You've already forked athens-proxy-charts
							
							Compare commits
	
		
			14 Commits
		
	
	
		
			5f78a0f071
			...
			1.0.0
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 74598b4ee0 | |||
| b06c1962cc | |||
| 991c545c93 | |||
| 7c60c70244 | |||
| 0e048cdf4b | |||
| 89604cbe64 | |||
| f63450aec4 | |||
| d1e5accccb | |||
| fbd846784c | |||
| bab5282617 | |||
| 307660c767 | |||
| 59b43aac79 | |||
| 85a38e7d22 | |||
| 2005fb8e05 | 
| @@ -46,18 +46,7 @@ jobs: | |||||||
|           CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} |           CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} | ||||||
|           CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }} |           CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }} | ||||||
|           CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }} |           CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }} | ||||||
|  |  | ||||||
|           GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} |  | ||||||
|           GITEA_SERVER_URL: ${{ github.server_url }} |  | ||||||
|         run: | |         run: | | ||||||
|           PACKAGE_VERSION=${GITHUB_REF#refs/tags/} |  | ||||||
|           REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2) |  | ||||||
|           REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1) |  | ||||||
|  |  | ||||||
|           helm dependency build |  | ||||||
|           helm package --version "${PACKAGE_VERSION}" ./ |  | ||||||
|  |  | ||||||
|           # chart-museum |  | ||||||
|           helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY} |           helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY} | ||||||
|           helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum |           helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum | ||||||
|           helm repo remove chartmuseum |           helm repo remove chartmuseum | ||||||
|   | |||||||
							
								
								
									
										8
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										8
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
								
							| @@ -1,8 +0,0 @@ | |||||||
| { |  | ||||||
|   "yaml.schemas": { |  | ||||||
|     "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [ |  | ||||||
|       "/unittests/**/*.yaml" |  | ||||||
|     ] |  | ||||||
|   }, |  | ||||||
|   "yaml.schemaStore.enable": true |  | ||||||
| } |  | ||||||
| @@ -22,7 +22,3 @@ sources: | |||||||
| - https://github.com/volker-raschek/athens-proxy-charts | - https://github.com/volker-raschek/athens-proxy-charts | ||||||
| - https://github.com/gomods/athens | - https://github.com/gomods/athens | ||||||
| - https://hub.docker.com/r/gomods/athens | - https://hub.docker.com/r/gomods/athens | ||||||
|  |  | ||||||
| maintainers: |  | ||||||
| - name: Markus Pesch |  | ||||||
|   email: markus.pesch+apps@cryptic.systems |  | ||||||
|   | |||||||
							
								
								
									
										2
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										2
									
								
								Makefile
									
									
									
									
									
								
							| @@ -4,7 +4,7 @@ CONTAINER_RUNTIME?=$(shell which podman) | |||||||
| # HELM_IMAGE | # HELM_IMAGE | ||||||
| HELM_IMAGE_REGISTRY_HOST?=docker.io | HELM_IMAGE_REGISTRY_HOST?=docker.io | ||||||
| HELM_IMAGE_REPOSITORY?=volkerraschek/helm | HELM_IMAGE_REPOSITORY?=volkerraschek/helm | ||||||
| HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm | HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm | ||||||
| HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION} | HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION} | ||||||
|  |  | ||||||
| # NODE_IMAGE | # NODE_IMAGE | ||||||
|   | |||||||
							
								
								
									
										295
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										295
									
								
								README.md
									
									
									
									
									
								
							| @@ -2,167 +2,174 @@ | |||||||
|  |  | ||||||
| [](https://artifacthub.io/packages/search?repo=volker-raschek) | [](https://artifacthub.io/packages/search?repo=volker-raschek) | ||||||
|  |  | ||||||
| This is an inofficial helm chart of the go-proxy | > [!NOTE] | ||||||
| [athens](https://github.com/gomods/athens) which supports more complex | > This is not the official helm chart of Athens Go Proxy. If you are looking for the official helm chart, checkout the | ||||||
| configuration options. | > GitHub project [gomods/athens-charts](https://github.com/gomods/athens-charts). | ||||||
|  |  | ||||||
| This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and | This helm chart enables the deployment of [Athens Go Proxy](https://github.com/gomods/athens), a module datastore and | ||||||
| can be installed via helm. | proxy for Golang. | ||||||
|  |  | ||||||
|  | The helm chart supports the individual configuration of additional containers/initContainers, mounting of volumes, | ||||||
|  | defining additional environment variables and much more. | ||||||
|  |  | ||||||
|  | Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure | ||||||
|  | helm and use it to deploy the exporter. It also contains further configuration examples. | ||||||
|  |  | ||||||
|  | Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this | ||||||
|  | helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the | ||||||
|  | *[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)* | ||||||
|  | concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a | ||||||
|  | separate [chapter](#argocd). | ||||||
|  |  | ||||||
|  | ## Helm: configuration and installation | ||||||
|  |  | ||||||
|  | 1. A helm chart repository must be configured, to pull the helm charts from. | ||||||
|  | 2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm | ||||||
|  |    `--set` flag or directly as part of a `values.yaml` file. The following example defines the repository and use the | ||||||
|  |    `--set` flag for a basic deployment. | ||||||
|  |  | ||||||
| ```bash | ```bash | ||||||
| helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek | helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek | ||||||
|  | helm repo update | ||||||
| helm install athens-proxy volker.raschek/athens-proxy | helm install athens-proxy volker.raschek/athens-proxy | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ## Customization | Instead of passing all parameters via the *set* flag, it is also possible to define them as part of the `values.yaml`. | ||||||
|  | The following command downloads the `values.yaml` for a specific version of this chart. Please keep in mind, that the | ||||||
|  | version of the chart must be in sync with the `values.yaml`. Newer *minor* versions can have new features. New *major* | ||||||
|  | versions can break something! | ||||||
|  |  | ||||||
| The complete deployment can be adapted via the `values.yaml` files. The | ```bash | ||||||
| configuration of the proxy can be done via the environment variables described | CHART_VERSION=1.0.0 | ||||||
| below or via mounting the config.toml as additional persistent volume to | helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml | ||||||
| `/config/config.toml` |  | ||||||
|  |  | ||||||
| ## Access private repositories via SSH |  | ||||||
|  |  | ||||||
| Create a `configmap.yaml` with multiple keys. One key describe the content of |  | ||||||
| the `.gitconfig` file and another of `config` of the ssh client. All requests |  | ||||||
| Git clone comands with the prefix `http://github.com/` will be replaced by |  | ||||||
| `git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a |  | ||||||
| separate secret. |  | ||||||
|  |  | ||||||
| ```yaml |  | ||||||
| apiVersion: v1 |  | ||||||
| kind: ConfigMap |  | ||||||
| metadata: |  | ||||||
|   name: custom-configs |  | ||||||
| data: |  | ||||||
|   sshconfig: | |  | ||||||
|     Host github.com |  | ||||||
|       IdentityFile /root/.ssh/id_ed25519 |  | ||||||
|       StrictHostKeyChecking no |  | ||||||
|   gitconfig: | |  | ||||||
|     [url "git@github.com:"] |  | ||||||
|       insteadOf = https://github.com/ |  | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| The secret definition below contains the SSH private and public key. | A complete list of available helm chart versions can be displayed via the following command: | ||||||
|  |  | ||||||
| ```yaml | ```bash | ||||||
| apiVersion: v1 | helm search repo reposilite --versions | ||||||
| kind: Secret |  | ||||||
| metadata: |  | ||||||
|   name: custom-ssh-keys |  | ||||||
| type: Opaque |  | ||||||
| stringData: |  | ||||||
|   id_ed25519: | |  | ||||||
|     -----BEGIN OPENSSH PRIVATE KEY----- |  | ||||||
|     b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW |  | ||||||
|     QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj |  | ||||||
|     XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg |  | ||||||
|     AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M |  | ||||||
|     a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ== |  | ||||||
|     -----END OPENSSH PRIVATE KEY----- |  | ||||||
|   id_ed25519.pub: | |  | ||||||
|     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe |  | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| The item `config` of the configmap will be merged with the items of the secret | The helm chart also contains a persistent volume claim definition. It persistent volume claim is not enabled by default. | ||||||
| as virtual volume. This volume can than be mounted with special permissions | Use the `--set` argument to persist your data. | ||||||
| required for the ssh client. |  | ||||||
|  |  | ||||||
| ```yaml | ```bash | ||||||
| extraVolumes: | CHART_VERSION=1.0.0 | ||||||
| - name: ssh | helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||||
|   projected: |   persistence.enabled=true | ||||||
|     defaultMode: 0644 |  | ||||||
|     sources: |  | ||||||
|     - configMap: |  | ||||||
|         name: custom-configs |  | ||||||
|         items: |  | ||||||
|         - key: sshconfig |  | ||||||
|           path: config |  | ||||||
|     - secret: |  | ||||||
|         name: custom-ssh-keys |  | ||||||
|         items: |  | ||||||
|         - key: id_ed25519 |  | ||||||
|           path: id_ed25519 |  | ||||||
|           mode: 0600 |  | ||||||
|         - key: id_ed25519.pub |  | ||||||
|           path: id_ed25519.pub |  | ||||||
| - name: gitconfig |  | ||||||
|   configMap: |  | ||||||
|     name: custom-configs |  | ||||||
|     items: |  | ||||||
|     - key: gitconfig |  | ||||||
|       path: config |  | ||||||
|       mode: 0644 |  | ||||||
|  |  | ||||||
| extraVolumeMounts: |  | ||||||
| - name: ssh |  | ||||||
|   mountPath: /root/.ssh |  | ||||||
| - name: gitconfig |  | ||||||
|   mountPath: /root/.config/git |  | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ## Access private GitHub.com repositories via developer token | ### Examples | ||||||
|  |  | ||||||
| Another way to access private GitHub repositories is via a GitHub token, which | The following examples serve as individual configurations and as inspiration for how deployment problems can be solved. | ||||||
| can be set via the environment variable `GITHUB_TOKEN`. Athens automatically |  | ||||||
| creates a `.netrc` file to access private GitHub repositories. |  | ||||||
|  |  | ||||||
| ## Access private repositories via .netrc configuration | #### Avoid CPU throttling by defining a CPU limit | ||||||
|  |  | ||||||
| As describe above, a `.netrc` file is responsible for the authentication via | If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the | ||||||
| HTTP. The file can also be defined via a custom secret and mounted into the home | application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but | ||||||
| directory of `root` for general authentication purpose. | cannot use the available CPU time to perform computing operations. | ||||||
|  |  | ||||||
| The example below describe the definition and mounting of a custom `.netrc` file | The application must be informed that despite several CPUs only a part (limit) of the available computing time is | ||||||
| to access private repositories hosted on GitHub and GitLab. | available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way | ||||||
|  | of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS | ||||||
|  | rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling. | ||||||
|  |  | ||||||
| ```yaml | Further information about this topic can be found in one of Kanishk's blog | ||||||
| apiVersion: v1 | [posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/). | ||||||
| kind: Secret |  | ||||||
| metadata: | > [!NOTE] | ||||||
|   name: custom-netrc | > The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is | ||||||
| type: Opaque | > not anymore required. | ||||||
| stringData: | > | ||||||
|   netrc: | | > Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully. | ||||||
|     machine github.com login USERNAME password API-KEY |  | ||||||
|     machine gitlab.com login USERNAME password API-KEY | ```bash | ||||||
|  | CHART_VERSION=1.0.0 | ||||||
|  | helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||||
|  |   --set 'deployment.athensProxy.env.name=GOMAXPROCS' \ | ||||||
|  |   --set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \ | ||||||
|  |   --set 'deployment.athensProxy.resources.limits.cpu=1000m' | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| The file must then be mounted via extraVolumes and extraVolumeMounts. | #### Network policies | ||||||
|  |  | ||||||
|  | Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom | ||||||
|  | network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`. | ||||||
|  |  | ||||||
|  | The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming | ||||||
|  | traffic from an ingress controller. Additionally two egress rules are defined. The first one to allow the application | ||||||
|  | outgoing access to the internal running DNS server `core-dns`. The second rule to be able to access the upstream Go | ||||||
|  | proxy `https://proxy.golang.org` via HTTPS. | ||||||
|  |  | ||||||
|  | > [!IMPORTANT] | ||||||
|  | > Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For | ||||||
|  | > this reason, there is are not default network policy rules defined. | ||||||
|  |  | ||||||
| ```yaml | ```yaml | ||||||
| extraVolumes: | networkPolicies: | ||||||
| - name: netrc |   enabled: true | ||||||
|   secret: |   annotations: {} | ||||||
|     secretName: custom-netrc |   labels: {} | ||||||
|     items: |   policyTypes: | ||||||
|     - key: netrc |   - Egress | ||||||
|       path: .netrc |   - Ingress | ||||||
|       mode: 0600 |   egress: | ||||||
|  |   - to: | ||||||
|  |     - namespaceSelector: | ||||||
|  |         matchLabels: | ||||||
|  |           kubernetes.io/metadata.name: kube-system | ||||||
|  |       podSelector: | ||||||
|  |         matchLabels: | ||||||
|  |           k8s-app: kube-dns | ||||||
|  |     ports: | ||||||
|  |     - port: 53 | ||||||
|  |       protocol: TCP | ||||||
|  |     - port: 53 | ||||||
|  |       protocol: UDP | ||||||
|  |   - ports: | ||||||
|  |     - port: 443 | ||||||
|  |       protocol: TCP | ||||||
|  |  | ||||||
| extraVolumeMounts: |   ingress: | ||||||
| - name: netrc |   - from: | ||||||
|   mountPath: /root |     - namespaceSelector: | ||||||
|  |         matchLabels: | ||||||
|  |           kubernetes.io/metadata.name: ingress-nginx | ||||||
|  |       podSelector: | ||||||
|  |         matchLabels: | ||||||
|  |           app.kubernetes.io/name: ingress-nginx | ||||||
|  |     ports: | ||||||
|  |     - port: http | ||||||
|  |       protocol: TCP | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ## Persistent storage | ## ArgoCD | ||||||
|  |  | ||||||
| Unlike the athens default, the default here is `disk` - i.e. the files are | ### Daily execution of rolling updates | ||||||
| written to the container. Therefore, it is advisable to outsource the |  | ||||||
| corresponding storage location to persistent storage. The following example |  | ||||||
| describes the integration of a persistent storage claim. |  | ||||||
|  |  | ||||||
| ```yaml | The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in | ||||||
| extraVolumes: | connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll | ||||||
| - name: gomodules | Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments). | ||||||
|   persistentVolumeClaim: |  | ||||||
|     claimName: custom-gomodules-pvc |  | ||||||
|  |  | ||||||
| extraVolumeMounts: | The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the | ||||||
| - name: gomodules | content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version, | ||||||
|   mountPath: /var/lib/athens | Helm render order, different timestamps). | ||||||
|  |  | ||||||
|  | This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this | ||||||
|  | can lead to unnecessary notifications from ArgoCD. | ||||||
|  |  | ||||||
|  | To avoid this, the annotation with the shasum must be ignored. Below is a diff that adds the `Application` to ignore all | ||||||
|  | annotations with the prefix `checksum`. | ||||||
|  |  | ||||||
|  | ```diff | ||||||
|  |   apiVersion: argoproj.io/v1alpha1 | ||||||
|  |   kind: Application | ||||||
|  |   spec: | ||||||
|  | +   ignoreDifferences: | ||||||
|  | +   - group: apps/v1 | ||||||
|  | +     kind: Deployment | ||||||
|  | +     jqPathExpressions: | ||||||
|  | +     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))' | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ## Parameters | ## Parameters | ||||||
| @@ -178,6 +185,7 @@ extraVolumeMounts: | |||||||
|  |  | ||||||
| | Name                                                    | Description                                                                                                                                       | Value                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | | | Name                                                    | Description                                                                                                                                       | Value                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | | ||||||
| | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||||||
|  | | `config.env.enabled`                                    | Enable mounting of the secret as environment variables.                                                                                           | `false`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | | ||||||
| | `config.env.existingSecret.enabled`                     | Mount an existing secret containing the application specific environment variables.                                                               | `false`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | | | `config.env.existingSecret.enabled`                     | Mount an existing secret containing the application specific environment variables.                                                               | `false`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | | ||||||
| | `config.env.existingSecret.secretName`                  | Name of the existing secret containing the application specific environment variables.                                                            | `""`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | | | `config.env.existingSecret.secretName`                  | Name of the existing secret containing the application specific environment variables.                                                            | `""`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | | ||||||
| | `config.env.secret.annotations`                         | Additional annotations of the secret containing the database credentials.                                                                         | `{}`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | | | `config.env.secret.annotations`                         | Additional annotations of the secret containing the database credentials.                                                                         | `{}`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | | ||||||
| @@ -189,10 +197,10 @@ extraVolumeMounts: | |||||||
| | `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored.                                                  | `downloadMode`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | | | `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored.                                                  | `downloadMode`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | | ||||||
| | `config.downloadMode.configMap.annotations`             | Additional annotations of the config map containing the download mode file.                                                                       | `{}`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | | | `config.downloadMode.configMap.annotations`             | Additional annotations of the config map containing the download mode file.                                                                       | `{}`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | | ||||||
| | `config.downloadMode.configMap.labels`                  | Additional labels of the config map containing the download mode file.                                                                            | `{}`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | | | `config.downloadMode.configMap.labels`                  | Additional labels of the config map containing the download mode file.                                                                            | `{}`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | | ||||||
| | `config.downloadMode.configMap.content`                 | The content of the download mode file.                                                                                                            | `# downloadURL = "https://proxy.golang.org" | | `config.downloadMode.configMap.content`                 | The content of the download mode file.                                                                                                            | `downloadURL = "https://proxy.golang.org" | ||||||
| # |  | ||||||
| # mode = "async_redirect" | mode = "async_redirect" | ||||||
| # |  | ||||||
| # download "github.com/gomods/*" { | # download "github.com/gomods/*" { | ||||||
| #     mode = "sync" | #     mode = "sync" | ||||||
| # } | # } | ||||||
| @@ -203,7 +211,7 @@ extraVolumeMounts: | |||||||
| # | # | ||||||
| # download "github.com/pkg/*" { | # download "github.com/pkg/*" { | ||||||
| #     mode = "redirect" | #     mode = "redirect" | ||||||
| #     downloadURL = "https://gocenter.io" | #     downloadURL = "https://proxy.golang.org" | ||||||
| # } | # } | ||||||
| `                                                                                                                                                                                                                                                                                                                                                                           | | `                                                                                                                                                                                                                                                                                                                                                                           | | ||||||
| | `config.gitConfig.enabled`                              | Enable mounting of a .gitconfig file into the container file system.                                                                              | `false`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | | | `config.gitConfig.enabled`                              | Enable mounting of a .gitconfig file into the container file system.                                                                              | `false`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | | ||||||
| @@ -328,17 +336,16 @@ extraVolumeMounts: | |||||||
| | `persistence.data.persistentVolumeClaim.storageClass`                      | Storage class of the persistent volume claim.                                                                                                                                                                           | `""`                         | | | `persistence.data.persistentVolumeClaim.storageClass`                      | Storage class of the persistent volume claim.                                                                                                                                                                           | `""`                         | | ||||||
| | `persistence.data.persistentVolumeClaim.storageSize`                       | Size of the persistent volume claim.                                                                                                                                                                                    | `5Gi`                        | | | `persistence.data.persistentVolumeClaim.storageSize`                       | Size of the persistent volume claim.                                                                                                                                                                                    | `5Gi`                        | | ||||||
|  |  | ||||||
| ### NetworkPolicies | ### Network Policy | ||||||
|  |  | ||||||
| | Name                        | Description                                                               | Value   | | | Name                        | Description                                                               | Value   | | ||||||
| | ------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------- | | | --------------------------- | ------------------------------------------------------------------------- | ------- | | ||||||
| | `networkPolicies.enabled`             | Enable network policies in general.                                                                   | `false` | | | `networkPolicy.enabled`     | Enable network policies in general.                                       | `false` | | ||||||
| | `networkPolicies.default.enabled`     | Enable the network policy for accessing the application by default. For example to scape the metrics. | `false` | | | `networkPolicy.annotations` | Additional network policy annotations.                                    | `{}`    | | ||||||
| | `networkPolicies.default.annotations` | Additional network policy annotations.                                                                | `{}`    | | | `networkPolicy.labels`      | Additional network policy labels.                                         | `{}`    | | ||||||
| | `networkPolicies.default.labels`      | Additional network policy labels.                                                                     | `{}`    | | | `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]`    | | ||||||
| | `networkPolicies.default.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress.                             | `[]`    | | | `networkPolicy.egress`      | Concrete egress network policy implementation.                            | `[]`    | | ||||||
| | `networkPolicies.default.egress`      | Concrete egress network policy implementation.                                                        | `[]`    | | | `networkPolicy.ingress`     | Concrete ingress network policy implementation.                           | `[]`    | | ||||||
| | `networkPolicies.default.ingress`     | Concrete ingress network policy implementation.                                                       | `[]`    | |  | ||||||
|  |  | ||||||
| ### Service | ### Service | ||||||
|  |  | ||||||
|   | |||||||
| @@ -9,6 +9,7 @@ | |||||||
|   ], |   ], | ||||||
|   "customManagers": [ |   "customManagers": [ | ||||||
|     { |     { | ||||||
|  |       "customType": "regex", | ||||||
|       "fileMatch": [ |       "fileMatch": [ | ||||||
|         "^Chart\\.yaml$" |         "^Chart\\.yaml$" | ||||||
|       ], |       ], | ||||||
| @@ -21,6 +22,7 @@ | |||||||
|       "versioningTemplate": "semver" |       "versioningTemplate": "semver" | ||||||
|     }, |     }, | ||||||
|     { |     { | ||||||
|  |       "customType": "regex", | ||||||
|       "fileMatch": ["^README\\.md$"], |       "fileMatch": ["^README\\.md$"], | ||||||
|       "matchStrings": [ |       "matchStrings": [ | ||||||
|         "VERSION=(?<currentValue>.*)" |         "VERSION=(?<currentValue>.*)" | ||||||
| @@ -32,6 +34,20 @@ | |||||||
|     } |     } | ||||||
|   ], |   ], | ||||||
|   "packageRules": [ |   "packageRules": [ | ||||||
|  |     { | ||||||
|  |       "groupName": "Update docker.io/volkerraschek/helm", | ||||||
|  |       "matchDepNames": [ | ||||||
|  |         "docker.io/volkerraschek/helm", | ||||||
|  |         "volkerraschek/helm" | ||||||
|  |       ] | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       "groupName": "Update docker.io/library/node", | ||||||
|  |       "matchDepNames": [ | ||||||
|  |         "docker.io/library/node", | ||||||
|  |         "library/node" | ||||||
|  |       ] | ||||||
|  |     }, | ||||||
|     { |     { | ||||||
|       "addLabels": [ |       "addLabels": [ | ||||||
|         "renovate/automerge", |         "renovate/automerge", | ||||||
|   | |||||||
| @@ -34,6 +34,18 @@ | |||||||
| {{/* envFrom */}} | {{/* envFrom */}} | ||||||
| 
 | 
 | ||||||
| {{- define "athens-proxy.deployment.envFrom" -}} | {{- define "athens-proxy.deployment.envFrom" -}} | ||||||
|  | {{- $envFrom := .Values.deployment.athensProxy.envFrom | default (list) }} | ||||||
|  | 
 | ||||||
|  | {{- if .Values.config.env.enabled }} | ||||||
|  | {{- $secretName := include "athens-proxy.secrets.env.name" $ }} | ||||||
|  | {{- if and .Values.config.env.existingSecret.enabled (gt (len .Values.config.env.existingSecret.secretName) 0)}} | ||||||
|  | {{- $secretName = .Values.config.env.existingSecret.secretName }} | ||||||
|  | {{- end }} | ||||||
|  | {{- $envFrom = concat $envFrom (list (dict "secretRef" (dict "name" $secretName))) }} | ||||||
|  | {{- end }} | ||||||
|  | 
 | ||||||
|  | {{ toYaml (dict "envFrom" $envFrom) }} | ||||||
|  | 
 | ||||||
| {{- end -}} | {{- end -}} | ||||||
| 
 | 
 | ||||||
| {{/* image */}} | {{/* image */}} | ||||||
| @@ -42,7 +54,7 @@ | |||||||
| {{- $registry := .Values.deployment.athensProxy.image.registry -}} | {{- $registry := .Values.deployment.athensProxy.image.registry -}} | ||||||
| {{- $repository := .Values.deployment.athensProxy.image.repository -}} | {{- $repository := .Values.deployment.athensProxy.image.repository -}} | ||||||
| {{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}} | {{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}} | ||||||
| {{- printf "%s/%s:v%s" $registry $repository $tag -}} | {{- printf "%s/%s:%s" $registry $repository $tag -}} | ||||||
| {{- end -}} | {{- end -}} | ||||||
| 
 | 
 | ||||||
| {{/* labels */}} | {{/* labels */}} | ||||||
							
								
								
									
										19
									
								
								templates/_networkPolicy.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								templates/_networkPolicy.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | |||||||
|  | {{/* vim: set filetype=mustache: */}} | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.networkPolicy.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if .Values.networkPolicy.annotations }} | ||||||
|  | {{ toYaml .Values.networkPolicy.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.networkPolicy.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- if .Values.networkPolicy.labels }} | ||||||
|  | {{ toYaml .Values.networkPolicy.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										34
									
								
								templates/_pod.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										34
									
								
								templates/_pod.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,34 @@ | |||||||
|  | --- | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.pod.annotations" -}} | ||||||
|  | {{ include "athens-proxy.annotations" . }} | ||||||
|  | {{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) -}} | ||||||
|  | {{- printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }} | ||||||
|  | {{- end -}} | ||||||
|  | {{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) -}} | ||||||
|  | {{- printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }} | ||||||
|  | {{- end -}} | ||||||
|  | {{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) -}} | ||||||
|  | {{- printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }} | ||||||
|  | {{- end -}} | ||||||
|  | {{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) -}} | ||||||
|  | {{- printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }} | ||||||
|  | {{- end -}} | ||||||
|  | {{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) -}} | ||||||
|  | {{- printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }} | ||||||
|  | {{- end -}} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.pod.labels" -}} | ||||||
|  | {{ include "athens-proxy.labels" . }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- define "athens-proxy.pod.selectorLabels" -}} | ||||||
|  | {{ include "athens-proxy.selectorLabels" . }} | ||||||
|  | {{- end }} | ||||||
| @@ -1,19 +0,0 @@ | |||||||
| {{/* vim: set filetype=mustache: */}} |  | ||||||
|  |  | ||||||
| {{/* annotations */}} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.networkPolicies.annotations" -}} |  | ||||||
| {{ include "athens-proxy.annotations" .context }} |  | ||||||
| {{- if .networkPolicy.annotations }} |  | ||||||
| {{ toYaml .networkPolicy.annotations }} |  | ||||||
| {{- end }} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{/* labels */}} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.networkPolicies.labels" -}} |  | ||||||
| {{ include "athens-proxy.labels" .context }} |  | ||||||
| {{- if .networkPolicy.labels }} |  | ||||||
| {{ toYaml .networkPolicy.labels }} |  | ||||||
| {{- end }} |  | ||||||
| {{- end }} |  | ||||||
| @@ -1,17 +0,0 @@ | |||||||
| --- |  | ||||||
|  |  | ||||||
| {{/* annotations */}} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.pod.annotations" -}} |  | ||||||
| {{ include "athens-proxy.annotations" . }} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{/* labels */}} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.pod.labels" -}} |  | ||||||
| {{ include "athens-proxy.labels" . }} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{- define "athens-proxy.pod.selectorLabels" -}} |  | ||||||
| {{ include "athens-proxy.selectorLabels" . }} |  | ||||||
| {{- end }} |  | ||||||
| @@ -1,36 +0,0 @@ | |||||||
| {{- if .Values.networkPolicies.enabled }} |  | ||||||
| {{- range $key, $value := .Values.networkPolicies -}} |  | ||||||
| {{- if and (not (eq $key "enabled")) $value.enabled }} |  | ||||||
| --- |  | ||||||
| apiVersion: networking.k8s.io/v1 |  | ||||||
| kind: NetworkPolicy |  | ||||||
| metadata: |  | ||||||
|   {{- with (include "athens-proxy.networkPolicies.annotations" (dict "networkPolicy" $value "context" $) | fromYaml) }} |  | ||||||
|   annotations: |  | ||||||
|     {{- toYaml . | nindent 4 }} |  | ||||||
|   {{- end }} |  | ||||||
|   {{- with (include "athens-proxy.networkPolicies.labels" (dict "networkPolicy" $value "context" $) | fromYaml) }} |  | ||||||
|   labels: |  | ||||||
|     {{- toYaml . | nindent 4 }} |  | ||||||
|   {{- end }} |  | ||||||
|   name: {{ printf "%s-%s" (include "athens-proxy.fullname" $ ) $key }} |  | ||||||
|   namespace: {{ $.Release.Namespace }} |  | ||||||
| spec: |  | ||||||
|   podSelector: |  | ||||||
|     matchLabels: |  | ||||||
|       {{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }} |  | ||||||
|   {{- with $value.policyTypes }} |  | ||||||
|   policyTypes: |  | ||||||
|   {{- toYaml . | nindent 2 }} |  | ||||||
|   {{- end }} |  | ||||||
|   {{- with $value.egress }} |  | ||||||
|   egress: |  | ||||||
|   {{- toYaml . | nindent 2 }} |  | ||||||
|   {{- end }} |  | ||||||
|   {{- with $value.ingress }} |  | ||||||
|   ingress: |  | ||||||
|   {{- toYaml . | nindent 2 }} |  | ||||||
|   {{- end }} |  | ||||||
| {{- end }} |  | ||||||
| {{- end }} |  | ||||||
| {{- end }} |  | ||||||
							
								
								
									
										32
									
								
								templates/networkPolicy.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								templates/networkPolicy.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,32 @@ | |||||||
|  | {{- if .Values.networkPolicy.enabled }} | ||||||
|  | --- | ||||||
|  | apiVersion: networking.k8s.io/v1 | ||||||
|  | kind: NetworkPolicy | ||||||
|  | metadata: | ||||||
|  |   {{- with (include "athens-proxy.networkPolicy.annotations" . | fromYaml) }} | ||||||
|  |   annotations: | ||||||
|  |     {{- tpl (toYaml .) $ | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with (include "athens-proxy.networkPolicy.labels" . | fromYaml) }} | ||||||
|  |   labels: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   name: {{ include "athens-proxy.fullname" . }} | ||||||
|  |   namespace: {{ .Release.Namespace }} | ||||||
|  | spec: | ||||||
|  |   podSelector: | ||||||
|  |     matchLabels: | ||||||
|  |       {{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }} | ||||||
|  |   {{- with .Values.networkPolicy.policyTypes }} | ||||||
|  |   policyTypes: | ||||||
|  |   {{- toYaml . | nindent 2 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with .Values.networkPolicy.egress }} | ||||||
|  |   egress: | ||||||
|  |   {{- toYaml . | nindent 2 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with .Values.networkPolicy.ingress }} | ||||||
|  |   ingress: | ||||||
|  |   {{- toYaml . | nindent 2 }} | ||||||
|  |   {{- end }} | ||||||
|  | {{- end }} | ||||||
| @@ -1,4 +1,4 @@ | |||||||
| {{- if not .Values.config.env.existingSecret.enabled }} | {{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }} | ||||||
| --- | --- | ||||||
| apiVersion: v1 | apiVersion: v1 | ||||||
| kind: Secret | kind: Secret | ||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/configMapDownloadMode.yaml | - templates/configMapDownloadMode.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip rending by using existing config map. | - it: Skip rending by using existing config map. | ||||||
|   set: |   set: | ||||||
| @@ -37,10 +37,10 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: data.downloadMode |       path: data.downloadMode | ||||||
|       value: | |       value: | | ||||||
|         # downloadURL = "https://proxy.golang.org" |         downloadURL = "https://proxy.golang.org" | ||||||
|         # |  | ||||||
|         # mode = "async_redirect" |         mode = "async_redirect" | ||||||
|         # |  | ||||||
|         # download "github.com/gomods/*" { |         # download "github.com/gomods/*" { | ||||||
|         #     mode = "sync" |         #     mode = "sync" | ||||||
|         # } |         # } | ||||||
| @@ -51,7 +51,7 @@ tests: | |||||||
|         # |         # | ||||||
|         # download "github.com/pkg/*" { |         # download "github.com/pkg/*" { | ||||||
|         #     mode = "redirect" |         #     mode = "redirect" | ||||||
|         #     downloadURL = "https://gocenter.io" |         #     downloadURL = "https://proxy.golang.org" | ||||||
|         # } |         # } | ||||||
|  |  | ||||||
| - it: Rendering custom annotations and labels. | - it: Rendering custom annotations and labels. | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/configMapGitConfig.yaml | - templates/configMapGitConfig.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip rending by using existing config map. | - it: Skip rending by using existing config map. | ||||||
|   set: |   set: | ||||||
|   | |||||||
| @@ -6,22 +6,22 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/deployment.yaml | - templates/deployment.yaml | ||||||
| tests: | tests: | ||||||
| - it: Rendering default | - it: Rendering default | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count: 1 |       count: 1 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - containsDocument: |   - containsDocument: | ||||||
|       apiVersion: apps/v1 |       apiVersion: apps/v1 | ||||||
|       kind: Deployment |       kind: Deployment | ||||||
|       name: athens-proxy-unittest |       name: athens-proxy-unittest | ||||||
|       namespace: testing |       namespace: testing | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: metadata.annotations |       path: metadata.annotations | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: metadata.labels |       path: metadata.labels | ||||||
|       value: |       value: | ||||||
| @@ -30,11 +30,11 @@ tests: | |||||||
|         app.kubernetes.io/name: athens-proxy |         app.kubernetes.io/name: athens-proxy | ||||||
|         app.kubernetes.io/version: 0.1.0 |         app.kubernetes.io/version: 0.1.0 | ||||||
|         helm.sh/chart: athens-proxy-0.1.0 |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.replicas |       path: spec.replicas | ||||||
|       value: 1 |       value: 1 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.metadata.labels |       path: spec.template.metadata.labels | ||||||
|       value: |       value: | ||||||
| @@ -43,74 +43,74 @@ tests: | |||||||
|         app.kubernetes.io/name: athens-proxy |         app.kubernetes.io/name: athens-proxy | ||||||
|         app.kubernetes.io/version: 0.1.0 |         app.kubernetes.io/version: 0.1.0 | ||||||
|         helm.sh/chart: athens-proxy-0.1.0 |         helm.sh/chart: athens-proxy-0.1.0 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.affinity |       path: spec.template.spec.affinity | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.containers[0].args |       path: spec.template.spec.containers[0].args | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.containers[0].command |       path: spec.template.spec.containers[0].command | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.containers[0].envFrom |       path: spec.template.spec.containers[0].envFrom | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.containers[0].volumeMounts |       path: spec.template.spec.containers[0].volumeMounts | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].image |       path: spec.template.spec.containers[0].image | ||||||
|       value: docker.io/gomods/athens:v0.1.0 |       value: docker.io/gomods/athens:0.1.0 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].imagePullPolicy |       path: spec.template.spec.containers[0].imagePullPolicy | ||||||
|       value: IfNotPresent |       value: IfNotPresent | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.containers[0].resources |       path: spec.template.spec.containers[0].resources | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.containers[0].securityContext |       path: spec.template.spec.containers[0].securityContext | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.dnsConfig |       path: spec.template.spec.dnsConfig | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.dnsPolicy |       path: spec.template.spec.dnsPolicy | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.hostname |       path: spec.template.spec.hostname | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.hostNetwork |       path: spec.template.spec.hostNetwork | ||||||
|       value: false |       value: false | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.imagePullSecrets |       path: spec.template.spec.imagePullSecrets | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.nodeSelector |       path: spec.template.spec.nodeSelector | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.priorityClassName |       path: spec.template.spec.priorityClassName | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.restartPolicy |       path: spec.template.spec.restartPolicy | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.subdomain |       path: spec.template.spec.subdomain | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.terminationGracePeriodSeconds |       path: spec.template.spec.terminationGracePeriodSeconds | ||||||
|       value: 60 |       value: 60 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.tolerations |       path: spec.template.spec.tolerations | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.topologySpreadConstraints |       path: spec.template.spec.topologySpreadConstraints | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.strategy |       path: spec.strategy | ||||||
|       value: |       value: | ||||||
| @@ -118,7 +118,7 @@ tests: | |||||||
|         rollingUpdate: |         rollingUpdate: | ||||||
|           maxSurge: 1 |           maxSurge: 1 | ||||||
|           maxUnavailable: 1 |           maxUnavailable: 1 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test custom replicas | - it: Test custom replicas | ||||||
|   set: |   set: | ||||||
| @@ -130,7 +130,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.replicas |       path: spec.replicas | ||||||
|       value: 3 |       value: 3 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test custom affinity | - it: Test custom affinity | ||||||
|   set: |   set: | ||||||
| @@ -160,7 +160,7 @@ tests: | |||||||
|                 values: |                 values: | ||||||
|                 - antarctica-east1 |                 - antarctica-east1 | ||||||
|                 - antarctica-west1 |                 - antarctica-west1 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test additional arguments | - it: Test additional arguments | ||||||
|   set: |   set: | ||||||
| @@ -176,7 +176,7 @@ tests: | |||||||
|       value: |       value: | ||||||
|       - --foo=bar |       - --foo=bar | ||||||
|       - --bar=foo |       - --bar=foo | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test additional command | - it: Test additional command | ||||||
|   set: |   set: | ||||||
| @@ -194,7 +194,7 @@ tests: | |||||||
|       - "/bin/sh" |       - "/bin/sh" | ||||||
|       - "-c" |       - "-c" | ||||||
|       - "echo hello" |       - "echo hello" | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test custom imageRegistry and imageRepository | - it: Test custom imageRegistry and imageRepository | ||||||
|   set: |   set: | ||||||
| @@ -206,8 +206,8 @@ tests: | |||||||
|   asserts: |   asserts: | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].image |       path: spec.template.spec.containers[0].image | ||||||
|       value: registry.example.local/path/special/athens-proxy:v0.1.0 |       value: registry.example.local/path/special/athens-proxy:0.1.0 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test custom imagePullPolicy | - it: Test custom imagePullPolicy | ||||||
|   set: |   set: | ||||||
| @@ -219,7 +219,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].imagePullPolicy |       path: spec.template.spec.containers[0].imagePullPolicy | ||||||
|       value: Always |       value: Always | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test custom resource limits and requests | - it: Test custom resource limits and requests | ||||||
|   set: |   set: | ||||||
| @@ -242,7 +242,7 @@ tests: | |||||||
|           resourceFieldRef: |           resourceFieldRef: | ||||||
|             divisor: "1" |             divisor: "1" | ||||||
|             resource: limits.cpu |             resource: limits.cpu | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].resources |       path: spec.template.spec.containers[0].resources | ||||||
|       value: |       value: | ||||||
| @@ -252,7 +252,7 @@ tests: | |||||||
|         requests: |         requests: | ||||||
|           cpu: 25m |           cpu: 25m | ||||||
|           memory: 100MB |           memory: 100MB | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test custom securityContext | - it: Test custom securityContext | ||||||
|   set: |   set: | ||||||
| @@ -282,7 +282,7 @@ tests: | |||||||
|         readOnlyRootFilesystem: true |         readOnlyRootFilesystem: true | ||||||
|         runAsNonRoot: true |         runAsNonRoot: true | ||||||
|         runAsUser: 1000 |         runAsUser: 1000 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test dnsConfig | - it: Test dnsConfig | ||||||
|   set: |   set: | ||||||
| @@ -300,7 +300,7 @@ tests: | |||||||
|         nameservers: |         nameservers: | ||||||
|         - "8.8.8.8" |         - "8.8.8.8" | ||||||
|         - "8.8.4.4" |         - "8.8.4.4" | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test dnsPolicy | - it: Test dnsPolicy | ||||||
|   set: |   set: | ||||||
| @@ -312,7 +312,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.dnsPolicy |       path: spec.template.spec.dnsPolicy | ||||||
|       value: ClusterFirst |       value: ClusterFirst | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test hostNetwork, hostname, subdomain | - it: Test hostNetwork, hostname, subdomain | ||||||
|   set: |   set: | ||||||
| @@ -326,15 +326,15 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.hostNetwork |       path: spec.template.spec.hostNetwork | ||||||
|       value: true |       value: true | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.hostname |       path: spec.template.spec.hostname | ||||||
|       value: pg-exporter |       value: pg-exporter | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.subdomain |       path: spec.template.spec.subdomain | ||||||
|       value: exporters.internal |       value: exporters.internal | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test imagePullSecrets | - it: Test imagePullSecrets | ||||||
|   set: |   set: | ||||||
| @@ -350,7 +350,7 @@ tests: | |||||||
|       value: |       value: | ||||||
|       - name: my-pull-secret |       - name: my-pull-secret | ||||||
|       - name: my-special-secret |       - name: my-special-secret | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test nodeSelector | - it: Test nodeSelector | ||||||
|   set: |   set: | ||||||
| @@ -364,7 +364,7 @@ tests: | |||||||
|       path: spec.template.spec.nodeSelector |       path: spec.template.spec.nodeSelector | ||||||
|       value: |       value: | ||||||
|         foo: bar |         foo: bar | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test priorityClassName | - it: Test priorityClassName | ||||||
|   set: |   set: | ||||||
| @@ -376,7 +376,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.priorityClassName |       path: spec.template.spec.priorityClassName | ||||||
|       value: my-priority |       value: my-priority | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test restartPolicy | - it: Test restartPolicy | ||||||
|   set: |   set: | ||||||
| @@ -388,7 +388,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.restartPolicy |       path: spec.template.spec.restartPolicy | ||||||
|       value: Always |       value: Always | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test terminationGracePeriodSeconds | - it: Test terminationGracePeriodSeconds | ||||||
|   set: |   set: | ||||||
| @@ -400,7 +400,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.terminationGracePeriodSeconds |       path: spec.template.spec.terminationGracePeriodSeconds | ||||||
|       value: 120 |       value: 120 | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test tolerations | - it: Test tolerations | ||||||
|   set: |   set: | ||||||
| @@ -420,7 +420,7 @@ tests: | |||||||
|         operator: Equal |         operator: Equal | ||||||
|         value: postgres |         value: postgres | ||||||
|         effect: NoSchedule |         effect: NoSchedule | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test topologySpreadConstraints | - it: Test topologySpreadConstraints | ||||||
|   set: |   set: | ||||||
| @@ -442,7 +442,7 @@ tests: | |||||||
|         labelSelector: |         labelSelector: | ||||||
|           matchLabels: |           matchLabels: | ||||||
|             app.kubernetes.io/instance: athens-proxy |             app.kubernetes.io/instance: athens-proxy | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test additional volumeMounts and volumes | - it: Test additional volumeMounts and volumes | ||||||
|   set: |   set: | ||||||
| @@ -462,5 +462,4 @@ tests: | |||||||
|       value: |       value: | ||||||
|       - name: data |       - name: data | ||||||
|         mountPath: /usr/lib/athens-proxy/data |         mountPath: /usr/lib/athens-proxy/data | ||||||
|     template: templates/athens-proxy/deployment.yaml |     template: templates/deployment.yaml | ||||||
|  |  | ||||||
|   | |||||||
| @@ -6,42 +6,57 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/deployment.yaml | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
| tests: | tests: | ||||||
| - it: Rendering default without mounted download mode config map | - it: Rendering default without mounted download mode config map | ||||||
|   asserts: |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.containers[0].env |         path: spec.template.spec.containers[0].env | ||||||
|         content: |         content: | ||||||
|           name: ATHENS_DOWNLOAD_MODE |           name: ATHENS_DOWNLOAD_MODE | ||||||
|           value: file:/etc/athens/config/download-mode.d/download-mode |           value: file:/etc/athens/config/download-mode.d/download-mode | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: download-mode |           name: download-mode | ||||||
|           mountPath: /etc/athens/config/download-mode.d |           mountPath: /etc/athens/config/download-mode.d | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
|           name: download-mode |           name: download-mode | ||||||
|           configMap: |           configMap: | ||||||
|             name: athens-proxy-unittest-download-mode-file |             name: athens-proxy-unittest-download-mode-file | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Rendering default with mounted gitconfig configMap | - it: Rendering default with mounted gitconfig configMap | ||||||
|   set: |   set: | ||||||
|     config.downloadMode.enabled: true |     config.downloadMode.enabled: true | ||||||
|     persistence.enabled: true |     persistence.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|  |     - exists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].env |         path: spec.template.spec.containers[0].env | ||||||
|         content: |         content: | ||||||
|           name: ATHENS_DOWNLOAD_MODE |           name: ATHENS_DOWNLOAD_MODE | ||||||
|           value: file:/etc/athens/config/download-mode.d/download-mode |           value: file:/etc/athens/config/download-mode.d/download-mode | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: download-mode |           name: download-mode | ||||||
|           mountPath: /etc/athens/config/download-mode.d |           mountPath: /etc/athens/config/download-mode.d | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -52,6 +67,7 @@ tests: | |||||||
|                 mode: 0644 |                 mode: 0644 | ||||||
|                 path: download-mode |                 path: download-mode | ||||||
|             name: athens-proxy-unittest-download-mode-file |             name: athens-proxy-unittest-download-mode-file | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Rendering with custom download mode configMap | - it: Rendering with custom download mode configMap | ||||||
|   set: |   set: | ||||||
| @@ -61,16 +77,21 @@ tests: | |||||||
|     config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key" |     config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key" | ||||||
|     persistence.enabled: true |     persistence.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].env |         path: spec.template.spec.containers[0].env | ||||||
|         content: |         content: | ||||||
|           name: ATHENS_DOWNLOAD_MODE |           name: ATHENS_DOWNLOAD_MODE | ||||||
|           value: file:/etc/athens/config/download-mode.d/download-mode |           value: file:/etc/athens/config/download-mode.d/download-mode | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: download-mode |           name: download-mode | ||||||
|           mountPath: /etc/athens/config/download-mode.d |           mountPath: /etc/athens/config/download-mode.d | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -81,3 +102,4 @@ tests: | |||||||
|               path: "download-mode" |               path: "download-mode" | ||||||
|               mode: 0644 |               mode: 0644 | ||||||
|             name: my-custom-configmap |             name: my-custom-configmap | ||||||
|  |       template: templates/deployment.yaml | ||||||
							
								
								
									
										51
									
								
								unittests/deployment/env.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										51
									
								
								unittests/deployment/env.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,51 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: Deployment template | ||||||
|  | release: | ||||||
|  |   name: athens-proxy-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretEnv.yaml | ||||||
|  | tests: | ||||||
|  | - it: Rendering default without mounted env secret | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - notContains: | ||||||
|  |         path: spec.template.spec.containers[0].envFrom | ||||||
|  |         content: | ||||||
|  |           secretRef: | ||||||
|  |             name: athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering default with mounted env secret | ||||||
|  |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - exists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].envFrom | ||||||
|  |         content: | ||||||
|  |           secretRef: | ||||||
|  |             name: athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
|  | - it: Rendering default with mounted env secret | ||||||
|  |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|  |     config.env.existingSecret.enabled: true | ||||||
|  |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |     - contains: | ||||||
|  |         path: spec.template.spec.containers[0].envFrom | ||||||
|  |         content: | ||||||
|  |           secretRef: | ||||||
|  |             name: athens-proxy-unittest-env | ||||||
|  |       template: templates/deployment.yaml | ||||||
| @@ -6,16 +6,24 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/deployment.yaml | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
| tests: | tests: | ||||||
| - it: Rendering default without mounted git config map | - it: Rendering default without mounted git config map | ||||||
|   asserts: |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.gitconfig |           mountPath: /root/.gitconfig | ||||||
|           subPath: .gitconfig |           subPath: .gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -28,18 +36,23 @@ tests: | |||||||
|                   path: .gitconfig |                   path: .gitconfig | ||||||
|                   mode: 0600 |                   mode: 0600 | ||||||
|                 name: athens-proxy-unittest-gitconfig |                 name: athens-proxy-unittest-gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Rendering default with mounted gitconfig configMap | - it: Rendering default with mounted gitconfig configMap | ||||||
|   set: |   set: | ||||||
|     config.gitConfig.enabled: true |     config.gitConfig.enabled: true | ||||||
|     persistence.enabled: true |     persistence.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|  |     - exists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.gitconfig |           mountPath: /root/.gitconfig | ||||||
|           subPath: .gitconfig |           subPath: .gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -52,6 +65,7 @@ tests: | |||||||
|                   path: .gitconfig |                   path: .gitconfig | ||||||
|                   mode: 0644 |                   mode: 0644 | ||||||
|                 name: athens-proxy-unittest-gitconfig |                 name: athens-proxy-unittest-gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Rendering with custom gitconfig configMap | - it: Rendering with custom gitconfig configMap | ||||||
|   set: |   set: | ||||||
| @@ -61,12 +75,16 @@ tests: | |||||||
|     config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key" |     config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key" | ||||||
|     persistence.enabled: true |     persistence.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.gitconfig |           mountPath: /root/.gitconfig | ||||||
|           subPath: .gitconfig |           subPath: .gitconfig | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -79,3 +97,4 @@ tests: | |||||||
|                   path: .gitconfig |                   path: .gitconfig | ||||||
|                   mode: 0644 |                   mode: 0644 | ||||||
|                 name: my-custom-configmap |                 name: my-custom-configmap | ||||||
|  |       template: templates/deployment.yaml | ||||||
| @@ -6,15 +6,23 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/deployment.yaml | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
| tests: | tests: | ||||||
| - it: Rendering default without mounted netrc secret | - it: Rendering default without mounted netrc secret | ||||||
|   asserts: |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: netrc |           name: netrc | ||||||
|           mountPath: /root |           mountPath: /root | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -27,18 +35,23 @@ tests: | |||||||
|                   path: .netrc |                   path: .netrc | ||||||
|                   mode: 0600 |                   mode: 0600 | ||||||
|                 name: athens-proxy-unittest-netrc |                 name: athens-proxy-unittest-netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Rendering default with mounted netrc secret | - it: Rendering default with mounted netrc secret | ||||||
|   set: |   set: | ||||||
|     config.netrc.enabled: true |     config.netrc.enabled: true | ||||||
|     persistence.enabled: true |     persistence.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|  |     - exists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.netrc |           mountPath: /root/.netrc | ||||||
|           subPath: .netrc |           subPath: .netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -51,6 +64,7 @@ tests: | |||||||
|                   path: .netrc |                   path: .netrc | ||||||
|                   mode: 0600 |                   mode: 0600 | ||||||
|                 name: athens-proxy-unittest-netrc |                 name: athens-proxy-unittest-netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Rendering with custom netrc secret | - it: Rendering with custom netrc secret | ||||||
|   set: |   set: | ||||||
| @@ -60,12 +74,16 @@ tests: | |||||||
|     config.netrc.existingSecret.netrcKey: "my-netrc-key" |     config.netrc.existingSecret.netrcKey: "my-netrc-key" | ||||||
|     persistence.enabled: true |     persistence.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.netrc |           mountPath: /root/.netrc | ||||||
|           subPath: .netrc |           subPath: .netrc | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -78,3 +96,4 @@ tests: | |||||||
|                   path: .netrc |                   path: .netrc | ||||||
|                   mode: 0600 |                   mode: 0600 | ||||||
|                 name: my-custom-secret |                 name: my-custom-secret | ||||||
|  |       template: templates/deployment.yaml | ||||||
| @@ -6,7 +6,11 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/deployment.yaml | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
| tests: | tests: | ||||||
| - it: Test persistent volume claim | - it: Test persistent volume claim | ||||||
|   set: |   set: | ||||||
| @@ -17,26 +21,26 @@ tests: | |||||||
|         content: |         content: | ||||||
|           name: ATHENS_STORAGE_TYPE |           name: ATHENS_STORAGE_TYPE | ||||||
|           value: disk |           value: disk | ||||||
|       template: templates/athens-proxy/deployment.yaml |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].env |         path: spec.template.spec.containers[0].env | ||||||
|         content: |         content: | ||||||
|           name: ATHENS_DISK_STORAGE_ROOT |           name: ATHENS_DISK_STORAGE_ROOT | ||||||
|           value: /var/www/athens-proxy/data |           value: /var/www/athens-proxy/data | ||||||
|       template: templates/athens-proxy/deployment.yaml |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: data |           name: data | ||||||
|           mountPath: /var/www/athens-proxy/data |           mountPath: /var/www/athens-proxy/data | ||||||
|       template: templates/athens-proxy/deployment.yaml |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
|           name: data |           name: data | ||||||
|           persistentVolumeClaim: |           persistentVolumeClaim: | ||||||
|             claimName: athens-proxy-unittest-data |             claimName: athens-proxy-unittest-data | ||||||
|       template: templates/athens-proxy/deployment.yaml |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Test existing persistent volume claim | - it: Test existing persistent volume claim | ||||||
|   set: |   set: | ||||||
| @@ -51,23 +55,23 @@ tests: | |||||||
|         content: |         content: | ||||||
|           name: ATHENS_STORAGE_TYPE |           name: ATHENS_STORAGE_TYPE | ||||||
|           value: disk |           value: disk | ||||||
|       template: templates/athens-proxy/deployment.yaml |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].env |         path: spec.template.spec.containers[0].env | ||||||
|         content: |         content: | ||||||
|           name: ATHENS_DISK_STORAGE_ROOT |           name: ATHENS_DISK_STORAGE_ROOT | ||||||
|           value: /mnt/go-proxy/data |           value: /mnt/go-proxy/data | ||||||
|       template: templates/athens-proxy/deployment.yaml |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: data |           name: data | ||||||
|           mountPath: /mnt/go-proxy/data |           mountPath: /mnt/go-proxy/data | ||||||
|       template: templates/athens-proxy/deployment.yaml |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
|           name: data |           name: data | ||||||
|           persistentVolumeClaim: |           persistentVolumeClaim: | ||||||
|             claimName: my-special-pvc |             claimName: my-special-pvc | ||||||
|       template: templates/athens-proxy/deployment.yaml |       template: templates/deployment.yaml | ||||||
| @@ -6,40 +6,52 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/deployment.yaml | - templates/configMapDownloadMode.yaml | ||||||
|  | - templates/configMapGitConfig.yaml | ||||||
|  | - templates/deployment.yaml | ||||||
|  | - templates/secretNetRC.yaml | ||||||
|  | - templates/secretSSH.yaml | ||||||
| tests: | tests: | ||||||
| - it: Rendering default without mounted ssh secret | - it: Rendering default without mounted ssh secret | ||||||
|   asserts: |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.ssh/config |           mountPath: /root/.ssh/config | ||||||
|           subPath: config |           subPath: config | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.ssh/id_ed25519 |           mountPath: /root/.ssh/id_ed25519 | ||||||
|           subPath: id_ed25519 |           subPath: id_ed25519 | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.ssh/id_ed25519.pub |           mountPath: /root/.ssh/id_ed25519.pub | ||||||
|           subPath: id_ed25519.pub |           subPath: id_ed25519.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.ssh/id_rsa |           mountPath: /root/.ssh/id_rsa | ||||||
|           subPath: id_rsa |           subPath: id_rsa | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.ssh/id_rsa.pub |           mountPath: /root/.ssh/id_rsa.pub | ||||||
|           subPath: id_rsa.pub |           subPath: id_rsa.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - notContains: |     - notContains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -64,6 +76,7 @@ tests: | |||||||
|                   path: id_rsa.pub |                   path: id_rsa.pub | ||||||
|                   mode: 0644 |                   mode: 0644 | ||||||
|                 name: athens-proxy-unittest-ssh |                 name: athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Rendering default with mounted ssh config | - it: Rendering default with mounted ssh config | ||||||
|   set: |   set: | ||||||
| @@ -76,6 +89,7 @@ tests: | |||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.ssh/config |           mountPath: /root/.ssh/config | ||||||
|           subPath: config |           subPath: config | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -88,6 +102,7 @@ tests: | |||||||
|                   path: config |                   path: config | ||||||
|                   mode: 0600 |                   mode: 0600 | ||||||
|                 name: athens-proxy-unittest-ssh |                 name: athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Rendering default with mounted ssh keys | - it: Rendering default with mounted ssh keys | ||||||
|   set: |   set: | ||||||
| @@ -98,36 +113,44 @@ tests: | |||||||
|     config.ssh.secret.id_rsa_pub: bar |     config.ssh.secret.id_rsa_pub: bar | ||||||
|     persistence.enabled: true |     persistence.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|  |     - exists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.ssh/config |           mountPath: /root/.ssh/config | ||||||
|           subPath: config |           subPath: config | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.ssh/id_ed25519 |           mountPath: /root/.ssh/id_ed25519 | ||||||
|           subPath: id_ed25519 |           subPath: id_ed25519 | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.ssh/id_ed25519.pub |           mountPath: /root/.ssh/id_ed25519.pub | ||||||
|           subPath: id_ed25519.pub |           subPath: id_ed25519.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.ssh/id_rsa |           mountPath: /root/.ssh/id_rsa | ||||||
|           subPath: id_rsa |           subPath: id_rsa | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.ssh/id_rsa.pub |           mountPath: /root/.ssh/id_rsa.pub | ||||||
|           subPath: id_rsa.pub |           subPath: id_rsa.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -152,6 +175,7 @@ tests: | |||||||
|                   path: id_rsa.pub |                   path: id_rsa.pub | ||||||
|                   mode: 0644 |                   mode: 0644 | ||||||
|                 name: athens-proxy-unittest-ssh |                 name: athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|  |  | ||||||
| - it: Rendering with custom ssh secret | - it: Rendering with custom ssh secret | ||||||
|   set: |   set: | ||||||
| @@ -165,36 +189,44 @@ tests: | |||||||
|     config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key" |     config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key" | ||||||
|     persistence.enabled: true |     persistence.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|  |     - notExists: | ||||||
|  |         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.ssh/config |           mountPath: /root/.ssh/config | ||||||
|           subPath: config |           subPath: config | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.ssh/id_ed25519 |           mountPath: /root/.ssh/id_ed25519 | ||||||
|           subPath: id_ed25519 |           subPath: id_ed25519 | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.ssh/id_ed25519.pub |           mountPath: /root/.ssh/id_ed25519.pub | ||||||
|           subPath: id_ed25519.pub |           subPath: id_ed25519.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.ssh/id_rsa |           mountPath: /root/.ssh/id_rsa | ||||||
|           subPath: id_rsa |           subPath: id_rsa | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.containers[0].volumeMounts |         path: spec.template.spec.containers[0].volumeMounts | ||||||
|         content: |         content: | ||||||
|           name: secrets |           name: secrets | ||||||
|           mountPath: /root/.ssh/id_rsa.pub |           mountPath: /root/.ssh/id_rsa.pub | ||||||
|           subPath: id_rsa.pub |           subPath: id_rsa.pub | ||||||
|  |       template: templates/deployment.yaml | ||||||
|     - contains: |     - contains: | ||||||
|         path: spec.template.spec.volumes |         path: spec.template.spec.volumes | ||||||
|         content: |         content: | ||||||
| @@ -219,3 +251,4 @@ tests: | |||||||
|                   path: id_rsa.pub |                   path: id_rsa.pub | ||||||
|                   mode: 0644 |                   mode: 0644 | ||||||
|                 name: my-custom-secret |                 name: my-custom-secret | ||||||
|  |       template: templates/deployment.yaml | ||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/hpa.yaml | - templates/hpa.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip rendering by default. | - it: Skip rendering by default. | ||||||
|   asserts: |   asserts: | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/ingress.yaml | - templates/ingress.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip ingress by default. | - it: Skip ingress by default. | ||||||
|   asserts: |   asserts: | ||||||
|   | |||||||
| @@ -1,49 +1,30 @@ | |||||||
| chart: | chart: | ||||||
|   appVersion: 0.1.0 |   appVersion: 0.1.0 | ||||||
|   version: 0.1.0 |   version: 0.1.0 | ||||||
| suite: NetworkPolicies template | suite: NetworkPolicy template | ||||||
| release: | release: | ||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/networkPolicies.yaml | - templates/networkPolicy.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip networkPolicies in general disabled. | - it: Skip rendering networkPolicy | ||||||
|   set: |   set: | ||||||
|     networkPolicies.enabled: false |     networkPolicy.enabled: false | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count: 0 |       count: 0 | ||||||
| 
 | 
 | ||||||
| - it: Skip networkPolicy 'default' when disabled. | - it: Render default networkPolicy | ||||||
|   set: |   set: | ||||||
|     networkPolicies.enabled: true |     networkPolicy.enabled: true | ||||||
|     networkPolicies.default.enabled: false |  | ||||||
|   asserts: |  | ||||||
|   - hasDocuments: |  | ||||||
|       count: 0 |  | ||||||
| 
 |  | ||||||
| - it: Loop over networkPolicies |  | ||||||
|   set: |  | ||||||
|     networkPolicies.enabled: true |  | ||||||
|     networkPolicies.default.enabled: false |  | ||||||
|     networkPolicies.nginx.enabled: true |  | ||||||
|     networkPolicies.prometheus.enabled: true |  | ||||||
|   asserts: |  | ||||||
|   - hasDocuments: |  | ||||||
|       count: 2 |  | ||||||
| 
 |  | ||||||
| - it: Template networkPolicy 'default' without policyTypes, egress and ingress configuration |  | ||||||
|   set: |  | ||||||
|     networkPolicies.enabled: true |  | ||||||
|     networkPolicies.default.enabled: true |  | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count:  1 |       count:  1 | ||||||
|   - containsDocument: |   - containsDocument: | ||||||
|       apiVersion: networking.k8s.io/v1 |       apiVersion: networking.k8s.io/v1 | ||||||
|       kind: NetworkPolicy |       kind: NetworkPolicy | ||||||
|       name: athens-proxy-unittest-default |       name: athens-proxy-unittest | ||||||
|       namespace: testing |       namespace: testing | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: metadata.annotations |       path: metadata.annotations | ||||||
| @@ -67,29 +48,28 @@ tests: | |||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.ingress |       path: spec.ingress | ||||||
| 
 | 
 | ||||||
| - it: Template networkPolicy 'default' with policyTypes, egress and ingress configuration | - it: Template networkPolicy with policyTypes, egress and ingress configuration | ||||||
|   set: |   set: | ||||||
|     networkPolicies.enabled: true |     networkPolicy.enabled: true | ||||||
|     networkPolicies.default.enabled: true |     networkPolicy.policyTypes: | ||||||
|     networkPolicies.default.policyTypes: |  | ||||||
|     - Egress |     - Egress | ||||||
|     - Ingress |     - Ingress | ||||||
|     networkPolicies.default.ingress: |     networkPolicy.ingress: | ||||||
|     - from: |     - from: | ||||||
|       - namespaceSelector: |       - namespaceSelector: | ||||||
|           matchLabels: |           matchLabels: | ||||||
|             kubernetes.io/metadata.name: khv-production |             kubernetes.io/metadata.name: monitoring | ||||||
|         podSelector: |         podSelector: | ||||||
|           matchLabels: |           matchLabels: | ||||||
|             app.kubernetes.io/name: prometheus |             app.kubernetes.io/name: prometheus | ||||||
|     networkPolicies.default.egress: |     networkPolicy.egress: | ||||||
|     - to: |     - to: | ||||||
|       - namespaceSelector: |       - namespaceSelector: | ||||||
|           matchLabels: |           matchLabels: | ||||||
|             kubernetes.io/metadata.name: database |             kubernetes.io/metadata.name: ingress-nginx | ||||||
|         podSelector: |         podSelector: | ||||||
|           matchLabels: |           matchLabels: | ||||||
|             app.kubernetes.io/name: oracle |             app.kubernetes.io/name: ingress-nginx | ||||||
|   asserts: |   asserts: | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.policyTypes |       path: spec.policyTypes | ||||||
| @@ -102,17 +82,17 @@ tests: | |||||||
|       - to: |       - to: | ||||||
|         - namespaceSelector: |         - namespaceSelector: | ||||||
|             matchLabels: |             matchLabels: | ||||||
|               kubernetes.io/metadata.name: database |               kubernetes.io/metadata.name: ingress-nginx | ||||||
|           podSelector: |           podSelector: | ||||||
|             matchLabels: |             matchLabels: | ||||||
|               app.kubernetes.io/name: oracle |               app.kubernetes.io/name: ingress-nginx | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.ingress |       path: spec.ingress | ||||||
|       value: |       value: | ||||||
|       - from: |       - from: | ||||||
|         - namespaceSelector: |         - namespaceSelector: | ||||||
|             matchLabels: |             matchLabels: | ||||||
|               kubernetes.io/metadata.name: khv-production |               kubernetes.io/metadata.name: monitoring | ||||||
|           podSelector: |           podSelector: | ||||||
|             matchLabels: |             matchLabels: | ||||||
|               app.kubernetes.io/name: prometheus |               app.kubernetes.io/name: prometheus | ||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/persistentVolumeClaim.yaml | - templates/persistentVolumeClaim.yaml | ||||||
| tests: | tests: | ||||||
| - it: Rendering default | - it: Rendering default | ||||||
|   asserts: |   asserts: | ||||||
|   | |||||||
| @@ -6,16 +6,24 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/secretEnv.yaml | - templates/secretEnv.yaml | ||||||
| tests: | tests: | ||||||
|  | - it: Skip rendering by default | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
| - it: Skip rendering by using existing secret. | - it: Skip rendering by using existing secret. | ||||||
|   set: |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|     config.env.existingSecret.enabled: true |     config.env.existingSecret.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count: 0 |       count: 0 | ||||||
|  |  | ||||||
| - it: Rendering env secret with default values. | - it: Rendering env secret with default values. | ||||||
|  |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count: 1 |       count: 1 | ||||||
| @@ -39,6 +47,7 @@ tests: | |||||||
|  |  | ||||||
| - it: Rendering env secret with custom values. | - it: Rendering env secret with custom values. | ||||||
|   set: |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|     config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token |     config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token | ||||||
|   asserts: |   asserts: | ||||||
|   - isSubset: |   - isSubset: | ||||||
| @@ -48,6 +57,7 @@ tests: | |||||||
|  |  | ||||||
| - it: Rendering custom annotations and labels. | - it: Rendering custom annotations and labels. | ||||||
|   set: |   set: | ||||||
|  |     config.env.enabled: true | ||||||
|     config.env.secret.annotations: |     config.env.secret.annotations: | ||||||
|       foo: bar |       foo: bar | ||||||
|       bar: foo |       bar: foo | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/secretNetRC.yaml | - templates/secretNetRC.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip rendering by default | - it: Skip rendering by default | ||||||
|   asserts: |   asserts: | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/secretSSH.yaml | - templates/secretSSH.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip rendering by using existing secret. | - it: Skip rendering by using existing secret. | ||||||
|   set: |   set: | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/serviceAccount.yaml | - templates/serviceAccount.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip rendering. | - it: Skip rendering. | ||||||
|   set: |   set: | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: athens-proxy-unittest |   name: athens-proxy-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/athens-proxy/serviceHTTP.yaml | - templates/serviceHTTP.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip service when disabled. | - it: Skip service when disabled. | ||||||
|   set: |   set: | ||||||
|   | |||||||
							
								
								
									
										37
									
								
								values.yaml
									
									
									
									
									
								
							
							
						
						
									
										37
									
								
								values.yaml
									
									
									
									
									
								
							| @@ -8,6 +8,9 @@ fullnameOverride: "" | |||||||
| ## @section Configuration | ## @section Configuration | ||||||
| config: | config: | ||||||
|   env: |   env: | ||||||
|  |     ## @param config.env.enabled Enable mounting of the secret as environment variables. | ||||||
|  |     enabled: false | ||||||
|  |  | ||||||
|     ## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables. |     ## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables. | ||||||
|     ## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables. |     ## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables. | ||||||
|     existingSecret: |     existingSecret: | ||||||
| @@ -113,10 +116,10 @@ config: | |||||||
|       annotations: {} |       annotations: {} | ||||||
|       labels: {} |       labels: {} | ||||||
|       content: | |       content: | | ||||||
|         # downloadURL = "https://proxy.golang.org" |         downloadURL = "https://proxy.golang.org" | ||||||
|         # |  | ||||||
|         # mode = "async_redirect" |         mode = "async_redirect" | ||||||
|         # |  | ||||||
|         # download "github.com/gomods/*" { |         # download "github.com/gomods/*" { | ||||||
|         #     mode = "sync" |         #     mode = "sync" | ||||||
|         # } |         # } | ||||||
| @@ -127,7 +130,7 @@ config: | |||||||
|         # |         # | ||||||
|         # download "github.com/pkg/*" { |         # download "github.com/pkg/*" { | ||||||
|         #     mode = "redirect" |         #     mode = "redirect" | ||||||
|         #     downloadURL = "https://gocenter.io" |         #     downloadURL = "https://proxy.golang.org" | ||||||
|         # } |         # } | ||||||
|  |  | ||||||
|   gitConfig: |   gitConfig: | ||||||
| @@ -497,20 +500,16 @@ persistence: | |||||||
|       storageClass: "" |       storageClass: "" | ||||||
|       storageSize: "5Gi" |       storageSize: "5Gi" | ||||||
|  |  | ||||||
| ## @section NetworkPolicies | ## @section Network Policy | ||||||
| ## @param networkPolicies.enabled Enable network policies in general. | networkPolicy: | ||||||
| networkPolicies: |   ## @param networkPolicy.enabled Enable network policies in general. | ||||||
|   enabled: false |   ## @param networkPolicy.annotations Additional network policy annotations. | ||||||
|  |   ## @param networkPolicy.labels Additional network policy labels. | ||||||
|   ## @param networkPolicies.default.enabled Enable the network policy for accessing the application by default. For example to scape the metrics. |   ## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress. | ||||||
|   ## @param networkPolicies.default.annotations Additional network policy annotations. |   ## @param networkPolicy.egress Concrete egress network policy implementation. | ||||||
|   ## @param networkPolicies.default.labels Additional network policy labels. |   ## @skip networkPolicy.egress Skip individual egress configuration. | ||||||
|   ## @param networkPolicies.default.policyTypes List of policy types. Supported is ingress, egress or ingress and egress. |   ## @param networkPolicy.ingress Concrete ingress network policy implementation. | ||||||
|   ## @param networkPolicies.default.egress Concrete egress network policy implementation. |   ## @skip networkPolicy.ingress Skip individual ingress configuration. | ||||||
|   ## @skip networkPolicies.default.egress Skip individual egress configuration. |  | ||||||
|   ## @param networkPolicies.default.ingress Concrete ingress network policy implementation. |  | ||||||
|   ## @skip networkPolicies.default.ingress Skip individual ingress configuration. |  | ||||||
|   default: |  | ||||||
|   enabled: false |   enabled: false | ||||||
|   annotations: {} |   annotations: {} | ||||||
|   labels: {} |   labels: {} | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user