diff --git a/.gitignore b/.gitignore index ba69fff..a2cb7d1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ charts node_modules target -values2.yml -values2.yaml +values[0-9].yml +values[0-9].yaml *.tgz diff --git a/README.md b/README.md index 803f072..3d90141 100644 --- a/README.md +++ b/README.md @@ -122,14 +122,15 @@ deployment: secret.reloader.stakater.com/reload: "reposilite-tls" ``` -### Network policies +#### Network policies Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`. The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming -traffic from an ingress controller. Additionally one egress rule is defined, to allow the application outgoing access -to the internal running DNS server `core-dns`. +traffic from an ingress controller. Additionally two egress rules are defined. The first one to allow the application +outgoing access to the internal running DNS server `core-dns`. The second rule to be able to access the Apache Maven +Central repository via HTTPS. > [!IMPORTANT] > Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For @@ -156,6 +157,10 @@ networkPolicies: protocol: TCP - port: 53 protocol: UDP + - ports: + - port: 443 + protocol: TCP + ingress: - from: - namespaceSelector: @@ -169,6 +174,26 @@ networkPolicies: protocol: TCP ``` +### Prometheus + +Reposilite is not able to expose metrics by default. Reposilite requires an additional plugin to expose the metrics via +`/metrics`. The plugin will be downloaded from Apache Maven Central, when the plugin is enabled directly or the +Prometheus feature has been enabled. The plugin is a simple JAR file, which will be stored in `/app/data/plugins`. + +Furthermore, Reposilite will not expose the metrics without protection. For this reason must be defined basic auth +credentials. By default generate the helm chart a random username and password for basic auth. For debugging propose can +be set the credentials manually. + +The following example enable Prometheus metrics with custom basic auth credentials: + +```bash +CHART_VERSION=0.1.3 +helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \ + --set 'prometheus.metrics.enabled=true' \ + --set 'prometheus.metrics.basicAuthUsername=my-username' \ + --set 'prometheus.metrics.basicAuthUsername=my-password' +``` + ## Parameters ### Global @@ -178,44 +203,56 @@ networkPolicies: | `nameOverride` | Individual release name suffix. | `""` | | `fullnameOverride` | Override the complete release name logic. | `""` | +### Config + +| Name | Description | Value | +| ----------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | +| `config.plugins.prometheus.enabled` | Download the Prometheus plugin via an additional init container. The Prometheus plugin will automatically enabled, when Prometheus is enabled. | `false` | +| `config.plugins.prometheus.url` | URL to download the plugin. | `https://maven.reposilite.com/releases/com/reposilite/plugin/prometheus-plugin/3.5.25/prometheus-plugin-3.5.25-all.jar` | + ### Deployment -| Name | Description | Value | -| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------- | -| `deployment.annotations` | Additional deployment annotations. | `{}` | -| `deployment.labels` | Additional deployment labels. | `{}` | -| `deployment.additionalContainers` | List of additional containers. | `[]` | -| `deployment.affinity` | Affinity for the Reposilite deployment. | `{}` | -| `deployment.initContainers` | List of additional init containers. | `[]` | -| `deployment.dnsConfig` | dnsConfig of the Reposilite deployment. | `{}` | -| `deployment.dnsPolicy` | dnsPolicy of the Reposilite deployment. | `""` | -| `deployment.hostname` | Individual hostname of the pod. | `""` | -| `deployment.subdomain` | Individual domain of the pod. | `""` | -| `deployment.hostNetwork` | Use the kernel network namespace of the host system. | `false` | -| `deployment.imagePullSecrets` | Secret to use for pulling the image. | `[]` | -| `deployment.reposilite.args` | Arguments passed to the Reposilite container. | `[]` | -| `deployment.reposilite.command` | Command passed to the Reposilite container. | `[]` | -| `deployment.reposilite.env` | List of environment variables for the Reposilite container. | | -| `deployment.reposilite.envFrom` | List of environment variables mounted from configMaps or secrets for the Reposilite container. | `[]` | -| `deployment.reposilite.image.registry` | Image registry, eg. `docker.io`. | `docker.io` | -| `deployment.reposilite.image.repository` | Image repository, eg. `library/busybox`. | `dzikoysk/reposilite` | -| `deployment.reposilite.image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` | -| `deployment.reposilite.image.pullPolicy` | Image pull policy. | `IfNotPresent` | -| `deployment.reposilite.resources` | CPU and memory resources of the pod. | `{}` | -| `deployment.reposilite.securityContext` | Security context of the container of the deployment. | `{}` | -| `deployment.reposilite.volumeMounts` | Additional volume mounts. | `[]` | -| `deployment.nodeSelector` | NodeSelector of the Reposilite deployment. | `{}` | -| `deployment.priorityClassName` | PriorityClassName of the Reposilite deployment. | `""` | -| `deployment.replicas` | Number of replicas for the Reposilite deployment. | `1` | -| `deployment.restartPolicy` | Restart policy of the Reposilite deployment. | `""` | -| `deployment.securityContext` | Security context of the Reposilite deployment. | `{}` | -| `deployment.strategy.type` | Strategy type - `Recreate` or `RollingUpdate`. | `RollingUpdate` | -| `deployment.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` | -| `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` | -| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` | -| `deployment.tolerations` | Tolerations of the Reposilite deployment. | `[]` | -| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the Reposilite deployment. | `[]` | -| `deployment.volumes` | Additional volumes to mount into the pods of the reposilite deployment. | `[]` | +| Name | Description | Value | +| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | ------------------------------------------- | +| `deployment.annotations` | Additional deployment annotations. | `{}` | +| `deployment.labels` | Additional deployment labels. | `{}` | +| `deployment.additionalContainers` | List of additional containers. | `[]` | +| `deployment.affinity` | Affinity for the Reposilite deployment. | `{}` | +| `deployment.initContainers` | List of additional init containers. | `[]` | +| `deployment.dnsConfig` | dnsConfig of the Reposilite deployment. | `{}` | +| `deployment.dnsPolicy` | dnsPolicy of the Reposilite deployment. | `""` | +| `deployment.hostname` | Individual hostname of the pod. | `""` | +| `deployment.subdomain` | Individual domain of the pod. | `""` | +| `deployment.hostNetwork` | Use the kernel network namespace of the host system. | `false` | +| `deployment.imagePullSecrets` | Secret to use for pulling the image. | `[]` | +| `deployment.reposilite.args` | Arguments passed to the Reposilite container. | `[]` | +| `deployment.reposilite.command` | Command passed to the Reposilite container. | `[]` | +| `deployment.reposilite.env` | List of environment variables for the Reposilite container. | | +| `deployment.reposilite.envFrom` | List of environment variables mounted from configMaps or secrets for the Reposilite container. | `[]` | +| `deployment.reposilite.image.registry` | Image registry, eg. `docker.io`. | `docker.io` | +| `deployment.reposilite.image.repository` | Image repository, eg. `library/busybox`. | `dzikoysk/reposilite` | +| `deployment.reposilite.image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` | +| `deployment.reposilite.image.pullPolicy` | Image pull policy. | `IfNotPresent` | +| `deployment.reposilite.resources` | CPU and memory resources of the pod. | `{}` | +| `deployment.reposilite.securityContext` | Security context of the container of the deployment. | `{}` | +| `deployment.reposilite.volumeMounts` | Additional volume mounts. | `[]` | +| `deployment.nodeSelector` | NodeSelector of the Reposilite deployment. | `{}` | +| `deployment.pluginContainer.args` | Arguments passed to the plugin container. | `["--location","--fail","--max-time","60"]` | +| `deployment.pluginContainer.image.registry` | Image registry, eg. `docker.io`. | `docker.io` | +| `deployment.pluginContainer.image.repository` | Image repository, eg. `curlimages/curl`. | `curlimages/curl` | +| `deployment.pluginContainer.image.tag` | Custom image tag, eg. `0.1.0`. | `8.15.0` | +| `deployment.pluginContainer.image.pullPolicy` | Image pull policy. | `IfNotPresent` | +| `deployment.priorityClassName` | PriorityClassName of the Reposilite deployment. | `""` | +| `deployment.replicas` | Number of replicas for the Reposilite deployment. | `1` | +| `deployment.restartPolicy` | Restart policy of the Reposilite deployment. | `""` | +| `deployment.securityContext` | Security context of the Reposilite deployment. | `{}` | +| `deployment.strategy.type` | Strategy type - `Recreate` or `RollingUpdate`. | `RollingUpdate` | +| `deployment.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` | +| `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` | +| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` | +| `deployment.tolerations` | Tolerations of the Reposilite deployment. | `[]` | +| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the Reposilite deployment. | `[]` | +| `deployment.volumes` | Additional volumes to mount into the pods of the reposilite deployment. | `[]` | ### Horizontal Pod Autoscaler (HPA) @@ -265,6 +302,39 @@ networkPolicies: | `persistentVolumeClaim.new.size` | Size of the persistent volume claim. | `10Gi` | | `persistentVolumeClaim.new.storageClass` | Custom storage class. Left it empty to use the clusters default storage class. | `""` | +### Prometheus + +| Name | Description | Value | +| --------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | +| `prometheus.metrics.enabled` | Enable of scraping metrics by Prometheus. | `false` | +| `prometheus.metrics.basicAuthUsername` | Username for basic auth. The username and password is required by reposilite to expose metrics. Default: random alpha numeric string. | `""` | +| `prometheus.metrics.basicAuthPassword` | Password for basic auth. The username and password is required by reposilite to expose metrics. Default random alpha numeric string. | `""` | +| `prometheus.metrics.podMonitor.enabled` | Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource. | `false` | +| `prometheus.metrics.podMonitor.annotations` | Additional podMonitor annotations. | `{}` | +| `prometheus.metrics.podMonitor.enableHttp2` | Enable HTTP2. | `false` | +| `prometheus.metrics.podMonitor.followRedirects` | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. | `false` | +| `prometheus.metrics.podMonitor.honorLabels` | Honor labels. | `false` | +| `prometheus.metrics.podMonitor.labels` | Additional podMonitor labels. | `{}` | +| `prometheus.metrics.podMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `60s` | +| `prometheus.metrics.podMonitor.path` | HTTP path of the Reposilite pod for scraping Prometheus metrics. | `/metrics` | +| `prometheus.metrics.podMonitor.port` | HTTP port of the Reposilite pod for scraping Prometheus metrics. | `http` | +| `prometheus.metrics.podMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]` | +| `prometheus.metrics.podMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `30s` | +| `prometheus.metrics.podMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. | `http` | +| `prometheus.metrics.podMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` | +| `prometheus.metrics.serviceMonitor.enabled` | Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource. | `false` | +| `prometheus.metrics.serviceMonitor.annotations` | Additional serviceMonitor annotations. | `{}` | +| `prometheus.metrics.serviceMonitor.labels` | Additional serviceMonitor labels. | `{}` | +| `prometheus.metrics.serviceMonitor.enableHttp2` | Enable HTTP2. | `false` | +| `prometheus.metrics.serviceMonitor.followRedirects` | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. | `false` | +| `prometheus.metrics.serviceMonitor.honorLabels` | Honor labels. | `false` | +| `prometheus.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `60s` | +| `prometheus.metrics.serviceMonitor.path` | HTTP path for scraping Prometheus metrics. | `/metrics` | +| `prometheus.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]` | +| `prometheus.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `30s` | +| `prometheus.metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. | `http` | +| `prometheus.metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` | + ### Service | Name | Description | Value | @@ -280,6 +350,7 @@ networkPolicies: | `service.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` | | `service.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` | | `service.port` | Port to forward the traffic to. | `8080` | +| `service.scheme` | Name of the service port. This name is also used as scheme / port name of the service monitor resource. | `http` | | `service.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` | | `service.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` | | `service.type` | Kubernetes service type for the traffic. | `ClusterIP` | diff --git a/templates/_deployment.tpl b/templates/_deployment.tpl index 1f517c9..566ba14 100644 --- a/templates/_deployment.tpl +++ b/templates/_deployment.tpl @@ -36,6 +36,13 @@ {{/* image */}} +{{- define "reposilite.deployment.images.plugin.fqin" -}} +{{- $registry := .Values.deployment.pluginContainer.image.registry -}} +{{- $repository := .Values.deployment.pluginContainer.image.repository -}} +{{- $tag := default .Chart.AppVersion .Values.deployment.pluginContainer.image.tag -}} +{{- printf "%s/%s:%s" $registry $repository $tag -}} +{{- end -}} + {{- define "reposilite.deployment.images.reposilite.fqin" -}} {{- $registry := .Values.deployment.reposilite.image.registry -}} {{- $repository := .Values.deployment.reposilite.image.repository -}} @@ -52,6 +59,34 @@ {{- end }} {{- end }} +{{/* initContainers */}} + +{{- define "reposilite.deployment.initContainers" -}} +{{- $initContainers := .Values.deployment.initContainers | default list -}} +{{- $pluginContainerImage := (include "reposilite.deployment.images.plugin.fqin" . ) }} +{{- $pluginContainerArgs := .Values.deployment.pluginContainer.args | default list }} +{{- $pluginContainerArgs := concat $pluginContainerArgs (list "--output-dir" "/app/data/plugins" ) }} +{{- $pluginContainerVolumeMounts := list (dict "name" "plugins" "mountPath" "/app/data/plugins") }} + +{{- if eq (include "reposilite.plugins.prometheus.enabled" $) "true" }} +{{- $fileName := splitList "/" (tpl .Values.config.plugins.prometheus.url $) | last }} +{{- $individualArgs := concat $pluginContainerArgs (list "--output" $fileName (tpl .Values.config.plugins.prometheus.url $)) }} +{{- $initContainers = concat $initContainers (list (dict "args" $individualArgs "name" "download-prometheus-plugin" "image" $pluginContainerImage "volumeMounts" $pluginContainerVolumeMounts)) }} +{{- end }} + +{{ toYaml (dict "initContainers" $initContainers) }} + +{{- end }} + +{{/* plugins */}} +{{- define "reposilite.plugins.prometheus.enabled" -}} +{{- if or .Values.config.plugins.prometheus.enabled .Values.prometheus.metrics.enabled -}} +true +{{- else -}} +false +{{- end -}} +{{- end }} + {{/* serviceAccount */}} {{- define "reposilite.deployment.serviceAccount" -}} @@ -69,6 +104,11 @@ {{- if .Values.persistentVolumeClaim.enabled }} {{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistentVolumeClaim.path )) }} {{- end }} + +{{- if eq (include "reposilite.plugins.prometheus.enabled" $) "true" }} +{{- $volumeMounts = concat $volumeMounts (list (dict "name" "plugins" "mountPath" "/app/data/plugins")) }} +{{- end }} + {{ toYaml (dict "volumeMounts" $volumeMounts) }} {{- end -}} @@ -85,6 +125,10 @@ {{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $persistentVolumeClaimName))) }} {{- end }} +{{- if eq (include "reposilite.plugins.prometheus.enabled" $) "true" }} +{{- $volumes = concat $volumes (list (dict "name" "plugins" "emptyDir" dict)) }} +{{- end }} + {{ toYaml (dict "volumes" $volumes) }} {{- end -}} \ No newline at end of file diff --git a/templates/_serviceMonitors.tpl b/templates/_serviceMonitors.tpl index ce5206f..73834a8 100644 --- a/templates/_serviceMonitors.tpl +++ b/templates/_serviceMonitors.tpl @@ -31,5 +31,5 @@ false {{- define "reposilite.serviceMonitor.selectorLabels" -}} {{ include "reposilite.selectorLabels" . }} {{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}} -app.kubernetes.io/service-name: http +app.kubernetes.io/service-name: {{ required "The scheme of the serviceMonitor is not defined!" .Values.service.scheme }} {{- end }} \ No newline at end of file diff --git a/templates/_services.tpl b/templates/_services.tpl index 1f9d720..3f4d166 100644 --- a/templates/_services.tpl +++ b/templates/_services.tpl @@ -7,8 +7,6 @@ {{- if .Values.service.annotations }} {{ toYaml .Values.service.annotations }} {{- end }} -{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}} -app.kubernetes.io/service-name: http {{- end }} {{/* labels */}} @@ -18,6 +16,8 @@ app.kubernetes.io/service-name: http {{- if .Values.service.labels }} {{ toYaml .Values.service.labels }} {{- end }} +{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}} +app.kubernetes.io/service-name: {{ required "The scheme of the serviceMonitor is not defined!" .Values.service.scheme }} {{- end }} {{/* names */}} diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 67e9a32..406e805 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -109,6 +109,11 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- $initContainers := (include "reposilite.deployment.initContainers" . | fromYaml) }} + {{- if and (hasKey $initContainers "initContainers") (gt (len $initContainers.initContainers) 0) }} + initContainers: + {{- toYaml $initContainers.initContainers | nindent 6 }} + {{- end }} {{- with .Values.deployment.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/templates/podMonitor.yaml b/templates/podMonitor.yaml index ca7c6ba..cd04b2b 100644 --- a/templates/podMonitor.yaml +++ b/templates/podMonitor.yaml @@ -27,13 +27,17 @@ spec: honorLabels: {{ required "The honorLabels option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.honorLabels }} interval: {{ required "The scrape interval of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.interval }} path: {{ required "The metric path of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.path }} - port: "8080" + port: {{ required "The metric port of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.port | quote }} {{- with .Values.prometheus.metrics.podMonitor.relabelings }} relabelings: {{- toYaml . | nindent 6 }} {{- end }} scrapeTimeout: {{ required "The scrape timeout of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.scrapeTimeout }} - scheme: http + scheme: {{ required "The scheme of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.scheme }} + {{- with .Values.prometheus.metrics.podMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 6 }} + {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace }} diff --git a/templates/serviceMonitor.yaml b/templates/serviceMonitor.yaml index f93588e..5f6e027 100644 --- a/templates/serviceMonitor.yaml +++ b/templates/serviceMonitor.yaml @@ -27,13 +27,17 @@ spec: honorLabels: {{ required "The honorLabels option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.honorLabels }} interval: {{ required "The scrape interval of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.interval }} path: {{ required "The metric path of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.path }} + port: {{ required "The port of the serviceMonitor is not defined!" .Values.service.scheme }} {{- with .Values.prometheus.metrics.serviceMonitor.relabelings }} relabelings: {{- toYaml . | nindent 6 }} {{- end }} scrapeTimeout: {{ required "The scrape timeout of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.scrapeTimeout }} - scheme: http - targetPort: 8080 + scheme: {{ required "The scheme of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.scheme }} + {{- with .Values.prometheus.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 6 }} + {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace }} diff --git a/unittests/deployment/configPlugins.yaml b/unittests/deployment/configPlugins.yaml new file mode 100644 index 0000000..f8ccdd3 --- /dev/null +++ b/unittests/deployment/configPlugins.yaml @@ -0,0 +1,42 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: Test reposilite plugins +release: + name: reposilite-unittest + namespace: testing +templates: +- templates/deployment.yaml +- templates/secretPrometheusBasicAuth.yaml +tests: +- it: Test init containers for prometheus + set: + config.plugins.prometheus.enabled: true + config.plugins.prometheus.url: "https://reposilite.com/plugins/prometheus.jar" + deployment.pluginContainer.image.tag: 0.1.0 + asserts: + - contains: + path: spec.template.spec.initContainers + content: + args: + - --location + - --fail + - --max-time + - "60" + - --output-dir + - /app/data/plugins + - --output + - prometheus.jar + - https://reposilite.com/plugins/prometheus.jar + name: download-prometheus-plugin + image: docker.io/curlimages/curl:0.1.0 + volumeMounts: + - mountPath: /app/data/plugins + name: plugins + template: templates/deployment.yaml + - contains: + path: spec.template.spec.volumes + content: + name: plugins + emptyDir: {} + template: templates/deployment.yaml \ No newline at end of file diff --git a/unittests/deployment/deployment.yaml b/unittests/deployment/deployment.yaml index 414ee4f..1e6e5ac 100644 --- a/unittests/deployment/deployment.yaml +++ b/unittests/deployment/deployment.yaml @@ -390,6 +390,19 @@ tests: - name: my-special-secret template: templates/deployment.yaml +- it: Test initContainers + set: + deployment.initContainers: + - name: busybox + image: docker.io/library/busybox:latest + asserts: + - contains: + path: spec.template.spec.initContainers + content: + name: busybox + image: docker.io/library/busybox:latest + template: templates/deployment.yaml + - it: Test nodeSelector set: deployment.nodeSelector: diff --git a/unittests/podMonitors/podMonitor.yaml b/unittests/podMonitors/podMonitor.yaml index f9a9c87..a52edf6 100644 --- a/unittests/podMonitors/podMonitor.yaml +++ b/unittests/podMonitors/podMonitor.yaml @@ -67,7 +67,7 @@ tests: name: reposilite-unittest-basic-auth-credentials - equal: path: spec.podMetricsEndpoints[0].enableHttp2 - value: true + value: false - equal: path: spec.podMetricsEndpoints[0].followRedirects value: false @@ -82,7 +82,7 @@ tests: value: /metrics - equal: path: spec.podMetricsEndpoints[0].port - value: "8080" + value: http - notExists: path: spec.podMetricsEndpoints[0].relabelings - equal: @@ -133,12 +133,14 @@ tests: prometheus.metrics.podMonitor.honorLabels: true prometheus.metrics.podMonitor.interval: "180s" prometheus.metrics.podMonitor.path: "/my-metrics" + prometheus.metrics.podMonitor.port: "8443" prometheus.metrics.podMonitor.relabelings: - sourceLabels: [ container ] separator: ";" regex: "app" replacement: "$1" action: "drop" + prometheus.metrics.podMonitor.scheme: https prometheus.metrics.podMonitor.scrapeTimeout: "5s" asserts: - hasDocuments: @@ -160,7 +162,7 @@ tests: value: /my-metrics - equal: path: spec.podMetricsEndpoints[0].port - value: "8080" + value: "8443" - contains: path: spec.podMetricsEndpoints[0].relabelings content: @@ -174,4 +176,4 @@ tests: value: 5s - equal: path: spec.podMetricsEndpoints[0].scheme - value: http \ No newline at end of file + value: https \ No newline at end of file diff --git a/unittests/serviceMonitors/serviceMonitor.yaml b/unittests/serviceMonitors/serviceMonitor.yaml index f750336..1f8447e 100644 --- a/unittests/serviceMonitors/serviceMonitor.yaml +++ b/unittests/serviceMonitors/serviceMonitor.yaml @@ -68,7 +68,7 @@ tests: name: reposilite-unittest-basic-auth-credentials - equal: path: spec.endpoints[0].enableHttp2 - value: true + value: false - equal: path: spec.endpoints[0].followRedirects value: false @@ -90,8 +90,8 @@ tests: path: spec.endpoints[0].scheme value: http - equal: - path: spec.endpoints[0].targetPort - value: 8080 + path: spec.endpoints[0].port + value: http - contains: path: spec.namespaceSelector.matchNames content: @@ -142,7 +142,8 @@ tests: replacement: "$1" action: "drop" prometheus.metrics.serviceMonitor.scrapeTimeout: "5s" - prometheus.metrics.serviceMonitor.scheme: "http" + prometheus.metrics.serviceMonitor.scheme: "https" + service.scheme: https asserts: - hasDocuments: count: 1 @@ -161,6 +162,9 @@ tests: - equal: path: spec.endpoints[0].path value: /my-metrics + - equal: + path: spec.endpoints[0].port + value: https - contains: path: spec.endpoints[0].relabelings content: @@ -174,4 +178,4 @@ tests: value: 5s - equal: path: spec.endpoints[0].scheme - value: http \ No newline at end of file + value: https \ No newline at end of file diff --git a/unittests/services/service.yaml b/unittests/services/service.yaml index aa7f43c..e904ece 100644 --- a/unittests/services/service.yaml +++ b/unittests/services/service.yaml @@ -24,16 +24,15 @@ tests: kind: Service name: reposilite-unittest namespace: testing - - equal: + - notExists: path: metadata.annotations - value: - app.kubernetes.io/service-name: http - equal: path: metadata.labels value: app.kubernetes.io/instance: reposilite-unittest app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: reposilite + app.kubernetes.io/service-name: http app.kubernetes.io/version: 0.1.0 helm.sh/chart: reposilite-0.1.0 - notExists: @@ -88,6 +87,13 @@ tests: - failedTemplate: errorMessage: No service port defined! +- it: Require scheme. + set: + service.scheme: "" + asserts: + - failedTemplate: + errorMessage: No service scheme defined! + - it: Require sessionAffinity. set: service.sessionAffinity: "" @@ -108,11 +114,11 @@ tests: foo: bar service.labels: bar: foo + service.scheme: https asserts: - equal: path: metadata.annotations value: - app.kubernetes.io/service-name: http foo: bar - equal: path: metadata.labels @@ -120,6 +126,7 @@ tests: app.kubernetes.io/instance: reposilite-unittest app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: reposilite + app.kubernetes.io/service-name: https app.kubernetes.io/version: 0.1.0 helm.sh/chart: reposilite-0.1.0 bar: foo @@ -137,6 +144,7 @@ tests: service.loadBalancerSourceRanges: - "11.12.0.0/17" service.port: 10443 + service.scheme: https service.sessionAffinity: ClientIP service.type: LoadBalancer asserts: @@ -164,6 +172,9 @@ tests: path: spec.loadBalancerSourceRanges value: - "11.12.0.0/17" + - equal: + path: spec.ports[0].name + value: https - equal: path: spec.ports[0].port value: 10443 diff --git a/values.yaml b/values.yaml index a857ac2..d36895b 100644 --- a/values.yaml +++ b/values.yaml @@ -6,6 +6,17 @@ nameOverride: "" fullnameOverride: "" + +## @section Config +config: + plugins: + ## @param config.plugins.prometheus.enabled Download the Prometheus plugin via an additional init container. The Prometheus plugin will automatically enabled, when Prometheus is enabled. + ## @param config.plugins.prometheus.url URL to download the plugin. + prometheus: + enabled: false + url: https://maven.reposilite.com/releases/com/reposilite/plugin/prometheus-plugin/{{ .Chart.AppVersion }}/prometheus-plugin-{{ .Chart.AppVersion }}-all.jar + + ## @section Deployment deployment: ## @param deployment.annotations Additional deployment annotations. @@ -149,6 +160,24 @@ deployment: ## @param deployment.nodeSelector NodeSelector of the Reposilite deployment. nodeSelector: {} + pluginContainer: + ## @param deployment.pluginContainer.args Arguments passed to the plugin container. + args: + - "--location" + - "--fail" + - "--max-time" + - "60" + + ## @param deployment.pluginContainer.image.registry Image registry, eg. `docker.io`. + ## @param deployment.pluginContainer.image.repository Image repository, eg. `curlimages/curl`. + ## @param deployment.pluginContainer.image.tag Custom image tag, eg. `0.1.0`. + ## @param deployment.pluginContainer.image.pullPolicy Image pull policy. + image: + registry: docker.io + repository: curlimages/curl + tag: "8.15.0" + pullPolicy: IfNotPresent + ## @param deployment.priorityClassName PriorityClassName of the Reposilite deployment. priorityClassName: "" @@ -302,6 +331,11 @@ networkPolicy: # - port: 53 # protocol: UDP + ## Allow outgoing HTTP traffic. For example to download maven artifacts from Apache Maven Central or Reposlite plugins from upstream. + # - ports: + # - port: 443 + # protocol: TCP + ingress: [] # Allow incoming HTTP traffic from prometheus. # @@ -315,6 +349,8 @@ networkPolicy: # ports: # - port: http # protocol: TCP + # - port: https + # protocol: TCP # Allow incoming HTTP traffic from ingress-nginx. # @@ -328,6 +364,8 @@ networkPolicy: # ports: # - port: http # protocol: TCP + # - port: https + # protocol: TCP ## @section Persistent Volume Claim @@ -360,11 +398,11 @@ persistentVolumeClaim: prometheus: ## @param prometheus.metrics.enabled Enable of scraping metrics by Prometheus. ## @param prometheus.metrics.basicAuthUsername Username for basic auth. The username and password is required by reposilite to expose metrics. Default: random alpha numeric string. - ## @param prometheus.metrics.enabled Enable of Password for basic auth. The username and password is required by reposilite to expose metrics. Default random alpha numeric string. + ## @param prometheus.metrics.basicAuthPassword Password for basic auth. The username and password is required by reposilite to expose metrics. Default random alpha numeric string. metrics: enabled: false - basicAuthUsername: "my-username" - basicAuthPassword: "my-password" + basicAuthUsername: "" + basicAuthPassword: "" ## @param prometheus.metrics.podMonitor.enabled Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource. ## @param prometheus.metrics.podMonitor.annotations Additional podMonitor annotations. @@ -373,20 +411,27 @@ prometheus: ## @param prometheus.metrics.podMonitor.honorLabels Honor labels. ## @param prometheus.metrics.podMonitor.labels Additional podMonitor labels. ## @param prometheus.metrics.podMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. - ## @param prometheus.metrics.podMonitor.path HTTP path for scraping Prometheus metrics. + ## @param prometheus.metrics.podMonitor.path HTTP path of the Reposilite pod for scraping Prometheus metrics. + ## @param prometheus.metrics.podMonitor.port HTTP port of the Reposilite pod for scraping Prometheus metrics. ## @param prometheus.metrics.podMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. ## @param prometheus.metrics.podMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. + ## @param prometheus.metrics.podMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`. + ## @param prometheus.metrics.podMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus. + ## @skip prometheus.metrics.podMonitor.tlsConfig Skip individual TLS configuration. podMonitor: enabled: false annotations: {} - enableHttp2: true + enableHttp2: false followRedirects: false honorLabels: false labels: {} interval: "60s" path: "/metrics" + port: "http" relabelings: [] scrapeTimeout: "30s" + scheme: "http" + tlsConfig: {} ## @param prometheus.metrics.serviceMonitor.enabled Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource. ## @param prometheus.metrics.serviceMonitor.annotations Additional serviceMonitor annotations. @@ -405,14 +450,15 @@ prometheus: enabled: false annotations: {} labels: {} - enableHttp2: true + enableHttp2: false followRedirects: false honorLabels: false interval: "60s" path: "/metrics" relabelings: [] scrapeTimeout: "30s" - + scheme: "http" + tlsConfig: {} ## @section Service ## @param service.enabled Enable the service. @@ -426,6 +472,7 @@ prometheus: ## @param service.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. ## @param service.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. ## @param service.port Port to forward the traffic to. +## @param service.scheme Name of the service port. This name is also used as scheme / port name of the service monitor resource. ## @param service.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. ## @param service.sessionAffinityConfig Contains the configuration of the session affinity. ## @param service.type Kubernetes service type for the traffic.