fix: use oci in templates

.drone.yml

@@ -5,17 +5,18 @@ name: default
 
 trigger:
   event:
-    - push
+  - push
+  - tag
 
 steps:
-  - name: release
-    image: cr.grachevko.ru/drone/helm:RELEASE.2023-03-01T13-46-55Z
-    settings:
-      username:
-        from_secret: HELM_REPO_USERNAME
-      password:
-        from_secret: HELM_REPO_PASSWORD
-    when:
-      branch:
-        - master
-        - rc
+- name: release
+  image: cr.grachevko.ru/drone/helm:24
+  settings:
+    tag: ${DRONE_TAG}
+    username:
+      from_secret: HELM_REPO_USERNAME
+    password:
+      from_secret: HELM_REPO_PASSWORD
+  when:
+    event:
+    - tag

.github/workflows/main.yaml

@@ -8,15 +8,15 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+    - uses: actions/checkout@v2
 
-      - name: Install Helm
-        run: |
-          curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
-          helm plugin install https://github.com/hayorov/helm-gcs
-      - name: Lint chart
-        run: |
-          helm lint .
+    - name: Install Helm
+      run: |
+        curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
+        helm plugin install https://github.com/hayorov/helm-gcs
+    - name: Lint chart
+      run: |
+        helm lint .
 
   release:
     needs: lint
@@ -24,22 +24,22 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+    - uses: actions/checkout@v2
 
-      - name: Install Helm
-        run: |
-          curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
-          helm plugin install https://github.com/hayorov/helm-gcs
-      - name: Dump GCloud auth key
-        run: |
-          cat <<'EOF' > gcloud_auth_key.json
-          ${{ secrets.GCLOUD_AUTH_KEY }}
-          EOF
-      - name: Release chart
-        env:
-          GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/gcloud_auth_key.json
-        run: |
-          helm repo add hahow gs://hahow-helm-charts
-          helm repo update
-          PACKAGE_FILE_PATH=$(helm package . | sed 's/^Successfully packaged chart and saved it to: //')
-          helm gcs push $(basename ${PACKAGE_FILE_PATH}) hahow --public
+    - name: Install Helm
+      run: |
+        curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
+        helm plugin install https://github.com/hayorov/helm-gcs
+    - name: Dump GCloud auth key
+      run: |
+        cat <<'EOF' > gcloud_auth_key.json
+        ${{ secrets.GCLOUD_AUTH_KEY }}
+        EOF
+    - name: Release chart
+      env:
+        GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/gcloud_auth_key.json
+      run: |
+        helm repo add hahow gs://hahow-helm-charts
+        helm repo update
+        PACKAGE_FILE_PATH=$(helm package . | sed 's/^Successfully packaged chart and saved it to: //')
+        helm gcs push $(basename ${PACKAGE_FILE_PATH}) hahow --public

.helmignore

@@ -27,3 +27,6 @@ starter/
 gcloud_auth_key.json
 create.sh
 README.md
+
+# Ci
+.drone.yml

starter/.helmignore

@@ -21,3 +21,5 @@
 .idea/
 *.tmproj
 .vscode/
+# CI
+.drone.yml

starter/Chart.yaml

@@ -25,4 +25,4 @@ appVersion: 1.16.0
 dependencies:
 - name: common
   version: "^0"
-  repository: "https://harbor.grachevko.ru/chartrepo/helm"
+  repository: oci://cr.grachevko.ru/helm/chart

starter/templates/NOTES.txt

@@ -1,3 +1,7 @@
+CHART NAME: {{ .Chart.Name  }}
+CHART VERSION: {{ .Chart.Version  }}
+APP VERSION: {{ .Chart.AppVersion  }}
+
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}

starter/templates/configmap.yaml

@@ -1,4 +1,12 @@
-{{- include "common.configMap" (list . "<CHARTNAME>.configMap") }}
-{{- define "<CHARTNAME>.configMap" -}}
-data: {}
+{{- if not .Values.existingConfigmap }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+data:
+  {{- if .Values.config.debug }}
+  DEBUG: true
+  {{- end }}
 {{- end }}

starter/templates/deployment.yaml

@@ -1,26 +1,85 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- include "common.deployment" (list . .Values .Values.autoscaling .Values.serviceAccount "<CHARTNAME>.deployment") }}
-
-{{- define "<CHARTNAME>.deployment" -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
 spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "common.selectorLabels" . | nindent 6 }}
   template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
+      {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "common.selectorLabels" . | nindent 8 }}
     spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
-      - {{- include "common.container" (append . "<CHARTNAME>.container") | nindent 8 }}
-{{- end }}
-
-{{- define "<CHARTNAME>.container" -}}
-ports:
-  - name: http
-    containerPort: 80
-    protocol: TCP
-livenessProbe:
-  httpGet:
-    path: /
-    port: http
-readinessProbe:
-  httpGet:
-    path: /
-    port: http
-{{- end }}
+      - name: {{ .Chart.Name }}
+        securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+        image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        envFrom:
+          {{- if .Values.existingConfigmap }}
+        - configMapRef:
+            name: {{ .Values.existingConfigmap }}
+          {{- else }}
+        - configMapRef:
+            name: {{ include "common.fullname" . }}
+          {{- end }}
+          {{- if .Values.existingSecret }}
+        - secretRef:
+            name: {{ .Values.existingSecret }}
+          {{- else }}
+        - secretRef:
+            name: {{ include "common.fullname" . }}
+          {{- end }}
+          {{- if .Values.extraEnvVarsSecret }}
+        - secretRef:
+            name: {{ .Values.extraEnvVarsSecret }}
+          {{- end }}
+        ports:
+        - name: http
+          containerPort: 5678
+          protocol: TCP
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: http
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: http
+        startupProbe:
+          httpGet:
+            path: /healthz
+            port: http
+          failureThreshold: 30
+          periodSeconds: 10
+        resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

starter/templates/hpa.yaml

@@ -1,3 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- include "common.hpa" (list . .Values.autoscaling) -}}

starter/templates/ingress.yaml

@@ -1,3 +1,41 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- include "common.ingress" (list . .Values.ingress .Values.service) }}
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "common.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+  - hosts:
+        {{- range .hosts }}
+    - {{ . | quote }}
+        {{- end }}
+    secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+  - host: {{ .host | quote }}
+    http:
+      paths:
+          {{- range .paths }}
+      - path: {{ .path }}
+        pathType: {{ default "ImplementationSpecific" .pathType }}
+        backend:
+          service:
+            name: {{ $fullName }}
+            port:
+              number: {{ $svcPort }}
+          {{- end }}
+    {{- end }}
+{{- end }}

starter/templates/secret.yaml

@@ -1,4 +0,0 @@
-{{- include "common.secret" (list . "<CHARTNAME>.secret") }}
-{{- define "<CHARTNAME>.secret" -}}
-data: {}
-{{- end }}

starter/templates/secrets.yaml

@@ -0,0 +1,10 @@
+{{- if not .Values.existingSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+type: Opaque
+data: {}
+{{- end }}

starter/templates/service.yaml

@@ -1,3 +1,15 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- include "common.service" (list . .Values.service) }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.fullname" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+  - port: {{ .Values.service.port }}
+    targetPort: http
+    protocol: TCP
+    name: http
+  selector:
+    {{- include "common.selectorLabels" . | nindent 4 }}

starter/templates/serviceaccount.yaml

@@ -1,3 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- include "common.serviceAccount" (list . .Values.serviceAccount) }}

starter/templates/tests/test-connection.yaml

@@ -8,8 +8,8 @@ metadata:
     "helm.sh/hook": test-success
 spec:
   containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
+  - name: wget
+    image: busybox
+    command: ['wget']
+    args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
   restartPolicy: Never

starter/values.yaml

@@ -2,9 +2,17 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
+config: {}
+
+existingConfigmap:
+existingSecret:
+
+extraEnvVarsSecret:
+
 replicaCount: 1
 
 image:
+  registry: docker.io
   repository: nginx
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
@@ -42,6 +50,11 @@ service:
 
 ingress:
   enabled: false
+  ## @param ingress.ingressClassName IngressClass that will be used to implement the Ingress (Kubernetes 1.18+)
+  ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster.
+  ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
+  ##
+  ingressClassName: ""
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"

templates/_configmap.yaml

@@ -1,14 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "common.configMap.tpl" -}}
-{{- $top := first . }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  {{- include "common.metadata" (list $top) | nindent 2 }}
-data: {}
-{{- end }}
-
-{{- define "common.configMap" -}}
-{{- include "common.utils.merge" (append . "common.configMap.tpl") }}
-{{- end }}

templates/_container.yaml

@@ -1,18 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "common.container.tpl" -}}
-{{- $top := first . }}
-{{- $container := index . 1 }}
-{{- $image := $container.image | default (dict) }}
-name: {{ $top.Chart.Name }}
-securityContext:
-  {{- toYaml $container.securityContext | nindent 2 }}
-image: "{{ $image.repository }}:{{ $image.tag | default $top.Chart.AppVersion }}"
-imagePullPolicy: {{ $container.image.pullPolicy }}
-resources:
-  {{- toYaml $container.resources | nindent 2 }}
-{{- end }}
-
-{{- define "common.container" -}}
-{{- include "common.utils.merge" (append . "common.container.tpl") }}
-{{- end }}

templates/_cronjob.yaml

@@ -1,49 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "common.cronJob.pod" -}}
-spec:
-  restartPolicy: OnFailure
-{{- end }}
-
-{{- define "common.cronJob.tpl" -}}
-{{- $top := first . }}
-{{- $cronJob := index . 1 }}
-{{- $pod := index . 2 }}
-{{- $serviceAccount := index . 3 }}
-{{- if semverCompare ">=1.21-0" $top.Capabilities.KubeVersion.GitVersion -}}
-apiVersion: batch/v1
-{{- else -}}
-apiVersion: batch/v1beta1
-{{- end }}
-kind: CronJob
-metadata:
-  {{- include "common.metadata" (list $top) | nindent 2 }}
-spec:
-  schedule: "{{ $cronJob.schedule }}"
-  {{- with $cronJob.concurrencyPolicy }}
-  concurrencyPolicy: {{ . }}
-  {{- end }}
-  {{- with $cronJob.failedJobsHistoryLimit }}
-  failedJobsHistoryLimit: {{ . }}
-  {{- end }}
-  {{- with $cronJob.successfulJobsHistoryLimit }}
-  successfulJobsHistoryLimit: {{ . }}
-  {{- end }}
-  {{- with $cronJob.suspend }}
-  suspend: {{ . }}
-  {{- end }}
-  jobTemplate:
-    metadata:
-      labels:
-        {{- include "common.selectorLabels" $top | nindent 8 }}
-    spec:
-      {{- with $cronJob.activeDeadlineSeconds }}
-      activeDeadlineSeconds: {{ . }}
-      {{- end }}
-      template:
-        {{- include "common.pod.template" (list $top $pod $serviceAccount "common.cronJob.pod") | nindent 8 }}
-{{- end }}
-
-{{- define "common.cronJob" -}}
-{{- include "common.utils.merge" (append . "common.cronJob.tpl") }}
-{{- end }}

templates/_debug.yaml

@@ -0,0 +1,3 @@
+{{- define "common.dd" -}}
+{{- . | toYaml | fail }}
+{{- end -}}

templates/_deployment.yaml

@@ -1,25 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "common.deployment.tpl" -}}
-{{- $top := first . }}
-{{- $deployment := index . 1 }}
-{{- $autoscaling := index . 2 }}
-{{- $serviceAccount := index . 3 }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  {{- include "common.metadata" (list $top) | nindent 2 }}
-spec:
-  {{- if not $autoscaling.enabled }}
-  replicas: {{ $deployment.replicaCount | default 1 }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "common.selectorLabels" $top | nindent 6 }}
-  template:
-    {{- include "common.pod.template" (list $top $deployment $serviceAccount) | nindent 4 }}
-{{- end }}
-
-{{- define "common.deployment" -}}
-{{- include "common.utils.merge" (append . "common.deployment.tpl") }}
-{{- end }}

templates/_hpa.yaml

@@ -1,45 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "common.hpa.tpl" -}}
-{{- $top := first . }}
-{{- $autoscaling := index . 1 }}
-{{- if semverCompare ">=1.23-0" $top.Capabilities.KubeVersion.GitVersion -}}
-apiVersion: autoscaling/v2
-{{- else -}}
-apiVersion: autoscaling/v2beta2
-{{- end }}
-kind: HorizontalPodAutoscaler
-metadata:
-  {{- include "common.metadata" (list $top) | nindent 2 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "common.fullname" $top }}
-  minReplicas: {{ $autoscaling.minReplicas }}
-  maxReplicas: {{ $autoscaling.maxReplicas }}
-  metrics:
-  {{- with $autoscaling.cpuUtilizationPercentage }}
-  - type: Resource
-    resource:
-      name: cpu
-      target:
-        type: Utilization
-        averageUtilization: {{ . }}
-  {{- end }}
-  {{- with $autoscaling.memoryUtilizationPercentage }}
-  - type: Resource
-    resource:
-      name: memory
-      target:
-        type: Utilization
-        averageUtilization: {{ . }}
-  {{- end }}
-{{- end }}
-
-{{- define "common.hpa" -}}
-{{- $autoscaling := index . 1 }}
-{{- if $autoscaling.enabled }}
-  {{- include "common.utils.merge" (append . "common.hpa.tpl") }}
-{{- end }}
-{{- end }}

templates/_ingress.yaml

@@ -1,67 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "common.ingress.metadata" -}}
-{{- $ingress := index . 1 }}
-{{- with $ingress.annotations }}
-annotations:
-  {{- toYaml . | nindent 2 }}
-{{- end }}
-{{- end }}
-
-{{- define "common.ingress.tpl" -}}
-{{- $top := first . }}
-{{- $ingress := index . 1 }}
-{{- $service := index . 2 }}
-{{- $fullName := include "common.fullname" $top }}
-{{- $svcPort := $service.port }}
-{{- if semverCompare ">=1.19-0" $top.Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1
-{{- else if semverCompare ">=1.14-0" $top.Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1beta1
-{{- else -}}
-apiVersion: extensions/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
-  {{- include "common.metadata" (append . "common.ingress.metadata") | nindent 2 }}
-spec:
-{{- if $ingress.tls }}
-  tls:
-  {{- range $ingress.tls }}
-  - hosts:
-    {{- range .hosts }}
-    - {{ . | quote }}
-    {{- end }}
-    secretName: {{ .secretName }}
-  {{- end }}
-{{- end }}
-  rules:
-  {{- range $ingress.hosts }}
-  - host: {{ .host | quote }}
-    http:
-      paths:
-      {{- range .paths }}
-      - path: {{ .path }}
-        {{- if and .pathType (semverCompare ">=1.18-0" $top.Capabilities.KubeVersion.GitVersion) }}
-        pathType: {{ .pathType }}
-        {{- end }}
-        backend:
-          {{- if semverCompare ">=1.19-0" $top.Capabilities.KubeVersion.GitVersion }}
-          service:
-            name: {{ $fullName }}
-            port:
-              number: {{ $svcPort }}
-          {{- else }}
-          serviceName: {{ $fullName }}
-          servicePort: {{ $svcPort }}
-          {{- end }}
-      {{- end }}
-  {{- end }}
-{{- end }}
-
-{{- define "common.ingress" -}}
-{{- $ingress := index . 1 }}
-{{- if $ingress.enabled }}
-  {{- include "common.utils.merge" (append . "common.ingress.tpl") }}
-{{- end }}
-{{- end }}

templates/_pdb.yaml

@@ -1,36 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "common.pdb.tpl" -}}
-{{- $top := first . }}
-{{- $pdb := index . 1 }}
-{{- if semverCompare ">=1.21-0" $top.Capabilities.KubeVersion.GitVersion -}}
-apiVersion: policy/v1
-{{- else -}}
-apiVersion: policy/v1beta1
-{{- end }}
-kind: PodDisruptionBudget
-metadata:
-  {{- include "common.metadata" (list $top) | nindent 2 }}
-spec:
-  selector:
-    matchLabels:
-      {{- include "common.selectorLabels" $top | nindent 6 }}
-  {{- if not (or (empty $pdb.minAvailable) (empty $pdb.maxUnavailable)) }}
-    {{- fail "minAvailable and maxUnavailable can not be set together" }}
-  {{- end }}
-  {{- with $pdb.minAvailable }}
-  minAvailable: {{ . }}
-  {{- end }}
-  {{- with $pdb.maxUnavailable }}
-  maxUnavailable: {{ . }}
-  {{- end }}
-{{- end }}
-
-{{- define "common.pdb" -}}
-{{- $top := first . }}
-{{- $deployment := index . 2 }}
-{{- $autoscaling := index . 3 }}
-{{- if or (and $autoscaling.enabled (gt ($autoscaling.minReplicas | int) 1)) (and (not $autoscaling.enabled) (gt ($deployment.replicaCount | int) 1)) }}
-  {{- include "common.utils.merge" (append . "common.pdb.tpl") }}
-{{- end }}
-{{- end }}

templates/_pod.tpl

@@ -1,46 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "common.pod.template.tpl" -}}
-{{- $top := first . }}
-{{- $pod := index . 1 }}
-{{- $serviceAccount := index . 2 }}
-metadata:
-  {{- with $pod.podAnnotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  labels:
-    {{- include "common.selectorLabels" $top | nindent 4 }}
-  {{- with $pod.podLabels }}
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- with $pod.imagePullSecrets }}
-  imagePullSecrets:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  serviceAccountName: {{ include "common.serviceAccountName" (list $top $serviceAccount) }}
-  securityContext:
-    {{- toYaml $pod.podSecurityContext | nindent 4 }}
-  containers:
-  - {{- include "common.container" (list $top $pod) | nindent 4 }}
-  {{- with $pod.nodeSelector }}
-  nodeSelector:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  {{- with $pod.affinity }}
-  affinity:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  {{- with $pod.tolerations }}
-  tolerations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  {{- with $pod.priorityClassName }}
-  priorityClassName: {{ . }}
-  {{- end }}
-{{- end }}
-
-{{- define "common.pod.template" -}}
-{{- include "common.utils.merge" (append . "common.pod.template.tpl") }}
-{{- end }}

templates/_secret.yaml

@@ -1,15 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "common.secret.tpl" -}}
-{{- $top := first . }}
-apiVersion: v1
-kind: Secret
-metadata:
-  {{- include "common.metadata"  (list $top) | nindent 2 }}
-type: Opaque
-data: {}
-{{- end }}
-
-{{- define "common.secret" -}}
-{{- include "common.utils.merge" (append . "common.secret.tpl") }}
-{{- end }}

templates/_secrets.tpl

@@ -87,7 +87,7 @@ The order in which this function returns a secret password:
 {{- $password := "" }}
 {{- $subchart := "" }}
 {{- $chartName := default "" .chartName }}
-{{- $passwordLength := default 10 .length }}
+{{- $passwordLength := default 32 .length }}
 {{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
 {{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }}
 {{- $secretData := (lookup "v1" "Secret" (include "common.namespace" .context) .secret).data }}
@@ -115,6 +115,8 @@ The order in which this function returns a secret password:
     {{- $password = randAscii $passwordLength }}
     {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
     {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
+  {{- else if .hex }}
+    {{- $password = include "common.secrets.randHex" $passwordLength | b64enc | quote }}
   {{- else }}
     {{- $password = randAlphaNum $passwordLength | b64enc | quote }}
   {{- end }}
@@ -122,6 +124,23 @@ The order in which this function returns a secret password:
 {{- printf "%s" $password -}}
 {{- end -}}
 
+{{- /*
+    Returns given number of random Hex characters.
+    - randNumeric 4 | atoi generates a random number in [0, 10^4)
+      This is a range evenly divisble by 16, but even if off by one,
+      that last partial interval offsetting randomness is only 1 part in 625.
+    - mod N 16 maps to the range 0-15
+    - printf "%x" represents a single number 0-15 as a single hex character
+*/}}
+{{- define "common.secrets.randHex" -}}
+    {{- $result := "" }}
+    {{- range $i := until . }}
+        {{- $rand_hex_char := mod (randNumeric 4 | atoi) 16 | printf "%x" }}
+        {{- $result = print $result $rand_hex_char }}
+    {{- end }}
+    {{- $result }}
+{{- end }}
+
 {{/*
 Reuses the value from an existing secret, otherwise sets its value to a default value.
 

templates/_service.yaml

@@ -1,23 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "common.service.tpl" -}}
-{{- $top := first . }}
-{{- $service := index . 1 }}
-apiVersion: v1
-kind: Service
-metadata:
-  {{- include "common.metadata" (list $top) | nindent 2 }}
-spec:
-  type: {{ $service.type }}
-  ports:
-  - port: {{ $service.port }}
-    targetPort: http
-    protocol: TCP
-    name: http
-  selector:
-    {{- include "common.selectorLabels" $top | nindent 4 }}
-{{- end }}
-
-{{- define "common.service" -}}
-{{- include "common.utils.merge" (append . "common.service.tpl") }}
-{{- end }}

templates/_serviceaccount.yaml

@@ -1,26 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "common.serviceAccount.metadata" -}}
-{{- $top := first . }}
-{{- $serviceAccount := index . 1 }}
-name: {{ include "common.serviceAccountName" . }}
-{{- with $serviceAccount.annotations }}
-annotations:
-  {{- toYaml . | nindent 2 }}
-{{- end }}
-{{- end }}
-
-{{- define "common.serviceAccount.tpl" -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  {{- include "common.metadata" (append . "common.serviceAccount.metadata") | nindent 2 }}
-{{- end }}
-
-{{- define "common.serviceAccount" -}}
-{{- $top := first . }}
-{{- $serviceAccount := index . 1 }}
-{{- if $serviceAccount.create }}
-  {{- include "common.utils.merge" (append . "common.serviceAccount.tpl") }}
-{{- end }}
-{{- end }}

templates/_servicemonitor-secret.yaml

@@ -1,25 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "common.serviceMonitor.secret.tpl" -}}
-{{- $top := first . }}
-{{- $serviceMonitor := index . 1 }}
-{{- $basicAuth := $serviceMonitor.basicAuth | default (dict) }}
-metadata:
-  name: {{ $basicAuth.secretName | default (include "common.fullname" $top) }}
-  {{- with $serviceMonitor.namespace }}
-  namespace: {{ . }}
-  {{- end }}
-{{- if $basicAuth.enabled }}
-data:
-  {{ $basicAuth.usernameKey | default "username" }}: {{ $basicAuth.username | toString | b64enc | quote }}
-  {{ $basicAuth.passwordKey | default "password" }}: {{ $basicAuth.password | toString | b64enc | quote }}
-{{- end }}
-{{- end }}
-
-{{- define "common.serviceMonitor.secret" -}}
-{{- $top := first . }}
-{{- $serviceMonitor := index . 1 }}
-{{- if $serviceMonitor.enabled }}
-  {{- include "common.secret" (append . "common.serviceMonitor.secret.tpl") }}
-{{- end }}
-{{- end }}

templates/_servicemonitor.yaml

@@ -1,54 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "common.serviceMonitor.metadata" -}}
-{{- $serviceMonitor := index . 1 }}
-{{- with $serviceMonitor.namespace }}
-namespace: {{ . }}
-{{- end }}
-{{- end }}
-
-{{- define "common.serviceMonitor.tpl" -}}
-{{- $top := first . }}
-{{- $serviceMonitor := index . 1 }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  {{- include "common.metadata" (append . "common.serviceMonitor.metadata") | nindent 2 }}
-spec:
-  selector:
-    matchLabels:
-      {{- include "common.selectorLabels" $top | nindent 6 }}
-  namespaceSelector:
-    matchNames:
-    - {{ $top.Release.Namespace | quote }}
-  endpoints:
-  - port: "{{ $serviceMonitor.port }}"
-    {{- with $serviceMonitor.path }}
-    path: {{ . }}
-    {{- end }}
-    {{- with $serviceMonitor.interval }}
-    interval: {{ . }}
-    {{- end }}
-    {{- with $serviceMonitor.scrapeTimeout }}
-    scrapeTimeout: {{ . }}
-    {{- end }}
-    {{- $basicAuth := $serviceMonitor.basicAuth | default (dict) }}
-    {{- $name := $basicAuth.secretName | default (include "common.fullname" $top) }}
-    {{- if $basicAuth.enabled }}
-    basicAuth:
-      username:
-        name: {{ $name }}
-        key: {{ $basicAuth.usernameKey | default "username" }}
-      password:
-        name: {{ $name }}
-        key: {{ $basicAuth.passwordKey | default "password" }}
-    {{- end }}
-{{- end }}
-
-{{- define "common.serviceMonitor" -}}
-{{- $top := first . }}
-{{- $serviceMonitor := index . 1 }}
-{{- if $serviceMonitor.enabled }}
-  {{- include "common.utils.merge" (append . "common.serviceMonitor.tpl") }}
-{{- end }}
-{{- end }}