Initial Commit
All checks were successful
Helm / helm-unittest (push) Successful in 13s
Helm / helm-lint (push) Successful in 17s
Release / publish-chart (push) Successful in 20s

This commit is contained in:
2025-07-23 18:14:01 +02:00
commit b726409caa
48 changed files with 6058 additions and 0 deletions

12
.editorconfig Normal file
View File

@ -0,0 +1,12 @@
root = true
[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = false
[Makefile]
indent_style = tab

114
.gitea/scripts/add-annotations.sh Executable file
View File

@ -0,0 +1,114 @@
#!/bin/bash
set -e
CHART_FILE="Chart.yaml"
if [ ! -f "${CHART_FILE}" ]; then
echo "ERROR: ${CHART_FILE} not found!" 1>&2
exit 1
fi
DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
if [ -z "${1}" ]; then
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
if [ -z "${OLD_TAG}" ]; then
OLD_TAG="${DEFAULT_OLD_TAG}"
fi
while [ -z "$(git tag --list "${OLD_TAG}")" ]; do
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
if [ -z "${OLD_TAG}" ]; then
OLD_TAG="${DEFAULT_OLD_TAG}"
fi
done
else
OLD_TAG=${1}
if [ -z "$(git tag --list "${OLD_TAG}")" ]; then
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
exit 1
fi
fi
if [ -z "${2}" ]; then
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
if [ -z "${NEW_TAG}" ]; then
NEW_TAG="${DEFAULT_NEW_TAG}"
fi
while [ -z "$(git tag --list "${NEW_TAG}")" ]; do
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
if [ -z "${NEW_TAG}" ]; then
NEW_TAG="${DEFAULT_NEW_TAG}"
fi
done
else
NEW_TAG=${2}
if [ -z "$(git tag --list "${NEW_TAG}")" ]; then
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
exit 1
fi
fi
CHANGE_LOG_YAML=$(mktemp)
echo "[]" > "${CHANGE_LOG_YAML}"
function map_type_to_kind() {
case "${1}" in
feat)
echo "added"
;;
fix)
echo "fixed"
;;
chore|style|test|ci|docs|refac)
echo "changed"
;;
revert)
echo "removed"
;;
sec)
echo "security"
;;
*)
echo "skip"
;;
esac
}
COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")"
echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}"
while IFS= read -r line; do
if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then
TYPE="${BASH_REMATCH[1]}"
KIND=$(map_type_to_kind "${TYPE}")
if [ "${KIND}" == "skip" ]; then
continue
fi
DESC="${BASH_REMATCH[3]}"
echo "- ${KIND}: ${DESC}"
jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new"
mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}"
fi
done <<< "${COMMIT_TITLES}"
if [ -s "${CHANGE_LOG_YAML}" ]; then
yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}"
yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}"
else
echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2
exit 1
fi
rm "${CHANGE_LOG_YAML}"

View File

@ -0,0 +1,32 @@
name: Generate README
on:
pull_request:
paths: [ "README.md", "values.yaml" ]
types: [ "opened", "reopened", "synchronize" ]
push:
branches:
- '**'
paths: [ "README.md", "values.yaml" ]
tags-ignore:
- '**'
workflow_dispatch: {}
jobs:
generate-parameters:
container:
image: docker.io/library/node:24.1.0-alpine
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v4.2.2
- name: Generate parameter section in README
run: |
npm install
npm run readme:parameters
- name: Compare diff
run: git diff --exit-code --name-only README.md

View File

@ -0,0 +1,42 @@
name: Helm
on:
pull_request:
types: [ "opened", "reopened", "synchronize" ]
push:
branches:
- '**'
tags-ignore:
- '**'
workflow_dispatch: {}
jobs:
helm-lint:
container:
image: docker.io/volkerraschek/helm:3.18.2
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v4.2.2
- name: Lint helm files
run: |
helm lint --values values.yaml .
helm-unittest:
container:
image: docker.io/volkerraschek/helm:3.18.2
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v4.2.2
- name: Unittest
run: |
helm unittest --strict --file 'unittests/**/*.yaml' ./

View File

@ -0,0 +1,46 @@
name: Markdown linter
on:
pull_request:
paths: [ "**/*.md" ]
types: [ "opened", "reopened", "synchronize" ]
push:
branches:
- '**'
paths: [ "**/*.md" ]
tags-ignore:
- '**'
workflow_dispatch: {}
jobs:
markdown-link-checker:
container:
image: docker.io/library/node:24.1.0-alpine
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v4.2.2
- name: Verify links in markdown files
run: |
npm install
npm run readme:link
markdown-lint:
container:
image: docker.io/library/node:24.1.0-alpine
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git
- uses: actions/checkout@v4.2.2
- name: Lint markdown files
run: |
npm install
npm run readme:lint

View File

@ -0,0 +1,61 @@
name: Release
on:
push:
tags:
- "**"
jobs:
publish-chart:
container:
image: docker.io/volkerraschek/helm:3.18.2
runs-on: ubuntu-latest
steps:
- name: Install packages via apk
run: |
apk update
apk add git npm jq yq
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Add Artifacthub.io annotations
run: |
NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
- name: Extract meta information
run: |
echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
- name: Update Helm Chart version in README.md
run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md
- name: Package chart
run: |
helm dependency build
helm package --version "${PACKAGE_VERSION}" ./
- name: Upload Chart to ChartMuseum
env:
CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
run: |
helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
helm repo remove chartmuseum
- name: Upload Chart to Gitea
env:
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
GITEA_SERVER_URL: ${{ github.server_url }}
run: |
helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
helm repo remove gitea

6
.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
charts
node_modules
target
values2.yml
values2.yaml
*.tgz

60
.helmignore Normal file
View File

@ -0,0 +1,60 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# drone
.drone.yml
# editorconfig
.editorconfig
# customized values
values2.yml
values2.yaml
# helm packages
*.tgz
.helmignore
unittests
# markdownlint
.markdownlint.yml
.markdownlint.yaml
.markdownlintignore
# npm
.prettierignore
.npmrc
package*
# yamllint
.yamllint.yaml
# Others
CONTRIBUTING.md
CODEOWNERS
Makefile
renovate.json

155
.markdownlint.yaml Normal file
View File

@ -0,0 +1,155 @@
# markdownlint YAML configuration
# https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml
# Default state for all rules
default: true
# Path to configuration file to extend
extends: null
# MD003/heading-style/header-style - Heading style
MD003:
# Heading style
style: "atx"
# MD004/ul-style - Unordered list style
MD004:
style: "dash"
# MD007/ul-indent - Unordered list indentation
MD007:
# Spaces for indent
indent: 2
# Whether to indent the first level of the list
start_indented: false
# MD009/no-trailing-spaces - Trailing spaces
MD009:
# Spaces for line break
br_spaces: 2
# Allow spaces for empty lines in list items
list_item_empty_lines: false
# Include unnecessary breaks
strict: false
# MD010/no-hard-tabs - Hard tabs
MD010:
# Include code blocks
code_blocks: true
# MD012/no-multiple-blanks - Multiple consecutive blank lines
MD012:
# Consecutive blank lines
maximum: 1
# MD013/line-length - Line length
MD013:
# Number of characters
line_length: 120
# Number of characters for headings
heading_line_length: 120
# Number of characters for code blocks
code_block_line_length: 80
# Include code blocks
code_blocks: false
# Include tables
tables: false
# Include headings
headings: true
# Strict length checking
strict: false
# Stern length checking
stern: false
# MD022/blanks-around-headings/blanks-around-headers - Headings should be surrounded by blank lines
MD022:
# Blank lines above heading
lines_above: 1
# Blank lines below heading
lines_below: 1
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
MD024:
# Only check sibling headings
siblings_only: true
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
MD025:
# Heading level
level: 1
# RegExp for matching title in front matter
front_matter_title: "^\\s*title\\s*[:=]"
# MD026/no-trailing-punctuation - Trailing punctuation in heading
MD026:
# Punctuation characters
punctuation: ".,;:!。,;:!"
# MD029/ol-prefix - Ordered list item prefix
MD029:
# List style
style: "one_or_ordered"
# MD030/list-marker-space - Spaces after list markers
MD030:
# Spaces for single-line unordered list items
ul_single: 1
# Spaces for single-line ordered list items
ol_single: 1
# Spaces for multi-line unordered list items
ul_multi: 1
# Spaces for multi-line ordered list items
ol_multi: 1
# MD033/no-inline-html - Inline HTML
MD033:
# Allowed elements
allowed_elements: []
# MD035/hr-style - Horizontal rule style
MD035:
# Horizontal rule style
style: "---"
# MD036/no-emphasis-as-heading/no-emphasis-as-header - Emphasis used instead of a heading
MD036:
# Punctuation characters
punctuation: ".,;:!?。,;:!?"
# MD041/first-line-heading/first-line-h1 - First line in a file should be a top-level heading
MD041:
# Heading level
level: 1
# RegExp for matching title in front matter
front_matter_title: "^\\s*title\\s*[:=]"
# MD044/proper-names - Proper names should have the correct capitalization
MD044:
# List of proper names
names:
- Git
- GitDevOps
- Gitea
- GitHub
- GitLab
- GitOps
- kube-prometheus-stack
- Memcached
- Oracle
- PostgreSQL
- Prometheus
- prometheus-exporter
- SSL
- TLS
# Include code blocks
code_blocks: false
# MD046/code-block-style - Code block style
MD046:
# Block style
style: "fenced"
# MD048/code-fence-style - Code fence style
MD048:
# Code fence syle
style: "backtick"

4
.markdownlintignore Normal file
View File

@ -0,0 +1,4 @@
.github/
Chart.lock
charts/
node_modules/

1
.npmrc Normal file
View File

@ -0,0 +1 @@
engine-strict=true

1
.prettierignore Normal file
View File

@ -0,0 +1 @@
Chart.lock

8
.vscode/extensions.json vendored Normal file
View File

@ -0,0 +1,8 @@
{
"recommendations": [
"DavidAnson.vscode-markdownlint",
"esbenp.prettier-vscode",
"Tim-Koehler.helm-intellisense",
"yzhang.markdown-all-in-one"
]
}

20
.yamllint.yaml Normal file
View File

@ -0,0 +1,20 @@
---
extends: default
ignore: |
.yamllint
node_modules
templates
rules:
truthy:
allowed-values: ['true', 'false']
check-keys: False
level: error
line-length: disable
document-start: disable
comments:
min-spaces-from-content: 1
braces:
max-spaces-inside: 2

1
CODEOWNERS Normal file
View File

@ -0,0 +1 @@
* @volker.raschek

82
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,82 @@
# Contributing
I am very happy if you would like to provide a pull request 👍
The content of this file describes which requirements contributors should fulfill before submitting a pull request (PR).
1. [Valid Git commits](#valid-git-commits)
## Valid Git commits
### Commit message
The repository is subject to a strict commit message template. This states that there are several types of commits. For
example, `fix`, `chore`, `refac`, `test` or `doc`. All types are described in more detail below.
| type | description |
| ------------------- | ----------------------------------------------------------------- |
| `feat` | New feature. |
| `fix` | Fixes a bug. |
| `refac` | Refactoring production code. |
| `style` | Fixes formatting issues. No production code change. |
| `docs` | Adapt documentation. No production code change. |
| `test` | Adds new or modifies existing tests. No production code change. |
| `chore` | Updating grunt tasks. Is everything which the user does not see. |
Based on these types, commit messaged can then be created. Here are a few examples:
```text
style(README): Wrong indentation
feat(deployment): support restartPolicy
fix(my-app): Add missing volume
docs(CONTRIBUTING): Describe how to commit correctly
```
This type of commit message makes it easier for me as maintainer to keep an overview and does not cause the commits of a
pull request PR to be combined into one commit (squashing).
### Smart commits
Smart commits are excellent when it comes to tracking bugs or issues. In this repository, however, the rebasing of
commits is prohibited, which means that only merge commits are possible. This means that a smart commit message only
needs to be added to the merge commit.
This has the advantage that the maintainer can use the smart commit to find the merge commit and undo the entire history
of a merge without having to select individual commits. The following history illustrates the correct use of smart commits.
```text
* 823edbc7 Volker Raschek (G) | [Close #2] feat(deployment): support additional containers
|\
| * 321aebc3 Volker Raschek (G) | doc(README): generate README with new deployment attributes
| * 8d101dd3 Volker Raschek (G) | test(deployment): Extend unittest of additional containers
| * 6f2abd93 Volker Raschek (G) | fix(deployment): Extend deployment of additional containers
|/
* aa5ebda bob (N) | [Close #1] feat(deployment): support initContainers
```
### Commit signing
Another problem with Git is the chain of trust. Git allows the configuration of any name and e-mail address. An attacker
can impersonate any person and submit pull requests under a false identity. For as Linux Torvalds, the maintainer of the
Linux kernel.
```bash
git config --global user.name 'Linux Torvalds'
git config --global user.email 'torvalds@linux-foundation.org'
```
To avoid this, some Git repositories expect signed commits. In particular, repositories that are subject to direct
delivery to customers. For this reason, the repository is subject to a branch protection rule that only allows signed
commits. *Until* there is *no verified* and *no signed* commit, the pull request is blocked.
The following articles describes how Git can be configured to sign commits. Please keep in mind, that the e-mail
address, which is used as UID of the GPG keyring must also be defined in the profile settings of your GitHub account.
Otherwise will be marked the Git commit as *Unverified*.
1. [Signing Commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
2. [Tell Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)
Inspect your Git commit via `git log`. There should be mentioned, that your commit is signed.
Furthermore, the GPG key is unique. **Don't loose your private GPG key**. Backup your private key on a safe device. For
example an external USB drive.

26
Chart.yaml Normal file
View File

@ -0,0 +1,26 @@
annotations:
artifacthub.io/links: |
- name: Reposilite (binary)
url: https://github.com/dzikoysk/reposilite
- name: support
url: https://git.cryptic.systems/volker.raschek/reposilite-charts/issues
apiVersion: v2
appVersion: "3.5.25"
description: |
Lightweight and easy-to-use repository management software
dedicated for the Maven based artifacts in the JVM ecosystem
icon: https://raw.githubusercontent.com/dzikoysk/reposilite/main/reposilite-site/public/images/favicon.png
keywords:
- artifact-repository-manager
- deploy
- gradle
- maven
- reposilite
- repository-manager
- sbt
name: reposilite
sources:
- https://github.com/dzikoysk/reposilite
- https://git.cryptic.systems/volker.raschek/reposilite-charts
type: application
version: "0.1.0"

21
LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2025 Markus Pesch
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

91
Makefile Normal file
View File

@ -0,0 +1,91 @@
# CONTAINER_RUNTIME
CONTAINER_RUNTIME?=$(shell which podman)
# HELM_IMAGE
HELM_IMAGE_REGISTRY_HOST?=docker.io
HELM_IMAGE_REPOSITORY?=volkerraschek/helm
HELM_IMAGE_VERSION?=3.18.2 # renovate: datasource=docker registryUrl=https://registry-nexus.orbis.dedalus.com depName=volkerraschek/helm
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
# NODE_IMAGE
NODE_IMAGE_REGISTRY_HOST?=docker.io
NODE_IMAGE_REPOSITORY?=library/node
NODE_IMAGE_VERSION?=24.1.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
# MISSING DOT
# ==============================================================================
missing-dot:
grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml
# CONTAINER RUN - README
# ==============================================================================
PHONY+=container-run/readme
container-run/readme: container-run/readme/link container-run/readme/lint container-run/readme/parameters
container-run/readme/link:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:link
container-run/readme/lint:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:lint
container-run/readme/parameters:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:parameters
# CONTAINER RUN - HELM UNITTESTS
# ==============================================================================
PHONY+=container-run/helm-unittests
container-run/helm-unittests:
${CONTAINER_RUNTIME} run \
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
unittest --strict --file 'unittests/**/*.yaml' ./
# CONTAINER RUN - HELM UPDATE DEPENDENCIES
# ==============================================================================
PHONY+=container-run/helm-update-dependencies
container-run/helm-update-dependencies:
${CONTAINER_RUNTIME} run \
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
dependency update
# CONTAINER RUN - MARKDOWN-LINT
# ==============================================================================
PHONY+=container-run/helm-lint
container-run/helm-lint:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
lint --values values.yaml .
# PHONY
# ==============================================================================
# Declare the contents of the PHONY variable as phony. We keep that information
# in a variable so we can use it in if_changed.
.PHONY: ${PHONY}

293
README.md Normal file
View File

@ -0,0 +1,293 @@
# Reposilite
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/reposilite)](https://artifacthub.io/packages/search?repo=reposilite)
This helm chart enables the deployment of [Reposilite](https://github.com/dzikoysk/reposilite), a lightweight and
easy-to-use repository management software dedicated for the Maven-based artifacts in the JVM ecosystem.
The helm chart supports the individual configuration of additional containers/initContainers, mounting of volumes,
defining additional environment variables and much more.
Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure helm
and use it to deploy the exporter. It also contains further configuration examples.
Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
helm chart is tested for deployment scenarios with **ArgoCD**.
## Helm: configuration and installation
1. A helm chart repository must be configured, to pull the helm charts from.
2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm
`--set` flag or directly as part of a `values.yaml` file. The following example defines the `reposilite` repository
and use the `--set` flag for a basic deployment.
```bash
helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
helm repo update
helm install reposilite volker.raschek/reposilite
```
Instead of passing all parameters via the *set* flag, it is also possible to define them as part of the `values.yaml`.
The following command downloads the `values.yaml` for a specific version of this chart. Please keep in mind, that the
version of the chart must be in sync with the `values.yaml`. Newer *minor* versions can have new features. New *major*
versions can break something!
```bash
CHART_VERSION=0.1.0
helm show values volker.raschek/reposilite --version "${CHART_VERSION}" > values.yaml
```
A complete list of available helm chart versions can be displayed via the following command:
```bash
helm search repo reposilite --versions
```
The helm chart also contains a persistent volume claim definition. It persistent volume claim is not enabled by default.
Use the `--set` argument to persist your data.
```bash
CHART_VERSION=0.1.0
helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \
persistentVolumeClaim.enabled=true
```
### Examples
The following examples serve as individual configurations and as inspiration for how deployment problems can be solved.
#### TLS encryption
The example describe how to deploy Reposilite with TLS encryption. If Reposilite is deployed behind reverse proxy, for
example an ingress nginx controller, please instruct the ingress to establish an TLS encrypted connection to avoid
connection problems.
> [!WARNING]
> The secret `reposilite-tls` containing the TLS certificate is already present. The keys `ca.crt`, `tls.key` and
> `tls.crt` must be renamed matching the file extension `.pem`. Otherwise throws the used TLS library of Reposilite and
> error.
```bash
CHART_VERSION=0.1.0
helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \
--set 'deployment.reposilite.env[1].name=REPOSILITE_LOCAL_SSLENABLED' \
--set 'deployment.reposilite.env[1].value="true"' \
--set 'deployment.reposilite.env[2].name=REPOSILITE_LOCAL_SSLPORT' \
--set 'deployment.reposilite.env[2].value=8443' \
--set 'deployment.reposilite.env[3].name=REPOSILITE_LOCAL_KEYPATH' \
--set 'deployment.reposilite.env[3].value="/etc/reposilite/tls/cert.pem /etc/reposilite/tls/priv-key.pem"' \
--set 'deployment.reposilite.volumeMounts[0].name=tls' \
--set 'deployment.reposilite.volumeMounts[0].mountPath=/etc/reposilite/tls' \
--set 'deployment.reposilite.volumeMounts[0].readOnly=true' \
--set 'deployment.volumes[0].name=tls' \
--set 'deployment.volumes[0].items[0].key=ca.crt' \
--set 'deployment.volumes[0].items[0].path=ca.pem' \
--set 'deployment.volumes[0].items[1].key=tls.crt' \
--set 'deployment.volumes[0].items[1].path=cert.pem' \
--set 'deployment.volumes[0].items[2].key=tls.key' \
--set 'deployment.volumes[0].items[2].path=priv-key.pem' \
--set 'deployment.volumes[0].secret.secretName=reposilite-tls' \
--set 'service.port=8443'
```
#### TLS certificate rotation
If Reposilite uses TLS certificates that are mounted as a secret in the container file system like the example
[above](#tls-encryption), Reposlite will not automatically apply them when the TLS certificates are rotated. Such a
rotation can be for example triggered, when the [cert-manager](https://cert-manager.io/) issues new TLS certificates
before expiring.
Until Reposilite does not support rotating TLS certificate a workaround can be applied. For example stakater's
[reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update. The following
annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted configMaps
and secrets have been changed.
```yaml
deployment:
annotations:
reloader.stakater.com/auto: "true"
```
Instead of triggering a rolling update for configMap and secret resources, this action can also be defined for
individual items. For example, when the secret named `reposilite-tls` is mounted and the reloader controller should only
listen for changes of this secret:
```yaml
deployment:
annotations:
secret.reloader.stakater.com/reload: "reposilite-tls"
```
### Network policies
Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`.
The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming
traffic from an ingress controller. Additionally one egress rule is defined, to allow the application outgoing access
to the internal running DNS server `core-dns`.
> [!IMPORTANT]
> Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For
> this reason, there is are not default network policy rules defined.
```yaml
networkPolicies:
enabled: true
annotations: {}
labels: {}
policyTypes:
- Egress
- Ingress
egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- port: 53
protocol: TCP
- port: 53
protocol: UDP
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
ports:
- port: http
protocol: TCP
```
## Parameters
### Global
| Name | Description | Value |
| ------------------ | ----------------------------------------- | ----- |
| `nameOverride` | Individual release name suffix. | `""` |
| `fullnameOverride` | Override the complete release name logic. | `""` |
### Deployment
| Name | Description | Value |
| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------- |
| `deployment.annotations` | Additional deployment annotations. | `{}` |
| `deployment.labels` | Additional deployment labels. | `{}` |
| `deployment.additionalContainers` | List of additional containers. | `[]` |
| `deployment.affinity` | Affinity for the Reposilite deployment. | `{}` |
| `deployment.initContainers` | List of additional init containers. | `[]` |
| `deployment.dnsConfig` | dnsConfig of the Reposilite deployment. | `{}` |
| `deployment.dnsPolicy` | dnsPolicy of the Reposilite deployment. | `""` |
| `deployment.hostname` | Individual hostname of the pod. | `""` |
| `deployment.subdomain` | Individual domain of the pod. | `""` |
| `deployment.hostNetwork` | Use the kernel network namespace of the host system. | `false` |
| `deployment.imagePullSecrets` | Secret to use for pulling the image. | `[]` |
| `deployment.reposilite.args` | Arguments passed to the Reposilite container. | `[]` |
| `deployment.reposilite.command` | Command passed to the Reposilite container. | `[]` |
| `deployment.reposilite.env` | List of environment variables for the Reposilite container. | |
| `deployment.reposilite.envFrom` | List of environment variables mounted from configMaps or secrets for the Reposilite container. | `[]` |
| `deployment.reposilite.image.registry` | Image registry, eg. `docker.io`. | `docker.io` |
| `deployment.reposilite.image.repository` | Image repository, eg. `library/busybox`. | `dzikoysk/reposilite` |
| `deployment.reposilite.image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` |
| `deployment.reposilite.image.pullPolicy` | Image pull policy. | `IfNotPresent` |
| `deployment.reposilite.resources` | CPU and memory resources of the pod. | `{}` |
| `deployment.reposilite.securityContext` | Security context of the container of the deployment. | `{}` |
| `deployment.reposilite.volumeMounts` | Additional volume mounts. | `[]` |
| `deployment.nodeSelector` | NodeSelector of the Reposilite deployment. | `{}` |
| `deployment.priorityClassName` | PriorityClassName of the Reposilite deployment. | `""` |
| `deployment.replicas` | Number of replicas for the Reposilite deployment. | `1` |
| `deployment.restartPolicy` | Restart policy of the Reposilite deployment. | `""` |
| `deployment.securityContext` | Security context of the Reposilite deployment. | `{}` |
| `deployment.strategy.type` | Strategy type - `Recreate` or `RollingUpdate`. | `RollingUpdate` |
| `deployment.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` |
| `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` |
| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` |
| `deployment.tolerations` | Tolerations of the Reposilite deployment. | `[]` |
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the Reposilite deployment. | `[]` |
| `deployment.volumes` | Additional volumes to mount into the pods of the prometheus-exporter deployment. | `[]` |
### Horizontal Pod Autoscaler (HPA)
| Name | Description | Value |
| ------------------------ | -------------------------------------------------------------------------------------------------- | ----------- |
| `hpa.enabled` | Enable the horizontal pod autoscaler (HPA). | `false` |
| `hpa.annotations` | Additional annotations for the HPA. | `{}` |
| `hpa.labels` | Additional labels for the HPA. | `{}` |
| `hpa.behavior.scaleDown` | Scaling policy for scaling down. | |
| `hpa.metrics` | Metrics contains the specifications for which to use to calculate the desired replica count. | `undefined` |
| `hpa.minReplicas` | Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down. | `1` |
| `hpa.maxReplicas` | Upper limit for the number of pods that can be set by the autoscaler. | `10` |
### Ingress
| Name | Description | Value |
| --------------------- | ----------------------------------------------------------------------------------------------- | ------- |
| `ingress.enabled` | Enable creation of an ingress resource. Requires, that the http service is also enabled. | `false` |
| `ingress.className` | Ingress class. | `nginx` |
| `ingress.annotations` | Additional ingress annotations. | `{}` |
| `ingress.labels` | Additional ingress labels. | `{}` |
| `ingress.hosts` | Ingress specific configuration. Let ingress controller listen on specific DNS names and path's. | `[]` |
| `ingress.tls` | Ingress specific TLS configuration. Use TLS encryption for specific hostnames. | `[]` |
### Network Policy
| Name | Description | Value |
| --------------------------- | ------------------------------------------------------------------------- | ------- |
| `networkPolicy.enabled` | Enable network policies in general. | `false` |
| `networkPolicy.annotations` | Additional network policy annotations. | `{}` |
| `networkPolicy.labels` | Additional network policy labels. | `{}` |
| `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]` |
| `networkPolicy.egress` | Concrete egress network policy implementation. | `[]` |
| `networkPolicy.ingress` | Concrete ingress network policy implementation. | `[]` |
### Persistent Volume Claim
| Name | Description | Value |
| ---------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- |
| `persistentVolumeClaim.enabled` | Enable persistence in general. | `false` |
| `persistentVolumeClaim.path` | Path where the persistent volume claim should be mounted into the container file system. | `/app/data` |
| `persistentVolumeClaim.existing.enabled` | Enable an existing persistent volume claim. | `false` |
| `persistentVolumeClaim.existing.persistentVolumeClaimName` | Name of the existing persistent volume claim. | `""` |
| `persistentVolumeClaim.new.annotations` | Additional service account annotations. | `{}` |
| `persistentVolumeClaim.new.labels` | Additional service account labels. | `{}` |
| `persistentVolumeClaim.new.accessMode` | Access mode of the persistent volume claim. More information about the access modes are in detail documented [online](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes). | `ReadWriteOnce` |
| `persistentVolumeClaim.new.size` | Size of the persistent volume claim. | `10Gi` |
| `persistentVolumeClaim.new.storageClass` | Custom storage class. Left it empty to use the clusters default storage class. | `""` |
### Service
| Name | Description | Value |
| ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| `service.enabled` | Enable the service. | `true` |
| `service.annotations` | Additional service annotations. | `{}` |
| `service.externalIPs` | External IPs for the service. | `[]` |
| `service.externalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster` |
| `service.internalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | `Cluster` |
| `service.ipFamilies` | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | `[]` |
| `service.labels` | Additional service labels. | `{}` |
| `service.loadBalancerClass` | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | `""` |
| `service.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` |
| `service.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` |
| `service.port` | Port to forward the traffic to. | `8080` |
| `service.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` |
| `service.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` |
| `service.type` | Kubernetes service type for the traffic. | `ClusterIP` |
### ServiceAccount
| Name | Description | Value |
| ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `serviceAccount.existing.enabled` | Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations. | `false` |
| `serviceAccount.existing.serviceAccountName` | Name of the existing service account. | `""` |
| `serviceAccount.new.annotations` | Additional service account annotations. | `{}` |
| `serviceAccount.new.labels` | Additional service account labels. | `{}` |
| `serviceAccount.new.automountServiceAccountToken` | Enable/disable auto mounting of the service account token. | `true` |
| `serviceAccount.new.imagePullSecrets` | ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount. | `[]` |
| `serviceAccount.new.secrets` | Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. | `[]` |

2646
package-lock.json generated Normal file

File diff suppressed because it is too large Load Diff

21
package.json Normal file
View File

@ -0,0 +1,21 @@
{
"name": "reposilite-charts",
"homepage": "https://git.cryptic.systems/volker.raschek/reposilite-charts.git",
"license": "MIT",
"private": true,
"engineStrict": true,
"engines": {
"node": ">=16.0.0",
"npm": ">=8.0.0"
},
"scripts": {
"readme:link": "markdown-link-check *.md",
"readme:lint": "markdownlint *.md -f",
"readme:parameters": "readme-generator -v values.yaml -r README.md"
},
"devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.5.0",
"markdown-link-check": "^3.13.6",
"markdownlint-cli": "^0.45.0"
}
}

68
renovate.json Normal file
View File

@ -0,0 +1,68 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"local>volker.raschek/renovate-config:default#master",
"local>volker.raschek/renovate-config:container#master",
"local>volker.raschek/renovate-config:actions#master",
"local>volker.raschek/renovate-config:npm#master",
"local>volker.raschek/renovate-config:regexp#master"
],
"customManagers": [
{
"fileMatch": [
"^Chart\\.yaml$"
],
"matchStrings": [
"appVersion: \"(?<currentValue>.*?)\"\\s+"
],
"datasourceTemplate": "docker",
"depNameTemplate": "dzikoysk/reposilite",
"lookupNameTemplate": "docker.io/dzikoysk/reposilite",
"versioningTemplate": "semver"
},
{
"fileMatch": ["^README\\.md$"],
"matchStrings": [
"CHART_VERSION=(?<currentValue>.*)"
],
"depNameTemplate": "volker.raschek/reposilite-charts",
"packageNameTemplate": "https://git.cryptic.systems/volker.raschek/reposilite-charts",
"datasourceTemplate": "git-tags",
"versioningTemplate": "semver"
}
],
"packageRules": [
{
"addLabels": [
"renovate/automerge",
"renovate/container"
],
"automerge": true,
"excludePackagePatterns": [
"dzikoysk/reposilite"
],
"matchDatasources": [
"docker"
],
"matchUpdateTypes": [
"minor",
"patch"
]
},
{
"addLabels": [
"renovate/automerge",
"renovate/documentation"
],
"automerge": true,
"matchDepNames": [
"volker.raschek/reposilite-charts"
],
"matchUpdateTypes": [
"major",
"minor",
"patch"
]
}
]
}

58
templates/_common.tpl Normal file
View File

@ -0,0 +1,58 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "reposilite.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "reposilite.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "reposilite.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common annotations
*/}}
{{- define "reposilite.annotations" -}}
{{- end }}
{{/*
Common labels
*/}}
{{- define "reposilite.labels" -}}
helm.sh/chart: {{ include "reposilite.chart" . }}
{{ include "reposilite.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "reposilite.selectorLabels" -}}
app.kubernetes.io/name: {{ include "reposilite.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

75
templates/_deployment.tpl Normal file
View File

@ -0,0 +1,75 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "reposilite.deployment.annotations" -}}
{{ include "reposilite.annotations" . }}
{{- if .Values.deployment.annotations }}
{{ toYaml .Values.deployment.annotations }}
{{- end }}
{{- end }}
{{/* env */}}
{{- define "reposilite.deployment.reposilite.env" -}}
{{- $env := .Values.deployment.reposilite.env | default list }}
{{- if .Values.persistentVolumeClaim.enabled }}
{{- $env = concat $env (list (dict "name" "REPOSILITE_DATA" "value" .Values.persistentVolumeClaim.path )) }}
{{- end }}
{{ toYaml (dict "env" $env) }}
{{- end -}}
REPOSILITE_DATA
{{/* image */}}
{{- define "reposilite.deployment.images.reposilite.fqin" -}}
{{- $registry := .Values.deployment.reposilite.image.registry -}}
{{- $repository := .Values.deployment.reposilite.image.repository -}}
{{- $tag := default .Chart.AppVersion .Values.deployment.reposilite.image.tag -}}
{{- printf "%s/%s:%s" $registry $repository $tag -}}
{{- end -}}
{{/* labels */}}
{{- define "reposilite.deployment.labels" -}}
{{ include "reposilite.labels" . }}
{{- if .Values.deployment.labels }}
{{ toYaml .Values.deployment.labels }}
{{- end }}
{{- end }}
{{/* serviceAccount */}}
{{- define "reposilite.deployment.serviceAccount" -}}
{{- if .Values.serviceAccount.existing.enabled -}}
{{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}}
{{- else -}}
{{- include "reposilite.fullname" . -}}
{{- end -}}
{{- end }}
{{/* volumeMounts */}}
{{- define "reposilite.deployment.reposilite.volumeMounts" -}}
{{- $volumeMounts := .Values.deployment.reposilite.volumeMounts | default list }}
{{- if .Values.persistentVolumeClaim.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistentVolumeClaim.path )) }}
{{- end }}
{{ toYaml (dict "volumeMounts" $volumeMounts) }}
{{- end -}}
{{/* volumes */}}
{{- define "reposilite.deployment.volumes" -}}
{{- $volumes := .Values.deployment.volumes | default list }}
{{- if and .Values.persistentVolumeClaim.enabled (not .Values.persistentVolumeClaim.existing.enabled) }}
{{- $persistentVolumeClaimName := include "reposilite.persistentVolumeClaim.name" $ -}}
{{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $persistentVolumeClaimName))) }}
{{- end }}
{{ toYaml (dict "volumes" $volumes) }}
{{- end -}}

19
templates/_hpa.tpl Normal file
View File

@ -0,0 +1,19 @@
---
{{/* annotations */}}
{{- define "reposilite.hpa.annotations" -}}
{{ include "reposilite.annotations" . }}
{{- if .Values.hpa.annotations }}
{{ toYaml .Values.hpa.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "reposilite.hpa.labels" -}}
{{ include "reposilite.labels" . }}
{{- if .Values.hpa.labels }}
{{ toYaml .Values.hpa.labels }}
{{- end }}
{{- end }}

19
templates/_ingress.tpl Normal file
View File

@ -0,0 +1,19 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "reposilite.ingress.annotations" -}}
{{ include "reposilite.annotations" . }}
{{- if .Values.ingress.annotations }}
{{ toYaml .Values.ingress.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "reposilite.ingress.labels" -}}
{{ include "reposilite.labels" . }}
{{- if .Values.ingress.labels }}
{{ toYaml .Values.ingress.labels }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,19 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "reposilite.networkPolicy.annotations" -}}
{{ include "reposilite.annotations" . }}
{{- if .Values.networkPolicy.annotations }}
{{ toYaml .Values.networkPolicy.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "reposilite.networkPolicy.labels" -}}
{{ include "reposilite.labels" . }}
{{- if .Values.networkPolicy.labels }}
{{ toYaml .Values.networkPolicy.labels }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,25 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "reposilite.persistentVolumeClaim.annotations" -}}
helm.sh/resource-policy: keep
{{- if .Values.persistentVolumeClaim.new.annotations }}
{{ toYaml .Values.persistentVolumeClaim.new.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "reposilite.persistentVolumeClaim.labels" -}}
{{ include "reposilite.labels" . }}
{{- if .Values.persistentVolumeClaim.new.labels }}
{{ toYaml .Values.persistentVolumeClaim.new.labels }}
{{- end }}
{{- end }}
{{/* name */}}
{{- define "reposilite.persistentVolumeClaim.name" -}}
{{ include "reposilite.fullname" . }}
{{- end }}

17
templates/_pod.tpl Normal file
View File

@ -0,0 +1,17 @@
---
{{/* annotations */}}
{{- define "reposilite.pod.annotations" -}}
{{ include "reposilite.annotations" . }}
{{- end }}
{{/* labels */}}
{{- define "reposilite.pod.labels" -}}
{{ include "reposilite.labels" . }}
{{- end }}
{{- define "reposilite.pod.selectorLabels" -}}
{{ include "reposilite.selectorLabels" . }}
{{- end }}

View File

@ -0,0 +1,17 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "reposilite.serviceAccount.annotations" -}}
{{- if .Values.serviceAccount.new.annotations }}
{{ toYaml .Values.serviceAccount.new.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "reposilite.serviceAccount.labels" -}}
{{- if .Values.serviceAccount.new.labels }}
{{ toYaml .Values.serviceAccount.new.labels }}
{{- end }}
{{- end }}

27
templates/_services.tpl Normal file
View File

@ -0,0 +1,27 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "reposilite.service.annotations" -}}
{{ include "reposilite.annotations" . }}
{{- if .Values.service.annotations }}
{{ toYaml .Values.service.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "reposilite.service.labels" -}}
{{ include "reposilite.labels" . }}
{{- if .Values.service.labels }}
{{ toYaml .Values.service.labels }}
{{- end }}
{{- end }}
{{/* names */}}
{{- define "reposilite.service.name" -}}
{{- if .Values.service.enabled -}}
{{ include "reposilite.fullname" . }}
{{- end -}}
{{- end -}}

140
templates/deployment.yaml Normal file
View File

@ -0,0 +1,140 @@
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (include "reposilite.deployment.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "reposilite.deployment.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "reposilite.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
replicas: {{ .Values.deployment.replicas }}
selector:
matchLabels:
{{- include "reposilite.pod.selectorLabels" . | nindent 6 }}
{{- with .Values.deployment.strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}
template:
metadata:
{{- with (include "reposilite.pod.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "reposilite.pod.labels" . | nindent 8 }}
spec:
{{- with .Values.deployment.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- {{- if gt (len .Values.deployment.reposilite.args) 0 }}
args:
{{- range .Values.deployment.reposilite.args }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- if gt (len .Values.deployment.reposilite.command) 0 }}
command:
{{- range .Values.deployment.reposilite.command }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- $env := (include "reposilite.deployment.reposilite.env" . | fromYaml) }}
{{- if and (hasKey $env "env") (gt (len $env.env) 0) }}
env:
{{- toYaml $env.env | nindent 8 }}
{{- end }}
{{- with .Values.deployment.reposilite.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
{{- end }}
image: {{ include "reposilite.deployment.images.reposilite.fqin" . | quote }}
imagePullPolicy: {{ .Values.deployment.reposilite.image.pullPolicy }}
livenessProbe:
tcpSocket:
port: http
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 3
name: reposilite
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
readinessProbe:
tcpSocket:
port: http
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 3
{{- with .Values.deployment.reposilite.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.deployment.reposilite.securityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- $volumeMounts := (include "reposilite.deployment.reposilite.volumeMounts" . | fromYaml) }}
{{- if and (hasKey $volumeMounts "volumeMounts") (gt (len $volumeMounts.volumeMounts) 0) }}
volumeMounts:
{{- toYaml $volumeMounts.volumeMounts | nindent 8 }}
{{- end }}
{{- with .Values.deployment.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.deployment.dnsPolicy }}
dnsPolicy: {{ .Values.deployment.dnsPolicy }}
{{- end }}
{{- if .Values.deployment.hostname }}
hostname: {{ .Values.deployment.hostname }}
{{- end }}
hostNetwork: {{ .Values.deployment.hostNetwork }}
{{- with .Values.deployment.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.deployment.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.deployment.priorityClassName }}
priorityClassName: {{ .Values.deployment.priorityClassName }}
{{- end }}
{{- if .Values.deployment.restartPolicy }}
restartPolicy: {{ .Values.deployment.restartPolicy }}
{{- end }}
{{- with .Values.deployment.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccount: {{ include "reposilite.deployment.serviceAccount" . }}
{{- if .Values.deployment.subdomain }}
subdomain: {{ .Values.deployment.subdomain }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }}
{{- with .Values.deployment.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.deployment.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- $volumes := (include "reposilite.deployment.volumes" . | fromYaml) }}
{{- if and (hasKey $volumes "volumes") (gt (len $volumes.volumes) 0) }}
volumes:
{{- toYaml $volumes.volumes | nindent 6 }}
{{- end }}

29
templates/hpa.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if .Values.hpa.enabled -}}
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
{{- with (include "reposilite.hpa.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "reposilite.hpa.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "reposilite.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- with .Values.hpa.behavior }}
behavior:
{{- toYaml . | nindent 4 }}
{{- end }}
metrics:
{{- toYaml .Values.hpa.metrics | nindent 2 }}
maxReplicas: {{ .Values.hpa.maxReplicas }}
minReplicas: {{ .Values.hpa.minReplicas }}
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "reposilite.fullname" . }}
{{- end -}}

45
templates/ingress.yaml Normal file
View File

@ -0,0 +1,45 @@
{{- if .Values.ingress.enabled -}}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
{{- with (include "reposilite.ingress.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "reposilite.ingress.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "reposilite.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
ingressClassName: {{ .Values.ingress.className }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ include "reposilite.fullname" $ }}
port:
number: {{ $.Values.service.port }}
{{- end }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
secretName: {{ .secretName | quote }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,32 @@
{{- if .Values.networkPolicy.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
{{- with (include "reposilite.networkPolicy.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "reposilite.networkPolicy.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "reposilite.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
podSelector:
matchLabels:
{{- include "reposilite.pod.selectorLabels" $ | nindent 6 }}
{{- with .Values.networkPolicy.policyTypes }}
policyTypes:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.networkPolicy.egress }}
egress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.networkPolicy.ingress }}
ingress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,24 @@
{{- if and .Values.persistentVolumeClaim.enabled (not .Values.persistentVolumeClaim.existing.enabled) -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- with (include "reposilite.persistentVolumeClaim.annotations" . | fromYaml) }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with (include "reposilite.persistentVolumeClaim.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "reposilite.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
accessModes:
- {{ .Values.persistentVolumeClaim.new.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistentVolumeClaim.new.size | quote }}
{{- if .Values.persistentVolumeClaim.new.storageClass }}
storageClassName: {{ .Values.persistentVolumeClaim.new.storageClass | quote }}
{{- end }}
{{- end -}}

57
templates/service.yaml Normal file
View File

@ -0,0 +1,57 @@
{{- if .Values.service.enabled }}
---
apiVersion: v1
kind: Service
metadata:
{{- with (include "reposilite.service.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "reposilite.service.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "reposilite.service.name" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- if not (empty .Values.service.externalIPs) }}
externalIPs:
{{- range .Values.service.externalIPs }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") ) .Values.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
{{- end }}
internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.service.internalTrafficPolicy }}
{{- if .Values.service.ipFamilies }}
ipFamilies:
{{- range .Values.service.ipFamilies }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerClass }}
loadBalancerClass: {{ .Values.service.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if eq .Values.service.type "LoadBalancer" }}
loadBalancerSourceRanges:
{{- range .Values.service.loadBalancerSourceRanges }}
- {{ . }}
{{- end }}
{{- end }}
ports:
- name: http
protocol: TCP
port: {{ required "No service port defined!" .Values.service.port }}
selector:
{{- include "reposilite.pod.selectorLabels" . | nindent 4 }}
sessionAffinity: {{ required "No session affinity defined!" .Values.service.sessionAffinity }}
{{- with .Values.service.sessionAffinityConfig }}
sessionAffinityConfig:
{{- toYaml . | nindent 4}}
{{- end }}
type: {{ required "No service type defined!" .Values.service.type }}
{{- end }}

View File

@ -0,0 +1,25 @@
{{- if not .Values.serviceAccount.existing.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
{{- with (include "reposilite.serviceAccount.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "reposilite.serviceAccount.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "reposilite.fullname" . }}
namespace: {{ .Release.Namespace }}
automountServiceAccountToken: {{ .Values.serviceAccount.new.automountServiceAccountToken }}
{{- with .Values.serviceAccount.new.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.serviceAccount.new.secrets }}
secrets:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,447 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Deployment template
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/deployment.yaml
tests:
- it: Rendering default
set: {}
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: apps/v1
kind: Deployment
name: reposilite-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
- equal:
path: spec.replicas
value: 1
- isSubset:
path: spec.selector.matchLabels
content:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/name: reposilite
- equal:
path: spec.strategy
value:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
- notExists:
path: spec.template.metadata.annotations
value: sadsdf
- equal:
path: spec.template.metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
- notExists:
path: spec.template.spec.affinity
- notExists:
path: spec.template.spec.containers[0].args
- notExists:
path: spec.template.spec.containers[0].command
- contains:
path: spec.template.spec.containers[0].env
content:
name: JAVA_OPTS
value: "-Xmx64M"
- notExists:
path: spec.template.spec.containers[0].envFrom
- equal:
path: spec.template.spec.containers[0].image
value: docker.io/dzikoysk/reposilite:0.1.0
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent
- isSubset:
path: spec.template.spec.containers[0].livenessProbe
content:
tcpSocket:
port: http
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 3
- equal:
path: spec.template.spec.containers[0].name
value: reposilite
- contains:
path: spec.template.spec.containers[0].ports
content:
name: http
containerPort: 8080
protocol: TCP
- isSubset:
path: spec.template.spec.containers[0].readinessProbe
content:
tcpSocket:
port: http
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 3
- notExists:
path: spec.template.spec.containers[0].resources
- notExists:
path: spec.template.spec.containers[0].securityContext
- notExists:
path: spec.template.spec.containers[0].volumeMounts
- notExists:
path: spec.template.spec.dnsConfig
- notExists:
path: spec.template.spec.dnsPolicy
- notExists:
path: spec.template.spec.hostname
- equal:
path: spec.template.spec.hostNetwork
value: false
- notExists:
path: spec.template.spec.imagePullSecrets
- notExists:
path: spec.template.spec.initContainers
- notExists:
path: spec.template.spec.nodeSelector
- notExists:
path: spec.template.spec.priorityClassName
- notExists:
path: spec.template.spec.restartPolicy
- notExists:
path: spec.template.spec.subdomain
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 60
- notExists:
path: spec.template.spec.tolerations
- notExists:
path: spec.template.spec.topologySpreadConstraints
- notExists:
path: spec.template.spec.volumes
- it: Test custom replicas
set:
deployment.replicas: 3
asserts:
- equal:
path: spec.replicas
value: 3
- it: Test custom strategy
set:
deployment.strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 10
maxUnavailable: 5
asserts:
- equal:
path: spec.strategy
value:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 10
maxUnavailable: 5
- it: Test custom affinity
set:
deployment.affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: topology.kubernetes.io/zone
operator: In
values:
- antarctica-east1
- antarctica-west1
asserts:
- equal:
path: spec.template.spec.affinity
value:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: topology.kubernetes.io/zone
operator: In
values:
- antarctica-east1
- antarctica-west1
- it: Test additional arguments
set:
deployment.reposilite.args:
- "--foo=bar"
- "--bar=foo"
asserts:
- equal:
path: spec.template.spec.containers[0].args
value:
- --foo=bar
- --bar=foo
- it: Test additional commands
set:
deployment.reposilite.command:
- "/bin/bash"
asserts:
- equal:
path: spec.template.spec.containers[0].command
value:
- /bin/bash
- it: Test custom imageRegistry and imageRepository
set:
deployment.reposilite.image.registry: registry.example.local
deployment.reposilite.image.repository: path/special/reposilite
deployment.reposilite.image.tag: 2.0.0
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: registry.example.local/path/special/reposilite:2.0.0
- it: Test custom imagePullPolicy
set:
deployment.reposilite.image.pullPolicy: Always
asserts:
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: Always
- it: Test custom port
set:
service.port: 8443
asserts:
- contains:
path: spec.template.spec.containers[0].ports
content:
name: http
containerPort: 8443
protocol: TCP
- it: Test custom resources
set:
deployment.reposilite.resources:
limits:
cpu: 100m
memory: 250MB
requests:
cpu: 25m
memory: 100MB
asserts:
- equal:
path: spec.template.spec.containers[0].resources
value:
limits:
cpu: 100m
memory: 250MB
requests:
cpu: 25m
memory: 100MB
- it: Test custom securityContext
set:
deployment.reposilite.securityContext:
capabilities:
add:
- NET_RAW
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
capabilities:
add:
- NET_RAW
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
- it: Test custom volumeMounts
set:
deployment.reposilite.volumeMounts:
- name: data
mountPath: /usr/lib/data
asserts:
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /usr/lib/data
- it: Test dnsConfig
set:
deployment.dnsConfig:
nameservers:
- "8.8.8.8"
- "8.8.4.4"
asserts:
- equal:
path: spec.template.spec.dnsConfig
value:
nameservers:
- "8.8.8.8"
- "8.8.4.4"
- it: Test dnsPolicy
set:
deployment.dnsPolicy: ClusterFirst
asserts:
- equal:
path: spec.template.spec.dnsPolicy
value: ClusterFirst
- it: Test hostNetwork, hostname, subdomain
set:
deployment.hostNetwork: true
deployment.hostname: pg-exporter
deployment.subdomain: exporters.internal
asserts:
- equal:
path: spec.template.spec.hostNetwork
value: true
- equal:
path: spec.template.spec.hostname
value: pg-exporter
- equal:
path: spec.template.spec.subdomain
value: exporters.internal
- it: Test imagePullSecrets
set:
deployment.imagePullSecrets:
- name: my-pull-secret
- name: my-special-secret
asserts:
- equal:
path: spec.template.spec.imagePullSecrets
value:
- name: my-pull-secret
- name: my-special-secret
- it: Test nodeSelector
set:
deployment.nodeSelector:
foo: bar
asserts:
- equal:
path: spec.template.spec.nodeSelector
value:
foo: bar
- it: Test priorityClassName
set:
deployment.priorityClassName: my-priority
asserts:
- equal:
path: spec.template.spec.priorityClassName
value: my-priority
- it: Test restartPolicy
set:
deployment.restartPolicy: Always
asserts:
- equal:
path: spec.template.spec.restartPolicy
value: Always
- it: Test custom securityContext
set:
deployment.securityContext:
fsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
asserts:
- equal:
path: spec.template.spec.securityContext
value:
fsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
- it: Test terminationGracePeriodSeconds
set:
deployment.terminationGracePeriodSeconds: 120
asserts:
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 120
- it: Test tolerations
set:
deployment.tolerations:
- key: hdd/type
operator: Equal
value: ssd
effect: NoSchedule
asserts:
- equal:
path: spec.template.spec.tolerations
value:
- key: hdd/type
operator: Equal
value: ssd
effect: NoSchedule
- it: Test topologySpreadConstraints
set:
deployment.topologySpreadConstraints:
- topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: reposilite
asserts:
- equal:
path: spec.template.spec.topologySpreadConstraints
value:
- topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: reposilite
- it: Test additional volumes
set:
deployment.volumes:
- name: data
hostPath:
path: /usr/lib/data
asserts:
- equal:
path: spec.template.spec.volumes
value:
- name: data
hostPath:
path: /usr/lib/data

View File

@ -0,0 +1,52 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Mount persistent volume claim
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/deployment.yaml
tests:
- it: Rendering default volumes and volumeMounts with persistent volume claim
set:
persistentVolumeClaim.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: REPOSILITE_DATA
value: /app/data
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /app/data
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: reposilite-unittest
- it: Rendering custom volumes and volumeMounts with persistent volume claim
set:
persistentVolumeClaim.enabled: true
persistentVolumeClaim.path: /usr/lib/reposilite/data
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: REPOSILITE_DATA
value: /usr/lib/reposilite/data
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /usr/lib/reposilite/data
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: reposilite-unittest

152
unittests/hpa/hpa.yaml Normal file
View File

@ -0,0 +1,152 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: HPA template
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/hpa.yaml
tests:
- it: Skip rendering by default.
asserts:
- hasDocuments:
count: 0
- it: Rendering when enabled - default
set:
hpa.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
name: reposilite-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
- isSubset:
path: spec.behavior
content:
scaleDown:
policies:
- type: Pods
value: 1
periodSeconds: 60
stabilizationWindowSeconds: 300
- lengthEqual:
path: spec.metrics
count: 2
- contains:
path: spec.metrics
content:
resource:
name: cpu
target:
averageUtilization: 65
type: Utilization
type: Resource
- contains:
path: spec.metrics
content:
resource:
name: memory
target:
averageUtilization: 65
type: Utilization
type: Resource
- equal:
path: spec.maxReplicas
value: 10
- equal:
path: spec.minReplicas
value: 1
- equal:
path: spec.scaleTargetRef
value:
apiVersion: apps/v1
kind: Deployment
name: reposilite-unittest
- it: Rendering when enabled - custom values
set:
hpa.enabled: true
hpa.annotations:
foo: bar
hpa.labels:
bar: foo
hpa.maxReplicas: 25
hpa.minReplicas: 5
hpa.metrics:
- resource:
name: cpu
target:
averageUtilization: 60
type: Utilization
type: Resource
- resource:
name: memory
target:
averageUtilization: 60
type: Utilization
type: Resource
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
name: reposilite-unittest
namespace: testing
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
bar: foo
helm.sh/chart: reposilite-0.1.0
- contains:
path: spec.metrics
content:
resource:
name: cpu
target:
averageUtilization: 60
type: Utilization
type: Resource
- contains:
path: spec.metrics
content:
resource:
name: memory
target:
averageUtilization: 60
type: Utilization
type: Resource
- equal:
path: spec.maxReplicas
value: 25
- equal:
path: spec.minReplicas
value: 5
- equal:
path: spec.scaleTargetRef
value:
apiVersion: apps/v1
kind: Deployment
name: reposilite-unittest

110
unittests/ingress/http.yaml Normal file
View File

@ -0,0 +1,110 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Ingress HTTP template
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/ingress.yaml
tests:
- it: Skip rendering when disabled
set:
ingress.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Rendering default values
set:
ingress.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: Ingress
name: reposilite-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
- equal:
path: spec.ingressClassName
value: nginx
- isNullOrEmpty:
path: spec.rules
- notExists:
path: spec.tls
- it: Render custom annotations and labels
set:
ingress.annotations:
foo: bar
ingress.enabled: true
ingress.labels:
foo: bar
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
foo: bar
helm.sh/chart: reposilite-0.1.0
- it: Render custom HTTP path and TLS
set:
ingress.enabled: true
ingress.hosts:
- host: reposilite.example.local
paths:
- path: /
pathType: Prefix
ingress.tls:
- secretName: reposilite-http-tls
hosts:
- reposilite.example.local
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: Ingress
name: reposilite-unittest
namespace: testing
- equal:
path: spec.ingressClassName
value: nginx
- contains:
path: spec.rules
content:
host: reposilite.example.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: reposilite-unittest
port:
number: 8080
- contains:
path: spec.tls
content:
hosts:
- reposilite.example.local
secretName: reposilite-http-tls

View File

@ -0,0 +1,98 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: NetworkPolicy template
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/networkPolicy.yaml
tests:
- it: Skip rendering networkPolicy
set:
networkPolicy.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Render default networkPolicy
set:
networkPolicy.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
name: reposilite-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
- equal:
path: spec.podSelector.matchLabels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/name: reposilite
- notExists:
path: spec.policyTypes
- notExists:
path: spec.egress
- notExists:
path: spec.ingress
- it: Template networkPolicy with policyTypes, egress and ingress configuration
set:
networkPolicy.enabled: true
networkPolicy.policyTypes:
- Egress
- Ingress
networkPolicy.ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: monitoring
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
networkPolicy.egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
asserts:
- equal:
path: spec.policyTypes
value:
- Egress
- Ingress
- equal:
path: spec.egress
value:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
- equal:
path: spec.ingress
value:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: monitoring
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus

View File

@ -0,0 +1,97 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: PersistentVolumeClaim template
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/persistentVolumeClaim.yaml
tests:
- it: Skip rendering persistentVolumeClaim, when it's disabled in general
set:
persistentVolumeClaim.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering persistentVolumeClaim, when using an existing persistentVolumeClaim
set:
persistentVolumeClaim.enabled: true
persistentVolumeClaim.existing.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Render default persistentVolumeClaim
set:
persistentVolumeClaim.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: PersistentVolumeClaim
name: reposilite-unittest
namespace: testing
- equal:
path: metadata.annotations
value:
helm.sh/resource-policy: keep
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
- contains:
path: spec.accessModes
content:
ReadWriteOnce
- equal:
path: spec.resources.requests.storage
value: 10Gi
- it: Test custom annotations and labels
set:
persistentVolumeClaim.enabled: true
persistentVolumeClaim.new.annotations:
foo: bar
persistentVolumeClaim.new.labels:
foo: bar
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
helm.sh/resource-policy: keep
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
foo: bar
helm.sh/chart: reposilite-0.1.0
- it: Test custom access mode
set:
persistentVolumeClaim.enabled: true
persistentVolumeClaim.new.accessMode: ReadWriteMany
asserts:
- contains:
path: spec.accessModes
content:
ReadWriteMany
- it: Test custom size
set:
persistentVolumeClaim.enabled: true
persistentVolumeClaim.new.size: 50Gi
asserts:
- equal:
path: spec.resources.requests.storage
value: 50Gi

View File

@ -0,0 +1,79 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ServiceAccount reposilite template
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/serviceAccount.yaml
tests:
- it: Skip rendering.
set:
serviceAccount.existing.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering serviceAccount with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ServiceAccount
name: reposilite-unittest
namespace: testing
- notExists:
path: metadata.annotations
- notExists:
path: metadata.labels
- equal:
path: automountServiceAccountToken
value: true
- notExists:
path: imagePullSecrets
- notExists:
path: secrets
- it: Rendering serviceAccount with custom values.
set:
serviceAccount.new.annotations:
foo: bar
serviceAccount.new.labels:
bar: foo
serviceAccount.new.automountServiceAccountToken: false
serviceAccount.new.imagePullSecrets:
- name: "my-pull-secret"
serviceAccount.new.secrets:
- name: "my-secret"
namespace: "my-namespace"
fieldPath: "my-path"
asserts:
- hasDocuments:
count: 1
- exists:
path: metadata.annotations
value:
foo: bar
- exists:
path: metadata.labels
value:
bar: foo
- equal:
path: metadata.name
value: reposilite-unittest
- equal:
path: automountServiceAccountToken
value: false
- equal:
path: imagePullSecrets
value:
- name: "my-pull-secret"
- equal:
path: secrets
value:
- name: "my-secret"
namespace: "my-namespace"
fieldPath: "my-path"

View File

@ -0,0 +1,172 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Service http template
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/service.yaml
tests:
- it: Skip service when disabled.
set:
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Rendering service with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Service
name: reposilite-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
- notExists:
path: spec.externalIPs
- notExists:
path: spec.externalTrafficPolicy
- equal:
path: spec.internalTrafficPolicy
value: Cluster
- notExists:
path: spec.ipFamilies
- notExists:
path: spec.loadBalancerClass
- notExists:
path: spec.loadBalancerIP
- notExists:
path: spec.loadBalancerSourceRanges
- equal:
path: spec.ports[0].name
value: http
- equal:
path: spec.ports[0].protocol
value: TCP
- equal:
path: spec.ports[0].port
value: 8080
- equal:
path: spec.selector
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/name: reposilite
- equal:
path: spec.sessionAffinity
value: None
- notExists:
path: spec.sessionAffinityConfig
- equal:
path: spec.type
value: ClusterIP
- it: Require internalTrafficPolicy.
set:
service.internalTrafficPolicy: ""
asserts:
- failedTemplate:
errorMessage: No internal traffic policy defined!
- it: Require port.
set:
service.port: ""
asserts:
- failedTemplate:
errorMessage: No service port defined!
- it: Require sessionAffinity.
set:
service.sessionAffinity: ""
asserts:
- failedTemplate:
errorMessage: No session affinity defined!
- it: Require service type.
set:
service.type: ""
asserts:
- failedTemplate:
errorMessage: No service type defined!
- it: Render service with custom annotations and labels.
set:
service.annotations:
foo: bar
service.labels:
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
bar: foo
- it: Change defaults
set:
service.externalIPs:
- "10.11.12.13/32"
service.externalTrafficPolicy: Local
service.internalTrafficPolicy: Local
service.ipFamilies:
- IPv4
service.loadBalancerClass: aws
service.loadBalancerIP: "11.12.13.14"
service.loadBalancerSourceRanges:
- "11.12.0.0/17"
service.port: 10443
service.sessionAffinity: ClientIP
service.type: LoadBalancer
asserts:
- equal:
path: spec.externalIPs
value:
- 10.11.12.13/32
- equal:
path: spec.externalTrafficPolicy
value: Local
- equal:
path: spec.internalTrafficPolicy
value: Local
- equal:
path: spec.ipFamilies
value:
- IPv4
- equal:
path: spec.loadBalancerClass
value: aws
- equal:
path: spec.loadBalancerIP
value: "11.12.13.14"
- equal:
path: spec.loadBalancerSourceRanges
value:
- "11.12.0.0/17"
- equal:
path: spec.ports[0].port
value: 10443
- equal:
path: spec.sessionAffinity
value: ClientIP
- equal:
path: spec.type
value: LoadBalancer

412
values.yaml Normal file
View File

@ -0,0 +1,412 @@
# Declare variables to be passed into your templates.
## @section Global
## @param nameOverride Individual release name suffix.
## @param fullnameOverride Override the complete release name logic.
nameOverride: ""
fullnameOverride: ""
## @section Deployment
deployment:
## @param deployment.annotations Additional deployment annotations.
## @param deployment.labels Additional deployment labels.
annotations: {}
labels: {}
## @param deployment.additionalContainers List of additional containers.
additionalContainers: []
# - command: [ "sh", "-c", "echo hello world" ]
# image: "docker.io/library/busybox:latest"
# name: side-car
## @param deployment.affinity Affinity for the Reposilite deployment.
affinity: {}
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/os
# operator: In
# values:
# - linux
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 20
# preference:
# matchExpressions:
# - key: kubernetes.io/arch
# operator: In
# values:
# - amd64
## @param deployment.initContainers List of additional init containers.
initContainers: []
# - command: [ "sh", "-c", "echo hello world" ]
# image: "docker.io/library/busybox:latest"
# name: init
## @param deployment.dnsConfig dnsConfig of the Reposilite deployment.
dnsConfig: {}
# nameservers:
# - 192.0.2.1 # this is an example
# searches:
# - ns1.svc.cluster-domain.example
# - my.dns.search.suffix
# options:
# - name: ndots
# value: "2"
# - name: edns0
## @param deployment.dnsPolicy dnsPolicy of the Reposilite deployment.
dnsPolicy: ""
## @param deployment.hostname Individual hostname of the pod.
## @param deployment.subdomain Individual domain of the pod.
hostname: ""
subdomain: ""
## @param deployment.hostNetwork Use the kernel network namespace of the host system.
hostNetwork: false
## @param deployment.imagePullSecrets Secret to use for pulling the image.
imagePullSecrets: []
# - name: "my-custom-secret"
reposilite:
## @param deployment.reposilite.args Arguments passed to the Reposilite container.
args: []
# - "-c"
# - "echo HelloWorld"
## @param deployment.reposilite.command Command passed to the Reposilite container.
command: []
# - "/bin/bash"
## @extra deployment.reposilite.env List of environment variables for the Reposilite container.
## @skip deployment.reposilite.env[0].name JAVA_OPTS: Environment variable to define custom java options.
## @skip deployment.reposilite.env[0].value Set custom java options. Use `-Xmx64M` to reduce the heap of the JVM.
env:
- name: JAVA_OPTS
value: "-Xmx64M"
# - name: SPECIAL_ENV_A
# value: special-key
# - name: SPECIAL_ENV
# valueFrom:
# configMapKeyRef:
# name: special-config
# key: special-key
# - name: SPECIAL_ENV
# valueFrom:
# secretKeyRef:
# name: special-secret
# key: special-key
## @param deployment.reposilite.envFrom List of environment variables mounted from configMaps or secrets for the Reposilite container.
envFrom: []
# - configMapRef:
# name: special-config
# - secretRef:
# name: special-secret
## @param deployment.reposilite.image.registry Image registry, eg. `docker.io`.
## @param deployment.reposilite.image.repository Image repository, eg. `library/busybox`.
## @param deployment.reposilite.image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`.
## @param deployment.reposilite.image.pullPolicy Image pull policy.
image:
registry: docker.io
repository: dzikoysk/reposilite
tag: ""
pullPolicy: IfNotPresent
## @param deployment.reposilite.resources CPU and memory resources of the pod.
resources: {}
# limits:
# cpu:
# ephemeral-storage:
# memory:
# requests:
# cpu:
# ephemeral-storage:
# memory:
## @param deployment.reposilite.securityContext Security context of the container of the deployment.
securityContext: {}
# capabilities:
# add:
# - NET_RAW
# drop:
# - ALL
# privileged: false
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
## @param deployment.reposilite.volumeMounts Additional volume mounts.
volumeMounts: []
# - name: my-configmap-volume
# mountPath: /configmap
# readOnly: true
## @param deployment.nodeSelector NodeSelector of the Reposilite deployment.
nodeSelector: {}
## @param deployment.priorityClassName PriorityClassName of the Reposilite deployment.
priorityClassName: ""
## @param deployment.replicas Number of replicas for the Reposilite deployment.
replicas: 1
## @param deployment.restartPolicy Restart policy of the Reposilite deployment.
restartPolicy: ""
## @param deployment.securityContext Security context of the Reposilite deployment.
securityContext: {}
# fsGroup: 2000
## @param deployment.strategy.type Strategy type - `Recreate` or `RollingUpdate`.
## @param deployment.strategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update.
## @param deployment.strategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update.
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod.
terminationGracePeriodSeconds: 60
## @param deployment.tolerations Tolerations of the Reposilite deployment.
tolerations: []
# - key: host.kubernetes.io/ssd
# operator: Equal
# value: "true"
# effect: NoSchedule
## @param deployment.topologySpreadConstraints TopologySpreadConstraints of the Reposilite deployment.
topologySpreadConstraints: []
# - topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/instance: prometheus-reposilite
## @param deployment.volumes Additional volumes to mount into the pods of the prometheus-exporter deployment.
volumes: []
# - name: my-configmap-volume
# config:
# name: my-configmap
# - name: my-secret-volume
# secret:
# secretName: my-secret
## @section Horizontal Pod Autoscaler (HPA)
# In order for the HPA to function successfully, a metric server is required, especially for resource consumption. The
# metric server enables the CPU and memory utilisation to be recorded. If such a metric server is not available, the HPA
# cannot scale pods based on CPU or memory utilisation. Further information be be found here:
# https://github.com/kubernetes-sigs/metrics-server#deployment
hpa:
## @param hpa.enabled Enable the horizontal pod autoscaler (HPA).
## @param hpa.annotations Additional annotations for the HPA.
## @param hpa.labels Additional labels for the HPA.
## @extra hpa.behavior.scaleDown Scaling policy for scaling down.
## @skip hpa.behavior.scaleDown.policies Skip individual scale down policies.
## @skip hpa.behavior.scaleDown.stabilizationWindowSeconds Skip individual stabilizationWindowSeconds.
## @param hpa.metrics Metrics contains the specifications for which to use to calculate the desired replica count.
## @skip hpa.metrics Skip individual HPA metric configurations.
## @param hpa.minReplicas Min replicas is the lower limit for the number of replicas to which the autoscaler can scale down.
## @param hpa.maxReplicas Upper limit for the number of pods that can be set by the autoscaler.
enabled: false
annotations: {}
labels: {}
behavior:
scaleDown:
policies:
- type: Pods
value: 1
periodSeconds: 60
stabilizationWindowSeconds: 300
metrics:
- resource:
name: cpu
target:
averageUtilization: 65
type: Utilization
type: Resource
- resource:
name: memory
target:
averageUtilization: 65
type: Utilization
type: Resource
minReplicas: 1
maxReplicas: 10
## @section Ingress
ingress:
## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled.
## @param ingress.className Ingress class.
## @param ingress.annotations Additional ingress annotations.
## @param ingress.labels Additional ingress labels.
enabled: false
className: "nginx"
annotations: {}
labels: {}
## @param ingress.hosts Ingress specific configuration. Let ingress controller listen on specific DNS names and path's.
## @skip ingress.hosts Skip individual host configuration.
hosts: []
# - host: reposilite.example.local
# paths:
# - path: /
# pathType: Prefix
## @param ingress.tls Ingress specific TLS configuration. Use TLS encryption for specific hostnames.
## @skip ingress.tls Skip individual TLS configuration.
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
## @section Network Policy
networkPolicy:
## @param networkPolicy.enabled Enable network policies in general.
## @param networkPolicy.annotations Additional network policy annotations.
## @param networkPolicy.labels Additional network policy labels.
## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
## @param networkPolicy.egress Concrete egress network policy implementation.
## @skip networkPolicy.egress Skip individual egress configuration.
## @param networkPolicy.ingress Concrete ingress network policy implementation.
## @skip networkPolicy.ingress Skip individual ingress configuration.
enabled: false
annotations: {}
labels: {}
policyTypes: []
# - Egress
# - Ingress
egress: []
# Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
#
# - to:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: kube-system
# podSelector:
# matchLabels:
# k8s-app: kube-dns
# ports:
# - port: 53
# protocol: TCP
# - port: 53
# protocol: UDP
ingress: []
# Allow incoming HTTP traffic from prometheus.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: monitoring
# podSelector:
# matchLabels:
# app.kubernetes.io/name: prometheus
# ports:
# - port: http
# protocol: TCP
# Allow incoming HTTP traffic from ingress-nginx.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: ingress-nginx
# podSelector:
# matchLabels:
# app.kubernetes.io/name: ingress-nginx
# ports:
# - port: http
# protocol: TCP
## @section Persistent Volume Claim
persistentVolumeClaim:
## @param persistentVolumeClaim.enabled Enable persistence in general.
## @param persistentVolumeClaim.path Path where the persistent volume claim should be mounted into the container file system.
enabled: false
path: /app/data
## @param persistentVolumeClaim.existing.enabled Enable an existing persistent volume claim.
## @param persistentVolumeClaim.existing.persistentVolumeClaimName Name of the existing persistent volume claim.
existing:
enabled: false
persistentVolumeClaimName: ""
## @param persistentVolumeClaim.new.annotations Additional service account annotations.
## @param persistentVolumeClaim.new.labels Additional service account labels.
## @param persistentVolumeClaim.new.accessMode Access mode of the persistent volume claim. More information about the access modes are in detail documented [online](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes).
## @param persistentVolumeClaim.new.size Size of the persistent volume claim.
## @param persistentVolumeClaim.new.storageClass Custom storage class. Left it empty to use the clusters default storage class.
new:
annotations: {}
labels: {}
accessMode: ReadWriteOnce
size: 10Gi
storageClass: ""
## @section Service
## @param service.enabled Enable the service.
## @param service.annotations Additional service annotations.
## @param service.externalIPs External IPs for the service.
## @param service.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation.
## @param service.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic.
## @param service.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization.
## @param service.labels Additional service labels.
## @param service.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`.
## @param service.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.
## @param service.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.
## @param service.port Port to forward the traffic to.
## @param service.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.
## @param service.sessionAffinityConfig Contains the configuration of the session affinity.
## @param service.type Kubernetes service type for the traffic.
service:
enabled: true
annotations: {}
externalIPs: []
externalTrafficPolicy: "Cluster"
internalTrafficPolicy: "Cluster"
ipFamilies: []
labels: {}
loadBalancerClass: ""
loadBalancerIP: ""
loadBalancerSourceRanges: []
port: 8080
sessionAffinity: "None"
sessionAffinityConfig: {}
type: "ClusterIP"
## @section ServiceAccount
serviceAccount:
## @param serviceAccount.existing.enabled Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations.
## @param serviceAccount.existing.serviceAccountName Name of the existing service account.
existing:
enabled: false
serviceAccountName: ""
## @param serviceAccount.new.annotations Additional service account annotations.
## @param serviceAccount.new.labels Additional service account labels.
## @param serviceAccount.new.automountServiceAccountToken Enable/disable auto mounting of the service account token.
## @param serviceAccount.new.imagePullSecrets ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount.
## @param serviceAccount.new.secrets Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.
new:
annotations: {}
labels: {}
automountServiceAccountToken: true
imagePullSecrets: []
# - name: "my-image-pull-secret"
secrets: []
# - name: "my-secret"
# namespace: "my-namespace"
# fieldPath: "my-field"