Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/volker-raschek/athens-proxy-charts

[MIRROR]: Helm chart of athens-proxy
https://github.com/volker-raschek/athens-proxy-charts

athens-proxy chart golang helm kubernetes

Last synced: about 2 months ago
JSON representation

[MIRROR]: Helm chart of athens-proxy

Awesome Lists containing this project

README 

        
# athens-proxy-charts



[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/athens-proxy-charts/status.svg)](https://drone.cryptic.systems/volker.raschek/athens-proxy-charts)

[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek)



This is an inofficial helm chart of the go-proxy

[athens](https://github.com/gomods/athens) which supports more complex

configuration options.



This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and

can be installed via helm.



```bash

helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek

helm install athens-proxy volker.raschek/athens-proxy

```



## Customization



The complete deployment can be adapted via the `values.yaml` files. The

configuration of the proxy can be done via the environment variables described

below or via mounting the config.toml as additional persistent volume to

`/config/config.toml`



## Access private repositories via SSH



Create a `configmap.yaml` with multiple keys. One key describe the content of

the `.gitconfig` file and another of `config` of the ssh client. All requests

git clone comands with the prefix `http://github.com/` will be replaced by

`[email protected]:` to use SSH instead of HTTPS. The SSH keys are stored in a

separate secret.



```yaml

apiVersion: v1

kind: ConfigMap

metadata:

  name: custom-configs

data:

  sshconfig: |

    Host github.com

      IdentityFile /root/.ssh/id_ed25519

      StrictHostKeyChecking no

  gitconfig: |

    [url "[email protected]:"]

      insteadOf = https://github.com/

```



The secret definition below contains the SSH private and public key.



```yaml

apiVersion: v1

kind: Secret

metadata:

  name: custom-ssh-keys

type: Opaque

stringData:

  id_ed25519: |

    -----BEGIN OPENSSH PRIVATE KEY-----

    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW

    QyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHgAAAJgwWWNdMFlj

    XQAAAAtzc2gtZWQyNTUxOQAAACCpf/10TWlksg6/5mZF067fTGvW71I5QVJEp/nyC8hVHg

    AAAEDzTPitanzgl6iThoFCx8AXwsGLS5Q+3+K66ZOmN0p6+6l//XRNaWSyDr/mZkXTrt9M

    a9bvUjlBUkSn+fILyFUeAAAAEG1hcmt1c0BtYXJrdXMtcGMBAgMEBQ==

    -----END OPENSSH PRIVATE KEY-----

  id_ed25519.pub: |

    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl//XRNaWSyDr/mZkXTrt9Ma9bvUjlBUkSn+fILyFUe

```



The item `config` of the configmap will be merged with the items of the secret

as virtual volume. This volume can than be mounted with special permissions

required for the ssh client.



```yaml

extraVolumes:

- name: ssh

  projected:

    defaultMode: 0644

    sources:

    - configMap:

        name: custom-configs

        items:

        - key: sshconfig

          path: config

    - secret:

        name: custom-ssh-keys

        items:

        - key: id_ed25519

          path: id_ed25519

          mode: 0600

        - key: id_ed25519.pub

          path: id_ed25519.pub

- name: gitconfig

  configMap:

    name: custom-configs

    items:

    - key: gitconfig

      path: config

      mode: 0644



extraVolumeMounts:

- name: ssh

  mountPath: /root/.ssh

- name: gitconfig

  mountPath: /root/.config/git

```



## Access private github.com repositories via developer token



Another way to access private github repositories is via a github token, which

can be set via the environment variable `GITHUB_TOKEN`. Athens automatically

creates a `.netrc` file to access private github repositories.



## Access private repositories via .netrc configuration



As describe above, a `.netrc` file is responsible for the authentication via

HTTP. The file can also be defined via a custom secret and mounted into the home

directory of `root` for general authentication purpose.



The example below describe the definition and mounting of a custom `.netrc` file

to access private repositories hosted on github and gitlab.



```yaml

apiVersion: v1

kind: Secret

metadata:

  name: custom-netrc

type: Opaque

stringData:

  netrc: |

    machine github.com login USERNAME password API-KEY

    machine gitlab.com login USERNAME password API-KEY

```



The file must then be mounted via extraVolumes and extraVolumeMounts.



```yaml

extraVolumes:

- name: netrc

  secret:

    secretName: custom-netrc

    items:

    - key: netrc

      path: .netrc

      mode: 0600



extraVolumeMounts:

- name: netrc

  mountPath: /root

```



## Persistent storage



Unlike the athens default, the default here is `disk` - i.e. the files are

written to the container. Therefore, it is advisable to outsource the

corresponding storage location to persistent storage. The following example

describes the integration of a persistent storage claim.



```yaml

extraVolumes:

- name: gomodules

  persistentVolumeClaim:

    claimName: custom-gomodules-pvc



extraVolumeMounts:

- name: gomodules

  mountPath: /var/lib/athens

```