You've already forked reposilite-charts
Compare commits
45 Commits
7704e83f9e
...
master
Author | SHA1 | Date | |
---|---|---|---|
16a7fa16a9 | |||
19dc6b4aef
|
|||
0dd267a0df
|
|||
d790cd3ec4
|
|||
d2c329e1be
|
|||
db5e38cef1
|
|||
1fe7bc604e
|
|||
fa43188e03
|
|||
99ed88068a
|
|||
95fd713da6
|
|||
671a635627
|
|||
13fbb0ecc0
|
|||
8835a8cde1 | |||
7d479fe629
|
|||
edacc04893
|
|||
3c64ebfef4 | |||
15d2c31512
|
|||
93ef09b878 | |||
b5368314d6
|
|||
60643bdaf4
|
|||
e3880f5f00
|
|||
a20f370eaf | |||
d6de6ce37a
|
|||
334a8b877b
|
|||
ba1fd42cfc | |||
70faa1ff8f | |||
d7d5bc4dae
|
|||
a3f1ab1850
|
|||
c4919a6bfc | |||
6ca6f583d3
|
|||
0d10fb2cdc | |||
a373c49e2a | |||
633d4f1bfd
|
|||
cc201633de
|
|||
64c20379a2 | |||
98ec01a217
|
|||
796c257d0a
|
|||
387547e813 | |||
e16a1ff2ed | |||
c8d8efeae3
|
|||
2a7d111525
|
|||
64de0eb8ea
|
|||
413fe95b86
|
|||
de8ef2b201
|
|||
6e38335808
|
@@ -15,7 +15,7 @@ on:
|
||||
jobs:
|
||||
generate-parameters:
|
||||
container:
|
||||
image: docker.io/library/node:24.8.0-alpine
|
||||
image: docker.io/library/node:24.10.0-alpine
|
||||
runs-on:
|
||||
- ubuntu-latest
|
||||
steps:
|
||||
|
@@ -13,7 +13,7 @@ on:
|
||||
jobs:
|
||||
helm-lint:
|
||||
container:
|
||||
image: docker.io/volkerraschek/helm:3.18.5
|
||||
image: docker.io/volkerraschek/helm:3.19.0
|
||||
runs-on:
|
||||
- ubuntu-latest
|
||||
steps:
|
||||
@@ -28,7 +28,7 @@ jobs:
|
||||
|
||||
helm-unittest:
|
||||
container:
|
||||
image: docker.io/volkerraschek/helm:3.18.5
|
||||
image: docker.io/volkerraschek/helm:3.19.0
|
||||
runs-on:
|
||||
- ubuntu-latest
|
||||
steps:
|
||||
|
@@ -15,7 +15,7 @@ on:
|
||||
jobs:
|
||||
markdown-link-checker:
|
||||
container:
|
||||
image: docker.io/library/node:24.8.0-alpine
|
||||
image: docker.io/library/node:24.10.0-alpine
|
||||
runs-on:
|
||||
- ubuntu-latest
|
||||
steps:
|
||||
@@ -31,7 +31,7 @@ jobs:
|
||||
|
||||
markdown-lint:
|
||||
container:
|
||||
image: docker.io/library/node:24.8.0-alpine
|
||||
image: docker.io/library/node:24.10.0-alpine
|
||||
runs-on:
|
||||
- ubuntu-latest
|
||||
steps:
|
||||
|
@@ -8,7 +8,7 @@ on:
|
||||
jobs:
|
||||
publish-chart:
|
||||
container:
|
||||
image: docker.io/volkerraschek/helm:3.18.5
|
||||
image: docker.io/volkerraschek/helm:3.19.0
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Install packages via apk
|
||||
@@ -16,7 +16,7 @@ jobs:
|
||||
apk update
|
||||
apk add git npm jq yq
|
||||
|
||||
- uses: actions/checkout@v5
|
||||
- uses: actions/checkout@v5.0.0
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
|
4
.gitignore
vendored
4
.gitignore
vendored
@@ -1,6 +1,6 @@
|
||||
charts
|
||||
node_modules
|
||||
target
|
||||
values2.yml
|
||||
values2.yaml
|
||||
values[0-9].yml
|
||||
values[0-9].yaml
|
||||
*.tgz
|
||||
|
8
.vscode/settings.json
vendored
Normal file
8
.vscode/settings.json
vendored
Normal file
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"yaml.schemas": {
|
||||
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.2/schema/helm-testsuite.json": [
|
||||
"/unittests/**/*.yaml"
|
||||
]
|
||||
},
|
||||
"yaml.schemaStore.enable": true
|
||||
}
|
@@ -5,7 +5,7 @@ annotations:
|
||||
- name: support
|
||||
url: https://git.cryptic.systems/volker.raschek/reposilite-charts/issues
|
||||
apiVersion: v2
|
||||
appVersion: "3.5.25"
|
||||
appVersion: "3.5.26"
|
||||
description: |
|
||||
Lightweight and easy-to-use repository management software
|
||||
dedicated for the Maven based artifacts in the JVM ecosystem
|
||||
|
19
Makefile
19
Makefile
@@ -4,13 +4,13 @@ CONTAINER_RUNTIME?=$(shell which podman)
|
||||
# HELM_IMAGE
|
||||
HELM_IMAGE_REGISTRY_HOST?=docker.io
|
||||
HELM_IMAGE_REPOSITORY?=volkerraschek/helm
|
||||
HELM_IMAGE_VERSION?=3.18.2 # renovate: datasource=docker registryUrl=https://registry-nexus.orbis.dedalus.com depName=volkerraschek/helm
|
||||
HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm
|
||||
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
|
||||
|
||||
# NODE_IMAGE
|
||||
NODE_IMAGE_REGISTRY_HOST?=docker.io
|
||||
NODE_IMAGE_REPOSITORY?=library/node
|
||||
NODE_IMAGE_VERSION?=24.8.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
|
||||
NODE_IMAGE_VERSION?=24.10.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
|
||||
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
|
||||
|
||||
# MISSING DOT
|
||||
@@ -18,6 +18,19 @@ NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:
|
||||
missing-dot:
|
||||
grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml
|
||||
|
||||
# README
|
||||
# ==============================================================================
|
||||
readme: readme/link readme/lint readme/parameters
|
||||
|
||||
readme/link:
|
||||
npm install && npm run readme:link
|
||||
|
||||
readme/lint:
|
||||
npm install && npm run readme:lint
|
||||
|
||||
readme/parameters:
|
||||
npm install && npm run readme:parameters
|
||||
|
||||
# CONTAINER RUN - README
|
||||
# ==============================================================================
|
||||
PHONY+=container-run/readme
|
||||
@@ -88,4 +101,4 @@ container-run/helm-lint:
|
||||
# ==============================================================================
|
||||
# Declare the contents of the PHONY variable as phony. We keep that information
|
||||
# in a variable so we can use it in if_changed.
|
||||
.PHONY: ${PHONY}
|
||||
.PHONY: ${PHONY}
|
||||
|
224
README.md
224
README.md
@@ -37,7 +37,7 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi
|
||||
versions can break something!
|
||||
|
||||
```bash
|
||||
CHART_VERSION=0.1.3
|
||||
CHART_VERSION=1.0.0
|
||||
helm show values volker.raschek/reposilite --version "${CHART_VERSION}" > values.yaml
|
||||
```
|
||||
|
||||
@@ -51,7 +51,7 @@ The helm chart also contains a persistent volume claim definition. It persistent
|
||||
Use the `--set` argument to persist your data.
|
||||
|
||||
```bash
|
||||
CHART_VERSION=0.1.3
|
||||
CHART_VERSION=1.0.0
|
||||
helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \
|
||||
persistentVolumeClaim.enabled=true
|
||||
```
|
||||
@@ -72,7 +72,7 @@ connection problems.
|
||||
> error.
|
||||
|
||||
```bash
|
||||
CHART_VERSION=0.1.3
|
||||
CHART_VERSION=1.0.0
|
||||
helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \
|
||||
--set 'deployment.reposilite.env[1].name=REPOSILITE_LOCAL_SSLENABLED' \
|
||||
--set 'deployment.reposilite.env[1].value="true"' \
|
||||
@@ -122,14 +122,29 @@ deployment:
|
||||
secret.reloader.stakater.com/reload: "reposilite-tls"
|
||||
```
|
||||
|
||||
### Network policies
|
||||
If the application is rolled out using ArgoCD, a rolling update from stakater's
|
||||
[reloader](https://github.com/stakater/Reloader) can lead to a drift. ArgoCD will attempt to restore the original state
|
||||
with a rolling update. To avoid this, instead of a rolling update triggered by the reloader, a restart of the pod can be
|
||||
initiated. Further information are available in the official
|
||||
[README](https://github.com/stakater/Reloader?tab=readme-ov-file#4-%EF%B8%8F-workload-specific-rollout-strategy) of
|
||||
stakater's reloader.
|
||||
|
||||
```diff
|
||||
deployment:
|
||||
annotations:
|
||||
reloader.stakater.com/auto: "true"
|
||||
+ reloader.stakater.com/rollout-strategy: "restart"
|
||||
```
|
||||
|
||||
#### Network policies
|
||||
|
||||
Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
|
||||
network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`.
|
||||
|
||||
The example below is an excerpt of the `values.yaml` file. The network policy contains ingress rules to allow incoming
|
||||
traffic from an ingress controller. Additionally one egress rule is defined, to allow the application outgoing access
|
||||
to the internal running DNS server `core-dns`.
|
||||
traffic from an ingress controller. Additionally two egress rules are defined. The first one to allow the application
|
||||
outgoing access to the internal running DNS server `core-dns`. The second rule to be able to access the Apache Maven
|
||||
Central repository via HTTPS.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For
|
||||
@@ -156,6 +171,10 @@ networkPolicies:
|
||||
protocol: TCP
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
- ports:
|
||||
- port: 443
|
||||
protocol: TCP
|
||||
|
||||
ingress:
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
@@ -169,6 +188,75 @@ networkPolicies:
|
||||
protocol: TCP
|
||||
```
|
||||
|
||||
### Prometheus
|
||||
|
||||
Reposilite is not able to expose metrics by default. Reposilite requires an additional plugin to expose the metrics via
|
||||
`/metrics`. The plugin will be downloaded from Apache Maven Central, when the plugin is enabled directly or the
|
||||
Prometheus feature has been enabled. The plugin is a simple JAR file, which will be stored in `/app/data/plugins`.
|
||||
|
||||
Furthermore, Reposilite will not expose the metrics without protection. For this reason must be defined basic auth
|
||||
credentials. By default generate the helm chart a random username and password for basic auth. For debugging propose can
|
||||
be set the credentials manually.
|
||||
|
||||
The following example enable Prometheus metrics with custom basic auth credentials:
|
||||
|
||||
```bash
|
||||
CHART_VERSION=1.0.0
|
||||
helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \
|
||||
--set 'prometheus.metrics.enabled=true' \
|
||||
--set 'prometheus.metrics.basicAuthUsername=my-username' \
|
||||
--set 'prometheus.metrics.basicAuthUsername=my-password'
|
||||
```
|
||||
|
||||
## ArgoCD
|
||||
|
||||
### Example Application
|
||||
|
||||
An application resource for the Helm chart is defined below. It serves as an example for your own deployment.
|
||||
|
||||
```yaml
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
spec:
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: reposilite
|
||||
ignoreDifferences:
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
# When HPA is enabled, ensure that a modification of the replicas does not lead to a
|
||||
# drift.
|
||||
- '.spec.replicas'
|
||||
# Ensure that changes of the annotations or environment variables added or modified by
|
||||
# stakater's reloader does not lead to a drift.
|
||||
- '.spec.template.metadata.annotations | with_entries(select(.key | startswith("reloader")))'
|
||||
- '.spec.template.spec.containers[].env[] | select(.name | startswith("STAKATER_"))'
|
||||
sources:
|
||||
- repoURL: https://charts.cryptic.systems/volker.raschek
|
||||
chart: reposilite
|
||||
targetRevision: '0.*'
|
||||
helm:
|
||||
valueFiles:
|
||||
- $values/values.yaml
|
||||
releaseName: reposilite
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
managedNamespaceMetadata:
|
||||
annotations: {}
|
||||
labels: {}
|
||||
syncOptions:
|
||||
- ApplyOutOfSyncOnly=true
|
||||
- CreateNamespace=true
|
||||
- FailOnSharedResource=false
|
||||
- Replace=false
|
||||
- RespectIgnoreDifferences=false
|
||||
- ServerSideApply=true
|
||||
- Validate=true
|
||||
```
|
||||
|
||||
## Parameters
|
||||
|
||||
### Global
|
||||
@@ -178,44 +266,56 @@ networkPolicies:
|
||||
| `nameOverride` | Individual release name suffix. | `""` |
|
||||
| `fullnameOverride` | Override the complete release name logic. | `""` |
|
||||
|
||||
### Config
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `config.plugins.prometheus.enabled` | Download the Prometheus plugin via an additional init container. The Prometheus plugin will automatically enabled, when Prometheus is enabled. | `false` |
|
||||
| `config.plugins.prometheus.url` | URL to download the plugin. | `https://maven.reposilite.com/releases/com/reposilite/plugin/prometheus-plugin/{{ .Chart.AppVersion }}/prometheus-plugin-{{ .Chart.AppVersion }}-all.jar` |
|
||||
|
||||
### Deployment
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------- |
|
||||
| `deployment.annotations` | Additional deployment annotations. | `{}` |
|
||||
| `deployment.labels` | Additional deployment labels. | `{}` |
|
||||
| `deployment.additionalContainers` | List of additional containers. | `[]` |
|
||||
| `deployment.affinity` | Affinity for the Reposilite deployment. | `{}` |
|
||||
| `deployment.initContainers` | List of additional init containers. | `[]` |
|
||||
| `deployment.dnsConfig` | dnsConfig of the Reposilite deployment. | `{}` |
|
||||
| `deployment.dnsPolicy` | dnsPolicy of the Reposilite deployment. | `""` |
|
||||
| `deployment.hostname` | Individual hostname of the pod. | `""` |
|
||||
| `deployment.subdomain` | Individual domain of the pod. | `""` |
|
||||
| `deployment.hostNetwork` | Use the kernel network namespace of the host system. | `false` |
|
||||
| `deployment.imagePullSecrets` | Secret to use for pulling the image. | `[]` |
|
||||
| `deployment.reposilite.args` | Arguments passed to the Reposilite container. | `[]` |
|
||||
| `deployment.reposilite.command` | Command passed to the Reposilite container. | `[]` |
|
||||
| `deployment.reposilite.env` | List of environment variables for the Reposilite container. | |
|
||||
| `deployment.reposilite.envFrom` | List of environment variables mounted from configMaps or secrets for the Reposilite container. | `[]` |
|
||||
| `deployment.reposilite.image.registry` | Image registry, eg. `docker.io`. | `docker.io` |
|
||||
| `deployment.reposilite.image.repository` | Image repository, eg. `library/busybox`. | `dzikoysk/reposilite` |
|
||||
| `deployment.reposilite.image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` |
|
||||
| `deployment.reposilite.image.pullPolicy` | Image pull policy. | `IfNotPresent` |
|
||||
| `deployment.reposilite.resources` | CPU and memory resources of the pod. | `{}` |
|
||||
| `deployment.reposilite.securityContext` | Security context of the container of the deployment. | `{}` |
|
||||
| `deployment.reposilite.volumeMounts` | Additional volume mounts. | `[]` |
|
||||
| `deployment.nodeSelector` | NodeSelector of the Reposilite deployment. | `{}` |
|
||||
| `deployment.priorityClassName` | PriorityClassName of the Reposilite deployment. | `""` |
|
||||
| `deployment.replicas` | Number of replicas for the Reposilite deployment. | `1` |
|
||||
| `deployment.restartPolicy` | Restart policy of the Reposilite deployment. | `""` |
|
||||
| `deployment.securityContext` | Security context of the Reposilite deployment. | `{}` |
|
||||
| `deployment.strategy.type` | Strategy type - `Recreate` or `RollingUpdate`. | `RollingUpdate` |
|
||||
| `deployment.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` |
|
||||
| `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` |
|
||||
| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` |
|
||||
| `deployment.tolerations` | Tolerations of the Reposilite deployment. | `[]` |
|
||||
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the Reposilite deployment. | `[]` |
|
||||
| `deployment.volumes` | Additional volumes to mount into the pods of the reposilite deployment. | `[]` |
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | ------------------------------------------- |
|
||||
| `deployment.annotations` | Additional deployment annotations. | `{}` |
|
||||
| `deployment.labels` | Additional deployment labels. | `{}` |
|
||||
| `deployment.additionalContainers` | List of additional containers. | `[]` |
|
||||
| `deployment.affinity` | Affinity for the Reposilite deployment. | `{}` |
|
||||
| `deployment.initContainers` | List of additional init containers. | `[]` |
|
||||
| `deployment.dnsConfig` | dnsConfig of the Reposilite deployment. | `{}` |
|
||||
| `deployment.dnsPolicy` | dnsPolicy of the Reposilite deployment. | `""` |
|
||||
| `deployment.hostname` | Individual hostname of the pod. | `""` |
|
||||
| `deployment.subdomain` | Individual domain of the pod. | `""` |
|
||||
| `deployment.hostNetwork` | Use the kernel network namespace of the host system. | `false` |
|
||||
| `deployment.imagePullSecrets` | Secret to use for pulling the image. | `[]` |
|
||||
| `deployment.reposilite.args` | Arguments passed to the Reposilite container. | `[]` |
|
||||
| `deployment.reposilite.command` | Command passed to the Reposilite container. | `[]` |
|
||||
| `deployment.reposilite.env` | List of environment variables for the Reposilite container. | |
|
||||
| `deployment.reposilite.envFrom` | List of environment variables mounted from configMaps or secrets for the Reposilite container. | `[]` |
|
||||
| `deployment.reposilite.image.registry` | Image registry, eg. `docker.io`. | `docker.io` |
|
||||
| `deployment.reposilite.image.repository` | Image repository, eg. `library/busybox`. | `dzikoysk/reposilite` |
|
||||
| `deployment.reposilite.image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` |
|
||||
| `deployment.reposilite.image.pullPolicy` | Image pull policy. | `IfNotPresent` |
|
||||
| `deployment.reposilite.resources` | CPU and memory resources of the pod. | `{}` |
|
||||
| `deployment.reposilite.securityContext` | Security context of the container of the deployment. | `{}` |
|
||||
| `deployment.reposilite.volumeMounts` | Additional volume mounts. | `[]` |
|
||||
| `deployment.nodeSelector` | NodeSelector of the Reposilite deployment. | `{}` |
|
||||
| `deployment.pluginContainer.args` | Arguments passed to the plugin container. | `["--location","--fail","--max-time","60"]` |
|
||||
| `deployment.pluginContainer.image.registry` | Image registry, eg. `docker.io`. | `docker.io` |
|
||||
| `deployment.pluginContainer.image.repository` | Image repository, eg. `curlimages/curl`. | `curlimages/curl` |
|
||||
| `deployment.pluginContainer.image.tag` | Custom image tag, eg. `0.1.0`. | `8.16.0` |
|
||||
| `deployment.pluginContainer.image.pullPolicy` | Image pull policy. | `IfNotPresent` |
|
||||
| `deployment.priorityClassName` | PriorityClassName of the Reposilite deployment. | `""` |
|
||||
| `deployment.replicas` | Number of replicas for the Reposilite deployment. | `1` |
|
||||
| `deployment.restartPolicy` | Restart policy of the Reposilite deployment. | `""` |
|
||||
| `deployment.securityContext` | Security context of the Reposilite deployment. | `{}` |
|
||||
| `deployment.strategy.type` | Strategy type - `Recreate` or `RollingUpdate`. | `RollingUpdate` |
|
||||
| `deployment.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` |
|
||||
| `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` |
|
||||
| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` |
|
||||
| `deployment.tolerations` | Tolerations of the Reposilite deployment. | `[]` |
|
||||
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the Reposilite deployment. | `[]` |
|
||||
| `deployment.volumes` | Additional volumes to mount into the pods of the reposilite deployment. | `[]` |
|
||||
|
||||
### Horizontal Pod Autoscaler (HPA)
|
||||
|
||||
@@ -265,6 +365,45 @@ networkPolicies:
|
||||
| `persistentVolumeClaim.new.size` | Size of the persistent volume claim. | `10Gi` |
|
||||
| `persistentVolumeClaim.new.storageClass` | Custom storage class. Left it empty to use the clusters default storage class. | `""` |
|
||||
|
||||
### Prometheus
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
|
||||
| `prometheus.metrics.enabled` | Enable of scraping metrics by Prometheus. | `false` |
|
||||
| `prometheus.metrics.secret.existing.enabled` | Use an existing secret containing the basic auth credentials. | `false` |
|
||||
| `prometheus.metrics.secret.existing.secretName` | Name of the secret containing the basic auth credentials. | `""` |
|
||||
| `prometheus.metrics.secret.existing.basicAuthUsernameKey` | Name of the key in the secret that contains the username for basic auth. | `""` |
|
||||
| `prometheus.metrics.secret.existing.basicAuthPasswordKey` | Name of the key in the secret that contains the password for basic auth. | `""` |
|
||||
| `prometheus.metrics.secret.new.annotations` | Additional secret annotations. | `{}` |
|
||||
| `prometheus.metrics.secret.new.labels` | Additional secret labels. | `{}` |
|
||||
| `prometheus.metrics.secret.new.basicAuthUsername` | Username for basic auth. The username and password is required by reposilite to expose metrics. Default: random alpha numeric string. | `""` |
|
||||
| `prometheus.metrics.secret.new.basicAuthPassword` | Password for basic auth. The username and password is required by reposilite to expose metrics. Default random alpha numeric string. | `""` |
|
||||
| `prometheus.metrics.podMonitor.enabled` | Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource. | `false` |
|
||||
| `prometheus.metrics.podMonitor.annotations` | Additional podMonitor annotations. | `{}` |
|
||||
| `prometheus.metrics.podMonitor.enableHttp2` | Enable HTTP2. | `false` |
|
||||
| `prometheus.metrics.podMonitor.followRedirects` | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. | `false` |
|
||||
| `prometheus.metrics.podMonitor.honorLabels` | Honor labels. | `false` |
|
||||
| `prometheus.metrics.podMonitor.labels` | Additional podMonitor labels. | `{}` |
|
||||
| `prometheus.metrics.podMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `60s` |
|
||||
| `prometheus.metrics.podMonitor.path` | HTTP path of the Reposilite pod for scraping Prometheus metrics. | `/metrics` |
|
||||
| `prometheus.metrics.podMonitor.port` | HTTP port of the Reposilite pod for scraping Prometheus metrics. | `http` |
|
||||
| `prometheus.metrics.podMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]` |
|
||||
| `prometheus.metrics.podMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `30s` |
|
||||
| `prometheus.metrics.podMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. | `http` |
|
||||
| `prometheus.metrics.podMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` |
|
||||
| `prometheus.metrics.serviceMonitor.enabled` | Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource. | `false` |
|
||||
| `prometheus.metrics.serviceMonitor.annotations` | Additional serviceMonitor annotations. | `{}` |
|
||||
| `prometheus.metrics.serviceMonitor.labels` | Additional serviceMonitor labels. | `{}` |
|
||||
| `prometheus.metrics.serviceMonitor.enableHttp2` | Enable HTTP2. | `false` |
|
||||
| `prometheus.metrics.serviceMonitor.followRedirects` | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. | `false` |
|
||||
| `prometheus.metrics.serviceMonitor.honorLabels` | Honor labels. | `false` |
|
||||
| `prometheus.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `60s` |
|
||||
| `prometheus.metrics.serviceMonitor.path` | HTTP path for scraping Prometheus metrics. | `/metrics` |
|
||||
| `prometheus.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]` |
|
||||
| `prometheus.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `30s` |
|
||||
| `prometheus.metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. | `http` |
|
||||
| `prometheus.metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` |
|
||||
|
||||
### Service
|
||||
|
||||
| Name | Description | Value |
|
||||
@@ -280,6 +419,7 @@ networkPolicies:
|
||||
| `service.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` |
|
||||
| `service.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` |
|
||||
| `service.port` | Port to forward the traffic to. | `8080` |
|
||||
| `service.scheme` | Name of the service port. This name is also used as scheme / port name of the service monitor resource. | `http` |
|
||||
| `service.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` |
|
||||
| `service.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` |
|
||||
| `service.type` | Kubernetes service type for the traffic. | `ClusterIP` |
|
||||
|
26
package-lock.json
generated
26
package-lock.json
generated
@@ -1078,9 +1078,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/link-check": {
|
||||
"version": "5.4.0",
|
||||
"resolved": "https://registry.npmjs.org/link-check/-/link-check-5.4.0.tgz",
|
||||
"integrity": "sha512-0Pf4xBVUnwJdbDgpBlhHNmWDtbVjHTpIFs+JaBuIsC9PKRxjv4KMGCO2Gc8lkVnqMf9B/yaNY+9zmMlO5MyToQ==",
|
||||
"version": "5.5.0",
|
||||
"resolved": "https://registry.npmjs.org/link-check/-/link-check-5.5.0.tgz",
|
||||
"integrity": "sha512-CpMk2zMfyEMdDvFG92wO5pU/2I/wbw72/9pvUFhU9cDKkwhmVlPuvxQJzd/jXA2iVOgNgPLnS5zyOLW7OzNpdA==",
|
||||
"dev": true,
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
@@ -1137,16 +1137,16 @@
|
||||
}
|
||||
},
|
||||
"node_modules/markdown-link-check": {
|
||||
"version": "3.13.7",
|
||||
"resolved": "https://registry.npmjs.org/markdown-link-check/-/markdown-link-check-3.13.7.tgz",
|
||||
"integrity": "sha512-Btn3HU8s2Uyh1ZfzmyZEkp64zp2+RAjwfQt1u4swq2Xa6w37OW0T2inQZrkSNVxDSa2jSN2YYhw/JkAp5jF1PQ==",
|
||||
"version": "3.14.1",
|
||||
"resolved": "https://registry.npmjs.org/markdown-link-check/-/markdown-link-check-3.14.1.tgz",
|
||||
"integrity": "sha512-h1tihNL3kmOS3N7H4FyF4xKDxiHnNBNSgs/LWlDiRHlC8O0vfRX0LhDDvesRSs4HM7nS0F658glLxonaXBmuWw==",
|
||||
"dev": true,
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"async": "^3.2.6",
|
||||
"chalk": "^5.3.0",
|
||||
"commander": "^13.1.0",
|
||||
"link-check": "^5.4.0",
|
||||
"commander": "^14.0.0",
|
||||
"link-check": "^5.5.0",
|
||||
"markdown-link-extractor": "^4.0.2",
|
||||
"needle": "^3.3.1",
|
||||
"progress": "^2.0.3",
|
||||
@@ -1157,6 +1157,16 @@
|
||||
"markdown-link-check": "markdown-link-check"
|
||||
}
|
||||
},
|
||||
"node_modules/markdown-link-check/node_modules/commander": {
|
||||
"version": "14.0.1",
|
||||
"resolved": "https://registry.npmjs.org/commander/-/commander-14.0.1.tgz",
|
||||
"integrity": "sha512-2JkV3gUZUVrbNA+1sjBOYLsMZ5cEEl8GTFP2a4AVz5hvasAMCQ1D2l2le/cX+pV4N6ZU17zjUahLpIXRrnWL8A==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">=20"
|
||||
}
|
||||
},
|
||||
"node_modules/markdown-link-extractor": {
|
||||
"version": "4.0.2",
|
||||
"resolved": "https://registry.npmjs.org/markdown-link-extractor/-/markdown-link-extractor-4.0.2.tgz",
|
||||
|
@@ -9,6 +9,7 @@
|
||||
],
|
||||
"customManagers": [
|
||||
{
|
||||
"customType": "regex",
|
||||
"fileMatch": [
|
||||
"^Chart\\.yaml$"
|
||||
],
|
||||
@@ -21,7 +22,10 @@
|
||||
"versioningTemplate": "semver"
|
||||
},
|
||||
{
|
||||
"fileMatch": ["^README\\.md$"],
|
||||
"customType": "regex",
|
||||
"fileMatch": [
|
||||
"^README\\.md$"
|
||||
],
|
||||
"matchStrings": [
|
||||
"CHART_VERSION=(?<currentValue>.*)"
|
||||
],
|
||||
@@ -29,9 +33,47 @@
|
||||
"packageNameTemplate": "https://git.cryptic.systems/volker.raschek/reposilite-charts",
|
||||
"datasourceTemplate": "git-tags",
|
||||
"versioningTemplate": "semver"
|
||||
},
|
||||
{
|
||||
"customType": "regex",
|
||||
"datasourceTemplate": "github-releases",
|
||||
"fileMatch": [
|
||||
".vscode/settings\\.json$"
|
||||
],
|
||||
"matchStrings": [
|
||||
"https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json"
|
||||
]
|
||||
}
|
||||
],
|
||||
"packageRules": [
|
||||
{
|
||||
"groupName": "Update docker.io/volkerraschek/helm",
|
||||
"matchDepNames": [
|
||||
"docker.io/volkerraschek/helm",
|
||||
"volkerraschek/helm"
|
||||
]
|
||||
},
|
||||
{
|
||||
"automerge": true,
|
||||
"groupName": "Update helm plugin 'unittest'",
|
||||
"matchDepNames": [
|
||||
"helm-unittest/helm-unittest"
|
||||
],
|
||||
"matchDatasources": [
|
||||
"github-releases"
|
||||
],
|
||||
"matchUpdateTypes": [
|
||||
"minor",
|
||||
"patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"groupName": "Update docker.io/library/node",
|
||||
"matchDepNames": [
|
||||
"docker.io/library/node",
|
||||
"library/node"
|
||||
]
|
||||
},
|
||||
{
|
||||
"addLabels": [
|
||||
"renovate/automerge",
|
||||
@@ -64,5 +106,16 @@
|
||||
"patch"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"postUpgradeTasks": {
|
||||
"commands": [
|
||||
"install-tool node",
|
||||
"make readme"
|
||||
],
|
||||
"fileFilters": [
|
||||
"README.md",
|
||||
"values.yaml"
|
||||
],
|
||||
"executionMode": "update"
|
||||
}
|
||||
}
|
@@ -17,11 +17,32 @@
|
||||
{{- if .Values.persistentVolumeClaim.enabled }}
|
||||
{{- $env = concat $env (list (dict "name" "REPOSILITE_DATA" "value" .Values.persistentVolumeClaim.path )) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if eq (include "reposilite.podMonitor.enabled" $) "true" }}
|
||||
{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_PATH" "value" .Values.prometheus.metrics.podMonitor.path )) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if eq (include "reposilite.serviceMonitor.enabled" $) "true" }}
|
||||
{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_PATH" "value" .Values.prometheus.metrics.serviceMonitor.path )) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if or (eq (include "reposilite.podMonitor.enabled" $ ) "true") (eq (include "reposilite.serviceMonitor.enabled" $ ) "true") -}}
|
||||
{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_USER" "valueFrom" (dict "secretKeyRef" (dict "name" (include "reposilite.secrets.prometheusBasicAuth.name" $) "key" (include "reposilite.secrets.prometheusBasicAuth.usernameKey" $))))) }}
|
||||
{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_PASSWORD" "valueFrom" (dict "secretKeyRef" (dict "name" (include "reposilite.secrets.prometheusBasicAuth.name" $) "key" (include "reposilite.secrets.prometheusBasicAuth.passwordKey" $))))) }}
|
||||
{{- end }}
|
||||
|
||||
{{ toYaml (dict "env" $env) }}
|
||||
{{- end -}}
|
||||
|
||||
{{/* image */}}
|
||||
|
||||
{{- define "reposilite.deployment.images.plugin.fqin" -}}
|
||||
{{- $registry := .Values.deployment.pluginContainer.image.registry -}}
|
||||
{{- $repository := .Values.deployment.pluginContainer.image.repository -}}
|
||||
{{- $tag := default .Chart.AppVersion .Values.deployment.pluginContainer.image.tag -}}
|
||||
{{- printf "%s/%s:%s" $registry $repository $tag -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "reposilite.deployment.images.reposilite.fqin" -}}
|
||||
{{- $registry := .Values.deployment.reposilite.image.registry -}}
|
||||
{{- $repository := .Values.deployment.reposilite.image.repository -}}
|
||||
@@ -38,6 +59,34 @@
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* initContainers */}}
|
||||
|
||||
{{- define "reposilite.deployment.initContainers" -}}
|
||||
{{- $initContainers := .Values.deployment.initContainers | default list -}}
|
||||
{{- $pluginContainerImage := (include "reposilite.deployment.images.plugin.fqin" . ) }}
|
||||
{{- $pluginContainerArgs := .Values.deployment.pluginContainer.args | default list }}
|
||||
{{- $pluginContainerArgs := concat $pluginContainerArgs (list "--output-dir" "/app/data/plugins" ) }}
|
||||
{{- $pluginContainerVolumeMounts := list (dict "name" "plugins" "mountPath" "/app/data/plugins") }}
|
||||
|
||||
{{- if eq (include "reposilite.plugins.prometheus.enabled" $) "true" }}
|
||||
{{- $fileName := splitList "/" (tpl .Values.config.plugins.prometheus.url $) | last }}
|
||||
{{- $individualArgs := concat $pluginContainerArgs (list "--output" $fileName (tpl .Values.config.plugins.prometheus.url $)) }}
|
||||
{{- $initContainers = concat $initContainers (list (dict "args" $individualArgs "name" "download-prometheus-plugin" "image" $pluginContainerImage "volumeMounts" $pluginContainerVolumeMounts)) }}
|
||||
{{- end }}
|
||||
|
||||
{{ toYaml (dict "initContainers" $initContainers) }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
{{/* plugins */}}
|
||||
{{- define "reposilite.plugins.prometheus.enabled" -}}
|
||||
{{- if or .Values.config.plugins.prometheus.enabled .Values.prometheus.metrics.enabled -}}
|
||||
true
|
||||
{{- else -}}
|
||||
false
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* serviceAccount */}}
|
||||
|
||||
{{- define "reposilite.deployment.serviceAccount" -}}
|
||||
@@ -55,6 +104,11 @@
|
||||
{{- if .Values.persistentVolumeClaim.enabled }}
|
||||
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistentVolumeClaim.path )) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if eq (include "reposilite.plugins.prometheus.enabled" $) "true" }}
|
||||
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "plugins" "mountPath" "/app/data/plugins")) }}
|
||||
{{- end }}
|
||||
|
||||
{{ toYaml (dict "volumeMounts" $volumeMounts) }}
|
||||
{{- end -}}
|
||||
|
||||
@@ -71,6 +125,10 @@
|
||||
{{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $persistentVolumeClaimName))) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if eq (include "reposilite.plugins.prometheus.enabled" $) "true" }}
|
||||
{{- $volumes = concat $volumes (list (dict "name" "plugins" "emptyDir" dict)) }}
|
||||
{{- end }}
|
||||
|
||||
{{ toYaml (dict "volumes" $volumes) }}
|
||||
|
||||
{{- end -}}
|
@@ -4,6 +4,9 @@
|
||||
|
||||
{{- define "reposilite.pod.annotations" -}}
|
||||
{{ include "reposilite.annotations" . }}
|
||||
{{- if and .Values.prometheus.metrics.enabled (not .Values.prometheus.metrics.secret.existing.enabled) -}}
|
||||
{{- printf "checksum/secret-%s: %s" (include "reposilite.secrets.prometheusBasicAuth.name" $) (include (print $.Template.BasePath "/secretPrometheusBasicAuth.yaml") . | sha256sum) }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
27
templates/_podMonitors.tpl
Normal file
27
templates/_podMonitors.tpl
Normal file
@@ -0,0 +1,27 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/* annotations */}}
|
||||
{{- define "reposilite.podMonitor.annotations" -}}
|
||||
{{ include "reposilite.annotations" . }}
|
||||
{{- if .Values.prometheus.metrics.podMonitor.annotations }}
|
||||
{{ toYaml .Values.prometheus.metrics.podMonitor.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* enabled */}}
|
||||
{{- define "reposilite.podMonitor.enabled" -}}
|
||||
{{- if and .Values.prometheus.metrics.enabled .Values.prometheus.metrics.podMonitor.enabled (not .Values.prometheus.metrics.serviceMonitor.enabled) -}}
|
||||
true
|
||||
{{- else -}}
|
||||
false
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "reposilite.podMonitor.labels" -}}
|
||||
{{ include "reposilite.labels" . }}
|
||||
{{- if .Values.prometheus.metrics.podMonitor.labels }}
|
||||
{{ toYaml .Values.prometheus.metrics.podMonitor.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
53
templates/_secrets.tpl
Normal file
53
templates/_secrets.tpl
Normal file
@@ -0,0 +1,53 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "reposilite.secrets.prometheusBasicAuth.annotations" -}}
|
||||
{{ include "reposilite.annotations" . }}
|
||||
{{- if .Values.prometheus.metrics.secret.new.annotations }}
|
||||
{{ toYaml .Values.prometheus.metrics.secret.new.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "reposilite.secrets.prometheusBasicAuth.labels" -}}
|
||||
{{ include "reposilite.labels" . }}
|
||||
{{- if .Values.prometheus.metrics.secret.new.labels }}
|
||||
{{ toYaml .Values.prometheus.metrics.secret.new.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* names */}}
|
||||
|
||||
{{- define "reposilite.secrets.prometheusBasicAuth.name" -}}
|
||||
{{- if and .Values.prometheus.metrics.secret.existing.enabled (gt (len .Values.prometheus.metrics.secret.existing.secretName) 0) }}
|
||||
{{- print .Values.prometheus.metrics.secret.existing.secretName -}}
|
||||
{{- else if and .Values.prometheus.metrics.secret.existing.enabled (eq (len .Values.prometheus.metrics.secret.existing.secretName) 0) }}
|
||||
{{ fail "Name of the existing secret that contains the credentials for basic auth is not defined!" }}
|
||||
{{- else if not .Values.prometheus.metrics.secret.existing.enabled }}
|
||||
{{- printf "%s-basic-auth-credentials" (include "reposilite.fullname" $) -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* secretKeyNames */}}
|
||||
|
||||
{{- define "reposilite.secrets.prometheusBasicAuth.passwordKey" -}}
|
||||
{{- if and .Values.prometheus.metrics.secret.existing.enabled (gt (len .Values.prometheus.metrics.secret.existing.basicAuthPasswordKey) 0) -}}
|
||||
{{- .Values.prometheus.metrics.secret.existing.basicAuthPasswordKey -}}
|
||||
{{- else if and .Values.prometheus.metrics.secret.existing.enabled (eq (len .Values.prometheus.metrics.secret.existing.basicAuthPasswordKey) 0) }}
|
||||
{{ fail "Name of the key in the secret that contains the password for basic auth is not defined!" }}
|
||||
{{- else if and (not .Values.prometheus.metrics.secret.existing.enabled) }}
|
||||
{{- print "password" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "reposilite.secrets.prometheusBasicAuth.usernameKey" -}}
|
||||
{{- if and .Values.prometheus.metrics.secret.existing.enabled (gt (len .Values.prometheus.metrics.secret.existing.basicAuthUsernameKey) 0) -}}
|
||||
{{- .Values.prometheus.metrics.secret.existing.basicAuthUsernameKey -}}
|
||||
{{- else if and .Values.prometheus.metrics.secret.existing.enabled (eq (len .Values.prometheus.metrics.secret.existing.basicAuthUsernameKey) 0) }}
|
||||
{{ fail "Name of the key in the secret that contains the username for basic auth is not defined!" }}
|
||||
{{- else if and (not .Values.prometheus.metrics.secret.existing.enabled) }}
|
||||
{{- print "username" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
35
templates/_serviceMonitors.tpl
Normal file
35
templates/_serviceMonitors.tpl
Normal file
@@ -0,0 +1,35 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/* annotations */}}
|
||||
|
||||
{{- define "reposilite.serviceMonitor.annotations" -}}
|
||||
{{ include "reposilite.annotations" . }}
|
||||
{{- if .Values.prometheus.metrics.serviceMonitor.annotations }}
|
||||
{{ toYaml .Values.prometheus.metrics.serviceMonitor.annotations }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* enabled */}}
|
||||
|
||||
{{- define "reposilite.serviceMonitor.enabled" -}}
|
||||
{{- if and .Values.prometheus.metrics.enabled (not .Values.prometheus.metrics.podMonitor.enabled) .Values.prometheus.metrics.serviceMonitor.enabled .Values.service.enabled -}}
|
||||
true
|
||||
{{- else -}}
|
||||
false
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
{{- define "reposilite.serviceMonitor.labels" -}}
|
||||
{{ include "reposilite.labels" . }}
|
||||
{{- if .Values.prometheus.metrics.serviceMonitor.labels }}
|
||||
{{ toYaml .Values.prometheus.metrics.serviceMonitor.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "reposilite.serviceMonitor.selectorLabels" -}}
|
||||
{{ include "reposilite.selectorLabels" . }}
|
||||
{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}}
|
||||
app.kubernetes.io/service-name: {{ required "The scheme of the serviceMonitor is not defined!" .Values.service.scheme }}
|
||||
{{- end }}
|
@@ -16,6 +16,8 @@
|
||||
{{- if .Values.service.labels }}
|
||||
{{ toYaml .Values.service.labels }}
|
||||
{{- end }}
|
||||
{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}}
|
||||
app.kubernetes.io/service-name: {{ required "The scheme of the serviceMonitor is not defined!" .Values.service.scheme }}
|
||||
{{- end }}
|
||||
|
||||
{{/* names */}}
|
||||
|
@@ -68,7 +68,10 @@ spec:
|
||||
name: reposilite
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: {{ .Values.service.port }}
|
||||
containerPort: 8080
|
||||
protocol: TCP
|
||||
- name: https
|
||||
containerPort: 8443
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
@@ -106,6 +109,11 @@ spec:
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- $initContainers := (include "reposilite.deployment.initContainers" . | fromYaml) }}
|
||||
{{- if and (hasKey $initContainers "initContainers") (gt (len $initContainers.initContainers) 0) }}
|
||||
initContainers:
|
||||
{{- toYaml $initContainers.initContainers | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.deployment.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
|
47
templates/podMonitor.yaml
Normal file
47
templates/podMonitor.yaml
Normal file
@@ -0,0 +1,47 @@
|
||||
{{- if eq (include "reposilite.podMonitor.enabled" $) "true" }}
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PodMonitor
|
||||
metadata:
|
||||
{{- with (include "reposilite.podMonitor.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "reposilite.podMonitor.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "reposilite.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
podMetricsEndpoints:
|
||||
- basicAuth:
|
||||
password:
|
||||
key: {{ include "reposilite.secrets.prometheusBasicAuth.passwordKey" . }}
|
||||
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
|
||||
username:
|
||||
key: {{ include "reposilite.secrets.prometheusBasicAuth.usernameKey" . }}
|
||||
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
|
||||
enableHttp2: {{ required "The enableHttp2 option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.enableHttp2 }}
|
||||
followRedirects: {{ required "The followRedirects option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.followRedirects }}
|
||||
honorLabels: {{ required "The honorLabels option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.honorLabels }}
|
||||
interval: {{ required "The scrape interval of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.interval }}
|
||||
path: {{ required "The metric path of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.path }}
|
||||
port: {{ required "The metric port of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.port | quote }}
|
||||
{{- with .Values.prometheus.metrics.podMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
scrapeTimeout: {{ required "The scrape timeout of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.scrapeTimeout }}
|
||||
scheme: {{ required "The scheme of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.scheme }}
|
||||
{{- with .Values.prometheus.metrics.podMonitor.tlsConfig }}
|
||||
tlsConfig:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "reposilite.pod.selectorLabels" . | nindent 6 }}
|
||||
{{- end }}
|
19
templates/secretPrometheusBasicAuth.yaml
Normal file
19
templates/secretPrometheusBasicAuth.yaml
Normal file
@@ -0,0 +1,19 @@
|
||||
{{- if and .Values.prometheus.metrics.enabled (not .Values.prometheus.metrics.secret.existing.enabled) }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
{{- with (include "reposilite.secrets.prometheusBasicAuth.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "reposilite.secrets.prometheusBasicAuth.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
stringData:
|
||||
password: {{ required "Password for basic auth is required!" .Values.prometheus.metrics.secret.new.basicAuthPassword }}
|
||||
username: {{ required "Username for basic auth is required!" .Values.prometheus.metrics.secret.new.basicAuthUsername }}
|
||||
{{- end }}
|
@@ -43,7 +43,7 @@ spec:
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
- name: {{ required "No service name defined. Either 'http' or 'https' is allowed!" .Values.service.scheme }}
|
||||
protocol: TCP
|
||||
port: {{ required "No service port defined!" .Values.service.port }}
|
||||
selector:
|
||||
|
47
templates/serviceMonitor.yaml
Normal file
47
templates/serviceMonitor.yaml
Normal file
@@ -0,0 +1,47 @@
|
||||
{{- if eq (include "reposilite.serviceMonitor.enabled" $) "true" }}
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
{{- with (include "reposilite.serviceMonitor.annotations" . | fromYaml) }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with (include "reposilite.serviceMonitor.labels" . | fromYaml) }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "reposilite.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
endpoints:
|
||||
- basicAuth:
|
||||
password:
|
||||
key: {{ include "reposilite.secrets.prometheusBasicAuth.passwordKey" . }}
|
||||
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
|
||||
username:
|
||||
key: {{ include "reposilite.secrets.prometheusBasicAuth.usernameKey" . }}
|
||||
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
|
||||
enableHttp2: {{ required "The enableHttp2 option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.enableHttp2 }}
|
||||
followRedirects: {{ required "The followRedirects option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.followRedirects }}
|
||||
honorLabels: {{ required "The honorLabels option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.honorLabels }}
|
||||
interval: {{ required "The scrape interval of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.interval }}
|
||||
path: {{ required "The metric path of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.path }}
|
||||
port: {{ required "The port of the serviceMonitor is not defined!" .Values.service.scheme }}
|
||||
{{- with .Values.prometheus.metrics.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
scrapeTimeout: {{ required "The scrape timeout of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.scrapeTimeout }}
|
||||
scheme: {{ required "The scheme of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.scheme }}
|
||||
{{- with .Values.prometheus.metrics.serviceMonitor.tlsConfig }}
|
||||
tlsConfig:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "reposilite.serviceMonitor.selectorLabels" . | nindent 6 }}
|
||||
{{- end }}
|
42
unittests/deployment/configPlugins.yaml
Normal file
42
unittests/deployment/configPlugins.yaml
Normal file
@@ -0,0 +1,42 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Test reposilite plugins
|
||||
release:
|
||||
name: reposilite-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/deployment.yaml
|
||||
- templates/secretPrometheusBasicAuth.yaml
|
||||
tests:
|
||||
- it: Test init containers for prometheus
|
||||
set:
|
||||
config.plugins.prometheus.enabled: true
|
||||
config.plugins.prometheus.url: "https://reposilite.com/plugins/prometheus.jar"
|
||||
deployment.pluginContainer.image.tag: 0.1.0
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.initContainers
|
||||
content:
|
||||
args:
|
||||
- --location
|
||||
- --fail
|
||||
- --max-time
|
||||
- "60"
|
||||
- --output-dir
|
||||
- /app/data/plugins
|
||||
- --output
|
||||
- prometheus.jar
|
||||
- https://reposilite.com/plugins/prometheus.jar
|
||||
name: download-prometheus-plugin
|
||||
image: docker.io/curlimages/curl:0.1.0
|
||||
volumeMounts:
|
||||
- mountPath: /app/data/plugins
|
||||
name: plugins
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: plugins
|
||||
emptyDir: {}
|
||||
template: templates/deployment.yaml
|
@@ -7,19 +7,23 @@ release:
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/deployment.yaml
|
||||
- templates/secretPrometheusBasicAuth.yaml
|
||||
tests:
|
||||
- it: Rendering default
|
||||
set: {}
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
template: templates/deployment.yaml
|
||||
- containsDocument:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: reposilite-unittest
|
||||
namespace: testing
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
@@ -28,14 +32,17 @@ tests:
|
||||
app.kubernetes.io/name: reposilite
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: reposilite-0.1.0
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.replicas
|
||||
value: 1
|
||||
template: templates/deployment.yaml
|
||||
- isSubset:
|
||||
path: spec.selector.matchLabels
|
||||
content:
|
||||
app.kubernetes.io/instance: reposilite-unittest
|
||||
app.kubernetes.io/name: reposilite
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.strategy
|
||||
value:
|
||||
@@ -43,9 +50,10 @@ tests:
|
||||
rollingUpdate:
|
||||
maxSurge: 1
|
||||
maxUnavailable: 1
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations
|
||||
value: sadsdf
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.metadata.labels
|
||||
value:
|
||||
@@ -54,25 +62,33 @@ tests:
|
||||
app.kubernetes.io/name: reposilite
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: reposilite-0.1.0
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.affinity
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].args
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].command
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: JAVA_OPTS
|
||||
value: "-Xmx64M"
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].envFrom
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: docker.io/dzikoysk/reposilite:0.1.0
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].imagePullPolicy
|
||||
value: IfNotPresent
|
||||
template: templates/deployment.yaml
|
||||
- isSubset:
|
||||
path: spec.template.spec.containers[0].livenessProbe
|
||||
content:
|
||||
@@ -83,15 +99,18 @@ tests:
|
||||
periodSeconds: 60
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 3
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].name
|
||||
value: reposilite
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].ports
|
||||
content:
|
||||
name: http
|
||||
containerPort: 8080
|
||||
protocol: TCP
|
||||
template: templates/deployment.yaml
|
||||
- isSubset:
|
||||
path: spec.template.spec.containers[0].readinessProbe
|
||||
content:
|
||||
@@ -102,42 +121,60 @@ tests:
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 3
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].resources
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].securityContext
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.dnsConfig
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.dnsPolicy
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.hostname
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.hostNetwork
|
||||
value: false
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.imagePullSecrets
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.initContainers
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.nodeSelector
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.priorityClassName
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.restartPolicy
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.subdomain
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.terminationGracePeriodSeconds
|
||||
value: 60
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.tolerations
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.topologySpreadConstraints
|
||||
template: templates/deployment.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.volumes
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom replicas
|
||||
set:
|
||||
@@ -146,6 +183,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.replicas
|
||||
value: 3
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom strategy
|
||||
set:
|
||||
@@ -162,6 +200,7 @@ tests:
|
||||
rollingUpdate:
|
||||
maxSurge: 10
|
||||
maxUnavailable: 5
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom affinity
|
||||
set:
|
||||
@@ -188,6 +227,7 @@ tests:
|
||||
values:
|
||||
- antarctica-east1
|
||||
- antarctica-west1
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test additional arguments
|
||||
set:
|
||||
@@ -200,6 +240,7 @@ tests:
|
||||
value:
|
||||
- --foo=bar
|
||||
- --bar=foo
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test additional commands
|
||||
set:
|
||||
@@ -210,6 +251,7 @@ tests:
|
||||
path: spec.template.spec.containers[0].command
|
||||
value:
|
||||
- /bin/bash
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom imageRegistry and imageRepository
|
||||
set:
|
||||
@@ -220,6 +262,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: registry.example.local/path/special/reposilite:2.0.0
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom imagePullPolicy
|
||||
set:
|
||||
@@ -228,17 +271,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].imagePullPolicy
|
||||
value: Always
|
||||
|
||||
- it: Test custom port
|
||||
set:
|
||||
service.port: 8443
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].ports
|
||||
content:
|
||||
name: http
|
||||
containerPort: 8443
|
||||
protocol: TCP
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom resources
|
||||
set:
|
||||
@@ -259,6 +292,7 @@ tests:
|
||||
requests:
|
||||
cpu: 25m
|
||||
memory: 100MB
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom securityContext
|
||||
set:
|
||||
@@ -285,6 +319,7 @@ tests:
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom volumeMounts
|
||||
set:
|
||||
@@ -297,6 +332,7 @@ tests:
|
||||
content:
|
||||
name: data
|
||||
mountPath: /usr/lib/data
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test dnsConfig
|
||||
set:
|
||||
@@ -311,6 +347,7 @@ tests:
|
||||
nameservers:
|
||||
- "8.8.8.8"
|
||||
- "8.8.4.4"
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test dnsPolicy
|
||||
set:
|
||||
@@ -319,6 +356,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.dnsPolicy
|
||||
value: ClusterFirst
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test hostNetwork, hostname, subdomain
|
||||
set:
|
||||
@@ -329,12 +367,15 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.hostNetwork
|
||||
value: true
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.hostname
|
||||
value: pg-exporter
|
||||
template: templates/deployment.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.subdomain
|
||||
value: exporters.internal
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test imagePullSecrets
|
||||
set:
|
||||
@@ -347,6 +388,20 @@ tests:
|
||||
value:
|
||||
- name: my-pull-secret
|
||||
- name: my-special-secret
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test initContainers
|
||||
set:
|
||||
deployment.initContainers:
|
||||
- name: busybox
|
||||
image: docker.io/library/busybox:latest
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.initContainers
|
||||
content:
|
||||
name: busybox
|
||||
image: docker.io/library/busybox:latest
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test nodeSelector
|
||||
set:
|
||||
@@ -357,6 +412,7 @@ tests:
|
||||
path: spec.template.spec.nodeSelector
|
||||
value:
|
||||
foo: bar
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test priorityClassName
|
||||
set:
|
||||
@@ -365,6 +421,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.priorityClassName
|
||||
value: my-priority
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test restartPolicy
|
||||
set:
|
||||
@@ -373,6 +430,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.restartPolicy
|
||||
value: Always
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test custom securityContext
|
||||
set:
|
||||
@@ -389,6 +447,7 @@ tests:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test terminationGracePeriodSeconds
|
||||
set:
|
||||
@@ -397,6 +456,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.terminationGracePeriodSeconds
|
||||
value: 120
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test tolerations
|
||||
set:
|
||||
@@ -413,6 +473,7 @@ tests:
|
||||
operator: Equal
|
||||
value: ssd
|
||||
effect: NoSchedule
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test topologySpreadConstraints
|
||||
set:
|
||||
@@ -431,6 +492,7 @@ tests:
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/instance: reposilite
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Test additional volumes
|
||||
set:
|
||||
@@ -445,3 +507,4 @@ tests:
|
||||
- name: data
|
||||
hostPath:
|
||||
path: /usr/lib/data
|
||||
template: templates/deployment.yaml
|
@@ -7,6 +7,7 @@ release:
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/deployment.yaml
|
||||
- templates/secretPrometheusBasicAuth.yaml
|
||||
tests:
|
||||
- it: Rendering default volumes and volumeMounts with persistent volume claim
|
||||
set:
|
||||
@@ -17,17 +18,20 @@ tests:
|
||||
content:
|
||||
name: REPOSILITE_DATA
|
||||
value: /app/data
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: data
|
||||
mountPath: /app/data
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: reposilite-unittest
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering custom volumes and volumeMounts with persistent volume claim
|
||||
set:
|
||||
@@ -39,17 +43,20 @@ tests:
|
||||
content:
|
||||
name: REPOSILITE_DATA
|
||||
value: /usr/lib/reposilite/data
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: data
|
||||
mountPath: /usr/lib/reposilite/data
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: reposilite-unittest
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering custom volumes and volumeMounts with persistent volume claim
|
||||
set:
|
||||
@@ -62,14 +69,17 @@ tests:
|
||||
content:
|
||||
name: REPOSILITE_DATA
|
||||
value: /app/data
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
content:
|
||||
name: data
|
||||
mountPath: /app/data
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.volumes
|
||||
content:
|
||||
name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: my-custom-pvc
|
||||
claimName: my-custom-pvc
|
||||
template: templates/deployment.yaml
|
109
unittests/deployment/prometheusPodMonitor.yaml
Normal file
109
unittests/deployment/prometheusPodMonitor.yaml
Normal file
@@ -0,0 +1,109 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Add prometheus basic auth variables
|
||||
release:
|
||||
name: reposilite-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/deployment.yaml
|
||||
- templates/secretPrometheusBasicAuth.yaml
|
||||
tests:
|
||||
- it: Rendering default environment variables with enabled prometheus metrics podMonitor
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.podMonitor.enabled: true
|
||||
prometheus.metrics.secret.new.basicAuthPassword: "my-password"
|
||||
prometheus.metrics.secret.new.basicAuthUsername: "my-username"
|
||||
asserts:
|
||||
- exists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: REPOSILITE_PROMETHEUS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: reposilite-unittest-basic-auth-credentials
|
||||
key: password
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: REPOSILITE_PROMETHEUS_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: reposilite-unittest-basic-auth-credentials
|
||||
key: username
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering default environment variables with enabled prometheus metrics serviceMonitor and external secret
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.secret.existing.enabled: true
|
||||
prometheus.metrics.secret.existing.basicAuthUsernameKey: my-username-key
|
||||
prometheus.metrics.secret.existing.basicAuthPasswordKey: my-password-key
|
||||
prometheus.metrics.secret.existing.secretName: my-secret
|
||||
prometheus.metrics.podMonitor.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: REPOSILITE_PROMETHEUS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: my-secret
|
||||
key: my-password-key
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: REPOSILITE_PROMETHEUS_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: my-secret
|
||||
key: my-username-key
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Fail when existing secret name is undefined
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.secret.existing.enabled: true
|
||||
prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key"
|
||||
prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key"
|
||||
prometheus.metrics.secret.existing.secretName: ""
|
||||
prometheus.metrics.podMonitor.enabled: true
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "Name of the existing secret that contains the credentials for basic auth is not defined!"
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Fail when the name of the key in the secret that contains the username for basic auth is undefined
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.secret.existing.enabled: true
|
||||
prometheus.metrics.secret.existing.basicAuthUsernameKey: ""
|
||||
prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key"
|
||||
prometheus.metrics.secret.existing.secretName: "my-secret"
|
||||
prometheus.metrics.podMonitor.enabled: true
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "Name of the key in the secret that contains the username for basic auth is not defined!"
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Fail when the name of the key in the secret that contains the password for basic auth is undefined
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.secret.existing.enabled: true
|
||||
prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key"
|
||||
prometheus.metrics.secret.existing.basicAuthPasswordKey: ""
|
||||
prometheus.metrics.secret.existing.secretName: "my-secret"
|
||||
prometheus.metrics.podMonitor.enabled: true
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "Name of the key in the secret that contains the password for basic auth is not defined!"
|
||||
template: templates/deployment.yaml
|
109
unittests/deployment/prometheusServiceMonitor.yaml
Normal file
109
unittests/deployment/prometheusServiceMonitor.yaml
Normal file
@@ -0,0 +1,109 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Add prometheus basic auth variables
|
||||
release:
|
||||
name: reposilite-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/deployment.yaml
|
||||
- templates/secretPrometheusBasicAuth.yaml
|
||||
tests:
|
||||
- it: Rendering default environment variables with enabled prometheus metrics serviceMonitor
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.serviceMonitor.enabled: true
|
||||
prometheus.metrics.secret.new.basicAuthPassword: "my-password"
|
||||
prometheus.metrics.secret.new.basicAuthUsername: "my-username"
|
||||
asserts:
|
||||
- exists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: REPOSILITE_PROMETHEUS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: reposilite-unittest-basic-auth-credentials
|
||||
key: password
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: REPOSILITE_PROMETHEUS_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: reposilite-unittest-basic-auth-credentials
|
||||
key: username
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Rendering default environment variables with enabled prometheus metrics serviceMonitor and external secret
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.secret.existing.enabled: true
|
||||
prometheus.metrics.secret.existing.basicAuthUsernameKey: my-username-key
|
||||
prometheus.metrics.secret.existing.basicAuthPasswordKey: my-password-key
|
||||
prometheus.metrics.secret.existing.secretName: my-secret
|
||||
prometheus.metrics.serviceMonitor.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: REPOSILITE_PROMETHEUS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: my-secret
|
||||
key: my-password-key
|
||||
template: templates/deployment.yaml
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: REPOSILITE_PROMETHEUS_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: my-secret
|
||||
key: my-username-key
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Fail when existing secret name is undefined
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.secret.existing.enabled: true
|
||||
prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key"
|
||||
prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key"
|
||||
prometheus.metrics.secret.existing.secretName: ""
|
||||
prometheus.metrics.serviceMonitor.enabled: true
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "Name of the existing secret that contains the credentials for basic auth is not defined!"
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Fail when the name of the key in the secret that contains the username for basic auth is undefined
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.secret.existing.enabled: true
|
||||
prometheus.metrics.secret.existing.basicAuthUsernameKey: ""
|
||||
prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key"
|
||||
prometheus.metrics.secret.existing.secretName: "my-secret"
|
||||
prometheus.metrics.serviceMonitor.enabled: true
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "Name of the key in the secret that contains the username for basic auth is not defined!"
|
||||
template: templates/deployment.yaml
|
||||
|
||||
- it: Fail when the name of the key in the secret that contains the password for basic auth is undefined
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.secret.existing.enabled: true
|
||||
prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key"
|
||||
prometheus.metrics.secret.existing.basicAuthPasswordKey: ""
|
||||
prometheus.metrics.secret.existing.secretName: "my-secret"
|
||||
prometheus.metrics.serviceMonitor.enabled: true
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "Name of the key in the secret that contains the password for basic auth is not defined!"
|
||||
template: templates/deployment.yaml
|
179
unittests/podMonitors/podMonitor.yaml
Normal file
179
unittests/podMonitors/podMonitor.yaml
Normal file
@@ -0,0 +1,179 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: PodMonitor template
|
||||
release:
|
||||
name: reposilite-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/podMonitor.yaml
|
||||
tests:
|
||||
- it: Skip podMonitor when metrics are disabled.
|
||||
set:
|
||||
prometheus.metrics.enabled: false
|
||||
prometheus.metrics.podMonitor.enabled: true
|
||||
prometheus.metrics.serviceMonitor.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Skip podMonitor when podMonitor is disabled.
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.podMonitor.enabled: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Skip podMonitor when both monitor types are enabled.
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.podMonitor.enabled: true
|
||||
prometheus.metrics.serviceMonitor.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Rendering podMonitor with default values - enabled manually.
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.podMonitor.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PodMonitor
|
||||
name: reposilite-unittest
|
||||
namespace: testing
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: reposilite-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: reposilite
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: reposilite-0.1.0
|
||||
- isSubset:
|
||||
path: spec.podMetricsEndpoints[0].basicAuth
|
||||
content:
|
||||
password:
|
||||
key: password
|
||||
name: reposilite-unittest-basic-auth-credentials
|
||||
username:
|
||||
key: username
|
||||
name: reposilite-unittest-basic-auth-credentials
|
||||
- equal:
|
||||
path: spec.podMetricsEndpoints[0].enableHttp2
|
||||
value: false
|
||||
- equal:
|
||||
path: spec.podMetricsEndpoints[0].followRedirects
|
||||
value: false
|
||||
- equal:
|
||||
path: spec.podMetricsEndpoints[0].honorLabels
|
||||
value: false
|
||||
- equal:
|
||||
path: spec.podMetricsEndpoints[0].interval
|
||||
value: 60s
|
||||
- equal:
|
||||
path: spec.podMetricsEndpoints[0].path
|
||||
value: /metrics
|
||||
- equal:
|
||||
path: spec.podMetricsEndpoints[0].port
|
||||
value: http
|
||||
- notExists:
|
||||
path: spec.podMetricsEndpoints[0].relabelings
|
||||
- equal:
|
||||
path: spec.podMetricsEndpoints[0].scrapeTimeout
|
||||
value: 30s
|
||||
- equal:
|
||||
path: spec.podMetricsEndpoints[0].scheme
|
||||
value: http
|
||||
- contains:
|
||||
path: spec.namespaceSelector.matchNames
|
||||
content:
|
||||
testing
|
||||
- equal:
|
||||
path: spec.selector.matchLabels
|
||||
value:
|
||||
app.kubernetes.io/instance: reposilite-unittest
|
||||
app.kubernetes.io/name: reposilite
|
||||
|
||||
- it: Render podMonitor with custom annotations and labels.
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.podMonitor.enabled: true
|
||||
prometheus.metrics.podMonitor.annotations:
|
||||
foo: bar
|
||||
prometheus.metrics.podMonitor.labels:
|
||||
bar: foo
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
foo: bar
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: reposilite-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: reposilite
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
bar: foo
|
||||
helm.sh/chart: reposilite-0.1.0
|
||||
|
||||
- it: Change defaults
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.podMonitor.enabled: true
|
||||
prometheus.metrics.podMonitor.enableHttp2: false
|
||||
prometheus.metrics.podMonitor.followRedirects: true
|
||||
prometheus.metrics.podMonitor.honorLabels: true
|
||||
prometheus.metrics.podMonitor.interval: "180s"
|
||||
prometheus.metrics.podMonitor.path: "/my-metrics"
|
||||
prometheus.metrics.podMonitor.port: "8443"
|
||||
prometheus.metrics.podMonitor.relabelings:
|
||||
- sourceLabels: [ container ]
|
||||
separator: ";"
|
||||
regex: "app"
|
||||
replacement: "$1"
|
||||
action: "drop"
|
||||
prometheus.metrics.podMonitor.scheme: https
|
||||
prometheus.metrics.podMonitor.scrapeTimeout: "5s"
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- equal:
|
||||
path: spec.podMetricsEndpoints[0].enableHttp2
|
||||
value: false
|
||||
- equal:
|
||||
path: spec.podMetricsEndpoints[0].followRedirects
|
||||
value: true
|
||||
- equal:
|
||||
path: spec.podMetricsEndpoints[0].honorLabels
|
||||
value: true
|
||||
- equal:
|
||||
path: spec.podMetricsEndpoints[0].interval
|
||||
value: 180s
|
||||
- equal:
|
||||
path: spec.podMetricsEndpoints[0].path
|
||||
value: /my-metrics
|
||||
- equal:
|
||||
path: spec.podMetricsEndpoints[0].port
|
||||
value: "8443"
|
||||
- contains:
|
||||
path: spec.podMetricsEndpoints[0].relabelings
|
||||
content:
|
||||
sourceLabels: [ container ]
|
||||
separator: ";"
|
||||
regex: "app"
|
||||
replacement: "$1"
|
||||
action: "drop"
|
||||
- equal:
|
||||
path: spec.podMetricsEndpoints[0].scrapeTimeout
|
||||
value: 5s
|
||||
- equal:
|
||||
path: spec.podMetricsEndpoints[0].scheme
|
||||
value: https
|
98
unittests/secrets/basicAuth.yaml
Normal file
98
unittests/secrets/basicAuth.yaml
Normal file
@@ -0,0 +1,98 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: Secret reposilite template
|
||||
release:
|
||||
name: reposilite-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/secretPrometheusBasicAuth.yaml
|
||||
tests:
|
||||
- it: Skip rendering
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Throw error for missing basic auth password
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
# prometheus.metrics.secret.new.basicAuthPassword: "my-password"
|
||||
prometheus.metrics.secret.new.basicAuthUsername: "my-username"
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "Password for basic auth is required!"
|
||||
|
||||
- it: Throw error for missing basic auth username
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.secret.new.basicAuthPassword: "my-password"
|
||||
# prometheus.metrics.secret.new.basicAuthUsername: "my-username"
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "Username for basic auth is required!"
|
||||
|
||||
- it: Rendering secret with default values.
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.secret.new.basicAuthPassword: "my-password"
|
||||
prometheus.metrics.secret.new.basicAuthUsername: "my-username"
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
name: reposilite-unittest-basic-auth-credentials
|
||||
namespace: testing
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: reposilite-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: reposilite
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: reposilite-0.1.0
|
||||
- exists:
|
||||
path: stringData.password
|
||||
- exists:
|
||||
path: stringData.username
|
||||
|
||||
- it: Rendering secret with custom values.
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.secret.new.basicAuthPassword: foo
|
||||
prometheus.metrics.secret.new.basicAuthUsername: bar
|
||||
prometheus.metrics.secret.new.annotations:
|
||||
foo: bar
|
||||
prometheus.metrics.secret.new.labels:
|
||||
bar: foo
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isSubset:
|
||||
path: metadata.annotations
|
||||
content:
|
||||
foo: bar
|
||||
- isSubset:
|
||||
path: metadata.labels
|
||||
content:
|
||||
bar: foo
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: reposilite-unittest-basic-auth-credentials
|
||||
- equal:
|
||||
path: stringData.password
|
||||
value: foo
|
||||
- equal:
|
||||
path: stringData.username
|
||||
value: bar
|
||||
|
||||
- it: Skip rendering if existing secret is used
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.secret.existing.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
@@ -53,13 +53,13 @@ tests:
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- exists:
|
||||
- isSubset:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
content:
|
||||
foo: bar
|
||||
- exists:
|
||||
- isSubset:
|
||||
path: metadata.labels
|
||||
value:
|
||||
content:
|
||||
bar: foo
|
||||
- equal:
|
||||
path: metadata.name
|
||||
|
194
unittests/serviceMonitors/serviceMonitor.yaml
Normal file
194
unittests/serviceMonitors/serviceMonitor.yaml
Normal file
@@ -0,0 +1,194 @@
|
||||
chart:
|
||||
appVersion: 0.1.0
|
||||
version: 0.1.0
|
||||
suite: ServiceMonitor template
|
||||
release:
|
||||
name: reposilite-unittest
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/serviceMonitor.yaml
|
||||
tests:
|
||||
- it: Skip serviceMonitor when service is disabled.
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.serviceMonitor.enabled: true
|
||||
service.enabled: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Skip serviceMonitor when metrics are disabled.
|
||||
set:
|
||||
prometheus.metrics.enabled: false
|
||||
prometheus.metrics.serviceMonitor.enabled: true
|
||||
services.http.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Skip serviceMonitor when serviceMonitor is disabled.
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.serviceMonitor.enabled: false
|
||||
services.http.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: Rendering serviceMonitor with default values - enabled manually.
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.serviceMonitor.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
name: reposilite-unittest
|
||||
namespace: testing
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: reposilite-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: reposilite
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: reposilite-0.1.0
|
||||
- isSubset:
|
||||
path: spec.endpoints[0].basicAuth
|
||||
content:
|
||||
password:
|
||||
key: password
|
||||
name: reposilite-unittest-basic-auth-credentials
|
||||
username:
|
||||
key: username
|
||||
name: reposilite-unittest-basic-auth-credentials
|
||||
- equal:
|
||||
path: spec.endpoints[0].enableHttp2
|
||||
value: false
|
||||
- equal:
|
||||
path: spec.endpoints[0].followRedirects
|
||||
value: false
|
||||
- equal:
|
||||
path: spec.endpoints[0].honorLabels
|
||||
value: false
|
||||
- equal:
|
||||
path: spec.endpoints[0].interval
|
||||
value: 60s
|
||||
- equal:
|
||||
path: spec.endpoints[0].path
|
||||
value: /metrics
|
||||
- notExists:
|
||||
path: spec.endpoints[0].relabelings
|
||||
- equal:
|
||||
path: spec.endpoints[0].scrapeTimeout
|
||||
value: 30s
|
||||
- equal:
|
||||
path: spec.endpoints[0].scheme
|
||||
value: http
|
||||
- equal:
|
||||
path: spec.endpoints[0].port
|
||||
value: http
|
||||
- contains:
|
||||
path: spec.namespaceSelector.matchNames
|
||||
content:
|
||||
testing
|
||||
- equal:
|
||||
path: spec.selector.matchLabels
|
||||
value:
|
||||
app.kubernetes.io/instance: reposilite-unittest
|
||||
app.kubernetes.io/name: reposilite
|
||||
app.kubernetes.io/service-name: http
|
||||
|
||||
- it: Render serviceMonitor with custom annotations and labels.
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.serviceMonitor.enabled: true
|
||||
prometheus.metrics.serviceMonitor.annotations:
|
||||
foo: bar
|
||||
prometheus.metrics.serviceMonitor.labels:
|
||||
bar: foo
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
foo: bar
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: reposilite-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: reposilite
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
bar: foo
|
||||
helm.sh/chart: reposilite-0.1.0
|
||||
|
||||
- it: Change defaults
|
||||
set:
|
||||
prometheus.metrics.enabled: true
|
||||
prometheus.metrics.secret.existing.enabled: true
|
||||
prometheus.metrics.secret.existing.secretName: "my-secret"
|
||||
prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key"
|
||||
prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key"
|
||||
prometheus.metrics.serviceMonitor.enabled: true
|
||||
prometheus.metrics.serviceMonitor.enableHttp2: false
|
||||
prometheus.metrics.serviceMonitor.followRedirects: true
|
||||
prometheus.metrics.serviceMonitor.honorLabels: true
|
||||
prometheus.metrics.serviceMonitor.interval: "180s"
|
||||
prometheus.metrics.serviceMonitor.path: "/my-metrics"
|
||||
prometheus.metrics.serviceMonitor.relabelings:
|
||||
- sourceLabels: [ container ]
|
||||
separator: ";"
|
||||
regex: "app"
|
||||
replacement: "$1"
|
||||
action: "drop"
|
||||
prometheus.metrics.serviceMonitor.scrapeTimeout: "5s"
|
||||
prometheus.metrics.serviceMonitor.scheme: "https"
|
||||
service.scheme: https
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isSubset:
|
||||
path: spec.endpoints[0].basicAuth
|
||||
content:
|
||||
password:
|
||||
key: my-password-key
|
||||
name: my-secret
|
||||
username:
|
||||
key: my-username-key
|
||||
name: my-secret
|
||||
- equal:
|
||||
path: spec.endpoints[0].enableHttp2
|
||||
value: false
|
||||
- equal:
|
||||
path: spec.endpoints[0].followRedirects
|
||||
value: true
|
||||
- equal:
|
||||
path: spec.endpoints[0].honorLabels
|
||||
value: true
|
||||
- equal:
|
||||
path: spec.endpoints[0].interval
|
||||
value: 180s
|
||||
- equal:
|
||||
path: spec.endpoints[0].path
|
||||
value: /my-metrics
|
||||
- equal:
|
||||
path: spec.endpoints[0].port
|
||||
value: https
|
||||
- contains:
|
||||
path: spec.endpoints[0].relabelings
|
||||
content:
|
||||
sourceLabels: [ container ]
|
||||
separator: ";"
|
||||
regex: "app"
|
||||
replacement: "$1"
|
||||
action: "drop"
|
||||
- equal:
|
||||
path: spec.endpoints[0].scrapeTimeout
|
||||
value: 5s
|
||||
- equal:
|
||||
path: spec.endpoints[0].scheme
|
||||
value: https
|
@@ -32,6 +32,7 @@ tests:
|
||||
app.kubernetes.io/instance: reposilite-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: reposilite
|
||||
app.kubernetes.io/service-name: http
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: reposilite-0.1.0
|
||||
- notExists:
|
||||
@@ -77,28 +78,35 @@ tests:
|
||||
service.internalTrafficPolicy: ""
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: No internal traffic policy defined!
|
||||
errorMessage: No internal traffic policy defined!
|
||||
|
||||
- it: Require port.
|
||||
set:
|
||||
service.port: ""
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: No service port defined!
|
||||
errorMessage: No service port defined!
|
||||
|
||||
- it: Require scheme.
|
||||
set:
|
||||
service.scheme: ""
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: The scheme of the serviceMonitor is not defined!
|
||||
|
||||
- it: Require sessionAffinity.
|
||||
set:
|
||||
service.sessionAffinity: ""
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: No session affinity defined!
|
||||
errorMessage: No session affinity defined!
|
||||
|
||||
- it: Require service type.
|
||||
set:
|
||||
service.type: ""
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: No service type defined!
|
||||
errorMessage: No service type defined!
|
||||
|
||||
- it: Render service with custom annotations and labels.
|
||||
set:
|
||||
@@ -106,6 +114,7 @@ tests:
|
||||
foo: bar
|
||||
service.labels:
|
||||
bar: foo
|
||||
service.scheme: https
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.annotations
|
||||
@@ -117,6 +126,7 @@ tests:
|
||||
app.kubernetes.io/instance: reposilite-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: reposilite
|
||||
app.kubernetes.io/service-name: https
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: reposilite-0.1.0
|
||||
bar: foo
|
||||
@@ -134,6 +144,7 @@ tests:
|
||||
service.loadBalancerSourceRanges:
|
||||
- "11.12.0.0/17"
|
||||
service.port: 10443
|
||||
service.scheme: https
|
||||
service.sessionAffinity: ClientIP
|
||||
service.type: LoadBalancer
|
||||
asserts:
|
||||
@@ -161,6 +172,9 @@ tests:
|
||||
path: spec.loadBalancerSourceRanges
|
||||
value:
|
||||
- "11.12.0.0/17"
|
||||
- equal:
|
||||
path: spec.ports[0].name
|
||||
value: https
|
||||
- equal:
|
||||
path: spec.ports[0].port
|
||||
value: 10443
|
||||
|
123
values.yaml
123
values.yaml
@@ -6,6 +6,17 @@
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
|
||||
|
||||
## @section Config
|
||||
config:
|
||||
plugins:
|
||||
## @param config.plugins.prometheus.enabled Download the Prometheus plugin via an additional init container. The Prometheus plugin will automatically enabled, when Prometheus is enabled.
|
||||
## @param config.plugins.prometheus.url URL to download the plugin.
|
||||
prometheus:
|
||||
enabled: false
|
||||
url: https://maven.reposilite.com/releases/com/reposilite/plugin/prometheus-plugin/{{ .Chart.AppVersion }}/prometheus-plugin-{{ .Chart.AppVersion }}-all.jar
|
||||
|
||||
|
||||
## @section Deployment
|
||||
deployment:
|
||||
## @param deployment.annotations Additional deployment annotations.
|
||||
@@ -149,6 +160,24 @@ deployment:
|
||||
## @param deployment.nodeSelector NodeSelector of the Reposilite deployment.
|
||||
nodeSelector: {}
|
||||
|
||||
pluginContainer:
|
||||
## @param deployment.pluginContainer.args Arguments passed to the plugin container.
|
||||
args:
|
||||
- "--location"
|
||||
- "--fail"
|
||||
- "--max-time"
|
||||
- "60"
|
||||
|
||||
## @param deployment.pluginContainer.image.registry Image registry, eg. `docker.io`.
|
||||
## @param deployment.pluginContainer.image.repository Image repository, eg. `curlimages/curl`.
|
||||
## @param deployment.pluginContainer.image.tag Custom image tag, eg. `0.1.0`.
|
||||
## @param deployment.pluginContainer.image.pullPolicy Image pull policy.
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: curlimages/curl
|
||||
tag: "8.16.0"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
## @param deployment.priorityClassName PriorityClassName of the Reposilite deployment.
|
||||
priorityClassName: ""
|
||||
|
||||
@@ -302,6 +331,11 @@ networkPolicy:
|
||||
# - port: 53
|
||||
# protocol: UDP
|
||||
|
||||
## Allow outgoing HTTP traffic. For example to download maven artifacts from Apache Maven Central or Reposlite plugins from upstream.
|
||||
# - ports:
|
||||
# - port: 443
|
||||
# protocol: TCP
|
||||
|
||||
ingress: []
|
||||
# Allow incoming HTTP traffic from prometheus.
|
||||
#
|
||||
@@ -315,6 +349,8 @@ networkPolicy:
|
||||
# ports:
|
||||
# - port: http
|
||||
# protocol: TCP
|
||||
# - port: https
|
||||
# protocol: TCP
|
||||
|
||||
# Allow incoming HTTP traffic from ingress-nginx.
|
||||
#
|
||||
@@ -328,6 +364,8 @@ networkPolicy:
|
||||
# ports:
|
||||
# - port: http
|
||||
# protocol: TCP
|
||||
# - port: https
|
||||
# protocol: TCP
|
||||
|
||||
|
||||
## @section Persistent Volume Claim
|
||||
@@ -356,6 +394,89 @@ persistentVolumeClaim:
|
||||
storageClass: ""
|
||||
|
||||
|
||||
## @section Prometheus
|
||||
prometheus:
|
||||
metrics:
|
||||
## @param prometheus.metrics.enabled Enable of scraping metrics by Prometheus.
|
||||
enabled: false
|
||||
|
||||
secret:
|
||||
## @param prometheus.metrics.secret.existing.enabled Use an existing secret containing the basic auth credentials.
|
||||
## @param prometheus.metrics.secret.existing.secretName Name of the secret containing the basic auth credentials.
|
||||
## @param prometheus.metrics.secret.existing.basicAuthUsernameKey Name of the key in the secret that contains the username for basic auth.
|
||||
## @param prometheus.metrics.secret.existing.basicAuthPasswordKey Name of the key in the secret that contains the password for basic auth.
|
||||
existing:
|
||||
enabled: false
|
||||
secretName: ""
|
||||
basicAuthUsernameKey: ""
|
||||
basicAuthPasswordKey: ""
|
||||
|
||||
## @param prometheus.metrics.secret.new.annotations Additional secret annotations.
|
||||
## @param prometheus.metrics.secret.new.labels Additional secret labels.
|
||||
## @param prometheus.metrics.secret.new.basicAuthUsername Username for basic auth. The username and password is required by reposilite to expose metrics. Default: random alpha numeric string.
|
||||
## @param prometheus.metrics.secret.new.basicAuthPassword Password for basic auth. The username and password is required by reposilite to expose metrics. Default random alpha numeric string.
|
||||
new:
|
||||
annotations: {}
|
||||
labels: {}
|
||||
basicAuthUsername: ""
|
||||
basicAuthPassword: ""
|
||||
|
||||
## @param prometheus.metrics.podMonitor.enabled Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource.
|
||||
## @param prometheus.metrics.podMonitor.annotations Additional podMonitor annotations.
|
||||
## @param prometheus.metrics.podMonitor.enableHttp2 Enable HTTP2.
|
||||
## @param prometheus.metrics.podMonitor.followRedirects FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.
|
||||
## @param prometheus.metrics.podMonitor.honorLabels Honor labels.
|
||||
## @param prometheus.metrics.podMonitor.labels Additional podMonitor labels.
|
||||
## @param prometheus.metrics.podMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.
|
||||
## @param prometheus.metrics.podMonitor.path HTTP path of the Reposilite pod for scraping Prometheus metrics.
|
||||
## @param prometheus.metrics.podMonitor.port HTTP port of the Reposilite pod for scraping Prometheus metrics.
|
||||
## @param prometheus.metrics.podMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields.
|
||||
## @param prometheus.metrics.podMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.
|
||||
## @param prometheus.metrics.podMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`.
|
||||
## @param prometheus.metrics.podMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus.
|
||||
## @skip prometheus.metrics.podMonitor.tlsConfig Skip individual TLS configuration.
|
||||
podMonitor:
|
||||
enabled: false
|
||||
annotations: {}
|
||||
enableHttp2: false
|
||||
followRedirects: false
|
||||
honorLabels: false
|
||||
labels: {}
|
||||
interval: "60s"
|
||||
path: "/metrics"
|
||||
port: "http"
|
||||
relabelings: []
|
||||
scrapeTimeout: "30s"
|
||||
scheme: "http"
|
||||
tlsConfig: {}
|
||||
|
||||
## @param prometheus.metrics.serviceMonitor.enabled Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource.
|
||||
## @param prometheus.metrics.serviceMonitor.annotations Additional serviceMonitor annotations.
|
||||
## @param prometheus.metrics.serviceMonitor.labels Additional serviceMonitor labels.
|
||||
## @param prometheus.metrics.serviceMonitor.enableHttp2 Enable HTTP2.
|
||||
## @param prometheus.metrics.serviceMonitor.followRedirects FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.
|
||||
## @param prometheus.metrics.serviceMonitor.honorLabels Honor labels.
|
||||
## @param prometheus.metrics.serviceMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.
|
||||
## @param prometheus.metrics.serviceMonitor.path HTTP path for scraping Prometheus metrics.
|
||||
## @param prometheus.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields.
|
||||
## @param prometheus.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.
|
||||
## @param prometheus.metrics.serviceMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`.
|
||||
## @param prometheus.metrics.serviceMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus.
|
||||
## @skip prometheus.metrics.serviceMonitor.tlsConfig Skip individual TLS configuration.
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
annotations: {}
|
||||
labels: {}
|
||||
enableHttp2: false
|
||||
followRedirects: false
|
||||
honorLabels: false
|
||||
interval: "60s"
|
||||
path: "/metrics"
|
||||
relabelings: []
|
||||
scrapeTimeout: "30s"
|
||||
scheme: "http"
|
||||
tlsConfig: {}
|
||||
|
||||
## @section Service
|
||||
## @param service.enabled Enable the service.
|
||||
## @param service.annotations Additional service annotations.
|
||||
@@ -368,6 +489,7 @@ persistentVolumeClaim:
|
||||
## @param service.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.
|
||||
## @param service.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.
|
||||
## @param service.port Port to forward the traffic to.
|
||||
## @param service.scheme Name of the service port. This name is also used as scheme / port name of the service monitor resource.
|
||||
## @param service.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.
|
||||
## @param service.sessionAffinityConfig Contains the configuration of the session affinity.
|
||||
## @param service.type Kubernetes service type for the traffic.
|
||||
@@ -383,6 +505,7 @@ service:
|
||||
loadBalancerIP: ""
|
||||
loadBalancerSourceRanges: []
|
||||
port: 8080
|
||||
scheme: http
|
||||
sessionAffinity: "None"
|
||||
sessionAffinityConfig: {}
|
||||
type: "ClusterIP"
|
||||
|
Reference in New Issue
Block a user