You've already forked athens-proxy-charts
							
							Compare commits
	
		
			17 Commits
		
	
	
		
			5f78a0f071
			...
			1.0.1
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 3bce806ed6 | |||
| 5c09cf8c79 | |||
| d4b5c0c86f | |||
| 74598b4ee0 | |||
| b06c1962cc | |||
| 991c545c93 | |||
| 7c60c70244 | |||
| 0e048cdf4b | |||
| 89604cbe64 | |||
| f63450aec4 | |||
| d1e5accccb | |||
| fbd846784c | |||
| bab5282617 | |||
| 307660c767 | |||
| 59b43aac79 | |||
| 85a38e7d22 | |||
| 2005fb8e05 | 
| @@ -46,18 +46,7 @@ jobs: | ||||
|           CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} | ||||
|           CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }} | ||||
|           CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }} | ||||
|  | ||||
|           GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} | ||||
|           GITEA_SERVER_URL: ${{ github.server_url }} | ||||
|         run: | | ||||
|           PACKAGE_VERSION=${GITHUB_REF#refs/tags/} | ||||
|           REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2) | ||||
|           REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1) | ||||
|  | ||||
|           helm dependency build | ||||
|           helm package --version "${PACKAGE_VERSION}" ./ | ||||
|  | ||||
|           # chart-museum | ||||
|           helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY} | ||||
|           helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum | ||||
|           helm repo remove chartmuseum | ||||
|   | ||||
							
								
								
									
										8
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										8
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
								
							| @@ -1,8 +0,0 @@ | ||||
| { | ||||
|   "yaml.schemas": { | ||||
|     "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [ | ||||
|       "/unittests/**/*.yaml" | ||||
|     ] | ||||
|   }, | ||||
|   "yaml.schemaStore.enable": true | ||||
| } | ||||
| @@ -3,7 +3,7 @@ annotations: | ||||
|     - name: Athens proxy (binary) | ||||
|       url: https://github.com/gomods/athens | ||||
|     - name: support | ||||
|       url: https://git.cryptic.systems/volker.raschek/athens-proxy/issues | ||||
|       url: https://git.cryptic.systems/volker.raschek/athens-proxy-charts/issues | ||||
| apiVersion: v2 | ||||
| name: athens-proxy | ||||
| description: Athens proxy server for golang | ||||
| @@ -22,7 +22,3 @@ sources: | ||||
| - https://github.com/volker-raschek/athens-proxy-charts | ||||
| - https://github.com/gomods/athens | ||||
| - https://hub.docker.com/r/gomods/athens | ||||
|  | ||||
| maintainers: | ||||
| - name: Markus Pesch | ||||
|   email: markus.pesch+apps@cryptic.systems | ||||
|   | ||||
							
								
								
									
										2
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										2
									
								
								Makefile
									
									
									
									
									
								
							| @@ -4,7 +4,7 @@ CONTAINER_RUNTIME?=$(shell which podman) | ||||
| # HELM_IMAGE | ||||
| HELM_IMAGE_REGISTRY_HOST?=docker.io | ||||
| HELM_IMAGE_REPOSITORY?=volkerraschek/helm | ||||
| HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm | ||||
| HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm | ||||
| HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION} | ||||
|  | ||||
| # NODE_IMAGE | ||||
|   | ||||
							
								
								
									
										328
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										328
									
								
								README.md
									
									
									
									
									
								
							| @@ -2,167 +2,174 @@ | ||||
|  | ||||
| [](https://artifacthub.io/packages/search?repo=volker-raschek) | ||||
|  | ||||
| This is an inofficial helm chart of the go-proxy | ||||
| [athens](https://github.com/gomods/athens) which supports more complex | ||||
| configuration options. | ||||
| > [!NOTE] | ||||
| > This is not the official helm chart of Athens Go Proxy. If you are looking for the official helm chart, checkout the | ||||
| > GitHub project [gomods/athens-charts](https://github.com/gomods/athens-charts). | ||||
|  | ||||
| This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and | ||||
| can be installed via helm. | ||||
| This helm chart enables the deployment of [Athens Go Proxy](https://github.com/gomods/athens), a module datastore and | ||||
| proxy for Golang. | ||||
|  | ||||
| The helm chart supports the individual configuration of additional containers/initContainers, mounting of volumes, | ||||
| defining additional environment variables and much more. | ||||
|  | ||||
| Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure | ||||
| helm and use it to deploy the exporter. It also contains further configuration examples. | ||||
|  | ||||
| Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this | ||||
| helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the | ||||
| *[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)* | ||||
| concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a | ||||
| separate [chapter](#argocd). | ||||
|  | ||||
| ## Helm: configuration and installation | ||||
|  | ||||
| 1. A helm chart repository must be configured, to pull the helm charts from. | ||||
| 2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm | ||||
|    `--set` flag or directly as part of a `values.yaml` file. The following example defines the repository and use the | ||||
|    `--set` flag for a basic deployment. | ||||
|  | ||||
| ```bash | ||||
| helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek | ||||
| helm repo update | ||||
| helm install athens-proxy volker.raschek/athens-proxy | ||||
| ``` | ||||
|  | ||||
| ## Customization | ||||
| Instead of passing all parameters via the *set* flag, it is also possible to define them as part of the `values.yaml`. | ||||
| The following command downloads the `values.yaml` for a specific version of this chart. Please keep in mind, that the | ||||
| version of the chart must be in sync with the `values.yaml`. Newer *minor* versions can have new features. New *major* | ||||
| versions can break something! | ||||
|  | ||||
| The complete deployment can be adapted via the `values.yaml` files. The | ||||
| configuration of the proxy can be done via the environment variables described | ||||
| below or via mounting the config.toml as additional persistent volume to | ||||
| `/config/config.toml` | ||||
|  | ||||
| ## Access private repositories via SSH | ||||
|  | ||||
| Create a `configmap.yaml` with multiple keys. One key describe the content of | ||||
| the `.gitconfig` file and another of `config` of the ssh client. All requests | ||||
| Git clone comands with the prefix `http://github.com/` will be replaced by | ||||
| `git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a | ||||
| separate secret. | ||||
|  | ||||
| ```yaml | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: custom-configs | ||||
| data: | ||||
|   sshconfig: | | ||||
|     Host github.com | ||||
|       IdentityFile /root/.ssh/id_ed25519 | ||||
|       StrictHostKeyChecking no | ||||
|   gitconfig: | | ||||
|     [url "git@github.com:"] | ||||
|       insteadOf = https://github.com/ | ||||
| ```bash | ||||
| CHART_VERSION=1.0.0 | ||||
| helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml | ||||
| ``` | ||||
|  | ||||
| The secret definition below contains the SSH private and public key. | ||||
| A complete list of available helm chart versions can be displayed via the following command: | ||||
|  | ||||
| ```yaml | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: custom-ssh-keys | ||||
| type: Opaque | ||||
| stringData: | ||||
|   id_ed25519: | | ||||
|     -----BEGIN OPENSSH PRIVATE KEY----- | ||||
|     b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW | ||||
|     QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj | ||||
|     XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg | ||||
|     AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M | ||||
|     a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ== | ||||
|     -----END OPENSSH PRIVATE KEY----- | ||||
|   id_ed25519.pub: | | ||||
|     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe | ||||
| ```bash | ||||
| helm search repo reposilite --versions | ||||
| ``` | ||||
|  | ||||
| The item `config` of the configmap will be merged with the items of the secret | ||||
| as virtual volume. This volume can than be mounted with special permissions | ||||
| required for the ssh client. | ||||
| The helm chart also contains a persistent volume claim definition. It persistent volume claim is not enabled by default. | ||||
| Use the `--set` argument to persist your data. | ||||
|  | ||||
| ```yaml | ||||
| extraVolumes: | ||||
| - name: ssh | ||||
|   projected: | ||||
|     defaultMode: 0644 | ||||
|     sources: | ||||
|     - configMap: | ||||
|         name: custom-configs | ||||
|         items: | ||||
|         - key: sshconfig | ||||
|           path: config | ||||
|     - secret: | ||||
|         name: custom-ssh-keys | ||||
|         items: | ||||
|         - key: id_ed25519 | ||||
|           path: id_ed25519 | ||||
|           mode: 0600 | ||||
|         - key: id_ed25519.pub | ||||
|           path: id_ed25519.pub | ||||
| - name: gitconfig | ||||
|   configMap: | ||||
|     name: custom-configs | ||||
|     items: | ||||
|     - key: gitconfig | ||||
|       path: config | ||||
|       mode: 0644 | ||||
|  | ||||
| extraVolumeMounts: | ||||
| - name: ssh | ||||
|   mountPath: /root/.ssh | ||||
| - name: gitconfig | ||||
|   mountPath: /root/.config/git | ||||
| ```bash | ||||
| CHART_VERSION=1.0.0 | ||||
| helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||
|   persistence.enabled=true | ||||
| ``` | ||||
|  | ||||
| ## Access private GitHub.com repositories via developer token | ||||
| ### Examples | ||||
|  | ||||
| Another way to access private GitHub repositories is via a GitHub token, which | ||||
| can be set via the environment variable `GITHUB_TOKEN`. Athens automatically | ||||
| creates a `.netrc` file to access private GitHub repositories. | ||||
| The following examples serve as individual configurations and as inspiration for how deployment problems can be solved. | ||||
|  | ||||
| ## Access private repositories via .netrc configuration | ||||
| #### Avoid CPU throttling by defining a CPU limit | ||||
|  | ||||
| As describe above, a `.netrc` file is responsible for the authentication via | ||||
| HTTP. The file can also be defined via a custom secret and mounted into the home | ||||
| directory of `root` for general authentication purpose. | ||||
| If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the | ||||
| application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but | ||||
| cannot use the available CPU time to perform computing operations. | ||||
|  | ||||
| The example below describe the definition and mounting of a custom `.netrc` file | ||||
| to access private repositories hosted on GitHub and GitLab. | ||||
| The application must be informed that despite several CPUs only a part (limit) of the available computing time is | ||||
| available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way | ||||
| of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS | ||||
| rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling. | ||||
|  | ||||
| ```yaml | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: custom-netrc | ||||
| type: Opaque | ||||
| stringData: | ||||
|   netrc: | | ||||
|     machine github.com login USERNAME password API-KEY | ||||
|     machine gitlab.com login USERNAME password API-KEY | ||||
| Further information about this topic can be found in one of Kanishk's blog | ||||
| [posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/). | ||||
|  | ||||
| > [!NOTE] | ||||
| > The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is | ||||
| > not anymore required. | ||||
| > | ||||
| > Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully. | ||||
|  | ||||
| ```bash | ||||
| CHART_VERSION=1.0.0 | ||||
| helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \ | ||||
|   --set 'deployment.athensProxy.env.name=GOMAXPROCS' \ | ||||
|   --set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \ | ||||
|   --set 'deployment.athensProxy.resources.limits.cpu=1000m' | ||||
| ``` | ||||
|  | ||||
| The file must then be mounted via extraVolumes and extraVolumeMounts. | ||||
| #### Network policies | ||||
|  | ||||
| Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom | ||||
| network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`. | ||||
|  | ||||
| The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming | ||||
| traffic from an ingress controller. Additionally two egress rules are defined. The first one to allow the application | ||||
| outgoing access to the internal running DNS server `core-dns`. The second rule to be able to access the upstream Go | ||||
| proxy `https://proxy.golang.org` via HTTPS. | ||||
|  | ||||
| > [!IMPORTANT] | ||||
| > Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For | ||||
| > this reason, there is are not default network policy rules defined. | ||||
|  | ||||
| ```yaml | ||||
| extraVolumes: | ||||
| - name: netrc | ||||
|   secret: | ||||
|     secretName: custom-netrc | ||||
|     items: | ||||
|     - key: netrc | ||||
|       path: .netrc | ||||
|       mode: 0600 | ||||
| networkPolicies: | ||||
|   enabled: true | ||||
|   annotations: {} | ||||
|   labels: {} | ||||
|   policyTypes: | ||||
|   - Egress | ||||
|   - Ingress | ||||
|   egress: | ||||
|   - to: | ||||
|     - namespaceSelector: | ||||
|         matchLabels: | ||||
|           kubernetes.io/metadata.name: kube-system | ||||
|       podSelector: | ||||
|         matchLabels: | ||||
|           k8s-app: kube-dns | ||||
|     ports: | ||||
|     - port: 53 | ||||
|       protocol: TCP | ||||
|     - port: 53 | ||||
|       protocol: UDP | ||||
|   - ports: | ||||
|     - port: 443 | ||||
|       protocol: TCP | ||||
|  | ||||
| extraVolumeMounts: | ||||
| - name: netrc | ||||
|   mountPath: /root | ||||
|   ingress: | ||||
|   - from: | ||||
|     - namespaceSelector: | ||||
|         matchLabels: | ||||
|           kubernetes.io/metadata.name: ingress-nginx | ||||
|       podSelector: | ||||
|         matchLabels: | ||||
|           app.kubernetes.io/name: ingress-nginx | ||||
|     ports: | ||||
|     - port: http | ||||
|       protocol: TCP | ||||
| ``` | ||||
|  | ||||
| ## Persistent storage | ||||
| ## ArgoCD | ||||
|  | ||||
| Unlike the athens default, the default here is `disk` - i.e. the files are | ||||
| written to the container. Therefore, it is advisable to outsource the | ||||
| corresponding storage location to persistent storage. The following example | ||||
| describes the integration of a persistent storage claim. | ||||
| ### Daily execution of rolling updates | ||||
|  | ||||
| ```yaml | ||||
| extraVolumes: | ||||
| - name: gomodules | ||||
|   persistentVolumeClaim: | ||||
|     claimName: custom-gomodules-pvc | ||||
| The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in | ||||
| connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll | ||||
| Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments). | ||||
|  | ||||
| extraVolumeMounts: | ||||
| - name: gomodules | ||||
|   mountPath: /var/lib/athens | ||||
| The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the | ||||
| content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version, | ||||
| Helm render order, different timestamps). | ||||
|  | ||||
| This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this | ||||
| can lead to unnecessary notifications from ArgoCD. | ||||
|  | ||||
| To avoid this, the annotation with the shasum must be ignored. Below is a diff that adds the `Application` to ignore all | ||||
| annotations with the prefix `checksum`. | ||||
|  | ||||
| ```diff | ||||
|   apiVersion: argoproj.io/v1alpha1 | ||||
|   kind: Application | ||||
|   spec: | ||||
| +   ignoreDifferences: | ||||
| +   - group: apps/v1 | ||||
| +     kind: Deployment | ||||
| +     jqPathExpressions: | ||||
| +     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))' | ||||
| ``` | ||||
|  | ||||
| ## Parameters | ||||
| @@ -177,7 +184,8 @@ extraVolumeMounts: | ||||
| ### Configuration | ||||
|  | ||||
| | Name                                                    | Description                                                                                                                                       | Value            | | ||||
| | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||||
| | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | | ||||
| | `config.env.enabled`                                    | Enable mounting of the secret as environment variables.                                                                                           | `false`          | | ||||
| | `config.env.existingSecret.enabled`                     | Mount an existing secret containing the application specific environment variables.                                                               | `false`          | | ||||
| | `config.env.existingSecret.secretName`                  | Name of the existing secret containing the application specific environment variables.                                                            | `""`             | | ||||
| | `config.env.secret.annotations`                         | Additional annotations of the secret containing the database credentials.                                                                         | `{}`             | | ||||
| @@ -189,55 +197,18 @@ extraVolumeMounts: | ||||
| | `config.downloadMode.existingConfigMap.downloadModeKey` | The name of the key inside the config map where the content of the download mode file is stored.                                                  | `downloadMode`   | | ||||
| | `config.downloadMode.configMap.annotations`             | Additional annotations of the config map containing the download mode file.                                                                       | `{}`             | | ||||
| | `config.downloadMode.configMap.labels`                  | Additional labels of the config map containing the download mode file.                                                                            | `{}`             | | ||||
| | `config.downloadMode.configMap.content`                 | The content of the download mode file.                                                                                                            | `# downloadURL = "https://proxy.golang.org" | ||||
| # | ||||
| # mode = "async_redirect" | ||||
| # | ||||
| # download "github.com/gomods/*" { | ||||
| #     mode = "sync" | ||||
| # } | ||||
| # | ||||
| # download "golang.org/x/*" { | ||||
| #     mode = "none" | ||||
| # } | ||||
| # | ||||
| # download "github.com/pkg/*" { | ||||
| #     mode = "redirect" | ||||
| #     downloadURL = "https://gocenter.io" | ||||
| # } | ||||
| `                                                                                                                                                                                                                                                                                                                                                                          | | ||||
| | `config.gitConfig.enabled`                              | Enable mounting of a .gitconfig file into the container file system.                                                                              | `false`          | | ||||
| | `config.gitConfig.existingConfigMap.enabled`            | Enable to use an external config map for mounting the .gitconfig file.                                                                            | `false`          | | ||||
| | `config.gitConfig.existingConfigMap.configMapName`      | The name of the existing config map which should be used to mount the .gitconfig file.                                                            | `""`             | | ||||
| | `config.gitConfig.existingConfigMap.gitConfigKey`       | The name of the key inside the config map where the content of the .gitconfig file is stored.                                                     | `nil`            | | ||||
| | `config.gitConfig.configMap.annotations`                | Additional annotations of the config map containing the .gitconfig file.                                                                          | `{}`             | | ||||
| | `config.gitConfig.configMap.labels`                     | Additional labels of the config map containing the .gitconfig file.                                                                               | `{}`             | | ||||
| | `config.gitConfig.configMap.content`                    | The content of the .gitconfig file.                                                                                                               | `# The .gitconfig file | ||||
| # | ||||
| # The .gitconfig file contains the user specific git configuration. It generally resides in the user's home | ||||
| # directory. | ||||
| # | ||||
| # [url "git@github.com:"] insteadOf = https://github.com/ | ||||
| `                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | | ||||
| | `config.netrc.enabled`                                  | Enable mounting of a .netrc file into the container file system.                                                                                  | `false`          | | ||||
| | `config.netrc.existingSecret.enabled`                   | Enable to use an external secret for mounting the .netrc file.                                                                                    | `false`          | | ||||
| | `config.netrc.existingSecret.secretName`                | The name of the existing secret which should be used to mount the .netrc file.                                                                    | `""`             | | ||||
| | `config.netrc.existingSecret.netrcKey`                  | The name of the key inside the secret where the content of the .netrc file is stored.                                                             | `.netrc`         | | ||||
| | `config.netrc.secret.annotations`                       | Additional annotations of the secret containing the database credentials.                                                                         | `{}`             | | ||||
| | `config.netrc.secret.labels`                            | Additional labels of the secret containing the database credentials.                                                                              | `{}`             | | ||||
| | `config.netrc.secret.content`                           | The content of the .netrc file.                                                                                                                   | `# The .netrc file | ||||
| # | ||||
| # The .netrc file contains login and initialization information used by the auto-login process. It generally | ||||
| # resides in the user's home directory, but a location outside of the home directory can be set using the | ||||
| # environment variable NETRC. Both locations are overridden by the command line option -N. The selected file | ||||
| # must be a regular file, or access will be denied. | ||||
| # | ||||
| # https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html | ||||
| # | ||||
| # default login           [name]     password  [password/token] | ||||
| # machine github.com      [octocat]  password  [PAT] | ||||
| # machine api.github.com  [octocat]  password  [PAT] | ||||
| ` | | ||||
| | `config.ssh.enabled`                                    | Enable mounting of a .netrc file into the container file system.                                                                                  | `false`          | | ||||
| | `config.ssh.existingSecret.enabled`                     | Enable to use an external secret for mounting the public and private SSH key files.                                                               | `false`          | | ||||
| | `config.ssh.existingSecret.secretName`                  | The name of the existing secret which should be used to mount the public and private SSH key files.                                               | `""`             | | ||||
| @@ -248,10 +219,6 @@ extraVolumeMounts: | ||||
| | `config.ssh.existingSecret.id_rsaPubKey`                | The name of the key inside the secret where the content of the id_ed25519.pub key file is stored.                                                 | `id_rsa.pub`     | | ||||
| | `config.ssh.secret.annotations`                         | Additional annotations of the secret containing the public and private SSH key files.                                                             | `{}`             | | ||||
| | `config.ssh.secret.labels`                              | Additional labels of the secret containing the public and private SSH key files.                                                                  | `{}`             | | ||||
| | `config.ssh.secret.config`                              | The content of the SSH client config file.                                                                                                        | `# Host * | ||||
| #   IdentityFile ~/.ssh/id_ed25519 | ||||
| #   IdentityFile ~/.ssh/id_rsa | ||||
| `                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | | ||||
|  | ||||
| ### Deployment | ||||
|  | ||||
| @@ -328,17 +295,16 @@ extraVolumeMounts: | ||||
| | `persistence.data.persistentVolumeClaim.storageClass`                      | Storage class of the persistent volume claim.                                                                                                                                                                           | `""`                         | | ||||
| | `persistence.data.persistentVolumeClaim.storageSize`                       | Size of the persistent volume claim.                                                                                                                                                                                    | `5Gi`                        | | ||||
|  | ||||
| ### NetworkPolicies | ||||
| ### Network Policy | ||||
|  | ||||
| | Name                        | Description                                                               | Value   | | ||||
| | ------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------- | | ||||
| | `networkPolicies.enabled`             | Enable network policies in general.                                                                   | `false` | | ||||
| | `networkPolicies.default.enabled`     | Enable the network policy for accessing the application by default. For example to scape the metrics. | `false` | | ||||
| | `networkPolicies.default.annotations` | Additional network policy annotations.                                                                | `{}`    | | ||||
| | `networkPolicies.default.labels`      | Additional network policy labels.                                                                     | `{}`    | | ||||
| | `networkPolicies.default.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress.                             | `[]`    | | ||||
| | `networkPolicies.default.egress`      | Concrete egress network policy implementation.                                                        | `[]`    | | ||||
| | `networkPolicies.default.ingress`     | Concrete ingress network policy implementation.                                                       | `[]`    | | ||||
| | --------------------------- | ------------------------------------------------------------------------- | ------- | | ||||
| | `networkPolicy.enabled`     | Enable network policies in general.                                       | `false` | | ||||
| | `networkPolicy.annotations` | Additional network policy annotations.                                    | `{}`    | | ||||
| | `networkPolicy.labels`      | Additional network policy labels.                                         | `{}`    | | ||||
| | `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]`    | | ||||
| | `networkPolicy.egress`      | Concrete egress network policy implementation.                            | `[]`    | | ||||
| | `networkPolicy.ingress`     | Concrete ingress network policy implementation.                           | `[]`    | | ||||
|  | ||||
| ### Service | ||||
|  | ||||
|   | ||||
| @@ -9,6 +9,7 @@ | ||||
|   ], | ||||
|   "customManagers": [ | ||||
|     { | ||||
|       "customType": "regex", | ||||
|       "fileMatch": [ | ||||
|         "^Chart\\.yaml$" | ||||
|       ], | ||||
| @@ -21,6 +22,7 @@ | ||||
|       "versioningTemplate": "semver" | ||||
|     }, | ||||
|     { | ||||
|       "customType": "regex", | ||||
|       "fileMatch": ["^README\\.md$"], | ||||
|       "matchStrings": [ | ||||
|         "VERSION=(?<currentValue>.*)" | ||||
| @@ -32,6 +34,20 @@ | ||||
|     } | ||||
|   ], | ||||
|   "packageRules": [ | ||||
|     { | ||||
|       "groupName": "Update docker.io/volkerraschek/helm", | ||||
|       "matchDepNames": [ | ||||
|         "docker.io/volkerraschek/helm", | ||||
|         "volkerraschek/helm" | ||||
|       ] | ||||
|     }, | ||||
|     { | ||||
|       "groupName": "Update docker.io/library/node", | ||||
|       "matchDepNames": [ | ||||
|         "docker.io/library/node", | ||||
|         "library/node" | ||||
|       ] | ||||
|     }, | ||||
|     { | ||||
|       "addLabels": [ | ||||
|         "renovate/automerge", | ||||
|   | ||||
| @@ -34,6 +34,18 @@ | ||||
| {{/* envFrom */}} | ||||
| 
 | ||||
| {{- define "athens-proxy.deployment.envFrom" -}} | ||||
| {{- $envFrom := .Values.deployment.athensProxy.envFrom | default (list) }} | ||||
| 
 | ||||
| {{- if .Values.config.env.enabled }} | ||||
| {{- $secretName := include "athens-proxy.secrets.env.name" $ }} | ||||
| {{- if and .Values.config.env.existingSecret.enabled (gt (len .Values.config.env.existingSecret.secretName) 0)}} | ||||
| {{- $secretName = .Values.config.env.existingSecret.secretName }} | ||||
| {{- end }} | ||||
| {{- $envFrom = concat $envFrom (list (dict "secretRef" (dict "name" $secretName))) }} | ||||
| {{- end }} | ||||
| 
 | ||||
| {{ toYaml (dict "envFrom" $envFrom) }} | ||||
| 
 | ||||
| {{- end -}} | ||||
| 
 | ||||
| {{/* image */}} | ||||
| @@ -42,7 +54,7 @@ | ||||
| {{- $registry := .Values.deployment.athensProxy.image.registry -}} | ||||
| {{- $repository := .Values.deployment.athensProxy.image.repository -}} | ||||
| {{- $tag := default .Chart.AppVersion .Values.deployment.athensProxy.image.tag -}} | ||||
| {{- printf "%s/%s:v%s" $registry $repository $tag -}} | ||||
| {{- printf "%s/%s:%s" $registry $repository $tag -}} | ||||
| {{- end -}} | ||||
| 
 | ||||
| {{/* labels */}} | ||||
							
								
								
									
										19
									
								
								templates/_networkPolicy.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								templates/_networkPolicy.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | ||||
| {{/* vim: set filetype=mustache: */}} | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.networkPolicy.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" . }} | ||||
| {{- if .Values.networkPolicy.annotations }} | ||||
| {{ toYaml .Values.networkPolicy.annotations }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "athens-proxy.networkPolicy.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{- if .Values.networkPolicy.labels }} | ||||
| {{ toYaml .Values.networkPolicy.labels }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
							
								
								
									
										34
									
								
								templates/_pod.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										34
									
								
								templates/_pod.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,34 @@ | ||||
| --- | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.pod.annotations" }} | ||||
| {{- include "athens-proxy.annotations" . }} | ||||
| {{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }} | ||||
| {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }} | ||||
| {{- end }} | ||||
| {{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }} | ||||
| {{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }} | ||||
| {{- end }} | ||||
| {{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }} | ||||
| {{ printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }} | ||||
| {{- end }} | ||||
| {{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }} | ||||
| {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }} | ||||
| {{- end }} | ||||
| {{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }} | ||||
| {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
|  | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "athens-proxy.pod.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- define "athens-proxy.pod.selectorLabels" -}} | ||||
| {{ include "athens-proxy.selectorLabels" . }} | ||||
| {{- end }} | ||||
| @@ -1,19 +0,0 @@ | ||||
| {{/* vim: set filetype=mustache: */}} | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.networkPolicies.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" .context }} | ||||
| {{- if .networkPolicy.annotations }} | ||||
| {{ toYaml .networkPolicy.annotations }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "athens-proxy.networkPolicies.labels" -}} | ||||
| {{ include "athens-proxy.labels" .context }} | ||||
| {{- if .networkPolicy.labels }} | ||||
| {{ toYaml .networkPolicy.labels }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
| @@ -1,17 +0,0 @@ | ||||
| --- | ||||
|  | ||||
| {{/* annotations */}} | ||||
|  | ||||
| {{- define "athens-proxy.pod.annotations" -}} | ||||
| {{ include "athens-proxy.annotations" . }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "athens-proxy.pod.labels" -}} | ||||
| {{ include "athens-proxy.labels" . }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- define "athens-proxy.pod.selectorLabels" -}} | ||||
| {{ include "athens-proxy.selectorLabels" . }} | ||||
| {{- end }} | ||||
| @@ -1,36 +0,0 @@ | ||||
| {{- if .Values.networkPolicies.enabled }} | ||||
| {{- range $key, $value := .Values.networkPolicies -}} | ||||
| {{- if and (not (eq $key "enabled")) $value.enabled }} | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: NetworkPolicy | ||||
| metadata: | ||||
|   {{- with (include "athens-proxy.networkPolicies.annotations" (dict "networkPolicy" $value "context" $) | fromYaml) }} | ||||
|   annotations: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- with (include "athens-proxy.networkPolicies.labels" (dict "networkPolicy" $value "context" $) | fromYaml) }} | ||||
|   labels: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ printf "%s-%s" (include "athens-proxy.fullname" $ ) $key }} | ||||
|   namespace: {{ $.Release.Namespace }} | ||||
| spec: | ||||
|   podSelector: | ||||
|     matchLabels: | ||||
|       {{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }} | ||||
|   {{- with $value.policyTypes }} | ||||
|   policyTypes: | ||||
|   {{- toYaml . | nindent 2 }} | ||||
|   {{- end }} | ||||
|   {{- with $value.egress }} | ||||
|   egress: | ||||
|   {{- toYaml . | nindent 2 }} | ||||
|   {{- end }} | ||||
|   {{- with $value.ingress }} | ||||
|   ingress: | ||||
|   {{- toYaml . | nindent 2 }} | ||||
|   {{- end }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
| @@ -1,4 +1,4 @@ | ||||
| {{- if not .Values.config.downloadMode.existingConfigMap.enabled }} | ||||
| {{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| @@ -1,4 +1,4 @@ | ||||
| {{- if not .Values.config.gitConfig.existingConfigMap.enabled }} | ||||
| {{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
							
								
								
									
										32
									
								
								templates/networkPolicy.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								templates/networkPolicy.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,32 @@ | ||||
| {{- if .Values.networkPolicy.enabled }} | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: NetworkPolicy | ||||
| metadata: | ||||
|   {{- with (include "athens-proxy.networkPolicy.annotations" . | fromYaml) }} | ||||
|   annotations: | ||||
|     {{- tpl (toYaml .) $ | nindent 4 }} | ||||
|   {{- end }} | ||||
|   {{- with (include "athens-proxy.networkPolicy.labels" . | fromYaml) }} | ||||
|   labels: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
|   name: {{ include "athens-proxy.fullname" . }} | ||||
|   namespace: {{ .Release.Namespace }} | ||||
| spec: | ||||
|   podSelector: | ||||
|     matchLabels: | ||||
|       {{- include "athens-proxy.pod.selectorLabels" $ | nindent 6 }} | ||||
|   {{- with .Values.networkPolicy.policyTypes }} | ||||
|   policyTypes: | ||||
|   {{- toYaml . | nindent 2 }} | ||||
|   {{- end }} | ||||
|   {{- with .Values.networkPolicy.egress }} | ||||
|   egress: | ||||
|   {{- toYaml . | nindent 2 }} | ||||
|   {{- end }} | ||||
|   {{- with .Values.networkPolicy.ingress }} | ||||
|   ingress: | ||||
|   {{- toYaml . | nindent 2 }} | ||||
|   {{- end }} | ||||
| {{- end }} | ||||
| @@ -1,4 +1,4 @@ | ||||
| {{- if not .Values.config.env.existingSecret.enabled }} | ||||
| {{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| @@ -1,4 +1,4 @@ | ||||
| {{- if not .Values.config.ssh.existingSecret.enabled }} | ||||
| {{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| @@ -6,16 +6,24 @@ release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/configMapDownloadMode.yaml | ||||
| - templates/configMapDownloadMode.yaml | ||||
| tests: | ||||
| - it: Skip rending by default. | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Skip rending by using existing config map. | ||||
|   set: | ||||
|     config.downloadMode.enabled: true | ||||
|     config.downloadMode.existingConfigMap.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Rendering by default. | ||||
| - it: Rendering with default values | ||||
|   set: | ||||
|     config.downloadMode.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
| @@ -37,10 +45,10 @@ tests: | ||||
|   - equal: | ||||
|       path: data.downloadMode | ||||
|       value: | | ||||
|         # downloadURL = "https://proxy.golang.org" | ||||
|         # | ||||
|         # mode = "async_redirect" | ||||
|         # | ||||
|         downloadURL = "https://proxy.golang.org" | ||||
|  | ||||
|         mode = "async_redirect" | ||||
|  | ||||
|         # download "github.com/gomods/*" { | ||||
|         #     mode = "sync" | ||||
|         # } | ||||
| @@ -51,11 +59,12 @@ tests: | ||||
|         # | ||||
|         # download "github.com/pkg/*" { | ||||
|         #     mode = "redirect" | ||||
|         #     downloadURL = "https://gocenter.io" | ||||
|         #     downloadURL = "https://proxy.golang.org" | ||||
|         # } | ||||
|  | ||||
| - it: Rendering custom annotations and labels. | ||||
|   set: | ||||
|     config.downloadMode.enabled: true | ||||
|     config.downloadMode.configMap.annotations: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
| @@ -76,6 +85,7 @@ tests: | ||||
|  | ||||
| - it: Rendering custom configuration | ||||
|   set: | ||||
|     config.downloadMode.enabled: true | ||||
|     config.downloadMode.configMap.content: | | ||||
|       downloadURL = "https://proxy.golang.org" | ||||
|       mode = "async_redirect" | ||||
|   | ||||
| @@ -6,16 +6,24 @@ release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/configMapGitConfig.yaml | ||||
| - templates/configMapGitConfig.yaml | ||||
| tests: | ||||
| - it: Skip rending by default. | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Skip rending by using existing config map. | ||||
|   set: | ||||
|     config.gitConfig.enabled: true | ||||
|     config.gitConfig.existingConfigMap.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Rendering by default. | ||||
|   set: | ||||
|     config.gitConfig.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
| @@ -46,6 +54,7 @@ tests: | ||||
|  | ||||
| - it: Rendering custom annotations and labels. | ||||
|   set: | ||||
|     config.gitConfig.enabled: true | ||||
|     config.gitConfig.configMap.annotations: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
| @@ -66,6 +75,7 @@ tests: | ||||
|  | ||||
| - it: Rendering custom configuration | ||||
|   set: | ||||
|     config.gitConfig.enabled: true | ||||
|     config.gitConfig.configMap.content: | | ||||
|       [url "git@github.com:"] | ||||
|       insteadOf = https://github.com/ | ||||
|   | ||||
| @@ -6,22 +6,22 @@ release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/deployment.yaml | ||||
| - templates/deployment.yaml | ||||
| tests: | ||||
| - it: Rendering default | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - containsDocument: | ||||
|       apiVersion: apps/v1 | ||||
|       kind: Deployment | ||||
|       name: athens-proxy-unittest | ||||
|       namespace: testing | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: metadata.annotations | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
| @@ -30,11 +30,11 @@ tests: | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.replicas | ||||
|       value: 1 | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.metadata.labels | ||||
|       value: | ||||
| @@ -43,74 +43,74 @@ tests: | ||||
|         app.kubernetes.io/name: athens-proxy | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: athens-proxy-0.1.0 | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.affinity | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.containers[0].args | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.containers[0].command | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.containers[0].envFrom | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.containers[0].volumeMounts | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.spec.containers[0].image | ||||
|       value: docker.io/gomods/athens:v0.1.0 | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|       value: docker.io/gomods/athens:0.1.0 | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.spec.containers[0].imagePullPolicy | ||||
|       value: IfNotPresent | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.containers[0].resources | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.containers[0].securityContext | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.dnsConfig | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.dnsPolicy | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.hostname | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.spec.hostNetwork | ||||
|       value: false | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.imagePullSecrets | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.nodeSelector | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.priorityClassName | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.restartPolicy | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.subdomain | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.spec.terminationGracePeriodSeconds | ||||
|       value: 60 | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.tolerations | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - notExists: | ||||
|       path: spec.template.spec.topologySpreadConstraints | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.strategy | ||||
|       value: | ||||
| @@ -118,7 +118,7 @@ tests: | ||||
|         rollingUpdate: | ||||
|           maxSurge: 1 | ||||
|           maxUnavailable: 1 | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test custom replicas | ||||
|   set: | ||||
| @@ -130,7 +130,7 @@ tests: | ||||
|   - equal: | ||||
|       path: spec.replicas | ||||
|       value: 3 | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test custom affinity | ||||
|   set: | ||||
| @@ -160,7 +160,7 @@ tests: | ||||
|                 values: | ||||
|                 - antarctica-east1 | ||||
|                 - antarctica-west1 | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test additional arguments | ||||
|   set: | ||||
| @@ -176,7 +176,7 @@ tests: | ||||
|       value: | ||||
|       - --foo=bar | ||||
|       - --bar=foo | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test additional command | ||||
|   set: | ||||
| @@ -194,7 +194,7 @@ tests: | ||||
|       - "/bin/sh" | ||||
|       - "-c" | ||||
|       - "echo hello" | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test custom imageRegistry and imageRepository | ||||
|   set: | ||||
| @@ -206,8 +206,8 @@ tests: | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.template.spec.containers[0].image | ||||
|       value: registry.example.local/path/special/athens-proxy:v0.1.0 | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|       value: registry.example.local/path/special/athens-proxy:0.1.0 | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test custom imagePullPolicy | ||||
|   set: | ||||
| @@ -219,7 +219,7 @@ tests: | ||||
|   - equal: | ||||
|       path: spec.template.spec.containers[0].imagePullPolicy | ||||
|       value: Always | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test custom resource limits and requests | ||||
|   set: | ||||
| @@ -242,7 +242,7 @@ tests: | ||||
|           resourceFieldRef: | ||||
|             divisor: "1" | ||||
|             resource: limits.cpu | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.spec.containers[0].resources | ||||
|       value: | ||||
| @@ -252,7 +252,7 @@ tests: | ||||
|         requests: | ||||
|           cpu: 25m | ||||
|           memory: 100MB | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test custom securityContext | ||||
|   set: | ||||
| @@ -282,7 +282,7 @@ tests: | ||||
|         readOnlyRootFilesystem: true | ||||
|         runAsNonRoot: true | ||||
|         runAsUser: 1000 | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test dnsConfig | ||||
|   set: | ||||
| @@ -300,7 +300,7 @@ tests: | ||||
|         nameservers: | ||||
|         - "8.8.8.8" | ||||
|         - "8.8.4.4" | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test dnsPolicy | ||||
|   set: | ||||
| @@ -312,7 +312,7 @@ tests: | ||||
|   - equal: | ||||
|       path: spec.template.spec.dnsPolicy | ||||
|       value: ClusterFirst | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test hostNetwork, hostname, subdomain | ||||
|   set: | ||||
| @@ -326,15 +326,15 @@ tests: | ||||
|   - equal: | ||||
|       path: spec.template.spec.hostNetwork | ||||
|       value: true | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.spec.hostname | ||||
|       value: pg-exporter | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|   - equal: | ||||
|       path: spec.template.spec.subdomain | ||||
|       value: exporters.internal | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test imagePullSecrets | ||||
|   set: | ||||
| @@ -350,7 +350,7 @@ tests: | ||||
|       value: | ||||
|       - name: my-pull-secret | ||||
|       - name: my-special-secret | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test nodeSelector | ||||
|   set: | ||||
| @@ -364,7 +364,7 @@ tests: | ||||
|       path: spec.template.spec.nodeSelector | ||||
|       value: | ||||
|         foo: bar | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test priorityClassName | ||||
|   set: | ||||
| @@ -376,7 +376,7 @@ tests: | ||||
|   - equal: | ||||
|       path: spec.template.spec.priorityClassName | ||||
|       value: my-priority | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test restartPolicy | ||||
|   set: | ||||
| @@ -388,7 +388,7 @@ tests: | ||||
|   - equal: | ||||
|       path: spec.template.spec.restartPolicy | ||||
|       value: Always | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test terminationGracePeriodSeconds | ||||
|   set: | ||||
| @@ -400,7 +400,7 @@ tests: | ||||
|   - equal: | ||||
|       path: spec.template.spec.terminationGracePeriodSeconds | ||||
|       value: 120 | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test tolerations | ||||
|   set: | ||||
| @@ -420,7 +420,7 @@ tests: | ||||
|         operator: Equal | ||||
|         value: postgres | ||||
|         effect: NoSchedule | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test topologySpreadConstraints | ||||
|   set: | ||||
| @@ -442,7 +442,7 @@ tests: | ||||
|         labelSelector: | ||||
|           matchLabels: | ||||
|             app.kubernetes.io/instance: athens-proxy | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test additional volumeMounts and volumes | ||||
|   set: | ||||
| @@ -462,5 +462,4 @@ tests: | ||||
|       value: | ||||
|       - name: data | ||||
|         mountPath: /usr/lib/athens-proxy/data | ||||
|     template: templates/athens-proxy/deployment.yaml | ||||
|  | ||||
|     template: templates/deployment.yaml | ||||
|   | ||||
| @@ -6,42 +6,57 @@ release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/deployment.yaml | ||||
| - templates/configMapDownloadMode.yaml | ||||
| - templates/configMapGitConfig.yaml | ||||
| - templates/deployment.yaml | ||||
| - templates/secretNetRC.yaml | ||||
| - templates/secretSSH.yaml | ||||
| tests: | ||||
| - it: Rendering default without mounted download mode config map | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_DOWNLOAD_MODE | ||||
|           value: file:/etc/athens/config/download-mode.d/download-mode | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: download-mode | ||||
|           mountPath: /etc/athens/config/download-mode.d | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: download-mode | ||||
|           configMap: | ||||
|             name: athens-proxy-unittest-download-mode-file | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering default with mounted gitconfig configMap | ||||
|   set: | ||||
|     config.downloadMode.enabled: true | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - exists: | ||||
|         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_DOWNLOAD_MODE | ||||
|           value: file:/etc/athens/config/download-mode.d/download-mode | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: download-mode | ||||
|           mountPath: /etc/athens/config/download-mode.d | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
| @@ -52,6 +67,7 @@ tests: | ||||
|                 mode: 0644 | ||||
|                 path: download-mode | ||||
|             name: athens-proxy-unittest-download-mode-file | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering with custom download mode configMap | ||||
|   set: | ||||
| @@ -61,16 +77,21 @@ tests: | ||||
|     config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key" | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_DOWNLOAD_MODE | ||||
|           value: file:/etc/athens/config/download-mode.d/download-mode | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: download-mode | ||||
|           mountPath: /etc/athens/config/download-mode.d | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
| @@ -81,3 +102,4 @@ tests: | ||||
|               path: "download-mode" | ||||
|               mode: 0644 | ||||
|             name: my-custom-configmap | ||||
|       template: templates/deployment.yaml | ||||
							
								
								
									
										51
									
								
								unittests/deployment/env.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										51
									
								
								unittests/deployment/env.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,51 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Deployment template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/deployment.yaml | ||||
| - templates/secretEnv.yaml | ||||
| tests: | ||||
| - it: Rendering default without mounted env secret | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].envFrom | ||||
|         content: | ||||
|           secretRef: | ||||
|             name: athens-proxy-unittest-env | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering default with mounted env secret | ||||
|   set: | ||||
|     config.env.enabled: true | ||||
|   asserts: | ||||
|     - exists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].envFrom | ||||
|         content: | ||||
|           secretRef: | ||||
|             name: athens-proxy-unittest-env | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering default with mounted env secret | ||||
|   set: | ||||
|     config.env.enabled: true | ||||
|     config.env.existingSecret.enabled: true | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-env | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].envFrom | ||||
|         content: | ||||
|           secretRef: | ||||
|             name: athens-proxy-unittest-env | ||||
|       template: templates/deployment.yaml | ||||
| @@ -6,16 +6,24 @@ release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/deployment.yaml | ||||
| - templates/configMapDownloadMode.yaml | ||||
| - templates/configMapGitConfig.yaml | ||||
| - templates/deployment.yaml | ||||
| - templates/secretNetRC.yaml | ||||
| - templates/secretSSH.yaml | ||||
| tests: | ||||
| - it: Rendering default without mounted git config map | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.gitconfig | ||||
|           subPath: .gitconfig | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
| @@ -28,18 +36,23 @@ tests: | ||||
|                   path: .gitconfig | ||||
|                   mode: 0600 | ||||
|                 name: athens-proxy-unittest-gitconfig | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering default with mounted gitconfig configMap | ||||
|   set: | ||||
|     config.gitConfig.enabled: true | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - exists: | ||||
|         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.gitconfig | ||||
|           subPath: .gitconfig | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
| @@ -52,6 +65,7 @@ tests: | ||||
|                   path: .gitconfig | ||||
|                   mode: 0644 | ||||
|                 name: athens-proxy-unittest-gitconfig | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering with custom gitconfig configMap | ||||
|   set: | ||||
| @@ -61,12 +75,16 @@ tests: | ||||
|     config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key" | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.gitconfig | ||||
|           subPath: .gitconfig | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
| @@ -79,3 +97,4 @@ tests: | ||||
|                   path: .gitconfig | ||||
|                   mode: 0644 | ||||
|                 name: my-custom-configmap | ||||
|       template: templates/deployment.yaml | ||||
| @@ -6,15 +6,23 @@ release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/deployment.yaml | ||||
| - templates/configMapDownloadMode.yaml | ||||
| - templates/configMapGitConfig.yaml | ||||
| - templates/deployment.yaml | ||||
| - templates/secretNetRC.yaml | ||||
| - templates/secretSSH.yaml | ||||
| tests: | ||||
| - it: Rendering default without mounted netrc secret | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: netrc | ||||
|           mountPath: /root | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
| @@ -27,18 +35,23 @@ tests: | ||||
|                   path: .netrc | ||||
|                   mode: 0600 | ||||
|                 name: athens-proxy-unittest-netrc | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering default with mounted netrc secret | ||||
|   set: | ||||
|     config.netrc.enabled: true | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - exists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.netrc | ||||
|           subPath: .netrc | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
| @@ -51,6 +64,7 @@ tests: | ||||
|                   path: .netrc | ||||
|                   mode: 0600 | ||||
|                 name: athens-proxy-unittest-netrc | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering with custom netrc secret | ||||
|   set: | ||||
| @@ -60,12 +74,16 @@ tests: | ||||
|     config.netrc.existingSecret.netrcKey: "my-netrc-key" | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netc | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.netrc | ||||
|           subPath: .netrc | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
| @@ -78,3 +96,4 @@ tests: | ||||
|                   path: .netrc | ||||
|                   mode: 0600 | ||||
|                 name: my-custom-secret | ||||
|       template: templates/deployment.yaml | ||||
| @@ -6,7 +6,11 @@ release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/deployment.yaml | ||||
| - templates/configMapDownloadMode.yaml | ||||
| - templates/configMapGitConfig.yaml | ||||
| - templates/deployment.yaml | ||||
| - templates/secretNetRC.yaml | ||||
| - templates/secretSSH.yaml | ||||
| tests: | ||||
| - it: Test persistent volume claim | ||||
|   set: | ||||
| @@ -17,26 +21,26 @@ tests: | ||||
|         content: | ||||
|           name: ATHENS_STORAGE_TYPE | ||||
|           value: disk | ||||
|       template: templates/athens-proxy/deployment.yaml | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_DISK_STORAGE_ROOT | ||||
|           value: /var/www/athens-proxy/data | ||||
|       template: templates/athens-proxy/deployment.yaml | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: data | ||||
|           mountPath: /var/www/athens-proxy/data | ||||
|       template: templates/athens-proxy/deployment.yaml | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: data | ||||
|           persistentVolumeClaim: | ||||
|             claimName: athens-proxy-unittest-data | ||||
|       template: templates/athens-proxy/deployment.yaml | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Test existing persistent volume claim | ||||
|   set: | ||||
| @@ -51,23 +55,23 @@ tests: | ||||
|         content: | ||||
|           name: ATHENS_STORAGE_TYPE | ||||
|           value: disk | ||||
|       template: templates/athens-proxy/deployment.yaml | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].env | ||||
|         content: | ||||
|           name: ATHENS_DISK_STORAGE_ROOT | ||||
|           value: /mnt/go-proxy/data | ||||
|       template: templates/athens-proxy/deployment.yaml | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: data | ||||
|           mountPath: /mnt/go-proxy/data | ||||
|       template: templates/athens-proxy/deployment.yaml | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
|           name: data | ||||
|           persistentVolumeClaim: | ||||
|             claimName: my-special-pvc | ||||
|       template: templates/athens-proxy/deployment.yaml | ||||
|       template: templates/deployment.yaml | ||||
| @@ -6,40 +6,52 @@ release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/deployment.yaml | ||||
| - templates/configMapDownloadMode.yaml | ||||
| - templates/configMapGitConfig.yaml | ||||
| - templates/deployment.yaml | ||||
| - templates/secretNetRC.yaml | ||||
| - templates/secretSSH.yaml | ||||
| tests: | ||||
| - it: Rendering default without mounted ssh secret | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/config | ||||
|           subPath: config | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_ed25519 | ||||
|           subPath: id_ed25519 | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_ed25519.pub | ||||
|           subPath: id_ed25519.pub | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_rsa | ||||
|           subPath: id_rsa | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_rsa.pub | ||||
|           subPath: id_rsa.pub | ||||
|       template: templates/deployment.yaml | ||||
|     - notContains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
| @@ -64,6 +76,7 @@ tests: | ||||
|                   path: id_rsa.pub | ||||
|                   mode: 0644 | ||||
|                 name: athens-proxy-unittest-ssh | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering default with mounted ssh config | ||||
|   set: | ||||
| @@ -76,6 +89,7 @@ tests: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/config | ||||
|           subPath: config | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
| @@ -88,6 +102,7 @@ tests: | ||||
|                   path: config | ||||
|                   mode: 0600 | ||||
|                 name: athens-proxy-unittest-ssh | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering default with mounted ssh keys | ||||
|   set: | ||||
| @@ -98,36 +113,44 @@ tests: | ||||
|     config.ssh.secret.id_rsa_pub: bar | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - exists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/config | ||||
|           subPath: config | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_ed25519 | ||||
|           subPath: id_ed25519 | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_ed25519.pub | ||||
|           subPath: id_ed25519.pub | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_rsa | ||||
|           subPath: id_rsa | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_rsa.pub | ||||
|           subPath: id_rsa.pub | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
| @@ -152,6 +175,7 @@ tests: | ||||
|                   path: id_rsa.pub | ||||
|                   mode: 0644 | ||||
|                 name: athens-proxy-unittest-ssh | ||||
|       template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering with custom ssh secret | ||||
|   set: | ||||
| @@ -165,36 +189,44 @@ tests: | ||||
|     config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key" | ||||
|     persistence.enabled: true | ||||
|   asserts: | ||||
|     - notExists: | ||||
|         path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/config | ||||
|           subPath: config | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_ed25519 | ||||
|           subPath: id_ed25519 | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_ed25519.pub | ||||
|           subPath: id_ed25519.pub | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_rsa | ||||
|           subPath: id_rsa | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.containers[0].volumeMounts | ||||
|         content: | ||||
|           name: secrets | ||||
|           mountPath: /root/.ssh/id_rsa.pub | ||||
|           subPath: id_rsa.pub | ||||
|       template: templates/deployment.yaml | ||||
|     - contains: | ||||
|         path: spec.template.spec.volumes | ||||
|         content: | ||||
| @@ -219,3 +251,4 @@ tests: | ||||
|                   path: id_rsa.pub | ||||
|                   mode: 0644 | ||||
|                 name: my-custom-secret | ||||
|       template: templates/deployment.yaml | ||||
| @@ -6,7 +6,7 @@ release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/hpa.yaml | ||||
| - templates/hpa.yaml | ||||
| tests: | ||||
| - it: Skip rendering by default. | ||||
|   asserts: | ||||
|   | ||||
| @@ -6,7 +6,7 @@ release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/ingress.yaml | ||||
| - templates/ingress.yaml | ||||
| tests: | ||||
| - it: Skip ingress by default. | ||||
|   asserts: | ||||
|   | ||||
| @@ -1,49 +1,30 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: NetworkPolicies template | ||||
| suite: NetworkPolicy template | ||||
| release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/networkPolicies.yaml | ||||
| - templates/networkPolicy.yaml | ||||
| tests: | ||||
| - it: Skip networkPolicies in general disabled. | ||||
| - it: Skip rendering networkPolicy | ||||
|   set: | ||||
|     networkPolicies.enabled: false | ||||
|     networkPolicy.enabled: false | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
| 
 | ||||
| - it: Skip networkPolicy 'default' when disabled. | ||||
| - it: Render default networkPolicy | ||||
|   set: | ||||
|     networkPolicies.enabled: true | ||||
|     networkPolicies.default.enabled: false | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
| 
 | ||||
| - it: Loop over networkPolicies | ||||
|   set: | ||||
|     networkPolicies.enabled: true | ||||
|     networkPolicies.default.enabled: false | ||||
|     networkPolicies.nginx.enabled: true | ||||
|     networkPolicies.prometheus.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 2 | ||||
| 
 | ||||
| - it: Template networkPolicy 'default' without policyTypes, egress and ingress configuration | ||||
|   set: | ||||
|     networkPolicies.enabled: true | ||||
|     networkPolicies.default.enabled: true | ||||
|     networkPolicy.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count:  1 | ||||
|   - containsDocument: | ||||
|       apiVersion: networking.k8s.io/v1 | ||||
|       kind: NetworkPolicy | ||||
|       name: athens-proxy-unittest-default | ||||
|       name: athens-proxy-unittest | ||||
|       namespace: testing | ||||
|   - notExists: | ||||
|       path: metadata.annotations | ||||
| @@ -67,29 +48,28 @@ tests: | ||||
|   - notExists: | ||||
|       path: spec.ingress | ||||
| 
 | ||||
| - it: Template networkPolicy 'default' with policyTypes, egress and ingress configuration | ||||
| - it: Template networkPolicy with policyTypes, egress and ingress configuration | ||||
|   set: | ||||
|     networkPolicies.enabled: true | ||||
|     networkPolicies.default.enabled: true | ||||
|     networkPolicies.default.policyTypes: | ||||
|     networkPolicy.enabled: true | ||||
|     networkPolicy.policyTypes: | ||||
|     - Egress | ||||
|     - Ingress | ||||
|     networkPolicies.default.ingress: | ||||
|     networkPolicy.ingress: | ||||
|     - from: | ||||
|       - namespaceSelector: | ||||
|           matchLabels: | ||||
|             kubernetes.io/metadata.name: khv-production | ||||
|             kubernetes.io/metadata.name: monitoring | ||||
|         podSelector: | ||||
|           matchLabels: | ||||
|             app.kubernetes.io/name: prometheus | ||||
|     networkPolicies.default.egress: | ||||
|     networkPolicy.egress: | ||||
|     - to: | ||||
|       - namespaceSelector: | ||||
|           matchLabels: | ||||
|             kubernetes.io/metadata.name: database | ||||
|             kubernetes.io/metadata.name: ingress-nginx | ||||
|         podSelector: | ||||
|           matchLabels: | ||||
|             app.kubernetes.io/name: oracle | ||||
|             app.kubernetes.io/name: ingress-nginx | ||||
|   asserts: | ||||
|   - equal: | ||||
|       path: spec.policyTypes | ||||
| @@ -102,17 +82,17 @@ tests: | ||||
|       - to: | ||||
|         - namespaceSelector: | ||||
|             matchLabels: | ||||
|               kubernetes.io/metadata.name: database | ||||
|               kubernetes.io/metadata.name: ingress-nginx | ||||
|           podSelector: | ||||
|             matchLabels: | ||||
|               app.kubernetes.io/name: oracle | ||||
|               app.kubernetes.io/name: ingress-nginx | ||||
|   - equal: | ||||
|       path: spec.ingress | ||||
|       value: | ||||
|       - from: | ||||
|         - namespaceSelector: | ||||
|             matchLabels: | ||||
|               kubernetes.io/metadata.name: khv-production | ||||
|               kubernetes.io/metadata.name: monitoring | ||||
|           podSelector: | ||||
|             matchLabels: | ||||
|               app.kubernetes.io/name: prometheus | ||||
| @@ -6,7 +6,7 @@ release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/persistentVolumeClaim.yaml | ||||
| - templates/persistentVolumeClaim.yaml | ||||
| tests: | ||||
| - it: Rendering default | ||||
|   asserts: | ||||
|   | ||||
| @@ -6,16 +6,24 @@ release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/secretEnv.yaml | ||||
| - templates/secretEnv.yaml | ||||
| tests: | ||||
| - it: Skip rendering by default | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Skip rendering by using existing secret. | ||||
|   set: | ||||
|     config.env.enabled: true | ||||
|     config.env.existingSecret.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Rendering env secret with default values. | ||||
|   set: | ||||
|     config.env.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
| @@ -39,6 +47,7 @@ tests: | ||||
|  | ||||
| - it: Rendering env secret with custom values. | ||||
|   set: | ||||
|     config.env.enabled: true | ||||
|     config.env.secret.envs.ATHENS_GITHUB_TOKEN: my-secret-token | ||||
|   asserts: | ||||
|   - isSubset: | ||||
| @@ -48,6 +57,7 @@ tests: | ||||
|  | ||||
| - it: Rendering custom annotations and labels. | ||||
|   set: | ||||
|     config.env.enabled: true | ||||
|     config.env.secret.annotations: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
|   | ||||
| @@ -6,7 +6,7 @@ release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/secretNetRC.yaml | ||||
| - templates/secretNetRC.yaml | ||||
| tests: | ||||
| - it: Skip rendering by default | ||||
|   asserts: | ||||
|   | ||||
| @@ -6,16 +6,24 @@ release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/secretSSH.yaml | ||||
| - templates/secretSSH.yaml | ||||
| tests: | ||||
| - it: Skip rending by default. | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Skip rendering by using existing secret. | ||||
|   set: | ||||
|     config.ssh.enabled: true | ||||
|     config.ssh.existingSecret.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Rendering ssh secret with default values. | ||||
|   set: | ||||
|     config.ssh.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
| @@ -51,6 +59,7 @@ tests: | ||||
|  | ||||
| - it: Rendering ssh secret with custom values. | ||||
|   set: | ||||
|     config.ssh.enabled: true | ||||
|     config.ssh.secret.config: | | ||||
|       Host * | ||||
|         IdentityFile ~/.ssh/id_ed25519 | ||||
| @@ -90,6 +99,7 @@ tests: | ||||
|  | ||||
| - it: Rendering custom annotations and labels. | ||||
|   set: | ||||
|     config.ssh.enabled: true | ||||
|     config.ssh.secret.annotations: | ||||
|       foo: bar | ||||
|       bar: foo | ||||
|   | ||||
| @@ -6,7 +6,7 @@ release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/serviceAccount.yaml | ||||
| - templates/serviceAccount.yaml | ||||
| tests: | ||||
| - it: Skip rendering. | ||||
|   set: | ||||
|   | ||||
| @@ -6,7 +6,7 @@ release: | ||||
|   name: athens-proxy-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/athens-proxy/serviceHTTP.yaml | ||||
| - templates/serviceHTTP.yaml | ||||
| tests: | ||||
| - it: Skip service when disabled. | ||||
|   set: | ||||
|   | ||||
							
								
								
									
										45
									
								
								values.yaml
									
									
									
									
									
								
							
							
						
						
									
										45
									
								
								values.yaml
									
									
									
									
									
								
							| @@ -8,6 +8,9 @@ fullnameOverride: "" | ||||
| ## @section Configuration | ||||
| config: | ||||
|   env: | ||||
|     ## @param config.env.enabled Enable mounting of the secret as environment variables. | ||||
|     enabled: false | ||||
|  | ||||
|     ## @param config.env.existingSecret.enabled Mount an existing secret containing the application specific environment variables. | ||||
|     ## @param config.env.existingSecret.secretName Name of the existing secret containing the application specific environment variables. | ||||
|     existingSecret: | ||||
| @@ -108,15 +111,15 @@ config: | ||||
|  | ||||
|     ## @param config.downloadMode.configMap.annotations Additional annotations of the config map containing the download mode file. | ||||
|     ## @param config.downloadMode.configMap.labels Additional labels of the config map containing the download mode file. | ||||
|     ## @param config.downloadMode.configMap.content The content of the download mode file. | ||||
|     ## @skip config.downloadMode.configMap.content The content of the download mode file. | ||||
|     configMap: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
|       content: | | ||||
|         # downloadURL = "https://proxy.golang.org" | ||||
|         # | ||||
|         # mode = "async_redirect" | ||||
|         # | ||||
|         downloadURL = "https://proxy.golang.org" | ||||
|  | ||||
|         mode = "async_redirect" | ||||
|  | ||||
|         # download "github.com/gomods/*" { | ||||
|         #     mode = "sync" | ||||
|         # } | ||||
| @@ -127,7 +130,7 @@ config: | ||||
|         # | ||||
|         # download "github.com/pkg/*" { | ||||
|         #     mode = "redirect" | ||||
|         #     downloadURL = "https://gocenter.io" | ||||
|         #     downloadURL = "https://proxy.golang.org" | ||||
|         # } | ||||
|  | ||||
|   gitConfig: | ||||
| @@ -144,7 +147,7 @@ config: | ||||
|  | ||||
|     ## @param config.gitConfig.configMap.annotations Additional annotations of the config map containing the .gitconfig file. | ||||
|     ## @param config.gitConfig.configMap.labels Additional labels of the config map containing the .gitconfig file. | ||||
|     ## @param config.gitConfig.configMap.content The content of the .gitconfig file. | ||||
|     ## @skip config.gitConfig.configMap.content The content of the .gitconfig file. | ||||
|     configMap: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
| @@ -170,7 +173,7 @@ config: | ||||
|  | ||||
|     ## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials. | ||||
|     ## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials. | ||||
|     ## @param config.netrc.secret.content The content of the .netrc file. | ||||
|     ## @skip config.netrc.secret.content The content of the .netrc file. | ||||
|     secret: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
| @@ -210,7 +213,7 @@ config: | ||||
|  | ||||
|     ## @param config.ssh.secret.annotations Additional annotations of the secret containing the public and private SSH key files. | ||||
|     ## @param config.ssh.secret.labels Additional labels of the secret containing the public and private SSH key files. | ||||
|     ## @param config.ssh.secret.config The content of the SSH client config file. | ||||
|     ## @skip config.ssh.secret.config The content of the SSH client config file. | ||||
|     ## @skip config.ssh.secret.id_ed25519 The content of the private SSH ed25519 key. | ||||
|     ## @skip config.ssh.secret.id_ed25519_pub The content of the public SSH ed25519 key. | ||||
|     ## @skip config.ssh.secret.id_rsa The content of the private SSH RSA key. | ||||
| @@ -497,20 +500,16 @@ persistence: | ||||
|       storageClass: "" | ||||
|       storageSize: "5Gi" | ||||
|  | ||||
| ## @section NetworkPolicies | ||||
| ## @param networkPolicies.enabled Enable network policies in general. | ||||
| networkPolicies: | ||||
|   enabled: false | ||||
|  | ||||
|   ## @param networkPolicies.default.enabled Enable the network policy for accessing the application by default. For example to scape the metrics. | ||||
|   ## @param networkPolicies.default.annotations Additional network policy annotations. | ||||
|   ## @param networkPolicies.default.labels Additional network policy labels. | ||||
|   ## @param networkPolicies.default.policyTypes List of policy types. Supported is ingress, egress or ingress and egress. | ||||
|   ## @param networkPolicies.default.egress Concrete egress network policy implementation. | ||||
|   ## @skip networkPolicies.default.egress Skip individual egress configuration. | ||||
|   ## @param networkPolicies.default.ingress Concrete ingress network policy implementation. | ||||
|   ## @skip networkPolicies.default.ingress Skip individual ingress configuration. | ||||
|   default: | ||||
| ## @section Network Policy | ||||
| networkPolicy: | ||||
|   ## @param networkPolicy.enabled Enable network policies in general. | ||||
|   ## @param networkPolicy.annotations Additional network policy annotations. | ||||
|   ## @param networkPolicy.labels Additional network policy labels. | ||||
|   ## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress. | ||||
|   ## @param networkPolicy.egress Concrete egress network policy implementation. | ||||
|   ## @skip networkPolicy.egress Skip individual egress configuration. | ||||
|   ## @param networkPolicy.ingress Concrete ingress network policy implementation. | ||||
|   ## @skip networkPolicy.ingress Skip individual ingress configuration. | ||||
|   enabled: false | ||||
|   annotations: {} | ||||
|   labels: {} | ||||
|   | ||||
		Reference in New Issue
	
	Block a user