Steer Athens on Kubernetes with GoCenter Upstream
UPDATE: As of May 1, 2021 – GoCenter central repository has been sunset and all features deprecated. For more information on the sunsetting of the centers read the deprecation blog post
In a previous JFrog blog post we explored how to use Project Athens for Go modules with GoCenter as an upstream proxy. In this follow-up, we’ll examine how to install Athens into a Kubernetes cluster with GoCenter set as an upstream proxy.
Athens is a Go modules repository that you can host privately on your own infrastructure. GoCenter is a public repository for Go modules, one of several ongoing community project contributions from JFrog, the creator of Artifactory. When you configure Athens to use GoCenter as an upstream repository, Athens will attempt to fulfill every request for a Go module from GoCenter’s public repository of over 60,000 public modules.
As seen in the prior blog post, Athens’ upstream proxy is configured through a filter file. When we install Athens into a K8s cluster through its available Helm chart, however, we don’t create the filter file directly. Instead, we must provide the Helm chart with override settings so it can create the filter file for us correctly in the pod where Athens runs.
Before You Start
To install Athens to a Kubernetes cluster, you’ll need to make sure to have these prerequisite conditions:
- A K8s cluster with RBAC enabled
- Helm installed with `helm init` or Tillerless Helm way
In addition, you will want to serve Athens through the secure https protocol using TLS certificates. While not demanded for Athens to function, this is very strongly recommended as a best practice. Complying with this also requires:
- A Nginx-ingress controller installed with external LoadBalancer
- Cert-manager installed
Installing Athens with GoCenter support
The Athens public Helm chart repository provides the fastest and most reliable chart for installing Athens to a K8s cluster.
Step 1: Add the Helm Chart Repository
Using the helm repo add command of the Helm client, add the Athens public Helm chart repository.
$ helm repo add gomods https://athens.blob.core.windows.net/charts $ helm repo update
Step 2: Define Helm Chart Overrides
To configure GoCenter as the upstream proxy for Athens, as well as configure Athens for TLS (https) protocol, you must prepare anoverride-values.yaml
file:
ingress: enabled: true annotations: certmanager.k8s.io/cluster-issuer: "letsencrypt-prod" kubernetes.io/tls-acme: "true" ingress.kubernetes.io/force-ssl-redirect: "true" kubernetes.io/ingress.class: nginx hosts: - athens.mydomain.com tls: - secretName: athens.mydomain.com hosts: - "athens.mydomain.com" upstreamProxy: enabled: true url: "https://gocenter.io"
The example `override-values.yaml` file above sets automatic creation/retrieval of TLS certificates from Let’s Encrypt with cert-manager and uses nginx-ingress controller to expose Athens externally to internet. It also sets https://gocenter.io
as Athens upstream proxy.
Note: Replace mydomain.com
with your domain. You’ll also need to add to your domain DNS A record the LoadBalancer IP address of the nginx-ingress controller, and assign to it athens.mydomain.com
.
Step 3: Install Athens
Now you are ready to install Athens through the Helm chart:
$ helm upgrade --install athens --namespace athens gomods/athens-proxy -f override-values.yaml NAME: athens LAST DEPLOYED: Tue May 7 20:33:57 2019 NAMESPACE: athens STATUS: DEPLOYED RESOURCES: ==> v1/ConfigMap NAME DATA AGE athens-athens-proxy-upstream 1 2s ==> v1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE athens-athens-proxy 0/1 1 0 2s ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE athens-athens-proxy-59977f698b-lslhw 0/1 ContainerCreating 0 2s athens-athens-proxy-jaeger-55964f675c-nvgz9 0/1 ContainerCreating 0 2s ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE athens-athens-proxy ClusterIP 10.44.5.31 80/TCP 2s athens-athens-proxy-jaeger ClusterIP 10.44.2.27 14268/TCP,5775/UDP,6831/UDP,6832/UDP,5778/TCP,16686/TCP 2s ==> v1beta1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE athens-athens-proxy-jaeger 0/1 1 0 2s ==> v1beta1/Ingress NAME HOSTS ADDRESS PORTS AGE athens-athens-proxy athens.mydomain.com 80, 443 2s
The Athens instance can be accessed by the URL https://athens.mydomain.com
.
Step 4: Set GOPROXY to Athens
With Athens installed into your Kubernetes cluster, you can set your GOPROXY environment variable to the mydomain.com
URL for Athens.
$ export GOPROXY=https://athens.mydomain.com
Note: Remember to replace mydomain.com
with your domain.
Once set, the go
client will resolve all module requests to Athens, which will in turn fulfill those requests from GoCenter.
Verifying Results
Once Athens is installed, you can use kubectl to check that pods are running:
$ kubectl -n athens get pods NAME READY STATUS RESTARTS AGE athens-athens-proxy-59977f698b-lslhw 1/1 Running 0 54s athens-athens-proxy-jaeger-55964f675c-nvgz9 1/1 Running 0 54s
Now Kubernetes is ready to steer Athens in its clusters, and your development team can share the full benefits of Athens and GoCenter together.