45 Commits

Author SHA1 Message Date
16a7fa16a9 Merge pull request 'chore(deps): update dependency volker.raschek/reposilite-charts to v1' (#38) from renovate/volker.raschek-reposilite-charts-1.x into master
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
Markdown linter / markdown-link-checker (push) Successful in 12s
Markdown linter / markdown-lint (push) Successful in 9s
2025-10-22 16:24:49 +00:00
19dc6b4aef chore(deps): update dependency volker.raschek/reposilite-charts to v1
All checks were successful
Generate README / generate-parameters (push) Successful in 10s
Generate README / generate-parameters (pull_request) Successful in 10s
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (pull_request) Successful in 6s
Helm / helm-unittest (pull_request) Successful in 6s
Markdown linter / markdown-link-checker (push) Successful in 11s
Markdown linter / markdown-lint (push) Successful in 9s
Markdown linter / markdown-link-checker (pull_request) Successful in 12s
Markdown linter / markdown-lint (pull_request) Successful in 10s
2025-10-22 16:23:39 +00:00
0dd267a0df docs(README): add an ArgoCD application resource as an example
All checks were successful
Helm / helm-lint (push) Successful in 13s
Generate README / generate-parameters (push) Successful in 15s
Markdown linter / markdown-link-checker (push) Successful in 13s
Helm / helm-unittest (push) Successful in 15s
Markdown linter / markdown-lint (push) Successful in 9s
Release / publish-chart (push) Successful in 8s
2025-10-22 17:38:24 +02:00
d790cd3ec4 fix(secret): enforce basic auth credentials
This patch remove generation of a random string for the username and password of
the basic auth credentials.

The problem with the random generated basic auth credentials is, that this leads
to a new shasum of the secret. GitOps tools like ArgoCD detects a drift trigger
a rolling update.

To avoid this must now the basic auth credentials be defined to enable
prometheus metrics.
2025-10-22 17:14:53 +02:00
d2c329e1be docs(README): adapt jq expression to ignore reloader annotation
All checks were successful
Generate README / generate-parameters (push) Successful in 29s
Helm / helm-lint (push) Successful in 16s
Helm / helm-unittest (push) Successful in 15s
Markdown linter / markdown-link-checker (push) Successful in 31s
Markdown linter / markdown-lint (push) Successful in 29s
2025-10-21 22:32:23 +02:00
db5e38cef1 docs(README): adapt description of RespectIgnoreDifferences
All checks were successful
Generate README / generate-parameters (push) Successful in 29s
Helm / helm-lint (push) Successful in 16s
Helm / helm-unittest (push) Successful in 17s
Markdown linter / markdown-link-checker (push) Successful in 31s
Markdown linter / markdown-lint (push) Successful in 29s
2025-10-21 22:28:23 +02:00
1fe7bc604e docs(README): adjust highlighted text
All checks were successful
Generate README / generate-parameters (push) Successful in 29s
Helm / helm-lint (push) Successful in 16s
Helm / helm-unittest (push) Successful in 16s
Markdown linter / markdown-link-checker (push) Successful in 31s
Markdown linter / markdown-lint (push) Successful in 27s
2025-10-21 22:26:15 +02:00
fa43188e03 docs(README): add tip how to ignore stakater's reloader annotations
All checks were successful
Generate README / generate-parameters (push) Successful in 29s
Helm / helm-lint (push) Successful in 16s
Helm / helm-unittest (push) Successful in 15s
Markdown linter / markdown-link-checker (push) Successful in 32s
Markdown linter / markdown-lint (push) Successful in 29s
2025-10-21 22:22:26 +02:00
99ed88068a docs(README): add further jqPathExpressions if stakaters reloader is configured
All checks were successful
Generate README / generate-parameters (push) Successful in 29s
Helm / helm-lint (push) Successful in 16s
Helm / helm-unittest (push) Successful in 16s
Markdown linter / markdown-link-checker (push) Successful in 32s
Markdown linter / markdown-lint (push) Successful in 27s
2025-10-19 19:08:18 +02:00
95fd713da6 fix(renovate): update packageRule for helm-unittest/helm-unittest
All checks were successful
Helm / helm-unittest (push) Successful in 1m58s
Helm / helm-lint (push) Successful in 2m3s
2025-10-16 22:01:54 +02:00
671a635627 fix(renovate): update packageRule for helm-unittest/helm-unittest
All checks were successful
Helm / helm-unittest (push) Successful in 7s
Helm / helm-lint (push) Successful in 14s
2025-10-16 21:39:56 +02:00
13fbb0ecc0 fix(vscode): add values.schema.json for helm unittest
All checks were successful
Helm / helm-lint (push) Successful in 14s
Helm / helm-unittest (push) Successful in 15s
2025-10-16 21:11:51 +02:00
8835a8cde1 Merge pull request 'chore(deps): update dependency markdown-link-check to v3.14.1' (#34) from renovate/markdown-link-check-3.x-lockfile into master
All checks were successful
Helm / helm-lint (push) Successful in 14s
Helm / helm-unittest (push) Successful in 15s
2025-10-11 19:15:37 +00:00
7d479fe629 chore(deps): update dependency markdown-link-check to v3.14.1
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-lint (pull_request) Successful in 11s
Helm / helm-unittest (push) Successful in 21s
Helm / helm-unittest (pull_request) Successful in 6s
2025-10-11 19:15:03 +00:00
edacc04893 docs(README): ArgoCD configuration note on checksum annotations
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 6s
Markdown linter / markdown-link-checker (push) Successful in 18s
Generate README / generate-parameters (push) Successful in 41s
Markdown linter / markdown-lint (push) Successful in 9s
2025-10-11 14:04:18 +02:00
3c64ebfef4 Merge pull request 'chore(deps): update dependency markdown-link-check to v3.14.0' (#33) from renovate/markdown-link-check-3.x-lockfile into master
All checks were successful
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (push) Successful in 14s
2025-10-10 19:17:38 +00:00
15d2c31512 chore(deps): update dependency markdown-link-check to v3.14.0
All checks were successful
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (pull_request) Successful in 6s
Helm / helm-lint (push) Successful in 14s
Helm / helm-unittest (pull_request) Successful in 16s
2025-10-10 19:16:57 +00:00
93ef09b878 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.10.0' (#32) from renovate/update-docker.iolibrarynode into master
All checks were successful
Helm / helm-lint (push) Successful in 39s
Helm / helm-unittest (push) Successful in 8s
2025-10-09 16:19:16 +00:00
b5368314d6 chore(deps): update docker.io/library/node docker tag to v24.10.0
All checks were successful
Helm / helm-lint (push) Successful in 8s
Helm / helm-unittest (push) Successful in 19s
Helm / helm-lint (pull_request) Successful in 9s
Helm / helm-unittest (pull_request) Successful in 16s
2025-10-09 16:18:25 +00:00
60643bdaf4 fix(renovate): group docker.io/volkerraschek/helm
All checks were successful
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (push) Successful in 14s
2025-09-30 17:40:04 +02:00
e3880f5f00 fix(renovate): group node packages
All checks were successful
Helm / helm-unittest (push) Successful in 5s
Helm / helm-lint (push) Successful in 14s
2025-09-30 17:31:36 +02:00
a20f370eaf Merge pull request 'chore(deps): update dependency volker.raschek/reposilite-charts to v0.3.0' (#31) from renovate/volker.raschek-reposilite-charts-0.x into master
All checks were successful
Generate README / generate-parameters (push) Successful in 9s
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
Markdown linter / markdown-lint (push) Successful in 9s
Markdown linter / markdown-link-checker (push) Successful in 33s
2025-09-29 22:15:27 +00:00
d6de6ce37a chore(deps): update dependency volker.raschek/reposilite-charts to v0.3.0
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 6s
Markdown linter / markdown-link-checker (push) Successful in 10s
Generate README / generate-parameters (push) Successful in 28s
Markdown linter / markdown-lint (push) Successful in 13s
Helm / helm-lint (pull_request) Successful in 6s
Helm / helm-unittest (pull_request) Successful in 6s
Generate README / generate-parameters (pull_request) Successful in 31s
Markdown linter / markdown-link-checker (pull_request) Successful in 11s
Markdown linter / markdown-lint (pull_request) Successful in 27s
2025-09-29 22:14:24 +00:00
334a8b877b feat(secret): support annotations and labels for the basic auth secret
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
Generate README / generate-parameters (push) Successful in 28s
Markdown linter / markdown-link-checker (push) Successful in 18s
Release / publish-chart (push) Successful in 8s
Markdown linter / markdown-lint (push) Successful in 28s
2025-09-29 22:54:44 +02:00
ba1fd42cfc Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.9.0' (#30) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 14s
2025-09-26 19:19:09 +00:00
70faa1ff8f Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24.9.0' (#29) from renovate/actions into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
2025-09-26 19:18:43 +00:00
d7d5bc4dae chore(deps): update docker.io/library/node docker tag to v24.9.0
All checks were successful
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (push) Successful in 14s
Helm / helm-lint (pull_request) Successful in 6s
Helm / helm-unittest (pull_request) Successful in 15s
2025-09-26 19:18:31 +00:00
a3f1ab1850 chore(deps): update docker.io/library/node docker tag to v24.9.0
All checks were successful
Helm / helm-unittest (push) Successful in 5s
Helm / helm-lint (pull_request) Successful in 7s
Helm / helm-lint (push) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 6s
2025-09-26 19:18:12 +00:00
c4919a6bfc Merge pull request 'chore(deps): update dzikoysk/reposilite docker tag to v3.5.26' (#28) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
2025-09-21 22:17:13 +00:00
6ca6f583d3 chore(deps): update dzikoysk/reposilite docker tag to v3.5.26
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (pull_request) Successful in 6s
Helm / helm-unittest (pull_request) Successful in 6s
2025-09-21 22:16:38 +00:00
0d10fb2cdc Merge pull request 'chore(deps): update volkerraschek/helm docker tag to v3.19.0' (#27) from renovate/container-images into master
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 15s
2025-09-21 13:17:51 +00:00
a373c49e2a Merge pull request 'chore(deps): update docker.io/volkerraschek/helm docker tag to v3.19.0' (#26) from renovate/actions into master
Some checks failed
Helm / helm-lint (push) Successful in 5s
Helm / helm-unittest (push) Has been cancelled
2025-09-21 13:17:38 +00:00
633d4f1bfd chore(deps): update volkerraschek/helm docker tag to v3.19.0
All checks were successful
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 7s
Helm / helm-unittest (pull_request) Successful in 6s
Helm / helm-lint (pull_request) Successful in 15s
2025-09-21 13:17:13 +00:00
cc201633de chore(deps): update docker.io/volkerraschek/helm docker tag to v3.19.0
All checks were successful
Helm / helm-lint (push) Successful in 14s
Helm / helm-lint (pull_request) Successful in 6s
Helm / helm-unittest (pull_request) Successful in 16s
Helm / helm-unittest (push) Successful in 6s
2025-09-21 13:16:57 +00:00
64c20379a2 Merge pull request 'chore(deps): update volkerraschek/helm docker tag to v3.18.5' (#25) from renovate/container-images into master
All checks were successful
Helm / helm-unittest (push) Successful in 7s
Helm / helm-lint (push) Successful in 14s
2025-09-20 19:13:01 +00:00
98ec01a217 chore(deps): update volkerraschek/helm docker tag to v3.18.5
All checks were successful
Helm / helm-lint (pull_request) Successful in 7s
Helm / helm-unittest (pull_request) Successful in 15s
Helm / helm-unittest (push) Successful in 8s
Helm / helm-lint (push) Successful in 15s
2025-09-20 16:15:29 +00:00
796c257d0a fix(renovate): update REAMDE
All checks were successful
Helm / helm-lint (push) Successful in 7s
Helm / helm-unittest (push) Successful in 18s
2025-09-20 18:05:14 +02:00
387547e813 Merge pull request 'chore(deps): update docker.io/curlimages/curl docker tag to v8.16.0' (#17) from renovate/container-images into master
Some checks failed
Generate README / generate-parameters (push) Failing after 10s
Helm / helm-lint (push) Successful in 6s
Helm / helm-unittest (push) Successful in 15s
2025-09-20 14:50:48 +00:00
e16a1ff2ed Merge pull request 'chore(deps): update dependency volker.raschek/reposilite-charts to v0.2.0' (#16) from renovate/volker.raschek-reposilite-charts-0.x into master
Some checks failed
Generate README / generate-parameters (push) Successful in 9s
Helm / helm-unittest (push) Successful in 7s
Helm / helm-lint (push) Has been cancelled
Markdown linter / markdown-link-checker (push) Successful in 12s
Markdown linter / markdown-lint (push) Successful in 9s
2025-09-20 14:49:41 +00:00
c8d8efeae3 chore(deps): update docker.io/curlimages/curl docker tag to v8.16.0
Some checks failed
Generate README / generate-parameters (push) Failing after 10s
Helm / helm-unittest (push) Successful in 6s
Helm / helm-lint (push) Successful in 16s
Generate README / generate-parameters (pull_request) Failing after 9s
Helm / helm-unittest (pull_request) Successful in 6s
Helm / helm-lint (pull_request) Successful in 15s
2025-09-20 14:47:13 +00:00
2a7d111525 chore(deps): update dependency volker.raschek/reposilite-charts to v0.2.0
All checks were successful
Generate README / generate-parameters (push) Successful in 11s
Helm / helm-lint (push) Successful in 16s
Helm / helm-unittest (push) Successful in 6s
Markdown linter / markdown-link-checker (push) Successful in 33s
Markdown linter / markdown-lint (push) Successful in 28s
Generate README / generate-parameters (pull_request) Successful in 31s
Helm / helm-lint (pull_request) Successful in 15s
Helm / helm-unittest (pull_request) Successful in 18s
Markdown linter / markdown-lint (pull_request) Successful in 10s
Markdown linter / markdown-link-checker (pull_request) Successful in 31s
2025-09-20 14:47:01 +00:00
64de0eb8ea docs(README): update parameters
All checks were successful
Generate README / generate-parameters (push) Successful in 11s
Helm / helm-lint (push) Successful in 14s
Helm / helm-unittest (push) Successful in 6s
Markdown linter / markdown-lint (push) Successful in 9s
Markdown linter / markdown-link-checker (push) Successful in 31s
2025-09-20 16:23:06 +02:00
413fe95b86 fix(prometheus): add init containers to download plugins
Some checks failed
Generate README / generate-parameters (push) Failing after 15s
Helm / helm-lint (push) Successful in 15s
Helm / helm-unittest (push) Successful in 7s
Markdown linter / markdown-lint (push) Successful in 8s
Release / publish-chart (push) Successful in 8s
Markdown linter / markdown-link-checker (push) Successful in 43s
The following patch extends the helm chart of additional init containers for
each plugin.
2025-09-20 16:21:40 +02:00
de8ef2b201 chore(deps): update actions/checkout to v5.0.0 2025-09-20 16:21:37 +02:00
6e38335808 feat(prometheus): add podMonitor and serviceMonitor
This patch adds Prometheus podMonitor and serviceMonitor.
2025-09-20 16:21:16 +02:00
33 changed files with 1553 additions and 89 deletions

View File

@@ -15,7 +15,7 @@ on:
jobs:
generate-parameters:
container:
image: docker.io/library/node:24.8.0-alpine
image: docker.io/library/node:24.10.0-alpine
runs-on:
- ubuntu-latest
steps:

View File

@@ -13,7 +13,7 @@ on:
jobs:
helm-lint:
container:
image: docker.io/volkerraschek/helm:3.18.5
image: docker.io/volkerraschek/helm:3.19.0
runs-on:
- ubuntu-latest
steps:
@@ -28,7 +28,7 @@ jobs:
helm-unittest:
container:
image: docker.io/volkerraschek/helm:3.18.5
image: docker.io/volkerraschek/helm:3.19.0
runs-on:
- ubuntu-latest
steps:

View File

@@ -15,7 +15,7 @@ on:
jobs:
markdown-link-checker:
container:
image: docker.io/library/node:24.8.0-alpine
image: docker.io/library/node:24.10.0-alpine
runs-on:
- ubuntu-latest
steps:
@@ -31,7 +31,7 @@ jobs:
markdown-lint:
container:
image: docker.io/library/node:24.8.0-alpine
image: docker.io/library/node:24.10.0-alpine
runs-on:
- ubuntu-latest
steps:

View File

@@ -8,7 +8,7 @@ on:
jobs:
publish-chart:
container:
image: docker.io/volkerraschek/helm:3.18.5
image: docker.io/volkerraschek/helm:3.19.0
runs-on: ubuntu-latest
steps:
- name: Install packages via apk
@@ -16,7 +16,7 @@ jobs:
apk update
apk add git npm jq yq
- uses: actions/checkout@v5
- uses: actions/checkout@v5.0.0
with:
fetch-depth: 0

4
.gitignore vendored
View File

@@ -1,6 +1,6 @@
charts
node_modules
target
values2.yml
values2.yaml
values[0-9].yml
values[0-9].yaml
*.tgz

8
.vscode/settings.json vendored Normal file
View File

@@ -0,0 +1,8 @@
{
"yaml.schemas": {
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.2/schema/helm-testsuite.json": [
"/unittests/**/*.yaml"
]
},
"yaml.schemaStore.enable": true
}

View File

@@ -5,7 +5,7 @@ annotations:
- name: support
url: https://git.cryptic.systems/volker.raschek/reposilite-charts/issues
apiVersion: v2
appVersion: "3.5.25"
appVersion: "3.5.26"
description: |
Lightweight and easy-to-use repository management software
dedicated for the Maven based artifacts in the JVM ecosystem

View File

@@ -4,13 +4,13 @@ CONTAINER_RUNTIME?=$(shell which podman)
# HELM_IMAGE
HELM_IMAGE_REGISTRY_HOST?=docker.io
HELM_IMAGE_REPOSITORY?=volkerraschek/helm
HELM_IMAGE_VERSION?=3.18.2 # renovate: datasource=docker registryUrl=https://registry-nexus.orbis.dedalus.com depName=volkerraschek/helm
HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
# NODE_IMAGE
NODE_IMAGE_REGISTRY_HOST?=docker.io
NODE_IMAGE_REPOSITORY?=library/node
NODE_IMAGE_VERSION?=24.8.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
NODE_IMAGE_VERSION?=24.10.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
# MISSING DOT
@@ -18,6 +18,19 @@ NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:
missing-dot:
grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml
# README
# ==============================================================================
readme: readme/link readme/lint readme/parameters
readme/link:
npm install && npm run readme:link
readme/lint:
npm install && npm run readme:lint
readme/parameters:
npm install && npm run readme:parameters
# CONTAINER RUN - README
# ==============================================================================
PHONY+=container-run/readme
@@ -88,4 +101,4 @@ container-run/helm-lint:
# ==============================================================================
# Declare the contents of the PHONY variable as phony. We keep that information
# in a variable so we can use it in if_changed.
.PHONY: ${PHONY}
.PHONY: ${PHONY}

224
README.md
View File

@@ -37,7 +37,7 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi
versions can break something!
```bash
CHART_VERSION=0.1.3
CHART_VERSION=1.0.0
helm show values volker.raschek/reposilite --version "${CHART_VERSION}" > values.yaml
```
@@ -51,7 +51,7 @@ The helm chart also contains a persistent volume claim definition. It persistent
Use the `--set` argument to persist your data.
```bash
CHART_VERSION=0.1.3
CHART_VERSION=1.0.0
helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \
persistentVolumeClaim.enabled=true
```
@@ -72,7 +72,7 @@ connection problems.
> error.
```bash
CHART_VERSION=0.1.3
CHART_VERSION=1.0.0
helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \
--set 'deployment.reposilite.env[1].name=REPOSILITE_LOCAL_SSLENABLED' \
--set 'deployment.reposilite.env[1].value="true"' \
@@ -122,14 +122,29 @@ deployment:
secret.reloader.stakater.com/reload: "reposilite-tls"
```
### Network policies
If the application is rolled out using ArgoCD, a rolling update from stakater's
[reloader](https://github.com/stakater/Reloader) can lead to a drift. ArgoCD will attempt to restore the original state
with a rolling update. To avoid this, instead of a rolling update triggered by the reloader, a restart of the pod can be
initiated. Further information are available in the official
[README](https://github.com/stakater/Reloader?tab=readme-ov-file#4-%EF%B8%8F-workload-specific-rollout-strategy) of
stakater's reloader.
```diff
deployment:
annotations:
reloader.stakater.com/auto: "true"
+ reloader.stakater.com/rollout-strategy: "restart"
```
#### Network policies
Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`.
The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming
traffic from an ingress controller. Additionally one egress rule is defined, to allow the application outgoing access
to the internal running DNS server `core-dns`.
traffic from an ingress controller. Additionally two egress rules are defined. The first one to allow the application
outgoing access to the internal running DNS server `core-dns`. The second rule to be able to access the Apache Maven
Central repository via HTTPS.
> [!IMPORTANT]
> Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For
@@ -156,6 +171,10 @@ networkPolicies:
protocol: TCP
- port: 53
protocol: UDP
- ports:
- port: 443
protocol: TCP
ingress:
- from:
- namespaceSelector:
@@ -169,6 +188,75 @@ networkPolicies:
protocol: TCP
```
### Prometheus
Reposilite is not able to expose metrics by default. Reposilite requires an additional plugin to expose the metrics via
`/metrics`. The plugin will be downloaded from Apache Maven Central, when the plugin is enabled directly or the
Prometheus feature has been enabled. The plugin is a simple JAR file, which will be stored in `/app/data/plugins`.
Furthermore, Reposilite will not expose the metrics without protection. For this reason must be defined basic auth
credentials. By default generate the helm chart a random username and password for basic auth. For debugging propose can
be set the credentials manually.
The following example enable Prometheus metrics with custom basic auth credentials:
```bash
CHART_VERSION=1.0.0
helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \
--set 'prometheus.metrics.enabled=true' \
--set 'prometheus.metrics.basicAuthUsername=my-username' \
--set 'prometheus.metrics.basicAuthUsername=my-password'
```
## ArgoCD
### Example Application
An application resource for the Helm chart is defined below. It serves as an example for your own deployment.
```yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
destination:
server: https://kubernetes.default.svc
namespace: reposilite
ignoreDifferences:
- group: apps
kind: Deployment
jqPathExpressions:
# When HPA is enabled, ensure that a modification of the replicas does not lead to a
# drift.
- '.spec.replicas'
# Ensure that changes of the annotations or environment variables added or modified by
# stakater's reloader does not lead to a drift.
- '.spec.template.metadata.annotations | with_entries(select(.key | startswith("reloader")))'
- '.spec.template.spec.containers[].env[] | select(.name | startswith("STAKATER_"))'
sources:
- repoURL: https://charts.cryptic.systems/volker.raschek
chart: reposilite
targetRevision: '0.*'
helm:
valueFiles:
- $values/values.yaml
releaseName: reposilite
syncPolicy:
automated:
prune: true
selfHeal: true
managedNamespaceMetadata:
annotations: {}
labels: {}
syncOptions:
- ApplyOutOfSyncOnly=true
- CreateNamespace=true
- FailOnSharedResource=false
- Replace=false
- RespectIgnoreDifferences=false
- ServerSideApply=true
- Validate=true
```
## Parameters
### Global
@@ -178,44 +266,56 @@ networkPolicies:
| `nameOverride` | Individual release name suffix. | `""` |
| `fullnameOverride` | Override the complete release name logic. | `""` |
### Config
| Name | Description | Value |
| ----------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `config.plugins.prometheus.enabled` | Download the Prometheus plugin via an additional init container. The Prometheus plugin will automatically enabled, when Prometheus is enabled. | `false` |
| `config.plugins.prometheus.url` | URL to download the plugin. | `https://maven.reposilite.com/releases/com/reposilite/plugin/prometheus-plugin/{{ .Chart.AppVersion }}/prometheus-plugin-{{ .Chart.AppVersion }}-all.jar` |
### Deployment
| Name | Description | Value |
| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------- |
| `deployment.annotations` | Additional deployment annotations. | `{}` |
| `deployment.labels` | Additional deployment labels. | `{}` |
| `deployment.additionalContainers` | List of additional containers. | `[]` |
| `deployment.affinity` | Affinity for the Reposilite deployment. | `{}` |
| `deployment.initContainers` | List of additional init containers. | `[]` |
| `deployment.dnsConfig` | dnsConfig of the Reposilite deployment. | `{}` |
| `deployment.dnsPolicy` | dnsPolicy of the Reposilite deployment. | `""` |
| `deployment.hostname` | Individual hostname of the pod. | `""` |
| `deployment.subdomain` | Individual domain of the pod. | `""` |
| `deployment.hostNetwork` | Use the kernel network namespace of the host system. | `false` |
| `deployment.imagePullSecrets` | Secret to use for pulling the image. | `[]` |
| `deployment.reposilite.args` | Arguments passed to the Reposilite container. | `[]` |
| `deployment.reposilite.command` | Command passed to the Reposilite container. | `[]` |
| `deployment.reposilite.env` | List of environment variables for the Reposilite container. | |
| `deployment.reposilite.envFrom` | List of environment variables mounted from configMaps or secrets for the Reposilite container. | `[]` |
| `deployment.reposilite.image.registry` | Image registry, eg. `docker.io`. | `docker.io` |
| `deployment.reposilite.image.repository` | Image repository, eg. `library/busybox`. | `dzikoysk/reposilite` |
| `deployment.reposilite.image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` |
| `deployment.reposilite.image.pullPolicy` | Image pull policy. | `IfNotPresent` |
| `deployment.reposilite.resources` | CPU and memory resources of the pod. | `{}` |
| `deployment.reposilite.securityContext` | Security context of the container of the deployment. | `{}` |
| `deployment.reposilite.volumeMounts` | Additional volume mounts. | `[]` |
| `deployment.nodeSelector` | NodeSelector of the Reposilite deployment. | `{}` |
| `deployment.priorityClassName` | PriorityClassName of the Reposilite deployment. | `""` |
| `deployment.replicas` | Number of replicas for the Reposilite deployment. | `1` |
| `deployment.restartPolicy` | Restart policy of the Reposilite deployment. | `""` |
| `deployment.securityContext` | Security context of the Reposilite deployment. | `{}` |
| `deployment.strategy.type` | Strategy type - `Recreate` or `RollingUpdate`. | `RollingUpdate` |
| `deployment.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` |
| `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` |
| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` |
| `deployment.tolerations` | Tolerations of the Reposilite deployment. | `[]` |
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the Reposilite deployment. | `[]` |
| `deployment.volumes` | Additional volumes to mount into the pods of the reposilite deployment. | `[]` |
| Name | Description | Value |
| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | ------------------------------------------- |
| `deployment.annotations` | Additional deployment annotations. | `{}` |
| `deployment.labels` | Additional deployment labels. | `{}` |
| `deployment.additionalContainers` | List of additional containers. | `[]` |
| `deployment.affinity` | Affinity for the Reposilite deployment. | `{}` |
| `deployment.initContainers` | List of additional init containers. | `[]` |
| `deployment.dnsConfig` | dnsConfig of the Reposilite deployment. | `{}` |
| `deployment.dnsPolicy` | dnsPolicy of the Reposilite deployment. | `""` |
| `deployment.hostname` | Individual hostname of the pod. | `""` |
| `deployment.subdomain` | Individual domain of the pod. | `""` |
| `deployment.hostNetwork` | Use the kernel network namespace of the host system. | `false` |
| `deployment.imagePullSecrets` | Secret to use for pulling the image. | `[]` |
| `deployment.reposilite.args` | Arguments passed to the Reposilite container. | `[]` |
| `deployment.reposilite.command` | Command passed to the Reposilite container. | `[]` |
| `deployment.reposilite.env` | List of environment variables for the Reposilite container. | |
| `deployment.reposilite.envFrom` | List of environment variables mounted from configMaps or secrets for the Reposilite container. | `[]` |
| `deployment.reposilite.image.registry` | Image registry, eg. `docker.io`. | `docker.io` |
| `deployment.reposilite.image.repository` | Image repository, eg. `library/busybox`. | `dzikoysk/reposilite` |
| `deployment.reposilite.image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` |
| `deployment.reposilite.image.pullPolicy` | Image pull policy. | `IfNotPresent` |
| `deployment.reposilite.resources` | CPU and memory resources of the pod. | `{}` |
| `deployment.reposilite.securityContext` | Security context of the container of the deployment. | `{}` |
| `deployment.reposilite.volumeMounts` | Additional volume mounts. | `[]` |
| `deployment.nodeSelector` | NodeSelector of the Reposilite deployment. | `{}` |
| `deployment.pluginContainer.args` | Arguments passed to the plugin container. | `["--location","--fail","--max-time","60"]` |
| `deployment.pluginContainer.image.registry` | Image registry, eg. `docker.io`. | `docker.io` |
| `deployment.pluginContainer.image.repository` | Image repository, eg. `curlimages/curl`. | `curlimages/curl` |
| `deployment.pluginContainer.image.tag` | Custom image tag, eg. `0.1.0`. | `8.16.0` |
| `deployment.pluginContainer.image.pullPolicy` | Image pull policy. | `IfNotPresent` |
| `deployment.priorityClassName` | PriorityClassName of the Reposilite deployment. | `""` |
| `deployment.replicas` | Number of replicas for the Reposilite deployment. | `1` |
| `deployment.restartPolicy` | Restart policy of the Reposilite deployment. | `""` |
| `deployment.securityContext` | Security context of the Reposilite deployment. | `{}` |
| `deployment.strategy.type` | Strategy type - `Recreate` or `RollingUpdate`. | `RollingUpdate` |
| `deployment.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` |
| `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` |
| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` |
| `deployment.tolerations` | Tolerations of the Reposilite deployment. | `[]` |
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the Reposilite deployment. | `[]` |
| `deployment.volumes` | Additional volumes to mount into the pods of the reposilite deployment. | `[]` |
### Horizontal Pod Autoscaler (HPA)
@@ -265,6 +365,45 @@ networkPolicies:
| `persistentVolumeClaim.new.size` | Size of the persistent volume claim. | `10Gi` |
| `persistentVolumeClaim.new.storageClass` | Custom storage class. Left it empty to use the clusters default storage class. | `""` |
### Prometheus
| Name | Description | Value |
| --------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| `prometheus.metrics.enabled` | Enable of scraping metrics by Prometheus. | `false` |
| `prometheus.metrics.secret.existing.enabled` | Use an existing secret containing the basic auth credentials. | `false` |
| `prometheus.metrics.secret.existing.secretName` | Name of the secret containing the basic auth credentials. | `""` |
| `prometheus.metrics.secret.existing.basicAuthUsernameKey` | Name of the key in the secret that contains the username for basic auth. | `""` |
| `prometheus.metrics.secret.existing.basicAuthPasswordKey` | Name of the key in the secret that contains the password for basic auth. | `""` |
| `prometheus.metrics.secret.new.annotations` | Additional secret annotations. | `{}` |
| `prometheus.metrics.secret.new.labels` | Additional secret labels. | `{}` |
| `prometheus.metrics.secret.new.basicAuthUsername` | Username for basic auth. The username and password is required by reposilite to expose metrics. Default: random alpha numeric string. | `""` |
| `prometheus.metrics.secret.new.basicAuthPassword` | Password for basic auth. The username and password is required by reposilite to expose metrics. Default random alpha numeric string. | `""` |
| `prometheus.metrics.podMonitor.enabled` | Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource. | `false` |
| `prometheus.metrics.podMonitor.annotations` | Additional podMonitor annotations. | `{}` |
| `prometheus.metrics.podMonitor.enableHttp2` | Enable HTTP2. | `false` |
| `prometheus.metrics.podMonitor.followRedirects` | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. | `false` |
| `prometheus.metrics.podMonitor.honorLabels` | Honor labels. | `false` |
| `prometheus.metrics.podMonitor.labels` | Additional podMonitor labels. | `{}` |
| `prometheus.metrics.podMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `60s` |
| `prometheus.metrics.podMonitor.path` | HTTP path of the Reposilite pod for scraping Prometheus metrics. | `/metrics` |
| `prometheus.metrics.podMonitor.port` | HTTP port of the Reposilite pod for scraping Prometheus metrics. | `http` |
| `prometheus.metrics.podMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]` |
| `prometheus.metrics.podMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `30s` |
| `prometheus.metrics.podMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. | `http` |
| `prometheus.metrics.podMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` |
| `prometheus.metrics.serviceMonitor.enabled` | Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource. | `false` |
| `prometheus.metrics.serviceMonitor.annotations` | Additional serviceMonitor annotations. | `{}` |
| `prometheus.metrics.serviceMonitor.labels` | Additional serviceMonitor labels. | `{}` |
| `prometheus.metrics.serviceMonitor.enableHttp2` | Enable HTTP2. | `false` |
| `prometheus.metrics.serviceMonitor.followRedirects` | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. | `false` |
| `prometheus.metrics.serviceMonitor.honorLabels` | Honor labels. | `false` |
| `prometheus.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `60s` |
| `prometheus.metrics.serviceMonitor.path` | HTTP path for scraping Prometheus metrics. | `/metrics` |
| `prometheus.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]` |
| `prometheus.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `30s` |
| `prometheus.metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. | `http` |
| `prometheus.metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` |
### Service
| Name | Description | Value |
@@ -280,6 +419,7 @@ networkPolicies:
| `service.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` |
| `service.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` |
| `service.port` | Port to forward the traffic to. | `8080` |
| `service.scheme` | Name of the service port. This name is also used as scheme / port name of the service monitor resource. | `http` |
| `service.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` |
| `service.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` |
| `service.type` | Kubernetes service type for the traffic. | `ClusterIP` |

26
package-lock.json generated
View File

@@ -1078,9 +1078,9 @@
}
},
"node_modules/link-check": {
"version": "5.4.0",
"resolved": "https://registry.npmjs.org/link-check/-/link-check-5.4.0.tgz",
"integrity": "sha512-0Pf4xBVUnwJdbDgpBlhHNmWDtbVjHTpIFs+JaBuIsC9PKRxjv4KMGCO2Gc8lkVnqMf9B/yaNY+9zmMlO5MyToQ==",
"version": "5.5.0",
"resolved": "https://registry.npmjs.org/link-check/-/link-check-5.5.0.tgz",
"integrity": "sha512-CpMk2zMfyEMdDvFG92wO5pU/2I/wbw72/9pvUFhU9cDKkwhmVlPuvxQJzd/jXA2iVOgNgPLnS5zyOLW7OzNpdA==",
"dev": true,
"license": "ISC",
"dependencies": {
@@ -1137,16 +1137,16 @@
}
},
"node_modules/markdown-link-check": {
"version": "3.13.7",
"resolved": "https://registry.npmjs.org/markdown-link-check/-/markdown-link-check-3.13.7.tgz",
"integrity": "sha512-Btn3HU8s2Uyh1ZfzmyZEkp64zp2+RAjwfQt1u4swq2Xa6w37OW0T2inQZrkSNVxDSa2jSN2YYhw/JkAp5jF1PQ==",
"version": "3.14.1",
"resolved": "https://registry.npmjs.org/markdown-link-check/-/markdown-link-check-3.14.1.tgz",
"integrity": "sha512-h1tihNL3kmOS3N7H4FyF4xKDxiHnNBNSgs/LWlDiRHlC8O0vfRX0LhDDvesRSs4HM7nS0F658glLxonaXBmuWw==",
"dev": true,
"license": "ISC",
"dependencies": {
"async": "^3.2.6",
"chalk": "^5.3.0",
"commander": "^13.1.0",
"link-check": "^5.4.0",
"commander": "^14.0.0",
"link-check": "^5.5.0",
"markdown-link-extractor": "^4.0.2",
"needle": "^3.3.1",
"progress": "^2.0.3",
@@ -1157,6 +1157,16 @@
"markdown-link-check": "markdown-link-check"
}
},
"node_modules/markdown-link-check/node_modules/commander": {
"version": "14.0.1",
"resolved": "https://registry.npmjs.org/commander/-/commander-14.0.1.tgz",
"integrity": "sha512-2JkV3gUZUVrbNA+1sjBOYLsMZ5cEEl8GTFP2a4AVz5hvasAMCQ1D2l2le/cX+pV4N6ZU17zjUahLpIXRrnWL8A==",
"dev": true,
"license": "MIT",
"engines": {
"node": ">=20"
}
},
"node_modules/markdown-link-extractor": {
"version": "4.0.2",
"resolved": "https://registry.npmjs.org/markdown-link-extractor/-/markdown-link-extractor-4.0.2.tgz",

View File

@@ -9,6 +9,7 @@
],
"customManagers": [
{
"customType": "regex",
"fileMatch": [
"^Chart\\.yaml$"
],
@@ -21,7 +22,10 @@
"versioningTemplate": "semver"
},
{
"fileMatch": ["^README\\.md$"],
"customType": "regex",
"fileMatch": [
"^README\\.md$"
],
"matchStrings": [
"CHART_VERSION=(?<currentValue>.*)"
],
@@ -29,9 +33,47 @@
"packageNameTemplate": "https://git.cryptic.systems/volker.raschek/reposilite-charts",
"datasourceTemplate": "git-tags",
"versioningTemplate": "semver"
},
{
"customType": "regex",
"datasourceTemplate": "github-releases",
"fileMatch": [
".vscode/settings\\.json$"
],
"matchStrings": [
"https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json"
]
}
],
"packageRules": [
{
"groupName": "Update docker.io/volkerraschek/helm",
"matchDepNames": [
"docker.io/volkerraschek/helm",
"volkerraschek/helm"
]
},
{
"automerge": true,
"groupName": "Update helm plugin 'unittest'",
"matchDepNames": [
"helm-unittest/helm-unittest"
],
"matchDatasources": [
"github-releases"
],
"matchUpdateTypes": [
"minor",
"patch"
]
},
{
"groupName": "Update docker.io/library/node",
"matchDepNames": [
"docker.io/library/node",
"library/node"
]
},
{
"addLabels": [
"renovate/automerge",
@@ -64,5 +106,16 @@
"patch"
]
}
]
}
],
"postUpgradeTasks": {
"commands": [
"install-tool node",
"make readme"
],
"fileFilters": [
"README.md",
"values.yaml"
],
"executionMode": "update"
}
}

View File

@@ -17,11 +17,32 @@
{{- if .Values.persistentVolumeClaim.enabled }}
{{- $env = concat $env (list (dict "name" "REPOSILITE_DATA" "value" .Values.persistentVolumeClaim.path )) }}
{{- end }}
{{- if eq (include "reposilite.podMonitor.enabled" $) "true" }}
{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_PATH" "value" .Values.prometheus.metrics.podMonitor.path )) }}
{{- end }}
{{- if eq (include "reposilite.serviceMonitor.enabled" $) "true" }}
{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_PATH" "value" .Values.prometheus.metrics.serviceMonitor.path )) }}
{{- end }}
{{- if or (eq (include "reposilite.podMonitor.enabled" $ ) "true") (eq (include "reposilite.serviceMonitor.enabled" $ ) "true") -}}
{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_USER" "valueFrom" (dict "secretKeyRef" (dict "name" (include "reposilite.secrets.prometheusBasicAuth.name" $) "key" (include "reposilite.secrets.prometheusBasicAuth.usernameKey" $))))) }}
{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_PASSWORD" "valueFrom" (dict "secretKeyRef" (dict "name" (include "reposilite.secrets.prometheusBasicAuth.name" $) "key" (include "reposilite.secrets.prometheusBasicAuth.passwordKey" $))))) }}
{{- end }}
{{ toYaml (dict "env" $env) }}
{{- end -}}
{{/* image */}}
{{- define "reposilite.deployment.images.plugin.fqin" -}}
{{- $registry := .Values.deployment.pluginContainer.image.registry -}}
{{- $repository := .Values.deployment.pluginContainer.image.repository -}}
{{- $tag := default .Chart.AppVersion .Values.deployment.pluginContainer.image.tag -}}
{{- printf "%s/%s:%s" $registry $repository $tag -}}
{{- end -}}
{{- define "reposilite.deployment.images.reposilite.fqin" -}}
{{- $registry := .Values.deployment.reposilite.image.registry -}}
{{- $repository := .Values.deployment.reposilite.image.repository -}}
@@ -38,6 +59,34 @@
{{- end }}
{{- end }}
{{/* initContainers */}}
{{- define "reposilite.deployment.initContainers" -}}
{{- $initContainers := .Values.deployment.initContainers | default list -}}
{{- $pluginContainerImage := (include "reposilite.deployment.images.plugin.fqin" . ) }}
{{- $pluginContainerArgs := .Values.deployment.pluginContainer.args | default list }}
{{- $pluginContainerArgs := concat $pluginContainerArgs (list "--output-dir" "/app/data/plugins" ) }}
{{- $pluginContainerVolumeMounts := list (dict "name" "plugins" "mountPath" "/app/data/plugins") }}
{{- if eq (include "reposilite.plugins.prometheus.enabled" $) "true" }}
{{- $fileName := splitList "/" (tpl .Values.config.plugins.prometheus.url $) | last }}
{{- $individualArgs := concat $pluginContainerArgs (list "--output" $fileName (tpl .Values.config.plugins.prometheus.url $)) }}
{{- $initContainers = concat $initContainers (list (dict "args" $individualArgs "name" "download-prometheus-plugin" "image" $pluginContainerImage "volumeMounts" $pluginContainerVolumeMounts)) }}
{{- end }}
{{ toYaml (dict "initContainers" $initContainers) }}
{{- end }}
{{/* plugins */}}
{{- define "reposilite.plugins.prometheus.enabled" -}}
{{- if or .Values.config.plugins.prometheus.enabled .Values.prometheus.metrics.enabled -}}
true
{{- else -}}
false
{{- end -}}
{{- end }}
{{/* serviceAccount */}}
{{- define "reposilite.deployment.serviceAccount" -}}
@@ -55,6 +104,11 @@
{{- if .Values.persistentVolumeClaim.enabled }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistentVolumeClaim.path )) }}
{{- end }}
{{- if eq (include "reposilite.plugins.prometheus.enabled" $) "true" }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "plugins" "mountPath" "/app/data/plugins")) }}
{{- end }}
{{ toYaml (dict "volumeMounts" $volumeMounts) }}
{{- end -}}
@@ -71,6 +125,10 @@
{{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $persistentVolumeClaimName))) }}
{{- end }}
{{- if eq (include "reposilite.plugins.prometheus.enabled" $) "true" }}
{{- $volumes = concat $volumes (list (dict "name" "plugins" "emptyDir" dict)) }}
{{- end }}
{{ toYaml (dict "volumes" $volumes) }}
{{- end -}}

View File

@@ -4,6 +4,9 @@
{{- define "reposilite.pod.annotations" -}}
{{ include "reposilite.annotations" . }}
{{- if and .Values.prometheus.metrics.enabled (not .Values.prometheus.metrics.secret.existing.enabled) -}}
{{- printf "checksum/secret-%s: %s" (include "reposilite.secrets.prometheusBasicAuth.name" $) (include (print $.Template.BasePath "/secretPrometheusBasicAuth.yaml") . | sha256sum) }}
{{- end -}}
{{- end }}
{{/* labels */}}

View File

@@ -0,0 +1,27 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "reposilite.podMonitor.annotations" -}}
{{ include "reposilite.annotations" . }}
{{- if .Values.prometheus.metrics.podMonitor.annotations }}
{{ toYaml .Values.prometheus.metrics.podMonitor.annotations }}
{{- end }}
{{- end }}
{{/* enabled */}}
{{- define "reposilite.podMonitor.enabled" -}}
{{- if and .Values.prometheus.metrics.enabled .Values.prometheus.metrics.podMonitor.enabled (not .Values.prometheus.metrics.serviceMonitor.enabled) -}}
true
{{- else -}}
false
{{- end -}}
{{- end }}
{{/* labels */}}
{{- define "reposilite.podMonitor.labels" -}}
{{ include "reposilite.labels" . }}
{{- if .Values.prometheus.metrics.podMonitor.labels }}
{{ toYaml .Values.prometheus.metrics.podMonitor.labels }}
{{- end }}
{{- end }}

53
templates/_secrets.tpl Normal file
View File

@@ -0,0 +1,53 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "reposilite.secrets.prometheusBasicAuth.annotations" -}}
{{ include "reposilite.annotations" . }}
{{- if .Values.prometheus.metrics.secret.new.annotations }}
{{ toYaml .Values.prometheus.metrics.secret.new.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "reposilite.secrets.prometheusBasicAuth.labels" -}}
{{ include "reposilite.labels" . }}
{{- if .Values.prometheus.metrics.secret.new.labels }}
{{ toYaml .Values.prometheus.metrics.secret.new.labels }}
{{- end }}
{{- end }}
{{/* names */}}
{{- define "reposilite.secrets.prometheusBasicAuth.name" -}}
{{- if and .Values.prometheus.metrics.secret.existing.enabled (gt (len .Values.prometheus.metrics.secret.existing.secretName) 0) }}
{{- print .Values.prometheus.metrics.secret.existing.secretName -}}
{{- else if and .Values.prometheus.metrics.secret.existing.enabled (eq (len .Values.prometheus.metrics.secret.existing.secretName) 0) }}
{{ fail "Name of the existing secret that contains the credentials for basic auth is not defined!" }}
{{- else if not .Values.prometheus.metrics.secret.existing.enabled }}
{{- printf "%s-basic-auth-credentials" (include "reposilite.fullname" $) -}}
{{- end }}
{{- end }}
{{/* secretKeyNames */}}
{{- define "reposilite.secrets.prometheusBasicAuth.passwordKey" -}}
{{- if and .Values.prometheus.metrics.secret.existing.enabled (gt (len .Values.prometheus.metrics.secret.existing.basicAuthPasswordKey) 0) -}}
{{- .Values.prometheus.metrics.secret.existing.basicAuthPasswordKey -}}
{{- else if and .Values.prometheus.metrics.secret.existing.enabled (eq (len .Values.prometheus.metrics.secret.existing.basicAuthPasswordKey) 0) }}
{{ fail "Name of the key in the secret that contains the password for basic auth is not defined!" }}
{{- else if and (not .Values.prometheus.metrics.secret.existing.enabled) }}
{{- print "password" -}}
{{- end }}
{{- end }}
{{- define "reposilite.secrets.prometheusBasicAuth.usernameKey" -}}
{{- if and .Values.prometheus.metrics.secret.existing.enabled (gt (len .Values.prometheus.metrics.secret.existing.basicAuthUsernameKey) 0) -}}
{{- .Values.prometheus.metrics.secret.existing.basicAuthUsernameKey -}}
{{- else if and .Values.prometheus.metrics.secret.existing.enabled (eq (len .Values.prometheus.metrics.secret.existing.basicAuthUsernameKey) 0) }}
{{ fail "Name of the key in the secret that contains the username for basic auth is not defined!" }}
{{- else if and (not .Values.prometheus.metrics.secret.existing.enabled) }}
{{- print "username" -}}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,35 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "reposilite.serviceMonitor.annotations" -}}
{{ include "reposilite.annotations" . }}
{{- if .Values.prometheus.metrics.serviceMonitor.annotations }}
{{ toYaml .Values.prometheus.metrics.serviceMonitor.annotations }}
{{- end }}
{{- end }}
{{/* enabled */}}
{{- define "reposilite.serviceMonitor.enabled" -}}
{{- if and .Values.prometheus.metrics.enabled (not .Values.prometheus.metrics.podMonitor.enabled) .Values.prometheus.metrics.serviceMonitor.enabled .Values.service.enabled -}}
true
{{- else -}}
false
{{- end -}}
{{- end }}
{{/* labels */}}
{{- define "reposilite.serviceMonitor.labels" -}}
{{ include "reposilite.labels" . }}
{{- if .Values.prometheus.metrics.serviceMonitor.labels }}
{{ toYaml .Values.prometheus.metrics.serviceMonitor.labels }}
{{- end }}
{{- end }}
{{- define "reposilite.serviceMonitor.selectorLabels" -}}
{{ include "reposilite.selectorLabels" . }}
{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}}
app.kubernetes.io/service-name: {{ required "The scheme of the serviceMonitor is not defined!" .Values.service.scheme }}
{{- end }}

View File

@@ -16,6 +16,8 @@
{{- if .Values.service.labels }}
{{ toYaml .Values.service.labels }}
{{- end }}
{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}}
app.kubernetes.io/service-name: {{ required "The scheme of the serviceMonitor is not defined!" .Values.service.scheme }}
{{- end }}
{{/* names */}}

View File

@@ -68,7 +68,10 @@ spec:
name: reposilite
ports:
- name: http
containerPort: {{ .Values.service.port }}
containerPort: 8080
protocol: TCP
- name: https
containerPort: 8443
protocol: TCP
readinessProbe:
tcpSocket:
@@ -106,6 +109,11 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- $initContainers := (include "reposilite.deployment.initContainers" . | fromYaml) }}
{{- if and (hasKey $initContainers "initContainers") (gt (len $initContainers.initContainers) 0) }}
initContainers:
{{- toYaml $initContainers.initContainers | nindent 6 }}
{{- end }}
{{- with .Values.deployment.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

47
templates/podMonitor.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if eq (include "reposilite.podMonitor.enabled" $) "true" }}
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
{{- with (include "reposilite.podMonitor.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "reposilite.podMonitor.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "reposilite.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
podMetricsEndpoints:
- basicAuth:
password:
key: {{ include "reposilite.secrets.prometheusBasicAuth.passwordKey" . }}
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
username:
key: {{ include "reposilite.secrets.prometheusBasicAuth.usernameKey" . }}
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
enableHttp2: {{ required "The enableHttp2 option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.enableHttp2 }}
followRedirects: {{ required "The followRedirects option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.followRedirects }}
honorLabels: {{ required "The honorLabels option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.honorLabels }}
interval: {{ required "The scrape interval of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.interval }}
path: {{ required "The metric path of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.path }}
port: {{ required "The metric port of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.port | quote }}
{{- with .Values.prometheus.metrics.podMonitor.relabelings }}
relabelings:
{{- toYaml . | nindent 6 }}
{{- end }}
scrapeTimeout: {{ required "The scrape timeout of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.scrapeTimeout }}
scheme: {{ required "The scheme of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.scheme }}
{{- with .Values.prometheus.metrics.podMonitor.tlsConfig }}
tlsConfig:
{{- toYaml . | nindent 6 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "reposilite.pod.selectorLabels" . | nindent 6 }}
{{- end }}

View File

@@ -0,0 +1,19 @@
{{- if and .Values.prometheus.metrics.enabled (not .Values.prometheus.metrics.secret.existing.enabled) }}
---
apiVersion: v1
kind: Secret
metadata:
{{- with (include "reposilite.secrets.prometheusBasicAuth.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "reposilite.secrets.prometheusBasicAuth.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
namespace: {{ .Release.Namespace }}
stringData:
password: {{ required "Password for basic auth is required!" .Values.prometheus.metrics.secret.new.basicAuthPassword }}
username: {{ required "Username for basic auth is required!" .Values.prometheus.metrics.secret.new.basicAuthUsername }}
{{- end }}

View File

@@ -43,7 +43,7 @@ spec:
{{- end }}
{{- end }}
ports:
- name: http
- name: {{ required "No service name defined. Either 'http' or 'https' is allowed!" .Values.service.scheme }}
protocol: TCP
port: {{ required "No service port defined!" .Values.service.port }}
selector:

View File

@@ -0,0 +1,47 @@
{{- if eq (include "reposilite.serviceMonitor.enabled" $) "true" }}
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
{{- with (include "reposilite.serviceMonitor.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "reposilite.serviceMonitor.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "reposilite.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
endpoints:
- basicAuth:
password:
key: {{ include "reposilite.secrets.prometheusBasicAuth.passwordKey" . }}
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
username:
key: {{ include "reposilite.secrets.prometheusBasicAuth.usernameKey" . }}
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
enableHttp2: {{ required "The enableHttp2 option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.enableHttp2 }}
followRedirects: {{ required "The followRedirects option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.followRedirects }}
honorLabels: {{ required "The honorLabels option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.honorLabels }}
interval: {{ required "The scrape interval of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.interval }}
path: {{ required "The metric path of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.path }}
port: {{ required "The port of the serviceMonitor is not defined!" .Values.service.scheme }}
{{- with .Values.prometheus.metrics.serviceMonitor.relabelings }}
relabelings:
{{- toYaml . | nindent 6 }}
{{- end }}
scrapeTimeout: {{ required "The scrape timeout of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.scrapeTimeout }}
scheme: {{ required "The scheme of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.scheme }}
{{- with .Values.prometheus.metrics.serviceMonitor.tlsConfig }}
tlsConfig:
{{- toYaml . | nindent 6 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "reposilite.serviceMonitor.selectorLabels" . | nindent 6 }}
{{- end }}

View File

@@ -0,0 +1,42 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Test reposilite plugins
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/deployment.yaml
- templates/secretPrometheusBasicAuth.yaml
tests:
- it: Test init containers for prometheus
set:
config.plugins.prometheus.enabled: true
config.plugins.prometheus.url: "https://reposilite.com/plugins/prometheus.jar"
deployment.pluginContainer.image.tag: 0.1.0
asserts:
- contains:
path: spec.template.spec.initContainers
content:
args:
- --location
- --fail
- --max-time
- "60"
- --output-dir
- /app/data/plugins
- --output
- prometheus.jar
- https://reposilite.com/plugins/prometheus.jar
name: download-prometheus-plugin
image: docker.io/curlimages/curl:0.1.0
volumeMounts:
- mountPath: /app/data/plugins
name: plugins
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: plugins
emptyDir: {}
template: templates/deployment.yaml

View File

@@ -7,19 +7,23 @@ release:
namespace: testing
templates:
- templates/deployment.yaml
- templates/secretPrometheusBasicAuth.yaml
tests:
- it: Rendering default
set: {}
asserts:
- hasDocuments:
count: 1
template: templates/deployment.yaml
- containsDocument:
apiVersion: apps/v1
kind: Deployment
name: reposilite-unittest
namespace: testing
template: templates/deployment.yaml
- notExists:
path: metadata.annotations
template: templates/deployment.yaml
- equal:
path: metadata.labels
value:
@@ -28,14 +32,17 @@ tests:
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
template: templates/deployment.yaml
- equal:
path: spec.replicas
value: 1
template: templates/deployment.yaml
- isSubset:
path: spec.selector.matchLabels
content:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/name: reposilite
template: templates/deployment.yaml
- equal:
path: spec.strategy
value:
@@ -43,9 +50,10 @@ tests:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template: templates/deployment.yaml
- notExists:
path: spec.template.metadata.annotations
value: sadsdf
template: templates/deployment.yaml
- equal:
path: spec.template.metadata.labels
value:
@@ -54,25 +62,33 @@ tests:
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.affinity
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].args
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].command
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: JAVA_OPTS
value: "-Xmx64M"
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].envFrom
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[0].image
value: docker.io/dzikoysk/reposilite:0.1.0
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent
template: templates/deployment.yaml
- isSubset:
path: spec.template.spec.containers[0].livenessProbe
content:
@@ -83,15 +99,18 @@ tests:
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 3
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[0].name
value: reposilite
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].ports
content:
name: http
containerPort: 8080
protocol: TCP
template: templates/deployment.yaml
- isSubset:
path: spec.template.spec.containers[0].readinessProbe
content:
@@ -102,42 +121,60 @@ tests:
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 3
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].resources
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].securityContext
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].volumeMounts
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.dnsConfig
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.dnsPolicy
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.hostname
template: templates/deployment.yaml
- equal:
path: spec.template.spec.hostNetwork
value: false
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.imagePullSecrets
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.initContainers
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.nodeSelector
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.priorityClassName
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.restartPolicy
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.subdomain
template: templates/deployment.yaml
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 60
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.tolerations
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.topologySpreadConstraints
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.volumes
template: templates/deployment.yaml
- it: Test custom replicas
set:
@@ -146,6 +183,7 @@ tests:
- equal:
path: spec.replicas
value: 3
template: templates/deployment.yaml
- it: Test custom strategy
set:
@@ -162,6 +200,7 @@ tests:
rollingUpdate:
maxSurge: 10
maxUnavailable: 5
template: templates/deployment.yaml
- it: Test custom affinity
set:
@@ -188,6 +227,7 @@ tests:
values:
- antarctica-east1
- antarctica-west1
template: templates/deployment.yaml
- it: Test additional arguments
set:
@@ -200,6 +240,7 @@ tests:
value:
- --foo=bar
- --bar=foo
template: templates/deployment.yaml
- it: Test additional commands
set:
@@ -210,6 +251,7 @@ tests:
path: spec.template.spec.containers[0].command
value:
- /bin/bash
template: templates/deployment.yaml
- it: Test custom imageRegistry and imageRepository
set:
@@ -220,6 +262,7 @@ tests:
- equal:
path: spec.template.spec.containers[0].image
value: registry.example.local/path/special/reposilite:2.0.0
template: templates/deployment.yaml
- it: Test custom imagePullPolicy
set:
@@ -228,17 +271,7 @@ tests:
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: Always
- it: Test custom port
set:
service.port: 8443
asserts:
- contains:
path: spec.template.spec.containers[0].ports
content:
name: http
containerPort: 8443
protocol: TCP
template: templates/deployment.yaml
- it: Test custom resources
set:
@@ -259,6 +292,7 @@ tests:
requests:
cpu: 25m
memory: 100MB
template: templates/deployment.yaml
- it: Test custom securityContext
set:
@@ -285,6 +319,7 @@ tests:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
template: templates/deployment.yaml
- it: Test custom volumeMounts
set:
@@ -297,6 +332,7 @@ tests:
content:
name: data
mountPath: /usr/lib/data
template: templates/deployment.yaml
- it: Test dnsConfig
set:
@@ -311,6 +347,7 @@ tests:
nameservers:
- "8.8.8.8"
- "8.8.4.4"
template: templates/deployment.yaml
- it: Test dnsPolicy
set:
@@ -319,6 +356,7 @@ tests:
- equal:
path: spec.template.spec.dnsPolicy
value: ClusterFirst
template: templates/deployment.yaml
- it: Test hostNetwork, hostname, subdomain
set:
@@ -329,12 +367,15 @@ tests:
- equal:
path: spec.template.spec.hostNetwork
value: true
template: templates/deployment.yaml
- equal:
path: spec.template.spec.hostname
value: pg-exporter
template: templates/deployment.yaml
- equal:
path: spec.template.spec.subdomain
value: exporters.internal
template: templates/deployment.yaml
- it: Test imagePullSecrets
set:
@@ -347,6 +388,20 @@ tests:
value:
- name: my-pull-secret
- name: my-special-secret
template: templates/deployment.yaml
- it: Test initContainers
set:
deployment.initContainers:
- name: busybox
image: docker.io/library/busybox:latest
asserts:
- contains:
path: spec.template.spec.initContainers
content:
name: busybox
image: docker.io/library/busybox:latest
template: templates/deployment.yaml
- it: Test nodeSelector
set:
@@ -357,6 +412,7 @@ tests:
path: spec.template.spec.nodeSelector
value:
foo: bar
template: templates/deployment.yaml
- it: Test priorityClassName
set:
@@ -365,6 +421,7 @@ tests:
- equal:
path: spec.template.spec.priorityClassName
value: my-priority
template: templates/deployment.yaml
- it: Test restartPolicy
set:
@@ -373,6 +430,7 @@ tests:
- equal:
path: spec.template.spec.restartPolicy
value: Always
template: templates/deployment.yaml
- it: Test custom securityContext
set:
@@ -389,6 +447,7 @@ tests:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
template: templates/deployment.yaml
- it: Test terminationGracePeriodSeconds
set:
@@ -397,6 +456,7 @@ tests:
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 120
template: templates/deployment.yaml
- it: Test tolerations
set:
@@ -413,6 +473,7 @@ tests:
operator: Equal
value: ssd
effect: NoSchedule
template: templates/deployment.yaml
- it: Test topologySpreadConstraints
set:
@@ -431,6 +492,7 @@ tests:
labelSelector:
matchLabels:
app.kubernetes.io/instance: reposilite
template: templates/deployment.yaml
- it: Test additional volumes
set:
@@ -445,3 +507,4 @@ tests:
- name: data
hostPath:
path: /usr/lib/data
template: templates/deployment.yaml

View File

@@ -7,6 +7,7 @@ release:
namespace: testing
templates:
- templates/deployment.yaml
- templates/secretPrometheusBasicAuth.yaml
tests:
- it: Rendering default volumes and volumeMounts with persistent volume claim
set:
@@ -17,17 +18,20 @@ tests:
content:
name: REPOSILITE_DATA
value: /app/data
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /app/data
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: reposilite-unittest
template: templates/deployment.yaml
- it: Rendering custom volumes and volumeMounts with persistent volume claim
set:
@@ -39,17 +43,20 @@ tests:
content:
name: REPOSILITE_DATA
value: /usr/lib/reposilite/data
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /usr/lib/reposilite/data
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: reposilite-unittest
template: templates/deployment.yaml
- it: Rendering custom volumes and volumeMounts with persistent volume claim
set:
@@ -62,14 +69,17 @@ tests:
content:
name: REPOSILITE_DATA
value: /app/data
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /app/data
template: templates/deployment.yaml
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: my-custom-pvc
claimName: my-custom-pvc
template: templates/deployment.yaml

View File

@@ -0,0 +1,109 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Add prometheus basic auth variables
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/deployment.yaml
- templates/secretPrometheusBasicAuth.yaml
tests:
- it: Rendering default environment variables with enabled prometheus metrics podMonitor
set:
prometheus.metrics.enabled: true
prometheus.metrics.podMonitor.enabled: true
prometheus.metrics.secret.new.basicAuthPassword: "my-password"
prometheus.metrics.secret.new.basicAuthUsername: "my-username"
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: REPOSILITE_PROMETHEUS_PASSWORD
valueFrom:
secretKeyRef:
name: reposilite-unittest-basic-auth-credentials
key: password
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: REPOSILITE_PROMETHEUS_USER
valueFrom:
secretKeyRef:
name: reposilite-unittest-basic-auth-credentials
key: username
template: templates/deployment.yaml
- it: Rendering default environment variables with enabled prometheus metrics serviceMonitor and external secret
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.basicAuthUsernameKey: my-username-key
prometheus.metrics.secret.existing.basicAuthPasswordKey: my-password-key
prometheus.metrics.secret.existing.secretName: my-secret
prometheus.metrics.podMonitor.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: REPOSILITE_PROMETHEUS_PASSWORD
valueFrom:
secretKeyRef:
name: my-secret
key: my-password-key
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: REPOSILITE_PROMETHEUS_USER
valueFrom:
secretKeyRef:
name: my-secret
key: my-username-key
template: templates/deployment.yaml
- it: Fail when existing secret name is undefined
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key"
prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key"
prometheus.metrics.secret.existing.secretName: ""
prometheus.metrics.podMonitor.enabled: true
asserts:
- failedTemplate:
errorMessage: "Name of the existing secret that contains the credentials for basic auth is not defined!"
template: templates/deployment.yaml
- it: Fail when the name of the key in the secret that contains the username for basic auth is undefined
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.basicAuthUsernameKey: ""
prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key"
prometheus.metrics.secret.existing.secretName: "my-secret"
prometheus.metrics.podMonitor.enabled: true
asserts:
- failedTemplate:
errorMessage: "Name of the key in the secret that contains the username for basic auth is not defined!"
template: templates/deployment.yaml
- it: Fail when the name of the key in the secret that contains the password for basic auth is undefined
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key"
prometheus.metrics.secret.existing.basicAuthPasswordKey: ""
prometheus.metrics.secret.existing.secretName: "my-secret"
prometheus.metrics.podMonitor.enabled: true
asserts:
- failedTemplate:
errorMessage: "Name of the key in the secret that contains the password for basic auth is not defined!"
template: templates/deployment.yaml

View File

@@ -0,0 +1,109 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Add prometheus basic auth variables
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/deployment.yaml
- templates/secretPrometheusBasicAuth.yaml
tests:
- it: Rendering default environment variables with enabled prometheus metrics serviceMonitor
set:
prometheus.metrics.enabled: true
prometheus.metrics.serviceMonitor.enabled: true
prometheus.metrics.secret.new.basicAuthPassword: "my-password"
prometheus.metrics.secret.new.basicAuthUsername: "my-username"
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: REPOSILITE_PROMETHEUS_PASSWORD
valueFrom:
secretKeyRef:
name: reposilite-unittest-basic-auth-credentials
key: password
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: REPOSILITE_PROMETHEUS_USER
valueFrom:
secretKeyRef:
name: reposilite-unittest-basic-auth-credentials
key: username
template: templates/deployment.yaml
- it: Rendering default environment variables with enabled prometheus metrics serviceMonitor and external secret
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.basicAuthUsernameKey: my-username-key
prometheus.metrics.secret.existing.basicAuthPasswordKey: my-password-key
prometheus.metrics.secret.existing.secretName: my-secret
prometheus.metrics.serviceMonitor.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: REPOSILITE_PROMETHEUS_PASSWORD
valueFrom:
secretKeyRef:
name: my-secret
key: my-password-key
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: REPOSILITE_PROMETHEUS_USER
valueFrom:
secretKeyRef:
name: my-secret
key: my-username-key
template: templates/deployment.yaml
- it: Fail when existing secret name is undefined
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key"
prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key"
prometheus.metrics.secret.existing.secretName: ""
prometheus.metrics.serviceMonitor.enabled: true
asserts:
- failedTemplate:
errorMessage: "Name of the existing secret that contains the credentials for basic auth is not defined!"
template: templates/deployment.yaml
- it: Fail when the name of the key in the secret that contains the username for basic auth is undefined
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.basicAuthUsernameKey: ""
prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key"
prometheus.metrics.secret.existing.secretName: "my-secret"
prometheus.metrics.serviceMonitor.enabled: true
asserts:
- failedTemplate:
errorMessage: "Name of the key in the secret that contains the username for basic auth is not defined!"
template: templates/deployment.yaml
- it: Fail when the name of the key in the secret that contains the password for basic auth is undefined
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key"
prometheus.metrics.secret.existing.basicAuthPasswordKey: ""
prometheus.metrics.secret.existing.secretName: "my-secret"
prometheus.metrics.serviceMonitor.enabled: true
asserts:
- failedTemplate:
errorMessage: "Name of the key in the secret that contains the password for basic auth is not defined!"
template: templates/deployment.yaml

View File

@@ -0,0 +1,179 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: PodMonitor template
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/podMonitor.yaml
tests:
- it: Skip podMonitor when metrics are disabled.
set:
prometheus.metrics.enabled: false
prometheus.metrics.podMonitor.enabled: true
prometheus.metrics.serviceMonitor.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip podMonitor when podMonitor is disabled.
set:
prometheus.metrics.enabled: true
prometheus.metrics.podMonitor.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip podMonitor when both monitor types are enabled.
set:
prometheus.metrics.enabled: true
prometheus.metrics.podMonitor.enabled: true
prometheus.metrics.serviceMonitor.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering podMonitor with default values - enabled manually.
set:
prometheus.metrics.enabled: true
prometheus.metrics.podMonitor.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
name: reposilite-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
- isSubset:
path: spec.podMetricsEndpoints[0].basicAuth
content:
password:
key: password
name: reposilite-unittest-basic-auth-credentials
username:
key: username
name: reposilite-unittest-basic-auth-credentials
- equal:
path: spec.podMetricsEndpoints[0].enableHttp2
value: false
- equal:
path: spec.podMetricsEndpoints[0].followRedirects
value: false
- equal:
path: spec.podMetricsEndpoints[0].honorLabels
value: false
- equal:
path: spec.podMetricsEndpoints[0].interval
value: 60s
- equal:
path: spec.podMetricsEndpoints[0].path
value: /metrics
- equal:
path: spec.podMetricsEndpoints[0].port
value: http
- notExists:
path: spec.podMetricsEndpoints[0].relabelings
- equal:
path: spec.podMetricsEndpoints[0].scrapeTimeout
value: 30s
- equal:
path: spec.podMetricsEndpoints[0].scheme
value: http
- contains:
path: spec.namespaceSelector.matchNames
content:
testing
- equal:
path: spec.selector.matchLabels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/name: reposilite
- it: Render podMonitor with custom annotations and labels.
set:
prometheus.metrics.enabled: true
prometheus.metrics.podMonitor.enabled: true
prometheus.metrics.podMonitor.annotations:
foo: bar
prometheus.metrics.podMonitor.labels:
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
bar: foo
helm.sh/chart: reposilite-0.1.0
- it: Change defaults
set:
prometheus.metrics.enabled: true
prometheus.metrics.podMonitor.enabled: true
prometheus.metrics.podMonitor.enableHttp2: false
prometheus.metrics.podMonitor.followRedirects: true
prometheus.metrics.podMonitor.honorLabels: true
prometheus.metrics.podMonitor.interval: "180s"
prometheus.metrics.podMonitor.path: "/my-metrics"
prometheus.metrics.podMonitor.port: "8443"
prometheus.metrics.podMonitor.relabelings:
- sourceLabels: [ container ]
separator: ";"
regex: "app"
replacement: "$1"
action: "drop"
prometheus.metrics.podMonitor.scheme: https
prometheus.metrics.podMonitor.scrapeTimeout: "5s"
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.podMetricsEndpoints[0].enableHttp2
value: false
- equal:
path: spec.podMetricsEndpoints[0].followRedirects
value: true
- equal:
path: spec.podMetricsEndpoints[0].honorLabels
value: true
- equal:
path: spec.podMetricsEndpoints[0].interval
value: 180s
- equal:
path: spec.podMetricsEndpoints[0].path
value: /my-metrics
- equal:
path: spec.podMetricsEndpoints[0].port
value: "8443"
- contains:
path: spec.podMetricsEndpoints[0].relabelings
content:
sourceLabels: [ container ]
separator: ";"
regex: "app"
replacement: "$1"
action: "drop"
- equal:
path: spec.podMetricsEndpoints[0].scrapeTimeout
value: 5s
- equal:
path: spec.podMetricsEndpoints[0].scheme
value: https

View File

@@ -0,0 +1,98 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Secret reposilite template
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/secretPrometheusBasicAuth.yaml
tests:
- it: Skip rendering
asserts:
- hasDocuments:
count: 0
- it: Throw error for missing basic auth password
set:
prometheus.metrics.enabled: true
# prometheus.metrics.secret.new.basicAuthPassword: "my-password"
prometheus.metrics.secret.new.basicAuthUsername: "my-username"
asserts:
- failedTemplate:
errorMessage: "Password for basic auth is required!"
- it: Throw error for missing basic auth username
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.new.basicAuthPassword: "my-password"
# prometheus.metrics.secret.new.basicAuthUsername: "my-username"
asserts:
- failedTemplate:
errorMessage: "Username for basic auth is required!"
- it: Rendering secret with default values.
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.new.basicAuthPassword: "my-password"
prometheus.metrics.secret.new.basicAuthUsername: "my-username"
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Secret
name: reposilite-unittest-basic-auth-credentials
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
- exists:
path: stringData.password
- exists:
path: stringData.username
- it: Rendering secret with custom values.
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.new.basicAuthPassword: foo
prometheus.metrics.secret.new.basicAuthUsername: bar
prometheus.metrics.secret.new.annotations:
foo: bar
prometheus.metrics.secret.new.labels:
bar: foo
asserts:
- hasDocuments:
count: 1
- isSubset:
path: metadata.annotations
content:
foo: bar
- isSubset:
path: metadata.labels
content:
bar: foo
- equal:
path: metadata.name
value: reposilite-unittest-basic-auth-credentials
- equal:
path: stringData.password
value: foo
- equal:
path: stringData.username
value: bar
- it: Skip rendering if existing secret is used
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
asserts:
- hasDocuments:
count: 0

View File

@@ -53,13 +53,13 @@ tests:
asserts:
- hasDocuments:
count: 1
- exists:
- isSubset:
path: metadata.annotations
value:
content:
foo: bar
- exists:
- isSubset:
path: metadata.labels
value:
content:
bar: foo
- equal:
path: metadata.name

View File

@@ -0,0 +1,194 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ServiceMonitor template
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/serviceMonitor.yaml
tests:
- it: Skip serviceMonitor when service is disabled.
set:
prometheus.metrics.enabled: true
prometheus.metrics.serviceMonitor.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip serviceMonitor when metrics are disabled.
set:
prometheus.metrics.enabled: false
prometheus.metrics.serviceMonitor.enabled: true
services.http.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip serviceMonitor when serviceMonitor is disabled.
set:
prometheus.metrics.enabled: true
prometheus.metrics.serviceMonitor.enabled: false
services.http.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering serviceMonitor with default values - enabled manually.
set:
prometheus.metrics.enabled: true
prometheus.metrics.serviceMonitor.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
name: reposilite-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
- isSubset:
path: spec.endpoints[0].basicAuth
content:
password:
key: password
name: reposilite-unittest-basic-auth-credentials
username:
key: username
name: reposilite-unittest-basic-auth-credentials
- equal:
path: spec.endpoints[0].enableHttp2
value: false
- equal:
path: spec.endpoints[0].followRedirects
value: false
- equal:
path: spec.endpoints[0].honorLabels
value: false
- equal:
path: spec.endpoints[0].interval
value: 60s
- equal:
path: spec.endpoints[0].path
value: /metrics
- notExists:
path: spec.endpoints[0].relabelings
- equal:
path: spec.endpoints[0].scrapeTimeout
value: 30s
- equal:
path: spec.endpoints[0].scheme
value: http
- equal:
path: spec.endpoints[0].port
value: http
- contains:
path: spec.namespaceSelector.matchNames
content:
testing
- equal:
path: spec.selector.matchLabels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/name: reposilite
app.kubernetes.io/service-name: http
- it: Render serviceMonitor with custom annotations and labels.
set:
prometheus.metrics.enabled: true
prometheus.metrics.serviceMonitor.enabled: true
prometheus.metrics.serviceMonitor.annotations:
foo: bar
prometheus.metrics.serviceMonitor.labels:
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
bar: foo
helm.sh/chart: reposilite-0.1.0
- it: Change defaults
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.secretName: "my-secret"
prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key"
prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key"
prometheus.metrics.serviceMonitor.enabled: true
prometheus.metrics.serviceMonitor.enableHttp2: false
prometheus.metrics.serviceMonitor.followRedirects: true
prometheus.metrics.serviceMonitor.honorLabels: true
prometheus.metrics.serviceMonitor.interval: "180s"
prometheus.metrics.serviceMonitor.path: "/my-metrics"
prometheus.metrics.serviceMonitor.relabelings:
- sourceLabels: [ container ]
separator: ";"
regex: "app"
replacement: "$1"
action: "drop"
prometheus.metrics.serviceMonitor.scrapeTimeout: "5s"
prometheus.metrics.serviceMonitor.scheme: "https"
service.scheme: https
asserts:
- hasDocuments:
count: 1
- isSubset:
path: spec.endpoints[0].basicAuth
content:
password:
key: my-password-key
name: my-secret
username:
key: my-username-key
name: my-secret
- equal:
path: spec.endpoints[0].enableHttp2
value: false
- equal:
path: spec.endpoints[0].followRedirects
value: true
- equal:
path: spec.endpoints[0].honorLabels
value: true
- equal:
path: spec.endpoints[0].interval
value: 180s
- equal:
path: spec.endpoints[0].path
value: /my-metrics
- equal:
path: spec.endpoints[0].port
value: https
- contains:
path: spec.endpoints[0].relabelings
content:
sourceLabels: [ container ]
separator: ";"
regex: "app"
replacement: "$1"
action: "drop"
- equal:
path: spec.endpoints[0].scrapeTimeout
value: 5s
- equal:
path: spec.endpoints[0].scheme
value: https

View File

@@ -32,6 +32,7 @@ tests:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/service-name: http
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
- notExists:
@@ -77,28 +78,35 @@ tests:
service.internalTrafficPolicy: ""
asserts:
- failedTemplate:
errorMessage: No internal traffic policy defined!
errorMessage: No internal traffic policy defined!
- it: Require port.
set:
service.port: ""
asserts:
- failedTemplate:
errorMessage: No service port defined!
errorMessage: No service port defined!
- it: Require scheme.
set:
service.scheme: ""
asserts:
- failedTemplate:
errorMessage: The scheme of the serviceMonitor is not defined!
- it: Require sessionAffinity.
set:
service.sessionAffinity: ""
asserts:
- failedTemplate:
errorMessage: No session affinity defined!
errorMessage: No session affinity defined!
- it: Require service type.
set:
service.type: ""
asserts:
- failedTemplate:
errorMessage: No service type defined!
errorMessage: No service type defined!
- it: Render service with custom annotations and labels.
set:
@@ -106,6 +114,7 @@ tests:
foo: bar
service.labels:
bar: foo
service.scheme: https
asserts:
- equal:
path: metadata.annotations
@@ -117,6 +126,7 @@ tests:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/service-name: https
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
bar: foo
@@ -134,6 +144,7 @@ tests:
service.loadBalancerSourceRanges:
- "11.12.0.0/17"
service.port: 10443
service.scheme: https
service.sessionAffinity: ClientIP
service.type: LoadBalancer
asserts:
@@ -161,6 +172,9 @@ tests:
path: spec.loadBalancerSourceRanges
value:
- "11.12.0.0/17"
- equal:
path: spec.ports[0].name
value: https
- equal:
path: spec.ports[0].port
value: 10443

View File

@@ -6,6 +6,17 @@
nameOverride: ""
fullnameOverride: ""
## @section Config
config:
plugins:
## @param config.plugins.prometheus.enabled Download the Prometheus plugin via an additional init container. The Prometheus plugin will automatically enabled, when Prometheus is enabled.
## @param config.plugins.prometheus.url URL to download the plugin.
prometheus:
enabled: false
url: https://maven.reposilite.com/releases/com/reposilite/plugin/prometheus-plugin/{{ .Chart.AppVersion }}/prometheus-plugin-{{ .Chart.AppVersion }}-all.jar
## @section Deployment
deployment:
## @param deployment.annotations Additional deployment annotations.
@@ -149,6 +160,24 @@ deployment:
## @param deployment.nodeSelector NodeSelector of the Reposilite deployment.
nodeSelector: {}
pluginContainer:
## @param deployment.pluginContainer.args Arguments passed to the plugin container.
args:
- "--location"
- "--fail"
- "--max-time"
- "60"
## @param deployment.pluginContainer.image.registry Image registry, eg. `docker.io`.
## @param deployment.pluginContainer.image.repository Image repository, eg. `curlimages/curl`.
## @param deployment.pluginContainer.image.tag Custom image tag, eg. `0.1.0`.
## @param deployment.pluginContainer.image.pullPolicy Image pull policy.
image:
registry: docker.io
repository: curlimages/curl
tag: "8.16.0"
pullPolicy: IfNotPresent
## @param deployment.priorityClassName PriorityClassName of the Reposilite deployment.
priorityClassName: ""
@@ -302,6 +331,11 @@ networkPolicy:
# - port: 53
# protocol: UDP
## Allow outgoing HTTP traffic. For example to download maven artifacts from Apache Maven Central or Reposlite plugins from upstream.
# - ports:
# - port: 443
# protocol: TCP
ingress: []
# Allow incoming HTTP traffic from prometheus.
#
@@ -315,6 +349,8 @@ networkPolicy:
# ports:
# - port: http
# protocol: TCP
# - port: https
# protocol: TCP
# Allow incoming HTTP traffic from ingress-nginx.
#
@@ -328,6 +364,8 @@ networkPolicy:
# ports:
# - port: http
# protocol: TCP
# - port: https
# protocol: TCP
## @section Persistent Volume Claim
@@ -356,6 +394,89 @@ persistentVolumeClaim:
storageClass: ""
## @section Prometheus
prometheus:
metrics:
## @param prometheus.metrics.enabled Enable of scraping metrics by Prometheus.
enabled: false
secret:
## @param prometheus.metrics.secret.existing.enabled Use an existing secret containing the basic auth credentials.
## @param prometheus.metrics.secret.existing.secretName Name of the secret containing the basic auth credentials.
## @param prometheus.metrics.secret.existing.basicAuthUsernameKey Name of the key in the secret that contains the username for basic auth.
## @param prometheus.metrics.secret.existing.basicAuthPasswordKey Name of the key in the secret that contains the password for basic auth.
existing:
enabled: false
secretName: ""
basicAuthUsernameKey: ""
basicAuthPasswordKey: ""
## @param prometheus.metrics.secret.new.annotations Additional secret annotations.
## @param prometheus.metrics.secret.new.labels Additional secret labels.
## @param prometheus.metrics.secret.new.basicAuthUsername Username for basic auth. The username and password is required by reposilite to expose metrics. Default: random alpha numeric string.
## @param prometheus.metrics.secret.new.basicAuthPassword Password for basic auth. The username and password is required by reposilite to expose metrics. Default random alpha numeric string.
new:
annotations: {}
labels: {}
basicAuthUsername: ""
basicAuthPassword: ""
## @param prometheus.metrics.podMonitor.enabled Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource.
## @param prometheus.metrics.podMonitor.annotations Additional podMonitor annotations.
## @param prometheus.metrics.podMonitor.enableHttp2 Enable HTTP2.
## @param prometheus.metrics.podMonitor.followRedirects FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.
## @param prometheus.metrics.podMonitor.honorLabels Honor labels.
## @param prometheus.metrics.podMonitor.labels Additional podMonitor labels.
## @param prometheus.metrics.podMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.
## @param prometheus.metrics.podMonitor.path HTTP path of the Reposilite pod for scraping Prometheus metrics.
## @param prometheus.metrics.podMonitor.port HTTP port of the Reposilite pod for scraping Prometheus metrics.
## @param prometheus.metrics.podMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields.
## @param prometheus.metrics.podMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.
## @param prometheus.metrics.podMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`.
## @param prometheus.metrics.podMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus.
## @skip prometheus.metrics.podMonitor.tlsConfig Skip individual TLS configuration.
podMonitor:
enabled: false
annotations: {}
enableHttp2: false
followRedirects: false
honorLabels: false
labels: {}
interval: "60s"
path: "/metrics"
port: "http"
relabelings: []
scrapeTimeout: "30s"
scheme: "http"
tlsConfig: {}
## @param prometheus.metrics.serviceMonitor.enabled Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource.
## @param prometheus.metrics.serviceMonitor.annotations Additional serviceMonitor annotations.
## @param prometheus.metrics.serviceMonitor.labels Additional serviceMonitor labels.
## @param prometheus.metrics.serviceMonitor.enableHttp2 Enable HTTP2.
## @param prometheus.metrics.serviceMonitor.followRedirects FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.
## @param prometheus.metrics.serviceMonitor.honorLabels Honor labels.
## @param prometheus.metrics.serviceMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.
## @param prometheus.metrics.serviceMonitor.path HTTP path for scraping Prometheus metrics.
## @param prometheus.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields.
## @param prometheus.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.
## @param prometheus.metrics.serviceMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`.
## @param prometheus.metrics.serviceMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus.
## @skip prometheus.metrics.serviceMonitor.tlsConfig Skip individual TLS configuration.
serviceMonitor:
enabled: false
annotations: {}
labels: {}
enableHttp2: false
followRedirects: false
honorLabels: false
interval: "60s"
path: "/metrics"
relabelings: []
scrapeTimeout: "30s"
scheme: "http"
tlsConfig: {}
## @section Service
## @param service.enabled Enable the service.
## @param service.annotations Additional service annotations.
@@ -368,6 +489,7 @@ persistentVolumeClaim:
## @param service.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.
## @param service.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.
## @param service.port Port to forward the traffic to.
## @param service.scheme Name of the service port. This name is also used as scheme / port name of the service monitor resource.
## @param service.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.
## @param service.sessionAffinityConfig Contains the configuration of the session affinity.
## @param service.type Kubernetes service type for the traffic.
@@ -383,6 +505,7 @@ service:
loadBalancerIP: ""
loadBalancerSourceRanges: []
port: 8080
scheme: http
sessionAffinity: "None"
sessionAffinityConfig: {}
type: "ClusterIP"