[chart] add upstream proxy support, bump athens version (#1161)

* [chart] add upstream proxy support, bump athens version

* update chart readme and kubernetes install docs

charts/athens-proxy/Chart.yaml

@@ -1,6 +1,6 @@
 name: athens-proxy
-version: 0.2.0
-appVersion: 0.2.0
+version: 0.2.1
+appVersion: 0.3.1
 description: The proxy server for Go modules
 icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png
 keywords:

charts/athens-proxy/README.md

@@ -0,0 +1,48 @@
+# Athens Proxy Helm Chart
+
+## What is Athens?
+
+[Athens](https://docs.gomods.io) is a repository for packages used by your go packages.
+
+Athens provides a repository for [Go Modules](https://github.com/golang/go/wiki/Modules) that you can run. It serves public code and your private code for you, so you don't have to pull directly from a version control system (VCS) like GitHub or GitLab.
+
+## Prerequisites
+
+* Kubernetes 1.10+
+
+## Requirements
+
+- A running Kubernetes cluster
+- [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) installed and setup to use the cluster
+- [Helm](https://helm.sh/) [installed](https://github.com/helm/helm#install) and setup to use the cluster (helm init) or [Tillerless Helm](https://github.com/rimusz/helm-tiller)
+
+## Deploy Athens
+
+The fastest way to install Athens using Helm is to deploy it from our public Helm chart repository. First, add the repository with this command:
+
+```console
+$ helm repo add gomods https://athens.blob.core.windows.net/charts
+$ helm repo update
+```
+
+Next, install the chart with default values to `athens` namespace:  
+
+```
+$ helm install gomods/athens-proxy -n athens --namespace athens
+```
+
+This will deploy a single Athens instance in the `athens` namespace with `disk` storage enabled. Additionally, a `ClusterIP` service will be created.
+
+
+## Advanced Configuration
+
+For more advanced configuration options please check Athens [docs](https://docs.gomods.io/install/install-on-kubernetes/#advanced-configuration).
+
+Available options:
+- [Replicas](https://docs.gomods.io/install/install-on-kubernetes/#replicas)
+- [Access to private repositories via Github](https://docs.gomods.io/install/install-on-kubernetes/#give-athens-access-to-private-repositories-via-github-token-optional)
+- [Storage Providers](https://docs.gomods.io/install/install-on-kubernetes/#storage-providers)
+- [Kubernetes Service](https://docs.gomods.io/install/install-on-kubernetes/#kubernetes-service)
+- [Ingress Resource](https://docs.gomods.io/install/install-on-kubernetes/#ingress-resource)
+- [Upstream module repository](https://docs.gomods.io/install/install-on-kubernetes/#upstream-module-repository)
+- [.netrc file support](https://docs.gomods.io/install/install-on-kubernetes/#netrc-file-support)

charts/athens-proxy/templates/_helpers.tpl

@@ -2,9 +2,6 @@
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
-{{- define "livenessPath" -}}
-{{- if eq .Values.image.tag "v0.3.0" -}}/{{- else -}}/healthz{{- end -}}
-{{- end -}}
 {{- define "readinessPath" -}}
-{{- if eq .Values.image.tag "v0.3.0" -}}/{{- else -}}/readyz{{- end -}}
+{{- if contains "v0.2.0" .Values.image.tag -}}/{{- else -}}/readyz{{- end -}}
 {{- end -}}

charts/athens-proxy/templates/config-upstream.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.upstreamProxy.enabled -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "fullname" . }}-upstream
+  labels:
+    app: {{ template "fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+data:
+  FilterForUpstreamProxy: |-
+    # FilterFile for fetching modules directly from upstream proxy
+    D
+{{- end -}}

charts/athens-proxy/templates/deployment.yaml

@@ -8,14 +8,20 @@ metadata:
     release: "{{ .Release.Name }}"
     heritage: "{{ .Release.Service }}"
 spec:
-  
   replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "fullname" . }}
+      chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+      release: "{{ .Release.Name }}"
   template:
     metadata:
       labels:
         app: {{ template "fullname" . }}
         chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
         release: "{{ .Release.Name }}"
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/config-upstream.yaml") . | sha256sum }}
     spec:
       containers:
       - name: {{ template "fullname" . }}
@@ -23,7 +29,7 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
         livenessProbe:
           httpGet:
-            path: "{{ template "livenessPath" . }}"
+            path: "/healthz"
             port: 3000
         readinessProbe:
           httpGet:
@@ -43,6 +49,12 @@ spec:
         - name: ATHENS_NETRC_PATH
           value: "/etc/netrc/netrc"
         {{- end }}
+        {{- if .Values.upstreamProxy.enabled }}
+        - name: ATHENS_FILTER_FILE
+          value: "/usr/local/lib/FilterForUpstreamProxy"
+        - name: ATHENS_GLOBAL_ENDPOINT
+          value: {{ .Values.upstreamProxy.url | quote }}
+        {{- end }}
         {{- if .Values.jaeger.enabled }}
         - name: ATHENS_TRACE_EXPORTER_URL
           value: {{ .Values.jaeger.url | quote }}
@@ -56,6 +68,11 @@ spec:
         - name: storage-volume
           mountPath: {{ .Values.storage.disk.storageRoot | quote }}
         {{- end }}
+        {{- if .Values.upstreamProxy.enabled}}
+        - name: upstream-config
+          mountPath: "/usr/local/lib"
+          readOnly: true
+        {{- end }}
         {{- if .Values.netrc.enabled}}
         - name: netrc
           mountPath: "/etc/netrc"
@@ -69,8 +86,25 @@ spec:
       {{- else }}
         emptyDir: {}
       {{- end }}
+      {{- if .Values.upstreamProxy.enabled }}
+      - name: upstream-config
+        configMap:
+          name: {{ template "fullname" . }}-upstream
+      {{- end }}
       {{- if .Values.netrc.enabled }}
       - name: netrc
         secret:
-          secretName: netrcsecret
+          secretName: {{ .Values.netrc.existingSecret }}
       {{- end }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}

charts/athens-proxy/templates/jaeger-deploy.yaml

@@ -10,6 +10,11 @@ metadata:
     heritage: "{{ .Release.Service }}"
 spec:
   replicas: 1
+  selector:
+    matchLabels:
+      app: {{ template "fullname" . }}-jaeger
+      chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+      release: "{{ .Release.Name }}"
   template:
     metadata:
       labels:

charts/athens-proxy/templates/jaeger-svc.yaml

@@ -10,8 +10,6 @@ metadata:
     heritage: "{{ .Release.Service }}"
 spec:
   type: {{ .Values.jaeger.type }}
-  selector:
-    app: {{ template "fullname" . }}-jaeger
   ports:
     - name: jaeger-collector-http
       port: 14268
@@ -37,4 +35,8 @@ spec:
       port: 16686
       protocol: TCP
       targetPort: 16686
+  selector:
+    app: {{ template "fullname" . }}-jaeger
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
 {{- end -}}

charts/athens-proxy/templates/service.yaml

@@ -9,8 +9,6 @@ metadata:
     heritage: "{{ .Release.Service }}"
 spec:
   type: {{ .Values.service.type }}
-  selector:
-    app: {{ template "fullname" . }}
   ports:
   - name: http
     port: {{ .Values.service.servicePort }}
@@ -19,3 +17,7 @@ spec:
     {{- if eq .Values.service.type "NodePort" }}
     nodePort: {{ .Values.service.nodePort.port }}
     {{- end }}
+  selector:
+    app: {{ template "fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"

charts/athens-proxy/values.yaml

@@ -2,12 +2,13 @@ replicaCount: 1
 image:
   registry: docker.io
   repository: gomods/athens
-  tag: v0.3.0
+  tag: v0.3.1
+
   ## Specify a imagePullPolicy
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
   ##
-  pullPolicy: Always
+  pullPolicy: IfNotPresent
 
 service:
   ## Port as exposed by the service
@@ -47,6 +48,14 @@ storage:
 netrc:
   # if enabled, it expects to find the content of a valid .netrc file imported as a secret named netrcsecret
   enabled: false
+  existingSecret: netrcsecret
+
+upstreamProxy:
+  # This is where you can set the URL for the upstream module repository.
+  # If 'enabled' is set to true, Athens will try to download modules from the upstream when it doesn't find them in its own storage.
+  # You can use 'https://gocenter.io' to use JFrog's GoCenter as an upstream here, or you can also use another Athens server as well.
+  enabled: false
+  url: "https://upstreamproxy_url"
 
 jaeger:
   ## Type of service; valid values are "ClusterIP", "LoadBalancer", and "NodePort".
@@ -58,3 +67,9 @@ jaeger:
   # you must set this on the command line when you run 'helm install'
   # for example, you need to run 'helm install --set jaeger.url=myurl ...'
   url: "SET THIS ON THE COMMAND LINE"
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

docs/content/install/install-on-kubernetes.md

@@ -83,19 +83,35 @@ The fastest way to install Athens using Helm is to deploy it from our public Hel
 
 ```console
 $ helm repo add gomods https://athens.blob.core.windows.net/charts
+$ helm repo update
 ```
 
-Next, install the chart using no arguments.  
+Next, install the chart with default values to `athens` namespace:  
 
 ```
-$ helm install gomods/athens-proxy -n athens
+$ helm install gomods/athens-proxy -n athens --namespace athens
 ```
 
 This will deploy a single Athens instance in the `default` namespace with `disk` storage enabled. Additionally, a `ClusterIP` service will be created.
 
+By default, the chart will install Athens with a replica count of 1. To change this, change the `replicaCount` value:
+
+```console
+helm install gomods/athens-proxy -n athens --namespace athens --set replicaCount=3
+```
+
 ## Advanced Configuration
 
+### Replicas
+
+By default, the chart will install Athens with a replica count of 1. To change this, change the `replicaCount` value:
+
+```console
+helm install gomods/athens-proxy -n athens --namespace athens --set replicaCount=3
+```
+
 ### Give Athens access to private repositories via Github Token (Optional)
+
 1. Create a token at https://github.com/settings/tokens
 2. Provide the token to the Athens proxy either through the [config.toml](https://github.com/gomods/athens/blob/master/config.dev.toml) file (the `GithubToken` field) or by setting the `ATHENS_GITHUB_TOKEN` environment variable.
 
@@ -115,6 +131,12 @@ persistence:
   storageClass:
 ```
 
+Add it to `override-values.yaml` file and run:
+
+```console
+helm install gomods/athens-proxy -n athens --namespace athens -f override-values.yaml
+```
+
 `enabled` is used to turn on the PVC feature of the chart, while the other values relate directly to the values defined in the PersistentVolumeClaim documentation.
 
 #### Mongo DB Configuration
@@ -122,7 +144,7 @@ persistence:
 To use the Mongo DB storage provider, you will first need a MongoDB instance. Once you have deployed MongoDB, you can configure Athens using the connection string via `storage.mongo.url`. You will also need to set `storage.type` to "mongo".
 
 ```
-helm install ./charts/proxy -n athens --set storage.type=mongo --set storage.mongo.url=<some-mongodb-connection-string>
+helm install gomods/athens-proxy -n athens --namespace athens --set storage.type=mongo --set storage.mongo.url=<some-mongodb-connection-string>
 ```
 
 ### Kubernetes Service
@@ -130,7 +152,7 @@ helm install ./charts/proxy -n athens --set storage.type=mongo --set storage.mon
 By default, a Kubernetes `ClusterIP` service is created for the Athens proxy. "ClusterIP" is sufficient in the case when the Athens proxy will be used from within the cluster. To expose Athens outside of the cluster, consider using a "NodePort" or "LoadBalancer" service. This can be changed by setting the `service.type` value when installing the chart. For example, to deploy Athens using a NodePort service, the following command could be used:
 
 ```console
-helm install ./charts/proxy -n athens --set service.type=NodePort
+helm install gomods/athens-proxy -n athens --namespace athens --set service.type=NodePort
 ```
 
 ### Ingress Resource
@@ -138,28 +160,53 @@ helm install ./charts/proxy -n athens --set service.type=NodePort
 The chart can optionally create a Kubernetes [Ingress Resource](https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource) for you as well. To enable this feature, set the `ingress.enabled` resource to true. 
 
 ```console
-helm install ./charts/proxy -n athens --set ingress.enabled=true
+helm install gomods/athens-proxy -n athens --namespace athens --set ingress.enabled=true
 ```
 
 Further configuration values are available in the `values.yaml` file:
 
 ```yaml
 ingress:
-  enabled: false
-  # provie key/value annotations
+  enabled: true
   annotations:
-  # Provide an array of values for the ingress host mapping
-  hosts:
-  # Provide a base64 encoded cert for TLS use 
-  tls: 
+    certmanager.k8s.io/cluster-issuer: "letsencrypt-prod"
+    kubernetes.io/tls-acme: "true"
+    ingress.kubernetes.io/force-ssl-redirect: "true"
+    kubernetes.io/ingress.class: nginx
+  hosts: 
+    - athens.mydomain.com
+  tls:
+    - secretName: athens.mydomain.com
+      hosts:
+        - "athens.mydomain.com
 ```
 
-### Replicas
+Example above sets automatic creation/retrieval of TLS certificates from [Let's Encrypt](https://letsencrypt.org/) with [cert-manager](https://hub.helm.sh/charts/jetstack/cert-manager) and uses [nginx-ingress controller](https://hub.helm.sh/charts/stable/nginx-ingress) to expose Athens externally to internet.
 
-By default, the chart will install Athens with a replica count of 1. To change this, change the `replicaCount` value:
+Add it to `override-values.yaml` file and run:
 
 ```console
-helm install ./charts/proxy -n athens --set replicaCount=3
+helm install gomods/athens-proxy -n athens --namespace athens -f override-values.yaml
+```
+
+### Upstream module repository
+
+You can set the `URL` for the [upstream module repository](https://docs.gomods.io/configuration/upstream/) then Athens will try to download modules from the upstream when it doesn't find them in its own storage.
+
+You can use `https://gocenter.io` to use JFrog's GoCenter as an upstream here, or you can also use another Athens server as well.
+
+The example below shows you how to set GoCenter up as upstream module repository:
+
+```yaml
+upstreamProxy:
+  enabled: true
+  url: "https://gocenter.io"
+```
+
+Add it to `override-values.yaml` file and run:
+
+```console
+helm install gomods/athens-proxy -n athens --namespace athens -f override-values.yaml
 ```
 
 ### .netrc file support
@@ -174,5 +221,5 @@ kubectl create secret generic netrcsecret --from-file=./netrc
 In order to instruct athens to fetch and use the secret, `netrc.enabled` flag must be set to true:
 
 ```console
-helm install ./charts/proxy -n athens --set netrc.enabled=true
+helm install gomods/athens-proxy -n athens --namespace athens --set netrc.enabled=true
 ```