volker.raschek/athens-proxy-charts
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: volker.raschek/athens-proxy-charts:1.4.1
Branches Tags
volker.raschek/athens-proxy-charts:master
volker.raschek/athens-proxy-charts:2.0.1 volker.raschek/athens-proxy-charts:2.0.0 volker.raschek/athens-proxy-charts:2.0.0-rc.3 volker.raschek/athens-proxy-charts:2.0.0-rc-2 volker.raschek/athens-proxy-charts:2.0.0-rc-1 volker.raschek/athens-proxy-charts:2.0.0-rc-0 volker.raschek/athens-proxy-charts:1.4.1 volker.raschek/athens-proxy-charts:1.4.0 volker.raschek/athens-proxy-charts:1.3.0 volker.raschek/athens-proxy-charts:1.2.1 volker.raschek/athens-proxy-charts:1.2.0 volker.raschek/athens-proxy-charts:1.1.1 volker.raschek/athens-proxy-charts:1.1.0 volker.raschek/athens-proxy-charts:1.0.3 volker.raschek/athens-proxy-charts:1.0.2 volker.raschek/athens-proxy-charts:1.0.1 volker.raschek/athens-proxy-charts:1.0.0 volker.raschek/athens-proxy-charts:0.2.1 volker.raschek/athens-proxy-charts:0.2.0 volker.raschek/athens-proxy-charts:0.1.5 volker.raschek/athens-proxy-charts:0.1.4 volker.raschek/athens-proxy-charts:0.1.3 volker.raschek/athens-proxy-charts:0.1.2 volker.raschek/athens-proxy-charts:0.1.1 volker.raschek/athens-proxy-charts:0.1.0
...
compare: volker.raschek/athens-proxy-charts:2.0.1
Branches Tags
volker.raschek/athens-proxy-charts:master
volker.raschek/athens-proxy-charts:2.0.1 volker.raschek/athens-proxy-charts:2.0.0 volker.raschek/athens-proxy-charts:2.0.0-rc.3 volker.raschek/athens-proxy-charts:2.0.0-rc-2 volker.raschek/athens-proxy-charts:2.0.0-rc-1 volker.raschek/athens-proxy-charts:2.0.0-rc-0 volker.raschek/athens-proxy-charts:1.4.1 volker.raschek/athens-proxy-charts:1.4.0 volker.raschek/athens-proxy-charts:1.3.0 volker.raschek/athens-proxy-charts:1.2.1 volker.raschek/athens-proxy-charts:1.2.0 volker.raschek/athens-proxy-charts:1.1.1 volker.raschek/athens-proxy-charts:1.1.0 volker.raschek/athens-proxy-charts:1.0.3 volker.raschek/athens-proxy-charts:1.0.2 volker.raschek/athens-proxy-charts:1.0.1 volker.raschek/athens-proxy-charts:1.0.0 volker.raschek/athens-proxy-charts:0.2.1 volker.raschek/athens-proxy-charts:0.2.0 volker.raschek/athens-proxy-charts:0.1.5 volker.raschek/athens-proxy-charts:0.1.4 volker.raschek/athens-proxy-charts:0.1.3 volker.raschek/athens-proxy-charts:0.1.2 volker.raschek/athens-proxy-charts:0.1.1 volker.raschek/athens-proxy-charts:0.1.0

43 Commits
1.4.1 ... 2.0.1

Author SHA1 Message Date
volker.raschek d3e7543814 fix(httpRoute): avoid Argo CD drift
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 15s
Details
Release / publish-chart (push) Successful in 2m18s
Details 
The following patch avoids a drift in Argo CD. Argo CD detects the missing
`group` of the backendRef.
 2026-06-01 22:45:23 +02:00
volker.raschek eb907f6b8a fix(ci): respect rc pattern
Helm / helm-lint (push) Successful in 12s
Details
Helm / helm-unittest (push) Successful in 14s
Details
Release / publish-chart (push) Successful in 1m51s
Details
2026-06-01 22:35:55 +02:00
volker.raschek 2237090669 fix(scripts): adapt regexp for release candidates
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 15s
Details
Release / publish-chart (push) Successful in 2m30s
Details
2026-06-01 22:12:37 +02:00
volker.raschek daeedce720 fix(scripts): adapt rc pattern
Helm / helm-lint (push) Successful in 12s
Details
Helm / helm-unittest (push) Successful in 28s
Details
Release / publish-chart (push) Successful in 1m43s
Details
2026-06-01 21:37:00 +02:00
CSRBot 281915b7f3 chore(deps): update docker/login-action action to v4.2.0
Helm / helm-lint (push) Successful in 10s
Details
Helm / helm-unittest (push) Successful in 32s
Details
2026-05-31 19:26:37 +00:00
CSRBot e871a9cc2a chore(deps): update dependency helm/helm to v4.2.0
Helm / helm-lint (pull_request) Successful in 11s
Details
Helm / helm-unittest (pull_request) Successful in 18s
Details
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2026-05-31 19:26:12 +00:00
CSRBot 570d4761d0 chore(deps): update docker.io/library/node docker tag to v26
Helm / helm-lint (push) Successful in 11s
Details
Helm / helm-unittest (push) Successful in 19s
Details
2026-05-31 19:25:38 +00:00
CSRBot e668b001fc chore(deps): update dependency helm-unittest/helm-unittest to v1.1.0
Helm / helm-lint (pull_request) Successful in 5s
Details
Helm / helm-unittest (pull_request) Successful in 19s
Details
Helm / helm-lint (push) Successful in 12s
Details
Helm / helm-unittest (push) Successful in 17s
Details
2026-05-31 19:21:51 +00:00
volker.raschek 24f372b390 fix(renovate): remove helm-unittest plugin
Helm / helm-lint (push) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 18s
Details
Release / publish-chart (push) Successful in 2m11s
Details
2026-05-31 21:20:48 +02:00
volker.raschek dbe754df4e fix: avoid mixing singular and plural naming conventions
Helm / helm-lint (push) Successful in 12s
Details
Helm / helm-unittest (push) Successful in 28s
Details
Release / publish-chart (push) Successful in 2m21s
Details
2026-05-31 21:01:15 +02:00
volker.raschek 91a57cea52 fix(ci): add workflow to upload artifacthub metadata
Helm / helm-lint (push) Successful in 12s
Details
Helm / helm-unittest (push) Successful in 18s
Details
2026-05-31 20:35:42 +02:00
CSRBot 0594cea675 Merge pull request 'chore(deps): update docker/login-action action to v4.2.0' (#145) from renovate/actions into master
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (push) Successful in 28s
Details
2026-05-31 18:05:32 +00:00
CSRBot 0c323bc2a3 chore(deps): update docker/login-action action to v4.2.0
Helm / helm-lint (push) Successful in 12s
Details
Helm / helm-unittest (push) Successful in 17s
Details
Helm / helm-lint (pull_request) Successful in 12s
Details
Helm / helm-unittest (pull_request) Successful in 22s
Details
2026-05-31 18:02:54 +00:00
volker.raschek b7eec51d27 fix(scripts): support pre-releases
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 18s
Details
Release / publish-chart (push) Successful in 2m8s
Details
2026-05-31 19:15:22 +02:00
volker.raschek 3427a9a962 fix: add annotations for ArtifactHub
Helm / helm-lint (push) Successful in 11s
Details
Helm / helm-unittest (push) Successful in 31s
Details
2026-05-31 18:59:39 +02:00
volker.raschek d27029e01f docs(README): adapt parameter description
Helm / helm-lint (push) Successful in 11s
Details
Generate README / generate-parameters (push) Successful in 29s
Details
Helm / helm-unittest (push) Successful in 35s
Details
Markdown linter / markdown-link-checker (push) Successful in 31s
Details
Markdown linter / markdown-lint (push) Successful in 35s
Details
2026-05-31 18:57:08 +02:00
volker.raschek 63d4db362a fix(ci): sign helm chart
Helm / helm-lint (push) Successful in 11s
Details
Helm / helm-unittest (push) Successful in 21s
Details
2026-05-31 18:56:03 +02:00
volker.raschek f760568ac5 fix(service)!: migrate services.http to service
Generate README / generate-parameters (push) Failing after 39s
Details
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (push) Successful in 28s
Details
Markdown linter / markdown-link-checker (push) Successful in 45s
Details
Markdown linter / markdown-lint (push) Successful in 33s
Details
2026-05-31 18:44:25 +02:00
volker.raschek e1f5a16542 feat: support gatewayAPI 2026-05-31 18:44:25 +02:00
CSRBot e102d1e251 Merge pull request 'chore(deps): update gomods/athens docker tag to v0.17.1' (#140) from renovate/container-images into master
Helm / helm-lint (push) Successful in 7s
Details
Helm / helm-unittest (push) Successful in 25s
Details
2026-05-13 21:03:50 +00:00
CSRBot 1cdb93f84a chore(deps): update gomods/athens docker tag to v0.17.1
Helm / helm-lint (push) Successful in 7s
Details
Helm / helm-lint (pull_request) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 29s
Details
Helm / helm-unittest (pull_request) Successful in 18s
Details
2026-05-13 21:03:07 +00:00
CSRBot 1fb737bb29 Merge pull request 'chore(deps): update dependency helm-unittest/helm-unittest to v1.1.0' (#138) from renovate/update-helm-plugin-'unittest' into master
Helm / helm-lint (push) Successful in 11s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2026-05-06 18:03:32 +00:00
CSRBot 9a25b03d49 chore(deps): update dependency helm-unittest/helm-unittest to v1.1.0
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-lint (pull_request) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 26s
Details
Helm / helm-unittest (pull_request) Successful in 18s
Details
2026-05-06 18:02:53 +00:00
CSRBot 0f85600d9e Merge pull request 'chore(deps): update gomods/athens docker tag to v0.17.0' (#136) from renovate/container-images into master
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 20s
Details
2026-04-14 22:01:52 +00:00
CSRBot c7dbe35a21 chore(deps): update gomods/athens docker tag to v0.17.0
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-lint (pull_request) Successful in 4s
Details
Helm / helm-unittest (push) Successful in 22s
Details
Helm / helm-unittest (pull_request) Successful in 13s
Details
2026-04-14 22:01:21 +00:00
CSRBot 5face71644 Merge pull request 'chore(deps): update azure/setup-helm action to v5' (#135) from renovate/azure-setup-helm-5.x into master
Helm / helm-lint (push) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 13s
Details
2026-04-14 15:21:51 +00:00
CSRBot 63d1f5f99a chore(deps): update azure/setup-helm action to v5
Helm / helm-lint (push) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 12s
Details
Helm / helm-lint (pull_request) Successful in 4s
Details
Helm / helm-unittest (pull_request) Successful in 20s
Details
2026-04-14 13:02:20 +00:00
CSRBot d39bc3e63e Merge pull request 'chore(deps): update docker.io/library/node docker tag to v25.9.0' (#134) from renovate/update-docker.iolibrarynode into master
Helm / helm-lint (push) Successful in 4s
Details
Helm / helm-unittest (push) Successful in 11s
Details
2026-04-14 11:09:25 +00:00
CSRBot 209d1cd556 chore(deps): update docker.io/library/node docker tag to v25.9.0
Helm / helm-lint (push) Successful in 4s
Details
Helm / helm-unittest (push) Successful in 17s
Details
Helm / helm-lint (pull_request) Successful in 4s
Details
Helm / helm-unittest (pull_request) Successful in 11s
Details
2026-04-14 10:49:37 +00:00
CSRBot 4366cfe235 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v25.8.1' (#133) from renovate/update-docker.iolibrarynode into master
Helm / helm-lint (push) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 18s
Details
2026-03-11 17:01:57 +00:00
CSRBot 9f00bc7761 chore(deps): update docker.io/library/node docker tag to v25.8.1
Helm / helm-lint (push) Successful in 9s
Details
Helm / helm-unittest (push) Successful in 9s
Details
Helm / helm-lint (pull_request) Successful in 9s
Details
Helm / helm-unittest (pull_request) Successful in 9s
Details
2026-03-11 17:01:22 +00:00
CSRBot 7c52d9fd0d Merge pull request 'chore(deps): update docker.io/library/node docker tag to v25.8.0' (#132) from renovate/update-docker.iolibrarynode into master
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 18s
Details
2026-03-04 02:02:19 +00:00
CSRBot b0e93309a3 chore(deps): update docker.io/library/node docker tag to v25.8.0
Helm / helm-lint (push) Successful in 9s
Details
Helm / helm-unittest (push) Successful in 12s
Details
Helm / helm-lint (pull_request) Successful in 12s
Details
Helm / helm-unittest (pull_request) Successful in 9s
Details
2026-03-04 02:01:41 +00:00
CSRBot b3954c81db Merge pull request 'chore(deps): update dependency markdownlint-cli to ^0.48.0' (#131) from renovate/markdownlint-cli-0.x into master
Helm / helm-lint (push) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 9s
Details
2026-03-03 08:02:25 +00:00
CSRBot a1d722db60 chore(deps): update dependency markdownlint-cli to ^0.48.0
Helm / helm-lint (push) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 9s
Details
Helm / helm-lint (pull_request) Successful in 4s
Details
Helm / helm-unittest (pull_request) Successful in 8s
Details
2026-03-03 08:01:47 +00:00
CSRBot b465c2ba98 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v25.7.0' (#130) from renovate/update-docker.iolibrarynode into master
Helm / helm-lint (push) Successful in 9s
Details
Helm / helm-unittest (push) Successful in 10s
Details
2026-02-25 20:01:50 +00:00
CSRBot 5e0eafeb79 chore(deps): update docker.io/library/node docker tag to v25.7.0
Helm / helm-lint (push) Successful in 9s
Details
Helm / helm-unittest (push) Successful in 10s
Details
Helm / helm-unittest (pull_request) Successful in 8s
Details
Helm / helm-lint (pull_request) Successful in 10s
Details
2026-02-25 20:01:23 +00:00
CSRBot 09070323b7 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v25.6.1' (#129) from renovate/update-docker.iolibrarynode into master
Helm / helm-lint (push) Successful in 8s
Details
Helm / helm-unittest (push) Successful in 7s
Details
2026-02-12 17:01:44 +00:00
CSRBot 1ec5d40fe0 chore(deps): update docker.io/library/node docker tag to v25.6.1
Helm / helm-lint (push) Successful in 4s
Details
Helm / helm-unittest (push) Successful in 9s
Details
Helm / helm-lint (pull_request) Successful in 8s
Details
Helm / helm-unittest (pull_request) Successful in 14s
Details
2026-02-12 17:01:08 +00:00
CSRBot 9b763d9679 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v25.6.0' (#128) from renovate/update-docker.iolibrarynode into master
Helm / helm-unittest (push) Successful in 8s
Details
Helm / helm-lint (push) Successful in 9s
Details
2026-02-03 17:02:05 +00:00
CSRBot 1d679f29fe chore(deps): update docker.io/library/node docker tag to v25.6.0
Helm / helm-lint (push) Successful in 5s
Details
Helm / helm-lint (pull_request) Successful in 4s
Details
Helm / helm-unittest (push) Successful in 18s
Details
Helm / helm-unittest (pull_request) Successful in 9s
Details
2026-02-03 17:01:31 +00:00
CSRBot a5bd76a92d Merge pull request 'chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.4.1' (#127) from renovate/volker.raschek-athens-proxy-charts-1.x into master
Helm / helm-lint (push) Successful in 4s
Details
Helm / helm-unittest (push) Successful in 8s
Details
Markdown linter / markdown-link-checker (push) Successful in 2m0s
Details
Markdown linter / markdown-lint (push) Successful in 1m17s
Details
Generate README / generate-parameters (push) Successful in 16s
Details
2026-02-01 20:38:55 +00:00
CSRBot 1bfa018e20 chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.4.1
Generate README / generate-parameters (push) Successful in 20m44s
Details
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 9s
Details
Helm / helm-lint (pull_request) Successful in 4s
Details
Helm / helm-unittest (pull_request) Successful in 8s
Details
Markdown linter / markdown-link-checker (push) Successful in 52s
Details
Markdown linter / markdown-lint (push) Successful in 1m44s
Details
Markdown linter / markdown-link-checker (pull_request) Successful in 2m6s
Details
Markdown linter / markdown-lint (pull_request) Successful in 2m38s
Details
Generate README / generate-parameters (pull_request) Successful in 50m9s
Details
2026-02-01 20:17:35 +00:00
49 changed files with 1350 additions and 256 deletions
Expand all files Collapse all files
.gitea/scripts/add-annotations.sh
+13 -3
View File
@@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
set -e set -eo pipefail
CHART_FILE="Chart.yaml" CHART_FILE="Chart.yaml"
if [ ! -f "${CHART_FILE}" ]; then if [ ! -f "${CHART_FILE}" ]; then
@@ -8,8 +8,11 @@ if [ ! -f "${CHART_FILE}" ]; then
exit 1 exit 1
fi fi
DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)" rc_pattern="\-rc([-\.][0-9]+)?$"
DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
# Exclude prerelease tags (matching -rc or -rc.<digits>) from default tag selection
DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp "${rc_pattern}" | head --lines 1)"
DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp "${rc_pattern}" | head --lines 2 | tail --lines 1)"
if [ -z "${1}" ]; then if [ -z "${1}" ]; then
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
@@ -54,6 +57,13 @@ else
fi fi
fi fi
# Check if NEW_TAG is a prerelease (matches -rc or -rc-<digits> suffix)
if [[ "${NEW_TAG}" =~ ${rc_pattern} ]]; then
echo "INFO: Tag '${NEW_TAG}' is a prerelease, setting prerelease annotation and skipping changelog."
yq --no-colors --inplace ".annotations.\"artifacthub.io/prerelease\" = \"true\" | sort_keys(.)" "${CHART_FILE}"
exit 0
fi
CHANGE_LOG_YAML=$(mktemp) CHANGE_LOG_YAML=$(mktemp)
echo "[]" > "${CHANGE_LOG_YAML}" echo "[]" > "${CHANGE_LOG_YAML}"
.gitea/workflows/artifacthub-metadata.yaml
+41
View File
@@ -0,0 +1,41 @@
name: Upload ArtifactHub Metadata
on:
schedule:
- cron: '0 3 1 * *'
workflow_dispatch:
jobs:
upload-metadata:
name: "Upload artifacthub-repo.yml to OCI registry"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6.0.2
- uses: docker/login-action@v4.2.0
with:
registry: ${{ github.server_url }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
- uses: oras-project/setup-oras@v2.0.0
with:
version: 1.3.2 # renovate: datasource=github-tags depName=oras-project/oras extractVersion='^v?(?<version>.*)$'
- name: Extract meta information
run: |
echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut -d '/' -f 3)" >> $GITHUB_ENV
echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
- name: Push artifacthub-repo.yml
run: |
oras push ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:artifacthub.io \
--config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml \
artifacthub-repo.yml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml
- name: Push public cosign key
env:
COSIGN_PUBLIC_KEY: ${{ vars.COSIGN_PUBLIC_KEY }}
run: |
echo "${COSIGN_PUBLIC_KEY}" > cosign.pub
oras push ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:cosign.pub \
--artifact-type application/vnd.dev.cosign.public-key.v1 \
--annotation org.opencontainers.image.title=cosign.pub \
cosign.pub:application/vnd.dev.cosign.public-key.v1
.gitea/workflows/generate-readme.yaml
+1 -1
View File
@@ -15,7 +15,7 @@ on:
jobs: jobs:
generate-parameters: generate-parameters:
container: container:
image: docker.io/library/node:25.5.0-alpine image: docker.io/library/node:26.2.0-alpine
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Install tooling - name: Install tooling
.gitea/workflows/helm.yaml
+4 -4
View File
@@ -15,9 +15,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v6.0.2 - uses: actions/checkout@v6.0.2
- uses: azure/setup-helm@v4.3.1 - uses: azure/setup-helm@v5.0.0
with: with:
version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm version: v4.2.0 # renovate: datasource=github-releases depName=helm/helm
- name: Lint helm files - name: Lint helm files
run: | run: |
helm lint --values values.yaml . helm lint --values values.yaml .
@@ -26,9 +26,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v6.0.2 - uses: actions/checkout@v6.0.2
- uses: azure/setup-helm@v4.3.1 - uses: azure/setup-helm@v5.0.0
with: with:
version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm version: v4.2.0 # renovate: datasource=github-releases depName=helm/helm
- env: - env:
HELM_UNITTEST_VERSION: v1.0.0 #renovate: datasource=github-releases depName=helm-unittest/helm-unittest HELM_UNITTEST_VERSION: v1.0.0 #renovate: datasource=github-releases depName=helm-unittest/helm-unittest
name: Install helm-unittest name: Install helm-unittest
.gitea/workflows/markdown-linters.yaml
+2 -2
View File
@@ -15,7 +15,7 @@ on:
jobs: jobs:
markdown-link-checker: markdown-link-checker:
container: container:
image: docker.io/library/node:25.5.0-alpine image: docker.io/library/node:26.2.0-alpine
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Install tooling - name: Install tooling
@@ -30,7 +30,7 @@ jobs:
markdown-lint: markdown-lint:
container: container:
image: docker.io/library/node:25.5.0-alpine image: docker.io/library/node:26.2.0-alpine
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Install tooling - name: Install tooling
.gitea/workflows/release.yaml
+127 -24
View File
@@ -1,5 +1,10 @@
name: Release name: Release
env:
GPG_PRIVATE_KEY_FILE: ${{ runner.temp }}/private.key
GPG_PRIVATE_KEY_FINGERPRINT: ${{ vars.GPG_PRIVATE_KEY_FINGERPRINT }}
GPG_PRIVATE_KEY_PASSPHRASE_FILE: ${{ runner.temp }}/passphrase.txt
on: on:
push: push:
tags: tags:
@@ -7,14 +12,58 @@ on:
jobs: jobs:
publish-chart: publish-chart:
container:
image: docker.io/volkerraschek/helm:3.19.2
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Install packages via apk - uses: volker-raschek/cosign-installer@v4.1.2-rc4
with:
cosign-release: "v3.0.6" # renovate: datasource=github-tags depName=sigstore/cosign
- uses: azure/setup-helm@v5.0.0
with:
version: "v4.2.0" # renovate: datasource=github-tags depName=helm/helm
- name: Install helm plugins
env:
HELM_SIGSTORE_VERSION: "0.3.0" # renovate: datasource=github-tags depName=sigstore/helm-sigstore extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
HELM_SCHEMA_VALUES_VERSION: "2.4.0" # renovate: datasource=github-tags depName=losisin/helm-values-schema-json extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
HELM_UNITTEST_VERSION: "1.1.0" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
run: | run: |
apk update helm plugin install --verify=false https://github.com/sigstore/helm-sigstore.git --version "${HELM_SIGSTORE_VERSION}" 1> /dev/null
apk add git npm jq yq helm plugin install --verify=false https://github.com/losisin/helm-values-schema-json.git --version "${HELM_SCHEMA_VALUES_VERSION}" 1> /dev/null
helm plugin install --verify=false https://github.com/helm-unittest/helm-unittest.git --version "${HELM_UNITTEST_VERSION}" 1> /dev/null
helm plugin list
- name: GPG configuration
env:
GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }}
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
run: |
# Configure GPG and GPG Agent
mkdir --parents "${HOME}/.gnupg"
chmod 0700 "${HOME}/.gnupg"
cat > "${HOME}/.gnupg/gpg.conf" <<EOF
use-agent
pinentry-mode loopback
EOF
cat > "${HOME}/.gnupg/gpg-agent.conf" <<EOF
allow-loopback-pinentry
max-cache-ttl 86400
default-cache-ttl 86400
EOF
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
# Import GPG private key
cat 1> "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
cat 1> "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY}"
gpg --batch --yes --passphrase-fd 0 --import "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
# Export GPG keyring
gpg --batch --yes --export "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/pubring.gpg"
gpg --batch --yes --passphrase-fd 0 --export-secret-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/secring.gpg" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
- uses: actions/checkout@v6.0.2 - uses: actions/checkout@v6.0.2
with: with:
@@ -22,15 +71,17 @@ jobs:
- name: Add Artifacthub.io annotations - name: Add Artifacthub.io annotations
run: | run: |
NEW_TAG="$(git tag --sort=-version:refname | head -n 1)" rc_pattern="\-rc([-\.][0-9]+)?$"
OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)" NEW_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp "${rc_pattern}" | head --lines 1)"
OLD_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp "${rc_pattern}" | head --lines 2 | tail --lines 1)"
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}" .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
- name: Extract meta information - name: Extract meta information
run: | run: |
echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut --delimiter '/' --fields 3)" >> $GITHUB_ENV
echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 1)" >> $GITHUB_ENV
- name: Update Helm Chart version in README.md - name: Update Helm Chart version in README.md
run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md
@@ -38,24 +89,76 @@ jobs:
- name: Package chart - name: Package chart
run: | run: |
helm dependency build helm dependency build
helm package --version "${PACKAGE_VERSION}" ./ helm package \
--sign \
--key "$(gpg --with-colons --list-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" | grep uid | cut --delimiter ':' --fields 10)" \
--keyring "${HOME}/.gnupg/secring.gpg" \
--passphrase-file "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" \
--version "${PACKAGE_VERSION}" ./
- name: Upload Chart to ChartMuseum - uses: docker/login-action@v4.2.0
with:
registry: ${{ github.server_url }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
- name: Upload Chart to Gitea (OCI)
env: env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
run: |
helm push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz oci://${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}
cosign sign --yes --upload=true --key=env://COSIGN_PRIVATE_KEY ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:${PACKAGE_VERSION}
- name: Upload Chart to Gitea (Helm)
env:
GITEA_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
run: |
curl \
--fail \
--show-error \
--request POST \
--user "${REPOSITORY_OWNER}:${GITEA_REGISTRY_TOKEN}" \
--upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz" \
https://${GITEA_SERVER_HOSTNAME}/api/packages/${REPOSITORY_OWNER}/helm/api/charts
# NOTE:
# Gitea does currently not support uploading Helm chart provenance files, so we skip this step for now. Once
# Gitea supports this, we can simply uncomment the following lines to upload the provenance file as well.
#
# https://github.com/helm/helm/issues/31866
#
# if [ -f "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz.prov" ]; then
# curl \
# --fail \
# --show-error \
# --request POST \
# --user "${CHARTMUSEUM_USERNAME}:${CHARTMUSEUM_PASSWORD}" \
# --upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz.prov" \
# https://${GITEA_SERVER_HOSTNAME}/api/packages/${REPOSITORY_OWNER}/helm/api/prov
# fi
- name: Upload Chart to Chartmuseum (Helm)
env:
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }} CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
run: | run: |
helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY} curl \
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum --fail \
helm repo remove chartmuseum --show-error \
--request POST \
--user "${CHARTMUSEUM_USERNAME}:${CHARTMUSEUM_PASSWORD}" \
--upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz" \
https://${CHARTMUSEUM_HOSTNAME}/api/${CHARTMUSEUM_REPOSITORY}/charts
- name: Upload Chart to Gitea if [ -f "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz.prov" ]; then
env: curl \
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} --fail \
GITEA_SERVER_URL: ${{ github.server_url }} --show-error \
run: | --request POST \
helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm --user "${CHARTMUSEUM_USERNAME}:${CHARTMUSEUM_PASSWORD}" \
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea --upload-file ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz.prov \
helm repo remove gitea https://${CHARTMUSEUM_HOSTNAME}/api/${CHARTMUSEUM_REPOSITORY}/prov
fi
.gitignore
+5 -5
View File
@@ -1,9 +1,9 @@
charts charts
cosign*
node_modules node_modules
target target
values2.yml !values.yaml
values2.yaml !values.yml
values*.yaml
values*.yml
*.tgz *.tgz
install.sh
uninstall.sh
.vscode/settings.json
Vendored
+1 -1
View File
@@ -1,6 +1,6 @@
{ {
"yaml.schemas": { "yaml.schemas": {
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [ "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.1.0/schema/helm-testsuite.json": [
"/unittests/**/*.yaml" "/unittests/**/*.yaml"
] ]
}, },
Chart.yaml
+7 -1
View File
@@ -1,15 +1,21 @@
annotations: annotations:
artifacthub.io/license: MIT
artifacthub.io/links: | artifacthub.io/links: |
- name: Athens proxy (binary) - name: Athens proxy (binary)
url: https://github.com/gomods/athens url: https://github.com/gomods/athens
- name: support - name: support
url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues
artifacthub.io/operator: "false"
artifacthub.io/prerelease: "false"
artifacthub.io/signKey: |
fingerprint: 3B0CE9853CAD76076260025383D342258456906E
url: https://keys.openpgp.org/vks/v1/by-fingerprint/3B0CE9853CAD76076260025383D342258456906E
apiVersion: v2 apiVersion: v2
name: athens-proxy name: athens-proxy
description: Athens proxy server for golang description: Athens proxy server for golang
type: application type: application
version: "0.1.0" version: "0.1.0"
appVersion: "v0.16.2" appVersion: "v0.17.1"
icon: https://github.com/gomods/athens/blob/main/docs/static/banner.png?raw=true icon: https://github.com/gomods/athens/blob/main/docs/static/banner.png?raw=true
keywords: keywords:
Makefile
+19
View File
@@ -18,6 +18,25 @@ NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:
missing-dot: missing-dot:
grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml
# README
# ==============================================================================
readme: readme/link readme/lint readme/parameters
readme/link:
npm install && npm run readme:link
readme/lint:
npm install && npm run readme:lint
readme/parameters:
npm install && npm run readme:parameters
# HELM UNITTESTS
# ==============================================================================
PHONY+=helm/unittest
helm/unittest:
helm unittest --strict --file 'unittests/**/*.yaml' ./
# CONTAINER RUN - README # CONTAINER RUN - README
# ============================================================================== # ==============================================================================
PHONY+=container-run/readme PHONY+=container-run/readme
README.md
+167 -28
View File
@@ -37,7 +37,7 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi
versions can break something! versions can break something!
```bash ```bash
CHART_VERSION=1.4.0 CHART_VERSION=1.4.1
helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml
``` ```
@@ -51,7 +51,7 @@ The helm chart also contains a persistent volume claim definition. It persistent
Use the `--set` argument to persist your data. Use the `--set` argument to persist your data.
```bash ```bash
CHART_VERSION=1.4.0 CHART_VERSION=1.4.1
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
persistence.enabled=true persistence.enabled=true
``` ```
@@ -81,7 +81,7 @@ Further information about this topic can be found in one of Kanishk's blog
> Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully. > Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
```bash ```bash
CHART_VERSION=1.4.0 CHART_VERSION=1.4.1
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
--set 'deployment.athensProxy.env.name=GOMAXPROCS' \ --set 'deployment.athensProxy.env.name=GOMAXPROCS' \
--set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \ --set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
@@ -96,12 +96,16 @@ certificate can be used the [cert-manager](https://cert-manager.io/). The chart
certificate via `cert-manager.io/v1 Certificate` resource. Alternatively can be mounted a TLS certificate from a secret. certificate via `cert-manager.io/v1 Certificate` resource. Alternatively can be mounted a TLS certificate from a secret.
The secret must be from type `kubernetes.io/tls`. The secret must be from type `kubernetes.io/tls`.
If athens-proxy is deployed behind a reverse proxy, for example an ingress nginx controller or Gateway API, please
instruct the reverse proxy to establish a TLS encrypted connection to avoid connection problems. The documentation
describes configuring [Ingress NGINX](#ingress-nginx) as well as [NGINX Gateway Fabric](#gatewayapi-nginx-fabric).
> [!WARNING] > [!WARNING]
> The following example expects that the [cert-manager](https://cert-manager.io/) is deployed and the `Issuer` named > The following example expects that the [cert-manager](https://cert-manager.io/) is deployed and the `Issuer` named
> `athens-proxy-ca` is present in the same namespace of the helm deployment. > `athens-proxy-ca` is present in the same namespace of the helm deployment.
```bash ```bash
CHART_VERSION=1.4.0 CHART_VERSION=1.4.1
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
--set 'config.certificate.enabled=true' \ --set 'config.certificate.enabled=true' \
--set 'config.certificate.new.issuerRef.kind=Issuer' \ --set 'config.certificate.new.issuerRef.kind=Issuer' \
@@ -111,6 +115,110 @@ helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-pro
The environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` are automatically added and the TLS certificate The environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` are automatically added and the TLS certificate
and private key are mounted to a pre-defined destination inside the container file system. and private key are mounted to a pre-defined destination inside the container file system.
##### Ingress NGINX
The following changes must be applied to enable TLS encryption and authentication on-top between the ingress and backend
service.
> [!IMPORTANT]
> The HTTP Version between the ingress nginx and backend must be set to `1.1`, as well as the TLS protocol must be set
> to `TLSv1.2`. Otherwise can't the nginx establish a TLS connection.
The secret `athens-proxy/ingress-nginx-controller-tls` contains TLS certificates for the nginx ingress controller. The
TLS certificate must be created manually, for example via [cert-manager](https://cert-manager.io/). It is used by the
nginx for TLS authentication.
```yaml
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
nginx.ingress.kubernetes.io/proxy-ssl-secret: athens-proxy/ingress-nginx-controller-tls
nginx.ingress.kubernetes.io/proxy-ssl-protocols: TLSv1.2
nginx.ingress.kubernetes.io/proxy-ssl-name: athens-proxy
nginx.ingress.kubernetes.io/proxy-ssl-verify: "on"
```
##### GatewayAPI: NGINX Fabric
The following changes must be applied to enable TLS encryption and authentication on-top between the gateway and backend
service.
> [!IMPORTANT]
> The HTTP Version between the nginx gateway fabric and backend must be set to `1.1`, as well as the TLS protocol must
> be set to `TLSv1.2`. Otherwise can't the nginx establish a TLS connection.
The `gatewayAPI.core.backendTLSPolicy.validation.caCertificateRefs` must contain at least one secret containing the
root or intermediate certificate of the issued TLS certificate used by athens-proxy to be able to validate the TLS
certificate.
```yaml
gatewayAPI:
enabled: true
core:
backendTLSPolicy:
enabled: true
validation:
caCertificateRefs:
- group: ""
kind: Secret
name: "athens-proxy-ca"
hostname: "athens-proxy"
httpRoute:
enabled: true
hostnames:
- athens-proxy.example.local
parentRefs:
- name: nginx
kind: Gateway
group: gateway.networking.k8s.io
namespace: my-gateway-namespace
sectionName: athens-proxy-https
```
The Gateway resource is not part of the helm chart, but for illustrating the configuration example, here a GatewayAPI
resource with configured backend TLS certificate. The TLS certificates `gateway-frontend-tls` and `gateway-backend-tls`
must also be created manually, for example via [cert-manager](https://cert-manager.io/).
```yaml
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: nginx
namespace: my-gateway-namespace
spec:
gatewayClassName: nginx
listeners:
- allowedRoutes:
kinds:
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespaces:
from: All
hostname: athens-proxy.example.local
name: https
port: 443
protocol: HTTPS
tls:
certificateRefs:
- group: ''
kind: Secret
name: gateway-frontend-tls
namespace: my-gateway-namespace
mode: Terminate
tls:
backend:
clientCertificateRef:
group: ''
kind: Secret
name: gateway-backend-tls
namespace: my-gateway-namespace
```
#### TLS certificate rotation #### TLS certificate rotation
If the application uses TLS certificates that are mounted as a secret in the container file system like the example If the application uses TLS certificates that are mounted as a secret in the container file system like the example
@@ -198,6 +306,13 @@ networkPolicies:
podSelector: podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
# NGINX GatewayAPI Fabric
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: gateway-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: gateway-nginx
ports: ports:
- port: http - port: http
protocol: TCP protocol: TCP
@@ -385,6 +500,30 @@ spec:
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the athens-proxy deployment. | `[]` | | `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the athens-proxy deployment. | `[]` |
| `deployment.volumes` | Additional volumes to mount into the pods of the athens-proxy deployment. | `[]` | | `deployment.volumes` | Additional volumes to mount into the pods of the athens-proxy deployment. | `[]` |
### GatewayAPI
| Name | Description | Value |
| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `gatewayAPI.enabled` | Enable the Gateway API resources. Requires Kubernetes v1.19 or higher, the CRD's and a compatible gateway controller. | `false` |
| `gatewayAPI.core.backendTLSPolicy.enabled` | Enable the BackendTLSPolicy resource. Requires also `gatewayAPI.enabled` to be `true`. | `false` |
| `gatewayAPI.core.backendTLSPolicy.annotations` | Additional annotations for the BackendTLSPolicy. | `{}` |
| `gatewayAPI.core.backendTLSPolicy.labels` | Additional labels for the BackendTLSPolicy. | `{}` |
| `gatewayAPI.core.backendTLSPolicy.validation` | Validation configuration for the BackendTLSPolicy. For example, you can specify a trusted CA certificate to validate the TLS connection between the gateway and the athens-proxy pod. | `{}` |
| `gatewayAPI.core.httpRoute.enabled` | Enable the HTTPRoute resource. Requires also `gatewayAPI.enabled` and `service.enabled` to be `true`. | `false` |
| `gatewayAPI.core.httpRoute.annotations` | Additional annotations for the HTTPRoute. | `{}` |
| `gatewayAPI.core.httpRoute.labels` | Additional labels for the HTTPRoute. | `{}` |
| `gatewayAPI.core.httpRoute.hostnames` | Hostnames for the HTTPRoute. | `[]` |
| `gatewayAPI.core.httpRoute.parentRefs` | ParentRefs for the HTTPRoute. You can specify parentRefs to bind the HTTPRoute to specific Gateway resources. | `[]` |
| `gatewayAPI.nginx.clientSettingsPolicy.enabled` | Enable the ClientSettingsPolicy resource. Requires also `gatewayAPI.enabled` to be `true`. | `false` |
| `gatewayAPI.nginx.clientSettingsPolicy.annotations` | Additional annotations for the ClientSettingsPolicy. | `{}` |
| `gatewayAPI.nginx.clientSettingsPolicy.labels` | Additional labels for the ClientSettingsPolicy. | `{}` |
| `gatewayAPI.nginx.clientSettingsPolicy.clientMaxBodySize` | ClientMaxBodySize sets the maximum allowed size of the client request body. If not specified, the default of the nginx gateway controller is used. | `""` |
| `gatewayAPI.nginx.clientSettingsPolicy.clientBodyTimeout` | ClientBodyTimeout sets the timeout for reading the client request body. If not specified, the default of the nginx gateway controller is used. | `""` |
| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveRequests` | KeepaliveRequests sets the maximum number of requests that can be served through one keepalive connection. If not specified, the default of the nginx gateway controller is used. | `nil` |
| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveTime` | KeepaliveTime sets the time a keepalive connection is kept open. If not specified, the default of the nginx gateway controller is used. | `""` |
| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveTimeout` | KeepaliveTimeout sets the time a client has to wait for the response of a request until the connection is closed. If not specified, the default of the nginx gateway controller is used. | `""` |
| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveMinTimeout` | KeepaliveMinTimeout sets the minimum time a client has to wait for the response of a request until the connection is closed. If not specified, the default of the nginx gateway controller is used. | `""` |
### Horizontal Pod Autoscaler (HPA) ### Horizontal Pod Autoscaler (HPA)
| Name | Description | Value | | Name | Description | Value |
@@ -398,14 +537,14 @@ spec:
### Ingress ### Ingress
| Name | Description | Value | | Name | Description | Value |
| --------------------- | -------------------------------------------------------------------------------------------------------------------- | ------- | | --------------------- | ---------------------------------------------------------------------------------------- | ------- |
| `ingress.enabled` | Enable creation of an ingress resource. Requires, that the http service is also enabled. | `false` | | `ingress.enabled` | Enable creation of an ingress resource. Requires, that the http service is also enabled. | `false` |
| `ingress.className` | Ingress class. | `nginx` | | `ingress.className` | Ingress class. | `nginx` |
| `ingress.annotations` | Additional ingress annotations. | `{}` | | `ingress.annotations` | Additional ingress annotations. | `{}` |
| `ingress.labels` | Additional ingress labels. | `{}` | | `ingress.labels` | Additional ingress labels. | `{}` |
| `ingress.hosts` | Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. | `[]` | | `ingress.hosts` | Ingress specific configuration. | `[]` |
| `ingress.tls` | Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``. | `[]` | | `ingress.tls` | Ingress TLS settings. | `[]` |
### Persistence ### Persistence
@@ -440,22 +579,22 @@ spec:
### Service ### Service
| Name | Description | Value | | Name | Description | Value |
| ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| `services.http.enabled` | Enable the service. | `true` | | `service.enabled` | Enable the service. | `true` |
| `services.http.annotations` | Additional service annotations. | `{}` | | `service.annotations` | Additional service annotations. | `{}` |
| `services.http.externalIPs` | External IPs for the service. | `[]` | | `service.externalIPs` | External IPs for the service. | `[]` |
| `services.http.externalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster` | | `service.externalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster` |
| `services.http.internalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | `Cluster` | | `service.internalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | `Cluster` |
| `services.http.ipFamilies` | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | `[]` | | `service.ipFamilies` | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | `[]` |
| `services.http.labels` | Additional service labels. | `{}` | | `service.labels` | Additional service labels. | `{}` |
| `services.http.loadBalancerClass` | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | `""` | | `service.loadBalancerClass` | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | `""` |
| `services.http.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` | | `service.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` |
| `services.http.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` | | `service.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` |
| `services.http.port` | Port to forward the traffic to. | `3000` | | `service.port` | Port to forward the traffic to. | `3000` |
| `services.http.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` | | `service.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` |
| `services.http.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` | | `service.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` |
| `services.http.type` | Kubernetes service type for the traffic. | `ClusterIP` | | `service.type` | Kubernetes service type for the traffic. | `ClusterIP` |
### ServiceAccount ### ServiceAccount
artifacthub-repo.yml
+1
View File
@@ -0,0 +1 @@
repositoryID: 4c206fe5-b83a-457a-bcad-7dd664f8b70c
package-lock.json
Generated
+45 -45
View File
@@ -9,7 +9,7 @@
"devDependencies": { "devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.5.0", "@bitnami/readme-generator-for-helm": "^2.5.0",
"markdown-link-check": "^3.13.6", "markdown-link-check": "^3.13.6",
"markdownlint-cli": "^0.47.0" "markdownlint-cli": "^0.48.0"
}, },
"engines": { "engines": {
"node": ">=16.0.0", "node": ">=16.0.0",
@@ -33,29 +33,6 @@
"readme-generator": "bin/index.js" "readme-generator": "bin/index.js"
} }
}, },
"node_modules/@isaacs/balanced-match": {
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/@isaacs/balanced-match/-/balanced-match-4.0.1.tgz",
"integrity": "sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==",
"dev": true,
"license": "MIT",
"engines": {
"node": "20 || >=22"
}
},
"node_modules/@isaacs/brace-expansion": {
"version": "5.0.0",
"resolved": "https://registry.npmjs.org/@isaacs/brace-expansion/-/brace-expansion-5.0.0.tgz",
"integrity": "sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==",
"dev": true,
"license": "MIT",
"dependencies": {
"@isaacs/balanced-match": "^4.0.1"
},
"engines": {
"node": "20 || >=22"
}
},
"node_modules/@oozcitak/dom": { "node_modules/@oozcitak/dom": {
"version": "2.0.1", "version": "2.0.1",
"resolved": "https://registry.npmjs.org/@oozcitak/dom/-/dom-2.0.1.tgz", "resolved": "https://registry.npmjs.org/@oozcitak/dom/-/dom-2.0.1.tgz",
@@ -1007,9 +984,9 @@
} }
}, },
"node_modules/markdown-it": { "node_modules/markdown-it": {
"version": "14.1.0", "version": "14.1.1",
"resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.0.tgz", "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.1.tgz",
"integrity": "sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==", "integrity": "sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
@@ -1105,23 +1082,23 @@
} }
}, },
"node_modules/markdownlint-cli": { "node_modules/markdownlint-cli": {
"version": "0.47.0", "version": "0.48.0",
"resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.47.0.tgz", "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.48.0.tgz",
"integrity": "sha512-HOcxeKFAdDoldvoYDofd85vI8LgNWy8vmYpCwnlLV46PJcodmGzD7COSSBlhHwsfT4o9KrAStGodImVBus31Bg==", "integrity": "sha512-NkZQNu2E0Q5qLEEHwWj674eYISTLD4jMHkBzDobujXd1kv+yCxi8jOaD/rZoQNW1FBBMMGQpuW5So8B51N/e0A==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"commander": "~14.0.2", "commander": "~14.0.3",
"deep-extend": "~0.6.0", "deep-extend": "~0.6.0",
"ignore": "~7.0.5", "ignore": "~7.0.5",
"js-yaml": "~4.1.1", "js-yaml": "~4.1.1",
"jsonc-parser": "~3.3.1", "jsonc-parser": "~3.3.1",
"jsonpointer": "~5.0.1", "jsonpointer": "~5.0.1",
"markdown-it": "~14.1.0", "markdown-it": "~14.1.1",
"markdownlint": "~0.40.0", "markdownlint": "~0.40.0",
"minimatch": "~10.1.1", "minimatch": "~10.2.4",
"run-con": "~1.3.2", "run-con": "~1.3.2",
"smol-toml": "~1.5.2", "smol-toml": "~1.6.0",
"tinyglobby": "~0.2.15" "tinyglobby": "~0.2.15"
}, },
"bin": { "bin": {
@@ -1131,10 +1108,33 @@
"node": ">=20" "node": ">=20"
} }
}, },
"node_modules/markdownlint-cli/node_modules/balanced-match": {
"version": "4.0.4",
"resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
"integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
"dev": true,
"license": "MIT",
"engines": {
"node": "18 || 20 || >=22"
}
},
"node_modules/markdownlint-cli/node_modules/brace-expansion": {
"version": "5.0.4",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.4.tgz",
"integrity": "sha512-h+DEnpVvxmfVefa4jFbCf5HdH5YMDXRsmKflpf1pILZWRFlTbJpxeU55nJl4Smt5HQaGzg1o6RHFPJaOqnmBDg==",
"dev": true,
"license": "MIT",
"dependencies": {
"balanced-match": "^4.0.2"
},
"engines": {
"node": "18 || 20 || >=22"
}
},
"node_modules/markdownlint-cli/node_modules/commander": { "node_modules/markdownlint-cli/node_modules/commander": {
"version": "14.0.2", "version": "14.0.3",
"resolved": "https://registry.npmjs.org/commander/-/commander-14.0.2.tgz", "resolved": "https://registry.npmjs.org/commander/-/commander-14.0.3.tgz",
"integrity": "sha512-TywoWNNRbhoD0BXs1P3ZEScW8W5iKrnbithIl0YH+uCmBd0QpPOA8yc82DS3BIE5Ma6FnBVUsJ7wVUDz4dvOWQ==", "integrity": "sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"engines": { "engines": {
@@ -1142,16 +1142,16 @@
} }
}, },
"node_modules/markdownlint-cli/node_modules/minimatch": { "node_modules/markdownlint-cli/node_modules/minimatch": {
"version": "10.1.1", "version": "10.2.4",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.1.1.tgz", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
"integrity": "sha512-enIvLvRAFZYXJzkCYG5RKmPfrFArdLv+R+lbQ53BmIMLIry74bjKzX6iHAm8WYamJkhSSEabrWN5D97XnKObjQ==", "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
"dev": true, "dev": true,
"license": "BlueOak-1.0.0", "license": "BlueOak-1.0.0",
"dependencies": { "dependencies": {
"@isaacs/brace-expansion": "^5.0.0" "brace-expansion": "^5.0.2"
}, },
"engines": { "engines": {
"node": "20 || >=22" "node": "18 || 20 || >=22"
}, },
"funding": { "funding": {
"url": "https://github.com/sponsors/isaacs" "url": "https://github.com/sponsors/isaacs"
@@ -2023,9 +2023,9 @@
} }
}, },
"node_modules/smol-toml": { "node_modules/smol-toml": {
"version": "1.5.2", "version": "1.6.0",
"resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.5.2.tgz", "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.6.0.tgz",
"integrity": "sha512-QlaZEqcAH3/RtNyet1IPIYPsEWAaYyXXv1Krsi+1L/QHppjX4Ifm8MQsBISz9vE8cHicIq3clogsheili5vhaQ==", "integrity": "sha512-4zemZi0HvTnYwLfrpk/CF9LOd9Lt87kAt50GnqhMpyF9U3poDAP2+iukq2bZsO/ufegbYehBkqINbsWxj4l4cw==",
"dev": true, "dev": true,
"license": "BSD-3-Clause", "license": "BSD-3-Clause",
"engines": { "engines": {
package.json
+1 -1
View File
@@ -16,6 +16,6 @@
"devDependencies": { "devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.5.0", "@bitnami/readme-generator-for-helm": "^2.5.0",
"markdown-link-check": "^3.13.6", "markdown-link-check": "^3.13.6",
"markdownlint-cli": "^0.47.0" "markdownlint-cli": "^0.48.0"
} }
} }
renovate.json
-14
View File
@@ -51,20 +51,6 @@
"volkerraschek/helm" "volkerraschek/helm"
] ]
}, },
{
"automerge": true,
"groupName": "Update helm plugin 'unittest'",
"matchDepNames": [
"helm-unittest/helm-unittest"
],
"matchDatasources": [
"github-releases"
],
"matchUpdateTypes": [
"minor",
"patch"
]
},
{ {
"groupName": "Update docker.io/library/node", "groupName": "Update docker.io/library/node",
"matchDepNames": [ "matchDepNames": [
templates/_backendTLSPolicies.tpl
+32
View File
@@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.backendTLSPolicy.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.gatewayAPI.core.backendTLSPolicy.annotations }}
{{ toYaml .Values.gatewayAPI.core.backendTLSPolicy.annotations }}
{{- end }}
{{- end }}
{{/* enabled */}}
{{- define "athens-proxy.backendTLSPolicy.enabled" -}}
{{- if and .Values.gatewayAPI.enabled
.Values.gatewayAPI.core.backendTLSPolicy.enabled
.Values.service.enabled
-}}
true
{{- else -}}
false
{{- end -}}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.backendTLSPolicy.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.gatewayAPI.core.backendTLSPolicy.labels }}
{{ toYaml .Values.gatewayAPI.core.backendTLSPolicy.labels }}
{{- end }}
{{- end }}
templates/_certificate.tpl → templates/_certificates.tpl
View File
templates/_clientSettingsPolicies.tpl
+31
View File
@@ -0,0 +1,31 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.clientSettingsPolicy.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.gatewayAPI.nginx.clientSettingsPolicy.annotations }}
{{ toYaml .Values.gatewayAPI.nginx.clientSettingsPolicy.annotations }}
{{- end }}
{{- end }}
{{/* enabled */}}
{{- define "athens-proxy.clientSettingsPolicy.enabled" -}}
{{- if and (eq (include "athens-proxy.httpRoute.enabled" $) "true")
.Values.gatewayAPI.nginx.clientSettingsPolicy.enabled
-}}
true
{{- else -}}
false
{{- end -}}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.clientSettingsPolicy.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.gatewayAPI.nginx.clientSettingsPolicy.labels }}
{{ toYaml .Values.gatewayAPI.nginx.clientSettingsPolicy.labels }}
{{- end }}
{{- end }}
templates/_configMap.tpl → templates/_configMaps.tpl
View File
templates/_deployment.tpl → templates/_deployments.tpl
View File
templates/_httpRoutes.tpl
+32
View File
@@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.httpRoute.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.gatewayAPI.core.httpRoute.annotations }}
{{ toYaml .Values.gatewayAPI.core.httpRoute.annotations }}
{{- end }}
{{- end }}
{{/* enabled */}}
{{- define "athens-proxy.httpRoute.enabled" -}}
{{- if and .Values.gatewayAPI.enabled
.Values.gatewayAPI.core.httpRoute.enabled
.Values.service.enabled
-}}
true
{{- else -}}
false
{{- end -}}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.httpRoute.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.gatewayAPI.core.httpRoute.labels }}
{{ toYaml .Values.gatewayAPI.core.httpRoute.labels }}
{{- end }}
{{- end }}
templates/_ingress.tpl → templates/_ingresses.tpl
View File
templates/_networkPolicy.tpl → templates/_networkPolicies.tpl
View File
templates/_persistentVolumeClaim.tpl → templates/_persistentVolumeClaims.tpl
View File
templates/_pod.tpl → templates/_pods.tpl
View File
templates/_serviceAccount.tpl → templates/_serviceAccounts.tpl
View File
templates/_services.tpl
+9 -9
View File
@@ -2,28 +2,28 @@
{{/* annotations */}} {{/* annotations */}}
{{- define "athens-proxy.services.http.annotations" -}} {{- define "athens-proxy.service.annotations" -}}
{{ include "athens-proxy.annotations" . }} {{ include "athens-proxy.annotations" . }}
{{- if .Values.services.http.annotations }} {{- if .Values.service.annotations }}
{{ toYaml .Values.services.http.annotations }} {{ toYaml .Values.service.annotations }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/* labels */}} {{/* labels */}}
{{- define "athens-proxy.services.http.labels" -}} {{- define "athens-proxy.service.labels" -}}
{{ include "athens-proxy.labels" . }} {{ include "athens-proxy.labels" . }}
{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}} {{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}}
app.kubernetes.io/service-name: http app.kubernetes.io/service-name: http
{{- if .Values.services.http.labels }} {{- if .Values.service.labels }}
{{ toYaml .Values.services.http.labels }} {{ toYaml .Values.service.labels }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/* names */}} {{/* names */}}
{{- define "athens-proxy.services.http.name" -}} {{- define "athens-proxy.service.name" -}}
{{- if .Values.services.http.enabled -}} {{- if .Values.service.enabled -}}
{{ include "athens-proxy.fullname" . }}-http {{ include "athens-proxy.fullname" . }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
templates/backendTLSPolicy.yaml
+25
View File
@@ -0,0 +1,25 @@
{{- if eq (include "athens-proxy.backendTLSPolicy.enabled" $) "true" }}
---
apiVersion: gateway.networking.k8s.io/v1
kind: BackendTLSPolicy
metadata:
{{- with (include "athens-proxy.backendTLSPolicy.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.backendTLSPolicy.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
targetRefs:
- group: ""
kind: Service
name: {{ include "athens-proxy.service.name" . }}
{{- with .Values.gatewayAPI.core.backendTLSPolicy.validation }}
validation:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}
templates/clientSettingsPolicy.yaml
+50
View File
@@ -0,0 +1,50 @@
{{- if eq (include "athens-proxy.clientSettingsPolicy.enabled" $) "true" }}
apiVersion: gateway.nginx.org/v1alpha1
kind: ClientSettingsPolicy
metadata:
{{- with (include "athens-proxy.clientSettingsPolicy.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.clientSettingsPolicy.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
targetRef:
group: gateway.networking.k8s.io
kind: HTTPRoute
name: {{ include "athens-proxy.fullname" . }}
{{- if or .Values.gatewayAPI.nginx.clientSettingsPolicy.clientMaxBodySize
.Values.gatewayAPI.nginx.clientSettingsPolicy.clientBodyTimeout
}}
body:
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.clientMaxBodySize }}
maxSize: {{ . }}
{{- end }}
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.clientBodyTimeout }}
timeout: {{ . }}
{{- end }}
{{- end }}
{{- if or .Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveRequests
.Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveTime
.Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveTimeout
.Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveMinTimeout
}}
keepAlive:
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveRequests }}
requests: {{ . }}
{{- end }}
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveTime }}
time: {{ . }}
{{- end }}
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveTimeout }}
timeout: {{ . }}
{{- end }}
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveMinTimeout }}
minTimeout: {{ . }}
{{- end }}
{{- end }}
{{- end -}}
templates/httpRoute.yaml
+37
View File
@@ -0,0 +1,37 @@
{{- if eq (include "athens-proxy.httpRoute.enabled" $) "true" }}
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
{{- with (include "athens-proxy.httpRoute.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.httpRoute.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- with .Values.gatewayAPI.core.httpRoute.hostnames }}
hostnames:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.gatewayAPI.core.httpRoute.parentRefs }}
parentRefs:
{{- toYaml . | nindent 4 }}
{{- end }}
rules:
- backendRefs:
- group: ''
kind: Service
name: {{ include "athens-proxy.service.name" . }}
namespace: {{ .Release.Namespace }}
port: {{ .Values.service.port }}
weight: 1
{{- with .Values.gatewayAPI.core.httpRoute.matches }}
matches:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
templates/ingress.yaml
+3 -3
View File
@@ -1,4 +1,4 @@
{{- if and .Values.services.http.enabled .Values.ingress.enabled }} {{- if and .Values.service.enabled .Values.ingress.enabled }}
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
@@ -27,9 +27,9 @@ spec:
{{- end }} {{- end }}
backend: backend:
service: service:
name: {{ include "athens-proxy.services.http.name" $ }} name: {{ include "athens-proxy.service.name" $ }}
port: port:
number: {{ $.Values.services.http.port }} number: {{ $.Values.service.port }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.ingress.tls }} {{- if .Values.ingress.tls }}
templates/service.yaml
+57
View File
@@ -0,0 +1,57 @@
{{- if .Values.service.enabled }}
---
apiVersion: v1
kind: Service
metadata:
{{- with (include "athens-proxy.service.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.service.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.service.name" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- if not (empty .Values.service.externalIPs) }}
externalIPs:
{{- range .Values.service.externalIPs }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") ) .Values.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
{{- end }}
internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.service.internalTrafficPolicy }}
{{- if .Values.service.ipFamilies }}
ipFamilies:
{{- range .Values.service.ipFamilies }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerClass }}
loadBalancerClass: {{ .Values.service.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if eq .Values.service.type "LoadBalancer" }}
loadBalancerSourceRanges:
{{- range .Values.service.loadBalancerSourceRanges }}
- {{ . }}
{{- end }}
{{- end }}
ports:
- name: http
protocol: TCP
port: {{ required "No service port defined!" .Values.service.port }}
selector:
{{- include "athens-proxy.pod.selectorLabels" . | nindent 4 }}
sessionAffinity: {{ required "No session affinity defined!" .Values.service.sessionAffinity }}
{{- with .Values.service.sessionAffinityConfig }}
sessionAffinityConfig:
{{- toYaml . | nindent 4}}
{{- end }}
type: {{ required "No service type defined!" .Values.service.type }}
{{- end }}
templates/serviceHTTP.yaml
-57
View File
@@ -1,57 +0,0 @@
{{- if .Values.services.http.enabled }}
---
apiVersion: v1
kind: Service
metadata:
{{- with (include "athens-proxy.services.http.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.services.http.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.services.http.name" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- if not (empty .Values.services.http.externalIPs) }}
externalIPs:
{{- range .Values.services.http.externalIPs }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (or (eq .Values.services.http.type "LoadBalancer") (eq .Values.services.http.type "NodePort") ) .Values.services.http.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.services.http.externalTrafficPolicy }}
{{- end }}
internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.services.http.internalTrafficPolicy }}
{{- if .Values.services.http.ipFamilies }}
ipFamilies:
{{- range .Values.services.http.ipFamilies }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerClass }}
loadBalancerClass: {{ .Values.services.http.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerIP }}
loadBalancerIP: {{ .Values.services.http.loadBalancerIP }}
{{- end }}
{{- if eq .Values.services.http.type "LoadBalancer" }}
loadBalancerSourceRanges:
{{- range .Values.services.http.loadBalancerSourceRanges }}
- {{ . }}
{{- end }}
{{- end }}
ports:
- name: http
protocol: TCP
port: {{ required "No service port defined!" .Values.services.http.port }}
selector:
{{- include "athens-proxy.pod.selectorLabels" . | nindent 4 }}
sessionAffinity: {{ required "No session affinity defined!" .Values.services.http.sessionAffinity }}
{{- with .Values.services.http.sessionAffinityConfig }}
sessionAffinityConfig:
{{- toYaml . | nindent 4}}
{{- end }}
type: {{ required "No service type defined!" .Values.services.http.type }}
{{- end }}
unittests/backendTLSPolicies/backendTLSPolicy.yaml
+130
View File
@@ -0,0 +1,130 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: backendTLSPolicy template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/backendTLSPolicy.yaml
tests:
- it: Skip rendering when disabled 1/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.backendTLSPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 2/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 3/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.backendTLSPolicy.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 4/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.backendTLSPolicy.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 5/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 6/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Render default values
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy.enabled: true
service.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: gateway.networking.k8s.io/v1
kind: BackendTLSPolicy
name: athens-proxy-unittest
namespace: testing
- contains:
path: spec.targetRefs
content:
group: ""
kind: Service
name: athens-proxy-unittest
- notExists:
path: spec.validation.caCertificateRefs
- it: Render with custom annotations and labels
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy:
enabled: true
annotations:
foo: bar
labels:
bar: foo
service.enabled: true
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
app.kubernetes.io/managed-by: Helm
helm.sh/chart: athens-proxy-0.1.0
bar: foo
- it: Render with custom validation
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy.enabled: true
gatewayAPI.core.backendTLSPolicy.validation:
caCertificateRefs:
- group: ""
kind: Secret
name: athens-proxy-ca
hostname: athens-proxy.svc.cluster.local
service.enabled: true
asserts:
- isSubset:
path: spec.validation
content:
caCertificateRefs:
- group: ""
kind: Secret
name: athens-proxy-ca
unittests/clientSettingsPolicies/clientSettingsPolicy.yaml
+190
View File
@@ -0,0 +1,190 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ClientSettingsPolicy template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/clientSettingsPolicy.yaml
tests:
- it: Skip rendering when disabled 1/8
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 2/8
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 3/8
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 4/8
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 5/8
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 6/8
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 7/8
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 8/8
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Render default values
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy.enabled: true
service.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: gateway.nginx.org/v1alpha1
kind: ClientSettingsPolicy
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- isSubset:
path: spec.targetRef
content:
group: gateway.networking.k8s.io
kind: HTTPRoute
name: athens-proxy-unittest
- notExists:
path: spec.body
- notExists:
path: spec.keepAlive
- it: Render custom annotations and labels
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy:
enabled: true
annotations:
foo: "bar"
labels:
bar: "foo"
service.enabled: true
asserts:
- equal:
path: metadata.annotations
value:
foo: "bar"
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
bar: "foo"
- it: Render with custom body settings
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy:
enabled: true
clientMaxBodySize: 10m
clientBodyTimeout: 30s
service.enabled: true
asserts:
- isSubset:
path: spec.body
content:
maxSize: 10m
timeout: 30s
- notExists:
path: spec.keepAlive
- it: Render with custom keepAlive settings
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy:
enabled: true
keepaliveRequests: 100
keepaliveTime: 60s
keepaliveTimeout: 60s
keepaliveMinTimeout: 10s
service.enabled: true
asserts:
- notExists:
path: spec.body
- isSubset:
path: spec.keepAlive
content:
requests: 100
time: 60s
timeout: 60s
minTimeout: 10s
unittests/deployment/certificate.yaml → unittests/deployments/certificate.yaml
View File
unittests/deployment/deployment.yaml → unittests/deployments/deployment.yaml
View File
unittests/deployment/downloadMode.yaml → unittests/deployments/downloadMode.yaml
View File
unittests/deployment/env.yaml → unittests/deployments/env.yaml
View File
unittests/deployment/gitConfig.yaml → unittests/deployments/gitConfig.yaml
View File
unittests/deployment/netrc.yaml → unittests/deployments/netrc.yaml
View File
unittests/deployment/persistentVolumeClaim.yaml → unittests/deployments/persistentVolumeClaim.yaml
View File
unittests/deployment/ssh.yaml → unittests/deployments/ssh.yaml
View File
unittests/httpRoutes/httpRoute.yaml
+195
View File
@@ -0,0 +1,195 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: HTTPRoute template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/httpRoute.yaml
tests:
- it: Skip rendering when disabled 1/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 2/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 3/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 4/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 5/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 6/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Rendering default values
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
service.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- notExists:
path: spec.hostnames
- notExists:
path: spec.parentRefs
- contains:
path: spec.rules[0].backendRefs
content:
group: ''
kind: Service
name: athens-proxy-unittest
namespace: testing
port: 3000
weight: 1
- contains:
path: spec.rules[0].matches
content:
path:
type: PathPrefix
value: /
- it: Rendering custom annotations and labels
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute:
enabled: true
annotations:
foo: bar
labels:
bar: foo
service.enabled: true
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
bar: foo
helm.sh/chart: athens-proxy-0.1.0
- it: Rendering custom service port
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
service:
enabled: true
port: 9090
asserts:
- equal:
path: spec.rules[0].backendRefs[0].port
value: 9090
- it: Rendering custom matches
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute:
enabled: true
matches:
- path:
type: PathPrefix
value: /foo
service.enabled: true
asserts:
- contains:
path: spec.rules[0].matches
content:
path:
type: PathPrefix
value: /foo
- it: Rendering custom hostnames and parentRefs
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute:
enabled: true
hostnames:
- athens-proxy.example.local
parentRefs:
- name: gateway
namespace: testing
kind: Gateway
sectionName: athens-proxy-debug-gateway
service.enabled: true
asserts:
- lengthEqual:
path: spec.hostnames
count: 1
- contains:
path: spec.hostnames
content:
athens-proxy.example.local
- lengthEqual:
path: spec.parentRefs
count: 1
- contains:
path: spec.parentRefs
content:
name: gateway
namespace: testing
kind: Gateway
sectionName: athens-proxy-debug-gateway
unittests/ingress/ingress.yaml → unittests/ingresses/ingress.yaml
+4 -4
View File
@@ -15,7 +15,7 @@ tests:
- it: Skip ingress, when service is disabled. - it: Skip ingress, when service is disabled.
set: set:
services.http.enabled: false service.enabled: false
ingress.enabled: true ingress.enabled: true
asserts: asserts:
- hasDocuments: - hasDocuments:
@@ -65,7 +65,7 @@ tests:
pathType: Prefix pathType: Prefix
backend: backend:
service: service:
name: athens-proxy-unittest-http name: athens-proxy-unittest
port: port:
number: 3000 number: 3000
- contains: - contains:
@@ -92,7 +92,7 @@ tests:
- secretName: athens-proxy-http-tls - secretName: athens-proxy-http-tls
hosts: hosts:
- athens-proxy.example.local - athens-proxy.example.local
services.http.port: 8080 service.port: 8080
asserts: asserts:
- hasDocuments: - hasDocuments:
@@ -128,7 +128,7 @@ tests:
pathType: Prefix pathType: Prefix
backend: backend:
service: service:
name: athens-proxy-unittest-http name: athens-proxy-unittest
port: port:
number: 8080 number: 8080
- contains: - contains:
unittests/networkPolicy/networkPolicy.yaml → unittests/networkPolicies/networkPolicy.yaml
View File
unittests/persistentVolumeClaim/persistentVolumeClaim.yaml → unittests/persistentVolumeClaims/persistentVolumeClaim.yaml
View File
unittests/services/http.yaml → unittests/services/service.yaml
+19 -19
View File
@@ -6,11 +6,11 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/serviceHTTP.yaml - templates/service.yaml
tests: tests:
- it: Skip service when disabled. - it: Skip service when disabled.
set: set:
services.http.enabled: false service.enabled: false
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 0 count: 0
@@ -22,7 +22,7 @@ tests:
- containsDocument: - containsDocument:
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
name: athens-proxy-unittest-http name: athens-proxy-unittest
namespace: testing namespace: testing
- notExists: - notExists:
path: metadata.annotations path: metadata.annotations
@@ -75,37 +75,37 @@ tests:
- it: Require internalTrafficPolicy. - it: Require internalTrafficPolicy.
set: set:
services.http.internalTrafficPolicy: "" service.internalTrafficPolicy: ""
asserts: asserts:
- failedTemplate: - failedTemplate:
errorMessage: No internal traffic policy defined! errorMessage: No internal traffic policy defined!
- it: Require port. - it: Require port.
set: set:
services.http.port: "" service.port: ""
asserts: asserts:
- failedTemplate: - failedTemplate:
errorMessage: No service port defined! errorMessage: No service port defined!
- it: Require sessionAffinity. - it: Require sessionAffinity.
set: set:
services.http.sessionAffinity: "" service.sessionAffinity: ""
asserts: asserts:
- failedTemplate: - failedTemplate:
errorMessage: No session affinity defined! errorMessage: No session affinity defined!
- it: Require service type. - it: Require service type.
set: set:
services.http.type: "" service.type: ""
asserts: asserts:
- failedTemplate: - failedTemplate:
errorMessage: No service type defined! errorMessage: No service type defined!
- it: Render service with custom annotations and labels. - it: Render service with custom annotations and labels.
set: set:
services.http.annotations: service.annotations:
foo: bar foo: bar
services.http.labels: service.labels:
bar: foo bar: foo
asserts: asserts:
- equal: - equal:
@@ -125,19 +125,19 @@ tests:
- it: Change defaults - it: Change defaults
set: set:
services.http.externalIPs: service.externalIPs:
- "10.11.12.13/32" - "10.11.12.13/32"
services.http.externalTrafficPolicy: Local service.externalTrafficPolicy: Local
services.http.internalTrafficPolicy: Local service.internalTrafficPolicy: Local
services.http.ipFamilies: service.ipFamilies:
- IPv4 - IPv4
services.http.loadBalancerClass: aws service.loadBalancerClass: aws
services.http.loadBalancerIP: "11.12.13.14" service.loadBalancerIP: "11.12.13.14"
services.http.loadBalancerSourceRanges: service.loadBalancerSourceRanges:
- "11.12.0.0/17" - "11.12.0.0/17"
services.http.port: 10443 service.port: 10443
services.http.sessionAffinity: ClientIP service.sessionAffinity: ClientIP
services.http.type: LoadBalancer service.type: LoadBalancer
asserts: asserts:
- equal: - equal:
path: spec.externalIPs path: spec.externalIPs
values.yaml
+99 -32
View File
@@ -1,4 +1,5 @@
# Declare variables to be passed into your templates. # Declare variables to be passed into your templates.
## @section Global ## @section Global
## @param nameOverride Individual release name suffix. ## @param nameOverride Individual release name suffix.
## @param fullnameOverride Override the complete release name logic. ## @param fullnameOverride Override the complete release name logic.
@@ -520,6 +521,72 @@ deployment:
# secret: # secret:
# secretName: my-secret # secretName: my-secret
## @section GatewayAPI
gatewayAPI:
## @param gatewayAPI.enabled Enable the Gateway API resources. Requires Kubernetes v1.19 or higher, the CRD's and a compatible gateway controller.
enabled: false
core:
## @param gatewayAPI.core.backendTLSPolicy.enabled Enable the BackendTLSPolicy resource. Requires also `gatewayAPI.enabled` to be `true`.
## @param gatewayAPI.core.backendTLSPolicy.annotations Additional annotations for the BackendTLSPolicy.
## @param gatewayAPI.core.backendTLSPolicy.labels Additional labels for the BackendTLSPolicy.
## @param gatewayAPI.core.backendTLSPolicy.validation Validation configuration for the BackendTLSPolicy. For example, you can specify a trusted CA certificate to validate the TLS connection between the gateway and the athens-proxy pod.
backendTLSPolicy:
enabled: false
annotations: {}
labels: {}
validation: {}
# caCertificateRefs:
# - group: ""
# kind: Secret
# name: "athens-proxy-ca"
# hostname: "athens-proxy"
## @param gatewayAPI.core.httpRoute.enabled Enable the HTTPRoute resource. Requires also `gatewayAPI.enabled` and `service.enabled` to be `true`.
## @param gatewayAPI.core.httpRoute.annotations Additional annotations for the HTTPRoute.
## @param gatewayAPI.core.httpRoute.labels Additional labels for the HTTPRoute.
## @param gatewayAPI.core.httpRoute.hostnames Hostnames for the HTTPRoute.
## @skip gatewayAPI.core.httpRoute.matches Match conditions for the HTTPRoute. You can specify path based match conditions to route traffic to the athens-proxy service.
## @param gatewayAPI.core.httpRoute.parentRefs ParentRefs for the HTTPRoute. You can specify parentRefs to bind the HTTPRoute to specific Gateway resources.
httpRoute:
enabled: false
annotations: {}
labels: {}
hostnames: []
matches:
- path:
type: PathPrefix
value: /
parentRefs: []
# - name: gateway
# kind: Gateway
# group: gateway.networking.k8s.io
# namespace: default
# sectionName: athens-proxy-http
nginx:
## @param gatewayAPI.nginx.clientSettingsPolicy.enabled Enable the ClientSettingsPolicy resource. Requires also `gatewayAPI.enabled` to be `true`.
## @param gatewayAPI.nginx.clientSettingsPolicy.annotations Additional annotations for the ClientSettingsPolicy.
## @param gatewayAPI.nginx.clientSettingsPolicy.labels Additional labels for the ClientSettingsPolicy.
## @param gatewayAPI.nginx.clientSettingsPolicy.clientMaxBodySize ClientMaxBodySize sets the maximum allowed size of the client request body. If not specified, the default of the nginx gateway controller is used.
## @param gatewayAPI.nginx.clientSettingsPolicy.clientBodyTimeout ClientBodyTimeout sets the timeout for reading the client request body. If not specified, the default of the nginx gateway controller is used.
## @param gatewayAPI.nginx.clientSettingsPolicy.keepaliveRequests KeepaliveRequests sets the maximum number of requests that can be served through one keepalive connection. If not specified, the default of the nginx gateway controller is used.
## @param gatewayAPI.nginx.clientSettingsPolicy.keepaliveTime KeepaliveTime sets the time a keepalive connection is kept open. If not specified, the default of the nginx gateway controller is used.
## @param gatewayAPI.nginx.clientSettingsPolicy.keepaliveTimeout KeepaliveTimeout sets the time a client has to wait for the response of a request until the connection is closed. If not specified, the default of the nginx gateway controller is used.
## @param gatewayAPI.nginx.clientSettingsPolicy.keepaliveMinTimeout KeepaliveMinTimeout sets the minimum time a client has to wait for the response of a request until the connection is closed. If not specified, the default of the nginx gateway controller is used.
clientSettingsPolicy:
enabled: false
annotations: {}
labels: {}
clientMaxBodySize: ""
clientBodyTimeout: ""
keepaliveRequests:
keepaliveTime: ""
keepaliveTimeout: ""
keepaliveMinTimeout: ""
## @section Horizontal Pod Autoscaler (HPA) ## @section Horizontal Pod Autoscaler (HPA)
# In order for the HPA to function successfully, a metric server is required, especially for resource consumption. The # In order for the HPA to function successfully, a metric server is required, especially for resource consumption. The
# metric server enables the CPU and memory utilisation to be recorded. If such a metric server is not available, the HPA # metric server enables the CPU and memory utilisation to be recorded. If such a metric server is not available, the HPA
@@ -551,6 +618,7 @@ hpa:
minReplicas: 1 minReplicas: 1
maxReplicas: 10 maxReplicas: 10
## @section Ingress ## @section Ingress
ingress: ingress:
## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled. ## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled.
@@ -562,7 +630,7 @@ ingress:
annotations: {} annotations: {}
labels: {} labels: {}
## @param ingress.hosts Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. ## @param ingress.hosts Ingress specific configuration.
## @skip ingress.hosts Skip individual host configuration. ## @skip ingress.hosts Skip individual host configuration.
hosts: [] hosts: []
# - host: athens-proxy.example.local # - host: athens-proxy.example.local
@@ -570,7 +638,7 @@ ingress:
# - path: / # - path: /
# pathType: Prefix # pathType: Prefix
## @param ingress.tls Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``. ## @param ingress.tls Ingress TLS settings.
## @skip ingress.tls Skip individual TLS configuration. ## @skip ingress.tls Skip individual TLS configuration.
tls: [] tls: []
# - secretName: athens-proxy-http-tls # - secretName: athens-proxy-http-tls
@@ -681,36 +749,35 @@ networkPolicy:
# protocol: TCP # protocol: TCP
## @section Service ## @section Service
## @param services.http.enabled Enable the service. ## @param service.enabled Enable the service.
## @param services.http.annotations Additional service annotations. ## @param service.annotations Additional service annotations.
## @param services.http.externalIPs External IPs for the service. ## @param service.externalIPs External IPs for the service.
## @param services.http.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. ## @param service.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation.
## @param services.http.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. ## @param service.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic.
## @param services.http.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. ## @param service.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization.
## @param services.http.labels Additional service labels. ## @param service.labels Additional service labels.
## @param services.http.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. ## @param service.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`.
## @param services.http.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. ## @param service.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.
## @param services.http.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. ## @param service.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.
## @param services.http.port Port to forward the traffic to. ## @param service.port Port to forward the traffic to.
## @param services.http.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. ## @param service.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.
## @param services.http.sessionAffinityConfig Contains the configuration of the session affinity. ## @param service.sessionAffinityConfig Contains the configuration of the session affinity.
## @param services.http.type Kubernetes service type for the traffic. ## @param service.type Kubernetes service type for the traffic.
services: service:
http: enabled: true
enabled: true annotations: {}
annotations: {} externalIPs: []
externalIPs: [] externalTrafficPolicy: "Cluster"
externalTrafficPolicy: "Cluster" internalTrafficPolicy: "Cluster"
internalTrafficPolicy: "Cluster" ipFamilies: []
ipFamilies: [] labels: {}
labels: {} loadBalancerClass: ""
loadBalancerClass: "" loadBalancerIP: ""
loadBalancerIP: "" loadBalancerSourceRanges: []
loadBalancerSourceRanges: [] port: 3000
port: 3000 sessionAffinity: "None"
sessionAffinity: "None" sessionAffinityConfig: {}
sessionAffinityConfig: {} type: "ClusterIP"
type: "ClusterIP"
## @section ServiceAccount ## @section ServiceAccount
serviceAccount: serviceAccount: