new way of doin
Some checks failed
continuous-integration/drone/push Build is failing

This commit is contained in:
root 2023-11-16 19:42:02 +10:00
parent 77ec717184
commit 1eaf295724
341 changed files with 19416 additions and 0 deletions

18
check/ahoy-hw.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ahoy
namespace: default
spec:
ingressClassName: cilium
rules:
- host: ahoy-hw.guaranteedstruggle.host
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ahoy-hello-world
port:
name: app

17
check/bgp-policy.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: "cilium.io/v2alpha1"
kind: CiliumBGPPeeringPolicy
metadata:
name: 01-bgp-peering-policy
spec:
nodeSelector:
matchLabels:
bgp-policy: a
virtualRouters:
- localASN: 64512
exportPodCIDR: true
neighbors:
- peerAddress: '192.168.0.105/32'
peerASN: 64512
serviceSelector:
matchExpressions:
- {key: somekey, operator: NotIn, values: ['never-used-value']}

12
check/config-pool.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- 192.168.0.105-192.168.0.105

View File

@ -0,0 +1,17 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: redirect
namespace: weave
spec:
ingressClassName: cilium
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: weave-scope-app
port:
name: app

View File

@ -0,0 +1,41 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: flask-htmx-dev
namespace: vdk2ch
spec:
revisionHistoryLimit: 5
replicas: 2
selector:
matchLabels:
app: flask-htmx-dev
template:
metadata:
labels:
app: flask-htmx-dev
spec:
containers:
- name: flask-htmx-dev
image: harbor.guaranteedstruggle.host/library/flask-htmx-board1:dev
imagePullPolicy: Always
ports:
- containerPort: 5000
#### таймауты и прочее взяты с потолка
#livenessProbe:
# httpGet:
# path: /liveness
# port: 5000
# initialDelaySeconds: 2
# timeoutSeconds: 2
# periodSeconds: 5
# failureThreshold: 2
#readinessProbe:
# httpGet:
# path: /readiness
# port: 5000
# initialDelaySeconds: 3
# timeoutSeconds: 3
# periodSeconds: 10
# failureThreshold: 3

View File

@ -0,0 +1,41 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: flask-htmx-master
namespace: vdk2ch
spec:
revisionHistoryLimit: 5
replicas: 2
selector:
matchLabels:
app: flask-htmx-master
template:
metadata:
labels:
app: flask-htmx-master
spec:
containers:
- name: flask-htmx-master
image: harbor.guaranteedstruggle.host/library/flask-htmx-board1:master-of-slaves
imagePullPolicy: Always
ports:
- containerPort: 5000
#### таймауты и прочее взяты с потолка
#livenessProbe:
# httpGet:
# path: /liveness
# port: 5000
# initialDelaySeconds: 2
# timeoutSeconds: 2
# periodSeconds: 5
# failureThreshold: 2
#readinessProbe:
# httpGet:
# path: /readiness
# port: 5000
# initialDelaySeconds: 3
# timeoutSeconds: 3
# periodSeconds: 10
# failureThreshold: 3

View File

@ -0,0 +1,41 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: flask-htmx-our-style
namespace: vdk2ch
spec:
revisionHistoryLimit: 5
replicas: 2
selector:
matchLabels:
app: flask-htmx-our-style
template:
metadata:
labels:
app: flask-htmx-our-style
spec:
containers:
- name: flask-htmx-our-style
image: harbor.guaranteedstruggle.host/library/flask-htmx-board1:our-style
imagePullPolicy: Always
ports:
- containerPort: 5000
#### таймауты и прочее взяты с потолка
#livenessProbe:
# httpGet:
# path: /liveness
# port: 5000
# initialDelaySeconds: 2
# timeoutSeconds: 2
# periodSeconds: 5
# failureThreshold: 2
#readinessProbe:
# httpGet:
# path: /readiness
# port: 5000
# initialDelaySeconds: 3
# timeoutSeconds: 3
# periodSeconds: 10
# failureThreshold: 3

22
check/gateway-1.yaml Normal file
View File

@ -0,0 +1,22 @@
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: my-gateway
labels:
color: coral
spec:
gatewayClassName: cilium
addresses:
- value: "0.0.0.0"
- type: IPAddress
value: 192.168.0.105
- type: IPAddress
value: 10.0.10.251
listeners:
- protocol: HTTP
port: 80
name: web-gw
allowedRoutes:
namespaces:
from: All

20
check/httproute-ahoy.yaml Normal file
View File

@ -0,0 +1,20 @@
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-ahoy
namespace: default
spec:
hostnames:
- ahoy.guaranteedstruggle.host
parentRefs:
- name: my-gateway
namespace: default
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: ahoy-hello-world
port: 80

View File

@ -0,0 +1,20 @@
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-artifactory
namespace: artifactory
spec:
hostnames:
- artifactory.guaranteedstruggle.host
parentRefs:
- name: my-gateway
namespace: default
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: artifactory-artifactory-nginx
port: 80

View File

@ -0,0 +1,20 @@
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-dashy
namespace: dashy
spec:
hostnames:
- dashy.guaranteedstruggle.host
parentRefs:
- name: my-gateway
namespace: default
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: dashy
port: 10310

View File

@ -0,0 +1,21 @@
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-flask-htmx-board-dev
namespace: vdk2ch
spec:
hostnames:
#- board.guaranteedstruggle.host
- dev.board.vdk2ch.ru
parentRefs:
- name: my-gateway
namespace: default
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: flask-htmx-dev-service
port: 5000

View File

@ -0,0 +1,21 @@
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-flask-htmx-board-master
namespace: vdk2ch
spec:
hostnames:
#- board.guaranteedstruggle.host
- master.board.vdk2ch.ru
parentRefs:
- name: my-gateway
namespace: default
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: flask-htmx-master-service
port: 5000

View File

@ -0,0 +1,21 @@
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-flask-htmx-board-our-style
namespace: vdk2ch
spec:
hostnames:
#- board.guaranteedstruggle.host
- our-style.board.vdk2ch.ru
parentRefs:
- name: my-gateway
namespace: default
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: flask-htmx-our-style-service
port: 5000

View File

@ -0,0 +1,20 @@
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-harbor
namespace: default
spec:
hostnames:
- harbor.guaranteedstruggle.host
parentRefs:
- name: my-gateway
namespace: default
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: harbor
port: 80

View File

@ -0,0 +1,20 @@
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-hubble
namespace: kube-system
spec:
hostnames:
- hubble.guaranteedstruggle.host
parentRefs:
- name: my-gateway
namespace: default
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: hubble-ui
port: 80

View File

@ -0,0 +1,20 @@
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-longhorn
namespace: longhorn-system
spec:
hostnames:
- longhorn.guaranteedstruggle.host
parentRefs:
- name: my-gateway
namespace: default
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: longhorn-frontend
port: 80

View File

@ -0,0 +1,28 @@
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-app-1
namespace: default
spec:
hostnames:
- rancher.guaranteedstruggle.host
parentRefs:
- name: my-gateway
namespace: default
rules:
- matches:
- path:
type: PathPrefix
value: /
filters:
- type: RequestHeaderModifier
requestHeaderModifier:
set:
- name: X-Forwarded-Proto
value: https
# - name: Host
# value: rancher.guaranteedstruggle.host
backendRefs:
- name: myrancher
port: 80

View File

@ -0,0 +1,20 @@
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-app-2
namespace: weave
spec:
hostnames:
- weave.guaranteedstruggle.host
parentRefs:
- name: my-gateway
namespace: default
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: weave-scope-app
port: 80

12
check/ippool.yaml Normal file
View File

@ -0,0 +1,12 @@
---
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
name: "the-pool"
spec:
cidrs:
- cidr: "192.168.0.105/30"
serviceSelector:
matchExpressions:
- {key: color, operator: In, values: [coral]}

9
check/ippool2.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
name: "lb-pool"
spec:
cidrs:
- cidr: "10.0.10.0/24"

18
check/longhorn.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: longhorn
namespace: longhorn-system
spec:
ingressClassName: cilium
rules:
- host: longhorn.guaranteedstruggle.host
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: longhorn-frontend
port:
name: http

View File

@ -0,0 +1,16 @@
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
#description: "Allow to access backends only on TCP/80"
metadata:
name: "frontend-backend"
spec:
endpointSelector:
matchLabels:
namespace: longhorn-system
ingress:
- toPorts:
- ports:
- port: '80'
protocol: TCP
- fromCIDR:
- 0.0.0.0/0

40
check/pv-pod.yaml Normal file
View File

@ -0,0 +1,40 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: garbo
namespace: default
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 2Gi
---
apiVersion: v1
kind: Pod
metadata:
name: volume-test
namespace: default
spec:
restartPolicy: Always
containers:
- name: volume-test
image: nginx:stable-alpine
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
command:
- ls
- /data/lost+found
initialDelaySeconds: 5
periodSeconds: 5
volumeMounts:
- name: volv
mountPath: /data
ports:
- containerPort: 80
volumes:
- name: volv
persistentVolumeClaim:
claimName: garbo

20
check/rancher.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: rancher
namespace: default
annotations:
ingress.cilium.io/insecure-node-port: "80"
spec:
ingressClassName: cilium
rules:
- host: rancher.guaranteedstruggle.host
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: myrancher
port:
name: http

View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: flask-htmx-dev-service
namespace: vdk2ch
spec:
selector:
app: flask-htmx-dev
ports:
- protocol: TCP
name: board
port: 5000
targetPort: 5000

View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: flask-htmx-master-service
namespace: vdk2ch
spec:
selector:
app: flask-htmx-master
ports:
- protocol: TCP
name: board
port: 5000
targetPort: 5000

View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: flask-htmx-our-style-service
namespace: vdk2ch
spec:
selector:
app: flask-htmx-our-style
ports:
- protocol: TCP
name: board
port: 5000
targetPort: 5000

18
check/weave.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: weave
namespace: weave
spec:
ingressClassName: cilium
rules:
- host: weave.guaranteedstruggle.host
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: weave-scope-app
port:
name: app

@ -0,0 +1 @@
Subproject commit 7215ec05d0f4ef093de2f4ddc80b385214522e4d

View File

@ -0,0 +1,30 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# OWNERS file for Kubernetes
OWNERS
# helm-docs templates
*.gotmpl
# docs folder
/docs
# icon
icon.png

View File

@ -0,0 +1,215 @@
# Changelog
## [dashy-1.0.0](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-1.0.0) (2022-11-10)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Major Change to GUI
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
- update helm general non-major ([#4349](https://github.com/truecharts/charts/issues/4349))
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
### Fix
- change container config label
## [dashy-0.0.13](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.13) (2022-11-08)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
- update helm general non-major ([#4349](https://github.com/truecharts/charts/issues/4349))
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
## [dashy-0.0.12](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.12) (2022-11-08)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
## [dashy-0.0.12](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.12) (2022-11-08)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
## [dashy-0.0.12](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.12) (2022-11-08)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
## [dashy-0.0.11](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.11) (2022-11-07)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
## [dashy-0.0.11](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.11) (2022-11-06)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
## [dashy-0.0.10](https://github.com/truecharts/charts/compare/dashy-0.0.9...dashy-0.0.10) (2022-11-06)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major ([#4317](https://github.com/truecharts/charts/issues/4317))
## [dashy-0.0.9](https://github.com/truecharts/charts/compare/dashy-0.0.8...dashy-0.0.9) (2022-11-05)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major ([#4308](https://github.com/truecharts/charts/issues/4308))
## [dashy-0.0.8](https://github.com/truecharts/charts/compare/dashy-0.0.7...dashy-0.0.8) (2022-11-02)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major ([#4261](https://github.com/truecharts/charts/issues/4261))
## [dashy-0.0.7](https://github.com/truecharts/charts/compare/dashy-0.0.6...dashy-0.0.7) (2022-10-25)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major ([#4182](https://github.com/truecharts/charts/issues/4182))
## [dashy-0.0.6](https://github.com/truecharts/charts/compare/dashy-0.0.5...dashy-0.0.6) (2022-10-19)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major ([#4122](https://github.com/truecharts/charts/issues/4122))
## [dashy-0.0.5](https://github.com/truecharts/charts/compare/dashy-0.0.4...dashy-0.0.5) (2022-10-12)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major ([#4071](https://github.com/truecharts/charts/issues/4071))
## [dashy-0.0.4](https://github.com/truecharts/charts/compare/dashy-0.0.3...dashy-0.0.4) (2022-10-07)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major
## [dashy-0.0.4](https://github.com/truecharts/charts/compare/dashy-0.0.3...dashy-0.0.4) (2022-10-07)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major
## [dashy-0.0.3](https://github.com/truecharts/charts/compare/dashy-0.0.2...dashy-0.0.3) (2022-10-05)
### Chore
- Auto-update chart README [skip ci]
- split addons in smaller templates ([#3979](https://github.com/truecharts/charts/issues/3979))
- update helm general non-major
## [dashy-0.0.2](https://github.com/truecharts/charts/compare/dashy-0.0.1...dashy-0.0.2) (2022-09-27)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major ([#3918](https://github.com/truecharts/charts/issues/3918))
## [dashy-0.0.1]dashy-0.0.1 (2022-09-25)
### Feat
- add dashy ([#3887](https://github.com/truecharts/charts/issues/3887))

View File

@ -0,0 +1,6 @@
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 14.3.5
digest: sha256:b7cb6511c16fc5f11e4769ebf0c48524b2522a0408b8de14207cdf19109996c6
generated: "2023-11-08T22:28:31.22683905Z"

View File

@ -0,0 +1,26 @@
annotations:
truecharts.org/SCALE-support: "true"
truecharts.org/category: dashboard
truecharts.org/grade: U
apiVersion: v2
appVersion: 2.1.1
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 14.3.5
description: Dashy helps you organize your self-hosted services by making them accessible
from a single place
home: https://truecharts.org/charts/stable/dashy
icon: https://truecharts.org/img/hotlink-ok/chart-icons/dashy.png
keywords:
- dashboard
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: dashy
sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/dashy
- https://github.com/Lissy93/dashy
version: 3.0.27

View File

@ -0,0 +1,27 @@
# README
## General Info
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
However only installations using the TrueNAS SCALE Apps system are supported.
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/)
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
## Support
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
- See the [Website](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
---
## Sponsor TrueCharts
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
*All Rights Reserved - The TrueCharts Project*

View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View File

@ -0,0 +1,17 @@
apiVersion: v2
appVersion: latest
description: Function library for TrueCharts
home: https://github.com/truecharts/apps/tree/master/charts/common
icon: https://avatars.githubusercontent.com/u/76400755
keywords:
- truecharts
- library-chart
- common
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: common
type: library
version: 14.3.5

View File

@ -0,0 +1,106 @@
Business Source License 1.1
Parameters
Licensor: The TrueCharts Project, it's owner and it's contributors
Licensed Work: The TrueCharts "Common" Helm Chart
Additional Use Grant: You may use the licensed work in production, as long
as it is directly sourced from a TrueCharts provided
official repository, catalog or source. You may also make private
modification to the directly sourced licenced work,
when used in production.
The following cases are, due to their nature, also
defined as 'production use' and explicitly prohibited:
- Bundling, including or displaying the licensed work
with(in) another work intended for production use,
with the apparent intend of facilitating and/or
promoting production use by third parties in
violation of this license.
Change Date: 2050-01-01
Change License: 3-clause BSD license
For information about alternative licensing arrangements for the Software,
please contact: legal@truecharts.org
Notice
The Business Source License (this document, or the “License”) is not an Open
Source license. However, the Licensed Work will eventually be made available
under an Open Source License, as stated in this License.
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
“Business Source License” is a trademark of MariaDB Corporation Ab.
-----------------------------------------------------------------------------
Business Source License 1.1
Terms
The Licensor hereby grants you the right to copy, modify, create derivative
works, redistribute, and make non-production use of the Licensed Work. The
Licensor may make an Additional Use Grant, above, permitting limited
production use.
Effective on the Change Date, or the fourth anniversary of the first publicly
available distribution of a specific version of the Licensed Work under this
License, whichever comes first, the Licensor hereby grants you rights under
the terms of the Change License, and the rights granted in the paragraph
above terminate.
If your use of the Licensed Work does not comply with the requirements
currently in effect as described in this License, you must purchase a
commercial license from the Licensor, its affiliated entities, or authorized
resellers, or you must refrain from using the Licensed Work.
All copies of the original and modified Licensed Work, and derivative works
of the Licensed Work, are subject to this License. This License applies
separately for each version of the Licensed Work and the Change Date may vary
for each version of the Licensed Work released by Licensor.
You must conspicuously display this License on each original or modified copy
of the Licensed Work. If you receive the Licensed Work in original or
modified form from a third party, the terms and conditions set forth in this
License apply to your use of that work.
Any use of the Licensed Work in violation of this License will automatically
terminate your rights under this License for the current and all other
versions of the Licensed Work.
This License does not grant you any right in any trademark or logo of
Licensor or its affiliates (provided that you may use a trademark or logo of
Licensor as expressly required by this License).
TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
TITLE.
MariaDB hereby grants you permission to use this Licenses text to license
your works, and to refer to it using the trademark “Business Source License”,
as long as you comply with the Covenants of Licensor below.
Covenants of Licensor
In consideration of the right to use this Licenses text and the “Business
Source License” name and trademark, Licensor covenants to MariaDB, and to all
other recipients of the licensed work to be provided by Licensor:
1. To specify as the Change License the GPL Version 2.0 or any later version,
or a license that is compatible with GPL Version 2.0 or a later version,
where “compatible” means that software provided under the Change License can
be included in a program with software provided under GPL Version 2.0 or a
later version. Licensor may specify additional Change Licenses without
limitation.
2. To either: (a) specify an additional grant of rights to use that does not
impose any additional restriction on the right granted in this License, as
the Additional Use Grant; or (b) insert the text “None”.
3. To specify a Change Date.
4. Not to modify this License in any other way.

View File

@ -0,0 +1,24 @@
# Common Library
## Naming Scheme
- ServiceAccount:
- Primary: `$FullName`
- Others: `$FullName-$ServiceAccountName`
- RBAC:
- Primary: `$FullName`
- Others: `$FullName-$RBACName`
- Service:
- Primary: `$FullName`
- Others: `$FullName-$ServiceName`
- Pods:
- Primary: `$FullName`
- Others: `$FullName-$PodName`
- Containers: `$ContainerName`
- ConfigMap: `$FullName-$ConfigMapName`
- Secret: `$FullName-$SecretName`
- Scale Certificate: `$FullName-$CertName`
- Scale External Interface: `ix-$ReleaseName-$index`
> Full name -> `$ReleaseName-$ChartName`
> Any name that exceeds 63 characters, will throw an error

View File

@ -0,0 +1,53 @@
{{/*
Template to render code-server addon
It will include / inject the required templates based on the given values.
*/}}
{{- define "tc.v1.common.addon.codeserver" -}}
{{- $targetSelector := "main" -}}
{{- if $.Values.addons.codeserver.targetSelector -}}
{{- $targetSelector = $.Values.addons.codeserver.targetSelector -}}
{{- end -}}
{{- if .Values.addons.codeserver.enabled -}}
{{/* Append the code-server container to the workloads */}}
{{- $container := include "tc.v1.common.addon.codeserver.container" . | fromYaml -}}
{{- if $container -}}
{{- $workload := get $.Values.workload $targetSelector -}}
{{- $_ := set $workload.podSpec.containers "codeserver" $container -}}
{{- end -}}
{{- $hasPrimaryService := false -}}
{{- range $svcName, $svcValues := .Values.service -}}
{{- if $svcValues.enabled -}}
{{- if $svcValues.primary -}}
{{- $hasPrimaryService = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Add the code-server service */}}
{{- if .Values.addons.codeserver.service.enabled -}}
{{- $serviceValues := .Values.addons.codeserver.service -}}
{{- $_ := set $serviceValues "targetSelector" $targetSelector -}}
{{- if not $hasPrimaryService -}}
{{- $_ := set $serviceValues "primary" true -}}
{{- end -}}
{{- $_ := set .Values.service "codeserver" $serviceValues -}}
{{- end -}}
{{/* Add the code-server ingress */}}
{{- if .Values.addons.codeserver.ingress.enabled -}}
{{- $ingressValues := .Values.addons.codeserver.ingress -}}
{{- $_ := set $ingressValues "nameOverride" "codeserver" -}}
{{/* Determine the target service name & port */}}
{{- $svcName := printf "%v-codeserver" (include "tc.v1.common.names.fullname" .) -}}
{{- $svcPort := .Values.addons.codeserver.service.ports.codeserver.port -}}
{{- range $_, $host := $ingressValues.hosts -}}
{{- $_ := set (index $host.paths 0) "service" (dict "name" $svcName "port" $svcPort) -}}
{{- end -}}
{{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}}
{{- include "tc.v1.common.class.ingress" $ -}}
{{- $_ := unset $ "ObjectValues" -}}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,46 @@
{{/*
The code-server sidecar container to be inserted.
*/}}
{{- define "tc.v1.common.addon.codeserver.container" -}}
enabled: true
probes:
liveness:
enabled: true
port: {{ .Values.addons.codeserver.service.ports.codeserver.port }}
path: "/"
readiness:
enabled: true
port: {{ .Values.addons.codeserver.service.ports.codeserver.port }}
path: "/"
startup:
enabled: true
port: {{ .Values.addons.codeserver.service.ports.codeserver.port }}
path: "/"
imageSelector: "codeserverImage"
imagePullPolicy: {{ .Values.codeserverImage.pullPolicy }}
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
env:
{{- range $envList := .Values.addons.codeserver.envList -}}
{{- if and $envList.name $envList.value }}
{{ $envList.name }}: {{ $envList.value | quote }}
{{- else }}
{{- fail "Please specify name/value for codeserver environment variable" -}}
{{- end -}}
{{- end -}}
{{- with .Values.addons.codeserver.env -}}
{{- range $k, $v := . }}
{{ $k }}: {{ $v | quote }}
{{- end -}}
{{- end }}
args:
{{- range .Values.addons.codeserver.args }}
- {{ . | quote }}
{{- end }}
- "--port"
- "{{ .Values.addons.codeserver.service.ports.codeserver.port }}"
- {{ .Values.addons.codeserver.workingDir | default "/" }}
{{- end -}}

View File

@ -0,0 +1,44 @@
{{/*
The code-server sidecar container to be inserted.
*/}}
{{- define "tc.v1.common.addon.netshoot.container" -}}
enabled: true
command:
- /bin/sh
- -c
- sleep infinity
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
imageSelector: "netshootImage"
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
env:
{{- range $envList := $.Values.addons.netshoot.envList -}}
{{- if and $envList.name $envList.value }}
{{ $envList.name }}: {{ $envList.value | quote }}
{{- else }}
{{- fail "Please specify name/value for netshoot environment variable" -}}
{{- end -}}
{{- end -}}
{{- with $.Values.addons.netshoot.env -}}
{{- range $k, $v := . }}
{{ $k }}: {{ $v | quote }}
{{- end -}}
{{- end }}
args:
{{- range $.Values.addons.netshoot.args }}
- {{ . | quote }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,15 @@
{{/*
Template to render code-server addon
It will include / inject the required templates based on the given values.
*/}}
{{- define "tc.v1.common.addon.netshoot" -}}
{{- $targetSelector := "main" -}}
{{- if .Values.addons.netshoot.enabled -}}
{{/* Append the code-server container to the workloads */}}
{{- $container := include "tc.v1.common.addon.netshoot.container" . | fromYaml -}}
{{- if $container -}}
{{- $workload := get $.Values.workload $targetSelector -}}
{{- $_ := set $workload.podSpec.containers "netshoot" $container -}}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,16 @@
{{/*
The VPN config and scripts to be included.
*/}}
{{- define "tc.v1.common.addon.vpn.configmap" -}}
enabled: true
data:
{{- with .Values.addons.vpn.scripts.up }}
up.sh: |-
{{- . | nindent 4 }}
{{- end -}}
{{- with .Values.addons.vpn.scripts.down }}
down.sh: |-
{{- . | nindent 4 }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,64 @@
{{/*
The gluetun sidecar container to be inserted.
*/}}
{{- define "tc.v1.common.addon.vpn.gluetun.container" -}}
enabled: true
imageSelector: gluetunImage
probes:
{{- if $.Values.addons.vpn.livenessProbe }}
liveness:
{{- toYaml . | nindent 2 }}
{{- else }}
liveness:
enabled: false
{{- end }}
readiness:
enabled: false
startup:
enabled: false
securityContext:
runAsUser: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
runAsGroup: 568
capabilities:
add:
- NET_ADMIN
- NET_RAW
- MKNOD
- SYS_MODULE
env:
DNS_KEEP_NAMESERVER: "on"
DOT: "off"
{{- if $.Values.addons.vpn.killSwitch }}
{{- $excludednetworks := ( printf "%v,%v" $.Values.chartContext.podCIDR $.Values.chartContext.svcCIDR ) -}}
{{- range $.Values.addons.vpn.excludedNetworks_IPv4 -}}
{{- $excludednetworks = ( printf "%v,%v" $excludednetworks . ) -}}
{{- end }}
{{- range $.Values.addons.vpn.excludedNetworks_IPv6 -}}
{{- $excludednetworksv6 = ( printf "%v,%v" $excludednetworks . ) -}}
{{- end }}
FIREWALL: "on"
FIREWALL_OUTBOUND_SUBNETS: {{ $excludednetworks | quote }}
{{- else }}
FIREWALL: "off"
{{- end }}
{{- with $.Values.addons.vpn.env }}
{{- . | toYaml | nindent 2 }}
{{- end -}}
{{- range $envList := $.Values.addons.vpn.envList -}}
{{- if and $envList.name $envList.value }}
{{ $envList.name }}: {{ $envList.value | quote }}
{{- else -}}
{{- fail "Please specify name/value for VPN environment variable" -}}
{{- end -}}
{{- end -}}
{{- with $.Values.addons.vpn.args }}
args:
{{- . | toYaml | nindent 2 }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,73 @@
{{/*
The gluetun sidecar container to be inserted.
*/}}
{{- define "tc.v1.common.addon.vpn.openvpn.container" -}}
enabled: true
imageSelector: openvpnImage
probes:
{{- if $.Values.addons.vpn.livenessProbe }}
liveness:
{{- toYaml . | nindent 2 }}
{{- else }}
liveness:
enabled: false
{{- end }}
readiness:
enabled: false
startup:
enabled: false
securityContext:
runAsUser: 0
runAsGroup: 0
capabilities:
add:
- NET_ADMIN
- NET_RAW
- MKNOD
- SYS_MODULE
env:
{{- with $.Values.addons.vpn.env }}
{{- . | toYaml | nindent 2 }}
{{- end }}
{{- if and $.Values.addons.vpn.openvpn.username $.Values.addons.vpn.openvpn.password }}
VPN_AUTH: {{ (printf "%v;%v" $.Values.addons.vpn.openvpn.username $.Values.addons.vpn.openvpn.password) }}
{{- end -}}
{{- if $.Values.addons.vpn.killSwitch }}
{{- $ipv4list := $.Values.addons.vpn.excludedNetworks_IPv4 }}
{{- if $.Values.chartContext.podCIDR }}
{{- $ipv4list = append $ipv4list $.Values.chartContext.podCIDR }}
{{- end }}
{{- if $.Values.chartContext.svcCIDR }}
{{- $ipv4list = append $ipv4list $.Values.chartContext.svcCIDR }}
{{- end }}
FIREWALL: "ON"
{{- range $index, $value := $ipv4list }}
ROUTE_{{ add $index 1 }}: {{ $value | quote }}
{{- end }}
{{- if $.Values.addons.vpn.excludedNetworks_IPv6 }}
{{- $excludednetworksv6 := "" -}}
{{- range $.Values.addons.vpn.excludedNetworks_IPv4 -}}
{{- $excludednetworksv6 = ( printf "%v;%v" $excludednetworksv6 . ) -}}
{{- end }}
{{- range $index, $value := $.Values.addons.vpn.excludedNetworks_IPv6 }}
ROUTE6_{{ add $index 1 }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end -}}
{{- range $envList := $.Values.addons.vpn.envList -}}
{{- if and $envList.name $envList.value }}
{{ $envList.name }}: {{ $envList.value | quote }}
{{- else -}}
{{- fail "Please specify name/value for VPN environment variable" -}}
{{- end -}}
{{- end -}}
{{- with $.Values.addons.vpn.args }}
args:
{{- . | toYaml | nindent 2 }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,9 @@
{{/*
The OpenVPN config secret to be included.
*/}}
{{- define "tc.v1.common.addon.vpn.secret" -}}
enabled: true
data:
vpn.conf: |-
{{- .Values.addons.vpn.config | nindent 4 }}
{{- end -}}

View File

@ -0,0 +1,87 @@
{{/*
The Tailscale sidecar container to be inserted.
*/}}
{{- define "tc.v1.common.addon.vpn.tailscale.container" -}}
enabled: true
imageSelector: "tailscaleImage"
probes:
{{- if $.Values.addons.vpn.livenessProbe }}
liveness:
{{- toYaml . | nindent 2 }}
{{- else }}
liveness:
enabled: false
{{- end }}
readiness:
enabled: false
startup:
enabled: false
command:
- /usr/local/bin/containerboot
securityContext:
{{- if $.Values.addons.vpn.tailscale.userspace }}
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: false
readOnlyRootFilesystem: true
{{- else }}
runAsUser: 0
runAsGroup: 0
runAsNonRoot: true
readOnlyRootFilesystem: false
{{- end }}
capabilities:
add:
- NET_ADMIN
- NET_RAW
{{/*
Set KUBE_SECRET to empty string to force tailscale
to use the filesystem for state tracking.
With secret for state tracking you can't always
know if the app that uses this sidecard will
use a custom ServiceAccount and will lead to falure.
*/}}
env:
TS_KUBE_SECRET: ""
TS_SOCKET: /var/run/tailscale/tailscaled.sock
TS_STATE_DIR: /var/lib/tailscale/state
TS_AUTH_ONCE: {{ $.Values.addons.vpn.tailscale.auth_once | quote }}
TS_USERSPACE: {{ $.Values.addons.vpn.tailscale.userspace | quote }}
TS_ACCEPT_DNS: {{ $.Values.addons.vpn.tailscale.accept_dns | quote }}
{{- with $.Values.addons.vpn.tailscale.outbound_http_proxy_listen }}
TS_OUTBOUND_HTTP_PROXY_LISTEN: {{ . }}
{{- end -}}
{{- with $.Values.addons.vpn.tailscale.routes }}
TS_ROUTES: {{ . }}
{{- end -}}
{{- with $.Values.addons.vpn.tailscale.dest_ip }}
TS_DEST_IP: {{ . }}
{{- end -}}
{{- with $.Values.addons.vpn.tailscale.sock5_server }}
TS_SOCKS5_SERVER: {{ . }}
{{- end -}}
{{- with $.Values.addons.vpn.tailscale.extra_args }}
TS_EXTRA_ARGS: {{ . | quote }}
{{- end -}}
{{- with $.Values.addons.vpn.tailscale.daemon_extra_args }}
TS_TAILSCALED_EXTRA_ARGS: {{ . | quote }}
{{- end -}}
{{- with $.Values.addons.vpn.tailscale.authkey }}
TS_AUTH_KEY: {{ . }}
{{- end }}
{{- range $envList := $.Values.addons.vpn.envList -}}
{{- if and $envList.name $envList.value }}
{{ $envList.name }}: {{ $envList.value | quote }}
{{- else -}}
{{- fail "Please specify name/value for VPN environment variable" -}}
{{- end -}}
{{- end -}}
{{- with $.Values.addons.vpn.env -}}
{{- range $k, $v := . }}
{{ $k }}: {{ $v | quote }}
{{- end -}}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,112 @@
{{/*
The volume (referencing VPN scripts) to be inserted into persistence.
*/}}
{{- define "tc.v1.common.addon.vpn.volume.scripts" -}}
{{- $basePath := (include "tc.v1.common.addon.vpn.volume.basePath" .) }}
enabled: true
type: configmap
objectName: vpnscripts
expandObjectName: false
defaultMode: "0777"
items:
{{- if .Values.addons.vpn.scripts.up }}
- key: up.sh
path: up.sh
{{- end -}}
{{- if .Values.addons.vpn.scripts.down }}
- key: down.sh
path: down.sh
{{- end }}
targetSelector:
{{- range .Values.addons.vpn.targetSelector }}
{{ . }}:
vpn:
mountPath: {{ $basePath }}
{{- end -}}
{{- end -}}
{{/*
The volume (referencing VPN config) to be inserted into persistence.
*/}}
{{- define "tc.v1.common.addon.vpn.volume.config" -}}
{{- $basePath := (include "tc.v1.common.addon.vpn.volume.basePath" .) }}
{{- $mountPath := $basePath }}
enabled: true
{{- if or .Values.addons.vpn.config .Values.addons.vpn.existingSecret }}
type: secret
defaultMode: "0777"
items:
- key: vpn.conf
path: vpn.conf
{{- if .Values.addons.vpn.existingSecret }}
objectName: {{ .Values.addons.vpn.existingSecret }}
expandObjectName: false
{{- else }}
objectName: vpnconfig
expandObjectName: true
{{- end -}}
{{- else }}
{{- $mountPath = (printf "%s/vpn.conf" $basePath) }}
type: hostPath
hostPath: {{ .Values.addons.vpn.configFile | default "/vpn" }}
hostPathType: "File"
autoPermissions:
enabled: true
chown: true
user: 568
group: 568
{{- end }}
targetSelector:
{{- range .Values.addons.vpn.targetSelector }}
{{ . }}:
vpn:
mountPath: {{ $mountPath }}
{{- end -}}
{{- end -}}
{{/*
The volume (referencing VPN config folder) to be inserted into persistence.
*/}}
{{- define "tc.v1.common.addon.vpn.volume.folder" -}}
{{- $basePath := (include "tc.v1.common.addon.vpn.volume.basePath" .) }}
enabled: true
type: hostPath
hostPath: {{ .Values.addons.vpn.configFolder | quote }}
autoPermissions:
enabled: true
chown: true
user: 568
group: 568
targetSelector:
{{- range .Values.addons.vpn.targetSelector }}
{{ . }}:
vpn:
mountPath: {{ $basePath }}
{{- end -}}
{{- end -}}
{{/*
The empty tailscale folder
*/}}
{{- define "tc.v1.common.addon.vpn.volume.tailscale" -}}
enabled: true
type: emptyDir
targetSelector:
{{- range .Values.addons.vpn.targetSelector }}
{{ . }}:
tailscale:
mountPath: /var/lib/tailscale
{{- end -}}
{{- end -}}
{{- define "tc.v1.common.addon.vpn.volume.basePath" -}}
{{- $basePath := "/vpn" -}} {{/* Base Path for OVPN */}}
{{- if eq .Values.addons.vpn.type "wireguard" -}}
{{- $basePath = "/etc/wireguard" -}} {{/* Base Path for Wireguard */}}
{{- else if eq .Values.addons.vpn.type "gluetun" -}}
{{- $basePath = "/gluetun" -}} {{/* Base Path for Gluetun */}}
{{- end -}}
{{- $basePath -}}
{{- end -}}

View File

@ -0,0 +1,94 @@
{{/*
Template to render VPN addon
It will include / inject the required templates based on the given values.
*/}}
{{- define "tc.v1.common.addon.vpn" -}}
{{- if ne "disabled" .Values.addons.vpn.type -}}
{{- if .Values.addons.vpn.config -}}
{{/* Append the vpn config secret to the secrets */}}
{{- $secret := include "tc.v1.common.addon.vpn.secret" . | fromYaml -}}
{{- if $secret -}}
{{- $_ := set .Values.secret "vpnconfig" $secret -}}
{{- end -}}
{{- end }}
{{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
{{/* Append the vpn up/down scripts to the configmaps */}}
{{- $configmap := include "tc.v1.common.addon.vpn.configmap" . | fromYaml -}}
{{- if $configmap -}}
{{- $_ := set .Values.configmap "vpnscripts" $configmap -}}
{{- end -}}
{{- end }}
{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.config .Values.addons.vpn.existingSecret -}}
{{/* Append the vpn config to the persistence */}}
{{- $configper := include "tc.v1.common.addon.vpn.volume.config" . | fromYaml -}}
{{- if $configper -}}
{{- $_ := set .Values.persistence "vpnconfig" $configper -}}
{{- end -}}
{{- end -}}
{{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
{{/* Append the vpn scripts to the persistence */}}
{{- $scriptsper := include "tc.v1.common.addon.vpn.volume.scripts" . | fromYaml -}}
{{- if $scriptsper -}}
{{- $_ := set .Values.persistence "vpnscripts" $scriptsper -}}
{{- end -}}
{{- end -}}
{{- if .Values.addons.vpn.configFolder -}}
{{/* Append the vpn folder to the persistence */}}
{{- $folderper := include "tc.v1.common.addon.vpn.volume.folder" . | fromYaml -}}
{{- if $folderper -}}
{{- $_ := set .Values.persistence "vpnfolder" $folderper -}}
{{- end -}}
{{- end -}}
{{/* Ensure target Selector defaults to main pod even if unset */}}
{{- $targetSelector := list "main" -}}
{{- if $.Values.addons.codeserver.targetSelector -}}
{{- $targetSelector = $.Values.addons.codeserver.targetSelector -}}
{{- end -}}
{{/* Append the vpn container to the containers */}}
{{- range $targetSelector -}}
{{- if eq "gluetun" $.Values.addons.vpn.type -}}
{{- $container := include "tc.v1.common.addon.vpn.gluetun.container" $ | fromYaml -}}
{{- if $container -}}
{{- $workload := get $.Values.workload . -}}
{{- $_ := set $workload.podSpec.containers "vpn" $container -}}
{{- end -}}
{{- else if eq "tailscale" $.Values.addons.vpn.type -}}
{{/* FIXME: https://github.com/tailscale/tailscale/issues/8188 */}}
{{- $_ := set $.Values.podOptions "automountServiceAccountToken" true -}}
{{- $container := include "tc.v1.common.addon.vpn.tailscale.container" $ | fromYaml -}}
{{- if $container -}}
{{- $workload := get $.Values.workload . -}}
{{- $_ := set $workload.podSpec.containers "tailscale" $container -}}
{{- end -}}
{{- else if eq "openvpn" $.Values.addons.vpn.type -}}
{{- $container := include "tc.v1.common.addon.vpn.openvpn.container" $ | fromYaml -}}
{{- if $container -}}
{{- $workload := get $.Values.workload . -}}
{{- $_ := set $workload.podSpec.containers "vpn" $container -}}
{{- end -}}
{{- else if eq "wireguard" $.Values.addons.vpn.type -}}
{{- $container := include "tc.v1.common.addon.vpn.wireguard.container" $ | fromYaml -}}
{{- if $container -}}
{{- $workload := get $.Values.workload . -}}
{{- $_ := set $workload.podSpec.containers "vpn" $container -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if eq "tailscale" $.Values.addons.vpn.type -}}
{{/* Append the empty tailscale folder to the persistence */}}
{{- $tailscaledir := include "tc.v1.common.addon.vpn.volume.tailscale" . | fromYaml -}}
{{- if $tailscaledir -}}
{{- $_ := set .Values.persistence "tailscalestate" $tailscaledir -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,66 @@
{{/*
The gluetun sidecar container to be inserted.
*/}}
{{- define "tc.v1.common.addon.vpn.wireguard.container" -}}
enabled: true
imageSelector: wireguardImage
probes:
{{- if $.Values.addons.vpn.livenessProbe }}
liveness:
{{- toYaml . | nindent 2 }}
{{- else }}
liveness:
enabled: false
{{- end }}
readiness:
enabled: false
startup:
enabled: false
securityContext:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: false
allowPrivilegeEscalation: true
capabilities:
add:
- AUDIT_WRITE
- NET_ADMIN
- SETUID
- SETGID
- SYS_MODULE
env:
{{- with $.Values.addons.vpn.env }}
{{- . | toYaml | nindent 2 }}
{{- end }}
SEPARATOR: ";"
IPTABLES_BACKEND: "nft"
{{- if $.Values.addons.vpn.killSwitch }}
KILLSWITCH: "true"
{{- $excludednetworksv4 := ( printf "%v;%v" $.Values.chartContext.podCIDR $.Values.chartContext.svcCIDR ) -}}
{{- range $.Values.addons.vpn.excludedNetworks_IPv4 -}}
{{- $excludednetworksv4 = ( printf "%v;%v" $excludednetworksv4 . ) -}}
{{- end }}
KILLSWITCH_EXCLUDEDNETWORKS_IPV4: {{ $excludednetworksv4 | quote }}
{{- if $.Values.addons.vpn.excludedNetworks_IPv6 -}}
{{- $excludednetworksv6 := "" -}}
{{- range $.Values.addons.vpn.excludedNetworks_IPv4 -}}
{{- $excludednetworksv6 = ( printf "%v;%v" $excludednetworksv6 . ) -}}
{{- end }}
KILLSWITCH_EXCLUDEDNETWORKS_IPV6: {{ $.Values.addons.vpn.excludedNetworks_IPv6 | quote }}
{{- end -}}
{{- end -}}
{{- range $envList := $.Values.addons.vpn.envList -}}
{{- if and $envList.name $envList.value }}
{{ $envList.name }}: {{ $envList.value | quote }}
{{- else -}}
{{- fail "Please specify name/value for VPN environment variable" -}}
{{- end -}}
{{- end -}}
{{- with $.Values.addons.vpn.args }}
args:
{{- . | toYaml | nindent 2 }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,45 @@
{{/*
This template serves as a blueprint for all Cert-Manager Certificate objects that are created
within the common library.
*/}}
{{- define "tc.v1.common.class.certificate" -}}
{{- $root := .root -}}
{{- $name := .name -}}
{{- $hosts := .hosts -}}
{{- $certificateIssuer := .certificateIssuer -}}
{{- $certificateSecretTemplate := .secretTemplate }}
---
apiVersion: {{ include "tc.v1.common.capabilities.cert-manager.certificate.apiVersion" $ }}
kind: Certificate
metadata:
name: {{ $name }}
namespace: {{ $root.Values.namespace | default $root.Values.global.namespace | default $root.Release.Namespace }}
spec:
secretName: {{ $name }}
dnsNames:
{{- range $hosts }}
- {{ tpl . $root | quote }}
{{- end }}
privateKey:
algorithm: ECDSA
size: 256
rotationPolicy: Always
issuerRef:
name: {{ tpl $certificateIssuer $root | quote }}
kind: ClusterIssuer
group: cert-manager.io
{{- if $certificateSecretTemplate }}
secretTemplate:
{{- $labels := (mustMerge ($certificateSecretTemplate.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $root | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $root "labels" $labels) | trim) }}
labels:
{{- . | nindent 6 }}
{{- end -}}
{{- $annotations := (mustMerge ($certificateSecretTemplate.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $root | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $root "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 6 }}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,83 @@
{{- define "tc.v1.common.class.cnpg.cluster" -}}
{{- $values := .Values.cnpg -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.cnpg -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $cnpgClusterName := $values.name -}}
{{- $cnpgClusterLabels := $values.labels -}}
{{- $cnpgClusterAnnotations := $values.annotations -}}
{{- $hibernation := "off" -}}
{{- if or $values.hibernate (include "tc.v1.common.lib.util.stopAll" $) -}}
{{- $hibernation = "on" -}}
{{- end }}
---
apiVersion: {{ include "tc.v1.common.capabilities.cnpg.cluster.apiVersion" $ }}
kind: Cluster
metadata:
name: {{ $cnpgClusterName }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
{{- $labels := (mustMerge ($cnpgClusterLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) }}
labels:
cnpg.io/reload: "on"
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
{{- . | nindent 4 }}
{{- end }}
{{- $annotations := (mustMerge ($cnpgClusterAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }}
annotations:
cnpg.io/hibernation: {{ $hibernation | quote }}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
{{- . | nindent 4 }}
{{- end }}
spec:
instances: {{ $values.instances | default 2 }}
bootstrap:
initdb:
database: {{ $values.database | default "app" }}
owner: {{ $values.user | default "app" }}
secret:
name: {{ $cnpgClusterName }}-user
primaryUpdateStrategy: {{ $values.primaryUpdateStrategy | default "unsupervised" }}
storage:
pvcTemplate:
{{- with (include "tc.v1.common.lib.storage.storageClassName" ( dict "rootCtx" $ "objectData" $values.storage )) | trim }}
storageClassName: {{ . }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ tpl ($values.storage.walsize | default $.Values.fallbackDefaults.vctSize) $ | quote }}
walStorage:
pvcTemplate:
{{- with (include "tc.v1.common.lib.storage.storageClassName" ( dict "rootCtx" $ "objectData" $values.storage )) | trim }}
storageClassName: {{ . }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ tpl ($values.storage.walsize | default $.Values.fallbackDefaults.vctSize) $ | quote }}
monitoring:
enablePodMonitor: {{ $values.monitoring.enablePodMonitor | default true }}
nodeMaintenanceWindow:
inProgress: false
reusePVC: true
{{- with (include "tc.v1.common.lib.container.resources" (dict "rootCtx" $ "objectData" $values) | trim) }}
resources:
{{- . | nindent 4 }}
{{- end }}
postgresql:
{{- tpl ( $values.postgresql | toYaml ) $ | nindent 4 }}
{{- end -}}

View File

@ -0,0 +1,35 @@
{{- define "tc.v1.common.class.cnpg.pooler" -}}
{{- $values := .Values.cnpg -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.cnpg -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $cnpgClusterName := $values.name -}}
{{- $cnpgName := $values.cnpgName -}}
{{- $cnpgPoolerName := $values.poolerName -}}
{{- $cnpgClusterLabels := $values.labels -}}
{{- $cnpgClusterAnnotations := $values.annotations -}}
{{- $instances := $values.pooler.instances | default 2 -}}
{{- if or $values.hibernate (include "tc.v1.common.lib.util.stopAll" $) -}}
{{- $instances = 0 -}}
{{- end }}
---
apiVersion: {{ include "tc.v1.common.capabilities.cnpg.pooler.apiVersion" $ }}
kind: Pooler
metadata:
name: {{ printf "%v-%v" $cnpgClusterName $values.pooler.type }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
spec:
cluster:
name: {{ $cnpgClusterName }}
instances: {{ $instances }}
type: {{ $values.pooler.type }}
pgbouncer:
poolMode: session
parameters:
max_client_conn: "1000"
default_pool_size: "10"
{{- end -}}

View File

@ -0,0 +1,37 @@
{{/* Configmap Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.configmap" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the configmap.
labels: The labels of the configmap.
annotations: The annotations of the configmap.
data: The data of the configmap.
namespace: The namespace of the configmap. (Optional)
*/}}
{{- define "tc.v1.common.class.configmap" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Configmap") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
data:
{{- tpl (toYaml $objectData.data) $rootCtx | nindent 2 }}
{{/* This comment is here to add a new line */}}
{{- end -}}

View File

@ -0,0 +1,52 @@
{{/* CronJob Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.cronjob" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the CronJob.
*/}}
{{- define "tc.v1.common.class.cronjob" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- include "tc.v1.common.lib.workload.cronjobValidation" (dict "objectData" $objectData) }}
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "CronJob") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.cronjobSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
template:
metadata:
{{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
(include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 12 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
(include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
(include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 12 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 10 }}
{{- end -}}

View File

@ -0,0 +1,55 @@
{{/* DaemonSet Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.deployment" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the DaemonSet.
*/}}
{{- define "tc.v1.common.class.daemonset" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- include "tc.v1.common.lib.workload.daemonsetValidation" (dict "objectData" $objectData) }}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "DaemonSet") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.daemonsetSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
selector:
matchLabels:
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | trim | nindent 6 }}
template:
metadata:
{{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
(include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 8 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
(include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
(include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 8 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
{{- end -}}

View File

@ -0,0 +1,55 @@
{{/* Deployment Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.deployment" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Deployment.
*/}}
{{- define "tc.v1.common.class.deployment" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- include "tc.v1.common.lib.workload.deploymentValidation" (dict "objectData" $objectData) }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Deployment") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.deploymentSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
selector:
matchLabels:
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | trim | nindent 6 }}
template:
metadata:
{{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
(include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 8 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
(include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
(include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 8 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
{{- end -}}

View File

@ -0,0 +1,33 @@
{{/* Endpoint Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.endpoint" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The service data, that will be used to render the Service object.
*/}}
{{- define "tc.v1.common.class.endpoint" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
---
apiVersion: v1
kind: Endpoints
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Endpoint") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
subsets:
- addresses:
{{- include "tc.v1.common.lib.endpoint.addresses" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
ports:
{{- include "tc.v1.common.lib.endpoint.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
{{- end -}}

View File

@ -0,0 +1,41 @@
{{/* EndpointSlice Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.endpointSlice" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The service data, that will be used to render the Service object.
*/}}
{{- define "tc.v1.common.class.endpointSlice" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $addressType := $objectData.addressType | default "IPv4" -}}
{{- if $objectData.addressType -}}
{{- $addressType = tpl $addressType $rootCtx -}}
{{- end }}
---
apiVersion: discovery.k8s.io/v1
kind: EndpointSlice
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Endpoint Slice") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- $_ := set $labels "kubernetes.io/service-name" $objectData.name -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
addressType: {{ $addressType }}
ports:
{{- include "tc.v1.common.lib.endpointslice.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
endpoints:
{{- include "tc.v1.common.lib.endpointslice.endpoints" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
{{- end -}}

View File

@ -0,0 +1,58 @@
{{/*
This template serves as a blueprint for horizontal pod autoscaler objects that are created
using the common library.
*/}}
{{- define "tc.v1.common.class.hpa" -}}
{{- $targetName := include "tc.v1.common.lib.chart.names.fullname" . -}}
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
{{- $hpaName := $fullName -}}
{{- $values := .Values.hpa -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.hpa -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $hpaLabels := $values.labels -}}
{{- $hpaAnnotations := $values.annotations -}}
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
{{- $hpaName = printf "%v-%v" $hpaName $values.nameOverride -}}
{{- end }}
---
apiVersion: {{ include "tc.v1.common.capabilities.hpa.apiVersion" $ }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ $hpaName }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
{{- $labels := (mustMerge ($hpaLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($hpaAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end -}}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: {{ $values.targetKind | default ( include "tc.v1.common.names.controllerType" . ) }}
name: {{ $values.target | default $targetName }}
minReplicas: {{ $values.minReplicas | default 1 }}
maxReplicas: {{ $values.maxReplicas | default 3 }}
metrics:
{{- if $values.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ $values.targetCPUUtilizationPercentage }}
{{- end -}}
{{- if $values.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ $values.targetMemoryUtilizationPercentage }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,157 @@
{{/*
This template serves as a blueprint for all Ingress objects that are created
within the common library.
*/}}
{{- define "tc.v1.common.class.ingress" -}}
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
{{- $ingressName := $fullName -}}
{{- $values := .Values.ingress -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.ingress -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $ingressLabels := $values.labels -}}
{{- $ingressAnnotations := $values.annotations -}}
{{- $ingressName = $values.name -}}
{{/* Get the name of the primary service, if any */}}
{{- $primaryServiceName := (include "tc.v1.common.lib.util.service.primary" (dict "services" .Values.service "root" .)) -}}
{{/* Get service values of the primary service, if any */}}
{{- $primaryService := get .Values.service $primaryServiceName -}}
{{- $defaultServiceName := $fullName -}}
{{- if and (hasKey $primaryService "nameOverride") $primaryService.nameOverride -}}
{{- $defaultServiceName = printf "%v-%v" $defaultServiceName $primaryService.nameOverride -}}
{{- end -}}
{{- $defaultServicePort := get $primaryService.ports (include "tc.v1.common.lib.util.service.ports.primary" (dict "svcValues" $primaryService "svcName" $primaryServiceName )) -}}
{{- $mddwrNamespace := "tc-system" -}}
{{- if $.Values.operator.traefik -}}
{{- if $.Values.operator.traefik.namespace -}}
{{- $mddwrNamespace = $.Values.operator.traefik.namespace -}}
{{- end -}}
{{- end -}}
{{- if $values.ingressClassName -}}
{{- if $.Values.global.ixChartContext -}}
{{- $mddwrNamespace = (printf "ix-%s" $values.ingressClassName) -}}
{{- else -}}
{{- $mddwrNamespace = $values.ingressClassName -}}
{{- end -}}
{{- end -}}
{{- $fixedMiddlewares := "" -}}
{{- if $values.enableFixedMiddlewares -}}
{{/* If cors is enabled, replace the default fixedMiddleware with the opencors chain */}}
{{- if $values.allowCors -}}
{{- $corsMiddlewares := list "tc-opencors-chain" }}
{{- $_ := set $values "fixedMiddlewares" $corsMiddlewares -}}
{{- end -}}
{{- range $index, $fixedMiddleware := $values.fixedMiddlewares -}}
{{- if $index -}}
{{- $fixedMiddlewares = ( printf "%v, %v-%v@%v" $fixedMiddlewares $mddwrNamespace $fixedMiddleware "kubernetescrd" ) -}}
{{- else -}}
{{- $fixedMiddlewares = ( printf "%v-%v@%v" $mddwrNamespace $fixedMiddleware "kubernetescrd" ) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $middlewares := "" -}}
{{- range $index, $middleware := $values.middlewares -}}
{{- if $index -}}
{{- $middlewares = ( printf "%v, %v-%v@%v" $middlewares $mddwrNamespace $middleware "kubernetescrd" ) -}}
{{- else -}}
{{- $middlewares = ( printf "%v-%v@%v" $mddwrNamespace $middleware "kubernetescrd" ) -}}
{{- end -}}
{{ end }}
{{- if and ( $fixedMiddlewares ) ( $middlewares ) -}}
{{- $middlewares = ( printf "%v, %v" $fixedMiddlewares $middlewares ) -}}
{{- else if $fixedMiddlewares -}}
{{- $middlewares = ( printf "%s" $fixedMiddlewares ) -}}
{{- end }}
---
apiVersion: {{ include "tc.v1.common.capabilities.ingress.apiVersion" $ }}
kind: Ingress
metadata:
name: {{ $ingressName }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
{{- $labels := (mustMerge ($ingressLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($ingressAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }}
annotations:
{{- with $values.certificateIssuer }}
cert-manager.io/cluster-issuer: {{ tpl ( toYaml . ) $ }}
cert-manager.io/private-key-rotation-policy: Always
{{- end }}
"traefik.ingress.kubernetes.io/router.entrypoints": {{ $values.entrypoint | default "websecure" }}
"traefik.ingress.kubernetes.io/router.middlewares": {{ $middlewares | quote }}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
{{- . | nindent 4 }}
{{- end }}
spec:
{{- if $values.ingressClassName }}
ingressClassName: {{ $values.ingressClassName }}
{{- end -}}
{{- if $values.certificateIssuer }}
tls:
{{- range $index, $hostsValues := $values.hosts }}
- hosts:
- {{ tpl $hostsValues.host $ | quote }}
secretName: {{ ( printf "%v-%v-%v" $ingressName "tls" $index ) }}
{{- end -}}
{{- else if $values.tls }}
tls:
{{- range $index, $tlsValues := $values.tls }}
{{- $tlsName := ( printf "%v-%v" "tls" $index ) }}
- hosts:
{{- range $tlsValues.hosts }}
- {{ tpl . $ | quote }}
{{- end -}}
{{- if $tlsValues.certificateIssuer }}
secretName: {{ printf "%v-%v" $ingressName $tlsName }}
{{- else if and ($tlsValues.scaleCert) ($.Values.global.ixChartContext) -}}
{{- $cert := dict }}
{{- $_ := set $cert "id" $tlsValues.scaleCert }}
{{- $_ := set $cert "nameOverride" $tlsName }}
secretName: {{ printf "%s-tls-%v" (include "tc.v1.common.lib.chart.names.fullname" $) $index }}
{{- else if .clusterCertificate }}
secretName: clusterissuer-templated-{{ tpl .clusterCertificate $ }}
{{- else if .secretName }}
secretName: {{ tpl .secretName $ | quote }}
{{- end -}}
{{- end -}}
{{- end }}
rules:
{{- range $values.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths -}}
{{- $service := $defaultServiceName -}}
{{- $port := $defaultServicePort.port -}}
{{- if .service -}}
{{- $service = default $service .service.name -}}
{{- $port = default $port .service.port -}}
{{- end }}
- path: {{ tpl .path $ | quote }}
pathType: {{ default "Prefix" .pathType }}
backend:
service:
name: {{ $service }}
port:
number: {{ $port }}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,52 @@
{{/* Job Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.job" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Job.
*/}}
{{- define "tc.v1.common.class.job" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- include "tc.v1.common.lib.workload.jobValidation" (dict "objectData" $objectData) }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Job") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.jobSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
template:
metadata:
{{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
(include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 8 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
(include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
(include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 8 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
{{- end -}}

View File

@ -0,0 +1,38 @@
{{/* MutatingWebhookConfiguration Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.mutatingWebhookConfiguration" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the MutatingWebhookConfiguration.
labels: The labels of the MutatingWebhookConfiguration.
annotations: The annotations of the MutatingWebhookConfiguration.
data: The data of the MutatingWebhookConfiguration.
namespace: The namespace of the MutatingWebhookConfiguration. (Optional)
*/}}
{{- define "tc.v1.common.class.mutatingWebhookConfiguration" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Webhook") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
webhooks:
{{- range $webhook := $objectData.webhooks -}}
{{- include "tc.v1.common.lib.webhook" (dict "webhook" $webhook "rootCtx" $rootCtx) | trim | nindent 4 }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,35 @@
{{/* Network Attachment Definition Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.networkAttachmentDefinition" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the Network Attachment Definition.
labels: The labels of the Network Attachment Definition.
annotations: The annotations of the Network Attachment Definition.
config: The config of the interface
*/}}
{{- define "tc.v1.common.class.networkAttachmentDefinition" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
---
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Network Attachment Definition") }}
{{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml) | default dict -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml) | default dict -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
config: {{ $objectData.config | squote }}
{{- end -}}

View File

@ -0,0 +1,185 @@
{{/*
Blueprint for the NetworkPolicy object
*/}}
{{- define "tc.v1.common.class.networkpolicy" -}}
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
{{- $networkPolicyName := $fullName -}}
{{- $values := .Values.networkPolicy -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.networkPolicy -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $networkpolicyLabels := $values.labels -}}
{{- $networkpolicyAnnotations := $values.annotations -}}
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
{{- $networkPolicyName = printf "%v-%v" $networkPolicyName $values.nameOverride -}}
{{- end }}
---
kind: NetworkPolicy
apiVersion: {{ include "tc.v1.common.capabilities.networkpolicy.apiVersion" $ }}
metadata:
name: {{ $networkPolicyName }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
{{- $labels := (mustMerge ($networkpolicyLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($networkpolicyAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
podSelector:
{{- if $values.podSelector }}
{{- tpl (toYaml $values.podSelector) $ | nindent 4 }}
{{- else if $values.targetSelector }}
{{- $objectData := dict "targetSelector" $values.targetSelector }}
{{- $selectedPod := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $ "objectData" $objectData)) }}
{{- $selectedPodName := $selectedPod.shortName }}
matchLabels:
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "pod" "objectName" $selectedPodName) | indent 8 }}
{{- else }}
matchLabels:
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "" "objectName" "") | indent 8 }}
{{- end }}
{{- if $values.policyType }}
{{- if eq $values.policyType "ingress" }}
policyTypes: ["Ingress"]
{{- else if eq $values.policyType "egress" }}
policyTypes: ["Egress"]
{{- else if eq $values.policyType "ingress-egress" }}
policyTypes: ["Ingress", "Egress"]
{{- end -}}
{{- end -}}
{{- if $values.egress }}
egress:
{{- range $values.egress }}
- to:
{{- range .to -}}
{{- $nss := false -}}
{{- $ipb := false -}}
{{- if .ipBlock -}}
{{- if .ipBlock.cidr -}}
{{- $ipb = true }}
- ipBlock:
cidr: {{ .ipBlock.cidr }}
{{- if .ipBlock.except }}
except:
{{- range .ipBlock.except }}
- {{ . }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if and ( .namespaceSelector ) ( not $ipb ) -}}
{{- if or ( .namespaceSelector.matchLabels ) ( .namespaceSelector.matchExpressions ) -}}
{{- $nss = true }}
- namespaceSelector:
{{- if .namespaceSelector.matchLabels }}
matchLabels:
{{- .namespaceSelector.matchLabels | toYaml | nindent 12 }}
{{- end -}}
{{- if .namespaceSelector.matchExpressions }}
matchExpressions:
{{- .namespaceSelector.matchExpressions | toYaml | nindent 12 }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if and ( .podSelector ) ( not $ipb ) -}}
{{- if or ( .podSelector.matchLabels ) ( .podSelector.matchExpressions ) -}}
{{- if $nss }}
podSelector:
{{- else }}
- podSelector:
{{- end -}}
{{- if .podSelector.matchLabels }}
matchLabels:
{{- .podSelector.matchLabels | toYaml | nindent 12 }}
{{- end -}}
{{- if .podSelector.matchExpressions }}
matchExpressions:
{{- .podSelector.matchExpressions | toYaml | nindent 12 }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- with .ports }}
ports:
{{- . | toYaml | nindent 6 }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $values.ingress }}
ingress:
{{- range $values.ingress }}
- from:
{{- range .from -}}
{{- $nss := false -}}
{{- $ipb := false -}}
{{- if .ipBlock -}}
{{- if .ipBlock.cidr -}}
{{- $ipb = true }}
- ipBlock:
cidr: {{ .ipBlock.cidr }}
{{- if .ipBlock.except }}
except:
{{- range .ipBlock.except }}
- {{ . }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if and ( .namespaceSelector ) ( not $ipb ) -}}
{{- if or ( .namespaceSelector.matchLabels ) ( .namespaceSelector.matchExpressions ) -}}
{{- $nss = true }}
- namespaceSelector:
{{- if .namespaceSelector.matchLabels }}
matchLabels:
{{- .namespaceSelector.matchLabels | toYaml | nindent 12 }}
{{- end -}}
{{- if .namespaceSelector.matchExpressions }}
matchExpressions:
{{- .namespaceSelector.matchExpressions | toYaml | nindent 12 }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if and ( .podSelector ) ( not $ipb ) -}}
{{- if or ( .podSelector.matchLabels ) ( .podSelector.matchExpressions ) -}}
{{- if $nss }}
podSelector:
{{- else }}
- podSelector:
{{- end }}
{{- if .podSelector.matchLabels }}
matchLabels:
{{- .podSelector.matchLabels | toYaml | nindent 12 }}
{{- end -}}
{{- if .podSelector.matchExpressions }}
matchExpressions:
{{- .podSelector.matchExpressions | toYaml | nindent 12 }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- with .ports }}
ports:
{{- . | toYaml | nindent 6 }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,54 @@
{{/* poddisruptionbudget Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.podDisruptionBudget" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the podDisruptionBudget.
labels: The labels of the podDisruptionBudget.
annotations: The annotations of the podDisruptionBudget.
data: The data of the podDisruptionBudget.
namespace: The namespace of the podDisruptionBudget. (Optional)
*/}}
{{- define "tc.v1.common.class.podDisruptionBudget" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Pod Disruption Budget") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
data:
selector:
matchLabels:
{{- if $objectData.customLabels -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $objectData.customLabels) | trim) }}
{{- . | nindent 6 }}
{{- end -}}
{{- else -}}
{{- $selectedPod := fromJson (include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Pod Disruption Budget")) }}
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $selectedPod.shortName) | nindent 6 }}
{{- end -}}
{{- if hasKey $objectData "minAvailable" }}
minAvailable: {{ tpl (toString $objectData.minAvailable) $rootCtx }}
{{- end -}}
{{- if hasKey $objectData "maxUnavailable" }}
maxUnavailable: {{ tpl (toString $objectData.maxUnavailable) $rootCtx }}
{{- end -}}
{{- with $objectData.unhealthyPodEvictionPolicy }}
unhealthyPodEvictionPolicy: {{ tpl . $rootCtx }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,47 @@
{{- define "tc.v1.common.class.podmonitor" -}}
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
{{- $podmonitorName := $fullName -}}
{{- $values := .Values.podmonitor -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.metrics -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $podmonitorLabels := $values.labels -}}
{{- $podmonitorAnnotations := $values.annotations -}}
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
{{- $podmonitorName = printf "%v-%v" $podmonitorName $values.nameOverride -}}
{{- end }}
---
apiVersion: {{ include "tc.v1.common.capabilities.podmonitor.apiVersion" $ }}
kind: PodMonitor
metadata:
name: {{ $podmonitorName }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
{{- $labels := (mustMerge ($podmonitorLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end }}
{{- $annotations := (mustMerge ($podmonitorAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
jobLabel: app.kubernetes.io/name
selector:
{{- if $values.selector }}
{{- tpl (toYaml $values.selector) $ | nindent 4 }}
{{- else }}
{{- $objectData := dict "targetSelector" $values.targetSelector }}
{{- $selectedPod := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $ "objectData" $objectData)) }}
{{- $selectedPodName := $selectedPod.shortName }}
matchLabels:
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "pod" "objectName" $selectedPodName) | indent 6 }}
{{- end }}
podMetricsEndpoints:
{{- tpl (toYaml $values.endpoints) $ | nindent 4 }}
{{- end -}}

View File

@ -0,0 +1,55 @@
{{- define "tc.v1.common.class.prometheusrule" -}}
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
{{- $prometheusruleName := $fullName -}}
{{- $values := .Values.prometheusrule -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.metrics -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $prometheusruleLabels := $values.labels -}}
{{- $prometheusruleAnnotations := $values.annotations -}}
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
{{- $prometheusruleName = printf "%v-%v" $prometheusruleName $values.nameOverride -}}
{{- end }}
---
apiVersion: {{ include "tc.v1.common.capabilities.prometheusrule.apiVersion" $ }}
kind: PrometheusRule
metadata:
name: {{ $prometheusruleName }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
{{- $labels := (mustMerge ($prometheusruleLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end }}
{{- $annotations := (mustMerge ($prometheusruleAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
groups:
{{- range $name, $groupValues := .groups }}
- name: {{ $prometheusruleName }}-{{ $name }}
rules:
{{- with $groupValues.rules }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $groupValues.additionalrules }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- range $id, $groupValues := .additionalgroups }}
- name: {{ $prometheusruleName }}-{{ if $groupValues.name }}{{ $groupValues.name }}{{ else }}{{ $id }}{{ end }}
rules:
{{- with $groupValues.rules }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $groupValues.additionalrules }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,57 @@
{{/* PVC Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.pvc" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the PVC.
labels: The labels of the PVC.
annotations: The annotations of the PVC.
*/}}
{{- define "tc.v1.common.class.pvc" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $pvcRetain := $rootCtx.Values.fallbackDefaults.pvcRetain -}}
{{- if (kindIs "bool" $objectData.retain) -}}
{{- $pvcRetain = $objectData.retain -}}
{{- end -}}
{{- $pvcSize := $rootCtx.Values.fallbackDefaults.pvcSize -}}
{{- with $objectData.size -}}
{{- $pvcSize = tpl . $rootCtx -}}
{{- end }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Persistent Volume Claim") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- if $pvcRetain -}}
{{- $_ := set $annotations "\"helm.sh/resource-policy\"" "keep" -}}
{{- end -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
accessModes:
{{- include "tc.v1.common.lib.pvc.accessModes" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "PVC") | trim | nindent 4 }}
resources:
requests:
storage: {{ $pvcSize }}
{{- with $objectData.volumeName }}
volumeName: {{ tpl . $rootCtx }}
{{- end -}}
{{- with (include "tc.v1.common.lib.storage.storageClassName" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "PVC") | trim) }}
storageClassName: {{ . }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,64 @@
{{/* RBAC Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.rbac" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the rbac.
labels: The labels of the rbac.
annotations: The annotations of the rbac.
clusterWide: Whether the rbac is cluster wide or not.
rules: The rules of the rbac.
subjects: The subjects of the rbac.
*/}}
{{- define "tc.v1.common.class.rbac" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ ternary "ClusterRole" "Role" $objectData.clusterWide }}
metadata:
name: {{ $objectData.name }}
{{- if not $objectData.clusterWide }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "RBAC") }}
{{- end }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
rules:
{{- include "tc.v1.common.lib.rbac.rules" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ ternary "ClusterRoleBinding" "RoleBinding" $objectData.clusterWide }}
metadata:
name: {{ $objectData.name }}
{{- if not $objectData.clusterWide }}
namespace: {{ $rootCtx.Release.Namespace }}
{{- end }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: {{ ternary "ClusterRole" "Role" $objectData.clusterWide }}
name: {{ $objectData.name }}
subjects:
{{- include "tc.v1.common.lib.rbac.serviceAccount" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
{{- include "tc.v1.common.lib.rbac.subjects" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
{{- end -}}

View File

@ -0,0 +1,87 @@
{{/*
This template serves as a blueprint for all Route objects that are created
within the common library.
*/}}
{{- define "tc.v1.common.class.route" -}}
{{- $values := .Values.route -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.route -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $routeLabels := $values.labels -}}
{{- $routeAnnotations := $values.annotations -}}
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
{{- $fullName = printf "%v-%v" $fullName $values.nameOverride -}}
{{- end -}}
{{- $routeKind := $values.kind | default "HTTPRoute" -}}
{{/* Get the name of the primary service, if any */}}
{{- $primaryServiceName := (include "tc.v1.common.lib.util.service.primary" (dict "services" .Values.service "root" .)) -}}
{{/* Get service values of the primary service, if any */}}
{{- $primaryService := get .Values.service $primaryServiceName -}}
{{- $defaultServiceName := $fullName -}}
{{- if and (hasKey $primaryService "nameOverride") $primaryService.nameOverride -}}
{{- $defaultServiceName = printf "%v-%v" $defaultServiceName $primaryService.nameOverride -}}
{{- end -}}
{{- $defaultServicePort := get $primaryService.ports (include "tc.v1.common.lib.util.service.ports.primary" (dict "svcValues" $primaryService "svcName" $primaryServiceName )) }}
---
apiVersion: gateway.networking.k8s.io/v1alpha2
{{- if and (ne $routeKind "GRPCRoute") (ne $routeKind "HTTPRoute") (ne $routeKind "TCPRoute") (ne $routeKind "TLSRoute") (ne $routeKind "UDPRoute") -}}
{{- fail (printf "Not a valid route kind (%s)" $routeKind) -}}
{{- end }}
kind: {{ $routeKind }}
metadata:
name: {{ $fullName }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
{{- $labels := (mustMerge ($routeLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($routeAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }}
annotations:
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
{{- . | nindent 4 }}
{{- end }}
spec:
parentRefs:
{{- range $values.parentRefs }}
- group: {{ default "gateway.networking.k8s.io" .group }}
kind: {{ default "Gateway" .kind }}
name: {{ required (printf "parentRef name is required for %v %v" $routeKind $fullName) .name }}
namespace: {{ required (printf "parentRef namespace is required for %v %v" $routeKind $fullName) .namespace }}
{{- if .sectionName }}
sectionName: {{ .sectionName | quote }}
{{- end }}
{{- end }}
{{- if and (ne $routeKind "TCPRoute") (ne $routeKind "UDPRoute") $values.hostnames }}
hostnames:
{{- with $values.hostnames }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
rules:
{{- range $values.rules }}
- backendRefs:
{{- range .backendRefs }}
- group: {{ default "" .group | quote}}
kind: {{ default "Service" .kind }}
name: {{ default $defaultServiceName .name }}
namespace: {{ default $.Release.Namespace .namespace }}
port: {{ default $defaultServicePort.port .port }}
weight: {{ default 1 .weight }}
{{- end }}
{{- if (eq $routeKind "HTTPRoute") }}
{{- with .matches }}
matches:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,58 @@
{{/* Secret Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.secret" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the secret.
labels: The labels of the secret.
annotations: The annotations of the secret.
type: The type of the secret.
data: The data of the secret.
namespace: The namespace of the secret. (Optional)
*/}}
{{- define "tc.v1.common.class.secret" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $secretType := "Opaque" -}}
{{- if eq $objectData.type "certificate" -}}
{{- $secretType = "kubernetes.io/tls" -}}
{{- else if eq $objectData.type "imagePullSecret" -}}
{{- $secretType = "kubernetes.io/dockerconfigjson" -}}
{{- else if $objectData.type -}}
{{- $secretType = $objectData.type -}}
{{- end }}
---
apiVersion: v1
kind: Secret
type: {{ $secretType }}
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Secret") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end -}}
{{- if (mustHas $objectData.type (list "certificate" "imagePullSecret")) }}
data:
{{- if eq $objectData.type "certificate" }}
tls.crt: {{ $objectData.data.certificate | trim | b64enc }}
tls.key: {{ $objectData.data.privatekey | trim | b64enc }}
{{- else if eq $objectData.type "imagePullSecret" }}
.dockerconfigjson: {{ $objectData.data | trim | b64enc }}
{{- end -}}
{{- else }}
stringData:
{{- tpl (toYaml $objectData.data) $rootCtx | nindent 2 }}
{{/* This comment is here to add a new line */}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,115 @@
{{/* Service Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.service" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The service data, that will be used to render the Service object.
*/}}
{{- define "tc.v1.common.class.service" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $svcType := $objectData.type | default $rootCtx.Values.fallbackDefaults.serviceType -}}
{{/* Init variables */}}
{{- $hasHTTPSPort := false -}}
{{- $hasHostPort := false -}}
{{- $hostNetwork := false -}}
{{- $podValues := dict -}}
{{- range $portName, $port := $objectData.ports -}}
{{- if $port.enabled -}}
{{- if eq (tpl ($port.protocol | default "") $rootCtx) "https" -}}
{{- $hasHTTPSPort = true -}}
{{- end -}}
{{- if and (hasKey $port "hostPort") $port.hostPort -}}
{{- $hasHostPort = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $specialTypes := (list "ExternalName" "ExternalIP") -}}
{{/* External Name / External IP does not rely on any pod values */}}
{{- if not (mustHas $svcType $specialTypes) -}}
{{/* Get Pod Values based on the selector (or the absence of it) */}}
{{- $podValues = fromJson (include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service")) -}}
{{- if $podValues -}}
{{/* Get Pod hostNetwork configuration */}}
{{- $hostNetwork = include "tc.v1.common.lib.pod.hostNetwork" (dict "rootCtx" $rootCtx "objectData" $podValues) -}}
{{/* When hostNetwork is set on the pod, force ClusterIP, so services wont try to bind the same ports on the host */}}
{{- if or (and (kindIs "bool" $hostNetwork) $hostNetwork) (and (kindIs "string" $hostNetwork) (eq $hostNetwork "true")) -}}
{{- $svcType = "ClusterIP" -}}
{{- end -}}
{{- end -}}
{{/* When hostPort is defined, force ClusterIP aswell */}}
{{- if $hasHostPort -}}
{{- $svcType = "ClusterIP" -}}
{{- end -}}
{{- end -}}
{{- $_ := set $objectData "type" $svcType }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "service" "objectName" $objectData.shortName) | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- if eq $objectData.type "LoadBalancer" -}}
{{- include "tc.v1.common.lib.service.metalLBAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData "annotations" $annotations) -}}
{{- end -}}
{{- if $hasHTTPSPort -}}
{{- include "tc.v1.common.lib.service.traefikAnnotations" (dict "rootCtx" $rootCtx "annotations" $annotations) -}}
{{- end -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
{{- if eq $objectData.type "ClusterIP" -}}
{{- include "tc.v1.common.lib.service.spec.clusterIP" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
{{- else if eq $objectData.type "LoadBalancer" -}}
{{- include "tc.v1.common.lib.service.spec.loadBalancer" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
{{- else if eq $objectData.type "NodePort" -}}
{{- include "tc.v1.common.lib.service.spec.nodePort" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
{{- else if eq $objectData.type "ExternalName" -}}
{{- include "tc.v1.common.lib.service.spec.externalName" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
{{- else if eq $objectData.type "ExternalIP" -}}
{{- include "tc.v1.common.lib.service.spec.externalIP" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
{{- end -}}
{{- with (include "tc.v1.common.lib.service.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
ports:
{{- . | nindent 4 }}
{{- end -}}
{{- if not (mustHas $objectData.type $specialTypes) }}
selector:
{{- if $objectData.selectorLabels }}
{{- tpl ( toYaml $objectData.selectorLabels) $rootCtx | nindent 4 }}
{{- else }}
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $podValues.shortName) | trim | nindent 4 -}}
{{- end }}
{{- end -}}
{{- if eq $objectData.type "ExternalIP" -}}
{{- $useSlice := true -}}
{{- if kindIs "bool" $objectData.useSlice -}}
{{- $useSlice = $objectData.useSlice -}}
{{- end -}}
{{- if $useSlice -}}
{{- include "tc.v1.common.class.endpointSlice" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }}
{{- else -}}
{{- include "tc.v1.common.class.endpoint" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,34 @@
{{/* Service Account Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.serviceAccount" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the serviceAccount.
labels: The labels of the serviceAccount.
annotations: The annotations of the serviceAccount.
autoMountToken: Whether to mount the ServiceAccount token or not.
*/}}
{{- define "tc.v1.common.class.serviceAccount" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service Account") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ $objectData.automountServiceAccountToken | default false }}
{{- end -}}

View File

@ -0,0 +1,47 @@
{{- define "tc.v1.common.class.servicemonitor" -}}
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
{{- $servicemonitorName := $fullName -}}
{{- $values := .Values.servicemonitor -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.metrics -}}
{{- $values = . -}}
{{- end -}}
{{- end -}}
{{- $servicemonitorLabels := $values.labels -}}
{{- $servicemonitorAnnotations := $values.annotations -}}
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
{{- $servicemonitorName = printf "%v-%v" $servicemonitorName $values.nameOverride -}}
{{- end }}
---
apiVersion: {{ include "tc.v1.common.capabilities.servicemonitor.apiVersion" $ }}
kind: ServiceMonitor
metadata:
name: {{ $servicemonitorName }}
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
{{- $labels := (mustMerge ($servicemonitorLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end }}
{{- $annotations := (mustMerge ($servicemonitorAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
jobLabel: app.kubernetes.io/name
selector:
{{- if $values.selector }}
{{- tpl (toYaml $values.selector) $ | nindent 4 }}
{{- else }}
{{- $objectData := dict "targetSelector" $values.targetSelector }}
{{- $selectedService := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedServiceValues" (dict "rootCtx" $ "objectData" $objectData)) }}
{{- $selectedServiceName := $selectedService.shortName }}
matchLabels:
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "service" "objectName" $selectedServiceName) | indent 6 }}
{{- end }}
endpoints:
{{- tpl (toYaml $values.endpoints) $ | nindent 4 }}
{{- end -}}

View File

@ -0,0 +1,59 @@
{{/* StatefulSet Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.deployment" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the StatefulSet.
*/}}
{{- define "tc.v1.common.class.statefulset" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- include "tc.v1.common.lib.workload.statefulsetValidation" (dict "objectData" $objectData) }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "StatefulSet") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.statefulsetSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
selector:
matchLabels:
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | trim | nindent 6 }}
template:
metadata:
{{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
(include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 8 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
(include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
(include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
(include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 8 }}
{{- end }}
spec:
{{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
{{- with (include "tc.v1.common.lib.storage.volumeClaimTemplates" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
volumeClaimTemplates:
{{- . | nindent 4 }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,38 @@
{{/* ValidatingWebhookconfiguration Class */}}
{{/* Call this template:
{{ include "tc.v1.common.class.validatingWebhookconfiguration" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData:
name: The name of the validatingWebhookconfiguration.
labels: The labels of the validatingWebhookconfiguration.
annotations: The annotations of the validatingWebhookconfiguration.
data: The data of the validatingWebhookconfiguration.
namespace: The namespace of the validatingWebhookconfiguration. (Optional)
*/}}
{{- define "tc.v1.common.class.validatingWebhookconfiguration" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData }}
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ $objectData.name }}
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Webhook") }}
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
labels:
{{- . | nindent 4 }}
{{- end -}}
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
webhooks:
{{- range $webhook := $objectData.webhooks -}}
{{- include "tc.v1.common.lib.webhook" (dict "webhook" $webhook "rootCtx" $rootCtx) | trim | nindent 4 }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,23 @@
{{/* Check Env for Duplicates */}}
{{/* Call this template:
{{ include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $ "objectData" $objectData "source" $source "key" $key) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.helper.container.envDupeCheck" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $source := .source -}}
{{- $type := .type -}}
{{- $key := .key -}}
{{- $dupeEnv := (get $objectData.envDupe $key) -}}
{{- if $dupeEnv -}}
{{- fail (printf "Container - Environment Variable [%s] in [%s] tried to override the Environment Variable that is already defined in [%s]" $key $source $dupeEnv.source) -}}
{{- end -}}
{{- $_ := set $objectData.envDupe $key (dict "source" $source) -}}
{{- end -}}

View File

@ -0,0 +1,59 @@
{{/* Returns Lowest and Highest ports assigned to the any container in the pod */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.helpers.securityContext.getPortRange" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the Pod.
*/}}
{{- define "tc.v1.common.lib.helpers.securityContext.getPortRange" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{ $portRange := (dict "high" 0 "low" 0) }}
{{- range $name, $service := $rootCtx.Values.service -}}
{{- $selected := false -}}
{{/* If service is enabled... */}}
{{- if $service.enabled -}}
{{/* If there is a selector */}}
{{- if $service.targetSelector -}}
{{/* And pod is selected */}}
{{- if eq $service.targetSelector $objectData.shortName -}}
{{- $selected = true -}}
{{- end -}}
{{- else -}}
{{/* If no selector is defined but pod is primary */}}
{{- if $objectData.primary -}}
{{- $selected = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $selected -}}
{{- range $name, $portValues := $service.ports -}}
{{- if $portValues.enabled -}}
{{- $portToCheck := ($portValues.targetPort | default $portValues.port) -}}
{{- if kindIs "string" $portToCheck -}}
{{- $portToCheck = (tpl $portToCheck $rootCtx) | int -}}
{{- end -}}
{{- if or (not $portRange.low) (lt ($portToCheck | int) ($portRange.low | int)) -}}
{{- $_ := set $portRange "low" $portToCheck -}}
{{- end -}}
{{- if or (not $portRange.high) (gt ($portToCheck | int) ($portRange.high | int)) -}}
{{- $_ := set $portRange "high" $portToCheck -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $portRange | toJson -}}
{{- end -}}

View File

@ -0,0 +1,47 @@
{{/* Service - Get Selected Pod */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
objectData: The object data of the service
rootCtx: The root context of the chart.
*/}}
{{- define "tc.v1.common.lib.helpers.getSelectedPodValues" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $caller := .caller -}}
{{- $podValues := dict -}}
{{- with $objectData.targetSelector -}}
{{- $podValues = mustDeepCopy (get $rootCtx.Values.workload .) -}}
{{- if not $podValues -}}
{{- fail (printf "%s - Selected pod [%s] is not defined" $caller .) -}}
{{- end -}}
{{- if not $podValues.enabled -}}
{{- fail (printf "%s - Selected pod [%s] is not enabled" $caller .) -}}
{{- end -}}
{{/* While we know the shortName from targetSelector, let's set it explicitly
So service can reference this directly, to match the behaviour of a service
without targetSelector defined (assumes "use primary") */}}
{{- $_ := set $podValues "shortName" . -}}
{{- else -}}
{{/* If no targetSelector is defined, we assume the service is using the primary pod */}}
{{/* Also no need to check for multiple primaries here, it's already done on the workload validation */}}
{{- range $podName, $pod := $rootCtx.Values.workload -}}
{{- if $pod.enabled -}}
{{- if $pod.primary -}}
{{- $podValues = mustDeepCopy $pod -}}
{{/* Set the shortName so service can use this on selector */}}
{{- $_ := set $podValues "shortName" $podName -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Return values in Json, to preserve types */}}
{{ $podValues | toJson }}
{{- end -}}

View File

@ -0,0 +1,47 @@
{{/* Service - Get Selected Service */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.helpers.getSelectedServiceValues" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
objectData: The object data of the service
rootCtx: The root context of the chart.
*/}}
{{- define "tc.v1.common.lib.helpers.getSelectedServiceValues" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $caller := .caller -}}
{{- $serviceValues := dict -}}
{{- with $objectData.targetSelector -}}
{{- $serviceValues = mustDeepCopy (get $rootCtx.Values.service .) -}}
{{- if not $serviceValues -}}
{{- fail (printf "%s - Selected service [%s] is not defined" $caller .) -}}
{{- end -}}
{{- if not $serviceValues.enabled -}}
{{- fail (printf "%s - Selected service [%s] is not enabled" $caller .) -}}
{{- end -}}
{{/* While we know the shortName from targetSelector, let's set it explicitly
So service can reference this directly, to match the behaviour of a service
without targetSelector defined (assumes "use primary") */}}
{{- $_ := set $serviceValues "shortName" . -}}
{{- else -}}
{{/* If no targetSelector is defined, we assume the service is using the primary service */}}
{{/* Also no need to check for multiple primaries here, it's already done on the service validation */}}
{{- range $serviceName, $service := $rootCtx.Values.service -}}
{{- if $service.enabled -}}
{{- if $service.primary -}}
{{- $serviceValues = mustDeepCopy $service -}}
{{/* Set the shortName so service can use this on selector */}}
{{- $_ := set $serviceValues "shortName" $serviceName -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Return values in Json, to preserve types */}}
{{ $serviceValues | toJson }}
{{- end -}}

View File

@ -0,0 +1,21 @@
{{- define "tc.v1.common.helper.makeIntOrNoop" -}}
{{- $value := . -}}
{{/*
- Ints in Helm can be either int, int64 or float64.
- Values that start with zero should not be converted
to int again as this will strip leading zeros.
- Numbers converted to E notation by Helm will
always contain the "e" character. So we only
convert those.
*/}}
{{- if and
(mustHas (kindOf $value) (list "int" "int64" "float64"))
(not (hasPrefix "0" ($value | toString)))
(contains "e" ($value | toString | lower))
-}}
{{- $value | int -}}
{{- else -}}
{{- $value -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,44 @@
{{/* Return the appropriate apiVersion for PodMonitor */}}
{{- define "tc.v1.common.capabilities.podmonitor.apiVersion" -}}
{{- print "monitoring.coreos.com/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for ServiceMonitor */}}
{{- define "tc.v1.common.capabilities.servicemonitor.apiVersion" -}}
{{- print "monitoring.coreos.com/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for PrometheusRule */}}
{{- define "tc.v1.common.capabilities.prometheusrule.apiVersion" -}}
{{- print "monitoring.coreos.com/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for Ingress */}}
{{- define "tc.v1.common.capabilities.ingress.apiVersion" -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for NetworkPolicy*/}}
{{- define "tc.v1.common.capabilities.networkpolicy.apiVersion" -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for HorizontalPodAutoscaler aka HPA*/}}
{{- define "tc.v1.common.capabilities.hpa.apiVersion" -}}
{{- print "autoscaling/v2" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for Cert-Manager certificates */}}
{{- define "tc.v1.common.capabilities.cert-manager.certificate.apiVersion" -}}
{{- print "cert-manager.io/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for Cert-Manager certificates */}}
{{- define "tc.v1.common.capabilities.cnpg.cluster.apiVersion" -}}
{{- print "postgresql.cnpg.io/v1" -}}
{{- end -}}
{{/* Return the appropriate apiVersion for Cert-Manager certificates */}}
{{- define "tc.v1.common.capabilities.cnpg.pooler.apiVersion" -}}
{{- print "postgresql.cnpg.io/v1" -}}
{{- end -}}

View File

@ -0,0 +1,52 @@
{{/* Contains functions for generating names */}}
{{/* Returns the name of the Chart */}}
{{- define "tc.v1.common.lib.chart.names.name" -}}
{{- .Chart.Name | lower | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* Returns the fullname of the Chart */}}
{{- define "tc.v1.common.lib.chart.names.fullname" -}}
{{- $name := include "tc.v1.common.lib.chart.names.name" . -}}
{{- if contains $name .Release.Name -}}
{{- $name = .Release.Name -}}
{{- else -}}
{{- $name = printf "%s-%s" .Release.Name $name -}}
{{- end -}}
{{- $name | lower | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* Returns the fqdn of the Chart */}}
{{- define "tc.v1.common.lib.chart.names.fqdn" -}}
{{- printf "%s.%s" (include "tc.v1.common.lib.chart.names.name" .) .Release.Namespace | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* Validates names */}}
{{- define "tc.v1.common.lib.chart.names.validation" -}}
{{- $name := .name -}}
{{- $length := .length -}}
{{- if not $length -}}
{{- $length = 63 -}}
{{- end -}}
{{- if not (and (mustRegexMatch "^[a-z0-9]((-?[a-z0-9]-?)*[a-z0-9])?$" $name) (le (len $name) $length)) -}}
{{- fail (printf "Name [%s] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most %v characters." $name $length) -}}
{{- end -}}
{{- end -}}
{{/* Create chart name and version as used by the chart label */}}
{{- define "tc.v1.common.lib.chart.names.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

View File

@ -0,0 +1,21 @@
{{- define "tc.v1.common.lib.chart.notes" -}}
{{- include "tc.v1.common.lib.chart.header" . -}}
{{- include "tc.v1.common.lib.chart.custom" . -}}
{{- include "tc.v1.common.lib.chart.footer" . -}}
{{- end -}}
{{- define "tc.v1.common.lib.chart.header" -}}
{{- tpl $.Values.notes.header $ | nindent 0 }}
{{- end -}}
{{- define "tc.v1.common.lib.chart.custom" -}}
{{- tpl $.Values.notes.custom $ | nindent 0 }}
{{- end -}}
{{- define "tc.v1.common.lib.chart.footer" -}}
{{- tpl $.Values.notes.footer $ | nindent 0 }}
{{- end -}}

View File

@ -0,0 +1,9 @@
{{- define "tc.v1.common.lib.cnpg.metrics.pooler" -}}
enabled: true
type: "podmonitor"
selector:
matchLabels:
cnpg.io/poolerName: {{ .poolerName }}
endpoints:
- port: metrics
{{- end }}

View File

@ -0,0 +1,14 @@
{{- define "tc.v1.common.lib.cnpg.secret.urls" -}}
{{- $std := .std }}
{{- $nossl := .nossl }}
{{- $porthost := .porthost }}
{{- $host := .host }}
{{- $jdbc := .jdbc }}
enabled: true
data:
std: {{ $std }}
nossl: {{ $nossl }}
porthost: {{ $porthost }}
host: {{ $host }}
jdbc: {{ $jdbc }}
{{- end -}}

View File

@ -0,0 +1,9 @@
{{- define "tc.v1.common.lib.cnpg.secret.user" -}}
{{- $dbPass := .dbPass }}
{{- $values := .values -}}
enabled: true
type: kubernetes.io/basic-auth
data:
username: {{ $values.user }}
password: {{ $dbPass }}
{{- end -}}

View File

@ -0,0 +1,21 @@
{{/* Configmap Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.configmap.validation" (dict "objectData" $objectData) -}}
objectData:
labels: The labels of the configmap.
annotations: The annotations of the configmap.
data: The data of the configmap.
*/}}
{{- define "tc.v1.common.lib.configmap.validation" -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.data -}}
{{- fail "ConfigMap - Expected non-empty <data>" -}}
{{- end -}}
{{- if not (kindIs "map" $objectData.data) -}}
{{- fail (printf "ConfigMap - Expected <data> to be a dictionary, but got [%v]" (kindOf $objectData.data)) -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,22 @@
{{/* Returns args list */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.args" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.args" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- range $key := (list "args" "extraArgs") -}}
{{- with (get $objectData $key) -}}
{{- if kindIs "string" . }}
- {{ tpl . $rootCtx | quote }}
{{- else if kindIs "slice" . -}}
{{- range $arg := . }}
- {{ tpl $arg $rootCtx | quote }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,18 @@
{{/* Returns command list */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.command" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.command" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- if kindIs "string" $objectData.command }}
- {{ tpl $objectData.command $rootCtx | quote }}
{{- else if kindIs "slice" $objectData.command -}}
{{- range $objectData.command }}
- {{ tpl . $rootCtx | quote }}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,108 @@
{{/* Returns Env */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.env" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.env" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- range $k, $v := $objectData.env -}}
{{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "env" "key" $k) }}
- name: {{ $k | quote }}
{{- if not (kindIs "map" $v) -}}
{{- $value := "" -}}
{{- if not (kindIs "invalid" $v) -}} {{/* Only tpl non-empty values */}}
{{- $value = $v -}}
{{- if kindIs "string" $v -}}
{{- $value = tpl $v $rootCtx -}}
{{- end -}}
{{- end }}
value: {{ include "tc.v1.common.helper.makeIntOrNoop" $value | quote }}
{{- else if kindIs "map" $v }}
valueFrom:
{{- $refs := (list "configMapKeyRef" "secretKeyRef" "fieldRef") -}}
{{- if or (ne (len ($v | keys)) 1) (not (mustHas ($v | keys | first) $refs)) -}}
{{- fail (printf "Container - Expected <env> with a ref to have one of [%s], but got [%s]" (join ", " $refs) (join ", " ($v | keys | sortAlpha))) -}}
{{- end -}}
{{- $name := "" -}}
{{- range $key := (list "configMapKeyRef" "secretKeyRef") -}}
{{- if hasKey $v $key }}
{{ $key }}:
{{- $obj := get $v $key -}}
{{- if not $obj.name -}}
{{- fail (printf "Container - Expected non-empty <env.%s.name>" $key) -}}
{{- end -}}
{{- if not $obj.key -}}
{{- fail (printf "Container - Expected non-empty <env.%s.key>" $key) -}}
{{- end }}
key: {{ $obj.key | quote }}
{{- $name = tpl $obj.name $rootCtx -}}
{{- $expandName := true -}}
{{- if (hasKey $obj "expandObjectName") -}}
{{- if not (kindIs "invalid" $obj.expandObjectName) -}}
{{- $expandName = $obj.expandObjectName -}}
{{- else -}}
{{- fail (printf "Container - Expected the defined key [expandObjectName] in <env.%s> to not be empty" $k) -}}
{{- end -}}
{{- end -}}
{{- if kindIs "string" $expandName -}}
{{- $expandName = tpl $expandName $rootCtx -}}
{{/* After tpl it becomes a string, not a bool */}}
{{- if eq $expandName "true" -}}
{{- $expandName = true -}}
{{- else if eq $expandName "false" -}}
{{- $expandName = false -}}
{{- end -}}
{{- end -}}
{{- if $expandName -}}
{{- $item := ($key | trimSuffix "KeyRef" | lower) -}}
{{- $data := (get $rootCtx.Values $item) -}}
{{- $data = (get $data $name) -}}
{{- if not $data -}}
{{- fail (printf "Container - Expected in <env> the referenced %s [%s] to be defined" (camelcase $item) $name) -}}
{{- end -}}
{{- $found := false -}}
{{- range $k, $v := $data.data -}}
{{- if eq $k $obj.key -}}
{{- $found = true -}}
{{- end -}}
{{- end -}}
{{- if not $found -}}
{{- fail (printf "Container - Expected in <env> the referenced key [%s] in %s [%s] to be defined" $obj.key (camelcase $item) $name) -}}
{{- end -}}
{{- $name = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $name) -}}
{{- end }}
name: {{ $name | quote }}
{{- end -}}
{{- end -}}
{{- if hasKey $v "fieldRef" }}
fieldRef:
{{- if not $v.fieldRef.fieldPath -}}
{{- fail "Container - Expected non-empty <env.fieldRef.fieldPath>" -}}
{{- end }}
fieldPath: {{ $v.fieldRef.fieldPath | quote }}
{{- if $v.fieldRef.apiVersion }}
apiVersion: {{ $v.fieldRef.apiVersion | quote }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,74 @@
{{/* Returns Env From */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.envFrom" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.envFrom" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $refs := (list "configMapRef" "secretRef") -}}
{{- range $envFrom := $objectData.envFrom -}}
{{- if and (not $envFrom.secretRef) (not $envFrom.configMapRef) -}}
{{- fail (printf "Container - Expected <envFrom> entry to have one of [%s]" (join ", " $refs)) -}}
{{- end -}}
{{- if and $envFrom.secretRef $envFrom.configMapRef -}}
{{- fail (printf "Container - Expected <envFrom> entry to have only one of [%s], but got both" (join ", " $refs)) -}}
{{- end -}}
{{- range $ref := $refs -}}
{{- with (get $envFrom $ref) -}}
{{- if not .name -}}
{{- fail (printf "Container - Expected non-empty <envFrom.%s.name>" $ref) -}}
{{- end -}}
{{- $objectName := tpl .name $rootCtx -}}
{{- $expandName := true -}}
{{- if (hasKey . "expandObjectName") -}}
{{- if not (kindIs "invalid" .expandObjectName) -}}
{{- $expandName = .expandObjectName -}}
{{- else -}}
{{- fail (printf "Container - Expected the defined key [expandObjectName] in <envFrom.%s> to not be empty" $ref) -}}
{{- end -}}
{{- end -}}
{{- if kindIs "string" $expandName -}}
{{- $expandName = tpl $expandName $rootCtx -}}
{{/* After tpl it becomes a string, not a bool */}}
{{- if eq $expandName "true" -}}
{{- $expandName = true -}}
{{- else if eq $expandName "false" -}}
{{- $expandName = false -}}
{{- end -}}
{{- end -}}
{{- if $expandName -}}
{{- $object := dict -}}
{{- $source := "" -}}
{{- if eq $ref "configMapRef" -}}
{{- $object = (get $rootCtx.Values.configmap $objectName) -}}
{{- $source = "ConfigMap" -}}
{{- else if eq $ref "secretRef" -}}
{{- $object = (get $rootCtx.Values.secret $objectName) -}}
{{- $source = "Secret" -}}
{{- end -}}
{{- if not $object -}}
{{- fail (printf "Container - Expected %s [%s] defined in <envFrom> to exist" $source $objectName) -}}
{{- end -}}
{{- range $k, $v := $object.data -}}
{{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" (printf "%s - %s" $source $objectName) "key" $k) -}}
{{- end -}}
{{- $objectName = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $objectName) -}}
{{- end }}
- {{ $ref }}:
name: {{ $objectName | quote }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,23 @@
{{/* Returns Env List */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.envList" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.envList" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- range $env := $objectData.envList -}}
{{- if not $env.name -}}
{{- fail "Container - Expected non-empty <envList.name>" -}}
{{- end -}} {{/* Empty value is valid */}}
{{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "envList" "key" $env.name) -}}
{{- $value := $env.value -}}
{{- if kindIs "string" $env.value -}}
{{- $value = tpl $env.value $rootCtx -}}
{{- end }}
- name: {{ $env.name | quote }}
value: {{ include "tc.v1.common.helper.makeIntOrNoop" $value | quote }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,75 @@
{{/* Returns Fixed Env */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.fixedEnv" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.fixedEnv" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{/* Avoid nil pointers */}}
{{- if not (hasKey $objectData "fixedEnv") -}}
{{- $_ := set $objectData "fixedEnv" dict -}}
{{- end -}}
{{- $nvidiaCaps := $rootCtx.Values.containerOptions.NVIDIA_CAPS -}}
{{- if $objectData.fixedEnv.NVIDIA_CAPS -}}
{{- $nvidiaCaps = $objectData.fixedEnv.NVIDIA_CAPS -}}
{{- end -}}
{{- if not (deepEqual $nvidiaCaps (mustUniq $nvidiaCaps)) -}}
{{- fail (printf "Container - Expected <fixedEnv.NVIDIA_CAPS> to have only unique values, but got [%s]" (join ", " $nvidiaCaps)) -}}
{{- end -}}
{{- $caps := (list "all" "compute" "utility" "graphics" "video") -}}
{{- range $cap := $nvidiaCaps -}}
{{- if not (mustHas $cap $caps) -}}
{{- fail (printf "Container - Expected <fixedEnv.NVIDIA_CAPS> entry to be one of [%s], but got [%s]" (join ", " $caps) $cap) -}}
{{- end -}}
{{- end -}}
{{- $secContext := fromJson (include "tc.v1.common.lib.container.securityContext.calculate" (dict "rootCtx" $rootCtx "objectData" $objectData)) -}}
{{- $fixed := list -}}
{{- $TZ := $objectData.fixedEnv.TZ | default $rootCtx.Values.TZ -}}
{{- $UMASK := $objectData.fixedEnv.UMASK | default $rootCtx.Values.securityContext.container.UMASK -}}
{{- $PUID := $objectData.fixedEnv.PUID | default $rootCtx.Values.securityContext.container.PUID -}}
{{- if and (not (kindIs "invalid" $objectData.fixedEnv.PUID)) (eq (int $objectData.fixedEnv.PUID) 0) -}}
{{- $PUID = $objectData.fixedEnv.PUID -}}
{{- end -}}
{{/* calculatedFSGroup is passed from the pod */}}
{{- $PGID := $objectData.calculatedFSGroup -}}
{{- $fixed = mustAppend $fixed (dict "k" "TZ" "v" $TZ) -}}
{{- $fixed = mustAppend $fixed (dict "k" "UMASK" "v" $UMASK) -}}
{{- $fixed = mustAppend $fixed (dict "k" "UMASK_SET" "v" $UMASK) -}}
{{/* TODO: Offer gpu section in resources for native helm and adjust this include, then we can remove the "if inside ixChartContext" */}}
{{- if eq (include "tc.v1.common.lib.container.resources.gpu" (dict "rootCtx" $rootCtx "objectData" $objectData "returnBool" true)) "true" -}}
{{- $fixed = mustAppend $fixed (dict "k" "NVIDIA_DRIVER_CAPABILITIES" "v" (join "," $nvidiaCaps)) -}}
{{- else -}} {{/* Only when in SCALE */}}
{{- if hasKey $rootCtx.Values.global "ixChartContext" -}}
{{- $fixed = mustAppend $fixed (dict "k" "NVIDIA_VISIBLE_DEVICES" "v" "void") -}}
{{- end -}}
{{- end -}}
{{/* If running as root and PUID is set (0 or greater), set related envs */}}
{{- if and (or (eq (int $secContext.runAsUser) 0) (eq (int $secContext.runAsGroup) 0)) (ge (int $PUID) 0) -}}
{{- $fixed = mustAppend $fixed (dict "k" "PUID" "v" $PUID) -}}
{{- $fixed = mustAppend $fixed (dict "k" "USER_ID" "v" $PUID) -}}
{{- $fixed = mustAppend $fixed (dict "k" "UID" "v" $PUID) -}}
{{- $fixed = mustAppend $fixed (dict "k" "PGID" "v" $PGID) -}}
{{- $fixed = mustAppend $fixed (dict "k" "GROUP_ID" "v" $PGID) -}}
{{- $fixed = mustAppend $fixed (dict "k" "GID" "v" $PGID) -}}
{{- end -}}
{{/* If rootFS is readOnly OR does not as root, let s6 containers to know that fs is readonly */}}
{{- if or $secContext.readOnlyRootFilesystem $secContext.runAsNonRoot -}}
{{- $fixed = mustAppend $fixed (dict "k" "S6_READ_ONLY_ROOT" "v" "1") -}}
{{- end -}}
{{- range $env := $fixed -}}
{{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "fixedEnv" "key" $env.k) }}
- name: {{ $env.k | quote }}
value: {{ (include "tc.v1.common.helper.makeIntOrNoop" $env.v) | quote }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,42 @@
{{/* Returns the image dictionary */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.imageSelector" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.imageSelector" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $imageObj := dict -}}
{{- $selector := "image" -}}
{{- with $objectData.imageSelector -}}
{{- $selector = tpl . $rootCtx -}}
{{- end -}}
{{- if hasKey $rootCtx.Values $selector -}}
{{- $imageObj = get $rootCtx.Values $selector -}}
{{- else -}}
{{- fail (printf "Container - Expected <.Values.%s> to exist" $selector) -}}
{{- end -}}
{{- if not $imageObj.repository -}}
{{- fail (printf "Container - Expected non-empty <.Values.%s.repository>" $selector) -}}
{{- end -}}
{{- if not $imageObj.tag -}}
{{- fail (printf "Container - Expected non-empty <.Values.%s.tag>" $selector) -}}
{{- end -}}
{{- if not $imageObj.pullPolicy -}}
{{- $_ := set $imageObj "pullPolicy" "IfNotPresent" -}}
{{- end -}}
{{- $policies := (list "IfNotPresent" "Always" "Never") -}}
{{- if not (mustHas $imageObj.pullPolicy $policies) -}}
{{- fail (printf "Container - Expected <.Values.%s.pullPolicy> to be one of [%s], but got [%s]" $selector (join ", " $policies) $imageObj.pullPolicy) -}}
{{- end -}}
{{- $imageObj | toJson -}}
{{- end -}}

View File

@ -0,0 +1,37 @@
{{/* Returns lifecycle */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.lifecycle" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.lifecycle" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $hooks := (list "preStop" "postStart") -}}
{{- $types := (list "exec" "http" "https") -}}
{{- with $objectData.lifecycle -}}
{{- range $hook, $hookValues := . -}}
{{- if not (mustHas $hook $hooks) -}}
{{- fail (printf "Container - Expected <lifecycle> <hook> to be one of [%s], but got [%s]" (join ", " $hooks) $hook) -}}
{{- end -}}
{{- if not $hookValues.type -}}
{{- fail "Container - Expected non-empty <lifecycle> <type>" -}}
{{- end -}}
{{- if not (mustHas $hookValues.type $types) -}}
{{- fail (printf "Container - Expected <lifecycle> <type> to be one of [%s], but got [%s]" (join ", " $types) $hookValues.type) -}}
{{- end }}
{{ $hook }}:
{{- if eq $hookValues.type "exec" -}}
{{- include "tc.v1.common.lib.container.actions.exec" (dict "rootCtx" $rootCtx "objectData" $hookValues "caller" "lifecycle") | trim | nindent 2 -}}
{{- else if mustHas $hookValues.type (list "http" "https") -}}
{{- include "tc.v1.common.lib.container.actions.httpGet" (dict "rootCtx" $rootCtx "objectData" $hookValues "caller" "lifecycle") | trim | nindent 2 -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,87 @@
{{/* Returns ports list */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.ports" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the container.
*/}}
{{- define "tc.v1.common.lib.container.ports" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- range $serviceName, $serviceValues := $rootCtx.Values.service -}}
{{- $podSelected := false -}}
{{/* If service is enabled... */}}
{{- if $serviceValues.enabled -}}
{{/* If there is a selector */}}
{{- if $serviceValues.targetSelector -}}
{{/* And pod is selected */}}
{{- if eq $serviceValues.targetSelector $objectData.podShortName -}}
{{- $podSelected = true -}}
{{- end -}}
{{- else -}}
{{/* If no selector is defined but pod is primary */}}
{{- if $objectData.podPrimary -}}
{{- $podSelected = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $podSelected -}}
{{- range $portName, $portValues := $serviceValues.ports -}}
{{- $containerSelected := false -}}
{{/* If service is enabled... */}}
{{- if $portValues.enabled -}}
{{/* If there is a selector */}}
{{- if $portValues.targetSelector -}}
{{/* And container is selected */}}
{{- if eq $portValues.targetSelector $objectData.shortName -}}
{{- $containerSelected = true -}}
{{- end -}}
{{- else -}}
{{/* If no selector is defined but container is primary */}}
{{- if $objectData.primary -}}
{{- $containerSelected = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* If the container is selected render port */}}
{{- if $containerSelected -}}
{{- $containerPort := $portValues.targetPort | default $portValues.port -}}
{{- if kindIs "string" $containerPort -}}
{{- $containerPort = (tpl $containerPort $rootCtx) -}}
{{- end -}}
{{- $tcpProtocols := (list "tcp" "http" "https") -}}
{{- $protocol := tpl ($portValues.protocol | default $rootCtx.Values.fallbackDefaults.serviceProtocol) $rootCtx -}}
{{- if mustHas $protocol $tcpProtocols -}}
{{- $protocol = "tcp" -}}
{{- end }}
- name: {{ $portName }}
containerPort: {{ $containerPort }}
protocol: {{ $protocol | upper }}
{{- with $portValues.hostPort }}
hostPort: {{ . }}
{{- else }}
hostPort: null
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Turning hostNetwork on, it creates hostPort automatically and turning it back off does not remove them. Setting hostPort explicitly to null will remove them.
There are still cases that hostPort is not removed, for example, if you have a TCP and UDP port with the same number. Only the TCPs hostPort will be removed.
Also note that setting hostPort to null always, it will NOT affect hostNetwork, as it will still create the hostPorts.
It only helps to remove them when hostNetwork is turned off.
*/}}

View File

@ -0,0 +1,40 @@
{{/* Containers Basic Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.container.primaryValidation" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
*/}}
{{- define "tc.v1.common.lib.container.primaryValidation" -}}
{{- $objectData := .objectData -}}
{{- $rootCtx := .rootCtx -}}
{{/* Initialize values */}}
{{- $hasPrimary := false -}}
{{- $hasEnabled := false -}}
{{/* Go over the contaienrs */}}
{{- range $name, $container := $objectData.podSpec.containers -}}
{{/* If container is enabled */}}
{{- if $container.enabled -}}
{{- $hasEnabled = true -}}
{{/* And container is primary */}}
{{- if and (hasKey $container "primary") ($container.primary) -}}
{{/* Fail if there is already a primary container */}}
{{- if $hasPrimary -}}
{{- fail "Container - Only one container can be primary per workload" -}}
{{- end -}}
{{- $hasPrimary = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Require at least one primary container, if any enabled */}}
{{- if and $hasEnabled (not $hasPrimary) -}}
{{- fail "Container - At least one enabled container must be primary per workload" -}}
{{- end -}}
{{- end -}}

Some files were not shown because too many files have changed in this diff Show More