From ac6751d3daf9bd5de0f5a57a96a2db857d26380b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 13 May 2024 17:20:21 +0200 Subject: [PATCH] Some updates --- charts/workload-testing/.helmignore | 23 +++++ charts/workload-testing/Chart.yaml | 8 ++ .../workload-testing/templates/_helpers.tpl | 63 ++++++++++++ charts/workload-testing/templates/_utils.yaml | 13 +++ .../templates/_workloads.yaml | 12 +++ .../templates/configs/_env.tpl | 20 ++++ .../templates/configs/_files.tpl | 20 ++++ .../templates/deployment/_deployment.tpl | 11 +++ .../templates/deployment/_spec.tpl | 97 +++++++++++++++++++ .../templates/metadata/_base.tpl | 13 +++ .../templates/metadata/_labels.tpl | 20 ++++ .../templates/notes/_notes.tpl | 8 ++ .../workload-testing/templates/pvc/_pvc.tpl | 23 +++++ .../templates/rbac/_rbac.yaml | 34 +++++++ .../templates/service/_service.tpl | 25 +++++ .../templates/workload/_security.tpl | 34 +++++++ 16 files changed, 424 insertions(+) create mode 100644 charts/workload-testing/.helmignore create mode 100644 charts/workload-testing/Chart.yaml create mode 100644 charts/workload-testing/templates/_helpers.tpl create mode 100644 charts/workload-testing/templates/_utils.yaml create mode 100644 charts/workload-testing/templates/_workloads.yaml create mode 100644 charts/workload-testing/templates/configs/_env.tpl create mode 100644 charts/workload-testing/templates/configs/_files.tpl create mode 100644 charts/workload-testing/templates/deployment/_deployment.tpl create mode 100644 charts/workload-testing/templates/deployment/_spec.tpl create mode 100644 charts/workload-testing/templates/metadata/_base.tpl create mode 100644 charts/workload-testing/templates/metadata/_labels.tpl create mode 100644 charts/workload-testing/templates/notes/_notes.tpl create mode 100644 charts/workload-testing/templates/pvc/_pvc.tpl create mode 100644 charts/workload-testing/templates/rbac/_rbac.yaml create mode 100644 charts/workload-testing/templates/service/_service.tpl create mode 100644 charts/workload-testing/templates/workload/_security.tpl diff --git a/charts/workload-testing/.helmignore b/charts/workload-testing/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/workload-testing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/workload-testing/Chart.yaml b/charts/workload-testing/Chart.yaml new file mode 100644 index 0000000..f90fcd9 --- /dev/null +++ b/charts/workload-testing/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +name: softplayer-lib-workload-testing +description: A library to be reused accross softplayer charts +type: library +version: 0.1.0 +maintainers: + - name: allanger + email: allanger@badhouseplants.net diff --git a/charts/workload-testing/templates/_helpers.tpl b/charts/workload-testing/templates/_helpers.tpl new file mode 100644 index 0000000..83b70b7 --- /dev/null +++ b/charts/workload-testing/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "chart.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "chart.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "chart.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "chart.labels" -}} +helm.sh/chart: {{ include "chart.chart" . }} +{{ include "chart.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "chart.selectorLabels" -}} +app.kubernetes.io/name: {{ include "chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "chart.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "chart.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + diff --git a/charts/workload-testing/templates/_utils.yaml b/charts/workload-testing/templates/_utils.yaml new file mode 100644 index 0000000..fbb1bab --- /dev/null +++ b/charts/workload-testing/templates/_utils.yaml @@ -0,0 +1,13 @@ +{{- /* +lib.util.merge will merge two YAML templates and output the result. +This takes an array of three values: +- the top context +- the template name of the overrides (destination) +- the template name of the base (source) +*/}} +{{- define "lib.util.merge" -}} +{{- $top := first . -}} +{{- $overrides := fromYaml (include (index . 1) $top) | default (dict ) -}} +{{- $tpl := fromYaml (include (index . 2) $top) | default (dict ) -}} +{{- toYaml (merge $overrides $tpl) -}} +{{- end -}} diff --git a/charts/workload-testing/templates/_workloads.yaml b/charts/workload-testing/templates/_workloads.yaml new file mode 100644 index 0000000..ca2aa4b --- /dev/null +++ b/charts/workload-testing/templates/_workloads.yaml @@ -0,0 +1,12 @@ +{{- define "helpers.allowed_workloads" -}} +{{ index .Chart.Annotations "helm.badhouseplants.net/allowed_workload_kinds" }} +{{- end -}} + +{{- define "lib.workload" -}} +--- +{{ if eq .Values.workload.kind "Deployment" -}} +{{- if contains .Values.workload.kind (include "helpers.allowed_workloads" .) }} +{{- include "lib.deployment" . }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/workload-testing/templates/configs/_env.tpl b/charts/workload-testing/templates/configs/_env.tpl new file mode 100644 index 0000000..6137725 --- /dev/null +++ b/charts/workload-testing/templates/configs/_env.tpl @@ -0,0 +1,20 @@ +{{- define "lib.config.env" -}} +{{- range $k, $v := .Values.env }} +{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }} +--- +apiVersion: v1 +{{- if not $v.sensitive }} +kind: ConfigMap +{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}} +data: +{{- else }} +kind: Secret +{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}} +stringData: +{{- end }} +{{- with $v.data }} +{{ toYaml . | indent 2}} +{{- end }} +{{- end }} +{{- end -}} + diff --git a/charts/workload-testing/templates/configs/_files.tpl b/charts/workload-testing/templates/configs/_files.tpl new file mode 100644 index 0000000..a112548 --- /dev/null +++ b/charts/workload-testing/templates/configs/_files.tpl @@ -0,0 +1,20 @@ +{{- define "lib.config.files" -}} +{{- range $k, $v := .Values.files }} +{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }} +--- +apiVersion: v1 +{{- if not $v.sensitive }} +kind: ConfigMap +{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}} +data: +{{- else }} +kind: Secret +{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}} +stringData: +{{- end }} +{{- with $v.data }} +{{ toYaml . | indent 2}} +{{- end }} +{{- end }} +{{- end -}} + diff --git a/charts/workload-testing/templates/deployment/_deployment.tpl b/charts/workload-testing/templates/deployment/_deployment.tpl new file mode 100644 index 0000000..584dc87 --- /dev/null +++ b/charts/workload-testing/templates/deployment/_deployment.tpl @@ -0,0 +1,11 @@ +{{- define "lib.deployment" -}} +# --------------------------------------------------------------------- +# The deployment is build within the helm library +# please check the lib/tempaltes/deployment/base +# --------------------------------------------------------------------- +apiVersion: apps/v1 +kind: Deployment +{{- include "lib.metadata" (dict "Context" . "customName" "")}} +{{- include "deployment.spec" . }} +{{- end -}} + diff --git a/charts/workload-testing/templates/deployment/_spec.tpl b/charts/workload-testing/templates/deployment/_spec.tpl new file mode 100644 index 0000000..0d6229e --- /dev/null +++ b/charts/workload-testing/templates/deployment/_spec.tpl @@ -0,0 +1,97 @@ +{{/* + This is a builder for deployments +*/}} +{{- define "deployment.spec" }} +spec: + replicas: {{ .Values.workload.replicas }} + selector: + matchLabels: +{{ include "metadata.selectorLabels" . | indent 6 }} + template: + metadata: + labels: +{{ include "metadata.labels" . | indent 8 }} + spec: +{{/* Prepare the securityContext for the pod */}} +{{- include "lib.securityContext" . | indent 6 -}} +{{/* Add all the volues to pod */}} + {{- if or ( or .Values.storage .Values.extraVolumes) .Values.files }} + volumes: + {{- if .Values.storage }} + {{- range $k, $v := .Values.storage }} + - name: {{ $k }}-storage + persistentVolumeClaim: + claimName: " {{- printf "%s-%s" (include "chart.fullname" $) $k }}" + {{- end }} + {{- end }} + {{- if .Values.files }}-file + {{- range $k, $v := .Values.files }} + - name: {{ $k }} + {{- if $v.sensitive }} + secret: + defaultMode: 420 + secretName: " {{- printf "%s-%s" (include "chart.fullname" $) $k }}" + {{- else }} + configMap: + name: "{{- printf "%s-%s" (include "chart.fullname" $) $k }}" + {{- end }} + {{- end }} + {{- end }} + {{- end -}} +{{/* Define containers */}} + containers: +{{- range $k,$v := .Values.workload.containers }} + - name: {{ $k }} +{{/* Prepare the securityContext for the container */}} +{{- include "lib.containerSecurityContext" . | indent 8 -}} +{{/* Image fron chart's annotations */}} + image: {{ index $.Chart.Annotations "helm.badhouseplants.net/registry" }}:{{ $.Chart.AppVersion }} + {{- with $v.command }} + command: +{{. | toYaml | indent 10 }} + {{- end -}} + {{- with $v.args }} + args: +{{. | toYaml | indent 10 }} + {{- end -}} +{{- if $v.mounts }} + mounts: +{{- range $k ,$v := range $v.mounts }} +{{- if $k == "storage" }} + name: {{ $k }}-storage +{{- end }} +{{- end }} + volumeMounts: +{{/* Ports */}} +{{- with $v.ports }} + ports: +{{- range $p := $v.ports}} + - containerPort: {{ index (index $.Values.service.ports $p) "targetPort" }} +{{/* If env should be set from a Configmap/Secret */}} +{{- if $v.envFrom }} + envFrom: +{{- range $k := $v.envFrom }} +{{/* If envFrom entry is a string, then refer to the env created by the library */}} +{{- if kindIs "string" $k }} +{{- if (index $.Values.env $k) }} +{{- if (index $.Values.env $k).sensitive }} + - secretRef: +{{- else }} + - configMapRef: +{{- end }} + name: {{ printf "%s-%s" (include "chart.fullname" $) $k }} +{{- end }} +{{/* Otherwise try to add references directly (if Secrets/ConfigMaps are not managed by the chart) */}} +{{- else }} +{{- range $k, $v := $k }} + - {{ $k }}: +{{ toYaml $v | indent 14 }} +{{- end }} +{{- end }} +{{- end }} + +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/workload-testing/templates/metadata/_base.tpl b/charts/workload-testing/templates/metadata/_base.tpl new file mode 100644 index 0000000..769852c --- /dev/null +++ b/charts/workload-testing/templates/metadata/_base.tpl @@ -0,0 +1,13 @@ +{{- define "lib.metadata" }} +metadata: + {{- if .customName }} + name: {{ .customName }} + {{- else }} + name: {{ include "chart.fullname" .Context }} + {{- end }} + labels: +{{ include "metadata.labels" .Context | indent 4 }} +{{- end }} + +{{- define "metadata.customName" -}} +{{- end -}} diff --git a/charts/workload-testing/templates/metadata/_labels.tpl b/charts/workload-testing/templates/metadata/_labels.tpl new file mode 100644 index 0000000..c289805 --- /dev/null +++ b/charts/workload-testing/templates/metadata/_labels.tpl @@ -0,0 +1,20 @@ +{{/* +Common labels +*/}} +{{- define "metadata.labels" -}} +helm.sh/chart: {{ include "chart.chart" . }} +{{ include "chart.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "metadata.selectorLabels" -}} +app.kubernetes.io/name: {{ include "chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + diff --git a/charts/workload-testing/templates/notes/_notes.tpl b/charts/workload-testing/templates/notes/_notes.tpl new file mode 100644 index 0000000..1db6416 --- /dev/null +++ b/charts/workload-testing/templates/notes/_notes.tpl @@ -0,0 +1,8 @@ +{{- define "lib.notes" -}} +*** Release metadata *** +Chart: {{ .Chart.Name }} +Chart version: {{ .Chart.Version }} +App version: {{ .Chart.Version }} +Image: {{ index $.Chart.Annotations "helm.badhouseplants.net/registry" }} +Release name: {{ .Release.Name }} +{{- end }} diff --git a/charts/workload-testing/templates/pvc/_pvc.tpl b/charts/workload-testing/templates/pvc/_pvc.tpl new file mode 100644 index 0000000..4109d04 --- /dev/null +++ b/charts/workload-testing/templates/pvc/_pvc.tpl @@ -0,0 +1,23 @@ +{{- define "lib.pvc" -}} +{{- range $k, $v := .Values.storage }} +{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }} +--- +# --------------------------------------------------------------------- +# This pvc is created as a part of softplayer helm library +# please see /lib/tempaltes/pvc/_pvc.tpl +# --------------------------------------------------------------------- + +apiVersion: v1 +kind: PersistentVolumeClaim +{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}} +spec: +{{- with $v.accessModes }} + accessModes: +{{ toYaml . | indent 4}} +{{- end }} + resources: + requests: + storage: {{ $v.size }} + storageClassName: {{ $v.storageClassName }} +{{- end }} +{{- end -}} diff --git a/charts/workload-testing/templates/rbac/_rbac.yaml b/charts/workload-testing/templates/rbac/_rbac.yaml new file mode 100644 index 0000000..631aa9f --- /dev/null +++ b/charts/workload-testing/templates/rbac/_rbac.yaml @@ -0,0 +1,34 @@ +{{- define "lib.rbac" -}} +{{- range $k, $v := .Values.rbac }} +{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ $v.role.kind }} +{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}} +rules: +{{ $v.role.rules | toYaml | indent 2}} + +{{- if $v.serviceAccount }} +--- +apiVersion: v1 +kind: ServiceAccount +{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}} +--- +kind: {{ $v.binding.kind }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}} +subjects: + +- kind: ServiceAccount + name: {{ $customName }} + namespace: {{ $.Release.Namespace }} +roleRef: + kind: {{ $v.role.kind }} + name: {{ $customName }} + apiGroup: rbac.authorization.k8s.io +{{- end }} +{{- end }} + +{{- end -}} + diff --git a/charts/workload-testing/templates/service/_service.tpl b/charts/workload-testing/templates/service/_service.tpl new file mode 100644 index 0000000..df719d5 --- /dev/null +++ b/charts/workload-testing/templates/service/_service.tpl @@ -0,0 +1,25 @@ +{{- define "lib.service" }} +--- +# --------------------------------------------------------------------- +# This service is created as a part of softplayer helm library +# please see /lib/tempaltes/service/_service.tpl +# --------------------------------------------------------------------- +apiVersion: v1 +kind: Service +{{- include "lib.metadata" (dict "Context" . "customName" "")}} +spec: + {{- if (.Values.service).type }} + type: {{ .Values.service.type }} + {{- else }} + type: ClusterIP + {{- end }} + selector: +{{ include "metadata.selectorLabels" . | indent 4}} + ports: +{{- range $k,$v := .Values.service.ports }} + - name: {{ $k }} + port: {{ $v.port }} + targetPort: {{ $v.targetPort}} + protocol: {{ $v.protocol}} +{{- end }} +{{- end }} diff --git a/charts/workload-testing/templates/workload/_security.tpl b/charts/workload-testing/templates/workload/_security.tpl new file mode 100644 index 0000000..336921e --- /dev/null +++ b/charts/workload-testing/templates/workload/_security.tpl @@ -0,0 +1,34 @@ +{{- define "lib.securityContext" -}} +{{- if not .Values.workload.securityContext -}} +# --------------------------------------------------------------------- +# Using the default security context, if it doesn't work for you, +# please update `.Values.workload.securityContext` +# --------------------------------------------------------------------- +securityContext: + runAsUser: 1000 + runAsGroup: 3000 + fsGroup: 2000 + seccompProfile: + type: RuntimeDefault +{{- else -}} +{{- with .Values.workload.securityContext -}} +securityContext: +{{ toYaml . | indent 2 }} +{{- end }} +{{- end -}} +{{- end -}} + +{{- define "lib.containerSecurityContext" -}} +securityContext: +{{- if not .securityContext }} + runAsUser: 2000 + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL +{{- else }} +{{- with .securityContext }} +{{ toYaml . | indent 2 }} +{{- end }} +{{- end -}} +{{- end -}}