26 Commits

Author SHA1 Message Date
297f36920a fix(certificate): subject in body must be of type object
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 7s
Release / publish-chart (push) Successful in 18s
2025-10-14 23:26:09 +02:00
4102fc9014 feat(certificates): support certificates
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Helm / helm-lint (push) Successful in 14s
Helm / helm-unittest (push) Successful in 7s
Markdown linter / markdown-lint (push) Successful in 15s
Markdown linter / markdown-link-checker (push) Successful in 32s
Release / publish-chart (push) Successful in 19s
The following patch enables you to generate certificates using cert-manager or,
alternatively, to mount a secret with TLS certificates.

The HTTP server is then automatically configured to use the TLS certificates to
encrypt HTTP traffic.

If an ingress controller is also used, such as the nginx-ingress controller, the
necessary annotations must still be set to inform the nginx-ingress controller
that the HTTP upstream server communicates via HTTPS.
2025-10-14 23:02:28 +02:00
be923ed95f Merge pull request 'chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.0.3' (#100) from renovate/volker.raschek-athens-proxy-charts-1.x into master
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Helm / helm-lint (push) Successful in 8s
Markdown linter / markdown-link-checker (push) Successful in 11s
Helm / helm-unittest (push) Successful in 16s
Markdown linter / markdown-lint (push) Successful in 9s
2025-10-12 22:03:24 +00:00
f07ff039ce chore(deps): update dependency volker.raschek/athens-proxy-charts to v1.0.3
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Helm / helm-lint (push) Successful in 17s
Helm / helm-unittest (push) Successful in 7s
Markdown linter / markdown-lint (push) Successful in 1m0s
Markdown linter / markdown-link-checker (push) Successful in 1m20s
Generate README / generate-parameters (pull_request) Successful in 11s
Helm / helm-unittest (pull_request) Successful in 19s
Helm / helm-lint (pull_request) Successful in 23s
Markdown linter / markdown-link-checker (pull_request) Successful in 16s
Markdown linter / markdown-lint (pull_request) Successful in 34s
2025-10-12 22:01:05 +00:00
a11be194cc docs(Chart): adapt list of sources
All checks were successful
Helm / helm-lint (push) Successful in 1m0s
Helm / helm-unittest (push) Successful in 15s
2025-10-12 22:36:52 +02:00
7908de9313 docs(README): update parameter description
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
Markdown linter / markdown-link-checker (push) Successful in 11s
Generate README / generate-parameters (push) Successful in 28s
Markdown linter / markdown-lint (push) Successful in 10s
2025-10-12 22:34:22 +02:00
adfe40a9c7 docs(README): adapt description of networkPolicy examples
Some checks failed
Helm / helm-lint (push) Successful in 1m4s
Helm / helm-unittest (push) Successful in 7s
Generate README / generate-parameters (push) Failing after 1m21s
2025-10-12 22:24:10 +02:00
eadbcf243b fix(deployment): mount configMap 'gitconfig'
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 20s
Release / publish-chart (push) Successful in 13s
2025-10-12 22:09:03 +02:00
0caa188bb1 fix(deployment): mount additional volumes
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 15s
Release / publish-chart (push) Successful in 8s
2025-10-12 22:03:25 +02:00
3bce806ed6 fix(deployment): mount environment variables and volumes only when enabled
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 15s
Release / publish-chart (push) Successful in 8s
2025-10-12 21:55:31 +02:00
5c09cf8c79 docs(README): skip rendering of file content
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 6s
Generate README / generate-parameters (push) Successful in 28s
Markdown linter / markdown-link-checker (push) Successful in 12s
Markdown linter / markdown-lint (push) Successful in 28s
2025-10-12 21:11:45 +02:00
d4b5c0c86f fix(Chart): adapt annotation 'artifacthub.io/links'
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 15s
2025-10-12 20:54:08 +02:00
74598b4ee0 docs(README): mention upstream https://proxy.golang.org
Some checks failed
Generate README / generate-parameters (push) Successful in 29s
Helm / helm-lint (push) Successful in 17s
Helm / helm-unittest (push) Successful in 15s
Markdown linter / markdown-link-checker (push) Successful in 31s
Markdown linter / markdown-lint (push) Failing after 27s
Release / publish-chart (push) Successful in 1m56s
2025-10-12 19:19:09 +02:00
b06c1962cc docs(README): update chart version to 1.0.0
Some checks failed
Helm / helm-lint (push) Successful in 51s
Generate README / generate-parameters (push) Successful in 1m8s
Helm / helm-unittest (push) Has been cancelled
Markdown linter / markdown-lint (push) Has been cancelled
Markdown linter / markdown-link-checker (push) Has started running
2025-10-12 19:17:49 +02:00
991c545c93 test(deployment): adapt download mode url
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 15s
2025-10-12 19:06:55 +02:00
7c60c70244 docs(README): avoid CPU throttling by defining a CPU limit
Some checks failed
Helm / helm-lint (push) Successful in 11s
Helm / helm-unittest (push) Failing after 7s
Generate README / generate-parameters (push) Successful in 29s
Markdown linter / markdown-link-checker (push) Successful in 12s
Markdown linter / markdown-lint (push) Failing after 27s
2025-10-12 19:04:26 +02:00
0e048cdf4b docs(README): adapt downloadURL
Some checks failed
Generate README / generate-parameters (push) Successful in 10s
Helm / helm-lint (push) Successful in 14s
Helm / helm-unittest (push) Failing after 6s
Markdown linter / markdown-lint (push) Failing after 9s
Markdown linter / markdown-link-checker (push) Successful in 35s
2025-10-12 18:58:24 +02:00
89604cbe64 docs(README): mount secret with environment variables
Some checks failed
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 7s
Generate README / generate-parameters (push) Successful in 30s
Markdown linter / markdown-link-checker (push) Failing after 2m16s
Markdown linter / markdown-lint (push) Failing after 2m10s
2025-10-12 18:48:40 +02:00
f63450aec4 fix(deployment): mount secret with environment variables
Some checks failed
Generate README / generate-parameters (push) Failing after 10s
Helm / helm-lint (push) Has been cancelled
Helm / helm-unittest (push) Has been cancelled
2025-10-12 18:48:18 +02:00
d1e5accccb fix: supprt automatically roll deployments
All checks were successful
Helm / helm-unittest (push) Successful in 8s
Helm / helm-lint (push) Successful in 1m1s
2025-10-12 18:00:06 +02:00
fbd846784c fix(networkPolicy): use single network policy
Some checks failed
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 7s
Markdown linter / markdown-link-checker (push) Successful in 11s
Generate README / generate-parameters (push) Failing after 28s
Markdown linter / markdown-lint (push) Successful in 17s
2025-10-12 17:21:05 +02:00
bab5282617 fix(Chart): remove maintainer section
Some checks failed
Helm / helm-unittest (push) Failing after 19m53s
Helm / helm-lint (push) Failing after 19m55s
2025-10-12 17:07:26 +02:00
307660c767 refac: remove obsolete directory athens-proxy
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 15s
2025-10-12 17:05:51 +02:00
59b43aac79 fix(configMap): enable downloadURL and mode by default
Some checks failed
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
Generate README / generate-parameters (push) Successful in 28s
Markdown linter / markdown-link-checker (push) Failing after 14s
Markdown linter / markdown-lint (push) Failing after 33s
2025-10-12 16:54:36 +02:00
85a38e7d22 fix(deployment): remove leading v of the container image tag
All checks were successful
Helm / helm-lint (push) Successful in 21s
Helm / helm-unittest (push) Successful in 17s
2025-10-12 16:49:43 +02:00
2005fb8e05 fix(ci): update workflows and make targets
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 15s
2025-10-12 16:37:24 +02:00
55 changed files with 1327 additions and 537 deletions

View File

@@ -46,18 +46,7 @@ jobs:
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }} CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }} CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
GITEA_SERVER_URL: ${{ github.server_url }}
run: | run: |
PACKAGE_VERSION=${GITHUB_REF#refs/tags/}
REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2)
REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)
helm dependency build
helm package --version "${PACKAGE_VERSION}" ./
# chart-museum
helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY} helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
helm repo remove chartmuseum helm repo remove chartmuseum

View File

@@ -1,8 +0,0 @@
{
"yaml.schemas": {
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [
"/unittests/**/*.yaml"
]
},
"yaml.schemaStore.enable": true
}

View File

@@ -3,7 +3,7 @@ annotations:
- name: Athens proxy (binary) - name: Athens proxy (binary)
url: https://github.com/gomods/athens url: https://github.com/gomods/athens
- name: support - name: support
url: https://git.cryptic.systems/volker.raschek/athens-proxy/issues url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues
apiVersion: v2 apiVersion: v2
name: athens-proxy name: athens-proxy
description: Athens proxy server for golang description: Athens proxy server for golang
@@ -19,10 +19,6 @@ keywords:
- go-proxy - go-proxy
sources: sources:
- https://github.com/volker-raschek/athens-proxy-charts - https://git.cryptic.systems/volker.raschek/athens-proxy-charts
- https://github.com/gomods/athens - https://github.com/gomods/athens
- https://hub.docker.com/r/gomods/athens - https://hub.docker.com/r/gomods/athens
maintainers:
- name: Markus Pesch
email: markus.pesch+apps@cryptic.systems

View File

@@ -4,7 +4,7 @@ CONTAINER_RUNTIME?=$(shell which podman)
# HELM_IMAGE # HELM_IMAGE
HELM_IMAGE_REGISTRY_HOST?=docker.io HELM_IMAGE_REGISTRY_HOST?=docker.io
HELM_IMAGE_REPOSITORY?=volkerraschek/helm HELM_IMAGE_REPOSITORY?=volkerraschek/helm
HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION} HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
# NODE_IMAGE # NODE_IMAGE

368
README.md
View File

@@ -2,167 +2,174 @@
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek) [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek)
This is an inofficial helm chart of the go-proxy > [!NOTE]
[athens](https://github.com/gomods/athens) which supports more complex > This is not the official helm chart of Athens Go Proxy. If you are looking for the official helm chart, checkout the
configuration options. > GitHub project [gomods/athens-charts](https://github.com/gomods/athens-charts).
This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and This helm chart enables the deployment of [Athens Go Proxy](https://github.com/gomods/athens), a module datastore and
can be installed via helm. proxy for Golang.
The helm chart supports the individual configuration of additional containers/initContainers, mounting of volumes,
defining additional environment variables and much more.
Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure
helm and use it to deploy the exporter. It also contains further configuration examples.
Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the
*[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)*
concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a
separate [chapter](#argocd).
## Helm: configuration and installation
1. A helm chart repository must be configured, to pull the helm charts from.
2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm
`--set` flag or directly as part of a `values.yaml` file. The following example defines the repository and use the
`--set` flag for a basic deployment.
```bash ```bash
helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
helm repo update
helm install athens-proxy volker.raschek/athens-proxy helm install athens-proxy volker.raschek/athens-proxy
``` ```
## Customization Instead of passing all parameters via the *set* flag, it is also possible to define them as part of the `values.yaml`.
The following command downloads the `values.yaml` for a specific version of this chart. Please keep in mind, that the
version of the chart must be in sync with the `values.yaml`. Newer *minor* versions can have new features. New *major*
versions can break something!
The complete deployment can be adapted via the `values.yaml` files. The ```bash
configuration of the proxy can be done via the environment variables described CHART_VERSION=1.0.3
below or via mounting the config.toml as additional persistent volume to helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml
`/config/config.toml`
## Access private repositories via SSH
Create a `configmap.yaml` with multiple keys. One key describe the content of
the `.gitconfig` file and another of `config` of the ssh client. All requests
Git clone comands with the prefix `http://github.com/` will be replaced by
`git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a
separate secret.
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-configs
data:
sshconfig: |
Host github.com
IdentityFile /root/.ssh/id_ed25519
StrictHostKeyChecking no
gitconfig: |
[url "git@github.com:"]
insteadOf = https://github.com/
``` ```
The secret definition below contains the SSH private and public key. A complete list of available helm chart versions can be displayed via the following command:
```yaml ```bash
apiVersion: v1 helm search repo reposilite --versions
kind: Secret
metadata:
name: custom-ssh-keys
type: Opaque
stringData:
id_ed25519: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
-----END OPENSSH PRIVATE KEY-----
id_ed25519.pub: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe
``` ```
The item `config` of the configmap will be merged with the items of the secret The helm chart also contains a persistent volume claim definition. It persistent volume claim is not enabled by default.
as virtual volume. This volume can than be mounted with special permissions Use the `--set` argument to persist your data.
required for the ssh client.
```yaml ```bash
extraVolumes: CHART_VERSION=1.0.3
- name: ssh helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
projected: persistence.enabled=true
defaultMode: 0644
sources:
- configMap:
name: custom-configs
items:
- key: sshconfig
path: config
- secret:
name: custom-ssh-keys
items:
- key: id_ed25519
path: id_ed25519
mode: 0600
- key: id_ed25519.pub
path: id_ed25519.pub
- name: gitconfig
configMap:
name: custom-configs
items:
- key: gitconfig
path: config
mode: 0644
extraVolumeMounts:
- name: ssh
mountPath: /root/.ssh
- name: gitconfig
mountPath: /root/.config/git
``` ```
## Access private GitHub.com repositories via developer token ### Examples
Another way to access private GitHub repositories is via a GitHub token, which The following examples serve as individual configurations and as inspiration for how deployment problems can be solved.
can be set via the environment variable `GITHUB_TOKEN`. Athens automatically
creates a `.netrc` file to access private GitHub repositories.
## Access private repositories via .netrc configuration #### Avoid CPU throttling by defining a CPU limit
As describe above, a `.netrc` file is responsible for the authentication via If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the
HTTP. The file can also be defined via a custom secret and mounted into the home application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but
directory of `root` for general authentication purpose. cannot use the available CPU time to perform computing operations.
The example below describe the definition and mounting of a custom `.netrc` file The application must be informed that despite several CPUs only a part (limit) of the available computing time is
to access private repositories hosted on GitHub and GitLab. available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way
of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS
rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
```yaml Further information about this topic can be found in one of Kanishk's blog
apiVersion: v1 [posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
kind: Secret
metadata: > [!NOTE]
name: custom-netrc > The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is
type: Opaque > not anymore required.
stringData: >
netrc: | > Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
machine github.com login USERNAME password API-KEY
machine gitlab.com login USERNAME password API-KEY ```bash
CHART_VERSION=1.0.3
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
--set 'deployment.athensProxy.env.name=GOMAXPROCS' \
--set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
--set 'deployment.athensProxy.resources.limits.cpu=1000m'
``` ```
The file must then be mounted via extraVolumes and extraVolumeMounts. #### Network policies
Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`.
The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming
traffic from an ingress controller. Additionally two egress rules are defined. The first one to allow the application
outgoing access to the internal running DNS server `core-dns`. The second rule to be able to access the upstream Go
proxy `https://proxy.golang.org` via HTTPS.
> [!IMPORTANT]
> Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For
> this reason, there is are not default network policy rules defined.
```yaml ```yaml
extraVolumes: networkPolicies:
- name: netrc enabled: true
secret: annotations: {}
secretName: custom-netrc labels: {}
items: policyTypes:
- key: netrc - Egress
path: .netrc - Ingress
mode: 0600 egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- port: 53
protocol: TCP
- port: 53
protocol: UDP
- ports:
- port: 443
protocol: TCP
extraVolumeMounts: ingress:
- name: netrc - from:
mountPath: /root - namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
ports:
- port: http
protocol: TCP
``` ```
## Persistent storage ## ArgoCD
Unlike the athens default, the default here is `disk` - i.e. the files are ### Daily execution of rolling updates
written to the container. Therefore, it is advisable to outsource the
corresponding storage location to persistent storage. The following example
describes the integration of a persistent storage claim.
```yaml The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in
extraVolumes: connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll
- name: gomodules Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments).
persistentVolumeClaim:
claimName: custom-gomodules-pvc
extraVolumeMounts: The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the
- name: gomodules content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version,
mountPath: /var/lib/athens Helm render order, different timestamps).
This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this
can lead to unnecessary notifications from ArgoCD.
To avoid this, the annotation with the shasum must be ignored. Below is a diff that adds the `Application` to ignore all
annotations with the prefix `checksum`.
```diff
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
+ ignoreDifferences:
+ - group: apps/v1
+ kind: Deployment
+ jqPathExpressions:
+ - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))'
``` ```
## Parameters ## Parameters
@@ -174,10 +181,41 @@ extraVolumeMounts:
| `nameOverride` | Individual release name suffix. | `""` | | `nameOverride` | Individual release name suffix. | `""` |
| `fullnameOverride` | Override the complete release name logic. | `""` | | `fullnameOverride` | Override the complete release name logic. | `""` |
### Certificate
| Name | Description | Value |
| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- |
| `certificate.enabled` | Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added. | `false` |
| `certificate.existingSecret.enabled` | Use an existing secret of the type `kubernetes.io/tls`. | `false` |
| `certificate.existingSecret.secretName` | Name of the secret containing the TLS certificate and private key. | `""` |
| `certificate.new.annotations` | Additional certificate annotations. | `{}` |
| `certificate.new.labels` | Additional certificate labels. | `{}` |
| `certificate.new.duration` | Duration of the TLS certificate. | `744h` |
| `certificate.new.renewBefore` | Renew TLS certificate before expiring. | `672h` |
| `certificate.new.dnsNames` | Overwrites the default of the subject alternative DNS names. | `[]` |
| `certificate.new.ipAddresses` | Overwrites the default of the subject alternative IP addresses. | `[]` |
| `certificate.new.issuerRef.kind` | Issuer kind. Can be `Issuer` or `ClusterIssuer`. | `""` |
| `certificate.new.issuerRef.name` | Name of the `Issuer` or `ClusterIssuer`. | `""` |
| `certificate.new.privateKey.algorithm` | Algorithm of the private TLS key. | `RSA` |
| `certificate.new.privateKey.rotationPolicy` | Rotation of the private TLS key. | `Never` |
| `certificate.new.privateKey.size` | Size of the private TLS key. | `4096` |
| `certificate.new.secretTemplate.annotations` | Additional annotation of the created secret. | `{}` |
| `certificate.new.secretTemplate.labels` | Additional labels of the created secret. | `{}` |
| `certificate.new.subject.countries` | List of countries. | `[]` |
| `certificate.new.subject.localities` | List of localities. | `[]` |
| `certificate.new.subject.organizationalUnits` | List of organizationalUnits. | `[]` |
| `certificate.new.subject.organizations` | List of organizations. | `[]` |
| `certificate.new.subject.postalCodes` | List of postalCodes. | `[]` |
| `certificate.new.subject.provinces` | List of provinces. | `[]` |
| `certificate.new.subject.serialNumber` | Serial number. | `""` |
| `certificate.new.subject.streetAddresses` | List of streetAddresses. | `[]` |
| `certificate.new.usages` | Define the usage of the TLS key. | `["client auth","server auth"]` |
### Configuration ### Configuration
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `config.env.enabled` | Enable mounting of the secret as environment variables. | `false` |
| `config.env.existingSecret.enabled` | Mount an existing secret containing the application specific environment variables. | `false` | | `config.env.existingSecret.enabled` | Mount an existing secret containing the application specific environment variables. | `false` |
| `config.env.existingSecret.secretName` | Name of the existing secret containing the application specific environment variables. | `""` | | `config.env.existingSecret.secretName` | Name of the existing secret containing the application specific environment variables. | `""` |
| `config.env.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` | | `config.env.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
@@ -189,55 +227,18 @@ extraVolumeMounts:
| `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored. | `downloadMode` | | `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored. | `downloadMode` |
| `config.downloadMode.configMap.annotations` | Additional annotations of the config map containing the download mode file. | `{}` | | `config.downloadMode.configMap.annotations` | Additional annotations of the config map containing the download mode file. | `{}` |
| `config.downloadMode.configMap.labels` | Additional labels of the config map containing the download mode file. | `{}` | | `config.downloadMode.configMap.labels` | Additional labels of the config map containing the download mode file. | `{}` |
| `config.downloadMode.configMap.content` | The content of the download mode file. | `# downloadURL = "https://proxy.golang.org"
#
# mode = "async_redirect"
#
# download "github.com/gomods/*" {
# mode = "sync"
# }
#
# download "golang.org/x/*" {
# mode = "none"
# }
#
# download "github.com/pkg/*" {
# mode = "redirect"
# downloadURL = "https://gocenter.io"
# }
` |
| `config.gitConfig.enabled` | Enable mounting of a .gitconfig file into the container file system. | `false` | | `config.gitConfig.enabled` | Enable mounting of a .gitconfig file into the container file system. | `false` |
| `config.gitConfig.existingConfigMap.enabled` | Enable to use an external config map for mounting the .gitconfig file. | `false` | | `config.gitConfig.existingConfigMap.enabled` | Enable to use an external config map for mounting the .gitconfig file. | `false` |
| `config.gitConfig.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the .gitconfig file. | `""` | | `config.gitConfig.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the .gitconfig file. | `""` |
| `config.gitConfig.existingConfigMap.gitConfigKey` | The name of the key inside the config map where the content of the .gitconfig file is stored. | `nil` | | `config.gitConfig.existingConfigMap.gitConfigKey` | The name of the key inside the config map where the content of the .gitconfig file is stored. | `nil` |
| `config.gitConfig.configMap.annotations` | Additional annotations of the config map containing the .gitconfig file. | `{}` | | `config.gitConfig.configMap.annotations` | Additional annotations of the config map containing the .gitconfig file. | `{}` |
| `config.gitConfig.configMap.labels` | Additional labels of the config map containing the .gitconfig file. | `{}` | | `config.gitConfig.configMap.labels` | Additional labels of the config map containing the .gitconfig file. | `{}` |
| `config.gitConfig.configMap.content` | The content of the .gitconfig file. | `# The .gitconfig file
#
# The .gitconfig file contains the user specific git configuration. It generally resides in the user's home
# directory.
#
# [url "git@github.com:"] insteadOf = https://github.com/
` |
| `config.netrc.enabled` | Enable mounting of a .netrc file into the container file system. | `false` | | `config.netrc.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
| `config.netrc.existingSecret.enabled` | Enable to use an external secret for mounting the .netrc file. | `false` | | `config.netrc.existingSecret.enabled` | Enable to use an external secret for mounting the .netrc file. | `false` |
| `config.netrc.existingSecret.secretName` | The name of the existing secret which should be used to mount the .netrc file. | `""` | | `config.netrc.existingSecret.secretName` | The name of the existing secret which should be used to mount the .netrc file. | `""` |
| `config.netrc.existingSecret.netrcKey` | The name of the key inside the secret where the content of the .netrc file is stored. | `.netrc` | | `config.netrc.existingSecret.netrcKey` | The name of the key inside the secret where the content of the .netrc file is stored. | `.netrc` |
| `config.netrc.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` | | `config.netrc.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
| `config.netrc.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` | | `config.netrc.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
| `config.netrc.secret.content` | The content of the .netrc file. | `# The .netrc file
#
# The .netrc file contains login and initialization information used by the auto-login process. It generally
# resides in the user's home directory, but a location outside of the home directory can be set using the
# environment variable NETRC. Both locations are overridden by the command line option -N. The selected file
# must be a regular file, or access will be denied.
#
# https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
#
# default login [name] password [password/token]
# machine github.com [octocat] password [PAT]
# machine api.github.com [octocat] password [PAT]
` |
| `config.ssh.enabled` | Enable mounting of a .netrc file into the container file system. | `false` | | `config.ssh.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
| `config.ssh.existingSecret.enabled` | Enable to use an external secret for mounting the public and private SSH key files. | `false` | | `config.ssh.existingSecret.enabled` | Enable to use an external secret for mounting the public and private SSH key files. | `false` |
| `config.ssh.existingSecret.secretName` | The name of the existing secret which should be used to mount the public and private SSH key files. | `""` | | `config.ssh.existingSecret.secretName` | The name of the existing secret which should be used to mount the public and private SSH key files. | `""` |
@@ -248,10 +249,6 @@ extraVolumeMounts:
| `config.ssh.existingSecret.id_rsaPubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_rsa.pub` | | `config.ssh.existingSecret.id_rsaPubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_rsa.pub` |
| `config.ssh.secret.annotations` | Additional annotations of the secret containing the public and private SSH key files. | `{}` | | `config.ssh.secret.annotations` | Additional annotations of the secret containing the public and private SSH key files. | `{}` |
| `config.ssh.secret.labels` | Additional labels of the secret containing the public and private SSH key files. | `{}` | | `config.ssh.secret.labels` | Additional labels of the secret containing the public and private SSH key files. | `{}` |
| `config.ssh.secret.config` | The content of the SSH client config file. | `# Host *
# IdentityFile ~/.ssh/id_ed25519
# IdentityFile ~/.ssh/id_rsa
` |
### Deployment ### Deployment
@@ -290,7 +287,7 @@ extraVolumeMounts:
| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` | | `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` |
| `deployment.tolerations` | Tolerations of the athens-proxy deployment. | `[]` | | `deployment.tolerations` | Tolerations of the athens-proxy deployment. | `[]` |
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the athens-proxy deployment. | `[]` | | `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the athens-proxy deployment. | `[]` |
| `deployment.volumes` | Additional volumes to mount into the pods of the prometheus-exporter deployment. | `[]` | | `deployment.volumes` | Additional volumes to mount into the pods of the athens-proxy deployment. | `[]` |
### Horizontal Pod Autoscaler (HPA) ### Horizontal Pod Autoscaler (HPA)
@@ -325,20 +322,25 @@ extraVolumeMounts:
| `persistence.data.persistentVolumeClaim.annotations` | Additional persistent volume claim annotations. | `{}` | | `persistence.data.persistentVolumeClaim.annotations` | Additional persistent volume claim annotations. | `{}` |
| `persistence.data.persistentVolumeClaim.labels` | Additional persistent volume claim labels. | `{}` | | `persistence.data.persistentVolumeClaim.labels` | Additional persistent volume claim labels. | `{}` |
| `persistence.data.persistentVolumeClaim.accessModes` | Access modes of the persistent volume claim. | `["ReadWriteMany"]` | | `persistence.data.persistentVolumeClaim.accessModes` | Access modes of the persistent volume claim. | `["ReadWriteMany"]` |
| `persistence.data.persistentVolumeClaim.storageClass` | Storage class of the persistent volume claim. | `""` | | `persistence.data.persistentVolumeClaim.storageClassName` | Storage class of the persistent volume claim. | `""` |
| `persistence.data.persistentVolumeClaim.storageSize` | Size of the persistent volume claim. | `5Gi` | | `persistence.data.persistentVolumeClaim.storageSize` | Size of the persistent volume claim. | `5Gi` |
### NetworkPolicies ### Network
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------- | | --------------- | ------------------------------------------------------------------------ | --------------- |
| `networkPolicies.enabled` | Enable network policies in general. | `false` | | `clusterDomain` | Domain of the Cluster. Domain is part of internally issued certificates. | `cluster.local` |
| `networkPolicies.default.enabled` | Enable the network policy for accessing the application by default. For example to scape the metrics. | `false` |
| `networkPolicies.default.annotations` | Additional network policy annotations. | `{}` | ### Network Policy
| `networkPolicies.default.labels` | Additional network policy labels. | `{}` |
| `networkPolicies.default.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]` | | Name | Description | Value |
| `networkPolicies.default.egress` | Concrete egress network policy implementation. | `[]` | | --------------------------- | ------------------------------------------------------------------------- | ------- |
| `networkPolicies.default.ingress` | Concrete ingress network policy implementation. | `[]` | | `networkPolicy.enabled` | Enable network policies in general. | `false` |
| `networkPolicy.annotations` | Additional network policy annotations. | `{}` |
| `networkPolicy.labels` | Additional network policy labels. | `{}` |
| `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]` |
| `networkPolicy.egress` | Concrete egress network policy implementation. | `[]` |
| `networkPolicy.ingress` | Concrete ingress network policy implementation. | `[]` |
### Service ### Service

View File

@@ -9,6 +9,7 @@
], ],
"customManagers": [ "customManagers": [
{ {
"customType": "regex",
"fileMatch": [ "fileMatch": [
"^Chart\\.yaml$" "^Chart\\.yaml$"
], ],
@@ -21,6 +22,7 @@
"versioningTemplate": "semver" "versioningTemplate": "semver"
}, },
{ {
"customType": "regex",
"fileMatch": ["^README\\.md$"], "fileMatch": ["^README\\.md$"],
"matchStrings": [ "matchStrings": [
"VERSION=(?<currentValue>.*)" "VERSION=(?<currentValue>.*)"
@@ -32,6 +34,20 @@
} }
], ],
"packageRules": [ "packageRules": [
{
"groupName": "Update docker.io/volkerraschek/helm",
"matchDepNames": [
"docker.io/volkerraschek/helm",
"volkerraschek/helm"
]
},
{
"groupName": "Update docker.io/library/node",
"matchDepNames": [
"docker.io/library/node",
"library/node"
]
},
{ {
"addLabels": [ "addLabels": [
"renovate/automerge", "renovate/automerge",

View File

@@ -0,0 +1,25 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.certificates.server.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.certificate.new.annotations }}
{{ toYaml .Values.certificate.new.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.certificates.server.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.certificate.new.labels }}
{{ toYaml .Values.certificate.new.labels }}
{{- end }}
{{- end }}
{{/* names */}}
{{- define "athens-proxy.certificates.server.name" -}}
{{ include "athens-proxy.fullname" . }}-tls
{{- end -}}

View File

@@ -26,6 +26,13 @@
{{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }} {{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }}
{{- end }} {{- end }}
{{- if .Values.certificate.enabled }}
{{- $env = concat $env (list
(dict "name" "ATHENS_TLSCERT_FILE" "value" "/etc/athens-proxy/tls/tls.crt")
(dict "name" "ATHENS_TLSKEY_FILE" "value" "/etc/athens-proxy/tls/tls.key")
) }}
{{- end }}
{{ toYaml (dict "env" $env) }} {{ toYaml (dict "env" $env) }}
{{- end -}} {{- end -}}
@@ -34,6 +41,18 @@
{{/* envFrom */}} {{/* envFrom */}}
{{- define "athens-proxy.deployment.envFrom" -}} {{- define "athens-proxy.deployment.envFrom" -}}
{{- $envFrom := .Values.deployment.athensProxy.envFrom | default (list) }}
{{- if .Values.config.env.enabled }}
{{- $secretName := include "athens-proxy.secrets.env.name" $ }}
{{- if and .Values.config.env.existingSecret.enabled (gt (len .Values.config.env.existingSecret.secretName) 0)}}
{{- $secretName = .Values.config.env.existingSecret.secretName }}
{{- end }}
{{- $envFrom = concat $envFrom (list (dict "secretRef" (dict "name" $secretName))) }}
{{- end }}
{{ toYaml (dict "envFrom" $envFrom) }}
{{- end -}} {{- end -}}
{{/* image */}} {{/* image */}}
@@ -42,7 +61,7 @@
{{- $registry := .Values.deployment.athensProxy.image.registry -}} {{- $registry := .Values.deployment.athensProxy.image.registry -}}
{{- $repository := .Values.deployment.athensProxy.image.repository -}} {{- $repository := .Values.deployment.athensProxy.image.repository -}}
{{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}} {{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}}
{{- printf "%s/%s:v%s" $registry $repository $tag -}} {{- printf "%s/%s:%s" $registry $repository $tag -}}
{{- end -}} {{- end -}}
{{/* labels */}} {{/* labels */}}
@@ -68,6 +87,7 @@
{{- define "athens-proxy.deployment.volumeMounts" -}} {{- define "athens-proxy.deployment.volumeMounts" -}}
{{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }} {{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }}
{{- if .Values.persistence.enabled }} {{- if .Values.persistence.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }} {{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }}
{{- end }} {{- end }}
@@ -111,13 +131,19 @@
{{- end }} {{- end }}
{{/* volumeMounts (tls) */}}
{{- if .Values.certificate.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "tls" "mountPath" "/etc/athens-proxy/tls" )) }}
{{- end }}
{{ toYaml (dict "volumeMounts" $volumeMounts) }} {{ toYaml (dict "volumeMounts" $volumeMounts) }}
{{- end -}} {{- end -}}
{{/* volumes */}} {{/* volumes */}}
{{- define "athens-proxy.deployment.volumes" -}} {{- define "athens-proxy.deployment.volumes" -}}
{{- $volumes := .Values.deployment.athensProxy.volumes | default (list) }} {{- $volumes := .Values.deployment.volumes | default (list) }}
{{/* volumes (data) */}} {{/* volumes (data) */}}
@@ -239,5 +265,15 @@
{{- $volumes = concat $volumes (list $projectedSecretVolume) }} {{- $volumes = concat $volumes (list $projectedSecretVolume) }}
{{- end }} {{- end }}
{{/* volumes (tls) */}}
{{- if .Values.certificate.enabled }}
{{- $secretName := include "athens-proxy.certificates.server.name" $ }}
{{- if .Values.certificate.existingSecret.enabled }}
{{- $secretName := .Values.certificate.existingSecret.secretName }}
{{- end }}
{{- $volumes = concat $volumes (list (dict "name" "tls" "secret" (dict "secretName" $secretName))) }}
{{- end }}
{{ toYaml (dict "volumes" $volumes) }} {{ toYaml (dict "volumes" $volumes) }}
{{- end -}} {{- end -}}

View File

@@ -0,0 +1,19 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.networkPolicy.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- if .Values.networkPolicy.annotations }}
{{ toYaml .Values.networkPolicy.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.networkPolicy.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- if .Values.networkPolicy.labels }}
{{ toYaml .Values.networkPolicy.labels }}
{{- end }}
{{- end }}

34
templates/_pod.tpl Normal file
View File

@@ -0,0 +1,34 @@
---
{{/* annotations */}}
{{- define "athens-proxy.pod.annotations" }}
{{- include "athens-proxy.annotations" . }}
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }}
{{- end }}
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }}
{{- end }}
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }}
{{- end }}
{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }}
{{- end }}
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.pod.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- end }}
{{- define "athens-proxy.pod.selectorLabels" -}}
{{ include "athens-proxy.selectorLabels" . }}
{{- end }}

View File

@@ -1,19 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "athens-proxy.networkPolicies.annotations" -}}
{{ include "athens-proxy.annotations" .context }}
{{- if .networkPolicy.annotations }}
{{ toYaml .networkPolicy.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.networkPolicies.labels" -}}
{{ include "athens-proxy.labels" .context }}
{{- if .networkPolicy.labels }}
{{ toYaml .networkPolicy.labels }}
{{- end }}
{{- end }}

View File

@@ -1,17 +0,0 @@
---
{{/* annotations */}}
{{- define "athens-proxy.pod.annotations" -}}
{{ include "athens-proxy.annotations" . }}
{{- end }}
{{/* labels */}}
{{- define "athens-proxy.pod.labels" -}}
{{ include "athens-proxy.labels" . }}
{{- end }}
{{- define "athens-proxy.pod.selectorLabels" -}}
{{ include "athens-proxy.selectorLabels" . }}
{{- end }}

View File

@@ -1,36 +0,0 @@
{{- if .Values.networkPolicies.enabled }}
{{- range $key, $value := .Values.networkPolicies -}}
{{- if and (not (eq $key "enabled")) $value.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
{{- with (include "athens-proxy.networkPolicies.annotations" (dict "networkPolicy" $value "context" $) | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.networkPolicies.labels" (dict "networkPolicy" $value "context" $) | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ printf "%s-%s" (include "athens-proxy.fullname" $ ) $key }}
namespace: {{ $.Release.Namespace }}
spec:
podSelector:
matchLabels:
{{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }}
{{- with $value.policyTypes }}
policyTypes:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with $value.egress }}
egress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with $value.ingress }}
ingress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,97 @@
{{- if and .Values.certificate.enabled (not .Values.certificate.existingSecret.enabled) -}}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
{{- with (include "athens-proxy.certificates.server.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.certificates.server.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.certificates.server.name" . }}
namespace: {{ .Release.Namespace }}
spec:
commonName: {{ include "athens-proxy.fullname" . }}
{{- if empty .Values.certificate.new.dnsNames }}
dnsNames:
- {{ include "athens-proxy.fullname" . }}
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
{{- else }}
dnsNames:
{{- range .Values.certificate.new.dnsNames }}
- {{ . }}
{{- end }}
{{- end }}
duration: {{ .Values.certificate.new.duration }}
{{- if not (empty .Values.certificate.new.ipAddresses) }}
ipAddresses:
{{- range .Values.certificate.new.ipAddresses }}
- {{ . }}
{{- end }}
{{- end }}
isCA: false
issuerRef:
kind: {{ required "No certificate issuer kind defined!" .Values.certificate.new.issuerRef.kind }}
name: {{ required "No certificate issuer name defined!" .Values.certificate.new.issuerRef.name }}
privateKey:
algorithm: {{ .Values.certificate.new.privateKey.algorithm }}
rotationPolicy: {{ .Values.certificate.new.privateKey.rotationPolicy }}
size: {{ .Values.certificate.new.privateKey.size }}
renewBefore: {{ .Values.certificate.new.renewBefore }}
secretName: {{ include "athens-proxy.certificates.server.name" . }}
{{- with .Values.certificate.new.secretTemplate }}
secretTemplate:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if or .Values.certificate.new.subject.countries
.Values.certificate.new.subject.localities
.Values.certificate.new.subject.organizationalUnits
.Values.certificate.new.subject.organizations
.Values.certificate.new.subject.postalCodes
.Values.certificate.new.subject.provinces
.Values.certificate.new.subject.serialNumber
.Values.certificate.new.subject.streetAddresses
}}
subject:
{{- with .Values.certificate.new.subject.countries }}
countries:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.localities }}
localities:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.organizationalUnits }}
organizationalUnits:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.organizations }}
organizations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.postalCodes }}
postalCodes:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.provinces }}
provinces:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.certificate.new.subject.serialNumber }}
serialNumber: {{ .Values.certificate.new.subject.serialNumber }}
{{- end }}
{{- with .Values.certificate.new.subject.streetAddresses }}
streetAddresses:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
usages:
{{- range .Values.certificate.new.usages }}
- {{ . }}
{{- end }}
{{- end }}

View File

@@ -1,4 +1,4 @@
{{- if not .Values.config.downloadMode.existingConfigMap.enabled }} {{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap

View File

@@ -1,4 +1,4 @@
{{- if not .Values.config.gitConfig.existingConfigMap.enabled }} {{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
@@ -11,7 +11,7 @@ metadata:
labels: labels:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "athens-proxy.fullname" . }}-git-config name: {{ include "athens-proxy.configMap.gitConfig.name" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
data: data:
.gitconfig: | .gitconfig: |

View File

@@ -50,16 +50,24 @@ spec:
image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }} image: {{ include "athens-proxy.deployment.images.athens-proxy.fqin" . | quote }}
imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }} imagePullPolicy: {{ .Values.deployment.athensProxy.image.pullPolicy }}
livenessProbe: livenessProbe:
tcpSocket: exec:
port: http {{- if not .Values.certificate.enabled }}
command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ]
{{- else }}
command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ]
{{- end }}
failureThreshold: 3 failureThreshold: 3
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 60 periodSeconds: 60
successThreshold: 1 successThreshold: 1
timeoutSeconds: 3 timeoutSeconds: 3
readinessProbe: readinessProbe:
tcpSocket: exec:
port: http {{- if not .Values.certificate.enabled }}
command: [ "wget", "-T", "3", "-O", "/dev/null", "http://localhost:3000" ]
{{- else }}
command: [ "wget", "--no-check-certificate", "-T", "3", "-O", "/dev/null", "https://localhost:3000" ]
{{- end }}
failureThreshold: 3 failureThreshold: 3
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 15 periodSeconds: 15

View File

@@ -0,0 +1,32 @@
{{- if .Values.networkPolicy.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
{{- with (include "athens-proxy.networkPolicy.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.networkPolicy.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
podSelector:
matchLabels:
{{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }}
{{- with .Values.networkPolicy.policyTypes }}
policyTypes:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.networkPolicy.egress }}
egress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.networkPolicy.ingress }}
ingress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

View File

@@ -1,4 +1,4 @@
{{- if not .Values.config.env.existingSecret.enabled }} {{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret

View File

@@ -1,4 +1,4 @@
{{- if not .Values.config.ssh.existingSecret.enabled }} {{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret

View File

@@ -0,0 +1,300 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Certificate athens-proxy template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/certificate.yaml
tests:
- it: Skip rendering by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rendering for existing certificate
set:
certificate.enabled: true
certificate.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Throw error when issuerKind and IssuerName is not defined
set:
certificate.enabled: true
asserts:
- failedTemplate:
errorMessage: "No certificate issuer kind defined!"
- it: Throw error when issuerKind and IssuerName is not defined
set:
certificate.enabled: true
asserts:
- failedTemplate: {}
- it: Throw error when issuerKind not defined
set:
certificate.enabled: true
certificate.new.issuerRef.name: "my-issuer"
asserts:
- failedTemplate:
errorMessage: "No certificate issuer kind defined!"
- it: Throw error when issuerName not defined
set:
certificate.enabled: true
certificate.new.issuerRef.kind: "ClusterIssuer"
asserts:
- failedTemplate:
errorMessage: "No certificate issuer name defined!"
- it: Rendering Certificate object when certificate.enabled=true (default)
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: cert-manager.io/v1
kind: Certificate
name: athens-proxy-unittest-tls
namespace: testing
- equal:
path: spec.commonName
value: athens-proxy-unittest
- equal:
path: spec.duration
value: 744h
- equal:
path: spec.dnsNames
value: [ "athens-proxy-unittest", "athens-proxy-unittest.testing", "athens-proxy-unittest.testing.svc", "athens-proxy-unittest.testing.svc.cluster.local" ]
- notExists:
path: spec.ipAddresses
- equal:
path: spec.isCA
value: false
- equal:
path: spec.issuerRef.kind
value: ClusterIssuer
- equal:
path: spec.issuerRef.name
value: my-issuer
- equal:
path: spec.privateKey.algorithm
value: RSA
- equal:
path: spec.privateKey.size
value: 4096
- equal:
path: spec.privateKey.rotationPolicy
value: Never
- equal:
path: spec.secretName
value: athens-proxy-unittest-tls
- exists:
path: spec.secretTemplate.annotations
- exists:
path: spec.secretTemplate.labels
- notExists:
path: spec.subject
- notExists:
path: spec.subject.countries
- notExists:
path: spec.subject.localities
- notExists:
path: spec.subject.organizationalUnits
- notExists:
path: spec.subject.organizations
- notExists:
path: spec.subject.postalCodes
- notExists:
path: spec.subject.provinces
- notExists:
path: spec.subject.serialNumber
- notExists:
path: spec.subject.streetAddresses
- equal:
path: spec.renewBefore
value: 672h
- equal:
path: spec.usages
value: [ "client auth", "server auth" ]
# metadata.annotations
- it: Rendering Certificate object with additional annotations and labels
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.annotations:
foo: bar
certificate.new.labels:
bar: foo
asserts:
- isSubset:
path: metadata.annotations
content:
foo: bar
- isSubset:
path: metadata.labels
content:
bar: foo
# spec.duration
- it: Rendering Certificate object with custom `.Values.certificate.new.duration`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.duration: 3000h
asserts:
- equal:
path: spec.duration
value: 3000h
# spec.dnsNames
- it: Rendering Certificate object with custom `.Values.certificate.new.dnsNames`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.dnsNames: [ "app", "app.example.local" ]
asserts:
- equal:
path: spec.dnsNames
value: [ "app", "app.example.local" ]
# spec.dnsNames
- it: Rendering Certificate object with custom `.Values.clusterDomain` as domain.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
clusterDomain: k8s.example.local
asserts:
- contains:
path: spec.dnsNames
content:
athens-proxy-unittest.testing.svc.k8s.example.local
count: 1
# spec.ipAddresses
- it: RRendering Certificate object with custom `.Values.certificate.new.ipAddresses`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.ipAddresses: [ "10.11.12.13", "fe00:xxyy:xxyy" ]
asserts:
- equal:
path: spec.ipAddresses
value: [ "10.11.12.13", "fe00:xxyy:xxyy" ]
# spec.privateKey
- it: Rendering Certificate object with custom `.Values.certificate.new.privateKey` values.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.privateKey.algorithm: ED25519
certificate.new.privateKey.rotationPolicy: Never
certificate.new.privateKey.size: 512
asserts:
- equal:
path: spec.privateKey.algorithm
value: ED25519
- equal:
path: spec.privateKey.rotationPolicy
value: Never
- equal:
path: spec.privateKey.size
value: 512
# spec.renewBefore
- it: Rendering Certificate object with custom `.Values.certificate.new.renewBefore`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.renewBefore: 2000h
asserts:
- equal:
path: spec.renewBefore
value: 2000h
# spec.secretTemplate
- it: Rendering Certificate object with custom `.Values.certificate.new.secretTemplate` values.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.secretTemplate:
annotations:
foo: bar
labels:
bar: foo
asserts:
- equal:
path: spec.secretTemplate.annotations
value:
foo: bar
- equal:
path: spec.secretTemplate.labels
value:
bar: foo
# spec.secretTemplate
- it: Rendering Certificate object with custom `.Values.certificate.new.subject` values.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.subject.countries: [ "Country" ]
certificate.new.subject.localities: [ "City" ]
certificate.new.subject.organizationalUnits: [ "IT department" ]
certificate.new.subject.organizations: [ "My organization" ]
certificate.new.subject.postalCodes: [ "AB12345", "12345AB" ]
certificate.new.subject.provinces: [ "Provinces" ]
certificate.new.subject.serialNumber: "MyNumber"
certificate.new.subject.streetAddresses: [ "ExampleStreet 1", "StreetExample 2" ]
asserts:
- equal:
path: spec.subject.countries
value: [ "Country" ]
- equal:
path: spec.subject.localities
value: [ "City" ]
- equal:
path: spec.subject.organizationalUnits
value: [ "IT department" ]
- equal:
path: spec.subject.organizations
value: [ "My organization" ]
- equal:
path: spec.subject.postalCodes
value: [ "AB12345", "12345AB" ]
- equal:
path: spec.subject.provinces
value: [ "Provinces" ]
- equal:
path: spec.subject.serialNumber
value: "MyNumber"
- equal:
path: spec.subject.streetAddresses
value: [ "ExampleStreet 1", "StreetExample 2" ]
# spec.usages
- it: Rendering Certificate object with custom `.Values.certificate.new.usages`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.usages: [ "client auth" ]
asserts:
- equal:
path: spec.usages
value: [ "client auth" ]

View File

@@ -6,16 +6,24 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/configMapDownloadMode.yaml - templates/configMapDownloadMode.yaml
tests: tests:
- it: Skip rending by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rending by using existing config map. - it: Skip rending by using existing config map.
set: set:
config.downloadMode.enabled: true
config.downloadMode.existingConfigMap.enabled: true config.downloadMode.existingConfigMap.enabled: true
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 0 count: 0
- it: Rendering by default. - it: Rendering with default values
set:
config.downloadMode.enabled: true
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
@@ -37,10 +45,10 @@ tests:
- equal: - equal:
path: data.downloadMode path: data.downloadMode
value: | value: |
# downloadURL = "https://proxy.golang.org" downloadURL = "https://proxy.golang.org"
#
# mode = "async_redirect" mode = "async_redirect"
#
# download "github.com/gomods/*" { # download "github.com/gomods/*" {
# mode = "sync" # mode = "sync"
# } # }
@@ -51,11 +59,12 @@ tests:
# #
# download "github.com/pkg/*" { # download "github.com/pkg/*" {
# mode = "redirect" # mode = "redirect"
# downloadURL = "https://gocenter.io" # downloadURL = "https://proxy.golang.org"
# } # }
- it: Rendering custom annotations and labels. - it: Rendering custom annotations and labels.
set: set:
config.downloadMode.enabled: true
config.downloadMode.configMap.annotations: config.downloadMode.configMap.annotations:
foo: bar foo: bar
bar: foo bar: foo
@@ -76,6 +85,7 @@ tests:
- it: Rendering custom configuration - it: Rendering custom configuration
set: set:
config.downloadMode.enabled: true
config.downloadMode.configMap.content: | config.downloadMode.configMap.content: |
downloadURL = "https://proxy.golang.org" downloadURL = "https://proxy.golang.org"
mode = "async_redirect" mode = "async_redirect"

View File

@@ -6,23 +6,31 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/configMapGitConfig.yaml - templates/configMapGitConfig.yaml
tests: tests:
- it: Skip rending by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rending by using existing config map. - it: Skip rending by using existing config map.
set: set:
config.gitConfig.enabled: true
config.gitConfig.existingConfigMap.enabled: true config.gitConfig.existingConfigMap.enabled: true
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 0 count: 0
- it: Rendering by default. - it: Rendering by default.
set:
config.gitConfig.enabled: true
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
- containsDocument: - containsDocument:
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
name: athens-proxy-unittest-git-config name: athens-proxy-unittest-gitconfig
namespace: testing namespace: testing
- notExists: - notExists:
path: metadata.annotations path: metadata.annotations
@@ -46,6 +54,7 @@ tests:
- it: Rendering custom annotations and labels. - it: Rendering custom annotations and labels.
set: set:
config.gitConfig.enabled: true
config.gitConfig.configMap.annotations: config.gitConfig.configMap.annotations:
foo: bar foo: bar
bar: foo bar: foo
@@ -66,6 +75,7 @@ tests:
- it: Rendering custom configuration - it: Rendering custom configuration
set: set:
config.gitConfig.enabled: true
config.gitConfig.configMap.content: | config.gitConfig.configMap.content: |
[url "git@github.com:"] [url "git@github.com:"]
insteadOf = https://github.com/ insteadOf = https://github.com/

View File

@@ -0,0 +1,73 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests:
- it: Rendering default without tls config
asserts:
- notContains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_TLSCERT_FILE
value: /etc/athens-proxy/tls/tls.crt
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_TLSKEY_FILE
value: /etc/athens-proxy/tls/tls.key
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: tls
mountPath: /etc/athens-proxy/tls
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.volumes
content:
name: tls
secretRef:
name: athens-proxy-unittest-tls
template: templates/deployment.yaml
- it: Rendering with tls config
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: MyIssuer
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_TLSCERT_FILE
value: /etc/athens-proxy/tls/tls.crt
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: ATHENS_TLSKEY_FILE
value: /etc/athens-proxy/tls/tls.key
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: tls
mountPath: /etc/athens-proxy/tls
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: tls
secret:
secretName: athens-proxy-unittest-tls
template: templates/deployment.yaml

View File

@@ -6,22 +6,22 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/deployment.yaml - templates/deployment.yaml
tests: tests:
- it: Rendering default - it: Rendering default
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- containsDocument: - containsDocument:
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: metadata.annotations path: metadata.annotations
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- equal: - equal:
path: metadata.labels path: metadata.labels
value: value:
@@ -30,11 +30,11 @@ tests:
app.kubernetes.io/name: athens-proxy app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0 app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0 helm.sh/chart: athens-proxy-0.1.0
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- equal: - equal:
path: spec.replicas path: spec.replicas
value: 1 value: 1
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- equal: - equal:
path: spec.template.metadata.labels path: spec.template.metadata.labels
value: value:
@@ -43,74 +43,74 @@ tests:
app.kubernetes.io/name: athens-proxy app.kubernetes.io/name: athens-proxy
app.kubernetes.io/version: 0.1.0 app.kubernetes.io/version: 0.1.0
helm.sh/chart: athens-proxy-0.1.0 helm.sh/chart: athens-proxy-0.1.0
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.affinity path: spec.template.spec.affinity
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.containers[0].args path: spec.template.spec.containers[0].args
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.containers[0].command path: spec.template.spec.containers[0].command
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.containers[0].envFrom path: spec.template.spec.containers[0].envFrom
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: docker.io/gomods/athens:v0.1.0 value: docker.io/gomods/athens:0.1.0
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- equal: - equal:
path: spec.template.spec.containers[0].imagePullPolicy path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent value: IfNotPresent
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.containers[0].resources path: spec.template.spec.containers[0].resources
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.containers[0].securityContext path: spec.template.spec.containers[0].securityContext
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.dnsConfig path: spec.template.spec.dnsConfig
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.dnsPolicy path: spec.template.spec.dnsPolicy
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.hostname path: spec.template.spec.hostname
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- equal: - equal:
path: spec.template.spec.hostNetwork path: spec.template.spec.hostNetwork
value: false value: false
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.imagePullSecrets path: spec.template.spec.imagePullSecrets
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.nodeSelector path: spec.template.spec.nodeSelector
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.priorityClassName path: spec.template.spec.priorityClassName
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.restartPolicy path: spec.template.spec.restartPolicy
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.subdomain path: spec.template.spec.subdomain
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- equal: - equal:
path: spec.template.spec.terminationGracePeriodSeconds path: spec.template.spec.terminationGracePeriodSeconds
value: 60 value: 60
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.tolerations path: spec.template.spec.tolerations
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.topologySpreadConstraints path: spec.template.spec.topologySpreadConstraints
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- equal: - equal:
path: spec.strategy path: spec.strategy
value: value:
@@ -118,7 +118,7 @@ tests:
rollingUpdate: rollingUpdate:
maxSurge: 1 maxSurge: 1
maxUnavailable: 1 maxUnavailable: 1
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test custom replicas - it: Test custom replicas
set: set:
@@ -130,7 +130,7 @@ tests:
- equal: - equal:
path: spec.replicas path: spec.replicas
value: 3 value: 3
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test custom affinity - it: Test custom affinity
set: set:
@@ -160,7 +160,7 @@ tests:
values: values:
- antarctica-east1 - antarctica-east1
- antarctica-west1 - antarctica-west1
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test additional arguments - it: Test additional arguments
set: set:
@@ -176,7 +176,7 @@ tests:
value: value:
- --foo=bar - --foo=bar
- --bar=foo - --bar=foo
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test additional command - it: Test additional command
set: set:
@@ -194,7 +194,7 @@ tests:
- "/bin/sh" - "/bin/sh"
- "-c" - "-c"
- "echo hello" - "echo hello"
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test custom imageRegistry and imageRepository - it: Test custom imageRegistry and imageRepository
set: set:
@@ -206,8 +206,8 @@ tests:
asserts: asserts:
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: registry.example.local/path/special/athens-proxy:v0.1.0 value: registry.example.local/path/special/athens-proxy:0.1.0
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test custom imagePullPolicy - it: Test custom imagePullPolicy
set: set:
@@ -219,7 +219,7 @@ tests:
- equal: - equal:
path: spec.template.spec.containers[0].imagePullPolicy path: spec.template.spec.containers[0].imagePullPolicy
value: Always value: Always
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test custom resource limits and requests - it: Test custom resource limits and requests
set: set:
@@ -242,7 +242,7 @@ tests:
resourceFieldRef: resourceFieldRef:
divisor: "1" divisor: "1"
resource: limits.cpu resource: limits.cpu
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- equal: - equal:
path: spec.template.spec.containers[0].resources path: spec.template.spec.containers[0].resources
value: value:
@@ -252,7 +252,7 @@ tests:
requests: requests:
cpu: 25m cpu: 25m
memory: 100MB memory: 100MB
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test custom securityContext - it: Test custom securityContext
set: set:
@@ -282,7 +282,7 @@ tests:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1000 runAsUser: 1000
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test dnsConfig - it: Test dnsConfig
set: set:
@@ -300,7 +300,7 @@ tests:
nameservers: nameservers:
- "8.8.8.8" - "8.8.8.8"
- "8.8.4.4" - "8.8.4.4"
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test dnsPolicy - it: Test dnsPolicy
set: set:
@@ -312,7 +312,7 @@ tests:
- equal: - equal:
path: spec.template.spec.dnsPolicy path: spec.template.spec.dnsPolicy
value: ClusterFirst value: ClusterFirst
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test hostNetwork, hostname, subdomain - it: Test hostNetwork, hostname, subdomain
set: set:
@@ -326,15 +326,15 @@ tests:
- equal: - equal:
path: spec.template.spec.hostNetwork path: spec.template.spec.hostNetwork
value: true value: true
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- equal: - equal:
path: spec.template.spec.hostname path: spec.template.spec.hostname
value: pg-exporter value: pg-exporter
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- equal: - equal:
path: spec.template.spec.subdomain path: spec.template.spec.subdomain
value: exporters.internal value: exporters.internal
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test imagePullSecrets - it: Test imagePullSecrets
set: set:
@@ -350,7 +350,7 @@ tests:
value: value:
- name: my-pull-secret - name: my-pull-secret
- name: my-special-secret - name: my-special-secret
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test nodeSelector - it: Test nodeSelector
set: set:
@@ -364,7 +364,7 @@ tests:
path: spec.template.spec.nodeSelector path: spec.template.spec.nodeSelector
value: value:
foo: bar foo: bar
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test priorityClassName - it: Test priorityClassName
set: set:
@@ -376,7 +376,7 @@ tests:
- equal: - equal:
path: spec.template.spec.priorityClassName path: spec.template.spec.priorityClassName
value: my-priority value: my-priority
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test restartPolicy - it: Test restartPolicy
set: set:
@@ -388,7 +388,7 @@ tests:
- equal: - equal:
path: spec.template.spec.restartPolicy path: spec.template.spec.restartPolicy
value: Always value: Always
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test terminationGracePeriodSeconds - it: Test terminationGracePeriodSeconds
set: set:
@@ -400,7 +400,7 @@ tests:
- equal: - equal:
path: spec.template.spec.terminationGracePeriodSeconds path: spec.template.spec.terminationGracePeriodSeconds
value: 120 value: 120
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test tolerations - it: Test tolerations
set: set:
@@ -420,7 +420,7 @@ tests:
operator: Equal operator: Equal
value: postgres value: postgres
effect: NoSchedule effect: NoSchedule
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test topologySpreadConstraints - it: Test topologySpreadConstraints
set: set:
@@ -442,7 +442,7 @@ tests:
labelSelector: labelSelector:
matchLabels: matchLabels:
app.kubernetes.io/instance: athens-proxy app.kubernetes.io/instance: athens-proxy
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test additional volumeMounts and volumes - it: Test additional volumeMounts and volumes
set: set:
@@ -462,5 +462,11 @@ tests:
value: value:
- name: data - name: data
mountPath: /usr/lib/athens-proxy/data mountPath: /usr/lib/athens-proxy/data
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- equal:
path: spec.template.spec.volumes
value:
- name: data
hostPath:
path: /usr/lib/athens-proxy/data
template: templates/deployment.yaml

View File

@@ -6,42 +6,57 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/deployment.yaml - templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests: tests:
- it: Rendering default without mounted download mode config map - it: Rendering default without mounted download mode config map
asserts: asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- notContains: - notContains:
path: spec.template.spec.containers[0].env path: spec.template.spec.containers[0].env
content: content:
name: ATHENS_DOWNLOAD_MODE name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode value: file:/etc/athens/config/download-mode.d/download-mode
template: templates/deployment.yaml
- notContains: - notContains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: download-mode name: download-mode
mountPath: /etc/athens/config/download-mode.d mountPath: /etc/athens/config/download-mode.d
template: templates/deployment.yaml
- notContains: - notContains:
path: spec.template.spec.volumes path: spec.template.spec.volumes
content: content:
name: download-mode name: download-mode
configMap: configMap:
name: athens-proxy-unittest-download-mode-file name: athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- it: Rendering default with mounted gitconfig configMap - it: Rendering default with mounted gitconfig configMap
set: set:
config.downloadMode.enabled: true config.downloadMode.enabled: true
persistence.enabled: true persistence.enabled: true
asserts: asserts:
- exists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].env path: spec.template.spec.containers[0].env
content: content:
name: ATHENS_DOWNLOAD_MODE name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode value: file:/etc/athens/config/download-mode.d/download-mode
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: download-mode name: download-mode
mountPath: /etc/athens/config/download-mode.d mountPath: /etc/athens/config/download-mode.d
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.volumes path: spec.template.spec.volumes
content: content:
@@ -52,6 +67,7 @@ tests:
mode: 0644 mode: 0644
path: download-mode path: download-mode
name: athens-proxy-unittest-download-mode-file name: athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- it: Rendering with custom download mode configMap - it: Rendering with custom download mode configMap
set: set:
@@ -61,16 +77,21 @@ tests:
config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key" config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key"
persistence.enabled: true persistence.enabled: true
asserts: asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].env path: spec.template.spec.containers[0].env
content: content:
name: ATHENS_DOWNLOAD_MODE name: ATHENS_DOWNLOAD_MODE
value: file:/etc/athens/config/download-mode.d/download-mode value: file:/etc/athens/config/download-mode.d/download-mode
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: download-mode name: download-mode
mountPath: /etc/athens/config/download-mode.d mountPath: /etc/athens/config/download-mode.d
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.volumes path: spec.template.spec.volumes
content: content:
@@ -81,3 +102,4 @@ tests:
path: "download-mode" path: "download-mode"
mode: 0644 mode: 0644
name: my-custom-configmap name: my-custom-configmap
template: templates/deployment.yaml

View File

@@ -0,0 +1,51 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/deployment.yaml
- templates/secretEnv.yaml
tests:
- it: Rendering default without mounted env secret
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
template: templates/deployment.yaml
- notContains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: athens-proxy-unittest-env
template: templates/deployment.yaml
- it: Rendering default with mounted env secret
set:
config.env.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: athens-proxy-unittest-env
template: templates/deployment.yaml
- it: Rendering default with mounted env secret
set:
config.env.enabled: true
config.env.existingSecret.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: athens-proxy-unittest-env
template: templates/deployment.yaml

View File

@@ -6,16 +6,24 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/deployment.yaml - templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests: tests:
- it: Rendering default without mounted git config map - it: Rendering default without mounted git config map
asserts: asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- notContains: - notContains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.gitconfig mountPath: /root/.gitconfig
subPath: .gitconfig subPath: .gitconfig
template: templates/deployment.yaml
- notContains: - notContains:
path: spec.template.spec.volumes path: spec.template.spec.volumes
content: content:
@@ -28,18 +36,23 @@ tests:
path: .gitconfig path: .gitconfig
mode: 0600 mode: 0600
name: athens-proxy-unittest-gitconfig name: athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- it: Rendering default with mounted gitconfig configMap - it: Rendering default with mounted gitconfig configMap
set: set:
config.gitConfig.enabled: true config.gitConfig.enabled: true
persistence.enabled: true persistence.enabled: true
asserts: asserts:
- exists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.gitconfig mountPath: /root/.gitconfig
subPath: .gitconfig subPath: .gitconfig
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.volumes path: spec.template.spec.volumes
content: content:
@@ -52,6 +65,7 @@ tests:
path: .gitconfig path: .gitconfig
mode: 0644 mode: 0644
name: athens-proxy-unittest-gitconfig name: athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- it: Rendering with custom gitconfig configMap - it: Rendering with custom gitconfig configMap
set: set:
@@ -61,12 +75,16 @@ tests:
config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key" config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key"
persistence.enabled: true persistence.enabled: true
asserts: asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.gitconfig mountPath: /root/.gitconfig
subPath: .gitconfig subPath: .gitconfig
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.volumes path: spec.template.spec.volumes
content: content:
@@ -79,3 +97,4 @@ tests:
path: .gitconfig path: .gitconfig
mode: 0644 mode: 0644
name: my-custom-configmap name: my-custom-configmap
template: templates/deployment.yaml

View File

@@ -6,15 +6,23 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/deployment.yaml - templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests: tests:
- it: Rendering default without mounted netrc secret - it: Rendering default without mounted netrc secret
asserts: asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
template: templates/deployment.yaml
- notContains: - notContains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: netrc name: netrc
mountPath: /root mountPath: /root
template: templates/deployment.yaml
- notContains: - notContains:
path: spec.template.spec.volumes path: spec.template.spec.volumes
content: content:
@@ -27,18 +35,23 @@ tests:
path: .netrc path: .netrc
mode: 0600 mode: 0600
name: athens-proxy-unittest-netrc name: athens-proxy-unittest-netrc
template: templates/deployment.yaml
- it: Rendering default with mounted netrc secret - it: Rendering default with mounted netrc secret
set: set:
config.netrc.enabled: true config.netrc.enabled: true
persistence.enabled: true persistence.enabled: true
asserts: asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.netrc mountPath: /root/.netrc
subPath: .netrc subPath: .netrc
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.volumes path: spec.template.spec.volumes
content: content:
@@ -51,6 +64,7 @@ tests:
path: .netrc path: .netrc
mode: 0600 mode: 0600
name: athens-proxy-unittest-netrc name: athens-proxy-unittest-netrc
template: templates/deployment.yaml
- it: Rendering with custom netrc secret - it: Rendering with custom netrc secret
set: set:
@@ -60,12 +74,16 @@ tests:
config.netrc.existingSecret.netrcKey: "my-netrc-key" config.netrc.existingSecret.netrcKey: "my-netrc-key"
persistence.enabled: true persistence.enabled: true
asserts: asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netc
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.netrc mountPath: /root/.netrc
subPath: .netrc subPath: .netrc
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.volumes path: spec.template.spec.volumes
content: content:
@@ -78,3 +96,4 @@ tests:
path: .netrc path: .netrc
mode: 0600 mode: 0600
name: my-custom-secret name: my-custom-secret
template: templates/deployment.yaml

View File

@@ -6,7 +6,11 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/deployment.yaml - templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests: tests:
- it: Test persistent volume claim - it: Test persistent volume claim
set: set:
@@ -17,26 +21,26 @@ tests:
content: content:
name: ATHENS_STORAGE_TYPE name: ATHENS_STORAGE_TYPE
value: disk value: disk
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].env path: spec.template.spec.containers[0].env
content: content:
name: ATHENS_DISK_STORAGE_ROOT name: ATHENS_DISK_STORAGE_ROOT
value: /var/www/athens-proxy/data value: /var/www/athens-proxy/data
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: data name: data
mountPath: /var/www/athens-proxy/data mountPath: /var/www/athens-proxy/data
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.volumes path: spec.template.spec.volumes
content: content:
name: data name: data
persistentVolumeClaim: persistentVolumeClaim:
claimName: athens-proxy-unittest-data claimName: athens-proxy-unittest-data
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- it: Test existing persistent volume claim - it: Test existing persistent volume claim
set: set:
@@ -51,23 +55,23 @@ tests:
content: content:
name: ATHENS_STORAGE_TYPE name: ATHENS_STORAGE_TYPE
value: disk value: disk
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].env path: spec.template.spec.containers[0].env
content: content:
name: ATHENS_DISK_STORAGE_ROOT name: ATHENS_DISK_STORAGE_ROOT
value: /mnt/go-proxy/data value: /mnt/go-proxy/data
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: data name: data
mountPath: /mnt/go-proxy/data mountPath: /mnt/go-proxy/data
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.volumes path: spec.template.spec.volumes
content: content:
name: data name: data
persistentVolumeClaim: persistentVolumeClaim:
claimName: my-special-pvc claimName: my-special-pvc
template: templates/athens-proxy/deployment.yaml template: templates/deployment.yaml

View File

@@ -6,40 +6,52 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/deployment.yaml - templates/configMapDownloadMode.yaml
- templates/configMapGitConfig.yaml
- templates/deployment.yaml
- templates/secretNetRC.yaml
- templates/secretSSH.yaml
tests: tests:
- it: Rendering default without mounted ssh secret - it: Rendering default without mounted ssh secret
asserts: asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
template: templates/deployment.yaml
- notContains: - notContains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.ssh/config mountPath: /root/.ssh/config
subPath: config subPath: config
template: templates/deployment.yaml
- notContains: - notContains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.ssh/id_ed25519 mountPath: /root/.ssh/id_ed25519
subPath: id_ed25519 subPath: id_ed25519
template: templates/deployment.yaml
- notContains: - notContains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.ssh/id_ed25519.pub mountPath: /root/.ssh/id_ed25519.pub
subPath: id_ed25519.pub subPath: id_ed25519.pub
template: templates/deployment.yaml
- notContains: - notContains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.ssh/id_rsa mountPath: /root/.ssh/id_rsa
subPath: id_rsa subPath: id_rsa
template: templates/deployment.yaml
- notContains: - notContains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.ssh/id_rsa.pub mountPath: /root/.ssh/id_rsa.pub
subPath: id_rsa.pub subPath: id_rsa.pub
template: templates/deployment.yaml
- notContains: - notContains:
path: spec.template.spec.volumes path: spec.template.spec.volumes
content: content:
@@ -64,6 +76,7 @@ tests:
path: id_rsa.pub path: id_rsa.pub
mode: 0644 mode: 0644
name: athens-proxy-unittest-ssh name: athens-proxy-unittest-ssh
template: templates/deployment.yaml
- it: Rendering default with mounted ssh config - it: Rendering default with mounted ssh config
set: set:
@@ -76,6 +89,7 @@ tests:
name: secrets name: secrets
mountPath: /root/.ssh/config mountPath: /root/.ssh/config
subPath: config subPath: config
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.volumes path: spec.template.spec.volumes
content: content:
@@ -88,6 +102,7 @@ tests:
path: config path: config
mode: 0600 mode: 0600
name: athens-proxy-unittest-ssh name: athens-proxy-unittest-ssh
template: templates/deployment.yaml
- it: Rendering default with mounted ssh keys - it: Rendering default with mounted ssh keys
set: set:
@@ -98,36 +113,44 @@ tests:
config.ssh.secret.id_rsa_pub: bar config.ssh.secret.id_rsa_pub: bar
persistence.enabled: true persistence.enabled: true
asserts: asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.ssh/config mountPath: /root/.ssh/config
subPath: config subPath: config
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.ssh/id_ed25519 mountPath: /root/.ssh/id_ed25519
subPath: id_ed25519 subPath: id_ed25519
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.ssh/id_ed25519.pub mountPath: /root/.ssh/id_ed25519.pub
subPath: id_ed25519.pub subPath: id_ed25519.pub
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.ssh/id_rsa mountPath: /root/.ssh/id_rsa
subPath: id_rsa subPath: id_rsa
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.ssh/id_rsa.pub mountPath: /root/.ssh/id_rsa.pub
subPath: id_rsa.pub subPath: id_rsa.pub
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.volumes path: spec.template.spec.volumes
content: content:
@@ -152,6 +175,7 @@ tests:
path: id_rsa.pub path: id_rsa.pub
mode: 0644 mode: 0644
name: athens-proxy-unittest-ssh name: athens-proxy-unittest-ssh
template: templates/deployment.yaml
- it: Rendering with custom ssh secret - it: Rendering with custom ssh secret
set: set:
@@ -165,36 +189,44 @@ tests:
config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key" config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key"
persistence.enabled: true persistence.enabled: true
asserts: asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.ssh/config mountPath: /root/.ssh/config
subPath: config subPath: config
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.ssh/id_ed25519 mountPath: /root/.ssh/id_ed25519
subPath: id_ed25519 subPath: id_ed25519
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.ssh/id_ed25519.pub mountPath: /root/.ssh/id_ed25519.pub
subPath: id_ed25519.pub subPath: id_ed25519.pub
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.ssh/id_rsa mountPath: /root/.ssh/id_rsa
subPath: id_rsa subPath: id_rsa
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
content: content:
name: secrets name: secrets
mountPath: /root/.ssh/id_rsa.pub mountPath: /root/.ssh/id_rsa.pub
subPath: id_rsa.pub subPath: id_rsa.pub
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.volumes path: spec.template.spec.volumes
content: content:
@@ -219,3 +251,4 @@ tests:
path: id_rsa.pub path: id_rsa.pub
mode: 0644 mode: 0644
name: my-custom-secret name: my-custom-secret
template: templates/deployment.yaml

View File

@@ -6,7 +6,7 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/hpa.yaml - templates/hpa.yaml
tests: tests:
- it: Skip rendering by default. - it: Skip rendering by default.
asserts: asserts:

View File

@@ -6,7 +6,7 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/ingress.yaml - templates/ingress.yaml
tests: tests:
- it: Skip ingress by default. - it: Skip ingress by default.
asserts: asserts:

View File

@@ -1,49 +1,30 @@
chart: chart:
appVersion: 0.1.0 appVersion: 0.1.0
version: 0.1.0 version: 0.1.0
suite: NetworkPolicies template suite: NetworkPolicy template
release: release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/networkPolicies.yaml - templates/networkPolicy.yaml
tests: tests:
- it: Skip networkPolicies in general disabled. - it: Skip rendering networkPolicy
set: set:
networkPolicies.enabled: false networkPolicy.enabled: false
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 0 count: 0
- it: Skip networkPolicy 'default' when disabled. - it: Render default networkPolicy
set: set:
networkPolicies.enabled: true networkPolicy.enabled: true
networkPolicies.default.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Loop over networkPolicies
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: false
networkPolicies.nginx.enabled: true
networkPolicies.prometheus.enabled: true
asserts:
- hasDocuments:
count: 2
- it: Template networkPolicy 'default' without policyTypes, egress and ingress configuration
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: true
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
- containsDocument: - containsDocument:
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy
name: athens-proxy-unittest-default name: athens-proxy-unittest
namespace: testing namespace: testing
- notExists: - notExists:
path: metadata.annotations path: metadata.annotations
@@ -67,29 +48,28 @@ tests:
- notExists: - notExists:
path: spec.ingress path: spec.ingress
- it: Template networkPolicy 'default' with policyTypes, egress and ingress configuration - it: Template networkPolicy with policyTypes, egress and ingress configuration
set: set:
networkPolicies.enabled: true networkPolicy.enabled: true
networkPolicies.default.enabled: true networkPolicy.policyTypes:
networkPolicies.default.policyTypes:
- Egress - Egress
- Ingress - Ingress
networkPolicies.default.ingress: networkPolicy.ingress:
- from: - from:
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
kubernetes.io/metadata.name: khv-production kubernetes.io/metadata.name: monitoring
podSelector: podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: prometheus app.kubernetes.io/name: prometheus
networkPolicies.default.egress: networkPolicy.egress:
- to: - to:
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
kubernetes.io/metadata.name: database kubernetes.io/metadata.name: ingress-nginx
podSelector: podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: oracle app.kubernetes.io/name: ingress-nginx
asserts: asserts:
- equal: - equal:
path: spec.policyTypes path: spec.policyTypes
@@ -102,17 +82,17 @@ tests:
- to: - to:
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
kubernetes.io/metadata.name: database kubernetes.io/metadata.name: ingress-nginx
podSelector: podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: oracle app.kubernetes.io/name: ingress-nginx
- equal: - equal:
path: spec.ingress path: spec.ingress
value: value:
- from: - from:
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
kubernetes.io/metadata.name: khv-production kubernetes.io/metadata.name: monitoring
podSelector: podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: prometheus app.kubernetes.io/name: prometheus

View File

@@ -6,7 +6,7 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/persistentVolumeClaim.yaml - templates/persistentVolumeClaim.yaml
tests: tests:
- it: Rendering default - it: Rendering default
asserts: asserts:

View File

@@ -6,16 +6,24 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/secretEnv.yaml - templates/secretEnv.yaml
tests: tests:
- it: Skip rendering by default
asserts:
- hasDocuments:
count: 0
- it: Skip rendering by using existing secret. - it: Skip rendering by using existing secret.
set: set:
config.env.enabled: true
config.env.existingSecret.enabled: true config.env.existingSecret.enabled: true
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 0 count: 0
- it: Rendering env secret with default values. - it: Rendering env secret with default values.
set:
config.env.enabled: true
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
@@ -39,6 +47,7 @@ tests:
- it: Rendering env secret with custom values. - it: Rendering env secret with custom values.
set: set:
config.env.enabled: true
config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token
asserts: asserts:
- isSubset: - isSubset:
@@ -48,6 +57,7 @@ tests:
- it: Rendering custom annotations and labels. - it: Rendering custom annotations and labels.
set: set:
config.env.enabled: true
config.env.secret.annotations: config.env.secret.annotations:
foo: bar foo: bar
bar: foo bar: foo

View File

@@ -6,7 +6,7 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/secretNetRC.yaml - templates/secretNetRC.yaml
tests: tests:
- it: Skip rendering by default - it: Skip rendering by default
asserts: asserts:

View File

@@ -6,16 +6,24 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/secretSSH.yaml - templates/secretSSH.yaml
tests: tests:
- it: Skip rending by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rendering by using existing secret. - it: Skip rendering by using existing secret.
set: set:
config.ssh.enabled: true
config.ssh.existingSecret.enabled: true config.ssh.existingSecret.enabled: true
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 0 count: 0
- it: Rendering ssh secret with default values. - it: Rendering ssh secret with default values.
set:
config.ssh.enabled: true
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
@@ -51,6 +59,7 @@ tests:
- it: Rendering ssh secret with custom values. - it: Rendering ssh secret with custom values.
set: set:
config.ssh.enabled: true
config.ssh.secret.config: | config.ssh.secret.config: |
Host * Host *
IdentityFile ~/.ssh/id_ed25519 IdentityFile ~/.ssh/id_ed25519
@@ -90,6 +99,7 @@ tests:
- it: Rendering custom annotations and labels. - it: Rendering custom annotations and labels.
set: set:
config.ssh.enabled: true
config.ssh.secret.annotations: config.ssh.secret.annotations:
foo: bar foo: bar
bar: foo bar: foo

View File

@@ -6,7 +6,7 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/serviceAccount.yaml - templates/serviceAccount.yaml
tests: tests:
- it: Skip rendering. - it: Skip rendering.
set: set:

View File

@@ -6,7 +6,7 @@ release:
name: athens-proxy-unittest name: athens-proxy-unittest
namespace: testing namespace: testing
templates: templates:
- templates/athens-proxy/serviceHTTP.yaml - templates/serviceHTTP.yaml
tests: tests:
- it: Skip service when disabled. - it: Skip service when disabled.
set: set:

View File

@@ -5,9 +5,83 @@
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
## @section Certificate
certificate:
## @param certificate.enabled Issue a TLS certificate via cert-manager. If enabled, the environment variables `ATHENS_TLSCERT_FILE` and `ATHENS_TLSKEY_FILE` will be automatically added.
enabled: false
## @param certificate.existingSecret.enabled Use an existing secret of the type `kubernetes.io/tls`.
## @param certificate.existingSecret.secretName Name of the secret containing the TLS certificate and private key.
existingSecret:
enabled: false
secretName: ""
## @param certificate.new.annotations Additional certificate annotations.
## @param certificate.new.labels Additional certificate labels.
## @param certificate.new.duration Duration of the TLS certificate.
## @param certificate.new.renewBefore Renew TLS certificate before expiring.
## @param certificate.new.dnsNames Overwrites the default of the subject alternative DNS names.
## @param certificate.new.ipAddresses Overwrites the default of the subject alternative IP addresses.
## @param certificate.new.issuerRef.kind Issuer kind. Can be `Issuer` or `ClusterIssuer`.
## @param certificate.new.issuerRef.name Name of the `Issuer` or `ClusterIssuer`.
## @param certificate.new.privateKey.algorithm Algorithm of the private TLS key.
## @param certificate.new.privateKey.rotationPolicy Rotation of the private TLS key.
## @param certificate.new.privateKey.size Size of the private TLS key.
## @param certificate.new.secretTemplate.annotations Additional annotation of the created secret.
## @param certificate.new.secretTemplate.labels Additional labels of the created secret.
## @param certificate.new.subject.countries List of countries.
## @param certificate.new.subject.localities List of localities.
## @param certificate.new.subject.organizationalUnits List of organizationalUnits.
## @param certificate.new.subject.organizations List of organizations.
## @param certificate.new.subject.postalCodes List of postalCodes.
## @param certificate.new.subject.provinces List of provinces.
## @param certificate.new.subject.serialNumber Serial number.
## @param certificate.new.subject.streetAddresses List of streetAddresses.
## @param certificate.new.usages Define the usage of the TLS key.
new:
annotations: {}
labels: {}
duration: "744h" # 31 days
renewBefore: "672h" # 28 days
dnsNames: []
# The following DNS names are already part of the SAN's and serves only as example.
# - "athens-proxy"
# - "athens-proxy.svc"
# - "athens-proxy.svc.namespace"
# - "athens-proxy.svc.namespace.cluster.local"
ipAddresses: []
# The following IP addresses serves only as example.
# - "10.92.1.10"
# - "2001:0db8:85a3:08d3:1319:8a2e:0370:7344"
issuerRef:
kind: ""
name: ""
privateKey:
algorithm: "RSA"
rotationPolicy: "Never"
size: 4096
secretTemplate:
annotations: {}
labels: {}
subject:
countries: []
localities: []
organizationalUnits: []
organizations: []
postalCodes: []
provinces: []
serialNumber: ""
streetAddresses: []
usages:
- "client auth"
- "server auth"
## @section Configuration ## @section Configuration
config: config:
env: env:
## @param config.env.enabled Enable mounting of the secret as environment variables.
enabled: false
## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables. ## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables.
## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables. ## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables.
existingSecret: existingSecret:
@@ -75,8 +149,6 @@ config:
# ATHENS_STORAGE_GCP_JSON_KEY: # ATHENS_STORAGE_GCP_JSON_KEY:
# ATHENS_SUM_DBS: # ATHENS_SUM_DBS:
# ATHENS_TIMEOUT: # ATHENS_TIMEOUT:
# ATHENS_TLSCERT_FILE:
# ATHENS_TLSKEY_FILE:
# ATHENS_TRACE_EXPORTER_URL: # ATHENS_TRACE_EXPORTER_URL:
# ATHENS_TRACE_EXPORTER: # ATHENS_TRACE_EXPORTER:
# AWS_ACCESS_KEY_ID: # AWS_ACCESS_KEY_ID:
@@ -108,15 +180,15 @@ config:
## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file. ## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file.
## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file. ## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file.
## @param config.downloadMode.configMap.content The content of the download mode file. ## @skip config.downloadMode.configMap.content The content of the download mode file.
configMap: configMap:
annotations: {} annotations: {}
labels: {} labels: {}
content: | content: |
# downloadURL = "https://proxy.golang.org" downloadURL = "https://proxy.golang.org"
#
# mode = "async_redirect" mode = "async_redirect"
#
# download "github.com/gomods/*" { # download "github.com/gomods/*" {
# mode = "sync" # mode = "sync"
# } # }
@@ -127,7 +199,7 @@ config:
# #
# download "github.com/pkg/*" { # download "github.com/pkg/*" {
# mode = "redirect" # mode = "redirect"
# downloadURL = "https://gocenter.io" # downloadURL = "https://proxy.golang.org"
# } # }
gitConfig: gitConfig:
@@ -144,7 +216,7 @@ config:
## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the .gitconfig file. ## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the .gitconfig file.
## @param config.gitConfig.configMap.labels Additional labels of the config map containing the .gitconfig file. ## @param config.gitConfig.configMap.labels Additional labels of the config map containing the .gitconfig file.
## @param config.gitConfig.configMap.content The content of the .gitconfig file. ## @skip config.gitConfig.configMap.content The content of the .gitconfig file.
configMap: configMap:
annotations: {} annotations: {}
labels: {} labels: {}
@@ -170,7 +242,7 @@ config:
## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials. ## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials.
## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials. ## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials.
## @param config.netrc.secret.content The content of the .netrc file. ## @skip config.netrc.secret.content The content of the .netrc file.
secret: secret:
annotations: {} annotations: {}
labels: {} labels: {}
@@ -210,7 +282,7 @@ config:
## @param config.ssh.secret.annotations Additional annotations of the secret containing the public and private SSH key files. ## @param config.ssh.secret.annotations Additional annotations of the secret containing the public and private SSH key files.
## @param config.ssh.secret.labels Additional labels of the secret containing the public and private SSH key files. ## @param config.ssh.secret.labels Additional labels of the secret containing the public and private SSH key files.
## @param config.ssh.secret.config The content of the SSH client config file. ## @skip config.ssh.secret.config The content of the SSH client config file.
## @skip config.ssh.secret.id_ed25519 The content of the private SSH ed25519 key. ## @skip config.ssh.secret.id_ed25519 The content of the private SSH ed25519 key.
## @skip config.ssh.secret.id_ed25519_pub The content of the public SSH ed25519 key. ## @skip config.ssh.secret.id_ed25519_pub The content of the public SSH ed25519 key.
## @skip config.ssh.secret.id_rsa The content of the private SSH RSA key. ## @skip config.ssh.secret.id_rsa The content of the private SSH RSA key.
@@ -401,9 +473,9 @@ deployment:
# whenUnsatisfiable: DoNotSchedule # whenUnsatisfiable: DoNotSchedule
# labelSelector: # labelSelector:
# matchLabels: # matchLabels:
# app.kubernetes.io/instance: prometheus-athens-proxy # app.kubernetes.io/instance: athens-proxy
## @param deployment.volumes Additional volumes to mount into the pods of the prometheus-exporter deployment. ## @param deployment.volumes Additional volumes to mount into the pods of the athens-proxy deployment.
volumes: [] volumes: []
# - name: my-configmap-volume # - name: my-configmap-volume
# config: # config:
@@ -487,30 +559,30 @@ persistence:
## @param persistence.data.persistentVolumeClaim.annotations Additional persistent volume claim annotations. ## @param persistence.data.persistentVolumeClaim.annotations Additional persistent volume claim annotations.
## @param persistence.data.persistentVolumeClaim.labels Additional persistent volume claim labels. ## @param persistence.data.persistentVolumeClaim.labels Additional persistent volume claim labels.
## @param persistence.data.persistentVolumeClaim.accessModes Access modes of the persistent volume claim. ## @param persistence.data.persistentVolumeClaim.accessModes Access modes of the persistent volume claim.
## @param persistence.data.persistentVolumeClaim.storageClass Storage class of the persistent volume claim. ## @param persistence.data.persistentVolumeClaim.storageClassName Storage class of the persistent volume claim.
## @param persistence.data.persistentVolumeClaim.storageSize Size of the persistent volume claim. ## @param persistence.data.persistentVolumeClaim.storageSize Size of the persistent volume claim.
persistentVolumeClaim: persistentVolumeClaim:
annotations: {} annotations: {}
labels: {} labels: {}
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
storageClass: "" storageClassName: ""
storageSize: "5Gi" storageSize: "5Gi"
## @section NetworkPolicies ## @section Network
## @param networkPolicies.enabled Enable network policies in general. ## @param clusterDomain Domain of the Cluster. Domain is part of internally issued certificates.
networkPolicies: clusterDomain: "cluster.local"
enabled: false
## @param networkPolicies.default.enabled Enable the network policy for accessing the application by default. For example to scape the metrics. ## @section Network Policy
## @param networkPolicies.default.annotations Additional network policy annotations. networkPolicy:
## @param networkPolicies.default.labels Additional network policy labels. ## @param networkPolicy.enabled Enable network policies in general.
## @param networkPolicies.default.policyTypes List of policy types. Supported is ingress, egress or ingress and egress. ## @param networkPolicy.annotations Additional network policy annotations.
## @param networkPolicies.default.egress Concrete egress network policy implementation. ## @param networkPolicy.labels Additional network policy labels.
## @skip networkPolicies.default.egress Skip individual egress configuration. ## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
## @param networkPolicies.default.ingress Concrete ingress network policy implementation. ## @param networkPolicy.egress Concrete egress network policy implementation.
## @skip networkPolicies.default.ingress Skip individual ingress configuration. ## @skip networkPolicy.egress Skip individual egress configuration.
default: ## @param networkPolicy.ingress Concrete ingress network policy implementation.
## @skip networkPolicy.ingress Skip individual ingress configuration.
enabled: false enabled: false
annotations: {} annotations: {}
labels: {} labels: {}
@@ -518,13 +590,10 @@ networkPolicies:
# - Egress # - Egress
# - Ingress # - Ingress
egress: [] egress: []
# Allow outgoing traffic to database host # Allow outgoing HTTPS traffic to external go module servers
# #
# - to: # - ports:
# - ipBlock: # - port: 443
# cidr: 192.168.179.1/32
# ports:
# - port: 5432
# protocol: TCP # protocol: TCP
# Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns. # Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.