hogweed1/k8s
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new way of doin
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
root
2023-11-16 19:42:02 +10:00
parent 77ec717184
commit 1eaf295724
341 changed files with 19416 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
helm-charts/consul-k8s Submodule

Submodule helm-charts/consul-k8s added at 7215ec05d0

30
helm-charts/dashy/.helmignore Normal file
View File

@@ -0,0 +1,30 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# OWNERS file for Kubernetes
OWNERS
# helm-docs templates
*.gotmpl
# docs folder
/docs
# icon
icon.png

215
helm-charts/dashy/CHANGELOG.md Normal file
View File

@@ -0,0 +1,215 @@
# Changelog
## [dashy-1.0.0](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-1.0.0) (2022-11-10)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Major Change to GUI
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
- update helm general non-major ([#4349](https://github.com/truecharts/charts/issues/4349))
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
### Fix
- change container config label
## [dashy-0.0.13](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.13) (2022-11-08)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
- update helm general non-major ([#4349](https://github.com/truecharts/charts/issues/4349))
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
## [dashy-0.0.12](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.12) (2022-11-08)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
## [dashy-0.0.12](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.12) (2022-11-08)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
## [dashy-0.0.12](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.12) (2022-11-08)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
## [dashy-0.0.11](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.11) (2022-11-07)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
## [dashy-0.0.11](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.11) (2022-11-06)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
## [dashy-0.0.10](https://github.com/truecharts/charts/compare/dashy-0.0.9...dashy-0.0.10) (2022-11-06)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major ([#4317](https://github.com/truecharts/charts/issues/4317))
## [dashy-0.0.9](https://github.com/truecharts/charts/compare/dashy-0.0.8...dashy-0.0.9) (2022-11-05)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major ([#4308](https://github.com/truecharts/charts/issues/4308))
## [dashy-0.0.8](https://github.com/truecharts/charts/compare/dashy-0.0.7...dashy-0.0.8) (2022-11-02)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major ([#4261](https://github.com/truecharts/charts/issues/4261))
## [dashy-0.0.7](https://github.com/truecharts/charts/compare/dashy-0.0.6...dashy-0.0.7) (2022-10-25)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major ([#4182](https://github.com/truecharts/charts/issues/4182))
## [dashy-0.0.6](https://github.com/truecharts/charts/compare/dashy-0.0.5...dashy-0.0.6) (2022-10-19)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major ([#4122](https://github.com/truecharts/charts/issues/4122))
## [dashy-0.0.5](https://github.com/truecharts/charts/compare/dashy-0.0.4...dashy-0.0.5) (2022-10-12)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major ([#4071](https://github.com/truecharts/charts/issues/4071))
## [dashy-0.0.4](https://github.com/truecharts/charts/compare/dashy-0.0.3...dashy-0.0.4) (2022-10-07)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major
## [dashy-0.0.4](https://github.com/truecharts/charts/compare/dashy-0.0.3...dashy-0.0.4) (2022-10-07)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major
## [dashy-0.0.3](https://github.com/truecharts/charts/compare/dashy-0.0.2...dashy-0.0.3) (2022-10-05)
### Chore
- Auto-update chart README [skip ci]
- split addons in smaller templates ([#3979](https://github.com/truecharts/charts/issues/3979))
- update helm general non-major
## [dashy-0.0.2](https://github.com/truecharts/charts/compare/dashy-0.0.1...dashy-0.0.2) (2022-09-27)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major ([#3918](https://github.com/truecharts/charts/issues/3918))
## [dashy-0.0.1]dashy-0.0.1 (2022-09-25)
### Feat
- add dashy ([#3887](https://github.com/truecharts/charts/issues/3887))

6
helm-charts/dashy/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 14.3.5
digest: sha256:b7cb6511c16fc5f11e4769ebf0c48524b2522a0408b8de14207cdf19109996c6
generated: "2023-11-08T22:28:31.22683905Z"

26
helm-charts/dashy/Chart.yaml Normal file
View File

@@ -0,0 +1,26 @@
annotations:
truecharts.org/SCALE-support: "true"
truecharts.org/category: dashboard
truecharts.org/grade: U
apiVersion: v2
appVersion: 2.1.1
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 14.3.5
description: Dashy helps you organize your self-hosted services by making them accessible
from a single place
home: https://truecharts.org/charts/stable/dashy
icon: https://truecharts.org/img/hotlink-ok/chart-icons/dashy.png
keywords:
- dashboard
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: dashy
sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/dashy
- https://github.com/Lissy93/dashy
version: 3.0.27

27
helm-charts/dashy/README.md Normal file
View File

@@ -0,0 +1,27 @@
# README
## General Info
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
However only installations using the TrueNAS SCALE Apps system are supported.
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/)
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
## Support
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
- See the [Website](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
---
## Sponsor TrueCharts
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
*All Rights Reserved - The TrueCharts Project*

23
helm-charts/dashy/charts/common/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

17
helm-charts/dashy/charts/common/Chart.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v2
appVersion: latest
description: Function library for TrueCharts
home: https://github.com/truecharts/apps/tree/master/charts/common
icon: https://avatars.githubusercontent.com/u/76400755
keywords:
- truecharts
- library-chart
- common
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: common
type: library
version: 14.3.5

106
helm-charts/dashy/charts/common/LICENSE Normal file
View File

@@ -0,0 +1,106 @@
Business Source License 1.1
Parameters
Licensor: The TrueCharts Project, it's owner and it's contributors
Licensed Work: The TrueCharts "Common" Helm Chart
Additional Use Grant: You may use the licensed work in production, as long
as it is directly sourced from a TrueCharts provided
official repository, catalog or source. You may also make private
modification to the directly sourced licenced work,
when used in production.
The following cases are, due to their nature, also
defined as 'production use' and explicitly prohibited:
- Bundling, including or displaying the licensed work
with(in) another work intended for production use,
with the apparent intend of facilitating and/or
promoting production use by third parties in
violation of this license.
Change Date: 2050-01-01
Change License: 3-clause BSD license
For information about alternative licensing arrangements for the Software,
please contact: legal@truecharts.org
Notice
The Business Source License (this document, or the “License”) is not an Open
Source license. However, the Licensed Work will eventually be made available
under an Open Source License, as stated in this License.
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
“Business Source License” is a trademark of MariaDB Corporation Ab.
-----------------------------------------------------------------------------
Business Source License 1.1
Terms
The Licensor hereby grants you the right to copy, modify, create derivative
works, redistribute, and make non-production use of the Licensed Work. The
Licensor may make an Additional Use Grant, above, permitting limited
production use.
Effective on the Change Date, or the fourth anniversary of the first publicly
available distribution of a specific version of the Licensed Work under this
License, whichever comes first, the Licensor hereby grants you rights under
the terms of the Change License, and the rights granted in the paragraph
above terminate.
If your use of the Licensed Work does not comply with the requirements
currently in effect as described in this License, you must purchase a
commercial license from the Licensor, its affiliated entities, or authorized
resellers, or you must refrain from using the Licensed Work.
All copies of the original and modified Licensed Work, and derivative works
of the Licensed Work, are subject to this License. This License applies
separately for each version of the Licensed Work and the Change Date may vary
for each version of the Licensed Work released by Licensor.
You must conspicuously display this License on each original or modified copy
of the Licensed Work. If you receive the Licensed Work in original or
modified form from a third party, the terms and conditions set forth in this
License apply to your use of that work.
Any use of the Licensed Work in violation of this License will automatically
terminate your rights under this License for the current and all other
versions of the Licensed Work.
This License does not grant you any right in any trademark or logo of
Licensor or its affiliates (provided that you may use a trademark or logo of
Licensor as expressly required by this License).
TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
TITLE.
MariaDB hereby grants you permission to use this Licenses text to license
your works, and to refer to it using the trademark “Business Source License”,
as long as you comply with the Covenants of Licensor below.
Covenants of Licensor
In consideration of the right to use this Licenses text and the “Business
Source License” name and trademark, Licensor covenants to MariaDB, and to all
other recipients of the licensed work to be provided by Licensor:
1. To specify as the Change License the GPL Version 2.0 or any later version,
or a license that is compatible with GPL Version 2.0 or a later version,
where “compatible” means that software provided under the Change License can
be included in a program with software provided under GPL Version 2.0 or a
later version. Licensor may specify additional Change Licenses without
limitation.
2. To either: (a) specify an additional grant of rights to use that does not
impose any additional restriction on the right granted in this License, as
the Additional Use Grant; or (b) insert the text “None”.
3. To specify a Change Date.
4. Not to modify this License in any other way.

24
helm-charts/dashy/charts/common/README.md Normal file
View File

@@ -0,0 +1,24 @@
# Common Library
## Naming Scheme
- ServiceAccount:
- Primary: `$FullName`
- Others: `$FullName-$ServiceAccountName`
- RBAC:
- Primary: `$FullName`
- Others: `$FullName-$RBACName`
- Service:
- Primary: `$FullName`
- Others: `$FullName-$ServiceName`
- Pods:
- Primary: `$FullName`
- Others: `$FullName-$PodName`
- Containers: `$ContainerName`
- ConfigMap: `$FullName-$ConfigMapName`
- Secret: `$FullName-$SecretName`
- Scale Certificate: `$FullName-$CertName`
- Scale External Interface: `ix-$ReleaseName-$index`
> Full name -> `$ReleaseName-$ChartName`
> Any name that exceeds 63 characters, will throw an error

53
helm-charts/dashy/charts/common/templates/addons/code-server/_codeserver.tpl Normal file
View File

@@ -0,0 +1,53 @@
{{/*
Template to render code-server addon
It will include / inject the required templates based on the given values.
*/}}
{{- define "tc.v1.common.addon.codeserver" -}}
{{- $targetSelector := "main" -}}
{{- if $.Values.addons.codeserver.targetSelector -}}
{{- $targetSelector = $.Values.addons.codeserver.targetSelector -}}
{{- end -}}
{{- if .Values.addons.codeserver.enabled -}}
{{/* Append the code-server container to the workloads */}}
{{- $container := include "tc.v1.common.addon.codeserver.container" . | fromYaml -}}
{{- if $container -}}
{{- $workload := get $.Values.workload $targetSelector -}}
{{- $_ := set $workload.podSpec.containers "codeserver" $container -}}
{{- end -}}
{{- $hasPrimaryService := false -}}
{{- range $svcName, $svcValues := .Values.service -}}
{{- if $svcValues.enabled -}}
{{- if $svcValues.primary -}}
{{- $hasPrimaryService = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Add the code-server service */}}
{{- if .Values.addons.codeserver.service.enabled -}}
{{- $serviceValues := .Values.addons.codeserver.service -}}
{{- $_ := set $serviceValues "targetSelector" $targetSelector -}}
{{- if not $hasPrimaryService -}}
{{- $_ := set $serviceValues "primary" true -}}
{{- end -}}
{{- $_ := set .Values.service "codeserver" $serviceValues -}}
{{- end -}}
{{/* Add the code-server ingress */}}
{{- if .Values.addons.codeserver.ingress.enabled -}}
{{- $ingressValues := .Values.addons.codeserver.ingress -}}
{{- $_ := set $ingressValues "nameOverride" "codeserver" -}}
{{/* Determine the target service name & port */}}
{{- $svcName := printf "%v-codeserver" (include "tc.v1.common.names.fullname" .) -}}
{{- $svcPort := .Values.addons.codeserver.service.ports.codeserver.port -}}
{{- range $_, $host := $ingressValues.hosts -}}
{{- $_ := set (index $host.paths 0) "service" (dict "name" $svcName "port" $svcPort) -}}
{{- end -}}
{{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}}
{{- include "tc.v1.common.class.ingress" $ -}}
{{- $_ := unset $ "ObjectValues" -}}
{{- end -}}
{{- end -}}
{{- end -}}

46
helm-charts/dashy/charts/common/templates/addons/code-server/_container.tpl Normal file
View File

@@ -0,0 +1,46 @@
{{/*
The code-server sidecar container to be inserted.
*/}}
{{- define "tc.v1.common.addon.codeserver.container" -}}
enabled: true
probes:
liveness:
enabled: true
port: {{ .Values.addons.codeserver.service.ports.codeserver.port }}
path: "/"
readiness:
enabled: true
port: {{ .Values.addons.codeserver.service.ports.codeserver.port }}
path: "/"
startup:
enabled: true
port: {{ .Values.addons.codeserver.service.ports.codeserver.port }}
path: "/"
imageSelector: "codeserverImage"
imagePullPolicy: {{ .Values.codeserverImage.pullPolicy }}
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
env:
{{- range $envList := .Values.addons.codeserver.envList -}}
{{- if and $envList.name $envList.value }}
{{ $envList.name }}: {{ $envList.value | quote }}
{{- else }}
{{- fail "Please specify name/value for codeserver environment variable" -}}
{{- end -}}
{{- end -}}
{{- with .Values.addons.codeserver.env -}}
{{- range $k, $v := . }}
{{ $k }}: {{ $v | quote }}
{{- end -}}
{{- end }}
args:
{{- range .Values.addons.codeserver.args }}
- {{ . | quote }}
{{- end }}
- "--port"
- "{{ .Values.addons.codeserver.service.ports.codeserver.port }}"
- {{ .Values.addons.codeserver.workingDir | default "/" }}
{{- end -}}

44
helm-charts/dashy/charts/common/templates/addons/netshoot/_container.tpl Normal file
View File

@@ -0,0 +1,44 @@
{{/*
The code-server sidecar container to be inserted.
*/}}
{{- define "tc.v1.common.addon.netshoot.container" -}}
enabled: true
command:
- /bin/sh
- -c
- sleep infinity
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
imageSelector: "netshootImage"
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
env:
{{- range $envList := $.Values.addons.netshoot.envList -}}
{{- if and $envList.name $envList.value }}
{{ $envList.name }}: {{ $envList.value | quote }}
{{- else }}
{{- fail "Please specify name/value for netshoot environment variable" -}}
{{- end -}}
{{- end -}}
{{- with $.Values.addons.netshoot.env -}}
{{- range $k, $v := . }}
{{ $k }}: {{ $v | quote }}
{{- end -}}
{{- end }}
args:
{{- range $.Values.addons.netshoot.args }}
- {{ . | quote }}
{{- end }}
{{- end -}}

15
helm-charts/dashy/charts/common/templates/addons/netshoot/_netshoot.tpl Normal file
View File

@@ -0,0 +1,15 @@
{{/*
Template to render code-server addon
It will include / inject the required templates based on the given values.
*/}}
{{- define "tc.v1.common.addon.netshoot" -}}
{{- $targetSelector := "main" -}}
{{- if .Values.addons.netshoot.enabled -}}
{{/* Append the code-server container to the workloads */}}
{{- $container := include "tc.v1.common.addon.netshoot.container" . | fromYaml -}}
{{- if $container -}}
{{- $workload := get $.Values.workload $targetSelector -}}
{{- $_ := set $workload.podSpec.containers "netshoot" $container -}}
{{- end -}}
{{- end -}}
{{- end -}}

16
helm-charts/dashy/charts/common/templates/addons/vpn/_configmap.tpl Normal file
View File

@@ -0,0 +1,16 @@
{{/*
The VPN config and scripts to be included.
*/}}
{{- define "tc.v1.common.addon.vpn.configmap" -}}
enabled: true
data:
{{- with .Values.addons.vpn.scripts.up }}
up.sh: |-
{{- . | nindent 4 }}
{{- end -}}
{{- with .Values.addons.vpn.scripts.down }}
down.sh: |-
{{- . | nindent 4 }}
{{- end -}}
{{- end -}}

64
helm-charts/dashy/charts/common/templates/addons/vpn/_gluetunContainer.tpl Normal file
View File

@@ -0,0 +1,64 @@
{{/*
The gluetun sidecar container to be inserted.
*/}}
{{- define "tc.v1.common.addon.vpn.gluetun.container" -}}
enabled: true
imageSelector: gluetunImage
probes:
{{- if $.Values.addons.vpn.livenessProbe }}
liveness:
{{- toYaml . | nindent 2 }}
{{- else }}
liveness:
enabled: false
{{- end }}
readiness:
enabled: false
startup:
enabled: false
securityContext:
runAsUser: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
runAsGroup: 568
capabilities:
add:
- NET_ADMIN
- NET_RAW
- MKNOD
- SYS_MODULE
env:
DNS_KEEP_NAMESERVER: "on"
DOT: "off"
{{- if $.Values.addons.vpn.killSwitch }}
{{- $excludednetworks := ( printf "%v,%v" $.Values.chartContext.podCIDR $.Values.chartContext.svcCIDR ) -}}
{{- range $.Values.addons.vpn.excludedNetworks_IPv4 -}}
{{- $excludednetworks = ( printf "%v,%v" $excludednetworks . ) -}}
{{- end }}
{{- range $.Values.addons.vpn.excludedNetworks_IPv6 -}}
{{- $excludednetworksv6 = ( printf "%v,%v" $excludednetworks . ) -}}
{{- end }}
FIREWALL: "on"
FIREWALL_OUTBOUND_SUBNETS: {{ $excludednetworks | quote }}
{{- else }}
FIREWALL: "off"
{{- end }}
{{- with $.Values.addons.vpn.env }}
{{- . | toYaml | nindent 2 }}
{{- end -}}
{{- range $envList := $.Values.addons.vpn.envList -}}
{{- if and $envList.name $envList.value }}
{{ $envList.name }}: {{ $envList.value | quote }}
{{- else -}}
{{- fail "Please specify name/value for VPN environment variable" -}}
{{- end -}}
{{- end -}}
{{- with $.Values.addons.vpn.args }}
args:
{{- . | toYaml | nindent 2 }}
{{- end }}
{{- end -}}

73
helm-charts/dashy/charts/common/templates/addons/vpn/_openvpnContainer.tpl Normal file
View File

@@ -0,0 +1,73 @@
{{/*
The gluetun sidecar container to be inserted.
*/}}
{{- define "tc.v1.common.addon.vpn.openvpn.container" -}}
enabled: true
imageSelector: openvpnImage
probes:
{{- if $.Values.addons.vpn.livenessProbe }}
liveness:
{{- toYaml . | nindent 2 }}
{{- else }}
liveness:
enabled: false
{{- end }}
readiness:
enabled: false
startup:
enabled: false
securityContext:
runAsUser: 0
runAsGroup: 0
capabilities:
add:
- NET_ADMIN
- NET_RAW
- MKNOD
- SYS_MODULE
env:
{{- with $.Values.addons.vpn.env }}
{{- . | toYaml | nindent 2 }}
{{- end }}
{{- if and $.Values.addons.vpn.openvpn.username $.Values.addons.vpn.openvpn.password }}
VPN_AUTH: {{ (printf "%v;%v" $.Values.addons.vpn.openvpn.username $.Values.addons.vpn.openvpn.password) }}
{{- end -}}
{{- if $.Values.addons.vpn.killSwitch }}
{{- $ipv4list := $.Values.addons.vpn.excludedNetworks_IPv4 }}
{{- if $.Values.chartContext.podCIDR }}
{{- $ipv4list = append $ipv4list $.Values.chartContext.podCIDR }}
{{- end }}
{{- if $.Values.chartContext.svcCIDR }}
{{- $ipv4list = append $ipv4list $.Values.chartContext.svcCIDR }}
{{- end }}
FIREWALL: "ON"
{{- range $index, $value := $ipv4list }}
ROUTE_{{ add $index 1 }}: {{ $value | quote }}
{{- end }}
{{- if $.Values.addons.vpn.excludedNetworks_IPv6 }}
{{- $excludednetworksv6 := "" -}}
{{- range $.Values.addons.vpn.excludedNetworks_IPv4 -}}
{{- $excludednetworksv6 = ( printf "%v;%v" $excludednetworksv6 . ) -}}
{{- end }}
{{- range $index, $value := $.Values.addons.vpn.excludedNetworks_IPv6 }}
ROUTE6_{{ add $index 1 }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end -}}
{{- range $envList := $.Values.addons.vpn.envList -}}
{{- if and $envList.name $envList.value }}
{{ $envList.name }}: {{ $envList.value | quote }}
{{- else -}}
{{- fail "Please specify name/value for VPN environment variable" -}}
{{- end -}}
{{- end -}}
{{- with $.Values.addons.vpn.args }}
args:
{{- . | toYaml | nindent 2 }}
{{- end -}}
{{- end -}}

9
helm-charts/dashy/charts/common/templates/addons/vpn/_secret.tpl Normal file
View File

@@ -0,0 +1,9 @@
{{/*
The OpenVPN config secret to be included.
*/}}
{{- define "tc.v1.common.addon.vpn.secret" -}}
enabled: true
data:
vpn.conf: |-
{{- .Values.addons.vpn.config | nindent 4 }}
{{- end -}}

87
helm-charts/dashy/charts/common/templates/addons/vpn/_tailscaleContainer.tpl Normal file
View File

@@ -0,0 +1,87 @@
{{/*
The Tailscale sidecar container to be inserted.
*/}}
{{- define "tc.v1.common.addon.vpn.tailscale.container" -}}
enabled: true
imageSelector: "tailscaleImage"
probes:
{{- if $.Values.addons.vpn.livenessProbe }}
liveness:
{{- toYaml . | nindent 2 }}
{{- else }}
liveness:
enabled: false
{{- end }}
readiness:
enabled: false
startup:
enabled: false
command:
- /usr/local/bin/containerboot
securityContext:
{{- if $.Values.addons.vpn.tailscale.userspace }}
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: false
readOnlyRootFilesystem: true
{{- else }}
runAsUser: 0
runAsGroup: 0
runAsNonRoot: true
readOnlyRootFilesystem: false
{{- end }}
capabilities:
add:
- NET_ADMIN
- NET_RAW
{{/*
Set KUBE_SECRET to empty string to force tailscale
to use the filesystem for state tracking.
With secret for state tracking you can't always
know if the app that uses this sidecard will
use a custom ServiceAccount and will lead to falure.
*/}}
env:
TS_KUBE_SECRET: ""
TS_SOCKET: /var/run/tailscale/tailscaled.sock
TS_STATE_DIR: /var/lib/tailscale/state
TS_AUTH_ONCE: {{ $.Values.addons.vpn.tailscale.auth_once | quote }}
TS_USERSPACE: {{ $.Values.addons.vpn.tailscale.userspace | quote }}
TS_ACCEPT_DNS: {{ $.Values.addons.vpn.tailscale.accept_dns | quote }}
{{- with $.Values.addons.vpn.tailscale.outbound_http_proxy_listen }}
TS_OUTBOUND_HTTP_PROXY_LISTEN: {{ . }}
{{- end -}}
{{- with $.Values.addons.vpn.tailscale.routes }}
TS_ROUTES: {{ . }}
{{- end -}}
{{- with $.Values.addons.vpn.tailscale.dest_ip }}
TS_DEST_IP: {{ . }}
{{- end -}}
{{- with $.Values.addons.vpn.tailscale.sock5_server }}
TS_SOCKS5_SERVER: {{ . }}
{{- end -}}
{{- with $.Values.addons.vpn.tailscale.extra_args }}
TS_EXTRA_ARGS: {{ . | quote }}
{{- end -}}
{{- with $.Values.addons.vpn.tailscale.daemon_extra_args }}
TS_TAILSCALED_EXTRA_ARGS: {{ . | quote }}
{{- end -}}
{{- with $.Values.addons.vpn.tailscale.authkey }}
TS_AUTH_KEY: {{ . }}
{{- end }}
{{- range $envList := $.Values.addons.vpn.envList -}}
{{- if and $envList.name $envList.value }}
{{ $envList.name }}: {{ $envList.value | quote }}
{{- else -}}
{{- fail "Please specify name/value for VPN environment variable" -}}
{{- end -}}
{{- end -}}
{{- with $.Values.addons.vpn.env -}}
{{- range $k, $v := . }}
{{ $k }}: {{ $v | quote }}
{{- end -}}
{{- end }}
{{- end -}}

112
helm-charts/dashy/charts/common/templates/addons/vpn/_volume.tpl Normal file
View File

@@ -0,0 +1,112 @@
{{/*
The volume (referencing VPN scripts) to be inserted into persistence.
*/}}
{{- define "tc.v1.common.addon.vpn.volume.scripts" -}}
{{- $basePath := (include "tc.v1.common.addon.vpn.volume.basePath" .) }}
enabled: true
type: configmap
objectName: vpnscripts
expandObjectName: false
defaultMode: "0777"
items:
{{- if .Values.addons.vpn.scripts.up }}
- key: up.sh
path: up.sh
{{- end -}}
{{- if .Values.addons.vpn.scripts.down }}
- key: down.sh
path: down.sh
{{- end }}
targetSelector:
{{- range .Values.addons.vpn.targetSelector }}
{{ . }}:
vpn:
mountPath: {{ $basePath }}
{{- end -}}
{{- end -}}
{{/*
The volume (referencing VPN config) to be inserted into persistence.
*/}}
{{- define "tc.v1.common.addon.vpn.volume.config" -}}
{{- $basePath := (include "tc.v1.common.addon.vpn.volume.basePath" .) }}
{{- $mountPath := $basePath }}
enabled: true
{{- if or .Values.addons.vpn.config .Values.addons.vpn.existingSecret }}
type: secret
defaultMode: "0777"
items:
- key: vpn.conf
path: vpn.conf
{{- if .Values.addons.vpn.existingSecret }}
objectName: {{ .Values.addons.vpn.existingSecret }}
expandObjectName: false
{{- else }}
objectName: vpnconfig
expandObjectName: true
{{- end -}}
{{- else }}
{{- $mountPath = (printf "%s/vpn.conf" $basePath) }}
type: hostPath
hostPath: {{ .Values.addons.vpn.configFile | default "/vpn" }}
hostPathType: "File"
autoPermissions:
enabled: true
chown: true
user: 568
group: 568
{{- end }}
targetSelector:
{{- range .Values.addons.vpn.targetSelector }}
{{ . }}:
vpn:
mountPath: {{ $mountPath }}
{{- end -}}
{{- end -}}
{{/*
The volume (referencing VPN config folder) to be inserted into persistence.
*/}}
{{- define "tc.v1.common.addon.vpn.volume.folder" -}}
{{- $basePath := (include "tc.v1.common.addon.vpn.volume.basePath" .) }}
enabled: true
type: hostPath
hostPath: {{ .Values.addons.vpn.configFolder | quote }}
autoPermissions:
enabled: true
chown: true
user: 568
group: 568
targetSelector:
{{- range .Values.addons.vpn.targetSelector }}
{{ . }}:
vpn:
mountPath: {{ $basePath }}
{{- end -}}
{{- end -}}
{{/*
The empty tailscale folder
*/}}
{{- define "tc.v1.common.addon.vpn.volume.tailscale" -}}
enabled: true
type: emptyDir
targetSelector:
{{- range .Values.addons.vpn.targetSelector }}
{{ . }}:
tailscale:
mountPath: /var/lib/tailscale
{{- end -}}
{{- end -}}
{{- define "tc.v1.common.addon.vpn.volume.basePath" -}}
{{- $basePath := "/vpn" -}} {{/* Base Path for OVPN */}}
{{- if eq .Values.addons.vpn.type "wireguard" -}}
{{- $basePath = "/etc/wireguard" -}} {{/* Base Path for Wireguard */}}
{{- else if eq .Values.addons.vpn.type "gluetun" -}}
{{- $basePath = "/gluetun" -}} {{/* Base Path for Gluetun */}}
{{- end -}}
{{- $basePath -}}
{{- end -}}

94
helm-charts/dashy/charts/common/templates/addons/vpn/_vpn.tpl Normal file
View File

@@ -0,0 +1,94 @@
{{/*
Template to render VPN addon
It will include / inject the required templates based on the given values.
*/}}
{{- define "tc.v1.common.addon.vpn" -}}
{{- if ne "disabled" .Values.addons.vpn.type -}}
{{- if .Values.addons.vpn.config -}}
{{/* Append the vpn config secret to the secrets */}}
{{- $secret := include "tc.v1.common.addon.vpn.secret" . | fromYaml -}}
{{- if $secret -}}
{{- $_ := set .Values.secret "vpnconfig" $secret -}}
{{- end -}}
{{- end }}
{{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
{{/* Append the vpn up/down scripts to the configmaps */}}
{{- $configmap := include "tc.v1.common.addon.vpn.configmap" . | fromYaml -}}
{{- if $configmap -}}
{{- $_ := set .Values.configmap "vpnscripts" $configmap -}}
{{- end -}}
{{- end }}
{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.config .Values.addons.vpn.existingSecret -}}
{{/* Append the vpn config to the persistence */}}
{{- $configper := include "tc.v1.common.addon.vpn.volume.config" . | fromYaml -}}
{{- if $configper -}}
{{- $_ := set .Values.persistence "vpnconfig" $configper -}}
{{- end -}}
{{- end -}}
{{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
{{/* Append the vpn scripts to the persistence */}}
{{- $scriptsper := include "tc.v1.common.addon.vpn.volume.scripts" . | fromYaml -}}
{{- if $scriptsper -}}
{{- $_ := set .Values.persistence "vpnscripts" $scriptsper -}}
{{- end -}}
{{- end -}}
{{- if .Values.addons.vpn.configFolder -}}
{{/* Append the vpn folder to the persistence */}}
{{- $folderper := include "tc.v1.common.addon.vpn.volume.folder" . | fromYaml -}}
{{- if $folderper -}}
{{- $_ := set .Values.persistence "vpnfolder" $folderper -}}
{{- end -}}
{{- end -}}
{{/* Ensure target Selector defaults to main pod even if unset */}}
{{- $targetSelector := list "main" -}}
{{- if $.Values.addons.codeserver.targetSelector -}}
{{- $targetSelector = $.Values.addons.codeserver.targetSelector -}}
{{- end -}}
{{/* Append the vpn container to the containers */}}
{{- range $targetSelector -}}
{{- if eq "gluetun" $.Values.addons.vpn.type -}}
{{- $container := include "tc.v1.common.addon.vpn.gluetun.container" $ | fromYaml -}}
{{- if $container -}}
{{- $workload := get $.Values.workload . -}}
{{- $_ := set $workload.podSpec.containers "vpn" $container -}}
{{- end -}}
{{- else if eq "tailscale" $.Values.addons.vpn.type -}}
{{/* FIXME: https://github.com/tailscale/tailscale/issues/8188 */}}
{{- $_ := set $.Values.podOptions "automountServiceAccountToken" true -}}
{{- $container := include "tc.v1.common.addon.vpn.tailscale.container" $ | fromYaml -}}
{{- if $container -}}
{{- $workload := get $.Values.workload . -}}
{{- $_ := set $workload.podSpec.containers "tailscale" $container -}}
{{- end -}}
{{- else if eq "openvpn" $.Values.addons.vpn.type -}}
{{- $container := include "tc.v1.common.addon.vpn.openvpn.container" $ | fromYaml -}}
{{- if $container -}}
{{- $workload := get $.Values.workload . -}}
{{- $_ := set $workload.podSpec.containers "vpn" $container -}}
{{- end -}}
{{- else if eq "wireguard" $.Values.addons.vpn.type -}}
{{- $container := include "tc.v1.common.addon.vpn.wireguard.container" $ | fromYaml -}}
{{- if $container -}}
{{- $workload := get $.Values.workload . -}}
{{- $_ := set $workload.podSpec.containers "vpn" $container -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if eq "tailscale" $.Values.addons.vpn.type -}}
{{/* Append the empty tailscale folder to the persistence */}}
{{- $tailscaledir := include "tc.v1.common.addon.vpn.volume.tailscale" . | fromYaml -}}
{{- if $tailscaledir -}}
{{- $_ := set .Values.persistence "tailscalestate" $tailscaledir -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

66
helm-charts/dashy/charts/common/templates/addons/vpn/_wireguardContainer.tpl Normal file
View File

@@ -0,0 +1,66 @@
{{/*
The gluetun sidecar container to be inserted.
*/}}
{{- define "tc.v1.common.addon.vpn.wireguard.container" -}}
enabled: true
imageSelector: wireguardImage
probes:
{{- if $.Values.addons.vpn.livenessProbe }}
liveness:
{{- toYaml . | nindent 2 }}
{{- else }}
liveness:
enabled: false
{{- end }}
readiness:
enabled: false
startup:
enabled: false
securityContext:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: false
allowPrivilegeEscalation: true
capabilities:
add:
- AUDIT_WRITE
- NET_ADMIN
- SETUID
- SETGID
- SYS_MODULE
env:
{{- with $.Values.addons.vpn.env }}
{{- . | toYaml | nindent 2 }}
{{- end }}
SEPARATOR: ";"
IPTABLES_BACKEND: "nft"
{{- if $.Values.addons.vpn.killSwitch }}
KILLSWITCH: "true"
{{- $excludednetworksv4 := ( printf "%v;%v" $.Values.chartContext.podCIDR $.Values.chartContext.svcCIDR ) -}}
{{- range $.Values.addons.vpn.excludedNetworks_IPv4 -}}
{{- $excludednetworksv4 = ( printf "%v;%v" $excludednetworksv4 . ) -}}
{{- end }}
KILLSWITCH_EXCLUDEDNETWORKS_IPV4: {{ $excludednetworksv4 | quote }}
{{- if $.Values.addons.vpn.excludedNetworks_IPv6 -}}
{{- $excludednetworksv6 := "" -}}
{{- range $.Values.addons.vpn.excludedNetworks_IPv4 -}}
{{- $excludednetworksv6 = ( printf "%v;%v" $excludednetworksv6 . ) -}}
{{- end }}
KILLSWITCH_EXCLUDEDNETWORKS_IPV6: {{ $.Values.addons.vpn.excludedNetworks_IPv6 | quote }}
{{- end -}}
{{- end -}}
{{- range $envList := $.Values.addons.vpn.envList -}}
{{- if and $envList.name $envList.value }}
{{ $envList.name }}: {{ $envList.value | quote }}
{{- else -}}
{{- fail "Please specify name/value for VPN environment variable" -}}
{{- end -}}
{{- end -}}
{{- with $.Values.addons.vpn.args }}
args:
{{- . | toYaml | nindent 2 }}
{{- end -}}
{{- end -}}

45
helm-charts/dashy/charts/common/templates/class/_certificate.tpl Normal file
View File

@@ -0,0 +1,45 @@
{{/*
This template serves as a blueprint for all Cert-Manager Certificate objects that are created
within the common library.
*/}}
{{- define "tc.v1.common.class.certificate" -}}
{{- $root := .root -}}
{{- $name := .name -}}
{{- $hosts := .hosts -}}
{{- $certificateIssuer := .certificateIssuer -}}
{{- $certificateSecretTemplate := .secretTemplate }}
---
apiVersion: {{ include "tc.v1.common.capabilities.cert-manager.certificate.apiVersion" $ }}
kind: Certificate
metadata:
name: {{ $name }}
namespace: {{ $root.Values.namespace | default $root.Values.global.namespace | default $root.Release.Namespace }}
spec:
secretName: {{ $name }}
dnsNames:
{{- range $hosts }}
- {{ tpl . $root | quote }}
{{- end }}
privateKey:
algorithm: ECDSA
size: 256
rotationPolicy: Always
issuerRef:
name: {{ tpl $certificateIssuer $root | quote }}
kind: ClusterIssuer
group: cert-manager.io
{{- if $certificateSecretTemplate }}
secretTemplate:
{{- $labels := (mustMerge ($certificateSecretTemplate.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $root | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $root "labels" $labels) | trim) }}
labels:
{{- . | nindent 6 }}
{{- end -}}
{{- $annotations := (mustMerge ($certificateSecretTemplate.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $root | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $root "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 6 }}
{{- end -}}
{{- end -}}
{{- end -}}

83
helm-charts/dashy/charts/common/templates/class/_cnpgCluster.tpl Normal file
View File

@@ -0,0 +1,83 @@
{{- define "tc.v1.common.class.cnpg.cluster" -}}
{{- $values := .Values.cnpg -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.cnpg -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $cnpgClusterName := $values.name -}}
{{- $cnpgClusterLabels := $values.labels -}}
{{- $cnpgClusterAnnotations := $values.annotations -}}
{{- $hibernation := "off" -}}
{{- if or $values.hibernate (include "tc.v1.common.lib.util.stopAll" $) -}}
{{- $hibernation = "on" -}}
{{- end }}
---
apiVersion: {{ include "tc.v1.common.capabilities.cnpg.cluster.apiVersion" $ }}
kind: Cluster
metadata:
name: {{ $cnpgClusterName }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
{{- $labels := (mustMerge ($cnpgClusterLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) }}
labels:
cnpg.io/reload: "on"
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
{{- . | nindent 4 }}
{{- end }}
{{- $annotations := (mustMerge ($cnpgClusterAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }}
annotations:
cnpg.io/hibernation: {{ $hibernation | quote }}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
{{- . | nindent 4 }}
{{- end }}
spec:
instances: {{ $values.instances | default 2 }}
bootstrap:
initdb:
database: {{ $values.database | default "app" }}
owner: {{ $values.user | default "app" }}
secret:
name: {{ $cnpgClusterName }}-user
primaryUpdateStrategy: {{ $values.primaryUpdateStrategy | default "unsupervised" }}
storage:
pvcTemplate:
{{- with (include "tc.v1.common.lib.storage.storageClassName" ( dict "rootCtx" $ "objectData" $values.storage )) | trim }}
storageClassName: {{ . }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ tpl ($values.storage.walsize | default $.Values.fallbackDefaults.vctSize) $ | quote }}
walStorage:
pvcTemplate:
{{- with (include "tc.v1.common.lib.storage.storageClassName" ( dict "rootCtx" $ "objectData" $values.storage )) | trim }}
storageClassName: {{ . }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ tpl ($values.storage.walsize | default $.Values.fallbackDefaults.vctSize) $ | quote }}
monitoring:
enablePodMonitor: {{ $values.monitoring.enablePodMonitor | default true }}
nodeMaintenanceWindow:
inProgress: false
reusePVC: true
{{- with (include "tc.v1.common.lib.container.resources" (dict "rootCtx" $ "objectData" $values) | trim) }}
resources:
{{- . | nindent 4 }}
{{- end }}
postgresql:
{{- tpl ( $values.postgresql | toYaml ) $ | nindent 4 }}
{{- end -}}

35
helm-charts/dashy/charts/common/templates/class/_cnpgPooler.tpl Normal file
View File

@@ -0,0 +1,35 @@
{{- define "tc.v1.common.class.cnpg.pooler" -}}
{{- $values := .Values.cnpg -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.cnpg -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $cnpgClusterName := $values.name -}}
{{- $cnpgName := $values.cnpgName -}}
{{- $cnpgPoolerName := $values.poolerName -}}
{{- $cnpgClusterLabels := $values.labels -}}
{{- $cnpgClusterAnnotations := $values.annotations -}}
{{- $instances := $values.pooler.instances | default 2 -}}
{{- if or $values.hibernate (include "tc.v1.common.lib.util.stopAll" $) -}}
{{- $instances = 0 -}}
{{- end }}
---
apiVersion: {{ include "tc.v1.common.capabilities.cnpg.pooler.apiVersion" $ }}
kind: Pooler
metadata:
name: {{ printf "%v-%v" $cnpgClusterName $values.pooler.type }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
spec:
cluster:
name: {{ $cnpgClusterName }}
instances: {{ $instances }}
type: {{ $values.pooler.type }}
pgbouncer:
poolMode: session
parameters:
max_client_conn: "1000"
default_pool_size: "10"
{{- end -}}

37
helm-charts/dashy/charts/common/templates/class/_configmap.tpl Normal file
View File

@@ -0,0 +1,37 @@
{{/* Configmap Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.configmap" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the configmap.
labels: The labels of the configmap.
annotations: The annotations of the configmap.
data: The data of the configmap.
namespace: The namespace of the configmap. (Optional)
*/}}
{{- define "tc.v1.common.class.configmap" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Configmap") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
data:
{{- tpl (toYaml $objectData.data) $rootCtx | nindent 2 }}
{{/* This comment is here to add a new line */}}
{{- end -}}

52
helm-charts/dashy/charts/common/templates/class/_cronjob.tpl Normal file
View File

@@ -0,0 +1,52 @@
{{/* CronJob Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.cronjob" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the CronJob.
*/}}
{{- define "tc.v1.common.class.cronjob" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- include "tc.v1.common.lib.workload.cronjobValidation" (dict "objectData" $objectData) }}
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "CronJob") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.cronjobSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
template:
metadata:
{{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
(include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 12 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
(include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
(include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 12 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 10 }}
{{- end -}}

55
helm-charts/dashy/charts/common/templates/class/_daemonset.tpl Normal file
View File

@@ -0,0 +1,55 @@
{{/* DaemonSet Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.deployment" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the DaemonSet.
*/}}
{{- define "tc.v1.common.class.daemonset" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- include "tc.v1.common.lib.workload.daemonsetValidation" (dict "objectData" $objectData) }}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "DaemonSet") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.daemonsetSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
selector:
matchLabels:
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | trim | nindent 6 }}
template:
metadata:
{{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
(include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 8 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
(include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
(include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 8 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
{{- end -}}

55
helm-charts/dashy/charts/common/templates/class/_deployment.tpl Normal file
View File

@@ -0,0 +1,55 @@
{{/* Deployment Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.deployment" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Deployment.
*/}}
{{- define "tc.v1.common.class.deployment" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- include "tc.v1.common.lib.workload.deploymentValidation" (dict "objectData" $objectData) }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Deployment") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.deploymentSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
selector:
matchLabels:
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | trim | nindent 6 }}
template:
metadata:
{{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
(include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 8 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
(include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
(include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 8 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
{{- end -}}

33
helm-charts/dashy/charts/common/templates/class/_endpoint.tpl Normal file
View File

@@ -0,0 +1,33 @@
{{/* Endpoint Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.endpoint" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The service data, that will be used to render the Service object.
*/}}
{{- define "tc.v1.common.class.endpoint" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
---
apiVersion: v1
kind: Endpoints
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Endpoint") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
subsets:
- addresses:
{{- include "tc.v1.common.lib.endpoint.addresses" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
ports:
{{- include "tc.v1.common.lib.endpoint.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
{{- end -}}

41
helm-charts/dashy/charts/common/templates/class/_endpointSlice.tpl Normal file
View File

@@ -0,0 +1,41 @@
{{/* EndpointSlice Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.endpointSlice" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The service data, that will be used to render the Service object.
*/}}
{{- define "tc.v1.common.class.endpointSlice" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $addressType := $objectData.addressType | default "IPv4" -}}
{{- if $objectData.addressType -}}
{{- $addressType = tpl $addressType $rootCtx -}}
{{- end }}
---
apiVersion: discovery.k8s.io/v1
kind: EndpointSlice
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Endpoint Slice") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- $_ := set $labels "kubernetes.io/service-name" $objectData.name -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
addressType: {{ $addressType }}
ports:
{{- include "tc.v1.common.lib.endpointslice.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
endpoints:
{{- include "tc.v1.common.lib.endpointslice.endpoints" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
{{- end -}}

58
helm-charts/dashy/charts/common/templates/class/_horizontalPodAutoscaler.tpl Normal file
View File

@@ -0,0 +1,58 @@
{{/*
This template serves as a blueprint for horizontal pod autoscaler objects that are created
using the common library.
*/}}
{{- define "tc.v1.common.class.hpa" -}}
{{- $targetName := include "tc.v1.common.lib.chart.names.fullname" . -}}
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
{{- $hpaName := $fullName -}}
{{- $values := .Values.hpa -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.hpa -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $hpaLabels := $values.labels -}}
{{- $hpaAnnotations := $values.annotations -}}
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
{{- $hpaName = printf "%v-%v" $hpaName $values.nameOverride -}}
{{- end }}
---
apiVersion: {{ include "tc.v1.common.capabilities.hpa.apiVersion" $ }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ $hpaName }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
{{- $labels := (mustMerge ($hpaLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($hpaAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end -}}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: {{ $values.targetKind | default ( include "tc.v1.common.names.controllerType" . ) }}
name: {{ $values.target | default $targetName }}
minReplicas: {{ $values.minReplicas | default 1 }}
maxReplicas: {{ $values.maxReplicas | default 3 }}
metrics:
{{- if $values.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ $values.targetCPUUtilizationPercentage }}
{{- end -}}
{{- if $values.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ $values.targetMemoryUtilizationPercentage }}
{{- end -}}
{{- end -}}

157
helm-charts/dashy/charts/common/templates/class/_ingress.tpl Normal file
View File

@@ -0,0 +1,157 @@
{{/*
This template serves as a blueprint for all Ingress objects that are created
within the common library.
*/}}
{{- define "tc.v1.common.class.ingress" -}}
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
{{- $ingressName := $fullName -}}
{{- $values := .Values.ingress -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.ingress -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $ingressLabels := $values.labels -}}
{{- $ingressAnnotations := $values.annotations -}}
{{- $ingressName = $values.name -}}
{{/* Get the name of the primary service, if any */}}
{{- $primaryServiceName := (include "tc.v1.common.lib.util.service.primary" (dict "services" .Values.service "root" .)) -}}
{{/* Get service values of the primary service, if any */}}
{{- $primaryService := get .Values.service $primaryServiceName -}}
{{- $defaultServiceName := $fullName -}}
{{- if and (hasKey $primaryService "nameOverride") $primaryService.nameOverride -}}
{{- $defaultServiceName = printf "%v-%v" $defaultServiceName $primaryService.nameOverride -}}
{{- end -}}
{{- $defaultServicePort := get $primaryService.ports (include "tc.v1.common.lib.util.service.ports.primary" (dict "svcValues" $primaryService "svcName" $primaryServiceName )) -}}
{{- $mddwrNamespace := "tc-system" -}}
{{- if $.Values.operator.traefik -}}
{{- if $.Values.operator.traefik.namespace -}}
{{- $mddwrNamespace = $.Values.operator.traefik.namespace -}}
{{- end -}}
{{- end -}}
{{- if $values.ingressClassName -}}
{{- if $.Values.global.ixChartContext -}}
{{- $mddwrNamespace = (printf "ix-%s" $values.ingressClassName) -}}
{{- else -}}
{{- $mddwrNamespace = $values.ingressClassName -}}
{{- end -}}
{{- end -}}
{{- $fixedMiddlewares := "" -}}
{{- if $values.enableFixedMiddlewares -}}
{{/* If cors is enabled, replace the default fixedMiddleware with the opencors chain */}}
{{- if $values.allowCors -}}
{{- $corsMiddlewares := list "tc-opencors-chain" }}
{{- $_ := set $values "fixedMiddlewares" $corsMiddlewares -}}
{{- end -}}
{{- range $index, $fixedMiddleware := $values.fixedMiddlewares -}}
{{- if $index -}}
{{- $fixedMiddlewares = ( printf "%v, %v-%v@%v" $fixedMiddlewares $mddwrNamespace $fixedMiddleware "kubernetescrd" ) -}}
{{- else -}}
{{- $fixedMiddlewares = ( printf "%v-%v@%v" $mddwrNamespace $fixedMiddleware "kubernetescrd" ) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $middlewares := "" -}}
{{- range $index, $middleware := $values.middlewares -}}
{{- if $index -}}
{{- $middlewares = ( printf "%v, %v-%v@%v" $middlewares $mddwrNamespace $middleware "kubernetescrd" ) -}}
{{- else -}}
{{- $middlewares = ( printf "%v-%v@%v" $mddwrNamespace $middleware "kubernetescrd" ) -}}
{{- end -}}
{{ end }}
{{- if and ( $fixedMiddlewares ) ( $middlewares ) -}}
{{- $middlewares = ( printf "%v, %v" $fixedMiddlewares $middlewares ) -}}
{{- else if $fixedMiddlewares -}}
{{- $middlewares = ( printf "%s" $fixedMiddlewares ) -}}
{{- end }}
---
apiVersion: {{ include "tc.v1.common.capabilities.ingress.apiVersion" $ }}
kind: Ingress
metadata:
name: {{ $ingressName }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
{{- $labels := (mustMerge ($ingressLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($ingressAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }}
annotations:
{{- with $values.certificateIssuer }}
cert-manager.io/cluster-issuer: {{ tpl ( toYaml . ) $ }}
cert-manager.io/private-key-rotation-policy: Always
{{- end }}
"traefik.ingress.kubernetes.io/router.entrypoints": {{ $values.entrypoint | default "websecure" }}
"traefik.ingress.kubernetes.io/router.middlewares": {{ $middlewares | quote }}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
{{- . | nindent 4 }}
{{- end }}
spec:
{{- if $values.ingressClassName }}
ingressClassName: {{ $values.ingressClassName }}
{{- end -}}
{{- if $values.certificateIssuer }}
tls:
{{- range $index, $hostsValues := $values.hosts }}
- hosts:
- {{ tpl $hostsValues.host $ | quote }}
secretName: {{ ( printf "%v-%v-%v" $ingressName "tls" $index ) }}
{{- end -}}
{{- else if $values.tls }}
tls:
{{- range $index, $tlsValues := $values.tls }}
{{- $tlsName := ( printf "%v-%v" "tls" $index ) }}
- hosts:
{{- range $tlsValues.hosts }}
- {{ tpl . $ | quote }}
{{- end -}}
{{- if $tlsValues.certificateIssuer }}
secretName: {{ printf "%v-%v" $ingressName $tlsName }}
{{- else if and ($tlsValues.scaleCert) ($.Values.global.ixChartContext) -}}
{{- $cert := dict }}
{{- $_ := set $cert "id" $tlsValues.scaleCert }}
{{- $_ := set $cert "nameOverride" $tlsName }}
secretName: {{ printf "%s-tls-%v" (include "tc.v1.common.lib.chart.names.fullname" $) $index }}
{{- else if .clusterCertificate }}
secretName: clusterissuer-templated-{{ tpl .clusterCertificate $ }}
{{- else if .secretName }}
secretName: {{ tpl .secretName $ | quote }}
{{- end -}}
{{- end -}}
{{- end }}
rules:
{{- range $values.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths -}}
{{- $service := $defaultServiceName -}}
{{- $port := $defaultServicePort.port -}}
{{- if .service -}}
{{- $service = default $service .service.name -}}
{{- $port = default $port .service.port -}}
{{- end }}
- path: {{ tpl .path $ | quote }}
pathType: {{ default "Prefix" .pathType }}
backend:
service:
name: {{ $service }}
port:
number: {{ $port }}
{{- end -}}
{{- end -}}
{{- end -}}

52
helm-charts/dashy/charts/common/templates/class/_job.tpl Normal file
View File

@@ -0,0 +1,52 @@
{{/* Job Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.job" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Job.
*/}}
{{- define "tc.v1.common.class.job" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- include "tc.v1.common.lib.workload.jobValidation" (dict "objectData" $objectData) }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Job") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.jobSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
template:
metadata:
{{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
(include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 8 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
(include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
(include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 8 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
{{- end -}}

38
helm-charts/dashy/charts/common/templates/class/_mutatingWebhookConfiguration.tpl Normal file
View File

@@ -0,0 +1,38 @@
{{/* MutatingWebhookConfiguration Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.mutatingWebhookConfiguration" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the MutatingWebhookConfiguration.
labels: The labels of the MutatingWebhookConfiguration.
annotations: The annotations of the MutatingWebhookConfiguration.
data: The data of the MutatingWebhookConfiguration.
namespace: The namespace of the MutatingWebhookConfiguration. (Optional)
*/}}
{{- define "tc.v1.common.class.mutatingWebhookConfiguration" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Webhook") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
webhooks:
{{- range $webhook := $objectData.webhooks -}}
{{- include "tc.v1.common.lib.webhook" (dict "webhook" $webhook "rootCtx" $rootCtx) | trim | nindent 4 }}
{{- end -}}
{{- end -}}

35
helm-charts/dashy/charts/common/templates/class/_networkAttachmentDefinition.tpl Normal file
View File

@@ -0,0 +1,35 @@
{{/* Network Attachment Definition Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.networkAttachmentDefinition" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the Network Attachment Definition.
labels: The labels of the Network Attachment Definition.
annotations: The annotations of the Network Attachment Definition.
config: The config of the interface
*/}}
{{- define "tc.v1.common.class.networkAttachmentDefinition" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
---
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Network Attachment Definition") }}
{{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml) | default dict -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml) | default dict -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
config: {{ $objectData.config | squote }}
{{- end -}}

185
helm-charts/dashy/charts/common/templates/class/_networkPolicy.tpl Normal file
View File

@@ -0,0 +1,185 @@
{{/*
Blueprint for the NetworkPolicy object
*/}}
{{- define "tc.v1.common.class.networkpolicy" -}}
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
{{- $networkPolicyName := $fullName -}}
{{- $values := .Values.networkPolicy -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.networkPolicy -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $networkpolicyLabels := $values.labels -}}
{{- $networkpolicyAnnotations := $values.annotations -}}
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
{{- $networkPolicyName = printf "%v-%v" $networkPolicyName $values.nameOverride -}}
{{- end }}
---
kind: NetworkPolicy
apiVersion: {{ include "tc.v1.common.capabilities.networkpolicy.apiVersion" $ }}
metadata:
name: {{ $networkPolicyName }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
{{- $labels := (mustMerge ($networkpolicyLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($networkpolicyAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
podSelector:
{{- if $values.podSelector }}
{{- tpl (toYaml $values.podSelector) $ | nindent 4 }}
{{- else if $values.targetSelector }}
{{- $objectData := dict "targetSelector" $values.targetSelector }}
{{- $selectedPod := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $ "objectData" $objectData)) }}
{{- $selectedPodName := $selectedPod.shortName }}
matchLabels:
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "pod" "objectName" $selectedPodName) | indent 8 }}
{{- else }}
matchLabels:
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "" "objectName" "") | indent 8 }}
{{- end }}
{{- if $values.policyType }}
{{- if eq $values.policyType "ingress" }}
policyTypes: ["Ingress"]
{{- else if eq $values.policyType "egress" }}
policyTypes: ["Egress"]
{{- else if eq $values.policyType "ingress-egress" }}
policyTypes: ["Ingress", "Egress"]
{{- end -}}
{{- end -}}
{{- if $values.egress }}
egress:
{{- range $values.egress }}
- to:
{{- range .to -}}
{{- $nss := false -}}
{{- $ipb := false -}}
{{- if .ipBlock -}}
{{- if .ipBlock.cidr -}}
{{- $ipb = true }}
- ipBlock:
cidr: {{ .ipBlock.cidr }}
{{- if .ipBlock.except }}
except:
{{- range .ipBlock.except }}
- {{ . }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if and ( .namespaceSelector ) ( not $ipb ) -}}
{{- if or ( .namespaceSelector.matchLabels ) ( .namespaceSelector.matchExpressions ) -}}
{{- $nss = true }}
- namespaceSelector:
{{- if .namespaceSelector.matchLabels }}
matchLabels:
{{- .namespaceSelector.matchLabels | toYaml | nindent 12 }}
{{- end -}}
{{- if .namespaceSelector.matchExpressions }}
matchExpressions:
{{- .namespaceSelector.matchExpressions | toYaml | nindent 12 }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if and ( .podSelector ) ( not $ipb ) -}}
{{- if or ( .podSelector.matchLabels ) ( .podSelector.matchExpressions ) -}}
{{- if $nss }}
podSelector:
{{- else }}
- podSelector:
{{- end -}}
{{- if .podSelector.matchLabels }}
matchLabels:
{{- .podSelector.matchLabels | toYaml | nindent 12 }}
{{- end -}}
{{- if .podSelector.matchExpressions }}
matchExpressions:
{{- .podSelector.matchExpressions | toYaml | nindent 12 }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- with .ports }}
ports:
{{- . | toYaml | nindent 6 }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $values.ingress }}
ingress:
{{- range $values.ingress }}
- from:
{{- range .from -}}
{{- $nss := false -}}
{{- $ipb := false -}}
{{- if .ipBlock -}}
{{- if .ipBlock.cidr -}}
{{- $ipb = true }}
- ipBlock:
cidr: {{ .ipBlock.cidr }}
{{- if .ipBlock.except }}
except:
{{- range .ipBlock.except }}
- {{ . }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if and ( .namespaceSelector ) ( not $ipb ) -}}
{{- if or ( .namespaceSelector.matchLabels ) ( .namespaceSelector.matchExpressions ) -}}
{{- $nss = true }}
- namespaceSelector:
{{- if .namespaceSelector.matchLabels }}
matchLabels:
{{- .namespaceSelector.matchLabels | toYaml | nindent 12 }}
{{- end -}}
{{- if .namespaceSelector.matchExpressions }}
matchExpressions:
{{- .namespaceSelector.matchExpressions | toYaml | nindent 12 }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if and ( .podSelector ) ( not $ipb ) -}}
{{- if or ( .podSelector.matchLabels ) ( .podSelector.matchExpressions ) -}}
{{- if $nss }}
podSelector:
{{- else }}
- podSelector:
{{- end }}
{{- if .podSelector.matchLabels }}
matchLabels:
{{- .podSelector.matchLabels | toYaml | nindent 12 }}
{{- end -}}
{{- if .podSelector.matchExpressions }}
matchExpressions:
{{- .podSelector.matchExpressions | toYaml | nindent 12 }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- with .ports }}
ports:
{{- . | toYaml | nindent 6 }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

54
helm-charts/dashy/charts/common/templates/class/_podDisruptionBudget.tpl Normal file
View File

@@ -0,0 +1,54 @@
{{/* poddisruptionbudget Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.podDisruptionBudget" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the podDisruptionBudget.
labels: The labels of the podDisruptionBudget.
annotations: The annotations of the podDisruptionBudget.
data: The data of the podDisruptionBudget.
namespace: The namespace of the podDisruptionBudget. (Optional)
*/}}
{{- define "tc.v1.common.class.podDisruptionBudget" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Pod Disruption Budget") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
data:
selector:
matchLabels:
{{- if $objectData.customLabels -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $objectData.customLabels) | trim) }}
{{- . | nindent 6 }}
{{- end -}}
{{- else -}}
{{- $selectedPod := fromJson (include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Pod Disruption Budget")) }}
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $selectedPod.shortName) | nindent 6 }}
{{- end -}}
{{- if hasKey $objectData "minAvailable" }}
minAvailable: {{ tpl (toString $objectData.minAvailable) $rootCtx }}
{{- end -}}
{{- if hasKey $objectData "maxUnavailable" }}
maxUnavailable: {{ tpl (toString $objectData.maxUnavailable) $rootCtx }}
{{- end -}}
{{- with $objectData.unhealthyPodEvictionPolicy }}
unhealthyPodEvictionPolicy: {{ tpl . $rootCtx }}
{{- end -}}
{{- end -}}

47
helm-charts/dashy/charts/common/templates/class/_podMonitor.tpl Normal file
View File

@@ -0,0 +1,47 @@
{{- define "tc.v1.common.class.podmonitor" -}}
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
{{- $podmonitorName := $fullName -}}
{{- $values := .Values.podmonitor -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.metrics -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $podmonitorLabels := $values.labels -}}
{{- $podmonitorAnnotations := $values.annotations -}}
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
{{- $podmonitorName = printf "%v-%v" $podmonitorName $values.nameOverride -}}
{{- end }}
---
apiVersion: {{ include "tc.v1.common.capabilities.podmonitor.apiVersion" $ }}
kind: PodMonitor
metadata:
name: {{ $podmonitorName }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
{{- $labels := (mustMerge ($podmonitorLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end }}
{{- $annotations := (mustMerge ($podmonitorAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
jobLabel: app.kubernetes.io/name
selector:
{{- if $values.selector }}
{{- tpl (toYaml $values.selector) $ | nindent 4 }}
{{- else }}
{{- $objectData := dict "targetSelector" $values.targetSelector }}
{{- $selectedPod := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $ "objectData" $objectData)) }}
{{- $selectedPodName := $selectedPod.shortName }}
matchLabels:
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "pod" "objectName" $selectedPodName) | indent 6 }}
{{- end }}
podMetricsEndpoints:
{{- tpl (toYaml $values.endpoints) $ | nindent 4 }}
{{- end -}}

55
helm-charts/dashy/charts/common/templates/class/_prometheusRule.tpl Normal file
View File

@@ -0,0 +1,55 @@
{{- define "tc.v1.common.class.prometheusrule" -}}
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
{{- $prometheusruleName := $fullName -}}
{{- $values := .Values.prometheusrule -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.metrics -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $prometheusruleLabels := $values.labels -}}
{{- $prometheusruleAnnotations := $values.annotations -}}
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
{{- $prometheusruleName = printf "%v-%v" $prometheusruleName $values.nameOverride -}}
{{- end }}
---
apiVersion: {{ include "tc.v1.common.capabilities.prometheusrule.apiVersion" $ }}
kind: PrometheusRule
metadata:
name: {{ $prometheusruleName }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
{{- $labels := (mustMerge ($prometheusruleLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end }}
{{- $annotations := (mustMerge ($prometheusruleAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
groups:
{{- range $name, $groupValues := .groups }}
- name: {{ $prometheusruleName }}-{{ $name }}
rules:
{{- with $groupValues.rules }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $groupValues.additionalrules }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- range $id, $groupValues := .additionalgroups }}
- name: {{ $prometheusruleName }}-{{ if $groupValues.name }}{{ $groupValues.name }}{{ else }}{{ $id }}{{ end }}
rules:
{{- with $groupValues.rules }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $groupValues.additionalrules }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end -}}

57
helm-charts/dashy/charts/common/templates/class/_pvc.tpl Normal file
View File

@@ -0,0 +1,57 @@
{{/* PVC Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.pvc" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the PVC.
labels: The labels of the PVC.
annotations: The annotations of the PVC.
*/}}
{{- define "tc.v1.common.class.pvc" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $pvcRetain := $rootCtx.Values.fallbackDefaults.pvcRetain -}}
{{- if (kindIs "bool" $objectData.retain) -}}
{{- $pvcRetain = $objectData.retain -}}
{{- end -}}
{{- $pvcSize := $rootCtx.Values.fallbackDefaults.pvcSize -}}
{{- with $objectData.size -}}
{{- $pvcSize = tpl . $rootCtx -}}
{{- end }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Persistent Volume Claim") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- if $pvcRetain -}}
{{- $_ := set $annotations "\"helm.sh/resource-policy\"" "keep" -}}
{{- end -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
accessModes:
{{- include "tc.v1.common.lib.pvc.accessModes" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "PVC") | trim | nindent 4 }}
resources:
requests:
storage: {{ $pvcSize }}
{{- with $objectData.volumeName }}
volumeName: {{ tpl . $rootCtx }}
{{- end -}}
{{- with (include "tc.v1.common.lib.storage.storageClassName" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "PVC") | trim) }}
storageClassName: {{ . }}
{{- end -}}
{{- end -}}

64
helm-charts/dashy/charts/common/templates/class/_rbac.tpl Normal file
View File

@@ -0,0 +1,64 @@
{{/* RBAC Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.rbac" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the rbac.
labels: The labels of the rbac.
annotations: The annotations of the rbac.
clusterWide: Whether the rbac is cluster wide or not.
rules: The rules of the rbac.
subjects: The subjects of the rbac.
*/}}
{{- define "tc.v1.common.class.rbac" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ ternary "ClusterRole" "Role" $objectData.clusterWide }}
metadata:
name: {{ $objectData.name }}
{{- if not $objectData.clusterWide }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "RBAC") }}
{{- end }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
rules:
{{- include "tc.v1.common.lib.rbac.rules" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ ternary "ClusterRoleBinding" "RoleBinding" $objectData.clusterWide }}
metadata:
name: {{ $objectData.name }}
{{- if not $objectData.clusterWide }}
namespace: {{ $rootCtx.Release.Namespace }}
{{- end }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: {{ ternary "ClusterRole" "Role" $objectData.clusterWide }}
name: {{ $objectData.name }}
subjects:
{{- include "tc.v1.common.lib.rbac.serviceAccount" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
{{- include "tc.v1.common.lib.rbac.subjects" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
{{- end -}}

87
helm-charts/dashy/charts/common/templates/class/_route.tpl Normal file
View File

@@ -0,0 +1,87 @@
{{/*
This template serves as a blueprint for all Route objects that are created
within the common library.
*/}}
{{- define "tc.v1.common.class.route" -}}
{{- $values := .Values.route -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.route -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $routeLabels := $values.labels -}}
{{- $routeAnnotations := $values.annotations -}}
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
{{- $fullName = printf "%v-%v" $fullName $values.nameOverride -}}
{{- end -}}
{{- $routeKind := $values.kind | default "HTTPRoute" -}}
{{/* Get the name of the primary service, if any */}}
{{- $primaryServiceName := (include "tc.v1.common.lib.util.service.primary" (dict "services" .Values.service "root" .)) -}}
{{/* Get service values of the primary service, if any */}}
{{- $primaryService := get .Values.service $primaryServiceName -}}
{{- $defaultServiceName := $fullName -}}
{{- if and (hasKey $primaryService "nameOverride") $primaryService.nameOverride -}}
{{- $defaultServiceName = printf "%v-%v" $defaultServiceName $primaryService.nameOverride -}}
{{- end -}}
{{- $defaultServicePort := get $primaryService.ports (include "tc.v1.common.lib.util.service.ports.primary" (dict "svcValues" $primaryService "svcName" $primaryServiceName )) }}
---
apiVersion: gateway.networking.k8s.io/v1alpha2
{{- if and (ne $routeKind "GRPCRoute") (ne $routeKind "HTTPRoute") (ne $routeKind "TCPRoute") (ne $routeKind "TLSRoute") (ne $routeKind "UDPRoute") -}}
{{- fail (printf "Not a valid route kind (%s)" $routeKind) -}}
{{- end }}
kind: {{ $routeKind }}
metadata:
name: {{ $fullName }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
{{- $labels := (mustMerge ($routeLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($routeAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }}
annotations:
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
{{- . | nindent 4 }}
{{- end }}
spec:
parentRefs:
{{- range $values.parentRefs }}
- group: {{ default "gateway.networking.k8s.io" .group }}
kind: {{ default "Gateway" .kind }}
name: {{ required (printf "parentRef name is required for %v %v" $routeKind $fullName) .name }}
namespace: {{ required (printf "parentRef namespace is required for %v %v" $routeKind $fullName) .namespace }}
{{- if .sectionName }}
sectionName: {{ .sectionName | quote }}
{{- end }}
{{- end }}
{{- if and (ne $routeKind "TCPRoute") (ne $routeKind "UDPRoute") $values.hostnames }}
hostnames:
{{- with $values.hostnames }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
rules:
{{- range $values.rules }}
- backendRefs:
{{- range .backendRefs }}
- group: {{ default "" .group | quote}}
kind: {{ default "Service" .kind }}
name: {{ default $defaultServiceName .name }}
namespace: {{ default $.Release.Namespace .namespace }}
port: {{ default $defaultServicePort.port .port }}
weight: {{ default 1 .weight }}
{{- end }}
{{- if (eq $routeKind "HTTPRoute") }}
{{- with .matches }}
matches:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

58
helm-charts/dashy/charts/common/templates/class/_secret.tpl Normal file
View File

@@ -0,0 +1,58 @@
{{/* Secret Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.secret" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the secret.
labels: The labels of the secret.
annotations: The annotations of the secret.
type: The type of the secret.
data: The data of the secret.
namespace: The namespace of the secret. (Optional)
*/}}
{{- define "tc.v1.common.class.secret" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $secretType := "Opaque" -}}
{{- if eq $objectData.type "certificate" -}}
{{- $secretType = "kubernetes.io/tls" -}}
{{- else if eq $objectData.type "imagePullSecret" -}}
{{- $secretType = "kubernetes.io/dockerconfigjson" -}}
{{- else if $objectData.type -}}
{{- $secretType = $objectData.type -}}
{{- end }}
---
apiVersion: v1
kind: Secret
type: {{ $secretType }}
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Secret") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end -}}
{{- if (mustHas $objectData.type (list "certificate" "imagePullSecret")) }}
data:
{{- if eq $objectData.type "certificate" }}
tls.crt: {{ $objectData.data.certificate | trim | b64enc }}
tls.key: {{ $objectData.data.privatekey | trim | b64enc }}
{{- else if eq $objectData.type "imagePullSecret" }}
.dockerconfigjson: {{ $objectData.data | trim | b64enc }}
{{- end -}}
{{- else }}
stringData:
{{- tpl (toYaml $objectData.data) $rootCtx | nindent 2 }}
{{/* This comment is here to add a new line */}}
{{- end -}}
{{- end -}}

115
helm-charts/dashy/charts/common/templates/class/_service.tpl Normal file
View File

@@ -0,0 +1,115 @@
{{/* Service Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.service" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The service data, that will be used to render the Service object.
*/}}
{{- define "tc.v1.common.class.service" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $svcType := $objectData.type | default $rootCtx.Values.fallbackDefaults.serviceType -}}
{{/* Init variables */}}
{{- $hasHTTPSPort := false -}}
{{- $hasHostPort := false -}}
{{- $hostNetwork := false -}}
{{- $podValues := dict -}}
{{- range $portName, $port := $objectData.ports -}}
{{- if $port.enabled -}}
{{- if eq (tpl ($port.protocol | default "") $rootCtx) "https" -}}
{{- $hasHTTPSPort = true -}}
{{- end -}}
{{- if and (hasKey $port "hostPort") $port.hostPort -}}
{{- $hasHostPort = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $specialTypes := (list "ExternalName" "ExternalIP") -}}
{{/* External Name / External IP does not rely on any pod values */}}
{{- if not (mustHas $svcType $specialTypes) -}}
{{/* Get Pod Values based on the selector (or the absence of it) */}}
{{- $podValues = fromJson (include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service")) -}}
{{- if $podValues -}}
{{/* Get Pod hostNetwork configuration */}}
{{- $hostNetwork = include "tc.v1.common.lib.pod.hostNetwork" (dict "rootCtx" $rootCtx "objectData" $podValues) -}}
{{/* When hostNetwork is set on the pod, force ClusterIP, so services wont try to bind the same ports on the host */}}
{{- if or (and (kindIs "bool" $hostNetwork) $hostNetwork) (and (kindIs "string" $hostNetwork) (eq $hostNetwork "true")) -}}
{{- $svcType = "ClusterIP" -}}
{{- end -}}
{{- end -}}
{{/* When hostPort is defined, force ClusterIP aswell */}}
{{- if $hasHostPort -}}
{{- $svcType = "ClusterIP" -}}
{{- end -}}
{{- end -}}
{{- $_ := set $objectData "type" $svcType }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "service" "objectName" $objectData.shortName) | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- if eq $objectData.type "LoadBalancer" -}}
{{- include "tc.v1.common.lib.service.metalLBAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData "annotations" $annotations) -}}
{{- end -}}
{{- if $hasHTTPSPort -}}
{{- include "tc.v1.common.lib.service.traefikAnnotations" (dict "rootCtx" $rootCtx "annotations" $annotations) -}}
{{- end -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
{{- if eq $objectData.type "ClusterIP" -}}
{{- include "tc.v1.common.lib.service.spec.clusterIP" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
{{- else if eq $objectData.type "LoadBalancer" -}}
{{- include "tc.v1.common.lib.service.spec.loadBalancer" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
{{- else if eq $objectData.type "NodePort" -}}
{{- include "tc.v1.common.lib.service.spec.nodePort" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
{{- else if eq $objectData.type "ExternalName" -}}
{{- include "tc.v1.common.lib.service.spec.externalName" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
{{- else if eq $objectData.type "ExternalIP" -}}
{{- include "tc.v1.common.lib.service.spec.externalIP" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
{{- end -}}
{{- with (include "tc.v1.common.lib.service.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
ports:
{{- . | nindent 4 }}
{{- end -}}
{{- if not (mustHas $objectData.type $specialTypes) }}
selector:
{{- if $objectData.selectorLabels }}
{{- tpl ( toYaml $objectData.selectorLabels) $rootCtx | nindent 4 }}
{{- else }}
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $podValues.shortName) | trim | nindent 4 -}}
{{- end }}
{{- end -}}
{{- if eq $objectData.type "ExternalIP" -}}
{{- $useSlice := true -}}
{{- if kindIs "bool" $objectData.useSlice -}}
{{- $useSlice = $objectData.useSlice -}}
{{- end -}}
{{- if $useSlice -}}
{{- include "tc.v1.common.class.endpointSlice" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }}
{{- else -}}
{{- include "tc.v1.common.class.endpoint" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }}
{{- end -}}
{{- end -}}
{{- end -}}

34
helm-charts/dashy/charts/common/templates/class/_serviceAccount.tpl Normal file
View File

@@ -0,0 +1,34 @@
{{/* Service Account Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.serviceAccount" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the serviceAccount.
labels: The labels of the serviceAccount.
annotations: The annotations of the serviceAccount.
autoMountToken: Whether to mount the ServiceAccount token or not.
*/}}
{{- define "tc.v1.common.class.serviceAccount" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service Account") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ $objectData.automountServiceAccountToken | default false }}
{{- end -}}

47
helm-charts/dashy/charts/common/templates/class/_serviceMonitor.tpl Normal file
View File

@@ -0,0 +1,47 @@
{{- define "tc.v1.common.class.servicemonitor" -}}
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
{{- $servicemonitorName := $fullName -}}
{{- $values := .Values.servicemonitor -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.metrics -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $servicemonitorLabels := $values.labels -}}
{{- $servicemonitorAnnotations := $values.annotations -}}
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
{{- $servicemonitorName = printf "%v-%v" $servicemonitorName $values.nameOverride -}}
{{- end }}
---
apiVersion: {{ include "tc.v1.common.capabilities.servicemonitor.apiVersion" $ }}
kind: ServiceMonitor
metadata:
name: {{ $servicemonitorName }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
{{- $labels := (mustMerge ($servicemonitorLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end }}
{{- $annotations := (mustMerge ($servicemonitorAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
jobLabel: app.kubernetes.io/name
selector:
{{- if $values.selector }}
{{- tpl (toYaml $values.selector) $ | nindent 4 }}
{{- else }}
{{- $objectData := dict "targetSelector" $values.targetSelector }}
{{- $selectedService := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedServiceValues" (dict "rootCtx" $ "objectData" $objectData)) }}
{{- $selectedServiceName := $selectedService.shortName }}
matchLabels:
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "service" "objectName" $selectedServiceName) | indent 6 }}
{{- end }}
endpoints:
{{- tpl (toYaml $values.endpoints) $ | nindent 4 }}
{{- end -}}

59
helm-charts/dashy/charts/common/templates/class/_statefulset.tpl Normal file
View File

@@ -0,0 +1,59 @@
{{/* StatefulSet Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.deployment" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the StatefulSet.
*/}}
{{- define "tc.v1.common.class.statefulset" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- include "tc.v1.common.lib.workload.statefulsetValidation" (dict "objectData" $objectData) }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "StatefulSet") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.statefulsetSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
selector:
matchLabels:
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | trim | nindent 6 }}
template:
metadata:
{{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
(include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 8 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
(include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
(include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 8 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
{{- with (include "tc.v1.common.lib.storage.volumeClaimTemplates" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
volumeClaimTemplates:
{{- . | nindent 4 }}
{{- end }}
{{- end -}}

38
helm-charts/dashy/charts/common/templates/class/_validatingWebhookConfiguration.tpl Normal file
View File

@@ -0,0 +1,38 @@
{{/* ValidatingWebhookconfiguration Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.validatingWebhookconfiguration" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the validatingWebhookconfiguration.
labels: The labels of the validatingWebhookconfiguration.
annotations: The annotations of the validatingWebhookconfiguration.
data: The data of the validatingWebhookconfiguration.
namespace: The namespace of the validatingWebhookconfiguration. (Optional)
*/}}
{{- define "tc.v1.common.class.validatingWebhookconfiguration" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Webhook") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
webhooks:
{{- range $webhook := $objectData.webhooks -}}
{{- include "tc.v1.common.lib.webhook" (dict "webhook" $webhook "rootCtx" $rootCtx) | trim | nindent 4 }}
{{- end -}}
{{- end -}}

23
helm-charts/dashy/charts/common/templates/helpers/_envDupeCheck.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/* Check Env for Duplicates */}}
{{/* Call this template:
{{ include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $ "objectData" $objectData "source" $source "key" $key) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.helper.container.envDupeCheck" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $source := .source -}}
{{- $type := .type -}}
{{- $key := .key -}}
{{- $dupeEnv := (get $objectData.envDupe $key) -}}
{{- if $dupeEnv -}}
{{- fail (printf "Container - Environment Variable [%s] in [%s] tried to override the Environment Variable that is already defined in [%s]" $key $source $dupeEnv.source) -}}
{{- end -}}
{{- $_ := set $objectData.envDupe $key (dict "source" $source) -}}
{{- end -}}

59
helm-charts/dashy/charts/common/templates/helpers/_getPortRange.tpl Normal file
View File

@@ -0,0 +1,59 @@
{{/* Returns Lowest and Highest ports assigned to the any container in the pod */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.helpers.securityContext.getPortRange" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.helpers.securityContext.getPortRange" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{ $portRange := (dict "high" 0 "low" 0) }}
{{- range $name, $service := $rootCtx.Values.service -}}
{{- $selected := false -}}
{{/* If service is enabled... */}}
{{- if $service.enabled -}}
{{/* If there is a selector */}}
{{- if $service.targetSelector -}}
{{/* And pod is selected */}}
{{- if eq $service.targetSelector $objectData.shortName -}}
{{- $selected = true -}}
{{- end -}}
{{- else -}}
{{/* If no selector is defined but pod is primary */}}
{{- if $objectData.primary -}}
{{- $selected = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $selected -}}
{{- range $name, $portValues := $service.ports -}}
{{- if $portValues.enabled -}}
{{- $portToCheck := ($portValues.targetPort | default $portValues.port) -}}
{{- if kindIs "string" $portToCheck -}}
{{- $portToCheck = (tpl $portToCheck $rootCtx) | int -}}
{{- end -}}
{{- if or (not $portRange.low) (lt ($portToCheck | int) ($portRange.low | int)) -}}
{{- $_ := set $portRange "low" $portToCheck -}}
{{- end -}}
{{- if or (not $portRange.high) (gt ($portToCheck | int) ($portRange.high | int)) -}}
{{- $_ := set $portRange "high" $portToCheck -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $portRange | toJson -}}
{{- end -}}

47
helm-charts/dashy/charts/common/templates/helpers/_getSelectedPod.tpl Normal file
View File

@@ -0,0 +1,47 @@
{{/* Service - Get Selected Pod */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
objectData: The object data of the service
rootCtx: The root context of the chart.
*/}}
{{- define "tc.v1.common.lib.helpers.getSelectedPodValues" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $caller := .caller -}}
{{- $podValues := dict -}}
{{- with $objectData.targetSelector -}}
{{- $podValues = mustDeepCopy (get $rootCtx.Values.workload .) -}}
{{- if not $podValues -}}
{{- fail (printf "%s - Selected pod [%s] is not defined" $caller .) -}}
{{- end -}}
{{- if not $podValues.enabled -}}
{{- fail (printf "%s - Selected pod [%s] is not enabled" $caller .) -}}
{{- end -}}
{{/* While we know the shortName from targetSelector, let's set it explicitly
So service can reference this directly, to match the behaviour of a service
without targetSelector defined (assumes "use primary") */}}
{{- $_ := set $podValues "shortName" . -}}
{{- else -}}
{{/* If no targetSelector is defined, we assume the service is using the primary pod */}}
{{/* Also no need to check for multiple primaries here, it's already done on the workload validation */}}
{{- range $podName, $pod := $rootCtx.Values.workload -}}
{{- if $pod.enabled -}}
{{- if $pod.primary -}}
{{- $podValues = mustDeepCopy $pod -}}
{{/* Set the shortName so service can use this on selector */}}
{{- $_ := set $podValues "shortName" $podName -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Return values in Json, to preserve types */}}
{{ $podValues | toJson }}
{{- end -}}

47
helm-charts/dashy/charts/common/templates/helpers/_getSelectedService.tpl Normal file
View File

@@ -0,0 +1,47 @@
{{/* Service - Get Selected Service */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.helpers.getSelectedServiceValues" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
objectData: The object data of the service
rootCtx: The root context of the chart.
*/}}
{{- define "tc.v1.common.lib.helpers.getSelectedServiceValues" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $caller := .caller -}}
{{- $serviceValues := dict -}}
{{- with $objectData.targetSelector -}}
{{- $serviceValues = mustDeepCopy (get $rootCtx.Values.service .) -}}
{{- if not $serviceValues -}}
{{- fail (printf "%s - Selected service [%s] is not defined" $caller .) -}}
{{- end -}}
{{- if not $serviceValues.enabled -}}
{{- fail (printf "%s - Selected service [%s] is not enabled" $caller .) -}}
{{- end -}}
{{/* While we know the shortName from targetSelector, let's set it explicitly
So service can reference this directly, to match the behaviour of a service
without targetSelector defined (assumes "use primary") */}}
{{- $_ := set $serviceValues "shortName" . -}}
{{- else -}}
{{/* If no targetSelector is defined, we assume the service is using the primary service */}}
{{/* Also no need to check for multiple primaries here, it's already done on the service validation */}}
{{- range $serviceName, $service := $rootCtx.Values.service -}}
{{- if $service.enabled -}}
{{- if $service.primary -}}
{{- $serviceValues = mustDeepCopy $service -}}
{{/* Set the shortName so service can use this on selector */}}
{{- $_ := set $serviceValues "shortName" $serviceName -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Return values in Json, to preserve types */}}
{{ $serviceValues | toJson }}
{{- end -}}

21
helm-charts/dashy/charts/common/templates/helpers/_makeIntOrNoop.tpl Normal file
View File

@@ -0,0 +1,21 @@
{{- define "tc.v1.common.helper.makeIntOrNoop" -}}
{{- $value := . -}}
{{/*
- Ints in Helm can be either int, int64 or float64.
- Values that start with zero should not be converted
to int again as this will strip leading zeros.
- Numbers converted to E notation by Helm will
always contain the "e" character. So we only
convert those.
*/}}
{{- if and
(mustHas (kindOf $value) (list "int" "int64" "float64"))
(not (hasPrefix "0" ($value | toString)))
(contains "e" ($value | toString | lower))
-}}
{{- $value | int -}}
{{- else -}}
{{- $value -}}
{{- end -}}
{{- end -}}

44
helm-charts/dashy/charts/common/templates/lib/_tc_capabilities.tpl Normal file
View File

@@ -0,0 +1,44 @@
{{/* Return the appropriate apiVersion for PodMonitor */}}
{{- define "tc.v1.common.capabilities.podmonitor.apiVersion" -}}
{{- print "monitoring.coreos.com/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for ServiceMonitor */}}
{{- define "tc.v1.common.capabilities.servicemonitor.apiVersion" -}}
{{- print "monitoring.coreos.com/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for PrometheusRule */}}
{{- define "tc.v1.common.capabilities.prometheusrule.apiVersion" -}}
{{- print "monitoring.coreos.com/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for Ingress */}}
{{- define "tc.v1.common.capabilities.ingress.apiVersion" -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for NetworkPolicy*/}}
{{- define "tc.v1.common.capabilities.networkpolicy.apiVersion" -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for HorizontalPodAutoscaler aka HPA*/}}
{{- define "tc.v1.common.capabilities.hpa.apiVersion" -}}
{{- print "autoscaling/v2" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for Cert-Manager certificates */}}
{{- define "tc.v1.common.capabilities.cert-manager.certificate.apiVersion" -}}
{{- print "cert-manager.io/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for Cert-Manager certificates */}}
{{- define "tc.v1.common.capabilities.cnpg.cluster.apiVersion" -}}
{{- print "postgresql.cnpg.io/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for Cert-Manager certificates */}}
{{- define "tc.v1.common.capabilities.cnpg.pooler.apiVersion" -}}
{{- print "postgresql.cnpg.io/v1" -}}
{{- end -}}

52
helm-charts/dashy/charts/common/templates/lib/chart/_names.tpl Normal file
View File

@@ -0,0 +1,52 @@
{{/* Contains functions for generating names */}}
{{/* Returns the name of the Chart */}}
{{- define "tc.v1.common.lib.chart.names.name" -}}
{{- .Chart.Name | lower | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* Returns the fullname of the Chart */}}
{{- define "tc.v1.common.lib.chart.names.fullname" -}}
{{- $name := include "tc.v1.common.lib.chart.names.name" . -}}
{{- if contains $name .Release.Name -}}
{{- $name = .Release.Name -}}
{{- else -}}
{{- $name = printf "%s-%s" .Release.Name $name -}}
{{- end -}}
{{- $name | lower | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* Returns the fqdn of the Chart */}}
{{- define "tc.v1.common.lib.chart.names.fqdn" -}}
{{- printf "%s.%s" (include "tc.v1.common.lib.chart.names.name" .) .Release.Namespace | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* Validates names */}}
{{- define "tc.v1.common.lib.chart.names.validation" -}}
{{- $name := .name -}}
{{- $length := .length -}}
{{- if not $length -}}
{{- $length = 63 -}}
{{- end -}}
{{- if not (and (mustRegexMatch "^[a-z0-9]((-?[a-z0-9]-?)*[a-z0-9])?$" $name) (le (len $name) $length)) -}}
{{- fail (printf "Name [%s] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most %v characters." $name $length) -}}
{{- end -}}
{{- end -}}
{{/* Create chart name and version as used by the chart label */}}
{{- define "tc.v1.common.lib.chart.names.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

21
helm-charts/dashy/charts/common/templates/lib/chart/_notes.tpl Normal file
View File

@@ -0,0 +1,21 @@
{{- define "tc.v1.common.lib.chart.notes" -}}
{{- include "tc.v1.common.lib.chart.header" . -}}
{{- include "tc.v1.common.lib.chart.custom" . -}}
{{- include "tc.v1.common.lib.chart.footer" . -}}
{{- end -}}
{{- define "tc.v1.common.lib.chart.header" -}}
{{- tpl $.Values.notes.header $ | nindent 0 }}
{{- end -}}
{{- define "tc.v1.common.lib.chart.custom" -}}
{{- tpl $.Values.notes.custom $ | nindent 0 }}
{{- end -}}
{{- define "tc.v1.common.lib.chart.footer" -}}
{{- tpl $.Values.notes.footer $ | nindent 0 }}
{{- end -}}

9
helm-charts/dashy/charts/common/templates/lib/cnpg/_poolerMetrics.tpl Normal file
View File

@@ -0,0 +1,9 @@
{{- define "tc.v1.common.lib.cnpg.metrics.pooler" -}}
enabled: true
type: "podmonitor"
selector:
matchLabels:
cnpg.io/poolerName: {{ .poolerName }}
endpoints:
- port: metrics
{{- end }}

14
helm-charts/dashy/charts/common/templates/lib/cnpg/_urlsSecret.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{- define "tc.v1.common.lib.cnpg.secret.urls" -}}
{{- $std := .std }}
{{- $nossl := .nossl }}
{{- $porthost := .porthost }}
{{- $host := .host }}
{{- $jdbc := .jdbc }}
enabled: true
data:
std: {{ $std }}
nossl: {{ $nossl }}
porthost: {{ $porthost }}
host: {{ $host }}
jdbc: {{ $jdbc }}
{{- end -}}

9
helm-charts/dashy/charts/common/templates/lib/cnpg/_userSecret.tpl Normal file
View File

@@ -0,0 +1,9 @@
{{- define "tc.v1.common.lib.cnpg.secret.user" -}}
{{- $dbPass := .dbPass }}
{{- $values := .values -}}
enabled: true
type: kubernetes.io/basic-auth
data:
username: {{ $values.user }}
password: {{ $dbPass }}
{{- end -}}

21
helm-charts/dashy/charts/common/templates/lib/configmap/_validation.tpl Normal file
View File

@@ -0,0 +1,21 @@
{{/* Configmap Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.configmap.validation" (dict "objectData" $objectData) -}}
objectData:
labels: The labels of the configmap.
annotations: The annotations of the configmap.
data: The data of the configmap.
*/}}
{{- define "tc.v1.common.lib.configmap.validation" -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.data -}}
{{- fail "ConfigMap - Expected non-empty <data>" -}}
{{- end -}}
{{- if not (kindIs "map" $objectData.data) -}}
{{- fail (printf "ConfigMap - Expected <data> to be a dictionary, but got [%v]" (kindOf $objectData.data)) -}}
{{- end -}}
{{- end -}}

22
helm-charts/dashy/charts/common/templates/lib/container/_args.tpl Normal file
View File

@@ -0,0 +1,22 @@
{{/* Returns args list */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.args" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.args" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- range $key := (list "args" "extraArgs") -}}
{{- with (get $objectData $key) -}}
{{- if kindIs "string" . }}
- {{ tpl . $rootCtx | quote }}
{{- else if kindIs "slice" . -}}
{{- range $arg := . }}
- {{ tpl $arg $rootCtx | quote }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

18
helm-charts/dashy/charts/common/templates/lib/container/_command.tpl Normal file
View File

@@ -0,0 +1,18 @@
{{/* Returns command list */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.command" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.command" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- if kindIs "string" $objectData.command }}
- {{ tpl $objectData.command $rootCtx | quote }}
{{- else if kindIs "slice" $objectData.command -}}
{{- range $objectData.command }}
- {{ tpl . $rootCtx | quote }}
{{- end -}}
{{- end -}}
{{- end -}}

108
helm-charts/dashy/charts/common/templates/lib/container/_env.tpl Normal file
View File

@@ -0,0 +1,108 @@
{{/* Returns Env */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.env" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.env" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- range $k, $v := $objectData.env -}}
{{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "env" "key" $k) }}
- name: {{ $k | quote }}
{{- if not (kindIs "map" $v) -}}
{{- $value := "" -}}
{{- if not (kindIs "invalid" $v) -}} {{/* Only tpl non-empty values */}}
{{- $value = $v -}}
{{- if kindIs "string" $v -}}
{{- $value = tpl $v $rootCtx -}}
{{- end -}}
{{- end }}
value: {{ include "tc.v1.common.helper.makeIntOrNoop" $value | quote }}
{{- else if kindIs "map" $v }}
valueFrom:
{{- $refs := (list "configMapKeyRef" "secretKeyRef" "fieldRef") -}}
{{- if or (ne (len ($v | keys)) 1) (not (mustHas ($v | keys | first) $refs)) -}}
{{- fail (printf "Container - Expected <env> with a ref to have one of [%s], but got [%s]" (join ", " $refs) (join ", " ($v | keys | sortAlpha))) -}}
{{- end -}}
{{- $name := "" -}}
{{- range $key := (list "configMapKeyRef" "secretKeyRef") -}}
{{- if hasKey $v $key }}
{{ $key }}:
{{- $obj := get $v $key -}}
{{- if not $obj.name -}}
{{- fail (printf "Container - Expected non-empty <env.%s.name>" $key) -}}
{{- end -}}
{{- if not $obj.key -}}
{{- fail (printf "Container - Expected non-empty <env.%s.key>" $key) -}}
{{- end }}
key: {{ $obj.key | quote }}
{{- $name = tpl $obj.name $rootCtx -}}
{{- $expandName := true -}}
{{- if (hasKey $obj "expandObjectName") -}}
{{- if not (kindIs "invalid" $obj.expandObjectName) -}}
{{- $expandName = $obj.expandObjectName -}}
{{- else -}}
{{- fail (printf "Container - Expected the defined key [expandObjectName] in <env.%s> to not be empty" $k) -}}
{{- end -}}
{{- end -}}
{{- if kindIs "string" $expandName -}}
{{- $expandName = tpl $expandName $rootCtx -}}
{{/* After tpl it becomes a string, not a bool */}}
{{- if eq $expandName "true" -}}
{{- $expandName = true -}}
{{- else if eq $expandName "false" -}}
{{- $expandName = false -}}
{{- end -}}
{{- end -}}
{{- if $expandName -}}
{{- $item := ($key | trimSuffix "KeyRef" | lower) -}}
{{- $data := (get $rootCtx.Values $item) -}}
{{- $data = (get $data $name) -}}
{{- if not $data -}}
{{- fail (printf "Container - Expected in <env> the referenced %s [%s] to be defined" (camelcase $item) $name) -}}
{{- end -}}
{{- $found := false -}}
{{- range $k, $v := $data.data -}}
{{- if eq $k $obj.key -}}
{{- $found = true -}}
{{- end -}}
{{- end -}}
{{- if not $found -}}
{{- fail (printf "Container - Expected in <env> the referenced key [%s] in %s [%s] to be defined" $obj.key (camelcase $item) $name) -}}
{{- end -}}
{{- $name = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $name) -}}
{{- end }}
name: {{ $name | quote }}
{{- end -}}
{{- end -}}
{{- if hasKey $v "fieldRef" }}
fieldRef:
{{- if not $v.fieldRef.fieldPath -}}
{{- fail "Container - Expected non-empty <env.fieldRef.fieldPath>" -}}
{{- end }}
fieldPath: {{ $v.fieldRef.fieldPath | quote }}
{{- if $v.fieldRef.apiVersion }}
apiVersion: {{ $v.fieldRef.apiVersion | quote }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

74
helm-charts/dashy/charts/common/templates/lib/container/_envFrom.tpl Normal file
View File

@@ -0,0 +1,74 @@
{{/* Returns Env From */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.envFrom" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.envFrom" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $refs := (list "configMapRef" "secretRef") -}}
{{- range $envFrom := $objectData.envFrom -}}
{{- if and (not $envFrom.secretRef) (not $envFrom.configMapRef) -}}
{{- fail (printf "Container - Expected <envFrom> entry to have one of [%s]" (join ", " $refs)) -}}
{{- end -}}
{{- if and $envFrom.secretRef $envFrom.configMapRef -}}
{{- fail (printf "Container - Expected <envFrom> entry to have only one of [%s], but got both" (join ", " $refs)) -}}
{{- end -}}
{{- range $ref := $refs -}}
{{- with (get $envFrom $ref) -}}
{{- if not .name -}}
{{- fail (printf "Container - Expected non-empty <envFrom.%s.name>" $ref) -}}
{{- end -}}
{{- $objectName := tpl .name $rootCtx -}}
{{- $expandName := true -}}
{{- if (hasKey . "expandObjectName") -}}
{{- if not (kindIs "invalid" .expandObjectName) -}}
{{- $expandName = .expandObjectName -}}
{{- else -}}
{{- fail (printf "Container - Expected the defined key [expandObjectName] in <envFrom.%s> to not be empty" $ref) -}}
{{- end -}}
{{- end -}}
{{- if kindIs "string" $expandName -}}
{{- $expandName = tpl $expandName $rootCtx -}}
{{/* After tpl it becomes a string, not a bool */}}
{{- if eq $expandName "true" -}}
{{- $expandName = true -}}
{{- else if eq $expandName "false" -}}
{{- $expandName = false -}}
{{- end -}}
{{- end -}}
{{- if $expandName -}}
{{- $object := dict -}}
{{- $source := "" -}}
{{- if eq $ref "configMapRef" -}}
{{- $object = (get $rootCtx.Values.configmap $objectName) -}}
{{- $source = "ConfigMap" -}}
{{- else if eq $ref "secretRef" -}}
{{- $object = (get $rootCtx.Values.secret $objectName) -}}
{{- $source = "Secret" -}}
{{- end -}}
{{- if not $object -}}
{{- fail (printf "Container - Expected %s [%s] defined in <envFrom> to exist" $source $objectName) -}}
{{- end -}}
{{- range $k, $v := $object.data -}}
{{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" (printf "%s - %s" $source $objectName) "key" $k) -}}
{{- end -}}
{{- $objectName = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $objectName) -}}
{{- end }}
- {{ $ref }}:
name: {{ $objectName | quote }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

23
helm-charts/dashy/charts/common/templates/lib/container/_envList.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/* Returns Env List */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.envList" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.envList" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- range $env := $objectData.envList -}}
{{- if not $env.name -}}
{{- fail "Container - Expected non-empty <envList.name>" -}}
{{- end -}} {{/* Empty value is valid */}}
{{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "envList" "key" $env.name) -}}
{{- $value := $env.value -}}
{{- if kindIs "string" $env.value -}}
{{- $value = tpl $env.value $rootCtx -}}
{{- end }}
- name: {{ $env.name | quote }}
value: {{ include "tc.v1.common.helper.makeIntOrNoop" $value | quote }}
{{- end -}}
{{- end -}}

75
helm-charts/dashy/charts/common/templates/lib/container/_fixedEnv.tpl Normal file
View File

@@ -0,0 +1,75 @@
{{/* Returns Fixed Env */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.fixedEnv" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.fixedEnv" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{/* Avoid nil pointers */}}
{{- if not (hasKey $objectData "fixedEnv") -}}
{{- $_ := set $objectData "fixedEnv" dict -}}
{{- end -}}
{{- $nvidiaCaps := $rootCtx.Values.containerOptions.NVIDIA_CAPS -}}
{{- if $objectData.fixedEnv.NVIDIA_CAPS -}}
{{- $nvidiaCaps = $objectData.fixedEnv.NVIDIA_CAPS -}}
{{- end -}}
{{- if not (deepEqual $nvidiaCaps (mustUniq $nvidiaCaps)) -}}
{{- fail (printf "Container - Expected <fixedEnv.NVIDIA_CAPS> to have only unique values, but got [%s]" (join ", " $nvidiaCaps)) -}}
{{- end -}}
{{- $caps := (list "all" "compute" "utility" "graphics" "video") -}}
{{- range $cap := $nvidiaCaps -}}
{{- if not (mustHas $cap $caps) -}}
{{- fail (printf "Container - Expected <fixedEnv.NVIDIA_CAPS> entry to be one of [%s], but got [%s]" (join ", " $caps) $cap) -}}
{{- end -}}
{{- end -}}
{{- $secContext := fromJson (include "tc.v1.common.lib.container.securityContext.calculate" (dict "rootCtx" $rootCtx "objectData" $objectData)) -}}
{{- $fixed := list -}}
{{- $TZ := $objectData.fixedEnv.TZ | default $rootCtx.Values.TZ -}}
{{- $UMASK := $objectData.fixedEnv.UMASK | default $rootCtx.Values.securityContext.container.UMASK -}}
{{- $PUID := $objectData.fixedEnv.PUID | default $rootCtx.Values.securityContext.container.PUID -}}
{{- if and (not (kindIs "invalid" $objectData.fixedEnv.PUID)) (eq (int $objectData.fixedEnv.PUID) 0) -}}
{{- $PUID = $objectData.fixedEnv.PUID -}}
{{- end -}}
{{/* calculatedFSGroup is passed from the pod */}}
{{- $PGID := $objectData.calculatedFSGroup -}}
{{- $fixed = mustAppend $fixed (dict "k" "TZ" "v" $TZ) -}}
{{- $fixed = mustAppend $fixed (dict "k" "UMASK" "v" $UMASK) -}}
{{- $fixed = mustAppend $fixed (dict "k" "UMASK_SET" "v" $UMASK) -}}
{{/* TODO: Offer gpu section in resources for native helm and adjust this include, then we can remove the "if inside ixChartContext" */}}
{{- if eq (include "tc.v1.common.lib.container.resources.gpu" (dict "rootCtx" $rootCtx "objectData" $objectData "returnBool" true)) "true" -}}
{{- $fixed = mustAppend $fixed (dict "k" "NVIDIA_DRIVER_CAPABILITIES" "v" (join "," $nvidiaCaps)) -}}
{{- else -}} {{/* Only when in SCALE */}}
{{- if hasKey $rootCtx.Values.global "ixChartContext" -}}
{{- $fixed = mustAppend $fixed (dict "k" "NVIDIA_VISIBLE_DEVICES" "v" "void") -}}
{{- end -}}
{{- end -}}
{{/* If running as root and PUID is set (0 or greater), set related envs */}}
{{- if and (or (eq (int $secContext.runAsUser) 0) (eq (int $secContext.runAsGroup) 0)) (ge (int $PUID) 0) -}}
{{- $fixed = mustAppend $fixed (dict "k" "PUID" "v" $PUID) -}}
{{- $fixed = mustAppend $fixed (dict "k" "USER_ID" "v" $PUID) -}}
{{- $fixed = mustAppend $fixed (dict "k" "UID" "v" $PUID) -}}
{{- $fixed = mustAppend $fixed (dict "k" "PGID" "v" $PGID) -}}
{{- $fixed = mustAppend $fixed (dict "k" "GROUP_ID" "v" $PGID) -}}
{{- $fixed = mustAppend $fixed (dict "k" "GID" "v" $PGID) -}}
{{- end -}}
{{/* If rootFS is readOnly OR does not as root, let s6 containers to know that fs is readonly */}}
{{- if or $secContext.readOnlyRootFilesystem $secContext.runAsNonRoot -}}
{{- $fixed = mustAppend $fixed (dict "k" "S6_READ_ONLY_ROOT" "v" "1") -}}
{{- end -}}
{{- range $env := $fixed -}}
{{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "fixedEnv" "key" $env.k) }}
- name: {{ $env.k | quote }}
value: {{ (include "tc.v1.common.helper.makeIntOrNoop" $env.v) | quote }}
{{- end -}}
{{- end -}}

42
helm-charts/dashy/charts/common/templates/lib/container/_imageSelector.tpl Normal file
View File

@@ -0,0 +1,42 @@
{{/* Returns the image dictionary */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.imageSelector" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.imageSelector" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $imageObj := dict -}}
{{- $selector := "image" -}}
{{- with $objectData.imageSelector -}}
{{- $selector = tpl . $rootCtx -}}
{{- end -}}
{{- if hasKey $rootCtx.Values $selector -}}
{{- $imageObj = get $rootCtx.Values $selector -}}
{{- else -}}
{{- fail (printf "Container - Expected <.Values.%s> to exist" $selector) -}}
{{- end -}}
{{- if not $imageObj.repository -}}
{{- fail (printf "Container - Expected non-empty <.Values.%s.repository>" $selector) -}}
{{- end -}}
{{- if not $imageObj.tag -}}
{{- fail (printf "Container - Expected non-empty <.Values.%s.tag>" $selector) -}}
{{- end -}}
{{- if not $imageObj.pullPolicy -}}
{{- $_ := set $imageObj "pullPolicy" "IfNotPresent" -}}
{{- end -}}
{{- $policies := (list "IfNotPresent" "Always" "Never") -}}
{{- if not (mustHas $imageObj.pullPolicy $policies) -}}
{{- fail (printf "Container - Expected <.Values.%s.pullPolicy> to be one of [%s], but got [%s]" $selector (join ", " $policies) $imageObj.pullPolicy) -}}
{{- end -}}
{{- $imageObj | toJson -}}
{{- end -}}

37
helm-charts/dashy/charts/common/templates/lib/container/_lifecycle.tpl Normal file
View File

@@ -0,0 +1,37 @@
{{/* Returns lifecycle */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.lifecycle" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.lifecycle" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $hooks := (list "preStop" "postStart") -}}
{{- $types := (list "exec" "http" "https") -}}
{{- with $objectData.lifecycle -}}
{{- range $hook, $hookValues := . -}}
{{- if not (mustHas $hook $hooks) -}}
{{- fail (printf "Container - Expected <lifecycle> <hook> to be one of [%s], but got [%s]" (join ", " $hooks) $hook) -}}
{{- end -}}
{{- if not $hookValues.type -}}
{{- fail "Container - Expected non-empty <lifecycle> <type>" -}}
{{- end -}}
{{- if not (mustHas $hookValues.type $types) -}}
{{- fail (printf "Container - Expected <lifecycle> <type> to be one of [%s], but got [%s]" (join ", " $types) $hookValues.type) -}}
{{- end }}
{{ $hook }}:
{{- if eq $hookValues.type "exec" -}}
{{- include "tc.v1.common.lib.container.actions.exec" (dict "rootCtx" $rootCtx "objectData" $hookValues "caller" "lifecycle") | trim | nindent 2 -}}
{{- else if mustHas $hookValues.type (list "http" "https") -}}
{{- include "tc.v1.common.lib.container.actions.httpGet" (dict "rootCtx" $rootCtx "objectData" $hookValues "caller" "lifecycle") | trim | nindent 2 -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

87
helm-charts/dashy/charts/common/templates/lib/container/_ports.tpl Normal file
View File

@@ -0,0 +1,87 @@
{{/* Returns ports list */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.ports" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.ports" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- range $serviceName, $serviceValues := $rootCtx.Values.service -}}
{{- $podSelected := false -}}
{{/* If service is enabled... */}}
{{- if $serviceValues.enabled -}}
{{/* If there is a selector */}}
{{- if $serviceValues.targetSelector -}}
{{/* And pod is selected */}}
{{- if eq $serviceValues.targetSelector $objectData.podShortName -}}
{{- $podSelected = true -}}
{{- end -}}
{{- else -}}
{{/* If no selector is defined but pod is primary */}}
{{- if $objectData.podPrimary -}}
{{- $podSelected = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $podSelected -}}
{{- range $portName, $portValues := $serviceValues.ports -}}
{{- $containerSelected := false -}}
{{/* If service is enabled... */}}
{{- if $portValues.enabled -}}
{{/* If there is a selector */}}
{{- if $portValues.targetSelector -}}
{{/* And container is selected */}}
{{- if eq $portValues.targetSelector $objectData.shortName -}}
{{- $containerSelected = true -}}
{{- end -}}
{{- else -}}
{{/* If no selector is defined but container is primary */}}
{{- if $objectData.primary -}}
{{- $containerSelected = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* If the container is selected render port */}}
{{- if $containerSelected -}}
{{- $containerPort := $portValues.targetPort | default $portValues.port -}}
{{- if kindIs "string" $containerPort -}}
{{- $containerPort = (tpl $containerPort $rootCtx) -}}
{{- end -}}
{{- $tcpProtocols := (list "tcp" "http" "https") -}}
{{- $protocol := tpl ($portValues.protocol | default $rootCtx.Values.fallbackDefaults.serviceProtocol) $rootCtx -}}
{{- if mustHas $protocol $tcpProtocols -}}
{{- $protocol = "tcp" -}}
{{- end }}
- name: {{ $portName }}
containerPort: {{ $containerPort }}
protocol: {{ $protocol | upper }}
{{- with $portValues.hostPort }}
hostPort: {{ . }}
{{- else }}
hostPort: null
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Turning hostNetwork on, it creates hostPort automatically and turning it back off does not remove them. Setting hostPort explicitly to null will remove them.
There are still cases that hostPort is not removed, for example, if you have a TCP and UDP port with the same number. Only the TCPs hostPort will be removed.
Also note that setting hostPort to null always, it will NOT affect hostNetwork, as it will still create the hostPorts.
It only helps to remove them when hostNetwork is turned off.
*/}}

40
helm-charts/dashy/charts/common/templates/lib/container/_primaryValidation.tpl Normal file
View File

@@ -0,0 +1,40 @@
{{/* Containers Basic Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.primaryValidation" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
*/}}
{{- define "tc.v1.common.lib.container.primaryValidation" -}}
{{- $objectData := .objectData -}}
{{- $rootCtx := .rootCtx -}}
{{/* Initialize values */}}
{{- $hasPrimary := false -}}
{{- $hasEnabled := false -}}
{{/* Go over the contaienrs */}}
{{- range $name, $container := $objectData.podSpec.containers -}}
{{/* If container is enabled */}}
{{- if $container.enabled -}}
{{- $hasEnabled = true -}}
{{/* And container is primary */}}
{{- if and (hasKey $container "primary") ($container.primary) -}}
{{/* Fail if there is already a primary container */}}
{{- if $hasPrimary -}}
{{- fail "Container - Only one container can be primary per workload" -}}
{{- end -}}
{{- $hasPrimary = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Require at least one primary container, if any enabled */}}
{{- if and $hasEnabled (not $hasPrimary) -}}
{{- fail "Container - At least one enabled container must be primary per workload" -}}
{{- end -}}
{{- end -}}

98
helm-charts/dashy/charts/common/templates/lib/container/_probes.tpl Normal file
View File

@@ -0,0 +1,98 @@
{{/* Returns Probes */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.probes" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.probes" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $probeNames := (list "liveness" "readiness" "startup") -}}
{{- $probeTypes := (list "http" "https" "tcp" "grpc" "exec") -}}
{{- if not $objectData.probes -}}
{{- fail "Container - Expected non-empty <probes>" -}}
{{- end -}}
{{- range $key := $probeNames -}}
{{- if not (get $objectData.probes $key) -}}
{{- fail (printf "Container - Expected <probes.%s> to be defined" $key) -}}
{{- end -}}
{{- end -}}
{{- range $probeName, $probe := $objectData.probes -}}
{{- if not (mustHas $probeName $probeNames) -}}
{{- fail (printf "Container - Expected probe to be one of [%s], but got [%s]" (join ", " $probeNames) $probeName) -}}
{{- end -}}
{{- $isEnabled := true -}}
{{- if kindIs "bool" $probe.enabled -}}
{{- $isEnabled = $probe.enabled -}}
{{- end -}}
{{- if $isEnabled -}}
{{- $probeType := $rootCtx.Values.fallbackDefaults.probeType -}}
{{- with $probe.type -}}
{{- $probeType = tpl . $rootCtx -}}
{{- end -}}
{{- if not (mustHas $probeType $probeTypes) -}}
{{- fail (printf "Container - Expected probe type to be one of [%s], but got [%s]" (join ", " $probeTypes) $probeType) -}}
{{- end }}
{{ $probeName }}Probe:
{{- if (mustHas $probeType (list "http" "https")) -}}
{{- include "tc.v1.common.lib.container.actions.httpGet" (dict "rootCtx" $rootCtx "objectData" $probe "caller" "probes") | trim | nindent 2 -}}
{{- else if eq $probeType "tcp" -}}
{{- include "tc.v1.common.lib.container.actions.tcpSocket" (dict "rootCtx" $rootCtx "objectData" $probe "caller" "probes") | trim | nindent 2 -}}
{{- else if eq $probeType "grpc" -}}
{{- include "tc.v1.common.lib.container.actions.grpc" (dict "rootCtx" $rootCtx "objectData" $probe "caller" "probes") | trim | nindent 2 -}}
{{- else if eq $probeType "exec" -}}
{{- include "tc.v1.common.lib.container.actions.exec" (dict "rootCtx" $rootCtx "objectData" $probe "caller" "probes") | trim | nindent 2 -}}
{{- end -}}
{{- include "tc.v1.common.lib.container.probeTimeouts" (dict "rootCtx" $rootCtx "objectData" $probe "probeName" $probeName) | trim | nindent 2 -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Returns Probe Timeouts */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.probeTimeouts" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.probeTimeouts" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $probeName := .probeName -}}
{{- $timeouts := mustDeepCopy (get $rootCtx.Values.fallbackDefaults.probeTimeouts $probeName) -}}
{{- if $objectData.spec -}} {{/* Overwrite with defined timeouts */}}
{{- $timeouts = mustMergeOverwrite $timeouts $objectData.spec -}}
{{- end -}}
{{- $keys := (list "initialDelaySeconds" "failureThreshold" "successThreshold" "timeoutSeconds" "periodSeconds") -}}
{{- range $key := $keys -}}
{{- $number := get $timeouts $key -}}
{{- if not (mustHas (kindOf $number) (list "float64" "int" "int64")) -}}
{{- fail (printf "Container - Expected <probes> <%s> to be a number, but got [%v]" $key $number) -}}
{{- end -}}
{{- end -}}
{{- if mustHas $probeName (list "liveness" "startup") -}}
{{- if ne (int $timeouts.successThreshold) 1 -}}
{{- fail (printf "Container - Expected <probes> <successThreshold> to be 1 on [%s] probe" $probeName) -}}
{{- end -}}
{{- end }}
initialDelaySeconds: {{ $timeouts.initialDelaySeconds }}
failureThreshold: {{ $timeouts.failureThreshold }}
successThreshold: {{ $timeouts.successThreshold }}
timeoutSeconds: {{ $timeouts.timeoutSeconds }}
periodSeconds: {{ $timeouts.periodSeconds }}
{{- end -}}

140
helm-charts/dashy/charts/common/templates/lib/container/_resources.tpl Normal file
View File

@@ -0,0 +1,140 @@
{{/* Returns Resources */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.resources" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.resources" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $resources := mustDeepCopy $rootCtx.Values.resources -}}
{{- if $objectData.resources -}}
{{- $resources = mustMergeOverwrite $resources $objectData.resources -}}
{{- end -}}
{{- include "tc.v1.common.lib.container.resources.validation" (dict "resources" $resources) -}}
requests:
cpu: {{ $resources.requests.cpu }}
memory: {{ $resources.requests.memory }}
{{- if $resources.limits }}
limits:
{{- with $resources.limits.cpu }} {{/* Passing 0, will not render it, meaning unlimited */}}
cpu: {{ . }}
{{- end -}}
{{- with $resources.limits.memory }} {{/* Passing 0, will not render it, meaning unlimited */}}
memory: {{ . }}
{{- end -}}
{{- include "tc.v1.common.lib.container.resources.gpu" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
{{- end -}}
{{- end -}}
{{/* Returns GPU resource */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.resources.gpu" (dict "rootCtx" $rootCtx "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.resources.gpu" -}}
{{- $objectData := .objectData -}}
{{- $rootCtx := .rootCtx -}}
{{- $returnBool := .returnBool -}}
{{- $gpuResource := list -}}
{{- range $GPUValues := $rootCtx.Values.scaleGPU -}}
{{- if not $GPUValues.gpu -}}
{{- fail "Container - Expected non-empty <scaleGPU.gpu>" -}}
{{- end -}}
{{- $selected := false -}}
{{/* Parse selector if defined */}}
{{- if $GPUValues.targetSelector -}}
{{- range $podName, $containers := $GPUValues.targetSelector -}}
{{- if not $containers -}}
{{- fail "Container - Expected non-empty list under pod in <scaleGPU.targetSelector>" -}}
{{- end -}}
{{- if and (eq $podName $objectData.podShortName) (mustHas $objectData.shortName $containers) -}}
{{- $selected = true -}}
{{- end -}}
{{- end -}}
{{/* If no selector, select primary pod/container */}}
{{- else if and $objectData.podPrimary $objectData.primary -}}
{{- $selected = true -}}
{{- end -}}
{{- if $selected -}}
{{- $gpuResource = mustAppend $gpuResource $GPUValues.gpu -}}
{{- end -}}
{{- end -}}
{{- if not $returnBool -}}
{{- range $gpu := $gpuResource -}}
{{- range $k, $v := $gpu -}}
{{- if or (kindIs "invalid" $v) (eq (toString $v) "") -}}
{{- fail "Container - Expected non-empty <scaleGPU> <value>" -}}
{{- end -}} {{/* Don't try to schedule 0 GPUs */}}
{{- if gt (int $v) 0 }}
{{ $k }}: {{ $v | quote }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- if $gpuResource -}}
{{- "true" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Validates resources to match a pattern */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.resources.validation" (dict "resources" $resources) }}
rootCtx: The root context of the chart.
resources: The resources object
*/}}
{{- define "tc.v1.common.lib.container.resources.validation" -}}
{{- $resources := .resources -}}
{{/* CPU: https://regex101.com/r/D4HouI/1 */}}
{{/* MEM: https://regex101.com/r/NNPV2D/1 */}}
{{- $regex := (dict
"cpu" "^(0\\.[1-9]|[1-9][0-9]*)(\\.[0-9]|m?)$"
"memory" "^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$") -}}
{{- $errorMsg := (dict
"cpu" "(Plain Integer - eg. 1), (Float - eg. 0.5), (Milicpu - eg. 500m)"
"memory" "(Suffixed with E/P/T/G/M/K - eg. 1G), (Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi), (Plain Integer in bytes - eg. 1024), (Exponent - eg. 134e6)") -}}
{{- $resourceTypes := (list "cpu" "memory") -}}
{{- range $category := (list "requests") -}} {{/* We can also add "limits" here if we want to require them */}}
{{- if not (get $resources $category) -}}
{{- fail (printf "Container - Expected non-empty <resources.%s>" $category) -}}
{{- end -}}
{{- range $type := $resourceTypes -}}
{{- if not (get (get $resources $category) $type) -}}
{{- fail (printf "Container - Expected non-empty <resources.%s.%s>" $category $type) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- range $key := (list "requests" "limits") -}}
{{- $resourceCategory := (get $resources $key) -}}
{{- if $resourceCategory -}}
{{- range $type := $resourceTypes -}}
{{- $resourceValue := (get $resourceCategory $type) -}}
{{- if $resourceValue -}} {{/* Only try to match defined values */}}
{{- if not (mustRegexMatch (get $regex $type) (toString $resourceValue)) -}}
{{- fail (printf "Container - Expected <resources.%s.%s> to have one of the following formats [%s], but got [%s]" $key $type (get $errorMsg $type) $resourceValue) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

181
helm-charts/dashy/charts/common/templates/lib/container/_securityContext.tpl Normal file
View File

@@ -0,0 +1,181 @@
{{/* Returns Container Security Context */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.securityContext" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.securityContext" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{/* Initialize from the "global" options */}}
{{- $secContext := fromJson (include "tc.v1.common.lib.container.securityContext.calculate" (dict "rootCtx" $rootCtx "objectData" $objectData)) }}
runAsNonRoot: {{ $secContext.runAsNonRoot }}
runAsUser: {{ $secContext.runAsUser }}
runAsGroup: {{ $secContext.runAsGroup }}
readOnlyRootFilesystem: {{ $secContext.readOnlyRootFilesystem }}
allowPrivilegeEscalation: {{ $secContext.allowPrivilegeEscalation }}
privileged: {{ $secContext.privileged }}
seccompProfile:
type: {{ $secContext.seccompProfile.type }}
{{- if eq $secContext.seccompProfile.type "Localhost" }}
localhostProfile: {{ $secContext.seccompProfile.profile }}
{{- end }}
capabilities:
{{- if $secContext.capabilities.add }}
add:
{{- range $secContext.capabilities.add }}
- {{ . }}
{{- end -}}
{{- else }}
add: []
{{- end -}}
{{- if $secContext.capabilities.drop }}
drop:
{{- range $secContext.capabilities.drop }}
- {{ . }}
{{- end -}}
{{- else }}
drop: []
{{- end -}}
{{- end -}}
{{/* Calculates Container Security Context */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.securityContext.calculate" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.securityContext.calculate" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $mustPrivileged := false -}}
{{- range $persistenceName, $persistenceValues := $rootCtx.Values.persistence -}}
{{- if $persistenceValues.enabled -}}
{{- if eq $persistenceValues.type "device" -}}
{{- $volume := (fromJson (include "tc.v1.common.lib.container.volumeMount.isSelected" (dict "persistenceName" $persistenceName "persistenceValues" $persistenceValues "objectData" $objectData "key" "persistence"))) -}}
{{- if $volume -}} {{/* If a volume is returned, it means that the container has an assigned device */}}
{{- $mustPrivileged = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if not $rootCtx.Values.securityContext.container -}}
{{- fail "Container - Expected non-empty <.Values.securityContext.container>" -}}
{{- end -}}
{{/* Initialize from the "global" options */}}
{{- $secContext := mustDeepCopy $rootCtx.Values.securityContext.container -}}
{{/* Override with containers options */}}
{{- with $objectData.securityContext -}}
{{- $secContext = mustMergeOverwrite $secContext . -}}
{{- end -}}
{{/* Validations, as we might endup with null values after merge */}}
{{- range $key := (list "runAsUser" "runAsGroup") -}}
{{- $value := (get $secContext $key) -}}
{{- if not (mustHas (kindOf $value) (list "float64" "int" "int64")) -}}
{{- fail (printf "Container - Expected <securityContext.%s> to be [int], but got [%v] of type [%s]" $key $value (kindOf $value)) -}}
{{- end -}}
{{- end -}}
{{- if or (eq (int $secContext.runAsUser) 0) (eq (int $secContext.runAsGroup) 0) -}}
{{- $_ := set $secContext "runAsNonRoot" false -}}
{{- else -}}
{{- $_ := set $secContext "runAsNonRoot" true -}}
{{- end -}}
{{- if $secContext.privileged -}} {{/* When privileged is true, allowPrivilegeEscalation is required */}}
{{- $_ := set $secContext "allowPrivilegeEscalation" true -}}
{{- end -}}
{{- if $mustPrivileged -}}
{{- $_ := set $secContext "privileged" true -}}
{{- $_ := set $secContext "allowPrivilegeEscalation" true -}}
{{- $_ := set $secContext "runAsNonRoot" false -}}
{{- $_ := set $secContext "runAsUser" 0 -}}
{{- $_ := set $secContext "runAsGroup" 0 -}}
{{- end -}}
{{- range $key := (list "privileged" "allowPrivilegeEscalation" "runAsNonRoot" "readOnlyRootFilesystem") -}}
{{- $value := (get $secContext $key) -}}
{{- if not (kindIs "bool" $value) -}}
{{- fail (printf "Container - Expected <securityContext.%s> to be [bool], but got [%s] of type [%s]" $key $value (kindOf $value)) -}}
{{- end -}}
{{- end -}}
{{- if not $secContext.seccompProfile -}}
{{- fail "Container - Expected <securityContext.seccompProfile> to be defined" -}}
{{- end -}}
{{- $profiles := (list "RuntimeDefault" "Localhost" "Unconfined") -}}
{{- if not (mustHas $secContext.seccompProfile.type $profiles) -}}
{{- fail (printf "Container - Expected <securityContext.seccompProfile> to be one of [%s], but got [%s]" (join ", " $profiles) $secContext.seccompProfile.type) -}}
{{- end -}}
{{- if eq $secContext.seccompProfile.type "Localhost" -}}
{{- if not $secContext.seccompProfile.profile -}}
{{- fail "Container - Expected <securityContext.seccompProfile.profile> to be defined on type [Localhost]" -}}
{{- end -}}
{{- end -}}
{{- if not $secContext.capabilities -}}
{{- fail "Container - Expected <securityContext.capabilities> to be defined" -}}
{{- end -}}
{{- $tempObjectData := (dict "shortName" $objectData.podShortName "primary" $objectData.podPrimary) -}}
{{- $portRange := fromJson (include "tc.v1.common.lib.helpers.securityContext.getPortRange" (dict "rootCtx" $rootCtx "objectData" $tempObjectData)) -}}
{{- if and $portRange.low (le (int $portRange.low) 1024) -}} {{/* If a container wants to bind a port <= 1024 add NET_BIND_SERVICE */}}
{{- $addCap := $secContext.capabilities.add -}}
{{- if not (mustHas "NET_BIND_SERIVCE" $addCap) -}}
{{- $addCap = mustAppend $addCap "NET_BIND_SERVICE" -}}
{{- end -}}
{{- $_ := set $secContext.capabilities "add" $addCap -}}
{{- end -}}
{{/*
Most containers that run as root, is because it has to chown
files before switching to another user.
Lets add automatically the CHOWN cap.
*/}}
{{- if eq (int $secContext.runAsUser) 0 -}}
{{- if not (kindIs "bool" $secContext.capabilities.disableS6Caps) -}}
{{- fail (printf "Container - Expected <securityContext.capabilities.disableS6Caps> to be [bool], but got [%s] of type [%s]" $secContext.capabilities.disableS6Caps (kindOf $secContext.capabilities.disableS6Caps)) -}}
{{- end -}}
{{- $addCap := $secContext.capabilities.add -}}
{{- if not $secContext.capabilities.disableS6Caps -}}
{{- $addCap = mustAppend $addCap "CHOWN" -}}
{{- $addCap = mustAppend $addCap "SETUID" -}}
{{- $addCap = mustAppend $addCap "SETGID" -}}
{{- $addCap = mustAppend $addCap "FOWNER" -}}
{{- $addCap = mustAppend $addCap "DAC_OVERRIDE" -}}
{{- end -}}
{{- $_ := set $secContext.capabilities "add" $addCap -}}
{{- end -}}
{{- range $key := (list "add" "drop") -}}
{{- $item := (get $secContext.capabilities $key) -}}
{{- if not (kindIs "slice" $item) -}}
{{- fail (printf "Container - Expected <securityContext.capabilities.%s> to be [list], but got [%s]" $key (kindOf $item)) -}}
{{- end -}}
{{- range $item -}}
{{- if not (kindIs "string" .) -}}
{{- fail (printf "Container - Expected items of <securityContext.capabilities.%s> to be [string], but got [%s]" $key (kindOf .)) -}}
{{- end -}}
{{- end -}}
{{- if not (deepEqual (uniq $item) $item) -}}
{{- fail (printf "Container - Expected items of <securityContext.capabilities.%s> to be unique, but got [%s]" $key (join ", " $item)) -}}
{{- end -}}
{{- end -}}
{{- $secContext | toJson -}}
{{- end -}}

33
helm-charts/dashy/charts/common/templates/lib/container/_termination.tpl Normal file
View File

@@ -0,0 +1,33 @@
{{/* Returns termination */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.termination" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.termination" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $termination := (dict "messagePath" "" "messagePolicy" "") -}}
{{- with $objectData.termination -}}
{{- with .messagePath -}}
{{- $_ := set $termination "messagePath" (tpl . $rootCtx) -}}
{{- end -}}
{{- with .messagePolicy -}}
{{- $policy := (tpl . $rootCtx) -}}
{{- $policies := (list "File" "FallbackToLogsOnError") -}}
{{- if not (mustHas $policy $policies) -}}
{{- fail (printf "Container - Expected <termination.messagePolicy> to be one of [%s], but got [%s]" (join ", " $policies) $policy) -}}
{{- end -}}
{{- $_ := set $termination "messagePolicy" $policy -}}
{{- end -}}
{{- end -}}
{{- $termination | toJson -}}
{{- end -}}

147
helm-charts/dashy/charts/common/templates/lib/container/_volumeMounts.tpl Normal file
View File

@@ -0,0 +1,147 @@
{{/* Returns volumeMount list */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.volumeMount" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.volumeMount" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $volMounts := list -}}
{{- $codeServerIgnoredTypes := (list "configmap" "secret") -}}
{{- $keys := (list "persistence") -}}
{{- if eq $objectData.podType "StatefulSet" -}}
{{- $keys = mustAppend $keys "volumeClaimTemplates" -}}
{{- end -}}
{{- range $key := $keys -}}
{{- range $persistenceName, $persistenceValues := (get $rootCtx.Values $key) -}}
{{- if $persistenceValues.enabled -}}
{{/* Dont try to mount configmap/sercet to codeserver */}}
{{- if not (and (eq $objectData.shortName "codeserver") (mustHas $persistenceValues.type $codeServerIgnoredTypes)) -}}
{{- $volMount := (fromJson (include "tc.v1.common.lib.container.volumeMount.isSelected" (dict "persistenceName" $persistenceName "persistenceValues" $persistenceValues "objectData" $objectData "key" $key))) -}}
{{- if $volMount -}}
{{- $volMounts = mustAppend $volMounts $volMount -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- range $volMount := $volMounts -}}
{{/* Expand values */}}
{{- $_ := set $volMount "mountPath" (tpl $volMount.mountPath $rootCtx) -}}
{{- $_ := set $volMount "subPath" (tpl $volMount.subPath $rootCtx) -}}
{{- $_ := set $volMount "mountPropagation" (tpl $volMount.mountPropagation $rootCtx) -}}
{{- if not $volMount.mountPath -}}
{{- fail (printf "%s - Expected non-empty <mountPath>" (camelcase $volMount.key)) -}}
{{- end -}}
{{- if not (hasPrefix "/" $volMount.mountPath) -}}
{{- fail (printf "%s - Expected <mountPath> to start with a forward slash [/]" (camelcase $volMount.key)) -}}
{{- end -}}
{{- $propagationTypes := (list "None" "HostToContainer" "Bidirectional") -}}
{{- if and $volMount.mountPropagation (not (mustHas $volMount.mountPropagation $propagationTypes)) -}}
{{- fail (printf "%s - Expected <mountPropagation> to be one of [%s], but got [%s]" (camelcase $volMount.key) (join ", " $propagationTypes) $volMount.mountPropagation) -}}
{{- end -}}
{{- if not (kindIs "bool" $volMount.readOnly) -}}
{{- fail (printf "%s - Expected <readOnly> to be [boolean], but got [%s]" (camelcase $volMount.key) (kindOf $volMount.readOnly)) -}}
{{- end }}
- name: {{ $volMount.name }}
mountPath: {{ $volMount.mountPath }}
readOnly: {{ $volMount.readOnly }}
{{- with $volMount.subPath }}
subPath: {{ . }}
{{- end -}}
{{- with $volMount.mountPropagation }}
mountPropagation: {{ . }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "tc.v1.common.lib.container.volumeMount.isSelected" -}}
{{- $persistenceName := .persistenceName -}}
{{- $persistenceValues := .persistenceValues -}}
{{- $objectData := .objectData -}}
{{- $key := .key -}}
{{/* Initialize from the default values */}}
{{- $volMount := dict -}}
{{- $_ := set $volMount "name" $persistenceName -}}
{{- $_ := set $volMount "key" $key -}}
{{- if eq $persistenceValues.type "device" -}} {{/* On devices use the hostPath as default if mountpath is not defined */}}
{{- $_ := set $volMount "mountPath" ($persistenceValues.mountPath | default $persistenceValues.hostPath | default "") -}}
{{- else -}}
{{- $_ := set $volMount "mountPath" ($persistenceValues.mountPath | default "") -}}
{{- end -}}
{{- $_ := set $volMount "subPath" ($persistenceValues.subPath | default "") -}}
{{- $_ := set $volMount "readOnly" ($persistenceValues.readOnly | default false) -}}
{{- $_ := set $volMount "mountPropagation" ($persistenceValues.mountPropagation | default "") -}}
{{- $return := false -}}
{{/* If targetSelectAll is set, means all pods/containers */}} {{/* targetSelectAll does not make sense for vct */}}
{{- if and $persistenceValues.targetSelectAll (ne $key "volumeClaimTemplates") -}}
{{- $return = true -}}
{{/* Set custom path on autopermissions container */}}
{{- if and (eq $objectData.shortName "autopermissions") $persistenceValues.autoPermissions -}}
{{- if $persistenceValues.autoPermissions.enabled -}}
{{- $return = true -}}
{{- $_ := set $volMount "mountPath" (printf "/mounts/%v" $persistenceName) -}}
{{- end -}}
{{- end -}}
{{/* If the container is the autopermission */}}
{{- else if (eq $objectData.shortName "autopermissions") -}}
{{- if $persistenceValues.autoPermissions -}}
{{- if $persistenceValues.autoPermissions.enabled -}}
{{- $return = true -}}
{{- $_ := set $volMount "mountPath" (printf "/mounts/%v" $persistenceName) -}}
{{- end -}}
{{- end -}}
{{/* Else if selector is defined */}}
{{- else if $persistenceValues.targetSelector -}}
{{/* If pod is selected */}}
{{- if mustHas $objectData.podShortName ($persistenceValues.targetSelector | keys) -}}
{{- $selectorValues := (get $persistenceValues.targetSelector $objectData.podShortName) -}}
{{- if not (kindIs "map" $selectorValues) -}}
{{- fail (printf "%s - Expected <targetSelector.%s> to be a [dict], but got [%s]" (camelcase $key) $objectData.podShortName (kindOf $selectorValues)) -}}
{{- end -}}
{{- if not $selectorValues -}}
{{- fail (printf "%s - Expected non-empty <targetSelector.%s>" (camelcase $key) $objectData.podShortName) -}}
{{- end -}}
{{/* If container is selected */}}
{{- if or (mustHas $objectData.shortName ($selectorValues | keys)) (eq $objectData.shortName "codeserver") -}}
{{/* Merge with values that might be set for the specific container */}}
{{- $fetchedSelectorValues := (get $selectorValues $objectData.shortName) -}}
{{- if and (eq $objectData.shortName "codeserver") (not $fetchedSelectorValues) -}}
{{- $fetchedSelectorValues = (get $selectorValues ($selectorValues | keys | first)) -}}
{{- end -}}
{{- $volMount = mustMergeOverwrite $volMount $fetchedSelectorValues -}}
{{- $return = true -}}
{{- end -}}
{{- end -}}
{{/* if its the codeserver */}}
{{- else if (eq $objectData.shortName "codeserver") -}}
{{- $return = true -}}
{{/* Else if not selector, but pod and container is primary */}}
{{- else if and $objectData.podPrimary $objectData.primary -}}
{{- $return = true -}}
{{- end -}}
{{- if $return -}} {{/* If it's selected, return the volumeMount */}}
{{- $volMount | toJson -}}
{{- else -}} {{/* Else return an empty dict */}}
{{- dict | toJson -}}
{{- end -}}
{{- end -}}

18
helm-charts/dashy/charts/common/templates/lib/container/probe-lifecycle-actions/_exec.tpl Normal file
View File

@@ -0,0 +1,18 @@
{{/* Returns exec action */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.actions.exec" (dict "rootCtx" $ "objectData" $objectData "caller" $caller) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.actions.exec" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $caller := .caller -}}
{{- if not $objectData.command -}}
{{- fail (printf "Container - Expected non-empty <%s> <command> on [exec] type" $caller) -}}
{{- end }}
exec:
command:
{{- include "tc.v1.common.lib.container.command" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 4}}
{{- end -}}

23
helm-charts/dashy/charts/common/templates/lib/container/probe-lifecycle-actions/_grpc.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/* Returns grpc action */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.actions.tcpSocket" (dict "rootCtx" $ "objectData" $objectData "caller" $caller) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.actions.grpc" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $caller := .caller -}}
{{- if not $objectData.port -}}
{{- fail (printf "Container - Expected non-empty <%s> <port> on [grpc] type" $caller) -}}
{{- end -}}
{{- $port := $objectData.port -}}
{{- if kindIs "string" $port -}}
{{- $port = tpl $port $rootCtx -}}
{{- end }}
grpc:
port: {{ $port }}
{{- end -}}

53
helm-charts/dashy/charts/common/templates/lib/container/probe-lifecycle-actions/_httpGet.tpl Normal file
View File

@@ -0,0 +1,53 @@
{{/* Returns httpGet action */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.actions.httpGet" (dict "rootCtx" $ "objectData" $objectData "caller" $caller) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.actions.httpGet" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $caller := .caller -}}
{{- if not $objectData.port -}}
{{- fail (printf "Container - Expected non-empty <%s> <port> on [http] type" $caller) -}}
{{- end -}}
{{- $port := $objectData.port -}}
{{- $path := "/" -}}
{{- $scheme := "http" -}}
{{- if kindIs "string" $port -}}
{{- $port = tpl $port $rootCtx -}}
{{- end -}}
{{- with $objectData.path -}}
{{- $path = tpl . $rootCtx -}}
{{- end -}}
{{- if not (hasPrefix "/" $path) -}}
{{- fail (printf "Container - Expected <%s> <path> to start with a forward slash [/] on <http> type" $caller) -}}
{{- end -}}
{{- with $objectData.type -}}
{{- $scheme = tpl . $rootCtx -}}
{{- end }}
httpGet:
{{- with $objectData.host }}
host: {{ tpl . $rootCtx }}
{{- end }}
port: {{ $port }}
path: {{ $path }}
scheme: {{ $scheme | upper }}
{{- with $objectData.httpHeaders }}
httpHeaders:
{{- range $name, $value := . }}
{{- if not $value -}}
{{- fail "Container - Expected non-empty <value> on <httpHeaders>" -}}
{{- end }}
- name: {{ $name }}
value: {{ tpl (toString $value) $rootCtx | quote }}
{{- end -}}
{{- end -}}
{{- end -}}

23
helm-charts/dashy/charts/common/templates/lib/container/probe-lifecycle-actions/_tcpSocket.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/* Returns tcpSocket action */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.actions.tcpSocket" (dict "rootCtx" $ "objectData" $objectData "caller" $caller) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.actions.tcpSocket" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $caller := .caller -}}
{{- if not $objectData.port -}}
{{- fail (printf "Container - Expected non-empty <%s> <port> on [tcp] type" $caller) -}}
{{- end -}}
{{- $port := $objectData.port -}}
{{- if kindIs "string" $port -}}
{{- $port = tpl $port $rootCtx -}}
{{- end }}
tcpSocket:
port: {{ $port }}
{{- end -}}

55
helm-charts/dashy/charts/common/templates/lib/dependencies/_clickhouseInjector.tpl Normal file
View File

@@ -0,0 +1,55 @@
{{/*
This template generates a random password and ensures it persists across updates/edits to the chart
*/}}
{{- define "tc.v1.common.dependencies.clickhouse.secret" -}}
{{- if .Values.clickhouse.enabled -}}
{{/* Initialize variables */}}
{{- $fetchname := printf "%s-clickhousecreds" .Release.Name -}}
{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace $fetchname -}}
{{- $dbpreviousold := lookup "v1" "Secret" .Release.Namespace "clickhousecreds" -}}
{{- $dbPass := randAlphaNum 50 -}}
{{/* If there are previous secrets, fetch values and decrypt them */}}
{{- if $dbprevious -}}
{{- $dbPass = (index $dbprevious.data "clickhouse-password") | b64dec -}}
{{- else if $dbpreviousold -}}
{{- $dbPass = (index $dbpreviousold.data "clickhouse-password") | b64dec -}}
{{- end -}}
{{/* Prepare data */}}
{{- $dbHost := printf "%v-%v" .Release.Name "clickhouse" -}}
{{- $portHost := printf "%v:8123" $dbHost -}}
{{- $ping := printf "http://%v/ping" $portHost -}}
{{- $url := printf "http://%v:%v@%v/%v" .Values.clickhouse.clickhouseUsername $dbPass $portHost .Values.clickhouse.clickhouseDatabase -}}
{{- $jdbc := printf "jdbc:ch://%v/%v" $portHost -}}
{{/* Append some values to clickhouse.creds, so apps using the dep, can use them */}}
{{- $_ := set .Values.clickhouse.creds "plain" ($dbHost | quote) -}}
{{- $_ := set .Values.clickhouse.creds "plainhost" ($dbHost | quote) -}}
{{- $_ := set .Values.clickhouse.creds "clickhousePassword" ($dbPass | quote) -}}
{{- $_ := set .Values.clickhouse.creds "plainport" ($portHost | quote) -}}
{{- $_ := set .Values.clickhouse.creds "plainporthost" ($portHost | quote) -}}
{{- $_ := set .Values.clickhouse.creds "ping" ($ping | quote) -}}
{{- $_ := set .Values.clickhouse.creds "complete" ($url | quote) -}}
{{- $_ := set .Values.clickhouse.creds "jdbc" ($jdbc | quote) -}}
{{/* Create the secret (Comment also plays a role on correct formatting) */}}
enabled: true
expandObjectName: false
data:
clickhouse-password: {{ $dbPass }}
plainhost: {{ $dbHost }}
plainporthost: {{ $portHost }}
ping: {{ $ping }}
url: {{ $url }}
jdbc: {{ $jdbc }}
{{- end -}}
{{- end -}}
{{- define "tc.v1.common.dependencies.clickhouse.injector" -}}
{{- $secret := include "tc.v1.common.dependencies.clickhouse.secret" . | fromYaml -}}
{{- if $secret -}}
{{- $_ := set .Values.secret ( printf "%s-%s" .Release.Name "clickhousecreds" ) $secret -}}
{{- end -}}
{{- end -}}

387
helm-charts/dashy/charts/common/templates/lib/dependencies/_dbWait.tpl Normal file
View File

@@ -0,0 +1,387 @@
{{- define "tc.v1.common.lib.deps.wait" -}}
{{- if .Values.redis.enabled -}}
{{- $container := include "tc.v1.common.lib.deps.wait.redis" $ | fromYaml -}}
{{- if $container -}}
{{- range .Values.workload -}}
{{- if not (hasKey .podSpec "initContainers") -}}
{{- $_ := set .podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .podSpec.initContainers "redis-wait" $container -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if .Values.mariadb.enabled -}}
{{- $container := include "tc.v1.common.lib.deps.wait.mariadb" $ | fromYaml -}}
{{- if $container -}}
{{- range .Values.workload -}}
{{- if not (hasKey .podSpec "initContainers") -}}
{{- $_ := set .podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .podSpec.initContainers "mariadb-wait" $container -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if .Values.mongodb.enabled -}}
{{- $container := include "tc.v1.common.lib.deps.wait.mongodb" $ | fromYaml -}}
{{- if $container -}}
{{- range .Values.workload -}}
{{- if not (hasKey .podSpec "initContainers") -}}
{{- $_ := set .podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .podSpec.initContainers "mongodb-wait" $container -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if .Values.clickhouse.enabled -}}
{{- $container := include "tc.v1.common.lib.deps.wait.clickhouse" $ | fromYaml -}}
{{- if $container -}}
{{- range .Values.workload -}}
{{- if not (hasKey .podSpec "initContainers") -}}
{{- $_ := set .podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .podSpec.initContainers "clickhouse-wait" $container -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if .Values.solr.enabled -}}
{{- $container := include "tc.v1.common.lib.deps.wait.solr" $ | fromYaml -}}
{{- if $container -}}
{{- range .Values.workload -}}
{{- if not (hasKey .podSpec "initContainers") -}}
{{- $_ := set .podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .podSpec.initContainers "solr-wait" $container -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $result := false -}}
{{- range .Values.cnpg -}}
{{- if .enabled -}}
{{- $result = true -}}
{{- end -}}
{{- end -}}
{{- if $result -}}
{{- $container := include "tc.v1.common.lib.deps.wait.cnpg" $ | fromYaml -}}
{{- if $container -}}
{{- range $.Values.workload -}}
{{- if not (hasKey .podSpec "initContainers") -}}
{{- $_ := set .podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .podSpec.initContainers "cnpg-wait" $container -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "tc.v1.common.lib.deps.wait.redis" -}}
enabled: true
type: system
imageSelector: redisClientImage
securityContext:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
runAsNonRoot: true
allowPrivilegeEscalation: false
privileged: false
seccompProfile:
type: RuntimeDefault
capabilities:
add: []
drop:
- ALL
env:
REDIS_HOST:
secretKeyRef:
expandObjectName: false
name: '{{ printf "%s-%s" .Release.Name "rediscreds" }}'
key: plainhost
REDIS_PASSWORD:
secretKeyRef:
expandObjectName: false
name: '{{ printf "%s-%s" .Release.Name "rediscreds" }}'
key: redis-password
REDIS_PORT: "6379"
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
echo "Executing DB waits..."
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD";
export LIVE=false;
until "$LIVE";
do
response=$(
timeout -s 3 2 \
redis-cli \
-h "$REDIS_HOST" \
-p "$REDIS_PORT" \
ping
)
if [ "$response" == "PONG" ] || [ "$response" == "LOADING Redis is loading the dataset in memory" ]; then
LIVE=true
echo "$response"
echo "Redis Responded, ending initcontainer and starting main container(s)..."
else
echo "$response"
echo "Redis not responding... Sleeping for 10 sec..."
sleep 10
fi;
done
EOF
{{- end -}}
{{- define "tc.v1.common.lib.deps.wait.mariadb" -}}
enabled: true
type: system
imageSelector: mariadbClientImage
securityContext:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
runAsNonRoot: true
allowPrivilegeEscalation: false
privileged: false
seccompProfile:
type: RuntimeDefault
capabilities:
add: []
drop:
- ALL
resources:
requests:
cpu: 10m
memory: 50Mi
limits:
cpu: 4000m
memory: 8Gi
env:
MARIADB_HOST:
secretKeyRef:
expandObjectName: false
name: '{{ printf "%s-%s" .Release.Name "mariadbcreds" }}'
key: plainhost
MARIADB_ROOT_PASSWORD:
secretKeyRef:
expandObjectName: false
name: '{{ printf "%s-%s" .Release.Name "mariadbcreds" }}'
key: mariadb-root-password
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
echo "Executing DB waits..."
until
mysqladmin -uroot -h"${MARIADB_HOST}" -p"${MARIADB_ROOT_PASSWORD}" ping \
&& mysqladmin -uroot -h"${MARIADB_HOST}" -p"${MARIADB_ROOT_PASSWORD}" status;
do sleep 2;
done
EOF
{{- end -}}
{{- define "tc.v1.common.lib.deps.wait.mongodb" -}}
enabled: true
type: system
imageSelector: mongodbClientImage
securityContext:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
runAsNonRoot: true
allowPrivilegeEscalation: false
privileged: false
seccompProfile:
type: RuntimeDefault
capabilities:
add: []
drop:
- ALL
resources:
requests:
cpu: 10m
memory: 50Mi
limits:
cpu: 4000m
memory: 8Gi
env:
MONGODB_HOST:
secretKeyRef:
expandObjectName: false
name: '{{ printf "%s-%s" .Release.Name "mongodbcreds" }}'
key: plainhost
MONGODB_DATABASE: "{{ .Values.mongodb.mongodbDatabase }}"
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
echo "Executing DB waits..."
until
HOME=/config && echo "db.runCommand(\"ping\")" | mongosh --host ${MONGODB_HOST} --port 27017 ${MONGODB_DATABASE} --quiet;
do sleep 2;
done
EOF
{{- end -}}
{{- define "tc.v1.common.lib.deps.wait.clickhouse" -}}
enabled: true
type: system
imageSelector: wgetImage
securityContext:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
runAsNonRoot: true
allowPrivilegeEscalation: false
privileged: false
seccompProfile:
type: RuntimeDefault
capabilities:
add: []
drop:
- ALL
resources:
requests:
cpu: 10m
memory: 50Mi
limits:
cpu: 4000m
memory: 8Gi
env:
CLICKHOUSE_PING:
secretKeyRef:
expandObjectName: false
name: '{{ printf "%s-%s" .Release.Name "clickhousecreds" }}'
key: ping
command:
- "/bin/sh"
args:
- "-c"
- |
echo "Executing DB waits..."
until wget --quiet --tries=1 --spider "${CLICKHOUSE_PING}"; do
echo "ClickHouse - no response. Sleeping 2 seconds..."
sleep 2
done
echo "ClickHouse - accepting connections"
{{- end -}}
{{- define "tc.v1.common.lib.deps.wait.solr" -}}
enabled: true
type: system
imageSelector: wgetImage
securityContext:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
runAsNonRoot: true
allowPrivilegeEscalation: false
privileged: false
seccompProfile:
type: RuntimeDefault
capabilities:
add: []
drop:
- ALL
resources:
requests:
cpu: 10m
memory: 50Mi
limits:
cpu: 4000m
memory: 8Gi
env:
SOLR_HOST:
secretKeyRef:
expandObjectName: false
name: '{{ printf "%s-%s" .Release.Name "solrcreds" }}'
key: plainhost
SOLR_CORES: "{{ .Values.solr.solrCores }}"
SOLR_ENABLE_AUTHENTICATION: "{{ .Values.solr.solrEnableAuthentication }}"
SOLR_ADMIN_USERNAME: "{{ .Values.solr.solrUsername }}"
SOLR_ADMIN_PASSWORD:
secretKeyRef:
expandObjectName: false
name: '{{ printf "%s-%s" .Release.Name "solrcreds" }}'
key: solr-password
command:
- "/bin/sh"
args:
- "-c"
- |
echo "Executing DB waits..."
if [ "$SOLR_ENABLE_AUTHENTICATION" == "yes" ]; then
until curl --fail --user "${SOLR_ADMIN_USERNAME}":"${SOLR_ADMIN_PASSWORD}" "${SOLR_HOST}":8983/solr/"${SOLR_CORES}"/admin/ping; do
echo "Solr is not responding... Sleeping 2 seconds..."
sleep 2
done
else
until curl --fail "${SOLR_HOST}":8983/solr/"${SOLR_CORES}"/admin/ping; do
echo "Solr is not responding... Sleeping 2 seconds..."
sleep 2
done
fi
{{- end -}}
{{- define "tc.v1.common.lib.deps.wait.cnpg" -}}
enabled: true
type: system
imageSelector: postgresClientImage
securityContext:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
runAsNonRoot: true
allowPrivilegeEscalation: false
privileged: false
seccompProfile:
type: RuntimeDefault
capabilities:
add: []
drop:
- ALL
resources:
requests:
cpu: 10m
memory: 50Mi
limits:
cpu: 4000m
memory: 8Gi
command:
- "/bin/sh"
- "-c"
- |
/bin/sh <<'EOF'
{{ range $name, $cnpg := .Values.cnpg }}
{{ if $cnpg.enabled }}
echo "Executing DB waits..."
{{ $cnpgName := include "tc.v1.common.lib.chart.names.fullname" $ }}
{{ $cnpgName = printf "%v-cnpg-%v" $cnpgName $name }}
echo "Detected RW pooler, testing RW pooler availability..."
until
echo "Testing database on url: {{ $cnpgName }}-rw"
pg_isready -U {{ .user }} -d {{ .database }} -h {{ $cnpgName }}-rw
do sleep 5
done
{{ if $cnpg.acceptRO }}
echo "Detected RO pooler, testing RO pooler availability..."
until
echo "Testing database on url: {{ $cnpgName }}-ro"
pg_isready -U {{ .user }} -d {{ .database }} -h {{ $cnpgName }}-ro
do sleep 5
done
{{ end }}
{{ end }}
{{ end }}
sleep 5
EOF
{{- end -}}

66
helm-charts/dashy/charts/common/templates/lib/dependencies/_mariadbInjector.tpl Normal file
View File

@@ -0,0 +1,66 @@
{{/*
This template generates a random password and ensures it persists across updates/edits to the chart
*/}}
{{- define "tc.v1.common.dependencies.mariadb.secret" -}}
{{- if .Values.mariadb.enabled -}}
{{/* Initialize variables */}}
{{- $fetchname := printf "%s-mariadbcreds" .Release.Name -}}
{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace $fetchname -}}
{{- $dbpreviousold := lookup "v1" "Secret" .Release.Namespace "mariadbcreds" -}}
{{- $dbPass := randAlphaNum 50 -}}
{{- $rootPass := randAlphaNum 50 -}}
{{/* If there are previous secrets, fetch values and decrypt them */}}
{{- if $dbprevious -}}
{{- $dbPass = (index $dbprevious.data "mariadb-password") | b64dec -}}
{{- $rootPass = (index $dbprevious.data "mariadb-root-password") | b64dec -}}
{{- else if $dbpreviousold -}}
{{- $dbPass = (index $dbpreviousold.data "mariadb-password") | b64dec -}}
{{- $rootPass = (index $dbpreviousold.data "mariadb-root-password") | b64dec -}}
{{- end -}}
{{/* Prepare data */}}
{{- $dbhost := printf "%v-%v" .Release.Name "mariadb" -}}
{{- $portHost := printf "%v:3306" $dbhost -}}
{{- $complete := printf "sql://%v:%v@%v/%v" .Values.mariadb.mariadbUsername $dbPass $portHost .Values.mariadb.mariadbDatabase -}}
{{- $urlnossl := printf "sql://%v:%v@%v/%v?sslmode=disable" .Values.mariadb.mariadbUsername $dbPass $portHost .Values.mariadb.mariadbDatabase -}}
{{- $jdbc := printf "jdbc:sqlserver://%v/%v" $portHost .Values.mariadb.mariadbDatabase -}}
{{- $jdbcMySQL := printf "jdbc:mysql://%v/%v" $portHost .Values.mariadb.mariadbDatabase -}}
{{- $jdbcMariaDB := printf "jdbc:mariadb://%v/%v" $portHost .Values.mariadb.mariadbDatabase -}}
{{/* Append some values to mariadb.creds, so apps using the dep, can use them */}}
{{- $_ := set .Values.mariadb.creds "mariadbPassword" ($dbPass | quote) -}}
{{- $_ := set .Values.mariadb.creds "mariadbRootPassword" ($rootPass | quote) -}}
{{- $_ := set .Values.mariadb.creds "plain" ($dbhost | quote) -}}
{{- $_ := set .Values.mariadb.creds "plainhost" ($dbhost | quote) -}}
{{- $_ := set .Values.mariadb.creds "plainport" ($portHost | quote) -}}
{{- $_ := set .Values.mariadb.creds "plainporthost" ($portHost | quote) -}}
{{- $_ := set .Values.mariadb.creds "complete" ($complete | quote) -}}
{{- $_ := set .Values.mariadb.creds "urlnossl" ($urlnossl | quote) -}}
{{- $_ := set .Values.mariadb.creds "jdbc" ($jdbc | quote) -}}
{{- $_ := set .Values.mariadb.creds "jdbcmysql" ($jdbcMySQL | quote) -}}
{{- $_ := set .Values.mariadb.creds "jdbcmariadb" ($jdbcMariaDB | quote) -}}
{{/* Create the secret (Comment also plays a role on correct formatting) */}}
enabled: true
expandObjectName: false
data:
mariadb-password: {{ $dbPass }}
mariadb-root-password: {{ $rootPass }}
url: {{ $complete }}
urlnossl: {{ $urlnossl }}
plainporthost: {{ $portHost }}
plainhost: {{ $dbhost }}
jdbc: {{ $jdbc }}
jdbc-mysql: {{ $jdbcMySQL }}
jdbc-mariadb: {{ $jdbcMariaDB }}
{{- end -}}
{{- end -}}
{{- define "tc.v1.common.dependencies.mariadb.injector" -}}
{{- $secret := include "tc.v1.common.dependencies.mariadb.secret" . | fromYaml -}}
{{- if $secret -}}
{{- $_ := set .Values.secret (printf "%s-%s" .Release.Name "mariadbcreds") $secret -}}
{{- end -}}
{{- end -}}

63
helm-charts/dashy/charts/common/templates/lib/dependencies/_mongodbInjector.tpl Normal file
View File

@@ -0,0 +1,63 @@
{{/*
This template generates a random password and ensures it persists across updates/edits to the chart
*/}}
{{- define "tc.v1.common.dependencies.mongodb.secret" -}}
{{- if .Values.mongodb.enabled -}}
{{/* Initialize variables */}}
{{- $fetchname := printf "%s-mongodbcreds" .Release.Name -}}
{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace $fetchname -}}
{{- $dbpreviousold := lookup "v1" "Secret" .Release.Namespace "mongodbcreds" -}}
{{- $dbPass := randAlphaNum 50 -}}
{{- $rootPass := randAlphaNum 50 -}}
{{/* If there are previous secrets, fetch values and decrypt them */}}
{{- if $dbprevious -}}
{{- $dbPass = (index $dbprevious.data "mongodb-password") | b64dec -}}
{{- $rootPass = (index $dbprevious.data "mongodb-root-password") | b64dec -}}
{{- else if $dbpreviousold -}}
{{- $dbPass = (index $dbpreviousold.data "mongodb-password") | b64dec -}}
{{- $rootPass = (index $dbpreviousold.data "mongodb-root-password") | b64dec -}}
{{- end -}}
{{/* Prepare data */}}
{{- $dbhost := printf "%v-%v" .Release.Name "mongodb" -}}
{{- $portHost := printf "%v:27017" $dbhost -}}
{{- $jdbc := printf "jdbc:mongodb://%v/%v" $portHost .Values.mongodb.mongodbDatabase -}}
{{- $url := printf "mongodb://%v:%v@%v/%v" .Values.mongodb.mongodbUsername $dbPass $portHost .Values.mongodb.mongodbDatabase -}}
{{- $urlssl := printf "%v?ssl=true" $url -}}
{{- $urltls := printf "%v?tls=true" $url -}}
{{/* Append some values to mongodb.creds, so apps using the dep, can use them */}}
{{- $_ := set .Values.mongodb.creds "mongodbPassword" ($dbPass | quote) -}}
{{- $_ := set .Values.mongodb.creds "mongodbRootPassword" ($rootPass | quote) -}}
{{- $_ := set .Values.mongodb.creds "plain" ($dbhost | quote) -}}
{{- $_ := set .Values.mongodb.creds "plainhost" ($dbhost | quote) -}}
{{- $_ := set .Values.mongodb.creds "plainport" ($portHost | quote) -}}
{{- $_ := set .Values.mongodb.creds "plainporthost" ($portHost | quote) -}}
{{- $_ := set .Values.mongodb.creds "complete" ($url | quote) -}}
{{- $_ := set .Values.mongodb.creds "urlssl" ($urlssl | quote) -}}
{{- $_ := set .Values.mongodb.creds "urltls" ($urltls | quote) -}}
{{- $_ := set .Values.mongodb.creds "jdbc" ($jdbc | quote) -}}
{{/* Create the secret (Comment also plays a role on correct formatting) */}}
enabled: true
expandObjectName: false
data:
mongodb-password: {{ $dbPass }}
mongodb-root-password: {{ $rootPass }}
url: {{ $url }}
urlssl: {{ $urlssl }}
urltls: {{ $urltls }}
jdbc: {{ $jdbc }}
plainhost: {{ $dbhost }}
plainporthost: {{ $portHost }}
{{- end -}}
{{- end -}}
{{- define "tc.v1.common.dependencies.mongodb.injector" -}}
{{- $secret := include "tc.v1.common.dependencies.mongodb.secret" . | fromYaml -}}
{{- if $secret -}}
{{- $_ := set .Values.secret (printf "%s-%s" .Release.Name "mongodbcreds") $secret -}}
{{- end -}}
{{- end -}}

55
helm-charts/dashy/charts/common/templates/lib/dependencies/_redisInjector.tpl Normal file
View File

@@ -0,0 +1,55 @@
{{/*
This template generates a random password and ensures it persists across updates/edits to the chart
*/}}
{{- define "tc.v1.common.dependencies.redis.secret" -}}
{{- if .Values.redis.enabled -}}
{{/* Initialize variables */}}
{{- $fetchname := printf "%s-rediscreds" .Release.Name -}}
{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace $fetchname -}}
{{- $dbPass := randAlphaNum 50 -}}
{{- $dbIndex := .Values.redis.redisDatabase | default "0" -}}
{{/* If there are previous secrets, fetch values and decrypt them */}}
{{- if $dbprevious -}}
{{- $dbPass = (index $dbprevious.data "redis-password") | b64dec -}}
{{- end -}}
{{- $redisUser := .Values.redis.redisUsername -}}
{{- if not $redisUser -}}{{/* If you try to print a nil value it will print as <nil> */}}
{{- $redisUser = "" -}}
{{- end -}}
{{/* Prepare data */}}
{{- $dbHost := printf "%v-%v" .Release.Name "redis" -}}
{{- $portHost := printf "%v:6379" $dbHost -}}
{{- $url := printf "redis://%v:%v@%v/%v" $redisUser $dbPass $portHost $dbIndex -}}
{{- $hostPass := printf "%v:%v@%v" $redisUser $dbPass $dbHost -}}
{{/* Append some values to redis.creds, so apps using the dep, can use them */}}
{{- $_ := set .Values.redis.creds "redisPassword" ($dbPass | quote) -}}
{{- $_ := set .Values.redis.creds "plain" ($dbHost | quote) -}}
{{- $_ := set .Values.redis.creds "plainhost" ($dbHost | quote) -}}
{{- $_ := set .Values.redis.creds "plainport" ($portHost | quote) -}}
{{- $_ := set .Values.redis.creds "plainporthost" ($portHost | quote) -}}
{{- $_ := set .Values.redis.creds "plainhostpass" ($hostPass | quote) -}}
{{- $_ := set .Values.redis.creds "url" ($url | quote) -}}
{{/* Create the secret (Comment also plays a role on correct formatting) */}}
enabled: true
expandObjectName: false
data:
redis-password: {{ $dbPass }}
plain: {{ $dbHost }}
url: {{ $url }}
plainhostpass: {{ $hostPass }}
plainporthost: {{ $portHost }}
plainhost: {{ $dbHost }}
{{- end -}}
{{- end -}}
{{- define "tc.v1.common.dependencies.redis.injector" -}}
{{- $secret := include "tc.v1.common.dependencies.redis.secret" . | fromYaml -}}
{{- if $secret -}}
{{- $_ := set .Values.secret (printf "%s-%s" .Release.Name "rediscreds") $secret -}}
{{- end -}}
{{- end -}}

47
helm-charts/dashy/charts/common/templates/lib/dependencies/_solrInjector.tpl Normal file
View File

@@ -0,0 +1,47 @@
{{/*
This template generates a random password and ensures it persists across updates/edits to the chart
*/}}
{{- define "tc.v1.common.dependencies.solr.secret" -}}
{{- if .Values.solr.enabled -}}
{{/* Initialize variables */}}
{{- $fetchname := printf "%s-solrcreds" .Release.Name -}}
{{- $solrprevious := lookup "v1" "Secret" .Release.Namespace $fetchname -}}
{{- $solrpreviousold := lookup "v1" "Secret" .Release.Namespace "solrcreds" -}}
{{- $solrPass := randAlphaNum 50 -}}
{{/* If there are previous secrets, fetch values and decrypt them */}}
{{- if $solrprevious -}}
{{- $solrPass = (index $solrprevious.data "solr-password") | b64dec -}}
{{- else if $solrpreviousold -}}
{{- $solrPass = (index $solrpreviousold.data "solr-password") | b64dec -}}
{{- end -}}
{{/* Prepare data */}}
{{- $dbHost := printf "%v-%v" .Release.Name "solr" -}}
{{- $portHost := printf "%v:8983" $dbHost -}}
{{- $url := printf "http://%v:%v@%v/url/%v" .Values.solr.solrUsername $solrPass $portHost .Values.solr.solrCores -}}
{{/* Append some values to solr.creds, so apps using the dep, can use them */}}
{{- $_ := set .Values.solr.creds "solrPassword" ($solrPass | quote) -}}
{{- $_ := set .Values.solr.creds "plain" ($dbHost | quote) -}}
{{- $_ := set .Values.solr.creds "plainhost" ($dbHost | quote) -}}
{{- $_ := set .Values.solr.creds "portHost" ($portHost | quote) -}}
{{- $_ := set .Values.solr.creds "url" ($url | quote) -}}
{{/* Create the secret (Comment also plays a role on correct formatting) */}}
enabled: true
expandObjectName: false
data:
solr-password: {{ $solrPass }}
url: {{ $url }}
plainhost: {{ $dbHost }}
{{- end -}}
{{- end -}}
{{- define "tc.v1.common.dependencies.solr.injector" -}}
{{- $secret := include "tc.v1.common.dependencies.solr.secret" . | fromYaml -}}
{{- if $secret -}}
{{- $_ := set .Values.secret (printf "%s-%s" .Release.Name "solrcreds") $secret -}}
{{- end -}}
{{- end -}}

20
helm-charts/dashy/charts/common/templates/lib/endpoint/_addresses.tpl Normal file
View File

@@ -0,0 +1,20 @@
{{/* Endpoint - addresses */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.endpoint.addresses" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The object data of the service
*/}}
{{- define "tc.v1.common.lib.endpoint.addresses" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.externalIP -}}
{{- fail "EndpointSlice - Expected non-empty <externalIP>" -}}
{{- end -}}
{{- if not (kindIs "string" $objectData.externalIP) -}} {{/* Only single IP is supported currently on this lib */}}
{{- fail (printf "EndpointSlice - Expected <externalIP> to be a [string], but got [%s]" (kindOf $objectData.externalIP)) -}}
{{- end }}
- ip: {{ tpl $objectData.externalIP $rootCtx }}
{{- end -}}

40
helm-charts/dashy/charts/common/templates/lib/endpoint/_ports.tpl Normal file
View File

@@ -0,0 +1,40 @@
{{/* Endpoint - Ports */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.endpoint.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The object data of the service
*/}}
{{- define "tc.v1.common.lib.endpoint.ports" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $tcpProtocols := (list "tcp" "http" "https") -}}
{{- range $name, $portValues := $objectData.ports -}}
{{- if $portValues.enabled -}}
{{- $protocol := $rootCtx.Values.fallbackDefaults.serviceProtocol -}} {{/* Default to fallback protocol, if no protocol is defined */}}
{{- $port := $portValues.targetPort | default $portValues.port -}}
{{/* Expand targetPort */}}
{{- if (kindIs "string" $port) -}}
{{- $port = (tpl $port $rootCtx) -}}
{{- end -}}
{{- $port = int $port -}}
{{- with $portValues.protocol -}}
{{- $protocol = tpl . $rootCtx -}}
{{- if mustHas $protocol $tcpProtocols -}}
{{- $protocol = "tcp" -}}
{{- end -}}
{{- end }}
- name: {{ $name }}
port: {{ $port }}
protocol: {{ $protocol | upper }}
{{- with $portValues.appProtocol }}
appProtocol: {{ tpl . $rootCtx | lower }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

21
helm-charts/dashy/charts/common/templates/lib/endpointSlice/_endpoints.tpl Normal file
View File

@@ -0,0 +1,21 @@
{{/* EndpointSlice - endpoints */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.endpointslice.endpoints" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The object data of the service
*/}}
{{- define "tc.v1.common.lib.endpointslice.endpoints" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.externalIP -}}
{{- fail "EndpointSlice - Expected non-empty <externalIP>" -}}
{{- end -}}
{{- if not (kindIs "string" $objectData.externalIP) -}} {{/* Only single IP is supported currently on this lib */}}
{{- fail (printf "EndpointSlice - Expected <externalIP> to be a [string], but got [%s]" (kindOf $objectData.externalIP)) -}}
{{- end }}
- addresses:
- {{ tpl $objectData.externalIP $rootCtx }}
{{- end -}}

40
helm-charts/dashy/charts/common/templates/lib/endpointSlice/_ports.tpl Normal file
View File

@@ -0,0 +1,40 @@
{{/* EndpointSlice - Ports */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.endpointslice.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The object data of the service
*/}}
{{- define "tc.v1.common.lib.endpointslice.ports" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $tcpProtocols := (list "tcp" "http" "https") -}}
{{- range $name, $portValues := $objectData.ports -}}
{{- if $portValues.enabled -}}
{{- $protocol := $rootCtx.Values.fallbackDefaults.serviceProtocol -}} {{/* Default to fallback protocol, if no protocol is defined */}}
{{- $port := $portValues.targetPort | default $portValues.port -}}
{{/* Expand targetPort */}}
{{- if (kindIs "string" $port) -}}
{{- $port = (tpl $port $rootCtx) -}}
{{- end -}}
{{- $port = int $port -}}
{{- with $portValues.protocol -}}
{{- $protocol = tpl . $rootCtx -}}
{{- if mustHas $protocol $tcpProtocols -}}
{{- $protocol = "tcp" -}}
{{- end -}}
{{- end }}
- name: {{ $name }}
port: {{ $port }}
protocol: {{ $protocol | upper }}
{{- with $portValues.appProtocol }}
appProtocol: {{ tpl . $rootCtx | lower }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

53
helm-charts/dashy/charts/common/templates/lib/externalInterface/_validation.tpl Normal file
View File

@@ -0,0 +1,53 @@
{{/* External Interface Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.externalInterface.validation" (dict "objectData" $objectData) -}}
objectData: The object data to validate that contains the external interface configuratioon.
*/}}
{{- define "tc.v1.common.lib.externalInterface.validation" -}}
{{- $objectData := .objectData -}}
{{- if and $objectData.targetSelector (not (kindIs "slice" $objectData.targetSelector)) -}}
{{- fail (printf "External Interface - Expected <targetSelector> to be a [list], but got [%s]" (kindOf $objectData.targetSelector)) -}}
{{- end -}}
{{- if not $objectData.hostInterface -}}
{{- fail "External Interface - Expected non-empty <hostInterface>" -}}
{{- end -}}
{{- if not $objectData.ipam -}}
{{- fail "External Interface - Expected non-empty <ipam>" -}}
{{- end -}}
{{- if not $objectData.ipam.type -}}
{{- fail "External Interface - Expected non-empty <ipam.type>" -}}
{{- end -}}
{{- $types := (list "dhcp" "static") -}}
{{- if not (mustHas $objectData.ipam.type $types) -}}
{{- fail (printf "External Interface - Expected <ipam.type> to be one of [%s], but got [%s]" (join ", " $types) $objectData.ipam.type) -}}
{{- end -}}
{{- if and (or $objectData.ipam.staticIPConfigurations $objectData.ipam.staticRoutes) (ne $objectData.ipam.type "static") -}}
{{- fail "External Interface - Expected empty <ipam.staticIPConfigurations> and <ipam.staticRoutes> when <ipam.type> is not [static]" -}}
{{- end -}}
{{- if eq $objectData.ipam.type "static" -}}
{{- if not $objectData.ipam.staticIPConfigurations -}}
{{- fail "External Interface - Expected non-empty <ipam.staticIPConfigurations> when <ipam.type> is [static]" -}}
{{- end -}}
{{- with $objectData.ipam.staticRoutes -}}
{{- range . -}}
{{- if not .destination -}}
{{- fail "External Interface - Expected non-empty <destination> in <ipam.staticRoutes>" -}}
{{- end -}}
{{- if not .gateway -}}
{{- fail "External Interface - Expected non-empty <gateway> in <ipam.staticRoutes>" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

43
helm-charts/dashy/charts/common/templates/lib/imagePullSecret/_createData.tpl Normal file
View File

@@ -0,0 +1,43 @@
{{/* Configmap Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.imagePullSecret.createData" (dict "objectData" $objectData "root" $rootCtx) -}}
rootCtx: The root context of the chart.
objectData:
data: The data of the imagePullSecret.
*/}}
{{- define "tc.v1.common.lib.imagePullSecret.createData" -}}
{{- $objectData := .objectData -}}
{{- $rootCtx := .rootCtx -}}
{{- $registrySecret := dict -}}
{{/* Auth is b64encoded and then the whole secret is b64encoded */}}
{{- $auth := printf "%s:%s" (tpl $objectData.data.username $rootCtx) (tpl $objectData.data.password $rootCtx) | b64enc -}}
{{- $registry := dict -}}
{{- with $objectData.data -}}
{{- $registry = (dict "username" (tpl .username $rootCtx) "password" (tpl .password $rootCtx)
"email" (tpl .email $rootCtx) "auth" $auth) -}}
{{- end -}}
{{- $registryKey := tpl $objectData.data.registry $rootCtx -}}
{{- $_ := set $registrySecret "auths" (dict $registryKey $registry) -}}
{{/*
This should result in something like this:
{
"auths": {
"$registry": {
"username": "$username",
"password": "$password",
"email": "$email",
"auth": "($username:$password) base64"
}
}
}
*/}}
{{/* Return the registrySecret as Json */}}
{{- $registrySecret | toJson -}}
{{- end -}}

27
helm-charts/dashy/charts/common/templates/lib/imagePullSecret/_validation.tpl Normal file
View File

@@ -0,0 +1,27 @@
{{/* Configmap Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.imagePullSecret.validation" (dict "objectData" $objectData) -}}
objectData:
labels: The labels of the imagePullSecret.
annotations: The annotations of the imagePullSecret.
data: The data of the imagePullSecret.
*/}}
{{- define "tc.v1.common.lib.imagePullSecret.validation" -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.data -}}
{{- fail "Image Pull Secret - Expected non-empty <data>" -}}
{{- end -}}
{{- if not (kindIs "map" $objectData.data) -}}
{{- fail (printf "Image Pull Secret - Expected <data> to be a dictionary, but got [%v]" (kindOf $objectData.data)) -}}
{{- end -}}
{{- range $key := (list "username" "password" "registry" "email") -}}
{{- if not (get $objectData.data $key) -}}
{{- fail (printf "Image Pull Secret - Expected non-empty <%s>" $key) -}}
{{- end -}}
{{- end -}}
{{- end -}}

9
helm-charts/dashy/charts/common/templates/lib/metadata/_allAnnotations.tpl Normal file
View File

@@ -0,0 +1,9 @@
{{/* Annotations that are added to all objects */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.metadata.allAnnotations" $ }}
*/}}
{{- define "tc.v1.common.lib.metadata.allAnnotations" -}}
{{/* Currently empty but can add later, if needed */}}
{{- include "tc.v1.common.lib.metadata.globalAnnotations" . }}
{{- end -}}

15
helm-charts/dashy/charts/common/templates/lib/metadata/_allLabels.tpl Normal file
View File

@@ -0,0 +1,15 @@
{{/* Labels that are added to all objects */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.metadata.allLabels" $ }}
*/}}
{{- define "tc.v1.common.lib.metadata.allLabels" -}}
helm.sh/chart: {{ include "tc.v1.common.lib.chart.names.chart" . }}
helm-revision: {{ .Release.Revision | quote }}
app.kubernetes.io/name: {{ include "tc.v1.common.lib.chart.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app: {{ include "tc.v1.common.lib.chart.names.chart" . }}
release: {{ .Release.Name }}
{{- include "tc.v1.common.lib.metadata.globalLabels" . }}
{{- end -}}

52
helm-charts/dashy/charts/common/templates/lib/metadata/_externalInterfaceAnnotations.tpl Normal file
View File

@@ -0,0 +1,52 @@
{{/* External Interface Annotations that are added to podSpec */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $ "podShortName" $podShortName) }}
rootCtx is the root context of the chart
objectData is object containing the data of the pod
*/}}
{{- define "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" -}}
{{- $objectData := .objectData -}}
{{- $rootCtx := .rootCtx -}}
{{- $ifaceIndexes := list -}}
{{- range $index, $iface := $rootCtx.Values.scaleExternalInterface -}}
{{/* If targetSelectAll is set append the index */}}
{{- if .targetSelectAll -}}
{{- $ifaceIndexes = mustAppend $ifaceIndexes $index -}}
{{/* Else If targetSelector is set and pod is selected append the index */}}
{{- else if and .targetSelector (mustHas $objectData.shortName .targetSelector) -}}
{{- $ifaceIndexes = mustAppend $ifaceIndexes $index -}}
{{/* Else If none of the above, but pod is primary append the index */}}
{{- else if $objectData.primary -}}
{{- $ifaceIndexes = mustAppend $ifaceIndexes $index -}}
{{- end -}}
{{- end -}}
{{- $ifaceNames := list -}}
{{- if $rootCtx.Values.ixExternalInterfacesConfiguration -}}
{{- with $rootCtx.Values.ixExternalInterfacesConfigurationNames -}}
{{- range $ifaceName := . -}}
{{/* Get the index by splitting the iFaceName (ix-release-name-0) */}}
{{- $index := splitList "-" $ifaceName -}}
{{/* And pick the last item on the list */}}
{{- $index = mustLast $index -}}
{{/* If the index is in the list of indexes to be added, append the name */}}
{{- if mustHas (int $index) $ifaceIndexes -}}
{{- $ifaceNames = mustAppend $ifaceNames $ifaceName -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- fail "External Interface - Expected non empty <ixExternalInterfaceConfigurationNames>" -}}
{{- end -}}
{{- end -}}
{{/* If we have ifaceNames, then add the annotations to the pod calling this template */}}
{{- if $ifaceNames }}
k8s.v1.cni.cncf.io/networks: {{ join ", " $ifaceNames }}
{{- end -}}
{{- end -}}

6
helm-charts/dashy/charts/common/templates/lib/metadata/_globalAnnotations.tpl Normal file
View File

@@ -0,0 +1,6 @@
{{/* Returns the global annotations */}}
{{- define "tc.v1.common.lib.metadata.globalAnnotations" -}}
{{- include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" .Values.global.annotations) -}}
{{- end -}}

6
helm-charts/dashy/charts/common/templates/lib/metadata/_globalLabels.tpl Normal file
View File

@@ -0,0 +1,6 @@
{{/* Returns the global labels */}}
{{- define "tc.v1.common.lib.metadata.globalLabels" -}}
{{- include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" .Values.global.labels) -}}
{{- end -}}

35
helm-charts/dashy/charts/common/templates/lib/metadata/_namespace.tpl Normal file
View File

@@ -0,0 +1,35 @@
{{- define "tc.v1.common.lib.metadata.namespace" -}}
{{- $caller := .caller -}}
{{- $objectData := .objectData -}}
{{- $rootCtx := .rootCtx -}}
{{- $namespace := $rootCtx.Release.Namespace -}}
{{- with $rootCtx.Values.global.namespace -}}
{{- $namespace = tpl . $rootCtx -}}
{{- end -}}
{{- with $rootCtx.Values.namespace -}}
{{- $namespace = tpl . $rootCtx -}}
{{- end -}}
{{- with $objectData.namespace -}}
{{- $namespace = tpl . $rootCtx -}}
{{- end -}}
{{- if not (and (mustRegexMatch "^[a-z0-9]((-?[a-z0-9]-?)*[a-z0-9])?$" $namespace) (le (len $namespace) 63)) -}}
{{- fail (printf "%s - Namespace [%s] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters." $caller $namespace) -}}
{{- end -}}
{{- if $rootCtx.Values.global.ixChartContext -}}
{{- if not (hasPrefix "ix-" $namespace) -}}
{{/* This is only to be used on CI that do not run in SCALE so we can skip the failure */}}
{{- if not $rootCtx.Values.global.ixChartContext.ci -}}
{{- fail (printf "%s - Namespace [%v] expected to have [ix-] prefix when installed in TrueNAS SCALE" $caller $namespace) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $namespace -}}
{{- end -}}

7
helm-charts/dashy/charts/common/templates/lib/metadata/_podAnnotations.tpl Normal file
View File

@@ -0,0 +1,7 @@
{{/* Annotations that are added to podSpec */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.metadata.podAnnotations" $ }}
*/}}
{{- define "tc.v1.common.lib.metadata.podAnnotations" -}}
rollme: {{ randAlphaNum 5 | quote }}
{{- end -}}

Some files were not shown because too many files have changed in this diff Show More