add an example library

This commit is contained in:
kjeld Schouten-Lebbing 2021-05-08 12:42:35 +02:00
parent cb1c04726c
commit 1e939116ce
No known key found for this signature in database
GPG Key ID: 4CDAD4A532BC1EDB
37 changed files with 2608 additions and 0 deletions

View File

@ -7,4 +7,6 @@ It contains:
- Basic required files
- 3 example Trains (charts, stable and test)
- 1 example app in each train (each based on TrueCharts)
- 1 library train (which is not processed by CI
- 1 example library (common)
- Basic CI to test PR's and catalog-health

View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

26
library/common/Chart.yaml Normal file
View File

@ -0,0 +1,26 @@
apiVersion: v2
kubeVersion: ">=1.16.0-0"
name: common
version: 3.5.5
# upstream_version:
appVersion: none
description: Function library for TrueCharts
type: library
deprecated: false
home: https://github.com/truecharts/apps/tree/master/common
icon: https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png
keywords:
- truecharts
- library-chart
- common
sources:
- https://github.com/truecharts/apps/tree/master/library/common
# dependencies:
maintainers:
- name: TrueCharts
email: info@truecharts.org
url: truecharts.org
- name: Ornias1993
email: kjeld@schouten-lebbing.nl
url: truecharts.org
# annotations:

151
library/common/README.md Normal file
View File

@ -0,0 +1,151 @@
# common
![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square)
Function library for TrueCharts
**Homepage:** <https://github.com/truecharts/apps/tree/master/common>
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| truecharts | | |
## Requirements
Kubernetes: `>=1.16.0-0`
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| PGID | int | `568` | |
| PUID | int | `568` | |
| UMASK | string | `"002"` | |
| additionalContainers | list | `[]` | |
| additionalVolumeMounts | list | `[]` | |
| additionalVolumes | list | `[]` | |
| addons.codeserver.args[0] | string | `"--auth"` | |
| addons.codeserver.args[1] | string | `"none"` | |
| addons.codeserver.enabled | bool | `false` | |
| addons.codeserver.env | object | `{}` | |
| addons.codeserver.image.pullPolicy | string | `"IfNotPresent"` | |
| addons.codeserver.image.repository | string | `"codercom/code-server"` | |
| addons.codeserver.image.tag | string | `"3.7.4"` | |
| addons.codeserver.ingress.annotations | object | `{}` | |
| addons.codeserver.ingress.enabled | bool | `false` | |
| addons.codeserver.ingress.hosts[0].host | string | `"code.chart-example.local"` | |
| addons.codeserver.ingress.hosts[0].paths[0].path | string | `"/"` | |
| addons.codeserver.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | |
| addons.codeserver.ingress.labels | object | `{}` | |
| addons.codeserver.ingress.nameSuffix | string | `"codeserver"` | |
| addons.codeserver.ingress.tls | list | `[]` | |
| addons.codeserver.securityContext.runAsUser | int | `0` | |
| addons.codeserver.service.annotations | object | `{}` | |
| addons.codeserver.service.enabled | bool | `true` | |
| addons.codeserver.service.labels | object | `{}` | |
| addons.codeserver.service.port.name | string | `"codeserver"` | |
| addons.codeserver.service.port.port | int | `12321` | |
| addons.codeserver.service.port.protocol | string | `"TCP"` | |
| addons.codeserver.service.port.targetPort | string | `"codeserver"` | |
| addons.codeserver.service.type | string | `"ClusterIP"` | |
| addons.codeserver.volumeMounts | list | `[]` | |
| addons.codeserver.workingDir | string | `""` | |
| addons.vpn.additionalVolumeMounts | list | `[]` | |
| addons.vpn.configFile | string | `nil` | |
| addons.vpn.enabled | bool | `false` | |
| addons.vpn.env | object | `{}` | |
| addons.vpn.livenessProbe | object | `{}` | |
| addons.vpn.networkPolicy.egress | string | `nil` | |
| addons.vpn.networkPolicy.enabled | bool | `false` | |
| addons.vpn.openvpn.auth | string | `nil` | |
| addons.vpn.openvpn.authSecret | string | `nil` | |
| addons.vpn.openvpn.image.pullPolicy | string | `"IfNotPresent"` | |
| addons.vpn.openvpn.image.repository | string | `"dperson/openvpn-client"` | |
| addons.vpn.openvpn.image.tag | string | `"latest"` | |
| addons.vpn.scripts.down | string | `nil` | |
| addons.vpn.scripts.up | string | `nil` | |
| addons.vpn.securityContext.capabilities.add[0] | string | `"NET_ADMIN"` | |
| addons.vpn.securityContext.capabilities.add[1] | string | `"SYS_MODULE"` | |
| addons.vpn.type | string | `"openvpn"` | |
| addons.vpn.wireguard.image.pullPolicy | string | `"IfNotPresent"` | |
| addons.vpn.wireguard.image.repository | string | `"k8sathome/wireguard"` | |
| addons.vpn.wireguard.image.tag | string | `"1.0.20200827"` | |
| affinity | object | `{}` | |
| args | list | `[]` | |
| command | list | `[]` | |
| controllerAnnotations | object | `{}` | |
| controllerLabels | object | `{}` | |
| controllerType | string | `"deployment"` | |
| dnsPolicy | string | `"ClusterFirst"` | |
| enableServiceLinks | bool | `true` | |
| env | object | `{}` | |
| envFrom | list | `[]` | |
| envTpl | object | `{}` | |
| envValueFrom | object | `{}` | |
| fixMountPermissions | bool | `true` | |
| fullnameOverride | string | `""` | |
| hostAliases | list | `[]` | |
| hostNetwork | bool | `false` | |
| ingress.additionalIngresses | list | `[]` | |
| ingress.annotations | object | `{}` | |
| ingress.enabled | bool | `false` | |
| ingress.hosts[0].host | string | `"chart-example.local"` | |
| ingress.hosts[0].paths[0].path | string | `"/"` | |
| ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | |
| ingress.labels | object | `{}` | |
| ingress.tls | list | `[]` | |
| initContainers | list | `[]` | |
| nameOverride | string | `""` | |
| nodeSelector | object | `{}` | |
| persistence.config.accessMode | string | `"ReadWriteOnce"` | |
| persistence.config.enabled | bool | `false` | |
| persistence.config.mountPath | string | `"/config"` | |
| persistence.config.size | string | `"1Gi"` | |
| persistence.config.skipuninstall | bool | `false` | |
| persistence.shared.emptyDir | bool | `true` | |
| persistence.shared.enabled | bool | `false` | |
| persistence.shared.mountPath | string | `"/shared"` | |
| podAnnotations | object | `{}` | |
| podSecurityContext | object | `{}` | |
| probes.liveness.custom | bool | `false` | |
| probes.liveness.enabled | bool | `true` | |
| probes.liveness.spec.failureThreshold | int | `5` | |
| probes.liveness.spec.initialDelaySeconds | int | `30` | |
| probes.liveness.spec.periodSeconds | int | `10` | |
| probes.liveness.spec.timeoutSeconds | int | `10` | |
| probes.readiness.custom | bool | `false` | |
| probes.readiness.enabled | bool | `true` | |
| probes.readiness.spec.failureThreshold | int | `5` | |
| probes.readiness.spec.initialDelaySeconds | int | `30` | |
| probes.readiness.spec.periodSeconds | int | `10` | |
| probes.readiness.spec.timeoutSeconds | int | `10` | |
| probes.startup.custom | bool | `false` | |
| probes.startup.enabled | bool | `true` | |
| probes.startup.spec.failureThreshold | int | `30` | |
| probes.startup.spec.initialDelaySeconds | int | `5` | |
| probes.startup.spec.periodSeconds | int | `10` | |
| probes.startup.spec.timeoutSeconds | int | `10` | |
| replicas | int | `1` | |
| resources | object | `{}` | |
| securityContext | object | `{}` | |
| service.additionalPorts | list | `[]` | |
| service.additionalServices | list | `[]` | |
| service.annotations | object | `{}` | |
| service.enabled | bool | `true` | |
| service.labels | object | `{}` | |
| service.port.name | string | `nil` | |
| service.port.port | string | `nil` | |
| service.port.protocol | string | `"TCP"` | |
| service.port.targetPort | string | `nil` | |
| service.type | string | `"ClusterIP"` | |
| serviceAccount.annotations | object | `{}` | |
| serviceAccount.create | bool | `false` | |
| serviceAccount.name | string | `""` | |
| strategy.type | string | `"RollingUpdate"` | |
| tolerations | list | `[]` | |
| volumeClaimTemplates | list | `[]` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)

View File

@ -0,0 +1,27 @@
{{/*
Main entrypoint for the common library chart. It will render all underlying templates based on the provided values.
*/}}
{{- define "common.all" -}}
{{- /* Merge the local chart values and the common chart defaults */ -}}
{{- include "common.values.setup" . }}
{{- /* Build the templates */ -}}
{{- include "common.pvc" . }}
{{- print "---" | nindent 0 -}}
{{- if .Values.serviceAccount.create -}}
{{- include "common.serviceAccount" . }}
{{- print "---" | nindent 0 -}}
{{- end -}}
{{- if eq .Values.controllerType "deployment" }}
{{- include "common.deployment" . | nindent 0 }}
{{ else if eq .Values.controllerType "daemonset" }}
{{- include "common.daemonset" . | nindent 0 }}
{{ else if eq .Values.controllerType "statefulset" }}
{{- include "common.statefulset" . | nindent 0 }}
{{- end -}}
{{ include "common.services" . | nindent 0 }}
{{ include "common.ingress" . | nindent 0 }}
{{ include "common.resources.portal" . | nindent 0 }}
{{ include "common.storage.permissions" . | nindent 0 }}
{{- end -}}

View File

@ -0,0 +1,52 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/*
This template serves as the blueprint for the DaemonSet objects that are created
within the common library.
*/}}
{{- define "common.daemonset" -}}
apiVersion: {{ include "common.capabilities.daemonset.apiVersion" . }}
kind: DaemonSet
metadata:
name: {{ include "common.names.fullname" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.controllerLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controllerAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "common.labels.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "common.labels.selectorLabels" . | nindent 8 }}
spec:
{{- include "common.controller.pod" . | nindent 6 }}
{{- end }}

View File

@ -0,0 +1,56 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/*
This template serves as the blueprint for the Deployment objects that are created
within the common library.
*/}}
{{- define "common.deployment" -}}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "common.names.fullname" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.controllerLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controllerAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicas }}
{{- with .Values.strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}
selector:
matchLabels:
{{- include "common.labels.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "common.labels.selectorLabels" . | nindent 8 }}
spec:
{{- include "common.controller.pod" . | nindent 6 }}
{{- end }}

View File

@ -0,0 +1,122 @@
{{/*
Renders the Ingress objects required by the chart by returning a concatinated list
of the main Ingress and any additionalIngresses.
*/}}
{{- define "common.ingress" -}}
{{- /* Generate named ingresses as required */ -}}
{{- range $name, $ingress := .Values.ingress }}
{{- $certType := $ingress.certType | default "disabled" -}}
{{- $enabled := $ingress.enabled | default false -}}
{{- if or ( ne $certType "disabled" ) ( $ingress.enabled ) -}}
{{- print ("---") | nindent 0 -}}
{{- $ingressValues := $ingress -}}
{{/* set defaults */}}
{{- if and (not $ingressValues.nameSuffix) ( ne $name "main" ) -}}
{{- $_ := set $ingressValues "nameSuffix" $name -}}
{{ end -}}
{{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}}
{{- if not $ingressValues.type -}}
{{- $_ := set $ingressValues "type" "HTTP" -}}
{{ end -}}
{{- if not $ingressValues.certType -}}
{{- $_ := set $ingressValues "certType" "" -}}
{{ end -}}
{{- if or ( eq $ingressValues.type "TCP" ) ( eq $ingressValues.type "UDP" ) ( eq $ingressValues.type "HTTP-IR" ) -}}
{{- include "common.classes.ingressRoute" $ -}}
{{- else -}}
{{- include "common.classes.ingress" $ -}}
{{ end -}}
{{- if eq $ingressValues.certType "ixcert" -}}
{{- $_ := set $ "ObjectValues" (dict "certHolder" $ingressValues) -}}
{{- print ("---") | nindent 0 -}}
{{- include "common.resources.cert.secret" $ }}
{{ end -}}
{{- end }}
{{- end }}
{{- /* Generate additional ingresses as required */ -}}
{{- range $index, $additionalIngress := .Values.additionalIngress }}
{{- $certType := $additionalIngress.certType | default "disabled" -}}
{{- if or ( ne $certType "disabled" ) ( $additionalIngress.enabled ) -}}
{{- print ("---") | nindent 0 -}}
{{- $ingressValues := $additionalIngress -}}
{{/* set defaults */}}
{{- $name := $index -}}
{{- if $ingressValues.name -}}
{{- $name := $ingressValues.name -}}
{{- end }}
{{- if or (not $ingressValues.nameSuffix) ( ne ( $name | quote ) "main" ) -}}
{{- $_ := set $ingressValues "nameSuffix" $name -}}
{{ end -}}
{{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}}
{{- if not $ingressValues.type -}}
{{- $_ := set $ingressValues "type" "HTTP" -}}
{{ end -}}
{{- if not $ingressValues.certType -}}
{{- $_ := set $ingressValues "certType" "" -}}
{{ end -}}
{{- if or ( eq $ingressValues.type "TCP" ) ( eq $ingressValues.type "UDP" ) ( eq $ingressValues.type "HTTP-IR" ) -}}
{{- include "common.classes.ingressRoute" $ -}}
{{- else -}}
{{- include "common.classes.ingress" $ -}}
{{ end -}}
{{- if eq $ingressValues.certType "ixcert" -}}
{{- $_ := set $ "ObjectValues" (dict "certHolder" $ingressValues) -}}
{{- print ("---") | nindent 0 -}}
{{- include "common.resources.cert.secret" $ }}
{{ end -}}
{{- end }}
{{- end }}
{{- /* Generate externalService ingresses as required */ -}}
{{- range $index, $externalService := .Values.externalServices }}
{{- $certType := $externalService.certType | default "disabled" -}}
{{- if or ( ne $certType "disabled" ) ( $externalService.enabled ) -}}
{{- print ("---") | nindent 0 -}}
{{- $ingressValues := $externalService -}}
{{/* set defaults */}}
{{- $name := $index -}}
{{- if $ingressValues.name -}}
{{- $name := $ingressValues.name -}}
{{- end }}
{{- $name = printf "%v-%v" "external" $name -}}
{{- if or (not $ingressValues.nameSuffix) -}}
{{- $_ := set $ingressValues "nameSuffix" $name -}}
{{ end -}}
{{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}}
{{- if not $ingressValues.type -}}
{{- $_ := set $ingressValues "type" "HTTP" -}}
{{ end -}}
{{- if not $ingressValues.certType -}}
{{- $_ := set $ingressValues "certType" "" -}}
{{ end -}}
{{- if or ( eq $ingressValues.type "TCP" ) ( eq $ingressValues.type "UDP" ) ( eq $ingressValues.type "HTTP-IR" ) -}}
{{- include "common.classes.ingressRoute" $ -}}
{{- else -}}
{{- include "common.classes.ingress" $ -}}
{{ end -}}
{{- print ("---") | nindent 0 -}}
{{- include "common.classes.externalService" $ }}
{{- if eq $ingressValues.certType "ixcert" -}}
{{- $_ := set $ "ObjectValues" (dict "certHolder" $ingressValues) -}}
{{- print ("---") | nindent 0 -}}
{{- include "common.resources.cert.secret" $ }}
{{ end -}}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,36 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/*
Renders the PersistentVolumeClaim objects required by the chart by returning a concatinated list
of all the entries of the persistence key.
*/}}
{{- define "common.pvc" -}}
{{- /* Generate pvc as required */ -}}
{{- range $index, $PVC := .Values.persistence }}
{{- if and $PVC.enabled (not (or $PVC.emptyDir $PVC.existingClaim)) -}}
{{- $persistenceValues := $PVC -}}
{{- if not $persistenceValues.nameSuffix -}}
{{- $_ := set $persistenceValues "nameSuffix" $index -}}
{{- end -}}
{{- $_ := set $ "ObjectValues" (dict "persistence" $persistenceValues) -}}
{{- print ("---") | nindent 0 -}}
{{- include "common.classes.pvc" $ -}}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,15 @@
{{/*
The ServiceAccount object to be created.
*/}}
{{- define "common.serviceAccount" -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "common.names.serviceAccountName" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,46 @@
{{/*
Renders the Service objects required by the chart by returning a concatinated list
of the main Service and any additionalServices.
*/}}
{{- define "common.services" -}}
{{- if .Values.services -}}
{{- /* Add dict of primary services */ -}}
{{- range $name, $service := .Values.services }}
{{- if or ( $service.enabled ) ( eq $name "main" ) -}}
{{- print ("---") | nindent 0 -}}
{{- print ("\n") | nindent 0 -}}
{{- $serviceValues := $service -}}
{{- /* Dont add name suffix for primary service named "main" */ -}}
{{- if and (not $serviceValues.nameSuffix) ( ne $name "main" ) -}}
{{- $_ := set $serviceValues "nameSuffix" $name -}}
{{ end -}}
{{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}}
{{- include "common.classes.service" $ -}}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.additionalServices -}}
{{- /* Generate additional services as required */ -}}
{{- range $index, $extraService := .Values.additionalServices }}
{{- if $extraService.enabled -}}
{{- print ("---") | nindent 0 -}}
{{- $serviceValues := $extraService -}}
{{- $name := $index -}}
{{- if $serviceValues.name -}}
{{- $name := $serviceValues.name -}}
{{- end }}
{{- /* Dont add name suffix for primary service named "main" */ -}}
{{- if and (not $serviceValues.nameSuffix) ( ne ( $name | quote ) "main" ) -}}
{{- $_ := set $serviceValues "nameSuffix" $name -}}
{{ end -}}
{{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}}
{{- include "common.classes.service" $ -}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,71 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/*
This template serves as the blueprint for the StatefulSet objects that are created
within the common library.
*/}}
{{- define "common.statefulset" -}}
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "common.names.fullname" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.controllerLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controllerAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicas }}
{{- with .Values.strategy }}
updateStrategy:
{{- toYaml . | nindent 4 }}
{{- end }}
selector:
matchLabels:
{{- include "common.labels.selectorLabels" . | nindent 6 }}
serviceName: {{ include "common.names.fullname" . }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "common.labels.selectorLabels" . | nindent 8 }}
spec:
{{- include "common.controller.pod" . | nindent 6 }}
volumeClaimTemplates:
{{- range $index, $vct := .Values.volumeClaimTemplates }}
- metadata:
name: {{ $vct.name }}
spec:
accessModes:
- {{ required (printf "accessMode is required for vCT %v" $vct.name) $vct.accessMode | quote }}
resources:
requests:
storage: {{ required (printf "size is required for PVC %v" $vct.name) $vct.size | quote }}
{{- if $vct.storageClass }}
storageClassName: {{ if (eq "-" $vct.storageClass) }}""{{- else }}{{ $vct.storageClass | quote }}{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,62 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/*
This template serves as a blueprint for all PersistentVolumeClaim objects that are created
within the common library.
*/}}
{{- define "common.classes.pvc" -}}
{{- $values := .Values.persistence -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.persistence -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- $pvcName := include "common.names.fullname" . -}}
{{- if hasKey $values "nameOverride" -}}
{{- $pvcName = $values.nameOverride -}}
{{- else if hasKey $values "nameSuffix" -}}
{{- $pvcName = printf "%v-%v" $pvcName $values.nameSuffix -}}
{{ end -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ $pvcName }}
{{- if or $values.skipuninstall $values.annotations }}
annotations:
{{- if $values.skipuninstall }}
"helm.sh/resource-policy": keep
{{- end }}
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
accessModes:
- {{ required (printf "accessMode is required for PVC %v" $pvcName) $values.accessMode | quote }}
resources:
requests:
storage: {{ required (printf "size is required for PVC %v" $pvcName) $values.size | quote }}
{{- if $values.storageClass }}
storageClassName: {{ include "common.storage.class" . }}
{{- else }}
storageClassName: {{ ( printf "%v-%v" "ix-storage-class" .Release.Name ) }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,99 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/*
This template serves as a blueprint for all Service objects that are created
within the common library.
*/}}
{{- define "common.classes.service" -}}
{{- $values := .Values.services.main -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.service -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- $serviceName := include "common.names.fullname" . -}}
{{- if hasKey $values "nameSuffix" -}}
{{- $serviceName = printf "%v-%v" $serviceName $values.nameSuffix -}}
{{ end -}}
{{- $svcType := $values.type | default "" -}}
{{- $portProtocol := $values.port.protocol -}}
{{- if or ( eq $values.port.protocol "HTTP" ) ( eq $values.port.protocol "HTTPS" ) ( eq $values.port.protocol "TCP" ) -}}
{{- $portProtocol = "TCP" -}}
{{- else if eq $values.port.protocol "UDP" }}
{{- $portProtocol = "UDP" -}}
{{- end }}
apiVersion: v1
kind: Service
metadata:
name: {{ $serviceName }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- if $values.labels }}
{{ toYaml $values.labels | nindent 4 }}
{{- end }}
annotations:
{{- if eq $values.port.protocol "HTTPS" }}
traefik.ingress.kubernetes.io/service.serversscheme: https
{{- end }}
{{- with $values.annotations }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if (or (eq $svcType "ClusterIP") (empty $svcType)) }}
type: ClusterIP
{{- if $values.clusterIP }}
clusterIP: {{ $values.clusterIP }}
{{end}}
{{- else if eq $svcType "LoadBalancer" }}
type: {{ $svcType }}
{{- if $values.loadBalancerIP }}
loadBalancerIP: {{ $values.loadBalancerIP }}
{{- end }}
{{- if $values.externalTrafficPolicy }}
externalTrafficPolicy: {{ $values.externalTrafficPolicy }}
{{- end }}
{{- if $values.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml $values.loadBalancerSourceRanges | nindent 4 }}
{{- end -}}
{{- else }}
type: {{ $svcType }}
{{- end }}
{{- if $values.sessionAffinity }}
sessionAffinity: {{ $values.sessionAffinity }}
{{- if $values.sessionAffinityConfig }}
sessionAffinityConfig:
{{ toYaml $values.sessionAffinityConfig | nindent 4 }}
{{- end -}}
{{- end }}
{{- with $values.externalIPs }}
externalIPs:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if $values.publishNotReadyAddresses }}
publishNotReadyAddresses: {{ $values.publishNotReadyAddresses }}
{{- end }}
{{- include "common.classes.service.ports" (dict "svcType" $svcType "values" $values ) | trim | nindent 2 }}
selector:
{{- include "common.labels.selectorLabels" . | nindent 4 }}
{{- end }}

View File

@ -0,0 +1,47 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/*
Render all the ports and additionalPorts for a Service object.
*/}}
{{- define "common.classes.service.ports" -}}
{{- $ports := list -}}
{{- $values := .values -}}
{{- $ports = mustAppend $ports $values.port -}}
{{- range $_ := $values.additionalPorts -}}
{{- $ports = mustAppend $ports . -}}
{{- end }}
{{- if $ports -}}
ports:
{{- range $_ := $ports }}
{{- $protocol := "" -}}
{{- if or ( eq .protocol "HTTP" ) ( eq .protocol "HTTPS" ) }}
{{- $protocol = "TCP" -}}
{{- else }}
{{- $protocol = .protocol | default "TCP" -}}
{{- end }}
- port: {{ .port }}
targetPort: {{ .targetPort | default .name | default "http" }}
protocol: {{ $protocol | default "TCP" }}
name: {{ .name | default "http" }}
{{- if (and (eq $.svcType "NodePort") (not (empty .nodePort))) }}
nodePort: {{ .nodePort }}
{{ end }}
{{- end -}}
{{- end -}}
{{- end }}

View File

@ -0,0 +1,63 @@
{{- define "common.classes.externalService" -}}
{{- $serviceName := include "common.names.fullname" . -}}
{{- $values := .Values -}}
{{- $svcPort := 80 }}
{{- $ingressService := $.Values }}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.ingress -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- if hasKey $values "nameSuffix" -}}
{{- $serviceName = printf "%v-%v" $serviceName $values.nameSuffix -}}
{{ end -}}
{{- $svcName := $values.serviceName | default $serviceName -}}
{{- if $values.servicePort }}
{{- $svcPort = $values.servicePort -}}
{{- end }}
apiVersion: v1
kind: Service
metadata:
name: {{ $svcName }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
{{- if eq ( $values.serviceType | default "" ) "HTTPS" }}
traefik.ingress.kubernetes.io/service.serversscheme: https
{{- end }}
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ports:
{{- if eq $values.type "UDP"}}
- protocol: UDP
port: {{ $values.servicePort }}
targetPort: {{ $values.servicePort }}
{{- else }}
- protocol: TCP
port: {{ $values.servicePort }}
targetPort: {{ $values.servicePort }}
{{- end }}
---
apiVersion: v1
kind: Endpoints
metadata:
name: {{ $svcName }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
subsets:
- addresses:
- ip: {{ $values.serviceTarget }}
ports:
- port: {{ $values.servicePort }}
{{- end }}

View File

@ -0,0 +1,148 @@
{{/*
This template serves as a blueprint for all Ingress objects that are created
within the common library.
*/}}
{{- define "common.classes.ingress" -}}
{{- $ingressName := include "common.names.fullname" . -}}
{{- $values := .Values -}}
{{- $svcPort := 80 -}}
{{- $portProtocol := "" -}}
{{- $ingressService := $.Values -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.ingress -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- if hasKey $values "nameSuffix" -}}
{{- $ingressName = printf "%v-%v" $ingressName $values.nameSuffix -}}
{{- if not $values.servicePort }}
{{- $ingressService := index $.Values.services ( $values.nameSuffix | quote ) }}
{{- if $ingressService.enabled }}
{{- $svcPort = $ingressService.port.port -}}
{{- $portProtocol = $ingressService.port.protocol | default "" }}
{{- else if $.Values.services.main.enabled }}
{{- $svcPort = $.Values.services.main.port.port -}}
{{- $portProtocol = $.Values.services.main.port.protocol | default "" -}}
{{ end -}}
{{ end -}}
{{- else if and ( $.Values.services.main.enabled ) ( not $values.servicePort ) }}
{{- $svcPort = $.Values.services.main.port.port -}}
{{- $portProtocol = $.Values.services.main.port.protocol | default "" -}}
{{ end -}}
{{- $authForwardName := ( printf "%v-%v" $ingressName "auth-forward" ) -}}
{{- $svcName := $values.serviceName | default $ingressName -}}
{{- if $values.dynamicServiceName }}
{{- $dynamicServiceName := printf "%v-%v" .Release.Name $values.dynamicServiceName -}}
{{- $svcName = $dynamicServiceName -}}
{{- end }}
{{- if $values.servicePort }}
{{- $svcPort = $values.servicePort -}}
{{- end }}
{{- if $values.serviceType }}
{{- $portProtocol = $values.serviceType -}}
{{- end }}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ $ingressName }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
{{- if eq $portProtocol "HTTPS" }}
traefik.ingress.kubernetes.io/service.serversscheme: https
{{- end }}
traefik.ingress.kubernetes.io/router.entrypoints: {{ $values.entrypoint | default "websecure" }}
traefik.ingress.kubernetes.io/router.middlewares: traefik-middlewares-chain-public@kubernetescrd{{ if $values.authForwardURL }},{{ printf "%v-%v@%v" .Release.Namespace $authForwardName "kubernetescrd" }}{{ end }}
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }}
{{- if $values.ingressClassName }}
ingressClassName: {{ $values.ingressClassName }}
{{- end }}
{{- end }}
{{- if or ( eq $values.certType "selfsigned") (eq $values.certType "ixcert") }}
tls:
- hosts:
{{- if $values.host}}
- {{ $values.host | quote }}
{{- else }}
{{- range $values.hosts }}
- {{ .host | quote }}
{{- end }}
{{- end }}
{{- if eq $values.certType "ixcert" }}
secretName: {{ $ingressName }}
{{- end }}
{{- end }}
rules:
{{- if $values.host }}
- host: {{ $values.host | quote }}
http:
paths:
- path: {{ $values.path | default "/" }}
{{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $svcName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $svcName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- range $values.hosts }}
- host: {{ .host | quote }}
http:
paths:
- path: {{ .path | default "/" }}
{{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $svcName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $svcName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- if $values.authForwardURL }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $authForwardName }}
spec:
forwardAuth:
address: {{ $values.authForwardURL | quote }}
tls:
insecureSkipVerify: true
trustForwardHeader: true
authResponseHeaders:
- Remote-User
- Remote-Groups
- Remote-Name
- Remote-Email
{{- end }}
{{- end }}

View File

@ -0,0 +1,127 @@
{{/*
This template serves as a blueprint for all ingressRoute objects that are created
within the common library.
*/}}
{{- define "common.classes.ingressRoute" -}}
{{- $ingressName := include "common.names.fullname" . -}}
{{- $values := .Values -}}
{{- $svcPort := 80 }}
{{- $portProtocol := "" }}
{{- $ingressService := $.Values }}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.ingress -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- if hasKey $values "nameSuffix" -}}
{{- $ingressName = printf "%v-%v" $ingressName $values.nameSuffix -}}
{{- if and ( $.Values.services ) ( not $values.servicePort ) }}
{{- $ingressService := index $.Values.services ( $values.nameSuffix | quote) }}
{{- $svcPort = $ingressService.port.port }}
{{- $portProtocol = $ingressService.port.protocol | default "" }}
{{ end -}}
{{- else if and ( $.Values.services ) ( not $values.servicePort ) }}
{{- $svcPort = $.Values.services.main.port.port }}
{{- $portProtocol = $.Values.services.main.port.protocol | default "" }}
{{ end -}}
{{- $authForwardName := ( printf "%v-%v" $ingressName "auth-forward" ) -}}
{{- $svcName := $values.serviceName | default $ingressName -}}
{{- if $values.servicePort }}
{{- $svcPort = $values.servicePort }}
{{- end }}
{{- if $values.serviceType }}
{{- $portProtocol = $values.serviceType }}
{{- end }}
apiVersion: traefik.containo.us/v1alpha1
{{- if eq $values.type "UDP" }}
kind: IngressRouteUDP
{{- else if eq $values.type "TCP" }}
kind: IngressRouteTCP
{{- else }}
kind: IngressRoute
{{- end }}
metadata:
name: {{ $ingressName }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
entryPoints:
- {{ $values.entrypoint }}
routes:
{{- if eq $values.type "UDP" }}
- services:
- name: {{ $svcName }}
port: {{ $svcPort }}
weight: 10
{{- else if eq $values.type "TCP" }}
- match: HostSNI(`*`)
services:
- name: {{ $svcName }}
port: {{ $svcPort }}
weight: 10
terminationDelay: 400
{{- else }}
- kind: Rule
match: Host(`{{ (index $values.hosts 0).host }}`) && PathPrefix(`{{ (index $values.hosts 0).path | default "/" }}`)
services:
- name: {{ $svcName }}
{{- if $values.serviceKind }}
kind: {{ $values.serviceKind }}
{{- else }}
port: {{ $svcPort }}
{{- end }}
middlewares:
- name: traefik-middlewares-chain-public@kubernetescrd
{{- if $values.authForwardURL }}
- name: "{{ printf "%v-%v@%v" .Release.Namespace $authForwardName "kubernetescrd" }}"
{{- end }}
{{- end }}
{{- if not ( eq $values.type "UDP" ) }}
{{- if or ( eq $values.certType "selfsigned") (eq $values.certType "ixcert") }}
tls:
domains:
- main: {{ (index $values.hosts 0).host }}
sans:
{{- range $values.hosts }}
- {{ .host | quote }}
{{- end }}
{{- if eq $values.certType "ixcert" }}
secretName: {{ $ingressName }}
{{- end }}
passthrough: false
{{- end }}
{{- end }}
{{- if $values.authForwardURL }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $authForwardName }}
spec:
forwardAuth:
address: {{ $values.authForwardURL | quote }}
tls:
insecureSkipVerify: true
trustForwardHeader: true
authResponseHeaders:
- Remote-User
- Remote-Groups
- Remote-Name
- Remote-Email
{{- end }}
{{- end }}

View File

@ -0,0 +1,146 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/*
Return the appropriate apiVersion for DaemonSet objects.
*/}}
{{- define "common.capabilities.daemonset.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Waiting on https://github.com/helm/helm/pull/8608
{{- define "common.capabilities.daemonset.apiVersion" -}}
{{- if .Capabilities.APIVersions.Has "apps/v1/DaemonSet" -}}
{{- print "apps/v1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
*/}}
{{/*
Return the appropriate apiVersion for Deployment objects.
*/}}
{{- define "common.capabilities.deployment.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Waiting on https://github.com/helm/helm/pull/8608
{{- define "common.capabilities.deployment.apiVersion" -}}
{{- if .Capabilities.APIVersions.Has "apps/v1/Deployment" -}}
{{- print "apps/v1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
*/}}
{{/*
Return the appropriate apiVersion for StatefulSet objects.
*/}}
{{- define "common.capabilities.statefulset.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "apps/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Waiting on https://github.com/helm/helm/pull/8608
{{- define "common.capabilities.statefulset.apiVersion" -}}
{{- if .Capabilities.APIVersions.Has "apps/v1/StatefulSet" -}}
{{- print "apps/v1" -}}
{{- else -}}
{{- print "apps/v1beta1" -}}
{{- end -}}
{{- end -}}
*/}}
{{/*
Return the appropriate apiVersion for Ingress objects.
*/}}
{{- define "common.capabilities.ingress.apiVersion" -}}
{{- if .Values.ingress.apiVersion -}}
{{- .Values.ingress.apiVersion -}}
{{- else if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end }}
{{- end -}}
{{/*
Waiting on https://github.com/helm/helm/pull/8608
{{- define "common.capabilities.ingress.apiVersion" -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
{{- print "networking.k8s.io/v1" -}}
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end }}
{{- end -}}
*/}}
{{/*
Return the appropriate apiVersion for RBAC resources.
*/}}
{{- define "common.capabilities.rbac.apiVersion" -}}
{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "rbac.authorization.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for CRDs.
*/}}
{{- define "common.capabilities.crd.apiVersion" -}}
{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiextensions.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "apiextensions.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if the used Helm version is 3.3+.
A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure.
This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error.
**To be removed when the catalog's minimun Helm version is 3.3**
*/}}
{{- define "common.capabilities.supportsHelmVersion" -}}
{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }}
{{- true -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,38 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Through error when upgrading using empty passwords values that must not be empty.
Usage:
{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}}
{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }}
Required password params:
- validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error.
- context - Context - Required. Parent context.
*/}}
{{- define "common.errors.upgrade.passwords.empty" -}}
{{- $validationErrors := join "" .validationErrors -}}
{{- if and $validationErrors .context.Release.IsUpgrade -}}
{{- $errorString := "\nPASSWORDS ERROR: you must provide your current passwords when upgrade the release%s" -}}
{{- printf $errorString $validationErrors | fail -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,65 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper image name
{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }}
*/}}
{{- define "common.images.image" -}}
{{- $registryName := .imageRoot.registry -}}
{{- $repositoryName := .imageRoot.repository -}}
{{- $tag := .imageRoot.tag | toString -}}
{{- if .global }}
{{- if .global.imageRegistry }}
{{- $registryName = .global.imageRegistry -}}
{{- end -}}
{{- end -}}
{{- if $registryName }}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- else -}}
{{- printf "%s:%s" $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }}
*/}}
{{- define "common.images.pullSecrets" -}}
{{- $pullSecrets := list }}
{{- if .global }}
{{- range .global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- range .images -}}
{{- range .pullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) }}
imagePullSecrets:
{{- range $pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,55 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/*
Common labels shared across objects.
*/}}
{{- define "common.labels" -}}
helm.sh/chart: {{ include "common.names.chart" . }}
{{ include "common.labels.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels shared across objects.
*/}}
{{- define "common.labels.selectorLabels" -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
## Bitnami Compatibility links
{{/* vim: set filetype=mustache: */}}
{{/*
Kubernetes standard labels
*/}}
{{- define "common.labels.standard" -}}
{{ include "common.labels" . }}
{{- end -}}
{{/*
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
*/}}
{{- define "common.labels.matchLabels" -}}
{{ include "common.labels.selectorLabels" . }}
{{- end -}}

View File

@ -0,0 +1,62 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "common.names.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "common.names.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "common.names.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create the name of the ServiceAccount to use.
*/}}
{{- define "common.names.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,80 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Print instructions to get a secret value.
Usage:
{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }}
*/}}
{{- define "common.utils.secret.getvalue" -}}
{{- $varname := include "common.utils.fieldToEnvVar" . -}}
export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode)
{{- end -}}
{{/*
Build env var name given a field
Usage:
{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }}
*/}}
{{- define "common.utils.fieldToEnvVar" -}}
{{- $fieldNameSplit := splitList "-" .field -}}
{{- $upperCaseFieldNameSplit := list -}}
{{- range $fieldNameSplit -}}
{{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}}
{{- end -}}
{{ join "_" $upperCaseFieldNameSplit }}
{{- end -}}
{{/*
Gets a value from .Values given
Usage:
{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }}
*/}}
{{- define "common.utils.getValueFromKey" -}}
{{- $splitKey := splitList "." .key -}}
{{- $value := "" -}}
{{- $latestObj := $.context.Values -}}
{{- range $splitKey -}}
{{- if not $latestObj -}}
{{- printf "please review the entire path of '%s' exists in values" $.key | fail -}}
{{- end -}}
{{- $value = ( index $latestObj . ) -}}
{{- $latestObj = $value -}}
{{- end -}}
{{- printf "%v" (default "" $value) -}}
{{- end -}}
{{/*
Returns first .Values key with a defined value or first of the list if all non-defined
Usage:
{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }}
*/}}
{{- define "common.utils.getKeyFromList" -}}
{{- $key := first .keys -}}
{{- $reverseKeys := reverse .keys }}
{{- range $reverseKeys }}
{{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }}
{{- if $value -}}
{{- $key = . }}
{{- end -}}
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}

View File

@ -0,0 +1,29 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/*
Merge the local chart values and the common chart defaults.
*/}}
{{- define "common.values.setup" -}}
{{- if .Values.common -}}
{{- $defaultValues := deepCopy .Values.common -}}
{{- $userValues := deepCopy (omit .Values "common") -}}
{{- $mergedValues := mustMergeOverwrite $defaultValues $userValues -}}
{{- $_ := set . "Values" (deepCopy $mergedValues) -}}
{{- end }}
{{- end }}

View File

@ -0,0 +1,92 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{- /*
The main container included in the controller.
*/ -}}
{{- define "common.controller.mainContainer" -}}
- name: {{ include "common.names.fullname" . }}
image: "{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.command }}
command: {{ . }}
{{- end }}
{{- with .Values.args }}
args: {{ . }}
{{- end }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 4 }}
{{- end }}
env:
- name: PUID
value: {{ .Values.PUID | quote }}
- name: PGID
value: {{ .Values.PGID | quote }}
- name: UMASK
value: {{ .Values.UMASK | quote }}
{{- if .Values.timezone }}
- name: TZ
value: {{ .Values.timezone | quote }}
{{- end }}
{{- if or .Values.env .Values.envTpl .Values.envValueFrom .Values.envVariable .Values.environmentVariables }}
{{- range $envVariable := .Values.environmentVariables }}
{{- if and $envVariable.name $envVariable.value }}
- name: {{ $envVariable.name }}
value: {{ $envVariable.value | quote }}
{{- else }}
{{- fail "Please specify name/value for environment variable" }}
{{- end }}
{{- end}}
{{- range $key, $value := .Values.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.envTpl }}
- name: {{ $key }}
value: {{ tpl $value $ | quote }}
{{- end }}
{{- range $key, $value := .Values.envValueFrom }}
- name: {{ $key }}
valueFrom:
{{- $value | toYaml | nindent 8 }}
{{- end }}
{{- end }}
{{- with .Values.envFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- include "common.controller.ports" . | trim | nindent 2 }}
{{- with (include "common.controller.volumeMounts" . | trim) }}
volumeMounts:
{{- . | nindent 2 }}
{{- end }}
{{- include "common.controller.probes" . | nindent 2 }}
resources:
{{- with .Values.resources }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if and .Values.gpuConfiguration }}
limits:
{{- toYaml .Values.gpuConfiguration | nindent 6 }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,69 @@
{{- /*
The pod definition included in the controller.
*/ -}}
{{- define "common.controller.pod" -}}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 2 }}
{{- end }}
serviceAccountName: {{ include "common.names.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- with .Values.schedulerName }}
schedulerName: {{ . }}
{{- end }}
{{- with .Values.hostNetwork }}
hostNetwork: {{ . }}
{{- end }}
{{- with .Values.hostname }}
hostname: {{ . }}
{{- end }}
{{- if .Values.dnsPolicy }}
{{- with .Values.dnsPolicy }}
dnsPolicy: {{ . }}
{{- end }}
{{- else if .Values.hostNetwork }}
dnsPolicy: "ClusterFirstWithHostNet"
{{- else }}
dnsPolicy: ClusterFirst
{{- end }}
{{- with .Values.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 2 }}
{{- end }}
enableServiceLinks: {{ .Values.enableServiceLinks }}
{{- with .Values.initContainers }}
initContainers:
{{- toYaml . | nindent 2 }}
{{- end }}
containers:
{{- include "common.controller.mainContainer" . | nindent 0 }}
{{- with .Values.additionalContainers }}
{{- toYaml . | nindent 0 }}
{{- end }}
{{- with (include "common.controller.volumes" . | trim) }}
volumes:
{{- . | nindent 0 }}
{{- end }}
{{- with .Values.hostAliases }}
hostAliases:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,76 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/*
Ports included by the controller.
*/}}
{{- define "common.controller.ports" -}}
{{- $ports := list -}}
{{/* append the ports for each appAdditionalService - TrueCharts */}}
{{- if $.Values.services -}}
{{- range $name, $_ := $.Values.services }}
{{- if or ( .enabled ) ( eq $name "main" ) -}}
{{- if eq $name "main" -}}
{{- $_ := set .port "name" (default "http" .port.name) -}}
{{- else if kindIs "string" $name -}}
{{- $_ := set .port "name" (default .port.name | default $name) -}}
{{- else -}}
{{- $_ := set .port "name" (required "Missing port.name" .port.name) -}}
{{- end -}}
{{- $ports = mustAppend $ports .port -}}
{{- range $_ := .additionalPorts -}}
{{/* append the additonalPorts for each additional service */}}
{{- $ports = mustAppend $ports . -}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if $.Values.additionalServices -}}
{{- range $_ := $.Values.additionalServices }}
{{- if .enabled -}}
{{- $_ := set .port "name" (required "Missing port.name" .port.name) -}}
{{- $ports = mustAppend $ports .port -}}
{{- range $_ := .additionalPorts -}}
{{/* append the additonalPorts for each additional service */}}
{{- $ports = mustAppend $ports . -}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{/* export/render the list of ports */}}
{{- if $ports -}}
ports:
{{- range $_ := $ports }}
{{- $protocol := "" -}}
{{- if or ( eq .protocol "HTTP" ) ( eq .protocol "HTTPS" ) }}
{{- $protocol = "TCP" -}}
{{- else }}
{{- $protocol = .protocol | default "TCP" -}}
{{- end }}
- name: {{ required "The port's 'name' is not defined" .name }}
{{- if and .targetPort (kindIs "string" .targetPort) }}
{{- fail (printf "Our charts do not support named ports for targetPort. (port name %s, targetPort %s)" .name .targetPort) }}
{{- end }}
containerPort: {{ .targetPort | default .port }}
protocol: {{ $protocol | default "TCP" }}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,41 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/*
Probes selection logic.
*/}}
{{- define "common.controller.probes" -}}
{{- $svcPort := .Values.services.main.port.name -}}
{{- range $probeName, $probe := .Values.probes }}
{{- if $probe.enabled -}}
{{- "" | nindent 0 }}
{{- $probeName }}Probe:
{{- if $probe.custom -}}
{{- $probe.spec | toYaml | nindent 2 }}
{{- else }}
{{- "tcpSocket:" | nindent 2 }}
{{- printf "port: %v" $svcPort | nindent 4 }}
{{- printf "initialDelaySeconds: %v" $probe.spec.initialDelaySeconds | nindent 2 }}
{{- printf "failureThreshold: %v" $probe.spec.failureThreshold | nindent 2 }}
{{- printf "timeoutSeconds: %v" $probe.spec.timeoutSeconds | nindent 2 }}
{{- printf "periodSeconds: %v" $probe.spec.periodSeconds | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,62 @@
{{/*
Volumes included by the controller.
*/}}
{{- define "common.controller.volumeMounts" -}}
{{- range $index, $PVC := .Values.persistence }}
{{- if and ( $PVC.enabled ) ( $PVC.mountPath ) }}
- mountPath: {{ $PVC.mountPath }}
name: {{ $index }}
{{- if $PVC.subPath }}
subPath: {{ $PVC.subPath }}
{{- end }}
{{- end }}
{{- end }}
{{ range $name, $dmm := .Values.deviceMounts }}
{{- if $dmm.enabled -}}
{{ if $dmm.name }}
{{ $name = $dmm.name }}
{{ end }}
- name: devicemount-{{ $name }}
mountPath: {{ $dmm.devicePath }}
{{ if $dmm.subPath }}
subPath: {{ $dmm.subPath }}
{{ end }}
{{- end -}}
{{ end }}
{{ range $name, $csm := .Values.customStorage }}
{{- if $csm.enabled -}}
{{ if $csm.name }}
{{ $name = $csm.name }}
{{ end }}
- name: customstorage-{{ $name }}
mountPath: {{ $csm.mountPath }}
{{ if $csm.subPath }}
subPath: {{ $csm.subPath }}
{{ end }}
{{ if $csm.readOnly }}
readOnly: {{ $csm.readOnly }}
{{ end }}
{{- end -}}
{{ end }}
{{- if .Values.additionalVolumeMounts }}
{{- toYaml .Values.additionalVolumeMounts | nindent 0 }}
{{- end }}
{{- if eq .Values.controllerType "statefulset" }}
{{- range $index, $vct := .Values.volumeClaimTemplates }}
- mountPath: {{ $vct.mountPath }}
name: {{ $vct.name }}
{{- if $vct.subPath }}
subPath: {{ $vct.subPath }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,84 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
`SPDX-License-Identifier: Apache-2.0`
This file is considered to be modified by the TrueCharts Project.
*/}}
{{/*
Volumes included by the controller.
*/}}
{{- define "common.controller.volumes" -}}
{{- range $index, $persistence := .Values.persistence }}
{{- if $persistence.enabled }}
- name: {{ $index }}
{{- if $persistence.existingClaim }}
{{- /* Always prefer an existingClaim if that is set */}}
persistentVolumeClaim:
claimName: {{ $persistence.existingClaim }}
{{- else -}}
{{- if $persistence.emptyDir -}}
{{- /* Always prefer an emptyDir next if that is set */}}
emptyDir: {}
{{- else -}}
{{- /* Otherwise refer to the PVC name */}}
persistentVolumeClaim:
{{- if $persistence.nameOverride }}
claimName: {{ $persistence.nameOverride }}
{{- else if $persistence.nameSuffix }}
claimName: {{ printf "%s-%s" (include "common.names.fullname" $) $persistence.nameSuffix }}
{{- else }}
claimName: {{ printf "%s-%s" (include "common.names.fullname" $) $index }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- range $name, $dm := .Values.deviceMounts -}}
{{ if $dm.enabled }}
{{ if $dm.name }}
{{ $name = $dm.name }}
{{ end }}
- name: devicemount-{{ $name }}
{{ if $dm.emptyDir }}
emptyDir: {}
{{- else -}}
hostPath:
path: {{ required "hostPath not set" $dm.devicePath }}
{{ end }}
{{ end }}
{{- end -}}
{{- range $name, $cs := .Values.customStorage -}}
{{ if $cs.enabled }}
{{ if $cs.name }}
{{ $name = $cs.name }}
{{ end }}
- name: customstorage-{{ $name }}
{{ if $cs.emptyDir }}
emptyDir: {}
{{- else -}}
hostPath:
path: {{ required "hostPath not set" $cs.hostPath }}
{{ end }}
{{ end }}
{{- end -}}
{{- if .Values.additionalVolumes }}
{{- toYaml .Values.additionalVolumes | nindent 0 }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,32 @@
{{/*
Retrieve true/false if certificate is configured
*/}}
{{- define "common.resources.cert.available" -}}
{{- if .ObjectValues.certHolder.certificate -}}
{{- $values := (. | mustDeepCopy) -}}
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.ObjectValues.certHolder.certificate) -}}
{{- template "common.resources.cert_present" $values -}}
{{- else -}}
{{- false -}}
{{- end -}}
{{- end -}}
{{/*
Retrieve public key of certificate
*/}}
{{- define "common.resources.cert.publicKey" -}}
{{- $values := (. | mustDeepCopy) -}}
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.ObjectValues.certHolder.certificate "publicKey" true) -}}
{{ include "common.resources.cert" $values }}
{{- end -}}
{{/*
Retrieve private key of certificate
*/}}
{{- define "common.resources.cert.privateKey" -}}
{{- $values := (. | mustDeepCopy) -}}
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.ObjectValues.certHolder.certificate) -}}
{{ include "common.resources.cert" $values }}
{{- end -}}

View File

@ -0,0 +1,25 @@
{{- define "common.resources.cert.secret" -}}
{{- $secretName := include "common.names.fullname" . -}}
{{- if .ObjectValues.certHolder -}}
{{- if hasKey .ObjectValues.certHolder "nameSuffix" -}}
{{- $secretName = printf "%v-%v" $secretName .ObjectValues.certHolder.nameSuffix -}}
{{ end -}}
{{ else }}
{{- $_ := set $ "ObjectValues" (dict "certHolder" .Values) -}}
{{ end -}}
{{- if eq (include "common.resources.cert.available" $ ) "true" -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
labels: {{ include "common.labels" . | nindent 4 }}
type: kubernetes.io/tls
data:
tls.crt: {{ (include "common.resources.cert.publicKey" $ ) | toString | b64enc | quote }}
tls.key: {{ (include "common.resources.cert.privateKey" $ ) | toString | b64enc | quote }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,24 @@
{{/*
Retrieve true/false if certificate is available in ixCertificates
*/}}
{{- define "common.resources.cert_present" -}}
{{- $values := . -}}
{{- hasKey $values.Values.ixCertificates ($values.commonCertOptions.certKeyName | toString) -}}
{{- end -}}
{{/*
Retrieve certificate from variable name
*/}}
{{- define "common.resources.cert" -}}
{{- $values := . -}}
{{- $certKey := ($values.commonCertOptions.certKeyName | toString) -}}
{{- if hasKey $values.Values.ixCertificates $certKey -}}
{{- $cert := get $values.Values.ixCertificates $certKey -}}
{{- if $values.commonCertOptions.publicKey -}}
{{ $cert.certificate }}
{{- else -}}
{{ $cert.privatekey }}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,64 @@
{{- define "common.resources.portal" -}}
{{- if .Values.portal }}
{{- if .Values.portal.enabled }}
{{- $host := "$node_ip" }}
{{- $port := 443 }}
{{- $protocol := "https" }}
{{- $portProtocol := "" }}
{{- if hasKey .Values "ingress" }}
{{- if hasKey .Values.ingress "main" -}}
{{- if .Values.ingress.main.host }}
{{- $host = .Values.ingress.main.host }}
{{- else }}
{{- range .Values.ingress.main.hosts }}
{{- $host = ( .host | quote ) }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if and ( .Values.portal.ingressPort ) ( ne $host "$node_ip" ) }}
{{- $port = .Values.portal.ingressPort }}
{{- else if and ( eq $host "$node_ip" ) ( hasKey .Values "services" ) }}
{{- if hasKey .Values.services "main" }}
{{- if and (hasKey .Values.services.main.port "nodePort" ) ( eq .Values.services.main.type "NodePort" ) }}
{{- $port = .Values.services.main.port.nodePort }}
{{- if or ( eq .Values.services.main.port.protocol "HTTP" ) ( eq .Values.services.main.port.protocol "HTTPS" ) }}
{{- $portProtocol = .Values.services.main.port.protocol }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if and ( $portProtocol ) ( eq $host "$node_ip" ) }}
{{- $protocol = $portProtocol }}
{{- else if and ( ne $host "$node_ip" ) }}
{{- if .Values.ingress.main.certType }}
{{- if eq .Values.ingress.main.certType "" }}
{{- $protocol = "http" }}
{{- end }}
{{- end }}
{{- end }}
{{- if and ( .Values.portal.host ) ( eq $host "$node_ip" ) }}
{{- $host = .Values.portal.host }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: portal
labels: {{ include "common.labels" . | nindent 4 }}
data:
protocol: {{ $protocol }}
host: {{ $host }}
port: {{ $port | quote }}
url: {{ printf "%v%v%v%v%v" $protocol "://" $host ":" $port }}
{{- end }}
{{- end }}
{{- end -}}

View File

@ -0,0 +1,77 @@
{{/*
This template serves as the blueprint for the mountPermissions job that is run
before chart installation.
*/}}
{{- define "common.storage.permissions" -}}
{{- if .Values.fixMountPermissions }}
{{- $jobName := include "common.names.fullname" . -}}
{{- $values := .Values -}}
{{- print "---" | nindent 0 -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ $jobName }}-autopermissions
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-10"
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
spec:
template:
metadata:
spec:
restartPolicy: Never
containers:
- name: set-mount-permissions
image: "alpine:3.3"
command:
- /bin/sh
- -c
- | {{ range $index, $cs := .Values.customStorage}}{{ if and $cs.enabled $cs.setPermissions}}
chown -R {{ if eq $values.podSecurityContext.runAsNonRoot false }}{{ print $values.PUID }}{{ else }}{{ print $values.podSecurityContext.runAsUser }}{{ end }}:{{ print $values.podSecurityContext.fsGroup }} {{ print $cs.mountPath }}{{ end }}{{ end }}
#args:
#
#securityContext:
#
volumeMounts:
{{ range $name, $csm := .Values.customStorage }}
{{- if $csm.enabled -}}
{{- if $csm.setPermissions -}}
{{ if $csm.name }}
{{ $name = $csm.name }}
{{ end }}
- name: customstorage-{{ $name }}
mountPath: {{ $csm.mountPath }}
{{ if $csm.subPath }}
subPath: {{ $csm.subPath }}
{{ end }}
{{- end -}}
{{- end -}}
{{ end }}
volumes:
{{- range $name, $cs := .Values.customStorage -}}
{{ if $cs.enabled }}
{{ if $cs.setPermissions }}
{{ if $cs.name }}
{{ $name = $cs.name }}
{{ end }}
- name: customstorage-{{ $name }}
{{ if $cs.emptyDir }}
emptyDir: {}
{{- else -}}
hostPath:
path: {{ required "hostPath not set" $cs.hostPath }}
{{ end }}
{{ end }}
{{ end }}
{{- end -}}
{{- end }}
{{- end }}

314
library/common/values.yaml Normal file
View File

@ -0,0 +1,314 @@
# type: options are deployment, daemonset or statefulset
controllerType: deployment
# Set annotations on the deployment/statefulset/daemonset
controllerAnnotations: {}
# Set labels on the deployment/statefulset/daemonset
controllerLabels: {}
replicas: 1
strategy:
## For Deployments, valid values are Recreate and RollingUpdate
## For StatefulSets, valid values are OnDelete and RollingUpdate
## DaemonSets ignore this
type: RollingUpdate
# Override the default command
command: []
# Override the default args
args: []
nameOverride: ""
fullnameOverride: ""
# Set annotations on the pod
podAnnotations: {}
serviceAccount:
# Specifies whether a service account should be created
create: false
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
env: {}
# TZ: UTC
## Variables with values set from templates, example
## With a release name of: demo, the example env value will be: demo-admin
envTpl: {}
# TEMPLATE_VALUE: "{{ .Release.Name }}-admin"
## Variables with values from (for example) the Downward API
## See https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
envValueFrom: {}
# NODE_NAME:
# fieldRef:
# fieldPath: spec.nodeName
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
# Custom priority class for different treatment by the scheduler
# priorityClassName: system-node-critical
# Allow specifying a custom scheduler name
# schedulerName: awkward-dangerous-scheduler
# Allow specifying explicit hostname setting
# hostname:
# When using hostNetwork make sure you set dnsPolicy to ClusterFirstWithHostNet
hostNetwork: false
## Default get based on hostNetwork setting
# dnsPolicy: ClusterFirst
# Optional DNS settings, configuring the ndots option may resolve
# nslookup issues on some Kubernetes setups.
# dnsConfig:
# options:
# - name: ndots
# value: "1"
# Enable/disable the generation of environment variables for services.
# See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service
# for more information.
enableServiceLinks: true
# Configure the Security Context for the Pod
podSecurityContext:
runAsNonRoot: true
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
# Configure the Security Context for the main container
securityContext: {}
initContainers: []
additionalContainers: []
## Probes configuration
probes:
liveness:
enabled: true
## Set this to true if you wish to specify your own livenessProbe
custom: false
## The spec field contains the values for the default livenessProbe.
## If you selected custom: true, this field holds the definition of the livenessProbe.
spec:
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 10
failureThreshold: 5
readiness:
enabled: true
## Set this to true if you wish to specify your own readinessProbe
custom: false
## The spec field contains the values for the default readinessProbe.
## If you selected custom: true, this field holds the definition of the readinessProbe.
spec:
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 10
failureThreshold: 5
startup:
enabled: true
## Set this to true if you wish to specify your own startupProbe
custom: false
## The spec field contains the values for the default startupProbe.
## If you selected custom: true, this field holds the definition of the startupProbe.
spec:
initialDelaySeconds: 0
timeoutSeconds: 10
## This means it has a maximum of 5*30=150 seconds to start up before it fails
periodSeconds: 10
failureThreshold: 30
services:
main:
enabled: true
type: ClusterIP
## Specify the default port information
port:
port:
## name defaults to http
name:
protocol: TCP
## Specify a service targetPort if you wish to differ the service port from the application port.
## If targetPort is specified, this port number is used in the container definition instead of
## service.port.port. Therefore named ports are not supported for this field.
targetPort:
## Specify the nodePort value for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
# nodePort:
additionalPorts: []
## Provide any additional annotations which may be required. This can be used to
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
labels: {}
additionalServices: []
# - enabled: false
# nameSuffix: api
# type: ClusterIP
# # Specify the default port information
# port:
# port:
# # name defaults to http
# name:
# protocol: TCP
# # targetPort defaults to http
# targetPort:
# # nodePort:
# additionalPorts: []
# annotations: {}
# labels: {}
# ingress:
# main:
# enabled: false
# # Used when including ingress using {{ include "common.ingress" . }}
# type: "HTTP"
# entrypoint: "websecure"
# certType: ""
# ## Optional: defaults to IngressName
# serviceName: ""
# ## Optional: Almost never needed
# serviceKind: ""
# ## Optional: defaults to either service port
# servicePort: 80
# annotations: {}
# # kubernetes.io/ingress.class: nginx
# # kubernetes.io/tls-acme: "true"
# labels: {}
# hosts:
# - host: chart-example.local
# path: /
# additionalIngresses: []
# - enabled: false
# nameSuffix: "api"
# annotations: {}
# # kubernetes.io/ingress.class: nginx
# # kubernetes.io/tls-acme: "true"
# labels: {}
# hosts:
# - host: chart-example.local
# paths:
# - path: /api
# # Ignored if not kubeVersion >= 1.14-0
# pathType: Prefix
# tls: []
# # - secretName: chart-example-tls
# # hosts:
# # - chart-example.local
persistence:
config:
enabled: false
mountPath: /config
## configuration data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
##
## If you want to reuse an existing claim, you can pass the name of the PVC using
## the existingClaim variable
# existingClaim: your-claim
# subPath: some-subpath
accessMode: ReadWriteOnce
size: 1Gi
## Set to true to retain the PVC upon helm uninstall
skipuninstall: false
# Create an emptyDir volume to share between all containers
shared:
enabled: false
emptyDir: true
mountPath: /shared
additionalVolumes: []
additionalVolumeMounts: []
volumeClaimTemplates: []
# Used in statefulset to create individual disks for each instance
# - name: data
# mountPath: /data
# accessMode: "ReadWriteOnce"
# size: 1Gi
# - name: backup
# mountPath: /backup
# subPath: theSubPath
# accessMode: "ReadWriteOnce"
# size: 2Gi
# storageClass: cheap-storage-class
nodeSelector: {}
affinity: {}
tolerations: []
hostAliases: []
# Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames.
# ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
# - ip: "192.168.1.100"
# hostnames:
# - "example.com"
# - "www.example.com"
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## TrueCharts Specific
PUID: 568
PGID: 568
UMASK: "002"
fixMountPermissions: true
# deviceMounts:
# config:
# enabled: false
# emptyDir: false
# hostPath: "/config"
# setPermissions: true
# customStorage:
# - name: "data"
# enabled: false
# emptyDir: false
# mountPath: "/data"
# subPath: some-subpath
# hostPath: ""
# readOnly: false
# setPermissions: true