volker.raschek/athens-proxy-charts
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: volker.raschek:1.0.0
Branches Tags
volker.raschek:master volker.raschek:renovate/major-update-docker.iovolkerraschekhelm
volker.raschek:1.3.0 volker.raschek:1.2.1 volker.raschek:1.2.0 volker.raschek:1.1.1 volker.raschek:1.1.0 volker.raschek:1.0.3 volker.raschek:1.0.2 volker.raschek:1.0.1 volker.raschek:1.0.0 volker.raschek:0.2.1 volker.raschek:0.2.0 volker.raschek:0.1.5 volker.raschek:0.1.4 volker.raschek:0.1.3 volker.raschek:0.1.2 volker.raschek:0.1.1 volker.raschek:0.1.0
...
compare: volker.raschek:renovate/major-update-docker.iovolkerraschekhelm
Branches Tags
volker.raschek:renovate/major-update-docker.iovolkerraschekhelm volker.raschek:master
volker.raschek:1.3.0 volker.raschek:1.2.1 volker.raschek:1.2.0 volker.raschek:1.1.1 volker.raschek:1.1.0 volker.raschek:1.0.3 volker.raschek:1.0.2 volker.raschek:1.0.1 volker.raschek:1.0.0 volker.raschek:0.2.1 volker.raschek:0.2.0 volker.raschek:0.1.5 volker.raschek:0.1.4 volker.raschek:0.1.3 volker.raschek:0.1.2 volker.raschek:0.1.1 volker.raschek:0.1.0

62 Commits
1.0.0 ... renovate/m

Author SHA1 Message Date
CSRBot
138660ddb0 chore(deps): update docker.io/volkerraschek/helm docker tag to v4
All checks were successful
Helm / helm-lint (push) Successful in 10s
Details
Helm / helm-unittest (push) Successful in 19s
Details
Helm / helm-lint (pull_request) Successful in 8s
Details
Helm / helm-unittest (pull_request) Successful in 18s
Details
2025-12-02 23:01:37 +00:00
CSRBot
ab08c265f9 Merge pull request 'chore(deps): update actions/checkout action to v6' (#118) from renovate/actions-checkout-6.x into master
All checks were successful
Helm / helm-lint (push) Successful in 4s
Details
Helm / helm-unittest (push) Successful in 7s
Details
2025-12-02 21:09:42 +00:00
CSRBot
124c82b863 chore(deps): update actions/checkout action to v6
All checks were successful
Helm / helm-lint (pull_request) Successful in 4s
Details
Helm / helm-unittest (pull_request) Successful in 8s
Details
Helm / helm-lint (push) Successful in 4s
Details
Helm / helm-unittest (push) Successful in 7s
Details
2025-12-02 21:02:00 +00:00
CSRBot
7974e00494 Merge pull request 'chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.3.0' (#117) from renovate/volker.raschek-athens-proxy-charts-1.x into master
All checks were successful
Generate README / generate-parameters (push) Successful in 9s
Details
Helm / helm-lint (push) Successful in 4s
Details
Helm / helm-unittest (push) Successful in 8s
Details
Markdown linter / markdown-link-checker (push) Successful in 10s
Details
Markdown linter / markdown-lint (push) Successful in 28s
Details
2025-11-30 17:01:59 +00:00
CSRBot
ee36fe174e chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.3.0
All checks were successful
Helm / helm-lint (push) Successful in 4s
Details
Helm / helm-unittest (push) Successful in 8s
Details
Markdown linter / markdown-link-checker (push) Successful in 12s
Details
Generate README / generate-parameters (push) Successful in 29s
Details
Markdown linter / markdown-lint (push) Successful in 9s
Details
Helm / helm-lint (pull_request) Successful in 4s
Details
Helm / helm-unittest (pull_request) Successful in 8s
Details
Generate README / generate-parameters (pull_request) Successful in 31s
Details
Markdown linter / markdown-link-checker (pull_request) Successful in 11s
Details
Markdown linter / markdown-lint (pull_request) Successful in 28s
Details
2025-11-30 17:01:00 +00:00
Markus Pesch
9f7b549b9b feat(pod): add switch to enable checksum annotation
All checks were successful
Generate README / generate-parameters (push) Successful in 9s
Details
Helm / helm-lint (push) Successful in 10s
Details
Helm / helm-unittest (push) Successful in 8s
Details
Markdown linter / markdown-lint (push) Successful in 10s
Details
Markdown linter / markdown-link-checker (push) Successful in 30s
Details
Release / publish-chart (push) Successful in 21s
Details 
Depending on the environment or tooling in which the chart is deployed, you may
or may not want to have the checksum annotation.

In the past, these were enforced. The default remains that the checksum
annotation is added. It now only contains a switch that allows you to optionally
disable it.
 2025-11-30 15:06:55 +01:00
CSRBot
c5dcab2be1 Merge pull request 'chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.2.1' (#115) from renovate/volker.raschek-athens-proxy-charts-1.x into master
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Details
Helm / helm-lint (push) Successful in 11s
Details
Helm / helm-unittest (push) Successful in 8s
Details
Markdown linter / markdown-lint (push) Successful in 9s
Details
Markdown linter / markdown-link-checker (push) Successful in 30s
Details
2025-11-30 14:02:05 +00:00
CSRBot
b65dbd77c6 chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.2.1
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Details
Helm / helm-lint (push) Successful in 9s
Details
Helm / helm-unittest (push) Successful in 8s
Details
Markdown linter / markdown-lint (push) Successful in 10s
Details
Generate README / generate-parameters (pull_request) Successful in 9s
Details
Markdown linter / markdown-link-checker (push) Successful in 31s
Details
Helm / helm-lint (pull_request) Successful in 5s
Details
Markdown linter / markdown-link-checker (pull_request) Successful in 10s
Details
Helm / helm-unittest (pull_request) Successful in 18s
Details
Markdown linter / markdown-lint (pull_request) Successful in 9s
Details
2025-11-30 14:00:57 +00:00
Markus Pesch
f54f1aca01 feat(pod): support roll deployment for external TLS certificates
All checks were successful
Helm / helm-lint (push) Successful in 4s
Details
Helm / helm-unittest (push) Successful in 18s
Details
Release / publish-chart (push) Successful in 19s
Details
2025-11-30 13:58:34 +01:00
Markus Pesch
502c78296e fix(pod): pipe secret correctly to func sha256sum 
The privious implemented feature pipe the secret not correctly to the sha256sum
function. This leads everytime to the same sha256 sum.

This patch fixes this bug.
 2025-11-30 13:49:15 +01:00
Markus Pesch
28c1e37e13 chore(deps): rollback docker docker.io/volkerraschek/helm to 3.19.2
All checks were successful
Helm / helm-unittest (push) Successful in 9s
Details
Helm / helm-lint (push) Successful in 10s
Details
Release / publish-chart (push) Successful in 8s
Details
2025-11-30 13:35:56 +01:00
Markus Pesch
757469762b feat(pod): roll deployment for TLS certificates
Some checks failed
Helm / helm-lint (push) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 9s
Details
Release / publish-chart (push) Failing after 6s
Details 
The patch add the annotation `checksum/secret-<name of the TLS secret>` with the
sha512 value of the secret. This ensures a rolling update if the TLS secrets has
been updated. Such an update can be triggered by the cert-manager.
 2025-11-30 13:33:50 +01:00
Markus Pesch
f1a47dc0a5 Merge pull request 'chore(deps): update docker.io/volkerraschek/helm docker tag to v4' (#108) from renovate/major-update-docker.iovolkerraschekhelm into master
All checks were successful
Helm / helm-unittest (push) Successful in 7s
Details
Helm / helm-lint (push) Successful in 9s
Details 
Reviewed-on: #108
 2025-11-30 11:26:09 +00:00
Markus Pesch
d86bf91491 Merge branch 'master' into renovate/major-update-docker.iovolkerraschekhelm
All checks were successful
Helm / helm-lint (push) Successful in 4s
Details
Helm / helm-unittest (push) Successful in 7s
Details
Helm / helm-lint (pull_request) Successful in 10s
Details
Helm / helm-unittest (pull_request) Successful in 6s
Details
2025-11-30 11:25:42 +00:00
Markus Pesch
de615c2ff5 Merge pull request 'chore(deps): update dependency helm/helm to v4.0.1' (#114) from renovate/helm-helm-4.x into master
All checks were successful
Helm / helm-lint (push) Successful in 4s
Details
Helm / helm-unittest (push) Successful in 18s
Details 
Reviewed-on: #114
 2025-11-30 11:25:34 +00:00
CSRBot
34839d0e4d Merge pull request 'chore(deps): update azure/setup-helm action to v4.3.1' (#113) from renovate/actions into master
All checks were successful
Helm / helm-lint (push) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 8s
Details
2025-11-30 11:01:34 +00:00
CSRBot
80d3b9972b chore(deps): update docker.io/volkerraschek/helm docker tag to v4
All checks were successful
Helm / helm-lint (push) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 7s
Details
Generate README / generate-parameters (push) Successful in 29s
Details
Markdown linter / markdown-link-checker (push) Successful in 11s
Details
Generate README / generate-parameters (pull_request) Successful in 9s
Details
Helm / helm-lint (pull_request) Successful in 4s
Details
Helm / helm-unittest (pull_request) Successful in 7s
Details
Markdown linter / markdown-lint (push) Successful in 29s
Details
Markdown linter / markdown-link-checker (pull_request) Successful in 11s
Details
Markdown linter / markdown-lint (pull_request) Successful in 29s
Details
2025-11-30 11:01:13 +00:00
CSRBot
080965d513 chore(deps): update dependency helm/helm to v4.0.1
All checks were successful
Helm / helm-unittest (push) Successful in 8s
Details
Helm / helm-lint (pull_request) Successful in 4s
Details
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (pull_request) Successful in 8s
Details
2025-11-30 11:01:07 +00:00
CSRBot
07700a2952 chore(deps): update azure/setup-helm action to v4.3.1
All checks were successful
Helm / helm-unittest (push) Successful in 12s
Details
Helm / helm-lint (pull_request) Successful in 5s
Details
Helm / helm-lint (push) Successful in 26s
Details
Helm / helm-unittest (pull_request) Successful in 7s
Details
2025-11-30 11:00:59 +00:00
Markus Pesch
0113b21af9 docs(README): adapt stakaters reloader example
All checks were successful
Helm / helm-lint (push) Successful in 4s
Details
Helm / helm-unittest (push) Successful in 9s
Details
Markdown linter / markdown-link-checker (push) Successful in 16s
Details
Generate README / generate-parameters (push) Successful in 40s
Details
Markdown linter / markdown-lint (push) Successful in 9s
Details
2025-11-30 11:54:50 +01:00
Markus Pesch
74b45790bf fix(ci): replace volkerraschek/helm with native GitHub Actions
All checks were successful
Helm / helm-unittest (push) Successful in 7s
Details
Helm / helm-lint (push) Successful in 10s
Details
2025-11-30 11:24:14 +01:00
CSRBot
69ac64d858 Merge pull request 'chore(deps): update dependency markdown-link-check to v3.14.2' (#112) from renovate/markdown-link-check-3.x-lockfile into master
All checks were successful
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (push) Successful in 16s
Details
2025-11-19 17:01:50 +00:00
CSRBot
38b5dbf355 chore(deps): update dependency markdown-link-check to v3.14.2
All checks were successful
Helm / helm-lint (push) Successful in 8s
Details
Helm / helm-lint (pull_request) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 16s
Details
Helm / helm-unittest (pull_request) Successful in 6s
Details
2025-11-19 17:01:20 +00:00
CSRBot
a164371601 Merge pull request 'chore(deps): update dependency markdownlint-cli to ^0.46.0' (#111) from renovate/markdownlint-cli-0.x into master
All checks were successful
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (push) Successful in 17s
Details
2025-11-19 05:02:07 +00:00
CSRBot
f5a6fe056e chore(deps): update dependency markdownlint-cli to ^0.46.0
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 6s
Details
Helm / helm-lint (pull_request) Successful in 6s
Details
Helm / helm-unittest (pull_request) Successful in 18s
Details
2025-11-19 05:01:18 +00:00
CSRBot
3e8d15cf51 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v25.2.1' (#110) from renovate/update-docker.iolibrarynode into master
All checks were successful
Helm / helm-lint (push) Successful in 15s
Details
Helm / helm-unittest (push) Successful in 16s
Details
2025-11-17 17:21:49 +00:00
CSRBot
df1043b80d Merge pull request 'chore(deps): update actions/checkout action to v5.0.1' (#109) from renovate/actions into master
Some checks failed
Helm / helm-lint (push) Has been cancelled
Details
Helm / helm-unittest (push) Has been cancelled
Details
2025-11-17 17:21:30 +00:00
CSRBot
20910d2d0f chore(deps): update docker.io/library/node docker tag to v25.2.1
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 7s
Details
Helm / helm-lint (pull_request) Successful in 7s
Details
Helm / helm-unittest (pull_request) Successful in 17s
Details
2025-11-17 17:02:46 +00:00
CSRBot
ec201021b2 chore(deps): update actions/checkout action to v5.0.1
All checks were successful
Helm / helm-unittest (push) Successful in 7s
Details
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-lint (pull_request) Successful in 5s
Details
Helm / helm-unittest (pull_request) Successful in 17s
Details
2025-11-17 17:02:40 +00:00
CSRBot
3f82552882 Merge pull request 'chore(deps): update docker.io/volkerraschek/helm docker tag to v3.19.2' (#107) from renovate/update-docker.iovolkerraschekhelm into master
All checks were successful
Helm / helm-unittest (push) Successful in 6s
Details
Helm / helm-lint (push) Successful in 14s
Details
2025-11-12 21:09:27 +00:00
CSRBot
c4196dc2f2 chore(deps): update docker.io/volkerraschek/helm docker tag to v3.19.2
All checks were successful
Helm / helm-unittest (push) Successful in 12s
Details
Helm / helm-lint (pull_request) Successful in 5s
Details
Helm / helm-unittest (pull_request) Successful in 6s
Details
Helm / helm-lint (push) Successful in 28s
Details
2025-11-12 21:08:55 +00:00
CSRBot
d364d1a2b6 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v25.2.0' (#106) from renovate/update-docker.iolibrarynode into master
All checks were successful
Helm / helm-lint (push) Successful in 15s
Details
Helm / helm-unittest (push) Successful in 17s
Details
2025-11-12 20:01:48 +00:00
CSRBot
4ca2d29172 chore(deps): update docker.io/library/node docker tag to v25.2.0
All checks were successful
Helm / helm-lint (push) Successful in 7s
Details
Helm / helm-lint (pull_request) Successful in 6s
Details
Helm / helm-unittest (pull_request) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 18s
Details
2025-11-12 20:01:20 +00:00
CSRBot
c8e234ff24 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v25.1.0' (#105) from renovate/update-docker.iolibrarynode into master
All checks were successful
Helm / helm-lint (push) Successful in 15s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-10-29 17:01:40 +00:00
CSRBot
cedb98c64c chore(deps): update docker.io/library/node docker tag to v25.1.0
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-lint (pull_request) Successful in 7s
Details
Helm / helm-unittest (push) Successful in 17s
Details
Helm / helm-unittest (pull_request) Successful in 7s
Details
2025-10-29 17:01:11 +00:00
Markus Pesch
51facd6e1c docs(README): add example for outgoing SSH traffic
All checks were successful
Generate README / generate-parameters (push) Successful in 29s
Details
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (push) Successful in 17s
Details
Markdown linter / markdown-link-checker (push) Successful in 31s
Details
Markdown linter / markdown-lint (push) Successful in 27s
Details
2025-10-22 18:13:33 +02:00
CSRBot
3f7476afc6 chore(deps): update docker.io/library/node docker tag to v25
All checks were successful
Generate README / generate-parameters (push) Successful in 16s
Details
Markdown linter / markdown-link-checker (push) Successful in 11s
Details
Markdown linter / markdown-lint (push) Successful in 9s
Details
Helm / helm-lint (pull_request) Successful in 6s
Details
Helm / helm-unittest (pull_request) Successful in 6s
Details
Generate README / generate-parameters (pull_request) Successful in 28s
Details
Markdown linter / markdown-link-checker (pull_request) Successful in 11s
Details
Markdown linter / markdown-lint (pull_request) Successful in 29s
Details
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-10-22 15:53:16 +00:00
Markus Pesch
530316e910 docs(README): add an ArgoCD application resource as an example
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Details
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (push) Successful in 7s
Details
Markdown linter / markdown-lint (push) Successful in 9s
Details
Markdown linter / markdown-link-checker (push) Successful in 44s
Details
2025-10-22 17:50:26 +02:00
Markus Pesch
4974d63a8c docs(README): adapt jq expression to ignore reloader annotation
All checks were successful
Generate README / generate-parameters (push) Successful in 29s
Details
Helm / helm-lint (push) Successful in 16s
Details
Helm / helm-unittest (push) Successful in 17s
Details
Markdown linter / markdown-link-checker (push) Successful in 30s
Details
Markdown linter / markdown-lint (push) Successful in 28s
Details
2025-10-21 22:32:13 +02:00
Markus Pesch
1bbd0352c3 docs(README): add tip how to ignore stakater's reloader annotations
Some checks failed
Generate README / generate-parameters (push) Successful in 31s
Details
Helm / helm-lint (push) Successful in 15s
Details
Helm / helm-unittest (push) Successful in 17s
Details
Markdown linter / markdown-link-checker (push) Successful in 31s
Details
Markdown linter / markdown-lint (push) Has been cancelled
Details
2025-10-21 22:29:09 +02:00
CSRBot
ccdf377aaa chore(deps): update dependency helm-unittest/helm-unittest to v1.0.3
All checks were successful
Helm / helm-unittest (pull_request) Successful in 12s
Details
Helm / helm-lint (pull_request) Successful in 14s
Details
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 16s
Details
2025-10-16 22:04:50 +02:00
Markus Pesch
64790fc316 fix(renovate): update packageRule for helm-unittest/helm-unittest
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 18s
Details
2025-10-16 22:02:31 +02:00
Markus Pesch
2c88d6698b fix(renovate): update packageRule for helm-unittest/helm-unittest
All checks were successful
Helm / helm-lint (push) Successful in 12s
Details
Helm / helm-unittest (push) Successful in 17s
Details
2025-10-16 21:45:15 +02:00
Markus Pesch
9abdb1ca3a docs(README): describe existing persistent volume claims
All checks were successful
Helm / helm-lint (push) Successful in 7s
Details
Helm / helm-unittest (push) Successful in 7s
Details
Markdown linter / markdown-link-checker (push) Successful in 12s
Details
Generate README / generate-parameters (push) Successful in 29s
Details
Markdown linter / markdown-lint (push) Successful in 9s
Details
2025-10-16 17:23:11 +02:00
CSRBot
81f14405fd Merge pull request 'chore(deps): update dependency volker.raschek/athens-proxy-charts to v1' (#102) from renovate/volker.raschek-athens-proxy-charts-1.x into master
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Details
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 7s
Details
Markdown linter / markdown-lint (push) Successful in 8s
Details
Markdown linter / markdown-link-checker (push) Successful in 31s
Details
2025-10-15 22:02:04 +00:00
CSRBot
7b37bfc373 chore(deps): update dependency volker.raschek/athens-proxy-charts to v1
All checks were successful
Markdown linter / markdown-lint (pull_request) Successful in 9s
Details
Markdown linter / markdown-link-checker (pull_request) Successful in 32s
Details
Generate README / generate-parameters (push) Successful in 12s
Details
Helm / helm-lint (push) Successful in 13s
Details
Helm / helm-unittest (push) Successful in 6s
Details
Markdown linter / markdown-lint (push) Successful in 10s
Details
Generate README / generate-parameters (pull_request) Successful in 9s
Details
Helm / helm-lint (pull_request) Successful in 6s
Details
Markdown linter / markdown-link-checker (push) Successful in 34s
Details
Helm / helm-unittest (pull_request) Successful in 6s
Details
2025-10-15 22:01:05 +00:00
Markus Pesch
bba0df90ff docs(README): add missing backslash
All checks were successful
Generate README / generate-parameters (push) Successful in 28s
Details
Helm / helm-unittest (push) Successful in 7s
Details
Helm / helm-lint (push) Successful in 15s
Details
Markdown linter / markdown-link-checker (push) Successful in 12s
Details
Markdown linter / markdown-lint (push) Successful in 28s
Details
2025-10-15 21:33:57 +02:00
Markus Pesch
cb312817c3 docs(README): TLS encryption
Some checks failed
Helm / helm-lint (push) Successful in 17s
Details
Generate README / generate-parameters (push) Successful in 20s
Details
Helm / helm-unittest (push) Has been cancelled
Details
Markdown linter / markdown-lint (push) Has been cancelled
Details
Markdown linter / markdown-link-checker (push) Has been cancelled
Details
2025-10-15 21:33:31 +02:00
CSRBot
fe428d83d2 Merge pull request 'chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.1.1' (#101) from renovate/volker.raschek-athens-proxy-charts-1.x into master
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Details
Helm / helm-lint (push) Successful in 6s
Details
Markdown linter / markdown-link-checker (push) Successful in 11s
Details
Helm / helm-unittest (push) Successful in 17s
Details
Markdown linter / markdown-lint (push) Successful in 11s
Details
2025-10-14 22:05:07 +00:00
CSRBot
4c94529eab chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.1.1
All checks were successful
Generate README / generate-parameters (push) Successful in 29s
Details
Helm / helm-unittest (push) Successful in 15s
Details
Helm / helm-lint (push) Successful in 15s
Details
Generate README / generate-parameters (pull_request) Successful in 29s
Details
Markdown linter / markdown-link-checker (push) Successful in 33s
Details
Markdown linter / markdown-lint (push) Successful in 27s
Details
Helm / helm-lint (pull_request) Successful in 16s
Details
Helm / helm-unittest (pull_request) Successful in 15s
Details
Markdown linter / markdown-lint (pull_request) Successful in 23s
Details
Markdown linter / markdown-link-checker (pull_request) Successful in 42s
Details
2025-10-14 22:01:47 +00:00
Markus Pesch
297f36920a fix(certificate): subject in body must be of type object
All checks were successful
Helm / helm-lint (push) Successful in 7s
Details
Helm / helm-unittest (push) Successful in 7s
Details
Release / publish-chart (push) Successful in 18s
Details
2025-10-14 23:26:09 +02:00
Markus Pesch
4102fc9014 feat(certificates): support certificates
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Details
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (push) Successful in 7s
Details
Markdown linter / markdown-lint (push) Successful in 15s
Details
Markdown linter / markdown-link-checker (push) Successful in 32s
Details
Release / publish-chart (push) Successful in 19s
Details 
The following patch enables you to generate certificates using cert-manager or,
alternatively, to mount a secret with TLS certificates.

The HTTP server is then automatically configured to use the TLS certificates to
encrypt HTTP traffic.

If an ingress controller is also used, such as the nginx-ingress controller, the
necessary annotations must still be set to inform the nginx-ingress controller
that the HTTP upstream server communicates via HTTPS.
 2025-10-14 23:02:28 +02:00
CSRBot
be923ed95f Merge pull request 'chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.0.3' (#100) from renovate/volker.raschek-athens-proxy-charts-1.x into master
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Details
Helm / helm-lint (push) Successful in 8s
Details
Markdown linter / markdown-link-checker (push) Successful in 11s
Details
Helm / helm-unittest (push) Successful in 16s
Details
Markdown linter / markdown-lint (push) Successful in 9s
Details
2025-10-12 22:03:24 +00:00
CSRBot
f07ff039ce chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.0.3
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Details
Helm / helm-lint (push) Successful in 17s
Details
Helm / helm-unittest (push) Successful in 7s
Details
Markdown linter / markdown-lint (push) Successful in 1m0s
Details
Markdown linter / markdown-link-checker (push) Successful in 1m20s
Details
Generate README / generate-parameters (pull_request) Successful in 11s
Details
Helm / helm-unittest (pull_request) Successful in 19s
Details
Helm / helm-lint (pull_request) Successful in 23s
Details
Markdown linter / markdown-link-checker (pull_request) Successful in 16s
Details
Markdown linter / markdown-lint (pull_request) Successful in 34s
Details
2025-10-12 22:01:05 +00:00
Markus Pesch
a11be194cc docs(Chart): adapt list of sources
All checks were successful
Helm / helm-lint (push) Successful in 1m0s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-10-12 22:36:52 +02:00
Markus Pesch
7908de9313 docs(README): update parameter description
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 6s
Details
Markdown linter / markdown-link-checker (push) Successful in 11s
Details
Generate README / generate-parameters (push) Successful in 28s
Details
Markdown linter / markdown-lint (push) Successful in 10s
Details
2025-10-12 22:34:22 +02:00
Markus Pesch
adfe40a9c7 docs(README): adapt description of networkPolicy examples
Some checks failed
Helm / helm-lint (push) Successful in 1m4s
Details
Helm / helm-unittest (push) Successful in 7s
Details
Generate README / generate-parameters (push) Failing after 1m21s
Details
2025-10-12 22:24:10 +02:00
Markus Pesch
eadbcf243b fix(deployment): mount configMap 'gitconfig'
All checks were successful
Helm / helm-lint (push) Successful in 7s
Details
Helm / helm-unittest (push) Successful in 20s
Details
Release / publish-chart (push) Successful in 13s
Details
2025-10-12 22:09:03 +02:00
Markus Pesch
0caa188bb1 fix(deployment): mount additional volumes
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 15s
Details
Release / publish-chart (push) Successful in 8s
Details
2025-10-12 22:03:25 +02:00
Markus Pesch
3bce806ed6 fix(deployment): mount environment variables and volumes only when enabled
All checks were successful
Helm / helm-lint (push) Successful in 7s
Details
Helm / helm-unittest (push) Successful in 15s
Details
Release / publish-chart (push) Successful in 8s
Details
2025-10-12 21:55:31 +02:00
Markus Pesch
5c09cf8c79 docs(README): skip rendering of file content
All checks were successful
Helm / helm-lint (push) Successful in 7s
Details
Helm / helm-unittest (push) Successful in 6s
Details
Generate README / generate-parameters (push) Successful in 28s
Details
Markdown linter / markdown-link-checker (push) Successful in 12s
Details
Markdown linter / markdown-lint (push) Successful in 28s
Details
2025-10-12 21:11:45 +02:00
Markus Pesch
d4b5c0c86f fix(Chart): adapt annotation 'artifacthub.io/links'
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-10-12 20:54:08 +02:00
31 changed files with 1448 additions and 796 deletions
Expand all files Collapse all files

7
.gitea/workflows/generate-readme.yaml
View File

@@ -15,15 +15,14 @@ on:
jobs:
generate-parameters:
container:
image: docker.io/library/node:24.10.0-alpine
runs-on:
- ubuntu-latest
image: docker.io/library/node:25.2.1-alpine
runs-on: ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v5.0.0
- uses: actions/checkout@v6.0.1
- name: Generate parameter section in README
run: |
npm install

37
.gitea/workflows/helm.yaml
View File

@@ -12,31 +12,26 @@ on:
jobs:
helm-lint:
container:
image: docker.io/volkerraschek/helm:3.19.0
runs-on:
- ubuntu-latest
runs-on: ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v5.0.0
- uses: actions/checkout@v6.0.1
- uses: azure/setup-helm@v4.3.1
with:
version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm
- name: Lint helm files
run: |
helm lint --values values.yaml .
helm-unittest:
container:
image: docker.io/volkerraschek/helm:3.19.0
runs-on:
- ubuntu-latest
runs-on: ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v5.0.0
- name: Unittest
run: |
helm unittest --strict --file 'unittests/**/*.yaml' ./
- uses: actions/checkout@v6.0.1
- uses: azure/setup-helm@v4.3.1
with:
version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm
- env:
HELM_UNITTEST_VERSION: v1.0.0 #renovate: datasource=github-releases depName=helm-unittest/helm-unittest
name: Install helm-unittest
run: helm plugin install --verify=false --version "${HELM_UNITTEST_VERSION}" https://github.com/helm-unittest/helm-unittest
- name: Execute helm unittests
run: helm unittest --strict --file 'unittests/**/*.yaml' .

14
.gitea/workflows/markdown-linters.yaml
View File

@@ -15,15 +15,14 @@ on:
jobs:
markdown-link-checker:
container:
image: docker.io/library/node:24.10.0-alpine
runs-on:
- ubuntu-latest
image: docker.io/library/node:25.2.1-alpine
runs-on: ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v5.0.0
- uses: actions/checkout@v6.0.1
- name: Verify links in markdown files
run: |
npm install
@@ -31,15 +30,14 @@ jobs:
markdown-lint:
container:
image: docker.io/library/node:24.10.0-alpine
runs-on:
- ubuntu-latest
image: docker.io/library/node:25.2.1-alpine
runs-on: ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git
- uses: actions/checkout@v5.0.0
- uses: actions/checkout@v6.0.1
- name: Lint markdown files
run: |
npm install

4
.gitea/workflows/release.yaml
View File

@@ -8,7 +8,7 @@ on:
jobs:
publish-chart:
container:
image: docker.io/volkerraschek/helm:3.19.0
image: docker.io/volkerraschek/helm:4.0.1
runs-on: ubuntu-latest
steps:
- name: Install packages via apk
@@ -16,7 +16,7 @@ jobs:
apk update
apk add git npm jq yq
- uses: actions/checkout@v5.0.0
- uses: actions/checkout@v6.0.1
with:
fetch-depth: 0

8
.vscode/settings.json vendored Normal file
View File

@@ -0,0 +1,8 @@
{
"yaml.schemas": {
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [
"/unittests/**/*.yaml"
]
},
"yaml.schemaStore.enable": true
}

4
Chart.yaml
View File

@@ -3,7 +3,7 @@ annotations:
- name: Athens proxy (binary)
url: https://github.com/gomods/athens
- name: support
url: https://git.cryptic.systems/volker.raschek/athens-proxy/issues
url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues
apiVersion: v2
name: athens-proxy
description: Athens proxy server for golang
@@ -19,6 +19,6 @@ keywords:
- go-proxy
sources:
- https://github.com/volker-raschek/athens-proxy-charts
- https://git.cryptic.systems/volker.raschek/athens-proxy-charts
- https://github.com/gomods/athens
- https://hub.docker.com/r/gomods/athens

2
Makefile
View File

@@ -10,7 +10,7 @@ HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:
# NODE_IMAGE
NODE_IMAGE_REGISTRY_HOST?=docker.io
NODE_IMAGE_REPOSITORY?=library/node
NODE_IMAGE_VERSION?=24.10.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
NODE_IMAGE_VERSION?=25.2.1-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
# MISSING DOT

307
README.md
View File

@@ -1,4 +1,4 @@
# athens-proxy-charts
# Athens - A Go module datastore and proxy
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek)
@@ -16,10 +16,7 @@ Chapter [configuration and installation](#helm-configuration-and-installation) d
helm and use it to deploy the exporter. It also contains further configuration examples.
Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the
*[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)*
concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a
separate [chapter](#argocd).
helm chart is tested for deployment scenarios with **ArgoCD**.
## Helm: configuration and installation
@@ -40,21 +37,21 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi
versions can break something!
```bash
CHART_VERSION=1.0.0
CHART_VERSION=1.3.0
helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml
```
A complete list of available helm chart versions can be displayed via the following command:
```bash
helm search repo reposilite --versions
helm search repo athens-proxy --versions
```
The helm chart also contains a persistent volume claim definition. It persistent volume claim is not enabled by default.
Use the `--set` argument to persist your data.
```bash
CHART_VERSION=1.0.0
CHART_VERSION=1.3.0
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
persistence.enabled=true
```
@@ -84,13 +81,73 @@ Further information about this topic can be found in one of Kanishk's blog
> Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
```bash
CHART_VERSION=1.0.0
CHART_VERSION=1.3.0
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
--set 'deployment.athensProxy.env.name=GOMAXPROCS' \
--set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
--set 'deployment.athensProxy.resources.limits.cpu=1000m'
```
#### TLS encryption
The example shows how to deploy the application with TLS encryption. For example when **no** HTTP ingress is used for
TLS determination and instead the application it self should determinate the TLS handshake. To generate the TLS
certificate can be used the [cert-manager](https://cert-manager.io/). The chart supports the creation of such a TLS
certificate via `cert-manager.io/v1 Certificate` resource. Alternatively can be mounted a TLS certificate from a secret.
The secret must be from type `kubernetes.io/tls`.
> [!WARNING]
> The following example expects that the [cert-manager](https://cert-manager.io/) is deployed and the `Issuer` named
> `athens-proxy-ca` is present in the same namespace of the helm deployment.
```bash
CHART_VERSION=1.3.0
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
--set 'config.certificate.enabled=true' \
--set 'config.certificate.new.issuerRef.kind=Issuer' \
--set 'config.certificate.new.issuerRef.name=athens-proxy-ca'
```
The environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` are automatically added and the TLS certificate
and private key are mounted to a pre-defined destination inside the container file system.
#### TLS certificate rotation
If the application uses TLS certificates that are mounted as a secret in the container file system like the example
[above](#tls-encryption), the application will not automatically apply them when the TLS certificates are rotated. Such
a rotation can be for example triggered, when the [cert-manager](https://cert-manager.io/) issues new TLS certificates
before expiring.
Until the exporter does not support rotating TLS certificate a workaround can be applied. For example stakater's
[reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update. The following
annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted secret has
been changed.
> [!IMPORTANT]
> The Helm chart already adds annotations to trigger a rolling release. Helm describes this approach under
> [Automatically Roll Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments).
> For this reason, **only external** configMaps or secrets need to be monitored by reloader.
```yaml
deployment:
annotations:
secret.reloader.stakater.com/reload: "athens-proxy-tls"
```
If the application is rolled out using ArgoCD, a rolling update from stakater's
[reloader](https://github.com/stakater/Reloader) can lead to a drift. ArgoCD will attempt to restore the original state
with a rolling update. To avoid this, instead of a rolling update triggered by the reloader, a restart of the pod can be
initiated. Further information are available in the official
[README](https://github.com/stakater/Reloader?tab=readme-ov-file#4-%EF%B8%8F-workload-specific-rollout-strategy) of
stakater's reloader.
```diff
deployment:
annotations:
+ reloader.stakater.com/rollout-strategy: "restart"
secret.reloader.stakater.com/reload: "athens-proxy-tls"
```
#### Network policies
Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
@@ -126,6 +183,9 @@ networkPolicies:
protocol: TCP
- port: 53
protocol: UDP
- ports:
- port: 22
protocol: TCP
- ports:
- port: 443
protocol: TCP
@@ -145,31 +205,51 @@ networkPolicies:
## ArgoCD
### Daily execution of rolling updates
### Example Application
The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in
connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll
Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments).
An application resource for the Helm chart is defined below. It serves as an example for your own deployment.
The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the
content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version,
Helm render order, different timestamps).
This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this
can lead to unnecessary notifications from ArgoCD.
To avoid this, the annotation with the shasum must be ignored. Below is a diff that adds the `Application` to ignore all
annotations with the prefix `checksum`.
```diff
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
+ ignoreDifferences:
+ - group: apps/v1
+ kind: Deployment
+ jqPathExpressions:
+ - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))'
```yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
destination:
server: https://kubernetes.default.svc
namespace: athens-proxy
ignoreDifferences:
- group: apps
kind: Deployment
jqPathExpressions:
# When HPA is enabled, ensure that a modification of the replicas does not lead to a
# drift.
- '.spec.replicas'
# Ensure that changes of the annotations or environment variables added or modified by
# stakater's reloader does not lead to a drift.
- '.spec.template.metadata.annotations | with_entries(select(.key | startswith("reloader")))'
- '.spec.template.spec.containers[].env[] | select(.name | startswith("STAKATER_"))'
sources:
- repoURL: https://charts.cryptic.systems/volker.raschek
chart: athens-proxy
targetRevision: '0.*'
helm:
valueFiles:
- $values/values.yaml
releaseName: athens-proxy
syncPolicy:
automated:
prune: true
selfHeal: true
managedNamespaceMetadata:
annotations: {}
labels: {}
syncOptions:
- ApplyOutOfSyncOnly=true
- CreateNamespace=true
- FailOnSharedResource=false
- Replace=false
- RespectIgnoreDifferences=false
- ServerSideApply=true
- Validate=true
```
## Parameters
@@ -181,85 +261,80 @@ annotations with the prefix `checksum`.
| `nameOverride` | Individual release name suffix. | `""` |
| `fullnameOverride` | Override the complete release name logic. | `""` |
### Certificate
| Name | Description | Value |
| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- |
| `certificate.enabled` | Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added. | `false` |
| `certificate.addSHASumAnnotation` | Add an pod annotation with the sha sum of the secret containing the TLS certificates. | `true` |
| `certificate.existingSecret.enabled` | Use an existing secret of the type `kubernetes.io/tls`. | `false` |
| `certificate.existingSecret.secretName` | Name of the secret containing the TLS certificate and private key. | `""` |
| `certificate.new.annotations` | Additional certificate annotations. | `{}` |
| `certificate.new.labels` | Additional certificate labels. | `{}` |
| `certificate.new.duration` | Duration of the TLS certificate. | `744h` |
| `certificate.new.renewBefore` | Renew TLS certificate before expiring. | `672h` |
| `certificate.new.dnsNames` | Overwrites the default of the subject alternative DNS names. | `[]` |
| `certificate.new.ipAddresses` | Overwrites the default of the subject alternative IP addresses. | `[]` |
| `certificate.new.issuerRef.kind` | Issuer kind. Can be `Issuer` or `ClusterIssuer`. | `""` |
| `certificate.new.issuerRef.name` | Name of the `Issuer` or `ClusterIssuer`. | `""` |
| `certificate.new.privateKey.algorithm` | Algorithm of the private TLS key. | `RSA` |
| `certificate.new.privateKey.rotationPolicy` | Rotation of the private TLS key. | `Never` |
| `certificate.new.privateKey.size` | Size of the private TLS key. | `4096` |
| `certificate.new.secretTemplate.annotations` | Additional annotation of the created secret. | `{}` |
| `certificate.new.secretTemplate.labels` | Additional labels of the created secret. | `{}` |
| `certificate.new.subject.countries` | List of countries. | `[]` |
| `certificate.new.subject.localities` | List of localities. | `[]` |
| `certificate.new.subject.organizationalUnits` | List of organizationalUnits. | `[]` |
| `certificate.new.subject.organizations` | List of organizations. | `[]` |
| `certificate.new.subject.postalCodes` | List of postalCodes. | `[]` |
| `certificate.new.subject.provinces` | List of provinces. | `[]` |
| `certificate.new.subject.serialNumber` | Serial number. | `""` |
| `certificate.new.subject.streetAddresses` | List of streetAddresses. | `[]` |
| `certificate.new.usages` | Define the usage of the TLS key. | `["client auth","server auth"]` |
### Configuration
| Name | Description | Value |
| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `config.env.enabled` | Enable mounting of the secret as environment variables. | `false` |
| `config.env.existingSecret.enabled` | Mount an existing secret containing the application specific environment variables. | `false` |
| `config.env.existingSecret.secretName` | Name of the existing secret containing the application specific environment variables. | `""` |
| `config.env.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
| `config.env.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
| `config.env.secret.envs` | List of environment variables stored in a secret and mounted into the container. | `{}` |
| `config.downloadMode.enabled` | Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined. | `false` |
| `config.downloadMode.existingConfigMap.enabled` | Enable to use an external config map for mounting the download mode file. | `false` |
| `config.downloadMode.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the download mode file. | `""` |
| `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored. | `downloadMode` |
| `config.downloadMode.configMap.annotations` | Additional annotations of the config map containing the download mode file. | `{}` |
| `config.downloadMode.configMap.labels` | Additional labels of the config map containing the download mode file. | `{}` |
| `config.downloadMode.configMap.content` | The content of the download mode file. | `downloadURL = "https://proxy.golang.org"
mode = "async_redirect"
# download "github.com/gomods/*" {
# mode = "sync"
# }
#
# download "golang.org/x/*" {
# mode = "none"
# }
#
# download "github.com/pkg/*" {
# mode = "redirect"
# downloadURL = "https://proxy.golang.org"
# }
` |
| `config.gitConfig.enabled` | Enable mounting of a .gitconfig file into the container file system. | `false` |
| `config.gitConfig.existingConfigMap.enabled` | Enable to use an external config map for mounting the .gitconfig file. | `false` |
| `config.gitConfig.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the .gitconfig file. | `""` |
| `config.gitConfig.existingConfigMap.gitConfigKey` | The name of the key inside the config map where the content of the .gitconfig file is stored. | `nil` |
| `config.gitConfig.configMap.annotations` | Additional annotations of the config map containing the .gitconfig file. | `{}` |
| `config.gitConfig.configMap.labels` | Additional labels of the config map containing the .gitconfig file. | `{}` |
| `config.gitConfig.configMap.content` | The content of the .gitconfig file. | `# The .gitconfig file
#
# The .gitconfig file contains the user specific git configuration. It generally resides in the user's home
# directory.
#
# [url "git@github.com:"] insteadOf = https://github.com/
` |
| `config.netrc.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
| `config.netrc.existingSecret.enabled` | Enable to use an external secret for mounting the .netrc file. | `false` |
| `config.netrc.existingSecret.secretName` | The name of the existing secret which should be used to mount the .netrc file. | `""` |
| `config.netrc.existingSecret.netrcKey` | The name of the key inside the secret where the content of the .netrc file is stored. | `.netrc` |
| `config.netrc.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
| `config.netrc.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
| `config.netrc.secret.content` | The content of the .netrc file. | `# The .netrc file
#
# The .netrc file contains login and initialization information used by the auto-login process. It generally
# resides in the user's home directory, but a location outside of the home directory can be set using the
# environment variable NETRC. Both locations are overridden by the command line option -N. The selected file
# must be a regular file, or access will be denied.
#
# https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
#
# default login [name] password [password/token]
# machine github.com [octocat] password [PAT]
# machine api.github.com [octocat] password [PAT]
` |
| `config.ssh.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
| `config.ssh.existingSecret.enabled` | Enable to use an external secret for mounting the public and private SSH key files. | `false` |
| `config.ssh.existingSecret.secretName` | The name of the existing secret which should be used to mount the public and private SSH key files. | `""` |
| `config.ssh.existingSecret.configKey` | The name of the key inside the secret where the content of the SSH client config file is stored. | `config` |
| `config.ssh.existingSecret.id_ed25519Key` | The name of the key inside the secret where the content of the id_ed25519 key file is stored. | `id_ed25519` |
| `config.ssh.existingSecret.id_ed25519PubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_ed25519.pub` |
| `config.ssh.existingSecret.id_rsaKey` | The name of the key inside the secret where the content of the id_rsa key file is stored. | `id_rsa` |
| `config.ssh.existingSecret.id_rsaPubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_rsa.pub` |
| `config.ssh.secret.annotations` | Additional annotations of the secret containing the public and private SSH key files. | `{}` |
| `config.ssh.secret.labels` | Additional labels of the secret containing the public and private SSH key files. | `{}` |
| `config.ssh.secret.config` | The content of the SSH client config file. | `# Host *
# IdentityFile ~/.ssh/id_ed25519
# IdentityFile ~/.ssh/id_rsa
` |
| Name | Description | Value |
| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `config.env.enabled` | Enable mounting of the secret as environment variables. | `false` |
| `config.env.addSHASumAnnotation` | Add an pod annotation with the sha sum of the config map containing the configuration. | `true` |
| `config.env.existingSecret.enabled` | Mount an existing secret containing the application specific environment variables. | `false` |
| `config.env.existingSecret.secretName` | Name of the existing secret containing the application specific environment variables. | `""` |
| `config.env.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
| `config.env.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
| `config.env.secret.envs` | List of environment variables stored in a secret and mounted into the container. | `{}` |
| `config.downloadMode.enabled` | Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined. | `false` |
| `config.downloadMode.addSHASumAnnotation` | Add an pod annotation with the sha sum of the config map containing the downloadMode config. | `true` |
| `config.downloadMode.existingConfigMap.enabled` | Enable to use an external config map for mounting the download mode file. | `false` |
| `config.downloadMode.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the download mode file. | `""` |
| `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored. | `downloadMode` |
| `config.downloadMode.configMap.annotations` | Additional annotations of the config map containing the download mode file. | `{}` |
| `config.downloadMode.configMap.labels` | Additional labels of the config map containing the download mode file. | `{}` |
| `config.gitConfig.enabled` | Enable mounting of a .gitconfig file into the container file system. | `false` |
| `config.gitConfig.addSHASumAnnotation` | Add an pod annotation with the sha sum of the config map containing the git config. | `true` |
| `config.gitConfig.existingConfigMap.enabled` | Enable to use an external config map for mounting the .gitconfig file. | `false` |
| `config.gitConfig.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the .gitconfig file. | `""` |
| `config.gitConfig.existingConfigMap.gitConfigKey` | The name of the key inside the config map where the content of the .gitconfig file is stored. | `nil` |
| `config.gitConfig.configMap.annotations` | Additional annotations of the config map containing the .gitconfig file. | `{}` |
| `config.gitConfig.configMap.labels` | Additional labels of the config map containing the .gitconfig file. | `{}` |
| `config.netrc.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
| `config.netrc.addSHASumAnnotation` | Add an pod annotation with the sha sum of the secret containing the netrc file. | `true` |
| `config.netrc.existingSecret.enabled` | Enable to use an external secret for mounting the .netrc file. | `false` |
| `config.netrc.existingSecret.secretName` | The name of the existing secret which should be used to mount the .netrc file. | `""` |
| `config.netrc.existingSecret.netrcKey` | The name of the key inside the secret where the content of the .netrc file is stored. | `.netrc` |
| `config.netrc.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
| `config.netrc.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
| `config.ssh.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
| `config.ssh.addSHASumAnnotation` | Add an pod annotation with the sha sum of the secret containing the ssh keys. | `true` |
| `config.ssh.existingSecret.enabled` | Enable to use an external secret for mounting the public and private SSH key files. | `false` |
| `config.ssh.existingSecret.secretName` | The name of the existing secret which should be used to mount the public and private SSH key files. | `""` |
| `config.ssh.existingSecret.configKey` | The name of the key inside the secret where the content of the SSH client config file is stored. | `config` |
| `config.ssh.existingSecret.id_ed25519Key` | The name of the key inside the secret where the content of the id_ed25519 key file is stored. | `id_ed25519` |
| `config.ssh.existingSecret.id_ed25519PubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_ed25519.pub` |
| `config.ssh.existingSecret.id_rsaKey` | The name of the key inside the secret where the content of the id_rsa key file is stored. | `id_rsa` |
| `config.ssh.existingSecret.id_rsaPubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_rsa.pub` |
| `config.ssh.secret.annotations` | Additional annotations of the secret containing the public and private SSH key files. | `{}` |
| `config.ssh.secret.labels` | Additional labels of the secret containing the public and private SSH key files. | `{}` |
### Deployment
@@ -298,7 +373,7 @@ mode = "async_redirect"
| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` |
| `deployment.tolerations` | Tolerations of the athens-proxy deployment. | `[]` |
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the athens-proxy deployment. | `[]` |
| `deployment.volumes` | Additional volumes to mount into the pods of the prometheus-exporter deployment. | `[]` |
| `deployment.volumes` | Additional volumes to mount into the pods of the athens-proxy deployment. | `[]` |
### Horizontal Pod Autoscaler (HPA)
@@ -328,14 +403,20 @@ mode = "async_redirect"
| -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- |
| `persistence.enabled` | Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. | `false` |
| `persistence.data.mountPath` | The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`. | `/var/www/athens-proxy/data` |
| `persistence.data.existingPersistentVolumeClaim.enabled` | TODO | `false` |
| `persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName` | TODO | `""` |
| `persistence.data.existingPersistentVolumeClaim.enabled` | Use an existing persistent volume claim. | `false` |
| `persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName` | The name of the existing persistent volume claim. | `""` |
| `persistence.data.persistentVolumeClaim.annotations` | Additional persistent volume claim annotations. | `{}` |
| `persistence.data.persistentVolumeClaim.labels` | Additional persistent volume claim labels. | `{}` |
| `persistence.data.persistentVolumeClaim.accessModes` | Access modes of the persistent volume claim. | `["ReadWriteMany"]` |
| `persistence.data.persistentVolumeClaim.storageClass` | Storage class of the persistent volume claim. | `""` |
| `persistence.data.persistentVolumeClaim.storageClassName` | Storage class of the persistent volume claim. | `""` |
| `persistence.data.persistentVolumeClaim.storageSize` | Size of the persistent volume claim. | `5Gi` |
### Network
| Name | Description | Value |
| --------------- | ------------------------------------------------------------------------ | --------------- |
| `clusterDomain` | Domain of the Cluster. Domain is part of internally issued certificates. | `cluster.local` |
### Network Policy
| Name | Description | Value |

749
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

2
package.json
View File

@@ -16,6 +16,6 @@
"devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.5.0",
"markdown-link-check": "^3.13.6",
"markdownlint-cli": "^0.45.0"
"markdownlint-cli": "^0.46.0"
}
}

24
renovate.json
View File

@@ -31,6 +31,16 @@
"packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts",
"datasourceTemplate": "git-tags",
"versioningTemplate": "semver"
},
{
"customType": "regex",
"datasourceTemplate": "github-releases",
"fileMatch": [
".vscode/settings\\.json$"
],
"matchStrings": [
"https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json"
]
}
],
"packageRules": [
@@ -41,6 +51,20 @@
"volkerraschek/helm"
]
},
{
"automerge": true,
"groupName": "Update helm plugin 'unittest'",
"matchDepNames": [
"helm-unittest/helm-unittest"
],
"matchDatasources": [
"github-releases"
],
"matchUpdateTypes": [
"minor",
"patch"
]
},
{
"groupName": "Update docker.io/library/node",
"matchDepNames": [

25
templates/_certificate.tpl Normal file
View File

@@ -0,0 +1,25 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.certificates.server.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.certificate.new.annotations }}
{{ toYaml .Values.certificate.new.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.certificates.server.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.certificate.new.labels }}
{{ toYaml .Values.certificate.new.labels }}
{{- end }}
{{- end }}
{{/* names */}}
{{- define "athens-proxy.certificates.server.name" -}}
{{ include "athens-proxy.fullname" . }}-tls
{{- end -}}

26
templates/_deployment.tpl
View File

@@ -26,6 +26,13 @@
{{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }}
{{- end }}
{{- if .Values.certificate.enabled }}
{{- $env = concat $env (list
(dict "name" "ATHENS_TLSCERT_FILE" "value" "/etc/athens-proxy/tls/tls.crt")
(dict "name" "ATHENS_TLSKEY_FILE" "value" "/etc/athens-proxy/tls/tls.key")
) }}
{{- end }}
{{ toYaml (dict "env" $env) }}
{{- end -}}
@@ -80,6 +87,7 @@
{{- define "athens-proxy.deployment.volumeMounts" -}}
{{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }}
{{- if .Values.persistence.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }}
{{- end }}
@@ -123,13 +131,19 @@
{{- end }}
{{/* volumeMounts (tls) */}}
{{- if .Values.certificate.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "tls" "mountPath" "/etc/athens-proxy/tls" )) }}
{{- end }}
{{ toYaml (dict "volumeMounts" $volumeMounts) }}
{{- end -}}
{{/* volumes */}}
{{- define "athens-proxy.deployment.volumes" -}}
{{- $volumes := .Values.deployment.athensProxy.volumes | default (list) }}
{{- $volumes := .Values.deployment.volumes | default (list) }}
{{/* volumes (data) */}}
@@ -251,5 +265,15 @@
{{- $volumes = concat $volumes (list $projectedSecretVolume) }}
{{- end }}
{{/* volumes (tls) */}}
{{- if .Values.certificate.enabled }}
{{- $secretName := include "athens-proxy.certificates.server.name" $ }}
{{- if .Values.certificate.existingSecret.enabled }}
{{- $secretName := .Values.certificate.existingSecret.secretName }}
{{- end }}
{{- $volumes = concat $volumes (list (dict "name" "tls" "secret" (dict "secretName" $secretName))) }}
{{- end }}
{{ toYaml (dict "volumes" $volumes) }}
{{- end -}}

76
templates/_pod.tpl
View File

@@ -2,26 +2,68 @@
{{/* annotations */}}
{{- define "athens-proxy.pod.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) -}}
{{- printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }}
{{- end -}}
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) -}}
{{- printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }}
{{- end -}}
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) -}}
{{- printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }}
{{- end -}}
{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) -}}
{{- printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }}
{{- end -}}
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) -}}
{{- printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }}
{{- end -}}
{{- define "athens-proxy.pod.annotations" }}
{{- include "athens-proxy.annotations" . }}
{{- if and .Values.certificate.enabled .Values.certificate.addSHASumAnnotation }}
{{- $secretName := include "athens-proxy.certificates.server.name" $ }}
{{- if and .Values.certificate.existingSecret.enabled (gt (len .Values.certificate.existingSecret.secretName) 0) }}
{{- $secretName = .Values.certificate.existingSecret.secretName }}
{{- end }}
{{- $secret := lookup "v1" "Secret" .Release.Namespace $secretName | toYaml }}
{{ printf "checksum/secret-%s: %s" $secretName ($secret | sha256sum) }}
{{- end }}
{{- if and .Values.config.env.enabled .Values.config.env.addSHASumAnnotation }}
{{- $secretName := include "athens-proxy.secrets.env.name" $ }}
{{- $secret := include (print $.Template.BasePath "/secretEnv.yaml") $ }}
{{- if and .Values.config.env.existingSecret.enabled (gt (len .Values.config.env.existingSecret.secretName) 0) }}
{{- $secretName = .Values.config.env.existingSecret.secretName }}
{{- $secret := lookup "v1" "Secret" .Release.Namespace $secretName | toYaml }}
{{- end }}
{{ printf "checksum/secret-%s: %s" $secretName ($secret | sha256sum) }}
{{- end }}
{{- if and .Values.config.downloadMode.enabled .Values.config.downloadMode.addSHASumAnnotation }}
{{- $configMapName := include "athens-proxy.configMap.downloadMode.name" $ }}
{{- $configMap := include (print $.Template.BasePath "/configMapDownloadMode.yaml") . }}
{{- if and .Values.config.downloadMode.existingConfigMap.enabled (gt (len .Values.config.downloadMode.existingConfigMap.configMapName) 0) }}
{{- $configMapName = .Values.config.downloadMode.existingConfigMap.configMapName }}
{{- $configMap := lookup "v1" "ConfigMap" .Release.Namespace $configMapName | toYaml }}
{{- end }}
{{ printf "checksum/config-map-%s: %s" $configMapName ($configMap | sha256sum) }}
{{- end }}
{{- if and .Values.config.gitConfig.enabled .Values.config.gitConfig.addSHASumAnnotation }}
{{- $configMapName := include "athens-proxy.configMap.gitConfig.name" $ }}
{{- $configMap := include (print $.Template.BasePath "/configMapGitConfig.yaml") . }}
{{- if and .Values.config.gitConfig.existingConfigMap.enabled (gt (len .Values.config.gitConfig.existingConfigMap.configMapName) 0) }}
{{- $configMapName = .Values.config.gitConfig.existingConfigMap.configMapName }}
{{- $configMap := lookup "v1" "ConfigMap" .Release.Namespace $configMapName | toYaml }}
{{- end }}
{{ printf "checksum/config-map-%s: %s" $configMapName ($configMap | sha256sum) }}
{{- end }}
{{- if and .Values.config.netrc.enabled .Values.config.netrc.addSHASumAnnotation }}
{{- $secretName := include "athens-proxy.secrets.netrc.name" $ }}
{{- $secret := include (print $.Template.BasePath "/secretNetRC.yaml") $ }}
{{- if and .Values.config.netrc.existingSecret.enabled (gt (len .Values.config.netrc.existingSecret.secretName) 0) }}
{{- $secretName = .Values.config.netrc.existingSecret.secretName }}
{{- $secret := lookup "v1" "Secret" .Release.Namespace $secretName | toYaml }}
{{- end }}
{{ printf "checksum/secret-%s: %s" $secretName ($secret | sha256sum) }}
{{- end }}
{{- if and .Values.config.ssh.enabled .Values.config.ssh.addSHASumAnnotation }}
{{- $secretName := include "athens-proxy.secrets.ssh.name" $ }}
{{- $secret := include (print $.Template.BasePath "/secretSSH.yaml") $ }}
{{- if and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.secretName) 0) }}
{{- $secretName = .Values.config.ssh.existingSecret.secretName }}
{{- $secret := lookup "v1" "Secret" .Release.Namespace $secretName | toYaml }}
{{- end }}
{{ printf "checksum/secret-%s: %s" $secretName ($secret | sha256sum) }}
{{- end }}
{{- end }}
{{/* labels */}}

97
templates/certificate.yaml Normal file
View File

@@ -0,0 +1,97 @@
{{- if and .Values.certificate.enabled (not .Values.certificate.existingSecret.enabled) -}}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
{{- with (include "athens-proxy.certificates.server.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.certificates.server.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.certificates.server.name" . }}
namespace: {{ .Release.Namespace }}
spec:
commonName: {{ include "athens-proxy.fullname" . }}
{{- if empty .Values.certificate.new.dnsNames }}
dnsNames:
- {{ include "athens-proxy.fullname" . }}
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
{{- else }}
dnsNames:
{{- range .Values.certificate.new.dnsNames }}
- {{ . }}
{{- end }}
{{- end }}
duration: {{ .Values.certificate.new.duration }}
{{- if not (empty .Values.certificate.new.ipAddresses) }}
ipAddresses:
{{- range .Values.certificate.new.ipAddresses }}
- {{ . }}
{{- end }}
{{- end }}
isCA: false
issuerRef:
kind: {{ required "No certificate issuer kind defined!" .Values.certificate.new.issuerRef.kind }}
name: {{ required "No certificate issuer name defined!" .Values.certificate.new.issuerRef.name }}
privateKey:
algorithm: {{ .Values.certificate.new.privateKey.algorithm }}
rotationPolicy: {{ .Values.certificate.new.privateKey.rotationPolicy }}
size: {{ .Values.certificate.new.privateKey.size }}
renewBefore: {{ .Values.certificate.new.renewBefore }}
secretName: {{ include "athens-proxy.certificates.server.name" . }}
{{- with .Values.certificate.new.secretTemplate }}
secretTemplate:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if or .Values.certificate.new.subject.countries
.Values.certificate.new.subject.localities
.Values.certificate.new.subject.organizationalUnits
.Values.certificate.new.subject.organizations
.Values.certificate.new.subject.postalCodes
.Values.certificate.new.subject.provinces
.Values.certificate.new.subject.serialNumber
.Values.certificate.new.subject.streetAddresses
}}
subject:
{{- with .Values.certificate.new.subject.countries }}
countries:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.localities }}
localities:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.organizationalUnits }}
organizationalUnits:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.organizations }}
organizations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.postalCodes }}
postalCodes:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.provinces }}
provinces:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.certificate.new.subject.serialNumber }}
serialNumber: {{ .Values.certificate.new.subject.serialNumber }}
{{- end }}
{{- with .Values.certificate.new.subject.streetAddresses }}
streetAddresses:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
usages:
{{- range .Values.certificate.new.usages }}
- {{ . }}
{{- end }}
{{- end }}

2
templates/configMapDownloadMode.yaml
View File

@@ -1,4 +1,4 @@
{{- if not .Values.config.downloadMode.existingConfigMap.enabled }}
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
---
apiVersion: v1
kind: ConfigMap

4
templates/configMapGitConfig.yaml
View File

@@ -1,4 +1,4 @@
{{- if not .Values.config.gitConfig.existingConfigMap.enabled }}
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
---
apiVersion: v1
kind: ConfigMap
@@ -11,7 +11,7 @@ metadata:
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}-git-config
name: {{ include "athens-proxy.configMap.gitConfig.name" . }}
namespace: {{ .Release.Namespace }}
data:
.gitconfig: |

16
templates/deployment.yaml
View File

@@ -50,16 +50,24 @@ spec:
image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }}
imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }}
livenessProbe:
tcpSocket:
port: http
exec:
{{- if not .Values.certificate.enabled }}
command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ]
{{- else }}
command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ]
{{- end }}
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 3
readinessProbe:
tcpSocket:
port: http
exec:
{{- if not .Values.certificate.enabled }}
command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ]
{{- else }}
command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ]
{{- end }}
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 15

2
templates/secretSSH.yaml
View File

@@ -1,4 +1,4 @@
{{- if not .Values.config.ssh.existingSecret.enabled }}
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
---
apiVersion: v1
kind: Secret

300
unittests/certificates/certificate.yaml Normal file
View File

@@ -0,0 +1,300 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Certificate athens-proxy template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/certificate.yaml
tests:
- it: Skip rendering by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rendering for existing certificate
set:
certificate.enabled: true
certificate.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Throw error when issuerKind and IssuerName is not defined
set:
certificate.enabled: true
asserts:
- failedTemplate:
errorMessage: "No certificate issuer kind defined!"
- it: Throw error when issuerKind and IssuerName is not defined
set:
certificate.enabled: true
asserts:
- failedTemplate: {}
- it: Throw error when issuerKind not defined
set:
certificate.enabled: true
certificate.new.issuerRef.name: "my-issuer"
asserts:
- failedTemplate:
errorMessage: "No certificate issuer kind defined!"
- it: Throw error when issuerName not defined
set:
certificate.enabled: true
certificate.new.issuerRef.kind: "ClusterIssuer"
asserts:
- failedTemplate:
errorMessage: "No certificate issuer name defined!"
- it: Rendering Certificate object when certificate.enabled=true (default)
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: cert-manager.io/v1
kind: Certificate
name: athens-proxy-unittest-tls
namespace: testing
- equal:
path: spec.commonName
value: athens-proxy-unittest
- equal:
path: spec.duration
value: 744h
- equal:
path: spec.dnsNames
value: [ "athens-proxy-unittest", "athens-proxy-unittest.testing", "athens-proxy-unittest.testing.svc", "athens-proxy-unittest.testing.svc.cluster.local" ]
- notExists:
path: spec.ipAddresses
- equal:
path: spec.isCA
value: false
- equal:
path: spec.issuerRef.kind
value: ClusterIssuer
- equal:
path: spec.issuerRef.name
value: my-issuer
- equal:
path: spec.privateKey.algorithm
value: RSA
- equal:
path: spec.privateKey.size
value: 4096
- equal:
path: spec.privateKey.rotationPolicy
value: Never
- equal:
path: spec.secretName
value: athens-proxy-unittest-tls
- exists:
path: spec.secretTemplate.annotations
- exists:
path: spec.secretTemplate.labels
- notExists:
path: spec.subject
- notExists:
path: spec.subject.countries
- notExists:
path: spec.subject.localities
- notExists:
path: spec.subject.organizationalUnits
- notExists:
path: spec.subject.organizations
- notExists:
path: spec.subject.postalCodes
- notExists:
path: spec.subject.provinces
- notExists:
path: spec.subject.serialNumber
- notExists:
path: spec.subject.streetAddresses
- equal:
path: spec.renewBefore
value: 672h
- equal:
path: spec.usages
value: [ "client auth", "server auth" ]
# metadata.annotations
- it: Rendering Certificate object with additional annotations and labels
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.annotations:
foo: bar
certificate.new.labels:
bar: foo
asserts:
- isSubset:
path: metadata.annotations
content:
foo: bar
- isSubset:
path: metadata.labels
content:
bar: foo
# spec.duration
- it: Rendering Certificate object with custom `.Values.certificate.new.duration`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.duration: 3000h
asserts:
- equal:
path: spec.duration
value: 3000h
# spec.dnsNames
- it: Rendering Certificate object with custom `.Values.certificate.new.dnsNames`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.dnsNames: [ "app", "app.example.local" ]
asserts:
- equal:
path: spec.dnsNames
value: [ "app", "app.example.local" ]
# spec.dnsNames
- it: Rendering Certificate object with custom `.Values.clusterDomain` as domain.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
clusterDomain: k8s.example.local
asserts:
- contains:
path: spec.dnsNames
content:
athens-proxy-unittest.testing.svc.k8s.example.local
count: 1
# spec.ipAddresses
- it: RRendering Certificate object with custom `.Values.certificate.new.ipAddresses`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.ipAddresses: [ "10.11.12.13", "fe00:xxyy:xxyy" ]
asserts:
- equal:
path: spec.ipAddresses
value: [ "10.11.12.13", "fe00:xxyy:xxyy" ]
# spec.privateKey
- it: Rendering Certificate object with custom `.Values.certificate.new.privateKey` values.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.privateKey.algorithm: ED25519
certificate.new.privateKey.rotationPolicy: Never
certificate.new.privateKey.size: 512
asserts:
- equal:
path: spec.privateKey.algorithm
value: ED25519
- equal:
path: spec.privateKey.rotationPolicy
value: Never
- equal:
path: spec.privateKey.size
value: 512
# spec.renewBefore
- it: Rendering Certificate object with custom `.Values.certificate.new.renewBefore`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.renewBefore: 2000h
asserts:
- equal:
path: spec.renewBefore
value: 2000h
# spec.secretTemplate
- it: Rendering Certificate object with custom `.Values.certificate.new.secretTemplate` values.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.secretTemplate:
annotations:
foo: bar
labels:
bar: foo
asserts:
- equal:
path: spec.secretTemplate.annotations
value:
foo: bar
- equal:
path: spec.secretTemplate.labels
value:
bar: foo
# spec.secretTemplate
- it: Rendering Certificate object with custom `.Values.certificate.new.subject` values.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.subject.countries: [ "Country" ]
certificate.new.subject.localities: [ "City" ]
certificate.new.subject.organizationalUnits: [ "IT department" ]
certificate.new.subject.organizations: [ "My organization" ]
certificate.new.subject.postalCodes: [ "AB12345", "12345AB" ]
certificate.new.subject.provinces: [ "Provinces" ]
certificate.new.subject.serialNumber: "MyNumber"
certificate.new.subject.streetAddresses: [ "ExampleStreet 1", "StreetExample 2" ]
asserts:
- equal:
path: spec.subject.countries
value: [ "Country" ]
- equal:
path: spec.subject.localities
value: [ "City" ]
- equal:
path: spec.subject.organizationalUnits
value: [ "IT department" ]
- equal:
path: spec.subject.organizations
value: [ "My organization" ]
- equal:
path: spec.subject.postalCodes
value: [ "AB12345", "12345AB" ]
- equal:
path: spec.subject.provinces
value: [ "Provinces" ]
- equal:
path: spec.subject.serialNumber
value: "MyNumber"
- equal:
path: spec.subject.streetAddresses
value: [ "ExampleStreet 1", "StreetExample 2" ]
# spec.usages
- it: Rendering Certificate object with custom `.Values.certificate.new.usages`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.usages: [ "client auth" ]
asserts:
- equal:
path: spec.usages
value: [ "client auth" ]

12
unittests/configMaps/downloadMode.yaml
View File

@@ -8,14 +8,22 @@ release:
templates:
- templates/configMapDownloadMode.yaml
tests:
- it: Skip rending by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rending by using existing config map.
set:
config.downloadMode.enabled: true
config.downloadMode.existingConfigMap.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering by default.
- it: Rendering with default values
set:
config.downloadMode.enabled: true
asserts:
- hasDocuments:
count: 1
@@ -56,6 +64,7 @@ tests:
- it: Rendering custom annotations and labels.
set:
config.downloadMode.enabled: true
config.downloadMode.configMap.annotations:
foo: bar
bar: foo
@@ -76,6 +85,7 @@ tests:
- it: Rendering custom configuration
set:
config.downloadMode.enabled: true
config.downloadMode.configMap.content: |
downloadURL = "https://proxy.golang.org"
mode = "async_redirect"

12
unittests/configMaps/gitConfig.yaml
View File

@@ -8,21 +8,29 @@ release:
templates:
- templates/configMapGitConfig.yaml
tests:
- it: Skip rending by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rending by using existing config map.
set:
config.gitConfig.enabled: true
config.gitConfig.existingConfigMap.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering by default.
set:
config.gitConfig.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ConfigMap
name: athens-proxy-unittest-git-config
name: athens-proxy-unittest-gitconfig
namespace: testing
- notExists:
path: metadata.annotations
@@ -46,6 +54,7 @@ tests:
- it: Rendering custom annotations and labels.
set:
config.gitConfig.enabled: true
config.gitConfig.configMap.annotations:
foo: bar
bar: foo
@@ -66,6 +75,7 @@ tests:
- it: Rendering custom configuration
set:
config.gitConfig.enabled: true
config.gitConfig.configMap.content: |
[url "git@github.com:"]
insteadOf = https://github.com/

111
unittests/deployment/certificate.yaml Normal file
View File

@@ -0,0 +1,111 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Rendering default without tls config
asserts:
- notContains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_TLSCERT_FILE
value: /etc/athens-proxy/tls/tls.crt
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_TLSKEY_FILE
value: /etc/athens-proxy/tls/tls.key
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: tls
mountPath: /etc/athens-proxy/tls
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.volumes
content:
name: tls
secretRef:
name: athens-proxy-unittest-tls
template: templates/deployment.yaml
- it: Rendering with tls config
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: MyIssuer
asserts:
- exists:
path: spec.template.metadata.annotations["checksum/secret-athens-proxy-unittest-tls"]
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_TLSCERT_FILE
value: /etc/athens-proxy/tls/tls.crt
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_TLSKEY_FILE
value: /etc/athens-proxy/tls/tls.key
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: tls
mountPath: /etc/athens-proxy/tls
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: tls
secret:
secretName: athens-proxy-unittest-tls
template: templates/deployment.yaml
- it: Rendering with external TLS config
set:
certificate.enabled: true
certificate.existingSecret.enabled: true
certificate.existingSecret.secretName: my-own-secret
asserts:
- exists:
path: spec.template.metadata.annotations["checksum/secret-my-own-secret"]
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_TLSCERT_FILE
value: /etc/athens-proxy/tls/tls.crt
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_TLSKEY_FILE
value: /etc/athens-proxy/tls/tls.key
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: tls
mountPath: /etc/athens-proxy/tls
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: tls
secret:
secretName: athens-proxy-unittest-tls
template: templates/deployment.yaml

7
unittests/deployment/deployment.yaml
View File

@@ -463,3 +463,10 @@ tests:
- name: data
mountPath: /usr/lib/athens-proxy/data
template: templates/deployment.yaml
- equal:
path: spec.template.spec.volumes
value:
- name: data
hostPath:
path: /usr/lib/athens-proxy/data
template: templates/deployment.yaml

74
unittests/deployment/downloadMode.yaml
View File

@@ -40,6 +40,7 @@ tests:
- it: Rendering default with mounted gitconfig configMap
set:
config.downloadMode.enabled: true
config.downloadMode.addSHASumAnnotation: true
persistence.enabled: true
asserts:
- exists:
@@ -69,16 +70,87 @@ tests:
name: athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- it: Rendering default with mounted gitconfig configMap
set:
config.downloadMode.enabled: true
config.downloadMode.addSHASumAnnotation: false
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: download-mode
mountPath: /etc/athens/config/download-mode.d
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: download-mode
configMap:
items:
- key: downloadMode
mode: 0644
path: download-mode
name: athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- it: Rendering with custom download mode configMap
set:
config.downloadMode.enabled: true
config.downloadMode.addSHASumAnnotation: true
config.downloadMode.existingConfigMap.enabled: true
config.downloadMode.existingConfigMap.configMapName: "my-custom-configmap"
config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key"
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/config-map-my-custom-configmap
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: download-mode
mountPath: /etc/athens/config/download-mode.d
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: download-mode
configMap:
items:
- key: "my-custom-download-mode-filename-key"
path: "download-mode"
mode: 0644
name: my-custom-configmap
template: templates/deployment.yaml
- it: Rendering with custom download mode configMap, but without sha sum annotation
set:
config.downloadMode.enabled: true
config.downloadMode.addSHASumAnnotation: false
config.downloadMode.existingConfigMap.enabled: true
config.downloadMode.existingConfigMap.configMapName: "my-custom-configmap"
config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
path: spec.template.metadata.annotations.checksum/config-map-my-custom-configmap
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env

37
unittests/deployment/env.yaml
View File

@@ -35,10 +35,10 @@ tests:
name: athens-proxy-unittest-env
template: templates/deployment.yaml
- it: Rendering default with mounted env secret
- it: Rendering default with mounted env secret, but without sha sum annotation
set:
config.env.enabled: true
config.env.existingSecret.enabled: true
config.env.addSHASumAnnotation: false
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
@@ -48,4 +48,37 @@ tests:
content:
secretRef:
name: athens-proxy-unittest-env
template: templates/deployment.yaml
- it: Rendering default with mounted existing env secret
set:
config.env.enabled: true
config.env.existingSecret.enabled: true
config.env.existingSecret.secretName: my-secret
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-my-secret
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: my-secret
template: templates/deployment.yaml
- it: Rendering default with mounted existing env secret, but without sha sum annotation
set:
config.env.enabled: true
config.env.addSHASumAnnotation: false
config.env.existingSecret.enabled: true
config.env.existingSecret.secretName: my-secret
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-my-secret
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: my-secret
template: templates/deployment.yaml

67
unittests/deployment/gitConfig.yaml
View File

@@ -41,6 +41,7 @@ tests:
- it: Rendering default with mounted gitconfig configMap
set:
config.gitConfig.enabled: true
config.gitConfig.addSHASumAnnotation: true
persistence.enabled: true
asserts:
- exists:
@@ -67,16 +68,80 @@ tests:
name: athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- it: Rendering default with mounted gitconfig configMap, but without sha sum annotation
set:
config.gitConfig.enabled: true
config.gitConfig.addSHASumAnnotation: false
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.gitconfig
subPath: .gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- configMap:
items:
- key: .gitconfig
path: .gitconfig
mode: 0644
name: athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- it: Rendering with custom gitconfig configMap
set:
config.gitConfig.enabled: true
config.gitConfig.addSHASumAnnotation: true
config.gitConfig.existingConfigMap.enabled: true
config.gitConfig.existingConfigMap.configMapName: "my-custom-configmap"
config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key"
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/config-map-my-custom-configmap
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.gitconfig
subPath: .gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- configMap:
items:
- key: my-gitconfig-key
path: .gitconfig
mode: 0644
name: my-custom-configmap
template: templates/deployment.yaml
- it: Rendering with custom gitconfig configMap, but without sha sum annotations
set:
config.gitConfig.enabled: true
config.gitConfig.addSHASumAnnotation: false
config.gitConfig.existingConfigMap.enabled: true
config.gitConfig.existingConfigMap.configMapName: "my-custom-configmap"
config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
path: spec.template.metadata.annotations.checksum/config-map-my-custom-configmap
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts

67
unittests/deployment/netrc.yaml
View File

@@ -40,6 +40,7 @@ tests:
- it: Rendering default with mounted netrc secret
set:
config.netrc.enabled: true
config.netrc.addSHASumAnnotation: true
persistence.enabled: true
asserts:
- exists:
@@ -66,16 +67,80 @@ tests:
name: athens-proxy-unittest-netrc
template: templates/deployment.yaml
- it: Rendering default with mounted netrc secret, but without sha sum annotation
set:
config.netrc.enabled: true
config.netrc.addSHASumAnnotation: false
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.netrc
subPath: .netrc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: .netrc
path: .netrc
mode: 0600
name: athens-proxy-unittest-netrc
template: templates/deployment.yaml
- it: Rendering with custom netrc secret
set:
config.netrc.enabled: true
config.netrc.addSHASumAnnotation: true
config.netrc.existingSecret.enabled: true
config.netrc.existingSecret.secretName: "my-custom-secret"
config.netrc.existingSecret.netrcKey: "my-netrc-key"
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-my-custom-secret
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.netrc
subPath: .netrc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: my-netrc-key
path: .netrc
mode: 0600
name: my-custom-secret
template: templates/deployment.yaml
- it: Rendering with custom netrc secret, but without sha sum annotation
set:
config.netrc.enabled: true
config.netrc.addSHASumAnnotation: false
config.netrc.existingSecret.enabled: true
config.netrc.existingSecret.secretName: "my-custom-secret"
config.netrc.existingSecret.netrcKey: "my-netrc-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netc
path: spec.template.metadata.annotations.checksum/secret-my-custom-secret
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts

17
unittests/deployment/ssh.yaml
View File

@@ -107,6 +107,7 @@ tests:
- it: Rendering default with mounted ssh keys
set:
config.ssh.enabled: true
config.ssh.addSHASumAnnotation: true
config.ssh.secret.id_ed25519: foo
config.ssh.secret.id_ed25519_pub: bar
config.ssh.secret.id_rsa: foo
@@ -180,6 +181,7 @@ tests:
- it: Rendering with custom ssh secret
set:
config.ssh.enabled: true
config.ssh.addSHASumAnnotation: true
config.ssh.existingSecret.enabled: true
config.ssh.existingSecret.secretName: "my-custom-secret"
config.ssh.existingSecret.configKey : "my-config-key"
@@ -189,8 +191,8 @@ tests:
config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
- exists:
path: spec.template.metadata.annotations.checksum/secret-my-custom-secret
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
@@ -251,4 +253,15 @@ tests:
path: id_rsa.pub
mode: 0644
name: my-custom-secret
template: templates/deployment.yaml
- it: Rendering with custom ssh secret, but without sha sum annotation
set:
config.ssh.enabled: true
config.ssh.addSHASumAnnotation: false
config.ssh.existingSecret.enabled: true
config.ssh.existingSecret.secretName: "my-custom-secret"
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-my-custom-secret
template: templates/deployment.yaml

10
unittests/secrets/ssh.yaml
View File

@@ -8,14 +8,22 @@ release:
templates:
- templates/secretSSH.yaml
tests:
- it: Skip rending by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rendering by using existing secret.
set:
config.ssh.enabled: true
config.ssh.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering ssh secret with default values.
set:
config.ssh.enabled: true
asserts:
- hasDocuments:
count: 1
@@ -51,6 +59,7 @@ tests:
- it: Rendering ssh secret with custom values.
set:
config.ssh.enabled: true
config.ssh.secret.config: |
Host *
IdentityFile ~/.ssh/id_ed25519
@@ -90,6 +99,7 @@ tests:
- it: Rendering custom annotations and labels.
set:
config.ssh.enabled: true
config.ssh.secret.annotations:
foo: bar
bar: foo

124
values.yaml
View File

@@ -5,11 +5,86 @@
nameOverride: ""
fullnameOverride: ""
## @section Certificate
certificate:
## @param certificate.enabled Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added.
## @param certificate.addSHASumAnnotation Add an pod annotation with the sha sum of the secret containing the TLS certificates.
enabled: false
addSHASumAnnotation: true
## @param certificate.existingSecret.enabled Use an existing secret of the type `kubernetes.io/tls`.
## @param certificate.existingSecret.secretName Name of the secret containing the TLS certificate and private key.
existingSecret:
enabled: false
secretName: ""
## @param certificate.new.annotations Additional certificate annotations.
## @param certificate.new.labels Additional certificate labels.
## @param certificate.new.duration Duration of the TLS certificate.
## @param certificate.new.renewBefore Renew TLS certificate before expiring.
## @param certificate.new.dnsNames Overwrites the default of the subject alternative DNS names.
## @param certificate.new.ipAddresses Overwrites the default of the subject alternative IP addresses.
## @param certificate.new.issuerRef.kind Issuer kind. Can be `Issuer` or `ClusterIssuer`.
## @param certificate.new.issuerRef.name Name of the `Issuer` or `ClusterIssuer`.
## @param certificate.new.privateKey.algorithm Algorithm of the private TLS key.
## @param certificate.new.privateKey.rotationPolicy Rotation of the private TLS key.
## @param certificate.new.privateKey.size Size of the private TLS key.
## @param certificate.new.secretTemplate.annotations Additional annotation of the created secret.
## @param certificate.new.secretTemplate.labels Additional labels of the created secret.
## @param certificate.new.subject.countries List of countries.
## @param certificate.new.subject.localities List of localities.
## @param certificate.new.subject.organizationalUnits List of organizationalUnits.
## @param certificate.new.subject.organizations List of organizations.
## @param certificate.new.subject.postalCodes List of postalCodes.
## @param certificate.new.subject.provinces List of provinces.
## @param certificate.new.subject.serialNumber Serial number.
## @param certificate.new.subject.streetAddresses List of streetAddresses.
## @param certificate.new.usages Define the usage of the TLS key.
new:
annotations: {}
labels: {}
duration: "744h" # 31 days
renewBefore: "672h" # 28 days
dnsNames: []
# The following DNS names are already part of the SAN's and serves only as example.
# - "athens-proxy"
# - "athens-proxy.svc"
# - "athens-proxy.svc.namespace"
# - "athens-proxy.svc.namespace.cluster.local"
ipAddresses: []
# The following IP addresses serves only as example.
# - "10.92.1.10"
# - "2001:0db8:85a3:08d3:1319:8a2e:0370:7344"
issuerRef:
kind: ""
name: ""
privateKey:
algorithm: "RSA"
rotationPolicy: "Never"
size: 4096
secretTemplate:
annotations: {}
labels: {}
subject:
countries: []
localities: []
organizationalUnits: []
organizations: []
postalCodes: []
provinces: []
serialNumber: ""
streetAddresses: []
usages:
- "client auth"
- "server auth"
## @section Configuration
config:
env:
## @param config.env.enabled Enable mounting of the secret as environment variables.
## @param config.env.addSHASumAnnotation Add an pod annotation with the sha sum of the config map containing the configuration.
enabled: false
addSHASumAnnotation: true
## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables.
## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables.
@@ -78,8 +153,6 @@ config:
# ATHENS_STORAGE_GCP_JSON_KEY:
# ATHENS_SUM_DBS:
# ATHENS_TIMEOUT:
# ATHENS_TLSCERT_FILE:
# ATHENS_TLSKEY_FILE:
# ATHENS_TRACE_EXPORTER_URL:
# ATHENS_TRACE_EXPORTER:
# AWS_ACCESS_KEY_ID:
@@ -99,7 +172,9 @@ config:
downloadMode:
## @param config.downloadMode.enabled Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined.
## @param config.downloadMode.addSHASumAnnotation Add an pod annotation with the sha sum of the config map containing the downloadMode config.
enabled: false
addSHASumAnnotation: true
## @param config.downloadMode.existingConfigMap.enabled Enable to use an external config map for mounting the download mode file.
## @param config.downloadMode.existingConfigMap.configMapName The name of the existing config map which should be used to mount the download mode file.
@@ -111,7 +186,7 @@ config:
## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file.
## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file.
## @param config.downloadMode.configMap.content The content of the download mode file.
## @skip config.downloadMode.configMap.content The content of the download mode file.
configMap:
annotations: {}
labels: {}
@@ -135,7 +210,9 @@ config:
gitConfig:
## @param config.gitConfig.enabled Enable mounting of a .gitconfig file into the container file system.
## @param config.gitConfig.addSHASumAnnotation Add an pod annotation with the sha sum of the config map containing the git config.
enabled: false
addSHASumAnnotation: true
## @param config.gitConfig.existingConfigMap.enabled Enable to use an external config map for mounting the .gitconfig file.
## @param config.gitConfig.existingConfigMap.configMapName The name of the existing config map which should be used to mount the .gitconfig file.
@@ -147,7 +224,7 @@ config:
## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the .gitconfig file.
## @param config.gitConfig.configMap.labels Additional labels of the config map containing the .gitconfig file.
## @param config.gitConfig.configMap.content The content of the .gitconfig file.
## @skip config.gitConfig.configMap.content The content of the .gitconfig file.
configMap:
annotations: {}
labels: {}
@@ -161,7 +238,9 @@ config:
netrc:
## @param config.netrc.enabled Enable mounting of a .netrc file into the container file system.
## @param config.netrc.addSHASumAnnotation Add an pod annotation with the sha sum of the secret containing the netrc file.
enabled: false
addSHASumAnnotation: true
## @param config.netrc.existingSecret.enabled Enable to use an external secret for mounting the .netrc file.
## @param config.netrc.existingSecret.secretName The name of the existing secret which should be used to mount the .netrc file.
@@ -173,7 +252,7 @@ config:
## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials.
## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials.
## @param config.netrc.secret.content The content of the .netrc file.
## @skip config.netrc.secret.content The content of the .netrc file.
secret:
annotations: {}
labels: {}
@@ -193,7 +272,9 @@ config:
ssh:
## @param config.ssh.enabled Enable mounting of a .netrc file into the container file system.
## @param config.ssh.addSHASumAnnotation Add an pod annotation with the sha sum of the secret containing the ssh keys.
enabled: false
addSHASumAnnotation: true
## @param config.ssh.existingSecret.enabled Enable to use an external secret for mounting the public and private SSH key files.
## @param config.ssh.existingSecret.secretName The name of the existing secret which should be used to mount the public and private SSH key files.
@@ -213,7 +294,7 @@ config:
## @param config.ssh.secret.annotations Additional annotations of the secret containing the public and private SSH key files.
## @param config.ssh.secret.labels Additional labels of the secret containing the public and private SSH key files.
## @param config.ssh.secret.config The content of the SSH client config file.
## @skip config.ssh.secret.config The content of the SSH client config file.
## @skip config.ssh.secret.id_ed25519 The content of the private SSH ed25519 key.
## @skip config.ssh.secret.id_ed25519_pub The content of the public SSH ed25519 key.
## @skip config.ssh.secret.id_rsa The content of the private SSH RSA key.
@@ -404,9 +485,9 @@ deployment:
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/instance: prometheus-athens-proxy
# app.kubernetes.io/instance: athens-proxy
## @param deployment.volumes Additional volumes to mount into the pods of the prometheus-exporter deployment.
## @param deployment.volumes Additional volumes to mount into the pods of the athens-proxy deployment.
volumes: []
# - name: my-configmap-volume
# config:
@@ -481,8 +562,8 @@ persistence:
## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`.
mountPath: "/var/www/athens-proxy/data"
## @param persistence.data.existingPersistentVolumeClaim.enabled TODO
## @param persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName TODO
## @param persistence.data.existingPersistentVolumeClaim.enabled Use an existing persistent volume claim.
## @param persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName The name of the existing persistent volume claim.
existingPersistentVolumeClaim:
enabled: false
persistentVolumeClaimName: ""
@@ -490,16 +571,20 @@ persistence:
## @param persistence.data.persistentVolumeClaim.annotations Additional persistent volume claim annotations.
## @param persistence.data.persistentVolumeClaim.labels Additional persistent volume claim labels.
## @param persistence.data.persistentVolumeClaim.accessModes Access modes of the persistent volume claim.
## @param persistence.data.persistentVolumeClaim.storageClass Storage class of the persistent volume claim.
## @param persistence.data.persistentVolumeClaim.storageClassName Storage class of the persistent volume claim.
## @param persistence.data.persistentVolumeClaim.storageSize Size of the persistent volume claim.
persistentVolumeClaim:
annotations: {}
labels: {}
accessModes:
- ReadWriteMany
storageClass: ""
storageClassName: ""
storageSize: "5Gi"
## @section Network
## @param clusterDomain Domain of the Cluster. Domain is part of internally issued certificates.
clusterDomain: "cluster.local"
## @section Network Policy
networkPolicy:
## @param networkPolicy.enabled Enable network policies in general.
@@ -517,13 +602,16 @@ networkPolicy:
# - Egress
# - Ingress
egress: []
# Allow outgoing traffic to database host
# Allow outgoing SSH traffic to Source Code Control System's (SCCS') like GitHub or GitLab.
#
# - to:
# - ipBlock:
# cidr: 192.168.179.1/32
# ports:
# - port: 5432
# - ports:
# - port: 22
# protocol: TCP
# Allow outgoing HTTPS traffic to external go module servers
#
# - ports:
# - port: 443
# protocol: TCP
# Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.