new way of doin

2023-11-16 19:42:02 +10:00 · 2023-11-16 19:42:02 +10:00 · 1eaf295724
commit 1eaf295724
parent 77ec717184
341 changed files with 19416 additions and 0 deletions
--- a/check/ahoy-hw.yaml
+++ b/check/ahoy-hw.yaml
@ -0,0 +1,18 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: ahoy
  namespace: default
 spec:
  ingressClassName: cilium
  rules:
  - host: ahoy-hw.guaranteedstruggle.host
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: ahoy-hello-world
            port:
              name: app
--- a/check/bgp-policy.yaml
+++ b/check/bgp-policy.yaml
@ -0,0 +1,17 @@
 apiVersion: "cilium.io/v2alpha1"
 kind: CiliumBGPPeeringPolicy
 metadata:
 name: 01-bgp-peering-policy
 spec:
 nodeSelector:
   matchLabels:
     bgp-policy: a
 virtualRouters:
 - localASN: 64512
   exportPodCIDR: true
   neighbors:
    - peerAddress: '192.168.0.105/32'
      peerASN: 64512
   serviceSelector:
     matchExpressions:
       - {key: somekey, operator: NotIn, values: ['never-used-value']}
--- a/check/config-pool.yaml
+++ b/check/config-pool.yaml
@ -0,0 +1,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  namespace: metallb-system
  name: config
 data:
  config: |
    address-pools:
    - name: default
      protocol: layer2
      addresses:
      - 192.168.0.105-192.168.0.105
--- a/check/default-ingress.yaml
+++ b/check/default-ingress.yaml
@ -0,0 +1,17 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: redirect
  namespace: weave
 spec:
  ingressClassName: cilium
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: weave-scope-app
            port:
              name: app
--- a/check/deployment-flask-htmx-board-dev.yaml
+++ b/check/deployment-flask-htmx-board-dev.yaml
@ -0,0 +1,41 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: flask-htmx-dev
  namespace: vdk2ch 
 spec:
  revisionHistoryLimit: 5
  replicas: 2
  selector:
    matchLabels:
      app: flask-htmx-dev
  template:
    metadata:
      labels:
        app: flask-htmx-dev
    spec:
      containers:
      - name: flask-htmx-dev
        image: harbor.guaranteedstruggle.host/library/flask-htmx-board1:dev
        imagePullPolicy: Always
        ports:
        - containerPort: 5000
        #### таймауты и прочее взяты с потолка
        #livenessProbe:
        #  httpGet:
        #    path: /liveness
        #    port: 5000
        #  initialDelaySeconds: 2
        #  timeoutSeconds: 2
        #  periodSeconds: 5
        #  failureThreshold: 2
        #readinessProbe:
        #  httpGet:
        #    path: /readiness
        #    port: 5000
        #  initialDelaySeconds: 3
        #  timeoutSeconds: 3
        #  periodSeconds: 10
        #  failureThreshold: 3
--- a/check/deployment-flask-htmx-board-master.yaml
+++ b/check/deployment-flask-htmx-board-master.yaml
@ -0,0 +1,41 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: flask-htmx-master
  namespace: vdk2ch 
 spec:
  revisionHistoryLimit: 5
  replicas: 2
  selector:
    matchLabels:
      app: flask-htmx-master
  template:
    metadata:
      labels:
        app: flask-htmx-master
    spec:
      containers:
      - name: flask-htmx-master
        image: harbor.guaranteedstruggle.host/library/flask-htmx-board1:master-of-slaves
        imagePullPolicy: Always
        ports:
        - containerPort: 5000
        #### таймауты и прочее взяты с потолка
        #livenessProbe:
        #  httpGet:
        #    path: /liveness
        #    port: 5000
        #  initialDelaySeconds: 2
        #  timeoutSeconds: 2
        #  periodSeconds: 5
        #  failureThreshold: 2
        #readinessProbe:
        #  httpGet:
        #    path: /readiness
        #    port: 5000
        #  initialDelaySeconds: 3
        #  timeoutSeconds: 3
        #  periodSeconds: 10
        #  failureThreshold: 3
--- a/check/deployment-flask-htmx-board-our-style.yaml
+++ b/check/deployment-flask-htmx-board-our-style.yaml
@ -0,0 +1,41 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: flask-htmx-our-style
  namespace: vdk2ch 
 spec:
  revisionHistoryLimit: 5
  replicas: 2
  selector:
    matchLabels:
      app: flask-htmx-our-style
  template:
    metadata:
      labels:
        app: flask-htmx-our-style
    spec:
      containers:
      - name: flask-htmx-our-style
        image: harbor.guaranteedstruggle.host/library/flask-htmx-board1:our-style
        imagePullPolicy: Always
        ports:
        - containerPort: 5000
        #### таймауты и прочее взяты с потолка
        #livenessProbe:
        #  httpGet:
        #    path: /liveness
        #    port: 5000
        #  initialDelaySeconds: 2
        #  timeoutSeconds: 2
        #  periodSeconds: 5
        #  failureThreshold: 2
        #readinessProbe:
        #  httpGet:
        #    path: /readiness
        #    port: 5000
        #  initialDelaySeconds: 3
        #  timeoutSeconds: 3
        #  periodSeconds: 10
        #  failureThreshold: 3
--- a/check/gateway-1.yaml
+++ b/check/gateway-1.yaml
@ -0,0 +1,22 @@
 ---
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: Gateway
 metadata:
  name: my-gateway
  labels:
    color: coral
 spec:
  gatewayClassName: cilium
  addresses:
  - value: "0.0.0.0"
  - type: IPAddress
    value: 192.168.0.105
  - type: IPAddress
    value: 10.0.10.251
  listeners:
  - protocol: HTTP
    port: 80
    name: web-gw
    allowedRoutes:
      namespaces:
        from: All
--- a/check/httproute-ahoy.yaml
+++ b/check/httproute-ahoy.yaml
@ -0,0 +1,20 @@
 ---
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: HTTPRoute
 metadata:
  name: http-ahoy
  namespace: default
 spec:
  hostnames:
  - ahoy.guaranteedstruggle.host
  parentRefs:
  - name: my-gateway
    namespace: default
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: ahoy-hello-world
      port: 80
--- a/check/httproute-artifactory.yaml
+++ b/check/httproute-artifactory.yaml
@ -0,0 +1,20 @@
 ---
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: HTTPRoute
 metadata:
  name: http-artifactory
  namespace: artifactory
 spec:
  hostnames:
  - artifactory.guaranteedstruggle.host
  parentRefs:
  - name: my-gateway
    namespace: default
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: artifactory-artifactory-nginx
      port: 80
--- a/check/httproute-dashy.yaml
+++ b/check/httproute-dashy.yaml
@ -0,0 +1,20 @@
 ---
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: HTTPRoute
 metadata:
  name: http-dashy
  namespace: dashy
 spec:
  hostnames:
  - dashy.guaranteedstruggle.host
  parentRefs:
  - name: my-gateway
    namespace: default
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: dashy
      port: 10310
--- a/check/httproute-flask-htmx-board-dev.yaml
+++ b/check/httproute-flask-htmx-board-dev.yaml
@ -0,0 +1,21 @@
 ---
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: HTTPRoute
 metadata:
  name: http-flask-htmx-board-dev
  namespace: vdk2ch
 spec:
  hostnames:
  #- board.guaranteedstruggle.host
  - dev.board.vdk2ch.ru
  parentRefs:
  - name: my-gateway
    namespace: default
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: flask-htmx-dev-service
      port: 5000
--- a/check/httproute-flask-htmx-board-master.yaml
+++ b/check/httproute-flask-htmx-board-master.yaml
@ -0,0 +1,21 @@
 ---
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: HTTPRoute
 metadata:
  name: http-flask-htmx-board-master
  namespace: vdk2ch
 spec:
  hostnames:
  #- board.guaranteedstruggle.host
  - master.board.vdk2ch.ru
  parentRefs:
  - name: my-gateway
    namespace: default
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: flask-htmx-master-service
      port: 5000
--- a/check/httproute-flask-htmx-board-our-style.yaml
+++ b/check/httproute-flask-htmx-board-our-style.yaml
@ -0,0 +1,21 @@
 ---
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: HTTPRoute
 metadata:
  name: http-flask-htmx-board-our-style
  namespace: vdk2ch
 spec:
  hostnames:
  #- board.guaranteedstruggle.host
  - our-style.board.vdk2ch.ru
  parentRefs:
  - name: my-gateway
    namespace: default
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: flask-htmx-our-style-service
      port: 5000
--- a/check/httproute-harbor.yaml
+++ b/check/httproute-harbor.yaml
@ -0,0 +1,20 @@
 ---
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: HTTPRoute
 metadata:
  name: http-harbor
  namespace: default
 spec:
  hostnames:
  - harbor.guaranteedstruggle.host
  parentRefs:
  - name: my-gateway
    namespace: default
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: harbor
      port: 80
--- a/check/httproute-hubble.yaml
+++ b/check/httproute-hubble.yaml
@ -0,0 +1,20 @@
 ---
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: HTTPRoute
 metadata:
  name: http-hubble
  namespace: kube-system
 spec:
  hostnames:
  - hubble.guaranteedstruggle.host
  parentRefs:
  - name: my-gateway
    namespace: default
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: hubble-ui
      port: 80
--- a/check/httproute-longhorn.yaml
+++ b/check/httproute-longhorn.yaml
@ -0,0 +1,20 @@
 ---
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: HTTPRoute
 metadata:
  name: http-longhorn
  namespace: longhorn-system
 spec:
  hostnames:
  - longhorn.guaranteedstruggle.host
  parentRefs:
  - name: my-gateway
    namespace: default
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: longhorn-frontend
      port: 80
--- a/check/httproute-rancher.yaml
+++ b/check/httproute-rancher.yaml
@ -0,0 +1,28 @@
 ---
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: HTTPRoute
 metadata:
  name: http-app-1
  namespace: default
 spec:
  hostnames:
  - rancher.guaranteedstruggle.host
  parentRefs:
  - name: my-gateway
    namespace: default
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    filters:
    - type: RequestHeaderModifier
      requestHeaderModifier:
        set:
        - name:  X-Forwarded-Proto
          value: https
 #        - name: Host
 #          value: rancher.guaranteedstruggle.host
    backendRefs:
    - name: myrancher
      port: 80
--- a/check/httproute-weave.yaml
+++ b/check/httproute-weave.yaml
@ -0,0 +1,20 @@
 ---
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: HTTPRoute
 metadata:
  name: http-app-2
  namespace: weave
 spec:
  hostnames:
  - weave.guaranteedstruggle.host
  parentRefs:
  - name: my-gateway
    namespace: default
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: weave-scope-app
      port: 80
--- a/check/ippool.yaml
+++ b/check/ippool.yaml
@ -0,0 +1,12 @@
 ---
 apiVersion: "cilium.io/v2alpha1"
 kind: CiliumLoadBalancerIPPool
 metadata:
  name: "the-pool"
 spec:
  cidrs:
  - cidr: "192.168.0.105/30"
  serviceSelector:
    matchExpressions:
      - {key: color, operator: In, values: [coral]}
--- a/check/ippool2.yaml
+++ b/check/ippool2.yaml
@ -0,0 +1,9 @@
 apiVersion: "cilium.io/v2alpha1"
 kind: CiliumLoadBalancerIPPool
 metadata:
  name: "lb-pool"
 spec:
  cidrs:
  - cidr: "10.0.10.0/24"
--- a/check/longhorn.yaml
+++ b/check/longhorn.yaml
@ -0,0 +1,18 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: longhorn
  namespace: longhorn-system
 spec:
  ingressClassName: cilium
  rules:
  - host: longhorn.guaranteedstruggle.host
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: longhorn-frontend
            port:
              name: http
--- a/check/network-policy-wut.yaml
+++ b/check/network-policy-wut.yaml
@ -0,0 +1,16 @@
 apiVersion: "cilium.io/v2"
 kind: CiliumNetworkPolicy
 #description: "Allow to access backends only on TCP/80"
 metadata:
  name: "frontend-backend"
 spec:
  endpointSelector:
    matchLabels:
      namespace: longhorn-system
  ingress:
  - toPorts:
    - ports:
      - port: '80'
        protocol: TCP
  - fromCIDR:
    - 0.0.0.0/0
--- a/check/pv-pod.yaml
+++ b/check/pv-pod.yaml
@ -0,0 +1,40 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: garbo
  namespace: default
 spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: longhorn
  resources:
    requests:
      storage: 2Gi
 ---
 apiVersion: v1
 kind: Pod
 metadata:
  name: volume-test
  namespace: default
 spec:
  restartPolicy: Always
  containers:
  - name: volume-test
    image: nginx:stable-alpine
    imagePullPolicy: IfNotPresent
    livenessProbe:
      exec:
        command:
          - ls
          - /data/lost+found
      initialDelaySeconds: 5
      periodSeconds: 5
    volumeMounts:
    - name: volv
      mountPath: /data
    ports:
    - containerPort: 80
  volumes:
  - name: volv
    persistentVolumeClaim:
      claimName: garbo
--- a/check/rancher.yaml
+++ b/check/rancher.yaml
@ -0,0 +1,20 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: rancher
  namespace: default
  annotations:
    ingress.cilium.io/insecure-node-port: "80"
 spec:
  ingressClassName: cilium
  rules:
  - host: rancher.guaranteedstruggle.host
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: myrancher
            port:
              name: http
--- a/check/svc-flask-htmx-board-dev.yaml
+++ b/check/svc-flask-htmx-board-dev.yaml
@ -0,0 +1,15 @@
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: flask-htmx-dev-service
  namespace: vdk2ch
 spec:
  selector:
    app: flask-htmx-dev
  ports:
    - protocol: TCP
      name: board
      port: 5000
      targetPort: 5000
--- a/check/svc-flask-htmx-board-master.yaml
+++ b/check/svc-flask-htmx-board-master.yaml
@ -0,0 +1,15 @@
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: flask-htmx-master-service
  namespace: vdk2ch
 spec:
  selector:
    app: flask-htmx-master
  ports:
    - protocol: TCP
      name: board
      port: 5000
      targetPort: 5000
--- a/check/svc-flask-htmx-board-our-style.yaml
+++ b/check/svc-flask-htmx-board-our-style.yaml
@ -0,0 +1,15 @@
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: flask-htmx-our-style-service
  namespace: vdk2ch
 spec:
  selector:
    app: flask-htmx-our-style
  ports:
    - protocol: TCP
      name: board
      port: 5000
      targetPort: 5000
--- a/check/weave.yaml
+++ b/check/weave.yaml
@ -0,0 +1,18 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: weave
  namespace: weave
 spec:
  ingressClassName: cilium
  rules:
  - host: weave.guaranteedstruggle.host
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: weave-scope-app
            port:
              name: app
--- a/helm-charts/consul-k8s
+++ b/helm-charts/consul-k8s
@ -0,0 +1 @@
 Subproject commit 7215ec05d0f4ef093de2f4ddc80b385214522e4d
--- a/helm-charts/dashy/.helmignore
+++ b/helm-charts/dashy/.helmignore
@ -0,0 +1,30 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
 # OWNERS file for Kubernetes
 OWNERS
 # helm-docs templates
 *.gotmpl
 # docs folder
 /docs
 # icon
 icon.png
--- a/helm-charts/dashy/CHANGELOG.md
+++ b/helm-charts/dashy/CHANGELOG.md
@ -0,0 +1,215 @@
 # Changelog
 ## [dashy-1.0.0](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-1.0.0) (2022-11-10)
 ### Chore
 - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - Major Change to GUI
  - update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
  - update helm general non-major ([#4349](https://github.com/truecharts/charts/issues/4349))
  - update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
  ### Fix
 - change container config label
 ## [dashy-0.0.13](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.13) (2022-11-08)
 ### Chore
 - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
  - update helm general non-major ([#4349](https://github.com/truecharts/charts/issues/4349))
  - update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
 ## [dashy-0.0.12](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.12) (2022-11-08)
 ### Chore
 - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
  - update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
 ## [dashy-0.0.12](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.12) (2022-11-08)
 ### Chore
 - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
  - update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
 ## [dashy-0.0.12](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.12) (2022-11-08)
 ### Chore
 - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
  - update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
 ## [dashy-0.0.11](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.11) (2022-11-07)
 ### Chore
 - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
 ## [dashy-0.0.11](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.11) (2022-11-06)
 ### Chore
 - Auto-update chart README [skip ci]
  - update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
 ## [dashy-0.0.10](https://github.com/truecharts/charts/compare/dashy-0.0.9...dashy-0.0.10) (2022-11-06)
 ### Chore
 - Auto-update chart README [skip ci]
  - update helm general non-major ([#4317](https://github.com/truecharts/charts/issues/4317))
 ## [dashy-0.0.9](https://github.com/truecharts/charts/compare/dashy-0.0.8...dashy-0.0.9) (2022-11-05)
 ### Chore
 - Auto-update chart README [skip ci]
  - update helm general non-major ([#4308](https://github.com/truecharts/charts/issues/4308))
 ## [dashy-0.0.8](https://github.com/truecharts/charts/compare/dashy-0.0.7...dashy-0.0.8) (2022-11-02)
 ### Chore
 - Auto-update chart README [skip ci]
  - update helm general non-major ([#4261](https://github.com/truecharts/charts/issues/4261))
 ## [dashy-0.0.7](https://github.com/truecharts/charts/compare/dashy-0.0.6...dashy-0.0.7) (2022-10-25)
 ### Chore
 - Auto-update chart README [skip ci]
  - update helm general non-major ([#4182](https://github.com/truecharts/charts/issues/4182))
 ## [dashy-0.0.6](https://github.com/truecharts/charts/compare/dashy-0.0.5...dashy-0.0.6) (2022-10-19)
 ### Chore
 - Auto-update chart README [skip ci]
  - update helm general non-major ([#4122](https://github.com/truecharts/charts/issues/4122))
 ## [dashy-0.0.5](https://github.com/truecharts/charts/compare/dashy-0.0.4...dashy-0.0.5) (2022-10-12)
 ### Chore
 - Auto-update chart README [skip ci]
  - update helm general non-major ([#4071](https://github.com/truecharts/charts/issues/4071))
 ## [dashy-0.0.4](https://github.com/truecharts/charts/compare/dashy-0.0.3...dashy-0.0.4) (2022-10-07)
 ### Chore
 - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - update helm general non-major
 ## [dashy-0.0.4](https://github.com/truecharts/charts/compare/dashy-0.0.3...dashy-0.0.4) (2022-10-07)
 ### Chore
 - Auto-update chart README [skip ci]
  - update helm general non-major
 ## [dashy-0.0.3](https://github.com/truecharts/charts/compare/dashy-0.0.2...dashy-0.0.3) (2022-10-05)
 ### Chore
 - Auto-update chart README [skip ci]
  - split addons in smaller templates ([#3979](https://github.com/truecharts/charts/issues/3979))
  - update helm general non-major
 ## [dashy-0.0.2](https://github.com/truecharts/charts/compare/dashy-0.0.1...dashy-0.0.2) (2022-09-27)
 ### Chore
 - Auto-update chart README [skip ci]
  - Auto-update chart README [skip ci]
  - update helm general non-major ([#3918](https://github.com/truecharts/charts/issues/3918))
 ## [dashy-0.0.1]dashy-0.0.1 (2022-09-25)
 ### Feat
 - add dashy ([#3887](https://github.com/truecharts/charts/issues/3887))
--- a/helm-charts/dashy/Chart.lock
+++ b/helm-charts/dashy/Chart.lock
@ -0,0 +1,6 @@
 dependencies:
 - name: common
  repository: https://library-charts.truecharts.org
  version: 14.3.5
 digest: sha256:b7cb6511c16fc5f11e4769ebf0c48524b2522a0408b8de14207cdf19109996c6
 generated: "2023-11-08T22:28:31.22683905Z"
--- a/helm-charts/dashy/Chart.yaml
+++ b/helm-charts/dashy/Chart.yaml
@ -0,0 +1,26 @@
 annotations:
  truecharts.org/SCALE-support: "true"
  truecharts.org/category: dashboard
  truecharts.org/grade: U
 apiVersion: v2
 appVersion: 2.1.1
 dependencies:
 - name: common
  repository: https://library-charts.truecharts.org
  version: 14.3.5
 description: Dashy helps you organize your self-hosted services by making them accessible
  from a single place
 home: https://truecharts.org/charts/stable/dashy
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/dashy.png
 keywords:
 - dashboard
 kubeVersion: '>=1.16.0-0'
 maintainers:
 - email: info@truecharts.org
  name: TrueCharts
  url: https://truecharts.org
 name: dashy
 sources:
 - https://github.com/truecharts/charts/tree/master/charts/stable/dashy
 - https://github.com/Lissy93/dashy
 version: 3.0.27
--- a/helm-charts/dashy/README.md
+++ b/helm-charts/dashy/README.md
@ -0,0 +1,27 @@
 # README
 ## General Info
 TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
 However only installations using the TrueNAS SCALE Apps system are supported.
 For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/)
 **This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
 ## Support
 - Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
 - See the [Website](https://truecharts.org)
 - Check our [Discord](https://discord.gg/tVsPTHWTtr)
 - Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
 ---
 ## Sponsor TrueCharts
 TrueCharts can only exist due to the incredible effort of our staff.
 Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
 *All Rights Reserved - The TrueCharts Project*
--- a/helm-charts/dashy/charts/common/.helmignore
+++ b/helm-charts/dashy/charts/common/.helmignore
@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/helm-charts/dashy/charts/common/Chart.yaml
+++ b/helm-charts/dashy/charts/common/Chart.yaml
@ -0,0 +1,17 @@
 apiVersion: v2
 appVersion: latest
 description: Function library for TrueCharts
 home: https://github.com/truecharts/apps/tree/master/charts/common
 icon: https://avatars.githubusercontent.com/u/76400755
 keywords:
 - truecharts
 - library-chart
 - common
 kubeVersion: '>=1.16.0-0'
 maintainers:
 - email: info@truecharts.org
  name: TrueCharts
  url: https://truecharts.org
 name: common
 type: library
 version: 14.3.5
--- a/helm-charts/dashy/charts/common/LICENSE
+++ b/helm-charts/dashy/charts/common/LICENSE
@ -0,0 +1,106 @@
 Business Source License 1.1
 Parameters
 Licensor:             The TrueCharts Project, it's owner and it's contributors
 Licensed Work:        The TrueCharts "Common" Helm Chart
 Additional Use Grant: You may use the licensed work in production, as long
                      as it is directly sourced from a TrueCharts provided
                      official repository, catalog or source. You may also make private
                      modification to the directly sourced licenced work,
                      when used in production.
                      The following cases are, due to their nature, also
                      defined as 'production use' and explicitly prohibited:
                      - Bundling, including or displaying the licensed work
                      with(in) another work intended for production use,
                      with the apparent intend of facilitating and/or
                      promoting production use by third parties in
                      violation of this license.
 Change Date:          2050-01-01
 Change License:       3-clause BSD license
 For information about alternative licensing arrangements for the Software,
 please contact: legal@truecharts.org
 Notice
 The Business Source License (this document, or the “License”) is not an Open
 Source license. However, the Licensed Work will eventually be made available
 under an Open Source License, as stated in this License.
 License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
 “Business Source License” is a trademark of MariaDB Corporation Ab.
 -----------------------------------------------------------------------------
 Business Source License 1.1
 Terms
 The Licensor hereby grants you the right to copy, modify, create derivative
 works, redistribute, and make non-production use of the Licensed Work. The
 Licensor may make an Additional Use Grant, above, permitting limited
 production use.
 Effective on the Change Date, or the fourth anniversary of the first publicly
 available distribution of a specific version of the Licensed Work under this
 License, whichever comes first, the Licensor hereby grants you rights under
 the terms of the Change License, and the rights granted in the paragraph
 above terminate.
 If your use of the Licensed Work does not comply with the requirements
 currently in effect as described in this License, you must purchase a
 commercial license from the Licensor, its affiliated entities, or authorized
 resellers, or you must refrain from using the Licensed Work.
 All copies of the original and modified Licensed Work, and derivative works
 of the Licensed Work, are subject to this License. This License applies
 separately for each version of the Licensed Work and the Change Date may vary
 for each version of the Licensed Work released by Licensor.
 You must conspicuously display this License on each original or modified copy
 of the Licensed Work. If you receive the Licensed Work in original or
 modified form from a third party, the terms and conditions set forth in this
 License apply to your use of that work.
 Any use of the Licensed Work in violation of this License will automatically
 terminate your rights under this License for the current and all other
 versions of the Licensed Work.
 This License does not grant you any right in any trademark or logo of
 Licensor or its affiliates (provided that you may use a trademark or logo of
 Licensor as expressly required by this License).
 TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
 AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
 EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
 TITLE.
 MariaDB hereby grants you permission to use this License’s text to license
 your works, and to refer to it using the trademark “Business Source License”,
 as long as you comply with the Covenants of Licensor below.
 Covenants of Licensor
 In consideration of the right to use this License’s text and the “Business
 Source License” name and trademark, Licensor covenants to MariaDB, and to all
 other recipients of the licensed work to be provided by Licensor:
 1. To specify as the Change License the GPL Version 2.0 or any later version,
   or a license that is compatible with GPL Version 2.0 or a later version,
   where “compatible” means that software provided under the Change License can
   be included in a program with software provided under GPL Version 2.0 or a
   later version. Licensor may specify additional Change Licenses without
   limitation.
 2. To either: (a) specify an additional grant of rights to use that does not
   impose any additional restriction on the right granted in this License, as
   the Additional Use Grant; or (b) insert the text “None”.
 3. To specify a Change Date.
 4. Not to modify this License in any other way.
--- a/helm-charts/dashy/charts/common/README.md
+++ b/helm-charts/dashy/charts/common/README.md
@ -0,0 +1,24 @@
 # Common Library
 ## Naming Scheme
 - ServiceAccount:
  - Primary: `$FullName`
  - Others: `$FullName-$ServiceAccountName`
 - RBAC:
  - Primary: `$FullName`
  - Others: `$FullName-$RBACName`
 - Service:
  - Primary: `$FullName`
  - Others: `$FullName-$ServiceName`
 - Pods:
  - Primary: `$FullName`
  - Others: `$FullName-$PodName`
 - Containers: `$ContainerName`
 - ConfigMap: `$FullName-$ConfigMapName`
 - Secret: `$FullName-$SecretName`
 - Scale Certificate: `$FullName-$CertName`
 - Scale External Interface: `ix-$ReleaseName-$index`
 > Full name -> `$ReleaseName-$ChartName`
 > Any name that exceeds 63 characters, will throw an error
--- a/helm-charts/dashy/charts/common/templates/addons/code-server/_codeserver.tpl
+++ b/helm-charts/dashy/charts/common/templates/addons/code-server/_codeserver.tpl
@ -0,0 +1,53 @@
 {{/*
 Template to render code-server addon
 It will include / inject the required templates based on the given values.
 */}}
 {{- define "tc.v1.common.addon.codeserver" -}}
 {{- $targetSelector := "main" -}}
 {{- if $.Values.addons.codeserver.targetSelector -}}
  {{- $targetSelector = $.Values.addons.codeserver.targetSelector -}}
 {{- end -}}
 {{- if .Values.addons.codeserver.enabled -}}
  {{/* Append the code-server container to the workloads */}}
  {{- $container := include "tc.v1.common.addon.codeserver.container" . | fromYaml -}}
  {{- if $container -}}
    {{- $workload := get $.Values.workload $targetSelector -}}
    {{- $_ := set $workload.podSpec.containers "codeserver" $container -}}
  {{- end -}}
  {{- $hasPrimaryService := false -}}
  {{- range $svcName, $svcValues := .Values.service -}}
    {{- if $svcValues.enabled -}}
      {{- if $svcValues.primary -}}
        {{- $hasPrimaryService = true -}}
      {{- end -}}
    {{- end -}}
  {{- end -}}
  {{/* Add the code-server service */}}
  {{- if .Values.addons.codeserver.service.enabled -}}
    {{- $serviceValues := .Values.addons.codeserver.service -}}
    {{- $_ := set $serviceValues "targetSelector" $targetSelector -}}
    {{- if not $hasPrimaryService -}}
      {{- $_ := set $serviceValues "primary" true -}}
    {{- end -}}
    {{- $_ := set .Values.service "codeserver" $serviceValues -}}
  {{- end -}}
  {{/* Add the code-server ingress */}}
  {{- if .Values.addons.codeserver.ingress.enabled -}}
    {{- $ingressValues := .Values.addons.codeserver.ingress -}}
    {{- $_ := set $ingressValues "nameOverride" "codeserver" -}}
    {{/* Determine the target service name & port */}}
    {{- $svcName := printf "%v-codeserver" (include "tc.v1.common.names.fullname" .) -}}
    {{- $svcPort := .Values.addons.codeserver.service.ports.codeserver.port -}}
    {{- range $_, $host := $ingressValues.hosts -}}
      {{- $_ := set (index $host.paths 0) "service" (dict "name" $svcName "port" $svcPort) -}}
    {{- end -}}
    {{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}}
    {{- include "tc.v1.common.class.ingress" $ -}}
    {{- $_ := unset $ "ObjectValues" -}}
  {{- end -}}
 {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/addons/code-server/_container.tpl
+++ b/helm-charts/dashy/charts/common/templates/addons/code-server/_container.tpl
@ -0,0 +1,46 @@
 {{/*
 The code-server sidecar container to be inserted.
 */}}
 {{- define "tc.v1.common.addon.codeserver.container" -}}
 enabled: true
 probes:
  liveness:
    enabled: true
    port: {{ .Values.addons.codeserver.service.ports.codeserver.port }}
    path: "/"
  readiness:
    enabled: true
    port: {{ .Values.addons.codeserver.service.ports.codeserver.port }}
    path: "/"
  startup:
    enabled: true
    port: {{ .Values.addons.codeserver.service.ports.codeserver.port }}
    path: "/"
 imageSelector: "codeserverImage"
 imagePullPolicy: {{ .Values.codeserverImage.pullPolicy }}
 securityContext:
  runAsUser: 0
  runAsGroup: 0
  runAsNonRoot: false
  readOnlyRootFilesystem: false
 env:
 {{- range $envList := .Values.addons.codeserver.envList -}}
  {{- if and $envList.name $envList.value }}
  {{ $envList.name }}: {{ $envList.value | quote }}
  {{- else }}
    {{- fail "Please specify name/value for codeserver environment variable" -}}
  {{- end -}}
 {{- end -}}
 {{- with .Values.addons.codeserver.env -}}
 {{- range $k, $v := . }}
  {{ $k }}: {{ $v | quote }}
 {{- end -}}
 {{- end }}
 args:
 {{- range .Values.addons.codeserver.args }}
 - {{ . | quote }}
 {{- end }}
 - "--port"
 - "{{ .Values.addons.codeserver.service.ports.codeserver.port }}"
 - {{ .Values.addons.codeserver.workingDir | default "/" }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/addons/netshoot/_container.tpl
+++ b/helm-charts/dashy/charts/common/templates/addons/netshoot/_container.tpl
@ -0,0 +1,44 @@
 {{/*
 The code-server sidecar container to be inserted.
 */}}
 {{- define "tc.v1.common.addon.netshoot.container" -}}
 enabled: true
 command:
  - /bin/sh
  - -c
  - sleep infinity
 probes:
  liveness:
    enabled: false
  readiness:
    enabled: false
  startup:
    enabled: false
 imageSelector: "netshootImage"
 securityContext:
  runAsUser: 0
  runAsGroup: 0
  runAsNonRoot: false
  readOnlyRootFilesystem: false
  capabilities:
    add:
      - NET_ADMIN
      - NET_RAW
 env:
 {{- range $envList := $.Values.addons.netshoot.envList -}}
  {{- if and $envList.name $envList.value }}
  {{ $envList.name }}: {{ $envList.value | quote }}
  {{- else }}
    {{- fail "Please specify name/value for netshoot environment variable" -}}
  {{- end -}}
 {{- end -}}
 {{- with $.Values.addons.netshoot.env -}}
 {{- range $k, $v := . }}
  {{ $k }}: {{ $v | quote }}
 {{- end -}}
 {{- end }}
 args:
 {{- range $.Values.addons.netshoot.args }}
 - {{ . | quote }}
 {{- end }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/addons/netshoot/_netshoot.tpl
+++ b/helm-charts/dashy/charts/common/templates/addons/netshoot/_netshoot.tpl
@ -0,0 +1,15 @@
 {{/*
 Template to render code-server addon
 It will include / inject the required templates based on the given values.
 */}}
 {{- define "tc.v1.common.addon.netshoot" -}}
 {{- $targetSelector := "main" -}}
 {{- if .Values.addons.netshoot.enabled -}}
  {{/* Append the code-server container to the workloads */}}
  {{- $container := include "tc.v1.common.addon.netshoot.container" . | fromYaml -}}
  {{- if $container -}}
    {{- $workload := get $.Values.workload $targetSelector -}}
    {{- $_ := set $workload.podSpec.containers "netshoot" $container -}}
  {{- end -}}
 {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/addons/vpn/_configmap.tpl
+++ b/helm-charts/dashy/charts/common/templates/addons/vpn/_configmap.tpl
@ -0,0 +1,16 @@
 {{/*
 The VPN config and scripts to be included.
 */}}
 {{- define "tc.v1.common.addon.vpn.configmap" -}}
 enabled: true
 data:
 {{- with .Values.addons.vpn.scripts.up }}
  up.sh: |-
    {{- . | nindent 4 }}
 {{- end -}}
 {{- with .Values.addons.vpn.scripts.down }}
  down.sh: |-
    {{- . | nindent 4 }}
 {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/addons/vpn/_gluetunContainer.tpl
+++ b/helm-charts/dashy/charts/common/templates/addons/vpn/_gluetunContainer.tpl
@ -0,0 +1,64 @@
 {{/*
 The gluetun sidecar container to be inserted.
 */}}
 {{- define "tc.v1.common.addon.vpn.gluetun.container" -}}
 enabled: true
 imageSelector: gluetunImage
 probes:
 {{- if $.Values.addons.vpn.livenessProbe }}
  liveness:
  {{- toYaml . | nindent 2 }}
 {{- else }}
  liveness:
    enabled: false
 {{- end }}
  readiness:
    enabled: false
  startup:
    enabled: false
 securityContext:
  runAsUser: 0
  runAsNonRoot: false
  readOnlyRootFilesystem: false
  runAsGroup: 568
  capabilities:
    add:
      - NET_ADMIN
      - NET_RAW
      - MKNOD
      - SYS_MODULE
 env:
  DNS_KEEP_NAMESERVER: "on"
  DOT: "off"
 {{- if $.Values.addons.vpn.killSwitch }}
 {{- $excludednetworks := ( printf "%v,%v" $.Values.chartContext.podCIDR $.Values.chartContext.svcCIDR ) -}}
 {{- range $.Values.addons.vpn.excludedNetworks_IPv4 -}}
  {{- $excludednetworks = ( printf "%v,%v" $excludednetworks . ) -}}
 {{- end }}
 {{- range $.Values.addons.vpn.excludedNetworks_IPv6 -}}
  {{- $excludednetworksv6 = ( printf "%v,%v" $excludednetworks . ) -}}
 {{- end }}
  FIREWALL: "on"
  FIREWALL_OUTBOUND_SUBNETS: {{ $excludednetworks | quote }}
 {{- else }}
  FIREWALL: "off"
 {{- end }}
 {{- with $.Values.addons.vpn.env }}
  {{- . | toYaml | nindent 2 }}
 {{- end -}}
 {{- range $envList := $.Values.addons.vpn.envList -}}
  {{- if and $envList.name $envList.value }}
  {{ $envList.name }}: {{ $envList.value | quote }}
  {{- else -}}
    {{- fail "Please specify name/value for VPN environment variable" -}}
  {{- end -}}
 {{- end -}}
 {{- with $.Values.addons.vpn.args }}
 args:
  {{- . | toYaml | nindent 2 }}
 {{- end }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/addons/vpn/_openvpnContainer.tpl
+++ b/helm-charts/dashy/charts/common/templates/addons/vpn/_openvpnContainer.tpl
@ -0,0 +1,73 @@
 {{/*
 The gluetun sidecar container to be inserted.
 */}}
 {{- define "tc.v1.common.addon.vpn.openvpn.container" -}}
 enabled: true
 imageSelector: openvpnImage
 probes:
 {{- if $.Values.addons.vpn.livenessProbe }}
  liveness:
  {{- toYaml . | nindent 2 }}
 {{- else }}
  liveness:
    enabled: false
 {{- end }}
  readiness:
    enabled: false
  startup:
    enabled: false
 securityContext:
  runAsUser: 0
  runAsGroup: 0
  capabilities:
    add:
      - NET_ADMIN
      - NET_RAW
      - MKNOD
      - SYS_MODULE
 env:
 {{- with $.Values.addons.vpn.env }}
  {{- . | toYaml | nindent 2 }}
 {{- end }}
  {{- if and $.Values.addons.vpn.openvpn.username $.Values.addons.vpn.openvpn.password }}
  VPN_AUTH: {{ (printf "%v;%v" $.Values.addons.vpn.openvpn.username $.Values.addons.vpn.openvpn.password) }}
  {{- end -}}
 {{- if $.Values.addons.vpn.killSwitch }}
 {{- $ipv4list := $.Values.addons.vpn.excludedNetworks_IPv4 }}
 {{- if $.Values.chartContext.podCIDR }}
 {{- $ipv4list = append $ipv4list $.Values.chartContext.podCIDR }}
 {{- end }}
 {{- if $.Values.chartContext.svcCIDR }}
 {{- $ipv4list = append $ipv4list $.Values.chartContext.svcCIDR }}
 {{- end }}
  FIREWALL: "ON"
  {{- range $index, $value := $ipv4list }}
  ROUTE_{{ add $index 1 }}: {{ $value | quote }}
  {{- end }}
 {{- if $.Values.addons.vpn.excludedNetworks_IPv6 }}
  {{- $excludednetworksv6 := "" -}}
  {{- range $.Values.addons.vpn.excludedNetworks_IPv4 -}}
    {{- $excludednetworksv6 = ( printf "%v;%v" $excludednetworksv6 . ) -}}
  {{- end }}
  {{- range $index, $value := $.Values.addons.vpn.excludedNetworks_IPv6 }}
  ROUTE6_{{ add $index 1 }}: {{ $value | quote }}
  {{- end }}
 {{- end }}
 {{- end -}}
 {{- range $envList := $.Values.addons.vpn.envList -}}
  {{- if and $envList.name $envList.value }}
  {{ $envList.name }}: {{ $envList.value | quote }}
  {{- else -}}
    {{- fail "Please specify name/value for VPN environment variable" -}}
  {{- end -}}
 {{- end -}}
 {{- with $.Values.addons.vpn.args }}
 args:
  {{- . | toYaml | nindent 2 }}
 {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/addons/vpn/_secret.tpl
+++ b/helm-charts/dashy/charts/common/templates/addons/vpn/_secret.tpl
@ -0,0 +1,9 @@
 {{/*
 The OpenVPN config secret to be included.
 */}}
 {{- define "tc.v1.common.addon.vpn.secret" -}}
 enabled: true
 data:
  vpn.conf: |-
    {{- .Values.addons.vpn.config | nindent 4 }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/addons/vpn/_tailscaleContainer.tpl
+++ b/helm-charts/dashy/charts/common/templates/addons/vpn/_tailscaleContainer.tpl
@ -0,0 +1,87 @@
 {{/*
 The Tailscale sidecar container to be inserted.
 */}}
 {{- define "tc.v1.common.addon.vpn.tailscale.container" -}}
 enabled: true
 imageSelector: "tailscaleImage"
 probes:
 {{- if $.Values.addons.vpn.livenessProbe }}
  liveness:
  {{- toYaml . | nindent 2 }}
 {{- else }}
  liveness:
    enabled: false
 {{- end }}
  readiness:
    enabled: false
  startup:
    enabled: false
 command:
  - /usr/local/bin/containerboot
 securityContext:
  {{- if $.Values.addons.vpn.tailscale.userspace }}
  runAsUser: 1000
  runAsGroup: 1000
  runAsNonRoot: false
  readOnlyRootFilesystem: true
  {{- else }}
  runAsUser: 0
  runAsGroup: 0
  runAsNonRoot: true
  readOnlyRootFilesystem: false
  {{- end }}
  capabilities:
    add:
      - NET_ADMIN
      - NET_RAW
 {{/*
 Set KUBE_SECRET to empty string to force tailscale
 to use the filesystem for state tracking.
 With secret for state tracking you can't always
 know if the app that uses this sidecard will
 use a custom ServiceAccount and will lead to falure.
 */}}
 env:
  TS_KUBE_SECRET: ""
  TS_SOCKET: /var/run/tailscale/tailscaled.sock
  TS_STATE_DIR: /var/lib/tailscale/state
  TS_AUTH_ONCE: {{ $.Values.addons.vpn.tailscale.auth_once | quote }}
  TS_USERSPACE: {{ $.Values.addons.vpn.tailscale.userspace | quote }}
  TS_ACCEPT_DNS: {{ $.Values.addons.vpn.tailscale.accept_dns | quote }}
  {{- with $.Values.addons.vpn.tailscale.outbound_http_proxy_listen }}
  TS_OUTBOUND_HTTP_PROXY_LISTEN: {{ . }}
  {{- end -}}
  {{- with $.Values.addons.vpn.tailscale.routes }}
  TS_ROUTES: {{ . }}
  {{- end -}}
  {{- with $.Values.addons.vpn.tailscale.dest_ip }}
  TS_DEST_IP: {{ . }}
  {{- end -}}
  {{- with $.Values.addons.vpn.tailscale.sock5_server }}
  TS_SOCKS5_SERVER: {{ . }}
  {{- end -}}
  {{- with $.Values.addons.vpn.tailscale.extra_args }}
  TS_EXTRA_ARGS: {{ . | quote }}
  {{- end -}}
  {{- with $.Values.addons.vpn.tailscale.daemon_extra_args }}
  TS_TAILSCALED_EXTRA_ARGS: {{ . | quote }}
  {{- end -}}
  {{- with $.Values.addons.vpn.tailscale.authkey }}
  TS_AUTH_KEY: {{ . }}
  {{- end }}
 {{- range $envList := $.Values.addons.vpn.envList -}}
  {{- if and $envList.name $envList.value }}
  {{ $envList.name }}: {{ $envList.value | quote }}
  {{- else -}}
    {{- fail "Please specify name/value for VPN environment variable" -}}
  {{- end -}}
 {{- end -}}
 {{- with $.Values.addons.vpn.env -}}
  {{- range $k, $v := . }}
  {{ $k }}: {{ $v | quote }}
  {{- end -}}
 {{- end }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/addons/vpn/_volume.tpl
+++ b/helm-charts/dashy/charts/common/templates/addons/vpn/_volume.tpl
@ -0,0 +1,112 @@
 {{/*
 The volume (referencing VPN scripts) to be inserted into persistence.
 */}}
 {{- define "tc.v1.common.addon.vpn.volume.scripts" -}}
 {{- $basePath := (include "tc.v1.common.addon.vpn.volume.basePath" .) }}
 enabled: true
 type: configmap
 objectName: vpnscripts
 expandObjectName: false
 defaultMode: "0777"
 items:
 {{- if .Values.addons.vpn.scripts.up }}
 - key: up.sh
  path: up.sh
 {{- end -}}
 {{- if .Values.addons.vpn.scripts.down }}
 - key: down.sh
  path: down.sh
 {{- end }}
 targetSelector:
  {{- range .Values.addons.vpn.targetSelector }}
  {{ . }}:
    vpn:
      mountPath: {{ $basePath }}
  {{- end -}}
 {{- end -}}
 {{/*
 The volume (referencing VPN config) to be inserted into persistence.
 */}}
 {{- define "tc.v1.common.addon.vpn.volume.config" -}}
 {{- $basePath := (include "tc.v1.common.addon.vpn.volume.basePath" .) }}
 {{- $mountPath := $basePath }}
 enabled: true
 {{- if or .Values.addons.vpn.config .Values.addons.vpn.existingSecret }}
 type: secret
 defaultMode: "0777"
 items:
  - key: vpn.conf
    path: vpn.conf
 {{- if .Values.addons.vpn.existingSecret }}
 objectName: {{ .Values.addons.vpn.existingSecret }}
 expandObjectName: false
 {{- else }}
 objectName: vpnconfig
 expandObjectName: true
 {{- end -}}
 {{- else }}
 {{- $mountPath = (printf "%s/vpn.conf" $basePath) }}
 type: hostPath
 hostPath: {{ .Values.addons.vpn.configFile | default "/vpn" }}
 hostPathType: "File"
 autoPermissions:
  enabled: true
  chown: true
  user: 568
  group: 568
 {{- end }}
 targetSelector:
  {{- range .Values.addons.vpn.targetSelector }}
  {{ . }}:
    vpn:
      mountPath: {{ $mountPath }}
  {{- end -}}
 {{- end -}}
 {{/*
 The volume (referencing VPN config folder) to be inserted into persistence.
 */}}
 {{- define "tc.v1.common.addon.vpn.volume.folder" -}}
 {{- $basePath := (include "tc.v1.common.addon.vpn.volume.basePath" .) }}
 enabled: true
 type: hostPath
 hostPath: {{ .Values.addons.vpn.configFolder | quote }}
 autoPermissions:
  enabled: true
  chown: true
  user: 568
  group: 568
 targetSelector:
  {{- range .Values.addons.vpn.targetSelector }}
  {{ . }}:
    vpn:
      mountPath: {{ $basePath }}
  {{- end -}}
 {{- end -}}
 {{/*
 The empty tailscale folder
 */}}
 {{- define "tc.v1.common.addon.vpn.volume.tailscale" -}}
 enabled: true
 type: emptyDir
 targetSelector:
  {{- range .Values.addons.vpn.targetSelector }}
  {{ . }}:
    tailscale:
      mountPath: /var/lib/tailscale
  {{- end -}}
 {{- end -}}
 {{- define "tc.v1.common.addon.vpn.volume.basePath" -}}
  {{- $basePath := "/vpn" -}} {{/* Base Path for OVPN */}}
  {{- if eq .Values.addons.vpn.type "wireguard" -}}
    {{- $basePath = "/etc/wireguard" -}} {{/* Base Path for Wireguard */}}
  {{- else if eq .Values.addons.vpn.type "gluetun" -}}
    {{- $basePath = "/gluetun" -}} {{/* Base Path for Gluetun */}}
  {{- end -}}
  {{- $basePath -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/addons/vpn/_vpn.tpl
+++ b/helm-charts/dashy/charts/common/templates/addons/vpn/_vpn.tpl
@ -0,0 +1,94 @@
 {{/*
 Template to render VPN addon
 It will include / inject the required templates based on the given values.
 */}}
 {{- define "tc.v1.common.addon.vpn" -}}
 {{- if ne "disabled" .Values.addons.vpn.type -}}
  {{- if .Values.addons.vpn.config -}}
    {{/* Append the vpn config secret to the secrets */}}
    {{- $secret := include "tc.v1.common.addon.vpn.secret" . | fromYaml -}}
    {{- if $secret -}}
      {{- $_ := set .Values.secret "vpnconfig" $secret -}}
    {{- end -}}
  {{- end }}
  {{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
    {{/* Append the vpn up/down scripts to the configmaps */}}
    {{- $configmap := include "tc.v1.common.addon.vpn.configmap" . | fromYaml -}}
    {{- if $configmap -}}
      {{- $_ := set .Values.configmap "vpnscripts" $configmap -}}
    {{- end -}}
  {{- end }}
  {{- if or .Values.addons.vpn.configFile .Values.addons.vpn.config .Values.addons.vpn.existingSecret -}}
    {{/* Append the vpn config to the persistence */}}
    {{- $configper := include "tc.v1.common.addon.vpn.volume.config" . | fromYaml -}}
    {{- if $configper -}}
      {{- $_ := set .Values.persistence "vpnconfig" $configper -}}
    {{- end -}}
  {{- end -}}
  {{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
    {{/* Append the vpn scripts to the persistence */}}
    {{- $scriptsper := include "tc.v1.common.addon.vpn.volume.scripts" . | fromYaml -}}
    {{- if $scriptsper -}}
      {{- $_ := set .Values.persistence "vpnscripts" $scriptsper -}}
    {{- end -}}
  {{- end -}}
  {{- if .Values.addons.vpn.configFolder -}}
    {{/* Append the vpn folder to the persistence */}}
    {{- $folderper := include "tc.v1.common.addon.vpn.volume.folder" . | fromYaml -}}
    {{- if $folderper -}}
      {{- $_ := set .Values.persistence "vpnfolder" $folderper -}}
    {{- end -}}
  {{- end -}}
  {{/* Ensure target Selector defaults to main pod even if unset */}}
  {{- $targetSelector := list "main" -}}
  {{- if $.Values.addons.codeserver.targetSelector -}}
    {{- $targetSelector = $.Values.addons.codeserver.targetSelector -}}
  {{- end -}}
  {{/* Append the vpn container to the containers */}}
  {{- range $targetSelector -}}
    {{- if eq "gluetun" $.Values.addons.vpn.type -}}
      {{- $container := include "tc.v1.common.addon.vpn.gluetun.container" $ | fromYaml -}}
      {{- if $container -}}
        {{- $workload := get $.Values.workload . -}}
        {{- $_ := set $workload.podSpec.containers "vpn" $container -}}
      {{- end -}}
    {{- else if eq "tailscale" $.Values.addons.vpn.type -}}
      {{/* FIXME: https://github.com/tailscale/tailscale/issues/8188 */}}
      {{- $_ := set $.Values.podOptions "automountServiceAccountToken" true -}}
      {{- $container := include "tc.v1.common.addon.vpn.tailscale.container" $ | fromYaml -}}
      {{- if $container -}}
        {{- $workload := get $.Values.workload . -}}
        {{- $_ := set $workload.podSpec.containers "tailscale" $container -}}
      {{- end -}}
    {{- else if eq "openvpn" $.Values.addons.vpn.type -}}
      {{- $container := include "tc.v1.common.addon.vpn.openvpn.container" $ | fromYaml -}}
      {{- if $container -}}
        {{- $workload := get $.Values.workload . -}}
        {{- $_ := set $workload.podSpec.containers "vpn" $container -}}
      {{- end -}}
    {{- else if eq "wireguard" $.Values.addons.vpn.type -}}
      {{- $container := include "tc.v1.common.addon.vpn.wireguard.container" $ | fromYaml -}}
      {{- if $container -}}
        {{- $workload := get $.Values.workload . -}}
        {{- $_ := set $workload.podSpec.containers "vpn" $container -}}
      {{- end -}}
    {{- end -}}
  {{- end -}}
  {{- if eq "tailscale" $.Values.addons.vpn.type -}}
    {{/* Append the empty tailscale folder to the persistence */}}
    {{- $tailscaledir := include "tc.v1.common.addon.vpn.volume.tailscale" . | fromYaml -}}
    {{- if $tailscaledir -}}
      {{- $_ := set .Values.persistence "tailscalestate" $tailscaledir -}}
    {{- end -}}
  {{- end -}}
 {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/addons/vpn/_wireguardContainer.tpl
+++ b/helm-charts/dashy/charts/common/templates/addons/vpn/_wireguardContainer.tpl
@ -0,0 +1,66 @@
 {{/*
 The gluetun sidecar container to be inserted.
 */}}
 {{- define "tc.v1.common.addon.vpn.wireguard.container" -}}
 enabled: true
 imageSelector: wireguardImage
 probes:
 {{- if $.Values.addons.vpn.livenessProbe }}
  liveness:
  {{- toYaml . | nindent 2 }}
 {{- else }}
  liveness:
    enabled: false
 {{- end }}
  readiness:
    enabled: false
  startup:
    enabled: false
 securityContext:
  runAsUser: 568
  runAsGroup: 568
  readOnlyRootFilesystem: false
  allowPrivilegeEscalation: true
  capabilities:
    add:
      - AUDIT_WRITE
      - NET_ADMIN
      - SETUID
      - SETGID
      - SYS_MODULE
 env:
 {{- with $.Values.addons.vpn.env }}
  {{- . | toYaml | nindent 2 }}
 {{- end }}
  SEPARATOR: ";"
  IPTABLES_BACKEND: "nft"
 {{- if $.Values.addons.vpn.killSwitch }}
  KILLSWITCH: "true"
  {{- $excludednetworksv4 := ( printf "%v;%v" $.Values.chartContext.podCIDR $.Values.chartContext.svcCIDR ) -}}
  {{- range $.Values.addons.vpn.excludedNetworks_IPv4 -}}
    {{- $excludednetworksv4 = ( printf "%v;%v" $excludednetworksv4 . ) -}}
  {{- end }}
  KILLSWITCH_EXCLUDEDNETWORKS_IPV4: {{ $excludednetworksv4 | quote }}
 {{- if $.Values.addons.vpn.excludedNetworks_IPv6 -}}
  {{- $excludednetworksv6 := "" -}}
  {{- range $.Values.addons.vpn.excludedNetworks_IPv4 -}}
    {{- $excludednetworksv6 = ( printf "%v;%v" $excludednetworksv6 . ) -}}
  {{- end }}
  KILLSWITCH_EXCLUDEDNETWORKS_IPV6: {{ $.Values.addons.vpn.excludedNetworks_IPv6 | quote }}
 {{- end -}}
 {{- end -}}
 {{- range $envList := $.Values.addons.vpn.envList -}}
  {{- if and $envList.name $envList.value }}
  {{ $envList.name }}: {{ $envList.value | quote }}
  {{- else -}}
    {{- fail "Please specify name/value for VPN environment variable" -}}
  {{- end -}}
 {{- end -}}
 {{- with $.Values.addons.vpn.args }}
 args:
  {{- . | toYaml | nindent 2 }}
 {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_certificate.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_certificate.tpl
@ -0,0 +1,45 @@
 {{/*
 This template serves as a blueprint for all Cert-Manager Certificate objects that are created
 within the common library.
 */}}
 {{- define "tc.v1.common.class.certificate" -}}
 {{- $root := .root -}}
 {{- $name := .name -}}
 {{- $hosts := .hosts -}}
 {{- $certificateIssuer := .certificateIssuer -}}
 {{- $certificateSecretTemplate := .secretTemplate }}
 ---
 apiVersion: {{ include "tc.v1.common.capabilities.cert-manager.certificate.apiVersion" $ }}
 kind: Certificate
 metadata:
  name: {{ $name }}
  namespace: {{ $root.Values.namespace | default $root.Values.global.namespace | default $root.Release.Namespace }}
 spec:
  secretName: {{ $name }}
  dnsNames:
  {{- range $hosts }}
  - {{ tpl . $root | quote }}
  {{- end }}
  privateKey:
    algorithm: ECDSA
    size: 256
    rotationPolicy: Always
  issuerRef:
    name: {{ tpl $certificateIssuer $root | quote }}
    kind: ClusterIssuer
    group: cert-manager.io
  {{- if $certificateSecretTemplate }}
  secretTemplate:
    {{- $labels := (mustMerge ($certificateSecretTemplate.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $root | fromYaml)) -}}
    {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $root "labels" $labels) | trim) }}
    labels:
      {{- . | nindent 6 }}
    {{- end -}}
    {{- $annotations := (mustMerge ($certificateSecretTemplate.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $root | fromYaml)) -}}
    {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $root "annotations" $annotations) | trim) }}
    annotations:
      {{- . | nindent 6 }}
    {{- end -}}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_cnpgCluster.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_cnpgCluster.tpl
@ -0,0 +1,83 @@
 {{- define "tc.v1.common.class.cnpg.cluster" -}}
  {{- $values := .Values.cnpg -}}
  {{- if hasKey . "ObjectValues" -}}
    {{- with .ObjectValues.cnpg -}}
      {{- $values = . -}}
    {{- end -}}
  {{- end -}}
  {{- $cnpgClusterName := $values.name -}}
  {{- $cnpgClusterLabels := $values.labels -}}
  {{- $cnpgClusterAnnotations := $values.annotations -}}
  {{- $hibernation := "off" -}}
  {{- if or $values.hibernate (include "tc.v1.common.lib.util.stopAll" $) -}}
    {{- $hibernation = "on" -}}
  {{- end }}
 ---
 apiVersion: {{ include "tc.v1.common.capabilities.cnpg.cluster.apiVersion" $ }}
 kind: Cluster
 metadata:
  name: {{ $cnpgClusterName }}
  namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
  {{- $labels := (mustMerge ($cnpgClusterLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) }}
  labels:
    cnpg.io/reload: "on"
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
    {{- . | nindent 4 }}
  {{- end }}
  {{- $annotations := (mustMerge ($cnpgClusterAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }}
  annotations:
    cnpg.io/hibernation: {{ $hibernation | quote }}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
    {{- . | nindent 4 }}
  {{- end }}
 spec:
  instances: {{ $values.instances | default 2 }}
  bootstrap:
    initdb:
      database: {{ $values.database | default "app" }}
      owner: {{ $values.user | default "app" }}
      secret:
        name: {{ $cnpgClusterName }}-user
  primaryUpdateStrategy: {{ $values.primaryUpdateStrategy | default "unsupervised" }}
  storage:
    pvcTemplate:
      {{- with (include "tc.v1.common.lib.storage.storageClassName" ( dict "rootCtx" $ "objectData" $values.storage )) | trim }}
      storageClassName: {{ . }}
      {{- end }}
      accessModes:
        - ReadWriteOnce
      resources:
        requests:
          storage: {{ tpl ($values.storage.walsize | default $.Values.fallbackDefaults.vctSize) $ | quote }}
  walStorage:
    pvcTemplate:
      {{- with (include "tc.v1.common.lib.storage.storageClassName" ( dict "rootCtx" $ "objectData" $values.storage )) | trim }}
      storageClassName: {{ . }}
      {{- end }}
      accessModes:
        - ReadWriteOnce
      resources:
        requests:
          storage: {{ tpl ($values.storage.walsize | default $.Values.fallbackDefaults.vctSize) $ | quote }}
  monitoring:
    enablePodMonitor: {{ $values.monitoring.enablePodMonitor | default true }}
  nodeMaintenanceWindow:
    inProgress: false
    reusePVC: true
  {{- with (include "tc.v1.common.lib.container.resources" (dict "rootCtx" $ "objectData" $values) | trim) }}
  resources:
    {{- . | nindent 4 }}
  {{- end }}
  postgresql:
    {{- tpl ( $values.postgresql | toYaml ) $ | nindent 4 }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_cnpgPooler.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_cnpgPooler.tpl
@ -0,0 +1,35 @@
 {{- define "tc.v1.common.class.cnpg.pooler" -}}
  {{- $values := .Values.cnpg -}}
  {{- if hasKey . "ObjectValues" -}}
    {{- with .ObjectValues.cnpg -}}
      {{- $values = . -}}
    {{- end -}}
  {{- end -}}
  {{- $cnpgClusterName := $values.name -}}
  {{- $cnpgName := $values.cnpgName -}}
  {{- $cnpgPoolerName := $values.poolerName -}}
  {{- $cnpgClusterLabels := $values.labels -}}
  {{- $cnpgClusterAnnotations := $values.annotations -}}
  {{- $instances := $values.pooler.instances | default 2 -}}
  {{- if or $values.hibernate (include "tc.v1.common.lib.util.stopAll" $) -}}
    {{- $instances = 0 -}}
  {{- end }}
 ---
 apiVersion: {{ include "tc.v1.common.capabilities.cnpg.pooler.apiVersion" $ }}
 kind: Pooler
 metadata:
  name: {{ printf "%v-%v" $cnpgClusterName $values.pooler.type }}
  namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
 spec:
  cluster:
    name: {{ $cnpgClusterName }}
  instances: {{ $instances }}
  type: {{ $values.pooler.type }}
  pgbouncer:
    poolMode: session
    parameters:
      max_client_conn: "1000"
      default_pool_size: "10"
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_configmap.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_configmap.tpl
@ -0,0 +1,37 @@
 {{/* Configmap Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.configmap" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData:
  name: The name of the configmap.
  labels: The labels of the configmap.
  annotations: The annotations of the configmap.
  data: The data of the configmap.
  namespace: The namespace of the configmap. (Optional)
 */}}
 {{- define "tc.v1.common.class.configmap" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData }}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ $objectData.name }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Configmap") }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 data:
  {{- tpl (toYaml $objectData.data) $rootCtx | nindent 2 }}
  {{/* This comment is here to add a new line */}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_cronjob.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_cronjob.tpl
@ -0,0 +1,52 @@
 {{/* CronJob Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.cronjob" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The object data to be used to render the CronJob.
 */}}
 {{- define "tc.v1.common.class.cronjob" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- include "tc.v1.common.lib.workload.cronjobValidation" (dict "objectData" $objectData) }}
 ---
 apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: {{ $objectData.name }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "CronJob") }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 spec:
  {{- include "tc.v1.common.lib.workload.cronjobSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
      template:
        metadata:
            {{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
                                      (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
                                      (include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
                                      (include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
            {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
          labels:
            {{- . | nindent 12 }}
            {{- end -}}
            {{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
                                            (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
                                            (include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
                                            (include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
            {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
          annotations:
            {{- . | nindent 12 }}
            {{- end }}
        spec:
          {{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 10 }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_daemonset.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_daemonset.tpl
@ -0,0 +1,55 @@
 {{/* DaemonSet Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.deployment" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The object data to be used to render the DaemonSet.
 */}}
 {{- define "tc.v1.common.class.daemonset" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- include "tc.v1.common.lib.workload.daemonsetValidation" (dict "objectData" $objectData) }}
 ---
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
  name: {{ $objectData.name }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "DaemonSet") }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 spec:
  {{- include "tc.v1.common.lib.workload.daemonsetSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
  selector:
    matchLabels:
      {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | trim | nindent 6 }}
  template:
    metadata:
        {{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
                                  (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
                                  (include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
                                  (include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
        {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
      labels:
        {{- . | nindent 8 }}
        {{- end -}}
        {{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
                                        (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
                                        (include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
                                        (include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
        {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
      annotations:
        {{- . | nindent 8 }}
        {{- end }}
    spec:
      {{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_deployment.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_deployment.tpl
@ -0,0 +1,55 @@
 {{/* Deployment Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.deployment" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The object data to be used to render the Deployment.
 */}}
 {{- define "tc.v1.common.class.deployment" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- include "tc.v1.common.lib.workload.deploymentValidation" (dict "objectData" $objectData) }}
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ $objectData.name }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Deployment") }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 spec:
  {{- include "tc.v1.common.lib.workload.deploymentSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
  selector:
    matchLabels:
      {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | trim | nindent 6 }}
  template:
    metadata:
        {{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
                                  (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
                                  (include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
                                  (include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
        {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
      labels:
        {{- . | nindent 8 }}
        {{- end -}}
        {{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
                                        (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
                                        (include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
                                        (include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
        {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
      annotations:
        {{- . | nindent 8 }}
        {{- end }}
    spec:
      {{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_endpoint.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_endpoint.tpl
@ -0,0 +1,33 @@
 {{/* Endpoint Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.endpoint" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The service data, that will be used to render the Service object.
 */}}
 {{- define "tc.v1.common.class.endpoint" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData }}
 ---
 apiVersion: v1
 kind: Endpoints
 metadata:
  name: {{ $objectData.name }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Endpoint") }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 subsets:
  - addresses:
      {{- include "tc.v1.common.lib.endpoint.addresses" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
    ports:
      {{- include "tc.v1.common.lib.endpoint.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_endpointSlice.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_endpointSlice.tpl
@ -0,0 +1,41 @@
 {{/* EndpointSlice Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.endpointSlice" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The service data, that will be used to render the Service object.
 */}}
 {{- define "tc.v1.common.class.endpointSlice" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- $addressType := $objectData.addressType | default "IPv4" -}}
  {{- if $objectData.addressType -}}
    {{- $addressType = tpl $addressType $rootCtx -}}
  {{- end }}
 ---
 apiVersion: discovery.k8s.io/v1
 kind: EndpointSlice
 metadata:
  name: {{ $objectData.name }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Endpoint Slice") }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
  {{- $_ := set $labels "kubernetes.io/service-name" $objectData.name -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 addressType: {{ $addressType }}
 ports:
 {{- include "tc.v1.common.lib.endpointslice.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
 endpoints:
 {{- include "tc.v1.common.lib.endpointslice.endpoints" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_horizontalPodAutoscaler.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_horizontalPodAutoscaler.tpl
@ -0,0 +1,58 @@
 {{/*
 This template serves as a blueprint for horizontal pod autoscaler objects that are created
 using the common library.
 */}}
 {{- define "tc.v1.common.class.hpa" -}}
  {{- $targetName := include "tc.v1.common.lib.chart.names.fullname" . -}}
  {{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
  {{- $hpaName := $fullName -}}
  {{- $values := .Values.hpa -}}
  {{- if hasKey . "ObjectValues" -}}
    {{- with .ObjectValues.hpa -}}
      {{- $values = . -}}
    {{- end -}}
  {{- end -}}
  {{- $hpaLabels := $values.labels -}}
  {{- $hpaAnnotations := $values.annotations -}}
  {{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
    {{- $hpaName = printf "%v-%v" $hpaName $values.nameOverride -}}
  {{- end }}
 ---
 apiVersion: {{ include "tc.v1.common.capabilities.hpa.apiVersion" $ }}
 kind: HorizontalPodAutoscaler
 metadata:
  name: {{ $hpaName }}
  namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
  {{- $labels := (mustMerge ($hpaLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($hpaAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end -}}
 spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: {{ $values.targetKind | default ( include "tc.v1.common.names.controllerType" . ) }}
    name: {{ $values.target | default $targetName }}
  minReplicas: {{ $values.minReplicas | default 1 }}
  maxReplicas: {{ $values.maxReplicas | default 3 }}
  metrics:
    {{- if $values.targetCPUUtilizationPercentage }}
    - type: Resource
      resource:
        name: cpu
        targetAverageUtilization: {{ $values.targetCPUUtilizationPercentage }}
    {{- end -}}
    {{- if $values.targetMemoryUtilizationPercentage }}
    - type: Resource
      resource:
        name: memory
        targetAverageUtilization: {{ $values.targetMemoryUtilizationPercentage }}
    {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_ingress.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_ingress.tpl
@ -0,0 +1,157 @@
 {{/*
 This template serves as a blueprint for all Ingress objects that are created
 within the common library.
 */}}
 {{- define "tc.v1.common.class.ingress" -}}
  {{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
  {{- $ingressName := $fullName -}}
  {{- $values := .Values.ingress -}}
  {{- if hasKey . "ObjectValues" -}}
    {{- with .ObjectValues.ingress -}}
      {{- $values = . -}}
    {{- end -}}
  {{- end -}}
  {{- $ingressLabels := $values.labels -}}
  {{- $ingressAnnotations := $values.annotations -}}
  {{- $ingressName = $values.name -}}
  {{/* Get the name of the primary service, if any */}}
  {{- $primaryServiceName := (include "tc.v1.common.lib.util.service.primary" (dict "services" .Values.service "root" .)) -}}
  {{/* Get service values of the primary service, if any */}}
  {{- $primaryService := get .Values.service $primaryServiceName -}}
  {{- $defaultServiceName := $fullName -}}
  {{- if and (hasKey $primaryService "nameOverride") $primaryService.nameOverride -}}
    {{- $defaultServiceName = printf "%v-%v" $defaultServiceName $primaryService.nameOverride -}}
  {{- end -}}
  {{- $defaultServicePort := get $primaryService.ports (include "tc.v1.common.lib.util.service.ports.primary" (dict "svcValues" $primaryService "svcName" $primaryServiceName )) -}}
  {{- $mddwrNamespace := "tc-system" -}}
  {{- if $.Values.operator.traefik -}}
    {{- if $.Values.operator.traefik.namespace -}}
      {{- $mddwrNamespace = $.Values.operator.traefik.namespace -}}
    {{- end -}}
  {{- end -}}
  {{- if $values.ingressClassName -}}
    {{- if $.Values.global.ixChartContext -}}
      {{- $mddwrNamespace = (printf "ix-%s" $values.ingressClassName) -}}
    {{- else -}}
      {{- $mddwrNamespace = $values.ingressClassName -}}
    {{- end -}}
  {{- end -}}
  {{- $fixedMiddlewares := "" -}}
  {{- if $values.enableFixedMiddlewares -}}
    {{/* If cors is enabled, replace the default fixedMiddleware with the opencors chain */}}
    {{- if $values.allowCors -}}
      {{- $corsMiddlewares := list "tc-opencors-chain" }}
      {{- $_ := set $values "fixedMiddlewares" $corsMiddlewares -}}
    {{- end -}}
    {{- range $index, $fixedMiddleware := $values.fixedMiddlewares -}}
        {{- if $index -}}
          {{- $fixedMiddlewares = ( printf "%v, %v-%v@%v" $fixedMiddlewares $mddwrNamespace $fixedMiddleware "kubernetescrd" ) -}}
        {{- else -}}
          {{- $fixedMiddlewares = ( printf "%v-%v@%v" $mddwrNamespace $fixedMiddleware "kubernetescrd" ) -}}
        {{- end -}}
    {{- end -}}
  {{- end -}}
  {{- $middlewares := "" -}}
  {{- range $index, $middleware := $values.middlewares -}}
      {{- if $index -}}
        {{- $middlewares = ( printf "%v, %v-%v@%v" $middlewares $mddwrNamespace $middleware "kubernetescrd" ) -}}
      {{- else -}}
        {{- $middlewares = ( printf "%v-%v@%v" $mddwrNamespace $middleware "kubernetescrd" ) -}}
      {{- end -}}
  {{ end }}
  {{- if and ( $fixedMiddlewares ) ( $middlewares ) -}}
    {{- $middlewares = ( printf "%v, %v" $fixedMiddlewares $middlewares ) -}}
  {{- else if $fixedMiddlewares -}}
    {{- $middlewares = ( printf "%s" $fixedMiddlewares ) -}}
  {{- end }}
 ---
 apiVersion: {{ include "tc.v1.common.capabilities.ingress.apiVersion" $ }}
 kind: Ingress
 metadata:
  name: {{ $ingressName }}
  namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
  {{- $labels := (mustMerge ($ingressLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($ingressAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }}
  annotations:
  {{- with $values.certificateIssuer }}
    cert-manager.io/cluster-issuer: {{ tpl ( toYaml . ) $ }}
    cert-manager.io/private-key-rotation-policy: Always
  {{- end }}
    "traefik.ingress.kubernetes.io/router.entrypoints": {{ $values.entrypoint | default "websecure" }}
    "traefik.ingress.kubernetes.io/router.middlewares": {{ $middlewares | quote }}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
    {{- . | nindent 4 }}
  {{- end }}
 spec:
  {{- if $values.ingressClassName }}
  ingressClassName: {{ $values.ingressClassName }}
  {{- end -}}
  {{- if $values.certificateIssuer }}
  tls:
    {{- range $index, $hostsValues := $values.hosts }}
    - hosts:
      - {{ tpl $hostsValues.host $ | quote }}
      secretName: {{ ( printf "%v-%v-%v" $ingressName "tls" $index ) }}
    {{- end -}}
  {{- else if $values.tls }}
  tls:
    {{- range $index, $tlsValues :=  $values.tls }}
    {{- $tlsName := ( printf "%v-%v" "tls" $index ) }}
    - hosts:
        {{- range $tlsValues.hosts }}
        - {{ tpl . $ | quote }}
        {{- end -}}
      {{- if $tlsValues.certificateIssuer }}
      secretName: {{ printf "%v-%v" $ingressName $tlsName }}
      {{- else if  and ($tlsValues.scaleCert) ($.Values.global.ixChartContext) -}}
        {{- $cert := dict }}
        {{- $_ := set $cert "id" $tlsValues.scaleCert }}
        {{- $_ := set $cert "nameOverride" $tlsName }}
      secretName: {{ printf "%s-tls-%v" (include "tc.v1.common.lib.chart.names.fullname" $) $index }}
      {{- else if .clusterCertificate }}
      secretName: clusterissuer-templated-{{ tpl .clusterCertificate $ }}
      {{- else if .secretName }}
      secretName: {{ tpl .secretName $ | quote }}
      {{- end -}}
    {{- end -}}
  {{- end }}
  rules:
  {{- range $values.hosts }}
    - host: {{ tpl .host $ | quote }}
      http:
        paths:
          {{- range .paths -}}
            {{- $service := $defaultServiceName -}}
            {{- $port := $defaultServicePort.port -}}
            {{- if .service -}}
              {{- $service = default $service .service.name -}}
              {{- $port = default $port .service.port -}}
            {{- end }}
          - path: {{ tpl .path $ | quote }}
            pathType: {{ default "Prefix" .pathType }}
            backend:
              service:
                name: {{ $service }}
                port:
                  number: {{ $port }}
          {{- end -}}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_job.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_job.tpl
@ -0,0 +1,52 @@
 {{/* Job Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.job" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The object data to be used to render the Job.
 */}}
 {{- define "tc.v1.common.class.job" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- include "tc.v1.common.lib.workload.jobValidation" (dict "objectData" $objectData) }}
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: {{ $objectData.name }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Job") }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 spec:
  {{- include "tc.v1.common.lib.workload.jobSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
  template:
    metadata:
        {{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
                                  (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
                                  (include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
                                  (include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
        {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
      labels:
        {{- . | nindent 8 }}
        {{- end -}}
        {{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
                                        (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
                                        (include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
                                        (include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
        {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
      annotations:
        {{- . | nindent 8 }}
        {{- end }}
    spec:
      {{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_mutatingWebhookConfiguration.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_mutatingWebhookConfiguration.tpl
@ -0,0 +1,38 @@
 {{/* MutatingWebhookConfiguration Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.mutatingWebhookConfiguration" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData:
  name: The name of the MutatingWebhookConfiguration.
  labels: The labels of the MutatingWebhookConfiguration.
  annotations: The annotations of the MutatingWebhookConfiguration.
  data: The data of the MutatingWebhookConfiguration.
  namespace: The namespace of the MutatingWebhookConfiguration. (Optional)
 */}}
 {{- define "tc.v1.common.class.mutatingWebhookConfiguration" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData }}
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
  name: {{ $objectData.name }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Webhook") }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 webhooks:
  {{- range $webhook := $objectData.webhooks -}}
    {{- include "tc.v1.common.lib.webhook" (dict "webhook" $webhook "rootCtx" $rootCtx) | trim | nindent 4 }}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_networkAttachmentDefinition.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_networkAttachmentDefinition.tpl
@ -0,0 +1,35 @@
 {{/* Network Attachment Definition Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.networkAttachmentDefinition" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData:
  name: The name of the Network Attachment Definition.
  labels: The labels of the Network Attachment Definition.
  annotations: The annotations of the Network Attachment Definition.
  config: The config of the interface
 */}}
 {{- define "tc.v1.common.class.networkAttachmentDefinition" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData }}
 ---
 apiVersion: k8s.cni.cncf.io/v1
 kind: NetworkAttachmentDefinition
 metadata:
  name: {{ $objectData.name }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Network Attachment Definition") }}
  {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml) | default dict -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml) | default dict -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 spec:
  config: {{ $objectData.config | squote }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_networkPolicy.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_networkPolicy.tpl
@ -0,0 +1,185 @@
 {{/*
 Blueprint for the NetworkPolicy object
 */}}
 {{- define "tc.v1.common.class.networkpolicy" -}}
  {{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
  {{- $networkPolicyName := $fullName -}}
  {{- $values := .Values.networkPolicy -}}
  {{- if hasKey . "ObjectValues" -}}
    {{- with .ObjectValues.networkPolicy -}}
      {{- $values = . -}}
    {{- end -}}
  {{- end -}}
  {{- $networkpolicyLabels := $values.labels -}}
  {{- $networkpolicyAnnotations := $values.annotations -}}
  {{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
    {{- $networkPolicyName = printf "%v-%v" $networkPolicyName $values.nameOverride -}}
  {{- end }}
 ---
 kind: NetworkPolicy
 apiVersion: {{ include "tc.v1.common.capabilities.networkpolicy.apiVersion" $ }}
 metadata:
  name: {{ $networkPolicyName }}
  namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
  {{- $labels := (mustMerge ($networkpolicyLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($networkpolicyAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 spec:
  podSelector:
  {{- if $values.podSelector }}
  {{- tpl (toYaml $values.podSelector) $ | nindent 4 }}
  {{- else if $values.targetSelector }}
    {{- $objectData := dict "targetSelector" $values.targetSelector }}
    {{- $selectedPod := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $ "objectData" $objectData)) }}
    {{- $selectedPodName := $selectedPod.shortName }}
    matchLabels:
      {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "pod" "objectName" $selectedPodName) | indent 8 }}
  {{- else }}
    matchLabels:
      {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "" "objectName" "") | indent 8 }}
  {{- end }}
  {{- if $values.policyType }}
  {{- if eq $values.policyType "ingress" }}
  policyTypes: ["Ingress"]
  {{- else if eq $values.policyType "egress" }}
  policyTypes: ["Egress"]
  {{- else if eq $values.policyType "ingress-egress" }}
  policyTypes: ["Ingress", "Egress"]
  {{- end -}}
  {{- end -}}
  {{- if $values.egress }}
  egress:
  {{- range $values.egress }}
  - to:
    {{- range .to -}}
    {{- $nss := false -}}
    {{- $ipb := false -}}
      {{- if .ipBlock -}}
      {{- if .ipBlock.cidr -}}
      {{- $ipb = true }}
    - ipBlock:
        cidr: {{ .ipBlock.cidr }}
      {{- if .ipBlock.except }}
        except:
        {{- range .ipBlock.except }}
        - {{ . }}
        {{- end -}}
      {{- end -}}
      {{- end -}}
      {{- end -}}
      {{- if and ( .namespaceSelector ) ( not $ipb ) -}}
      {{- if or ( .namespaceSelector.matchLabels ) ( .namespaceSelector.matchExpressions ) -}}
      {{- $nss = true }}
    - namespaceSelector:
        {{- if .namespaceSelector.matchLabels }}
         matchLabels:
          {{- .namespaceSelector.matchLabels | toYaml | nindent 12 }}
        {{- end -}}
        {{- if .namespaceSelector.matchExpressions }}
         matchExpressions:
          {{- .namespaceSelector.matchExpressions | toYaml | nindent 12 }}
        {{- end -}}
      {{- end -}}
      {{- end -}}
      {{- if and ( .podSelector ) ( not $ipb ) -}}
      {{- if or ( .podSelector.matchLabels ) ( .podSelector.matchExpressions ) -}}
      {{- if $nss }}
      podSelector:
      {{- else }}
    - podSelector:
      {{- end -}}
        {{- if .podSelector.matchLabels }}
         matchLabels:
          {{- .podSelector.matchLabels | toYaml | nindent 12 }}
        {{- end -}}
        {{- if .podSelector.matchExpressions }}
         matchExpressions:
          {{- .podSelector.matchExpressions | toYaml | nindent 12 }}
        {{- end -}}
      {{- end -}}
      {{- end -}}
    {{- end -}}
  {{- with .ports }}
    ports:
    {{- . | toYaml | nindent 6 }}
  {{- end -}}
  {{- end -}}
  {{- end -}}
  {{- if $values.ingress }}
  ingress:
  {{- range $values.ingress }}
  - from:
    {{- range .from -}}
    {{- $nss := false -}}
    {{- $ipb := false -}}
      {{- if .ipBlock -}}
      {{- if .ipBlock.cidr -}}
      {{- $ipb = true }}
    - ipBlock:
        cidr: {{ .ipBlock.cidr }}
      {{- if .ipBlock.except }}
        except:
        {{- range .ipBlock.except }}
        - {{ . }}
        {{- end -}}
      {{- end -}}
      {{- end -}}
      {{- end -}}
      {{- if and ( .namespaceSelector ) ( not $ipb ) -}}
      {{- if or ( .namespaceSelector.matchLabels ) ( .namespaceSelector.matchExpressions ) -}}
      {{- $nss = true }}
    - namespaceSelector:
        {{- if .namespaceSelector.matchLabels }}
         matchLabels:
          {{- .namespaceSelector.matchLabels | toYaml | nindent 12 }}
        {{- end -}}
        {{- if .namespaceSelector.matchExpressions }}
         matchExpressions:
          {{- .namespaceSelector.matchExpressions | toYaml | nindent 12 }}
        {{- end -}}
      {{- end -}}
      {{- end -}}
      {{- if and ( .podSelector ) ( not $ipb ) -}}
      {{- if or ( .podSelector.matchLabels ) ( .podSelector.matchExpressions ) -}}
      {{- if $nss }}
      podSelector:
      {{- else }}
    - podSelector:
      {{- end }}
        {{- if .podSelector.matchLabels }}
         matchLabels:
          {{- .podSelector.matchLabels | toYaml | nindent 12 }}
        {{- end -}}
        {{- if .podSelector.matchExpressions }}
         matchExpressions:
          {{- .podSelector.matchExpressions | toYaml | nindent 12 }}
        {{- end -}}
      {{- end -}}
      {{- end -}}
    {{- end -}}
  {{- with .ports }}
    ports:
    {{- . | toYaml | nindent 6 }}
  {{- end -}}
  {{- end -}}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_podDisruptionBudget.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_podDisruptionBudget.tpl
@ -0,0 +1,54 @@
 {{/* poddisruptionbudget Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.podDisruptionBudget" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData:
  name: The name of the podDisruptionBudget.
  labels: The labels of the podDisruptionBudget.
  annotations: The annotations of the podDisruptionBudget.
  data: The data of the podDisruptionBudget.
  namespace: The namespace of the podDisruptionBudget. (Optional)
 */}}
 {{- define "tc.v1.common.class.podDisruptionBudget" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData }}
 ---
 apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
  name: {{ $objectData.name }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Pod Disruption Budget") }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 data:
  selector:
    matchLabels:
    {{- if $objectData.customLabels -}}
      {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $objectData.customLabels) | trim) }}
        {{- . | nindent 6 }}
      {{- end -}}
    {{- else -}}
      {{- $selectedPod := fromJson (include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Pod Disruption Budget")) }}
      {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $selectedPod.shortName) | nindent 6 }}
    {{- end -}}
  {{- if hasKey $objectData "minAvailable" }}
  minAvailable: {{ tpl (toString $objectData.minAvailable) $rootCtx }}
  {{- end -}}
  {{- if hasKey $objectData "maxUnavailable" }}
  maxUnavailable: {{ tpl (toString $objectData.maxUnavailable) $rootCtx }}
  {{- end -}}
  {{- with $objectData.unhealthyPodEvictionPolicy }}
  unhealthyPodEvictionPolicy: {{ tpl . $rootCtx }}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_podMonitor.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_podMonitor.tpl
@ -0,0 +1,47 @@
 {{- define "tc.v1.common.class.podmonitor" -}}
  {{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
  {{- $podmonitorName := $fullName -}}
  {{- $values := .Values.podmonitor -}}
  {{- if hasKey . "ObjectValues" -}}
    {{- with .ObjectValues.metrics -}}
      {{- $values = . -}}
    {{- end -}}
  {{- end -}}
  {{- $podmonitorLabels := $values.labels -}}
  {{- $podmonitorAnnotations := $values.annotations -}}
  {{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
    {{- $podmonitorName = printf "%v-%v" $podmonitorName $values.nameOverride -}}
  {{- end }}
 ---
 apiVersion: {{ include "tc.v1.common.capabilities.podmonitor.apiVersion" $ }}
 kind: PodMonitor
 metadata:
  name: {{ $podmonitorName }}
  namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
  {{- $labels := (mustMerge ($podmonitorLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end }}
  {{- $annotations := (mustMerge ($podmonitorAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 spec:
  jobLabel: app.kubernetes.io/name
  selector:
    {{- if $values.selector }}
    {{- tpl (toYaml $values.selector) $ | nindent 4 }}
    {{- else }}
    {{- $objectData := dict "targetSelector" $values.targetSelector }}
    {{- $selectedPod := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $ "objectData" $objectData)) }}
    {{- $selectedPodName := $selectedPod.shortName }}
    matchLabels:
      {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "pod" "objectName" $selectedPodName) | indent 6 }}
    {{- end }}
  podMetricsEndpoints:
    {{- tpl (toYaml $values.endpoints) $ | nindent 4 }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_prometheusRule.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_prometheusRule.tpl
@ -0,0 +1,55 @@
 {{- define "tc.v1.common.class.prometheusrule" -}}
  {{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
  {{- $prometheusruleName := $fullName -}}
  {{- $values := .Values.prometheusrule -}}
  {{- if hasKey . "ObjectValues" -}}
    {{- with .ObjectValues.metrics -}}
      {{- $values = . -}}
    {{- end -}}
  {{- end -}}
  {{- $prometheusruleLabels := $values.labels -}}
  {{- $prometheusruleAnnotations := $values.annotations -}}
  {{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
    {{- $prometheusruleName = printf "%v-%v" $prometheusruleName $values.nameOverride -}}
  {{- end }}
 ---
 apiVersion: {{ include "tc.v1.common.capabilities.prometheusrule.apiVersion" $ }}
 kind: PrometheusRule
 metadata:
  name: {{ $prometheusruleName }}
  namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
  {{- $labels := (mustMerge ($prometheusruleLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end }}
  {{- $annotations := (mustMerge ($prometheusruleAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 spec:
  groups:
    {{- range $name, $groupValues := .groups }}
    - name: {{ $prometheusruleName }}-{{ $name }}
      rules:
        {{- with $groupValues.rules }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        {{- with $groupValues.additionalrules }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
    {{- end }}
    {{- range $id, $groupValues := .additionalgroups }}
    - name: {{ $prometheusruleName }}-{{ if $groupValues.name }}{{ $groupValues.name }}{{ else }}{{ $id }}{{ end }}
      rules:
        {{- with $groupValues.rules }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        {{- with $groupValues.additionalrules }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
    {{- end }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_pvc.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_pvc.tpl
@ -0,0 +1,57 @@
 {{/* PVC Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.pvc" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData:
  name: The name of the PVC.
  labels: The labels of the PVC.
  annotations: The annotations of the PVC.
 */}}
 {{- define "tc.v1.common.class.pvc" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- $pvcRetain := $rootCtx.Values.fallbackDefaults.pvcRetain -}}
  {{- if (kindIs "bool" $objectData.retain) -}}
    {{- $pvcRetain = $objectData.retain -}}
  {{- end -}}
  {{- $pvcSize := $rootCtx.Values.fallbackDefaults.pvcSize -}}
  {{- with $objectData.size -}}
    {{- $pvcSize = tpl . $rootCtx -}}
  {{- end }}
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: {{ $objectData.name }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Persistent Volume Claim") }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- if $pvcRetain -}}
    {{- $_ := set $annotations "\"helm.sh/resource-policy\"" "keep" -}}
  {{- end -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 spec:
  accessModes:
    {{- include "tc.v1.common.lib.pvc.accessModes" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "PVC") | trim | nindent 4 }}
  resources:
    requests:
      storage: {{ $pvcSize }}
  {{- with $objectData.volumeName }}
  volumeName: {{ tpl . $rootCtx }}
  {{- end -}}
  {{- with (include "tc.v1.common.lib.storage.storageClassName" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "PVC") | trim) }}
  storageClassName: {{ . }}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_rbac.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_rbac.tpl
@ -0,0 +1,64 @@
 {{/* RBAC Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.rbac" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData:
  name: The name of the rbac.
  labels: The labels of the rbac.
  annotations: The annotations of the rbac.
  clusterWide: Whether the rbac is cluster wide or not.
  rules: The rules of the rbac.
  subjects: The subjects of the rbac.
 */}}
 {{- define "tc.v1.common.class.rbac" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: {{ ternary "ClusterRole" "Role" $objectData.clusterWide }}
 metadata:
  name: {{ $objectData.name }}
  {{- if not $objectData.clusterWide }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "RBAC") }}
  {{- end }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 rules:
  {{- include "tc.v1.common.lib.rbac.rules" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: {{ ternary "ClusterRoleBinding" "RoleBinding" $objectData.clusterWide }}
 metadata:
  name: {{ $objectData.name }}
  {{- if not $objectData.clusterWide }}
  namespace: {{ $rootCtx.Release.Namespace }}
  {{- end }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: {{ ternary "ClusterRole" "Role" $objectData.clusterWide }}
  name: {{ $objectData.name }}
 subjects:
  {{- include "tc.v1.common.lib.rbac.serviceAccount" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
  {{- include "tc.v1.common.lib.rbac.subjects" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_route.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_route.tpl
@ -0,0 +1,87 @@
 {{/*
 This template serves as a blueprint for all Route objects that are created
 within the common library.
 */}}
 {{- define "tc.v1.common.class.route" -}}
 {{- $values := .Values.route -}}
 {{- if hasKey . "ObjectValues" -}}
  {{- with .ObjectValues.route -}}
    {{- $values = . -}}
  {{- end -}}
 {{- end -}}
  {{- $routeLabels := $values.labels -}}
  {{- $routeAnnotations := $values.annotations -}}
 {{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
 {{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
  {{- $fullName = printf "%v-%v" $fullName $values.nameOverride -}}
 {{- end -}}
 {{- $routeKind := $values.kind | default "HTTPRoute" -}}
 {{/* Get the name of the primary service, if any */}}
 {{- $primaryServiceName := (include "tc.v1.common.lib.util.service.primary" (dict "services" .Values.service "root" .)) -}}
 {{/* Get service values of the primary service, if any */}}
 {{- $primaryService := get .Values.service $primaryServiceName -}}
 {{- $defaultServiceName := $fullName -}}
 {{- if and (hasKey $primaryService "nameOverride") $primaryService.nameOverride -}}
  {{- $defaultServiceName = printf "%v-%v" $defaultServiceName $primaryService.nameOverride -}}
 {{- end -}}
 {{- $defaultServicePort := get $primaryService.ports (include "tc.v1.common.lib.util.service.ports.primary" (dict "svcValues" $primaryService "svcName" $primaryServiceName )) }}
 ---
 apiVersion: gateway.networking.k8s.io/v1alpha2
 {{- if and (ne $routeKind "GRPCRoute") (ne $routeKind "HTTPRoute") (ne $routeKind "TCPRoute") (ne $routeKind "TLSRoute") (ne $routeKind "UDPRoute") -}}
  {{- fail (printf "Not a valid route kind (%s)" $routeKind) -}}
 {{- end }}
 kind: {{ $routeKind }}
 metadata:
  name: {{ $fullName }}
  namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
  {{- $labels := (mustMerge ($routeLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($routeAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }}
  annotations:
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
    {{- . | nindent 4 }}
  {{- end }}
 spec:
  parentRefs:
  {{- range $values.parentRefs }}
    - group: {{ default "gateway.networking.k8s.io" .group }}
      kind: {{ default "Gateway" .kind }}
      name: {{ required (printf "parentRef name is required for %v %v" $routeKind $fullName) .name }}
      namespace: {{ required (printf "parentRef namespace is required for %v %v" $routeKind $fullName) .namespace }}
      {{- if .sectionName }}
      sectionName: {{ .sectionName | quote }}
      {{- end }}
  {{- end }}
  {{- if and (ne $routeKind "TCPRoute") (ne $routeKind "UDPRoute") $values.hostnames }}
  hostnames:
  {{- with $values.hostnames }}
    {{- toYaml . | nindent 4 }}
  {{- end }}
  {{- end }}
  rules:
  {{- range $values.rules }}
  - backendRefs:
    {{- range .backendRefs }}
    - group: {{ default "" .group | quote}}
      kind: {{ default "Service" .kind }}
      name: {{ default $defaultServiceName .name }}
      namespace: {{ default $.Release.Namespace .namespace }}
      port: {{ default $defaultServicePort.port .port }}
      weight: {{ default 1 .weight }}
    {{- end }}
    {{- if (eq $routeKind "HTTPRoute") }}
      {{- with .matches }}
    matches:
        {{- toYaml . | nindent 6 }}
      {{- end }}
    {{- end }}
  {{- end }}
 {{- end }}
--- a/helm-charts/dashy/charts/common/templates/class/_secret.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_secret.tpl
@ -0,0 +1,58 @@
 {{/* Secret Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.secret" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData:
  name: The name of the secret.
  labels: The labels of the secret.
  annotations: The annotations of the secret.
  type: The type of the secret.
  data: The data of the secret.
  namespace: The namespace of the secret. (Optional)
 */}}
 {{- define "tc.v1.common.class.secret" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- $secretType := "Opaque" -}}
  {{- if eq $objectData.type "certificate" -}}
    {{- $secretType = "kubernetes.io/tls" -}}
  {{- else if eq $objectData.type "imagePullSecret" -}}
    {{- $secretType = "kubernetes.io/dockerconfigjson" -}}
  {{- else if $objectData.type -}}
    {{- $secretType = $objectData.type -}}
  {{- end }}
 ---
 apiVersion: v1
 kind: Secret
 type: {{ $secretType }}
 metadata:
  name: {{ $objectData.name }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Secret") }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- if (mustHas $objectData.type (list "certificate" "imagePullSecret")) }}
 data:
    {{- if eq $objectData.type "certificate" }}
  tls.crt: {{ $objectData.data.certificate | trim | b64enc }}
  tls.key: {{ $objectData.data.privatekey | trim | b64enc }}
    {{- else if eq $objectData.type "imagePullSecret" }}
  .dockerconfigjson: {{ $objectData.data | trim | b64enc }}
    {{- end -}}
  {{- else }}
 stringData:
    {{- tpl (toYaml $objectData.data) $rootCtx | nindent 2 }}
    {{/* This comment is here to add a new line */}}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_service.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_service.tpl
@ -0,0 +1,115 @@
 {{/* Service Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.service" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The service data, that will be used to render the Service object.
 */}}
 {{- define "tc.v1.common.class.service" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- $svcType := $objectData.type | default $rootCtx.Values.fallbackDefaults.serviceType -}}
  {{/* Init variables */}}
  {{- $hasHTTPSPort := false -}}
  {{- $hasHostPort := false -}}
  {{- $hostNetwork := false -}}
  {{- $podValues := dict -}}
  {{- range $portName, $port := $objectData.ports -}}
    {{- if $port.enabled -}}
      {{- if eq (tpl ($port.protocol | default "") $rootCtx) "https" -}}
        {{- $hasHTTPSPort = true -}}
      {{- end -}}
      {{- if and (hasKey $port "hostPort") $port.hostPort -}}
        {{- $hasHostPort = true -}}
      {{- end -}}
    {{- end -}}
  {{- end -}}
  {{- $specialTypes := (list "ExternalName" "ExternalIP") -}}
  {{/* External Name / External IP does not rely on any pod values */}}
  {{- if not (mustHas $svcType $specialTypes) -}}
    {{/* Get Pod Values based on the selector (or the absence of it) */}}
    {{- $podValues = fromJson (include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service")) -}}
    {{- if $podValues -}}
      {{/* Get Pod hostNetwork configuration */}}
      {{- $hostNetwork = include "tc.v1.common.lib.pod.hostNetwork" (dict "rootCtx" $rootCtx "objectData" $podValues) -}}
      {{/* When hostNetwork is set on the pod, force ClusterIP, so services wont try to bind the same ports on the host */}}
      {{- if or (and (kindIs "bool" $hostNetwork) $hostNetwork) (and (kindIs "string" $hostNetwork) (eq $hostNetwork "true")) -}}
        {{- $svcType = "ClusterIP" -}}
      {{- end -}}
    {{- end -}}
    {{/* When hostPort is defined, force ClusterIP aswell */}}
    {{- if $hasHostPort -}}
      {{- $svcType = "ClusterIP" -}}
    {{- end -}}
  {{- end -}}
  {{- $_ := set $objectData "type" $svcType  }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ $objectData.name }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service") }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
                            (include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "service" "objectName" $objectData.shortName) | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- if eq $objectData.type "LoadBalancer" -}}
    {{- include "tc.v1.common.lib.service.metalLBAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData "annotations" $annotations) -}}
  {{- end -}}
  {{- if $hasHTTPSPort -}}
    {{- include "tc.v1.common.lib.service.traefikAnnotations" (dict "rootCtx" $rootCtx "annotations" $annotations) -}}
  {{- end -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 spec:
  {{- if eq $objectData.type "ClusterIP" -}}
    {{- include "tc.v1.common.lib.service.spec.clusterIP" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
  {{- else if eq $objectData.type "LoadBalancer" -}}
    {{- include "tc.v1.common.lib.service.spec.loadBalancer" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
  {{- else if eq $objectData.type "NodePort" -}}
    {{- include "tc.v1.common.lib.service.spec.nodePort" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
  {{- else if eq $objectData.type "ExternalName" -}}
    {{- include "tc.v1.common.lib.service.spec.externalName" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
  {{- else if eq $objectData.type "ExternalIP" -}}
    {{- include "tc.v1.common.lib.service.spec.externalIP" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
  {{- end -}}
  {{- with (include "tc.v1.common.lib.service.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
  ports:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- if not (mustHas $objectData.type $specialTypes) }}
  selector:
    {{- if $objectData.selectorLabels }}
    {{- tpl ( toYaml $objectData.selectorLabels) $rootCtx | nindent 4 }}
    {{- else }}
    {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $podValues.shortName) | trim | nindent 4 -}}
    {{- end }}
  {{- end -}}
  {{- if eq $objectData.type "ExternalIP" -}}
    {{- $useSlice := true -}}
    {{- if kindIs "bool" $objectData.useSlice -}}
      {{- $useSlice = $objectData.useSlice -}}
    {{- end -}}
    {{- if $useSlice -}}
      {{- include "tc.v1.common.class.endpointSlice" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }}
    {{- else -}}
      {{- include "tc.v1.common.class.endpoint" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }}
    {{- end -}}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_serviceAccount.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_serviceAccount.tpl
@ -0,0 +1,34 @@
 {{/* Service Account Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.serviceAccount" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData:
  name: The name of the serviceAccount.
  labels: The labels of the serviceAccount.
  annotations: The annotations of the serviceAccount.
  autoMountToken: Whether to mount the ServiceAccount token or not.
 */}}
 {{- define "tc.v1.common.class.serviceAccount" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData }}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ $objectData.name }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service Account") }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 automountServiceAccountToken: {{ $objectData.automountServiceAccountToken | default false }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_serviceMonitor.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_serviceMonitor.tpl
@ -0,0 +1,47 @@
 {{- define "tc.v1.common.class.servicemonitor" -}}
  {{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
  {{- $servicemonitorName := $fullName -}}
  {{- $values := .Values.servicemonitor -}}
  {{- if hasKey . "ObjectValues" -}}
    {{- with .ObjectValues.metrics -}}
      {{- $values = . -}}
    {{- end -}}
  {{- end -}}
  {{- $servicemonitorLabels := $values.labels -}}
  {{- $servicemonitorAnnotations := $values.annotations -}}
  {{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
    {{- $servicemonitorName = printf "%v-%v" $servicemonitorName $values.nameOverride -}}
  {{- end }}
 ---
 apiVersion: {{ include "tc.v1.common.capabilities.servicemonitor.apiVersion" $ }}
 kind: ServiceMonitor
 metadata:
  name: {{ $servicemonitorName }}
  namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
  {{- $labels := (mustMerge ($servicemonitorLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end }}
  {{- $annotations := (mustMerge ($servicemonitorAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 spec:
  jobLabel: app.kubernetes.io/name
  selector:
    {{- if $values.selector }}
    {{- tpl (toYaml $values.selector) $ | nindent 4 }}
    {{- else }}
    {{- $objectData := dict "targetSelector" $values.targetSelector }}
    {{- $selectedService := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedServiceValues" (dict "rootCtx" $ "objectData" $objectData)) }}
    {{- $selectedServiceName := $selectedService.shortName }}
    matchLabels:
      {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "service" "objectName" $selectedServiceName) | indent 6 }}
    {{- end }}
  endpoints:
    {{- tpl (toYaml $values.endpoints) $ | nindent 4 }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_statefulset.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_statefulset.tpl
@ -0,0 +1,59 @@
 {{/* StatefulSet Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.deployment" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The object data to be used to render the StatefulSet.
 */}}
 {{- define "tc.v1.common.class.statefulset" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- include "tc.v1.common.lib.workload.statefulsetValidation" (dict "objectData" $objectData) }}
 ---
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
  name: {{ $objectData.name }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "StatefulSet") }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 spec:
  {{- include "tc.v1.common.lib.workload.statefulsetSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
  selector:
    matchLabels:
      {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | trim | nindent 6 }}
  template:
    metadata:
        {{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
                                  (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
                                  (include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
                                  (include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
        {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
      labels:
        {{- . | nindent 8 }}
        {{- end -}}
        {{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
                                        (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
                                        (include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
                                        (include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
        {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
      annotations:
        {{- . | nindent 8 }}
        {{- end }}
    spec:
      {{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
  {{- with (include "tc.v1.common.lib.storage.volumeClaimTemplates" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
  volumeClaimTemplates:
    {{- . | nindent 4 }}
  {{- end }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/class/_validatingWebhookConfiguration.tpl
+++ b/helm-charts/dashy/charts/common/templates/class/_validatingWebhookConfiguration.tpl
@ -0,0 +1,38 @@
 {{/* ValidatingWebhookconfiguration Class */}}
 {{/* Call this template:
 {{ include "tc.v1.common.class.validatingWebhookconfiguration" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData:
  name: The name of the validatingWebhookconfiguration.
  labels: The labels of the validatingWebhookconfiguration.
  annotations: The annotations of the validatingWebhookconfiguration.
  data: The data of the validatingWebhookconfiguration.
  namespace: The namespace of the validatingWebhookconfiguration. (Optional)
 */}}
 {{- define "tc.v1.common.class.validatingWebhookconfiguration" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData }}
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
  name: {{ $objectData.name }}
  namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Webhook") }}
  {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
  labels:
    {{- . | nindent 4 }}
  {{- end -}}
  {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
  annotations:
    {{- . | nindent 4 }}
  {{- end }}
 webhooks:
  {{- range $webhook := $objectData.webhooks -}}
    {{- include "tc.v1.common.lib.webhook" (dict "webhook" $webhook "rootCtx" $rootCtx) | trim | nindent 4 }}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/helpers/_envDupeCheck.tpl
+++ b/helm-charts/dashy/charts/common/templates/helpers/_envDupeCheck.tpl
@ -0,0 +1,23 @@
 {{/* Check Env for Duplicates */}}
 {{/* Call this template:
 {{ include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $ "objectData" $objectData "source" $source "key" $key) }}
 rootCtx: The root context of the chart.
 objectData: The object data to be used to render the container.
 */}}
 {{- define "tc.v1.common.helper.container.envDupeCheck" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- $source := .source -}}
  {{- $type := .type -}}
  {{- $key := .key -}}
  {{- $dupeEnv := (get $objectData.envDupe $key) -}}
  {{- if $dupeEnv -}}
    {{- fail (printf "Container - Environment Variable [%s] in [%s] tried to override the Environment Variable that is already defined in [%s]" $key $source $dupeEnv.source) -}}
  {{- end -}}
  {{- $_ := set $objectData.envDupe $key (dict "source" $source) -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/helpers/_getPortRange.tpl
+++ b/helm-charts/dashy/charts/common/templates/helpers/_getPortRange.tpl
@ -0,0 +1,59 @@
 {{/* Returns Lowest and Highest ports assigned to the any container in the pod */}}
 {{/* Call this template:
 {{ include "tc.v1.common.lib.helpers.securityContext.getPortRange" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The object data to be used to render the Pod.
 */}}
 {{- define "tc.v1.common.lib.helpers.securityContext.getPortRange" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{ $portRange := (dict "high" 0 "low" 0) }}
  {{- range $name, $service := $rootCtx.Values.service -}}
    {{- $selected := false -}}
    {{/* If service is enabled... */}}
    {{- if $service.enabled -}}
      {{/* If there is a selector */}}
      {{- if $service.targetSelector -}}
        {{/* And pod is selected */}}
        {{- if eq $service.targetSelector $objectData.shortName -}}
          {{- $selected = true -}}
        {{- end -}}
      {{- else -}}
        {{/* If no selector is defined but pod is primary */}}
        {{- if $objectData.primary -}}
          {{- $selected = true -}}
        {{- end -}}
      {{- end -}}
    {{- end -}}
    {{- if $selected -}}
      {{- range $name, $portValues := $service.ports -}}
        {{- if $portValues.enabled -}}
          {{- $portToCheck := ($portValues.targetPort | default $portValues.port) -}}
          {{- if kindIs "string" $portToCheck -}}
            {{- $portToCheck = (tpl $portToCheck $rootCtx) | int -}}
          {{- end -}}
          {{- if or (not $portRange.low) (lt ($portToCheck | int) ($portRange.low | int)) -}}
            {{- $_ := set $portRange "low" $portToCheck -}}
          {{- end -}}
          {{- if or (not $portRange.high) (gt ($portToCheck | int) ($portRange.high | int)) -}}
            {{- $_ := set $portRange "high" $portToCheck -}}
          {{- end -}}
        {{- end -}}
      {{- end -}}
    {{- end -}}
  {{- end -}}
  {{- $portRange | toJson -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/helpers/_getSelectedPod.tpl
+++ b/helm-charts/dashy/charts/common/templates/helpers/_getSelectedPod.tpl
@ -0,0 +1,47 @@
 {{/* Service - Get Selected Pod */}}
 {{/* Call this template:
 {{ include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
 objectData: The object data of the service
 rootCtx: The root context of the chart.
 */}}
 {{- define "tc.v1.common.lib.helpers.getSelectedPodValues" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- $caller := .caller -}}
  {{- $podValues := dict -}}
  {{- with $objectData.targetSelector -}}
    {{- $podValues = mustDeepCopy (get $rootCtx.Values.workload .) -}}
    {{- if not $podValues -}}
      {{- fail (printf "%s - Selected pod [%s] is not defined" $caller .) -}}
    {{- end -}}
    {{- if not $podValues.enabled -}}
      {{- fail (printf "%s - Selected pod [%s] is not enabled" $caller .) -}}
    {{- end -}}
    {{/* While we know the shortName from targetSelector, let's set it explicitly
    So service can reference this directly, to match the behaviour of a service
    without targetSelector defined (assumes "use primary") */}}
    {{- $_ := set $podValues "shortName" . -}}
  {{- else -}}
    {{/* If no targetSelector is defined, we assume the service is using the primary pod */}}
    {{/* Also no need to check for multiple primaries here, it's already done on the workload validation */}}
    {{- range $podName, $pod := $rootCtx.Values.workload -}}
      {{- if $pod.enabled -}}
        {{- if $pod.primary -}}
          {{- $podValues = mustDeepCopy $pod -}}
          {{/* Set the shortName so service can use this on selector */}}
          {{- $_ := set $podValues "shortName" $podName -}}
        {{- end -}}
      {{- end -}}
    {{- end -}}
  {{- end -}}
  {{/* Return values in Json, to preserve types */}}
  {{ $podValues | toJson }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/helpers/_getSelectedService.tpl
+++ b/helm-charts/dashy/charts/common/templates/helpers/_getSelectedService.tpl
@ -0,0 +1,47 @@
 {{/* Service - Get Selected Service */}}
 {{/* Call this template:
 {{ include "tc.v1.common.lib.helpers.getSelectedServiceValues" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
 objectData: The object data of the service
 rootCtx: The root context of the chart.
 */}}
 {{- define "tc.v1.common.lib.helpers.getSelectedServiceValues" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- $caller := .caller -}}
  {{- $serviceValues := dict -}}
  {{- with $objectData.targetSelector -}}
    {{- $serviceValues = mustDeepCopy (get $rootCtx.Values.service .) -}}
    {{- if not $serviceValues -}}
      {{- fail (printf "%s - Selected service [%s] is not defined" $caller .) -}}
    {{- end -}}
    {{- if not $serviceValues.enabled -}}
      {{- fail (printf "%s - Selected service [%s] is not enabled" $caller .) -}}
    {{- end -}}
    {{/* While we know the shortName from targetSelector, let's set it explicitly
    So service can reference this directly, to match the behaviour of a service
    without targetSelector defined (assumes "use primary") */}}
    {{- $_ := set $serviceValues "shortName" . -}}
  {{- else -}}
    {{/* If no targetSelector is defined, we assume the service is using the primary service */}}
    {{/* Also no need to check for multiple primaries here, it's already done on the service validation */}}
    {{- range $serviceName, $service := $rootCtx.Values.service -}}
      {{- if $service.enabled -}}
        {{- if $service.primary -}}
          {{- $serviceValues = mustDeepCopy $service -}}
          {{/* Set the shortName so service can use this on selector */}}
          {{- $_ := set $serviceValues "shortName" $serviceName -}}
        {{- end -}}
      {{- end -}}
    {{- end -}}
  {{- end -}}
  {{/* Return values in Json, to preserve types */}}
  {{ $serviceValues | toJson }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/helpers/_makeIntOrNoop.tpl
+++ b/helm-charts/dashy/charts/common/templates/helpers/_makeIntOrNoop.tpl
@ -0,0 +1,21 @@
 {{- define "tc.v1.common.helper.makeIntOrNoop" -}}
  {{- $value := . -}}
  {{/*
      - Ints in Helm can be either int, int64 or float64.
      - Values that start with zero should not be converted
        to int again as this will strip leading zeros.
      - Numbers converted to E notation by Helm will
        always contain the "e" character. So we only
        convert those.
  */}}
  {{- if and
      (mustHas (kindOf $value) (list "int" "int64" "float64"))
      (not (hasPrefix "0" ($value | toString)))
      (contains "e" ($value | toString | lower))
  -}}
    {{- $value | int -}}
  {{- else -}}
    {{- $value -}}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/_tc_capabilities.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/_tc_capabilities.tpl
@ -0,0 +1,44 @@
 {{/* Return the appropriate apiVersion for PodMonitor */}}
 {{- define "tc.v1.common.capabilities.podmonitor.apiVersion" -}}
  {{- print "monitoring.coreos.com/v1" -}}
 {{- end -}}
 {{/* Return the appropriate apiVersion for ServiceMonitor */}}
 {{- define "tc.v1.common.capabilities.servicemonitor.apiVersion" -}}
  {{- print "monitoring.coreos.com/v1" -}}
 {{- end -}}
 {{/* Return the appropriate apiVersion for PrometheusRule */}}
 {{- define "tc.v1.common.capabilities.prometheusrule.apiVersion" -}}
  {{- print "monitoring.coreos.com/v1" -}}
 {{- end -}}
 {{/* Return the appropriate apiVersion for Ingress */}}
 {{- define "tc.v1.common.capabilities.ingress.apiVersion" -}}
  {{- print "networking.k8s.io/v1" -}}
 {{- end -}}
 {{/* Return the appropriate apiVersion for NetworkPolicy*/}}
 {{- define "tc.v1.common.capabilities.networkpolicy.apiVersion" -}}
  {{- print "networking.k8s.io/v1" -}}
 {{- end -}}
 {{/* Return the appropriate apiVersion for HorizontalPodAutoscaler aka HPA*/}}
 {{- define "tc.v1.common.capabilities.hpa.apiVersion" -}}
  {{- print "autoscaling/v2" -}}
 {{- end -}}
 {{/* Return the appropriate apiVersion for Cert-Manager certificates */}}
 {{- define "tc.v1.common.capabilities.cert-manager.certificate.apiVersion" -}}
  {{- print "cert-manager.io/v1" -}}
 {{- end -}}
 {{/* Return the appropriate apiVersion for Cert-Manager certificates */}}
 {{- define "tc.v1.common.capabilities.cnpg.cluster.apiVersion" -}}
  {{- print "postgresql.cnpg.io/v1" -}}
 {{- end -}}
 {{/* Return the appropriate apiVersion for Cert-Manager certificates */}}
 {{- define "tc.v1.common.capabilities.cnpg.pooler.apiVersion" -}}
  {{- print "postgresql.cnpg.io/v1" -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/chart/_names.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/chart/_names.tpl
@ -0,0 +1,52 @@
 {{/* Contains functions for generating names */}}
 {{/* Returns the name of the Chart */}}
 {{- define "tc.v1.common.lib.chart.names.name" -}}
  {{- .Chart.Name | lower | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/* Returns the fullname of the Chart */}}
 {{- define "tc.v1.common.lib.chart.names.fullname" -}}
  {{- $name := include "tc.v1.common.lib.chart.names.name" . -}}
  {{- if contains $name .Release.Name -}}
    {{- $name = .Release.Name -}}
  {{- else -}}
    {{- $name = printf "%s-%s" .Release.Name $name -}}
  {{- end -}}
  {{- $name | lower | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/* Returns the fqdn of the Chart */}}
 {{- define "tc.v1.common.lib.chart.names.fqdn" -}}
  {{- printf "%s.%s" (include "tc.v1.common.lib.chart.names.name" .) .Release.Namespace | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/* Validates names */}}
 {{- define "tc.v1.common.lib.chart.names.validation" -}}
  {{- $name := .name -}}
  {{- $length := .length -}}
  {{- if not $length -}}
    {{- $length = 63 -}}
  {{- end -}}
  {{- if not (and (mustRegexMatch "^[a-z0-9]((-?[a-z0-9]-?)*[a-z0-9])?$" $name) (le (len $name) $length)) -}}
    {{- fail (printf "Name [%s] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most %v characters." $name $length) -}}
  {{- end -}}
 {{- end -}}
 {{/* Create chart name and version as used by the chart label */}}
 {{- define "tc.v1.common.lib.chart.names.chart" -}}
  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/chart/_notes.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/chart/_notes.tpl
@ -0,0 +1,21 @@
 {{- define "tc.v1.common.lib.chart.notes" -}}
  {{- include "tc.v1.common.lib.chart.header" . -}}
  {{- include "tc.v1.common.lib.chart.custom" . -}}
  {{- include "tc.v1.common.lib.chart.footer" . -}}
 {{- end -}}
 {{- define "tc.v1.common.lib.chart.header" -}}
  {{- tpl $.Values.notes.header $ | nindent 0 }}
 {{- end -}}
 {{- define "tc.v1.common.lib.chart.custom" -}}
  {{- tpl $.Values.notes.custom $ | nindent 0 }}
 {{- end -}}
 {{- define "tc.v1.common.lib.chart.footer" -}}
  {{- tpl $.Values.notes.footer $ | nindent 0 }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/cnpg/_poolerMetrics.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/cnpg/_poolerMetrics.tpl
@ -0,0 +1,9 @@
 {{- define "tc.v1.common.lib.cnpg.metrics.pooler" -}}
 enabled: true
 type: "podmonitor"
 selector:
  matchLabels:
    cnpg.io/poolerName: {{ .poolerName }}
 endpoints:
 - port: metrics
 {{- end }}
--- a/helm-charts/dashy/charts/common/templates/lib/cnpg/_urlsSecret.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/cnpg/_urlsSecret.tpl
@ -0,0 +1,14 @@
 {{- define "tc.v1.common.lib.cnpg.secret.urls" -}}
 {{- $std := .std }}
 {{- $nossl := .nossl }}
 {{- $porthost := .porthost }}
 {{- $host := .host }}
 {{- $jdbc := .jdbc }}
 enabled: true
 data:
  std: {{ $std }}
  nossl: {{ $nossl }}
  porthost: {{ $porthost }}
  host: {{ $host }}
  jdbc: {{ $jdbc }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/cnpg/_userSecret.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/cnpg/_userSecret.tpl
@ -0,0 +1,9 @@
 {{- define "tc.v1.common.lib.cnpg.secret.user" -}}
 {{- $dbPass := .dbPass }}
 {{- $values := .values -}}
 enabled: true
 type: kubernetes.io/basic-auth
 data:
  username: {{ $values.user }}
  password: {{ $dbPass }}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/configmap/_validation.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/configmap/_validation.tpl
@ -0,0 +1,21 @@
 {{/* Configmap Validation */}}
 {{/* Call this template:
 {{ include "tc.v1.common.lib.configmap.validation" (dict "objectData" $objectData) -}}
 objectData:
  labels: The labels of the configmap.
  annotations: The annotations of the configmap.
  data: The data of the configmap.
 */}}
 {{- define "tc.v1.common.lib.configmap.validation" -}}
  {{- $objectData := .objectData -}}
  {{- if not $objectData.data -}}
    {{- fail "ConfigMap - Expected non-empty <data>" -}}
  {{- end -}}
  {{- if not (kindIs "map" $objectData.data) -}}
    {{- fail (printf "ConfigMap - Expected <data> to be a dictionary, but got [%v]" (kindOf $objectData.data)) -}}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/container/_args.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/container/_args.tpl
@ -0,0 +1,22 @@
 {{/* Returns args list */}}
 {{/* Call this template:
 {{ include "tc.v1.common.lib.container.args" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The object data to be used to render the container.
 */}}
 {{- define "tc.v1.common.lib.container.args" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- range $key := (list "args" "extraArgs") -}}
    {{- with (get $objectData $key) -}}
      {{- if kindIs "string" . }}
 - {{ tpl . $rootCtx | quote }}
      {{- else if kindIs "slice" . -}}
        {{- range $arg := . }}
 - {{ tpl $arg $rootCtx | quote }}
        {{- end -}}
      {{- end -}}
    {{- end -}}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/container/_command.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/container/_command.tpl
@ -0,0 +1,18 @@
 {{/* Returns command list */}}
 {{/* Call this template:
 {{ include "tc.v1.common.lib.container.command" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The object data to be used to render the container.
 */}}
 {{- define "tc.v1.common.lib.container.command" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- if kindIs "string" $objectData.command }}
 - {{ tpl $objectData.command $rootCtx | quote }}
  {{- else if kindIs "slice" $objectData.command -}}
    {{- range $objectData.command }}
 - {{ tpl . $rootCtx | quote }}
    {{- end -}}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/container/_env.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/container/_env.tpl
@ -0,0 +1,108 @@
 {{/* Returns Env */}}
 {{/* Call this template:
 {{ include "tc.v1.common.lib.container.env" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The object data to be used to render the container.
 */}}
 {{- define "tc.v1.common.lib.container.env" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- range $k, $v := $objectData.env -}}
    {{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "env" "key" $k) }}
 - name: {{ $k | quote }}
    {{- if not (kindIs "map" $v) -}}
      {{- $value := "" -}}
      {{- if not (kindIs "invalid" $v) -}} {{/* Only tpl non-empty values */}}
        {{- $value = $v -}}
        {{- if kindIs "string" $v -}}
          {{- $value = tpl $v $rootCtx -}}
        {{- end -}}
      {{- end }}
  value: {{ include "tc.v1.common.helper.makeIntOrNoop" $value | quote }}
    {{- else if kindIs "map" $v }}
  valueFrom:
      {{- $refs := (list "configMapKeyRef" "secretKeyRef" "fieldRef") -}}
      {{- if or (ne (len ($v | keys)) 1) (not (mustHas ($v | keys | first) $refs)) -}}
        {{- fail (printf "Container - Expected <env> with a ref to have one of [%s], but got [%s]" (join ", " $refs) (join ", " ($v | keys | sortAlpha))) -}}
      {{- end -}}
      {{- $name := "" -}}
      {{- range $key := (list "configMapKeyRef" "secretKeyRef") -}}
        {{- if hasKey $v $key }}
    {{ $key }}:
          {{- $obj := get $v $key -}}
          {{- if not $obj.name -}}
            {{- fail (printf "Container - Expected non-empty <env.%s.name>" $key) -}}
          {{- end -}}
          {{- if not $obj.key -}}
            {{- fail (printf "Container - Expected non-empty <env.%s.key>" $key) -}}
          {{- end }}
      key: {{ $obj.key | quote }}
          {{- $name = tpl $obj.name $rootCtx -}}
          {{- $expandName := true -}}
          {{- if (hasKey $obj "expandObjectName") -}}
            {{- if not (kindIs "invalid" $obj.expandObjectName) -}}
              {{- $expandName = $obj.expandObjectName -}}
            {{- else -}}
              {{- fail (printf "Container - Expected the defined key [expandObjectName] in <env.%s> to not be empty" $k) -}}
            {{- end -}}
          {{- end -}}
          {{- if kindIs "string" $expandName -}}
            {{- $expandName = tpl $expandName $rootCtx -}}
            {{/* After tpl it becomes a string, not a bool */}}
            {{-  if eq $expandName "true" -}}
              {{- $expandName = true -}}
            {{- else if eq $expandName "false" -}}
              {{- $expandName = false -}}
            {{- end -}}
          {{- end -}}
          {{- if $expandName -}}
            {{- $item := ($key | trimSuffix "KeyRef" | lower) -}}
            {{- $data := (get $rootCtx.Values $item) -}}
            {{- $data = (get $data $name) -}}
            {{- if not $data -}}
              {{- fail (printf "Container - Expected in <env> the referenced %s [%s] to be defined" (camelcase $item) $name) -}}
            {{- end -}}
            {{- $found := false -}}
            {{- range $k, $v := $data.data -}}
              {{- if eq $k $obj.key -}}
                {{- $found = true -}}
              {{- end -}}
            {{- end -}}
            {{- if not $found -}}
              {{- fail (printf "Container - Expected in <env> the referenced key [%s] in %s [%s] to be defined" $obj.key (camelcase $item) $name) -}}
            {{- end -}}
            {{- $name = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $name) -}}
          {{- end }}
      name: {{ $name | quote }}
        {{- end -}}
      {{- end -}}
      {{- if hasKey $v "fieldRef" }}
    fieldRef:
        {{- if not $v.fieldRef.fieldPath -}}
          {{- fail "Container - Expected non-empty <env.fieldRef.fieldPath>" -}}
        {{- end }}
      fieldPath: {{ $v.fieldRef.fieldPath | quote }}
        {{- if $v.fieldRef.apiVersion }}
      apiVersion: {{ $v.fieldRef.apiVersion | quote }}
        {{- end -}}
      {{- end -}}
    {{- end -}}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/container/_envFrom.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/container/_envFrom.tpl
@ -0,0 +1,74 @@
 {{/* Returns Env From */}}
 {{/* Call this template:
 {{ include "tc.v1.common.lib.container.envFrom" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The object data to be used to render the container.
 */}}
 {{- define "tc.v1.common.lib.container.envFrom" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- $refs := (list "configMapRef" "secretRef") -}}
  {{- range $envFrom := $objectData.envFrom -}}
    {{- if and (not $envFrom.secretRef) (not $envFrom.configMapRef) -}}
      {{- fail (printf "Container - Expected <envFrom> entry to have one of [%s]" (join ", " $refs)) -}}
    {{- end -}}
    {{- if and $envFrom.secretRef $envFrom.configMapRef -}}
      {{- fail (printf "Container - Expected <envFrom> entry to have only one of [%s], but got both" (join ", " $refs)) -}}
    {{- end -}}
    {{- range $ref := $refs -}}
      {{- with (get $envFrom $ref) -}}
        {{- if not .name -}}
          {{- fail (printf "Container - Expected non-empty <envFrom.%s.name>" $ref) -}}
        {{- end -}}
        {{- $objectName := tpl .name $rootCtx -}}
        {{- $expandName := true -}}
        {{- if (hasKey . "expandObjectName") -}}
          {{- if not (kindIs "invalid" .expandObjectName) -}}
            {{- $expandName = .expandObjectName -}}
          {{- else -}}
            {{- fail (printf "Container - Expected the defined key [expandObjectName] in <envFrom.%s> to not be empty" $ref) -}}
          {{- end -}}
        {{- end -}}
        {{- if kindIs "string" $expandName -}}
          {{- $expandName = tpl $expandName $rootCtx -}}
          {{/* After tpl it becomes a string, not a bool */}}
          {{-  if eq $expandName "true" -}}
            {{- $expandName = true -}}
          {{- else if eq $expandName "false" -}}
            {{- $expandName = false -}}
          {{- end -}}
        {{- end -}}
        {{- if $expandName -}}
          {{- $object := dict -}}
          {{- $source := "" -}}
          {{- if eq $ref "configMapRef" -}}
            {{- $object = (get $rootCtx.Values.configmap $objectName) -}}
            {{- $source = "ConfigMap" -}}
          {{- else if eq $ref "secretRef" -}}
            {{- $object = (get $rootCtx.Values.secret $objectName) -}}
            {{- $source = "Secret" -}}
          {{- end -}}
            {{- if not $object -}}
              {{- fail (printf "Container - Expected %s [%s] defined in <envFrom> to exist" $source $objectName) -}}
            {{- end -}}
          {{- range $k, $v := $object.data -}}
            {{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" (printf "%s - %s" $source $objectName) "key" $k) -}}
          {{- end -}}
          {{- $objectName = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $objectName) -}}
        {{- end }}
 - {{ $ref }}:
    name: {{ $objectName | quote }}
      {{- end -}}
    {{- end -}}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/container/_envList.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/container/_envList.tpl
@ -0,0 +1,23 @@
 {{/* Returns Env List */}}
 {{/* Call this template:
 {{ include "tc.v1.common.lib.container.envList" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The object data to be used to render the container.
 */}}
 {{- define "tc.v1.common.lib.container.envList" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- range $env := $objectData.envList -}}
    {{- if not $env.name -}}
      {{- fail "Container - Expected non-empty <envList.name>" -}}
    {{- end -}} {{/* Empty value is valid */}}
    {{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "envList" "key" $env.name) -}}
    {{- $value := $env.value -}}
    {{- if kindIs "string" $env.value -}}
      {{- $value = tpl $env.value $rootCtx -}}
    {{- end }}
 - name: {{ $env.name | quote }}
  value: {{ include "tc.v1.common.helper.makeIntOrNoop" $value | quote }}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/container/_fixedEnv.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/container/_fixedEnv.tpl
@ -0,0 +1,75 @@
 {{/* Returns Fixed Env */}}
 {{/* Call this template:
 {{ include "tc.v1.common.lib.container.fixedEnv" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The object data to be used to render the container.
 */}}
 {{- define "tc.v1.common.lib.container.fixedEnv" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{/* Avoid nil pointers */}}
  {{- if not (hasKey $objectData "fixedEnv") -}}
    {{- $_ := set $objectData "fixedEnv" dict -}}
  {{- end -}}
  {{- $nvidiaCaps := $rootCtx.Values.containerOptions.NVIDIA_CAPS -}}
  {{- if $objectData.fixedEnv.NVIDIA_CAPS -}}
    {{- $nvidiaCaps = $objectData.fixedEnv.NVIDIA_CAPS -}}
  {{- end -}}
  {{- if not (deepEqual $nvidiaCaps (mustUniq $nvidiaCaps)) -}}
    {{- fail (printf "Container - Expected <fixedEnv.NVIDIA_CAPS> to have only unique values, but got [%s]" (join ", " $nvidiaCaps)) -}}
  {{- end -}}
  {{- $caps := (list "all" "compute" "utility" "graphics" "video") -}}
  {{- range $cap := $nvidiaCaps -}}
    {{- if not (mustHas $cap $caps) -}}
      {{- fail (printf "Container - Expected <fixedEnv.NVIDIA_CAPS> entry to be one of [%s], but got [%s]" (join ", " $caps) $cap) -}}
    {{- end -}}
  {{- end -}}
  {{- $secContext := fromJson (include "tc.v1.common.lib.container.securityContext.calculate" (dict "rootCtx" $rootCtx "objectData" $objectData)) -}}
  {{- $fixed := list -}}
  {{- $TZ := $objectData.fixedEnv.TZ | default $rootCtx.Values.TZ -}}
  {{- $UMASK := $objectData.fixedEnv.UMASK | default $rootCtx.Values.securityContext.container.UMASK -}}
  {{- $PUID := $objectData.fixedEnv.PUID | default $rootCtx.Values.securityContext.container.PUID -}}
  {{- if and (not (kindIs "invalid" $objectData.fixedEnv.PUID)) (eq (int $objectData.fixedEnv.PUID) 0) -}}
    {{- $PUID = $objectData.fixedEnv.PUID -}}
  {{- end -}}
  {{/* calculatedFSGroup is passed from the pod */}}
  {{- $PGID := $objectData.calculatedFSGroup -}}
  {{- $fixed = mustAppend $fixed (dict "k" "TZ" "v" $TZ) -}}
  {{- $fixed = mustAppend $fixed (dict "k" "UMASK" "v" $UMASK) -}}
  {{- $fixed = mustAppend $fixed (dict "k" "UMASK_SET" "v" $UMASK) -}}
  {{/* TODO: Offer gpu section in resources for native helm and adjust this include, then we can remove the "if inside ixChartContext" */}}
  {{- if eq (include "tc.v1.common.lib.container.resources.gpu" (dict "rootCtx" $rootCtx "objectData" $objectData "returnBool" true)) "true" -}}
    {{- $fixed = mustAppend $fixed (dict "k" "NVIDIA_DRIVER_CAPABILITIES" "v" (join "," $nvidiaCaps)) -}}
  {{- else -}} {{/* Only when in SCALE */}}
    {{- if hasKey $rootCtx.Values.global "ixChartContext" -}}
      {{- $fixed = mustAppend $fixed (dict "k" "NVIDIA_VISIBLE_DEVICES" "v" "void") -}}
    {{- end -}}
  {{- end -}}
  {{/* If running as root and PUID is set (0 or greater), set related envs */}}
  {{- if and (or (eq (int $secContext.runAsUser) 0) (eq (int $secContext.runAsGroup) 0)) (ge (int $PUID) 0) -}}
    {{- $fixed = mustAppend $fixed (dict "k" "PUID" "v" $PUID) -}}
    {{- $fixed = mustAppend $fixed (dict "k" "USER_ID" "v" $PUID) -}}
    {{- $fixed = mustAppend $fixed (dict "k" "UID" "v" $PUID) -}}
    {{- $fixed = mustAppend $fixed (dict "k" "PGID" "v" $PGID) -}}
    {{- $fixed = mustAppend $fixed (dict "k" "GROUP_ID" "v" $PGID) -}}
    {{- $fixed = mustAppend $fixed (dict "k" "GID" "v" $PGID) -}}
  {{- end -}}
  {{/* If rootFS is readOnly OR does not as root, let s6 containers to know that fs is readonly */}}
  {{- if or $secContext.readOnlyRootFilesystem $secContext.runAsNonRoot -}}
    {{- $fixed = mustAppend $fixed (dict "k" "S6_READ_ONLY_ROOT" "v" "1") -}}
  {{- end -}}
  {{- range $env := $fixed -}}
    {{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "fixedEnv" "key" $env.k) }}
 - name: {{ $env.k | quote }}
  value: {{ (include "tc.v1.common.helper.makeIntOrNoop" $env.v) | quote }}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/container/_imageSelector.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/container/_imageSelector.tpl
@ -0,0 +1,42 @@
 {{/* Returns the image dictionary */}}
 {{/* Call this template:
 {{ include "tc.v1.common.lib.container.imageSelector" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The object data to be used to render the container.
 */}}
 {{- define "tc.v1.common.lib.container.imageSelector" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- $imageObj := dict -}}
  {{- $selector := "image" -}}
  {{- with $objectData.imageSelector -}}
    {{- $selector = tpl . $rootCtx -}}
  {{- end -}}
  {{- if hasKey $rootCtx.Values $selector -}}
    {{- $imageObj = get $rootCtx.Values $selector -}}
  {{- else -}}
    {{- fail (printf "Container - Expected <.Values.%s> to exist" $selector) -}}
  {{- end -}}
  {{- if not $imageObj.repository -}}
    {{- fail (printf "Container - Expected non-empty <.Values.%s.repository>" $selector) -}}
  {{- end -}}
  {{- if not $imageObj.tag -}}
    {{- fail (printf "Container - Expected non-empty <.Values.%s.tag>" $selector) -}}
  {{- end -}}
  {{- if not $imageObj.pullPolicy -}}
    {{- $_ := set $imageObj "pullPolicy" "IfNotPresent" -}}
  {{- end -}}
  {{- $policies := (list "IfNotPresent" "Always" "Never") -}}
  {{- if not (mustHas $imageObj.pullPolicy $policies) -}}
    {{- fail (printf "Container - Expected <.Values.%s.pullPolicy> to be one of [%s], but got [%s]" $selector (join ", " $policies) $imageObj.pullPolicy) -}}
  {{- end -}}
  {{- $imageObj | toJson -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/container/_lifecycle.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/container/_lifecycle.tpl
@ -0,0 +1,37 @@
 {{/* Returns lifecycle */}}
 {{/* Call this template:
 {{ include "tc.v1.common.lib.container.lifecycle" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The object data to be used to render the container.
 */}}
 {{- define "tc.v1.common.lib.container.lifecycle" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- $hooks := (list "preStop" "postStart") -}}
  {{- $types := (list "exec" "http" "https") -}}
  {{- with $objectData.lifecycle -}}
    {{- range $hook, $hookValues := . -}}
      {{- if not (mustHas $hook $hooks) -}}
        {{- fail (printf "Container - Expected <lifecycle> <hook> to be one of [%s], but got [%s]" (join ", " $hooks) $hook) -}}
      {{- end -}}
      {{- if not $hookValues.type -}}
        {{- fail "Container - Expected non-empty <lifecycle> <type>" -}}
      {{- end -}}
      {{- if not (mustHas $hookValues.type $types) -}}
        {{- fail (printf "Container - Expected <lifecycle> <type> to be one of [%s], but got [%s]" (join ", " $types) $hookValues.type) -}}
      {{- end }}
 {{ $hook }}:
      {{- if eq $hookValues.type "exec" -}}
        {{- include "tc.v1.common.lib.container.actions.exec" (dict "rootCtx" $rootCtx "objectData" $hookValues "caller" "lifecycle") | trim | nindent 2 -}}
      {{- else if mustHas $hookValues.type (list "http" "https") -}}
        {{- include "tc.v1.common.lib.container.actions.httpGet" (dict "rootCtx" $rootCtx "objectData" $hookValues "caller" "lifecycle") | trim | nindent 2 -}}
      {{- end -}}
    {{- end -}}
  {{- end -}}
 {{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/container/_ports.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/container/_ports.tpl
@ -0,0 +1,87 @@
 {{/* Returns ports list */}}
 {{/* Call this template:
 {{ include "tc.v1.common.lib.container.ports" (dict "rootCtx" $ "objectData" $objectData) }}
 rootCtx: The root context of the chart.
 objectData: The object data to be used to render the container.
 */}}
 {{- define "tc.v1.common.lib.container.ports" -}}
  {{- $rootCtx := .rootCtx -}}
  {{- $objectData := .objectData -}}
  {{- range $serviceName, $serviceValues := $rootCtx.Values.service -}}
    {{- $podSelected := false -}}
    {{/* If service is enabled... */}}
    {{- if $serviceValues.enabled -}}
      {{/* If there is a selector */}}
      {{- if $serviceValues.targetSelector -}}
        {{/* And pod is selected */}}
        {{- if eq $serviceValues.targetSelector $objectData.podShortName -}}
          {{- $podSelected = true -}}
        {{- end -}}
      {{- else -}}
        {{/* If no selector is defined but pod is primary */}}
        {{- if $objectData.podPrimary -}}
          {{- $podSelected = true -}}
        {{- end -}}
      {{- end -}}
    {{- end -}}
    {{- if $podSelected -}}
      {{- range $portName, $portValues := $serviceValues.ports -}}
        {{- $containerSelected := false -}}
        {{/* If service is enabled... */}}
        {{- if $portValues.enabled -}}
          {{/* If there is a selector */}}
          {{- if $portValues.targetSelector -}}
            {{/* And container is selected */}}
            {{- if eq $portValues.targetSelector $objectData.shortName -}}
              {{- $containerSelected = true -}}
            {{- end -}}
          {{- else -}}
            {{/* If no selector is defined but container is primary */}}
            {{- if $objectData.primary -}}
              {{- $containerSelected = true -}}
            {{- end -}}
          {{- end -}}
        {{- end -}}
        {{/* If the container is selected render port */}}
        {{- if $containerSelected -}}
          {{- $containerPort := $portValues.targetPort | default $portValues.port -}}
          {{- if kindIs "string" $containerPort -}}
            {{- $containerPort = (tpl $containerPort $rootCtx) -}}
          {{- end -}}
          {{- $tcpProtocols := (list "tcp" "http" "https") -}}
          {{- $protocol := tpl ($portValues.protocol | default $rootCtx.Values.fallbackDefaults.serviceProtocol) $rootCtx -}}
          {{- if mustHas $protocol $tcpProtocols -}}
            {{- $protocol = "tcp" -}}
          {{- end }}
 - name: {{ $portName }}
  containerPort: {{ $containerPort }}
  protocol: {{ $protocol | upper }}
          {{- with $portValues.hostPort }}
  hostPort: {{ . }}
          {{- else }}
  hostPort: null
          {{- end -}}
        {{- end -}}
      {{- end -}}
    {{- end -}}
  {{- end -}}
 {{- end -}}
 {{/* Turning hostNetwork on, it creates hostPort automatically and turning it back off does not remove them. Setting hostPort explicitly to null will remove them.
    There are still cases that hostPort is not removed, for example, if you have a TCP and UDP port with the same number. Only the TCPs hostPort will be removed.
    Also note that setting hostPort to null always, it will NOT affect hostNetwork, as it will still create the hostPorts.
    It only helps to remove them when hostNetwork is turned off.
 */}}
--- a/helm-charts/dashy/charts/common/templates/lib/container/_primaryValidation.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/container/_primaryValidation.tpl
@ -0,0 +1,40 @@
 {{/* Containers Basic Validation */}}
 {{/* Call this template:
 {{ include "tc.v1.common.lib.container.primaryValidation" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
 */}}
 {{- define "tc.v1.common.lib.container.primaryValidation" -}}
  {{- $objectData := .objectData -}}
  {{- $rootCtx := .rootCtx -}}
  {{/* Initialize values */}}
  {{- $hasPrimary := false -}}
  {{- $hasEnabled := false -}}
  {{/* Go over the contaienrs */}}
  {{- range $name, $container := $objectData.podSpec.containers -}}
    {{/* If container is enabled */}}
    {{- if $container.enabled -}}
      {{- $hasEnabled = true -}}
      {{/* And container is primary */}}
      {{- if and (hasKey $container "primary") ($container.primary) -}}
        {{/* Fail if there is already a primary container */}}
        {{- if $hasPrimary -}}
          {{- fail "Container - Only one container can be primary per workload" -}}
        {{- end -}}
        {{- $hasPrimary = true -}}
      {{- end -}}
    {{- end -}}
  {{- end -}}
  {{/* Require at least one primary container, if any enabled */}}
  {{- if and $hasEnabled (not $hasPrimary) -}}
    {{- fail "Container - At least one enabled container must be primary per workload" -}}
  {{- end -}}
 {{- end -}}
--- a/Show More
+++ b/Show More
		`@ -0,0 +1 @@`
							`Subproject commit 7215ec05d0f4ef093de2f4ddc80b385214522e4d`