66 Commits

Author SHA1 Message Date
5f78a0f071 fix(config): support the download mode file
Some checks failed
Helm / helm-lint (push) Successful in 8s
Helm / helm-unittest (push) Successful in 13s
Generate README / generate-parameters (push) Successful in 29s
Markdown linter / markdown-link-checker (push) Failing after 21s
Markdown linter / markdown-lint (push) Failing after 27s
2025-10-12 16:33:21 +02:00
c157c8c210 fix(config): support ssh 2025-10-12 16:33:21 +02:00
5b9fa88dd6 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.10.0' (#98) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
2025-10-12 13:04:19 +00:00
458037db70 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.10.0' (#97) from renovate/actions into master
Some checks failed
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Has been cancelled
2025-10-12 13:03:44 +00:00
b1bb94f0bd Merge pull request 'chore(deps): update dependency markdown-link-check to v3.14.0' (#99) from renovate/markdown-link-check-3.x-lockfile into master
Some checks failed
Helm / helm-lint (push) Has been cancelled
Helm / helm-unittest (push) Has been cancelled
2025-10-12 13:02:48 +00:00
62a92fdabb chore(deps): update docker.io/library/node docker tag to v24.10.0
Some checks failed
Generate README / generate-parameters (push) Failing after 9s
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (push) Successful in 15s
Generate README / generate-parameters (pull_request) Failing after 16s
Helm / helm-unittest (pull_request) Successful in 7s
Helm / helm-lint (pull_request) Successful in 16s
2025-10-12 13:02:25 +00:00
a01b0143c0 chore(deps): update docker.io/library/node docker tag to v24.10.0
Some checks failed
Generate README / generate-parameters (push) Failing after 21s
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (push) Successful in 16s
Generate README / generate-parameters (pull_request) Failing after 9s
Helm / helm-unittest (pull_request) Successful in 6s
Helm / helm-lint (pull_request) Successful in 15s
2025-10-12 13:02:13 +00:00
953fd85f53 chore(deps): update dependency markdown-link-check to v3.14.1
Some checks failed
Generate README / generate-parameters (push) Failing after 10s
Helm / helm-lint (push) Successful in 14s
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (pull_request) Successful in 6s
Helm / helm-unittest (pull_request) Successful in 9s
Generate README / generate-parameters (pull_request) Failing after 40s
2025-10-12 13:02:04 +00:00
bf721d8af1 fix(config): support gitconfig
Some checks failed
Helm / helm-lint (push) Successful in 18s
Generate README / generate-parameters (push) Failing after 21s
Helm / helm-unittest (push) Successful in 15s
2025-10-12 13:00:34 +02:00
60fdfd90e1 test(configMap): gitConfig
All checks were successful
Helm / helm-lint (push) Successful in 8s
Helm / helm-unittest (push) Successful in 6s
2025-10-12 12:25:24 +02:00
71164d60ae docs(README): describe .gitconfig properties
Some checks failed
Helm / helm-lint (push) Successful in 11s
Helm / helm-unittest (push) Failing after 6s
Generate README / generate-parameters (push) Failing after 30s
2025-10-03 16:29:29 +02:00
a00d40b792 fix(config): support netrc 2025-10-03 16:29:29 +02:00
d02f63be7a fix: improve chart 2025-10-03 16:29:27 +02:00
744938f8f4 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.9.0' (#96) from renovate/container-images into master
All checks were successful
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (push) Successful in 13s
2025-09-26 22:02:28 +00:00
e3185b2482 chore(deps): update docker.io/library/node docker tag to v24.9.0
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-lint (pull_request) Successful in 5s
Helm / helm-unittest (pull_request) Successful in 6s
Helm / helm-unittest (push) Successful in 14s
2025-09-26 22:01:55 +00:00
e2fab050d3 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.9.0' (#95) from renovate/actions into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 15s
2025-09-26 19:03:42 +00:00
83336c7f87 chore(deps): update docker.io/library/node docker tag to v24.9.0
All checks were successful
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (push) Successful in 13s
Helm / helm-lint (pull_request) Successful in 5s
Helm / helm-unittest (pull_request) Successful in 15s
2025-09-26 19:02:59 +00:00
1e2a31edaa Merge pull request 'chore(deps): update volkerraschek/helm docker tag to v3.19.0' (#94) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 5s
Helm / helm-unittest (push) Successful in 6s
2025-09-21 13:02:37 +00:00
0b39de958a Merge pull request 'chore(deps): update docker.io/volkerraschek/helm docker tag to v3.19.0' (#93) from renovate/actions into master
Some checks failed
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (push) Has been cancelled
2025-09-21 13:02:14 +00:00
a0abe49b23 chore(deps): update volkerraschek/helm docker tag to v3.19.0
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-lint (pull_request) Successful in 7s
Helm / helm-unittest (push) Successful in 15s
Helm / helm-unittest (pull_request) Successful in 6s
2025-09-21 13:01:47 +00:00
cc46ad7af1 chore(deps): update docker.io/volkerraschek/helm docker tag to v3.19.0
All checks were successful
Helm / helm-lint (push) Successful in 10s
Helm / helm-lint (pull_request) Successful in 7s
Helm / helm-unittest (pull_request) Successful in 6s
Helm / helm-unittest (push) Successful in 28s
2025-09-21 13:01:36 +00:00
cd9a843a96 Merge pull request 'chore(deps): update actions/checkout action to v5' (#92) from renovate/actions-checkout-5.x into master
All checks were successful
Helm / helm-lint (push) Successful in 14s
Helm / helm-unittest (push) Successful in 15s
2025-09-19 20:10:42 +00:00
6b0d2ff350 chore(deps): update actions/checkout action to v5
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (pull_request) Successful in 5s
Helm / helm-unittest (pull_request) Successful in 6s
2025-09-18 16:50:20 +00:00
ccd7c9a1cd Merge pull request 'chore(deps): update gomods/athens docker tag to v0.16.1' (#91) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 13s
Helm / helm-unittest (push) Successful in 15s
2025-09-12 22:03:27 +00:00
b169136c37 chore(deps): update gomods/athens docker tag to v0.16.1
All checks were successful
Helm / helm-lint (push) Successful in 15s
Helm / helm-unittest (push) Successful in 14s
Helm / helm-lint (pull_request) Successful in 15s
Helm / helm-unittest (pull_request) Successful in 15s
2025-09-12 22:02:15 +00:00
9b4a708f29 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.8.0' (#90) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 17s
Helm / helm-unittest (push) Successful in 18s
2025-09-11 01:04:28 +00:00
053036bcd5 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.8.0' (#89) from renovate/actions into master
Some checks failed
Helm / helm-unittest (push) Has been cancelled
Helm / helm-lint (push) Has been cancelled
2025-09-11 01:03:14 +00:00
783e244cd3 chore(deps): update docker.io/library/node docker tag to v24.8.0
All checks were successful
Helm / helm-lint (push) Successful in 15s
Helm / helm-unittest (push) Successful in 16s
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 18s
2025-09-11 01:02:02 +00:00
41da943040 chore(deps): update docker.io/library/node docker tag to v24.8.0
All checks were successful
Helm / helm-lint (push) Successful in 22s
Helm / helm-unittest (push) Successful in 18s
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 18s
2025-09-11 01:01:47 +00:00
9ef0317677 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.7.0' (#88) from renovate/container-images into master
All checks were successful
Helm / helm-unittest (push) Successful in 14s
Helm / helm-lint (push) Successful in 17s
2025-08-28 13:02:54 +00:00
5a890741e4 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.7.0' (#87) from renovate/actions into master
Some checks failed
Helm / helm-unittest (push) Has been cancelled
Helm / helm-lint (push) Has been cancelled
2025-08-28 13:02:21 +00:00
cd16ddc5d8 chore(deps): update docker.io/library/node docker tag to v24.7.0
All checks were successful
Helm / helm-unittest (push) Successful in 15s
Helm / helm-lint (push) Successful in 15s
Helm / helm-lint (pull_request) Successful in 15s
Helm / helm-unittest (pull_request) Successful in 15s
2025-08-28 13:01:48 +00:00
fd4c9d7e62 chore(deps): update docker.io/library/node docker tag to v24.7.0
All checks were successful
Helm / helm-lint (push) Successful in 20s
Helm / helm-unittest (push) Successful in 14s
Helm / helm-lint (pull_request) Successful in 18s
Helm / helm-unittest (pull_request) Successful in 15s
2025-08-28 13:01:33 +00:00
265ac3d9a9 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.6.0' (#86) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 14s
2025-08-15 22:02:05 +00:00
7d20373804 chore(deps): update docker.io/library/node docker tag to v24.6.0
All checks were successful
Helm / helm-lint (push) Successful in 5s
Helm / helm-unittest (pull_request) Successful in 5s
Helm / helm-unittest (push) Successful in 16s
Helm / helm-lint (pull_request) Successful in 14s
2025-08-15 22:01:36 +00:00
2117bbed96 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.6.0' (#85) from renovate/actions into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 16s
2025-08-15 19:02:19 +00:00
a47f528585 chore(deps): update docker.io/library/node docker tag to v24.6.0
All checks were successful
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (push) Successful in 15s
Helm / helm-unittest (pull_request) Successful in 7s
Helm / helm-lint (pull_request) Successful in 22s
2025-08-15 19:01:36 +00:00
716f6b06c3 Merge pull request 'chore(deps): update volkerraschek/helm docker tag to v3.18.5' (#84) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 13s
Helm / helm-unittest (push) Successful in 18s
2025-08-14 16:02:28 +00:00
ee5111da20 Merge pull request 'chore(deps): update docker.io/volkerraschek/helm docker tag to v3.18.5' (#83) from renovate/actions into master
Some checks failed
Helm / helm-unittest (push) Successful in 5s
Helm / helm-lint (push) Has been cancelled
2025-08-14 16:02:11 +00:00
d954b2e3e7 chore(deps): update volkerraschek/helm docker tag to v3.18.5
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
Helm / helm-unittest (pull_request) Successful in 5s
Helm / helm-lint (pull_request) Successful in 15s
2025-08-14 16:01:40 +00:00
840ee10717 chore(deps): update docker.io/volkerraschek/helm docker tag to v3.18.5
All checks were successful
Helm / helm-lint (push) Successful in 11s
Helm / helm-unittest (pull_request) Successful in 8s
Helm / helm-lint (pull_request) Successful in 27s
Helm / helm-unittest (push) Successful in 37s
2025-08-14 16:01:30 +00:00
c5772856e3 Merge pull request 'chore(deps): update actions/checkout action to v4.3.0' (#81) from renovate/actions into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
2025-08-11 13:26:27 +00:00
f047c145e2 chore(deps): update actions/checkout action to v4.3.0
All checks were successful
Helm / helm-lint (push) Successful in 14s
Helm / helm-unittest (push) Successful in 15s
Helm / helm-lint (pull_request) Successful in 15s
Helm / helm-unittest (pull_request) Successful in 13s
2025-08-11 13:04:35 +00:00
7c0c6f4270 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.5.0' (#80) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 16s
Helm / helm-unittest (push) Successful in 16s
2025-08-04 13:02:55 +00:00
3cab48dd3c Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.5.0' (#79) from renovate/actions into master
Some checks failed
Helm / helm-lint (push) Has been cancelled
Helm / helm-unittest (push) Has been cancelled
2025-08-04 13:02:21 +00:00
50e21e10d8 chore(deps): update docker.io/library/node docker tag to v24.5.0
All checks were successful
Helm / helm-lint (push) Successful in 16s
Helm / helm-unittest (push) Successful in 15s
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 15s
2025-08-04 13:01:51 +00:00
5b70f5e5fa chore(deps): update docker.io/library/node docker tag to v24.5.0
All checks were successful
Helm / helm-lint (push) Successful in 15s
Helm / helm-unittest (push) Successful in 17s
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 18s
2025-08-04 13:01:36 +00:00
09d205316e chore(deps): update docker.io/library/node docker tag to v24.4.1
All checks were successful
Helm / helm-lint (pull_request) Successful in 13s
Helm / helm-unittest (pull_request) Successful in 15s
Helm / helm-unittest (push) Successful in 13s
Helm / helm-lint (push) Successful in 15s
2025-07-16 22:01:52 +00:00
c1e686fc2d chore(deps): update docker.io/library/node docker tag to v24.4.1
All checks were successful
Helm / helm-lint (pull_request) Successful in 17s
Helm / helm-unittest (pull_request) Successful in 17s
Helm / helm-unittest (push) Successful in 14s
Helm / helm-lint (push) Successful in 15s
2025-07-16 19:01:21 +00:00
cfb5978593 chore(deps): update dependency @bitnami/readme-generator-for-helm to v2.7.2
All checks were successful
Helm / helm-lint (pull_request) Successful in 15s
Helm / helm-unittest (pull_request) Successful in 16s
Helm / helm-lint (push) Successful in 12s
Helm / helm-unittest (push) Successful in 15s
2025-07-14 10:01:28 +00:00
e04a9baec1 chore(deps): update volkerraschek/helm docker tag to v3.18.4
All checks were successful
Helm / helm-lint (pull_request) Successful in 14s
Helm / helm-unittest (pull_request) Successful in 15s
Helm / helm-unittest (push) Successful in 13s
Helm / helm-lint (push) Successful in 15s
2025-07-13 01:01:41 +00:00
72908cae0b chore(deps): update docker.io/volkerraschek/helm docker tag to v3.18.4
All checks were successful
Helm / helm-lint (pull_request) Successful in 17s
Helm / helm-unittest (pull_request) Successful in 12s
Helm / helm-lint (push) Successful in 15s
Helm / helm-unittest (push) Successful in 16s
2025-07-12 22:01:33 +00:00
8c6f4db7f5 chore(deps): update docker.io/library/node docker tag to v24.4.0
All checks were successful
Helm / helm-unittest (pull_request) Successful in 14s
Helm / helm-lint (pull_request) Successful in 15s
Helm / helm-lint (push) Successful in 15s
Helm / helm-unittest (push) Successful in 15s
2025-07-09 19:37:12 +00:00
5eae090f40 chore(deps): update docker.io/library/node docker tag to v24.4.0
All checks were successful
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 18s
Helm / helm-lint (push) Successful in 13s
Helm / helm-unittest (push) Successful in 15s
2025-07-09 19:01:19 +00:00
60ed4abe97 chore(deps): update docker.io/library/node docker tag to v24.3.0
All checks were successful
Helm / helm-unittest (pull_request) Successful in 6s
Helm / helm-lint (pull_request) Successful in 17s
Helm / helm-lint (push) Successful in 12s
Helm / helm-unittest (push) Successful in 15s
2025-06-25 19:01:38 +00:00
1179b51895 chore(deps): update docker.io/library/node docker tag to v24.3.0
All checks were successful
Helm / helm-lint (pull_request) Successful in 6s
Helm / helm-unittest (pull_request) Successful in 16s
Helm / helm-lint (push) Successful in 13s
Helm / helm-unittest (push) Successful in 15s
2025-06-25 16:01:20 +00:00
1fcf9e7d4b chore(deps): update dependency @bitnami/readme-generator-for-helm to v2.7.1
All checks were successful
Helm / helm-lint (pull_request) Successful in 17s
Helm / helm-unittest (pull_request) Successful in 15s
Helm / helm-unittest (push) Successful in 5s
Helm / helm-lint (push) Successful in 15s
2025-06-25 10:02:32 +00:00
00c2f285b1 chore(deps): update volkerraschek/helm docker tag to v3.18.3
All checks were successful
Helm / helm-lint (pull_request) Successful in 15s
Helm / helm-unittest (pull_request) Successful in 15s
Helm / helm-unittest (push) Successful in 13s
Helm / helm-lint (push) Successful in 15s
2025-06-18 06:44:33 +00:00
1077afb673 chore(deps): update docker.io/volkerraschek/helm docker tag to v3.18.3
All checks were successful
Helm / helm-lint (pull_request) Successful in 17s
Helm / helm-unittest (pull_request) Successful in 15s
Helm / helm-lint (push) Successful in 15s
Helm / helm-unittest (push) Successful in 17s
2025-06-17 19:02:25 +00:00
a4d1611f44 chore(deps): update docker.io/library/node docker tag to v24.2.0
All checks were successful
Helm / helm-lint (pull_request) Successful in 13s
Helm / helm-unittest (pull_request) Successful in 14s
Helm / helm-lint (push) Successful in 12s
Helm / helm-unittest (push) Successful in 16s
2025-06-10 04:01:33 +00:00
0950a51229 chore(deps): update docker.io/library/node docker tag to v24.2.0
All checks were successful
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 15s
Helm / helm-lint (push) Successful in 11s
Helm / helm-unittest (push) Successful in 16s
2025-06-10 01:01:09 +00:00
ee9fa20df4 chore(deps): update gomods/athens docker tag to v0.16.0
All checks were successful
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 24s
Helm / helm-lint (push) Successful in 11s
Helm / helm-unittest (push) Successful in 13s
2025-06-06 07:01:14 +00:00
848f9c9fd8 chore(ci): migrate to GitTea actions 2025-06-06 08:01:11 +02:00
2889a5390c docs(README): remove drone badge 2025-06-01 12:44:32 +02:00
14987d7265 chore(deps): update git.cryptic.systems/volker.raschek/markdownlint docker tag to v0.44.0
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2025-04-01 16:50:28 +00:00
f9c03e8be4 chore(deps): update git.cryptic.systems/volker.raschek/helm docker tag to v3.17.1
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2025-03-30 19:03:05 +00:00
74 changed files with 7235 additions and 591 deletions

View File

@@ -1,106 +0,0 @@
---
kind: pipeline
type: kubernetes
name: linter
clone:
disable: true
platform:
os: linux
arch: amd64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: helm lint
commands:
- helm lint
image: git.cryptic.systems/volker.raschek/helm:3.16.4
resources:
limits:
cpu: 150
memory: 150M
- name: markdown lint
commands:
- markdownlint *.md
image: git.cryptic.systems/volker.raschek/markdownlint:0.43.0
resources:
limits:
cpu: 150
memory: 150M
- name: helm template
commands:
- helm template .
image: git.cryptic.systems/volker.raschek/helm:3.16.4
resources:
limits:
cpu: 150
memory: 150M
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
resources:
limits:
cpu: 150
memory: 150M
when:
status:
- changed
- failure
trigger:
event:
exclude:
- tag
---
kind: pipeline
type: kubernetes
name: release
clone:
disable: true
platform:
os: linux
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: release-helm-chart
commands:
- helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
- helm package --version ${DRONE_TAG} .
- helm cm-push ${DRONE_REPO_NAME%-charts}-${DRONE_TAG}.tgz volker.raschek
environment:
HELM_REPO_PASSWORD:
from_secret: helm_repo_password
HELM_REPO_USERNAME:
from_secret: helm_repo_username
image: git.cryptic.systems/volker.raschek/helm:3.16.4
resources:
limits:
cpu: 150
memory: 150M
trigger:
event:
- tag
repo:
- volker.raschek/athens-proxy-charts

View File

@@ -1,6 +1,3 @@
# EditorConfig is awesome: https://EditorConfig.org
# top-most EditorConfig file
root = true
[*]
@@ -10,3 +7,6 @@ end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = false
[Makefile]
indent_style = tab

114
.gitea/scripts/add-annotations.sh Executable file
View File

@@ -0,0 +1,114 @@
#!/bin/bash
set -e
CHART_FILE="Chart.yaml"
if [ ! -f "${CHART_FILE}" ]; then
echo "ERROR: ${CHART_FILE} not found!" 1>&2
exit 1
fi
DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
if [ -z "${1}" ]; then
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
if [ -z "${OLD_TAG}" ]; then
OLD_TAG="${DEFAULT_OLD_TAG}"
fi
while [ -z "$(git tag --list "${OLD_TAG}")" ]; do
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
if [ -z "${OLD_TAG}" ]; then
OLD_TAG="${DEFAULT_OLD_TAG}"
fi
done
else
OLD_TAG=${1}
if [ -z "$(git tag --list "${OLD_TAG}")" ]; then
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
exit 1
fi
fi
if [ -z "${2}" ]; then
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
if [ -z "${NEW_TAG}" ]; then
NEW_TAG="${DEFAULT_NEW_TAG}"
fi
while [ -z "$(git tag --list "${NEW_TAG}")" ]; do
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
if [ -z "${NEW_TAG}" ]; then
NEW_TAG="${DEFAULT_NEW_TAG}"
fi
done
else
NEW_TAG=${2}
if [ -z "$(git tag --list "${NEW_TAG}")" ]; then
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
exit 1
fi
fi
CHANGE_LOG_YAML=$(mktemp)
echo "[]" > "${CHANGE_LOG_YAML}"
function map_type_to_kind() {
case "${1}" in
feat)
echo "added"
;;
fix)
echo "fixed"
;;
chore|style|test|ci|docs|refac)
echo "changed"
;;
revert)
echo "removed"
;;
sec)
echo "security"
;;
*)
echo "skip"
;;
esac
}
COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")"
echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}"
while IFS= read -r line; do
if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then
TYPE="${BASH_REMATCH[1]}"
KIND=$(map_type_to_kind "${TYPE}")
if [ "${KIND}" == "skip" ]; then
continue
fi
DESC="${BASH_REMATCH[3]}"
echo "- ${KIND}: ${DESC}"
jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new"
mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}"
fi
done <<< "${COMMIT_TITLES}"
if [ -s "${CHANGE_LOG_YAML}" ]; then
yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}"
yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}"
else
echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2
exit 1
fi
rm "${CHANGE_LOG_YAML}"

View File

@@ -0,0 +1,32 @@
name: Generate README
on:
pull_request:
paths: [ "README.md", "values.yaml" ]
types: [ "opened", "reopened", "synchronize" ]
push:
branches:
- '**'
paths: [ "README.md", "values.yaml" ]
tags-ignore:
- '**'
workflow_dispatch: {}
jobs:
generate-parameters:
container:
image: docker.io/library/node:24.10.0-alpine
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v5.0.0
- name: Generate parameter section in README
run: |
npm install
npm run readme:parameters
- name: Compare diff
run: git diff --exit-code --name-only README.md

View File

@@ -0,0 +1,42 @@
name: Helm
on:
pull_request:
types: [ "opened", "reopened", "synchronize" ]
push:
branches:
- '**'
tags-ignore:
- '**'
workflow_dispatch: {}
jobs:
helm-lint:
container:
image: docker.io/volkerraschek/helm:3.19.0
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v5.0.0
- name: Lint helm files
run: |
helm lint --values values.yaml .
helm-unittest:
container:
image: docker.io/volkerraschek/helm:3.19.0
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v5.0.0
- name: Unittest
run: |
helm unittest --strict --file 'unittests/**/*.yaml' ./

View File

@@ -0,0 +1,46 @@
name: Markdown linter
on:
pull_request:
paths: [ "**/*.md" ]
types: [ "opened", "reopened", "synchronize" ]
push:
branches:
- '**'
paths: [ "**/*.md" ]
tags-ignore:
- '**'
workflow_dispatch: {}
jobs:
markdown-link-checker:
container:
image: docker.io/library/node:24.10.0-alpine
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v5.0.0
- name: Verify links in markdown files
run: |
npm install
npm run readme:link
markdown-lint:
container:
image: docker.io/library/node:24.10.0-alpine
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git
- uses: actions/checkout@v5.0.0
- name: Lint markdown files
run: |
npm install
npm run readme:lint

View File

@@ -0,0 +1,72 @@
name: Release
on:
push:
tags:
- "**"
jobs:
publish-chart:
container:
image: docker.io/volkerraschek/helm:3.19.0
runs-on: ubuntu-latest
steps:
- name: Install packages via apk
run: |
apk update
apk add git npm jq yq
- uses: actions/checkout@v5.0.0
with:
fetch-depth: 0
- name: Add Artifacthub.io annotations
run: |
NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
- name: Extract meta information
run: |
echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
- name: Update Helm Chart version in README.md
run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md
- name: Package chart
run: |
helm dependency build
helm package --version "${PACKAGE_VERSION}" ./
- name: Upload Chart to ChartMuseum
env:
CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
GITEA_SERVER_URL: ${{ github.server_url }}
run: |
PACKAGE_VERSION=${GITHUB_REF#refs/tags/}
REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2)
REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)
helm dependency build
helm package --version "${PACKAGE_VERSION}" ./
# chart-museum
helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
helm repo remove chartmuseum
- name: Upload Chart to Gitea
env:
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
GITEA_SERVER_URL: ${{ github.server_url }}
run: |
helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
helm repo remove gitea

8
.gitignore vendored
View File

@@ -1,3 +1,9 @@
*.tgz
charts
node_modules
target
values2.yml
values2.yaml
*.tgz
install.sh
uninstall.sh

View File

@@ -2,6 +2,7 @@
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
@@ -10,23 +11,50 @@
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# drone
.drone.yml
# markdownlint
.markdownlint.yaml
# editorconfig
.editorconfig
# customized values
values2.yml
values2.yaml
# helm packages
*.tgz
.helmignore
unittests
# markdownlint
.markdownlint.yml
.markdownlint.yaml
.markdownlintignore
# npm
.prettierignore
.npmrc
package*
# yamllint
.yamllint.yaml
# Others
CONTRIBUTING.md
CODEOWNERS
Makefile
renovate.json

View File

@@ -45,9 +45,9 @@ MD012:
# MD013/line-length - Line length
MD013:
# Number of characters
line_length: 80
line_length: 120
# Number of characters for headings
heading_line_length: 80
heading_line_length: 120
# Number of characters for code blocks
code_block_line_length: 80
# Include code blocks
@@ -56,8 +56,6 @@ MD013:
tables: false
# Include headings
headings: true
# Include headings
headers: true
# Strict length checking
strict: false
# Stern length checking
@@ -73,7 +71,7 @@ MD022:
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
MD024:
# Only check sibling headings
allow_different_nesting: true
siblings_only: true
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
MD025:
@@ -129,7 +127,20 @@ MD041:
MD044:
# List of proper names
names:
- gitea
- Git
- GitDevOps
- Gitea
- GitHub
- GitLab
- GitOps
- kube-prometheus-stack
- Memcached
- Oracle
- PostgreSQL
- Prometheus
- prometheus-exporter
- SSL
- TLS
# Include code blocks
code_blocks: false

4
.markdownlintignore Normal file
View File

@@ -0,0 +1,4 @@
.github/
Chart.lock
charts/
node_modules/

1
.npmrc Normal file
View File

@@ -0,0 +1 @@
engine-strict=true

1
.prettierignore Normal file
View File

@@ -0,0 +1 @@
Chart.lock

8
.vscode/extensions.json vendored Normal file
View File

@@ -0,0 +1,8 @@
{
"recommendations": [
"DavidAnson.vscode-markdownlint",
"esbenp.prettier-vscode",
"Tim-Koehler.helm-intellisense",
"yzhang.markdown-all-in-one"
]
}

8
.vscode/settings.json vendored Normal file
View File

@@ -0,0 +1,8 @@
{
"yaml.schemas": {
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [
"/unittests/**/*.yaml"
]
},
"yaml.schemaStore.enable": true
}

20
.yamllint.yaml Normal file
View File

@@ -0,0 +1,20 @@
---
extends: default
ignore: |
.yamllint
node_modules
templates
rules:
truthy:
allowed-values: ['true', 'false']
check-keys: False
level: error
line-length: disable
document-start: disable
comments:
min-spaces-from-content: 1
braces:
max-spaces-inside: 2

1
CODEOWNERS Normal file
View File

@@ -0,0 +1 @@
* @volker.raschek

82
CONTRIBUTING.md Normal file
View File

@@ -0,0 +1,82 @@
# Contributing
I am very happy if you would like to provide a pull request 👍
The content of this file describes which requirements contributors should fulfill before submitting a pull request (PR).
1. [Valid Git commits](#valid-git-commits)
## Valid Git commits
### Commit message
The repository is subject to a strict commit message template. This states that there are several types of commits. For
example, `fix`, `chore`, `refac`, `test` or `doc`. All types are described in more detail below.
| type | description |
| ------------------- | ----------------------------------------------------------------- |
| `feat` | New feature. |
| `fix` | Fixes a bug. |
| `refac` | Refactoring production code. |
| `style` | Fixes formatting issues. No production code change. |
| `docs` | Adapt documentation. No production code change. |
| `test` | Adds new or modifies existing tests. No production code change. |
| `chore` | Updating grunt tasks. Is everything which the user does not see. |
Based on these types, commit messaged can then be created. Here are a few examples:
```text
style(README): Wrong indentation
feat(deployment): support restartPolicy
fix(my-app): Add missing volume
docs(CONTRIBUTING): Describe how to commit correctly
```
This type of commit message makes it easier for me as maintainer to keep an overview and does not cause the commits of a
pull request PR to be combined into one commit (squashing).
### Smart commits
Smart commits are excellent when it comes to tracking bugs or issues. In this repository, however, the rebasing of
commits is prohibited, which means that only merge commits are possible. This means that a smart commit message only
needs to be added to the merge commit.
This has the advantage that the maintainer can use the smart commit to find the merge commit and undo the entire history
of a merge without having to select individual commits. The following history illustrates the correct use of smart commits.
```text
* 823edbc7 Volker Raschek (G) | [Close #2] feat(deployment): support additional containers
|\
| * 321aebc3 Volker Raschek (G) | doc(README): generate README with new deployment attributes
| * 8d101dd3 Volker Raschek (G) | test(deployment): Extend unittest of additional containers
| * 6f2abd93 Volker Raschek (G) | fix(deployment): Extend deployment of additional containers
|/
* aa5ebda bob (N) | [Close #1] feat(deployment): support initContainers
```
### Commit signing
Another problem with Git is the chain of trust. Git allows the configuration of any name and e-mail address. An attacker
can impersonate any person and submit pull requests under a false identity. For as Linux Torvalds, the maintainer of the
Linux kernel.
```bash
git config --global user.name 'Linux Torvalds'
git config --global user.email 'torvalds@linux-foundation.org'
```
To avoid this, some Git repositories expect signed commits. In particular, repositories that are subject to direct
delivery to customers. For this reason, the repository is subject to a branch protection rule that only allows signed
commits. *Until* there is *no verified* and *no signed* commit, the pull request is blocked.
The following articles describes how Git can be configured to sign commits. Please keep in mind, that the e-mail
address, which is used as UID of the GPG keyring must also be defined in the profile settings of your GitHub account.
Otherwise will be marked the Git commit as *Unverified*.
1. [Signing Commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
2. [Tell Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)
Inspect your Git commit via `git log`. There should be mentioned, that your commit is signed.
Furthermore, the GPG key is unique. **Don't loose your private GPG key**. Backup your private key on a safe device. For
example an external USB drive.

View File

@@ -1,9 +1,15 @@
annotations:
artifacthub.io/links: |
- name: Athens proxy (binary)
url: https://github.com/gomods/athens
- name: support
url: https://git.cryptic.systems/volker.raschek/athens-proxy/issues
apiVersion: v2
name: athens-proxy
description: Athens proxy server for golang
type: application
version: "0.1.0"
appVersion: "v0.15.4"
appVersion: "v0.16.1"
icon: https://github.com/gomods/athens/blob/main/docs/static/banner.png?raw=true
keywords:

28
LICENSE
View File

@@ -1,13 +1,21 @@
Copyright 2022 Markus Pesch
MIT License
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
Copyright (c) 2025 Markus Pesch
http://www.apache.org/licenses/LICENSE-2.0
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

91
Makefile Normal file
View File

@@ -0,0 +1,91 @@
# CONTAINER_RUNTIME
CONTAINER_RUNTIME?=$(shell which podman)
# HELM_IMAGE
HELM_IMAGE_REGISTRY_HOST?=docker.io
HELM_IMAGE_REPOSITORY?=volkerraschek/helm
HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
# NODE_IMAGE
NODE_IMAGE_REGISTRY_HOST?=docker.io
NODE_IMAGE_REPOSITORY?=library/node
NODE_IMAGE_VERSION?=24.10.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
# MISSING DOT
# ==============================================================================
missing-dot:
grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml
# CONTAINER RUN - README
# ==============================================================================
PHONY+=container-run/readme
container-run/readme: container-run/readme/link container-run/readme/lint container-run/readme/parameters
container-run/readme/link:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:link
container-run/readme/lint:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:lint
container-run/readme/parameters:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:parameters
# CONTAINER RUN - HELM UNITTESTS
# ==============================================================================
PHONY+=container-run/helm-unittests
container-run/helm-unittests:
${CONTAINER_RUNTIME} run \
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
unittest --strict --file 'unittests/**/*.yaml' ./
# CONTAINER RUN - HELM UPDATE DEPENDENCIES
# ==============================================================================
PHONY+=container-run/helm-update-dependencies
container-run/helm-update-dependencies:
${CONTAINER_RUNTIME} run \
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
dependency update
# CONTAINER RUN - MARKDOWN-LINT
# ==============================================================================
PHONY+=container-run/helm-lint
container-run/helm-lint:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
lint --values values.yaml .
# PHONY
# ==============================================================================
# Declare the contents of the PHONY variable as phony. We keep that information
# in a variable so we can use it in if_changed.
.PHONY: ${PHONY}

217
README.md
View File

@@ -1,6 +1,5 @@
# athens-proxy-charts
[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/athens-proxy-charts/status.svg)](https://drone.cryptic.systems/volker.raschek/athens-proxy-charts)
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek)
This is an inofficial helm chart of the go-proxy
@@ -26,7 +25,7 @@ below or via mounting the config.toml as additional persistent volume to
Create a `configmap.yaml` with multiple keys. One key describe the content of
the `.gitconfig` file and another of `config` of the ssh client. All requests
git clone comands with the prefix `http://github.com/` will be replaced by
Git clone comands with the prefix `http://github.com/` will be replaced by
`git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a
separate secret.
@@ -104,11 +103,11 @@ extraVolumeMounts:
mountPath: /root/.config/git
```
## Access private github.com repositories via developer token
## Access private GitHub.com repositories via developer token
Another way to access private github repositories is via a github token, which
Another way to access private GitHub repositories is via a GitHub token, which
can be set via the environment variable `GITHUB_TOKEN`. Athens automatically
creates a `.netrc` file to access private github repositories.
creates a `.netrc` file to access private GitHub repositories.
## Access private repositories via .netrc configuration
@@ -117,7 +116,7 @@ HTTP. The file can also be defined via a custom secret and mounted into the home
directory of `root` for general authentication purpose.
The example below describe the definition and mounting of a custom `.netrc` file
to access private repositories hosted on github and gitlab.
to access private repositories hosted on GitHub and GitLab.
```yaml
apiVersion: v1
@@ -165,3 +164,209 @@ extraVolumeMounts:
- name: gomodules
mountPath: /var/lib/athens
```
## Parameters
### Global
| Name | Description | Value |
| ------------------ | ----------------------------------------- | ----- |
| `nameOverride` | Individual release name suffix. | `""` |
| `fullnameOverride` | Override the complete release name logic. | `""` |
### Configuration
| Name | Description | Value |
| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `config.env.existingSecret.enabled` | Mount an existing secret containing the application specific environment variables. | `false` |
| `config.env.existingSecret.secretName` | Name of the existing secret containing the application specific environment variables. | `""` |
| `config.env.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
| `config.env.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
| `config.env.secret.envs` | List of environment variables stored in a secret and mounted into the container. | `{}` |
| `config.downloadMode.enabled` | Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined. | `false` |
| `config.downloadMode.existingConfigMap.enabled` | Enable to use an external config map for mounting the download mode file. | `false` |
| `config.downloadMode.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the download mode file. | `""` |
| `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored. | `downloadMode` |
| `config.downloadMode.configMap.annotations` | Additional annotations of the config map containing the download mode file. | `{}` |
| `config.downloadMode.configMap.labels` | Additional labels of the config map containing the download mode file. | `{}` |
| `config.downloadMode.configMap.content` | The content of the download mode file. | `# downloadURL = "https://proxy.golang.org"
#
# mode = "async_redirect"
#
# download "github.com/gomods/*" {
# mode = "sync"
# }
#
# download "golang.org/x/*" {
# mode = "none"
# }
#
# download "github.com/pkg/*" {
# mode = "redirect"
# downloadURL = "https://gocenter.io"
# }
` |
| `config.gitConfig.enabled` | Enable mounting of a .gitconfig file into the container file system. | `false` |
| `config.gitConfig.existingConfigMap.enabled` | Enable to use an external config map for mounting the .gitconfig file. | `false` |
| `config.gitConfig.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the .gitconfig file. | `""` |
| `config.gitConfig.existingConfigMap.gitConfigKey` | The name of the key inside the config map where the content of the .gitconfig file is stored. | `nil` |
| `config.gitConfig.configMap.annotations` | Additional annotations of the config map containing the .gitconfig file. | `{}` |
| `config.gitConfig.configMap.labels` | Additional labels of the config map containing the .gitconfig file. | `{}` |
| `config.gitConfig.configMap.content` | The content of the .gitconfig file. | `# The .gitconfig file
#
# The .gitconfig file contains the user specific git configuration. It generally resides in the user's home
# directory.
#
# [url "git@github.com:"] insteadOf = https://github.com/
` |
| `config.netrc.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
| `config.netrc.existingSecret.enabled` | Enable to use an external secret for mounting the .netrc file. | `false` |
| `config.netrc.existingSecret.secretName` | The name of the existing secret which should be used to mount the .netrc file. | `""` |
| `config.netrc.existingSecret.netrcKey` | The name of the key inside the secret where the content of the .netrc file is stored. | `.netrc` |
| `config.netrc.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
| `config.netrc.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
| `config.netrc.secret.content` | The content of the .netrc file. | `# The .netrc file
#
# The .netrc file contains login and initialization information used by the auto-login process. It generally
# resides in the user's home directory, but a location outside of the home directory can be set using the
# environment variable NETRC. Both locations are overridden by the command line option -N. The selected file
# must be a regular file, or access will be denied.
#
# https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
#
# default login [name] password [password/token]
# machine github.com [octocat] password [PAT]
# machine api.github.com [octocat] password [PAT]
` |
| `config.ssh.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
| `config.ssh.existingSecret.enabled` | Enable to use an external secret for mounting the public and private SSH key files. | `false` |
| `config.ssh.existingSecret.secretName` | The name of the existing secret which should be used to mount the public and private SSH key files. | `""` |
| `config.ssh.existingSecret.configKey` | The name of the key inside the secret where the content of the SSH client config file is stored. | `config` |
| `config.ssh.existingSecret.id_ed25519Key` | The name of the key inside the secret where the content of the id_ed25519 key file is stored. | `id_ed25519` |
| `config.ssh.existingSecret.id_ed25519PubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_ed25519.pub` |
| `config.ssh.existingSecret.id_rsaKey` | The name of the key inside the secret where the content of the id_rsa key file is stored. | `id_rsa` |
| `config.ssh.existingSecret.id_rsaPubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_rsa.pub` |
| `config.ssh.secret.annotations` | Additional annotations of the secret containing the public and private SSH key files. | `{}` |
| `config.ssh.secret.labels` | Additional labels of the secret containing the public and private SSH key files. | `{}` |
| `config.ssh.secret.config` | The content of the SSH client config file. | `# Host *
# IdentityFile ~/.ssh/id_ed25519
# IdentityFile ~/.ssh/id_rsa
` |
### Deployment
| Name | Description | Value |
| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------- |
| `deployment.annotations` | Additional deployment annotations. | `{}` |
| `deployment.labels` | Additional deployment labels. | `{}` |
| `deployment.additionalContainers` | List of additional containers. | `[]` |
| `deployment.affinity` | Affinity for the athens-proxy deployment. | `{}` |
| `deployment.initContainers` | List of additional init containers. | `[]` |
| `deployment.dnsConfig` | dnsConfig of the athens-proxy deployment. | `{}` |
| `deployment.dnsPolicy` | dnsPolicy of the athens-proxy deployment. | `""` |
| `deployment.hostname` | Individual hostname of the pod. | `""` |
| `deployment.subdomain` | Individual domain of the pod. | `""` |
| `deployment.hostNetwork` | Use the kernel network namespace of the host system. | `false` |
| `deployment.imagePullSecrets` | Secret to use for pulling the image. | `[]` |
| `deployment.athensProxy.args` | Arguments passed to the athens-proxy container. | `[]` |
| `deployment.athensProxy.command` | Command passed to the athens-proxy container. | `[]` |
| `deployment.athensProxy.env` | List of environment variables for the athens-proxy container. | `[]` |
| `deployment.athensProxy.envFrom` | List of environment variables mounted from configMaps or secrets for the athens-proxy container. | `[]` |
| `deployment.athensProxy.image.registry` | Image registry, eg. `docker.io`. | `docker.io` |
| `deployment.athensProxy.image.repository` | Image repository, eg. `library/busybox`. | `gomods/athens` |
| `deployment.athensProxy.image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` |
| `deployment.athensProxy.image.pullPolicy` | Image pull policy. | `IfNotPresent` |
| `deployment.athensProxy.resources` | CPU and memory resources of the pod. | `{}` |
| `deployment.athensProxy.securityContext` | Security context of the container of the deployment. | `{}` |
| `deployment.athensProxy.volumeMounts` | Additional volume mounts. | `[]` |
| `deployment.nodeSelector` | NodeSelector of the athens-proxy deployment. | `{}` |
| `deployment.priorityClassName` | PriorityClassName of the athens-proxy deployment. | `""` |
| `deployment.replicas` | Number of replicas for the athens-proxy deployment. | `1` |
| `deployment.restartPolicy` | Restart policy of the athens-proxy deployment. | `""` |
| `deployment.securityContext` | Security context of the athens-proxy deployment. | `{}` |
| `deployment.strategy.type` | Strategy type - `Recreate` or `RollingUpdate`. | `RollingUpdate` |
| `deployment.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` |
| `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` |
| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` |
| `deployment.tolerations` | Tolerations of the athens-proxy deployment. | `[]` |
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the athens-proxy deployment. | `[]` |
| `deployment.volumes` | Additional volumes to mount into the pods of the prometheus-exporter deployment. | `[]` |
### Horizontal Pod Autoscaler (HPA)
| Name | Description | Value |
| ----------------- | -------------------------------------------------------------------------------------------------- | ----------- |
| `hpa.enabled` | Enable the horizontal pod autoscaler (HPA). | `false` |
| `hpa.annotations` | Additional annotations for the HPA. | `{}` |
| `hpa.labels` | Additional labels for the HPA. | `{}` |
| `hpa.metrics` | Metrics contains the specifications for which to use to calculate the desired replica count. | `undefined` |
| `hpa.minReplicas` | Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down. | `1` |
| `hpa.maxReplicas` | Upper limit for the number of pods that can be set by the autoscaler. | `10` |
### Ingress
| Name | Description | Value |
| --------------------- | -------------------------------------------------------------------------------------------------------------------- | ------- |
| `ingress.enabled` | Enable creation of an ingress resource. Requires, that the http service is also enabled. | `false` |
| `ingress.className` | Ingress class. | `nginx` |
| `ingress.annotations` | Additional ingress annotations. | `{}` |
| `ingress.labels` | Additional ingress labels. | `{}` |
| `ingress.hosts` | Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. | `[]` |
| `ingress.tls` | Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``. | `[]` |
### Persistence
| Name | Description | Value |
| -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- |
| `persistence.enabled` | Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. | `false` |
| `persistence.data.mountPath` | The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`. | `/var/www/athens-proxy/data` |
| `persistence.data.existingPersistentVolumeClaim.enabled` | TODO | `false` |
| `persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName` | TODO | `""` |
| `persistence.data.persistentVolumeClaim.annotations` | Additional persistent volume claim annotations. | `{}` |
| `persistence.data.persistentVolumeClaim.labels` | Additional persistent volume claim labels. | `{}` |
| `persistence.data.persistentVolumeClaim.accessModes` | Access modes of the persistent volume claim. | `["ReadWriteMany"]` |
| `persistence.data.persistentVolumeClaim.storageClass` | Storage class of the persistent volume claim. | `""` |
| `persistence.data.persistentVolumeClaim.storageSize` | Size of the persistent volume claim. | `5Gi` |
### NetworkPolicies
| Name | Description | Value |
| ------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------- |
| `networkPolicies.enabled` | Enable network policies in general. | `false` |
| `networkPolicies.default.enabled` | Enable the network policy for accessing the application by default. For example to scape the metrics. | `false` |
| `networkPolicies.default.annotations` | Additional network policy annotations. | `{}` |
| `networkPolicies.default.labels` | Additional network policy labels. | `{}` |
| `networkPolicies.default.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]` |
| `networkPolicies.default.egress` | Concrete egress network policy implementation. | `[]` |
| `networkPolicies.default.ingress` | Concrete ingress network policy implementation. | `[]` |
### Service
| Name | Description | Value |
| ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| `services.http.enabled` | Enable the service. | `true` |
| `services.http.annotations` | Additional service annotations. | `{}` |
| `services.http.externalIPs` | External IPs for the service. | `[]` |
| `services.http.externalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster` |
| `services.http.internalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | `Cluster` |
| `services.http.ipFamilies` | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | `[]` |
| `services.http.labels` | Additional service labels. | `{}` |
| `services.http.loadBalancerClass` | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | `""` |
| `services.http.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` |
| `services.http.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` |
| `services.http.port` | Port to forward the traffic to. | `3000` |
| `services.http.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` |
| `services.http.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` |
| `services.http.type` | Kubernetes service type for the traffic. | `ClusterIP` |
### ServiceAccount
| Name | Description | Value |
| ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `serviceAccount.existing.enabled` | Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations. | `false` |
| `serviceAccount.existing.serviceAccountName` | Name of the existing service account. | `""` |
| `serviceAccount.new.annotations` | Additional service account annotations. | `{}` |
| `serviceAccount.new.labels` | Additional service account labels. | `{}` |
| `serviceAccount.new.automountServiceAccountToken` | Enable/disable auto mounting of the service account token. | `true` |
| `serviceAccount.new.imagePullSecrets` | ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount. | `[]` |
| `serviceAccount.new.secrets` | Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. | `[]` |

View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-configs
data:
sshconfig: |
Host github.com
IdentityFile /root/.ssh/id_ed25519
StrictHostKeyChecking no
gitconfig: |
[url "git@github.com:"]
insteadOf = https://github.com/

View File

@@ -1,26 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: custom-ssh-keys
type: Opaque
stringData:
id_ed25519: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
-----END OPENSSH PRIVATE KEY-----
id_ed25519.pub: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe
---
apiVersion: v1
kind: Secret
metadata:
name: custom-netrc
type: Opaque
stringData:
netrc: |
machine github.com login USERNAME password API-KEY
machine gitlab.com login USERNAME password API-KEY

2617
package-lock.json generated Normal file

File diff suppressed because it is too large Load Diff

21
package.json Normal file
View File

@@ -0,0 +1,21 @@
{
"name": "athens-proxy-charts",
"homepage": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts.git",
"license": "MIT",
"private": true,
"engineStrict": true,
"engines": {
"node": ">=16.0.0",
"npm": ">=8.0.0"
},
"scripts": {
"readme:link": "markdown-link-check *.md",
"readme:lint": "markdownlint *.md -f",
"readme:parameters": "readme-generator -v values.yaml -r README.md"
},
"devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.5.0",
"markdown-link-check": "^3.13.6",
"markdownlint-cli": "^0.45.0"
}
}

View File

@@ -1,26 +1,14 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"assignees": [ "volker.raschek" ],
"labels": [ "renovate" ],
"packageRules": [
{
"addLabels": [ "renovate/athens-proxy", "renovate/automerge" ],
"automerge": true,
"matchManagers": "droneci",
"matchUpdateTypes": [ "minor", "patch"]
},
{
"addLabels": [ "renovate/athens-proxy", "renovate/automerge" ],
"automerge": false,
"matchPackageNames": [ "gomods/athens" ],
"matchManagers": [ "regex" ]
}
"extends": [
"local>volker.raschek/renovate-config:default#master",
"local>volker.raschek/renovate-config:container#master",
"local>volker.raschek/renovate-config:actions#master",
"local>volker.raschek/renovate-config:npm#master",
"local>volker.raschek/renovate-config:regexp#master"
],
"rebaseLabel": "renovate/rebase",
"rebaseWhen": "behind-base-branch",
"regexManagers": [
"customManagers": [
{
"description": "Update container image reference",
"fileMatch": [
"^Chart\\.yaml$"
],
@@ -28,7 +16,53 @@
"appVersion: \"(?<currentValue>.*?)\"\\s+"
],
"datasourceTemplate": "docker",
"depNameTemplate": "gomods/athens"
"depNameTemplate": "gomods/athens",
"lookupNameTemplate": "docker.io/gomods/athens",
"versioningTemplate": "semver"
},
{
"fileMatch": ["^README\\.md$"],
"matchStrings": [
"VERSION=(?<currentValue>.*)"
],
"depNameTemplate": "volker.raschek/athens-proxy-charts",
"packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts",
"datasourceTemplate": "git-tags",
"versioningTemplate": "semver"
}
],
"packageRules": [
{
"addLabels": [
"renovate/automerge",
"renovate/container"
],
"automerge": true,
"excludePackagePatterns": [
"gomods/athens"
],
"matchDatasources": [
"docker"
],
"matchUpdateTypes": [
"minor",
"patch"
]
},
{
"addLabels": [
"renovate/automerge",
"renovate/documentation"
],
"automerge": true,
"matchDepNames": [
"volker.raschek/athens-proxy-charts"
],
"matchUpdateTypes": [
"major",
"minor",
"patch"
]
}
]
}

View File

@@ -1,3 +1,4 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
@@ -30,20 +31,26 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common annotations
*/}}
{{- define "athens-proxy.annotations" -}}
{{- end }}
{{/*
Common labels
*/}}
{{- define "athens-proxy.labels" -}}
helm.sh/chart: {{ include "athens-proxy.chart" . }}
{{ include "athens-proxy.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "athens-proxy.chart" . }}
{{- end }}
{{/*
Selector labels
Common selector labels
*/}}
{{- define "athens-proxy.selectorLabels" -}}
app.kubernetes.io/name: {{ include "athens-proxy.name" . }}

View File

@@ -0,0 +1,43 @@
---
{{/* annotations */}}
{{- define "athens-proxy.configMap.downloadMode.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.downloadMode.configMap.annotations }}
{{ toYaml .Values.config.downloadMode.configMap.annotations }}
{{- end }}
{{- end }}
{{- define "athens-proxy.configMap.gitConfig.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.gitConfig.configMap.annotations }}
{{ toYaml .Values.config.gitConfig.configMap.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.configMap.downloadMode.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.downloadMode.configMap.labels }}
{{ toYaml .Values.config.downloadMode.configMap.labels }}
{{- end }}
{{- end }}
{{- define "athens-proxy.configMap.gitConfig.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.gitConfig.configMap.labels }}
{{ toYaml .Values.config.gitConfig.configMap.labels }}
{{- end }}
{{- end }}
{{/* name */}}
{{- define "athens-proxy.configMap.downloadMode.name" -}}
{{ include "athens-proxy.fullname" . }}-download-mode-file
{{- end }}
{{- define "athens-proxy.configMap.gitConfig.name" -}}
{{ include "athens-proxy.fullname" . }}-gitconfig
{{- end }}

View File

@@ -0,0 +1,243 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.deployment.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.deployment.annotations }}
{{ toYaml .Values.deployment.annotations }}
{{- end }}
{{- end }}
{{/* env */}}
{{- define "athens-proxy.deployment.env" -}}
{{- $env := .Values.deployment.athensProxy.env | default (list) }}
{{- if and .Values.persistence.enabled }}
{{- $env = concat $env (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)) }}
{{- end }}
{{- if .Values.config.downloadMode.enabled }}
{{- $env = concat $env (list (dict "name" "ATHENS_DOWNLOAD_MODE" "value" "file:/etc/athens/config/download-mode.d/download-mode")) }}
{{- end }}
{{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }}
{{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }}
{{- end }}
{{ toYaml (dict "env" $env) }}
{{- end -}}
{{/* envFrom */}}
{{- define "athens-proxy.deployment.envFrom" -}}
{{- end -}}
{{/* image */}}
{{- define "athens-proxy.deployment.images.athens-proxy.fqin" -}}
{{- $registry := .Values.deployment.athensProxy.image.registry -}}
{{- $repository := .Values.deployment.athensProxy.image.repository -}}
{{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}}
{{- printf "%s/%s:v%s" $registry $repository $tag -}}
{{- end -}}
{{/* labels */}}
{{- define "athens-proxy.deployment.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.deployment.labels }}
{{ toYaml .Values.deployment.labels }}
{{- end }}
{{- end }}
{{/* serviceAccount */}}
{{- define "athens-proxy.deployment.serviceAccount" -}}
{{- if .Values.serviceAccount.existing.enabled -}}
{{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}}
{{- else -}}
{{- include "athens-proxy.fullname" . -}}
{{- end -}}
{{- end }}
{{/* volumeMounts */}}
{{- define "athens-proxy.deployment.volumeMounts" -}}
{{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }}
{{- if .Values.persistence.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }}
{{- end }}
{{/* volumes (download mode) */}}
{{- if .Values.config.downloadMode.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "download-mode" "mountPath" "/etc/athens/config/download-mode.d" )) }}
{{- end }}
{{/* volumeMount (git config) */}}
{{- if .Values.config.gitConfig.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.gitconfig" "subPath" ".gitconfig" )) }}
{{- end }}
{{/* volumeMount (netrc) */}}
{{- if .Values.config.netrc.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.netrc" "subPath" ".netrc" )) }}
{{- end }}
{{/* volumeMount (ssh) */}}
{{- if and .Values.config.ssh.enabled }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.config) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.configKey) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/config" "subPath" "config" )) }}
{{- end }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519" "subPath" "id_ed25519" )) }}
{{- end }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519.pub" "subPath" "id_ed25519.pub" )) }}
{{- end }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa" "subPath" "id_rsa" )) }}
{{- end }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa.pub" "subPath" "id_rsa.pub" )) }}
{{- end }}
{{- end }}
{{ toYaml (dict "volumeMounts" $volumeMounts) }}
{{- end -}}
{{/* volumes */}}
{{- define "athens-proxy.deployment.volumes" -}}
{{- $volumes := .Values.deployment.athensProxy.volumes | default (list) }}
{{/* volumes (data) */}}
{{- if .Values.persistence.enabled }}
{{- $claimName := include "athens-proxy.persistentVolumeClaim.data.name" $ }}
{{- if .Values.persistence.data.existingPersistentVolumeClaim.enabled }}
{{- $claimName = .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName }}
{{- end }}
{{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $claimName))) }}
{{- end }}
{{/* volumes (download mode) */}}
{{- if .Values.config.downloadMode.enabled }}
{{- $itemList := list (dict "key" "downloadMode" "path" "download-mode" "mode" 0644) }}
{{- $configMapName := include "athens-proxy.configMap.downloadMode.name" $ }}
{{- if and .Values.config.downloadMode.existingConfigMap.enabled (gt (len .Values.config.downloadMode.existingConfigMap.configMapName) 0) }}
{{- $itemList = list (dict "key" .Values.config.downloadMode.existingConfigMap.downloadModeKey "path" "download-mode" "mode" 0644) }}
{{- $configMapName = .Values.config.downloadMode.existingConfigMap.configMapName }}
{{- end }}
{{- $volumes = concat $volumes (list (dict "name" "download-mode" "configMap" (dict "name" $configMapName "items" $itemList))) }}
{{- end }}
{{/* volumes (git config) */}}
{{- $projectedSecretSources := list -}}
{{- if .Values.config.gitConfig.enabled }}
{{- $itemList := list (dict "key" ".gitconfig" "path" ".gitconfig" "mode" 0644) }}
{{- $configMapName := include "athens-proxy.configMap.gitConfig.name" . }}
{{- if .Values.config.gitConfig.existingConfigMap.enabled }}
{{- $itemList = list (dict "key" .Values.config.gitConfig.existingConfigMap.gitConfigKey "path" ".gitconfig" "mode" 0644) }}
{{- $configMapName = .Values.config.gitConfig.existingConfigMap.configMapName }}
{{- end }}
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "configMap" (dict "name" $configMapName "items" $itemList))) }}
{{- end }}
{{/* volumes (netrc) */}}
{{- if .Values.config.netrc.enabled }}
{{- $itemList := list (dict "key" ".netrc" "path" ".netrc" "mode" 0600) }}
{{- $secretName := include "athens-proxy.secrets.netrc.name" . }}
{{- if .Values.config.netrc.existingSecret.enabled }}
{{- $itemList = list (dict "key" .Values.config.netrc.existingSecret.netrcKey "path" ".netrc" "mode" 0600) }}
{{- $secretName = .Values.config.netrc.existingSecret.secretName }}
{{- end }}
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
{{- end }}
{{/* volumes (ssh) */}}
{{- if .Values.config.ssh.enabled }}
{{- $itemList := list -}}
{{- $secretName := include "athens-proxy.secrets.ssh.name" . }}
{{- if and .Values.config.ssh.existingSecret.enabled .Values.config.ssh.existingSecret.secretName }}
{{- $secretName = .Values.config.ssh.existingSecret.secretName }}
{{- if gt (len .Values.config.ssh.existingSecret.configKey) 0 }}
{{- $configItem := dict "key" .Values.config.ssh.existingSecret.configKey "path" "config" "mode" 0600 }}
{{- $itemList = concat $itemList (list $configItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0 }}
{{- $idED25519Item := dict "key" .Values.config.ssh.existingSecret.id_ed25519Key "path" "id_ed25519" "mode" 0600 }}
{{- $itemList = concat $itemList (list $idED25519Item) }}
{{- end }}
{{- if gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0 }}
{{- $idED25519PubItem := dict "key" .Values.config.ssh.existingSecret.id_ed25519PubKey "path" "id_ed25519.pub" "mode" 0644 }}
{{- $itemList = concat $itemList (list $idED25519PubItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0 }}
{{- $idRSAItem := dict "key" .Values.config.ssh.existingSecret.id_rsaKey "path" "id_rsa" "mode" 0600 }}
{{- $itemList = concat $itemList (list $idRSAItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0 }}
{{- $idRSAPubItem := dict "key" .Values.config.ssh.existingSecret.id_rsaPubKey "path" "id_rsa.pub" "mode" 0644 }}
{{- $itemList = concat $itemList (list $idRSAPubItem) }}
{{- end }}
{{- end }}
{{- if not .Values.config.ssh.existingSecret.enabled }}
{{- if gt (len .Values.config.ssh.secret.config) 0 }}
{{- $configItem := dict "key" "config" "path" "config" "mode" 0600 }}
{{- $itemList = concat $itemList (list $configItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.secret.id_ed25519) 0 }}
{{- $idED25519Item := dict "key" "id_ed25519" "path" "id_ed25519" "mode" 0600 }}
{{- $itemList = concat $itemList (list $idED25519Item) }}
{{- end }}
{{- if gt (len .Values.config.ssh.secret.id_ed25519_pub) 0 }}
{{- $idED25519PubItem := dict "key" "id_ed25519.pub" "path" "id_ed25519.pub" "mode" 0644 }}
{{- $itemList = concat $itemList (list $idED25519PubItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.secret.id_rsa) 0 }}
{{- $idRSAItem := dict "key" "id_rsa" "path" "id_rsa" "mode" 0600 }}
{{- $itemList = concat $itemList (list $idRSAItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.secret.id_rsa_pub) 0 }}
{{- $idRSAPubItem := dict "key" "id_rsa.pub" "path" "id_rsa.pub" "mode" 0644 }}
{{- $itemList = concat $itemList (list $idRSAPubItem) }}
{{- end }}
{{- end }}
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
{{- end }}
{{- if gt (len $projectedSecretSources) 0 }}
{{- $projectedSecretVolume := dict "name" "secrets" "projected" (dict "sources" $projectedSecretSources) }}
{{- $volumes = concat $volumes (list $projectedSecretVolume) }}
{{- end }}
{{ toYaml (dict "volumes" $volumes) }}
{{- end -}}

View File

@@ -0,0 +1,19 @@
---
{{/* annotations */}}
{{- define "athens-proxy.hpa.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.hpa.annotations }}
{{ toYaml .Values.hpa.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.hpa.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.hpa.labels }}
{{ toYaml .Values.hpa.labels }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,19 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.ingress.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.ingress.annotations }}
{{ toYaml .Values.ingress.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.ingress.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.ingress.labels }}
{{ toYaml .Values.ingress.labels }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,19 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.networkPolicies.annotations" -}}
{{ include "athens-proxy.annotations" .context }}
{{- if .networkPolicy.annotations }}
{{ toYaml .networkPolicy.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.networkPolicies.labels" -}}
{{ include "athens-proxy.labels" .context }}
{{- if .networkPolicy.labels }}
{{ toYaml .networkPolicy.labels }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,25 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.persistentVolumeClaim.data.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.persistence.data.persistentVolumeClaim.annotations }}
{{ toYaml .Values.persistence.data.persistentVolumeClaim.annotations}}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.persistentVolumeClaim.data.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.persistence.data.persistentVolumeClaim.labels }}
{{ toYaml .Values.persistence.data.persistentVolumeClaim.labels}}
{{- end }}
{{- end }}
{{/* name */}}
{{- define "athens-proxy.persistentVolumeClaim.data.name" -}}
{{ include "athens-proxy.fullname" . }}-data
{{- end }}

View File

@@ -0,0 +1,17 @@
---
{{/* annotations */}}
{{- define "athens-proxy.pod.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.pod.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- end }}
{{- define "athens-proxy.pod.selectorLabels" -}}
{{ include "athens-proxy.selectorLabels" . }}
{{- end }}

View File

@@ -0,0 +1,61 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.secrets.env.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.env.secret.annotations }}
{{ toYaml .Values.config.env.secret.annotations }}
{{- end }}
{{- end }}
{{- define "athens-proxy.secrets.netrc.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.netrc.secret.annotations }}
{{ toYaml .Values.config.netrc.secret.annotations }}
{{- end }}
{{- end }}
{{- define "athens-proxy.secrets.ssh.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.ssh.secret.annotations }}
{{ toYaml .Values.config.ssh.secret.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.secrets.env.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.env.secret.labels }}
{{ toYaml .Values.config.env.secret.labels }}
{{- end }}
{{- end }}
{{- define "athens-proxy.secrets.netrc.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.netrc.secret.labels }}
{{ toYaml .Values.config.netrc.secret.labels }}
{{- end }}
{{- end }}
{{- define "athens-proxy.secrets.ssh.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.ssh.secret.labels }}
{{ toYaml .Values.config.ssh.secret.labels }}
{{- end }}
{{- end }}
{{/* name */}}
{{- define "athens-proxy.secrets.env.name" -}}
{{ include "athens-proxy.fullname" . }}-env
{{- end }}
{{- define "athens-proxy.secrets.netrc.name" -}}
{{ include "athens-proxy.fullname" . }}-netrc
{{- end }}
{{- define "athens-proxy.secrets.ssh.name" -}}
{{ include "athens-proxy.fullname" . }}-ssh
{{- end }}

View File

@@ -0,0 +1,17 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.serviceAccount.annotations" -}}
{{- if .Values.serviceAccount.new.annotations }}
{{ toYaml .Values.serviceAccount.new.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.serviceAccount.labels" -}}
{{- if .Values.serviceAccount.new.labels }}
{{ toYaml .Values.serviceAccount.new.labels }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,29 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.services.http.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.services.http.annotations }}
{{ toYaml .Values.services.http.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.services.http.labels" -}}
{{ include "athens-proxy.labels" . }}
{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}}
app.kubernetes.io/service-name: http
{{- if .Values.services.http.labels }}
{{ toYaml .Values.services.http.labels }}
{{- end }}
{{- end }}
{{/* names */}}
{{- define "athens-proxy.services.http.name" -}}
{{- if .Values.services.http.enabled -}}
{{ include "athens-proxy.fullname" . }}-http
{{- end -}}
{{- end -}}

View File

@@ -0,0 +1,19 @@
{{- if not .Values.config.downloadMode.existingConfigMap.enabled }}
---
apiVersion: v1
kind: ConfigMap
metadata:
{{- with (include "athens-proxy.configMap.downloadMode.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.configMap.downloadMode.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.configMap.downloadMode.name" . }}
namespace: {{ .Release.Namespace }}
data:
downloadMode: |
{{- tpl .Values.config.downloadMode.configMap.content . | nindent 4 }}
{{- end }}

View File

@@ -0,0 +1,19 @@
{{- if not .Values.config.gitConfig.existingConfigMap.enabled }}
---
apiVersion: v1
kind: ConfigMap
metadata:
{{- with (include "athens-proxy.configMap.gitConfig.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.configMap.gitConfig.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}-git-config
namespace: {{ .Release.Namespace }}
data:
.gitconfig: |
{{- tpl .Values.config.gitConfig.configMap.content . | nindent 4 }}
{{- end }}

View File

@@ -0,0 +1,135 @@
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (include "athens-proxy.deployment.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.deployment.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
replicas: {{ .Values.deployment.replicas }}
selector:
matchLabels:
{{- include "athens-proxy.pod.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- include "athens-proxy.pod.annotations" . | nindent 8 }}
labels:
{{- include "athens-proxy.pod.labels" . | nindent 8 }}
spec:
{{- with .Values.deployment.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: athens-proxy
{{- with .Values.deployment.athensProxy.args }}
args:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.deployment.athensProxy.command }}
command:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- $env := (include "athens-proxy.deployment.env" . | fromYaml) }}
{{- if and (hasKey $env "env") (gt (len $env.env) 0) }}
env:
{{- toYaml $env.env | nindent 8 }}
{{- end }}
{{- $envFrom := (include "athens-proxy.deployment.envFrom" . | fromYaml) }}
{{- if and (hasKey $envFrom "envFrom") (gt (len $envFrom.envFrom) 0) }}
envFrom:
{{- toYaml $envFrom.envFrom | nindent 8 }}
{{- end }}
image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }}
imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }}
livenessProbe:
tcpSocket:
port: http
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 3
readinessProbe:
tcpSocket:
port: http
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 3
ports:
- name: http
containerPort: 3000
protocol: TCP
{{- with .Values.deployment.athensProxy.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.deployment.athensProxy.securityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- $volumeMounts := (include "athens-proxy.deployment.volumeMounts" . | fromYaml) }}
{{- if and (hasKey $volumeMounts "volumeMounts") (gt (len $volumeMounts.volumeMounts) 0) }}
volumeMounts:
{{- toYaml $volumeMounts.volumeMounts | nindent 8 }}
{{- end }}
{{- with .Values.deployment.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.deployment.dnsPolicy }}
dnsPolicy: {{ .Values.deployment.dnsPolicy }}
{{- end }}
{{- if .Values.deployment.hostname }}
hostname: {{ .Values.deployment.hostname }}
{{- end }}
hostNetwork: {{ .Values.deployment.hostNetwork }}
{{- with .Values.deployment.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.deployment.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.deployment.priorityClassName }}
priorityClassName: {{ .Values.deployment.priorityClassName }}
{{- end }}
{{- if .Values.deployment.restartPolicy }}
restartPolicy: {{ .Values.deployment.restartPolicy }}
{{- end }}
{{- with .Values.deployment.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccount: {{ include "athens-proxy.deployment.serviceAccount" . }}
{{- if .Values.deployment.subdomain }}
subdomain: {{ .Values.deployment.subdomain }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }}
{{- with .Values.deployment.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.deployment.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- $volumes := (include "athens-proxy.deployment.volumes" . | fromYaml) }}
{{- if and (hasKey $volumes "volumes") (gt (len $volumes.volumes) 0) }}
volumes:
{{- toYaml $volumes.volumes | nindent 6 }}
{{- end }}
{{- with .Values.deployment.strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}

View File

@@ -0,0 +1,25 @@
{{- if .Values.hpa.enabled -}}
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
{{- with (include "athens-proxy.hpa.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.hpa.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
metrics:
{{- toYaml .Values.hpa.metrics | nindent 2 }}
maxReplicas: {{ .Values.hpa.maxReplicas }}
minReplicas: {{ .Values.hpa.minReplicas }}
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "athens-proxy.fullname" . }}
{{- end -}}

View File

@@ -0,0 +1,45 @@
{{- if and .Values.services.http.enabled .Values.ingress.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
{{- with (include "athens-proxy.ingress.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.ingress.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
ingressClassName: {{ .Values.ingress.className }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ include "athens-proxy.services.http.name" $ }}
port:
number: {{ $.Values.services.http.port }}
{{- end }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
secretName: {{ .secretName | quote }}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,36 @@
{{- if .Values.networkPolicies.enabled }}
{{- range $key, $value := .Values.networkPolicies -}}
{{- if and (not (eq $key "enabled")) $value.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
{{- with (include "athens-proxy.networkPolicies.annotations" (dict "networkPolicy" $value "context" $) | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.networkPolicies.labels" (dict "networkPolicy" $value "context" $) | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ printf "%s-%s" (include "athens-proxy.fullname" $ ) $key }}
namespace: {{ $.Release.Namespace }}
spec:
podSelector:
matchLabels:
{{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }}
{{- with $value.policyTypes }}
policyTypes:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with $value.egress }}
egress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with $value.ingress }}
ingress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,26 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.data.existingPersistentVolumeClaim.enabled) }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- with (include "athens-proxy.persistentVolumeClaim.data.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.persistentVolumeClaim.data.labels" . | fromYaml) }}
labels:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.persistentVolumeClaim.data.name" . }}
namespace: {{ $.Release.Namespace }}
spec:
{{- with .Values.persistence.data.persistentVolumeClaim.accessModes }}
accessModes:
{{ toYaml . | nindent 4 }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.data.persistentVolumeClaim.storageSize }}
{{- if .Values.persistence.data.persistentVolumeClaim.storageClassName }}
storageClassName: {{ .Values.persistence.data.persistentVolumeClaim.storageClassName }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,20 @@
{{- if not .Values.config.env.existingSecret.enabled }}
---
apiVersion: v1
kind: Secret
metadata:
{{- with (include "athens-proxy.secrets.env.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.secrets.env.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.secrets.env.name" . }}
namespace: {{ .Release.Namespace }}
stringData:
{{- range $key, $value := .Values.config.env.secret.envs }}
{{ upper $key }}: {{ quote $value }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,19 @@
{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
---
apiVersion: v1
kind: Secret
metadata:
{{- with (include "athens-proxy.secrets.netrc.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.secrets.netrc.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.secrets.netrc.name" . }}
namespace: {{ .Release.Namespace }}
stringData:
.netrc: |
{{- tpl .Values.config.netrc.secret.content . | nindent 4 }}
{{- end }}

View File

@@ -0,0 +1,35 @@
{{- if not .Values.config.ssh.existingSecret.enabled }}
---
apiVersion: v1
kind: Secret
metadata:
{{- with (include "athens-proxy.secrets.ssh.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.secrets.ssh.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.secrets.ssh.name" . }}
namespace: {{ .Release.Namespace }}
stringData:
config: |
{{- tpl $.Values.config.ssh.secret.config $ | nindent 4 }}
{{- if .Values.config.ssh.secret.id_ed25519 }}
id_ed25519: |
{{- .Values.config.ssh.secret.id_ed25519 | nindent 4 }}
{{- end }}
{{- if .Values.config.ssh.secret.id_ed25519_pub }}
id_ed25519.pub: |
{{- .Values.config.ssh.secret.id_ed25519_pub | nindent 4 }}
{{- end }}
{{- if .Values.config.ssh.secret.id_rsa }}
id_rsa: |
{{- .Values.config.ssh.secret.id_rsa | nindent 4 }}
{{- end }}
{{- if .Values.config.ssh.secret.id_rsa_pub }}
id_rsa.pub: |
{{- .Values.config.ssh.secret.id_rsa_pub | nindent 4 }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,25 @@
{{- if not .Values.serviceAccount.existing.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
{{- with (include "athens-proxy.serviceAccount.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.serviceAccount.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
automountServiceAccountToken: {{ .Values.serviceAccount.new.automountServiceAccountToken }}
{{- with .Values.serviceAccount.new.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.serviceAccount.new.secrets }}
secrets:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,57 @@
{{- if .Values.services.http.enabled }}
---
apiVersion: v1
kind: Service
metadata:
{{- with (include "athens-proxy.services.http.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.services.http.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.services.http.name" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- if not (empty .Values.services.http.externalIPs) }}
externalIPs:
{{- range .Values.services.http.externalIPs }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (or (eq .Values.services.http.type "LoadBalancer") (eq .Values.services.http.type "NodePort") ) .Values.services.http.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.services.http.externalTrafficPolicy }}
{{- end }}
internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.services.http.internalTrafficPolicy }}
{{- if .Values.services.http.ipFamilies }}
ipFamilies:
{{- range .Values.services.http.ipFamilies }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerClass }}
loadBalancerClass: {{ .Values.services.http.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerIP }}
loadBalancerIP: {{ .Values.services.http.loadBalancerIP }}
{{- end }}
{{- if eq .Values.services.http.type "LoadBalancer" }}
loadBalancerSourceRanges:
{{- range .Values.services.http.loadBalancerSourceRanges }}
- {{ . }}
{{- end }}
{{- end }}
ports:
- name: http
protocol: TCP
port: {{ required "No service port defined!" .Values.services.http.port }}
selector:
{{- include "athens-proxy.pod.selectorLabels" . | nindent 4 }}
sessionAffinity: {{ required "No session affinity defined!" .Values.services.http.sessionAffinity }}
{{- with .Values.services.http.sessionAffinityConfig }}
sessionAffinityConfig:
{{- toYaml . | nindent 4}}
{{- end }}
type: {{ required "No service type defined!" .Values.services.http.type }}
{{- end }}

View File

@@ -1,72 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "athens-proxy.fullname" . }}
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "athens-proxy.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "athens-proxy.selectorLabels" . | nindent 8 }}
spec:
containers:
- name: {{ .Chart.Name }}
envFrom:
- secretRef:
name: {{ include "athens-proxy.fullname" . }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.config.ATHENS_PORT | default 3000 }}
protocol: TCP
{{- with .Values.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.extraVolumeMounts }}
volumeMounts:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.podPriorityClassName }}
priorityClassName: {{ .Values.podPriorityClassName }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
serviceAccountName: {{ include "athens-proxy.fullname" . }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.extraVolumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}

View File

@@ -1,61 +0,0 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "athens-proxy.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -1,23 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "athens-proxy.fullname" . }}
type: Opaque
stringData:
{{- if not (hasKey .Values "config") -}}
{{- $_ := set .Values "config" dict -}}
{{- end -}}
{{- if not (hasKey .Values.config "ATHENS_DISK_STORAGE_ROOT") -}}
{{- $_ := set .Values.config "ATHENS_DISK_STORAGE_ROOT" "/var/lib/athens" -}}
{{- end -}}
{{- if not (hasKey .Values.config "ATHENS_STORAGE_TYPE") -}}
{{- $_ := set .Values.config "ATHENS_STORAGE_TYPE" "disk" -}}
{{- end -}}
{{/* SETUP CONFIG */}}
{{ range $key, $value := .Values.config }}
{{ upper $key}}: {{ quote $value }}
{{ end }}

View File

@@ -1,36 +0,0 @@
apiVersion: v1
kind: Service
metadata:
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
name: {{ include "athens-proxy.fullname" . }}
spec:
{{- with .Values.service.externalIPs }}
externalIPs:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- if .Values.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
{{- end }}
{{- if and .Values.service.loadBalancerClass (eq .Values.service.type "LoadBalancer") }}
loadBalancerClass: {{ .Values.service.loadBalancerClass }}
{{- end }}
{{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- with .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml . | nindent 2 }}
{{- end }}
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.service.targetPort }}
protocol: TCP
name: {{ .Values.service.name }}
selector:
{{- include "athens-proxy.selectorLabels" . | nindent 4 }}

View File

@@ -1,10 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
name: {{ include "athens-proxy.fullname" . }}

View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "athens-proxy.fullname" . }}-test-connection"
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "athens-proxy.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

View File

@@ -0,0 +1,88 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ConfigMap downloadMode
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/configMapDownloadMode.yaml
tests:
- it: Skip rending by using existing config map.
set:
config.downloadMode.existingConfigMap.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering by default.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ConfigMap
name: athens-proxy-unittest-download-mode-file
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: data.downloadMode
value: |
# downloadURL = "https://proxy.golang.org"
#
# mode = "async_redirect"
#
# download "github.com/gomods/*" {
# mode = "sync"
# }
#
# download "golang.org/x/*" {
# mode = "none"
# }
#
# download "github.com/pkg/*" {
# mode = "redirect"
# downloadURL = "https://gocenter.io"
# }
- it: Rendering custom annotations and labels.
set:
config.downloadMode.configMap.annotations:
foo: bar
bar: foo
config.downloadMode.configMap.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo
- it: Rendering custom configuration
set:
config.downloadMode.configMap.content: |
downloadURL = "https://proxy.golang.org"
mode = "async_redirect"
asserts:
- equal:
path: data.downloadMode
value: |
downloadURL = "https://proxy.golang.org"
mode = "async_redirect"

View File

@@ -0,0 +1,83 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ConfigMap gitConfig
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/configMapGitConfig.yaml
tests:
- it: Skip rending by using existing config map.
set:
config.gitConfig.existingConfigMap.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering by default.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ConfigMap
name: athens-proxy-unittest-git-config
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: data[".gitconfig"]
value: |
# The .gitconfig file
#
# The .gitconfig file contains the user specific git configuration. It generally resides in the user's home
# directory.
#
# [url "git@github.com:"] insteadOf = https://github.com/
- it: Rendering custom annotations and labels.
set:
config.gitConfig.configMap.annotations:
foo: bar
bar: foo
config.gitConfig.configMap.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo
- it: Rendering custom configuration
set:
config.gitConfig.configMap.content: |
[url "git@github.com:"]
insteadOf = https://github.com/
[url "git@git.cryptic.systems:"]
insteadOf = https://git.cryptic.systems/
asserts:
- equal:
path: data[".gitconfig"]
value: |
[url "git@github.com:"]
insteadOf = https://github.com/
[url "git@git.cryptic.systems:"]
insteadOf = https://git.cryptic.systems/

View File

@@ -0,0 +1,466 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/deployment.yaml
tests:
- it: Rendering default
asserts:
- hasDocuments:
count: 1
template: templates/athens-proxy/deployment.yaml
- containsDocument:
apiVersion: apps/v1
kind: Deployment
name: athens-proxy-unittest
namespace: testing
template: templates/athens-proxy/deployment.yaml
- notExists:
path: metadata.annotations
template: templates/athens-proxy/deployment.yaml
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.replicas
value: 1
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.template.metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.affinity
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].args
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].command
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].envFrom
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].volumeMounts
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.template.spec.containers[0].image
value: docker.io/gomods/athens:v0.1.0
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].resources
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].securityContext
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.dnsConfig
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.dnsPolicy
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.hostname
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.template.spec.hostNetwork
value: false
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.imagePullSecrets
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.nodeSelector
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.priorityClassName
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.restartPolicy
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.subdomain
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 60
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.tolerations
template: templates/athens-proxy/deployment.yaml
- notExists:
path: spec.template.spec.topologySpreadConstraints
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.strategy
value:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template: templates/athens-proxy/deployment.yaml
- it: Test custom replicas
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.replicas: 3
asserts:
- equal:
path: spec.replicas
value: 3
template: templates/athens-proxy/deployment.yaml
- it: Test custom affinity
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: topology.kubernetes.io/zone
operator: In
values:
- antarctica-east1
- antarctica-west1
asserts:
- equal:
path: spec.template.spec.affinity
value:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: topology.kubernetes.io/zone
operator: In
values:
- antarctica-east1
- antarctica-west1
template: templates/athens-proxy/deployment.yaml
- it: Test additional arguments
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.args:
- "--foo=bar"
- "--bar=foo"
asserts:
- equal:
path: spec.template.spec.containers[0].args
value:
- --foo=bar
- --bar=foo
template: templates/athens-proxy/deployment.yaml
- it: Test additional command
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.command:
- "/bin/sh"
- "-c"
- "echo hello"
asserts:
- equal:
path: spec.template.spec.containers[0].command
value:
- "/bin/sh"
- "-c"
- "echo hello"
template: templates/athens-proxy/deployment.yaml
- it: Test custom imageRegistry and imageRepository
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.image.registry: registry.example.local
deployment.athensProxy.image.repository: path/special/athens-proxy
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: registry.example.local/path/special/athens-proxy:v0.1.0
template: templates/athens-proxy/deployment.yaml
- it: Test custom imagePullPolicy
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.image.pullPolicy: Always
asserts:
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: Always
template: templates/athens-proxy/deployment.yaml
- it: Test custom resource limits and requests
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.resources:
limits:
cpu: 100m
memory: 250MB
requests:
cpu: 25m
memory: 100MB
asserts:
- equal:
path: spec.template.spec.containers[0].env
value:
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
divisor: "1"
resource: limits.cpu
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.template.spec.containers[0].resources
value:
limits:
cpu: 100m
memory: 250MB
requests:
cpu: 25m
memory: 100MB
template: templates/athens-proxy/deployment.yaml
- it: Test custom securityContext
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.securityContext:
capabilities:
add:
- NET_RAW
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
capabilities:
add:
- NET_RAW
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
template: templates/athens-proxy/deployment.yaml
- it: Test dnsConfig
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.dnsConfig:
nameservers:
- "8.8.8.8"
- "8.8.4.4"
asserts:
- equal:
path: spec.template.spec.dnsConfig
value:
nameservers:
- "8.8.8.8"
- "8.8.4.4"
template: templates/athens-proxy/deployment.yaml
- it: Test dnsPolicy
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.dnsPolicy: ClusterFirst
asserts:
- equal:
path: spec.template.spec.dnsPolicy
value: ClusterFirst
template: templates/athens-proxy/deployment.yaml
- it: Test hostNetwork, hostname, subdomain
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.hostNetwork: true
deployment.hostname: pg-exporter
deployment.subdomain: exporters.internal
asserts:
- equal:
path: spec.template.spec.hostNetwork
value: true
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.template.spec.hostname
value: pg-exporter
template: templates/athens-proxy/deployment.yaml
- equal:
path: spec.template.spec.subdomain
value: exporters.internal
template: templates/athens-proxy/deployment.yaml
- it: Test imagePullSecrets
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.imagePullSecrets:
- name: my-pull-secret
- name: my-special-secret
asserts:
- equal:
path: spec.template.spec.imagePullSecrets
value:
- name: my-pull-secret
- name: my-special-secret
template: templates/athens-proxy/deployment.yaml
- it: Test nodeSelector
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.nodeSelector:
foo: bar
asserts:
- equal:
path: spec.template.spec.nodeSelector
value:
foo: bar
template: templates/athens-proxy/deployment.yaml
- it: Test priorityClassName
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.priorityClassName: my-priority
asserts:
- equal:
path: spec.template.spec.priorityClassName
value: my-priority
template: templates/athens-proxy/deployment.yaml
- it: Test restartPolicy
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.restartPolicy: Always
asserts:
- equal:
path: spec.template.spec.restartPolicy
value: Always
template: templates/athens-proxy/deployment.yaml
- it: Test terminationGracePeriodSeconds
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.terminationGracePeriodSeconds: 120
asserts:
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 120
template: templates/athens-proxy/deployment.yaml
- it: Test tolerations
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.tolerations:
- key: database/type
operator: Equal
value: postgres
effect: NoSchedule
asserts:
- equal:
path: spec.template.spec.tolerations
value:
- key: database/type
operator: Equal
value: postgres
effect: NoSchedule
template: templates/athens-proxy/deployment.yaml
- it: Test topologySpreadConstraints
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.topologySpreadConstraints:
- topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: athens-proxy
asserts:
- equal:
path: spec.template.spec.topologySpreadConstraints
value:
- topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: athens-proxy
template: templates/athens-proxy/deployment.yaml
- it: Test additional volumeMounts and volumes
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.volumeMounts:
- name: data
mountPath: /usr/lib/athens-proxy/data
deployment.volumes:
- name: data
hostPath:
path: /usr/lib/athens-proxy/data
asserts:
- equal:
path: spec.template.spec.containers[0].volumeMounts
value:
- name: data
mountPath: /usr/lib/athens-proxy/data
template: templates/athens-proxy/deployment.yaml

View File

@@ -0,0 +1,83 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/deployment.yaml
tests:
- it: Rendering default without mounted download mode config map
asserts:
- notContains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: download-mode
mountPath: /etc/athens/config/download-mode.d
- notContains:
path: spec.template.spec.volumes
content:
name: download-mode
configMap:
name: athens-proxy-unittest-download-mode-file
- it: Rendering default with mounted gitconfig configMap
set:
config.downloadMode.enabled: true
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: download-mode
mountPath: /etc/athens/config/download-mode.d
- contains:
path: spec.template.spec.volumes
content:
name: download-mode
configMap:
items:
- key: downloadMode
mode: 0644
path: download-mode
name: athens-proxy-unittest-download-mode-file
- it: Rendering with custom download mode configMap
set:
config.downloadMode.enabled: true
config.downloadMode.existingConfigMap.enabled: true
config.downloadMode.existingConfigMap.configMapName: "my-custom-configmap"
config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key"
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: download-mode
mountPath: /etc/athens/config/download-mode.d
- contains:
path: spec.template.spec.volumes
content:
name: download-mode
configMap:
items:
- key: "my-custom-download-mode-filename-key"
path: "download-mode"
mode: 0644
name: my-custom-configmap

View File

@@ -0,0 +1,81 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/deployment.yaml
tests:
- it: Rendering default without mounted git config map
asserts:
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.gitconfig
subPath: .gitconfig
- notContains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- configMap:
items:
- key: .gitconfig
path: .gitconfig
mode: 0600
name: athens-proxy-unittest-gitconfig
- it: Rendering default with mounted gitconfig configMap
set:
config.gitConfig.enabled: true
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.gitconfig
subPath: .gitconfig
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- configMap:
items:
- key: .gitconfig
path: .gitconfig
mode: 0644
name: athens-proxy-unittest-gitconfig
- it: Rendering with custom gitconfig configMap
set:
config.gitConfig.enabled: true
config.gitConfig.existingConfigMap.enabled: true
config.gitConfig.existingConfigMap.configMapName: "my-custom-configmap"
config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key"
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.gitconfig
subPath: .gitconfig
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- configMap:
items:
- key: my-gitconfig-key
path: .gitconfig
mode: 0644
name: my-custom-configmap

View File

@@ -0,0 +1,80 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/deployment.yaml
tests:
- it: Rendering default without mounted netrc secret
asserts:
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: netrc
mountPath: /root
- notContains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: .netrc
path: .netrc
mode: 0600
name: athens-proxy-unittest-netrc
- it: Rendering default with mounted netrc secret
set:
config.netrc.enabled: true
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.netrc
subPath: .netrc
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: .netrc
path: .netrc
mode: 0600
name: athens-proxy-unittest-netrc
- it: Rendering with custom netrc secret
set:
config.netrc.enabled: true
config.netrc.existingSecret.enabled: true
config.netrc.existingSecret.secretName: "my-custom-secret"
config.netrc.existingSecret.netrcKey: "my-netrc-key"
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.netrc
subPath: .netrc
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: my-netrc-key
path: .netrc
mode: 0600
name: my-custom-secret

View File

@@ -0,0 +1,73 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/deployment.yaml
tests:
- it: Test persistent volume claim
set:
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_STORAGE_TYPE
value: disk
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DISK_STORAGE_ROOT
value: /var/www/athens-proxy/data
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /var/www/athens-proxy/data
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: athens-proxy-unittest-data
template: templates/athens-proxy/deployment.yaml
- it: Test existing persistent volume claim
set:
config.netrc.enabled: true
persistence.enabled: true
persistence.data.mountPath: "/mnt/go-proxy/data"
persistence.data.existingPersistentVolumeClaim.enabled: true
persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName: "my-special-pvc"
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_STORAGE_TYPE
value: disk
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DISK_STORAGE_ROOT
value: /mnt/go-proxy/data
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /mnt/go-proxy/data
template: templates/athens-proxy/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: my-special-pvc
template: templates/athens-proxy/deployment.yaml

View File

@@ -0,0 +1,221 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/deployment.yaml
tests:
- it: Rendering default without mounted ssh secret
asserts:
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/config
subPath: config
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519
subPath: id_ed25519
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519.pub
subPath: id_ed25519.pub
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa
subPath: id_rsa
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa.pub
subPath: id_rsa.pub
- notContains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: config
path: config
mode: 0644
- key: id_ed25519
path: id_ed25519
mode: 0600
- key: id_ed25519.pub
path: id_ed25519.pub
mode: 0644
- key: id_rsa
path: id_rsa
mode: 0600
- key: id_rsa.pub
path: id_rsa.pub
mode: 0644
name: athens-proxy-unittest-ssh
- it: Rendering default with mounted ssh config
set:
config.ssh.enabled: true
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/config
subPath: config
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: config
path: config
mode: 0600
name: athens-proxy-unittest-ssh
- it: Rendering default with mounted ssh keys
set:
config.ssh.enabled: true
config.ssh.secret.id_ed25519: foo
config.ssh.secret.id_ed25519_pub: bar
config.ssh.secret.id_rsa: foo
config.ssh.secret.id_rsa_pub: bar
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/config
subPath: config
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519
subPath: id_ed25519
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519.pub
subPath: id_ed25519.pub
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa
subPath: id_rsa
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa.pub
subPath: id_rsa.pub
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: config
path: config
mode: 0600
- key: id_ed25519
path: id_ed25519
mode: 0600
- key: id_ed25519.pub
path: id_ed25519.pub
mode: 0644
- key: id_rsa
path: id_rsa
mode: 0600
- key: id_rsa.pub
path: id_rsa.pub
mode: 0644
name: athens-proxy-unittest-ssh
- it: Rendering with custom ssh secret
set:
config.ssh.enabled: true
config.ssh.existingSecret.enabled: true
config.ssh.existingSecret.secretName: "my-custom-secret"
config.ssh.existingSecret.configKey : "my-config-key"
config.ssh.existingSecret.id_ed25519Key : "my-private-ed25519-key"
config.ssh.existingSecret.id_ed25519PubKey : "my-public-ed25519-key"
config.ssh.existingSecret.id_rsaKey : "my-private-rsa-key"
config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key"
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/config
subPath: config
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519
subPath: id_ed25519
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519.pub
subPath: id_ed25519.pub
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa
subPath: id_rsa
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa.pub
subPath: id_rsa.pub
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: my-config-key
path: config
mode: 0600
- key: my-private-ed25519-key
path: id_ed25519
mode: 0600
- key: my-public-ed25519-key
path: id_ed25519.pub
mode: 0644
- key: my-private-rsa-key
path: id_rsa
mode: 0600
- key: my-public-rsa-key
path: id_rsa.pub
mode: 0644
name: my-custom-secret

116
unittests/hpa/default.yaml Normal file
View File

@@ -0,0 +1,116 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: HPA template (basic)
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/hpa.yaml
tests:
- it: Skip rendering by default.
asserts:
- hasDocuments:
count: 0
- it: Rendering when enabled - default
set:
hpa.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- contains:
path: spec.metrics
content:
resource:
name: cpu
target:
averageUtilization: 65
type: Utilization
type: Resource
- equal:
path: spec.maxReplicas
value: 10
- equal:
path: spec.minReplicas
value: 1
- equal:
path: spec.scaleTargetRef
value:
apiVersion: apps/v1
kind: Deployment
name: athens-proxy-unittest
- it: Rendering when enabled - custom values
set:
hpa.enabled: true
hpa.annotations:
foo: bar
hpa.labels:
bar: foo
hpa.maxReplicas: 25
hpa.minReplicas: 5
hpa.metrics:
- resource:
name: memory
target:
averageUtilization: 65
type: Utilization
type: Resource
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
name: athens-proxy-unittest
namespace: testing
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
bar: foo
helm.sh/chart: athens-proxy-0.1.0
- contains:
path: spec.metrics
content:
resource:
name: memory
target:
averageUtilization: 65
type: Utilization
type: Resource
- equal:
path: spec.maxReplicas
value: 25
- equal:
path: spec.minReplicas
value: 5
- equal:
path: spec.scaleTargetRef
value:
apiVersion: apps/v1
kind: Deployment
name: athens-proxy-unittest

View File

@@ -0,0 +1,139 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Ingress template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/ingress.yaml
tests:
- it: Skip ingress by default.
asserts:
- hasDocuments:
count: 0
- it: Skip ingress, when service is disabled.
set:
services.http.enabled: false
ingress.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Render ingress with default values.
set:
ingress.enabled: true
ingress.hosts:
- host: athens-proxy.example.local
paths:
- path: /
pathType: Prefix
ingress.tls:
- secretName: athens-proxy-http-tls
hosts:
- athens-proxy.example.local
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: Ingress
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: spec.ingressClassName
value: nginx
- contains:
path: spec.rules
content:
host: athens-proxy.example.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: athens-proxy-unittest-http
port:
number: 3000
- contains:
path: spec.tls
content:
hosts:
- athens-proxy.example.local
secretName: athens-proxy-http-tls
- it: Render ingress with custom values.
set:
ingress.enabled: true
ingress.annotations:
foo: bar
ingress.className: nginx
ingress.labels:
bar: foo
ingress.hosts:
- host: athens-proxy.example.local
paths:
- path: /
pathType: Prefix
ingress.tls:
- secretName: athens-proxy-http-tls
hosts:
- athens-proxy.example.local
services.http.port: 8080
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: Ingress
name: athens-proxy-unittest
namespace: testing
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
bar: foo
- equal:
path: spec.ingressClassName
value: nginx
- contains:
path: spec.rules
content:
host: athens-proxy.example.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: athens-proxy-unittest-http
port:
number: 8080
- contains:
path: spec.tls
content:
hosts:
- athens-proxy.example.local
secretName: athens-proxy-http-tls

View File

@@ -0,0 +1,118 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: NetworkPolicies template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/networkPolicies.yaml
tests:
- it: Skip networkPolicies in general disabled.
set:
networkPolicies.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip networkPolicy 'default' when disabled.
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Loop over networkPolicies
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: false
networkPolicies.nginx.enabled: true
networkPolicies.prometheus.enabled: true
asserts:
- hasDocuments:
count: 2
- it: Template networkPolicy 'default' without policyTypes, egress and ingress configuration
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
name: athens-proxy-unittest-default
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: spec.podSelector.matchLabels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/name: athens-proxy
- notExists:
path: spec.policyTypes
- notExists:
path: spec.egress
- notExists:
path: spec.ingress
- it: Template networkPolicy 'default' with policyTypes, egress and ingress configuration
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: true
networkPolicies.default.policyTypes:
- Egress
- Ingress
networkPolicies.default.ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: khv-production
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
networkPolicies.default.egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: database
podSelector:
matchLabels:
app.kubernetes.io/name: oracle
asserts:
- equal:
path: spec.policyTypes
value:
- Egress
- Ingress
- equal:
path: spec.egress
value:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: database
podSelector:
matchLabels:
app.kubernetes.io/name: oracle
- equal:
path: spec.ingress
value:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: khv-production
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus

View File

@@ -0,0 +1,90 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: PersistentVolumeClaim template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/persistentVolumeClaim.yaml
tests:
- it: Rendering default
asserts:
- hasDocuments:
count: 0
- it: Rendering with enabled persistent storage
set:
persistence.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: PersistentVolumeClaim
name: athens-proxy-unittest-data
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: spec.accessModes
value:
- ReadWriteMany
- isSubset:
path: spec.resources
content:
requests:
storage: 5Gi
- notExists:
path: spec.storageClassName
- it: Rendering with custom enabled persistent storage
set:
persistence.enabled: true
persistence.data.persistentVolumeClaim.annotations:
foo: bar
persistence.data.persistentVolumeClaim.labels:
bar: foo
persistence.data.persistentVolumeClaim.storageClassName: my-storage-class
persistence.data.persistentVolumeClaim.storageSize: 10Gi
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: PersistentVolumeClaim
name: athens-proxy-unittest-data
namespace: testing
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
bar: foo
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: spec.accessModes
value:
- ReadWriteMany
- isSubset:
path: spec.resources
content:
requests:
storage: 10Gi
- equal:
path: spec.storageClassName
value: my-storage-class

View File

@@ -0,0 +1,67 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Secret environment variables
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/secretEnv.yaml
tests:
- it: Skip rendering by using existing secret.
set:
config.env.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering env secret with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Secret
name: athens-proxy-unittest-env
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- isNullOrEmpty:
path: stringData
- it: Rendering env secret with custom values.
set:
config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token
asserts:
- isSubset:
path: stringData
content:
ATHENS_GITHUB_TOKEN: my-secret-token
- it: Rendering custom annotations and labels.
set:
config.env.secret.annotations:
foo: bar
bar: foo
config.env.secret.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo

View File

@@ -0,0 +1,93 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Secret netrc template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/secretNetRC.yaml
tests:
- it: Skip rendering by default
asserts:
- hasDocuments:
count: 0
- it: Skip rendering by using existing secret.
set:
config.netrc.enabled: true
config.netrc.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering netrc secret with default values.
set:
config.netrc.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Secret
name: athens-proxy-unittest-netrc
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: stringData[".netrc"]
value: |
# The .netrc file
#
# The .netrc file contains login and initialization information used by the auto-login process. It generally
# resides in the user's home directory, but a location outside of the home directory can be set using the
# environment variable NETRC. Both locations are overridden by the command line option -N. The selected file
# must be a regular file, or access will be denied.
#
# https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
#
# default login [name] password [password/token]
# machine github.com [octocat] password [PAT]
# machine api.github.com [octocat] password [PAT]
- it: Rendering netrc secret with custom values.
set:
config.netrc.enabled: true
config.netrc.secret.content: |
default github.com hugo password kinnock
default api.github.com hugo password kinnock
asserts:
- equal:
path: stringData[".netrc"]
value: |
default github.com hugo password kinnock
default api.github.com hugo password kinnock
- it: Rendering custom annotations and labels.
set:
config.netrc.enabled: true
config.netrc.secret.annotations:
foo: bar
bar: foo
config.netrc.secret.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo

109
unittests/secrets/ssh.yaml Normal file
View File

@@ -0,0 +1,109 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Secret ssh template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/secretSSH.yaml
tests:
- it: Skip rendering by using existing secret.
set:
config.ssh.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering ssh secret with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Secret
name: athens-proxy-unittest-ssh
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: stringData.config
value: |
# Host *
# IdentityFile ~/.ssh/id_ed25519
# IdentityFile ~/.ssh/id_rsa
- notExists:
path: stringData.id_ed25519
- notExists:
path: stringData["id_ed25519.pub"]
- notExists:
path: stringData.id_rsa
- notExists:
path: stringData["id_rsa.pub"]
- it: Rendering ssh secret with custom values.
set:
config.ssh.secret.config: |
Host *
IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_rsa
config.ssh.secret.id_ed25519: |
my-private-25519-key
config.ssh.secret.id_ed25519_pub: |
my-public-25519-key
config.ssh.secret.id_rsa: |
my-private-rsa-key
config.ssh.secret.id_rsa_pub: |
my-public-rsa-key
asserts:
- equal:
path: stringData.config
value: |
Host *
IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_rsa
- equal:
path: stringData.id_ed25519
value: |
my-private-25519-key
- equal:
path: stringData["id_ed25519.pub"]
value: |
my-public-25519-key
- equal:
path: stringData.id_rsa
value: |
my-private-rsa-key
- equal:
path: stringData["id_rsa.pub"]
value: |
my-public-rsa-key
- it: Rendering custom annotations and labels.
set:
config.ssh.secret.annotations:
foo: bar
bar: foo
config.ssh.secret.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo

View File

@@ -0,0 +1,79 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ServiceAccount athens-proxy template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/serviceAccount.yaml
tests:
- it: Skip rendering.
set:
serviceAccount.existing.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering serviceAccount with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ServiceAccount
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- notExists:
path: metadata.labels
- equal:
path: automountServiceAccountToken
value: true
- notExists:
path: imagePullSecrets
- notExists:
path: secrets
- it: Rendering serviceAccount with custom values.
set:
serviceAccount.new.annotations:
foo: bar
serviceAccount.new.labels:
bar: foo
serviceAccount.new.automountServiceAccountToken: false
serviceAccount.new.imagePullSecrets:
- name: "my-pull-secret"
serviceAccount.new.secrets:
- name: "my-secret"
namespace: "my-namespace"
fieldPath: "my-path"
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
bar: foo
- equal:
path: metadata.name
value: athens-proxy-unittest
- equal:
path: automountServiceAccountToken
value: false
- equal:
path: imagePullSecrets
value:
- name: "my-pull-secret"
- equal:
path: secrets
value:
- name: "my-secret"
namespace: "my-namespace"
fieldPath: "my-path"

View File

@@ -0,0 +1,174 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Service http template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/serviceHTTP.yaml
tests:
- it: Skip service when disabled.
set:
services.http.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Rendering service with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Service
name: athens-proxy-unittest-http
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/service-name: http
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- notExists:
path: spec.externalIPs
- notExists:
path: spec.externalTrafficPolicy
- equal:
path: spec.internalTrafficPolicy
value: Cluster
- notExists:
path: spec.ipFamilies
- notExists:
path: spec.loadBalancerClass
- notExists:
path: spec.loadBalancerIP
- notExists:
path: spec.loadBalancerSourceRanges
- equal:
path: spec.ports[0].name
value: http
- equal:
path: spec.ports[0].protocol
value: TCP
- equal:
path: spec.ports[0].port
value: 3000
- equal:
path: spec.selector
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/name: athens-proxy
- equal:
path: spec.sessionAffinity
value: None
- notExists:
path: spec.sessionAffinityConfig
- equal:
path: spec.type
value: ClusterIP
- it: Require internalTrafficPolicy.
set:
services.http.internalTrafficPolicy: ""
asserts:
- failedTemplate:
errorMessage: No internal traffic policy defined!
- it: Require port.
set:
services.http.port: ""
asserts:
- failedTemplate:
errorMessage: No service port defined!
- it: Require sessionAffinity.
set:
services.http.sessionAffinity: ""
asserts:
- failedTemplate:
errorMessage: No session affinity defined!
- it: Require service type.
set:
services.http.type: ""
asserts:
- failedTemplate:
errorMessage: No service type defined!
- it: Render service with custom annotations and labels.
set:
services.http.annotations:
foo: bar
services.http.labels:
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/service-name: http
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
bar: foo
- it: Change defaults
set:
services.http.externalIPs:
- "10.11.12.13/32"
services.http.externalTrafficPolicy: Local
services.http.internalTrafficPolicy: Local
services.http.ipFamilies:
- IPv4
services.http.loadBalancerClass: aws
services.http.loadBalancerIP: "11.12.13.14"
services.http.loadBalancerSourceRanges:
- "11.12.0.0/17"
services.http.port: 10443
services.http.sessionAffinity: ClientIP
services.http.type: LoadBalancer
asserts:
- equal:
path: spec.externalIPs
value:
- 10.11.12.13/32
- equal:
path: spec.externalTrafficPolicy
value: Local
- equal:
path: spec.internalTrafficPolicy
value: Local
- equal:
path: spec.ipFamilies
value:
- IPv4
- equal:
path: spec.loadBalancerClass
value: aws
- equal:
path: spec.loadBalancerIP
value: "11.12.13.14"
- equal:
path: spec.loadBalancerSourceRanges
value:
- "11.12.0.0/17"
- equal:
path: spec.ports[0].port
value: 10443
- equal:
path: spec.sessionAffinity
value: ClientIP
- equal:
path: spec.type
value: LoadBalancer

View File

@@ -1,36 +1,30 @@
affinity: {}
image:
repository: docker.io/gomods/athens
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
# Declare variables to be passed into your templates.
## @section Global
## @param nameOverride Individual release name suffix.
## @param fullnameOverride Override the complete release name logic.
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
## @section Configuration
config:
env:
## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables.
## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables.
existingSecret:
enabled: false
secretName: ""
podPriorityClassName: ""
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
config: {}
## @param config.env.secret.annotations Additional annotations of the secret containing the database credentials.
## @param config.env.secret.labels Additional labels of the secret containing the database credentials.
## @param config.env.secret.envs List of environment variables stored in a secret and mounted into the container.
secret:
annotations: {}
labels: {}
envs: {}
# ATHENS_AZURE_ACCOUNT_KEY:
# ATHENS_AZURE_ACCOUNT_NAME:
# ATHENS_AZURE_CONTAINER_NAME:
# ATHENS_CLOUD_RUNTIME:
# ATHENS_DOWNLOAD_MODE:
# ATHENS_DOWNLOAD_URL:
# ATHENS_ETCD_ENDPOINTS:
# ATHENS_EXTERNAL_STORAGE_URL:
@@ -67,7 +61,6 @@ config: {}
# ATHENS_MONGO_DEFAULT_DATABASE:
# ATHENS_MONGO_INSECURE:
# ATHENS_MONGO_STORAGE_URL:
# ATHENS_NETRC_PATH:
# ATHENS_PATH_PREFIX:
# ATHENS_PORT:
# ATHENS_PROTOCOL_WORKERS:
@@ -80,7 +73,6 @@ config: {}
# ATHENS_STATS_EXPORTER:
# ATHENS_STORAGE_GCP_BUCKET:
# ATHENS_STORAGE_GCP_JSON_KEY:
# ATHENS_STORAGE_TYPE:
# ATHENS_SUM_DBS:
# ATHENS_TIMEOUT:
# ATHENS_TLSCERT_FILE:
@@ -102,98 +94,533 @@ config: {}
# MY_S3_BUCKET_NAME:
# PROXY_FORCE_SSL:
livenessProbe:
httpGet:
scheme: HTTP
path: /healthz
port: http
downloadMode:
## @param config.downloadMode.enabled Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined.
enabled: false
replicaCount: 1
## @param config.downloadMode.existingConfigMap.enabled Enable to use an external config map for mounting the download mode file.
## @param config.downloadMode.existingConfigMap.configMapName The name of the existing config map which should be used to mount the download mode file.
## @param config.downloadMode.existingConfigMap.downloadModeKey The name of the key inside the config map where the content of the download mode file is stored.
existingConfigMap:
enabled: false
configMapName: ""
downloadModeKey: "downloadMode"
serviceAccount:
## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file.
## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file.
## @param config.downloadMode.configMap.content The content of the download mode file.
configMap:
annotations: {}
labels: {}
content: |
# downloadURL = "https://proxy.golang.org"
#
# mode = "async_redirect"
#
# download "github.com/gomods/*" {
# mode = "sync"
# }
#
# download "golang.org/x/*" {
# mode = "none"
# }
#
# download "github.com/pkg/*" {
# mode = "redirect"
# downloadURL = "https://gocenter.io"
# }
service:
gitConfig:
## @param config.gitConfig.enabled Enable mounting of a .gitconfig file into the container file system.
enabled: false
## @param config.gitConfig.existingConfigMap.enabled Enable to use an external config map for mounting the .gitconfig file.
## @param config.gitConfig.existingConfigMap.configMapName The name of the existing config map which should be used to mount the .gitconfig file.
## @param config.gitConfig.existingConfigMap.gitConfigKey The name of the key inside the config map where the content of the .gitconfig file is stored.
existingConfigMap:
enabled: false
configMapName: ""
gitConfigKey:
## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the .gitconfig file.
## @param config.gitConfig.configMap.labels Additional labels of the config map containing the .gitconfig file.
## @param config.gitConfig.configMap.content The content of the .gitconfig file.
configMap:
annotations: {}
# externalIPs: []
# externalTrafficPolicy: "Cluster"
# loadBalancerClass: ""
# loadBalancerIP: ""
# loadBalancerSourceRanges: []
# internalTrafficPolicy: "Cluster"
name: http
targetPort: 3000
type: ClusterIP
port: 3000
labels: {}
content: |
# The .gitconfig file
#
# The .gitconfig file contains the user specific git configuration. It generally resides in the user's home
# directory.
#
# [url "git@github.com:"] insteadOf = https://github.com/
netrc:
## @param config.netrc.enabled Enable mounting of a .netrc file into the container file system.
enabled: false
## @param config.netrc.existingSecret.enabled Enable to use an external secret for mounting the .netrc file.
## @param config.netrc.existingSecret.secretName The name of the existing secret which should be used to mount the .netrc file.
## @param config.netrc.existingSecret.netrcKey The name of the key inside the secret where the content of the .netrc file is stored.
existingSecret:
enabled: false
secretName: ""
netrcKey: ".netrc"
## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials.
## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials.
## @param config.netrc.secret.content The content of the .netrc file.
secret:
annotations: {}
labels: {}
content: |
# The .netrc file
#
# The .netrc file contains login and initialization information used by the auto-login process. It generally
# resides in the user's home directory, but a location outside of the home directory can be set using the
# environment variable NETRC. Both locations are overridden by the command line option -N. The selected file
# must be a regular file, or access will be denied.
#
# https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
#
# default login [name] password [password/token]
# machine github.com [octocat] password [PAT]
# machine api.github.com [octocat] password [PAT]
ssh:
## @param config.ssh.enabled Enable mounting of a .netrc file into the container file system.
enabled: false
## @param config.ssh.existingSecret.enabled Enable to use an external secret for mounting the public and private SSH key files.
## @param config.ssh.existingSecret.secretName The name of the existing secret which should be used to mount the public and private SSH key files.
## @param config.ssh.existingSecret.configKey The name of the key inside the secret where the content of the SSH client config file is stored.
## @param config.ssh.existingSecret.id_ed25519Key The name of the key inside the secret where the content of the id_ed25519 key file is stored.
## @param config.ssh.existingSecret.id_ed25519PubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.
## @param config.ssh.existingSecret.id_rsaKey The name of the key inside the secret where the content of the id_rsa key file is stored.
## @param config.ssh.existingSecret.id_rsaPubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.
existingSecret:
enabled: false
secretName: ""
configKey: "config"
id_ed25519Key: "id_ed25519"
id_ed25519PubKey: "id_ed25519.pub"
id_rsaKey: "id_rsa"
id_rsaPubKey: "id_rsa.pub"
## @param config.ssh.secret.annotations Additional annotations of the secret containing the public and private SSH key files.
## @param config.ssh.secret.labels Additional labels of the secret containing the public and private SSH key files.
## @param config.ssh.secret.config The content of the SSH client config file.
## @skip config.ssh.secret.id_ed25519 The content of the private SSH ed25519 key.
## @skip config.ssh.secret.id_ed25519_pub The content of the public SSH ed25519 key.
## @skip config.ssh.secret.id_rsa The content of the private SSH RSA key.
## @skip config.ssh.secret.id_rsa_pub The content of the public SSH RSA key.
secret:
annotations: {}
labels: {}
config: |
# Host *
# IdentityFile ~/.ssh/id_ed25519
# IdentityFile ~/.ssh/id_rsa
id_ed25519: ""
id_ed25519_pub: ""
id_rsa: ""
id_rsa_pub: ""
## @section Deployment
deployment:
## @param deployment.annotations Additional deployment annotations.
## @param deployment.labels Additional deployment labels.
annotations: {}
labels: {}
## @param deployment.additionalContainers List of additional containers.
additionalContainers: []
# - command: [ "sh", "-c", "echo hello world" ]
# image: "docker.io/library/busybox:latest"
# name: side-car
## @param deployment.affinity Affinity for the athens-proxy deployment.
affinity: {}
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/os
# operator: In
# values:
# - linux
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 20
# preference:
# matchExpressions:
# - key: kubernetes.io/arch
# operator: In
# values:
# - amd64
## @param deployment.initContainers List of additional init containers.
initContainers: []
# - command: [ "sh", "-c", "echo hello world" ]
# image: "docker.io/library/busybox:latest"
# name: init
## @param deployment.dnsConfig dnsConfig of the athens-proxy deployment.
dnsConfig: {}
# nameservers:
# - 192.0.2.1 # this is an example
# searches:
# - ns1.svc.cluster-domain.example
# - my.dns.search.suffix
# options:
# - name: ndots
# value: "2"
# - name: edns0
## @param deployment.dnsPolicy dnsPolicy of the athens-proxy deployment.
dnsPolicy: ""
## @param deployment.hostname Individual hostname of the pod.
## @param deployment.subdomain Individual domain of the pod.
hostname: ""
subdomain: ""
## @param deployment.hostNetwork Use the kernel network namespace of the host system.
hostNetwork: false
## @param deployment.imagePullSecrets Secret to use for pulling the image.
imagePullSecrets: []
# - name: "my-custom-secret"
athensProxy:
## @param deployment.athensProxy.args Arguments passed to the athens-proxy container.
args: []
## @param deployment.athensProxy.command Command passed to the athens-proxy container.
command: []
## @param deployment.athensProxy.env List of environment variables for the athens-proxy container.
env: []
# - name: SPECIAL_ENV_A
# value: special-key
# - name: SPECIAL_ENV
# valueFrom:
# configMapKeyRef:
# name: special-config
# key: special-key
# - name: SPECIAL_ENV
# valueFrom:
# secretKeyRef:
# name: special-secret
# key: special-key
## @param deployment.athensProxy.envFrom List of environment variables mounted from configMaps or secrets for the athens-proxy container.
envFrom: []
# - configMapRef:
# name: special-config
# - secretRef:
# name: special-secret
## @param deployment.athensProxy.image.registry Image registry, eg. `docker.io`.
## @param deployment.athensProxy.image.repository Image repository, eg. `library/busybox`.
## @param deployment.athensProxy.image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`.
## @param deployment.athensProxy.image.pullPolicy Image pull policy.
image:
registry: docker.io
repository: gomods/athens
tag: ""
pullPolicy: IfNotPresent
## @param deployment.athensProxy.resources CPU and memory resources of the pod.
resources: {}
# limits:
# cpu:
# ephemeral-storage:
# memory:
# requests:
# cpu:
# ephemeral-storage:
# memory:
## @param deployment.athensProxy.securityContext Security context of the container of the deployment.
securityContext: {}
# capabilities:
# add:
# - NET_RAW
# drop:
# - ALL
# privileged: false
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
## @param deployment.athensProxy.volumeMounts Additional volume mounts.
volumeMounts: []
# - name: my-configmap-volume
# mountPath: /configmap
# readOnly: true
## @param deployment.nodeSelector NodeSelector of the athens-proxy deployment.
nodeSelector: {}
## @param deployment.priorityClassName PriorityClassName of the athens-proxy deployment.
priorityClassName: ""
## @param deployment.replicas Number of replicas for the athens-proxy deployment.
replicas: 1
## @param deployment.restartPolicy Restart policy of the athens-proxy deployment.
restartPolicy: ""
## @param deployment.securityContext Security context of the athens-proxy deployment.
securityContext: {}
# fsGroup: 2000
## @param deployment.strategy.type Strategy type - `Recreate` or `RollingUpdate`.
## @param deployment.strategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update.
## @param deployment.strategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update.
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod.
terminationGracePeriodSeconds: 60
## @param deployment.tolerations Tolerations of the athens-proxy deployment.
tolerations: []
# - key: database/type
# operator: Equal
# value: postgres
# effect: NoSchedule
## @param deployment.topologySpreadConstraints TopologySpreadConstraints of the athens-proxy deployment.
topologySpreadConstraints: []
# - topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/instance: prometheus-athens-proxy
## @param deployment.volumes Additional volumes to mount into the pods of the prometheus-exporter deployment.
volumes: []
# - name: my-configmap-volume
# config:
# name: my-configmap
# - name: my-secret-volume
# secret:
# secretName: my-secret
## @section Horizontal Pod Autoscaler (HPA)
# In order for the HPA to function successfully, a metric server is required, especially for resource consumption. The
# metric server enables the CPU and memory utilisation to be recorded. If such a metric server is not available, the HPA
# cannot scale pods based on CPU or memory utilisation. Further information be be found here:
# https://github.com/kubernetes-sigs/metrics-server#deployment
hpa:
## @param hpa.enabled Enable the horizontal pod autoscaler (HPA).
## @param hpa.annotations Additional annotations for the HPA.
## @param hpa.labels Additional labels for the HPA.
## @param hpa.metrics Metrics contains the specifications for which to use to calculate the desired replica count.
## @skip hpa.metrics Skip individual HPA metric configurations.
## @param hpa.minReplicas Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down.
## @param hpa.maxReplicas Upper limit for the number of pods that can be set by the autoscaler.
enabled: false
annotations: {}
labels: {}
metrics:
- resource:
name: cpu
target:
averageUtilization: 65
type: Utilization
type: Resource
# - resource:
# name: memory
# target:
# averageUtilization: 65
# type: Utilization
minReplicas: 1
maxReplicas: 10
## @section Ingress
ingress:
## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled.
## @param ingress.className Ingress class.
## @param ingress.annotations Additional ingress annotations.
## @param ingress.labels Additional ingress labels.
enabled: false
className: "nginx"
annotations: {}
# kubernetes.io/ingress.class: nginx
# cert-manager.io/issuer:
# kubernetes.io/tls-acme: "true"
hosts:
- host: "your-hostname"
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: "your-tls-secret"
hosts:
- "your-hostname"
labels: {}
readinessProbe:
httpGet:
scheme: HTTP
path: /healthz
port: http
## @param ingress.hosts Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k.
## @skip ingress.hosts Skip individual host configuration.
hosts: []
# - host: athens-proxy.example.local
# paths:
# - path: /
# pathType: Prefix
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## @param ingress.tls Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``.
## @skip ingress.tls Skip individual TLS configuration.
tls: []
# - secretName: athens-proxy-http-tls
# hosts:
# - athens-proxy.example.local
nodeSelector:
kubernetes.io/arch: amd64
## @section Persistence
persistence:
## @param persistence.enabled Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined.
enabled: false
tolerations: []
data:
## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`.
mountPath: "/var/www/athens-proxy/data"
# extra volumes for the pod
extraVolumes: {}
# The following example mount the same secret, which contains tls certificates
# under different names. Each volume mount contains only selected items of the
# secret. This make it easier to place the items on different locations inside the
# container filesystem via extraVolumeMounts.
# - name: custom-ca-anchor
# secret:
# secretName: athens-proxy-custom-tls-certificates
# items:
# - key: ca.crt
# path: ca.crt
# mode: 0444
# - name: custom-tls-certificates
# secret:
# secretName: athens-proxy-custom-tls-certificates
# items:
# - key: tls.key
# path: tls.key
# mode: 0400
# - key: tls.crt
# path: tls.crt
# mode: 0444
## @param persistence.data.existingPersistentVolumeClaim.enabled TODO
## @param persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName TODO
existingPersistentVolumeClaim:
enabled: false
persistentVolumeClaimName: ""
extraVolumeMounts: {}
# The following example follows the example of extraVolumes and mounts the
# volumes to the corresponding paths in the container filesystem.
# - name: custom-ca-anchor
# mountPath: /usr/local/share/ca-certificates
# - name: custom-tls-certificates
# mountPath: /etc/athens-proxy/tls
## @param persistence.data.persistentVolumeClaim.annotations Additional persistent volume claim annotations.
## @param persistence.data.persistentVolumeClaim.labels Additional persistent volume claim labels.
## @param persistence.data.persistentVolumeClaim.accessModes Access modes of the persistent volume claim.
## @param persistence.data.persistentVolumeClaim.storageClass Storage class of the persistent volume claim.
## @param persistence.data.persistentVolumeClaim.storageSize Size of the persistent volume claim.
persistentVolumeClaim:
annotations: {}
labels: {}
accessModes:
- ReadWriteMany
storageClass: ""
storageSize: "5Gi"
## @section NetworkPolicies
## @param networkPolicies.enabled Enable network policies in general.
networkPolicies:
enabled: false
## @param networkPolicies.default.enabled Enable the network policy for accessing the application by default. For example to scape the metrics.
## @param networkPolicies.default.annotations Additional network policy annotations.
## @param networkPolicies.default.labels Additional network policy labels.
## @param networkPolicies.default.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
## @param networkPolicies.default.egress Concrete egress network policy implementation.
## @skip networkPolicies.default.egress Skip individual egress configuration.
## @param networkPolicies.default.ingress Concrete ingress network policy implementation.
## @skip networkPolicies.default.ingress Skip individual ingress configuration.
default:
enabled: false
annotations: {}
labels: {}
policyTypes: []
# - Egress
# - Ingress
egress: []
# Allow outgoing traffic to database host
#
# - to:
# - ipBlock:
# cidr: 192.168.179.1/32
# ports:
# - port: 5432
# protocol: TCP
# Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
#
# - to:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: kube-system
# podSelector:
# matchLabels:
# k8s-app: kube-dns
# ports:
# - port: 53
# protocol: TCP
# - port: 53
# protocol: UDP
ingress: []
# Allow incoming HTTP traffic from prometheus.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: monitoring
# podSelector:
# matchLabels:
# app.kubernetes.io/name: prometheus
# ports:
# - port: http
# protocol: TCP
# Allow incoming HTTP traffic from ingress-nginx.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: ingress-nginx
# podSelector:
# matchLabels:
# app.kubernetes.io/name: ingress-nginx
# ports:
# - port: http
# protocol: TCP
## @section Service
## @param services.http.enabled Enable the service.
## @param services.http.annotations Additional service annotations.
## @param services.http.externalIPs External IPs for the service.
## @param services.http.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation.
## @param services.http.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic.
## @param services.http.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization.
## @param services.http.labels Additional service labels.
## @param services.http.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`.
## @param services.http.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.
## @param services.http.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.
## @param services.http.port Port to forward the traffic to.
## @param services.http.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.
## @param services.http.sessionAffinityConfig Contains the configuration of the session affinity.
## @param services.http.type Kubernetes service type for the traffic.
services:
http:
enabled: true
annotations: {}
externalIPs: []
externalTrafficPolicy: "Cluster"
internalTrafficPolicy: "Cluster"
ipFamilies: []
labels: {}
loadBalancerClass: ""
loadBalancerIP: ""
loadBalancerSourceRanges: []
port: 3000
sessionAffinity: "None"
sessionAffinityConfig: {}
type: "ClusterIP"
## @section ServiceAccount
serviceAccount:
## @param serviceAccount.existing.enabled Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations.
## @param serviceAccount.existing.serviceAccountName Name of the existing service account.
existing:
enabled: false
serviceAccountName: ""
## @param serviceAccount.new.annotations Additional service account annotations.
## @param serviceAccount.new.labels Additional service account labels.
## @param serviceAccount.new.automountServiceAccountToken Enable/disable auto mounting of the service account token.
## @param serviceAccount.new.imagePullSecrets ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount.
## @param serviceAccount.new.secrets Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.
new:
annotations: {}
labels: {}
automountServiceAccountToken: true
imagePullSecrets: []
# - name: "my-image-pull-secret"
secrets: []
# - name: "my-secret"
# namespace: "my-namespace"
# fieldPath: "my-field"