From 0565593931a85aff085bec78b66f8510bdaa25e3 Mon Sep 17 00:00:00 2001 From: Andrew Williams Date: Mon, 22 Aug 2022 16:34:31 +0100 Subject: [PATCH] [common] Add common chart from KaH --- charts/common/.helmignore | 28 + charts/common/Chart.yaml | 11 + charts/common/templates/_all.tpl | 58 ++ charts/common/templates/_configmap.tpl | 19 + charts/common/templates/_daemonset.tpl | 35 + charts/common/templates/_deployment.tpl | 53 ++ charts/common/templates/_ingress.tpl | 39 + charts/common/templates/_notes.tpl | 56 ++ charts/common/templates/_pvc.tpl | 16 + charts/common/templates/_secret.tpl | 17 + charts/common/templates/_service.tpl | 43 + charts/common/templates/_serviceaccount.tpl | 14 + charts/common/templates/_statefulset.tpl | 62 ++ .../addons/code-server/_codeserver.tpl | 50 ++ .../addons/code-server/_container.tpl | 46 ++ .../templates/addons/code-server/_secret.tpl | 22 + .../templates/addons/code-server/_volume.tpl | 17 + .../templates/addons/netshoot/_container.tpl | 27 + .../templates/addons/netshoot/_netshoot.tpl | 13 + .../templates/addons/promtail/_configmap.tpl | 35 + .../templates/addons/promtail/_container.tpl | 39 + .../templates/addons/promtail/_promtail.tpl | 25 + .../templates/addons/promtail/_volume.tpl | 7 + .../templates/addons/vpn/_configmap.tpl | 23 + .../templates/addons/vpn/_networkpolicy.tpl | 29 + .../common/templates/addons/vpn/_secret.tpl | 19 + .../common/templates/addons/vpn/_volume.tpl | 37 + charts/common/templates/addons/vpn/_vpn.tpl | 49 ++ .../templates/addons/vpn/gluetun/_addon.tpl | 11 + .../addons/vpn/gluetun/_container.tpl | 57 ++ .../templates/addons/vpn/openvpn/_addon.tpl | 17 + .../addons/vpn/openvpn/_container.tpl | 66 ++ .../templates/addons/vpn/openvpn/_secret.tpl | 16 + .../templates/addons/vpn/wireguard/_addon.tpl | 11 + .../addons/vpn/wireguard/_container.tpl | 57 ++ .../classes/_HorizontalPodAutoscaler.tpl | 37 + .../common/templates/classes/_configmap.tpl | 34 + charts/common/templates/classes/_ingress.tpl | 82 ++ charts/common/templates/classes/_pvc.tpl | 45 ++ charts/common/templates/classes/_service.tpl | 98 +++ .../templates/classes/_service_ports.tpl | 27 + .../templates/lib/chart/_annotations.tpl | 27 + .../templates/lib/chart/_capabilities.tpl | 19 + charts/common/templates/lib/chart/_labels.tpl | 22 + charts/common/templates/lib/chart/_names.tpl | 58 ++ charts/common/templates/lib/chart/_values.tpl | 9 + .../templates/lib/controller/_container.tpl | 62 ++ .../templates/lib/controller/_env_vars.tpl | 43 + .../common/templates/lib/controller/_pod.tpl | 105 +++ .../templates/lib/controller/_ports.tpl | 36 + .../templates/lib/controller/_probes.tpl | 33 + .../lib/controller/_volumemounts.tpl | 56 ++ .../templates/lib/controller/_volumes.tpl | 68 ++ charts/common/values.yaml | 763 ++++++++++++++++++ 54 files changed, 2748 insertions(+) create mode 100644 charts/common/.helmignore create mode 100644 charts/common/Chart.yaml create mode 100644 charts/common/templates/_all.tpl create mode 100644 charts/common/templates/_configmap.tpl create mode 100644 charts/common/templates/_daemonset.tpl create mode 100644 charts/common/templates/_deployment.tpl create mode 100644 charts/common/templates/_ingress.tpl create mode 100644 charts/common/templates/_notes.tpl create mode 100644 charts/common/templates/_pvc.tpl create mode 100644 charts/common/templates/_secret.tpl create mode 100644 charts/common/templates/_service.tpl create mode 100644 charts/common/templates/_serviceaccount.tpl create mode 100644 charts/common/templates/_statefulset.tpl create mode 100644 charts/common/templates/addons/code-server/_codeserver.tpl create mode 100644 charts/common/templates/addons/code-server/_container.tpl create mode 100644 charts/common/templates/addons/code-server/_secret.tpl create mode 100644 charts/common/templates/addons/code-server/_volume.tpl create mode 100644 charts/common/templates/addons/netshoot/_container.tpl create mode 100644 charts/common/templates/addons/netshoot/_netshoot.tpl create mode 100644 charts/common/templates/addons/promtail/_configmap.tpl create mode 100644 charts/common/templates/addons/promtail/_container.tpl create mode 100644 charts/common/templates/addons/promtail/_promtail.tpl create mode 100644 charts/common/templates/addons/promtail/_volume.tpl create mode 100644 charts/common/templates/addons/vpn/_configmap.tpl create mode 100644 charts/common/templates/addons/vpn/_networkpolicy.tpl create mode 100644 charts/common/templates/addons/vpn/_secret.tpl create mode 100644 charts/common/templates/addons/vpn/_volume.tpl create mode 100644 charts/common/templates/addons/vpn/_vpn.tpl create mode 100644 charts/common/templates/addons/vpn/gluetun/_addon.tpl create mode 100644 charts/common/templates/addons/vpn/gluetun/_container.tpl create mode 100644 charts/common/templates/addons/vpn/openvpn/_addon.tpl create mode 100644 charts/common/templates/addons/vpn/openvpn/_container.tpl create mode 100644 charts/common/templates/addons/vpn/openvpn/_secret.tpl create mode 100644 charts/common/templates/addons/vpn/wireguard/_addon.tpl create mode 100644 charts/common/templates/addons/vpn/wireguard/_container.tpl create mode 100644 charts/common/templates/classes/_HorizontalPodAutoscaler.tpl create mode 100644 charts/common/templates/classes/_configmap.tpl create mode 100644 charts/common/templates/classes/_ingress.tpl create mode 100644 charts/common/templates/classes/_pvc.tpl create mode 100644 charts/common/templates/classes/_service.tpl create mode 100644 charts/common/templates/classes/_service_ports.tpl create mode 100644 charts/common/templates/lib/chart/_annotations.tpl create mode 100644 charts/common/templates/lib/chart/_capabilities.tpl create mode 100644 charts/common/templates/lib/chart/_labels.tpl create mode 100644 charts/common/templates/lib/chart/_names.tpl create mode 100644 charts/common/templates/lib/chart/_values.tpl create mode 100644 charts/common/templates/lib/controller/_container.tpl create mode 100644 charts/common/templates/lib/controller/_env_vars.tpl create mode 100644 charts/common/templates/lib/controller/_pod.tpl create mode 100644 charts/common/templates/lib/controller/_ports.tpl create mode 100644 charts/common/templates/lib/controller/_probes.tpl create mode 100644 charts/common/templates/lib/controller/_volumemounts.tpl create mode 100644 charts/common/templates/lib/controller/_volumes.tpl create mode 100644 charts/common/values.yaml diff --git a/charts/common/.helmignore b/charts/common/.helmignore new file mode 100644 index 0000000..c62cbf8 --- /dev/null +++ b/charts/common/.helmignore @@ -0,0 +1,28 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# Test files +tests/ diff --git a/charts/common/Chart.yaml b/charts/common/Chart.yaml new file mode 100644 index 0000000..b11dfc6 --- /dev/null +++ b/charts/common/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: common +description: Common chart library, based off KaH's common +type: library +version: 4.5.2 +kubeVersion: ">=1.16.0-0" +keywords: + - common +home: https://github.com/nikdoof/helm-charts/tree/main/stable/common +maintainers: + - name: nikdoof diff --git a/charts/common/templates/_all.tpl b/charts/common/templates/_all.tpl new file mode 100644 index 0000000..e844bfb --- /dev/null +++ b/charts/common/templates/_all.tpl @@ -0,0 +1,58 @@ +{{/* +Main entrypoint for the common library chart. It will render all underlying templates based on the provided values. +*/}} +{{- define "common.all" -}} + {{- /* Merge the local chart values and the common chart defaults */ -}} + {{- include "common.values.setup" . }} + + {{- /* Enable code-server add-on if required */ -}} + {{- if .Values.addons.codeserver.enabled }} + {{- include "common.addon.codeserver" . }} + {{- end -}} + + {{- /* Enable VPN add-on if required */ -}} + {{- if .Values.addons.vpn.enabled }} + {{- include "common.addon.vpn" . }} + {{- end -}} + + {{- /* Enable promtail add-on if required */ -}} + {{- if .Values.addons.promtail.enabled }} + {{- include "common.addon.promtail" . }} + {{- end -}} + + {{- /* Enable netshoot add-on if required */ -}} + {{- if .Values.addons.netshoot.enabled }} + {{- include "common.addon.netshoot" . }} + {{- end -}} + + {{ include "common.configmap" . | nindent 0 }} + + {{- /* Build the templates */ -}} + {{- include "common.pvc" . }} + + {{- if .Values.serviceAccount.create -}} + {{- include "common.serviceAccount" . }} + {{- end -}} + + {{- if .Values.controller.enabled }} + {{- if eq .Values.controller.type "deployment" }} + {{- include "common.deployment" . | nindent 0 }} + {{ else if eq .Values.controller.type "daemonset" }} + {{- include "common.daemonset" . | nindent 0 }} + {{ else if eq .Values.controller.type "statefulset" }} + {{- include "common.statefulset" . | nindent 0 }} + {{ else }} + {{- fail (printf "Not a valid controller.type (%s)" .Values.controller.type) }} + {{- end -}} + {{- end -}} + + {{ include "common.classes.hpa" . | nindent 0 }} + + {{ include "common.service" . | nindent 0 }} + + {{ include "common.ingress" . | nindent 0 }} + + {{- if .Values.secret -}} + {{ include "common.secret" . | nindent 0 }} + {{- end -}} +{{- end -}} diff --git a/charts/common/templates/_configmap.tpl b/charts/common/templates/_configmap.tpl new file mode 100644 index 0000000..73ad958 --- /dev/null +++ b/charts/common/templates/_configmap.tpl @@ -0,0 +1,19 @@ +{{/* +Renders the configMap objects required by the chart. +*/}} +{{- define "common.configmap" -}} + {{- /* Generate named configMaps as required */ -}} + {{- range $name, $configmap := .Values.configmap }} + {{- if $configmap.enabled -}} + {{- $configmapValues := $configmap -}} + + {{/* set the default nameOverride to the configMap name */}} + {{- if not $configmapValues.nameOverride -}} + {{- $_ := set $configmapValues "nameOverride" $name -}} + {{ end -}} + + {{- $_ := set $ "ObjectValues" (dict "configmap" $configmapValues) -}} + {{- include "common.classes.configmap" $ }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/common/templates/_daemonset.tpl b/charts/common/templates/_daemonset.tpl new file mode 100644 index 0000000..ed336d9 --- /dev/null +++ b/charts/common/templates/_daemonset.tpl @@ -0,0 +1,35 @@ +{{/* +This template serves as the blueprint for the DaemonSet objects that are created +within the common library. +*/}} +{{- define "common.daemonset" }} +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "common.names.fullname" . }} + {{- with (merge (.Values.controller.labels | default dict) (include "common.labels" $ | fromYaml)) }} + labels: {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (merge (.Values.controller.annotations | default dict) (include "common.annotations" $ | fromYaml)) }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "common.labels.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with include ("common.podAnnotations") . }} + annotations: + {{- . | nindent 8 }} + {{- end }} + labels: + {{- include "common.labels.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- include "common.controller.pod" . | nindent 6 }} +{{- end }} diff --git a/charts/common/templates/_deployment.tpl b/charts/common/templates/_deployment.tpl new file mode 100644 index 0000000..75c1f1d --- /dev/null +++ b/charts/common/templates/_deployment.tpl @@ -0,0 +1,53 @@ +{{/* +This template serves as the blueprint for the Deployment objects that are created +within the common library. +*/}} +{{- define "common.deployment" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }} + {{- with (merge (.Values.controller.labels | default dict) (include "common.labels" $ | fromYaml)) }} + labels: {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (merge (.Values.controller.annotations | default dict) (include "common.annotations" $ | fromYaml)) }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }} + replicas: {{ .Values.controller.replicas }} + {{- $strategy := default "Recreate" .Values.controller.strategy }} + {{- if and (ne $strategy "Recreate") (ne $strategy "RollingUpdate") }} + {{- fail (printf "Not a valid strategy type for Deployment (%s)" $strategy) }} + {{- end }} + strategy: + type: {{ $strategy }} + {{- with .Values.controller.rollingUpdate }} + {{- if and (eq $strategy "RollingUpdate") (or .surge .unavailable) }} + rollingUpdate: + {{- with .unavailable }} + maxUnavailable: {{ . }} + {{- end }} + {{- with .surge }} + maxSurge: {{ . }} + {{- end }} + {{- end }} + {{- end }} + selector: + matchLabels: + {{- include "common.labels.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with include ("common.podAnnotations") . }} + annotations: + {{- . | nindent 8 }} + {{- end }} + labels: + {{- include "common.labels.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- include "common.controller.pod" . | nindent 6 }} +{{- end }} diff --git a/charts/common/templates/_ingress.tpl b/charts/common/templates/_ingress.tpl new file mode 100644 index 0000000..b14e170 --- /dev/null +++ b/charts/common/templates/_ingress.tpl @@ -0,0 +1,39 @@ +{{/* Renders the Ingress objects required by the chart */}} +{{- define "common.ingress" -}} + {{- /* Generate named ingresses as required */ -}} + {{- range $name, $ingress := .Values.ingress }} + {{- if $ingress.enabled -}} + {{- $ingressValues := $ingress -}} + + {{/* set defaults */}} + {{- if and (not $ingressValues.nameOverride) (ne $name (include "common.ingress.primary" $)) -}} + {{- $_ := set $ingressValues "nameOverride" $name -}} + {{- end -}} + + {{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}} + {{- include "common.classes.ingress" $ }} + {{- end }} + {{- end }} +{{- end }} + +{{/* Return the name of the primary ingress object */}} +{{- define "common.ingress.primary" -}} + {{- $enabledIngresses := dict -}} + {{- range $name, $ingress := .Values.ingress -}} + {{- if $ingress.enabled -}} + {{- $_ := set $enabledIngresses $name . -}} + {{- end -}} + {{- end -}} + + {{- $result := "" -}} + {{- range $name, $ingress := $enabledIngresses -}} + {{- if and (hasKey $ingress "primary") $ingress.primary -}} + {{- $result = $name -}} + {{- end -}} + {{- end -}} + + {{- if not $result -}} + {{- $result = keys $enabledIngresses | first -}} + {{- end -}} + {{- $result -}} +{{- end -}} diff --git a/charts/common/templates/_notes.tpl b/charts/common/templates/_notes.tpl new file mode 100644 index 0000000..e5f85b0 --- /dev/null +++ b/charts/common/templates/_notes.tpl @@ -0,0 +1,56 @@ +{{/* +Default NOTES.txt content. +*/}} +{{- define "common.notes.defaultNotes" -}} + +{{- $primaryIngress := get .Values.ingress (include "common.ingress.primary" .) -}} +{{- $primaryService := get .Values.service (include "common.service.primary" .) -}} +{{- $primaryPort := "" -}} +{{- if $primaryService -}} + {{- $primaryPort = get $primaryService.ports (include "common.classes.service.ports.primary" (dict "serviceName" (include "common.service.primary" .) "values" $primaryService)) -}} +{{- end -}} + +{{- $prefix := "http" -}} +{{- if $primaryPort }} + {{- if hasKey $primaryPort "protocol" }} + {{- if eq $primaryPort.protocol "HTTPS" }} + {{- $prefix = "https" }} + {{- end }} + {{- end }} +{{- end }} + +{{- if $primaryIngress }} +1. Access the application by visiting one of these URL's: +{{ range $primaryIngress.hosts }} + {{- $protocol := "http" -}} + {{ if $primaryIngress.tls -}} + {{- $prefix = "https" -}} + {{ end -}} + {{- $host := .host -}} + {{ if .hostTpl -}} + {{- $host = tpl .hostTpl $ -}} + {{ end }} + {{- $path := (first .paths).path | default "/" -}} + {{ if (first .paths).pathTpl -}} + {{- $path = tpl (first .paths).pathTpl $ -}} + {{ end }} + - {{ $protocol }}://{{- $host }}{{- $path }} +{{- end }} +{{- else if and $primaryService $primaryPort }} +1. Get the application URL by running these commands: +{{- if contains "NodePort" $primaryService.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo {{ $prefix }}://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" $primaryService.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.names.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo {{ $prefix }}://$SERVICE_IP:{{ $primaryPort.port }} +{{- else if contains "ClusterIP" $primaryService.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit {{ $prefix }}://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ $primaryPort.port }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/common/templates/_pvc.tpl b/charts/common/templates/_pvc.tpl new file mode 100644 index 0000000..608b4de --- /dev/null +++ b/charts/common/templates/_pvc.tpl @@ -0,0 +1,16 @@ +{{/* +Renders the Persistent Volume Claim objects required by the chart. +*/}} +{{- define "common.pvc" -}} + {{- /* Generate pvc as required */ -}} + {{- range $index, $PVC := .Values.persistence }} + {{- if and $PVC.enabled (eq (default "pvc" $PVC.type) "pvc") (not $PVC.existingClaim) -}} + {{- $persistenceValues := $PVC -}} + {{- if not $persistenceValues.nameOverride -}} + {{- $_ := set $persistenceValues "nameOverride" $index -}} + {{- end -}} + {{- $_ := set $ "ObjectValues" (dict "persistence" $persistenceValues) -}} + {{- include "common.classes.pvc" $ | nindent 0 -}} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/common/templates/_secret.tpl b/charts/common/templates/_secret.tpl new file mode 100644 index 0000000..616ee39 --- /dev/null +++ b/charts/common/templates/_secret.tpl @@ -0,0 +1,17 @@ +{{/* +The Secret object to be created. +*/}} +{{- define "common.secret" }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: {{- include "common.labels" $ | nindent 4 }} + annotations: {{- include "common.annotations" $ | nindent 4 }} +type: Opaque +{{- with .Values.secret }} +stringData: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/common/templates/_service.tpl b/charts/common/templates/_service.tpl new file mode 100644 index 0000000..3581193 --- /dev/null +++ b/charts/common/templates/_service.tpl @@ -0,0 +1,43 @@ +{{/* +Renders the Service objects required by the chart. +*/}} +{{- define "common.service" -}} + {{- /* Generate named services as required */ -}} + {{- range $name, $service := .Values.service }} + {{- if $service.enabled -}} + {{- $serviceValues := $service -}} + + {{/* set the default nameOverride to the service name */}} + {{- if and (not $serviceValues.nameOverride) (ne $name (include "common.service.primary" $)) -}} + {{- $_ := set $serviceValues "nameOverride" $name -}} + {{ end -}} + + {{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}} + {{- include "common.classes.service" $ }} + {{- end }} + {{- end }} +{{- end }} + +{{/* +Return the primary service object +*/}} +{{- define "common.service.primary" -}} + {{- $enabledServices := dict -}} + {{- range $name, $service := .Values.service -}} + {{- if $service.enabled -}} + {{- $_ := set $enabledServices $name . -}} + {{- end -}} + {{- end -}} + + {{- $result := "" -}} + {{- range $name, $service := $enabledServices -}} + {{- if and (hasKey $service "primary") $service.primary -}} + {{- $result = $name -}} + {{- end -}} + {{- end -}} + + {{- if not $result -}} + {{- $result = keys $enabledServices | first -}} + {{- end -}} + {{- $result -}} +{{- end -}} diff --git a/charts/common/templates/_serviceaccount.tpl b/charts/common/templates/_serviceaccount.tpl new file mode 100644 index 0000000..6640750 --- /dev/null +++ b/charts/common/templates/_serviceaccount.tpl @@ -0,0 +1,14 @@ +{{/* +The ServiceAccount object to be created. +*/}} +{{- define "common.serviceAccount" }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "common.names.serviceAccountName" . }} + labels: {{- include "common.labels" $ | nindent 4 }} + {{- with (merge (.Values.serviceAccount.annotations | default dict) (include "common.annotations" $ | fromYaml)) }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/common/templates/_statefulset.tpl b/charts/common/templates/_statefulset.tpl new file mode 100644 index 0000000..5923c2c --- /dev/null +++ b/charts/common/templates/_statefulset.tpl @@ -0,0 +1,62 @@ +{{/* +This template serves as the blueprint for the StatefulSet objects that are created +within the common library. +*/}} +{{- define "common.statefulset" }} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "common.names.fullname" . }} + {{- with (merge (.Values.controller.labels | default dict) (include "common.labels" $ | fromYaml)) }} + labels: {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (merge (.Values.controller.annotations | default dict) (include "common.annotations" $ | fromYaml)) }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }} + replicas: {{ .Values.controller.replicas }} + podManagementPolicy: {{ default "OrderedReady" .Values.controller.podManagementPolicy }} + {{- $strategy := default "RollingUpdate" .Values.controller.strategy }} + {{- if and (ne $strategy "OnDelete") (ne $strategy "RollingUpdate") }} + {{- fail (printf "Not a valid strategy type for StatefulSet (%s)" $strategy) }} + {{- end }} + updateStrategy: + type: {{ $strategy }} + {{- if and (eq $strategy "RollingUpdate") .Values.controller.rollingUpdate.partition }} + rollingUpdate: + partition: {{ .Values.controller.rollingUpdate.partition }} + {{- end }} + selector: + matchLabels: + {{- include "common.labels.selectorLabels" . | nindent 6 }} + serviceName: {{ include "common.names.fullname" . }} + template: + metadata: + {{- with include ("common.podAnnotations") . }} + annotations: + {{- . | nindent 8 }} + {{- end }} + labels: + {{- include "common.labels.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- include "common.controller.pod" . | nindent 6 }} + volumeClaimTemplates: + {{- range $index, $vct := .Values.volumeClaimTemplates }} + - metadata: + name: {{ $vct.name }} + spec: + accessModes: + - {{ required (printf "accessMode is required for vCT %v" $vct.name) $vct.accessMode | quote }} + resources: + requests: + storage: {{ required (printf "size is required for PVC %v" $vct.name) $vct.size | quote }} + {{- if $vct.storageClass }} + storageClassName: {{ if (eq "-" $vct.storageClass) }}""{{- else }}{{ $vct.storageClass | quote }}{{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/common/templates/addons/code-server/_codeserver.tpl b/charts/common/templates/addons/code-server/_codeserver.tpl new file mode 100644 index 0000000..ef1ca67 --- /dev/null +++ b/charts/common/templates/addons/code-server/_codeserver.tpl @@ -0,0 +1,50 @@ +{{/* +Template to render code-server addon +It will include / inject the required templates based on the given values. +*/}} +{{- define "common.addon.codeserver" -}} +{{- if .Values.addons.codeserver.enabled -}} + {{/* Append the code-server container to the additionalContainers */}} + {{- $container := include "common.addon.codeserver.container" . | fromYaml -}} + {{- if $container -}} + {{- $_ := set .Values.additionalContainers "addon-codeserver" $container -}} + {{- end -}} + + {{/* Include the deployKeySecret if not empty */}} + {{- $secret := include "common.addon.codeserver.deployKeySecret" . -}} + {{- if $secret -}} + {{- $secret | nindent 0 -}} + {{- end -}} + + {{/* Append the secret volume to the volumes */}} + {{- $volume := include "common.addon.codeserver.deployKeyVolumeSpec" . | fromYaml -}} + {{- if $volume -}} + {{- $_ := set .Values.persistence "deploykey" (dict "enabled" "true" "mountPath" "-" "type" "custom" "volumeSpec" $volume) -}} + {{- end -}} + + {{/* Add the code-server service */}} + {{- if .Values.addons.codeserver.service.enabled -}} + {{- $serviceValues := .Values.addons.codeserver.service -}} + {{- $_ := set $serviceValues "nameOverride" "codeserver" -}} + {{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}} + {{- include "common.classes.service" $ -}} + {{- $_ := unset $ "ObjectValues" -}} + {{- end -}} + + {{/* Add the code-server ingress */}} + {{- if .Values.addons.codeserver.ingress.enabled -}} + {{- $ingressValues := .Values.addons.codeserver.ingress -}} + {{- $_ := set $ingressValues "nameOverride" "codeserver" -}} + + {{/* Determine the target service name & port */}} + {{- $svcName := printf "%v-codeserver" (include "common.names.fullname" .) -}} + {{- $svcPort := .Values.addons.codeserver.service.ports.codeserver.port -}} + {{- range $_, $host := $ingressValues.hosts -}} + {{- $_ := set (index $host.paths 0) "service" (dict "name" $svcName "port" $svcPort) -}} + {{- end -}} + {{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}} + {{- include "common.classes.ingress" $ -}} + {{- $_ := unset $ "ObjectValues" -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/common/templates/addons/code-server/_container.tpl b/charts/common/templates/addons/code-server/_container.tpl new file mode 100644 index 0000000..23af35e --- /dev/null +++ b/charts/common/templates/addons/code-server/_container.tpl @@ -0,0 +1,46 @@ +{{/* +The code-server sidecar container to be inserted. +*/}} +{{- define "common.addon.codeserver.container" -}} +{{- if lt (len .Values.addons.codeserver.volumeMounts) 1 }} +{{- fail "At least 1 volumeMount is required for codeserver container" }} +{{- end -}} +name: codeserver +image: "{{ .Values.addons.codeserver.image.repository }}:{{ .Values.addons.codeserver.image.tag }}" +imagePullPolicy: {{ .Values.addons.codeserver.pullPolicy }} +{{- with .Values.addons.codeserver.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.addons.codeserver.env }} +env: +{{- range $k, $v := . }} + - name: {{ $k }} + value: {{ $v | quote }} +{{- end }} +{{- end }} +ports: +- name: codeserver + containerPort: {{ .Values.addons.codeserver.service.ports.codeserver.port }} + protocol: TCP +args: +{{- range .Values.addons.codeserver.args }} +- {{ . | quote }} +{{- end }} +- "--port" +- "{{ .Values.addons.codeserver.service.ports.codeserver.port }}" +- {{ .Values.addons.codeserver.workingDir | default (first .Values.addons.codeserver.volumeMounts).mountPath }} +volumeMounts: +{{- with .Values.addons.codeserver.volumeMounts }} + {{- toYaml . | nindent 2 }} +{{- end }} +{{- if or .Values.addons.codeserver.git.deployKey .Values.addons.codeserver.git.deployKeyBase64 .Values.addons.codeserver.git.deployKeySecret }} + - name: deploykey + mountPath: /root/.ssh/id_rsa + subPath: id_rsa +{{- end }} +{{- with .Values.addons.codeserver.resources }} +resources: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/charts/common/templates/addons/code-server/_secret.tpl b/charts/common/templates/addons/code-server/_secret.tpl new file mode 100644 index 0000000..d80d73e --- /dev/null +++ b/charts/common/templates/addons/code-server/_secret.tpl @@ -0,0 +1,22 @@ +{{/* +The OpenVPN credentials secrets to be included. +*/}} +{{- define "common.addon.codeserver.deployKeySecret" -}} +{{- if or .Values.addons.codeserver.git.deployKey .Values.addons.codeserver.git.deployKeyBase64 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "common.names.fullname" . }}-deploykey + labels: {{- include "common.labels" $ | nindent 4 }} + annotations: {{- include "common.annotations" $ | nindent 4 }} +type: Opaque +{{- if .Values.addons.codeserver.git.deployKey }} +stringData: + id_rsa: {{ .Values.addons.codeserver.git.deployKey | quote }} +{{- else }} +data: + id_rsa: {{ .Values.addons.codeserver.git.deployKeyBase64 | quote }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/common/templates/addons/code-server/_volume.tpl b/charts/common/templates/addons/code-server/_volume.tpl new file mode 100644 index 0000000..6e6d594 --- /dev/null +++ b/charts/common/templates/addons/code-server/_volume.tpl @@ -0,0 +1,17 @@ +{{/* +The volume (referencing git deploykey) to be inserted into additionalVolumes. +*/}} +{{- define "common.addon.codeserver.deployKeyVolumeSpec" -}} +{{- if or .Values.addons.codeserver.git.deployKey .Values.addons.codeserver.git.deployKeyBase64 .Values.addons.codeserver.git.deployKeySecret }} +secret: + {{- if .Values.addons.codeserver.git.deployKeySecret }} + secretName: {{ .Values.addons.codeserver.git.deployKeySecret }} + {{- else }} + secretName: {{ include "common.names.fullname" . }}-deploykey + {{- end }} + defaultMode: 256 + items: + - key: id_rsa + path: id_rsa +{{- end -}} +{{- end -}} diff --git a/charts/common/templates/addons/netshoot/_container.tpl b/charts/common/templates/addons/netshoot/_container.tpl new file mode 100644 index 0000000..3e7a429 --- /dev/null +++ b/charts/common/templates/addons/netshoot/_container.tpl @@ -0,0 +1,27 @@ +{{/* +The netshoot sidecar container to be inserted. +*/}} +{{- define "common.addon.netshoot.container" -}} +name: netshoot +image: "{{ .Values.addons.netshoot.image.repository }}:{{ .Values.addons.netshoot.image.tag }}" +imagePullPolicy: {{ .Values.addons.netshoot.pullPolicy }} +{{- with .Values.addons.netshoot.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.addons.netshoot.env }} +env: +{{- range $k, $v := . }} + - name: {{ $k }} + value: {{ $v | quote }} +{{- end }} +{{- end }} +command: + - /bin/sh + - -c + - sleep infinity +{{- with .Values.addons.netshoot.resources }} +resources: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/charts/common/templates/addons/netshoot/_netshoot.tpl b/charts/common/templates/addons/netshoot/_netshoot.tpl new file mode 100644 index 0000000..9a1e9fa --- /dev/null +++ b/charts/common/templates/addons/netshoot/_netshoot.tpl @@ -0,0 +1,13 @@ +{{/* +Template to render netshoot addon +It will include / inject the required templates based on the given values. +*/}} +{{- define "common.addon.netshoot" -}} +{{- if .Values.addons.netshoot.enabled -}} + {{/* Append the netshoot container to the additionalContainers */}} + {{- $container := include "common.addon.netshoot.container" . | fromYaml -}} + {{- if $container -}} + {{- $_ := set .Values.additionalContainers "addon-netshoot" $container -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/common/templates/addons/promtail/_configmap.tpl b/charts/common/templates/addons/promtail/_configmap.tpl new file mode 100644 index 0000000..5057f26 --- /dev/null +++ b/charts/common/templates/addons/promtail/_configmap.tpl @@ -0,0 +1,35 @@ +{{/* +The promtail config to be included. +*/}} +{{- define "common.addon.promtail.configmap" -}} +{{- if .Values.addons.promtail.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-promtail + labels: {{- include "common.labels" $ | nindent 4 }} + annotations: {{- include "common.annotations" $ | nindent 4 }} +data: + promtail.yaml: | + server: + http_listen_port: 9080 + grpc_listen_port: 0 + positions: + filename: /tmp/positions.yaml + {{- with .Values.addons.promtail.loki }} + client: + url: {{ . }} + {{- end }} + scrape_configs: + {{- range .Values.addons.promtail.logs }} + - job_name: {{ .name }} + static_configs: + - targets: + - localhost + labels: + job: {{ .name }} + __path__: "{{ .path }}" + {{- end }} +{{- end -}} +{{- end -}} diff --git a/charts/common/templates/addons/promtail/_container.tpl b/charts/common/templates/addons/promtail/_container.tpl new file mode 100644 index 0000000..f4936bc --- /dev/null +++ b/charts/common/templates/addons/promtail/_container.tpl @@ -0,0 +1,39 @@ +{{/* +The promtail sidecar container to be inserted. +*/}} +{{- define "common.addon.promtail.container" -}} +{{- if lt (len .Values.addons.promtail.volumeMounts) 1 }} +{{- fail "At least 1 volumeMount is required for the promtail container" }} +{{- end -}} +name: promtail +image: "{{ .Values.addons.promtail.image.repository }}:{{ .Values.addons.promtail.image.tag }}" +imagePullPolicy: {{ .Values.addons.promtail.pullPolicy }} +{{- with .Values.addons.promtail.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.addons.promtail.env }} +env: +{{- range $k, $v := . }} + - name: {{ $k }} + value: {{ $v | quote }} +{{- end }} +{{- end }} +args: +{{- range .Values.addons.promtail.args }} +- {{ . | quote }} +{{- end }} +- "-config.file=/etc/promtail/promtail.yaml" +volumeMounts: + - name: promtail-config + mountPath: /etc/promtail/promtail.yaml + subPath: promtail.yaml + readOnly: true +{{- with .Values.addons.promtail.volumeMounts }} + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.addons.promtail.resources }} +resources: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/charts/common/templates/addons/promtail/_promtail.tpl b/charts/common/templates/addons/promtail/_promtail.tpl new file mode 100644 index 0000000..c8ef10f --- /dev/null +++ b/charts/common/templates/addons/promtail/_promtail.tpl @@ -0,0 +1,25 @@ +{{/* +Template to render promtail addon +It will include / inject the required templates based on the given values. +*/}} +{{- define "common.addon.promtail" -}} +{{- if .Values.addons.promtail.enabled -}} + {{/* Append the promtail container to the additionalContainers */}} + {{- $container := include "common.addon.promtail.container" . | fromYaml -}} + {{- if $container -}} + {{- $_ := set .Values.additionalContainers "addon-promtail" $container -}} + {{- end -}} + + {{/* Include the configmap if not empty */}} + {{- $configmap := include "common.addon.promtail.configmap" . -}} + {{- if $configmap -}} + {{- $configmap | nindent 0 -}} + {{- end -}} + + {{/* Append the promtail config volume to the volumes */}} + {{- $volume := include "common.addon.promtail.volumeSpec" . | fromYaml -}} + {{- if $volume -}} + {{- $_ := set .Values.persistence "promtail-config" (dict "enabled" "true" "mountPath" "-" "type" "custom" "volumeSpec" $volume) -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/common/templates/addons/promtail/_volume.tpl b/charts/common/templates/addons/promtail/_volume.tpl new file mode 100644 index 0000000..bce624b --- /dev/null +++ b/charts/common/templates/addons/promtail/_volume.tpl @@ -0,0 +1,7 @@ +{{/* +The volume (referencing config) to be inserted into additionalVolumes. +*/}} +{{- define "common.addon.promtail.volumeSpec" -}} +configMap: + name: {{ include "common.names.fullname" . }}-promtail +{{- end -}} diff --git a/charts/common/templates/addons/vpn/_configmap.tpl b/charts/common/templates/addons/vpn/_configmap.tpl new file mode 100644 index 0000000..f99942e --- /dev/null +++ b/charts/common/templates/addons/vpn/_configmap.tpl @@ -0,0 +1,23 @@ +{{/* +The VPN config and scripts to be included. +*/}} +{{- define "common.addon.vpn.configmap" -}} +{{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-vpn + labels: {{- include "common.labels" $ | nindent 4 }} + annotations: {{- include "common.annotations" $ | nindent 4 }} +data: +{{- with .Values.addons.vpn.scripts.up }} + up.sh: |- + {{- . | nindent 4}} +{{- end }} +{{- with .Values.addons.vpn.scripts.down }} + down.sh: |- + {{- . | nindent 4}} +{{- end }} +{{- end -}} +{{- end -}} diff --git a/charts/common/templates/addons/vpn/_networkpolicy.tpl b/charts/common/templates/addons/vpn/_networkpolicy.tpl new file mode 100644 index 0000000..7a860b4 --- /dev/null +++ b/charts/common/templates/addons/vpn/_networkpolicy.tpl @@ -0,0 +1,29 @@ +{{/* +Blueprint for the NetworkPolicy object that can be included in the addon. +*/}} +{{- define "common.addon.vpn.networkpolicy" -}} +{{- if .Values.addons.vpn.networkPolicy.enabled }} +--- +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ include "common.names.fullname" . }} + {{- with (merge (.Values.addons.vpn.networkPolicy.labels | default dict) (include "common.labels" $ | fromYaml)) }} + labels: {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (merge (.Values.addons.vpn.networkPolicy.annotations | default dict) (include "common.annotations" $ | fromYaml)) }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} +spec: + podSelector: + {{- with (merge .Values.addons.vpn.networkPolicy.podSelectorLabels (include "common.labels.selectorLabels" . | fromYaml)) }} + matchLabels: {{- toYaml . | nindent 6 }} + {{- end }} + policyTypes: + - Egress + egress: + {{- with .Values.addons.vpn.networkPolicy.egress }} + {{- . | toYaml | nindent 4 }} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/common/templates/addons/vpn/_secret.tpl b/charts/common/templates/addons/vpn/_secret.tpl new file mode 100644 index 0000000..7527a2f --- /dev/null +++ b/charts/common/templates/addons/vpn/_secret.tpl @@ -0,0 +1,19 @@ +{{/* +The OpenVPN config secret to be included. +*/}} +{{- define "common.addon.vpn.secret" -}} +{{- if and .Values.addons.vpn.configFile (not .Values.addons.vpn.configFileSecret) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-vpnconfig + labels: {{- include "common.labels" $ | nindent 4 }} + annotations: {{- include "common.annotations" $ | nindent 4 }} +stringData: + {{- with .Values.addons.vpn.configFile }} + vpnConfigfile: |- + {{- . | nindent 4}} + {{- end }} +{{- end -}} +{{- end -}} diff --git a/charts/common/templates/addons/vpn/_volume.tpl b/charts/common/templates/addons/vpn/_volume.tpl new file mode 100644 index 0000000..184e2a9 --- /dev/null +++ b/charts/common/templates/addons/vpn/_volume.tpl @@ -0,0 +1,37 @@ +{{/* +The volume (referencing VPN scripts) to be inserted into additionalVolumes. +*/}} +{{- define "common.addon.vpn.scriptsVolumeSpec" -}} +{{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}} +configMap: + name: {{ include "common.names.fullname" . }}-vpn + items: + {{- if .Values.addons.vpn.scripts.up }} + - key: up.sh + path: up.sh + mode: 0777 + {{- end }} + {{- if .Values.addons.vpn.scripts.down }} + - key: down.sh + path: down.sh + mode: 0777 + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +The volume (referencing VPN config) to be inserted into additionalVolumes. +*/}} +{{- define "common.addon.vpn.configVolumeSpec" -}} +{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret -}} +secret: + {{- if .Values.addons.vpn.configFileSecret }} + secretName: {{ .Values.addons.vpn.configFileSecret }} + {{- else }} + secretName: {{ include "common.names.fullname" . }}-vpnconfig + {{- end }} + items: + - key: vpnConfigfile + path: vpnConfigfile +{{- end -}} +{{- end -}} diff --git a/charts/common/templates/addons/vpn/_vpn.tpl b/charts/common/templates/addons/vpn/_vpn.tpl new file mode 100644 index 0000000..318ddfb --- /dev/null +++ b/charts/common/templates/addons/vpn/_vpn.tpl @@ -0,0 +1,49 @@ +{{/* +Template to render VPN addon +It will include / inject the required templates based on the given values. +*/}} +{{- define "common.addon.vpn" -}} +{{- if .Values.addons.vpn.enabled -}} + {{- if eq "openvpn" .Values.addons.vpn.type -}} + {{- include "common.addon.openvpn" . }} + {{- end -}} + + {{- if eq "wireguard" .Values.addons.vpn.type -}} + {{- include "common.addon.wireguard" . }} + {{- end -}} + + {{- if eq "gluetun" .Values.addons.vpn.type -}} + {{- include "common.addon.gluetun" . }} + {{- end -}} + + {{/* Include the configmap if not empty */}} + {{- $configmap := include "common.addon.vpn.configmap" . -}} + {{- if $configmap -}} + {{- $configmap | nindent 0 -}} + {{- end -}} + + {{/* Include the secret if not empty */}} + {{- $secret := include "common.addon.vpn.secret" . -}} + {{- if $secret -}} + {{- $secret | nindent 0 -}} + {{- end -}} + + {{/* Append the vpn scripts volume to the volumes */}} + {{- $scriptVolume := include "common.addon.vpn.scriptsVolumeSpec" . | fromYaml -}} + {{- if $scriptVolume -}} + {{- $_ := set .Values.persistence "vpnscript" (dict "enabled" "true" "mountPath" "-" "type" "custom" "volumeSpec" $scriptVolume) -}} + {{- end -}} + + {{/* Append the vpn config volume to the volumes */}} + {{- $configVolume := include "common.addon.vpn.configVolumeSpec" . | fromYaml }} + {{ if $configVolume -}} + {{- $_ := set .Values.persistence "vpnconfig" (dict "enabled" "true" "mountPath" "-" "type" "custom" "volumeSpec" $configVolume) -}} + {{- end -}} + + {{/* Include the networkpolicy if not empty */}} + {{- $networkpolicy := include "common.addon.vpn.networkpolicy" . -}} + {{- if $networkpolicy -}} + {{- $networkpolicy | nindent 0 -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/common/templates/addons/vpn/gluetun/_addon.tpl b/charts/common/templates/addons/vpn/gluetun/_addon.tpl new file mode 100644 index 0000000..43d3278 --- /dev/null +++ b/charts/common/templates/addons/vpn/gluetun/_addon.tpl @@ -0,0 +1,11 @@ +{{/* +Template to render gluetun addon. It will add the container to the list of additionalContainers. +*/}} +*/}} +{{- define "common.addon.gluetun" -}} + {{/* Append the gluetun container to the additionalContainers */}} + {{- $container := fromYaml (include "common.addon.gluetun.container" .) -}} + {{- if $container -}} + {{- $_ := set .Values.additionalContainers "addon-gluetun" $container -}} + {{- end -}} +{{- end -}} diff --git a/charts/common/templates/addons/vpn/gluetun/_container.tpl b/charts/common/templates/addons/vpn/gluetun/_container.tpl new file mode 100644 index 0000000..7618ee5 --- /dev/null +++ b/charts/common/templates/addons/vpn/gluetun/_container.tpl @@ -0,0 +1,57 @@ +{{/* +The gluetun sidecar container to be inserted. +*/}} +{{- define "common.addon.gluetun.container" -}} +name: gluetun +image: "{{ .Values.addons.vpn.gluetun.image.repository }}:{{ .Values.addons.vpn.gluetun.image.tag }}" +imagePullPolicy: {{ .Values.addons.vpn.gluetun.pullPolicy }} +{{- with .Values.addons.vpn.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.addons.vpn.env }} +env: + {{- . | toYaml | nindent 2 }} +{{- end }} +{{- with .Values.addons.vpn.envFrom }} +envFrom: + {{- . | toYaml | nindent 2 }} +{{- end }} +{{- with .Values.addons.vpn.args }} +args: + {{- . | toYaml | nindent 2 }} +{{- end }} +{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }} +volumeMounts: +{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret }} + - name: vpnconfig + mountPath: /gluetun/config.conf + subPath: vpnConfigfile +{{- end }} +{{- if .Values.addons.vpn.scripts.up }} + - name: vpnscript + mountPath: /gluetun/scripts/up.sh + subPath: up.sh +{{- end }} +{{- if .Values.addons.vpn.scripts.down }} + - name: vpnscript + mountPath: /gluetun/scripts/down.sh + subPath: down.sh +{{- end }} +{{- if .Values.persistence.shared.enabled }} + - mountPath: {{ .Values.persistence.shared.mountPath }} + name: shared +{{- end }} +{{- with .Values.addons.vpn.additionalVolumeMounts }} + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- with .Values.addons.vpn.livenessProbe }} +livenessProbe: + {{- toYaml . | nindent 2 }} +{{- end -}} +{{- with .Values.addons.vpn.resources }} +resources: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/charts/common/templates/addons/vpn/openvpn/_addon.tpl b/charts/common/templates/addons/vpn/openvpn/_addon.tpl new file mode 100644 index 0000000..1cfcdd5 --- /dev/null +++ b/charts/common/templates/addons/vpn/openvpn/_addon.tpl @@ -0,0 +1,17 @@ +{{/* +Template to render OpenVPN addon. It will add the container to the list of additionalContainers +and add a credentials secret if speciffied. +*/}} +{{- define "common.addon.openvpn" -}} + {{/* Append the openVPN container to the additionalContainers */}} + {{- $container := include "common.addon.openvpn.container" . | fromYaml -}} + {{- if $container -}} + {{- $_ := set .Values.additionalContainers "addon-openvpn" $container -}} + {{- end -}} + + {{/* Include the secret if not empty */}} + {{- $secret := include "common.addon.openvpn.secret" . -}} + {{- if $secret -}} + {{- $secret | nindent 0 -}} + {{- end -}} +{{- end -}} diff --git a/charts/common/templates/addons/vpn/openvpn/_container.tpl b/charts/common/templates/addons/vpn/openvpn/_container.tpl new file mode 100644 index 0000000..b262167 --- /dev/null +++ b/charts/common/templates/addons/vpn/openvpn/_container.tpl @@ -0,0 +1,66 @@ +{{/* +The OpenVPN sidecar container to be inserted. +*/}} +{{- define "common.addon.openvpn.container" -}} +name: openvpn +image: "{{ .Values.addons.vpn.openvpn.image.repository }}:{{ .Values.addons.vpn.openvpn.image.tag }}" +imagePullPolicy: {{ .Values.addons.vpn.openvpn.pullPolicy }} +{{- with .Values.addons.vpn.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.addons.vpn.env }} +env: + {{- . | toYaml | nindent 2 }} +{{- end }} +{{- with .Values.addons.vpn.envFrom }} +envFrom: + {{- . | toYaml | nindent 2 }} +{{- end }} +{{- with .Values.addons.vpn.args }} +args: + {{- . | toYaml | nindent 2 }} +{{- end }} +{{- if or .Values.addons.vpn.openvpn.auth .Values.addons.vpn.openvpn.authSecret }} +envFrom: + - secretRef: + {{- if .Values.addons.vpn.openvpn.authSecret }} + name: {{ .Values.addons.vpn.openvpn.authSecret }} + {{- else }} + name: {{ include "common.names.fullname" . }}-openvpn + {{- end }} +{{- end }} +{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }} +volumeMounts: +{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret }} + - name: vpnconfig + mountPath: /vpn/vpn.conf + subPath: vpnConfigfile +{{- end }} +{{- if .Values.addons.vpn.scripts.up }} + - name: vpnscript + mountPath: /vpn/up.sh + subPath: up.sh +{{- end }} +{{- if .Values.addons.vpn.scripts.down }} + - name: vpnscript + mountPath: /vpn/down.sh + subPath: down.sh +{{- end }} +{{- if .Values.persistence.shared.enabled }} + - mountPath: {{ .Values.persistence.shared.mountPath }} + name: shared +{{- end }} +{{- with .Values.addons.vpn.additionalVolumeMounts }} + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- with .Values.addons.vpn.livenessProbe }} +livenessProbe: + {{- toYaml . | nindent 2 }} +{{- end -}} +{{- with .Values.addons.vpn.resources }} +resources: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/charts/common/templates/addons/vpn/openvpn/_secret.tpl b/charts/common/templates/addons/vpn/openvpn/_secret.tpl new file mode 100644 index 0000000..999699e --- /dev/null +++ b/charts/common/templates/addons/vpn/openvpn/_secret.tpl @@ -0,0 +1,16 @@ +{{/* +The OpenVPN credentials secrets to be included. +*/}} +{{- define "common.addon.openvpn.secret" -}} +{{- with .Values.addons.vpn.openvpn.auth }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" $ }}-openvpn + labels: {{- include "common.labels" $ | nindent 4 }} + annotations: {{- include "common.annotations" $ | nindent 4 }} +data: + VPN_AUTH: {{ . | b64enc }} +{{- end -}} +{{- end -}} diff --git a/charts/common/templates/addons/vpn/wireguard/_addon.tpl b/charts/common/templates/addons/vpn/wireguard/_addon.tpl new file mode 100644 index 0000000..6c7ea35 --- /dev/null +++ b/charts/common/templates/addons/vpn/wireguard/_addon.tpl @@ -0,0 +1,11 @@ +{{/* +Template to render Wireguard addon. It will add the container to the list of additionalContainers. +*/}} +*/}} +{{- define "common.addon.wireguard" -}} + {{/* Append the Wireguard container to the additionalContainers */}} + {{- $container := fromYaml (include "common.addon.wireguard.container" .) -}} + {{- if $container -}} + {{- $_ := set .Values.additionalContainers "addon-wireguard" $container -}} + {{- end -}} +{{- end -}} diff --git a/charts/common/templates/addons/vpn/wireguard/_container.tpl b/charts/common/templates/addons/vpn/wireguard/_container.tpl new file mode 100644 index 0000000..7b75559 --- /dev/null +++ b/charts/common/templates/addons/vpn/wireguard/_container.tpl @@ -0,0 +1,57 @@ +{{/* +The Wireguard sidecar container to be inserted. +*/}} +{{- define "common.addon.wireguard.container" -}} +name: wireguard +image: "{{ .Values.addons.vpn.wireguard.image.repository }}:{{ .Values.addons.vpn.wireguard.image.tag }}" +imagePullPolicy: {{ .Values.addons.vpn.wireguard.pullPolicy }} +{{- with .Values.addons.vpn.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.addons.vpn.env }} +env: + {{- . | toYaml | nindent 2 }} +{{- end }} +{{- with .Values.addons.vpn.envFrom }} +envFrom: + {{- . | toYaml | nindent 2 }} +{{- end }} +{{- with .Values.addons.vpn.args }} +args: + {{- . | toYaml | nindent 2 }} +{{- end }} +{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }} +volumeMounts: +{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret }} + - name: vpnconfig + mountPath: /etc/wireguard/wg0.conf + subPath: vpnConfigfile +{{- end }} +{{- if .Values.addons.vpn.scripts.up }} + - name: vpnscript + mountPath: /config/up.sh + subPath: up.sh +{{- end }} +{{- if .Values.addons.vpn.scripts.down }} + - name: vpnscript + mountPath: /config/down.sh + subPath: down.sh +{{- end }} +{{- if .Values.persistence.shared.enabled }} + - mountPath: {{ .Values.persistence.shared.mountPath }} + name: shared +{{- end }} +{{- with .Values.addons.vpn.additionalVolumeMounts }} + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- with .Values.addons.vpn.livenessProbe }} +livenessProbe: + {{- toYaml . | nindent 2 }} +{{- end -}} +{{- with .Values.addons.vpn.resources }} +resources: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/charts/common/templates/classes/_HorizontalPodAutoscaler.tpl b/charts/common/templates/classes/_HorizontalPodAutoscaler.tpl new file mode 100644 index 0000000..7be3480 --- /dev/null +++ b/charts/common/templates/classes/_HorizontalPodAutoscaler.tpl @@ -0,0 +1,37 @@ +{{/* +This template serves as a blueprint for horizontal pod autoscaler objects that are created +using the common library. +*/}} +{{- define "common.classes.hpa" -}} + {{- if .Values.autoscaling.enabled -}} + {{- $hpaName := include "common.names.fullname" . -}} + {{- $targetName := include "common.names.fullname" . }} +--- +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ $hpaName }} + labels: {{- include "common.labels" $ | nindent 4 }} + annotations: {{- include "common.annotations" $ | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: {{ include "common.names.controllerType" . }} + name: {{ .Values.autoscaling.target | default $targetName }} + minReplicas: {{ .Values.autoscaling.minReplicas | default 1 }} + maxReplicas: {{ .Values.autoscaling.maxReplicas | default 3 }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- end -}} +{{- end -}} diff --git a/charts/common/templates/classes/_configmap.tpl b/charts/common/templates/classes/_configmap.tpl new file mode 100644 index 0000000..721a2a6 --- /dev/null +++ b/charts/common/templates/classes/_configmap.tpl @@ -0,0 +1,34 @@ +{{/* +This template serves as a blueprint for all configMap objects that are created +within the common library. +*/}} +{{- define "common.classes.configmap" -}} + {{- $fullName := include "common.names.fullname" . -}} + {{- $configMapName := $fullName -}} + {{- $values := .Values.configmap -}} + + {{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.configmap -}} + {{- $values = . -}} + {{- end -}} + {{ end -}} + + {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} + {{- $configMapName = printf "%v-%v" $configMapName $values.nameOverride -}} + {{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $configMapName }} + {{- with (merge ($values.labels | default dict) (include "common.labels" $ | fromYaml)) }} + labels: {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (merge ($values.annotations | default dict) (include "common.annotations" $ | fromYaml)) }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} +data: +{{- with $values.data }} + {{- tpl (toYaml .) $ | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/common/templates/classes/_ingress.tpl b/charts/common/templates/classes/_ingress.tpl new file mode 100644 index 0000000..3cb3c53 --- /dev/null +++ b/charts/common/templates/classes/_ingress.tpl @@ -0,0 +1,82 @@ +{{/* +This template serves as a blueprint for all Ingress objects that are created +within the common library. +*/}} +{{- define "common.classes.ingress" -}} + {{- $fullName := include "common.names.fullname" . -}} + {{- $ingressName := $fullName -}} + {{- $values := .Values.ingress -}} + + {{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.ingress -}} + {{- $values = . -}} + {{- end -}} + {{ end -}} + + {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} + {{- $ingressName = printf "%v-%v" $ingressName $values.nameOverride -}} + {{- end -}} + + {{- $primaryService := get .Values.service (include "common.service.primary" .) -}} + {{- $defaultServiceName := $fullName -}} + {{- if and (hasKey $primaryService "nameOverride") $primaryService.nameOverride -}} + {{- $defaultServiceName = printf "%v-%v" $defaultServiceName $primaryService.nameOverride -}} + {{- end -}} + {{- $defaultServicePort := get $primaryService.ports (include "common.classes.service.ports.primary" (dict "values" $primaryService)) -}} + {{- $isStable := include "common.capabilities.ingress.isStable" . }} +--- +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ $ingressName }} + {{- with (merge ($values.labels | default dict) (include "common.labels" $ | fromYaml)) }} + labels: {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (merge ($values.annotations | default dict) (include "common.annotations" $ | fromYaml)) }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and $isStable $values.ingressClassName }} + ingressClassName: {{ $values.ingressClassName }} + {{- end }} + {{- if $values.tls }} + tls: + {{- range $values.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl .secretName $ | quote}} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range $values.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + {{- $service := $defaultServiceName -}} + {{- $port := $defaultServicePort.port -}} + {{- if .service -}} + {{- $service = default $service .service.name -}} + {{- $port = default $port .service.port -}} + {{- end }} + - path: {{ tpl .path $ | quote }} + {{- if $isStable }} + pathType: {{ default "Prefix" .pathType }} + {{- end }} + backend: + {{- if $isStable }} + service: + name: {{ $service }} + port: + number: {{ $port }} + {{- else }} + serviceName: {{ $service }} + servicePort: {{ $port }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/common/templates/classes/_pvc.tpl b/charts/common/templates/classes/_pvc.tpl new file mode 100644 index 0000000..e04fbd7 --- /dev/null +++ b/charts/common/templates/classes/_pvc.tpl @@ -0,0 +1,45 @@ +{{/* +This template serves as a blueprint for all PersistentVolumeClaim objects that are created +within the common library. +*/}} +{{- define "common.classes.pvc" -}} +{{- $values := .Values.persistence -}} +{{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.persistence -}} + {{- $values = . -}} + {{- end -}} +{{ end -}} +{{- $pvcName := include "common.names.fullname" . -}} +{{- if and (hasKey $values "nameOverride") $values.nameOverride -}} + {{- if not (eq $values.nameOverride "-") -}} + {{- $pvcName = printf "%v-%v" $pvcName $values.nameOverride -}} + {{ end -}} +{{ end }} +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ $pvcName }} + {{- with (merge ($values.labels | default dict) (include "common.labels" $ | fromYaml)) }} + labels: {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- if $values.retain }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with (merge ($values.annotations | default dict) (include "common.annotations" $ | fromYaml)) }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + accessModes: + - {{ required (printf "accessMode is required for PVC %v" $pvcName) $values.accessMode | quote }} + resources: + requests: + storage: {{ required (printf "size is required for PVC %v" $pvcName) $values.size | quote }} + {{- if $values.storageClass }} + storageClassName: {{ if (eq "-" $values.storageClass) }}""{{- else }}{{ $values.storageClass | quote }}{{- end }} + {{- end }} + {{- if $values.volumeName }} + volumeName: {{ $values.volumeName | quote }} + {{- end }} +{{- end -}} diff --git a/charts/common/templates/classes/_service.tpl b/charts/common/templates/classes/_service.tpl new file mode 100644 index 0000000..e290678 --- /dev/null +++ b/charts/common/templates/classes/_service.tpl @@ -0,0 +1,98 @@ +{{/* +This template serves as a blueprint for all Service objects that are created +within the common library. +*/}} +{{- define "common.classes.service" -}} +{{- $values := .Values.service -}} +{{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.service -}} + {{- $values = . -}} + {{- end -}} +{{ end -}} + +{{- $serviceName := include "common.names.fullname" . -}} +{{- if and (hasKey $values "nameOverride") $values.nameOverride -}} + {{- $serviceName = printf "%v-%v" $serviceName $values.nameOverride -}} +{{ end -}} +{{- $svcType := $values.type | default "" -}} +{{- $primaryPort := get $values.ports (include "common.classes.service.ports.primary" (dict "values" $values)) }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $serviceName }} + {{- with (merge ($values.labels | default dict) (include "common.labels" $ | fromYaml)) }} + labels: {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- if eq ( $primaryPort.protocol | default "" ) "HTTPS" }} + traefik.ingress.kubernetes.io/service.serversscheme: https + {{- end }} + {{- with (merge ($values.annotations | default dict) (include "common.annotations" $ | fromYaml)) }} + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if (or (eq $svcType "ClusterIP") (empty $svcType)) }} + type: ClusterIP + {{- if $values.clusterIP }} + clusterIP: {{ $values.clusterIP }} + {{end}} + {{- else if eq $svcType "LoadBalancer" }} + type: {{ $svcType }} + {{- if $values.loadBalancerIP }} + loadBalancerIP: {{ $values.loadBalancerIP }} + {{- end }} + {{- if $values.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{ toYaml $values.loadBalancerSourceRanges | nindent 4 }} + {{- end -}} + {{- else }} + type: {{ $svcType }} + {{- end }} + {{- if $values.externalTrafficPolicy }} + externalTrafficPolicy: {{ $values.externalTrafficPolicy }} + {{- end }} + {{- if $values.sessionAffinity }} + sessionAffinity: {{ $values.sessionAffinity }} + {{- if $values.sessionAffinityConfig }} + sessionAffinityConfig: + {{ toYaml $values.sessionAffinityConfig | nindent 4 }} + {{- end -}} + {{- end }} + {{- with $values.externalIPs }} + externalIPs: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if $values.publishNotReadyAddresses }} + publishNotReadyAddresses: {{ $values.publishNotReadyAddresses }} + {{- end }} + {{- if $values.ipFamilyPolicy }} + ipFamilyPolicy: {{ $values.ipFamilyPolicy }} + {{- end }} + {{- with $values.ipFamilies }} + ipFamilies: + {{ toYaml . | nindent 4 }} + {{- end }} + ports: + {{- range $name, $port := $values.ports }} + {{- if $port.enabled }} + - port: {{ $port.port }} + targetPort: {{ $port.targetPort | default $name }} + {{- if $port.protocol }} + {{- if or ( eq $port.protocol "HTTP" ) ( eq $port.protocol "HTTPS" ) ( eq $port.protocol "TCP" ) }} + protocol: TCP + {{- else }} + protocol: {{ $port.protocol }} + {{- end }} + {{- else }} + protocol: TCP + {{- end }} + name: {{ $name }} + {{- if (and (eq $svcType "NodePort") (not (empty $port.nodePort))) }} + nodePort: {{ $port.nodePort }} + {{ end }} + {{- end }} + {{- end }} + selector: + {{- include "common.labels.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/common/templates/classes/_service_ports.tpl b/charts/common/templates/classes/_service_ports.tpl new file mode 100644 index 0000000..32cae4c --- /dev/null +++ b/charts/common/templates/classes/_service_ports.tpl @@ -0,0 +1,27 @@ +{{/* +Return the primary port for a given Service object. +*/}} +{{- define "common.classes.service.ports.primary" -}} + {{- $enabledPorts := dict -}} + {{- range $name, $port := .values.ports -}} + {{- if $port.enabled -}} + {{- $_ := set $enabledPorts $name . -}} + {{- end -}} + {{- end -}} + + {{- if eq 0 (len $enabledPorts) }} + {{- fail (printf "No ports are enabled for service \"%s\"!" .serviceName) }} + {{- end }} + + {{- $result := "" -}} + {{- range $name, $port := $enabledPorts -}} + {{- if and (hasKey $port "primary") $port.primary -}} + {{- $result = $name -}} + {{- end -}} + {{- end -}} + + {{- if not $result -}} + {{- $result = keys $enabledPorts | first -}} + {{- end -}} + {{- $result -}} +{{- end -}} diff --git a/charts/common/templates/lib/chart/_annotations.tpl b/charts/common/templates/lib/chart/_annotations.tpl new file mode 100644 index 0000000..2c64a36 --- /dev/null +++ b/charts/common/templates/lib/chart/_annotations.tpl @@ -0,0 +1,27 @@ +{{/* Common annotations shared across objects */}} +{{- define "common.annotations" -}} + {{- with .Values.global.annotations }} + {{- range $k, $v := . }} + {{- $name := $k }} + {{- $value := tpl $v $ }} +{{ $name }}: {{ quote $value }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* Determine the Pod annotations used in the controller */}} +{{- define "common.podAnnotations" -}} + {{- if .Values.podAnnotations -}} + {{- tpl (toYaml .Values.podAnnotations) . | nindent 0 -}} + {{- end -}} + + {{- $configMapsFound := false -}} + {{- range $name, $configmap := .Values.configmap -}} + {{- if $configmap.enabled -}} + {{- $configMapsFound = true -}} + {{- end -}} + {{- end -}} + {{- if $configMapsFound -}} + {{- printf "checksum/config: %v" (include ("common.configmap") . | sha256sum) | nindent 0 -}} + {{- end -}} +{{- end -}} diff --git a/charts/common/templates/lib/chart/_capabilities.tpl b/charts/common/templates/lib/chart/_capabilities.tpl new file mode 100644 index 0000000..96de3c1 --- /dev/null +++ b/charts/common/templates/lib/chart/_capabilities.tpl @@ -0,0 +1,19 @@ +{{/* Allow KubeVersion to be overridden. */}} +{{- define "common.capabilities.ingress.kubeVersion" -}} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for Ingress objects */}} +{{- define "common.capabilities.ingress.apiVersion" -}} + {{- print "networking.k8s.io/v1" -}} + {{- if semverCompare "<1.19" (include "common.capabilities.ingress.kubeVersion" .) -}} + {{- print "beta1" -}} + {{- end -}} +{{- end -}} + +{{/* Check Ingress stability */}} +{{- define "common.capabilities.ingress.isStable" -}} + {{- if eq (include "common.capabilities.ingress.apiVersion" .) "networking.k8s.io/v1" -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/charts/common/templates/lib/chart/_labels.tpl b/charts/common/templates/lib/chart/_labels.tpl new file mode 100644 index 0000000..73b5068 --- /dev/null +++ b/charts/common/templates/lib/chart/_labels.tpl @@ -0,0 +1,22 @@ +{{/* Common labels shared across objects */}} +{{- define "common.labels" -}} +helm.sh/chart: {{ include "common.names.chart" . }} +{{ include "common.labels.selectorLabels" . }} + {{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + {{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- with .Values.global.labels }} + {{- range $k, $v := . }} + {{- $name := $k }} + {{- $value := tpl $v $ }} +{{ $name }}: {{ quote $value }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* Selector labels shared across objects */}} +{{- define "common.labels.selectorLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/charts/common/templates/lib/chart/_names.tpl b/charts/common/templates/lib/chart/_names.tpl new file mode 100644 index 0000000..a32d572 --- /dev/null +++ b/charts/common/templates/lib/chart/_names.tpl @@ -0,0 +1,58 @@ +{{/* Expand the name of the chart */}} +{{- define "common.names.name" -}} + {{- $globalNameOverride := "" -}} + {{- if hasKey .Values "global" -}} + {{- $globalNameOverride = (default $globalNameOverride .Values.global.nameOverride) -}} + {{- end -}} + {{- default .Chart.Name (default .Values.nameOverride $globalNameOverride) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} + {{- $name := include "common.names.name" . -}} + {{- $globalFullNameOverride := "" -}} + {{- if hasKey .Values "global" -}} + {{- $globalFullNameOverride = (default $globalFullNameOverride .Values.global.fullnameOverride) -}} + {{- end -}} + {{- if or .Values.fullnameOverride $globalFullNameOverride -}} + {{- $name = default .Values.fullnameOverride $globalFullNameOverride -}} + {{- else -}} + {{- if contains $name .Release.Name -}} + {{- $name = .Release.Name -}} + {{- else -}} + {{- $name = printf "%s-%s" .Release.Name $name -}} + {{- end -}} + {{- end -}} + {{- trunc 63 $name | trimSuffix "-" -}} +{{- end -}} + +{{/* Create chart name and version as used by the chart label */}} +{{- define "common.names.chart" -}} + {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* Create the name of the ServiceAccount to use */}} +{{- define "common.names.serviceAccountName" -}} + {{- if .Values.serviceAccount.create -}} + {{- default (include "common.names.fullname" .) .Values.serviceAccount.name -}} + {{- else -}} + {{- default "default" .Values.serviceAccount.name -}} + {{- end -}} +{{- end -}} + +{{/* Return the properly cased version of the controller type */}} +{{- define "common.names.controllerType" -}} + {{- if eq .Values.controller.type "deployment" -}} + {{- print "Deployment" -}} + {{- else if eq .Values.controller.type "daemonset" -}} + {{- print "DaemonSet" -}} + {{- else if eq .Values.controller.type "statefulset" -}} + {{- print "StatefulSet" -}} + {{- else -}} + {{- fail (printf "Not a valid controller.type (%s)" .Values.controller.type) -}} + {{- end -}} +{{- end -}} diff --git a/charts/common/templates/lib/chart/_values.tpl b/charts/common/templates/lib/chart/_values.tpl new file mode 100644 index 0000000..d3c8413 --- /dev/null +++ b/charts/common/templates/lib/chart/_values.tpl @@ -0,0 +1,9 @@ +{{/* Merge the local chart values and the common chart defaults */}} +{{- define "common.values.setup" -}} + {{- if .Values.common -}} + {{- $defaultValues := deepCopy .Values.common -}} + {{- $userValues := deepCopy (omit .Values "common") -}} + {{- $mergedValues := mustMergeOverwrite $defaultValues $userValues -}} + {{- $_ := set . "Values" (deepCopy $mergedValues) -}} + {{- end -}} +{{- end -}} diff --git a/charts/common/templates/lib/controller/_container.tpl b/charts/common/templates/lib/controller/_container.tpl new file mode 100644 index 0000000..9c7ba81 --- /dev/null +++ b/charts/common/templates/lib/controller/_container.tpl @@ -0,0 +1,62 @@ +{{- /* The main container included in the controller */ -}} +{{- define "common.controller.mainContainer" -}} +- name: {{ include "common.names.fullname" . }} + image: {{ printf "%s:%s" .Values.image.repository (default .Chart.AppVersion .Values.image.tag) | quote }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.command }} + command: + {{- if kindIs "string" . }} + - {{ . }} + {{- else }} + {{ toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- with .Values.args }} + args: + {{- if kindIs "string" . }} + - {{ . }} + {{- else }} + {{ toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.lifecycle }} + lifecycle: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.termination.messagePath }} + terminationMessagePath: {{ . }} + {{- end }} + {{- with .Values.termination.messagePolicy }} + terminationMessagePolicy: {{ . }} + {{- end }} + + {{- with .Values.env }} + env: + {{- get (fromYaml (include "common.controller.env_vars" $)) "env" | toYaml | nindent 4 -}} + {{- end }} + {{- if or .Values.envFrom .Values.secret }} + envFrom: + {{- with .Values.envFrom }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.secret }} + - secretRef: + name: {{ include "common.names.fullname" . }} + {{- end }} + {{- end }} + ports: + {{- include "common.controller.ports" . | trim | nindent 4 }} + {{- with (include "common.controller.volumeMounts" . | trim) }} + volumeMounts: + {{- nindent 4 . }} + {{- end }} + {{- include "common.controller.probes" . | trim | nindent 2 }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/common/templates/lib/controller/_env_vars.tpl b/charts/common/templates/lib/controller/_env_vars.tpl new file mode 100644 index 0000000..ab4ed68 --- /dev/null +++ b/charts/common/templates/lib/controller/_env_vars.tpl @@ -0,0 +1,43 @@ +{{/* +Environment variables used by containers. +*/}} +{{- define "common.controller.env_vars" -}} + {{- $values := .Values.env -}} + {{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.env -}} + {{- $values = . -}} + {{- end -}} + {{- end -}} + + {{- with $values -}} + {{- $result := list -}} + {{- range $k, $v := . -}} + {{- $name := $k -}} + {{- $value := $v -}} + {{- if kindIs "int" $name -}} + {{- $name = required "environment variables as a list of maps require a name field" $value.name -}} + {{- end -}} + + {{- if kindIs "map" $value -}} + {{- if hasKey $value "value" -}} + {{- $envValue := $value.value | toString -}} + {{- $result = append $result (dict "name" $name "value" (tpl $envValue $)) -}} + {{- else if hasKey $value "valueFrom" -}} + {{- $result = append $result (dict "name" $name "valueFrom" $value.valueFrom) -}} + {{- else -}} + {{- $result = append $result (dict "name" $name "valueFrom" $value) -}} + {{- end -}} + {{- end -}} + {{- if not (kindIs "map" $value) -}} + {{- if kindIs "string" $value -}} + {{- $result = append $result (dict "name" $name "value" (tpl $value $)) -}} + {{- else if or (kindIs "float64" $value) (kindIs "bool" $value) -}} + {{- $result = append $result (dict "name" $name "value" ($value | toString)) -}} + {{- else -}} + {{- $result = append $result (dict "name" $name "value" $value) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- toYaml (dict "env" $result) | nindent 0 -}} + {{- end -}} +{{- end -}} diff --git a/charts/common/templates/lib/controller/_pod.tpl b/charts/common/templates/lib/controller/_pod.tpl new file mode 100644 index 0000000..a6e2199 --- /dev/null +++ b/charts/common/templates/lib/controller/_pod.tpl @@ -0,0 +1,105 @@ +{{- /* +The pod definition included in the controller. +*/ -}} +{{- define "common.controller.pod" -}} + {{- with .Values.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} + {{- end }} +serviceAccountName: {{ include "common.names.serviceAccountName" . }} +automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} + {{- with .Values.podSecurityContext }} +securityContext: + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.priorityClassName }} +priorityClassName: {{ . }} + {{- end }} + {{- with .Values.runtimeClassName }} +runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.schedulerName }} +schedulerName: {{ . }} + {{- end }} + {{- with .Values.hostNetwork }} +hostNetwork: {{ . }} + {{- end }} + {{- with .Values.hostname }} +hostname: {{ . }} + {{- end }} + {{- if .Values.dnsPolicy }} +dnsPolicy: {{ .Values.dnsPolicy }} + {{- else if .Values.hostNetwork }} +dnsPolicy: ClusterFirstWithHostNet + {{- else }} +dnsPolicy: ClusterFirst + {{- end }} + {{- with .Values.dnsConfig }} +dnsConfig: + {{- toYaml . | nindent 2 }} + {{- end }} +enableServiceLinks: {{ .Values.enableServiceLinks }} + {{- with .Values.termination.gracePeriodSeconds }} +terminationGracePeriodSeconds: {{ . }} + {{- end }} + {{- if .Values.initContainers }} +initContainers: + {{- $initContainers := list }} + {{- range $index, $key := (keys .Values.initContainers | uniq | sortAlpha) }} + {{- $container := get $.Values.initContainers $key }} + {{- if not $container.name -}} + {{- $_ := set $container "name" $key }} + {{- end }} + {{- if $container.env -}} + {{- $_ := set $ "ObjectValues" (dict "env" $container.env) -}} + {{- $newEnv := fromYaml (include "common.controller.env_vars" $) -}} + {{- $_ := unset $.ObjectValues "env" -}} + {{- $_ := set $container "env" $newEnv.env }} + {{- end }} + {{- $initContainers = append $initContainers $container }} + {{- end }} + {{- tpl (toYaml $initContainers) $ | nindent 2 }} + {{- end }} +containers: + {{- include "common.controller.mainContainer" . | nindent 2 }} + {{- with .Values.additionalContainers }} + {{- $additionalContainers := list }} + {{- range $name, $container := . }} + {{- if not $container.name -}} + {{- $_ := set $container "name" $name }} + {{- end }} + {{- if $container.env -}} + {{- $_ := set $ "ObjectValues" (dict "env" $container.env) -}} + {{- $newEnv := fromYaml (include "common.controller.env_vars" $) -}} + {{- $_ := set $container "env" $newEnv.env }} + {{- $_ := unset $.ObjectValues "env" -}} + {{- end }} + {{- $additionalContainers = append $additionalContainers $container }} + {{- end }} + {{- tpl (toYaml $additionalContainers) $ | nindent 2 }} + {{- end }} + {{- with (include "common.controller.volumes" . | trim) }} +volumes: + {{- nindent 2 . }} + {{- end }} + {{- with .Values.hostAliases }} +hostAliases: + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.nodeSelector }} +nodeSelector: + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.affinity }} +affinity: + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} +topologySpreadConstraints: + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.tolerations }} +tolerations: + {{- toYaml . | nindent 2 }} + {{- end }} +{{- end -}} diff --git a/charts/common/templates/lib/controller/_ports.tpl b/charts/common/templates/lib/controller/_ports.tpl new file mode 100644 index 0000000..5394690 --- /dev/null +++ b/charts/common/templates/lib/controller/_ports.tpl @@ -0,0 +1,36 @@ +{{/* +Ports included by the controller. +*/}} +{{- define "common.controller.ports" -}} + {{- $ports := list -}} + {{- range .Values.service -}} + {{- if .enabled -}} + {{- range $name, $port := .ports -}} + {{- $_ := set $port "name" $name -}} + {{- $ports = mustAppend $ports $port -}} + {{- end }} + {{- end }} + {{- end }} + +{{/* export/render the list of ports */}} +{{- if $ports -}} +{{- range $_ := $ports }} +{{- if .enabled }} +- name: {{ .name }} + {{- if and .targetPort (kindIs "string" .targetPort) }} + {{- fail (printf "Our charts do not support named ports for targetPort. (port name %s, targetPort %s)" .name .targetPort) }} + {{- end }} + containerPort: {{ .targetPort | default .port }} + {{- if .protocol }} + {{- if or ( eq .protocol "HTTP" ) ( eq .protocol "HTTPS" ) ( eq .protocol "TCP" ) }} + protocol: TCP + {{- else }} + protocol: {{ .protocol }} + {{- end }} + {{- else }} + protocol: TCP + {{- end }} +{{- end}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/common/templates/lib/controller/_probes.tpl b/charts/common/templates/lib/controller/_probes.tpl new file mode 100644 index 0000000..3b64a5e --- /dev/null +++ b/charts/common/templates/lib/controller/_probes.tpl @@ -0,0 +1,33 @@ +{{/* +Probes selection logic. +*/}} +{{- define "common.controller.probes" -}} +{{- $primaryService := get .Values.service (include "common.service.primary" .) -}} +{{- $primaryPort := "" -}} +{{- if $primaryService -}} + {{- $primaryPort = get $primaryService.ports (include "common.classes.service.ports.primary" (dict "serviceName" (include "common.service.primary" .) "values" $primaryService)) -}} +{{- end -}} + +{{- range $probeName, $probe := .Values.probes }} + {{- if $probe.enabled -}} + {{- "" | nindent 0 }} + {{- $probeName }}Probe: + {{- if $probe.custom -}} + {{- $probe.spec | toYaml | nindent 2 }} + {{- else }} + {{- if and $primaryService $primaryPort -}} + {{- "tcpSocket:" | nindent 2 }} + {{- if $primaryPort.targetPort }} + {{- printf "port: %v" $primaryPort.targetPort | nindent 4 }} + {{- else}} + {{- printf "port: %v" $primaryPort.port | nindent 4 }} + {{- end }} + {{- printf "initialDelaySeconds: %v" $probe.spec.initialDelaySeconds | nindent 2 }} + {{- printf "failureThreshold: %v" $probe.spec.failureThreshold | nindent 2 }} + {{- printf "timeoutSeconds: %v" $probe.spec.timeoutSeconds | nindent 2 }} + {{- printf "periodSeconds: %v" $probe.spec.periodSeconds | nindent 2 }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/common/templates/lib/controller/_volumemounts.tpl b/charts/common/templates/lib/controller/_volumemounts.tpl new file mode 100644 index 0000000..8b05c9e --- /dev/null +++ b/charts/common/templates/lib/controller/_volumemounts.tpl @@ -0,0 +1,56 @@ +{{/* Volumes included by the controller */}} +{{- define "common.controller.volumeMounts" -}} + {{- range $persistenceIndex, $persistenceItem := .Values.persistence }} + {{- if $persistenceItem.enabled -}} + {{- if kindIs "slice" $persistenceItem.subPath -}} + {{- if $persistenceItem.mountPath -}} + {{- fail (printf "Cannot use persistence.mountPath with a subPath list (%s)" $persistenceIndex) }} + {{- end -}} + {{- range $subPathIndex, $subPathItem := $persistenceItem.subPath }} +- name: {{ $persistenceIndex }} + subPath: {{ required "subPaths as a list of maps require a path field" $subPathItem.path }} + mountPath: {{ required "subPaths as a list of maps require an explicit mountPath field" $subPathItem.mountPath }} + {{- with $subPathItem.readOnly }} + readOnly: {{ . }} + {{- end }} + {{- with $subPathItem.mountPropagation }} + mountPropagation: {{ . }} + {{- end }} + {{- end -}} + {{- else -}} + {{/* Set the default mountPath to / */}} + {{- $mountPath := (printf "/%v" $persistenceIndex) -}} + {{- if eq "hostPath" (default "pvc" $persistenceItem.type) -}} + {{- $mountPath = $persistenceItem.hostPath -}} + {{- end -}} + {{/* Use the specified mountPath if provided */}} + {{- with $persistenceItem.mountPath -}} + {{- $mountPath = . -}} + {{- end }} + {{- if ne $mountPath "-" }} +- name: {{ $persistenceIndex }} + mountPath: {{ $mountPath }} + {{- with $persistenceItem.subPath }} + subPath: {{ . }} + {{- end }} + {{- with $persistenceItem.readOnly }} + readOnly: {{ . }} + {{- end }} + {{- with $persistenceItem.mountPropagation }} + mountPropagation: {{ . }} + {{- end }} + {{- end }} + {{- end -}} + {{- end -}} + {{- end }} + + {{- if eq .Values.controller.type "statefulset" }} + {{- range $index, $vct := .Values.volumeClaimTemplates }} +- mountPath: {{ $vct.mountPath }} + name: {{ $vct.name }} + {{- if $vct.subPath }} + subPath: {{ $vct.subPath }} + {{- end }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/charts/common/templates/lib/controller/_volumes.tpl b/charts/common/templates/lib/controller/_volumes.tpl new file mode 100644 index 0000000..1a077ae --- /dev/null +++ b/charts/common/templates/lib/controller/_volumes.tpl @@ -0,0 +1,68 @@ +{{/* +Volumes included by the controller. +*/}} +{{- define "common.controller.volumes" -}} +{{- range $index, $persistence := .Values.persistence }} +{{- if $persistence.enabled }} +- name: {{ $index }} + {{- if eq (default "pvc" $persistence.type) "pvc" }} + {{- $pvcName := (include "common.names.fullname" $) -}} + {{- if $persistence.existingClaim }} + {{- /* Always prefer an existingClaim if that is set */}} + {{- $pvcName = $persistence.existingClaim -}} + {{- else -}} + {{- /* Otherwise refer to the PVC name */}} + {{- if $persistence.nameOverride -}} + {{- if not (eq $persistence.nameOverride "-") -}} + {{- $pvcName = (printf "%s-%s" (include "common.names.fullname" $) $persistence.nameOverride) -}} + {{- end -}} + {{- else -}} + {{- $pvcName = (printf "%s-%s" (include "common.names.fullname" $) $index) -}} + {{- end -}} + {{- end }} + persistentVolumeClaim: + claimName: {{ $pvcName }} + {{- else if or (eq $persistence.type "configMap") (eq $persistence.type "secret") }} + {{- $objectName := (required (printf "name not set for persistence item %s" $index) $persistence.name) }} + {{- $objectName = tpl $objectName $ }} + {{- if eq $persistence.type "configMap" }} + configMap: + name: {{ $objectName }} + {{- else }} + secret: + secretName: {{ $objectName }} + {{- end }} + {{- with $persistence.defaultMode }} + defaultMode: {{ . }} + {{- end }} + {{- with $persistence.items }} + items: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- else if eq $persistence.type "emptyDir" }} + {{- $emptyDir := dict -}} + {{- with $persistence.medium -}} + {{- $_ := set $emptyDir "medium" . -}} + {{- end -}} + {{- with $persistence.sizeLimit -}} + {{- $_ := set $emptyDir "sizeLimit" . -}} + {{- end }} + emptyDir: {{- $emptyDir | toYaml | nindent 4 }} + {{- else if eq $persistence.type "hostPath" }} + hostPath: + path: {{ required "hostPath not set" $persistence.hostPath }} + {{- with $persistence.hostPathType }} + type: {{ . }} + {{- end }} + {{- else if eq $persistence.type "nfs" }} + nfs: + server: {{ required "server not set" $persistence.server }} + path: {{ required "path not set" $persistence.path }} + {{- else if eq $persistence.type "custom" }} + {{- toYaml $persistence.volumeSpec | nindent 2 }} + {{- else }} + {{- fail (printf "Not a valid persistence.type (%s)" .Values.persistence.type) }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/common/values.yaml b/charts/common/values.yaml new file mode 100644 index 0000000..2dd7cd0 --- /dev/null +++ b/charts/common/values.yaml @@ -0,0 +1,763 @@ +global: + # -- Set an override for the prefix of the fullname + nameOverride: + # -- Set the entire name definition + fullnameOverride: + # -- Set additional global labels. Helm templates can be used. + labels: {} + # -- Set additional global annotations. Helm templates can be used. + annotations: {} + +controller: + # -- enable the controller. + enabled: true + # -- Set the controller type. + # Valid options are deployment, daemonset or statefulset + type: deployment + # -- Set annotations on the deployment/statefulset/daemonset + annotations: {} + # -- Set labels on the deployment/statefulset/daemonset + labels: {} + # -- Number of desired pods + replicas: 1 + # -- Set the controller upgrade strategy + # For Deployments, valid values are Recreate (default) and RollingUpdate. + # For StatefulSets, valid values are OnDelete and RollingUpdate (default). + # DaemonSets ignore this. + strategy: + rollingUpdate: + # -- Set deployment RollingUpdate max unavailable + unavailable: + # -- Set deployment RollingUpdate max surge + surge: + # -- Set statefulset RollingUpdate partition + partition: + # -- ReplicaSet revision history limit + revisionHistoryLimit: 3 + # -- Set statefulset podManagementPolicy, valid values are Parallel and OrderedReady (default). + podManagementPolicy: + +image: + # -- image repository + repository: + # -- image tag + tag: + # -- image pull policy + pullPolicy: + +# -- Set image pull secrets +imagePullSecrets: [] + +# -- Override the command(s) for the default container +command: [] +# -- Override the args for the default container +args: [] + +# -- Set annotations on the pod +podAnnotations: {} + +# -- Set labels on the pod +podLabels: {} + +# -- Add a Horizontal Pod Autoscaler +# @default -- +autoscaling: + enabled: false + target: # deploymentname + minReplicas: # 1 + maxReplicas: # 100 + targetCPUUtilizationPercentage: # 80 + targetMemoryUtilizationPercentage: # 80 + +serviceAccount: + # -- Specifies whether a service account should be created + create: false + + # -- Annotations to add to the service account + annotations: {} + + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +# -- Specifies whether a service account token should be automatically mounted. +automountServiceAccountToken: true + +# -- Use this to populate a secret with the values you specify. +# Be aware that these values are not encrypted by default, and could therefore visible +# to anybody with access to the values.yaml file. +secret: {} + # PASSWORD: my-password + +# -- Configure configMaps for the chart here. +# Additional configMaps can be added by adding a dictionary key similar to the 'config' object. +# @default -- See below +configmap: + config: + # -- Enables or disables the configMap + enabled: false + # -- Labels to add to the configMap + labels: {} + # -- Annotations to add to the configMap + annotations: {} + # -- configMap data content. Helm template enabled. + data: {} + # foo: bar + +# -- Main environment variables. Template enabled. +# Syntax options: +# A) TZ: UTC +# B) PASSWD: '{{ .Release.Name }}' +# C) PASSWD: +# configMapKeyRef: +# name: config-map-name +# key: key-name +# D) PASSWD: +# valueFrom: +# secretKeyRef: +# name: secret-name +# key: key-name +# ... +# E) - name: TZ +# value: UTC +# F) - name: TZ +# value: '{{ .Release.Name }}' +env: + +# -- Secrets and/or ConfigMaps that will be loaded as environment variables. +# [[ref]](https://unofficial-kubernetes.readthedocs.io/en/latest/tasks/configure-pod-container/configmap/#use-case-consume-configmap-in-environment-variables) +envFrom: [] +# - configMapRef: +# name: config-map-name +# - secretRef: +# name: secret-name + +# -- Custom priority class for different treatment by the scheduler +priorityClassName: # system-node-critical + +# -- Allow specifying a runtimeClassName other than the default one (ie: nvidia) +runtimeClassName: # nvidia + +# -- Allows specifying a custom scheduler name +schedulerName: # awkward-dangerous-scheduler + +# -- Allows specifying explicit hostname setting +hostname: + +# -- When using hostNetwork make sure you set dnsPolicy to `ClusterFirstWithHostNet` +hostNetwork: false + +# -- Defaults to "ClusterFirst" if hostNetwork is false and "ClusterFirstWithHostNet" if hostNetwork is true. +dnsPolicy: # ClusterFirst + +# -- Optional DNS settings, configuring the ndots option may resolve nslookup issues on some Kubernetes setups. +dnsConfig: {} +# options: +# - name: ndots +# value: "1" + +# -- Enable/disable the generation of environment variables for services. +# [[ref]](https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service) +enableServiceLinks: true + +# -- Configure the Security Context for the Pod +podSecurityContext: {} + +# -- Configure the Security Context for the main container +securityContext: {} + +# -- Configure the lifecycle for the main container +lifecycle: {} + +# -- Specify any initContainers here as dictionary items. Each initContainer should have its own key. +# The dictionary item key will determine the order. Helm templates can be used. +initContainers: {} + +# -- Specify any additional containers here as dictionary items. Each additional container should have its own key. +# Helm templates can be used. +additionalContainers: {} + +# -- Probe configuration +# -- [[ref]](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) +# @default -- See below +probes: + # -- Liveness probe configuration + # @default -- See below + liveness: + # -- Enable the liveness probe + enabled: true + # -- Set this to `true` if you wish to specify your own livenessProbe + custom: false + # -- The spec field contains the values for the default livenessProbe. + # If you selected `custom: true`, this field holds the definition of the livenessProbe. + # @default -- See below + spec: + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + + # -- Redainess probe configuration + # @default -- See below + readiness: + # -- Enable the readiness probe + enabled: true + # -- Set this to `true` if you wish to specify your own readinessProbe + custom: false + # -- The spec field contains the values for the default readinessProbe. + # If you selected `custom: true`, this field holds the definition of the readinessProbe. + # @default -- See below + spec: + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + + # -- Startup probe configuration + # @default -- See below + startup: + # -- Enable the startup probe + enabled: true + # -- Set this to `true` if you wish to specify your own startupProbe + custom: false + # -- The spec field contains the values for the default startupProbe. + # If you selected `custom: true`, this field holds the definition of the startupProbe. + # @default -- See below + spec: + initialDelaySeconds: 0 + timeoutSeconds: 1 + ## This means it has a maximum of 5*30=150 seconds to start up before it fails + periodSeconds: 5 + failureThreshold: 30 + +termination: + # -- Configure the path at which the file to which the main container's termination message will be written. + # -- [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle-1)] + messagePath: + + # -- Indicate how the main container's termination message should be populated. + # Valid options are `File` and `FallbackToLogsOnError`. + # -- [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle-1)] + messagePolicy: + + # -- Duration in seconds the pod needs to terminate gracefully + # -- [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle)] + gracePeriodSeconds: + +# -- Configure the services for the chart here. +# Additional services can be added by adding a dictionary key similar to the 'main' service. +# @default -- See below +service: + main: + # -- Enables or disables the service + enabled: true + + # -- Make this the primary service (used in probes, notes, etc...). + # If there is more than 1 service, make sure that only 1 service is marked as primary. + primary: true + + # -- Override the name suffix that is used for this service + nameOverride: + + # -- Set the service type + type: ClusterIP + + # -- Specify the externalTrafficPolicy for the service. Options: Cluster, Local + # -- [[ref](https://kubernetes.io/docs/tutorials/services/source-ip/)] + externalTrafficPolicy: + + # -- Specify the ip policy. Options: SingleStack, PreferDualStack, RequireDualStack + ipFamilyPolicy: + # -- The ip families that should be used. Options: IPv4, IPv6 + ipFamilies: [] + + # -- Provide additional annotations which may be required. + annotations: {} + + # -- Provide additional labels which may be required. + labels: {} + + # -- Configure the Service port information here. + # Additional ports can be added by adding a dictionary key similar to the 'http' service. + # @default -- See below + ports: + http: + # -- Enables or disables the port + enabled: true + + # -- Make this the primary port (used in probes, notes, etc...) + # If there is more than 1 service, make sure that only 1 port is marked as primary. + primary: true + + # -- The port number + port: + + # -- Port protocol. + # Support values are `HTTP`, `HTTPS`, `TCP` and `UDP`. + # HTTPS and HTTPS spawn a TCP service and get used for internal URL and name generation + protocol: HTTP + + # -- Specify a service targetPort if you wish to differ the service port from the application port. + # If `targetPort` is specified, this port number is used in the container definition instead of + # the `port` value. Therefore named ports are not supported for this field. + targetPort: + + # -- Specify the nodePort value for the LoadBalancer and NodePort service types. + # [[ref]](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) + nodePort: + +# -- Configure the ingresses for the chart here. +# Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress. +# @default -- See below +ingress: + main: + # -- Enables or disables the ingress + enabled: false + + # -- Make this the primary ingress (used in probes, notes, etc...). + # If there is more than 1 ingress, make sure that only 1 ingress is marked as primary. + primary: true + + # -- Override the name suffix that is used for this ingress. + nameOverride: + + # -- Provide additional annotations which may be required. + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + + # -- Provide additional labels which may be required. + labels: {} + + # -- Set the ingressClass that is used for this ingress. + # Requires Kubernetes >=1.19 + ingressClassName: # "nginx" + + ## Configure the hosts for the ingress + hosts: + - # -- Host address. Helm template can be passed. + host: chart-example.local + ## Configure the paths for the host + paths: + - # -- Path. Helm template can be passed. + path: / + # -- Ignored if not kubeVersion >= 1.14-0 + pathType: Prefix + service: + # -- Overrides the service name reference for this path + name: + # -- Overrides the service port reference for this path + port: + + # -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template. + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +# -- Configure persistence for the chart here. +# Additional items can be added by adding a dictionary key similar to the 'config' key. +# [[ref]](http://docs.k8s-at-home.com/our-helm-charts/common-library-storage) +# @default -- See below +persistence: + # -- Default persistence for configuration files. + # @default -- See below + config: + # -- Enables or disables the persistence item + enabled: false + + # -- Sets the persistence type + # Valid options are pvc, emptyDir, hostPath, secret, configMap or custom + type: pvc + + # -- Where to mount the volume in the main container. + # Defaults to `/`, + # setting to '-' creates the volume but disables the volumeMount. + mountPath: # /config + # -- Specify if the volume should be mounted read-only. + readOnly: false + # -- Override the name suffix that is used for this volume. + nameOverride: + + # -- Storage Class for the config volume. + # If set to `-`, dynamic provisioning is disabled. + # If set to something else, the given storageClass is used. + # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. + storageClass: # "-" + + # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here. + existingClaim: # your-claim + + # -- Used in conjunction with `existingClaim`. Specifies a sub-path inside the referenced volume instead of its root + subPath: # some-subpath + + # -- AccessMode for the persistent volume. + # Make sure to select an access mode that is supported by your storage provider! + # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) + accessMode: ReadWriteOnce + + # -- The amount of storage that is requested for the persistent volume. + size: 1Gi + + # -- Set to true to retain the PVC upon `helm uninstall` + retain: false + + # -- Create an emptyDir volume to share between all containers + # [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) + # @default -- See below + shared: + enabled: false + type: emptyDir + mountPath: /shared + + # -- Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead + # of the storage medium that backs the node. + medium: # Memory + + # -- If the `SizeMemoryBackedVolumes` feature gate is enabled, you can + # specify a size for memory backed volumes. + sizeLimit: # 1Gi + +# -- Used in conjunction with `controller.type: statefulset` to create individual disks for each instance. +volumeClaimTemplates: [] +# - name: data +# mountPath: /data +# accessMode: "ReadWriteOnce" +# size: 1Gi +# - name: backup +# mountPath: /backup +# subPath: theSubPath +# accessMode: "ReadWriteOnce" +# size: 2Gi +# storageClass: cheap-storage-class + +# -- Node selection constraint +# [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) +nodeSelector: {} + +# -- Defines affinity constraint rules. +# [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) +affinity: {} + +# -- Defines topologySpreadConstraint rules. +# [[ref]](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) +topologySpreadConstraints: [] +# - maxSkew: +# topologyKey: +# whenUnsatisfiable: +# labelSelector: + +# -- Specify taint tolerations +# [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) +tolerations: [] + +# -- Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames. +# [[ref]](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/) +hostAliases: [] +# - ip: "192.168.1.100" +# hostnames: +# - "example.com" +# - "www.example.com" + +# -- Set the resource requests / limits for the main container. +resources: {} + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# -- The common chart supports several add-ons. These can be configured under this key. +# @default -- See below +addons: + + # -- The common chart supports adding a VPN add-on. It can be configured under this key. + # For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#wireguard-vpn) + # @default -- See values.yaml + vpn: + # -- Enable running a VPN in the pod to route traffic through a VPN + enabled: false + + # -- Specify the VPN type. Valid options are `openvpn`, `wireguard` and `gluetun`. + type: openvpn + + # -- OpenVPN specific configuration + # @default -- See below + openvpn: + image: + # -- Specify the openvpn client image + repository: dperson/openvpn-client + # -- Specify the openvpn client image tag + tag: latest + # -- Specify the openvpn client image pull policy + pullPolicy: IfNotPresent + + # -- Credentials to connect to the VPN Service (used with -a) + auth: # "user;password" + # -- Optionally specify an existing secret that contains the credentials. + # Credentials should be stored under the `VPN_AUTH` key + authSecret: # my-vpn-secret + + # -- WireGuard specific configuration + # @default -- See below + wireguard: + image: + # -- Specify the WireGuard image + repository: ghcr.io/k8s-at-home/wireguard + # -- Specify the WireGuard image tag + tag: v1.0.20210914 + # -- Specify the WireGuard image pull policy + pullPolicy: IfNotPresent + + # -- Gluetun specific configuration + # -- Make sure to read the [documentation](https://github.com/qdm12/gluetun/wiki) to see how to configure this addon! + # @default -- See below + gluetun: + image: + # -- Specify the Gluetun image + repository: docker.io/qmcgaw/gluetun + # -- Specify the Gluetun image tag + tag: v3.30.0 + # -- Specify the Gluetun image pull policy + pullPolicy: IfNotPresent + + # -- Set the VPN container securityContext + # @default -- See values.yaml + securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + + # -- All variables specified here will be added to the vpn sidecar container + # See the documentation of the VPN image for all config values + env: {} + # TZ: UTC + + # -- Override the args for the vpn sidecar container + args: [] + + # -- Provide a customized vpn configuration file to be used by the VPN. + configFile: # |- + # Some Example Config + # remote greatvpnhost.com 8888 + # auth-user-pass + # Cipher AES + + # -- Reference an existing secret that contains the VPN configuration file + # The chart expects it to be present under the `vpnConfigfile` key. + configFileSecret: + + # -- Provide custom up/down scripts that can be used by the vpn configuration. + # @default -- See values.yaml + scripts: + # @default -- See below + up: # |- + # #!/bin/bash + # echo "connected" > /shared/vpnstatus + + # @default -- See below + down: # |- + # #!/bin/bash + # echo "disconnected" > /shared/vpnstatus + + additionalVolumeMounts: [] + + # -- Optionally specify a livenessProbe, e.g. to check if the connection is still + # being protected by the VPN + livenessProbe: {} + # exec: + # command: + # - sh + # - -c + # - if [ $(curl -s https://ipinfo.io/country) == 'US' ]; then exit 0; else exit $?; fi + # initialDelaySeconds: 30 + # periodSeconds: 60 + # failureThreshold: 1 + + networkPolicy: + # -- If set to true, will deploy a network policy that blocks all outbound + # traffic except traffic specified as allowed + enabled: false + + # -- Provide additional annotations which may be required. + annotations: {} + + # -- Provide additional labels which may be required. + labels: {} + + # -- Provide additional podSelector labels which may be required. + podSelectorLabels: {} + + # -- The egress configuration for your network policy, All outbound traffic + # from the pod will be blocked unless specified here. + # [[ref]](https://kubernetes.io/docs/concepts/services-networking/network-policies/) + # [[recipes]](https://github.com/ahmetb/kubernetes-network-policy-recipes) + egress: + # - to: + # - ipBlock: + # cidr: 0.0.0.0/0 + # ports: + # - port: 53 + # protocol: UDP + # - port: 53 + # protocol: TCP + + # -- The common library supports adding a code-server add-on to access files. It can be configured under this key. + # For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#code-server) + # @default -- See values.yaml + codeserver: + # -- Enable running a code-server container in the pod + enabled: false + + image: + # -- Specify the code-server image + repository: ghcr.io/coder/code-server + # -- Specify the code-server image tag + tag: 4.5.1 + # -- Specify the code-server image pull policy + pullPolicy: IfNotPresent + + # -- Set any environment variables for code-server here + env: {} + # TZ: UTC + + # -- Set codeserver command line arguments. + # Consider setting --user-data-dir to a persistent location to preserve code-server setting changes + args: + - --auth + - none + # - --user-data-dir + # - "/config/.vscode" + + # -- Specify a list of volumes that get mounted in the code-server container. + # At least 1 volumeMount is required! + volumeMounts: [] + # - name: config + # mountPath: /data/config + + # -- Specify the working dir that will be opened when code-server starts + # If not given, the app will default to the mountpah of the first specified volumeMount + workingDir: "" + + # -- Optionally allow access a Git repository by passing in a private SSH key + # @default -- See below + git: + # -- Raw SSH private key + deployKey: "" + # -- Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence. + deployKeyBase64: "" + # -- Existing secret containing SSH private key + # The chart expects it to be present under the `id_rsa` key. + deployKeySecret: "" + + service: + # -- Enable a service for the code-server add-on. + enabled: true + type: ClusterIP + # Specify the default port information + ports: + codeserver: + port: 12321 + enabled: true + protocol: TCP + targetPort: codeserver + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + annotations: {} + labels: {} + + ingress: + # -- Enable an ingress for the code-server add-on. + enabled: false + + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + + labels: {} + + # -- Set the ingressClass that is used for this ingress. + # Requires Kubernetes >=1.19 + ingressClassName: # "nginx" + + hosts: + - host: code.chart-example.local + paths: + - path: / + # Ignored if not kubeVersion >= 1.14-0 + pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - code.chart-example.local + + securityContext: + runAsUser: 0 + + # -- The common library supports adding a promtail add-on to to access logs and ship them to loki. It can be configured under this key. + # @default -- See values.yaml + promtail: + # -- Enable running a promtail container in the pod + enabled: false + + image: + # -- Specify the promtail image + repository: docker.io/grafana/promtail + # -- Specify the promtail image tag + tag: 2.6.1 + # -- Specify the promtail image pull policy + pullPolicy: IfNotPresent + + # -- Set any environment variables for promtail here + env: {} + + # -- Set promtail command line arguments + args: [] + + # -- The URL to Loki + loki: "" + + # -- The paths to logs on the volume + logs: [] + # - name: log + # path: /config/logs/*.log + + # -- Specify a list of volumes that get mounted in the promtail container. + # At least 1 volumeMount is required! + volumeMounts: [] + # - name: config + # mountPath: /config + # readOnly: true + + securityContext: + runAsUser: 0 + + # -- The common library supports adding a netshoot add-on to troubleshoot network issues within a Pod. It can be configured under this key. + # @default -- See values.yaml + netshoot: + # -- Enable running a netshoot container in the pod + enabled: false + + image: + # -- Specify the netshoot image + repository: ghcr.io/nicolaka/netshoot + # -- Specify the netshoot image tag + tag: v0.7 + # -- Specify the netshoot image pull policy + pullPolicy: IfNotPresent + + # -- Set any environment variables for netshoot here + env: {} + + securityContext: + capabilities: + add: + - NET_ADMIN