hogweed1/k8s
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new way of doin
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
root
2023-11-16 19:42:02 +10:00
parent 77ec717184
commit 1eaf295724
341 changed files with 19416 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
helm-charts/dashy/charts/common/templates/lib/_tc_capabilities.tpl Normal file
View File

@@ -0,0 +1,44 @@
{{/* Return the appropriate apiVersion for PodMonitor */}}
{{- define "tc.v1.common.capabilities.podmonitor.apiVersion" -}}
{{- print "monitoring.coreos.com/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for ServiceMonitor */}}
{{- define "tc.v1.common.capabilities.servicemonitor.apiVersion" -}}
{{- print "monitoring.coreos.com/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for PrometheusRule */}}
{{- define "tc.v1.common.capabilities.prometheusrule.apiVersion" -}}
{{- print "monitoring.coreos.com/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for Ingress */}}
{{- define "tc.v1.common.capabilities.ingress.apiVersion" -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for NetworkPolicy*/}}
{{- define "tc.v1.common.capabilities.networkpolicy.apiVersion" -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for HorizontalPodAutoscaler aka HPA*/}}
{{- define "tc.v1.common.capabilities.hpa.apiVersion" -}}
{{- print "autoscaling/v2" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for Cert-Manager certificates */}}
{{- define "tc.v1.common.capabilities.cert-manager.certificate.apiVersion" -}}
{{- print "cert-manager.io/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for Cert-Manager certificates */}}
{{- define "tc.v1.common.capabilities.cnpg.cluster.apiVersion" -}}
{{- print "postgresql.cnpg.io/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for Cert-Manager certificates */}}
{{- define "tc.v1.common.capabilities.cnpg.pooler.apiVersion" -}}
{{- print "postgresql.cnpg.io/v1" -}}
{{- end -}}

52
helm-charts/dashy/charts/common/templates/lib/chart/_names.tpl Normal file
View File

@@ -0,0 +1,52 @@
{{/* Contains functions for generating names */}}
{{/* Returns the name of the Chart */}}
{{- define "tc.v1.common.lib.chart.names.name" -}}
{{- .Chart.Name | lower | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* Returns the fullname of the Chart */}}
{{- define "tc.v1.common.lib.chart.names.fullname" -}}
{{- $name := include "tc.v1.common.lib.chart.names.name" . -}}
{{- if contains $name .Release.Name -}}
{{- $name = .Release.Name -}}
{{- else -}}
{{- $name = printf "%s-%s" .Release.Name $name -}}
{{- end -}}
{{- $name | lower | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* Returns the fqdn of the Chart */}}
{{- define "tc.v1.common.lib.chart.names.fqdn" -}}
{{- printf "%s.%s" (include "tc.v1.common.lib.chart.names.name" .) .Release.Namespace | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* Validates names */}}
{{- define "tc.v1.common.lib.chart.names.validation" -}}
{{- $name := .name -}}
{{- $length := .length -}}
{{- if not $length -}}
{{- $length = 63 -}}
{{- end -}}
{{- if not (and (mustRegexMatch "^[a-z0-9]((-?[a-z0-9]-?)*[a-z0-9])?$" $name) (le (len $name) $length)) -}}
{{- fail (printf "Name [%s] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most %v characters." $name $length) -}}
{{- end -}}
{{- end -}}
{{/* Create chart name and version as used by the chart label */}}
{{- define "tc.v1.common.lib.chart.names.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

21
helm-charts/dashy/charts/common/templates/lib/chart/_notes.tpl Normal file
View File

@@ -0,0 +1,21 @@
{{- define "tc.v1.common.lib.chart.notes" -}}
{{- include "tc.v1.common.lib.chart.header" . -}}
{{- include "tc.v1.common.lib.chart.custom" . -}}
{{- include "tc.v1.common.lib.chart.footer" . -}}
{{- end -}}
{{- define "tc.v1.common.lib.chart.header" -}}
{{- tpl $.Values.notes.header $ | nindent 0 }}
{{- end -}}
{{- define "tc.v1.common.lib.chart.custom" -}}
{{- tpl $.Values.notes.custom $ | nindent 0 }}
{{- end -}}
{{- define "tc.v1.common.lib.chart.footer" -}}
{{- tpl $.Values.notes.footer $ | nindent 0 }}
{{- end -}}

9
helm-charts/dashy/charts/common/templates/lib/cnpg/_poolerMetrics.tpl Normal file
View File

@@ -0,0 +1,9 @@
{{- define "tc.v1.common.lib.cnpg.metrics.pooler" -}}
enabled: true
type: "podmonitor"
selector:
matchLabels:
cnpg.io/poolerName: {{ .poolerName }}
endpoints:
- port: metrics
{{- end }}

14
helm-charts/dashy/charts/common/templates/lib/cnpg/_urlsSecret.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{- define "tc.v1.common.lib.cnpg.secret.urls" -}}
{{- $std := .std }}
{{- $nossl := .nossl }}
{{- $porthost := .porthost }}
{{- $host := .host }}
{{- $jdbc := .jdbc }}
enabled: true
data:
std: {{ $std }}
nossl: {{ $nossl }}
porthost: {{ $porthost }}
host: {{ $host }}
jdbc: {{ $jdbc }}
{{- end -}}

9
helm-charts/dashy/charts/common/templates/lib/cnpg/_userSecret.tpl Normal file
View File

@@ -0,0 +1,9 @@
{{- define "tc.v1.common.lib.cnpg.secret.user" -}}
{{- $dbPass := .dbPass }}
{{- $values := .values -}}
enabled: true
type: kubernetes.io/basic-auth
data:
username: {{ $values.user }}
password: {{ $dbPass }}
{{- end -}}

21
helm-charts/dashy/charts/common/templates/lib/configmap/_validation.tpl Normal file
View File

@@ -0,0 +1,21 @@
{{/* Configmap Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.configmap.validation" (dict "objectData" $objectData) -}}
objectData:
labels: The labels of the configmap.
annotations: The annotations of the configmap.
data: The data of the configmap.
*/}}
{{- define "tc.v1.common.lib.configmap.validation" -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.data -}}
{{- fail "ConfigMap - Expected non-empty <data>" -}}
{{- end -}}
{{- if not (kindIs "map" $objectData.data) -}}
{{- fail (printf "ConfigMap - Expected <data> to be a dictionary, but got [%v]" (kindOf $objectData.data)) -}}
{{- end -}}
{{- end -}}

22
helm-charts/dashy/charts/common/templates/lib/container/_args.tpl Normal file
View File

@@ -0,0 +1,22 @@
{{/* Returns args list */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.args" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.args" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- range $key := (list "args" "extraArgs") -}}
{{- with (get $objectData $key) -}}
{{- if kindIs "string" . }}
- {{ tpl . $rootCtx | quote }}
{{- else if kindIs "slice" . -}}
{{- range $arg := . }}
- {{ tpl $arg $rootCtx | quote }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

18
helm-charts/dashy/charts/common/templates/lib/container/_command.tpl Normal file
View File

@@ -0,0 +1,18 @@
{{/* Returns command list */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.command" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.command" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- if kindIs "string" $objectData.command }}
- {{ tpl $objectData.command $rootCtx | quote }}
{{- else if kindIs "slice" $objectData.command -}}
{{- range $objectData.command }}
- {{ tpl . $rootCtx | quote }}
{{- end -}}
{{- end -}}
{{- end -}}

108
helm-charts/dashy/charts/common/templates/lib/container/_env.tpl Normal file
View File

@@ -0,0 +1,108 @@
{{/* Returns Env */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.env" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.env" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- range $k, $v := $objectData.env -}}
{{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "env" "key" $k) }}
- name: {{ $k | quote }}
{{- if not (kindIs "map" $v) -}}
{{- $value := "" -}}
{{- if not (kindIs "invalid" $v) -}} {{/* Only tpl non-empty values */}}
{{- $value = $v -}}
{{- if kindIs "string" $v -}}
{{- $value = tpl $v $rootCtx -}}
{{- end -}}
{{- end }}
value: {{ include "tc.v1.common.helper.makeIntOrNoop" $value | quote }}
{{- else if kindIs "map" $v }}
valueFrom:
{{- $refs := (list "configMapKeyRef" "secretKeyRef" "fieldRef") -}}
{{- if or (ne (len ($v | keys)) 1) (not (mustHas ($v | keys | first) $refs)) -}}
{{- fail (printf "Container - Expected <env> with a ref to have one of [%s], but got [%s]" (join ", " $refs) (join ", " ($v | keys | sortAlpha))) -}}
{{- end -}}
{{- $name := "" -}}
{{- range $key := (list "configMapKeyRef" "secretKeyRef") -}}
{{- if hasKey $v $key }}
{{ $key }}:
{{- $obj := get $v $key -}}
{{- if not $obj.name -}}
{{- fail (printf "Container - Expected non-empty <env.%s.name>" $key) -}}
{{- end -}}
{{- if not $obj.key -}}
{{- fail (printf "Container - Expected non-empty <env.%s.key>" $key) -}}
{{- end }}
key: {{ $obj.key | quote }}
{{- $name = tpl $obj.name $rootCtx -}}
{{- $expandName := true -}}
{{- if (hasKey $obj "expandObjectName") -}}
{{- if not (kindIs "invalid" $obj.expandObjectName) -}}
{{- $expandName = $obj.expandObjectName -}}
{{- else -}}
{{- fail (printf "Container - Expected the defined key [expandObjectName] in <env.%s> to not be empty" $k) -}}
{{- end -}}
{{- end -}}
{{- if kindIs "string" $expandName -}}
{{- $expandName = tpl $expandName $rootCtx -}}
{{/* After tpl it becomes a string, not a bool */}}
{{- if eq $expandName "true" -}}
{{- $expandName = true -}}
{{- else if eq $expandName "false" -}}
{{- $expandName = false -}}
{{- end -}}
{{- end -}}
{{- if $expandName -}}
{{- $item := ($key | trimSuffix "KeyRef" | lower) -}}
{{- $data := (get $rootCtx.Values $item) -}}
{{- $data = (get $data $name) -}}
{{- if not $data -}}
{{- fail (printf "Container - Expected in <env> the referenced %s [%s] to be defined" (camelcase $item) $name) -}}
{{- end -}}
{{- $found := false -}}
{{- range $k, $v := $data.data -}}
{{- if eq $k $obj.key -}}
{{- $found = true -}}
{{- end -}}
{{- end -}}
{{- if not $found -}}
{{- fail (printf "Container - Expected in <env> the referenced key [%s] in %s [%s] to be defined" $obj.key (camelcase $item) $name) -}}
{{- end -}}
{{- $name = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $name) -}}
{{- end }}
name: {{ $name | quote }}
{{- end -}}
{{- end -}}
{{- if hasKey $v "fieldRef" }}
fieldRef:
{{- if not $v.fieldRef.fieldPath -}}
{{- fail "Container - Expected non-empty <env.fieldRef.fieldPath>" -}}
{{- end }}
fieldPath: {{ $v.fieldRef.fieldPath | quote }}
{{- if $v.fieldRef.apiVersion }}
apiVersion: {{ $v.fieldRef.apiVersion | quote }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

74
helm-charts/dashy/charts/common/templates/lib/container/_envFrom.tpl Normal file
View File

@@ -0,0 +1,74 @@
{{/* Returns Env From */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.envFrom" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.envFrom" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $refs := (list "configMapRef" "secretRef") -}}
{{- range $envFrom := $objectData.envFrom -}}
{{- if and (not $envFrom.secretRef) (not $envFrom.configMapRef) -}}
{{- fail (printf "Container - Expected <envFrom> entry to have one of [%s]" (join ", " $refs)) -}}
{{- end -}}
{{- if and $envFrom.secretRef $envFrom.configMapRef -}}
{{- fail (printf "Container - Expected <envFrom> entry to have only one of [%s], but got both" (join ", " $refs)) -}}
{{- end -}}
{{- range $ref := $refs -}}
{{- with (get $envFrom $ref) -}}
{{- if not .name -}}
{{- fail (printf "Container - Expected non-empty <envFrom.%s.name>" $ref) -}}
{{- end -}}
{{- $objectName := tpl .name $rootCtx -}}
{{- $expandName := true -}}
{{- if (hasKey . "expandObjectName") -}}
{{- if not (kindIs "invalid" .expandObjectName) -}}
{{- $expandName = .expandObjectName -}}
{{- else -}}
{{- fail (printf "Container - Expected the defined key [expandObjectName] in <envFrom.%s> to not be empty" $ref) -}}
{{- end -}}
{{- end -}}
{{- if kindIs "string" $expandName -}}
{{- $expandName = tpl $expandName $rootCtx -}}
{{/* After tpl it becomes a string, not a bool */}}
{{- if eq $expandName "true" -}}
{{- $expandName = true -}}
{{- else if eq $expandName "false" -}}
{{- $expandName = false -}}
{{- end -}}
{{- end -}}
{{- if $expandName -}}
{{- $object := dict -}}
{{- $source := "" -}}
{{- if eq $ref "configMapRef" -}}
{{- $object = (get $rootCtx.Values.configmap $objectName) -}}
{{- $source = "ConfigMap" -}}
{{- else if eq $ref "secretRef" -}}
{{- $object = (get $rootCtx.Values.secret $objectName) -}}
{{- $source = "Secret" -}}
{{- end -}}
{{- if not $object -}}
{{- fail (printf "Container - Expected %s [%s] defined in <envFrom> to exist" $source $objectName) -}}
{{- end -}}
{{- range $k, $v := $object.data -}}
{{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" (printf "%s - %s" $source $objectName) "key" $k) -}}
{{- end -}}
{{- $objectName = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $objectName) -}}
{{- end }}
- {{ $ref }}:
name: {{ $objectName | quote }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

23
helm-charts/dashy/charts/common/templates/lib/container/_envList.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/* Returns Env List */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.envList" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.envList" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- range $env := $objectData.envList -}}
{{- if not $env.name -}}
{{- fail "Container - Expected non-empty <envList.name>" -}}
{{- end -}} {{/* Empty value is valid */}}
{{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "envList" "key" $env.name) -}}
{{- $value := $env.value -}}
{{- if kindIs "string" $env.value -}}
{{- $value = tpl $env.value $rootCtx -}}
{{- end }}
- name: {{ $env.name | quote }}
value: {{ include "tc.v1.common.helper.makeIntOrNoop" $value | quote }}
{{- end -}}
{{- end -}}

75
helm-charts/dashy/charts/common/templates/lib/container/_fixedEnv.tpl Normal file
View File

@@ -0,0 +1,75 @@
{{/* Returns Fixed Env */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.fixedEnv" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.fixedEnv" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{/* Avoid nil pointers */}}
{{- if not (hasKey $objectData "fixedEnv") -}}
{{- $_ := set $objectData "fixedEnv" dict -}}
{{- end -}}
{{- $nvidiaCaps := $rootCtx.Values.containerOptions.NVIDIA_CAPS -}}
{{- if $objectData.fixedEnv.NVIDIA_CAPS -}}
{{- $nvidiaCaps = $objectData.fixedEnv.NVIDIA_CAPS -}}
{{- end -}}
{{- if not (deepEqual $nvidiaCaps (mustUniq $nvidiaCaps)) -}}
{{- fail (printf "Container - Expected <fixedEnv.NVIDIA_CAPS> to have only unique values, but got [%s]" (join ", " $nvidiaCaps)) -}}
{{- end -}}
{{- $caps := (list "all" "compute" "utility" "graphics" "video") -}}
{{- range $cap := $nvidiaCaps -}}
{{- if not (mustHas $cap $caps) -}}
{{- fail (printf "Container - Expected <fixedEnv.NVIDIA_CAPS> entry to be one of [%s], but got [%s]" (join ", " $caps) $cap) -}}
{{- end -}}
{{- end -}}
{{- $secContext := fromJson (include "tc.v1.common.lib.container.securityContext.calculate" (dict "rootCtx" $rootCtx "objectData" $objectData)) -}}
{{- $fixed := list -}}
{{- $TZ := $objectData.fixedEnv.TZ | default $rootCtx.Values.TZ -}}
{{- $UMASK := $objectData.fixedEnv.UMASK | default $rootCtx.Values.securityContext.container.UMASK -}}
{{- $PUID := $objectData.fixedEnv.PUID | default $rootCtx.Values.securityContext.container.PUID -}}
{{- if and (not (kindIs "invalid" $objectData.fixedEnv.PUID)) (eq (int $objectData.fixedEnv.PUID) 0) -}}
{{- $PUID = $objectData.fixedEnv.PUID -}}
{{- end -}}
{{/* calculatedFSGroup is passed from the pod */}}
{{- $PGID := $objectData.calculatedFSGroup -}}
{{- $fixed = mustAppend $fixed (dict "k" "TZ" "v" $TZ) -}}
{{- $fixed = mustAppend $fixed (dict "k" "UMASK" "v" $UMASK) -}}
{{- $fixed = mustAppend $fixed (dict "k" "UMASK_SET" "v" $UMASK) -}}
{{/* TODO: Offer gpu section in resources for native helm and adjust this include, then we can remove the "if inside ixChartContext" */}}
{{- if eq (include "tc.v1.common.lib.container.resources.gpu" (dict "rootCtx" $rootCtx "objectData" $objectData "returnBool" true)) "true" -}}
{{- $fixed = mustAppend $fixed (dict "k" "NVIDIA_DRIVER_CAPABILITIES" "v" (join "," $nvidiaCaps)) -}}
{{- else -}} {{/* Only when in SCALE */}}
{{- if hasKey $rootCtx.Values.global "ixChartContext" -}}
{{- $fixed = mustAppend $fixed (dict "k" "NVIDIA_VISIBLE_DEVICES" "v" "void") -}}
{{- end -}}
{{- end -}}
{{/* If running as root and PUID is set (0 or greater), set related envs */}}
{{- if and (or (eq (int $secContext.runAsUser) 0) (eq (int $secContext.runAsGroup) 0)) (ge (int $PUID) 0) -}}
{{- $fixed = mustAppend $fixed (dict "k" "PUID" "v" $PUID) -}}
{{- $fixed = mustAppend $fixed (dict "k" "USER_ID" "v" $PUID) -}}
{{- $fixed = mustAppend $fixed (dict "k" "UID" "v" $PUID) -}}
{{- $fixed = mustAppend $fixed (dict "k" "PGID" "v" $PGID) -}}
{{- $fixed = mustAppend $fixed (dict "k" "GROUP_ID" "v" $PGID) -}}
{{- $fixed = mustAppend $fixed (dict "k" "GID" "v" $PGID) -}}
{{- end -}}
{{/* If rootFS is readOnly OR does not as root, let s6 containers to know that fs is readonly */}}
{{- if or $secContext.readOnlyRootFilesystem $secContext.runAsNonRoot -}}
{{- $fixed = mustAppend $fixed (dict "k" "S6_READ_ONLY_ROOT" "v" "1") -}}
{{- end -}}
{{- range $env := $fixed -}}
{{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "fixedEnv" "key" $env.k) }}
- name: {{ $env.k | quote }}
value: {{ (include "tc.v1.common.helper.makeIntOrNoop" $env.v) | quote }}
{{- end -}}
{{- end -}}

42
helm-charts/dashy/charts/common/templates/lib/container/_imageSelector.tpl Normal file
View File

@@ -0,0 +1,42 @@
{{/* Returns the image dictionary */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.imageSelector" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.imageSelector" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $imageObj := dict -}}
{{- $selector := "image" -}}
{{- with $objectData.imageSelector -}}
{{- $selector = tpl . $rootCtx -}}
{{- end -}}
{{- if hasKey $rootCtx.Values $selector -}}
{{- $imageObj = get $rootCtx.Values $selector -}}
{{- else -}}
{{- fail (printf "Container - Expected <.Values.%s> to exist" $selector) -}}
{{- end -}}
{{- if not $imageObj.repository -}}
{{- fail (printf "Container - Expected non-empty <.Values.%s.repository>" $selector) -}}
{{- end -}}
{{- if not $imageObj.tag -}}
{{- fail (printf "Container - Expected non-empty <.Values.%s.tag>" $selector) -}}
{{- end -}}
{{- if not $imageObj.pullPolicy -}}
{{- $_ := set $imageObj "pullPolicy" "IfNotPresent" -}}
{{- end -}}
{{- $policies := (list "IfNotPresent" "Always" "Never") -}}
{{- if not (mustHas $imageObj.pullPolicy $policies) -}}
{{- fail (printf "Container - Expected <.Values.%s.pullPolicy> to be one of [%s], but got [%s]" $selector (join ", " $policies) $imageObj.pullPolicy) -}}
{{- end -}}
{{- $imageObj | toJson -}}
{{- end -}}

37
helm-charts/dashy/charts/common/templates/lib/container/_lifecycle.tpl Normal file
View File

@@ -0,0 +1,37 @@
{{/* Returns lifecycle */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.lifecycle" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.lifecycle" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $hooks := (list "preStop" "postStart") -}}
{{- $types := (list "exec" "http" "https") -}}
{{- with $objectData.lifecycle -}}
{{- range $hook, $hookValues := . -}}
{{- if not (mustHas $hook $hooks) -}}
{{- fail (printf "Container - Expected <lifecycle> <hook> to be one of [%s], but got [%s]" (join ", " $hooks) $hook) -}}
{{- end -}}
{{- if not $hookValues.type -}}
{{- fail "Container - Expected non-empty <lifecycle> <type>" -}}
{{- end -}}
{{- if not (mustHas $hookValues.type $types) -}}
{{- fail (printf "Container - Expected <lifecycle> <type> to be one of [%s], but got [%s]" (join ", " $types) $hookValues.type) -}}
{{- end }}
{{ $hook }}:
{{- if eq $hookValues.type "exec" -}}
{{- include "tc.v1.common.lib.container.actions.exec" (dict "rootCtx" $rootCtx "objectData" $hookValues "caller" "lifecycle") | trim | nindent 2 -}}
{{- else if mustHas $hookValues.type (list "http" "https") -}}
{{- include "tc.v1.common.lib.container.actions.httpGet" (dict "rootCtx" $rootCtx "objectData" $hookValues "caller" "lifecycle") | trim | nindent 2 -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

87
helm-charts/dashy/charts/common/templates/lib/container/_ports.tpl Normal file
View File

@@ -0,0 +1,87 @@
{{/* Returns ports list */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.ports" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.ports" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- range $serviceName, $serviceValues := $rootCtx.Values.service -}}
{{- $podSelected := false -}}
{{/* If service is enabled... */}}
{{- if $serviceValues.enabled -}}
{{/* If there is a selector */}}
{{- if $serviceValues.targetSelector -}}
{{/* And pod is selected */}}
{{- if eq $serviceValues.targetSelector $objectData.podShortName -}}
{{- $podSelected = true -}}
{{- end -}}
{{- else -}}
{{/* If no selector is defined but pod is primary */}}
{{- if $objectData.podPrimary -}}
{{- $podSelected = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $podSelected -}}
{{- range $portName, $portValues := $serviceValues.ports -}}
{{- $containerSelected := false -}}
{{/* If service is enabled... */}}
{{- if $portValues.enabled -}}
{{/* If there is a selector */}}
{{- if $portValues.targetSelector -}}
{{/* And container is selected */}}
{{- if eq $portValues.targetSelector $objectData.shortName -}}
{{- $containerSelected = true -}}
{{- end -}}
{{- else -}}
{{/* If no selector is defined but container is primary */}}
{{- if $objectData.primary -}}
{{- $containerSelected = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* If the container is selected render port */}}
{{- if $containerSelected -}}
{{- $containerPort := $portValues.targetPort | default $portValues.port -}}
{{- if kindIs "string" $containerPort -}}
{{- $containerPort = (tpl $containerPort $rootCtx) -}}
{{- end -}}
{{- $tcpProtocols := (list "tcp" "http" "https") -}}
{{- $protocol := tpl ($portValues.protocol | default $rootCtx.Values.fallbackDefaults.serviceProtocol) $rootCtx -}}
{{- if mustHas $protocol $tcpProtocols -}}
{{- $protocol = "tcp" -}}
{{- end }}
- name: {{ $portName }}
containerPort: {{ $containerPort }}
protocol: {{ $protocol | upper }}
{{- with $portValues.hostPort }}
hostPort: {{ . }}
{{- else }}
hostPort: null
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Turning hostNetwork on, it creates hostPort automatically and turning it back off does not remove them. Setting hostPort explicitly to null will remove them.
There are still cases that hostPort is not removed, for example, if you have a TCP and UDP port with the same number. Only the TCPs hostPort will be removed.
Also note that setting hostPort to null always, it will NOT affect hostNetwork, as it will still create the hostPorts.
It only helps to remove them when hostNetwork is turned off.
*/}}

40
helm-charts/dashy/charts/common/templates/lib/container/_primaryValidation.tpl Normal file
View File

@@ -0,0 +1,40 @@
{{/* Containers Basic Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.primaryValidation" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
*/}}
{{- define "tc.v1.common.lib.container.primaryValidation" -}}
{{- $objectData := .objectData -}}
{{- $rootCtx := .rootCtx -}}
{{/* Initialize values */}}
{{- $hasPrimary := false -}}
{{- $hasEnabled := false -}}
{{/* Go over the contaienrs */}}
{{- range $name, $container := $objectData.podSpec.containers -}}
{{/* If container is enabled */}}
{{- if $container.enabled -}}
{{- $hasEnabled = true -}}
{{/* And container is primary */}}
{{- if and (hasKey $container "primary") ($container.primary) -}}
{{/* Fail if there is already a primary container */}}
{{- if $hasPrimary -}}
{{- fail "Container - Only one container can be primary per workload" -}}
{{- end -}}
{{- $hasPrimary = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Require at least one primary container, if any enabled */}}
{{- if and $hasEnabled (not $hasPrimary) -}}
{{- fail "Container - At least one enabled container must be primary per workload" -}}
{{- end -}}
{{- end -}}

98
helm-charts/dashy/charts/common/templates/lib/container/_probes.tpl Normal file
View File

@@ -0,0 +1,98 @@
{{/* Returns Probes */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.probes" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.probes" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $probeNames := (list "liveness" "readiness" "startup") -}}
{{- $probeTypes := (list "http" "https" "tcp" "grpc" "exec") -}}
{{- if not $objectData.probes -}}
{{- fail "Container - Expected non-empty <probes>" -}}
{{- end -}}
{{- range $key := $probeNames -}}
{{- if not (get $objectData.probes $key) -}}
{{- fail (printf "Container - Expected <probes.%s> to be defined" $key) -}}
{{- end -}}
{{- end -}}
{{- range $probeName, $probe := $objectData.probes -}}
{{- if not (mustHas $probeName $probeNames) -}}
{{- fail (printf "Container - Expected probe to be one of [%s], but got [%s]" (join ", " $probeNames) $probeName) -}}
{{- end -}}
{{- $isEnabled := true -}}
{{- if kindIs "bool" $probe.enabled -}}
{{- $isEnabled = $probe.enabled -}}
{{- end -}}
{{- if $isEnabled -}}
{{- $probeType := $rootCtx.Values.fallbackDefaults.probeType -}}
{{- with $probe.type -}}
{{- $probeType = tpl . $rootCtx -}}
{{- end -}}
{{- if not (mustHas $probeType $probeTypes) -}}
{{- fail (printf "Container - Expected probe type to be one of [%s], but got [%s]" (join ", " $probeTypes) $probeType) -}}
{{- end }}
{{ $probeName }}Probe:
{{- if (mustHas $probeType (list "http" "https")) -}}
{{- include "tc.v1.common.lib.container.actions.httpGet" (dict "rootCtx" $rootCtx "objectData" $probe "caller" "probes") | trim | nindent 2 -}}
{{- else if eq $probeType "tcp" -}}
{{- include "tc.v1.common.lib.container.actions.tcpSocket" (dict "rootCtx" $rootCtx "objectData" $probe "caller" "probes") | trim | nindent 2 -}}
{{- else if eq $probeType "grpc" -}}
{{- include "tc.v1.common.lib.container.actions.grpc" (dict "rootCtx" $rootCtx "objectData" $probe "caller" "probes") | trim | nindent 2 -}}
{{- else if eq $probeType "exec" -}}
{{- include "tc.v1.common.lib.container.actions.exec" (dict "rootCtx" $rootCtx "objectData" $probe "caller" "probes") | trim | nindent 2 -}}
{{- end -}}
{{- include "tc.v1.common.lib.container.probeTimeouts" (dict "rootCtx" $rootCtx "objectData" $probe "probeName" $probeName) | trim | nindent 2 -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Returns Probe Timeouts */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.probeTimeouts" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.probeTimeouts" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $probeName := .probeName -}}
{{- $timeouts := mustDeepCopy (get $rootCtx.Values.fallbackDefaults.probeTimeouts $probeName) -}}
{{- if $objectData.spec -}} {{/* Overwrite with defined timeouts */}}
{{- $timeouts = mustMergeOverwrite $timeouts $objectData.spec -}}
{{- end -}}
{{- $keys := (list "initialDelaySeconds" "failureThreshold" "successThreshold" "timeoutSeconds" "periodSeconds") -}}
{{- range $key := $keys -}}
{{- $number := get $timeouts $key -}}
{{- if not (mustHas (kindOf $number) (list "float64" "int" "int64")) -}}
{{- fail (printf "Container - Expected <probes> <%s> to be a number, but got [%v]" $key $number) -}}
{{- end -}}
{{- end -}}
{{- if mustHas $probeName (list "liveness" "startup") -}}
{{- if ne (int $timeouts.successThreshold) 1 -}}
{{- fail (printf "Container - Expected <probes> <successThreshold> to be 1 on [%s] probe" $probeName) -}}
{{- end -}}
{{- end }}
initialDelaySeconds: {{ $timeouts.initialDelaySeconds }}
failureThreshold: {{ $timeouts.failureThreshold }}
successThreshold: {{ $timeouts.successThreshold }}
timeoutSeconds: {{ $timeouts.timeoutSeconds }}
periodSeconds: {{ $timeouts.periodSeconds }}
{{- end -}}

140
helm-charts/dashy/charts/common/templates/lib/container/_resources.tpl Normal file
View File

@@ -0,0 +1,140 @@
{{/* Returns Resources */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.resources" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.resources" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $resources := mustDeepCopy $rootCtx.Values.resources -}}
{{- if $objectData.resources -}}
{{- $resources = mustMergeOverwrite $resources $objectData.resources -}}
{{- end -}}
{{- include "tc.v1.common.lib.container.resources.validation" (dict "resources" $resources) -}}
requests:
cpu: {{ $resources.requests.cpu }}
memory: {{ $resources.requests.memory }}
{{- if $resources.limits }}
limits:
{{- with $resources.limits.cpu }} {{/* Passing 0, will not render it, meaning unlimited */}}
cpu: {{ . }}
{{- end -}}
{{- with $resources.limits.memory }} {{/* Passing 0, will not render it, meaning unlimited */}}
memory: {{ . }}
{{- end -}}
{{- include "tc.v1.common.lib.container.resources.gpu" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
{{- end -}}
{{- end -}}
{{/* Returns GPU resource */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.resources.gpu" (dict "rootCtx" $rootCtx "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.resources.gpu" -}}
{{- $objectData := .objectData -}}
{{- $rootCtx := .rootCtx -}}
{{- $returnBool := .returnBool -}}
{{- $gpuResource := list -}}
{{- range $GPUValues := $rootCtx.Values.scaleGPU -}}
{{- if not $GPUValues.gpu -}}
{{- fail "Container - Expected non-empty <scaleGPU.gpu>" -}}
{{- end -}}
{{- $selected := false -}}
{{/* Parse selector if defined */}}
{{- if $GPUValues.targetSelector -}}
{{- range $podName, $containers := $GPUValues.targetSelector -}}
{{- if not $containers -}}
{{- fail "Container - Expected non-empty list under pod in <scaleGPU.targetSelector>" -}}
{{- end -}}
{{- if and (eq $podName $objectData.podShortName) (mustHas $objectData.shortName $containers) -}}
{{- $selected = true -}}
{{- end -}}
{{- end -}}
{{/* If no selector, select primary pod/container */}}
{{- else if and $objectData.podPrimary $objectData.primary -}}
{{- $selected = true -}}
{{- end -}}
{{- if $selected -}}
{{- $gpuResource = mustAppend $gpuResource $GPUValues.gpu -}}
{{- end -}}
{{- end -}}
{{- if not $returnBool -}}
{{- range $gpu := $gpuResource -}}
{{- range $k, $v := $gpu -}}
{{- if or (kindIs "invalid" $v) (eq (toString $v) "") -}}
{{- fail "Container - Expected non-empty <scaleGPU> <value>" -}}
{{- end -}} {{/* Don't try to schedule 0 GPUs */}}
{{- if gt (int $v) 0 }}
{{ $k }}: {{ $v | quote }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- if $gpuResource -}}
{{- "true" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Validates resources to match a pattern */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.resources.validation" (dict "resources" $resources) }}
rootCtx: The root context of the chart.
resources: The resources object
*/}}
{{- define "tc.v1.common.lib.container.resources.validation" -}}
{{- $resources := .resources -}}
{{/* CPU: https://regex101.com/r/D4HouI/1 */}}
{{/* MEM: https://regex101.com/r/NNPV2D/1 */}}
{{- $regex := (dict
"cpu" "^(0\\.[1-9]|[1-9][0-9]*)(\\.[0-9]|m?)$"
"memory" "^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$") -}}
{{- $errorMsg := (dict
"cpu" "(Plain Integer - eg. 1), (Float - eg. 0.5), (Milicpu - eg. 500m)"
"memory" "(Suffixed with E/P/T/G/M/K - eg. 1G), (Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi), (Plain Integer in bytes - eg. 1024), (Exponent - eg. 134e6)") -}}
{{- $resourceTypes := (list "cpu" "memory") -}}
{{- range $category := (list "requests") -}} {{/* We can also add "limits" here if we want to require them */}}
{{- if not (get $resources $category) -}}
{{- fail (printf "Container - Expected non-empty <resources.%s>" $category) -}}
{{- end -}}
{{- range $type := $resourceTypes -}}
{{- if not (get (get $resources $category) $type) -}}
{{- fail (printf "Container - Expected non-empty <resources.%s.%s>" $category $type) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- range $key := (list "requests" "limits") -}}
{{- $resourceCategory := (get $resources $key) -}}
{{- if $resourceCategory -}}
{{- range $type := $resourceTypes -}}
{{- $resourceValue := (get $resourceCategory $type) -}}
{{- if $resourceValue -}} {{/* Only try to match defined values */}}
{{- if not (mustRegexMatch (get $regex $type) (toString $resourceValue)) -}}
{{- fail (printf "Container - Expected <resources.%s.%s> to have one of the following formats [%s], but got [%s]" $key $type (get $errorMsg $type) $resourceValue) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

181
helm-charts/dashy/charts/common/templates/lib/container/_securityContext.tpl Normal file
View File

@@ -0,0 +1,181 @@
{{/* Returns Container Security Context */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.securityContext" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.securityContext" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{/* Initialize from the "global" options */}}
{{- $secContext := fromJson (include "tc.v1.common.lib.container.securityContext.calculate" (dict "rootCtx" $rootCtx "objectData" $objectData)) }}
runAsNonRoot: {{ $secContext.runAsNonRoot }}
runAsUser: {{ $secContext.runAsUser }}
runAsGroup: {{ $secContext.runAsGroup }}
readOnlyRootFilesystem: {{ $secContext.readOnlyRootFilesystem }}
allowPrivilegeEscalation: {{ $secContext.allowPrivilegeEscalation }}
privileged: {{ $secContext.privileged }}
seccompProfile:
type: {{ $secContext.seccompProfile.type }}
{{- if eq $secContext.seccompProfile.type "Localhost" }}
localhostProfile: {{ $secContext.seccompProfile.profile }}
{{- end }}
capabilities:
{{- if $secContext.capabilities.add }}
add:
{{- range $secContext.capabilities.add }}
- {{ . }}
{{- end -}}
{{- else }}
add: []
{{- end -}}
{{- if $secContext.capabilities.drop }}
drop:
{{- range $secContext.capabilities.drop }}
- {{ . }}
{{- end -}}
{{- else }}
drop: []
{{- end -}}
{{- end -}}
{{/* Calculates Container Security Context */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.securityContext.calculate" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.securityContext.calculate" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $mustPrivileged := false -}}
{{- range $persistenceName, $persistenceValues := $rootCtx.Values.persistence -}}
{{- if $persistenceValues.enabled -}}
{{- if eq $persistenceValues.type "device" -}}
{{- $volume := (fromJson (include "tc.v1.common.lib.container.volumeMount.isSelected" (dict "persistenceName" $persistenceName "persistenceValues" $persistenceValues "objectData" $objectData "key" "persistence"))) -}}
{{- if $volume -}} {{/* If a volume is returned, it means that the container has an assigned device */}}
{{- $mustPrivileged = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if not $rootCtx.Values.securityContext.container -}}
{{- fail "Container - Expected non-empty <.Values.securityContext.container>" -}}
{{- end -}}
{{/* Initialize from the "global" options */}}
{{- $secContext := mustDeepCopy $rootCtx.Values.securityContext.container -}}
{{/* Override with containers options */}}
{{- with $objectData.securityContext -}}
{{- $secContext = mustMergeOverwrite $secContext . -}}
{{- end -}}
{{/* Validations, as we might endup with null values after merge */}}
{{- range $key := (list "runAsUser" "runAsGroup") -}}
{{- $value := (get $secContext $key) -}}
{{- if not (mustHas (kindOf $value) (list "float64" "int" "int64")) -}}
{{- fail (printf "Container - Expected <securityContext.%s> to be [int], but got [%v] of type [%s]" $key $value (kindOf $value)) -}}
{{- end -}}
{{- end -}}
{{- if or (eq (int $secContext.runAsUser) 0) (eq (int $secContext.runAsGroup) 0) -}}
{{- $_ := set $secContext "runAsNonRoot" false -}}
{{- else -}}
{{- $_ := set $secContext "runAsNonRoot" true -}}
{{- end -}}
{{- if $secContext.privileged -}} {{/* When privileged is true, allowPrivilegeEscalation is required */}}
{{- $_ := set $secContext "allowPrivilegeEscalation" true -}}
{{- end -}}
{{- if $mustPrivileged -}}
{{- $_ := set $secContext "privileged" true -}}
{{- $_ := set $secContext "allowPrivilegeEscalation" true -}}
{{- $_ := set $secContext "runAsNonRoot" false -}}
{{- $_ := set $secContext "runAsUser" 0 -}}
{{- $_ := set $secContext "runAsGroup" 0 -}}
{{- end -}}
{{- range $key := (list "privileged" "allowPrivilegeEscalation" "runAsNonRoot" "readOnlyRootFilesystem") -}}
{{- $value := (get $secContext $key) -}}
{{- if not (kindIs "bool" $value) -}}
{{- fail (printf "Container - Expected <securityContext.%s> to be [bool], but got [%s] of type [%s]" $key $value (kindOf $value)) -}}
{{- end -}}
{{- end -}}
{{- if not $secContext.seccompProfile -}}
{{- fail "Container - Expected <securityContext.seccompProfile> to be defined" -}}
{{- end -}}
{{- $profiles := (list "RuntimeDefault" "Localhost" "Unconfined") -}}
{{- if not (mustHas $secContext.seccompProfile.type $profiles) -}}
{{- fail (printf "Container - Expected <securityContext.seccompProfile> to be one of [%s], but got [%s]" (join ", " $profiles) $secContext.seccompProfile.type) -}}
{{- end -}}
{{- if eq $secContext.seccompProfile.type "Localhost" -}}
{{- if not $secContext.seccompProfile.profile -}}
{{- fail "Container - Expected <securityContext.seccompProfile.profile> to be defined on type [Localhost]" -}}
{{- end -}}
{{- end -}}
{{- if not $secContext.capabilities -}}
{{- fail "Container - Expected <securityContext.capabilities> to be defined" -}}
{{- end -}}
{{- $tempObjectData := (dict "shortName" $objectData.podShortName "primary" $objectData.podPrimary) -}}
{{- $portRange := fromJson (include "tc.v1.common.lib.helpers.securityContext.getPortRange" (dict "rootCtx" $rootCtx "objectData" $tempObjectData)) -}}
{{- if and $portRange.low (le (int $portRange.low) 1024) -}} {{/* If a container wants to bind a port <= 1024 add NET_BIND_SERVICE */}}
{{- $addCap := $secContext.capabilities.add -}}
{{- if not (mustHas "NET_BIND_SERIVCE" $addCap) -}}
{{- $addCap = mustAppend $addCap "NET_BIND_SERVICE" -}}
{{- end -}}
{{- $_ := set $secContext.capabilities "add" $addCap -}}
{{- end -}}
{{/*
Most containers that run as root, is because it has to chown
files before switching to another user.
Lets add automatically the CHOWN cap.
*/}}
{{- if eq (int $secContext.runAsUser) 0 -}}
{{- if not (kindIs "bool" $secContext.capabilities.disableS6Caps) -}}
{{- fail (printf "Container - Expected <securityContext.capabilities.disableS6Caps> to be [bool], but got [%s] of type [%s]" $secContext.capabilities.disableS6Caps (kindOf $secContext.capabilities.disableS6Caps)) -}}
{{- end -}}
{{- $addCap := $secContext.capabilities.add -}}
{{- if not $secContext.capabilities.disableS6Caps -}}
{{- $addCap = mustAppend $addCap "CHOWN" -}}
{{- $addCap = mustAppend $addCap "SETUID" -}}
{{- $addCap = mustAppend $addCap "SETGID" -}}
{{- $addCap = mustAppend $addCap "FOWNER" -}}
{{- $addCap = mustAppend $addCap "DAC_OVERRIDE" -}}
{{- end -}}
{{- $_ := set $secContext.capabilities "add" $addCap -}}
{{- end -}}
{{- range $key := (list "add" "drop") -}}
{{- $item := (get $secContext.capabilities $key) -}}
{{- if not (kindIs "slice" $item) -}}
{{- fail (printf "Container - Expected <securityContext.capabilities.%s> to be [list], but got [%s]" $key (kindOf $item)) -}}
{{- end -}}
{{- range $item -}}
{{- if not (kindIs "string" .) -}}
{{- fail (printf "Container - Expected items of <securityContext.capabilities.%s> to be [string], but got [%s]" $key (kindOf .)) -}}
{{- end -}}
{{- end -}}
{{- if not (deepEqual (uniq $item) $item) -}}
{{- fail (printf "Container - Expected items of <securityContext.capabilities.%s> to be unique, but got [%s]" $key (join ", " $item)) -}}
{{- end -}}
{{- end -}}
{{- $secContext | toJson -}}
{{- end -}}

33
helm-charts/dashy/charts/common/templates/lib/container/_termination.tpl Normal file
View File

@@ -0,0 +1,33 @@
{{/* Returns termination */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.termination" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.termination" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $termination := (dict "messagePath" "" "messagePolicy" "") -}}
{{- with $objectData.termination -}}
{{- with .messagePath -}}
{{- $_ := set $termination "messagePath" (tpl . $rootCtx) -}}
{{- end -}}
{{- with .messagePolicy -}}
{{- $policy := (tpl . $rootCtx) -}}
{{- $policies := (list "File" "FallbackToLogsOnError") -}}
{{- if not (mustHas $policy $policies) -}}
{{- fail (printf "Container - Expected <termination.messagePolicy> to be one of [%s], but got [%s]" (join ", " $policies) $policy) -}}
{{- end -}}
{{- $_ := set $termination "messagePolicy" $policy -}}
{{- end -}}
{{- end -}}
{{- $termination | toJson -}}
{{- end -}}

147
helm-charts/dashy/charts/common/templates/lib/container/_volumeMounts.tpl Normal file
View File

@@ -0,0 +1,147 @@
{{/* Returns volumeMount list */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.volumeMount" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.volumeMount" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $volMounts := list -}}
{{- $codeServerIgnoredTypes := (list "configmap" "secret") -}}
{{- $keys := (list "persistence") -}}
{{- if eq $objectData.podType "StatefulSet" -}}
{{- $keys = mustAppend $keys "volumeClaimTemplates" -}}
{{- end -}}
{{- range $key := $keys -}}
{{- range $persistenceName, $persistenceValues := (get $rootCtx.Values $key) -}}
{{- if $persistenceValues.enabled -}}
{{/* Dont try to mount configmap/sercet to codeserver */}}
{{- if not (and (eq $objectData.shortName "codeserver") (mustHas $persistenceValues.type $codeServerIgnoredTypes)) -}}
{{- $volMount := (fromJson (include "tc.v1.common.lib.container.volumeMount.isSelected" (dict "persistenceName" $persistenceName "persistenceValues" $persistenceValues "objectData" $objectData "key" $key))) -}}
{{- if $volMount -}}
{{- $volMounts = mustAppend $volMounts $volMount -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- range $volMount := $volMounts -}}
{{/* Expand values */}}
{{- $_ := set $volMount "mountPath" (tpl $volMount.mountPath $rootCtx) -}}
{{- $_ := set $volMount "subPath" (tpl $volMount.subPath $rootCtx) -}}
{{- $_ := set $volMount "mountPropagation" (tpl $volMount.mountPropagation $rootCtx) -}}
{{- if not $volMount.mountPath -}}
{{- fail (printf "%s - Expected non-empty <mountPath>" (camelcase $volMount.key)) -}}
{{- end -}}
{{- if not (hasPrefix "/" $volMount.mountPath) -}}
{{- fail (printf "%s - Expected <mountPath> to start with a forward slash [/]" (camelcase $volMount.key)) -}}
{{- end -}}
{{- $propagationTypes := (list "None" "HostToContainer" "Bidirectional") -}}
{{- if and $volMount.mountPropagation (not (mustHas $volMount.mountPropagation $propagationTypes)) -}}
{{- fail (printf "%s - Expected <mountPropagation> to be one of [%s], but got [%s]" (camelcase $volMount.key) (join ", " $propagationTypes) $volMount.mountPropagation) -}}
{{- end -}}
{{- if not (kindIs "bool" $volMount.readOnly) -}}
{{- fail (printf "%s - Expected <readOnly> to be [boolean], but got [%s]" (camelcase $volMount.key) (kindOf $volMount.readOnly)) -}}
{{- end }}
- name: {{ $volMount.name }}
mountPath: {{ $volMount.mountPath }}
readOnly: {{ $volMount.readOnly }}
{{- with $volMount.subPath }}
subPath: {{ . }}
{{- end -}}
{{- with $volMount.mountPropagation }}
mountPropagation: {{ . }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "tc.v1.common.lib.container.volumeMount.isSelected" -}}
{{- $persistenceName := .persistenceName -}}
{{- $persistenceValues := .persistenceValues -}}
{{- $objectData := .objectData -}}
{{- $key := .key -}}
{{/* Initialize from the default values */}}
{{- $volMount := dict -}}
{{- $_ := set $volMount "name" $persistenceName -}}
{{- $_ := set $volMount "key" $key -}}
{{- if eq $persistenceValues.type "device" -}} {{/* On devices use the hostPath as default if mountpath is not defined */}}
{{- $_ := set $volMount "mountPath" ($persistenceValues.mountPath | default $persistenceValues.hostPath | default "") -}}
{{- else -}}
{{- $_ := set $volMount "mountPath" ($persistenceValues.mountPath | default "") -}}
{{- end -}}
{{- $_ := set $volMount "subPath" ($persistenceValues.subPath | default "") -}}
{{- $_ := set $volMount "readOnly" ($persistenceValues.readOnly | default false) -}}
{{- $_ := set $volMount "mountPropagation" ($persistenceValues.mountPropagation | default "") -}}
{{- $return := false -}}
{{/* If targetSelectAll is set, means all pods/containers */}} {{/* targetSelectAll does not make sense for vct */}}
{{- if and $persistenceValues.targetSelectAll (ne $key "volumeClaimTemplates") -}}
{{- $return = true -}}
{{/* Set custom path on autopermissions container */}}
{{- if and (eq $objectData.shortName "autopermissions") $persistenceValues.autoPermissions -}}
{{- if $persistenceValues.autoPermissions.enabled -}}
{{- $return = true -}}
{{- $_ := set $volMount "mountPath" (printf "/mounts/%v" $persistenceName) -}}
{{- end -}}
{{- end -}}
{{/* If the container is the autopermission */}}
{{- else if (eq $objectData.shortName "autopermissions") -}}
{{- if $persistenceValues.autoPermissions -}}
{{- if $persistenceValues.autoPermissions.enabled -}}
{{- $return = true -}}
{{- $_ := set $volMount "mountPath" (printf "/mounts/%v" $persistenceName) -}}
{{- end -}}
{{- end -}}
{{/* Else if selector is defined */}}
{{- else if $persistenceValues.targetSelector -}}
{{/* If pod is selected */}}
{{- if mustHas $objectData.podShortName ($persistenceValues.targetSelector | keys) -}}
{{- $selectorValues := (get $persistenceValues.targetSelector $objectData.podShortName) -}}
{{- if not (kindIs "map" $selectorValues) -}}
{{- fail (printf "%s - Expected <targetSelector.%s> to be a [dict], but got [%s]" (camelcase $key) $objectData.podShortName (kindOf $selectorValues)) -}}
{{- end -}}
{{- if not $selectorValues -}}
{{- fail (printf "%s - Expected non-empty <targetSelector.%s>" (camelcase $key) $objectData.podShortName) -}}
{{- end -}}
{{/* If container is selected */}}
{{- if or (mustHas $objectData.shortName ($selectorValues | keys)) (eq $objectData.shortName "codeserver") -}}
{{/* Merge with values that might be set for the specific container */}}
{{- $fetchedSelectorValues := (get $selectorValues $objectData.shortName) -}}
{{- if and (eq $objectData.shortName "codeserver") (not $fetchedSelectorValues) -}}
{{- $fetchedSelectorValues = (get $selectorValues ($selectorValues | keys | first)) -}}
{{- end -}}
{{- $volMount = mustMergeOverwrite $volMount $fetchedSelectorValues -}}
{{- $return = true -}}
{{- end -}}
{{- end -}}
{{/* if its the codeserver */}}
{{- else if (eq $objectData.shortName "codeserver") -}}
{{- $return = true -}}
{{/* Else if not selector, but pod and container is primary */}}
{{- else if and $objectData.podPrimary $objectData.primary -}}
{{- $return = true -}}
{{- end -}}
{{- if $return -}} {{/* If it's selected, return the volumeMount */}}
{{- $volMount | toJson -}}
{{- else -}} {{/* Else return an empty dict */}}
{{- dict | toJson -}}
{{- end -}}
{{- end -}}

18
helm-charts/dashy/charts/common/templates/lib/container/probe-lifecycle-actions/_exec.tpl Normal file
View File

@@ -0,0 +1,18 @@
{{/* Returns exec action */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.actions.exec" (dict "rootCtx" $ "objectData" $objectData "caller" $caller) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.actions.exec" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $caller := .caller -}}
{{- if not $objectData.command -}}
{{- fail (printf "Container - Expected non-empty <%s> <command> on [exec] type" $caller) -}}
{{- end }}
exec:
command:
{{- include "tc.v1.common.lib.container.command" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 4}}
{{- end -}}

23
helm-charts/dashy/charts/common/templates/lib/container/probe-lifecycle-actions/_grpc.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/* Returns grpc action */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.actions.tcpSocket" (dict "rootCtx" $ "objectData" $objectData "caller" $caller) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.actions.grpc" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $caller := .caller -}}
{{- if not $objectData.port -}}
{{- fail (printf "Container - Expected non-empty <%s> <port> on [grpc] type" $caller) -}}
{{- end -}}
{{- $port := $objectData.port -}}
{{- if kindIs "string" $port -}}
{{- $port = tpl $port $rootCtx -}}
{{- end }}
grpc:
port: {{ $port }}
{{- end -}}

53
helm-charts/dashy/charts/common/templates/lib/container/probe-lifecycle-actions/_httpGet.tpl Normal file
View File

@@ -0,0 +1,53 @@
{{/* Returns httpGet action */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.actions.httpGet" (dict "rootCtx" $ "objectData" $objectData "caller" $caller) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.actions.httpGet" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $caller := .caller -}}
{{- if not $objectData.port -}}
{{- fail (printf "Container - Expected non-empty <%s> <port> on [http] type" $caller) -}}
{{- end -}}
{{- $port := $objectData.port -}}
{{- $path := "/" -}}
{{- $scheme := "http" -}}
{{- if kindIs "string" $port -}}
{{- $port = tpl $port $rootCtx -}}
{{- end -}}
{{- with $objectData.path -}}
{{- $path = tpl . $rootCtx -}}
{{- end -}}
{{- if not (hasPrefix "/" $path) -}}
{{- fail (printf "Container - Expected <%s> <path> to start with a forward slash [/] on <http> type" $caller) -}}
{{- end -}}
{{- with $objectData.type -}}
{{- $scheme = tpl . $rootCtx -}}
{{- end }}
httpGet:
{{- with $objectData.host }}
host: {{ tpl . $rootCtx }}
{{- end }}
port: {{ $port }}
path: {{ $path }}
scheme: {{ $scheme | upper }}
{{- with $objectData.httpHeaders }}
httpHeaders:
{{- range $name, $value := . }}
{{- if not $value -}}
{{- fail "Container - Expected non-empty <value> on <httpHeaders>" -}}
{{- end }}
- name: {{ $name }}
value: {{ tpl (toString $value) $rootCtx | quote }}
{{- end -}}
{{- end -}}
{{- end -}}

23
helm-charts/dashy/charts/common/templates/lib/container/probe-lifecycle-actions/_tcpSocket.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/* Returns tcpSocket action */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.actions.tcpSocket" (dict "rootCtx" $ "objectData" $objectData "caller" $caller) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.actions.tcpSocket" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $caller := .caller -}}
{{- if not $objectData.port -}}
{{- fail (printf "Container - Expected non-empty <%s> <port> on [tcp] type" $caller) -}}
{{- end -}}
{{- $port := $objectData.port -}}
{{- if kindIs "string" $port -}}
{{- $port = tpl $port $rootCtx -}}
{{- end }}
tcpSocket:
port: {{ $port }}
{{- end -}}

55
helm-charts/dashy/charts/common/templates/lib/dependencies/_clickhouseInjector.tpl Normal file
View File

@@ -0,0 +1,55 @@
{{/*
This template generates a random password and ensures it persists across updates/edits to the chart
*/}}
{{- define "tc.v1.common.dependencies.clickhouse.secret" -}}
{{- if .Values.clickhouse.enabled -}}
{{/* Initialize variables */}}
{{- $fetchname := printf "%s-clickhousecreds" .Release.Name -}}
{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace $fetchname -}}
{{- $dbpreviousold := lookup "v1" "Secret" .Release.Namespace "clickhousecreds" -}}
{{- $dbPass := randAlphaNum 50 -}}
{{/* If there are previous secrets, fetch values and decrypt them */}}
{{- if $dbprevious -}}
{{- $dbPass = (index $dbprevious.data "clickhouse-password") | b64dec -}}
{{- else if $dbpreviousold -}}
{{- $dbPass = (index $dbpreviousold.data "clickhouse-password") | b64dec -}}
{{- end -}}
{{/* Prepare data */}}
{{- $dbHost := printf "%v-%v" .Release.Name "clickhouse" -}}
{{- $portHost := printf "%v:8123" $dbHost -}}
{{- $ping := printf "http://%v/ping" $portHost -}}
{{- $url := printf "http://%v:%v@%v/%v" .Values.clickhouse.clickhouseUsername $dbPass $portHost .Values.clickhouse.clickhouseDatabase -}}
{{- $jdbc := printf "jdbc:ch://%v/%v" $portHost -}}
{{/* Append some values to clickhouse.creds, so apps using the dep, can use them */}}
{{- $_ := set .Values.clickhouse.creds "plain" ($dbHost | quote) -}}
{{- $_ := set .Values.clickhouse.creds "plainhost" ($dbHost | quote) -}}
{{- $_ := set .Values.clickhouse.creds "clickhousePassword" ($dbPass | quote) -}}
{{- $_ := set .Values.clickhouse.creds "plainport" ($portHost | quote) -}}
{{- $_ := set .Values.clickhouse.creds "plainporthost" ($portHost | quote) -}}
{{- $_ := set .Values.clickhouse.creds "ping" ($ping | quote) -}}
{{- $_ := set .Values.clickhouse.creds "complete" ($url | quote) -}}
{{- $_ := set .Values.clickhouse.creds "jdbc" ($jdbc | quote) -}}
{{/* Create the secret (Comment also plays a role on correct formatting) */}}
enabled: true
expandObjectName: false
data:
clickhouse-password: {{ $dbPass }}
plainhost: {{ $dbHost }}
plainporthost: {{ $portHost }}
ping: {{ $ping }}
url: {{ $url }}
jdbc: {{ $jdbc }}
{{- end -}}
{{- end -}}
{{- define "tc.v1.common.dependencies.clickhouse.injector" -}}
{{- $secret := include "tc.v1.common.dependencies.clickhouse.secret" . | fromYaml -}}
{{- if $secret -}}
{{- $_ := set .Values.secret ( printf "%s-%s" .Release.Name "clickhousecreds" ) $secret -}}
{{- end -}}
{{- end -}}

387
helm-charts/dashy/charts/common/templates/lib/dependencies/_dbWait.tpl Normal file
View File

@@ -0,0 +1,387 @@
{{- define "tc.v1.common.lib.deps.wait" -}}
{{- if .Values.redis.enabled -}}
{{- $container := include "tc.v1.common.lib.deps.wait.redis" $ | fromYaml -}}
{{- if $container -}}
{{- range .Values.workload -}}
{{- if not (hasKey .podSpec "initContainers") -}}
{{- $_ := set .podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .podSpec.initContainers "redis-wait" $container -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if .Values.mariadb.enabled -}}
{{- $container := include "tc.v1.common.lib.deps.wait.mariadb" $ | fromYaml -}}
{{- if $container -}}
{{- range .Values.workload -}}
{{- if not (hasKey .podSpec "initContainers") -}}
{{- $_ := set .podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .podSpec.initContainers "mariadb-wait" $container -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if .Values.mongodb.enabled -}}
{{- $container := include "tc.v1.common.lib.deps.wait.mongodb" $ | fromYaml -}}
{{- if $container -}}
{{- range .Values.workload -}}
{{- if not (hasKey .podSpec "initContainers") -}}
{{- $_ := set .podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .podSpec.initContainers "mongodb-wait" $container -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if .Values.clickhouse.enabled -}}
{{- $container := include "tc.v1.common.lib.deps.wait.clickhouse" $ | fromYaml -}}
{{- if $container -}}
{{- range .Values.workload -}}
{{- if not (hasKey .podSpec "initContainers") -}}
{{- $_ := set .podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .podSpec.initContainers "clickhouse-wait" $container -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if .Values.solr.enabled -}}
{{- $container := include "tc.v1.common.lib.deps.wait.solr" $ | fromYaml -}}
{{- if $container -}}
{{- range .Values.workload -}}
{{- if not (hasKey .podSpec "initContainers") -}}
{{- $_ := set .podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .podSpec.initContainers "solr-wait" $container -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $result := false -}}
{{- range .Values.cnpg -}}
{{- if .enabled -}}
{{- $result = true -}}
{{- end -}}
{{- end -}}
{{- if $result -}}
{{- $container := include "tc.v1.common.lib.deps.wait.cnpg" $ | fromYaml -}}
{{- if $container -}}
{{- range $.Values.workload -}}
{{- if not (hasKey .podSpec "initContainers") -}}
{{- $_ := set .podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .podSpec.initContainers "cnpg-wait" $container -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "tc.v1.common.lib.deps.wait.redis" -}}
enabled: true
type: system
imageSelector: redisClientImage
securityContext:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
runAsNonRoot: true
allowPrivilegeEscalation: false
privileged: false
seccompProfile:
type: RuntimeDefault
capabilities:
add: []
drop:
- ALL
env:
REDIS_HOST:
secretKeyRef:
expandObjectName: false
name: '{{ printf "%s-%s" .Release.Name "rediscreds" }}'
key: plainhost
REDIS_PASSWORD:
secretKeyRef:
expandObjectName: false
name: '{{ printf "%s-%s" .Release.Name "rediscreds" }}'
key: redis-password
REDIS_PORT: "6379"
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
echo "Executing DB waits..."
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD";
export LIVE=false;
until "$LIVE";
do
response=$(
timeout -s 3 2 \
redis-cli \
-h "$REDIS_HOST" \
-p "$REDIS_PORT" \
ping
)
if [ "$response" == "PONG" ] || [ "$response" == "LOADING Redis is loading the dataset in memory" ]; then
LIVE=true
echo "$response"
echo "Redis Responded, ending initcontainer and starting main container(s)..."
else
echo "$response"
echo "Redis not responding... Sleeping for 10 sec..."
sleep 10
fi;
done
EOF
{{- end -}}
{{- define "tc.v1.common.lib.deps.wait.mariadb" -}}
enabled: true
type: system
imageSelector: mariadbClientImage
securityContext:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
runAsNonRoot: true
allowPrivilegeEscalation: false
privileged: false
seccompProfile:
type: RuntimeDefault
capabilities:
add: []
drop:
- ALL
resources:
requests:
cpu: 10m
memory: 50Mi
limits:
cpu: 4000m
memory: 8Gi
env:
MARIADB_HOST:
secretKeyRef:
expandObjectName: false
name: '{{ printf "%s-%s" .Release.Name "mariadbcreds" }}'
key: plainhost
MARIADB_ROOT_PASSWORD:
secretKeyRef:
expandObjectName: false
name: '{{ printf "%s-%s" .Release.Name "mariadbcreds" }}'
key: mariadb-root-password
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
echo "Executing DB waits..."
until
mysqladmin -uroot -h"${MARIADB_HOST}" -p"${MARIADB_ROOT_PASSWORD}" ping \
&& mysqladmin -uroot -h"${MARIADB_HOST}" -p"${MARIADB_ROOT_PASSWORD}" status;
do sleep 2;
done
EOF
{{- end -}}
{{- define "tc.v1.common.lib.deps.wait.mongodb" -}}
enabled: true
type: system
imageSelector: mongodbClientImage
securityContext:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
runAsNonRoot: true
allowPrivilegeEscalation: false
privileged: false
seccompProfile:
type: RuntimeDefault
capabilities:
add: []
drop:
- ALL
resources:
requests:
cpu: 10m
memory: 50Mi
limits:
cpu: 4000m
memory: 8Gi
env:
MONGODB_HOST:
secretKeyRef:
expandObjectName: false
name: '{{ printf "%s-%s" .Release.Name "mongodbcreds" }}'
key: plainhost
MONGODB_DATABASE: "{{ .Values.mongodb.mongodbDatabase }}"
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
echo "Executing DB waits..."
until
HOME=/config && echo "db.runCommand(\"ping\")" | mongosh --host ${MONGODB_HOST} --port 27017 ${MONGODB_DATABASE} --quiet;
do sleep 2;
done
EOF
{{- end -}}
{{- define "tc.v1.common.lib.deps.wait.clickhouse" -}}
enabled: true
type: system
imageSelector: wgetImage
securityContext:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
runAsNonRoot: true
allowPrivilegeEscalation: false
privileged: false
seccompProfile:
type: RuntimeDefault
capabilities:
add: []
drop:
- ALL
resources:
requests:
cpu: 10m
memory: 50Mi
limits:
cpu: 4000m
memory: 8Gi
env:
CLICKHOUSE_PING:
secretKeyRef:
expandObjectName: false
name: '{{ printf "%s-%s" .Release.Name "clickhousecreds" }}'
key: ping
command:
- "/bin/sh"
args:
- "-c"
- |
echo "Executing DB waits..."
until wget --quiet --tries=1 --spider "${CLICKHOUSE_PING}"; do
echo "ClickHouse - no response. Sleeping 2 seconds..."
sleep 2
done
echo "ClickHouse - accepting connections"
{{- end -}}
{{- define "tc.v1.common.lib.deps.wait.solr" -}}
enabled: true
type: system
imageSelector: wgetImage
securityContext:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
runAsNonRoot: true
allowPrivilegeEscalation: false
privileged: false
seccompProfile:
type: RuntimeDefault
capabilities:
add: []
drop:
- ALL
resources:
requests:
cpu: 10m
memory: 50Mi
limits:
cpu: 4000m
memory: 8Gi
env:
SOLR_HOST:
secretKeyRef:
expandObjectName: false
name: '{{ printf "%s-%s" .Release.Name "solrcreds" }}'
key: plainhost
SOLR_CORES: "{{ .Values.solr.solrCores }}"
SOLR_ENABLE_AUTHENTICATION: "{{ .Values.solr.solrEnableAuthentication }}"
SOLR_ADMIN_USERNAME: "{{ .Values.solr.solrUsername }}"
SOLR_ADMIN_PASSWORD:
secretKeyRef:
expandObjectName: false
name: '{{ printf "%s-%s" .Release.Name "solrcreds" }}'
key: solr-password
command:
- "/bin/sh"
args:
- "-c"
- |
echo "Executing DB waits..."
if [ "$SOLR_ENABLE_AUTHENTICATION" == "yes" ]; then
until curl --fail --user "${SOLR_ADMIN_USERNAME}":"${SOLR_ADMIN_PASSWORD}" "${SOLR_HOST}":8983/solr/"${SOLR_CORES}"/admin/ping; do
echo "Solr is not responding... Sleeping 2 seconds..."
sleep 2
done
else
until curl --fail "${SOLR_HOST}":8983/solr/"${SOLR_CORES}"/admin/ping; do
echo "Solr is not responding... Sleeping 2 seconds..."
sleep 2
done
fi
{{- end -}}
{{- define "tc.v1.common.lib.deps.wait.cnpg" -}}
enabled: true
type: system
imageSelector: postgresClientImage
securityContext:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
runAsNonRoot: true
allowPrivilegeEscalation: false
privileged: false
seccompProfile:
type: RuntimeDefault
capabilities:
add: []
drop:
- ALL
resources:
requests:
cpu: 10m
memory: 50Mi
limits:
cpu: 4000m
memory: 8Gi
command:
- "/bin/sh"
- "-c"
- |
/bin/sh <<'EOF'
{{ range $name, $cnpg := .Values.cnpg }}
{{ if $cnpg.enabled }}
echo "Executing DB waits..."
{{ $cnpgName := include "tc.v1.common.lib.chart.names.fullname" $ }}
{{ $cnpgName = printf "%v-cnpg-%v" $cnpgName $name }}
echo "Detected RW pooler, testing RW pooler availability..."
until
echo "Testing database on url: {{ $cnpgName }}-rw"
pg_isready -U {{ .user }} -d {{ .database }} -h {{ $cnpgName }}-rw
do sleep 5
done
{{ if $cnpg.acceptRO }}
echo "Detected RO pooler, testing RO pooler availability..."
until
echo "Testing database on url: {{ $cnpgName }}-ro"
pg_isready -U {{ .user }} -d {{ .database }} -h {{ $cnpgName }}-ro
do sleep 5
done
{{ end }}
{{ end }}
{{ end }}
sleep 5
EOF
{{- end -}}

66
helm-charts/dashy/charts/common/templates/lib/dependencies/_mariadbInjector.tpl Normal file
View File

@@ -0,0 +1,66 @@
{{/*
This template generates a random password and ensures it persists across updates/edits to the chart
*/}}
{{- define "tc.v1.common.dependencies.mariadb.secret" -}}
{{- if .Values.mariadb.enabled -}}
{{/* Initialize variables */}}
{{- $fetchname := printf "%s-mariadbcreds" .Release.Name -}}
{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace $fetchname -}}
{{- $dbpreviousold := lookup "v1" "Secret" .Release.Namespace "mariadbcreds" -}}
{{- $dbPass := randAlphaNum 50 -}}
{{- $rootPass := randAlphaNum 50 -}}
{{/* If there are previous secrets, fetch values and decrypt them */}}
{{- if $dbprevious -}}
{{- $dbPass = (index $dbprevious.data "mariadb-password") | b64dec -}}
{{- $rootPass = (index $dbprevious.data "mariadb-root-password") | b64dec -}}
{{- else if $dbpreviousold -}}
{{- $dbPass = (index $dbpreviousold.data "mariadb-password") | b64dec -}}
{{- $rootPass = (index $dbpreviousold.data "mariadb-root-password") | b64dec -}}
{{- end -}}
{{/* Prepare data */}}
{{- $dbhost := printf "%v-%v" .Release.Name "mariadb" -}}
{{- $portHost := printf "%v:3306" $dbhost -}}
{{- $complete := printf "sql://%v:%v@%v/%v" .Values.mariadb.mariadbUsername $dbPass $portHost .Values.mariadb.mariadbDatabase -}}
{{- $urlnossl := printf "sql://%v:%v@%v/%v?sslmode=disable" .Values.mariadb.mariadbUsername $dbPass $portHost .Values.mariadb.mariadbDatabase -}}
{{- $jdbc := printf "jdbc:sqlserver://%v/%v" $portHost .Values.mariadb.mariadbDatabase -}}
{{- $jdbcMySQL := printf "jdbc:mysql://%v/%v" $portHost .Values.mariadb.mariadbDatabase -}}
{{- $jdbcMariaDB := printf "jdbc:mariadb://%v/%v" $portHost .Values.mariadb.mariadbDatabase -}}
{{/* Append some values to mariadb.creds, so apps using the dep, can use them */}}
{{- $_ := set .Values.mariadb.creds "mariadbPassword" ($dbPass | quote) -}}
{{- $_ := set .Values.mariadb.creds "mariadbRootPassword" ($rootPass | quote) -}}
{{- $_ := set .Values.mariadb.creds "plain" ($dbhost | quote) -}}
{{- $_ := set .Values.mariadb.creds "plainhost" ($dbhost | quote) -}}
{{- $_ := set .Values.mariadb.creds "plainport" ($portHost | quote) -}}
{{- $_ := set .Values.mariadb.creds "plainporthost" ($portHost | quote) -}}
{{- $_ := set .Values.mariadb.creds "complete" ($complete | quote) -}}
{{- $_ := set .Values.mariadb.creds "urlnossl" ($urlnossl | quote) -}}
{{- $_ := set .Values.mariadb.creds "jdbc" ($jdbc | quote) -}}
{{- $_ := set .Values.mariadb.creds "jdbcmysql" ($jdbcMySQL | quote) -}}
{{- $_ := set .Values.mariadb.creds "jdbcmariadb" ($jdbcMariaDB | quote) -}}
{{/* Create the secret (Comment also plays a role on correct formatting) */}}
enabled: true
expandObjectName: false
data:
mariadb-password: {{ $dbPass }}
mariadb-root-password: {{ $rootPass }}
url: {{ $complete }}
urlnossl: {{ $urlnossl }}
plainporthost: {{ $portHost }}
plainhost: {{ $dbhost }}
jdbc: {{ $jdbc }}
jdbc-mysql: {{ $jdbcMySQL }}
jdbc-mariadb: {{ $jdbcMariaDB }}
{{- end -}}
{{- end -}}
{{- define "tc.v1.common.dependencies.mariadb.injector" -}}
{{- $secret := include "tc.v1.common.dependencies.mariadb.secret" . | fromYaml -}}
{{- if $secret -}}
{{- $_ := set .Values.secret (printf "%s-%s" .Release.Name "mariadbcreds") $secret -}}
{{- end -}}
{{- end -}}

63
helm-charts/dashy/charts/common/templates/lib/dependencies/_mongodbInjector.tpl Normal file
View File

@@ -0,0 +1,63 @@
{{/*
This template generates a random password and ensures it persists across updates/edits to the chart
*/}}
{{- define "tc.v1.common.dependencies.mongodb.secret" -}}
{{- if .Values.mongodb.enabled -}}
{{/* Initialize variables */}}
{{- $fetchname := printf "%s-mongodbcreds" .Release.Name -}}
{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace $fetchname -}}
{{- $dbpreviousold := lookup "v1" "Secret" .Release.Namespace "mongodbcreds" -}}
{{- $dbPass := randAlphaNum 50 -}}
{{- $rootPass := randAlphaNum 50 -}}
{{/* If there are previous secrets, fetch values and decrypt them */}}
{{- if $dbprevious -}}
{{- $dbPass = (index $dbprevious.data "mongodb-password") | b64dec -}}
{{- $rootPass = (index $dbprevious.data "mongodb-root-password") | b64dec -}}
{{- else if $dbpreviousold -}}
{{- $dbPass = (index $dbpreviousold.data "mongodb-password") | b64dec -}}
{{- $rootPass = (index $dbpreviousold.data "mongodb-root-password") | b64dec -}}
{{- end -}}
{{/* Prepare data */}}
{{- $dbhost := printf "%v-%v" .Release.Name "mongodb" -}}
{{- $portHost := printf "%v:27017" $dbhost -}}
{{- $jdbc := printf "jdbc:mongodb://%v/%v" $portHost .Values.mongodb.mongodbDatabase -}}
{{- $url := printf "mongodb://%v:%v@%v/%v" .Values.mongodb.mongodbUsername $dbPass $portHost .Values.mongodb.mongodbDatabase -}}
{{- $urlssl := printf "%v?ssl=true" $url -}}
{{- $urltls := printf "%v?tls=true" $url -}}
{{/* Append some values to mongodb.creds, so apps using the dep, can use them */}}
{{- $_ := set .Values.mongodb.creds "mongodbPassword" ($dbPass | quote) -}}
{{- $_ := set .Values.mongodb.creds "mongodbRootPassword" ($rootPass | quote) -}}
{{- $_ := set .Values.mongodb.creds "plain" ($dbhost | quote) -}}
{{- $_ := set .Values.mongodb.creds "plainhost" ($dbhost | quote) -}}
{{- $_ := set .Values.mongodb.creds "plainport" ($portHost | quote) -}}
{{- $_ := set .Values.mongodb.creds "plainporthost" ($portHost | quote) -}}
{{- $_ := set .Values.mongodb.creds "complete" ($url | quote) -}}
{{- $_ := set .Values.mongodb.creds "urlssl" ($urlssl | quote) -}}
{{- $_ := set .Values.mongodb.creds "urltls" ($urltls | quote) -}}
{{- $_ := set .Values.mongodb.creds "jdbc" ($jdbc | quote) -}}
{{/* Create the secret (Comment also plays a role on correct formatting) */}}
enabled: true
expandObjectName: false
data:
mongodb-password: {{ $dbPass }}
mongodb-root-password: {{ $rootPass }}
url: {{ $url }}
urlssl: {{ $urlssl }}
urltls: {{ $urltls }}
jdbc: {{ $jdbc }}
plainhost: {{ $dbhost }}
plainporthost: {{ $portHost }}
{{- end -}}
{{- end -}}
{{- define "tc.v1.common.dependencies.mongodb.injector" -}}
{{- $secret := include "tc.v1.common.dependencies.mongodb.secret" . | fromYaml -}}
{{- if $secret -}}
{{- $_ := set .Values.secret (printf "%s-%s" .Release.Name "mongodbcreds") $secret -}}
{{- end -}}
{{- end -}}

55
helm-charts/dashy/charts/common/templates/lib/dependencies/_redisInjector.tpl Normal file
View File

@@ -0,0 +1,55 @@
{{/*
This template generates a random password and ensures it persists across updates/edits to the chart
*/}}
{{- define "tc.v1.common.dependencies.redis.secret" -}}
{{- if .Values.redis.enabled -}}
{{/* Initialize variables */}}
{{- $fetchname := printf "%s-rediscreds" .Release.Name -}}
{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace $fetchname -}}
{{- $dbPass := randAlphaNum 50 -}}
{{- $dbIndex := .Values.redis.redisDatabase | default "0" -}}
{{/* If there are previous secrets, fetch values and decrypt them */}}
{{- if $dbprevious -}}
{{- $dbPass = (index $dbprevious.data "redis-password") | b64dec -}}
{{- end -}}
{{- $redisUser := .Values.redis.redisUsername -}}
{{- if not $redisUser -}}{{/* If you try to print a nil value it will print as <nil> */}}
{{- $redisUser = "" -}}
{{- end -}}
{{/* Prepare data */}}
{{- $dbHost := printf "%v-%v" .Release.Name "redis" -}}
{{- $portHost := printf "%v:6379" $dbHost -}}
{{- $url := printf "redis://%v:%v@%v/%v" $redisUser $dbPass $portHost $dbIndex -}}
{{- $hostPass := printf "%v:%v@%v" $redisUser $dbPass $dbHost -}}
{{/* Append some values to redis.creds, so apps using the dep, can use them */}}
{{- $_ := set .Values.redis.creds "redisPassword" ($dbPass | quote) -}}
{{- $_ := set .Values.redis.creds "plain" ($dbHost | quote) -}}
{{- $_ := set .Values.redis.creds "plainhost" ($dbHost | quote) -}}
{{- $_ := set .Values.redis.creds "plainport" ($portHost | quote) -}}
{{- $_ := set .Values.redis.creds "plainporthost" ($portHost | quote) -}}
{{- $_ := set .Values.redis.creds "plainhostpass" ($hostPass | quote) -}}
{{- $_ := set .Values.redis.creds "url" ($url | quote) -}}
{{/* Create the secret (Comment also plays a role on correct formatting) */}}
enabled: true
expandObjectName: false
data:
redis-password: {{ $dbPass }}
plain: {{ $dbHost }}
url: {{ $url }}
plainhostpass: {{ $hostPass }}
plainporthost: {{ $portHost }}
plainhost: {{ $dbHost }}
{{- end -}}
{{- end -}}
{{- define "tc.v1.common.dependencies.redis.injector" -}}
{{- $secret := include "tc.v1.common.dependencies.redis.secret" . | fromYaml -}}
{{- if $secret -}}
{{- $_ := set .Values.secret (printf "%s-%s" .Release.Name "rediscreds") $secret -}}
{{- end -}}
{{- end -}}

47
helm-charts/dashy/charts/common/templates/lib/dependencies/_solrInjector.tpl Normal file
View File

@@ -0,0 +1,47 @@
{{/*
This template generates a random password and ensures it persists across updates/edits to the chart
*/}}
{{- define "tc.v1.common.dependencies.solr.secret" -}}
{{- if .Values.solr.enabled -}}
{{/* Initialize variables */}}
{{- $fetchname := printf "%s-solrcreds" .Release.Name -}}
{{- $solrprevious := lookup "v1" "Secret" .Release.Namespace $fetchname -}}
{{- $solrpreviousold := lookup "v1" "Secret" .Release.Namespace "solrcreds" -}}
{{- $solrPass := randAlphaNum 50 -}}
{{/* If there are previous secrets, fetch values and decrypt them */}}
{{- if $solrprevious -}}
{{- $solrPass = (index $solrprevious.data "solr-password") | b64dec -}}
{{- else if $solrpreviousold -}}
{{- $solrPass = (index $solrpreviousold.data "solr-password") | b64dec -}}
{{- end -}}
{{/* Prepare data */}}
{{- $dbHost := printf "%v-%v" .Release.Name "solr" -}}
{{- $portHost := printf "%v:8983" $dbHost -}}
{{- $url := printf "http://%v:%v@%v/url/%v" .Values.solr.solrUsername $solrPass $portHost .Values.solr.solrCores -}}
{{/* Append some values to solr.creds, so apps using the dep, can use them */}}
{{- $_ := set .Values.solr.creds "solrPassword" ($solrPass | quote) -}}
{{- $_ := set .Values.solr.creds "plain" ($dbHost | quote) -}}
{{- $_ := set .Values.solr.creds "plainhost" ($dbHost | quote) -}}
{{- $_ := set .Values.solr.creds "portHost" ($portHost | quote) -}}
{{- $_ := set .Values.solr.creds "url" ($url | quote) -}}
{{/* Create the secret (Comment also plays a role on correct formatting) */}}
enabled: true
expandObjectName: false
data:
solr-password: {{ $solrPass }}
url: {{ $url }}
plainhost: {{ $dbHost }}
{{- end -}}
{{- end -}}
{{- define "tc.v1.common.dependencies.solr.injector" -}}
{{- $secret := include "tc.v1.common.dependencies.solr.secret" . | fromYaml -}}
{{- if $secret -}}
{{- $_ := set .Values.secret (printf "%s-%s" .Release.Name "solrcreds") $secret -}}
{{- end -}}
{{- end -}}

20
helm-charts/dashy/charts/common/templates/lib/endpoint/_addresses.tpl Normal file
View File

@@ -0,0 +1,20 @@
{{/* Endpoint - addresses */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.endpoint.addresses" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The object data of the service
*/}}
{{- define "tc.v1.common.lib.endpoint.addresses" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.externalIP -}}
{{- fail "EndpointSlice - Expected non-empty <externalIP>" -}}
{{- end -}}
{{- if not (kindIs "string" $objectData.externalIP) -}} {{/* Only single IP is supported currently on this lib */}}
{{- fail (printf "EndpointSlice - Expected <externalIP> to be a [string], but got [%s]" (kindOf $objectData.externalIP)) -}}
{{- end }}
- ip: {{ tpl $objectData.externalIP $rootCtx }}
{{- end -}}

40
helm-charts/dashy/charts/common/templates/lib/endpoint/_ports.tpl Normal file
View File

@@ -0,0 +1,40 @@
{{/* Endpoint - Ports */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.endpoint.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The object data of the service
*/}}
{{- define "tc.v1.common.lib.endpoint.ports" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $tcpProtocols := (list "tcp" "http" "https") -}}
{{- range $name, $portValues := $objectData.ports -}}
{{- if $portValues.enabled -}}
{{- $protocol := $rootCtx.Values.fallbackDefaults.serviceProtocol -}} {{/* Default to fallback protocol, if no protocol is defined */}}
{{- $port := $portValues.targetPort | default $portValues.port -}}
{{/* Expand targetPort */}}
{{- if (kindIs "string" $port) -}}
{{- $port = (tpl $port $rootCtx) -}}
{{- end -}}
{{- $port = int $port -}}
{{- with $portValues.protocol -}}
{{- $protocol = tpl . $rootCtx -}}
{{- if mustHas $protocol $tcpProtocols -}}
{{- $protocol = "tcp" -}}
{{- end -}}
{{- end }}
- name: {{ $name }}
port: {{ $port }}
protocol: {{ $protocol | upper }}
{{- with $portValues.appProtocol }}
appProtocol: {{ tpl . $rootCtx | lower }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

21
helm-charts/dashy/charts/common/templates/lib/endpointSlice/_endpoints.tpl Normal file
View File

@@ -0,0 +1,21 @@
{{/* EndpointSlice - endpoints */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.endpointslice.endpoints" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The object data of the service
*/}}
{{- define "tc.v1.common.lib.endpointslice.endpoints" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.externalIP -}}
{{- fail "EndpointSlice - Expected non-empty <externalIP>" -}}
{{- end -}}
{{- if not (kindIs "string" $objectData.externalIP) -}} {{/* Only single IP is supported currently on this lib */}}
{{- fail (printf "EndpointSlice - Expected <externalIP> to be a [string], but got [%s]" (kindOf $objectData.externalIP)) -}}
{{- end }}
- addresses:
- {{ tpl $objectData.externalIP $rootCtx }}
{{- end -}}

40
helm-charts/dashy/charts/common/templates/lib/endpointSlice/_ports.tpl Normal file
View File

@@ -0,0 +1,40 @@
{{/* EndpointSlice - Ports */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.endpointslice.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The object data of the service
*/}}
{{- define "tc.v1.common.lib.endpointslice.ports" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $tcpProtocols := (list "tcp" "http" "https") -}}
{{- range $name, $portValues := $objectData.ports -}}
{{- if $portValues.enabled -}}
{{- $protocol := $rootCtx.Values.fallbackDefaults.serviceProtocol -}} {{/* Default to fallback protocol, if no protocol is defined */}}
{{- $port := $portValues.targetPort | default $portValues.port -}}
{{/* Expand targetPort */}}
{{- if (kindIs "string" $port) -}}
{{- $port = (tpl $port $rootCtx) -}}
{{- end -}}
{{- $port = int $port -}}
{{- with $portValues.protocol -}}
{{- $protocol = tpl . $rootCtx -}}
{{- if mustHas $protocol $tcpProtocols -}}
{{- $protocol = "tcp" -}}
{{- end -}}
{{- end }}
- name: {{ $name }}
port: {{ $port }}
protocol: {{ $protocol | upper }}
{{- with $portValues.appProtocol }}
appProtocol: {{ tpl . $rootCtx | lower }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

53
helm-charts/dashy/charts/common/templates/lib/externalInterface/_validation.tpl Normal file
View File

@@ -0,0 +1,53 @@
{{/* External Interface Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.externalInterface.validation" (dict "objectData" $objectData) -}}
objectData: The object data to validate that contains the external interface configuratioon.
*/}}
{{- define "tc.v1.common.lib.externalInterface.validation" -}}
{{- $objectData := .objectData -}}
{{- if and $objectData.targetSelector (not (kindIs "slice" $objectData.targetSelector)) -}}
{{- fail (printf "External Interface - Expected <targetSelector> to be a [list], but got [%s]" (kindOf $objectData.targetSelector)) -}}
{{- end -}}
{{- if not $objectData.hostInterface -}}
{{- fail "External Interface - Expected non-empty <hostInterface>" -}}
{{- end -}}
{{- if not $objectData.ipam -}}
{{- fail "External Interface - Expected non-empty <ipam>" -}}
{{- end -}}
{{- if not $objectData.ipam.type -}}
{{- fail "External Interface - Expected non-empty <ipam.type>" -}}
{{- end -}}
{{- $types := (list "dhcp" "static") -}}
{{- if not (mustHas $objectData.ipam.type $types) -}}
{{- fail (printf "External Interface - Expected <ipam.type> to be one of [%s], but got [%s]" (join ", " $types) $objectData.ipam.type) -}}
{{- end -}}
{{- if and (or $objectData.ipam.staticIPConfigurations $objectData.ipam.staticRoutes) (ne $objectData.ipam.type "static") -}}
{{- fail "External Interface - Expected empty <ipam.staticIPConfigurations> and <ipam.staticRoutes> when <ipam.type> is not [static]" -}}
{{- end -}}
{{- if eq $objectData.ipam.type "static" -}}
{{- if not $objectData.ipam.staticIPConfigurations -}}
{{- fail "External Interface - Expected non-empty <ipam.staticIPConfigurations> when <ipam.type> is [static]" -}}
{{- end -}}
{{- with $objectData.ipam.staticRoutes -}}
{{- range . -}}
{{- if not .destination -}}
{{- fail "External Interface - Expected non-empty <destination> in <ipam.staticRoutes>" -}}
{{- end -}}
{{- if not .gateway -}}
{{- fail "External Interface - Expected non-empty <gateway> in <ipam.staticRoutes>" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

43
helm-charts/dashy/charts/common/templates/lib/imagePullSecret/_createData.tpl Normal file
View File

@@ -0,0 +1,43 @@
{{/* Configmap Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.imagePullSecret.createData" (dict "objectData" $objectData "root" $rootCtx) -}}
rootCtx: The root context of the chart.
objectData:
data: The data of the imagePullSecret.
*/}}
{{- define "tc.v1.common.lib.imagePullSecret.createData" -}}
{{- $objectData := .objectData -}}
{{- $rootCtx := .rootCtx -}}
{{- $registrySecret := dict -}}
{{/* Auth is b64encoded and then the whole secret is b64encoded */}}
{{- $auth := printf "%s:%s" (tpl $objectData.data.username $rootCtx) (tpl $objectData.data.password $rootCtx) | b64enc -}}
{{- $registry := dict -}}
{{- with $objectData.data -}}
{{- $registry = (dict "username" (tpl .username $rootCtx) "password" (tpl .password $rootCtx)
"email" (tpl .email $rootCtx) "auth" $auth) -}}
{{- end -}}
{{- $registryKey := tpl $objectData.data.registry $rootCtx -}}
{{- $_ := set $registrySecret "auths" (dict $registryKey $registry) -}}
{{/*
This should result in something like this:
{
"auths": {
"$registry": {
"username": "$username",
"password": "$password",
"email": "$email",
"auth": "($username:$password) base64"
}
}
}
*/}}
{{/* Return the registrySecret as Json */}}
{{- $registrySecret | toJson -}}
{{- end -}}

27
helm-charts/dashy/charts/common/templates/lib/imagePullSecret/_validation.tpl Normal file
View File

@@ -0,0 +1,27 @@
{{/* Configmap Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.imagePullSecret.validation" (dict "objectData" $objectData) -}}
objectData:
labels: The labels of the imagePullSecret.
annotations: The annotations of the imagePullSecret.
data: The data of the imagePullSecret.
*/}}
{{- define "tc.v1.common.lib.imagePullSecret.validation" -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.data -}}
{{- fail "Image Pull Secret - Expected non-empty <data>" -}}
{{- end -}}
{{- if not (kindIs "map" $objectData.data) -}}
{{- fail (printf "Image Pull Secret - Expected <data> to be a dictionary, but got [%v]" (kindOf $objectData.data)) -}}
{{- end -}}
{{- range $key := (list "username" "password" "registry" "email") -}}
{{- if not (get $objectData.data $key) -}}
{{- fail (printf "Image Pull Secret - Expected non-empty <%s>" $key) -}}
{{- end -}}
{{- end -}}
{{- end -}}

9
helm-charts/dashy/charts/common/templates/lib/metadata/_allAnnotations.tpl Normal file
View File

@@ -0,0 +1,9 @@
{{/* Annotations that are added to all objects */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.metadata.allAnnotations" $ }}
*/}}
{{- define "tc.v1.common.lib.metadata.allAnnotations" -}}
{{/* Currently empty but can add later, if needed */}}
{{- include "tc.v1.common.lib.metadata.globalAnnotations" . }}
{{- end -}}

15
helm-charts/dashy/charts/common/templates/lib/metadata/_allLabels.tpl Normal file
View File

@@ -0,0 +1,15 @@
{{/* Labels that are added to all objects */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.metadata.allLabels" $ }}
*/}}
{{- define "tc.v1.common.lib.metadata.allLabels" -}}
helm.sh/chart: {{ include "tc.v1.common.lib.chart.names.chart" . }}
helm-revision: {{ .Release.Revision | quote }}
app.kubernetes.io/name: {{ include "tc.v1.common.lib.chart.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app: {{ include "tc.v1.common.lib.chart.names.chart" . }}
release: {{ .Release.Name }}
{{- include "tc.v1.common.lib.metadata.globalLabels" . }}
{{- end -}}

52
helm-charts/dashy/charts/common/templates/lib/metadata/_externalInterfaceAnnotations.tpl Normal file
View File

@@ -0,0 +1,52 @@
{{/* External Interface Annotations that are added to podSpec */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $ "podShortName" $podShortName) }}
rootCtx is the root context of the chart
objectData is object containing the data of the pod
*/}}
{{- define "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" -}}
{{- $objectData := .objectData -}}
{{- $rootCtx := .rootCtx -}}
{{- $ifaceIndexes := list -}}
{{- range $index, $iface := $rootCtx.Values.scaleExternalInterface -}}
{{/* If targetSelectAll is set append the index */}}
{{- if .targetSelectAll -}}
{{- $ifaceIndexes = mustAppend $ifaceIndexes $index -}}
{{/* Else If targetSelector is set and pod is selected append the index */}}
{{- else if and .targetSelector (mustHas $objectData.shortName .targetSelector) -}}
{{- $ifaceIndexes = mustAppend $ifaceIndexes $index -}}
{{/* Else If none of the above, but pod is primary append the index */}}
{{- else if $objectData.primary -}}
{{- $ifaceIndexes = mustAppend $ifaceIndexes $index -}}
{{- end -}}
{{- end -}}
{{- $ifaceNames := list -}}
{{- if $rootCtx.Values.ixExternalInterfacesConfiguration -}}
{{- with $rootCtx.Values.ixExternalInterfacesConfigurationNames -}}
{{- range $ifaceName := . -}}
{{/* Get the index by splitting the iFaceName (ix-release-name-0) */}}
{{- $index := splitList "-" $ifaceName -}}
{{/* And pick the last item on the list */}}
{{- $index = mustLast $index -}}
{{/* If the index is in the list of indexes to be added, append the name */}}
{{- if mustHas (int $index) $ifaceIndexes -}}
{{- $ifaceNames = mustAppend $ifaceNames $ifaceName -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- fail "External Interface - Expected non empty <ixExternalInterfaceConfigurationNames>" -}}
{{- end -}}
{{- end -}}
{{/* If we have ifaceNames, then add the annotations to the pod calling this template */}}
{{- if $ifaceNames }}
k8s.v1.cni.cncf.io/networks: {{ join ", " $ifaceNames }}
{{- end -}}
{{- end -}}

6
helm-charts/dashy/charts/common/templates/lib/metadata/_globalAnnotations.tpl Normal file
View File

@@ -0,0 +1,6 @@
{{/* Returns the global annotations */}}
{{- define "tc.v1.common.lib.metadata.globalAnnotations" -}}
{{- include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" .Values.global.annotations) -}}
{{- end -}}

6
helm-charts/dashy/charts/common/templates/lib/metadata/_globalLabels.tpl Normal file
View File

@@ -0,0 +1,6 @@
{{/* Returns the global labels */}}
{{- define "tc.v1.common.lib.metadata.globalLabels" -}}
{{- include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" .Values.global.labels) -}}
{{- end -}}

35
helm-charts/dashy/charts/common/templates/lib/metadata/_namespace.tpl Normal file
View File

@@ -0,0 +1,35 @@
{{- define "tc.v1.common.lib.metadata.namespace" -}}
{{- $caller := .caller -}}
{{- $objectData := .objectData -}}
{{- $rootCtx := .rootCtx -}}
{{- $namespace := $rootCtx.Release.Namespace -}}
{{- with $rootCtx.Values.global.namespace -}}
{{- $namespace = tpl . $rootCtx -}}
{{- end -}}
{{- with $rootCtx.Values.namespace -}}
{{- $namespace = tpl . $rootCtx -}}
{{- end -}}
{{- with $objectData.namespace -}}
{{- $namespace = tpl . $rootCtx -}}
{{- end -}}
{{- if not (and (mustRegexMatch "^[a-z0-9]((-?[a-z0-9]-?)*[a-z0-9])?$" $namespace) (le (len $namespace) 63)) -}}
{{- fail (printf "%s - Namespace [%s] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters." $caller $namespace) -}}
{{- end -}}
{{- if $rootCtx.Values.global.ixChartContext -}}
{{- if not (hasPrefix "ix-" $namespace) -}}
{{/* This is only to be used on CI that do not run in SCALE so we can skip the failure */}}
{{- if not $rootCtx.Values.global.ixChartContext.ci -}}
{{- fail (printf "%s - Namespace [%v] expected to have [ix-] prefix when installed in TrueNAS SCALE" $caller $namespace) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $namespace -}}
{{- end -}}

7
helm-charts/dashy/charts/common/templates/lib/metadata/_podAnnotations.tpl Normal file
View File

@@ -0,0 +1,7 @@
{{/* Annotations that are added to podSpec */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.metadata.podAnnotations" $ }}
*/}}
{{- define "tc.v1.common.lib.metadata.podAnnotations" -}}
rollme: {{ randAlphaNum 5 | quote }}
{{- end -}}

6
helm-charts/dashy/charts/common/templates/lib/metadata/_podLabels.tpl Normal file
View File

@@ -0,0 +1,6 @@
{{/* Labels that are added to podSpec */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.metadata.podLabels" $ }}
*/}}
{{- define "tc.v1.common.lib.metadata.podLabels" -}}
{{- end -}}

37
helm-charts/dashy/charts/common/templates/lib/metadata/_render.tpl Normal file
View File

@@ -0,0 +1,37 @@
{{/* Renders a dict of labels */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) }}
{{ include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) }}
*/}}
{{- define "tc.v1.common.lib.metadata.render" -}}
{{- $labels := .labels -}}
{{- $annotations := .annotations -}}
{{- $rootCtx := .rootCtx -}}
{{- $seenLabels := list -}}
{{- $seenAnnotations := list -}}
{{- with $labels -}}
{{- range $k, $v := . -}}
{{- if and $k $v -}}
{{- if not (mustHas $k $seenLabels) }}
{{ $k }}: {{ tpl $v $rootCtx | quote }}
{{- $seenLabels = mustAppend $seenLabels $k -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- with $annotations -}}
{{- range $k, $v := . -}}
{{- if and $k $v -}}
{{- if not (mustHas $k $seenAnnotations) }}
{{ $k }}: {{ tpl $v $rootCtx | quote }}
{{- $seenAnnotations = mustAppend $seenAnnotations $k -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

16
helm-charts/dashy/charts/common/templates/lib/metadata/_selectorLabels.tpl Normal file
View File

@@ -0,0 +1,16 @@
{{/* Labels that are used on selectors */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" $objectType "objectName" $objectName) }}
podName is the "shortName" of the pod. The one you define in the .Values.workload
*/}}
{{- define "tc.v1.common.lib.metadata.selectorLabels" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectType := .objectType -}}
{{- $objectName := .objectName }}
{{- if and $objectType $objectName }}
{{ printf "%s.name" $objectType }}: {{ $objectName }}
{{- end }}
app.kubernetes.io/name: {{ include "tc.v1.common.lib.chart.names.name" $rootCtx }}
app.kubernetes.io/instance: {{ $rootCtx.Release.Name }}
{{- end -}}

22
helm-charts/dashy/charts/common/templates/lib/metadata/_validation.tpl Normal file
View File

@@ -0,0 +1,22 @@
{{/* Metadata Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" $caller) -}}
objectData:
labels: The labels of the configmap.
annotations: The annotations of the configmap.
data: The data of the configmap.
*/}}
{{- define "tc.v1.common.lib.metadata.validation" -}}
{{- $objectData := .objectData -}}
{{- $caller := .caller -}}
{{- if and $objectData.labels (not (kindIs "map" $objectData.labels)) -}}
{{- fail (printf "%s - Expected <labels> to be a dictionary, but got [%v]" $caller (kindOf $objectData.labels)) -}}
{{- end -}}
{{- if and $objectData.annotations (not (kindIs "map" $objectData.annotations)) -}}
{{- fail (printf "%s - Expected <annotations> to be a dictionary, but got [%v]" $caller (kindOf $objectData.annotations)) -}}
{{- end -}}
{{- end -}}

24
helm-charts/dashy/charts/common/templates/lib/pod/_autoMountServiceAccountToken.tpl Normal file
View File

@@ -0,0 +1,24 @@
{{/* Returns automountServiceAccountToken */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.automountServiceAccountToken" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.automountServiceAccountToken" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $automount := false -}}
{{/* Initialize from the "global" option */}}
{{- if (kindIs "bool" $rootCtx.Values.podOptions.automountServiceAccountToken) -}}
{{- $automount = $rootCtx.Values.podOptions.automountServiceAccountToken -}}
{{- end -}}
{{/* Override with pod's option */}}
{{- if (kindIs "bool" $objectData.podSpec.automountServiceAccountToken) -}}
{{- $automount = $objectData.podSpec.automountServiceAccountToken -}}
{{- end -}}
{{- $automount -}}
{{- end -}}

62
helm-charts/dashy/charts/common/templates/lib/pod/_container.tpl Normal file
View File

@@ -0,0 +1,62 @@
{{/* Returns Container */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.container" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.container" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $imageObj := fromJson (include "tc.v1.common.lib.container.imageSelector" (dict "rootCtx" $rootCtx "objectData" $objectData)) -}}
{{- $termination := fromJson (include "tc.v1.common.lib.container.termination" (dict "rootCtx" $rootCtx "objectData" $objectData)) }}
- name: {{ $objectData.name }}
image: {{ printf "%s:%s" $imageObj.repository $imageObj.tag }}
imagePullPolicy: {{ $imageObj.pullPolicy }}
tty: {{ $objectData.tty | default false }}
stdin: {{ $objectData.stdin | default false }}
{{- with (include "tc.v1.common.lib.container.command" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
command:
{{- . | nindent 4 }}
{{- end -}}
{{- with (include "tc.v1.common.lib.container.args" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
args:
{{- . | nindent 4 }}
{{- end -}}
{{- with $termination.messagePath }}
terminationMessagePath: {{ . }}
{{- end -}}
{{- with $termination.messagePolicy }}
terminationMessagePolicy: {{ . }}
{{- end -}}
{{- with (include "tc.v1.common.lib.container.lifecycle" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
lifecycle:
{{- . | nindent 4 }}
{{- end -}}
{{- with (include "tc.v1.common.lib.container.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
ports:
{{- . | nindent 4 }}
{{- end -}}
{{- with (include "tc.v1.common.lib.container.volumeMount" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
volumeMounts:
{{- . | nindent 4 }}
{{- end -}}
{{- include "tc.v1.common.lib.container.probes" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
{{- with (include "tc.v1.common.lib.container.resources" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
resources:
{{- . | nindent 4 }}
{{- end }}
securityContext:
{{- include "tc.v1.common.lib.container.securityContext" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 4 }}
{{- /* Create a dict for storing env's so it can be checked for dupes */ -}}
{{- $_ := set $objectData "envDupe" dict -}}
{{- with (include "tc.v1.common.lib.container.envFrom" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
envFrom:
{{- . | nindent 4 }}
{{- end }}
env:
{{- include "tc.v1.common.lib.container.fixedEnv" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 4 -}}
{{- include "tc.v1.common.lib.container.env" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 4 -}}
{{- include "tc.v1.common.lib.container.envList" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 4 -}}
{{- $_ := unset $objectData "envDupe" -}}
{{- end -}}

31
helm-charts/dashy/charts/common/templates/lib/pod/_containerSpawner.tpl Normal file
View File

@@ -0,0 +1,31 @@
{{/* Containers */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.containerSpawner" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.containerSpawner" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- include "tc.v1.common.lib.container.primaryValidation" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
{{- range $containerName, $containerValues := $objectData.podSpec.containers -}}
{{- if $containerValues.enabled -}}
{{- $container := (mustDeepCopy $containerValues) -}}
{{- $name := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}}
{{- if not $container.primary -}}
{{- $name = printf "%s-%s" $name $containerName -}}
{{- end -}}
{{- $_ := set $container "name" $name -}}
{{- $_ := set $container "shortName" $containerName -}}
{{- $_ := set $container "podShortName" $objectData.shortName -}}
{{- $_ := set $container "podPrimary" $objectData.primary -}}
{{- $_ := set $container "podType" $objectData.type -}}
{{/* Created from the pod.securityContext, used by fixedEnv */}}
{{- $_ := set $container "calculatedFSGroup" $objectData.podSpec.calculatedFSGroup -}}
{{- include "tc.v1.common.lib.pod.container" (dict "rootCtx" $rootCtx "objectData" $container) | trim | nindent 0 -}}
{{- end -}}
{{- end -}}
{{- end -}}

90
helm-charts/dashy/charts/common/templates/lib/pod/_dns.tpl Normal file
View File

@@ -0,0 +1,90 @@
{{/* Returns DNS Policy and Config */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.dns" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.dns" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $policy := "ClusterFirst" -}}
{{- $config := dict -}}
{{/* Initialize from the "global" option */}}
{{- with $rootCtx.Values.podOptions.dnsPolicy -}}
{{- $policy = . -}}
{{- end -}}
{{- with $rootCtx.Values.podOptions.dnsConfig -}}
{{- $config = . -}}
{{- end -}}
{{/* Override with pod's option */}}
{{- with $objectData.podSpec.dnsPolicy -}}
{{- $policy = . -}}
{{- end -}}
{{- with $objectData.podSpec.dnsConfig -}}
{{- $config = . -}}
{{- end -}}
{{/* Expand policy */}}
{{- $policy = (tpl $policy $rootCtx) -}}
{{/* If hostNetwork is enabled, then use ClusterFirstWithHostNet */}}
{{- $hostNet := include "tc.v1.common.lib.pod.hostNetwork" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
{{- if or (and (kindIs "string" $hostNet) (eq $hostNet "true")) (and (kindIs "bool" $hostNet) $hostNet) -}}
{{- $policy = "ClusterFirstWithHostNet" -}}
{{- end -}}
{{- $policies := (list "ClusterFirst" "ClusterFirstWithHostNet" "Default" "None") -}}
{{- if not (mustHas $policy $policies) -}}
{{- fail (printf "Expected <dnsPolicy> to be one of [%s], but got [%s]" (join ", " $policies) $policy) -}}
{{- end -}}
{{/* When policy is set to None all keys are required */}}
{{- if eq $policy "None" -}}
{{- range $key := (list "nameservers" "searches" "options") -}}
{{- if not (get $config $key) -}}
{{- fail (printf "Expected non-empty <dnsConfig.%s> with <dnsPolicy> set to [None]." $key) -}}
{{- end -}}
{{- end -}}
{{- end }}
dnsPolicy: {{ $policy }}
{{- if or $config.nameservers $config.options $config.searches }}
dnsConfig:
{{- with $config.nameservers -}}
{{- if gt (len .) 3 -}}
{{- fail (printf "Expected no more than [3] <dnsConfig.nameservers>, but got [%v]" (len .)) -}}
{{- end }}
nameservers:
{{- range . }}
- {{ tpl . $rootCtx }}
{{- end -}}
{{- end -}}
{{- with $config.searches -}}
{{- if gt (len .) 6 -}}
{{- fail (printf "Expected no more than [6] <dnsConfig.searches>, but got [%v]" (len .)) -}}
{{- end }}
searches:
{{- range . }}
- {{ tpl . $rootCtx }}
{{- end -}}
{{- end -}}
{{- with $config.options }}
options:
{{- range . }}
- name: {{ tpl .name $rootCtx }}
{{- with .value }}
value: {{ tpl . $rootCtx | quote }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

24
helm-charts/dashy/charts/common/templates/lib/pod/_enableServiceLinks.tpl Normal file
View File

@@ -0,0 +1,24 @@
{{/* Returns enableServiceLinks */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.enableServiceLinks" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.enableServiceLinks" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $enableServiceLinks := false -}}
{{/* Initialize from the "global" option */}}
{{- if (kindIs "bool" $rootCtx.Values.podOptions.enableServiceLinks) -}}
{{- $enableServiceLinks = $rootCtx.Values.podOptions.enableServiceLinks -}}
{{- end -}}
{{/* Override with pod's option */}}
{{- if (kindIs "bool" $objectData.podSpec.enableServiceLinks) -}}
{{- $enableServiceLinks = $objectData.podSpec.enableServiceLinks -}}
{{- end -}}
{{- $enableServiceLinks -}}
{{- end -}}

37
helm-charts/dashy/charts/common/templates/lib/pod/_hostAliases.tpl Normal file
View File

@@ -0,0 +1,37 @@
{{/* Returns Host Aliases */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.hostAliases" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.hostAliases" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $aliases := list -}}
{{/* Initialize from the "global" option */}}
{{- with $rootCtx.Values.podOptions.hostAliases -}}
{{- $aliases = . -}}
{{- end -}}
{{/* Override with pod's option */}}
{{- with $objectData.podSpec.hostAliases -}}
{{- $aliases = . -}}
{{- end -}}
{{- range $aliases -}}
{{- if not .ip -}}
{{- fail (printf "Expected non-empty <ip> value on <hostAliases>.") -}}
{{- end -}}
{{- if not .hostnames -}}
{{- fail (printf "Expected non-empty <hostames> list on <hostAliases>.") -}}
{{- end }}
- ip: {{ tpl .ip $rootCtx }}
hostnames:
{{- range .hostnames }}
- {{ tpl . $rootCtx }}
{{- end -}}
{{- end -}}
{{- end -}}

24
helm-charts/dashy/charts/common/templates/lib/pod/_hostNetwork.tpl Normal file
View File

@@ -0,0 +1,24 @@
{{/* Returns Host Network */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.hostNetwork" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.hostNetwork" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $hostNet := false -}}
{{/* Initialize from the "global" option */}}
{{- if (kindIs "bool" $rootCtx.Values.podOptions.hostNetwork) -}}
{{- $hostNet = $rootCtx.Values.podOptions.hostNetwork -}}
{{- end -}}
{{/* Override with pod's option */}}
{{- if (kindIs "bool" $objectData.podSpec.hostNetwork) -}}
{{- $hostNet = $objectData.podSpec.hostNetwork -}}
{{- end -}}
{{- $hostNet -}}
{{- end -}}

24
helm-charts/dashy/charts/common/templates/lib/pod/_hostPID.tpl Normal file
View File

@@ -0,0 +1,24 @@
{{/* Returns Host PID */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.hostPID" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.hostPID" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $hostPID := false -}}
{{/* Initialize from the "global" option */}}
{{- if (kindIs "bool" $rootCtx.Values.podOptions.hostPID) -}}
{{- $hostPID = $rootCtx.Values.podOptions.hostPID -}}
{{- end -}}
{{/* Override with pods option */}}
{{- if (kindIs "bool" $objectData.podSpec.hostPID) -}}
{{- $hostPID = $objectData.podSpec.hostPID -}}
{{- end -}}
{{- $hostPID -}}
{{- end -}}

22
helm-charts/dashy/charts/common/templates/lib/pod/_hostname.tpl.tpl Normal file
View File

@@ -0,0 +1,22 @@
{{/* Returns Host Name */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.hostname" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.hostname" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $hostname := "" -}}
{{- with $objectData.podSpec.hostname -}}
{{- $hostname = tpl . $rootCtx -}}
{{- end -}}
{{- if $hostname -}}
{{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $hostname) -}}
{{- end -}}
{{- $hostname -}}
{{- end -}}

38
helm-charts/dashy/charts/common/templates/lib/pod/_imagePullSecret.tpl Normal file
View File

@@ -0,0 +1,38 @@
{{/* Returns Image Pull Secret List */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.imagePullSecret" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.imagePullSecret" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $imgPullSecrets := list -}}
{{- range $name, $imgPull := $rootCtx.Values.imagePullSecret -}}
{{- $pullName := (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $name) -}}
{{- if $imgPull.enabled -}}
{{/* If targetSelectAll is true */}}
{{- if $imgPull.targetSelectAll -}}
{{- $imgPullSecrets = mustAppend $imgPullSecrets $pullName -}}
{{/* Else if targetSelector is a list */}}
{{- else if (kindIs "slice" $imgPull.targetSelector) -}}
{{- if (mustHas $objectData.shortName $imgPull.targetSelector) -}}
{{- $imgPullSecrets = mustAppend $imgPullSecrets $pullName -}}
{{- end -}}
{{/* If not targetSelectAll or targetSelector, but is the primary pod */}}
{{- else if $objectData.primary -}}
{{- $imgPullSecrets = mustAppend $imgPullSecrets $pullName -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- range $imgPullSecrets }}
- name: {{ . }}
{{- end -}}
{{- end -}}

91
helm-charts/dashy/charts/common/templates/lib/pod/_initContainerSpawner.tpl Normal file
View File

@@ -0,0 +1,91 @@
{{/* Init Containers */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.initContainerSpawner" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.initContainerSpawner" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $initContainers := (dict "system" list
"init" list
"install" list
"upgrade" list) -}}
{{- $types := (list "system" "init" "install" "upgrade") -}}
{{- $mergedContainers := $objectData.podSpec.initContainers -}}
{{- range $containerName, $containerValues := $mergedContainers -}}
{{- $enabled := $containerValues.enabled -}}
{{- if kindIs "string" $enabled -}}
{{- $enabled = tpl $enabled $rootCtx -}}
{{/* After tpl it becomes a string, not a bool */}}
{{- if eq $enabled "true" -}}
{{- $enabled = true -}}
{{- else if eq $enabled "false" -}}
{{- $enabled = false -}}
{{- end -}}
{{- end -}}
{{- if $enabled -}}
{{- if not ($containerValues.type) -}}
{{- fail "InitContainer - Expected non-empty <type>" -}}
{{- end -}}
{{- $containerType := tpl $containerValues.type $rootCtx -}}
{{- if not (mustHas $containerType $types) -}}
{{- fail (printf "InitContainer - Expected <type> to be one of [%s], but got [%s]" (join ", " $types) $containerType) -}}
{{- end -}}
{{- $container := (mustDeepCopy $containerValues) -}}
{{- $name := printf "%s-%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $containerType $containerName -}}
{{- $_ := set $container "name" $name -}}
{{- $_ := set $container "shortName" $containerName -}}
{{- $_ := set $container "podShortName" $objectData.shortName -}}
{{- $_ := set $container "podPrimary" $objectData.primary -}}
{{- $_ := set $container "podType" $objectData.type -}}
{{/* Remove keys that do not apply on init containers */}}
{{- $_ := set $container "lifecycle" dict -}}
{{- $_ := set $container "probes" dict -}}
{{/* Template expects probes dict defined even if enabled */}}
{{- $_ := set $container.probes "liveness" (dict "enabled" false) -}}
{{- $_ := set $container.probes "readiness" (dict "enabled" false) -}}
{{- $_ := set $container.probes "startup" (dict "enabled" false) -}}
{{/* Created from the pod.securityContext, used by fixedEnv */}}
{{- $_ := set $container "calculatedFSGroup" $objectData.podSpec.calculatedFSGroup -}}
{{/* Append to list of containers based on type */}}
{{- $tempContainers := (get $initContainers $containerType) -}}
{{- $_ := set $initContainers $containerType (mustAppend $tempContainers $container) -}}
{{- end -}}
{{- end -}}
{{- if $rootCtx.Release.IsInstall -}}
{{- range $container := (get $initContainers "install") -}}
{{- include "tc.v1.common.lib.pod.container" (dict "rootCtx" $rootCtx "objectData" $container) -}}
{{- end -}}
{{- end -}}
{{- if $rootCtx.Release.IsUpgrade -}}
{{- range $container := (get $initContainers "upgrade") -}}
{{- include "tc.v1.common.lib.pod.container" (dict "rootCtx" $rootCtx "objectData" $container) -}}
{{- end -}}
{{- end -}}
{{- range $container := (get $initContainers "system") -}}
{{- include "tc.v1.common.lib.pod.container" (dict "rootCtx" $rootCtx "objectData" $container) -}}
{{- end -}}
{{- range $container := (get $initContainers "init") -}}
{{- include "tc.v1.common.lib.pod.container" (dict "rootCtx" $rootCtx "objectData" $container) -}}
{{- end -}}
{{- end -}}

33
helm-charts/dashy/charts/common/templates/lib/pod/_nodeSelector.tpl Normal file
View File

@@ -0,0 +1,33 @@
{{/* Returns Node Selector */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.nodeSelector" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.nodeSelector" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $selectors := dict -}}
{{/* Initialize from the "global" option */}}
{{- with $rootCtx.Values.podOptions.nodeSelector -}}
{{- $selectors = . -}}
{{- end -}}
{{/* Override with pods option */}}
{{- with $objectData.podSpec.nodeSelector -}}
{{- $selectors = . -}}
{{- end -}}
{{- if and (include "tc.v1.common.lib.util.stopAll" $rootCtx) (eq $objectData.type "DaemonSet") }}
"non-existing": "true"
{{ else }}
{{- range $k, $v := $selectors -}}
{{- if not $v -}}
{{- else }}
{{ $k }}: {{ tpl $v $rootCtx }}
{{- end -}}
{{- end -}}
{{ end }}
{{- end -}}

117
helm-charts/dashy/charts/common/templates/lib/pod/_podSecurityContext.tpl Normal file
View File

@@ -0,0 +1,117 @@
{{/* Returns Pod Security Context */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.securityContext" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.securityContext" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- if not $rootCtx.Values.securityContext.pod -}}
{{- fail "Pod - Expected non-empty <.Values.securityContext.pod>" -}}
{{- end -}}
{{/* Initialize from the "global" option */}}
{{- $secContext := mustDeepCopy $rootCtx.Values.securityContext.pod -}}
{{/* Override with pods option */}}
{{- with $objectData.podSpec.securityContext -}}
{{- $secContext = mustMergeOverwrite $secContext . -}}
{{- end -}}
{{- $gpuAdded := false -}}
{{- range $GPUValues := $rootCtx.Values.scaleGPU -}}
{{/* If there is a selector and pod is selected */}}
{{- if $GPUValues.targetSelector -}}
{{- if mustHas $objectData.shortName ($GPUValues.targetSelector | keys) -}}
{{- $gpuAdded = true -}}
{{- end -}}
{{/* If there is not a selector, but pod is primary */}}
{{- else if $objectData.primary -}}
{{- $gpuAdded = true -}}
{{- end -}}
{{- end -}}
{{- $deviceGroups := (list 5 10 20 24) -}}
{{- $deviceAdded := false -}}
{{- range $persistenceName, $persistenceValues := $rootCtx.Values.persistence -}}
{{- if $persistenceValues.enabled -}}
{{- if eq $persistenceValues.type "device" -}}
{{- if $persistenceValues.targetSelectAll -}}
{{- $deviceAdded = true -}}
{{- else if $persistenceValues.targetSelector -}}
{{- if mustHas $objectData.shortName ($persistenceValues.targetSelector | keys) -}}
{{- $deviceAdded = true -}}
{{- end -}}
{{- else if $objectData.podPrimary -}}
{{- $deviceAdded = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $gpuAdded -}}
{{- $_ := set $secContext "supplementalGroups" (concat $secContext.supplementalGroups (list 44 107)) -}}
{{- end -}}
{{- if $deviceAdded -}}
{{- $_ := set $secContext "supplementalGroups" (concat $secContext.supplementalGroups $deviceGroups) -}}
{{- end -}}
{{- $_ := set $secContext "supplementalGroups" (concat $secContext.supplementalGroups (list 568)) -}}
{{- if not (deepEqual $secContext.supplementalGroups (mustUniq $secContext.supplementalGroups)) -}}
{{- fail (printf "Pod - Expected <supplementalGroups> to have only unique values, but got [%s]" (join ", " $secContext.supplementalGroups)) -}}
{{- end -}}
{{- $portRange := fromJson (include "tc.v1.common.lib.helpers.securityContext.getPortRange" (dict "rootCtx" $rootCtx "objectData" $objectData)) -}}
{{/* If a container wants to bind a port <= 1024 change the unprivileged_port_start */}}
{{- if and $portRange.low (le (int $portRange.low) 1024) -}}
{{/* That sysctl is not supported when hostNet is enabled */}}
{{- if ne (include "tc.v1.common.lib.pod.hostNetwork" (dict "rootCtx" $rootCtx "objectData" $objectData)) "true" -}}
{{- $_ := set $secContext "sysctls" (mustAppend $secContext.sysctls (dict "name" "net.ipv4.ip_unprivileged_port_start" "value" (printf "%v" $portRange.low))) -}}
{{- end -}}
{{- end -}}
{{- if or (kindIs "invalid" $secContext.fsGroup) (eq (toString $secContext.fsGroup) "") -}}
{{- fail "Pod - Expected non-empty <fsGroup>" -}}
{{- end -}}
{{/* Used by the fixedEnv template */}}
{{- $_ := set $objectData.podSpec "calculatedFSGroup" $secContext.fsGroup -}}
{{- if not $secContext.fsGroupChangePolicy -}}
{{- fail "Pod - Expected non-empty <fsGroupChangePolicy>" -}}
{{- end -}}
{{- $policies := (list "Always" "OnRootMismatch") -}}
{{- if not (mustHas $secContext.fsGroupChangePolicy $policies) -}}
{{- fail (printf "Pod - Expected <fsGroupChangePolicy> to be one of [%s], but got [%s]" (join ", " $policies) $secContext.fsGroupChangePolicy) -}}
{{- end }}
fsGroup: {{ include "tc.v1.common.helper.makeIntOrNoop" $secContext.fsGroup }}
fsGroupChangePolicy: {{ $secContext.fsGroupChangePolicy }}
{{- with $secContext.supplementalGroups }}
supplementalGroups:
{{- range . }}
- {{ include "tc.v1.common.helper.makeIntOrNoop" . }}
{{- end -}}
{{- else }}
supplementalGroups: []
{{- end -}}
{{- with $secContext.sysctls }}
sysctls:
{{- range . }}
{{- if not .name -}}
{{- fail "Pod - Expected non-empty <name> in <sysctls>" -}}
{{- end -}}
{{- if not .value -}}
{{- fail "Pod - Expected non-empty <value> in <sysctls>" -}}
{{- end }}
- name: {{ tpl .name $rootCtx | quote }}
value: {{ tpl .value $rootCtx | quote }}
{{- end -}}
{{- else }}
sysctls: []
{{- end -}}
{{- end -}}

24
helm-charts/dashy/charts/common/templates/lib/pod/_priorityClassName.tpl Normal file
View File

@@ -0,0 +1,24 @@
{{/* Returns Priority Class Name */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.priorityClassName" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.priorityClassName" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $className := "" -}}
{{/* Initialize from the "global" option */}}
{{- with $rootCtx.Values.podOptions.priorityClassName -}}
{{- $className = tpl . $rootCtx -}}
{{- end -}}
{{/* Override with pod's option */}}
{{- with $objectData.podSpec.priorityClassName -}}
{{- $className = tpl . $rootCtx -}}
{{- end -}}
{{- $className -}}
{{- end -}}

34
helm-charts/dashy/charts/common/templates/lib/pod/_restartPolicy.tpl Normal file
View File

@@ -0,0 +1,34 @@
{{/* Returns Restart Policy */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.restartPolicy" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.restartPolicy" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $policy := "Always" -}}
{{/* Initialize from the "defaults" */}}
{{- with $rootCtx.Values.podOptions.restartPolicy -}}
{{- $policy = tpl . $rootCtx -}}
{{- end -}}
{{/* Override from the pod values, if defined */}}
{{- with $objectData.podSpec.restartPolicy -}}
{{- $policy = tpl . $rootCtx -}}
{{- end -}}
{{- $policies := (list "Never" "Always" "OnFailure") -}}
{{- if not (mustHas $policy $policies) -}}
{{- fail (printf "Expected <restartPolicy to be one of [%s] but got [%s]" (join ", " $policies) $policy) -}}
{{- end -}}
{{- $types := (list "Deployment" "DaemonSet" "StatefulSet") -}}
{{- if and (ne "Always" $policy) (mustHas $objectData.type $types) -}}
{{- fail (printf "Expected <restartPolicy to be [Always] for [%s] but got [%s]" $objectData.type $policy) -}}
{{- end -}}
{{- $policy -}}
{{- end -}}

57
helm-charts/dashy/charts/common/templates/lib/pod/_runtimeClassName.tpl Normal file
View File

@@ -0,0 +1,57 @@
{{/* Returns Runtime Class Name */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.runtimeClassName" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.runtimeClassName" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $runtime := "" -}}
{{/* Initialize from the "defaults" */}}
{{- with $rootCtx.Values.podOptions.runtimeClassName -}}
{{- $runtime = tpl . $rootCtx -}}
{{- end -}}
{{/* Override from the pod values, if defined */}}
{{- with $objectData.podSpec.runtimeClassName -}}
{{- $runtime = tpl . $rootCtx -}}
{{- end -}}
{{- if hasKey $rootCtx.Values.global "ixChartContext" -}}
{{- if $rootCtx.Values.global.ixChartContext.addNvidiaRuntimeClass -}}
{{- range $rootCtx.Values.scaleGPU -}}
{{- if .gpu -}} {{/* Make sure it has a value... */}}
{{- $gpuAssigned := false -}}
{{- range $k, $v := .gpu -}}
{{- if $v -}} {{/* Make sure value is not "0" or "" */}}
{{- $gpuAssigned = true -}}
{{- end -}}
{{- end -}}
{{- if $gpuAssigned -}}
{{- if (kindIs "map" .targetSelector) -}}
{{- range $podName, $containers := .targetSelector -}}
{{- if eq $objectData.shortName $podName -}} {{/* If the pod is selected */}}
{{- $runtime = $rootCtx.Values.global.ixChartContext.nvidiaRuntimeClassName -}}
{{- end -}}
{{- end -}}
{{- else if $objectData.primary -}}
{{/* If the pod is primary and no targetSelector is given, assign to primary */}}
{{- $runtime = $rootCtx.Values.global.ixChartContext.nvidiaRuntimeClassName -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $runtime -}}
{{- end -}}

24
helm-charts/dashy/charts/common/templates/lib/pod/_schedulerName.tpl Normal file
View File

@@ -0,0 +1,24 @@
{{/* Returns Scheduler Name */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.schedulerName" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.schedulerName" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $scheduler := "" -}}
{{/* Initialize from the "global" option */}}
{{- with $rootCtx.Values.podOptions.schedulerName -}}
{{- $scheduler = tpl . $rootCtx -}}
{{- end -}}
{{/* Override with pod's option */}}
{{- with $objectData.podSpec.schedulerName -}}
{{- $scheduler = tpl . $rootCtx -}}
{{- end -}}
{{- $scheduler -}}
{{- end -}}

48
helm-charts/dashy/charts/common/templates/lib/pod/_serviceAccountName.tpl Normal file
View File

@@ -0,0 +1,48 @@
{{/* Returns Service Account Name */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.serviceAccountName" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.serviceAccountName" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $saName := "default" -}}
{{- $saNameCount := 0 -}}
{{- range $name, $serviceAccount := $rootCtx.Values.serviceAccount -}}
{{- $tempName := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}}
{{- if not $serviceAccount.primary -}}
{{- $tempName = (printf "%s-%s" $tempName $name) -}}
{{- end -}}
{{- if $serviceAccount.enabled -}}
{{/* If targetSelectAll is true */}}
{{- if $serviceAccount.targetSelectAll -}}
{{- $saName = $tempName -}}
{{- $saNameCount = add1 $saNameCount -}}
{{/* Else if targetSelector is a list */}}
{{- else if (kindIs "slice" $serviceAccount.targetSelector) -}}
{{- if (mustHas $objectData.shortName $serviceAccount.targetSelector) -}}
{{- $saName = $tempName -}}
{{- $saNameCount = add1 $saNameCount -}}
{{- end -}}
{{/* If not targetSelectAll or targetSelector, but is the primary pod */}}
{{- else if $objectData.primary -}}
{{- $saName = $tempName -}}
{{- $saNameCount = add1 $saNameCount -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if gt $saNameCount 1 -}}
{{- fail (printf "Expected at most 1 ServiceAccount to be assigned on a pod [%s]. But [%v] were assigned" $objectData.shortName $saNameCount) -}}
{{- end -}}
{{- $saName -}}
{{- end -}}

24
helm-charts/dashy/charts/common/templates/lib/pod/_shareProcessNamespace.tpl Normal file
View File

@@ -0,0 +1,24 @@
{{/* Returns Share Process Namespace */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.shareProcessNamespace" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.shareProcessNamespace" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $shareProcessNamespace := false -}}
{{/* Initialize from the "global" option */}}
{{- if (kindIs "bool" $rootCtx.Values.podOptions.shareProcessNamespace) -}}
{{- $shareProcessNamespace = $rootCtx.Values.podOptions.shareProcessNamespace -}}
{{- end -}}
{{/* Override with pods option */}}
{{- if (kindIs "bool" $objectData.podSpec.shareProcessNamespace) -}}
{{- $shareProcessNamespace = $objectData.podSpec.shareProcessNamespace -}}
{{- end -}}
{{- $shareProcessNamespace -}}
{{- end -}}

29
helm-charts/dashy/charts/common/templates/lib/pod/_terminationGracePeriodSeconds.tpl Normal file
View File

@@ -0,0 +1,29 @@
{{/* Returns Termination Grace Period Seconds */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.terminationGracePeriodSeconds" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.terminationGracePeriodSeconds" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $gracePeriod := "" -}}
{{/* Initialize from the "global" option */}}
{{- with $rootCtx.Values.podOptions.terminationGracePeriodSeconds -}}
{{- $gracePeriod = . -}}
{{- end -}}
{{/* Override with pod's option */}}
{{- with $objectData.podSpec.terminationGracePeriodSeconds -}}
{{- $gracePeriod = . -}}
{{- end -}}
{{/* Expand tpl */}}
{{- if (kindIs "string" $gracePeriod) -}}
{{- $gracePeriod = tpl $gracePeriod $rootCtx -}}
{{- end -}}
{{- $gracePeriod -}}
{{- end -}}

67
helm-charts/dashy/charts/common/templates/lib/pod/_tolerations.tpl Normal file
View File

@@ -0,0 +1,67 @@
{{/* Returns Tolerations */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.tolerations" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.tolerations" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $tolerations := list -}}
{{/* Initialize from the "global" option */}}
{{- with $rootCtx.Values.podOptions.tolerations -}}
{{- $tolerations = . -}}
{{- end -}}
{{/* Override from the "pod" option */}}
{{- with $objectData.podSpec.tolerations -}}
{{- $tolerations = . -}}
{{- end -}}
{{- range $tolerations -}}
{{/* Expand values */}}
{{- $operator := (tpl (.operator | default "") $rootCtx) -}}
{{- $key := (tpl (.key | default "") $rootCtx) -}}
{{- $value := (tpl (.value | default "") $rootCtx) -}}
{{- $effect := (tpl (.effect | default "") $rootCtx) -}}
{{- $tolSeconds := .tolerationSeconds -}}
{{- $operators := (list "Exists" "Equal") -}}
{{- if not (mustHas $operator $operators) -}}
{{- fail (printf "Expected <tolerations.operator> to be one of [%s] but got [%s]" (join ", " $operators) $operator) -}}
{{- end -}}
{{- if and (eq $operator "Equal") (or (not $key) (not $value)) -}}
{{- fail "Expected non-empty <tolerations.key> and <tolerations.value> with <tolerations.operator> set to [Equal]" -}}
{{- end -}}
{{- if and (eq $operator "Exists") $value -}}
{{- fail (printf "Expected empty <tolerations.value> with <tolerations.operator> set to [Exists], but got [%s]" $value) -}}
{{- end -}}
{{- $effects := (list "NoExecute" "NoSchedule" "PreferNoSchedule") -}}
{{- if and $effect (not (mustHas $effect $effects)) -}}
{{- fail (printf "Expected <tolerations.effect> to be one of [%s], but got [%s]" (join ", " $effects) $effect) -}}
{{- end -}}
{{- if and (not (kindIs "invalid" $tolSeconds)) (not (mustHas (kindOf $tolSeconds) (list "int" "int64" "float64"))) -}}
{{- fail (printf "Expected <tolerations.tolerationSeconds> to be a number, but got [%v]" $tolSeconds) -}}
{{- end }}
- operator: {{ $operator }}
{{- with $key }}
key: {{ $key }}
{{- end -}}
{{- with $effect }}
effect: {{ $effect }}
{{- end -}}
{{- with $value }}
value: {{ . }}
{{- end -}}
{{- if (mustHas (kindOf $tolSeconds) (list "int" "int64" "float64")) }}
tolerationSeconds: {{ $tolSeconds }}
{{- end -}}
{{- end -}}
{{- end -}}

44
helm-charts/dashy/charts/common/templates/lib/pod/_topologySpreadConstraints .tpl Normal file
View File

@@ -0,0 +1,44 @@
{{/* Returns topologySpreadConstraints */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.topologySpreadConstraints" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.topologySpreadConstraints" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $constraints := list -}}
{{/* Initialize from the "global" option */}}
{{- with $rootCtx.Values.podOptions.topologySpreadConstraints -}}
{{- $constraints = . -}}
{{- end -}}
{{/* Override with pods option */}}
{{- with $objectData.podSpec.topologySpreadConstraints -}}
{{- $constraints = . -}}
{{- end -}}
{{- if and ( or ( eq $objectData.type "Deployment" ) ( eq $objectData.type "StatefulSet" )) $rootCtx.Values.podOptions.defaultSpread -}}
- maxSkew: 1
whenUnsatisfiable: ScheduleAnyway
topologyKey: "truecharts.org/rack"
labelSelector:
matchLabels:
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.name) | indent 6 }}
nodeAffinityPolicy: Honor
nodeTaintsPolicy: Honor
- maxSkew: 1
whenUnsatisfiable: ScheduleAnyway
topologyKey: "kubernetes.io/hostname"
labelSelector:
matchLabels:
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.name) | indent 6 }}
nodeAffinityPolicy: Honor
nodeTaintsPolicy: Honor
{{- end -}}
{{ with $constraints }}
{{ . | toYaml | indent 0 }}
{{ end }}
{{- end -}}

68
helm-charts/dashy/charts/common/templates/lib/pod/_volumes.tpl Normal file
View File

@@ -0,0 +1,68 @@
{{/* Returns Volumes */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.volumes" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.pod.volumes" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- range $name, $persistenceValues := $rootCtx.Values.persistence -}}
{{- if $persistenceValues.enabled -}}
{{- $persistence := (mustDeepCopy $persistenceValues) -}}
{{- $_ := set $persistence "shortName" $name -}}
{{- $selected := false -}}
{{/* If set to true, define volume */}}
{{- if $persistence.targetSelectAll -}}
{{- $selected = true -}}
{{/* If the pod is the autopermission */}}
{{- else if eq $objectData.shortName "autopermissions" -}}
{{- if $persistence.autoPermissions -}}
{{- if $persistence.autoPermissions.enabled -}}
{{- $selected = true -}}
{{- end -}}
{{- end -}}
{{/* If targetSelector is set, check if pod is selected */}}
{{- else if $persistence.targetSelector -}}
{{- if (mustHas $objectData.shortName (keys $persistence.targetSelector)) -}}
{{- $selected = true -}}
{{- end -}}
{{/* If no targetSelector is set or targetSelectAll, check if pod is primary */}}
{{- else if $objectData.primary -}}
{{- $selected = true -}}
{{- end -}}
{{/* If pod selected */}}
{{- if $selected -}}
{{/* Define the volume based on type */}}
{{- $type := ($persistence.type | default $rootCtx.Values.fallbackDefaults.persistenceType) -}}
{{- if eq "pvc" $type -}}
{{- include "tc.v1.common.lib.pod.volume.pvc" (dict "rootCtx" $rootCtx "objectData" $persistence) | trim | nindent 0 -}}
{{- else if eq "ixVolume" $type -}}
{{- include "tc.v1.common.lib.pod.volume.ixVolume" (dict "rootCtx" $rootCtx "objectData" $persistence) | trim | nindent 0 -}}
{{- else if eq "hostPath" $type -}}
{{- include "tc.v1.common.lib.pod.volume.hostPath" (dict "rootCtx" $rootCtx "objectData" $persistence) | trim | nindent 0 -}}
{{- else if eq "secret" $type -}}
{{- include "tc.v1.common.lib.pod.volume.secret" (dict "rootCtx" $rootCtx "objectData" $persistence) | trim | nindent 0 -}}
{{- else if eq "configmap" $type -}}
{{- include "tc.v1.common.lib.pod.volume.configmap" (dict "rootCtx" $rootCtx "objectData" $persistence) | trim | nindent 0 -}}
{{- else if eq "emptyDir" $type -}}
{{- include "tc.v1.common.lib.pod.volume.emptyDir" (dict "rootCtx" $rootCtx "objectData" $persistence) | trim | nindent 0 -}}
{{- else if eq "nfs" $type -}}
{{- include "tc.v1.common.lib.pod.volume.nfs" (dict "rootCtx" $rootCtx "objectData" $persistence) | trim | nindent 0 -}}
{{- else if eq "device" $type -}}
{{- include "tc.v1.common.lib.pod.volume.device" (dict "rootCtx" $rootCtx "objectData" $persistence) | trim | nindent 0 -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

70
helm-charts/dashy/charts/common/templates/lib/pod/volumes/_configmap.tpl Normal file
View File

@@ -0,0 +1,70 @@
{{/* Returns ConfigMap Volume */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.volume.configmap" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the volume.
*/}}
{{- define "tc.v1.common.lib.pod.volume.configmap" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.objectName -}}
{{- fail "Persistence - Expected non-empty <objectName> on <configmap> type" -}}
{{- end -}}
{{- $objectName := tpl $objectData.objectName $rootCtx -}}
{{- $expandName := true -}}
{{- if kindIs "bool" $objectData.expandObjectName -}}
{{- $expandName = $objectData.expandObjectName -}}
{{- end -}}
{{- if $expandName -}}
{{- $object := (get $rootCtx.Values.configmap $objectName) -}}
{{- if and (not $object) (not $objectData.optional) -}}
{{- fail (printf "Persistence - Expected configmap [%s] defined in <objectName> to exist" $objectName) -}}
{{- end -}}
{{- $objectName = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $objectName) -}}
{{- end -}}
{{- $optional := false -}}
{{- if hasKey $objectData "optional" -}}
{{- if not (kindIs "bool" $objectData.optional) -}}
{{- fail (printf "Persistence - Expected <optional> to be [bool], but got [%s]" (kindOf $objectData.optional)) -}}
{{- end -}}
{{- $optional = $objectData.optional -}}
{{- end -}}
{{- $defMode := "" -}}
{{- if (and $objectData.defaultMode (not (kindIs "string" $objectData.defaultMode))) -}}
{{- fail (printf "Persistence - Expected <defaultMode> to be [string], but got [%s]" (kindOf $objectData.defaultMode)) -}}
{{- end -}}
{{- with $objectData.defaultMode -}}
{{- $defMode = tpl $objectData.defaultMode $rootCtx -}}
{{- end -}}
{{- if and $defMode (not (mustRegexMatch "^[0-9]{4}$" $defMode)) -}}
{{- fail (printf "Persistence - Expected <defaultMode> to have be in format of [\"0777\"], but got [%q]" $defMode) -}}
{{- end }}
- name: {{ $objectData.shortName }}
configMap:
name: {{ $objectName }}
{{- with $defMode }}
defaultMode: {{ . }}
{{- end }}
optional: {{ $optional }}
{{- with $objectData.items }}
items:
{{- range . -}}
{{- if not .key -}}
{{- fail "Persistence - Expected non-empty <items.key>" -}}
{{- end -}}
{{- if not .path -}}
{{- fail "Persistence - Expected non-empty <items.path>" -}}
{{- end }}
- key: {{ tpl .key $rootCtx }}
path: {{ tpl .path $rootCtx }}
{{- end -}}
{{- end -}}
{{- end -}}

53
helm-charts/dashy/charts/common/templates/lib/pod/volumes/_device.tpl Normal file
View File

@@ -0,0 +1,53 @@
{{/* Returns device (hostPath) Volume */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.volume.device" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the volume.
*/}}
{{- define "tc.v1.common.lib.pod.volume.device" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $hostPathType := "" -}}
{{- if $objectData.hostPathType -}}
{{- $hostPathType = tpl $objectData.hostPathType $rootCtx -}}
{{- end -}}
{{- if not $objectData.hostPath -}}
{{- fail "Persistence - Expected non-empty <hostPath> on <device> type" -}}
{{- end -}}
{{- $hostPath := tpl $objectData.hostPath $rootCtx -}}
{{- if not (hasPrefix "/" $hostPath) -}}
{{- fail "Persistence - Expected <hostPath> to start with a forward slash [/] on <device> type" -}}
{{- end -}}
{{- $charDevices := (list "tty") -}}
{{- if not $hostPathType -}}
{{- range $char := $charDevices -}}
{{- if hasPrefix (printf "/dev/%v" $char) $hostPath -}}
{{- $hostPathType = "CharDevice" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $blockDevices := (list "sd" "hd" "nvme") -}}
{{- if not $hostPathType -}}
{{- range $block := $blockDevices -}}
{{- if hasPrefix (printf "/dev/%v" $block) $hostPath -}}
{{- $hostPathType = "BlockDevice" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $types := (list "DirectoryOrCreate" "Directory" "FileOrCreate" "File" "Socket" "CharDevice" "BlockDevice") -}}
{{- if and $hostPathType (not (mustHas $hostPathType $types)) -}}
{{- fail (printf "Persistence - Expected <hostPathType> to be one of [%s], but got [%s]" (join ", " $types) $hostPathType) -}}
{{- end }}
- name: {{ $objectData.shortName }}
hostPath:
path: {{ $hostPath }}
{{- with $hostPathType }}
type: {{ $hostPathType }}
{{- end -}}
{{- end -}}

43
helm-charts/dashy/charts/common/templates/lib/pod/volumes/_emptyDir.tpl Normal file
View File

@@ -0,0 +1,43 @@
{{/* Returns emptyDir Volume */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.volume.emptyDir" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the volume.
*/}}
{{- define "tc.v1.common.lib.pod.volume.emptyDir" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $medium := "" -}}
{{- $size := "" -}}
{{- with $objectData.medium -}}
{{- $medium = tpl . $rootCtx -}}
{{- end -}}
{{- with $objectData.size -}}
{{- $size = tpl . $rootCtx -}}
{{- end -}}
{{- if $size -}}
{{/* Size: https://regex101.com/r/NNPV2D/1 */}}
{{- if not (mustRegexMatch "^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$" (toString $size)) -}}
{{- $formats := "(Suffixed with E/P/T/G/M/K - eg. 1G), (Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi), (Plain Integer in bytes - eg. 1024), (Exponent - eg. 134e6)" -}}
{{- fail (printf "Persistence Expected <size> to have one of the following formats [%s], but got [%s]" $formats $size) -}}
{{- end -}}
{{- end -}}
{{- if and $medium (ne $medium "Memory") -}}
{{- fail (printf "Persistence - Expected [medium] to be one of [\"\", Memory], but got [%s] on <emptyDir> type" $medium) -}}
{{- end }}
- name: {{ $objectData.shortName }}
{{- if or $medium $size }}
emptyDir:
{{- if $medium }}
medium: {{ $medium }}
{{- end -}}
{{- if $size }}
sizeLimit: {{ $size }}
{{- end -}}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end -}}

35
helm-charts/dashy/charts/common/templates/lib/pod/volumes/_hostPath.tpl Normal file
View File

@@ -0,0 +1,35 @@
{{/* Returns hostPath Volume */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.volume.hostPath" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the volume.
*/}}
{{- define "tc.v1.common.lib.pod.volume.hostPath" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $hostPathType := "" -}}
{{- if $objectData.hostPathType -}}
{{- $hostPathType = tpl $objectData.hostPathType $rootCtx -}}
{{- end -}}
{{- if not $objectData.hostPath -}}
{{- fail "Persistence - Expected non-empty <hostPath> on <hostPath> type" -}}
{{- end -}}
{{- $hostPath := tpl $objectData.hostPath $rootCtx -}}
{{- if not (hasPrefix "/" $hostPath) -}}
{{- fail "Persistence - Expected <hostPath> to start with a forward slash [/] on <hostPath> type" -}}
{{- end -}}
{{- $types := (list "DirectoryOrCreate" "Directory" "FileOrCreate" "File" "Socket" "CharDevice" "BlockDevice") -}}
{{- if and $hostPathType (not (mustHas $hostPathType $types)) -}}
{{- fail (printf "Persistence - Expected <hostPathType> to be one of [%s], but got [%s]" (join ", " $types) $hostPathType) -}}
{{- end }}
- name: {{ $objectData.shortName }}
hostPath:
path: {{ $hostPath }}
{{- with $hostPathType }}
type: {{ $hostPathType }}
{{- end -}}
{{- end -}}

56
helm-charts/dashy/charts/common/templates/lib/pod/volumes/_ixVolume.tpl Normal file
View File

@@ -0,0 +1,56 @@
{{/* Returns ixVolume Volume */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.volume.ixVolume" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the volume.
*/}}
{{- define "tc.v1.common.lib.pod.volume.ixVolume" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $hostPathType := "" -}}
{{- if $objectData.hostPathType -}}
{{- $hostPathType = tpl $objectData.hostPathType $rootCtx -}}
{{- end -}}
{{- if not $objectData.datasetName -}}
{{- fail "Persistence - Expected non-empty <datasetName> on <ixVolume> type" -}}
{{- end -}}
{{- $datasetName := tpl $objectData.datasetName $rootCtx -}}
{{- if not $rootCtx.Values.ixVolumes -}}
{{- fail "Persistence - Expected non-empty <ixVolumes> in values on <ixVolume> type" -}}
{{- end -}}
{{- $hostPath := "" -}}
{{- $found := false -}}
{{- range $idx, $normalizedHostPath := $rootCtx.Values.ixVolumes -}}
{{- if eq $datasetName (base $normalizedHostPath.hostPath) -}}
{{- $found = true -}}
{{- $hostPath = $normalizedHostPath.hostPath -}}
{{- end -}}
{{- end -}}
{{- if not $found -}} {{/* If we go over the ixVolumes and we dont find a match, fail */}}
{{- $datasets := list -}}
{{- range $rootCtx.Values.ixVolumes -}}
{{- $datasets = mustAppend $datasets (base .hostPath) -}}
{{- end -}}
{{- fail (printf "Persistence - Expected <datasetName> [%s] to exist on <ixVolumes> list, but list contained [%s] on <ixVolume> type" $datasetName (join ", " $datasets)) -}}
{{- end -}}
{{- if not (hasPrefix "/" $hostPath) -}}
{{- fail "Persistence - Expected normalized path from <ixVolumes> to start with a forward slash [/] on <ixVolume> type" -}}
{{- end -}}
{{- $types := (list "DirectoryOrCreate" "Directory" "FileOrCreate" "File" "Socket" "CharDevice" "BlockDevice") -}}
{{- if and $hostPathType (not (mustHas $hostPathType $types)) -}}
{{- fail (printf "Persistence - Expected <hostPathType> to be one of [%s], but got [%s]" (join ", " $types) $hostPathType) -}}
{{- end }}
- name: {{ $objectData.shortName }}
hostPath:
path: {{ $hostPath }}
{{- with $hostPathType }}
type: {{ $hostPathType }}
{{- end -}}
{{- end -}}

27
helm-charts/dashy/charts/common/templates/lib/pod/volumes/_nfs.tpl Normal file
View File

@@ -0,0 +1,27 @@
{{/* Returns NFS Volume */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.volume.nfs" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the volume.
*/}}
{{- define "tc.v1.common.lib.pod.volume.nfs" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.path -}}
{{- fail "Persistence - Expected non-empty <path> on <nfs> type" -}}
{{- end -}}
{{- $path := tpl $objectData.path $rootCtx -}}
{{- if not (hasPrefix "/" $path) -}}
{{- fail "Persistence - Expected <path> to start with a forward slash [/] on <nfs> type" -}}
{{- end -}}
{{- if not $objectData.server -}}
{{- fail "Persistence - Expected non-empty <server> on <nfs> type" -}}
{{- end }}
- name: {{ $objectData.shortName }}
nfs:
path: {{ $path }}
server: {{ tpl $objectData.server $rootCtx }}
{{- end -}}

18
helm-charts/dashy/charts/common/templates/lib/pod/volumes/_pvc.tpl Normal file
View File

@@ -0,0 +1,18 @@
{{/* Returns PVC Volume */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.volume.pvc" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the volume.
*/}}
{{- define "tc.v1.common.lib.pod.volume.pvc" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $pvcName := (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $objectData.shortName) -}}
{{- with $objectData.existingClaim -}}
{{- $pvcName = tpl . $rootCtx -}}
{{- end }}
- name: {{ $objectData.shortName }}
persistentVolumeClaim:
claimName: {{ $pvcName }}
{{- end -}}

71
helm-charts/dashy/charts/common/templates/lib/pod/volumes/_secret.tpl Normal file
View File

@@ -0,0 +1,71 @@
{{/* Returns Secret Volume */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.pod.volume.secret" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the volume.
*/}}
{{- define "tc.v1.common.lib.pod.volume.secret" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.objectName -}}
{{- fail "Persistence - Expected non-empty <objectName> on <secret> type" -}}
{{- end -}}
{{- $objectName := tpl $objectData.objectName $rootCtx -}}
{{- $expandName := true -}}
{{- if kindIs "bool" $objectData.expandObjectName -}}
{{- $expandName = $objectData.expandObjectName -}}
{{- end -}}
{{- if $expandName -}}
{{- $object := (get $rootCtx.Values.secret $objectName) -}}
{{- $certObject := (get $rootCtx.Values.scaleCertificate $objectName) -}}
{{- if and (not $object) (not $certObject) (not $objectData.optional) -}}
{{- fail (printf "Persistence - Expected secret [%s] defined in <objectName> to exist" $objectName) -}}
{{- end -}}
{{- $objectName = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $objectName) -}}
{{- end -}}
{{- $optional := false -}}
{{- if hasKey $objectData "optional" -}}
{{- if not (kindIs "bool" $objectData.optional) -}}
{{- fail (printf "Persistence - Expected <optional> to be [bool], but got [%s]" (kindOf $objectData.optional)) -}}
{{- end -}}
{{- $optional = $objectData.optional -}}
{{- end -}}
{{- $defMode := "" -}}
{{- if (and $objectData.defaultMode (not (kindIs "string" $objectData.defaultMode))) -}}
{{- fail (printf "Persistence - Expected <defaultMode> to be [string], but got [%s]" (kindOf $objectData.defaultMode)) -}}
{{- end -}}
{{- with $objectData.defaultMode -}}
{{- $defMode = tpl $objectData.defaultMode $rootCtx -}}
{{- end -}}
{{- if and $defMode (not (mustRegexMatch "^[0-9]{4}$" $defMode)) -}}
{{- fail (printf "Persistence - Expected <defaultMode> to have be in format of [\"0777\"], but got [%q]" $defMode) -}}
{{- end }}
- name: {{ $objectData.shortName }}
secret:
secretName: {{ $objectName }}
{{- with $defMode }}
defaultMode: {{ . }}
{{- end }}
optional: {{ $optional }}
{{- with $objectData.items }}
items:
{{- range . -}}
{{- if not .key -}}
{{- fail "Persistence - Expected non-empty <items.key>" -}}
{{- end -}}
{{- if not .path -}}
{{- fail "Persistence - Expected non-empty <items.path>" -}}
{{- end }}
- key: {{ tpl .key $rootCtx }}
path: {{ tpl .path $rootCtx }}
{{- end -}}
{{- end -}}
{{- end -}}

48
helm-charts/dashy/charts/common/templates/lib/podDistruptionBudget/_validation.tpl Normal file
View File

@@ -0,0 +1,48 @@
{{/* Metadata Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.podDisruptionBudget.validation" (dict "objectData" $objectData "caller" $caller) -}}
objectData:
labels: The labels of the configmap.
annotations: The annotations of the configmap.
data: The data of the configmap.
*/}}
{{- define "tc.v1.common.lib.podDisruptionBudget.validation" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- if and $objectData.targetSelector (not (kindIs "string" $objectData.targetSelector)) -}}
{{- fail (printf "Pod Disruption Budget - Expected <targetSelector> to be [string], but got [%s]" (kindOf $objectData.targetSelector)) -}}
{{- end -}}
{{- if and (not $objectData.targetSelector) (not $objectData.customLabels) -}}
{{- fail (printf "Pod Disruption Budget - Expected one of [targetSelector, customLabels] to be defined in <podDisruptionBudget.%s>" $objectData.shortName) -}}
{{- end -}}
{{- if and $objectData.targetSelector $objectData.customLabels -}}
{{- fail (printf "Pod Disruption Budget - Expected only one of [targetSelector, customLabels] to be defined in <podDisruptionBudget.%s>" $objectData.shortName) -}}
{{- end -}}
{{- with $objectData.unhealthyPodEvictionPolicy -}}
{{- $policies := (list "IfHealthyBudget" "AlwaysAllow") -}}
{{- if not (mustHas (tpl . $rootCtx) $policies) -}}
{{- fail (printf "Pod Disruption Budget - Expected <unhealthyPodEvictionPolicy> to be one of [%s], but got [%s]" (join ", " $policies) .) -}}
{{- end -}}
{{- end -}}
{{- $hasKey := false -}}
{{- $keys := (list "minAvailable" "maxUnavailable") -}}
{{- range $key := $keys -}}
{{- if hasKey $objectData $key -}}
{{- $hasKey = true -}}
{{- if kindIs "invalid" (get $objectData $key) -}}
{{- fail (printf "Pod Disruption Budget - Expected the defined key [%v] in <podDisruptionBudget.%s> to not be empty" $key $objectData.shortName) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if not $hasKey -}}
{{- fail (printf "Pod Disruption Budget - Expected at least one of [%s] to be defined in <podDisruptionBudget.%s>" (join ", " $keys) $objectData.shortName) -}}
{{- end -}}
{{- end -}}

52
helm-charts/dashy/charts/common/templates/lib/rbac/_getServiceAccounts.tpl Normal file
View File

@@ -0,0 +1,52 @@
{{/* Returns Service Account List for rbac */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.rbac.serviceAccount" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the RBAC.
*/}}
{{/* Parses service accounts, and checks if RBAC have selected any of them */}}
{{- define "tc.v1.common.lib.rbac.serviceAccount" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $serviceAccounts := list -}}
{{- range $name, $serviceAccount := $rootCtx.Values.serviceAccount -}}
{{- $saName := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}}
{{- if $serviceAccount.enabled -}}
{{- if not $serviceAccount.primary -}}
{{- $saName = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $name) -}}
{{- end -}}
{{/* If allServiceAccounts is true */}}
{{- if $objectData.allServiceAccounts -}}
{{- $serviceAccounts = mustAppend $serviceAccounts $saName -}}
{{/* Else if serviceAccounts is a list */}}
{{- else if (kindIs "slice" $objectData.serviceAccounts) -}}
{{- if (mustHas $name $objectData.serviceAccounts) -}}
{{- $serviceAccounts = mustAppend $serviceAccounts $saName -}}
{{- end -}}
{{/* If not "allServiceAccounts" or "serviceAccounts", assign the primary service account to rbac */}}
{{- else if $serviceAccount.primary -}}
{{- if $objectData.primary -}}
{{- $serviceAccounts = mustAppend $serviceAccounts $saName -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if not $serviceAccounts -}}
{{- fail "RBAC - Expected at least one serviceAccount to be assigned. Assign one using [allServiceAccounts (boolean), serviceAccounts (list)]" -}}
{{- end -}}
{{- range $serviceAccounts }}
- kind: ServiceAccount
name: {{ . }}
namespace: {{ $rootCtx.Release.Namespace }}
{{- end -}}
{{- end -}}

50
helm-charts/dashy/charts/common/templates/lib/rbac/_rules.tpl Normal file
View File

@@ -0,0 +1,50 @@
{{/* Returns Rules for rbac */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.rbac.rules" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the RBAC.
*/}}
{{/* Parses service accounts, and checks if RBAC have selected any of them */}}
{{- define "tc.v1.common.lib.rbac.rules" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.rules -}}
{{- fail "RBAC - Expected non-empty <rbac.rules>" -}}
{{- end -}}
{{- range $objectData.rules -}}
{{- if not .apiGroups -}}
{{- fail "RBAC - Expected non-empty <rbac.rules.apiGroups>" -}}
{{- end -}}
{{- if not .resources -}}
{{- fail "RBAC - Expected non-empty <rbac.rules.resources>" -}}
{{- end -}}
{{- if not .verbs -}}
{{- fail "RBAC - Expected non-empty <rbac.rules.verbs>" -}}
{{- end -}}
{{- /* apiGroups */}}
- apiGroups:
{{- range .apiGroups }}
- {{ tpl . $rootCtx | quote }}
{{- end -}}
{{- /* resources */}}
resources:
{{- range .resources -}}
{{- if not . -}}
{{- fail "RBAC - Expected non-empty entry in <rbac.rules.resources>" -}}
{{- end }}
- {{ tpl . $rootCtx | quote }}
{{- end -}}
{{- /* verbs */}}
verbs:
{{- range .verbs -}}
{{- if not . -}}
{{- fail "RBAC - Expected non-empty entry in <rbac.rules.verbs>" -}}
{{- end }}
- {{ tpl . $rootCtx | quote }}
{{- end -}}
{{- end -}}
{{- end -}}

17
helm-charts/dashy/charts/common/templates/lib/rbac/_subjects.tpl Normal file
View File

@@ -0,0 +1,17 @@
{{/* Returns Subjects for rbac */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.rbac.subjects" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the RBAC.
*/}}
{{/* Parses service accounts, and checks if RBAC have selected any of them */}}
{{- define "tc.v1.common.lib.rbac.subjects" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- range $objectData.subjects }}
- kind: {{ tpl (required "RBAC - Expected non-empty <rbac.subjects.kind>" .kind) $rootCtx | quote }}
name: {{ tpl (required "RBAC - Expected non-empty <rbac.subjects.name>" .name) $rootCtx | quote }}
apiGroup: {{ tpl (required "RBAC - Expected non-empty <rbac.subjects.apiGroup>" .apiGroup) $rootCtx | quote }}
{{- end -}}
{{- end -}}

38
helm-charts/dashy/charts/common/templates/lib/rbac/_validation.tpl Normal file
View File

@@ -0,0 +1,38 @@
{{/* RBAC Primary Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.rbac.primaryValidation" $ -}}
*/}}
{{- define "tc.v1.common.lib.rbac.primaryValidation" -}}
{{/* Initialize values */}}
{{- $hasPrimary := false -}}
{{- $hasEnabled := false -}}
{{- range $name, $rbac := .Values.rbac -}}
{{/* If rbac is enabled */}}
{{- if $rbac.enabled -}}
{{- $hasEnabled = true -}}
{{/* And rbac is primary */}}
{{- if and (hasKey $rbac "primary") ($rbac.primary) -}}
{{/* Fail if there is already a primary rbac */}}
{{- if $hasPrimary -}}
{{- fail "RBAC - Only one rbac can be primary" -}}
{{- end -}}
{{- $hasPrimary = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Require at least one primary rbac, if any enabled */}}
{{- if and $hasEnabled (not $hasPrimary) -}}
{{- fail "RBAC - At least one enabled rbac must be primary" -}}
{{- end -}}
{{- end -}}

40
helm-charts/dashy/charts/common/templates/lib/scaleCertificate/_getData.tpl Normal file
View File

@@ -0,0 +1,40 @@
{{/* Get Certificate Data */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.scaleCertificate.getData" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The object data of the certificate
*/}}
{{- define "tc.v1.common.lib.scaleCertificate.getData" -}}
{{- $objectData := .objectData -}}
{{- $rootCtx := .rootCtx -}}
{{- $certID := (toString $objectData.id) -}}
{{/* Make sure certificate exists */}}
{{- if hasKey $rootCtx.Values "ixCertificates" -}}
{{- if not $rootCtx.Values.ixCertificates -}}
{{- fail "Certificate - Expected non-empty <ixCertificates>" -}}
{{- end -}}
{{- if not (hasKey $rootCtx.Values.ixCertificates $certID) -}}
{{- fail (printf "Certificate - Expected certificate with <id> [%q] to exist in <ixCertificates>" $certID) -}}
{{- end -}}
{{- end -}}
{{- $data := get $rootCtx.Values.ixCertificates $certID -}}
{{- range $flag := (list "revoked" "expired") -}}
{{- if (get $data $flag) -}}
{{- fail (printf "Certificate - Expected non-%s certificate with <id> [%q]" $flag $certID) -}}
{{- end -}}
{{- end -}}
{{- range $key := (list "certificate" "privatekey") -}}
{{- if not (get $data $key) -}}
{{- fail (printf "Certificate - Expected non-empty [%s] in certificate with <id> [%q] in <ixCertificates>" $key $certID) -}}
{{- end -}}
{{- end -}}
{{- $data | toJson -}}
{{- end -}}

18
helm-charts/dashy/charts/common/templates/lib/scaleCertificate/_validation.tpl Normal file
View File

@@ -0,0 +1,18 @@
{{/* Certificate Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.scaleCertificate.validation" (dict "objectData" $objectData) -}}
objectData: The object data of the certificate.
*/}}
{{- define "tc.v1.common.lib.scaleCertificate.validation" -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.id -}}
{{- fail "Certificate - Expected non-empty <id>" -}}
{{- end -}}
{{- if and $objectData.targetSelector (not (kindIs "map" $objectData.targetSelector)) -}}
{{- fail (printf "Certificate - Expected <targetSelector> to be a [map], but got [%s]" (kindOf $objectData.targetSelector)) -}}
{{- end -}}
{{- end -}}

25
helm-charts/dashy/charts/common/templates/lib/secret/_validation.tpl Normal file
View File

@@ -0,0 +1,25 @@
{{/* Secret Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.secret.validation" (dict "objectData" $objectData) -}}
objectData:
labels: The labels of the secret.
annotations: The annotations of the secret.
data: The data of the secret.
*/}}
{{- define "tc.v1.common.lib.secret.validation" -}}
{{- $objectData := .objectData -}}
{{- if and ( not $objectData.data ) ( not $objectData.stringData ) -}}
{{- fail "Secret - Expected non-empty <data> or <stringData>" -}}
{{- end -}}
{{- if and $objectData.data (not (kindIs "map" $objectData.data)) -}}
{{- fail (printf "Secret - Expected <data> to be a dictionary, but got [%v]" (kindOf $objectData.data)) -}}
{{- end -}}
{{- if and (hasKey $objectData "type") (not $objectData.type) -}}
{{- fail (printf "Secret - Found <type> key, but it's empty") -}}
{{- end -}}
{{- end -}}

40
helm-charts/dashy/charts/common/templates/lib/service/_additionalAnnotations.tpl Normal file
View File

@@ -0,0 +1,40 @@
{{/* Service - MetalLB Annotations */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.service.metalLBAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData "annotations" $annotations) -}}
rootCtx: The root context of the chart.
objectData: The object data of the service
annotations: The annotations variable reference, to append the MetalLB annotations
*/}}
{{- define "tc.v1.common.lib.service.metalLBAnnotations" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $annotations := .annotations -}}
{{- $sharedKey := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}}
{{/* A custom shared key can be defined per service even between multiple charts */}}
{{- with $objectData.sharedKey -}}
{{- $sharedKey = tpl . $rootCtx -}}
{{- end -}}
{{- if $rootCtx.Values.global.addMetalLBAnnotations -}}
{{- $_ := set $annotations "metallb.universe.tf/allow-shared-ip" $sharedKey -}}
{{- end -}}
{{- end -}}
{{/* Service - Traefik Annotations */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.service.traefikAnnotations" (dict "rootCtx" $rootCtx "annotations" $annotations) -}}
rootCtx: The root context of the chart.
annotations: The annotations variable reference, to append the Traefik annotations
*/}}
{{- define "tc.v1.common.lib.service.traefikAnnotations" -}}
{{- $rootCtx := .rootCtx -}}
{{- $annotations := .annotations -}}
{{- if $rootCtx.Values.global.addTraefikAnnotations -}}
{{- $_ := set $annotations "traefik.ingress.kubernetes.io/service.serversscheme" "https" -}}
{{- end -}}
{{- end -}}

63
helm-charts/dashy/charts/common/templates/lib/service/_ports.tpl Normal file
View File

@@ -0,0 +1,63 @@
{{/* Service - Ports */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.service.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The object data of the service
*/}}
{{- define "tc.v1.common.lib.service.ports" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $tcpProtocols := (list "tcp" "http" "https") -}}
{{- range $name, $portValues := $objectData.ports -}}
{{- if $portValues.enabled -}}
{{- $protocol := $rootCtx.Values.fallbackDefaults.serviceProtocol -}} {{/* Default to fallback protocol, if no protocol is defined */}}
{{- $port := $portValues.port -}}
{{- $targetPort := $portValues.targetPort -}}
{{- $nodePort := $portValues.nodePort -}}
{{/* Expand port */}}
{{- if (kindIs "string" $port) -}}
{{- $port = (tpl $port $rootCtx) -}}
{{- end -}}
{{- $port = int $port -}}
{{/* Expand targetPort */}}
{{- if (kindIs "string" $targetPort) -}}
{{- $targetPort = tpl $targetPort $rootCtx -}}
{{- end -}}
{{- $targetPort = int $targetPort -}}
{{/* Expand nodePort */}}
{{- if (kindIs "string" $nodePort) -}}
{{- $nodePort = tpl $nodePort $rootCtx -}}
{{- end -}}
{{- $nodePort = int $nodePort -}}
{{- with $portValues.protocol -}}
{{- $protocol = tpl . $rootCtx -}}
{{- if mustHas $protocol $tcpProtocols -}}
{{- $protocol = "tcp" -}}
{{- end -}}
{{- end }}
- name: {{ $name }}
port: {{ $port }}
protocol: {{ $protocol | upper }}
targetPort: {{ $targetPort | default $port }} {{/* If no targetPort, default to port */}}
{{- if (eq $objectData.type "NodePort") -}}
{{- if not $nodePort -}}
{{- fail "Service - Expected non-empty <nodePort> on NodePort service type" -}}
{{- end -}}
{{- $minNodePort := int $rootCtx.Values.global.minNodePort -}}
{{- if (lt $nodePort $minNodePort) -}}
{{- fail (printf "Service - Expected <nodePort> to be higher than [%v], but got [%v]" $minNodePort $nodePort) -}}
{{- end }}
nodePort: {{ $nodePort }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

133
helm-charts/dashy/charts/common/templates/lib/service/_validation.tpl Normal file
View File

@@ -0,0 +1,133 @@
{{/* Service Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.service.validation" (dict "objectData" $objectData) -}}
objectData:
rootCtx: The root context of the chart.
objectData: The service object.
*/}}
{{- define "tc.v1.common.lib.service.validation" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- if and $objectData.targetSelector (not (kindIs "string" $objectData.targetSelector)) -}}
{{- fail (printf "Service - Expected <targetSelector> to be [string], but got [%s]" (kindOf $objectData.targetSelector)) -}}
{{- end -}}
{{- $svcTypes := (list "ClusterIP" "LoadBalancer" "NodePort" "ExternalName" "ExternalIP") -}}
{{- if and $objectData.type (not (mustHas $objectData.type $svcTypes)) -}}
{{- fail (printf "Service - Expected <type> to be one of [%s] but got [%s]" (join ", " $svcTypes) $objectData.type) -}}
{{- end -}}
{{- $hasEnabledPort := false -}}
{{- if ne $objectData.type "ExternalName" -}}
{{- range $name, $port := $objectData.ports -}}
{{- if $port.enabled -}}
{{- $hasEnabledPort = true -}}
{{- if and $port.targetSelector (not (kindIs "string" $port.targetSelector)) -}}
{{- fail (printf "Service - Expected <port.targetSelector> to be [string], but got [%s]" (kindOf $port.targetSelector)) -}}
{{- end -}}
{{- if not $port.port -}}
{{- fail (printf "Service - Expected non-empty <port.port>") -}}
{{- end -}}
{{- $protocolTypes := (list "tcp" "udp" "http" "https") -}}
{{- if $port.protocol -}}
{{- if not (mustHas (tpl $port.protocol $rootCtx) $protocolTypes) -}}
{{- fail (printf "Service - Expected <port.protocol> to be one of [%s] but got [%s]" (join ", " $protocolTypes) $port.protocol) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if not $hasEnabledPort -}}
{{- fail "Service - Expected enabled service to have at least one port" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Service Primary Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.service.primaryValidation" $ -}}
*/}}
{{- define "tc.v1.common.lib.service.primaryValidation" -}}
{{/* Initialize values */}}
{{- $hasPrimary := false -}}
{{- $hasEnabled := false -}}
{{- range $name, $service := .Values.service -}}
{{/* If service is enabled */}}
{{- if $service.enabled -}}
{{- $hasEnabled = true -}}
{{/* And service is primary */}}
{{- if and (hasKey $service "primary") ($service.primary) -}}
{{/* Fail if there is already a primary service */}}
{{- if $hasPrimary -}}
{{- fail "Service - Only one service can be primary" -}}
{{- end -}}
{{- $hasPrimary = true -}}
{{- include "tc.v1.common.lib.servicePort.primaryValidation" (dict "objectData" $service.ports) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Require at least one primary service, if any enabled */}}
{{- if and $hasEnabled (not $hasPrimary) -}}
{{- fail "Service - At least one enabled service must be primary" -}}
{{- end -}}
{{- end -}}
{{/* Service Port Primary Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.service.primaryValidation" (dict "objectData" $objectData -}}
objectData:
The ports of the service.
*/}}
{{- define "tc.v1.common.lib.servicePort.primaryValidation" -}}
{{- $objectData := .objectData -}}
{{/* Initialize values */}}
{{- $hasPrimary := false -}}
{{- $hasEnabled := false -}}
{{- range $name, $port := $objectData -}}
{{/* If service is enabled */}}
{{- if $port.enabled -}}
{{- $hasEnabled = true -}}
{{/* And service is primary */}}
{{- if and (hasKey $port "primary") ($port.primary) -}}
{{/* Fail if there is already a primary port */}}
{{- if $hasPrimary -}}
{{- fail "Service - Only one port per service can be primary" -}}
{{- end -}}
{{- $hasPrimary = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Require at least one primary service, if any enabled */}}
{{- if and $hasEnabled (not $hasPrimary) -}}
{{- fail "Service - At least one enabled port in service must be primary" -}}
{{- end -}}
{{- end -}}

16
helm-charts/dashy/charts/common/templates/lib/service/serviceTypeConfig/_cluster_ip.tpl Normal file
View File

@@ -0,0 +1,16 @@
{{/* Service - clusterIP */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.service.clusterIP" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The service object data
*/}}
{{- define "tc.v1.common.lib.service.clusterIP" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
{{- with $objectData.clusterIP }}
clusterIP: {{ tpl . $rootCtx }}
{{- end -}}
{{- end -}}

17
helm-charts/dashy/charts/common/templates/lib/service/serviceTypeConfig/_externalIPs.tpl Normal file
View File

@@ -0,0 +1,17 @@
{{/* Service - externalIPs */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.service.externalIPs" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The service object data
*/}}
{{- define "tc.v1.common.lib.service.externalIPs" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- with $objectData.externalIPs -}}
{{- range . }}
- {{ tpl . $rootCtx }}
{{- end -}}
{{- end -}}
{{- end -}}

22
helm-charts/dashy/charts/common/templates/lib/service/serviceTypeConfig/_externalTrafficPolicy.tpl Normal file
View File

@@ -0,0 +1,22 @@
{{/* Service - externalTrafficPolicy */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.service.externalTrafficPolicy" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The service object data
*/}}
{{- define "tc.v1.common.lib.service.externalTrafficPolicy" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
{{- with $objectData.externalTrafficPolicy }}
{{- $policy := tpl . $rootCtx -}}
{{- $policies := (list "Cluster" "Local") -}}
{{- if not (mustHas $policy $policies) -}}
{{- fail (printf "Service - Expected <externalTrafficPolicy> to be one of [%s], but got [%s]" (join ", " $policies) $policy) -}}
{{- end }}
externalTrafficPolicy: {{ $policy }}
{{- end -}}
{{- end -}}

38
helm-charts/dashy/charts/common/templates/lib/service/serviceTypeConfig/_ipFamily.tpl Normal file
View File

@@ -0,0 +1,38 @@
{{/* Service - ipFamily */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.service.ipFamily" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The service object data
*/}}
{{- define "tc.v1.common.lib.service.ipFamily" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- with $objectData.ipFamilyPolicy -}}
{{- $famPolicy := tpl . $rootCtx -}}
{{- $stacks := (list "SingleStack" "PreferDualStack" "RequireDualStack") -}}
{{- if not (mustHas $famPolicy $stacks) -}}
{{- fail (printf "Service - Expected <ipFamilyPolicy> to be one of [%s], but got [%s]" (join ", " $stacks) $famPolicy) -}}
{{- end }}
ipFamilyPolicy: {{ $famPolicy }}
{{- end -}}
{{- if and $objectData.ipFamilies (not (kindIs "slice" $objectData.ipFamilies)) -}}
{{- fail (printf "Service - Expected <ipFamilies> to be a list, but got a [%s]" (kindOf $objectData.ipFamilies)) -}}
{{- end -}}
{{- with $objectData.ipFamilies }}
ipFamilies:
{{- range . }}
{{- $ipFam := tpl . $rootCtx -}}
{{- $stacks := (list "IPv4" "IPv6") -}}
{{- if not (mustHas $ipFam $stacks) -}}
{{- fail (printf "Service - Expected <ipFamilies> to be one of [%s], but got [%s]" (join ", " $stacks) $ipFam) -}}
{{- end }}
- {{ $ipFam }}
{{- end -}}
{{- end -}}
{{- end -}}

19
helm-charts/dashy/charts/common/templates/lib/service/serviceTypeConfig/_publishNotReadyAddresses.tpl Normal file
View File

@@ -0,0 +1,19 @@
{{/* Service - publishNotReadyAddresses */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.service.publishNotReadyAddresses" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The service object data
*/}}
{{- define "tc.v1.common.lib.service.publishNotReadyAddresses" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
{{- $publishAddr := false -}}
{{- if (kindIs "bool" $objectData.publishNotReadyAddresses) -}}
{{- $publishAddr = $objectData.publishNotReadyAddresses -}}
{{- end -}}
{{- $publishAddr -}}
{{- end -}}

42
helm-charts/dashy/charts/common/templates/lib/service/serviceTypeConfig/_sessionAffinity.tpl Normal file
View File

@@ -0,0 +1,42 @@
{{/* Service - Session Affinity */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.service.sessionAffinity" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The service object data
*/}}
{{- define "tc.v1.common.lib.service.sessionAffinity" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- with $objectData.sessionAffinity -}}
{{- $affinity := tpl . $rootCtx -}}
{{- $affinities := (list "ClientIP" "None") -}}
{{- if not (mustHas $affinity $affinities) -}}
{{- fail (printf "Service - Expected <sessionAffinity> to be one of [%s], but got [%s]" (join ", " $affinities) $affinity) -}}
{{- end }}
sessionAffinity: {{ $affinity }}
{{- if eq $affinity "ClientIP" -}}
{{- with $objectData.sessionAffinityConfig -}}
{{- with .clientIP -}}
{{- $timeout := .timeoutSeconds -}}
{{- if kindIs "string" $timeout -}}
{{- $timeout = tpl $timeout $rootCtx -}}
{{- end -}}
{{- $timeout = int $timeout -}}
{{- if and $timeout (mustHas (kindOf $timeout) (list "float64" "int64" "int")) -}}
{{- if or (lt $timeout 0) (gt $timeout 86400) -}}
{{- fail (printf "Service - Expected <sessionAffinityConfig.clientIP.timeoutSeconds> to be between [0 - 86400], but got [%v]" $timeout) -}}
{{- end }}
sessionAffinityConfig:
clientIP:
timeoutSeconds: {{ $timeout }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

21
helm-charts/dashy/charts/common/templates/lib/service/serviceTypeSpecs/_clusterIP.tpl Normal file
View File

@@ -0,0 +1,21 @@
{{/* Service - ClusterIP Spec */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.service.spec.clusterIP" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The service object data
*/}}
{{- define "tc.v1.common.lib.service.spec.clusterIP" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
type: ClusterIP
publishNotReadyAddresses: {{ include "tc.v1.common.lib.service.publishNotReadyAddresses" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim }}
{{- with (include "tc.v1.common.lib.service.externalIPs" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
externalIPs:
{{- . | nindent 2 }}
{{- end -}}
{{- include "tc.v1.common.lib.service.sessionAffinity" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }}
{{- include "tc.v1.common.lib.service.clusterIP" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }}
{{- include "tc.v1.common.lib.service.ipFamily" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }}
{{- end -}}

19
helm-charts/dashy/charts/common/templates/lib/service/serviceTypeSpecs/_externalIP.tpl Normal file
View File

@@ -0,0 +1,19 @@
{{/* Service - ExternalIP Spec */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.service.spec.externalIP" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
rootCtx: The root context of the chart.
objectData: The service object data
*/}}
{{- define "tc.v1.common.lib.service.spec.externalIP" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
publishNotReadyAddresses: {{ include "tc.v1.common.lib.service.publishNotReadyAddresses" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim }}
{{- with (include "tc.v1.common.lib.service.externalIPs" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
externalIPs:
{{- . | nindent 2 }}
{{- end -}}
{{- include "tc.v1.common.lib.service.sessionAffinity" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }}
{{- include "tc.v1.common.lib.service.externalTrafficPolicy" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }}
{{- end -}}

Some files were not shown because too many files have changed in this diff Show More