389a8460e4
### Benefits Can protect metrics endpoint with `Bearer` token authentication provided by gitea. see PR #637 for previous discussion. ### Possible drawbacks No possible drawbacks ### Applicable issues - fixes #635 ### Additional information ``` gitea: metrics: enabled: true token: "somepassword" serviceMonitor: enabled: true ``` Using above configuration is sufficient to secure /metrics endpoint with bearer token and corresponding ServiceMonitor. ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [ ] ~~Breaking changes are documented in the `README.md`~~ Not applicable - [x] Templating unittests are added Signed-off-by: Hitesh Nayak <hiteshnayak305@gmail.com> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/719 Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.com> Co-authored-by: Hitesh Nayak <hiteshnayak305@gmail.com> Co-committed-by: Hitesh Nayak <hiteshnayak305@gmail.com>
71 lines
2.0 KiB
YAML
71 lines
2.0 KiB
YAML
suite: ServiceMonitor template (monitoring enabled)
|
|
release:
|
|
name: gitea-unittests
|
|
namespace: testing
|
|
templates:
|
|
- templates/gitea/servicemonitor.yaml
|
|
tests:
|
|
- it: renders unsecure ServiceMonitor if gitea.metrics.token nil
|
|
set:
|
|
gitea.metrics.enabled: true
|
|
gitea.metrics.token:
|
|
gitea.metrics.serviceMonitor.enabled: true
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- documentIndex: 0
|
|
containsDocument:
|
|
kind: ServiceMonitor
|
|
apiVersion: monitoring.coreos.com/v1
|
|
name: gitea-unittests
|
|
- isNotNullOrEmpty:
|
|
path: metadata.labels
|
|
- equal:
|
|
path: spec.endpoints
|
|
value:
|
|
- port: http
|
|
- it: renders unsecure ServiceMonitor if gitea.metrics.token empty
|
|
set:
|
|
gitea.metrics.enabled: true
|
|
gitea.metrics.token: ""
|
|
gitea.metrics.serviceMonitor.enabled: true
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- documentIndex: 0
|
|
containsDocument:
|
|
kind: ServiceMonitor
|
|
apiVersion: monitoring.coreos.com/v1
|
|
name: gitea-unittests
|
|
- isNotNullOrEmpty:
|
|
path: metadata.labels
|
|
- equal:
|
|
path: spec.endpoints
|
|
value:
|
|
- port: http
|
|
- it: renders secure ServiceMonitor if gitea.metrics.token not empty
|
|
set:
|
|
gitea.metrics.enabled: true
|
|
gitea.metrics.token: "test-token"
|
|
gitea.metrics.serviceMonitor.enabled: true
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- documentIndex: 0
|
|
containsDocument:
|
|
kind: ServiceMonitor
|
|
apiVersion: monitoring.coreos.com/v1
|
|
name: gitea-unittests
|
|
- isNotNullOrEmpty:
|
|
path: metadata.labels
|
|
- equal:
|
|
path: spec.endpoints
|
|
value:
|
|
- port: http
|
|
authorization:
|
|
type: Bearer
|
|
credentials:
|
|
name: gitea-unittests-metrics-secret
|
|
key: token
|
|
optional: false
|