You've already forked athens-proxy-charts
							
							Compare commits
	
		
			25 Commits
		
	
	
		
			1.0.0
			...
			d7222794ca
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| d7222794ca | |||
| 4974d63a8c | |||
| 1bbd0352c3 | |||
| ccdf377aaa | |||
| 64790fc316 | |||
| 2c88d6698b | |||
| 9abdb1ca3a | |||
| 81f14405fd | |||
| 7b37bfc373 | |||
| bba0df90ff | |||
| cb312817c3 | |||
| fe428d83d2 | |||
| 4c94529eab | |||
| 297f36920a | |||
| 4102fc9014 | |||
| be923ed95f | |||
| f07ff039ce | |||
| a11be194cc | |||
| 7908de9313 | |||
| adfe40a9c7 | |||
| eadbcf243b | |||
| 0caa188bb1 | |||
| 3bce806ed6 | |||
| 5c09cf8c79 | |||
| d4b5c0c86f | 
| @@ -15,7 +15,7 @@ on: | ||||
| jobs: | ||||
|   generate-parameters: | ||||
|     container: | ||||
|       image: docker.io/library/node:24.10.0-alpine | ||||
|       image: docker.io/library/node:25.0.0-alpine | ||||
|     runs-on: | ||||
|     - ubuntu-latest | ||||
|     steps: | ||||
|   | ||||
| @@ -15,7 +15,7 @@ on: | ||||
| jobs: | ||||
|   markdown-link-checker: | ||||
|     container: | ||||
|       image: docker.io/library/node:24.10.0-alpine | ||||
|       image: docker.io/library/node:25.0.0-alpine | ||||
|     runs-on: | ||||
|     - ubuntu-latest | ||||
|     steps: | ||||
| @@ -31,7 +31,7 @@ jobs: | ||||
|  | ||||
|   markdown-lint: | ||||
|     container: | ||||
|       image: docker.io/library/node:24.10.0-alpine | ||||
|       image: docker.io/library/node:25.0.0-alpine | ||||
|     runs-on: | ||||
|     - ubuntu-latest | ||||
|     steps: | ||||
|   | ||||
							
								
								
									
										8
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| { | ||||
|   "yaml.schemas": { | ||||
|     "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [ | ||||
|       "/unittests/**/*.yaml" | ||||
|     ] | ||||
|   }, | ||||
|   "yaml.schemaStore.enable": true | ||||
| } | ||||
| @@ -3,7 +3,7 @@ annotations: | ||||
|     - name: Athens proxy (binary) | ||||
|       url: https://github.com/gomods/athens | ||||
|     - name: support | ||||
|       url: https://git.cryptic.systems/volker.raschek/athens-proxy/issues | ||||
|       url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues | ||||
| apiVersion: v2 | ||||
| name: athens-proxy | ||||
| description: Athens proxy server for golang | ||||
| @@ -19,6 +19,6 @@ keywords: | ||||
| - go-proxy | ||||
|  | ||||
| sources: | ||||
| - https://github.com/volker-raschek/athens-proxy-charts | ||||
| - https://git.cryptic.systems/volker.raschek/athens-proxy-charts | ||||
| - https://github.com/gomods/athens | ||||
| - https://hub.docker.com/r/gomods/athens | ||||
|   | ||||
							
								
								
									
										2
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										2
									
								
								Makefile
									
									
									
									
									
								
							| @@ -10,7 +10,7 @@ HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}: | ||||
| # NODE_IMAGE | ||||
| NODE_IMAGE_REGISTRY_HOST?=docker.io | ||||
| NODE_IMAGE_REPOSITORY?=library/node | ||||
| NODE_IMAGE_VERSION?=24.10.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node | ||||
| NODE_IMAGE_VERSION?=25.0.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node | ||||
| NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION} | ||||
|  | ||||
| # MISSING DOT | ||||
|   | ||||
							
								
								
									
										183
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										183
									
								
								README.md
									
									
									
									
									
								
							| @@ -40,7 +40,7 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi | ||||
| versions can break something! | ||||
|  | ||||
| ```bash | ||||
| CHART_VERSION=1.0.0 | ||||
| CHART_VERSION=1.1.1 | ||||
| helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml | ||||
| ``` | ||||
|  | ||||
| @@ -54,7 +54,7 @@ The helm chart also contains a persistent volume claim definition. It persistent | ||||
| Use the `--set` argument to persist your data. | ||||
|  | ||||
| ```bash | ||||
| CHART_VERSION=1.0.0 | ||||
| CHART_VERSION=1.1.1 | ||||
| helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||
|   persistence.enabled=true | ||||
| ``` | ||||
| @@ -84,13 +84,64 @@ Further information about this topic can be found in one of Kanishk's blog | ||||
| > Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully. | ||||
|  | ||||
| ```bash | ||||
| CHART_VERSION=1.0.0 | ||||
| CHART_VERSION=1.1.1 | ||||
| helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||
|   --set 'deployment.athensProxy.env.name=GOMAXPROCS' \ | ||||
|   --set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \ | ||||
|   --set 'deployment.athensProxy.resources.limits.cpu=1000m' | ||||
| ``` | ||||
|  | ||||
| #### TLS encryption | ||||
|  | ||||
| The example shows how to deploy the application with TLS encryption. For example when **no** HTTP ingress is used for | ||||
| TLS determination and instead the application it self should determinate the TLS handshake. To generate the TLS | ||||
| certificate can be used the [cert-manager](https://cert-manager.io/). The chart supports the creation of such a TLS | ||||
| certificate via `cert-manager.io/v1 Certificate` resource. Alternatively can be mounted a TLS certificate from a secret. | ||||
| The secret must be from type `kubernetes.io/tls`. | ||||
|  | ||||
| > [!WARNING] | ||||
| > The following example expects that the [cert-manager](https://cert-manager.io/) is deployed and the `Issuer` named | ||||
| > `athens-proxy-ca` is present in the same namespace of the helm deployment. | ||||
|  | ||||
| ```bash | ||||
| CHART_VERSION=1.1.1 | ||||
| helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||
|   --set 'config.certificate.enabled=true' \ | ||||
|   --set 'config.certificate.new.issuerRef.kind=Issuer' \ | ||||
|   --set 'config.certificate.new.issuerRef.name=athens-proxy-ca' | ||||
| ``` | ||||
|  | ||||
| The environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` are automatically added and the TLS certificate | ||||
| and private key are mounted to a pre-defined destination inside the container file system. | ||||
|  | ||||
| #### TLS certificate rotation | ||||
|  | ||||
| If the application uses TLS certificates that are mounted as a secret in the container file system like the example | ||||
| [above](#tls-encryption), the application will not automatically apply them when the TLS certificates are rotated. Such | ||||
| a rotation can be for example triggered, when the [cert-manager](https://cert-manager.io/) issues new TLS certificates | ||||
| before expiring. | ||||
|  | ||||
| Until the exporter does not support rotating TLS certificate a workaround can be applied. For example stakater's | ||||
| [reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update. The following | ||||
| annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted configMaps | ||||
| and secrets have been changed. | ||||
|  | ||||
| ```yaml | ||||
| deployment: | ||||
|   annotations: | ||||
|     reloader.stakater.com/auto: "true" | ||||
| ``` | ||||
|  | ||||
| Instead of triggering a rolling update for configMap and secret resources, this action can also be defined for | ||||
| individual items. For example, when the secret named `athens-proxy-tls` is mounted and the reloader controller should | ||||
| only listen for changes of this secret: | ||||
|  | ||||
| ```yaml | ||||
| deployment: | ||||
|   annotations: | ||||
|     secret.reloader.stakater.com/reload: "athens-proxy-tls" | ||||
| ``` | ||||
|  | ||||
| #### Network policies | ||||
|  | ||||
| Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom | ||||
| @@ -149,7 +200,8 @@ networkPolicies: | ||||
|  | ||||
| The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in | ||||
| connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll | ||||
| Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments). | ||||
| Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments). Please ensure, that no | ||||
| third party application modifies the config maps or secret afterwards. | ||||
|  | ||||
| The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the | ||||
| content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version, | ||||
| @@ -158,20 +210,50 @@ Helm render order, different timestamps). | ||||
| This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this | ||||
| can lead to unnecessary notifications from ArgoCD. | ||||
|  | ||||
| To avoid this, the annotation with the shasum must be ignored. Below is a diff that adds the `Application` to ignore all | ||||
| annotations with the prefix `checksum`. | ||||
| To avoid this, the annotation with the shasum can be ignored. However, this negates the mechanism of [Automatically Roll | ||||
| Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments). | ||||
|  | ||||
| Below is a diff that adds the `Application` to ignore all annotations with the prefix `checksum`. | ||||
|  | ||||
| > [!WARNING] | ||||
| > Configurations of `ignoreDifferences` always refer to the determination of a drift and whether a possible sync is | ||||
| > necessary. If the selected attributes should also be ignored in deployment afterwards, define | ||||
| > `RespectIgnoreDifferences=true` in your `Application` resource. Further information can be found in the ArgoCD | ||||
| > [documentation](https://argo-cd.readthedocs.io/en/latest/user-guide/sync-options/#respect-ignore-differences-configs). | ||||
|  | ||||
| ```diff | ||||
|   apiVersion: argoproj.io/v1alpha1 | ||||
|   kind: Application | ||||
|   spec: | ||||
| +   ignoreDifferences: | ||||
| +   - group: apps/v1 | ||||
| +   - group: apps | ||||
| +     kind: Deployment | ||||
| +     jqPathExpressions: | ||||
| +     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))' | ||||
| ``` | ||||
|  | ||||
| The definition of ignoreDifferences ensures that annotations with the prefix checksum are ignored during a diff. | ||||
|  | ||||
| > [!TIP] | ||||
| > If the [reloader](https://github.com/stakater/Reloader) is configured as described in section [TLS certificate | ||||
| > rotation](#tls-certificate-rotation), ensure that the shasum defined as annotation or environment variable is also | ||||
| > ignored. The [reloader](https://github.com/stakater/Reloader) will modify the deployment based on his configuration | ||||
| > and append additional annotations or environment variables containing the shasum. Below are some examples how to adapt | ||||
| > the `ignoreDifferences` configuration to ignore only the annotations and environment variables of stakater's | ||||
| > [reloader](https://github.com/stakater/Reloader). | ||||
|  | ||||
| ```diff | ||||
|   apiVersion: argoproj.io/v1alpha1 | ||||
|   kind: Application | ||||
|   spec: | ||||
|     ignoreDifferences: | ||||
|     - group: apps | ||||
|       kind: Deployment | ||||
|       jqPathExpressions: | ||||
| +     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("reloader")))' | ||||
| +     - '.spec.template.spec.containers[].env[] | select(.name | startswith("STAKATER_"))' | ||||
| ``` | ||||
|  | ||||
| ## Parameters | ||||
|  | ||||
| ### Global | ||||
| @@ -181,10 +263,40 @@ annotations with the prefix `checksum`. | ||||
| | `nameOverride`     | Individual release name suffix.           | `""`  | | ||||
| | `fullnameOverride` | Override the complete release name logic. | `""`  | | ||||
|  | ||||
| ### Certificate | ||||
|  | ||||
| | Name                                          | Description                                                                                                                                                 | Value                           | | ||||
| | --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- | | ||||
| | `certificate.enabled`                         | Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added. | `false`                         | | ||||
| | `certificate.existingSecret.enabled`          | Use an existing secret of the type `kubernetes.io/tls`.                                                                                                     | `false`                         | | ||||
| | `certificate.existingSecret.secretName`       | Name of the secret containing the TLS certificate and private key.                                                                                          | `""`                            | | ||||
| | `certificate.new.annotations`                 | Additional certificate annotations.                                                                                                                         | `{}`                            | | ||||
| | `certificate.new.labels`                      | Additional certificate labels.                                                                                                                              | `{}`                            | | ||||
| | `certificate.new.duration`                    | Duration of the TLS certificate.                                                                                                                            | `744h`                          | | ||||
| | `certificate.new.renewBefore`                 | Renew TLS certificate before expiring.                                                                                                                      | `672h`                          | | ||||
| | `certificate.new.dnsNames`                    | Overwrites the default of the subject alternative DNS names.                                                                                                | `[]`                            | | ||||
| | `certificate.new.ipAddresses`                 | Overwrites the default of the subject alternative IP addresses.                                                                                             | `[]`                            | | ||||
| | `certificate.new.issuerRef.kind`              | Issuer kind. Can be `Issuer` or `ClusterIssuer`.                                                                                                            | `""`                            | | ||||
| | `certificate.new.issuerRef.name`              | Name of the `Issuer` or `ClusterIssuer`.                                                                                                                    | `""`                            | | ||||
| | `certificate.new.privateKey.algorithm`        | Algorithm of the private TLS key.                                                                                                                           | `RSA`                           | | ||||
| | `certificate.new.privateKey.rotationPolicy`   | Rotation of the private TLS key.                                                                                                                            | `Never`                         | | ||||
| | `certificate.new.privateKey.size`             | Size of the private TLS key.                                                                                                                                | `4096`                          | | ||||
| | `certificate.new.secretTemplate.annotations`  | Additional annotation of the created secret.                                                                                                                | `{}`                            | | ||||
| | `certificate.new.secretTemplate.labels`       | Additional labels of the created secret.                                                                                                                    | `{}`                            | | ||||
| | `certificate.new.subject.countries`           | List of countries.                                                                                                                                          | `[]`                            | | ||||
| | `certificate.new.subject.localities`          | List of localities.                                                                                                                                         | `[]`                            | | ||||
| | `certificate.new.subject.organizationalUnits` | List of organizationalUnits.                                                                                                                                | `[]`                            | | ||||
| | `certificate.new.subject.organizations`       | List of organizations.                                                                                                                                      | `[]`                            | | ||||
| | `certificate.new.subject.postalCodes`         | List of postalCodes.                                                                                                                                        | `[]`                            | | ||||
| | `certificate.new.subject.provinces`           | List of provinces.                                                                                                                                          | `[]`                            | | ||||
| | `certificate.new.subject.serialNumber`        | Serial number.                                                                                                                                              | `""`                            | | ||||
| | `certificate.new.subject.streetAddresses`     | List of streetAddresses.                                                                                                                                    | `[]`                            | | ||||
| | `certificate.new.usages`                      | Define the usage of the TLS key.                                                                                                                            | `["client auth","server auth"]` | | ||||
|  | ||||
| ### Configuration | ||||
|  | ||||
| | Name                                                    | Description                                                                                                                                       | Value            | | ||||
| | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||||
| | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | | ||||
| | `config.env.enabled`                                    | Enable mounting of the secret as environment variables.                                                                                           | `false`          | | ||||
| | `config.env.existingSecret.enabled`                     | Mount an existing secret containing the application specific environment variables.                                                               | `false`          | | ||||
| | `config.env.existingSecret.secretName`                  | Name of the existing secret containing the application specific environment variables.                                                            | `""`             | | ||||
| @@ -197,55 +309,18 @@ annotations with the prefix `checksum`. | ||||
| | `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored.                                                  | `downloadMode`   | | ||||
| | `config.downloadMode.configMap.annotations`             | Additional annotations of the config map containing the download mode file.                                                                       | `{}`             | | ||||
| | `config.downloadMode.configMap.labels`                  | Additional labels of the config map containing the download mode file.                                                                            | `{}`             | | ||||
| | `config.downloadMode.configMap.content`                 | The content of the download mode file.                                                                                                            | `downloadURL = "https://proxy.golang.org" | ||||
|  | ||||
| mode = "async_redirect" | ||||
|  | ||||
| # download "github.com/gomods/*" { | ||||
| #     mode = "sync" | ||||
| # } | ||||
| # | ||||
| # download "golang.org/x/*" { | ||||
| #     mode = "none" | ||||
| # } | ||||
| # | ||||
| # download "github.com/pkg/*" { | ||||
| #     mode = "redirect" | ||||
| #     downloadURL = "https://proxy.golang.org" | ||||
| # } | ||||
| `                                                                                                                                                                                                                                                                                                                                                                           | | ||||
| | `config.gitConfig.enabled`                              | Enable mounting of a .gitconfig file into the container file system.                                                                              | `false`          | | ||||
| | `config.gitConfig.existingConfigMap.enabled`            | Enable to use an external config map for mounting the .gitconfig file.                                                                            | `false`          | | ||||
| | `config.gitConfig.existingConfigMap.configMapName`      | The name of the existing config map which should be used to mount the .gitconfig file.                                                            | `""`             | | ||||
| | `config.gitConfig.existingConfigMap.gitConfigKey`       | The name of the key inside the config map where the content of the .gitconfig file is stored.                                                     | `nil`            | | ||||
| | `config.gitConfig.configMap.annotations`                | Additional annotations of the config map containing the .gitconfig file.                                                                          | `{}`             | | ||||
| | `config.gitConfig.configMap.labels`                     | Additional labels of the config map containing the .gitconfig file.                                                                               | `{}`             | | ||||
| | `config.gitConfig.configMap.content`                    | The content of the .gitconfig file.                                                                                                               | `# The .gitconfig file | ||||
| # | ||||
| # The .gitconfig file contains the user specific git configuration. It generally resides in the user's home | ||||
| # directory. | ||||
| # | ||||
| # [url "git@github.com:"] insteadOf = https://github.com/ | ||||
| `                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | | ||||
| | `config.netrc.enabled`                                  | Enable mounting of a .netrc file into the container file system.                                                                                  | `false`          | | ||||
| | `config.netrc.existingSecret.enabled`                   | Enable to use an external secret for mounting the .netrc file.                                                                                    | `false`          | | ||||
| | `config.netrc.existingSecret.secretName`                | The name of the existing secret which should be used to mount the .netrc file.                                                                    | `""`             | | ||||
| | `config.netrc.existingSecret.netrcKey`                  | The name of the key inside the secret where the content of the .netrc file is stored.                                                             | `.netrc`         | | ||||
| | `config.netrc.secret.annotations`                       | Additional annotations of the secret containing the database credentials.                                                                         | `{}`             | | ||||
| | `config.netrc.secret.labels`                            | Additional labels of the secret containing the database credentials.                                                                              | `{}`             | | ||||
| | `config.netrc.secret.content`                           | The content of the .netrc file.                                                                                                                   | `# The .netrc file | ||||
| # | ||||
| # The .netrc file contains login and initialization information used by the auto-login process. It generally | ||||
| # resides in the user's home directory, but a location outside of the home directory can be set using the | ||||
| # environment variable NETRC. Both locations are overridden by the command line option -N. The selected file | ||||
| # must be a regular file, or access will be denied. | ||||
| # | ||||
| # https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html | ||||
| # | ||||
| # default login           [name]     password  [password/token] | ||||
| # machine github.com      [octocat]  password  [PAT] | ||||
| # machine api.github.com  [octocat]  password  [PAT] | ||||
| ` | | ||||
| | `config.ssh.enabled`                                    | Enable mounting of a .netrc file into the container file system.                                                                                  | `false`          | | ||||
| | `config.ssh.existingSecret.enabled`                     | Enable to use an external secret for mounting the public and private SSH key files.                                                               | `false`          | | ||||
| | `config.ssh.existingSecret.secretName`                  | The name of the existing secret which should be used to mount the public and private SSH key files.                                               | `""`             | | ||||
| @@ -256,10 +331,6 @@ mode = "async_redirect" | ||||
| | `config.ssh.existingSecret.id_rsaPubKey`                | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.                                                 | `id_rsa.pub`     | | ||||
| | `config.ssh.secret.annotations`                         | Additional annotations of the secret containing the public and private SSH key files.                                                             | `{}`             | | ||||
| | `config.ssh.secret.labels`                              | Additional labels of the secret containing the public and private SSH key files.                                                                  | `{}`             | | ||||
| | `config.ssh.secret.config`                              | The content of the SSH client config file.                                                                                                        | `# Host * | ||||
| #   IdentityFile ~/.ssh/id_ed25519 | ||||
| #   IdentityFile ~/.ssh/id_rsa | ||||
| `                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | | ||||
|  | ||||
| ### Deployment | ||||
|  | ||||
| @@ -298,7 +369,7 @@ mode = "async_redirect" | ||||
| | `deployment.terminationGracePeriodSeconds`         | How long to wait until forcefully kill the pod.                                                            | `60`            | | ||||
| | `deployment.tolerations`                           | Tolerations of the athens-proxy deployment.                                                                | `[]`            | | ||||
| | `deployment.topologySpreadConstraints`             | TopologySpreadConstraints of the athens-proxy deployment.                                                  | `[]`            | | ||||
| | `deployment.volumes`                               | Additional volumes to mount into the pods of the prometheus-exporter deployment.                           | `[]`            | | ||||
| | `deployment.volumes`                               | Additional volumes to mount into the pods of the athens-proxy deployment.                                  | `[]`            | | ||||
|  | ||||
| ### Horizontal Pod Autoscaler (HPA) | ||||
|  | ||||
| @@ -328,14 +399,20 @@ mode = "async_redirect" | ||||
| | -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | | ||||
| | `persistence.enabled`                                                      | Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. | `false`                      | | ||||
| | `persistence.data.mountPath`                                               | The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`.                                                                                 | `/var/www/athens-proxy/data` | | ||||
| | `persistence.data.existingPersistentVolumeClaim.enabled`                   | TODO                                                                                                                                                                                                                    | `false`                      | | ||||
| | `persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName` | TODO                                                                                                                                                                                                                    | `""`                         | | ||||
| | `persistence.data.existingPersistentVolumeClaim.enabled`                   | Use an existing persistent volume claim.                                                                                                                                                                                | `false`                      | | ||||
| | `persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName` | The name of the existing persistent volume claim.                                                                                                                                                                       | `""`                         | | ||||
| | `persistence.data.persistentVolumeClaim.annotations`                       | Additional persistent volume claim annotations.                                                                                                                                                                         | `{}`                         | | ||||
| | `persistence.data.persistentVolumeClaim.labels`                            | Additional persistent volume claim labels.                                                                                                                                                                              | `{}`                         | | ||||
| | `persistence.data.persistentVolumeClaim.accessModes`                       | Access modes of the persistent volume claim.                                                                                                                                                                            | `["ReadWriteMany"]`          | | ||||
| | `persistence.data.persistentVolumeClaim.storageClass`                      | Storage class of the persistent volume claim.                                                                                                                                                                           | `""`                         | | ||||
| | `persistence.data.persistentVolumeClaim.storageClassName`                  | Storage class of the persistent volume claim.                                                                                                                                                                           | `""`                         | | ||||
| | `persistence.data.persistentVolumeClaim.storageSize`                       | Size of the persistent volume claim.                                                                                                                                                                                    | `5Gi`                        | | ||||
|  | ||||
| ### Network | ||||
|  | ||||
| | Name            | Description                                                              | Value           | | ||||
| | --------------- | ------------------------------------------------------------------------ | --------------- | | ||||
| | `clusterDomain` | Domain of the Cluster. Domain is part of internally issued certificates. | `cluster.local` | | ||||
|  | ||||
| ### Network Policy | ||||
|  | ||||
| | Name                        | Description                                                               | Value   | | ||||
|   | ||||
| @@ -31,6 +31,16 @@ | ||||
|       "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts", | ||||
|       "datasourceTemplate": "git-tags", | ||||
|       "versioningTemplate": "semver" | ||||
|     }, | ||||
|     { | ||||
|       "customType": "regex", | ||||
|       "datasourceTemplate": "github-releases", | ||||
|       "fileMatch": [ | ||||
|         ".vscode/settings\\.json$" | ||||
|       ], | ||||
|       "matchStrings": [ | ||||
|         "https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json" | ||||
|       ] | ||||
|     } | ||||
|   ], | ||||
|   "packageRules": [ | ||||
| @@ -41,6 +51,20 @@ | ||||
|         "volkerraschek/helm" | ||||
|       ] | ||||
|     }, | ||||
|     { | ||||
|       "automerge": true, | ||||
|       "groupName": "Update helm plugin 'unittest'", | ||||
|       "matchDepNames": [ | ||||
|         "helm-unittest/helm-unittest" | ||||
|       ], | ||||
|       "matchDatasources": [ | ||||
|         "github-releases" | ||||
|       ], | ||||
|       "matchUpdateTypes": [ | ||||
|         "minor", | ||||
|         "patch" | ||||
|       ] | ||||
|     }, | ||||
|     { | ||||
|       "groupName": "Update docker.io/library/node", | ||||
|       "matchDepNames": [ | ||||
|   | ||||
							
								
								
									
										25
									
								
								templates/_certificate.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								templates/_certificate.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| {{/* vim: set filetype=mustache: */}} | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.certificates.server.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" . }} | ||||
| {{- if .Values.certificate.new.annotations }} | ||||
| {{ toYaml .Values.certificate.new.annotations }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "athens-proxy.certificates.server.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{- if .Values.certificate.new.labels }} | ||||
| {{ toYaml .Values.certificate.new.labels }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* names */}} | ||||
|  | ||||
| {{- define "athens-proxy.certificates.server.name" -}} | ||||
| {{ include "athens-proxy.fullname" . }}-tls | ||||
| {{- end -}} | ||||
| @@ -26,6 +26,13 @@ | ||||
| {{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if .Values.certificate.enabled }} | ||||
| {{- $env = concat $env (list | ||||
|       (dict "name" "ATHENS_TLSCERT_FILE" "value" "/etc/athens-proxy/tls/tls.crt") | ||||
|       (dict "name" "ATHENS_TLSKEY_FILE" "value" "/etc/athens-proxy/tls/tls.key") | ||||
|     ) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{ toYaml (dict "env" $env) }} | ||||
|  | ||||
| {{- end -}} | ||||
| @@ -80,6 +87,7 @@ | ||||
|  | ||||
| {{- define "athens-proxy.deployment.volumeMounts" -}} | ||||
| {{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }} | ||||
|  | ||||
| {{- if .Values.persistence.enabled }} | ||||
| {{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }} | ||||
| {{- end }} | ||||
| @@ -123,13 +131,19 @@ | ||||
|  | ||||
| {{- end }} | ||||
|  | ||||
|  | ||||
| {{/* volumeMounts (tls) */}} | ||||
| {{- if .Values.certificate.enabled }} | ||||
| {{- $volumeMounts = concat $volumeMounts (list (dict "name" "tls" "mountPath" "/etc/athens-proxy/tls" )) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{ toYaml (dict "volumeMounts" $volumeMounts) }} | ||||
| {{- end -}} | ||||
|  | ||||
| {{/* volumes */}} | ||||
|  | ||||
| {{- define "athens-proxy.deployment.volumes" -}} | ||||
| {{- $volumes := .Values.deployment.athensProxy.volumes | default (list) }} | ||||
| {{- $volumes := .Values.deployment.volumes | default (list) }} | ||||
|  | ||||
|  | ||||
| {{/* volumes (data) */}} | ||||
| @@ -251,5 +265,15 @@ | ||||
| {{- $volumes = concat $volumes (list $projectedSecretVolume) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* volumes (tls) */}} | ||||
| {{- if .Values.certificate.enabled }} | ||||
| {{- $secretName := include "athens-proxy.certificates.server.name" $ }} | ||||
| {{- if .Values.certificate.existingSecret.enabled }} | ||||
| {{- $secretName := .Values.certificate.existingSecret.secretName }} | ||||
| {{- end }} | ||||
| {{- $volumes = concat $volumes (list (dict "name" "tls" "secret" (dict "secretName" $secretName))) }} | ||||
| {{- end }} | ||||
|  | ||||
|  | ||||
| {{ toYaml (dict "volumes" $volumes) }} | ||||
| {{- end -}} | ||||
| @@ -2,23 +2,23 @@ | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.pod.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" . }} | ||||
| {{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) -}} | ||||
| {{- printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }} | ||||
| {{- end -}} | ||||
| {{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) -}} | ||||
| {{- printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }} | ||||
| {{- end -}} | ||||
| {{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) -}} | ||||
| {{- printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }} | ||||
| {{- end -}} | ||||
| {{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) -}} | ||||
| {{- printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }} | ||||
| {{- end -}} | ||||
| {{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) -}} | ||||
| {{- printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }} | ||||
| {{- end -}} | ||||
| {{- define "athens-proxy.pod.annotations" }} | ||||
| {{- include "athens-proxy.annotations" . }} | ||||
| {{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }} | ||||
| {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }} | ||||
| {{- end }} | ||||
| {{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }} | ||||
| {{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }} | ||||
| {{- end }} | ||||
| {{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }} | ||||
| {{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }} | ||||
| {{- end }} | ||||
| {{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }} | ||||
| {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }} | ||||
| {{- end }} | ||||
| {{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }} | ||||
| {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
|  | ||||
|   | ||||
							
								
								
									
										97
									
								
								templates/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										97
									
								
								templates/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,97 @@ | ||||
| {{- if and .Values.certificate.enabled (not .Values.certificate.existingSecret.enabled) -}} | ||||
| --- | ||||
| apiVersion: cert-manager.io/v1 | ||||
| kind: Certificate | ||||
| metadata: | ||||
|   {{- with (include "athens-proxy.certificates.server.annotations" . | fromYaml) }} | ||||
|   annotations: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- with (include "athens-proxy.certificates.server.labels" . | fromYaml) }} | ||||
|   labels: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ include "athens-proxy.certificates.server.name" . }} | ||||
|   namespace: {{ .Release.Namespace }} | ||||
| spec: | ||||
|   commonName: {{ include "athens-proxy.fullname" . }} | ||||
|   {{- if empty .Values.certificate.new.dnsNames }} | ||||
|   dnsNames: | ||||
|   - {{ include "athens-proxy.fullname" . }} | ||||
|   - {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }} | ||||
|   - {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc | ||||
|   - {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} | ||||
|   {{- else }} | ||||
|   dnsNames: | ||||
|   {{- range .Values.certificate.new.dnsNames }} | ||||
|   - {{ . }} | ||||
|   {{- end }} | ||||
|   {{- end }} | ||||
|   duration: {{ .Values.certificate.new.duration }} | ||||
|   {{- if not (empty .Values.certificate.new.ipAddresses) }} | ||||
|   ipAddresses: | ||||
|   {{- range .Values.certificate.new.ipAddresses }} | ||||
|   - {{ . }} | ||||
|   {{- end }} | ||||
|   {{- end }} | ||||
|   isCA: false | ||||
|   issuerRef: | ||||
|     kind: {{ required "No certificate issuer kind defined!" .Values.certificate.new.issuerRef.kind }} | ||||
|     name: {{ required "No certificate issuer name defined!" .Values.certificate.new.issuerRef.name }} | ||||
|   privateKey: | ||||
|     algorithm: {{ .Values.certificate.new.privateKey.algorithm }} | ||||
|     rotationPolicy: {{ .Values.certificate.new.privateKey.rotationPolicy }} | ||||
|     size: {{ .Values.certificate.new.privateKey.size }} | ||||
|   renewBefore: {{ .Values.certificate.new.renewBefore }} | ||||
|   secretName: {{ include "athens-proxy.certificates.server.name" . }} | ||||
|   {{- with .Values.certificate.new.secretTemplate }} | ||||
|   secretTemplate: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- if or .Values.certificate.new.subject.countries | ||||
|             .Values.certificate.new.subject.localities | ||||
|             .Values.certificate.new.subject.organizationalUnits | ||||
|             .Values.certificate.new.subject.organizations | ||||
|             .Values.certificate.new.subject.postalCodes | ||||
|             .Values.certificate.new.subject.provinces | ||||
|             .Values.certificate.new.subject.serialNumber | ||||
|             .Values.certificate.new.subject.streetAddresses | ||||
|   }} | ||||
|   subject: | ||||
|     {{- with .Values.certificate.new.subject.countries }} | ||||
|     countries: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|     {{- with .Values.certificate.new.subject.localities }} | ||||
|     localities: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|     {{- with .Values.certificate.new.subject.organizationalUnits }} | ||||
|     organizationalUnits: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|     {{- with .Values.certificate.new.subject.organizations }} | ||||
|     organizations: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|     {{- with .Values.certificate.new.subject.postalCodes }} | ||||
|     postalCodes: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|     {{- with .Values.certificate.new.subject.provinces }} | ||||
|     provinces: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|     {{- if .Values.certificate.new.subject.serialNumber }} | ||||
|     serialNumber: {{ .Values.certificate.new.subject.serialNumber }} | ||||
|     {{- end }} | ||||
|     {{- with .Values.certificate.new.subject.streetAddresses }} | ||||
|     streetAddresses: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|   {{- end }} | ||||
|   usages: | ||||
|   {{- range .Values.certificate.new.usages }} | ||||
|   - {{ . }} | ||||
|   {{- end }} | ||||
| {{- end }} | ||||
| @@ -1,4 +1,4 @@ | ||||
| {{- if not .Values.config.downloadMode.existingConfigMap.enabled }} | ||||
| {{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| {{- if not .Values.config.gitConfig.existingConfigMap.enabled }} | ||||
| {{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| @@ -11,7 +11,7 @@ metadata: | ||||
|   labels: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ include "athens-proxy.fullname" . }}-git-config | ||||
|   name: {{ include "athens-proxy.configMap.gitConfig.name" . }} | ||||
|   namespace: {{ .Release.Namespace }} | ||||
| data: | ||||
|   .gitconfig: | | ||||
|   | ||||
| @@ -50,16 +50,24 @@ spec: | ||||
|         image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }} | ||||
|         imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }} | ||||
|         livenessProbe: | ||||
|           tcpSocket: | ||||
|             port: http | ||||
|           exec: | ||||
|             {{- if not .Values.certificate.enabled }} | ||||
|             command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ] | ||||
|             {{- else }} | ||||
|             command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ] | ||||
|             {{- end }} | ||||
|           failureThreshold: 3 | ||||
|           initialDelaySeconds: 5 | ||||
|           periodSeconds: 60 | ||||
|           successThreshold: 1 | ||||
|           timeoutSeconds: 3 | ||||
|         readinessProbe: | ||||
|           tcpSocket: | ||||
|             port: http | ||||
|           exec: | ||||
|             {{- if not .Values.certificate.enabled }} | ||||
|             command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ] | ||||
|             {{- else }} | ||||
|             command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ] | ||||
|             {{- end }} | ||||
|           failureThreshold: 3 | ||||
|           initialDelaySeconds: 5 | ||||
|           periodSeconds: 15 | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| {{- if not .Values.config.ssh.existingSecret.enabled }} | ||||
| {{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
|   | ||||
							
								
								
									
										300
									
								
								unittests/certificates/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										300
									
								
								unittests/certificates/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,300 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Certificate athens-proxy template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/certificate.yaml | ||||
| tests: | ||||
| - it: Skip rendering by default. | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Skip rendering for existing certificate | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.existingSecret.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Throw error when issuerKind and IssuerName is not defined | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|       errorMessage: "No certificate issuer kind defined!" | ||||
|  | ||||
| - it: Throw error when issuerKind and IssuerName is not defined | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|   asserts: | ||||
|   - failedTemplate: {} | ||||
|  | ||||
| - it: Throw error when issuerKind not defined | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.name: "my-issuer" | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|       errorMessage: "No certificate issuer kind defined!" | ||||
|  | ||||
| - it: Throw error when issuerName not defined | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: "ClusterIssuer" | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|       errorMessage: "No certificate issuer name defined!" | ||||
|  | ||||
| - it: Rendering Certificate object when certificate.enabled=true (default) | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: cert-manager.io/v1 | ||||
|       kind: Certificate | ||||
|       name: athens-proxy-unittest-tls | ||||
|       namespace: testing | ||||
|   - equal: | ||||
|       path: spec.commonName | ||||
|       value: athens-proxy-unittest | ||||
|   - equal: | ||||
|       path: spec.duration | ||||
|       value: 744h | ||||
|   - equal: | ||||
|       path: spec.dnsNames | ||||
|       value: [ "athens-proxy-unittest", "athens-proxy-unittest.testing", "athens-proxy-unittest.testing.svc", "athens-proxy-unittest.testing.svc.cluster.local" ] | ||||
|   - notExists: | ||||
|       path: spec.ipAddresses | ||||
|   - equal: | ||||
|       path: spec.isCA | ||||
|       value: false | ||||
|   - equal: | ||||
|       path: spec.issuerRef.kind | ||||
|       value: ClusterIssuer | ||||
|   - equal: | ||||
|       path: spec.issuerRef.name | ||||
|       value: my-issuer | ||||
|   - equal: | ||||
|       path: spec.privateKey.algorithm | ||||
|       value: RSA | ||||
|   - equal: | ||||
|       path: spec.privateKey.size | ||||
|       value: 4096 | ||||
|   - equal: | ||||
|       path: spec.privateKey.rotationPolicy | ||||
|       value: Never | ||||
|   - equal: | ||||
|       path: spec.secretName | ||||
|       value: athens-proxy-unittest-tls | ||||
|   - exists: | ||||
|       path: spec.secretTemplate.annotations | ||||
|   - exists: | ||||
|       path: spec.secretTemplate.labels | ||||
|   - notExists: | ||||
|       path: spec.subject | ||||
|   - notExists: | ||||
|       path: spec.subject.countries | ||||
|   - notExists: | ||||
|       path: spec.subject.localities | ||||
|   - notExists: | ||||
|       path: spec.subject.organizationalUnits | ||||
|   - notExists: | ||||
|       path: spec.subject.organizations | ||||
|   - notExists: | ||||
|       path: spec.subject.postalCodes | ||||
|   - notExists: | ||||
|       path: spec.subject.provinces | ||||
|   - notExists: | ||||
|       path: spec.subject.serialNumber | ||||
|   - notExists: | ||||
|       path: spec.subject.streetAddresses | ||||
|   - equal: | ||||
|       path: spec.renewBefore | ||||
|       value: 672h | ||||
|   - equal: | ||||
|       path: spec.usages | ||||
|       value: [ "client auth", "server auth" ] | ||||
|  | ||||
| # metadata.annotations | ||||
| - it: Rendering Certificate object with additional annotations and labels | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.annotations: | ||||
|       foo: bar | ||||
|     certificate.new.labels: | ||||
|       bar: foo | ||||
|   asserts: | ||||
|   - isSubset: | ||||
|       path: metadata.annotations | ||||
|       content: | ||||
|         foo: bar | ||||
|   - isSubset: | ||||
|       path: metadata.labels | ||||
|       content: | ||||
|         bar: foo | ||||
|  | ||||
| # spec.duration | ||||
| - it: Rendering Certificate object with custom `.Values.certificate.new.duration`. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.duration: 3000h | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.duration | ||||
|       value: 3000h | ||||
|  | ||||
| # spec.dnsNames | ||||
| - it: Rendering Certificate object with custom `.Values.certificate.new.dnsNames`. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.dnsNames: [ "app", "app.example.local" ] | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.dnsNames | ||||
|       value: [ "app", "app.example.local" ] | ||||
|  | ||||
| # spec.dnsNames | ||||
| - it: Rendering Certificate object with custom `.Values.clusterDomain` as domain. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     clusterDomain: k8s.example.local | ||||
|   asserts: | ||||
|   - contains: | ||||
|       path: spec.dnsNames | ||||
|       content: | ||||
|         athens-proxy-unittest.testing.svc.k8s.example.local | ||||
|       count: 1 | ||||
|  | ||||
| # spec.ipAddresses | ||||
| - it: RRendering Certificate object with custom `.Values.certificate.new.ipAddresses`. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.ipAddresses: [ "10.11.12.13", "fe00:xxyy:xxyy" ] | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.ipAddresses | ||||
|       value: [ "10.11.12.13", "fe00:xxyy:xxyy" ] | ||||
|  | ||||
| # spec.privateKey | ||||
| - it: Rendering Certificate object with custom `.Values.certificate.new.privateKey` values. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.privateKey.algorithm: ED25519 | ||||
|     certificate.new.privateKey.rotationPolicy: Never | ||||
|     certificate.new.privateKey.size: 512 | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.privateKey.algorithm | ||||
|       value: ED25519 | ||||
|   - equal: | ||||
|       path: spec.privateKey.rotationPolicy | ||||
|       value: Never | ||||
|   - equal: | ||||
|       path: spec.privateKey.size | ||||
|       value: 512 | ||||
|  | ||||
| # spec.renewBefore | ||||
| - it: Rendering Certificate object with custom `.Values.certificate.new.renewBefore`. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.renewBefore: 2000h | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.renewBefore | ||||
|       value: 2000h | ||||
|  | ||||
| # spec.secretTemplate | ||||
| - it: Rendering Certificate object with custom `.Values.certificate.new.secretTemplate` values. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.secretTemplate: | ||||
|       annotations: | ||||
|         foo: bar | ||||
|       labels: | ||||
|         bar: foo | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.secretTemplate.annotations | ||||
|       value: | ||||
|         foo: bar | ||||
|   - equal: | ||||
|       path: spec.secretTemplate.labels | ||||
|       value: | ||||
|         bar: foo | ||||
|  | ||||
| # spec.secretTemplate | ||||
| - it: Rendering Certificate object with custom `.Values.certificate.new.subject` values. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.subject.countries: [ "Country" ] | ||||
|     certificate.new.subject.localities: [ "City" ] | ||||
|     certificate.new.subject.organizationalUnits: [ "IT department" ] | ||||
|     certificate.new.subject.organizations: [ "My organization" ] | ||||
|     certificate.new.subject.postalCodes: [ "AB12345", "12345AB" ] | ||||
|     certificate.new.subject.provinces: [ "Provinces" ] | ||||
|     certificate.new.subject.serialNumber: "MyNumber" | ||||
|     certificate.new.subject.streetAddresses: [ "ExampleStreet 1", "StreetExample 2" ] | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.subject.countries | ||||
|       value: [ "Country" ] | ||||
|   - equal: | ||||
|       path: spec.subject.localities | ||||
|       value: [ "City" ] | ||||
|   - equal: | ||||
|       path: spec.subject.organizationalUnits | ||||
|       value: [ "IT department" ] | ||||
|   - equal: | ||||
|       path: spec.subject.organizations | ||||
|       value: [ "My organization" ] | ||||
|   - equal: | ||||
|       path: spec.subject.postalCodes | ||||
|       value: [ "AB12345", "12345AB" ] | ||||
|   - equal: | ||||
|       path: spec.subject.provinces | ||||
|       value: [ "Provinces" ] | ||||
|   - equal: | ||||
|       path: spec.subject.serialNumber | ||||
|       value: "MyNumber" | ||||
|   - equal: | ||||
|       path: spec.subject.streetAddresses | ||||
|       value: [ "ExampleStreet 1", "StreetExample 2" ] | ||||
|  | ||||
| # spec.usages | ||||
| - it: Rendering Certificate object with custom `.Values.certificate.new.usages`. | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: my-issuer | ||||
|     certificate.new.usages: [ "client auth" ] | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.usages | ||||
|       value: [ "client auth" ] | ||||
| @@ -8,14 +8,22 @@ release: | ||||
| templates: | ||||
| - templates/configMapDownloadMode.yaml | ||||
| tests: | ||||
| - it: Skip rending by default. | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Skip rending by using existing config map. | ||||
|   set: | ||||
|     config.downloadMode.enabled: true | ||||
|     config.downloadMode.existingConfigMap.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Rendering by default. | ||||
| - it: Rendering with default values | ||||
|   set: | ||||
|     config.downloadMode.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
| @@ -56,6 +64,7 @@ tests: | ||||
|  | ||||
| - it: Rendering custom annotations and labels. | ||||
|   set: | ||||
|     config.downloadMode.enabled: true | ||||
|     config.downloadMode.configMap.annotations: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
| @@ -76,6 +85,7 @@ tests: | ||||
|  | ||||
| - it: Rendering custom configuration | ||||
|   set: | ||||
|     config.downloadMode.enabled: true | ||||
|     config.downloadMode.configMap.content: | | ||||
|       downloadURL = "https://proxy.golang.org" | ||||
|       mode = "async_redirect" | ||||
|   | ||||
| @@ -8,21 +8,29 @@ release: | ||||
| templates: | ||||
| - templates/configMapGitConfig.yaml | ||||
| tests: | ||||
| - it: Skip rending by default. | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Skip rending by using existing config map. | ||||
|   set: | ||||
|     config.gitConfig.enabled: true | ||||
|     config.gitConfig.existingConfigMap.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Rendering by default. | ||||
|   set: | ||||
|     config.gitConfig.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: v1 | ||||
|       kind: ConfigMap | ||||
|       name: athens-proxy-unittest-git-config | ||||
|       name: athens-proxy-unittest-gitconfig | ||||
|       namespace: testing | ||||
|   - notExists: | ||||
|       path: metadata.annotations | ||||
| @@ -46,6 +54,7 @@ tests: | ||||
|  | ||||
| - it: Rendering custom annotations and labels. | ||||
|   set: | ||||
|     config.gitConfig.enabled: true | ||||
|     config.gitConfig.configMap.annotations: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
| @@ -66,6 +75,7 @@ tests: | ||||
|  | ||||
| - it: Rendering custom configuration | ||||
|   set: | ||||
|     config.gitConfig.enabled: true | ||||
|     config.gitConfig.configMap.content: | | ||||
|       [url "git@github.com:"] | ||||
|       insteadOf = https://github.com/ | ||||
|   | ||||
							
								
								
									
										73
									
								
								unittests/deployment/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										73
									
								
								unittests/deployment/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,73 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Deployment template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/configMapDownloadMode.yaml | ||||
| - templates/configMapGitConfig.yaml | ||||
| - templates/deployment.yaml | ||||
| - templates/secretNetRC.yaml | ||||
| - templates/secretSSH.yaml | ||||
| tests: | ||||
| - it: Rendering default without tls config | ||||
|   asserts: | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_TLSCERT_FILE | ||||
|           value: /etc/athens-proxy/tls/tls.crt | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_TLSKEY_FILE | ||||
|           value: /etc/athens-proxy/tls/tls.key | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: tls | ||||
|           mountPath: /etc/athens-proxy/tls | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: tls | ||||
|           secretRef: | ||||
|             name: athens-proxy-unittest-tls | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering with tls config | ||||
|   set: | ||||
|     certificate.enabled: true | ||||
|     certificate.new.issuerRef.kind: ClusterIssuer | ||||
|     certificate.new.issuerRef.name: MyIssuer | ||||
|   asserts: | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_TLSCERT_FILE | ||||
|           value: /etc/athens-proxy/tls/tls.crt | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_TLSKEY_FILE | ||||
|           value: /etc/athens-proxy/tls/tls.key | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: tls | ||||
|           mountPath: /etc/athens-proxy/tls | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: tls | ||||
|           secret: | ||||
|             secretName: athens-proxy-unittest-tls | ||||
|       template: templates/deployment.yaml | ||||
| @@ -463,3 +463,10 @@ tests: | ||||
|       - name: data | ||||
|         mountPath: /usr/lib/athens-proxy/data | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.spec.volumes | ||||
|       value: | ||||
|       - name: data | ||||
|         hostPath: | ||||
|           path: /usr/lib/athens-proxy/data | ||||
|     template: templates/deployment.yaml | ||||
|   | ||||
| @@ -8,14 +8,22 @@ release: | ||||
| templates: | ||||
| - templates/secretSSH.yaml | ||||
| tests: | ||||
| - it: Skip rending by default. | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Skip rendering by using existing secret. | ||||
|   set: | ||||
|     config.ssh.enabled: true | ||||
|     config.ssh.existingSecret.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Rendering ssh secret with default values. | ||||
|   set: | ||||
|     config.ssh.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
| @@ -51,6 +59,7 @@ tests: | ||||
|  | ||||
| - it: Rendering ssh secret with custom values. | ||||
|   set: | ||||
|     config.ssh.enabled: true | ||||
|     config.ssh.secret.config: | | ||||
|       Host * | ||||
|         IdentityFile ~/.ssh/id_ed25519 | ||||
| @@ -90,6 +99,7 @@ tests: | ||||
|  | ||||
| - it: Rendering custom annotations and labels. | ||||
|   set: | ||||
|     config.ssh.enabled: true | ||||
|     config.ssh.secret.annotations: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
|   | ||||
							
								
								
									
										106
									
								
								values.yaml
									
									
									
									
									
								
							
							
						
						
									
										106
									
								
								values.yaml
									
									
									
									
									
								
							| @@ -5,6 +5,77 @@ | ||||
| nameOverride: "" | ||||
| fullnameOverride: "" | ||||
|  | ||||
| ## @section Certificate | ||||
| certificate: | ||||
|   ## @param certificate.enabled Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added. | ||||
|   enabled: false | ||||
|  | ||||
|   ## @param certificate.existingSecret.enabled Use an existing secret of the type `kubernetes.io/tls`. | ||||
|   ## @param certificate.existingSecret.secretName Name of the secret containing the TLS certificate and private key. | ||||
|   existingSecret: | ||||
|     enabled: false | ||||
|     secretName: "" | ||||
|  | ||||
|   ## @param certificate.new.annotations Additional certificate annotations. | ||||
|   ## @param certificate.new.labels Additional certificate labels. | ||||
|   ## @param certificate.new.duration Duration of the TLS certificate. | ||||
|   ## @param certificate.new.renewBefore Renew TLS certificate before expiring. | ||||
|   ## @param certificate.new.dnsNames Overwrites the default of the subject alternative DNS names. | ||||
|   ## @param certificate.new.ipAddresses Overwrites the default of the subject alternative IP addresses. | ||||
|   ## @param certificate.new.issuerRef.kind Issuer kind. Can be `Issuer` or `ClusterIssuer`. | ||||
|   ## @param certificate.new.issuerRef.name Name of the `Issuer` or `ClusterIssuer`. | ||||
|   ## @param certificate.new.privateKey.algorithm Algorithm of the private TLS key. | ||||
|   ## @param certificate.new.privateKey.rotationPolicy Rotation of the private TLS key. | ||||
|   ## @param certificate.new.privateKey.size Size of the private TLS key. | ||||
|   ## @param certificate.new.secretTemplate.annotations Additional annotation of the created secret. | ||||
|   ## @param certificate.new.secretTemplate.labels Additional labels of the created secret. | ||||
|   ## @param certificate.new.subject.countries List of countries. | ||||
|   ## @param certificate.new.subject.localities List of localities. | ||||
|   ## @param certificate.new.subject.organizationalUnits List of organizationalUnits. | ||||
|   ## @param certificate.new.subject.organizations List of organizations. | ||||
|   ## @param certificate.new.subject.postalCodes List of postalCodes. | ||||
|   ## @param certificate.new.subject.provinces List of provinces. | ||||
|   ## @param certificate.new.subject.serialNumber Serial number. | ||||
|   ## @param certificate.new.subject.streetAddresses List of streetAddresses. | ||||
|   ## @param certificate.new.usages Define the usage of the TLS key. | ||||
|   new: | ||||
|     annotations: {} | ||||
|     labels: {} | ||||
|     duration: "744h"      # 31 days | ||||
|     renewBefore: "672h"   # 28 days | ||||
|     dnsNames: [] | ||||
|     # The following DNS names are already part of the SAN's and serves only as example. | ||||
|     # - "athens-proxy" | ||||
|     # - "athens-proxy.svc" | ||||
|     # - "athens-proxy.svc.namespace" | ||||
|     # - "athens-proxy.svc.namespace.cluster.local" | ||||
|     ipAddresses: [] | ||||
|     # The following IP addresses serves only as example. | ||||
|     # - "10.92.1.10" | ||||
|     # - "2001:0db8:85a3:08d3:1319:8a2e:0370:7344" | ||||
|     issuerRef: | ||||
|       kind: "" | ||||
|       name: "" | ||||
|     privateKey: | ||||
|       algorithm: "RSA" | ||||
|       rotationPolicy: "Never" | ||||
|       size: 4096 | ||||
|     secretTemplate: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
|     subject: | ||||
|       countries: [] | ||||
|       localities: [] | ||||
|       organizationalUnits: [] | ||||
|       organizations: [] | ||||
|       postalCodes: [] | ||||
|       provinces: [] | ||||
|       serialNumber: "" | ||||
|       streetAddresses: [] | ||||
|     usages: | ||||
|     - "client auth" | ||||
|     - "server auth" | ||||
|  | ||||
| ## @section Configuration | ||||
| config: | ||||
|   env: | ||||
| @@ -78,8 +149,6 @@ config: | ||||
|         # ATHENS_STORAGE_GCP_JSON_KEY: | ||||
|         # ATHENS_SUM_DBS: | ||||
|         # ATHENS_TIMEOUT: | ||||
|         # ATHENS_TLSCERT_FILE: | ||||
|         # ATHENS_TLSKEY_FILE: | ||||
|         # ATHENS_TRACE_EXPORTER_URL: | ||||
|         # ATHENS_TRACE_EXPORTER: | ||||
|         # AWS_ACCESS_KEY_ID: | ||||
| @@ -111,7 +180,7 @@ config: | ||||
|  | ||||
|     ## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file. | ||||
|     ## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file. | ||||
|     ## @param config.downloadMode.configMap.content The content of the download mode file. | ||||
|     ## @skip config.downloadMode.configMap.content The content of the download mode file. | ||||
|     configMap: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
| @@ -147,7 +216,7 @@ config: | ||||
|  | ||||
|     ## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the .gitconfig file. | ||||
|     ## @param config.gitConfig.configMap.labels Additional labels of the config map containing the .gitconfig file. | ||||
|     ## @param config.gitConfig.configMap.content The content of the .gitconfig file. | ||||
|     ## @skip config.gitConfig.configMap.content The content of the .gitconfig file. | ||||
|     configMap: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
| @@ -173,7 +242,7 @@ config: | ||||
|  | ||||
|     ## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials. | ||||
|     ## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials. | ||||
|     ## @param config.netrc.secret.content The content of the .netrc file. | ||||
|     ## @skip config.netrc.secret.content The content of the .netrc file. | ||||
|     secret: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
| @@ -213,7 +282,7 @@ config: | ||||
|  | ||||
|     ## @param config.ssh.secret.annotations Additional annotations of the secret containing the public and private SSH key files. | ||||
|     ## @param config.ssh.secret.labels Additional labels of the secret containing the public and private SSH key files. | ||||
|     ## @param config.ssh.secret.config The content of the SSH client config file. | ||||
|     ## @skip config.ssh.secret.config The content of the SSH client config file. | ||||
|     ## @skip config.ssh.secret.id_ed25519 The content of the private SSH ed25519 key. | ||||
|     ## @skip config.ssh.secret.id_ed25519_pub The content of the public SSH ed25519 key. | ||||
|     ## @skip config.ssh.secret.id_rsa The content of the private SSH RSA key. | ||||
| @@ -404,9 +473,9 @@ deployment: | ||||
|   #   whenUnsatisfiable: DoNotSchedule | ||||
|   #   labelSelector: | ||||
|   #     matchLabels: | ||||
|   #       app.kubernetes.io/instance: prometheus-athens-proxy | ||||
|   #       app.kubernetes.io/instance: athens-proxy | ||||
|  | ||||
|   ## @param deployment.volumes Additional volumes to mount into the pods of the prometheus-exporter deployment. | ||||
|   ## @param deployment.volumes Additional volumes to mount into the pods of the athens-proxy deployment. | ||||
|   volumes: [] | ||||
|   # - name: my-configmap-volume | ||||
|   #   config: | ||||
| @@ -481,8 +550,8 @@ persistence: | ||||
|     ## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`. | ||||
|     mountPath: "/var/www/athens-proxy/data" | ||||
|  | ||||
|     ## @param persistence.data.existingPersistentVolumeClaim.enabled TODO | ||||
|     ## @param persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName TODO | ||||
|     ## @param persistence.data.existingPersistentVolumeClaim.enabled Use an existing persistent volume claim. | ||||
|     ## @param persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName The name of the existing persistent volume claim. | ||||
|     existingPersistentVolumeClaim: | ||||
|       enabled: false | ||||
|       persistentVolumeClaimName: "" | ||||
| @@ -490,16 +559,20 @@ persistence: | ||||
|     ## @param persistence.data.persistentVolumeClaim.annotations Additional persistent volume claim annotations. | ||||
|     ## @param persistence.data.persistentVolumeClaim.labels Additional persistent volume claim labels. | ||||
|     ## @param persistence.data.persistentVolumeClaim.accessModes Access modes of the persistent volume claim. | ||||
|     ## @param persistence.data.persistentVolumeClaim.storageClass Storage class of the persistent volume claim. | ||||
|     ## @param persistence.data.persistentVolumeClaim.storageClassName Storage class of the persistent volume claim. | ||||
|     ## @param persistence.data.persistentVolumeClaim.storageSize Size of the persistent volume claim. | ||||
|     persistentVolumeClaim: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
|       accessModes: | ||||
|       - ReadWriteMany | ||||
|       storageClass: "" | ||||
|       storageClassName: "" | ||||
|       storageSize: "5Gi" | ||||
|  | ||||
| ## @section Network | ||||
| ## @param clusterDomain Domain of the Cluster. Domain is part of internally issued certificates. | ||||
| clusterDomain: "cluster.local" | ||||
|  | ||||
| ## @section Network Policy | ||||
| networkPolicy: | ||||
|   ## @param networkPolicy.enabled Enable network policies in general. | ||||
| @@ -517,13 +590,10 @@ networkPolicy: | ||||
|   # - Egress | ||||
|   # - Ingress | ||||
|   egress: [] | ||||
|   # Allow outgoing traffic to database host | ||||
|   # Allow outgoing HTTPS traffic to external go module servers | ||||
|   # | ||||
|   # - to: | ||||
|   #   - ipBlock: | ||||
|   #       cidr: 192.168.179.1/32 | ||||
|   #   ports: | ||||
|   #   - port: 5432 | ||||
|   # - ports: | ||||
|   #   - port: 443 | ||||
|   #     protocol: TCP | ||||
|  | ||||
|   # Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns. | ||||
|   | ||||
		Reference in New Issue
	
	Block a user