helm/common
1
0
Fork 0
Code Issues Pull Requests 2 Actions Releases Activity

Compare commits

base: helm:5f0206a49d40cd188fd3da78c0ef213bf3821cae
Branches Tags
helm:master helm:renovate/yokawasa-action-setup-kube-tools-0.x helm:renovate/actions-checkout-4.x
helm:0.5.2 helm:0.5.1 helm:0.5.0
...
compare: helm:0.5.0
Branches Tags
helm:renovate/yokawasa-action-setup-kube-tools-0.x helm:renovate/actions-checkout-4.x helm:master
helm:0.5.2 helm:0.5.1 helm:0.5.0

21 Commits
5f0206a49d ... 0.5.0

Author SHA1 Message Date
Konstantin Grachev
e602d9f045 ci: use oci
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2023-05-18 01:14:45 +03:00
Konstantin Grachev
1bbfd49265 feat(secret): allow generate hex
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-03-03 23:59:32 +03:00
Konstantin Grachev
93c81fddb9 cs: fix 2023-03-03 23:02:51 +03:00
Konstantin Grachev
964f7e9c5d fix: remove duplicated pullSecret
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-03-03 22:59:07 +03:00
Konstantin Grachev
4f80520c7e fix(deployment): envFrom 2023-03-03 22:57:28 +03:00
Konstantin Grachev
c850e79d2a fix(starter): add image.registry to values.yaml
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-03-03 00:05:12 +03:00
Konstantin Grachev
eafcf8ba09 chore: increase default password length up to 32
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-03-02 23:57:38 +03:00
Konstantin Grachev
6342d7be31 cs: fix
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-03-02 23:44:38 +03:00
Konstantin Grachev
1975611101 fix: add ingressClassName 2023-03-02 23:43:26 +03:00
Konstantin Grachev
42a80492ad fix(metadata): remove duplications
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-03-02 23:31:55 +03:00
Konstantin Grachev
23bbb0a65d chore(starter): remove compatibility with older k8s from ingress
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-03-02 23:30:31 +03:00
Konstantin Grachev
460c4b6c5c feat: simplify starter
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-03-02 23:21:08 +03:00
Konstantin Grachev
bcf9648dae feat: add app.kubernetes.io/name and app.kubernetes.io/instance to default labels 2023-03-02 23:20:23 +03:00
Konstantin Grachev
19440d56a6 ci: ignore .drone.yml
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-03-01 23:40:14 +03:00
Konstantin Grachev
b4fe1239b5 refactor: print debug as yaml 2023-03-01 23:39:53 +03:00
Konstantin Grachev
98d893e74b feat: add debug 2023-03-01 22:04:37 +03:00
Konstantin Grachev
1f3a7e1050 feat: add some templates from bitnami/common
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-03-01 20:59:09 +03:00
Konstantin Grachev
76793993d9 feat(starter): add configmap and secret
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-03-01 18:52:10 +03:00
Konstantin Grachev
ef59f16734 chore(starter): use ^0 common version
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-03-01 18:46:18 +03:00
Konstantin Grachev
1063874798 fix: create boilerplate to current dir
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-03-01 18:42:14 +03:00
Konstantin Grachev
0c268065b8 chore: change urls #2 2023-03-01 18:41:30 +03:00
36 changed files with 562 additions and 1459 deletions
Expand all files Collapse all files

11
.drone.yml
View File

@@ -6,16 +6,17 @@ name: default
trigger:
event:
- push
- tag
steps:
- name: release
image: cr.grachevko.ru/drone/helm:RELEASE.2023-03-01T13-46-55Z
- name: release
image: cr.grachevko.ru/drone/helm:24
settings:
tag: ${DRONE_TAG}
username:
from_secret: HELM_REPO_USERNAME
password:
from_secret: HELM_REPO_PASSWORD
when:
branch:
- master
- rc
event:
- tag

3
.helmignore
View File

@@ -27,3 +27,6 @@ starter/
gcloud_auth_key.json
create.sh
README.md
# Ci
.drone.yml

942
README.md
View File

@@ -1,38 +1,3 @@
# Common: The Helm Helper Chart
This chart was originally forked from [`incubator/common`](https://github.com/helm/charts/tree/master/incubator/common), which is designed to make it easier for you to build and maintain Helm charts.
It provides utilities that reflect best practices of Kubernetes chart development, making it faster for you to write charts.
## Contents
- [Getting Started](#getting-started)
- [Adding Repository](#adding-repository)
- [Adding Dependency](#adding-dependency)
- [Using Starter](#using-starter)
- [Resource Kinds](#resource-kinds)
- [`common.configMap`](#commonconfigmap)
- [`common.cronJob`](#commoncronjob)
- [`common.deployment`](#commondeployment)
- [`common.hpa`](#commonhpa)
- [`common.ingress`](#commoningress)
- [`common.pdb`](#commonpdb)
- [`common.secret`](#commonsecret)
- [`common.service`](#commonservice)
- [`common.serviceAccount`](#commonserviceaccount)
- [`common.serviceMonitor`](#commonservicemonitor)
- [`common.serviceMonitor.secret`](#commonservicemonitorsecret)
- [Partial Objects](#partial-objects)
- [`common.chart`](#commonchart)
- [`common.container`](#commoncontainer)
- [`common.fullname`](#commonfullname)
- [`common.labels`](#commonlabels)
- [`common.metadata`](#commonmetadata)
- [`common.name`](#commonname)
- [`common.pod.template`](#commonpodtemplate)
- [`common.selectorLabels`](#commonselectorlabels)
- [`common.serviceAccountName`](#commonserviceaccountname)
## Getting Started
### Adding Repository
@@ -54,7 +19,8 @@ dependencies:
repository: https://harbor.grachevko.ru/chartrepo/helm
```
Once you have defined dependencies, you should run the following command to download this chart into your `charts/` directory:
Once you have defined dependencies, you should run the following command to download this chart into your `charts/`
directory:
```shell
$ helm dep build
@@ -66,701 +32,12 @@ The best way to get started is to use the [`create` script](create.sh) to genera
You can fetch that script, and then execute it locally:
```shell
$ curl -fsSL -o create.sh https://git.grachevko.ru/helm/common/raw/branch/master/create.sh
$ chmod 700 create.sh
$ ./create.sh mychart
```
or simply
```shell
$ curl https://git.grachevko.ru/helm/common/raw/branch/master/create.sh | bash -s -- mychart
```
Now, there is a chart in `./mychart`. You can edit it and create your own templates.
## Resource Kinds
Kubernetes defines a variety of resource kinds, from `Secret` to `StatefulSet`. We define some of the most common kinds in a way that lets you easily work with them.
The resource kind templates are designed to make it much faster for you to define _basic_ versions of these resources. They allow you to extend and modify just what you need, without having to copy around lots of boilerplate.
To make use of these templates you must define a template that will extend the base template (though it can be empty). The name of this template is then passed to the base template, for example:
```yaml
{{- include "common.service" (list . .Values.service "mychart.service") }}
{{- define "mychart.service" -}}
## Define overrides for your Service resource here, e.g.
# metadata:
# labels:
# custom: label
# spec:
# ports:
# - port: 8080
# targetPort: http
# protocol: TCP
# name: http
{{- end }}
```
Note that the [`common.service`](#commonservice) template defines three parameters:
- The root context (usually `.`)
- A dictionary of values which are used in the template
- A optional template name containing the service definition overrides
A limitation of the Go template library is that a template can only take a single argument. The `list` function is used to workaround this by constructing a list or array of arguments that is passed to the template.
The [`common.service`](#commonservice) template is responsible for rendering the templates with the root context and merging any overrides. As you can see, this makes it very easy to create a basic `Service` resource without having to copy around the standard metadata and labels.
Each implemented base resource is described in greater detail below.
### `common.configMap`
The `common.configMap` template accepts a list of two values:
- `$top`, the top context
- [optional] the template name of the overrides
It creates an empty `ConfigMap` resource that you can override with your configuration.
Example use:
```yaml
{{- include "common.configMap" (list . "mychart.configMap") }}
{{- define "mychart.configMap" -}}
data:
zeus: cat
athena: cat
julius: cat
one: |-
{{ .Files.Get "file1.txt" }}
{{- end }}
```
Output:
```yaml
apiVersion: v1
data:
athena: cat
julius: cat
one: This is a file.
zeus: cat
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mychart
app.kubernetes.io/version: 1.16.0
helm.sh/chart: mychart-0.1.0
name: release-name-mychart
```
### `common.cronJob`
The `common.cronJob` template accepts a list of five values:
- `$top`, the top context
- `$cronJob`, a dictionary of values used in the cronjob template
- `$pod`, a dictionary of values used in the pod template
- `$serviceAccount`, a dictionary of values used in the service account template
- [optional] the template name of the overrides
It defines a basic `CronJob` with the following defaults:
- Labels of `JobTemplate` are defined with [`common.selectorLabels`](#commonselectorlabels) as this is also used as the selector.
- Restart policy of pod is set to `OnFailure`
In addition, it uses the following configuration from the `$cronJob`:
| Value | Description |
| ------------------------------------- | ------------------------------------------------------- |
| `$cronJob.schedule` | Schedule for the cronjob |
| `$cronJob.concurrencyPolicy` | [optional] `Allow\|Forbid\|Replace` concurrent jobs |
| `$cronJob.failedJobsHistoryLimit` | [optional] Specify the number of failed jobs to keep |
| `$cronJob.successfulJobsHistoryLimit` | [optional] Specify the number of completed jobs to keep |
| `$cronJob.suspend` | [optional] Specify cronjob is suspend, default false |
| `$cronJob.activeDeadlineSeconds` | [optional] Specify cronjob activeDeadlineSeconds |
Underneath the hood, it invokes [`common.pod.template`](#commonpodtemplate) template with `$pod` to populate the `PodTemplate`.
Example use:
```yaml
{
{
- include "common.cronJob" (list . .Values.cronJob .Values .Values.serviceAccount),
},
}
## The following is the same as above:
# {{- include "common.cronJob" (list . .Values.cronJob .Values .Values.serviceAccount "mychart.cronJob") }}
# {{- define "mychart.cronJob" -}}
# {{- end }}
```
### `common.deployment`
The `common.deployment` template accepts a list of five values:
- `$top`, the top context
- `$deployment`, a dictionary of values used in the deployment template
- `$autoscaling`, a dictionary of values used in the hpa template
- `$serviceAccount`, a dictionary of values used in the service account template
- [optional] the template name of the overrides
It defines a basic `Deployment` with the following settings:
| Value | Description |
| -------------------------------- | -------------------------------------------------------------------------- |
| `$deployment.replicaCount` | Number of replica. If autoscaling enabled, this field will be ignored |
| `$deployment.imagePullSecrets` | [optional] Name of Secret resource containing private registry credentials |
| `$deployment.podSecurityContext` | [optional] Security options for pod |
| `$deployment.nodeSelector` | [optional] Node labels for pod assignment |
| `$deployment.affinity` | [optional] Expressions for affinity |
| `$deployment.tolerations` | [optional] Toleration labels for pod assignment |
| `$autoscaling.enabled` | [optional] Set this to `true` to enable autoscaling |
Underneath the hood, it invokes [`common.pod.template`](#commonpodtemplate) template with `$deployment` to populate the `PodTemplate`.
Example use:
```yaml
{
{
- include "common.deployment" (list . .Values .Values.autoscaling .Values.serviceAccount),
},
}
## The following is the same as above:
# {{- include "common.deployment" (list . .Values .Values.autoscaling .Values.serviceAccount "mychart.deployment") }}
# {{- define "mychart.deployment" -}}
# {{- end }}
```
### `common.hpa`
The `common.hpa` template accepts a list of three values:
- `$top`, the top context
- `$autoscaling`, a dictionary of values used in the hpa template
- [optional] the template name of the overrides
It creates a basic `HorizontalPodAutoscaler` resource with the following defaults:
- The name of scaled target is set with [`common.fullname`](#commonfullname)
An example values file that can be used to configure the `HorizontalPodAutoscaler` resource is:
```yaml
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 5
cpuUtilizationPercentage: 50
memoryUtilizationPercentage: 90
```
Example use:
```yaml
{ { - include "common.hpa" (list . .Values.autoscaling) } }
## The following is the same as above:
# {{- include "common.hpa" (list . .Values.autoscaling "mychart.hpa") }}
# {{- define "mychart.hpa" -}}
# {{- end }}
```
Output:
```yaml
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mychart
app.kubernetes.io/version: 1.16.0
helm.sh/chart: mychart-0.1.0
name: release-name-mychart
spec:
maxReplicas: 5
metrics:
- resource:
name: cpu
target:
averageUtilization: 50
type: Utilization
type: Resource
- resource:
name: memory
target:
averageUtilization: 90
type: Utilization
type: Resource
minReplicas: 3
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: release-name-mychart
```
### `common.ingress`
The `common.ingress` template accepts a list of four values:
- `$top`, the top context
- `$ingress`, a dictionary of values used in the ingress template
- `$service`, a dictionary of values used in the service template
- [optional] the template name of the overrides
It is designed to give you a well-defined `Ingress` resource, that can be configured using `$ingress`. An example values file that can be used to configure the `Ingress` resource is:
```yaml
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /path/to/somewhere
pathType: ImplementationSpecific
tls:
- secretName: chart-example-tls
hosts:
- chart-example.local
service:
type: ClusterIP
port: 80
```
Example use:
```yaml
{ { - include "common.ingress" (list . .Values.ingress .Values.service) } }
## The following is the same as above:
# {{- include "common.ingress" (list . .Values.ingress .Values.service "mychart.ingress") }}
# {{- define "mychart.ingress" -}}
# {{- end }}
```
Output:
```yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mychart
app.kubernetes.io/version: 1.16.0
helm.sh/chart: mychart-0.1.0
name: release-name-mychart
spec:
rules:
- host: "chart-example.local"
http:
paths:
- backend:
service:
name: release-name-mychart
port:
number: 80
path: /path/to/somewhere
pathType: ImplementationSpecific
tls:
- hosts:
- "chart-example.local"
secretName: chart-example-tls
```
### `common.pdb`
The `common.pdb` template accepts a list of five values:
- `$top`, the top context
- `$pdb`, a dictionary of values used in the hpa template
- `$deployment`, a dictionary of values used in the deployment template
- `$autoscaling`, a dictionary of values used in the hpa template
- [optional] the template name of the overrides
It creates a basic `PodDisruptionBudget` resource with the following defaults:
- Selector is set with [`common.selectorLabels`](#commonselectorlabels) to match the default used in the `Pod` resource
An example values file that can be used to configure the `PodDisruptionBudget` resource is:
```yaml
podDisruptionBudget:
## You can specify only one of maxUnavailable and minAvailable in a single PodDisruptionBudget
minAvailable: 2
# maxUnavailable: 1
```
Example use:
```yaml
{
{
- include "common.pdb" (list . .Values.podDisruptionBudget .Values .Values.autoscaling),
},
}
## The following is the same as above:
# {{- include "common.pdb" (list . .Values.podDisruptionBudget .Values .Values.autoscaling "mychart.pdb") }}
# {{- define "mychart.pdb" -}}
# {{- end }}
```
Output:
```yaml
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mychart
app.kubernetes.io/version: 1.16.0
helm.sh/chart: mychart-0.1.0
name: release-name-mychart
spec:
minAvailable: 2
selector:
matchLabels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/name: mychart
```
### `common.secret`
The `common.secret` template accepts a list of two values:
- `$top`, the top context
- [optional] the template name of the overrides
It creates an empty `Secret` resource that you can override with your secrets.
Example use:
```yaml
{{- include "common.secret" (list . "mychart.secret") }}
{{- define "mychart.secret" -}}
data:
zeus: {{ print "cat" | b64enc }}
athena: {{ print "cat" | b64enc }}
julius: {{ print "cat" | b64enc }}
one: |-
{{ .Files.Get "file1.txt" | b64enc }}
{{- end }}
```
Output:
```yaml
apiVersion: v1
data:
athena: Y2F0
julius: Y2F0
one: VGhpcyBpcyBhIGZpbGUuCg==
zeus: Y2F0
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mychart
app.kubernetes.io/version: 1.16.0
helm.sh/chart: mychart-0.1.0
name: release-name-mychart
type: Opaque
```
### `common.service`
The `common.service` template accepts a list of three values:
- `$top`, the top context
- `$service`, a dictionary of values used in the service template
- [optional] the template name of the overrides
It creates a basic `Service` resource with the following defaults:
- Service type (ClusterIP, NodePort, LoadBalancer) made configurable by `$service.type`
- Named port `http` configured on port `$service.port`
- Selector set with [`common.selectorLabels`](#commonselectorlabels) to match the default used in the `Deployment` resource
Example template:
```yaml
{{- include "common.service" (list . .Values.service "mychart.mail.service") }}
{{- define "mychart.mail.service" -}}
{{- $top := first . }}
metadata:
name: {{ include "common.fullname" $top }}-mail # overrides the default name to add a suffix
labels: # appended to the labels section
protocol: mail
spec:
ports: # composes the `ports` section of the service definition.
- name: smtp
port: 25
targetPort: 25
- name: imaps
port: 993
targetPort: 993
selector: # this is appended to the default selector
protocol: mail
{{- end }}
---
{{ include "common.service" (list . .Values.service "mychart.web.service") }}
{{- define "mychart.web.service" -}}
{{- $top := first . }}
metadata:
name: {{ include "common.fullname" $top }}-www # overrides the default name to add a suffix
labels: # appended to the labels section
protocol: www
spec:
ports: # composes the `ports` section of the service definition.
- name: www
port: 80
targetPort: 8080
{{- end }}
```
The above template defines _two_ services: a web service and a mail service.
The most important part of a service definition is the `ports` object, which defines the ports that this service will listen on. Most of the time, `selector` is computed for you. But you can replace it or add to it.
The output of the example above is:
```yaml
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mychart
app.kubernetes.io/version: 1.16.0
helm.sh/chart: mychart-0.1.0
protocol: www
name: release-name-mychart-www
spec:
ports:
- name: www
port: 80
targetPort: 8080
selector:
app.kubernetes.io/instance: release-name
app.kubernetes.io/name: mychart
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mychart
app.kubernetes.io/version: 1.16.0
helm.sh/chart: mychart-0.1.0
protocol: mail
name: release-name-mychart-mail
spec:
ports:
- name: smtp
port: 25
targetPort: 25
- name: imaps
port: 993
targetPort: 993
selector:
app.kubernetes.io/instance: release-name
app.kubernetes.io/name: mychart
protocol: mail
type: ClusterIP
```
### `common.serviceAccount`
The `common.serviceAccount` template accepts a list of three values:
- `$top`, the top context
- `$serviceAccount`, a dictionary of values used in the service account template
- [optional] the template name of the overrides
It creates a basic `ServiceAccount` resource with the following defaults:
- The name is set with [`common.serviceAccountName`](#commonserviceaccountname)
- Lays out the annotations using `$serviceAccount.annotations`
An example values file that can be used to configure the `ServiceAccount` resource is:
```yaml
serviceAccount:
create: true
annotations: {}
name:
```
Example use:
```yaml
{ { - include "common.serviceAccount" (list . .Values.serviceAccount) } }
## The following is the same as above:
# {{- include "common.serviceAccount" (list . .Values.serviceAccount "mychart.serviceAccount") }}
# {{- define "mychart.serviceAccount" -}}
# {{- end }}
```
Output:
```yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mychart
app.kubernetes.io/version: 1.16.0
helm.sh/chart: mychart-0.1.0
name: release-name-mychart
```
### `common.serviceMonitor`
The `common.serviceMonitor` template accepts a list of three values:
- `$top`, the top context
- `$serviceMonitor`, a dictionary of values used in the service account template
- [optional] the template name of the overrides
It creates a basic `ServiceMonitor` resource with the following defaults:
- Namespace selector is set to the release namespace
- Selector is set with [`common.selectorLabels`](#commonselectorlabels) to match the default used in the `Service` resource
An example values file that can be used to configure the `ServiceMonitor` resource is:
```yaml
serviceMonitor:
enabled: true
namespace: monitoring
port: 80
path: /path/to/metrics
interval: 30s
scrapeTimeout: 30s
basicAuth:
enabled: true
username: administrator
password: password
```
Example use:
```yaml
{ { - include "common.serviceMonitor" (list . .Values.serviceMonitor) } }
## The following is the same as above:
# {{- include "common.serviceMonitor" (list . .Values.serviceMonitor "mychart.serviceMonitor") }}
# {{- define "mychart.serviceMonitor" -}}
# {{- end }}
```
Output:
```yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mychart
app.kubernetes.io/version: 1.16.0
helm.sh/chart: mychart-0.1.0
name: release-name-mychart
namespace: monitoring
spec:
endpoints:
- basicAuth:
password:
key: password
name: release-name-mychart
username:
key: username
name: release-name-mychart
interval: 30s
path: /path/to/metrics
port: 80
scrapeTimeout: 30s
namespaceSelector:
matchNames:
- default
selector:
matchLabels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/name: mychart
```
### `common.serviceMonitor.secret`
The `common.serviceMonitor.secret` template accepts a list of three values:
- `$top`, the top context
- `$serviceMonitor`, a dictionary of values used in the service account template
- [optional] the template name of the overrides
It creates a `Secret` resource contains the BasicAuth information for the `ServiceMonitor`.
An example `values.yaml` for your `ServiceMonitor` could look like:
```yaml
serviceMonitor:
basicAuth:
enabled: true
username: administrator
password: password
```
Example use:
```yaml
{ { - include "common.serviceMonitor.secret" (list . .Values.serviceMonitor) } }
## The following is the same as above:
# {{- include "common.serviceMonitor.secret" (list . .Values.serviceMonitor "mychart.serviceMonitor.secret") }}
# {{- define "mychart.serviceMonitor.secret" -}}
# {{- end }}
```
Output:
```yaml
apiVersion: v1
data:
password: cGFzc3dvcmQ=
username: YWRtaW5pc3RyYXRvcg==
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mychart
app.kubernetes.io/version: 1.16.0
helm.sh/chart: mychart-0.1.0
name: release-name-mychart
namespace: monitoring
type: Opaque
```
## Partial Objects
When writing Kubernetes resources, you may find the following helpers useful to construct parts of the spec.
@@ -783,151 +60,17 @@ helm.sh/chart: foo-1.2.3-beta.55_1234
(Note that `+` is an illegal character in label values)
### `common.container`
The `common.container` template accepts a list of three values:
- `$top`, the top context
- `$container`, a dictionary of values used in the container template
- [optional] the template name of the overrides
It creates a basic `Container` spec to be used within a `Deployment` or `CronJob`. It holds the following defaults:
- The name is set to the chart name
- Uses `$container.image` to describe the image to run, with the following spec:
```yaml
image:
repository: nginx
tag: stable
pullPolicy: IfNotPresent
```
- Lays out the security options using `$container.securityContext`
- Lays out the compute resources using `$container.resources`
Example use:
```yaml
{{- include "common.deployment" (list . .Values .Values.autoscaling "mychart.deployment") }}
{{- define "mychart.deployment" -}}
## Define overrides for your Deployment resource here, e.g.
{{- $top := first . }}
{{- $deployment := index . 1 }}
spec:
template:
spec:
containers:
- {{- include "common.container" (list $top $deployment "mychart.deployment.container") | nindent 8 }}
{{- end }}
{{- define "mychart.deployment.container" -}}
## Define overrides for your Container here, e.g.
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
{{- end }}
```
The above example creates a `Deployment` resource which makes use of the `common.container` template to populate the `PodSpec`'s container list. The usage of this template is similar to the other resources, you must define and reference a template that contains overrides for the container object.
The most important part of a container definition is the image you want to run. As mentioned above, this is derived from `$container.image` by default. It is a best practice to define the image, tag and pull policy in your charts' values as this makes it easy for an operator to change the image registry, or use a specific tag or version. Another example of configuration that should be exposed to chart operators is the container's required compute resources, as this is also very specific to an operators environment. An example `values.yaml` for your chart could look like:
```yaml
replicaCount: 1
image:
repository: nginx
tag: stable
pullPolicy: IfNotPresent
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
```
The output of running the above values through the earlier template is:
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mychart
app.kubernetes.io/version: 1.16.0
helm.sh/chart: mychart-0.1.0
name: release-name-mychart
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/name: mychart
template:
metadata:
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/name: mychart
spec:
containers:
- image: nginx:stable
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /
port: http
name: mychart
ports:
- containerPort: 80
name: http
protocol: TCP
readinessProbe:
httpGet:
path: /
port: http
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
serviceAccountName: release-name-mychart
```
### `common.fullname`
The `common.fullname` template generates a name suitable for the `name:` field in Kubernetes metadata. It is used like this:
The `common.fullname` template generates a name suitable for the `name:` field in Kubernetes metadata. It is used like
this:
```yaml
name: { { include "common.fullname" . } }
```
This prints the value of `{{ .Release.Name }}-{{ .Chart.Name }}` by default, but can be overridden with `.Values. fullnameOverride`:
This prints the value of `{{ .Release.Name }}-{{ .Chart.Name }}` by default, but can be overridden
with `.Values. fullnameOverride`:
```yaml
fullnameOverride: some-name
@@ -1002,7 +145,8 @@ metadata:
name: release-name-mychart
```
Most of the common templates that define a resource type (e.g. `common.configMap` or `common.cronJob`) use this to generate the metadata, which means they inherit the same `labels` and `name` fields.
Most of the common templates that define a resource type (e.g. `common.configMap` or `common.cronJob`) use this to
generate the metadata, which means they inherit the same `labels` and `name` fields.
### `common.name`
@@ -1032,35 +176,6 @@ app.kubernetes.io/name: mychart
Output of this function is truncated at 63 characters, which is the maximum length of name.
### `common.pod.template`
The `common.pod.template` template accepts a list of four values:
- `$top`, the top context
- `$pod`, a dictionary of values used in the container template
- `$serviceAccount`, a dictionary of values used in the service account template
- [optional] the template name of the overrides
It creates a basic `PodTemplate` spec to be used within a `Deployment` or `CronJob`. It holds the following defaults:
- Labels are defined with [`common.selectorLabels`](#commonselectorlabels) as this is also used as the selector.
- Service account name is set with [`common.serviceAccountName`](#commonserviceaccountname)
It also uses the following configuration from the `$pod`:
| Value | Description |
| ------------------------- | -------------------------------------------------------- |
| `$pod.imagePullSecrets` | Names of secrets containing private registry credentials |
| `$pod.podAnnotations` | Pod annotations |
| `$pod.podSecurityContext` | Security options |
| `$pod.nodeSelector ` | Node labels for pod assignment |
| `$pod.affinity ` | Expressions for affinity |
| `$pod.tolerations ` | Toleration labels for pod assignment |
| `$pod.podLabels` | Pod extra labels |
| `$pod.priorityClassName` | Pod priorityClassName |
Underneath the hood, it invokes [`common.container`](#commoncontainer) template with `$pod` to populate the `PodSpec`'s container list.
### `common.selectorLabels`
`common.selectorLabels` prints the standard set of selector labels.
@@ -1077,44 +192,3 @@ Example output:
app.kubernetes.io/instance: release-name
app.kubernetes.io/name: mychart
```
### `common.serviceAccountName`
The `common.serviceAccountName` template accepts a list of two values:
- `$top`, the top context
- `$serviceAccount`, a dictionary of values used in the service account template
It generates a name suitable for the `serviceAccountName` field of a `Pod` resource.
Example usage:
```
serviceAccountName: {{ include "common.serviceAccountName" . .Values.serviceAccount }}
```
The following values can influence the output:
```yaml
serviceAccount:
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: some-name
```
Example output:
```yaml
---
# with the values above
serviceAccountName: some-name
---
# if serviceAccount.name is not set, the value will be the same as "common.fullname"
serviceAccountName: release-name-mychart
---
# if serviceAccount.create is false, the value will be "default"
serviceAccountName: default
```

7
create.sh
View File

@@ -8,9 +8,8 @@ then
exit 1
fi
mkdir "$1"
curl --proto '=https' --tlsv1.2 -sSf https://git.grachevko.ru/helm/common/archive/master.tar.gz | \
tar -xz -C "$1" --strip=2 common-chart-master/starter
find "$1" -type f | xargs sed -i "" "s/<CHARTNAME>/$1/g"
tar -xz --strip=2 common/starter
find . -type f -exec sed -i "s/<CHARTNAME>/$1/g" {} \;
helm dep build "$1"
helm dep update

2
starter/.helmignore
View File

@@ -21,3 +21,5 @@
.idea/
*.tmproj
.vscode/
# CI
.drone.yml

4
starter/Chart.yaml
View File

@@ -24,5 +24,5 @@ appVersion: 1.16.0
dependencies:
- name: common
version: "0.4.1"
repository: "https://hahow-helm-charts.storage.googleapis.com/"
version: "^0"
repository: "https://harbor.grachevko.ru/chartrepo/helm"

4
starter/templates/NOTES.txt
View File

@@ -1,3 +1,7 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}

12
starter/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if not .Values.existingConfigmap }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
data:
{{- if .Values.config.debug }}
DEBUG: true
{{- end }}
{{- end }}

91
starter/templates/deployment.yaml
View File

@@ -1,26 +1,85 @@
{{/* vim: set filetype=mustache: */}}
{{- include "common.deployment" (list . .Values .Values.autoscaling .Values.serviceAccount "<CHARTNAME>.deployment") }}
{{- define "<CHARTNAME>.deployment" -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
replicas: 1
selector:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "common.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- {{- include "common.container" (append . "<CHARTNAME>.container") | nindent 8 }}
{{- end }}
{{- define "<CHARTNAME>.container" -}}
ports:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
envFrom:
{{- if .Values.existingConfigmap }}
- configMapRef:
name: {{ .Values.existingConfigmap }}
{{- else }}
- configMapRef:
name: {{ include "common.fullname" . }}
{{- end }}
{{- if .Values.existingSecret }}
- secretRef:
name: {{ .Values.existingSecret }}
{{- else }}
- secretRef:
name: {{ include "common.fullname" . }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ .Values.extraEnvVarsSecret }}
{{- end }}
ports:
- name: http
containerPort: 80
containerPort: 5678
protocol: TCP
livenessProbe:
livenessProbe:
httpGet:
path: /
path: /healthz
port: http
readinessProbe:
readinessProbe:
httpGet:
path: /
path: /healthz
port: http
{{- end }}
startupProbe:
httpGet:
path: /healthz
port: http
failureThreshold: 30
periodSeconds: 10
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

3
starter/templates/hpa.yaml
View File

@@ -1,3 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- include "common.hpa" (list . .Values.autoscaling) -}}

44
starter/templates/ingress.yaml
View File

@@ -1,3 +1,41 @@
{{/* vim: set filetype=mustache: */}}
{{- include "common.ingress" (list . .Values.ingress .Values.service) }}
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "common.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ingressClassName: {{ .Values.ingress.className }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: {{ default "ImplementationSpecific" .pathType }}
backend:
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

10
starter/templates/secrets.yaml Normal file
View File

@@ -0,0 +1,10 @@
{{- if not .Values.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
type: Opaque
data: {}
{{- end }}

18
starter/templates/service.yaml
View File

@@ -1,3 +1,15 @@
{{/* vim: set filetype=mustache: */}}
{{- include "common.service" (list . .Values.service) }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

3
starter/templates/serviceaccount.yaml
View File

@@ -1,3 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- include "common.serviceAccount" (list . .Values.serviceAccount) }}

13
starter/values.yaml
View File

@@ -2,9 +2,17 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
config: {}
existingConfigmap:
existingSecret:
extraEnvVarsSecret:
replicaCount: 1
image:
registry: docker.io
repository: nginx
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
@@ -42,6 +50,11 @@ service:
ingress:
enabled: false
## @param ingress.ingressClassName IngressClass that will be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster.
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"

14
templates/_configmap.yaml
View File

@@ -1,14 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- define "common.configMap.tpl" -}}
{{- $top := first . }}
apiVersion: v1
kind: ConfigMap
metadata:
{{- include "common.metadata" (list $top) | nindent 2 }}
data: {}
{{- end }}
{{- define "common.configMap" -}}
{{- include "common.utils.merge" (append . "common.configMap.tpl") }}
{{- end }}

18
templates/_container.yaml
View File

@@ -1,18 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- define "common.container.tpl" -}}
{{- $top := first . }}
{{- $container := index . 1 }}
{{- $image := $container.image | default (dict) }}
name: {{ $top.Chart.Name }}
securityContext:
{{- toYaml $container.securityContext | nindent 2 }}
image: "{{ $image.repository }}:{{ $image.tag | default $top.Chart.AppVersion }}"
imagePullPolicy: {{ $container.image.pullPolicy }}
resources:
{{- toYaml $container.resources | nindent 2 }}
{{- end }}
{{- define "common.container" -}}
{{- include "common.utils.merge" (append . "common.container.tpl") }}
{{- end }}

49
templates/_cronjob.yaml
View File

@@ -1,49 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- define "common.cronJob.pod" -}}
spec:
restartPolicy: OnFailure
{{- end }}
{{- define "common.cronJob.tpl" -}}
{{- $top := first . }}
{{- $cronJob := index . 1 }}
{{- $pod := index . 2 }}
{{- $serviceAccount := index . 3 }}
{{- if semverCompare ">=1.21-0" $top.Capabilities.KubeVersion.GitVersion -}}
apiVersion: batch/v1
{{- else -}}
apiVersion: batch/v1beta1
{{- end }}
kind: CronJob
metadata:
{{- include "common.metadata" (list $top) | nindent 2 }}
spec:
schedule: "{{ $cronJob.schedule }}"
{{- with $cronJob.concurrencyPolicy }}
concurrencyPolicy: {{ . }}
{{- end }}
{{- with $cronJob.failedJobsHistoryLimit }}
failedJobsHistoryLimit: {{ . }}
{{- end }}
{{- with $cronJob.successfulJobsHistoryLimit }}
successfulJobsHistoryLimit: {{ . }}
{{- end }}
{{- with $cronJob.suspend }}
suspend: {{ . }}
{{- end }}
jobTemplate:
metadata:
labels:
{{- include "common.selectorLabels" $top | nindent 8 }}
spec:
{{- with $cronJob.activeDeadlineSeconds }}
activeDeadlineSeconds: {{ . }}
{{- end }}
template:
{{- include "common.pod.template" (list $top $pod $serviceAccount "common.cronJob.pod") | nindent 8 }}
{{- end }}
{{- define "common.cronJob" -}}
{{- include "common.utils.merge" (append . "common.cronJob.tpl") }}
{{- end }}

3
templates/_debug.yaml Normal file
View File

@@ -0,0 +1,3 @@
{{- define "common.dd" -}}
{{- . | toYaml | fail }}
{{- end -}}

25
templates/_deployment.yaml
View File

@@ -1,25 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- define "common.deployment.tpl" -}}
{{- $top := first . }}
{{- $deployment := index . 1 }}
{{- $autoscaling := index . 2 }}
{{- $serviceAccount := index . 3 }}
apiVersion: apps/v1
kind: Deployment
metadata:
{{- include "common.metadata" (list $top) | nindent 2 }}
spec:
{{- if not $autoscaling.enabled }}
replicas: {{ $deployment.replicaCount | default 1 }}
{{- end }}
selector:
matchLabels:
{{- include "common.selectorLabels" $top | nindent 6 }}
template:
{{- include "common.pod.template" (list $top $deployment $serviceAccount) | nindent 4 }}
{{- end }}
{{- define "common.deployment" -}}
{{- include "common.utils.merge" (append . "common.deployment.tpl") }}
{{- end }}

23
templates/_errors.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Through error when upgrading using empty passwords values that must not be empty.
Usage:
{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}}
{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }}
Required password params:
- validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error.
- context - Context - Required. Parent context.
*/}}
{{- define "common.errors.upgrade.passwords.empty" -}}
{{- $validationErrors := join "" .validationErrors -}}
{{- if and $validationErrors .context.Release.IsUpgrade -}}
{{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}}
{{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}}
{{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}}
{{- $errorString = print $errorString "\n%s" -}}
{{- printf $errorString $validationErrors | fail -}}
{{- end -}}
{{- end -}}

45
templates/_hpa.yaml
View File

@@ -1,45 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- define "common.hpa.tpl" -}}
{{- $top := first . }}
{{- $autoscaling := index . 1 }}
{{- if semverCompare ">=1.23-0" $top.Capabilities.KubeVersion.GitVersion -}}
apiVersion: autoscaling/v2
{{- else -}}
apiVersion: autoscaling/v2beta2
{{- end }}
kind: HorizontalPodAutoscaler
metadata:
{{- include "common.metadata" (list $top) | nindent 2 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "common.fullname" $top }}
minReplicas: {{ $autoscaling.minReplicas }}
maxReplicas: {{ $autoscaling.maxReplicas }}
metrics:
{{- with $autoscaling.cpuUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ . }}
{{- end }}
{{- with $autoscaling.memoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ . }}
{{- end }}
{{- end }}
{{- define "common.hpa" -}}
{{- $autoscaling := index . 1 }}
{{- if $autoscaling.enabled }}
{{- include "common.utils.merge" (append . "common.hpa.tpl") }}
{{- end }}
{{- end }}

67
templates/_ingress.yaml
View File

@@ -1,67 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- define "common.ingress.metadata" -}}
{{- $ingress := index . 1 }}
{{- with $ingress.annotations }}
annotations:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- define "common.ingress.tpl" -}}
{{- $top := first . }}
{{- $ingress := index . 1 }}
{{- $service := index . 2 }}
{{- $fullName := include "common.fullname" $top }}
{{- $svcPort := $service.port }}
{{- if semverCompare ">=1.19-0" $top.Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" $top.Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
{{- include "common.metadata" (append . "common.ingress.metadata") | nindent 2 }}
spec:
{{- if $ingress.tls }}
tls:
{{- range $ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range $ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $top.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $top.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- define "common.ingress" -}}
{{- $ingress := index . 1 }}
{{- if $ingress.enabled }}
{{- include "common.utils.merge" (append . "common.ingress.tpl") }}
{{- end }}
{{- end }}

7
templates/_name.tpl
View File

@@ -44,3 +44,10 @@ Create the name of the service account to use.
{{- default "default" $serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts.
*/}}
{{- define "common.namespace" -}}
{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}

36
templates/_pdb.yaml
View File

@@ -1,36 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- define "common.pdb.tpl" -}}
{{- $top := first . }}
{{- $pdb := index . 1 }}
{{- if semverCompare ">=1.21-0" $top.Capabilities.KubeVersion.GitVersion -}}
apiVersion: policy/v1
{{- else -}}
apiVersion: policy/v1beta1
{{- end }}
kind: PodDisruptionBudget
metadata:
{{- include "common.metadata" (list $top) | nindent 2 }}
spec:
selector:
matchLabels:
{{- include "common.selectorLabels" $top | nindent 6 }}
{{- if not (or (empty $pdb.minAvailable) (empty $pdb.maxUnavailable)) }}
{{- fail "minAvailable and maxUnavailable can not be set together" }}
{{- end }}
{{- with $pdb.minAvailable }}
minAvailable: {{ . }}
{{- end }}
{{- with $pdb.maxUnavailable }}
maxUnavailable: {{ . }}
{{- end }}
{{- end }}
{{- define "common.pdb" -}}
{{- $top := first . }}
{{- $deployment := index . 2 }}
{{- $autoscaling := index . 3 }}
{{- if or (and $autoscaling.enabled (gt ($autoscaling.minReplicas | int) 1)) (and (not $autoscaling.enabled) (gt ($deployment.replicaCount | int) 1)) }}
{{- include "common.utils.merge" (append . "common.pdb.tpl") }}
{{- end }}
{{- end }}

46
templates/_pod.tpl
View File

@@ -1,46 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- define "common.pod.template.tpl" -}}
{{- $top := first . }}
{{- $pod := index . 1 }}
{{- $serviceAccount := index . 2 }}
metadata:
{{- with $pod.podAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "common.selectorLabels" $top | nindent 4 }}
{{- with $pod.podLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $pod.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 4 }}
{{- end }}
serviceAccountName: {{ include "common.serviceAccountName" (list $top $serviceAccount) }}
securityContext:
{{- toYaml $pod.podSecurityContext | nindent 4 }}
containers:
- {{- include "common.container" (list $top $pod) | nindent 4 }}
{{- with $pod.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $pod.affinity }}
affinity:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $pod.tolerations }}
tolerations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $pod.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- end }}
{{- define "common.pod.template" -}}
{{- include "common.utils.merge" (append . "common.pod.template.tpl") }}
{{- end }}

15
templates/_secret.yaml
View File

@@ -1,15 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- define "common.secret.tpl" -}}
{{- $top := first . }}
apiVersion: v1
kind: Secret
metadata:
{{- include "common.metadata" (list $top) | nindent 2 }}
type: Opaque
data: {}
{{- end }}
{{- define "common.secret" -}}
{{- include "common.utils.merge" (append . "common.secret.tpl") }}
{{- end }}

184
templates/_secrets.tpl Normal file
View File

@@ -0,0 +1,184 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Generate secret name.
Usage:
{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }}
Params:
- existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret
- defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment.
- context - Dict - Required. The context for the template evaluation.
*/}}
{{- define "common.secrets.name" -}}
{{- $name := (include "common.fullname" .context) -}}
{{- if .defaultNameSuffix -}}
{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- with .existingSecret -}}
{{- if not (typeIs "string" .) -}}
{{- with .name -}}
{{- $name = . -}}
{{- end -}}
{{- else -}}
{{- $name = . -}}
{{- end -}}
{{- end -}}
{{- printf "%s" $name -}}
{{- end -}}
{{/*
Generate secret key.
Usage:
{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }}
Params:
- existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret
- key - String - Required. Name of the key in the secret.
*/}}
{{- define "common.secrets.key" -}}
{{- $key := .key -}}
{{- if .existingSecret -}}
{{- if not (typeIs "string" .existingSecret) -}}
{{- if .existingSecret.keyMapping -}}
{{- $key = index .existingSecret.keyMapping $.key -}}
{{- end -}}
{{- end }}
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}
{{/*
Generate secret password or retrieve one if already created.
Usage:
{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- key - String - Required - Name of the key in the secret.
- providedValues - List<String> - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
- length - int - Optional - Length of the generated random password.
- strong - Boolean - Optional - Whether to add symbols to the generated random password.
- chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
- context - Context - Required - Parent context.
The order in which this function returns a secret password:
1. Already existing 'Secret' resource
(If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
2. Password provided via the values.yaml
(If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned)
3. Randomly generated secret password
(A new random secret password with the length specified in the 'length' parameter will be generated and returned)
*/}}
{{- define "common.secrets.passwords.manage" -}}
{{- $password := "" }}
{{- $subchart := "" }}
{{- $chartName := default "" .chartName }}
{{- $passwordLength := default 32 .length }}
{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }}
{{- $secretData := (lookup "v1" "Secret" (include "common.namespace" .context) .secret).data }}
{{- if $secretData }}
{{- if hasKey $secretData .key }}
{{- $password = index $secretData .key | quote }}
{{- else }}
{{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
{{- end -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString | b64enc | quote }}
{{- else }}
{{- if .context.Values.enabled }}
{{- $subchart = $chartName }}
{{- end -}}
{{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}}
{{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}}
{{- $passwordValidationErrors := list $requiredPasswordError -}}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}}
{{- if .strong }}
{{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
{{- $password = randAscii $passwordLength }}
{{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
{{- else if .hex }}
{{- $password = include "common.secrets.randHex" $passwordLength | b64enc | quote }}
{{- else }}
{{- $password = randAlphaNum $passwordLength | b64enc | quote }}
{{- end }}
{{- end -}}
{{- printf "%s" $password -}}
{{- end -}}
{{- /*
Returns given number of random Hex characters.
- randNumeric 4 | atoi generates a random number in [0, 10^4)
This is a range evenly divisble by 16, but even if off by one,
that last partial interval offsetting randomness is only 1 part in 625.
- mod N 16 maps to the range 0-15
- printf "%x" represents a single number 0-15 as a single hex character
*/}}
{{- define "common.secrets.randHex" -}}
{{- $result := "" }}
{{- range $i := until . }}
{{- $rand_hex_char := mod (randNumeric 4 | atoi) 16 | printf "%x" }}
{{- $result = print $result $rand_hex_char }}
{{- end }}
{{- $result }}
{{- end }}
{{/*
Reuses the value from an existing secret, otherwise sets its value to a default value.
Usage:
{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- key - String - Required - Name of the key in the secret.
- defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
- context - Context - Required - Parent context.
*/}}
{{- define "common.secrets.lookup" -}}
{{- $value := "" -}}
{{- $defaultValue := required "\n'common.secrets.lookup': Argument 'defaultValue' missing or empty" .defaultValue -}}
{{- $secretData := (lookup "v1" "Secret" (include "common.namespace" .context) .secret).data -}}
{{- if and $secretData (hasKey $secretData .key) -}}
{{- $value = index $secretData .key -}}
{{- else -}}
{{- $value = $defaultValue | toString | b64enc -}}
{{- end -}}
{{- printf "%s" $value -}}
{{- end -}}
{{/*
Returns whether a previous generated secret already exists
Usage:
{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- context - Context - Required - Parent context.
*/}}
{{- define "common.secrets.exists" -}}
{{- $secret := (lookup "v1" "Secret" (include "common.namespace" .context) .secret) }}
{{- if $secret }}
{{- true -}}
{{- end -}}
{{- end -}}

23
templates/_service.yaml
View File

@@ -1,23 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- define "common.service.tpl" -}}
{{- $top := first . }}
{{- $service := index . 1 }}
apiVersion: v1
kind: Service
metadata:
{{- include "common.metadata" (list $top) | nindent 2 }}
spec:
type: {{ $service.type }}
ports:
- port: {{ $service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "common.selectorLabels" $top | nindent 4 }}
{{- end }}
{{- define "common.service" -}}
{{- include "common.utils.merge" (append . "common.service.tpl") }}
{{- end }}

26
templates/_serviceaccount.yaml
View File

@@ -1,26 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- define "common.serviceAccount.metadata" -}}
{{- $top := first . }}
{{- $serviceAccount := index . 1 }}
name: {{ include "common.serviceAccountName" . }}
{{- with $serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- define "common.serviceAccount.tpl" -}}
apiVersion: v1
kind: ServiceAccount
metadata:
{{- include "common.metadata" (append . "common.serviceAccount.metadata") | nindent 2 }}
{{- end }}
{{- define "common.serviceAccount" -}}
{{- $top := first . }}
{{- $serviceAccount := index . 1 }}
{{- if $serviceAccount.create }}
{{- include "common.utils.merge" (append . "common.serviceAccount.tpl") }}
{{- end }}
{{- end }}

25
templates/_servicemonitor-secret.yaml
View File

@@ -1,25 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- define "common.serviceMonitor.secret.tpl" -}}
{{- $top := first . }}
{{- $serviceMonitor := index . 1 }}
{{- $basicAuth := $serviceMonitor.basicAuth | default (dict) }}
metadata:
name: {{ $basicAuth.secretName | default (include "common.fullname" $top) }}
{{- with $serviceMonitor.namespace }}
namespace: {{ . }}
{{- end }}
{{- if $basicAuth.enabled }}
data:
{{ $basicAuth.usernameKey | default "username" }}: {{ $basicAuth.username | toString | b64enc | quote }}
{{ $basicAuth.passwordKey | default "password" }}: {{ $basicAuth.password | toString | b64enc | quote }}
{{- end }}
{{- end }}
{{- define "common.serviceMonitor.secret" -}}
{{- $top := first . }}
{{- $serviceMonitor := index . 1 }}
{{- if $serviceMonitor.enabled }}
{{- include "common.secret" (append . "common.serviceMonitor.secret.tpl") }}
{{- end }}
{{- end }}

54
templates/_servicemonitor.yaml
View File

@@ -1,54 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- define "common.serviceMonitor.metadata" -}}
{{- $serviceMonitor := index . 1 }}
{{- with $serviceMonitor.namespace }}
namespace: {{ . }}
{{- end }}
{{- end }}
{{- define "common.serviceMonitor.tpl" -}}
{{- $top := first . }}
{{- $serviceMonitor := index . 1 }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
{{- include "common.metadata" (append . "common.serviceMonitor.metadata") | nindent 2 }}
spec:
selector:
matchLabels:
{{- include "common.selectorLabels" $top | nindent 6 }}
namespaceSelector:
matchNames:
- {{ $top.Release.Namespace | quote }}
endpoints:
- port: "{{ $serviceMonitor.port }}"
{{- with $serviceMonitor.path }}
path: {{ . }}
{{- end }}
{{- with $serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
{{- with $serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ . }}
{{- end }}
{{- $basicAuth := $serviceMonitor.basicAuth | default (dict) }}
{{- $name := $basicAuth.secretName | default (include "common.fullname" $top) }}
{{- if $basicAuth.enabled }}
basicAuth:
username:
name: {{ $name }}
key: {{ $basicAuth.usernameKey | default "username" }}
password:
name: {{ $name }}
key: {{ $basicAuth.passwordKey | default "password" }}
{{- end }}
{{- end }}
{{- define "common.serviceMonitor" -}}
{{- $top := first . }}
{{- $serviceMonitor := index . 1 }}
{{- if $serviceMonitor.enabled }}
{{- include "common.utils.merge" (append . "common.serviceMonitor.tpl") }}
{{- end }}
{{- end }}

62
templates/_utils.tpl
View File

@@ -22,3 +22,65 @@ This takes an list of values:
{{- include $tplName $args }}
{{- end }}
{{- end }}
{{/*
Print instructions to get a secret value.
Usage:
{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }}
*/}}
{{- define "common.utils.secret.getvalue" -}}
{{- $varname := include "common.utils.fieldToEnvVar" . -}}
export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d)
{{- end -}}
{{/*
Build env var name given a field
Usage:
{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }}
*/}}
{{- define "common.utils.fieldToEnvVar" -}}
{{- $fieldNameSplit := splitList "-" .field -}}
{{- $upperCaseFieldNameSplit := list -}}
{{- range $fieldNameSplit -}}
{{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}}
{{- end -}}
{{ join "_" $upperCaseFieldNameSplit }}
{{- end -}}
{{/*
Gets a value from .Values given
Usage:
{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }}
*/}}
{{- define "common.utils.getValueFromKey" -}}
{{- $splitKey := splitList "." .key -}}
{{- $value := "" -}}
{{- $latestObj := $.context.Values -}}
{{- range $splitKey -}}
{{- if not $latestObj -}}
{{- printf "please review the entire path of '%s' exists in values" $.key | fail -}}
{{- end -}}
{{- $value = ( index $latestObj . ) -}}
{{- $latestObj = $value -}}
{{- end -}}
{{- printf "%v" (default "" $value) -}}
{{- end -}}
{{/*
Returns first .Values key with a defined value or first of the list if all non-defined
Usage:
{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }}
*/}}
{{- define "common.utils.getKeyFromList" -}}
{{- $key := first .keys -}}
{{- $reverseKeys := reverse .keys }}
{{- range $reverseKeys }}
{{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }}
{{- if $value -}}
{{- $key = . }}
{{- end -}}
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}

46
templates/_validations.tpl Normal file
View File

@@ -0,0 +1,46 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate values must not be empty.
Usage:
{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}}
{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}}
{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
Validate value params:
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
*/}}
{{- define "common.validations.values.multiple.empty" -}}
{{- range .required -}}
{{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}}
{{- end -}}
{{- end -}}
{{/*
Validate a value must not be empty.
Usage:
{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }}
Validate value params:
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
- subchart - String - Optional - Name of the subchart that the validated password is part of.
*/}}
{{- define "common.validations.values.single.empty" -}}
{{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }}
{{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }}
{{- if not $value -}}
{{- $varname := "my-value" -}}
{{- $getCurrentValue := "" -}}
{{- if and .secret .field -}}
{{- $varname = include "common.utils.fieldToEnvVar" . -}}
{{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}}
{{- end -}}
{{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}}
{{- end -}}
{{- end -}}