You've already forked athens-proxy-charts
							
							Compare commits
	
		
			27 Commits
		
	
	
		
			5b9fa88dd6
			...
			1.1.0
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 4102fc9014 | |||
| be923ed95f | |||
| f07ff039ce | |||
| a11be194cc | |||
| 7908de9313 | |||
| adfe40a9c7 | |||
| eadbcf243b | |||
| 0caa188bb1 | |||
| 3bce806ed6 | |||
| 5c09cf8c79 | |||
| d4b5c0c86f | |||
| 74598b4ee0 | |||
| b06c1962cc | |||
| 991c545c93 | |||
| 7c60c70244 | |||
| 0e048cdf4b | |||
| 89604cbe64 | |||
| f63450aec4 | |||
| d1e5accccb | |||
| fbd846784c | |||
| bab5282617 | |||
| 307660c767 | |||
| 59b43aac79 | |||
| 85a38e7d22 | |||
| 2005fb8e05 | |||
| 5f78a0f071 | |||
| c157c8c210 | 
| @@ -46,18 +46,7 @@ jobs: | |||||||
|           CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} |           CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} | ||||||
|           CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }} |           CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }} | ||||||
|           CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }} |           CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }} | ||||||
|  |  | ||||||
|           GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} |  | ||||||
|           GITEA_SERVER_URL: ${{ github.server_url }} |  | ||||||
|         run: | |         run: | | ||||||
|           PACKAGE_VERSION=${GITHUB_REF#refs/tags/} |  | ||||||
|           REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2) |  | ||||||
|           REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1) |  | ||||||
|  |  | ||||||
|           helm dependency build |  | ||||||
|           helm package --version "${PACKAGE_VERSION}" ./ |  | ||||||
|  |  | ||||||
|           # chart-museum |  | ||||||
|           helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY} |           helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY} | ||||||
|           helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum |           helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum | ||||||
|           helm repo remove chartmuseum |           helm repo remove chartmuseum | ||||||
|   | |||||||
							
								
								
									
										8
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										8
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
								
							| @@ -1,8 +0,0 @@ | |||||||
| { |  | ||||||
|   "yaml.schemas": { |  | ||||||
|     "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [ |  | ||||||
|       "/unittests/**/*.yaml" |  | ||||||
|     ] |  | ||||||
|   }, |  | ||||||
|   "yaml.schemaStore.enable": true |  | ||||||
| } |  | ||||||
| @@ -3,7 +3,7 @@ annotations: | |||||||
|     - name: Athens proxy (binary) |     - name: Athens proxy (binary) | ||||||
|       url: https://github.com/gomods/athens |       url: https://github.com/gomods/athens | ||||||
|     - name: support |     - name: support | ||||||
|       url: https://git.cryptic.systems/volker.raschek/athens-proxy/issues |       url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues | ||||||
| apiVersion: v2 | apiVersion: v2 | ||||||
| name: athens-proxy | name: athens-proxy | ||||||
| description: Athens proxy server for golang | description: Athens proxy server for golang | ||||||
| @@ -19,10 +19,6 @@ keywords: | |||||||
| - go-proxy | - go-proxy | ||||||
|  |  | ||||||
| sources: | sources: | ||||||
| - https://github.com/volker-raschek/athens-proxy-charts | - https://git.cryptic.systems/volker.raschek/athens-proxy-charts | ||||||
| - https://github.com/gomods/athens | - https://github.com/gomods/athens | ||||||
| - https://hub.docker.com/r/gomods/athens | - https://hub.docker.com/r/gomods/athens | ||||||
|  |  | ||||||
| maintainers: |  | ||||||
| - name: Markus Pesch |  | ||||||
|   email: markus.pesch+apps@cryptic.systems |  | ||||||
|   | |||||||
							
								
								
									
										2
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										2
									
								
								Makefile
									
									
									
									
									
								
							| @@ -4,7 +4,7 @@ CONTAINER_RUNTIME?=$(shell which podman) | |||||||
| # HELM_IMAGE | # HELM_IMAGE | ||||||
| HELM_IMAGE_REGISTRY_HOST?=docker.io | HELM_IMAGE_REGISTRY_HOST?=docker.io | ||||||
| HELM_IMAGE_REPOSITORY?=volkerraschek/helm | HELM_IMAGE_REPOSITORY?=volkerraschek/helm | ||||||
| HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm | HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm | ||||||
| HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION} | HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION} | ||||||
|  |  | ||||||
| # NODE_IMAGE | # NODE_IMAGE | ||||||
|   | |||||||
							
								
								
									
										466
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										466
									
								
								README.md
									
									
									
									
									
								
							| @@ -2,167 +2,373 @@ | |||||||
|  |  | ||||||
| [](https://artifacthub.io/packages/search?repo=volker-raschek) | [](https://artifacthub.io/packages/search?repo=volker-raschek) | ||||||
|  |  | ||||||
| This is an inofficial helm chart of the go-proxy | > [!NOTE] | ||||||
| [athens](https://github.com/gomods/athens) which supports more complex | > This is not the official helm chart of Athens Go Proxy. If you are looking for the official helm chart, checkout the | ||||||
| configuration options. | > GitHub project [gomods/athens-charts](https://github.com/gomods/athens-charts). | ||||||
|  |  | ||||||
| This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and | This helm chart enables the deployment of [Athens Go Proxy](https://github.com/gomods/athens), a module datastore and | ||||||
| can be installed via helm. | proxy for Golang. | ||||||
|  |  | ||||||
|  | The helm chart supports the individual configuration of additional containers/initContainers, mounting of volumes, | ||||||
|  | defining additional environment variables and much more. | ||||||
|  |  | ||||||
|  | Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure | ||||||
|  | helm and use it to deploy the exporter. It also contains further configuration examples. | ||||||
|  |  | ||||||
|  | Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this | ||||||
|  | helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the | ||||||
|  | *[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)* | ||||||
|  | concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a | ||||||
|  | separate [chapter](#argocd). | ||||||
|  |  | ||||||
|  | ## Helm: configuration and installation | ||||||
|  |  | ||||||
|  | 1. A helm chart repository must be configured, to pull the helm charts from. | ||||||
|  | 2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm | ||||||
|  |    `--set` flag or directly as part of a `values.yaml` file. The following example defines the repository and use the | ||||||
|  |    `--set` flag for a basic deployment. | ||||||
|  |  | ||||||
| ```bash | ```bash | ||||||
| helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek | helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek | ||||||
|  | helm repo update | ||||||
| helm install athens-proxy volker.raschek/athens-proxy | helm install athens-proxy volker.raschek/athens-proxy | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ## Customization | Instead of passing all parameters via the *set* flag, it is also possible to define them as part of the `values.yaml`. | ||||||
|  | The following command downloads the `values.yaml` for a specific version of this chart. Please keep in mind, that the | ||||||
|  | version of the chart must be in sync with the `values.yaml`. Newer *minor* versions can have new features. New *major* | ||||||
|  | versions can break something! | ||||||
|  |  | ||||||
| The complete deployment can be adapted via the `values.yaml` files. The | ```bash | ||||||
| configuration of the proxy can be done via the environment variables described | CHART_VERSION=1.0.3 | ||||||
| below or via mounting the config.toml as additional persistent volume to | helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml | ||||||
| `/config/config.toml` |  | ||||||
|  |  | ||||||
| ## Access private repositories via SSH |  | ||||||
|  |  | ||||||
| Create a `configmap.yaml` with multiple keys. One key describe the content of |  | ||||||
| the `.gitconfig` file and another of `config` of the ssh client. All requests |  | ||||||
| Git clone comands with the prefix `http://github.com/` will be replaced by |  | ||||||
| `git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a |  | ||||||
| separate secret. |  | ||||||
|  |  | ||||||
| ```yaml |  | ||||||
| apiVersion: v1 |  | ||||||
| kind: ConfigMap |  | ||||||
| metadata: |  | ||||||
|   name: custom-configs |  | ||||||
| data: |  | ||||||
|   sshconfig: | |  | ||||||
|     Host github.com |  | ||||||
|       IdentityFile /root/.ssh/id_ed25519 |  | ||||||
|       StrictHostKeyChecking no |  | ||||||
|   gitconfig: | |  | ||||||
|     [url "git@github.com:"] |  | ||||||
|       insteadOf = https://github.com/ |  | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| The secret definition below contains the SSH private and public key. | A complete list of available helm chart versions can be displayed via the following command: | ||||||
|  |  | ||||||
| ```yaml | ```bash | ||||||
| apiVersion: v1 | helm search repo reposilite --versions | ||||||
| kind: Secret |  | ||||||
| metadata: |  | ||||||
|   name: custom-ssh-keys |  | ||||||
| type: Opaque |  | ||||||
| stringData: |  | ||||||
|   id_ed25519: | |  | ||||||
|     -----BEGIN OPENSSH PRIVATE KEY----- |  | ||||||
|     b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW |  | ||||||
|     QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj |  | ||||||
|     XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg |  | ||||||
|     AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M |  | ||||||
|     a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ== |  | ||||||
|     -----END OPENSSH PRIVATE KEY----- |  | ||||||
|   id_ed25519.pub: | |  | ||||||
|     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe |  | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| The item `config` of the configmap will be merged with the items of the secret | The helm chart also contains a persistent volume claim definition. It persistent volume claim is not enabled by default. | ||||||
| as virtual volume. This volume can than be mounted with special permissions | Use the `--set` argument to persist your data. | ||||||
| required for the ssh client. |  | ||||||
|  |  | ||||||
| ```yaml | ```bash | ||||||
| extraVolumes: | CHART_VERSION=1.0.3 | ||||||
| - name: ssh | helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||||
|   projected: |   persistence.enabled=true | ||||||
|     defaultMode: 0644 |  | ||||||
|     sources: |  | ||||||
|     - configMap: |  | ||||||
|         name: custom-configs |  | ||||||
|         items: |  | ||||||
|         - key: sshconfig |  | ||||||
|           path: config |  | ||||||
|     - secret: |  | ||||||
|         name: custom-ssh-keys |  | ||||||
|         items: |  | ||||||
|         - key: id_ed25519 |  | ||||||
|           path: id_ed25519 |  | ||||||
|           mode: 0600 |  | ||||||
|         - key: id_ed25519.pub |  | ||||||
|           path: id_ed25519.pub |  | ||||||
| - name: gitconfig |  | ||||||
|   configMap: |  | ||||||
|     name: custom-configs |  | ||||||
|     items: |  | ||||||
|     - key: gitconfig |  | ||||||
|       path: config |  | ||||||
|       mode: 0644 |  | ||||||
|  |  | ||||||
| extraVolumeMounts: |  | ||||||
| - name: ssh |  | ||||||
|   mountPath: /root/.ssh |  | ||||||
| - name: gitconfig |  | ||||||
|   mountPath: /root/.config/git |  | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ## Access private GitHub.com repositories via developer token | ### Examples | ||||||
|  |  | ||||||
| Another way to access private GitHub repositories is via a GitHub token, which | The following examples serve as individual configurations and as inspiration for how deployment problems can be solved. | ||||||
| can be set via the environment variable `GITHUB_TOKEN`. Athens automatically |  | ||||||
| creates a `.netrc` file to access private GitHub repositories. |  | ||||||
|  |  | ||||||
| ## Access private repositories via .netrc configuration | #### Avoid CPU throttling by defining a CPU limit | ||||||
|  |  | ||||||
| As describe above, a `.netrc` file is responsible for the authentication via | If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the | ||||||
| HTTP. The file can also be defined via a custom secret and mounted into the home | application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but | ||||||
| directory of `root` for general authentication purpose. | cannot use the available CPU time to perform computing operations. | ||||||
|  |  | ||||||
| The example below describe the definition and mounting of a custom `.netrc` file | The application must be informed that despite several CPUs only a part (limit) of the available computing time is | ||||||
| to access private repositories hosted on GitHub and GitLab. | available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way | ||||||
|  | of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS | ||||||
|  | rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling. | ||||||
|  |  | ||||||
| ```yaml | Further information about this topic can be found in one of Kanishk's blog | ||||||
| apiVersion: v1 | [posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/). | ||||||
| kind: Secret |  | ||||||
| metadata: | > [!NOTE] | ||||||
|   name: custom-netrc | > The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is | ||||||
| type: Opaque | > not anymore required. | ||||||
| stringData: | > | ||||||
|   netrc: | | > Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully. | ||||||
|     machine github.com login USERNAME password API-KEY |  | ||||||
|     machine gitlab.com login USERNAME password API-KEY | ```bash | ||||||
|  | CHART_VERSION=1.0.3 | ||||||
|  | helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||||
|  |   --set 'deployment.athensProxy.env.name=GOMAXPROCS' \ | ||||||
|  |   --set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \ | ||||||
|  |   --set 'deployment.athensProxy.resources.limits.cpu=1000m' | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| The file must then be mounted via extraVolumes and extraVolumeMounts. | #### Network policies | ||||||
|  |  | ||||||
|  | Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom | ||||||
|  | network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`. | ||||||
|  |  | ||||||
|  | The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming | ||||||
|  | traffic from an ingress controller. Additionally two egress rules are defined. The first one to allow the application | ||||||
|  | outgoing access to the internal running DNS server `core-dns`. The second rule to be able to access the upstream Go | ||||||
|  | proxy `https://proxy.golang.org` via HTTPS. | ||||||
|  |  | ||||||
|  | > [!IMPORTANT] | ||||||
|  | > Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For | ||||||
|  | > this reason, there is are not default network policy rules defined. | ||||||
|  |  | ||||||
| ```yaml | ```yaml | ||||||
| extraVolumes: | networkPolicies: | ||||||
| - name: netrc |   enabled: true | ||||||
|   secret: |   annotations: {} | ||||||
|     secretName: custom-netrc |   labels: {} | ||||||
|     items: |   policyTypes: | ||||||
|     - key: netrc |   - Egress | ||||||
|       path: .netrc |   - Ingress | ||||||
|       mode: 0600 |   egress: | ||||||
|  |   - to: | ||||||
|  |     - namespaceSelector: | ||||||
|  |         matchLabels: | ||||||
|  |           kubernetes.io/metadata.name: kube-system | ||||||
|  |       podSelector: | ||||||
|  |         matchLabels: | ||||||
|  |           k8s-app: kube-dns | ||||||
|  |     ports: | ||||||
|  |     - port: 53 | ||||||
|  |       protocol: TCP | ||||||
|  |     - port: 53 | ||||||
|  |       protocol: UDP | ||||||
|  |   - ports: | ||||||
|  |     - port: 443 | ||||||
|  |       protocol: TCP | ||||||
|  |  | ||||||
| extraVolumeMounts: |   ingress: | ||||||
| - name: netrc |   - from: | ||||||
|   mountPath: /root |     - namespaceSelector: | ||||||
|  |         matchLabels: | ||||||
|  |           kubernetes.io/metadata.name: ingress-nginx | ||||||
|  |       podSelector: | ||||||
|  |         matchLabels: | ||||||
|  |           app.kubernetes.io/name: ingress-nginx | ||||||
|  |     ports: | ||||||
|  |     - port: http | ||||||
|  |       protocol: TCP | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ## Persistent storage | ## ArgoCD | ||||||
|  |  | ||||||
| Unlike the athens default, the default here is `disk` - i.e. the files are | ### Daily execution of rolling updates | ||||||
| written to the container. Therefore, it is advisable to outsource the |  | ||||||
| corresponding storage location to persistent storage. The following example |  | ||||||
| describes the integration of a persistent storage claim. |  | ||||||
|  |  | ||||||
| ```yaml | The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in | ||||||
| extraVolumes: | connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll | ||||||
| - name: gomodules | Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments). | ||||||
|   persistentVolumeClaim: |  | ||||||
|     claimName: custom-gomodules-pvc |  | ||||||
|  |  | ||||||
| extraVolumeMounts: | The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the | ||||||
| - name: gomodules | content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version, | ||||||
|   mountPath: /var/lib/athens | Helm render order, different timestamps). | ||||||
|  |  | ||||||
|  | This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this | ||||||
|  | can lead to unnecessary notifications from ArgoCD. | ||||||
|  |  | ||||||
|  | To avoid this, the annotation with the shasum must be ignored. Below is a diff that adds the `Application` to ignore all | ||||||
|  | annotations with the prefix `checksum`. | ||||||
|  |  | ||||||
|  | ```diff | ||||||
|  |   apiVersion: argoproj.io/v1alpha1 | ||||||
|  |   kind: Application | ||||||
|  |   spec: | ||||||
|  | +   ignoreDifferences: | ||||||
|  | +   - group: apps/v1 | ||||||
|  | +     kind: Deployment | ||||||
|  | +     jqPathExpressions: | ||||||
|  | +     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))' | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ## Parameters | ## Parameters | ||||||
|  |  | ||||||
|  | ### Global | ||||||
|  |  | ||||||
|  | | Name               | Description                               | Value | | ||||||
|  | | ------------------ | ----------------------------------------- | ----- | | ||||||
|  | | `nameOverride`     | Individual release name suffix.           | `""`  | | ||||||
|  | | `fullnameOverride` | Override the complete release name logic. | `""`  | | ||||||
|  |  | ||||||
|  | ### Certificate | ||||||
|  |  | ||||||
|  | | Name                                          | Description                                                                                                                                                 | Value                           | | ||||||
|  | | --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- | | ||||||
|  | | `certificate.enabled`                         | Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added. | `false`                         | | ||||||
|  | | `certificate.existingSecret.enabled`          | Use an existing secret of the type `kubernetes.io/tls`.                                                                                                     | `false`                         | | ||||||
|  | | `certificate.existingSecret.secretName`       | Name of the secret containing the TLS certificate and private key.                                                                                          | `""`                            | | ||||||
|  | | `certificate.new.annotations`                 | Additional certificate annotations.                                                                                                                         | `{}`                            | | ||||||
|  | | `certificate.new.labels`                      | Additional certificate labels.                                                                                                                              | `{}`                            | | ||||||
|  | | `certificate.new.duration`                    | Duration of the TLS certificate.                                                                                                                            | `744h`                          | | ||||||
|  | | `certificate.new.renewBefore`                 | Renew TLS certificate before expiring.                                                                                                                      | `672h`                          | | ||||||
|  | | `certificate.new.dnsNames`                    | Overwrites the default of the subject alternative DNS names.                                                                                                | `[]`                            | | ||||||
|  | | `certificate.new.ipAddresses`                 | Overwrites the default of the subject alternative IP addresses.                                                                                             | `[]`                            | | ||||||
|  | | `certificate.new.issuerRef.kind`              | Issuer kind. Can be `Issuer` or `ClusterIssuer`.                                                                                                            | `""`                            | | ||||||
|  | | `certificate.new.issuerRef.name`              | Name of the `Issuer` or `ClusterIssuer`.                                                                                                                    | `""`                            | | ||||||
|  | | `certificate.new.privateKey.algorithm`        | Algorithm of the private TLS key.                                                                                                                           | `RSA`                           | | ||||||
|  | | `certificate.new.privateKey.rotationPolicy`   | Rotation of the private TLS key.                                                                                                                            | `Never`                         | | ||||||
|  | | `certificate.new.privateKey.size`             | Size of the private TLS key.                                                                                                                                | `4096`                          | | ||||||
|  | | `certificate.new.secretTemplate.annotations`  | Additional annotation of the created secret.                                                                                                                | `{}`                            | | ||||||
|  | | `certificate.new.secretTemplate.labels`       | Additional labels of the created secret.                                                                                                                    | `{}`                            | | ||||||
|  | | `certificate.new.subject.countries`           | List of countries.                                                                                                                                          | `[]`                            | | ||||||
|  | | `certificate.new.subject.localities`          | List of localities.                                                                                                                                         | `[]`                            | | ||||||
|  | | `certificate.new.subject.organizationalUnits` | List of organizationalUnits.                                                                                                                                | `[]`                            | | ||||||
|  | | `certificate.new.subject.organizations`       | List of organizations.                                                                                                                                      | `[]`                            | | ||||||
|  | | `certificate.new.subject.postalCodes`         | List of postalCodes.                                                                                                                                        | `[]`                            | | ||||||
|  | | `certificate.new.subject.provinces`           | List of provinces.                                                                                                                                          | `[]`                            | | ||||||
|  | | `certificate.new.subject.serialNumber`        | Serial number.                                                                                                                                              | `""`                            | | ||||||
|  | | `certificate.new.subject.streetAddresses`     | List of streetAddresses.                                                                                                                                    | `[]`                            | | ||||||
|  | | `certificate.new.usages`                      | Define the usage of the TLS key.                                                                                                                            | `["client auth","server auth"]` | | ||||||
|  |  | ||||||
|  | ### Configuration | ||||||
|  |  | ||||||
|  | | Name                                                    | Description                                                                                                                                       | Value            | | ||||||
|  | | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | | ||||||
|  | | `config.env.enabled`                                    | Enable mounting of the secret as environment variables.                                                                                           | `false`          | | ||||||
|  | | `config.env.existingSecret.enabled`                     | Mount an existing secret containing the application specific environment variables.                                                               | `false`          | | ||||||
|  | | `config.env.existingSecret.secretName`                  | Name of the existing secret containing the application specific environment variables.                                                            | `""`             | | ||||||
|  | | `config.env.secret.annotations`                         | Additional annotations of the secret containing the database credentials.                                                                         | `{}`             | | ||||||
|  | | `config.env.secret.labels`                              | Additional labels of the secret containing the database credentials.                                                                              | `{}`             | | ||||||
|  | | `config.env.secret.envs`                                | List of environment variables stored in a secret and mounted into the container.                                                                  | `{}`             | | ||||||
|  | | `config.downloadMode.enabled`                           | Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined. | `false`          | | ||||||
|  | | `config.downloadMode.existingConfigMap.enabled`         | Enable to use an external config map for mounting the download mode file.                                                                         | `false`          | | ||||||
|  | | `config.downloadMode.existingConfigMap.configMapName`   | The name of the existing config map which should be used to mount the download mode file.                                                         | `""`             | | ||||||
|  | | `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored.                                                  | `downloadMode`   | | ||||||
|  | | `config.downloadMode.configMap.annotations`             | Additional annotations of the config map containing the download mode file.                                                                       | `{}`             | | ||||||
|  | | `config.downloadMode.configMap.labels`                  | Additional labels of the config map containing the download mode file.                                                                            | `{}`             | | ||||||
|  | | `config.gitConfig.enabled`                              | Enable mounting of a .gitconfig file into the container file system.                                                                              | `false`          | | ||||||
|  | | `config.gitConfig.existingConfigMap.enabled`            | Enable to use an external config map for mounting the .gitconfig file.                                                                            | `false`          | | ||||||
|  | | `config.gitConfig.existingConfigMap.configMapName`      | The name of the existing config map which should be used to mount the .gitconfig file.                                                            | `""`             | | ||||||
|  | | `config.gitConfig.existingConfigMap.gitConfigKey`       | The name of the key inside the config map where the content of the .gitconfig file is stored.                                                     | `nil`            | | ||||||
|  | | `config.gitConfig.configMap.annotations`                | Additional annotations of the config map containing the .gitconfig file.                                                                          | `{}`             | | ||||||
|  | | `config.gitConfig.configMap.labels`                     | Additional labels of the config map containing the .gitconfig file.                                                                               | `{}`             | | ||||||
|  | | `config.netrc.enabled`                                  | Enable mounting of a .netrc file into the container file system.                                                                                  | `false`          | | ||||||
|  | | `config.netrc.existingSecret.enabled`                   | Enable to use an external secret for mounting the .netrc file.                                                                                    | `false`          | | ||||||
|  | | `config.netrc.existingSecret.secretName`                | The name of the existing secret which should be used to mount the .netrc file.                                                                    | `""`             | | ||||||
|  | | `config.netrc.existingSecret.netrcKey`                  | The name of the key inside the secret where the content of the .netrc file is stored.                                                             | `.netrc`         | | ||||||
|  | | `config.netrc.secret.annotations`                       | Additional annotations of the secret containing the database credentials.                                                                         | `{}`             | | ||||||
|  | | `config.netrc.secret.labels`                            | Additional labels of the secret containing the database credentials.                                                                              | `{}`             | | ||||||
|  | | `config.ssh.enabled`                                    | Enable mounting of a .netrc file into the container file system.                                                                                  | `false`          | | ||||||
|  | | `config.ssh.existingSecret.enabled`                     | Enable to use an external secret for mounting the public and private SSH key files.                                                               | `false`          | | ||||||
|  | | `config.ssh.existingSecret.secretName`                  | The name of the existing secret which should be used to mount the public and private SSH key files.                                               | `""`             | | ||||||
|  | | `config.ssh.existingSecret.configKey`                   | The name of the key inside the secret where the content of the SSH client config file is stored.                                                  | `config`         | | ||||||
|  | | `config.ssh.existingSecret.id_ed25519Key`               | The name of the key inside the secret where the content of the id_ed25519 key file is stored.                                                     | `id_ed25519`     | | ||||||
|  | | `config.ssh.existingSecret.id_ed25519PubKey`            | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.                                                 | `id_ed25519.pub` | | ||||||
|  | | `config.ssh.existingSecret.id_rsaKey`                   | The name of the key inside the secret where the content of the id_rsa key file is stored.                                                         | `id_rsa`         | | ||||||
|  | | `config.ssh.existingSecret.id_rsaPubKey`                | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.                                                 | `id_rsa.pub`     | | ||||||
|  | | `config.ssh.secret.annotations`                         | Additional annotations of the secret containing the public and private SSH key files.                                                             | `{}`             | | ||||||
|  | | `config.ssh.secret.labels`                              | Additional labels of the secret containing the public and private SSH key files.                                                                  | `{}`             | | ||||||
|  |  | ||||||
|  | ### Deployment | ||||||
|  |  | ||||||
|  | | Name                                               | Description                                                                                                | Value           | | ||||||
|  | | -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------- | | ||||||
|  | | `deployment.annotations`                           | Additional deployment annotations.                                                                         | `{}`            | | ||||||
|  | | `deployment.labels`                                | Additional deployment labels.                                                                              | `{}`            | | ||||||
|  | | `deployment.additionalContainers`                  | List of additional containers.                                                                             | `[]`            | | ||||||
|  | | `deployment.affinity`                              | Affinity for the athens-proxy deployment.                                                                  | `{}`            | | ||||||
|  | | `deployment.initContainers`                        | List of additional init containers.                                                                        | `[]`            | | ||||||
|  | | `deployment.dnsConfig`                             | dnsConfig of the athens-proxy deployment.                                                                  | `{}`            | | ||||||
|  | | `deployment.dnsPolicy`                             | dnsPolicy of the athens-proxy deployment.                                                                  | `""`            | | ||||||
|  | | `deployment.hostname`                              | Individual hostname of the pod.                                                                            | `""`            | | ||||||
|  | | `deployment.subdomain`                             | Individual domain of the pod.                                                                              | `""`            | | ||||||
|  | | `deployment.hostNetwork`                           | Use the kernel network namespace of the host system.                                                       | `false`         | | ||||||
|  | | `deployment.imagePullSecrets`                      | Secret to use for pulling the image.                                                                       | `[]`            | | ||||||
|  | | `deployment.athensProxy.args`                      | Arguments passed to the athens-proxy container.                                                            | `[]`            | | ||||||
|  | | `deployment.athensProxy.command`                   | Command passed to the athens-proxy container.                                                              | `[]`            | | ||||||
|  | | `deployment.athensProxy.env`                       | List of environment variables for the athens-proxy container.                                              | `[]`            | | ||||||
|  | | `deployment.athensProxy.envFrom`                   | List of environment variables mounted from configMaps or secrets for the athens-proxy container.           | `[]`            | | ||||||
|  | | `deployment.athensProxy.image.registry`            | Image registry, eg. `docker.io`.                                                                           | `docker.io`     | | ||||||
|  | | `deployment.athensProxy.image.repository`          | Image repository, eg. `library/busybox`.                                                                   | `gomods/athens` | | ||||||
|  | | `deployment.athensProxy.image.tag`                 | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`.                                                   | `""`            | | ||||||
|  | | `deployment.athensProxy.image.pullPolicy`          | Image pull policy.                                                                                         | `IfNotPresent`  | | ||||||
|  | | `deployment.athensProxy.resources`                 | CPU and memory resources of the pod.                                                                       | `{}`            | | ||||||
|  | | `deployment.athensProxy.securityContext`           | Security context of the container of the deployment.                                                       | `{}`            | | ||||||
|  | | `deployment.athensProxy.volumeMounts`              | Additional volume mounts.                                                                                  | `[]`            | | ||||||
|  | | `deployment.nodeSelector`                          | NodeSelector of the athens-proxy deployment.                                                               | `{}`            | | ||||||
|  | | `deployment.priorityClassName`                     | PriorityClassName of the athens-proxy deployment.                                                          | `""`            | | ||||||
|  | | `deployment.replicas`                              | Number of replicas for the athens-proxy deployment.                                                        | `1`             | | ||||||
|  | | `deployment.restartPolicy`                         | Restart policy of the athens-proxy deployment.                                                             | `""`            | | ||||||
|  | | `deployment.securityContext`                       | Security context of the athens-proxy deployment.                                                           | `{}`            | | ||||||
|  | | `deployment.strategy.type`                         | Strategy type - `Recreate` or `RollingUpdate`.                                                             | `RollingUpdate` | | ||||||
|  | | `deployment.strategy.rollingUpdate.maxSurge`       | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1`             | | ||||||
|  | | `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update.                                | `1`             | | ||||||
|  | | `deployment.terminationGracePeriodSeconds`         | How long to wait until forcefully kill the pod.                                                            | `60`            | | ||||||
|  | | `deployment.tolerations`                           | Tolerations of the athens-proxy deployment.                                                                | `[]`            | | ||||||
|  | | `deployment.topologySpreadConstraints`             | TopologySpreadConstraints of the athens-proxy deployment.                                                  | `[]`            | | ||||||
|  | | `deployment.volumes`                               | Additional volumes to mount into the pods of the athens-proxy deployment.                                  | `[]`            | | ||||||
|  |  | ||||||
|  | ### Horizontal Pod Autoscaler (HPA) | ||||||
|  |  | ||||||
|  | | Name              | Description                                                                                        | Value       | | ||||||
|  | | ----------------- | -------------------------------------------------------------------------------------------------- | ----------- | | ||||||
|  | | `hpa.enabled`     | Enable the horizontal pod autoscaler (HPA).                                                        | `false`     | | ||||||
|  | | `hpa.annotations` | Additional annotations for the HPA.                                                                | `{}`        | | ||||||
|  | | `hpa.labels`      | Additional labels for the HPA.                                                                     | `{}`        | | ||||||
|  | | `hpa.metrics`     | Metrics contains the specifications for which to use to calculate the desired replica count.       | `undefined` | | ||||||
|  | | `hpa.minReplicas` | Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down. | `1`         | | ||||||
|  | | `hpa.maxReplicas` | Upper limit for the number of pods that can be set by the autoscaler.                              | `10`        | | ||||||
|  |  | ||||||
|  | ### Ingress | ||||||
|  |  | ||||||
|  | | Name                  | Description                                                                                                          | Value   | | ||||||
|  | | --------------------- | -------------------------------------------------------------------------------------------------------------------- | ------- | | ||||||
|  | | `ingress.enabled`     | Enable creation of an ingress resource. Requires, that the http service is also enabled.                             | `false` | | ||||||
|  | | `ingress.className`   | Ingress class.                                                                                                       | `nginx` | | ||||||
|  | | `ingress.annotations` | Additional ingress annotations.                                                                                      | `{}`    | | ||||||
|  | | `ingress.labels`      | Additional ingress labels.                                                                                           | `{}`    | | ||||||
|  | | `ingress.hosts`       | Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. | `[]`    | | ||||||
|  | | `ingress.tls`         | Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``.         | `[]`    | | ||||||
|  |  | ||||||
|  | ### Persistence | ||||||
|  |  | ||||||
|  | | Name                                                                       | Description                                                                                                                                                                                                             | Value                        | | ||||||
|  | | -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | | ||||||
|  | | `persistence.enabled`                                                      | Enable the feature to store the data on a persistent volume claim. If enabled, the volume will be automatically be mounted into the pod. Furthermore, the env `ATHENS_STORAGE_TYPE=disk` will automatically be defined. | `false`                      | | ||||||
|  | | `persistence.data.mountPath`                                               | The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`.                                                                                 | `/var/www/athens-proxy/data` | | ||||||
|  | | `persistence.data.existingPersistentVolumeClaim.enabled`                   | TODO                                                                                                                                                                                                                    | `false`                      | | ||||||
|  | | `persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName` | TODO                                                                                                                                                                                                                    | `""`                         | | ||||||
|  | | `persistence.data.persistentVolumeClaim.annotations`                       | Additional persistent volume claim annotations.                                                                                                                                                                         | `{}`                         | | ||||||
|  | | `persistence.data.persistentVolumeClaim.labels`                            | Additional persistent volume claim labels.                                                                                                                                                                              | `{}`                         | | ||||||
|  | | `persistence.data.persistentVolumeClaim.accessModes`                       | Access modes of the persistent volume claim.                                                                                                                                                                            | `["ReadWriteMany"]`          | | ||||||
|  | | `persistence.data.persistentVolumeClaim.storageClassName`                  | Storage class of the persistent volume claim.                                                                                                                                                                           | `""`                         | | ||||||
|  | | `persistence.data.persistentVolumeClaim.storageSize`                       | Size of the persistent volume claim.                                                                                                                                                                                    | `5Gi`                        | | ||||||
|  |  | ||||||
|  | ### Network | ||||||
|  |  | ||||||
|  | | Name            | Description                                                              | Value           | | ||||||
|  | | --------------- | ------------------------------------------------------------------------ | --------------- | | ||||||
|  | | `clusterDomain` | Domain of the Cluster. Domain is part of internally issued certificates. | `cluster.local` | | ||||||
|  |  | ||||||
|  | ### Network Policy | ||||||
|  |  | ||||||
|  | | Name                        | Description                                                               | Value   | | ||||||
|  | | --------------------------- | ------------------------------------------------------------------------- | ------- | | ||||||
|  | | `networkPolicy.enabled`     | Enable network policies in general.                                       | `false` | | ||||||
|  | | `networkPolicy.annotations` | Additional network policy annotations.                                    | `{}`    | | ||||||
|  | | `networkPolicy.labels`      | Additional network policy labels.                                         | `{}`    | | ||||||
|  | | `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]`    | | ||||||
|  | | `networkPolicy.egress`      | Concrete egress network policy implementation.                            | `[]`    | | ||||||
|  | | `networkPolicy.ingress`     | Concrete ingress network policy implementation.                           | `[]`    | | ||||||
|  |  | ||||||
|  | ### Service | ||||||
|  |  | ||||||
|  | | Name                                     | Description                                                                                                                                                                                                | Value       | | ||||||
|  | | ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | ||||||
|  | | `services.http.enabled`                  | Enable the service.                                                                                                                                                                                        | `true`      | | ||||||
|  | | `services.http.annotations`              | Additional service annotations.                                                                                                                                                                            | `{}`        | | ||||||
|  | | `services.http.externalIPs`              | External IPs for the service.                                                                                                                                                                              | `[]`        | | ||||||
|  | | `services.http.externalTrafficPolicy`    | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster`   | | ||||||
|  | | `services.http.internalTrafficPolicy`    | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic.                                                   | `Cluster`   | | ||||||
|  | | `services.http.ipFamilies`               | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization.         | `[]`        | | ||||||
|  | | `services.http.labels`                   | Additional service labels.                                                                                                                                                                                 | `{}`        | | ||||||
|  | | `services.http.loadBalancerClass`        | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`.                                                                     | `""`        | | ||||||
|  | | `services.http.loadBalancerIP`           | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.                                                                                              | `""`        | | ||||||
|  | | `services.http.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.                                                                                                                           | `[]`        | | ||||||
|  | | `services.http.port`                     | Port to forward the traffic to.                                                                                                                                                                            | `3000`      | | ||||||
|  | | `services.http.sessionAffinity`          | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.                                                                                                                    | `None`      | | ||||||
|  | | `services.http.sessionAffinityConfig`    | Contains the configuration of the session affinity.                                                                                                                                                        | `{}`        | | ||||||
|  | | `services.http.type`                     | Kubernetes service type for the traffic.                                                                                                                                                                   | `ClusterIP` | | ||||||
|  |  | ||||||
|  | ### ServiceAccount | ||||||
|  |  | ||||||
|  | | Name                                              | Description                                                                                                                                         | Value   | | ||||||
|  | | ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | | ||||||
|  | | `serviceAccount.existing.enabled`                 | Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations.           | `false` | | ||||||
|  | | `serviceAccount.existing.serviceAccountName`      | Name of the existing service account.                                                                                                               | `""`    | | ||||||
|  | | `serviceAccount.new.annotations`                  | Additional service account annotations.                                                                                                             | `{}`    | | ||||||
|  | | `serviceAccount.new.labels`                       | Additional service account labels.                                                                                                                  | `{}`    | | ||||||
|  | | `serviceAccount.new.automountServiceAccountToken` | Enable/disable auto mounting of the service account token.                                                                                          | `true`  | | ||||||
|  | | `serviceAccount.new.imagePullSecrets`             | ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount. | `[]`    | | ||||||
|  | | `serviceAccount.new.secrets`                      | Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.                                                        | `[]`    | | ||||||
|   | |||||||
| @@ -1,12 +0,0 @@ | |||||||
| apiVersion: v1 |  | ||||||
| kind: ConfigMap |  | ||||||
| metadata: |  | ||||||
|   name: custom-configs |  | ||||||
| data: |  | ||||||
|   sshconfig: | |  | ||||||
|     Host github.com |  | ||||||
|       IdentityFile /root/.ssh/id_ed25519 |  | ||||||
|       StrictHostKeyChecking no |  | ||||||
|   gitconfig: | |  | ||||||
|     [url "git@github.com:"] |  | ||||||
|       insteadOf = https://github.com/ |  | ||||||
| @@ -1,26 +0,0 @@ | |||||||
| apiVersion: v1 |  | ||||||
| kind: Secret |  | ||||||
| metadata: |  | ||||||
|   name: custom-ssh-keys |  | ||||||
| type: Opaque |  | ||||||
| stringData: |  | ||||||
|   id_ed25519: | |  | ||||||
|     -----BEGIN OPENSSH PRIVATE KEY----- |  | ||||||
|     b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW |  | ||||||
|     QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj |  | ||||||
|     XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg |  | ||||||
|     AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M |  | ||||||
|     a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ== |  | ||||||
|     -----END OPENSSH PRIVATE KEY----- |  | ||||||
|   id_ed25519.pub: | |  | ||||||
|     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe |  | ||||||
| --- |  | ||||||
| apiVersion: v1 |  | ||||||
| kind: Secret |  | ||||||
| metadata: |  | ||||||
|   name: custom-netrc |  | ||||||
| type: Opaque |  | ||||||
| stringData: |  | ||||||
|   netrc: | |  | ||||||
|     machine github.com login USERNAME password API-KEY |  | ||||||
|     machine gitlab.com login USERNAME password API-KEY |  | ||||||
| @@ -9,6 +9,7 @@ | |||||||
|   ], |   ], | ||||||
|   "customManagers": [ |   "customManagers": [ | ||||||
|     { |     { | ||||||
|  |       "customType": "regex", | ||||||
|       "fileMatch": [ |       "fileMatch": [ | ||||||
|         "^Chart\\.yaml$" |         "^Chart\\.yaml$" | ||||||
|       ], |       ], | ||||||
| @@ -21,6 +22,7 @@ | |||||||
|       "versioningTemplate": "semver" |       "versioningTemplate": "semver" | ||||||
|     }, |     }, | ||||||
|     { |     { | ||||||
|  |       "customType": "regex", | ||||||
|       "fileMatch": ["^README\\.md$"], |       "fileMatch": ["^README\\.md$"], | ||||||
|       "matchStrings": [ |       "matchStrings": [ | ||||||
|         "VERSION=(?<currentValue>.*)" |         "VERSION=(?<currentValue>.*)" | ||||||
| @@ -32,6 +34,20 @@ | |||||||
|     } |     } | ||||||
|   ], |   ], | ||||||
|   "packageRules": [ |   "packageRules": [ | ||||||
|  |     { | ||||||
|  |       "groupName": "Update docker.io/volkerraschek/helm", | ||||||
|  |       "matchDepNames": [ | ||||||
|  |         "docker.io/volkerraschek/helm", | ||||||
|  |         "volkerraschek/helm" | ||||||
|  |       ] | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       "groupName": "Update docker.io/library/node", | ||||||
|  |       "matchDepNames": [ | ||||||
|  |         "docker.io/library/node", | ||||||
|  |         "library/node" | ||||||
|  |       ] | ||||||
|  |     }, | ||||||
|     { |     { | ||||||
|       "addLabels": [ |       "addLabels": [ | ||||||
|         "renovate/automerge", |         "renovate/automerge", | ||||||
|   | |||||||
							
								
								
									
										25
									
								
								templates/_certificate.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								templates/_certificate.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | |||||||
|  | {{/* vim: set filetype=mustache: */}} | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.certificates.server.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if .Values.certificate.new.annotations }} | ||||||
|  | {{ toYaml .Values.certificate.new.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.certificates.server.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- if .Values.certificate.new.labels }} | ||||||
|  | {{ toYaml .Values.certificate.new.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* names */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.certificates.server.name" -}} | ||||||
|  | {{ include "athens-proxy.fullname" . }}-tls | ||||||
|  | {{- end -}} | ||||||
| @@ -34,6 +34,10 @@ | |||||||
| 
 | 
 | ||||||
| {{/* name */}} | {{/* name */}} | ||||||
| 
 | 
 | ||||||
|  | {{- define "athens-proxy.configMap.downloadMode.name" -}} | ||||||
|  | {{ include "athens-proxy.fullname" . }}-download-mode-file | ||||||
|  | {{- end }} | ||||||
|  | 
 | ||||||
| {{- define "athens-proxy.configMap.gitConfig.name" -}} | {{- define "athens-proxy.configMap.gitConfig.name" -}} | ||||||
| {{ include "athens-proxy.fullname" . }}-gitconfig | {{ include "athens-proxy.fullname" . }}-gitconfig | ||||||
| {{- end }} | {{- end }} | ||||||
							
								
								
									
										279
									
								
								templates/_deployment.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										279
									
								
								templates/_deployment.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,279 @@ | |||||||
|  | {{/* vim: set filetype=mustache: */}} | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.deployment.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if .Values.deployment.annotations }} | ||||||
|  | {{ toYaml .Values.deployment.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* env */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.deployment.env" -}} | ||||||
|  | {{- $env := .Values.deployment.athensProxy.env | default (list) }} | ||||||
|  |  | ||||||
|  | {{- if and .Values.persistence.enabled }} | ||||||
|  | {{- $env = concat $env (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if .Values.config.downloadMode.enabled }} | ||||||
|  | {{- $env = concat $env (list (dict "name" "ATHENS_DOWNLOAD_MODE" "value" "file:/etc/athens/config/download-mode.d/download-mode")) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }} | ||||||
|  | {{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if .Values.certificate.enabled }} | ||||||
|  | {{- $env = concat $env (list | ||||||
|  |       (dict "name" "ATHENS_TLSCERT_FILE" "value" "/etc/athens-proxy/tls/tls.crt") | ||||||
|  |       (dict "name" "ATHENS_TLSKEY_FILE" "value" "/etc/athens-proxy/tls/tls.key") | ||||||
|  |     ) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{ toYaml (dict "env" $env) }} | ||||||
|  |  | ||||||
|  | {{- end -}} | ||||||
|  |  | ||||||
|  |  | ||||||
|  | {{/* envFrom */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.deployment.envFrom" -}} | ||||||
|  | {{- $envFrom := .Values.deployment.athensProxy.envFrom | default (list) }} | ||||||
|  |  | ||||||
|  | {{- if .Values.config.env.enabled }} | ||||||
|  | {{- $secretName := include "athens-proxy.secrets.env.name" $ }} | ||||||
|  | {{- if and .Values.config.env.existingSecret.enabled (gt (len .Values.config.env.existingSecret.secretName) 0)}} | ||||||
|  | {{- $secretName = .Values.config.env.existingSecret.secretName }} | ||||||
|  | {{- end }} | ||||||
|  | {{- $envFrom = concat $envFrom (list (dict "secretRef" (dict "name" $secretName))) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{ toYaml (dict "envFrom" $envFrom) }} | ||||||
|  |  | ||||||
|  | {{- end -}} | ||||||
|  |  | ||||||
|  | {{/* image */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.deployment.images.athens-proxy.fqin" -}} | ||||||
|  | {{- $registry := .Values.deployment.athensProxy.image.registry -}} | ||||||
|  | {{- $repository := .Values.deployment.athensProxy.image.repository -}} | ||||||
|  | {{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}} | ||||||
|  | {{- printf "%s/%s:%s" $registry $repository $tag -}} | ||||||
|  | {{- end -}} | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.deployment.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- if .Values.deployment.labels }} | ||||||
|  | {{ toYaml .Values.deployment.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* serviceAccount */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.deployment.serviceAccount" -}} | ||||||
|  | {{- if .Values.serviceAccount.existing.enabled -}} | ||||||
|  | {{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}} | ||||||
|  | {{- else -}} | ||||||
|  | {{- include "athens-proxy.fullname" . -}} | ||||||
|  | {{- end -}} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* volumeMounts */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.deployment.volumeMounts" -}} | ||||||
|  | {{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }} | ||||||
|  |  | ||||||
|  | {{- if .Values.persistence.enabled }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* volumes (download mode) */}} | ||||||
|  | {{- if .Values.config.downloadMode.enabled }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "download-mode" "mountPath" "/etc/athens/config/download-mode.d" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* volumeMount (git config) */}} | ||||||
|  | {{- if .Values.config.gitConfig.enabled }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.gitconfig" "subPath" ".gitconfig" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* volumeMount (netrc) */}} | ||||||
|  | {{- if .Values.config.netrc.enabled }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.netrc" "subPath" ".netrc" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* volumeMount (ssh) */}} | ||||||
|  | {{- if and .Values.config.ssh.enabled }} | ||||||
|  | {{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.config) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.configKey) 0)) }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/config" "subPath" "config" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0)) }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519" "subPath" "id_ed25519" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_ed25519_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0)) }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_ed25519.pub" "subPath" "id_ed25519.pub" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0)) }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa" "subPath" "id_rsa" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if or (and (not .Values.config.ssh.existingSecret.enabled) (gt (len .Values.config.ssh.secret.id_rsa_pub) 0)) (and .Values.config.ssh.existingSecret.enabled (gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0)) }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.ssh/id_rsa.pub" "subPath" "id_rsa.pub" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  |  | ||||||
|  | {{/* volumeMounts (tls) */}} | ||||||
|  | {{- if .Values.certificate.enabled }} | ||||||
|  | {{- $volumeMounts = concat $volumeMounts (list (dict "name" "tls" "mountPath" "/etc/athens-proxy/tls" )) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{ toYaml (dict "volumeMounts" $volumeMounts) }} | ||||||
|  | {{- end -}} | ||||||
|  |  | ||||||
|  | {{/* volumes */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.deployment.volumes" -}} | ||||||
|  | {{- $volumes := .Values.deployment.volumes | default (list) }} | ||||||
|  |  | ||||||
|  |  | ||||||
|  | {{/* volumes (data) */}} | ||||||
|  | {{- if .Values.persistence.enabled }} | ||||||
|  | {{- $claimName := include "athens-proxy.persistentVolumeClaim.data.name" $ }} | ||||||
|  | {{- if .Values.persistence.data.existingPersistentVolumeClaim.enabled }} | ||||||
|  | {{- $claimName = .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName }} | ||||||
|  | {{- end }} | ||||||
|  | {{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $claimName))) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  |  | ||||||
|  | {{/* volumes (download mode) */}} | ||||||
|  | {{- if .Values.config.downloadMode.enabled }} | ||||||
|  | {{- $itemList := list (dict "key" "downloadMode" "path" "download-mode" "mode" 0644) }} | ||||||
|  | {{- $configMapName := include "athens-proxy.configMap.downloadMode.name" $ }} | ||||||
|  | {{- if and .Values.config.downloadMode.existingConfigMap.enabled (gt (len .Values.config.downloadMode.existingConfigMap.configMapName) 0) }} | ||||||
|  | {{- $itemList = list (dict "key" .Values.config.downloadMode.existingConfigMap.downloadModeKey "path" "download-mode" "mode" 0644) }} | ||||||
|  | {{- $configMapName = .Values.config.downloadMode.existingConfigMap.configMapName }} | ||||||
|  | {{- end }} | ||||||
|  | {{- $volumes = concat $volumes (list (dict "name" "download-mode" "configMap" (dict "name" $configMapName "items" $itemList))) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  |  | ||||||
|  | {{/* volumes (git config) */}} | ||||||
|  | {{- $projectedSecretSources := list -}} | ||||||
|  |  | ||||||
|  | {{- if .Values.config.gitConfig.enabled }} | ||||||
|  | {{- $itemList := list (dict "key" ".gitconfig" "path" ".gitconfig" "mode" 0644) }} | ||||||
|  | {{- $configMapName := include "athens-proxy.configMap.gitConfig.name" . }} | ||||||
|  | {{- if .Values.config.gitConfig.existingConfigMap.enabled }} | ||||||
|  | {{- $itemList = list (dict "key" .Values.config.gitConfig.existingConfigMap.gitConfigKey "path" ".gitconfig" "mode" 0644) }} | ||||||
|  | {{- $configMapName = .Values.config.gitConfig.existingConfigMap.configMapName }} | ||||||
|  | {{- end }} | ||||||
|  | {{- $projectedSecretSources = concat $projectedSecretSources (list (dict "configMap" (dict "name" $configMapName "items" $itemList))) }} | ||||||
|  |  | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* volumes (netrc) */}} | ||||||
|  |  | ||||||
|  | {{- if .Values.config.netrc.enabled }} | ||||||
|  | {{- $itemList := list (dict "key" ".netrc" "path" ".netrc" "mode" 0600) }} | ||||||
|  | {{- $secretName := include "athens-proxy.secrets.netrc.name" . }} | ||||||
|  | {{- if .Values.config.netrc.existingSecret.enabled }} | ||||||
|  | {{- $itemList = list (dict "key" .Values.config.netrc.existingSecret.netrcKey "path" ".netrc" "mode" 0600) }} | ||||||
|  | {{- $secretName = .Values.config.netrc.existingSecret.secretName }} | ||||||
|  | {{- end }} | ||||||
|  | {{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }} | ||||||
|  |  | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* volumes (ssh) */}} | ||||||
|  | {{- if .Values.config.ssh.enabled }} | ||||||
|  |  | ||||||
|  | {{- $itemList := list -}} | ||||||
|  | {{- $secretName := include "athens-proxy.secrets.ssh.name" . }} | ||||||
|  |  | ||||||
|  | {{- if and .Values.config.ssh.existingSecret.enabled .Values.config.ssh.existingSecret.secretName }} | ||||||
|  | {{- $secretName = .Values.config.ssh.existingSecret.secretName }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.existingSecret.configKey) 0 }} | ||||||
|  | {{- $configItem := dict "key" .Values.config.ssh.existingSecret.configKey "path" "config" "mode" 0600 }} | ||||||
|  | {{- $itemList = concat $itemList (list $configItem) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.existingSecret.id_ed25519Key) 0 }} | ||||||
|  | {{- $idED25519Item := dict "key" .Values.config.ssh.existingSecret.id_ed25519Key "path" "id_ed25519" "mode" 0600 }} | ||||||
|  | {{- $itemList = concat $itemList (list $idED25519Item) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.existingSecret.id_ed25519PubKey) 0 }} | ||||||
|  | {{- $idED25519PubItem := dict "key" .Values.config.ssh.existingSecret.id_ed25519PubKey "path" "id_ed25519.pub" "mode" 0644 }} | ||||||
|  | {{- $itemList = concat $itemList (list $idED25519PubItem) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.existingSecret.id_rsaKey) 0 }} | ||||||
|  | {{- $idRSAItem := dict "key" .Values.config.ssh.existingSecret.id_rsaKey "path" "id_rsa" "mode" 0600 }} | ||||||
|  | {{- $itemList = concat $itemList (list $idRSAItem) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.existingSecret.id_rsaPubKey) 0 }} | ||||||
|  | {{- $idRSAPubItem := dict "key" .Values.config.ssh.existingSecret.id_rsaPubKey "path" "id_rsa.pub" "mode" 0644 }} | ||||||
|  | {{- $itemList = concat $itemList (list $idRSAPubItem) }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if not .Values.config.ssh.existingSecret.enabled }} | ||||||
|  | {{- if gt (len .Values.config.ssh.secret.config) 0 }} | ||||||
|  | {{- $configItem := dict "key" "config" "path" "config" "mode" 0600 }} | ||||||
|  | {{- $itemList = concat $itemList (list $configItem) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.secret.id_ed25519) 0 }} | ||||||
|  | {{- $idED25519Item := dict "key" "id_ed25519" "path" "id_ed25519" "mode" 0600 }} | ||||||
|  | {{- $itemList = concat $itemList (list $idED25519Item) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.secret.id_ed25519_pub) 0 }} | ||||||
|  | {{- $idED25519PubItem := dict "key" "id_ed25519.pub" "path" "id_ed25519.pub" "mode" 0644 }} | ||||||
|  | {{- $itemList = concat $itemList (list $idED25519PubItem) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.secret.id_rsa) 0 }} | ||||||
|  | {{- $idRSAItem := dict "key" "id_rsa" "path" "id_rsa" "mode" 0600 }} | ||||||
|  | {{- $itemList = concat $itemList (list $idRSAItem) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len .Values.config.ssh.secret.id_rsa_pub) 0 }} | ||||||
|  | {{- $idRSAPubItem := dict "key" "id_rsa.pub" "path" "id_rsa.pub" "mode" 0644 }} | ||||||
|  | {{- $itemList = concat $itemList (list $idRSAPubItem) }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- $projectedSecretSources = concat $projectedSecretSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- if gt (len $projectedSecretSources) 0 }} | ||||||
|  | {{- $projectedSecretVolume := dict "name" "secrets" "projected" (dict "sources" $projectedSecretSources) }} | ||||||
|  | {{- $volumes = concat $volumes (list $projectedSecretVolume) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* volumes (tls) */}} | ||||||
|  | {{- if .Values.certificate.enabled }} | ||||||
|  | {{- $secretName := include "athens-proxy.certificates.server.name" $ }} | ||||||
|  | {{- if .Values.certificate.existingSecret.enabled }} | ||||||
|  | {{- $secretName := .Values.certificate.existingSecret.secretName }} | ||||||
|  | {{- end }} | ||||||
|  | {{- $volumes = concat $volumes (list (dict "name" "tls" "secret" (dict "secretName" $secretName))) }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  |  | ||||||
|  | {{ toYaml (dict "volumes" $volumes) }} | ||||||
|  | {{- end -}} | ||||||
							
								
								
									
										19
									
								
								templates/_networkPolicy.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								templates/_networkPolicy.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | |||||||
|  | {{/* vim: set filetype=mustache: */}} | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.networkPolicy.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if .Values.networkPolicy.annotations }} | ||||||
|  | {{ toYaml .Values.networkPolicy.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.networkPolicy.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- if .Values.networkPolicy.labels }} | ||||||
|  | {{ toYaml .Values.networkPolicy.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										34
									
								
								templates/_pod.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										34
									
								
								templates/_pod.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,34 @@ | |||||||
|  | --- | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.pod.annotations" }} | ||||||
|  | {{- include "athens-proxy.annotations" . }} | ||||||
|  | {{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }} | ||||||
|  | {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }} | ||||||
|  | {{- end }} | ||||||
|  | {{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }} | ||||||
|  | {{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }} | ||||||
|  | {{- end }} | ||||||
|  | {{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }} | ||||||
|  | {{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }} | ||||||
|  | {{- end }} | ||||||
|  | {{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }} | ||||||
|  | {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }} | ||||||
|  | {{- end }} | ||||||
|  | {{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }} | ||||||
|  | {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.pod.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.pod.selectorLabels" -}} | ||||||
|  | {{ include "athens-proxy.selectorLabels" . }} | ||||||
|  | {{- end }} | ||||||
| @@ -1,118 +0,0 @@ | |||||||
| {{/* vim: set filetype=mustache: */}} |  | ||||||
|  |  | ||||||
| {{/* annotations */}} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.deployment.annotations" -}} |  | ||||||
| {{ include "athens-proxy.annotations" . }} |  | ||||||
| {{- if .Values.deployment.annotations }} |  | ||||||
| {{ toYaml .Values.deployment.annotations }} |  | ||||||
| {{- end }} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{/* env */}} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.deployment.env" -}} |  | ||||||
| {{- $env := .Values.deployment.athensProxy.env | default (list) }} |  | ||||||
| {{- if and .Values.persistence.enabled }} |  | ||||||
| {{- $env = concat $env (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)) }} |  | ||||||
| {{- end }} |  | ||||||
| {{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }} |  | ||||||
| {{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }} |  | ||||||
| {{- end }} |  | ||||||
| {{ toYaml (dict "env" $env) }} |  | ||||||
| {{- end -}} |  | ||||||
|  |  | ||||||
|  |  | ||||||
| {{/* envFrom */}} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.deployment.envFrom" -}} |  | ||||||
| {{- end -}} |  | ||||||
|  |  | ||||||
| {{/* image */}} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.deployment.images.athens-proxy.fqin" -}} |  | ||||||
| {{- $registry := .Values.deployment.athensProxy.image.registry -}} |  | ||||||
| {{- $repository := .Values.deployment.athensProxy.image.repository -}} |  | ||||||
| {{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}} |  | ||||||
| {{- printf "%s/%s:v%s" $registry $repository $tag -}} |  | ||||||
| {{- end -}} |  | ||||||
|  |  | ||||||
| {{/* labels */}} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.deployment.labels" -}} |  | ||||||
| {{ include "athens-proxy.labels" . }} |  | ||||||
| {{- if .Values.deployment.labels }} |  | ||||||
| {{ toYaml .Values.deployment.labels }} |  | ||||||
| {{- end }} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{/* serviceAccount */}} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.deployment.serviceAccount" -}} |  | ||||||
| {{- if .Values.serviceAccount.existing.enabled -}} |  | ||||||
| {{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}} |  | ||||||
| {{- else -}} |  | ||||||
| {{- include "athens-proxy.fullname" . -}} |  | ||||||
| {{- end -}} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{/* volumeMounts */}} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.deployment.volumeMounts" -}} |  | ||||||
| {{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }} |  | ||||||
| {{- if .Values.persistence.enabled }} |  | ||||||
| {{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{- if .Values.config.gitConfig.enabled }} |  | ||||||
| {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.gitconfig" "subPath" ".gitconfig" )) }} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{- if .Values.config.netrc.enabled }} |  | ||||||
| {{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.netrc" "subPath" ".netrc" )) }} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{ toYaml (dict "volumeMounts" $volumeMounts) }} |  | ||||||
| {{- end -}} |  | ||||||
|  |  | ||||||
| {{/* volumes */}} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.deployment.volumes" -}} |  | ||||||
| {{- $volumes := .Values.deployment.athensProxy.volumes | default (list) }} |  | ||||||
|  |  | ||||||
| {{- if .Values.persistence.enabled }} |  | ||||||
| {{- $claimName := include "athens-proxy.persistentVolumeClaim.data.name" $ }} |  | ||||||
| {{- if .Values.persistence.data.existingPersistentVolumeClaim.enabled }} |  | ||||||
| {{- $claimName = .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName }} |  | ||||||
| {{- end }} |  | ||||||
| {{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $claimName))) }} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{- if .Values.config.gitConfig.enabled }} |  | ||||||
| {{- $projectedSources := list -}} |  | ||||||
| {{- $itemList := list (dict "key" ".gitconfig" "path" ".gitconfig" "mode" 0644) }} |  | ||||||
| {{- $configMapName := include "athens-proxy.configMap.gitConfig.name" . }} |  | ||||||
| {{- if .Values.config.gitConfig.existingConfigMap.enabled }} |  | ||||||
| {{- $itemList = list (dict "key" .Values.config.gitConfig.existingConfigMap.gitConfigKey "path" ".gitconfig" "mode" 0644) }} |  | ||||||
| {{- $configMapName = .Values.config.gitConfig.existingConfigMap.configMapName }} |  | ||||||
| {{- end }} |  | ||||||
| {{- $projectedSources = concat $projectedSources (list (dict "configMap" (dict "name" $configMapName "items" $itemList))) }} |  | ||||||
|  |  | ||||||
| {{- $volumes = concat $volumes (list (dict "name" "secrets" "projected" (dict "sources" $projectedSources)))}} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{- if .Values.config.netrc.enabled }} |  | ||||||
| {{- $projectedSources := list -}} |  | ||||||
| {{- $itemList := list (dict "key" ".netrc" "path" ".netrc" "mode" 0600) }} |  | ||||||
| {{- $secretName := include "athens-proxy.secrets.netrc.name" . }} |  | ||||||
| {{- if .Values.config.netrc.existingSecret.enabled }} |  | ||||||
| {{- $itemList = list (dict "key" .Values.config.netrc.existingSecret.netrcKey "path" ".netrc" "mode" 0600) }} |  | ||||||
| {{- $secretName = .Values.config.netrc.existingSecret.secretName }} |  | ||||||
| {{- end }} |  | ||||||
| {{- $projectedSources = concat $projectedSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }} |  | ||||||
|  |  | ||||||
| {{- $volumes = concat $volumes (list (dict "name" "secrets" "projected" (dict "sources" $projectedSources)))}} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{ toYaml (dict "volumes" $volumes) }} |  | ||||||
| {{- end -}} |  | ||||||
| @@ -1,19 +0,0 @@ | |||||||
| {{/* vim: set filetype=mustache: */}} |  | ||||||
|  |  | ||||||
| {{/* annotations */}} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.networkPolicies.annotations" -}} |  | ||||||
| {{ include "athens-proxy.annotations" .context }} |  | ||||||
| {{- if .networkPolicy.annotations }} |  | ||||||
| {{ toYaml .networkPolicy.annotations }} |  | ||||||
| {{- end }} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{/* labels */}} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.networkPolicies.labels" -}} |  | ||||||
| {{ include "athens-proxy.labels" .context }} |  | ||||||
| {{- if .networkPolicy.labels }} |  | ||||||
| {{ toYaml .networkPolicy.labels }} |  | ||||||
| {{- end }} |  | ||||||
| {{- end }} |  | ||||||
| @@ -1,17 +0,0 @@ | |||||||
| --- |  | ||||||
|  |  | ||||||
| {{/* annotations */}} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.pod.annotations" -}} |  | ||||||
| {{ include "athens-proxy.annotations" . }} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{/* labels */}} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.pod.labels" -}} |  | ||||||
| {{ include "athens-proxy.labels" . }} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.pod.selectorLabels" -}} |  | ||||||
| {{ include "athens-proxy.selectorLabels" . }} |  | ||||||
| {{- end }} |  | ||||||
| @@ -1,36 +0,0 @@ | |||||||
| {{- if .Values.networkPolicies.enabled }} |  | ||||||
| {{- range $key, $value := .Values.networkPolicies -}} |  | ||||||
| {{- if and (not (eq $key "enabled")) $value.enabled }} |  | ||||||
| --- |  | ||||||
| apiVersion: networking.k8s.io/v1 |  | ||||||
| kind: NetworkPolicy |  | ||||||
| metadata: |  | ||||||
|   {{- with (include "athens-proxy.networkPolicies.annotations" (dict "networkPolicy" $value "context" $) | fromYaml) }} |  | ||||||
|   annotations: |  | ||||||
|     {{- toYaml . | nindent 4 }} |  | ||||||
|   {{- end }} |  | ||||||
|   {{- with (include "athens-proxy.networkPolicies.labels" (dict "networkPolicy" $value "context" $) | fromYaml) }} |  | ||||||
|   labels: |  | ||||||
|     {{- toYaml . | nindent 4 }} |  | ||||||
|   {{- end }} |  | ||||||
|   name: {{ printf "%s-%s" (include "athens-proxy.fullname" $ ) $key }} |  | ||||||
|   namespace: {{ $.Release.Namespace }} |  | ||||||
| spec: |  | ||||||
|   podSelector: |  | ||||||
|     matchLabels: |  | ||||||
|       {{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }} |  | ||||||
|   {{- with $value.policyTypes }} |  | ||||||
|   policyTypes: |  | ||||||
|   {{- toYaml . | nindent 2 }} |  | ||||||
|   {{- end }} |  | ||||||
|   {{- with $value.egress }} |  | ||||||
|   egress: |  | ||||||
|   {{- toYaml . | nindent 2 }} |  | ||||||
|   {{- end }} |  | ||||||
|   {{- with $value.ingress }} |  | ||||||
|   ingress: |  | ||||||
|   {{- toYaml . | nindent 2 }} |  | ||||||
|   {{- end }} |  | ||||||
| {{- end }} |  | ||||||
| {{- end }} |  | ||||||
| {{- end }} |  | ||||||
							
								
								
									
										87
									
								
								templates/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										87
									
								
								templates/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,87 @@ | |||||||
|  | {{- if and .Values.certificate.enabled (not .Values.certificate.existingSecret.enabled) -}} | ||||||
|  | --- | ||||||
|  | apiVersion: cert-manager.io/v1 | ||||||
|  | kind: Certificate | ||||||
|  | metadata: | ||||||
|  |   {{- with (include "athens-proxy.certificates.server.annotations" . | fromYaml) }} | ||||||
|  |   annotations: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with (include "athens-proxy.certificates.server.labels" . | fromYaml) }} | ||||||
|  |   labels: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   name: {{ include "athens-proxy.certificates.server.name" . }} | ||||||
|  |   namespace: {{ .Release.Namespace }} | ||||||
|  | spec: | ||||||
|  |   commonName: {{ include "athens-proxy.fullname" . }} | ||||||
|  |   {{- if empty .Values.certificate.new.dnsNames }} | ||||||
|  |   dnsNames: | ||||||
|  |   - {{ include "athens-proxy.fullname" . }} | ||||||
|  |   - {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }} | ||||||
|  |   - {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc | ||||||
|  |   - {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} | ||||||
|  |   {{- else }} | ||||||
|  |   dnsNames: | ||||||
|  |   {{- range .Values.certificate.new.dnsNames }} | ||||||
|  |   - {{ . }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- end }} | ||||||
|  |   duration: {{ .Values.certificate.new.duration }} | ||||||
|  |   {{- if not (empty .Values.certificate.new.ipAddresses) }} | ||||||
|  |   ipAddresses: | ||||||
|  |   {{- range .Values.certificate.new.ipAddresses }} | ||||||
|  |   - {{ . }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- end }} | ||||||
|  |   isCA: false | ||||||
|  |   issuerRef: | ||||||
|  |     kind: {{ required "No certificate issuer kind defined!" .Values.certificate.new.issuerRef.kind }} | ||||||
|  |     name: {{ required "No certificate issuer name defined!" .Values.certificate.new.issuerRef.name }} | ||||||
|  |   privateKey: | ||||||
|  |     algorithm: {{ .Values.certificate.new.privateKey.algorithm }} | ||||||
|  |     rotationPolicy: {{ .Values.certificate.new.privateKey.rotationPolicy }} | ||||||
|  |     size: {{ .Values.certificate.new.privateKey.size }} | ||||||
|  |   renewBefore: {{ .Values.certificate.new.renewBefore }} | ||||||
|  |   secretName: {{ include "athens-proxy.certificates.server.name" . }} | ||||||
|  |   {{- with .Values.certificate.new.secretTemplate }} | ||||||
|  |   secretTemplate: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   subject: | ||||||
|  |     {{- with .Values.certificate.new.subject.countries }} | ||||||
|  |     countries: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- with .Values.certificate.new.subject.localities }} | ||||||
|  |     localities: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- with .Values.certificate.new.subject.organizationalUnits }} | ||||||
|  |     organizationalUnits: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- with .Values.certificate.new.subject.organizations }} | ||||||
|  |     organizations: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- with .Values.certificate.new.subject.postalCodes }} | ||||||
|  |     postalCodes: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- with .Values.certificate.new.subject.provinces }} | ||||||
|  |     provinces: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- if .Values.certificate.new.subject.serialNumber }} | ||||||
|  |     serialNumber: {{ .Values.certificate.new.subject.serialNumber }} | ||||||
|  |     {{- end }} | ||||||
|  |     {{- with .Values.certificate.new.subject.streetAddresses }} | ||||||
|  |     streetAddresses: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |     {{- end }} | ||||||
|  |   usages: | ||||||
|  |   {{- range .Values.certificate.new.usages }} | ||||||
|  |   - {{ . }} | ||||||
|  |   {{- end }} | ||||||
|  | {{- end }} | ||||||
| @@ -1,4 +1,4 @@ | |||||||
| {{- if not .Values.config.downloadMode.existingConfigMap.enabled }} | {{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }} | ||||||
| --- | --- | ||||||
| apiVersion: v1 | apiVersion: v1 | ||||||
| kind: ConfigMap | kind: ConfigMap | ||||||
| @@ -11,7 +11,7 @@ metadata: | |||||||
|   labels: |   labels: | ||||||
|     {{- toYaml . | nindent 4 }} |     {{- toYaml . | nindent 4 }} | ||||||
|   {{- end }} |   {{- end }} | ||||||
|   name: {{ include "athens-proxy.fullname" . }}-download-mode-file |   name: {{ include "athens-proxy.configMap.downloadMode.name" . }} | ||||||
|   namespace: {{ .Release.Namespace }} |   namespace: {{ .Release.Namespace }} | ||||||
| data: | data: | ||||||
|   downloadMode: | |   downloadMode: | | ||||||
| @@ -1,4 +1,4 @@ | |||||||
| {{- if not .Values.config.gitConfig.existingConfigMap.enabled }} | {{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }} | ||||||
| --- | --- | ||||||
| apiVersion: v1 | apiVersion: v1 | ||||||
| kind: ConfigMap | kind: ConfigMap | ||||||
| @@ -11,7 +11,7 @@ metadata: | |||||||
|   labels: |   labels: | ||||||
|     {{- toYaml . | nindent 4 }} |     {{- toYaml . | nindent 4 }} | ||||||
|   {{- end }} |   {{- end }} | ||||||
|   name: {{ include "athens-proxy.fullname" . }}-git-config |   name: {{ include "athens-proxy.configMap.gitConfig.name" . }} | ||||||
|   namespace: {{ .Release.Namespace }} |   namespace: {{ .Release.Namespace }} | ||||||
| data: | data: | ||||||
|   .gitconfig: | |   .gitconfig: | | ||||||
| @@ -50,16 +50,24 @@ spec: | |||||||
|         image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }} |         image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }} | ||||||
|         imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }} |         imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }} | ||||||
|         livenessProbe: |         livenessProbe: | ||||||
|           tcpSocket: |           exec: | ||||||
|             port: http |             {{- if not .Values.certificate.enabled }} | ||||||
|  |             command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ] | ||||||
|  |             {{- else }} | ||||||
|  |             command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ] | ||||||
|  |             {{- end }} | ||||||
|           failureThreshold: 3 |           failureThreshold: 3 | ||||||
|           initialDelaySeconds: 5 |           initialDelaySeconds: 5 | ||||||
|           periodSeconds: 60 |           periodSeconds: 60 | ||||||
|           successThreshold: 1 |           successThreshold: 1 | ||||||
|           timeoutSeconds: 3 |           timeoutSeconds: 3 | ||||||
|         readinessProbe: |         readinessProbe: | ||||||
|           tcpSocket: |           exec: | ||||||
|             port: http |             {{- if not .Values.certificate.enabled }} | ||||||
|  |             command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ] | ||||||
|  |             {{- else }} | ||||||
|  |             command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ] | ||||||
|  |             {{- end }} | ||||||
|           failureThreshold: 3 |           failureThreshold: 3 | ||||||
|           initialDelaySeconds: 5 |           initialDelaySeconds: 5 | ||||||
|           periodSeconds: 15 |           periodSeconds: 15 | ||||||
							
								
								
									
										32
									
								
								templates/networkPolicy.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								templates/networkPolicy.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,32 @@ | |||||||
|  | {{- if .Values.networkPolicy.enabled }} | ||||||
|  | --- | ||||||
|  | apiVersion: networking.k8s.io/v1 | ||||||
|  | kind: NetworkPolicy | ||||||
|  | metadata: | ||||||
|  |   {{- with (include "athens-proxy.networkPolicy.annotations" . | fromYaml) }} | ||||||
|  |   annotations: | ||||||
|  |     {{- tpl (toYaml .) $ | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with (include "athens-proxy.networkPolicy.labels" . | fromYaml) }} | ||||||
|  |   labels: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   name: {{ include "athens-proxy.fullname" . }} | ||||||
|  |   namespace: {{ .Release.Namespace }} | ||||||
|  | spec: | ||||||
|  |   podSelector: | ||||||
|  |     matchLabels: | ||||||
|  |       {{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }} | ||||||
|  |   {{- with .Values.networkPolicy.policyTypes }} | ||||||
|  |   policyTypes: | ||||||
|  |   {{- toYaml . | nindent 2 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with .Values.networkPolicy.egress }} | ||||||
|  |   egress: | ||||||
|  |   {{- toYaml . | nindent 2 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with .Values.networkPolicy.ingress }} | ||||||
|  |   ingress: | ||||||
|  |   {{- toYaml . | nindent 2 }} | ||||||
|  |   {{- end }} | ||||||
|  | {{- end }} | ||||||
| @@ -1,4 +1,4 @@ | |||||||
| {{- if not .Values.config.env.existingSecret.enabled }} | {{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }} | ||||||
| --- | --- | ||||||
| apiVersion: v1 | apiVersion: v1 | ||||||
| kind: Secret | kind: Secret | ||||||
| @@ -1,4 +1,4 @@ | |||||||
| {{- if not .Values.config.ssh.existingSecret.enabled }} | {{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }} | ||||||
| --- | --- | ||||||
| apiVersion: v1 | apiVersion: v1 | ||||||
| kind: Secret | kind: Secret | ||||||
							
								
								
									
										300
									
								
								unittests/certificates/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										300
									
								
								unittests/certificates/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,300 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Certificate athens-proxy template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/certificate.yaml | ||||||
|  | tests: | ||||||
|  | - it: Skip rendering by default. | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Skip rendering for existing certificate | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.existingSecret.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Throw error when issuerKind and IssuerName is not defined | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - failedTemplate: | ||||||
|  |       errorMessage: "No certificate issuer kind defined!" | ||||||
|  |  | ||||||
|  | - it: Throw error when issuerKind and IssuerName is not defined | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - failedTemplate: {} | ||||||
|  |  | ||||||
|  | - it: Throw error when issuerKind not defined | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.name: "my-issuer" | ||||||
|  |   asserts: | ||||||
|  |   - failedTemplate: | ||||||
|  |       errorMessage: "No certificate issuer kind defined!" | ||||||
|  |  | ||||||
|  | - it: Throw error when issuerName not defined | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: "ClusterIssuer" | ||||||
|  |   asserts: | ||||||
|  |   - failedTemplate: | ||||||
|  |       errorMessage: "No certificate issuer name defined!" | ||||||
|  |  | ||||||
|  | - it: Rendering Certificate object when certificate.enabled=true (default) | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: cert-manager.io/v1 | ||||||
|  |       kind: Certificate | ||||||
|  |       name: athens-proxy-unittest-tls | ||||||
|  |       namespace: testing | ||||||
|  |   - equal: | ||||||
|  |       path: spec.commonName | ||||||
|  |       value: athens-proxy-unittest | ||||||
|  |   - equal: | ||||||
|  |       path: spec.duration | ||||||
|  |       value: 744h | ||||||
|  |   - equal: | ||||||
|  |       path: spec.dnsNames | ||||||
|  |       value: [ "athens-proxy-unittest", "athens-proxy-unittest.testing", "athens-proxy-unittest.testing.svc", "athens-proxy-unittest.testing.svc.cluster.local" ] | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.ipAddresses | ||||||
|  |   - equal: | ||||||
|  |       path: spec.isCA | ||||||
|  |       value: false | ||||||
|  |   - equal: | ||||||
|  |       path: spec.issuerRef.kind | ||||||
|  |       value: ClusterIssuer | ||||||
|  |   - equal: | ||||||
|  |       path: spec.issuerRef.name | ||||||
|  |       value: my-issuer | ||||||
|  |   - equal: | ||||||
|  |       path: spec.privateKey.algorithm | ||||||
|  |       value: RSA | ||||||
|  |   - equal: | ||||||
|  |       path: spec.privateKey.size | ||||||
|  |       value: 4096 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.privateKey.rotationPolicy | ||||||
|  |       value: Never | ||||||
|  |   - equal: | ||||||
|  |       path: spec.secretName | ||||||
|  |       value: athens-proxy-unittest-tls | ||||||
|  |   - exists: | ||||||
|  |       path: spec.secretTemplate.annotations | ||||||
|  |   - exists: | ||||||
|  |       path: spec.secretTemplate.labels | ||||||
|  |   - exists: | ||||||
|  |       path: spec.subject | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject.countries | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject.localities | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject.organizationalUnits | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject.organizations | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject.postalCodes | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject.provinces | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject.serialNumber | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.subject.streetAddresses | ||||||
|  |   - equal: | ||||||
|  |       path: spec.renewBefore | ||||||
|  |       value: 672h | ||||||
|  |   - equal: | ||||||
|  |       path: spec.usages | ||||||
|  |       value: [ "client auth", "server auth" ] | ||||||
|  |  | ||||||
|  | # metadata.annotations | ||||||
|  | - it: Rendering Certificate object with additional annotations and labels | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.annotations: | ||||||
|  |       foo: bar | ||||||
|  |     certificate.new.labels: | ||||||
|  |       bar: foo | ||||||
|  |   asserts: | ||||||
|  |   - isSubset: | ||||||
|  |       path: metadata.annotations | ||||||
|  |       content: | ||||||
|  |         foo: bar | ||||||
|  |   - isSubset: | ||||||
|  |       path: metadata.labels | ||||||
|  |       content: | ||||||
|  |         bar: foo | ||||||
|  |  | ||||||
|  | # spec.duration | ||||||
|  | - it: Rendering Certificate object with custom `.Values.certificate.new.duration`. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.duration: 3000h | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.duration | ||||||
|  |       value: 3000h | ||||||
|  |  | ||||||
|  | # spec.dnsNames | ||||||
|  | - it: Rendering Certificate object with custom `.Values.certificate.new.dnsNames`. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.dnsNames: [ "app", "app.example.local" ] | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.dnsNames | ||||||
|  |       value: [ "app", "app.example.local" ] | ||||||
|  |  | ||||||
|  | # spec.dnsNames | ||||||
|  | - it: Rendering Certificate object with custom `.Values.clusterDomain` as domain. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     clusterDomain: k8s.example.local | ||||||
|  |   asserts: | ||||||
|  |   - contains: | ||||||
|  |       path: spec.dnsNames | ||||||
|  |       content: | ||||||
|  |         athens-proxy-unittest.testing.svc.k8s.example.local | ||||||
|  |       count: 1 | ||||||
|  |  | ||||||
|  | # spec.ipAddresses | ||||||
|  | - it: RRendering Certificate object with custom `.Values.certificate.new.ipAddresses`. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.ipAddresses: [ "10.11.12.13", "fe00:xxyy:xxyy" ] | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.ipAddresses | ||||||
|  |       value: [ "10.11.12.13", "fe00:xxyy:xxyy" ] | ||||||
|  |  | ||||||
|  | # spec.privateKey | ||||||
|  | - it: Rendering Certificate object with custom `.Values.certificate.new.privateKey` values. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.privateKey.algorithm: ED25519 | ||||||
|  |     certificate.new.privateKey.rotationPolicy: Never | ||||||
|  |     certificate.new.privateKey.size: 512 | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.privateKey.algorithm | ||||||
|  |       value: ED25519 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.privateKey.rotationPolicy | ||||||
|  |       value: Never | ||||||
|  |   - equal: | ||||||
|  |       path: spec.privateKey.size | ||||||
|  |       value: 512 | ||||||
|  |  | ||||||
|  | # spec.renewBefore | ||||||
|  | - it: Rendering Certificate object with custom `.Values.certificate.new.renewBefore`. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.renewBefore: 2000h | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.renewBefore | ||||||
|  |       value: 2000h | ||||||
|  |  | ||||||
|  | # spec.secretTemplate | ||||||
|  | - it: Rendering Certificate object with custom `.Values.certificate.new.secretTemplate` values. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.secretTemplate: | ||||||
|  |       annotations: | ||||||
|  |         foo: bar | ||||||
|  |       labels: | ||||||
|  |         bar: foo | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.secretTemplate.annotations | ||||||
|  |       value: | ||||||
|  |         foo: bar | ||||||
|  |   - equal: | ||||||
|  |       path: spec.secretTemplate.labels | ||||||
|  |       value: | ||||||
|  |         bar: foo | ||||||
|  |  | ||||||
|  | # spec.secretTemplate | ||||||
|  | - it: Rendering Certificate object with custom `.Values.certificate.new.subject` values. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.subject.countries: [ "Country" ] | ||||||
|  |     certificate.new.subject.localities: [ "City" ] | ||||||
|  |     certificate.new.subject.organizationalUnits: [ "IT department" ] | ||||||
|  |     certificate.new.subject.organizations: [ "My organization" ] | ||||||
|  |     certificate.new.subject.postalCodes: [ "AB12345", "12345AB" ] | ||||||
|  |     certificate.new.subject.provinces: [ "Provinces" ] | ||||||
|  |     certificate.new.subject.serialNumber: "MyNumber" | ||||||
|  |     certificate.new.subject.streetAddresses: [ "ExampleStreet 1", "StreetExample 2" ] | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.subject.countries | ||||||
|  |       value: [ "Country" ] | ||||||
|  |   - equal: | ||||||
|  |       path: spec.subject.localities | ||||||
|  |       value: [ "City" ] | ||||||
|  |   - equal: | ||||||
|  |       path: spec.subject.organizationalUnits | ||||||
|  |       value: [ "IT department" ] | ||||||
|  |   - equal: | ||||||
|  |       path: spec.subject.organizations | ||||||
|  |       value: [ "My organization" ] | ||||||
|  |   - equal: | ||||||
|  |       path: spec.subject.postalCodes | ||||||
|  |       value: [ "AB12345", "12345AB" ] | ||||||
|  |   - equal: | ||||||
|  |       path: spec.subject.provinces | ||||||
|  |       value: [ "Provinces" ] | ||||||
|  |   - equal: | ||||||
|  |       path: spec.subject.serialNumber | ||||||
|  |       value: "MyNumber" | ||||||
|  |   - equal: | ||||||
|  |       path: spec.subject.streetAddresses | ||||||
|  |       value: [ "ExampleStreet 1", "StreetExample 2" ] | ||||||
|  |  | ||||||
|  | # spec.usages | ||||||
|  | - it: Rendering Certificate object with custom `.Values.certificate.new.usages`. | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: my-issuer | ||||||
|  |     certificate.new.usages: [ "client auth" ] | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.usages | ||||||
|  |       value: [ "client auth" ] | ||||||
| @@ -6,16 +6,24 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/configMapDownloadMode.yaml | - templates/configMapDownloadMode.yaml | ||||||
| tests: | tests: | ||||||
|  | - it: Skip rending by default. | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
| - it: Skip rending by using existing config map. | - it: Skip rending by using existing config map. | ||||||
|   set: |   set: | ||||||
|  |     config.downloadMode.enabled: true | ||||||
|     config.downloadMode.existingConfigMap.enabled: true |     config.downloadMode.existingConfigMap.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count: 0 |       count: 0 | ||||||
|  |  | ||||||
| - it: Rendering by default. | - it: Rendering with default values | ||||||
|  |   set: | ||||||
|  |     config.downloadMode.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count: 1 |       count: 1 | ||||||
| @@ -37,10 +45,10 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: data.downloadMode |       path: data.downloadMode | ||||||
|       value: | |       value: | | ||||||
|         # downloadURL = "https://proxy.golang.org" |         downloadURL = "https://proxy.golang.org" | ||||||
|         # |  | ||||||
|         # mode = "async_redirect" |         mode = "async_redirect" | ||||||
|         # |  | ||||||
|         # download "github.com/gomods/*" { |         # download "github.com/gomods/*" { | ||||||
|         #     mode = "sync" |         #     mode = "sync" | ||||||
|         # } |         # } | ||||||
| @@ -51,11 +59,12 @@ tests: | |||||||
|         # |         # | ||||||
|         # download "github.com/pkg/*" { |         # download "github.com/pkg/*" { | ||||||
|         #     mode = "redirect" |         #     mode = "redirect" | ||||||
|         #     downloadURL = "https://gocenter.io" |         #     downloadURL = "https://proxy.golang.org" | ||||||
|         # } |         # } | ||||||
|  |  | ||||||
| - it: Rendering custom annotations and labels. | - it: Rendering custom annotations and labels. | ||||||
|   set: |   set: | ||||||
|  |     config.downloadMode.enabled: true | ||||||
|     config.downloadMode.configMap.annotations: |     config.downloadMode.configMap.annotations: | ||||||
|       foo: bar |       foo: bar | ||||||
|       bar: foo |       bar: foo | ||||||
| @@ -76,6 +85,7 @@ tests: | |||||||
|  |  | ||||||
| - it: Rendering custom configuration | - it: Rendering custom configuration | ||||||
|   set: |   set: | ||||||
|  |     config.downloadMode.enabled: true | ||||||
|     config.downloadMode.configMap.content: | |     config.downloadMode.configMap.content: | | ||||||
|       downloadURL = "https://proxy.golang.org" |       downloadURL = "https://proxy.golang.org" | ||||||
|       mode = "async_redirect" |       mode = "async_redirect" | ||||||
|   | |||||||
| @@ -6,23 +6,31 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/configMapGitConfig.yaml | - templates/configMapGitConfig.yaml | ||||||
| tests: | tests: | ||||||
|  | - it: Skip rending by default. | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
| - it: Skip rending by using existing config map. | - it: Skip rending by using existing config map. | ||||||
|   set: |   set: | ||||||
|  |     config.gitConfig.enabled: true | ||||||
|     config.gitConfig.existingConfigMap.enabled: true |     config.gitConfig.existingConfigMap.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count: 0 |       count: 0 | ||||||
|  |  | ||||||
| - it: Rendering by default. | - it: Rendering by default. | ||||||
|  |   set: | ||||||
|  |     config.gitConfig.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count: 1 |       count: 1 | ||||||
|   - containsDocument: |   - containsDocument: | ||||||
|       apiVersion: v1 |       apiVersion: v1 | ||||||
|       kind: ConfigMap |       kind: ConfigMap | ||||||
|       name: athens-proxy-unittest-git-config |       name: athens-proxy-unittest-gitconfig | ||||||
|       namespace: testing |       namespace: testing | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: metadata.annotations |       path: metadata.annotations | ||||||
| @@ -46,6 +54,7 @@ tests: | |||||||
|  |  | ||||||
| - it: Rendering custom annotations and labels. | - it: Rendering custom annotations and labels. | ||||||
|   set: |   set: | ||||||
|  |     config.gitConfig.enabled: true | ||||||
|     config.gitConfig.configMap.annotations: |     config.gitConfig.configMap.annotations: | ||||||
|       foo: bar |       foo: bar | ||||||
|       bar: foo |       bar: foo | ||||||
| @@ -66,6 +75,7 @@ tests: | |||||||
|  |  | ||||||
| - it: Rendering custom configuration | - it: Rendering custom configuration | ||||||
|   set: |   set: | ||||||
|  |     config.gitConfig.enabled: true | ||||||
|     config.gitConfig.configMap.content: | |     config.gitConfig.configMap.content: | | ||||||
|       [url "git@github.com:"] |       [url "git@github.com:"] | ||||||
|       insteadOf = https://github.com/ |       insteadOf = https://github.com/ | ||||||
|   | |||||||
							
								
								
									
										73
									
								
								unittests/deployment/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										73
									
								
								unittests/deployment/certificate.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,73 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Deployment template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
|  | tests: | ||||||
|  | - it: Rendering default without tls config | ||||||
|  |   asserts: | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_TLSCERT_FILE | ||||||
|  |           value: /etc/athens-proxy/tls/tls.crt | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_TLSKEY_FILE | ||||||
|  |           value: /etc/athens-proxy/tls/tls.key | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: tls | ||||||
|  |           mountPath: /etc/athens-proxy/tls | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: tls | ||||||
|  |           secretRef: | ||||||
|  |             name: athens-proxy-unittest-tls | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering with tls config | ||||||
|  |   set: | ||||||
|  |     certificate.enabled: true | ||||||
|  |     certificate.new.issuerRef.kind: ClusterIssuer | ||||||
|  |     certificate.new.issuerRef.name: MyIssuer | ||||||
|  |   asserts: | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_TLSCERT_FILE | ||||||
|  |           value: /etc/athens-proxy/tls/tls.crt | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_TLSKEY_FILE | ||||||
|  |           value: /etc/athens-proxy/tls/tls.key | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: tls | ||||||
|  |           mountPath: /etc/athens-proxy/tls | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: tls | ||||||
|  |           secret: | ||||||
|  |             secretName: athens-proxy-unittest-tls | ||||||
|  |       template: templates/deployment.yaml | ||||||
| @@ -6,22 +6,22 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/deployment.yaml | - templates/deployment.yaml | ||||||
| tests: | tests: | ||||||
| - it: Rendering default | - it: Rendering default | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count: 1 |       count: 1 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - containsDocument: |   - containsDocument: | ||||||
|       apiVersion: apps/v1 |       apiVersion: apps/v1 | ||||||
|       kind: Deployment |       kind: Deployment | ||||||
|       name: athens-proxy-unittest |       name: athens-proxy-unittest | ||||||
|       namespace: testing |       namespace: testing | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: metadata.annotations |       path: metadata.annotations | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: metadata.labels |       path: metadata.labels | ||||||
|       value: |       value: | ||||||
| @@ -30,11 +30,11 @@ tests: | |||||||
|         app.kubernetes.io/name: athens-proxy |         app.kubernetes.io/name: athens-proxy | ||||||
|         app.kubernetes.io/version: 0.1.0 |         app.kubernetes.io/version: 0.1.0 | ||||||
|         helm.sh/chart: athens-proxy-0.1.0 |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.replicas |       path: spec.replicas | ||||||
|       value: 1 |       value: 1 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.metadata.labels |       path: spec.template.metadata.labels | ||||||
|       value: |       value: | ||||||
| @@ -43,74 +43,74 @@ tests: | |||||||
|         app.kubernetes.io/name: athens-proxy |         app.kubernetes.io/name: athens-proxy | ||||||
|         app.kubernetes.io/version: 0.1.0 |         app.kubernetes.io/version: 0.1.0 | ||||||
|         helm.sh/chart: athens-proxy-0.1.0 |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.affinity |       path: spec.template.spec.affinity | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.containers[0].args |       path: spec.template.spec.containers[0].args | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.containers[0].command |       path: spec.template.spec.containers[0].command | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.containers[0].envFrom |       path: spec.template.spec.containers[0].envFrom | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.containers[0].volumeMounts |       path: spec.template.spec.containers[0].volumeMounts | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].image |       path: spec.template.spec.containers[0].image | ||||||
|       value: docker.io/gomods/athens:v0.1.0 |       value: docker.io/gomods/athens:0.1.0 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].imagePullPolicy |       path: spec.template.spec.containers[0].imagePullPolicy | ||||||
|       value: IfNotPresent |       value: IfNotPresent | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.containers[0].resources |       path: spec.template.spec.containers[0].resources | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.containers[0].securityContext |       path: spec.template.spec.containers[0].securityContext | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.dnsConfig |       path: spec.template.spec.dnsConfig | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.dnsPolicy |       path: spec.template.spec.dnsPolicy | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.hostname |       path: spec.template.spec.hostname | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.hostNetwork |       path: spec.template.spec.hostNetwork | ||||||
|       value: false |       value: false | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.imagePullSecrets |       path: spec.template.spec.imagePullSecrets | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.nodeSelector |       path: spec.template.spec.nodeSelector | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.priorityClassName |       path: spec.template.spec.priorityClassName | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.restartPolicy |       path: spec.template.spec.restartPolicy | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.subdomain |       path: spec.template.spec.subdomain | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.terminationGracePeriodSeconds |       path: spec.template.spec.terminationGracePeriodSeconds | ||||||
|       value: 60 |       value: 60 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.tolerations |       path: spec.template.spec.tolerations | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.topologySpreadConstraints |       path: spec.template.spec.topologySpreadConstraints | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.strategy |       path: spec.strategy | ||||||
|       value: |       value: | ||||||
| @@ -118,7 +118,7 @@ tests: | |||||||
|         rollingUpdate: |         rollingUpdate: | ||||||
|           maxSurge: 1 |           maxSurge: 1 | ||||||
|           maxUnavailable: 1 |           maxUnavailable: 1 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test custom replicas | - it: Test custom replicas | ||||||
|   set: |   set: | ||||||
| @@ -130,7 +130,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.replicas |       path: spec.replicas | ||||||
|       value: 3 |       value: 3 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test custom affinity | - it: Test custom affinity | ||||||
|   set: |   set: | ||||||
| @@ -160,7 +160,7 @@ tests: | |||||||
|                 values: |                 values: | ||||||
|                 - antarctica-east1 |                 - antarctica-east1 | ||||||
|                 - antarctica-west1 |                 - antarctica-west1 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test additional arguments | - it: Test additional arguments | ||||||
|   set: |   set: | ||||||
| @@ -176,7 +176,7 @@ tests: | |||||||
|       value: |       value: | ||||||
|       - --foo=bar |       - --foo=bar | ||||||
|       - --bar=foo |       - --bar=foo | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test additional command | - it: Test additional command | ||||||
|   set: |   set: | ||||||
| @@ -194,7 +194,7 @@ tests: | |||||||
|       - "/bin/sh" |       - "/bin/sh" | ||||||
|       - "-c" |       - "-c" | ||||||
|       - "echo hello" |       - "echo hello" | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test custom imageRegistry and imageRepository | - it: Test custom imageRegistry and imageRepository | ||||||
|   set: |   set: | ||||||
| @@ -206,8 +206,8 @@ tests: | |||||||
|   asserts: |   asserts: | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].image |       path: spec.template.spec.containers[0].image | ||||||
|       value: registry.example.local/path/special/athens-proxy:v0.1.0 |       value: registry.example.local/path/special/athens-proxy:0.1.0 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test custom imagePullPolicy | - it: Test custom imagePullPolicy | ||||||
|   set: |   set: | ||||||
| @@ -219,7 +219,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].imagePullPolicy |       path: spec.template.spec.containers[0].imagePullPolicy | ||||||
|       value: Always |       value: Always | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test custom resource limits and requests | - it: Test custom resource limits and requests | ||||||
|   set: |   set: | ||||||
| @@ -242,7 +242,7 @@ tests: | |||||||
|           resourceFieldRef: |           resourceFieldRef: | ||||||
|             divisor: "1" |             divisor: "1" | ||||||
|             resource: limits.cpu |             resource: limits.cpu | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].resources |       path: spec.template.spec.containers[0].resources | ||||||
|       value: |       value: | ||||||
| @@ -252,7 +252,7 @@ tests: | |||||||
|         requests: |         requests: | ||||||
|           cpu: 25m |           cpu: 25m | ||||||
|           memory: 100MB |           memory: 100MB | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test custom securityContext | - it: Test custom securityContext | ||||||
|   set: |   set: | ||||||
| @@ -282,7 +282,7 @@ tests: | |||||||
|         readOnlyRootFilesystem: true |         readOnlyRootFilesystem: true | ||||||
|         runAsNonRoot: true |         runAsNonRoot: true | ||||||
|         runAsUser: 1000 |         runAsUser: 1000 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test dnsConfig | - it: Test dnsConfig | ||||||
|   set: |   set: | ||||||
| @@ -300,7 +300,7 @@ tests: | |||||||
|         nameservers: |         nameservers: | ||||||
|         - "8.8.8.8" |         - "8.8.8.8" | ||||||
|         - "8.8.4.4" |         - "8.8.4.4" | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test dnsPolicy | - it: Test dnsPolicy | ||||||
|   set: |   set: | ||||||
| @@ -312,7 +312,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.dnsPolicy |       path: spec.template.spec.dnsPolicy | ||||||
|       value: ClusterFirst |       value: ClusterFirst | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test hostNetwork, hostname, subdomain | - it: Test hostNetwork, hostname, subdomain | ||||||
|   set: |   set: | ||||||
| @@ -326,15 +326,15 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.hostNetwork |       path: spec.template.spec.hostNetwork | ||||||
|       value: true |       value: true | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.hostname |       path: spec.template.spec.hostname | ||||||
|       value: pg-exporter |       value: pg-exporter | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.subdomain |       path: spec.template.spec.subdomain | ||||||
|       value: exporters.internal |       value: exporters.internal | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test imagePullSecrets | - it: Test imagePullSecrets | ||||||
|   set: |   set: | ||||||
| @@ -350,7 +350,7 @@ tests: | |||||||
|       value: |       value: | ||||||
|       - name: my-pull-secret |       - name: my-pull-secret | ||||||
|       - name: my-special-secret |       - name: my-special-secret | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test nodeSelector | - it: Test nodeSelector | ||||||
|   set: |   set: | ||||||
| @@ -364,7 +364,7 @@ tests: | |||||||
|       path: spec.template.spec.nodeSelector |       path: spec.template.spec.nodeSelector | ||||||
|       value: |       value: | ||||||
|         foo: bar |         foo: bar | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test priorityClassName | - it: Test priorityClassName | ||||||
|   set: |   set: | ||||||
| @@ -376,7 +376,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.priorityClassName |       path: spec.template.spec.priorityClassName | ||||||
|       value: my-priority |       value: my-priority | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test restartPolicy | - it: Test restartPolicy | ||||||
|   set: |   set: | ||||||
| @@ -388,7 +388,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.restartPolicy |       path: spec.template.spec.restartPolicy | ||||||
|       value: Always |       value: Always | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test terminationGracePeriodSeconds | - it: Test terminationGracePeriodSeconds | ||||||
|   set: |   set: | ||||||
| @@ -400,7 +400,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.terminationGracePeriodSeconds |       path: spec.template.spec.terminationGracePeriodSeconds | ||||||
|       value: 120 |       value: 120 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test tolerations | - it: Test tolerations | ||||||
|   set: |   set: | ||||||
| @@ -420,7 +420,7 @@ tests: | |||||||
|         operator: Equal |         operator: Equal | ||||||
|         value: postgres |         value: postgres | ||||||
|         effect: NoSchedule |         effect: NoSchedule | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test topologySpreadConstraints | - it: Test topologySpreadConstraints | ||||||
|   set: |   set: | ||||||
| @@ -442,7 +442,7 @@ tests: | |||||||
|         labelSelector: |         labelSelector: | ||||||
|           matchLabels: |           matchLabels: | ||||||
|             app.kubernetes.io/instance: athens-proxy |             app.kubernetes.io/instance: athens-proxy | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test additional volumeMounts and volumes | - it: Test additional volumeMounts and volumes | ||||||
|   set: |   set: | ||||||
| @@ -462,5 +462,11 @@ tests: | |||||||
|       value: |       value: | ||||||
|       - name: data |       - name: data | ||||||
|         mountPath: /usr/lib/athens-proxy/data |         mountPath: /usr/lib/athens-proxy/data | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.spec.volumes | ||||||
|  |       value: | ||||||
|  |       - name: data | ||||||
|  |         hostPath: | ||||||
|  |           path: /usr/lib/athens-proxy/data | ||||||
|  |     template: templates/deployment.yaml | ||||||
|   | |||||||
							
								
								
									
										105
									
								
								unittests/deployment/downloadMode.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										105
									
								
								unittests/deployment/downloadMode.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,105 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Deployment template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
|  | tests: | ||||||
|  | - it: Rendering default without mounted download mode config map | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_DOWNLOAD_MODE | ||||||
|  |           value: file:/etc/athens/config/download-mode.d/download-mode | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: download-mode | ||||||
|  |           mountPath: /etc/athens/config/download-mode.d | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: download-mode | ||||||
|  |           configMap: | ||||||
|  |             name: athens-proxy-unittest-download-mode-file | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering default with mounted gitconfig configMap | ||||||
|  |   set: | ||||||
|  |     config.downloadMode.enabled: true | ||||||
|  |     persistence.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - exists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_DOWNLOAD_MODE | ||||||
|  |           value: file:/etc/athens/config/download-mode.d/download-mode | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: download-mode | ||||||
|  |           mountPath: /etc/athens/config/download-mode.d | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: download-mode | ||||||
|  |           configMap: | ||||||
|  |             items: | ||||||
|  |               - key: downloadMode | ||||||
|  |                 mode: 0644 | ||||||
|  |                 path: download-mode | ||||||
|  |             name: athens-proxy-unittest-download-mode-file | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering with custom download mode configMap | ||||||
|  |   set: | ||||||
|  |     config.downloadMode.enabled: true | ||||||
|  |     config.downloadMode.existingConfigMap.enabled: true | ||||||
|  |     config.downloadMode.existingConfigMap.configMapName: "my-custom-configmap" | ||||||
|  |     config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key" | ||||||
|  |     persistence.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].env | ||||||
|  |         content: | ||||||
|  |           name: ATHENS_DOWNLOAD_MODE | ||||||
|  |           value: file:/etc/athens/config/download-mode.d/download-mode | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: download-mode | ||||||
|  |           mountPath: /etc/athens/config/download-mode.d | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: download-mode | ||||||
|  |           configMap: | ||||||
|  |             items: | ||||||
|  |             - key: "my-custom-download-mode-filename-key" | ||||||
|  |               path: "download-mode" | ||||||
|  |               mode: 0644 | ||||||
|  |             name: my-custom-configmap | ||||||
|  |       template: templates/deployment.yaml | ||||||
							
								
								
									
										51
									
								
								unittests/deployment/env.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										51
									
								
								unittests/deployment/env.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,51 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Deployment template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretEnv.yaml | ||||||
|  | tests: | ||||||
|  | - it: Rendering default without mounted env secret | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].envFrom | ||||||
|  |         content: | ||||||
|  |           secretRef: | ||||||
|  |             name: athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering default with mounted env secret | ||||||
|  |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - exists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].envFrom | ||||||
|  |         content: | ||||||
|  |           secretRef: | ||||||
|  |             name: athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering default with mounted env secret | ||||||
|  |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|  |     config.env.existingSecret.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].envFrom | ||||||
|  |         content: | ||||||
|  |           secretRef: | ||||||
|  |             name: athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
| @@ -6,16 +6,24 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/deployment.yaml | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
| tests: | tests: | ||||||
| - it: Rendering default without mounted git config map | - it: Rendering default without mounted git config map | ||||||
|   asserts: |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.gitconfig |           mountPath: /root/.gitconfig | ||||||
|           subPath: .gitconfig |           subPath: .gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -28,18 +36,23 @@ tests: | |||||||
|                   path: .gitconfig |                   path: .gitconfig | ||||||
|                   mode: 0600 |                   mode: 0600 | ||||||
|                 name: athens-proxy-unittest-gitconfig |                 name: athens-proxy-unittest-gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Rendering default with mounted gitconfig configMap | - it: Rendering default with mounted gitconfig configMap | ||||||
|   set: |   set: | ||||||
|     config.gitConfig.enabled: true |     config.gitConfig.enabled: true | ||||||
|     persistence.enabled: true |     persistence.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|  |     - exists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.gitconfig |           mountPath: /root/.gitconfig | ||||||
|           subPath: .gitconfig |           subPath: .gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -52,6 +65,7 @@ tests: | |||||||
|                   path: .gitconfig |                   path: .gitconfig | ||||||
|                   mode: 0644 |                   mode: 0644 | ||||||
|                 name: athens-proxy-unittest-gitconfig |                 name: athens-proxy-unittest-gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Rendering with custom gitconfig configMap | - it: Rendering with custom gitconfig configMap | ||||||
|   set: |   set: | ||||||
| @@ -61,12 +75,16 @@ tests: | |||||||
|     config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key" |     config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key" | ||||||
|     persistence.enabled: true |     persistence.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.gitconfig |           mountPath: /root/.gitconfig | ||||||
|           subPath: .gitconfig |           subPath: .gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -79,3 +97,4 @@ tests: | |||||||
|                   path: .gitconfig |                   path: .gitconfig | ||||||
|                   mode: 0644 |                   mode: 0644 | ||||||
|                 name: my-custom-configmap |                 name: my-custom-configmap | ||||||
|  |       template: templates/deployment.yaml | ||||||
| @@ -6,15 +6,23 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/deployment.yaml | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
| tests: | tests: | ||||||
| - it: Rendering default without mounted netrc secret | - it: Rendering default without mounted netrc secret | ||||||
|   asserts: |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: netrc |           name: netrc | ||||||
|           mountPath: /root |           mountPath: /root | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -27,18 +35,23 @@ tests: | |||||||
|                   path: .netrc |                   path: .netrc | ||||||
|                   mode: 0600 |                   mode: 0600 | ||||||
|                 name: athens-proxy-unittest-netrc |                 name: athens-proxy-unittest-netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Rendering default with mounted netrc secret | - it: Rendering default with mounted netrc secret | ||||||
|   set: |   set: | ||||||
|     config.netrc.enabled: true |     config.netrc.enabled: true | ||||||
|     persistence.enabled: true |     persistence.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|  |     - exists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.netrc |           mountPath: /root/.netrc | ||||||
|           subPath: .netrc |           subPath: .netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -51,6 +64,7 @@ tests: | |||||||
|                   path: .netrc |                   path: .netrc | ||||||
|                   mode: 0600 |                   mode: 0600 | ||||||
|                 name: athens-proxy-unittest-netrc |                 name: athens-proxy-unittest-netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Rendering with custom netrc secret | - it: Rendering with custom netrc secret | ||||||
|   set: |   set: | ||||||
| @@ -60,12 +74,16 @@ tests: | |||||||
|     config.netrc.existingSecret.netrcKey: "my-netrc-key" |     config.netrc.existingSecret.netrcKey: "my-netrc-key" | ||||||
|     persistence.enabled: true |     persistence.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.netrc |           mountPath: /root/.netrc | ||||||
|           subPath: .netrc |           subPath: .netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -78,3 +96,4 @@ tests: | |||||||
|                   path: .netrc |                   path: .netrc | ||||||
|                   mode: 0600 |                   mode: 0600 | ||||||
|                 name: my-custom-secret |                 name: my-custom-secret | ||||||
|  |       template: templates/deployment.yaml | ||||||
| @@ -6,7 +6,11 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/deployment.yaml | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
| tests: | tests: | ||||||
| - it: Test persistent volume claim | - it: Test persistent volume claim | ||||||
|   set: |   set: | ||||||
| @@ -17,26 +21,26 @@ tests: | |||||||
|         content: |         content: | ||||||
|           name: ATHENS_STORAGE_TYPE |           name: ATHENS_STORAGE_TYPE | ||||||
|           value: disk |           value: disk | ||||||
|       template: templates/athens-proxy/deployment.yaml |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].env |         path: spec.template.spec.containers[0].env | ||||||
|         content: |         content: | ||||||
|           name: ATHENS_DISK_STORAGE_ROOT |           name: ATHENS_DISK_STORAGE_ROOT | ||||||
|           value: /var/www/athens-proxy/data |           value: /var/www/athens-proxy/data | ||||||
|       template: templates/athens-proxy/deployment.yaml |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: data |           name: data | ||||||
|           mountPath: /var/www/athens-proxy/data |           mountPath: /var/www/athens-proxy/data | ||||||
|       template: templates/athens-proxy/deployment.yaml |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
|           name: data |           name: data | ||||||
|           persistentVolumeClaim: |           persistentVolumeClaim: | ||||||
|             claimName: athens-proxy-unittest-data |             claimName: athens-proxy-unittest-data | ||||||
|       template: templates/athens-proxy/deployment.yaml |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test existing persistent volume claim | - it: Test existing persistent volume claim | ||||||
|   set: |   set: | ||||||
| @@ -51,23 +55,23 @@ tests: | |||||||
|         content: |         content: | ||||||
|           name: ATHENS_STORAGE_TYPE |           name: ATHENS_STORAGE_TYPE | ||||||
|           value: disk |           value: disk | ||||||
|       template: templates/athens-proxy/deployment.yaml |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].env |         path: spec.template.spec.containers[0].env | ||||||
|         content: |         content: | ||||||
|           name: ATHENS_DISK_STORAGE_ROOT |           name: ATHENS_DISK_STORAGE_ROOT | ||||||
|           value: /mnt/go-proxy/data |           value: /mnt/go-proxy/data | ||||||
|       template: templates/athens-proxy/deployment.yaml |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: data |           name: data | ||||||
|           mountPath: /mnt/go-proxy/data |           mountPath: /mnt/go-proxy/data | ||||||
|       template: templates/athens-proxy/deployment.yaml |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
|           name: data |           name: data | ||||||
|           persistentVolumeClaim: |           persistentVolumeClaim: | ||||||
|             claimName: my-special-pvc |             claimName: my-special-pvc | ||||||
|       template: templates/athens-proxy/deployment.yaml |       template: templates/deployment.yaml | ||||||
							
								
								
									
										254
									
								
								unittests/deployment/ssh.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										254
									
								
								unittests/deployment/ssh.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,254 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Deployment template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
|  | tests: | ||||||
|  | - it: Rendering default without mounted ssh secret | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/config | ||||||
|  |           subPath: config | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_ed25519 | ||||||
|  |           subPath: id_ed25519 | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_ed25519.pub | ||||||
|  |           subPath: id_ed25519.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_rsa | ||||||
|  |           subPath: id_rsa | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_rsa.pub | ||||||
|  |           subPath: id_rsa.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           projected: | ||||||
|  |             sources: | ||||||
|  |             - secret: | ||||||
|  |                 items: | ||||||
|  |                 - key: config | ||||||
|  |                   path: config | ||||||
|  |                   mode: 0644 | ||||||
|  |                 - key: id_ed25519 | ||||||
|  |                   path: id_ed25519 | ||||||
|  |                   mode: 0600 | ||||||
|  |                 - key: id_ed25519.pub | ||||||
|  |                   path: id_ed25519.pub | ||||||
|  |                   mode: 0644 | ||||||
|  |                 - key: id_rsa | ||||||
|  |                   path: id_rsa | ||||||
|  |                   mode: 0600 | ||||||
|  |                 - key: id_rsa.pub | ||||||
|  |                   path: id_rsa.pub | ||||||
|  |                   mode: 0644 | ||||||
|  |                 name: athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering default with mounted ssh config | ||||||
|  |   set: | ||||||
|  |     config.ssh.enabled: true | ||||||
|  |     persistence.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/config | ||||||
|  |           subPath: config | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           projected: | ||||||
|  |             sources: | ||||||
|  |             - secret: | ||||||
|  |                 items: | ||||||
|  |                 - key: config | ||||||
|  |                   path: config | ||||||
|  |                   mode: 0600 | ||||||
|  |                 name: athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering default with mounted ssh keys | ||||||
|  |   set: | ||||||
|  |     config.ssh.enabled: true | ||||||
|  |     config.ssh.secret.id_ed25519: foo | ||||||
|  |     config.ssh.secret.id_ed25519_pub: bar | ||||||
|  |     config.ssh.secret.id_rsa: foo | ||||||
|  |     config.ssh.secret.id_rsa_pub: bar | ||||||
|  |     persistence.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - exists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/config | ||||||
|  |           subPath: config | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_ed25519 | ||||||
|  |           subPath: id_ed25519 | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_ed25519.pub | ||||||
|  |           subPath: id_ed25519.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_rsa | ||||||
|  |           subPath: id_rsa | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_rsa.pub | ||||||
|  |           subPath: id_rsa.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           projected: | ||||||
|  |             sources: | ||||||
|  |             - secret: | ||||||
|  |                 items: | ||||||
|  |                 - key: config | ||||||
|  |                   path: config | ||||||
|  |                   mode: 0600 | ||||||
|  |                 - key: id_ed25519 | ||||||
|  |                   path: id_ed25519 | ||||||
|  |                   mode: 0600 | ||||||
|  |                 - key: id_ed25519.pub | ||||||
|  |                   path: id_ed25519.pub | ||||||
|  |                   mode: 0644 | ||||||
|  |                 - key: id_rsa | ||||||
|  |                   path: id_rsa | ||||||
|  |                   mode: 0600 | ||||||
|  |                 - key: id_rsa.pub | ||||||
|  |                   path: id_rsa.pub | ||||||
|  |                   mode: 0644 | ||||||
|  |                 name: athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering with custom ssh secret | ||||||
|  |   set: | ||||||
|  |     config.ssh.enabled: true | ||||||
|  |     config.ssh.existingSecret.enabled: true | ||||||
|  |     config.ssh.existingSecret.secretName: "my-custom-secret" | ||||||
|  |     config.ssh.existingSecret.configKey : "my-config-key" | ||||||
|  |     config.ssh.existingSecret.id_ed25519Key : "my-private-ed25519-key" | ||||||
|  |     config.ssh.existingSecret.id_ed25519PubKey : "my-public-ed25519-key" | ||||||
|  |     config.ssh.existingSecret.id_rsaKey : "my-private-rsa-key" | ||||||
|  |     config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key" | ||||||
|  |     persistence.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/config | ||||||
|  |           subPath: config | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_ed25519 | ||||||
|  |           subPath: id_ed25519 | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_ed25519.pub | ||||||
|  |           subPath: id_ed25519.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_rsa | ||||||
|  |           subPath: id_rsa | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           mountPath: /root/.ssh/id_rsa.pub | ||||||
|  |           subPath: id_rsa.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.volumes | ||||||
|  |         content: | ||||||
|  |           name: secrets | ||||||
|  |           projected: | ||||||
|  |             sources: | ||||||
|  |             - secret: | ||||||
|  |                 items: | ||||||
|  |                 - key: my-config-key | ||||||
|  |                   path: config | ||||||
|  |                   mode: 0600 | ||||||
|  |                 - key: my-private-ed25519-key | ||||||
|  |                   path: id_ed25519 | ||||||
|  |                   mode: 0600 | ||||||
|  |                 - key: my-public-ed25519-key | ||||||
|  |                   path: id_ed25519.pub | ||||||
|  |                   mode: 0644 | ||||||
|  |                 - key: my-private-rsa-key | ||||||
|  |                   path: id_rsa | ||||||
|  |                   mode: 0600 | ||||||
|  |                 - key: my-public-rsa-key | ||||||
|  |                   path: id_rsa.pub | ||||||
|  |                   mode: 0644 | ||||||
|  |                 name: my-custom-secret | ||||||
|  |       template: templates/deployment.yaml | ||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/hpa.yaml | - templates/hpa.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip rendering by default. | - it: Skip rendering by default. | ||||||
|   asserts: |   asserts: | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/ingress.yaml | - templates/ingress.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip ingress by default. | - it: Skip ingress by default. | ||||||
|   asserts: |   asserts: | ||||||
|   | |||||||
| @@ -1,49 +1,30 @@ | |||||||
| chart: | chart: | ||||||
|   appVersion: 0.1.0 |   appVersion: 0.1.0 | ||||||
|   version: 0.1.0 |   version: 0.1.0 | ||||||
| suite: NetworkPolicies template | suite: NetworkPolicy template | ||||||
| release: | release: | ||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/networkPolicies.yaml | - templates/networkPolicy.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip networkPolicies in general disabled. | - it: Skip rendering networkPolicy | ||||||
|   set: |   set: | ||||||
|     networkPolicies.enabled: false |     networkPolicy.enabled: false | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count: 0 |       count: 0 | ||||||
| 
 | 
 | ||||||
| - it: Skip networkPolicy 'default' when disabled. | - it: Render default networkPolicy | ||||||
|   set: |   set: | ||||||
|     networkPolicies.enabled: true |     networkPolicy.enabled: true | ||||||
|     networkPolicies.default.enabled: false |  | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count: 0 |       count:  1 | ||||||
| 
 |  | ||||||
| - it: Loop over networkPolicies |  | ||||||
|   set: |  | ||||||
|     networkPolicies.enabled: true |  | ||||||
|     networkPolicies.default.enabled: false |  | ||||||
|     networkPolicies.nginx.enabled: true |  | ||||||
|     networkPolicies.prometheus.enabled: true |  | ||||||
|   asserts: |  | ||||||
|   - hasDocuments: |  | ||||||
|       count: 2 |  | ||||||
| 
 |  | ||||||
| - it: Template networkPolicy 'default' without policyTypes, egress and ingress configuration |  | ||||||
|   set: |  | ||||||
|     networkPolicies.enabled: true |  | ||||||
|     networkPolicies.default.enabled: true |  | ||||||
|   asserts: |  | ||||||
|   - hasDocuments: |  | ||||||
|       count: 1 |  | ||||||
|   - containsDocument: |   - containsDocument: | ||||||
|       apiVersion: networking.k8s.io/v1 |       apiVersion: networking.k8s.io/v1 | ||||||
|       kind: NetworkPolicy |       kind: NetworkPolicy | ||||||
|       name: athens-proxy-unittest-default |       name: athens-proxy-unittest | ||||||
|       namespace: testing |       namespace: testing | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: metadata.annotations |       path: metadata.annotations | ||||||
| @@ -67,29 +48,28 @@ tests: | |||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.ingress |       path: spec.ingress | ||||||
| 
 | 
 | ||||||
| - it: Template networkPolicy 'default' with policyTypes, egress and ingress configuration | - it: Template networkPolicy with policyTypes, egress and ingress configuration | ||||||
|   set: |   set: | ||||||
|     networkPolicies.enabled: true |     networkPolicy.enabled: true | ||||||
|     networkPolicies.default.enabled: true |     networkPolicy.policyTypes: | ||||||
|     networkPolicies.default.policyTypes: |  | ||||||
|     - Egress |     - Egress | ||||||
|     - Ingress |     - Ingress | ||||||
|     networkPolicies.default.ingress: |     networkPolicy.ingress: | ||||||
|     - from: |     - from: | ||||||
|       - namespaceSelector: |       - namespaceSelector: | ||||||
|           matchLabels: |           matchLabels: | ||||||
|             kubernetes.io/metadata.name: khv-production |             kubernetes.io/metadata.name: monitoring | ||||||
|         podSelector: |         podSelector: | ||||||
|           matchLabels: |           matchLabels: | ||||||
|             app.kubernetes.io/name: prometheus |             app.kubernetes.io/name: prometheus | ||||||
|     networkPolicies.default.egress: |     networkPolicy.egress: | ||||||
|     - to: |     - to: | ||||||
|       - namespaceSelector: |       - namespaceSelector: | ||||||
|           matchLabels: |           matchLabels: | ||||||
|             kubernetes.io/metadata.name: database |             kubernetes.io/metadata.name: ingress-nginx | ||||||
|         podSelector: |         podSelector: | ||||||
|           matchLabels: |           matchLabels: | ||||||
|             app.kubernetes.io/name: oracle |             app.kubernetes.io/name: ingress-nginx | ||||||
|   asserts: |   asserts: | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.policyTypes |       path: spec.policyTypes | ||||||
| @@ -102,17 +82,17 @@ tests: | |||||||
|       - to: |       - to: | ||||||
|         - namespaceSelector: |         - namespaceSelector: | ||||||
|             matchLabels: |             matchLabels: | ||||||
|               kubernetes.io/metadata.name: database |               kubernetes.io/metadata.name: ingress-nginx | ||||||
|           podSelector: |           podSelector: | ||||||
|             matchLabels: |             matchLabels: | ||||||
|               app.kubernetes.io/name: oracle |               app.kubernetes.io/name: ingress-nginx | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.ingress |       path: spec.ingress | ||||||
|       value: |       value: | ||||||
|       - from: |       - from: | ||||||
|         - namespaceSelector: |         - namespaceSelector: | ||||||
|             matchLabels: |             matchLabels: | ||||||
|               kubernetes.io/metadata.name: khv-production |               kubernetes.io/metadata.name: monitoring | ||||||
|           podSelector: |           podSelector: | ||||||
|             matchLabels: |             matchLabels: | ||||||
|               app.kubernetes.io/name: prometheus |               app.kubernetes.io/name: prometheus | ||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/persistentVolumeClaim.yaml | - templates/persistentVolumeClaim.yaml | ||||||
| tests: | tests: | ||||||
| - it: Rendering default | - it: Rendering default | ||||||
|   asserts: |   asserts: | ||||||
|   | |||||||
| @@ -6,16 +6,24 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/secretEnv.yaml | - templates/secretEnv.yaml | ||||||
| tests: | tests: | ||||||
|  | - it: Skip rendering by default | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
| - it: Skip rendering by using existing secret. | - it: Skip rendering by using existing secret. | ||||||
|   set: |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|     config.env.existingSecret.enabled: true |     config.env.existingSecret.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count: 0 |       count: 0 | ||||||
|  |  | ||||||
| - it: Rendering env secret with default values. | - it: Rendering env secret with default values. | ||||||
|  |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count: 1 |       count: 1 | ||||||
| @@ -39,6 +47,7 @@ tests: | |||||||
|  |  | ||||||
| - it: Rendering env secret with custom values. | - it: Rendering env secret with custom values. | ||||||
|   set: |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|     config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token |     config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token | ||||||
|   asserts: |   asserts: | ||||||
|   - isSubset: |   - isSubset: | ||||||
| @@ -48,6 +57,7 @@ tests: | |||||||
|  |  | ||||||
| - it: Rendering custom annotations and labels. | - it: Rendering custom annotations and labels. | ||||||
|   set: |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|     config.env.secret.annotations: |     config.env.secret.annotations: | ||||||
|       foo: bar |       foo: bar | ||||||
|       bar: foo |       bar: foo | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/secretNetRC.yaml | - templates/secretNetRC.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip rendering by default | - it: Skip rendering by default | ||||||
|   asserts: |   asserts: | ||||||
|   | |||||||
| @@ -6,16 +6,24 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/secretSSH.yaml | - templates/secretSSH.yaml | ||||||
| tests: | tests: | ||||||
|  | - it: Skip rending by default. | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
| - it: Skip rendering by using existing secret. | - it: Skip rendering by using existing secret. | ||||||
|   set: |   set: | ||||||
|  |     config.ssh.enabled: true | ||||||
|     config.ssh.existingSecret.enabled: true |     config.ssh.existingSecret.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count: 0 |       count: 0 | ||||||
|  |  | ||||||
| - it: Rendering ssh secret with default values. | - it: Rendering ssh secret with default values. | ||||||
|  |   set: | ||||||
|  |     config.ssh.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count: 1 |       count: 1 | ||||||
| @@ -51,6 +59,7 @@ tests: | |||||||
|  |  | ||||||
| - it: Rendering ssh secret with custom values. | - it: Rendering ssh secret with custom values. | ||||||
|   set: |   set: | ||||||
|  |     config.ssh.enabled: true | ||||||
|     config.ssh.secret.config: | |     config.ssh.secret.config: | | ||||||
|       Host * |       Host * | ||||||
|         IdentityFile ~/.ssh/id_ed25519 |         IdentityFile ~/.ssh/id_ed25519 | ||||||
| @@ -90,6 +99,7 @@ tests: | |||||||
|  |  | ||||||
| - it: Rendering custom annotations and labels. | - it: Rendering custom annotations and labels. | ||||||
|   set: |   set: | ||||||
|  |     config.ssh.enabled: true | ||||||
|     config.ssh.secret.annotations: |     config.ssh.secret.annotations: | ||||||
|       foo: bar |       foo: bar | ||||||
|       bar: foo |       bar: foo | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/serviceAccount.yaml | - templates/serviceAccount.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip rendering. | - it: Skip rendering. | ||||||
|   set: |   set: | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/serviceHTTP.yaml | - templates/serviceHTTP.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip service when disabled. | - it: Skip service when disabled. | ||||||
|   set: |   set: | ||||||
|   | |||||||
							
								
								
									
										284
									
								
								values.yaml
									
									
									
									
									
								
							
							
						
						
									
										284
									
								
								values.yaml
									
									
									
									
									
								
							| @@ -5,9 +5,83 @@ | |||||||
| nameOverride: "" | nameOverride: "" | ||||||
| fullnameOverride: "" | fullnameOverride: "" | ||||||
|  |  | ||||||
|  | ## @section Certificate | ||||||
|  | certificate: | ||||||
|  |   ## @param certificate.enabled Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added. | ||||||
|  |   enabled: false | ||||||
|  |  | ||||||
|  |   ## @param certificate.existingSecret.enabled Use an existing secret of the type `kubernetes.io/tls`. | ||||||
|  |   ## @param certificate.existingSecret.secretName Name of the secret containing the TLS certificate and private key. | ||||||
|  |   existingSecret: | ||||||
|  |     enabled: false | ||||||
|  |     secretName: "" | ||||||
|  |  | ||||||
|  |   ## @param certificate.new.annotations Additional certificate annotations. | ||||||
|  |   ## @param certificate.new.labels Additional certificate labels. | ||||||
|  |   ## @param certificate.new.duration Duration of the TLS certificate. | ||||||
|  |   ## @param certificate.new.renewBefore Renew TLS certificate before expiring. | ||||||
|  |   ## @param certificate.new.dnsNames Overwrites the default of the subject alternative DNS names. | ||||||
|  |   ## @param certificate.new.ipAddresses Overwrites the default of the subject alternative IP addresses. | ||||||
|  |   ## @param certificate.new.issuerRef.kind Issuer kind. Can be `Issuer` or `ClusterIssuer`. | ||||||
|  |   ## @param certificate.new.issuerRef.name Name of the `Issuer` or `ClusterIssuer`. | ||||||
|  |   ## @param certificate.new.privateKey.algorithm Algorithm of the private TLS key. | ||||||
|  |   ## @param certificate.new.privateKey.rotationPolicy Rotation of the private TLS key. | ||||||
|  |   ## @param certificate.new.privateKey.size Size of the private TLS key. | ||||||
|  |   ## @param certificate.new.secretTemplate.annotations Additional annotation of the created secret. | ||||||
|  |   ## @param certificate.new.secretTemplate.labels Additional labels of the created secret. | ||||||
|  |   ## @param certificate.new.subject.countries List of countries. | ||||||
|  |   ## @param certificate.new.subject.localities List of localities. | ||||||
|  |   ## @param certificate.new.subject.organizationalUnits List of organizationalUnits. | ||||||
|  |   ## @param certificate.new.subject.organizations List of organizations. | ||||||
|  |   ## @param certificate.new.subject.postalCodes List of postalCodes. | ||||||
|  |   ## @param certificate.new.subject.provinces List of provinces. | ||||||
|  |   ## @param certificate.new.subject.serialNumber Serial number. | ||||||
|  |   ## @param certificate.new.subject.streetAddresses List of streetAddresses. | ||||||
|  |   ## @param certificate.new.usages Define the usage of the TLS key. | ||||||
|  |   new: | ||||||
|  |     annotations: {} | ||||||
|  |     labels: {} | ||||||
|  |     duration: "744h"      # 31 days | ||||||
|  |     renewBefore: "672h"   # 28 days | ||||||
|  |     dnsNames: [] | ||||||
|  |     # The following DNS names are already part of the SAN's and serves only as example. | ||||||
|  |     # - "athens-proxy" | ||||||
|  |     # - "athens-proxy.svc" | ||||||
|  |     # - "athens-proxy.svc.namespace" | ||||||
|  |     # - "athens-proxy.svc.namespace.cluster.local" | ||||||
|  |     ipAddresses: [] | ||||||
|  |     # The following IP addresses serves only as example. | ||||||
|  |     # - "10.92.1.10" | ||||||
|  |     # - "2001:0db8:85a3:08d3:1319:8a2e:0370:7344" | ||||||
|  |     issuerRef: | ||||||
|  |       kind: "" | ||||||
|  |       name: "" | ||||||
|  |     privateKey: | ||||||
|  |       algorithm: "RSA" | ||||||
|  |       rotationPolicy: "Never" | ||||||
|  |       size: 4096 | ||||||
|  |     secretTemplate: | ||||||
|  |       annotations: {} | ||||||
|  |       labels: {} | ||||||
|  |     subject: | ||||||
|  |       countries: [] | ||||||
|  |       localities: [] | ||||||
|  |       organizationalUnits: [] | ||||||
|  |       organizations: [] | ||||||
|  |       postalCodes: [] | ||||||
|  |       provinces: [] | ||||||
|  |       serialNumber: "" | ||||||
|  |       streetAddresses: [] | ||||||
|  |     usages: | ||||||
|  |     - "client auth" | ||||||
|  |     - "server auth" | ||||||
|  |  | ||||||
| ## @section Configuration | ## @section Configuration | ||||||
| config: | config: | ||||||
|   env: |   env: | ||||||
|  |     ## @param config.env.enabled Enable mounting of the secret as environment variables. | ||||||
|  |     enabled: false | ||||||
|  |  | ||||||
|     ## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables. |     ## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables. | ||||||
|     ## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables. |     ## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables. | ||||||
|     existingSecret: |     existingSecret: | ||||||
| @@ -25,7 +99,6 @@ config: | |||||||
|         # ATHENS_AZURE_ACCOUNT_NAME: |         # ATHENS_AZURE_ACCOUNT_NAME: | ||||||
|         # ATHENS_AZURE_CONTAINER_NAME: |         # ATHENS_AZURE_CONTAINER_NAME: | ||||||
|         # ATHENS_CLOUD_RUNTIME: |         # ATHENS_CLOUD_RUNTIME: | ||||||
|         # ATHENS_DOWNLOAD_MODE: |  | ||||||
|         # ATHENS_DOWNLOAD_URL: |         # ATHENS_DOWNLOAD_URL: | ||||||
|         # ATHENS_ETCD_ENDPOINTS: |         # ATHENS_ETCD_ENDPOINTS: | ||||||
|         # ATHENS_EXTERNAL_STORAGE_URL: |         # ATHENS_EXTERNAL_STORAGE_URL: | ||||||
| @@ -76,8 +149,6 @@ config: | |||||||
|         # ATHENS_STORAGE_GCP_JSON_KEY: |         # ATHENS_STORAGE_GCP_JSON_KEY: | ||||||
|         # ATHENS_SUM_DBS: |         # ATHENS_SUM_DBS: | ||||||
|         # ATHENS_TIMEOUT: |         # ATHENS_TIMEOUT: | ||||||
|         # ATHENS_TLSCERT_FILE: |  | ||||||
|         # ATHENS_TLSKEY_FILE: |  | ||||||
|         # ATHENS_TRACE_EXPORTER_URL: |         # ATHENS_TRACE_EXPORTER_URL: | ||||||
|         # ATHENS_TRACE_EXPORTER: |         # ATHENS_TRACE_EXPORTER: | ||||||
|         # AWS_ACCESS_KEY_ID: |         # AWS_ACCESS_KEY_ID: | ||||||
| @@ -96,23 +167,28 @@ config: | |||||||
|         # PROXY_FORCE_SSL: |         # PROXY_FORCE_SSL: | ||||||
|  |  | ||||||
|   downloadMode: |   downloadMode: | ||||||
|     ## @param config.downloadMode.existingConfigMap.enabled TODO: |     ## @param config.downloadMode.enabled Enable mounting of a download mode file into the container file system. If enabled, the env `ATHENS_DOWNLOAD_MODE` will automatically be defined. | ||||||
|     ## @param config.downloadMode.existingConfigMap.secretName TODO: |     enabled: false | ||||||
|  |  | ||||||
|  |     ## @param config.downloadMode.existingConfigMap.enabled Enable to use an external config map for mounting the download mode file. | ||||||
|  |     ## @param config.downloadMode.existingConfigMap.configMapName The name of the existing config map which should be used to mount the download mode file. | ||||||
|  |     ## @param config.downloadMode.existingConfigMap.downloadModeKey The name of the key inside the config map where the content of the download mode file is stored. | ||||||
|     existingConfigMap: |     existingConfigMap: | ||||||
|       enabled: false |       enabled: false | ||||||
|       secretName: "" |       configMapName: "" | ||||||
|  |       downloadModeKey: "downloadMode" | ||||||
|  |  | ||||||
|     ## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file. |     ## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file. | ||||||
|     ## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file. |     ## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file. | ||||||
|     ## @param config.downloadMode.configMap.content Additional labels of the config map containing the download mode file. |     ## @skip config.downloadMode.configMap.content The content of the download mode file. | ||||||
|     configMap: |     configMap: | ||||||
|       annotations: {} |       annotations: {} | ||||||
|       labels: {} |       labels: {} | ||||||
|       content: | |       content: | | ||||||
|         # downloadURL = "https://proxy.golang.org" |         downloadURL = "https://proxy.golang.org" | ||||||
|         # |  | ||||||
|         # mode = "async_redirect" |         mode = "async_redirect" | ||||||
|         # |  | ||||||
|         # download "github.com/gomods/*" { |         # download "github.com/gomods/*" { | ||||||
|         #     mode = "sync" |         #     mode = "sync" | ||||||
|         # } |         # } | ||||||
| @@ -123,7 +199,7 @@ config: | |||||||
|         # |         # | ||||||
|         # download "github.com/pkg/*" { |         # download "github.com/pkg/*" { | ||||||
|         #     mode = "redirect" |         #     mode = "redirect" | ||||||
|         #     downloadURL = "https://gocenter.io" |         #     downloadURL = "https://proxy.golang.org" | ||||||
|         # } |         # } | ||||||
|  |  | ||||||
|   gitConfig: |   gitConfig: | ||||||
| @@ -138,9 +214,9 @@ config: | |||||||
|       configMapName: "" |       configMapName: "" | ||||||
|       gitConfigKey: |       gitConfigKey: | ||||||
|  |  | ||||||
|     ## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the download mode file. |     ## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the .gitconfig file. | ||||||
|     ## @param config.gitConfig.configMap.labels Additional labels of the config map containing the download mode file. |     ## @param config.gitConfig.configMap.labels Additional labels of the config map containing the .gitconfig file. | ||||||
|     ## @param config.gitConfig.configMap.content The content of the .gitconfig file. |     ## @skip config.gitConfig.configMap.content The content of the .gitconfig file. | ||||||
|     configMap: |     configMap: | ||||||
|       annotations: {} |       annotations: {} | ||||||
|       labels: {} |       labels: {} | ||||||
| @@ -166,7 +242,7 @@ config: | |||||||
|  |  | ||||||
|     ## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials. |     ## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials. | ||||||
|     ## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials. |     ## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials. | ||||||
|     ## @param config.netrc.secret.content The content of the .netrc file. |     ## @skip config.netrc.secret.content The content of the .netrc file. | ||||||
|     secret: |     secret: | ||||||
|       annotations: {} |       annotations: {} | ||||||
|       labels: {} |       labels: {} | ||||||
| @@ -185,18 +261,32 @@ config: | |||||||
|         # machine api.github.com  [octocat]  password  [PAT] |         # machine api.github.com  [octocat]  password  [PAT] | ||||||
|  |  | ||||||
|   ssh: |   ssh: | ||||||
|     ## @param config.ssh.existingSecret.enabled TODO:. |     ## @param config.ssh.enabled Enable mounting of a .netrc file into the container file system. | ||||||
|     ## @param config.ssh.existingSecret.secretName TODO: |     enabled: false | ||||||
|  |  | ||||||
|  |     ## @param config.ssh.existingSecret.enabled Enable to use an external secret for mounting the public and private SSH key files. | ||||||
|  |     ## @param config.ssh.existingSecret.secretName The name of the existing secret which should be used to mount the public and private SSH key files. | ||||||
|  |     ## @param config.ssh.existingSecret.configKey The name of the key inside the secret where the content of the SSH client config file is stored. | ||||||
|  |     ## @param config.ssh.existingSecret.id_ed25519Key The name of the key inside the secret where the content of the id_ed25519 key file is stored. | ||||||
|  |     ## @param config.ssh.existingSecret.id_ed25519PubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | ||||||
|  |     ## @param config.ssh.existingSecret.id_rsaKey The name of the key inside the secret where the content of the id_rsa key file is stored. | ||||||
|  |     ## @param config.ssh.existingSecret.id_rsaPubKey The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | ||||||
|     existingSecret: |     existingSecret: | ||||||
|       enabled: false |       enabled: false | ||||||
|  |       secretName: "" | ||||||
|  |       configKey: "config" | ||||||
|  |       id_ed25519Key: "id_ed25519" | ||||||
|  |       id_ed25519PubKey: "id_ed25519.pub" | ||||||
|  |       id_rsaKey: "id_rsa" | ||||||
|  |       id_rsaPubKey: "id_rsa.pub" | ||||||
|  |  | ||||||
|     ## @param config.ssh.secret.annotations Additional annotations of the secret containing the database credentials. |     ## @param config.ssh.secret.annotations Additional annotations of the secret containing the public and private SSH key files. | ||||||
|     ## @param config.ssh.secret.labels Additional labels of the secret containing the database credentials. |     ## @param config.ssh.secret.labels Additional labels of the secret containing the public and private SSH key files. | ||||||
|     ## @param config.ssh.secret.files TODO: |     ## @skip config.ssh.secret.config The content of the SSH client config file. | ||||||
|     ## @skip config.ssh.secret.id_ed25519 TODO: |     ## @skip config.ssh.secret.id_ed25519 The content of the private SSH ed25519 key. | ||||||
|     ## @skip config.ssh.secret.id_ed25519_pub TODO: |     ## @skip config.ssh.secret.id_ed25519_pub The content of the public SSH ed25519 key. | ||||||
|     ## @skip config.ssh.secret.id_rsa TODO: |     ## @skip config.ssh.secret.id_rsa The content of the private SSH RSA key. | ||||||
|     ## @skip config.ssh.secret.id_rsa_pub TODO: |     ## @skip config.ssh.secret.id_rsa_pub The content of the public SSH RSA key. | ||||||
|     secret: |     secret: | ||||||
|       annotations: {} |       annotations: {} | ||||||
|       labels: {} |       labels: {} | ||||||
| @@ -383,9 +473,9 @@ deployment: | |||||||
|   #   whenUnsatisfiable: DoNotSchedule |   #   whenUnsatisfiable: DoNotSchedule | ||||||
|   #   labelSelector: |   #   labelSelector: | ||||||
|   #     matchLabels: |   #     matchLabels: | ||||||
|   #       app.kubernetes.io/instance: prometheus-athens-proxy |   #       app.kubernetes.io/instance: athens-proxy | ||||||
|  |  | ||||||
|   ## @param deployment.volumes Additional volumes to mount into the pods of the prometheus-exporter deployment. |   ## @param deployment.volumes Additional volumes to mount into the pods of the athens-proxy deployment. | ||||||
|   volumes: [] |   volumes: [] | ||||||
|   # - name: my-configmap-volume |   # - name: my-configmap-volume | ||||||
|   #   config: |   #   config: | ||||||
| @@ -460,89 +550,93 @@ persistence: | |||||||
|     ## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`. |     ## @param persistence.data.mountPath The path where the persistent volume should be mounted in the container file system. This variable controls `ATHENS_DISK_STORAGE_ROOT`. | ||||||
|     mountPath: "/var/www/athens-proxy/data" |     mountPath: "/var/www/athens-proxy/data" | ||||||
|  |  | ||||||
|  |     ## @param persistence.data.existingPersistentVolumeClaim.enabled TODO | ||||||
|  |     ## @param persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName TODO | ||||||
|     existingPersistentVolumeClaim: |     existingPersistentVolumeClaim: | ||||||
|       enabled: false |       enabled: false | ||||||
|       persistentVolumeClaimName: "" |       persistentVolumeClaimName: "" | ||||||
|  |  | ||||||
|  |     ## @param persistence.data.persistentVolumeClaim.annotations Additional persistent volume claim annotations. | ||||||
|  |     ## @param persistence.data.persistentVolumeClaim.labels Additional persistent volume claim labels. | ||||||
|  |     ## @param persistence.data.persistentVolumeClaim.accessModes Access modes of the persistent volume claim. | ||||||
|  |     ## @param persistence.data.persistentVolumeClaim.storageClassName Storage class of the persistent volume claim. | ||||||
|  |     ## @param persistence.data.persistentVolumeClaim.storageSize Size of the persistent volume claim. | ||||||
|     persistentVolumeClaim: |     persistentVolumeClaim: | ||||||
|       annotations: {} |       annotations: {} | ||||||
|       labels: {} |       labels: {} | ||||||
|       accessModes: |       accessModes: | ||||||
|       - ReadWriteMany |       - ReadWriteMany | ||||||
|       storageClass: "" |       storageClassName: "" | ||||||
|       storageSize: "5Gi" |       storageSize: "5Gi" | ||||||
|  |  | ||||||
| ## @section NetworkPolicies | ## @section Network | ||||||
| ## @param networkPolicies.enabled Enable network policies in general. | ## @param clusterDomain Domain of the Cluster. Domain is part of internally issued certificates. | ||||||
| networkPolicies: | clusterDomain: "cluster.local" | ||||||
|  |  | ||||||
|  | ## @section Network Policy | ||||||
|  | networkPolicy: | ||||||
|  |   ## @param networkPolicy.enabled Enable network policies in general. | ||||||
|  |   ## @param networkPolicy.annotations Additional network policy annotations. | ||||||
|  |   ## @param networkPolicy.labels Additional network policy labels. | ||||||
|  |   ## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress. | ||||||
|  |   ## @param networkPolicy.egress Concrete egress network policy implementation. | ||||||
|  |   ## @skip networkPolicy.egress Skip individual egress configuration. | ||||||
|  |   ## @param networkPolicy.ingress Concrete ingress network policy implementation. | ||||||
|  |   ## @skip networkPolicy.ingress Skip individual ingress configuration. | ||||||
|   enabled: false |   enabled: false | ||||||
|  |   annotations: {} | ||||||
|  |   labels: {} | ||||||
|  |   policyTypes: [] | ||||||
|  |   # - Egress | ||||||
|  |   # - Ingress | ||||||
|  |   egress: [] | ||||||
|  |   # Allow outgoing HTTPS traffic to external go module servers | ||||||
|  |   # | ||||||
|  |   # - ports: | ||||||
|  |   #   - port: 443 | ||||||
|  |   #     protocol: TCP | ||||||
|  |  | ||||||
|   ## @param networkPolicies.default.enabled Enable the network policy for accessing the application by default. For example to scape the metrics. |   # Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns. | ||||||
|   ## @param networkPolicies.default.annotations Additional network policy annotations. |   # | ||||||
|   ## @param networkPolicies.default.labels Additional network policy labels. |   # - to: | ||||||
|   ## @param networkPolicies.default.policyTypes List of policy types. Supported is ingress, egress or ingress and egress. |   #   - namespaceSelector: | ||||||
|   ## @param networkPolicies.default.egress Concrete egress network policy implementation. |   #       matchLabels: | ||||||
|   ## @skip networkPolicies.default.egress Skip individual egress configuration. |   #         kubernetes.io/metadata.name: kube-system | ||||||
|   ## @param networkPolicies.default.ingress Concrete ingress network policy implementation. |   #     podSelector: | ||||||
|   ## @skip networkPolicies.default.ingress Skip individual ingress configuration. |   #       matchLabels: | ||||||
|   default: |   #        k8s-app: kube-dns | ||||||
|     enabled: false |   #   ports: | ||||||
|     annotations: {} |   #   - port: 53 | ||||||
|     labels: {} |   #     protocol: TCP | ||||||
|     policyTypes: [] |   #   - port: 53 | ||||||
|     # - Egress |   #     protocol: UDP | ||||||
|     # - Ingress |  | ||||||
|     egress: [] |  | ||||||
|     # Allow outgoing traffic to database host |  | ||||||
|     # |  | ||||||
|     # - to: |  | ||||||
|     #   - ipBlock: |  | ||||||
|     #       cidr: 192.168.179.1/32 |  | ||||||
|     #   ports: |  | ||||||
|     #   - port: 5432 |  | ||||||
|     #     protocol: TCP |  | ||||||
|  |  | ||||||
|     # Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns. |   ingress: [] | ||||||
|     # |   # Allow incoming HTTP traffic from prometheus. | ||||||
|     # - to: |   # | ||||||
|     #   - namespaceSelector: |   # - from: | ||||||
|     #       matchLabels: |   #   - namespaceSelector: | ||||||
|     #         kubernetes.io/metadata.name: kube-system |   #       matchLabels: | ||||||
|     #     podSelector: |   #         kubernetes.io/metadata.name: monitoring | ||||||
|     #       matchLabels: |   #     podSelector: | ||||||
|     #        k8s-app: kube-dns |   #       matchLabels: | ||||||
|     #   ports: |   #         app.kubernetes.io/name: prometheus | ||||||
|     #   - port: 53 |   #   ports: | ||||||
|     #     protocol: TCP |   #   - port: http | ||||||
|     #   - port: 53 |   #     protocol: TCP | ||||||
|     #     protocol: UDP |  | ||||||
|  |  | ||||||
|     ingress: [] |   # Allow incoming HTTP traffic from ingress-nginx. | ||||||
|     # Allow incoming HTTP traffic from prometheus. |   # | ||||||
|     # |   # - from: | ||||||
|     # - from: |   #   - namespaceSelector: | ||||||
|     #   - namespaceSelector: |   #       matchLabels: | ||||||
|     #       matchLabels: |   #         kubernetes.io/metadata.name: ingress-nginx | ||||||
|     #         kubernetes.io/metadata.name: monitoring |   #     podSelector: | ||||||
|     #     podSelector: |   #       matchLabels: | ||||||
|     #       matchLabels: |   #         app.kubernetes.io/name: ingress-nginx | ||||||
|     #         app.kubernetes.io/name: prometheus |   #   ports: | ||||||
|     #   ports: |   #   - port: http | ||||||
|     #   - port: http |   #     protocol: TCP | ||||||
|     #     protocol: TCP |  | ||||||
|  |  | ||||||
|     # Allow incoming HTTP traffic from ingress-nginx. |  | ||||||
|     # |  | ||||||
|     # - from: |  | ||||||
|     #   - namespaceSelector: |  | ||||||
|     #       matchLabels: |  | ||||||
|     #         kubernetes.io/metadata.name: ingress-nginx |  | ||||||
|     #     podSelector: |  | ||||||
|     #       matchLabels: |  | ||||||
|     #         app.kubernetes.io/name: ingress-nginx |  | ||||||
|     #   ports: |  | ||||||
|     #   - port: http |  | ||||||
|     #     protocol: TCP |  | ||||||
|  |  | ||||||
| ## @section Service | ## @section Service | ||||||
| ## @param services.http.enabled Enable the service. | ## @param services.http.enabled Enable the service. | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user