volker.raschek/reposilite-charts
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: volker.raschek/reposilite-charts:feat/support-gateway-api
Branches Tags
volker.raschek/reposilite-charts:master volker.raschek/reposilite-charts:renovate/docker.io-volkerraschek-helm-4.x volker.raschek/reposilite-charts:feat/support-gateway-api
volker.raschek/reposilite-charts:1.0.0 volker.raschek/reposilite-charts:0.3.0 volker.raschek/reposilite-charts:0.2.0 volker.raschek/reposilite-charts:0.1.3 volker.raschek/reposilite-charts:0.1.2 volker.raschek/reposilite-charts:0.1.1 volker.raschek/reposilite-charts:0.1.0
..
pull from: volker.raschek/reposilite-charts:master
Branches Tags
volker.raschek/reposilite-charts:renovate/docker.io-volkerraschek-helm-4.x volker.raschek/reposilite-charts:master volker.raschek/reposilite-charts:feat/support-gateway-api
volker.raschek/reposilite-charts:1.0.0 volker.raschek/reposilite-charts:0.3.0 volker.raschek/reposilite-charts:0.2.0 volker.raschek/reposilite-charts:0.1.3 volker.raschek/reposilite-charts:0.1.2 volker.raschek/reposilite-charts:0.1.1 volker.raschek/reposilite-charts:0.1.0

2 Commits
feat/support-gateway-api .. master

Author SHA1 Message Date
CSRBot cd6737e992 Merge pull request 'chore(deps): update dependency helm/helm to v4.2.0' (#13) from renovate/helm-helm-4.x into master
Helm / helm-lint (push) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 14s
Details
2026-06-07 21:14:25 +00:00
CSRBot 4bcd7a5339 chore(deps): update dependency helm/helm to v4.2.0
Helm / helm-lint (push) Successful in 4s
Details
Helm / helm-unittest (push) Successful in 17s
Details
Helm / helm-lint (pull_request) Successful in 5s
Details
Helm / helm-unittest (pull_request) Successful in 19s
Details
2026-06-07 18:17:17 +00:00
14 changed files with 7 additions and 929 deletions
Expand all files Collapse all files
.gitea/workflows/helm.yaml
+2 -2
View File
@@ -17,7 +17,7 @@ jobs:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
with: with:
version: v4.1.4 # renovate: datasource=github-releases depName=helm/helm version: v4.2.0 # renovate: datasource=github-releases depName=helm/helm
- name: Lint helm files - name: Lint helm files
run: | run: |
helm lint --values values.yaml . helm lint --values values.yaml .
@@ -28,7 +28,7 @@ jobs:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
with: with:
version: v4.1.4 # renovate: datasource=github-releases depName=helm/helm version: v4.2.0 # renovate: datasource=github-releases depName=helm/helm
- env: - env:
HELM_UNITTEST_VERSION: v1.0.0 #renovate: datasource=github-releases depName=helm-unittest/helm-unittest HELM_UNITTEST_VERSION: v1.0.0 #renovate: datasource=github-releases depName=helm-unittest/helm-unittest
name: Install helm-unittest name: Install helm-unittest
.gitignore
+2 -4
View File
@@ -1,8 +1,6 @@
charts charts
node_modules node_modules
target target
!values.yaml values[0-9].yml
!values.yml values[0-9].yaml
values*.yaml
values*.yml
*.tgz *.tgz
README.md
+2 -137
View File
@@ -63,9 +63,8 @@ The following examples serve as individual configurations and as inspiration for
#### TLS encryption #### TLS encryption
The example describe how to deploy Reposilite with TLS encryption. If Reposilite is deployed behind reverse proxy, for The example describe how to deploy Reposilite with TLS encryption. If Reposilite is deployed behind reverse proxy, for
example an ingress nginx controller or Gateway API, please instruct the reserve proxy to establish an TLS encrypted example an ingress nginx controller, please instruct the ingress to establish an TLS encrypted connection to avoid
connection to avoid connection problems. The documentation describe configuring [ingress NGINX](#ingress-nginx) as well connection problems.
as [NGINX Gateway Fabric](#gatewayapi-nginx-fabric).
> [!WARNING] > [!WARNING]
> The secret `reposilite-tls` containing the TLS certificate is already present. The keys `ca.crt`, `tls.key` and > The secret `reposilite-tls` containing the TLS certificate is already present. The keys `ca.crt`, `tls.key` and
@@ -95,108 +94,6 @@ helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \
--set 'service.port=8443' --set 'service.port=8443'
``` ```
##### Ingress NGINX
The following changes must be applied to enable TLS encryption and authentication on-top between the ingress and backend
service.
> [!IMPORTANT]
> The HTTP Version between the ingress nginx and backend must be set to `1.1`, as well as the TLS protocol must be set
> to `TLSv1.2`. Otherwise can't the nginx establish a TLS connection.
The secret `reposilite/ingress-nginx-controller-tls` contains TLS certificates for the nginx ingress controller. The TLS
certificate must be created manually, for example via [cert-manager](https://cert-manager.io/). It is used by the nginx
for TLS authentication.
```yaml
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
nginx.ingress.kubernetes.io/proxy-ssl-secret: reposilite/ingress-nginx-controller-tls
nginx.ingress.kubernetes.io/proxy-ssl-protocols: TLSv1.2
nginx.ingress.kubernetes.io/proxy-ssl-name: reposilite
nginx.ingress.kubernetes.io/proxy-ssl-verify: "on"
```
##### GatewayAPI: NGINX Fabric
The following changes must be applied to enable TLS encryption and authentication on-top between the ingress and backend
service.
> [!IMPORTANT]
> The HTTP Version between the ingress nginx and backend must be set to `1.1`, as well as the TLS protocol must be set
> to `TLSv1.2`. Otherwise can't the nginx establish a TLS connection.
The `gatewayAPI.core.backendTLSPolicy.validation.caCertificateRefs` must contains at least one secret containing the
root or intermediate certificate of the issued TLS certificate used by reposilite to be able to validate the TLS certificate.
```yaml
gatewayAPI:
enabled: true
core:
backendTLSPolicy:
enabled: true
validation:
caCertificateRefs:
- group: ""
kind: Secret
name: "reposilite-ca"
hostname: "reposilite"
httpRoute:
hostnames:
- reposilite.example.local
parentRefs:
- name: nginx
kind: Gateway
group: gateway.networking.k8s.io
namespace: my-gateway-namespace
sectionName: reposilite-https
```
The Gateway resource is not part of the helm chart, but for illustrating the configuration example, here a GatewayAPI
resource with configured backend TLS certificate. The TLS certificates `gateway-frontend-tls` and `gateway-backend-tls`
must also be created manually, for example via [cert-manager](https://cert-manager.io/).
```yaml
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: nginx
namespace: my-gateway-namespace
spec:
gatewayClassName: nginx
listeners:
- allowedRoutes:
kinds:
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespaces:
from: All
hostname: reposilite.example.local
name: https
port: 443
protocol: HTTPS
tls:
certificateRefs:
- group: ''
kind: Secret
name: gateway-frontend-tls
namespace: my-gateway-namespace
mode: Terminate
tls:
backend:
clientCertificateRef:
group: ''
kind: Secret
name: gateway-backend-tls
namespace: my-gateway-namespace
```
#### TLS certificate rotation #### TLS certificate rotation
If Reposilite uses TLS certificates that are mounted as a secret in the container file system like the example If Reposilite uses TLS certificates that are mounted as a secret in the container file system like the example
@@ -275,20 +172,12 @@ networkPolicies:
ingress: ingress:
- from: - from:
# Ingress NGINX
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
kubernetes.io/metadata.name: ingress-nginx kubernetes.io/metadata.name: ingress-nginx
podSelector: podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
# NGINX GatewayAPI Fabric
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: gateway-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: gateway-nginx
ports: ports:
- port: http - port: http
protocol: TCP protocol: TCP
@@ -423,30 +312,6 @@ spec:
| `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the Reposilite deployment. | `[]` | | `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the Reposilite deployment. | `[]` |
| `deployment.volumes` | Additional volumes to mount into the pods of the reposilite deployment. | `[]` | | `deployment.volumes` | Additional volumes to mount into the pods of the reposilite deployment. | `[]` |
### GatewayAPI
| Name | Description | Value |
| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `gatewayAPI.enabled` | Enable the Gateway API resources. Requires Kubernetes v1.19 or higher, the CRD's and a compatible gateway controller. | `false` |
| `gatewayAPI.core.backendTLSPolicy.enabled` | Enable the BackendTLSPolicy resource. Requires also `gatewayAPI.enabled` to be `true`. | `false` |
| `gatewayAPI.core.backendTLSPolicy.annotations` | Additional annotations for the BackendTLSPolicy. | `{}` |
| `gatewayAPI.core.backendTLSPolicy.labels` | Additional labels for the BackendTLSPolicy. | `{}` |
| `gatewayAPI.core.backendTLSPolicy.validation` | Validation configuration for the BackendTLSPolicy. For example, you can specify a trusted CA certificate to validate the TLS connection between the gateway and the Reposilite pod. | `{}` |
| `gatewayAPI.core.httpRoute.enabled` | Enable the HTTPRoute resource. Requires also `gatewayAPI.enabled` and `service.enabled` to be `true`. | `false` |
| `gatewayAPI.core.httpRoute.annotations` | Additional annotations for the HTTPRoute. | `{}` |
| `gatewayAPI.core.httpRoute.labels` | Additional labels for the HTTPRoute. | `{}` |
| `gatewayAPI.core.httpRoute.hostnames` | Hostnames for the HTTPRoute. | `[]` |
| `gatewayAPI.core.httpRoute.parentRefs` | ParentRefs for the HTTPRoute. You can specify parentRefs to bind the HTTPRoute to specific Gateway resources. | `[]` |
| `gatewayAPI.nginx.clientSettingsPolicy.enabled` | Enable the ClientSettingsPolicy resource. Requires also `gatewayAPI.enabled` to be `true`. | `false` |
| `gatewayAPI.nginx.clientSettingsPolicy.annotations` | Additional annotations for the ClientSettingsPolicy. | `{}` |
| `gatewayAPI.nginx.clientSettingsPolicy.labels` | Additional labels for the ClientSettingsPolicy. | `{}` |
| `gatewayAPI.nginx.clientSettingsPolicy.clientMaxBodySize` | ClientMaxBodySize sets the maximum allowed size of the client request body. If not specified, the default of the nginx gateway controller is used. | `""` |
| `gatewayAPI.nginx.clientSettingsPolicy.clientBodyTimeout` | ClientBodyTimeout sets the timeout for reading the client request body. If not specified, the default of the nginx gateway controller is used. | `""` |
| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveRequests` | KeepaliveRequests sets the maximum number of requests that can be served through one keepalive connection. If not specified, the default of the nginx gateway controller is used. | `nil` |
| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveTime` | KeepaliveTime sets the time a keepalive connection is kept open. If not specified, the default of the nginx gateway controller is used. | `""` |
| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveTimeout` | KeepaliveTimeout sets the time a client has to wait for the response of a request until the connection is closed. If not specified, the default of the nginx gateway controller is used. | `""` |
| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveMinTimeout` | KeepaliveMinTimeout sets the minimum time a client has to wait for the response of a request until the connection is closed. If not specified, the default of the nginx gateway controller is used. | `""` |
### Horizontal Pod Autoscaler (HPA) ### Horizontal Pod Autoscaler (HPA)
| Name | Description | Value | | Name | Description | Value |
renovate.json
+1 -1
View File
@@ -15,7 +15,7 @@
"^Chart\\.yaml$" "^Chart\\.yaml$"
], ],
"matchStrings": [ "matchStrings": [
"^appVersion: \"?(?<currentValue>.*)\"?" "appVersion: \"(?<currentValue>.*?)\"\\s+"
], ],
"datasourceTemplate": "docker", "datasourceTemplate": "docker",
"depNameTemplate": "dzikoysk/reposilite", "depNameTemplate": "dzikoysk/reposilite",
templates/_backendTLSPolicy.tpl
-32
View File
@@ -1,32 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "reposilite.backendTLSPolicy.annotations" -}}
{{ include "reposilite.annotations" . }}
{{- if .Values.gatewayAPI.core.backendTLSPolicy.annotations }}
{{ toYaml .Values.gatewayAPI.core.backendTLSPolicy.annotations }}
{{- end }}
{{- end }}
{{/* enabled */}}
{{- define "reposilite.backendTLSPolicy.enabled" -}}
{{- if and .Values.gatewayAPI.enabled
.Values.gatewayAPI.core.backendTLSPolicy.enabled
.Values.service.enabled
-}}
true
{{- else -}}
false
{{- end -}}
{{- end }}
{{/* labels */}}
{{- define "reposilite.backendTLSPolicy.labels" -}}
{{ include "reposilite.labels" . }}
{{- if .Values.gatewayAPI.core.backendTLSPolicy.labels }}
{{ toYaml .Values.gatewayAPI.core.backendTLSPolicy.labels }}
{{- end }}
{{- end }}
templates/_clientSettingsPolicy.tpl
-31
View File
@@ -1,31 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "reposilite.clientSettingsPolicy.annotations" -}}
{{ include "reposilite.annotations" . }}
{{- if .Values.gatewayAPI.nginx.clientSettingsPolicy.annotations }}
{{ toYaml .Values.gatewayAPI.nginx.clientSettingsPolicy.annotations }}
{{- end }}
{{- end }}
{{/* enabled */}}
{{- define "reposilite.clientSettingsPolicy.enabled" -}}
{{- if and (eq (include "reposilite.httpRoute.enabled" $) "true")
.Values.gatewayAPI.nginx.clientSettingsPolicy.enabled
-}}
true
{{- else -}}
false
{{- end -}}
{{- end }}
{{/* labels */}}
{{- define "reposilite.clientSettingsPolicy.labels" -}}
{{ include "reposilite.labels" . }}
{{- if .Values.gatewayAPI.nginx.clientSettingsPolicy.labels }}
{{ toYaml .Values.gatewayAPI.nginx.clientSettingsPolicy.labels }}
{{- end }}
{{- end }}
templates/_httpRoute.tpl
-32
View File
@@ -1,32 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "reposilite.httpRoute.annotations" -}}
{{ include "reposilite.annotations" . }}
{{- if .Values.gatewayAPI.core.httpRoute.annotations }}
{{ toYaml .Values.gatewayAPI.core.httpRoute.annotations }}
{{- end }}
{{- end }}
{{/* enabled */}}
{{- define "reposilite.httpRoute.enabled" -}}
{{- if and .Values.gatewayAPI.enabled
.Values.gatewayAPI.core.httpRoute.enabled
.Values.service.enabled
-}}
true
{{- else -}}
false
{{- end -}}
{{- end }}
{{/* labels */}}
{{- define "reposilite.httpRoute.labels" -}}
{{ include "reposilite.labels" . }}
{{- if .Values.gatewayAPI.core.httpRoute.labels }}
{{ toYaml .Values.gatewayAPI.core.httpRoute.labels }}
{{- end }}
{{- end }}
templates/backendTLSPolicy.yaml
-25
View File
@@ -1,25 +0,0 @@
{{- if eq (include "reposilite.backendTLSPolicy.enabled" $) "true" }}
---
apiVersion: gateway.networking.k8s.io/v1
kind: BackendTLSPolicy
metadata:
{{- with (include "reposilite.backendTLSPolicy.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "reposilite.backendTLSPolicy.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "reposilite.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
targetRefs:
- group: ""
kind: Service
name: {{ include "reposilite.service.name" . }}
{{- with .Values.gatewayAPI.core.backendTLSPolicy.validation }}
validation:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}
templates/clientSettingsPolicy.yaml
-50
View File
@@ -1,50 +0,0 @@
{{- if eq (include "reposilite.clientSettingsPolicy.enabled" $) "true" }}
apiVersion: gateway.nginx.org/v1alpha1
kind: ClientSettingsPolicy
metadata:
{{- with (include "reposilite.clientSettingsPolicy.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "reposilite.clientSettingsPolicy.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "reposilite.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
targetRef:
group: gateway.networking.k8s.io
kind: HTTPRoute
name: {{ include "reposilite.fullname" . }}
{{- if or .Values.gatewayAPI.nginx.clientSettingsPolicy.clientMaxBodySize
.Values.gatewayAPI.nginx.clientSettingsPolicy.clientBodyTimeout
}}
body:
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.clientMaxBodySize }}
maxSize: {{ . }}
{{- end }}
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.clientBodyTimeout }}
timeout: {{ . }}
{{- end }}
{{- end }}
{{- if or .Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveRequests
.Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveTime
.Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveTimeout
.Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveMinTimeout
}}
keepAlive:
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveRequests }}
requests: {{ . }}
{{- end }}
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveTime }}
time: {{ . }}
{{- end }}
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveTimeout }}
timeout: {{ . }}
{{- end }}
{{- with .Values.gatewayAPI.nginx.clientSettingsPolicy.keepaliveMinTimeout }}
minTimeout: {{ . }}
{{- end }}
{{- end }}
{{- end -}}
templates/httpRoute.yaml
-36
View File
@@ -1,36 +0,0 @@
{{- if eq (include "reposilite.httpRoute.enabled" $) "true" }}
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
{{- with (include "reposilite.httpRoute.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "reposilite.httpRoute.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "reposilite.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- with .Values.gatewayAPI.core.httpRoute.hostnames }}
hostnames:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.gatewayAPI.core.httpRoute.parentRefs }}
parentRefs:
{{- toYaml . | nindent 4 }}
{{- end }}
rules:
- backendRefs:
- kind: Service
name: {{ include "reposilite.service.name" . }}
namespace: {{ .Release.Namespace }}
port: {{ .Values.service.port }}
weight: 1
{{- with .Values.gatewayAPI.core.httpRoute.matches }}
matches:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
unittests/backendTLSPolicy/backendTLSPolicy.yaml
-130
View File
@@ -1,130 +0,0 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: backendTLSPolicy template
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/backendTLSPolicy.yaml
tests:
- it: Skip rendering when disabled 1/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.backendTLSPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 2/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 3/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.backendTLSPolicy.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 4/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.backendTLSPolicy.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 5/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 6/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Render default values
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy.enabled: true
service.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: gateway.networking.k8s.io/v1
kind: BackendTLSPolicy
name: reposilite-unittest
namespace: testing
- contains:
path: spec.targetRefs
content:
group: ""
kind: Service
name: reposilite-unittest
- notExists:
path: spec.validation.caCertificateRefs
- it: Render with custom annotations and labels
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy:
enabled: true
annotations:
foo: bar
labels:
bar: foo
service.enabled: true
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
app.kubernetes.io/managed-by: Helm
helm.sh/chart: reposilite-0.1.0
bar: foo
- it: Render with custom validation
set:
gatewayAPI.enabled: true
gatewayAPI.core.backendTLSPolicy.enabled: true
gatewayAPI.core.backendTLSPolicy.validation:
caCertificateRefs:
- group: ""
kind: Secret
name: reposilite-ca
hostname: reposilite.svc.cluster.local
service.enabled: true
asserts:
- isSubset:
path: spec.validation
content:
caCertificateRefs:
- group: ""
kind: Secret
name: reposilite-ca
unittests/clientSettingsPolicy/clientSettingsPolicy.yaml
-190
View File
@@ -1,190 +0,0 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ClientSettingsPolicy template
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/clientSettingsPolicy.yaml
tests:
- it: Skip rendering when disabled 1/8
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 2/8
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 3/8
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 4/8
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 5/8
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 6/8
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 7/8
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 8/8
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: false
gatewayAPI.nginx.clientSettingsPolicy.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Render default values
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy.enabled: true
service.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: gateway.nginx.org/v1alpha1
kind: ClientSettingsPolicy
name: reposilite-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
- isSubset:
path: spec.targetRef
content:
group: gateway.networking.k8s.io
kind: HTTPRoute
name: reposilite-unittest
- notExists:
path: spec.body
- notExists:
path: spec.keepAlive
- it: Render custom annotations and labels
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy:
enabled: true
annotations:
foo: "bar"
labels:
bar: "foo"
service.enabled: true
asserts:
- equal:
path: metadata.annotations
value:
foo: "bar"
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
bar: "foo"
- it: Render with custom body settings
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy:
enabled: true
clientMaxBodySize: 10m
clientBodyTimeout: 30s
service.enabled: true
asserts:
- isSubset:
path: spec.body
content:
maxSize: 10m
timeout: 30s
- notExists:
path: spec.keepAlive
- it: Render with custom keepAlive settings
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
gatewayAPI.nginx.clientSettingsPolicy:
enabled: true
keepaliveRequests: 100
keepaliveTime: 60s
keepaliveTimeout: 60s
keepaliveMinTimeout: 10s
service.enabled: true
asserts:
- notExists:
path: spec.body
- isSubset:
path: spec.keepAlive
content:
requests: 100
time: 60s
timeout: 60s
minTimeout: 10s
unittests/httpRoute/httpRoute.yaml
-194
View File
@@ -1,194 +0,0 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: HTTPRoute template
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/httpRoute.yaml
tests:
- it: Skip rendering when disabled 1/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 2/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: false
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 3/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 4/6
set:
gatewayAPI.enabled: false
gatewayAPI.core.httpRoute.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 5/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: false
service.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip rendering when disabled 6/6
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
service.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Rendering default values
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
service.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
name: reposilite-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
- notExists:
path: spec.hostnames
- notExists:
path: spec.parentRefs
- contains:
path: spec.rules[0].backendRefs
content:
kind: Service
name: reposilite-unittest
namespace: testing
port: 8080
weight: 1
- contains:
path: spec.rules[0].matches
content:
path:
type: PathPrefix
value: /
- it: Rendering custom annotations and labels
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute:
enabled: true
annotations:
foo: bar
labels:
bar: foo
service.enabled: true
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
bar: foo
helm.sh/chart: reposilite-0.1.0
- it: Rendering custom service port
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute.enabled: true
service:
enabled: true
port: 9090
asserts:
- equal:
path: spec.rules[0].backendRefs[0].port
value: 9090
- it: Rendering custom matches
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute:
enabled: true
matches:
- path:
type: PathPrefix
value: /foo
service.enabled: true
asserts:
- contains:
path: spec.rules[0].matches
content:
path:
type: PathPrefix
value: /foo
- it: Rendering custom hostnames and parentRefs
set:
gatewayAPI.enabled: true
gatewayAPI.core.httpRoute:
enabled: true
hostnames:
- reposilite.example.local
parentRefs:
- name: gateway
namespace: testing
kind: Gateway
sectionName: reposilite-debug-gateway
service.enabled: true
asserts:
- lengthEqual:
path: spec.hostnames
count: 1
- contains:
path: spec.hostnames
content:
reposilite.example.local
- lengthEqual:
path: spec.parentRefs
count: 1
- contains:
path: spec.parentRefs
content:
name: gateway
namespace: testing
kind: Gateway
sectionName: reposilite-debug-gateway
values.yaml
-65
View File
@@ -229,71 +229,6 @@ deployment:
# secretName: my-secret # secretName: my-secret
## @section GatewayAPI
gatewayAPI:
## @param gatewayAPI.enabled Enable the Gateway API resources. Requires Kubernetes v1.19 or higher, the CRD's and a compatible gateway controller.
enabled: false
core:
## @param gatewayAPI.core.backendTLSPolicy.enabled Enable the BackendTLSPolicy resource. Requires also `gatewayAPI.enabled` to be `true`.
## @param gatewayAPI.core.backendTLSPolicy.annotations Additional annotations for the BackendTLSPolicy.
## @param gatewayAPI.core.backendTLSPolicy.labels Additional labels for the BackendTLSPolicy.
## @param gatewayAPI.core.backendTLSPolicy.validation Validation configuration for the BackendTLSPolicy. For example, you can specify a trusted CA certificate to validate the TLS connection between the gateway and the Reposilite pod.
backendTLSPolicy:
enabled: false
annotations: {}
labels: {}
validation: {}
# caCertificateRefs:
# - group: ""
# kind: Secret
# name: "reposilite-ca"
# hostname: "reposilite"
## @param gatewayAPI.core.httpRoute.enabled Enable the HTTPRoute resource. Requires also `gatewayAPI.enabled` and `service.enabled` to be `true`.
## @param gatewayAPI.core.httpRoute.annotations Additional annotations for the HTTPRoute.
## @param gatewayAPI.core.httpRoute.labels Additional labels for the HTTPRoute.
## @param gatewayAPI.core.httpRoute.hostnames Hostnames for the HTTPRoute.
## @skip gatewayAPI.core.httpRoute.matches Match conditions for the HTTPRoute. You can specify path based match conditions to route traffic to the Reposilite service.
## @param gatewayAPI.core.httpRoute.parentRefs ParentRefs for the HTTPRoute. You can specify parentRefs to bind the HTTPRoute to specific Gateway resources.
httpRoute:
enabled: false
annotations: {}
labels: {}
hostnames: []
matches:
- path:
type: PathPrefix
value: /
parentRefs: []
# - name: gateway
# kind: Gateway
# group: gateway.networking.k8s.io
# namespace: default
# sectionName: reposilite-http
nginx:
## @param gatewayAPI.nginx.clientSettingsPolicy.enabled Enable the ClientSettingsPolicy resource. Requires also `gatewayAPI.enabled` to be `true`.
## @param gatewayAPI.nginx.clientSettingsPolicy.annotations Additional annotations for the ClientSettingsPolicy.
## @param gatewayAPI.nginx.clientSettingsPolicy.labels Additional labels for the ClientSettingsPolicy.
## @param gatewayAPI.nginx.clientSettingsPolicy.clientMaxBodySize ClientMaxBodySize sets the maximum allowed size of the client request body. If not specified, the default of the nginx gateway controller is used.
## @param gatewayAPI.nginx.clientSettingsPolicy.clientBodyTimeout ClientBodyTimeout sets the timeout for reading the client request body. If not specified, the default of the nginx gateway controller is used.
## @param gatewayAPI.nginx.clientSettingsPolicy.keepaliveRequests KeepaliveRequests sets the maximum number of requests that can be served through one keepalive connection. If not specified, the default of the nginx gateway controller is used.
## @param gatewayAPI.nginx.clientSettingsPolicy.keepaliveTime KeepaliveTime sets the time a keepalive connection is kept open. If not specified, the default of the nginx gateway controller is used.
## @param gatewayAPI.nginx.clientSettingsPolicy.keepaliveTimeout KeepaliveTimeout sets the time a client has to wait for the response of a request until the connection is closed. If not specified, the default of the nginx gateway controller is used.
## @param gatewayAPI.nginx.clientSettingsPolicy.keepaliveMinTimeout KeepaliveMinTimeout sets the minimum time a client has to wait for the response of a request until the connection is closed. If not specified, the default of the nginx gateway controller is used.
clientSettingsPolicy:
enabled: false
annotations: {}
labels: {}
clientMaxBodySize: ""
clientBodyTimeout: ""
keepaliveRequests:
keepaliveTime: ""
keepaliveTimeout: ""
keepaliveMinTimeout: ""
## @section Horizontal Pod Autoscaler (HPA) ## @section Horizontal Pod Autoscaler (HPA)
# In order for the HPA to function successfully, a metric server is required, especially for resource consumption. The # In order for the HPA to function successfully, a metric server is required, especially for resource consumption. The
# metric server enables the CPU and memory utilisation to be recorded. If such a metric server is not available, the HPA # metric server enables the CPU and memory utilisation to be recorded. If such a metric server is not available, the HPA