You've already forked athens-proxy-charts
							
							Compare commits
	
		
			13 Commits
		
	
	
		
			1.1.1
			...
			d7222794ca
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| d7222794ca | |||
| 4974d63a8c | |||
| 1bbd0352c3 | |||
| ccdf377aaa | |||
| 64790fc316 | |||
| 2c88d6698b | |||
| 9abdb1ca3a | |||
| 81f14405fd | |||
| 7b37bfc373 | |||
| bba0df90ff | |||
| cb312817c3 | |||
| fe428d83d2 | |||
| 4c94529eab | 
| @@ -15,7 +15,7 @@ on: | |||||||
| jobs: | jobs: | ||||||
|   generate-parameters: |   generate-parameters: | ||||||
|     container: |     container: | ||||||
|       image: docker.io/library/node:24.10.0-alpine |       image: docker.io/library/node:25.0.0-alpine | ||||||
|     runs-on: |     runs-on: | ||||||
|     - ubuntu-latest |     - ubuntu-latest | ||||||
|     steps: |     steps: | ||||||
|   | |||||||
| @@ -15,7 +15,7 @@ on: | |||||||
| jobs: | jobs: | ||||||
|   markdown-link-checker: |   markdown-link-checker: | ||||||
|     container: |     container: | ||||||
|       image: docker.io/library/node:24.10.0-alpine |       image: docker.io/library/node:25.0.0-alpine | ||||||
|     runs-on: |     runs-on: | ||||||
|     - ubuntu-latest |     - ubuntu-latest | ||||||
|     steps: |     steps: | ||||||
| @@ -31,7 +31,7 @@ jobs: | |||||||
|  |  | ||||||
|   markdown-lint: |   markdown-lint: | ||||||
|     container: |     container: | ||||||
|       image: docker.io/library/node:24.10.0-alpine |       image: docker.io/library/node:25.0.0-alpine | ||||||
|     runs-on: |     runs-on: | ||||||
|     - ubuntu-latest |     - ubuntu-latest | ||||||
|     steps: |     steps: | ||||||
|   | |||||||
							
								
								
									
										8
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | |||||||
|  | { | ||||||
|  |   "yaml.schemas": { | ||||||
|  |     "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [ | ||||||
|  |       "/unittests/**/*.yaml" | ||||||
|  |     ] | ||||||
|  |   }, | ||||||
|  |   "yaml.schemaStore.enable": true | ||||||
|  | } | ||||||
							
								
								
									
										2
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										2
									
								
								Makefile
									
									
									
									
									
								
							| @@ -10,7 +10,7 @@ HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}: | |||||||
| # NODE_IMAGE | # NODE_IMAGE | ||||||
| NODE_IMAGE_REGISTRY_HOST?=docker.io | NODE_IMAGE_REGISTRY_HOST?=docker.io | ||||||
| NODE_IMAGE_REPOSITORY?=library/node | NODE_IMAGE_REPOSITORY?=library/node | ||||||
| NODE_IMAGE_VERSION?=24.10.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node | NODE_IMAGE_VERSION?=25.0.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node | ||||||
| NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION} | NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION} | ||||||
|  |  | ||||||
| # MISSING DOT | # MISSING DOT | ||||||
|   | |||||||
							
								
								
									
										100
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										100
									
								
								README.md
									
									
									
									
									
								
							| @@ -40,7 +40,7 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi | |||||||
| versions can break something! | versions can break something! | ||||||
|  |  | ||||||
| ```bash | ```bash | ||||||
| CHART_VERSION=1.0.3 | CHART_VERSION=1.1.1 | ||||||
| helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml | helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| @@ -54,7 +54,7 @@ The helm chart also contains a persistent volume claim definition. It persistent | |||||||
| Use the `--set` argument to persist your data. | Use the `--set` argument to persist your data. | ||||||
|  |  | ||||||
| ```bash | ```bash | ||||||
| CHART_VERSION=1.0.3 | CHART_VERSION=1.1.1 | ||||||
| helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||||
|   persistence.enabled=true |   persistence.enabled=true | ||||||
| ``` | ``` | ||||||
| @@ -84,13 +84,64 @@ Further information about this topic can be found in one of Kanishk's blog | |||||||
| > Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully. | > Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully. | ||||||
|  |  | ||||||
| ```bash | ```bash | ||||||
| CHART_VERSION=1.0.3 | CHART_VERSION=1.1.1 | ||||||
| helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||||
|   --set 'deployment.athensProxy.env.name=GOMAXPROCS' \ |   --set 'deployment.athensProxy.env.name=GOMAXPROCS' \ | ||||||
|   --set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \ |   --set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \ | ||||||
|   --set 'deployment.athensProxy.resources.limits.cpu=1000m' |   --set 'deployment.athensProxy.resources.limits.cpu=1000m' | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | #### TLS encryption | ||||||
|  |  | ||||||
|  | The example shows how to deploy the application with TLS encryption. For example when **no** HTTP ingress is used for | ||||||
|  | TLS determination and instead the application it self should determinate the TLS handshake. To generate the TLS | ||||||
|  | certificate can be used the [cert-manager](https://cert-manager.io/). The chart supports the creation of such a TLS | ||||||
|  | certificate via `cert-manager.io/v1 Certificate` resource. Alternatively can be mounted a TLS certificate from a secret. | ||||||
|  | The secret must be from type `kubernetes.io/tls`. | ||||||
|  |  | ||||||
|  | > [!WARNING] | ||||||
|  | > The following example expects that the [cert-manager](https://cert-manager.io/) is deployed and the `Issuer` named | ||||||
|  | > `athens-proxy-ca` is present in the same namespace of the helm deployment. | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | CHART_VERSION=1.1.1 | ||||||
|  | helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||||
|  |   --set 'config.certificate.enabled=true' \ | ||||||
|  |   --set 'config.certificate.new.issuerRef.kind=Issuer' \ | ||||||
|  |   --set 'config.certificate.new.issuerRef.name=athens-proxy-ca' | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | The environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` are automatically added and the TLS certificate | ||||||
|  | and private key are mounted to a pre-defined destination inside the container file system. | ||||||
|  |  | ||||||
|  | #### TLS certificate rotation | ||||||
|  |  | ||||||
|  | If the application uses TLS certificates that are mounted as a secret in the container file system like the example | ||||||
|  | [above](#tls-encryption), the application will not automatically apply them when the TLS certificates are rotated. Such | ||||||
|  | a rotation can be for example triggered, when the [cert-manager](https://cert-manager.io/) issues new TLS certificates | ||||||
|  | before expiring. | ||||||
|  |  | ||||||
|  | Until the exporter does not support rotating TLS certificate a workaround can be applied. For example stakater's | ||||||
|  | [reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update. The following | ||||||
|  | annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted configMaps | ||||||
|  | and secrets have been changed. | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | deployment: | ||||||
|  |   annotations: | ||||||
|  |     reloader.stakater.com/auto: "true" | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | Instead of triggering a rolling update for configMap and secret resources, this action can also be defined for | ||||||
|  | individual items. For example, when the secret named `athens-proxy-tls` is mounted and the reloader controller should | ||||||
|  | only listen for changes of this secret: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | deployment: | ||||||
|  |   annotations: | ||||||
|  |     secret.reloader.stakater.com/reload: "athens-proxy-tls" | ||||||
|  | ``` | ||||||
|  |  | ||||||
| #### Network policies | #### Network policies | ||||||
|  |  | ||||||
| Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom | Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom | ||||||
| @@ -149,7 +200,8 @@ networkPolicies: | |||||||
|  |  | ||||||
| The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in | The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in | ||||||
| connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll | connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll | ||||||
| Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments). | Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments). Please ensure, that no | ||||||
|  | third party application modifies the config maps or secret afterwards. | ||||||
|  |  | ||||||
| The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the | The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the | ||||||
| content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version, | content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version, | ||||||
| @@ -158,20 +210,50 @@ Helm render order, different timestamps). | |||||||
| This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this | This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this | ||||||
| can lead to unnecessary notifications from ArgoCD. | can lead to unnecessary notifications from ArgoCD. | ||||||
|  |  | ||||||
| To avoid this, the annotation with the shasum must be ignored. Below is a diff that adds the `Application` to ignore all | To avoid this, the annotation with the shasum can be ignored. However, this negates the mechanism of [Automatically Roll | ||||||
| annotations with the prefix `checksum`. | Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments). | ||||||
|  |  | ||||||
|  | Below is a diff that adds the `Application` to ignore all annotations with the prefix `checksum`. | ||||||
|  |  | ||||||
|  | > [!WARNING] | ||||||
|  | > Configurations of `ignoreDifferences` always refer to the determination of a drift and whether a possible sync is | ||||||
|  | > necessary. If the selected attributes should also be ignored in deployment afterwards, define | ||||||
|  | > `RespectIgnoreDifferences=true` in your `Application` resource. Further information can be found in the ArgoCD | ||||||
|  | > [documentation](https://argo-cd.readthedocs.io/en/latest/user-guide/sync-options/#respect-ignore-differences-configs). | ||||||
|  |  | ||||||
| ```diff | ```diff | ||||||
|   apiVersion: argoproj.io/v1alpha1 |   apiVersion: argoproj.io/v1alpha1 | ||||||
|   kind: Application |   kind: Application | ||||||
|   spec: |   spec: | ||||||
| +   ignoreDifferences: | +   ignoreDifferences: | ||||||
| +   - group: apps/v1 | +   - group: apps | ||||||
| +     kind: Deployment | +     kind: Deployment | ||||||
| +     jqPathExpressions: | +     jqPathExpressions: | ||||||
| +     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))' | +     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))' | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | The definition of ignoreDifferences ensures that annotations with the prefix checksum are ignored during a diff. | ||||||
|  |  | ||||||
|  | > [!TIP] | ||||||
|  | > If the [reloader](https://github.com/stakater/Reloader) is configured as described in section [TLS certificate | ||||||
|  | > rotation](#tls-certificate-rotation), ensure that the shasum defined as annotation or environment variable is also | ||||||
|  | > ignored. The [reloader](https://github.com/stakater/Reloader) will modify the deployment based on his configuration | ||||||
|  | > and append additional annotations or environment variables containing the shasum. Below are some examples how to adapt | ||||||
|  | > the `ignoreDifferences` configuration to ignore only the annotations and environment variables of stakater's | ||||||
|  | > [reloader](https://github.com/stakater/Reloader). | ||||||
|  |  | ||||||
|  | ```diff | ||||||
|  |   apiVersion: argoproj.io/v1alpha1 | ||||||
|  |   kind: Application | ||||||
|  |   spec: | ||||||
|  |     ignoreDifferences: | ||||||
|  |     - group: apps | ||||||
|  |       kind: Deployment | ||||||
|  |       jqPathExpressions: | ||||||
|  | +     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("reloader")))' | ||||||
|  | +     - '.spec.template.spec.containers[].env[] | select(.name | startswith("STAKATER_"))' | ||||||
|  | ``` | ||||||
|  |  | ||||||
| ## Parameters | ## Parameters | ||||||
|  |  | ||||||
| ### Global | ### Global | ||||||
| @@ -317,8 +399,8 @@ annotations with the prefix `checksum`. | |||||||
| | -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | | | -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | | ||||||
| | `persistence.enabled`                                                      | Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. | `false`                      | | | `persistence.enabled`                                                      | Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. | `false`                      | | ||||||
| | `persistence.data.mountPath`                                               | The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`.                                                                                 | `/var/www/athens-proxy/data` | | | `persistence.data.mountPath`                                               | The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`.                                                                                 | `/var/www/athens-proxy/data` | | ||||||
| | `persistence.data.existingPersistentVolumeClaim.enabled`                   | TODO                                                                                                                                                                                                                    | `false`                      | | | `persistence.data.existingPersistentVolumeClaim.enabled`                   | Use an existing persistent volume claim.                                                                                                                                                                                | `false`                      | | ||||||
| | `persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName` | TODO                                                                                                                                                                                                                    | `""`                         | | | `persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName` | The name of the existing persistent volume claim.                                                                                                                                                                       | `""`                         | | ||||||
| | `persistence.data.persistentVolumeClaim.annotations`                       | Additional persistent volume claim annotations.                                                                                                                                                                         | `{}`                         | | | `persistence.data.persistentVolumeClaim.annotations`                       | Additional persistent volume claim annotations.                                                                                                                                                                         | `{}`                         | | ||||||
| | `persistence.data.persistentVolumeClaim.labels`                            | Additional persistent volume claim labels.                                                                                                                                                                              | `{}`                         | | | `persistence.data.persistentVolumeClaim.labels`                            | Additional persistent volume claim labels.                                                                                                                                                                              | `{}`                         | | ||||||
| | `persistence.data.persistentVolumeClaim.accessModes`                       | Access modes of the persistent volume claim.                                                                                                                                                                            | `["ReadWriteMany"]`          | | | `persistence.data.persistentVolumeClaim.accessModes`                       | Access modes of the persistent volume claim.                                                                                                                                                                            | `["ReadWriteMany"]`          | | ||||||
|   | |||||||
| @@ -31,6 +31,16 @@ | |||||||
|       "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts", |       "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts", | ||||||
|       "datasourceTemplate": "git-tags", |       "datasourceTemplate": "git-tags", | ||||||
|       "versioningTemplate": "semver" |       "versioningTemplate": "semver" | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       "customType": "regex", | ||||||
|  |       "datasourceTemplate": "github-releases", | ||||||
|  |       "fileMatch": [ | ||||||
|  |         ".vscode/settings\\.json$" | ||||||
|  |       ], | ||||||
|  |       "matchStrings": [ | ||||||
|  |         "https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json" | ||||||
|  |       ] | ||||||
|     } |     } | ||||||
|   ], |   ], | ||||||
|   "packageRules": [ |   "packageRules": [ | ||||||
| @@ -41,6 +51,20 @@ | |||||||
|         "volkerraschek/helm" |         "volkerraschek/helm" | ||||||
|       ] |       ] | ||||||
|     }, |     }, | ||||||
|  |     { | ||||||
|  |       "automerge": true, | ||||||
|  |       "groupName": "Update helm plugin 'unittest'", | ||||||
|  |       "matchDepNames": [ | ||||||
|  |         "helm-unittest/helm-unittest" | ||||||
|  |       ], | ||||||
|  |       "matchDatasources": [ | ||||||
|  |         "github-releases" | ||||||
|  |       ], | ||||||
|  |       "matchUpdateTypes": [ | ||||||
|  |         "minor", | ||||||
|  |         "patch" | ||||||
|  |       ] | ||||||
|  |     }, | ||||||
|     { |     { | ||||||
|       "groupName": "Update docker.io/library/node", |       "groupName": "Update docker.io/library/node", | ||||||
|       "matchDepNames": [ |       "matchDepNames": [ | ||||||
|   | |||||||
| @@ -550,8 +550,8 @@ persistence: | |||||||
|     ## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`. |     ## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`. | ||||||
|     mountPath: "/var/www/athens-proxy/data" |     mountPath: "/var/www/athens-proxy/data" | ||||||
|  |  | ||||||
|     ## @param persistence.data.existingPersistentVolumeClaim.enabled TODO |     ## @param persistence.data.existingPersistentVolumeClaim.enabled Use an existing persistent volume claim. | ||||||
|     ## @param persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName TODO |     ## @param persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName The name of the existing persistent volume claim. | ||||||
|     existingPersistentVolumeClaim: |     existingPersistentVolumeClaim: | ||||||
|       enabled: false |       enabled: false | ||||||
|       persistentVolumeClaimName: "" |       persistentVolumeClaimName: "" | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user