You've already forked athens-proxy-charts
Compare commits
17 Commits
5f78a0f071
...
1.0.1
Author | SHA1 | Date | |
---|---|---|---|
3bce806ed6
|
|||
5c09cf8c79
|
|||
d4b5c0c86f
|
|||
74598b4ee0
|
|||
b06c1962cc
|
|||
991c545c93
|
|||
7c60c70244
|
|||
0e048cdf4b
|
|||
89604cbe64
|
|||
f63450aec4
|
|||
d1e5accccb
|
|||
fbd846784c
|
|||
bab5282617
|
|||
307660c767
|
|||
59b43aac79
|
|||
85a38e7d22
|
|||
2005fb8e05
|
@@ -46,18 +46,7 @@ jobs:
|
||||
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
|
||||
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
|
||||
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
|
||||
|
||||
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
|
||||
GITEA_SERVER_URL: ${{ github.server_url }}
|
||||
run: |
|
||||
PACKAGE_VERSION=${GITHUB_REF#refs/tags/}
|
||||
REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2)
|
||||
REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)
|
||||
|
||||
helm dependency build
|
||||
helm package --version "${PACKAGE_VERSION}" ./
|
||||
|
||||
# chart-museum
|
||||
helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
|
||||
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
|
||||
helm repo remove chartmuseum
|
||||
|
8
.vscode/settings.json
vendored
8
.vscode/settings.json
vendored
@@ -1,8 +0,0 @@
|
||||
{
|
||||
"yaml.schemas": {
|
||||
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [
|
||||
"/unittests/**/*.yaml"
|
||||
]
|
||||
},
|
||||
"yaml.schemaStore.enable": true
|
||||
}
|
@@ -3,7 +3,7 @@ annotations:
|
||||
- name: Athens proxy (binary)
|
||||
url: https://github.com/gomods/athens
|
||||
- name: support
|
||||
url: https://git.cryptic.systems/volker.raschek/athens-proxy/issues
|
||||
url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues
|
||||
apiVersion: v2
|
||||
name: athens-proxy
|
||||
description: Athens proxy server for golang
|
||||
@@ -22,7 +22,3 @@ sources:
|
||||
- https://github.com/volker-raschek/athens-proxy-charts
|
||||
- https://github.com/gomods/athens
|
||||
- https://hub.docker.com/r/gomods/athens
|
||||
|
||||
maintainers:
|
||||
- name: Markus Pesch
|
||||
email: markus.pesch+apps@cryptic.systems
|
||||
|
2
Makefile
2
Makefile
@@ -4,7 +4,7 @@ CONTAINER_RUNTIME?=$(shell which podman)
|
||||
# HELM_IMAGE
|
||||
HELM_IMAGE_REGISTRY_HOST?=docker.io
|
||||
HELM_IMAGE_REPOSITORY?=volkerraschek/helm
|
||||
HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
|
||||
HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm
|
||||
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
|
||||
|
||||
# NODE_IMAGE
|
||||
|
328
README.md
328
README.md
@@ -2,167 +2,174 @@
|
||||
|
||||
[](https://artifacthub.io/packages/search?repo=volker-raschek)
|
||||
|
||||
This is an inofficial helm chart of the go-proxy
|
||||
[athens](https://github.com/gomods/athens) which supports more complex
|
||||
configuration options.
|
||||
> [!NOTE]
|
||||
> This is not the official helm chart of Athens Go Proxy. If you are looking for the official helm chart, checkout the
|
||||
> GitHub project [gomods/athens-charts](https://github.com/gomods/athens-charts).
|
||||
|
||||
This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and
|
||||
can be installed via helm.
|
||||
This helm chart enables the deployment of [Athens Go Proxy](https://github.com/gomods/athens), a module datastore and
|
||||
proxy for Golang.
|
||||
|
||||
The helm chart supports the individual configuration of additional containers/initContainers, mounting of volumes,
|
||||
defining additional environment variables and much more.
|
||||
|
||||
Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure
|
||||
helm and use it to deploy the exporter. It also contains further configuration examples.
|
||||
|
||||
Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
|
||||
helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the
|
||||
*[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)*
|
||||
concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a
|
||||
separate [chapter](#argocd).
|
||||
|
||||
## Helm: configuration and installation
|
||||
|
||||
1. A helm chart repository must be configured, to pull the helm charts from.
|
||||
2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm
|
||||
`--set` flag or directly as part of a `values.yaml` file. The following example defines the repository and use the
|
||||
`--set` flag for a basic deployment.
|
||||
|
||||
```bash
|
||||
helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
|
||||
helm repo update
|
||||
helm install athens-proxy volker.raschek/athens-proxy
|
||||
```
|
||||
|
||||
## Customization
|
||||
Instead of passing all parameters via the *set* flag, it is also possible to define them as part of the `values.yaml`.
|
||||
The following command downloads the `values.yaml` for a specific version of this chart. Please keep in mind, that the
|
||||
version of the chart must be in sync with the `values.yaml`. Newer *minor* versions can have new features. New *major*
|
||||
versions can break something!
|
||||
|
||||
The complete deployment can be adapted via the `values.yaml` files. The
|
||||
configuration of the proxy can be done via the environment variables described
|
||||
below or via mounting the config.toml as additional persistent volume to
|
||||
`/config/config.toml`
|
||||
|
||||
## Access private repositories via SSH
|
||||
|
||||
Create a `configmap.yaml` with multiple keys. One key describe the content of
|
||||
the `.gitconfig` file and another of `config` of the ssh client. All requests
|
||||
Git clone comands with the prefix `http://github.com/` will be replaced by
|
||||
`git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a
|
||||
separate secret.
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: custom-configs
|
||||
data:
|
||||
sshconfig: |
|
||||
Host github.com
|
||||
IdentityFile /root/.ssh/id_ed25519
|
||||
StrictHostKeyChecking no
|
||||
gitconfig: |
|
||||
[url "git@github.com:"]
|
||||
insteadOf = https://github.com/
|
||||
```bash
|
||||
CHART_VERSION=1.0.0
|
||||
helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml
|
||||
```
|
||||
|
||||
The secret definition below contains the SSH private and public key.
|
||||
A complete list of available helm chart versions can be displayed via the following command:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: custom-ssh-keys
|
||||
type: Opaque
|
||||
stringData:
|
||||
id_ed25519: |
|
||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
||||
QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
|
||||
XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
|
||||
AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
|
||||
a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
id_ed25519.pub: |
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe
|
||||
```bash
|
||||
helm search repo reposilite --versions
|
||||
```
|
||||
|
||||
The item `config` of the configmap will be merged with the items of the secret
|
||||
as virtual volume. This volume can than be mounted with special permissions
|
||||
required for the ssh client.
|
||||
The helm chart also contains a persistent volume claim definition. It persistent volume claim is not enabled by default.
|
||||
Use the `--set` argument to persist your data.
|
||||
|
||||
```yaml
|
||||
extraVolumes:
|
||||
- name: ssh
|
||||
projected:
|
||||
defaultMode: 0644
|
||||
sources:
|
||||
- configMap:
|
||||
name: custom-configs
|
||||
items:
|
||||
- key: sshconfig
|
||||
path: config
|
||||
- secret:
|
||||
name: custom-ssh-keys
|
||||
items:
|
||||
- key: id_ed25519
|
||||
path: id_ed25519
|
||||
mode: 0600
|
||||
- key: id_ed25519.pub
|
||||
path: id_ed25519.pub
|
||||
- name: gitconfig
|
||||
configMap:
|
||||
name: custom-configs
|
||||
items:
|
||||
- key: gitconfig
|
||||
path: config
|
||||
mode: 0644
|
||||
|
||||
extraVolumeMounts:
|
||||
- name: ssh
|
||||
mountPath: /root/.ssh
|
||||
- name: gitconfig
|
||||
mountPath: /root/.config/git
|
||||
```bash
|
||||
CHART_VERSION=1.0.0
|
||||
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
|
||||
persistence.enabled=true
|
||||
```
|
||||
|
||||
## Access private GitHub.com repositories via developer token
|
||||
### Examples
|
||||
|
||||
Another way to access private GitHub repositories is via a GitHub token, which
|
||||
can be set via the environment variable `GITHUB_TOKEN`. Athens automatically
|
||||
creates a `.netrc` file to access private GitHub repositories.
|
||||
The following examples serve as individual configurations and as inspiration for how deployment problems can be solved.
|
||||
|
||||
## Access private repositories via .netrc configuration
|
||||
#### Avoid CPU throttling by defining a CPU limit
|
||||
|
||||
As describe above, a `.netrc` file is responsible for the authentication via
|
||||
HTTP. The file can also be defined via a custom secret and mounted into the home
|
||||
directory of `root` for general authentication purpose.
|
||||
If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the
|
||||
application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but
|
||||
cannot use the available CPU time to perform computing operations.
|
||||
|
||||
The example below describe the definition and mounting of a custom `.netrc` file
|
||||
to access private repositories hosted on GitHub and GitLab.
|
||||
The application must be informed that despite several CPUs only a part (limit) of the available computing time is
|
||||
available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way
|
||||
of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS
|
||||
rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: custom-netrc
|
||||
type: Opaque
|
||||
stringData:
|
||||
netrc: |
|
||||
machine github.com login USERNAME password API-KEY
|
||||
machine gitlab.com login USERNAME password API-KEY
|
||||
Further information about this topic can be found in one of Kanishk's blog
|
||||
[posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
|
||||
|
||||
> [!NOTE]
|
||||
> The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is
|
||||
> not anymore required.
|
||||
>
|
||||
> Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
|
||||
|
||||
```bash
|
||||
CHART_VERSION=1.0.0
|
||||
helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
|
||||
--set 'deployment.athensProxy.env.name=GOMAXPROCS' \
|
||||
--set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
|
||||
--set 'deployment.athensProxy.resources.limits.cpu=1000m'
|
||||
```
|
||||
|
||||
The file must then be mounted via extraVolumes and extraVolumeMounts.
|
||||
#### Network policies
|
||||
|
||||
Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
|
||||
network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`.
|
||||
|
||||
The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming
|
||||
traffic from an ingress controller. Additionally two egress rules are defined. The first one to allow the application
|
||||
outgoing access to the internal running DNS server `core-dns`. The second rule to be able to access the upstream Go
|
||||
proxy `https://proxy.golang.org` via HTTPS.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For
|
||||
> this reason, there is are not default network policy rules defined.
|
||||
|
||||
```yaml
|
||||
extraVolumes:
|
||||
- name: netrc
|
||||
secret:
|
||||
secretName: custom-netrc
|
||||
items:
|
||||
- key: netrc
|
||||
path: .netrc
|
||||
mode: 0600
|
||||
networkPolicies:
|
||||
enabled: true
|
||||
annotations: {}
|
||||
labels: {}
|
||||
policyTypes:
|
||||
- Egress
|
||||
- Ingress
|
||||
egress:
|
||||
- to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: kube-system
|
||||
podSelector:
|
||||
matchLabels:
|
||||
k8s-app: kube-dns
|
||||
ports:
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
- ports:
|
||||
- port: 443
|
||||
protocol: TCP
|
||||
|
||||
extraVolumeMounts:
|
||||
- name: netrc
|
||||
mountPath: /root
|
||||
ingress:
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: ingress-nginx
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
ports:
|
||||
- port: http
|
||||
protocol: TCP
|
||||
```
|
||||
|
||||
## Persistent storage
|
||||
## ArgoCD
|
||||
|
||||
Unlike the athens default, the default here is `disk` - i.e. the files are
|
||||
written to the container. Therefore, it is advisable to outsource the
|
||||
corresponding storage location to persistent storage. The following example
|
||||
describes the integration of a persistent storage claim.
|
||||
### Daily execution of rolling updates
|
||||
|
||||
```yaml
|
||||
extraVolumes:
|
||||
- name: gomodules
|
||||
persistentVolumeClaim:
|
||||
claimName: custom-gomodules-pvc
|
||||
The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in
|
||||
connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll
|
||||
Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments).
|
||||
|
||||
extraVolumeMounts:
|
||||
- name: gomodules
|
||||
mountPath: /var/lib/athens
|
||||
The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the
|
||||
content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version,
|
||||
Helm render order, different timestamps).
|
||||
|
||||
This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this
|
||||
can lead to unnecessary notifications from ArgoCD.
|
||||
|
||||
To avoid this, the annotation with the shasum must be ignored. Below is a diff that adds the `Application` to ignore all
|
||||
annotations with the prefix `checksum`.
|
||||
|
||||
```diff
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
spec:
|
||||
+ ignoreDifferences:
|
||||
+ - group: apps/v1
|
||||
+ kind: Deployment
|
||||
+ jqPathExpressions:
|
||||
+ - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))'
|
||||
```
|
||||
|
||||
## Parameters
|
||||
@@ -177,7 +184,8 @@ extraVolumeMounts:
|
||||
### Configuration
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
|
||||
| `config.env.enabled` | Enable mounting of the secret as environment variables. | `false` |
|
||||
| `config.env.existingSecret.enabled` | Mount an existing secret containing the application specific environment variables. | `false` |
|
||||
| `config.env.existingSecret.secretName` | Name of the existing secret containing the application specific environment variables. | `""` |
|
||||
| `config.env.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
|
||||
@@ -189,55 +197,18 @@ extraVolumeMounts:
|
||||
| `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored. | `downloadMode` |
|
||||
| `config.downloadMode.configMap.annotations` | Additional annotations of the config map containing the download mode file. | `{}` |
|
||||
| `config.downloadMode.configMap.labels` | Additional labels of the config map containing the download mode file. | `{}` |
|
||||
| `config.downloadMode.configMap.content` | The content of the download mode file. | `# downloadURL = "https://proxy.golang.org"
|
||||
#
|
||||
# mode = "async_redirect"
|
||||
#
|
||||
# download "github.com/gomods/*" {
|
||||
# mode = "sync"
|
||||
# }
|
||||
#
|
||||
# download "golang.org/x/*" {
|
||||
# mode = "none"
|
||||
# }
|
||||
#
|
||||
# download "github.com/pkg/*" {
|
||||
# mode = "redirect"
|
||||
# downloadURL = "https://gocenter.io"
|
||||
# }
|
||||
` |
|
||||
| `config.gitConfig.enabled` | Enable mounting of a .gitconfig file into the container file system. | `false` |
|
||||
| `config.gitConfig.existingConfigMap.enabled` | Enable to use an external config map for mounting the .gitconfig file. | `false` |
|
||||
| `config.gitConfig.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the .gitconfig file. | `""` |
|
||||
| `config.gitConfig.existingConfigMap.gitConfigKey` | The name of the key inside the config map where the content of the .gitconfig file is stored. | `nil` |
|
||||
| `config.gitConfig.configMap.annotations` | Additional annotations of the config map containing the .gitconfig file. | `{}` |
|
||||
| `config.gitConfig.configMap.labels` | Additional labels of the config map containing the .gitconfig file. | `{}` |
|
||||
| `config.gitConfig.configMap.content` | The content of the .gitconfig file. | `# The .gitconfig file
|
||||
#
|
||||
# The .gitconfig file contains the user specific git configuration. It generally resides in the user's home
|
||||
# directory.
|
||||
#
|
||||
# [url "git@github.com:"] insteadOf = https://github.com/
|
||||
` |
|
||||
| `config.netrc.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
|
||||
| `config.netrc.existingSecret.enabled` | Enable to use an external secret for mounting the .netrc file. | `false` |
|
||||
| `config.netrc.existingSecret.secretName` | The name of the existing secret which should be used to mount the .netrc file. | `""` |
|
||||
| `config.netrc.existingSecret.netrcKey` | The name of the key inside the secret where the content of the .netrc file is stored. | `.netrc` |
|
||||
| `config.netrc.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
|
||||
| `config.netrc.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
|
||||
| `config.netrc.secret.content` | The content of the .netrc file. | `# The .netrc file
|
||||
#
|
||||
# The .netrc file contains login and initialization information used by the auto-login process. It generally
|
||||
# resides in the user's home directory, but a location outside of the home directory can be set using the
|
||||
# environment variable NETRC. Both locations are overridden by the command line option -N. The selected file
|
||||
# must be a regular file, or access will be denied.
|
||||
#
|
||||
# https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html
|
||||
#
|
||||
# default login [name] password [password/token]
|
||||
# machine github.com [octocat] password [PAT]
|
||||
# machine api.github.com [octocat] password [PAT]
|
||||
` |
|
||||
| `config.ssh.enabled` | Enable mounting of a .netrc file into the container file system. | `false` |
|
||||
| `config.ssh.existingSecret.enabled` | Enable to use an external secret for mounting the public and private SSH key files. | `false` |
|
||||
| `config.ssh.existingSecret.secretName` | The name of the existing secret which should be used to mount the public and private SSH key files. | `""` |
|
||||
@@ -248,10 +219,6 @@ extraVolumeMounts:
|
||||
| `config.ssh.existingSecret.id_rsaPubKey` | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored. | `id_rsa.pub` |
|
||||
| `config.ssh.secret.annotations` | Additional annotations of the secret containing the public and private SSH key files. | `{}` |
|
||||
| `config.ssh.secret.labels` | Additional labels of the secret containing the public and private SSH key files. | `{}` |
|
||||
| `config.ssh.secret.config` | The content of the SSH client config file. | `# Host *
|
||||
# IdentityFile ~/.ssh/id_ed25519
|
||||
# IdentityFile ~/.ssh/id_rsa
|
||||
` |
|
||||
|
||||
### Deployment
|
||||
|
||||
@@ -328,17 +295,16 @@ extraVolumeMounts:
|
||||
| `persistence.data.persistentVolumeClaim.storageClass` | Storage class of the persistent volume claim. | `""` |
|
||||
| `persistence.data.persistentVolumeClaim.storageSize` | Size of the persistent volume claim. | `5Gi` |
|
||||
|
||||
### NetworkPolicies
|
||||
### Network Policy
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------- |
|
||||
| `networkPolicies.enabled` | Enable network policies in general. | `false` |
|
||||
| `networkPolicies.default.enabled` | Enable the network policy for accessing the application by default. For example to scape the metrics. | `false` |
|
||||
| `networkPolicies.default.annotations` | Additional network policy annotations. | `{}` |
|
||||
| `networkPolicies.default.labels` | Additional network policy labels. | `{}` |
|
||||
| `networkPolicies.default.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]` |
|
||||
| `networkPolicies.default.egress` | Concrete egress network policy implementation. | `[]` |
|
||||
| `networkPolicies.default.ingress` | Concrete ingress network policy implementation. | `[]` |
|
||||
| --------------------------- | ------------------------------------------------------------------------- | ------- |
|
||||
| `networkPolicy.enabled` | Enable network policies in general. | `false` |
|
||||
| `networkPolicy.annotations` | Additional network policy annotations. | `{}` |
|
||||
| `networkPolicy.labels` | Additional network policy labels. | `{}` |
|
||||
| `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]` |
|
||||
| `networkPolicy.egress` | Concrete egress network policy implementation. | `[]` |
|
||||
| `networkPolicy.ingress` | Concrete ingress network policy implementation. | `[]` |
|
||||
|
||||
### Service
|
||||
|
||||
|
@@ -9,6 +9,7 @@
|
||||
],
|
||||
"customManagers": [
|
||||
{
|
||||
"customType": "regex",
|
||||
"fileMatch": [
|
||||
"^Chart\\.yaml$"
|
||||
],
|
||||
@@ -21,6 +22,7 @@
|
||||
"versioningTemplate": "semver"
|
||||
},
|
||||
{
|
||||
"customType": "regex",
|
||||
"fileMatch": ["^README\\.md$"],
|
||||
"matchStrings": [
|
||||
"VERSION=(?<currentValue>.*)"
|
||||
@@ -32,6 +34,20 @@
|
||||
}
|
||||
],
|
||||
"packageRules": [
|
||||
{
|
||||
"groupName": "Update docker.io/volkerraschek/helm",
|
||||
"matchDepNames": [
|
||||
"docker.io/volkerraschek/helm",
|
||||
"volkerraschek/helm"
|
||||
]
|
||||
},
|
||||
{
|
||||
"groupName": "Update docker.io/library/node",
|
||||
"matchDepNames": [
|
||||
"docker.io/library/node",
|
||||
"library/node"
|
||||
]
|
||||
},
|
||||
{
|
||||
"addLabels": [
|
||||
"renovate/automerge",
|
||||
|
@@ -34,6 +34,18 @@
|
||||
{{/* envFrom */}}
|
||||
|
||||
{{- define "athens-proxy.deployment.envFrom" -}}
|
||||
{{- $envFrom := .Values.deployment.athensProxy.envFrom | default (list) }}
|
||||
|
||||
{{- if .Values.config.env.enabled }}
|
||||
{{- $secretName := include "athens-proxy.secrets.env.name" $ }}
|
||||
{{- if and .Values.config.env.existingSecret.enabled (gt (len .Values.config.env.existingSecret.secretName) 0)}}
|
||||
{{- $secretName = .Values.config.env.existingSecret.secretName }}
|
||||
{{- end }}
|
||||
{{- $envFrom = concat $envFrom (list (dict "secretRef" (dict "name" $secretName))) }}
|
||||
{{- end }}
|
||||
|
||||
{{ toYaml (dict "envFrom" $envFrom) }}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{/* image */}}
|
||||
@@ -42,7 +54,7 @@
|
||||
{{- $registry := .Values.deployment.athensProxy.image.registry -}}
|
||||
{{- $repository := .Values.deployment.athensProxy.image.repository -}}
|
||||
{{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}}
|
||||
{{- printf "%s/%s:v%s" $registry $repository $tag -}}
|
||||
{{- printf "%s/%s:%s" $registry $repository $tag -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* labels */}}
|
19
templates/_networkPolicy.tpl
Normal file
19
templates/_networkPolicy.tpl
Normal file
@@ -0,0 +1,19 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "athens-proxy.networkPolicy.annotations" -}}
|
||||
{{ include "athens-proxy.annotations" . }}
|
||||
{{- if .Values.networkPolicy.annotations }}
|
||||
{{ toYaml .Values.networkPolicy.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "athens-proxy.networkPolicy.labels" -}}
|
||||
{{ include "athens-proxy.labels" . }}
|
||||
{{- if .Values.networkPolicy.labels }}
|
||||
{{ toYaml .Values.networkPolicy.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
34
templates/_pod.tpl
Normal file
34
templates/_pod.tpl
Normal file
@@ -0,0 +1,34 @@
|
||||
---
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "athens-proxy.pod.annotations" }}
|
||||
{{- include "athens-proxy.annotations" . }}
|
||||
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
|
||||
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }}
|
||||
{{- end }}
|
||||
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
|
||||
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }}
|
||||
{{- end }}
|
||||
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
|
||||
{{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }}
|
||||
{{- end }}
|
||||
{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
|
||||
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }}
|
||||
{{- end }}
|
||||
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
|
||||
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "athens-proxy.pod.labels" -}}
|
||||
{{ include "athens-proxy.labels" . }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "athens-proxy.pod.selectorLabels" -}}
|
||||
{{ include "athens-proxy.selectorLabels" . }}
|
||||
{{- end }}
|
@@ -1,19 +0,0 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "athens-proxy.networkPolicies.annotations" -}}
|
||||
{{ include "athens-proxy.annotations" .context }}
|
||||
{{- if .networkPolicy.annotations }}
|
||||
{{ toYaml .networkPolicy.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "athens-proxy.networkPolicies.labels" -}}
|
||||
{{ include "athens-proxy.labels" .context }}
|
||||
{{- if .networkPolicy.labels }}
|
||||
{{ toYaml .networkPolicy.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@@ -1,17 +0,0 @@
|
||||
---
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "athens-proxy.pod.annotations" -}}
|
||||
{{ include "athens-proxy.annotations" . }}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "athens-proxy.pod.labels" -}}
|
||||
{{ include "athens-proxy.labels" . }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "athens-proxy.pod.selectorLabels" -}}
|
||||
{{ include "athens-proxy.selectorLabels" . }}
|
||||
{{- end }}
|
@@ -1,36 +0,0 @@
|
||||
{{- if .Values.networkPolicies.enabled }}
|
||||
{{- range $key, $value := .Values.networkPolicies -}}
|
||||
{{- if and (not (eq $key "enabled")) $value.enabled }}
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
{{- with (include "athens-proxy.networkPolicies.annotations" (dict "networkPolicy" $value "context" $) | fromYaml) }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "athens-proxy.networkPolicies.labels" (dict "networkPolicy" $value "context" $) | fromYaml) }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ printf "%s-%s" (include "athens-proxy.fullname" $ ) $key }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }}
|
||||
{{- with $value.policyTypes }}
|
||||
policyTypes:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with $value.egress }}
|
||||
egress:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with $value.ingress }}
|
||||
ingress:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@@ -1,4 +1,4 @@
|
||||
{{- if not .Values.config.downloadMode.existingConfigMap.enabled }}
|
||||
{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
@@ -1,4 +1,4 @@
|
||||
{{- if not .Values.config.gitConfig.existingConfigMap.enabled }}
|
||||
{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
32
templates/networkPolicy.yaml
Normal file
32
templates/networkPolicy.yaml
Normal file
@@ -0,0 +1,32 @@
|
||||
{{- if .Values.networkPolicy.enabled }}
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
{{- with (include "athens-proxy.networkPolicy.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "athens-proxy.networkPolicy.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "athens-proxy.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }}
|
||||
{{- with .Values.networkPolicy.policyTypes }}
|
||||
policyTypes:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.networkPolicy.egress }}
|
||||
egress:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.networkPolicy.ingress }}
|
||||
ingress:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@@ -1,4 +1,4 @@
|
||||
{{- if not .Values.config.env.existingSecret.enabled }}
|
||||
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
@@ -1,4 +1,4 @@
|
||||
{{- if not .Values.config.ssh.existingSecret.enabled }}
|
||||
{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
@@ -6,16 +6,24 @@ release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/configMapDownloadMode.yaml
|
||||
- templates/configMapDownloadMode.yaml
|
||||
tests:
|
||||
- it: Skip rending by default.
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Skip rending by using existing config map.
|
||||
set:
|
||||
config.downloadMode.enabled: true
|
||||
config.downloadMode.existingConfigMap.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Rendering by default.
|
||||
- it: Rendering with default values
|
||||
set:
|
||||
config.downloadMode.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
@@ -37,10 +45,10 @@ tests:
|
||||
- equal:
|
||||
path: data.downloadMode
|
||||
value: |
|
||||
# downloadURL = "https://proxy.golang.org"
|
||||
#
|
||||
# mode = "async_redirect"
|
||||
#
|
||||
downloadURL = "https://proxy.golang.org"
|
||||
|
||||
mode = "async_redirect"
|
||||
|
||||
# download "github.com/gomods/*" {
|
||||
# mode = "sync"
|
||||
# }
|
||||
@@ -51,11 +59,12 @@ tests:
|
||||
#
|
||||
# download "github.com/pkg/*" {
|
||||
# mode = "redirect"
|
||||
# downloadURL = "https://gocenter.io"
|
||||
# downloadURL = "https://proxy.golang.org"
|
||||
# }
|
||||
|
||||
- it: Rendering custom annotations and labels.
|
||||
set:
|
||||
config.downloadMode.enabled: true
|
||||
config.downloadMode.configMap.annotations:
|
||||
foo: bar
|
||||
bar: foo
|
||||
@@ -76,6 +85,7 @@ tests:
|
||||
|
||||
- it: Rendering custom configuration
|
||||
set:
|
||||
config.downloadMode.enabled: true
|
||||
config.downloadMode.configMap.content: |
|
||||
downloadURL = "https://proxy.golang.org"
|
||||
mode = "async_redirect"
|
||||
|
@@ -6,16 +6,24 @@ release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/configMapGitConfig.yaml
|
||||
- templates/configMapGitConfig.yaml
|
||||
tests:
|
||||
- it: Skip rending by default.
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Skip rending by using existing config map.
|
||||
set:
|
||||
config.gitConfig.enabled: true
|
||||
config.gitConfig.existingConfigMap.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Rendering by default.
|
||||
set:
|
||||
config.gitConfig.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
@@ -46,6 +54,7 @@ tests:
|
||||
|
||||
- it: Rendering custom annotations and labels.
|
||||
set:
|
||||
config.gitConfig.enabled: true
|
||||
config.gitConfig.configMap.annotations:
|
||||
foo: bar
|
||||
bar: foo
|
||||
@@ -66,6 +75,7 @@ tests:
|
||||
|
||||
- it: Rendering custom configuration
|
||||
set:
|
||||
config.gitConfig.enabled: true
|
||||
config.gitConfig.configMap.content: |
|
||||
[url "git@github.com:"]
|
||||
insteadOf = https://github.com/
|
||||
|
@@ -6,22 +6,22 @@ release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/deployment.yaml
|
||||
- templates/deployment.yaml
|
||||
tests:
|
||||
- it: Rendering default
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- containsDocument:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
@@ -30,11 +30,11 @@ tests:
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.replicas
|
||||
value: 1
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.metadata.labels
|
||||
value:
|
||||
@@ -43,74 +43,74 @@ tests:
|
||||
app.kubernetes.io/name: athens-proxy
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: athens-proxy-0.1.0
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.affinity
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].args
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].command
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].envFrom
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: docker.io/gomods/athens:v0.1.0
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
value: docker.io/gomods/athens:0.1.0
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].imagePullPolicy
|
||||
value: IfNotPresent
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].resources
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].securityContext
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.dnsConfig
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.dnsPolicy
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.hostname
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.hostNetwork
|
||||
value: false
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.imagePullSecrets
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.nodeSelector
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.priorityClassName
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.restartPolicy
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.subdomain
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.terminationGracePeriodSeconds
|
||||
value: 60
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.tolerations
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.topologySpreadConstraints
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.strategy
|
||||
value:
|
||||
@@ -118,7 +118,7 @@ tests:
|
||||
rollingUpdate:
|
||||
maxSurge: 1
|
||||
maxUnavailable: 1
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom replicas
|
||||
set:
|
||||
@@ -130,7 +130,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.replicas
|
||||
value: 3
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom affinity
|
||||
set:
|
||||
@@ -160,7 +160,7 @@ tests:
|
||||
values:
|
||||
- antarctica-east1
|
||||
- antarctica-west1
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test additional arguments
|
||||
set:
|
||||
@@ -176,7 +176,7 @@ tests:
|
||||
value:
|
||||
- --foo=bar
|
||||
- --bar=foo
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test additional command
|
||||
set:
|
||||
@@ -194,7 +194,7 @@ tests:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- "echo hello"
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom imageRegistry and imageRepository
|
||||
set:
|
||||
@@ -206,8 +206,8 @@ tests:
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: registry.example.local/path/special/athens-proxy:v0.1.0
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
value: registry.example.local/path/special/athens-proxy:0.1.0
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom imagePullPolicy
|
||||
set:
|
||||
@@ -219,7 +219,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].imagePullPolicy
|
||||
value: Always
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom resource limits and requests
|
||||
set:
|
||||
@@ -242,7 +242,7 @@ tests:
|
||||
resourceFieldRef:
|
||||
divisor: "1"
|
||||
resource: limits.cpu
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].resources
|
||||
value:
|
||||
@@ -252,7 +252,7 @@ tests:
|
||||
requests:
|
||||
cpu: 25m
|
||||
memory: 100MB
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom securityContext
|
||||
set:
|
||||
@@ -282,7 +282,7 @@ tests:
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test dnsConfig
|
||||
set:
|
||||
@@ -300,7 +300,7 @@ tests:
|
||||
nameservers:
|
||||
- "8.8.8.8"
|
||||
- "8.8.4.4"
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test dnsPolicy
|
||||
set:
|
||||
@@ -312,7 +312,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.dnsPolicy
|
||||
value: ClusterFirst
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test hostNetwork, hostname, subdomain
|
||||
set:
|
||||
@@ -326,15 +326,15 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.hostNetwork
|
||||
value: true
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.hostname
|
||||
value: pg-exporter
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.subdomain
|
||||
value: exporters.internal
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test imagePullSecrets
|
||||
set:
|
||||
@@ -350,7 +350,7 @@ tests:
|
||||
value:
|
||||
- name: my-pull-secret
|
||||
- name: my-special-secret
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test nodeSelector
|
||||
set:
|
||||
@@ -364,7 +364,7 @@ tests:
|
||||
path: spec.template.spec.nodeSelector
|
||||
value:
|
||||
foo: bar
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test priorityClassName
|
||||
set:
|
||||
@@ -376,7 +376,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.priorityClassName
|
||||
value: my-priority
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test restartPolicy
|
||||
set:
|
||||
@@ -388,7 +388,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.restartPolicy
|
||||
value: Always
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test terminationGracePeriodSeconds
|
||||
set:
|
||||
@@ -400,7 +400,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.terminationGracePeriodSeconds
|
||||
value: 120
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test tolerations
|
||||
set:
|
||||
@@ -420,7 +420,7 @@ tests:
|
||||
operator: Equal
|
||||
value: postgres
|
||||
effect: NoSchedule
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test topologySpreadConstraints
|
||||
set:
|
||||
@@ -442,7 +442,7 @@ tests:
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/instance: athens-proxy
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test additional volumeMounts and volumes
|
||||
set:
|
||||
@@ -462,5 +462,4 @@ tests:
|
||||
value:
|
||||
- name: data
|
||||
mountPath: /usr/lib/athens-proxy/data
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
|
||||
template: templates/deployment.yaml
|
||||
|
@@ -6,42 +6,57 @@ release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/deployment.yaml
|
||||
- templates/configMapDownloadMode.yaml
|
||||
- templates/configMapGitConfig.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/secretNetRC.yaml
|
||||
- templates/secretSSH.yaml
|
||||
tests:
|
||||
- it: Rendering default without mounted download mode config map
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: ATHENS_DOWNLOAD_MODE
|
||||
value: file:/etc/athens/config/download-mode.d/download-mode
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: download-mode
|
||||
mountPath: /etc/athens/config/download-mode.d
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: download-mode
|
||||
configMap:
|
||||
name: athens-proxy-unittest-download-mode-file
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering default with mounted gitconfig configMap
|
||||
set:
|
||||
config.downloadMode.enabled: true
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- exists:
|
||||
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: ATHENS_DOWNLOAD_MODE
|
||||
value: file:/etc/athens/config/download-mode.d/download-mode
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: download-mode
|
||||
mountPath: /etc/athens/config/download-mode.d
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
@@ -52,6 +67,7 @@ tests:
|
||||
mode: 0644
|
||||
path: download-mode
|
||||
name: athens-proxy-unittest-download-mode-file
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering with custom download mode configMap
|
||||
set:
|
||||
@@ -61,16 +77,21 @@ tests:
|
||||
config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key"
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: ATHENS_DOWNLOAD_MODE
|
||||
value: file:/etc/athens/config/download-mode.d/download-mode
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: download-mode
|
||||
mountPath: /etc/athens/config/download-mode.d
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
@@ -81,3 +102,4 @@ tests:
|
||||
path: "download-mode"
|
||||
mode: 0644
|
||||
name: my-custom-configmap
|
||||
template: templates/deployment.yaml
|
51
unittests/deployment/env.yaml
Normal file
51
unittests/deployment/env.yaml
Normal file
@@ -0,0 +1,51 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Deployment template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/deployment.yaml
|
||||
- templates/secretEnv.yaml
|
||||
tests:
|
||||
- it: Rendering default without mounted env secret
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].envFrom
|
||||
content:
|
||||
secretRef:
|
||||
name: athens-proxy-unittest-env
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering default with mounted env secret
|
||||
set:
|
||||
config.env.enabled: true
|
||||
asserts:
|
||||
- exists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].envFrom
|
||||
content:
|
||||
secretRef:
|
||||
name: athens-proxy-unittest-env
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering default with mounted env secret
|
||||
set:
|
||||
config.env.enabled: true
|
||||
config.env.existingSecret.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].envFrom
|
||||
content:
|
||||
secretRef:
|
||||
name: athens-proxy-unittest-env
|
||||
template: templates/deployment.yaml
|
@@ -6,16 +6,24 @@ release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/deployment.yaml
|
||||
- templates/configMapDownloadMode.yaml
|
||||
- templates/configMapGitConfig.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/secretNetRC.yaml
|
||||
- templates/secretSSH.yaml
|
||||
tests:
|
||||
- it: Rendering default without mounted git config map
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.gitconfig
|
||||
subPath: .gitconfig
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
@@ -28,18 +36,23 @@ tests:
|
||||
path: .gitconfig
|
||||
mode: 0600
|
||||
name: athens-proxy-unittest-gitconfig
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering default with mounted gitconfig configMap
|
||||
set:
|
||||
config.gitConfig.enabled: true
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- exists:
|
||||
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.gitconfig
|
||||
subPath: .gitconfig
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
@@ -52,6 +65,7 @@ tests:
|
||||
path: .gitconfig
|
||||
mode: 0644
|
||||
name: athens-proxy-unittest-gitconfig
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering with custom gitconfig configMap
|
||||
set:
|
||||
@@ -61,12 +75,16 @@ tests:
|
||||
config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key"
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.gitconfig
|
||||
subPath: .gitconfig
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
@@ -79,3 +97,4 @@ tests:
|
||||
path: .gitconfig
|
||||
mode: 0644
|
||||
name: my-custom-configmap
|
||||
template: templates/deployment.yaml
|
@@ -6,15 +6,23 @@ release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/deployment.yaml
|
||||
- templates/configMapDownloadMode.yaml
|
||||
- templates/configMapGitConfig.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/secretNetRC.yaml
|
||||
- templates/secretSSH.yaml
|
||||
tests:
|
||||
- it: Rendering default without mounted netrc secret
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: netrc
|
||||
mountPath: /root
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
@@ -27,18 +35,23 @@ tests:
|
||||
path: .netrc
|
||||
mode: 0600
|
||||
name: athens-proxy-unittest-netrc
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering default with mounted netrc secret
|
||||
set:
|
||||
config.netrc.enabled: true
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- exists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.netrc
|
||||
subPath: .netrc
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
@@ -51,6 +64,7 @@ tests:
|
||||
path: .netrc
|
||||
mode: 0600
|
||||
name: athens-proxy-unittest-netrc
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering with custom netrc secret
|
||||
set:
|
||||
@@ -60,12 +74,16 @@ tests:
|
||||
config.netrc.existingSecret.netrcKey: "my-netrc-key"
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netc
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.netrc
|
||||
subPath: .netrc
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
@@ -78,3 +96,4 @@ tests:
|
||||
path: .netrc
|
||||
mode: 0600
|
||||
name: my-custom-secret
|
||||
template: templates/deployment.yaml
|
@@ -6,7 +6,11 @@ release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/deployment.yaml
|
||||
- templates/configMapDownloadMode.yaml
|
||||
- templates/configMapGitConfig.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/secretNetRC.yaml
|
||||
- templates/secretSSH.yaml
|
||||
tests:
|
||||
- it: Test persistent volume claim
|
||||
set:
|
||||
@@ -17,26 +21,26 @@ tests:
|
||||
content:
|
||||
name: ATHENS_STORAGE_TYPE
|
||||
value: disk
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: ATHENS_DISK_STORAGE_ROOT
|
||||
value: /var/www/athens-proxy/data
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: data
|
||||
mountPath: /var/www/athens-proxy/data
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: athens-proxy-unittest-data
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test existing persistent volume claim
|
||||
set:
|
||||
@@ -51,23 +55,23 @@ tests:
|
||||
content:
|
||||
name: ATHENS_STORAGE_TYPE
|
||||
value: disk
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: ATHENS_DISK_STORAGE_ROOT
|
||||
value: /mnt/go-proxy/data
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: data
|
||||
mountPath: /mnt/go-proxy/data
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: my-special-pvc
|
||||
template: templates/athens-proxy/deployment.yaml
|
||||
template: templates/deployment.yaml
|
@@ -6,40 +6,52 @@ release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/deployment.yaml
|
||||
- templates/configMapDownloadMode.yaml
|
||||
- templates/configMapGitConfig.yaml
|
||||
- templates/deployment.yaml
|
||||
- templates/secretNetRC.yaml
|
||||
- templates/secretSSH.yaml
|
||||
tests:
|
||||
- it: Rendering default without mounted ssh secret
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/config
|
||||
subPath: config
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_ed25519
|
||||
subPath: id_ed25519
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_ed25519.pub
|
||||
subPath: id_ed25519.pub
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_rsa
|
||||
subPath: id_rsa
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_rsa.pub
|
||||
subPath: id_rsa.pub
|
||||
template: templates/deployment.yaml
|
||||
- notContains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
@@ -64,6 +76,7 @@ tests:
|
||||
path: id_rsa.pub
|
||||
mode: 0644
|
||||
name: athens-proxy-unittest-ssh
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering default with mounted ssh config
|
||||
set:
|
||||
@@ -76,6 +89,7 @@ tests:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/config
|
||||
subPath: config
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
@@ -88,6 +102,7 @@ tests:
|
||||
path: config
|
||||
mode: 0600
|
||||
name: athens-proxy-unittest-ssh
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering default with mounted ssh keys
|
||||
set:
|
||||
@@ -98,36 +113,44 @@ tests:
|
||||
config.ssh.secret.id_rsa_pub: bar
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- exists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/config
|
||||
subPath: config
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_ed25519
|
||||
subPath: id_ed25519
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_ed25519.pub
|
||||
subPath: id_ed25519.pub
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_rsa
|
||||
subPath: id_rsa
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_rsa.pub
|
||||
subPath: id_rsa.pub
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
@@ -152,6 +175,7 @@ tests:
|
||||
path: id_rsa.pub
|
||||
mode: 0644
|
||||
name: athens-proxy-unittest-ssh
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering with custom ssh secret
|
||||
set:
|
||||
@@ -165,36 +189,44 @@ tests:
|
||||
config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key"
|
||||
persistence.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/config
|
||||
subPath: config
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_ed25519
|
||||
subPath: id_ed25519
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_ed25519.pub
|
||||
subPath: id_ed25519.pub
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_rsa
|
||||
subPath: id_rsa
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: secrets
|
||||
mountPath: /root/.ssh/id_rsa.pub
|
||||
subPath: id_rsa.pub
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
@@ -219,3 +251,4 @@ tests:
|
||||
path: id_rsa.pub
|
||||
mode: 0644
|
||||
name: my-custom-secret
|
||||
template: templates/deployment.yaml
|
@@ -6,7 +6,7 @@ release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/hpa.yaml
|
||||
- templates/hpa.yaml
|
||||
tests:
|
||||
- it: Skip rendering by default.
|
||||
asserts:
|
||||
|
@@ -6,7 +6,7 @@ release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/ingress.yaml
|
||||
- templates/ingress.yaml
|
||||
tests:
|
||||
- it: Skip ingress by default.
|
||||
asserts:
|
||||
|
@@ -1,49 +1,30 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: NetworkPolicies template
|
||||
suite: NetworkPolicy template
|
||||
release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/networkPolicies.yaml
|
||||
- templates/networkPolicy.yaml
|
||||
tests:
|
||||
- it: Skip networkPolicies in general disabled.
|
||||
- it: Skip rendering networkPolicy
|
||||
set:
|
||||
networkPolicies.enabled: false
|
||||
networkPolicy.enabled: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Skip networkPolicy 'default' when disabled.
|
||||
- it: Render default networkPolicy
|
||||
set:
|
||||
networkPolicies.enabled: true
|
||||
networkPolicies.default.enabled: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Loop over networkPolicies
|
||||
set:
|
||||
networkPolicies.enabled: true
|
||||
networkPolicies.default.enabled: false
|
||||
networkPolicies.nginx.enabled: true
|
||||
networkPolicies.prometheus.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 2
|
||||
|
||||
- it: Template networkPolicy 'default' without policyTypes, egress and ingress configuration
|
||||
set:
|
||||
networkPolicies.enabled: true
|
||||
networkPolicies.default.enabled: true
|
||||
networkPolicy.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
name: athens-proxy-unittest-default
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
@@ -67,29 +48,28 @@ tests:
|
||||
- notExists:
|
||||
path: spec.ingress
|
||||
|
||||
- it: Template networkPolicy 'default' with policyTypes, egress and ingress configuration
|
||||
- it: Template networkPolicy with policyTypes, egress and ingress configuration
|
||||
set:
|
||||
networkPolicies.enabled: true
|
||||
networkPolicies.default.enabled: true
|
||||
networkPolicies.default.policyTypes:
|
||||
networkPolicy.enabled: true
|
||||
networkPolicy.policyTypes:
|
||||
- Egress
|
||||
- Ingress
|
||||
networkPolicies.default.ingress:
|
||||
networkPolicy.ingress:
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: khv-production
|
||||
kubernetes.io/metadata.name: monitoring
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: prometheus
|
||||
networkPolicies.default.egress:
|
||||
networkPolicy.egress:
|
||||
- to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: database
|
||||
kubernetes.io/metadata.name: ingress-nginx
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: oracle
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.policyTypes
|
||||
@@ -102,17 +82,17 @@ tests:
|
||||
- to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: database
|
||||
kubernetes.io/metadata.name: ingress-nginx
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: oracle
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
- equal:
|
||||
path: spec.ingress
|
||||
value:
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: khv-production
|
||||
kubernetes.io/metadata.name: monitoring
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: prometheus
|
@@ -6,7 +6,7 @@ release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/persistentVolumeClaim.yaml
|
||||
- templates/persistentVolumeClaim.yaml
|
||||
tests:
|
||||
- it: Rendering default
|
||||
asserts:
|
||||
|
@@ -6,16 +6,24 @@ release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/secretEnv.yaml
|
||||
- templates/secretEnv.yaml
|
||||
tests:
|
||||
- it: Skip rendering by default
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Skip rendering by using existing secret.
|
||||
set:
|
||||
config.env.enabled: true
|
||||
config.env.existingSecret.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Rendering env secret with default values.
|
||||
set:
|
||||
config.env.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
@@ -39,6 +47,7 @@ tests:
|
||||
|
||||
- it: Rendering env secret with custom values.
|
||||
set:
|
||||
config.env.enabled: true
|
||||
config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token
|
||||
asserts:
|
||||
- isSubset:
|
||||
@@ -48,6 +57,7 @@ tests:
|
||||
|
||||
- it: Rendering custom annotations and labels.
|
||||
set:
|
||||
config.env.enabled: true
|
||||
config.env.secret.annotations:
|
||||
foo: bar
|
||||
bar: foo
|
||||
|
@@ -6,7 +6,7 @@ release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/secretNetRC.yaml
|
||||
- templates/secretNetRC.yaml
|
||||
tests:
|
||||
- it: Skip rendering by default
|
||||
asserts:
|
||||
|
@@ -6,16 +6,24 @@ release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/secretSSH.yaml
|
||||
- templates/secretSSH.yaml
|
||||
tests:
|
||||
- it: Skip rending by default.
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Skip rendering by using existing secret.
|
||||
set:
|
||||
config.ssh.enabled: true
|
||||
config.ssh.existingSecret.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Rendering ssh secret with default values.
|
||||
set:
|
||||
config.ssh.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
@@ -51,6 +59,7 @@ tests:
|
||||
|
||||
- it: Rendering ssh secret with custom values.
|
||||
set:
|
||||
config.ssh.enabled: true
|
||||
config.ssh.secret.config: |
|
||||
Host *
|
||||
IdentityFile ~/.ssh/id_ed25519
|
||||
@@ -90,6 +99,7 @@ tests:
|
||||
|
||||
- it: Rendering custom annotations and labels.
|
||||
set:
|
||||
config.ssh.enabled: true
|
||||
config.ssh.secret.annotations:
|
||||
foo: bar
|
||||
bar: foo
|
||||
|
@@ -6,7 +6,7 @@ release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/serviceAccount.yaml
|
||||
- templates/serviceAccount.yaml
|
||||
tests:
|
||||
- it: Skip rendering.
|
||||
set:
|
||||
|
@@ -6,7 +6,7 @@ release:
|
||||
name: athens-proxy-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/athens-proxy/serviceHTTP.yaml
|
||||
- templates/serviceHTTP.yaml
|
||||
tests:
|
||||
- it: Skip service when disabled.
|
||||
set:
|
||||
|
45
values.yaml
45
values.yaml
@@ -8,6 +8,9 @@ fullnameOverride: ""
|
||||
## @section Configuration
|
||||
config:
|
||||
env:
|
||||
## @param config.env.enabled Enable mounting of the secret as environment variables.
|
||||
enabled: false
|
||||
|
||||
## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables.
|
||||
## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables.
|
||||
existingSecret:
|
||||
@@ -108,15 +111,15 @@ config:
|
||||
|
||||
## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file.
|
||||
## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file.
|
||||
## @param config.downloadMode.configMap.content The content of the download mode file.
|
||||
## @skip config.downloadMode.configMap.content The content of the download mode file.
|
||||
configMap:
|
||||
annotations: {}
|
||||
labels: {}
|
||||
content: |
|
||||
# downloadURL = "https://proxy.golang.org"
|
||||
#
|
||||
# mode = "async_redirect"
|
||||
#
|
||||
downloadURL = "https://proxy.golang.org"
|
||||
|
||||
mode = "async_redirect"
|
||||
|
||||
# download "github.com/gomods/*" {
|
||||
# mode = "sync"
|
||||
# }
|
||||
@@ -127,7 +130,7 @@ config:
|
||||
#
|
||||
# download "github.com/pkg/*" {
|
||||
# mode = "redirect"
|
||||
# downloadURL = "https://gocenter.io"
|
||||
# downloadURL = "https://proxy.golang.org"
|
||||
# }
|
||||
|
||||
gitConfig:
|
||||
@@ -144,7 +147,7 @@ config:
|
||||
|
||||
## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the .gitconfig file.
|
||||
## @param config.gitConfig.configMap.labels Additional labels of the config map containing the .gitconfig file.
|
||||
## @param config.gitConfig.configMap.content The content of the .gitconfig file.
|
||||
## @skip config.gitConfig.configMap.content The content of the .gitconfig file.
|
||||
configMap:
|
||||
annotations: {}
|
||||
labels: {}
|
||||
@@ -170,7 +173,7 @@ config:
|
||||
|
||||
## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials.
|
||||
## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials.
|
||||
## @param config.netrc.secret.content The content of the .netrc file.
|
||||
## @skip config.netrc.secret.content The content of the .netrc file.
|
||||
secret:
|
||||
annotations: {}
|
||||
labels: {}
|
||||
@@ -210,7 +213,7 @@ config:
|
||||
|
||||
## @param config.ssh.secret.annotations Additional annotations of the secret containing the public and private SSH key files.
|
||||
## @param config.ssh.secret.labels Additional labels of the secret containing the public and private SSH key files.
|
||||
## @param config.ssh.secret.config The content of the SSH client config file.
|
||||
## @skip config.ssh.secret.config The content of the SSH client config file.
|
||||
## @skip config.ssh.secret.id_ed25519 The content of the private SSH ed25519 key.
|
||||
## @skip config.ssh.secret.id_ed25519_pub The content of the public SSH ed25519 key.
|
||||
## @skip config.ssh.secret.id_rsa The content of the private SSH RSA key.
|
||||
@@ -497,20 +500,16 @@ persistence:
|
||||
storageClass: ""
|
||||
storageSize: "5Gi"
|
||||
|
||||
## @section NetworkPolicies
|
||||
## @param networkPolicies.enabled Enable network policies in general.
|
||||
networkPolicies:
|
||||
enabled: false
|
||||
|
||||
## @param networkPolicies.default.enabled Enable the network policy for accessing the application by default. For example to scape the metrics.
|
||||
## @param networkPolicies.default.annotations Additional network policy annotations.
|
||||
## @param networkPolicies.default.labels Additional network policy labels.
|
||||
## @param networkPolicies.default.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
|
||||
## @param networkPolicies.default.egress Concrete egress network policy implementation.
|
||||
## @skip networkPolicies.default.egress Skip individual egress configuration.
|
||||
## @param networkPolicies.default.ingress Concrete ingress network policy implementation.
|
||||
## @skip networkPolicies.default.ingress Skip individual ingress configuration.
|
||||
default:
|
||||
## @section Network Policy
|
||||
networkPolicy:
|
||||
## @param networkPolicy.enabled Enable network policies in general.
|
||||
## @param networkPolicy.annotations Additional network policy annotations.
|
||||
## @param networkPolicy.labels Additional network policy labels.
|
||||
## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
|
||||
## @param networkPolicy.egress Concrete egress network policy implementation.
|
||||
## @skip networkPolicy.egress Skip individual egress configuration.
|
||||
## @param networkPolicy.ingress Concrete ingress network policy implementation.
|
||||
## @skip networkPolicy.ingress Skip individual ingress configuration.
|
||||
enabled: false
|
||||
annotations: {}
|
||||
labels: {}
|
||||
|
Reference in New Issue
Block a user