21 Commits

Author SHA1 Message Date
eadbcf243b fix(deployment): mount configMap 'gitconfig'
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 20s
Release / publish-chart (push) Successful in 13s
2025-10-12 22:09:03 +02:00
0caa188bb1 fix(deployment): mount additional volumes
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 15s
Release / publish-chart (push) Successful in 8s
2025-10-12 22:03:25 +02:00
3bce806ed6 fix(deployment): mount environment variables and volumes only when enabled
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 15s
Release / publish-chart (push) Successful in 8s
2025-10-12 21:55:31 +02:00
5c09cf8c79 docs(README): skip rendering of file content
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 6s
Generate README / generate-parameters (push) Successful in 28s
Markdown linter / markdown-link-checker (push) Successful in 12s
Markdown linter / markdown-lint (push) Successful in 28s
2025-10-12 21:11:45 +02:00
d4b5c0c86f fix(Chart): adapt annotation 'artifacthub.io/links'
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 15s
2025-10-12 20:54:08 +02:00
74598b4ee0 docs(README): mention upstream https://proxy.golang.org
Some checks failed
Generate README / generate-parameters (push) Successful in 29s
Helm / helm-lint (push) Successful in 17s
Helm / helm-unittest (push) Successful in 15s
Markdown linter / markdown-link-checker (push) Successful in 31s
Markdown linter / markdown-lint (push) Failing after 27s
Release / publish-chart (push) Successful in 1m56s
2025-10-12 19:19:09 +02:00
b06c1962cc docs(README): update chart version to 1.0.0
Some checks failed
Helm / helm-lint (push) Successful in 51s
Generate README / generate-parameters (push) Successful in 1m8s
Helm / helm-unittest (push) Has been cancelled
Markdown linter / markdown-lint (push) Has been cancelled
Markdown linter / markdown-link-checker (push) Has started running
2025-10-12 19:17:49 +02:00
991c545c93 test(deployment): adapt download mode url
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 15s
2025-10-12 19:06:55 +02:00
7c60c70244 docs(README): avoid CPU throttling by defining a CPU limit
Some checks failed
Helm / helm-lint (push) Successful in 11s
Helm / helm-unittest (push) Failing after 7s
Generate README / generate-parameters (push) Successful in 29s
Markdown linter / markdown-link-checker (push) Successful in 12s
Markdown linter / markdown-lint (push) Failing after 27s
2025-10-12 19:04:26 +02:00
0e048cdf4b docs(README): adapt downloadURL
Some checks failed
Generate README / generate-parameters (push) Successful in 10s
Helm / helm-lint (push) Successful in 14s
Helm / helm-unittest (push) Failing after 6s
Markdown linter / markdown-lint (push) Failing after 9s
Markdown linter / markdown-link-checker (push) Successful in 35s
2025-10-12 18:58:24 +02:00
89604cbe64 docs(README): mount secret with environment variables
Some checks failed
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 7s
Generate README / generate-parameters (push) Successful in 30s
Markdown linter / markdown-link-checker (push) Failing after 2m16s
Markdown linter / markdown-lint (push) Failing after 2m10s
2025-10-12 18:48:40 +02:00
f63450aec4 fix(deployment): mount secret with environment variables
Some checks failed
Generate README / generate-parameters (push) Failing after 10s
Helm / helm-lint (push) Has been cancelled
Helm / helm-unittest (push) Has been cancelled
2025-10-12 18:48:18 +02:00
d1e5accccb fix: supprt automatically roll deployments
All checks were successful
Helm / helm-unittest (push) Successful in 8s
Helm / helm-lint (push) Successful in 1m1s
2025-10-12 18:00:06 +02:00
fbd846784c fix(networkPolicy): use single network policy
Some checks failed
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 7s
Markdown linter / markdown-link-checker (push) Successful in 11s
Generate README / generate-parameters (push) Failing after 28s
Markdown linter / markdown-lint (push) Successful in 17s
2025-10-12 17:21:05 +02:00
bab5282617 fix(Chart): remove maintainer section
Some checks failed
Helm / helm-unittest (push) Failing after 19m53s
Helm / helm-lint (push) Failing after 19m55s
2025-10-12 17:07:26 +02:00
307660c767 refac: remove obsolete directory athens-proxy
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 15s
2025-10-12 17:05:51 +02:00
59b43aac79 fix(configMap): enable downloadURL and mode by default
Some checks failed
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
Generate README / generate-parameters (push) Successful in 28s
Markdown linter / markdown-link-checker (push) Failing after 14s
Markdown linter / markdown-lint (push) Failing after 33s
2025-10-12 16:54:36 +02:00
85a38e7d22 fix(deployment): remove leading v of the container image tag
All checks were successful
Helm / helm-lint (push) Successful in 21s
Helm / helm-unittest (push) Successful in 17s
2025-10-12 16:49:43 +02:00
2005fb8e05 fix(ci): update workflows and make targets
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 15s
2025-10-12 16:37:24 +02:00
5f78a0f071 fix(config): support the download mode file
Some checks failed
Helm / helm-lint (push) Successful in 8s
Helm / helm-unittest (push) Successful in 13s
Generate README / generate-parameters (push) Successful in 29s
Markdown linter / markdown-link-checker (push) Failing after 21s
Markdown linter / markdown-lint (push) Failing after 27s
2025-10-12 16:33:21 +02:00
c157c8c210 fix(config): support ssh 2025-10-12 16:33:21 +02:00
54 changed files with 1385 additions and 603 deletions

View File

@@ -46,18 +46,7 @@ jobs:
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
GITEA_SERVER_URL: ${{ github.server_url }}
run: |
PACKAGE_VERSION=${GITHUB_REF#refs/tags/}
REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2)
REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)
helm dependency build
helm package --version "${PACKAGE_VERSION}" ./
# chart-museum
helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
helm repo remove chartmuseum

View File

@@ -1,8 +0,0 @@
{
"yaml.schemas": {
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [
"/unittests/**/*.yaml"
]
},
"yaml.schemaStore.enable": true
}

View File

@@ -3,7 +3,7 @@ annotations:
- name: Athens proxy (binary)
url: https://github.com/gomods/athens
- name: support
url: https://git.cryptic.systems/volker.raschek/athens-proxy/issues
url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues
apiVersion: v2
name: athens-proxy
description: Athens proxy server for golang
@@ -22,7 +22,3 @@ sources:
- https://github.com/volker-raschek/athens-proxy-charts
- https://github.com/gomods/athens
- https://hub.docker.com/r/gomods/athens
maintainers:
- name: Markus Pesch
email: markus.pesch+apps@cryptic.systems

View File

@@ -4,7 +4,7 @@ CONTAINER_RUNTIME?=$(shell which podman)
# HELM_IMAGE
HELM_IMAGE_REGISTRY_HOST?=docker.io
HELM_IMAGE_REPOSITORY?=volkerraschek/helm
HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
# NODE_IMAGE

430
README.md
View File

@@ -2,167 +2,337 @@
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek)
This is an inofficial helm chart of the go-proxy
[athens](https://github.com/gomods/athens) which supports more complex
configuration options.
> [!NOTE]
> This is not the official helm chart of Athens Go Proxy. If you are looking for the official helm chart, checkout the
> GitHub project [gomods/athens-charts](https://github.com/gomods/athens-charts).
This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and
can be installed via helm.
This helm chart enables the deployment of [Athens Go Proxy](https://github.com/gomods/athens), a module datastore and
proxy for Golang.
The helm chart supports the individual configuration of additional containers/initContainers, mounting of volumes,
defining additional environment variables and much more.
Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure
helm and use it to deploy the exporter. It also contains further configuration examples.
Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the
*[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)*
concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a
separate [chapter](#argocd).
## Helm: configuration and installation
1. A helm chart repository must be configured, to pull the helm charts from.
2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm
`--set` flag or directly as part of a `values.yaml` file. The following example defines the repository and use the
`--set` flag for a basic deployment.
```bash
helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
helm repo update
helm install athens-proxy volker.raschek/athens-proxy
```
## Customization
Instead of passing all parameters via the *set* flag, it is also possible to define them as part of the `values.yaml`.
The following command downloads the `values.yaml` for a specific version of this chart. Please keep in mind, that the
version of the chart must be in sync with the `values.yaml`. Newer *minor* versions can have new features. New *major*
versions can break something!
The complete deployment can be adapted via the `values.yaml` files. The
configuration of the proxy can be done via the environment variables described
below or via mounting the config.toml as additional persistent volume to
`/config/config.toml`
## Access private repositories via SSH
Create a `configmap.yaml` with multiple keys. One key describe the content of
the `.gitconfig` file and another of `config` of the ssh client. All requests
Git clone comands with the prefix `http://github.com/` will be replaced by
`git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a
separate secret.
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-configs
data:
sshconfig: |
Host github.com
IdentityFile /root/.ssh/id_ed25519
StrictHostKeyChecking no
gitconfig: |
[url "git@github.com:"]
insteadOf = https://github.com/
```bash
CHART_VERSION=1.0.0
helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml
```
The secret definition below contains the SSH private and public key.
A complete list of available helm chart versions can be displayed via the following command:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: custom-ssh-keys
type: Opaque
stringData:
id_ed25519: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
-----END OPENSSH PRIVATE KEY-----
id_ed25519.pub: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe
```bash
helm search repo reposilite --versions
```
The item `config` of the configmap will be merged with the items of the secret
as virtual volume. This volume can than be mounted with special permissions
required for the ssh client.
The helm chart also contains a persistent volume claim definition. It persistent volume claim is not enabled by default.
Use the `--set` argument to persist your data.
```yaml
extraVolumes:
- name: ssh
projected:
defaultMode: 0644
sources:
- configMap:
name: custom-configs
items:
- key: sshconfig
path: config
- secret:
name: custom-ssh-keys
items:
- key: id_ed25519
path: id_ed25519
mode: 0600
- key: id_ed25519.pub
path: id_ed25519.pub
- name: gitconfig
configMap:
name: custom-configs
items:
- key: gitconfig
path: config
mode: 0644
extraVolumeMounts:
- name: ssh
mountPath: /root/.ssh
- name: gitconfig
mountPath: /root/.config/git
```bash
CHART_VERSION=1.0.0
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
persistence.enabled=true
```
## Access private GitHub.com repositories via developer token
### Examples
Another way to access private GitHub repositories is via a GitHub token, which
can be set via the environment variable `GITHUB_TOKEN`. Athens automatically
creates a `.netrc` file to access private GitHub repositories.
The following examples serve as individual configurations and as inspiration for how deployment problems can be solved.
## Access private repositories via .netrc configuration
#### Avoid CPU throttling by defining a CPU limit
As describe above, a `.netrc` file is responsible for the authentication via
HTTP. The file can also be defined via a custom secret and mounted into the home
directory of `root` for general authentication purpose.
If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the
application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but
cannot use the available CPU time to perform computing operations.
The example below describe the definition and mounting of a custom `.netrc` file
to access private repositories hosted on GitHub and GitLab.
The application must be informed that despite several CPUs only a part (limit) of the available computing time is
available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way
of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS
rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
```yaml
apiVersion: v1
kind: Secret
metadata:
name: custom-netrc
type: Opaque
stringData:
netrc: |
machine github.com login USERNAME password API-KEY
machine gitlab.com login USERNAME password API-KEY
Further information about this topic can be found in one of Kanishk's blog
[posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
> [!NOTE]
> The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is
> not anymore required.
>
> Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
```bash
CHART_VERSION=1.0.0
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
--set 'deployment.athensProxy.env.name=GOMAXPROCS' \
--set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
--set 'deployment.athensProxy.resources.limits.cpu=1000m'
```
The file must then be mounted via extraVolumes and extraVolumeMounts.
#### Network policies
Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`.
The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming
traffic from an ingress controller. Additionally two egress rules are defined. The first one to allow the application
outgoing access to the internal running DNS server `core-dns`. The second rule to be able to access the upstream Go
proxy `https://proxy.golang.org` via HTTPS.
> [!IMPORTANT]
> Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For
> this reason, there is are not default network policy rules defined.
```yaml
extraVolumes:
- name: netrc
secret:
secretName: custom-netrc
items:
- key: netrc
path: .netrc
mode: 0600
networkPolicies:
enabled: true
annotations: {}
labels: {}
policyTypes:
- Egress
- Ingress
egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- port: 53
protocol: TCP
- port: 53
protocol: UDP
- ports:
- port: 443
protocol: TCP
extraVolumeMounts:
- name: netrc
mountPath: /root
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
ports:
- port: http
protocol: TCP
```
## Persistent storage
## ArgoCD
Unlike the athens default, the default here is `disk` - i.e. the files are
written to the container. Therefore, it is advisable to outsource the
corresponding storage location to persistent storage. The following example
describes the integration of a persistent storage claim.
### Daily execution of rolling updates
```yaml
extraVolumes:
- name: gomodules
persistentVolumeClaim:
claimName: custom-gomodules-pvc
The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in
connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll
Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments).
extraVolumeMounts:
- name: gomodules
mountPath: /var/lib/athens
The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the
content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version,
Helm render order, different timestamps).
This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this
can lead to unnecessary notifications from ArgoCD.
To avoid this, the annotation with the shasum must be ignored. Below is a diff that adds the `Application` to ignore all
annotations with the prefix `checksum`.
```diff
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
+ ignoreDifferences:
+ - group: apps/v1
+ kind: Deployment
+ jqPathExpressions:
+ - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))'
```
## Parameters
### Global
| Name | Description | Value |
| ------------------ | ----------------------------------------- | ----- |
| `nameOverride` | Individual release name suffix. | `""` |
| `fullnameOverride` | Override the complete release name logic. | `""` |
### Configuration
| Name | Description | Value |
| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `config.env.enabled` | Enable mounting of the secret as environment variables. | `false` |
| `config.env.existingSecret.enabled` | Mount an existing secret containing the application specific environment variables. | `false` |
| `config.env.existingSecret.secretName` | Name of the existing secret containing the application specific environment variables. | `""` |
| `config.env.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
| `config.env.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
| `config.env.secret.envs` | List of environment variables stored in a secret and mounted into the container. | `{}` |
| `config.downloadMode.enabled` | Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined. | `false` |
| `config.downloadMode.existingConfigMap.enabled` | Enable to use an external config map for mounting the download mode file. | `false` |
| `config.downloadMode.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the download mode file. | `""` |
| `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored. | `downloadMode` |
| `config.downloadMode.configMap.annotations` | Additional annotations of the config map containing the download mode file. | `{}` |
| `config.downloadMode.configMap.labels` | Additional labels of the config map containing the download mode file. | `{}` |
| `config.gitConfig.enabled` | Enable mounting of a .gitconfig file into the container file system. | `false` |
| `config.gitConfig.existingConfigMap.enabled` | Enable to use an external config map for mounting the .gitconfig file. | `false` |
| `config.gitConfig.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the .gitconfig file. | `""` |
| `config.gitConfig.existingConfigMap.gitConfigKey` | The name of the key inside the config map where the content of the .gitconfig file is stored. | `nil` |
| `config.gitConfig.configMap.annotations` | Additional annotations of the config map containing the .gitconfig file. | `{}` |
| `config.gitConfig.configMap.labels` | Additional labels of the config map containing the .gitconfig file. | `{}` |
| `config.netrc.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
| `config.netrc.existingSecret.enabled` | Enable to use an external secret for mounting the .netrc file. | `false` |
| `config.netrc.existingSecret.secretName` | The name of the existing secret which should be used to mount the .netrc file. | `""` |
| `config.netrc.existingSecret.netrcKey` | The name of the key inside the secret where the content of the .netrc file is stored. | `.netrc` |
| `config.netrc.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
| `config.netrc.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
| `config.ssh.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
| `config.ssh.existingSecret.enabled` | Enable to use an external secret for mounting the public and private SSH key files. | `false` |
| `config.ssh.existingSecret.secretName` | The name of the existing secret which should be used to mount the public and private SSH key files. | `""` |
| `config.ssh.existingSecret.configKey` | The name of the key inside the secret where the content of the SSH client config file is stored. | `config` |
| `config.ssh.existingSecret.id_ed25519Key` | The name of the key inside the secret where the content of the id_ed25519 key file is stored. | `id_ed25519` |
| `config.ssh.existingSecret.id_ed25519PubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_ed25519.pub` |
| `config.ssh.existingSecret.id_rsaKey` | The name of the key inside the secret where the content of the id_rsa key file is stored. | `id_rsa` |
| `config.ssh.existingSecret.id_rsaPubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_rsa.pub` |
| `config.ssh.secret.annotations` | Additional annotations of the secret containing the public and private SSH key files. | `{}` |
| `config.ssh.secret.labels` | Additional labels of the secret containing the public and private SSH key files. | `{}` |
### Deployment
| Name | Description | Value |
| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------- |
| `deployment.annotations` | Additional deployment annotations. | `{}` |
| `deployment.labels` | Additional deployment labels. | `{}` |
| `deployment.additionalContainers` | List of additional containers. | `[]` |
| `deployment.affinity` | Affinity for the athens-proxy deployment. | `{}` |
| `deployment.initContainers` | List of additional init containers. | `[]` |
| `deployment.dnsConfig` | dnsConfig of the athens-proxy deployment. | `{}` |
| `deployment.dnsPolicy` | dnsPolicy of the athens-proxy deployment. | `""` |
| `deployment.hostname` | Individual hostname of the pod. | `""` |
| `deployment.subdomain` | Individual domain of the pod. | `""` |
| `deployment.hostNetwork` | Use the kernel network namespace of the host system. | `false` |
| `deployment.imagePullSecrets` | Secret to use for pulling the image. | `[]` |
| `deployment.athensProxy.args` | Arguments passed to the athens-proxy container. | `[]` |
| `deployment.athensProxy.command` | Command passed to the athens-proxy container. | `[]` |
| `deployment.athensProxy.env` | List of environment variables for the athens-proxy container. | `[]` |
| `deployment.athensProxy.envFrom` | List of environment variables mounted from configMaps or secrets for the athens-proxy container. | `[]` |
| `deployment.athensProxy.image.registry` | Image registry, eg. `docker.io`. | `docker.io` |
| `deployment.athensProxy.image.repository` | Image repository, eg. `library/busybox`. | `gomods/athens` |
| `deployment.athensProxy.image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` |
| `deployment.athensProxy.image.pullPolicy` | Image pull policy. | `IfNotPresent` |
| `deployment.athensProxy.resources` | CPU and memory resources of the pod. | `{}` |
| `deployment.athensProxy.securityContext` | Security context of the container of the deployment. | `{}` |
| `deployment.athensProxy.volumeMounts` | Additional volume mounts. | `[]` |
| `deployment.nodeSelector` | NodeSelector of the athens-proxy deployment. | `{}` |
| `deployment.priorityClassName` | PriorityClassName of the athens-proxy deployment. | `""` |
| `deployment.replicas` | Number of replicas for the athens-proxy deployment. | `1` |
| `deployment.restartPolicy` | Restart policy of the athens-proxy deployment. | `""` |
| `deployment.securityContext` | Security context of the athens-proxy deployment. | `{}` |
| `deployment.strategy.type` | Strategy type - `Recreate` or `RollingUpdate`. | `RollingUpdate` |
| `deployment.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` |
| `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` |
| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` |
| `deployment.tolerations` | Tolerations of the athens-proxy deployment. | `[]` |
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the athens-proxy deployment. | `[]` |
| `deployment.volumes` | Additional volumes to mount into the pods of the prometheus-exporter deployment. | `[]` |
### Horizontal Pod Autoscaler (HPA)
| Name | Description | Value |
| ----------------- | -------------------------------------------------------------------------------------------------- | ----------- |
| `hpa.enabled` | Enable the horizontal pod autoscaler (HPA). | `false` |
| `hpa.annotations` | Additional annotations for the HPA. | `{}` |
| `hpa.labels` | Additional labels for the HPA. | `{}` |
| `hpa.metrics` | Metrics contains the specifications for which to use to calculate the desired replica count. | `undefined` |
| `hpa.minReplicas` | Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down. | `1` |
| `hpa.maxReplicas` | Upper limit for the number of pods that can be set by the autoscaler. | `10` |
### Ingress
| Name | Description | Value |
| --------------------- | -------------------------------------------------------------------------------------------------------------------- | ------- |
| `ingress.enabled` | Enable creation of an ingress resource. Requires, that the http service is also enabled. | `false` |
| `ingress.className` | Ingress class. | `nginx` |
| `ingress.annotations` | Additional ingress annotations. | `{}` |
| `ingress.labels` | Additional ingress labels. | `{}` |
| `ingress.hosts` | Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. | `[]` |
| `ingress.tls` | Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``. | `[]` |
### Persistence
| Name | Description | Value |
| -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- |
| `persistence.enabled` | Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. | `false` |
| `persistence.data.mountPath` | The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`. | `/var/www/athens-proxy/data` |
| `persistence.data.existingPersistentVolumeClaim.enabled` | TODO | `false` |
| `persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName` | TODO | `""` |
| `persistence.data.persistentVolumeClaim.annotations` | Additional persistent volume claim annotations. | `{}` |
| `persistence.data.persistentVolumeClaim.labels` | Additional persistent volume claim labels. | `{}` |
| `persistence.data.persistentVolumeClaim.accessModes` | Access modes of the persistent volume claim. | `["ReadWriteMany"]` |
| `persistence.data.persistentVolumeClaim.storageClass` | Storage class of the persistent volume claim. | `""` |
| `persistence.data.persistentVolumeClaim.storageSize` | Size of the persistent volume claim. | `5Gi` |
### Network Policy
| Name | Description | Value |
| --------------------------- | ------------------------------------------------------------------------- | ------- |
| `networkPolicy.enabled` | Enable network policies in general. | `false` |
| `networkPolicy.annotations` | Additional network policy annotations. | `{}` |
| `networkPolicy.labels` | Additional network policy labels. | `{}` |
| `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]` |
| `networkPolicy.egress` | Concrete egress network policy implementation. | `[]` |
| `networkPolicy.ingress` | Concrete ingress network policy implementation. | `[]` |
### Service
| Name | Description | Value |
| ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| `services.http.enabled` | Enable the service. | `true` |
| `services.http.annotations` | Additional service annotations. | `{}` |
| `services.http.externalIPs` | External IPs for the service. | `[]` |
| `services.http.externalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster` |
| `services.http.internalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | `Cluster` |
| `services.http.ipFamilies` | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | `[]` |
| `services.http.labels` | Additional service labels. | `{}` |
| `services.http.loadBalancerClass` | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | `""` |
| `services.http.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` |
| `services.http.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` |
| `services.http.port` | Port to forward the traffic to. | `3000` |
| `services.http.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` |
| `services.http.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` |
| `services.http.type` | Kubernetes service type for the traffic. | `ClusterIP` |
### ServiceAccount
| Name | Description | Value |
| ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `serviceAccount.existing.enabled` | Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations. | `false` |
| `serviceAccount.existing.serviceAccountName` | Name of the existing service account. | `""` |
| `serviceAccount.new.annotations` | Additional service account annotations. | `{}` |
| `serviceAccount.new.labels` | Additional service account labels. | `{}` |
| `serviceAccount.new.automountServiceAccountToken` | Enable/disable auto mounting of the service account token. | `true` |
| `serviceAccount.new.imagePullSecrets` | ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount. | `[]` |
| `serviceAccount.new.secrets` | Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. | `[]` |

View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-configs
data:
sshconfig: |
Host github.com
IdentityFile /root/.ssh/id_ed25519
StrictHostKeyChecking no
gitconfig: |
[url "git@github.com:"]
insteadOf = https://github.com/

View File

@@ -1,26 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: custom-ssh-keys
type: Opaque
stringData:
id_ed25519: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
-----END OPENSSH PRIVATE KEY-----
id_ed25519.pub: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe
---
apiVersion: v1
kind: Secret
metadata:
name: custom-netrc
type: Opaque
stringData:
netrc: |
machine github.com login USERNAME password API-KEY
machine gitlab.com login USERNAME password API-KEY

View File

@@ -9,6 +9,7 @@
],
"customManagers": [
{
"customType": "regex",
"fileMatch": [
"^Chart\\.yaml$"
],
@@ -21,6 +22,7 @@
"versioningTemplate": "semver"
},
{
"customType": "regex",
"fileMatch": ["^README\\.md$"],
"matchStrings": [
"VERSION=(?<currentValue>.*)"
@@ -32,6 +34,20 @@
}
],
"packageRules": [
{
"groupName": "Update docker.io/volkerraschek/helm",
"matchDepNames": [
"docker.io/volkerraschek/helm",
"volkerraschek/helm"
]
},
{
"groupName": "Update docker.io/library/node",
"matchDepNames": [
"docker.io/library/node",
"library/node"
]
},
{
"addLabels": [
"renovate/automerge",

View File

@@ -34,6 +34,10 @@
{{/* name */}}
{{- define "athens-proxy.configMap.downloadMode.name" -}}
{{ include "athens-proxy.fullname" . }}-download-mode-file
{{- end }}
{{- define "athens-proxy.configMap.gitConfig.name" -}}
{{ include "athens-proxy.fullname" . }}-gitconfig
{{- end }}

256
templates/_deployment.tpl Normal file
View File

@@ -0,0 +1,256 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.deployment.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.deployment.annotations }}
{{ toYaml .Values.deployment.annotations }}
{{- end }}
{{- end }}
{{/* env */}}
{{- define "athens-proxy.deployment.env" -}}
{{- $env := .Values.deployment.athensProxy.env | default (list) }}
{{- if and .Values.persistence.enabled }}
{{- $env = concat $env (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)) }}
{{- end }}
{{- if .Values.config.downloadMode.enabled }}
{{- $env = concat $env (list (dict "name" "ATHENS_DOWNLOAD_MODE" "value" "file:/etc/athens/config/download-mode.d/download-mode")) }}
{{- end }}
{{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }}
{{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }}
{{- end }}
{{ toYaml (dict "env" $env) }}
{{- end -}}
{{/* envFrom */}}
{{- define "athens-proxy.deployment.envFrom" -}}
{{- $envFrom := .Values.deployment.athensProxy.envFrom | default (list) }}
{{- if .Values.config.env.enabled }}
{{- $secretName := include "athens-proxy.secrets.env.name" $ }}
{{- if and .Values.config.env.existingSecret.enabled (gt (len .Values.config.env.existingSecret.secretName) 0)}}
{{- $secretName = .Values.config.env.existingSecret.secretName }}
{{- end }}
{{- $envFrom = concat $envFrom (list (dict "secretRef" (dict "name" $secretName))) }}
{{- end }}
{{ toYaml (dict "envFrom" $envFrom) }}
{{- end -}}
{{/* image */}}
{{- define "athens-proxy.deployment.images.athens-proxy.fqin" -}}
{{- $registry := .Values.deployment.athensProxy.image.registry -}}
{{- $repository := .Values.deployment.athensProxy.image.repository -}}
{{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}}
{{- printf "%s/%s:%s" $registry $repository $tag -}}
{{- end -}}
{{/* labels */}}
{{- define "athens-proxy.deployment.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.deployment.labels }}
{{ toYaml .Values.deployment.labels }}
{{- end }}
{{- end }}
{{/* serviceAccount */}}
{{- define "athens-proxy.deployment.serviceAccount" -}}
{{- if .Values.serviceAccount.existing.enabled -}}
{{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}}
{{- else -}}
{{- include "athens-proxy.fullname" . -}}
{{- end -}}
{{- end }}
{{/* volumeMounts */}}
{{- define "athens-proxy.deployment.volumeMounts" -}}
{{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }}
{{- if .Values.persistence.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }}
{{- end }}
{{/* volumes (download mode) */}}
{{- if .Values.config.downloadMode.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "download-mode" "mountPath" "/etc/athens/config/download-mode.d" )) }}
{{- end }}
{{/* volumeMount (git config) */}}
{{- if .Values.config.gitConfig.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.gitconfig" "subPath" ".gitconfig" )) }}
{{- end }}
{{/* volumeMount (netrc) */}}
{{- if .Values.config.netrc.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.netrc" "subPath" ".netrc" )) }}
{{- end }}
{{/* volumeMount (ssh) */}}
{{- if and .Values.config.ssh.enabled }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.config) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.configKey) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/config" "subPath" "config" )) }}
{{- end }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519" "subPath" "id_ed25519" )) }}
{{- end }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519.pub" "subPath" "id_ed25519.pub" )) }}
{{- end }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa" "subPath" "id_rsa" )) }}
{{- end }}
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0)) }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa.pub" "subPath" "id_rsa.pub" )) }}
{{- end }}
{{- end }}
{{ toYaml (dict "volumeMounts" $volumeMounts) }}
{{- end -}}
{{/* volumes */}}
{{- define "athens-proxy.deployment.volumes" -}}
{{- $volumes := .Values.deployment.volumes | default (list) }}
{{/* volumes (data) */}}
{{- if .Values.persistence.enabled }}
{{- $claimName := include "athens-proxy.persistentVolumeClaim.data.name" $ }}
{{- if .Values.persistence.data.existingPersistentVolumeClaim.enabled }}
{{- $claimName = .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName }}
{{- end }}
{{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $claimName))) }}
{{- end }}
{{/* volumes (download mode) */}}
{{- if .Values.config.downloadMode.enabled }}
{{- $itemList := list (dict "key" "downloadMode" "path" "download-mode" "mode" 0644) }}
{{- $configMapName := include "athens-proxy.configMap.downloadMode.name" $ }}
{{- if and .Values.config.downloadMode.existingConfigMap.enabled (gt (len .Values.config.downloadMode.existingConfigMap.configMapName) 0) }}
{{- $itemList = list (dict "key" .Values.config.downloadMode.existingConfigMap.downloadModeKey "path" "download-mode" "mode" 0644) }}
{{- $configMapName = .Values.config.downloadMode.existingConfigMap.configMapName }}
{{- end }}
{{- $volumes = concat $volumes (list (dict "name" "download-mode" "configMap" (dict "name" $configMapName "items" $itemList))) }}
{{- end }}
{{/* volumes (git config) */}}
{{- $projectedSecretSources := list -}}
{{- if .Values.config.gitConfig.enabled }}
{{- $itemList := list (dict "key" ".gitconfig" "path" ".gitconfig" "mode" 0644) }}
{{- $configMapName := include "athens-proxy.configMap.gitConfig.name" . }}
{{- if .Values.config.gitConfig.existingConfigMap.enabled }}
{{- $itemList = list (dict "key" .Values.config.gitConfig.existingConfigMap.gitConfigKey "path" ".gitconfig" "mode" 0644) }}
{{- $configMapName = .Values.config.gitConfig.existingConfigMap.configMapName }}
{{- end }}
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "configMap" (dict "name" $configMapName "items" $itemList))) }}
{{- end }}
{{/* volumes (netrc) */}}
{{- if .Values.config.netrc.enabled }}
{{- $itemList := list (dict "key" ".netrc" "path" ".netrc" "mode" 0600) }}
{{- $secretName := include "athens-proxy.secrets.netrc.name" . }}
{{- if .Values.config.netrc.existingSecret.enabled }}
{{- $itemList = list (dict "key" .Values.config.netrc.existingSecret.netrcKey "path" ".netrc" "mode" 0600) }}
{{- $secretName = .Values.config.netrc.existingSecret.secretName }}
{{- end }}
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
{{- end }}
{{/* volumes (ssh) */}}
{{- if .Values.config.ssh.enabled }}
{{- $itemList := list -}}
{{- $secretName := include "athens-proxy.secrets.ssh.name" . }}
{{- if and .Values.config.ssh.existingSecret.enabled .Values.config.ssh.existingSecret.secretName }}
{{- $secretName = .Values.config.ssh.existingSecret.secretName }}
{{- if gt (len .Values.config.ssh.existingSecret.configKey) 0 }}
{{- $configItem := dict "key" .Values.config.ssh.existingSecret.configKey "path" "config" "mode" 0600 }}
{{- $itemList = concat $itemList (list $configItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0 }}
{{- $idED25519Item := dict "key" .Values.config.ssh.existingSecret.id_ed25519Key "path" "id_ed25519" "mode" 0600 }}
{{- $itemList = concat $itemList (list $idED25519Item) }}
{{- end }}
{{- if gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0 }}
{{- $idED25519PubItem := dict "key" .Values.config.ssh.existingSecret.id_ed25519PubKey "path" "id_ed25519.pub" "mode" 0644 }}
{{- $itemList = concat $itemList (list $idED25519PubItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0 }}
{{- $idRSAItem := dict "key" .Values.config.ssh.existingSecret.id_rsaKey "path" "id_rsa" "mode" 0600 }}
{{- $itemList = concat $itemList (list $idRSAItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0 }}
{{- $idRSAPubItem := dict "key" .Values.config.ssh.existingSecret.id_rsaPubKey "path" "id_rsa.pub" "mode" 0644 }}
{{- $itemList = concat $itemList (list $idRSAPubItem) }}
{{- end }}
{{- end }}
{{- if not .Values.config.ssh.existingSecret.enabled }}
{{- if gt (len .Values.config.ssh.secret.config) 0 }}
{{- $configItem := dict "key" "config" "path" "config" "mode" 0600 }}
{{- $itemList = concat $itemList (list $configItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.secret.id_ed25519) 0 }}
{{- $idED25519Item := dict "key" "id_ed25519" "path" "id_ed25519" "mode" 0600 }}
{{- $itemList = concat $itemList (list $idED25519Item) }}
{{- end }}
{{- if gt (len .Values.config.ssh.secret.id_ed25519_pub) 0 }}
{{- $idED25519PubItem := dict "key" "id_ed25519.pub" "path" "id_ed25519.pub" "mode" 0644 }}
{{- $itemList = concat $itemList (list $idED25519PubItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.secret.id_rsa) 0 }}
{{- $idRSAItem := dict "key" "id_rsa" "path" "id_rsa" "mode" 0600 }}
{{- $itemList = concat $itemList (list $idRSAItem) }}
{{- end }}
{{- if gt (len .Values.config.ssh.secret.id_rsa_pub) 0 }}
{{- $idRSAPubItem := dict "key" "id_rsa.pub" "path" "id_rsa.pub" "mode" 0644 }}
{{- $itemList = concat $itemList (list $idRSAPubItem) }}
{{- end }}
{{- end }}
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
{{- end }}
{{- if gt (len $projectedSecretSources) 0 }}
{{- $projectedSecretVolume := dict "name" "secrets" "projected" (dict "sources" $projectedSecretSources) }}
{{- $volumes = concat $volumes (list $projectedSecretVolume) }}
{{- end }}
{{ toYaml (dict "volumes" $volumes) }}
{{- end -}}

View File

@@ -0,0 +1,19 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.networkPolicy.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.networkPolicy.annotations }}
{{ toYaml .Values.networkPolicy.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.networkPolicy.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.networkPolicy.labels }}
{{ toYaml .Values.networkPolicy.labels }}
{{- end }}
{{- end }}

34
templates/_pod.tpl Normal file
View File

@@ -0,0 +1,34 @@
---
{{/* annotations */}}
{{- define "athens-proxy.pod.annotations" }}
{{- include "athens-proxy.annotations" . }}
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }}
{{- end }}
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }}
{{- end }}
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }}
{{- end }}
{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }}
{{- end }}
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.pod.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- end }}
{{- define "athens-proxy.pod.selectorLabels" -}}
{{ include "athens-proxy.selectorLabels" . }}
{{- end }}

View File

@@ -1,118 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.deployment.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.deployment.annotations }}
{{ toYaml .Values.deployment.annotations }}
{{- end }}
{{- end }}
{{/* env */}}
{{- define "athens-proxy.deployment.env" -}}
{{- $env := .Values.deployment.athensProxy.env | default (list) }}
{{- if and .Values.persistence.enabled }}
{{- $env = concat $env (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)) }}
{{- end }}
{{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }}
{{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }}
{{- end }}
{{ toYaml (dict "env" $env) }}
{{- end -}}
{{/* envFrom */}}
{{- define "athens-proxy.deployment.envFrom" -}}
{{- end -}}
{{/* image */}}
{{- define "athens-proxy.deployment.images.athens-proxy.fqin" -}}
{{- $registry := .Values.deployment.athensProxy.image.registry -}}
{{- $repository := .Values.deployment.athensProxy.image.repository -}}
{{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}}
{{- printf "%s/%s:v%s" $registry $repository $tag -}}
{{- end -}}
{{/* labels */}}
{{- define "athens-proxy.deployment.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.deployment.labels }}
{{ toYaml .Values.deployment.labels }}
{{- end }}
{{- end }}
{{/* serviceAccount */}}
{{- define "athens-proxy.deployment.serviceAccount" -}}
{{- if .Values.serviceAccount.existing.enabled -}}
{{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}}
{{- else -}}
{{- include "athens-proxy.fullname" . -}}
{{- end -}}
{{- end }}
{{/* volumeMounts */}}
{{- define "athens-proxy.deployment.volumeMounts" -}}
{{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }}
{{- if .Values.persistence.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }}
{{- end }}
{{- if .Values.config.gitConfig.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.gitconfig" "subPath" ".gitconfig" )) }}
{{- end }}
{{- if .Values.config.netrc.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.netrc" "subPath" ".netrc" )) }}
{{- end }}
{{ toYaml (dict "volumeMounts" $volumeMounts) }}
{{- end -}}
{{/* volumes */}}
{{- define "athens-proxy.deployment.volumes" -}}
{{- $volumes := .Values.deployment.athensProxy.volumes | default (list) }}
{{- if .Values.persistence.enabled }}
{{- $claimName := include "athens-proxy.persistentVolumeClaim.data.name" $ }}
{{- if .Values.persistence.data.existingPersistentVolumeClaim.enabled }}
{{- $claimName = .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName }}
{{- end }}
{{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $claimName))) }}
{{- end }}
{{- if .Values.config.gitConfig.enabled }}
{{- $projectedSources := list -}}
{{- $itemList := list (dict "key" ".gitconfig" "path" ".gitconfig" "mode" 0644) }}
{{- $configMapName := include "athens-proxy.configMap.gitConfig.name" . }}
{{- if .Values.config.gitConfig.existingConfigMap.enabled }}
{{- $itemList = list (dict "key" .Values.config.gitConfig.existingConfigMap.gitConfigKey "path" ".gitconfig" "mode" 0644) }}
{{- $configMapName = .Values.config.gitConfig.existingConfigMap.configMapName }}
{{- end }}
{{- $projectedSources = concat $projectedSources (list (dict "configMap" (dict "name" $configMapName "items" $itemList))) }}
{{- $volumes = concat $volumes (list (dict "name" "secrets" "projected" (dict "sources" $projectedSources)))}}
{{- end }}
{{- if .Values.config.netrc.enabled }}
{{- $projectedSources := list -}}
{{- $itemList := list (dict "key" ".netrc" "path" ".netrc" "mode" 0600) }}
{{- $secretName := include "athens-proxy.secrets.netrc.name" . }}
{{- if .Values.config.netrc.existingSecret.enabled }}
{{- $itemList = list (dict "key" .Values.config.netrc.existingSecret.netrcKey "path" ".netrc" "mode" 0600) }}
{{- $secretName = .Values.config.netrc.existingSecret.secretName }}
{{- end }}
{{- $projectedSources = concat $projectedSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
{{- $volumes = concat $volumes (list (dict "name" "secrets" "projected" (dict "sources" $projectedSources)))}}
{{- end }}
{{ toYaml (dict "volumes" $volumes) }}
{{- end -}}

View File

@@ -1,19 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.networkPolicies.annotations" -}}
{{ include "athens-proxy.annotations" .context }}
{{- if .networkPolicy.annotations }}
{{ toYaml .networkPolicy.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.networkPolicies.labels" -}}
{{ include "athens-proxy.labels" .context }}
{{- if .networkPolicy.labels }}
{{ toYaml .networkPolicy.labels }}
{{- end }}
{{- end }}

View File

@@ -1,17 +0,0 @@
---
{{/* annotations */}}
{{- define "athens-proxy.pod.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.pod.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- end }}
{{- define "athens-proxy.pod.selectorLabels" -}}
{{ include "athens-proxy.selectorLabels" . }}
{{- end }}

View File

@@ -1,36 +0,0 @@
{{- if .Values.networkPolicies.enabled }}
{{- range $key, $value := .Values.networkPolicies -}}
{{- if and (not (eq $key "enabled")) $value.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
{{- with (include "athens-proxy.networkPolicies.annotations" (dict "networkPolicy" $value "context" $) | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.networkPolicies.labels" (dict "networkPolicy" $value "context" $) | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ printf "%s-%s" (include "athens-proxy.fullname" $ ) $key }}
namespace: {{ $.Release.Namespace }}
spec:
podSelector:
matchLabels:
{{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }}
{{- with $value.policyTypes }}
policyTypes:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with $value.egress }}
egress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with $value.ingress }}
ingress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -1,4 +1,4 @@
{{- if not .Values.config.downloadMode.existingConfigMap.enabled }}
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
---
apiVersion: v1
kind: ConfigMap
@@ -11,7 +11,7 @@ metadata:
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}-download-mode-file
name: {{ include "athens-proxy.configMap.downloadMode.name" . }}
namespace: {{ .Release.Namespace }}
data:
downloadMode: |

View File

@@ -1,4 +1,4 @@
{{- if not .Values.config.gitConfig.existingConfigMap.enabled }}
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
---
apiVersion: v1
kind: ConfigMap
@@ -11,7 +11,7 @@ metadata:
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}-git-config
name: {{ include "athens-proxy.configMap.gitConfig.name" . }}
namespace: {{ .Release.Namespace }}
data:
.gitconfig: |

View File

@@ -0,0 +1,32 @@
{{- if .Values.networkPolicy.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
{{- with (include "athens-proxy.networkPolicy.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.networkPolicy.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
podSelector:
matchLabels:
{{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }}
{{- with .Values.networkPolicy.policyTypes }}
policyTypes:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.networkPolicy.egress }}
egress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.networkPolicy.ingress }}
ingress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

View File

@@ -1,4 +1,4 @@
{{- if not .Values.config.env.existingSecret.enabled }}
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
---
apiVersion: v1
kind: Secret

View File

@@ -1,4 +1,4 @@
{{- if not .Values.config.ssh.existingSecret.enabled }}
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
---
apiVersion: v1
kind: Secret

View File

@@ -6,16 +6,24 @@ release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/configMapDownloadMode.yaml
- templates/configMapDownloadMode.yaml
tests:
- it: Skip rending by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rending by using existing config map.
set:
config.downloadMode.enabled: true
config.downloadMode.existingConfigMap.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering by default.
- it: Rendering with default values
set:
config.downloadMode.enabled: true
asserts:
- hasDocuments:
count: 1
@@ -37,10 +45,10 @@ tests:
- equal:
path: data.downloadMode
value: |
# downloadURL = "https://proxy.golang.org"
#
# mode = "async_redirect"
#
downloadURL = "https://proxy.golang.org"
mode = "async_redirect"
# download "github.com/gomods/*" {
# mode = "sync"
# }
@@ -51,11 +59,12 @@ tests:
#
# download "github.com/pkg/*" {
# mode = "redirect"
# downloadURL = "https://gocenter.io"
# downloadURL = "https://proxy.golang.org"
# }
- it: Rendering custom annotations and labels.
set:
config.downloadMode.enabled: true
config.downloadMode.configMap.annotations:
foo: bar
bar: foo
@@ -76,6 +85,7 @@ tests:
- it: Rendering custom configuration
set:
config.downloadMode.enabled: true
config.downloadMode.configMap.content: |
downloadURL = "https://proxy.golang.org"
mode = "async_redirect"

View File

@@ -6,23 +6,31 @@ release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/configMapGitConfig.yaml
- templates/configMapGitConfig.yaml
tests:
- it: Skip rending by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rending by using existing config map.
set:
config.gitConfig.enabled: true
config.gitConfig.existingConfigMap.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering by default.
set:
config.gitConfig.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ConfigMap
name: athens-proxy-unittest-git-config
name: athens-proxy-unittest-gitconfig
namespace: testing
- notExists:
path: metadata.annotations
@@ -46,6 +54,7 @@ tests:
- it: Rendering custom annotations and labels.
set:
config.gitConfig.enabled: true
config.gitConfig.configMap.annotations:
foo: bar
bar: foo
@@ -66,6 +75,7 @@ tests:
- it: Rendering custom configuration
set:
config.gitConfig.enabled: true
config.gitConfig.configMap.content: |
[url "git@github.com:"]
insteadOf = https://github.com/

View File

@@ -6,22 +6,22 @@ release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/deployment.yaml
- templates/deployment.yaml
tests:
- it: Rendering default
asserts:
- hasDocuments:
count: 1
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- containsDocument:
apiVersion: apps/v1
kind: Deployment
name: athens-proxy-unittest
namespace: testing
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: metadata.annotations
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- equal:
path: metadata.labels
value:
@@ -30,11 +30,11 @@ tests:
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- equal:
path: spec.replicas
value: 1
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- equal:
path: spec.template.metadata.labels
value:
@@ -43,74 +43,74 @@ tests:
app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.affinity
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].args
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].command
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].envFrom
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].volumeMounts
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[0].image
value: docker.io/gomods/athens:v0.1.0
template: templates/athens-proxy/deployment.yaml
value: docker.io/gomods/athens:0.1.0
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].resources
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].securityContext
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.dnsConfig
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.dnsPolicy
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.hostname
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- equal:
path: spec.template.spec.hostNetwork
value: false
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.imagePullSecrets
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.nodeSelector
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.priorityClassName
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.restartPolicy
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.subdomain
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 60
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.tolerations
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.topologySpreadConstraints
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- equal:
path: spec.strategy
value:
@@ -118,7 +118,7 @@ tests:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test custom replicas
set:
@@ -130,7 +130,7 @@ tests:
- equal:
path: spec.replicas
value: 3
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test custom affinity
set:
@@ -160,7 +160,7 @@ tests:
values:
- antarctica-east1
- antarctica-west1
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test additional arguments
set:
@@ -176,7 +176,7 @@ tests:
value:
- --foo=bar
- --bar=foo
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test additional command
set:
@@ -194,7 +194,7 @@ tests:
- "/bin/sh"
- "-c"
- "echo hello"
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test custom imageRegistry and imageRepository
set:
@@ -206,8 +206,8 @@ tests:
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: registry.example.local/path/special/athens-proxy:v0.1.0
template: templates/athens-proxy/deployment.yaml
value: registry.example.local/path/special/athens-proxy:0.1.0
template: templates/deployment.yaml
- it: Test custom imagePullPolicy
set:
@@ -219,7 +219,7 @@ tests:
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: Always
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test custom resource limits and requests
set:
@@ -242,7 +242,7 @@ tests:
resourceFieldRef:
divisor: "1"
resource: limits.cpu
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[0].resources
value:
@@ -252,7 +252,7 @@ tests:
requests:
cpu: 25m
memory: 100MB
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test custom securityContext
set:
@@ -282,7 +282,7 @@ tests:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test dnsConfig
set:
@@ -300,7 +300,7 @@ tests:
nameservers:
- "8.8.8.8"
- "8.8.4.4"
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test dnsPolicy
set:
@@ -312,7 +312,7 @@ tests:
- equal:
path: spec.template.spec.dnsPolicy
value: ClusterFirst
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test hostNetwork, hostname, subdomain
set:
@@ -326,15 +326,15 @@ tests:
- equal:
path: spec.template.spec.hostNetwork
value: true
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- equal:
path: spec.template.spec.hostname
value: pg-exporter
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- equal:
path: spec.template.spec.subdomain
value: exporters.internal
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test imagePullSecrets
set:
@@ -350,7 +350,7 @@ tests:
value:
- name: my-pull-secret
- name: my-special-secret
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test nodeSelector
set:
@@ -364,7 +364,7 @@ tests:
path: spec.template.spec.nodeSelector
value:
foo: bar
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test priorityClassName
set:
@@ -376,7 +376,7 @@ tests:
- equal:
path: spec.template.spec.priorityClassName
value: my-priority
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test restartPolicy
set:
@@ -388,7 +388,7 @@ tests:
- equal:
path: spec.template.spec.restartPolicy
value: Always
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test terminationGracePeriodSeconds
set:
@@ -400,7 +400,7 @@ tests:
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 120
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test tolerations
set:
@@ -420,7 +420,7 @@ tests:
operator: Equal
value: postgres
effect: NoSchedule
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test topologySpreadConstraints
set:
@@ -442,7 +442,7 @@ tests:
labelSelector:
matchLabels:
app.kubernetes.io/instance: athens-proxy
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test additional volumeMounts and volumes
set:
@@ -462,5 +462,11 @@ tests:
value:
- name: data
mountPath: /usr/lib/athens-proxy/data
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- equal:
path: spec.template.spec.volumes
value:
- name: data
hostPath:
path: /usr/lib/athens-proxy/data
template: templates/deployment.yaml

View File

@@ -0,0 +1,105 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Rendering default without mounted download mode config map
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: download-mode
mountPath: /etc/athens/config/download-mode.d
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.volumes
content:
name: download-mode
configMap:
name: athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- it: Rendering default with mounted gitconfig configMap
set:
config.downloadMode.enabled: true
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: download-mode
mountPath: /etc/athens/config/download-mode.d
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: download-mode
configMap:
items:
- key: downloadMode
mode: 0644
path: download-mode
name: athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- it: Rendering with custom download mode configMap
set:
config.downloadMode.enabled: true
config.downloadMode.existingConfigMap.enabled: true
config.downloadMode.existingConfigMap.configMapName: "my-custom-configmap"
config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: download-mode
mountPath: /etc/athens/config/download-mode.d
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: download-mode
configMap:
items:
- key: "my-custom-download-mode-filename-key"
path: "download-mode"
mode: 0644
name: my-custom-configmap
template: templates/deployment.yaml

View File

@@ -0,0 +1,51 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/deployment.yaml
- templates/secretEnv.yaml
tests:
- it: Rendering default without mounted env secret
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: athens-proxy-unittest-env
template: templates/deployment.yaml
- it: Rendering default with mounted env secret
set:
config.env.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: athens-proxy-unittest-env
template: templates/deployment.yaml
- it: Rendering default with mounted env secret
set:
config.env.enabled: true
config.env.existingSecret.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: athens-proxy-unittest-env
template: templates/deployment.yaml

View File

@@ -6,16 +6,24 @@ release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/deployment.yaml
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Rendering default without mounted git config map
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.gitconfig
subPath: .gitconfig
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.volumes
content:
@@ -28,18 +36,23 @@ tests:
path: .gitconfig
mode: 0600
name: athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- it: Rendering default with mounted gitconfig configMap
set:
config.gitConfig.enabled: true
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.gitconfig
subPath: .gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
@@ -52,6 +65,7 @@ tests:
path: .gitconfig
mode: 0644
name: athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- it: Rendering with custom gitconfig configMap
set:
@@ -61,12 +75,16 @@ tests:
config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.gitconfig
subPath: .gitconfig
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
@@ -79,3 +97,4 @@ tests:
path: .gitconfig
mode: 0644
name: my-custom-configmap
template: templates/deployment.yaml

View File

@@ -6,15 +6,23 @@ release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/deployment.yaml
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Rendering default without mounted netrc secret
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: netrc
mountPath: /root
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.volumes
content:
@@ -27,18 +35,23 @@ tests:
path: .netrc
mode: 0600
name: athens-proxy-unittest-netrc
template: templates/deployment.yaml
- it: Rendering default with mounted netrc secret
set:
config.netrc.enabled: true
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.netrc
subPath: .netrc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
@@ -51,6 +64,7 @@ tests:
path: .netrc
mode: 0600
name: athens-proxy-unittest-netrc
template: templates/deployment.yaml
- it: Rendering with custom netrc secret
set:
@@ -60,12 +74,16 @@ tests:
config.netrc.existingSecret.netrcKey: "my-netrc-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.netrc
subPath: .netrc
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
@@ -78,3 +96,4 @@ tests:
path: .netrc
mode: 0600
name: my-custom-secret
template: templates/deployment.yaml

View File

@@ -6,7 +6,11 @@ release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/deployment.yaml
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Test persistent volume claim
set:
@@ -17,26 +21,26 @@ tests:
content:
name: ATHENS_STORAGE_TYPE
value: disk
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DISK_STORAGE_ROOT
value: /var/www/athens-proxy/data
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /var/www/athens-proxy/data
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: athens-proxy-unittest-data
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- it: Test existing persistent volume claim
set:
@@ -51,23 +55,23 @@ tests:
content:
name: ATHENS_STORAGE_TYPE
value: disk
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_DISK_STORAGE_ROOT
value: /mnt/go-proxy/data
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /mnt/go-proxy/data
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: my-special-pvc
template: templates/athens-proxy/deployment.yaml
template: templates/deployment.yaml

View File

@@ -0,0 +1,254 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Rendering default without mounted ssh secret
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/config
subPath: config
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519
subPath: id_ed25519
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519.pub
subPath: id_ed25519.pub
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa
subPath: id_rsa
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa.pub
subPath: id_rsa.pub
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: config
path: config
mode: 0644
- key: id_ed25519
path: id_ed25519
mode: 0600
- key: id_ed25519.pub
path: id_ed25519.pub
mode: 0644
- key: id_rsa
path: id_rsa
mode: 0600
- key: id_rsa.pub
path: id_rsa.pub
mode: 0644
name: athens-proxy-unittest-ssh
template: templates/deployment.yaml
- it: Rendering default with mounted ssh config
set:
config.ssh.enabled: true
persistence.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/config
subPath: config
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: config
path: config
mode: 0600
name: athens-proxy-unittest-ssh
template: templates/deployment.yaml
- it: Rendering default with mounted ssh keys
set:
config.ssh.enabled: true
config.ssh.secret.id_ed25519: foo
config.ssh.secret.id_ed25519_pub: bar
config.ssh.secret.id_rsa: foo
config.ssh.secret.id_rsa_pub: bar
persistence.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/config
subPath: config
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519
subPath: id_ed25519
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519.pub
subPath: id_ed25519.pub
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa
subPath: id_rsa
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa.pub
subPath: id_rsa.pub
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: config
path: config
mode: 0600
- key: id_ed25519
path: id_ed25519
mode: 0600
- key: id_ed25519.pub
path: id_ed25519.pub
mode: 0644
- key: id_rsa
path: id_rsa
mode: 0600
- key: id_rsa.pub
path: id_rsa.pub
mode: 0644
name: athens-proxy-unittest-ssh
template: templates/deployment.yaml
- it: Rendering with custom ssh secret
set:
config.ssh.enabled: true
config.ssh.existingSecret.enabled: true
config.ssh.existingSecret.secretName: "my-custom-secret"
config.ssh.existingSecret.configKey : "my-config-key"
config.ssh.existingSecret.id_ed25519Key : "my-private-ed25519-key"
config.ssh.existingSecret.id_ed25519PubKey : "my-public-ed25519-key"
config.ssh.existingSecret.id_rsaKey : "my-private-rsa-key"
config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key"
persistence.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/config
subPath: config
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519
subPath: id_ed25519
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_ed25519.pub
subPath: id_ed25519.pub
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa
subPath: id_rsa
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: secrets
mountPath: /root/.ssh/id_rsa.pub
subPath: id_rsa.pub
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: secrets
projected:
sources:
- secret:
items:
- key: my-config-key
path: config
mode: 0600
- key: my-private-ed25519-key
path: id_ed25519
mode: 0600
- key: my-public-ed25519-key
path: id_ed25519.pub
mode: 0644
- key: my-private-rsa-key
path: id_rsa
mode: 0600
- key: my-public-rsa-key
path: id_rsa.pub
mode: 0644
name: my-custom-secret
template: templates/deployment.yaml

View File

@@ -6,7 +6,7 @@ release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/hpa.yaml
- templates/hpa.yaml
tests:
- it: Skip rendering by default.
asserts:

View File

@@ -6,7 +6,7 @@ release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/ingress.yaml
- templates/ingress.yaml
tests:
- it: Skip ingress by default.
asserts:

View File

@@ -1,49 +1,30 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: NetworkPolicies template
suite: NetworkPolicy template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/networkPolicies.yaml
- templates/networkPolicy.yaml
tests:
- it: Skip networkPolicies in general disabled.
- it: Skip rendering networkPolicy
set:
networkPolicies.enabled: false
networkPolicy.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip networkPolicy 'default' when disabled.
- it: Render default networkPolicy
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: false
networkPolicy.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Loop over networkPolicies
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: false
networkPolicies.nginx.enabled: true
networkPolicies.prometheus.enabled: true
asserts:
- hasDocuments:
count: 2
- it: Template networkPolicy 'default' without policyTypes, egress and ingress configuration
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: true
asserts:
- hasDocuments:
count: 1
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
name: athens-proxy-unittest-default
name: athens-proxy-unittest
namespace: testing
- notExists:
path: metadata.annotations
@@ -67,29 +48,28 @@ tests:
- notExists:
path: spec.ingress
- it: Template networkPolicy 'default' with policyTypes, egress and ingress configuration
- it: Template networkPolicy with policyTypes, egress and ingress configuration
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: true
networkPolicies.default.policyTypes:
networkPolicy.enabled: true
networkPolicy.policyTypes:
- Egress
- Ingress
networkPolicies.default.ingress:
networkPolicy.ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: khv-production
kubernetes.io/metadata.name: monitoring
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
networkPolicies.default.egress:
networkPolicy.egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: database
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: oracle
app.kubernetes.io/name: ingress-nginx
asserts:
- equal:
path: spec.policyTypes
@@ -102,17 +82,17 @@ tests:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: database
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: oracle
app.kubernetes.io/name: ingress-nginx
- equal:
path: spec.ingress
value:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: khv-production
kubernetes.io/metadata.name: monitoring
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus

View File

@@ -6,7 +6,7 @@ release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/persistentVolumeClaim.yaml
- templates/persistentVolumeClaim.yaml
tests:
- it: Rendering default
asserts:

View File

@@ -6,16 +6,24 @@ release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/secretEnv.yaml
- templates/secretEnv.yaml
tests:
- it: Skip rendering by default
asserts:
- hasDocuments:
count: 0
- it: Skip rendering by using existing secret.
set:
config.env.enabled: true
config.env.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering env secret with default values.
set:
config.env.enabled: true
asserts:
- hasDocuments:
count: 1
@@ -39,6 +47,7 @@ tests:
- it: Rendering env secret with custom values.
set:
config.env.enabled: true
config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token
asserts:
- isSubset:
@@ -48,6 +57,7 @@ tests:
- it: Rendering custom annotations and labels.
set:
config.env.enabled: true
config.env.secret.annotations:
foo: bar
bar: foo

View File

@@ -6,7 +6,7 @@ release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/secretNetRC.yaml
- templates/secretNetRC.yaml
tests:
- it: Skip rendering by default
asserts:

View File

@@ -6,16 +6,24 @@ release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/secretSSH.yaml
- templates/secretSSH.yaml
tests:
- it: Skip rending by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rendering by using existing secret.
set:
config.ssh.enabled: true
config.ssh.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering ssh secret with default values.
set:
config.ssh.enabled: true
asserts:
- hasDocuments:
count: 1
@@ -51,6 +59,7 @@ tests:
- it: Rendering ssh secret with custom values.
set:
config.ssh.enabled: true
config.ssh.secret.config: |
Host *
IdentityFile ~/.ssh/id_ed25519
@@ -90,6 +99,7 @@ tests:
- it: Rendering custom annotations and labels.
set:
config.ssh.enabled: true
config.ssh.secret.annotations:
foo: bar
bar: foo

View File

@@ -6,7 +6,7 @@ release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/serviceAccount.yaml
- templates/serviceAccount.yaml
tests:
- it: Skip rendering.
set:

View File

@@ -6,7 +6,7 @@ release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/athens-proxy/serviceHTTP.yaml
- templates/serviceHTTP.yaml
tests:
- it: Skip service when disabled.
set:

View File

@@ -8,6 +8,9 @@ fullnameOverride: ""
## @section Configuration
config:
env:
## @param config.env.enabled Enable mounting of the secret as environment variables.
enabled: false
## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables.
## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables.
existingSecret:
@@ -25,7 +28,6 @@ config:
# ATHENS_AZURE_ACCOUNT_NAME:
# ATHENS_AZURE_CONTAINER_NAME:
# ATHENS_CLOUD_RUNTIME:
# ATHENS_DOWNLOAD_MODE:
# ATHENS_DOWNLOAD_URL:
# ATHENS_ETCD_ENDPOINTS:
# ATHENS_EXTERNAL_STORAGE_URL:
@@ -96,23 +98,28 @@ config:
# PROXY_FORCE_SSL:
downloadMode:
## @param config.downloadMode.existingConfigMap.enabled TODO:
## @param config.downloadMode.existingConfigMap.secretName TODO:
## @param config.downloadMode.enabled Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined.
enabled: false
## @param config.downloadMode.existingConfigMap.enabled Enable to use an external config map for mounting the download mode file.
## @param config.downloadMode.existingConfigMap.configMapName The name of the existing config map which should be used to mount the download mode file.
## @param config.downloadMode.existingConfigMap.downloadModeKey The name of the key inside the config map where the content of the download mode file is stored.
existingConfigMap:
enabled: false
secretName: ""
configMapName: ""
downloadModeKey: "downloadMode"
## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file.
## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file.
## @param config.downloadMode.configMap.content Additional labels of the config map containing the download mode file.
## @skip config.downloadMode.configMap.content The content of the download mode file.
configMap:
annotations: {}
labels: {}
content: |
# downloadURL = "https://proxy.golang.org"
#
# mode = "async_redirect"
#
downloadURL = "https://proxy.golang.org"
mode = "async_redirect"
# download "github.com/gomods/*" {
# mode = "sync"
# }
@@ -123,7 +130,7 @@ config:
#
# download "github.com/pkg/*" {
# mode = "redirect"
# downloadURL = "https://gocenter.io"
# downloadURL = "https://proxy.golang.org"
# }
gitConfig:
@@ -138,9 +145,9 @@ config:
configMapName: ""
gitConfigKey:
## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the download mode file.
## @param config.gitConfig.configMap.labels Additional labels of the config map containing the download mode file.
## @param config.gitConfig.configMap.content The content of the .gitconfig file.
## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the .gitconfig file.
## @param config.gitConfig.configMap.labels Additional labels of the config map containing the .gitconfig file.
## @skip config.gitConfig.configMap.content The content of the .gitconfig file.
configMap:
annotations: {}
labels: {}
@@ -166,7 +173,7 @@ config:
## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials.
## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials.
## @param config.netrc.secret.content The content of the .netrc file.
## @skip config.netrc.secret.content The content of the .netrc file.
secret:
annotations: {}
labels: {}
@@ -185,18 +192,32 @@ config:
# machine api.github.com [octocat] password [PAT]
ssh:
## @param config.ssh.existingSecret.enabled TODO:.
## @param config.ssh.existingSecret.secretName TODO:
## @param config.ssh.enabled Enable mounting of a .netrc file into the container file system.
enabled: false
## @param config.ssh.existingSecret.enabled Enable to use an external secret for mounting the public and private SSH key files.
## @param config.ssh.existingSecret.secretName The name of the existing secret which should be used to mount the public and private SSH key files.
## @param config.ssh.existingSecret.configKey The name of the key inside the secret where the content of the SSH client config file is stored.
## @param config.ssh.existingSecret.id_ed25519Key The name of the key inside the secret where the content of the id_ed25519 key file is stored.
## @param config.ssh.existingSecret.id_ed25519PubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.
## @param config.ssh.existingSecret.id_rsaKey The name of the key inside the secret where the content of the id_rsa key file is stored.
## @param config.ssh.existingSecret.id_rsaPubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.
existingSecret:
enabled: false
secretName: ""
configKey: "config"
id_ed25519Key: "id_ed25519"
id_ed25519PubKey: "id_ed25519.pub"
id_rsaKey: "id_rsa"
id_rsaPubKey: "id_rsa.pub"
## @param config.ssh.secret.annotations Additional annotations of the secret containing the database credentials.
## @param config.ssh.secret.labels Additional labels of the secret containing the database credentials.
## @param config.ssh.secret.files TODO:
## @skip config.ssh.secret.id_ed25519 TODO:
## @skip config.ssh.secret.id_ed25519_pub TODO:
## @skip config.ssh.secret.id_rsa TODO:
## @skip config.ssh.secret.id_rsa_pub TODO:
## @param config.ssh.secret.annotations Additional annotations of the secret containing the public and private SSH key files.
## @param config.ssh.secret.labels Additional labels of the secret containing the public and private SSH key files.
## @skip config.ssh.secret.config The content of the SSH client config file.
## @skip config.ssh.secret.id_ed25519 The content of the private SSH ed25519 key.
## @skip config.ssh.secret.id_ed25519_pub The content of the public SSH ed25519 key.
## @skip config.ssh.secret.id_rsa The content of the private SSH RSA key.
## @skip config.ssh.secret.id_rsa_pub The content of the public SSH RSA key.
secret:
annotations: {}
labels: {}
@@ -460,10 +481,17 @@ persistence:
## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`.
mountPath: "/var/www/athens-proxy/data"
## @param persistence.data.existingPersistentVolumeClaim.enabled TODO
## @param persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName TODO
existingPersistentVolumeClaim:
enabled: false
persistentVolumeClaimName: ""
## @param persistence.data.persistentVolumeClaim.annotations Additional persistent volume claim annotations.
## @param persistence.data.persistentVolumeClaim.labels Additional persistent volume claim labels.
## @param persistence.data.persistentVolumeClaim.accessModes Access modes of the persistent volume claim.
## @param persistence.data.persistentVolumeClaim.storageClass Storage class of the persistent volume claim.
## @param persistence.data.persistentVolumeClaim.storageSize Size of the persistent volume claim.
persistentVolumeClaim:
annotations: {}
labels: {}
@@ -472,77 +500,73 @@ persistence:
storageClass: ""
storageSize: "5Gi"
## @section NetworkPolicies
## @param networkPolicies.enabled Enable network policies in general.
networkPolicies:
## @section Network Policy
networkPolicy:
## @param networkPolicy.enabled Enable network policies in general.
## @param networkPolicy.annotations Additional network policy annotations.
## @param networkPolicy.labels Additional network policy labels.
## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
## @param networkPolicy.egress Concrete egress network policy implementation.
## @skip networkPolicy.egress Skip individual egress configuration.
## @param networkPolicy.ingress Concrete ingress network policy implementation.
## @skip networkPolicy.ingress Skip individual ingress configuration.
enabled: false
annotations: {}
labels: {}
policyTypes: []
# - Egress
# - Ingress
egress: []
# Allow outgoing traffic to database host
#
# - to:
# - ipBlock:
# cidr: 192.168.179.1/32
# ports:
# - port: 5432
# protocol: TCP
## @param networkPolicies.default.enabled Enable the network policy for accessing the application by default. For example to scape the metrics.
## @param networkPolicies.default.annotations Additional network policy annotations.
## @param networkPolicies.default.labels Additional network policy labels.
## @param networkPolicies.default.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
## @param networkPolicies.default.egress Concrete egress network policy implementation.
## @skip networkPolicies.default.egress Skip individual egress configuration.
## @param networkPolicies.default.ingress Concrete ingress network policy implementation.
## @skip networkPolicies.default.ingress Skip individual ingress configuration.
default:
enabled: false
annotations: {}
labels: {}
policyTypes: []
# - Egress
# - Ingress
egress: []
# Allow outgoing traffic to database host
#
# - to:
# - ipBlock:
# cidr: 192.168.179.1/32
# ports:
# - port: 5432
# protocol: TCP
# Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
#
# - to:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: kube-system
# podSelector:
# matchLabels:
# k8s-app: kube-dns
# ports:
# - port: 53
# protocol: TCP
# - port: 53
# protocol: UDP
# Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
#
# - to:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: kube-system
# podSelector:
# matchLabels:
# k8s-app: kube-dns
# ports:
# - port: 53
# protocol: TCP
# - port: 53
# protocol: UDP
ingress: []
# Allow incoming HTTP traffic from prometheus.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: monitoring
# podSelector:
# matchLabels:
# app.kubernetes.io/name: prometheus
# ports:
# - port: http
# protocol: TCP
ingress: []
# Allow incoming HTTP traffic from prometheus.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: monitoring
# podSelector:
# matchLabels:
# app.kubernetes.io/name: prometheus
# ports:
# - port: http
# protocol: TCP
# Allow incoming HTTP traffic from ingress-nginx.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: ingress-nginx
# podSelector:
# matchLabels:
# app.kubernetes.io/name: ingress-nginx
# ports:
# - port: http
# protocol: TCP
# Allow incoming HTTP traffic from ingress-nginx.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: ingress-nginx
# podSelector:
# matchLabels:
# app.kubernetes.io/name: ingress-nginx
# ports:
# - port: http
# protocol: TCP
## @section Service
## @param services.http.enabled Enable the service.