A lot of work on the workload library
This commit is contained in:
parent
ac6751d3da
commit
19f22c18a1
@ -1,3 +1,6 @@
|
||||
# helm-library
|
||||
# Softplayer helm library
|
||||
|
||||
A helm library for the chart maintained by Bad Houseplants
|
||||
## About
|
||||
...
|
||||
## How to use?
|
||||
...
|
@ -1,5 +1,5 @@
|
||||
apiVersion: v2
|
||||
name: softplayer-lib-testing
|
||||
name: softplayer-lib-crd
|
||||
description: A library to be reused accross softplayer charts
|
||||
type: library
|
||||
version: 0.1.0
|
16
charts/crds/templates/_crds.yaml
Normal file
16
charts/crds/templates/_crds.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
{{- define "lib.crds" -}}
|
||||
{{- range $crd := .Values.crds }}
|
||||
{{ $manifest := $.Files.Get (printf "files/%s.yaml" $crd.file) | fromYaml }}
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
{{- include "lib.metadata" (dict "Context" $ "customName" $manifest.metadata.name )}}
|
||||
spec:
|
||||
group: {{ $manifest.spec.group }}
|
||||
names:
|
||||
{{ $manifest.spec.names | toYaml | indent 4 }}
|
||||
scope: {{ $manifest.spec.scope }}
|
||||
versions:
|
||||
{{ $manifest.spec.versions | toYaml | indent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -49,15 +49,3 @@ Selector labels
|
||||
app.kubernetes.io/name: {{ include "chart.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "chart.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "chart.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -1,20 +0,0 @@
|
||||
{{- define "lib.env" -}}
|
||||
{{- range $k, $v := .Values.env }}
|
||||
{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }}
|
||||
---
|
||||
apiVersion: v1
|
||||
{{- if not $v.sensitive }}
|
||||
kind: ConfigMap
|
||||
{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
|
||||
data:
|
||||
{{- else }}
|
||||
kind: Secret
|
||||
{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
|
||||
stringData:
|
||||
{{- end }}
|
||||
{{- with $v.data }}
|
||||
{{ toYaml . | indent 2}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
@ -1,11 +0,0 @@
|
||||
{{- define "lib.deployment" -}}
|
||||
# ---------------------------------------------------------------------
|
||||
# The deployment is build withing the helm library
|
||||
# please check the lib/tempaltes/deployment/base
|
||||
# ---------------------------------------------------------------------
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
{{- include "lib.metadata" (dict "Context" . "customName" "")}}
|
||||
{{- include "deployment.spec" . }}
|
||||
{{- end -}}
|
||||
|
@ -1,61 +0,0 @@
|
||||
{{/*
|
||||
This is a builder for deployments
|
||||
*/}}
|
||||
{{- define "deployment.spec" }}
|
||||
spec:
|
||||
replicas: {{ .Values.workload.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{ include "metadata.selectorLabels" . | indent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ include "metadata.labels" . | indent 8 }}
|
||||
spec:
|
||||
{{ include "lib.securityContext" . | indent 6 }}
|
||||
{{- if or .Values.storage .Values.extraVolumes }}
|
||||
volumes:
|
||||
{{- if .Values.storage }}
|
||||
{{- range $k, $v := .Values.storage }}
|
||||
- name: {{ $k }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ include "chart.fullname" $ }}-data
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
{{- range $k,$v := .Values.workload.containers }}
|
||||
- name: {{ $k }}
|
||||
{{ include "lib.containerSecurityContext" . | indent 8 }}
|
||||
image: {{ index $.Chart.Annotations "helm.badhouseplants.net/registry" }}:{{ $.Chart.AppVersion }}
|
||||
{{- with $v.ports }}
|
||||
ports:
|
||||
{{- range $p := $v.ports}}
|
||||
- containerPort: {{ index (index $.Values.service.ports $p) "targetPort" }}
|
||||
|
||||
{{- if $v.envFrom }}
|
||||
envFrom:
|
||||
{{- range $k := $v.envFrom }}
|
||||
{{- if kindIs "string" $k }}
|
||||
{{- if (index $.Values.env $k) }}
|
||||
{{- if (index $.Values.env $k).sensitive }}
|
||||
- secretRef:
|
||||
{{- else }}
|
||||
- configMapRef:
|
||||
{{- end }}
|
||||
name: {{ printf "%s-%s" (include "chart.fullname" $) $k }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
{{- range $k, $v := $k }}
|
||||
- {{ $k }}:
|
||||
{{ toYaml $v | indent 14 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -1,3 +0,0 @@
|
||||
{{- define "lib.notes" -}}
|
||||
{{ include "helpers.allowed_workloads" . }}
|
||||
{{- end }}
|
@ -1,18 +0,0 @@
|
||||
{{- define "lib.pvc" -}}
|
||||
{{- range $k, $v := .Values.storage }}
|
||||
{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
|
||||
spec:
|
||||
{{- with $v.accessModes }}
|
||||
accessModes:
|
||||
{{ toYaml . | indent 4}}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ $v.size }}
|
||||
storageClassName: {{ $v.storageClassName }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
@ -1,29 +0,0 @@
|
||||
{{- define "lib.securityContext" -}}
|
||||
{{- if not .Values.workload.securityContext -}}
|
||||
# ---------------------------------------------------------------------
|
||||
# Using the default security context, if it doesn't work for you,
|
||||
# please update `.Values.workload.securityContext`
|
||||
# ---------------------------------------------------------------------
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 3000
|
||||
fsGroup: 2000
|
||||
{{- else -}}
|
||||
{{- with .Values.workload.securityContext -}}
|
||||
securityContext:
|
||||
{{ toYaml . | indent 2 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "lib.containerSecurityContext" -}}
|
||||
securityContext:
|
||||
{{- if not .securityContext }}
|
||||
runAsUser: 2000
|
||||
allowPrivilegeEscalation: false
|
||||
{{- else }}
|
||||
{{- with .securityContext }}
|
||||
{{ toYaml . | indent 2 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -1,12 +0,0 @@
|
||||
{{- define "helpers.allowed_workloads" -}}
|
||||
{{ index .Chart.Annotations "helm.badhouseplants.net/allowed_workload_kinds" }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "lib.workload" -}}
|
||||
---
|
||||
{{ if eq .Values.workload.kind "Deployment" -}}
|
||||
{{- if contains .Values.workload.kind (include "helpers.allowed_workloads" .) }}
|
||||
{{- include "lib.deployment" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -1,97 +0,0 @@
|
||||
{{/*
|
||||
This is a builder for deployments
|
||||
*/}}
|
||||
{{- define "deployment.spec" }}
|
||||
spec:
|
||||
replicas: {{ .Values.workload.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{ include "metadata.selectorLabels" . | indent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ include "metadata.labels" . | indent 8 }}
|
||||
spec:
|
||||
{{/* Prepare the securityContext for the pod */}}
|
||||
{{- include "lib.securityContext" . | indent 6 -}}
|
||||
{{/* Add all the volues to pod */}}
|
||||
{{- if or ( or .Values.storage .Values.extraVolumes) .Values.files }}
|
||||
volumes:
|
||||
{{- if .Values.storage }}
|
||||
{{- range $k, $v := .Values.storage }}
|
||||
- name: {{ $k }}-storage
|
||||
persistentVolumeClaim:
|
||||
claimName: " {{- printf "%s-%s" (include "chart.fullname" $) $k }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.files }}-file
|
||||
{{- range $k, $v := .Values.files }}
|
||||
- name: {{ $k }}
|
||||
{{- if $v.sensitive }}
|
||||
secret:
|
||||
defaultMode: 420
|
||||
secretName: " {{- printf "%s-%s" (include "chart.fullname" $) $k }}"
|
||||
{{- else }}
|
||||
configMap:
|
||||
name: "{{- printf "%s-%s" (include "chart.fullname" $) $k }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{/* Define containers */}}
|
||||
containers:
|
||||
{{- range $k,$v := .Values.workload.containers }}
|
||||
- name: {{ $k }}
|
||||
{{/* Prepare the securityContext for the container */}}
|
||||
{{- include "lib.containerSecurityContext" . | indent 8 -}}
|
||||
{{/* Image fron chart's annotations */}}
|
||||
image: {{ index $.Chart.Annotations "helm.badhouseplants.net/registry" }}:{{ $.Chart.AppVersion }}
|
||||
{{- with $v.command }}
|
||||
command:
|
||||
{{. | toYaml | indent 10 }}
|
||||
{{- end -}}
|
||||
{{- with $v.args }}
|
||||
args:
|
||||
{{. | toYaml | indent 10 }}
|
||||
{{- end -}}
|
||||
{{- if $v.mounts }}
|
||||
mounts:
|
||||
{{- range $k ,$v := range $v.mounts }}
|
||||
{{- if $k == "storage" }}
|
||||
name: {{ $k }}-storage
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
{{/* Ports */}}
|
||||
{{- with $v.ports }}
|
||||
ports:
|
||||
{{- range $p := $v.ports}}
|
||||
- containerPort: {{ index (index $.Values.service.ports $p) "targetPort" }}
|
||||
{{/* If env should be set from a Configmap/Secret */}}
|
||||
{{- if $v.envFrom }}
|
||||
envFrom:
|
||||
{{- range $k := $v.envFrom }}
|
||||
{{/* If envFrom entry is a string, then refer to the env created by the library */}}
|
||||
{{- if kindIs "string" $k }}
|
||||
{{- if (index $.Values.env $k) }}
|
||||
{{- if (index $.Values.env $k).sensitive }}
|
||||
- secretRef:
|
||||
{{- else }}
|
||||
- configMapRef:
|
||||
{{- end }}
|
||||
name: {{ printf "%s-%s" (include "chart.fullname" $) $k }}
|
||||
{{- end }}
|
||||
{{/* Otherwise try to add references directly (if Secrets/ConfigMaps are not managed by the chart) */}}
|
||||
{{- else }}
|
||||
{{- range $k, $v := $k }}
|
||||
- {{ $k }}:
|
||||
{{ toYaml $v | indent 14 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -1,34 +0,0 @@
|
||||
{{- define "lib.securityContext" -}}
|
||||
{{- if not .Values.workload.securityContext -}}
|
||||
# ---------------------------------------------------------------------
|
||||
# Using the default security context, if it doesn't work for you,
|
||||
# please update `.Values.workload.securityContext`
|
||||
# ---------------------------------------------------------------------
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 3000
|
||||
fsGroup: 2000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
{{- else -}}
|
||||
{{- with .Values.workload.securityContext -}}
|
||||
securityContext:
|
||||
{{ toYaml . | indent 2 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "lib.containerSecurityContext" -}}
|
||||
securityContext:
|
||||
{{- if not .securityContext }}
|
||||
runAsUser: 2000
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
{{- else }}
|
||||
{{- with .securityContext }}
|
||||
{{ toYaml . | indent 2 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -1,5 +1,5 @@
|
||||
apiVersion: v2
|
||||
name: softplayer-lib-workload-testing
|
||||
name: softplayer-lib-workload
|
||||
description: A library to be reused accross softplayer charts
|
||||
type: library
|
||||
version: 0.1.0
|
@ -1,5 +1,5 @@
|
||||
{{- define "helpers.allowed_workloads" -}}
|
||||
{{ index .Chart.Annotations "helm.badhouseplants.net/allowed_workload_kinds" }}
|
||||
{{ index .Chart.Annotations "allowed_workload_kinds" }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "lib.workload" -}}
|
||||
@ -10,3 +10,4 @@
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -0,0 +1,13 @@
|
||||
{{- define "lib.traefik.ingress_route_tcp" -}}
|
||||
{{- range $k, $v := .Values.traefik.tcpRoutes }}
|
||||
{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }}
|
||||
---
|
||||
{{- if .Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }}
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
|
||||
spec:
|
||||
{{ tpl ($v | toYaml | indent 2 | toString) $ }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
@ -0,0 +1,13 @@
|
||||
{{- define "lib.traefik.ingress_route_udp" -}}
|
||||
{{- range $k, $v := .Values.traefik.udpRoutes }}
|
||||
{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }}
|
||||
---
|
||||
{{- if .Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteUDP" }}
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteUDP
|
||||
{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
|
||||
spec:
|
||||
{{ tpl ($v | toYaml | indent 2 | toString) $ }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
117
charts/workload/templates/deployment/_containers.tpl
Normal file
117
charts/workload/templates/deployment/_containers.tpl
Normal file
@ -0,0 +1,117 @@
|
||||
{{- define "helper.deployment.containers" -}} {{- /* (define) */ -}}
|
||||
{{- if not .Values.workload.containers -}} {{- /* (1) */ -}}
|
||||
{{ fail ".Values.workload.containers can not be empty (heler.deployment.containers)" }}
|
||||
{{- end -}} {{- /* /(1) */ -}}
|
||||
containers:
|
||||
{{- range $k,$v := .Values.workload.containers }} {{- /* (1) */}}
|
||||
- name: {{ $k }}
|
||||
{{- include "helper.workload.containerSecurityContext" . | nindent 4 -}}
|
||||
{{- include "helper.workload.image" (dict "Chart" $.Chart "Image" .image) | indent 4 -}}
|
||||
{{- include "helper.container.command" $v | nindent 4 -}}
|
||||
{{- include "helper.container.args" $v | nindent 4 -}}
|
||||
{{- include "helper.container.ports" (dict "Context" $ "Container" $v) | nindent 4 -}}
|
||||
{{- include "helper.container.volumeMounts" $v | nindent 4 -}}
|
||||
{{- include "helper.container.envFrom" (dict "Context" $ "Container" $v) | nindent 4 -}}
|
||||
{{- end }} {{- /* /(1) */}}
|
||||
{{- end -}} {{- /* /(define) */ -}}
|
||||
|
||||
{{- define "helper.deployment.initContainers" -}} {{- /* (define) */ -}}
|
||||
{{- if .Values.workload.initContainers -}} {{- /* (1) */ -}}
|
||||
initContainers:
|
||||
{{- range $k,$v := .Values.workload.initContainers }} {{- /* (2) */}}
|
||||
- name: {{ $k }}
|
||||
{{- include "helper.workload.containerSecurityContext" . | nindent 4 -}}
|
||||
{{- include "helper.workload.image" (dict "Chart" $.Chart "Image" .image) | indent 4 -}}
|
||||
{{- include "helper.container.command" $v | nindent 4 -}}
|
||||
{{- include "helper.container.args" $v | nindent 4 -}}
|
||||
{{- include "helper.container.ports" (dict "Context" $ "Container" $v) | nindent 4 -}}
|
||||
{{- include "helper.container.volumeMounts" $v | nindent 4 -}}
|
||||
{{- include "helper.container.envFrom" (dict "Context" $ "Container" $v) | nindent 4 -}}
|
||||
{{- end }} {{- /* /(1) */}}
|
||||
{{- end -}} {{- /* /(2) */ -}}
|
||||
|
||||
{{- end -}} {{- /* /(define) */ -}}
|
||||
|
||||
{{- define "helper.deployment.container" -}} {{- /* (define) */ -}}
|
||||
{{- end -}} {{- /* /(define) */ -}}
|
||||
|
||||
{{- define "helper.container.command" -}} {{- /* (define) */ -}}
|
||||
{{- with .command }} {{- /* (1) */ -}}
|
||||
command:
|
||||
{{ . | toYaml | indent 2 }}
|
||||
{{- end -}} {{- /* /(1) */ -}}
|
||||
{{- end -}} {{- /* /(define) */ -}}
|
||||
|
||||
{{- define "helper.container.args" -}} {{- /* (define) */ -}}
|
||||
{{- with .args }} {{- /* (1) */ -}}
|
||||
args:
|
||||
{{ . | toYaml | indent 2 }}
|
||||
{{- end -}} {{- /* /(1) */ -}}
|
||||
{{- end -}} {{- /* /(define) */ -}}
|
||||
|
||||
{{- define "helper.container.ports" -}} {{- /* (define) */ -}}
|
||||
{{- if .Container.ports -}} {{- /* (1) */ -}}
|
||||
ports:
|
||||
{{- range $p := .Container.ports -}} {{- /* (2) */ -}}
|
||||
{{- if kindIs "string" $p }} {{- /* (3) */}}
|
||||
- containerPort: {{ index (index $.Context.Values.service.ports $p) "targetPort" }}
|
||||
protocol: {{ index (index $.Context.Values.service.ports $p) "protocol" }}
|
||||
{{- else }}
|
||||
{{ print "-" | indent 2 | -}}
|
||||
{{ $p | toYaml | nindent 4 -}}
|
||||
{{- end -}} {{- /* /(3) */ -}}
|
||||
{{- end -}} {{- /* /(2) */ -}}
|
||||
{{- end -}} {{- /* /(1) */ -}}
|
||||
{{- end -}} {{- /* /(define) */ -}}
|
||||
|
||||
{{- define "helper.container.volumeMounts" -}} {{- /* (define) */ -}}
|
||||
{{- if .mounts -}} {{- /* (1) */ -}}
|
||||
volumeMounts:
|
||||
{{- range $mountKind, $mountData := .mounts }} {{- /* (2) */}}
|
||||
{{- if eq $mountKind "storage" }} {{- /* (3) */}}
|
||||
{{- range $mountName, $mountEntry := $mountData }} {{- /* (4) */}}
|
||||
- name: {{ printf "%s-storage" $mountName }}
|
||||
mountPath: {{ $mountEntry.path }}
|
||||
{{- end }} {{- /* /(4) */}}
|
||||
{{- end }} {{- /* /(3) */}}
|
||||
{{- if eq $mountKind "files" }} {{- /* (3) */}}
|
||||
{{- range $mountName, $mountEntry := $mountData }} {{- /* (4) */}}
|
||||
- name: {{ printf "%s-file" $mountName }}
|
||||
mountPath: {{ $mountEntry.path }}
|
||||
{{- end }} {{- /* /(4) */}}
|
||||
{{- end }} {{- /* /(3) */}}
|
||||
{{- if eq $mountKind "extraVolumes" }} {{- /* (3) */}}
|
||||
{{- range $mountName, $mountEntry := $mountData }} {{- /* (4) */}}
|
||||
- name: {{ printf "%s-extra" $mountName }}
|
||||
mountPath: {{ $mountEntry.path }}
|
||||
{{- end }} {{- /* /(4) */}}
|
||||
{{- end }} {{- /* /(3) */}}
|
||||
{{- end }} {{- /* /(2) */}}
|
||||
{{- end }} {{- /* /(1) */}}
|
||||
{{- end -}} {{- /* /(define) */ -}}
|
||||
|
||||
{{- define "helper.container.envFrom" -}} {{- /* (define) */ -}}
|
||||
{{/* If env should be set from a Configmap/Secret */}}
|
||||
{{- if .Container.envFrom }} {{- /* (1) */}}
|
||||
envFrom:
|
||||
{{- range $k := .Container.envFrom -}} {{- /* (2) */ -}}
|
||||
{{/* If envFrom entry is a string, then refer to the env created by the library */}}
|
||||
{{- if kindIs "string" $k -}} {{- /* (3) */ -}}
|
||||
{{- if (index $.Context.Values.env $k) -}} {{- /* (4) */ -}}
|
||||
{{- if (index $.Context.Values.env $k).sensitive }} {{- /* (5) */}}
|
||||
- secretRef:
|
||||
{{- else }}
|
||||
- configMapRef:
|
||||
{{- end }} {{- /* /(5) */}}
|
||||
name: {{- printf " %s-%s" (include "chart.fullname" $.Context) $k -}}
|
||||
{{- end -}} {{- /* /(4) */}}
|
||||
{{- /* Otherwise try to add references directly (if Secrets/ConfigMaps are not managed by the chart) */ -}}
|
||||
{{- else -}}
|
||||
{{- range $k, $v := $k }} {{- /* (5) */}}
|
||||
- {{ $k }}:
|
||||
{{ toYaml $v | indent 14 }}
|
||||
{{- end -}} {{- /* /(4) */ -}}
|
||||
{{- end -}} {{- /* /(3) */ -}}
|
||||
{{- end -}} {{- /* /(2) */ -}}
|
||||
{{- end -}} {{- /* /(1) */ -}}
|
||||
{{- end -}} {{- /* /(define) */ -}}
|
29
charts/workload/templates/deployment/_spec.tpl
Normal file
29
charts/workload/templates/deployment/_spec.tpl
Normal file
@ -0,0 +1,29 @@
|
||||
{{/*
|
||||
This is a builder for deployments
|
||||
*/}}
|
||||
|
||||
{{- define "deployment.spec" }} {{- /* (define) */}}
|
||||
# ---------------------------------------------------------------------
|
||||
# The spec is build within the helm library
|
||||
# please check the lib/templates/deployment/spec
|
||||
# ---------------------------------------------------------------------
|
||||
spec:
|
||||
replicas: {{ .Values.workload.replicas | default 1}}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{ include "metadata.selectorLabels" . | indent 6 }}
|
||||
{{ include "lib.deployment.template" . | indent 2 }}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{- define "lib.deployment.template" -}} {{- /* (define) */ -}}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "metadata.labels" . | nindent 6 }}
|
||||
spec:
|
||||
{{- include "helper.workload.securityContext" . | nindent 4 -}}
|
||||
{{- include "helper.deployment.volumes" . | nindent 4 }}
|
||||
{{- include "helper.deployment.containers" . | nindent 4 }}
|
||||
{{- include "helper.deployment.initContainers" . | nindent 4 }}
|
||||
{{- end -}} {{- /* /(define) */ -}}
|
32
charts/workload/templates/deployment/_volumes.tpl
Normal file
32
charts/workload/templates/deployment/_volumes.tpl
Normal file
@ -0,0 +1,32 @@
|
||||
{{- define "helper.deployment.volumes" -}} {{- /* (define) */ -}}
|
||||
{{- if or ( or .Values.storage .Values.extraVolumes) .Values.files }} {{- /* (1)*/}}
|
||||
volumes:
|
||||
{{- /* If storage is defined, mount the pvc */ -}}
|
||||
{{- if .Values.storage }} {{- /* (2) */}}
|
||||
{{- range $k, $v := .Values.storage }} {{- /* (3) */}}
|
||||
- name: {{ $k }}-storage
|
||||
persistentVolumeClaim:
|
||||
claimName: " {{- printf "%s-%s" (include "chart.fullname" $) $k }}"
|
||||
{{- end }} {{- /* /(3) */}}
|
||||
{{- end }} {{- /* /(2) */}}
|
||||
{{- if .Values.extraVolumes}} {{- /* (2) */}}
|
||||
{{- range $k, $v := .Values.extraVolumes}} {{- /* (3) */}}
|
||||
- name: {{ $k }}-extra
|
||||
{{- $v | toYaml | nindent 4 }}
|
||||
{{- end }} {{- /* /(3) */}}
|
||||
{{- end }} {{- /* /(2) */}}
|
||||
{{- if .Values.files }} {{- /* (2) */}}
|
||||
{{- range $k, $v := .Values.files }} {{- /* (3) */}}
|
||||
- name: {{ $k }}-file
|
||||
{{- if $v.sensitive }} {{- /* (4) */}}
|
||||
secret:
|
||||
defaultMode: 420
|
||||
secretName: "{{ printf "%s-%s" (include "chart.fullname" $) $k }}"
|
||||
{{- else }}
|
||||
configMap:
|
||||
name: "{{- printf "%s-%s" (include "chart.fullname" $) $k }}"
|
||||
{{- end }} {{- /* /(4) */}}
|
||||
{{- end }} {{- /* /(3) */}}
|
||||
{{- end }} {{- /* /(2) */}}
|
||||
{{- end -}} {{- /* /(1)*/ -}}
|
||||
{{- end -}} {{- /* /(define) */ -}}
|
8
charts/workload/templates/notes/_notes.tpl
Normal file
8
charts/workload/templates/notes/_notes.tpl
Normal file
@ -0,0 +1,8 @@
|
||||
{{- define "lib.notes" -}}
|
||||
*** Release metadata ***
|
||||
Chart: {{ .Chart.Name }}
|
||||
Chart version: {{ .Chart.Version }}
|
||||
App version: {{ .Chart.Version }}
|
||||
Image: {{ index $.Chart.Annotations "helm.badhouseplants.net/registry" }}
|
||||
Release name: {{ .Release.Name }}
|
||||
{{- end }}
|
@ -18,6 +18,8 @@ spec:
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ $v.size }}
|
||||
{{- if ne $v.storageClassName "default" }}
|
||||
storageClassName: {{ $v.storageClassName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
@ -1,25 +1,31 @@
|
||||
{{- define "lib.service" }}
|
||||
{{- define "lib.services" }}
|
||||
{{- range $k, $v := .Values.services }}
|
||||
{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }}
|
||||
|
||||
---
|
||||
# ---------------------------------------------------------------------
|
||||
# This service is created as a part of badhouseplants helm library
|
||||
# This service is created as a part of softplayer helm library
|
||||
# please see /lib/tempaltes/service/_service.tpl
|
||||
# ---------------------------------------------------------------------
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
{{- include "lib.metadata" (dict "Context" . "customName" "")}}
|
||||
{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
|
||||
spec:
|
||||
{{- if (.Values.service).type }}
|
||||
type: {{ .Values.service.type }}
|
||||
{{- if ($v).type }}
|
||||
type: {{ $v.type }}
|
||||
{{- else }}
|
||||
type: ClusterIP
|
||||
{{- end }}
|
||||
selector:
|
||||
{{ include "metadata.selectorLabels" . | indent 4}}
|
||||
{{ include "metadata.selectorLabels" $ | indent 4}}
|
||||
ports:
|
||||
{{- range $k,$v := .Values.service.ports }}
|
||||
{{- range $k,$v := $v.ports }}
|
||||
- name: {{ $k }}
|
||||
port: {{ $v.port }}
|
||||
targetPort: {{ $v.targetPort}}
|
||||
protocol: {{ $v.protocol}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- end -}}
|
||||
|
33
charts/workload/templates/workload/_image.tpl
Normal file
33
charts/workload/templates/workload/_image.tpl
Normal file
@ -0,0 +1,33 @@
|
||||
# ---------------------------------------------------------------------
|
||||
# Main workload helpers
|
||||
# ---------------------------------------------------------------------
|
||||
{{/*
|
||||
Prepare a tag for the container image
|
||||
Example:
|
||||
{{ include "helper.workload.tag" (dict "AppVersion" $.Chart.AppVersion "Tag" .Image.tag) }}
|
||||
*/}}
|
||||
{{- define "helper.workload.tag" -}} {{/* (define) */}}
|
||||
{{- if or .Tag .AppVersion -}} {{/* (1) */}}
|
||||
{{- if .Tag -}} {{/* (2) */}}
|
||||
{{- .Tag -}}
|
||||
{{- else -}}
|
||||
{{- .AppVersion -}}
|
||||
{{- end -}} {{/* /(2) */}}
|
||||
{{- else -}}
|
||||
{{ fail ".Tag or .AppVersion must be passed to this helper (helper.workload.tag)"}}
|
||||
{{- end -}} {{/* /(1) */}}
|
||||
{{- end -}} {{/* /(define) */}}
|
||||
|
||||
{{/*
|
||||
Prepare the image name for the container
|
||||
Example:
|
||||
{{ include "helper.workload.image" (dict "Chart" $.Chart "Image" .image) }}
|
||||
*/}}
|
||||
{{- define "helper.workload.image" -}} {{/* (define) */}}
|
||||
{{- if and .Chart .Image -}} {{/* (1) */}}
|
||||
image: {{ printf "%s/%s:%s" .Image.registry .Image.repository (include "helper.workload.tag" (dict "AppVersion" $.Chart.AppVersion "Tag" .Image.tag)) }}
|
||||
imagePullPolicy: {{ .Image.pullPolicy | default "Always" }}
|
||||
{{- else -}}
|
||||
{{ fail ".Chart and .Image must be passed to this helper (helper.workload.image)"}}
|
||||
{{- end -}} {{/* /(1) */}}
|
||||
{{- end -}} {{/* /(define) */}}
|
36
charts/workload/templates/workload/_security.tpl
Normal file
36
charts/workload/templates/workload/_security.tpl
Normal file
@ -0,0 +1,36 @@
|
||||
{{/* Build a pod security context */}}
|
||||
{{- define "helper.workload.securityContext" -}} {{- /* (define) */ -}}
|
||||
{{- if not .Values.workload.securityContext -}} {{- /* (1) */ -}}
|
||||
# ---------------------------------------------------------------------
|
||||
# Using the default security context, if it doesn't work for you,
|
||||
# please update `.Values.workload.securityContext`
|
||||
# ---------------------------------------------------------------------
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 3000
|
||||
fsGroup: 2000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
{{- else -}}
|
||||
{{- with .Values.workload.securityContext -}} {{- /* (2) */ -}}
|
||||
securityContext:
|
||||
{{ toYaml . | indent 2 }}
|
||||
{{- end }} {{- /* /(2) */}}
|
||||
{{- end -}} {{- /* /(1) */ -}}
|
||||
{{- end -}} {{- /* /(define) */ -}}
|
||||
|
||||
{{/* Build a container security context */}}
|
||||
{{- define "helper.workload.containerSecurityContext" -}} {{- /* (define) */ -}}
|
||||
securityContext:
|
||||
{{- if not .securityContext }} {{- /* (1) */}}
|
||||
runAsUser: 2000
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
{{- else }}
|
||||
{{- with .securityContext }} {{- /* (2) */}}
|
||||
{{ toYaml . | indent 2 }}
|
||||
{{- end }} {{- /* /(2) */}}
|
||||
{{- end -}} {{- /* /(1) */ -}}
|
||||
{{- end -}} {{- /* /(define) */ -}}
|
Loading…
Reference in New Issue
Block a user