This commit is contained in:
parent
77ec717184
commit
1eaf295724
18
check/ahoy-hw.yaml
Normal file
18
check/ahoy-hw.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: ahoy
|
||||
namespace: default
|
||||
spec:
|
||||
ingressClassName: cilium
|
||||
rules:
|
||||
- host: ahoy-hw.guaranteedstruggle.host
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: ahoy-hello-world
|
||||
port:
|
||||
name: app
|
17
check/bgp-policy.yaml
Normal file
17
check/bgp-policy.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
apiVersion: "cilium.io/v2alpha1"
|
||||
kind: CiliumBGPPeeringPolicy
|
||||
metadata:
|
||||
name: 01-bgp-peering-policy
|
||||
spec:
|
||||
nodeSelector:
|
||||
matchLabels:
|
||||
bgp-policy: a
|
||||
virtualRouters:
|
||||
- localASN: 64512
|
||||
exportPodCIDR: true
|
||||
neighbors:
|
||||
- peerAddress: '192.168.0.105/32'
|
||||
peerASN: 64512
|
||||
serviceSelector:
|
||||
matchExpressions:
|
||||
- {key: somekey, operator: NotIn, values: ['never-used-value']}
|
12
check/config-pool.yaml
Normal file
12
check/config-pool.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
namespace: metallb-system
|
||||
name: config
|
||||
data:
|
||||
config: |
|
||||
address-pools:
|
||||
- name: default
|
||||
protocol: layer2
|
||||
addresses:
|
||||
- 192.168.0.105-192.168.0.105
|
17
check/default-ingress.yaml
Normal file
17
check/default-ingress.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: redirect
|
||||
namespace: weave
|
||||
spec:
|
||||
ingressClassName: cilium
|
||||
rules:
|
||||
- http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: weave-scope-app
|
||||
port:
|
||||
name: app
|
41
check/deployment-flask-htmx-board-dev.yaml
Normal file
41
check/deployment-flask-htmx-board-dev.yaml
Normal file
@ -0,0 +1,41 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: flask-htmx-dev
|
||||
namespace: vdk2ch
|
||||
spec:
|
||||
revisionHistoryLimit: 5
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: flask-htmx-dev
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: flask-htmx-dev
|
||||
spec:
|
||||
containers:
|
||||
- name: flask-htmx-dev
|
||||
image: harbor.guaranteedstruggle.host/library/flask-htmx-board1:dev
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 5000
|
||||
|
||||
#### таймауты и прочее взяты с потолка
|
||||
#livenessProbe:
|
||||
# httpGet:
|
||||
# path: /liveness
|
||||
# port: 5000
|
||||
# initialDelaySeconds: 2
|
||||
# timeoutSeconds: 2
|
||||
# periodSeconds: 5
|
||||
# failureThreshold: 2
|
||||
#readinessProbe:
|
||||
# httpGet:
|
||||
# path: /readiness
|
||||
# port: 5000
|
||||
# initialDelaySeconds: 3
|
||||
# timeoutSeconds: 3
|
||||
# periodSeconds: 10
|
||||
# failureThreshold: 3
|
||||
|
41
check/deployment-flask-htmx-board-master.yaml
Normal file
41
check/deployment-flask-htmx-board-master.yaml
Normal file
@ -0,0 +1,41 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: flask-htmx-master
|
||||
namespace: vdk2ch
|
||||
spec:
|
||||
revisionHistoryLimit: 5
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: flask-htmx-master
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: flask-htmx-master
|
||||
spec:
|
||||
containers:
|
||||
- name: flask-htmx-master
|
||||
image: harbor.guaranteedstruggle.host/library/flask-htmx-board1:master-of-slaves
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 5000
|
||||
|
||||
#### таймауты и прочее взяты с потолка
|
||||
#livenessProbe:
|
||||
# httpGet:
|
||||
# path: /liveness
|
||||
# port: 5000
|
||||
# initialDelaySeconds: 2
|
||||
# timeoutSeconds: 2
|
||||
# periodSeconds: 5
|
||||
# failureThreshold: 2
|
||||
#readinessProbe:
|
||||
# httpGet:
|
||||
# path: /readiness
|
||||
# port: 5000
|
||||
# initialDelaySeconds: 3
|
||||
# timeoutSeconds: 3
|
||||
# periodSeconds: 10
|
||||
# failureThreshold: 3
|
||||
|
41
check/deployment-flask-htmx-board-our-style.yaml
Normal file
41
check/deployment-flask-htmx-board-our-style.yaml
Normal file
@ -0,0 +1,41 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: flask-htmx-our-style
|
||||
namespace: vdk2ch
|
||||
spec:
|
||||
revisionHistoryLimit: 5
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: flask-htmx-our-style
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: flask-htmx-our-style
|
||||
spec:
|
||||
containers:
|
||||
- name: flask-htmx-our-style
|
||||
image: harbor.guaranteedstruggle.host/library/flask-htmx-board1:our-style
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 5000
|
||||
|
||||
#### таймауты и прочее взяты с потолка
|
||||
#livenessProbe:
|
||||
# httpGet:
|
||||
# path: /liveness
|
||||
# port: 5000
|
||||
# initialDelaySeconds: 2
|
||||
# timeoutSeconds: 2
|
||||
# periodSeconds: 5
|
||||
# failureThreshold: 2
|
||||
#readinessProbe:
|
||||
# httpGet:
|
||||
# path: /readiness
|
||||
# port: 5000
|
||||
# initialDelaySeconds: 3
|
||||
# timeoutSeconds: 3
|
||||
# periodSeconds: 10
|
||||
# failureThreshold: 3
|
||||
|
22
check/gateway-1.yaml
Normal file
22
check/gateway-1.yaml
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: my-gateway
|
||||
labels:
|
||||
color: coral
|
||||
spec:
|
||||
gatewayClassName: cilium
|
||||
addresses:
|
||||
- value: "0.0.0.0"
|
||||
- type: IPAddress
|
||||
value: 192.168.0.105
|
||||
- type: IPAddress
|
||||
value: 10.0.10.251
|
||||
listeners:
|
||||
- protocol: HTTP
|
||||
port: 80
|
||||
name: web-gw
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: All
|
20
check/httproute-ahoy.yaml
Normal file
20
check/httproute-ahoy.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-ahoy
|
||||
namespace: default
|
||||
spec:
|
||||
hostnames:
|
||||
- ahoy.guaranteedstruggle.host
|
||||
parentRefs:
|
||||
- name: my-gateway
|
||||
namespace: default
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: ahoy-hello-world
|
||||
port: 80
|
20
check/httproute-artifactory.yaml
Normal file
20
check/httproute-artifactory.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-artifactory
|
||||
namespace: artifactory
|
||||
spec:
|
||||
hostnames:
|
||||
- artifactory.guaranteedstruggle.host
|
||||
parentRefs:
|
||||
- name: my-gateway
|
||||
namespace: default
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: artifactory-artifactory-nginx
|
||||
port: 80
|
20
check/httproute-dashy.yaml
Normal file
20
check/httproute-dashy.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-dashy
|
||||
namespace: dashy
|
||||
spec:
|
||||
hostnames:
|
||||
- dashy.guaranteedstruggle.host
|
||||
parentRefs:
|
||||
- name: my-gateway
|
||||
namespace: default
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: dashy
|
||||
port: 10310
|
21
check/httproute-flask-htmx-board-dev.yaml
Normal file
21
check/httproute-flask-htmx-board-dev.yaml
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-flask-htmx-board-dev
|
||||
namespace: vdk2ch
|
||||
spec:
|
||||
hostnames:
|
||||
#- board.guaranteedstruggle.host
|
||||
- dev.board.vdk2ch.ru
|
||||
parentRefs:
|
||||
- name: my-gateway
|
||||
namespace: default
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: flask-htmx-dev-service
|
||||
port: 5000
|
21
check/httproute-flask-htmx-board-master.yaml
Normal file
21
check/httproute-flask-htmx-board-master.yaml
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-flask-htmx-board-master
|
||||
namespace: vdk2ch
|
||||
spec:
|
||||
hostnames:
|
||||
#- board.guaranteedstruggle.host
|
||||
- master.board.vdk2ch.ru
|
||||
parentRefs:
|
||||
- name: my-gateway
|
||||
namespace: default
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: flask-htmx-master-service
|
||||
port: 5000
|
21
check/httproute-flask-htmx-board-our-style.yaml
Normal file
21
check/httproute-flask-htmx-board-our-style.yaml
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-flask-htmx-board-our-style
|
||||
namespace: vdk2ch
|
||||
spec:
|
||||
hostnames:
|
||||
#- board.guaranteedstruggle.host
|
||||
- our-style.board.vdk2ch.ru
|
||||
parentRefs:
|
||||
- name: my-gateway
|
||||
namespace: default
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: flask-htmx-our-style-service
|
||||
port: 5000
|
20
check/httproute-harbor.yaml
Normal file
20
check/httproute-harbor.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-harbor
|
||||
namespace: default
|
||||
spec:
|
||||
hostnames:
|
||||
- harbor.guaranteedstruggle.host
|
||||
parentRefs:
|
||||
- name: my-gateway
|
||||
namespace: default
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: harbor
|
||||
port: 80
|
20
check/httproute-hubble.yaml
Normal file
20
check/httproute-hubble.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-hubble
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostnames:
|
||||
- hubble.guaranteedstruggle.host
|
||||
parentRefs:
|
||||
- name: my-gateway
|
||||
namespace: default
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: hubble-ui
|
||||
port: 80
|
20
check/httproute-longhorn.yaml
Normal file
20
check/httproute-longhorn.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-longhorn
|
||||
namespace: longhorn-system
|
||||
spec:
|
||||
hostnames:
|
||||
- longhorn.guaranteedstruggle.host
|
||||
parentRefs:
|
||||
- name: my-gateway
|
||||
namespace: default
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: longhorn-frontend
|
||||
port: 80
|
28
check/httproute-rancher.yaml
Normal file
28
check/httproute-rancher.yaml
Normal file
@ -0,0 +1,28 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-app-1
|
||||
namespace: default
|
||||
spec:
|
||||
hostnames:
|
||||
- rancher.guaranteedstruggle.host
|
||||
parentRefs:
|
||||
- name: my-gateway
|
||||
namespace: default
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
filters:
|
||||
- type: RequestHeaderModifier
|
||||
requestHeaderModifier:
|
||||
set:
|
||||
- name: X-Forwarded-Proto
|
||||
value: https
|
||||
# - name: Host
|
||||
# value: rancher.guaranteedstruggle.host
|
||||
backendRefs:
|
||||
- name: myrancher
|
||||
port: 80
|
20
check/httproute-weave.yaml
Normal file
20
check/httproute-weave.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-app-2
|
||||
namespace: weave
|
||||
spec:
|
||||
hostnames:
|
||||
- weave.guaranteedstruggle.host
|
||||
parentRefs:
|
||||
- name: my-gateway
|
||||
namespace: default
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: weave-scope-app
|
||||
port: 80
|
12
check/ippool.yaml
Normal file
12
check/ippool.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
apiVersion: "cilium.io/v2alpha1"
|
||||
kind: CiliumLoadBalancerIPPool
|
||||
metadata:
|
||||
name: "the-pool"
|
||||
spec:
|
||||
cidrs:
|
||||
- cidr: "192.168.0.105/30"
|
||||
|
||||
serviceSelector:
|
||||
matchExpressions:
|
||||
- {key: color, operator: In, values: [coral]}
|
9
check/ippool2.yaml
Normal file
9
check/ippool2.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
apiVersion: "cilium.io/v2alpha1"
|
||||
kind: CiliumLoadBalancerIPPool
|
||||
metadata:
|
||||
name: "lb-pool"
|
||||
spec:
|
||||
cidrs:
|
||||
|
||||
- cidr: "10.0.10.0/24"
|
||||
|
18
check/longhorn.yaml
Normal file
18
check/longhorn.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: longhorn
|
||||
namespace: longhorn-system
|
||||
spec:
|
||||
ingressClassName: cilium
|
||||
rules:
|
||||
- host: longhorn.guaranteedstruggle.host
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: longhorn-frontend
|
||||
port:
|
||||
name: http
|
16
check/network-policy-wut.yaml
Normal file
16
check/network-policy-wut.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
apiVersion: "cilium.io/v2"
|
||||
kind: CiliumNetworkPolicy
|
||||
#description: "Allow to access backends only on TCP/80"
|
||||
metadata:
|
||||
name: "frontend-backend"
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
namespace: longhorn-system
|
||||
ingress:
|
||||
- toPorts:
|
||||
- ports:
|
||||
- port: '80'
|
||||
protocol: TCP
|
||||
- fromCIDR:
|
||||
- 0.0.0.0/0
|
40
check/pv-pod.yaml
Normal file
40
check/pv-pod.yaml
Normal file
@ -0,0 +1,40 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: garbo
|
||||
namespace: default
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: longhorn
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: volume-test
|
||||
namespace: default
|
||||
spec:
|
||||
restartPolicy: Always
|
||||
containers:
|
||||
- name: volume-test
|
||||
image: nginx:stable-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- ls
|
||||
- /data/lost+found
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
volumeMounts:
|
||||
- name: volv
|
||||
mountPath: /data
|
||||
ports:
|
||||
- containerPort: 80
|
||||
volumes:
|
||||
- name: volv
|
||||
persistentVolumeClaim:
|
||||
claimName: garbo
|
20
check/rancher.yaml
Normal file
20
check/rancher.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: rancher
|
||||
namespace: default
|
||||
annotations:
|
||||
ingress.cilium.io/insecure-node-port: "80"
|
||||
spec:
|
||||
ingressClassName: cilium
|
||||
rules:
|
||||
- host: rancher.guaranteedstruggle.host
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: myrancher
|
||||
port:
|
||||
name: http
|
15
check/svc-flask-htmx-board-dev.yaml
Normal file
15
check/svc-flask-htmx-board-dev.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: flask-htmx-dev-service
|
||||
namespace: vdk2ch
|
||||
spec:
|
||||
selector:
|
||||
app: flask-htmx-dev
|
||||
ports:
|
||||
- protocol: TCP
|
||||
name: board
|
||||
port: 5000
|
||||
targetPort: 5000
|
||||
|
15
check/svc-flask-htmx-board-master.yaml
Normal file
15
check/svc-flask-htmx-board-master.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: flask-htmx-master-service
|
||||
namespace: vdk2ch
|
||||
spec:
|
||||
selector:
|
||||
app: flask-htmx-master
|
||||
ports:
|
||||
- protocol: TCP
|
||||
name: board
|
||||
port: 5000
|
||||
targetPort: 5000
|
||||
|
15
check/svc-flask-htmx-board-our-style.yaml
Normal file
15
check/svc-flask-htmx-board-our-style.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: flask-htmx-our-style-service
|
||||
namespace: vdk2ch
|
||||
spec:
|
||||
selector:
|
||||
app: flask-htmx-our-style
|
||||
ports:
|
||||
- protocol: TCP
|
||||
name: board
|
||||
port: 5000
|
||||
targetPort: 5000
|
||||
|
18
check/weave.yaml
Normal file
18
check/weave.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: weave
|
||||
namespace: weave
|
||||
spec:
|
||||
ingressClassName: cilium
|
||||
rules:
|
||||
- host: weave.guaranteedstruggle.host
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: weave-scope-app
|
||||
port:
|
||||
name: app
|
1
helm-charts/consul-k8s
Submodule
1
helm-charts/consul-k8s
Submodule
@ -0,0 +1 @@
|
||||
Subproject commit 7215ec05d0f4ef093de2f4ddc80b385214522e4d
|
30
helm-charts/dashy/.helmignore
Normal file
30
helm-charts/dashy/.helmignore
Normal file
@ -0,0 +1,30 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
# OWNERS file for Kubernetes
|
||||
OWNERS
|
||||
# helm-docs templates
|
||||
*.gotmpl
|
||||
# docs folder
|
||||
/docs
|
||||
# icon
|
||||
icon.png
|
215
helm-charts/dashy/CHANGELOG.md
Normal file
215
helm-charts/dashy/CHANGELOG.md
Normal file
@ -0,0 +1,215 @@
|
||||
# Changelog
|
||||
|
||||
|
||||
|
||||
## [dashy-1.0.0](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-1.0.0) (2022-11-10)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Major Change to GUI
|
||||
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
|
||||
- update helm general non-major ([#4349](https://github.com/truecharts/charts/issues/4349))
|
||||
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
|
||||
|
||||
### Fix
|
||||
|
||||
- change container config label
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.13](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.13) (2022-11-08)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
|
||||
- update helm general non-major ([#4349](https://github.com/truecharts/charts/issues/4349))
|
||||
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.12](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.12) (2022-11-08)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
|
||||
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.12](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.12) (2022-11-08)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
|
||||
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.12](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.12) (2022-11-08)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
|
||||
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.11](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.11) (2022-11-07)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.11](https://github.com/truecharts/charts/compare/dashy-0.0.10...dashy-0.0.11) (2022-11-06)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.10](https://github.com/truecharts/charts/compare/dashy-0.0.9...dashy-0.0.10) (2022-11-06)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4317](https://github.com/truecharts/charts/issues/4317))
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.9](https://github.com/truecharts/charts/compare/dashy-0.0.8...dashy-0.0.9) (2022-11-05)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4308](https://github.com/truecharts/charts/issues/4308))
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.8](https://github.com/truecharts/charts/compare/dashy-0.0.7...dashy-0.0.8) (2022-11-02)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4261](https://github.com/truecharts/charts/issues/4261))
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.7](https://github.com/truecharts/charts/compare/dashy-0.0.6...dashy-0.0.7) (2022-10-25)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4182](https://github.com/truecharts/charts/issues/4182))
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.6](https://github.com/truecharts/charts/compare/dashy-0.0.5...dashy-0.0.6) (2022-10-19)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4122](https://github.com/truecharts/charts/issues/4122))
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.5](https://github.com/truecharts/charts/compare/dashy-0.0.4...dashy-0.0.5) (2022-10-12)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4071](https://github.com/truecharts/charts/issues/4071))
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.4](https://github.com/truecharts/charts/compare/dashy-0.0.3...dashy-0.0.4) (2022-10-07)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.4](https://github.com/truecharts/charts/compare/dashy-0.0.3...dashy-0.0.4) (2022-10-07)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.3](https://github.com/truecharts/charts/compare/dashy-0.0.2...dashy-0.0.3) (2022-10-05)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- split addons in smaller templates ([#3979](https://github.com/truecharts/charts/issues/3979))
|
||||
- update helm general non-major
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.2](https://github.com/truecharts/charts/compare/dashy-0.0.1...dashy-0.0.2) (2022-09-27)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#3918](https://github.com/truecharts/charts/issues/3918))
|
||||
|
||||
|
||||
|
||||
|
||||
## [dashy-0.0.1]dashy-0.0.1 (2022-09-25)
|
||||
|
||||
### Feat
|
||||
|
||||
- add dashy ([#3887](https://github.com/truecharts/charts/issues/3887))
|
6
helm-charts/dashy/Chart.lock
Normal file
6
helm-charts/dashy/Chart.lock
Normal file
@ -0,0 +1,6 @@
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 14.3.5
|
||||
digest: sha256:b7cb6511c16fc5f11e4769ebf0c48524b2522a0408b8de14207cdf19109996c6
|
||||
generated: "2023-11-08T22:28:31.22683905Z"
|
26
helm-charts/dashy/Chart.yaml
Normal file
26
helm-charts/dashy/Chart.yaml
Normal file
@ -0,0 +1,26 @@
|
||||
annotations:
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/category: dashboard
|
||||
truecharts.org/grade: U
|
||||
apiVersion: v2
|
||||
appVersion: 2.1.1
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 14.3.5
|
||||
description: Dashy helps you organize your self-hosted services by making them accessible
|
||||
from a single place
|
||||
home: https://truecharts.org/charts/stable/dashy
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/dashy.png
|
||||
keywords:
|
||||
- dashboard
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: dashy
|
||||
sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/stable/dashy
|
||||
- https://github.com/Lissy93/dashy
|
||||
version: 3.0.27
|
27
helm-charts/dashy/README.md
Normal file
27
helm-charts/dashy/README.md
Normal file
@ -0,0 +1,27 @@
|
||||
# README
|
||||
|
||||
## General Info
|
||||
|
||||
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
|
||||
However only installations using the TrueNAS SCALE Apps system are supported.
|
||||
|
||||
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/)
|
||||
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
|
||||
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
|
||||
- See the [Website](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
|
||||
|
||||
---
|
||||
|
||||
## Sponsor TrueCharts
|
||||
|
||||
TrueCharts can only exist due to the incredible effort of our staff.
|
||||
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
||||
|
||||
*All Rights Reserved - The TrueCharts Project*
|
23
helm-charts/dashy/charts/common/.helmignore
Normal file
23
helm-charts/dashy/charts/common/.helmignore
Normal file
@ -0,0 +1,23 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
17
helm-charts/dashy/charts/common/Chart.yaml
Normal file
17
helm-charts/dashy/charts/common/Chart.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
apiVersion: v2
|
||||
appVersion: latest
|
||||
description: Function library for TrueCharts
|
||||
home: https://github.com/truecharts/apps/tree/master/charts/common
|
||||
icon: https://avatars.githubusercontent.com/u/76400755
|
||||
keywords:
|
||||
- truecharts
|
||||
- library-chart
|
||||
- common
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: common
|
||||
type: library
|
||||
version: 14.3.5
|
106
helm-charts/dashy/charts/common/LICENSE
Normal file
106
helm-charts/dashy/charts/common/LICENSE
Normal file
@ -0,0 +1,106 @@
|
||||
Business Source License 1.1
|
||||
|
||||
Parameters
|
||||
|
||||
Licensor: The TrueCharts Project, it's owner and it's contributors
|
||||
Licensed Work: The TrueCharts "Common" Helm Chart
|
||||
Additional Use Grant: You may use the licensed work in production, as long
|
||||
as it is directly sourced from a TrueCharts provided
|
||||
official repository, catalog or source. You may also make private
|
||||
modification to the directly sourced licenced work,
|
||||
when used in production.
|
||||
|
||||
The following cases are, due to their nature, also
|
||||
defined as 'production use' and explicitly prohibited:
|
||||
- Bundling, including or displaying the licensed work
|
||||
with(in) another work intended for production use,
|
||||
with the apparent intend of facilitating and/or
|
||||
promoting production use by third parties in
|
||||
violation of this license.
|
||||
|
||||
Change Date: 2050-01-01
|
||||
|
||||
Change License: 3-clause BSD license
|
||||
|
||||
For information about alternative licensing arrangements for the Software,
|
||||
please contact: legal@truecharts.org
|
||||
|
||||
Notice
|
||||
|
||||
The Business Source License (this document, or the “License”) is not an Open
|
||||
Source license. However, the Licensed Work will eventually be made available
|
||||
under an Open Source License, as stated in this License.
|
||||
|
||||
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
|
||||
“Business Source License” is a trademark of MariaDB Corporation Ab.
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
Business Source License 1.1
|
||||
|
||||
Terms
|
||||
|
||||
The Licensor hereby grants you the right to copy, modify, create derivative
|
||||
works, redistribute, and make non-production use of the Licensed Work. The
|
||||
Licensor may make an Additional Use Grant, above, permitting limited
|
||||
production use.
|
||||
|
||||
Effective on the Change Date, or the fourth anniversary of the first publicly
|
||||
available distribution of a specific version of the Licensed Work under this
|
||||
License, whichever comes first, the Licensor hereby grants you rights under
|
||||
the terms of the Change License, and the rights granted in the paragraph
|
||||
above terminate.
|
||||
|
||||
If your use of the Licensed Work does not comply with the requirements
|
||||
currently in effect as described in this License, you must purchase a
|
||||
commercial license from the Licensor, its affiliated entities, or authorized
|
||||
resellers, or you must refrain from using the Licensed Work.
|
||||
|
||||
All copies of the original and modified Licensed Work, and derivative works
|
||||
of the Licensed Work, are subject to this License. This License applies
|
||||
separately for each version of the Licensed Work and the Change Date may vary
|
||||
for each version of the Licensed Work released by Licensor.
|
||||
|
||||
You must conspicuously display this License on each original or modified copy
|
||||
of the Licensed Work. If you receive the Licensed Work in original or
|
||||
modified form from a third party, the terms and conditions set forth in this
|
||||
License apply to your use of that work.
|
||||
|
||||
Any use of the Licensed Work in violation of this License will automatically
|
||||
terminate your rights under this License for the current and all other
|
||||
versions of the Licensed Work.
|
||||
|
||||
This License does not grant you any right in any trademark or logo of
|
||||
Licensor or its affiliates (provided that you may use a trademark or logo of
|
||||
Licensor as expressly required by this License).
|
||||
|
||||
TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
|
||||
AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
|
||||
EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
|
||||
TITLE.
|
||||
|
||||
MariaDB hereby grants you permission to use this License’s text to license
|
||||
your works, and to refer to it using the trademark “Business Source License”,
|
||||
as long as you comply with the Covenants of Licensor below.
|
||||
|
||||
Covenants of Licensor
|
||||
|
||||
In consideration of the right to use this License’s text and the “Business
|
||||
Source License” name and trademark, Licensor covenants to MariaDB, and to all
|
||||
other recipients of the licensed work to be provided by Licensor:
|
||||
|
||||
1. To specify as the Change License the GPL Version 2.0 or any later version,
|
||||
or a license that is compatible with GPL Version 2.0 or a later version,
|
||||
where “compatible” means that software provided under the Change License can
|
||||
be included in a program with software provided under GPL Version 2.0 or a
|
||||
later version. Licensor may specify additional Change Licenses without
|
||||
limitation.
|
||||
|
||||
2. To either: (a) specify an additional grant of rights to use that does not
|
||||
impose any additional restriction on the right granted in this License, as
|
||||
the Additional Use Grant; or (b) insert the text “None”.
|
||||
|
||||
3. To specify a Change Date.
|
||||
|
||||
4. Not to modify this License in any other way.
|
24
helm-charts/dashy/charts/common/README.md
Normal file
24
helm-charts/dashy/charts/common/README.md
Normal file
@ -0,0 +1,24 @@
|
||||
# Common Library
|
||||
|
||||
## Naming Scheme
|
||||
|
||||
- ServiceAccount:
|
||||
- Primary: `$FullName`
|
||||
- Others: `$FullName-$ServiceAccountName`
|
||||
- RBAC:
|
||||
- Primary: `$FullName`
|
||||
- Others: `$FullName-$RBACName`
|
||||
- Service:
|
||||
- Primary: `$FullName`
|
||||
- Others: `$FullName-$ServiceName`
|
||||
- Pods:
|
||||
- Primary: `$FullName`
|
||||
- Others: `$FullName-$PodName`
|
||||
- Containers: `$ContainerName`
|
||||
- ConfigMap: `$FullName-$ConfigMapName`
|
||||
- Secret: `$FullName-$SecretName`
|
||||
- Scale Certificate: `$FullName-$CertName`
|
||||
- Scale External Interface: `ix-$ReleaseName-$index`
|
||||
|
||||
> Full name -> `$ReleaseName-$ChartName`
|
||||
> Any name that exceeds 63 characters, will throw an error
|
@ -0,0 +1,53 @@
|
||||
{{/*
|
||||
Template to render code-server addon
|
||||
It will include / inject the required templates based on the given values.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.codeserver" -}}
|
||||
{{- $targetSelector := "main" -}}
|
||||
{{- if $.Values.addons.codeserver.targetSelector -}}
|
||||
{{- $targetSelector = $.Values.addons.codeserver.targetSelector -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.addons.codeserver.enabled -}}
|
||||
{{/* Append the code-server container to the workloads */}}
|
||||
{{- $container := include "tc.v1.common.addon.codeserver.container" . | fromYaml -}}
|
||||
{{- if $container -}}
|
||||
{{- $workload := get $.Values.workload $targetSelector -}}
|
||||
{{- $_ := set $workload.podSpec.containers "codeserver" $container -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $hasPrimaryService := false -}}
|
||||
{{- range $svcName, $svcValues := .Values.service -}}
|
||||
{{- if $svcValues.enabled -}}
|
||||
{{- if $svcValues.primary -}}
|
||||
{{- $hasPrimaryService = true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Add the code-server service */}}
|
||||
{{- if .Values.addons.codeserver.service.enabled -}}
|
||||
{{- $serviceValues := .Values.addons.codeserver.service -}}
|
||||
{{- $_ := set $serviceValues "targetSelector" $targetSelector -}}
|
||||
{{- if not $hasPrimaryService -}}
|
||||
{{- $_ := set $serviceValues "primary" true -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set .Values.service "codeserver" $serviceValues -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Add the code-server ingress */}}
|
||||
{{- if .Values.addons.codeserver.ingress.enabled -}}
|
||||
{{- $ingressValues := .Values.addons.codeserver.ingress -}}
|
||||
{{- $_ := set $ingressValues "nameOverride" "codeserver" -}}
|
||||
|
||||
{{/* Determine the target service name & port */}}
|
||||
{{- $svcName := printf "%v-codeserver" (include "tc.v1.common.names.fullname" .) -}}
|
||||
{{- $svcPort := .Values.addons.codeserver.service.ports.codeserver.port -}}
|
||||
{{- range $_, $host := $ingressValues.hosts -}}
|
||||
{{- $_ := set (index $host.paths 0) "service" (dict "name" $svcName "port" $svcPort) -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}}
|
||||
{{- include "tc.v1.common.class.ingress" $ -}}
|
||||
{{- $_ := unset $ "ObjectValues" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,46 @@
|
||||
{{/*
|
||||
The code-server sidecar container to be inserted.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.codeserver.container" -}}
|
||||
enabled: true
|
||||
probes:
|
||||
liveness:
|
||||
enabled: true
|
||||
port: {{ .Values.addons.codeserver.service.ports.codeserver.port }}
|
||||
path: "/"
|
||||
readiness:
|
||||
enabled: true
|
||||
port: {{ .Values.addons.codeserver.service.ports.codeserver.port }}
|
||||
path: "/"
|
||||
startup:
|
||||
enabled: true
|
||||
port: {{ .Values.addons.codeserver.service.ports.codeserver.port }}
|
||||
path: "/"
|
||||
imageSelector: "codeserverImage"
|
||||
imagePullPolicy: {{ .Values.codeserverImage.pullPolicy }}
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: false
|
||||
readOnlyRootFilesystem: false
|
||||
env:
|
||||
{{- range $envList := .Values.addons.codeserver.envList -}}
|
||||
{{- if and $envList.name $envList.value }}
|
||||
{{ $envList.name }}: {{ $envList.value | quote }}
|
||||
{{- else }}
|
||||
{{- fail "Please specify name/value for codeserver environment variable" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- with .Values.addons.codeserver.env -}}
|
||||
{{- range $k, $v := . }}
|
||||
{{ $k }}: {{ $v | quote }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
args:
|
||||
{{- range .Values.addons.codeserver.args }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
- "--port"
|
||||
- "{{ .Values.addons.codeserver.service.ports.codeserver.port }}"
|
||||
- {{ .Values.addons.codeserver.workingDir | default "/" }}
|
||||
{{- end -}}
|
@ -0,0 +1,44 @@
|
||||
{{/*
|
||||
The code-server sidecar container to be inserted.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.netshoot.container" -}}
|
||||
enabled: true
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- sleep infinity
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
imageSelector: "netshootImage"
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: false
|
||||
readOnlyRootFilesystem: false
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
env:
|
||||
{{- range $envList := $.Values.addons.netshoot.envList -}}
|
||||
{{- if and $envList.name $envList.value }}
|
||||
{{ $envList.name }}: {{ $envList.value | quote }}
|
||||
{{- else }}
|
||||
{{- fail "Please specify name/value for netshoot environment variable" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- with $.Values.addons.netshoot.env -}}
|
||||
{{- range $k, $v := . }}
|
||||
{{ $k }}: {{ $v | quote }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
args:
|
||||
{{- range $.Values.addons.netshoot.args }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
@ -0,0 +1,15 @@
|
||||
{{/*
|
||||
Template to render code-server addon
|
||||
It will include / inject the required templates based on the given values.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.netshoot" -}}
|
||||
{{- $targetSelector := "main" -}}
|
||||
{{- if .Values.addons.netshoot.enabled -}}
|
||||
{{/* Append the code-server container to the workloads */}}
|
||||
{{- $container := include "tc.v1.common.addon.netshoot.container" . | fromYaml -}}
|
||||
{{- if $container -}}
|
||||
{{- $workload := get $.Values.workload $targetSelector -}}
|
||||
{{- $_ := set $workload.podSpec.containers "netshoot" $container -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,16 @@
|
||||
{{/*
|
||||
The VPN config and scripts to be included.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.configmap" -}}
|
||||
enabled: true
|
||||
data:
|
||||
{{- with .Values.addons.vpn.scripts.up }}
|
||||
up.sh: |-
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
|
||||
{{- with .Values.addons.vpn.scripts.down }}
|
||||
down.sh: |-
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,64 @@
|
||||
{{/*
|
||||
The gluetun sidecar container to be inserted.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.gluetun.container" -}}
|
||||
enabled: true
|
||||
imageSelector: gluetunImage
|
||||
probes:
|
||||
{{- if $.Values.addons.vpn.livenessProbe }}
|
||||
liveness:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- else }}
|
||||
liveness:
|
||||
enabled: false
|
||||
{{- end }}
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
runAsNonRoot: false
|
||||
readOnlyRootFilesystem: false
|
||||
runAsGroup: 568
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- MKNOD
|
||||
- SYS_MODULE
|
||||
|
||||
env:
|
||||
DNS_KEEP_NAMESERVER: "on"
|
||||
DOT: "off"
|
||||
{{- if $.Values.addons.vpn.killSwitch }}
|
||||
{{- $excludednetworks := ( printf "%v,%v" $.Values.chartContext.podCIDR $.Values.chartContext.svcCIDR ) -}}
|
||||
{{- range $.Values.addons.vpn.excludedNetworks_IPv4 -}}
|
||||
{{- $excludednetworks = ( printf "%v,%v" $excludednetworks . ) -}}
|
||||
{{- end }}
|
||||
{{- range $.Values.addons.vpn.excludedNetworks_IPv6 -}}
|
||||
{{- $excludednetworksv6 = ( printf "%v,%v" $excludednetworks . ) -}}
|
||||
{{- end }}
|
||||
FIREWALL: "on"
|
||||
FIREWALL_OUTBOUND_SUBNETS: {{ $excludednetworks | quote }}
|
||||
{{- else }}
|
||||
FIREWALL: "off"
|
||||
{{- end }}
|
||||
|
||||
{{- with $.Values.addons.vpn.env }}
|
||||
{{- . | toYaml | nindent 2 }}
|
||||
{{- end -}}
|
||||
|
||||
{{- range $envList := $.Values.addons.vpn.envList -}}
|
||||
{{- if and $envList.name $envList.value }}
|
||||
{{ $envList.name }}: {{ $envList.value | quote }}
|
||||
{{- else -}}
|
||||
{{- fail "Please specify name/value for VPN environment variable" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- with $.Values.addons.vpn.args }}
|
||||
args:
|
||||
{{- . | toYaml | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
@ -0,0 +1,73 @@
|
||||
{{/*
|
||||
The gluetun sidecar container to be inserted.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.openvpn.container" -}}
|
||||
enabled: true
|
||||
imageSelector: openvpnImage
|
||||
probes:
|
||||
{{- if $.Values.addons.vpn.livenessProbe }}
|
||||
liveness:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- else }}
|
||||
liveness:
|
||||
enabled: false
|
||||
{{- end }}
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- MKNOD
|
||||
- SYS_MODULE
|
||||
|
||||
env:
|
||||
{{- with $.Values.addons.vpn.env }}
|
||||
{{- . | toYaml | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- if and $.Values.addons.vpn.openvpn.username $.Values.addons.vpn.openvpn.password }}
|
||||
VPN_AUTH: {{ (printf "%v;%v" $.Values.addons.vpn.openvpn.username $.Values.addons.vpn.openvpn.password) }}
|
||||
{{- end -}}
|
||||
{{- if $.Values.addons.vpn.killSwitch }}
|
||||
{{- $ipv4list := $.Values.addons.vpn.excludedNetworks_IPv4 }}
|
||||
|
||||
{{- if $.Values.chartContext.podCIDR }}
|
||||
{{- $ipv4list = append $ipv4list $.Values.chartContext.podCIDR }}
|
||||
{{- end }}
|
||||
{{- if $.Values.chartContext.svcCIDR }}
|
||||
{{- $ipv4list = append $ipv4list $.Values.chartContext.svcCIDR }}
|
||||
{{- end }}
|
||||
|
||||
FIREWALL: "ON"
|
||||
{{- range $index, $value := $ipv4list }}
|
||||
ROUTE_{{ add $index 1 }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- if $.Values.addons.vpn.excludedNetworks_IPv6 }}
|
||||
{{- $excludednetworksv6 := "" -}}
|
||||
{{- range $.Values.addons.vpn.excludedNetworks_IPv4 -}}
|
||||
{{- $excludednetworksv6 = ( printf "%v;%v" $excludednetworksv6 . ) -}}
|
||||
{{- end }}
|
||||
{{- range $index, $value := $.Values.addons.vpn.excludedNetworks_IPv6 }}
|
||||
ROUTE6_{{ add $index 1 }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{- range $envList := $.Values.addons.vpn.envList -}}
|
||||
{{- if and $envList.name $envList.value }}
|
||||
{{ $envList.name }}: {{ $envList.value | quote }}
|
||||
{{- else -}}
|
||||
{{- fail "Please specify name/value for VPN environment variable" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- with $.Values.addons.vpn.args }}
|
||||
args:
|
||||
{{- . | toYaml | nindent 2 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,9 @@
|
||||
{{/*
|
||||
The OpenVPN config secret to be included.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.secret" -}}
|
||||
enabled: true
|
||||
data:
|
||||
vpn.conf: |-
|
||||
{{- .Values.addons.vpn.config | nindent 4 }}
|
||||
{{- end -}}
|
@ -0,0 +1,87 @@
|
||||
{{/*
|
||||
The Tailscale sidecar container to be inserted.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.tailscale.container" -}}
|
||||
enabled: true
|
||||
imageSelector: "tailscaleImage"
|
||||
probes:
|
||||
{{- if $.Values.addons.vpn.livenessProbe }}
|
||||
liveness:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- else }}
|
||||
liveness:
|
||||
enabled: false
|
||||
{{- end }}
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
command:
|
||||
- /usr/local/bin/containerboot
|
||||
securityContext:
|
||||
{{- if $.Values.addons.vpn.tailscale.userspace }}
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: false
|
||||
readOnlyRootFilesystem: true
|
||||
{{- else }}
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
readOnlyRootFilesystem: false
|
||||
{{- end }}
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
|
||||
{{/*
|
||||
Set KUBE_SECRET to empty string to force tailscale
|
||||
to use the filesystem for state tracking.
|
||||
With secret for state tracking you can't always
|
||||
know if the app that uses this sidecard will
|
||||
use a custom ServiceAccount and will lead to falure.
|
||||
*/}}
|
||||
env:
|
||||
TS_KUBE_SECRET: ""
|
||||
TS_SOCKET: /var/run/tailscale/tailscaled.sock
|
||||
TS_STATE_DIR: /var/lib/tailscale/state
|
||||
TS_AUTH_ONCE: {{ $.Values.addons.vpn.tailscale.auth_once | quote }}
|
||||
TS_USERSPACE: {{ $.Values.addons.vpn.tailscale.userspace | quote }}
|
||||
TS_ACCEPT_DNS: {{ $.Values.addons.vpn.tailscale.accept_dns | quote }}
|
||||
{{- with $.Values.addons.vpn.tailscale.outbound_http_proxy_listen }}
|
||||
TS_OUTBOUND_HTTP_PROXY_LISTEN: {{ . }}
|
||||
{{- end -}}
|
||||
{{- with $.Values.addons.vpn.tailscale.routes }}
|
||||
TS_ROUTES: {{ . }}
|
||||
{{- end -}}
|
||||
{{- with $.Values.addons.vpn.tailscale.dest_ip }}
|
||||
TS_DEST_IP: {{ . }}
|
||||
{{- end -}}
|
||||
{{- with $.Values.addons.vpn.tailscale.sock5_server }}
|
||||
TS_SOCKS5_SERVER: {{ . }}
|
||||
{{- end -}}
|
||||
{{- with $.Values.addons.vpn.tailscale.extra_args }}
|
||||
TS_EXTRA_ARGS: {{ . | quote }}
|
||||
{{- end -}}
|
||||
{{- with $.Values.addons.vpn.tailscale.daemon_extra_args }}
|
||||
TS_TAILSCALED_EXTRA_ARGS: {{ . | quote }}
|
||||
{{- end -}}
|
||||
{{- with $.Values.addons.vpn.tailscale.authkey }}
|
||||
TS_AUTH_KEY: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
{{- range $envList := $.Values.addons.vpn.envList -}}
|
||||
{{- if and $envList.name $envList.value }}
|
||||
{{ $envList.name }}: {{ $envList.value | quote }}
|
||||
{{- else -}}
|
||||
{{- fail "Please specify name/value for VPN environment variable" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- with $.Values.addons.vpn.env -}}
|
||||
{{- range $k, $v := . }}
|
||||
{{ $k }}: {{ $v | quote }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- end -}}
|
112
helm-charts/dashy/charts/common/templates/addons/vpn/_volume.tpl
Normal file
112
helm-charts/dashy/charts/common/templates/addons/vpn/_volume.tpl
Normal file
@ -0,0 +1,112 @@
|
||||
{{/*
|
||||
The volume (referencing VPN scripts) to be inserted into persistence.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.volume.scripts" -}}
|
||||
{{- $basePath := (include "tc.v1.common.addon.vpn.volume.basePath" .) }}
|
||||
enabled: true
|
||||
type: configmap
|
||||
objectName: vpnscripts
|
||||
expandObjectName: false
|
||||
defaultMode: "0777"
|
||||
items:
|
||||
{{- if .Values.addons.vpn.scripts.up }}
|
||||
- key: up.sh
|
||||
path: up.sh
|
||||
{{- end -}}
|
||||
{{- if .Values.addons.vpn.scripts.down }}
|
||||
- key: down.sh
|
||||
path: down.sh
|
||||
{{- end }}
|
||||
targetSelector:
|
||||
{{- range .Values.addons.vpn.targetSelector }}
|
||||
{{ . }}:
|
||||
vpn:
|
||||
mountPath: {{ $basePath }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
The volume (referencing VPN config) to be inserted into persistence.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.volume.config" -}}
|
||||
{{- $basePath := (include "tc.v1.common.addon.vpn.volume.basePath" .) }}
|
||||
{{- $mountPath := $basePath }}
|
||||
|
||||
enabled: true
|
||||
{{- if or .Values.addons.vpn.config .Values.addons.vpn.existingSecret }}
|
||||
type: secret
|
||||
defaultMode: "0777"
|
||||
items:
|
||||
- key: vpn.conf
|
||||
path: vpn.conf
|
||||
{{- if .Values.addons.vpn.existingSecret }}
|
||||
objectName: {{ .Values.addons.vpn.existingSecret }}
|
||||
expandObjectName: false
|
||||
{{- else }}
|
||||
objectName: vpnconfig
|
||||
expandObjectName: true
|
||||
{{- end -}}
|
||||
{{- else }}
|
||||
{{- $mountPath = (printf "%s/vpn.conf" $basePath) }}
|
||||
type: hostPath
|
||||
hostPath: {{ .Values.addons.vpn.configFile | default "/vpn" }}
|
||||
hostPathType: "File"
|
||||
autoPermissions:
|
||||
enabled: true
|
||||
chown: true
|
||||
user: 568
|
||||
group: 568
|
||||
{{- end }}
|
||||
targetSelector:
|
||||
{{- range .Values.addons.vpn.targetSelector }}
|
||||
{{ . }}:
|
||||
vpn:
|
||||
mountPath: {{ $mountPath }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
The volume (referencing VPN config folder) to be inserted into persistence.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.volume.folder" -}}
|
||||
{{- $basePath := (include "tc.v1.common.addon.vpn.volume.basePath" .) }}
|
||||
enabled: true
|
||||
type: hostPath
|
||||
hostPath: {{ .Values.addons.vpn.configFolder | quote }}
|
||||
autoPermissions:
|
||||
enabled: true
|
||||
chown: true
|
||||
user: 568
|
||||
group: 568
|
||||
targetSelector:
|
||||
{{- range .Values.addons.vpn.targetSelector }}
|
||||
{{ . }}:
|
||||
vpn:
|
||||
mountPath: {{ $basePath }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
The empty tailscale folder
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.volume.tailscale" -}}
|
||||
enabled: true
|
||||
type: emptyDir
|
||||
targetSelector:
|
||||
{{- range .Values.addons.vpn.targetSelector }}
|
||||
{{ . }}:
|
||||
tailscale:
|
||||
mountPath: /var/lib/tailscale
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "tc.v1.common.addon.vpn.volume.basePath" -}}
|
||||
{{- $basePath := "/vpn" -}} {{/* Base Path for OVPN */}}
|
||||
{{- if eq .Values.addons.vpn.type "wireguard" -}}
|
||||
{{- $basePath = "/etc/wireguard" -}} {{/* Base Path for Wireguard */}}
|
||||
{{- else if eq .Values.addons.vpn.type "gluetun" -}}
|
||||
{{- $basePath = "/gluetun" -}} {{/* Base Path for Gluetun */}}
|
||||
{{- end -}}
|
||||
{{- $basePath -}}
|
||||
{{- end -}}
|
@ -0,0 +1,94 @@
|
||||
{{/*
|
||||
Template to render VPN addon
|
||||
It will include / inject the required templates based on the given values.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn" -}}
|
||||
{{- if ne "disabled" .Values.addons.vpn.type -}}
|
||||
|
||||
{{- if .Values.addons.vpn.config -}}
|
||||
{{/* Append the vpn config secret to the secrets */}}
|
||||
{{- $secret := include "tc.v1.common.addon.vpn.secret" . | fromYaml -}}
|
||||
{{- if $secret -}}
|
||||
{{- $_ := set .Values.secret "vpnconfig" $secret -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
|
||||
{{/* Append the vpn up/down scripts to the configmaps */}}
|
||||
{{- $configmap := include "tc.v1.common.addon.vpn.configmap" . | fromYaml -}}
|
||||
{{- if $configmap -}}
|
||||
{{- $_ := set .Values.configmap "vpnscripts" $configmap -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.config .Values.addons.vpn.existingSecret -}}
|
||||
{{/* Append the vpn config to the persistence */}}
|
||||
{{- $configper := include "tc.v1.common.addon.vpn.volume.config" . | fromYaml -}}
|
||||
{{- if $configper -}}
|
||||
{{- $_ := set .Values.persistence "vpnconfig" $configper -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
|
||||
{{/* Append the vpn scripts to the persistence */}}
|
||||
{{- $scriptsper := include "tc.v1.common.addon.vpn.volume.scripts" . | fromYaml -}}
|
||||
{{- if $scriptsper -}}
|
||||
{{- $_ := set .Values.persistence "vpnscripts" $scriptsper -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.addons.vpn.configFolder -}}
|
||||
{{/* Append the vpn folder to the persistence */}}
|
||||
{{- $folderper := include "tc.v1.common.addon.vpn.volume.folder" . | fromYaml -}}
|
||||
{{- if $folderper -}}
|
||||
{{- $_ := set .Values.persistence "vpnfolder" $folderper -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Ensure target Selector defaults to main pod even if unset */}}
|
||||
{{- $targetSelector := list "main" -}}
|
||||
{{- if $.Values.addons.codeserver.targetSelector -}}
|
||||
{{- $targetSelector = $.Values.addons.codeserver.targetSelector -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Append the vpn container to the containers */}}
|
||||
{{- range $targetSelector -}}
|
||||
{{- if eq "gluetun" $.Values.addons.vpn.type -}}
|
||||
{{- $container := include "tc.v1.common.addon.vpn.gluetun.container" $ | fromYaml -}}
|
||||
{{- if $container -}}
|
||||
{{- $workload := get $.Values.workload . -}}
|
||||
{{- $_ := set $workload.podSpec.containers "vpn" $container -}}
|
||||
{{- end -}}
|
||||
{{- else if eq "tailscale" $.Values.addons.vpn.type -}}
|
||||
{{/* FIXME: https://github.com/tailscale/tailscale/issues/8188 */}}
|
||||
{{- $_ := set $.Values.podOptions "automountServiceAccountToken" true -}}
|
||||
{{- $container := include "tc.v1.common.addon.vpn.tailscale.container" $ | fromYaml -}}
|
||||
{{- if $container -}}
|
||||
{{- $workload := get $.Values.workload . -}}
|
||||
{{- $_ := set $workload.podSpec.containers "tailscale" $container -}}
|
||||
{{- end -}}
|
||||
{{- else if eq "openvpn" $.Values.addons.vpn.type -}}
|
||||
{{- $container := include "tc.v1.common.addon.vpn.openvpn.container" $ | fromYaml -}}
|
||||
{{- if $container -}}
|
||||
{{- $workload := get $.Values.workload . -}}
|
||||
{{- $_ := set $workload.podSpec.containers "vpn" $container -}}
|
||||
{{- end -}}
|
||||
{{- else if eq "wireguard" $.Values.addons.vpn.type -}}
|
||||
{{- $container := include "tc.v1.common.addon.vpn.wireguard.container" $ | fromYaml -}}
|
||||
{{- if $container -}}
|
||||
{{- $workload := get $.Values.workload . -}}
|
||||
{{- $_ := set $workload.podSpec.containers "vpn" $container -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if eq "tailscale" $.Values.addons.vpn.type -}}
|
||||
{{/* Append the empty tailscale folder to the persistence */}}
|
||||
{{- $tailscaledir := include "tc.v1.common.addon.vpn.volume.tailscale" . | fromYaml -}}
|
||||
{{- if $tailscaledir -}}
|
||||
{{- $_ := set .Values.persistence "tailscalestate" $tailscaledir -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,66 @@
|
||||
{{/*
|
||||
The gluetun sidecar container to be inserted.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.wireguard.container" -}}
|
||||
enabled: true
|
||||
imageSelector: wireguardImage
|
||||
probes:
|
||||
{{- if $.Values.addons.vpn.livenessProbe }}
|
||||
liveness:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- else }}
|
||||
liveness:
|
||||
enabled: false
|
||||
{{- end }}
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
securityContext:
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: true
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- NET_ADMIN
|
||||
- SETUID
|
||||
- SETGID
|
||||
- SYS_MODULE
|
||||
|
||||
env:
|
||||
{{- with $.Values.addons.vpn.env }}
|
||||
{{- . | toYaml | nindent 2 }}
|
||||
{{- end }}
|
||||
SEPARATOR: ";"
|
||||
IPTABLES_BACKEND: "nft"
|
||||
{{- if $.Values.addons.vpn.killSwitch }}
|
||||
KILLSWITCH: "true"
|
||||
{{- $excludednetworksv4 := ( printf "%v;%v" $.Values.chartContext.podCIDR $.Values.chartContext.svcCIDR ) -}}
|
||||
{{- range $.Values.addons.vpn.excludedNetworks_IPv4 -}}
|
||||
{{- $excludednetworksv4 = ( printf "%v;%v" $excludednetworksv4 . ) -}}
|
||||
{{- end }}
|
||||
KILLSWITCH_EXCLUDEDNETWORKS_IPV4: {{ $excludednetworksv4 | quote }}
|
||||
{{- if $.Values.addons.vpn.excludedNetworks_IPv6 -}}
|
||||
{{- $excludednetworksv6 := "" -}}
|
||||
{{- range $.Values.addons.vpn.excludedNetworks_IPv4 -}}
|
||||
{{- $excludednetworksv6 = ( printf "%v;%v" $excludednetworksv6 . ) -}}
|
||||
{{- end }}
|
||||
KILLSWITCH_EXCLUDEDNETWORKS_IPV6: {{ $.Values.addons.vpn.excludedNetworks_IPv6 | quote }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range $envList := $.Values.addons.vpn.envList -}}
|
||||
{{- if and $envList.name $envList.value }}
|
||||
{{ $envList.name }}: {{ $envList.value | quote }}
|
||||
{{- else -}}
|
||||
{{- fail "Please specify name/value for VPN environment variable" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- with $.Values.addons.vpn.args }}
|
||||
args:
|
||||
{{- . | toYaml | nindent 2 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,45 @@
|
||||
{{/*
|
||||
This template serves as a blueprint for all Cert-Manager Certificate objects that are created
|
||||
within the common library.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.class.certificate" -}}
|
||||
{{- $root := .root -}}
|
||||
{{- $name := .name -}}
|
||||
{{- $hosts := .hosts -}}
|
||||
{{- $certificateIssuer := .certificateIssuer -}}
|
||||
{{- $certificateSecretTemplate := .secretTemplate }}
|
||||
---
|
||||
apiVersion: {{ include "tc.v1.common.capabilities.cert-manager.certificate.apiVersion" $ }}
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ $name }}
|
||||
namespace: {{ $root.Values.namespace | default $root.Values.global.namespace | default $root.Release.Namespace }}
|
||||
spec:
|
||||
secretName: {{ $name }}
|
||||
dnsNames:
|
||||
{{- range $hosts }}
|
||||
- {{ tpl . $root | quote }}
|
||||
{{- end }}
|
||||
privateKey:
|
||||
algorithm: ECDSA
|
||||
size: 256
|
||||
rotationPolicy: Always
|
||||
issuerRef:
|
||||
name: {{ tpl $certificateIssuer $root | quote }}
|
||||
kind: ClusterIssuer
|
||||
group: cert-manager.io
|
||||
{{- if $certificateSecretTemplate }}
|
||||
secretTemplate:
|
||||
{{- $labels := (mustMerge ($certificateSecretTemplate.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $root | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $root "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 6 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($certificateSecretTemplate.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $root | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $root "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 6 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
@ -0,0 +1,83 @@
|
||||
{{- define "tc.v1.common.class.cnpg.cluster" -}}
|
||||
{{- $values := .Values.cnpg -}}
|
||||
|
||||
{{- if hasKey . "ObjectValues" -}}
|
||||
{{- with .ObjectValues.cnpg -}}
|
||||
{{- $values = . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $cnpgClusterName := $values.name -}}
|
||||
{{- $cnpgClusterLabels := $values.labels -}}
|
||||
{{- $cnpgClusterAnnotations := $values.annotations -}}
|
||||
{{- $hibernation := "off" -}}
|
||||
{{- if or $values.hibernate (include "tc.v1.common.lib.util.stopAll" $) -}}
|
||||
{{- $hibernation = "on" -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: {{ include "tc.v1.common.capabilities.cnpg.cluster.apiVersion" $ }}
|
||||
kind: Cluster
|
||||
metadata:
|
||||
name: {{ $cnpgClusterName }}
|
||||
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
|
||||
{{- $labels := (mustMerge ($cnpgClusterLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) }}
|
||||
labels:
|
||||
cnpg.io/reload: "on"
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- $annotations := (mustMerge ($cnpgClusterAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }}
|
||||
annotations:
|
||||
cnpg.io/hibernation: {{ $hibernation | quote }}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
instances: {{ $values.instances | default 2 }}
|
||||
|
||||
bootstrap:
|
||||
initdb:
|
||||
database: {{ $values.database | default "app" }}
|
||||
owner: {{ $values.user | default "app" }}
|
||||
secret:
|
||||
name: {{ $cnpgClusterName }}-user
|
||||
|
||||
primaryUpdateStrategy: {{ $values.primaryUpdateStrategy | default "unsupervised" }}
|
||||
|
||||
storage:
|
||||
pvcTemplate:
|
||||
{{- with (include "tc.v1.common.lib.storage.storageClassName" ( dict "rootCtx" $ "objectData" $values.storage )) | trim }}
|
||||
storageClassName: {{ . }}
|
||||
{{- end }}
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ tpl ($values.storage.walsize | default $.Values.fallbackDefaults.vctSize) $ | quote }}
|
||||
|
||||
walStorage:
|
||||
pvcTemplate:
|
||||
{{- with (include "tc.v1.common.lib.storage.storageClassName" ( dict "rootCtx" $ "objectData" $values.storage )) | trim }}
|
||||
storageClassName: {{ . }}
|
||||
{{- end }}
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ tpl ($values.storage.walsize | default $.Values.fallbackDefaults.vctSize) $ | quote }}
|
||||
|
||||
monitoring:
|
||||
enablePodMonitor: {{ $values.monitoring.enablePodMonitor | default true }}
|
||||
|
||||
nodeMaintenanceWindow:
|
||||
inProgress: false
|
||||
reusePVC: true
|
||||
|
||||
{{- with (include "tc.v1.common.lib.container.resources" (dict "rootCtx" $ "objectData" $values) | trim) }}
|
||||
resources:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
postgresql:
|
||||
{{- tpl ( $values.postgresql | toYaml ) $ | nindent 4 }}
|
||||
|
||||
{{- end -}}
|
@ -0,0 +1,35 @@
|
||||
{{- define "tc.v1.common.class.cnpg.pooler" -}}
|
||||
{{- $values := .Values.cnpg -}}
|
||||
|
||||
{{- if hasKey . "ObjectValues" -}}
|
||||
{{- with .ObjectValues.cnpg -}}
|
||||
{{- $values = . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $cnpgClusterName := $values.name -}}
|
||||
{{- $cnpgName := $values.cnpgName -}}
|
||||
{{- $cnpgPoolerName := $values.poolerName -}}
|
||||
{{- $cnpgClusterLabels := $values.labels -}}
|
||||
{{- $cnpgClusterAnnotations := $values.annotations -}}
|
||||
{{- $instances := $values.pooler.instances | default 2 -}}
|
||||
{{- if or $values.hibernate (include "tc.v1.common.lib.util.stopAll" $) -}}
|
||||
{{- $instances = 0 -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: {{ include "tc.v1.common.capabilities.cnpg.pooler.apiVersion" $ }}
|
||||
kind: Pooler
|
||||
metadata:
|
||||
name: {{ printf "%v-%v" $cnpgClusterName $values.pooler.type }}
|
||||
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
|
||||
spec:
|
||||
cluster:
|
||||
name: {{ $cnpgClusterName }}
|
||||
instances: {{ $instances }}
|
||||
type: {{ $values.pooler.type }}
|
||||
pgbouncer:
|
||||
poolMode: session
|
||||
parameters:
|
||||
max_client_conn: "1000"
|
||||
default_pool_size: "10"
|
||||
|
||||
{{- end -}}
|
@ -0,0 +1,37 @@
|
||||
{{/* Configmap Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.configmap" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData:
|
||||
name: The name of the configmap.
|
||||
labels: The labels of the configmap.
|
||||
annotations: The annotations of the configmap.
|
||||
data: The data of the configmap.
|
||||
namespace: The namespace of the configmap. (Optional)
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.configmap" -}}
|
||||
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Configmap") }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
data:
|
||||
{{- tpl (toYaml $objectData.data) $rootCtx | nindent 2 }}
|
||||
{{/* This comment is here to add a new line */}}
|
||||
{{- end -}}
|
52
helm-charts/dashy/charts/common/templates/class/_cronjob.tpl
Normal file
52
helm-charts/dashy/charts/common/templates/class/_cronjob.tpl
Normal file
@ -0,0 +1,52 @@
|
||||
{{/* CronJob Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.cronjob" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The object data to be used to render the CronJob.
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.cronjob" -}}
|
||||
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
{{- include "tc.v1.common.lib.workload.cronjobValidation" (dict "objectData" $objectData) }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "CronJob") }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "tc.v1.common.lib.workload.cronjobSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
|
||||
template:
|
||||
metadata:
|
||||
{{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
|
||||
(include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 12 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
|
||||
(include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 12 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 10 }}
|
||||
{{- end -}}
|
@ -0,0 +1,55 @@
|
||||
{{/* DaemonSet Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.deployment" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The object data to be used to render the DaemonSet.
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.daemonset" -}}
|
||||
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
{{- include "tc.v1.common.lib.workload.daemonsetValidation" (dict "objectData" $objectData) }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "DaemonSet") }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "tc.v1.common.lib.workload.daemonsetSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | trim | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
{{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
|
||||
(include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 8 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
|
||||
(include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
|
||||
{{- end -}}
|
@ -0,0 +1,55 @@
|
||||
{{/* Deployment Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.deployment" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The object data to be used to render the Deployment.
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.deployment" -}}
|
||||
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
{{- include "tc.v1.common.lib.workload.deploymentValidation" (dict "objectData" $objectData) }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Deployment") }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "tc.v1.common.lib.workload.deploymentSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | trim | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
{{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
|
||||
(include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 8 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
|
||||
(include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
|
||||
{{- end -}}
|
@ -0,0 +1,33 @@
|
||||
{{/* Endpoint Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.endpoint" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The service data, that will be used to render the Service object.
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.endpoint" -}}
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Endpoint") }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
subsets:
|
||||
- addresses:
|
||||
{{- include "tc.v1.common.lib.endpoint.addresses" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
|
||||
ports:
|
||||
{{- include "tc.v1.common.lib.endpoint.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
|
||||
{{- end -}}
|
@ -0,0 +1,41 @@
|
||||
{{/* EndpointSlice Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.endpointSlice" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The service data, that will be used to render the Service object.
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.endpointSlice" -}}
|
||||
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
|
||||
{{- $addressType := $objectData.addressType | default "IPv4" -}}
|
||||
{{- if $objectData.addressType -}}
|
||||
{{- $addressType = tpl $addressType $rootCtx -}}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
apiVersion: discovery.k8s.io/v1
|
||||
kind: EndpointSlice
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Endpoint Slice") }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
||||
{{- $_ := set $labels "kubernetes.io/service-name" $objectData.name -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
addressType: {{ $addressType }}
|
||||
ports:
|
||||
{{- include "tc.v1.common.lib.endpointslice.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
|
||||
endpoints:
|
||||
{{- include "tc.v1.common.lib.endpointslice.endpoints" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
|
||||
{{- end -}}
|
@ -0,0 +1,58 @@
|
||||
{{/*
|
||||
This template serves as a blueprint for horizontal pod autoscaler objects that are created
|
||||
using the common library.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.class.hpa" -}}
|
||||
{{- $targetName := include "tc.v1.common.lib.chart.names.fullname" . -}}
|
||||
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
|
||||
{{- $hpaName := $fullName -}}
|
||||
{{- $values := .Values.hpa -}}
|
||||
|
||||
{{- if hasKey . "ObjectValues" -}}
|
||||
{{- with .ObjectValues.hpa -}}
|
||||
{{- $values = . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $hpaLabels := $values.labels -}}
|
||||
{{- $hpaAnnotations := $values.annotations -}}
|
||||
|
||||
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
|
||||
{{- $hpaName = printf "%v-%v" $hpaName $values.nameOverride -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: {{ include "tc.v1.common.capabilities.hpa.apiVersion" $ }}
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ $hpaName }}
|
||||
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
|
||||
{{- $labels := (mustMerge ($hpaLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($hpaAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: {{ $values.targetKind | default ( include "tc.v1.common.names.controllerType" . ) }}
|
||||
name: {{ $values.target | default $targetName }}
|
||||
minReplicas: {{ $values.minReplicas | default 1 }}
|
||||
maxReplicas: {{ $values.maxReplicas | default 3 }}
|
||||
metrics:
|
||||
{{- if $values.targetCPUUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
targetAverageUtilization: {{ $values.targetCPUUtilizationPercentage }}
|
||||
{{- end -}}
|
||||
{{- if $values.targetMemoryUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: memory
|
||||
targetAverageUtilization: {{ $values.targetMemoryUtilizationPercentage }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
157
helm-charts/dashy/charts/common/templates/class/_ingress.tpl
Normal file
157
helm-charts/dashy/charts/common/templates/class/_ingress.tpl
Normal file
@ -0,0 +1,157 @@
|
||||
{{/*
|
||||
This template serves as a blueprint for all Ingress objects that are created
|
||||
within the common library.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.class.ingress" -}}
|
||||
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
|
||||
{{- $ingressName := $fullName -}}
|
||||
{{- $values := .Values.ingress -}}
|
||||
|
||||
{{- if hasKey . "ObjectValues" -}}
|
||||
{{- with .ObjectValues.ingress -}}
|
||||
{{- $values = . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $ingressLabels := $values.labels -}}
|
||||
{{- $ingressAnnotations := $values.annotations -}}
|
||||
|
||||
{{- $ingressName = $values.name -}}
|
||||
|
||||
{{/* Get the name of the primary service, if any */}}
|
||||
{{- $primaryServiceName := (include "tc.v1.common.lib.util.service.primary" (dict "services" .Values.service "root" .)) -}}
|
||||
{{/* Get service values of the primary service, if any */}}
|
||||
{{- $primaryService := get .Values.service $primaryServiceName -}}
|
||||
{{- $defaultServiceName := $fullName -}}
|
||||
|
||||
{{- if and (hasKey $primaryService "nameOverride") $primaryService.nameOverride -}}
|
||||
{{- $defaultServiceName = printf "%v-%v" $defaultServiceName $primaryService.nameOverride -}}
|
||||
{{- end -}}
|
||||
{{- $defaultServicePort := get $primaryService.ports (include "tc.v1.common.lib.util.service.ports.primary" (dict "svcValues" $primaryService "svcName" $primaryServiceName )) -}}
|
||||
|
||||
{{- $mddwrNamespace := "tc-system" -}}
|
||||
{{- if $.Values.operator.traefik -}}
|
||||
{{- if $.Values.operator.traefik.namespace -}}
|
||||
{{- $mddwrNamespace = $.Values.operator.traefik.namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $values.ingressClassName -}}
|
||||
|
||||
{{- if $.Values.global.ixChartContext -}}
|
||||
{{- $mddwrNamespace = (printf "ix-%s" $values.ingressClassName) -}}
|
||||
{{- else -}}
|
||||
{{- $mddwrNamespace = $values.ingressClassName -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $fixedMiddlewares := "" -}}
|
||||
{{- if $values.enableFixedMiddlewares -}}
|
||||
|
||||
{{/* If cors is enabled, replace the default fixedMiddleware with the opencors chain */}}
|
||||
{{- if $values.allowCors -}}
|
||||
{{- $corsMiddlewares := list "tc-opencors-chain" }}
|
||||
{{- $_ := set $values "fixedMiddlewares" $corsMiddlewares -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range $index, $fixedMiddleware := $values.fixedMiddlewares -}}
|
||||
{{- if $index -}}
|
||||
{{- $fixedMiddlewares = ( printf "%v, %v-%v@%v" $fixedMiddlewares $mddwrNamespace $fixedMiddleware "kubernetescrd" ) -}}
|
||||
{{- else -}}
|
||||
{{- $fixedMiddlewares = ( printf "%v-%v@%v" $mddwrNamespace $fixedMiddleware "kubernetescrd" ) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $middlewares := "" -}}
|
||||
{{- range $index, $middleware := $values.middlewares -}}
|
||||
{{- if $index -}}
|
||||
{{- $middlewares = ( printf "%v, %v-%v@%v" $middlewares $mddwrNamespace $middleware "kubernetescrd" ) -}}
|
||||
{{- else -}}
|
||||
{{- $middlewares = ( printf "%v-%v@%v" $mddwrNamespace $middleware "kubernetescrd" ) -}}
|
||||
{{- end -}}
|
||||
{{ end }}
|
||||
|
||||
{{- if and ( $fixedMiddlewares ) ( $middlewares ) -}}
|
||||
{{- $middlewares = ( printf "%v, %v" $fixedMiddlewares $middlewares ) -}}
|
||||
{{- else if $fixedMiddlewares -}}
|
||||
{{- $middlewares = ( printf "%s" $fixedMiddlewares ) -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: {{ include "tc.v1.common.capabilities.ingress.apiVersion" $ }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $ingressName }}
|
||||
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
|
||||
{{- $labels := (mustMerge ($ingressLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($ingressAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }}
|
||||
annotations:
|
||||
{{- with $values.certificateIssuer }}
|
||||
cert-manager.io/cluster-issuer: {{ tpl ( toYaml . ) $ }}
|
||||
cert-manager.io/private-key-rotation-policy: Always
|
||||
{{- end }}
|
||||
"traefik.ingress.kubernetes.io/router.entrypoints": {{ $values.entrypoint | default "websecure" }}
|
||||
"traefik.ingress.kubernetes.io/router.middlewares": {{ $middlewares | quote }}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if $values.ingressClassName }}
|
||||
ingressClassName: {{ $values.ingressClassName }}
|
||||
{{- end -}}
|
||||
{{- if $values.certificateIssuer }}
|
||||
tls:
|
||||
{{- range $index, $hostsValues := $values.hosts }}
|
||||
- hosts:
|
||||
- {{ tpl $hostsValues.host $ | quote }}
|
||||
secretName: {{ ( printf "%v-%v-%v" $ingressName "tls" $index ) }}
|
||||
{{- end -}}
|
||||
{{- else if $values.tls }}
|
||||
tls:
|
||||
{{- range $index, $tlsValues := $values.tls }}
|
||||
{{- $tlsName := ( printf "%v-%v" "tls" $index ) }}
|
||||
- hosts:
|
||||
{{- range $tlsValues.hosts }}
|
||||
- {{ tpl . $ | quote }}
|
||||
{{- end -}}
|
||||
{{- if $tlsValues.certificateIssuer }}
|
||||
secretName: {{ printf "%v-%v" $ingressName $tlsName }}
|
||||
{{- else if and ($tlsValues.scaleCert) ($.Values.global.ixChartContext) -}}
|
||||
{{- $cert := dict }}
|
||||
{{- $_ := set $cert "id" $tlsValues.scaleCert }}
|
||||
{{- $_ := set $cert "nameOverride" $tlsName }}
|
||||
secretName: {{ printf "%s-tls-%v" (include "tc.v1.common.lib.chart.names.fullname" $) $index }}
|
||||
{{- else if .clusterCertificate }}
|
||||
secretName: clusterissuer-templated-{{ tpl .clusterCertificate $ }}
|
||||
{{- else if .secretName }}
|
||||
secretName: {{ tpl .secretName $ | quote }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range $values.hosts }}
|
||||
- host: {{ tpl .host $ | quote }}
|
||||
http:
|
||||
paths:
|
||||
{{- range .paths -}}
|
||||
{{- $service := $defaultServiceName -}}
|
||||
{{- $port := $defaultServicePort.port -}}
|
||||
{{- if .service -}}
|
||||
{{- $service = default $service .service.name -}}
|
||||
{{- $port = default $port .service.port -}}
|
||||
{{- end }}
|
||||
- path: {{ tpl .path $ | quote }}
|
||||
pathType: {{ default "Prefix" .pathType }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ $service }}
|
||||
port:
|
||||
number: {{ $port }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{- end -}}
|
52
helm-charts/dashy/charts/common/templates/class/_job.tpl
Normal file
52
helm-charts/dashy/charts/common/templates/class/_job.tpl
Normal file
@ -0,0 +1,52 @@
|
||||
{{/* Job Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.job" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The object data to be used to render the Job.
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.job" -}}
|
||||
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
{{- include "tc.v1.common.lib.workload.jobValidation" (dict "objectData" $objectData) }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Job") }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "tc.v1.common.lib.workload.jobSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
|
||||
template:
|
||||
metadata:
|
||||
{{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
|
||||
(include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 8 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
|
||||
(include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
|
||||
{{- end -}}
|
@ -0,0 +1,38 @@
|
||||
{{/* MutatingWebhookConfiguration Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.mutatingWebhookConfiguration" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData:
|
||||
name: The name of the MutatingWebhookConfiguration.
|
||||
labels: The labels of the MutatingWebhookConfiguration.
|
||||
annotations: The annotations of the MutatingWebhookConfiguration.
|
||||
data: The data of the MutatingWebhookConfiguration.
|
||||
namespace: The namespace of the MutatingWebhookConfiguration. (Optional)
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.mutatingWebhookConfiguration" -}}
|
||||
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData }}
|
||||
---
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: MutatingWebhookConfiguration
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Webhook") }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
webhooks:
|
||||
{{- range $webhook := $objectData.webhooks -}}
|
||||
{{- include "tc.v1.common.lib.webhook" (dict "webhook" $webhook "rootCtx" $rootCtx) | trim | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,35 @@
|
||||
{{/* Network Attachment Definition Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.networkAttachmentDefinition" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData:
|
||||
name: The name of the Network Attachment Definition.
|
||||
labels: The labels of the Network Attachment Definition.
|
||||
annotations: The annotations of the Network Attachment Definition.
|
||||
config: The config of the interface
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.networkAttachmentDefinition" -}}
|
||||
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData }}
|
||||
---
|
||||
apiVersion: k8s.cni.cncf.io/v1
|
||||
kind: NetworkAttachmentDefinition
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Network Attachment Definition") }}
|
||||
{{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml) | default dict -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml) | default dict -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
config: {{ $objectData.config | squote }}
|
||||
{{- end -}}
|
@ -0,0 +1,185 @@
|
||||
{{/*
|
||||
Blueprint for the NetworkPolicy object
|
||||
*/}}
|
||||
{{- define "tc.v1.common.class.networkpolicy" -}}
|
||||
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
|
||||
{{- $networkPolicyName := $fullName -}}
|
||||
{{- $values := .Values.networkPolicy -}}
|
||||
|
||||
{{- if hasKey . "ObjectValues" -}}
|
||||
{{- with .ObjectValues.networkPolicy -}}
|
||||
{{- $values = . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $networkpolicyLabels := $values.labels -}}
|
||||
{{- $networkpolicyAnnotations := $values.annotations -}}
|
||||
|
||||
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
|
||||
{{- $networkPolicyName = printf "%v-%v" $networkPolicyName $values.nameOverride -}}
|
||||
{{- end }}
|
||||
---
|
||||
kind: NetworkPolicy
|
||||
apiVersion: {{ include "tc.v1.common.capabilities.networkpolicy.apiVersion" $ }}
|
||||
metadata:
|
||||
name: {{ $networkPolicyName }}
|
||||
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
|
||||
{{- $labels := (mustMerge ($networkpolicyLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($networkpolicyAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
podSelector:
|
||||
{{- if $values.podSelector }}
|
||||
{{- tpl (toYaml $values.podSelector) $ | nindent 4 }}
|
||||
{{- else if $values.targetSelector }}
|
||||
{{- $objectData := dict "targetSelector" $values.targetSelector }}
|
||||
{{- $selectedPod := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $ "objectData" $objectData)) }}
|
||||
{{- $selectedPodName := $selectedPod.shortName }}
|
||||
matchLabels:
|
||||
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "pod" "objectName" $selectedPodName) | indent 8 }}
|
||||
{{- else }}
|
||||
matchLabels:
|
||||
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "" "objectName" "") | indent 8 }}
|
||||
{{- end }}
|
||||
|
||||
{{- if $values.policyType }}
|
||||
{{- if eq $values.policyType "ingress" }}
|
||||
policyTypes: ["Ingress"]
|
||||
{{- else if eq $values.policyType "egress" }}
|
||||
policyTypes: ["Egress"]
|
||||
|
||||
{{- else if eq $values.policyType "ingress-egress" }}
|
||||
policyTypes: ["Ingress", "Egress"]
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $values.egress }}
|
||||
egress:
|
||||
{{- range $values.egress }}
|
||||
- to:
|
||||
{{- range .to -}}
|
||||
{{- $nss := false -}}
|
||||
{{- $ipb := false -}}
|
||||
{{- if .ipBlock -}}
|
||||
{{- if .ipBlock.cidr -}}
|
||||
{{- $ipb = true }}
|
||||
- ipBlock:
|
||||
cidr: {{ .ipBlock.cidr }}
|
||||
{{- if .ipBlock.except }}
|
||||
except:
|
||||
{{- range .ipBlock.except }}
|
||||
- {{ . }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if and ( .namespaceSelector ) ( not $ipb ) -}}
|
||||
{{- if or ( .namespaceSelector.matchLabels ) ( .namespaceSelector.matchExpressions ) -}}
|
||||
{{- $nss = true }}
|
||||
- namespaceSelector:
|
||||
{{- if .namespaceSelector.matchLabels }}
|
||||
matchLabels:
|
||||
{{- .namespaceSelector.matchLabels | toYaml | nindent 12 }}
|
||||
{{- end -}}
|
||||
{{- if .namespaceSelector.matchExpressions }}
|
||||
matchExpressions:
|
||||
{{- .namespaceSelector.matchExpressions | toYaml | nindent 12 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if and ( .podSelector ) ( not $ipb ) -}}
|
||||
{{- if or ( .podSelector.matchLabels ) ( .podSelector.matchExpressions ) -}}
|
||||
{{- if $nss }}
|
||||
podSelector:
|
||||
{{- else }}
|
||||
- podSelector:
|
||||
{{- end -}}
|
||||
{{- if .podSelector.matchLabels }}
|
||||
matchLabels:
|
||||
{{- .podSelector.matchLabels | toYaml | nindent 12 }}
|
||||
{{- end -}}
|
||||
{{- if .podSelector.matchExpressions }}
|
||||
matchExpressions:
|
||||
{{- .podSelector.matchExpressions | toYaml | nindent 12 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- with .ports }}
|
||||
ports:
|
||||
{{- . | toYaml | nindent 6 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $values.ingress }}
|
||||
ingress:
|
||||
{{- range $values.ingress }}
|
||||
- from:
|
||||
{{- range .from -}}
|
||||
{{- $nss := false -}}
|
||||
{{- $ipb := false -}}
|
||||
{{- if .ipBlock -}}
|
||||
{{- if .ipBlock.cidr -}}
|
||||
{{- $ipb = true }}
|
||||
- ipBlock:
|
||||
cidr: {{ .ipBlock.cidr }}
|
||||
{{- if .ipBlock.except }}
|
||||
except:
|
||||
{{- range .ipBlock.except }}
|
||||
- {{ . }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if and ( .namespaceSelector ) ( not $ipb ) -}}
|
||||
{{- if or ( .namespaceSelector.matchLabels ) ( .namespaceSelector.matchExpressions ) -}}
|
||||
{{- $nss = true }}
|
||||
- namespaceSelector:
|
||||
{{- if .namespaceSelector.matchLabels }}
|
||||
matchLabels:
|
||||
{{- .namespaceSelector.matchLabels | toYaml | nindent 12 }}
|
||||
{{- end -}}
|
||||
{{- if .namespaceSelector.matchExpressions }}
|
||||
matchExpressions:
|
||||
{{- .namespaceSelector.matchExpressions | toYaml | nindent 12 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if and ( .podSelector ) ( not $ipb ) -}}
|
||||
{{- if or ( .podSelector.matchLabels ) ( .podSelector.matchExpressions ) -}}
|
||||
{{- if $nss }}
|
||||
podSelector:
|
||||
{{- else }}
|
||||
- podSelector:
|
||||
{{- end }}
|
||||
{{- if .podSelector.matchLabels }}
|
||||
matchLabels:
|
||||
{{- .podSelector.matchLabels | toYaml | nindent 12 }}
|
||||
{{- end -}}
|
||||
{{- if .podSelector.matchExpressions }}
|
||||
matchExpressions:
|
||||
{{- .podSelector.matchExpressions | toYaml | nindent 12 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- with .ports }}
|
||||
ports:
|
||||
{{- . | toYaml | nindent 6 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,54 @@
|
||||
{{/* poddisruptionbudget Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.podDisruptionBudget" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData:
|
||||
name: The name of the podDisruptionBudget.
|
||||
labels: The labels of the podDisruptionBudget.
|
||||
annotations: The annotations of the podDisruptionBudget.
|
||||
data: The data of the podDisruptionBudget.
|
||||
namespace: The namespace of the podDisruptionBudget. (Optional)
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.podDisruptionBudget" -}}
|
||||
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData }}
|
||||
---
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Pod Disruption Budget") }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
data:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- if $objectData.customLabels -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $objectData.customLabels) | trim) }}
|
||||
{{- . | nindent 6 }}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- $selectedPod := fromJson (include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Pod Disruption Budget")) }}
|
||||
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $selectedPod.shortName) | nindent 6 }}
|
||||
{{- end -}}
|
||||
{{- if hasKey $objectData "minAvailable" }}
|
||||
minAvailable: {{ tpl (toString $objectData.minAvailable) $rootCtx }}
|
||||
{{- end -}}
|
||||
{{- if hasKey $objectData "maxUnavailable" }}
|
||||
maxUnavailable: {{ tpl (toString $objectData.maxUnavailable) $rootCtx }}
|
||||
{{- end -}}
|
||||
{{- with $objectData.unhealthyPodEvictionPolicy }}
|
||||
unhealthyPodEvictionPolicy: {{ tpl . $rootCtx }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,47 @@
|
||||
{{- define "tc.v1.common.class.podmonitor" -}}
|
||||
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
|
||||
{{- $podmonitorName := $fullName -}}
|
||||
{{- $values := .Values.podmonitor -}}
|
||||
|
||||
{{- if hasKey . "ObjectValues" -}}
|
||||
{{- with .ObjectValues.metrics -}}
|
||||
{{- $values = . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $podmonitorLabels := $values.labels -}}
|
||||
{{- $podmonitorAnnotations := $values.annotations -}}
|
||||
|
||||
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
|
||||
{{- $podmonitorName = printf "%v-%v" $podmonitorName $values.nameOverride -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: {{ include "tc.v1.common.capabilities.podmonitor.apiVersion" $ }}
|
||||
kind: PodMonitor
|
||||
metadata:
|
||||
name: {{ $podmonitorName }}
|
||||
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
|
||||
{{- $labels := (mustMerge ($podmonitorLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- $annotations := (mustMerge ($podmonitorAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
jobLabel: app.kubernetes.io/name
|
||||
selector:
|
||||
{{- if $values.selector }}
|
||||
{{- tpl (toYaml $values.selector) $ | nindent 4 }}
|
||||
{{- else }}
|
||||
{{- $objectData := dict "targetSelector" $values.targetSelector }}
|
||||
{{- $selectedPod := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $ "objectData" $objectData)) }}
|
||||
{{- $selectedPodName := $selectedPod.shortName }}
|
||||
matchLabels:
|
||||
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "pod" "objectName" $selectedPodName) | indent 6 }}
|
||||
{{- end }}
|
||||
podMetricsEndpoints:
|
||||
{{- tpl (toYaml $values.endpoints) $ | nindent 4 }}
|
||||
{{- end -}}
|
@ -0,0 +1,55 @@
|
||||
{{- define "tc.v1.common.class.prometheusrule" -}}
|
||||
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
|
||||
{{- $prometheusruleName := $fullName -}}
|
||||
{{- $values := .Values.prometheusrule -}}
|
||||
|
||||
{{- if hasKey . "ObjectValues" -}}
|
||||
{{- with .ObjectValues.metrics -}}
|
||||
{{- $values = . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $prometheusruleLabels := $values.labels -}}
|
||||
{{- $prometheusruleAnnotations := $values.annotations -}}
|
||||
|
||||
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
|
||||
{{- $prometheusruleName = printf "%v-%v" $prometheusruleName $values.nameOverride -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: {{ include "tc.v1.common.capabilities.prometheusrule.apiVersion" $ }}
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: {{ $prometheusruleName }}
|
||||
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
|
||||
{{- $labels := (mustMerge ($prometheusruleLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- $annotations := (mustMerge ($prometheusruleAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
groups:
|
||||
{{- range $name, $groupValues := .groups }}
|
||||
- name: {{ $prometheusruleName }}-{{ $name }}
|
||||
rules:
|
||||
{{- with $groupValues.rules }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $groupValues.additionalrules }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $id, $groupValues := .additionalgroups }}
|
||||
- name: {{ $prometheusruleName }}-{{ if $groupValues.name }}{{ $groupValues.name }}{{ else }}{{ $id }}{{ end }}
|
||||
rules:
|
||||
{{- with $groupValues.rules }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $groupValues.additionalrules }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
57
helm-charts/dashy/charts/common/templates/class/_pvc.tpl
Normal file
57
helm-charts/dashy/charts/common/templates/class/_pvc.tpl
Normal file
@ -0,0 +1,57 @@
|
||||
{{/* PVC Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.pvc" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData:
|
||||
name: The name of the PVC.
|
||||
labels: The labels of the PVC.
|
||||
annotations: The annotations of the PVC.
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.pvc" -}}
|
||||
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
|
||||
{{- $pvcRetain := $rootCtx.Values.fallbackDefaults.pvcRetain -}}
|
||||
{{- if (kindIs "bool" $objectData.retain) -}}
|
||||
{{- $pvcRetain = $objectData.retain -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $pvcSize := $rootCtx.Values.fallbackDefaults.pvcSize -}}
|
||||
{{- with $objectData.size -}}
|
||||
{{- $pvcSize = tpl . $rootCtx -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Persistent Volume Claim") }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- if $pvcRetain -}}
|
||||
{{- $_ := set $annotations "\"helm.sh/resource-policy\"" "keep" -}}
|
||||
{{- end -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{- include "tc.v1.common.lib.pvc.accessModes" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "PVC") | trim | nindent 4 }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ $pvcSize }}
|
||||
{{- with $objectData.volumeName }}
|
||||
volumeName: {{ tpl . $rootCtx }}
|
||||
{{- end -}}
|
||||
{{- with (include "tc.v1.common.lib.storage.storageClassName" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "PVC") | trim) }}
|
||||
storageClassName: {{ . }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
64
helm-charts/dashy/charts/common/templates/class/_rbac.tpl
Normal file
64
helm-charts/dashy/charts/common/templates/class/_rbac.tpl
Normal file
@ -0,0 +1,64 @@
|
||||
{{/* RBAC Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.rbac" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData:
|
||||
name: The name of the rbac.
|
||||
labels: The labels of the rbac.
|
||||
annotations: The annotations of the rbac.
|
||||
clusterWide: Whether the rbac is cluster wide or not.
|
||||
rules: The rules of the rbac.
|
||||
subjects: The subjects of the rbac.
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.rbac" -}}
|
||||
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: {{ ternary "ClusterRole" "Role" $objectData.clusterWide }}
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
{{- if not $objectData.clusterWide }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "RBAC") }}
|
||||
{{- end }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- include "tc.v1.common.lib.rbac.rules" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: {{ ternary "ClusterRoleBinding" "RoleBinding" $objectData.clusterWide }}
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
{{- if not $objectData.clusterWide }}
|
||||
namespace: {{ $rootCtx.Release.Namespace }}
|
||||
{{- end }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: {{ ternary "ClusterRole" "Role" $objectData.clusterWide }}
|
||||
name: {{ $objectData.name }}
|
||||
subjects:
|
||||
{{- include "tc.v1.common.lib.rbac.serviceAccount" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
|
||||
{{- include "tc.v1.common.lib.rbac.subjects" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
|
||||
{{- end -}}
|
87
helm-charts/dashy/charts/common/templates/class/_route.tpl
Normal file
87
helm-charts/dashy/charts/common/templates/class/_route.tpl
Normal file
@ -0,0 +1,87 @@
|
||||
{{/*
|
||||
This template serves as a blueprint for all Route objects that are created
|
||||
within the common library.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.class.route" -}}
|
||||
{{- $values := .Values.route -}}
|
||||
{{- if hasKey . "ObjectValues" -}}
|
||||
{{- with .ObjectValues.route -}}
|
||||
{{- $values = . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $routeLabels := $values.labels -}}
|
||||
{{- $routeAnnotations := $values.annotations -}}
|
||||
|
||||
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
|
||||
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
|
||||
{{- $fullName = printf "%v-%v" $fullName $values.nameOverride -}}
|
||||
{{- end -}}
|
||||
{{- $routeKind := $values.kind | default "HTTPRoute" -}}
|
||||
|
||||
{{/* Get the name of the primary service, if any */}}
|
||||
{{- $primaryServiceName := (include "tc.v1.common.lib.util.service.primary" (dict "services" .Values.service "root" .)) -}}
|
||||
{{/* Get service values of the primary service, if any */}}
|
||||
{{- $primaryService := get .Values.service $primaryServiceName -}}
|
||||
{{- $defaultServiceName := $fullName -}}
|
||||
|
||||
{{- if and (hasKey $primaryService "nameOverride") $primaryService.nameOverride -}}
|
||||
{{- $defaultServiceName = printf "%v-%v" $defaultServiceName $primaryService.nameOverride -}}
|
||||
{{- end -}}
|
||||
{{- $defaultServicePort := get $primaryService.ports (include "tc.v1.common.lib.util.service.ports.primary" (dict "svcValues" $primaryService "svcName" $primaryServiceName )) }}
|
||||
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
{{- if and (ne $routeKind "GRPCRoute") (ne $routeKind "HTTPRoute") (ne $routeKind "TCPRoute") (ne $routeKind "TLSRoute") (ne $routeKind "UDPRoute") -}}
|
||||
{{- fail (printf "Not a valid route kind (%s)" $routeKind) -}}
|
||||
{{- end }}
|
||||
kind: {{ $routeKind }}
|
||||
metadata:
|
||||
name: {{ $fullName }}
|
||||
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
|
||||
{{- $labels := (mustMerge ($routeLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($routeAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }}
|
||||
annotations:
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
parentRefs:
|
||||
{{- range $values.parentRefs }}
|
||||
- group: {{ default "gateway.networking.k8s.io" .group }}
|
||||
kind: {{ default "Gateway" .kind }}
|
||||
name: {{ required (printf "parentRef name is required for %v %v" $routeKind $fullName) .name }}
|
||||
namespace: {{ required (printf "parentRef namespace is required for %v %v" $routeKind $fullName) .namespace }}
|
||||
{{- if .sectionName }}
|
||||
sectionName: {{ .sectionName | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and (ne $routeKind "TCPRoute") (ne $routeKind "UDPRoute") $values.hostnames }}
|
||||
hostnames:
|
||||
{{- with $values.hostnames }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range $values.rules }}
|
||||
- backendRefs:
|
||||
{{- range .backendRefs }}
|
||||
- group: {{ default "" .group | quote}}
|
||||
kind: {{ default "Service" .kind }}
|
||||
name: {{ default $defaultServiceName .name }}
|
||||
namespace: {{ default $.Release.Namespace .namespace }}
|
||||
port: {{ default $defaultServicePort.port .port }}
|
||||
weight: {{ default 1 .weight }}
|
||||
{{- end }}
|
||||
{{- if (eq $routeKind "HTTPRoute") }}
|
||||
{{- with .matches }}
|
||||
matches:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
58
helm-charts/dashy/charts/common/templates/class/_secret.tpl
Normal file
58
helm-charts/dashy/charts/common/templates/class/_secret.tpl
Normal file
@ -0,0 +1,58 @@
|
||||
{{/* Secret Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.secret" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData:
|
||||
name: The name of the secret.
|
||||
labels: The labels of the secret.
|
||||
annotations: The annotations of the secret.
|
||||
type: The type of the secret.
|
||||
data: The data of the secret.
|
||||
namespace: The namespace of the secret. (Optional)
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.secret" -}}
|
||||
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
{{- $secretType := "Opaque" -}}
|
||||
|
||||
{{- if eq $objectData.type "certificate" -}}
|
||||
{{- $secretType = "kubernetes.io/tls" -}}
|
||||
{{- else if eq $objectData.type "imagePullSecret" -}}
|
||||
{{- $secretType = "kubernetes.io/dockerconfigjson" -}}
|
||||
{{- else if $objectData.type -}}
|
||||
{{- $secretType = $objectData.type -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: {{ $secretType }}
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Secret") }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- if (mustHas $objectData.type (list "certificate" "imagePullSecret")) }}
|
||||
data:
|
||||
{{- if eq $objectData.type "certificate" }}
|
||||
tls.crt: {{ $objectData.data.certificate | trim | b64enc }}
|
||||
tls.key: {{ $objectData.data.privatekey | trim | b64enc }}
|
||||
{{- else if eq $objectData.type "imagePullSecret" }}
|
||||
.dockerconfigjson: {{ $objectData.data | trim | b64enc }}
|
||||
{{- end -}}
|
||||
{{- else }}
|
||||
stringData:
|
||||
{{- tpl (toYaml $objectData.data) $rootCtx | nindent 2 }}
|
||||
{{/* This comment is here to add a new line */}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
115
helm-charts/dashy/charts/common/templates/class/_service.tpl
Normal file
115
helm-charts/dashy/charts/common/templates/class/_service.tpl
Normal file
@ -0,0 +1,115 @@
|
||||
{{/* Service Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.service" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The service data, that will be used to render the Service object.
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.service" -}}
|
||||
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
|
||||
{{- $svcType := $objectData.type | default $rootCtx.Values.fallbackDefaults.serviceType -}}
|
||||
|
||||
{{/* Init variables */}}
|
||||
{{- $hasHTTPSPort := false -}}
|
||||
{{- $hasHostPort := false -}}
|
||||
{{- $hostNetwork := false -}}
|
||||
{{- $podValues := dict -}}
|
||||
|
||||
{{- range $portName, $port := $objectData.ports -}}
|
||||
{{- if $port.enabled -}}
|
||||
{{- if eq (tpl ($port.protocol | default "") $rootCtx) "https" -}}
|
||||
{{- $hasHTTPSPort = true -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if and (hasKey $port "hostPort") $port.hostPort -}}
|
||||
{{- $hasHostPort = true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $specialTypes := (list "ExternalName" "ExternalIP") -}}
|
||||
{{/* External Name / External IP does not rely on any pod values */}}
|
||||
{{- if not (mustHas $svcType $specialTypes) -}}
|
||||
{{/* Get Pod Values based on the selector (or the absence of it) */}}
|
||||
{{- $podValues = fromJson (include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service")) -}}
|
||||
|
||||
{{- if $podValues -}}
|
||||
{{/* Get Pod hostNetwork configuration */}}
|
||||
{{- $hostNetwork = include "tc.v1.common.lib.pod.hostNetwork" (dict "rootCtx" $rootCtx "objectData" $podValues) -}}
|
||||
{{/* When hostNetwork is set on the pod, force ClusterIP, so services wont try to bind the same ports on the host */}}
|
||||
{{- if or (and (kindIs "bool" $hostNetwork) $hostNetwork) (and (kindIs "string" $hostNetwork) (eq $hostNetwork "true")) -}}
|
||||
{{- $svcType = "ClusterIP" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* When hostPort is defined, force ClusterIP aswell */}}
|
||||
{{- if $hasHostPort -}}
|
||||
{{- $svcType = "ClusterIP" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set $objectData "type" $svcType }}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service") }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "service" "objectName" $objectData.shortName) | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- if eq $objectData.type "LoadBalancer" -}}
|
||||
{{- include "tc.v1.common.lib.service.metalLBAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData "annotations" $annotations) -}}
|
||||
{{- end -}}
|
||||
{{- if $hasHTTPSPort -}}
|
||||
{{- include "tc.v1.common.lib.service.traefikAnnotations" (dict "rootCtx" $rootCtx "annotations" $annotations) -}}
|
||||
{{- end -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if eq $objectData.type "ClusterIP" -}}
|
||||
{{- include "tc.v1.common.lib.service.spec.clusterIP" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
|
||||
{{- else if eq $objectData.type "LoadBalancer" -}}
|
||||
{{- include "tc.v1.common.lib.service.spec.loadBalancer" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
|
||||
{{- else if eq $objectData.type "NodePort" -}}
|
||||
{{- include "tc.v1.common.lib.service.spec.nodePort" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
|
||||
{{- else if eq $objectData.type "ExternalName" -}}
|
||||
{{- include "tc.v1.common.lib.service.spec.externalName" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
|
||||
{{- else if eq $objectData.type "ExternalIP" -}}
|
||||
{{- include "tc.v1.common.lib.service.spec.externalIP" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}}
|
||||
{{- end -}}
|
||||
{{- with (include "tc.v1.common.lib.service.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
|
||||
ports:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- if not (mustHas $objectData.type $specialTypes) }}
|
||||
selector:
|
||||
{{- if $objectData.selectorLabels }}
|
||||
{{- tpl ( toYaml $objectData.selectorLabels) $rootCtx | nindent 4 }}
|
||||
{{- else }}
|
||||
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $podValues.shortName) | trim | nindent 4 -}}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- if eq $objectData.type "ExternalIP" -}}
|
||||
{{- $useSlice := true -}}
|
||||
{{- if kindIs "bool" $objectData.useSlice -}}
|
||||
{{- $useSlice = $objectData.useSlice -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $useSlice -}}
|
||||
{{- include "tc.v1.common.class.endpointSlice" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }}
|
||||
{{- else -}}
|
||||
{{- include "tc.v1.common.class.endpoint" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,34 @@
|
||||
{{/* Service Account Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.serviceAccount" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData:
|
||||
name: The name of the serviceAccount.
|
||||
labels: The labels of the serviceAccount.
|
||||
annotations: The annotations of the serviceAccount.
|
||||
autoMountToken: Whether to mount the ServiceAccount token or not.
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.serviceAccount" -}}
|
||||
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service Account") }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ $objectData.automountServiceAccountToken | default false }}
|
||||
{{- end -}}
|
@ -0,0 +1,47 @@
|
||||
{{- define "tc.v1.common.class.servicemonitor" -}}
|
||||
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
|
||||
{{- $servicemonitorName := $fullName -}}
|
||||
{{- $values := .Values.servicemonitor -}}
|
||||
|
||||
{{- if hasKey . "ObjectValues" -}}
|
||||
{{- with .ObjectValues.metrics -}}
|
||||
{{- $values = . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $servicemonitorLabels := $values.labels -}}
|
||||
{{- $servicemonitorAnnotations := $values.annotations -}}
|
||||
|
||||
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
|
||||
{{- $servicemonitorName = printf "%v-%v" $servicemonitorName $values.nameOverride -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: {{ include "tc.v1.common.capabilities.servicemonitor.apiVersion" $ }}
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ $servicemonitorName }}
|
||||
namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }}
|
||||
{{- $labels := (mustMerge ($servicemonitorLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- $annotations := (mustMerge ($servicemonitorAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
jobLabel: app.kubernetes.io/name
|
||||
selector:
|
||||
{{- if $values.selector }}
|
||||
{{- tpl (toYaml $values.selector) $ | nindent 4 }}
|
||||
{{- else }}
|
||||
{{- $objectData := dict "targetSelector" $values.targetSelector }}
|
||||
{{- $selectedService := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedServiceValues" (dict "rootCtx" $ "objectData" $objectData)) }}
|
||||
{{- $selectedServiceName := $selectedService.shortName }}
|
||||
matchLabels:
|
||||
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "service" "objectName" $selectedServiceName) | indent 6 }}
|
||||
{{- end }}
|
||||
endpoints:
|
||||
{{- tpl (toYaml $values.endpoints) $ | nindent 4 }}
|
||||
{{- end -}}
|
@ -0,0 +1,59 @@
|
||||
{{/* StatefulSet Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.deployment" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The object data to be used to render the StatefulSet.
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.statefulset" -}}
|
||||
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
{{- include "tc.v1.common.lib.workload.statefulsetValidation" (dict "objectData" $objectData) }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "StatefulSet") }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "tc.v1.common.lib.workload.statefulsetSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | trim | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
{{- $labels := (mustMerge ($objectData.podSpec.labels | default dict)
|
||||
(include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.podLabels" $rootCtx | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 8 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict)
|
||||
(include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.externalInterfacePodAnnotations" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml)
|
||||
(include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }}
|
||||
{{- with (include "tc.v1.common.lib.storage.volumeClaimTemplates" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }}
|
||||
volumeClaimTemplates:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
@ -0,0 +1,38 @@
|
||||
{{/* ValidatingWebhookconfiguration Class */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.class.validatingWebhookconfiguration" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
|
||||
rootCtx: The root context of the chart.
|
||||
objectData:
|
||||
name: The name of the validatingWebhookconfiguration.
|
||||
labels: The labels of the validatingWebhookconfiguration.
|
||||
annotations: The annotations of the validatingWebhookconfiguration.
|
||||
data: The data of the validatingWebhookconfiguration.
|
||||
namespace: The namespace of the validatingWebhookconfiguration. (Optional)
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.class.validatingWebhookconfiguration" -}}
|
||||
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData }}
|
||||
---
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
name: {{ $objectData.name }}
|
||||
namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Webhook") }}
|
||||
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
webhooks:
|
||||
{{- range $webhook := $objectData.webhooks -}}
|
||||
{{- include "tc.v1.common.lib.webhook" (dict "webhook" $webhook "rootCtx" $rootCtx) | trim | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,23 @@
|
||||
{{/* Check Env for Duplicates */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $ "objectData" $objectData "source" $source "key" $key) }}
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The object data to be used to render the container.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.helper.container.envDupeCheck" -}}
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
|
||||
{{- $source := .source -}}
|
||||
{{- $type := .type -}}
|
||||
{{- $key := .key -}}
|
||||
|
||||
{{- $dupeEnv := (get $objectData.envDupe $key) -}}
|
||||
|
||||
{{- if $dupeEnv -}}
|
||||
{{- fail (printf "Container - Environment Variable [%s] in [%s] tried to override the Environment Variable that is already defined in [%s]" $key $source $dupeEnv.source) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $_ := set $objectData.envDupe $key (dict "source" $source) -}}
|
||||
|
||||
{{- end -}}
|
@ -0,0 +1,59 @@
|
||||
{{/* Returns Lowest and Highest ports assigned to the any container in the pod */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.lib.helpers.securityContext.getPortRange" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The object data to be used to render the Pod.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.lib.helpers.securityContext.getPortRange" -}}
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
|
||||
{{ $portRange := (dict "high" 0 "low" 0) }}
|
||||
|
||||
{{- range $name, $service := $rootCtx.Values.service -}}
|
||||
{{- $selected := false -}}
|
||||
{{/* If service is enabled... */}}
|
||||
{{- if $service.enabled -}}
|
||||
|
||||
{{/* If there is a selector */}}
|
||||
{{- if $service.targetSelector -}}
|
||||
|
||||
{{/* And pod is selected */}}
|
||||
{{- if eq $service.targetSelector $objectData.shortName -}}
|
||||
{{- $selected = true -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- else -}}
|
||||
{{/* If no selector is defined but pod is primary */}}
|
||||
{{- if $objectData.primary -}}
|
||||
{{- $selected = true -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $selected -}}
|
||||
{{- range $name, $portValues := $service.ports -}}
|
||||
{{- if $portValues.enabled -}}
|
||||
|
||||
{{- $portToCheck := ($portValues.targetPort | default $portValues.port) -}}
|
||||
{{- if kindIs "string" $portToCheck -}}
|
||||
{{- $portToCheck = (tpl $portToCheck $rootCtx) | int -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if or (not $portRange.low) (lt ($portToCheck | int) ($portRange.low | int)) -}}
|
||||
{{- $_ := set $portRange "low" $portToCheck -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if or (not $portRange.high) (gt ($portToCheck | int) ($portRange.high | int)) -}}
|
||||
{{- $_ := set $portRange "high" $portToCheck -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{- $portRange | toJson -}}
|
||||
{{- end -}}
|
@ -0,0 +1,47 @@
|
||||
{{/* Service - Get Selected Pod */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
|
||||
objectData: The object data of the service
|
||||
rootCtx: The root context of the chart.
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.lib.helpers.getSelectedPodValues" -}}
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
{{- $caller := .caller -}}
|
||||
|
||||
{{- $podValues := dict -}}
|
||||
{{- with $objectData.targetSelector -}}
|
||||
{{- $podValues = mustDeepCopy (get $rootCtx.Values.workload .) -}}
|
||||
|
||||
{{- if not $podValues -}}
|
||||
{{- fail (printf "%s - Selected pod [%s] is not defined" $caller .) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not $podValues.enabled -}}
|
||||
{{- fail (printf "%s - Selected pod [%s] is not enabled" $caller .) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* While we know the shortName from targetSelector, let's set it explicitly
|
||||
So service can reference this directly, to match the behaviour of a service
|
||||
without targetSelector defined (assumes "use primary") */}}
|
||||
{{- $_ := set $podValues "shortName" . -}}
|
||||
{{- else -}}
|
||||
|
||||
{{/* If no targetSelector is defined, we assume the service is using the primary pod */}}
|
||||
{{/* Also no need to check for multiple primaries here, it's already done on the workload validation */}}
|
||||
{{- range $podName, $pod := $rootCtx.Values.workload -}}
|
||||
{{- if $pod.enabled -}}
|
||||
{{- if $pod.primary -}}
|
||||
{{- $podValues = mustDeepCopy $pod -}}
|
||||
{{/* Set the shortName so service can use this on selector */}}
|
||||
{{- $_ := set $podValues "shortName" $podName -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{/* Return values in Json, to preserve types */}}
|
||||
{{ $podValues | toJson }}
|
||||
{{- end -}}
|
@ -0,0 +1,47 @@
|
||||
{{/* Service - Get Selected Service */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.lib.helpers.getSelectedServiceValues" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
|
||||
objectData: The object data of the service
|
||||
rootCtx: The root context of the chart.
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.lib.helpers.getSelectedServiceValues" -}}
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
{{- $caller := .caller -}}
|
||||
|
||||
{{- $serviceValues := dict -}}
|
||||
{{- with $objectData.targetSelector -}}
|
||||
{{- $serviceValues = mustDeepCopy (get $rootCtx.Values.service .) -}}
|
||||
|
||||
{{- if not $serviceValues -}}
|
||||
{{- fail (printf "%s - Selected service [%s] is not defined" $caller .) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not $serviceValues.enabled -}}
|
||||
{{- fail (printf "%s - Selected service [%s] is not enabled" $caller .) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* While we know the shortName from targetSelector, let's set it explicitly
|
||||
So service can reference this directly, to match the behaviour of a service
|
||||
without targetSelector defined (assumes "use primary") */}}
|
||||
{{- $_ := set $serviceValues "shortName" . -}}
|
||||
{{- else -}}
|
||||
|
||||
{{/* If no targetSelector is defined, we assume the service is using the primary service */}}
|
||||
{{/* Also no need to check for multiple primaries here, it's already done on the service validation */}}
|
||||
{{- range $serviceName, $service := $rootCtx.Values.service -}}
|
||||
{{- if $service.enabled -}}
|
||||
{{- if $service.primary -}}
|
||||
{{- $serviceValues = mustDeepCopy $service -}}
|
||||
{{/* Set the shortName so service can use this on selector */}}
|
||||
{{- $_ := set $serviceValues "shortName" $serviceName -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{/* Return values in Json, to preserve types */}}
|
||||
{{ $serviceValues | toJson }}
|
||||
{{- end -}}
|
@ -0,0 +1,21 @@
|
||||
{{- define "tc.v1.common.helper.makeIntOrNoop" -}}
|
||||
{{- $value := . -}}
|
||||
|
||||
{{/*
|
||||
- Ints in Helm can be either int, int64 or float64.
|
||||
- Values that start with zero should not be converted
|
||||
to int again as this will strip leading zeros.
|
||||
- Numbers converted to E notation by Helm will
|
||||
always contain the "e" character. So we only
|
||||
convert those.
|
||||
*/}}
|
||||
{{- if and
|
||||
(mustHas (kindOf $value) (list "int" "int64" "float64"))
|
||||
(not (hasPrefix "0" ($value | toString)))
|
||||
(contains "e" ($value | toString | lower))
|
||||
-}}
|
||||
{{- $value | int -}}
|
||||
{{- else -}}
|
||||
{{- $value -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,44 @@
|
||||
{{/* Return the appropriate apiVersion for PodMonitor */}}
|
||||
{{- define "tc.v1.common.capabilities.podmonitor.apiVersion" -}}
|
||||
{{- print "monitoring.coreos.com/v1" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Return the appropriate apiVersion for ServiceMonitor */}}
|
||||
{{- define "tc.v1.common.capabilities.servicemonitor.apiVersion" -}}
|
||||
{{- print "monitoring.coreos.com/v1" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Return the appropriate apiVersion for PrometheusRule */}}
|
||||
{{- define "tc.v1.common.capabilities.prometheusrule.apiVersion" -}}
|
||||
{{- print "monitoring.coreos.com/v1" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Return the appropriate apiVersion for Ingress */}}
|
||||
{{- define "tc.v1.common.capabilities.ingress.apiVersion" -}}
|
||||
{{- print "networking.k8s.io/v1" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Return the appropriate apiVersion for NetworkPolicy*/}}
|
||||
{{- define "tc.v1.common.capabilities.networkpolicy.apiVersion" -}}
|
||||
{{- print "networking.k8s.io/v1" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Return the appropriate apiVersion for HorizontalPodAutoscaler aka HPA*/}}
|
||||
{{- define "tc.v1.common.capabilities.hpa.apiVersion" -}}
|
||||
{{- print "autoscaling/v2" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Return the appropriate apiVersion for Cert-Manager certificates */}}
|
||||
{{- define "tc.v1.common.capabilities.cert-manager.certificate.apiVersion" -}}
|
||||
{{- print "cert-manager.io/v1" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Return the appropriate apiVersion for Cert-Manager certificates */}}
|
||||
{{- define "tc.v1.common.capabilities.cnpg.cluster.apiVersion" -}}
|
||||
{{- print "postgresql.cnpg.io/v1" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Return the appropriate apiVersion for Cert-Manager certificates */}}
|
||||
{{- define "tc.v1.common.capabilities.cnpg.pooler.apiVersion" -}}
|
||||
{{- print "postgresql.cnpg.io/v1" -}}
|
||||
{{- end -}}
|
@ -0,0 +1,52 @@
|
||||
{{/* Contains functions for generating names */}}
|
||||
|
||||
{{/* Returns the name of the Chart */}}
|
||||
{{- define "tc.v1.common.lib.chart.names.name" -}}
|
||||
|
||||
{{- .Chart.Name | lower | trunc 63 | trimSuffix "-" -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{/* Returns the fullname of the Chart */}}
|
||||
{{- define "tc.v1.common.lib.chart.names.fullname" -}}
|
||||
|
||||
{{- $name := include "tc.v1.common.lib.chart.names.name" . -}}
|
||||
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- $name = .Release.Name -}}
|
||||
{{- else -}}
|
||||
{{- $name = printf "%s-%s" .Release.Name $name -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $name | lower | trunc 63 | trimSuffix "-" -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{/* Returns the fqdn of the Chart */}}
|
||||
{{- define "tc.v1.common.lib.chart.names.fqdn" -}}
|
||||
|
||||
{{- printf "%s.%s" (include "tc.v1.common.lib.chart.names.name" .) .Release.Namespace | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{/* Validates names */}}
|
||||
{{- define "tc.v1.common.lib.chart.names.validation" -}}
|
||||
|
||||
{{- $name := .name -}}
|
||||
{{- $length := .length -}}
|
||||
{{- if not $length -}}
|
||||
{{- $length = 63 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not (and (mustRegexMatch "^[a-z0-9]((-?[a-z0-9]-?)*[a-z0-9])?$" $name) (le (len $name) $length)) -}}
|
||||
{{- fail (printf "Name [%s] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most %v characters." $name $length) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{/* Create chart name and version as used by the chart label */}}
|
||||
{{- define "tc.v1.common.lib.chart.names.chart" -}}
|
||||
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
|
||||
{{- end -}}
|
@ -0,0 +1,21 @@
|
||||
{{- define "tc.v1.common.lib.chart.notes" -}}
|
||||
|
||||
{{- include "tc.v1.common.lib.chart.header" . -}}
|
||||
|
||||
{{- include "tc.v1.common.lib.chart.custom" . -}}
|
||||
|
||||
{{- include "tc.v1.common.lib.chart.footer" . -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{- define "tc.v1.common.lib.chart.header" -}}
|
||||
{{- tpl $.Values.notes.header $ | nindent 0 }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "tc.v1.common.lib.chart.custom" -}}
|
||||
{{- tpl $.Values.notes.custom $ | nindent 0 }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "tc.v1.common.lib.chart.footer" -}}
|
||||
{{- tpl $.Values.notes.footer $ | nindent 0 }}
|
||||
{{- end -}}
|
@ -0,0 +1,9 @@
|
||||
{{- define "tc.v1.common.lib.cnpg.metrics.pooler" -}}
|
||||
enabled: true
|
||||
type: "podmonitor"
|
||||
selector:
|
||||
matchLabels:
|
||||
cnpg.io/poolerName: {{ .poolerName }}
|
||||
endpoints:
|
||||
- port: metrics
|
||||
{{- end }}
|
@ -0,0 +1,14 @@
|
||||
{{- define "tc.v1.common.lib.cnpg.secret.urls" -}}
|
||||
{{- $std := .std }}
|
||||
{{- $nossl := .nossl }}
|
||||
{{- $porthost := .porthost }}
|
||||
{{- $host := .host }}
|
||||
{{- $jdbc := .jdbc }}
|
||||
enabled: true
|
||||
data:
|
||||
std: {{ $std }}
|
||||
nossl: {{ $nossl }}
|
||||
porthost: {{ $porthost }}
|
||||
host: {{ $host }}
|
||||
jdbc: {{ $jdbc }}
|
||||
{{- end -}}
|
@ -0,0 +1,9 @@
|
||||
{{- define "tc.v1.common.lib.cnpg.secret.user" -}}
|
||||
{{- $dbPass := .dbPass }}
|
||||
{{- $values := .values -}}
|
||||
enabled: true
|
||||
type: kubernetes.io/basic-auth
|
||||
data:
|
||||
username: {{ $values.user }}
|
||||
password: {{ $dbPass }}
|
||||
{{- end -}}
|
@ -0,0 +1,21 @@
|
||||
{{/* Configmap Validation */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.lib.configmap.validation" (dict "objectData" $objectData) -}}
|
||||
objectData:
|
||||
labels: The labels of the configmap.
|
||||
annotations: The annotations of the configmap.
|
||||
data: The data of the configmap.
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.lib.configmap.validation" -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
|
||||
{{- if not $objectData.data -}}
|
||||
{{- fail "ConfigMap - Expected non-empty <data>" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not (kindIs "map" $objectData.data) -}}
|
||||
{{- fail (printf "ConfigMap - Expected <data> to be a dictionary, but got [%v]" (kindOf $objectData.data)) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
@ -0,0 +1,22 @@
|
||||
{{/* Returns args list */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.lib.container.args" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The object data to be used to render the container.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.lib.container.args" -}}
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
|
||||
{{- range $key := (list "args" "extraArgs") -}}
|
||||
{{- with (get $objectData $key) -}}
|
||||
{{- if kindIs "string" . }}
|
||||
- {{ tpl . $rootCtx | quote }}
|
||||
{{- else if kindIs "slice" . -}}
|
||||
{{- range $arg := . }}
|
||||
- {{ tpl $arg $rootCtx | quote }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,18 @@
|
||||
{{/* Returns command list */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.lib.container.command" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The object data to be used to render the container.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.lib.container.command" -}}
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
|
||||
{{- if kindIs "string" $objectData.command }}
|
||||
- {{ tpl $objectData.command $rootCtx | quote }}
|
||||
{{- else if kindIs "slice" $objectData.command -}}
|
||||
{{- range $objectData.command }}
|
||||
- {{ tpl . $rootCtx | quote }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
108
helm-charts/dashy/charts/common/templates/lib/container/_env.tpl
Normal file
108
helm-charts/dashy/charts/common/templates/lib/container/_env.tpl
Normal file
@ -0,0 +1,108 @@
|
||||
{{/* Returns Env */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.lib.container.env" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The object data to be used to render the container.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.lib.container.env" -}}
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
|
||||
{{- range $k, $v := $objectData.env -}}
|
||||
{{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "env" "key" $k) }}
|
||||
- name: {{ $k | quote }}
|
||||
{{- if not (kindIs "map" $v) -}}
|
||||
{{- $value := "" -}}
|
||||
{{- if not (kindIs "invalid" $v) -}} {{/* Only tpl non-empty values */}}
|
||||
{{- $value = $v -}}
|
||||
{{- if kindIs "string" $v -}}
|
||||
{{- $value = tpl $v $rootCtx -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
value: {{ include "tc.v1.common.helper.makeIntOrNoop" $value | quote }}
|
||||
{{- else if kindIs "map" $v }}
|
||||
valueFrom:
|
||||
{{- $refs := (list "configMapKeyRef" "secretKeyRef" "fieldRef") -}}
|
||||
{{- if or (ne (len ($v | keys)) 1) (not (mustHas ($v | keys | first) $refs)) -}}
|
||||
{{- fail (printf "Container - Expected <env> with a ref to have one of [%s], but got [%s]" (join ", " $refs) (join ", " ($v | keys | sortAlpha))) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $name := "" -}}
|
||||
|
||||
|
||||
{{- range $key := (list "configMapKeyRef" "secretKeyRef") -}}
|
||||
{{- if hasKey $v $key }}
|
||||
{{ $key }}:
|
||||
{{- $obj := get $v $key -}}
|
||||
{{- if not $obj.name -}}
|
||||
{{- fail (printf "Container - Expected non-empty <env.%s.name>" $key) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not $obj.key -}}
|
||||
{{- fail (printf "Container - Expected non-empty <env.%s.key>" $key) -}}
|
||||
{{- end }}
|
||||
key: {{ $obj.key | quote }}
|
||||
|
||||
{{- $name = tpl $obj.name $rootCtx -}}
|
||||
|
||||
{{- $expandName := true -}}
|
||||
{{- if (hasKey $obj "expandObjectName") -}}
|
||||
{{- if not (kindIs "invalid" $obj.expandObjectName) -}}
|
||||
{{- $expandName = $obj.expandObjectName -}}
|
||||
{{- else -}}
|
||||
{{- fail (printf "Container - Expected the defined key [expandObjectName] in <env.%s> to not be empty" $k) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if kindIs "string" $expandName -}}
|
||||
{{- $expandName = tpl $expandName $rootCtx -}}
|
||||
|
||||
{{/* After tpl it becomes a string, not a bool */}}
|
||||
{{- if eq $expandName "true" -}}
|
||||
{{- $expandName = true -}}
|
||||
{{- else if eq $expandName "false" -}}
|
||||
{{- $expandName = false -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $expandName -}}
|
||||
{{- $item := ($key | trimSuffix "KeyRef" | lower) -}}
|
||||
|
||||
{{- $data := (get $rootCtx.Values $item) -}}
|
||||
{{- $data = (get $data $name) -}}
|
||||
|
||||
{{- if not $data -}}
|
||||
{{- fail (printf "Container - Expected in <env> the referenced %s [%s] to be defined" (camelcase $item) $name) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $found := false -}}
|
||||
{{- range $k, $v := $data.data -}}
|
||||
{{- if eq $k $obj.key -}}
|
||||
{{- $found = true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not $found -}}
|
||||
{{- fail (printf "Container - Expected in <env> the referenced key [%s] in %s [%s] to be defined" $obj.key (camelcase $item) $name) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $name = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $name) -}}
|
||||
{{- end }}
|
||||
name: {{ $name | quote }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if hasKey $v "fieldRef" }}
|
||||
fieldRef:
|
||||
{{- if not $v.fieldRef.fieldPath -}}
|
||||
{{- fail "Container - Expected non-empty <env.fieldRef.fieldPath>" -}}
|
||||
{{- end }}
|
||||
fieldPath: {{ $v.fieldRef.fieldPath | quote }}
|
||||
{{- if $v.fieldRef.apiVersion }}
|
||||
apiVersion: {{ $v.fieldRef.apiVersion | quote }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,74 @@
|
||||
{{/* Returns Env From */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.lib.container.envFrom" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The object data to be used to render the container.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.lib.container.envFrom" -}}
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
|
||||
{{- $refs := (list "configMapRef" "secretRef") -}}
|
||||
{{- range $envFrom := $objectData.envFrom -}}
|
||||
{{- if and (not $envFrom.secretRef) (not $envFrom.configMapRef) -}}
|
||||
{{- fail (printf "Container - Expected <envFrom> entry to have one of [%s]" (join ", " $refs)) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if and $envFrom.secretRef $envFrom.configMapRef -}}
|
||||
{{- fail (printf "Container - Expected <envFrom> entry to have only one of [%s], but got both" (join ", " $refs)) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range $ref := $refs -}}
|
||||
{{- with (get $envFrom $ref) -}}
|
||||
{{- if not .name -}}
|
||||
{{- fail (printf "Container - Expected non-empty <envFrom.%s.name>" $ref) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $objectName := tpl .name $rootCtx -}}
|
||||
|
||||
{{- $expandName := true -}}
|
||||
{{- if (hasKey . "expandObjectName") -}}
|
||||
{{- if not (kindIs "invalid" .expandObjectName) -}}
|
||||
{{- $expandName = .expandObjectName -}}
|
||||
{{- else -}}
|
||||
{{- fail (printf "Container - Expected the defined key [expandObjectName] in <envFrom.%s> to not be empty" $ref) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if kindIs "string" $expandName -}}
|
||||
{{- $expandName = tpl $expandName $rootCtx -}}
|
||||
|
||||
{{/* After tpl it becomes a string, not a bool */}}
|
||||
{{- if eq $expandName "true" -}}
|
||||
{{- $expandName = true -}}
|
||||
{{- else if eq $expandName "false" -}}
|
||||
{{- $expandName = false -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $expandName -}}
|
||||
{{- $object := dict -}}
|
||||
{{- $source := "" -}}
|
||||
{{- if eq $ref "configMapRef" -}}
|
||||
{{- $object = (get $rootCtx.Values.configmap $objectName) -}}
|
||||
{{- $source = "ConfigMap" -}}
|
||||
{{- else if eq $ref "secretRef" -}}
|
||||
{{- $object = (get $rootCtx.Values.secret $objectName) -}}
|
||||
{{- $source = "Secret" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not $object -}}
|
||||
{{- fail (printf "Container - Expected %s [%s] defined in <envFrom> to exist" $source $objectName) -}}
|
||||
{{- end -}}
|
||||
{{- range $k, $v := $object.data -}}
|
||||
{{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" (printf "%s - %s" $source $objectName) "key" $k) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $objectName = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $objectName) -}}
|
||||
{{- end }}
|
||||
- {{ $ref }}:
|
||||
name: {{ $objectName | quote }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,23 @@
|
||||
{{/* Returns Env List */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.lib.container.envList" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The object data to be used to render the container.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.lib.container.envList" -}}
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
|
||||
{{- range $env := $objectData.envList -}}
|
||||
{{- if not $env.name -}}
|
||||
{{- fail "Container - Expected non-empty <envList.name>" -}}
|
||||
{{- end -}} {{/* Empty value is valid */}}
|
||||
{{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "envList" "key" $env.name) -}}
|
||||
{{- $value := $env.value -}}
|
||||
{{- if kindIs "string" $env.value -}}
|
||||
{{- $value = tpl $env.value $rootCtx -}}
|
||||
{{- end }}
|
||||
- name: {{ $env.name | quote }}
|
||||
value: {{ include "tc.v1.common.helper.makeIntOrNoop" $value | quote }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,75 @@
|
||||
{{/* Returns Fixed Env */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.lib.container.fixedEnv" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The object data to be used to render the container.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.lib.container.fixedEnv" -}}
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
|
||||
{{/* Avoid nil pointers */}}
|
||||
{{- if not (hasKey $objectData "fixedEnv") -}}
|
||||
{{- $_ := set $objectData "fixedEnv" dict -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $nvidiaCaps := $rootCtx.Values.containerOptions.NVIDIA_CAPS -}}
|
||||
|
||||
{{- if $objectData.fixedEnv.NVIDIA_CAPS -}}
|
||||
{{- $nvidiaCaps = $objectData.fixedEnv.NVIDIA_CAPS -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not (deepEqual $nvidiaCaps (mustUniq $nvidiaCaps)) -}}
|
||||
{{- fail (printf "Container - Expected <fixedEnv.NVIDIA_CAPS> to have only unique values, but got [%s]" (join ", " $nvidiaCaps)) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $caps := (list "all" "compute" "utility" "graphics" "video") -}}
|
||||
{{- range $cap := $nvidiaCaps -}}
|
||||
{{- if not (mustHas $cap $caps) -}}
|
||||
{{- fail (printf "Container - Expected <fixedEnv.NVIDIA_CAPS> entry to be one of [%s], but got [%s]" (join ", " $caps) $cap) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $secContext := fromJson (include "tc.v1.common.lib.container.securityContext.calculate" (dict "rootCtx" $rootCtx "objectData" $objectData)) -}}
|
||||
|
||||
{{- $fixed := list -}}
|
||||
{{- $TZ := $objectData.fixedEnv.TZ | default $rootCtx.Values.TZ -}}
|
||||
{{- $UMASK := $objectData.fixedEnv.UMASK | default $rootCtx.Values.securityContext.container.UMASK -}}
|
||||
{{- $PUID := $objectData.fixedEnv.PUID | default $rootCtx.Values.securityContext.container.PUID -}}
|
||||
{{- if and (not (kindIs "invalid" $objectData.fixedEnv.PUID)) (eq (int $objectData.fixedEnv.PUID) 0) -}}
|
||||
{{- $PUID = $objectData.fixedEnv.PUID -}}
|
||||
{{- end -}}
|
||||
{{/* calculatedFSGroup is passed from the pod */}}
|
||||
{{- $PGID := $objectData.calculatedFSGroup -}}
|
||||
|
||||
{{- $fixed = mustAppend $fixed (dict "k" "TZ" "v" $TZ) -}}
|
||||
{{- $fixed = mustAppend $fixed (dict "k" "UMASK" "v" $UMASK) -}}
|
||||
{{- $fixed = mustAppend $fixed (dict "k" "UMASK_SET" "v" $UMASK) -}}
|
||||
{{/* TODO: Offer gpu section in resources for native helm and adjust this include, then we can remove the "if inside ixChartContext" */}}
|
||||
{{- if eq (include "tc.v1.common.lib.container.resources.gpu" (dict "rootCtx" $rootCtx "objectData" $objectData "returnBool" true)) "true" -}}
|
||||
{{- $fixed = mustAppend $fixed (dict "k" "NVIDIA_DRIVER_CAPABILITIES" "v" (join "," $nvidiaCaps)) -}}
|
||||
{{- else -}} {{/* Only when in SCALE */}}
|
||||
{{- if hasKey $rootCtx.Values.global "ixChartContext" -}}
|
||||
{{- $fixed = mustAppend $fixed (dict "k" "NVIDIA_VISIBLE_DEVICES" "v" "void") -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{/* If running as root and PUID is set (0 or greater), set related envs */}}
|
||||
{{- if and (or (eq (int $secContext.runAsUser) 0) (eq (int $secContext.runAsGroup) 0)) (ge (int $PUID) 0) -}}
|
||||
{{- $fixed = mustAppend $fixed (dict "k" "PUID" "v" $PUID) -}}
|
||||
{{- $fixed = mustAppend $fixed (dict "k" "USER_ID" "v" $PUID) -}}
|
||||
{{- $fixed = mustAppend $fixed (dict "k" "UID" "v" $PUID) -}}
|
||||
{{- $fixed = mustAppend $fixed (dict "k" "PGID" "v" $PGID) -}}
|
||||
{{- $fixed = mustAppend $fixed (dict "k" "GROUP_ID" "v" $PGID) -}}
|
||||
{{- $fixed = mustAppend $fixed (dict "k" "GID" "v" $PGID) -}}
|
||||
{{- end -}}
|
||||
{{/* If rootFS is readOnly OR does not as root, let s6 containers to know that fs is readonly */}}
|
||||
{{- if or $secContext.readOnlyRootFilesystem $secContext.runAsNonRoot -}}
|
||||
{{- $fixed = mustAppend $fixed (dict "k" "S6_READ_ONLY_ROOT" "v" "1") -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range $env := $fixed -}}
|
||||
{{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "fixedEnv" "key" $env.k) }}
|
||||
- name: {{ $env.k | quote }}
|
||||
value: {{ (include "tc.v1.common.helper.makeIntOrNoop" $env.v) | quote }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,42 @@
|
||||
{{/* Returns the image dictionary */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.lib.container.imageSelector" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The object data to be used to render the container.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.lib.container.imageSelector" -}}
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
|
||||
{{- $imageObj := dict -}}
|
||||
|
||||
{{- $selector := "image" -}}
|
||||
{{- with $objectData.imageSelector -}}
|
||||
{{- $selector = tpl . $rootCtx -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if hasKey $rootCtx.Values $selector -}}
|
||||
{{- $imageObj = get $rootCtx.Values $selector -}}
|
||||
{{- else -}}
|
||||
{{- fail (printf "Container - Expected <.Values.%s> to exist" $selector) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not $imageObj.repository -}}
|
||||
{{- fail (printf "Container - Expected non-empty <.Values.%s.repository>" $selector) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not $imageObj.tag -}}
|
||||
{{- fail (printf "Container - Expected non-empty <.Values.%s.tag>" $selector) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not $imageObj.pullPolicy -}}
|
||||
{{- $_ := set $imageObj "pullPolicy" "IfNotPresent" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $policies := (list "IfNotPresent" "Always" "Never") -}}
|
||||
{{- if not (mustHas $imageObj.pullPolicy $policies) -}}
|
||||
{{- fail (printf "Container - Expected <.Values.%s.pullPolicy> to be one of [%s], but got [%s]" $selector (join ", " $policies) $imageObj.pullPolicy) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $imageObj | toJson -}}
|
||||
{{- end -}}
|
@ -0,0 +1,37 @@
|
||||
{{/* Returns lifecycle */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.lib.container.lifecycle" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The object data to be used to render the container.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.lib.container.lifecycle" -}}
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
|
||||
{{- $hooks := (list "preStop" "postStart") -}}
|
||||
{{- $types := (list "exec" "http" "https") -}}
|
||||
{{- with $objectData.lifecycle -}}
|
||||
{{- range $hook, $hookValues := . -}}
|
||||
{{- if not (mustHas $hook $hooks) -}}
|
||||
{{- fail (printf "Container - Expected <lifecycle> <hook> to be one of [%s], but got [%s]" (join ", " $hooks) $hook) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not $hookValues.type -}}
|
||||
{{- fail "Container - Expected non-empty <lifecycle> <type>" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not (mustHas $hookValues.type $types) -}}
|
||||
{{- fail (printf "Container - Expected <lifecycle> <type> to be one of [%s], but got [%s]" (join ", " $types) $hookValues.type) -}}
|
||||
{{- end }}
|
||||
{{ $hook }}:
|
||||
{{- if eq $hookValues.type "exec" -}}
|
||||
{{- include "tc.v1.common.lib.container.actions.exec" (dict "rootCtx" $rootCtx "objectData" $hookValues "caller" "lifecycle") | trim | nindent 2 -}}
|
||||
{{- else if mustHas $hookValues.type (list "http" "https") -}}
|
||||
{{- include "tc.v1.common.lib.container.actions.httpGet" (dict "rootCtx" $rootCtx "objectData" $hookValues "caller" "lifecycle") | trim | nindent 2 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{- end -}}
|
@ -0,0 +1,87 @@
|
||||
{{/* Returns ports list */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.lib.container.ports" (dict "rootCtx" $ "objectData" $objectData) }}
|
||||
rootCtx: The root context of the chart.
|
||||
objectData: The object data to be used to render the container.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.lib.container.ports" -}}
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
|
||||
{{- range $serviceName, $serviceValues := $rootCtx.Values.service -}}
|
||||
{{- $podSelected := false -}}
|
||||
{{/* If service is enabled... */}}
|
||||
{{- if $serviceValues.enabled -}}
|
||||
|
||||
{{/* If there is a selector */}}
|
||||
{{- if $serviceValues.targetSelector -}}
|
||||
|
||||
{{/* And pod is selected */}}
|
||||
{{- if eq $serviceValues.targetSelector $objectData.podShortName -}}
|
||||
{{- $podSelected = true -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- else -}}
|
||||
{{/* If no selector is defined but pod is primary */}}
|
||||
{{- if $objectData.podPrimary -}}
|
||||
{{- $podSelected = true -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $podSelected -}}
|
||||
{{- range $portName, $portValues := $serviceValues.ports -}}
|
||||
{{- $containerSelected := false -}}
|
||||
|
||||
{{/* If service is enabled... */}}
|
||||
{{- if $portValues.enabled -}}
|
||||
{{/* If there is a selector */}}
|
||||
{{- if $portValues.targetSelector -}}
|
||||
|
||||
{{/* And container is selected */}}
|
||||
{{- if eq $portValues.targetSelector $objectData.shortName -}}
|
||||
{{- $containerSelected = true -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- else -}}
|
||||
{{/* If no selector is defined but container is primary */}}
|
||||
{{- if $objectData.primary -}}
|
||||
{{- $containerSelected = true -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* If the container is selected render port */}}
|
||||
{{- if $containerSelected -}}
|
||||
{{- $containerPort := $portValues.targetPort | default $portValues.port -}}
|
||||
{{- if kindIs "string" $containerPort -}}
|
||||
{{- $containerPort = (tpl $containerPort $rootCtx) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $tcpProtocols := (list "tcp" "http" "https") -}}
|
||||
{{- $protocol := tpl ($portValues.protocol | default $rootCtx.Values.fallbackDefaults.serviceProtocol) $rootCtx -}}
|
||||
{{- if mustHas $protocol $tcpProtocols -}}
|
||||
{{- $protocol = "tcp" -}}
|
||||
{{- end }}
|
||||
- name: {{ $portName }}
|
||||
containerPort: {{ $containerPort }}
|
||||
protocol: {{ $protocol | upper }}
|
||||
{{- with $portValues.hostPort }}
|
||||
hostPort: {{ . }}
|
||||
{{- else }}
|
||||
hostPort: null
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
{{/* Turning hostNetwork on, it creates hostPort automatically and turning it back off does not remove them. Setting hostPort explicitly to null will remove them.
|
||||
There are still cases that hostPort is not removed, for example, if you have a TCP and UDP port with the same number. Only the TCPs hostPort will be removed.
|
||||
Also note that setting hostPort to null always, it will NOT affect hostNetwork, as it will still create the hostPorts.
|
||||
It only helps to remove them when hostNetwork is turned off.
|
||||
*/}}
|
@ -0,0 +1,40 @@
|
||||
{{/* Containers Basic Validation */}}
|
||||
{{/* Call this template:
|
||||
{{ include "tc.v1.common.lib.container.primaryValidation" (dict "rootCtx" $rootCtx "objectData" $objectData) -}}
|
||||
*/}}
|
||||
{{- define "tc.v1.common.lib.container.primaryValidation" -}}
|
||||
{{- $objectData := .objectData -}}
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
|
||||
{{/* Initialize values */}}
|
||||
{{- $hasPrimary := false -}}
|
||||
{{- $hasEnabled := false -}}
|
||||
|
||||
{{/* Go over the contaienrs */}}
|
||||
{{- range $name, $container := $objectData.podSpec.containers -}}
|
||||
|
||||
{{/* If container is enabled */}}
|
||||
{{- if $container.enabled -}}
|
||||
{{- $hasEnabled = true -}}
|
||||
|
||||
{{/* And container is primary */}}
|
||||
{{- if and (hasKey $container "primary") ($container.primary) -}}
|
||||
|
||||
{{/* Fail if there is already a primary container */}}
|
||||
{{- if $hasPrimary -}}
|
||||
{{- fail "Container - Only one container can be primary per workload" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $hasPrimary = true -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{/* Require at least one primary container, if any enabled */}}
|
||||
{{- if and $hasEnabled (not $hasPrimary) -}}
|
||||
{{- fail "Container - At least one enabled container must be primary per workload" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user