volker.raschek/athens-proxy-charts
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: volker.raschek/athens-proxy-charts:2.0.0
Branches Tags
volker.raschek/athens-proxy-charts:master volker.raschek/athens-proxy-charts:renovate/losisin-helm-values-schema-json-2.x
volker.raschek/athens-proxy-charts:2.0.1 volker.raschek/athens-proxy-charts:2.0.0 volker.raschek/athens-proxy-charts:2.0.0-rc.3 volker.raschek/athens-proxy-charts:2.0.0-rc-2 volker.raschek/athens-proxy-charts:2.0.0-rc-1 volker.raschek/athens-proxy-charts:2.0.0-rc-0 volker.raschek/athens-proxy-charts:1.4.1 volker.raschek/athens-proxy-charts:1.4.0 volker.raschek/athens-proxy-charts:1.3.0 volker.raschek/athens-proxy-charts:1.2.1 volker.raschek/athens-proxy-charts:1.2.0 volker.raschek/athens-proxy-charts:1.1.1 volker.raschek/athens-proxy-charts:1.1.0 volker.raschek/athens-proxy-charts:1.0.3 volker.raschek/athens-proxy-charts:1.0.2 volker.raschek/athens-proxy-charts:1.0.1 volker.raschek/athens-proxy-charts:1.0.0 volker.raschek/athens-proxy-charts:0.2.1 volker.raschek/athens-proxy-charts:0.2.0 volker.raschek/athens-proxy-charts:0.1.5 volker.raschek/athens-proxy-charts:0.1.4 volker.raschek/athens-proxy-charts:0.1.3 volker.raschek/athens-proxy-charts:0.1.2 volker.raschek/athens-proxy-charts:0.1.1 volker.raschek/athens-proxy-charts:0.1.0
..
compare: volker.raschek/athens-proxy-charts:774d09de2366aa101bb61eaeaefafc64925609e4
Branches Tags
volker.raschek/athens-proxy-charts:renovate/losisin-helm-values-schema-json-2.x volker.raschek/athens-proxy-charts:master
volker.raschek/athens-proxy-charts:2.0.1 volker.raschek/athens-proxy-charts:2.0.0 volker.raschek/athens-proxy-charts:2.0.0-rc.3 volker.raschek/athens-proxy-charts:2.0.0-rc-2 volker.raschek/athens-proxy-charts:2.0.0-rc-1 volker.raschek/athens-proxy-charts:2.0.0-rc-0 volker.raschek/athens-proxy-charts:1.4.1 volker.raschek/athens-proxy-charts:1.4.0 volker.raschek/athens-proxy-charts:1.3.0 volker.raschek/athens-proxy-charts:1.2.1 volker.raschek/athens-proxy-charts:1.2.0 volker.raschek/athens-proxy-charts:1.1.1 volker.raschek/athens-proxy-charts:1.1.0 volker.raschek/athens-proxy-charts:1.0.3 volker.raschek/athens-proxy-charts:1.0.2 volker.raschek/athens-proxy-charts:1.0.1 volker.raschek/athens-proxy-charts:1.0.0 volker.raschek/athens-proxy-charts:0.2.1 volker.raschek/athens-proxy-charts:0.2.0 volker.raschek/athens-proxy-charts:0.1.5 volker.raschek/athens-proxy-charts:0.1.4 volker.raschek/athens-proxy-charts:0.1.3 volker.raschek/athens-proxy-charts:0.1.2 volker.raschek/athens-proxy-charts:0.1.1 volker.raschek/athens-proxy-charts:0.1.0

1 Commits
2.0.0 .. 774d09de23

Author SHA1 Message Date
CSRBot 774d09de23 chore(deps): update docker.io/library/node docker tag to v26
Helm / helm-lint (push) Successful in 11s
Details
Helm / helm-lint (pull_request) Successful in 4s
Details
Helm / helm-unittest (pull_request) Successful in 22s
Details
Helm / helm-unittest (push) Successful in 32s
Details
2026-05-14 00:03:12 +00:00
46 changed files with 202 additions and 1294 deletions
Expand all files Collapse all files
.gitea/scripts/add-annotations.sh
+3 -13
View File
@@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
set -eo pipefail set -e
CHART_FILE="Chart.yaml" CHART_FILE="Chart.yaml"
if [ ! -f "${CHART_FILE}" ]; then if [ ! -f "${CHART_FILE}" ]; then
@@ -8,11 +8,8 @@ if [ ! -f "${CHART_FILE}" ]; then
exit 1 exit 1
fi fi
rc_pattern="\-rc([-\.][0-9]+)?$" DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
# Exclude prerelease tags (matching -rc or -rc.<digits>) from default tag selection
DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp "${rc_pattern}" | head --lines 1)"
DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp "${rc_pattern}" | head --lines 2 | tail --lines 1)"
if [ -z "${1}" ]; then if [ -z "${1}" ]; then
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
@@ -57,13 +54,6 @@ else
fi fi
fi fi
# Check if NEW_TAG is a prerelease (matches -rc or -rc-<digits> suffix)
if [[ "${NEW_TAG}" =~ ${rc_pattern} ]]; then
echo "INFO: Tag '${NEW_TAG}' is a prerelease, setting prerelease annotation and skipping changelog."
yq --no-colors --inplace ".annotations.\"artifacthub.io/prerelease\" = \"true\" | sort_keys(.)" "${CHART_FILE}"
exit 0
fi
CHANGE_LOG_YAML=$(mktemp) CHANGE_LOG_YAML=$(mktemp)
echo "[]" > "${CHANGE_LOG_YAML}" echo "[]" > "${CHANGE_LOG_YAML}"
.gitea/workflows/artifacthub-metadata.yaml
-41
View File
@@ -1,41 +0,0 @@
name: Upload ArtifactHub Metadata
on:
schedule:
- cron: '0 3 1 * *'
workflow_dispatch:
jobs:
upload-metadata:
name: "Upload artifacthub-repo.yml to OCI registry"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6.0.2
- uses: docker/login-action@v4.2.0
with:
registry: ${{ github.server_url }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
- uses: oras-project/setup-oras@v2.0.0
with:
version: 1.3.2 # renovate: datasource=github-tags depName=oras-project/oras extractVersion='^v?(?<version>.*)$'
- name: Extract meta information
run: |
echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut -d '/' -f 3)" >> $GITHUB_ENV
echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
- name: Push artifacthub-repo.yml
run: |
oras push ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:artifacthub.io \
--config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml \
artifacthub-repo.yml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml
- name: Push public cosign key
env:
COSIGN_PUBLIC_KEY: ${{ vars.COSIGN_PUBLIC_KEY }}
run: |
echo "${COSIGN_PUBLIC_KEY}" > cosign.pub
oras push ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:cosign.pub \
--artifact-type application/vnd.dev.cosign.public-key.v1 \
--annotation org.opencontainers.image.title=cosign.pub \
cosign.pub:application/vnd.dev.cosign.public-key.v1
.gitea/workflows/generate-readme.yaml
+1 -1
View File
@@ -15,7 +15,7 @@ on:
jobs: jobs:
generate-parameters: generate-parameters:
container: container:
image: docker.io/library/node:26.2.0-alpine image: docker.io/library/node:26.1.0-alpine
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Install tooling - name: Install tooling
.gitea/workflows/helm.yaml
+2 -2
View File
@@ -17,7 +17,7 @@ jobs:
- uses: actions/checkout@v6.0.2 - uses: actions/checkout@v6.0.2
- uses: azure/setup-helm@v5.0.0 - uses: azure/setup-helm@v5.0.0
with: with:
version: v4.2.0 # renovate: datasource=github-releases depName=helm/helm version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm
- name: Lint helm files - name: Lint helm files
run: | run: |
helm lint --values values.yaml . helm lint --values values.yaml .
@@ -28,7 +28,7 @@ jobs:
- uses: actions/checkout@v6.0.2 - uses: actions/checkout@v6.0.2
- uses: azure/setup-helm@v5.0.0 - uses: azure/setup-helm@v5.0.0
with: with:
version: v4.2.0 # renovate: datasource=github-releases depName=helm/helm version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm
- env: - env:
HELM_UNITTEST_VERSION: v1.0.0 #renovate: datasource=github-releases depName=helm-unittest/helm-unittest HELM_UNITTEST_VERSION: v1.0.0 #renovate: datasource=github-releases depName=helm-unittest/helm-unittest
name: Install helm-unittest name: Install helm-unittest
.gitea/workflows/markdown-linters.yaml
+2 -2
View File
@@ -15,7 +15,7 @@ on:
jobs: jobs:
markdown-link-checker: markdown-link-checker:
container: container:
image: docker.io/library/node:26.2.0-alpine image: docker.io/library/node:26.1.0-alpine
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Install tooling - name: Install tooling
@@ -30,7 +30,7 @@ jobs:
markdown-lint: markdown-lint:
container: container:
image: docker.io/library/node:26.2.0-alpine image: docker.io/library/node:26.1.0-alpine
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Install tooling - name: Install tooling
.gitea/workflows/release.yaml
+24 -127
View File
@@ -1,10 +1,5 @@
name: Release name: Release
env:
GPG_PRIVATE_KEY_FILE: ${{ runner.temp }}/private.key
GPG_PRIVATE_KEY_FINGERPRINT: ${{ vars.GPG_PRIVATE_KEY_FINGERPRINT }}
GPG_PRIVATE_KEY_PASSPHRASE_FILE: ${{ runner.temp }}/passphrase.txt
on: on:
push: push:
tags: tags:
@@ -12,58 +7,14 @@ on:
jobs: jobs:
publish-chart: publish-chart:
container:
image: docker.io/volkerraschek/helm:3.19.2
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: volker-raschek/cosign-installer@v4.1.2-rc4 - name: Install packages via apk
with:
cosign-release: "v3.0.6" # renovate: datasource=github-tags depName=sigstore/cosign
- uses: azure/setup-helm@v5.0.0
with:
version: "v4.2.0" # renovate: datasource=github-tags depName=helm/helm
- name: Install helm plugins
env:
HELM_SIGSTORE_VERSION: "0.3.0" # renovate: datasource=github-tags depName=sigstore/helm-sigstore extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
HELM_SCHEMA_VALUES_VERSION: "2.4.0" # renovate: datasource=github-tags depName=losisin/helm-values-schema-json extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
HELM_UNITTEST_VERSION: "1.1.0" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
run: | run: |
helm plugin install --verify=false https://github.com/sigstore/helm-sigstore.git --version "${HELM_SIGSTORE_VERSION}" 1> /dev/null apk update
helm plugin install --verify=false https://github.com/losisin/helm-values-schema-json.git --version "${HELM_SCHEMA_VALUES_VERSION}" 1> /dev/null apk add git npm jq yq
helm plugin install --verify=false https://github.com/helm-unittest/helm-unittest.git --version "${HELM_UNITTEST_VERSION}" 1> /dev/null
helm plugin list
- name: GPG configuration
env:
GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }}
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
run: |
# Configure GPG and GPG Agent
mkdir --parents "${HOME}/.gnupg"
chmod 0700 "${HOME}/.gnupg"
cat > "${HOME}/.gnupg/gpg.conf" <<EOF
use-agent
pinentry-mode loopback
EOF
cat > "${HOME}/.gnupg/gpg-agent.conf" <<EOF
allow-loopback-pinentry
max-cache-ttl 86400
default-cache-ttl 86400
EOF
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
# Import GPG private key
cat 1> "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
cat 1> "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY}"
gpg --batch --yes --passphrase-fd 0 --import "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
# Export GPG keyring
gpg --batch --yes --export "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/pubring.gpg"
gpg --batch --yes --passphrase-fd 0 --export-secret-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/secring.gpg" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
- uses: actions/checkout@v6.0.2 - uses: actions/checkout@v6.0.2
with: with:
@@ -71,17 +22,15 @@ jobs:
- name: Add Artifacthub.io annotations - name: Add Artifacthub.io annotations
run: | run: |
rc_pattern="\-rc([-\.][0-9]+)?$" NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
NEW_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp "${rc_pattern}" | head --lines 1)" OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
OLD_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp "${rc_pattern}" | head --lines 2 | tail --lines 1)"
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}" .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
- name: Extract meta information - name: Extract meta information
run: | run: |
echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut --delimiter '/' --fields 3)" >> $GITHUB_ENV
echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 1)" >> $GITHUB_ENV echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
- name: Update Helm Chart version in README.md - name: Update Helm Chart version in README.md
run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md
@@ -89,76 +38,24 @@ jobs:
- name: Package chart - name: Package chart
run: | run: |
helm dependency build helm dependency build
helm package \ helm package --version "${PACKAGE_VERSION}" ./
--sign \
--key "$(gpg --with-colons --list-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" | grep uid | cut --delimiter ':' --fields 10)" \
--keyring "${HOME}/.gnupg/secring.gpg" \
--passphrase-file "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" \
--version "${PACKAGE_VERSION}" ./
- uses: docker/login-action@v4.2.0 - name: Upload Chart to ChartMuseum
with:
registry: ${{ github.server_url }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
- name: Upload Chart to Gitea (OCI)
env: env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
run: |
helm push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz oci://${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}
cosign sign --yes --upload=true --key=env://COSIGN_PRIVATE_KEY ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:${PACKAGE_VERSION}
- name: Upload Chart to Gitea (Helm)
env:
GITEA_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
run: |
curl \
--fail \
--show-error \
--request POST \
--user "${REPOSITORY_OWNER}:${GITEA_REGISTRY_TOKEN}" \
--upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz" \
https://${GITEA_SERVER_HOSTNAME}/api/packages/${REPOSITORY_OWNER}/helm/api/charts
# NOTE:
# Gitea does currently not support uploading Helm chart provenance files, so we skip this step for now. Once
# Gitea supports this, we can simply uncomment the following lines to upload the provenance file as well.
#
# https://github.com/helm/helm/issues/31866
#
# if [ -f "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz.prov" ]; then
# curl \
# --fail \
# --show-error \
# --request POST \
# --user "${CHARTMUSEUM_USERNAME}:${CHARTMUSEUM_PASSWORD}" \
# --upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz.prov" \
# https://${GITEA_SERVER_HOSTNAME}/api/packages/${REPOSITORY_OWNER}/helm/api/prov
# fi
- name: Upload Chart to Chartmuseum (Helm)
env:
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }} CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
run: | run: |
curl \ helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
--fail \ helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
--show-error \ helm repo remove chartmuseum
--request POST \
--user "${CHARTMUSEUM_USERNAME}:${CHARTMUSEUM_PASSWORD}" \
--upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz" \
https://${CHARTMUSEUM_HOSTNAME}/api/${CHARTMUSEUM_REPOSITORY}/charts
if [ -f "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz.prov" ]; then - name: Upload Chart to Gitea
curl \ env:
--fail \ GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
--show-error \ GITEA_SERVER_URL: ${{ github.server_url }}
--request POST \ run: |
--user "${CHARTMUSEUM_USERNAME}:${CHARTMUSEUM_PASSWORD}" \ helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
--upload-file ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz.prov \ helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
https://${CHARTMUSEUM_HOSTNAME}/api/${CHARTMUSEUM_REPOSITORY}/prov helm repo remove gitea
fi
.gitignore
+5 -5
View File
@@ -1,9 +1,9 @@
charts charts
cosign*
node_modules node_modules
target target
!values.yaml values2.yml
!values.yml values2.yaml
values*.yaml
values*.yml
*.tgz *.tgz
install.sh
uninstall.sh
Chart.yaml
-6
View File
@@ -1,15 +1,9 @@
annotations: annotations:
artifacthub.io/license: MIT
artifacthub.io/links: | artifacthub.io/links: |
- name: Athens proxy (binary) - name: Athens proxy (binary)
url: https://github.com/gomods/athens url: https://github.com/gomods/athens
- name: support - name: support
url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues
artifacthub.io/operator: "false"
artifacthub.io/prerelease: "false"
artifacthub.io/signKey: |
fingerprint: 3B0CE9853CAD76076260025383D342258456906E
url: https://keys.openpgp.org/vks/v1/by-fingerprint/3B0CE9853CAD76076260025383D342258456906E
apiVersion: v2 apiVersion: v2
name: athens-proxy name: athens-proxy
description: Athens proxy server for golang description: Athens proxy server for golang
Makefile
-19
View File
@@ -18,25 +18,6 @@ NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:
missing-dot: missing-dot:
grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml
# README
# ==============================================================================
readme: readme/link readme/lint readme/parameters
readme/link:
npm install && npm run readme:link
readme/lint:
npm install && npm run readme:lint
readme/parameters:
npm install && npm run readme:parameters
# HELM UNITTESTS
# ==============================================================================
PHONY+=helm/unittest
helm/unittest:
helm unittest --strict --file 'unittests/**/*.yaml' ./
# CONTAINER RUN - README # CONTAINER RUN - README
# ============================================================================== # ==============================================================================
PHONY+=container-run/readme PHONY+=container-run/readme
README.md
+24 -163
View File
@@ -96,10 +96,6 @@ certificate can be used the [cert-manager](https://cert-manager.io/). The chart
certificate via `cert-manager.io/v1 Certificate` resource. Alternatively can be mounted a TLS certificate from a secret. certificate via `cert-manager.io/v1 Certificate` resource. Alternatively can be mounted a TLS certificate from a secret.
The secret must be from type `kubernetes.io/tls`. The secret must be from type `kubernetes.io/tls`.
If athens-proxy is deployed behind a reverse proxy, for example an ingress nginx controller or Gateway API, please
instruct the reverse proxy to establish a TLS encrypted connection to avoid connection problems. The documentation
describes configuring [Ingress NGINX](#ingress-nginx) as well as [NGINX Gateway Fabric](#gatewayapi-nginx-fabric).
> [!WARNING] > [!WARNING]
> The following example expects that the [cert-manager](https://cert-manager.io/) is deployed and the `Issuer` named > The following example expects that the [cert-manager](https://cert-manager.io/) is deployed and the `Issuer` named
> `athens-proxy-ca` is present in the same namespace of the helm deployment. > `athens-proxy-ca` is present in the same namespace of the helm deployment.
@@ -115,110 +111,6 @@ helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-pro
The environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` are automatically added and the TLS certificate The environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` are automatically added and the TLS certificate
and private key are mounted to a pre-defined destination inside the container file system. and private key are mounted to a pre-defined destination inside the container file system.
##### Ingress NGINX
The following changes must be applied to enable TLS encryption and authentication on-top between the ingress and backend
service.
> [!IMPORTANT]
> The HTTP Version between the ingress nginx and backend must be set to `1.1`, as well as the TLS protocol must be set
> to `TLSv1.2`. Otherwise can't the nginx establish a TLS connection.
The secret `athens-proxy/ingress-nginx-controller-tls` contains TLS certificates for the nginx ingress controller. The
TLS certificate must be created manually, for example via [cert-manager](https://cert-manager.io/). It is used by the
nginx for TLS authentication.
```yaml
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
nginx.ingress.kubernetes.io/proxy-ssl-secret: athens-proxy/ingress-nginx-controller-tls
nginx.ingress.kubernetes.io/proxy-ssl-protocols: TLSv1.2
nginx.ingress.kubernetes.io/proxy-ssl-name: athens-proxy
nginx.ingress.kubernetes.io/proxy-ssl-verify: "on"
```
##### GatewayAPI: NGINX Fabric
The following changes must be applied to enable TLS encryption and authentication on-top between the gateway and backend
service.
> [!IMPORTANT]
> The HTTP Version between the nginx gateway fabric and backend must be set to `1.1`, as well as the TLS protocol must
> be set to `TLSv1.2`. Otherwise can't the nginx establish a TLS connection.
The `gatewayAPI.core.backendTLSPolicy.validation.caCertificateRefs` must contain at least one secret containing the
root or intermediate certificate of the issued TLS certificate used by athens-proxy to be able to validate the TLS
certificate.
```yaml
gatewayAPI:
enabled: true
core:
backendTLSPolicy:
enabled: true
validation:
caCertificateRefs:
- group: ""
kind: Secret
name: "athens-proxy-ca"
hostname: "athens-proxy"
httpRoute:
enabled: true
hostnames:
- athens-proxy.example.local
parentRefs:
- name: nginx
kind: Gateway
group: gateway.networking.k8s.io
namespace: my-gateway-namespace
sectionName: athens-proxy-https
```
The Gateway resource is not part of the helm chart, but for illustrating the configuration example, here a GatewayAPI
resource with configured backend TLS certificate. The TLS certificates `gateway-frontend-tls` and `gateway-backend-tls`
must also be created manually, for example via [cert-manager](https://cert-manager.io/).
```yaml
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: nginx
namespace: my-gateway-namespace
spec:
gatewayClassName: nginx
listeners:
- allowedRoutes:
kinds:
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespaces:
from: All
hostname: athens-proxy.example.local
name: https
port: 443
protocol: HTTPS
tls:
certificateRefs:
- group: ''
kind: Secret
name: gateway-frontend-tls
namespace: my-gateway-namespace
mode: Terminate
tls:
backend:
clientCertificateRef:
group: ''
kind: Secret
name: gateway-backend-tls
namespace: my-gateway-namespace
```
#### TLS certificate rotation #### TLS certificate rotation
If the application uses TLS certificates that are mounted as a secret in the container file system like the example If the application uses TLS certificates that are mounted as a secret in the container file system like the example
@@ -306,13 +198,6 @@ networkPolicies:
podSelector: podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
# NGINX GatewayAPI Fabric
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: gateway-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: gateway-nginx
ports: ports:
- port: http - port: http
protocol: TCP protocol: TCP
@@ -500,30 +385,6 @@ spec:
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the athens-proxy deployment. | `[]` | | `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the athens-proxy deployment. | `[]` |
| `deployment.volumes` | Additional volumes to mount into the pods of the athens-proxy deployment. | `[]` | | `deployment.volumes` | Additional volumes to mount into the pods of the athens-proxy deployment. | `[]` |
### GatewayAPI
| Name | Description | Value |
| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `gatewayAPI.enabled` | Enable the Gateway API resources. Requires Kubernetes v1.19 or higher, the CRD's and a compatible gateway controller. | `false` |
| `gatewayAPI.core.backendTLSPolicy.enabled` | Enable the BackendTLSPolicy resource. Requires also `gatewayAPI.enabled` to be `true`. | `false` |
| `gatewayAPI.core.backendTLSPolicy.annotations` | Additional annotations for the BackendTLSPolicy. | `{}` |
| `gatewayAPI.core.backendTLSPolicy.labels` | Additional labels for the BackendTLSPolicy. | `{}` |
| `gatewayAPI.core.backendTLSPolicy.validation` | Validation configuration for the BackendTLSPolicy. For example, you can specify a trusted CA certificate to validate the TLS connection between the gateway and the athens-proxy pod. | `{}` |
| `gatewayAPI.core.httpRoute.enabled` | Enable the HTTPRoute resource. Requires also `gatewayAPI.enabled` and `service.enabled` to be `true`. | `false` |
| `gatewayAPI.core.httpRoute.annotations` | Additional annotations for the HTTPRoute. | `{}` |
| `gatewayAPI.core.httpRoute.labels` | Additional labels for the HTTPRoute. | `{}` |
| `gatewayAPI.core.httpRoute.hostnames` | Hostnames for the HTTPRoute. | `[]` |
| `gatewayAPI.core.httpRoute.parentRefs` | ParentRefs for the HTTPRoute. You can specify parentRefs to bind the HTTPRoute to specific Gateway resources. | `[]` |
| `gatewayAPI.nginx.clientSettingsPolicy.enabled` | Enable the ClientSettingsPolicy resource. Requires also `gatewayAPI.enabled` to be `true`. | `false` |
| `gatewayAPI.nginx.clientSettingsPolicy.annotations` | Additional annotations for the ClientSettingsPolicy. | `{}` |
| `gatewayAPI.nginx.clientSettingsPolicy.labels` | Additional labels for the ClientSettingsPolicy. | `{}` |
| `gatewayAPI.nginx.clientSettingsPolicy.clientMaxBodySize` | ClientMaxBodySize sets the maximum allowed size of the client request body. If not specified, the default of the nginx gateway controller is used. | `""` |
| `gatewayAPI.nginx.clientSettingsPolicy.clientBodyTimeout` | ClientBodyTimeout sets the timeout for reading the client request body. If not specified, the default of the nginx gateway controller is used. | `""` |
| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveRequests` | KeepaliveRequests sets the maximum number of requests that can be served through one keepalive connection. If not specified, the default of the nginx gateway controller is used. | `nil` |
| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveTime` | KeepaliveTime sets the time a keepalive connection is kept open. If not specified, the default of the nginx gateway controller is used. | `""` |
| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveTimeout` | KeepaliveTimeout sets the time a client has to wait for the response of a request until the connection is closed. If not specified, the default of the nginx gateway controller is used. | `""` |
| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveMinTimeout` | KeepaliveMinTimeout sets the minimum time a client has to wait for the response of a request until the connection is closed. If not specified, the default of the nginx gateway controller is used. | `""` |
### Horizontal Pod Autoscaler (HPA) ### Horizontal Pod Autoscaler (HPA)
| Name | Description | Value | | Name | Description | Value |
@@ -537,14 +398,14 @@ spec:
### Ingress ### Ingress
| Name | Description | Value | | Name | Description | Value |
| --------------------- | ---------------------------------------------------------------------------------------- | ------- | | --------------------- | -------------------------------------------------------------------------------------------------------------------- | ------- |
| `ingress.enabled` | Enable creation of an ingress resource. Requires, that the http service is also enabled. | `false` | | `ingress.enabled` | Enable creation of an ingress resource. Requires, that the http service is also enabled. | `false` |
| `ingress.className` | Ingress class. | `nginx` | | `ingress.className` | Ingress class. | `nginx` |
| `ingress.annotations` | Additional ingress annotations. | `{}` | | `ingress.annotations` | Additional ingress annotations. | `{}` |
| `ingress.labels` | Additional ingress labels. | `{}` | | `ingress.labels` | Additional ingress labels. | `{}` |
| `ingress.hosts` | Ingress specific configuration. | `[]` | | `ingress.hosts` | Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. | `[]` |
| `ingress.tls` | Ingress TLS settings. | `[]` | | `ingress.tls` | Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``. | `[]` |
### Persistence ### Persistence
@@ -579,22 +440,22 @@ spec:
### Service ### Service
| Name | Description | Value | | Name | Description | Value |
| ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| `service.enabled` | Enable the service. | `true` | | `services.http.enabled` | Enable the service. | `true` |
| `service.annotations` | Additional service annotations. | `{}` | | `services.http.annotations` | Additional service annotations. | `{}` |
| `service.externalIPs` | External IPs for the service. | `[]` | | `services.http.externalIPs` | External IPs for the service. | `[]` |
| `service.externalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster` | | `services.http.externalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster` |
| `service.internalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | `Cluster` | | `services.http.internalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | `Cluster` |
| `service.ipFamilies` | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | `[]` | | `services.http.ipFamilies` | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | `[]` |
| `service.labels` | Additional service labels. | `{}` | | `services.http.labels` | Additional service labels. | `{}` |
| `service.loadBalancerClass` | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | `""` | | `services.http.loadBalancerClass` | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | `""` |
| `service.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` | | `services.http.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` |
| `service.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` | | `services.http.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` |
| `service.port` | Port to forward the traffic to. | `3000` | | `services.http.port` | Port to forward the traffic to. | `3000` |
| `service.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` | | `services.http.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` |
| `service.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` | | `services.http.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` |
| `service.type` | Kubernetes service type for the traffic. | `ClusterIP` | | `services.http.type` | Kubernetes service type for the traffic. | `ClusterIP` |
### ServiceAccount ### ServiceAccount
artifacthub-repo.yml
-1
View File
@@ -1 +0,0 @@
repositoryID: 4c206fe5-b83a-457a-bcad-7dd664f8b70c
renovate.json
+14
View File
@@ -51,6 +51,20 @@
"volkerraschek/helm" "volkerraschek/helm"
] ]
}, },
{
"automerge": true,
"groupName": "Update helm plugin 'unittest'",
"matchDepNames": [
"helm-unittest/helm-unittest"
],
"matchDatasources": [
"github-releases"
],
"matchUpdateTypes": [
"minor",
"patch"
]
},
{ {
"groupName": "Update docker.io/library/node", "groupName": "Update docker.io/library/node",
"matchDepNames": [ "matchDepNames": [
templates/_backendTLSPolicies.tpl
-32
View File
@@ -1,32 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.backendTLSPolicy.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.gatewayAPI.core.backendTLSPolicy.annotations }}
{{ toYaml .Values.gatewayAPI.core.backendTLSPolicy.annotations }}
{{- end }}
{{- end }}
{{/* enabled */}}
{{- define "athens-proxy.backendTLSPolicy.enabled" -}}
{{- if and .Values.gatewayAPI.enabled
.Values.gatewayAPI.core.backendTLSPolicy.enabled
.Values.service.enabled
-}}
true
{{- else -}}
false
{{- end -}}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.backendTLSPolicy.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.gatewayAPI.core.backendTLSPolicy.labels }}
{{ toYaml .Values.gatewayAPI.core.backendTLSPolicy.labels }}
{{- end }}
{{- end }}
templates/_certificates.tpl → templates/_certificate.tpl
View File
templates/_clientSettingsPolicies.tpl
-31
View File
@@ -1,31 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.clientSettingsPolicy.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.gatewayAPI.nginx.clientSettingsPolicy.annotations }}
{{ toYaml .Values.gatewayAPI.nginx.clientSettingsPolicy.annotations }}
{{- end }}
{{- end }}
{{/* enabled */}}
{{- define "athens-proxy.clientSettingsPolicy.enabled" -}}
{{- if and (eq (include "athens-proxy.httpRoute.enabled" $) "true")
.Values.gatewayAPI.nginx.clientSettingsPolicy.enabled
-}}
true
{{- else -}}
false
{{- end -}}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.clientSettingsPolicy.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.gatewayAPI.nginx.clientSettingsPolicy.labels }}
{{ toYaml .Values.gatewayAPI.nginx.clientSettingsPolicy.labels }}
{{- end }}
{{- end }}
templates/_configMaps.tpl → templates/_configMap.tpl
View File
templates/_deployments.tpl → templates/_deployment.tpl
View File
templates/_httpRoutes.tpl
-32
View File
@@ -1,32 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.httpRoute.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.gatewayAPI.core.httpRoute.annotations }}
{{ toYaml .Values.gatewayAPI.core.httpRoute.annotations }}
{{- end }}
{{- end }}
{{/* enabled */}}
{{- define "athens-proxy.httpRoute.enabled" -}}
{{- if and .Values.gatewayAPI.enabled
.Values.gatewayAPI.core.httpRoute.enabled
.Values.service.enabled
-}}
true
{{- else -}}
false
{{- end -}}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.httpRoute.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.gatewayAPI.core.httpRoute.labels }}
{{ toYaml .Values.gatewayAPI.core.httpRoute.labels }}
{{- end }}
{{- end }}
templates/_ingresses.tpl → templates/_ingress.tpl
View File
templates/_networkPolicies.tpl → templates/_networkPolicy.tpl
View File
templates/_persistentVolumeClaims.tpl → templates/_persistentVolumeClaim.tpl
View File
templates/_pods.tpl → templates/_pod.tpl
View File
templates/_serviceAccounts.tpl → templates/_serviceAccount.tpl
View File
templates/_services.tpl
+10 -10
View File
@@ -2,28 +2,28 @@
{{/* annotations */}} {{/* annotations */}}
{{- define "athens-proxy.service.annotations" -}} {{- define "athens-proxy.services.http.annotations" -}}
{{ include "athens-proxy.annotations" . }} {{ include "athens-proxy.annotations" . }}
{{- if .Values.service.annotations }} {{- if .Values.services.http.annotations }}
{{ toYaml .Values.service.annotations }} {{ toYaml .Values.services.http.annotations }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/* labels */}} {{/* labels */}}
{{- define "athens-proxy.service.labels" -}} {{- define "athens-proxy.services.http.labels" -}}
{{ include "athens-proxy.labels" . }} {{ include "athens-proxy.labels" . }}
{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}} {{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}}
app.kubernetes.io/service-name: http app.kubernetes.io/service-name: http
{{- if .Values.service.labels }} {{- if .Values.services.http.labels }}
{{ toYaml .Values.service.labels }} {{ toYaml .Values.services.http.labels }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/* names */}} {{/* names */}}
{{- define "athens-proxy.service.name" -}} {{- define "athens-proxy.services.http.name" -}}
{{- if .Values.service.enabled -}} {{- if .Values.services.http.enabled -}}
{{ include "athens-proxy.fullname" . }} {{ include "athens-proxy.fullname" . }}-http
{{- end -}}
{{- end -}} {{- end -}}
{{- end -}}
templates/backendTLSPolicy.yaml
-25
View File
@@ -1,25 +0,0 @@
{{- if eq (include "athens-proxy.backendTLSPolicy.enabled" $) "true" }}
---
apiVersion: gateway.networking.k8s.io/v1
kind: BackendTLSPolicy
metadata:
{{- with (include "athens-proxy.backendTLSPolicy.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.backendTLSPolicy.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
targetRefs:
- group: ""
kind: Service
name: {{ include "athens-proxy.service.name" . }}
{{- with .Values.gatewayAPI.core.backendTLSPolicy.validation }}
validation:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}
templates/clientSettingsPolicy.yaml
-50
View File
@@ -1,50 +0,0 @@
{{- if eq (include "athens-proxy.clientSettingsPolicy.enabled" $) "true" }}
apiVersion: gateway.nginx.org/v1alpha1
kind: ClientSettingsPolicy
metadata:
{{- with (include "athens-proxy.clientSettingsPolicy.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.clientSettingsPolicy.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
targetRef:
group: gateway.networking.k8s.io
kind: HTTPRoute
name: {{ include "athens-proxy.fullname" . }}
{{- if or .Values.gatewayAPI.nginx.clientSettingsPolicy.clientMaxBodySize
.Values.gatewayAPI.nginx.clientSettingsPolicy.clientBodyTimeout
}}
body:
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.clientMaxBodySize }}
maxSize: {{ . }}
{{- end }}
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.clientBodyTimeout }}
timeout: {{ . }}
{{- end }}
{{- end }}
{{- if or .Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveRequests
.Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveTime
.Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveTimeout
.Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveMinTimeout
}}
keepAlive:
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveRequests }}
requests: {{ . }}
{{- end }}
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveTime }}
time: {{ . }}
{{- end }}
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveTimeout }}
timeout: {{ . }}
{{- end }}
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveMinTimeout }}
minTimeout: {{ . }}
{{- end }}
{{- end }}
{{- end -}}
templates/httpRoute.yaml
-36
View File
@@ -1,36 +0,0 @@
{{- if eq (include "athens-proxy.httpRoute.enabled" $) "true" }}
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
{{- with (include "athens-proxy.httpRoute.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.httpRoute.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- with .Values.gatewayAPI.core.httpRoute.hostnames }}
hostnames:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.gatewayAPI.core.httpRoute.parentRefs }}
parentRefs:
{{- toYaml . | nindent 4 }}
{{- end }}
rules:
- backendRefs:
- kind: Service
name: {{ include "athens-proxy.service.name" . }}
namespace: {{ .Release.Namespace }}
port: {{ .Values.service.port }}
weight: 1
{{- with .Values.gatewayAPI.core.httpRoute.matches }}
matches:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
templates/ingress.yaml
+4 -4
View File
@@ -1,4 +1,4 @@
{{- if and .Values.service.enabled .Values.ingress.enabled }} {{- if and .Values.services.http.enabled .Values.ingress.enabled }}
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
@@ -27,9 +27,9 @@ spec:
{{- end }} {{- end }}
backend: backend:
service: service:
name: {{ include "athens-proxy.service.name" $ }} name: {{ include "athens-proxy.services.http.name" $ }}
port: port:
number: {{ $.Values.service.port }} number: {{ $.Values.services.http.port }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.ingress.tls }} {{- if .Values.ingress.tls }}
@@ -42,4 +42,4 @@ spec:
secretName: {{ .secretName | quote }} secretName: {{ .secretName | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
templates/service.yaml
-57
View File
@@ -1,57 +0,0 @@
{{- if .Values.service.enabled }}
---
apiVersion: v1
kind: Service
metadata:
{{- with (include "athens-proxy.service.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.service.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.service.name" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- if not (empty .Values.service.externalIPs) }}
externalIPs:
{{- range .Values.service.externalIPs }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") ) .Values.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
{{- end }}
internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.service.internalTrafficPolicy }}
{{- if .Values.service.ipFamilies }}
ipFamilies:
{{- range .Values.service.ipFamilies }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerClass }}
loadBalancerClass: {{ .Values.service.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if eq .Values.service.type "LoadBalancer" }}
loadBalancerSourceRanges:
{{- range .Values.service.loadBalancerSourceRanges }}
- {{ . }}
{{- end }}
{{- end }}
ports:
- name: http
protocol: TCP
port: {{ required "No service port defined!" .Values.service.port }}
selector:
{{- include "athens-proxy.pod.selectorLabels" . | nindent 4 }}
sessionAffinity: {{ required "No session affinity defined!" .Values.service.sessionAffinity }}
{{- with .Values.service.sessionAffinityConfig }}
sessionAffinityConfig:
{{- toYaml . | nindent 4}}
{{- end }}
type: {{ required "No service type defined!" .Values.service.type }}
{{- end }}
templates/serviceHTTP.yaml
+57
View File
@@ -0,0 +1,57 @@
{{- if .Values.services.http.enabled }}
---
apiVersion: v1
kind: Service
metadata:
{{- with (include "athens-proxy.services.http.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.services.http.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.services.http.name" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- if not (empty .Values.services.http.externalIPs) }}
externalIPs:
{{- range .Values.services.http.externalIPs }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (or (eq .Values.services.http.type "LoadBalancer") (eq .Values.services.http.type "NodePort") ) .Values.services.http.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.services.http.externalTrafficPolicy }}
{{- end }}
internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.services.http.internalTrafficPolicy }}
{{- if .Values.services.http.ipFamilies }}
ipFamilies:
{{- range .Values.services.http.ipFamilies }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerClass }}
loadBalancerClass: {{ .Values.services.http.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerIP }}
loadBalancerIP: {{ .Values.services.http.loadBalancerIP }}
{{- end }}
{{- if eq .Values.services.http.type "LoadBalancer" }}
loadBalancerSourceRanges:
{{- range .Values.services.http.loadBalancerSourceRanges }}
- {{ . }}
{{- end }}
{{- end }}
ports:
- name: http
protocol: TCP
port: {{ required "No service port defined!" .Values.services.http.port }}
selector:
{{- include "athens-proxy.pod.selectorLabels" . | nindent 4 }}
sessionAffinity: {{ required "No session affinity defined!" .Values.services.http.sessionAffinity }}
{{- with .Values.services.http.sessionAffinityConfig }}
sessionAffinityConfig:
{{- toYaml . | nindent 4}}
{{- end }}
type: {{ required "No service type defined!" .Values.services.http.type }}
{{- end }}
unittests/backendTLSPolicies/backendTLSPolicy.yaml
-130
View File
@@ -1,130 +0,0 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: backendTLSPolicy template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/backendTLSPolicy.yaml
tests:
- it: Skip rendering when disabled 1/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.backendTLSPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 2/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 3/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.backendTLSPolicy.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 4/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.backendTLSPolicy.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 5/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 6/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Render default values
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy.enabled: true
service.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: gateway.networking.k8s.io/v1
kind: BackendTLSPolicy
name: athens-proxy-unittest
namespace: testing
- contains:
path: spec.targetRefs
content:
group: ""
kind: Service
name: athens-proxy-unittest
- notExists:
path: spec.validation.caCertificateRefs
- it: Render with custom annotations and labels
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy:
enabled: true
annotations:
foo: bar
labels:
bar: foo
service.enabled: true
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
app.kubernetes.io/managed-by: Helm
helm.sh/chart: athens-proxy-0.1.0
bar: foo
- it: Render with custom validation
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy.enabled: true
gatewayAPI.core.backendTLSPolicy.validation:
caCertificateRefs:
- group: ""
kind: Secret
name: athens-proxy-ca
hostname: athens-proxy.svc.cluster.local
service.enabled: true
asserts:
- isSubset:
path: spec.validation
content:
caCertificateRefs:
- group: ""
kind: Secret
name: athens-proxy-ca
unittests/clientSettingsPolicies/clientSettingsPolicy.yaml
-190
View File
@@ -1,190 +0,0 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ClientSettingsPolicy template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/clientSettingsPolicy.yaml
tests:
- it: Skip rendering when disabled 1/8
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 2/8
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 3/8
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 4/8
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 5/8
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 6/8
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 7/8
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 8/8
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Render default values
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy.enabled: true
service.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: gateway.nginx.org/v1alpha1
kind: ClientSettingsPolicy
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- isSubset:
path: spec.targetRef
content:
group: gateway.networking.k8s.io
kind: HTTPRoute
name: athens-proxy-unittest
- notExists:
path: spec.body
- notExists:
path: spec.keepAlive
- it: Render custom annotations and labels
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy:
enabled: true
annotations:
foo: "bar"
labels:
bar: "foo"
service.enabled: true
asserts:
- equal:
path: metadata.annotations
value:
foo: "bar"
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
bar: "foo"
- it: Render with custom body settings
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy:
enabled: true
clientMaxBodySize: 10m
clientBodyTimeout: 30s
service.enabled: true
asserts:
- isSubset:
path: spec.body
content:
maxSize: 10m
timeout: 30s
- notExists:
path: spec.keepAlive
- it: Render with custom keepAlive settings
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy:
enabled: true
keepaliveRequests: 100
keepaliveTime: 60s
keepaliveTimeout: 60s
keepaliveMinTimeout: 10s
service.enabled: true
asserts:
- notExists:
path: spec.body
- isSubset:
path: spec.keepAlive
content:
requests: 100
time: 60s
timeout: 60s
minTimeout: 10s
unittests/deployments/certificate.yaml → unittests/deployment/certificate.yaml
View File
unittests/deployments/deployment.yaml → unittests/deployment/deployment.yaml
View File
unittests/deployments/downloadMode.yaml → unittests/deployment/downloadMode.yaml
View File
unittests/deployments/env.yaml → unittests/deployment/env.yaml
View File
unittests/deployments/gitConfig.yaml → unittests/deployment/gitConfig.yaml
View File
unittests/deployments/netrc.yaml → unittests/deployment/netrc.yaml
View File
unittests/deployments/persistentVolumeClaim.yaml → unittests/deployment/persistentVolumeClaim.yaml
View File
unittests/deployments/ssh.yaml → unittests/deployment/ssh.yaml
View File
unittests/httpRoutes/httpRoute.yaml
-194
View File
@@ -1,194 +0,0 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: HTTPRoute template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/httpRoute.yaml
tests:
- it: Skip rendering when disabled 1/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 2/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 3/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 4/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 5/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 6/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Rendering default values
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
service.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
- notExists:
path: spec.hostnames
- notExists:
path: spec.parentRefs
- contains:
path: spec.rules[0].backendRefs
content:
kind: Service
name: athens-proxy-unittest
namespace: testing
port: 3000
weight: 1
- contains:
path: spec.rules[0].matches
content:
path:
type: PathPrefix
value: /
- it: Rendering custom annotations and labels
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute:
enabled: true
annotations:
foo: bar
labels:
bar: foo
service.enabled: true
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: athens-proxy-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
bar: foo
helm.sh/chart: athens-proxy-0.1.0
- it: Rendering custom service port
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
service:
enabled: true
port: 9090
asserts:
- equal:
path: spec.rules[0].backendRefs[0].port
value: 9090
- it: Rendering custom matches
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute:
enabled: true
matches:
- path:
type: PathPrefix
value: /foo
service.enabled: true
asserts:
- contains:
path: spec.rules[0].matches
content:
path:
type: PathPrefix
value: /foo
- it: Rendering custom hostnames and parentRefs
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute:
enabled: true
hostnames:
- athens-proxy.example.local
parentRefs:
- name: gateway
namespace: testing
kind: Gateway
sectionName: athens-proxy-debug-gateway
service.enabled: true
asserts:
- lengthEqual:
path: spec.hostnames
count: 1
- contains:
path: spec.hostnames
content:
athens-proxy.example.local
- lengthEqual:
path: spec.parentRefs
count: 1
- contains:
path: spec.parentRefs
content:
name: gateway
namespace: testing
kind: Gateway
sectionName: athens-proxy-debug-gateway
unittests/ingresses/ingress.yaml → unittests/ingress/ingress.yaml
+4 -4
View File
@@ -15,7 +15,7 @@ tests:
- it: Skip ingress, when service is disabled. - it: Skip ingress, when service is disabled.
set: set:
service.enabled: false services.http.enabled: false
ingress.enabled: true ingress.enabled: true
asserts: asserts:
- hasDocuments: - hasDocuments:
@@ -65,7 +65,7 @@ tests:
pathType: Prefix pathType: Prefix
backend: backend:
service: service:
name: athens-proxy-unittest name: athens-proxy-unittest-http
port: port:
number: 3000 number: 3000
- contains: - contains:
@@ -92,7 +92,7 @@ tests:
- secretName: athens-proxy-http-tls - secretName: athens-proxy-http-tls
hosts: hosts:
- athens-proxy.example.local - athens-proxy.example.local
service.port: 8080 services.http.port: 8080
asserts: asserts:
- hasDocuments: - hasDocuments:
@@ -128,7 +128,7 @@ tests:
pathType: Prefix pathType: Prefix
backend: backend:
service: service:
name: athens-proxy-unittest name: athens-proxy-unittest-http
port: port:
number: 8080 number: 8080
- contains: - contains:
unittests/networkPolicies/networkPolicy.yaml → unittests/networkPolicy/networkPolicy.yaml
View File
unittests/persistentVolumeClaims/persistentVolumeClaim.yaml → unittests/persistentVolumeClaim/persistentVolumeClaim.yaml
View File
unittests/services/service.yaml → unittests/services/http.yaml
+20 -20
View File
@@ -6,11 +6,11 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/service.yaml - templates/serviceHTTP.yaml
tests: tests:
- it: Skip service when disabled. - it: Skip service when disabled.
set: set:
service.enabled: false services.http.enabled: false
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 0 count: 0
@@ -22,7 +22,7 @@ tests:
- containsDocument: - containsDocument:
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
name: athens-proxy-unittest name: athens-proxy-unittest-http
namespace: testing namespace: testing
- notExists: - notExists:
path: metadata.annotations path: metadata.annotations
@@ -75,37 +75,37 @@ tests:
- it: Require internalTrafficPolicy. - it: Require internalTrafficPolicy.
set: set:
service.internalTrafficPolicy: "" services.http.internalTrafficPolicy: ""
asserts: asserts:
- failedTemplate: - failedTemplate:
errorMessage: No internal traffic policy defined! errorMessage: No internal traffic policy defined!
- it: Require port. - it: Require port.
set: set:
service.port: "" services.http.port: ""
asserts: asserts:
- failedTemplate: - failedTemplate:
errorMessage: No service port defined! errorMessage: No service port defined!
- it: Require sessionAffinity. - it: Require sessionAffinity.
set: set:
service.sessionAffinity: "" services.http.sessionAffinity: ""
asserts: asserts:
- failedTemplate: - failedTemplate:
errorMessage: No session affinity defined! errorMessage: No session affinity defined!
- it: Require service type. - it: Require service type.
set: set:
service.type: "" services.http.type: ""
asserts: asserts:
- failedTemplate: - failedTemplate:
errorMessage: No service type defined! errorMessage: No service type defined!
- it: Render service with custom annotations and labels. - it: Render service with custom annotations and labels.
set: set:
service.annotations: services.http.annotations:
foo: bar foo: bar
service.labels: services.http.labels:
bar: foo bar: foo
asserts: asserts:
- equal: - equal:
@@ -125,19 +125,19 @@ tests:
- it: Change defaults - it: Change defaults
set: set:
service.externalIPs: services.http.externalIPs:
- "10.11.12.13/32" - "10.11.12.13/32"
service.externalTrafficPolicy: Local services.http.externalTrafficPolicy: Local
service.internalTrafficPolicy: Local services.http.internalTrafficPolicy: Local
service.ipFamilies: services.http.ipFamilies:
- IPv4 - IPv4
service.loadBalancerClass: aws services.http.loadBalancerClass: aws
service.loadBalancerIP: "11.12.13.14" services.http.loadBalancerIP: "11.12.13.14"
service.loadBalancerSourceRanges: services.http.loadBalancerSourceRanges:
- "11.12.0.0/17" - "11.12.0.0/17"
service.port: 10443 services.http.port: 10443
service.sessionAffinity: ClientIP services.http.sessionAffinity: ClientIP
service.type: LoadBalancer services.http.type: LoadBalancer
asserts: asserts:
- equal: - equal:
path: spec.externalIPs path: spec.externalIPs
@@ -171,4 +171,4 @@ tests:
value: ClientIP value: ClientIP
- equal: - equal:
path: spec.type path: spec.type
value: LoadBalancer value: LoadBalancer
values.yaml
+32 -99
View File
@@ -1,5 +1,4 @@
# Declare variables to be passed into your templates. # Declare variables to be passed into your templates.
## @section Global ## @section Global
## @param nameOverride Individual release name suffix. ## @param nameOverride Individual release name suffix.
## @param fullnameOverride Override the complete release name logic. ## @param fullnameOverride Override the complete release name logic.
@@ -521,72 +520,6 @@ deployment:
# secret: # secret:
# secretName: my-secret # secretName: my-secret
## @section GatewayAPI
gatewayAPI:
## @param gatewayAPI.enabled Enable the Gateway API resources. Requires Kubernetes v1.19 or higher, the CRD's and a compatible gateway controller.
enabled: false
core:
## @param gatewayAPI.core.backendTLSPolicy.enabled Enable the BackendTLSPolicy resource. Requires also `gatewayAPI.enabled` to be `true`.
## @param gatewayAPI.core.backendTLSPolicy.annotations Additional annotations for the BackendTLSPolicy.
## @param gatewayAPI.core.backendTLSPolicy.labels Additional labels for the BackendTLSPolicy.
## @param gatewayAPI.core.backendTLSPolicy.validation Validation configuration for the BackendTLSPolicy. For example, you can specify a trusted CA certificate to validate the TLS connection between the gateway and the athens-proxy pod.
backendTLSPolicy:
enabled: false
annotations: {}
labels: {}
validation: {}
# caCertificateRefs:
# - group: ""
# kind: Secret
# name: "athens-proxy-ca"
# hostname: "athens-proxy"
## @param gatewayAPI.core.httpRoute.enabled Enable the HTTPRoute resource. Requires also `gatewayAPI.enabled` and `service.enabled` to be `true`.
## @param gatewayAPI.core.httpRoute.annotations Additional annotations for the HTTPRoute.
## @param gatewayAPI.core.httpRoute.labels Additional labels for the HTTPRoute.
## @param gatewayAPI.core.httpRoute.hostnames Hostnames for the HTTPRoute.
## @skip gatewayAPI.core.httpRoute.matches Match conditions for the HTTPRoute. You can specify path based match conditions to route traffic to the athens-proxy service.
## @param gatewayAPI.core.httpRoute.parentRefs ParentRefs for the HTTPRoute. You can specify parentRefs to bind the HTTPRoute to specific Gateway resources.
httpRoute:
enabled: false
annotations: {}
labels: {}
hostnames: []
matches:
- path:
type: PathPrefix
value: /
parentRefs: []
# - name: gateway
# kind: Gateway
# group: gateway.networking.k8s.io
# namespace: default
# sectionName: athens-proxy-http
nginx:
## @param gatewayAPI.nginx.clientSettingsPolicy.enabled Enable the ClientSettingsPolicy resource. Requires also `gatewayAPI.enabled` to be `true`.
## @param gatewayAPI.nginx.clientSettingsPolicy.annotations Additional annotations for the ClientSettingsPolicy.
## @param gatewayAPI.nginx.clientSettingsPolicy.labels Additional labels for the ClientSettingsPolicy.
## @param gatewayAPI.nginx.clientSettingsPolicy.clientMaxBodySize ClientMaxBodySize sets the maximum allowed size of the client request body. If not specified, the default of the nginx gateway controller is used.
## @param gatewayAPI.nginx.clientSettingsPolicy.clientBodyTimeout ClientBodyTimeout sets the timeout for reading the client request body. If not specified, the default of the nginx gateway controller is used.
## @param gatewayAPI.nginx.clientSettingsPolicy.keepaliveRequests KeepaliveRequests sets the maximum number of requests that can be served through one keepalive connection. If not specified, the default of the nginx gateway controller is used.
## @param gatewayAPI.nginx.clientSettingsPolicy.keepaliveTime KeepaliveTime sets the time a keepalive connection is kept open. If not specified, the default of the nginx gateway controller is used.
## @param gatewayAPI.nginx.clientSettingsPolicy.keepaliveTimeout KeepaliveTimeout sets the time a client has to wait for the response of a request until the connection is closed. If not specified, the default of the nginx gateway controller is used.
## @param gatewayAPI.nginx.clientSettingsPolicy.keepaliveMinTimeout KeepaliveMinTimeout sets the minimum time a client has to wait for the response of a request until the connection is closed. If not specified, the default of the nginx gateway controller is used.
clientSettingsPolicy:
enabled: false
annotations: {}
labels: {}
clientMaxBodySize: ""
clientBodyTimeout: ""
keepaliveRequests:
keepaliveTime: ""
keepaliveTimeout: ""
keepaliveMinTimeout: ""
## @section Horizontal Pod Autoscaler (HPA) ## @section Horizontal Pod Autoscaler (HPA)
# In order for the HPA to function successfully, a metric server is required, especially for resource consumption. The # In order for the HPA to function successfully, a metric server is required, especially for resource consumption. The
# metric server enables the CPU and memory utilisation to be recorded. If such a metric server is not available, the HPA # metric server enables the CPU and memory utilisation to be recorded. If such a metric server is not available, the HPA
@@ -618,7 +551,6 @@ hpa:
minReplicas: 1 minReplicas: 1
maxReplicas: 10 maxReplicas: 10
## @section Ingress ## @section Ingress
ingress: ingress:
## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled. ## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled.
@@ -630,7 +562,7 @@ ingress:
annotations: {} annotations: {}
labels: {} labels: {}
## @param ingress.hosts Ingress specific configuration. ## @param ingress.hosts Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k.
## @skip ingress.hosts Skip individual host configuration. ## @skip ingress.hosts Skip individual host configuration.
hosts: [] hosts: []
# - host: athens-proxy.example.local # - host: athens-proxy.example.local
@@ -638,7 +570,7 @@ ingress:
# - path: / # - path: /
# pathType: Prefix # pathType: Prefix
## @param ingress.tls Ingress TLS settings. ## @param ingress.tls Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``.
## @skip ingress.tls Skip individual TLS configuration. ## @skip ingress.tls Skip individual TLS configuration.
tls: [] tls: []
# - secretName: athens-proxy-http-tls # - secretName: athens-proxy-http-tls
@@ -749,35 +681,36 @@ networkPolicy:
# protocol: TCP # protocol: TCP
## @section Service ## @section Service
## @param service.enabled Enable the service. ## @param services.http.enabled Enable the service.
## @param service.annotations Additional service annotations. ## @param services.http.annotations Additional service annotations.
## @param service.externalIPs External IPs for the service. ## @param services.http.externalIPs External IPs for the service.
## @param service.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. ## @param services.http.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation.
## @param service.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. ## @param services.http.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic.
## @param service.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. ## @param services.http.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization.
## @param service.labels Additional service labels. ## @param services.http.labels Additional service labels.
## @param service.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. ## @param services.http.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`.
## @param service.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. ## @param services.http.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.
## @param service.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. ## @param services.http.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.
## @param service.port Port to forward the traffic to. ## @param services.http.port Port to forward the traffic to.
## @param service.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. ## @param services.http.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.
## @param service.sessionAffinityConfig Contains the configuration of the session affinity. ## @param services.http.sessionAffinityConfig Contains the configuration of the session affinity.
## @param service.type Kubernetes service type for the traffic. ## @param services.http.type Kubernetes service type for the traffic.
service: services:
enabled: true http:
annotations: {} enabled: true
externalIPs: [] annotations: {}
externalTrafficPolicy: "Cluster" externalIPs: []
internalTrafficPolicy: "Cluster" externalTrafficPolicy: "Cluster"
ipFamilies: [] internalTrafficPolicy: "Cluster"
labels: {} ipFamilies: []
loadBalancerClass: "" labels: {}
loadBalancerIP: "" loadBalancerClass: ""
loadBalancerSourceRanges: [] loadBalancerIP: ""
port: 3000 loadBalancerSourceRanges: []
sessionAffinity: "None" port: 3000
sessionAffinityConfig: {} sessionAffinity: "None"
type: "ClusterIP" sessionAffinityConfig: {}
type: "ClusterIP"
## @section ServiceAccount ## @section ServiceAccount
serviceAccount: serviceAccount: