From 19f22c18a125f839f29d7f944615f0a1fc057c2e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 19 May 2024 18:56:41 +0200 Subject: [PATCH] A lot of work on the workload library --- README.md | 7 +- charts/{testing => crds}/.helmignore | 0 charts/{testing => crds}/Chart.yaml | 2 +- charts/crds/templates/_crds.yaml | 16 +++ .../templates/_helpers.tpl | 12 -- .../notes => crds/templates}/_notes.tpl | 0 .../{testing => crds}/templates/_utils.yaml | 0 .../templates/metadata/_base.tpl | 0 .../templates/metadata/_labels.tpl | 0 charts/testing/templates/configs/_env.tpl | 20 --- .../templates/deployment/_deployment.tpl | 11 -- charts/testing/templates/deployment/_spec.tpl | 61 --------- charts/testing/templates/notes/_notes.tpl | 3 - charts/testing/templates/pvc/_pvc.tpl | 18 --- .../testing/templates/workload/_security.tpl | 29 ----- .../templates/_workloads.yaml | 12 -- .../templates/deployment/_spec.tpl | 97 --------------- .../templates/workload/_security.tpl | 34 ----- .../.helmignore | 0 .../{workload-testing => workload}/Chart.yaml | 2 +- .../templates/_helpers.tpl | 0 .../templates/_utils.yaml | 0 .../templates/_workloads.yaml | 3 +- .../addons/traefik/_ingress_route_tcp.tpl | 13 ++ .../addons/traefik/_ingress_route_udp.tpl | 13 ++ .../templates/configs/_env.tpl | 0 .../templates/configs/_files.tpl | 0 .../templates/deployment/_containers.tpl | 117 ++++++++++++++++++ .../templates/deployment/_deployment.tpl | 0 .../workload/templates/deployment/_spec.tpl | 29 +++++ .../templates/deployment/_volumes.tpl | 32 +++++ .../templates/metadata/_base.tpl | 2 +- .../templates/metadata/_labels.tpl | 0 charts/workload/templates/notes/_notes.tpl | 8 ++ .../templates/pvc/_pvc.tpl | 2 + .../templates/rbac/_rbac.yaml | 0 .../templates/service/_service.tpl | 0 .../templates/service/_services.tpl} | 20 +-- charts/workload/templates/workload/_image.tpl | 33 +++++ .../workload/templates/workload/_security.tpl | 36 ++++++ 40 files changed, 322 insertions(+), 310 deletions(-) rename charts/{testing => crds}/.helmignore (100%) rename charts/{testing => crds}/Chart.yaml (85%) create mode 100644 charts/crds/templates/_crds.yaml rename charts/{workload-testing => crds}/templates/_helpers.tpl (83%) rename charts/{workload-testing/templates/notes => crds/templates}/_notes.tpl (100%) rename charts/{testing => crds}/templates/_utils.yaml (100%) rename charts/{testing => crds}/templates/metadata/_base.tpl (100%) rename charts/{testing => crds}/templates/metadata/_labels.tpl (100%) delete mode 100644 charts/testing/templates/configs/_env.tpl delete mode 100644 charts/testing/templates/deployment/_deployment.tpl delete mode 100644 charts/testing/templates/deployment/_spec.tpl delete mode 100644 charts/testing/templates/notes/_notes.tpl delete mode 100644 charts/testing/templates/pvc/_pvc.tpl delete mode 100644 charts/testing/templates/workload/_security.tpl delete mode 100644 charts/workload-testing/templates/_workloads.yaml delete mode 100644 charts/workload-testing/templates/deployment/_spec.tpl delete mode 100644 charts/workload-testing/templates/workload/_security.tpl rename charts/{workload-testing => workload}/.helmignore (100%) rename charts/{workload-testing => workload}/Chart.yaml (82%) rename charts/{testing => workload}/templates/_helpers.tpl (100%) rename charts/{workload-testing => workload}/templates/_utils.yaml (100%) rename charts/{testing => workload}/templates/_workloads.yaml (78%) create mode 100644 charts/workload/templates/addons/traefik/_ingress_route_tcp.tpl create mode 100644 charts/workload/templates/addons/traefik/_ingress_route_udp.tpl rename charts/{workload-testing => workload}/templates/configs/_env.tpl (100%) rename charts/{workload-testing => workload}/templates/configs/_files.tpl (100%) create mode 100644 charts/workload/templates/deployment/_containers.tpl rename charts/{workload-testing => workload}/templates/deployment/_deployment.tpl (100%) create mode 100644 charts/workload/templates/deployment/_spec.tpl create mode 100644 charts/workload/templates/deployment/_volumes.tpl rename charts/{workload-testing => workload}/templates/metadata/_base.tpl (91%) rename charts/{workload-testing => workload}/templates/metadata/_labels.tpl (100%) create mode 100644 charts/workload/templates/notes/_notes.tpl rename charts/{workload-testing => workload}/templates/pvc/_pvc.tpl (92%) rename charts/{workload-testing => workload}/templates/rbac/_rbac.yaml (100%) rename charts/{workload-testing => workload}/templates/service/_service.tpl (100%) rename charts/{testing/templates/service/_service.tpl => workload/templates/service/_services.tpl} (51%) create mode 100644 charts/workload/templates/workload/_image.tpl create mode 100644 charts/workload/templates/workload/_security.tpl diff --git a/README.md b/README.md index 7e237cb..2ece866 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ -# helm-library +# Softplayer helm library -A helm library for the chart maintained by Bad Houseplants \ No newline at end of file +## About +... +## How to use? +... \ No newline at end of file diff --git a/charts/testing/.helmignore b/charts/crds/.helmignore similarity index 100% rename from charts/testing/.helmignore rename to charts/crds/.helmignore diff --git a/charts/testing/Chart.yaml b/charts/crds/Chart.yaml similarity index 85% rename from charts/testing/Chart.yaml rename to charts/crds/Chart.yaml index 52ba110..4d50e48 100644 --- a/charts/testing/Chart.yaml +++ b/charts/crds/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: softplayer-lib-testing +name: softplayer-lib-crd description: A library to be reused accross softplayer charts type: library version: 0.1.0 diff --git a/charts/crds/templates/_crds.yaml b/charts/crds/templates/_crds.yaml new file mode 100644 index 0000000..a8f6c23 --- /dev/null +++ b/charts/crds/templates/_crds.yaml @@ -0,0 +1,16 @@ +{{- define "lib.crds" -}} +{{- range $crd := .Values.crds }} +{{ $manifest := $.Files.Get (printf "files/%s.yaml" $crd.file) | fromYaml }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +{{- include "lib.metadata" (dict "Context" $ "customName" $manifest.metadata.name )}} +spec: + group: {{ $manifest.spec.group }} + names: +{{ $manifest.spec.names | toYaml | indent 4 }} + scope: {{ $manifest.spec.scope }} + versions: +{{ $manifest.spec.versions | toYaml | indent 4 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/workload-testing/templates/_helpers.tpl b/charts/crds/templates/_helpers.tpl similarity index 83% rename from charts/workload-testing/templates/_helpers.tpl rename to charts/crds/templates/_helpers.tpl index 83b70b7..b4c3802 100644 --- a/charts/workload-testing/templates/_helpers.tpl +++ b/charts/crds/templates/_helpers.tpl @@ -49,15 +49,3 @@ Selector labels app.kubernetes.io/name: {{ include "chart.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "chart.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "chart.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - diff --git a/charts/workload-testing/templates/notes/_notes.tpl b/charts/crds/templates/_notes.tpl similarity index 100% rename from charts/workload-testing/templates/notes/_notes.tpl rename to charts/crds/templates/_notes.tpl diff --git a/charts/testing/templates/_utils.yaml b/charts/crds/templates/_utils.yaml similarity index 100% rename from charts/testing/templates/_utils.yaml rename to charts/crds/templates/_utils.yaml diff --git a/charts/testing/templates/metadata/_base.tpl b/charts/crds/templates/metadata/_base.tpl similarity index 100% rename from charts/testing/templates/metadata/_base.tpl rename to charts/crds/templates/metadata/_base.tpl diff --git a/charts/testing/templates/metadata/_labels.tpl b/charts/crds/templates/metadata/_labels.tpl similarity index 100% rename from charts/testing/templates/metadata/_labels.tpl rename to charts/crds/templates/metadata/_labels.tpl diff --git a/charts/testing/templates/configs/_env.tpl b/charts/testing/templates/configs/_env.tpl deleted file mode 100644 index f7c1c9b..0000000 --- a/charts/testing/templates/configs/_env.tpl +++ /dev/null @@ -1,20 +0,0 @@ -{{- define "lib.env" -}} -{{- range $k, $v := .Values.env }} -{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }} ---- -apiVersion: v1 -{{- if not $v.sensitive }} -kind: ConfigMap -{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}} -data: -{{- else }} -kind: Secret -{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}} -stringData: -{{- end }} -{{- with $v.data }} -{{ toYaml . | indent 2}} -{{- end }} -{{- end }} -{{- end -}} - diff --git a/charts/testing/templates/deployment/_deployment.tpl b/charts/testing/templates/deployment/_deployment.tpl deleted file mode 100644 index a5e43be..0000000 --- a/charts/testing/templates/deployment/_deployment.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{- define "lib.deployment" -}} -# --------------------------------------------------------------------- -# The deployment is build withing the helm library -# please check the lib/tempaltes/deployment/base -# --------------------------------------------------------------------- -apiVersion: apps/v1 -kind: Deployment -{{- include "lib.metadata" (dict "Context" . "customName" "")}} -{{- include "deployment.spec" . }} -{{- end -}} - diff --git a/charts/testing/templates/deployment/_spec.tpl b/charts/testing/templates/deployment/_spec.tpl deleted file mode 100644 index a190f7b..0000000 --- a/charts/testing/templates/deployment/_spec.tpl +++ /dev/null @@ -1,61 +0,0 @@ -{{/* - This is a builder for deployments -*/}} -{{- define "deployment.spec" }} -spec: - replicas: {{ .Values.workload.replicas }} - selector: - matchLabels: -{{ include "metadata.selectorLabels" . | indent 6 }} - template: - metadata: - labels: -{{ include "metadata.labels" . | indent 8 }} - spec: -{{ include "lib.securityContext" . | indent 6 }} - {{- if or .Values.storage .Values.extraVolumes }} - volumes: - {{- if .Values.storage }} - {{- range $k, $v := .Values.storage }} - - name: {{ $k }} - persistentVolumeClaim: - claimName: {{ include "chart.fullname" $ }}-data - {{- end }} - {{- end }} - {{- end }} - containers: -{{- range $k,$v := .Values.workload.containers }} - - name: {{ $k }} -{{ include "lib.containerSecurityContext" . | indent 8 }} - image: {{ index $.Chart.Annotations "helm.badhouseplants.net/registry" }}:{{ $.Chart.AppVersion }} -{{- with $v.ports }} - ports: -{{- range $p := $v.ports}} - - containerPort: {{ index (index $.Values.service.ports $p) "targetPort" }} - -{{- if $v.envFrom }} - envFrom: -{{- range $k := $v.envFrom }} -{{- if kindIs "string" $k }} -{{- if (index $.Values.env $k) }} -{{- if (index $.Values.env $k).sensitive }} - - secretRef: -{{- else }} - - configMapRef: -{{- end }} - name: {{ printf "%s-%s" (include "chart.fullname" $) $k }} -{{- end }} -{{- else }} -{{- range $k, $v := $k }} - - {{ $k }}: -{{ toYaml $v | indent 14 }} -{{- end }} -{{- end -}} - - -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/testing/templates/notes/_notes.tpl b/charts/testing/templates/notes/_notes.tpl deleted file mode 100644 index e78176d..0000000 --- a/charts/testing/templates/notes/_notes.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "lib.notes" -}} -{{ include "helpers.allowed_workloads" . }} -{{- end }} diff --git a/charts/testing/templates/pvc/_pvc.tpl b/charts/testing/templates/pvc/_pvc.tpl deleted file mode 100644 index a3232dd..0000000 --- a/charts/testing/templates/pvc/_pvc.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{- define "lib.pvc" -}} -{{- range $k, $v := .Values.storage }} -{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }} ---- -apiVersion: v1 -kind: PersistentVolumeClaim -{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}} -spec: -{{- with $v.accessModes }} - accessModes: -{{ toYaml . | indent 4}} -{{- end }} - resources: - requests: - storage: {{ $v.size }} - storageClassName: {{ $v.storageClassName }} -{{- end }} -{{- end -}} diff --git a/charts/testing/templates/workload/_security.tpl b/charts/testing/templates/workload/_security.tpl deleted file mode 100644 index dcb96c0..0000000 --- a/charts/testing/templates/workload/_security.tpl +++ /dev/null @@ -1,29 +0,0 @@ -{{- define "lib.securityContext" -}} -{{- if not .Values.workload.securityContext -}} -# --------------------------------------------------------------------- -# Using the default security context, if it doesn't work for you, -# please update `.Values.workload.securityContext` -# --------------------------------------------------------------------- -securityContext: - runAsUser: 1000 - runAsGroup: 3000 - fsGroup: 2000 -{{- else -}} -{{- with .Values.workload.securityContext -}} -securityContext: -{{ toYaml . | indent 2 }} -{{- end }} -{{- end -}} -{{- end -}} - -{{- define "lib.containerSecurityContext" -}} -securityContext: -{{- if not .securityContext }} - runAsUser: 2000 - allowPrivilegeEscalation: false -{{- else }} -{{- with .securityContext }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end -}} -{{- end -}} diff --git a/charts/workload-testing/templates/_workloads.yaml b/charts/workload-testing/templates/_workloads.yaml deleted file mode 100644 index ca2aa4b..0000000 --- a/charts/workload-testing/templates/_workloads.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- define "helpers.allowed_workloads" -}} -{{ index .Chart.Annotations "helm.badhouseplants.net/allowed_workload_kinds" }} -{{- end -}} - -{{- define "lib.workload" -}} ---- -{{ if eq .Values.workload.kind "Deployment" -}} -{{- if contains .Values.workload.kind (include "helpers.allowed_workloads" .) }} -{{- include "lib.deployment" . }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/workload-testing/templates/deployment/_spec.tpl b/charts/workload-testing/templates/deployment/_spec.tpl deleted file mode 100644 index 0d6229e..0000000 --- a/charts/workload-testing/templates/deployment/_spec.tpl +++ /dev/null @@ -1,97 +0,0 @@ -{{/* - This is a builder for deployments -*/}} -{{- define "deployment.spec" }} -spec: - replicas: {{ .Values.workload.replicas }} - selector: - matchLabels: -{{ include "metadata.selectorLabels" . | indent 6 }} - template: - metadata: - labels: -{{ include "metadata.labels" . | indent 8 }} - spec: -{{/* Prepare the securityContext for the pod */}} -{{- include "lib.securityContext" . | indent 6 -}} -{{/* Add all the volues to pod */}} - {{- if or ( or .Values.storage .Values.extraVolumes) .Values.files }} - volumes: - {{- if .Values.storage }} - {{- range $k, $v := .Values.storage }} - - name: {{ $k }}-storage - persistentVolumeClaim: - claimName: " {{- printf "%s-%s" (include "chart.fullname" $) $k }}" - {{- end }} - {{- end }} - {{- if .Values.files }}-file - {{- range $k, $v := .Values.files }} - - name: {{ $k }} - {{- if $v.sensitive }} - secret: - defaultMode: 420 - secretName: " {{- printf "%s-%s" (include "chart.fullname" $) $k }}" - {{- else }} - configMap: - name: "{{- printf "%s-%s" (include "chart.fullname" $) $k }}" - {{- end }} - {{- end }} - {{- end }} - {{- end -}} -{{/* Define containers */}} - containers: -{{- range $k,$v := .Values.workload.containers }} - - name: {{ $k }} -{{/* Prepare the securityContext for the container */}} -{{- include "lib.containerSecurityContext" . | indent 8 -}} -{{/* Image fron chart's annotations */}} - image: {{ index $.Chart.Annotations "helm.badhouseplants.net/registry" }}:{{ $.Chart.AppVersion }} - {{- with $v.command }} - command: -{{. | toYaml | indent 10 }} - {{- end -}} - {{- with $v.args }} - args: -{{. | toYaml | indent 10 }} - {{- end -}} -{{- if $v.mounts }} - mounts: -{{- range $k ,$v := range $v.mounts }} -{{- if $k == "storage" }} - name: {{ $k }}-storage -{{- end }} -{{- end }} - volumeMounts: -{{/* Ports */}} -{{- with $v.ports }} - ports: -{{- range $p := $v.ports}} - - containerPort: {{ index (index $.Values.service.ports $p) "targetPort" }} -{{/* If env should be set from a Configmap/Secret */}} -{{- if $v.envFrom }} - envFrom: -{{- range $k := $v.envFrom }} -{{/* If envFrom entry is a string, then refer to the env created by the library */}} -{{- if kindIs "string" $k }} -{{- if (index $.Values.env $k) }} -{{- if (index $.Values.env $k).sensitive }} - - secretRef: -{{- else }} - - configMapRef: -{{- end }} - name: {{ printf "%s-%s" (include "chart.fullname" $) $k }} -{{- end }} -{{/* Otherwise try to add references directly (if Secrets/ConfigMaps are not managed by the chart) */}} -{{- else }} -{{- range $k, $v := $k }} - - {{ $k }}: -{{ toYaml $v | indent 14 }} -{{- end }} -{{- end }} -{{- end }} - -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/workload-testing/templates/workload/_security.tpl b/charts/workload-testing/templates/workload/_security.tpl deleted file mode 100644 index 336921e..0000000 --- a/charts/workload-testing/templates/workload/_security.tpl +++ /dev/null @@ -1,34 +0,0 @@ -{{- define "lib.securityContext" -}} -{{- if not .Values.workload.securityContext -}} -# --------------------------------------------------------------------- -# Using the default security context, if it doesn't work for you, -# please update `.Values.workload.securityContext` -# --------------------------------------------------------------------- -securityContext: - runAsUser: 1000 - runAsGroup: 3000 - fsGroup: 2000 - seccompProfile: - type: RuntimeDefault -{{- else -}} -{{- with .Values.workload.securityContext -}} -securityContext: -{{ toYaml . | indent 2 }} -{{- end }} -{{- end -}} -{{- end -}} - -{{- define "lib.containerSecurityContext" -}} -securityContext: -{{- if not .securityContext }} - runAsUser: 2000 - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL -{{- else }} -{{- with .securityContext }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end -}} -{{- end -}} diff --git a/charts/workload-testing/.helmignore b/charts/workload/.helmignore similarity index 100% rename from charts/workload-testing/.helmignore rename to charts/workload/.helmignore diff --git a/charts/workload-testing/Chart.yaml b/charts/workload/Chart.yaml similarity index 82% rename from charts/workload-testing/Chart.yaml rename to charts/workload/Chart.yaml index f90fcd9..1e01e39 100644 --- a/charts/workload-testing/Chart.yaml +++ b/charts/workload/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: softplayer-lib-workload-testing +name: softplayer-lib-workload description: A library to be reused accross softplayer charts type: library version: 0.1.0 diff --git a/charts/testing/templates/_helpers.tpl b/charts/workload/templates/_helpers.tpl similarity index 100% rename from charts/testing/templates/_helpers.tpl rename to charts/workload/templates/_helpers.tpl diff --git a/charts/workload-testing/templates/_utils.yaml b/charts/workload/templates/_utils.yaml similarity index 100% rename from charts/workload-testing/templates/_utils.yaml rename to charts/workload/templates/_utils.yaml diff --git a/charts/testing/templates/_workloads.yaml b/charts/workload/templates/_workloads.yaml similarity index 78% rename from charts/testing/templates/_workloads.yaml rename to charts/workload/templates/_workloads.yaml index ca2aa4b..0c012b7 100644 --- a/charts/testing/templates/_workloads.yaml +++ b/charts/workload/templates/_workloads.yaml @@ -1,5 +1,5 @@ {{- define "helpers.allowed_workloads" -}} -{{ index .Chart.Annotations "helm.badhouseplants.net/allowed_workload_kinds" }} +{{ index .Chart.Annotations "allowed_workload_kinds" }} {{- end -}} {{- define "lib.workload" -}} @@ -10,3 +10,4 @@ {{- end }} {{- end }} {{- end }} + diff --git a/charts/workload/templates/addons/traefik/_ingress_route_tcp.tpl b/charts/workload/templates/addons/traefik/_ingress_route_tcp.tpl new file mode 100644 index 0000000..8761e18 --- /dev/null +++ b/charts/workload/templates/addons/traefik/_ingress_route_tcp.tpl @@ -0,0 +1,13 @@ +{{- define "lib.traefik.ingress_route_tcp" -}} +{{- range $k, $v := .Values.traefik.tcpRoutes }} +{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }} +--- +{{- if .Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }} +apiVersion: traefik.io/v1alpha1 +kind: IngressRouteTCP +{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}} +spec: +{{ tpl ($v | toYaml | indent 2 | toString) $ }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/workload/templates/addons/traefik/_ingress_route_udp.tpl b/charts/workload/templates/addons/traefik/_ingress_route_udp.tpl new file mode 100644 index 0000000..823930b --- /dev/null +++ b/charts/workload/templates/addons/traefik/_ingress_route_udp.tpl @@ -0,0 +1,13 @@ +{{- define "lib.traefik.ingress_route_udp" -}} +{{- range $k, $v := .Values.traefik.udpRoutes }} +{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }} +--- +{{- if .Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteUDP" }} +apiVersion: traefik.io/v1alpha1 +kind: IngressRouteUDP +{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}} +spec: +{{ tpl ($v | toYaml | indent 2 | toString) $ }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/workload-testing/templates/configs/_env.tpl b/charts/workload/templates/configs/_env.tpl similarity index 100% rename from charts/workload-testing/templates/configs/_env.tpl rename to charts/workload/templates/configs/_env.tpl diff --git a/charts/workload-testing/templates/configs/_files.tpl b/charts/workload/templates/configs/_files.tpl similarity index 100% rename from charts/workload-testing/templates/configs/_files.tpl rename to charts/workload/templates/configs/_files.tpl diff --git a/charts/workload/templates/deployment/_containers.tpl b/charts/workload/templates/deployment/_containers.tpl new file mode 100644 index 0000000..2cd02af --- /dev/null +++ b/charts/workload/templates/deployment/_containers.tpl @@ -0,0 +1,117 @@ +{{- define "helper.deployment.containers" -}} {{- /* (define) */ -}} +{{- if not .Values.workload.containers -}} {{- /* (1) */ -}} +{{ fail ".Values.workload.containers can not be empty (heler.deployment.containers)" }} +{{- end -}} {{- /* /(1) */ -}} +containers: +{{- range $k,$v := .Values.workload.containers }} {{- /* (1) */}} + - name: {{ $k }} + {{- include "helper.workload.containerSecurityContext" . | nindent 4 -}} + {{- include "helper.workload.image" (dict "Chart" $.Chart "Image" .image) | indent 4 -}} + {{- include "helper.container.command" $v | nindent 4 -}} + {{- include "helper.container.args" $v | nindent 4 -}} + {{- include "helper.container.ports" (dict "Context" $ "Container" $v) | nindent 4 -}} + {{- include "helper.container.volumeMounts" $v | nindent 4 -}} + {{- include "helper.container.envFrom" (dict "Context" $ "Container" $v) | nindent 4 -}} +{{- end }} {{- /* /(1) */}} +{{- end -}} {{- /* /(define) */ -}} + +{{- define "helper.deployment.initContainers" -}} {{- /* (define) */ -}} +{{- if .Values.workload.initContainers -}} {{- /* (1) */ -}} +initContainers: +{{- range $k,$v := .Values.workload.initContainers }} {{- /* (2) */}} + - name: {{ $k }} + {{- include "helper.workload.containerSecurityContext" . | nindent 4 -}} + {{- include "helper.workload.image" (dict "Chart" $.Chart "Image" .image) | indent 4 -}} + {{- include "helper.container.command" $v | nindent 4 -}} + {{- include "helper.container.args" $v | nindent 4 -}} + {{- include "helper.container.ports" (dict "Context" $ "Container" $v) | nindent 4 -}} + {{- include "helper.container.volumeMounts" $v | nindent 4 -}} + {{- include "helper.container.envFrom" (dict "Context" $ "Container" $v) | nindent 4 -}} +{{- end }} {{- /* /(1) */}} +{{- end -}} {{- /* /(2) */ -}} + +{{- end -}} {{- /* /(define) */ -}} + +{{- define "helper.deployment.container" -}} {{- /* (define) */ -}} +{{- end -}} {{- /* /(define) */ -}} + +{{- define "helper.container.command" -}} {{- /* (define) */ -}} +{{- with .command }} {{- /* (1) */ -}} +command: +{{ . | toYaml | indent 2 }} +{{- end -}} {{- /* /(1) */ -}} +{{- end -}} {{- /* /(define) */ -}} + +{{- define "helper.container.args" -}} {{- /* (define) */ -}} +{{- with .args }} {{- /* (1) */ -}} +args: +{{ . | toYaml | indent 2 }} +{{- end -}} {{- /* /(1) */ -}} +{{- end -}} {{- /* /(define) */ -}} + +{{- define "helper.container.ports" -}} {{- /* (define) */ -}} +{{- if .Container.ports -}} {{- /* (1) */ -}} +ports: +{{- range $p := .Container.ports -}} {{- /* (2) */ -}} +{{- if kindIs "string" $p }} {{- /* (3) */}} + - containerPort: {{ index (index $.Context.Values.service.ports $p) "targetPort" }} + protocol: {{ index (index $.Context.Values.service.ports $p) "protocol" }} +{{- else }} +{{ print "-" | indent 2 | -}} +{{ $p | toYaml | nindent 4 -}} +{{- end -}} {{- /* /(3) */ -}} +{{- end -}} {{- /* /(2) */ -}} +{{- end -}} {{- /* /(1) */ -}} +{{- end -}} {{- /* /(define) */ -}} + +{{- define "helper.container.volumeMounts" -}} {{- /* (define) */ -}} +{{- if .mounts -}} {{- /* (1) */ -}} +volumeMounts: +{{- range $mountKind, $mountData := .mounts }} {{- /* (2) */}} +{{- if eq $mountKind "storage" }} {{- /* (3) */}} +{{- range $mountName, $mountEntry := $mountData }} {{- /* (4) */}} + - name: {{ printf "%s-storage" $mountName }} + mountPath: {{ $mountEntry.path }} +{{- end }} {{- /* /(4) */}} +{{- end }} {{- /* /(3) */}} +{{- if eq $mountKind "files" }} {{- /* (3) */}} +{{- range $mountName, $mountEntry := $mountData }} {{- /* (4) */}} + - name: {{ printf "%s-file" $mountName }} + mountPath: {{ $mountEntry.path }} +{{- end }} {{- /* /(4) */}} +{{- end }} {{- /* /(3) */}} +{{- if eq $mountKind "extraVolumes" }} {{- /* (3) */}} +{{- range $mountName, $mountEntry := $mountData }} {{- /* (4) */}} + - name: {{ printf "%s-extra" $mountName }} + mountPath: {{ $mountEntry.path }} +{{- end }} {{- /* /(4) */}} +{{- end }} {{- /* /(3) */}} +{{- end }} {{- /* /(2) */}} +{{- end }} {{- /* /(1) */}} +{{- end -}} {{- /* /(define) */ -}} + +{{- define "helper.container.envFrom" -}} {{- /* (define) */ -}} +{{/* If env should be set from a Configmap/Secret */}} +{{- if .Container.envFrom }} {{- /* (1) */}} +envFrom: +{{- range $k := .Container.envFrom -}} {{- /* (2) */ -}} +{{/* If envFrom entry is a string, then refer to the env created by the library */}} +{{- if kindIs "string" $k -}} {{- /* (3) */ -}} +{{- if (index $.Context.Values.env $k) -}} {{- /* (4) */ -}} +{{- if (index $.Context.Values.env $k).sensitive }} {{- /* (5) */}} + - secretRef: +{{- else }} + - configMapRef: +{{- end }} {{- /* /(5) */}} + name: {{- printf " %s-%s" (include "chart.fullname" $.Context) $k -}} +{{- end -}} {{- /* /(4) */}} +{{- /* Otherwise try to add references directly (if Secrets/ConfigMaps are not managed by the chart) */ -}} +{{- else -}} +{{- range $k, $v := $k }} {{- /* (5) */}} + - {{ $k }}: +{{ toYaml $v | indent 14 }} +{{- end -}} {{- /* /(4) */ -}} +{{- end -}} {{- /* /(3) */ -}} +{{- end -}} {{- /* /(2) */ -}} +{{- end -}} {{- /* /(1) */ -}} +{{- end -}} {{- /* /(define) */ -}} diff --git a/charts/workload-testing/templates/deployment/_deployment.tpl b/charts/workload/templates/deployment/_deployment.tpl similarity index 100% rename from charts/workload-testing/templates/deployment/_deployment.tpl rename to charts/workload/templates/deployment/_deployment.tpl diff --git a/charts/workload/templates/deployment/_spec.tpl b/charts/workload/templates/deployment/_spec.tpl new file mode 100644 index 0000000..82f9074 --- /dev/null +++ b/charts/workload/templates/deployment/_spec.tpl @@ -0,0 +1,29 @@ +{{/* + This is a builder for deployments +*/}} + +{{- define "deployment.spec" }} {{- /* (define) */}} +# --------------------------------------------------------------------- +# The spec is build within the helm library +# please check the lib/templates/deployment/spec +# --------------------------------------------------------------------- +spec: + replicas: {{ .Values.workload.replicas | default 1}} + selector: + matchLabels: +{{ include "metadata.selectorLabels" . | indent 6 }} +{{ include "lib.deployment.template" . | indent 2 }} + +{{- end -}} + +{{- define "lib.deployment.template" -}} {{- /* (define) */ -}} +template: + metadata: + labels: + {{- include "metadata.labels" . | nindent 6 }} + spec: + {{- include "helper.workload.securityContext" . | nindent 4 -}} + {{- include "helper.deployment.volumes" . | nindent 4 }} + {{- include "helper.deployment.containers" . | nindent 4 }} + {{- include "helper.deployment.initContainers" . | nindent 4 }} +{{- end -}} {{- /* /(define) */ -}} \ No newline at end of file diff --git a/charts/workload/templates/deployment/_volumes.tpl b/charts/workload/templates/deployment/_volumes.tpl new file mode 100644 index 0000000..bf8dd83 --- /dev/null +++ b/charts/workload/templates/deployment/_volumes.tpl @@ -0,0 +1,32 @@ +{{- define "helper.deployment.volumes" -}} {{- /* (define) */ -}} +{{- if or ( or .Values.storage .Values.extraVolumes) .Values.files }} {{- /* (1)*/}} +volumes: +{{- /* If storage is defined, mount the pvc */ -}} + {{- if .Values.storage }} {{- /* (2) */}} + {{- range $k, $v := .Values.storage }} {{- /* (3) */}} + - name: {{ $k }}-storage + persistentVolumeClaim: + claimName: " {{- printf "%s-%s" (include "chart.fullname" $) $k }}" + {{- end }} {{- /* /(3) */}} + {{- end }} {{- /* /(2) */}} + {{- if .Values.extraVolumes}} {{- /* (2) */}} + {{- range $k, $v := .Values.extraVolumes}} {{- /* (3) */}} + - name: {{ $k }}-extra + {{- $v | toYaml | nindent 4 }} + {{- end }} {{- /* /(3) */}} + {{- end }} {{- /* /(2) */}} + {{- if .Values.files }} {{- /* (2) */}} + {{- range $k, $v := .Values.files }} {{- /* (3) */}} + - name: {{ $k }}-file + {{- if $v.sensitive }} {{- /* (4) */}} + secret: + defaultMode: 420 + secretName: "{{ printf "%s-%s" (include "chart.fullname" $) $k }}" + {{- else }} + configMap: + name: "{{- printf "%s-%s" (include "chart.fullname" $) $k }}" + {{- end }} {{- /* /(4) */}} + {{- end }} {{- /* /(3) */}} + {{- end }} {{- /* /(2) */}} +{{- end -}} {{- /* /(1)*/ -}} +{{- end -}} {{- /* /(define) */ -}} \ No newline at end of file diff --git a/charts/workload-testing/templates/metadata/_base.tpl b/charts/workload/templates/metadata/_base.tpl similarity index 91% rename from charts/workload-testing/templates/metadata/_base.tpl rename to charts/workload/templates/metadata/_base.tpl index 769852c..f42efdb 100644 --- a/charts/workload-testing/templates/metadata/_base.tpl +++ b/charts/workload/templates/metadata/_base.tpl @@ -1,6 +1,6 @@ {{- define "lib.metadata" }} metadata: - {{- if .customName }} + {{- if .customName }} name: {{ .customName }} {{- else }} name: {{ include "chart.fullname" .Context }} diff --git a/charts/workload-testing/templates/metadata/_labels.tpl b/charts/workload/templates/metadata/_labels.tpl similarity index 100% rename from charts/workload-testing/templates/metadata/_labels.tpl rename to charts/workload/templates/metadata/_labels.tpl diff --git a/charts/workload/templates/notes/_notes.tpl b/charts/workload/templates/notes/_notes.tpl new file mode 100644 index 0000000..1db6416 --- /dev/null +++ b/charts/workload/templates/notes/_notes.tpl @@ -0,0 +1,8 @@ +{{- define "lib.notes" -}} +*** Release metadata *** +Chart: {{ .Chart.Name }} +Chart version: {{ .Chart.Version }} +App version: {{ .Chart.Version }} +Image: {{ index $.Chart.Annotations "helm.badhouseplants.net/registry" }} +Release name: {{ .Release.Name }} +{{- end }} diff --git a/charts/workload-testing/templates/pvc/_pvc.tpl b/charts/workload/templates/pvc/_pvc.tpl similarity index 92% rename from charts/workload-testing/templates/pvc/_pvc.tpl rename to charts/workload/templates/pvc/_pvc.tpl index 4109d04..e387e52 100644 --- a/charts/workload-testing/templates/pvc/_pvc.tpl +++ b/charts/workload/templates/pvc/_pvc.tpl @@ -18,6 +18,8 @@ spec: resources: requests: storage: {{ $v.size }} +{{- if ne $v.storageClassName "default" }} storageClassName: {{ $v.storageClassName }} {{- end }} +{{- end }} {{- end -}} diff --git a/charts/workload-testing/templates/rbac/_rbac.yaml b/charts/workload/templates/rbac/_rbac.yaml similarity index 100% rename from charts/workload-testing/templates/rbac/_rbac.yaml rename to charts/workload/templates/rbac/_rbac.yaml diff --git a/charts/workload-testing/templates/service/_service.tpl b/charts/workload/templates/service/_service.tpl similarity index 100% rename from charts/workload-testing/templates/service/_service.tpl rename to charts/workload/templates/service/_service.tpl diff --git a/charts/testing/templates/service/_service.tpl b/charts/workload/templates/service/_services.tpl similarity index 51% rename from charts/testing/templates/service/_service.tpl rename to charts/workload/templates/service/_services.tpl index 765524f..49a9714 100644 --- a/charts/testing/templates/service/_service.tpl +++ b/charts/workload/templates/service/_services.tpl @@ -1,25 +1,31 @@ -{{- define "lib.service" }} +{{- define "lib.services" }} +{{- range $k, $v := .Values.services }} +{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }} + --- # --------------------------------------------------------------------- -# This service is created as a part of badhouseplants helm library +# This service is created as a part of softplayer helm library # please see /lib/tempaltes/service/_service.tpl # --------------------------------------------------------------------- apiVersion: v1 kind: Service -{{- include "lib.metadata" (dict "Context" . "customName" "")}} +{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}} spec: - {{- if (.Values.service).type }} - type: {{ .Values.service.type }} + {{- if ($v).type }} + type: {{ $v.type }} {{- else }} type: ClusterIP {{- end }} selector: -{{ include "metadata.selectorLabels" . | indent 4}} +{{ include "metadata.selectorLabels" $ | indent 4}} ports: -{{- range $k,$v := .Values.service.ports }} +{{- range $k,$v := $v.ports }} - name: {{ $k }} port: {{ $v.port }} targetPort: {{ $v.targetPort}} protocol: {{ $v.protocol}} {{- end }} {{- end }} + +{{- end -}} + diff --git a/charts/workload/templates/workload/_image.tpl b/charts/workload/templates/workload/_image.tpl new file mode 100644 index 0000000..a4d84e9 --- /dev/null +++ b/charts/workload/templates/workload/_image.tpl @@ -0,0 +1,33 @@ +# --------------------------------------------------------------------- +# Main workload helpers +# --------------------------------------------------------------------- +{{/* + Prepare a tag for the container image + Example: + {{ include "helper.workload.tag" (dict "AppVersion" $.Chart.AppVersion "Tag" .Image.tag) }} +*/}} +{{- define "helper.workload.tag" -}} {{/* (define) */}} +{{- if or .Tag .AppVersion -}} {{/* (1) */}} + {{- if .Tag -}} {{/* (2) */}} + {{- .Tag -}} + {{- else -}} + {{- .AppVersion -}} + {{- end -}} {{/* /(2) */}} +{{- else -}} + {{ fail ".Tag or .AppVersion must be passed to this helper (helper.workload.tag)"}} +{{- end -}} {{/* /(1) */}} +{{- end -}} {{/* /(define) */}} + +{{/* + Prepare the image name for the container + Example: + {{ include "helper.workload.image" (dict "Chart" $.Chart "Image" .image) }} +*/}} +{{- define "helper.workload.image" -}} {{/* (define) */}} +{{- if and .Chart .Image -}} {{/* (1) */}} +image: {{ printf "%s/%s:%s" .Image.registry .Image.repository (include "helper.workload.tag" (dict "AppVersion" $.Chart.AppVersion "Tag" .Image.tag)) }} +imagePullPolicy: {{ .Image.pullPolicy | default "Always" }} +{{- else -}} + {{ fail ".Chart and .Image must be passed to this helper (helper.workload.image)"}} +{{- end -}} {{/* /(1) */}} +{{- end -}} {{/* /(define) */}} diff --git a/charts/workload/templates/workload/_security.tpl b/charts/workload/templates/workload/_security.tpl new file mode 100644 index 0000000..606e441 --- /dev/null +++ b/charts/workload/templates/workload/_security.tpl @@ -0,0 +1,36 @@ +{{/* Build a pod security context */}} +{{- define "helper.workload.securityContext" -}} {{- /* (define) */ -}} +{{- if not .Values.workload.securityContext -}} {{- /* (1) */ -}} +# --------------------------------------------------------------------- +# Using the default security context, if it doesn't work for you, +# please update `.Values.workload.securityContext` +# --------------------------------------------------------------------- +securityContext: + runAsUser: 1000 + runAsGroup: 3000 + fsGroup: 2000 + seccompProfile: + type: RuntimeDefault +{{- else -}} + {{- with .Values.workload.securityContext -}} {{- /* (2) */ -}} +securityContext: +{{ toYaml . | indent 2 }} + {{- end }} {{- /* /(2) */}} +{{- end -}} {{- /* /(1) */ -}} +{{- end -}} {{- /* /(define) */ -}} + +{{/* Build a container security context */}} +{{- define "helper.workload.containerSecurityContext" -}} {{- /* (define) */ -}} +securityContext: +{{- if not .securityContext }} {{- /* (1) */}} + runAsUser: 2000 + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL +{{- else }} +{{- with .securityContext }} {{- /* (2) */}} +{{ toYaml . | indent 2 }} +{{- end }} {{- /* /(2) */}} +{{- end -}} {{- /* /(1) */ -}} +{{- end -}} {{- /* /(define) */ -}}