May 11, 2019 3 min read

Athens on Kubernetes with GoCenter Upstream

In this blog post we’ll learn how to install Athens into a Kubernetes cluster with GoCenter set as an upstream proxy.

Athens is a Go modules repository that you can host privately on your own infrastructure and GoCenter is a public repository for Go modules, one of several ongoing community project contributions from JFrog. When you configure Athens to use GoCenter as an upstream repository, Athens will attempt to fulfill every request for a Go module from GoCenter’s public repository of over 60,000 public modules.

As per Athens' docs, upstream proxy is configured through a filter file. When we install Athens into a Kubernetes cluster through its available Helm chart, however, we don’t create the filter file directly. Instead, we must provide the Helm chart with override settings so it can create the filter file for us correctly in the pod where Athens runs.

Before You Start

To install Athens to a Kubernetes cluster, you’ll need to make sure to have these prerequisite conditions:

A Kubernetes cluster with RBAC enabled
Helm installed with helm init or Tillerless Helm way

In addition, you will want to serve Athens through the secure https protocol using TLS certificates. While not demanded for Athens to function, this is very strongly recommended as a best practice. Complying with this also requires:

A Nginx-ingress controller installed with external LoadBalancer
Cert-manager installed for issuance of TLS certificates from Let's Encrypt

Installing Athens with GoCenter support

The Athens public Helm chart repository provides the fastest and most reliable chart for installing Athens to a Kubernetes cluster.

Step 1: Add the Helm Chart Repository

Using the helm repo add command of the Helm client, add the Athens public Helm chart repository.

$ helm repo add gomods https://athens.blob.core.windows.net/charts
$ helm repo update

Step 2: Define Helm Chart Overrides

To configure GoCenter as the upstream proxy for Athens, as well as configure Athens for TLS (https) protocol, you must prepare anoverride-values.yaml file:

ingress:
  enabled: true
  annotations:
    certmanager.k8s.io/cluster-issuer: "letsencrypt-prod"
    kubernetes.io/tls-acme: "true"
    ingress.kubernetes.io/force-ssl-redirect: "true"
    kubernetes.io/ingress.class: nginx
  hosts: 
    - athens.mydomain.com
  tls:
    - secretName: athens.mydomain.com
      hosts:
        - "athens.mydomain.com"

upstreamProxy:
  enabled: true
  url: "https://gocenter.io"

The example override-values.yaml file above sets automatic creation/retrieval of TLS certificates from Let’s Encrypt with cert-manager and uses nginx-ingress controller to expose Athens externally to internet. It also sets https://Gocenter.io as Athens upstream proxy.

Note: Replace mydomain.com with your domain. You’ll also need to add to your domain DNS A record the LoadBalancer IP address of the nginx-ingress controller, and assign to it athens.mydomain.com.

Step 3: Install Athens

Now you are ready to install Athens through the Helm chart:

$ helm upgrade --install athens --namespace athens gomods/athens-proxy -f override-values.yaml \

NAME:   athens
LAST DEPLOYED: Tue May  7 20:33:57 2019
NAMESPACE: athens
STATUS: DEPLOYED

RESOURCES:
==> v1/ConfigMap
NAME                          DATA  AGE
athens-athens-proxy-upstream  1     2s

==> v1/Deployment
NAME                 READY  UP-TO-DATE  AVAILABLE  AGE
athens-athens-proxy  0/1    1           0          2s

==> v1/Pod(related)
NAME                                         READY  STATUS             RESTARTS  AGE
athens-athens-proxy-59977f698b-lslhw         0/1    ContainerCreating  0         2s
athens-athens-proxy-jaeger-55964f675c-nvgz9  0/1    ContainerCreating  0         2s

==> v1/Service
NAME                        TYPE       CLUSTER-IP  EXTERNAL-IP  PORT(S)                                                  AGE
athens-athens-proxy         ClusterIP  10.44.5.31  <none>       80/TCP                                                   2s
athens-athens-proxy-jaeger  ClusterIP  10.44.2.27  <none>       14268/TCP,5775/UDP,6831/UDP,6832/UDP,5778/TCP,16686/TCP  2s

==> v1beta1/Deployment
NAME                        READY  UP-TO-DATE  AVAILABLE  AGE
athens-athens-proxy-jaeger  0/1    1           0          2s

==> v1beta1/Ingress
NAME                 HOSTS                ADDRESS  PORTS  AGE
athens-athens-proxy  athens.mydomain.com  80, 443  2s

NOTES:
The Athens can be accessed via URL: \
 https://athens.mydomain.com

Step 4: Set GOPROXY to Athens

With Athens installed into your Kubernetes cluster, you can set your GOPROXY environment variable to the mydomain.com URL for Athens.

$ export GOPROXY=https://athens.mydomain.com

NOTE: Remember to replace mydomain.com with your domain.

Once set, the go client will resolve all module requests to Athens, which will in turn fulfill those requests from GoCenter.

Verifying Results

Once Athens is installed, you can use kubectl to check that pods are running:

$ kubectl -n athens get pods
NAME                                          READY   STATUS    RESTARTS   AGE
athens-athens-proxy-59977f698b-lslhw          1/1     Running   0          54s
athens-athens-proxy-jaeger-55964f675c-nvgz9   1/1     Running   0          54s

Now Kubernetes is ready to steer Athens in its clusters, and your development team can share the full benefits of Athens and GoCenter together.

Enjoy your new Kubernetes-ified Athens deployment! And keep on rockin', Gophers.

gophers