Add Initial BETA Test release of the Common Chart and testing environment

Co-authored-by: Troy Prelog <tprelog@users.noreply.github.com>
Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl>
This commit is contained in:
kjeld Schouten-Lebbing 2021-02-05 21:17:06 +01:00
parent 9b0999f63d
commit 50d1f93e12
No known key found for this signature in database
GPG Key ID: 4CDAD4A532BC1EDB
53 changed files with 2728 additions and 0 deletions

View File

@ -38,6 +38,53 @@ class Test < ChartTest
end
end
describe 'Environment settings' do
it 'Check no environment variables' do
values = {}
chart.value values
assert_nil(resource('Deployment')['spec']['template']['spec']['containers'][0]['env'])
end
it 'set "static" environment variables' do
values = {
env: {
STATIC_ENV: 'value_of_env'
}
}
chart.value values
jq('.spec.template.spec.containers[0].env[0].name', resource('Deployment')).must_equal values[:env].keys[0].to_s
jq('.spec.template.spec.containers[0].env[0].value', resource('Deployment')).must_equal values[:env].values[0].to_s
end
it 'set "static" and "Dynamic/Tpl" environment variables' do
values = {
env: {
STATIC_ENV: 'value_of_env'
},
envTpl: {
DYN_ENV: "{{ .Release.Name }}-admin"
}
}
chart.value values
jq('.spec.template.spec.containers[0].env[0].name', resource('Deployment')).must_equal values[:env].keys[0].to_s
jq('.spec.template.spec.containers[0].env[0].value', resource('Deployment')).must_equal values[:env].values[0].to_s
jq('.spec.template.spec.containers[0].env[1].name', resource('Deployment')).must_equal values[:envTpl].keys[0].to_s
jq('.spec.template.spec.containers[0].env[1].value', resource('Deployment')).must_equal 'common-test-admin'
end
it 'set "Dynamic/Tpl" environment variables' do
values = {
envTpl: {
DYN_ENV: "{{ .Release.Name }}-admin"
}
}
chart.value values
jq('.spec.template.spec.containers[0].env[0].name', resource('Deployment')).must_equal values[:envTpl].keys[0].to_s
jq('.spec.template.spec.containers[0].env[0].value', resource('Deployment')).must_equal 'common-test-admin'
end
end
describe 'ports settings' do
default_name = 'http'
default_port = 8080
@ -97,5 +144,33 @@ class Test < ChartTest
assert_match("Our charts do not support named ports for targetPort. (port name #{default_name}, targetPort #{values[:service][:port][:targetPort]})", exception.message)
end
end
describe 'statefulset volumeClaimTemplates' do
it 'volumeClaimTemplates should be empty by default' do
chart.value controllerType: 'statefulset'
assert_nil(resource('StatefulSet')['spec']['volumeClaimTemplates'])
end
it 'can set values for volumeClaimTemplates' do
values = {
controllerType: 'statefulset',
volumeClaimTemplates: [
{
name: 'storage',
accessMode: 'ReadWriteOnce',
size: '10Gi',
storageClass: 'storage'
}
]
}
chart.value values
jq('.spec.volumeClaimTemplates[0].metadata.name', resource('StatefulSet')).must_equal values[:volumeClaimTemplates][0][:name]
jq('.spec.volumeClaimTemplates[0].spec.accessModes[0]', resource('StatefulSet')).must_equal values[:volumeClaimTemplates][0][:accessMode]
jq('.spec.volumeClaimTemplates[0].spec.resources.requests.storage', resource('StatefulSet')).must_equal values[:volumeClaimTemplates][0][:size]
jq('.spec.volumeClaimTemplates[0].spec.storageClassName', resource('StatefulSet')).must_equal values[:volumeClaimTemplates][0][:storageClass]
end
end
end
end

View File

@ -0,0 +1,14 @@
apiVersion: v2
name: common-test
description: Helper chart to test different use cases of the common library
version: 1.1.0
keywords:
- truecharts
- common
home: https://github.com/truecharts/truecharts/tree/master/charts/common-test
maintainers:
- name: truecharts
dependencies:
- name: common
repository: file://../common
version: n/a

View File

@ -0,0 +1,34 @@
image:
repository: b4bz/homer
tag: latest
pullPolicy: IfNotPresent
service:
port:
port: 8080
ingress:
enabled: true
appIngressEnabled: true
appIngress:
main:
enabled: true
appVolumesEnabled: false
appVolumeMounts:
data:
enabled: true
emptyDir: true
datasetName: "data"
mountPath: "/data"
hostPathEnabled: false
hostPath: ""
probes:
liveness:
enabled: true
readiness:
enabled: true
startup:
enabled: true

View File

@ -0,0 +1,42 @@
image:
repository: b4bz/homer
tag: latest
pullPolicy: IfNotPresent
service:
port:
port: 8080
ingress:
enabled: true
appIngressEnabled: true
appIngress:
main:
enabled: true
persistence:
config:
enabled: true
emptyDir: true
mountPath: /www/assets
appVolumesEnabled: false
appVolumeMounts:
data:
enabled: true
emptyDir: true
datasetName: "data"
mountPath: "/data"
hostPathEnabled: false
hostPath: ""
addons:
codeserver:
enabled: true
workingDir: "/www/assets"
ingress:
enabled: true
volumeMounts:
- name: config
mountPath: /www/assets

View File

@ -0,0 +1 @@
{{ include "common.all" . }}

View File

@ -0,0 +1,40 @@
image:
repository: b4bz/homer
tag: latest
pullPolicy: IfNotPresent
service:
port:
port: 8080
ingress:
enabled: true
appIngressEnabled: true
appIngress:
main:
enabled: true
mainhttp:
enabled: true
entrypoint: "web"
certType: ""
existingcert: ""
authForwardURL: ""
annotations: {}
labels: {}
hosts:
- host: app.truecharts.placeholder
paths:
- path: /
# Ignored if not kubeVersion >= 1.14-0
pathType: Prefix
appVolumesEnabled: true
appVolumeMounts:
data:
enabled: true
emptyDir: true
datasetName: "data"
mountPath: "/data"
hostPathEnabled: false
hostPath: ""

View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View File

@ -0,0 +1,91 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [2.3.0]
### Added
- Allow overriding the main container command.
- Allow setting Helm templates as environment variables via `envTpl`. The given value is parsed through Helm's `tpl` function, allowing for powerful variable substitution.
- Support for defining volumeClaimTemplates for StatefulSet.
- Allow the following Pod spec fields to be configurable:
- `priorityClassName`
- `schedulerName`
- `hostname`
### Fixed
- `values.yaml` now contains the following sections, these were already functional but were previously undocumented:
- `podSecurityContext`
- `securityContext`
- `resources`
## [2.2.1]
### Fixed
- Made explicit that `service.port.targetPort` cannot be a named port.
## [2.2.0]
### Added
- Allow serviceLinks to be enabled/disabled.
- Support for ingressClassName on apiVersion `networking.k8s.io/v1` by setting `ingress.ingressClassName`.
- Added some initial proper unit tests for the `common` chart.
### Changed
- `service.port.targetPort` is now used in the container spec instead of `service.port.port` if specified. This allows for different service and container ports. (Implements [#465](https://github.com/k8s-at-home/charts/issues/465)).
### Fixed
- Document setting environment variables for code-server add-on in `values.yaml` (Fixes [#436](https://github.com/k8s-at-home/charts/issues/436)).
- Set service targetPort to the service port name first if no `targetPort` value is given.
## [2.1.0]
### Added
- Allow for additional arguments to be added to code-server runtime via `addons.codeserver.args`
## [2.0.4]
### Fixed
- `periodSeconds` now works for all probe types.
## [2.0.0]
### Changed
- :warning: Updated `probes` logic to support custom probes, it is now possible to set your own custom probes by setting the `probes.[liveness|readiness|startup].custom` value to `true` and configuring them. Default is `false`.
- :warning: `addon.vpn.imagePullPolicy` is now `addon.vpn.[openvpn|wireguard].image.pullPolicy`. Default is `IfNotPresent`
- [code-server](https://github.com/cdr/code-server) is now an `addon` like `vpn`. This enables a code-server container inside the pod which allows you to modify a configuration in a volume attached to the pod. Default for `addons.codeserver.enabled` is `false`
- Added `envFrom` for more configuration with environment variables
- Added `dnsConfig` to be configurable
- Added support for 1.19+ ingress spec
- Added this [CHANGELOG.md](CHANGELOG.md)
### Fixed
- `nameOverride` and `fullNameOverride` not in `values.yaml`
## [1.7.0]
This is the last version before starting this changelog. All sorts of cool stuff was changed, but only `git log` remembers what that was :slightly_frowning_face:
[2.2.1]: https://github.com/k8s-at-home/charts/tree/common-2.2.1/charts/common
[2.2.0]: https://github.com/k8s-at-home/charts/tree/common-2.2.0/charts/common
[2.1.0]: https://github.com/k8s-at-home/charts/tree/common-2.1.0/charts/common
[2.0.4]: https://github.com/k8s-at-home/charts/tree/common-2.0.4/charts/common
[2.0.0]: https://github.com/k8s-at-home/charts/tree/common-2.0.0/charts/common
[1.7.0]: https://github.com/k8s-at-home/charts/tree/common-1.7.0/charts/common

14
library/common/Chart.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v2
name: common
description: Function library for TrueCharts
type: library
version: 0.10.1
# upstream_version: 2.3.0
keywords:
- truecharts
- library-chart
- k8s-at-home
- common
home: https://github.com/truecharts/truecharts/tree/master/common
maintainers:
- name: truecharts

201
library/common/LICENSE Normal file
View File

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2020 k8s@Home
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

99
library/common/README.md Normal file
View File

@ -0,0 +1,99 @@
# Library chart for k8s@home media charts
**WARNING: THIS CHART IS NOT MEANT TO BE INSTALLED DIRECTLY**
This is a [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm). It's purpose is for grouping common logic between the k8s@home charts.
Since a lot of charts follow the same pattern this library was built to reduce maintenance cost between the charts that use it and try achieve a goal of being DRY.
## Introduction
This chart provides common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
## :star2: Changelog
Please refer to [CHANGELOG.md](CHANGELOG.md) for an overview of notable changes to the chart. **This is especially important for major version updates!**
## TL;DR
When using one of the many charts that uses this library be sure to view this [values.yaml](./values.yaml) for configuration options. Any setting here can be used to define what values your helm deployment will use.
For example using the helm CLI tool
```bash
helm install node-red \
--set image.repository="nodered/node-red" \
--set image.tag="1.2.5" \
--set env.TZ="America/New_York" \
k8s-at-home/node-red
```
or
```yaml
# node-red-values.yaml
image:
repository: nodered/node-red
tag: 1.2.5
env:
TZ: America/New_York
```
```bash
helm install node-red \
--values=./node-red-values.yaml \
k8s-at-home/node-red
```
## Creating a new chart
First be sure to checkout the many charts that already use this like [qBittorrent](../qbittorrent/), [node-red](../node-red/) or the many others in this repository.
Include this chart as a dependency in your `Chart.yaml` e.g.
```yaml
# Chart.yaml
dependencies:
- name: common
version: x.x.x
repository: https://k8s-at-home.com/charts/
```
Write a `values.yaml` with some basic defaults you want to present to the user e.g.
```yaml
# Default values for node-red.
image:
repository: nodered/node-red
pullPolicy: IfNotPresent
tag: 1.2.5
strategy:
type: Recreate
# See more environment varaibles in the node-red documentation
# https://nodered.org/docs/getting-started/docker
env: {}
# TZ:
# NODE_OPTIONS:
# NODE_RED_ENABLE_PROJECTS:
# NODE_RED_ENABLE_SAFE_MODE:
# FLOWS:
service:
port:
port: 1880
persistence:
data:
enabled: false
emptyDir: false
mountPath: /data
```
If testing locally make sure you update the dependencies with:
```bash
helm dependency update
```

View File

@ -0,0 +1,27 @@
{{/*
Renders the Ingress objects required by the chart by returning a concatinated list
of the main Ingress and any additionalIngresses.
*/}}
{{- define "common.ingress" -}}
{{- if .Values.ingress.enabled -}}
{{- $svcPort := .Values.service.port.port -}}
{{- /* Generate primary ingress */ -}}
{{- $ingressValues := .Values.ingress -}}
{{- $_ := set . "ObjectValues" (dict "ingress" $ingressValues) -}}
{{- include "common.classes.ingress" . }}
{{- /* Generate additional ingresses as required */ -}}
{{- range $index, $extraIngress := .Values.ingress.additionalIngresses }}
{{- if $extraIngress.enabled -}}
{{- print ("---") | nindent 0 -}}
{{- $ingressValues := $extraIngress -}}
{{- if not $ingressValues.nameSuffix -}}
{{- $_ := set $ingressValues "nameSuffix" $index -}}
{{ end -}}
{{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}}
{{- include "common.classes.ingress" $ -}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,39 @@
{{/*
Main entrypoint for the common library chart. It will render all underlying templates based on the provided values.
*/}}
{{- define "common.all" -}}
{{- /* Merge the local chart values and the common chart defaults */ -}}
{{- include "common.values.setup" . }}
{{- /* Enable code-server add-on if required */ -}}
{{- if .Values.addons.codeserver.enabled }}
{{- include "common.addon.codeserver" . }}
{{- end -}}
{{- /* Enable VPN add-on if required */ -}}
{{- if .Values.addons.vpn.enabled }}
{{- include "common.addon.vpn" . }}
{{- end -}}
{{- /* Build the templates */ -}}
{{- include "common.pvc" . }}
{{- print "---" | nindent 0 -}}
{{- if .Values.serviceAccount.create -}}
{{- include "common.serviceAccount" . }}
{{- print "---" | nindent 0 -}}
{{- end -}}
{{- if eq .Values.controllerType "deployment" }}
{{- include "common.deployment" . | nindent 0 }}
{{ else if eq .Values.controllerType "daemonset" }}
{{- include "common.daemonset" . | nindent 0 }}
{{ else if eq .Values.controllerType "statefulset" }}
{{- include "common.statefulset" . | nindent 0 }}
{{- end -}}
{{- print "---" | nindent 0 -}}
{{ include "common.service" . | nindent 0 }}
{{ include "custom.appService" . | nindent 0 }}
{{- print "---" | nindent 0 -}}
{{ include "common.ingress" . | nindent 0 }}
{{- print "---" | nindent 0 -}}
{{ include "custom.appIngress" . | nindent 0 }}
{{- end -}}

View File

@ -0,0 +1,33 @@
{{/*
This template serves as the blueprint for the DaemonSet objects that are created
within the common library.
*/}}
{{- define "common.daemonset" -}}
apiVersion: {{ include "common.capabilities.daemonset.apiVersion" . }}
kind: DaemonSet
metadata:
name: {{ include "common.names.fullname" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.controllerLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controllerAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "common.labels.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "common.labels.selectorLabels" . | nindent 8 }}
spec:
{{- include "common.controller.pod" . | nindent 6 }}
{{- end }}

View File

@ -0,0 +1,38 @@
{{/*
This template serves as the blueprint for the Deployment objects that are created
within the common library.
*/}}
{{- define "common.deployment" -}}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "common.names.fullname" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.controllerLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controllerAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicas }}
{{- with .Values.strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}
selector:
matchLabels:
{{- include "common.labels.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "common.labels.selectorLabels" . | nindent 8 }}
spec:
{{- include "common.controller.pod" . | nindent 6 }}
{{- end }}

View File

@ -0,0 +1,27 @@
{{/*
Renders the Ingress objects required by the chart by returning a concatinated list
of the main Ingress and any additionalIngresses.
*/}}
{{- define "common.ingress" -}}
{{- if .Values.ingress.enabled -}}
{{- $svcPort := .Values.service.port.port -}}
{{- /* Generate primary ingress */ -}}
{{- $ingressValues := .Values.ingress -}}
{{- $_ := set . "ObjectValues" (dict "ingress" $ingressValues) -}}
{{- include "common.classes.ingress" . }}
{{- /* Generate additional ingresses as required */ -}}
{{- range $index, $extraIngress := .Values.ingress.additionalIngresses }}
{{- if $extraIngress.enabled -}}
{{- print ("---") | nindent 0 -}}
{{- $ingressValues := $extraIngress -}}
{{- if not $ingressValues.nameSuffix -}}
{{- $_ := set $ingressValues "nameSuffix" $index -}}
{{ end -}}
{{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}}
{{- include "common.classes.ingress" $ -}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,25 @@
{{/*
Default NOTES.txt content.
*/}}
{{- define "common.notes.defaultNotes" -}}
{{- $svcPort := .Values.service.port.port -}}
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .host }}{{ (first .paths).path }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ include "common.names.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ $svcPort }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:{{ $svcPort }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,18 @@
{{/*
Renders the PersistentVolumeClaim objects required by the chart by returning a concatinated list
of all the entries of the persistence key.
*/}}
{{- define "common.pvc" -}}
{{- /* Generate pvc as required */ -}}
{{- range $index, $PVC := .Values.persistence }}
{{- if and $PVC.enabled (not (or $PVC.emptyDir $PVC.existingClaim)) -}}
{{- $persistenceValues := $PVC -}}
{{- if not $persistenceValues.nameSuffix -}}
{{- $_ := set $persistenceValues "nameSuffix" $index -}}
{{- end -}}
{{- $_ := set $ "ObjectValues" (dict "persistence" $persistenceValues) -}}
{{- print ("---") | nindent 0 -}}
{{- include "common.classes.pvc" $ -}}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,22 @@
{{/*
Renders the Service objects required by the chart by returning a concatinated list
of the main Service and any additionalServices.
*/}}
{{- define "common.service" -}}
{{- if .Values.service.enabled -}}
{{- /* Generate primary service */ -}}
{{- include "common.classes.service" . }}
{{- /* Generate additional services as required */ -}}
{{- range $index, $extraService := .Values.service.additionalServices }}
{{- if $extraService.enabled -}}
{{- print ("---") | nindent 0 -}}
{{- $serviceValues := $extraService -}}
{{- if not $serviceValues.nameSuffix -}}
{{- $_ := set $serviceValues "nameSuffix" $index -}}
{{ end -}}
{{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}}
{{- include "common.classes.service" $ -}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,15 @@
{{/*
The ServiceAccount object to be created.
*/}}
{{- define "common.serviceAccount" -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "common.names.serviceAccountName" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,53 @@
{{/*
This template serves as the blueprint for the StatefulSet objects that are created
within the common library.
*/}}
{{- define "common.statefulset" -}}
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "common.names.fullname" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.controllerLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controllerAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicas }}
{{- with .Values.strategy }}
updateStrategy:
{{- toYaml . | nindent 4 }}
{{- end }}
selector:
matchLabels:
{{- include "common.labels.selectorLabels" . | nindent 6 }}
serviceName: {{ include "common.names.fullname" . }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "common.labels.selectorLabels" . | nindent 8 }}
spec:
{{- include "common.controller.pod" . | nindent 6 }}
volumeClaimTemplates:
{{- range $index, $vct := .Values.volumeClaimTemplates }}
- metadata:
name: {{ $vct.name }}
spec:
accessModes:
- {{ required (printf "accessMode is required for vCT %v" $vct.name) $vct.accessMode | quote }}
resources:
requests:
storage: {{ required (printf "size is required for PVC %v" $vct.name) $vct.size | quote }}
{{- if $vct.storageClass }}
storageClassName: {{ if (eq "-" $vct.storageClass) }}""{{- else }}{{ $vct.storageClass | quote }}{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,44 @@
{{/*
Template to render code-server addon
It will include / inject the required templates based on the given values.
*/}}
{{- define "common.addon.codeserver" -}}
{{- if .Values.addons.codeserver.enabled -}}
{{/* Append the code-server container to the additionalContainers */}}
{{- $container := include "common.addon.codeserver.container" . | fromYaml -}}
{{- if $container -}}
{{- $additionalContainers := append .Values.additionalContainers $container -}}
{{- $_ := set .Values "additionalContainers" $additionalContainers -}}
{{- end -}}
{{/* Add the code-server service */}}
{{- if .Values.addons.codeserver.service.enabled -}}
{{- print ("---") | nindent 0 -}}
{{- $serviceValues := .Values.addons.codeserver.service -}}
{{- if not $serviceValues.nameSuffix -}}
{{- $_ := set $serviceValues "nameSuffix" "codeserver" -}}
{{ end -}}
{{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}}
{{- include "common.classes.service" $ -}}
{{- $_ := unset $ "ObjectValues" -}}
{{- end -}}
{{/* Add the code-server ingress */}}
{{- if .Values.addons.codeserver.ingress.enabled -}}
{{- print ("---") | nindent 0 -}}
{{- $ingressValues := .Values.addons.codeserver.ingress -}}
{{- if not $ingressValues.nameSuffix -}}
{{- $_ := set $ingressValues "nameSuffix" "codeserver" -}}
{{ end -}}
{{/* Determine the target service name & port */}}
{{- $svcName := printf "%v-%v" (include "common.names.fullname" .) .Values.addons.codeserver.service.nameSuffix -}}
{{- $_ := set $ingressValues "serviceName" $svcName -}}
{{- $_ := set $ingressValues "servicePort" .Values.addons.codeserver.service.port.port -}}
{{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}}
{{- include "common.classes.ingress" $ -}}
{{- $_ := unset $ "ObjectValues" -}}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,41 @@
{{/*
The code-server sidecar container to be inserted.
*/}}
{{- define "common.addon.codeserver.container" -}}
{{- if lt (len .Values.addons.codeserver.volumeMounts) 1 }}
{{- fail "At least 1 volumeMount is required for codeserver container" }}
{{- end -}}
name: codeserver
image: "{{ .Values.addons.codeserver.image.repository }}:{{ .Values.addons.codeserver.image.tag }}"
imagePullPolicy: {{ .Values.addons.codeserver.pullPolicy }}
{{- with .Values.addons.codeserver.securityContext }}
securityContext:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.addons.codeserver.env }}
env:
{{- range $k, $v := . }}
- name: {{ $k }}
value: {{ $v | quote }}
{{- end }}
{{- end }}
ports:
- name: {{ .Values.addons.codeserver.service.port.name }}
containerPort: {{ .Values.addons.codeserver.service.port.port }}
protocol: TCP
args:
{{- range .Values.addons.codeserver.args }}
- {{ . | quote }}
{{- end }}
- "--port"
- "{{ .Values.addons.codeserver.service.port.port }}"
- {{ .Values.addons.codeserver.workingDir | default (first .Values.addons.codeserver.volumeMounts).mountPath }}
{{- with .Values.addons.codeserver.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.addons.codeserver.resources }}
resources:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,26 @@
{{/*
The VPN config and scripts to be included.
*/}}
{{- define "common.addon.vpn.configmap" -}}
{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}-vpn
labels:
{{- include "common.labels" . | nindent 4 }}
data:
{{- with .Values.addons.vpn.configFile }}
vpnConfigfile: |-
{{- . | nindent 4}}
{{- end }}
{{- with .Values.addons.vpn.scripts.up }}
up.sh: |-
{{- . | nindent 4}}
{{- end }}
{{- with .Values.addons.vpn.scripts.down }}
down.sh: |-
{{- . | nindent 4}}
{{- end }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,21 @@
{{/*
Blueprint for the NetworkPolicy object that can be included in the addon.
*/}}
{{- define "common.addon.vpn.networkpolicy" -}}
{{- if .Values.addons.vpn.networkPolicy.enabled -}}
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: {{ include "common.names.fullname" . }}
spec:
podSelector:
matchLabels:
{{- include "common.labels.selectorLabels" . | nindent 6 }}
policyTypes:
- Egress
egress:
{{- with .Values.addons.vpn.networkPolicy.egress }}
{{- . | toYaml | nindent 4 }}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,25 @@
{{/*
The volume (referencing VPN config and scripts) to be inserted into additionalVolumes.
*/}}
{{- define "common.addon.vpn.volume" -}}
{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
name: vpnconfig
configMap:
name: {{ include "common.names.fullname" . }}-vpn
items:
{{- if .Values.addons.vpn.configFile }}
- key: vpnConfigfile
path: vpnConfigfile
{{- end }}
{{- if .Values.addons.vpn.scripts.up }}
- key: up.sh
path: up.sh
mode: 0777
{{- end }}
{{- if .Values.addons.vpn.scripts.down }}
- key: down.sh
path: down.sh
mode: 0777
{{- end }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,36 @@
{{/*
Template to render VPN addon
It will include / inject the required templates based on the given values.
*/}}
{{- define "common.addon.vpn" -}}
{{- if .Values.addons.vpn.enabled -}}
{{- if eq "openvpn" .Values.addons.vpn.type -}}
{{- include "common.addon.openvpn" . }}
{{- end -}}
{{- if eq "wireguard" .Values.addons.vpn.type -}}
{{- include "common.addon.wireguard" . }}
{{- end -}}
{{/* Include the configmap if not empty */}}
{{- $configmap := include "common.addon.vpn.configmap" . -}}
{{- if $configmap -}}
{{- print "---" | nindent 0 -}}
{{- $configmap | nindent 0 -}}
{{- end -}}
{{/* Append the vpn config volume to the additionalVolumes */}}
{{- $volume := include "common.addon.vpn.volume" . | fromYaml -}}
{{- if $volume -}}
{{- $additionalVolumes := append .Values.additionalVolumes $volume }}
{{- $_ := set .Values "additionalVolumes" $additionalVolumes -}}
{{- end -}}
{{/* Include the networkpolicy if not empty */}}
{{- $networkpolicy := include "common.addon.vpn.networkpolicy" . -}}
{{- if $networkpolicy -}}
{{- print "---" | nindent 0 -}}
{{- $networkpolicy | nindent 0 -}}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,19 @@
{{/*
Template to render OpenVPN addon. It will add the container to the list of additionalContainers
and add a credentials secret if speciffied.
*/}}
{{- define "common.addon.openvpn" -}}
{{/* Append the openVPN container to the additionalContainers */}}
{{- $container := include "common.addon.openvpn.container" . | fromYaml -}}
{{- if $container -}}
{{- $additionalContainers := append .Values.additionalContainers $container -}}
{{- $_ := set .Values "additionalContainers" $additionalContainers -}}
{{- end -}}
{{/* Include the secret if not empty */}}
{{- $secret := include "common.addon.openvpn.secret" . -}}
{{- if $secret -}}
{{- print "---" | nindent 0 -}}
{{- $secret | nindent 0 -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,61 @@
{{/*
The OpenVPN sidecar container to be inserted.
*/}}
{{- define "common.addon.openvpn.container" -}}
name: openvpn
image: "{{ .Values.addons.vpn.openvpn.image.repository }}:{{ .Values.addons.vpn.openvpn.image.tag }}"
imagePullPolicy: {{ .Values.addons.vpn.openvpn.pullPolicy }}
{{- with .Values.addons.vpn.securityContext }}
securityContext:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.addons.vpn.env }}
env:
{{- range $k, $v := . }}
- name: {{ $k }}
value: {{ $v | quote }}
{{- end }}
{{- end }}
{{- if or .Values.addons.vpn.openvpn.auth .Values.addons.vpn.openvpn.authSecret }}
envFrom:
- secretRef:
{{- if .Values.addons.vpn.openvpn.authSecret }}
name: {{ .Values.addons.vpn.openvpn.authSecret }}
{{- else }}
name: {{ include "common.names.fullname" . }}-openvpn
{{- end }}
{{- end }}
{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }}
volumeMounts:
{{- if .Values.addons.vpn.configFile }}
- name: vpnconfig
mountPath: /vpn/vpn.conf
subPath: vpnConfigfile
{{- end }}
{{- if .Values.addons.vpn.scripts.up }}
- name: vpnconfig
mountPath: /vpn/up.sh
subPath: up.sh
{{- end }}
{{- if .Values.addons.vpn.scripts.down }}
- name: vpnconfig
mountPath: /vpn/down.sh
subPath: down.sh
{{- end }}
{{- if .Values.persistence.shared.enabled }}
- mountPath: {{ .Values.persistence.shared.mountPath }}
name: shared
{{- end }}
{{- with .Values.addons.vpn.additionalVolumeMounts }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- with .Values.addons.vpn.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 2 }}
{{- end -}}
{{- with .Values.addons.vpn.resources }}
resources:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,15 @@
{{/*
The OpenVPN credentials secrets to be included.
*/}}
{{- define "common.addon.openvpn.secret" -}}
{{- with .Values.addons.vpn.openvpn.auth -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" $ }}-openvpn
labels:
{{- include "common.labels" $ | nindent 4 }}
data:
VPN_AUTH: {{ . | b64enc }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,12 @@
{{/*
Template to render Wireguard addon. It will add the container to the list of additionalContainers.
*/}}
*/}}
{{- define "common.addon.wireguard" -}}
{{/* Append the Wireguard container to the additionalContainers */}}
{{- $container := fromYaml (include "common.addon.wireguard.container" .) -}}
{{- if $container -}}
{{- $additionalContainers := append .Values.additionalContainers $container -}}
{{- $_ := set .Values "additionalContainers" $additionalContainers -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,52 @@
{{/*
The Wireguard sidecar container to be inserted.
*/}}
{{- define "common.addon.wireguard.container" -}}
name: wireguard
image: "{{ .Values.addons.vpn.wireguard.image.repository }}:{{ .Values.addons.vpn.wireguard.image.tag }}"
imagePullPolicy: {{ .Values.addons.vpn.wireguard.pullPolicy }}
{{- with .Values.addons.vpn.securityContext }}
securityContext:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.addons.vpn.env }}
env:
{{- range $k, $v := . }}
- name: {{ $k }}
value: {{ $v | quote }}
{{- end }}
{{- end }}
{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }}
volumeMounts:
{{- if .Values.addons.vpn.configFile }}
- name: vpnconfig
mountPath: /etc/wireguard/wg0.conf
subPath: vpnConfigfile
{{- end }}
{{- if .Values.addons.vpn.scripts.up }}
- name: vpnconfig
mountPath: /config/up.sh
subPath: up.sh
{{- end }}
{{- if .Values.addons.vpn.scripts.down }}
- name: vpnconfig
mountPath: /config/down.sh
subPath: down.sh
{{- end }}
{{- if .Values.persistence.shared.enabled }}
- mountPath: {{ .Values.persistence.shared.mountPath }}
name: shared
{{- end }}
{{- with .Values.addons.vpn.additionalVolumeMounts }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- with .Values.addons.vpn.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 2 }}
{{- end -}}
{{- with .Values.addons.vpn.resources }}
resources:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,66 @@
{{/*
This template serves as a blueprint for all Ingress objects that are created
within the common library.
*/}}
{{- define "common.classes.ingress" -}}
{{- $ingressName := include "common.names.fullname" . -}}
{{- $values := .Values.ingress -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.ingress -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- if hasKey $values "nameSuffix" -}}
{{- $ingressName = printf "%v-%v" $ingressName $values.nameSuffix -}}
{{ end -}}
{{- $svcName := $values.serviceName | default (include "common.names.fullname" .) -}}
{{- $svcPort := $values.servicePort | default $.Values.service.port.port -}}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ $ingressName }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with $values.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }}
{{- if $values.ingressClassName }}
ingressClassName: {{ $values.ingressClassName }}
{{- end }}
{{- end }}
{{- if $values.tls }}
tls:
{{- range $values.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range $values.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $svcName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $svcName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,40 @@
{{/*
This template serves as a blueprint for all PersistentVolumeClaim objects that are created
within the common library.
*/}}
{{- define "common.classes.pvc" -}}
{{- $values := .Values.persistence -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.persistence -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- $pvcName := include "common.names.fullname" . -}}
{{- if hasKey $values "nameSuffix" -}}
{{- $pvcName = printf "%v-%v" $pvcName $values.nameSuffix -}}
{{ end -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ $pvcName }}
{{- if or $values.skipuninstall $values.annotations }}
annotations:
{{- if $values.skipuninstall }}
"helm.sh/resource-policy": keep
{{- end }}
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
accessModes:
- {{ required (printf "accessMode is required for PVC %v" $pvcName) $values.accessMode | quote }}
resources:
requests:
storage: {{ required (printf "size is required for PVC %v" $pvcName) $values.size | quote }}
{{- if $values.storageClass }}
storageClassName: {{ if (eq "-" $values.storageClass) }}""{{- else }}{{ $values.storageClass | quote }}{{- end }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,68 @@
{{/*
This template serves as a blueprint for all Service objects that are created
within the common library.
*/}}
{{- define "common.classes.service" -}}
{{- $values := .Values.service -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.service -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- $serviceName := include "common.names.fullname" . -}}
{{- if hasKey $values "nameSuffix" -}}
{{- $serviceName = printf "%v-%v" $serviceName $values.nameSuffix -}}
{{ end -}}
{{- $svcType := $values.type | default "" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ $serviceName }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- if $values.labels }}
{{ toYaml $values.labels | nindent 4 }}
{{- end }}
{{- with $values.annotations }}
annotations:
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if (or (eq $svcType "ClusterIP") (empty $svcType)) }}
type: ClusterIP
{{- if $values.clusterIP }}
clusterIP: {{ $values.clusterIP }}
{{end}}
{{- else if eq $svcType "LoadBalancer" }}
type: {{ $svcType }}
{{- if $values.loadBalancerIP }}
loadBalancerIP: {{ $values.loadBalancerIP }}
{{- end }}
{{- if $values.externalTrafficPolicy }}
externalTrafficPolicy: {{ $values.externalTrafficPolicy }}
{{- end }}
{{- if $values.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml $values.loadBalancerSourceRanges | nindent 4 }}
{{- end -}}
{{- else }}
type: {{ $svcType }}
{{- end }}
{{- if $values.sessionAffinity }}
sessionAffinity: {{ $values.sessionAffinity }}
{{- if $values.sessionAffinityConfig }}
sessionAffinityConfig:
{{ toYaml $values.sessionAffinityConfig | nindent 4 }}
{{- end -}}
{{- end }}
{{- with $values.externalIPs }}
externalIPs:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if $values.publishNotReadyAddresses }}
publishNotReadyAddresses: {{ $values.publishNotReadyAddresses }}
{{- end }}
{{- include "common.classes.service.ports" (dict "svcType" $svcType "values" $values ) | trim | nindent 2 }}
selector:
{{- include "common.labels.selectorLabels" . | nindent 4 }}
{{- end }}

View File

@ -0,0 +1,23 @@
{{/*
Render all the ports and additionalPorts for a Service object.
*/}}
{{- define "common.classes.service.ports" -}}
{{- $ports := list -}}
{{- $values := .values -}}
{{- $ports = mustAppend $ports $values.port -}}
{{- range $_ := $values.additionalPorts -}}
{{- $ports = mustAppend $ports . -}}
{{- end }}
{{- if $ports -}}
ports:
{{- range $_ := $ports }}
- port: {{ .port }}
targetPort: {{ .targetPort | default .name | default "http" }}
protocol: {{ .protocol | default "TCP" }}
name: {{ .name | default "http" }}
{{- if (and (eq $.svcType "NodePort") (not (empty .nodePort))) }}
nodePort: {{ .nodePort }}
{{ end }}
{{- end -}}
{{- end -}}
{{- end }}

View File

@ -0,0 +1,19 @@
{{/*
Renders the additioanl Service objects from appAdditionalServices
*/}}
{{- define "custom.appService" -}}
{{- /* Generate TrueNAS SCALE app services as required v1 */ -}}
{{- if and .Values.appAdditionalServicesEnabled .Values.appAdditionalServices -}}
{{- range $name, $srv := .Values.appAdditionalServices }}
{{- if $srv.enabled -}}
{{- print ("---") | nindent 0 -}}
{{- $serviceValues := $srv -}}
{{- if not $serviceValues.nameSuffix -}}
{{- $_ := set $serviceValues "nameSuffix" $name -}}
{{ end -}}
{{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}}
{{- include "common.classes.service" $ -}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,52 @@
{{/*
Retrieve host path from ix volumes based on dataset name
*/}}
{{- define "retrieveHostPathFromiXVolume" -}}
{{- range $index, $hostPathConfiguration := $.ixVolumes }}
{{- $dsName := base $hostPathConfiguration.hostPath -}}
{{- if eq $.datasetName $dsName -}}
{{- $hostPathConfiguration.hostPath -}}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Define appVolumeMounts for container
*/}}
{{- define "configuredAppVolumeMounts" -}}
{{- if and .Values.appVolumesEnabled .Values.appVolumeMounts }}
{{- range $name, $avm := .Values.appVolumeMounts -}}
{{- if $avm.enabled }}
- name: {{ $name }}
mountPath: {{ $avm.mountPath }}
{{- if $avm.subPath }}
subPath: {{ $avm.subPath }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Define hostPath for appVolumes
*/}}
{{- define "configuredAppVolumes" -}}
{{- if and .Values.appVolumesEnabled .Values.appVolumeMounts }}
{{- range $name, $av := .Values.appVolumeMounts -}}
{{- if $av.enabled }}
- name: {{ $name }}
{{- if or $av.emptyDir $.Values.emptyDirVolumes }}
emptyDir: {}
{{- else }}
hostPath:
{{ if $av.hostPathEnabled }}
path: {{ required "hostPath not set" $av.hostPath }}
{{- else }}
{{- $volDict := dict "datasetName" $av.datasetName "ixVolumes" $.Values.ixVolumes -}}
path: {{ include "retrieveHostPathFromiXVolume" $volDict }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,35 @@
{{/*
Renders the additional ingress objects from appIngress
*/}}
{{- define "custom.appIngress" -}}
{{- /* Generate TrueNAS SCALE app services as required v1 */ -}}
{{- if .Values.appIngress -}}
{{- range $name, $ingr := .Values.appIngress }}
{{- if $ingr.enabled -}}
{{- print ("---") | nindent 0 -}}
{{- $ingressValues := $ingr -}}
{{- if not $ingressValues.nameSuffix -}}
{{- $_ := set $ingressValues "nameSuffix" $name -}}
{{ end -}}
{{- $_ := set $ "ObjectValues" (dict "appIngress" $ingressValues) -}}
{{- if $ingressValues.type -}}
{{- if eq $ingressValues.type "UDP" -}}
{{- include "custom.classes.appIngressUDP" $ }}
{{- else if eq $ingressValues.type "TCP" -}}
{{- include "custom.classes.appIngressTCP" $ }}
{{- else }}
{{- include "custom.classes.appIngressHTTP" $ }}
{{- if $ingressValues.authForwardURL }}
{{- include "custom.classes.appAuthForward" $ }}
{{- end }}
{{- end }}
{{- else }}
{{- include "custom.classes.appIngressHTTP" $ }}
{{- if $ingressValues.authForwardURL }}
{{- include "custom.classes.appAuthForward" $ }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,31 @@
{{/*
Renders the additioanl authForward objects from appAuthForward
*/}}
{{- define "custom.classes.appAuthForward" -}}
{{- /* Generate TrueNAS SCALE app services as required v1 */ -}}
{{- $values := .Values.appIngress -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.appIngress -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- $authForwardName := include "common.names.fullname" . -}}
{{- if hasKey $values "nameSuffix" -}}
{{- $authForwardName = printf "%v-%v" $authForwardName $values.nameSuffix -}}
{{ end -}}
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $authForwardName }}
spec:
forwardAuth:
address: {{ $values.authForwardURL }}
tls:
insecureSkipVerify: true
rustForwardHeader: true
authResponseHeaders:
- Remote-User
- Remote-Groups
- Remote-Name
- Remote-Email
{{- end }}

View File

@ -0,0 +1,78 @@
{{/*
This template serves as a blueprint for all appIngress objects that are created
within the common library.
*/}}
{{- define "custom.classes.appIngressHTTP" -}}
{{- $values := .Values.appIngress -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.appIngress -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- $IngressName := include "common.names.fullname" . -}}
{{- if hasKey $values "nameSuffix" -}}
{{- $IngressName = printf "%v-%v" $IngressName $values.nameSuffix -}}
{{ end -}}
{{- $svcName := $values.serviceName | default (include "common.names.fullname" .) -}}
{{- $svcPort := $values.servicePort | default $.Values.service.port.port -}}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ $IngressName }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
{{- if or (eq $values.certType "letsencrypt-prod") (eq $values.certType "letsencrypt-staging") }}
cert-manager.io/cluster-issuer: {{ $values.certType }}
{{- end }}
traefik.ingress.kubernetes.io/router.entrypoints: {{ $values.entrypoint }}
traefik.ingress.kubernetes.io/router.middlewares: traefik-middlewares-chain-public@kubernetescrd
{{- if $values.authForwardURL }}
traefik.ingress.kubernetes.io/router.middlewares: {{ $IngressName }}
{{- end }}
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }}
{{- if $values.IngressClassName }}
IngressClassName: {{ $values.appIngressHTTPClassName }}
{{- end }}
{{- end }}
{{- if $values.certType }}
tls:
{{- if eq $values.certType "selfsigned" -}}{{ else if eq $values.certType "existingcert" }}
secretName: {{ $values.existingcert }}
{{ else if eq $values.certType "wildcard" }}
secretName: wilddcardcert
{{ else }}
- hosts:
{{- range $values.hosts }}
- {{ .host | quote }}
{{- end }}
secretName: {{ $IngressName }}-tls-secret
{{ end }}
{{- end }}
rules:
{{- range $values.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $svcName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $svcName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,58 @@
{{/*
This template serves as a blueprint for all appIngressTCP objects that are created
within the common library.
*/}}
{{- define "custom.classes.appIngressTCP" -}}
{{- $values := .Values.appIngress -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.appIngress -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- $IngressName := include "common.names.fullname" . -}}
{{- if hasKey $values "nameSuffix" -}}
{{- $IngressName = printf "%v-%v" $IngressName $values.nameSuffix -}}
{{ end -}}
{{- $svcName := $values.serviceName | default (include "common.names.fullname" .) -}}
{{- $svcPort := $values.servicePort | default $.Values.service.port.port -}}
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: {{ $IngressName }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
{{- if or (eq $values.certType "letsencrypt-prod") (eq $values.certType "letsencrypt-staging") }}
cert-manager.io/cluster-issuer: {{ $values.certType }}
{{- end }}
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
entryPoints:
- {{ $values.entrypoint }}
routes:
- match: HostSNI(`*`)
services:
- name: {{ $svcName }}
port: {{ $svcPort }}
weight: 10
terminationDelay: 400
{{- if $values.certType }}
tls:
{{- if eq $values.certType "selfsigned" -}}{{ else if eq $values.certType "existingcert" }}
secretName: {{ $values.existingcert }}
{{ else if eq $values.certType "wildcard" }}
secretName: wilddcardcert
{{ else }}
secretName: {{ $IngressName }}-tls-secret
domains:
- main: {{ index $values.hosts 0 }}
sans:
{{- range $values.hosts }}
- {{ .host | quote }}
{{- end }}
{{- end }}
passthrough: false
{{- end }}
{{- end }}

View File

@ -0,0 +1,36 @@
{{/*
This template serves as a blueprint for all appIngressTCP objects that are created
within the common library.
*/}}
{{- define "custom.classes.appIngressUDP" -}}
{{- $values := .Values.appIngress -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.appIngress -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- $IngressName := include "common.names.fullname" . -}}
{{- if hasKey $values "nameSuffix" -}}
{{- $IngressName = printf "%v-%v" $IngressName $values.nameSuffix -}}
{{ end -}}
{{- $svcName := $values.serviceName | default (include "common.names.fullname" .) -}}
{{- $svcPort := $values.servicePort | default $.Values.service.port.port -}}
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteUDP
metadata:
name: {{ $IngressName }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with $values.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
entryPoints:
- {{ $values.entrypoint }}
routes:
- services:
- name: {{ $svcName }}
port: {{ $svcPort }}
weight: 10
{{- end }}

View File

@ -0,0 +1,92 @@
{{/*
Return the appropriate apiVersion for DaemonSet objects.
*/}}
{{- define "common.capabilities.daemonset.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Waiting on https://github.com/helm/helm/pull/8608
{{- define "common.capabilities.daemonset.apiVersion" -}}
{{- if .Capabilities.APIVersions.Has "apps/v1/DaemonSet" -}}
{{- print "apps/v1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
*/}}
{{/*
Return the appropriate apiVersion for Deployment objects.
*/}}
{{- define "common.capabilities.deployment.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Waiting on https://github.com/helm/helm/pull/8608
{{- define "common.capabilities.deployment.apiVersion" -}}
{{- if .Capabilities.APIVersions.Has "apps/v1/Deployment" -}}
{{- print "apps/v1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
*/}}
{{/*
Return the appropriate apiVersion for StatefulSet objects.
*/}}
{{- define "common.capabilities.statefulset.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "apps/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Waiting on https://github.com/helm/helm/pull/8608
{{- define "common.capabilities.statefulset.apiVersion" -}}
{{- if .Capabilities.APIVersions.Has "apps/v1/StatefulSet" -}}
{{- print "apps/v1" -}}
{{- else -}}
{{- print "apps/v1beta1" -}}
{{- end -}}
{{- end -}}
*/}}
{{/*
Return the appropriate apiVersion for Ingress objects.
*/}}
{{- define "common.capabilities.ingress.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end }}
{{- end -}}
{{/*
Waiting on https://github.com/helm/helm/pull/8608
{{- define "common.capabilities.ingress.apiVersion" -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
{{- print "networking.k8s.io/v1" -}}
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end }}
{{- end -}}
*/}}

View File

@ -0,0 +1,19 @@
{{/*
Common labels shared across objects.
*/}}
{{- define "common.labels" -}}
helm.sh/chart: {{ include "common.names.chart" . }}
{{ include "common.labels.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels shared across objects.
*/}}
{{- define "common.labels.selectorLabels" -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

View File

@ -0,0 +1,42 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "common.names.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "common.names.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "common.names.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create the name of the ServiceAccount to use.
*/}}
{{- define "common.names.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,11 @@
{{/*
Merge the local chart values and the common chart defaults.
*/}}
{{- define "common.values.setup" -}}
{{- if .Values.common -}}
{{- $defaultValues := deepCopy .Values.common -}}
{{- $userValues := deepCopy (omit .Values "common") -}}
{{- $mergedValues := mustMergeOverwrite $defaultValues $userValues -}}
{{- $_ := set . "Values" (deepCopy $mergedValues) -}}
{{- end }}
{{- end }}

View File

@ -0,0 +1,78 @@
{{- /*
The main container included in the controller.
*/ -}}
{{- define "common.controller.mainContainer" -}}
- name: {{ include "common.names.fullname" . }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.command }}
command: {{ . }}
{{- end }}
{{- with .Values.args }}
args: {{ . }}
{{- end }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if or .Values.env .Values.envTpl }}
env:
{{- range $envVariable := .Values.environmentVariables }}
{{- if and $envVariable.name $envVariable.value }}
- name: {{ $envVariable.name }}
value: {{ $envVariable.value | quote }}
{{- else }}
{{- fail "Please specify name/value for environment variable" }}
{{- end }}
{{- end}}
{{- range $key, $value := .Values.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.envTpl }}
- name: {{ $key }}
value: {{ tpl $value $ | quote }}
{{- end }}
{{- end }}
{{- with .Values.envFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- include "common.controller.ports" . | trim | nindent 2 }}
volumeMounts:
{{- range $index, $PVC := .Values.persistence }}
{{- if $PVC.enabled }}
- mountPath: {{ $PVC.mountPath }}
name: {{ $index }}
{{- if $PVC.subPath }}
subPath: {{ $PVC.subPath }}
{{- end }}
{{- end }}
{{- end }}
{{- include "configuredAppVolumeMounts" . | indent 2 }}
{{- if .Values.additionalVolumeMounts }}
{{- toYaml .Values.additionalVolumeMounts | nindent 2 }}
{{- end }}
{{- if eq .Values.controllerType "statefulset" }}
{{- range $index, $vct := .Values.volumeClaimTemplates }}
- mountPath: {{ $vct.mountPath }}
name: {{ $vct.name }}
{{- if $vct.subPath }}
subPath: {{ $vct.subPath }}
{{- end }}
{{- end }}
{{- end }}
{{- include "common.controller.probes" . | nindent 2 }}
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if and .Values.gpuConfiguration .Values.resources }}
limits:
{{- toYaml .Values.gpuConfiguration | nindent 14 }}
{{- else if .Values.gpuConfiguration }}
resources:
limits:
{{- toYaml .Values.gpuConfiguration | nindent 14 }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,63 @@
{{- /*
The pod definition included in the controller.
*/ -}}
{{- define "common.controller.pod" -}}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 2 }}
{{- end }}
serviceAccountName: {{ include "common.names.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- with .Values.schedulerName }}
schedulerName: {{ . }}
{{- end }}
{{- with .Values.hostNetwork }}
hostNetwork: {{ . }}
{{- end }}
{{- with .Values.hostname }}
hostname: {{ . }}
{{- end }}
{{- with .Values.dnsPolicy }}
dnsPolicy: {{ . }}
{{- end }}
{{- with .Values.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 2 }}
{{- end }}
enableServiceLinks: {{ .Values.enableServiceLinks }}
{{- with .Values.initContainers }}
initContainers:
{{- toYaml . | nindent 2 }}
{{- end }}
containers:
{{- include "common.controller.mainContainer" . | nindent 0 }}
{{- with .Values.additionalContainers }}
{{- toYaml . | nindent 0 }}
{{- end }}
{{- with (include "common.controller.volumes" . | trim) }}
volumes:
{{- . | nindent 0 }}
{{- end }}
{{- with .Values.hostAliases }}
hostAliases:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,59 @@
{{/*
Ports included by the controller.
*/}}
{{- define "common.controller.ports" -}}
{{- $ports := list -}}
{{- with .Values.service -}}
{{- $serviceValues := deepCopy . -}}
{{/* append the ports for the main service */}}
{{- if .enabled -}}
{{- $_ := set .port "name" (default "http" .port.name) -}}
{{- $ports = mustAppend $ports .port -}}
{{- range $_ := .additionalPorts -}}
{{/* append the additonalPorts for the main service */}}
{{- $ports = mustAppend $ports . -}}
{{- end }}
{{- end }}
{{/* append the ports for each additional service */}}
{{- range $_ := .additionalServices }}
{{- if .enabled -}}
{{- $_ := set .port "name" (required "Missing port.name" .port.name) -}}
{{- $ports = mustAppend $ports .port -}}
{{- range $_ := .additionalPorts -}}
{{/* append the additonalPorts for each additional service */}}
{{- $ports = mustAppend $ports . -}}
{{- end }}
{{- end }}
{{- end }}
{{/* append the ports for each appAdditionalService - TrueCharts */}}
{{- if and $.Values.appAdditionalServicesEnabled $.Values.appAdditionalServices -}}
{{- range $name, $_ := $.Values.appAdditionalServices }}
{{- if .enabled -}}
{{- if kindIs "string" $name -}}
{{- $_ := set .port "name" (default .port.name | default $name) -}}
{{- else -}}
{{- $_ := set .port "name" (required "Missing port.name" .port.name) -}}
{{- end -}}
{{- $ports = mustAppend $ports .port -}}
{{- range $_ := .additionalPorts -}}
{{/* append the additonalPorts for each additional service */}}
{{- $ports = mustAppend $ports . -}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{/* export/render the list of ports */}}
{{- if $ports -}}
ports:
{{- range $_ := $ports }}
- name: {{ required "The port's 'name' is not defined" .name }}
{{- if and .targetPort (kindIs "string" .targetPort) }}
{{- fail (printf "Our charts do not support named ports for targetPort. (port name %s, targetPort %s)" .name .targetPort) }}
{{- end }}
containerPort: {{ .targetPort | default .port }}
protocol: {{ .protocol | default "TCP" }}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,22 @@
{{/*
Probes selection logic.
*/}}
{{- define "common.controller.probes" -}}
{{- $svcPort := .Values.service.port.name -}}
{{- range $probeName, $probe := .Values.probes }}
{{- if $probe.enabled -}}
{{- "" | nindent 0 }}
{{- $probeName }}Probe:
{{- if $probe.custom -}}
{{- $probe.spec | toYaml | nindent 2 }}
{{- else }}
{{- "tcpSocket:" | nindent 2 }}
{{- printf "port: %v" $svcPort | nindent 4 }}
{{- printf "initialDelaySeconds: %v" $probe.spec.initialDelaySeconds | nindent 2 }}
{{- printf "failureThreshold: %v" $probe.spec.failureThreshold | nindent 2 }}
{{- printf "timeoutSeconds: %v" $probe.spec.timeoutSeconds | nindent 2 }}
{{- printf "periodSeconds: %v" $probe.spec.periodSeconds | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,32 @@
{{/*
Volumes included by the controller.
*/}}
{{- define "common.controller.volumes" -}}
{{- range $index, $persistence := .Values.persistence }}
{{- if $persistence.enabled }}
- name: {{ $index }}
{{- if $persistence.existingClaim }}
{{- /* Always prefer an existingClaim if that is set */}}
persistentVolumeClaim:
claimName: {{ $persistence.existingClaim }}
{{- else -}}
{{- if $persistence.emptyDir -}}
{{- /* Always prefer an emptyDir next if that is set */}}
emptyDir: {}
{{- else -}}
{{- /* Otherwise refer to the PVC name */}}
persistentVolumeClaim:
{{- if $persistence.nameSuffix }}
claimName: {{ printf "%s-%s" (include "common.names.fullname" $) $persistence.nameSuffix }}
{{- else }}
claimName: {{ printf "%s-%s" (include "common.names.fullname" $) $index }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- include "configuredAppVolumes" . }}
{{- if .Values.additionalVolumes }}
{{- toYaml .Values.additionalVolumes | nindent 0 }}
{{- end }}
{{- end -}}

521
library/common/values.yaml Normal file
View File

@ -0,0 +1,521 @@
# type: options are deployment, daemonset or statefulset
controllerType: deployment
# Set annotations on the deployment/statefulset/daemonset
controllerAnnotations: {}
# Set labels on the deployment/statefulset/daemonset
controllerLabels: {}
replicas: 1
strategy:
## For Deployments, valid values are Recreate and RollingUpdate
## For StatefulSets, valid values are OnDelete and RollingUpdate
## DaemonSets ignore this
type: RollingUpdate
# Override the default command
command: []
# Override the default args
args: []
nameOverride: ""
fullnameOverride: ""
# Set annotations on the pod
podAnnotations: {}
serviceAccount:
# Specifies whether a service account should be created
create: false
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
env: {}
# TZ: UTC
## Variables with values set from templates, example
## With a release name of: demo, the example env value will be: demo-admin
envTpl: {}
# TEMPLATE_VALUE: "{{ .Release.Name }}-admin"
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
# Custom priority class for different treatment by the scheduler
# priorityClassName: system-node-critical
# Allow specifying a custom scheduler name
# schedulerName: awkward-dangerous-scheduler
# Allow specifying explicit hostname setting
# hostname:
# When using hostNetwork make sure you set dnsPolicy to ClusterFirstWithHostNet
hostNetwork: false
dnsPolicy: ClusterFirst
# Optional DNS settings, configuring the ndots option may resolve
# nslookup issues on some Kubernetes setups.
# dnsConfig:
# options:
# - name: ndots
# value: "1"
# Enable/disable the generation of environment variables for services.
# See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service
# for more information.
enableServiceLinks: true
# Configure the Security Context for the Pod
podSecurityContext: {}
# Configure the Security Context for the main container
securityContext: {}
initContainers: []
additionalContainers: []
## Probes configuration
probes:
liveness:
enabled: true
## Set this to true if you wish to specify your own livenessProbe
custom: false
## The spec field contains the values for the default livenessProbe.
## If you selected custom: true, this field holds the definition of the livenessProbe.
spec:
initialDelaySeconds: 30
failureThreshold: 5
periodSeconds: 10
timeoutSeconds: 10
readiness:
enabled: true
## Set this to true if you wish to specify your own readinessProbe
custom: false
## The spec field contains the values for the default readinessProbe.
## If you selected custom: true, this field holds the definition of the readinessProbe.
spec:
initialDelaySeconds: 30
failureThreshold: 5
periodSeconds: 10
timeoutSeconds: 10
startup:
enabled: false
## Set this to true if you wish to specify your own startupProbe
custom: false
## The spec field contains the values for the default startupProbe.
## If you selected custom: true, this field holds the definition of the startupProbe.
spec:
initialDelaySeconds: 5
failureThreshold: 30
periodSeconds: 10
timeoutSeconds: 10
service:
enabled: true
type: ClusterIP
## Specify the default port information
port:
port:
## name defaults to http
name:
protocol: TCP
## Specify a service targetPort if you wish to differ the service port from the application port.
## If targetPort is specified, this port number is used in the container definition instead of
## service.port.port. Therefore named ports are not supported for this field.
targetPort:
## Specify the nodePort value for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
# nodePort:
additionalPorts: []
## Provide any additional annotations which may be required. This can be used to
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
labels: {}
additionalServices: []
# - enabled: false
# nameSuffix: api
# type: ClusterIP
# # Specify the default port information
# port:
# port:
# # name defaults to http
# name:
# protocol: TCP
# # targetPort defaults to http
# targetPort:
# # nodePort:
# additionalPorts: []
# annotations: {}
# labels: {}
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
labels: {}
hosts:
- host: chart-example.local
paths:
- path: /
# Ignored if not kubeVersion >= 1.14-0
pathType: Prefix
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
additionalIngresses: []
# - enabled: false
# nameSuffix: "api"
# annotations: {}
# # kubernetes.io/ingress.class: nginx
# # kubernetes.io/tls-acme: "true"
# labels: {}
# hosts:
# - host: chart-example.local
# paths:
# - path: /api
# # Ignored if not kubeVersion >= 1.14-0
# pathType: Prefix
# tls: []
# # - secretName: chart-example-tls
# # hosts:
# # - chart-example.local
persistence:
config:
enabled: false
mountPath: /config
## configuration data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
##
## If you want to reuse an existing claim, you can pass the name of the PVC using
## the existingClaim variable
# existingClaim: your-claim
# subPath: some-subpath
accessMode: ReadWriteOnce
size: 1Gi
## Set to true to retain the PVC upon helm uninstall
skipuninstall: false
# Create an emptyDir volume to share between all containers
shared:
enabled: false
emptyDir: true
mountPath: /shared
additionalVolumes: []
additionalVolumeMounts: []
volumeClaimTemplates: []
# Used in statefulset to create individual disks for each instance
# - name: data
# mountPath: /data
# accessMode: "ReadWriteOnce"
# size: 1Gi
# - name: backup
# mountPath: /backup
# subPath: theSubPath
# accessMode: "ReadWriteOnce"
# size: 2Gi
# storageClass: cheap-storage-class
nodeSelector: {}
affinity: {}
tolerations: []
hostAliases: []
# Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames.
# ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
# - ip: "192.168.1.100"
# hostnames:
# - "example.com"
# - "www.example.com"
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
addons:
# Enable running a VPN in the pod to route traffic through a VPN
vpn:
enabled: false
# VPN type: options are openvpn or wireguard
type: openvpn
# OpenVPN specific configuration
openvpn:
image:
repository: dperson/openvpn-client
pullPolicy: IfNotPresent
tag: latest
# Credentials to connect to the VPN Service (used with -a)
auth: # "user;password"
# OR specify an existing secret that contains the credentials. Credentials should be stored
# under the VPN_AUTH key
authSecret: # my-vpn-secret
# WireGuard specific configuration
wireguard:
image:
repository: k8sathome/wireguard
pullPolicy: IfNotPresent
tag: 1.0.20200827
# Set the VPN container securityContext
securityContext:
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
# All variables specified here will be added to the vpn sidecar container
# See the documentation of the VPN image for all config values
env: {}
# TZ: UTC
# Provide a customized vpn configuration file to be used by the VPN.
configFile: # |-
# Some Example Config
# remote greatvpnhost.com 8888
# auth-user-pass
# Cipher AES
# Provide custom up/down scripts that can be used by the vpnConf
scripts:
up: # |-
# #!/bin/bash
# echo "connected" > /shared/vpnstatus
down: # |-
# #!/bin/bash
# echo "disconnected" > /shared/vpnstatus
additionalVolumeMounts: []
# Optionally specify a livenessProbe, e.g. to check if the connection is still
# being protected by the VPN
livenessProbe: {}
# exec:
# command:
# - sh
# - -c
# - if [ $(curl -s https://ipinfo.io/country) == 'US' ]; then exit 0; else exit $?; fi
# initialDelaySeconds: 30
# periodSeconds: 60
# failureThreshold: 1
# If set to true, will deploy a network policy that blocks all outbound
# traffic except traffic specified as allowed
networkPolicy:
enabled: false
# The egress configuration for your network policy, All outbound traffic
# From the pod will be blocked unless specified here. Your cluster must
# have a CNI that supports network policies (Canal, Calico, etc...)
# https://kubernetes.io/docs/concepts/services-networking/network-policies/
# https://github.com/ahmetb/kubernetes-network-policy-recipes
egress:
# - to:
# - ipBlock:
# cidr: 0.0.0.0/0
# ports:
# - port: 53
# protocol: UDP
# - port: 53
# protocol: TCP
# Enable running a code-server container in the pod to access files
codeserver:
enabled: false
image:
repository: codercom/code-server
pullPolicy: IfNotPresent
tag: 3.7.4
# Set any environment variables for code-server here
env: {}
# TZ: UTC
# Set codeserver command line arguments
# consider setting --user-data-dir to a persistent location to preserve code-server setting changes
args:
- --auth
- none
# - --user-data-dir
# - "/config/.vscode"
# Specify a list of volumes that get mounted in the code-server container.
# At least 1 volumeMount is required!
volumeMounts: []
# - name: config
# mountPath: /data/config
# Specify the working dir that will be opened when code-server starts
# If not given, the app will default to the mountpah of the first specified volumeMount
workingDir: ""
service:
enabled: true
type: ClusterIP
# Specify the default port information
port:
port: 12321
name: codeserver
protocol: TCP
targetPort: codeserver
## Specify the nodePort value for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
# nodePort:
## Provide any additional annotations which may be required. This can be used to
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
labels: {}
ingress:
enabled: false
nameSuffix: codeserver
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
labels: {}
hosts:
- host: code.chart-example.local
paths:
- path: /
# Ignored if not kubeVersion >= 1.14-0
pathType: Prefix
tls: []
# - secretName: chart-example-tls
# hosts:
# - code.chart-example.local
securityContext:
runAsUser: 0
## TrueCharts Specific
appAdditionalServicesEnabled: false
# appAdditionalServices:
# api:
# enabled: false
# type: NodePort
# protocol: TCP
# port:
# port: 8091
# nodePort: 38091
# additionalPorts: []
# - name: api-alt
# port: 8092
# targetPort: 8092
# protocol: TCP
# nodePort: 38092
# ws:
# enabled: false
# type: ClusterIP
# port:
# port: 3000
# additionalPorts: {}
# foo:
# name: ws-alt
# protocol: TCP
# port: 3001
# targetPort: 3001
appVolumesEnabled: false
# appVolumeMounts:
# config:
# enabled: false
# emptyDir: false
# datasetName: "config"
# mountPath: "/config"
# subPath: some-subpath
# hostPathEnabled: false
# hostPath: ""
# data:
# enabled: false
# emptyDir: false
# datasetName: "data"
# mountPath: "/data"
# subPath: some-subpath
# hostPathEnabled: false
# hostPath: ""
emptyDirVolumes: true
appIngressEnabled: false
appIngress:
main:
enabled: false
entrypoint: "websecure"
certType: "letsencrypt-prod"
existingcert: ""
authForwardURL: ""
annotations: {}
labels: {}
hosts:
- host: app.truecharts.placeholder
paths:
- path: /
# Ignored if not kubeVersion >= 1.14-0
pathType: Prefix
maintcp:
enabled: false
type: "TCP"
entrypoint: "kms"
certType: "none"
existingcert: ""
annotations: {}
labels: {}
hosts:
- host: app.truecharts.placeholder
paths:
- path: /
# Ignored if not kubeVersion >= 1.14-0
pathType: Prefix
mainudp:
enabled: false
type: "UDP"
entrypoint: "DNSUDP"
annotations: {}
labels: {}