You've already forked reposilite-charts
							
							Compare commits
	
		
			40 Commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 0dd267a0df | |||
| d790cd3ec4 | |||
| d2c329e1be | |||
| db5e38cef1 | |||
| 1fe7bc604e | |||
| fa43188e03 | |||
| 99ed88068a | |||
| 95fd713da6 | |||
| 671a635627 | |||
| 13fbb0ecc0 | |||
| 8835a8cde1 | |||
| 7d479fe629 | |||
| edacc04893 | |||
| 3c64ebfef4 | |||
| 15d2c31512 | |||
| 93ef09b878 | |||
| b5368314d6 | |||
| 60643bdaf4 | |||
| e3880f5f00 | |||
| a20f370eaf | |||
| d6de6ce37a | |||
| 334a8b877b | |||
| ba1fd42cfc | |||
| 70faa1ff8f | |||
| d7d5bc4dae | |||
| a3f1ab1850 | |||
| c4919a6bfc | |||
| 6ca6f583d3 | |||
| 0d10fb2cdc | |||
| a373c49e2a | |||
| 633d4f1bfd | |||
| cc201633de | |||
| 64c20379a2 | |||
| 98ec01a217 | |||
| 796c257d0a | |||
| 387547e813 | |||
| e16a1ff2ed | |||
| c8d8efeae3 | |||
| 2a7d111525 | |||
| 64de0eb8ea | 
| @@ -15,7 +15,7 @@ on: | ||||
| jobs: | ||||
|   generate-parameters: | ||||
|     container: | ||||
|       image: docker.io/library/node:24.8.0-alpine | ||||
|       image: docker.io/library/node:24.10.0-alpine | ||||
|     runs-on: | ||||
|     - ubuntu-latest | ||||
|     steps: | ||||
|   | ||||
| @@ -13,7 +13,7 @@ on: | ||||
| jobs: | ||||
|   helm-lint: | ||||
|     container: | ||||
|       image: docker.io/volkerraschek/helm:3.18.5 | ||||
|       image: docker.io/volkerraschek/helm:3.19.0 | ||||
|     runs-on: | ||||
|     - ubuntu-latest | ||||
|     steps: | ||||
| @@ -28,7 +28,7 @@ jobs: | ||||
|  | ||||
|   helm-unittest: | ||||
|     container: | ||||
|       image: docker.io/volkerraschek/helm:3.18.5 | ||||
|       image: docker.io/volkerraschek/helm:3.19.0 | ||||
|     runs-on: | ||||
|     - ubuntu-latest | ||||
|     steps: | ||||
|   | ||||
| @@ -15,7 +15,7 @@ on: | ||||
| jobs: | ||||
|   markdown-link-checker: | ||||
|     container: | ||||
|       image: docker.io/library/node:24.8.0-alpine | ||||
|       image: docker.io/library/node:24.10.0-alpine | ||||
|     runs-on: | ||||
|     - ubuntu-latest | ||||
|     steps: | ||||
| @@ -31,7 +31,7 @@ jobs: | ||||
|  | ||||
|   markdown-lint: | ||||
|     container: | ||||
|       image: docker.io/library/node:24.8.0-alpine | ||||
|       image: docker.io/library/node:24.10.0-alpine | ||||
|     runs-on: | ||||
|     - ubuntu-latest | ||||
|     steps: | ||||
|   | ||||
| @@ -8,7 +8,7 @@ on: | ||||
| jobs: | ||||
|   publish-chart: | ||||
|     container: | ||||
|       image: docker.io/volkerraschek/helm:3.18.5 | ||||
|       image: docker.io/volkerraschek/helm:3.19.0 | ||||
|     runs-on: ubuntu-latest | ||||
|     steps: | ||||
|       - name: Install packages via apk | ||||
|   | ||||
							
								
								
									
										8
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| { | ||||
|   "yaml.schemas": { | ||||
|     "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.2/schema/helm-testsuite.json": [ | ||||
|       "/unittests/**/*.yaml" | ||||
|     ] | ||||
|   }, | ||||
|   "yaml.schemaStore.enable": true | ||||
| } | ||||
| @@ -5,7 +5,7 @@ annotations: | ||||
|     - name: support | ||||
|       url: https://git.cryptic.systems/volker.raschek/reposilite-charts/issues | ||||
| apiVersion: v2 | ||||
| appVersion: "3.5.25" | ||||
| appVersion: "3.5.26" | ||||
| description: | | ||||
|   Lightweight and easy-to-use repository management software | ||||
|   dedicated for the Maven based artifacts in the JVM ecosystem | ||||
|   | ||||
							
								
								
									
										19
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										19
									
								
								Makefile
									
									
									
									
									
								
							| @@ -4,13 +4,13 @@ CONTAINER_RUNTIME?=$(shell which podman) | ||||
| # HELM_IMAGE | ||||
| HELM_IMAGE_REGISTRY_HOST?=docker.io | ||||
| HELM_IMAGE_REPOSITORY?=volkerraschek/helm | ||||
| HELM_IMAGE_VERSION?=3.18.2 # renovate: datasource=docker registryUrl=https://registry-nexus.orbis.dedalus.com depName=volkerraschek/helm | ||||
| HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm | ||||
| HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION} | ||||
|  | ||||
| # NODE_IMAGE | ||||
| NODE_IMAGE_REGISTRY_HOST?=docker.io | ||||
| NODE_IMAGE_REPOSITORY?=library/node | ||||
| NODE_IMAGE_VERSION?=24.8.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node | ||||
| NODE_IMAGE_VERSION?=24.10.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node | ||||
| NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION} | ||||
|  | ||||
| # MISSING DOT | ||||
| @@ -18,6 +18,19 @@ NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}: | ||||
| missing-dot: | ||||
| 	grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml | ||||
|  | ||||
| # README | ||||
| # ============================================================================== | ||||
| readme: readme/link readme/lint readme/parameters | ||||
|  | ||||
| readme/link: | ||||
| 	npm install && npm run readme:link | ||||
|  | ||||
| readme/lint: | ||||
| 	npm install && npm run readme:lint | ||||
|  | ||||
| readme/parameters: | ||||
| 	npm install && npm run readme:parameters | ||||
|  | ||||
| # CONTAINER RUN - README | ||||
| # ============================================================================== | ||||
| PHONY+=container-run/readme | ||||
| @@ -88,4 +101,4 @@ container-run/helm-lint: | ||||
| # ============================================================================== | ||||
| # Declare the contents of the PHONY variable as phony. We keep that information | ||||
| # in a variable so we can use it in if_changed. | ||||
| .PHONY: ${PHONY} | ||||
| .PHONY: ${PHONY} | ||||
|   | ||||
							
								
								
									
										147
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										147
									
								
								README.md
									
									
									
									
									
								
							| @@ -37,7 +37,7 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi | ||||
| versions can break something! | ||||
|  | ||||
| ```bash | ||||
| CHART_VERSION=0.1.3 | ||||
| CHART_VERSION=0.3.0 | ||||
| helm show values volker.raschek/reposilite --version "${CHART_VERSION}" > values.yaml | ||||
| ``` | ||||
|  | ||||
| @@ -51,7 +51,7 @@ The helm chart also contains a persistent volume claim definition. It persistent | ||||
| Use the `--set` argument to persist your data. | ||||
|  | ||||
| ```bash | ||||
| CHART_VERSION=0.1.3 | ||||
| CHART_VERSION=0.3.0 | ||||
| helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \ | ||||
|   persistentVolumeClaim.enabled=true | ||||
| ``` | ||||
| @@ -72,7 +72,7 @@ connection problems. | ||||
| > error. | ||||
|  | ||||
| ```bash | ||||
| CHART_VERSION=0.1.3 | ||||
| CHART_VERSION=0.3.0 | ||||
| helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \ | ||||
|   --set 'deployment.reposilite.env[1].name=REPOSILITE_LOCAL_SSLENABLED' \ | ||||
|   --set 'deployment.reposilite.env[1].value="true"' \ | ||||
| @@ -122,6 +122,20 @@ deployment: | ||||
|     secret.reloader.stakater.com/reload: "reposilite-tls" | ||||
| ``` | ||||
|  | ||||
| If the application is rolled out using ArgoCD, a rolling update from stakater's | ||||
| [reloader](https://github.com/stakater/Reloader) can lead to a drift. ArgoCD will attempt to restore the original state | ||||
| with a rolling update. To avoid this, instead of a rolling update triggered by the reloader, a restart of the pod can be | ||||
| initiated. Further information are available in the official | ||||
| [README](https://github.com/stakater/Reloader?tab=readme-ov-file#4-%EF%B8%8F-workload-specific-rollout-strategy) of | ||||
| stakater's reloader. | ||||
|  | ||||
| ```diff | ||||
|   deployment: | ||||
|     annotations: | ||||
|       reloader.stakater.com/auto: "true" | ||||
| +     reloader.stakater.com/rollout-strategy: "restart" | ||||
| ``` | ||||
|  | ||||
| #### Network policies | ||||
|  | ||||
| Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom | ||||
| @@ -187,13 +201,62 @@ be set the credentials manually. | ||||
| The following example enable Prometheus metrics with custom basic auth credentials: | ||||
|  | ||||
| ```bash | ||||
| CHART_VERSION=0.1.3 | ||||
| CHART_VERSION=0.3.0 | ||||
| helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \ | ||||
|   --set 'prometheus.metrics.enabled=true' \ | ||||
|   --set 'prometheus.metrics.basicAuthUsername=my-username' \ | ||||
|   --set 'prometheus.metrics.basicAuthUsername=my-password' | ||||
| ``` | ||||
|  | ||||
| ## ArgoCD | ||||
|  | ||||
| ### Example Application | ||||
|  | ||||
| An application resource for the Helm chart is defined below. It serves as an example for your own deployment. | ||||
|  | ||||
| ```yaml | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| spec: | ||||
|   destination: | ||||
|     server: https://kubernetes.default.svc | ||||
|     namespace: reposilite | ||||
|   ignoreDifferences: | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     # When HPA is enabled, ensure that a modification of the replicas does not lead to a | ||||
|     # drift. | ||||
|       - '.spec.replicas' | ||||
|     # Ensure that changes of the annotations or environment variables added or modified by | ||||
|     # stakater's reloader does not lead to a drift. | ||||
|     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("reloader")))' | ||||
|     - '.spec.template.spec.containers[].env[] | select(.name | startswith("STAKATER_"))' | ||||
|   sources: | ||||
|   - repoURL: https://charts.cryptic.systems/volker.raschek | ||||
|     chart: reposilite | ||||
|     targetRevision: '0.*' | ||||
|     helm: | ||||
|       valueFiles: | ||||
|       - $values/values.yaml | ||||
|       releaseName: reposilite | ||||
|   syncPolicy: | ||||
|     automated: | ||||
|       prune: true | ||||
|       selfHeal: true | ||||
|     managedNamespaceMetadata: | ||||
|       annotations: {} | ||||
|       labels: {} | ||||
|     syncOptions: | ||||
|     - ApplyOutOfSyncOnly=true | ||||
|     - CreateNamespace=true | ||||
|     - FailOnSharedResource=false | ||||
|     - Replace=false | ||||
|     - RespectIgnoreDifferences=false | ||||
|     - ServerSideApply=true | ||||
|     - Validate=true | ||||
| ``` | ||||
|  | ||||
| ## Parameters | ||||
|  | ||||
| ### Global | ||||
| @@ -205,10 +268,10 @@ helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \ | ||||
|  | ||||
| ### Config | ||||
|  | ||||
| | Name                                | Description                                                                                                                                    | Value                                                                                                                   | | ||||
| | ----------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | | ||||
| | `config.plugins.prometheus.enabled` | Download the Prometheus plugin via an additional init container. The Prometheus plugin will automatically enabled, when Prometheus is enabled. | `false`                                                                                                                 | | ||||
| | `config.plugins.prometheus.url`     | URL to download the plugin.                                                                                                                    | `https://maven.reposilite.com/releases/com/reposilite/plugin/prometheus-plugin/3.5.25/prometheus-plugin-3.5.25-all.jar` | | ||||
| | Name                                | Description                                                                                                                                    | Value                                                                                                                                                     | | ||||
| | ----------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||||
| | `config.plugins.prometheus.enabled` | Download the Prometheus plugin via an additional init container. The Prometheus plugin will automatically enabled, when Prometheus is enabled. | `false`                                                                                                                                                   | | ||||
| | `config.plugins.prometheus.url`     | URL to download the plugin.                                                                                                                    | `https://maven.reposilite.com/releases/com/reposilite/plugin/prometheus-plugin/{{ .Chart.AppVersion }}/prometheus-plugin-{{ .Chart.AppVersion }}-all.jar` | | ||||
|  | ||||
| ### Deployment | ||||
|  | ||||
| @@ -240,7 +303,7 @@ helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \ | ||||
| | `deployment.pluginContainer.args`                  | Arguments passed to the plugin container.                                                                  | `["--location","--fail","--max-time","60"]` | | ||||
| | `deployment.pluginContainer.image.registry`        | Image registry, eg. `docker.io`.                                                                           | `docker.io`                                 | | ||||
| | `deployment.pluginContainer.image.repository`      | Image repository, eg. `curlimages/curl`.                                                                   | `curlimages/curl`                           | | ||||
| | `deployment.pluginContainer.image.tag`             | Custom image tag, eg. `0.1.0`.                                                                             | `8.15.0`                                    | | ||||
| | `deployment.pluginContainer.image.tag`             | Custom image tag, eg. `0.1.0`.                                                                             | `8.16.0`                                    | | ||||
| | `deployment.pluginContainer.image.pullPolicy`      | Image pull policy.                                                                                         | `IfNotPresent`                              | | ||||
| | `deployment.priorityClassName`                     | PriorityClassName of the Reposilite deployment.                                                            | `""`                                        | | ||||
| | `deployment.replicas`                              | Number of replicas for the Reposilite deployment.                                                          | `1`                                         | | ||||
| @@ -304,36 +367,42 @@ helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \ | ||||
|  | ||||
| ### Prometheus | ||||
|  | ||||
| | Name                                                | Description                                                                                                                                  | Value      | | ||||
| | --------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | | ||||
| | `prometheus.metrics.enabled`                        | Enable of scraping metrics by Prometheus.                                                                                                    | `false`    | | ||||
| | `prometheus.metrics.basicAuthUsername`              | Username for basic auth. The username and password is required by reposilite to expose metrics. Default: random alpha numeric string.        | `""`       | | ||||
| | `prometheus.metrics.basicAuthPassword`              | Password for basic auth. The username and password is required by reposilite to expose metrics. Default random alpha numeric string.         | `""`       | | ||||
| | `prometheus.metrics.podMonitor.enabled`             | Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource.                                                        | `false`    | | ||||
| | `prometheus.metrics.podMonitor.annotations`         | Additional podMonitor annotations.                                                                                                           | `{}`       | | ||||
| | `prometheus.metrics.podMonitor.enableHttp2`         | Enable HTTP2.                                                                                                                                | `false`    | | ||||
| | `prometheus.metrics.podMonitor.followRedirects`     | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.                                                                | `false`    | | ||||
| | `prometheus.metrics.podMonitor.honorLabels`         | Honor labels.                                                                                                                                | `false`    | | ||||
| | `prometheus.metrics.podMonitor.labels`              | Additional podMonitor labels.                                                                                                                | `{}`       | | ||||
| | `prometheus.metrics.podMonitor.interval`            | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.                                    | `60s`      | | ||||
| | `prometheus.metrics.podMonitor.path`                | HTTP path of the Reposilite pod for scraping Prometheus metrics.                                                                             | `/metrics` | | ||||
| | `prometheus.metrics.podMonitor.port`                | HTTP port of the Reposilite pod for scraping Prometheus metrics.                                                                             | `http`     | | ||||
| | `prometheus.metrics.podMonitor.relabelings`         | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]`       | | ||||
| | `prometheus.metrics.podMonitor.scrapeTimeout`       | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.                                         | `30s`      | | ||||
| | `prometheus.metrics.podMonitor.scheme`              | HTTP scheme to use for scraping. For example `http` or `https`.                                                                              | `http`     | | ||||
| | `prometheus.metrics.podMonitor.tlsConfig`           | TLS configuration to use when scraping the metric endpoint by Prometheus.                                                                    | `{}`       | | ||||
| | `prometheus.metrics.serviceMonitor.enabled`         | Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource.                                                        | `false`    | | ||||
| | `prometheus.metrics.serviceMonitor.annotations`     | Additional serviceMonitor annotations.                                                                                                       | `{}`       | | ||||
| | `prometheus.metrics.serviceMonitor.labels`          | Additional serviceMonitor labels.                                                                                                            | `{}`       | | ||||
| | `prometheus.metrics.serviceMonitor.enableHttp2`     | Enable HTTP2.                                                                                                                                | `false`    | | ||||
| | `prometheus.metrics.serviceMonitor.followRedirects` | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.                                                                | `false`    | | ||||
| | `prometheus.metrics.serviceMonitor.honorLabels`     | Honor labels.                                                                                                                                | `false`    | | ||||
| | `prometheus.metrics.serviceMonitor.interval`        | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.                                    | `60s`      | | ||||
| | `prometheus.metrics.serviceMonitor.path`            | HTTP path for scraping Prometheus metrics.                                                                                                   | `/metrics` | | ||||
| | `prometheus.metrics.serviceMonitor.relabelings`     | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]`       | | ||||
| | `prometheus.metrics.serviceMonitor.scrapeTimeout`   | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.                                         | `30s`      | | ||||
| | `prometheus.metrics.serviceMonitor.scheme`          | HTTP scheme to use for scraping. For example `http` or `https`.                                                                              | `http`     | | ||||
| | `prometheus.metrics.serviceMonitor.tlsConfig`       | TLS configuration to use when scraping the metric endpoint by Prometheus.                                                                    | `{}`       | | ||||
| | Name                                                      | Description                                                                                                                                  | Value      | | ||||
| | --------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | | ||||
| | `prometheus.metrics.enabled`                              | Enable of scraping metrics by Prometheus.                                                                                                    | `false`    | | ||||
| | `prometheus.metrics.secret.existing.enabled`              | Use an existing secret containing the basic auth credentials.                                                                                | `false`    | | ||||
| | `prometheus.metrics.secret.existing.secretName`           | Name of the secret containing the basic auth credentials.                                                                                    | `""`       | | ||||
| | `prometheus.metrics.secret.existing.basicAuthUsernameKey` | Name of the key in the secret that contains the username for basic auth.                                                                     | `""`       | | ||||
| | `prometheus.metrics.secret.existing.basicAuthPasswordKey` | Name of the key in the secret that contains the password for basic auth.                                                                     | `""`       | | ||||
| | `prometheus.metrics.secret.new.annotations`               | Additional secret annotations.                                                                                                               | `{}`       | | ||||
| | `prometheus.metrics.secret.new.labels`                    | Additional secret labels.                                                                                                                    | `{}`       | | ||||
| | `prometheus.metrics.secret.new.basicAuthUsername`         | Username for basic auth. The username and password is required by reposilite to expose metrics. Default: random alpha numeric string.        | `""`       | | ||||
| | `prometheus.metrics.secret.new.basicAuthPassword`         | Password for basic auth. The username and password is required by reposilite to expose metrics. Default random alpha numeric string.         | `""`       | | ||||
| | `prometheus.metrics.podMonitor.enabled`                   | Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource.                                                        | `false`    | | ||||
| | `prometheus.metrics.podMonitor.annotations`               | Additional podMonitor annotations.                                                                                                           | `{}`       | | ||||
| | `prometheus.metrics.podMonitor.enableHttp2`               | Enable HTTP2.                                                                                                                                | `false`    | | ||||
| | `prometheus.metrics.podMonitor.followRedirects`           | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.                                                                | `false`    | | ||||
| | `prometheus.metrics.podMonitor.honorLabels`               | Honor labels.                                                                                                                                | `false`    | | ||||
| | `prometheus.metrics.podMonitor.labels`                    | Additional podMonitor labels.                                                                                                                | `{}`       | | ||||
| | `prometheus.metrics.podMonitor.interval`                  | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.                                    | `60s`      | | ||||
| | `prometheus.metrics.podMonitor.path`                      | HTTP path of the Reposilite pod for scraping Prometheus metrics.                                                                             | `/metrics` | | ||||
| | `prometheus.metrics.podMonitor.port`                      | HTTP port of the Reposilite pod for scraping Prometheus metrics.                                                                             | `http`     | | ||||
| | `prometheus.metrics.podMonitor.relabelings`               | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]`       | | ||||
| | `prometheus.metrics.podMonitor.scrapeTimeout`             | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.                                         | `30s`      | | ||||
| | `prometheus.metrics.podMonitor.scheme`                    | HTTP scheme to use for scraping. For example `http` or `https`.                                                                              | `http`     | | ||||
| | `prometheus.metrics.podMonitor.tlsConfig`                 | TLS configuration to use when scraping the metric endpoint by Prometheus.                                                                    | `{}`       | | ||||
| | `prometheus.metrics.serviceMonitor.enabled`               | Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource.                                                        | `false`    | | ||||
| | `prometheus.metrics.serviceMonitor.annotations`           | Additional serviceMonitor annotations.                                                                                                       | `{}`       | | ||||
| | `prometheus.metrics.serviceMonitor.labels`                | Additional serviceMonitor labels.                                                                                                            | `{}`       | | ||||
| | `prometheus.metrics.serviceMonitor.enableHttp2`           | Enable HTTP2.                                                                                                                                | `false`    | | ||||
| | `prometheus.metrics.serviceMonitor.followRedirects`       | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.                                                                | `false`    | | ||||
| | `prometheus.metrics.serviceMonitor.honorLabels`           | Honor labels.                                                                                                                                | `false`    | | ||||
| | `prometheus.metrics.serviceMonitor.interval`              | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.                                    | `60s`      | | ||||
| | `prometheus.metrics.serviceMonitor.path`                  | HTTP path for scraping Prometheus metrics.                                                                                                   | `/metrics` | | ||||
| | `prometheus.metrics.serviceMonitor.relabelings`           | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]`       | | ||||
| | `prometheus.metrics.serviceMonitor.scrapeTimeout`         | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.                                         | `30s`      | | ||||
| | `prometheus.metrics.serviceMonitor.scheme`                | HTTP scheme to use for scraping. For example `http` or `https`.                                                                              | `http`     | | ||||
| | `prometheus.metrics.serviceMonitor.tlsConfig`             | TLS configuration to use when scraping the metric endpoint by Prometheus.                                                                    | `{}`       | | ||||
|  | ||||
| ### Service | ||||
|  | ||||
|   | ||||
							
								
								
									
										26
									
								
								package-lock.json
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										26
									
								
								package-lock.json
									
									
									
										generated
									
									
									
								
							| @@ -1078,9 +1078,9 @@ | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/link-check": { | ||||
|       "version": "5.4.0", | ||||
|       "resolved": "https://registry.npmjs.org/link-check/-/link-check-5.4.0.tgz", | ||||
|       "integrity": "sha512-0Pf4xBVUnwJdbDgpBlhHNmWDtbVjHTpIFs+JaBuIsC9PKRxjv4KMGCO2Gc8lkVnqMf9B/yaNY+9zmMlO5MyToQ==", | ||||
|       "version": "5.5.0", | ||||
|       "resolved": "https://registry.npmjs.org/link-check/-/link-check-5.5.0.tgz", | ||||
|       "integrity": "sha512-CpMk2zMfyEMdDvFG92wO5pU/2I/wbw72/9pvUFhU9cDKkwhmVlPuvxQJzd/jXA2iVOgNgPLnS5zyOLW7OzNpdA==", | ||||
|       "dev": true, | ||||
|       "license": "ISC", | ||||
|       "dependencies": { | ||||
| @@ -1137,16 +1137,16 @@ | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/markdown-link-check": { | ||||
|       "version": "3.13.7", | ||||
|       "resolved": "https://registry.npmjs.org/markdown-link-check/-/markdown-link-check-3.13.7.tgz", | ||||
|       "integrity": "sha512-Btn3HU8s2Uyh1ZfzmyZEkp64zp2+RAjwfQt1u4swq2Xa6w37OW0T2inQZrkSNVxDSa2jSN2YYhw/JkAp5jF1PQ==", | ||||
|       "version": "3.14.1", | ||||
|       "resolved": "https://registry.npmjs.org/markdown-link-check/-/markdown-link-check-3.14.1.tgz", | ||||
|       "integrity": "sha512-h1tihNL3kmOS3N7H4FyF4xKDxiHnNBNSgs/LWlDiRHlC8O0vfRX0LhDDvesRSs4HM7nS0F658glLxonaXBmuWw==", | ||||
|       "dev": true, | ||||
|       "license": "ISC", | ||||
|       "dependencies": { | ||||
|         "async": "^3.2.6", | ||||
|         "chalk": "^5.3.0", | ||||
|         "commander": "^13.1.0", | ||||
|         "link-check": "^5.4.0", | ||||
|         "commander": "^14.0.0", | ||||
|         "link-check": "^5.5.0", | ||||
|         "markdown-link-extractor": "^4.0.2", | ||||
|         "needle": "^3.3.1", | ||||
|         "progress": "^2.0.3", | ||||
| @@ -1157,6 +1157,16 @@ | ||||
|         "markdown-link-check": "markdown-link-check" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/markdown-link-check/node_modules/commander": { | ||||
|       "version": "14.0.1", | ||||
|       "resolved": "https://registry.npmjs.org/commander/-/commander-14.0.1.tgz", | ||||
|       "integrity": "sha512-2JkV3gUZUVrbNA+1sjBOYLsMZ5cEEl8GTFP2a4AVz5hvasAMCQ1D2l2le/cX+pV4N6ZU17zjUahLpIXRrnWL8A==", | ||||
|       "dev": true, | ||||
|       "license": "MIT", | ||||
|       "engines": { | ||||
|         "node": ">=20" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/markdown-link-extractor": { | ||||
|       "version": "4.0.2", | ||||
|       "resolved": "https://registry.npmjs.org/markdown-link-extractor/-/markdown-link-extractor-4.0.2.tgz", | ||||
|   | ||||
| @@ -9,6 +9,7 @@ | ||||
|   ], | ||||
|   "customManagers": [ | ||||
|     { | ||||
|       "customType": "regex", | ||||
|       "fileMatch": [ | ||||
|         "^Chart\\.yaml$" | ||||
|       ], | ||||
| @@ -21,7 +22,10 @@ | ||||
|       "versioningTemplate": "semver" | ||||
|     }, | ||||
|     { | ||||
|       "fileMatch": ["^README\\.md$"], | ||||
|       "customType": "regex", | ||||
|       "fileMatch": [ | ||||
|         "^README\\.md$" | ||||
|       ], | ||||
|       "matchStrings": [ | ||||
|         "CHART_VERSION=(?<currentValue>.*)" | ||||
|       ], | ||||
| @@ -29,9 +33,47 @@ | ||||
|       "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/reposilite-charts", | ||||
|       "datasourceTemplate": "git-tags", | ||||
|       "versioningTemplate": "semver" | ||||
|     }, | ||||
|     { | ||||
|       "customType": "regex", | ||||
|       "datasourceTemplate": "github-releases", | ||||
|       "fileMatch": [ | ||||
|         ".vscode/settings\\.json$" | ||||
|       ], | ||||
|       "matchStrings": [ | ||||
|         "https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json" | ||||
|       ] | ||||
|     } | ||||
|   ], | ||||
|   "packageRules": [ | ||||
|     { | ||||
|       "groupName": "Update docker.io/volkerraschek/helm", | ||||
|       "matchDepNames": [ | ||||
|         "docker.io/volkerraschek/helm", | ||||
|         "volkerraschek/helm" | ||||
|       ] | ||||
|     }, | ||||
|     { | ||||
|       "automerge": true, | ||||
|       "groupName": "Update helm plugin 'unittest'", | ||||
|       "matchDepNames": [ | ||||
|         "helm-unittest/helm-unittest" | ||||
|       ], | ||||
|       "matchDatasources": [ | ||||
|         "github-releases" | ||||
|       ], | ||||
|       "matchUpdateTypes": [ | ||||
|         "minor", | ||||
|         "patch" | ||||
|       ] | ||||
|     }, | ||||
|     { | ||||
|       "groupName": "Update docker.io/library/node", | ||||
|       "matchDepNames": [ | ||||
|         "docker.io/library/node", | ||||
|         "library/node" | ||||
|       ] | ||||
|     }, | ||||
|     { | ||||
|       "addLabels": [ | ||||
|         "renovate/automerge", | ||||
| @@ -64,5 +106,16 @@ | ||||
|         "patch" | ||||
|       ] | ||||
|     } | ||||
|   ] | ||||
| } | ||||
|   ], | ||||
|   "postUpgradeTasks": { | ||||
|     "commands": [ | ||||
|       "install-tool node", | ||||
|       "make readme" | ||||
|     ], | ||||
|     "fileFilters": [ | ||||
|       "README.md", | ||||
|       "values.yaml" | ||||
|     ], | ||||
|     "executionMode": "update" | ||||
|   } | ||||
| } | ||||
| @@ -27,8 +27,8 @@ | ||||
| {{- end }} | ||||
|  | ||||
| {{- if or (eq (include "reposilite.podMonitor.enabled" $ ) "true") (eq (include "reposilite.serviceMonitor.enabled" $ ) "true") -}} | ||||
| {{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_USER" "valueFrom" (dict "secretKeyRef" (dict "name" (include "reposilite.secrets.prometheusBasicAuth.name" $) "key" "username")))) }} | ||||
| {{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_PASSWORD" "valueFrom" (dict "secretKeyRef" (dict "name" (include "reposilite.secrets.prometheusBasicAuth.name" $) "key" "password")))) }} | ||||
| {{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_USER" "valueFrom" (dict "secretKeyRef" (dict "name" (include "reposilite.secrets.prometheusBasicAuth.name" $) "key" (include "reposilite.secrets.prometheusBasicAuth.usernameKey" $))))) }} | ||||
| {{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_PASSWORD" "valueFrom" (dict "secretKeyRef" (dict "name" (include "reposilite.secrets.prometheusBasicAuth.name" $) "key" (include "reposilite.secrets.prometheusBasicAuth.passwordKey" $))))) }} | ||||
| {{- end }} | ||||
|  | ||||
| {{ toYaml (dict "env" $env) }} | ||||
|   | ||||
| @@ -4,7 +4,7 @@ | ||||
|  | ||||
| {{- define "reposilite.pod.annotations" -}} | ||||
| {{ include "reposilite.annotations" . }} | ||||
| {{- if .Values.prometheus.metrics.enabled -}} | ||||
| {{- if and .Values.prometheus.metrics.enabled (not .Values.prometheus.metrics.secret.existing.enabled) -}} | ||||
| {{- printf "checksum/secret-%s: %s" (include "reposilite.secrets.prometheusBasicAuth.name" $) (include (print $.Template.BasePath "/secretPrometheusBasicAuth.yaml") . | sha256sum) }} | ||||
| {{- end -}} | ||||
| {{- end }} | ||||
|   | ||||
| @@ -4,16 +4,50 @@ | ||||
|  | ||||
| {{- define "reposilite.secrets.prometheusBasicAuth.annotations" -}} | ||||
| {{ include "reposilite.annotations" . }} | ||||
| {{- if .Values.prometheus.metrics.secret.new.annotations }} | ||||
| {{ toYaml .Values.prometheus.metrics.secret.new.annotations }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* labels */}} | ||||
|  | ||||
| {{- define "reposilite.secrets.prometheusBasicAuth.labels" -}} | ||||
| {{ include "reposilite.labels" . }} | ||||
| {{- if .Values.prometheus.metrics.secret.new.labels }} | ||||
| {{ toYaml .Values.prometheus.metrics.secret.new.labels }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* names */}} | ||||
|  | ||||
| {{- define "reposilite.secrets.prometheusBasicAuth.name" -}} | ||||
| {{ include "reposilite.fullname" . }}-basic-auth-credentials | ||||
| {{- end -}} | ||||
| {{- if and .Values.prometheus.metrics.secret.existing.enabled (gt (len .Values.prometheus.metrics.secret.existing.secretName) 0) }} | ||||
| {{- print .Values.prometheus.metrics.secret.existing.secretName -}} | ||||
| {{- else if and .Values.prometheus.metrics.secret.existing.enabled (eq (len .Values.prometheus.metrics.secret.existing.secretName) 0) }} | ||||
| {{ fail "Name of the existing secret that contains the credentials for basic auth is not defined!" }} | ||||
| {{- else if not .Values.prometheus.metrics.secret.existing.enabled }} | ||||
| {{- printf "%s-basic-auth-credentials" (include "reposilite.fullname" $) -}} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* secretKeyNames */}} | ||||
|  | ||||
| {{- define "reposilite.secrets.prometheusBasicAuth.passwordKey" -}} | ||||
| {{- if and .Values.prometheus.metrics.secret.existing.enabled (gt (len .Values.prometheus.metrics.secret.existing.basicAuthPasswordKey) 0) -}} | ||||
| {{- .Values.prometheus.metrics.secret.existing.basicAuthPasswordKey -}} | ||||
| {{- else if and .Values.prometheus.metrics.secret.existing.enabled (eq (len .Values.prometheus.metrics.secret.existing.basicAuthPasswordKey) 0) }} | ||||
| {{ fail "Name of the key in the secret that contains the password for basic auth is not defined!" }} | ||||
| {{- else if and (not .Values.prometheus.metrics.secret.existing.enabled) }} | ||||
| {{- print "password" -}} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- define "reposilite.secrets.prometheusBasicAuth.usernameKey" -}} | ||||
| {{- if and .Values.prometheus.metrics.secret.existing.enabled (gt (len .Values.prometheus.metrics.secret.existing.basicAuthUsernameKey) 0) -}} | ||||
| {{- .Values.prometheus.metrics.secret.existing.basicAuthUsernameKey -}} | ||||
| {{- else if and .Values.prometheus.metrics.secret.existing.enabled (eq (len .Values.prometheus.metrics.secret.existing.basicAuthUsernameKey) 0) }} | ||||
| {{ fail "Name of the key in the secret that contains the username for basic auth is not defined!" }} | ||||
| {{- else if and (not .Values.prometheus.metrics.secret.existing.enabled) }} | ||||
| {{- print "username" -}} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|   | ||||
| @@ -17,10 +17,10 @@ spec: | ||||
|   podMetricsEndpoints: | ||||
|   - basicAuth: | ||||
|       password: | ||||
|         key: password | ||||
|         key: {{ include "reposilite.secrets.prometheusBasicAuth.passwordKey" . }} | ||||
|         name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }} | ||||
|       username: | ||||
|         key: username | ||||
|         key: {{ include "reposilite.secrets.prometheusBasicAuth.usernameKey" . }} | ||||
|         name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }} | ||||
|     enableHttp2: {{ required "The enableHttp2 option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.enableHttp2 }} | ||||
|     followRedirects: {{ required "The followRedirects option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.followRedirects }} | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| {{- if .Values.prometheus.metrics.enabled }} | ||||
| {{- if and .Values.prometheus.metrics.enabled (not .Values.prometheus.metrics.secret.existing.enabled) }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| @@ -14,6 +14,6 @@ metadata: | ||||
|   name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }} | ||||
|   namespace: {{ .Release.Namespace }} | ||||
| stringData: | ||||
|   password: {{ default (randAlphaNum 16) .Values.prometheus.metrics.basicAuthPassword }} | ||||
|   username: {{ default (randAlphaNum 16) .Values.prometheus.metrics.basicAuthUsername }} | ||||
|   password: {{ required "Password for basic auth is required!" .Values.prometheus.metrics.secret.new.basicAuthPassword }} | ||||
|   username: {{ required "Username for basic auth is required!" .Values.prometheus.metrics.secret.new.basicAuthUsername }} | ||||
| {{- end }} | ||||
|   | ||||
| @@ -17,10 +17,10 @@ spec: | ||||
|   endpoints: | ||||
|   - basicAuth: | ||||
|       password: | ||||
|         key: password | ||||
|         key: {{ include "reposilite.secrets.prometheusBasicAuth.passwordKey" . }} | ||||
|         name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }} | ||||
|       username: | ||||
|         key: username | ||||
|         key: {{ include "reposilite.secrets.prometheusBasicAuth.usernameKey" . }} | ||||
|         name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }} | ||||
|     enableHttp2: {{ required "The enableHttp2 option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.enableHttp2 }} | ||||
|     followRedirects: {{ required "The followRedirects option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.followRedirects }} | ||||
|   | ||||
| @@ -13,6 +13,8 @@ tests: | ||||
|   set: | ||||
|     prometheus.metrics.enabled: true | ||||
|     prometheus.metrics.podMonitor.enabled: true | ||||
|     prometheus.metrics.secret.new.basicAuthPassword: "my-password" | ||||
|     prometheus.metrics.secret.new.basicAuthUsername: "my-username" | ||||
|   asserts: | ||||
|   - exists: | ||||
|       path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials | ||||
| @@ -35,3 +37,73 @@ tests: | ||||
|             name: reposilite-unittest-basic-auth-credentials | ||||
|             key: username | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering default environment variables with enabled prometheus metrics serviceMonitor and external secret | ||||
|   set: | ||||
|     prometheus.metrics.enabled: true | ||||
|     prometheus.metrics.secret.existing.enabled: true | ||||
|     prometheus.metrics.secret.existing.basicAuthUsernameKey: my-username-key | ||||
|     prometheus.metrics.secret.existing.basicAuthPasswordKey: my-password-key | ||||
|     prometheus.metrics.secret.existing.secretName: my-secret | ||||
|     prometheus.metrics.podMonitor.enabled: true | ||||
|   asserts: | ||||
|   - notExists: | ||||
|       path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials | ||||
|     template: templates/deployment.yaml | ||||
|   - contains: | ||||
|       path: spec.template.spec.containers[0].env | ||||
|       content: | ||||
|         name: REPOSILITE_PROMETHEUS_PASSWORD | ||||
|         valueFrom: | ||||
|           secretKeyRef: | ||||
|             name: my-secret | ||||
|             key: my-password-key | ||||
|     template: templates/deployment.yaml | ||||
|   - contains: | ||||
|       path: spec.template.spec.containers[0].env | ||||
|       content: | ||||
|         name: REPOSILITE_PROMETHEUS_USER | ||||
|         valueFrom: | ||||
|           secretKeyRef: | ||||
|             name: my-secret | ||||
|             key: my-username-key | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Fail when existing secret name is undefined | ||||
|   set: | ||||
|     prometheus.metrics.enabled: true | ||||
|     prometheus.metrics.secret.existing.enabled: true | ||||
|     prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key" | ||||
|     prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key" | ||||
|     prometheus.metrics.secret.existing.secretName: "" | ||||
|     prometheus.metrics.podMonitor.enabled: true | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|       errorMessage: "Name of the existing secret that contains the credentials for basic auth is not defined!" | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Fail when the name of the key in the secret that contains the username for basic auth is undefined | ||||
|   set: | ||||
|     prometheus.metrics.enabled: true | ||||
|     prometheus.metrics.secret.existing.enabled: true | ||||
|     prometheus.metrics.secret.existing.basicAuthUsernameKey: "" | ||||
|     prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key" | ||||
|     prometheus.metrics.secret.existing.secretName: "my-secret" | ||||
|     prometheus.metrics.podMonitor.enabled: true | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|       errorMessage: "Name of the key in the secret that contains the username for basic auth is not defined!" | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Fail when the name of the key in the secret that contains the password for basic auth is undefined | ||||
|   set: | ||||
|     prometheus.metrics.enabled: true | ||||
|     prometheus.metrics.secret.existing.enabled: true | ||||
|     prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key" | ||||
|     prometheus.metrics.secret.existing.basicAuthPasswordKey: "" | ||||
|     prometheus.metrics.secret.existing.secretName: "my-secret" | ||||
|     prometheus.metrics.podMonitor.enabled: true | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|       errorMessage: "Name of the key in the secret that contains the password for basic auth is not defined!" | ||||
|     template: templates/deployment.yaml | ||||
							
								
								
									
										109
									
								
								unittests/deployment/prometheusServiceMonitor.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										109
									
								
								unittests/deployment/prometheusServiceMonitor.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,109 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Add prometheus basic auth variables | ||||
| release: | ||||
|   name: reposilite-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/deployment.yaml | ||||
| - templates/secretPrometheusBasicAuth.yaml | ||||
| tests: | ||||
| - it: Rendering default environment variables with enabled prometheus metrics serviceMonitor | ||||
|   set: | ||||
|     prometheus.metrics.enabled: true | ||||
|     prometheus.metrics.serviceMonitor.enabled: true | ||||
|     prometheus.metrics.secret.new.basicAuthPassword: "my-password" | ||||
|     prometheus.metrics.secret.new.basicAuthUsername: "my-username" | ||||
|   asserts: | ||||
|   - exists: | ||||
|       path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials | ||||
|     template: templates/deployment.yaml | ||||
|   - contains: | ||||
|       path: spec.template.spec.containers[0].env | ||||
|       content: | ||||
|         name: REPOSILITE_PROMETHEUS_PASSWORD | ||||
|         valueFrom: | ||||
|           secretKeyRef: | ||||
|             name: reposilite-unittest-basic-auth-credentials | ||||
|             key: password | ||||
|     template: templates/deployment.yaml | ||||
|   - contains: | ||||
|       path: spec.template.spec.containers[0].env | ||||
|       content: | ||||
|         name: REPOSILITE_PROMETHEUS_USER | ||||
|         valueFrom: | ||||
|           secretKeyRef: | ||||
|             name: reposilite-unittest-basic-auth-credentials | ||||
|             key: username | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Rendering default environment variables with enabled prometheus metrics serviceMonitor and external secret | ||||
|   set: | ||||
|     prometheus.metrics.enabled: true | ||||
|     prometheus.metrics.secret.existing.enabled: true | ||||
|     prometheus.metrics.secret.existing.basicAuthUsernameKey: my-username-key | ||||
|     prometheus.metrics.secret.existing.basicAuthPasswordKey: my-password-key | ||||
|     prometheus.metrics.secret.existing.secretName: my-secret | ||||
|     prometheus.metrics.serviceMonitor.enabled: true | ||||
|   asserts: | ||||
|   - notExists: | ||||
|       path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials | ||||
|     template: templates/deployment.yaml | ||||
|   - contains: | ||||
|       path: spec.template.spec.containers[0].env | ||||
|       content: | ||||
|         name: REPOSILITE_PROMETHEUS_PASSWORD | ||||
|         valueFrom: | ||||
|           secretKeyRef: | ||||
|             name: my-secret | ||||
|             key: my-password-key | ||||
|     template: templates/deployment.yaml | ||||
|   - contains: | ||||
|       path: spec.template.spec.containers[0].env | ||||
|       content: | ||||
|         name: REPOSILITE_PROMETHEUS_USER | ||||
|         valueFrom: | ||||
|           secretKeyRef: | ||||
|             name: my-secret | ||||
|             key: my-username-key | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Fail when existing secret name is undefined | ||||
|   set: | ||||
|     prometheus.metrics.enabled: true | ||||
|     prometheus.metrics.secret.existing.enabled: true | ||||
|     prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key" | ||||
|     prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key" | ||||
|     prometheus.metrics.secret.existing.secretName: "" | ||||
|     prometheus.metrics.serviceMonitor.enabled: true | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|       errorMessage: "Name of the existing secret that contains the credentials for basic auth is not defined!" | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Fail when the name of the key in the secret that contains the username for basic auth is undefined | ||||
|   set: | ||||
|     prometheus.metrics.enabled: true | ||||
|     prometheus.metrics.secret.existing.enabled: true | ||||
|     prometheus.metrics.secret.existing.basicAuthUsernameKey: "" | ||||
|     prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key" | ||||
|     prometheus.metrics.secret.existing.secretName: "my-secret" | ||||
|     prometheus.metrics.serviceMonitor.enabled: true | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|       errorMessage: "Name of the key in the secret that contains the username for basic auth is not defined!" | ||||
|     template: templates/deployment.yaml | ||||
|  | ||||
| - it: Fail when the name of the key in the secret that contains the password for basic auth is undefined | ||||
|   set: | ||||
|     prometheus.metrics.enabled: true | ||||
|     prometheus.metrics.secret.existing.enabled: true | ||||
|     prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key" | ||||
|     prometheus.metrics.secret.existing.basicAuthPasswordKey: "" | ||||
|     prometheus.metrics.secret.existing.secretName: "my-secret" | ||||
|     prometheus.metrics.serviceMonitor.enabled: true | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|       errorMessage: "Name of the key in the secret that contains the password for basic auth is not defined!" | ||||
|     template: templates/deployment.yaml | ||||
							
								
								
									
										98
									
								
								unittests/secrets/basicAuth.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										98
									
								
								unittests/secrets/basicAuth.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,98 @@ | ||||
| chart: | ||||
|   appVersion: 0.1.0 | ||||
|   version: 0.1.0 | ||||
| suite: Secret reposilite template | ||||
| release: | ||||
|   name: reposilite-unittest | ||||
|   namespace: testing | ||||
| templates: | ||||
| - templates/secretPrometheusBasicAuth.yaml | ||||
| tests: | ||||
| - it: Skip rendering | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
|  | ||||
| - it: Throw error for missing basic auth password | ||||
|   set: | ||||
|     prometheus.metrics.enabled: true | ||||
|     # prometheus.metrics.secret.new.basicAuthPassword: "my-password" | ||||
|     prometheus.metrics.secret.new.basicAuthUsername: "my-username" | ||||
|   asserts: | ||||
|     - failedTemplate: | ||||
|         errorMessage: "Password for basic auth is required!" | ||||
|  | ||||
| - it: Throw error for missing basic auth username | ||||
|   set: | ||||
|     prometheus.metrics.enabled: true | ||||
|     prometheus.metrics.secret.new.basicAuthPassword: "my-password" | ||||
|     # prometheus.metrics.secret.new.basicAuthUsername: "my-username" | ||||
|   asserts: | ||||
|     - failedTemplate: | ||||
|         errorMessage: "Username for basic auth is required!" | ||||
|  | ||||
| - it: Rendering secret with default values. | ||||
|   set: | ||||
|     prometheus.metrics.enabled: true | ||||
|     prometheus.metrics.secret.new.basicAuthPassword: "my-password" | ||||
|     prometheus.metrics.secret.new.basicAuthUsername: "my-username" | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - containsDocument: | ||||
|       apiVersion: v1 | ||||
|       kind: Secret | ||||
|       name: reposilite-unittest-basic-auth-credentials | ||||
|       namespace: testing | ||||
|   - notExists: | ||||
|       path: metadata.annotations | ||||
|   - equal: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|         app.kubernetes.io/instance: reposilite-unittest | ||||
|         app.kubernetes.io/managed-by: Helm | ||||
|         app.kubernetes.io/name: reposilite | ||||
|         app.kubernetes.io/version: 0.1.0 | ||||
|         helm.sh/chart: reposilite-0.1.0 | ||||
|   - exists: | ||||
|       path: stringData.password | ||||
|   - exists: | ||||
|       path: stringData.username | ||||
|  | ||||
| - it: Rendering secret with custom values. | ||||
|   set: | ||||
|     prometheus.metrics.enabled: true | ||||
|     prometheus.metrics.secret.new.basicAuthPassword: foo | ||||
|     prometheus.metrics.secret.new.basicAuthUsername: bar | ||||
|     prometheus.metrics.secret.new.annotations: | ||||
|       foo: bar | ||||
|     prometheus.metrics.secret.new.labels: | ||||
|       bar: foo | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - isSubset: | ||||
|       path: metadata.annotations | ||||
|       content: | ||||
|         foo: bar | ||||
|   - isSubset: | ||||
|       path: metadata.labels | ||||
|       content: | ||||
|         bar: foo | ||||
|   - equal: | ||||
|       path: metadata.name | ||||
|       value: reposilite-unittest-basic-auth-credentials | ||||
|   - equal: | ||||
|       path: stringData.password | ||||
|       value: foo | ||||
|   - equal: | ||||
|       path: stringData.username | ||||
|       value: bar | ||||
|  | ||||
| - it: Skip rendering if existing secret is used | ||||
|   set: | ||||
|     prometheus.metrics.enabled: true | ||||
|     prometheus.metrics.secret.existing.enabled: true | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 0 | ||||
| @@ -53,13 +53,13 @@ tests: | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - exists: | ||||
|   - isSubset: | ||||
|       path: metadata.annotations | ||||
|       value: | ||||
|       content: | ||||
|         foo: bar | ||||
|   - exists: | ||||
|   - isSubset: | ||||
|       path: metadata.labels | ||||
|       value: | ||||
|       content: | ||||
|         bar: foo | ||||
|   - equal: | ||||
|       path: metadata.name | ||||
|   | ||||
| @@ -129,6 +129,10 @@ tests: | ||||
| - it: Change defaults | ||||
|   set: | ||||
|     prometheus.metrics.enabled: true | ||||
|     prometheus.metrics.secret.existing.enabled: true | ||||
|     prometheus.metrics.secret.existing.secretName: "my-secret" | ||||
|     prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key" | ||||
|     prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key" | ||||
|     prometheus.metrics.serviceMonitor.enabled: true | ||||
|     prometheus.metrics.serviceMonitor.enableHttp2: false | ||||
|     prometheus.metrics.serviceMonitor.followRedirects: true | ||||
| @@ -147,6 +151,15 @@ tests: | ||||
|   asserts: | ||||
|   - hasDocuments: | ||||
|       count: 1 | ||||
|   - isSubset: | ||||
|       path: spec.endpoints[0].basicAuth | ||||
|       content: | ||||
|         password: | ||||
|           key: my-password-key | ||||
|           name: my-secret | ||||
|         username: | ||||
|           key: my-username-key | ||||
|           name: my-secret | ||||
|   - equal: | ||||
|       path: spec.endpoints[0].enableHttp2 | ||||
|       value: false | ||||
|   | ||||
| @@ -78,35 +78,35 @@ tests: | ||||
|     service.internalTrafficPolicy: "" | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|     errorMessage: No internal traffic policy defined! | ||||
|       errorMessage: No internal traffic policy defined! | ||||
|  | ||||
| - it: Require port. | ||||
|   set: | ||||
|     service.port: "" | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|     errorMessage: No service port defined! | ||||
|       errorMessage: No service port defined! | ||||
|  | ||||
| - it: Require scheme. | ||||
|   set: | ||||
|     service.scheme: "" | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|     errorMessage: No service scheme defined! | ||||
|       errorMessage: The scheme of the serviceMonitor is not defined! | ||||
|  | ||||
| - it: Require sessionAffinity. | ||||
|   set: | ||||
|     service.sessionAffinity: "" | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|     errorMessage: No session affinity defined! | ||||
|       errorMessage: No session affinity defined! | ||||
|  | ||||
| - it: Require service type. | ||||
|   set: | ||||
|     service.type: "" | ||||
|   asserts: | ||||
|   - failedTemplate: | ||||
|     errorMessage: No service type defined! | ||||
|       errorMessage: No service type defined! | ||||
|  | ||||
| - it: Render service with custom annotations and labels. | ||||
|   set: | ||||
|   | ||||
							
								
								
									
										29
									
								
								values.yaml
									
									
									
									
									
								
							
							
						
						
									
										29
									
								
								values.yaml
									
									
									
									
									
								
							| @@ -175,7 +175,7 @@ deployment: | ||||
|     image: | ||||
|       registry: docker.io | ||||
|       repository: curlimages/curl | ||||
|       tag: "8.15.0" | ||||
|       tag: "8.16.0" | ||||
|       pullPolicy: IfNotPresent | ||||
|  | ||||
|   ## @param deployment.priorityClassName PriorityClassName of the Reposilite deployment. | ||||
| @@ -396,13 +396,30 @@ persistentVolumeClaim: | ||||
|  | ||||
| ## @section Prometheus | ||||
| prometheus: | ||||
|   ## @param prometheus.metrics.enabled Enable of scraping metrics by Prometheus. | ||||
|   ## @param prometheus.metrics.basicAuthUsername Username for basic auth. The username and password is required by reposilite to expose metrics. Default: random alpha numeric string. | ||||
|   ## @param prometheus.metrics.basicAuthPassword Password for basic auth. The username and password is required by reposilite to expose metrics. Default random alpha numeric string. | ||||
|   metrics: | ||||
|     ## @param prometheus.metrics.enabled Enable of scraping metrics by Prometheus. | ||||
|     enabled: false | ||||
|     basicAuthUsername: "" | ||||
|     basicAuthPassword: "" | ||||
|  | ||||
|     secret: | ||||
|       ## @param prometheus.metrics.secret.existing.enabled Use an existing secret containing the basic auth credentials. | ||||
|       ## @param prometheus.metrics.secret.existing.secretName Name of the secret containing the basic auth credentials. | ||||
|       ## @param prometheus.metrics.secret.existing.basicAuthUsernameKey Name of the key in the secret that contains the username for basic auth. | ||||
|       ## @param prometheus.metrics.secret.existing.basicAuthPasswordKey Name of the key in the secret that contains the password for basic auth. | ||||
|       existing: | ||||
|         enabled: false | ||||
|         secretName: "" | ||||
|         basicAuthUsernameKey: "" | ||||
|         basicAuthPasswordKey: "" | ||||
|  | ||||
|       ## @param prometheus.metrics.secret.new.annotations Additional secret annotations. | ||||
|       ## @param prometheus.metrics.secret.new.labels Additional secret labels. | ||||
|       ## @param prometheus.metrics.secret.new.basicAuthUsername Username for basic auth. The username and password is required by reposilite to expose metrics. Default: random alpha numeric string. | ||||
|       ## @param prometheus.metrics.secret.new.basicAuthPassword Password for basic auth. The username and password is required by reposilite to expose metrics. Default random alpha numeric string. | ||||
|       new: | ||||
|         annotations: {} | ||||
|         labels: {} | ||||
|         basicAuthUsername: "" | ||||
|         basicAuthPassword: "" | ||||
|  | ||||
|     ## @param prometheus.metrics.podMonitor.enabled Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource. | ||||
|     ## @param prometheus.metrics.podMonitor.annotations Additional podMonitor annotations. | ||||
|   | ||||
		Reference in New Issue
	
	Block a user