volker.raschek/athens-proxy-charts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: volker.raschek:00c2f285b112b79db56266c52a3e96502686cd64
Branches Tags
volker.raschek:master
volker.raschek:1.1.1 volker.raschek:1.1.0 volker.raschek:1.0.3 volker.raschek:1.0.2 volker.raschek:1.0.1 volker.raschek:1.0.0 volker.raschek:0.2.1 volker.raschek:0.2.0 volker.raschek:0.1.5 volker.raschek:0.1.4 volker.raschek:0.1.3 volker.raschek:0.1.2 volker.raschek:0.1.1 volker.raschek:0.1.0
..
compare: volker.raschek:1.0.1
Branches Tags
volker.raschek:master
volker.raschek:1.1.1 volker.raschek:1.1.0 volker.raschek:1.0.3 volker.raschek:1.0.2 volker.raschek:1.0.1 volker.raschek:1.0.0 volker.raschek:0.2.1 volker.raschek:0.2.0 volker.raschek:0.1.5 volker.raschek:0.1.4 volker.raschek:0.1.3 volker.raschek:0.1.2 volker.raschek:0.1.1 volker.raschek:0.1.0

74 Commits
00c2f285b1 ... 1.0.1

Author SHA1 Message Date
Markus Pesch
3bce806ed6 fix(deployment): mount environment variables and volumes only when enabled
All checks were successful
Helm / helm-lint (push) Successful in 7s
Details
Helm / helm-unittest (push) Successful in 15s
Details
Release / publish-chart (push) Successful in 8s
Details
2025-10-12 21:55:31 +02:00
Markus Pesch
5c09cf8c79 docs(README): skip rendering of file content
All checks were successful
Helm / helm-lint (push) Successful in 7s
Details
Helm / helm-unittest (push) Successful in 6s
Details
Generate README / generate-parameters (push) Successful in 28s
Details
Markdown linter / markdown-link-checker (push) Successful in 12s
Details
Markdown linter / markdown-lint (push) Successful in 28s
Details
2025-10-12 21:11:45 +02:00
Markus Pesch
d4b5c0c86f fix(Chart): adapt annotation 'artifacthub.io/links'
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-10-12 20:54:08 +02:00
Markus Pesch
74598b4ee0 docs(README): mention upstream https://proxy.golang.org
Some checks failed
Generate README / generate-parameters (push) Successful in 29s
Details
Helm / helm-lint (push) Successful in 17s
Details
Helm / helm-unittest (push) Successful in 15s
Details
Markdown linter / markdown-link-checker (push) Successful in 31s
Details
Markdown linter / markdown-lint (push) Failing after 27s
Details
Release / publish-chart (push) Successful in 1m56s
Details
2025-10-12 19:19:09 +02:00
Markus Pesch
b06c1962cc docs(README): update chart version to 1.0.0
Some checks failed
Helm / helm-lint (push) Successful in 51s
Details
Generate README / generate-parameters (push) Successful in 1m8s
Details
Helm / helm-unittest (push) Has been cancelled
Details
Markdown linter / markdown-lint (push) Has been cancelled
Details
Markdown linter / markdown-link-checker (push) Has started running
Details
2025-10-12 19:17:49 +02:00
Markus Pesch
991c545c93 test(deployment): adapt download mode url
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-10-12 19:06:55 +02:00
Markus Pesch
7c60c70244 docs(README): avoid CPU throttling by defining a CPU limit
Some checks failed
Helm / helm-lint (push) Successful in 11s
Details
Helm / helm-unittest (push) Failing after 7s
Details
Generate README / generate-parameters (push) Successful in 29s
Details
Markdown linter / markdown-link-checker (push) Successful in 12s
Details
Markdown linter / markdown-lint (push) Failing after 27s
Details
2025-10-12 19:04:26 +02:00
Markus Pesch
0e048cdf4b docs(README): adapt downloadURL
Some checks failed
Generate README / generate-parameters (push) Successful in 10s
Details
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (push) Failing after 6s
Details
Markdown linter / markdown-lint (push) Failing after 9s
Details
Markdown linter / markdown-link-checker (push) Successful in 35s
Details
2025-10-12 18:58:24 +02:00
Markus Pesch
89604cbe64 docs(README): mount secret with environment variables
Some checks failed
Helm / helm-lint (push) Successful in 7s
Details
Helm / helm-unittest (push) Successful in 7s
Details
Generate README / generate-parameters (push) Successful in 30s
Details
Markdown linter / markdown-link-checker (push) Failing after 2m16s
Details
Markdown linter / markdown-lint (push) Failing after 2m10s
Details
2025-10-12 18:48:40 +02:00
Markus Pesch
f63450aec4 fix(deployment): mount secret with environment variables
Some checks failed
Generate README / generate-parameters (push) Failing after 10s
Details
Helm / helm-lint (push) Has been cancelled
Details
Helm / helm-unittest (push) Has been cancelled
Details
2025-10-12 18:48:18 +02:00
Markus Pesch
d1e5accccb fix: supprt automatically roll deployments
All checks were successful
Helm / helm-unittest (push) Successful in 8s
Details
Helm / helm-lint (push) Successful in 1m1s
Details
2025-10-12 18:00:06 +02:00
Markus Pesch
fbd846784c fix(networkPolicy): use single network policy
Some checks failed
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 7s
Details
Markdown linter / markdown-link-checker (push) Successful in 11s
Details
Generate README / generate-parameters (push) Failing after 28s
Details
Markdown linter / markdown-lint (push) Successful in 17s
Details
2025-10-12 17:21:05 +02:00
Markus Pesch
bab5282617 fix(Chart): remove maintainer section
Some checks failed
Helm / helm-unittest (push) Failing after 19m53s
Details
Helm / helm-lint (push) Failing after 19m55s
Details
2025-10-12 17:07:26 +02:00
Markus Pesch
307660c767 refac: remove obsolete directory athens-proxy
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-10-12 17:05:51 +02:00
Markus Pesch
59b43aac79 fix(configMap): enable downloadURL and mode by default
Some checks failed
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 6s
Details
Generate README / generate-parameters (push) Successful in 28s
Details
Markdown linter / markdown-link-checker (push) Failing after 14s
Details
Markdown linter / markdown-lint (push) Failing after 33s
Details
2025-10-12 16:54:36 +02:00
Markus Pesch
85a38e7d22 fix(deployment): remove leading v of the container image tag
All checks were successful
Helm / helm-lint (push) Successful in 21s
Details
Helm / helm-unittest (push) Successful in 17s
Details
2025-10-12 16:49:43 +02:00
Markus Pesch
2005fb8e05 fix(ci): update workflows and make targets
All checks were successful
Helm / helm-lint (push) Successful in 7s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-10-12 16:37:24 +02:00
Markus Pesch
5f78a0f071 fix(config): support the download mode file
Some checks failed
Helm / helm-lint (push) Successful in 8s
Details
Helm / helm-unittest (push) Successful in 13s
Details
Generate README / generate-parameters (push) Successful in 29s
Details
Markdown linter / markdown-link-checker (push) Failing after 21s
Details
Markdown linter / markdown-lint (push) Failing after 27s
Details
2025-10-12 16:33:21 +02:00
Markus Pesch
c157c8c210 fix(config): support ssh 2025-10-12 16:33:21 +02:00
CSRBot
5b9fa88dd6 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.10.0' (#98) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 6s
Details
2025-10-12 13:04:19 +00:00
CSRBot
458037db70 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.10.0' (#97) from renovate/actions into master
Some checks failed
Helm / helm-lint (push) Successful in 7s
Details
Helm / helm-unittest (push) Has been cancelled
Details
2025-10-12 13:03:44 +00:00
CSRBot
b1bb94f0bd Merge pull request 'chore(deps): update dependency markdown-link-check to v3.14.0' (#99) from renovate/markdown-link-check-3.x-lockfile into master
Some checks failed
Helm / helm-lint (push) Has been cancelled
Details
Helm / helm-unittest (push) Has been cancelled
Details
2025-10-12 13:02:48 +00:00
CSRBot
62a92fdabb chore(deps): update docker.io/library/node docker tag to v24.10.0
Some checks failed
Generate README / generate-parameters (push) Failing after 9s
Details
Helm / helm-unittest (push) Successful in 6s
Details
Helm / helm-lint (push) Successful in 15s
Details
Generate README / generate-parameters (pull_request) Failing after 16s
Details
Helm / helm-unittest (pull_request) Successful in 7s
Details
Helm / helm-lint (pull_request) Successful in 16s
Details
2025-10-12 13:02:25 +00:00
CSRBot
a01b0143c0 chore(deps): update docker.io/library/node docker tag to v24.10.0
Some checks failed
Generate README / generate-parameters (push) Failing after 21s
Details
Helm / helm-unittest (push) Successful in 6s
Details
Helm / helm-lint (push) Successful in 16s
Details
Generate README / generate-parameters (pull_request) Failing after 9s
Details
Helm / helm-unittest (pull_request) Successful in 6s
Details
Helm / helm-lint (pull_request) Successful in 15s
Details
2025-10-12 13:02:13 +00:00
CSRBot
953fd85f53 chore(deps): update dependency markdown-link-check to v3.14.1
Some checks failed
Generate README / generate-parameters (push) Failing after 10s
Details
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (push) Successful in 6s
Details
Helm / helm-lint (pull_request) Successful in 6s
Details
Helm / helm-unittest (pull_request) Successful in 9s
Details
Generate README / generate-parameters (pull_request) Failing after 40s
Details
2025-10-12 13:02:04 +00:00
Markus Pesch
bf721d8af1 fix(config): support gitconfig
Some checks failed
Helm / helm-lint (push) Successful in 18s
Details
Generate README / generate-parameters (push) Failing after 21s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-10-12 13:00:34 +02:00
Markus Pesch
60fdfd90e1 test(configMap): gitConfig
All checks were successful
Helm / helm-lint (push) Successful in 8s
Details
Helm / helm-unittest (push) Successful in 6s
Details
2025-10-12 12:25:24 +02:00
Markus Pesch
71164d60ae docs(README): describe .gitconfig properties
Some checks failed
Helm / helm-lint (push) Successful in 11s
Details
Helm / helm-unittest (push) Failing after 6s
Details
Generate README / generate-parameters (push) Failing after 30s
Details
2025-10-03 16:29:29 +02:00
Markus Pesch
a00d40b792 fix(config): support netrc 2025-10-03 16:29:29 +02:00
Markus Pesch
d02f63be7a fix: improve chart 2025-10-03 16:29:27 +02:00
CSRBot
744938f8f4 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.9.0' (#96) from renovate/container-images into master
All checks were successful
Helm / helm-unittest (push) Successful in 6s
Details
Helm / helm-lint (push) Successful in 13s
Details
2025-09-26 22:02:28 +00:00
CSRBot
e3185b2482 chore(deps): update docker.io/library/node docker tag to v24.9.0
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-lint (pull_request) Successful in 5s
Details
Helm / helm-unittest (pull_request) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 14s
Details
2025-09-26 22:01:55 +00:00
CSRBot
e2fab050d3 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.9.0' (#95) from renovate/actions into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-09-26 19:03:42 +00:00
CSRBot
83336c7f87 chore(deps): update docker.io/library/node docker tag to v24.9.0
All checks were successful
Helm / helm-unittest (push) Successful in 6s
Details
Helm / helm-lint (push) Successful in 13s
Details
Helm / helm-lint (pull_request) Successful in 5s
Details
Helm / helm-unittest (pull_request) Successful in 15s
Details
2025-09-26 19:02:59 +00:00
CSRBot
1e2a31edaa Merge pull request 'chore(deps): update volkerraschek/helm docker tag to v3.19.0' (#94) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 6s
Details
2025-09-21 13:02:37 +00:00
CSRBot
0b39de958a Merge pull request 'chore(deps): update docker.io/volkerraschek/helm docker tag to v3.19.0' (#93) from renovate/actions into master
Some checks failed
Helm / helm-unittest (push) Successful in 6s
Details
Helm / helm-lint (push) Has been cancelled
Details
2025-09-21 13:02:14 +00:00
CSRBot
a0abe49b23 chore(deps): update volkerraschek/helm docker tag to v3.19.0
All checks were successful
Helm / helm-lint (push) Successful in 7s
Details
Helm / helm-lint (pull_request) Successful in 7s
Details
Helm / helm-unittest (push) Successful in 15s
Details
Helm / helm-unittest (pull_request) Successful in 6s
Details
2025-09-21 13:01:47 +00:00
CSRBot
cc46ad7af1 chore(deps): update docker.io/volkerraschek/helm docker tag to v3.19.0
All checks were successful
Helm / helm-lint (push) Successful in 10s
Details
Helm / helm-lint (pull_request) Successful in 7s
Details
Helm / helm-unittest (pull_request) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 28s
Details
2025-09-21 13:01:36 +00:00
CSRBot
cd9a843a96 Merge pull request 'chore(deps): update actions/checkout action to v5' (#92) from renovate/actions-checkout-5.x into master
All checks were successful
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-09-19 20:10:42 +00:00
CSRBot
6b0d2ff350 chore(deps): update actions/checkout action to v5
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 6s
Details
Helm / helm-lint (pull_request) Successful in 5s
Details
Helm / helm-unittest (pull_request) Successful in 6s
Details
2025-09-18 16:50:20 +00:00
CSRBot
ccd7c9a1cd Merge pull request 'chore(deps): update gomods/athens docker tag to v0.16.1' (#91) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 13s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-09-12 22:03:27 +00:00
CSRBot
b169136c37 chore(deps): update gomods/athens docker tag to v0.16.1
All checks were successful
Helm / helm-lint (push) Successful in 15s
Details
Helm / helm-unittest (push) Successful in 14s
Details
Helm / helm-lint (pull_request) Successful in 15s
Details
Helm / helm-unittest (pull_request) Successful in 15s
Details
2025-09-12 22:02:15 +00:00
CSRBot
9b4a708f29 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.8.0' (#90) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 17s
Details
Helm / helm-unittest (push) Successful in 18s
Details
2025-09-11 01:04:28 +00:00
CSRBot
053036bcd5 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.8.0' (#89) from renovate/actions into master
Some checks failed
Helm / helm-unittest (push) Has been cancelled
Details
Helm / helm-lint (push) Has been cancelled
Details
2025-09-11 01:03:14 +00:00
CSRBot
783e244cd3 chore(deps): update docker.io/library/node docker tag to v24.8.0
All checks were successful
Helm / helm-lint (push) Successful in 15s
Details
Helm / helm-unittest (push) Successful in 16s
Details
Helm / helm-lint (pull_request) Successful in 16s
Details
Helm / helm-unittest (pull_request) Successful in 18s
Details
2025-09-11 01:02:02 +00:00
CSRBot
41da943040 chore(deps): update docker.io/library/node docker tag to v24.8.0
All checks were successful
Helm / helm-lint (push) Successful in 22s
Details
Helm / helm-unittest (push) Successful in 18s
Details
Helm / helm-lint (pull_request) Successful in 16s
Details
Helm / helm-unittest (pull_request) Successful in 18s
Details
2025-09-11 01:01:47 +00:00
CSRBot
9ef0317677 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.7.0' (#88) from renovate/container-images into master
All checks were successful
Helm / helm-unittest (push) Successful in 14s
Details
Helm / helm-lint (push) Successful in 17s
Details
2025-08-28 13:02:54 +00:00
CSRBot
5a890741e4 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.7.0' (#87) from renovate/actions into master
Some checks failed
Helm / helm-unittest (push) Has been cancelled
Details
Helm / helm-lint (push) Has been cancelled
Details
2025-08-28 13:02:21 +00:00
CSRBot
cd16ddc5d8 chore(deps): update docker.io/library/node docker tag to v24.7.0
All checks were successful
Helm / helm-unittest (push) Successful in 15s
Details
Helm / helm-lint (push) Successful in 15s
Details
Helm / helm-lint (pull_request) Successful in 15s
Details
Helm / helm-unittest (pull_request) Successful in 15s
Details
2025-08-28 13:01:48 +00:00
CSRBot
fd4c9d7e62 chore(deps): update docker.io/library/node docker tag to v24.7.0
All checks were successful
Helm / helm-lint (push) Successful in 20s
Details
Helm / helm-unittest (push) Successful in 14s
Details
Helm / helm-lint (pull_request) Successful in 18s
Details
Helm / helm-unittest (pull_request) Successful in 15s
Details
2025-08-28 13:01:33 +00:00
CSRBot
265ac3d9a9 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.6.0' (#86) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 14s
Details
2025-08-15 22:02:05 +00:00
CSRBot
7d20373804 chore(deps): update docker.io/library/node docker tag to v24.6.0
All checks were successful
Helm / helm-lint (push) Successful in 5s
Details
Helm / helm-unittest (pull_request) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 16s
Details
Helm / helm-lint (pull_request) Successful in 14s
Details
2025-08-15 22:01:36 +00:00
CSRBot
2117bbed96 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.6.0' (#85) from renovate/actions into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 16s
Details
2025-08-15 19:02:19 +00:00
CSRBot
a47f528585 chore(deps): update docker.io/library/node docker tag to v24.6.0
All checks were successful
Helm / helm-unittest (push) Successful in 6s
Details
Helm / helm-lint (push) Successful in 15s
Details
Helm / helm-unittest (pull_request) Successful in 7s
Details
Helm / helm-lint (pull_request) Successful in 22s
Details
2025-08-15 19:01:36 +00:00
CSRBot
716f6b06c3 Merge pull request 'chore(deps): update volkerraschek/helm docker tag to v3.18.5' (#84) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 13s
Details
Helm / helm-unittest (push) Successful in 18s
Details
2025-08-14 16:02:28 +00:00
CSRBot
ee5111da20 Merge pull request 'chore(deps): update docker.io/volkerraschek/helm docker tag to v3.18.5' (#83) from renovate/actions into master
Some checks failed
Helm / helm-unittest (push) Successful in 5s
Details
Helm / helm-lint (push) Has been cancelled
Details
2025-08-14 16:02:11 +00:00
CSRBot
d954b2e3e7 chore(deps): update volkerraschek/helm docker tag to v3.18.5
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 6s
Details
Helm / helm-unittest (pull_request) Successful in 5s
Details
Helm / helm-lint (pull_request) Successful in 15s
Details
2025-08-14 16:01:40 +00:00
CSRBot
840ee10717 chore(deps): update docker.io/volkerraschek/helm docker tag to v3.18.5
All checks were successful
Helm / helm-lint (push) Successful in 11s
Details
Helm / helm-unittest (pull_request) Successful in 8s
Details
Helm / helm-lint (pull_request) Successful in 27s
Details
Helm / helm-unittest (push) Successful in 37s
Details
2025-08-14 16:01:30 +00:00
CSRBot
c5772856e3 Merge pull request 'chore(deps): update actions/checkout action to v4.3.0' (#81) from renovate/actions into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 6s
Details
2025-08-11 13:26:27 +00:00
CSRBot
f047c145e2 chore(deps): update actions/checkout action to v4.3.0
All checks were successful
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (push) Successful in 15s
Details
Helm / helm-lint (pull_request) Successful in 15s
Details
Helm / helm-unittest (pull_request) Successful in 13s
Details
2025-08-11 13:04:35 +00:00
CSRBot
7c0c6f4270 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.5.0' (#80) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 16s
Details
Helm / helm-unittest (push) Successful in 16s
Details
2025-08-04 13:02:55 +00:00
CSRBot
3cab48dd3c Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.5.0' (#79) from renovate/actions into master
Some checks failed
Helm / helm-lint (push) Has been cancelled
Details
Helm / helm-unittest (push) Has been cancelled
Details
2025-08-04 13:02:21 +00:00
CSRBot
50e21e10d8 chore(deps): update docker.io/library/node docker tag to v24.5.0
All checks were successful
Helm / helm-lint (push) Successful in 16s
Details
Helm / helm-unittest (push) Successful in 15s
Details
Helm / helm-lint (pull_request) Successful in 16s
Details
Helm / helm-unittest (pull_request) Successful in 15s
Details
2025-08-04 13:01:51 +00:00
CSRBot
5b70f5e5fa chore(deps): update docker.io/library/node docker tag to v24.5.0
All checks were successful
Helm / helm-lint (push) Successful in 15s
Details
Helm / helm-unittest (push) Successful in 17s
Details
Helm / helm-lint (pull_request) Successful in 16s
Details
Helm / helm-unittest (pull_request) Successful in 18s
Details
2025-08-04 13:01:36 +00:00
CSRBot
09d205316e chore(deps): update docker.io/library/node docker tag to v24.4.1
All checks were successful
Helm / helm-lint (pull_request) Successful in 13s
Details
Helm / helm-unittest (pull_request) Successful in 15s
Details
Helm / helm-unittest (push) Successful in 13s
Details
Helm / helm-lint (push) Successful in 15s
Details
2025-07-16 22:01:52 +00:00
CSRBot
c1e686fc2d chore(deps): update docker.io/library/node docker tag to v24.4.1
All checks were successful
Helm / helm-lint (pull_request) Successful in 17s
Details
Helm / helm-unittest (pull_request) Successful in 17s
Details
Helm / helm-unittest (push) Successful in 14s
Details
Helm / helm-lint (push) Successful in 15s
Details
2025-07-16 19:01:21 +00:00
CSRBot
cfb5978593 chore(deps): update dependency @bitnami/readme-generator-for-helm to v2.7.2
All checks were successful
Helm / helm-lint (pull_request) Successful in 15s
Details
Helm / helm-unittest (pull_request) Successful in 16s
Details
Helm / helm-lint (push) Successful in 12s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-07-14 10:01:28 +00:00
CSRBot
e04a9baec1 chore(deps): update volkerraschek/helm docker tag to v3.18.4
All checks were successful
Helm / helm-lint (pull_request) Successful in 14s
Details
Helm / helm-unittest (pull_request) Successful in 15s
Details
Helm / helm-unittest (push) Successful in 13s
Details
Helm / helm-lint (push) Successful in 15s
Details
2025-07-13 01:01:41 +00:00
CSRBot
72908cae0b chore(deps): update docker.io/volkerraschek/helm docker tag to v3.18.4
All checks were successful
Helm / helm-lint (pull_request) Successful in 17s
Details
Helm / helm-unittest (pull_request) Successful in 12s
Details
Helm / helm-lint (push) Successful in 15s
Details
Helm / helm-unittest (push) Successful in 16s
Details
2025-07-12 22:01:33 +00:00
CSRBot
8c6f4db7f5 chore(deps): update docker.io/library/node docker tag to v24.4.0
All checks were successful
Helm / helm-unittest (pull_request) Successful in 14s
Details
Helm / helm-lint (pull_request) Successful in 15s
Details
Helm / helm-lint (push) Successful in 15s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-07-09 19:37:12 +00:00
CSRBot
5eae090f40 chore(deps): update docker.io/library/node docker tag to v24.4.0
All checks were successful
Helm / helm-lint (pull_request) Successful in 16s
Details
Helm / helm-unittest (pull_request) Successful in 18s
Details
Helm / helm-lint (push) Successful in 13s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-07-09 19:01:19 +00:00
CSRBot
60ed4abe97 chore(deps): update docker.io/library/node docker tag to v24.3.0
All checks were successful
Helm / helm-unittest (pull_request) Successful in 6s
Details
Helm / helm-lint (pull_request) Successful in 17s
Details
Helm / helm-lint (push) Successful in 12s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-06-25 19:01:38 +00:00
CSRBot
1179b51895 chore(deps): update docker.io/library/node docker tag to v24.3.0
All checks were successful
Helm / helm-lint (pull_request) Successful in 6s
Details
Helm / helm-unittest (pull_request) Successful in 16s
Details
Helm / helm-lint (push) Successful in 13s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-06-25 16:01:20 +00:00
CSRBot
1fcf9e7d4b chore(deps): update dependency @bitnami/readme-generator-for-helm to v2.7.1
All checks were successful
Helm / helm-lint (pull_request) Successful in 17s
Details
Helm / helm-unittest (pull_request) Successful in 15s
Details
Helm / helm-unittest (push) Successful in 5s
Details
Helm / helm-lint (push) Successful in 15s
Details
2025-06-25 10:02:32 +00:00
61 changed files with 4400 additions and 567 deletions
Expand all files Collapse all files

114
.gitea/scripts/add-annotations.sh Executable file
View File

@@ -0,0 +1,114 @@
#!/bin/bash
set -e
CHART_FILE="Chart.yaml"
if [ ! -f "${CHART_FILE}" ]; then
echo "ERROR: ${CHART_FILE} not found!" 1>&2
exit 1
fi
DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
if [ -z "${1}" ]; then
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
if [ -z "${OLD_TAG}" ]; then
OLD_TAG="${DEFAULT_OLD_TAG}"
fi
while [ -z "$(git tag --list "${OLD_TAG}")" ]; do
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
if [ -z "${OLD_TAG}" ]; then
OLD_TAG="${DEFAULT_OLD_TAG}"
fi
done
else
OLD_TAG=${1}
if [ -z "$(git tag --list "${OLD_TAG}")" ]; then
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
exit 1
fi
fi
if [ -z "${2}" ]; then
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
if [ -z "${NEW_TAG}" ]; then
NEW_TAG="${DEFAULT_NEW_TAG}"
fi
while [ -z "$(git tag --list "${NEW_TAG}")" ]; do
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
if [ -z "${NEW_TAG}" ]; then
NEW_TAG="${DEFAULT_NEW_TAG}"
fi
done
else
NEW_TAG=${2}
if [ -z "$(git tag --list "${NEW_TAG}")" ]; then
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
exit 1
fi
fi
CHANGE_LOG_YAML=$(mktemp)
echo "[]" > "${CHANGE_LOG_YAML}"
function map_type_to_kind() {
case "${1}" in
feat)
echo "added"
;;
fix)
echo "fixed"
;;
chore|style|test|ci|docs|refac)
echo "changed"
;;
revert)
echo "removed"
;;
sec)
echo "security"
;;
*)
echo "skip"
;;
esac
}
COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")"
echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}"
while IFS= read -r line; do
if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then
TYPE="${BASH_REMATCH[1]}"
KIND=$(map_type_to_kind "${TYPE}")
if [ "${KIND}" == "skip" ]; then
continue
fi
DESC="${BASH_REMATCH[3]}"
echo "- ${KIND}: ${DESC}"
jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new"
mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}"
fi
done <<< "${COMMIT_TITLES}"
if [ -s "${CHANGE_LOG_YAML}" ]; then
yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}"
yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}"
else
echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2
exit 1
fi
rm "${CHANGE_LOG_YAML}"

4
.gitea/workflows/generate-readme.yaml
View File

@@ -15,7 +15,7 @@ on:
jobs:
generate-parameters:
container:
image: docker.io/library/node:24.2.0-alpine
image: docker.io/library/node:24.10.0-alpine
runs-on:
- ubuntu-latest
steps:
@@ -23,7 +23,7 @@ jobs:
run: |
apk update
apk add git npm
- uses: actions/checkout@v4.2.2
- uses: actions/checkout@v5.0.0
- name: Generate parameter section in README
run: |
npm install

8
.gitea/workflows/helm.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs:
helm-lint:
container:
image: docker.io/volkerraschek/helm:3.18.3
image: docker.io/volkerraschek/helm:3.19.0
runs-on:
- ubuntu-latest
steps:
@@ -21,14 +21,14 @@ jobs:
run: |
apk update
apk add git npm
- uses: actions/checkout@v4.2.2
- uses: actions/checkout@v5.0.0
- name: Lint helm files
run: |
helm lint --values values.yaml .
helm-unittest:
container:
image: docker.io/volkerraschek/helm:3.18.3
image: docker.io/volkerraschek/helm:3.19.0
runs-on:
- ubuntu-latest
steps:
@@ -36,7 +36,7 @@ jobs:
run: |
apk update
apk add git npm
- uses: actions/checkout@v4.2.2
- uses: actions/checkout@v5.0.0
- name: Unittest
run: |
helm unittest --strict --file 'unittests/**/*.yaml' ./

8
.gitea/workflows/markdown-linters.yaml
View File

@@ -15,7 +15,7 @@ on:
jobs:
markdown-link-checker:
container:
image: docker.io/library/node:24.2.0-alpine
image: docker.io/library/node:24.10.0-alpine
runs-on:
- ubuntu-latest
steps:
@@ -23,7 +23,7 @@ jobs:
run: |
apk update
apk add git npm
- uses: actions/checkout@v4.2.2
- uses: actions/checkout@v5.0.0
- name: Verify links in markdown files
run: |
npm install
@@ -31,7 +31,7 @@ jobs:
markdown-lint:
container:
image: docker.io/library/node:24.2.0-alpine
image: docker.io/library/node:24.10.0-alpine
runs-on:
- ubuntu-latest
steps:
@@ -39,7 +39,7 @@ jobs:
run: |
apk update
apk add git
- uses: actions/checkout@v4.2.2
- uses: actions/checkout@v5.0.0
- name: Lint markdown files
run: |
npm install

39
.gitea/workflows/release.yaml
View File

@@ -8,15 +8,15 @@ on:
jobs:
publish-chart:
container:
image: docker.io/volkerraschek/helm:3.18.3
image: docker.io/volkerraschek/helm:3.19.0
runs-on: ubuntu-latest
steps:
- name: Install tooling
- name: Install packages via apk
run: |
apk update
apk add git npm yq
apk add git npm jq yq
- uses: actions/checkout@v4
- uses: actions/checkout@v5.0.0
with:
fetch-depth: 0
@@ -26,29 +26,36 @@ jobs:
OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
- name: Extract meta information
run: |
echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
- name: Update Helm Chart version in README.md
run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md
- name: Package chart
run: |
helm dependency build
helm package --version "${PACKAGE_VERSION}" ./
- name: Upload Chart to ChartMuseum
env:
CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
GITEA_SERVER_URL: ${{ github.server_url }}
run: |
PACKAGE_VERSION=${GITHUB_REF#refs/tags/}
REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2)
REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)
helm dependency build
helm package --version "${PACKAGE_VERSION}" ./
# chart-museum
helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
helm repo remove chartmuseum
# gitea
- name: Upload Chart to Gitea
env:
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
GITEA_SERVER_URL: ${{ github.server_url }}
run: |
helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
helm repo remove gitea

3
.gitignore vendored
View File

@@ -4,3 +4,6 @@ target
values2.yml
values2.yaml
*.tgz
install.sh
uninstall.sh

8
.vscode/extensions.json vendored Normal file
View File

@@ -0,0 +1,8 @@
{
"recommendations": [
"DavidAnson.vscode-markdownlint",
"esbenp.prettier-vscode",
"Tim-Koehler.helm-intellisense",
"yzhang.markdown-all-in-one"
]
}

20
.yamllint.yaml Normal file
View File

@@ -0,0 +1,20 @@
---
extends: default
ignore: |
.yamllint
node_modules
templates
rules:
truthy:
allowed-values: ['true', 'false']
check-keys: False
level: error
line-length: disable
document-start: disable
comments:
min-spaces-from-content: 1
braces:
max-spaces-inside: 2

12
Chart.yaml
View File

@@ -1,9 +1,15 @@
annotations:
artifacthub.io/links: |
- name: Athens proxy (binary)
url: https://github.com/gomods/athens
- name: support
url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues
apiVersion: v2
name: athens-proxy
description: Athens proxy server for golang
type: application
version: "0.1.0"
appVersion: "v0.16.0"
appVersion: "v0.16.1"
icon: https://github.com/gomods/athens/blob/main/docs/static/banner.png?raw=true
keywords:
@@ -16,7 +22,3 @@ sources:
- https://github.com/volker-raschek/athens-proxy-charts
- https://github.com/gomods/athens
- https://hub.docker.com/r/gomods/athens
maintainers:
- name: Markus Pesch
email: markus.pesch+apps@cryptic.systems

4
Makefile
View File

@@ -4,13 +4,13 @@ CONTAINER_RUNTIME?=$(shell which podman)
# HELM_IMAGE
HELM_IMAGE_REGISTRY_HOST?=docker.io
HELM_IMAGE_REPOSITORY?=volkerraschek/helm
HELM_IMAGE_VERSION?=3.18.3 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
# NODE_IMAGE
NODE_IMAGE_REGISTRY_HOST?=docker.io
NODE_IMAGE_REPOSITORY?=library/node
NODE_IMAGE_VERSION?=24.2.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
NODE_IMAGE_VERSION?=24.10.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
# MISSING DOT

430
README.md
View File

@@ -2,167 +2,337 @@
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek)
This is an inofficial helm chart of the go-proxy
[athens](https://github.com/gomods/athens) which supports more complex
configuration options.
> [!NOTE]
> This is not the official helm chart of Athens Go Proxy. If you are looking for the official helm chart, checkout the
> GitHub project [gomods/athens-charts](https://github.com/gomods/athens-charts).
This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and
can be installed via helm.
This helm chart enables the deployment of [Athens Go Proxy](https://github.com/gomods/athens), a module datastore and
proxy for Golang.
The helm chart supports the individual configuration of additional containers/initContainers, mounting of volumes,
defining additional environment variables and much more.
Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure
helm and use it to deploy the exporter. It also contains further configuration examples.
Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the
*[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)*
concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a
separate [chapter](#argocd).
## Helm: configuration and installation
1. A helm chart repository must be configured, to pull the helm charts from.
2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm
`--set` flag or directly as part of a `values.yaml` file. The following example defines the repository and use the
`--set` flag for a basic deployment.
```bash
helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
helm repo update
helm install athens-proxy volker.raschek/athens-proxy
```
## Customization
Instead of passing all parameters via the *set* flag, it is also possible to define them as part of the `values.yaml`.
The following command downloads the `values.yaml` for a specific version of this chart. Please keep in mind, that the
version of the chart must be in sync with the `values.yaml`. Newer *minor* versions can have new features. New *major*
versions can break something!
The complete deployment can be adapted via the `values.yaml` files. The
configuration of the proxy can be done via the environment variables described
below or via mounting the config.toml as additional persistent volume to
`/config/config.toml`
## Access private repositories via SSH
Create a `configmap.yaml` with multiple keys. One key describe the content of
the `.gitconfig` file and another of `config` of the ssh client. All requests
Git clone comands with the prefix `http://github.com/` will be replaced by
`git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a
separate secret.
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-configs
data:
sshconfig: |
Host github.com
IdentityFile /root/.ssh/id_ed25519
StrictHostKeyChecking no
gitconfig: |
[url "git@github.com:"]
insteadOf = https://github.com/
```bash
CHART_VERSION=1.0.0
helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml
```
The secret definition below contains the SSH private and public key.
A complete list of available helm chart versions can be displayed via the following command:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: custom-ssh-keys
type: Opaque
stringData:
id_ed25519: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
-----END OPENSSH PRIVATE KEY-----
id_ed25519.pub: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe
```bash
helm search repo reposilite --versions
```
The item `config` of the configmap will be merged with the items of the secret
as virtual volume. This volume can than be mounted with special permissions
required for the ssh client.
The helm chart also contains a persistent volume claim definition. It persistent volume claim is not enabled by default.
Use the `--set` argument to persist your data.
```yaml
extraVolumes:
- name: ssh
projected:
defaultMode: 0644
sources:
- configMap:
name: custom-configs
items:
- key: sshconfig
path: config
- secret:
name: custom-ssh-keys
items:
- key: id_ed25519
path: id_ed25519
mode: 0600
- key: id_ed25519.pub
path: id_ed25519.pub
- name: gitconfig
configMap:
name: custom-configs
items:
- key: gitconfig
path: config
mode: 0644
extraVolumeMounts:
- name: ssh
mountPath: /root/.ssh
- name: gitconfig
mountPath: /root/.config/git
```bash
CHART_VERSION=1.0.0
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
persistence.enabled=true
```
## Access private GitHub.com repositories via developer token
### Examples
Another way to access private GitHub repositories is via a GitHub token, which
can be set via the environment variable `GITHUB_TOKEN`. Athens automatically
creates a `.netrc` file to access private GitHub repositories.
The following examples serve as individual configurations and as inspiration for how deployment problems can be solved.
## Access private repositories via .netrc configuration
#### Avoid CPU throttling by defining a CPU limit
As describe above, a `.netrc` file is responsible for the authentication via
HTTP. The file can also be defined via a custom secret and mounted into the home
directory of `root` for general authentication purpose.
If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the
application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but
cannot use the available CPU time to perform computing operations.
The example below describe the definition and mounting of a custom `.netrc` file
to access private repositories hosted on GitHub and GitLab.
The application must be informed that despite several CPUs only a part (limit) of the available computing time is
available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way
of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS
rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
```yaml
apiVersion: v1
kind: Secret
metadata:
name: custom-netrc
type: Opaque
stringData:
netrc: |
machine github.com login USERNAME password API-KEY
machine gitlab.com login USERNAME password API-KEY
Further information about this topic can be found in one of Kanishk's blog
[posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
> [!NOTE]
> The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is
> not anymore required.
>
> Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
```bash
CHART_VERSION=1.0.0
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
--set 'deployment.athensProxy.env.name=GOMAXPROCS' \
--set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
--set 'deployment.athensProxy.resources.limits.cpu=1000m'
```
The file must then be mounted via extraVolumes and extraVolumeMounts.
#### Network policies
Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`.
The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming
traffic from an ingress controller. Additionally two egress rules are defined. The first one to allow the application
outgoing access to the internal running DNS server `core-dns`. The second rule to be able to access the upstream Go
proxy `https://proxy.golang.org` via HTTPS.
> [!IMPORTANT]
> Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For
> this reason, there is are not default network policy rules defined.
```yaml
extraVolumes:
- name: netrc
secret:
secretName: custom-netrc
items:
- key: netrc
path: .netrc
mode: 0600
networkPolicies:
enabled: true
annotations: {}
labels: {}
policyTypes:
- Egress
- Ingress
egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- port: 53
protocol: TCP
- port: 53
protocol: UDP
- ports:
- port: 443
protocol: TCP
extraVolumeMounts:
- name: netrc
mountPath: /root
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
ports:
- port: http
protocol: TCP
```
## Persistent storage
## ArgoCD
Unlike the athens default, the default here is `disk` - i.e. the files are
written to the container. Therefore, it is advisable to outsource the
corresponding storage location to persistent storage. The following example
describes the integration of a persistent storage claim.
### Daily execution of rolling updates
```yaml
extraVolumes:
- name: gomodules
persistentVolumeClaim:
claimName: custom-gomodules-pvc
The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in
connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll
Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments).
extraVolumeMounts:
- name: gomodules
mountPath: /var/lib/athens
The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the
content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version,
Helm render order, different timestamps).
This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this
can lead to unnecessary notifications from ArgoCD.
To avoid this, the annotation with the shasum must be ignored. Below is a diff that adds the `Application` to ignore all
annotations with the prefix `checksum`.
```diff
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
+ ignoreDifferences:
+ - group: apps/v1
+ kind: Deployment
+ jqPathExpressions:
+ - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))'
```
## Parameters
### Global
| Name | Description | Value |
| ------------------ | ----------------------------------------- | ----- |
| `nameOverride` | Individual release name suffix. | `""` |
| `fullnameOverride` | Override the complete release name logic. | `""` |
### Configuration
| Name | Description | Value |
| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `config.env.enabled` | Enable mounting of the secret as environment variables. | `false` |
| `config.env.existingSecret.enabled` | Mount an existing secret containing the application specific environment variables. | `false` |
| `config.env.existingSecret.secretName` | Name of the existing secret containing the application specific environment variables. | `""` |
| `config.env.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
| `config.env.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
| `config.env.secret.envs` | List of environment variables stored in a secret and mounted into the container. | `{}` |
| `config.downloadMode.enabled` | Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined. | `false` |
| `config.downloadMode.existingConfigMap.enabled` | Enable to use an external config map for mounting the download mode file. | `false` |
| `config.downloadMode.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the download mode file. | `""` |
| `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored. | `downloadMode` |
| `config.downloadMode.configMap.annotations` | Additional annotations of the config map containing the download mode file. | `{}` |
| `config.downloadMode.configMap.labels` | Additional labels of the config map containing the download mode file. | `{}` |
| `config.gitConfig.enabled` | Enable mounting of a .gitconfig file into the container file system. | `false` |
| `config.gitConfig.existingConfigMap.enabled` | Enable to use an external config map for mounting the .gitconfig file. | `false` |
| `config.gitConfig.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the .gitconfig file. | `""` |
| `config.gitConfig.existingConfigMap.gitConfigKey` | The name of the key inside the config map where the content of the .gitconfig file is stored. | `nil` |
| `config.gitConfig.configMap.annotations` | Additional annotations of the config map containing the .gitconfig file. | `{}` |
| `config.gitConfig.configMap.labels` | Additional labels of the config map containing the .gitconfig file. | `{}` |
| `config.netrc.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
| `config.netrc.existingSecret.enabled` | Enable to use an external secret for mounting the .netrc file. | `false` |
| `config.netrc.existingSecret.secretName` | The name of the existing secret which should be used to mount the .netrc file. | `""` |
| `config.netrc.existingSecret.netrcKey` | The name of the key inside the secret where the content of the .netrc file is stored. | `.netrc` |
| `config.netrc.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
| `config.netrc.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
| `config.ssh.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
| `config.ssh.existingSecret.enabled` | Enable to use an external secret for mounting the public and private SSH key files. | `false` |
| `config.ssh.existingSecret.secretName` | The name of the existing secret which should be used to mount the public and private SSH key files. | `""` |
| `config.ssh.existingSecret.configKey` | The name of the key inside the secret where the content of the SSH client config file is stored. | `config` |
| `config.ssh.existingSecret.id_ed25519Key` | The name of the key inside the secret where the content of the id_ed25519 key file is stored. | `id_ed25519` |
| `config.ssh.existingSecret.id_ed25519PubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_ed25519.pub` |
| `config.ssh.existingSecret.id_rsaKey` | The name of the key inside the secret where the content of the id_rsa key file is stored. | `id_rsa` |
| `config.ssh.existingSecret.id_rsaPubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_rsa.pub` |
| `config.ssh.secret.annotations` | Additional annotations of the secret containing the public and private SSH key files. | `{}` |
| `config.ssh.secret.labels` | Additional labels of the secret containing the public and private SSH key files. | `{}` |
### Deployment
| Name | Description | Value |
| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------- |
| `deployment.annotations` | Additional deployment annotations. | `{}` |
| `deployment.labels` | Additional deployment labels. | `{}` |
| `deployment.additionalContainers` | List of additional containers. | `[]` |
| `deployment.affinity` | Affinity for the athens-proxy deployment. | `{}` |
| `deployment.initContainers` | List of additional init containers. | `[]` |
| `deployment.dnsConfig` | dnsConfig of the athens-proxy deployment. | `{}` |
| `deployment.dnsPolicy` | dnsPolicy of the athens-proxy deployment. | `""` |
| `deployment.hostname` | Individual hostname of the pod. | `""` |
| `deployment.subdomain` | Individual domain of the pod. | `""` |
| `deployment.hostNetwork` | Use the kernel network namespace of the host system. | `false` |
| `deployment.imagePullSecrets` | Secret to use for pulling the image. | `[]` |
| `deployment.athensProxy.args` | Arguments passed to the athens-proxy container. | `[]` |
| `deployment.athensProxy.command` | Command passed to the athens-proxy container. | `[]` |
| `deployment.athensProxy.env` | List of environment variables for the athens-proxy container. | `[]` |
| `deployment.athensProxy.envFrom` | List of environment variables mounted from configMaps or secrets for the athens-proxy container. | `[]` |
| `deployment.athensProxy.image.registry` | Image registry, eg. `docker.io`. | `docker.io` |
| `deployment.athensProxy.image.repository` | Image repository, eg. `library/busybox`. | `gomods/athens` |
| `deployment.athensProxy.image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` |
| `deployment.athensProxy.image.pullPolicy` | Image pull policy. | `IfNotPresent` |
| `deployment.athensProxy.resources` | CPU and memory resources of the pod. | `{}` |
| `deployment.athensProxy.securityContext` | Security context of the container of the deployment. | `{}` |
| `deployment.athensProxy.volumeMounts` | Additional volume mounts. | `[]` |
| `deployment.nodeSelector` | NodeSelector of the athens-proxy deployment. | `{}` |
| `deployment.priorityClassName` | PriorityClassName of the athens-proxy deployment. | `""` |
| `deployment.replicas` | Number of replicas for the athens-proxy deployment. | `1` |
| `deployment.restartPolicy` | Restart policy of the athens-proxy deployment. | `""` |
| `deployment.securityContext` | Security context of the athens-proxy deployment. | `{}` |
| `deployment.strategy.type` | Strategy type - `Recreate` or `RollingUpdate`. | `RollingUpdate` |
| `deployment.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` |
| `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` |
| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` |
| `deployment.tolerations` | Tolerations of the athens-proxy deployment. | `[]` |
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the athens-proxy deployment. | `[]` |
| `deployment.volumes` | Additional volumes to mount into the pods of the prometheus-exporter deployment. | `[]` |
### Horizontal Pod Autoscaler (HPA)
| Name | Description | Value |
| ----------------- | -------------------------------------------------------------------------------------------------- | ----------- |
| `hpa.enabled` | Enable the horizontal pod autoscaler (HPA). | `false` |
| `hpa.annotations` | Additional annotations for the HPA. | `{}` |
| `hpa.labels` | Additional labels for the HPA. | `{}` |
| `hpa.metrics` | Metrics contains the specifications for which to use to calculate the desired replica count. | `undefined` |
| `hpa.minReplicas` | Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down. | `1` |
| `hpa.maxReplicas` | Upper limit for the number of pods that can be set by the autoscaler. | `10` |
### Ingress
| Name | Description | Value |
| --------------------- | -------------------------------------------------------------------------------------------------------------------- | ------- |
| `ingress.enabled` | Enable creation of an ingress resource. Requires, that the http service is also enabled. | `false` |
| `ingress.className` | Ingress class. | `nginx` |
| `ingress.annotations` | Additional ingress annotations. | `{}` |
| `ingress.labels` | Additional ingress labels. | `{}` |
| `ingress.hosts` | Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. | `[]` |
| `ingress.tls` | Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``. | `[]` |
### Persistence
| Name | Description | Value |
| -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- |
| `persistence.enabled` | Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. | `false` |
| `persistence.data.mountPath` | The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`. | `/var/www/athens-proxy/data` |
| `persistence.data.existingPersistentVolumeClaim.enabled` | TODO | `false` |
| `persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName` | TODO | `""` |
| `persistence.data.persistentVolumeClaim.annotations` | Additional persistent volume claim annotations. | `{}` |
| `persistence.data.persistentVolumeClaim.labels` | Additional persistent volume claim labels. | `{}` |
| `persistence.data.persistentVolumeClaim.accessModes` | Access modes of the persistent volume claim. | `["ReadWriteMany"]` |
| `persistence.data.persistentVolumeClaim.storageClass` | Storage class of the persistent volume claim. | `""` |
| `persistence.data.persistentVolumeClaim.storageSize` | Size of the persistent volume claim. | `5Gi` |
### Network Policy
| Name | Description | Value |
| --------------------------- | ------------------------------------------------------------------------- | ------- |
| `networkPolicy.enabled` | Enable network policies in general. | `false` |
| `networkPolicy.annotations` | Additional network policy annotations. | `{}` |
| `networkPolicy.labels` | Additional network policy labels. | `{}` |
| `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]` |
| `networkPolicy.egress` | Concrete egress network policy implementation. | `[]` |
| `networkPolicy.ingress` | Concrete ingress network policy implementation. | `[]` |
### Service
| Name | Description | Value |
| ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| `services.http.enabled` | Enable the service. | `true` |
| `services.http.annotations` | Additional service annotations. | `{}` |
| `services.http.externalIPs` | External IPs for the service. | `[]` |
| `services.http.externalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster` |
| `services.http.internalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | `Cluster` |
| `services.http.ipFamilies` | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | `[]` |
| `services.http.labels` | Additional service labels. | `{}` |
| `services.http.loadBalancerClass` | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | `""` |
| `services.http.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` |
| `services.http.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` |
| `services.http.port` | Port to forward the traffic to. | `3000` |
| `services.http.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` |
| `services.http.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` |
| `services.http.type` | Kubernetes service type for the traffic. | `ClusterIP` |
### ServiceAccount
| Name | Description | Value |
| ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `serviceAccount.existing.enabled` | Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations. | `false` |
| `serviceAccount.existing.serviceAccountName` | Name of the existing service account. | `""` |
| `serviceAccount.new.annotations` | Additional service account annotations. | `{}` |
| `serviceAccount.new.labels` | Additional service account labels. | `{}` |
| `serviceAccount.new.automountServiceAccountToken` | Enable/disable auto mounting of the service account token. | `true` |
| `serviceAccount.new.imagePullSecrets` | ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount. | `[]` |
| `serviceAccount.new.secrets` | Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. | `[]` |

12
examples/configmap.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-configs
data:
sshconfig: |
Host github.com
IdentityFile /root/.ssh/id_ed25519
StrictHostKeyChecking no
gitconfig: |
[url "git@github.com:"]
insteadOf = https://github.com/

26
examples/secret.yaml
View File

@@ -1,26 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: custom-ssh-keys
type: Opaque
stringData:
id_ed25519: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
-----END OPENSSH PRIVATE KEY-----
id_ed25519.pub: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe
---
apiVersion: v1
kind: Secret
metadata:
name: custom-netrc
type: Opaque
stringData:
netrc: |
machine github.com login USERNAME password API-KEY
machine gitlab.com login USERNAME password API-KEY

36
package-lock.json generated
View File

@@ -1,10 +1,10 @@
{
"name": "athens-proxy-chart",
"name": "athens-proxy-charts",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "athens-proxy-chart",
"name": "athens-proxy-charts",
"license": "MIT",
"devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.5.0",
@@ -17,9 +17,9 @@
}
},
"node_modules/@bitnami/readme-generator-for-helm": {
"version": "2.7.0",
"resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.7.0.tgz",
"integrity": "sha512-fVxExmcuJ9NZb9ZE9OW3+lG8pUlXJAJdaO8UukV3A7WzYu4qOTr03MXPH9Gt5e/6mo3x4WYI/cXBksKfS0qn3w==",
"version": "2.7.2",
"resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.7.2.tgz",
"integrity": "sha512-7eXyJzxQTQj2ajpHlIhadciCCYWOqN8ieaweU25bStHOZowQ2c2CQyjO/bX4gxIf73LoRKxHhEYgLTllJY9SIw==",
"dev": true,
"license": "Apache-2.0",
"dependencies": {
@@ -1042,9 +1042,9 @@
}
},
"node_modules/link-check": {
"version": "5.4.0",
"resolved": "https://registry.npmjs.org/link-check/-/link-check-5.4.0.tgz",
"integrity": "sha512-0Pf4xBVUnwJdbDgpBlhHNmWDtbVjHTpIFs+JaBuIsC9PKRxjv4KMGCO2Gc8lkVnqMf9B/yaNY+9zmMlO5MyToQ==",
"version": "5.5.0",
"resolved": "https://registry.npmjs.org/link-check/-/link-check-5.5.0.tgz",
"integrity": "sha512-CpMk2zMfyEMdDvFG92wO5pU/2I/wbw72/9pvUFhU9cDKkwhmVlPuvxQJzd/jXA2iVOgNgPLnS5zyOLW7OzNpdA==",
"dev": true,
"license": "ISC",
"dependencies": {
@@ -1101,16 +1101,16 @@
}
},
"node_modules/markdown-link-check": {
"version": "3.13.7",
"resolved": "https://registry.npmjs.org/markdown-link-check/-/markdown-link-check-3.13.7.tgz",
"integrity": "sha512-Btn3HU8s2Uyh1ZfzmyZEkp64zp2+RAjwfQt1u4swq2Xa6w37OW0T2inQZrkSNVxDSa2jSN2YYhw/JkAp5jF1PQ==",
"version": "3.14.1",
"resolved": "https://registry.npmjs.org/markdown-link-check/-/markdown-link-check-3.14.1.tgz",
"integrity": "sha512-h1tihNL3kmOS3N7H4FyF4xKDxiHnNBNSgs/LWlDiRHlC8O0vfRX0LhDDvesRSs4HM7nS0F658glLxonaXBmuWw==",
"dev": true,
"license": "ISC",
"dependencies": {
"async": "^3.2.6",
"chalk": "^5.3.0",
"commander": "^13.1.0",
"link-check": "^5.4.0",
"commander": "^14.0.0",
"link-check": "^5.5.0",
"markdown-link-extractor": "^4.0.2",
"needle": "^3.3.1",
"progress": "^2.0.3",
@@ -1121,6 +1121,16 @@
"markdown-link-check": "markdown-link-check"
}
},
"node_modules/markdown-link-check/node_modules/commander": {
"version": "14.0.1",
"resolved": "https://registry.npmjs.org/commander/-/commander-14.0.1.tgz",
"integrity": "sha512-2JkV3gUZUVrbNA+1sjBOYLsMZ5cEEl8GTFP2a4AVz5hvasAMCQ1D2l2le/cX+pV4N6ZU17zjUahLpIXRrnWL8A==",
"dev": true,
"license": "MIT",
"engines": {
"node": ">=20"
}
},
"node_modules/markdown-link-extractor": {
"version": "4.0.2",
"resolved": "https://registry.npmjs.org/markdown-link-extractor/-/markdown-link-extractor-4.0.2.tgz",

4
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "athens-proxy-chart",
"homepage": "https://git.cryptic.systems/volker.raschek/athens-proxy-chart.git",
"name": "athens-proxy-charts",
"homepage": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts.git",
"license": "MIT",
"private": true,
"engineStrict": true,

22
renovate.json
View File

@@ -9,6 +9,7 @@
],
"customManagers": [
{
"customType": "regex",
"fileMatch": [
"^Chart\\.yaml$"
],
@@ -21,17 +22,32 @@
"versioningTemplate": "semver"
},
{
"customType": "regex",
"fileMatch": ["^README\\.md$"],
"matchStrings": [
"VERSION=(?<currentValue>.*)"
],
"depNameTemplate": "volker.raschek/athens-proxy-chart",
"packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-chart",
"depNameTemplate": "volker.raschek/athens-proxy-charts",
"packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts",
"datasourceTemplate": "git-tags",
"versioningTemplate": "semver"
}
],
"packageRules": [
{
"groupName": "Update docker.io/volkerraschek/helm",
"matchDepNames": [
"docker.io/volkerraschek/helm",
"volkerraschek/helm"
]
},
{
"groupName": "Update docker.io/library/node",
"matchDepNames": [
"docker.io/library/node",
"library/node"
]
},
{
"addLabels": [
"renovate/automerge",
@@ -56,7 +72,7 @@
],
"automerge": true,
"matchDepNames": [
"volker.raschek/athens-proxy-chart"
"volker.raschek/athens-proxy-charts"
],
"matchUpdateTypes": [
"major",

11
templates/_helpers.tpl → templates/_common.tpl
View File

@@ -1,3 +1,4 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
@@ -30,20 +31,26 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common annotations
*/}}
{{- define "athens-proxy.annotations" -}}
{{- end }}
{{/*
Common labels
*/}}
{{- define "athens-proxy.labels" -}}
helm.sh/chart: {{ include "athens-proxy.chart" . }}
{{ include "athens-proxy.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "athens-proxy.chart" . }}
{{- end }}
{{/*
Selector labels
Common selector labels
*/}}
{{- define "athens-proxy.selectorLabels" -}}
app.kubernetes.io/name: {{ include "athens-proxy.name" . }}

43
templates/_configMap.tpl Normal file
View File

@@ -0,0 +1,43 @@
---
{{/* annotations */}}
{{- define "athens-proxy.configMap.downloadMode.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.downloadMode.configMap.annotations }}
{{ toYaml .Values.config.downloadMode.configMap.annotations }}
{{- end }}
{{- end }}
{{- define "athens-proxy.configMap.gitConfig.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.gitConfig.configMap.annotations }}
{{ toYaml .Values.config.gitConfig.configMap.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.configMap.downloadMode.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.downloadMode.configMap.labels }}
{{ toYaml .Values.config.downloadMode.configMap.labels }}
{{- end }}
{{- end }}
{{- define "athens-proxy.configMap.gitConfig.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.gitConfig.configMap.labels }}
{{ toYaml .Values.config.gitConfig.configMap.labels }}
{{- end }}
{{- end }}
{{/* name */}}
{{- define "athens-proxy.configMap.downloadMode.name" -}}
{{ include "athens-proxy.fullname" . }}-download-mode-file
{{- end }}
{{- define "athens-proxy.configMap.gitConfig.name" -}}
{{ include "athens-proxy.fullname" . }}-gitconfig
{{- end }}

255
templates/_deployment.tpl Normal file
View File

@@ -0,0 +1,255 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.deployment.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.deployment.annotations }}
{{ toYaml .Values.deployment.annotations }}
{{- end }}
{{- end }}
{{/* env */}}
{{- define "athens-proxy.deployment.env" -}}
{{- $env := .Values.deployment.athensProxy.env | default (list) }}
{{- if and .Values.persistence.enabled }}
{{- $env = concat $env (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)) }}
{{- end }}
{{- if .Values.config.downloadMode.enabled }}
{{- $env = concat $env (list (dict "name" "ATHENS_DOWNLOAD_MODE" "value" "file:/etc/athens/config/download-mode.d/download-mode")) }}
{{- end }}
{{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }}
{{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }}
{{- end }}
{{ toYaml (dict "env" $env) }}
{{- end -}}
{{/* envFrom */}}
{{- define "athens-proxy.deployment.envFrom" -}}
{{- $envFrom := .Values.deployment.athensProxy.envFrom | default (list) }}
{{- if .Values.config.env.enabled }}
{{- $secretName := include "athens-proxy.secrets.env.name" $ }}
{{- if and .Values.config.env.existingSecret.enabled (gt (len .Values.config.env.existingSecret.secretName) 0)}}
{{- $secretName = .Values.config.env.existingSecret.secretName }}
{{- end }}
{{- $envFrom = concat $envFrom (list (dict "secretRef" (dict "name" $secretName))) }}
{{- end }}
{{ toYaml (dict "envFrom" $envFrom) }}
{{- end -}}
{{/* image */}}
{{- define "athens-proxy.deployment.images.athens-proxy.fqin" -}}
{{- $registry := .Values.deployment.athensProxy.image.registry -}}
{{- $repository := .Values.deployment.athensProxy.image.repository -}}
{{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}}
{{- printf "%s/%s:%s" $registry $repository $tag -}}
{{- end -}}
{{/* labels */}}
{{- define "athens-proxy.deployment.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.deployment.labels }}
{{ toYaml .Values.deployment.labels }}
{{- end }}
{{- end }}
{{/* serviceAccount */}}
{{- define "athens-proxy.deployment.serviceAccount" -}}
{{- if .Values.serviceAccount.existing.enabled -}}
{{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}}
{{- else -}}
{{- include "athens-proxy.fullname" . -}}
{{- end -}}
{{- end }}
{{/* volumeMounts */}}
{{- define "athens-proxy.deployment.volumeMounts" -}}
{{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }}
{{- if .Values.persistence.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }}
{{- end }}
{{/* volumes (download mode) */}}
{{- if .Values.config.downloadMode.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "download-mode" "mountPath" "/etc/athens/config/download-mode.d" )) }}
{{- end }}
{{/* volumeMount (git config) */}}
{{- if .Values.config.gitConfig.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.gitconfig" "subPath" ".gitconfig" )) }}
{{- end }}
{{/* volumeMount (netrc) */}}
{{- if .Values.config.netrc.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.netrc" "subPath" ".netrc" )) }}
{{- end }}
{{/* volumeMount (ssh) */}}
{{- if and .Values.config.ssh.enabled }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.config) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.configKey) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/config" "subPath" "config" )) }}
{{- end }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519" "subPath" "id_ed25519" )) }}
{{- end }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519.pub" "subPath" "id_ed25519.pub" )) }}
{{- end }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa" "subPath" "id_rsa" )) }}
{{- end }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa.pub" "subPath" "id_rsa.pub" )) }}
{{- end }}
{{- end }}
{{ toYaml (dict "volumeMounts" $volumeMounts) }}
{{- end -}}
{{/* volumes */}}
{{- define "athens-proxy.deployment.volumes" -}}
{{- $volumes := .Values.deployment.athensProxy.volumes | default (list) }}
{{/* volumes (data) */}}
{{- if .Values.persistence.enabled }}
{{- $claimName := include "athens-proxy.persistentVolumeClaim.data.name" $ }}
{{- if .Values.persistence.data.existingPersistentVolumeClaim.enabled }}
{{- $claimName = .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName }}
{{- end }}
{{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $claimName))) }}
{{- end }}
{{/* volumes (download mode) */}}
{{- if .Values.config.downloadMode.enabled }}
{{- $itemList := list (dict "key" "downloadMode" "path" "download-mode" "mode" 0644) }}
{{- $configMapName := include "athens-proxy.configMap.downloadMode.name" $ }}
{{- if and .Values.config.downloadMode.existingConfigMap.enabled (gt (len .Values.config.downloadMode.existingConfigMap.configMapName) 0) }}
{{- $itemList = list (dict "key" .Values.config.downloadMode.existingConfigMap.downloadModeKey "path" "download-mode" "mode" 0644) }}
{{- $configMapName = .Values.config.downloadMode.existingConfigMap.configMapName }}
{{- end }}
{{- $volumes = concat $volumes (list (dict "name" "download-mode" "configMap" (dict "name" $configMapName "items" $itemList))) }}
{{- end }}
{{/* volumes (git config) */}}
{{- $projectedSecretSources := list -}}
{{- if .Values.config.gitConfig.enabled }}
{{- $itemList := list (dict "key" ".gitconfig" "path" ".gitconfig" "mode" 0644) }}
{{- $configMapName := include "athens-proxy.configMap.gitConfig.name" . }}
{{- if .Values.config.gitConfig.existingConfigMap.enabled }}
{{- $itemList = list (dict "key" .Values.config.gitConfig.existingConfigMap.gitConfigKey "path" ".gitconfig" "mode" 0644) }}
{{- $configMapName = .Values.config.gitConfig.existingConfigMap.configMapName }}
{{- end }}
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "configMap" (dict "name" $configMapName "items" $itemList))) }}
{{- end }}
{{/* volumes (netrc) */}}
{{- if .Values.config.netrc.enabled }}
{{- $itemList := list (dict "key" ".netrc" "path" ".netrc" "mode" 0600) }}
{{- $secretName := include "athens-proxy.secrets.netrc.name" . }}
{{- if .Values.config.netrc.existingSecret.enabled }}
{{- $itemList = list (dict "key" .Values.config.netrc.existingSecret.netrcKey "path" ".netrc" "mode" 0600) }}
{{- $secretName = .Values.config.netrc.existingSecret.secretName }}
{{- end }}
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
{{- end }}
{{/* volumes (ssh) */}}
{{- if .Values.config.ssh.enabled }}
{{- $itemList := list -}}
{{- $secretName := include "athens-proxy.secrets.ssh.name" . }}
{{- if and .Values.config.ssh.existingSecret.enabled .Values.config.ssh.existingSecret.secretName }}
{{- $secretName = .Values.config.ssh.existingSecret.secretName }}
{{- if gt (len .Values.config.ssh.existingSecret.configKey) 0 }}
{{- $configItem := dict "key" .Values.config.ssh.existingSecret.configKey "path" "config" "mode" 0600 }}
{{- $itemList = concat $itemList (list $configItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0 }}
{{- $idED25519Item := dict "key" .Values.config.ssh.existingSecret.id_ed25519Key "path" "id_ed25519" "mode" 0600 }}
{{- $itemList = concat $itemList (list $idED25519Item) }}
{{- end }}
{{- if gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0 }}
{{- $idED25519PubItem := dict "key" .Values.config.ssh.existingSecret.id_ed25519PubKey "path" "id_ed25519.pub" "mode" 0644 }}
{{- $itemList = concat $itemList (list $idED25519PubItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0 }}
{{- $idRSAItem := dict "key" .Values.config.ssh.existingSecret.id_rsaKey "path" "id_rsa" "mode" 0600 }}
{{- $itemList = concat $itemList (list $idRSAItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0 }}
{{- $idRSAPubItem := dict "key" .Values.config.ssh.existingSecret.id_rsaPubKey "path" "id_rsa.pub" "mode" 0644 }}
{{- $itemList = concat $itemList (list $idRSAPubItem) }}
{{- end }}
{{- end }}
{{- if not .Values.config.ssh.existingSecret.enabled }}
{{- if gt (len .Values.config.ssh.secret.config) 0 }}
{{- $configItem := dict "key" "config" "path" "config" "mode" 0600 }}
{{- $itemList = concat $itemList (list $configItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.secret.id_ed25519) 0 }}
{{- $idED25519Item := dict "key" "id_ed25519" "path" "id_ed25519" "mode" 0600 }}
{{- $itemList = concat $itemList (list $idED25519Item) }}
{{- end }}
{{- if gt (len .Values.config.ssh.secret.id_ed25519_pub) 0 }}
{{- $idED25519PubItem := dict "key" "id_ed25519.pub" "path" "id_ed25519.pub" "mode" 0644 }}
{{- $itemList = concat $itemList (list $idED25519PubItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.secret.id_rsa) 0 }}
{{- $idRSAItem := dict "key" "id_rsa" "path" "id_rsa" "mode" 0600 }}
{{- $itemList = concat $itemList (list $idRSAItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.secret.id_rsa_pub) 0 }}
{{- $idRSAPubItem := dict "key" "id_rsa.pub" "path" "id_rsa.pub" "mode" 0644 }}
{{- $itemList = concat $itemList (list $idRSAPubItem) }}
{{- end }}
{{- end }}
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
{{- end }}
{{- if gt (len $projectedSecretSources) 0 }}
{{- $projectedSecretVolume := dict "name" "secrets" "projected" (dict "sources" $projectedSecretSources) }}
{{- $volumes = concat $volumes (list $projectedSecretVolume) }}
{{- end }}
{{ toYaml (dict "volumes" $volumes) }}
{{- end -}}

19
templates/_hpa.tpl Normal file
View File

@@ -0,0 +1,19 @@
---
{{/* annotations */}}
{{- define "athens-proxy.hpa.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.hpa.annotations }}
{{ toYaml .Values.hpa.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.hpa.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.hpa.labels }}
{{ toYaml .Values.hpa.labels }}
{{- end }}
{{- end }}

19
templates/_ingress.tpl Normal file
View File

@@ -0,0 +1,19 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.ingress.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.ingress.annotations }}
{{ toYaml .Values.ingress.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.ingress.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.ingress.labels }}
{{ toYaml .Values.ingress.labels }}
{{- end }}
{{- end }}

19
templates/_networkPolicy.tpl Normal file
View File

@@ -0,0 +1,19 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.networkPolicy.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.networkPolicy.annotations }}
{{ toYaml .Values.networkPolicy.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.networkPolicy.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.networkPolicy.labels }}
{{ toYaml .Values.networkPolicy.labels }}
{{- end }}
{{- end }}

25
templates/_persistentVolumeClaim.tpl Normal file
View File

@@ -0,0 +1,25 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.persistentVolumeClaim.data.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.persistence.data.persistentVolumeClaim.annotations }}
{{ toYaml .Values.persistence.data.persistentVolumeClaim.annotations}}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.persistentVolumeClaim.data.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.persistence.data.persistentVolumeClaim.labels }}
{{ toYaml .Values.persistence.data.persistentVolumeClaim.labels}}
{{- end }}
{{- end }}
{{/* name */}}
{{- define "athens-proxy.persistentVolumeClaim.data.name" -}}
{{ include "athens-proxy.fullname" . }}-data
{{- end }}

34
templates/_pod.tpl Normal file
View File

@@ -0,0 +1,34 @@
---
{{/* annotations */}}
{{- define "athens-proxy.pod.annotations" }}
{{- include "athens-proxy.annotations" . }}
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }}
{{- end }}
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }}
{{- end }}
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }}
{{- end }}
{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }}
{{- end }}
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.pod.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- end }}
{{- define "athens-proxy.pod.selectorLabels" -}}
{{ include "athens-proxy.selectorLabels" . }}
{{- end }}

61
templates/_secrets.tpl Normal file
View File

@@ -0,0 +1,61 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.secrets.env.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.env.secret.annotations }}
{{ toYaml .Values.config.env.secret.annotations }}
{{- end }}
{{- end }}
{{- define "athens-proxy.secrets.netrc.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.netrc.secret.annotations }}
{{ toYaml .Values.config.netrc.secret.annotations }}
{{- end }}
{{- end }}
{{- define "athens-proxy.secrets.ssh.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.config.ssh.secret.annotations }}
{{ toYaml .Values.config.ssh.secret.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.secrets.env.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.env.secret.labels }}
{{ toYaml .Values.config.env.secret.labels }}
{{- end }}
{{- end }}
{{- define "athens-proxy.secrets.netrc.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.netrc.secret.labels }}
{{ toYaml .Values.config.netrc.secret.labels }}
{{- end }}
{{- end }}
{{- define "athens-proxy.secrets.ssh.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.config.ssh.secret.labels }}
{{ toYaml .Values.config.ssh.secret.labels }}
{{- end }}
{{- end }}
{{/* name */}}
{{- define "athens-proxy.secrets.env.name" -}}
{{ include "athens-proxy.fullname" . }}-env
{{- end }}
{{- define "athens-proxy.secrets.netrc.name" -}}
{{ include "athens-proxy.fullname" . }}-netrc
{{- end }}
{{- define "athens-proxy.secrets.ssh.name" -}}
{{ include "athens-proxy.fullname" . }}-ssh
{{- end }}

17
templates/_serviceAccount.tpl Normal file
View File

@@ -0,0 +1,17 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.serviceAccount.annotations" -}}
{{- if .Values.serviceAccount.new.annotations }}
{{ toYaml .Values.serviceAccount.new.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.serviceAccount.labels" -}}
{{- if .Values.serviceAccount.new.labels }}
{{ toYaml .Values.serviceAccount.new.labels }}
{{- end }}
{{- end }}

29
templates/_services.tpl Normal file
View File

@@ -0,0 +1,29 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.services.http.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.services.http.annotations }}
{{ toYaml .Values.services.http.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.services.http.labels" -}}
{{ include "athens-proxy.labels" . }}
{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}}
app.kubernetes.io/service-name: http
{{- if .Values.services.http.labels }}
{{ toYaml .Values.services.http.labels }}
{{- end }}
{{- end }}
{{/* names */}}
{{- define "athens-proxy.services.http.name" -}}
{{- if .Values.services.http.enabled -}}
{{ include "athens-proxy.fullname" . }}-http
{{- end -}}
{{- end -}}

19
templates/configMapDownloadMode.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
---
apiVersion: v1
kind: ConfigMap
metadata:
{{- with (include "athens-proxy.configMap.downloadMode.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.configMap.downloadMode.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.configMap.downloadMode.name" . }}
namespace: {{ .Release.Namespace }}
data:
downloadMode: |
{{- tpl .Values.config.downloadMode.configMap.content . | nindent 4 }}
{{- end }}

19
templates/configMapGitConfig.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
---
apiVersion: v1
kind: ConfigMap
metadata:
{{- with (include "athens-proxy.configMap.gitConfig.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.configMap.gitConfig.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}-git-config
namespace: {{ .Release.Namespace }}
data:
.gitconfig: |
{{- tpl .Values.config.gitConfig.configMap.content . | nindent 4 }}
{{- end }}

153
templates/deployment.yaml
View File

@@ -1,72 +1,135 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "athens-proxy.fullname" . }}
{{- with (include "athens-proxy.deployment.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.deployment.labels" . | fromYaml) }}
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
replicas: {{ .Values.deployment.replicas }}
selector:
matchLabels:
{{- include "athens-proxy.selectorLabels" . | nindent 6 }}
{{- include "athens-proxy.pod.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "athens-proxy.pod.annotations" . | nindent 8 }}
labels:
{{- include "athens-proxy.selectorLabels" . | nindent 8 }}
{{- include "athens-proxy.pod.labels" . | nindent 8 }}
spec:
containers:
- name: {{ .Chart.Name }}
envFrom:
- secretRef:
name: {{ include "athens-proxy.fullname" . }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.config.ATHENS_PORT | default 3000 }}
protocol: TCP
{{- with .Values.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.extraVolumeMounts }}
volumeMounts:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.affinity }}
{{- with .Values.deployment.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.imagePullSecrets }}
containers:
- name: athens-proxy
{{- with .Values.deployment.athensProxy.args }}
args:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.deployment.athensProxy.command }}
command:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- $env := (include "athens-proxy.deployment.env" . | fromYaml) }}
{{- if and (hasKey $env "env") (gt (len $env.env) 0) }}
env:
{{- toYaml $env.env | nindent 8 }}
{{- end }}
{{- $envFrom := (include "athens-proxy.deployment.envFrom" . | fromYaml) }}
{{- if and (hasKey $envFrom "envFrom") (gt (len $envFrom.envFrom) 0) }}
envFrom:
{{- toYaml $envFrom.envFrom | nindent 8 }}
{{- end }}
image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }}
imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }}
livenessProbe:
tcpSocket:
port: http
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 3
readinessProbe:
tcpSocket:
port: http
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 3
ports:
- name: http
containerPort: 3000
protocol: TCP
{{- with .Values.deployment.athensProxy.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.deployment.athensProxy.securityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- $volumeMounts := (include "athens-proxy.deployment.volumeMounts" . | fromYaml) }}
{{- if and (hasKey $volumeMounts "volumeMounts") (gt (len $volumeMounts.volumeMounts) 0) }}
volumeMounts:
{{- toYaml $volumeMounts.volumeMounts | nindent 8 }}
{{- end }}
{{- with .Values.deployment.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.deployment.dnsPolicy }}
dnsPolicy: {{ .Values.deployment.dnsPolicy }}
{{- end }}
{{- if .Values.deployment.hostname }}
hostname: {{ .Values.deployment.hostname }}
{{- end }}
hostNetwork: {{ .Values.deployment.hostNetwork }}
{{- with .Values.deployment.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
{{- with .Values.deployment.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.podPriorityClassName }}
priorityClassName: {{ .Values.podPriorityClassName }}
{{- if .Values.deployment.priorityClassName }}
priorityClassName: {{ .Values.deployment.priorityClassName }}
{{- end }}
{{- if .Values.deployment.restartPolicy }}
restartPolicy: {{ .Values.deployment.restartPolicy }}
{{- end }}
{{- with .Values.deployment.securityContext }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
serviceAccountName: {{ include "athens-proxy.fullname" . }}
{{- with .Values.tolerations }}
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccount: {{ include "athens-proxy.deployment.serviceAccount" . }}
{{- if .Values.deployment.subdomain }}
subdomain: {{ .Values.deployment.subdomain }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }}
{{- with .Values.deployment.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.extraVolumes }}
{{- with .Values.deployment.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- $volumes := (include "athens-proxy.deployment.volumes" . | fromYaml) }}
{{- if and (hasKey $volumes "volumes") (gt (len $volumes.volumes) 0) }}
volumes:
{{- toYaml . | nindent 8 }}
{{- toYaml $volumes.volumes | nindent 6 }}
{{- end }}
{{- with .Values.deployment.strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}

25
templates/hpa.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if .Values.hpa.enabled -}}
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
{{- with (include "athens-proxy.hpa.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.hpa.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
metrics:
{{- toYaml .Values.hpa.metrics | nindent 2 }}
maxReplicas: {{ .Values.hpa.maxReplicas }}
minReplicas: {{ .Values.hpa.minReplicas }}
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "athens-proxy.fullname" . }}
{{- end -}}

70
templates/ingress.yaml
View File

@@ -1,61 +1,45 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "athens-proxy.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
{{- if and .Values.services.http.enabled .Values.ingress.enabled }}
---
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
{{- with (include "athens-proxy.ingress.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.ingress.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ include "athens-proxy.services.http.name" $ }}
port:
number: {{ $.Values.services.http.port }}
{{- end }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
- {{ tpl . $ | quote }}
{{- end }}
secretName: {{ .secretName | quote }}
{{- end }}
{{- end }}
{{- end }}

32
templates/networkPolicy.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{- if .Values.networkPolicy.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
{{- with (include "athens-proxy.networkPolicy.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.networkPolicy.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
podSelector:
matchLabels:
{{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }}
{{- with .Values.networkPolicy.policyTypes }}
policyTypes:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.networkPolicy.egress }}
egress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.networkPolicy.ingress }}
ingress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

26
templates/persistentVolumeClaim.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.data.existingPersistentVolumeClaim.enabled) }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- with (include "athens-proxy.persistentVolumeClaim.data.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.persistentVolumeClaim.data.labels" . | fromYaml) }}
labels:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.persistentVolumeClaim.data.name" . }}
namespace: {{ $.Release.Namespace }}
spec:
{{- with .Values.persistence.data.persistentVolumeClaim.accessModes }}
accessModes:
{{ toYaml . | nindent 4 }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.data.persistentVolumeClaim.storageSize }}
{{- if .Values.persistence.data.persistentVolumeClaim.storageClassName }}
storageClassName: {{ .Values.persistence.data.persistentVolumeClaim.storageClassName }}
{{- end }}
{{- end }}

20
templates/secretEnv.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
---
apiVersion: v1
kind: Secret
metadata:
{{- with (include "athens-proxy.secrets.env.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.secrets.env.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.secrets.env.name" . }}
namespace: {{ .Release.Namespace }}
stringData:
{{- range $key, $value := .Values.config.env.secret.envs }}
{{ upper $key }}: {{ quote $value }}
{{- end }}
{{- end }}

19
templates/secretNetRC.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
---
apiVersion: v1
kind: Secret
metadata:
{{- with (include "athens-proxy.secrets.netrc.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.secrets.netrc.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.secrets.netrc.name" . }}
namespace: {{ .Release.Namespace }}
stringData:
.netrc: |
{{- tpl .Values.config.netrc.secret.content . | nindent 4 }}
{{- end }}

35
templates/secretSSH.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
---
apiVersion: v1
kind: Secret
metadata:
{{- with (include "athens-proxy.secrets.ssh.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.secrets.ssh.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.secrets.ssh.name" . }}
namespace: {{ .Release.Namespace }}
stringData:
config: |
{{- tpl $.Values.config.ssh.secret.config $ | nindent 4 }}
{{- if .Values.config.ssh.secret.id_ed25519 }}
id_ed25519: |
{{- .Values.config.ssh.secret.id_ed25519 | nindent 4 }}
{{- end }}
{{- if .Values.config.ssh.secret.id_ed25519_pub }}
id_ed25519.pub: |
{{- .Values.config.ssh.secret.id_ed25519_pub | nindent 4 }}
{{- end }}
{{- if .Values.config.ssh.secret.id_rsa }}
id_rsa: |
{{- .Values.config.ssh.secret.id_rsa | nindent 4 }}
{{- end }}
{{- if .Values.config.ssh.secret.id_rsa_pub }}
id_rsa.pub: |
{{- .Values.config.ssh.secret.id_rsa_pub | nindent 4 }}
{{- end }}
{{- end }}

23
templates/secrets.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "athens-proxy.fullname" . }}
type: Opaque
stringData:
{{- if not (hasKey .Values "config") -}}
{{- $_ := set .Values "config" dict -}}
{{- end -}}
{{- if not (hasKey .Values.config "ATHENS_DISK_STORAGE_ROOT") -}}
{{- $_ := set .Values.config "ATHENS_DISK_STORAGE_ROOT" "/var/lib/athens" -}}
{{- end -}}
{{- if not (hasKey .Values.config "ATHENS_STORAGE_TYPE") -}}
{{- $_ := set .Values.config "ATHENS_STORAGE_TYPE" "disk" -}}
{{- end -}}
{{/* SETUP CONFIG */}}
{{ range $key, $value := .Values.config }}
{{ upper $key}}: {{ quote $value }}
{{ end }}

36
templates/service.yaml
View File

@@ -1,36 +0,0 @@
apiVersion: v1
kind: Service
metadata:
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
name: {{ include "athens-proxy.fullname" . }}
spec:
{{- with .Values.service.externalIPs }}
externalIPs:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- if .Values.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
{{- end }}
{{- if and .Values.service.loadBalancerClass (eq .Values.service.type "LoadBalancer") }}
loadBalancerClass: {{ .Values.service.loadBalancerClass }}
{{- end }}
{{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- with .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml . | nindent 2 }}
{{- end }}
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.service.targetPort }}
protocol: TCP
name: {{ .Values.service.name }}
selector:
{{- include "athens-proxy.selectorLabels" . | nindent 4 }}

19
templates/serviceAccount.yaml
View File

@@ -1,10 +1,25 @@
{{- if not .Values.serviceAccount.existing.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
{{- with .Values.serviceAccount.annotations }}
{{- with (include "athens-proxy.serviceAccount.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.serviceAccount.labels" . | fromYaml) }}
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
automountServiceAccountToken: {{ .Values.serviceAccount.new.automountServiceAccountToken }}
{{- with .Values.serviceAccount.new.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.serviceAccount.new.secrets }}
secrets:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

57
templates/serviceHTTP.yaml Normal file
View File

@@ -0,0 +1,57 @@
{{- if .Values.services.http.enabled }}
---
apiVersion: v1
kind: Service
metadata:
{{- with (include "athens-proxy.services.http.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.services.http.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.services.http.name" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- if not (empty .Values.services.http.externalIPs) }}
externalIPs:
{{- range .Values.services.http.externalIPs }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (or (eq .Values.services.http.type "LoadBalancer") (eq .Values.services.http.type "NodePort") ) .Values.services.http.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.services.http.externalTrafficPolicy }}
{{- end }}
internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.services.http.internalTrafficPolicy }}
{{- if .Values.services.http.ipFamilies }}
ipFamilies:
{{- range .Values.services.http.ipFamilies }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerClass }}
loadBalancerClass: {{ .Values.services.http.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerIP }}
loadBalancerIP: {{ .Values.services.http.loadBalancerIP }}
{{- end }}
{{- if eq .Values.services.http.type "LoadBalancer" }}
loadBalancerSourceRanges:
{{- range .Values.services.http.loadBalancerSourceRanges }}
- {{ . }}
{{- end }}
{{- end }}
ports:
- name: http
protocol: TCP
port: {{ required "No service port defined!" .Values.services.http.port }}
selector:
{{- include "athens-proxy.pod.selectorLabels" . | nindent 4 }}
sessionAffinity: {{ required "No session affinity defined!" .Values.services.http.sessionAffinity }}
{{- with .Values.services.http.sessionAffinityConfig }}
sessionAffinityConfig:
{{- toYaml . | nindent 4}}
{{- end }}
type: {{ required "No service type defined!" .Values.services.http.type }}
{{- end }}

15
templates/tests/test-connection.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "athens-proxy.fullname" . }}-test-connection"
labels:
{{- include "athens-proxy.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "athens-proxy.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

98
unittests/configMaps/downloadMode.yaml Normal file
View File

@@ -0,0 +1,98 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ConfigMap downloadMode
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
tests:
- it: Skip rending by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rending by using existing config map.
set:
config.downloadMode.enabled: true
config.downloadMode.existingConfigMap.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering with default values
set:
config.downloadMode.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ConfigMap
name: athens-proxy-unittest-download-mode-file
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: data.downloadMode
value: |
downloadURL = "https://proxy.golang.org"
mode = "async_redirect"
# download "github.com/gomods/*" {
# mode = "sync"
# }
#
# download "golang.org/x/*" {
# mode = "none"
# }
#
# download "github.com/pkg/*" {
# mode = "redirect"
# downloadURL = "https://proxy.golang.org"
# }
- it: Rendering custom annotations and labels.
set:
config.downloadMode.enabled: true
config.downloadMode.configMap.annotations:
foo: bar
bar: foo
config.downloadMode.configMap.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo
- it: Rendering custom configuration
set:
config.downloadMode.enabled: true
config.downloadMode.configMap.content: |
downloadURL = "https://proxy.golang.org"
mode = "async_redirect"
asserts:
- equal:
path: data.downloadMode
value: |
downloadURL = "https://proxy.golang.org"
mode = "async_redirect"

93
unittests/configMaps/gitConfig.yaml Normal file
View File

@@ -0,0 +1,93 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ConfigMap gitConfig
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapGitConfig.yaml
tests:
- it: Skip rending by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rending by using existing config map.
set:
config.gitConfig.enabled: true
config.gitConfig.existingConfigMap.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering by default.
set:
config.gitConfig.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ConfigMap
name: athens-proxy-unittest-git-config
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: data[".gitconfig"]
value: |
# The .gitconfig file
#
# The .gitconfig file contains the user specific git configuration. It generally resides in the user's home
# directory.
#
# [url "git@github.com:"] insteadOf = https://github.com/
- it: Rendering custom annotations and labels.
set:
config.gitConfig.enabled: true
config.gitConfig.configMap.annotations:
foo: bar
bar: foo
config.gitConfig.configMap.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo
- it: Rendering custom configuration
set:
config.gitConfig.enabled: true
config.gitConfig.configMap.content: |
[url "git@github.com:"]
insteadOf = https://github.com/
[url "git@git.cryptic.systems:"]
insteadOf = https://git.cryptic.systems/
asserts:
- equal:
path: data[".gitconfig"]
value: |
[url "git@github.com:"]
insteadOf = https://github.com/
[url "git@git.cryptic.systems:"]
insteadOf = https://git.cryptic.systems/

465
unittests/deployment/deployment.yaml Normal file
View File

@@ -0,0 +1,465 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/deployment.yaml
tests:
- it: Rendering default
asserts:
- hasDocuments:
count: 1
template: templates/deployment.yaml
- containsDocument:
apiVersion: apps/v1
kind: Deployment
name: athens-proxy-unittest
namespace: testing
template: templates/deployment.yaml
- notExists:
path: metadata.annotations
template: templates/deployment.yaml
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
template: templates/deployment.yaml
- equal:
path: spec.replicas
value: 1
template: templates/deployment.yaml
- equal:
path: spec.template.metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.affinity
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].args
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].command
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].envFrom
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].volumeMounts
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[0].image
value: docker.io/gomods/athens:0.1.0
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].resources
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].securityContext
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.dnsConfig
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.dnsPolicy
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.hostname
template: templates/deployment.yaml
- equal:
path: spec.template.spec.hostNetwork
value: false
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.imagePullSecrets
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.nodeSelector
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.priorityClassName
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.restartPolicy
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.subdomain
template: templates/deployment.yaml
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 60
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.tolerations
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.topologySpreadConstraints
template: templates/deployment.yaml
- equal:
path: spec.strategy
value:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template: templates/deployment.yaml
- it: Test custom replicas
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.replicas: 3
asserts:
- equal:
path: spec.replicas
value: 3
template: templates/deployment.yaml
- it: Test custom affinity
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: topology.kubernetes.io/zone
operator: In
values:
- antarctica-east1
- antarctica-west1
asserts:
- equal:
path: spec.template.spec.affinity
value:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: topology.kubernetes.io/zone
operator: In
values:
- antarctica-east1
- antarctica-west1
template: templates/deployment.yaml
- it: Test additional arguments
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.args:
- "--foo=bar"
- "--bar=foo"
asserts:
- equal:
path: spec.template.spec.containers[0].args
value:
- --foo=bar
- --bar=foo
template: templates/deployment.yaml
- it: Test additional command
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.command:
- "/bin/sh"
- "-c"
- "echo hello"
asserts:
- equal:
path: spec.template.spec.containers[0].command
value:
- "/bin/sh"
- "-c"
- "echo hello"
template: templates/deployment.yaml
- it: Test custom imageRegistry and imageRepository
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.image.registry: registry.example.local
deployment.athensProxy.image.repository: path/special/athens-proxy
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: registry.example.local/path/special/athens-proxy:0.1.0
template: templates/deployment.yaml
- it: Test custom imagePullPolicy
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.image.pullPolicy: Always
asserts:
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: Always
template: templates/deployment.yaml
- it: Test custom resource limits and requests
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.resources:
limits:
cpu: 100m
memory: 250MB
requests:
cpu: 25m
memory: 100MB
asserts:
- equal:
path: spec.template.spec.containers[0].env
value:
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
divisor: "1"
resource: limits.cpu
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[0].resources
value:
limits:
cpu: 100m
memory: 250MB
requests:
cpu: 25m
memory: 100MB
template: templates/deployment.yaml
- it: Test custom securityContext
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.securityContext:
capabilities:
add:
- NET_RAW
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
capabilities:
add:
- NET_RAW
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
template: templates/deployment.yaml
- it: Test dnsConfig
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.dnsConfig:
nameservers:
- "8.8.8.8"
- "8.8.4.4"
asserts:
- equal:
path: spec.template.spec.dnsConfig
value:
nameservers:
- "8.8.8.8"
- "8.8.4.4"
template: templates/deployment.yaml
- it: Test dnsPolicy
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.dnsPolicy: ClusterFirst
asserts:
- equal:
path: spec.template.spec.dnsPolicy
value: ClusterFirst
template: templates/deployment.yaml
- it: Test hostNetwork, hostname, subdomain
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.hostNetwork: true
deployment.hostname: pg-exporter
deployment.subdomain: exporters.internal
asserts:
- equal:
path: spec.template.spec.hostNetwork
value: true
template: templates/deployment.yaml
- equal:
path: spec.template.spec.hostname
value: pg-exporter
template: templates/deployment.yaml
- equal:
path: spec.template.spec.subdomain
value: exporters.internal
template: templates/deployment.yaml
- it: Test imagePullSecrets
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.imagePullSecrets:
- name: my-pull-secret
- name: my-special-secret
asserts:
- equal:
path: spec.template.spec.imagePullSecrets
value:
- name: my-pull-secret
- name: my-special-secret
template: templates/deployment.yaml
- it: Test nodeSelector
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.nodeSelector:
foo: bar
asserts:
- equal:
path: spec.template.spec.nodeSelector
value:
foo: bar
template: templates/deployment.yaml
- it: Test priorityClassName
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.priorityClassName: my-priority
asserts:
- equal:
path: spec.template.spec.priorityClassName
value: my-priority
template: templates/deployment.yaml
- it: Test restartPolicy
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.restartPolicy: Always
asserts:
- equal:
path: spec.template.spec.restartPolicy
value: Always
template: templates/deployment.yaml
- it: Test terminationGracePeriodSeconds
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.terminationGracePeriodSeconds: 120
asserts:
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 120
template: templates/deployment.yaml
- it: Test tolerations
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.tolerations:
- key: database/type
operator: Equal
value: postgres
effect: NoSchedule
asserts:
- equal:
path: spec.template.spec.tolerations
value:
- key: database/type
operator: Equal
value: postgres
effect: NoSchedule
template: templates/deployment.yaml
- it: Test topologySpreadConstraints
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.topologySpreadConstraints:
- topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: athens-proxy
asserts:
- equal:
path: spec.template.spec.topologySpreadConstraints
value:
- topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: athens-proxy
template: templates/deployment.yaml
- it: Test additional volumeMounts and volumes
set:
# Ensure that the secrets and config maps are well configured.
# Normal test values
deployment.athensProxy.volumeMounts:
- name: data
mountPath: /usr/lib/athens-proxy/data
deployment.volumes:
- name: data
hostPath:
path: /usr/lib/athens-proxy/data
asserts:
- equal:
path: spec.template.spec.containers[0].volumeMounts
value:
- name: data
mountPath: /usr/lib/athens-proxy/data
template: templates/deployment.yaml

105
unittests/deployment/downloadMode.yaml Normal file
View File

@@ -0,0 +1,105 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Rendering default without mounted download mode config map
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: download-mode
mountPath: /etc/athens/config/download-mode.d
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.volumes
content:
name: download-mode
configMap:
name: athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- it: Rendering default with mounted gitconfig configMap
set:
config.downloadMode.enabled: true
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: download-mode
mountPath: /etc/athens/config/download-mode.d
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: download-mode
configMap:
items:
- key: downloadMode
mode: 0644
path: download-mode
name: athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- it: Rendering with custom download mode configMap
set:
config.downloadMode.enabled: true
config.downloadMode.existingConfigMap.enabled: true
config.downloadMode.existingConfigMap.configMapName: "my-custom-configmap"
config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: download-mode
mountPath: /etc/athens/config/download-mode.d
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: download-mode
configMap:
items:
- key: "my-custom-download-mode-filename-key"
path: "download-mode"
mode: 0644
name: my-custom-configmap
template: templates/deployment.yaml

51
unittests/deployment/env.yaml Normal file
View File

@@ -0,0 +1,51 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/deployment.yaml
- templates/secretEnv.yaml
tests:
- it: Rendering default without mounted env secret
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: athens-proxy-unittest-env
template: templates/deployment.yaml
- it: Rendering default with mounted env secret
set:
config.env.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: athens-proxy-unittest-env
template: templates/deployment.yaml
- it: Rendering default with mounted env secret
set:
config.env.enabled: true
config.env.existingSecret.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: athens-proxy-unittest-env
template: templates/deployment.yaml

100
unittests/deployment/gitConfig.yaml Normal file
View File

@@ -0,0 +1,100 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Rendering default without mounted git config map
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.gitconfig
subPath: .gitconfig
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- configMap:
items:
- key: .gitconfig
path: .gitconfig
mode: 0600
name: athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- it: Rendering default with mounted gitconfig configMap
set:
config.gitConfig.enabled: true
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.gitconfig
subPath: .gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- configMap:
items:
- key: .gitconfig
path: .gitconfig
mode: 0644
name: athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- it: Rendering with custom gitconfig configMap
set:
config.gitConfig.enabled: true
config.gitConfig.existingConfigMap.enabled: true
config.gitConfig.existingConfigMap.configMapName: "my-custom-configmap"
config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.gitconfig
subPath: .gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- configMap:
items:
- key: my-gitconfig-key
path: .gitconfig
mode: 0644
name: my-custom-configmap
template: templates/deployment.yaml

99
unittests/deployment/netrc.yaml Normal file
View File

@@ -0,0 +1,99 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Rendering default without mounted netrc secret
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: netrc
mountPath: /root
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: .netrc
path: .netrc
mode: 0600
name: athens-proxy-unittest-netrc
template: templates/deployment.yaml
- it: Rendering default with mounted netrc secret
set:
config.netrc.enabled: true
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.netrc
subPath: .netrc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: .netrc
path: .netrc
mode: 0600
name: athens-proxy-unittest-netrc
template: templates/deployment.yaml
- it: Rendering with custom netrc secret
set:
config.netrc.enabled: true
config.netrc.existingSecret.enabled: true
config.netrc.existingSecret.secretName: "my-custom-secret"
config.netrc.existingSecret.netrcKey: "my-netrc-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.netrc
subPath: .netrc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: my-netrc-key
path: .netrc
mode: 0600
name: my-custom-secret
template: templates/deployment.yaml

77
unittests/deployment/persistentVolumeClaim.yaml Normal file
View File

@@ -0,0 +1,77 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Test persistent volume claim
set:
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_STORAGE_TYPE
value: disk
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DISK_STORAGE_ROOT
value: /var/www/athens-proxy/data
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /var/www/athens-proxy/data
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: athens-proxy-unittest-data
template: templates/deployment.yaml
- it: Test existing persistent volume claim
set:
config.netrc.enabled: true
persistence.enabled: true
persistence.data.mountPath: "/mnt/go-proxy/data"
persistence.data.existingPersistentVolumeClaim.enabled: true
persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName: "my-special-pvc"
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_STORAGE_TYPE
value: disk
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DISK_STORAGE_ROOT
value: /mnt/go-proxy/data
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /mnt/go-proxy/data
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: my-special-pvc
template: templates/deployment.yaml

254
unittests/deployment/ssh.yaml Normal file
View File

@@ -0,0 +1,254 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Rendering default without mounted ssh secret
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/config
subPath: config
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519
subPath: id_ed25519
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519.pub
subPath: id_ed25519.pub
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa
subPath: id_rsa
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa.pub
subPath: id_rsa.pub
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: config
path: config
mode: 0644
- key: id_ed25519
path: id_ed25519
mode: 0600
- key: id_ed25519.pub
path: id_ed25519.pub
mode: 0644
- key: id_rsa
path: id_rsa
mode: 0600
- key: id_rsa.pub
path: id_rsa.pub
mode: 0644
name: athens-proxy-unittest-ssh
template: templates/deployment.yaml
- it: Rendering default with mounted ssh config
set:
config.ssh.enabled: true
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/config
subPath: config
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: config
path: config
mode: 0600
name: athens-proxy-unittest-ssh
template: templates/deployment.yaml
- it: Rendering default with mounted ssh keys
set:
config.ssh.enabled: true
config.ssh.secret.id_ed25519: foo
config.ssh.secret.id_ed25519_pub: bar
config.ssh.secret.id_rsa: foo
config.ssh.secret.id_rsa_pub: bar
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/config
subPath: config
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519
subPath: id_ed25519
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519.pub
subPath: id_ed25519.pub
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa
subPath: id_rsa
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa.pub
subPath: id_rsa.pub
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: config
path: config
mode: 0600
- key: id_ed25519
path: id_ed25519
mode: 0600
- key: id_ed25519.pub
path: id_ed25519.pub
mode: 0644
- key: id_rsa
path: id_rsa
mode: 0600
- key: id_rsa.pub
path: id_rsa.pub
mode: 0644
name: athens-proxy-unittest-ssh
template: templates/deployment.yaml
- it: Rendering with custom ssh secret
set:
config.ssh.enabled: true
config.ssh.existingSecret.enabled: true
config.ssh.existingSecret.secretName: "my-custom-secret"
config.ssh.existingSecret.configKey : "my-config-key"
config.ssh.existingSecret.id_ed25519Key : "my-private-ed25519-key"
config.ssh.existingSecret.id_ed25519PubKey : "my-public-ed25519-key"
config.ssh.existingSecret.id_rsaKey : "my-private-rsa-key"
config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/config
subPath: config
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519
subPath: id_ed25519
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519.pub
subPath: id_ed25519.pub
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa
subPath: id_rsa
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa.pub
subPath: id_rsa.pub
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: my-config-key
path: config
mode: 0600
- key: my-private-ed25519-key
path: id_ed25519
mode: 0600
- key: my-public-ed25519-key
path: id_ed25519.pub
mode: 0644
- key: my-private-rsa-key
path: id_rsa
mode: 0600
- key: my-public-rsa-key
path: id_rsa.pub
mode: 0644
name: my-custom-secret
template: templates/deployment.yaml

116
unittests/hpa/default.yaml Normal file
View File

@@ -0,0 +1,116 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: HPA template (basic)
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/hpa.yaml
tests:
- it: Skip rendering by default.
asserts:
- hasDocuments:
count: 0
- it: Rendering when enabled - default
set:
hpa.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- contains:
path: spec.metrics
content:
resource:
name: cpu
target:
averageUtilization: 65
type: Utilization
type: Resource
- equal:
path: spec.maxReplicas
value: 10
- equal:
path: spec.minReplicas
value: 1
- equal:
path: spec.scaleTargetRef
value:
apiVersion: apps/v1
kind: Deployment
name: athens-proxy-unittest
- it: Rendering when enabled - custom values
set:
hpa.enabled: true
hpa.annotations:
foo: bar
hpa.labels:
bar: foo
hpa.maxReplicas: 25
hpa.minReplicas: 5
hpa.metrics:
- resource:
name: memory
target:
averageUtilization: 65
type: Utilization
type: Resource
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
name: athens-proxy-unittest
namespace: testing
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
bar: foo
helm.sh/chart: athens-proxy-0.1.0
- contains:
path: spec.metrics
content:
resource:
name: memory
target:
averageUtilization: 65
type: Utilization
type: Resource
- equal:
path: spec.maxReplicas
value: 25
- equal:
path: spec.minReplicas
value: 5
- equal:
path: spec.scaleTargetRef
value:
apiVersion: apps/v1
kind: Deployment
name: athens-proxy-unittest

139
unittests/ingress/ingress.yaml Normal file
View File

@@ -0,0 +1,139 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Ingress template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/ingress.yaml
tests:
- it: Skip ingress by default.
asserts:
- hasDocuments:
count: 0
- it: Skip ingress, when service is disabled.
set:
services.http.enabled: false
ingress.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Render ingress with default values.
set:
ingress.enabled: true
ingress.hosts:
- host: athens-proxy.example.local
paths:
- path: /
pathType: Prefix
ingress.tls:
- secretName: athens-proxy-http-tls
hosts:
- athens-proxy.example.local
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: Ingress
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: spec.ingressClassName
value: nginx
- contains:
path: spec.rules
content:
host: athens-proxy.example.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: athens-proxy-unittest-http
port:
number: 3000
- contains:
path: spec.tls
content:
hosts:
- athens-proxy.example.local
secretName: athens-proxy-http-tls
- it: Render ingress with custom values.
set:
ingress.enabled: true
ingress.annotations:
foo: bar
ingress.className: nginx
ingress.labels:
bar: foo
ingress.hosts:
- host: athens-proxy.example.local
paths:
- path: /
pathType: Prefix
ingress.tls:
- secretName: athens-proxy-http-tls
hosts:
- athens-proxy.example.local
services.http.port: 8080
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: Ingress
name: athens-proxy-unittest
namespace: testing
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
bar: foo
- equal:
path: spec.ingressClassName
value: nginx
- contains:
path: spec.rules
content:
host: athens-proxy.example.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: athens-proxy-unittest-http
port:
number: 8080
- contains:
path: spec.tls
content:
hosts:
- athens-proxy.example.local
secretName: athens-proxy-http-tls

98
unittests/networkPolicy/networkPolicy.yaml Normal file
View File

@@ -0,0 +1,98 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: NetworkPolicy template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/networkPolicy.yaml
tests:
- it: Skip rendering networkPolicy
set:
networkPolicy.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Render default networkPolicy
set:
networkPolicy.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: spec.podSelector.matchLabels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/name: athens-proxy
- notExists:
path: spec.policyTypes
- notExists:
path: spec.egress
- notExists:
path: spec.ingress
- it: Template networkPolicy with policyTypes, egress and ingress configuration
set:
networkPolicy.enabled: true
networkPolicy.policyTypes:
- Egress
- Ingress
networkPolicy.ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: monitoring
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
networkPolicy.egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
asserts:
- equal:
path: spec.policyTypes
value:
- Egress
- Ingress
- equal:
path: spec.egress
value:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
- equal:
path: spec.ingress
value:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: monitoring
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus

90
unittests/persistentVolumeClaim/persistentVolumeClaim.yaml Normal file
View File

@@ -0,0 +1,90 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: PersistentVolumeClaim template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/persistentVolumeClaim.yaml
tests:
- it: Rendering default
asserts:
- hasDocuments:
count: 0
- it: Rendering with enabled persistent storage
set:
persistence.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: PersistentVolumeClaim
name: athens-proxy-unittest-data
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: spec.accessModes
value:
- ReadWriteMany
- isSubset:
path: spec.resources
content:
requests:
storage: 5Gi
- notExists:
path: spec.storageClassName
- it: Rendering with custom enabled persistent storage
set:
persistence.enabled: true
persistence.data.persistentVolumeClaim.annotations:
foo: bar
persistence.data.persistentVolumeClaim.labels:
bar: foo
persistence.data.persistentVolumeClaim.storageClassName: my-storage-class
persistence.data.persistentVolumeClaim.storageSize: 10Gi
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: PersistentVolumeClaim
name: athens-proxy-unittest-data
namespace: testing
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
bar: foo
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: spec.accessModes
value:
- ReadWriteMany
- isSubset:
path: spec.resources
content:
requests:
storage: 10Gi
- equal:
path: spec.storageClassName
value: my-storage-class

77
unittests/secrets/env.yaml Normal file
View File

@@ -0,0 +1,77 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Secret environment variables
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/secretEnv.yaml
tests:
- it: Skip rendering by default
asserts:
- hasDocuments:
count: 0
- it: Skip rendering by using existing secret.
set:
config.env.enabled: true
config.env.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering env secret with default values.
set:
config.env.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Secret
name: athens-proxy-unittest-env
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- isNullOrEmpty:
path: stringData
- it: Rendering env secret with custom values.
set:
config.env.enabled: true
config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token
asserts:
- isSubset:
path: stringData
content:
ATHENS_GITHUB_TOKEN: my-secret-token
- it: Rendering custom annotations and labels.
set:
config.env.enabled: true
config.env.secret.annotations:
foo: bar
bar: foo
config.env.secret.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo

93
unittests/secrets/netrc.yaml Normal file
View File

@@ -0,0 +1,93 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Secret netrc template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/secretNetRC.yaml
tests:
- it: Skip rendering by default
asserts:
- hasDocuments:
count: 0
- it: Skip rendering by using existing secret.
set:
config.netrc.enabled: true
config.netrc.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering netrc secret with default values.
set:
config.netrc.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Secret
name: athens-proxy-unittest-netrc
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: stringData[".netrc"]
value: |
# The .netrc file
#
# The .netrc file contains login and initialization information used by the auto-login process. It generally
# resides in the user's home directory, but a location outside of the home directory can be set using the
# environment variable NETRC. Both locations are overridden by the command line option -N. The selected file
# must be a regular file, or access will be denied.
#
# https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
#
# default login [name] password [password/token]
# machine github.com [octocat] password [PAT]
# machine api.github.com [octocat] password [PAT]
- it: Rendering netrc secret with custom values.
set:
config.netrc.enabled: true
config.netrc.secret.content: |
default github.com hugo password kinnock
default api.github.com hugo password kinnock
asserts:
- equal:
path: stringData[".netrc"]
value: |
default github.com hugo password kinnock
default api.github.com hugo password kinnock
- it: Rendering custom annotations and labels.
set:
config.netrc.enabled: true
config.netrc.secret.annotations:
foo: bar
bar: foo
config.netrc.secret.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo

119
unittests/secrets/ssh.yaml Normal file
View File

@@ -0,0 +1,119 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Secret ssh template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/secretSSH.yaml
tests:
- it: Skip rending by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rendering by using existing secret.
set:
config.ssh.enabled: true
config.ssh.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering ssh secret with default values.
set:
config.ssh.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Secret
name: athens-proxy-unittest-ssh
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- equal:
path: stringData.config
value: |
# Host *
# IdentityFile ~/.ssh/id_ed25519
# IdentityFile ~/.ssh/id_rsa
- notExists:
path: stringData.id_ed25519
- notExists:
path: stringData["id_ed25519.pub"]
- notExists:
path: stringData.id_rsa
- notExists:
path: stringData["id_rsa.pub"]
- it: Rendering ssh secret with custom values.
set:
config.ssh.enabled: true
config.ssh.secret.config: |
Host *
IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_rsa
config.ssh.secret.id_ed25519: |
my-private-25519-key
config.ssh.secret.id_ed25519_pub: |
my-public-25519-key
config.ssh.secret.id_rsa: |
my-private-rsa-key
config.ssh.secret.id_rsa_pub: |
my-public-rsa-key
asserts:
- equal:
path: stringData.config
value: |
Host *
IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_rsa
- equal:
path: stringData.id_ed25519
value: |
my-private-25519-key
- equal:
path: stringData["id_ed25519.pub"]
value: |
my-public-25519-key
- equal:
path: stringData.id_rsa
value: |
my-private-rsa-key
- equal:
path: stringData["id_rsa.pub"]
value: |
my-public-rsa-key
- it: Rendering custom annotations and labels.
set:
config.ssh.enabled: true
config.ssh.secret.annotations:
foo: bar
bar: foo
config.ssh.secret.labels:
foo: bar
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo

79
unittests/serviceAccounts/serviceAccount.yaml Normal file
View File

@@ -0,0 +1,79 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ServiceAccount athens-proxy template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/serviceAccount.yaml
tests:
- it: Skip rendering.
set:
serviceAccount.existing.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering serviceAccount with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ServiceAccount
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- notExists:
path: metadata.labels
- equal:
path: automountServiceAccountToken
value: true
- notExists:
path: imagePullSecrets
- notExists:
path: secrets
- it: Rendering serviceAccount with custom values.
set:
serviceAccount.new.annotations:
foo: bar
serviceAccount.new.labels:
bar: foo
serviceAccount.new.automountServiceAccountToken: false
serviceAccount.new.imagePullSecrets:
- name: "my-pull-secret"
serviceAccount.new.secrets:
- name: "my-secret"
namespace: "my-namespace"
fieldPath: "my-path"
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
bar: foo
- equal:
path: metadata.name
value: athens-proxy-unittest
- equal:
path: automountServiceAccountToken
value: false
- equal:
path: imagePullSecrets
value:
- name: "my-pull-secret"
- equal:
path: secrets
value:
- name: "my-secret"
namespace: "my-namespace"
fieldPath: "my-path"

174
unittests/services/http.yaml Normal file
View File

@@ -0,0 +1,174 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Service http template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/serviceHTTP.yaml
tests:
- it: Skip service when disabled.
set:
services.http.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Rendering service with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Service
name: athens-proxy-unittest-http
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/service-name: http
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- notExists:
path: spec.externalIPs
- notExists:
path: spec.externalTrafficPolicy
- equal:
path: spec.internalTrafficPolicy
value: Cluster
- notExists:
path: spec.ipFamilies
- notExists:
path: spec.loadBalancerClass
- notExists:
path: spec.loadBalancerIP
- notExists:
path: spec.loadBalancerSourceRanges
- equal:
path: spec.ports[0].name
value: http
- equal:
path: spec.ports[0].protocol
value: TCP
- equal:
path: spec.ports[0].port
value: 3000
- equal:
path: spec.selector
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/name: athens-proxy
- equal:
path: spec.sessionAffinity
value: None
- notExists:
path: spec.sessionAffinityConfig
- equal:
path: spec.type
value: ClusterIP
- it: Require internalTrafficPolicy.
set:
services.http.internalTrafficPolicy: ""
asserts:
- failedTemplate:
errorMessage: No internal traffic policy defined!
- it: Require port.
set:
services.http.port: ""
asserts:
- failedTemplate:
errorMessage: No service port defined!
- it: Require sessionAffinity.
set:
services.http.sessionAffinity: ""
asserts:
- failedTemplate:
errorMessage: No session affinity defined!
- it: Require service type.
set:
services.http.type: ""
asserts:
- failedTemplate:
errorMessage: No service type defined!
- it: Render service with custom annotations and labels.
set:
services.http.annotations:
foo: bar
services.http.labels:
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/service-name: http
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
bar: foo
- it: Change defaults
set:
services.http.externalIPs:
- "10.11.12.13/32"
services.http.externalTrafficPolicy: Local
services.http.internalTrafficPolicy: Local
services.http.ipFamilies:
- IPv4
services.http.loadBalancerClass: aws
services.http.loadBalancerIP: "11.12.13.14"
services.http.loadBalancerSourceRanges:
- "11.12.0.0/17"
services.http.port: 10443
services.http.sessionAffinity: ClientIP
services.http.type: LoadBalancer
asserts:
- equal:
path: spec.externalIPs
value:
- 10.11.12.13/32
- equal:
path: spec.externalTrafficPolicy
value: Local
- equal:
path: spec.internalTrafficPolicy
value: Local
- equal:
path: spec.ipFamilies
value:
- IPv4
- equal:
path: spec.loadBalancerClass
value: aws
- equal:
path: spec.loadBalancerIP
value: "11.12.13.14"
- equal:
path: spec.loadBalancerSourceRanges
value:
- "11.12.0.0/17"
- equal:
path: spec.ports[0].port
value: 10443
- equal:
path: spec.sessionAffinity
value: ClientIP
- equal:
path: spec.type
value: LoadBalancer

636
values.yaml
View File

@@ -1,36 +1,33 @@
affinity: {}
image:
repository: docker.io/gomods/athens
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
# Declare variables to be passed into your templates.
## @section Global
## @param nameOverride Individual release name suffix.
## @param fullnameOverride Override the complete release name logic.
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
## @section Configuration
config:
env:
## @param config.env.enabled Enable mounting of the secret as environment variables.
enabled: false
podPriorityClassName: ""
## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables.
## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables.
existingSecret:
enabled: false
secretName: ""
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
config: {}
## @param config.env.secret.annotations Additional annotations of the secret containing the database credentials.
## @param config.env.secret.labels Additional labels of the secret containing the database credentials.
## @param config.env.secret.envs List of environment variables stored in a secret and mounted into the container.
secret:
annotations: {}
labels: {}
envs: {}
# ATHENS_AZURE_ACCOUNT_KEY:
# ATHENS_AZURE_ACCOUNT_NAME:
# ATHENS_AZURE_CONTAINER_NAME:
# ATHENS_CLOUD_RUNTIME:
# ATHENS_DOWNLOAD_MODE:
# ATHENS_DOWNLOAD_URL:
# ATHENS_ETCD_ENDPOINTS:
# ATHENS_EXTERNAL_STORAGE_URL:
@@ -67,7 +64,6 @@ config: {}
# ATHENS_MONGO_DEFAULT_DATABASE:
# ATHENS_MONGO_INSECURE:
# ATHENS_MONGO_STORAGE_URL:
# ATHENS_NETRC_PATH:
# ATHENS_PATH_PREFIX:
# ATHENS_PORT:
# ATHENS_PROTOCOL_WORKERS:
@@ -80,7 +76,6 @@ config: {}
# ATHENS_STATS_EXPORTER:
# ATHENS_STORAGE_GCP_BUCKET:
# ATHENS_STORAGE_GCP_JSON_KEY:
# ATHENS_STORAGE_TYPE:
# ATHENS_SUM_DBS:
# ATHENS_TIMEOUT:
# ATHENS_TLSCERT_FILE:
@@ -102,98 +97,529 @@ config: {}
# MY_S3_BUCKET_NAME:
# PROXY_FORCE_SSL:
livenessProbe:
httpGet:
scheme: HTTP
path: /healthz
port: http
downloadMode:
## @param config.downloadMode.enabled Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined.
enabled: false
replicaCount: 1
## @param config.downloadMode.existingConfigMap.enabled Enable to use an external config map for mounting the download mode file.
## @param config.downloadMode.existingConfigMap.configMapName The name of the existing config map which should be used to mount the download mode file.
## @param config.downloadMode.existingConfigMap.downloadModeKey The name of the key inside the config map where the content of the download mode file is stored.
existingConfigMap:
enabled: false
configMapName: ""
downloadModeKey: "downloadMode"
serviceAccount:
## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file.
## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file.
## @skip config.downloadMode.configMap.content The content of the download mode file.
configMap:
annotations: {}
labels: {}
content: |
downloadURL = "https://proxy.golang.org"
service:
mode = "async_redirect"
# download "github.com/gomods/*" {
# mode = "sync"
# }
#
# download "golang.org/x/*" {
# mode = "none"
# }
#
# download "github.com/pkg/*" {
# mode = "redirect"
# downloadURL = "https://proxy.golang.org"
# }
gitConfig:
## @param config.gitConfig.enabled Enable mounting of a .gitconfig file into the container file system.
enabled: false
## @param config.gitConfig.existingConfigMap.enabled Enable to use an external config map for mounting the .gitconfig file.
## @param config.gitConfig.existingConfigMap.configMapName The name of the existing config map which should be used to mount the .gitconfig file.
## @param config.gitConfig.existingConfigMap.gitConfigKey The name of the key inside the config map where the content of the .gitconfig file is stored.
existingConfigMap:
enabled: false
configMapName: ""
gitConfigKey:
## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the .gitconfig file.
## @param config.gitConfig.configMap.labels Additional labels of the config map containing the .gitconfig file.
## @skip config.gitConfig.configMap.content The content of the .gitconfig file.
configMap:
annotations: {}
# externalIPs: []
# externalTrafficPolicy: "Cluster"
# loadBalancerClass: ""
# loadBalancerIP: ""
# loadBalancerSourceRanges: []
# internalTrafficPolicy: "Cluster"
name: http
targetPort: 3000
type: ClusterIP
port: 3000
labels: {}
content: |
# The .gitconfig file
#
# The .gitconfig file contains the user specific git configuration. It generally resides in the user's home
# directory.
#
# [url "git@github.com:"] insteadOf = https://github.com/
netrc:
## @param config.netrc.enabled Enable mounting of a .netrc file into the container file system.
enabled: false
## @param config.netrc.existingSecret.enabled Enable to use an external secret for mounting the .netrc file.
## @param config.netrc.existingSecret.secretName The name of the existing secret which should be used to mount the .netrc file.
## @param config.netrc.existingSecret.netrcKey The name of the key inside the secret where the content of the .netrc file is stored.
existingSecret:
enabled: false
secretName: ""
netrcKey: ".netrc"
## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials.
## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials.
## @skip config.netrc.secret.content The content of the .netrc file.
secret:
annotations: {}
labels: {}
content: |
# The .netrc file
#
# The .netrc file contains login and initialization information used by the auto-login process. It generally
# resides in the user's home directory, but a location outside of the home directory can be set using the
# environment variable NETRC. Both locations are overridden by the command line option -N. The selected file
# must be a regular file, or access will be denied.
#
# https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
#
# default login [name] password [password/token]
# machine github.com [octocat] password [PAT]
# machine api.github.com [octocat] password [PAT]
ssh:
## @param config.ssh.enabled Enable mounting of a .netrc file into the container file system.
enabled: false
## @param config.ssh.existingSecret.enabled Enable to use an external secret for mounting the public and private SSH key files.
## @param config.ssh.existingSecret.secretName The name of the existing secret which should be used to mount the public and private SSH key files.
## @param config.ssh.existingSecret.configKey The name of the key inside the secret where the content of the SSH client config file is stored.
## @param config.ssh.existingSecret.id_ed25519Key The name of the key inside the secret where the content of the id_ed25519 key file is stored.
## @param config.ssh.existingSecret.id_ed25519PubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.
## @param config.ssh.existingSecret.id_rsaKey The name of the key inside the secret where the content of the id_rsa key file is stored.
## @param config.ssh.existingSecret.id_rsaPubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.
existingSecret:
enabled: false
secretName: ""
configKey: "config"
id_ed25519Key: "id_ed25519"
id_ed25519PubKey: "id_ed25519.pub"
id_rsaKey: "id_rsa"
id_rsaPubKey: "id_rsa.pub"
## @param config.ssh.secret.annotations Additional annotations of the secret containing the public and private SSH key files.
## @param config.ssh.secret.labels Additional labels of the secret containing the public and private SSH key files.
## @skip config.ssh.secret.config The content of the SSH client config file.
## @skip config.ssh.secret.id_ed25519 The content of the private SSH ed25519 key.
## @skip config.ssh.secret.id_ed25519_pub The content of the public SSH ed25519 key.
## @skip config.ssh.secret.id_rsa The content of the private SSH RSA key.
## @skip config.ssh.secret.id_rsa_pub The content of the public SSH RSA key.
secret:
annotations: {}
labels: {}
config: |
# Host *
# IdentityFile ~/.ssh/id_ed25519
# IdentityFile ~/.ssh/id_rsa
id_ed25519: ""
id_ed25519_pub: ""
id_rsa: ""
id_rsa_pub: ""
## @section Deployment
deployment:
## @param deployment.annotations Additional deployment annotations.
## @param deployment.labels Additional deployment labels.
annotations: {}
labels: {}
## @param deployment.additionalContainers List of additional containers.
additionalContainers: []
# - command: [ "sh", "-c", "echo hello world" ]
# image: "docker.io/library/busybox:latest"
# name: side-car
## @param deployment.affinity Affinity for the athens-proxy deployment.
affinity: {}
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/os
# operator: In
# values:
# - linux
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 20
# preference:
# matchExpressions:
# - key: kubernetes.io/arch
# operator: In
# values:
# - amd64
## @param deployment.initContainers List of additional init containers.
initContainers: []
# - command: [ "sh", "-c", "echo hello world" ]
# image: "docker.io/library/busybox:latest"
# name: init
## @param deployment.dnsConfig dnsConfig of the athens-proxy deployment.
dnsConfig: {}
# nameservers:
# - 192.0.2.1 # this is an example
# searches:
# - ns1.svc.cluster-domain.example
# - my.dns.search.suffix
# options:
# - name: ndots
# value: "2"
# - name: edns0
## @param deployment.dnsPolicy dnsPolicy of the athens-proxy deployment.
dnsPolicy: ""
## @param deployment.hostname Individual hostname of the pod.
## @param deployment.subdomain Individual domain of the pod.
hostname: ""
subdomain: ""
## @param deployment.hostNetwork Use the kernel network namespace of the host system.
hostNetwork: false
## @param deployment.imagePullSecrets Secret to use for pulling the image.
imagePullSecrets: []
# - name: "my-custom-secret"
athensProxy:
## @param deployment.athensProxy.args Arguments passed to the athens-proxy container.
args: []
## @param deployment.athensProxy.command Command passed to the athens-proxy container.
command: []
## @param deployment.athensProxy.env List of environment variables for the athens-proxy container.
env: []
# - name: SPECIAL_ENV_A
# value: special-key
# - name: SPECIAL_ENV
# valueFrom:
# configMapKeyRef:
# name: special-config
# key: special-key
# - name: SPECIAL_ENV
# valueFrom:
# secretKeyRef:
# name: special-secret
# key: special-key
## @param deployment.athensProxy.envFrom List of environment variables mounted from configMaps or secrets for the athens-proxy container.
envFrom: []
# - configMapRef:
# name: special-config
# - secretRef:
# name: special-secret
## @param deployment.athensProxy.image.registry Image registry, eg. `docker.io`.
## @param deployment.athensProxy.image.repository Image repository, eg. `library/busybox`.
## @param deployment.athensProxy.image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`.
## @param deployment.athensProxy.image.pullPolicy Image pull policy.
image:
registry: docker.io
repository: gomods/athens
tag: ""
pullPolicy: IfNotPresent
## @param deployment.athensProxy.resources CPU and memory resources of the pod.
resources: {}
# limits:
# cpu:
# ephemeral-storage:
# memory:
# requests:
# cpu:
# ephemeral-storage:
# memory:
## @param deployment.athensProxy.securityContext Security context of the container of the deployment.
securityContext: {}
# capabilities:
# add:
# - NET_RAW
# drop:
# - ALL
# privileged: false
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
## @param deployment.athensProxy.volumeMounts Additional volume mounts.
volumeMounts: []
# - name: my-configmap-volume
# mountPath: /configmap
# readOnly: true
## @param deployment.nodeSelector NodeSelector of the athens-proxy deployment.
nodeSelector: {}
## @param deployment.priorityClassName PriorityClassName of the athens-proxy deployment.
priorityClassName: ""
## @param deployment.replicas Number of replicas for the athens-proxy deployment.
replicas: 1
## @param deployment.restartPolicy Restart policy of the athens-proxy deployment.
restartPolicy: ""
## @param deployment.securityContext Security context of the athens-proxy deployment.
securityContext: {}
# fsGroup: 2000
## @param deployment.strategy.type Strategy type - `Recreate` or `RollingUpdate`.
## @param deployment.strategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update.
## @param deployment.strategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update.
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod.
terminationGracePeriodSeconds: 60
## @param deployment.tolerations Tolerations of the athens-proxy deployment.
tolerations: []
# - key: database/type
# operator: Equal
# value: postgres
# effect: NoSchedule
## @param deployment.topologySpreadConstraints TopologySpreadConstraints of the athens-proxy deployment.
topologySpreadConstraints: []
# - topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/instance: prometheus-athens-proxy
## @param deployment.volumes Additional volumes to mount into the pods of the prometheus-exporter deployment.
volumes: []
# - name: my-configmap-volume
# config:
# name: my-configmap
# - name: my-secret-volume
# secret:
# secretName: my-secret
## @section Horizontal Pod Autoscaler (HPA)
# In order for the HPA to function successfully, a metric server is required, especially for resource consumption. The
# metric server enables the CPU and memory utilisation to be recorded. If such a metric server is not available, the HPA
# cannot scale pods based on CPU or memory utilisation. Further information be be found here:
# https://github.com/kubernetes-sigs/metrics-server#deployment
hpa:
## @param hpa.enabled Enable the horizontal pod autoscaler (HPA).
## @param hpa.annotations Additional annotations for the HPA.
## @param hpa.labels Additional labels for the HPA.
## @param hpa.metrics Metrics contains the specifications for which to use to calculate the desired replica count.
## @skip hpa.metrics Skip individual HPA metric configurations.
## @param hpa.minReplicas Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down.
## @param hpa.maxReplicas Upper limit for the number of pods that can be set by the autoscaler.
enabled: false
annotations: {}
labels: {}
metrics:
- resource:
name: cpu
target:
averageUtilization: 65
type: Utilization
type: Resource
# - resource:
# name: memory
# target:
# averageUtilization: 65
# type: Utilization
minReplicas: 1
maxReplicas: 10
## @section Ingress
ingress:
## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled.
## @param ingress.className Ingress class.
## @param ingress.annotations Additional ingress annotations.
## @param ingress.labels Additional ingress labels.
enabled: false
className: "nginx"
annotations: {}
# kubernetes.io/ingress.class: nginx
# cert-manager.io/issuer:
# kubernetes.io/tls-acme: "true"
hosts:
- host: "your-hostname"
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: "your-tls-secret"
hosts:
- "your-hostname"
labels: {}
readinessProbe:
httpGet:
scheme: HTTP
path: /healthz
port: http
## @param ingress.hosts Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k.
## @skip ingress.hosts Skip individual host configuration.
hosts: []
# - host: athens-proxy.example.local
# paths:
# - path: /
# pathType: Prefix
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## @param ingress.tls Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``.
## @skip ingress.tls Skip individual TLS configuration.
tls: []
# - secretName: athens-proxy-http-tls
# hosts:
# - athens-proxy.example.local
nodeSelector:
kubernetes.io/arch: amd64
## @section Persistence
persistence:
## @param persistence.enabled Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined.
enabled: false
tolerations: []
data:
## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`.
mountPath: "/var/www/athens-proxy/data"
# extra volumes for the pod
extraVolumes: {}
# The following example mount the same secret, which contains tls certificates
# under different names. Each volume mount contains only selected items of the
# secret. This make it easier to place the items on different locations inside the
# container filesystem via extraVolumeMounts.
# - name: custom-ca-anchor
# secret:
# secretName: athens-proxy-custom-tls-certificates
# items:
# - key: ca.crt
# path: ca.crt
# mode: 0444
# - name: custom-tls-certificates
# secret:
# secretName: athens-proxy-custom-tls-certificates
# items:
# - key: tls.key
# path: tls.key
# mode: 0400
# - key: tls.crt
# path: tls.crt
# mode: 0444
## @param persistence.data.existingPersistentVolumeClaim.enabled TODO
## @param persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName TODO
existingPersistentVolumeClaim:
enabled: false
persistentVolumeClaimName: ""
extraVolumeMounts: {}
# The following example follows the example of extraVolumes and mounts the
# volumes to the corresponding paths in the container filesystem.
# - name: custom-ca-anchor
# mountPath: /usr/local/share/ca-certificates
# - name: custom-tls-certificates
# mountPath: /etc/athens-proxy/tls
## @param persistence.data.persistentVolumeClaim.annotations Additional persistent volume claim annotations.
## @param persistence.data.persistentVolumeClaim.labels Additional persistent volume claim labels.
## @param persistence.data.persistentVolumeClaim.accessModes Access modes of the persistent volume claim.
## @param persistence.data.persistentVolumeClaim.storageClass Storage class of the persistent volume claim.
## @param persistence.data.persistentVolumeClaim.storageSize Size of the persistent volume claim.
persistentVolumeClaim:
annotations: {}
labels: {}
accessModes:
- ReadWriteMany
storageClass: ""
storageSize: "5Gi"
## @section Network Policy
networkPolicy:
## @param networkPolicy.enabled Enable network policies in general.
## @param networkPolicy.annotations Additional network policy annotations.
## @param networkPolicy.labels Additional network policy labels.
## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
## @param networkPolicy.egress Concrete egress network policy implementation.
## @skip networkPolicy.egress Skip individual egress configuration.
## @param networkPolicy.ingress Concrete ingress network policy implementation.
## @skip networkPolicy.ingress Skip individual ingress configuration.
enabled: false
annotations: {}
labels: {}
policyTypes: []
# - Egress
# - Ingress
egress: []
# Allow outgoing traffic to database host
#
# - to:
# - ipBlock:
# cidr: 192.168.179.1/32
# ports:
# - port: 5432
# protocol: TCP
# Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
#
# - to:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: kube-system
# podSelector:
# matchLabels:
# k8s-app: kube-dns
# ports:
# - port: 53
# protocol: TCP
# - port: 53
# protocol: UDP
ingress: []
# Allow incoming HTTP traffic from prometheus.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: monitoring
# podSelector:
# matchLabels:
# app.kubernetes.io/name: prometheus
# ports:
# - port: http
# protocol: TCP
# Allow incoming HTTP traffic from ingress-nginx.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: ingress-nginx
# podSelector:
# matchLabels:
# app.kubernetes.io/name: ingress-nginx
# ports:
# - port: http
# protocol: TCP
## @section Service
## @param services.http.enabled Enable the service.
## @param services.http.annotations Additional service annotations.
## @param services.http.externalIPs External IPs for the service.
## @param services.http.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation.
## @param services.http.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic.
## @param services.http.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization.
## @param services.http.labels Additional service labels.
## @param services.http.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`.
## @param services.http.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.
## @param services.http.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.
## @param services.http.port Port to forward the traffic to.
## @param services.http.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.
## @param services.http.sessionAffinityConfig Contains the configuration of the session affinity.
## @param services.http.type Kubernetes service type for the traffic.
services:
http:
enabled: true
annotations: {}
externalIPs: []
externalTrafficPolicy: "Cluster"
internalTrafficPolicy: "Cluster"
ipFamilies: []
labels: {}
loadBalancerClass: ""
loadBalancerIP: ""
loadBalancerSourceRanges: []
port: 3000
sessionAffinity: "None"
sessionAffinityConfig: {}
type: "ClusterIP"
## @section ServiceAccount
serviceAccount:
## @param serviceAccount.existing.enabled Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations.
## @param serviceAccount.existing.serviceAccountName Name of the existing service account.
existing:
enabled: false
serviceAccountName: ""
## @param serviceAccount.new.annotations Additional service account annotations.
## @param serviceAccount.new.labels Additional service account labels.
## @param serviceAccount.new.automountServiceAccountToken Enable/disable auto mounting of the service account token.
## @param serviceAccount.new.imagePullSecrets ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount.
## @param serviceAccount.new.secrets Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.
new:
annotations: {}
labels: {}
automountServiceAccountToken: true
imagePullSecrets: []
# - name: "my-image-pull-secret"
secrets: []
# - name: "my-secret"
# namespace: "my-namespace"
# fieldPath: "my-field"