You've already forked athens-proxy-charts
Compare commits
106 Commits
0.2.1
...
3f7476afc6
Author | SHA1 | Date | |
---|---|---|---|
3f7476afc6 | |||
530316e910
|
|||
4974d63a8c
|
|||
1bbd0352c3
|
|||
ccdf377aaa
|
|||
64790fc316
|
|||
2c88d6698b
|
|||
9abdb1ca3a
|
|||
81f14405fd | |||
7b37bfc373
|
|||
bba0df90ff
|
|||
cb312817c3
|
|||
fe428d83d2 | |||
4c94529eab
|
|||
297f36920a
|
|||
4102fc9014
|
|||
be923ed95f | |||
f07ff039ce
|
|||
a11be194cc
|
|||
7908de9313
|
|||
adfe40a9c7
|
|||
eadbcf243b
|
|||
0caa188bb1
|
|||
3bce806ed6
|
|||
5c09cf8c79
|
|||
d4b5c0c86f
|
|||
74598b4ee0
|
|||
b06c1962cc
|
|||
991c545c93
|
|||
7c60c70244
|
|||
0e048cdf4b
|
|||
89604cbe64
|
|||
f63450aec4
|
|||
d1e5accccb
|
|||
fbd846784c
|
|||
bab5282617
|
|||
307660c767
|
|||
59b43aac79
|
|||
85a38e7d22
|
|||
2005fb8e05
|
|||
5f78a0f071
|
|||
c157c8c210
|
|||
5b9fa88dd6 | |||
458037db70 | |||
b1bb94f0bd | |||
62a92fdabb
|
|||
a01b0143c0
|
|||
953fd85f53
|
|||
bf721d8af1
|
|||
60fdfd90e1
|
|||
71164d60ae
|
|||
a00d40b792
|
|||
d02f63be7a
|
|||
744938f8f4 | |||
e3185b2482
|
|||
e2fab050d3 | |||
83336c7f87
|
|||
1e2a31edaa | |||
0b39de958a | |||
a0abe49b23
|
|||
cc46ad7af1
|
|||
cd9a843a96 | |||
6b0d2ff350
|
|||
ccd7c9a1cd | |||
b169136c37
|
|||
9b4a708f29 | |||
053036bcd5 | |||
783e244cd3
|
|||
41da943040
|
|||
9ef0317677 | |||
5a890741e4 | |||
cd16ddc5d8
|
|||
fd4c9d7e62
|
|||
265ac3d9a9 | |||
7d20373804
|
|||
2117bbed96 | |||
a47f528585
|
|||
716f6b06c3 | |||
ee5111da20 | |||
d954b2e3e7
|
|||
840ee10717
|
|||
c5772856e3 | |||
f047c145e2
|
|||
7c0c6f4270 | |||
3cab48dd3c | |||
50e21e10d8
|
|||
5b70f5e5fa
|
|||
09d205316e
|
|||
c1e686fc2d
|
|||
cfb5978593
|
|||
e04a9baec1
|
|||
72908cae0b
|
|||
8c6f4db7f5
|
|||
5eae090f40
|
|||
60ed4abe97
|
|||
1179b51895
|
|||
1fcf9e7d4b
|
|||
00c2f285b1
|
|||
1077afb673
|
|||
a4d1611f44
|
|||
0950a51229
|
|||
ee9fa20df4
|
|||
848f9c9fd8
|
|||
2889a5390c
|
|||
14987d7265
|
|||
f9c03e8be4
|
106
.drone.yml
106
.drone.yml
@@ -1,106 +0,0 @@
|
||||
---
|
||||
kind: pipeline
|
||||
type: kubernetes
|
||||
name: linter
|
||||
|
||||
clone:
|
||||
disable: true
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: clone
|
||||
image: git.cryptic.systems/volker.raschek/git:1.4.0
|
||||
|
||||
- name: helm lint
|
||||
commands:
|
||||
- helm lint
|
||||
image: git.cryptic.systems/volker.raschek/helm:3.16.4
|
||||
resources:
|
||||
limits:
|
||||
cpu: 150
|
||||
memory: 150M
|
||||
|
||||
- name: markdown lint
|
||||
commands:
|
||||
- markdownlint *.md
|
||||
image: git.cryptic.systems/volker.raschek/markdownlint:0.43.0
|
||||
resources:
|
||||
limits:
|
||||
cpu: 150
|
||||
memory: 150M
|
||||
|
||||
- name: helm template
|
||||
commands:
|
||||
- helm template .
|
||||
image: git.cryptic.systems/volker.raschek/helm:3.16.4
|
||||
resources:
|
||||
limits:
|
||||
cpu: 150
|
||||
memory: 150M
|
||||
|
||||
- name: email-notification
|
||||
environment:
|
||||
SMTP_FROM_ADDRESS:
|
||||
from_secret: smtp_from_address
|
||||
SMTP_FROM_NAME:
|
||||
from_secret: smtp_from_name
|
||||
SMTP_HOST:
|
||||
from_secret: smtp_host
|
||||
SMTP_USERNAME:
|
||||
from_secret: smtp_username
|
||||
SMTP_PASSWORD:
|
||||
from_secret: smtp_password
|
||||
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
||||
resources:
|
||||
limits:
|
||||
cpu: 150
|
||||
memory: 150M
|
||||
when:
|
||||
status:
|
||||
- changed
|
||||
- failure
|
||||
|
||||
trigger:
|
||||
event:
|
||||
exclude:
|
||||
- tag
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: kubernetes
|
||||
name: release
|
||||
|
||||
clone:
|
||||
disable: true
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
|
||||
steps:
|
||||
- name: clone
|
||||
image: git.cryptic.systems/volker.raschek/git:1.4.0
|
||||
|
||||
- name: release-helm-chart
|
||||
commands:
|
||||
- helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
|
||||
- helm package --version ${DRONE_TAG} .
|
||||
- helm cm-push ${DRONE_REPO_NAME%-charts}-${DRONE_TAG}.tgz volker.raschek
|
||||
environment:
|
||||
HELM_REPO_PASSWORD:
|
||||
from_secret: helm_repo_password
|
||||
HELM_REPO_USERNAME:
|
||||
from_secret: helm_repo_username
|
||||
image: git.cryptic.systems/volker.raschek/helm:3.16.4
|
||||
resources:
|
||||
limits:
|
||||
cpu: 150
|
||||
memory: 150M
|
||||
|
||||
trigger:
|
||||
event:
|
||||
- tag
|
||||
repo:
|
||||
- volker.raschek/athens-proxy-charts
|
@@ -1,6 +1,3 @@
|
||||
# EditorConfig is awesome: https://EditorConfig.org
|
||||
|
||||
# top-most EditorConfig file
|
||||
root = true
|
||||
|
||||
[*]
|
||||
@@ -10,3 +7,6 @@ end_of_line = lf
|
||||
charset = utf-8
|
||||
trim_trailing_whitespace = true
|
||||
insert_final_newline = false
|
||||
|
||||
[Makefile]
|
||||
indent_style = tab
|
114
.gitea/scripts/add-annotations.sh
Executable file
114
.gitea/scripts/add-annotations.sh
Executable file
@@ -0,0 +1,114 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
CHART_FILE="Chart.yaml"
|
||||
if [ ! -f "${CHART_FILE}" ]; then
|
||||
echo "ERROR: ${CHART_FILE} not found!" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
|
||||
DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
|
||||
|
||||
if [ -z "${1}" ]; then
|
||||
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
|
||||
if [ -z "${OLD_TAG}" ]; then
|
||||
OLD_TAG="${DEFAULT_OLD_TAG}"
|
||||
fi
|
||||
|
||||
while [ -z "$(git tag --list "${OLD_TAG}")" ]; do
|
||||
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
|
||||
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
|
||||
if [ -z "${OLD_TAG}" ]; then
|
||||
OLD_TAG="${DEFAULT_OLD_TAG}"
|
||||
fi
|
||||
done
|
||||
else
|
||||
OLD_TAG=${1}
|
||||
if [ -z "$(git tag --list "${OLD_TAG}")" ]; then
|
||||
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -z "${2}" ]; then
|
||||
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
|
||||
if [ -z "${NEW_TAG}" ]; then
|
||||
NEW_TAG="${DEFAULT_NEW_TAG}"
|
||||
fi
|
||||
|
||||
while [ -z "$(git tag --list "${NEW_TAG}")" ]; do
|
||||
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
|
||||
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
|
||||
if [ -z "${NEW_TAG}" ]; then
|
||||
NEW_TAG="${DEFAULT_NEW_TAG}"
|
||||
fi
|
||||
done
|
||||
else
|
||||
NEW_TAG=${2}
|
||||
|
||||
if [ -z "$(git tag --list "${NEW_TAG}")" ]; then
|
||||
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
CHANGE_LOG_YAML=$(mktemp)
|
||||
echo "[]" > "${CHANGE_LOG_YAML}"
|
||||
|
||||
function map_type_to_kind() {
|
||||
case "${1}" in
|
||||
feat)
|
||||
echo "added"
|
||||
;;
|
||||
fix)
|
||||
echo "fixed"
|
||||
;;
|
||||
chore|style|test|ci|docs|refac)
|
||||
echo "changed"
|
||||
;;
|
||||
revert)
|
||||
echo "removed"
|
||||
;;
|
||||
sec)
|
||||
echo "security"
|
||||
;;
|
||||
*)
|
||||
echo "skip"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")"
|
||||
|
||||
echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}"
|
||||
|
||||
while IFS= read -r line; do
|
||||
if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then
|
||||
TYPE="${BASH_REMATCH[1]}"
|
||||
KIND=$(map_type_to_kind "${TYPE}")
|
||||
|
||||
if [ "${KIND}" == "skip" ]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
DESC="${BASH_REMATCH[3]}"
|
||||
|
||||
echo "- ${KIND}: ${DESC}"
|
||||
|
||||
jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new"
|
||||
mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}"
|
||||
|
||||
fi
|
||||
done <<< "${COMMIT_TITLES}"
|
||||
|
||||
if [ -s "${CHANGE_LOG_YAML}" ]; then
|
||||
yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}"
|
||||
yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}"
|
||||
else
|
||||
echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
rm "${CHANGE_LOG_YAML}"
|
32
.gitea/workflows/generate-readme.yaml
Normal file
32
.gitea/workflows/generate-readme.yaml
Normal file
@@ -0,0 +1,32 @@
|
||||
name: Generate README
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths: [ "README.md", "values.yaml" ]
|
||||
types: [ "opened", "reopened", "synchronize" ]
|
||||
push:
|
||||
branches:
|
||||
- '**'
|
||||
paths: [ "README.md", "values.yaml" ]
|
||||
tags-ignore:
|
||||
- '**'
|
||||
workflow_dispatch: {}
|
||||
|
||||
jobs:
|
||||
generate-parameters:
|
||||
container:
|
||||
image: docker.io/library/node:25.0.0-alpine
|
||||
runs-on:
|
||||
- ubuntu-latest
|
||||
steps:
|
||||
- name: Install tooling
|
||||
run: |
|
||||
apk update
|
||||
apk add git npm
|
||||
- uses: actions/checkout@v5.0.0
|
||||
- name: Generate parameter section in README
|
||||
run: |
|
||||
npm install
|
||||
npm run readme:parameters
|
||||
- name: Compare diff
|
||||
run: git diff --exit-code --name-only README.md
|
42
.gitea/workflows/helm.yaml
Normal file
42
.gitea/workflows/helm.yaml
Normal file
@@ -0,0 +1,42 @@
|
||||
name: Helm
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
types: [ "opened", "reopened", "synchronize" ]
|
||||
push:
|
||||
branches:
|
||||
- '**'
|
||||
tags-ignore:
|
||||
- '**'
|
||||
workflow_dispatch: {}
|
||||
|
||||
jobs:
|
||||
helm-lint:
|
||||
container:
|
||||
image: docker.io/volkerraschek/helm:3.19.0
|
||||
runs-on:
|
||||
- ubuntu-latest
|
||||
steps:
|
||||
- name: Install tooling
|
||||
run: |
|
||||
apk update
|
||||
apk add git npm
|
||||
- uses: actions/checkout@v5.0.0
|
||||
- name: Lint helm files
|
||||
run: |
|
||||
helm lint --values values.yaml .
|
||||
|
||||
helm-unittest:
|
||||
container:
|
||||
image: docker.io/volkerraschek/helm:3.19.0
|
||||
runs-on:
|
||||
- ubuntu-latest
|
||||
steps:
|
||||
- name: Install tooling
|
||||
run: |
|
||||
apk update
|
||||
apk add git npm
|
||||
- uses: actions/checkout@v5.0.0
|
||||
- name: Unittest
|
||||
run: |
|
||||
helm unittest --strict --file 'unittests/**/*.yaml' ./
|
46
.gitea/workflows/markdown-linters.yaml
Normal file
46
.gitea/workflows/markdown-linters.yaml
Normal file
@@ -0,0 +1,46 @@
|
||||
name: Markdown linter
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths: [ "**/*.md" ]
|
||||
types: [ "opened", "reopened", "synchronize" ]
|
||||
push:
|
||||
branches:
|
||||
- '**'
|
||||
paths: [ "**/*.md" ]
|
||||
tags-ignore:
|
||||
- '**'
|
||||
workflow_dispatch: {}
|
||||
|
||||
jobs:
|
||||
markdown-link-checker:
|
||||
container:
|
||||
image: docker.io/library/node:25.0.0-alpine
|
||||
runs-on:
|
||||
- ubuntu-latest
|
||||
steps:
|
||||
- name: Install tooling
|
||||
run: |
|
||||
apk update
|
||||
apk add git npm
|
||||
- uses: actions/checkout@v5.0.0
|
||||
- name: Verify links in markdown files
|
||||
run: |
|
||||
npm install
|
||||
npm run readme:link
|
||||
|
||||
markdown-lint:
|
||||
container:
|
||||
image: docker.io/library/node:25.0.0-alpine
|
||||
runs-on:
|
||||
- ubuntu-latest
|
||||
steps:
|
||||
- name: Install tooling
|
||||
run: |
|
||||
apk update
|
||||
apk add git
|
||||
- uses: actions/checkout@v5.0.0
|
||||
- name: Lint markdown files
|
||||
run: |
|
||||
npm install
|
||||
npm run readme:lint
|
61
.gitea/workflows/release.yaml
Normal file
61
.gitea/workflows/release.yaml
Normal file
@@ -0,0 +1,61 @@
|
||||
name: Release
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- "**"
|
||||
|
||||
jobs:
|
||||
publish-chart:
|
||||
container:
|
||||
image: docker.io/volkerraschek/helm:3.19.0
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Install packages via apk
|
||||
run: |
|
||||
apk update
|
||||
apk add git npm jq yq
|
||||
|
||||
- uses: actions/checkout@v5.0.0
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Add Artifacthub.io annotations
|
||||
run: |
|
||||
NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
|
||||
OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
|
||||
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
|
||||
|
||||
- name: Extract meta information
|
||||
run: |
|
||||
echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
|
||||
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
|
||||
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
|
||||
|
||||
- name: Update Helm Chart version in README.md
|
||||
run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md
|
||||
|
||||
- name: Package chart
|
||||
run: |
|
||||
helm dependency build
|
||||
helm package --version "${PACKAGE_VERSION}" ./
|
||||
|
||||
- name: Upload Chart to ChartMuseum
|
||||
env:
|
||||
CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
|
||||
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
|
||||
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
|
||||
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
|
||||
run: |
|
||||
helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
|
||||
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
|
||||
helm repo remove chartmuseum
|
||||
|
||||
- name: Upload Chart to Gitea
|
||||
env:
|
||||
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
|
||||
GITEA_SERVER_URL: ${{ github.server_url }}
|
||||
run: |
|
||||
helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
|
||||
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
|
||||
helm repo remove gitea
|
8
.gitignore
vendored
8
.gitignore
vendored
@@ -1,3 +1,9 @@
|
||||
*.tgz
|
||||
charts
|
||||
node_modules
|
||||
target
|
||||
values2.yml
|
||||
values2.yaml
|
||||
*.tgz
|
||||
|
||||
install.sh
|
||||
uninstall.sh
|
32
.helmignore
32
.helmignore
@@ -2,6 +2,7 @@
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
@@ -10,23 +11,50 @@
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
|
||||
# drone
|
||||
.drone.yml
|
||||
# markdownlint
|
||||
.markdownlint.yaml
|
||||
|
||||
# editorconfig
|
||||
.editorconfig
|
||||
|
||||
# customized values
|
||||
values2.yml
|
||||
values2.yaml
|
||||
|
||||
# helm packages
|
||||
*.tgz
|
||||
.helmignore
|
||||
unittests
|
||||
|
||||
# markdownlint
|
||||
.markdownlint.yml
|
||||
.markdownlint.yaml
|
||||
.markdownlintignore
|
||||
|
||||
# npm
|
||||
.prettierignore
|
||||
.npmrc
|
||||
package*
|
||||
|
||||
# yamllint
|
||||
.yamllint.yaml
|
||||
|
||||
# Others
|
||||
CONTRIBUTING.md
|
||||
CODEOWNERS
|
||||
Makefile
|
||||
renovate.json
|
||||
|
@@ -45,9 +45,9 @@ MD012:
|
||||
# MD013/line-length - Line length
|
||||
MD013:
|
||||
# Number of characters
|
||||
line_length: 80
|
||||
line_length: 120
|
||||
# Number of characters for headings
|
||||
heading_line_length: 80
|
||||
heading_line_length: 120
|
||||
# Number of characters for code blocks
|
||||
code_block_line_length: 80
|
||||
# Include code blocks
|
||||
@@ -56,8 +56,6 @@ MD013:
|
||||
tables: false
|
||||
# Include headings
|
||||
headings: true
|
||||
# Include headings
|
||||
headers: true
|
||||
# Strict length checking
|
||||
strict: false
|
||||
# Stern length checking
|
||||
@@ -73,7 +71,7 @@ MD022:
|
||||
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
|
||||
MD024:
|
||||
# Only check sibling headings
|
||||
allow_different_nesting: true
|
||||
siblings_only: true
|
||||
|
||||
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
|
||||
MD025:
|
||||
@@ -129,7 +127,20 @@ MD041:
|
||||
MD044:
|
||||
# List of proper names
|
||||
names:
|
||||
- gitea
|
||||
- Git
|
||||
- GitDevOps
|
||||
- Gitea
|
||||
- GitHub
|
||||
- GitLab
|
||||
- GitOps
|
||||
- kube-prometheus-stack
|
||||
- Memcached
|
||||
- Oracle
|
||||
- PostgreSQL
|
||||
- Prometheus
|
||||
- prometheus-exporter
|
||||
- SSL
|
||||
- TLS
|
||||
# Include code blocks
|
||||
code_blocks: false
|
||||
|
||||
|
4
.markdownlintignore
Normal file
4
.markdownlintignore
Normal file
@@ -0,0 +1,4 @@
|
||||
.github/
|
||||
Chart.lock
|
||||
charts/
|
||||
node_modules/
|
1
.prettierignore
Normal file
1
.prettierignore
Normal file
@@ -0,0 +1 @@
|
||||
Chart.lock
|
8
.vscode/extensions.json
vendored
Normal file
8
.vscode/extensions.json
vendored
Normal file
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"recommendations": [
|
||||
"DavidAnson.vscode-markdownlint",
|
||||
"esbenp.prettier-vscode",
|
||||
"Tim-Koehler.helm-intellisense",
|
||||
"yzhang.markdown-all-in-one"
|
||||
]
|
||||
}
|
8
.vscode/settings.json
vendored
Normal file
8
.vscode/settings.json
vendored
Normal file
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"yaml.schemas": {
|
||||
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [
|
||||
"/unittests/**/*.yaml"
|
||||
]
|
||||
},
|
||||
"yaml.schemaStore.enable": true
|
||||
}
|
20
.yamllint.yaml
Normal file
20
.yamllint.yaml
Normal file
@@ -0,0 +1,20 @@
|
||||
---
|
||||
extends: default
|
||||
|
||||
ignore: |
|
||||
.yamllint
|
||||
node_modules
|
||||
templates
|
||||
|
||||
|
||||
rules:
|
||||
truthy:
|
||||
allowed-values: ['true', 'false']
|
||||
check-keys: False
|
||||
level: error
|
||||
line-length: disable
|
||||
document-start: disable
|
||||
comments:
|
||||
min-spaces-from-content: 1
|
||||
braces:
|
||||
max-spaces-inside: 2
|
1
CODEOWNERS
Normal file
1
CODEOWNERS
Normal file
@@ -0,0 +1 @@
|
||||
* @volker.raschek
|
82
CONTRIBUTING.md
Normal file
82
CONTRIBUTING.md
Normal file
@@ -0,0 +1,82 @@
|
||||
# Contributing
|
||||
|
||||
I am very happy if you would like to provide a pull request 👍
|
||||
|
||||
The content of this file describes which requirements contributors should fulfill before submitting a pull request (PR).
|
||||
|
||||
1. [Valid Git commits](#valid-git-commits)
|
||||
|
||||
## Valid Git commits
|
||||
|
||||
### Commit message
|
||||
|
||||
The repository is subject to a strict commit message template. This states that there are several types of commits. For
|
||||
example, `fix`, `chore`, `refac`, `test` or `doc`. All types are described in more detail below.
|
||||
|
||||
| type | description |
|
||||
| ------------------- | ----------------------------------------------------------------- |
|
||||
| `feat` | New feature. |
|
||||
| `fix` | Fixes a bug. |
|
||||
| `refac` | Refactoring production code. |
|
||||
| `style` | Fixes formatting issues. No production code change. |
|
||||
| `docs` | Adapt documentation. No production code change. |
|
||||
| `test` | Adds new or modifies existing tests. No production code change. |
|
||||
| `chore` | Updating grunt tasks. Is everything which the user does not see. |
|
||||
|
||||
Based on these types, commit messaged can then be created. Here are a few examples:
|
||||
|
||||
```text
|
||||
style(README): Wrong indentation
|
||||
feat(deployment): support restartPolicy
|
||||
fix(my-app): Add missing volume
|
||||
docs(CONTRIBUTING): Describe how to commit correctly
|
||||
```
|
||||
|
||||
This type of commit message makes it easier for me as maintainer to keep an overview and does not cause the commits of a
|
||||
pull request PR to be combined into one commit (squashing).
|
||||
|
||||
### Smart commits
|
||||
|
||||
Smart commits are excellent when it comes to tracking bugs or issues. In this repository, however, the rebasing of
|
||||
commits is prohibited, which means that only merge commits are possible. This means that a smart commit message only
|
||||
needs to be added to the merge commit.
|
||||
|
||||
This has the advantage that the maintainer can use the smart commit to find the merge commit and undo the entire history
|
||||
of a merge without having to select individual commits. The following history illustrates the correct use of smart commits.
|
||||
|
||||
```text
|
||||
* 823edbc7 Volker Raschek (G) | [Close #2] feat(deployment): support additional containers
|
||||
|\
|
||||
| * 321aebc3 Volker Raschek (G) | doc(README): generate README with new deployment attributes
|
||||
| * 8d101dd3 Volker Raschek (G) | test(deployment): Extend unittest of additional containers
|
||||
| * 6f2abd93 Volker Raschek (G) | fix(deployment): Extend deployment of additional containers
|
||||
|/
|
||||
* aa5ebda bob (N) | [Close #1] feat(deployment): support initContainers
|
||||
```
|
||||
|
||||
### Commit signing
|
||||
|
||||
Another problem with Git is the chain of trust. Git allows the configuration of any name and e-mail address. An attacker
|
||||
can impersonate any person and submit pull requests under a false identity. For as Linux Torvalds, the maintainer of the
|
||||
Linux kernel.
|
||||
|
||||
```bash
|
||||
git config --global user.name 'Linux Torvalds'
|
||||
git config --global user.email 'torvalds@linux-foundation.org'
|
||||
```
|
||||
|
||||
To avoid this, some Git repositories expect signed commits. In particular, repositories that are subject to direct
|
||||
delivery to customers. For this reason, the repository is subject to a branch protection rule that only allows signed
|
||||
commits. *Until* there is *no verified* and *no signed* commit, the pull request is blocked.
|
||||
|
||||
The following articles describes how Git can be configured to sign commits. Please keep in mind, that the e-mail
|
||||
address, which is used as UID of the GPG keyring must also be defined in the profile settings of your GitHub account.
|
||||
Otherwise will be marked the Git commit as *Unverified*.
|
||||
|
||||
1. [Signing Commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
|
||||
2. [Tell Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)
|
||||
|
||||
Inspect your Git commit via `git log`. There should be mentioned, that your commit is signed.
|
||||
|
||||
Furthermore, the GPG key is unique. **Don't loose your private GPG key**. Backup your private key on a safe device. For
|
||||
example an external USB drive.
|
14
Chart.yaml
14
Chart.yaml
@@ -1,9 +1,15 @@
|
||||
annotations:
|
||||
artifacthub.io/links: |
|
||||
- name: Athens proxy (binary)
|
||||
url: https://github.com/gomods/athens
|
||||
- name: support
|
||||
url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues
|
||||
apiVersion: v2
|
||||
name: athens-proxy
|
||||
description: Athens proxy server for golang
|
||||
type: application
|
||||
version: "0.1.0"
|
||||
appVersion: "v0.15.4"
|
||||
appVersion: "v0.16.1"
|
||||
icon: https://github.com/gomods/athens/blob/main/docs/static/banner.png?raw=true
|
||||
|
||||
keywords:
|
||||
@@ -13,10 +19,6 @@ keywords:
|
||||
- go-proxy
|
||||
|
||||
sources:
|
||||
- https://github.com/volker-raschek/athens-proxy-charts
|
||||
- https://git.cryptic.systems/volker.raschek/athens-proxy-charts
|
||||
- https://github.com/gomods/athens
|
||||
- https://hub.docker.com/r/gomods/athens
|
||||
|
||||
maintainers:
|
||||
- name: Markus Pesch
|
||||
email: markus.pesch+apps@cryptic.systems
|
||||
|
28
LICENSE
28
LICENSE
@@ -1,13 +1,21 @@
|
||||
Copyright 2022 Markus Pesch
|
||||
MIT License
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
Copyright (c) 2025 Markus Pesch
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
91
Makefile
Normal file
91
Makefile
Normal file
@@ -0,0 +1,91 @@
|
||||
# CONTAINER_RUNTIME
|
||||
CONTAINER_RUNTIME?=$(shell which podman)
|
||||
|
||||
# HELM_IMAGE
|
||||
HELM_IMAGE_REGISTRY_HOST?=docker.io
|
||||
HELM_IMAGE_REPOSITORY?=volkerraschek/helm
|
||||
HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm
|
||||
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
|
||||
|
||||
# NODE_IMAGE
|
||||
NODE_IMAGE_REGISTRY_HOST?=docker.io
|
||||
NODE_IMAGE_REPOSITORY?=library/node
|
||||
NODE_IMAGE_VERSION?=25.0.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
|
||||
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
|
||||
|
||||
# MISSING DOT
|
||||
# ==============================================================================
|
||||
missing-dot:
|
||||
grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml
|
||||
|
||||
# CONTAINER RUN - README
|
||||
# ==============================================================================
|
||||
PHONY+=container-run/readme
|
||||
container-run/readme: container-run/readme/link container-run/readme/lint container-run/readme/parameters
|
||||
|
||||
container-run/readme/link:
|
||||
${CONTAINER_RUNTIME} run \
|
||||
--rm \
|
||||
--volume $(shell pwd):$(shell pwd) \
|
||||
--workdir $(shell pwd) \
|
||||
${NODE_IMAGE_FULLY_QUALIFIED} \
|
||||
npm install && npm run readme:link
|
||||
|
||||
container-run/readme/lint:
|
||||
${CONTAINER_RUNTIME} run \
|
||||
--rm \
|
||||
--volume $(shell pwd):$(shell pwd) \
|
||||
--workdir $(shell pwd) \
|
||||
${NODE_IMAGE_FULLY_QUALIFIED} \
|
||||
npm install && npm run readme:lint
|
||||
|
||||
container-run/readme/parameters:
|
||||
${CONTAINER_RUNTIME} run \
|
||||
--rm \
|
||||
--volume $(shell pwd):$(shell pwd) \
|
||||
--workdir $(shell pwd) \
|
||||
${NODE_IMAGE_FULLY_QUALIFIED} \
|
||||
npm install && npm run readme:parameters
|
||||
|
||||
# CONTAINER RUN - HELM UNITTESTS
|
||||
# ==============================================================================
|
||||
PHONY+=container-run/helm-unittests
|
||||
container-run/helm-unittests:
|
||||
${CONTAINER_RUNTIME} run \
|
||||
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
|
||||
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
|
||||
--rm \
|
||||
--volume $(shell pwd):$(shell pwd) \
|
||||
--workdir $(shell pwd) \
|
||||
${HELM_IMAGE_FULLY_QUALIFIED} \
|
||||
unittest --strict --file 'unittests/**/*.yaml' ./
|
||||
|
||||
# CONTAINER RUN - HELM UPDATE DEPENDENCIES
|
||||
# ==============================================================================
|
||||
PHONY+=container-run/helm-update-dependencies
|
||||
container-run/helm-update-dependencies:
|
||||
${CONTAINER_RUNTIME} run \
|
||||
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
|
||||
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
|
||||
--rm \
|
||||
--volume $(shell pwd):$(shell pwd) \
|
||||
--workdir $(shell pwd) \
|
||||
${HELM_IMAGE_FULLY_QUALIFIED} \
|
||||
dependency update
|
||||
|
||||
# CONTAINER RUN - MARKDOWN-LINT
|
||||
# ==============================================================================
|
||||
PHONY+=container-run/helm-lint
|
||||
container-run/helm-lint:
|
||||
${CONTAINER_RUNTIME} run \
|
||||
--rm \
|
||||
--volume $(shell pwd):$(shell pwd) \
|
||||
--workdir $(shell pwd) \
|
||||
${HELM_IMAGE_FULLY_QUALIFIED} \
|
||||
lint --values values.yaml .
|
||||
|
||||
# PHONY
|
||||
# ==============================================================================
|
||||
# Declare the contents of the PHONY variable as phony. We keep that information
|
||||
# in a variable so we can use it in if_changed.
|
||||
.PHONY: ${PHONY}
|
555
README.md
555
README.md
@@ -1,167 +1,456 @@
|
||||
# athens-proxy-charts
|
||||
|
||||
[](https://drone.cryptic.systems/volker.raschek/athens-proxy-charts)
|
||||
[](https://artifacthub.io/packages/search?repo=volker-raschek)
|
||||
|
||||
This is an inofficial helm chart of the go-proxy
|
||||
[athens](https://github.com/gomods/athens) which supports more complex
|
||||
configuration options.
|
||||
> [!NOTE]
|
||||
> This is not the official helm chart of Athens Go Proxy. If you are looking for the official helm chart, checkout the
|
||||
> GitHub project [gomods/athens-charts](https://github.com/gomods/athens-charts).
|
||||
|
||||
This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and
|
||||
can be installed via helm.
|
||||
This helm chart enables the deployment of [Athens Go Proxy](https://github.com/gomods/athens), a module datastore and
|
||||
proxy for Golang.
|
||||
|
||||
The helm chart supports the individual configuration of additional containers/initContainers, mounting of volumes,
|
||||
defining additional environment variables and much more.
|
||||
|
||||
Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure
|
||||
helm and use it to deploy the exporter. It also contains further configuration examples.
|
||||
|
||||
Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
|
||||
helm chart is tested for deployment scenarios with **ArgoCD**.
|
||||
|
||||
## Helm: configuration and installation
|
||||
|
||||
1. A helm chart repository must be configured, to pull the helm charts from.
|
||||
2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm
|
||||
`--set` flag or directly as part of a `values.yaml` file. The following example defines the repository and use the
|
||||
`--set` flag for a basic deployment.
|
||||
|
||||
```bash
|
||||
helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
|
||||
helm repo update
|
||||
helm install athens-proxy volker.raschek/athens-proxy
|
||||
```
|
||||
|
||||
## Customization
|
||||
Instead of passing all parameters via the *set* flag, it is also possible to define them as part of the `values.yaml`.
|
||||
The following command downloads the `values.yaml` for a specific version of this chart. Please keep in mind, that the
|
||||
version of the chart must be in sync with the `values.yaml`. Newer *minor* versions can have new features. New *major*
|
||||
versions can break something!
|
||||
|
||||
The complete deployment can be adapted via the `values.yaml` files. The
|
||||
configuration of the proxy can be done via the environment variables described
|
||||
below or via mounting the config.toml as additional persistent volume to
|
||||
`/config/config.toml`
|
||||
|
||||
## Access private repositories via SSH
|
||||
|
||||
Create a `configmap.yaml` with multiple keys. One key describe the content of
|
||||
the `.gitconfig` file and another of `config` of the ssh client. All requests
|
||||
git clone comands with the prefix `http://github.com/` will be replaced by
|
||||
`git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a
|
||||
separate secret.
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: custom-configs
|
||||
data:
|
||||
sshconfig: |
|
||||
Host github.com
|
||||
IdentityFile /root/.ssh/id_ed25519
|
||||
StrictHostKeyChecking no
|
||||
gitconfig: |
|
||||
[url "git@github.com:"]
|
||||
insteadOf = https://github.com/
|
||||
```bash
|
||||
CHART_VERSION=1.1.1
|
||||
helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml
|
||||
```
|
||||
|
||||
The secret definition below contains the SSH private and public key.
|
||||
A complete list of available helm chart versions can be displayed via the following command:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: custom-ssh-keys
|
||||
type: Opaque
|
||||
stringData:
|
||||
id_ed25519: |
|
||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
||||
QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
|
||||
XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
|
||||
AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
|
||||
a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
id_ed25519.pub: |
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe
|
||||
```bash
|
||||
helm search repo athens-proxy --versions
|
||||
```
|
||||
|
||||
The item `config` of the configmap will be merged with the items of the secret
|
||||
as virtual volume. This volume can than be mounted with special permissions
|
||||
required for the ssh client.
|
||||
The helm chart also contains a persistent volume claim definition. It persistent volume claim is not enabled by default.
|
||||
Use the `--set` argument to persist your data.
|
||||
|
||||
```bash
|
||||
CHART_VERSION=1.1.1
|
||||
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
|
||||
persistence.enabled=true
|
||||
```
|
||||
|
||||
### Examples
|
||||
|
||||
The following examples serve as individual configurations and as inspiration for how deployment problems can be solved.
|
||||
|
||||
#### Avoid CPU throttling by defining a CPU limit
|
||||
|
||||
If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the
|
||||
application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but
|
||||
cannot use the available CPU time to perform computing operations.
|
||||
|
||||
The application must be informed that despite several CPUs only a part (limit) of the available computing time is
|
||||
available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way
|
||||
of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS
|
||||
rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
|
||||
|
||||
Further information about this topic can be found in one of Kanishk's blog
|
||||
[posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
|
||||
|
||||
> [!NOTE]
|
||||
> The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is
|
||||
> not anymore required.
|
||||
>
|
||||
> Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
|
||||
|
||||
```bash
|
||||
CHART_VERSION=1.1.1
|
||||
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
|
||||
--set 'deployment.athensProxy.env.name=GOMAXPROCS' \
|
||||
--set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
|
||||
--set 'deployment.athensProxy.resources.limits.cpu=1000m'
|
||||
```
|
||||
|
||||
#### TLS encryption
|
||||
|
||||
The example shows how to deploy the application with TLS encryption. For example when **no** HTTP ingress is used for
|
||||
TLS determination and instead the application it self should determinate the TLS handshake. To generate the TLS
|
||||
certificate can be used the [cert-manager](https://cert-manager.io/). The chart supports the creation of such a TLS
|
||||
certificate via `cert-manager.io/v1 Certificate` resource. Alternatively can be mounted a TLS certificate from a secret.
|
||||
The secret must be from type `kubernetes.io/tls`.
|
||||
|
||||
> [!WARNING]
|
||||
> The following example expects that the [cert-manager](https://cert-manager.io/) is deployed and the `Issuer` named
|
||||
> `athens-proxy-ca` is present in the same namespace of the helm deployment.
|
||||
|
||||
```bash
|
||||
CHART_VERSION=1.1.1
|
||||
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
|
||||
--set 'config.certificate.enabled=true' \
|
||||
--set 'config.certificate.new.issuerRef.kind=Issuer' \
|
||||
--set 'config.certificate.new.issuerRef.name=athens-proxy-ca'
|
||||
```
|
||||
|
||||
The environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` are automatically added and the TLS certificate
|
||||
and private key are mounted to a pre-defined destination inside the container file system.
|
||||
|
||||
#### TLS certificate rotation
|
||||
|
||||
If the application uses TLS certificates that are mounted as a secret in the container file system like the example
|
||||
[above](#tls-encryption), the application will not automatically apply them when the TLS certificates are rotated. Such
|
||||
a rotation can be for example triggered, when the [cert-manager](https://cert-manager.io/) issues new TLS certificates
|
||||
before expiring.
|
||||
|
||||
Until the exporter does not support rotating TLS certificate a workaround can be applied. For example stakater's
|
||||
[reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update. The following
|
||||
annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted configMaps
|
||||
and secrets have been changed.
|
||||
|
||||
```yaml
|
||||
extraVolumes:
|
||||
- name: ssh
|
||||
projected:
|
||||
defaultMode: 0644
|
||||
deployment:
|
||||
annotations:
|
||||
reloader.stakater.com/auto: "true"
|
||||
```
|
||||
|
||||
Instead of triggering a rolling update for configMap and secret resources, this action can also be defined for
|
||||
individual items. For example, when the secret named `athens-proxy-tls` is mounted and the reloader controller should
|
||||
only listen for changes of this secret:
|
||||
|
||||
```yaml
|
||||
deployment:
|
||||
annotations:
|
||||
secret.reloader.stakater.com/reload: "athens-proxy-tls"
|
||||
```
|
||||
|
||||
If the application is rolled out using ArgoCD, a rolling update from stakater's
|
||||
[reloader](https://github.com/stakater/Reloader) can lead to a drift. ArgoCD will attempt to restore the original state
|
||||
with a rolling update. To avoid this, instead of a rolling update triggered by the reloader, a restart of the pod can be
|
||||
initiated. Further information are available in the official
|
||||
[README](https://github.com/stakater/Reloader?tab=readme-ov-file#4-%EF%B8%8F-workload-specific-rollout-strategy) of
|
||||
stakater's reloader.
|
||||
|
||||
```diff
|
||||
deployment:
|
||||
annotations:
|
||||
reloader.stakater.com/auto: "true"
|
||||
+ reloader.stakater.com/rollout-strategy: "restart"
|
||||
```
|
||||
|
||||
#### Network policies
|
||||
|
||||
Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
|
||||
network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`.
|
||||
|
||||
The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming
|
||||
traffic from an ingress controller. Additionally two egress rules are defined. The first one to allow the application
|
||||
outgoing access to the internal running DNS server `core-dns`. The second rule to be able to access the upstream Go
|
||||
proxy `https://proxy.golang.org` via HTTPS.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For
|
||||
> this reason, there is are not default network policy rules defined.
|
||||
|
||||
```yaml
|
||||
networkPolicies:
|
||||
enabled: true
|
||||
annotations: {}
|
||||
labels: {}
|
||||
policyTypes:
|
||||
- Egress
|
||||
- Ingress
|
||||
egress:
|
||||
- to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: kube-system
|
||||
podSelector:
|
||||
matchLabels:
|
||||
k8s-app: kube-dns
|
||||
ports:
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
- ports:
|
||||
- port: 443
|
||||
protocol: TCP
|
||||
|
||||
ingress:
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: ingress-nginx
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
ports:
|
||||
- port: http
|
||||
protocol: TCP
|
||||
```
|
||||
|
||||
## ArgoCD
|
||||
|
||||
### Example Application
|
||||
|
||||
An application resource for the Helm chart is defined below. It serves as an example for your own deployment.
|
||||
|
||||
```yaml
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
spec:
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: athens-proxy
|
||||
ignoreDifferences:
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
# When HPA is enabled, ensure that a modification of the replicas does not lead to a
|
||||
# drift.
|
||||
- '.spec.replicas'
|
||||
# Ensure that changes of the annotations or environment variables added or modified by
|
||||
# stakater's reloader does not lead to a drift.
|
||||
- '.spec.template.metadata.annotations | with_entries(select(.key | startswith("reloader")))'
|
||||
- '.spec.template.spec.containers[].env[] | select(.name | startswith("STAKATER_"))'
|
||||
sources:
|
||||
- configMap:
|
||||
name: custom-configs
|
||||
items:
|
||||
- key: sshconfig
|
||||
path: config
|
||||
- secret:
|
||||
name: custom-ssh-keys
|
||||
items:
|
||||
- key: id_ed25519
|
||||
path: id_ed25519
|
||||
mode: 0600
|
||||
- key: id_ed25519.pub
|
||||
path: id_ed25519.pub
|
||||
- name: gitconfig
|
||||
configMap:
|
||||
name: custom-configs
|
||||
items:
|
||||
- key: gitconfig
|
||||
path: config
|
||||
mode: 0644
|
||||
|
||||
extraVolumeMounts:
|
||||
- name: ssh
|
||||
mountPath: /root/.ssh
|
||||
- name: gitconfig
|
||||
mountPath: /root/.config/git
|
||||
- repoURL: https://charts.cryptic.systems/volker.raschek
|
||||
chart: athens-proxy
|
||||
targetRevision: '0.*'
|
||||
helm:
|
||||
valueFiles:
|
||||
- $values/values.yaml
|
||||
releaseName: athens-proxy
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
managedNamespaceMetadata:
|
||||
annotations: {}
|
||||
labels: {}
|
||||
syncOptions:
|
||||
- ApplyOutOfSyncOnly=true
|
||||
- CreateNamespace=true
|
||||
- FailOnSharedResource=false
|
||||
- Replace=false
|
||||
- RespectIgnoreDifferences=false
|
||||
- ServerSideApply=true
|
||||
- Validate=true
|
||||
```
|
||||
|
||||
## Access private github.com repositories via developer token
|
||||
## Parameters
|
||||
|
||||
Another way to access private github repositories is via a github token, which
|
||||
can be set via the environment variable `GITHUB_TOKEN`. Athens automatically
|
||||
creates a `.netrc` file to access private github repositories.
|
||||
### Global
|
||||
|
||||
## Access private repositories via .netrc configuration
|
||||
| Name | Description | Value |
|
||||
| ------------------ | ----------------------------------------- | ----- |
|
||||
| `nameOverride` | Individual release name suffix. | `""` |
|
||||
| `fullnameOverride` | Override the complete release name logic. | `""` |
|
||||
|
||||
As describe above, a `.netrc` file is responsible for the authentication via
|
||||
HTTP. The file can also be defined via a custom secret and mounted into the home
|
||||
directory of `root` for general authentication purpose.
|
||||
### Certificate
|
||||
|
||||
The example below describe the definition and mounting of a custom `.netrc` file
|
||||
to access private repositories hosted on github and gitlab.
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- |
|
||||
| `certificate.enabled` | Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added. | `false` |
|
||||
| `certificate.existingSecret.enabled` | Use an existing secret of the type `kubernetes.io/tls`. | `false` |
|
||||
| `certificate.existingSecret.secretName` | Name of the secret containing the TLS certificate and private key. | `""` |
|
||||
| `certificate.new.annotations` | Additional certificate annotations. | `{}` |
|
||||
| `certificate.new.labels` | Additional certificate labels. | `{}` |
|
||||
| `certificate.new.duration` | Duration of the TLS certificate. | `744h` |
|
||||
| `certificate.new.renewBefore` | Renew TLS certificate before expiring. | `672h` |
|
||||
| `certificate.new.dnsNames` | Overwrites the default of the subject alternative DNS names. | `[]` |
|
||||
| `certificate.new.ipAddresses` | Overwrites the default of the subject alternative IP addresses. | `[]` |
|
||||
| `certificate.new.issuerRef.kind` | Issuer kind. Can be `Issuer` or `ClusterIssuer`. | `""` |
|
||||
| `certificate.new.issuerRef.name` | Name of the `Issuer` or `ClusterIssuer`. | `""` |
|
||||
| `certificate.new.privateKey.algorithm` | Algorithm of the private TLS key. | `RSA` |
|
||||
| `certificate.new.privateKey.rotationPolicy` | Rotation of the private TLS key. | `Never` |
|
||||
| `certificate.new.privateKey.size` | Size of the private TLS key. | `4096` |
|
||||
| `certificate.new.secretTemplate.annotations` | Additional annotation of the created secret. | `{}` |
|
||||
| `certificate.new.secretTemplate.labels` | Additional labels of the created secret. | `{}` |
|
||||
| `certificate.new.subject.countries` | List of countries. | `[]` |
|
||||
| `certificate.new.subject.localities` | List of localities. | `[]` |
|
||||
| `certificate.new.subject.organizationalUnits` | List of organizationalUnits. | `[]` |
|
||||
| `certificate.new.subject.organizations` | List of organizations. | `[]` |
|
||||
| `certificate.new.subject.postalCodes` | List of postalCodes. | `[]` |
|
||||
| `certificate.new.subject.provinces` | List of provinces. | `[]` |
|
||||
| `certificate.new.subject.serialNumber` | Serial number. | `""` |
|
||||
| `certificate.new.subject.streetAddresses` | List of streetAddresses. | `[]` |
|
||||
| `certificate.new.usages` | Define the usage of the TLS key. | `["client auth","server auth"]` |
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: custom-netrc
|
||||
type: Opaque
|
||||
stringData:
|
||||
netrc: |
|
||||
machine github.com login USERNAME password API-KEY
|
||||
machine gitlab.com login USERNAME password API-KEY
|
||||
```
|
||||
### Configuration
|
||||
|
||||
The file must then be mounted via extraVolumes and extraVolumeMounts.
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
|
||||
| `config.env.enabled` | Enable mounting of the secret as environment variables. | `false` |
|
||||
| `config.env.existingSecret.enabled` | Mount an existing secret containing the application specific environment variables. | `false` |
|
||||
| `config.env.existingSecret.secretName` | Name of the existing secret containing the application specific environment variables. | `""` |
|
||||
| `config.env.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
|
||||
| `config.env.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
|
||||
| `config.env.secret.envs` | List of environment variables stored in a secret and mounted into the container. | `{}` |
|
||||
| `config.downloadMode.enabled` | Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined. | `false` |
|
||||
| `config.downloadMode.existingConfigMap.enabled` | Enable to use an external config map for mounting the download mode file. | `false` |
|
||||
| `config.downloadMode.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the download mode file. | `""` |
|
||||
| `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored. | `downloadMode` |
|
||||
| `config.downloadMode.configMap.annotations` | Additional annotations of the config map containing the download mode file. | `{}` |
|
||||
| `config.downloadMode.configMap.labels` | Additional labels of the config map containing the download mode file. | `{}` |
|
||||
| `config.gitConfig.enabled` | Enable mounting of a .gitconfig file into the container file system. | `false` |
|
||||
| `config.gitConfig.existingConfigMap.enabled` | Enable to use an external config map for mounting the .gitconfig file. | `false` |
|
||||
| `config.gitConfig.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the .gitconfig file. | `""` |
|
||||
| `config.gitConfig.existingConfigMap.gitConfigKey` | The name of the key inside the config map where the content of the .gitconfig file is stored. | `nil` |
|
||||
| `config.gitConfig.configMap.annotations` | Additional annotations of the config map containing the .gitconfig file. | `{}` |
|
||||
| `config.gitConfig.configMap.labels` | Additional labels of the config map containing the .gitconfig file. | `{}` |
|
||||
| `config.netrc.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
|
||||
| `config.netrc.existingSecret.enabled` | Enable to use an external secret for mounting the .netrc file. | `false` |
|
||||
| `config.netrc.existingSecret.secretName` | The name of the existing secret which should be used to mount the .netrc file. | `""` |
|
||||
| `config.netrc.existingSecret.netrcKey` | The name of the key inside the secret where the content of the .netrc file is stored. | `.netrc` |
|
||||
| `config.netrc.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
|
||||
| `config.netrc.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
|
||||
| `config.ssh.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
|
||||
| `config.ssh.existingSecret.enabled` | Enable to use an external secret for mounting the public and private SSH key files. | `false` |
|
||||
| `config.ssh.existingSecret.secretName` | The name of the existing secret which should be used to mount the public and private SSH key files. | `""` |
|
||||
| `config.ssh.existingSecret.configKey` | The name of the key inside the secret where the content of the SSH client config file is stored. | `config` |
|
||||
| `config.ssh.existingSecret.id_ed25519Key` | The name of the key inside the secret where the content of the id_ed25519 key file is stored. | `id_ed25519` |
|
||||
| `config.ssh.existingSecret.id_ed25519PubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_ed25519.pub` |
|
||||
| `config.ssh.existingSecret.id_rsaKey` | The name of the key inside the secret where the content of the id_rsa key file is stored. | `id_rsa` |
|
||||
| `config.ssh.existingSecret.id_rsaPubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_rsa.pub` |
|
||||
| `config.ssh.secret.annotations` | Additional annotations of the secret containing the public and private SSH key files. | `{}` |
|
||||
| `config.ssh.secret.labels` | Additional labels of the secret containing the public and private SSH key files. | `{}` |
|
||||
|
||||
```yaml
|
||||
extraVolumes:
|
||||
- name: netrc
|
||||
secret:
|
||||
secretName: custom-netrc
|
||||
items:
|
||||
- key: netrc
|
||||
path: .netrc
|
||||
mode: 0600
|
||||
### Deployment
|
||||
|
||||
extraVolumeMounts:
|
||||
- name: netrc
|
||||
mountPath: /root
|
||||
```
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------- |
|
||||
| `deployment.annotations` | Additional deployment annotations. | `{}` |
|
||||
| `deployment.labels` | Additional deployment labels. | `{}` |
|
||||
| `deployment.additionalContainers` | List of additional containers. | `[]` |
|
||||
| `deployment.affinity` | Affinity for the athens-proxy deployment. | `{}` |
|
||||
| `deployment.initContainers` | List of additional init containers. | `[]` |
|
||||
| `deployment.dnsConfig` | dnsConfig of the athens-proxy deployment. | `{}` |
|
||||
| `deployment.dnsPolicy` | dnsPolicy of the athens-proxy deployment. | `""` |
|
||||
| `deployment.hostname` | Individual hostname of the pod. | `""` |
|
||||
| `deployment.subdomain` | Individual domain of the pod. | `""` |
|
||||
| `deployment.hostNetwork` | Use the kernel network namespace of the host system. | `false` |
|
||||
| `deployment.imagePullSecrets` | Secret to use for pulling the image. | `[]` |
|
||||
| `deployment.athensProxy.args` | Arguments passed to the athens-proxy container. | `[]` |
|
||||
| `deployment.athensProxy.command` | Command passed to the athens-proxy container. | `[]` |
|
||||
| `deployment.athensProxy.env` | List of environment variables for the athens-proxy container. | `[]` |
|
||||
| `deployment.athensProxy.envFrom` | List of environment variables mounted from configMaps or secrets for the athens-proxy container. | `[]` |
|
||||
| `deployment.athensProxy.image.registry` | Image registry, eg. `docker.io`. | `docker.io` |
|
||||
| `deployment.athensProxy.image.repository` | Image repository, eg. `library/busybox`. | `gomods/athens` |
|
||||
| `deployment.athensProxy.image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` |
|
||||
| `deployment.athensProxy.image.pullPolicy` | Image pull policy. | `IfNotPresent` |
|
||||
| `deployment.athensProxy.resources` | CPU and memory resources of the pod. | `{}` |
|
||||
| `deployment.athensProxy.securityContext` | Security context of the container of the deployment. | `{}` |
|
||||
| `deployment.athensProxy.volumeMounts` | Additional volume mounts. | `[]` |
|
||||
| `deployment.nodeSelector` | NodeSelector of the athens-proxy deployment. | `{}` |
|
||||
| `deployment.priorityClassName` | PriorityClassName of the athens-proxy deployment. | `""` |
|
||||
| `deployment.replicas` | Number of replicas for the athens-proxy deployment. | `1` |
|
||||
| `deployment.restartPolicy` | Restart policy of the athens-proxy deployment. | `""` |
|
||||
| `deployment.securityContext` | Security context of the athens-proxy deployment. | `{}` |
|
||||
| `deployment.strategy.type` | Strategy type - `Recreate` or `RollingUpdate`. | `RollingUpdate` |
|
||||
| `deployment.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` |
|
||||
| `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` |
|
||||
| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` |
|
||||
| `deployment.tolerations` | Tolerations of the athens-proxy deployment. | `[]` |
|
||||
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the athens-proxy deployment. | `[]` |
|
||||
| `deployment.volumes` | Additional volumes to mount into the pods of the athens-proxy deployment. | `[]` |
|
||||
|
||||
## Persistent storage
|
||||
### Horizontal Pod Autoscaler (HPA)
|
||||
|
||||
Unlike the athens default, the default here is `disk` - i.e. the files are
|
||||
written to the container. Therefore, it is advisable to outsource the
|
||||
corresponding storage location to persistent storage. The following example
|
||||
describes the integration of a persistent storage claim.
|
||||
| Name | Description | Value |
|
||||
| ----------------- | -------------------------------------------------------------------------------------------------- | ----------- |
|
||||
| `hpa.enabled` | Enable the horizontal pod autoscaler (HPA). | `false` |
|
||||
| `hpa.annotations` | Additional annotations for the HPA. | `{}` |
|
||||
| `hpa.labels` | Additional labels for the HPA. | `{}` |
|
||||
| `hpa.metrics` | Metrics contains the specifications for which to use to calculate the desired replica count. | `undefined` |
|
||||
| `hpa.minReplicas` | Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down. | `1` |
|
||||
| `hpa.maxReplicas` | Upper limit for the number of pods that can be set by the autoscaler. | `10` |
|
||||
|
||||
```yaml
|
||||
extraVolumes:
|
||||
- name: gomodules
|
||||
persistentVolumeClaim:
|
||||
claimName: custom-gomodules-pvc
|
||||
### Ingress
|
||||
|
||||
extraVolumeMounts:
|
||||
- name: gomodules
|
||||
mountPath: /var/lib/athens
|
||||
```
|
||||
| Name | Description | Value |
|
||||
| --------------------- | -------------------------------------------------------------------------------------------------------------------- | ------- |
|
||||
| `ingress.enabled` | Enable creation of an ingress resource. Requires, that the http service is also enabled. | `false` |
|
||||
| `ingress.className` | Ingress class. | `nginx` |
|
||||
| `ingress.annotations` | Additional ingress annotations. | `{}` |
|
||||
| `ingress.labels` | Additional ingress labels. | `{}` |
|
||||
| `ingress.hosts` | Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. | `[]` |
|
||||
| `ingress.tls` | Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``. | `[]` |
|
||||
|
||||
### Persistence
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- |
|
||||
| `persistence.enabled` | Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. | `false` |
|
||||
| `persistence.data.mountPath` | The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`. | `/var/www/athens-proxy/data` |
|
||||
| `persistence.data.existingPersistentVolumeClaim.enabled` | Use an existing persistent volume claim. | `false` |
|
||||
| `persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName` | The name of the existing persistent volume claim. | `""` |
|
||||
| `persistence.data.persistentVolumeClaim.annotations` | Additional persistent volume claim annotations. | `{}` |
|
||||
| `persistence.data.persistentVolumeClaim.labels` | Additional persistent volume claim labels. | `{}` |
|
||||
| `persistence.data.persistentVolumeClaim.accessModes` | Access modes of the persistent volume claim. | `["ReadWriteMany"]` |
|
||||
| `persistence.data.persistentVolumeClaim.storageClassName` | Storage class of the persistent volume claim. | `""` |
|
||||
| `persistence.data.persistentVolumeClaim.storageSize` | Size of the persistent volume claim. | `5Gi` |
|
||||
|
||||
### Network
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------- | ------------------------------------------------------------------------ | --------------- |
|
||||
| `clusterDomain` | Domain of the Cluster. Domain is part of internally issued certificates. | `cluster.local` |
|
||||
|
||||
### Network Policy
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------- | ------------------------------------------------------------------------- | ------- |
|
||||
| `networkPolicy.enabled` | Enable network policies in general. | `false` |
|
||||
| `networkPolicy.annotations` | Additional network policy annotations. | `{}` |
|
||||
| `networkPolicy.labels` | Additional network policy labels. | `{}` |
|
||||
| `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]` |
|
||||
| `networkPolicy.egress` | Concrete egress network policy implementation. | `[]` |
|
||||
| `networkPolicy.ingress` | Concrete ingress network policy implementation. | `[]` |
|
||||
|
||||
### Service
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
|
||||
| `services.http.enabled` | Enable the service. | `true` |
|
||||
| `services.http.annotations` | Additional service annotations. | `{}` |
|
||||
| `services.http.externalIPs` | External IPs for the service. | `[]` |
|
||||
| `services.http.externalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster` |
|
||||
| `services.http.internalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | `Cluster` |
|
||||
| `services.http.ipFamilies` | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | `[]` |
|
||||
| `services.http.labels` | Additional service labels. | `{}` |
|
||||
| `services.http.loadBalancerClass` | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | `""` |
|
||||
| `services.http.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` |
|
||||
| `services.http.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` |
|
||||
| `services.http.port` | Port to forward the traffic to. | `3000` |
|
||||
| `services.http.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` |
|
||||
| `services.http.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` |
|
||||
| `services.http.type` | Kubernetes service type for the traffic. | `ClusterIP` |
|
||||
|
||||
### ServiceAccount
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
|
||||
| `serviceAccount.existing.enabled` | Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations. | `false` |
|
||||
| `serviceAccount.existing.serviceAccountName` | Name of the existing service account. | `""` |
|
||||
| `serviceAccount.new.annotations` | Additional service account annotations. | `{}` |
|
||||
| `serviceAccount.new.labels` | Additional service account labels. | `{}` |
|
||||
| `serviceAccount.new.automountServiceAccountToken` | Enable/disable auto mounting of the service account token. | `true` |
|
||||
| `serviceAccount.new.imagePullSecrets` | ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount. | `[]` |
|
||||
| `serviceAccount.new.secrets` | Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. | `[]` |
|
||||
|
@@ -1,12 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: custom-configs
|
||||
data:
|
||||
sshconfig: |
|
||||
Host github.com
|
||||
IdentityFile /root/.ssh/id_ed25519
|
||||
StrictHostKeyChecking no
|
||||
gitconfig: |
|
||||
[url "git@github.com:"]
|
||||
insteadOf = https://github.com/
|
@@ -1,26 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: custom-ssh-keys
|
||||
type: Opaque
|
||||
stringData:
|
||||
id_ed25519: |
|
||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
||||
QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
|
||||
XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
|
||||
AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
|
||||
a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
id_ed25519.pub: |
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: custom-netrc
|
||||
type: Opaque
|
||||
stringData:
|
||||
netrc: |
|
||||
machine github.com login USERNAME password API-KEY
|
||||
machine gitlab.com login USERNAME password API-KEY
|
2617
package-lock.json
generated
Normal file
2617
package-lock.json
generated
Normal file
File diff suppressed because it is too large
Load Diff
21
package.json
Normal file
21
package.json
Normal file
@@ -0,0 +1,21 @@
|
||||
{
|
||||
"name": "athens-proxy-charts",
|
||||
"homepage": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts.git",
|
||||
"license": "MIT",
|
||||
"private": true,
|
||||
"engineStrict": true,
|
||||
"engines": {
|
||||
"node": ">=16.0.0",
|
||||
"npm": ">=8.0.0"
|
||||
},
|
||||
"scripts": {
|
||||
"readme:link": "markdown-link-check *.md",
|
||||
"readme:lint": "markdownlint *.md -f",
|
||||
"readme:parameters": "readme-generator -v values.yaml -r README.md"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@bitnami/readme-generator-for-helm": "^2.5.0",
|
||||
"markdown-link-check": "^3.13.6",
|
||||
"markdownlint-cli": "^0.45.0"
|
||||
}
|
||||
}
|
114
renovate.json
114
renovate.json
@@ -1,26 +1,15 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"assignees": [ "volker.raschek" ],
|
||||
"labels": [ "renovate" ],
|
||||
"packageRules": [
|
||||
{
|
||||
"addLabels": [ "renovate/athens-proxy", "renovate/automerge" ],
|
||||
"automerge": true,
|
||||
"matchManagers": "droneci",
|
||||
"matchUpdateTypes": [ "minor", "patch"]
|
||||
},
|
||||
{
|
||||
"addLabels": [ "renovate/athens-proxy", "renovate/automerge" ],
|
||||
"automerge": false,
|
||||
"matchPackageNames": [ "gomods/athens" ],
|
||||
"matchManagers": [ "regex" ]
|
||||
}
|
||||
"extends": [
|
||||
"local>volker.raschek/renovate-config:default#master",
|
||||
"local>volker.raschek/renovate-config:container#master",
|
||||
"local>volker.raschek/renovate-config:actions#master",
|
||||
"local>volker.raschek/renovate-config:npm#master",
|
||||
"local>volker.raschek/renovate-config:regexp#master"
|
||||
],
|
||||
"rebaseLabel": "renovate/rebase",
|
||||
"rebaseWhen": "behind-base-branch",
|
||||
"regexManagers": [
|
||||
"customManagers": [
|
||||
{
|
||||
"description": "Update container image reference",
|
||||
"customType": "regex",
|
||||
"fileMatch": [
|
||||
"^Chart\\.yaml$"
|
||||
],
|
||||
@@ -28,7 +17,92 @@
|
||||
"appVersion: \"(?<currentValue>.*?)\"\\s+"
|
||||
],
|
||||
"datasourceTemplate": "docker",
|
||||
"depNameTemplate": "gomods/athens"
|
||||
"depNameTemplate": "gomods/athens",
|
||||
"lookupNameTemplate": "docker.io/gomods/athens",
|
||||
"versioningTemplate": "semver"
|
||||
},
|
||||
{
|
||||
"customType": "regex",
|
||||
"fileMatch": ["^README\\.md$"],
|
||||
"matchStrings": [
|
||||
"VERSION=(?<currentValue>.*)"
|
||||
],
|
||||
"depNameTemplate": "volker.raschek/athens-proxy-charts",
|
||||
"packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts",
|
||||
"datasourceTemplate": "git-tags",
|
||||
"versioningTemplate": "semver"
|
||||
},
|
||||
{
|
||||
"customType": "regex",
|
||||
"datasourceTemplate": "github-releases",
|
||||
"fileMatch": [
|
||||
".vscode/settings\\.json$"
|
||||
],
|
||||
"matchStrings": [
|
||||
"https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json"
|
||||
]
|
||||
}
|
||||
],
|
||||
"packageRules": [
|
||||
{
|
||||
"groupName": "Update docker.io/volkerraschek/helm",
|
||||
"matchDepNames": [
|
||||
"docker.io/volkerraschek/helm",
|
||||
"volkerraschek/helm"
|
||||
]
|
||||
},
|
||||
{
|
||||
"automerge": true,
|
||||
"groupName": "Update helm plugin 'unittest'",
|
||||
"matchDepNames": [
|
||||
"helm-unittest/helm-unittest"
|
||||
],
|
||||
"matchDatasources": [
|
||||
"github-releases"
|
||||
],
|
||||
"matchUpdateTypes": [
|
||||
"minor",
|
||||
"patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"groupName": "Update docker.io/library/node",
|
||||
"matchDepNames": [
|
||||
"docker.io/library/node",
|
||||
"library/node"
|
||||
]
|
||||
},
|
||||
{
|
||||
"addLabels": [
|
||||
"renovate/automerge",
|
||||
"renovate/container"
|
||||
],
|
||||
"automerge": true,
|
||||
"excludePackagePatterns": [
|
||||
"gomods/athens"
|
||||
],
|
||||
"matchDatasources": [
|
||||
"docker"
|
||||
],
|
||||
"matchUpdateTypes": [
|
||||
"minor",
|
||||
"patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"addLabels": [
|
||||
"renovate/automerge",
|
||||
"renovate/documentation"
|
||||
],
|
||||
"automerge": true,
|
||||
"matchDepNames": [
|
||||
"volker.raschek/athens-proxy-charts"
|
||||
],
|
||||
"matchUpdateTypes": [
|
||||
"major",
|
||||
"minor",
|
||||
"patch"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
25
templates/_certificate.tpl
Normal file
25
templates/_certificate.tpl
Normal file
@@ -0,0 +1,25 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "athens-proxy.certificates.server.annotations" -}}
|
||||
{{ include "athens-proxy.annotations" . }}
|
||||
{{- if .Values.certificate.new.annotations }}
|
||||
{{ toYaml .Values.certificate.new.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "athens-proxy.certificates.server.labels" -}}
|
||||
{{ include "athens-proxy.labels" . }}
|
||||
{{- if .Values.certificate.new.labels }}
|
||||
{{ toYaml .Values.certificate.new.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* names */}}
|
||||
|
||||
{{- define "athens-proxy.certificates.server.name" -}}
|
||||
{{ include "athens-proxy.fullname" . }}-tls
|
||||
{{- end -}}
|
@@ -1,3 +1,4 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
@@ -30,20 +31,26 @@ Create chart name and version as used by the chart label.
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common annotations
|
||||
*/}}
|
||||
{{- define "athens-proxy.annotations" -}}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "athens-proxy.labels" -}}
|
||||
helm.sh/chart: {{ include "athens-proxy.chart" . }}
|
||||
{{ include "athens-proxy.selectorLabels" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
helm.sh/chart: {{ include "athens-proxy.chart" . }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
Common selector labels
|
||||
*/}}
|
||||
{{- define "athens-proxy.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "athens-proxy.name" . }}
|
43
templates/_configMap.tpl
Normal file
43
templates/_configMap.tpl
Normal file
@@ -0,0 +1,43 @@
|
||||
---
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "athens-proxy.configMap.downloadMode.annotations" -}}
|
||||
{{ include "athens-proxy.annotations" . }}
|
||||
{{- if .Values.config.downloadMode.configMap.annotations }}
|
||||
{{ toYaml .Values.config.downloadMode.configMap.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "athens-proxy.configMap.gitConfig.annotations" -}}
|
||||
{{ include "athens-proxy.annotations" . }}
|
||||
{{- if .Values.config.gitConfig.configMap.annotations }}
|
||||
{{ toYaml .Values.config.gitConfig.configMap.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "athens-proxy.configMap.downloadMode.labels" -}}
|
||||
{{ include "athens-proxy.labels" . }}
|
||||
{{- if .Values.config.downloadMode.configMap.labels }}
|
||||
{{ toYaml .Values.config.downloadMode.configMap.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "athens-proxy.configMap.gitConfig.labels" -}}
|
||||
{{ include "athens-proxy.labels" . }}
|
||||
{{- if .Values.config.gitConfig.configMap.labels }}
|
||||
{{ toYaml .Values.config.gitConfig.configMap.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* name */}}
|
||||
|
||||
{{- define "athens-proxy.configMap.downloadMode.name" -}}
|
||||
{{ include "athens-proxy.fullname" . }}-download-mode-file
|
||||
{{- end }}
|
||||
|
||||
{{- define "athens-proxy.configMap.gitConfig.name" -}}
|
||||
{{ include "athens-proxy.fullname" . }}-gitconfig
|
||||
{{- end }}
|
279
templates/_deployment.tpl
Normal file
279
templates/_deployment.tpl
Normal file
@@ -0,0 +1,279 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "athens-proxy.deployment.annotations" -}}
|
||||
{{ include "athens-proxy.annotations" . }}
|
||||
{{- if .Values.deployment.annotations }}
|
||||
{{ toYaml .Values.deployment.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* env */}}
|
||||
|
||||
{{- define "athens-proxy.deployment.env" -}}
|
||||
{{- $env := .Values.deployment.athensProxy.env | default (list) }}
|
||||
|
||||
{{- if and .Values.persistence.enabled }}
|
||||
{{- $env = concat $env (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.config.downloadMode.enabled }}
|
||||
{{- $env = concat $env (list (dict "name" "ATHENS_DOWNLOAD_MODE" "value" "file:/etc/athens/config/download-mode.d/download-mode")) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }}
|
||||
{{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.certificate.enabled }}
|
||||
{{- $env = concat $env (list
|
||||
(dict "name" "ATHENS_TLSCERT_FILE" "value" "/etc/athens-proxy/tls/tls.crt")
|
||||
(dict "name" "ATHENS_TLSKEY_FILE" "value" "/etc/athens-proxy/tls/tls.key")
|
||||
) }}
|
||||
{{- end }}
|
||||
|
||||
{{ toYaml (dict "env" $env) }}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/* envFrom */}}
|
||||
|
||||
{{- define "athens-proxy.deployment.envFrom" -}}
|
||||
{{- $envFrom := .Values.deployment.athensProxy.envFrom | default (list) }}
|
||||
|
||||
{{- if .Values.config.env.enabled }}
|
||||
{{- $secretName := include "athens-proxy.secrets.env.name" $ }}
|
||||
{{- if and .Values.config.env.existingSecret.enabled (gt (len .Values.config.env.existingSecret.secretName) 0)}}
|
||||
{{- $secretName = .Values.config.env.existingSecret.secretName }}
|
||||
{{- end }}
|
||||
{{- $envFrom = concat $envFrom (list (dict "secretRef" (dict "name" $secretName))) }}
|
||||
{{- end }}
|
||||
|
||||
{{ toYaml (dict "envFrom" $envFrom) }}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{/* image */}}
|
||||
|
||||
{{- define "athens-proxy.deployment.images.athens-proxy.fqin" -}}
|
||||
{{- $registry := .Values.deployment.athensProxy.image.registry -}}
|
||||
{{- $repository := .Values.deployment.athensProxy.image.repository -}}
|
||||
{{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}}
|
||||
{{- printf "%s/%s:%s" $registry $repository $tag -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "athens-proxy.deployment.labels" -}}
|
||||
{{ include "athens-proxy.labels" . }}
|
||||
{{- if .Values.deployment.labels }}
|
||||
{{ toYaml .Values.deployment.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* serviceAccount */}}
|
||||
|
||||
{{- define "athens-proxy.deployment.serviceAccount" -}}
|
||||
{{- if .Values.serviceAccount.existing.enabled -}}
|
||||
{{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}}
|
||||
{{- else -}}
|
||||
{{- include "athens-proxy.fullname" . -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* volumeMounts */}}
|
||||
|
||||
{{- define "athens-proxy.deployment.volumeMounts" -}}
|
||||
{{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }}
|
||||
|
||||
{{- if .Values.persistence.enabled }}
|
||||
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }}
|
||||
{{- end }}
|
||||
|
||||
{{/* volumes (download mode) */}}
|
||||
{{- if .Values.config.downloadMode.enabled }}
|
||||
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "download-mode" "mountPath" "/etc/athens/config/download-mode.d" )) }}
|
||||
{{- end }}
|
||||
|
||||
{{/* volumeMount (git config) */}}
|
||||
{{- if .Values.config.gitConfig.enabled }}
|
||||
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.gitconfig" "subPath" ".gitconfig" )) }}
|
||||
{{- end }}
|
||||
|
||||
{{/* volumeMount (netrc) */}}
|
||||
{{- if .Values.config.netrc.enabled }}
|
||||
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.netrc" "subPath" ".netrc" )) }}
|
||||
{{- end }}
|
||||
|
||||
{{/* volumeMount (ssh) */}}
|
||||
{{- if and .Values.config.ssh.enabled }}
|
||||
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.config) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.configKey) 0)) }}
|
||||
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/config" "subPath" "config" )) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0)) }}
|
||||
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519" "subPath" "id_ed25519" )) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0)) }}
|
||||
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519.pub" "subPath" "id_ed25519.pub" )) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0)) }}
|
||||
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa" "subPath" "id_rsa" )) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0)) }}
|
||||
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa.pub" "subPath" "id_rsa.pub" )) }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{/* volumeMounts (tls) */}}
|
||||
{{- if .Values.certificate.enabled }}
|
||||
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "tls" "mountPath" "/etc/athens-proxy/tls" )) }}
|
||||
{{- end }}
|
||||
|
||||
{{ toYaml (dict "volumeMounts" $volumeMounts) }}
|
||||
{{- end -}}
|
||||
|
||||
{{/* volumes */}}
|
||||
|
||||
{{- define "athens-proxy.deployment.volumes" -}}
|
||||
{{- $volumes := .Values.deployment.volumes | default (list) }}
|
||||
|
||||
|
||||
{{/* volumes (data) */}}
|
||||
{{- if .Values.persistence.enabled }}
|
||||
{{- $claimName := include "athens-proxy.persistentVolumeClaim.data.name" $ }}
|
||||
{{- if .Values.persistence.data.existingPersistentVolumeClaim.enabled }}
|
||||
{{- $claimName = .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName }}
|
||||
{{- end }}
|
||||
{{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $claimName))) }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{/* volumes (download mode) */}}
|
||||
{{- if .Values.config.downloadMode.enabled }}
|
||||
{{- $itemList := list (dict "key" "downloadMode" "path" "download-mode" "mode" 0644) }}
|
||||
{{- $configMapName := include "athens-proxy.configMap.downloadMode.name" $ }}
|
||||
{{- if and .Values.config.downloadMode.existingConfigMap.enabled (gt (len .Values.config.downloadMode.existingConfigMap.configMapName) 0) }}
|
||||
{{- $itemList = list (dict "key" .Values.config.downloadMode.existingConfigMap.downloadModeKey "path" "download-mode" "mode" 0644) }}
|
||||
{{- $configMapName = .Values.config.downloadMode.existingConfigMap.configMapName }}
|
||||
{{- end }}
|
||||
{{- $volumes = concat $volumes (list (dict "name" "download-mode" "configMap" (dict "name" $configMapName "items" $itemList))) }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{/* volumes (git config) */}}
|
||||
{{- $projectedSecretSources := list -}}
|
||||
|
||||
{{- if .Values.config.gitConfig.enabled }}
|
||||
{{- $itemList := list (dict "key" ".gitconfig" "path" ".gitconfig" "mode" 0644) }}
|
||||
{{- $configMapName := include "athens-proxy.configMap.gitConfig.name" . }}
|
||||
{{- if .Values.config.gitConfig.existingConfigMap.enabled }}
|
||||
{{- $itemList = list (dict "key" .Values.config.gitConfig.existingConfigMap.gitConfigKey "path" ".gitconfig" "mode" 0644) }}
|
||||
{{- $configMapName = .Values.config.gitConfig.existingConfigMap.configMapName }}
|
||||
{{- end }}
|
||||
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "configMap" (dict "name" $configMapName "items" $itemList))) }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
{{/* volumes (netrc) */}}
|
||||
|
||||
{{- if .Values.config.netrc.enabled }}
|
||||
{{- $itemList := list (dict "key" ".netrc" "path" ".netrc" "mode" 0600) }}
|
||||
{{- $secretName := include "athens-proxy.secrets.netrc.name" . }}
|
||||
{{- if .Values.config.netrc.existingSecret.enabled }}
|
||||
{{- $itemList = list (dict "key" .Values.config.netrc.existingSecret.netrcKey "path" ".netrc" "mode" 0600) }}
|
||||
{{- $secretName = .Values.config.netrc.existingSecret.secretName }}
|
||||
{{- end }}
|
||||
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
{{/* volumes (ssh) */}}
|
||||
{{- if .Values.config.ssh.enabled }}
|
||||
|
||||
{{- $itemList := list -}}
|
||||
{{- $secretName := include "athens-proxy.secrets.ssh.name" . }}
|
||||
|
||||
{{- if and .Values.config.ssh.existingSecret.enabled .Values.config.ssh.existingSecret.secretName }}
|
||||
{{- $secretName = .Values.config.ssh.existingSecret.secretName }}
|
||||
|
||||
{{- if gt (len .Values.config.ssh.existingSecret.configKey) 0 }}
|
||||
{{- $configItem := dict "key" .Values.config.ssh.existingSecret.configKey "path" "config" "mode" 0600 }}
|
||||
{{- $itemList = concat $itemList (list $configItem) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0 }}
|
||||
{{- $idED25519Item := dict "key" .Values.config.ssh.existingSecret.id_ed25519Key "path" "id_ed25519" "mode" 0600 }}
|
||||
{{- $itemList = concat $itemList (list $idED25519Item) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0 }}
|
||||
{{- $idED25519PubItem := dict "key" .Values.config.ssh.existingSecret.id_ed25519PubKey "path" "id_ed25519.pub" "mode" 0644 }}
|
||||
{{- $itemList = concat $itemList (list $idED25519PubItem) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0 }}
|
||||
{{- $idRSAItem := dict "key" .Values.config.ssh.existingSecret.id_rsaKey "path" "id_rsa" "mode" 0600 }}
|
||||
{{- $itemList = concat $itemList (list $idRSAItem) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0 }}
|
||||
{{- $idRSAPubItem := dict "key" .Values.config.ssh.existingSecret.id_rsaPubKey "path" "id_rsa.pub" "mode" 0644 }}
|
||||
{{- $itemList = concat $itemList (list $idRSAPubItem) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if not .Values.config.ssh.existingSecret.enabled }}
|
||||
{{- if gt (len .Values.config.ssh.secret.config) 0 }}
|
||||
{{- $configItem := dict "key" "config" "path" "config" "mode" 0600 }}
|
||||
{{- $itemList = concat $itemList (list $configItem) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if gt (len .Values.config.ssh.secret.id_ed25519) 0 }}
|
||||
{{- $idED25519Item := dict "key" "id_ed25519" "path" "id_ed25519" "mode" 0600 }}
|
||||
{{- $itemList = concat $itemList (list $idED25519Item) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if gt (len .Values.config.ssh.secret.id_ed25519_pub) 0 }}
|
||||
{{- $idED25519PubItem := dict "key" "id_ed25519.pub" "path" "id_ed25519.pub" "mode" 0644 }}
|
||||
{{- $itemList = concat $itemList (list $idED25519PubItem) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if gt (len .Values.config.ssh.secret.id_rsa) 0 }}
|
||||
{{- $idRSAItem := dict "key" "id_rsa" "path" "id_rsa" "mode" 0600 }}
|
||||
{{- $itemList = concat $itemList (list $idRSAItem) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if gt (len .Values.config.ssh.secret.id_rsa_pub) 0 }}
|
||||
{{- $idRSAPubItem := dict "key" "id_rsa.pub" "path" "id_rsa.pub" "mode" 0644 }}
|
||||
{{- $itemList = concat $itemList (list $idRSAPubItem) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if gt (len $projectedSecretSources) 0 }}
|
||||
{{- $projectedSecretVolume := dict "name" "secrets" "projected" (dict "sources" $projectedSecretSources) }}
|
||||
{{- $volumes = concat $volumes (list $projectedSecretVolume) }}
|
||||
{{- end }}
|
||||
|
||||
{{/* volumes (tls) */}}
|
||||
{{- if .Values.certificate.enabled }}
|
||||
{{- $secretName := include "athens-proxy.certificates.server.name" $ }}
|
||||
{{- if .Values.certificate.existingSecret.enabled }}
|
||||
{{- $secretName := .Values.certificate.existingSecret.secretName }}
|
||||
{{- end }}
|
||||
{{- $volumes = concat $volumes (list (dict "name" "tls" "secret" (dict "secretName" $secretName))) }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{ toYaml (dict "volumes" $volumes) }}
|
||||
{{- end -}}
|
19
templates/_hpa.tpl
Normal file
19
templates/_hpa.tpl
Normal file
@@ -0,0 +1,19 @@
|
||||
---
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "athens-proxy.hpa.annotations" -}}
|
||||
{{ include "athens-proxy.annotations" . }}
|
||||
{{- if .Values.hpa.annotations }}
|
||||
{{ toYaml .Values.hpa.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "athens-proxy.hpa.labels" -}}
|
||||
{{ include "athens-proxy.labels" . }}
|
||||
{{- if .Values.hpa.labels }}
|
||||
{{ toYaml .Values.hpa.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
19
templates/_ingress.tpl
Normal file
19
templates/_ingress.tpl
Normal file
@@ -0,0 +1,19 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "athens-proxy.ingress.annotations" -}}
|
||||
{{ include "athens-proxy.annotations" . }}
|
||||
{{- if .Values.ingress.annotations }}
|
||||
{{ toYaml .Values.ingress.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "athens-proxy.ingress.labels" -}}
|
||||
{{ include "athens-proxy.labels" . }}
|
||||
{{- if .Values.ingress.labels }}
|
||||
{{ toYaml .Values.ingress.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
19
templates/_networkPolicy.tpl
Normal file
19
templates/_networkPolicy.tpl
Normal file
@@ -0,0 +1,19 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "athens-proxy.networkPolicy.annotations" -}}
|
||||
{{ include "athens-proxy.annotations" . }}
|
||||
{{- if .Values.networkPolicy.annotations }}
|
||||
{{ toYaml .Values.networkPolicy.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "athens-proxy.networkPolicy.labels" -}}
|
||||
{{ include "athens-proxy.labels" . }}
|
||||
{{- if .Values.networkPolicy.labels }}
|
||||
{{ toYaml .Values.networkPolicy.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
25
templates/_persistentVolumeClaim.tpl
Normal file
25
templates/_persistentVolumeClaim.tpl
Normal file
@@ -0,0 +1,25 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "athens-proxy.persistentVolumeClaim.data.annotations" -}}
|
||||
{{ include "athens-proxy.annotations" . }}
|
||||
{{- if .Values.persistence.data.persistentVolumeClaim.annotations }}
|
||||
{{ toYaml .Values.persistence.data.persistentVolumeClaim.annotations}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "athens-proxy.persistentVolumeClaim.data.labels" -}}
|
||||
{{ include "athens-proxy.labels" . }}
|
||||
{{- if .Values.persistence.data.persistentVolumeClaim.labels }}
|
||||
{{ toYaml .Values.persistence.data.persistentVolumeClaim.labels}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* name */}}
|
||||
|
||||
{{- define "athens-proxy.persistentVolumeClaim.data.name" -}}
|
||||
{{ include "athens-proxy.fullname" . }}-data
|
||||
{{- end }}
|
34
templates/_pod.tpl
Normal file
34
templates/_pod.tpl
Normal file
@@ -0,0 +1,34 @@
|
||||
---
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "athens-proxy.pod.annotations" }}
|
||||
{{- include "athens-proxy.annotations" . }}
|
||||
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
|
||||
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }}
|
||||
{{- end }}
|
||||
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
|
||||
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }}
|
||||
{{- end }}
|
||||
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
|
||||
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }}
|
||||
{{- end }}
|
||||
{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
|
||||
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }}
|
||||
{{- end }}
|
||||
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
|
||||
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "athens-proxy.pod.labels" -}}
|
||||
{{ include "athens-proxy.labels" . }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "athens-proxy.pod.selectorLabels" -}}
|
||||
{{ include "athens-proxy.selectorLabels" . }}
|
||||
{{- end }}
|
61
templates/_secrets.tpl
Normal file
61
templates/_secrets.tpl
Normal file
@@ -0,0 +1,61 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "athens-proxy.secrets.env.annotations" -}}
|
||||
{{ include "athens-proxy.annotations" . }}
|
||||
{{- if .Values.config.env.secret.annotations }}
|
||||
{{ toYaml .Values.config.env.secret.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "athens-proxy.secrets.netrc.annotations" -}}
|
||||
{{ include "athens-proxy.annotations" . }}
|
||||
{{- if .Values.config.netrc.secret.annotations }}
|
||||
{{ toYaml .Values.config.netrc.secret.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "athens-proxy.secrets.ssh.annotations" -}}
|
||||
{{ include "athens-proxy.annotations" . }}
|
||||
{{- if .Values.config.ssh.secret.annotations }}
|
||||
{{ toYaml .Values.config.ssh.secret.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "athens-proxy.secrets.env.labels" -}}
|
||||
{{ include "athens-proxy.labels" . }}
|
||||
{{- if .Values.config.env.secret.labels }}
|
||||
{{ toYaml .Values.config.env.secret.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "athens-proxy.secrets.netrc.labels" -}}
|
||||
{{ include "athens-proxy.labels" . }}
|
||||
{{- if .Values.config.netrc.secret.labels }}
|
||||
{{ toYaml .Values.config.netrc.secret.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "athens-proxy.secrets.ssh.labels" -}}
|
||||
{{ include "athens-proxy.labels" . }}
|
||||
{{- if .Values.config.ssh.secret.labels }}
|
||||
{{ toYaml .Values.config.ssh.secret.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* name */}}
|
||||
|
||||
{{- define "athens-proxy.secrets.env.name" -}}
|
||||
{{ include "athens-proxy.fullname" . }}-env
|
||||
{{- end }}
|
||||
|
||||
{{- define "athens-proxy.secrets.netrc.name" -}}
|
||||
{{ include "athens-proxy.fullname" . }}-netrc
|
||||
{{- end }}
|
||||
|
||||
{{- define "athens-proxy.secrets.ssh.name" -}}
|
||||
{{ include "athens-proxy.fullname" . }}-ssh
|
||||
{{- end }}
|
17
templates/_serviceAccount.tpl
Normal file
17
templates/_serviceAccount.tpl
Normal file
@@ -0,0 +1,17 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "athens-proxy.serviceAccount.annotations" -}}
|
||||
{{- if .Values.serviceAccount.new.annotations }}
|
||||
{{ toYaml .Values.serviceAccount.new.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "athens-proxy.serviceAccount.labels" -}}
|
||||
{{- if .Values.serviceAccount.new.labels }}
|
||||
{{ toYaml .Values.serviceAccount.new.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
29
templates/_services.tpl
Normal file
29
templates/_services.tpl
Normal file
@@ -0,0 +1,29 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "athens-proxy.services.http.annotations" -}}
|
||||
{{ include "athens-proxy.annotations" . }}
|
||||
{{- if .Values.services.http.annotations }}
|
||||
{{ toYaml .Values.services.http.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "athens-proxy.services.http.labels" -}}
|
||||
{{ include "athens-proxy.labels" . }}
|
||||
{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}}
|
||||
app.kubernetes.io/service-name: http
|
||||
{{- if .Values.services.http.labels }}
|
||||
{{ toYaml .Values.services.http.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* names */}}
|
||||
|
||||
{{- define "athens-proxy.services.http.name" -}}
|
||||
{{- if .Values.services.http.enabled -}}
|
||||
{{ include "athens-proxy.fullname" . }}-http
|
||||
{{- end -}}
|
||||
{{- end -}}
|
97
templates/certificate.yaml
Normal file
97
templates/certificate.yaml
Normal file
@@ -0,0 +1,97 @@
|
||||
{{- if and .Values.certificate.enabled (not .Values.certificate.existingSecret.enabled) -}}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
{{- with (include "athens-proxy.certificates.server.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "athens-proxy.certificates.server.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "athens-proxy.certificates.server.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
commonName: {{ include "athens-proxy.fullname" . }}
|
||||
{{- if empty .Values.certificate.new.dnsNames }}
|
||||
dnsNames:
|
||||
- {{ include "athens-proxy.fullname" . }}
|
||||
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}
|
||||
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc
|
||||
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
|
||||
{{- else }}
|
||||
dnsNames:
|
||||
{{- range .Values.certificate.new.dnsNames }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
duration: {{ .Values.certificate.new.duration }}
|
||||
{{- if not (empty .Values.certificate.new.ipAddresses) }}
|
||||
ipAddresses:
|
||||
{{- range .Values.certificate.new.ipAddresses }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
isCA: false
|
||||
issuerRef:
|
||||
kind: {{ required "No certificate issuer kind defined!" .Values.certificate.new.issuerRef.kind }}
|
||||
name: {{ required "No certificate issuer name defined!" .Values.certificate.new.issuerRef.name }}
|
||||
privateKey:
|
||||
algorithm: {{ .Values.certificate.new.privateKey.algorithm }}
|
||||
rotationPolicy: {{ .Values.certificate.new.privateKey.rotationPolicy }}
|
||||
size: {{ .Values.certificate.new.privateKey.size }}
|
||||
renewBefore: {{ .Values.certificate.new.renewBefore }}
|
||||
secretName: {{ include "athens-proxy.certificates.server.name" . }}
|
||||
{{- with .Values.certificate.new.secretTemplate }}
|
||||
secretTemplate:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.certificate.new.subject.countries
|
||||
.Values.certificate.new.subject.localities
|
||||
.Values.certificate.new.subject.organizationalUnits
|
||||
.Values.certificate.new.subject.organizations
|
||||
.Values.certificate.new.subject.postalCodes
|
||||
.Values.certificate.new.subject.provinces
|
||||
.Values.certificate.new.subject.serialNumber
|
||||
.Values.certificate.new.subject.streetAddresses
|
||||
}}
|
||||
subject:
|
||||
{{- with .Values.certificate.new.subject.countries }}
|
||||
countries:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.certificate.new.subject.localities }}
|
||||
localities:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.certificate.new.subject.organizationalUnits }}
|
||||
organizationalUnits:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.certificate.new.subject.organizations }}
|
||||
organizations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.certificate.new.subject.postalCodes }}
|
||||
postalCodes:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.certificate.new.subject.provinces }}
|
||||
provinces:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.certificate.new.subject.serialNumber }}
|
||||
serialNumber: {{ .Values.certificate.new.subject.serialNumber }}
|
||||
{{- end }}
|
||||
{{- with .Values.certificate.new.subject.streetAddresses }}
|
||||
streetAddresses:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
usages:
|
||||
{{- range .Values.certificate.new.usages }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
19
templates/configMapDownloadMode.yaml
Normal file
19
templates/configMapDownloadMode.yaml
Normal file
@@ -0,0 +1,19 @@
|
||||
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
{{- with (include "athens-proxy.configMap.downloadMode.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "athens-proxy.configMap.downloadMode.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "athens-proxy.configMap.downloadMode.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
data:
|
||||
downloadMode: |
|
||||
{{- tpl .Values.config.downloadMode.configMap.content . | nindent 4 }}
|
||||
{{- end }}
|
19
templates/configMapGitConfig.yaml
Normal file
19
templates/configMapGitConfig.yaml
Normal file
@@ -0,0 +1,19 @@
|
||||
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
{{- with (include "athens-proxy.configMap.gitConfig.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "athens-proxy.configMap.gitConfig.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "athens-proxy.configMap.gitConfig.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
data:
|
||||
.gitconfig: |
|
||||
{{- tpl .Values.config.gitConfig.configMap.content . | nindent 4 }}
|
||||
{{- end }}
|
@@ -1,72 +1,143 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "athens-proxy.fullname" . }}
|
||||
{{- with (include "athens-proxy.deployment.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "athens-proxy.deployment.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- include "athens-proxy.labels" . | nindent 4 }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "athens-proxy.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
replicas: {{ .Values.deployment.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "athens-proxy.selectorLabels" . | nindent 6 }}
|
||||
{{- include "athens-proxy.pod.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
{{- with .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- include "athens-proxy.pod.annotations" . | nindent 8 }}
|
||||
labels:
|
||||
{{- include "athens-proxy.selectorLabels" . | nindent 8 }}
|
||||
{{- include "athens-proxy.pod.labels" . | nindent 8 }}
|
||||
spec:
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ include "athens-proxy.fullname" . }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
{{- with .Values.livenessProbe }}
|
||||
livenessProbe:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: {{ .Values.config.ATHENS_PORT | default 3000 }}
|
||||
protocol: TCP
|
||||
{{- with .Values.readinessProbe }}
|
||||
readinessProbe:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
{{- with .Values.extraVolumeMounts }}
|
||||
volumeMounts:
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
{{- with .Values.deployment.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
containers:
|
||||
- name: athens-proxy
|
||||
{{- with .Values.deployment.athensProxy.args }}
|
||||
args:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.deployment.athensProxy.command }}
|
||||
command:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- $env := (include "athens-proxy.deployment.env" . | fromYaml) }}
|
||||
{{- if and (hasKey $env "env") (gt (len $env.env) 0) }}
|
||||
env:
|
||||
{{- toYaml $env.env | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- $envFrom := (include "athens-proxy.deployment.envFrom" . | fromYaml) }}
|
||||
{{- if and (hasKey $envFrom "envFrom") (gt (len $envFrom.envFrom) 0) }}
|
||||
envFrom:
|
||||
{{- toYaml $envFrom.envFrom | nindent 8 }}
|
||||
{{- end }}
|
||||
image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }}
|
||||
imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }}
|
||||
livenessProbe:
|
||||
exec:
|
||||
{{- if not .Values.certificate.enabled }}
|
||||
command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ]
|
||||
{{- else }}
|
||||
command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ]
|
||||
{{- end }}
|
||||
failureThreshold: 3
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 60
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 3
|
||||
readinessProbe:
|
||||
exec:
|
||||
{{- if not .Values.certificate.enabled }}
|
||||
command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ]
|
||||
{{- else }}
|
||||
command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ]
|
||||
{{- end }}
|
||||
failureThreshold: 3
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 3
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 3000
|
||||
protocol: TCP
|
||||
{{- with .Values.deployment.athensProxy.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- with .Values.deployment.athensProxy.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- $volumeMounts := (include "athens-proxy.deployment.volumeMounts" . | fromYaml) }}
|
||||
{{- if and (hasKey $volumeMounts "volumeMounts") (gt (len $volumeMounts.volumeMounts) 0) }}
|
||||
volumeMounts:
|
||||
{{- toYaml $volumeMounts.volumeMounts | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.deployment.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.deployment.dnsPolicy }}
|
||||
dnsPolicy: {{ .Values.deployment.dnsPolicy }}
|
||||
{{- end }}
|
||||
{{- if .Values.deployment.hostname }}
|
||||
hostname: {{ .Values.deployment.hostname }}
|
||||
{{- end }}
|
||||
hostNetwork: {{ .Values.deployment.hostNetwork }}
|
||||
{{- with .Values.deployment.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
{{- with .Values.deployment.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.podPriorityClassName }}
|
||||
priorityClassName: {{ .Values.podPriorityClassName }}
|
||||
{{- if .Values.deployment.priorityClassName }}
|
||||
priorityClassName: {{ .Values.deployment.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.deployment.restartPolicy }}
|
||||
restartPolicy: {{ .Values.deployment.restartPolicy }}
|
||||
{{- end }}
|
||||
{{- with .Values.deployment.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
||||
serviceAccountName: {{ include "athens-proxy.fullname" . }}
|
||||
{{- with .Values.tolerations }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccount: {{ include "athens-proxy.deployment.serviceAccount" . }}
|
||||
{{- if .Values.deployment.subdomain }}
|
||||
subdomain: {{ .Values.deployment.subdomain }}
|
||||
{{- end }}
|
||||
terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }}
|
||||
{{- with .Values.deployment.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.extraVolumes }}
|
||||
{{- with .Values.deployment.topologySpreadConstraints }}
|
||||
topologySpreadConstraints:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- $volumes := (include "athens-proxy.deployment.volumes" . | fromYaml) }}
|
||||
{{- if and (hasKey $volumes "volumes") (gt (len $volumes.volumes) 0) }}
|
||||
volumes:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- toYaml $volumes.volumes | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.deployment.strategy }}
|
||||
strategy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
25
templates/hpa.yaml
Normal file
25
templates/hpa.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
{{- if .Values.hpa.enabled -}}
|
||||
---
|
||||
apiVersion: autoscaling/v2
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
{{- with (include "athens-proxy.hpa.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "athens-proxy.hpa.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "athens-proxy.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
metrics:
|
||||
{{- toYaml .Values.hpa.metrics | nindent 2 }}
|
||||
maxReplicas: {{ .Values.hpa.maxReplicas }}
|
||||
minReplicas: {{ .Values.hpa.minReplicas }}
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: {{ include "athens-proxy.fullname" . }}
|
||||
{{- end -}}
|
@@ -1,61 +1,45 @@
|
||||
{{- if .Values.ingress.enabled -}}
|
||||
{{- $fullName := include "athens-proxy.fullname" . -}}
|
||||
{{- $svcPort := .Values.service.port -}}
|
||||
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
|
||||
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
|
||||
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
{{- if and .Values.services.http.enabled .Values.ingress.enabled }}
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{- else -}}
|
||||
apiVersion: extensions/v1beta1
|
||||
{{- end }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $fullName }}
|
||||
labels:
|
||||
{{- include "athens-proxy.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress.annotations }}
|
||||
{{- with (include "athens-proxy.ingress.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "athens-proxy.ingress.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "athens-proxy.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
|
||||
ingressClassName: {{ .Values.ingress.className }}
|
||||
rules:
|
||||
{{- range .Values.ingress.hosts }}
|
||||
- host: {{ tpl .host $ | quote }}
|
||||
http:
|
||||
paths:
|
||||
{{- range .paths }}
|
||||
- path: {{ .path }}
|
||||
{{- if .pathType }}
|
||||
pathType: {{ .pathType }}
|
||||
{{- end }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ include "athens-proxy.services.http.name" $ }}
|
||||
port:
|
||||
number: {{ $.Values.services.http.port }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tls }}
|
||||
tls:
|
||||
{{- range .Values.ingress.tls }}
|
||||
- hosts:
|
||||
{{- range .hosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ .secretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.ingress.hosts }}
|
||||
- host: {{ .host | quote }}
|
||||
http:
|
||||
paths:
|
||||
{{- range .paths }}
|
||||
- path: {{ .path }}
|
||||
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
|
||||
pathType: {{ .pathType }}
|
||||
{{- end }}
|
||||
backend:
|
||||
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
|
||||
service:
|
||||
name: {{ $fullName }}
|
||||
port:
|
||||
number: {{ $svcPort }}
|
||||
{{- else }}
|
||||
serviceName: {{ $fullName }}
|
||||
servicePort: {{ $svcPort }}
|
||||
- {{ tpl . $ | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ .secretName | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
32
templates/networkPolicy.yaml
Normal file
32
templates/networkPolicy.yaml
Normal file
@@ -0,0 +1,32 @@
|
||||
{{- if .Values.networkPolicy.enabled }}
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
{{- with (include "athens-proxy.networkPolicy.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "athens-proxy.networkPolicy.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "athens-proxy.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }}
|
||||
{{- with .Values.networkPolicy.policyTypes }}
|
||||
policyTypes:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.networkPolicy.egress }}
|
||||
egress:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.networkPolicy.ingress }}
|
||||
ingress:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
26
templates/persistentVolumeClaim.yaml
Normal file
26
templates/persistentVolumeClaim.yaml
Normal file
@@ -0,0 +1,26 @@
|
||||
{{- if and .Values.persistence.enabled (not .Values.persistence.data.existingPersistentVolumeClaim.enabled) }}
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
{{- with (include "athens-proxy.persistentVolumeClaim.data.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "athens-proxy.persistentVolumeClaim.data.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "athens-proxy.persistentVolumeClaim.data.name" . }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
{{- with .Values.persistence.data.persistentVolumeClaim.accessModes }}
|
||||
accessModes:
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.data.persistentVolumeClaim.storageSize }}
|
||||
{{- if .Values.persistence.data.persistentVolumeClaim.storageClassName }}
|
||||
storageClassName: {{ .Values.persistence.data.persistentVolumeClaim.storageClassName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
20
templates/secretEnv.yaml
Normal file
20
templates/secretEnv.yaml
Normal file
@@ -0,0 +1,20 @@
|
||||
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
{{- with (include "athens-proxy.secrets.env.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "athens-proxy.secrets.env.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "athens-proxy.secrets.env.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
stringData:
|
||||
{{- range $key, $value := .Values.config.env.secret.envs }}
|
||||
{{ upper $key }}: {{ quote $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
19
templates/secretNetRC.yaml
Normal file
19
templates/secretNetRC.yaml
Normal file
@@ -0,0 +1,19 @@
|
||||
{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
{{- with (include "athens-proxy.secrets.netrc.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "athens-proxy.secrets.netrc.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "athens-proxy.secrets.netrc.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
stringData:
|
||||
.netrc: |
|
||||
{{- tpl .Values.config.netrc.secret.content . | nindent 4 }}
|
||||
{{- end }}
|
35
templates/secretSSH.yaml
Normal file
35
templates/secretSSH.yaml
Normal file
@@ -0,0 +1,35 @@
|
||||
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
{{- with (include "athens-proxy.secrets.ssh.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "athens-proxy.secrets.ssh.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "athens-proxy.secrets.ssh.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
stringData:
|
||||
config: |
|
||||
{{- tpl $.Values.config.ssh.secret.config $ | nindent 4 }}
|
||||
{{- if .Values.config.ssh.secret.id_ed25519 }}
|
||||
id_ed25519: |
|
||||
{{- .Values.config.ssh.secret.id_ed25519 | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.ssh.secret.id_ed25519_pub }}
|
||||
id_ed25519.pub: |
|
||||
{{- .Values.config.ssh.secret.id_ed25519_pub | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.ssh.secret.id_rsa }}
|
||||
id_rsa: |
|
||||
{{- .Values.config.ssh.secret.id_rsa | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.ssh.secret.id_rsa_pub }}
|
||||
id_rsa.pub: |
|
||||
{{- .Values.config.ssh.secret.id_rsa_pub | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@@ -1,23 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "athens-proxy.fullname" . }}
|
||||
type: Opaque
|
||||
stringData:
|
||||
|
||||
{{- if not (hasKey .Values "config") -}}
|
||||
{{- $_ := set .Values "config" dict -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not (hasKey .Values.config "ATHENS_DISK_STORAGE_ROOT") -}}
|
||||
{{- $_ := set .Values.config "ATHENS_DISK_STORAGE_ROOT" "/var/lib/athens" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not (hasKey .Values.config "ATHENS_STORAGE_TYPE") -}}
|
||||
{{- $_ := set .Values.config "ATHENS_STORAGE_TYPE" "disk" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* SETUP CONFIG */}}
|
||||
{{ range $key, $value := .Values.config }}
|
||||
{{ upper $key}}: {{ quote $value }}
|
||||
{{ end }}
|
@@ -1,36 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
{{- with .Values.service.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "athens-proxy.labels" . | nindent 4 }}
|
||||
name: {{ include "athens-proxy.fullname" . }}
|
||||
spec:
|
||||
{{- with .Values.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- if .Values.service.externalTrafficPolicy }}
|
||||
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
{{- if and .Values.service.loadBalancerClass (eq .Values.service.type "LoadBalancer") }}
|
||||
loadBalancerClass: {{ .Values.service.loadBalancerClass }}
|
||||
{{- end }}
|
||||
{{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }}
|
||||
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
type: {{ .Values.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
targetPort: {{ .Values.service.targetPort }}
|
||||
protocol: TCP
|
||||
name: {{ .Values.service.name }}
|
||||
selector:
|
||||
{{- include "athens-proxy.selectorLabels" . | nindent 4 }}
|
@@ -1,10 +1,25 @@
|
||||
{{- if not .Values.serviceAccount.existing.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
{{- with (include "athens-proxy.serviceAccount.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "athens-proxy.serviceAccount.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- include "athens-proxy.labels" . | nindent 4 }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "athens-proxy.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
automountServiceAccountToken: {{ .Values.serviceAccount.new.automountServiceAccountToken }}
|
||||
{{- with .Values.serviceAccount.new.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.serviceAccount.new.secrets }}
|
||||
secrets:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
57
templates/serviceHTTP.yaml
Normal file
57
templates/serviceHTTP.yaml
Normal file
@@ -0,0 +1,57 @@
|
||||
{{- if .Values.services.http.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
{{- with (include "athens-proxy.services.http.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "athens-proxy.services.http.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "athens-proxy.services.http.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
{{- if not (empty .Values.services.http.externalIPs) }}
|
||||
externalIPs:
|
||||
{{- range .Values.services.http.externalIPs }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and (or (eq .Values.services.http.type "LoadBalancer") (eq .Values.services.http.type "NodePort") ) .Values.services.http.externalTrafficPolicy }}
|
||||
externalTrafficPolicy: {{ .Values.services.http.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.services.http.internalTrafficPolicy }}
|
||||
{{- if .Values.services.http.ipFamilies }}
|
||||
ipFamilies:
|
||||
{{- range .Values.services.http.ipFamilies }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerClass }}
|
||||
loadBalancerClass: {{ .Values.services.http.loadBalancerClass }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.services.http.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.services.http.type "LoadBalancer" }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- range .Values.services.http.loadBalancerSourceRanges }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: {{ required "No service port defined!" .Values.services.http.port }}
|
||||
selector:
|
||||
{{- include "athens-proxy.pod.selectorLabels" . | nindent 4 }}
|
||||
sessionAffinity: {{ required "No session affinity defined!" .Values.services.http.sessionAffinity }}
|
||||
{{- with .Values.services.http.sessionAffinityConfig }}
|
||||
sessionAffinityConfig:
|
||||
{{- toYaml . | nindent 4}}
|
||||
{{- end }}
|
||||
type: {{ required "No service type defined!" .Values.services.http.type }}
|
||||
{{- end }}
|
@@ -1,15 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: "{{ include "athens-proxy.fullname" . }}-test-connection"
|
||||
labels:
|
||||
{{- include "athens-proxy.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": test
|
||||
spec:
|
||||
containers:
|
||||
- name: wget
|
||||
image: busybox
|
||||
command: ['wget']
|
||||
args: ['{{ include "athens-proxy.fullname" . }}:{{ .Values.service.port }}']
|
||||
restartPolicy: Never
|
300
unittests/certificates/certificate.yaml
Normal file
300
unittests/certificates/certificate.yaml
Normal file
@@ -0,0 +1,300 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Certificate athens-proxy template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/certificate.yaml
|
||||
tests:
|
||||
- it: Skip rendering by default.
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Skip rendering for existing certificate
|
||||
set:
|
||||
certificate.enabled: true
|
||||
certificate.existingSecret.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Throw error when issuerKind and IssuerName is not defined
|
||||
set:
|
||||
certificate.enabled: true
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "No certificate issuer kind defined!"
|
||||
|
||||
- it: Throw error when issuerKind and IssuerName is not defined
|
||||
set:
|
||||
certificate.enabled: true
|
||||
asserts:
|
||||
- failedTemplate: {}
|
||||
|
||||
- it: Throw error when issuerKind not defined
|
||||
set:
|
||||
certificate.enabled: true
|
||||
certificate.new.issuerRef.name: "my-issuer"
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "No certificate issuer kind defined!"
|
||||
|
||||
- it: Throw error when issuerName not defined
|
||||
set:
|
||||
certificate.enabled: true
|
||||
certificate.new.issuerRef.kind: "ClusterIssuer"
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "No certificate issuer name defined!"
|
||||
|
||||
- it: Rendering Certificate object when certificate.enabled=true (default)
|
||||
set:
|
||||
certificate.enabled: true
|
||||
certificate.new.issuerRef.kind: ClusterIssuer
|
||||
certificate.new.issuerRef.name: my-issuer
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
name: athens-proxy-unittest-tls
|
||||
namespace: testing
|
||||
- equal:
|
||||
path: spec.commonName
|
||||
value: athens-proxy-unittest
|
||||
- equal:
|
||||
path: spec.duration
|
||||
value: 744h
|
||||
- equal:
|
||||
path: spec.dnsNames
|
||||
value: [ "athens-proxy-unittest", "athens-proxy-unittest.testing", "athens-proxy-unittest.testing.svc", "athens-proxy-unittest.testing.svc.cluster.local" ]
|
||||
- notExists:
|
||||
path: spec.ipAddresses
|
||||
- equal:
|
||||
path: spec.isCA
|
||||
value: false
|
||||
- equal:
|
||||
path: spec.issuerRef.kind
|
||||
value: ClusterIssuer
|
||||
- equal:
|
||||
path: spec.issuerRef.name
|
||||
value: my-issuer
|
||||
- equal:
|
||||
path: spec.privateKey.algorithm
|
||||
value: RSA
|
||||
- equal:
|
||||
path: spec.privateKey.size
|
||||
value: 4096
|
||||
- equal:
|
||||
path: spec.privateKey.rotationPolicy
|
||||
value: Never
|
||||
- equal:
|
||||
path: spec.secretName
|
||||
value: athens-proxy-unittest-tls
|
||||
- exists:
|
||||
path: spec.secretTemplate.annotations
|
||||
- exists:
|
||||
path: spec.secretTemplate.labels
|
||||
- notExists:
|
||||
path: spec.subject
|
||||
- notExists:
|
||||
path: spec.subject.countries
|
||||
- notExists:
|
||||
path: spec.subject.localities
|
||||
- notExists:
|
||||
path: spec.subject.organizationalUnits
|
||||
- notExists:
|
||||
path: spec.subject.organizations
|
||||
- notExists:
|
||||
path: spec.subject.postalCodes
|
||||
- notExists:
|
||||
path: spec.subject.provinces
|
||||
- notExists:
|
||||
path: spec.subject.serialNumber
|
||||
- notExists:
|
||||
path: spec.subject.streetAddresses
|
||||
- equal:
|
||||
path: spec.renewBefore
|
||||
value: 672h
|
||||
- equal:
|
||||
path: spec.usages
|
||||
value: [ "client auth", "server auth" ]
|
||||
|
||||
# metadata.annotations
|
||||
- it: Rendering Certificate object with additional annotations and labels
|
||||
set:
|
||||
certificate.enabled: true
|
||||
certificate.new.issuerRef.kind: ClusterIssuer
|
||||
certificate.new.issuerRef.name: my-issuer
|
||||
certificate.new.annotations:
|
||||
foo: bar
|
||||
certificate.new.labels:
|
||||
bar: foo
|
||||
asserts:
|
||||
- isSubset:
|
||||
path: metadata.annotations
|
||||
content:
|
||||
foo: bar
|
||||
- isSubset:
|
||||
path: metadata.labels
|
||||
content:
|
||||
bar: foo
|
||||
|
||||
# spec.duration
|
||||
- it: Rendering Certificate object with custom `.Values.certificate.new.duration`.
|
||||
set:
|
||||
certificate.enabled: true
|
||||
certificate.new.issuerRef.kind: ClusterIssuer
|
||||
certificate.new.issuerRef.name: my-issuer
|
||||
certificate.new.duration: 3000h
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.duration
|
||||
value: 3000h
|
||||
|
||||
# spec.dnsNames
|
||||
- it: Rendering Certificate object with custom `.Values.certificate.new.dnsNames`.
|
||||
set:
|
||||
certificate.enabled: true
|
||||
certificate.new.issuerRef.kind: ClusterIssuer
|
||||
certificate.new.issuerRef.name: my-issuer
|
||||
certificate.new.dnsNames: [ "app", "app.example.local" ]
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.dnsNames
|
||||
value: [ "app", "app.example.local" ]
|
||||
|
||||
# spec.dnsNames
|
||||
- it: Rendering Certificate object with custom `.Values.clusterDomain` as domain.
|
||||
set:
|
||||
certificate.enabled: true
|
||||
certificate.new.issuerRef.kind: ClusterIssuer
|
||||
certificate.new.issuerRef.name: my-issuer
|
||||
clusterDomain: k8s.example.local
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.dnsNames
|
||||
content:
|
||||
athens-proxy-unittest.testing.svc.k8s.example.local
|
||||
count: 1
|
||||
|
||||
# spec.ipAddresses
|
||||
- it: RRendering Certificate object with custom `.Values.certificate.new.ipAddresses`.
|
||||
set:
|
||||
certificate.enabled: true
|
||||
certificate.new.issuerRef.kind: ClusterIssuer
|
||||
certificate.new.issuerRef.name: my-issuer
|
||||
certificate.new.ipAddresses: [ "10.11.12.13", "fe00:xxyy:xxyy" ]
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.ipAddresses
|
||||
value: [ "10.11.12.13", "fe00:xxyy:xxyy" ]
|
||||
|
||||
# spec.privateKey
|
||||
- it: Rendering Certificate object with custom `.Values.certificate.new.privateKey` values.
|
||||
set:
|
||||
certificate.enabled: true
|
||||
certificate.new.issuerRef.kind: ClusterIssuer
|
||||
certificate.new.issuerRef.name: my-issuer
|
||||
certificate.new.privateKey.algorithm: ED25519
|
||||
certificate.new.privateKey.rotationPolicy: Never
|
||||
certificate.new.privateKey.size: 512
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.privateKey.algorithm
|
||||
value: ED25519
|
||||
- equal:
|
||||
path: spec.privateKey.rotationPolicy
|
||||
value: Never
|
||||
- equal:
|
||||
path: spec.privateKey.size
|
||||
value: 512
|
||||
|
||||
# spec.renewBefore
|
||||
- it: Rendering Certificate object with custom `.Values.certificate.new.renewBefore`.
|
||||
set:
|
||||
certificate.enabled: true
|
||||
certificate.new.issuerRef.kind: ClusterIssuer
|
||||
certificate.new.issuerRef.name: my-issuer
|
||||
certificate.new.renewBefore: 2000h
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.renewBefore
|
||||
value: 2000h
|
||||
|
||||
# spec.secretTemplate
|
||||
- it: Rendering Certificate object with custom `.Values.certificate.new.secretTemplate` values.
|
||||
set:
|
||||
certificate.enabled: true
|
||||
certificate.new.issuerRef.kind: ClusterIssuer
|
||||
certificate.new.issuerRef.name: my-issuer
|
||||
certificate.new.secretTemplate:
|
||||
annotations:
|
||||
foo: bar
|
||||
labels:
|
||||
bar: foo
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.secretTemplate.annotations
|
||||
value:
|
||||
foo: bar
|
||||
- equal:
|
||||
path: spec.secretTemplate.labels
|
||||
value:
|
||||
bar: foo
|
||||
|
||||
# spec.secretTemplate
|
||||
- it: Rendering Certificate object with custom `.Values.certificate.new.subject` values.
|
||||
set:
|
||||
certificate.enabled: true
|
||||
certificate.new.issuerRef.kind: ClusterIssuer
|
||||
certificate.new.issuerRef.name: my-issuer
|
||||
certificate.new.subject.countries: [ "Country" ]
|
||||
certificate.new.subject.localities: [ "City" ]
|
||||
certificate.new.subject.organizationalUnits: [ "IT department" ]
|
||||
certificate.new.subject.organizations: [ "My organization" ]
|
||||
certificate.new.subject.postalCodes: [ "AB12345", "12345AB" ]
|
||||
certificate.new.subject.provinces: [ "Provinces" ]
|
||||
certificate.new.subject.serialNumber: "MyNumber"
|
||||
certificate.new.subject.streetAddresses: [ "ExampleStreet 1", "StreetExample 2" ]
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.subject.countries
|
||||
value: [ "Country" ]
|
||||
- equal:
|
||||
path: spec.subject.localities
|
||||
value: [ "City" ]
|
||||
- equal:
|
||||
path: spec.subject.organizationalUnits
|
||||
value: [ "IT department" ]
|
||||
- equal:
|
||||
path: spec.subject.organizations
|
||||
value: [ "My organization" ]
|
||||
- equal:
|
||||
path: spec.subject.postalCodes
|
||||
value: [ "AB12345", "12345AB" ]
|
||||
- equal:
|
||||
path: spec.subject.provinces
|
||||
value: [ "Provinces" ]
|
||||
- equal:
|
||||
path: spec.subject.serialNumber
|
||||
value: "MyNumber"
|
||||
- equal:
|
||||
path: spec.subject.streetAddresses
|
||||
value: [ "ExampleStreet 1", "StreetExample 2" ]
|
||||
|
||||
# spec.usages
|
||||
- it: Rendering Certificate object with custom `.Values.certificate.new.usages`.
|
||||
set:
|
||||
certificate.enabled: true
|
||||
certificate.new.issuerRef.kind: ClusterIssuer
|
||||
certificate.new.issuerRef.name: my-issuer
|
||||
certificate.new.usages: [ "client auth" ]
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.usages
|
||||
value: [ "client auth" ]
|
98
unittests/configMaps/downloadMode.yaml
Normal file
98
unittests/configMaps/downloadMode.yaml
Normal file
@@ -0,0 +1,98 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: ConfigMap downloadMode
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/configMapDownloadMode.yaml
|
||||
tests:
|
||||
- it: Skip rending by default.
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Skip rending by using existing config map.
|
||||
set:
|
||||
config.downloadMode.enabled: true
|
||||
config.downloadMode.existingConfigMap.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Rendering with default values
|
||||
set:
|
||||
config.downloadMode.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
name: athens-proxy-unittest-download-mode-file
|
||||
namespace: testing
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
- equal:
|
||||
path: data.downloadMode
|
||||
value: |
|
||||
downloadURL = "https://proxy.golang.org"
|
||||
|
||||
mode = "async_redirect"
|
||||
|
||||
# download "github.com/gomods/*" {
|
||||
# mode = "sync"
|
||||
# }
|
||||
#
|
||||
# download "golang.org/x/*" {
|
||||
# mode = "none"
|
||||
# }
|
||||
#
|
||||
# download "github.com/pkg/*" {
|
||||
# mode = "redirect"
|
||||
# downloadURL = "https://proxy.golang.org"
|
||||
# }
|
||||
|
||||
- it: Rendering custom annotations and labels.
|
||||
set:
|
||||
config.downloadMode.enabled: true
|
||||
config.downloadMode.configMap.annotations:
|
||||
foo: bar
|
||||
bar: foo
|
||||
config.downloadMode.configMap.labels:
|
||||
foo: bar
|
||||
bar: foo
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
foo: bar
|
||||
bar: foo
|
||||
- isSubset:
|
||||
path: metadata.labels
|
||||
content:
|
||||
foo: bar
|
||||
bar: foo
|
||||
|
||||
- it: Rendering custom configuration
|
||||
set:
|
||||
config.downloadMode.enabled: true
|
||||
config.downloadMode.configMap.content: |
|
||||
downloadURL = "https://proxy.golang.org"
|
||||
mode = "async_redirect"
|
||||
|
||||
asserts:
|
||||
- equal:
|
||||
path: data.downloadMode
|
||||
value: |
|
||||
downloadURL = "https://proxy.golang.org"
|
||||
mode = "async_redirect"
|
93
unittests/configMaps/gitConfig.yaml
Normal file
93
unittests/configMaps/gitConfig.yaml
Normal file
@@ -0,0 +1,93 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: ConfigMap gitConfig
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/configMapGitConfig.yaml
|
||||
tests:
|
||||
- it: Skip rending by default.
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Skip rending by using existing config map.
|
||||
set:
|
||||
config.gitConfig.enabled: true
|
||||
config.gitConfig.existingConfigMap.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Rendering by default.
|
||||
set:
|
||||
config.gitConfig.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
name: athens-proxy-unittest-gitconfig
|
||||
namespace: testing
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
- equal:
|
||||
path: data[".gitconfig"]
|
||||
value: |
|
||||
# The .gitconfig file
|
||||
#
|
||||
# The .gitconfig file contains the user specific git configuration. It generally resides in the user's home
|
||||
# directory.
|
||||
#
|
||||
# [url "git@github.com:"] insteadOf = https://github.com/
|
||||
|
||||
- it: Rendering custom annotations and labels.
|
||||
set:
|
||||
config.gitConfig.enabled: true
|
||||
config.gitConfig.configMap.annotations:
|
||||
foo: bar
|
||||
bar: foo
|
||||
config.gitConfig.configMap.labels:
|
||||
foo: bar
|
||||
bar: foo
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
foo: bar
|
||||
bar: foo
|
||||
- isSubset:
|
||||
path: metadata.labels
|
||||
content:
|
||||
foo: bar
|
||||
bar: foo
|
||||
|
||||
- it: Rendering custom configuration
|
||||
set:
|
||||
config.gitConfig.enabled: true
|
||||
config.gitConfig.configMap.content: |
|
||||
[url "git@github.com:"]
|
||||
insteadOf = https://github.com/
|
||||
|
||||
[url "git@git.cryptic.systems:"]
|
||||
insteadOf = https://git.cryptic.systems/
|
||||
asserts:
|
||||
- equal:
|
||||
path: data[".gitconfig"]
|
||||
value: |
|
||||
[url "git@github.com:"]
|
||||
insteadOf = https://github.com/
|
||||
|
||||
[url "git@git.cryptic.systems:"]
|
||||
insteadOf = https://git.cryptic.systems/
|
73
unittests/deployment/certificate.yaml
Normal file
73
unittests/deployment/certificate.yaml
Normal file
@@ -0,0 +1,73 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Deployment template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/configMapDownloadMode.yaml
|
||||
- templates/configMapGitConfig.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/secretNetRC.yaml
|
||||
- templates/secretSSH.yaml
|
||||
tests:
|
||||
- it: Rendering default without tls config
|
||||
asserts:
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: ATHENS_TLSCERT_FILE
|
||||
value: /etc/athens-proxy/tls/tls.crt
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: ATHENS_TLSKEY_FILE
|
||||
value: /etc/athens-proxy/tls/tls.key
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: tls
|
||||
mountPath: /etc/athens-proxy/tls
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: tls
|
||||
secretRef:
|
||||
name: athens-proxy-unittest-tls
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering with tls config
|
||||
set:
|
||||
certificate.enabled: true
|
||||
certificate.new.issuerRef.kind: ClusterIssuer
|
||||
certificate.new.issuerRef.name: MyIssuer
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: ATHENS_TLSCERT_FILE
|
||||
value: /etc/athens-proxy/tls/tls.crt
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: ATHENS_TLSKEY_FILE
|
||||
value: /etc/athens-proxy/tls/tls.key
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: tls
|
||||
mountPath: /etc/athens-proxy/tls
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: tls
|
||||
secret:
|
||||
secretName: athens-proxy-unittest-tls
|
||||
template: templates/deployment.yaml
|
472
unittests/deployment/deployment.yaml
Normal file
472
unittests/deployment/deployment.yaml
Normal file
@@ -0,0 +1,472 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Deployment template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/deployment.yaml
|
||||
tests:
|
||||
- it: Rendering default
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
template: templates/deployment.yaml
|
||||
- containsDocument:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.replicas
|
||||
value: 1
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.affinity
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].args
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].command
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].envFrom
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: docker.io/gomods/athens:0.1.0
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].imagePullPolicy
|
||||
value: IfNotPresent
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].resources
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].securityContext
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.dnsConfig
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.dnsPolicy
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.hostname
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.hostNetwork
|
||||
value: false
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.imagePullSecrets
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.nodeSelector
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.priorityClassName
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.restartPolicy
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.subdomain
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.terminationGracePeriodSeconds
|
||||
value: 60
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.tolerations
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.topologySpreadConstraints
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.strategy
|
||||
value:
|
||||
type: "RollingUpdate"
|
||||
rollingUpdate:
|
||||
maxSurge: 1
|
||||
maxUnavailable: 1
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom replicas
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.replicas: 3
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.replicas
|
||||
value: 3
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom affinity
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: topology.kubernetes.io/zone
|
||||
operator: In
|
||||
values:
|
||||
- antarctica-east1
|
||||
- antarctica-west1
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.affinity
|
||||
value:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: topology.kubernetes.io/zone
|
||||
operator: In
|
||||
values:
|
||||
- antarctica-east1
|
||||
- antarctica-west1
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test additional arguments
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.athensProxy.args:
|
||||
- "--foo=bar"
|
||||
- "--bar=foo"
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].args
|
||||
value:
|
||||
- --foo=bar
|
||||
- --bar=foo
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test additional command
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.athensProxy.command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- "echo hello"
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].command
|
||||
value:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- "echo hello"
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom imageRegistry and imageRepository
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.athensProxy.image.registry: registry.example.local
|
||||
deployment.athensProxy.image.repository: path/special/athens-proxy
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: registry.example.local/path/special/athens-proxy:0.1.0
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom imagePullPolicy
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.athensProxy.image.pullPolicy: Always
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].imagePullPolicy
|
||||
value: Always
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom resource limits and requests
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.athensProxy.resources:
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 250MB
|
||||
requests:
|
||||
cpu: 25m
|
||||
memory: 100MB
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: GOMAXPROCS
|
||||
valueFrom:
|
||||
resourceFieldRef:
|
||||
divisor: "1"
|
||||
resource: limits.cpu
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].resources
|
||||
value:
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 250MB
|
||||
requests:
|
||||
cpu: 25m
|
||||
memory: 100MB
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom securityContext
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.athensProxy.securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].securityContext
|
||||
value:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test dnsConfig
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.dnsConfig:
|
||||
nameservers:
|
||||
- "8.8.8.8"
|
||||
- "8.8.4.4"
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.dnsConfig
|
||||
value:
|
||||
nameservers:
|
||||
- "8.8.8.8"
|
||||
- "8.8.4.4"
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test dnsPolicy
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.dnsPolicy: ClusterFirst
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.dnsPolicy
|
||||
value: ClusterFirst
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test hostNetwork, hostname, subdomain
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.hostNetwork: true
|
||||
deployment.hostname: pg-exporter
|
||||
deployment.subdomain: exporters.internal
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.hostNetwork
|
||||
value: true
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.hostname
|
||||
value: pg-exporter
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.subdomain
|
||||
value: exporters.internal
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test imagePullSecrets
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.imagePullSecrets:
|
||||
- name: my-pull-secret
|
||||
- name: my-special-secret
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.imagePullSecrets
|
||||
value:
|
||||
- name: my-pull-secret
|
||||
- name: my-special-secret
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test nodeSelector
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.nodeSelector:
|
||||
foo: bar
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.nodeSelector
|
||||
value:
|
||||
foo: bar
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test priorityClassName
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.priorityClassName: my-priority
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.priorityClassName
|
||||
value: my-priority
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test restartPolicy
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.restartPolicy: Always
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.restartPolicy
|
||||
value: Always
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test terminationGracePeriodSeconds
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.terminationGracePeriodSeconds: 120
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.terminationGracePeriodSeconds
|
||||
value: 120
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test tolerations
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.tolerations:
|
||||
- key: database/type
|
||||
operator: Equal
|
||||
value: postgres
|
||||
effect: NoSchedule
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.tolerations
|
||||
value:
|
||||
- key: database/type
|
||||
operator: Equal
|
||||
value: postgres
|
||||
effect: NoSchedule
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test topologySpreadConstraints
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.topologySpreadConstraints:
|
||||
- topologyKey: kubernetes.io/hostname
|
||||
whenUnsatisfiable: DoNotSchedule
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/instance: athens-proxy
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.topologySpreadConstraints
|
||||
value:
|
||||
- topologyKey: kubernetes.io/hostname
|
||||
whenUnsatisfiable: DoNotSchedule
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/instance: athens-proxy
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test additional volumeMounts and volumes
|
||||
set:
|
||||
# Ensure that the secrets and config maps are well configured.
|
||||
|
||||
# Normal test values
|
||||
deployment.athensProxy.volumeMounts:
|
||||
- name: data
|
||||
mountPath: /usr/lib/athens-proxy/data
|
||||
deployment.volumes:
|
||||
- name: data
|
||||
hostPath:
|
||||
path: /usr/lib/athens-proxy/data
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
value:
|
||||
- name: data
|
||||
mountPath: /usr/lib/athens-proxy/data
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.volumes
|
||||
value:
|
||||
- name: data
|
||||
hostPath:
|
||||
path: /usr/lib/athens-proxy/data
|
||||
template: templates/deployment.yaml
|
105
unittests/deployment/downloadMode.yaml
Normal file
105
unittests/deployment/downloadMode.yaml
Normal file
@@ -0,0 +1,105 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Deployment template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/configMapDownloadMode.yaml
|
||||
- templates/configMapGitConfig.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/secretNetRC.yaml
|
||||
- templates/secretSSH.yaml
|
||||
tests:
|
||||
- it: Rendering default without mounted download mode config map
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: ATHENS_DOWNLOAD_MODE
|
||||
value: file:/etc/athens/config/download-mode.d/download-mode
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: download-mode
|
||||
mountPath: /etc/athens/config/download-mode.d
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: download-mode
|
||||
configMap:
|
||||
name: athens-proxy-unittest-download-mode-file
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering default with mounted gitconfig configMap
|
||||
set:
|
||||
config.downloadMode.enabled: true
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- exists:
|
||||
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: ATHENS_DOWNLOAD_MODE
|
||||
value: file:/etc/athens/config/download-mode.d/download-mode
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: download-mode
|
||||
mountPath: /etc/athens/config/download-mode.d
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: download-mode
|
||||
configMap:
|
||||
items:
|
||||
- key: downloadMode
|
||||
mode: 0644
|
||||
path: download-mode
|
||||
name: athens-proxy-unittest-download-mode-file
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering with custom download mode configMap
|
||||
set:
|
||||
config.downloadMode.enabled: true
|
||||
config.downloadMode.existingConfigMap.enabled: true
|
||||
config.downloadMode.existingConfigMap.configMapName: "my-custom-configmap"
|
||||
config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key"
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: ATHENS_DOWNLOAD_MODE
|
||||
value: file:/etc/athens/config/download-mode.d/download-mode
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: download-mode
|
||||
mountPath: /etc/athens/config/download-mode.d
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: download-mode
|
||||
configMap:
|
||||
items:
|
||||
- key: "my-custom-download-mode-filename-key"
|
||||
path: "download-mode"
|
||||
mode: 0644
|
||||
name: my-custom-configmap
|
||||
template: templates/deployment.yaml
|
51
unittests/deployment/env.yaml
Normal file
51
unittests/deployment/env.yaml
Normal file
@@ -0,0 +1,51 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Deployment template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/deployment.yaml
|
||||
- templates/secretEnv.yaml
|
||||
tests:
|
||||
- it: Rendering default without mounted env secret
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].envFrom
|
||||
content:
|
||||
secretRef:
|
||||
name: athens-proxy-unittest-env
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering default with mounted env secret
|
||||
set:
|
||||
config.env.enabled: true
|
||||
asserts:
|
||||
- exists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].envFrom
|
||||
content:
|
||||
secretRef:
|
||||
name: athens-proxy-unittest-env
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering default with mounted env secret
|
||||
set:
|
||||
config.env.enabled: true
|
||||
config.env.existingSecret.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].envFrom
|
||||
content:
|
||||
secretRef:
|
||||
name: athens-proxy-unittest-env
|
||||
template: templates/deployment.yaml
|
100
unittests/deployment/gitConfig.yaml
Normal file
100
unittests/deployment/gitConfig.yaml
Normal file
@@ -0,0 +1,100 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Deployment template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/configMapDownloadMode.yaml
|
||||
- templates/configMapGitConfig.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/secretNetRC.yaml
|
||||
- templates/secretSSH.yaml
|
||||
tests:
|
||||
- it: Rendering default without mounted git config map
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.gitconfig
|
||||
subPath: .gitconfig
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: secrets
|
||||
projected:
|
||||
sources:
|
||||
- configMap:
|
||||
items:
|
||||
- key: .gitconfig
|
||||
path: .gitconfig
|
||||
mode: 0600
|
||||
name: athens-proxy-unittest-gitconfig
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering default with mounted gitconfig configMap
|
||||
set:
|
||||
config.gitConfig.enabled: true
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- exists:
|
||||
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.gitconfig
|
||||
subPath: .gitconfig
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: secrets
|
||||
projected:
|
||||
sources:
|
||||
- configMap:
|
||||
items:
|
||||
- key: .gitconfig
|
||||
path: .gitconfig
|
||||
mode: 0644
|
||||
name: athens-proxy-unittest-gitconfig
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering with custom gitconfig configMap
|
||||
set:
|
||||
config.gitConfig.enabled: true
|
||||
config.gitConfig.existingConfigMap.enabled: true
|
||||
config.gitConfig.existingConfigMap.configMapName: "my-custom-configmap"
|
||||
config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key"
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.gitconfig
|
||||
subPath: .gitconfig
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: secrets
|
||||
projected:
|
||||
sources:
|
||||
- configMap:
|
||||
items:
|
||||
- key: my-gitconfig-key
|
||||
path: .gitconfig
|
||||
mode: 0644
|
||||
name: my-custom-configmap
|
||||
template: templates/deployment.yaml
|
99
unittests/deployment/netrc.yaml
Normal file
99
unittests/deployment/netrc.yaml
Normal file
@@ -0,0 +1,99 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Deployment template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/configMapDownloadMode.yaml
|
||||
- templates/configMapGitConfig.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/secretNetRC.yaml
|
||||
- templates/secretSSH.yaml
|
||||
tests:
|
||||
- it: Rendering default without mounted netrc secret
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: netrc
|
||||
mountPath: /root
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: secrets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
items:
|
||||
- key: .netrc
|
||||
path: .netrc
|
||||
mode: 0600
|
||||
name: athens-proxy-unittest-netrc
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering default with mounted netrc secret
|
||||
set:
|
||||
config.netrc.enabled: true
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- exists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.netrc
|
||||
subPath: .netrc
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: secrets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
items:
|
||||
- key: .netrc
|
||||
path: .netrc
|
||||
mode: 0600
|
||||
name: athens-proxy-unittest-netrc
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering with custom netrc secret
|
||||
set:
|
||||
config.netrc.enabled: true
|
||||
config.netrc.existingSecret.enabled: true
|
||||
config.netrc.existingSecret.secretName: "my-custom-secret"
|
||||
config.netrc.existingSecret.netrcKey: "my-netrc-key"
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netc
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.netrc
|
||||
subPath: .netrc
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: secrets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
items:
|
||||
- key: my-netrc-key
|
||||
path: .netrc
|
||||
mode: 0600
|
||||
name: my-custom-secret
|
||||
template: templates/deployment.yaml
|
77
unittests/deployment/persistentVolumeClaim.yaml
Normal file
77
unittests/deployment/persistentVolumeClaim.yaml
Normal file
@@ -0,0 +1,77 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Deployment template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/configMapDownloadMode.yaml
|
||||
- templates/configMapGitConfig.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/secretNetRC.yaml
|
||||
- templates/secretSSH.yaml
|
||||
tests:
|
||||
- it: Test persistent volume claim
|
||||
set:
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: ATHENS_STORAGE_TYPE
|
||||
value: disk
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: ATHENS_DISK_STORAGE_ROOT
|
||||
value: /var/www/athens-proxy/data
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: data
|
||||
mountPath: /var/www/athens-proxy/data
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: athens-proxy-unittest-data
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test existing persistent volume claim
|
||||
set:
|
||||
config.netrc.enabled: true
|
||||
persistence.enabled: true
|
||||
persistence.data.mountPath: "/mnt/go-proxy/data"
|
||||
persistence.data.existingPersistentVolumeClaim.enabled: true
|
||||
persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName: "my-special-pvc"
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: ATHENS_STORAGE_TYPE
|
||||
value: disk
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: ATHENS_DISK_STORAGE_ROOT
|
||||
value: /mnt/go-proxy/data
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: data
|
||||
mountPath: /mnt/go-proxy/data
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: my-special-pvc
|
||||
template: templates/deployment.yaml
|
254
unittests/deployment/ssh.yaml
Normal file
254
unittests/deployment/ssh.yaml
Normal file
@@ -0,0 +1,254 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Deployment template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/configMapDownloadMode.yaml
|
||||
- templates/configMapGitConfig.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/secretNetRC.yaml
|
||||
- templates/secretSSH.yaml
|
||||
tests:
|
||||
- it: Rendering default without mounted ssh secret
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/config
|
||||
subPath: config
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_ed25519
|
||||
subPath: id_ed25519
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_ed25519.pub
|
||||
subPath: id_ed25519.pub
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_rsa
|
||||
subPath: id_rsa
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_rsa.pub
|
||||
subPath: id_rsa.pub
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: secrets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
items:
|
||||
- key: config
|
||||
path: config
|
||||
mode: 0644
|
||||
- key: id_ed25519
|
||||
path: id_ed25519
|
||||
mode: 0600
|
||||
- key: id_ed25519.pub
|
||||
path: id_ed25519.pub
|
||||
mode: 0644
|
||||
- key: id_rsa
|
||||
path: id_rsa
|
||||
mode: 0600
|
||||
- key: id_rsa.pub
|
||||
path: id_rsa.pub
|
||||
mode: 0644
|
||||
name: athens-proxy-unittest-ssh
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering default with mounted ssh config
|
||||
set:
|
||||
config.ssh.enabled: true
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/config
|
||||
subPath: config
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: secrets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
items:
|
||||
- key: config
|
||||
path: config
|
||||
mode: 0600
|
||||
name: athens-proxy-unittest-ssh
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering default with mounted ssh keys
|
||||
set:
|
||||
config.ssh.enabled: true
|
||||
config.ssh.secret.id_ed25519: foo
|
||||
config.ssh.secret.id_ed25519_pub: bar
|
||||
config.ssh.secret.id_rsa: foo
|
||||
config.ssh.secret.id_rsa_pub: bar
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- exists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/config
|
||||
subPath: config
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_ed25519
|
||||
subPath: id_ed25519
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_ed25519.pub
|
||||
subPath: id_ed25519.pub
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_rsa
|
||||
subPath: id_rsa
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_rsa.pub
|
||||
subPath: id_rsa.pub
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: secrets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
items:
|
||||
- key: config
|
||||
path: config
|
||||
mode: 0600
|
||||
- key: id_ed25519
|
||||
path: id_ed25519
|
||||
mode: 0600
|
||||
- key: id_ed25519.pub
|
||||
path: id_ed25519.pub
|
||||
mode: 0644
|
||||
- key: id_rsa
|
||||
path: id_rsa
|
||||
mode: 0600
|
||||
- key: id_rsa.pub
|
||||
path: id_rsa.pub
|
||||
mode: 0644
|
||||
name: athens-proxy-unittest-ssh
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering with custom ssh secret
|
||||
set:
|
||||
config.ssh.enabled: true
|
||||
config.ssh.existingSecret.enabled: true
|
||||
config.ssh.existingSecret.secretName: "my-custom-secret"
|
||||
config.ssh.existingSecret.configKey : "my-config-key"
|
||||
config.ssh.existingSecret.id_ed25519Key : "my-private-ed25519-key"
|
||||
config.ssh.existingSecret.id_ed25519PubKey : "my-public-ed25519-key"
|
||||
config.ssh.existingSecret.id_rsaKey : "my-private-rsa-key"
|
||||
config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key"
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/config
|
||||
subPath: config
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_ed25519
|
||||
subPath: id_ed25519
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_ed25519.pub
|
||||
subPath: id_ed25519.pub
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_rsa
|
||||
subPath: id_rsa
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_rsa.pub
|
||||
subPath: id_rsa.pub
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: secrets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
items:
|
||||
- key: my-config-key
|
||||
path: config
|
||||
mode: 0600
|
||||
- key: my-private-ed25519-key
|
||||
path: id_ed25519
|
||||
mode: 0600
|
||||
- key: my-public-ed25519-key
|
||||
path: id_ed25519.pub
|
||||
mode: 0644
|
||||
- key: my-private-rsa-key
|
||||
path: id_rsa
|
||||
mode: 0600
|
||||
- key: my-public-rsa-key
|
||||
path: id_rsa.pub
|
||||
mode: 0644
|
||||
name: my-custom-secret
|
||||
template: templates/deployment.yaml
|
116
unittests/hpa/default.yaml
Normal file
116
unittests/hpa/default.yaml
Normal file
@@ -0,0 +1,116 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: HPA template (basic)
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/hpa.yaml
|
||||
tests:
|
||||
- it: Skip rendering by default.
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Rendering when enabled - default
|
||||
set:
|
||||
hpa.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: autoscaling/v2
|
||||
kind: HorizontalPodAutoscaler
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
- contains:
|
||||
path: spec.metrics
|
||||
content:
|
||||
resource:
|
||||
name: cpu
|
||||
target:
|
||||
averageUtilization: 65
|
||||
type: Utilization
|
||||
type: Resource
|
||||
- equal:
|
||||
path: spec.maxReplicas
|
||||
value: 10
|
||||
- equal:
|
||||
path: spec.minReplicas
|
||||
value: 1
|
||||
- equal:
|
||||
path: spec.scaleTargetRef
|
||||
value:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: athens-proxy-unittest
|
||||
|
||||
- it: Rendering when enabled - custom values
|
||||
set:
|
||||
hpa.enabled: true
|
||||
hpa.annotations:
|
||||
foo: bar
|
||||
hpa.labels:
|
||||
bar: foo
|
||||
hpa.maxReplicas: 25
|
||||
hpa.minReplicas: 5
|
||||
hpa.metrics:
|
||||
- resource:
|
||||
name: memory
|
||||
target:
|
||||
averageUtilization: 65
|
||||
type: Utilization
|
||||
type: Resource
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: autoscaling/v2
|
||||
kind: HorizontalPodAutoscaler
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
- equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
foo: bar
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
bar: foo
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
- contains:
|
||||
path: spec.metrics
|
||||
content:
|
||||
resource:
|
||||
name: memory
|
||||
target:
|
||||
averageUtilization: 65
|
||||
type: Utilization
|
||||
type: Resource
|
||||
- equal:
|
||||
path: spec.maxReplicas
|
||||
value: 25
|
||||
- equal:
|
||||
path: spec.minReplicas
|
||||
value: 5
|
||||
- equal:
|
||||
path: spec.scaleTargetRef
|
||||
value:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: athens-proxy-unittest
|
139
unittests/ingress/ingress.yaml
Normal file
139
unittests/ingress/ingress.yaml
Normal file
@@ -0,0 +1,139 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Ingress template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/ingress.yaml
|
||||
tests:
|
||||
- it: Skip ingress by default.
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Skip ingress, when service is disabled.
|
||||
set:
|
||||
services.http.enabled: false
|
||||
ingress.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Render ingress with default values.
|
||||
set:
|
||||
ingress.enabled: true
|
||||
ingress.hosts:
|
||||
- host: athens-proxy.example.local
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
ingress.tls:
|
||||
- secretName: athens-proxy-http-tls
|
||||
hosts:
|
||||
- athens-proxy.example.local
|
||||
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
- equal:
|
||||
path: spec.ingressClassName
|
||||
value: nginx
|
||||
- contains:
|
||||
path: spec.rules
|
||||
content:
|
||||
host: athens-proxy.example.local
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: athens-proxy-unittest-http
|
||||
port:
|
||||
number: 3000
|
||||
- contains:
|
||||
path: spec.tls
|
||||
content:
|
||||
hosts:
|
||||
- athens-proxy.example.local
|
||||
secretName: athens-proxy-http-tls
|
||||
|
||||
- it: Render ingress with custom values.
|
||||
set:
|
||||
ingress.enabled: true
|
||||
ingress.annotations:
|
||||
foo: bar
|
||||
ingress.className: nginx
|
||||
ingress.labels:
|
||||
bar: foo
|
||||
ingress.hosts:
|
||||
- host: athens-proxy.example.local
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
ingress.tls:
|
||||
- secretName: athens-proxy-http-tls
|
||||
hosts:
|
||||
- athens-proxy.example.local
|
||||
services.http.port: 8080
|
||||
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
- equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
foo: bar
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
bar: foo
|
||||
- equal:
|
||||
path: spec.ingressClassName
|
||||
value: nginx
|
||||
- contains:
|
||||
path: spec.rules
|
||||
content:
|
||||
host: athens-proxy.example.local
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: athens-proxy-unittest-http
|
||||
port:
|
||||
number: 8080
|
||||
- contains:
|
||||
path: spec.tls
|
||||
content:
|
||||
hosts:
|
||||
- athens-proxy.example.local
|
||||
secretName: athens-proxy-http-tls
|
98
unittests/networkPolicy/networkPolicy.yaml
Normal file
98
unittests/networkPolicy/networkPolicy.yaml
Normal file
@@ -0,0 +1,98 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: NetworkPolicy template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/networkPolicy.yaml
|
||||
tests:
|
||||
- it: Skip rendering networkPolicy
|
||||
set:
|
||||
networkPolicy.enabled: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Render default networkPolicy
|
||||
set:
|
||||
networkPolicy.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
- equal:
|
||||
path: spec.podSelector.matchLabels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
- notExists:
|
||||
path: spec.policyTypes
|
||||
- notExists:
|
||||
path: spec.egress
|
||||
- notExists:
|
||||
path: spec.ingress
|
||||
|
||||
- it: Template networkPolicy with policyTypes, egress and ingress configuration
|
||||
set:
|
||||
networkPolicy.enabled: true
|
||||
networkPolicy.policyTypes:
|
||||
- Egress
|
||||
- Ingress
|
||||
networkPolicy.ingress:
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: monitoring
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: prometheus
|
||||
networkPolicy.egress:
|
||||
- to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: ingress-nginx
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.policyTypes
|
||||
value:
|
||||
- Egress
|
||||
- Ingress
|
||||
- equal:
|
||||
path: spec.egress
|
||||
value:
|
||||
- to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: ingress-nginx
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
- equal:
|
||||
path: spec.ingress
|
||||
value:
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: monitoring
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: prometheus
|
90
unittests/persistentVolumeClaim/persistentVolumeClaim.yaml
Normal file
90
unittests/persistentVolumeClaim/persistentVolumeClaim.yaml
Normal file
@@ -0,0 +1,90 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: PersistentVolumeClaim template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/persistentVolumeClaim.yaml
|
||||
tests:
|
||||
- it: Rendering default
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Rendering with enabled persistent storage
|
||||
set:
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
name: athens-proxy-unittest-data
|
||||
namespace: testing
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
- equal:
|
||||
path: spec.accessModes
|
||||
value:
|
||||
- ReadWriteMany
|
||||
- isSubset:
|
||||
path: spec.resources
|
||||
content:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
- notExists:
|
||||
path: spec.storageClassName
|
||||
|
||||
- it: Rendering with custom enabled persistent storage
|
||||
set:
|
||||
persistence.enabled: true
|
||||
persistence.data.persistentVolumeClaim.annotations:
|
||||
foo: bar
|
||||
persistence.data.persistentVolumeClaim.labels:
|
||||
bar: foo
|
||||
persistence.data.persistentVolumeClaim.storageClassName: my-storage-class
|
||||
persistence.data.persistentVolumeClaim.storageSize: 10Gi
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
name: athens-proxy-unittest-data
|
||||
namespace: testing
|
||||
- equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
foo: bar
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
bar: foo
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
- equal:
|
||||
path: spec.accessModes
|
||||
value:
|
||||
- ReadWriteMany
|
||||
- isSubset:
|
||||
path: spec.resources
|
||||
content:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
- equal:
|
||||
path: spec.storageClassName
|
||||
value: my-storage-class
|
77
unittests/secrets/env.yaml
Normal file
77
unittests/secrets/env.yaml
Normal file
@@ -0,0 +1,77 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Secret environment variables
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/secretEnv.yaml
|
||||
tests:
|
||||
- it: Skip rendering by default
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Skip rendering by using existing secret.
|
||||
set:
|
||||
config.env.enabled: true
|
||||
config.env.existingSecret.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Rendering env secret with default values.
|
||||
set:
|
||||
config.env.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
name: athens-proxy-unittest-env
|
||||
namespace: testing
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
- isNullOrEmpty:
|
||||
path: stringData
|
||||
|
||||
- it: Rendering env secret with custom values.
|
||||
set:
|
||||
config.env.enabled: true
|
||||
config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token
|
||||
asserts:
|
||||
- isSubset:
|
||||
path: stringData
|
||||
content:
|
||||
ATHENS_GITHUB_TOKEN: my-secret-token
|
||||
|
||||
- it: Rendering custom annotations and labels.
|
||||
set:
|
||||
config.env.enabled: true
|
||||
config.env.secret.annotations:
|
||||
foo: bar
|
||||
bar: foo
|
||||
config.env.secret.labels:
|
||||
foo: bar
|
||||
bar: foo
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
foo: bar
|
||||
bar: foo
|
||||
- isSubset:
|
||||
path: metadata.labels
|
||||
content:
|
||||
foo: bar
|
||||
bar: foo
|
93
unittests/secrets/netrc.yaml
Normal file
93
unittests/secrets/netrc.yaml
Normal file
@@ -0,0 +1,93 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Secret netrc template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/secretNetRC.yaml
|
||||
tests:
|
||||
- it: Skip rendering by default
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Skip rendering by using existing secret.
|
||||
set:
|
||||
config.netrc.enabled: true
|
||||
config.netrc.existingSecret.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Rendering netrc secret with default values.
|
||||
set:
|
||||
config.netrc.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
name: athens-proxy-unittest-netrc
|
||||
namespace: testing
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
- equal:
|
||||
path: stringData[".netrc"]
|
||||
value: |
|
||||
# The .netrc file
|
||||
#
|
||||
# The .netrc file contains login and initialization information used by the auto-login process. It generally
|
||||
# resides in the user's home directory, but a location outside of the home directory can be set using the
|
||||
# environment variable NETRC. Both locations are overridden by the command line option -N. The selected file
|
||||
# must be a regular file, or access will be denied.
|
||||
#
|
||||
# https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
|
||||
#
|
||||
# default login [name] password [password/token]
|
||||
# machine github.com [octocat] password [PAT]
|
||||
# machine api.github.com [octocat] password [PAT]
|
||||
|
||||
- it: Rendering netrc secret with custom values.
|
||||
set:
|
||||
config.netrc.enabled: true
|
||||
config.netrc.secret.content: |
|
||||
default github.com hugo password kinnock
|
||||
default api.github.com hugo password kinnock
|
||||
asserts:
|
||||
- equal:
|
||||
path: stringData[".netrc"]
|
||||
value: |
|
||||
default github.com hugo password kinnock
|
||||
default api.github.com hugo password kinnock
|
||||
|
||||
- it: Rendering custom annotations and labels.
|
||||
set:
|
||||
config.netrc.enabled: true
|
||||
config.netrc.secret.annotations:
|
||||
foo: bar
|
||||
bar: foo
|
||||
config.netrc.secret.labels:
|
||||
foo: bar
|
||||
bar: foo
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
foo: bar
|
||||
bar: foo
|
||||
- isSubset:
|
||||
path: metadata.labels
|
||||
content:
|
||||
foo: bar
|
||||
bar: foo
|
119
unittests/secrets/ssh.yaml
Normal file
119
unittests/secrets/ssh.yaml
Normal file
@@ -0,0 +1,119 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Secret ssh template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/secretSSH.yaml
|
||||
tests:
|
||||
- it: Skip rending by default.
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Skip rendering by using existing secret.
|
||||
set:
|
||||
config.ssh.enabled: true
|
||||
config.ssh.existingSecret.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Rendering ssh secret with default values.
|
||||
set:
|
||||
config.ssh.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
name: athens-proxy-unittest-ssh
|
||||
namespace: testing
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
- equal:
|
||||
path: stringData.config
|
||||
value: |
|
||||
# Host *
|
||||
# IdentityFile ~/.ssh/id_ed25519
|
||||
# IdentityFile ~/.ssh/id_rsa
|
||||
- notExists:
|
||||
path: stringData.id_ed25519
|
||||
- notExists:
|
||||
path: stringData["id_ed25519.pub"]
|
||||
- notExists:
|
||||
path: stringData.id_rsa
|
||||
- notExists:
|
||||
path: stringData["id_rsa.pub"]
|
||||
|
||||
- it: Rendering ssh secret with custom values.
|
||||
set:
|
||||
config.ssh.enabled: true
|
||||
config.ssh.secret.config: |
|
||||
Host *
|
||||
IdentityFile ~/.ssh/id_ed25519
|
||||
IdentityFile ~/.ssh/id_rsa
|
||||
config.ssh.secret.id_ed25519: |
|
||||
my-private-25519-key
|
||||
config.ssh.secret.id_ed25519_pub: |
|
||||
my-public-25519-key
|
||||
config.ssh.secret.id_rsa: |
|
||||
my-private-rsa-key
|
||||
config.ssh.secret.id_rsa_pub: |
|
||||
my-public-rsa-key
|
||||
|
||||
asserts:
|
||||
- equal:
|
||||
path: stringData.config
|
||||
value: |
|
||||
Host *
|
||||
IdentityFile ~/.ssh/id_ed25519
|
||||
IdentityFile ~/.ssh/id_rsa
|
||||
- equal:
|
||||
path: stringData.id_ed25519
|
||||
value: |
|
||||
my-private-25519-key
|
||||
- equal:
|
||||
path: stringData["id_ed25519.pub"]
|
||||
value: |
|
||||
my-public-25519-key
|
||||
- equal:
|
||||
path: stringData.id_rsa
|
||||
value: |
|
||||
my-private-rsa-key
|
||||
- equal:
|
||||
path: stringData["id_rsa.pub"]
|
||||
value: |
|
||||
my-public-rsa-key
|
||||
|
||||
- it: Rendering custom annotations and labels.
|
||||
set:
|
||||
config.ssh.enabled: true
|
||||
config.ssh.secret.annotations:
|
||||
foo: bar
|
||||
bar: foo
|
||||
config.ssh.secret.labels:
|
||||
foo: bar
|
||||
bar: foo
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
foo: bar
|
||||
bar: foo
|
||||
- isSubset:
|
||||
path: metadata.labels
|
||||
content:
|
||||
foo: bar
|
||||
bar: foo
|
79
unittests/serviceAccounts/serviceAccount.yaml
Normal file
79
unittests/serviceAccounts/serviceAccount.yaml
Normal file
@@ -0,0 +1,79 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: ServiceAccount athens-proxy template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/serviceAccount.yaml
|
||||
tests:
|
||||
- it: Skip rendering.
|
||||
set:
|
||||
serviceAccount.existing.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Rendering serviceAccount with default values.
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
- notExists:
|
||||
path: metadata.labels
|
||||
- equal:
|
||||
path: automountServiceAccountToken
|
||||
value: true
|
||||
- notExists:
|
||||
path: imagePullSecrets
|
||||
- notExists:
|
||||
path: secrets
|
||||
|
||||
|
||||
- it: Rendering serviceAccount with custom values.
|
||||
set:
|
||||
serviceAccount.new.annotations:
|
||||
foo: bar
|
||||
serviceAccount.new.labels:
|
||||
bar: foo
|
||||
serviceAccount.new.automountServiceAccountToken: false
|
||||
serviceAccount.new.imagePullSecrets:
|
||||
- name: "my-pull-secret"
|
||||
serviceAccount.new.secrets:
|
||||
- name: "my-secret"
|
||||
namespace: "my-namespace"
|
||||
fieldPath: "my-path"
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
foo: bar
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
bar: foo
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: athens-proxy-unittest
|
||||
- equal:
|
||||
path: automountServiceAccountToken
|
||||
value: false
|
||||
- equal:
|
||||
path: imagePullSecrets
|
||||
value:
|
||||
- name: "my-pull-secret"
|
||||
- equal:
|
||||
path: secrets
|
||||
value:
|
||||
- name: "my-secret"
|
||||
namespace: "my-namespace"
|
||||
fieldPath: "my-path"
|
174
unittests/services/http.yaml
Normal file
174
unittests/services/http.yaml
Normal file
@@ -0,0 +1,174 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Service http template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/serviceHTTP.yaml
|
||||
tests:
|
||||
- it: Skip service when disabled.
|
||||
set:
|
||||
services.http.enabled: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Rendering service with default values.
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
name: athens-proxy-unittest-http
|
||||
namespace: testing
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/service-name: http
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
- notExists:
|
||||
path: spec.externalIPs
|
||||
- notExists:
|
||||
path: spec.externalTrafficPolicy
|
||||
- equal:
|
||||
path: spec.internalTrafficPolicy
|
||||
value: Cluster
|
||||
- notExists:
|
||||
path: spec.ipFamilies
|
||||
- notExists:
|
||||
path: spec.loadBalancerClass
|
||||
- notExists:
|
||||
path: spec.loadBalancerIP
|
||||
- notExists:
|
||||
path: spec.loadBalancerSourceRanges
|
||||
- equal:
|
||||
path: spec.ports[0].name
|
||||
value: http
|
||||
- equal:
|
||||
path: spec.ports[0].protocol
|
||||
value: TCP
|
||||
- equal:
|
||||
path: spec.ports[0].port
|
||||
value: 3000
|
||||
- equal:
|
||||
path: spec.selector
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
- equal:
|
||||
path: spec.sessionAffinity
|
||||
value: None
|
||||
- notExists:
|
||||
path: spec.sessionAffinityConfig
|
||||
- equal:
|
||||
path: spec.type
|
||||
value: ClusterIP
|
||||
|
||||
- it: Require internalTrafficPolicy.
|
||||
set:
|
||||
services.http.internalTrafficPolicy: ""
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: No internal traffic policy defined!
|
||||
|
||||
- it: Require port.
|
||||
set:
|
||||
services.http.port: ""
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: No service port defined!
|
||||
|
||||
- it: Require sessionAffinity.
|
||||
set:
|
||||
services.http.sessionAffinity: ""
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: No session affinity defined!
|
||||
|
||||
- it: Require service type.
|
||||
set:
|
||||
services.http.type: ""
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: No service type defined!
|
||||
|
||||
- it: Render service with custom annotations and labels.
|
||||
set:
|
||||
services.http.annotations:
|
||||
foo: bar
|
||||
services.http.labels:
|
||||
bar: foo
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
foo: bar
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: athens-proxy-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/service-name: http
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
bar: foo
|
||||
|
||||
- it: Change defaults
|
||||
set:
|
||||
services.http.externalIPs:
|
||||
- "10.11.12.13/32"
|
||||
services.http.externalTrafficPolicy: Local
|
||||
services.http.internalTrafficPolicy: Local
|
||||
services.http.ipFamilies:
|
||||
- IPv4
|
||||
services.http.loadBalancerClass: aws
|
||||
services.http.loadBalancerIP: "11.12.13.14"
|
||||
services.http.loadBalancerSourceRanges:
|
||||
- "11.12.0.0/17"
|
||||
services.http.port: 10443
|
||||
services.http.sessionAffinity: ClientIP
|
||||
services.http.type: LoadBalancer
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.externalIPs
|
||||
value:
|
||||
- 10.11.12.13/32
|
||||
- equal:
|
||||
path: spec.externalTrafficPolicy
|
||||
value: Local
|
||||
- equal:
|
||||
path: spec.internalTrafficPolicy
|
||||
value: Local
|
||||
- equal:
|
||||
path: spec.ipFamilies
|
||||
value:
|
||||
- IPv4
|
||||
- equal:
|
||||
path: spec.loadBalancerClass
|
||||
value: aws
|
||||
- equal:
|
||||
path: spec.loadBalancerIP
|
||||
value: "11.12.13.14"
|
||||
- equal:
|
||||
path: spec.loadBalancerSourceRanges
|
||||
value:
|
||||
- "11.12.0.0/17"
|
||||
- equal:
|
||||
path: spec.ports[0].port
|
||||
value: 10443
|
||||
- equal:
|
||||
path: spec.sessionAffinity
|
||||
value: ClientIP
|
||||
- equal:
|
||||
path: spec.type
|
||||
value: LoadBalancer
|
706
values.yaml
706
values.yaml
@@ -1,36 +1,104 @@
|
||||
affinity: {}
|
||||
|
||||
image:
|
||||
repository: docker.io/gomods/athens
|
||||
pullPolicy: IfNotPresent
|
||||
# Overrides the image tag whose default is the chart appVersion.
|
||||
tag: ""
|
||||
|
||||
imagePullSecrets: []
|
||||
# Declare variables to be passed into your templates.
|
||||
## @section Global
|
||||
## @param nameOverride Individual release name suffix.
|
||||
## @param fullnameOverride Override the complete release name logic.
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
|
||||
podAnnotations: {}
|
||||
## @section Certificate
|
||||
certificate:
|
||||
## @param certificate.enabled Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added.
|
||||
enabled: false
|
||||
|
||||
podPriorityClassName: ""
|
||||
## @param certificate.existingSecret.enabled Use an existing secret of the type `kubernetes.io/tls`.
|
||||
## @param certificate.existingSecret.secretName Name of the secret containing the TLS certificate and private key.
|
||||
existingSecret:
|
||||
enabled: false
|
||||
secretName: ""
|
||||
|
||||
podSecurityContext: {}
|
||||
# fsGroup: 2000
|
||||
## @param certificate.new.annotations Additional certificate annotations.
|
||||
## @param certificate.new.labels Additional certificate labels.
|
||||
## @param certificate.new.duration Duration of the TLS certificate.
|
||||
## @param certificate.new.renewBefore Renew TLS certificate before expiring.
|
||||
## @param certificate.new.dnsNames Overwrites the default of the subject alternative DNS names.
|
||||
## @param certificate.new.ipAddresses Overwrites the default of the subject alternative IP addresses.
|
||||
## @param certificate.new.issuerRef.kind Issuer kind. Can be `Issuer` or `ClusterIssuer`.
|
||||
## @param certificate.new.issuerRef.name Name of the `Issuer` or `ClusterIssuer`.
|
||||
## @param certificate.new.privateKey.algorithm Algorithm of the private TLS key.
|
||||
## @param certificate.new.privateKey.rotationPolicy Rotation of the private TLS key.
|
||||
## @param certificate.new.privateKey.size Size of the private TLS key.
|
||||
## @param certificate.new.secretTemplate.annotations Additional annotation of the created secret.
|
||||
## @param certificate.new.secretTemplate.labels Additional labels of the created secret.
|
||||
## @param certificate.new.subject.countries List of countries.
|
||||
## @param certificate.new.subject.localities List of localities.
|
||||
## @param certificate.new.subject.organizationalUnits List of organizationalUnits.
|
||||
## @param certificate.new.subject.organizations List of organizations.
|
||||
## @param certificate.new.subject.postalCodes List of postalCodes.
|
||||
## @param certificate.new.subject.provinces List of provinces.
|
||||
## @param certificate.new.subject.serialNumber Serial number.
|
||||
## @param certificate.new.subject.streetAddresses List of streetAddresses.
|
||||
## @param certificate.new.usages Define the usage of the TLS key.
|
||||
new:
|
||||
annotations: {}
|
||||
labels: {}
|
||||
duration: "744h" # 31 days
|
||||
renewBefore: "672h" # 28 days
|
||||
dnsNames: []
|
||||
# The following DNS names are already part of the SAN's and serves only as example.
|
||||
# - "athens-proxy"
|
||||
# - "athens-proxy.svc"
|
||||
# - "athens-proxy.svc.namespace"
|
||||
# - "athens-proxy.svc.namespace.cluster.local"
|
||||
ipAddresses: []
|
||||
# The following IP addresses serves only as example.
|
||||
# - "10.92.1.10"
|
||||
# - "2001:0db8:85a3:08d3:1319:8a2e:0370:7344"
|
||||
issuerRef:
|
||||
kind: ""
|
||||
name: ""
|
||||
privateKey:
|
||||
algorithm: "RSA"
|
||||
rotationPolicy: "Never"
|
||||
size: 4096
|
||||
secretTemplate:
|
||||
annotations: {}
|
||||
labels: {}
|
||||
subject:
|
||||
countries: []
|
||||
localities: []
|
||||
organizationalUnits: []
|
||||
organizations: []
|
||||
postalCodes: []
|
||||
provinces: []
|
||||
serialNumber: ""
|
||||
streetAddresses: []
|
||||
usages:
|
||||
- "client auth"
|
||||
- "server auth"
|
||||
|
||||
securityContext: {}
|
||||
# capabilities:
|
||||
# drop:
|
||||
# - ALL
|
||||
# readOnlyRootFilesystem: true
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 1000
|
||||
## @section Configuration
|
||||
config:
|
||||
env:
|
||||
## @param config.env.enabled Enable mounting of the secret as environment variables.
|
||||
enabled: false
|
||||
|
||||
config: {}
|
||||
## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables.
|
||||
## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables.
|
||||
existingSecret:
|
||||
enabled: false
|
||||
secretName: ""
|
||||
|
||||
## @param config.env.secret.annotations Additional annotations of the secret containing the database credentials.
|
||||
## @param config.env.secret.labels Additional labels of the secret containing the database credentials.
|
||||
## @param config.env.secret.envs List of environment variables stored in a secret and mounted into the container.
|
||||
secret:
|
||||
annotations: {}
|
||||
labels: {}
|
||||
envs: {}
|
||||
# ATHENS_AZURE_ACCOUNT_KEY:
|
||||
# ATHENS_AZURE_ACCOUNT_NAME:
|
||||
# ATHENS_AZURE_CONTAINER_NAME:
|
||||
# ATHENS_CLOUD_RUNTIME:
|
||||
# ATHENS_DOWNLOAD_MODE:
|
||||
# ATHENS_DOWNLOAD_URL:
|
||||
# ATHENS_ETCD_ENDPOINTS:
|
||||
# ATHENS_EXTERNAL_STORAGE_URL:
|
||||
@@ -67,7 +135,6 @@ config: {}
|
||||
# ATHENS_MONGO_DEFAULT_DATABASE:
|
||||
# ATHENS_MONGO_INSECURE:
|
||||
# ATHENS_MONGO_STORAGE_URL:
|
||||
# ATHENS_NETRC_PATH:
|
||||
# ATHENS_PATH_PREFIX:
|
||||
# ATHENS_PORT:
|
||||
# ATHENS_PROTOCOL_WORKERS:
|
||||
@@ -80,11 +147,8 @@ config: {}
|
||||
# ATHENS_STATS_EXPORTER:
|
||||
# ATHENS_STORAGE_GCP_BUCKET:
|
||||
# ATHENS_STORAGE_GCP_JSON_KEY:
|
||||
# ATHENS_STORAGE_TYPE:
|
||||
# ATHENS_SUM_DBS:
|
||||
# ATHENS_TIMEOUT:
|
||||
# ATHENS_TLSCERT_FILE:
|
||||
# ATHENS_TLSKEY_FILE:
|
||||
# ATHENS_TRACE_EXPORTER_URL:
|
||||
# ATHENS_TRACE_EXPORTER:
|
||||
# AWS_ACCESS_KEY_ID:
|
||||
@@ -102,98 +166,530 @@ config: {}
|
||||
# MY_S3_BUCKET_NAME:
|
||||
# PROXY_FORCE_SSL:
|
||||
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
scheme: HTTP
|
||||
path: /healthz
|
||||
port: http
|
||||
downloadMode:
|
||||
## @param config.downloadMode.enabled Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined.
|
||||
enabled: false
|
||||
|
||||
replicaCount: 1
|
||||
## @param config.downloadMode.existingConfigMap.enabled Enable to use an external config map for mounting the download mode file.
|
||||
## @param config.downloadMode.existingConfigMap.configMapName The name of the existing config map which should be used to mount the download mode file.
|
||||
## @param config.downloadMode.existingConfigMap.downloadModeKey The name of the key inside the config map where the content of the download mode file is stored.
|
||||
existingConfigMap:
|
||||
enabled: false
|
||||
configMapName: ""
|
||||
downloadModeKey: "downloadMode"
|
||||
|
||||
serviceAccount:
|
||||
## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file.
|
||||
## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file.
|
||||
## @skip config.downloadMode.configMap.content The content of the download mode file.
|
||||
configMap:
|
||||
annotations: {}
|
||||
labels: {}
|
||||
content: |
|
||||
downloadURL = "https://proxy.golang.org"
|
||||
|
||||
service:
|
||||
mode = "async_redirect"
|
||||
|
||||
# download "github.com/gomods/*" {
|
||||
# mode = "sync"
|
||||
# }
|
||||
#
|
||||
# download "golang.org/x/*" {
|
||||
# mode = "none"
|
||||
# }
|
||||
#
|
||||
# download "github.com/pkg/*" {
|
||||
# mode = "redirect"
|
||||
# downloadURL = "https://proxy.golang.org"
|
||||
# }
|
||||
|
||||
gitConfig:
|
||||
## @param config.gitConfig.enabled Enable mounting of a .gitconfig file into the container file system.
|
||||
enabled: false
|
||||
|
||||
## @param config.gitConfig.existingConfigMap.enabled Enable to use an external config map for mounting the .gitconfig file.
|
||||
## @param config.gitConfig.existingConfigMap.configMapName The name of the existing config map which should be used to mount the .gitconfig file.
|
||||
## @param config.gitConfig.existingConfigMap.gitConfigKey The name of the key inside the config map where the content of the .gitconfig file is stored.
|
||||
existingConfigMap:
|
||||
enabled: false
|
||||
configMapName: ""
|
||||
gitConfigKey:
|
||||
|
||||
## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the .gitconfig file.
|
||||
## @param config.gitConfig.configMap.labels Additional labels of the config map containing the .gitconfig file.
|
||||
## @skip config.gitConfig.configMap.content The content of the .gitconfig file.
|
||||
configMap:
|
||||
annotations: {}
|
||||
# externalIPs: []
|
||||
# externalTrafficPolicy: "Cluster"
|
||||
# loadBalancerClass: ""
|
||||
# loadBalancerIP: ""
|
||||
# loadBalancerSourceRanges: []
|
||||
# internalTrafficPolicy: "Cluster"
|
||||
name: http
|
||||
targetPort: 3000
|
||||
type: ClusterIP
|
||||
port: 3000
|
||||
labels: {}
|
||||
content: |
|
||||
# The .gitconfig file
|
||||
#
|
||||
# The .gitconfig file contains the user specific git configuration. It generally resides in the user's home
|
||||
# directory.
|
||||
#
|
||||
# [url "git@github.com:"] insteadOf = https://github.com/
|
||||
|
||||
netrc:
|
||||
## @param config.netrc.enabled Enable mounting of a .netrc file into the container file system.
|
||||
enabled: false
|
||||
|
||||
## @param config.netrc.existingSecret.enabled Enable to use an external secret for mounting the .netrc file.
|
||||
## @param config.netrc.existingSecret.secretName The name of the existing secret which should be used to mount the .netrc file.
|
||||
## @param config.netrc.existingSecret.netrcKey The name of the key inside the secret where the content of the .netrc file is stored.
|
||||
existingSecret:
|
||||
enabled: false
|
||||
secretName: ""
|
||||
netrcKey: ".netrc"
|
||||
|
||||
## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials.
|
||||
## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials.
|
||||
## @skip config.netrc.secret.content The content of the .netrc file.
|
||||
secret:
|
||||
annotations: {}
|
||||
labels: {}
|
||||
content: |
|
||||
# The .netrc file
|
||||
#
|
||||
# The .netrc file contains login and initialization information used by the auto-login process. It generally
|
||||
# resides in the user's home directory, but a location outside of the home directory can be set using the
|
||||
# environment variable NETRC. Both locations are overridden by the command line option -N. The selected file
|
||||
# must be a regular file, or access will be denied.
|
||||
#
|
||||
# https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
|
||||
#
|
||||
# default login [name] password [password/token]
|
||||
# machine github.com [octocat] password [PAT]
|
||||
# machine api.github.com [octocat] password [PAT]
|
||||
|
||||
ssh:
|
||||
## @param config.ssh.enabled Enable mounting of a .netrc file into the container file system.
|
||||
enabled: false
|
||||
|
||||
## @param config.ssh.existingSecret.enabled Enable to use an external secret for mounting the public and private SSH key files.
|
||||
## @param config.ssh.existingSecret.secretName The name of the existing secret which should be used to mount the public and private SSH key files.
|
||||
## @param config.ssh.existingSecret.configKey The name of the key inside the secret where the content of the SSH client config file is stored.
|
||||
## @param config.ssh.existingSecret.id_ed25519Key The name of the key inside the secret where the content of the id_ed25519 key file is stored.
|
||||
## @param config.ssh.existingSecret.id_ed25519PubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.
|
||||
## @param config.ssh.existingSecret.id_rsaKey The name of the key inside the secret where the content of the id_rsa key file is stored.
|
||||
## @param config.ssh.existingSecret.id_rsaPubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.
|
||||
existingSecret:
|
||||
enabled: false
|
||||
secretName: ""
|
||||
configKey: "config"
|
||||
id_ed25519Key: "id_ed25519"
|
||||
id_ed25519PubKey: "id_ed25519.pub"
|
||||
id_rsaKey: "id_rsa"
|
||||
id_rsaPubKey: "id_rsa.pub"
|
||||
|
||||
## @param config.ssh.secret.annotations Additional annotations of the secret containing the public and private SSH key files.
|
||||
## @param config.ssh.secret.labels Additional labels of the secret containing the public and private SSH key files.
|
||||
## @skip config.ssh.secret.config The content of the SSH client config file.
|
||||
## @skip config.ssh.secret.id_ed25519 The content of the private SSH ed25519 key.
|
||||
## @skip config.ssh.secret.id_ed25519_pub The content of the public SSH ed25519 key.
|
||||
## @skip config.ssh.secret.id_rsa The content of the private SSH RSA key.
|
||||
## @skip config.ssh.secret.id_rsa_pub The content of the public SSH RSA key.
|
||||
secret:
|
||||
annotations: {}
|
||||
labels: {}
|
||||
config: |
|
||||
# Host *
|
||||
# IdentityFile ~/.ssh/id_ed25519
|
||||
# IdentityFile ~/.ssh/id_rsa
|
||||
id_ed25519: ""
|
||||
id_ed25519_pub: ""
|
||||
id_rsa: ""
|
||||
id_rsa_pub: ""
|
||||
|
||||
## @section Deployment
|
||||
deployment:
|
||||
## @param deployment.annotations Additional deployment annotations.
|
||||
## @param deployment.labels Additional deployment labels.
|
||||
annotations: {}
|
||||
labels: {}
|
||||
|
||||
## @param deployment.additionalContainers List of additional containers.
|
||||
additionalContainers: []
|
||||
# - command: [ "sh", "-c", "echo hello world" ]
|
||||
# image: "docker.io/library/busybox:latest"
|
||||
# name: side-car
|
||||
|
||||
## @param deployment.affinity Affinity for the athens-proxy deployment.
|
||||
affinity: {}
|
||||
# nodeAffinity:
|
||||
# requiredDuringSchedulingIgnoredDuringExecution:
|
||||
# nodeSelectorTerms:
|
||||
# - matchExpressions:
|
||||
# - key: kubernetes.io/os
|
||||
# operator: In
|
||||
# values:
|
||||
# - linux
|
||||
# preferredDuringSchedulingIgnoredDuringExecution:
|
||||
# - weight: 20
|
||||
# preference:
|
||||
# matchExpressions:
|
||||
# - key: kubernetes.io/arch
|
||||
# operator: In
|
||||
# values:
|
||||
# - amd64
|
||||
|
||||
## @param deployment.initContainers List of additional init containers.
|
||||
initContainers: []
|
||||
# - command: [ "sh", "-c", "echo hello world" ]
|
||||
# image: "docker.io/library/busybox:latest"
|
||||
# name: init
|
||||
|
||||
## @param deployment.dnsConfig dnsConfig of the athens-proxy deployment.
|
||||
dnsConfig: {}
|
||||
# nameservers:
|
||||
# - 192.0.2.1 # this is an example
|
||||
# searches:
|
||||
# - ns1.svc.cluster-domain.example
|
||||
# - my.dns.search.suffix
|
||||
# options:
|
||||
# - name: ndots
|
||||
# value: "2"
|
||||
# - name: edns0
|
||||
|
||||
## @param deployment.dnsPolicy dnsPolicy of the athens-proxy deployment.
|
||||
dnsPolicy: ""
|
||||
|
||||
## @param deployment.hostname Individual hostname of the pod.
|
||||
## @param deployment.subdomain Individual domain of the pod.
|
||||
hostname: ""
|
||||
subdomain: ""
|
||||
|
||||
## @param deployment.hostNetwork Use the kernel network namespace of the host system.
|
||||
hostNetwork: false
|
||||
|
||||
## @param deployment.imagePullSecrets Secret to use for pulling the image.
|
||||
imagePullSecrets: []
|
||||
# - name: "my-custom-secret"
|
||||
|
||||
athensProxy:
|
||||
## @param deployment.athensProxy.args Arguments passed to the athens-proxy container.
|
||||
args: []
|
||||
|
||||
## @param deployment.athensProxy.command Command passed to the athens-proxy container.
|
||||
command: []
|
||||
|
||||
## @param deployment.athensProxy.env List of environment variables for the athens-proxy container.
|
||||
env: []
|
||||
# - name: SPECIAL_ENV_A
|
||||
# value: special-key
|
||||
# - name: SPECIAL_ENV
|
||||
# valueFrom:
|
||||
# configMapKeyRef:
|
||||
# name: special-config
|
||||
# key: special-key
|
||||
# - name: SPECIAL_ENV
|
||||
# valueFrom:
|
||||
# secretKeyRef:
|
||||
# name: special-secret
|
||||
# key: special-key
|
||||
|
||||
## @param deployment.athensProxy.envFrom List of environment variables mounted from configMaps or secrets for the athens-proxy container.
|
||||
envFrom: []
|
||||
# - configMapRef:
|
||||
# name: special-config
|
||||
# - secretRef:
|
||||
# name: special-secret
|
||||
|
||||
## @param deployment.athensProxy.image.registry Image registry, eg. `docker.io`.
|
||||
## @param deployment.athensProxy.image.repository Image repository, eg. `library/busybox`.
|
||||
## @param deployment.athensProxy.image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`.
|
||||
## @param deployment.athensProxy.image.pullPolicy Image pull policy.
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: gomods/athens
|
||||
tag: ""
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
## @param deployment.athensProxy.resources CPU and memory resources of the pod.
|
||||
resources: {}
|
||||
# limits:
|
||||
# cpu:
|
||||
# ephemeral-storage:
|
||||
# memory:
|
||||
# requests:
|
||||
# cpu:
|
||||
# ephemeral-storage:
|
||||
# memory:
|
||||
|
||||
## @param deployment.athensProxy.securityContext Security context of the container of the deployment.
|
||||
securityContext: {}
|
||||
# capabilities:
|
||||
# add:
|
||||
# - NET_RAW
|
||||
# drop:
|
||||
# - ALL
|
||||
# privileged: false
|
||||
# readOnlyRootFilesystem: true
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 1000
|
||||
|
||||
## @param deployment.athensProxy.volumeMounts Additional volume mounts.
|
||||
volumeMounts: []
|
||||
# - name: my-configmap-volume
|
||||
# mountPath: /configmap
|
||||
# readOnly: true
|
||||
|
||||
## @param deployment.nodeSelector NodeSelector of the athens-proxy deployment.
|
||||
nodeSelector: {}
|
||||
|
||||
## @param deployment.priorityClassName PriorityClassName of the athens-proxy deployment.
|
||||
priorityClassName: ""
|
||||
|
||||
## @param deployment.replicas Number of replicas for the athens-proxy deployment.
|
||||
replicas: 1
|
||||
|
||||
## @param deployment.restartPolicy Restart policy of the athens-proxy deployment.
|
||||
restartPolicy: ""
|
||||
|
||||
## @param deployment.securityContext Security context of the athens-proxy deployment.
|
||||
securityContext: {}
|
||||
# fsGroup: 2000
|
||||
|
||||
## @param deployment.strategy.type Strategy type - `Recreate` or `RollingUpdate`.
|
||||
## @param deployment.strategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update.
|
||||
## @param deployment.strategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update.
|
||||
strategy:
|
||||
type: "RollingUpdate"
|
||||
rollingUpdate:
|
||||
maxSurge: 1
|
||||
maxUnavailable: 1
|
||||
|
||||
## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod.
|
||||
terminationGracePeriodSeconds: 60
|
||||
|
||||
## @param deployment.tolerations Tolerations of the athens-proxy deployment.
|
||||
tolerations: []
|
||||
# - key: database/type
|
||||
# operator: Equal
|
||||
# value: postgres
|
||||
# effect: NoSchedule
|
||||
|
||||
## @param deployment.topologySpreadConstraints TopologySpreadConstraints of the athens-proxy deployment.
|
||||
topologySpreadConstraints: []
|
||||
# - topologyKey: kubernetes.io/hostname
|
||||
# whenUnsatisfiable: DoNotSchedule
|
||||
# labelSelector:
|
||||
# matchLabels:
|
||||
# app.kubernetes.io/instance: athens-proxy
|
||||
|
||||
## @param deployment.volumes Additional volumes to mount into the pods of the athens-proxy deployment.
|
||||
volumes: []
|
||||
# - name: my-configmap-volume
|
||||
# config:
|
||||
# name: my-configmap
|
||||
# - name: my-secret-volume
|
||||
# secret:
|
||||
# secretName: my-secret
|
||||
|
||||
## @section Horizontal Pod Autoscaler (HPA)
|
||||
# In order for the HPA to function successfully, a metric server is required, especially for resource consumption. The
|
||||
# metric server enables the CPU and memory utilisation to be recorded. If such a metric server is not available, the HPA
|
||||
# cannot scale pods based on CPU or memory utilisation. Further information be be found here:
|
||||
# https://github.com/kubernetes-sigs/metrics-server#deployment
|
||||
hpa:
|
||||
## @param hpa.enabled Enable the horizontal pod autoscaler (HPA).
|
||||
## @param hpa.annotations Additional annotations for the HPA.
|
||||
## @param hpa.labels Additional labels for the HPA.
|
||||
## @param hpa.metrics Metrics contains the specifications for which to use to calculate the desired replica count.
|
||||
## @skip hpa.metrics Skip individual HPA metric configurations.
|
||||
## @param hpa.minReplicas Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down.
|
||||
## @param hpa.maxReplicas Upper limit for the number of pods that can be set by the autoscaler.
|
||||
enabled: false
|
||||
annotations: {}
|
||||
labels: {}
|
||||
metrics:
|
||||
- resource:
|
||||
name: cpu
|
||||
target:
|
||||
averageUtilization: 65
|
||||
type: Utilization
|
||||
type: Resource
|
||||
# - resource:
|
||||
# name: memory
|
||||
# target:
|
||||
# averageUtilization: 65
|
||||
# type: Utilization
|
||||
minReplicas: 1
|
||||
maxReplicas: 10
|
||||
|
||||
## @section Ingress
|
||||
ingress:
|
||||
## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled.
|
||||
## @param ingress.className Ingress class.
|
||||
## @param ingress.annotations Additional ingress annotations.
|
||||
## @param ingress.labels Additional ingress labels.
|
||||
enabled: false
|
||||
className: "nginx"
|
||||
annotations: {}
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
# cert-manager.io/issuer:
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
hosts:
|
||||
- host: "your-hostname"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
tls:
|
||||
- secretName: "your-tls-secret"
|
||||
hosts:
|
||||
- "your-hostname"
|
||||
labels: {}
|
||||
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
scheme: HTTP
|
||||
path: /healthz
|
||||
port: http
|
||||
## @param ingress.hosts Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k.
|
||||
## @skip ingress.hosts Skip individual host configuration.
|
||||
hosts: []
|
||||
# - host: athens-proxy.example.local
|
||||
# paths:
|
||||
# - path: /
|
||||
# pathType: Prefix
|
||||
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
# requests:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
## @param ingress.tls Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``.
|
||||
## @skip ingress.tls Skip individual TLS configuration.
|
||||
tls: []
|
||||
# - secretName: athens-proxy-http-tls
|
||||
# hosts:
|
||||
# - athens-proxy.example.local
|
||||
|
||||
nodeSelector:
|
||||
kubernetes.io/arch: amd64
|
||||
## @section Persistence
|
||||
persistence:
|
||||
## @param persistence.enabled Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined.
|
||||
enabled: false
|
||||
|
||||
tolerations: []
|
||||
data:
|
||||
## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`.
|
||||
mountPath: "/var/www/athens-proxy/data"
|
||||
|
||||
# extra volumes for the pod
|
||||
extraVolumes: {}
|
||||
# The following example mount the same secret, which contains tls certificates
|
||||
# under different names. Each volume mount contains only selected items of the
|
||||
# secret. This make it easier to place the items on different locations inside the
|
||||
# container filesystem via extraVolumeMounts.
|
||||
# - name: custom-ca-anchor
|
||||
# secret:
|
||||
# secretName: athens-proxy-custom-tls-certificates
|
||||
# items:
|
||||
# - key: ca.crt
|
||||
# path: ca.crt
|
||||
# mode: 0444
|
||||
# - name: custom-tls-certificates
|
||||
# secret:
|
||||
# secretName: athens-proxy-custom-tls-certificates
|
||||
# items:
|
||||
# - key: tls.key
|
||||
# path: tls.key
|
||||
# mode: 0400
|
||||
# - key: tls.crt
|
||||
# path: tls.crt
|
||||
# mode: 0444
|
||||
## @param persistence.data.existingPersistentVolumeClaim.enabled Use an existing persistent volume claim.
|
||||
## @param persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName The name of the existing persistent volume claim.
|
||||
existingPersistentVolumeClaim:
|
||||
enabled: false
|
||||
persistentVolumeClaimName: ""
|
||||
|
||||
extraVolumeMounts: {}
|
||||
# The following example follows the example of extraVolumes and mounts the
|
||||
# volumes to the corresponding paths in the container filesystem.
|
||||
# - name: custom-ca-anchor
|
||||
# mountPath: /usr/local/share/ca-certificates
|
||||
# - name: custom-tls-certificates
|
||||
# mountPath: /etc/athens-proxy/tls
|
||||
## @param persistence.data.persistentVolumeClaim.annotations Additional persistent volume claim annotations.
|
||||
## @param persistence.data.persistentVolumeClaim.labels Additional persistent volume claim labels.
|
||||
## @param persistence.data.persistentVolumeClaim.accessModes Access modes of the persistent volume claim.
|
||||
## @param persistence.data.persistentVolumeClaim.storageClassName Storage class of the persistent volume claim.
|
||||
## @param persistence.data.persistentVolumeClaim.storageSize Size of the persistent volume claim.
|
||||
persistentVolumeClaim:
|
||||
annotations: {}
|
||||
labels: {}
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: ""
|
||||
storageSize: "5Gi"
|
||||
|
||||
## @section Network
|
||||
## @param clusterDomain Domain of the Cluster. Domain is part of internally issued certificates.
|
||||
clusterDomain: "cluster.local"
|
||||
|
||||
## @section Network Policy
|
||||
networkPolicy:
|
||||
## @param networkPolicy.enabled Enable network policies in general.
|
||||
## @param networkPolicy.annotations Additional network policy annotations.
|
||||
## @param networkPolicy.labels Additional network policy labels.
|
||||
## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
|
||||
## @param networkPolicy.egress Concrete egress network policy implementation.
|
||||
## @skip networkPolicy.egress Skip individual egress configuration.
|
||||
## @param networkPolicy.ingress Concrete ingress network policy implementation.
|
||||
## @skip networkPolicy.ingress Skip individual ingress configuration.
|
||||
enabled: false
|
||||
annotations: {}
|
||||
labels: {}
|
||||
policyTypes: []
|
||||
# - Egress
|
||||
# - Ingress
|
||||
egress: []
|
||||
# Allow outgoing HTTPS traffic to external go module servers
|
||||
#
|
||||
# - ports:
|
||||
# - port: 443
|
||||
# protocol: TCP
|
||||
|
||||
# Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
|
||||
#
|
||||
# - to:
|
||||
# - namespaceSelector:
|
||||
# matchLabels:
|
||||
# kubernetes.io/metadata.name: kube-system
|
||||
# podSelector:
|
||||
# matchLabels:
|
||||
# k8s-app: kube-dns
|
||||
# ports:
|
||||
# - port: 53
|
||||
# protocol: TCP
|
||||
# - port: 53
|
||||
# protocol: UDP
|
||||
|
||||
ingress: []
|
||||
# Allow incoming HTTP traffic from prometheus.
|
||||
#
|
||||
# - from:
|
||||
# - namespaceSelector:
|
||||
# matchLabels:
|
||||
# kubernetes.io/metadata.name: monitoring
|
||||
# podSelector:
|
||||
# matchLabels:
|
||||
# app.kubernetes.io/name: prometheus
|
||||
# ports:
|
||||
# - port: http
|
||||
# protocol: TCP
|
||||
|
||||
# Allow incoming HTTP traffic from ingress-nginx.
|
||||
#
|
||||
# - from:
|
||||
# - namespaceSelector:
|
||||
# matchLabels:
|
||||
# kubernetes.io/metadata.name: ingress-nginx
|
||||
# podSelector:
|
||||
# matchLabels:
|
||||
# app.kubernetes.io/name: ingress-nginx
|
||||
# ports:
|
||||
# - port: http
|
||||
# protocol: TCP
|
||||
|
||||
## @section Service
|
||||
## @param services.http.enabled Enable the service.
|
||||
## @param services.http.annotations Additional service annotations.
|
||||
## @param services.http.externalIPs External IPs for the service.
|
||||
## @param services.http.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation.
|
||||
## @param services.http.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic.
|
||||
## @param services.http.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization.
|
||||
## @param services.http.labels Additional service labels.
|
||||
## @param services.http.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`.
|
||||
## @param services.http.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.
|
||||
## @param services.http.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.
|
||||
## @param services.http.port Port to forward the traffic to.
|
||||
## @param services.http.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.
|
||||
## @param services.http.sessionAffinityConfig Contains the configuration of the session affinity.
|
||||
## @param services.http.type Kubernetes service type for the traffic.
|
||||
services:
|
||||
http:
|
||||
enabled: true
|
||||
annotations: {}
|
||||
externalIPs: []
|
||||
externalTrafficPolicy: "Cluster"
|
||||
internalTrafficPolicy: "Cluster"
|
||||
ipFamilies: []
|
||||
labels: {}
|
||||
loadBalancerClass: ""
|
||||
loadBalancerIP: ""
|
||||
loadBalancerSourceRanges: []
|
||||
port: 3000
|
||||
sessionAffinity: "None"
|
||||
sessionAffinityConfig: {}
|
||||
type: "ClusterIP"
|
||||
|
||||
## @section ServiceAccount
|
||||
serviceAccount:
|
||||
## @param serviceAccount.existing.enabled Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations.
|
||||
## @param serviceAccount.existing.serviceAccountName Name of the existing service account.
|
||||
existing:
|
||||
enabled: false
|
||||
serviceAccountName: ""
|
||||
|
||||
## @param serviceAccount.new.annotations Additional service account annotations.
|
||||
## @param serviceAccount.new.labels Additional service account labels.
|
||||
## @param serviceAccount.new.automountServiceAccountToken Enable/disable auto mounting of the service account token.
|
||||
## @param serviceAccount.new.imagePullSecrets ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount.
|
||||
## @param serviceAccount.new.secrets Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.
|
||||
new:
|
||||
annotations: {}
|
||||
labels: {}
|
||||
automountServiceAccountToken: true
|
||||
imagePullSecrets: []
|
||||
# - name: "my-image-pull-secret"
|
||||
secrets: []
|
||||
# - name: "my-secret"
|
||||
# namespace: "my-namespace"
|
||||
# fieldPath: "my-field"
|
||||
|
Reference in New Issue
Block a user