From f14707e5e560dcbafd49e47299585414cda0dd7b Mon Sep 17 00:00:00 2001 From: Rimas Mocevicius Date: Fri, 5 Apr 2019 23:58:57 +0300 Subject: [PATCH] [chart] add upstream proxy support, bump athens version (#1161) * [chart] add upstream proxy support, bump athens version * update chart readme and kubernetes install docs --- charts/athens-proxy/Chart.yaml | 4 +- charts/athens-proxy/README.md | 48 ++++++++++++ charts/athens-proxy/templates/_helpers.tpl | 5 +- .../templates/config-upstream.yaml | 15 ++++ charts/athens-proxy/templates/deployment.yaml | 40 +++++++++- .../athens-proxy/templates/jaeger-deploy.yaml | 5 ++ charts/athens-proxy/templates/jaeger-svc.yaml | 6 +- charts/athens-proxy/templates/service.yaml | 6 +- charts/athens-proxy/values.yaml | 19 ++++- docs/content/install/install-on-kubernetes.md | 77 +++++++++++++++---- 10 files changed, 195 insertions(+), 30 deletions(-) create mode 100644 charts/athens-proxy/README.md create mode 100644 charts/athens-proxy/templates/config-upstream.yaml diff --git a/charts/athens-proxy/Chart.yaml b/charts/athens-proxy/Chart.yaml index e2638acf..f82be4d0 100644 --- a/charts/athens-proxy/Chart.yaml +++ b/charts/athens-proxy/Chart.yaml @@ -1,6 +1,6 @@ name: athens-proxy -version: 0.2.0 -appVersion: 0.2.0 +version: 0.2.1 +appVersion: 0.3.1 description: The proxy server for Go modules icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png keywords: diff --git a/charts/athens-proxy/README.md b/charts/athens-proxy/README.md new file mode 100644 index 00000000..fd25f8b0 --- /dev/null +++ b/charts/athens-proxy/README.md @@ -0,0 +1,48 @@ +# Athens Proxy Helm Chart + +## What is Athens? + +[Athens](https://docs.gomods.io) is a repository for packages used by your go packages. + +Athens provides a repository for [Go Modules](https://github.com/golang/go/wiki/Modules) that you can run. It serves public code and your private code for you, so you don't have to pull directly from a version control system (VCS) like GitHub or GitLab. + +## Prerequisites + +* Kubernetes 1.10+ + +## Requirements + +- A running Kubernetes cluster +- [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) installed and setup to use the cluster +- [Helm](https://helm.sh/) [installed](https://github.com/helm/helm#install) and setup to use the cluster (helm init) or [Tillerless Helm](https://github.com/rimusz/helm-tiller) + +## Deploy Athens + +The fastest way to install Athens using Helm is to deploy it from our public Helm chart repository. First, add the repository with this command: + +```console +$ helm repo add gomods https://athens.blob.core.windows.net/charts +$ helm repo update +``` + +Next, install the chart with default values to `athens` namespace: + +``` +$ helm install gomods/athens-proxy -n athens --namespace athens +``` + +This will deploy a single Athens instance in the `athens` namespace with `disk` storage enabled. Additionally, a `ClusterIP` service will be created. + + +## Advanced Configuration + +For more advanced configuration options please check Athens [docs](https://docs.gomods.io/install/install-on-kubernetes/#advanced-configuration). + +Available options: +- [Replicas](https://docs.gomods.io/install/install-on-kubernetes/#replicas) +- [Access to private repositories via Github](https://docs.gomods.io/install/install-on-kubernetes/#give-athens-access-to-private-repositories-via-github-token-optional) +- [Storage Providers](https://docs.gomods.io/install/install-on-kubernetes/#storage-providers) +- [Kubernetes Service](https://docs.gomods.io/install/install-on-kubernetes/#kubernetes-service) +- [Ingress Resource](https://docs.gomods.io/install/install-on-kubernetes/#ingress-resource) +- [Upstream module repository](https://docs.gomods.io/install/install-on-kubernetes/#upstream-module-repository) +- [.netrc file support](https://docs.gomods.io/install/install-on-kubernetes/#netrc-file-support) diff --git a/charts/athens-proxy/templates/_helpers.tpl b/charts/athens-proxy/templates/_helpers.tpl index ec6c6517..bb3450b3 100644 --- a/charts/athens-proxy/templates/_helpers.tpl +++ b/charts/athens-proxy/templates/_helpers.tpl @@ -2,9 +2,6 @@ {{- $name := default .Chart.Name .Values.nameOverride -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} -{{- define "livenessPath" -}} -{{- if eq .Values.image.tag "v0.3.0" -}}/{{- else -}}/healthz{{- end -}} -{{- end -}} {{- define "readinessPath" -}} -{{- if eq .Values.image.tag "v0.3.0" -}}/{{- else -}}/readyz{{- end -}} +{{- if contains "v0.2.0" .Values.image.tag -}}/{{- else -}}/readyz{{- end -}} {{- end -}} diff --git a/charts/athens-proxy/templates/config-upstream.yaml b/charts/athens-proxy/templates/config-upstream.yaml new file mode 100644 index 00000000..ccce0684 --- /dev/null +++ b/charts/athens-proxy/templates/config-upstream.yaml @@ -0,0 +1,15 @@ +{{- if .Values.upstreamProxy.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }}-upstream + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + FilterForUpstreamProxy: |- + # FilterFile for fetching modules directly from upstream proxy + D +{{- end -}} diff --git a/charts/athens-proxy/templates/deployment.yaml b/charts/athens-proxy/templates/deployment.yaml index e8ba7170..79832869 100644 --- a/charts/athens-proxy/templates/deployment.yaml +++ b/charts/athens-proxy/templates/deployment.yaml @@ -8,14 +8,20 @@ metadata: release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" spec: - replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" template: metadata: labels: app: {{ template "fullname" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ .Release.Name }}" + annotations: + checksum/config: {{ include (print $.Template.BasePath "/config-upstream.yaml") . | sha256sum }} spec: containers: - name: {{ template "fullname" . }} @@ -23,7 +29,7 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy | quote }} livenessProbe: httpGet: - path: "{{ template "livenessPath" . }}" + path: "/healthz" port: 3000 readinessProbe: httpGet: @@ -43,6 +49,12 @@ spec: - name: ATHENS_NETRC_PATH value: "/etc/netrc/netrc" {{- end }} + {{- if .Values.upstreamProxy.enabled }} + - name: ATHENS_FILTER_FILE + value: "/usr/local/lib/FilterForUpstreamProxy" + - name: ATHENS_GLOBAL_ENDPOINT + value: {{ .Values.upstreamProxy.url | quote }} + {{- end }} {{- if .Values.jaeger.enabled }} - name: ATHENS_TRACE_EXPORTER_URL value: {{ .Values.jaeger.url | quote }} @@ -56,6 +68,11 @@ spec: - name: storage-volume mountPath: {{ .Values.storage.disk.storageRoot | quote }} {{- end }} + {{- if .Values.upstreamProxy.enabled}} + - name: upstream-config + mountPath: "/usr/local/lib" + readOnly: true + {{- end }} {{- if .Values.netrc.enabled}} - name: netrc mountPath: "/etc/netrc" @@ -69,8 +86,25 @@ spec: {{- else }} emptyDir: {} {{- end }} + {{- if .Values.upstreamProxy.enabled }} + - name: upstream-config + configMap: + name: {{ template "fullname" . }}-upstream + {{- end }} {{- if .Values.netrc.enabled }} - name: netrc secret: - secretName: netrcsecret + secretName: {{ .Values.netrc.existingSecret }} {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/charts/athens-proxy/templates/jaeger-deploy.yaml b/charts/athens-proxy/templates/jaeger-deploy.yaml index 913ce1d0..838694f9 100644 --- a/charts/athens-proxy/templates/jaeger-deploy.yaml +++ b/charts/athens-proxy/templates/jaeger-deploy.yaml @@ -10,6 +10,11 @@ metadata: heritage: "{{ .Release.Service }}" spec: replicas: 1 + selector: + matchLabels: + app: {{ template "fullname" . }}-jaeger + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" template: metadata: labels: diff --git a/charts/athens-proxy/templates/jaeger-svc.yaml b/charts/athens-proxy/templates/jaeger-svc.yaml index edee3f16..a64fdb67 100644 --- a/charts/athens-proxy/templates/jaeger-svc.yaml +++ b/charts/athens-proxy/templates/jaeger-svc.yaml @@ -10,8 +10,6 @@ metadata: heritage: "{{ .Release.Service }}" spec: type: {{ .Values.jaeger.type }} - selector: - app: {{ template "fullname" . }}-jaeger ports: - name: jaeger-collector-http port: 14268 @@ -37,4 +35,8 @@ spec: port: 16686 protocol: TCP targetPort: 16686 + selector: + app: {{ template "fullname" . }}-jaeger + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" {{- end -}} diff --git a/charts/athens-proxy/templates/service.yaml b/charts/athens-proxy/templates/service.yaml index 5487fb0f..e2420e1e 100644 --- a/charts/athens-proxy/templates/service.yaml +++ b/charts/athens-proxy/templates/service.yaml @@ -9,8 +9,6 @@ metadata: heritage: "{{ .Release.Service }}" spec: type: {{ .Values.service.type }} - selector: - app: {{ template "fullname" . }} ports: - name: http port: {{ .Values.service.servicePort }} @@ -19,3 +17,7 @@ spec: {{- if eq .Values.service.type "NodePort" }} nodePort: {{ .Values.service.nodePort.port }} {{- end }} + selector: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" diff --git a/charts/athens-proxy/values.yaml b/charts/athens-proxy/values.yaml index 7711ff0a..03ab4851 100644 --- a/charts/athens-proxy/values.yaml +++ b/charts/athens-proxy/values.yaml @@ -2,12 +2,13 @@ replicaCount: 1 image: registry: docker.io repository: gomods/athens - tag: v0.3.0 + tag: v0.3.1 + ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## - pullPolicy: Always + pullPolicy: IfNotPresent service: ## Port as exposed by the service @@ -47,6 +48,14 @@ storage: netrc: # if enabled, it expects to find the content of a valid .netrc file imported as a secret named netrcsecret enabled: false + existingSecret: netrcsecret + +upstreamProxy: + # This is where you can set the URL for the upstream module repository. + # If 'enabled' is set to true, Athens will try to download modules from the upstream when it doesn't find them in its own storage. + # You can use 'https://gocenter.io' to use JFrog's GoCenter as an upstream here, or you can also use another Athens server as well. + enabled: false + url: "https://upstreamproxy_url" jaeger: ## Type of service; valid values are "ClusterIP", "LoadBalancer", and "NodePort". @@ -58,3 +67,9 @@ jaeger: # you must set this on the command line when you run 'helm install' # for example, you need to run 'helm install --set jaeger.url=myurl ...' url: "SET THIS ON THE COMMAND LINE" + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/docs/content/install/install-on-kubernetes.md b/docs/content/install/install-on-kubernetes.md index 1327a945..9e0f4aec 100644 --- a/docs/content/install/install-on-kubernetes.md +++ b/docs/content/install/install-on-kubernetes.md @@ -83,19 +83,35 @@ The fastest way to install Athens using Helm is to deploy it from our public Hel ```console $ helm repo add gomods https://athens.blob.core.windows.net/charts +$ helm repo update ``` -Next, install the chart using no arguments. +Next, install the chart with default values to `athens` namespace: ``` -$ helm install gomods/athens-proxy -n athens +$ helm install gomods/athens-proxy -n athens --namespace athens ``` This will deploy a single Athens instance in the `default` namespace with `disk` storage enabled. Additionally, a `ClusterIP` service will be created. +By default, the chart will install Athens with a replica count of 1. To change this, change the `replicaCount` value: + +```console +helm install gomods/athens-proxy -n athens --namespace athens --set replicaCount=3 +``` + ## Advanced Configuration +### Replicas + +By default, the chart will install Athens with a replica count of 1. To change this, change the `replicaCount` value: + +```console +helm install gomods/athens-proxy -n athens --namespace athens --set replicaCount=3 +``` + ### Give Athens access to private repositories via Github Token (Optional) + 1. Create a token at https://github.com/settings/tokens 2. Provide the token to the Athens proxy either through the [config.toml](https://github.com/gomods/athens/blob/master/config.dev.toml) file (the `GithubToken` field) or by setting the `ATHENS_GITHUB_TOKEN` environment variable. @@ -115,6 +131,12 @@ persistence: storageClass: ``` +Add it to `override-values.yaml` file and run: + +```console +helm install gomods/athens-proxy -n athens --namespace athens -f override-values.yaml +``` + `enabled` is used to turn on the PVC feature of the chart, while the other values relate directly to the values defined in the PersistentVolumeClaim documentation. #### Mongo DB Configuration @@ -122,7 +144,7 @@ persistence: To use the Mongo DB storage provider, you will first need a MongoDB instance. Once you have deployed MongoDB, you can configure Athens using the connection string via `storage.mongo.url`. You will also need to set `storage.type` to "mongo". ``` -helm install ./charts/proxy -n athens --set storage.type=mongo --set storage.mongo.url= +helm install gomods/athens-proxy -n athens --namespace athens --set storage.type=mongo --set storage.mongo.url= ``` ### Kubernetes Service @@ -130,7 +152,7 @@ helm install ./charts/proxy -n athens --set storage.type=mongo --set storage.mon By default, a Kubernetes `ClusterIP` service is created for the Athens proxy. "ClusterIP" is sufficient in the case when the Athens proxy will be used from within the cluster. To expose Athens outside of the cluster, consider using a "NodePort" or "LoadBalancer" service. This can be changed by setting the `service.type` value when installing the chart. For example, to deploy Athens using a NodePort service, the following command could be used: ```console -helm install ./charts/proxy -n athens --set service.type=NodePort +helm install gomods/athens-proxy -n athens --namespace athens --set service.type=NodePort ``` ### Ingress Resource @@ -138,28 +160,53 @@ helm install ./charts/proxy -n athens --set service.type=NodePort The chart can optionally create a Kubernetes [Ingress Resource](https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource) for you as well. To enable this feature, set the `ingress.enabled` resource to true. ```console -helm install ./charts/proxy -n athens --set ingress.enabled=true +helm install gomods/athens-proxy -n athens --namespace athens --set ingress.enabled=true ``` Further configuration values are available in the `values.yaml` file: ```yaml ingress: - enabled: false - # provie key/value annotations + enabled: true annotations: - # Provide an array of values for the ingress host mapping - hosts: - # Provide a base64 encoded cert for TLS use - tls: + certmanager.k8s.io/cluster-issuer: "letsencrypt-prod" + kubernetes.io/tls-acme: "true" + ingress.kubernetes.io/force-ssl-redirect: "true" + kubernetes.io/ingress.class: nginx + hosts: + - athens.mydomain.com + tls: + - secretName: athens.mydomain.com + hosts: + - "athens.mydomain.com ``` -### Replicas +Example above sets automatic creation/retrieval of TLS certificates from [Let's Encrypt](https://letsencrypt.org/) with [cert-manager](https://hub.helm.sh/charts/jetstack/cert-manager) and uses [nginx-ingress controller](https://hub.helm.sh/charts/stable/nginx-ingress) to expose Athens externally to internet. -By default, the chart will install Athens with a replica count of 1. To change this, change the `replicaCount` value: +Add it to `override-values.yaml` file and run: ```console -helm install ./charts/proxy -n athens --set replicaCount=3 +helm install gomods/athens-proxy -n athens --namespace athens -f override-values.yaml +``` + +### Upstream module repository + +You can set the `URL` for the [upstream module repository](https://docs.gomods.io/configuration/upstream/) then Athens will try to download modules from the upstream when it doesn't find them in its own storage. + +You can use `https://gocenter.io` to use JFrog's GoCenter as an upstream here, or you can also use another Athens server as well. + +The example below shows you how to set GoCenter up as upstream module repository: + +```yaml +upstreamProxy: + enabled: true + url: "https://gocenter.io" +``` + +Add it to `override-values.yaml` file and run: + +```console +helm install gomods/athens-proxy -n athens --namespace athens -f override-values.yaml ``` ### .netrc file support @@ -174,5 +221,5 @@ kubectl create secret generic netrcsecret --from-file=./netrc In order to instruct athens to fetch and use the secret, `netrc.enabled` flag must be set to true: ```console -helm install ./charts/proxy -n athens --set netrc.enabled=true +helm install gomods/athens-proxy -n athens --namespace athens --set netrc.enabled=true ```