A lot of work on the workload library

README.md

@@ -1,3 +1,6 @@
-# helm-library
+# Softplayer helm library
 
-A helm library for the chart maintained by Bad Houseplants
+## About
+...
+## How to use?
+...

charts/crds/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-name: softplayer-lib-testing
+name: softplayer-lib-crd
 description: A library to be reused accross softplayer charts
 type: library
 version: 0.1.0

charts/crds/templates/_crds.yaml

@@ -0,0 +1,16 @@
+{{- define "lib.crds" -}}
+{{- range $crd := .Values.crds }}
+{{ $manifest := $.Files.Get (printf "files/%s.yaml" $crd.file) | fromYaml }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+{{- include "lib.metadata" (dict "Context" $ "customName" $manifest.metadata.name )}}
+spec:
+  group: {{ $manifest.spec.group }}
+  names: 
+{{ $manifest.spec.names | toYaml | indent 4 }}
+  scope: {{ $manifest.spec.scope }}
+  versions: 
+{{ $manifest.spec.versions | toYaml | indent 4 }}
+{{- end }}
+{{- end }}

charts/crds/templates/_helpers.tpl

@@ -49,15 +49,3 @@ Selector labels
 app.kubernetes.io/name: {{ include "chart.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "chart.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "chart.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
-

charts/testing/templates/configs/_env.tpl

@@ -1,20 +0,0 @@
-{{- define "lib.env" -}}
-{{- range $k, $v := .Values.env }}
-{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }}
----
-apiVersion: v1
-{{- if not $v.sensitive }}
-kind: ConfigMap
-{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
-data:
-{{- else }}
-kind: Secret
-{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
-stringData:
-{{- end }}
-{{- with $v.data }}
-{{ toYaml . | indent 2}}
-{{- end }}
-{{- end }}
-{{- end -}}
-

charts/testing/templates/deployment/_deployment.tpl

@@ -1,11 +0,0 @@
-{{- define "lib.deployment" -}}
-# ---------------------------------------------------------------------
-# The deployment is build withing the helm library
-# please check the lib/tempaltes/deployment/base
-# ---------------------------------------------------------------------
-apiVersion: apps/v1
-kind: Deployment
-{{- include "lib.metadata" (dict "Context" . "customName" "")}}
-{{- include "deployment.spec" . }}
-{{- end -}}
-

charts/testing/templates/deployment/_spec.tpl

@@ -1,61 +0,0 @@
-{{/*
-  This is a builder for deployments
-*/}}
-{{- define "deployment.spec" }}
-spec: 
-  replicas: {{ .Values.workload.replicas }}
-  selector:
-    matchLabels:
-{{ include "metadata.selectorLabels" . | indent 6 }}
-  template:
-    metadata:
-      labels:
-{{ include "metadata.labels" . | indent 8 }}
-    spec:
-{{ include "lib.securityContext" . | indent 6 }}
-      {{- if or .Values.storage .Values.extraVolumes }}
-      volumes:
-      {{- if .Values.storage }}
-      {{- range $k, $v := .Values.storage }}
-        - name: {{ $k }}
-          persistentVolumeClaim:
-            claimName: {{ include "chart.fullname" $ }}-data
-      {{- end }}
-      {{- end }}
-      {{- end }}
-      containers:
-{{- range $k,$v := .Values.workload.containers }}
-      - name: {{ $k }}
-{{ include "lib.containerSecurityContext" . | indent 8 }}
-        image: {{ index $.Chart.Annotations "helm.badhouseplants.net/registry" }}:{{ $.Chart.AppVersion }}
-{{- with $v.ports }}
-        ports:
-{{- range $p := $v.ports}}
-          - containerPort: {{ index (index $.Values.service.ports $p) "targetPort" }}
-
-{{- if $v.envFrom }}
-        envFrom:
-{{- range $k := $v.envFrom }}
-{{- if kindIs "string" $k }}
-{{- if (index $.Values.env $k) }}
-{{- if (index $.Values.env $k).sensitive }}
-          - secretRef:
-{{- else }}
-          - configMapRef:
-{{- end }}
-              name: {{ printf "%s-%s" (include "chart.fullname" $) $k }}
-{{- end }}
-{{- else }}
-{{- range $k, $v := $k }}
-          - {{ $k }}:
-{{ toYaml $v | indent 14 }}
-{{- end }}
-{{- end -}}
-
-
-{{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
-{{- end }}

charts/testing/templates/notes/_notes.tpl

@@ -1,3 +0,0 @@
-{{- define "lib.notes" -}}
-{{ include "helpers.allowed_workloads" . }}
-{{- end }}

charts/testing/templates/pvc/_pvc.tpl

@@ -1,18 +0,0 @@
-{{- define "lib.pvc" -}}
-{{- range $k, $v := .Values.storage }}
-{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }}
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
-spec:
-{{- with $v.accessModes }}
-  accessModes:
-{{ toYaml . | indent 4}}
-{{- end }}
-  resources:
-    requests:
-      storage: {{ $v.size }}
-  storageClassName: {{ $v.storageClassName }}
-{{- end }}
-{{- end -}}

charts/testing/templates/workload/_security.tpl

@@ -1,29 +0,0 @@
-{{- define "lib.securityContext" -}}
-{{- if not .Values.workload.securityContext -}}
-# ---------------------------------------------------------------------
-# Using the default security context, if it doesn't work for you,
-# please update `.Values.workload.securityContext`
-# ---------------------------------------------------------------------
-securityContext:
-  runAsUser: 1000
-  runAsGroup: 3000
-  fsGroup: 2000
-{{- else -}}
-{{- with .Values.workload.securityContext -}}
-securityContext:
-{{ toYaml . | indent 2 }}
-{{- end }}
-{{- end -}}
-{{- end -}}
-
-{{- define "lib.containerSecurityContext" -}}
-securityContext:
-{{- if  not .securityContext }}
-  runAsUser: 2000
-  allowPrivilegeEscalation: false
-{{- else }}
-{{- with .securityContext }}
-{{ toYaml . | indent 2 }}
-{{- end }}
-{{- end -}}
-{{- end -}}

charts/workload-testing/templates/_workloads.yaml

@@ -1,12 +0,0 @@
-{{- define "helpers.allowed_workloads" -}}
-{{ index .Chart.Annotations "helm.badhouseplants.net/allowed_workload_kinds" }}
-{{- end -}}
-
-{{- define "lib.workload" -}}
----
-{{ if eq .Values.workload.kind "Deployment" -}}
-{{- if contains .Values.workload.kind (include "helpers.allowed_workloads" .) }}
-{{- include "lib.deployment" . }}
-{{- end }}
-{{- end }}
-{{- end }}

charts/workload-testing/templates/deployment/_spec.tpl

@@ -1,97 +0,0 @@
-{{/*
-  This is a builder for deployments
-*/}}
-{{- define "deployment.spec" }}
-spec: 
-  replicas: {{ .Values.workload.replicas }}
-  selector:
-    matchLabels:
-{{ include "metadata.selectorLabels" . | indent 6 }}
-  template:
-    metadata:
-      labels:
-{{ include "metadata.labels" . | indent 8 }}
-    spec:
-{{/* Prepare the securityContext for the pod */}}
-{{- include "lib.securityContext" . | indent 6 -}}
-{{/* Add all the volues to pod */}}
-      {{- if or ( or .Values.storage .Values.extraVolumes) .Values.files }}
-      volumes:
-      {{- if .Values.storage }}
-      {{- range $k, $v := .Values.storage }}
-        - name: {{ $k }}-storage
-          persistentVolumeClaim:
-            claimName: " {{- printf "%s-%s" (include "chart.fullname" $) $k }}"
-      {{- end }}
-      {{- end  }}
-      {{- if .Values.files }}-file
-      {{- range $k, $v := .Values.files }}
-        - name: {{ $k }}
-          {{- if $v.sensitive }}
-          secret:
-            defaultMode: 420
-            secretName: " {{- printf "%s-%s" (include "chart.fullname" $) $k }}"
-          {{- else }}
-          configMap:
-            name: "{{- printf "%s-%s" (include "chart.fullname" $) $k }}"
-          {{- end }}
-      {{- end }}
-      {{- end }}
-      {{- end -}}
-{{/* Define containers */}}
-      containers:
-{{- range $k,$v := .Values.workload.containers }}
-      - name: {{ $k }}
-{{/* Prepare the securityContext for the container */}}
-{{- include "lib.containerSecurityContext" . | indent 8 -}}
-{{/* Image fron chart's annotations */}}
-        image: {{ index $.Chart.Annotations "helm.badhouseplants.net/registry" }}:{{ $.Chart.AppVersion }}
-        {{- with $v.command }}
-        command: 
-{{. | toYaml | indent 10 }}
-        {{- end -}}
-        {{- with $v.args }}
-        args: 
-{{. | toYaml | indent 10 }}
-        {{- end -}}
-{{- if $v.mounts }}
-        mounts:
-{{- range $k ,$v := range $v.mounts }}
-{{- if $k == "storage" }}
-          name: {{ $k }}-storage
-{{- end }}
-{{- end }}
-    volumeMounts:
-{{/* Ports */}}
-{{- with $v.ports }}
-        ports:
-{{- range $p := $v.ports}}
-          - containerPort: {{ index (index $.Values.service.ports $p) "targetPort" }}
-{{/* If env should be set from a Configmap/Secret */}}
-{{- if $v.envFrom }}
-        envFrom:
-{{- range $k := $v.envFrom }}
-{{/* If envFrom entry is a string, then refer to the env created by the library */}}
-{{- if kindIs "string" $k }}
-{{- if (index $.Values.env $k) }}
-{{- if (index $.Values.env $k).sensitive }}
-          - secretRef:
-{{- else }}
-          - configMapRef:
-{{- end }}
-              name: {{ printf "%s-%s" (include "chart.fullname" $) $k }}
-{{- end }}
-{{/* Otherwise try to add references directly (if Secrets/ConfigMaps are not managed by the chart) */}}
-{{- else }}
-{{- range $k, $v := $k }}
-          - {{ $k }}:
-{{ toYaml $v | indent 14 }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
-{{- end }}

charts/workload-testing/templates/workload/_security.tpl

@@ -1,34 +0,0 @@
-{{- define "lib.securityContext" -}}
-{{- if not .Values.workload.securityContext -}}
-# ---------------------------------------------------------------------
-# Using the default security context, if it doesn't work for you,
-# please update `.Values.workload.securityContext`
-# ---------------------------------------------------------------------
-securityContext:
-  runAsUser: 1000
-  runAsGroup: 3000
-  fsGroup: 2000
-  seccompProfile:
-    type: RuntimeDefault
-{{- else -}}
-{{- with .Values.workload.securityContext -}}
-securityContext:
-{{ toYaml . | indent 2 }}
-{{- end }}
-{{- end -}}
-{{- end -}}
-
-{{- define "lib.containerSecurityContext" -}}
-securityContext:
-{{- if  not .securityContext }}
-  runAsUser: 2000
-  allowPrivilegeEscalation: false
-  capabilities:
-    drop:
-      - ALL
-{{- else }}
-{{- with .securityContext }}
-{{ toYaml . | indent 2 }}
-{{- end }}
-{{- end -}}
-{{- end -}}

charts/workload/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-name: softplayer-lib-workload-testing
+name: softplayer-lib-workload
 description: A library to be reused accross softplayer charts
 type: library
 version: 0.1.0

charts/workload/templates/_workloads.yaml

@@ -1,5 +1,5 @@
 {{- define "helpers.allowed_workloads" -}}
-{{ index .Chart.Annotations "helm.badhouseplants.net/allowed_workload_kinds" }}
+{{ index .Chart.Annotations "allowed_workload_kinds" }}
 {{- end -}}
 
 {{- define "lib.workload" -}}
@@ -10,3 +10,4 @@
 {{- end }}
 {{- end }}
 {{- end }}
+

charts/workload/templates/addons/traefik/_ingress_route_tcp.tpl

@@ -0,0 +1,13 @@
+{{- define "lib.traefik.ingress_route_tcp" -}}
+{{- range $k, $v := .Values.traefik.tcpRoutes }}
+{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }}
+---
+{{- if .Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }}
+apiVersion: traefik.io/v1alpha1
+kind: IngressRouteTCP
+{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
+spec:
+{{ tpl ($v | toYaml | indent 2 | toString) $  }}
+{{- end }}
+{{- end }}
+{{- end -}}

charts/workload/templates/addons/traefik/_ingress_route_udp.tpl

@@ -0,0 +1,13 @@
+{{- define "lib.traefik.ingress_route_udp" -}}
+{{- range $k, $v := .Values.traefik.udpRoutes }}
+{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }}
+---
+{{- if .Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteUDP" }}
+apiVersion: traefik.io/v1alpha1
+kind: IngressRouteUDP
+{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
+spec:
+{{ tpl ($v | toYaml | indent 2 | toString) $  }}
+{{- end }}
+{{- end }}
+{{- end -}}

charts/workload/templates/deployment/_containers.tpl

@@ -0,0 +1,117 @@
+{{- define "helper.deployment.containers" -}} {{- /* (define) */ -}}
+{{- if not .Values.workload.containers -}} {{- /* (1) */ -}}
+{{ fail ".Values.workload.containers can not be empty (heler.deployment.containers)" }}
+{{- end -}} {{- /* /(1) */ -}}
+containers:
+{{- range $k,$v := .Values.workload.containers }} {{- /* (1) */}}
+  - name: {{ $k }}
+    {{- include "helper.workload.containerSecurityContext" . | nindent 4 -}}
+    {{- include "helper.workload.image" (dict "Chart" $.Chart "Image" .image) | indent 4 -}}
+    {{- include "helper.container.command" $v | nindent 4 -}}
+    {{- include "helper.container.args" $v | nindent 4 -}}
+    {{- include "helper.container.ports" (dict "Context" $ "Container" $v) | nindent 4 -}}
+    {{- include "helper.container.volumeMounts" $v | nindent 4 -}}
+    {{- include "helper.container.envFrom" (dict "Context" $ "Container" $v) | nindent 4 -}}
+{{- end }} {{- /* /(1) */}}
+{{- end -}} {{- /* /(define) */ -}}
+
+{{- define "helper.deployment.initContainers" -}} {{- /* (define) */ -}}
+{{- if .Values.workload.initContainers -}} {{- /* (1) */ -}}
+initContainers:
+{{- range $k,$v := .Values.workload.initContainers }} {{- /* (2) */}}
+  - name: {{ $k }}
+    {{- include "helper.workload.containerSecurityContext" . | nindent 4 -}}
+    {{- include "helper.workload.image" (dict "Chart" $.Chart "Image" .image) | indent 4 -}}
+    {{- include "helper.container.command" $v | nindent 4 -}}
+    {{- include "helper.container.args" $v | nindent 4 -}}
+    {{- include "helper.container.ports" (dict "Context" $ "Container" $v) | nindent 4 -}}
+    {{- include "helper.container.volumeMounts" $v | nindent 4 -}}
+    {{- include "helper.container.envFrom" (dict "Context" $ "Container" $v) | nindent 4 -}}
+{{- end }} {{- /* /(1) */}}
+{{- end -}} {{- /* /(2) */ -}}
+
+{{- end -}} {{- /* /(define) */ -}}
+
+{{- define "helper.deployment.container" -}} {{- /* (define) */ -}}
+{{- end -}} {{- /* /(define) */ -}}
+
+{{- define "helper.container.command" -}} {{- /* (define) */ -}}
+{{- with .command }} {{- /* (1) */ -}}
+command: 
+{{ . | toYaml | indent 2 }}
+{{- end -}} {{- /* /(1) */ -}}
+{{- end -}} {{- /* /(define) */ -}}
+
+{{- define "helper.container.args" -}} {{- /* (define) */ -}}
+{{- with .args }} {{- /* (1) */ -}}
+args: 
+{{ . | toYaml | indent 2 }}
+{{- end -}} {{- /* /(1) */ -}}
+{{- end -}} {{- /* /(define) */ -}}
+
+{{- define "helper.container.ports" -}} {{- /* (define) */ -}}
+{{- if .Container.ports -}} {{- /* (1) */ -}}
+ports:
+{{- range $p := .Container.ports -}} {{- /* (2) */ -}}
+{{- if kindIs "string" $p }} {{- /* (3) */}}
+  - containerPort: {{ index (index $.Context.Values.service.ports $p) "targetPort" }}
+    protocol: {{ index (index $.Context.Values.service.ports $p) "protocol" }}
+{{- else }}
+{{ print "-" | indent 2 | -}}
+{{ $p | toYaml | nindent 4 -}}
+{{- end -}} {{- /* /(3) */ -}}
+{{- end -}} {{- /* /(2) */ -}}
+{{- end -}} {{- /* /(1) */ -}}
+{{- end -}} {{- /* /(define) */ -}}
+
+{{- define "helper.container.volumeMounts" -}} {{- /* (define) */ -}}
+{{- if .mounts -}} {{- /* (1) */ -}}
+volumeMounts:
+{{- range $mountKind, $mountData := .mounts }} {{- /* (2) */}}
+{{- if eq $mountKind "storage" }} {{- /* (3) */}}
+{{- range $mountName, $mountEntry := $mountData }} {{- /* (4) */}}
+  - name: {{ printf "%s-storage" $mountName }}
+    mountPath: {{ $mountEntry.path }} 
+{{- end }} {{- /* /(4) */}}
+{{- end }} {{- /* /(3) */}}
+{{- if eq $mountKind "files" }} {{- /* (3) */}}
+{{- range $mountName, $mountEntry := $mountData }} {{- /* (4) */}}
+  - name: {{ printf "%s-file" $mountName }}
+    mountPath: {{ $mountEntry.path }} 
+{{- end }} {{- /* /(4) */}}
+{{- end }} {{- /* /(3) */}}
+{{- if eq $mountKind "extraVolumes" }} {{- /* (3) */}}
+{{- range $mountName, $mountEntry := $mountData }} {{- /* (4) */}}
+  - name: {{ printf "%s-extra" $mountName }}
+    mountPath: {{ $mountEntry.path }} 
+{{- end }} {{- /* /(4) */}}
+{{- end }} {{- /* /(3) */}}
+{{- end }} {{- /* /(2) */}}
+{{- end }} {{- /* /(1) */}}
+{{- end -}} {{- /* /(define) */ -}}
+
+{{- define "helper.container.envFrom" -}} {{- /* (define) */ -}}
+{{/* If env should be set from a Configmap/Secret */}}
+{{- if .Container.envFrom }} {{- /* (1) */}}
+envFrom:
+{{- range $k := .Container.envFrom -}} {{- /* (2) */ -}}
+{{/* If envFrom entry is a string, then refer to the env created by the library */}}
+{{- if kindIs "string" $k -}} {{- /* (3) */ -}}
+{{- if (index $.Context.Values.env $k) -}} {{- /* (4) */ -}}
+{{- if (index $.Context.Values.env $k).sensitive }} {{- /* (5) */}}
+  - secretRef:
+{{- else }}
+  - configMapRef:
+{{- end }} {{- /* /(5) */}}
+    name: {{- printf " %s-%s" (include "chart.fullname" $.Context) $k -}}
+{{- end -}} {{- /* /(4) */}}
+{{- /* Otherwise try to add references directly (if Secrets/ConfigMaps are not managed by the chart) */ -}}
+{{- else -}}
+{{- range $k, $v := $k }} {{- /* (5) */}}
+  - {{ $k }}:
+{{ toYaml $v | indent 14 }}
+{{- end -}} {{- /* /(4) */ -}}
+{{- end -}} {{- /* /(3) */ -}}
+{{- end -}} {{- /* /(2) */ -}}
+{{- end -}} {{- /* /(1) */ -}}
+{{- end -}} {{- /* /(define) */ -}}

charts/workload/templates/deployment/_spec.tpl

@@ -0,0 +1,29 @@
+{{/*
+  This is a builder for deployments
+*/}}
+
+{{- define "deployment.spec" }} {{- /* (define) */}}
+# ---------------------------------------------------------------------
+# The spec is build within the helm library
+# please check the lib/templates/deployment/spec
+# ---------------------------------------------------------------------
+spec: 
+  replicas: {{ .Values.workload.replicas | default 1}}
+  selector:
+    matchLabels:
+{{ include "metadata.selectorLabels" . | indent 6 }}
+{{ include "lib.deployment.template" . | indent 2 }}
+
+{{- end -}}
+
+{{- define "lib.deployment.template" -}} {{- /* (define) */ -}}
+template:
+  metadata:
+    labels:
+      {{- include "metadata.labels" . | nindent 6 }}
+  spec:
+    {{- include "helper.workload.securityContext" . | nindent 4 -}}
+    {{- include "helper.deployment.volumes" . | nindent 4 }}
+    {{- include "helper.deployment.containers" . | nindent 4 }}
+    {{- include "helper.deployment.initContainers" . | nindent 4 }}
+{{- end -}} {{- /* /(define) */ -}}

charts/workload/templates/deployment/_volumes.tpl

@@ -0,0 +1,32 @@
+{{- define "helper.deployment.volumes" -}} {{- /* (define) */ -}}
+{{- if or ( or .Values.storage .Values.extraVolumes) .Values.files }} {{- /* (1)*/}}
+volumes:
+{{- /* If storage is defined, mount the pvc */ -}}
+  {{- if .Values.storage }} {{- /* (2) */}}
+    {{- range $k, $v := .Values.storage }} {{- /* (3) */}}
+  - name: {{ $k }}-storage
+    persistentVolumeClaim:
+      claimName: " {{- printf "%s-%s" (include "chart.fullname" $) $k }}"
+    {{- end }} {{- /* /(3) */}}
+  {{- end  }} {{- /* /(2) */}}
+  {{- if .Values.extraVolumes}} {{- /* (2) */}}
+    {{- range $k, $v := .Values.extraVolumes}} {{- /* (3) */}}
+  - name: {{ $k }}-extra
+    {{- $v | toYaml | nindent 4 }}
+    {{- end }} {{- /* /(3) */}}
+  {{- end }} {{- /* /(2) */}}
+  {{- if .Values.files }} {{- /* (2) */}}
+    {{- range $k, $v := .Values.files }} {{- /* (3) */}}
+  - name: {{ $k }}-file
+      {{- if $v.sensitive }} {{- /* (4) */}}
+    secret:
+      defaultMode: 420
+      secretName: "{{ printf "%s-%s" (include "chart.fullname" $) $k }}"
+      {{- else }}
+    configMap:
+      name: "{{- printf "%s-%s" (include "chart.fullname" $) $k }}"
+      {{- end }} {{- /* /(4) */}}
+    {{- end }} {{- /* /(3) */}}
+  {{- end }} {{- /* /(2) */}}
+{{- end -}} {{- /* /(1)*/ -}}
+{{- end -}} {{- /* /(define) */ -}}

charts/workload/templates/metadata/_base.tpl

@@ -1,6 +1,6 @@
 {{- define "lib.metadata" }}
 metadata:
-  {{- if  .customName }}
+  {{- if .customName }}
   name: {{ .customName }}
   {{- else }}
   name: {{ include "chart.fullname" .Context }}

charts/workload/templates/notes/_notes.tpl

@@ -0,0 +1,8 @@
+{{- define "lib.notes" -}}
+*** Release metadata ***
+Chart: {{ .Chart.Name }}
+Chart version: {{ .Chart.Version }}
+App version: {{ .Chart.Version }}
+Image: {{ index $.Chart.Annotations "helm.badhouseplants.net/registry" }}
+Release name: {{ .Release.Name }}
+{{- end }}

charts/workload/templates/pvc/_pvc.tpl

@@ -18,6 +18,8 @@ spec:
   resources:
     requests:
       storage: {{ $v.size }}
+{{- if ne $v.storageClassName "default" }}
   storageClassName: {{ $v.storageClassName }}
 {{- end }}
+{{- end }}
 {{- end -}}

charts/workload/templates/service/_services.tpl

@@ -1,25 +1,31 @@
-{{- define "lib.service" }}
+{{- define "lib.services" }}
+{{- range $k, $v := .Values.services }}
+{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }}
+
 ---
 # ---------------------------------------------------------------------
-# This service is created as a part of badhouseplants helm library
+# This service is created as a part of softplayer helm library
 # please see /lib/tempaltes/service/_service.tpl
 # ---------------------------------------------------------------------
 apiVersion: v1
 kind: Service
-{{- include "lib.metadata" (dict "Context" . "customName" "")}}
+{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
 spec:
-  {{- if (.Values.service).type }}
+  {{- if ($v).type }}
-  type: {{ .Values.service.type }}
+  type: {{ $v.type }}
   {{- else }}
   type: ClusterIP
   {{- end }}
   selector:
-{{ include "metadata.selectorLabels" .  | indent 4}}
+{{ include "metadata.selectorLabels" $  | indent 4}}
   ports:
-{{- range $k,$v := .Values.service.ports }}
+{{- range $k,$v := $v.ports }}
     - name: {{ $k }}
       port: {{ $v.port }}
       targetPort: {{ $v.targetPort}}
       protocol: {{ $v.protocol}}
 {{- end }}
 {{- end }}
+
+{{- end -}}
+

charts/workload/templates/workload/_image.tpl

@@ -0,0 +1,33 @@
+# ---------------------------------------------------------------------
+# Main workload helpers
+# ---------------------------------------------------------------------
+{{/*
+  Prepare a tag for the container image 
+  Example: 
+  {{ include "helper.workload.tag" (dict "AppVersion" $.Chart.AppVersion "Tag" .Image.tag) }}
+*/}}
+{{- define "helper.workload.tag" -}} {{/* (define) */}}
+{{- if or .Tag .AppVersion -}} {{/* (1) */}}
+  {{- if .Tag -}} {{/* (2) */}}
+    {{- .Tag -}} 
+  {{- else -}}
+    {{- .AppVersion  -}}
+  {{- end -}} {{/* /(2) */}}
+{{- else -}}
+  {{ fail ".Tag or .AppVersion must be passed to this helper (helper.workload.tag)"}}
+{{- end -}} {{/* /(1) */}}
+{{- end -}} {{/* /(define) */}}
+
+{{/*
+  Prepare the image name for the container
+  Example: 
+  {{ include "helper.workload.image" (dict "Chart" $.Chart "Image" .image) }}
+*/}}
+{{- define "helper.workload.image" -}} {{/* (define) */}}
+{{- if and .Chart .Image -}} {{/* (1) */}}
+image: {{ printf "%s/%s:%s" .Image.registry .Image.repository (include "helper.workload.tag" (dict "AppVersion" $.Chart.AppVersion "Tag" .Image.tag)) }}
+imagePullPolicy: {{ .Image.pullPolicy | default "Always" }}
+{{- else -}}
+  {{ fail ".Chart and .Image must be passed to this helper (helper.workload.image)"}}
+{{- end -}} {{/* /(1) */}}
+{{- end -}} {{/* /(define) */}}

charts/workload/templates/workload/_security.tpl

@@ -0,0 +1,36 @@
+{{/* Build a pod security context */}}
+{{- define "helper.workload.securityContext" -}} {{- /* (define) */ -}}
+{{- if not .Values.workload.securityContext -}} {{- /* (1) */ -}}
+# ---------------------------------------------------------------------
+# Using the default security context, if it doesn't work for you,
+# please update `.Values.workload.securityContext`
+# ---------------------------------------------------------------------
+securityContext:
+  runAsUser: 1000
+  runAsGroup: 3000
+  fsGroup: 2000
+  seccompProfile:
+    type: RuntimeDefault
+{{- else -}}
+  {{- with .Values.workload.securityContext -}} {{- /* (2) */ -}}
+securityContext:
+{{ toYaml . | indent 2 }}
+  {{- end }} {{- /* /(2) */}}
+{{- end -}} {{- /* /(1) */ -}}
+{{- end -}} {{- /* /(define) */ -}}
+
+{{/* Build a container security context */}}
+{{- define "helper.workload.containerSecurityContext" -}} {{- /* (define) */ -}}
+securityContext:
+{{- if  not .securityContext }} {{- /* (1) */}}
+  runAsUser: 2000
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+{{- else }}
+{{- with .securityContext }} {{- /* (2) */}}
+{{ toYaml . | indent 2 }}
+{{- end }} {{- /* /(2) */}}
+{{- end -}} {{- /* /(1) */ -}}
+{{- end -}} {{- /* /(define) */ -}}