You've already forked athens-proxy-charts
Compare commits
28 Commits
5b9fa88dd6
...
1.1.1
Author | SHA1 | Date | |
---|---|---|---|
297f36920a
|
|||
4102fc9014
|
|||
be923ed95f | |||
f07ff039ce
|
|||
a11be194cc
|
|||
7908de9313
|
|||
adfe40a9c7
|
|||
eadbcf243b
|
|||
0caa188bb1
|
|||
3bce806ed6
|
|||
5c09cf8c79
|
|||
d4b5c0c86f
|
|||
74598b4ee0
|
|||
b06c1962cc
|
|||
991c545c93
|
|||
7c60c70244
|
|||
0e048cdf4b
|
|||
89604cbe64
|
|||
f63450aec4
|
|||
d1e5accccb
|
|||
fbd846784c
|
|||
bab5282617
|
|||
307660c767
|
|||
59b43aac79
|
|||
85a38e7d22
|
|||
2005fb8e05
|
|||
5f78a0f071
|
|||
c157c8c210
|
@@ -46,18 +46,7 @@ jobs:
|
|||||||
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
|
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
|
||||||
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
|
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
|
||||||
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
|
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
|
||||||
|
|
||||||
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
|
|
||||||
GITEA_SERVER_URL: ${{ github.server_url }}
|
|
||||||
run: |
|
run: |
|
||||||
PACKAGE_VERSION=${GITHUB_REF#refs/tags/}
|
|
||||||
REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2)
|
|
||||||
REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)
|
|
||||||
|
|
||||||
helm dependency build
|
|
||||||
helm package --version "${PACKAGE_VERSION}" ./
|
|
||||||
|
|
||||||
# chart-museum
|
|
||||||
helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
|
helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
|
||||||
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
|
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
|
||||||
helm repo remove chartmuseum
|
helm repo remove chartmuseum
|
||||||
|
8
.vscode/settings.json
vendored
8
.vscode/settings.json
vendored
@@ -1,8 +0,0 @@
|
|||||||
{
|
|
||||||
"yaml.schemas": {
|
|
||||||
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [
|
|
||||||
"/unittests/**/*.yaml"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"yaml.schemaStore.enable": true
|
|
||||||
}
|
|
@@ -3,7 +3,7 @@ annotations:
|
|||||||
- name: Athens proxy (binary)
|
- name: Athens proxy (binary)
|
||||||
url: https://github.com/gomods/athens
|
url: https://github.com/gomods/athens
|
||||||
- name: support
|
- name: support
|
||||||
url: https://git.cryptic.systems/volker.raschek/athens-proxy/issues
|
url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
name: athens-proxy
|
name: athens-proxy
|
||||||
description: Athens proxy server for golang
|
description: Athens proxy server for golang
|
||||||
@@ -19,10 +19,6 @@ keywords:
|
|||||||
- go-proxy
|
- go-proxy
|
||||||
|
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/volker-raschek/athens-proxy-charts
|
- https://git.cryptic.systems/volker.raschek/athens-proxy-charts
|
||||||
- https://github.com/gomods/athens
|
- https://github.com/gomods/athens
|
||||||
- https://hub.docker.com/r/gomods/athens
|
- https://hub.docker.com/r/gomods/athens
|
||||||
|
|
||||||
maintainers:
|
|
||||||
- name: Markus Pesch
|
|
||||||
email: markus.pesch+apps@cryptic.systems
|
|
||||||
|
2
Makefile
2
Makefile
@@ -4,7 +4,7 @@ CONTAINER_RUNTIME?=$(shell which podman)
|
|||||||
# HELM_IMAGE
|
# HELM_IMAGE
|
||||||
HELM_IMAGE_REGISTRY_HOST?=docker.io
|
HELM_IMAGE_REGISTRY_HOST?=docker.io
|
||||||
HELM_IMAGE_REPOSITORY?=volkerraschek/helm
|
HELM_IMAGE_REPOSITORY?=volkerraschek/helm
|
||||||
HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
|
HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm
|
||||||
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
|
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
|
||||||
|
|
||||||
# NODE_IMAGE
|
# NODE_IMAGE
|
||||||
|
466
README.md
466
README.md
@@ -2,167 +2,373 @@
|
|||||||
|
|
||||||
[](https://artifacthub.io/packages/search?repo=volker-raschek)
|
[](https://artifacthub.io/packages/search?repo=volker-raschek)
|
||||||
|
|
||||||
This is an inofficial helm chart of the go-proxy
|
> [!NOTE]
|
||||||
[athens](https://github.com/gomods/athens) which supports more complex
|
> This is not the official helm chart of Athens Go Proxy. If you are looking for the official helm chart, checkout the
|
||||||
configuration options.
|
> GitHub project [gomods/athens-charts](https://github.com/gomods/athens-charts).
|
||||||
|
|
||||||
This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and
|
This helm chart enables the deployment of [Athens Go Proxy](https://github.com/gomods/athens), a module datastore and
|
||||||
can be installed via helm.
|
proxy for Golang.
|
||||||
|
|
||||||
|
The helm chart supports the individual configuration of additional containers/initContainers, mounting of volumes,
|
||||||
|
defining additional environment variables and much more.
|
||||||
|
|
||||||
|
Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure
|
||||||
|
helm and use it to deploy the exporter. It also contains further configuration examples.
|
||||||
|
|
||||||
|
Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
|
||||||
|
helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the
|
||||||
|
*[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)*
|
||||||
|
concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a
|
||||||
|
separate [chapter](#argocd).
|
||||||
|
|
||||||
|
## Helm: configuration and installation
|
||||||
|
|
||||||
|
1. A helm chart repository must be configured, to pull the helm charts from.
|
||||||
|
2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm
|
||||||
|
`--set` flag or directly as part of a `values.yaml` file. The following example defines the repository and use the
|
||||||
|
`--set` flag for a basic deployment.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
|
helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
|
||||||
|
helm repo update
|
||||||
helm install athens-proxy volker.raschek/athens-proxy
|
helm install athens-proxy volker.raschek/athens-proxy
|
||||||
```
|
```
|
||||||
|
|
||||||
## Customization
|
Instead of passing all parameters via the *set* flag, it is also possible to define them as part of the `values.yaml`.
|
||||||
|
The following command downloads the `values.yaml` for a specific version of this chart. Please keep in mind, that the
|
||||||
|
version of the chart must be in sync with the `values.yaml`. Newer *minor* versions can have new features. New *major*
|
||||||
|
versions can break something!
|
||||||
|
|
||||||
The complete deployment can be adapted via the `values.yaml` files. The
|
```bash
|
||||||
configuration of the proxy can be done via the environment variables described
|
CHART_VERSION=1.0.3
|
||||||
below or via mounting the config.toml as additional persistent volume to
|
helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml
|
||||||
`/config/config.toml`
|
|
||||||
|
|
||||||
## Access private repositories via SSH
|
|
||||||
|
|
||||||
Create a `configmap.yaml` with multiple keys. One key describe the content of
|
|
||||||
the `.gitconfig` file and another of `config` of the ssh client. All requests
|
|
||||||
Git clone comands with the prefix `http://github.com/` will be replaced by
|
|
||||||
`git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a
|
|
||||||
separate secret.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: custom-configs
|
|
||||||
data:
|
|
||||||
sshconfig: |
|
|
||||||
Host github.com
|
|
||||||
IdentityFile /root/.ssh/id_ed25519
|
|
||||||
StrictHostKeyChecking no
|
|
||||||
gitconfig: |
|
|
||||||
[url "git@github.com:"]
|
|
||||||
insteadOf = https://github.com/
|
|
||||||
```
|
```
|
||||||
|
|
||||||
The secret definition below contains the SSH private and public key.
|
A complete list of available helm chart versions can be displayed via the following command:
|
||||||
|
|
||||||
```yaml
|
```bash
|
||||||
apiVersion: v1
|
helm search repo reposilite --versions
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: custom-ssh-keys
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
id_ed25519: |
|
|
||||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
||||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
|
||||||
QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
|
|
||||||
XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
|
|
||||||
AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
|
|
||||||
a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
|
|
||||||
-----END OPENSSH PRIVATE KEY-----
|
|
||||||
id_ed25519.pub: |
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe
|
|
||||||
```
|
```
|
||||||
|
|
||||||
The item `config` of the configmap will be merged with the items of the secret
|
The helm chart also contains a persistent volume claim definition. It persistent volume claim is not enabled by default.
|
||||||
as virtual volume. This volume can than be mounted with special permissions
|
Use the `--set` argument to persist your data.
|
||||||
required for the ssh client.
|
|
||||||
|
|
||||||
```yaml
|
```bash
|
||||||
extraVolumes:
|
CHART_VERSION=1.0.3
|
||||||
- name: ssh
|
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
|
||||||
projected:
|
persistence.enabled=true
|
||||||
defaultMode: 0644
|
|
||||||
sources:
|
|
||||||
- configMap:
|
|
||||||
name: custom-configs
|
|
||||||
items:
|
|
||||||
- key: sshconfig
|
|
||||||
path: config
|
|
||||||
- secret:
|
|
||||||
name: custom-ssh-keys
|
|
||||||
items:
|
|
||||||
- key: id_ed25519
|
|
||||||
path: id_ed25519
|
|
||||||
mode: 0600
|
|
||||||
- key: id_ed25519.pub
|
|
||||||
path: id_ed25519.pub
|
|
||||||
- name: gitconfig
|
|
||||||
configMap:
|
|
||||||
name: custom-configs
|
|
||||||
items:
|
|
||||||
- key: gitconfig
|
|
||||||
path: config
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
extraVolumeMounts:
|
|
||||||
- name: ssh
|
|
||||||
mountPath: /root/.ssh
|
|
||||||
- name: gitconfig
|
|
||||||
mountPath: /root/.config/git
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Access private GitHub.com repositories via developer token
|
### Examples
|
||||||
|
|
||||||
Another way to access private GitHub repositories is via a GitHub token, which
|
The following examples serve as individual configurations and as inspiration for how deployment problems can be solved.
|
||||||
can be set via the environment variable `GITHUB_TOKEN`. Athens automatically
|
|
||||||
creates a `.netrc` file to access private GitHub repositories.
|
|
||||||
|
|
||||||
## Access private repositories via .netrc configuration
|
#### Avoid CPU throttling by defining a CPU limit
|
||||||
|
|
||||||
As describe above, a `.netrc` file is responsible for the authentication via
|
If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the
|
||||||
HTTP. The file can also be defined via a custom secret and mounted into the home
|
application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but
|
||||||
directory of `root` for general authentication purpose.
|
cannot use the available CPU time to perform computing operations.
|
||||||
|
|
||||||
The example below describe the definition and mounting of a custom `.netrc` file
|
The application must be informed that despite several CPUs only a part (limit) of the available computing time is
|
||||||
to access private repositories hosted on GitHub and GitLab.
|
available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way
|
||||||
|
of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS
|
||||||
|
rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
|
||||||
|
|
||||||
```yaml
|
Further information about this topic can be found in one of Kanishk's blog
|
||||||
apiVersion: v1
|
[posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
|
||||||
kind: Secret
|
|
||||||
metadata:
|
> [!NOTE]
|
||||||
name: custom-netrc
|
> The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is
|
||||||
type: Opaque
|
> not anymore required.
|
||||||
stringData:
|
>
|
||||||
netrc: |
|
> Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
|
||||||
machine github.com login USERNAME password API-KEY
|
|
||||||
machine gitlab.com login USERNAME password API-KEY
|
```bash
|
||||||
|
CHART_VERSION=1.0.3
|
||||||
|
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
|
||||||
|
--set 'deployment.athensProxy.env.name=GOMAXPROCS' \
|
||||||
|
--set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
|
||||||
|
--set 'deployment.athensProxy.resources.limits.cpu=1000m'
|
||||||
```
|
```
|
||||||
|
|
||||||
The file must then be mounted via extraVolumes and extraVolumeMounts.
|
#### Network policies
|
||||||
|
|
||||||
|
Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
|
||||||
|
network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`.
|
||||||
|
|
||||||
|
The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming
|
||||||
|
traffic from an ingress controller. Additionally two egress rules are defined. The first one to allow the application
|
||||||
|
outgoing access to the internal running DNS server `core-dns`. The second rule to be able to access the upstream Go
|
||||||
|
proxy `https://proxy.golang.org` via HTTPS.
|
||||||
|
|
||||||
|
> [!IMPORTANT]
|
||||||
|
> Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For
|
||||||
|
> this reason, there is are not default network policy rules defined.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
extraVolumes:
|
networkPolicies:
|
||||||
- name: netrc
|
enabled: true
|
||||||
secret:
|
annotations: {}
|
||||||
secretName: custom-netrc
|
labels: {}
|
||||||
items:
|
policyTypes:
|
||||||
- key: netrc
|
- Egress
|
||||||
path: .netrc
|
- Ingress
|
||||||
mode: 0600
|
egress:
|
||||||
|
- to:
|
||||||
|
- namespaceSelector:
|
||||||
|
matchLabels:
|
||||||
|
kubernetes.io/metadata.name: kube-system
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
k8s-app: kube-dns
|
||||||
|
ports:
|
||||||
|
- port: 53
|
||||||
|
protocol: TCP
|
||||||
|
- port: 53
|
||||||
|
protocol: UDP
|
||||||
|
- ports:
|
||||||
|
- port: 443
|
||||||
|
protocol: TCP
|
||||||
|
|
||||||
extraVolumeMounts:
|
ingress:
|
||||||
- name: netrc
|
- from:
|
||||||
mountPath: /root
|
- namespaceSelector:
|
||||||
|
matchLabels:
|
||||||
|
kubernetes.io/metadata.name: ingress-nginx
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: ingress-nginx
|
||||||
|
ports:
|
||||||
|
- port: http
|
||||||
|
protocol: TCP
|
||||||
```
|
```
|
||||||
|
|
||||||
## Persistent storage
|
## ArgoCD
|
||||||
|
|
||||||
Unlike the athens default, the default here is `disk` - i.e. the files are
|
### Daily execution of rolling updates
|
||||||
written to the container. Therefore, it is advisable to outsource the
|
|
||||||
corresponding storage location to persistent storage. The following example
|
|
||||||
describes the integration of a persistent storage claim.
|
|
||||||
|
|
||||||
```yaml
|
The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in
|
||||||
extraVolumes:
|
connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll
|
||||||
- name: gomodules
|
Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments).
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: custom-gomodules-pvc
|
|
||||||
|
|
||||||
extraVolumeMounts:
|
The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the
|
||||||
- name: gomodules
|
content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version,
|
||||||
mountPath: /var/lib/athens
|
Helm render order, different timestamps).
|
||||||
|
|
||||||
|
This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this
|
||||||
|
can lead to unnecessary notifications from ArgoCD.
|
||||||
|
|
||||||
|
To avoid this, the annotation with the shasum must be ignored. Below is a diff that adds the `Application` to ignore all
|
||||||
|
annotations with the prefix `checksum`.
|
||||||
|
|
||||||
|
```diff
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
spec:
|
||||||
|
+ ignoreDifferences:
|
||||||
|
+ - group: apps/v1
|
||||||
|
+ kind: Deployment
|
||||||
|
+ jqPathExpressions:
|
||||||
|
+ - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))'
|
||||||
```
|
```
|
||||||
|
|
||||||
## Parameters
|
## Parameters
|
||||||
|
|
||||||
|
### Global
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| ------------------ | ----------------------------------------- | ----- |
|
||||||
|
| `nameOverride` | Individual release name suffix. | `""` |
|
||||||
|
| `fullnameOverride` | Override the complete release name logic. | `""` |
|
||||||
|
|
||||||
|
### Certificate
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- |
|
||||||
|
| `certificate.enabled` | Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added. | `false` |
|
||||||
|
| `certificate.existingSecret.enabled` | Use an existing secret of the type `kubernetes.io/tls`. | `false` |
|
||||||
|
| `certificate.existingSecret.secretName` | Name of the secret containing the TLS certificate and private key. | `""` |
|
||||||
|
| `certificate.new.annotations` | Additional certificate annotations. | `{}` |
|
||||||
|
| `certificate.new.labels` | Additional certificate labels. | `{}` |
|
||||||
|
| `certificate.new.duration` | Duration of the TLS certificate. | `744h` |
|
||||||
|
| `certificate.new.renewBefore` | Renew TLS certificate before expiring. | `672h` |
|
||||||
|
| `certificate.new.dnsNames` | Overwrites the default of the subject alternative DNS names. | `[]` |
|
||||||
|
| `certificate.new.ipAddresses` | Overwrites the default of the subject alternative IP addresses. | `[]` |
|
||||||
|
| `certificate.new.issuerRef.kind` | Issuer kind. Can be `Issuer` or `ClusterIssuer`. | `""` |
|
||||||
|
| `certificate.new.issuerRef.name` | Name of the `Issuer` or `ClusterIssuer`. | `""` |
|
||||||
|
| `certificate.new.privateKey.algorithm` | Algorithm of the private TLS key. | `RSA` |
|
||||||
|
| `certificate.new.privateKey.rotationPolicy` | Rotation of the private TLS key. | `Never` |
|
||||||
|
| `certificate.new.privateKey.size` | Size of the private TLS key. | `4096` |
|
||||||
|
| `certificate.new.secretTemplate.annotations` | Additional annotation of the created secret. | `{}` |
|
||||||
|
| `certificate.new.secretTemplate.labels` | Additional labels of the created secret. | `{}` |
|
||||||
|
| `certificate.new.subject.countries` | List of countries. | `[]` |
|
||||||
|
| `certificate.new.subject.localities` | List of localities. | `[]` |
|
||||||
|
| `certificate.new.subject.organizationalUnits` | List of organizationalUnits. | `[]` |
|
||||||
|
| `certificate.new.subject.organizations` | List of organizations. | `[]` |
|
||||||
|
| `certificate.new.subject.postalCodes` | List of postalCodes. | `[]` |
|
||||||
|
| `certificate.new.subject.provinces` | List of provinces. | `[]` |
|
||||||
|
| `certificate.new.subject.serialNumber` | Serial number. | `""` |
|
||||||
|
| `certificate.new.subject.streetAddresses` | List of streetAddresses. | `[]` |
|
||||||
|
| `certificate.new.usages` | Define the usage of the TLS key. | `["client auth","server auth"]` |
|
||||||
|
|
||||||
|
### Configuration
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
|
||||||
|
| `config.env.enabled` | Enable mounting of the secret as environment variables. | `false` |
|
||||||
|
| `config.env.existingSecret.enabled` | Mount an existing secret containing the application specific environment variables. | `false` |
|
||||||
|
| `config.env.existingSecret.secretName` | Name of the existing secret containing the application specific environment variables. | `""` |
|
||||||
|
| `config.env.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
|
||||||
|
| `config.env.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
|
||||||
|
| `config.env.secret.envs` | List of environment variables stored in a secret and mounted into the container. | `{}` |
|
||||||
|
| `config.downloadMode.enabled` | Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined. | `false` |
|
||||||
|
| `config.downloadMode.existingConfigMap.enabled` | Enable to use an external config map for mounting the download mode file. | `false` |
|
||||||
|
| `config.downloadMode.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the download mode file. | `""` |
|
||||||
|
| `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored. | `downloadMode` |
|
||||||
|
| `config.downloadMode.configMap.annotations` | Additional annotations of the config map containing the download mode file. | `{}` |
|
||||||
|
| `config.downloadMode.configMap.labels` | Additional labels of the config map containing the download mode file. | `{}` |
|
||||||
|
| `config.gitConfig.enabled` | Enable mounting of a .gitconfig file into the container file system. | `false` |
|
||||||
|
| `config.gitConfig.existingConfigMap.enabled` | Enable to use an external config map for mounting the .gitconfig file. | `false` |
|
||||||
|
| `config.gitConfig.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the .gitconfig file. | `""` |
|
||||||
|
| `config.gitConfig.existingConfigMap.gitConfigKey` | The name of the key inside the config map where the content of the .gitconfig file is stored. | `nil` |
|
||||||
|
| `config.gitConfig.configMap.annotations` | Additional annotations of the config map containing the .gitconfig file. | `{}` |
|
||||||
|
| `config.gitConfig.configMap.labels` | Additional labels of the config map containing the .gitconfig file. | `{}` |
|
||||||
|
| `config.netrc.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
|
||||||
|
| `config.netrc.existingSecret.enabled` | Enable to use an external secret for mounting the .netrc file. | `false` |
|
||||||
|
| `config.netrc.existingSecret.secretName` | The name of the existing secret which should be used to mount the .netrc file. | `""` |
|
||||||
|
| `config.netrc.existingSecret.netrcKey` | The name of the key inside the secret where the content of the .netrc file is stored. | `.netrc` |
|
||||||
|
| `config.netrc.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
|
||||||
|
| `config.netrc.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
|
||||||
|
| `config.ssh.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
|
||||||
|
| `config.ssh.existingSecret.enabled` | Enable to use an external secret for mounting the public and private SSH key files. | `false` |
|
||||||
|
| `config.ssh.existingSecret.secretName` | The name of the existing secret which should be used to mount the public and private SSH key files. | `""` |
|
||||||
|
| `config.ssh.existingSecret.configKey` | The name of the key inside the secret where the content of the SSH client config file is stored. | `config` |
|
||||||
|
| `config.ssh.existingSecret.id_ed25519Key` | The name of the key inside the secret where the content of the id_ed25519 key file is stored. | `id_ed25519` |
|
||||||
|
| `config.ssh.existingSecret.id_ed25519PubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_ed25519.pub` |
|
||||||
|
| `config.ssh.existingSecret.id_rsaKey` | The name of the key inside the secret where the content of the id_rsa key file is stored. | `id_rsa` |
|
||||||
|
| `config.ssh.existingSecret.id_rsaPubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_rsa.pub` |
|
||||||
|
| `config.ssh.secret.annotations` | Additional annotations of the secret containing the public and private SSH key files. | `{}` |
|
||||||
|
| `config.ssh.secret.labels` | Additional labels of the secret containing the public and private SSH key files. | `{}` |
|
||||||
|
|
||||||
|
### Deployment
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------- |
|
||||||
|
| `deployment.annotations` | Additional deployment annotations. | `{}` |
|
||||||
|
| `deployment.labels` | Additional deployment labels. | `{}` |
|
||||||
|
| `deployment.additionalContainers` | List of additional containers. | `[]` |
|
||||||
|
| `deployment.affinity` | Affinity for the athens-proxy deployment. | `{}` |
|
||||||
|
| `deployment.initContainers` | List of additional init containers. | `[]` |
|
||||||
|
| `deployment.dnsConfig` | dnsConfig of the athens-proxy deployment. | `{}` |
|
||||||
|
| `deployment.dnsPolicy` | dnsPolicy of the athens-proxy deployment. | `""` |
|
||||||
|
| `deployment.hostname` | Individual hostname of the pod. | `""` |
|
||||||
|
| `deployment.subdomain` | Individual domain of the pod. | `""` |
|
||||||
|
| `deployment.hostNetwork` | Use the kernel network namespace of the host system. | `false` |
|
||||||
|
| `deployment.imagePullSecrets` | Secret to use for pulling the image. | `[]` |
|
||||||
|
| `deployment.athensProxy.args` | Arguments passed to the athens-proxy container. | `[]` |
|
||||||
|
| `deployment.athensProxy.command` | Command passed to the athens-proxy container. | `[]` |
|
||||||
|
| `deployment.athensProxy.env` | List of environment variables for the athens-proxy container. | `[]` |
|
||||||
|
| `deployment.athensProxy.envFrom` | List of environment variables mounted from configMaps or secrets for the athens-proxy container. | `[]` |
|
||||||
|
| `deployment.athensProxy.image.registry` | Image registry, eg. `docker.io`. | `docker.io` |
|
||||||
|
| `deployment.athensProxy.image.repository` | Image repository, eg. `library/busybox`. | `gomods/athens` |
|
||||||
|
| `deployment.athensProxy.image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` |
|
||||||
|
| `deployment.athensProxy.image.pullPolicy` | Image pull policy. | `IfNotPresent` |
|
||||||
|
| `deployment.athensProxy.resources` | CPU and memory resources of the pod. | `{}` |
|
||||||
|
| `deployment.athensProxy.securityContext` | Security context of the container of the deployment. | `{}` |
|
||||||
|
| `deployment.athensProxy.volumeMounts` | Additional volume mounts. | `[]` |
|
||||||
|
| `deployment.nodeSelector` | NodeSelector of the athens-proxy deployment. | `{}` |
|
||||||
|
| `deployment.priorityClassName` | PriorityClassName of the athens-proxy deployment. | `""` |
|
||||||
|
| `deployment.replicas` | Number of replicas for the athens-proxy deployment. | `1` |
|
||||||
|
| `deployment.restartPolicy` | Restart policy of the athens-proxy deployment. | `""` |
|
||||||
|
| `deployment.securityContext` | Security context of the athens-proxy deployment. | `{}` |
|
||||||
|
| `deployment.strategy.type` | Strategy type - `Recreate` or `RollingUpdate`. | `RollingUpdate` |
|
||||||
|
| `deployment.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` |
|
||||||
|
| `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` |
|
||||||
|
| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` |
|
||||||
|
| `deployment.tolerations` | Tolerations of the athens-proxy deployment. | `[]` |
|
||||||
|
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the athens-proxy deployment. | `[]` |
|
||||||
|
| `deployment.volumes` | Additional volumes to mount into the pods of the athens-proxy deployment. | `[]` |
|
||||||
|
|
||||||
|
### Horizontal Pod Autoscaler (HPA)
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| ----------------- | -------------------------------------------------------------------------------------------------- | ----------- |
|
||||||
|
| `hpa.enabled` | Enable the horizontal pod autoscaler (HPA). | `false` |
|
||||||
|
| `hpa.annotations` | Additional annotations for the HPA. | `{}` |
|
||||||
|
| `hpa.labels` | Additional labels for the HPA. | `{}` |
|
||||||
|
| `hpa.metrics` | Metrics contains the specifications for which to use to calculate the desired replica count. | `undefined` |
|
||||||
|
| `hpa.minReplicas` | Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down. | `1` |
|
||||||
|
| `hpa.maxReplicas` | Upper limit for the number of pods that can be set by the autoscaler. | `10` |
|
||||||
|
|
||||||
|
### Ingress
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| --------------------- | -------------------------------------------------------------------------------------------------------------------- | ------- |
|
||||||
|
| `ingress.enabled` | Enable creation of an ingress resource. Requires, that the http service is also enabled. | `false` |
|
||||||
|
| `ingress.className` | Ingress class. | `nginx` |
|
||||||
|
| `ingress.annotations` | Additional ingress annotations. | `{}` |
|
||||||
|
| `ingress.labels` | Additional ingress labels. | `{}` |
|
||||||
|
| `ingress.hosts` | Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. | `[]` |
|
||||||
|
| `ingress.tls` | Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``. | `[]` |
|
||||||
|
|
||||||
|
### Persistence
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- |
|
||||||
|
| `persistence.enabled` | Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. | `false` |
|
||||||
|
| `persistence.data.mountPath` | The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`. | `/var/www/athens-proxy/data` |
|
||||||
|
| `persistence.data.existingPersistentVolumeClaim.enabled` | TODO | `false` |
|
||||||
|
| `persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName` | TODO | `""` |
|
||||||
|
| `persistence.data.persistentVolumeClaim.annotations` | Additional persistent volume claim annotations. | `{}` |
|
||||||
|
| `persistence.data.persistentVolumeClaim.labels` | Additional persistent volume claim labels. | `{}` |
|
||||||
|
| `persistence.data.persistentVolumeClaim.accessModes` | Access modes of the persistent volume claim. | `["ReadWriteMany"]` |
|
||||||
|
| `persistence.data.persistentVolumeClaim.storageClassName` | Storage class of the persistent volume claim. | `""` |
|
||||||
|
| `persistence.data.persistentVolumeClaim.storageSize` | Size of the persistent volume claim. | `5Gi` |
|
||||||
|
|
||||||
|
### Network
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| --------------- | ------------------------------------------------------------------------ | --------------- |
|
||||||
|
| `clusterDomain` | Domain of the Cluster. Domain is part of internally issued certificates. | `cluster.local` |
|
||||||
|
|
||||||
|
### Network Policy
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| --------------------------- | ------------------------------------------------------------------------- | ------- |
|
||||||
|
| `networkPolicy.enabled` | Enable network policies in general. | `false` |
|
||||||
|
| `networkPolicy.annotations` | Additional network policy annotations. | `{}` |
|
||||||
|
| `networkPolicy.labels` | Additional network policy labels. | `{}` |
|
||||||
|
| `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]` |
|
||||||
|
| `networkPolicy.egress` | Concrete egress network policy implementation. | `[]` |
|
||||||
|
| `networkPolicy.ingress` | Concrete ingress network policy implementation. | `[]` |
|
||||||
|
|
||||||
|
### Service
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
|
||||||
|
| `services.http.enabled` | Enable the service. | `true` |
|
||||||
|
| `services.http.annotations` | Additional service annotations. | `{}` |
|
||||||
|
| `services.http.externalIPs` | External IPs for the service. | `[]` |
|
||||||
|
| `services.http.externalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster` |
|
||||||
|
| `services.http.internalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | `Cluster` |
|
||||||
|
| `services.http.ipFamilies` | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | `[]` |
|
||||||
|
| `services.http.labels` | Additional service labels. | `{}` |
|
||||||
|
| `services.http.loadBalancerClass` | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | `""` |
|
||||||
|
| `services.http.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` |
|
||||||
|
| `services.http.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` |
|
||||||
|
| `services.http.port` | Port to forward the traffic to. | `3000` |
|
||||||
|
| `services.http.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` |
|
||||||
|
| `services.http.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` |
|
||||||
|
| `services.http.type` | Kubernetes service type for the traffic. | `ClusterIP` |
|
||||||
|
|
||||||
|
### ServiceAccount
|
||||||
|
|
||||||
|
| Name | Description | Value |
|
||||||
|
| ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
|
||||||
|
| `serviceAccount.existing.enabled` | Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations. | `false` |
|
||||||
|
| `serviceAccount.existing.serviceAccountName` | Name of the existing service account. | `""` |
|
||||||
|
| `serviceAccount.new.annotations` | Additional service account annotations. | `{}` |
|
||||||
|
| `serviceAccount.new.labels` | Additional service account labels. | `{}` |
|
||||||
|
| `serviceAccount.new.automountServiceAccountToken` | Enable/disable auto mounting of the service account token. | `true` |
|
||||||
|
| `serviceAccount.new.imagePullSecrets` | ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount. | `[]` |
|
||||||
|
| `serviceAccount.new.secrets` | Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. | `[]` |
|
||||||
|
@@ -1,12 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: custom-configs
|
|
||||||
data:
|
|
||||||
sshconfig: |
|
|
||||||
Host github.com
|
|
||||||
IdentityFile /root/.ssh/id_ed25519
|
|
||||||
StrictHostKeyChecking no
|
|
||||||
gitconfig: |
|
|
||||||
[url "git@github.com:"]
|
|
||||||
insteadOf = https://github.com/
|
|
@@ -1,26 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: custom-ssh-keys
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
id_ed25519: |
|
|
||||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
||||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
|
||||||
QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
|
|
||||||
XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
|
|
||||||
AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
|
|
||||||
a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
|
|
||||||
-----END OPENSSH PRIVATE KEY-----
|
|
||||||
id_ed25519.pub: |
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: custom-netrc
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
netrc: |
|
|
||||||
machine github.com login USERNAME password API-KEY
|
|
||||||
machine gitlab.com login USERNAME password API-KEY
|
|
@@ -9,6 +9,7 @@
|
|||||||
],
|
],
|
||||||
"customManagers": [
|
"customManagers": [
|
||||||
{
|
{
|
||||||
|
"customType": "regex",
|
||||||
"fileMatch": [
|
"fileMatch": [
|
||||||
"^Chart\\.yaml$"
|
"^Chart\\.yaml$"
|
||||||
],
|
],
|
||||||
@@ -21,6 +22,7 @@
|
|||||||
"versioningTemplate": "semver"
|
"versioningTemplate": "semver"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
"customType": "regex",
|
||||||
"fileMatch": ["^README\\.md$"],
|
"fileMatch": ["^README\\.md$"],
|
||||||
"matchStrings": [
|
"matchStrings": [
|
||||||
"VERSION=(?<currentValue>.*)"
|
"VERSION=(?<currentValue>.*)"
|
||||||
@@ -32,6 +34,20 @@
|
|||||||
}
|
}
|
||||||
],
|
],
|
||||||
"packageRules": [
|
"packageRules": [
|
||||||
|
{
|
||||||
|
"groupName": "Update docker.io/volkerraschek/helm",
|
||||||
|
"matchDepNames": [
|
||||||
|
"docker.io/volkerraschek/helm",
|
||||||
|
"volkerraschek/helm"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"groupName": "Update docker.io/library/node",
|
||||||
|
"matchDepNames": [
|
||||||
|
"docker.io/library/node",
|
||||||
|
"library/node"
|
||||||
|
]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"addLabels": [
|
"addLabels": [
|
||||||
"renovate/automerge",
|
"renovate/automerge",
|
||||||
|
25
templates/_certificate.tpl
Normal file
25
templates/_certificate.tpl
Normal file
@@ -0,0 +1,25 @@
|
|||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
|
|
||||||
|
{{/* annotations */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.certificates.server.annotations" -}}
|
||||||
|
{{ include "athens-proxy.annotations" . }}
|
||||||
|
{{- if .Values.certificate.new.annotations }}
|
||||||
|
{{ toYaml .Values.certificate.new.annotations }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* labels */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.certificates.server.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{- if .Values.certificate.new.labels }}
|
||||||
|
{{ toYaml .Values.certificate.new.labels }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* names */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.certificates.server.name" -}}
|
||||||
|
{{ include "athens-proxy.fullname" . }}-tls
|
||||||
|
{{- end -}}
|
@@ -34,6 +34,10 @@
|
|||||||
|
|
||||||
{{/* name */}}
|
{{/* name */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.configMap.downloadMode.name" -}}
|
||||||
|
{{ include "athens-proxy.fullname" . }}-download-mode-file
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
{{- define "athens-proxy.configMap.gitConfig.name" -}}
|
{{- define "athens-proxy.configMap.gitConfig.name" -}}
|
||||||
{{ include "athens-proxy.fullname" . }}-gitconfig
|
{{ include "athens-proxy.fullname" . }}-gitconfig
|
||||||
{{- end }}
|
{{- end }}
|
279
templates/_deployment.tpl
Normal file
279
templates/_deployment.tpl
Normal file
@@ -0,0 +1,279 @@
|
|||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
|
|
||||||
|
{{/* annotations */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.deployment.annotations" -}}
|
||||||
|
{{ include "athens-proxy.annotations" . }}
|
||||||
|
{{- if .Values.deployment.annotations }}
|
||||||
|
{{ toYaml .Values.deployment.annotations }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* env */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.deployment.env" -}}
|
||||||
|
{{- $env := .Values.deployment.athensProxy.env | default (list) }}
|
||||||
|
|
||||||
|
{{- if and .Values.persistence.enabled }}
|
||||||
|
{{- $env = concat $env (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.config.downloadMode.enabled }}
|
||||||
|
{{- $env = concat $env (list (dict "name" "ATHENS_DOWNLOAD_MODE" "value" "file:/etc/athens/config/download-mode.d/download-mode")) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }}
|
||||||
|
{{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.certificate.enabled }}
|
||||||
|
{{- $env = concat $env (list
|
||||||
|
(dict "name" "ATHENS_TLSCERT_FILE" "value" "/etc/athens-proxy/tls/tls.crt")
|
||||||
|
(dict "name" "ATHENS_TLSKEY_FILE" "value" "/etc/athens-proxy/tls/tls.key")
|
||||||
|
) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{ toYaml (dict "env" $env) }}
|
||||||
|
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
|
||||||
|
{{/* envFrom */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.deployment.envFrom" -}}
|
||||||
|
{{- $envFrom := .Values.deployment.athensProxy.envFrom | default (list) }}
|
||||||
|
|
||||||
|
{{- if .Values.config.env.enabled }}
|
||||||
|
{{- $secretName := include "athens-proxy.secrets.env.name" $ }}
|
||||||
|
{{- if and .Values.config.env.existingSecret.enabled (gt (len .Values.config.env.existingSecret.secretName) 0)}}
|
||||||
|
{{- $secretName = .Values.config.env.existingSecret.secretName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $envFrom = concat $envFrom (list (dict "secretRef" (dict "name" $secretName))) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{ toYaml (dict "envFrom" $envFrom) }}
|
||||||
|
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/* image */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.deployment.images.athens-proxy.fqin" -}}
|
||||||
|
{{- $registry := .Values.deployment.athensProxy.image.registry -}}
|
||||||
|
{{- $repository := .Values.deployment.athensProxy.image.repository -}}
|
||||||
|
{{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}}
|
||||||
|
{{- printf "%s/%s:%s" $registry $repository $tag -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/* labels */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.deployment.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{- if .Values.deployment.labels }}
|
||||||
|
{{ toYaml .Values.deployment.labels }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* serviceAccount */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.deployment.serviceAccount" -}}
|
||||||
|
{{- if .Values.serviceAccount.existing.enabled -}}
|
||||||
|
{{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- include "athens-proxy.fullname" . -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* volumeMounts */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.deployment.volumeMounts" -}}
|
||||||
|
{{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }}
|
||||||
|
|
||||||
|
{{- if .Values.persistence.enabled }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* volumes (download mode) */}}
|
||||||
|
{{- if .Values.config.downloadMode.enabled }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "download-mode" "mountPath" "/etc/athens/config/download-mode.d" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* volumeMount (git config) */}}
|
||||||
|
{{- if .Values.config.gitConfig.enabled }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.gitconfig" "subPath" ".gitconfig" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* volumeMount (netrc) */}}
|
||||||
|
{{- if .Values.config.netrc.enabled }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.netrc" "subPath" ".netrc" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* volumeMount (ssh) */}}
|
||||||
|
{{- if and .Values.config.ssh.enabled }}
|
||||||
|
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.config) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.configKey) 0)) }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/config" "subPath" "config" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0)) }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519" "subPath" "id_ed25519" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0)) }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519.pub" "subPath" "id_ed25519.pub" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0)) }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa" "subPath" "id_rsa" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0)) }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa.pub" "subPath" "id_rsa.pub" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
{{/* volumeMounts (tls) */}}
|
||||||
|
{{- if .Values.certificate.enabled }}
|
||||||
|
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "tls" "mountPath" "/etc/athens-proxy/tls" )) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{ toYaml (dict "volumeMounts" $volumeMounts) }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/* volumes */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.deployment.volumes" -}}
|
||||||
|
{{- $volumes := .Values.deployment.volumes | default (list) }}
|
||||||
|
|
||||||
|
|
||||||
|
{{/* volumes (data) */}}
|
||||||
|
{{- if .Values.persistence.enabled }}
|
||||||
|
{{- $claimName := include "athens-proxy.persistentVolumeClaim.data.name" $ }}
|
||||||
|
{{- if .Values.persistence.data.existingPersistentVolumeClaim.enabled }}
|
||||||
|
{{- $claimName = .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $claimName))) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
{{/* volumes (download mode) */}}
|
||||||
|
{{- if .Values.config.downloadMode.enabled }}
|
||||||
|
{{- $itemList := list (dict "key" "downloadMode" "path" "download-mode" "mode" 0644) }}
|
||||||
|
{{- $configMapName := include "athens-proxy.configMap.downloadMode.name" $ }}
|
||||||
|
{{- if and .Values.config.downloadMode.existingConfigMap.enabled (gt (len .Values.config.downloadMode.existingConfigMap.configMapName) 0) }}
|
||||||
|
{{- $itemList = list (dict "key" .Values.config.downloadMode.existingConfigMap.downloadModeKey "path" "download-mode" "mode" 0644) }}
|
||||||
|
{{- $configMapName = .Values.config.downloadMode.existingConfigMap.configMapName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $volumes = concat $volumes (list (dict "name" "download-mode" "configMap" (dict "name" $configMapName "items" $itemList))) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
{{/* volumes (git config) */}}
|
||||||
|
{{- $projectedSecretSources := list -}}
|
||||||
|
|
||||||
|
{{- if .Values.config.gitConfig.enabled }}
|
||||||
|
{{- $itemList := list (dict "key" ".gitconfig" "path" ".gitconfig" "mode" 0644) }}
|
||||||
|
{{- $configMapName := include "athens-proxy.configMap.gitConfig.name" . }}
|
||||||
|
{{- if .Values.config.gitConfig.existingConfigMap.enabled }}
|
||||||
|
{{- $itemList = list (dict "key" .Values.config.gitConfig.existingConfigMap.gitConfigKey "path" ".gitconfig" "mode" 0644) }}
|
||||||
|
{{- $configMapName = .Values.config.gitConfig.existingConfigMap.configMapName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "configMap" (dict "name" $configMapName "items" $itemList))) }}
|
||||||
|
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* volumes (netrc) */}}
|
||||||
|
|
||||||
|
{{- if .Values.config.netrc.enabled }}
|
||||||
|
{{- $itemList := list (dict "key" ".netrc" "path" ".netrc" "mode" 0600) }}
|
||||||
|
{{- $secretName := include "athens-proxy.secrets.netrc.name" . }}
|
||||||
|
{{- if .Values.config.netrc.existingSecret.enabled }}
|
||||||
|
{{- $itemList = list (dict "key" .Values.config.netrc.existingSecret.netrcKey "path" ".netrc" "mode" 0600) }}
|
||||||
|
{{- $secretName = .Values.config.netrc.existingSecret.secretName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
|
||||||
|
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* volumes (ssh) */}}
|
||||||
|
{{- if .Values.config.ssh.enabled }}
|
||||||
|
|
||||||
|
{{- $itemList := list -}}
|
||||||
|
{{- $secretName := include "athens-proxy.secrets.ssh.name" . }}
|
||||||
|
|
||||||
|
{{- if and .Values.config.ssh.existingSecret.enabled .Values.config.ssh.existingSecret.secretName }}
|
||||||
|
{{- $secretName = .Values.config.ssh.existingSecret.secretName }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.existingSecret.configKey) 0 }}
|
||||||
|
{{- $configItem := dict "key" .Values.config.ssh.existingSecret.configKey "path" "config" "mode" 0600 }}
|
||||||
|
{{- $itemList = concat $itemList (list $configItem) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0 }}
|
||||||
|
{{- $idED25519Item := dict "key" .Values.config.ssh.existingSecret.id_ed25519Key "path" "id_ed25519" "mode" 0600 }}
|
||||||
|
{{- $itemList = concat $itemList (list $idED25519Item) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0 }}
|
||||||
|
{{- $idED25519PubItem := dict "key" .Values.config.ssh.existingSecret.id_ed25519PubKey "path" "id_ed25519.pub" "mode" 0644 }}
|
||||||
|
{{- $itemList = concat $itemList (list $idED25519PubItem) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0 }}
|
||||||
|
{{- $idRSAItem := dict "key" .Values.config.ssh.existingSecret.id_rsaKey "path" "id_rsa" "mode" 0600 }}
|
||||||
|
{{- $itemList = concat $itemList (list $idRSAItem) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0 }}
|
||||||
|
{{- $idRSAPubItem := dict "key" .Values.config.ssh.existingSecret.id_rsaPubKey "path" "id_rsa.pub" "mode" 0644 }}
|
||||||
|
{{- $itemList = concat $itemList (list $idRSAPubItem) }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if not .Values.config.ssh.existingSecret.enabled }}
|
||||||
|
{{- if gt (len .Values.config.ssh.secret.config) 0 }}
|
||||||
|
{{- $configItem := dict "key" "config" "path" "config" "mode" 0600 }}
|
||||||
|
{{- $itemList = concat $itemList (list $configItem) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.secret.id_ed25519) 0 }}
|
||||||
|
{{- $idED25519Item := dict "key" "id_ed25519" "path" "id_ed25519" "mode" 0600 }}
|
||||||
|
{{- $itemList = concat $itemList (list $idED25519Item) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.secret.id_ed25519_pub) 0 }}
|
||||||
|
{{- $idED25519PubItem := dict "key" "id_ed25519.pub" "path" "id_ed25519.pub" "mode" 0644 }}
|
||||||
|
{{- $itemList = concat $itemList (list $idED25519PubItem) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.secret.id_rsa) 0 }}
|
||||||
|
{{- $idRSAItem := dict "key" "id_rsa" "path" "id_rsa" "mode" 0600 }}
|
||||||
|
{{- $itemList = concat $itemList (list $idRSAItem) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len .Values.config.ssh.secret.id_rsa_pub) 0 }}
|
||||||
|
{{- $idRSAPubItem := dict "key" "id_rsa.pub" "path" "id_rsa.pub" "mode" 0644 }}
|
||||||
|
{{- $itemList = concat $itemList (list $idRSAPubItem) }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if gt (len $projectedSecretSources) 0 }}
|
||||||
|
{{- $projectedSecretVolume := dict "name" "secrets" "projected" (dict "sources" $projectedSecretSources) }}
|
||||||
|
{{- $volumes = concat $volumes (list $projectedSecretVolume) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* volumes (tls) */}}
|
||||||
|
{{- if .Values.certificate.enabled }}
|
||||||
|
{{- $secretName := include "athens-proxy.certificates.server.name" $ }}
|
||||||
|
{{- if .Values.certificate.existingSecret.enabled }}
|
||||||
|
{{- $secretName := .Values.certificate.existingSecret.secretName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $volumes = concat $volumes (list (dict "name" "tls" "secret" (dict "secretName" $secretName))) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
{{ toYaml (dict "volumes" $volumes) }}
|
||||||
|
{{- end -}}
|
19
templates/_networkPolicy.tpl
Normal file
19
templates/_networkPolicy.tpl
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
|
|
||||||
|
{{/* annotations */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.networkPolicy.annotations" -}}
|
||||||
|
{{ include "athens-proxy.annotations" . }}
|
||||||
|
{{- if .Values.networkPolicy.annotations }}
|
||||||
|
{{ toYaml .Values.networkPolicy.annotations }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/* labels */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.networkPolicy.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{- if .Values.networkPolicy.labels }}
|
||||||
|
{{ toYaml .Values.networkPolicy.labels }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
34
templates/_pod.tpl
Normal file
34
templates/_pod.tpl
Normal file
@@ -0,0 +1,34 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
{{/* annotations */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.pod.annotations" }}
|
||||||
|
{{- include "athens-proxy.annotations" . }}
|
||||||
|
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
|
||||||
|
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
|
||||||
|
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
|
||||||
|
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
|
||||||
|
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
|
||||||
|
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
{{/* labels */}}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.pod.labels" -}}
|
||||||
|
{{ include "athens-proxy.labels" . }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- define "athens-proxy.pod.selectorLabels" -}}
|
||||||
|
{{ include "athens-proxy.selectorLabels" . }}
|
||||||
|
{{- end }}
|
@@ -1,118 +0,0 @@
|
|||||||
{{/* vim: set filetype=mustache: */}}
|
|
||||||
|
|
||||||
{{/* annotations */}}
|
|
||||||
|
|
||||||
{{- define "athens-proxy.deployment.annotations" -}}
|
|
||||||
{{ include "athens-proxy.annotations" . }}
|
|
||||||
{{- if .Values.deployment.annotations }}
|
|
||||||
{{ toYaml .Values.deployment.annotations }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/* env */}}
|
|
||||||
|
|
||||||
{{- define "athens-proxy.deployment.env" -}}
|
|
||||||
{{- $env := .Values.deployment.athensProxy.env | default (list) }}
|
|
||||||
{{- if and .Values.persistence.enabled }}
|
|
||||||
{{- $env = concat $env (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)) }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }}
|
|
||||||
{{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }}
|
|
||||||
{{- end }}
|
|
||||||
{{ toYaml (dict "env" $env) }}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
|
|
||||||
{{/* envFrom */}}
|
|
||||||
|
|
||||||
{{- define "athens-proxy.deployment.envFrom" -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/* image */}}
|
|
||||||
|
|
||||||
{{- define "athens-proxy.deployment.images.athens-proxy.fqin" -}}
|
|
||||||
{{- $registry := .Values.deployment.athensProxy.image.registry -}}
|
|
||||||
{{- $repository := .Values.deployment.athensProxy.image.repository -}}
|
|
||||||
{{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}}
|
|
||||||
{{- printf "%s/%s:v%s" $registry $repository $tag -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/* labels */}}
|
|
||||||
|
|
||||||
{{- define "athens-proxy.deployment.labels" -}}
|
|
||||||
{{ include "athens-proxy.labels" . }}
|
|
||||||
{{- if .Values.deployment.labels }}
|
|
||||||
{{ toYaml .Values.deployment.labels }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/* serviceAccount */}}
|
|
||||||
|
|
||||||
{{- define "athens-proxy.deployment.serviceAccount" -}}
|
|
||||||
{{- if .Values.serviceAccount.existing.enabled -}}
|
|
||||||
{{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- include "athens-proxy.fullname" . -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/* volumeMounts */}}
|
|
||||||
|
|
||||||
{{- define "athens-proxy.deployment.volumeMounts" -}}
|
|
||||||
{{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }}
|
|
||||||
{{- if .Values.persistence.enabled }}
|
|
||||||
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .Values.config.gitConfig.enabled }}
|
|
||||||
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.gitconfig" "subPath" ".gitconfig" )) }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .Values.config.netrc.enabled }}
|
|
||||||
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.netrc" "subPath" ".netrc" )) }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{ toYaml (dict "volumeMounts" $volumeMounts) }}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/* volumes */}}
|
|
||||||
|
|
||||||
{{- define "athens-proxy.deployment.volumes" -}}
|
|
||||||
{{- $volumes := .Values.deployment.athensProxy.volumes | default (list) }}
|
|
||||||
|
|
||||||
{{- if .Values.persistence.enabled }}
|
|
||||||
{{- $claimName := include "athens-proxy.persistentVolumeClaim.data.name" $ }}
|
|
||||||
{{- if .Values.persistence.data.existingPersistentVolumeClaim.enabled }}
|
|
||||||
{{- $claimName = .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $claimName))) }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .Values.config.gitConfig.enabled }}
|
|
||||||
{{- $projectedSources := list -}}
|
|
||||||
{{- $itemList := list (dict "key" ".gitconfig" "path" ".gitconfig" "mode" 0644) }}
|
|
||||||
{{- $configMapName := include "athens-proxy.configMap.gitConfig.name" . }}
|
|
||||||
{{- if .Values.config.gitConfig.existingConfigMap.enabled }}
|
|
||||||
{{- $itemList = list (dict "key" .Values.config.gitConfig.existingConfigMap.gitConfigKey "path" ".gitconfig" "mode" 0644) }}
|
|
||||||
{{- $configMapName = .Values.config.gitConfig.existingConfigMap.configMapName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- $projectedSources = concat $projectedSources (list (dict "configMap" (dict "name" $configMapName "items" $itemList))) }}
|
|
||||||
|
|
||||||
{{- $volumes = concat $volumes (list (dict "name" "secrets" "projected" (dict "sources" $projectedSources)))}}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .Values.config.netrc.enabled }}
|
|
||||||
{{- $projectedSources := list -}}
|
|
||||||
{{- $itemList := list (dict "key" ".netrc" "path" ".netrc" "mode" 0600) }}
|
|
||||||
{{- $secretName := include "athens-proxy.secrets.netrc.name" . }}
|
|
||||||
{{- if .Values.config.netrc.existingSecret.enabled }}
|
|
||||||
{{- $itemList = list (dict "key" .Values.config.netrc.existingSecret.netrcKey "path" ".netrc" "mode" 0600) }}
|
|
||||||
{{- $secretName = .Values.config.netrc.existingSecret.secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- $projectedSources = concat $projectedSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
|
|
||||||
|
|
||||||
{{- $volumes = concat $volumes (list (dict "name" "secrets" "projected" (dict "sources" $projectedSources)))}}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{ toYaml (dict "volumes" $volumes) }}
|
|
||||||
{{- end -}}
|
|
@@ -1,19 +0,0 @@
|
|||||||
{{/* vim: set filetype=mustache: */}}
|
|
||||||
|
|
||||||
{{/* annotations */}}
|
|
||||||
|
|
||||||
{{- define "athens-proxy.networkPolicies.annotations" -}}
|
|
||||||
{{ include "athens-proxy.annotations" .context }}
|
|
||||||
{{- if .networkPolicy.annotations }}
|
|
||||||
{{ toYaml .networkPolicy.annotations }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/* labels */}}
|
|
||||||
|
|
||||||
{{- define "athens-proxy.networkPolicies.labels" -}}
|
|
||||||
{{ include "athens-proxy.labels" .context }}
|
|
||||||
{{- if .networkPolicy.labels }}
|
|
||||||
{{ toYaml .networkPolicy.labels }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
@@ -1,17 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
{{/* annotations */}}
|
|
||||||
|
|
||||||
{{- define "athens-proxy.pod.annotations" -}}
|
|
||||||
{{ include "athens-proxy.annotations" . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/* labels */}}
|
|
||||||
|
|
||||||
{{- define "athens-proxy.pod.labels" -}}
|
|
||||||
{{ include "athens-proxy.labels" . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- define "athens-proxy.pod.selectorLabels" -}}
|
|
||||||
{{ include "athens-proxy.selectorLabels" . }}
|
|
||||||
{{- end }}
|
|
@@ -1,36 +0,0 @@
|
|||||||
{{- if .Values.networkPolicies.enabled }}
|
|
||||||
{{- range $key, $value := .Values.networkPolicies -}}
|
|
||||||
{{- if and (not (eq $key "enabled")) $value.enabled }}
|
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: NetworkPolicy
|
|
||||||
metadata:
|
|
||||||
{{- with (include "athens-proxy.networkPolicies.annotations" (dict "networkPolicy" $value "context" $) | fromYaml) }}
|
|
||||||
annotations:
|
|
||||||
{{- toYaml . | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with (include "athens-proxy.networkPolicies.labels" (dict "networkPolicy" $value "context" $) | fromYaml) }}
|
|
||||||
labels:
|
|
||||||
{{- toYaml . | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
name: {{ printf "%s-%s" (include "athens-proxy.fullname" $ ) $key }}
|
|
||||||
namespace: {{ $.Release.Namespace }}
|
|
||||||
spec:
|
|
||||||
podSelector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }}
|
|
||||||
{{- with $value.policyTypes }}
|
|
||||||
policyTypes:
|
|
||||||
{{- toYaml . | nindent 2 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with $value.egress }}
|
|
||||||
egress:
|
|
||||||
{{- toYaml . | nindent 2 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with $value.ingress }}
|
|
||||||
ingress:
|
|
||||||
{{- toYaml . | nindent 2 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
97
templates/certificate.yaml
Normal file
97
templates/certificate.yaml
Normal file
@@ -0,0 +1,97 @@
|
|||||||
|
{{- if and .Values.certificate.enabled (not .Values.certificate.existingSecret.enabled) -}}
|
||||||
|
---
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
{{- with (include "athens-proxy.certificates.server.annotations" . | fromYaml) }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with (include "athens-proxy.certificates.server.labels" . | fromYaml) }}
|
||||||
|
labels:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ include "athens-proxy.certificates.server.name" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
spec:
|
||||||
|
commonName: {{ include "athens-proxy.fullname" . }}
|
||||||
|
{{- if empty .Values.certificate.new.dnsNames }}
|
||||||
|
dnsNames:
|
||||||
|
- {{ include "athens-proxy.fullname" . }}
|
||||||
|
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}
|
||||||
|
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc
|
||||||
|
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
|
||||||
|
{{- else }}
|
||||||
|
dnsNames:
|
||||||
|
{{- range .Values.certificate.new.dnsNames }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
duration: {{ .Values.certificate.new.duration }}
|
||||||
|
{{- if not (empty .Values.certificate.new.ipAddresses) }}
|
||||||
|
ipAddresses:
|
||||||
|
{{- range .Values.certificate.new.ipAddresses }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
isCA: false
|
||||||
|
issuerRef:
|
||||||
|
kind: {{ required "No certificate issuer kind defined!" .Values.certificate.new.issuerRef.kind }}
|
||||||
|
name: {{ required "No certificate issuer name defined!" .Values.certificate.new.issuerRef.name }}
|
||||||
|
privateKey:
|
||||||
|
algorithm: {{ .Values.certificate.new.privateKey.algorithm }}
|
||||||
|
rotationPolicy: {{ .Values.certificate.new.privateKey.rotationPolicy }}
|
||||||
|
size: {{ .Values.certificate.new.privateKey.size }}
|
||||||
|
renewBefore: {{ .Values.certificate.new.renewBefore }}
|
||||||
|
secretName: {{ include "athens-proxy.certificates.server.name" . }}
|
||||||
|
{{- with .Values.certificate.new.secretTemplate }}
|
||||||
|
secretTemplate:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if or .Values.certificate.new.subject.countries
|
||||||
|
.Values.certificate.new.subject.localities
|
||||||
|
.Values.certificate.new.subject.organizationalUnits
|
||||||
|
.Values.certificate.new.subject.organizations
|
||||||
|
.Values.certificate.new.subject.postalCodes
|
||||||
|
.Values.certificate.new.subject.provinces
|
||||||
|
.Values.certificate.new.subject.serialNumber
|
||||||
|
.Values.certificate.new.subject.streetAddresses
|
||||||
|
}}
|
||||||
|
subject:
|
||||||
|
{{- with .Values.certificate.new.subject.countries }}
|
||||||
|
countries:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.certificate.new.subject.localities }}
|
||||||
|
localities:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.certificate.new.subject.organizationalUnits }}
|
||||||
|
organizationalUnits:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.certificate.new.subject.organizations }}
|
||||||
|
organizations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.certificate.new.subject.postalCodes }}
|
||||||
|
postalCodes:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.certificate.new.subject.provinces }}
|
||||||
|
provinces:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.certificate.new.subject.serialNumber }}
|
||||||
|
serialNumber: {{ .Values.certificate.new.subject.serialNumber }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.certificate.new.subject.streetAddresses }}
|
||||||
|
streetAddresses:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
usages:
|
||||||
|
{{- range .Values.certificate.new.usages }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
@@ -1,4 +1,4 @@
|
|||||||
{{- if not .Values.config.downloadMode.existingConfigMap.enabled }}
|
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
@@ -11,7 +11,7 @@ metadata:
|
|||||||
labels:
|
labels:
|
||||||
{{- toYaml . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
name: {{ include "athens-proxy.fullname" . }}-download-mode-file
|
name: {{ include "athens-proxy.configMap.downloadMode.name" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
data:
|
data:
|
||||||
downloadMode: |
|
downloadMode: |
|
@@ -1,4 +1,4 @@
|
|||||||
{{- if not .Values.config.gitConfig.existingConfigMap.enabled }}
|
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
@@ -11,7 +11,7 @@ metadata:
|
|||||||
labels:
|
labels:
|
||||||
{{- toYaml . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
name: {{ include "athens-proxy.fullname" . }}-git-config
|
name: {{ include "athens-proxy.configMap.gitConfig.name" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
data:
|
data:
|
||||||
.gitconfig: |
|
.gitconfig: |
|
@@ -50,16 +50,24 @@ spec:
|
|||||||
image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }}
|
image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }}
|
||||||
imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }}
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
tcpSocket:
|
exec:
|
||||||
port: http
|
{{- if not .Values.certificate.enabled }}
|
||||||
|
command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ]
|
||||||
|
{{- else }}
|
||||||
|
command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ]
|
||||||
|
{{- end }}
|
||||||
failureThreshold: 3
|
failureThreshold: 3
|
||||||
initialDelaySeconds: 5
|
initialDelaySeconds: 5
|
||||||
periodSeconds: 60
|
periodSeconds: 60
|
||||||
successThreshold: 1
|
successThreshold: 1
|
||||||
timeoutSeconds: 3
|
timeoutSeconds: 3
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
tcpSocket:
|
exec:
|
||||||
port: http
|
{{- if not .Values.certificate.enabled }}
|
||||||
|
command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ]
|
||||||
|
{{- else }}
|
||||||
|
command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ]
|
||||||
|
{{- end }}
|
||||||
failureThreshold: 3
|
failureThreshold: 3
|
||||||
initialDelaySeconds: 5
|
initialDelaySeconds: 5
|
||||||
periodSeconds: 15
|
periodSeconds: 15
|
32
templates/networkPolicy.yaml
Normal file
32
templates/networkPolicy.yaml
Normal file
@@ -0,0 +1,32 @@
|
|||||||
|
{{- if .Values.networkPolicy.enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: NetworkPolicy
|
||||||
|
metadata:
|
||||||
|
{{- with (include "athens-proxy.networkPolicy.annotations" . | fromYaml) }}
|
||||||
|
annotations:
|
||||||
|
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with (include "athens-proxy.networkPolicy.labels" . | fromYaml) }}
|
||||||
|
labels:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ include "athens-proxy.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
spec:
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }}
|
||||||
|
{{- with .Values.networkPolicy.policyTypes }}
|
||||||
|
policyTypes:
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.networkPolicy.egress }}
|
||||||
|
egress:
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.networkPolicy.ingress }}
|
||||||
|
ingress:
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
@@ -1,4 +1,4 @@
|
|||||||
{{- if not .Values.config.env.existingSecret.enabled }}
|
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
@@ -1,4 +1,4 @@
|
|||||||
{{- if not .Values.config.ssh.existingSecret.enabled }}
|
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
300
unittests/certificates/certificate.yaml
Normal file
300
unittests/certificates/certificate.yaml
Normal file
@@ -0,0 +1,300 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Certificate athens-proxy template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/certificate.yaml
|
||||||
|
tests:
|
||||||
|
- it: Skip rendering by default.
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Skip rendering for existing certificate
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.existingSecret.enabled: true
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
|
- it: Throw error when issuerKind and IssuerName is not defined
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
asserts:
|
||||||
|
- failedTemplate:
|
||||||
|
errorMessage: "No certificate issuer kind defined!"
|
||||||
|
|
||||||
|
- it: Throw error when issuerKind and IssuerName is not defined
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
asserts:
|
||||||
|
- failedTemplate: {}
|
||||||
|
|
||||||
|
- it: Throw error when issuerKind not defined
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.name: "my-issuer"
|
||||||
|
asserts:
|
||||||
|
- failedTemplate:
|
||||||
|
errorMessage: "No certificate issuer kind defined!"
|
||||||
|
|
||||||
|
- it: Throw error when issuerName not defined
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: "ClusterIssuer"
|
||||||
|
asserts:
|
||||||
|
- failedTemplate:
|
||||||
|
errorMessage: "No certificate issuer name defined!"
|
||||||
|
|
||||||
|
- it: Rendering Certificate object when certificate.enabled=true (default)
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 1
|
||||||
|
- containsDocument:
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
name: athens-proxy-unittest-tls
|
||||||
|
namespace: testing
|
||||||
|
- equal:
|
||||||
|
path: spec.commonName
|
||||||
|
value: athens-proxy-unittest
|
||||||
|
- equal:
|
||||||
|
path: spec.duration
|
||||||
|
value: 744h
|
||||||
|
- equal:
|
||||||
|
path: spec.dnsNames
|
||||||
|
value: [ "athens-proxy-unittest", "athens-proxy-unittest.testing", "athens-proxy-unittest.testing.svc", "athens-proxy-unittest.testing.svc.cluster.local" ]
|
||||||
|
- notExists:
|
||||||
|
path: spec.ipAddresses
|
||||||
|
- equal:
|
||||||
|
path: spec.isCA
|
||||||
|
value: false
|
||||||
|
- equal:
|
||||||
|
path: spec.issuerRef.kind
|
||||||
|
value: ClusterIssuer
|
||||||
|
- equal:
|
||||||
|
path: spec.issuerRef.name
|
||||||
|
value: my-issuer
|
||||||
|
- equal:
|
||||||
|
path: spec.privateKey.algorithm
|
||||||
|
value: RSA
|
||||||
|
- equal:
|
||||||
|
path: spec.privateKey.size
|
||||||
|
value: 4096
|
||||||
|
- equal:
|
||||||
|
path: spec.privateKey.rotationPolicy
|
||||||
|
value: Never
|
||||||
|
- equal:
|
||||||
|
path: spec.secretName
|
||||||
|
value: athens-proxy-unittest-tls
|
||||||
|
- exists:
|
||||||
|
path: spec.secretTemplate.annotations
|
||||||
|
- exists:
|
||||||
|
path: spec.secretTemplate.labels
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject.countries
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject.localities
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject.organizationalUnits
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject.organizations
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject.postalCodes
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject.provinces
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject.serialNumber
|
||||||
|
- notExists:
|
||||||
|
path: spec.subject.streetAddresses
|
||||||
|
- equal:
|
||||||
|
path: spec.renewBefore
|
||||||
|
value: 672h
|
||||||
|
- equal:
|
||||||
|
path: spec.usages
|
||||||
|
value: [ "client auth", "server auth" ]
|
||||||
|
|
||||||
|
# metadata.annotations
|
||||||
|
- it: Rendering Certificate object with additional annotations and labels
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.annotations:
|
||||||
|
foo: bar
|
||||||
|
certificate.new.labels:
|
||||||
|
bar: foo
|
||||||
|
asserts:
|
||||||
|
- isSubset:
|
||||||
|
path: metadata.annotations
|
||||||
|
content:
|
||||||
|
foo: bar
|
||||||
|
- isSubset:
|
||||||
|
path: metadata.labels
|
||||||
|
content:
|
||||||
|
bar: foo
|
||||||
|
|
||||||
|
# spec.duration
|
||||||
|
- it: Rendering Certificate object with custom `.Values.certificate.new.duration`.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.duration: 3000h
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.duration
|
||||||
|
value: 3000h
|
||||||
|
|
||||||
|
# spec.dnsNames
|
||||||
|
- it: Rendering Certificate object with custom `.Values.certificate.new.dnsNames`.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.dnsNames: [ "app", "app.example.local" ]
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.dnsNames
|
||||||
|
value: [ "app", "app.example.local" ]
|
||||||
|
|
||||||
|
# spec.dnsNames
|
||||||
|
- it: Rendering Certificate object with custom `.Values.clusterDomain` as domain.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
clusterDomain: k8s.example.local
|
||||||
|
asserts:
|
||||||
|
- contains:
|
||||||
|
path: spec.dnsNames
|
||||||
|
content:
|
||||||
|
athens-proxy-unittest.testing.svc.k8s.example.local
|
||||||
|
count: 1
|
||||||
|
|
||||||
|
# spec.ipAddresses
|
||||||
|
- it: RRendering Certificate object with custom `.Values.certificate.new.ipAddresses`.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.ipAddresses: [ "10.11.12.13", "fe00:xxyy:xxyy" ]
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.ipAddresses
|
||||||
|
value: [ "10.11.12.13", "fe00:xxyy:xxyy" ]
|
||||||
|
|
||||||
|
# spec.privateKey
|
||||||
|
- it: Rendering Certificate object with custom `.Values.certificate.new.privateKey` values.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.privateKey.algorithm: ED25519
|
||||||
|
certificate.new.privateKey.rotationPolicy: Never
|
||||||
|
certificate.new.privateKey.size: 512
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.privateKey.algorithm
|
||||||
|
value: ED25519
|
||||||
|
- equal:
|
||||||
|
path: spec.privateKey.rotationPolicy
|
||||||
|
value: Never
|
||||||
|
- equal:
|
||||||
|
path: spec.privateKey.size
|
||||||
|
value: 512
|
||||||
|
|
||||||
|
# spec.renewBefore
|
||||||
|
- it: Rendering Certificate object with custom `.Values.certificate.new.renewBefore`.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.renewBefore: 2000h
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.renewBefore
|
||||||
|
value: 2000h
|
||||||
|
|
||||||
|
# spec.secretTemplate
|
||||||
|
- it: Rendering Certificate object with custom `.Values.certificate.new.secretTemplate` values.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.secretTemplate:
|
||||||
|
annotations:
|
||||||
|
foo: bar
|
||||||
|
labels:
|
||||||
|
bar: foo
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.secretTemplate.annotations
|
||||||
|
value:
|
||||||
|
foo: bar
|
||||||
|
- equal:
|
||||||
|
path: spec.secretTemplate.labels
|
||||||
|
value:
|
||||||
|
bar: foo
|
||||||
|
|
||||||
|
# spec.secretTemplate
|
||||||
|
- it: Rendering Certificate object with custom `.Values.certificate.new.subject` values.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.subject.countries: [ "Country" ]
|
||||||
|
certificate.new.subject.localities: [ "City" ]
|
||||||
|
certificate.new.subject.organizationalUnits: [ "IT department" ]
|
||||||
|
certificate.new.subject.organizations: [ "My organization" ]
|
||||||
|
certificate.new.subject.postalCodes: [ "AB12345", "12345AB" ]
|
||||||
|
certificate.new.subject.provinces: [ "Provinces" ]
|
||||||
|
certificate.new.subject.serialNumber: "MyNumber"
|
||||||
|
certificate.new.subject.streetAddresses: [ "ExampleStreet 1", "StreetExample 2" ]
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.subject.countries
|
||||||
|
value: [ "Country" ]
|
||||||
|
- equal:
|
||||||
|
path: spec.subject.localities
|
||||||
|
value: [ "City" ]
|
||||||
|
- equal:
|
||||||
|
path: spec.subject.organizationalUnits
|
||||||
|
value: [ "IT department" ]
|
||||||
|
- equal:
|
||||||
|
path: spec.subject.organizations
|
||||||
|
value: [ "My organization" ]
|
||||||
|
- equal:
|
||||||
|
path: spec.subject.postalCodes
|
||||||
|
value: [ "AB12345", "12345AB" ]
|
||||||
|
- equal:
|
||||||
|
path: spec.subject.provinces
|
||||||
|
value: [ "Provinces" ]
|
||||||
|
- equal:
|
||||||
|
path: spec.subject.serialNumber
|
||||||
|
value: "MyNumber"
|
||||||
|
- equal:
|
||||||
|
path: spec.subject.streetAddresses
|
||||||
|
value: [ "ExampleStreet 1", "StreetExample 2" ]
|
||||||
|
|
||||||
|
# spec.usages
|
||||||
|
- it: Rendering Certificate object with custom `.Values.certificate.new.usages`.
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: my-issuer
|
||||||
|
certificate.new.usages: [ "client auth" ]
|
||||||
|
asserts:
|
||||||
|
- equal:
|
||||||
|
path: spec.usages
|
||||||
|
value: [ "client auth" ]
|
@@ -6,16 +6,24 @@ release:
|
|||||||
name: athens-proxy-unittest
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
templates:
|
templates:
|
||||||
- templates/athens-proxy/configMapDownloadMode.yaml
|
- templates/configMapDownloadMode.yaml
|
||||||
tests:
|
tests:
|
||||||
|
- it: Skip rending by default.
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
- it: Skip rending by using existing config map.
|
- it: Skip rending by using existing config map.
|
||||||
set:
|
set:
|
||||||
|
config.downloadMode.enabled: true
|
||||||
config.downloadMode.existingConfigMap.enabled: true
|
config.downloadMode.existingConfigMap.enabled: true
|
||||||
asserts:
|
asserts:
|
||||||
- hasDocuments:
|
- hasDocuments:
|
||||||
count: 0
|
count: 0
|
||||||
|
|
||||||
- it: Rendering by default.
|
- it: Rendering with default values
|
||||||
|
set:
|
||||||
|
config.downloadMode.enabled: true
|
||||||
asserts:
|
asserts:
|
||||||
- hasDocuments:
|
- hasDocuments:
|
||||||
count: 1
|
count: 1
|
||||||
@@ -37,10 +45,10 @@ tests:
|
|||||||
- equal:
|
- equal:
|
||||||
path: data.downloadMode
|
path: data.downloadMode
|
||||||
value: |
|
value: |
|
||||||
# downloadURL = "https://proxy.golang.org"
|
downloadURL = "https://proxy.golang.org"
|
||||||
#
|
|
||||||
# mode = "async_redirect"
|
mode = "async_redirect"
|
||||||
#
|
|
||||||
# download "github.com/gomods/*" {
|
# download "github.com/gomods/*" {
|
||||||
# mode = "sync"
|
# mode = "sync"
|
||||||
# }
|
# }
|
||||||
@@ -51,11 +59,12 @@ tests:
|
|||||||
#
|
#
|
||||||
# download "github.com/pkg/*" {
|
# download "github.com/pkg/*" {
|
||||||
# mode = "redirect"
|
# mode = "redirect"
|
||||||
# downloadURL = "https://gocenter.io"
|
# downloadURL = "https://proxy.golang.org"
|
||||||
# }
|
# }
|
||||||
|
|
||||||
- it: Rendering custom annotations and labels.
|
- it: Rendering custom annotations and labels.
|
||||||
set:
|
set:
|
||||||
|
config.downloadMode.enabled: true
|
||||||
config.downloadMode.configMap.annotations:
|
config.downloadMode.configMap.annotations:
|
||||||
foo: bar
|
foo: bar
|
||||||
bar: foo
|
bar: foo
|
||||||
@@ -76,6 +85,7 @@ tests:
|
|||||||
|
|
||||||
- it: Rendering custom configuration
|
- it: Rendering custom configuration
|
||||||
set:
|
set:
|
||||||
|
config.downloadMode.enabled: true
|
||||||
config.downloadMode.configMap.content: |
|
config.downloadMode.configMap.content: |
|
||||||
downloadURL = "https://proxy.golang.org"
|
downloadURL = "https://proxy.golang.org"
|
||||||
mode = "async_redirect"
|
mode = "async_redirect"
|
||||||
|
@@ -6,23 +6,31 @@ release:
|
|||||||
name: athens-proxy-unittest
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
templates:
|
templates:
|
||||||
- templates/athens-proxy/configMapGitConfig.yaml
|
- templates/configMapGitConfig.yaml
|
||||||
tests:
|
tests:
|
||||||
|
- it: Skip rending by default.
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
- it: Skip rending by using existing config map.
|
- it: Skip rending by using existing config map.
|
||||||
set:
|
set:
|
||||||
|
config.gitConfig.enabled: true
|
||||||
config.gitConfig.existingConfigMap.enabled: true
|
config.gitConfig.existingConfigMap.enabled: true
|
||||||
asserts:
|
asserts:
|
||||||
- hasDocuments:
|
- hasDocuments:
|
||||||
count: 0
|
count: 0
|
||||||
|
|
||||||
- it: Rendering by default.
|
- it: Rendering by default.
|
||||||
|
set:
|
||||||
|
config.gitConfig.enabled: true
|
||||||
asserts:
|
asserts:
|
||||||
- hasDocuments:
|
- hasDocuments:
|
||||||
count: 1
|
count: 1
|
||||||
- containsDocument:
|
- containsDocument:
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
name: athens-proxy-unittest-git-config
|
name: athens-proxy-unittest-gitconfig
|
||||||
namespace: testing
|
namespace: testing
|
||||||
- notExists:
|
- notExists:
|
||||||
path: metadata.annotations
|
path: metadata.annotations
|
||||||
@@ -46,6 +54,7 @@ tests:
|
|||||||
|
|
||||||
- it: Rendering custom annotations and labels.
|
- it: Rendering custom annotations and labels.
|
||||||
set:
|
set:
|
||||||
|
config.gitConfig.enabled: true
|
||||||
config.gitConfig.configMap.annotations:
|
config.gitConfig.configMap.annotations:
|
||||||
foo: bar
|
foo: bar
|
||||||
bar: foo
|
bar: foo
|
||||||
@@ -66,6 +75,7 @@ tests:
|
|||||||
|
|
||||||
- it: Rendering custom configuration
|
- it: Rendering custom configuration
|
||||||
set:
|
set:
|
||||||
|
config.gitConfig.enabled: true
|
||||||
config.gitConfig.configMap.content: |
|
config.gitConfig.configMap.content: |
|
||||||
[url "git@github.com:"]
|
[url "git@github.com:"]
|
||||||
insteadOf = https://github.com/
|
insteadOf = https://github.com/
|
||||||
|
73
unittests/deployment/certificate.yaml
Normal file
73
unittests/deployment/certificate.yaml
Normal file
@@ -0,0 +1,73 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Deployment template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/configMapDownloadMode.yaml
|
||||||
|
- templates/configMapGitConfig.yaml
|
||||||
|
- templates/deployment.yaml
|
||||||
|
- templates/secretNetRC.yaml
|
||||||
|
- templates/secretSSH.yaml
|
||||||
|
tests:
|
||||||
|
- it: Rendering default without tls config
|
||||||
|
asserts:
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_TLSCERT_FILE
|
||||||
|
value: /etc/athens-proxy/tls/tls.crt
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_TLSKEY_FILE
|
||||||
|
value: /etc/athens-proxy/tls/tls.key
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: tls
|
||||||
|
mountPath: /etc/athens-proxy/tls
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: tls
|
||||||
|
secretRef:
|
||||||
|
name: athens-proxy-unittest-tls
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering with tls config
|
||||||
|
set:
|
||||||
|
certificate.enabled: true
|
||||||
|
certificate.new.issuerRef.kind: ClusterIssuer
|
||||||
|
certificate.new.issuerRef.name: MyIssuer
|
||||||
|
asserts:
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_TLSCERT_FILE
|
||||||
|
value: /etc/athens-proxy/tls/tls.crt
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_TLSKEY_FILE
|
||||||
|
value: /etc/athens-proxy/tls/tls.key
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: tls
|
||||||
|
mountPath: /etc/athens-proxy/tls
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: tls
|
||||||
|
secret:
|
||||||
|
secretName: athens-proxy-unittest-tls
|
||||||
|
template: templates/deployment.yaml
|
@@ -6,22 +6,22 @@ release:
|
|||||||
name: athens-proxy-unittest
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
templates:
|
templates:
|
||||||
- templates/athens-proxy/deployment.yaml
|
- templates/deployment.yaml
|
||||||
tests:
|
tests:
|
||||||
- it: Rendering default
|
- it: Rendering default
|
||||||
asserts:
|
asserts:
|
||||||
- hasDocuments:
|
- hasDocuments:
|
||||||
count: 1
|
count: 1
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- containsDocument:
|
- containsDocument:
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
name: athens-proxy-unittest
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: metadata.annotations
|
path: metadata.annotations
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- equal:
|
- equal:
|
||||||
path: metadata.labels
|
path: metadata.labels
|
||||||
value:
|
value:
|
||||||
@@ -30,11 +30,11 @@ tests:
|
|||||||
app.kubernetes.io/name: athens-proxy
|
app.kubernetes.io/name: athens-proxy
|
||||||
app.kubernetes.io/version: 0.1.0
|
app.kubernetes.io/version: 0.1.0
|
||||||
helm.sh/chart: athens-proxy-0.1.0
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.replicas
|
path: spec.replicas
|
||||||
value: 1
|
value: 1
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.metadata.labels
|
path: spec.template.metadata.labels
|
||||||
value:
|
value:
|
||||||
@@ -43,74 +43,74 @@ tests:
|
|||||||
app.kubernetes.io/name: athens-proxy
|
app.kubernetes.io/name: athens-proxy
|
||||||
app.kubernetes.io/version: 0.1.0
|
app.kubernetes.io/version: 0.1.0
|
||||||
helm.sh/chart: athens-proxy-0.1.0
|
helm.sh/chart: athens-proxy-0.1.0
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.affinity
|
path: spec.template.spec.affinity
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.containers[0].args
|
path: spec.template.spec.containers[0].args
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.containers[0].command
|
path: spec.template.spec.containers[0].command
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.containers[0].envFrom
|
path: spec.template.spec.containers[0].envFrom
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.containers[0].volumeMounts
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.containers[0].image
|
path: spec.template.spec.containers[0].image
|
||||||
value: docker.io/gomods/athens:v0.1.0
|
value: docker.io/gomods/athens:0.1.0
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.containers[0].imagePullPolicy
|
path: spec.template.spec.containers[0].imagePullPolicy
|
||||||
value: IfNotPresent
|
value: IfNotPresent
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.containers[0].resources
|
path: spec.template.spec.containers[0].resources
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.containers[0].securityContext
|
path: spec.template.spec.containers[0].securityContext
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.dnsConfig
|
path: spec.template.spec.dnsConfig
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.dnsPolicy
|
path: spec.template.spec.dnsPolicy
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.hostname
|
path: spec.template.spec.hostname
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.hostNetwork
|
path: spec.template.spec.hostNetwork
|
||||||
value: false
|
value: false
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.imagePullSecrets
|
path: spec.template.spec.imagePullSecrets
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.nodeSelector
|
path: spec.template.spec.nodeSelector
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.priorityClassName
|
path: spec.template.spec.priorityClassName
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.restartPolicy
|
path: spec.template.spec.restartPolicy
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.subdomain
|
path: spec.template.spec.subdomain
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.terminationGracePeriodSeconds
|
path: spec.template.spec.terminationGracePeriodSeconds
|
||||||
value: 60
|
value: 60
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.tolerations
|
path: spec.template.spec.tolerations
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- notExists:
|
- notExists:
|
||||||
path: spec.template.spec.topologySpreadConstraints
|
path: spec.template.spec.topologySpreadConstraints
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.strategy
|
path: spec.strategy
|
||||||
value:
|
value:
|
||||||
@@ -118,7 +118,7 @@ tests:
|
|||||||
rollingUpdate:
|
rollingUpdate:
|
||||||
maxSurge: 1
|
maxSurge: 1
|
||||||
maxUnavailable: 1
|
maxUnavailable: 1
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test custom replicas
|
- it: Test custom replicas
|
||||||
set:
|
set:
|
||||||
@@ -130,7 +130,7 @@ tests:
|
|||||||
- equal:
|
- equal:
|
||||||
path: spec.replicas
|
path: spec.replicas
|
||||||
value: 3
|
value: 3
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test custom affinity
|
- it: Test custom affinity
|
||||||
set:
|
set:
|
||||||
@@ -160,7 +160,7 @@ tests:
|
|||||||
values:
|
values:
|
||||||
- antarctica-east1
|
- antarctica-east1
|
||||||
- antarctica-west1
|
- antarctica-west1
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test additional arguments
|
- it: Test additional arguments
|
||||||
set:
|
set:
|
||||||
@@ -176,7 +176,7 @@ tests:
|
|||||||
value:
|
value:
|
||||||
- --foo=bar
|
- --foo=bar
|
||||||
- --bar=foo
|
- --bar=foo
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test additional command
|
- it: Test additional command
|
||||||
set:
|
set:
|
||||||
@@ -194,7 +194,7 @@ tests:
|
|||||||
- "/bin/sh"
|
- "/bin/sh"
|
||||||
- "-c"
|
- "-c"
|
||||||
- "echo hello"
|
- "echo hello"
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test custom imageRegistry and imageRepository
|
- it: Test custom imageRegistry and imageRepository
|
||||||
set:
|
set:
|
||||||
@@ -206,8 +206,8 @@ tests:
|
|||||||
asserts:
|
asserts:
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.containers[0].image
|
path: spec.template.spec.containers[0].image
|
||||||
value: registry.example.local/path/special/athens-proxy:v0.1.0
|
value: registry.example.local/path/special/athens-proxy:0.1.0
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test custom imagePullPolicy
|
- it: Test custom imagePullPolicy
|
||||||
set:
|
set:
|
||||||
@@ -219,7 +219,7 @@ tests:
|
|||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.containers[0].imagePullPolicy
|
path: spec.template.spec.containers[0].imagePullPolicy
|
||||||
value: Always
|
value: Always
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test custom resource limits and requests
|
- it: Test custom resource limits and requests
|
||||||
set:
|
set:
|
||||||
@@ -242,7 +242,7 @@ tests:
|
|||||||
resourceFieldRef:
|
resourceFieldRef:
|
||||||
divisor: "1"
|
divisor: "1"
|
||||||
resource: limits.cpu
|
resource: limits.cpu
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.containers[0].resources
|
path: spec.template.spec.containers[0].resources
|
||||||
value:
|
value:
|
||||||
@@ -252,7 +252,7 @@ tests:
|
|||||||
requests:
|
requests:
|
||||||
cpu: 25m
|
cpu: 25m
|
||||||
memory: 100MB
|
memory: 100MB
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test custom securityContext
|
- it: Test custom securityContext
|
||||||
set:
|
set:
|
||||||
@@ -282,7 +282,7 @@ tests:
|
|||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
runAsUser: 1000
|
runAsUser: 1000
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test dnsConfig
|
- it: Test dnsConfig
|
||||||
set:
|
set:
|
||||||
@@ -300,7 +300,7 @@ tests:
|
|||||||
nameservers:
|
nameservers:
|
||||||
- "8.8.8.8"
|
- "8.8.8.8"
|
||||||
- "8.8.4.4"
|
- "8.8.4.4"
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test dnsPolicy
|
- it: Test dnsPolicy
|
||||||
set:
|
set:
|
||||||
@@ -312,7 +312,7 @@ tests:
|
|||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.dnsPolicy
|
path: spec.template.spec.dnsPolicy
|
||||||
value: ClusterFirst
|
value: ClusterFirst
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test hostNetwork, hostname, subdomain
|
- it: Test hostNetwork, hostname, subdomain
|
||||||
set:
|
set:
|
||||||
@@ -326,15 +326,15 @@ tests:
|
|||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.hostNetwork
|
path: spec.template.spec.hostNetwork
|
||||||
value: true
|
value: true
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.hostname
|
path: spec.template.spec.hostname
|
||||||
value: pg-exporter
|
value: pg-exporter
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.subdomain
|
path: spec.template.spec.subdomain
|
||||||
value: exporters.internal
|
value: exporters.internal
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test imagePullSecrets
|
- it: Test imagePullSecrets
|
||||||
set:
|
set:
|
||||||
@@ -350,7 +350,7 @@ tests:
|
|||||||
value:
|
value:
|
||||||
- name: my-pull-secret
|
- name: my-pull-secret
|
||||||
- name: my-special-secret
|
- name: my-special-secret
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test nodeSelector
|
- it: Test nodeSelector
|
||||||
set:
|
set:
|
||||||
@@ -364,7 +364,7 @@ tests:
|
|||||||
path: spec.template.spec.nodeSelector
|
path: spec.template.spec.nodeSelector
|
||||||
value:
|
value:
|
||||||
foo: bar
|
foo: bar
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test priorityClassName
|
- it: Test priorityClassName
|
||||||
set:
|
set:
|
||||||
@@ -376,7 +376,7 @@ tests:
|
|||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.priorityClassName
|
path: spec.template.spec.priorityClassName
|
||||||
value: my-priority
|
value: my-priority
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test restartPolicy
|
- it: Test restartPolicy
|
||||||
set:
|
set:
|
||||||
@@ -388,7 +388,7 @@ tests:
|
|||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.restartPolicy
|
path: spec.template.spec.restartPolicy
|
||||||
value: Always
|
value: Always
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test terminationGracePeriodSeconds
|
- it: Test terminationGracePeriodSeconds
|
||||||
set:
|
set:
|
||||||
@@ -400,7 +400,7 @@ tests:
|
|||||||
- equal:
|
- equal:
|
||||||
path: spec.template.spec.terminationGracePeriodSeconds
|
path: spec.template.spec.terminationGracePeriodSeconds
|
||||||
value: 120
|
value: 120
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test tolerations
|
- it: Test tolerations
|
||||||
set:
|
set:
|
||||||
@@ -420,7 +420,7 @@ tests:
|
|||||||
operator: Equal
|
operator: Equal
|
||||||
value: postgres
|
value: postgres
|
||||||
effect: NoSchedule
|
effect: NoSchedule
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test topologySpreadConstraints
|
- it: Test topologySpreadConstraints
|
||||||
set:
|
set:
|
||||||
@@ -442,7 +442,7 @@ tests:
|
|||||||
labelSelector:
|
labelSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/instance: athens-proxy
|
app.kubernetes.io/instance: athens-proxy
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test additional volumeMounts and volumes
|
- it: Test additional volumeMounts and volumes
|
||||||
set:
|
set:
|
||||||
@@ -462,5 +462,11 @@ tests:
|
|||||||
value:
|
value:
|
||||||
- name: data
|
- name: data
|
||||||
mountPath: /usr/lib/athens-proxy/data
|
mountPath: /usr/lib/athens-proxy/data
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
- equal:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
value:
|
||||||
|
- name: data
|
||||||
|
hostPath:
|
||||||
|
path: /usr/lib/athens-proxy/data
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
105
unittests/deployment/downloadMode.yaml
Normal file
105
unittests/deployment/downloadMode.yaml
Normal file
@@ -0,0 +1,105 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Deployment template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/configMapDownloadMode.yaml
|
||||||
|
- templates/configMapGitConfig.yaml
|
||||||
|
- templates/deployment.yaml
|
||||||
|
- templates/secretNetRC.yaml
|
||||||
|
- templates/secretSSH.yaml
|
||||||
|
tests:
|
||||||
|
- it: Rendering default without mounted download mode config map
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_DOWNLOAD_MODE
|
||||||
|
value: file:/etc/athens/config/download-mode.d/download-mode
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: download-mode
|
||||||
|
mountPath: /etc/athens/config/download-mode.d
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: download-mode
|
||||||
|
configMap:
|
||||||
|
name: athens-proxy-unittest-download-mode-file
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering default with mounted gitconfig configMap
|
||||||
|
set:
|
||||||
|
config.downloadMode.enabled: true
|
||||||
|
persistence.enabled: true
|
||||||
|
asserts:
|
||||||
|
- exists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_DOWNLOAD_MODE
|
||||||
|
value: file:/etc/athens/config/download-mode.d/download-mode
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: download-mode
|
||||||
|
mountPath: /etc/athens/config/download-mode.d
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: download-mode
|
||||||
|
configMap:
|
||||||
|
items:
|
||||||
|
- key: downloadMode
|
||||||
|
mode: 0644
|
||||||
|
path: download-mode
|
||||||
|
name: athens-proxy-unittest-download-mode-file
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering with custom download mode configMap
|
||||||
|
set:
|
||||||
|
config.downloadMode.enabled: true
|
||||||
|
config.downloadMode.existingConfigMap.enabled: true
|
||||||
|
config.downloadMode.existingConfigMap.configMapName: "my-custom-configmap"
|
||||||
|
config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key"
|
||||||
|
persistence.enabled: true
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].env
|
||||||
|
content:
|
||||||
|
name: ATHENS_DOWNLOAD_MODE
|
||||||
|
value: file:/etc/athens/config/download-mode.d/download-mode
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: download-mode
|
||||||
|
mountPath: /etc/athens/config/download-mode.d
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: download-mode
|
||||||
|
configMap:
|
||||||
|
items:
|
||||||
|
- key: "my-custom-download-mode-filename-key"
|
||||||
|
path: "download-mode"
|
||||||
|
mode: 0644
|
||||||
|
name: my-custom-configmap
|
||||||
|
template: templates/deployment.yaml
|
51
unittests/deployment/env.yaml
Normal file
51
unittests/deployment/env.yaml
Normal file
@@ -0,0 +1,51 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Deployment template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/deployment.yaml
|
||||||
|
- templates/secretEnv.yaml
|
||||||
|
tests:
|
||||||
|
- it: Rendering default without mounted env secret
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].envFrom
|
||||||
|
content:
|
||||||
|
secretRef:
|
||||||
|
name: athens-proxy-unittest-env
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering default with mounted env secret
|
||||||
|
set:
|
||||||
|
config.env.enabled: true
|
||||||
|
asserts:
|
||||||
|
- exists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].envFrom
|
||||||
|
content:
|
||||||
|
secretRef:
|
||||||
|
name: athens-proxy-unittest-env
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering default with mounted env secret
|
||||||
|
set:
|
||||||
|
config.env.enabled: true
|
||||||
|
config.env.existingSecret.enabled: true
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].envFrom
|
||||||
|
content:
|
||||||
|
secretRef:
|
||||||
|
name: athens-proxy-unittest-env
|
||||||
|
template: templates/deployment.yaml
|
@@ -6,16 +6,24 @@ release:
|
|||||||
name: athens-proxy-unittest
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
templates:
|
templates:
|
||||||
- templates/athens-proxy/deployment.yaml
|
- templates/configMapDownloadMode.yaml
|
||||||
|
- templates/configMapGitConfig.yaml
|
||||||
|
- templates/deployment.yaml
|
||||||
|
- templates/secretNetRC.yaml
|
||||||
|
- templates/secretSSH.yaml
|
||||||
tests:
|
tests:
|
||||||
- it: Rendering default without mounted git config map
|
- it: Rendering default without mounted git config map
|
||||||
asserts:
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
- notContains:
|
- notContains:
|
||||||
path: spec.template.spec.containers[0].volumeMounts
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
content:
|
content:
|
||||||
name: secrets
|
name: secrets
|
||||||
mountPath: /root/.gitconfig
|
mountPath: /root/.gitconfig
|
||||||
subPath: .gitconfig
|
subPath: .gitconfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
- notContains:
|
- notContains:
|
||||||
path: spec.template.spec.volumes
|
path: spec.template.spec.volumes
|
||||||
content:
|
content:
|
||||||
@@ -28,18 +36,23 @@ tests:
|
|||||||
path: .gitconfig
|
path: .gitconfig
|
||||||
mode: 0600
|
mode: 0600
|
||||||
name: athens-proxy-unittest-gitconfig
|
name: athens-proxy-unittest-gitconfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Rendering default with mounted gitconfig configMap
|
- it: Rendering default with mounted gitconfig configMap
|
||||||
set:
|
set:
|
||||||
config.gitConfig.enabled: true
|
config.gitConfig.enabled: true
|
||||||
persistence.enabled: true
|
persistence.enabled: true
|
||||||
asserts:
|
asserts:
|
||||||
|
- exists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
- contains:
|
- contains:
|
||||||
path: spec.template.spec.containers[0].volumeMounts
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
content:
|
content:
|
||||||
name: secrets
|
name: secrets
|
||||||
mountPath: /root/.gitconfig
|
mountPath: /root/.gitconfig
|
||||||
subPath: .gitconfig
|
subPath: .gitconfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
- contains:
|
- contains:
|
||||||
path: spec.template.spec.volumes
|
path: spec.template.spec.volumes
|
||||||
content:
|
content:
|
||||||
@@ -52,6 +65,7 @@ tests:
|
|||||||
path: .gitconfig
|
path: .gitconfig
|
||||||
mode: 0644
|
mode: 0644
|
||||||
name: athens-proxy-unittest-gitconfig
|
name: athens-proxy-unittest-gitconfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Rendering with custom gitconfig configMap
|
- it: Rendering with custom gitconfig configMap
|
||||||
set:
|
set:
|
||||||
@@ -61,12 +75,16 @@ tests:
|
|||||||
config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key"
|
config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key"
|
||||||
persistence.enabled: true
|
persistence.enabled: true
|
||||||
asserts:
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
- contains:
|
- contains:
|
||||||
path: spec.template.spec.containers[0].volumeMounts
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
content:
|
content:
|
||||||
name: secrets
|
name: secrets
|
||||||
mountPath: /root/.gitconfig
|
mountPath: /root/.gitconfig
|
||||||
subPath: .gitconfig
|
subPath: .gitconfig
|
||||||
|
template: templates/deployment.yaml
|
||||||
- contains:
|
- contains:
|
||||||
path: spec.template.spec.volumes
|
path: spec.template.spec.volumes
|
||||||
content:
|
content:
|
||||||
@@ -79,3 +97,4 @@ tests:
|
|||||||
path: .gitconfig
|
path: .gitconfig
|
||||||
mode: 0644
|
mode: 0644
|
||||||
name: my-custom-configmap
|
name: my-custom-configmap
|
||||||
|
template: templates/deployment.yaml
|
@@ -6,15 +6,23 @@ release:
|
|||||||
name: athens-proxy-unittest
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
templates:
|
templates:
|
||||||
- templates/athens-proxy/deployment.yaml
|
- templates/configMapDownloadMode.yaml
|
||||||
|
- templates/configMapGitConfig.yaml
|
||||||
|
- templates/deployment.yaml
|
||||||
|
- templates/secretNetRC.yaml
|
||||||
|
- templates/secretSSH.yaml
|
||||||
tests:
|
tests:
|
||||||
- it: Rendering default without mounted netrc secret
|
- it: Rendering default without mounted netrc secret
|
||||||
asserts:
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
|
||||||
|
template: templates/deployment.yaml
|
||||||
- notContains:
|
- notContains:
|
||||||
path: spec.template.spec.containers[0].volumeMounts
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
content:
|
content:
|
||||||
name: netrc
|
name: netrc
|
||||||
mountPath: /root
|
mountPath: /root
|
||||||
|
template: templates/deployment.yaml
|
||||||
- notContains:
|
- notContains:
|
||||||
path: spec.template.spec.volumes
|
path: spec.template.spec.volumes
|
||||||
content:
|
content:
|
||||||
@@ -27,18 +35,23 @@ tests:
|
|||||||
path: .netrc
|
path: .netrc
|
||||||
mode: 0600
|
mode: 0600
|
||||||
name: athens-proxy-unittest-netrc
|
name: athens-proxy-unittest-netrc
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Rendering default with mounted netrc secret
|
- it: Rendering default with mounted netrc secret
|
||||||
set:
|
set:
|
||||||
config.netrc.enabled: true
|
config.netrc.enabled: true
|
||||||
persistence.enabled: true
|
persistence.enabled: true
|
||||||
asserts:
|
asserts:
|
||||||
|
- exists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
|
||||||
|
template: templates/deployment.yaml
|
||||||
- contains:
|
- contains:
|
||||||
path: spec.template.spec.containers[0].volumeMounts
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
content:
|
content:
|
||||||
name: secrets
|
name: secrets
|
||||||
mountPath: /root/.netrc
|
mountPath: /root/.netrc
|
||||||
subPath: .netrc
|
subPath: .netrc
|
||||||
|
template: templates/deployment.yaml
|
||||||
- contains:
|
- contains:
|
||||||
path: spec.template.spec.volumes
|
path: spec.template.spec.volumes
|
||||||
content:
|
content:
|
||||||
@@ -51,6 +64,7 @@ tests:
|
|||||||
path: .netrc
|
path: .netrc
|
||||||
mode: 0600
|
mode: 0600
|
||||||
name: athens-proxy-unittest-netrc
|
name: athens-proxy-unittest-netrc
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Rendering with custom netrc secret
|
- it: Rendering with custom netrc secret
|
||||||
set:
|
set:
|
||||||
@@ -60,12 +74,16 @@ tests:
|
|||||||
config.netrc.existingSecret.netrcKey: "my-netrc-key"
|
config.netrc.existingSecret.netrcKey: "my-netrc-key"
|
||||||
persistence.enabled: true
|
persistence.enabled: true
|
||||||
asserts:
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netc
|
||||||
|
template: templates/deployment.yaml
|
||||||
- contains:
|
- contains:
|
||||||
path: spec.template.spec.containers[0].volumeMounts
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
content:
|
content:
|
||||||
name: secrets
|
name: secrets
|
||||||
mountPath: /root/.netrc
|
mountPath: /root/.netrc
|
||||||
subPath: .netrc
|
subPath: .netrc
|
||||||
|
template: templates/deployment.yaml
|
||||||
- contains:
|
- contains:
|
||||||
path: spec.template.spec.volumes
|
path: spec.template.spec.volumes
|
||||||
content:
|
content:
|
||||||
@@ -78,3 +96,4 @@ tests:
|
|||||||
path: .netrc
|
path: .netrc
|
||||||
mode: 0600
|
mode: 0600
|
||||||
name: my-custom-secret
|
name: my-custom-secret
|
||||||
|
template: templates/deployment.yaml
|
@@ -6,7 +6,11 @@ release:
|
|||||||
name: athens-proxy-unittest
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
templates:
|
templates:
|
||||||
- templates/athens-proxy/deployment.yaml
|
- templates/configMapDownloadMode.yaml
|
||||||
|
- templates/configMapGitConfig.yaml
|
||||||
|
- templates/deployment.yaml
|
||||||
|
- templates/secretNetRC.yaml
|
||||||
|
- templates/secretSSH.yaml
|
||||||
tests:
|
tests:
|
||||||
- it: Test persistent volume claim
|
- it: Test persistent volume claim
|
||||||
set:
|
set:
|
||||||
@@ -17,26 +21,26 @@ tests:
|
|||||||
content:
|
content:
|
||||||
name: ATHENS_STORAGE_TYPE
|
name: ATHENS_STORAGE_TYPE
|
||||||
value: disk
|
value: disk
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- contains:
|
- contains:
|
||||||
path: spec.template.spec.containers[0].env
|
path: spec.template.spec.containers[0].env
|
||||||
content:
|
content:
|
||||||
name: ATHENS_DISK_STORAGE_ROOT
|
name: ATHENS_DISK_STORAGE_ROOT
|
||||||
value: /var/www/athens-proxy/data
|
value: /var/www/athens-proxy/data
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- contains:
|
- contains:
|
||||||
path: spec.template.spec.containers[0].volumeMounts
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
content:
|
content:
|
||||||
name: data
|
name: data
|
||||||
mountPath: /var/www/athens-proxy/data
|
mountPath: /var/www/athens-proxy/data
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- contains:
|
- contains:
|
||||||
path: spec.template.spec.volumes
|
path: spec.template.spec.volumes
|
||||||
content:
|
content:
|
||||||
name: data
|
name: data
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: athens-proxy-unittest-data
|
claimName: athens-proxy-unittest-data
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
- it: Test existing persistent volume claim
|
- it: Test existing persistent volume claim
|
||||||
set:
|
set:
|
||||||
@@ -51,23 +55,23 @@ tests:
|
|||||||
content:
|
content:
|
||||||
name: ATHENS_STORAGE_TYPE
|
name: ATHENS_STORAGE_TYPE
|
||||||
value: disk
|
value: disk
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- contains:
|
- contains:
|
||||||
path: spec.template.spec.containers[0].env
|
path: spec.template.spec.containers[0].env
|
||||||
content:
|
content:
|
||||||
name: ATHENS_DISK_STORAGE_ROOT
|
name: ATHENS_DISK_STORAGE_ROOT
|
||||||
value: /mnt/go-proxy/data
|
value: /mnt/go-proxy/data
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- contains:
|
- contains:
|
||||||
path: spec.template.spec.containers[0].volumeMounts
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
content:
|
content:
|
||||||
name: data
|
name: data
|
||||||
mountPath: /mnt/go-proxy/data
|
mountPath: /mnt/go-proxy/data
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
||||||
- contains:
|
- contains:
|
||||||
path: spec.template.spec.volumes
|
path: spec.template.spec.volumes
|
||||||
content:
|
content:
|
||||||
name: data
|
name: data
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: my-special-pvc
|
claimName: my-special-pvc
|
||||||
template: templates/athens-proxy/deployment.yaml
|
template: templates/deployment.yaml
|
254
unittests/deployment/ssh.yaml
Normal file
254
unittests/deployment/ssh.yaml
Normal file
@@ -0,0 +1,254 @@
|
|||||||
|
chart:
|
||||||
|
appVersion: 0.1.0
|
||||||
|
version: 0.1.0
|
||||||
|
suite: Deployment template
|
||||||
|
release:
|
||||||
|
name: athens-proxy-unittest
|
||||||
|
namespace: testing
|
||||||
|
templates:
|
||||||
|
- templates/configMapDownloadMode.yaml
|
||||||
|
- templates/configMapGitConfig.yaml
|
||||||
|
- templates/deployment.yaml
|
||||||
|
- templates/secretNetRC.yaml
|
||||||
|
- templates/secretSSH.yaml
|
||||||
|
tests:
|
||||||
|
- it: Rendering default without mounted ssh secret
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/config
|
||||||
|
subPath: config
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_ed25519
|
||||||
|
subPath: id_ed25519
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_ed25519.pub
|
||||||
|
subPath: id_ed25519.pub
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_rsa
|
||||||
|
subPath: id_rsa
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_rsa.pub
|
||||||
|
subPath: id_rsa.pub
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- notContains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
items:
|
||||||
|
- key: config
|
||||||
|
path: config
|
||||||
|
mode: 0644
|
||||||
|
- key: id_ed25519
|
||||||
|
path: id_ed25519
|
||||||
|
mode: 0600
|
||||||
|
- key: id_ed25519.pub
|
||||||
|
path: id_ed25519.pub
|
||||||
|
mode: 0644
|
||||||
|
- key: id_rsa
|
||||||
|
path: id_rsa
|
||||||
|
mode: 0600
|
||||||
|
- key: id_rsa.pub
|
||||||
|
path: id_rsa.pub
|
||||||
|
mode: 0644
|
||||||
|
name: athens-proxy-unittest-ssh
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering default with mounted ssh config
|
||||||
|
set:
|
||||||
|
config.ssh.enabled: true
|
||||||
|
persistence.enabled: true
|
||||||
|
asserts:
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/config
|
||||||
|
subPath: config
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
items:
|
||||||
|
- key: config
|
||||||
|
path: config
|
||||||
|
mode: 0600
|
||||||
|
name: athens-proxy-unittest-ssh
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering default with mounted ssh keys
|
||||||
|
set:
|
||||||
|
config.ssh.enabled: true
|
||||||
|
config.ssh.secret.id_ed25519: foo
|
||||||
|
config.ssh.secret.id_ed25519_pub: bar
|
||||||
|
config.ssh.secret.id_rsa: foo
|
||||||
|
config.ssh.secret.id_rsa_pub: bar
|
||||||
|
persistence.enabled: true
|
||||||
|
asserts:
|
||||||
|
- exists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/config
|
||||||
|
subPath: config
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_ed25519
|
||||||
|
subPath: id_ed25519
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_ed25519.pub
|
||||||
|
subPath: id_ed25519.pub
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_rsa
|
||||||
|
subPath: id_rsa
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_rsa.pub
|
||||||
|
subPath: id_rsa.pub
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
items:
|
||||||
|
- key: config
|
||||||
|
path: config
|
||||||
|
mode: 0600
|
||||||
|
- key: id_ed25519
|
||||||
|
path: id_ed25519
|
||||||
|
mode: 0600
|
||||||
|
- key: id_ed25519.pub
|
||||||
|
path: id_ed25519.pub
|
||||||
|
mode: 0644
|
||||||
|
- key: id_rsa
|
||||||
|
path: id_rsa
|
||||||
|
mode: 0600
|
||||||
|
- key: id_rsa.pub
|
||||||
|
path: id_rsa.pub
|
||||||
|
mode: 0644
|
||||||
|
name: athens-proxy-unittest-ssh
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
|
||||||
|
- it: Rendering with custom ssh secret
|
||||||
|
set:
|
||||||
|
config.ssh.enabled: true
|
||||||
|
config.ssh.existingSecret.enabled: true
|
||||||
|
config.ssh.existingSecret.secretName: "my-custom-secret"
|
||||||
|
config.ssh.existingSecret.configKey : "my-config-key"
|
||||||
|
config.ssh.existingSecret.id_ed25519Key : "my-private-ed25519-key"
|
||||||
|
config.ssh.existingSecret.id_ed25519PubKey : "my-public-ed25519-key"
|
||||||
|
config.ssh.existingSecret.id_rsaKey : "my-private-rsa-key"
|
||||||
|
config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key"
|
||||||
|
persistence.enabled: true
|
||||||
|
asserts:
|
||||||
|
- notExists:
|
||||||
|
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/config
|
||||||
|
subPath: config
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_ed25519
|
||||||
|
subPath: id_ed25519
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_ed25519.pub
|
||||||
|
subPath: id_ed25519.pub
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_rsa
|
||||||
|
subPath: id_rsa
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.containers[0].volumeMounts
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
mountPath: /root/.ssh/id_rsa.pub
|
||||||
|
subPath: id_rsa.pub
|
||||||
|
template: templates/deployment.yaml
|
||||||
|
- contains:
|
||||||
|
path: spec.template.spec.volumes
|
||||||
|
content:
|
||||||
|
name: secrets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
items:
|
||||||
|
- key: my-config-key
|
||||||
|
path: config
|
||||||
|
mode: 0600
|
||||||
|
- key: my-private-ed25519-key
|
||||||
|
path: id_ed25519
|
||||||
|
mode: 0600
|
||||||
|
- key: my-public-ed25519-key
|
||||||
|
path: id_ed25519.pub
|
||||||
|
mode: 0644
|
||||||
|
- key: my-private-rsa-key
|
||||||
|
path: id_rsa
|
||||||
|
mode: 0600
|
||||||
|
- key: my-public-rsa-key
|
||||||
|
path: id_rsa.pub
|
||||||
|
mode: 0644
|
||||||
|
name: my-custom-secret
|
||||||
|
template: templates/deployment.yaml
|
@@ -6,7 +6,7 @@ release:
|
|||||||
name: athens-proxy-unittest
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
templates:
|
templates:
|
||||||
- templates/athens-proxy/hpa.yaml
|
- templates/hpa.yaml
|
||||||
tests:
|
tests:
|
||||||
- it: Skip rendering by default.
|
- it: Skip rendering by default.
|
||||||
asserts:
|
asserts:
|
||||||
|
@@ -6,7 +6,7 @@ release:
|
|||||||
name: athens-proxy-unittest
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
templates:
|
templates:
|
||||||
- templates/athens-proxy/ingress.yaml
|
- templates/ingress.yaml
|
||||||
tests:
|
tests:
|
||||||
- it: Skip ingress by default.
|
- it: Skip ingress by default.
|
||||||
asserts:
|
asserts:
|
||||||
|
@@ -1,49 +1,30 @@
|
|||||||
chart:
|
chart:
|
||||||
appVersion: 0.1.0
|
appVersion: 0.1.0
|
||||||
version: 0.1.0
|
version: 0.1.0
|
||||||
suite: NetworkPolicies template
|
suite: NetworkPolicy template
|
||||||
release:
|
release:
|
||||||
name: athens-proxy-unittest
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
templates:
|
templates:
|
||||||
- templates/athens-proxy/networkPolicies.yaml
|
- templates/networkPolicy.yaml
|
||||||
tests:
|
tests:
|
||||||
- it: Skip networkPolicies in general disabled.
|
- it: Skip rendering networkPolicy
|
||||||
set:
|
set:
|
||||||
networkPolicies.enabled: false
|
networkPolicy.enabled: false
|
||||||
asserts:
|
asserts:
|
||||||
- hasDocuments:
|
- hasDocuments:
|
||||||
count: 0
|
count: 0
|
||||||
|
|
||||||
- it: Skip networkPolicy 'default' when disabled.
|
- it: Render default networkPolicy
|
||||||
set:
|
set:
|
||||||
networkPolicies.enabled: true
|
networkPolicy.enabled: true
|
||||||
networkPolicies.default.enabled: false
|
|
||||||
asserts:
|
asserts:
|
||||||
- hasDocuments:
|
- hasDocuments:
|
||||||
count: 0
|
count: 1
|
||||||
|
|
||||||
- it: Loop over networkPolicies
|
|
||||||
set:
|
|
||||||
networkPolicies.enabled: true
|
|
||||||
networkPolicies.default.enabled: false
|
|
||||||
networkPolicies.nginx.enabled: true
|
|
||||||
networkPolicies.prometheus.enabled: true
|
|
||||||
asserts:
|
|
||||||
- hasDocuments:
|
|
||||||
count: 2
|
|
||||||
|
|
||||||
- it: Template networkPolicy 'default' without policyTypes, egress and ingress configuration
|
|
||||||
set:
|
|
||||||
networkPolicies.enabled: true
|
|
||||||
networkPolicies.default.enabled: true
|
|
||||||
asserts:
|
|
||||||
- hasDocuments:
|
|
||||||
count: 1
|
|
||||||
- containsDocument:
|
- containsDocument:
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: NetworkPolicy
|
kind: NetworkPolicy
|
||||||
name: athens-proxy-unittest-default
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
- notExists:
|
- notExists:
|
||||||
path: metadata.annotations
|
path: metadata.annotations
|
||||||
@@ -67,29 +48,28 @@ tests:
|
|||||||
- notExists:
|
- notExists:
|
||||||
path: spec.ingress
|
path: spec.ingress
|
||||||
|
|
||||||
- it: Template networkPolicy 'default' with policyTypes, egress and ingress configuration
|
- it: Template networkPolicy with policyTypes, egress and ingress configuration
|
||||||
set:
|
set:
|
||||||
networkPolicies.enabled: true
|
networkPolicy.enabled: true
|
||||||
networkPolicies.default.enabled: true
|
networkPolicy.policyTypes:
|
||||||
networkPolicies.default.policyTypes:
|
|
||||||
- Egress
|
- Egress
|
||||||
- Ingress
|
- Ingress
|
||||||
networkPolicies.default.ingress:
|
networkPolicy.ingress:
|
||||||
- from:
|
- from:
|
||||||
- namespaceSelector:
|
- namespaceSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
kubernetes.io/metadata.name: khv-production
|
kubernetes.io/metadata.name: monitoring
|
||||||
podSelector:
|
podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: prometheus
|
app.kubernetes.io/name: prometheus
|
||||||
networkPolicies.default.egress:
|
networkPolicy.egress:
|
||||||
- to:
|
- to:
|
||||||
- namespaceSelector:
|
- namespaceSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
kubernetes.io/metadata.name: database
|
kubernetes.io/metadata.name: ingress-nginx
|
||||||
podSelector:
|
podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: oracle
|
app.kubernetes.io/name: ingress-nginx
|
||||||
asserts:
|
asserts:
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.policyTypes
|
path: spec.policyTypes
|
||||||
@@ -102,17 +82,17 @@ tests:
|
|||||||
- to:
|
- to:
|
||||||
- namespaceSelector:
|
- namespaceSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
kubernetes.io/metadata.name: database
|
kubernetes.io/metadata.name: ingress-nginx
|
||||||
podSelector:
|
podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: oracle
|
app.kubernetes.io/name: ingress-nginx
|
||||||
- equal:
|
- equal:
|
||||||
path: spec.ingress
|
path: spec.ingress
|
||||||
value:
|
value:
|
||||||
- from:
|
- from:
|
||||||
- namespaceSelector:
|
- namespaceSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
kubernetes.io/metadata.name: khv-production
|
kubernetes.io/metadata.name: monitoring
|
||||||
podSelector:
|
podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: prometheus
|
app.kubernetes.io/name: prometheus
|
@@ -6,7 +6,7 @@ release:
|
|||||||
name: athens-proxy-unittest
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
templates:
|
templates:
|
||||||
- templates/athens-proxy/persistentVolumeClaim.yaml
|
- templates/persistentVolumeClaim.yaml
|
||||||
tests:
|
tests:
|
||||||
- it: Rendering default
|
- it: Rendering default
|
||||||
asserts:
|
asserts:
|
||||||
|
@@ -6,16 +6,24 @@ release:
|
|||||||
name: athens-proxy-unittest
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
templates:
|
templates:
|
||||||
- templates/athens-proxy/secretEnv.yaml
|
- templates/secretEnv.yaml
|
||||||
tests:
|
tests:
|
||||||
|
- it: Skip rendering by default
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
- it: Skip rendering by using existing secret.
|
- it: Skip rendering by using existing secret.
|
||||||
set:
|
set:
|
||||||
|
config.env.enabled: true
|
||||||
config.env.existingSecret.enabled: true
|
config.env.existingSecret.enabled: true
|
||||||
asserts:
|
asserts:
|
||||||
- hasDocuments:
|
- hasDocuments:
|
||||||
count: 0
|
count: 0
|
||||||
|
|
||||||
- it: Rendering env secret with default values.
|
- it: Rendering env secret with default values.
|
||||||
|
set:
|
||||||
|
config.env.enabled: true
|
||||||
asserts:
|
asserts:
|
||||||
- hasDocuments:
|
- hasDocuments:
|
||||||
count: 1
|
count: 1
|
||||||
@@ -39,6 +47,7 @@ tests:
|
|||||||
|
|
||||||
- it: Rendering env secret with custom values.
|
- it: Rendering env secret with custom values.
|
||||||
set:
|
set:
|
||||||
|
config.env.enabled: true
|
||||||
config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token
|
config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token
|
||||||
asserts:
|
asserts:
|
||||||
- isSubset:
|
- isSubset:
|
||||||
@@ -48,6 +57,7 @@ tests:
|
|||||||
|
|
||||||
- it: Rendering custom annotations and labels.
|
- it: Rendering custom annotations and labels.
|
||||||
set:
|
set:
|
||||||
|
config.env.enabled: true
|
||||||
config.env.secret.annotations:
|
config.env.secret.annotations:
|
||||||
foo: bar
|
foo: bar
|
||||||
bar: foo
|
bar: foo
|
||||||
|
@@ -6,7 +6,7 @@ release:
|
|||||||
name: athens-proxy-unittest
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
templates:
|
templates:
|
||||||
- templates/athens-proxy/secretNetRC.yaml
|
- templates/secretNetRC.yaml
|
||||||
tests:
|
tests:
|
||||||
- it: Skip rendering by default
|
- it: Skip rendering by default
|
||||||
asserts:
|
asserts:
|
||||||
|
@@ -6,16 +6,24 @@ release:
|
|||||||
name: athens-proxy-unittest
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
templates:
|
templates:
|
||||||
- templates/athens-proxy/secretSSH.yaml
|
- templates/secretSSH.yaml
|
||||||
tests:
|
tests:
|
||||||
|
- it: Skip rending by default.
|
||||||
|
asserts:
|
||||||
|
- hasDocuments:
|
||||||
|
count: 0
|
||||||
|
|
||||||
- it: Skip rendering by using existing secret.
|
- it: Skip rendering by using existing secret.
|
||||||
set:
|
set:
|
||||||
|
config.ssh.enabled: true
|
||||||
config.ssh.existingSecret.enabled: true
|
config.ssh.existingSecret.enabled: true
|
||||||
asserts:
|
asserts:
|
||||||
- hasDocuments:
|
- hasDocuments:
|
||||||
count: 0
|
count: 0
|
||||||
|
|
||||||
- it: Rendering ssh secret with default values.
|
- it: Rendering ssh secret with default values.
|
||||||
|
set:
|
||||||
|
config.ssh.enabled: true
|
||||||
asserts:
|
asserts:
|
||||||
- hasDocuments:
|
- hasDocuments:
|
||||||
count: 1
|
count: 1
|
||||||
@@ -51,6 +59,7 @@ tests:
|
|||||||
|
|
||||||
- it: Rendering ssh secret with custom values.
|
- it: Rendering ssh secret with custom values.
|
||||||
set:
|
set:
|
||||||
|
config.ssh.enabled: true
|
||||||
config.ssh.secret.config: |
|
config.ssh.secret.config: |
|
||||||
Host *
|
Host *
|
||||||
IdentityFile ~/.ssh/id_ed25519
|
IdentityFile ~/.ssh/id_ed25519
|
||||||
@@ -90,6 +99,7 @@ tests:
|
|||||||
|
|
||||||
- it: Rendering custom annotations and labels.
|
- it: Rendering custom annotations and labels.
|
||||||
set:
|
set:
|
||||||
|
config.ssh.enabled: true
|
||||||
config.ssh.secret.annotations:
|
config.ssh.secret.annotations:
|
||||||
foo: bar
|
foo: bar
|
||||||
bar: foo
|
bar: foo
|
||||||
|
@@ -6,7 +6,7 @@ release:
|
|||||||
name: athens-proxy-unittest
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
templates:
|
templates:
|
||||||
- templates/athens-proxy/serviceAccount.yaml
|
- templates/serviceAccount.yaml
|
||||||
tests:
|
tests:
|
||||||
- it: Skip rendering.
|
- it: Skip rendering.
|
||||||
set:
|
set:
|
||||||
|
@@ -6,7 +6,7 @@ release:
|
|||||||
name: athens-proxy-unittest
|
name: athens-proxy-unittest
|
||||||
namespace: testing
|
namespace: testing
|
||||||
templates:
|
templates:
|
||||||
- templates/athens-proxy/serviceHTTP.yaml
|
- templates/serviceHTTP.yaml
|
||||||
tests:
|
tests:
|
||||||
- it: Skip service when disabled.
|
- it: Skip service when disabled.
|
||||||
set:
|
set:
|
||||||
|
284
values.yaml
284
values.yaml
@@ -5,9 +5,83 @@
|
|||||||
nameOverride: ""
|
nameOverride: ""
|
||||||
fullnameOverride: ""
|
fullnameOverride: ""
|
||||||
|
|
||||||
|
## @section Certificate
|
||||||
|
certificate:
|
||||||
|
## @param certificate.enabled Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added.
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
## @param certificate.existingSecret.enabled Use an existing secret of the type `kubernetes.io/tls`.
|
||||||
|
## @param certificate.existingSecret.secretName Name of the secret containing the TLS certificate and private key.
|
||||||
|
existingSecret:
|
||||||
|
enabled: false
|
||||||
|
secretName: ""
|
||||||
|
|
||||||
|
## @param certificate.new.annotations Additional certificate annotations.
|
||||||
|
## @param certificate.new.labels Additional certificate labels.
|
||||||
|
## @param certificate.new.duration Duration of the TLS certificate.
|
||||||
|
## @param certificate.new.renewBefore Renew TLS certificate before expiring.
|
||||||
|
## @param certificate.new.dnsNames Overwrites the default of the subject alternative DNS names.
|
||||||
|
## @param certificate.new.ipAddresses Overwrites the default of the subject alternative IP addresses.
|
||||||
|
## @param certificate.new.issuerRef.kind Issuer kind. Can be `Issuer` or `ClusterIssuer`.
|
||||||
|
## @param certificate.new.issuerRef.name Name of the `Issuer` or `ClusterIssuer`.
|
||||||
|
## @param certificate.new.privateKey.algorithm Algorithm of the private TLS key.
|
||||||
|
## @param certificate.new.privateKey.rotationPolicy Rotation of the private TLS key.
|
||||||
|
## @param certificate.new.privateKey.size Size of the private TLS key.
|
||||||
|
## @param certificate.new.secretTemplate.annotations Additional annotation of the created secret.
|
||||||
|
## @param certificate.new.secretTemplate.labels Additional labels of the created secret.
|
||||||
|
## @param certificate.new.subject.countries List of countries.
|
||||||
|
## @param certificate.new.subject.localities List of localities.
|
||||||
|
## @param certificate.new.subject.organizationalUnits List of organizationalUnits.
|
||||||
|
## @param certificate.new.subject.organizations List of organizations.
|
||||||
|
## @param certificate.new.subject.postalCodes List of postalCodes.
|
||||||
|
## @param certificate.new.subject.provinces List of provinces.
|
||||||
|
## @param certificate.new.subject.serialNumber Serial number.
|
||||||
|
## @param certificate.new.subject.streetAddresses List of streetAddresses.
|
||||||
|
## @param certificate.new.usages Define the usage of the TLS key.
|
||||||
|
new:
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
duration: "744h" # 31 days
|
||||||
|
renewBefore: "672h" # 28 days
|
||||||
|
dnsNames: []
|
||||||
|
# The following DNS names are already part of the SAN's and serves only as example.
|
||||||
|
# - "athens-proxy"
|
||||||
|
# - "athens-proxy.svc"
|
||||||
|
# - "athens-proxy.svc.namespace"
|
||||||
|
# - "athens-proxy.svc.namespace.cluster.local"
|
||||||
|
ipAddresses: []
|
||||||
|
# The following IP addresses serves only as example.
|
||||||
|
# - "10.92.1.10"
|
||||||
|
# - "2001:0db8:85a3:08d3:1319:8a2e:0370:7344"
|
||||||
|
issuerRef:
|
||||||
|
kind: ""
|
||||||
|
name: ""
|
||||||
|
privateKey:
|
||||||
|
algorithm: "RSA"
|
||||||
|
rotationPolicy: "Never"
|
||||||
|
size: 4096
|
||||||
|
secretTemplate:
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
subject:
|
||||||
|
countries: []
|
||||||
|
localities: []
|
||||||
|
organizationalUnits: []
|
||||||
|
organizations: []
|
||||||
|
postalCodes: []
|
||||||
|
provinces: []
|
||||||
|
serialNumber: ""
|
||||||
|
streetAddresses: []
|
||||||
|
usages:
|
||||||
|
- "client auth"
|
||||||
|
- "server auth"
|
||||||
|
|
||||||
## @section Configuration
|
## @section Configuration
|
||||||
config:
|
config:
|
||||||
env:
|
env:
|
||||||
|
## @param config.env.enabled Enable mounting of the secret as environment variables.
|
||||||
|
enabled: false
|
||||||
|
|
||||||
## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables.
|
## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables.
|
||||||
## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables.
|
## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables.
|
||||||
existingSecret:
|
existingSecret:
|
||||||
@@ -25,7 +99,6 @@ config:
|
|||||||
# ATHENS_AZURE_ACCOUNT_NAME:
|
# ATHENS_AZURE_ACCOUNT_NAME:
|
||||||
# ATHENS_AZURE_CONTAINER_NAME:
|
# ATHENS_AZURE_CONTAINER_NAME:
|
||||||
# ATHENS_CLOUD_RUNTIME:
|
# ATHENS_CLOUD_RUNTIME:
|
||||||
# ATHENS_DOWNLOAD_MODE:
|
|
||||||
# ATHENS_DOWNLOAD_URL:
|
# ATHENS_DOWNLOAD_URL:
|
||||||
# ATHENS_ETCD_ENDPOINTS:
|
# ATHENS_ETCD_ENDPOINTS:
|
||||||
# ATHENS_EXTERNAL_STORAGE_URL:
|
# ATHENS_EXTERNAL_STORAGE_URL:
|
||||||
@@ -76,8 +149,6 @@ config:
|
|||||||
# ATHENS_STORAGE_GCP_JSON_KEY:
|
# ATHENS_STORAGE_GCP_JSON_KEY:
|
||||||
# ATHENS_SUM_DBS:
|
# ATHENS_SUM_DBS:
|
||||||
# ATHENS_TIMEOUT:
|
# ATHENS_TIMEOUT:
|
||||||
# ATHENS_TLSCERT_FILE:
|
|
||||||
# ATHENS_TLSKEY_FILE:
|
|
||||||
# ATHENS_TRACE_EXPORTER_URL:
|
# ATHENS_TRACE_EXPORTER_URL:
|
||||||
# ATHENS_TRACE_EXPORTER:
|
# ATHENS_TRACE_EXPORTER:
|
||||||
# AWS_ACCESS_KEY_ID:
|
# AWS_ACCESS_KEY_ID:
|
||||||
@@ -96,23 +167,28 @@ config:
|
|||||||
# PROXY_FORCE_SSL:
|
# PROXY_FORCE_SSL:
|
||||||
|
|
||||||
downloadMode:
|
downloadMode:
|
||||||
## @param config.downloadMode.existingConfigMap.enabled TODO:
|
## @param config.downloadMode.enabled Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined.
|
||||||
## @param config.downloadMode.existingConfigMap.secretName TODO:
|
enabled: false
|
||||||
|
|
||||||
|
## @param config.downloadMode.existingConfigMap.enabled Enable to use an external config map for mounting the download mode file.
|
||||||
|
## @param config.downloadMode.existingConfigMap.configMapName The name of the existing config map which should be used to mount the download mode file.
|
||||||
|
## @param config.downloadMode.existingConfigMap.downloadModeKey The name of the key inside the config map where the content of the download mode file is stored.
|
||||||
existingConfigMap:
|
existingConfigMap:
|
||||||
enabled: false
|
enabled: false
|
||||||
secretName: ""
|
configMapName: ""
|
||||||
|
downloadModeKey: "downloadMode"
|
||||||
|
|
||||||
## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file.
|
## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file.
|
||||||
## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file.
|
## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file.
|
||||||
## @param config.downloadMode.configMap.content Additional labels of the config map containing the download mode file.
|
## @skip config.downloadMode.configMap.content The content of the download mode file.
|
||||||
configMap:
|
configMap:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
labels: {}
|
labels: {}
|
||||||
content: |
|
content: |
|
||||||
# downloadURL = "https://proxy.golang.org"
|
downloadURL = "https://proxy.golang.org"
|
||||||
#
|
|
||||||
# mode = "async_redirect"
|
mode = "async_redirect"
|
||||||
#
|
|
||||||
# download "github.com/gomods/*" {
|
# download "github.com/gomods/*" {
|
||||||
# mode = "sync"
|
# mode = "sync"
|
||||||
# }
|
# }
|
||||||
@@ -123,7 +199,7 @@ config:
|
|||||||
#
|
#
|
||||||
# download "github.com/pkg/*" {
|
# download "github.com/pkg/*" {
|
||||||
# mode = "redirect"
|
# mode = "redirect"
|
||||||
# downloadURL = "https://gocenter.io"
|
# downloadURL = "https://proxy.golang.org"
|
||||||
# }
|
# }
|
||||||
|
|
||||||
gitConfig:
|
gitConfig:
|
||||||
@@ -138,9 +214,9 @@ config:
|
|||||||
configMapName: ""
|
configMapName: ""
|
||||||
gitConfigKey:
|
gitConfigKey:
|
||||||
|
|
||||||
## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the download mode file.
|
## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the .gitconfig file.
|
||||||
## @param config.gitConfig.configMap.labels Additional labels of the config map containing the download mode file.
|
## @param config.gitConfig.configMap.labels Additional labels of the config map containing the .gitconfig file.
|
||||||
## @param config.gitConfig.configMap.content The content of the .gitconfig file.
|
## @skip config.gitConfig.configMap.content The content of the .gitconfig file.
|
||||||
configMap:
|
configMap:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
labels: {}
|
labels: {}
|
||||||
@@ -166,7 +242,7 @@ config:
|
|||||||
|
|
||||||
## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials.
|
## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials.
|
||||||
## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials.
|
## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials.
|
||||||
## @param config.netrc.secret.content The content of the .netrc file.
|
## @skip config.netrc.secret.content The content of the .netrc file.
|
||||||
secret:
|
secret:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
labels: {}
|
labels: {}
|
||||||
@@ -185,18 +261,32 @@ config:
|
|||||||
# machine api.github.com [octocat] password [PAT]
|
# machine api.github.com [octocat] password [PAT]
|
||||||
|
|
||||||
ssh:
|
ssh:
|
||||||
## @param config.ssh.existingSecret.enabled TODO:.
|
## @param config.ssh.enabled Enable mounting of a .netrc file into the container file system.
|
||||||
## @param config.ssh.existingSecret.secretName TODO:
|
enabled: false
|
||||||
|
|
||||||
|
## @param config.ssh.existingSecret.enabled Enable to use an external secret for mounting the public and private SSH key files.
|
||||||
|
## @param config.ssh.existingSecret.secretName The name of the existing secret which should be used to mount the public and private SSH key files.
|
||||||
|
## @param config.ssh.existingSecret.configKey The name of the key inside the secret where the content of the SSH client config file is stored.
|
||||||
|
## @param config.ssh.existingSecret.id_ed25519Key The name of the key inside the secret where the content of the id_ed25519 key file is stored.
|
||||||
|
## @param config.ssh.existingSecret.id_ed25519PubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.
|
||||||
|
## @param config.ssh.existingSecret.id_rsaKey The name of the key inside the secret where the content of the id_rsa key file is stored.
|
||||||
|
## @param config.ssh.existingSecret.id_rsaPubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.
|
||||||
existingSecret:
|
existingSecret:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
secretName: ""
|
||||||
|
configKey: "config"
|
||||||
|
id_ed25519Key: "id_ed25519"
|
||||||
|
id_ed25519PubKey: "id_ed25519.pub"
|
||||||
|
id_rsaKey: "id_rsa"
|
||||||
|
id_rsaPubKey: "id_rsa.pub"
|
||||||
|
|
||||||
## @param config.ssh.secret.annotations Additional annotations of the secret containing the database credentials.
|
## @param config.ssh.secret.annotations Additional annotations of the secret containing the public and private SSH key files.
|
||||||
## @param config.ssh.secret.labels Additional labels of the secret containing the database credentials.
|
## @param config.ssh.secret.labels Additional labels of the secret containing the public and private SSH key files.
|
||||||
## @param config.ssh.secret.files TODO:
|
## @skip config.ssh.secret.config The content of the SSH client config file.
|
||||||
## @skip config.ssh.secret.id_ed25519 TODO:
|
## @skip config.ssh.secret.id_ed25519 The content of the private SSH ed25519 key.
|
||||||
## @skip config.ssh.secret.id_ed25519_pub TODO:
|
## @skip config.ssh.secret.id_ed25519_pub The content of the public SSH ed25519 key.
|
||||||
## @skip config.ssh.secret.id_rsa TODO:
|
## @skip config.ssh.secret.id_rsa The content of the private SSH RSA key.
|
||||||
## @skip config.ssh.secret.id_rsa_pub TODO:
|
## @skip config.ssh.secret.id_rsa_pub The content of the public SSH RSA key.
|
||||||
secret:
|
secret:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
labels: {}
|
labels: {}
|
||||||
@@ -383,9 +473,9 @@ deployment:
|
|||||||
# whenUnsatisfiable: DoNotSchedule
|
# whenUnsatisfiable: DoNotSchedule
|
||||||
# labelSelector:
|
# labelSelector:
|
||||||
# matchLabels:
|
# matchLabels:
|
||||||
# app.kubernetes.io/instance: prometheus-athens-proxy
|
# app.kubernetes.io/instance: athens-proxy
|
||||||
|
|
||||||
## @param deployment.volumes Additional volumes to mount into the pods of the prometheus-exporter deployment.
|
## @param deployment.volumes Additional volumes to mount into the pods of the athens-proxy deployment.
|
||||||
volumes: []
|
volumes: []
|
||||||
# - name: my-configmap-volume
|
# - name: my-configmap-volume
|
||||||
# config:
|
# config:
|
||||||
@@ -460,89 +550,93 @@ persistence:
|
|||||||
## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`.
|
## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`.
|
||||||
mountPath: "/var/www/athens-proxy/data"
|
mountPath: "/var/www/athens-proxy/data"
|
||||||
|
|
||||||
|
## @param persistence.data.existingPersistentVolumeClaim.enabled TODO
|
||||||
|
## @param persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName TODO
|
||||||
existingPersistentVolumeClaim:
|
existingPersistentVolumeClaim:
|
||||||
enabled: false
|
enabled: false
|
||||||
persistentVolumeClaimName: ""
|
persistentVolumeClaimName: ""
|
||||||
|
|
||||||
|
## @param persistence.data.persistentVolumeClaim.annotations Additional persistent volume claim annotations.
|
||||||
|
## @param persistence.data.persistentVolumeClaim.labels Additional persistent volume claim labels.
|
||||||
|
## @param persistence.data.persistentVolumeClaim.accessModes Access modes of the persistent volume claim.
|
||||||
|
## @param persistence.data.persistentVolumeClaim.storageClassName Storage class of the persistent volume claim.
|
||||||
|
## @param persistence.data.persistentVolumeClaim.storageSize Size of the persistent volume claim.
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
labels: {}
|
labels: {}
|
||||||
accessModes:
|
accessModes:
|
||||||
- ReadWriteMany
|
- ReadWriteMany
|
||||||
storageClass: ""
|
storageClassName: ""
|
||||||
storageSize: "5Gi"
|
storageSize: "5Gi"
|
||||||
|
|
||||||
## @section NetworkPolicies
|
## @section Network
|
||||||
## @param networkPolicies.enabled Enable network policies in general.
|
## @param clusterDomain Domain of the Cluster. Domain is part of internally issued certificates.
|
||||||
networkPolicies:
|
clusterDomain: "cluster.local"
|
||||||
|
|
||||||
|
## @section Network Policy
|
||||||
|
networkPolicy:
|
||||||
|
## @param networkPolicy.enabled Enable network policies in general.
|
||||||
|
## @param networkPolicy.annotations Additional network policy annotations.
|
||||||
|
## @param networkPolicy.labels Additional network policy labels.
|
||||||
|
## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
|
||||||
|
## @param networkPolicy.egress Concrete egress network policy implementation.
|
||||||
|
## @skip networkPolicy.egress Skip individual egress configuration.
|
||||||
|
## @param networkPolicy.ingress Concrete ingress network policy implementation.
|
||||||
|
## @skip networkPolicy.ingress Skip individual ingress configuration.
|
||||||
enabled: false
|
enabled: false
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
policyTypes: []
|
||||||
|
# - Egress
|
||||||
|
# - Ingress
|
||||||
|
egress: []
|
||||||
|
# Allow outgoing HTTPS traffic to external go module servers
|
||||||
|
#
|
||||||
|
# - ports:
|
||||||
|
# - port: 443
|
||||||
|
# protocol: TCP
|
||||||
|
|
||||||
## @param networkPolicies.default.enabled Enable the network policy for accessing the application by default. For example to scape the metrics.
|
# Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
|
||||||
## @param networkPolicies.default.annotations Additional network policy annotations.
|
#
|
||||||
## @param networkPolicies.default.labels Additional network policy labels.
|
# - to:
|
||||||
## @param networkPolicies.default.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
|
# - namespaceSelector:
|
||||||
## @param networkPolicies.default.egress Concrete egress network policy implementation.
|
# matchLabels:
|
||||||
## @skip networkPolicies.default.egress Skip individual egress configuration.
|
# kubernetes.io/metadata.name: kube-system
|
||||||
## @param networkPolicies.default.ingress Concrete ingress network policy implementation.
|
# podSelector:
|
||||||
## @skip networkPolicies.default.ingress Skip individual ingress configuration.
|
# matchLabels:
|
||||||
default:
|
# k8s-app: kube-dns
|
||||||
enabled: false
|
# ports:
|
||||||
annotations: {}
|
# - port: 53
|
||||||
labels: {}
|
# protocol: TCP
|
||||||
policyTypes: []
|
# - port: 53
|
||||||
# - Egress
|
# protocol: UDP
|
||||||
# - Ingress
|
|
||||||
egress: []
|
|
||||||
# Allow outgoing traffic to database host
|
|
||||||
#
|
|
||||||
# - to:
|
|
||||||
# - ipBlock:
|
|
||||||
# cidr: 192.168.179.1/32
|
|
||||||
# ports:
|
|
||||||
# - port: 5432
|
|
||||||
# protocol: TCP
|
|
||||||
|
|
||||||
# Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
|
ingress: []
|
||||||
#
|
# Allow incoming HTTP traffic from prometheus.
|
||||||
# - to:
|
#
|
||||||
# - namespaceSelector:
|
# - from:
|
||||||
# matchLabels:
|
# - namespaceSelector:
|
||||||
# kubernetes.io/metadata.name: kube-system
|
# matchLabels:
|
||||||
# podSelector:
|
# kubernetes.io/metadata.name: monitoring
|
||||||
# matchLabels:
|
# podSelector:
|
||||||
# k8s-app: kube-dns
|
# matchLabels:
|
||||||
# ports:
|
# app.kubernetes.io/name: prometheus
|
||||||
# - port: 53
|
# ports:
|
||||||
# protocol: TCP
|
# - port: http
|
||||||
# - port: 53
|
# protocol: TCP
|
||||||
# protocol: UDP
|
|
||||||
|
|
||||||
ingress: []
|
# Allow incoming HTTP traffic from ingress-nginx.
|
||||||
# Allow incoming HTTP traffic from prometheus.
|
#
|
||||||
#
|
# - from:
|
||||||
# - from:
|
# - namespaceSelector:
|
||||||
# - namespaceSelector:
|
# matchLabels:
|
||||||
# matchLabels:
|
# kubernetes.io/metadata.name: ingress-nginx
|
||||||
# kubernetes.io/metadata.name: monitoring
|
# podSelector:
|
||||||
# podSelector:
|
# matchLabels:
|
||||||
# matchLabels:
|
# app.kubernetes.io/name: ingress-nginx
|
||||||
# app.kubernetes.io/name: prometheus
|
# ports:
|
||||||
# ports:
|
# - port: http
|
||||||
# - port: http
|
# protocol: TCP
|
||||||
# protocol: TCP
|
|
||||||
|
|
||||||
# Allow incoming HTTP traffic from ingress-nginx.
|
|
||||||
#
|
|
||||||
# - from:
|
|
||||||
# - namespaceSelector:
|
|
||||||
# matchLabels:
|
|
||||||
# kubernetes.io/metadata.name: ingress-nginx
|
|
||||||
# podSelector:
|
|
||||||
# matchLabels:
|
|
||||||
# app.kubernetes.io/name: ingress-nginx
|
|
||||||
# ports:
|
|
||||||
# - port: http
|
|
||||||
# protocol: TCP
|
|
||||||
|
|
||||||
## @section Service
|
## @section Service
|
||||||
## @param services.http.enabled Enable the service.
|
## @param services.http.enabled Enable the service.
|
||||||
|
Reference in New Issue
Block a user