6 Commits

Author SHA1 Message Date
81f14405fd Merge pull request 'chore(deps): update dependency volker.raschek/athens-proxy-charts to v1' (#102) from renovate/volker.raschek-athens-proxy-charts-1.x into master
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 7s
Markdown linter / markdown-lint (push) Successful in 8s
Markdown linter / markdown-link-checker (push) Successful in 31s
2025-10-15 22:02:04 +00:00
7b37bfc373 chore(deps): update dependency volker.raschek/athens-proxy-charts to v1
All checks were successful
Markdown linter / markdown-lint (pull_request) Successful in 9s
Markdown linter / markdown-link-checker (pull_request) Successful in 32s
Generate README / generate-parameters (push) Successful in 12s
Helm / helm-lint (push) Successful in 13s
Helm / helm-unittest (push) Successful in 6s
Markdown linter / markdown-lint (push) Successful in 10s
Generate README / generate-parameters (pull_request) Successful in 9s
Helm / helm-lint (pull_request) Successful in 6s
Markdown linter / markdown-link-checker (push) Successful in 34s
Helm / helm-unittest (pull_request) Successful in 6s
2025-10-15 22:01:05 +00:00
bba0df90ff docs(README): add missing backslash
All checks were successful
Generate README / generate-parameters (push) Successful in 28s
Helm / helm-unittest (push) Successful in 7s
Helm / helm-lint (push) Successful in 15s
Markdown linter / markdown-link-checker (push) Successful in 12s
Markdown linter / markdown-lint (push) Successful in 28s
2025-10-15 21:33:57 +02:00
cb312817c3 docs(README): TLS encryption
Some checks failed
Helm / helm-lint (push) Successful in 17s
Generate README / generate-parameters (push) Successful in 20s
Helm / helm-unittest (push) Has been cancelled
Markdown linter / markdown-lint (push) Has been cancelled
Markdown linter / markdown-link-checker (push) Has been cancelled
2025-10-15 21:33:31 +02:00
fe428d83d2 Merge pull request 'chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.1.1' (#101) from renovate/volker.raschek-athens-proxy-charts-1.x into master
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Helm / helm-lint (push) Successful in 6s
Markdown linter / markdown-link-checker (push) Successful in 11s
Helm / helm-unittest (push) Successful in 17s
Markdown linter / markdown-lint (push) Successful in 11s
2025-10-14 22:05:07 +00:00
4c94529eab chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.1.1
All checks were successful
Generate README / generate-parameters (push) Successful in 29s
Helm / helm-unittest (push) Successful in 15s
Helm / helm-lint (push) Successful in 15s
Generate README / generate-parameters (pull_request) Successful in 29s
Markdown linter / markdown-link-checker (push) Successful in 33s
Markdown linter / markdown-lint (push) Successful in 27s
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 15s
Markdown linter / markdown-lint (pull_request) Successful in 23s
Markdown linter / markdown-link-checker (pull_request) Successful in 42s
2025-10-14 22:01:47 +00:00

View File

@@ -40,7 +40,7 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi
versions can break something! versions can break something!
```bash ```bash
CHART_VERSION=1.0.3 CHART_VERSION=1.1.1
helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml
``` ```
@@ -54,7 +54,7 @@ The helm chart also contains a persistent volume claim definition. It persistent
Use the `--set` argument to persist your data. Use the `--set` argument to persist your data.
```bash ```bash
CHART_VERSION=1.0.3 CHART_VERSION=1.1.1
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
persistence.enabled=true persistence.enabled=true
``` ```
@@ -84,13 +84,64 @@ Further information about this topic can be found in one of Kanishk's blog
> Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully. > Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
```bash ```bash
CHART_VERSION=1.0.3 CHART_VERSION=1.1.1
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
--set 'deployment.athensProxy.env.name=GOMAXPROCS' \ --set 'deployment.athensProxy.env.name=GOMAXPROCS' \
--set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \ --set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
--set 'deployment.athensProxy.resources.limits.cpu=1000m' --set 'deployment.athensProxy.resources.limits.cpu=1000m'
``` ```
#### TLS encryption
The example shows how to deploy the application with TLS encryption. For example when **no** HTTP ingress is used for
TLS determination and instead the application it self should determinate the TLS handshake. To generate the TLS
certificate can be used the [cert-manager](https://cert-manager.io/). The chart supports the creation of such a TLS
certificate via `cert-manager.io/v1 Certificate` resource. Alternatively can be mounted a TLS certificate from a secret.
The secret must be from type `kubernetes.io/tls`.
> [!WARNING]
> The following example expects that the [cert-manager](https://cert-manager.io/) is deployed and the `Issuer` named
> `athens-proxy-ca` is present in the same namespace of the helm deployment.
```bash
CHART_VERSION=1.1.1
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
--set 'config.certificate.enabled=true' \
--set 'config.certificate.new.issuerRef.kind=Issuer' \
--set 'config.certificate.new.issuerRef.name=athens-proxy-ca'
```
The environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` are automatically added and the TLS certificate
and private key are mounted to a pre-defined destination inside the container file system.
#### TLS certificate rotation
If the application uses TLS certificates that are mounted as a secret in the container file system like the example
[above](#tls-encryption), the application will not automatically apply them when the TLS certificates are rotated. Such
a rotation can be for example triggered, when the [cert-manager](https://cert-manager.io/) issues new TLS certificates
before expiring.
Until the exporter does not support rotating TLS certificate a workaround can be applied. For example stakater's
[reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update. The following
annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted configMaps
and secrets have been changed.
```yaml
deployment:
annotations:
reloader.stakater.com/auto: "true"
```
Instead of triggering a rolling update for configMap and secret resources, this action can also be defined for
individual items. For example, when the secret named `athens-proxy-tls` is mounted and the reloader controller should
only listen for changes of this secret:
```yaml
deployment:
annotations:
secret.reloader.stakater.com/reload: "athens-proxy-tls"
```
#### Network policies #### Network policies
Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom