volker.raschek/reposilite-charts
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: volker.raschek:renovate/major-update-docker.iolibrarynode
Branches Tags
volker.raschek:master volker.raschek:renovate/major-update-docker.iolibrarynode
volker.raschek:0.3.0 volker.raschek:0.2.0 volker.raschek:0.1.3 volker.raschek:0.1.2 volker.raschek:0.1.1 volker.raschek:0.1.0
..
compare: volker.raschek:28cfcfe95c237f57dca14c9fcc187a5690d169c2
Branches Tags
volker.raschek:master volker.raschek:renovate/major-update-docker.iolibrarynode
volker.raschek:0.3.0 volker.raschek:0.2.0 volker.raschek:0.1.3 volker.raschek:0.1.2 volker.raschek:0.1.1 volker.raschek:0.1.0

7 Commits
renovate/m ... 28cfcfe95c

Author SHA1 Message Date
Markus Pesch
28cfcfe95c revert(deps): update docker.io/curlimages/curl docker tag to v8.16.0
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 6s
Details
Generate README / generate-parameters (push) Successful in 28s
Details 
This reverts commit fc01bc773d.
 2025-09-20 17:51:04 +02:00
Markus Pesch
e473fc32f1 fix(renovate): add README.md to list of fileFilters 2025-09-20 17:50:39 +02:00
CSRBot
fc01bc773d chore(deps): update docker.io/curlimages/curl docker tag to v8.16.0
Some checks failed
Generate README / generate-parameters (pull_request) Failing after 10s
Details
Helm / helm-unittest (pull_request) Successful in 6s
Details
Helm / helm-lint (pull_request) Successful in 14s
Details
Generate README / generate-parameters (push) Failing after 9s
Details
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (push) Successful in 6s
Details
2025-09-20 17:47:32 +02:00
Markus Pesch
c63314e00a revert(deps): update docker.io/curlimages/curl docker tag to v8.16.0
All checks were successful
Generate README / generate-parameters (push) Successful in 9s
Details
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (push) Successful in 6s
Details
Markdown linter / markdown-lint (push) Successful in 9s
Details
Markdown linter / markdown-link-checker (push) Successful in 30s
Details 
This reverts commit 30c4e7f8ec.
 2025-09-20 17:46:45 +02:00
Markus Pesch
2c08310b28 fix(renovate): adapt fileFilters for postUpgradeTasks
All checks were successful
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (push) Successful in 15s
Details
2025-09-20 17:46:10 +02:00
CSRBot
30c4e7f8ec chore(deps): update docker.io/curlimages/curl docker tag to v8.16.0
All checks were successful
Helm / helm-lint (pull_request) Successful in 5s
Details
Helm / helm-unittest (pull_request) Successful in 6s
Details
Generate README / generate-parameters (pull_request) Successful in 28s
Details
Markdown linter / markdown-link-checker (pull_request) Successful in 11s
Details
Generate README / generate-parameters (push) Successful in 9s
Details
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 7s
Details
Markdown linter / markdown-lint (pull_request) Successful in 26s
Details
Markdown linter / markdown-link-checker (push) Successful in 11s
Details
Markdown linter / markdown-lint (push) Successful in 28s
Details
2025-09-20 17:43:33 +02:00
Markus Pesch
7b44b9626f fix(renovate): update REAMDE
All checks were successful
Helm / helm-lint (push) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 6s
Details
Generate README / generate-parameters (push) Successful in 28s
Details
2025-09-20 17:25:44 +02:00
21 changed files with 96 additions and 533 deletions
Expand all files Collapse all files

2
.gitea/workflows/generate-readme.yaml
View File

@@ -15,7 +15,7 @@ on:
jobs:
generate-parameters:
container:
image: docker.io/library/node:25.0.0-alpine
image: docker.io/library/node:24.8.0-alpine
runs-on:
- ubuntu-latest
steps:

73
.gitea/workflows/helm.yaml
View File

@@ -12,56 +12,31 @@ on:
jobs:
helm-lint:
container: docker.io/alpine/helm:3.19.0
name: Execute helm lint
runs-on: ubuntu-latest
container:
image: docker.io/volkerraschek/helm:3.18.5
runs-on:
- ubuntu-latest
steps:
- name: Install additional tools
run: |
apk update
apk add --update bash make nodejs
- uses: actions/checkout@v5.0.0
- name: Install helm chart dependencies
run: helm dependency build
- name: Execute helm lint
run: helm lint
helm-template:
container: docker.io/alpine/helm:3.19.0
name: Execute helm template
runs-on: ubuntu-latest
steps:
- name: Install additional tools
run: |
apk update
apk add --update bash make nodejs
- uses: actions/checkout@v5.0.0
- name: Extract repository owner and name
run: |
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
- name: Install helm chart dependencies
run: helm dependency build
- name: Execute helm template
run: helm template --debug "${REPOSITORY_NAME}" .
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v5.0.0
- name: Lint helm files
run: |
helm lint --values values.yaml .
helm-unittest:
container: docker.io/alpine/helm:3.19.0
env:
HELM_UNITTEST_VERSION: v1.0.1 # renovate: datasource=github-releases depName=helm-unittest/helm-unittest
name: Execute helm unittest
runs-on: ubuntu-latest
container:
image: docker.io/volkerraschek/helm:3.18.5
runs-on:
- ubuntu-latest
steps:
- name: Install additional tools
run: |
apk update
apk add --update bash make nodejs npm yamllint ncurses
- uses: actions/checkout@v5.0.0
- name: Install helm chart dependencies
run: helm dependency build
- name: Install helm plugin 'unittest'
run: helm plugin install --version "${HELM_UNITTEST_VERSION}" https://github.com/helm-unittest/helm-unittest
- name: Execute helm unittest
env:
TERM: xterm
run: helm unittest --strict --file 'unittests/**/*.yaml' ./
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v5.0.0
- name: Unittest
run: |
helm unittest --strict --file 'unittests/**/*.yaml' ./

4
.gitea/workflows/markdown-linters.yaml
View File

@@ -15,7 +15,7 @@ on:
jobs:
markdown-link-checker:
container:
image: docker.io/library/node:25.0.0-alpine
image: docker.io/library/node:24.8.0-alpine
runs-on:
- ubuntu-latest
steps:
@@ -31,7 +31,7 @@ jobs:
markdown-lint:
container:
image: docker.io/library/node:25.0.0-alpine
image: docker.io/library/node:24.8.0-alpine
runs-on:
- ubuntu-latest
steps:

2
.gitea/workflows/release.yaml
View File

@@ -8,7 +8,7 @@ on:
jobs:
publish-chart:
container:
image: docker.io/volkerraschek/helm:3.19.0
image: docker.io/volkerraschek/helm:3.18.5
runs-on: ubuntu-latest
steps:
- name: Install packages via apk

8
.vscode/settings.json vendored
View File

@@ -1,8 +0,0 @@
{
"yaml.schemas": {
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.2/schema/helm-testsuite.json": [
"/unittests/**/*.yaml"
]
},
"yaml.schemaStore.enable": true
}

2
Chart.yaml
View File

@@ -5,7 +5,7 @@ annotations:
- name: support
url: https://git.cryptic.systems/volker.raschek/reposilite-charts/issues
apiVersion: v2
appVersion: "3.5.26"
appVersion: "3.5.25"
description: |
Lightweight and easy-to-use repository management software
dedicated for the Maven based artifacts in the JVM ecosystem

6
Makefile
View File

@@ -4,13 +4,13 @@ CONTAINER_RUNTIME?=$(shell which podman)
# HELM_IMAGE
HELM_IMAGE_REGISTRY_HOST?=docker.io
HELM_IMAGE_REPOSITORY?=volkerraschek/helm
HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm
HELM_IMAGE_VERSION?=3.18.2 # renovate: datasource=docker registryUrl=https://registry-nexus.orbis.dedalus.com depName=volkerraschek/helm
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
# NODE_IMAGE
NODE_IMAGE_REGISTRY_HOST?=docker.io
NODE_IMAGE_REPOSITORY?=library/node
NODE_IMAGE_VERSION?=25.0.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
NODE_IMAGE_VERSION?=24.8.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
# MISSING DOT
@@ -101,4 +101,4 @@ container-run/helm-lint:
# ==============================================================================
# Declare the contents of the PHONY variable as phony. We keep that information
# in a variable so we can use it in if_changed.
.PHONY: ${PHONY}
.PHONY: ${PHONY}

110
README.md
View File

@@ -16,10 +16,7 @@ Chapter [configuration and installation](#helm-configuration-and-installation) d
and use it to deploy the exporter. It also contains further configuration examples.
Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the
*[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)*
concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a
separate [chapter](#argocd).
helm chart is tested for deployment scenarios with **ArgoCD**.
## Helm: configuration and installation
@@ -40,7 +37,7 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi
versions can break something!
```bash
CHART_VERSION=0.3.0
CHART_VERSION=0.2.0
helm show values volker.raschek/reposilite --version "${CHART_VERSION}" > values.yaml
```
@@ -54,7 +51,7 @@ The helm chart also contains a persistent volume claim definition. It persistent
Use the `--set` argument to persist your data.
```bash
CHART_VERSION=0.3.0
CHART_VERSION=0.2.0
helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \
persistentVolumeClaim.enabled=true
```
@@ -75,7 +72,7 @@ connection problems.
> error.
```bash
CHART_VERSION=0.3.0
CHART_VERSION=0.2.0
helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \
--set 'deployment.reposilite.env[1].name=REPOSILITE_LOCAL_SSLENABLED' \
--set 'deployment.reposilite.env[1].value="true"' \
@@ -190,42 +187,13 @@ be set the credentials manually.
The following example enable Prometheus metrics with custom basic auth credentials:
```bash
CHART_VERSION=0.3.0
CHART_VERSION=0.2.0
helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \
--set 'prometheus.metrics.enabled=true' \
--set 'prometheus.metrics.basicAuthUsername=my-username' \
--set 'prometheus.metrics.basicAuthUsername=my-password'
```
## ArgoCD
### Daily execution of rolling updates
The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in
connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll
Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments).
The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the
content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version,
Helm render order, different timestamps).
This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this
can lead to unnecessary notifications from ArgoCD.
To avoid this, the annotation with the shasum must be ignored. Below is a diff that adds the `Application` to ignore all
annotations with the prefix `checksum`.
```diff
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
+ ignoreDifferences:
+ - group: apps/v1
+ kind: Deployment
+ jqPathExpressions:
+ - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))'
```
## Parameters
### Global
@@ -272,7 +240,7 @@ annotations with the prefix `checksum`.
| `deployment.pluginContainer.args` | Arguments passed to the plugin container. | `["--location","--fail","--max-time","60"]` |
| `deployment.pluginContainer.image.registry` | Image registry, eg. `docker.io`. | `docker.io` |
| `deployment.pluginContainer.image.repository` | Image repository, eg. `curlimages/curl`. | `curlimages/curl` |
| `deployment.pluginContainer.image.tag` | Custom image tag, eg. `0.1.0`. | `8.16.0` |
| `deployment.pluginContainer.image.tag` | Custom image tag, eg. `0.1.0`. | `8.15.0` |
| `deployment.pluginContainer.image.pullPolicy` | Image pull policy. | `IfNotPresent` |
| `deployment.priorityClassName` | PriorityClassName of the Reposilite deployment. | `""` |
| `deployment.replicas` | Number of replicas for the Reposilite deployment. | `1` |
@@ -336,42 +304,36 @@ annotations with the prefix `checksum`.
### Prometheus
| Name | Description | Value |
| --------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| `prometheus.metrics.enabled` | Enable of scraping metrics by Prometheus. | `false` |
| `prometheus.metrics.secret.existing.enabled` | Use an existing secret containing the basic auth credentials. | `false` |
| `prometheus.metrics.secret.existing.secretName` | Name of the secret containing the basic auth credentials. | `""` |
| `prometheus.metrics.secret.existing.basicAuthUsernameKey` | Name of the key in the secret that contains the username for basic auth. | `""` |
| `prometheus.metrics.secret.existing.basicAuthPasswordKey` | Name of the key in the secret that contains the password for basic auth. | `""` |
| `prometheus.metrics.secret.new.annotations` | Additional secret annotations. | `{}` |
| `prometheus.metrics.secret.new.labels` | Additional secret labels. | `{}` |
| `prometheus.metrics.secret.new.basicAuthUsername` | Username for basic auth. The username and password is required by reposilite to expose metrics. Default: random alpha numeric string. | `""` |
| `prometheus.metrics.secret.new.basicAuthPassword` | Password for basic auth. The username and password is required by reposilite to expose metrics. Default random alpha numeric string. | `""` |
| `prometheus.metrics.podMonitor.enabled` | Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource. | `false` |
| `prometheus.metrics.podMonitor.annotations` | Additional podMonitor annotations. | `{}` |
| `prometheus.metrics.podMonitor.enableHttp2` | Enable HTTP2. | `false` |
| `prometheus.metrics.podMonitor.followRedirects` | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. | `false` |
| `prometheus.metrics.podMonitor.honorLabels` | Honor labels. | `false` |
| `prometheus.metrics.podMonitor.labels` | Additional podMonitor labels. | `{}` |
| `prometheus.metrics.podMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `60s` |
| `prometheus.metrics.podMonitor.path` | HTTP path of the Reposilite pod for scraping Prometheus metrics. | `/metrics` |
| `prometheus.metrics.podMonitor.port` | HTTP port of the Reposilite pod for scraping Prometheus metrics. | `http` |
| `prometheus.metrics.podMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]` |
| `prometheus.metrics.podMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `30s` |
| `prometheus.metrics.podMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. | `http` |
| `prometheus.metrics.podMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` |
| `prometheus.metrics.serviceMonitor.enabled` | Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource. | `false` |
| `prometheus.metrics.serviceMonitor.annotations` | Additional serviceMonitor annotations. | `{}` |
| `prometheus.metrics.serviceMonitor.labels` | Additional serviceMonitor labels. | `{}` |
| `prometheus.metrics.serviceMonitor.enableHttp2` | Enable HTTP2. | `false` |
| `prometheus.metrics.serviceMonitor.followRedirects` | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. | `false` |
| `prometheus.metrics.serviceMonitor.honorLabels` | Honor labels. | `false` |
| `prometheus.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `60s` |
| `prometheus.metrics.serviceMonitor.path` | HTTP path for scraping Prometheus metrics. | `/metrics` |
| `prometheus.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]` |
| `prometheus.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `30s` |
| `prometheus.metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. | `http` |
| `prometheus.metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` |
| Name | Description | Value |
| --------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| `prometheus.metrics.enabled` | Enable of scraping metrics by Prometheus. | `false` |
| `prometheus.metrics.basicAuthUsername` | Username for basic auth. The username and password is required by reposilite to expose metrics. Default: random alpha numeric string. | `""` |
| `prometheus.metrics.basicAuthPassword` | Password for basic auth. The username and password is required by reposilite to expose metrics. Default random alpha numeric string. | `""` |
| `prometheus.metrics.podMonitor.enabled` | Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource. | `false` |
| `prometheus.metrics.podMonitor.annotations` | Additional podMonitor annotations. | `{}` |
| `prometheus.metrics.podMonitor.enableHttp2` | Enable HTTP2. | `false` |
| `prometheus.metrics.podMonitor.followRedirects` | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. | `false` |
| `prometheus.metrics.podMonitor.honorLabels` | Honor labels. | `false` |
| `prometheus.metrics.podMonitor.labels` | Additional podMonitor labels. | `{}` |
| `prometheus.metrics.podMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `60s` |
| `prometheus.metrics.podMonitor.path` | HTTP path of the Reposilite pod for scraping Prometheus metrics. | `/metrics` |
| `prometheus.metrics.podMonitor.port` | HTTP port of the Reposilite pod for scraping Prometheus metrics. | `http` |
| `prometheus.metrics.podMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]` |
| `prometheus.metrics.podMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `30s` |
| `prometheus.metrics.podMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. | `http` |
| `prometheus.metrics.podMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` |
| `prometheus.metrics.serviceMonitor.enabled` | Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource. | `false` |
| `prometheus.metrics.serviceMonitor.annotations` | Additional serviceMonitor annotations. | `{}` |
| `prometheus.metrics.serviceMonitor.labels` | Additional serviceMonitor labels. | `{}` |
| `prometheus.metrics.serviceMonitor.enableHttp2` | Enable HTTP2. | `false` |
| `prometheus.metrics.serviceMonitor.followRedirects` | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. | `false` |
| `prometheus.metrics.serviceMonitor.honorLabels` | Honor labels. | `false` |
| `prometheus.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `60s` |
| `prometheus.metrics.serviceMonitor.path` | HTTP path for scraping Prometheus metrics. | `/metrics` |
| `prometheus.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]` |
| `prometheus.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `30s` |
| `prometheus.metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. | `http` |
| `prometheus.metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` |
### Service

26
package-lock.json generated
View File

@@ -1078,9 +1078,9 @@
}
},
"node_modules/link-check": {
"version": "5.5.0",
"resolved": "https://registry.npmjs.org/link-check/-/link-check-5.5.0.tgz",
"integrity": "sha512-CpMk2zMfyEMdDvFG92wO5pU/2I/wbw72/9pvUFhU9cDKkwhmVlPuvxQJzd/jXA2iVOgNgPLnS5zyOLW7OzNpdA==",
"version": "5.4.0",
"resolved": "https://registry.npmjs.org/link-check/-/link-check-5.4.0.tgz",
"integrity": "sha512-0Pf4xBVUnwJdbDgpBlhHNmWDtbVjHTpIFs+JaBuIsC9PKRxjv4KMGCO2Gc8lkVnqMf9B/yaNY+9zmMlO5MyToQ==",
"dev": true,
"license": "ISC",
"dependencies": {
@@ -1137,16 +1137,16 @@
}
},
"node_modules/markdown-link-check": {
"version": "3.14.1",
"resolved": "https://registry.npmjs.org/markdown-link-check/-/markdown-link-check-3.14.1.tgz",
"integrity": "sha512-h1tihNL3kmOS3N7H4FyF4xKDxiHnNBNSgs/LWlDiRHlC8O0vfRX0LhDDvesRSs4HM7nS0F658glLxonaXBmuWw==",
"version": "3.13.7",
"resolved": "https://registry.npmjs.org/markdown-link-check/-/markdown-link-check-3.13.7.tgz",
"integrity": "sha512-Btn3HU8s2Uyh1ZfzmyZEkp64zp2+RAjwfQt1u4swq2Xa6w37OW0T2inQZrkSNVxDSa2jSN2YYhw/JkAp5jF1PQ==",
"dev": true,
"license": "ISC",
"dependencies": {
"async": "^3.2.6",
"chalk": "^5.3.0",
"commander": "^14.0.0",
"link-check": "^5.5.0",
"commander": "^13.1.0",
"link-check": "^5.4.0",
"markdown-link-extractor": "^4.0.2",
"needle": "^3.3.1",
"progress": "^2.0.3",
@@ -1157,16 +1157,6 @@
"markdown-link-check": "markdown-link-check"
}
},
"node_modules/markdown-link-check/node_modules/commander": {
"version": "14.0.1",
"resolved": "https://registry.npmjs.org/commander/-/commander-14.0.1.tgz",
"integrity": "sha512-2JkV3gUZUVrbNA+1sjBOYLsMZ5cEEl8GTFP2a4AVz5hvasAMCQ1D2l2le/cX+pV4N6ZU17zjUahLpIXRrnWL8A==",
"dev": true,
"license": "MIT",
"engines": {
"node": ">=20"
}
},
"node_modules/markdown-link-extractor": {
"version": "4.0.2",
"resolved": "https://registry.npmjs.org/markdown-link-extractor/-/markdown-link-extractor-4.0.2.tgz",

41
renovate.json
View File

@@ -9,7 +9,6 @@
],
"customManagers": [
{
"customType": "regex",
"fileMatch": [
"^Chart\\.yaml$"
],
@@ -22,10 +21,7 @@
"versioningTemplate": "semver"
},
{
"customType": "regex",
"fileMatch": [
"^README\\.md$"
],
"fileMatch": ["^README\\.md$"],
"matchStrings": [
"CHART_VERSION=(?<currentValue>.*)"
],
@@ -33,42 +29,9 @@
"packageNameTemplate": "https://git.cryptic.systems/volker.raschek/reposilite-charts",
"datasourceTemplate": "git-tags",
"versioningTemplate": "semver"
},
{
"customType": "regex",
"datasourceTemplate": "github-releases",
"fileMatch": [
".vscode/settings\\.json$"
],
"matchStrings": [
"https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json"
]
}
],
"packageRules": [
{
"groupName": "Update docker.io/volkerraschek/helm",
"matchDepNames": [
"docker.io/volkerraschek/helm",
"volkerraschek/helm"
]
},
{
"groupName": "Update helm plugin 'unittest'",
"matchDepNames": [
"helm-unittest/helm-unittest"
],
"matchDatasources": [
"github-releases"
]
},
{
"groupName": "Update docker.io/library/node",
"matchDepNames": [
"docker.io/library/node",
"library/node"
]
},
{
"addLabels": [
"renovate/automerge",
@@ -113,4 +76,4 @@
],
"executionMode": "update"
}
}
}

4
templates/_deployment.tpl
View File

@@ -27,8 +27,8 @@
{{- end }}
{{- if or (eq (include "reposilite.podMonitor.enabled" $ ) "true") (eq (include "reposilite.serviceMonitor.enabled" $ ) "true") -}}
{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_USER" "valueFrom" (dict "secretKeyRef" (dict "name" (include "reposilite.secrets.prometheusBasicAuth.name" $) "key" (include "reposilite.secrets.prometheusBasicAuth.usernameKey" $))))) }}
{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_PASSWORD" "valueFrom" (dict "secretKeyRef" (dict "name" (include "reposilite.secrets.prometheusBasicAuth.name" $) "key" (include "reposilite.secrets.prometheusBasicAuth.passwordKey" $))))) }}
{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_USER" "valueFrom" (dict "secretKeyRef" (dict "name" (include "reposilite.secrets.prometheusBasicAuth.name" $) "key" "username")))) }}
{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_PASSWORD" "valueFrom" (dict "secretKeyRef" (dict "name" (include "reposilite.secrets.prometheusBasicAuth.name" $) "key" "password")))) }}
{{- end }}
{{ toYaml (dict "env" $env) }}

2
templates/_pod.tpl
View File

@@ -4,7 +4,7 @@
{{- define "reposilite.pod.annotations" -}}
{{ include "reposilite.annotations" . }}
{{- if and .Values.prometheus.metrics.enabled (not .Values.prometheus.metrics.secret.existing.enabled) -}}
{{- if .Values.prometheus.metrics.enabled -}}
{{- printf "checksum/secret-%s: %s" (include "reposilite.secrets.prometheusBasicAuth.name" $) (include (print $.Template.BasePath "/secretPrometheusBasicAuth.yaml") . | sha256sum) }}
{{- end -}}
{{- end }}

38
templates/_secrets.tpl
View File

@@ -4,50 +4,16 @@
{{- define "reposilite.secrets.prometheusBasicAuth.annotations" -}}
{{ include "reposilite.annotations" . }}
{{- if .Values.prometheus.metrics.secret.new.annotations }}
{{ toYaml .Values.prometheus.metrics.secret.new.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "reposilite.secrets.prometheusBasicAuth.labels" -}}
{{ include "reposilite.labels" . }}
{{- if .Values.prometheus.metrics.secret.new.labels }}
{{ toYaml .Values.prometheus.metrics.secret.new.labels }}
{{- end }}
{{- end }}
{{/* names */}}
{{- define "reposilite.secrets.prometheusBasicAuth.name" -}}
{{- if and .Values.prometheus.metrics.secret.existing.enabled (gt (len .Values.prometheus.metrics.secret.existing.secretName) 0) }}
{{- print .Values.prometheus.metrics.secret.existing.secretName -}}
{{- else if and .Values.prometheus.metrics.secret.existing.enabled (eq (len .Values.prometheus.metrics.secret.existing.secretName) 0) }}
{{ fail "Name of the existing secret that contains the credentials for basic auth is not defined!" }}
{{- else if not .Values.prometheus.metrics.secret.existing.enabled }}
{{- printf "%s-basic-auth-credentials" (include "reposilite.fullname" $) -}}
{{- end }}
{{- end }}
{{/* secretKeyNames */}}
{{- define "reposilite.secrets.prometheusBasicAuth.passwordKey" -}}
{{- if and .Values.prometheus.metrics.secret.existing.enabled (gt (len .Values.prometheus.metrics.secret.existing.basicAuthPasswordKey) 0) -}}
{{- .Values.prometheus.metrics.secret.existing.basicAuthPasswordKey -}}
{{- else if and .Values.prometheus.metrics.secret.existing.enabled (eq (len .Values.prometheus.metrics.secret.existing.basicAuthPasswordKey) 0) }}
{{ fail "Name of the key in the secret that contains the password for basic auth is not defined!" }}
{{- else if and (not .Values.prometheus.metrics.secret.existing.enabled) }}
{{- print "password" -}}
{{- end }}
{{- end }}
{{- define "reposilite.secrets.prometheusBasicAuth.usernameKey" -}}
{{- if and .Values.prometheus.metrics.secret.existing.enabled (gt (len .Values.prometheus.metrics.secret.existing.basicAuthUsernameKey) 0) -}}
{{- .Values.prometheus.metrics.secret.existing.basicAuthUsernameKey -}}
{{- else if and .Values.prometheus.metrics.secret.existing.enabled (eq (len .Values.prometheus.metrics.secret.existing.basicAuthUsernameKey) 0) }}
{{ fail "Name of the key in the secret that contains the username for basic auth is not defined!" }}
{{- else if and (not .Values.prometheus.metrics.secret.existing.enabled) }}
{{- print "username" -}}
{{- end }}
{{- end }}
{{ include "reposilite.fullname" . }}-basic-auth-credentials
{{- end -}}

4
templates/podMonitor.yaml
View File

@@ -17,10 +17,10 @@ spec:
podMetricsEndpoints:
- basicAuth:
password:
key: {{ include "reposilite.secrets.prometheusBasicAuth.passwordKey" . }}
key: password
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
username:
key: {{ include "reposilite.secrets.prometheusBasicAuth.usernameKey" . }}
key: username
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
enableHttp2: {{ required "The enableHttp2 option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.enableHttp2 }}
followRedirects: {{ required "The followRedirects option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.followRedirects }}

6
templates/secretPrometheusBasicAuth.yaml
View File

@@ -1,4 +1,4 @@
{{- if and .Values.prometheus.metrics.enabled (not .Values.prometheus.metrics.secret.existing.enabled) }}
{{- if .Values.prometheus.metrics.enabled }}
---
apiVersion: v1
kind: Secret
@@ -14,6 +14,6 @@ metadata:
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
namespace: {{ .Release.Namespace }}
stringData:
password: {{ default (randAlphaNum 16) .Values.prometheus.metrics.secret.new.basicAuthPassword }}
username: {{ default (randAlphaNum 16) .Values.prometheus.metrics.secret.new.basicAuthUsername }}
password: {{ default (randAlphaNum 16) .Values.prometheus.metrics.basicAuthPassword }}
username: {{ default (randAlphaNum 16) .Values.prometheus.metrics.basicAuthUsername }}
{{- end }}

4
templates/serviceMonitor.yaml
View File

@@ -17,10 +17,10 @@ spec:
endpoints:
- basicAuth:
password:
key: {{ include "reposilite.secrets.prometheusBasicAuth.passwordKey" . }}
key: password
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
username:
key: {{ include "reposilite.secrets.prometheusBasicAuth.usernameKey" . }}
key: username
name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
enableHttp2: {{ required "The enableHttp2 option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.enableHttp2 }}
followRedirects: {{ required "The followRedirects option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.followRedirects }}

70
unittests/deployment/prometheusPodMonitor.yaml
View File

@@ -35,73 +35,3 @@ tests:
name: reposilite-unittest-basic-auth-credentials
key: username
template: templates/deployment.yaml
- it: Rendering default environment variables with enabled prometheus metrics serviceMonitor and external secret
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.basicAuthUsernameKey: my-username-key
prometheus.metrics.secret.existing.basicAuthPasswordKey: my-password-key
prometheus.metrics.secret.existing.secretName: my-secret
prometheus.metrics.podMonitor.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: REPOSILITE_PROMETHEUS_PASSWORD
valueFrom:
secretKeyRef:
name: my-secret
key: my-password-key
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: REPOSILITE_PROMETHEUS_USER
valueFrom:
secretKeyRef:
name: my-secret
key: my-username-key
template: templates/deployment.yaml
- it: Fail when existing secret name is undefined
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key"
prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key"
prometheus.metrics.secret.existing.secretName: ""
prometheus.metrics.podMonitor.enabled: true
asserts:
- failedTemplate:
errorMessage: "Name of the existing secret that contains the credentials for basic auth is not defined!"
template: templates/deployment.yaml
- it: Fail when the name of the key in the secret that contains the username for basic auth is undefined
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.basicAuthUsernameKey: ""
prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key"
prometheus.metrics.secret.existing.secretName: "my-secret"
prometheus.metrics.podMonitor.enabled: true
asserts:
- failedTemplate:
errorMessage: "Name of the key in the secret that contains the username for basic auth is not defined!"
template: templates/deployment.yaml
- it: Fail when the name of the key in the secret that contains the password for basic auth is undefined
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key"
prometheus.metrics.secret.existing.basicAuthPasswordKey: ""
prometheus.metrics.secret.existing.secretName: "my-secret"
prometheus.metrics.podMonitor.enabled: true
asserts:
- failedTemplate:
errorMessage: "Name of the key in the secret that contains the password for basic auth is not defined!"
template: templates/deployment.yaml

107
unittests/deployment/prometheusServiceMonitor.yaml
View File

@@ -1,107 +0,0 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Add prometheus basic auth variables
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/deployment.yaml
- templates/secretPrometheusBasicAuth.yaml
tests:
- it: Rendering default environment variables with enabled prometheus metrics serviceMonitor
set:
prometheus.metrics.enabled: true
prometheus.metrics.serviceMonitor.enabled: true
asserts:
- exists:
path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: REPOSILITE_PROMETHEUS_PASSWORD
valueFrom:
secretKeyRef:
name: reposilite-unittest-basic-auth-credentials
key: password
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: REPOSILITE_PROMETHEUS_USER
valueFrom:
secretKeyRef:
name: reposilite-unittest-basic-auth-credentials
key: username
template: templates/deployment.yaml
- it: Rendering default environment variables with enabled prometheus metrics serviceMonitor and external secret
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.basicAuthUsernameKey: my-username-key
prometheus.metrics.secret.existing.basicAuthPasswordKey: my-password-key
prometheus.metrics.secret.existing.secretName: my-secret
prometheus.metrics.serviceMonitor.enabled: true
asserts:
- notExists:
path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: REPOSILITE_PROMETHEUS_PASSWORD
valueFrom:
secretKeyRef:
name: my-secret
key: my-password-key
template: templates/deployment.yaml
- contains:
path: spec.template.spec.containers[0].env
content:
name: REPOSILITE_PROMETHEUS_USER
valueFrom:
secretKeyRef:
name: my-secret
key: my-username-key
template: templates/deployment.yaml
- it: Fail when existing secret name is undefined
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key"
prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key"
prometheus.metrics.secret.existing.secretName: ""
prometheus.metrics.serviceMonitor.enabled: true
asserts:
- failedTemplate:
errorMessage: "Name of the existing secret that contains the credentials for basic auth is not defined!"
template: templates/deployment.yaml
- it: Fail when the name of the key in the secret that contains the username for basic auth is undefined
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.basicAuthUsernameKey: ""
prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key"
prometheus.metrics.secret.existing.secretName: "my-secret"
prometheus.metrics.serviceMonitor.enabled: true
asserts:
- failedTemplate:
errorMessage: "Name of the key in the secret that contains the username for basic auth is not defined!"
template: templates/deployment.yaml
- it: Fail when the name of the key in the secret that contains the password for basic auth is undefined
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key"
prometheus.metrics.secret.existing.basicAuthPasswordKey: ""
prometheus.metrics.secret.existing.secretName: "my-secret"
prometheus.metrics.serviceMonitor.enabled: true
asserts:
- failedTemplate:
errorMessage: "Name of the key in the secret that contains the password for basic auth is not defined!"
template: templates/deployment.yaml

78
unittests/secrets/basicAuth.yaml
View File

@@ -1,78 +0,0 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Secret reposilite template
release:
name: reposilite-unittest
namespace: testing
templates:
- templates/secretPrometheusBasicAuth.yaml
tests:
- it: Skip rendering
asserts:
- hasDocuments:
count: 0
- it: Rendering secret with default values.
set:
prometheus.metrics.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Secret
name: reposilite-unittest-basic-auth-credentials
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: reposilite-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: reposilite
app.kubernetes.io/version: 0.1.0
helm.sh/chart: reposilite-0.1.0
- exists:
path: stringData.password
- exists:
path: stringData.username
- it: Rendering secret with custom values.
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.new.basicAuthPassword: foo
prometheus.metrics.secret.new.basicAuthUsername: bar
prometheus.metrics.secret.new.annotations:
foo: bar
prometheus.metrics.secret.new.labels:
bar: foo
asserts:
- hasDocuments:
count: 1
- exists:
path: metadata.annotations
value:
foo: bar
- exists:
path: metadata.labels
value:
bar: foo
- equal:
path: metadata.name
value: reposilite-unittest-basic-auth-credentials
- equal:
path: stringData.password
value: foo
- equal:
path: stringData.username
value: bar
- it: Skip rendering if existing secret is used
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
asserts:
- hasDocuments:
count: 0

13
unittests/serviceMonitors/serviceMonitor.yaml
View File

@@ -129,10 +129,6 @@ tests:
- it: Change defaults
set:
prometheus.metrics.enabled: true
prometheus.metrics.secret.existing.enabled: true
prometheus.metrics.secret.existing.secretName: "my-secret"
prometheus.metrics.secret.existing.basicAuthUsernameKey: "my-username-key"
prometheus.metrics.secret.existing.basicAuthPasswordKey: "my-password-key"
prometheus.metrics.serviceMonitor.enabled: true
prometheus.metrics.serviceMonitor.enableHttp2: false
prometheus.metrics.serviceMonitor.followRedirects: true
@@ -151,15 +147,6 @@ tests:
asserts:
- hasDocuments:
count: 1
- isSubset:
path: spec.endpoints[0].basicAuth
content:
password:
key: my-password-key
name: my-secret
username:
key: my-username-key
name: my-secret
- equal:
path: spec.endpoints[0].enableHttp2
value: false

29
values.yaml
View File

@@ -175,7 +175,7 @@ deployment:
image:
registry: docker.io
repository: curlimages/curl
tag: "8.16.0"
tag: "8.15.0"
pullPolicy: IfNotPresent
## @param deployment.priorityClassName PriorityClassName of the Reposilite deployment.
@@ -396,30 +396,13 @@ persistentVolumeClaim:
## @section Prometheus
prometheus:
## @param prometheus.metrics.enabled Enable of scraping metrics by Prometheus.
## @param prometheus.metrics.basicAuthUsername Username for basic auth. The username and password is required by reposilite to expose metrics. Default: random alpha numeric string.
## @param prometheus.metrics.basicAuthPassword Password for basic auth. The username and password is required by reposilite to expose metrics. Default random alpha numeric string.
metrics:
## @param prometheus.metrics.enabled Enable of scraping metrics by Prometheus.
enabled: false
secret:
## @param prometheus.metrics.secret.existing.enabled Use an existing secret containing the basic auth credentials.
## @param prometheus.metrics.secret.existing.secretName Name of the secret containing the basic auth credentials.
## @param prometheus.metrics.secret.existing.basicAuthUsernameKey Name of the key in the secret that contains the username for basic auth.
## @param prometheus.metrics.secret.existing.basicAuthPasswordKey Name of the key in the secret that contains the password for basic auth.
existing:
enabled: false
secretName: ""
basicAuthUsernameKey: ""
basicAuthPasswordKey: ""
## @param prometheus.metrics.secret.new.annotations Additional secret annotations.
## @param prometheus.metrics.secret.new.labels Additional secret labels.
## @param prometheus.metrics.secret.new.basicAuthUsername Username for basic auth. The username and password is required by reposilite to expose metrics. Default: random alpha numeric string.
## @param prometheus.metrics.secret.new.basicAuthPassword Password for basic auth. The username and password is required by reposilite to expose metrics. Default random alpha numeric string.
new:
annotations: {}
labels: {}
basicAuthUsername: ""
basicAuthPassword: ""
basicAuthUsername: ""
basicAuthPassword: ""
## @param prometheus.metrics.podMonitor.enabled Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource.
## @param prometheus.metrics.podMonitor.annotations Additional podMonitor annotations.