serviceAccount.existing.enabled Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations.
## @param serviceAccount.existing.serviceAccountName Name of the existing service account.
existing:
enabled: false
serviceAccountName: ""
## @param serviceAccount.new.annotations Additional service account annotations.
## @param serviceAccount.new.labels Additional service account labels.
## @param serviceAccount.new.automountServiceAccountToken Enable/disable auto mounting of the service account token.
## @param serviceAccount.new.imagePullSecrets ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount.
## @param serviceAccount.new.secrets Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.
new:
annotations: {}
labels: {}
automountServiceAccountToken: true
imagePullSecrets: []
# - name: "my-image-pull-secret"
secrets: []
# - name: "my-secret"
# namespace: "my-namespace"
# fieldPath: "my-field"