{{/* Returns Fixed Env */}} {{/* Call this template: {{ include "tc.v1.common.lib.container.fixedEnv" (dict "rootCtx" $ "objectData" $objectData) }} rootCtx: The root context of the chart. objectData: The object data to be used to render the container. */}} {{- define "tc.v1.common.lib.container.fixedEnv" -}} {{- $rootCtx := .rootCtx -}} {{- $objectData := .objectData -}} {{/* Avoid nil pointers */}} {{- if not (hasKey $objectData "fixedEnv") -}} {{- $_ := set $objectData "fixedEnv" dict -}} {{- end -}} {{- $nvidiaCaps := $rootCtx.Values.containerOptions.NVIDIA_CAPS -}} {{- if $objectData.fixedEnv.NVIDIA_CAPS -}} {{- $nvidiaCaps = $objectData.fixedEnv.NVIDIA_CAPS -}} {{- end -}} {{- if not (deepEqual $nvidiaCaps (mustUniq $nvidiaCaps)) -}} {{- fail (printf "Container - Expected to have only unique values, but got [%s]" (join ", " $nvidiaCaps)) -}} {{- end -}} {{- $caps := (list "all" "compute" "utility" "graphics" "video") -}} {{- range $cap := $nvidiaCaps -}} {{- if not (mustHas $cap $caps) -}} {{- fail (printf "Container - Expected entry to be one of [%s], but got [%s]" (join ", " $caps) $cap) -}} {{- end -}} {{- end -}} {{- $secContext := fromJson (include "tc.v1.common.lib.container.securityContext.calculate" (dict "rootCtx" $rootCtx "objectData" $objectData)) -}} {{- $fixed := list -}} {{- $TZ := $objectData.fixedEnv.TZ | default $rootCtx.Values.TZ -}} {{- $UMASK := $objectData.fixedEnv.UMASK | default $rootCtx.Values.securityContext.container.UMASK -}} {{- $PUID := $objectData.fixedEnv.PUID | default $rootCtx.Values.securityContext.container.PUID -}} {{- if and (not (kindIs "invalid" $objectData.fixedEnv.PUID)) (eq (int $objectData.fixedEnv.PUID) 0) -}} {{- $PUID = $objectData.fixedEnv.PUID -}} {{- end -}} {{/* calculatedFSGroup is passed from the pod */}} {{- $PGID := $objectData.calculatedFSGroup -}} {{- $fixed = mustAppend $fixed (dict "k" "TZ" "v" $TZ) -}} {{- $fixed = mustAppend $fixed (dict "k" "UMASK" "v" $UMASK) -}} {{- $fixed = mustAppend $fixed (dict "k" "UMASK_SET" "v" $UMASK) -}} {{/* TODO: Offer gpu section in resources for native helm and adjust this include, then we can remove the "if inside ixChartContext" */}} {{- if eq (include "tc.v1.common.lib.container.resources.gpu" (dict "rootCtx" $rootCtx "objectData" $objectData "returnBool" true)) "true" -}} {{- $fixed = mustAppend $fixed (dict "k" "NVIDIA_DRIVER_CAPABILITIES" "v" (join "," $nvidiaCaps)) -}} {{- else -}} {{/* Only when in SCALE */}} {{- if hasKey $rootCtx.Values.global "ixChartContext" -}} {{- $fixed = mustAppend $fixed (dict "k" "NVIDIA_VISIBLE_DEVICES" "v" "void") -}} {{- end -}} {{- end -}} {{/* If running as root and PUID is set (0 or greater), set related envs */}} {{- if and (or (eq (int $secContext.runAsUser) 0) (eq (int $secContext.runAsGroup) 0)) (ge (int $PUID) 0) -}} {{- $fixed = mustAppend $fixed (dict "k" "PUID" "v" $PUID) -}} {{- $fixed = mustAppend $fixed (dict "k" "USER_ID" "v" $PUID) -}} {{- $fixed = mustAppend $fixed (dict "k" "UID" "v" $PUID) -}} {{- $fixed = mustAppend $fixed (dict "k" "PGID" "v" $PGID) -}} {{- $fixed = mustAppend $fixed (dict "k" "GROUP_ID" "v" $PGID) -}} {{- $fixed = mustAppend $fixed (dict "k" "GID" "v" $PGID) -}} {{- end -}} {{/* If rootFS is readOnly OR does not as root, let s6 containers to know that fs is readonly */}} {{- if or $secContext.readOnlyRootFilesystem $secContext.runAsNonRoot -}} {{- $fixed = mustAppend $fixed (dict "k" "S6_READ_ONLY_ROOT" "v" "1") -}} {{- end -}} {{- range $env := $fixed -}} {{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "fixedEnv" "key" $env.k) }} - name: {{ $env.k | quote }} value: {{ (include "tc.v1.common.helper.makeIntOrNoop" $env.v) | quote }} {{- end -}} {{- end -}}