athens-proxy-charts
This is an inofficial helm chart of the go-proxy athens which supports more complex configuration options.
This helm chart can be found on artifacthub.io and can be installed via helm.
helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
helm install athens-proxy volker.raschek/athens-proxy
Customization
The complete deployment can be adapted via the values.yaml files. The
configuration of the proxy can be done via the environment variables described
below or via mounting the config.toml as additional persistent volume to
/config/config.toml
Access private repositories via SSH
Create a configmap.yaml with multiple keys. One key describe the content of
the .gitconfig file and another of config of the ssh client. All requests
Git clone comands with the prefix http://github.com/ will be replaced by
git@github.com: to use SSH instead of HTTPS. The SSH keys are stored in a
separate secret.
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-configs
data:
sshconfig: |
Host github.com
IdentityFile /root/.ssh/id_ed25519
StrictHostKeyChecking no
gitconfig: |
[url "git@github.com:"]
insteadOf = https://github.com/
The secret definition below contains the SSH private and public key.
apiVersion: v1
kind: Secret
metadata:
name: custom-ssh-keys
type: Opaque
stringData:
id_ed25519: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj
XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg
AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M
a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==
-----END OPENSSH PRIVATE KEY-----
id_ed25519.pub: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe
The item config of the configmap will be merged with the items of the secret
as virtual volume. This volume can than be mounted with special permissions
required for the ssh client.
extraVolumes:
- name: ssh
projected:
defaultMode: 0644
sources:
- configMap:
name: custom-configs
items:
- key: sshconfig
path: config
- secret:
name: custom-ssh-keys
items:
- key: id_ed25519
path: id_ed25519
mode: 0600
- key: id_ed25519.pub
path: id_ed25519.pub
- name: gitconfig
configMap:
name: custom-configs
items:
- key: gitconfig
path: config
mode: 0644
extraVolumeMounts:
- name: ssh
mountPath: /root/.ssh
- name: gitconfig
mountPath: /root/.config/git
Access private GitHub.com repositories via developer token
Another way to access private GitHub repositories is via a GitHub token, which
can be set via the environment variable GITHUB_TOKEN. Athens automatically
creates a .netrc file to access private GitHub repositories.
Access private repositories via .netrc configuration
As describe above, a .netrc file is responsible for the authentication via
HTTP. The file can also be defined via a custom secret and mounted into the home
directory of root for general authentication purpose.
The example below describe the definition and mounting of a custom .netrc file
to access private repositories hosted on GitHub and GitLab.
apiVersion: v1
kind: Secret
metadata:
name: custom-netrc
type: Opaque
stringData:
netrc: |
machine github.com login USERNAME password API-KEY
machine gitlab.com login USERNAME password API-KEY
The file must then be mounted via extraVolumes and extraVolumeMounts.
extraVolumes:
- name: netrc
secret:
secretName: custom-netrc
items:
- key: netrc
path: .netrc
mode: 0600
extraVolumeMounts:
- name: netrc
mountPath: /root
Persistent storage
Unlike the athens default, the default here is disk - i.e. the files are
written to the container. Therefore, it is advisable to outsource the
corresponding storage location to persistent storage. The following example
describes the integration of a persistent storage claim.
extraVolumes:
- name: gomodules
persistentVolumeClaim:
claimName: custom-gomodules-pvc
extraVolumeMounts:
- name: gomodules
mountPath: /var/lib/athens