From 50d1f93e12dbe0e9afa315a4bc60405cf0433864 Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Fri, 5 Feb 2021 21:17:06 +0100 Subject: [PATCH] Add Initial BETA Test release of the Common Chart and testing environment Co-authored-by: Troy Prelog Signed-off-by: Kjeld Schouten-Lebbing --- .test/charts/common-test_spec.rb | 75 +++ library/common-test/Chart.yaml | 14 + library/common-test/ci/basic-values.yaml | 34 ++ library/common-test/ci/codeserver-values.yaml | 42 ++ library/common-test/templates/common.yaml | 1 + library/common-test/values.yaml | 40 ++ library/common/.helmignore | 23 + library/common/CHANGELOG.md | 91 +++ library/common/Chart.yaml | 14 + library/common/LICENSE | 201 +++++++ library/common/README.md | 99 ++++ library/common/_ingress.tpl | 27 + library/common/templates/_all.tpl | 39 ++ library/common/templates/_daemonset.tpl | 33 ++ library/common/templates/_deployment.tpl | 38 ++ library/common/templates/_ingress.tpl | 27 + library/common/templates/_notes.tpl | 25 + library/common/templates/_pvc.tpl | 18 + library/common/templates/_service.tpl | 22 + library/common/templates/_serviceaccount.tpl | 15 + library/common/templates/_statefulset.tpl | 53 ++ .../addons/code-server/_codeserver.tpl | 44 ++ .../addons/code-server/_container.tpl | 41 ++ .../templates/addons/vpn/_configmap.tpl | 26 + .../templates/addons/vpn/_networkpolicy.tpl | 21 + .../common/templates/addons/vpn/_volume.tpl | 25 + library/common/templates/addons/vpn/_vpn.tpl | 36 ++ .../templates/addons/vpn/openvpn/_addon.tpl | 19 + .../addons/vpn/openvpn/_container.tpl | 61 ++ .../templates/addons/vpn/openvpn/_secret.tpl | 15 + .../templates/addons/vpn/wireguard/_addon.tpl | 12 + .../addons/vpn/wireguard/_container.tpl | 52 ++ library/common/templates/classes/_ingress.tpl | 66 +++ library/common/templates/classes/_pvc.tpl | 40 ++ library/common/templates/classes/_service.tpl | 68 +++ .../templates/classes/_service_ports.tpl | 23 + .../common/templates/custom/_appService.tpl | 19 + .../common/templates/custom/_appStorage.tpl | 52 ++ .../common/templates/custom/_appingress.tpl | 35 ++ .../custom/classes/_appAuthForward.tpl | 31 ++ .../custom/classes/_appIngressHTTP.tpl | 78 +++ .../custom/classes/_appIngressTCP.tpl | 58 ++ .../custom/classes/_appIngressUDP.tpl | 36 ++ .../templates/lib/chart/_capabilities.tpl | 92 ++++ .../common/templates/lib/chart/_labels.tpl | 19 + library/common/templates/lib/chart/_names.tpl | 42 ++ .../common/templates/lib/chart/_values.tpl | 11 + .../templates/lib/controller/_container.tpl | 78 +++ .../common/templates/lib/controller/_pod.tpl | 63 +++ .../templates/lib/controller/_ports.tpl | 59 ++ .../templates/lib/controller/_probes.tpl | 22 + .../templates/lib/controller/_volumes.tpl | 32 ++ library/common/values.yaml | 521 ++++++++++++++++++ 53 files changed, 2728 insertions(+) create mode 100644 library/common-test/Chart.yaml create mode 100644 library/common-test/ci/basic-values.yaml create mode 100644 library/common-test/ci/codeserver-values.yaml create mode 100644 library/common-test/templates/common.yaml create mode 100644 library/common-test/values.yaml create mode 100644 library/common/.helmignore create mode 100644 library/common/CHANGELOG.md create mode 100644 library/common/Chart.yaml create mode 100644 library/common/LICENSE create mode 100644 library/common/README.md create mode 100644 library/common/_ingress.tpl create mode 100644 library/common/templates/_all.tpl create mode 100644 library/common/templates/_daemonset.tpl create mode 100644 library/common/templates/_deployment.tpl create mode 100644 library/common/templates/_ingress.tpl create mode 100644 library/common/templates/_notes.tpl create mode 100644 library/common/templates/_pvc.tpl create mode 100644 library/common/templates/_service.tpl create mode 100644 library/common/templates/_serviceaccount.tpl create mode 100644 library/common/templates/_statefulset.tpl create mode 100644 library/common/templates/addons/code-server/_codeserver.tpl create mode 100644 library/common/templates/addons/code-server/_container.tpl create mode 100644 library/common/templates/addons/vpn/_configmap.tpl create mode 100644 library/common/templates/addons/vpn/_networkpolicy.tpl create mode 100644 library/common/templates/addons/vpn/_volume.tpl create mode 100644 library/common/templates/addons/vpn/_vpn.tpl create mode 100644 library/common/templates/addons/vpn/openvpn/_addon.tpl create mode 100644 library/common/templates/addons/vpn/openvpn/_container.tpl create mode 100644 library/common/templates/addons/vpn/openvpn/_secret.tpl create mode 100644 library/common/templates/addons/vpn/wireguard/_addon.tpl create mode 100644 library/common/templates/addons/vpn/wireguard/_container.tpl create mode 100644 library/common/templates/classes/_ingress.tpl create mode 100644 library/common/templates/classes/_pvc.tpl create mode 100644 library/common/templates/classes/_service.tpl create mode 100644 library/common/templates/classes/_service_ports.tpl create mode 100644 library/common/templates/custom/_appService.tpl create mode 100644 library/common/templates/custom/_appStorage.tpl create mode 100644 library/common/templates/custom/_appingress.tpl create mode 100644 library/common/templates/custom/classes/_appAuthForward.tpl create mode 100644 library/common/templates/custom/classes/_appIngressHTTP.tpl create mode 100644 library/common/templates/custom/classes/_appIngressTCP.tpl create mode 100644 library/common/templates/custom/classes/_appIngressUDP.tpl create mode 100644 library/common/templates/lib/chart/_capabilities.tpl create mode 100644 library/common/templates/lib/chart/_labels.tpl create mode 100644 library/common/templates/lib/chart/_names.tpl create mode 100644 library/common/templates/lib/chart/_values.tpl create mode 100644 library/common/templates/lib/controller/_container.tpl create mode 100644 library/common/templates/lib/controller/_pod.tpl create mode 100644 library/common/templates/lib/controller/_ports.tpl create mode 100644 library/common/templates/lib/controller/_probes.tpl create mode 100644 library/common/templates/lib/controller/_volumes.tpl create mode 100644 library/common/values.yaml diff --git a/.test/charts/common-test_spec.rb b/.test/charts/common-test_spec.rb index 5d68adfeaad..144dcfbdbc4 100644 --- a/.test/charts/common-test_spec.rb +++ b/.test/charts/common-test_spec.rb @@ -38,6 +38,53 @@ class Test < ChartTest end end + describe 'Environment settings' do + it 'Check no environment variables' do + values = {} + chart.value values + assert_nil(resource('Deployment')['spec']['template']['spec']['containers'][0]['env']) + end + + it 'set "static" environment variables' do + values = { + env: { + STATIC_ENV: 'value_of_env' + } + } + chart.value values + jq('.spec.template.spec.containers[0].env[0].name', resource('Deployment')).must_equal values[:env].keys[0].to_s + jq('.spec.template.spec.containers[0].env[0].value', resource('Deployment')).must_equal values[:env].values[0].to_s + end + + + it 'set "static" and "Dynamic/Tpl" environment variables' do + values = { + env: { + STATIC_ENV: 'value_of_env' + }, + envTpl: { + DYN_ENV: "{{ .Release.Name }}-admin" + } + } + chart.value values + jq('.spec.template.spec.containers[0].env[0].name', resource('Deployment')).must_equal values[:env].keys[0].to_s + jq('.spec.template.spec.containers[0].env[0].value', resource('Deployment')).must_equal values[:env].values[0].to_s + jq('.spec.template.spec.containers[0].env[1].name', resource('Deployment')).must_equal values[:envTpl].keys[0].to_s + jq('.spec.template.spec.containers[0].env[1].value', resource('Deployment')).must_equal 'common-test-admin' + end + + it 'set "Dynamic/Tpl" environment variables' do + values = { + envTpl: { + DYN_ENV: "{{ .Release.Name }}-admin" + } + } + chart.value values + jq('.spec.template.spec.containers[0].env[0].name', resource('Deployment')).must_equal values[:envTpl].keys[0].to_s + jq('.spec.template.spec.containers[0].env[0].value', resource('Deployment')).must_equal 'common-test-admin' + end + end + describe 'ports settings' do default_name = 'http' default_port = 8080 @@ -97,5 +144,33 @@ class Test < ChartTest assert_match("Our charts do not support named ports for targetPort. (port name #{default_name}, targetPort #{values[:service][:port][:targetPort]})", exception.message) end end + + describe 'statefulset volumeClaimTemplates' do + + it 'volumeClaimTemplates should be empty by default' do + chart.value controllerType: 'statefulset' + assert_nil(resource('StatefulSet')['spec']['volumeClaimTemplates']) + end + + it 'can set values for volumeClaimTemplates' do + values = { + controllerType: 'statefulset', + volumeClaimTemplates: [ + { + name: 'storage', + accessMode: 'ReadWriteOnce', + size: '10Gi', + storageClass: 'storage' + } + ] + } + + chart.value values + jq('.spec.volumeClaimTemplates[0].metadata.name', resource('StatefulSet')).must_equal values[:volumeClaimTemplates][0][:name] + jq('.spec.volumeClaimTemplates[0].spec.accessModes[0]', resource('StatefulSet')).must_equal values[:volumeClaimTemplates][0][:accessMode] + jq('.spec.volumeClaimTemplates[0].spec.resources.requests.storage', resource('StatefulSet')).must_equal values[:volumeClaimTemplates][0][:size] + jq('.spec.volumeClaimTemplates[0].spec.storageClassName', resource('StatefulSet')).must_equal values[:volumeClaimTemplates][0][:storageClass] + end + end end end diff --git a/library/common-test/Chart.yaml b/library/common-test/Chart.yaml new file mode 100644 index 00000000000..233c343052a --- /dev/null +++ b/library/common-test/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v2 +name: common-test +description: Helper chart to test different use cases of the common library +version: 1.1.0 +keywords: + - truecharts + - common +home: https://github.com/truecharts/truecharts/tree/master/charts/common-test +maintainers: + - name: truecharts +dependencies: + - name: common + repository: file://../common + version: n/a diff --git a/library/common-test/ci/basic-values.yaml b/library/common-test/ci/basic-values.yaml new file mode 100644 index 00000000000..47176dbf2aa --- /dev/null +++ b/library/common-test/ci/basic-values.yaml @@ -0,0 +1,34 @@ +image: + repository: b4bz/homer + tag: latest + pullPolicy: IfNotPresent + +service: + port: + port: 8080 + +ingress: + enabled: true + +appIngressEnabled: true +appIngress: + main: + enabled: true + +appVolumesEnabled: false +appVolumeMounts: + data: + enabled: true + emptyDir: true + datasetName: "data" + mountPath: "/data" + hostPathEnabled: false + hostPath: "" + +probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true diff --git a/library/common-test/ci/codeserver-values.yaml b/library/common-test/ci/codeserver-values.yaml new file mode 100644 index 00000000000..42baa9bddee --- /dev/null +++ b/library/common-test/ci/codeserver-values.yaml @@ -0,0 +1,42 @@ +image: + repository: b4bz/homer + tag: latest + pullPolicy: IfNotPresent + +service: + port: + port: 8080 + +ingress: + enabled: true + +appIngressEnabled: true +appIngress: + main: + enabled: true + +persistence: + config: + enabled: true + emptyDir: true + mountPath: /www/assets + +appVolumesEnabled: false +appVolumeMounts: + data: + enabled: true + emptyDir: true + datasetName: "data" + mountPath: "/data" + hostPathEnabled: false + hostPath: "" + +addons: + codeserver: + enabled: true + workingDir: "/www/assets" + ingress: + enabled: true + volumeMounts: + - name: config + mountPath: /www/assets diff --git a/library/common-test/templates/common.yaml b/library/common-test/templates/common.yaml new file mode 100644 index 00000000000..a6613c2ce21 --- /dev/null +++ b/library/common-test/templates/common.yaml @@ -0,0 +1 @@ +{{ include "common.all" . }} diff --git a/library/common-test/values.yaml b/library/common-test/values.yaml new file mode 100644 index 00000000000..376829faafe --- /dev/null +++ b/library/common-test/values.yaml @@ -0,0 +1,40 @@ +image: + repository: b4bz/homer + tag: latest + pullPolicy: IfNotPresent + +service: + port: + port: 8080 + +ingress: + enabled: true + +appIngressEnabled: true +appIngress: + main: + enabled: true + mainhttp: + enabled: true + entrypoint: "web" + certType: "" + existingcert: "" + authForwardURL: "" + annotations: {} + labels: {} + hosts: + - host: app.truecharts.placeholder + paths: + - path: / + # Ignored if not kubeVersion >= 1.14-0 + pathType: Prefix + +appVolumesEnabled: true +appVolumeMounts: + data: + enabled: true + emptyDir: true + datasetName: "data" + mountPath: "/data" + hostPathEnabled: false + hostPath: "" \ No newline at end of file diff --git a/library/common/.helmignore b/library/common/.helmignore new file mode 100644 index 00000000000..0e8a0eb36f4 --- /dev/null +++ b/library/common/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/library/common/CHANGELOG.md b/library/common/CHANGELOG.md new file mode 100644 index 00000000000..80fd089a220 --- /dev/null +++ b/library/common/CHANGELOG.md @@ -0,0 +1,91 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [2.3.0] + +### Added + +- Allow overriding the main container command. +- Allow setting Helm templates as environment variables via `envTpl`. The given value is parsed through Helm's `tpl` function, allowing for powerful variable substitution. +- Support for defining volumeClaimTemplates for StatefulSet. +- Allow the following Pod spec fields to be configurable: + - `priorityClassName` + - `schedulerName` + - `hostname` + +### Fixed + +- `values.yaml` now contains the following sections, these were already functional but were previously undocumented: + - `podSecurityContext` + - `securityContext` + - `resources` + +## [2.2.1] + +### Fixed + +- Made explicit that `service.port.targetPort` cannot be a named port. + +## [2.2.0] + +### Added + +- Allow serviceLinks to be enabled/disabled. +- Support for ingressClassName on apiVersion `networking.k8s.io/v1` by setting `ingress.ingressClassName`. +- Added some initial proper unit tests for the `common` chart. + +### Changed + +- `service.port.targetPort` is now used in the container spec instead of `service.port.port` if specified. This allows for different service and container ports. (Implements [#465](https://github.com/k8s-at-home/charts/issues/465)). + +### Fixed + +- Document setting environment variables for code-server add-on in `values.yaml` (Fixes [#436](https://github.com/k8s-at-home/charts/issues/436)). +- Set service targetPort to the service port name first if no `targetPort` value is given. + +## [2.1.0] + +### Added + +- Allow for additional arguments to be added to code-server runtime via `addons.codeserver.args` + +## [2.0.4] + +### Fixed + +- `periodSeconds` now works for all probe types. + +## [2.0.0] + +### Changed + +- :warning: Updated `probes` logic to support custom probes, it is now possible to set your own custom probes by setting the `probes.[liveness|readiness|startup].custom` value to `true` and configuring them. Default is `false`. +- :warning: `addon.vpn.imagePullPolicy` is now `addon.vpn.[openvpn|wireguard].image.pullPolicy`. Default is `IfNotPresent` +- [code-server](https://github.com/cdr/code-server) is now an `addon` like `vpn`. This enables a code-server container inside the pod which allows you to modify a configuration in a volume attached to the pod. Default for `addons.codeserver.enabled` is `false` +- Added `envFrom` for more configuration with environment variables +- Added `dnsConfig` to be configurable +- Added support for 1.19+ ingress spec +- Added this [CHANGELOG.md](CHANGELOG.md) + +### Fixed + +- `nameOverride` and `fullNameOverride` not in `values.yaml` + +## [1.7.0] + +This is the last version before starting this changelog. All sorts of cool stuff was changed, but only `git log` remembers what that was :slightly_frowning_face: + +[2.2.1]: https://github.com/k8s-at-home/charts/tree/common-2.2.1/charts/common + +[2.2.0]: https://github.com/k8s-at-home/charts/tree/common-2.2.0/charts/common + +[2.1.0]: https://github.com/k8s-at-home/charts/tree/common-2.1.0/charts/common + +[2.0.4]: https://github.com/k8s-at-home/charts/tree/common-2.0.4/charts/common + +[2.0.0]: https://github.com/k8s-at-home/charts/tree/common-2.0.0/charts/common + +[1.7.0]: https://github.com/k8s-at-home/charts/tree/common-1.7.0/charts/common diff --git a/library/common/Chart.yaml b/library/common/Chart.yaml new file mode 100644 index 00000000000..15aa7ea5506 --- /dev/null +++ b/library/common/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v2 +name: common +description: Function library for TrueCharts +type: library +version: 0.10.1 +# upstream_version: 2.3.0 +keywords: + - truecharts + - library-chart + - k8s-at-home + - common +home: https://github.com/truecharts/truecharts/tree/master/common +maintainers: + - name: truecharts diff --git a/library/common/LICENSE b/library/common/LICENSE new file mode 100644 index 00000000000..056d3dab356 --- /dev/null +++ b/library/common/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2020 k8s@Home + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/library/common/README.md b/library/common/README.md new file mode 100644 index 00000000000..9291a8209c2 --- /dev/null +++ b/library/common/README.md @@ -0,0 +1,99 @@ +# Library chart for k8s@home media charts + +**WARNING: THIS CHART IS NOT MEANT TO BE INSTALLED DIRECTLY** + +This is a [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm). It's purpose is for grouping common logic between the k8s@home charts. + +Since a lot of charts follow the same pattern this library was built to reduce maintenance cost between the charts that use it and try achieve a goal of being DRY. + +## Introduction + +This chart provides common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +## :star2: Changelog + +Please refer to [CHANGELOG.md](CHANGELOG.md) for an overview of notable changes to the chart. **This is especially important for major version updates!** + +## TL;DR + +When using one of the many charts that uses this library be sure to view this [values.yaml](./values.yaml) for configuration options. Any setting here can be used to define what values your helm deployment will use. + +For example using the helm CLI tool + +```bash +helm install node-red \ + --set image.repository="nodered/node-red" \ + --set image.tag="1.2.5" \ + --set env.TZ="America/New_York" \ + k8s-at-home/node-red +``` + +or + +```yaml +# node-red-values.yaml +image: + repository: nodered/node-red + tag: 1.2.5 +env: + TZ: America/New_York +``` + +```bash +helm install node-red \ + --values=./node-red-values.yaml \ + k8s-at-home/node-red +``` + +## Creating a new chart + +First be sure to checkout the many charts that already use this like [qBittorrent](../qbittorrent/), [node-red](../node-red/) or the many others in this repository. + +Include this chart as a dependency in your `Chart.yaml` e.g. + +```yaml +# Chart.yaml +dependencies: + - name: common + version: x.x.x + repository: https://k8s-at-home.com/charts/ +``` + +Write a `values.yaml` with some basic defaults you want to present to the user e.g. + +```yaml +# Default values for node-red. + +image: + repository: nodered/node-red + pullPolicy: IfNotPresent + tag: 1.2.5 + +strategy: + type: Recreate + +# See more environment varaibles in the node-red documentation +# https://nodered.org/docs/getting-started/docker +env: {} + # TZ: + # NODE_OPTIONS: + # NODE_RED_ENABLE_PROJECTS: + # NODE_RED_ENABLE_SAFE_MODE: + # FLOWS: + +service: + port: + port: 1880 + +persistence: + data: + enabled: false + emptyDir: false + mountPath: /data +``` + +If testing locally make sure you update the dependencies with: + +```bash +helm dependency update +``` diff --git a/library/common/_ingress.tpl b/library/common/_ingress.tpl new file mode 100644 index 00000000000..d6ad879a26c --- /dev/null +++ b/library/common/_ingress.tpl @@ -0,0 +1,27 @@ +{{/* +Renders the Ingress objects required by the chart by returning a concatinated list +of the main Ingress and any additionalIngresses. +*/}} +{{- define "common.ingress" -}} + {{- if .Values.ingress.enabled -}} + {{- $svcPort := .Values.service.port.port -}} + + {{- /* Generate primary ingress */ -}} + {{- $ingressValues := .Values.ingress -}} + {{- $_ := set . "ObjectValues" (dict "ingress" $ingressValues) -}} + {{- include "common.classes.ingress" . }} + + {{- /* Generate additional ingresses as required */ -}} + {{- range $index, $extraIngress := .Values.ingress.additionalIngresses }} + {{- if $extraIngress.enabled -}} + {{- print ("---") | nindent 0 -}} + {{- $ingressValues := $extraIngress -}} + {{- if not $ingressValues.nameSuffix -}} + {{- $_ := set $ingressValues "nameSuffix" $index -}} + {{ end -}} + {{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}} + {{- include "common.classes.ingress" $ -}} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/library/common/templates/_all.tpl b/library/common/templates/_all.tpl new file mode 100644 index 00000000000..263a7824bb7 --- /dev/null +++ b/library/common/templates/_all.tpl @@ -0,0 +1,39 @@ +{{/* +Main entrypoint for the common library chart. It will render all underlying templates based on the provided values. +*/}} +{{- define "common.all" -}} + {{- /* Merge the local chart values and the common chart defaults */ -}} + {{- include "common.values.setup" . }} + + {{- /* Enable code-server add-on if required */ -}} + {{- if .Values.addons.codeserver.enabled }} + {{- include "common.addon.codeserver" . }} + {{- end -}} + + {{- /* Enable VPN add-on if required */ -}} + {{- if .Values.addons.vpn.enabled }} + {{- include "common.addon.vpn" . }} + {{- end -}} + + {{- /* Build the templates */ -}} + {{- include "common.pvc" . }} + {{- print "---" | nindent 0 -}} + {{- if .Values.serviceAccount.create -}} + {{- include "common.serviceAccount" . }} + {{- print "---" | nindent 0 -}} + {{- end -}} + {{- if eq .Values.controllerType "deployment" }} + {{- include "common.deployment" . | nindent 0 }} + {{ else if eq .Values.controllerType "daemonset" }} + {{- include "common.daemonset" . | nindent 0 }} + {{ else if eq .Values.controllerType "statefulset" }} + {{- include "common.statefulset" . | nindent 0 }} + {{- end -}} + {{- print "---" | nindent 0 -}} + {{ include "common.service" . | nindent 0 }} + {{ include "custom.appService" . | nindent 0 }} + {{- print "---" | nindent 0 -}} + {{ include "common.ingress" . | nindent 0 }} + {{- print "---" | nindent 0 -}} + {{ include "custom.appIngress" . | nindent 0 }} +{{- end -}} diff --git a/library/common/templates/_daemonset.tpl b/library/common/templates/_daemonset.tpl new file mode 100644 index 00000000000..db624217ddb --- /dev/null +++ b/library/common/templates/_daemonset.tpl @@ -0,0 +1,33 @@ +{{/* +This template serves as the blueprint for the DaemonSet objects that are created +within the common library. +*/}} +{{- define "common.daemonset" -}} +apiVersion: {{ include "common.capabilities.daemonset.apiVersion" . }} +kind: DaemonSet +metadata: + name: {{ include "common.names.fullname" . }} + labels: + {{- include "common.labels" . | nindent 4 }} + {{- with .Values.controllerLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controllerAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "common.labels.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "common.labels.selectorLabels" . | nindent 8 }} + spec: + {{- include "common.controller.pod" . | nindent 6 }} +{{- end }} diff --git a/library/common/templates/_deployment.tpl b/library/common/templates/_deployment.tpl new file mode 100644 index 00000000000..d93503e9a26 --- /dev/null +++ b/library/common/templates/_deployment.tpl @@ -0,0 +1,38 @@ +{{/* +This template serves as the blueprint for the Deployment objects that are created +within the common library. +*/}} +{{- define "common.deployment" -}} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }} + labels: + {{- include "common.labels" . | nindent 4 }} + {{- with .Values.controllerLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controllerAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicas }} + {{- with .Values.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} + selector: + matchLabels: + {{- include "common.labels.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "common.labels.selectorLabels" . | nindent 8 }} + spec: + {{- include "common.controller.pod" . | nindent 6 }} +{{- end }} diff --git a/library/common/templates/_ingress.tpl b/library/common/templates/_ingress.tpl new file mode 100644 index 00000000000..d6ad879a26c --- /dev/null +++ b/library/common/templates/_ingress.tpl @@ -0,0 +1,27 @@ +{{/* +Renders the Ingress objects required by the chart by returning a concatinated list +of the main Ingress and any additionalIngresses. +*/}} +{{- define "common.ingress" -}} + {{- if .Values.ingress.enabled -}} + {{- $svcPort := .Values.service.port.port -}} + + {{- /* Generate primary ingress */ -}} + {{- $ingressValues := .Values.ingress -}} + {{- $_ := set . "ObjectValues" (dict "ingress" $ingressValues) -}} + {{- include "common.classes.ingress" . }} + + {{- /* Generate additional ingresses as required */ -}} + {{- range $index, $extraIngress := .Values.ingress.additionalIngresses }} + {{- if $extraIngress.enabled -}} + {{- print ("---") | nindent 0 -}} + {{- $ingressValues := $extraIngress -}} + {{- if not $ingressValues.nameSuffix -}} + {{- $_ := set $ingressValues "nameSuffix" $index -}} + {{ end -}} + {{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}} + {{- include "common.classes.ingress" $ -}} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/library/common/templates/_notes.tpl b/library/common/templates/_notes.tpl new file mode 100644 index 00000000000..07904900802 --- /dev/null +++ b/library/common/templates/_notes.tpl @@ -0,0 +1,25 @@ +{{/* +Default NOTES.txt content. +*/}} +{{- define "common.notes.defaultNotes" -}} +{{- $svcPort := .Values.service.port.port -}} +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .host }}{{ (first .paths).path }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.names.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ $svcPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ $svcPort }} +{{- end }} +{{- end }} diff --git a/library/common/templates/_pvc.tpl b/library/common/templates/_pvc.tpl new file mode 100644 index 00000000000..7ad340ba385 --- /dev/null +++ b/library/common/templates/_pvc.tpl @@ -0,0 +1,18 @@ +{{/* +Renders the PersistentVolumeClaim objects required by the chart by returning a concatinated list +of all the entries of the persistence key. +*/}} +{{- define "common.pvc" -}} + {{- /* Generate pvc as required */ -}} + {{- range $index, $PVC := .Values.persistence }} + {{- if and $PVC.enabled (not (or $PVC.emptyDir $PVC.existingClaim)) -}} + {{- $persistenceValues := $PVC -}} + {{- if not $persistenceValues.nameSuffix -}} + {{- $_ := set $persistenceValues "nameSuffix" $index -}} + {{- end -}} + {{- $_ := set $ "ObjectValues" (dict "persistence" $persistenceValues) -}} + {{- print ("---") | nindent 0 -}} + {{- include "common.classes.pvc" $ -}} + {{- end }} + {{- end }} +{{- end }} diff --git a/library/common/templates/_service.tpl b/library/common/templates/_service.tpl new file mode 100644 index 00000000000..80a2a14fda0 --- /dev/null +++ b/library/common/templates/_service.tpl @@ -0,0 +1,22 @@ +{{/* +Renders the Service objects required by the chart by returning a concatinated list +of the main Service and any additionalServices. +*/}} +{{- define "common.service" -}} + {{- if .Values.service.enabled -}} + {{- /* Generate primary service */ -}} + {{- include "common.classes.service" . }} + {{- /* Generate additional services as required */ -}} + {{- range $index, $extraService := .Values.service.additionalServices }} + {{- if $extraService.enabled -}} + {{- print ("---") | nindent 0 -}} + {{- $serviceValues := $extraService -}} + {{- if not $serviceValues.nameSuffix -}} + {{- $_ := set $serviceValues "nameSuffix" $index -}} + {{ end -}} + {{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}} + {{- include "common.classes.service" $ -}} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/library/common/templates/_serviceaccount.tpl b/library/common/templates/_serviceaccount.tpl new file mode 100644 index 00000000000..a8c0e7903ba --- /dev/null +++ b/library/common/templates/_serviceaccount.tpl @@ -0,0 +1,15 @@ +{{/* +The ServiceAccount object to be created. +*/}} +{{- define "common.serviceAccount" -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "common.names.serviceAccountName" . }} + labels: + {{- include "common.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/library/common/templates/_statefulset.tpl b/library/common/templates/_statefulset.tpl new file mode 100644 index 00000000000..ef2ec2f6e46 --- /dev/null +++ b/library/common/templates/_statefulset.tpl @@ -0,0 +1,53 @@ +{{/* +This template serves as the blueprint for the StatefulSet objects that are created +within the common library. +*/}} +{{- define "common.statefulset" -}} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "common.names.fullname" . }} + labels: + {{- include "common.labels" . | nindent 4 }} + {{- with .Values.controllerLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controllerAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicas }} + {{- with .Values.strategy }} + updateStrategy: + {{- toYaml . | nindent 4 }} + {{- end }} + selector: + matchLabels: + {{- include "common.labels.selectorLabels" . | nindent 6 }} + serviceName: {{ include "common.names.fullname" . }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "common.labels.selectorLabels" . | nindent 8 }} + spec: + {{- include "common.controller.pod" . | nindent 6 }} + volumeClaimTemplates: + {{- range $index, $vct := .Values.volumeClaimTemplates }} + - metadata: + name: {{ $vct.name }} + spec: + accessModes: + - {{ required (printf "accessMode is required for vCT %v" $vct.name) $vct.accessMode | quote }} + resources: + requests: + storage: {{ required (printf "size is required for PVC %v" $vct.name) $vct.size | quote }} + {{- if $vct.storageClass }} + storageClassName: {{ if (eq "-" $vct.storageClass) }}""{{- else }}{{ $vct.storageClass | quote }}{{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/library/common/templates/addons/code-server/_codeserver.tpl b/library/common/templates/addons/code-server/_codeserver.tpl new file mode 100644 index 00000000000..8cbb4c54265 --- /dev/null +++ b/library/common/templates/addons/code-server/_codeserver.tpl @@ -0,0 +1,44 @@ +{{/* +Template to render code-server addon +It will include / inject the required templates based on the given values. +*/}} +{{- define "common.addon.codeserver" -}} +{{- if .Values.addons.codeserver.enabled -}} + {{/* Append the code-server container to the additionalContainers */}} + {{- $container := include "common.addon.codeserver.container" . | fromYaml -}} + {{- if $container -}} + {{- $additionalContainers := append .Values.additionalContainers $container -}} + {{- $_ := set .Values "additionalContainers" $additionalContainers -}} + {{- end -}} + + {{/* Add the code-server service */}} + {{- if .Values.addons.codeserver.service.enabled -}} + {{- print ("---") | nindent 0 -}} + {{- $serviceValues := .Values.addons.codeserver.service -}} + {{- if not $serviceValues.nameSuffix -}} + {{- $_ := set $serviceValues "nameSuffix" "codeserver" -}} + {{ end -}} + {{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}} + {{- include "common.classes.service" $ -}} + {{- $_ := unset $ "ObjectValues" -}} + {{- end -}} + + {{/* Add the code-server ingress */}} + {{- if .Values.addons.codeserver.ingress.enabled -}} + {{- print ("---") | nindent 0 -}} + {{- $ingressValues := .Values.addons.codeserver.ingress -}} + {{- if not $ingressValues.nameSuffix -}} + {{- $_ := set $ingressValues "nameSuffix" "codeserver" -}} + {{ end -}} + + {{/* Determine the target service name & port */}} + {{- $svcName := printf "%v-%v" (include "common.names.fullname" .) .Values.addons.codeserver.service.nameSuffix -}} + {{- $_ := set $ingressValues "serviceName" $svcName -}} + {{- $_ := set $ingressValues "servicePort" .Values.addons.codeserver.service.port.port -}} + + {{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}} + {{- include "common.classes.ingress" $ -}} + {{- $_ := unset $ "ObjectValues" -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/library/common/templates/addons/code-server/_container.tpl b/library/common/templates/addons/code-server/_container.tpl new file mode 100644 index 00000000000..5d099a80e2b --- /dev/null +++ b/library/common/templates/addons/code-server/_container.tpl @@ -0,0 +1,41 @@ +{{/* +The code-server sidecar container to be inserted. +*/}} +{{- define "common.addon.codeserver.container" -}} +{{- if lt (len .Values.addons.codeserver.volumeMounts) 1 }} +{{- fail "At least 1 volumeMount is required for codeserver container" }} +{{- end -}} +name: codeserver +image: "{{ .Values.addons.codeserver.image.repository }}:{{ .Values.addons.codeserver.image.tag }}" +imagePullPolicy: {{ .Values.addons.codeserver.pullPolicy }} +{{- with .Values.addons.codeserver.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.addons.codeserver.env }} +env: +{{- range $k, $v := . }} + - name: {{ $k }} + value: {{ $v | quote }} +{{- end }} +{{- end }} +ports: +- name: {{ .Values.addons.codeserver.service.port.name }} + containerPort: {{ .Values.addons.codeserver.service.port.port }} + protocol: TCP +args: +{{- range .Values.addons.codeserver.args }} +- {{ . | quote }} +{{- end }} +- "--port" +- "{{ .Values.addons.codeserver.service.port.port }}" +- {{ .Values.addons.codeserver.workingDir | default (first .Values.addons.codeserver.volumeMounts).mountPath }} +{{- with .Values.addons.codeserver.volumeMounts }} +volumeMounts: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.addons.codeserver.resources }} +resources: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/library/common/templates/addons/vpn/_configmap.tpl b/library/common/templates/addons/vpn/_configmap.tpl new file mode 100644 index 00000000000..bc5f6902c67 --- /dev/null +++ b/library/common/templates/addons/vpn/_configmap.tpl @@ -0,0 +1,26 @@ +{{/* +The VPN config and scripts to be included. +*/}} +{{- define "common.addon.vpn.configmap" -}} +{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-vpn + labels: + {{- include "common.labels" . | nindent 4 }} +data: +{{- with .Values.addons.vpn.configFile }} + vpnConfigfile: |- + {{- . | nindent 4}} +{{- end }} +{{- with .Values.addons.vpn.scripts.up }} + up.sh: |- + {{- . | nindent 4}} +{{- end }} +{{- with .Values.addons.vpn.scripts.down }} + down.sh: |- + {{- . | nindent 4}} +{{- end }} +{{- end -}} +{{- end -}} diff --git a/library/common/templates/addons/vpn/_networkpolicy.tpl b/library/common/templates/addons/vpn/_networkpolicy.tpl new file mode 100644 index 00000000000..c707d593ff9 --- /dev/null +++ b/library/common/templates/addons/vpn/_networkpolicy.tpl @@ -0,0 +1,21 @@ +{{/* +Blueprint for the NetworkPolicy object that can be included in the addon. +*/}} +{{- define "common.addon.vpn.networkpolicy" -}} +{{- if .Values.addons.vpn.networkPolicy.enabled -}} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ include "common.names.fullname" . }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.selectorLabels" . | nindent 6 }} + policyTypes: + - Egress + egress: + {{- with .Values.addons.vpn.networkPolicy.egress }} + {{- . | toYaml | nindent 4 }} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/library/common/templates/addons/vpn/_volume.tpl b/library/common/templates/addons/vpn/_volume.tpl new file mode 100644 index 00000000000..ac7f83cf774 --- /dev/null +++ b/library/common/templates/addons/vpn/_volume.tpl @@ -0,0 +1,25 @@ +{{/* +The volume (referencing VPN config and scripts) to be inserted into additionalVolumes. +*/}} +{{- define "common.addon.vpn.volume" -}} +{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}} +name: vpnconfig +configMap: + name: {{ include "common.names.fullname" . }}-vpn + items: + {{- if .Values.addons.vpn.configFile }} + - key: vpnConfigfile + path: vpnConfigfile + {{- end }} + {{- if .Values.addons.vpn.scripts.up }} + - key: up.sh + path: up.sh + mode: 0777 + {{- end }} + {{- if .Values.addons.vpn.scripts.down }} + - key: down.sh + path: down.sh + mode: 0777 + {{- end }} +{{- end -}} +{{- end -}} diff --git a/library/common/templates/addons/vpn/_vpn.tpl b/library/common/templates/addons/vpn/_vpn.tpl new file mode 100644 index 00000000000..e8f028d088d --- /dev/null +++ b/library/common/templates/addons/vpn/_vpn.tpl @@ -0,0 +1,36 @@ +{{/* +Template to render VPN addon +It will include / inject the required templates based on the given values. +*/}} +{{- define "common.addon.vpn" -}} +{{- if .Values.addons.vpn.enabled -}} + {{- if eq "openvpn" .Values.addons.vpn.type -}} + {{- include "common.addon.openvpn" . }} + {{- end -}} + + {{- if eq "wireguard" .Values.addons.vpn.type -}} + {{- include "common.addon.wireguard" . }} + {{- end -}} + + {{/* Include the configmap if not empty */}} + {{- $configmap := include "common.addon.vpn.configmap" . -}} + {{- if $configmap -}} + {{- print "---" | nindent 0 -}} + {{- $configmap | nindent 0 -}} + {{- end -}} + + {{/* Append the vpn config volume to the additionalVolumes */}} + {{- $volume := include "common.addon.vpn.volume" . | fromYaml -}} + {{- if $volume -}} + {{- $additionalVolumes := append .Values.additionalVolumes $volume }} + {{- $_ := set .Values "additionalVolumes" $additionalVolumes -}} + {{- end -}} + + {{/* Include the networkpolicy if not empty */}} + {{- $networkpolicy := include "common.addon.vpn.networkpolicy" . -}} + {{- if $networkpolicy -}} + {{- print "---" | nindent 0 -}} + {{- $networkpolicy | nindent 0 -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/library/common/templates/addons/vpn/openvpn/_addon.tpl b/library/common/templates/addons/vpn/openvpn/_addon.tpl new file mode 100644 index 00000000000..62005db4caf --- /dev/null +++ b/library/common/templates/addons/vpn/openvpn/_addon.tpl @@ -0,0 +1,19 @@ +{{/* +Template to render OpenVPN addon. It will add the container to the list of additionalContainers +and add a credentials secret if speciffied. +*/}} +{{- define "common.addon.openvpn" -}} + {{/* Append the openVPN container to the additionalContainers */}} + {{- $container := include "common.addon.openvpn.container" . | fromYaml -}} + {{- if $container -}} + {{- $additionalContainers := append .Values.additionalContainers $container -}} + {{- $_ := set .Values "additionalContainers" $additionalContainers -}} + {{- end -}} + + {{/* Include the secret if not empty */}} + {{- $secret := include "common.addon.openvpn.secret" . -}} + {{- if $secret -}} + {{- print "---" | nindent 0 -}} + {{- $secret | nindent 0 -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/addons/vpn/openvpn/_container.tpl b/library/common/templates/addons/vpn/openvpn/_container.tpl new file mode 100644 index 00000000000..9742a524f50 --- /dev/null +++ b/library/common/templates/addons/vpn/openvpn/_container.tpl @@ -0,0 +1,61 @@ +{{/* +The OpenVPN sidecar container to be inserted. +*/}} +{{- define "common.addon.openvpn.container" -}} +name: openvpn +image: "{{ .Values.addons.vpn.openvpn.image.repository }}:{{ .Values.addons.vpn.openvpn.image.tag }}" +imagePullPolicy: {{ .Values.addons.vpn.openvpn.pullPolicy }} +{{- with .Values.addons.vpn.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.addons.vpn.env }} +env: +{{- range $k, $v := . }} + - name: {{ $k }} + value: {{ $v | quote }} +{{- end }} +{{- end }} +{{- if or .Values.addons.vpn.openvpn.auth .Values.addons.vpn.openvpn.authSecret }} +envFrom: + - secretRef: + {{- if .Values.addons.vpn.openvpn.authSecret }} + name: {{ .Values.addons.vpn.openvpn.authSecret }} + {{- else }} + name: {{ include "common.names.fullname" . }}-openvpn + {{- end }} +{{- end }} +{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }} +volumeMounts: +{{- if .Values.addons.vpn.configFile }} + - name: vpnconfig + mountPath: /vpn/vpn.conf + subPath: vpnConfigfile +{{- end }} +{{- if .Values.addons.vpn.scripts.up }} + - name: vpnconfig + mountPath: /vpn/up.sh + subPath: up.sh +{{- end }} +{{- if .Values.addons.vpn.scripts.down }} + - name: vpnconfig + mountPath: /vpn/down.sh + subPath: down.sh +{{- end }} +{{- if .Values.persistence.shared.enabled }} + - mountPath: {{ .Values.persistence.shared.mountPath }} + name: shared +{{- end }} +{{- with .Values.addons.vpn.additionalVolumeMounts }} + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- with .Values.addons.vpn.livenessProbe }} +livenessProbe: + {{- toYaml . | nindent 2 }} +{{- end -}} +{{- with .Values.addons.vpn.resources }} +resources: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/library/common/templates/addons/vpn/openvpn/_secret.tpl b/library/common/templates/addons/vpn/openvpn/_secret.tpl new file mode 100644 index 00000000000..3a4deed7406 --- /dev/null +++ b/library/common/templates/addons/vpn/openvpn/_secret.tpl @@ -0,0 +1,15 @@ +{{/* +The OpenVPN credentials secrets to be included. +*/}} +{{- define "common.addon.openvpn.secret" -}} +{{- with .Values.addons.vpn.openvpn.auth -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" $ }}-openvpn + labels: + {{- include "common.labels" $ | nindent 4 }} +data: + VPN_AUTH: {{ . | b64enc }} +{{- end -}} +{{- end -}} diff --git a/library/common/templates/addons/vpn/wireguard/_addon.tpl b/library/common/templates/addons/vpn/wireguard/_addon.tpl new file mode 100644 index 00000000000..3213b5faa97 --- /dev/null +++ b/library/common/templates/addons/vpn/wireguard/_addon.tpl @@ -0,0 +1,12 @@ +{{/* +Template to render Wireguard addon. It will add the container to the list of additionalContainers. +*/}} +*/}} +{{- define "common.addon.wireguard" -}} + {{/* Append the Wireguard container to the additionalContainers */}} + {{- $container := fromYaml (include "common.addon.wireguard.container" .) -}} + {{- if $container -}} + {{- $additionalContainers := append .Values.additionalContainers $container -}} + {{- $_ := set .Values "additionalContainers" $additionalContainers -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/addons/vpn/wireguard/_container.tpl b/library/common/templates/addons/vpn/wireguard/_container.tpl new file mode 100644 index 00000000000..13154639d23 --- /dev/null +++ b/library/common/templates/addons/vpn/wireguard/_container.tpl @@ -0,0 +1,52 @@ +{{/* +The Wireguard sidecar container to be inserted. +*/}} +{{- define "common.addon.wireguard.container" -}} +name: wireguard +image: "{{ .Values.addons.vpn.wireguard.image.repository }}:{{ .Values.addons.vpn.wireguard.image.tag }}" +imagePullPolicy: {{ .Values.addons.vpn.wireguard.pullPolicy }} +{{- with .Values.addons.vpn.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.addons.vpn.env }} +env: +{{- range $k, $v := . }} + - name: {{ $k }} + value: {{ $v | quote }} +{{- end }} +{{- end }} +{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }} +volumeMounts: +{{- if .Values.addons.vpn.configFile }} + - name: vpnconfig + mountPath: /etc/wireguard/wg0.conf + subPath: vpnConfigfile +{{- end }} +{{- if .Values.addons.vpn.scripts.up }} + - name: vpnconfig + mountPath: /config/up.sh + subPath: up.sh +{{- end }} +{{- if .Values.addons.vpn.scripts.down }} + - name: vpnconfig + mountPath: /config/down.sh + subPath: down.sh +{{- end }} +{{- if .Values.persistence.shared.enabled }} + - mountPath: {{ .Values.persistence.shared.mountPath }} + name: shared +{{- end }} +{{- with .Values.addons.vpn.additionalVolumeMounts }} + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- with .Values.addons.vpn.livenessProbe }} +livenessProbe: + {{- toYaml . | nindent 2 }} +{{- end -}} +{{- with .Values.addons.vpn.resources }} +resources: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/library/common/templates/classes/_ingress.tpl b/library/common/templates/classes/_ingress.tpl new file mode 100644 index 00000000000..713d3a3bdef --- /dev/null +++ b/library/common/templates/classes/_ingress.tpl @@ -0,0 +1,66 @@ +{{/* +This template serves as a blueprint for all Ingress objects that are created +within the common library. +*/}} +{{- define "common.classes.ingress" -}} +{{- $ingressName := include "common.names.fullname" . -}} +{{- $values := .Values.ingress -}} +{{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.ingress -}} + {{- $values = . -}} + {{- end -}} +{{ end -}} +{{- if hasKey $values "nameSuffix" -}} + {{- $ingressName = printf "%v-%v" $ingressName $values.nameSuffix -}} +{{ end -}} +{{- $svcName := $values.serviceName | default (include "common.names.fullname" .) -}} +{{- $svcPort := $values.servicePort | default $.Values.service.port.port -}} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ $ingressName }} + labels: + {{- include "common.labels" . | nindent 4 }} + {{- with $values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }} + {{- if $values.ingressClassName }} + ingressClassName: {{ $values.ingressClassName }} + {{- end }} + {{- end }} + {{- if $values.tls }} + tls: + {{- range $values.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range $values.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: Prefix + {{- end }} + backend: + {{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ $svcName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $svcName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/library/common/templates/classes/_pvc.tpl b/library/common/templates/classes/_pvc.tpl new file mode 100644 index 00000000000..208e74052d5 --- /dev/null +++ b/library/common/templates/classes/_pvc.tpl @@ -0,0 +1,40 @@ +{{/* +This template serves as a blueprint for all PersistentVolumeClaim objects that are created +within the common library. +*/}} +{{- define "common.classes.pvc" -}} +{{- $values := .Values.persistence -}} +{{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.persistence -}} + {{- $values = . -}} + {{- end -}} +{{ end -}} +{{- $pvcName := include "common.names.fullname" . -}} +{{- if hasKey $values "nameSuffix" -}} + {{- $pvcName = printf "%v-%v" $pvcName $values.nameSuffix -}} +{{ end -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ $pvcName }} + {{- if or $values.skipuninstall $values.annotations }} + annotations: + {{- if $values.skipuninstall }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with $values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + labels: + {{- include "common.labels" . | nindent 4 }} +spec: + accessModes: + - {{ required (printf "accessMode is required for PVC %v" $pvcName) $values.accessMode | quote }} + resources: + requests: + storage: {{ required (printf "size is required for PVC %v" $pvcName) $values.size | quote }} + {{- if $values.storageClass }} + storageClassName: {{ if (eq "-" $values.storageClass) }}""{{- else }}{{ $values.storageClass | quote }}{{- end }} + {{- end }} +{{- end -}} diff --git a/library/common/templates/classes/_service.tpl b/library/common/templates/classes/_service.tpl new file mode 100644 index 00000000000..d65014571a6 --- /dev/null +++ b/library/common/templates/classes/_service.tpl @@ -0,0 +1,68 @@ +{{/* +This template serves as a blueprint for all Service objects that are created +within the common library. +*/}} +{{- define "common.classes.service" -}} +{{- $values := .Values.service -}} +{{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.service -}} + {{- $values = . -}} + {{- end -}} +{{ end -}} +{{- $serviceName := include "common.names.fullname" . -}} +{{- if hasKey $values "nameSuffix" -}} + {{- $serviceName = printf "%v-%v" $serviceName $values.nameSuffix -}} +{{ end -}} +{{- $svcType := $values.type | default "" -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ $serviceName }} + labels: + {{- include "common.labels" . | nindent 4 }} + {{- if $values.labels }} + {{ toYaml $values.labels | nindent 4 }} + {{- end }} + {{- with $values.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if (or (eq $svcType "ClusterIP") (empty $svcType)) }} + type: ClusterIP + {{- if $values.clusterIP }} + clusterIP: {{ $values.clusterIP }} + {{end}} + {{- else if eq $svcType "LoadBalancer" }} + type: {{ $svcType }} + {{- if $values.loadBalancerIP }} + loadBalancerIP: {{ $values.loadBalancerIP }} + {{- end }} + {{- if $values.externalTrafficPolicy }} + externalTrafficPolicy: {{ $values.externalTrafficPolicy }} + {{- end }} + {{- if $values.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{ toYaml $values.loadBalancerSourceRanges | nindent 4 }} + {{- end -}} + {{- else }} + type: {{ $svcType }} + {{- end }} + {{- if $values.sessionAffinity }} + sessionAffinity: {{ $values.sessionAffinity }} + {{- if $values.sessionAffinityConfig }} + sessionAffinityConfig: + {{ toYaml $values.sessionAffinityConfig | nindent 4 }} + {{- end -}} + {{- end }} + {{- with $values.externalIPs }} + externalIPs: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if $values.publishNotReadyAddresses }} + publishNotReadyAddresses: {{ $values.publishNotReadyAddresses }} + {{- end }} + {{- include "common.classes.service.ports" (dict "svcType" $svcType "values" $values ) | trim | nindent 2 }} + selector: + {{- include "common.labels.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/library/common/templates/classes/_service_ports.tpl b/library/common/templates/classes/_service_ports.tpl new file mode 100644 index 00000000000..14832e6ffe6 --- /dev/null +++ b/library/common/templates/classes/_service_ports.tpl @@ -0,0 +1,23 @@ +{{/* +Render all the ports and additionalPorts for a Service object. +*/}} +{{- define "common.classes.service.ports" -}} + {{- $ports := list -}} + {{- $values := .values -}} + {{- $ports = mustAppend $ports $values.port -}} + {{- range $_ := $values.additionalPorts -}} + {{- $ports = mustAppend $ports . -}} + {{- end }} + {{- if $ports -}} + ports: + {{- range $_ := $ports }} + - port: {{ .port }} + targetPort: {{ .targetPort | default .name | default "http" }} + protocol: {{ .protocol | default "TCP" }} + name: {{ .name | default "http" }} + {{- if (and (eq $.svcType "NodePort") (not (empty .nodePort))) }} + nodePort: {{ .nodePort }} + {{ end }} + {{- end -}} + {{- end -}} +{{- end }} diff --git a/library/common/templates/custom/_appService.tpl b/library/common/templates/custom/_appService.tpl new file mode 100644 index 00000000000..262a443167f --- /dev/null +++ b/library/common/templates/custom/_appService.tpl @@ -0,0 +1,19 @@ +{{/* +Renders the additioanl Service objects from appAdditionalServices +*/}} +{{- define "custom.appService" -}} + {{- /* Generate TrueNAS SCALE app services as required v1 */ -}} + {{- if and .Values.appAdditionalServicesEnabled .Values.appAdditionalServices -}} + {{- range $name, $srv := .Values.appAdditionalServices }} + {{- if $srv.enabled -}} + {{- print ("---") | nindent 0 -}} + {{- $serviceValues := $srv -}} + {{- if not $serviceValues.nameSuffix -}} + {{- $_ := set $serviceValues "nameSuffix" $name -}} + {{ end -}} + {{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}} + {{- include "common.classes.service" $ -}} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/library/common/templates/custom/_appStorage.tpl b/library/common/templates/custom/_appStorage.tpl new file mode 100644 index 00000000000..1908fe0552d --- /dev/null +++ b/library/common/templates/custom/_appStorage.tpl @@ -0,0 +1,52 @@ +{{/* +Retrieve host path from ix volumes based on dataset name +*/}} +{{- define "retrieveHostPathFromiXVolume" -}} +{{- range $index, $hostPathConfiguration := $.ixVolumes }} +{{- $dsName := base $hostPathConfiguration.hostPath -}} +{{- if eq $.datasetName $dsName -}} +{{- $hostPathConfiguration.hostPath -}} +{{- end }} +{{- end }} +{{- end -}} + +{{/* +Define appVolumeMounts for container +*/}} +{{- define "configuredAppVolumeMounts" -}} +{{- if and .Values.appVolumesEnabled .Values.appVolumeMounts }} +{{- range $name, $avm := .Values.appVolumeMounts -}} +{{- if $avm.enabled }} +- name: {{ $name }} + mountPath: {{ $avm.mountPath }} + {{- if $avm.subPath }} + subPath: {{ $avm.subPath }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* +Define hostPath for appVolumes +*/}} +{{- define "configuredAppVolumes" -}} +{{- if and .Values.appVolumesEnabled .Values.appVolumeMounts }} +{{- range $name, $av := .Values.appVolumeMounts -}} +{{- if $av.enabled }} +- name: {{ $name }} + {{- if or $av.emptyDir $.Values.emptyDirVolumes }} + emptyDir: {} + {{- else }} + hostPath: + {{ if $av.hostPathEnabled }} + path: {{ required "hostPath not set" $av.hostPath }} + {{- else }} + {{- $volDict := dict "datasetName" $av.datasetName "ixVolumes" $.Values.ixVolumes -}} + path: {{ include "retrieveHostPathFromiXVolume" $volDict }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/library/common/templates/custom/_appingress.tpl b/library/common/templates/custom/_appingress.tpl new file mode 100644 index 00000000000..8e4f39b4234 --- /dev/null +++ b/library/common/templates/custom/_appingress.tpl @@ -0,0 +1,35 @@ +{{/* +Renders the additional ingress objects from appIngress +*/}} +{{- define "custom.appIngress" -}} + {{- /* Generate TrueNAS SCALE app services as required v1 */ -}} + {{- if .Values.appIngress -}} + {{- range $name, $ingr := .Values.appIngress }} + {{- if $ingr.enabled -}} + {{- print ("---") | nindent 0 -}} + {{- $ingressValues := $ingr -}} + {{- if not $ingressValues.nameSuffix -}} + {{- $_ := set $ingressValues "nameSuffix" $name -}} + {{ end -}} + {{- $_ := set $ "ObjectValues" (dict "appIngress" $ingressValues) -}} + {{- if $ingressValues.type -}} + {{- if eq $ingressValues.type "UDP" -}} + {{- include "custom.classes.appIngressUDP" $ }} + {{- else if eq $ingressValues.type "TCP" -}} + {{- include "custom.classes.appIngressTCP" $ }} + {{- else }} + {{- include "custom.classes.appIngressHTTP" $ }} + {{- if $ingressValues.authForwardURL }} + {{- include "custom.classes.appAuthForward" $ }} + {{- end }} + {{- end }} + {{- else }} + {{- include "custom.classes.appIngressHTTP" $ }} + {{- if $ingressValues.authForwardURL }} + {{- include "custom.classes.appAuthForward" $ }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/library/common/templates/custom/classes/_appAuthForward.tpl b/library/common/templates/custom/classes/_appAuthForward.tpl new file mode 100644 index 00000000000..17fac4ed19a --- /dev/null +++ b/library/common/templates/custom/classes/_appAuthForward.tpl @@ -0,0 +1,31 @@ +{{/* +Renders the additioanl authForward objects from appAuthForward +*/}} +{{- define "custom.classes.appAuthForward" -}} +{{- /* Generate TrueNAS SCALE app services as required v1 */ -}} +{{- $values := .Values.appIngress -}} +{{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.appIngress -}} + {{- $values = . -}} + {{- end -}} +{{ end -}} +{{- $authForwardName := include "common.names.fullname" . -}} +{{- if hasKey $values "nameSuffix" -}} + {{- $authForwardName = printf "%v-%v" $authForwardName $values.nameSuffix -}} +{{ end -}} +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $authForwardName }} +spec: + forwardAuth: + address: {{ $values.authForwardURL }} + tls: + insecureSkipVerify: true +rustForwardHeader: true + authResponseHeaders: + - Remote-User + - Remote-Groups + - Remote-Name + - Remote-Email +{{- end }} diff --git a/library/common/templates/custom/classes/_appIngressHTTP.tpl b/library/common/templates/custom/classes/_appIngressHTTP.tpl new file mode 100644 index 00000000000..900adde3289 --- /dev/null +++ b/library/common/templates/custom/classes/_appIngressHTTP.tpl @@ -0,0 +1,78 @@ +{{/* +This template serves as a blueprint for all appIngress objects that are created +within the common library. +*/}} +{{- define "custom.classes.appIngressHTTP" -}} +{{- $values := .Values.appIngress -}} +{{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.appIngress -}} + {{- $values = . -}} + {{- end -}} +{{ end -}} +{{- $IngressName := include "common.names.fullname" . -}} +{{- if hasKey $values "nameSuffix" -}} + {{- $IngressName = printf "%v-%v" $IngressName $values.nameSuffix -}} +{{ end -}} +{{- $svcName := $values.serviceName | default (include "common.names.fullname" .) -}} +{{- $svcPort := $values.servicePort | default $.Values.service.port.port -}} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ $IngressName }} + labels: + {{- include "common.labels" . | nindent 4 }} + annotations: + {{- if or (eq $values.certType "letsencrypt-prod") (eq $values.certType "letsencrypt-staging") }} + cert-manager.io/cluster-issuer: {{ $values.certType }} + {{- end }} + traefik.ingress.kubernetes.io/router.entrypoints: {{ $values.entrypoint }} + traefik.ingress.kubernetes.io/router.middlewares: traefik-middlewares-chain-public@kubernetescrd + {{- if $values.authForwardURL }} + traefik.ingress.kubernetes.io/router.middlewares: {{ $IngressName }} + {{- end }} + {{- with $values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }} + {{- if $values.IngressClassName }} + IngressClassName: {{ $values.appIngressHTTPClassName }} + {{- end }} + {{- end }} + {{- if $values.certType }} + tls: + {{- if eq $values.certType "selfsigned" -}}{{ else if eq $values.certType "existingcert" }} + secretName: {{ $values.existingcert }} + {{ else if eq $values.certType "wildcard" }} + secretName: wilddcardcert + {{ else }} + - hosts: + {{- range $values.hosts }} + - {{ .host | quote }} + {{- end }} + secretName: {{ $IngressName }}-tls-secret + {{ end }} + {{- end }} + rules: + {{- range $values.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: Prefix + {{- end }} + backend: + {{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ $svcName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $svcName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/library/common/templates/custom/classes/_appIngressTCP.tpl b/library/common/templates/custom/classes/_appIngressTCP.tpl new file mode 100644 index 00000000000..34e072d1077 --- /dev/null +++ b/library/common/templates/custom/classes/_appIngressTCP.tpl @@ -0,0 +1,58 @@ +{{/* +This template serves as a blueprint for all appIngressTCP objects that are created +within the common library. +*/}} +{{- define "custom.classes.appIngressTCP" -}} +{{- $values := .Values.appIngress -}} +{{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.appIngress -}} + {{- $values = . -}} + {{- end -}} +{{ end -}} +{{- $IngressName := include "common.names.fullname" . -}} +{{- if hasKey $values "nameSuffix" -}} + {{- $IngressName = printf "%v-%v" $IngressName $values.nameSuffix -}} +{{ end -}} +{{- $svcName := $values.serviceName | default (include "common.names.fullname" .) -}} +{{- $svcPort := $values.servicePort | default $.Values.service.port.port -}} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteTCP +metadata: + name: {{ $IngressName }} + labels: + {{- include "common.labels" . | nindent 4 }} + annotations: + {{- if or (eq $values.certType "letsencrypt-prod") (eq $values.certType "letsencrypt-staging") }} + cert-manager.io/cluster-issuer: {{ $values.certType }} + {{- end }} + {{- with $values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + entryPoints: + - {{ $values.entrypoint }} + routes: + - match: HostSNI(`*`) + services: + - name: {{ $svcName }} + port: {{ $svcPort }} + weight: 10 + terminationDelay: 400 + {{- if $values.certType }} + tls: + {{- if eq $values.certType "selfsigned" -}}{{ else if eq $values.certType "existingcert" }} + secretName: {{ $values.existingcert }} + {{ else if eq $values.certType "wildcard" }} + secretName: wilddcardcert + {{ else }} + secretName: {{ $IngressName }}-tls-secret + domains: + - main: {{ index $values.hosts 0 }} + sans: + {{- range $values.hosts }} + - {{ .host | quote }} + {{- end }} + {{- end }} + passthrough: false + {{- end }} +{{- end }} diff --git a/library/common/templates/custom/classes/_appIngressUDP.tpl b/library/common/templates/custom/classes/_appIngressUDP.tpl new file mode 100644 index 00000000000..d355bbb92f9 --- /dev/null +++ b/library/common/templates/custom/classes/_appIngressUDP.tpl @@ -0,0 +1,36 @@ +{{/* +This template serves as a blueprint for all appIngressTCP objects that are created +within the common library. +*/}} +{{- define "custom.classes.appIngressUDP" -}} +{{- $values := .Values.appIngress -}} +{{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.appIngress -}} + {{- $values = . -}} + {{- end -}} +{{ end -}} +{{- $IngressName := include "common.names.fullname" . -}} +{{- if hasKey $values "nameSuffix" -}} + {{- $IngressName = printf "%v-%v" $IngressName $values.nameSuffix -}} +{{ end -}} +{{- $svcName := $values.serviceName | default (include "common.names.fullname" .) -}} +{{- $svcPort := $values.servicePort | default $.Values.service.port.port -}} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteUDP +metadata: + name: {{ $IngressName }} + labels: + {{- include "common.labels" . | nindent 4 }} + {{- with $values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + entryPoints: + - {{ $values.entrypoint }} + routes: + - services: + - name: {{ $svcName }} + port: {{ $svcPort }} + weight: 10 +{{- end }} diff --git a/library/common/templates/lib/chart/_capabilities.tpl b/library/common/templates/lib/chart/_capabilities.tpl new file mode 100644 index 00000000000..1db5849f50c --- /dev/null +++ b/library/common/templates/lib/chart/_capabilities.tpl @@ -0,0 +1,92 @@ +{{/* +Return the appropriate apiVersion for DaemonSet objects. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Waiting on https://github.com/helm/helm/pull/8608 +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "apps/v1/DaemonSet" -}} +{{- print "apps/v1" -}} +{{- else -}} +{{- print "extensions/v1beta1" -}} +{{- end -}} +{{- end -}} +*/}} + +{{/* +Return the appropriate apiVersion for Deployment objects. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Waiting on https://github.com/helm/helm/pull/8608 +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "apps/v1/Deployment" -}} +{{- print "apps/v1" -}} +{{- else -}} +{{- print "extensions/v1beta1" -}} +{{- end -}} +{{- end -}} +*/}} + +{{/* +Return the appropriate apiVersion for StatefulSet objects. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Waiting on https://github.com/helm/helm/pull/8608 +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "apps/v1/StatefulSet" -}} +{{- print "apps/v1" -}} +{{- else -}} +{{- print "apps/v1beta1" -}} +{{- end -}} +{{- end -}} +*/}} + +{{/* +Return the appropriate apiVersion for Ingress objects. +*/}} + +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- end -}} + +{{/* +Waiting on https://github.com/helm/helm/pull/8608 +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} +{{- print "networking.k8s.io/v1" -}} +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "extensions/v1beta1" -}} +{{- end }} +{{- end -}} +*/}} diff --git a/library/common/templates/lib/chart/_labels.tpl b/library/common/templates/lib/chart/_labels.tpl new file mode 100644 index 00000000000..10981d9b5a0 --- /dev/null +++ b/library/common/templates/lib/chart/_labels.tpl @@ -0,0 +1,19 @@ +{{/* +Common labels shared across objects. +*/}} +{{- define "common.labels" -}} +helm.sh/chart: {{ include "common.names.chart" . }} +{{ include "common.labels.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels shared across objects. +*/}} +{{- define "common.labels.selectorLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/library/common/templates/lib/chart/_names.tpl b/library/common/templates/lib/chart/_names.tpl new file mode 100644 index 00000000000..1dcd878a97d --- /dev/null +++ b/library/common/templates/lib/chart/_names.tpl @@ -0,0 +1,42 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create the name of the ServiceAccount to use. +*/}} +{{- define "common.names.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} + {{- default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else }} + {{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/library/common/templates/lib/chart/_values.tpl b/library/common/templates/lib/chart/_values.tpl new file mode 100644 index 00000000000..712202a0d47 --- /dev/null +++ b/library/common/templates/lib/chart/_values.tpl @@ -0,0 +1,11 @@ +{{/* +Merge the local chart values and the common chart defaults. +*/}} +{{- define "common.values.setup" -}} + {{- if .Values.common -}} + {{- $defaultValues := deepCopy .Values.common -}} + {{- $userValues := deepCopy (omit .Values "common") -}} + {{- $mergedValues := mustMergeOverwrite $defaultValues $userValues -}} + {{- $_ := set . "Values" (deepCopy $mergedValues) -}} + {{- end }} +{{- end }} diff --git a/library/common/templates/lib/controller/_container.tpl b/library/common/templates/lib/controller/_container.tpl new file mode 100644 index 00000000000..9c7bd8012b3 --- /dev/null +++ b/library/common/templates/lib/controller/_container.tpl @@ -0,0 +1,78 @@ +{{- /* +The main container included in the controller. +*/ -}} +{{- define "common.controller.mainContainer" -}} +- name: {{ include "common.names.fullname" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.command }} + command: {{ . }} + {{- end }} + {{- with .Values.args }} + args: {{ . }} + {{- end }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.env .Values.envTpl }} + env: + {{- range $envVariable := .Values.environmentVariables }} + {{- if and $envVariable.name $envVariable.value }} + - name: {{ $envVariable.name }} + value: {{ $envVariable.value | quote }} + {{- else }} + {{- fail "Please specify name/value for environment variable" }} + {{- end }} + {{- end}} + {{- range $key, $value := .Values.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- range $key, $value := .Values.envTpl }} + - name: {{ $key }} + value: {{ tpl $value $ | quote }} + {{- end }} + {{- end }} + {{- with .Values.envFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- include "common.controller.ports" . | trim | nindent 2 }} + volumeMounts: + {{- range $index, $PVC := .Values.persistence }} + {{- if $PVC.enabled }} + - mountPath: {{ $PVC.mountPath }} + name: {{ $index }} + {{- if $PVC.subPath }} + subPath: {{ $PVC.subPath }} + {{- end }} + {{- end }} + {{- end }} + {{- include "configuredAppVolumeMounts" . | indent 2 }} + {{- if .Values.additionalVolumeMounts }} + {{- toYaml .Values.additionalVolumeMounts | nindent 2 }} + {{- end }} + {{- if eq .Values.controllerType "statefulset" }} + {{- range $index, $vct := .Values.volumeClaimTemplates }} + - mountPath: {{ $vct.mountPath }} + name: {{ $vct.name }} + {{- if $vct.subPath }} + subPath: {{ $vct.subPath }} + {{- end }} + {{- end }} + {{- end }} + {{- include "common.controller.probes" . | nindent 2 }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if and .Values.gpuConfiguration .Values.resources }} + limits: + {{- toYaml .Values.gpuConfiguration | nindent 14 }} + {{- else if .Values.gpuConfiguration }} + resources: + limits: + {{- toYaml .Values.gpuConfiguration | nindent 14 }} + {{- end }} +{{- end -}} diff --git a/library/common/templates/lib/controller/_pod.tpl b/library/common/templates/lib/controller/_pod.tpl new file mode 100644 index 00000000000..ea66503f8af --- /dev/null +++ b/library/common/templates/lib/controller/_pod.tpl @@ -0,0 +1,63 @@ +{{- /* +The pod definition included in the controller. +*/ -}} +{{- define "common.controller.pod" -}} +{{- with .Values.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +serviceAccountName: {{ include "common.names.serviceAccountName" . }} +{{- with .Values.podSecurityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.priorityClassName }} +priorityClassName: {{ . }} +{{- end }} +{{- with .Values.schedulerName }} +schedulerName: {{ . }} +{{- end }} +{{- with .Values.hostNetwork }} +hostNetwork: {{ . }} +{{- end }} +{{- with .Values.hostname }} +hostname: {{ . }} +{{- end }} +{{- with .Values.dnsPolicy }} +dnsPolicy: {{ . }} +{{- end }} +{{- with .Values.dnsConfig }} +dnsConfig: + {{- toYaml . | nindent 2 }} +{{- end }} +enableServiceLinks: {{ .Values.enableServiceLinks }} +{{- with .Values.initContainers }} +initContainers: + {{- toYaml . | nindent 2 }} +{{- end }} +containers: + {{- include "common.controller.mainContainer" . | nindent 0 }} + {{- with .Values.additionalContainers }} + {{- toYaml . | nindent 0 }} + {{- end }} +{{- with (include "common.controller.volumes" . | trim) }} +volumes: + {{- . | nindent 0 }} +{{- end }} +{{- with .Values.hostAliases }} +hostAliases: +{{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.nodeSelector }} +nodeSelector: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.affinity }} +affinity: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.tolerations }} +tolerations: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/library/common/templates/lib/controller/_ports.tpl b/library/common/templates/lib/controller/_ports.tpl new file mode 100644 index 00000000000..5ba10248d36 --- /dev/null +++ b/library/common/templates/lib/controller/_ports.tpl @@ -0,0 +1,59 @@ +{{/* +Ports included by the controller. +*/}} +{{- define "common.controller.ports" -}} + {{- $ports := list -}} + {{- with .Values.service -}} + {{- $serviceValues := deepCopy . -}} + {{/* append the ports for the main service */}} + {{- if .enabled -}} + {{- $_ := set .port "name" (default "http" .port.name) -}} + {{- $ports = mustAppend $ports .port -}} + {{- range $_ := .additionalPorts -}} + {{/* append the additonalPorts for the main service */}} + {{- $ports = mustAppend $ports . -}} + {{- end }} + {{- end }} + {{/* append the ports for each additional service */}} + {{- range $_ := .additionalServices }} + {{- if .enabled -}} + {{- $_ := set .port "name" (required "Missing port.name" .port.name) -}} + {{- $ports = mustAppend $ports .port -}} + {{- range $_ := .additionalPorts -}} + {{/* append the additonalPorts for each additional service */}} + {{- $ports = mustAppend $ports . -}} + {{- end }} + {{- end }} + {{- end }} + {{/* append the ports for each appAdditionalService - TrueCharts */}} + {{- if and $.Values.appAdditionalServicesEnabled $.Values.appAdditionalServices -}} + {{- range $name, $_ := $.Values.appAdditionalServices }} + {{- if .enabled -}} + {{- if kindIs "string" $name -}} + {{- $_ := set .port "name" (default .port.name | default $name) -}} + {{- else -}} + {{- $_ := set .port "name" (required "Missing port.name" .port.name) -}} + {{- end -}} + {{- $ports = mustAppend $ports .port -}} + {{- range $_ := .additionalPorts -}} + {{/* append the additonalPorts for each additional service */}} + {{- $ports = mustAppend $ports . -}} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + +{{/* export/render the list of ports */}} +{{- if $ports -}} +ports: +{{- range $_ := $ports }} +- name: {{ required "The port's 'name' is not defined" .name }} + {{- if and .targetPort (kindIs "string" .targetPort) }} + {{- fail (printf "Our charts do not support named ports for targetPort. (port name %s, targetPort %s)" .name .targetPort) }} + {{- end }} + containerPort: {{ .targetPort | default .port }} + protocol: {{ .protocol | default "TCP" }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/controller/_probes.tpl b/library/common/templates/lib/controller/_probes.tpl new file mode 100644 index 00000000000..84c0fdf7a3c --- /dev/null +++ b/library/common/templates/lib/controller/_probes.tpl @@ -0,0 +1,22 @@ +{{/* +Probes selection logic. +*/}} +{{- define "common.controller.probes" -}} +{{- $svcPort := .Values.service.port.name -}} +{{- range $probeName, $probe := .Values.probes }} + {{- if $probe.enabled -}} + {{- "" | nindent 0 }} + {{- $probeName }}Probe: + {{- if $probe.custom -}} + {{- $probe.spec | toYaml | nindent 2 }} + {{- else }} + {{- "tcpSocket:" | nindent 2 }} + {{- printf "port: %v" $svcPort | nindent 4 }} + {{- printf "initialDelaySeconds: %v" $probe.spec.initialDelaySeconds | nindent 2 }} + {{- printf "failureThreshold: %v" $probe.spec.failureThreshold | nindent 2 }} + {{- printf "timeoutSeconds: %v" $probe.spec.timeoutSeconds | nindent 2 }} + {{- printf "periodSeconds: %v" $probe.spec.periodSeconds | nindent 2 }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/library/common/templates/lib/controller/_volumes.tpl b/library/common/templates/lib/controller/_volumes.tpl new file mode 100644 index 00000000000..a4bcdc38b0b --- /dev/null +++ b/library/common/templates/lib/controller/_volumes.tpl @@ -0,0 +1,32 @@ +{{/* +Volumes included by the controller. +*/}} +{{- define "common.controller.volumes" -}} +{{- range $index, $persistence := .Values.persistence }} +{{- if $persistence.enabled }} +- name: {{ $index }} +{{- if $persistence.existingClaim }} +{{- /* Always prefer an existingClaim if that is set */}} + persistentVolumeClaim: + claimName: {{ $persistence.existingClaim }} +{{- else -}} + {{- if $persistence.emptyDir -}} + {{- /* Always prefer an emptyDir next if that is set */}} + emptyDir: {} + {{- else -}} + {{- /* Otherwise refer to the PVC name */}} + persistentVolumeClaim: + {{- if $persistence.nameSuffix }} + claimName: {{ printf "%s-%s" (include "common.names.fullname" $) $persistence.nameSuffix }} + {{- else }} + claimName: {{ printf "%s-%s" (include "common.names.fullname" $) $index }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- include "configuredAppVolumes" . }} +{{- if .Values.additionalVolumes }} + {{- toYaml .Values.additionalVolumes | nindent 0 }} +{{- end }} +{{- end -}} diff --git a/library/common/values.yaml b/library/common/values.yaml new file mode 100644 index 00000000000..1a91bacbadf --- /dev/null +++ b/library/common/values.yaml @@ -0,0 +1,521 @@ +# type: options are deployment, daemonset or statefulset +controllerType: deployment +# Set annotations on the deployment/statefulset/daemonset +controllerAnnotations: {} +# Set labels on the deployment/statefulset/daemonset +controllerLabels: {} + +replicas: 1 +strategy: + ## For Deployments, valid values are Recreate and RollingUpdate + ## For StatefulSets, valid values are OnDelete and RollingUpdate + ## DaemonSets ignore this + type: RollingUpdate + +# Override the default command +command: [] +# Override the default args +args: [] + +nameOverride: "" +fullnameOverride: "" + +# Set annotations on the pod +podAnnotations: {} + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +env: {} +# TZ: UTC + +## Variables with values set from templates, example +## With a release name of: demo, the example env value will be: demo-admin +envTpl: {} +# TEMPLATE_VALUE: "{{ .Release.Name }}-admin" +envFrom: [] +# - configMapRef: +# name: config-map-name +# - secretRef: +# name: secret-name + +# Custom priority class for different treatment by the scheduler +# priorityClassName: system-node-critical + +# Allow specifying a custom scheduler name +# schedulerName: awkward-dangerous-scheduler + +# Allow specifying explicit hostname setting +# hostname: + +# When using hostNetwork make sure you set dnsPolicy to ClusterFirstWithHostNet +hostNetwork: false + +dnsPolicy: ClusterFirst + +# Optional DNS settings, configuring the ndots option may resolve +# nslookup issues on some Kubernetes setups. +# dnsConfig: +# options: +# - name: ndots +# value: "1" + +# Enable/disable the generation of environment variables for services. +# See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service +# for more information. +enableServiceLinks: true + +# Configure the Security Context for the Pod +podSecurityContext: {} + +# Configure the Security Context for the main container +securityContext: {} + +initContainers: [] + +additionalContainers: [] + +## Probes configuration +probes: + liveness: + enabled: true + ## Set this to true if you wish to specify your own livenessProbe + custom: false + ## The spec field contains the values for the default livenessProbe. + ## If you selected custom: true, this field holds the definition of the livenessProbe. + spec: + initialDelaySeconds: 30 + failureThreshold: 5 + periodSeconds: 10 + timeoutSeconds: 10 + + readiness: + enabled: true + ## Set this to true if you wish to specify your own readinessProbe + custom: false + ## The spec field contains the values for the default readinessProbe. + ## If you selected custom: true, this field holds the definition of the readinessProbe. + spec: + initialDelaySeconds: 30 + failureThreshold: 5 + periodSeconds: 10 + timeoutSeconds: 10 + + startup: + enabled: false + ## Set this to true if you wish to specify your own startupProbe + custom: false + ## The spec field contains the values for the default startupProbe. + ## If you selected custom: true, this field holds the definition of the startupProbe. + spec: + initialDelaySeconds: 5 + failureThreshold: 30 + periodSeconds: 10 + timeoutSeconds: 10 + +service: + enabled: true + type: ClusterIP + ## Specify the default port information + port: + port: + ## name defaults to http + name: + protocol: TCP + ## Specify a service targetPort if you wish to differ the service port from the application port. + ## If targetPort is specified, this port number is used in the container definition instead of + ## service.port.port. Therefore named ports are not supported for this field. + targetPort: + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + additionalPorts: [] + + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + + additionalServices: [] + # - enabled: false + # nameSuffix: api + # type: ClusterIP + # # Specify the default port information + # port: + # port: + # # name defaults to http + # name: + # protocol: TCP + # # targetPort defaults to http + # targetPort: + # # nodePort: + # additionalPorts: [] + # annotations: {} + # labels: {} + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + hosts: + - host: chart-example.local + paths: + - path: / + # Ignored if not kubeVersion >= 1.14-0 + pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + additionalIngresses: [] + # - enabled: false + # nameSuffix: "api" + # annotations: {} + # # kubernetes.io/ingress.class: nginx + # # kubernetes.io/tls-acme: "true" + # labels: {} + # hosts: + # - host: chart-example.local + # paths: + # - path: /api + # # Ignored if not kubeVersion >= 1.14-0 + # pathType: Prefix + # tls: [] + # # - secretName: chart-example-tls + # # hosts: + # # - chart-example.local + +persistence: + config: + enabled: false + mountPath: /config + ## configuration data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + # subPath: some-subpath + accessMode: ReadWriteOnce + size: 1Gi + ## Set to true to retain the PVC upon helm uninstall + skipuninstall: false + + # Create an emptyDir volume to share between all containers + shared: + enabled: false + emptyDir: true + mountPath: /shared + +additionalVolumes: [] + +additionalVolumeMounts: [] + +volumeClaimTemplates: [] +# Used in statefulset to create individual disks for each instance +# - name: data +# mountPath: /data +# accessMode: "ReadWriteOnce" +# size: 1Gi +# - name: backup +# mountPath: /backup +# subPath: theSubPath +# accessMode: "ReadWriteOnce" +# size: 2Gi +# storageClass: cheap-storage-class + +nodeSelector: {} + +affinity: {} + +tolerations: [] + +hostAliases: [] +# Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames. +# ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +# - ip: "192.168.1.100" +# hostnames: +# - "example.com" +# - "www.example.com" + +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +addons: + + # Enable running a VPN in the pod to route traffic through a VPN + vpn: + enabled: false + + # VPN type: options are openvpn or wireguard + type: openvpn + + # OpenVPN specific configuration + openvpn: + image: + repository: dperson/openvpn-client + pullPolicy: IfNotPresent + tag: latest + + # Credentials to connect to the VPN Service (used with -a) + auth: # "user;password" + # OR specify an existing secret that contains the credentials. Credentials should be stored + # under the VPN_AUTH key + authSecret: # my-vpn-secret + + # WireGuard specific configuration + wireguard: + image: + repository: k8sathome/wireguard + pullPolicy: IfNotPresent + tag: 1.0.20200827 + + # Set the VPN container securityContext + securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + + # All variables specified here will be added to the vpn sidecar container + # See the documentation of the VPN image for all config values + env: {} + # TZ: UTC + + # Provide a customized vpn configuration file to be used by the VPN. + configFile: # |- + # Some Example Config + # remote greatvpnhost.com 8888 + # auth-user-pass + # Cipher AES + + # Provide custom up/down scripts that can be used by the vpnConf + scripts: + up: # |- + # #!/bin/bash + # echo "connected" > /shared/vpnstatus + down: # |- + # #!/bin/bash + # echo "disconnected" > /shared/vpnstatus + + additionalVolumeMounts: [] + + # Optionally specify a livenessProbe, e.g. to check if the connection is still + # being protected by the VPN + livenessProbe: {} + # exec: + # command: + # - sh + # - -c + # - if [ $(curl -s https://ipinfo.io/country) == 'US' ]; then exit 0; else exit $?; fi + # initialDelaySeconds: 30 + # periodSeconds: 60 + # failureThreshold: 1 + + # If set to true, will deploy a network policy that blocks all outbound + # traffic except traffic specified as allowed + networkPolicy: + enabled: false + + # The egress configuration for your network policy, All outbound traffic + # From the pod will be blocked unless specified here. Your cluster must + # have a CNI that supports network policies (Canal, Calico, etc...) + # https://kubernetes.io/docs/concepts/services-networking/network-policies/ + # https://github.com/ahmetb/kubernetes-network-policy-recipes + egress: + # - to: + # - ipBlock: + # cidr: 0.0.0.0/0 + # ports: + # - port: 53 + # protocol: UDP + # - port: 53 + # protocol: TCP + + # Enable running a code-server container in the pod to access files + codeserver: + enabled: false + + image: + repository: codercom/code-server + pullPolicy: IfNotPresent + tag: 3.7.4 + + # Set any environment variables for code-server here + env: {} + # TZ: UTC + + # Set codeserver command line arguments + # consider setting --user-data-dir to a persistent location to preserve code-server setting changes + args: + - --auth + - none + # - --user-data-dir + # - "/config/.vscode" + + # Specify a list of volumes that get mounted in the code-server container. + # At least 1 volumeMount is required! + volumeMounts: [] + # - name: config + # mountPath: /data/config + + # Specify the working dir that will be opened when code-server starts + # If not given, the app will default to the mountpah of the first specified volumeMount + workingDir: "" + + service: + enabled: true + type: ClusterIP + # Specify the default port information + port: + port: 12321 + name: codeserver + protocol: TCP + targetPort: codeserver + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + + ingress: + enabled: false + nameSuffix: codeserver + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + hosts: + - host: code.chart-example.local + paths: + - path: / + # Ignored if not kubeVersion >= 1.14-0 + pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - code.chart-example.local + + securityContext: + runAsUser: 0 + + +## TrueCharts Specific + +appAdditionalServicesEnabled: false +# appAdditionalServices: +# api: +# enabled: false +# type: NodePort +# protocol: TCP +# port: +# port: 8091 +# nodePort: 38091 +# additionalPorts: [] +# - name: api-alt +# port: 8092 +# targetPort: 8092 +# protocol: TCP +# nodePort: 38092 +# ws: +# enabled: false +# type: ClusterIP +# port: +# port: 3000 +# additionalPorts: {} +# foo: +# name: ws-alt +# protocol: TCP +# port: 3001 +# targetPort: 3001 + +appVolumesEnabled: false +# appVolumeMounts: +# config: +# enabled: false +# emptyDir: false +# datasetName: "config" +# mountPath: "/config" +# subPath: some-subpath +# hostPathEnabled: false +# hostPath: "" +# data: +# enabled: false +# emptyDir: false +# datasetName: "data" +# mountPath: "/data" +# subPath: some-subpath +# hostPathEnabled: false +# hostPath: "" + +emptyDirVolumes: true + +appIngressEnabled: false +appIngress: + main: + enabled: false + entrypoint: "websecure" + certType: "letsencrypt-prod" + existingcert: "" + authForwardURL: "" + annotations: {} + labels: {} + hosts: + - host: app.truecharts.placeholder + paths: + - path: / + # Ignored if not kubeVersion >= 1.14-0 + pathType: Prefix + + maintcp: + enabled: false + type: "TCP" + entrypoint: "kms" + certType: "none" + existingcert: "" + annotations: {} + labels: {} + hosts: + - host: app.truecharts.placeholder + paths: + - path: / + # Ignored if not kubeVersion >= 1.14-0 + pathType: Prefix + mainudp: + enabled: false + type: "UDP" + entrypoint: "DNSUDP" + annotations: {} + labels: {}