diff --git a/argocd-apps/baikal.yaml b/argocd-apps/baikal.yaml new file mode 100644 index 0000000..f68d8b5 --- /dev/null +++ b/argocd-apps/baikal.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: baikal + namespace: argocd +spec: + project: my-apps + source: + repoURL: https://git.dvirlabs.com/dvirlabs/my-apps.git + targetRevision: HEAD + path: charts/baikal + helm: + valueFiles: + - ../../manifests/baikal/values.yaml + destination: + server: https://kubernetes.default.svc + namespace: my-apps + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/charts/baikal/baikal/.helmignore b/charts/baikal/baikal/.helmignore new file mode 100644 index 0000000..feb7464 --- /dev/null +++ b/charts/baikal/baikal/.helmignore @@ -0,0 +1,32 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png +icon.webp +icon-small.webp diff --git a/charts/baikal/baikal/CHANGELOG.md b/charts/baikal/baikal/CHANGELOG.md new file mode 100644 index 0000000..fafead5 --- /dev/null +++ b/charts/baikal/baikal/CHANGELOG.md @@ -0,0 +1,563 @@ +--- +title: Changelog +pagefind: false +--- + +## [baikal-1.0.0](https://github.com/truecharts/charts/compare/baikal-0.0.34...baikal-1.0.0) (2022-11-10) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Major Change to GUI +- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342)) +- update helm general non-major ([#4349](https://github.com/truecharts/charts/issues/4349)) +- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329)) + +## [baikal-0.0.37](https://github.com/truecharts/charts/compare/baikal-0.0.34...baikal-0.0.37) (2022-11-08) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342)) +- update helm general non-major ([#4349](https://github.com/truecharts/charts/issues/4349)) +- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329)) + +## [baikal-0.0.36](https://github.com/truecharts/charts/compare/baikal-0.0.34...baikal-0.0.36) (2022-11-08) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342)) +- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329)) + +## [baikal-0.0.36](https://github.com/truecharts/charts/compare/baikal-0.0.34...baikal-0.0.36) (2022-11-08) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342)) +- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329)) + +## [baikal-0.0.36](https://github.com/truecharts/charts/compare/baikal-0.0.34...baikal-0.0.36) (2022-11-08) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342)) +- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329)) + +## [baikal-0.0.35](https://github.com/truecharts/charts/compare/baikal-0.0.34...baikal-0.0.35) (2022-11-07) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329)) + +## [baikal-0.0.35](https://github.com/truecharts/charts/compare/baikal-0.0.34...baikal-0.0.35) (2022-11-06) + +### Chore + +- Auto-update chart README [skip ci] +- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329)) + +## [baikal-0.0.34](https://github.com/truecharts/charts/compare/baikal-0.0.33...baikal-0.0.34) (2022-11-06) + +### Chore + +- Auto-update chart README [skip ci] +- update helm general non-major ([#4317](https://github.com/truecharts/charts/issues/4317)) + +## [baikal-0.0.33](https://github.com/truecharts/charts/compare/baikal-0.0.32...baikal-0.0.33) (2022-11-05) + +### Chore + +- Auto-update chart README [skip ci] +- update helm general non-major ([#4308](https://github.com/truecharts/charts/issues/4308)) + +## [baikal-0.0.32](https://github.com/truecharts/charts/compare/baikal-0.0.31...baikal-0.0.32) (2022-11-02) + +### Chore + +- Auto-update chart README [skip ci] +- update helm general non-major ([#4261](https://github.com/truecharts/charts/issues/4261)) + +## [baikal-0.0.31](https://github.com/truecharts/charts/compare/baikal-0.0.30...baikal-0.0.31) (2022-10-25) + +### Chore + +- Auto-update chart README [skip ci] +- update helm general non-major ([#4182](https://github.com/truecharts/charts/issues/4182)) + +## [baikal-0.0.30](https://github.com/truecharts/charts/compare/baikal-0.0.29...baikal-0.0.30) (2022-10-19) + +### Chore + +- Auto-update chart README [skip ci] +- update helm general non-major ([#4122](https://github.com/truecharts/charts/issues/4122)) + +## [baikal-0.0.29](https://github.com/truecharts/charts/compare/baikal-0.0.28...baikal-0.0.29) (2022-10-12) + +### Chore + +- Auto-update chart README [skip ci] +- update helm general non-major ([#4071](https://github.com/truecharts/charts/issues/4071)) + +## [baikal-0.0.28](https://github.com/truecharts/charts/compare/baikal-0.0.27...baikal-0.0.28) (2022-10-07) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- update helm general non-major + +## [baikal-0.0.28](https://github.com/truecharts/charts/compare/baikal-0.0.27...baikal-0.0.28) (2022-10-07) + +### Chore + +- Auto-update chart README [skip ci] +- update helm general non-major + +## [baikal-0.0.27](https://github.com/truecharts/charts/compare/baikal-0.0.26...baikal-0.0.27) (2022-10-05) + +### Chore + +- Auto-update chart README [skip ci] +- split addons in smaller templates ([#3979](https://github.com/truecharts/charts/issues/3979)) +- update helm general non-major + +## [baikal-0.0.26](https://github.com/truecharts/charts/compare/baikal-0.0.25...baikal-0.0.26) (2022-09-27) + +### Chore + +- Auto-update chart README [skip ci] +- update helm general non-major ([#3918](https://github.com/truecharts/charts/issues/3918)) + +## [baikal-0.0.25](https://github.com/truecharts/charts/compare/baikal-0.0.24...baikal-0.0.25) (2022-09-25) + +### Chore + +- Auto-update chart README [skip ci] +- update helm general non-major ([#3898](https://github.com/truecharts/charts/issues/3898)) + +## [baikal-0.0.24](https://github.com/truecharts/charts/compare/baikal-0.0.23...baikal-0.0.24) (2022-09-22) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- refactor Services SCALE GUI +- update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) +- split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) + +## [baikal-0.0.24](https://github.com/truecharts/charts/compare/baikal-0.0.23...baikal-0.0.24) (2022-09-21) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- refactor Services SCALE GUI +- update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) +- split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) + +## [baikal-0.0.24](https://github.com/truecharts/charts/compare/baikal-0.0.23...baikal-0.0.24) (2022-09-21) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- refactor Services SCALE GUI +- update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) +- split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) + +## [baikal-0.0.24](https://github.com/truecharts/charts/compare/baikal-0.0.23...baikal-0.0.24) (2022-09-20) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- refactor Services SCALE GUI +- update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) +- split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) + +## [baikal-0.0.24](https://github.com/truecharts/charts/compare/baikal-0.0.23...baikal-0.0.24) (2022-09-20) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- refactor Services SCALE GUI +- update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) +- split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) + +## [baikal-0.0.24](https://github.com/truecharts/charts/compare/baikal-0.0.23...baikal-0.0.24) (2022-09-19) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- refactor Services SCALE GUI +- update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) +- split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) + +## [baikal-0.0.24](https://github.com/truecharts/charts/compare/baikal-0.0.23...baikal-0.0.24) (2022-09-19) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- refactor Services SCALE GUI +- update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) +- split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) + +## [baikal-0.0.24](https://github.com/truecharts/charts/compare/baikal-0.0.23...baikal-0.0.24) (2022-09-19) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- refactor Services SCALE GUI +- update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) +- split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) + +## [baikal-0.0.24](https://github.com/truecharts/charts/compare/baikal-0.0.23...baikal-0.0.24) (2022-09-17) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- refactor Services SCALE GUI +- update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) +- split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) + +## [baikal-0.0.24](https://github.com/truecharts/charts/compare/baikal-0.0.23...baikal-0.0.24) (2022-09-18) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) +- split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) + +## [baikal-0.0.24](https://github.com/truecharts/charts/compare/baikal-0.0.23...baikal-0.0.24) (2022-09-16) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) +- split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) + +## [baikal-0.0.24](https://github.com/truecharts/charts/compare/baikal-0.0.23...baikal-0.0.24) (2022-09-16) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) +- split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) + +## [baikal-0.0.24](https://github.com/truecharts/charts/compare/baikal-0.0.23...baikal-0.0.24) (2022-09-15) + +### Chore + +- Auto-update chart README [skip ci] +- update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) +- split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) + +## [baikal-0.0.24](https://github.com/truecharts/charts/compare/baikal-0.0.23...baikal-0.0.24) (2022-09-15) + +### Chore + +- update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) +- split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) + +## [baikal-0.0.23](https://github.com/truecharts/charts/compare/baikal-0.0.22...baikal-0.0.23) (2022-09-12) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- update helm general non-major ([#3711](https://github.com/truecharts/charts/issues/3711)) + +## [baikal-0.0.23](https://github.com/truecharts/charts/compare/baikal-0.0.22...baikal-0.0.23) (2022-09-12) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- update helm general non-major ([#3711](https://github.com/truecharts/charts/issues/3711)) + +## [baikal-0.0.23](https://github.com/truecharts/charts/compare/baikal-0.0.22...baikal-0.0.23) (2022-09-11) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- update helm general non-major ([#3711](https://github.com/truecharts/charts/issues/3711)) + +## [baikal-0.0.23](https://github.com/truecharts/charts/compare/baikal-0.0.22...baikal-0.0.23) (2022-09-11) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- update helm general non-major ([#3711](https://github.com/truecharts/charts/issues/3711)) + +## [baikal-0.0.23](https://github.com/truecharts/charts/compare/baikal-0.0.22...baikal-0.0.23) (2022-09-11) + +### Chore + +- Auto-update chart README [skip ci] +- update helm general non-major ([#3711](https://github.com/truecharts/charts/issues/3711)) + +## [baikal-0.0.23](https://github.com/truecharts/charts/compare/baikal-0.0.22...baikal-0.0.23) (2022-09-11) + +### Chore + +- update helm general non-major ([#3711](https://github.com/truecharts/charts/issues/3711)) + +## [baikal-0.0.22](https://github.com/truecharts/charts/compare/baikal-0.0.21...baikal-0.0.22) (2022-08-30) + +### Chore + +- update helm general non-major ([#3639](https://github.com/truecharts/charts/issues/3639)) + +## [baikal-0.0.21](https://github.com/truecharts/charts/compare/baikal-0.0.20...baikal-0.0.21) (2022-08-30) + +### Chore + +- update helm chart common to v10.5.5 ([#3626](https://github.com/truecharts/charts/issues/3626)) + +## [baikal-0.0.20](https://github.com/truecharts/charts/compare/baikal-0.0.19...baikal-0.0.20) (2022-08-29) + +### Chore + +- update helm general non-major ([#3619](https://github.com/truecharts/charts/issues/3619)) + +## [baikal-0.0.19](https://github.com/truecharts/charts/compare/baikal-0.0.17...baikal-0.0.19) (2022-08-26) + +### Fix + +- some cleanup ([#3586](https://github.com/truecharts/charts/issues/3586)) + +## [baikal-0.0.17](https://github.com/truecharts/charts/compare/baikal-0.0.16...baikal-0.0.17) (2022-08-23) + +### Chore + +- update helm general non-major helm releases ([#3545](https://github.com/truecharts/charts/issues/3545)) + +## [baikal-0.0.16](https://github.com/truecharts/charts/compare/baikal-0.0.15...baikal-0.0.16) (2022-08-12) + +### Chore + +- add documentation checkbox/section to all SCALE Apps +- update helm general non-major helm releases ([#3456](https://github.com/truecharts/charts/issues/3456)) + +### Fix + +- move extraArgs from .Values.controller to .Values ([#3447](https://github.com/truecharts/charts/issues/3447)) + +## [baikal-0.0.15](https://github.com/truecharts/charts/compare/baikal-0.0.14...baikal-0.0.15) (2022-08-10) + +### Chore + +- update docker general non-major ([#3421](https://github.com/truecharts/charts/issues/3421)) + +### Fix + +- cleanup ([#3389](https://github.com/truecharts/charts/issues/3389)) + +## [baikal-0.0.14](https://github.com/truecharts/charts/compare/baikal-0.0.13...baikal-0.0.14) (2022-08-08) + +### Chore + +- update helm general non-major helm releases ([#3376](https://github.com/truecharts/charts/issues/3376)) +- replace questions parts with templates ([#3402](https://github.com/truecharts/charts/issues/3402)) + +## [baikal-0.0.13](https://github.com/truecharts/apps/compare/baikal-0.0.12...baikal-0.0.13) (2022-07-26) + +### Chore + +- update home links ([#3291](https://github.com/truecharts/apps/issues/3291)) +- update helm general non-major helm releases ([#3302](https://github.com/truecharts/apps/issues/3302)) + +## [baikal-0.0.12](https://github.com/truecharts/apps/compare/baikal-0.0.11...baikal-0.0.12) (2022-07-23) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Bump all charts to generate config and container references due to huge increase of repository +- update helm general non-major helm releases ([#3280](https://github.com/truecharts/apps/issues/3280)) + +### Feat + +- move dev apps to incubator and remove bad content from dev + +## [baikal-0.0.12](https://github.com/truecharts/apps/compare/baikal-0.0.11...baikal-0.0.12) (2022-07-23) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Bump all charts to generate config and container references due to huge increase of repository +- update helm general non-major helm releases ([#3280](https://github.com/truecharts/apps/issues/3280)) + +### Feat + +- move dev apps to incubator and remove bad content from dev + +## [baikal-0.0.12](https://github.com/truecharts/apps/compare/baikal-0.0.11...baikal-0.0.12) (2022-07-23) + +### Chore + +- Auto-update chart README [skip ci] +- Auto-update chart README [skip ci] +- Bump all charts to generate config and container references due to huge increase of repository +- update helm general non-major helm releases ([#3280](https://github.com/truecharts/apps/issues/3280)) + +### Feat + +- move dev apps to incubator and remove bad content from dev + + + +### [baikal-0.0.5](https://github.com/truecharts/apps/compare/baikal-0.0.4...baikal-0.0.5) (2022-05-05) + +#### Chore + +- update helm general non-major helm releases ([#2612](https://github.com/truecharts/apps/issues/2612)) + + + +### [baikal-0.0.4](https://github.com/truecharts/apps/compare/baikal-0.0.3...baikal-0.0.4) (2022-04-26) + +#### Chore + +- update helm general non-major helm releases ([#2573](https://github.com/truecharts/apps/issues/2573)) + + + +### [baikal-0.0.3](https://github.com/truecharts/apps/compare/baikal-0.0.2...baikal-0.0.3) (2022-04-20) + +#### Chore + +- add missing quote on description ([#2515](https://github.com/truecharts/apps/issues/2515)) +- update helm general non-major helm releases ([#2524](https://github.com/truecharts/apps/issues/2524)) + + + +### [baikal-0.0.2](https://github.com/truecharts/apps/compare/baikal-0.0.1...baikal-0.0.2) (2022-04-12) + +#### Chore + +- Auto-update chart README [skip ci] +- update helm general non-major helm releases ([#2480](https://github.com/truecharts/apps/issues/2480)) + +#### Fix + +- ensure ghcr is used when running tests ([#2449](https://github.com/truecharts/apps/issues/2449)) + + + +### baikal-0.0.1 (2022-04-07) + +#### Feat + +- Unraid Port - B ([#2440](https://github.com/truecharts/apps/issues/2440)) diff --git a/charts/baikal/baikal/Chart.lock b/charts/baikal/baikal/Chart.lock new file mode 100644 index 0000000..879177f --- /dev/null +++ b/charts/baikal/baikal/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: oci://tccr.io/truecharts + version: 28.16.2 +digest: sha256:5a4cb4205635ca4c128591b20d037825478c3662c8d7a3e5c4d676f421e55bb3 +generated: "2025-08-18T08:24:37.066886844Z" diff --git a/charts/baikal/baikal/Chart.yaml b/charts/baikal/baikal/Chart.yaml new file mode 100644 index 0000000..958c69c --- /dev/null +++ b/charts/baikal/baikal/Chart.yaml @@ -0,0 +1,33 @@ +annotations: + artifacthub.io/links: |- + - name: support + url: https://discord.com/invite/tVsPTHWTtr + max_scale_version: 24.04.1 + min_scale_version: 24.04.0 + truecharts.org/category: utilities + truecharts.org/max_helm_version: "3.17" + truecharts.org/min_helm_version: "3.14" + truecharts.org/train: stable +apiVersion: v2 +appVersion: 0.10.1 +dependencies: +- name: common + repository: oci://tccr.io/truecharts + version: 28.16.2 +description: Baikal is a lightweight CalDAV+CardDAV server +home: https://truecharts.org/charts/stable/baikal +icon: https://truecharts.org/img/hotlink-ok/chart-icons/baikal.webp +keywords: +- baikal +kubeVersion: '>=1.24.0-0' +maintainers: +- email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: baikal +sources: +- https://github.com/ckulka/baikal-docker +- https://github.com/truecharts/charts/tree/master/charts/stable/baikal +- https://hub.docker.com/r/ckulka/baikal +type: application +version: 8.3.2 diff --git a/charts/baikal/baikal/README.md b/charts/baikal/baikal/README.md new file mode 100644 index 0000000..2673a22 --- /dev/null +++ b/charts/baikal/baikal/README.md @@ -0,0 +1,50 @@ +--- +title: README +--- + +## General Info + +For more information about this Chart, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/baikal) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Installation + +### Helm-Chart installation + +To install TrueCharts Helm charts using Helm, you can use our OCI Repository. + +`helm install mychart oci://tccr.io/truecharts/baikal` + +For more information on how to install TrueCharts Helm charts, checkout the [instructions on the website](/guides) + +## Chart Specific Guides and information + +All our charts have dedicated documentation pages. +The documentation for this chart can be found here: +https://truecharts.org/charts/stable/baikal + +## Configuration Options + +To view the chart specific options, please view Values.yaml included in the chart. +The most recent version of which, is available here: https://github.com/truecharts/public/blob/master/charts/stable/baikal/values.yaml + +All our Charts use a shared "common" library chart that contains most of the templating and options. +For the complete overview of all available options, please checkout the documentation for them on the [common docs on our website](/common) + +For information about the common chart and all defaults included with it, please review its values.yaml file available here: https://github.com/truecharts/public/blob/master/charts/library/common/values.yaml + +## Support + +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](/general/sponsor) or contributing back to the project any way you can! + +_All Rights Reserved - The TrueCharts Project_ diff --git a/charts/baikal/baikal/charts/common/.helmignore b/charts/baikal/baikal/charts/common/.helmignore new file mode 100644 index 0000000..feb7464 --- /dev/null +++ b/charts/baikal/baikal/charts/common/.helmignore @@ -0,0 +1,32 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png +icon.webp +icon-small.webp diff --git a/charts/baikal/baikal/charts/common/Chart.lock b/charts/baikal/baikal/charts/common/Chart.lock new file mode 100644 index 0000000..2d93e99 --- /dev/null +++ b/charts/baikal/baikal/charts/common/Chart.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: "2025-08-18T01:12:02.398827845Z" diff --git a/charts/baikal/baikal/charts/common/Chart.yaml b/charts/baikal/baikal/charts/common/Chart.yaml new file mode 100644 index 0000000..2216223 --- /dev/null +++ b/charts/baikal/baikal/charts/common/Chart.yaml @@ -0,0 +1,49 @@ +annotations: + artifacthub.io/category: integration-delivery + artifacthub.io/license: BUSL-1.1 + artifacthub.io/links: |- + - name: support + url: https://discord.com/invite/tVsPTHWTtr + truecharts.org/category: unsorted + truecharts.org/max_helm_version: "3.17" + truecharts.org/min_helm_version: "3.14" + truecharts.org/train: library +apiVersion: v2 +appVersion: 1.11.0 +description: Function library for TrueCharts +home: https://truecharts.org/charts/library/common +icon: https://truecharts.org/img/hotlink-ok/chart-icons/common.webp +keywords: +- truecharts +- library-chart +- common +kubeVersion: '>=1.24.0-0' +maintainers: +- email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: common +sources: +- https://ghcr.io/cloudnative-pg/postgis +- https://ghcr.io/cloudnative-pg/postgresql +- https://ghcr.io/tensorchord/cloudnative-pgvecto.rs +- https://ghcr.io/traefik/whoami +- https://github.com/truecharts/charts/tree/master/charts/library/common +- https://github.com/truecharts/containers/tree/master/apps/alpine +- https://github.com/truecharts/containers/tree/master/apps/code-server +- https://github.com/truecharts/containers/tree/master/apps/db-wait-mariadb +- https://github.com/truecharts/containers/tree/master/apps/db-wait-mongodb +- https://github.com/truecharts/containers/tree/master/apps/db-wait-postgres +- https://github.com/truecharts/containers/tree/master/apps/db-wait-redis +- https://github.com/truecharts/containers/tree/master/apps/gluetun +- https://github.com/truecharts/containers/tree/master/apps/kubectl +- https://github.com/truecharts/containers/tree/master/apps/netshoot +- https://github.com/truecharts/containers/tree/master/apps/openvpn-client +- https://github.com/truecharts/containers/tree/master/apps/scratch +- https://github.com/truecharts/containers/tree/master/apps/tailscale +- https://github.com/truecharts/containers/tree/master/apps/wget +- https://github.com/truecharts/containers/tree/master/apps/wireguard +- https://hub.docker.com/_/ +- https://hub.docker.com/r/mikefarah/yq +type: library +version: 28.16.2 diff --git a/charts/baikal/baikal/charts/common/LICENSE b/charts/baikal/baikal/charts/common/LICENSE new file mode 100644 index 0000000..4ce034b --- /dev/null +++ b/charts/baikal/baikal/charts/common/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Common" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/charts/baikal/baikal/charts/common/README.md b/charts/baikal/baikal/charts/common/README.md new file mode 100644 index 0000000..c71419b --- /dev/null +++ b/charts/baikal/baikal/charts/common/README.md @@ -0,0 +1,50 @@ +--- +title: README +--- + +## General Info + +For more information about this Chart, please check the docs on the TrueCharts [website](https://truecharts.org/charts/library/common) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Installation + +### Helm-Chart installation + +To install TrueCharts Helm charts using Helm, you can use our OCI Repository. + +`helm install mychart oci://tccr.io/truecharts/common` + +For more information on how to install TrueCharts Helm charts, checkout the [instructions on the website](/guides) + +## Chart Specific Guides and information + +All our charts have dedicated documentation pages. +The documentation for this chart can be found here: +https://truecharts.org/charts/library/common + +## Configuration Options + +To view the chart specific options, please view Values.yaml included in the chart. +The most recent version of which, is available here: https://github.com/truecharts/public/blob/master/charts/library/common/values.yaml + +All our Charts use a shared "common" library chart that contains most of the templating and options. +For the complete overview of all available options, please checkout the documentation for them on the [common docs on our website](/common) + +For information about the common chart and all defaults included with it, please review its values.yaml file available here: https://github.com/truecharts/public/blob/master/charts/library/common/values.yaml + +## Support + +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](/general/sponsor) or contributing back to the project any way you can! + +_All Rights Reserved - The TrueCharts Project_ diff --git a/charts/baikal/baikal/charts/common/templates/addons/_codeserver.tpl b/charts/baikal/baikal/charts/common/templates/addons/_codeserver.tpl new file mode 100644 index 0000000..c1187fd --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/addons/_codeserver.tpl @@ -0,0 +1,72 @@ +{{/* +Template to render code-server addon +It will include / inject the required templates based on the given values. +*/}} +{{- define "tc.v1.common.addon.codeserver" -}} + {{- $codeSrv := $.Values.addons.codeserver -}} + + {{- if $codeSrv.enabled -}} + {{- $targetSelector := list "main" -}} + {{- if $codeSrv.targetSelector -}} + {{- $targetSelector = $codeSrv.targetSelector -}} + {{- end -}} + + {{- if gt ($targetSelector|len) 1 -}} + {{- fail "Codeserver Addon - Can only be attached to a single workload at a time" -}} + {{- end -}} + + {{/* Append the code-server container to the workloads */}} + {{- range $targetSelector -}} + {{- $workload := get $.Values.workload . -}} + {{- $_ := set $workload.podSpec.containers "codeserver" $codeSrv.container -}} + {{- end -}} + + {{/* Add the code-server service */}} + {{- if $codeSrv.service.enabled -}} + {{/* Add the code-server service */}} + {{- $hasPrimaryService := false -}} + {{- $result := (include "tc.v1.common.lib.service.hasPrimary" $) | fromJson -}} + {{- if and $result.hasEnabled $result.hasPrimary -}} + {{- $hasPrimaryService = true -}} + {{- end -}} + + {{- $svcValues := $codeSrv.service -}} + {{- $_ := set $svcValues "targetSelector" ($targetSelector|first) -}} + {{- if not $hasPrimaryService -}} + {{- $_ := set $svcValues "primary" true -}} + {{- end -}} + + {{- if not $.Values.service -}} + {{- $_ := set $.Values "service" dict -}} + {{- end -}} + + {{- $_ := set $.Values.service "codeserver" $svcValues -}} + {{- end -}} + + {{/* Add the code-server ingress */}} + {{- if $codeSrv.ingress.enabled -}} + {{- $ingressValues := $codeSrv.ingress -}} + {{- if not $ingressValues.targetSelector -}} + {{/* Assumes that both service and port are named codeserver */}} + {{- $_ := set $ingressValues "targetSelector" (dict "codeserver" "codeserver") -}} + {{- end -}} + + {{- $hasPrimaryIngress := false -}} + {{- $result := (include "tc.v1.common.lib.ingress.hasPrimary" $) | fromJson -}} + {{- if and $result.hasEnabled $result.hasPrimary -}} + {{- $hasPrimaryIngress = true -}} + {{- end -}} + + {{- if not $hasPrimaryIngress -}} + {{- $_ := set $ingressValues "primary" true -}} + {{- end -}} + + {{- if not $.Values.ingress -}} + {{- $_ := set $.Values "ingress" dict -}} + {{- end -}} + + {{/* Let spawner handle the rest */}} + {{- $_ := set $.Values.ingress "codeserver" $ingressValues -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/addons/_gluetun.tpl b/charts/baikal/baikal/charts/common/templates/addons/_gluetun.tpl new file mode 100644 index 0000000..c93e4f4 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/addons/_gluetun.tpl @@ -0,0 +1,78 @@ +{{/* +Template to render VPN addon +It will include / inject the required templates based on the given values. +*/}} +{{- define "tc.v1.common.addon.gluetun" -}} + {{- $glue := $.Values.addons.gluetun -}} + {{- if $glue.enabled -}} + {{- if not $glue.container.env -}} + {{- $_ := set $glue.container "env" dict -}} + {{- end -}} + + {{- $fw := $glue.container.env.FIREWALL -}} + {{- if (eq $fw "on") -}} + {{- $nets := $glue.container.env.FIREWALL_OUTBOUND_SUBNETS | default list -}} + {{- if $nets -}}{{- $nets = $nets | splitList "," -}}{{- end -}} + {{- $nets = mustAppend $nets $.Values.chartContext.podCIDR -}} + {{- $nets = mustAppend $nets $.Values.chartContext.svcCIDR -}} + + {{- $cleanNets := list -}} + {{- range $nets -}}{{- $cleanNets = mustAppend $cleanNets (. | nospace) -}}{{- end -}} + {{- $nets = $cleanNets | mustUniq -}} + {{- $_ := set $glue.container.env "FIREWALL_OUTBOUND_SUBNETS" (join "," $nets) -}} + + {{- $inputPorts := $glue.container.env.FIREWALL_INPUT_PORTS | default list -}} + {{- if $inputPorts -}}{{- $inputPorts = $inputPorts | splitList "," -}}{{- end -}} + {{- if and + $.Values.service $.Values.service.main $.Values.service.main.ports + $.Values.service.main.ports.main $.Values.service.main.ports.main.port + -}} + {{- $inputPorts = mustAppend $inputPorts ($.Values.service.main.ports.main.port | toString) -}} + {{- end -}} + {{- $cleanInputPorts := list -}} + {{- range $inputPorts -}}{{- $cleanInputPorts = mustAppend $cleanInputPorts (. | nospace) -}}{{- end -}} + {{- $inputPorts = $cleanInputPorts | mustUniq -}} + {{- $_ := set $glue.container.env "FIREWALL_INPUT_PORTS" (join "," $inputPorts) -}} + {{- end -}} + + {{- $targetSelector := list "main" -}} + {{- if $glue.targetSelector -}} + {{- $targetSelector = $glue.targetSelector -}} + {{- end -}} + + {{/* Append the vpn container to the workloads */}} + {{- range $targetSelector -}} + {{- $workload := get $.Values.workload . -}} + {{- $_ := set $workload.podSpec.containers "gluetun" $glue.container -}} + {{- end -}} + + {{/* Mount secrets */}} + {{- range $secName, $secValues := $glue.secret -}} + {{- $secretName := printf "gluetun-%s" $secName -}} + {{- if not $secValues.basePath -}} + {{- fail (printf "Gluetun - Secret [%s] does not have basePath") -}} + {{- end -}} + {{- $_ := set $secValues "enabled" true -}} + {{- $_ := set $.Values.secret $secretName $secValues -}} + + {{- $persistence := (dict + "enabled" true "type" "secret" "objectName" $secretName "targetSelector" dict "items" list + ) -}} + {{- if $secValues.defaultMode -}} + {{- $_ := set $persistence "defaultMode" $secValues.defaultMode -}} + {{- end -}} + + {{- range $key, $val := $secValues.data -}} + {{- $item := (dict "key" $key "path" $key) -}} + {{- $_ := set $persistence "items" (mustAppend $persistence.items $item) -}} + {{- end -}} + + {{- $selectorValue := (dict "gluetun" (dict "mountPath" $secValues.basePath)) -}} + {{- range $targetSelector -}} + {{- $_ := set $persistence.targetSelector . $selectorValue -}} + {{- end -}} + + {{- $_ := set $.Values.persistence $secretName $persistence -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/addons/_netshoot.tpl b/charts/baikal/baikal/charts/common/templates/addons/_netshoot.tpl new file mode 100644 index 0000000..d7b9e9c --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/addons/_netshoot.tpl @@ -0,0 +1,20 @@ +{{/* +Template to render code-server addon +It will include / inject the required templates based on the given values. +*/}} +{{- define "tc.v1.common.addon.netshoot" -}} + {{- $netshoot := $.Values.addons.netshoot -}} + {{- if $netshoot.enabled -}} + {{- $targetSelector := list "main" -}} + {{- if $netshoot.targetSelector -}} + {{- $targetSelector = $netshoot.targetSelector -}} + {{- end -}} + + {{- range $targetSelector -}} + {{/* Append the code-server container to the workloads */}} + {{- $workload := get $.Values.workload . -}} + {{- $_ := set $workload.podSpec.containers "netshoot" $.Values.addons.netshoot.container -}} + {{- end -}} + + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/addons/_tailscale.tpl b/charts/baikal/baikal/charts/common/templates/addons/_tailscale.tpl new file mode 100644 index 0000000..e3d5e5e --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/addons/_tailscale.tpl @@ -0,0 +1,56 @@ +{{/* +Template to render VPN addon +It will include / inject the required templates based on the given values. +*/}} +{{- define "tc.v1.common.addon.tailscale" -}} + {{- $ts := $.Values.addons.tailscale -}} + {{- if $ts.enabled -}} + {{- $secContext := dict -}} + {{- $_ := set $secContext "runAsUser" 0 -}} + {{- $_ := set $secContext "runAsGroup" 0 -}} + {{- $_ := set $secContext "runAsNonRoot" true -}} + {{- $_ := set $secContext "readOnlyRootFilesystem" false -}} + + {{- if and $ts.container.env ($ts.container.env.TS_USERSPACE) -}} + {{- $_ := set $secContext "runAsUser" 1000 -}} + {{- $_ := set $secContext "runAsGroup" 1000 -}} + {{- $_ := set $secContext "runAsNonRoot" false -}} + {{- $_ := set $secContext "readOnlyRootFilesystem" true -}} + {{- end -}} + + {{- $newSecContext := $ts.container.securityContext -}} + {{- $newSecContext = mustMergeOverwrite $newSecContext $secContext -}} + {{- $_ := set $ts.container "securityContext" $newSecContext -}} + + {{- $targetSelector := list "main" -}} + {{- if $ts.targetSelector -}} + {{- $targetSelector = $ts.targetSelector -}} + {{- end -}} + + {{/* Append the vpn container to the workloads */}} + {{- range $targetSelector -}} + {{/* FIXME: https://github.com/tailscale/tailscale/issues/8188 */}} + {{- $workload := get $.Values.workload . -}} + {{- $_ := set $workload.podSpec "automountServiceAccountToken" true -}} + {{- $_ := set $workload.podSpec.containers "tailscale" $ts.container -}} + {{- end -}} + + {{- $persistence := $.Values.persistence.tailscalestate | default dict -}} + {{- $_ := set $persistence "enabled" true -}} + {{- if not $persistence.type -}} + {{- $_ := set $persistence "type" "emptyDir" -}} + {{- end -}} + {{- if not $persistence.targetSelector -}} + {{- $_ := set $persistence "targetSelector" dict -}} + {{- end -}} + + {{- $selectorValue := (dict "tailscale" (dict "mountPath" "/var/lib/tailscale")) -}} + {{- range $targetSelector -}} + {{- $_ := set $persistence.targetSelector . $selectorValue -}} + {{- end -}} + + {{/* Append the empty dir tailscale to the persistence */}} + {{- $_ := set $.Values.persistence "tailscalestate" $persistence -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_configmap.tpl b/charts/baikal/baikal/charts/common/templates/class/_configmap.tpl new file mode 100644 index 0000000..0d40e1d --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_configmap.tpl @@ -0,0 +1,37 @@ +{{/* Configmap Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.configmap" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the configmap. + labels: The labels of the configmap. + annotations: The annotations of the configmap. + data: The data of the configmap. + namespace: The namespace of the configmap. (Optional) +*/}} + +{{- define "tc.v1.common.class.configmap" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Configmap") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +data: + {{- tpl (toYaml $objectData.data) $rootCtx | nindent 2 }} + {{/* This comment is here to add a new line */}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_cronjob.tpl b/charts/baikal/baikal/charts/common/templates/class/_cronjob.tpl new file mode 100644 index 0000000..b7b92af --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_cronjob.tpl @@ -0,0 +1,52 @@ +{{/* CronJob Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.cronjob" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: The object data to be used to render the CronJob. +*/}} + +{{- define "tc.v1.common.class.cronjob" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- include "tc.v1.common.lib.workload.cronjobValidation" (dict "objectData" $objectData) }} +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "CronJob") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + {{- include "tc.v1.common.lib.workload.cronjobSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }} + template: + metadata: + {{- $labels := (mustMerge ($objectData.podSpec.labels | default dict) + (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml) + (include "tc.v1.common.lib.metadata.podLabels" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml) + (include "tc.v1.common.lib.metadata.volumeLabels" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml) + (include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 12 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict) + (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml) + (include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 12 }} + {{- end }} + spec: + {{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 10 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_daemonset.tpl b/charts/baikal/baikal/charts/common/templates/class/_daemonset.tpl new file mode 100644 index 0000000..f896b45 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_daemonset.tpl @@ -0,0 +1,54 @@ +{{/* DaemonSet Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.deployment" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: The object data to be used to render the DaemonSet. +*/}} + +{{- define "tc.v1.common.class.daemonset" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- include "tc.v1.common.lib.workload.daemonsetValidation" (dict "objectData" $objectData) }} +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "DaemonSet") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + {{- include "tc.v1.common.lib.workload.daemonsetSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }} + selector: + matchLabels: + {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | trim | nindent 6 }} + template: + metadata: + {{- $labels := (mustMerge ($objectData.podSpec.labels | default dict) + (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml) + (include "tc.v1.common.lib.metadata.podLabels" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml) + (include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 8 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict) + (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml) + (include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 8 }} + {{- end }} + spec: + {{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_deployment.tpl b/charts/baikal/baikal/charts/common/templates/class/_deployment.tpl new file mode 100644 index 0000000..2e65409 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_deployment.tpl @@ -0,0 +1,55 @@ +{{/* Deployment Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.deployment" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Deployment. +*/}} + +{{- define "tc.v1.common.class.deployment" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- include "tc.v1.common.lib.workload.deploymentValidation" (dict "objectData" $objectData) }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Deployment") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + {{- include "tc.v1.common.lib.workload.deploymentSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }} + selector: + matchLabels: + {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | trim | nindent 6 }} + template: + metadata: + {{- $labels := (mustMerge ($objectData.podSpec.labels | default dict) + (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml) + (include "tc.v1.common.lib.metadata.podLabels" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml) + (include "tc.v1.common.lib.metadata.volumeLabels" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml) + (include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 8 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict) + (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml) + (include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 8 }} + {{- end }} + spec: + {{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_endpoint.tpl b/charts/baikal/baikal/charts/common/templates/class/_endpoint.tpl new file mode 100644 index 0000000..29862e9 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_endpoint.tpl @@ -0,0 +1,33 @@ +{{/* Endpoint Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.endpoint" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: The service data, that will be used to render the Service object. +*/}} + +{{- define "tc.v1.common.class.endpoint" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Endpoint") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +subsets: + - addresses: + {{- include "tc.v1.common.lib.endpoint.addresses" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }} + ports: + {{- include "tc.v1.common.lib.endpoint.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_endpointSlice.tpl b/charts/baikal/baikal/charts/common/templates/class/_endpointSlice.tpl new file mode 100644 index 0000000..a2f2362 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_endpointSlice.tpl @@ -0,0 +1,45 @@ +{{/* EndpointSlice Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.endpointSlice" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: The service data, that will be used to render the Service object. +*/}} + +{{- define "tc.v1.common.class.endpointSlice" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $addressType := $objectData.addressType | default "IPv4" -}} + {{- if $objectData.addressType -}} + {{- $addressType = tpl $addressType $rootCtx -}} + {{- $validTypes := (list "IPv4" "IPv6" "FQDN") -}} + {{- if not (mustHas $addressType $validTypes) -}} + {{- fail (printf "EndpointSlice - Expected [addressType] to be one of [%s], but got [%s]" (join ", " $validTypes) $addressType) -}} + {{- end -}} + {{- end }} + +--- +apiVersion: discovery.k8s.io/v1 +kind: EndpointSlice +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Endpoint Slice") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- $_ := set $labels "kubernetes.io/service-name" $objectData.name -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +addressType: {{ $addressType }} +ports: +{{- include "tc.v1.common.lib.endpointslice.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }} +endpoints: +{{- include "tc.v1.common.lib.endpointslice.endpoints" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_horizontalPodAutoscaler.tpl b/charts/baikal/baikal/charts/common/templates/class/_horizontalPodAutoscaler.tpl new file mode 100644 index 0000000..4f6b635 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_horizontalPodAutoscaler.tpl @@ -0,0 +1,192 @@ +{{/* +This template serves as a blueprint for horizontal pod autoscaler objects that are created +using the common library. +*/}} +{{- define "tc.v1.common.class.hpa" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "VPA") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: {{ $objectData.workload.type }} + name: {{ $objectData.name }} + minReplicas: {{ $objectData.minReplicas }} + maxReplicas: {{ $objectData.maxReplicas }} + {{- if $objectData.metrics }} + metrics: + {{- include "tc.v1.common.class.hpa.metrics" (dict "objectData" $objectData "rootCtx" $rootCtx) | nindent 4 }} + {{- end -}} + {{- if $objectData.behavior }} + behavior: + {{- if $objectData.behavior.scaleUp }} + scaleUp: + {{- include "tc.v1.common.class.hpa.behavior" (dict "objectData" $objectData "rootCtx" $rootCtx "mode" "up") | nindent 4 }} + {{- end -}} + {{- if $objectData.behavior.scaleDown }} + scaleDown: + {{- include "tc.v1.common.class.hpa.behavior" (dict "objectData" $objectData "rootCtx" $rootCtx "mode" "down") | nindent 4 }} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.class.hpa.behavior" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $mode := .mode -}} + + {{- $key := ternary "scaleUp" "scaleDown" (eq $mode "up") -}} + {{- $behavior := get $objectData.behavior $key -}} + + {{- $defaultStabilizationWindowSeconds := ternary 0 300 (eq $mode "up") }} + selectPolicy: {{ $behavior.selectPolicy | default "Max" }} + stabilizationWindowSeconds: {{ $behavior.stabilizationWindowSeconds | default $defaultStabilizationWindowSeconds }} + {{- if $behavior.policies }} + policies: + {{- range $idx, $policy := $behavior.policies }} + - type: {{ $policy.type }} + value: {{ $policy.value }} + periodSeconds: {{ $policy.periodSeconds }} + {{- end }} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.class.hpa.metrics" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- range $idx, $metric := $objectData.metrics }} + {{- if eq $metric.type "Resource" }} + {{- include "tc.v1.common.class.hpa.metrics.resource" (dict "objectData" $objectData "rootCtx" $rootCtx "metric" $metric) | nindent 6 }} + {{- else if eq $metric.type "ContainerResource" }} + {{- include "tc.v1.common.class.hpa.metrics.containerResource" (dict "objectData" $objectData "rootCtx" $rootCtx "metric" $metric) | nindent 6 }} + {{- else if eq $metric.type "Pods" }} + {{- include "tc.v1.common.class.hpa.metrics.pods" (dict "objectData" $objectData "rootCtx" $rootCtx "metric" $metric) | nindent 6 }} + {{- else if eq $metric.type "Object" }} + {{- include "tc.v1.common.class.hpa.metrics.object" (dict "objectData" $objectData "rootCtx" $rootCtx "metric" $metric) | nindent 6 }} + {{- else if eq $metric.type "External" }} + {{- include "tc.v1.common.class.hpa.metrics.external" (dict "objectData" $objectData "rootCtx" $rootCtx "metric" $metric) | nindent 6 }} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.class.hpa.metrics.resource" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx }} + - type: Resource + resource: + name: {{ .metric.resource.name }} + target: + type: {{ .metric.resource.target.type }} + {{- if eq .metric.resource.target.type "AverageValue" }} + averageValue: {{ .metric.resource.target.averageValue | quote }} + {{- else if eq .metric.resource.target.type "Utilization" }} + averageUtilization: {{ .metric.resource.target.averageUtilization }} + {{- end -}} + {{- with .metric.resource.target.value }} + value: {{ . | quote }} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.class.hpa.metrics.containerResource" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx }} + - type: ContainerResource + containerResource: + name: {{ .metric.containerResource.name }} + container: {{ .metric.containerResource.container}} + target: + type: {{ .metric.containerResource.target.type }} + {{- if eq .metric.containerResource.target.type "AverageValue" }} + averageValue: {{ .metric.containerResource.target.averageValue | quote }} + {{- else if eq .metric.containerResource.target.type "Utilization" }} + averageUtilization: {{ .metric.containerResource.target.averageUtilization }} + {{- end -}} + {{- with .metric.containerResource.target.value }} + value: {{ . | quote }} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.class.hpa.metrics.pods" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx }} + - type: Pods + pods: + target: + type: AverageValue + averageValue: {{ .metric.pods.target.averageValue | quote }} + metric: + name: {{ .metric.pods.metric.name }} + {{- if .metric.pods.metric.selector }} + selector: + matchLabels: + {{- range $key, $value := .metric.pods.metric.selector.matchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.class.hpa.metrics.object" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx }} + - type: Object + object: + target: + type: {{ .metric.object.target.type }} + {{- if eq .metric.object.target.type "Value" }} + value: {{ .metric.object.target.value | quote }} + {{- else if eq .metric.object.target.type "AverageValue" }} + averageValue: {{ .metric.object.target.averageValue | quote }} + {{- end }} + describedObject: + apiVersion: {{ .metric.object.describedObject.apiVersion }} + kind: {{ .metric.object.describedObject.kind }} + name: {{ .metric.object.describedObject.name }} + metric: + name: {{ .metric.object.metric.name }} + {{- if .metric.object.metric.selector }} + selector: + matchLabels: + {{- range $key, $value := .metric.object.metric.selector.matchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.class.hpa.metrics.external" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx }} + - type: External + external: + metric: + name: {{ .metric.external.metric.name }} + {{- if .metric.external.metric.selector }} + selector: + matchLabels: + {{- range $key, $value := .metric.external.metric.selector.matchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end -}} + {{- end }} + target: + type: {{ .metric.external.target.type }} + {{- if eq .metric.external.target.type "Value" }} + value: {{ .metric.external.target.value | quote }} + {{- else if eq .metric.external.target.type "AverageValue" }} + averageValue: {{ .metric.external.target.averageValue | quote }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_ingress.tpl b/charts/baikal/baikal/charts/common/templates/class/_ingress.tpl new file mode 100644 index 0000000..14c730e --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_ingress.tpl @@ -0,0 +1,121 @@ +{{/* Ingress Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.ingress" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Ingress. +*/}} + +{{- define "tc.v1.common.class.ingress" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $svcData := (include "tc.v1.common.lib.ingress.targetSelector" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml) -}} + {{- $_ := set $objectData "selectedService" $svcData -}} + + {{- if not (hasKey $objectData "integrations") -}} + {{- $_ := set $objectData "integrations" dict -}} + {{- end -}} + {{- if not (hasKey $objectData "annotations") -}} + {{- $_ := set $objectData "annotations" dict -}} + {{- end -}} + + {{- $ingressClassName := "" -}} + {{- if $objectData.ingressClassName -}} + {{- $ingressClassName = (tpl $objectData.ingressClassName $rootCtx) -}} + {{- end -}} + + {{- range $h := $objectData.hosts -}} + {{- $_ := set $h "host" (tpl $h.host $rootCtx) -}} + + {{- if not $h.paths -}} {{/* If no paths given, default to "/" */}} + {{- $_ := set $h "paths" (list (dict "path" "/")) -}} + {{- end -}} + + {{- range $p := $h.paths -}} + {{- $_ := set $p "path" (tpl ($p.path | default "/") $rootCtx) -}} + {{- $_ := set $p "pathType" (tpl ($p.pathType | default "Prefix") $rootCtx) -}} + {{- end -}} + {{- end -}} + + {{/* + When Stop All is set, force ingressClass "stopped" + to yeet ingress from the ingressController + */}} + {{- if (include "tc.v1.common.lib.util.stopAll" $rootCtx) -}} + {{- $ingressClassName = "tc-stopped" -}} + {{- end -}} + + {{- include "tc.v1.common.lib.ingress.integration.certManager" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} + {{- include "tc.v1.common.lib.ingress.integration.traefik" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} + {{- include "tc.v1.common.lib.ingress.integration.nginx" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} + {{- if ne $ingressClassName "tc-stopped" -}}{{/* If is stopped, dont render homepage annotations */}} + {{- include "tc.v1.common.lib.ingress.integration.homepage" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} + {{- end }} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Ingress") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + annotations: + checksum/secrets: {{ toJson $rootCtx.Values.secret | sha256sum }} + checksum/services: {{ toJson $rootCtx.Values.service | sha256sum }} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + {{- . | nindent 4 }} + {{- end }} +spec: + ingressClassName: {{ $ingressClassName | default nil }} + rules: + {{- range $h := $objectData.hosts }} + - host: {{ $h.host | quote }} + http: + paths: + {{- range $p := $h.paths -}} + {{- $newSvcData := (include "tc.v1.common.lib.ingress.backend.data" (dict + "rootCtx" $rootCtx "svcData" $svcData "override" $p.overrideService)) | fromYaml + }} + - path: {{ $p.path }} + pathType: {{ $p.pathType }} + backend: + service: + name: {{ $newSvcData.name }} + port: + number: {{ $newSvcData.port }} + {{- end -}} + {{- end -}} + {{/* If a certificateIssuer is defined in the whole ingress, use that */}} + {{- if and $objectData.integrations.certManager $objectData.integrations.certManager.enabled }} + tls: + {{- range $idx, $h := $objectData.hosts }} + - secretName: {{ printf "%s-tls-%d" $objectData.name ($idx | int) }} + hosts: + - {{ (tpl $h.host $rootCtx) | quote }} + {{- end -}} + {{/* else if a tls section is defined use the configuration from there */}} + {{- else if $objectData.tls }} + tls: + {{- range $idx, $t := $objectData.tls -}} + {{- $secretName := "" -}} + {{- if $t.secretName -}} + {{- $secretName = tpl $t.secretName $rootCtx -}} + {{- else if $t.certificateIssuer -}} + {{- $secretName = printf "%s-tls-%d" $objectData.name ($idx | int) -}} + {{- else if $t.clusterCertificate -}} + {{- $secretName = printf "certificate-issuer-%s" (tpl $t.clusterCertificate $rootCtx) -}} + {{- end }} + - secretName: {{ $secretName }} + hosts: + {{- range $h := $t.hosts }} + - {{ (tpl $h $rootCtx) | quote }} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_job.tpl b/charts/baikal/baikal/charts/common/templates/class/_job.tpl new file mode 100644 index 0000000..a3e4e9a --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_job.tpl @@ -0,0 +1,52 @@ +{{/* Job Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.job" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Job. +*/}} + +{{- define "tc.v1.common.class.job" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- include "tc.v1.common.lib.workload.jobValidation" (dict "objectData" $objectData) }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Job") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + {{- include "tc.v1.common.lib.workload.jobSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }} + template: + metadata: + {{- $labels := (mustMerge ($objectData.podSpec.labels | default dict) + (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml) + (include "tc.v1.common.lib.metadata.podLabels" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml) + (include "tc.v1.common.lib.metadata.volumeLabels" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml) + (include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 8 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict) + (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml) + (include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 8 }} + {{- end }} + spec: + {{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_mutatingWebhookConfiguration.tpl b/charts/baikal/baikal/charts/common/templates/class/_mutatingWebhookConfiguration.tpl new file mode 100644 index 0000000..2bcd6b9 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_mutatingWebhookConfiguration.tpl @@ -0,0 +1,38 @@ +{{/* MutatingWebhookConfiguration Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.mutatingWebhookConfiguration" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the MutatingWebhookConfiguration. + labels: The labels of the MutatingWebhookConfiguration. + annotations: The annotations of the MutatingWebhookConfiguration. + data: The data of the MutatingWebhookConfiguration. + namespace: The namespace of the MutatingWebhookConfiguration. (Optional) +*/}} + +{{- define "tc.v1.common.class.mutatingWebhookConfiguration" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Webhook") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +webhooks: + {{- range $webhook := $objectData.webhooks -}} + {{- include "tc.v1.common.lib.webhook" (dict "webhook" $webhook "rootCtx" $rootCtx) | trim | nindent 4 }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_networkAttachmentDefinition.tpl b/charts/baikal/baikal/charts/common/templates/class/_networkAttachmentDefinition.tpl new file mode 100644 index 0000000..1c0364d --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_networkAttachmentDefinition.tpl @@ -0,0 +1,35 @@ +{{/* Network Attachment Definition Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.networkAttachmentDefinition" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the Network Attachment Definition. + labels: The labels of the Network Attachment Definition. + annotations: The annotations of the Network Attachment Definition. + config: The config of the interface +*/}} + +{{- define "tc.v1.common.class.networkAttachmentDefinition" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} +--- +apiVersion: k8s.cni.cncf.io/v1 +kind: NetworkAttachmentDefinition +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Network Attachment Definition") }} + {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml) | default dict -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml) | default dict -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + config: {{ $objectData.config | squote }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_networkPolicy.tpl b/charts/baikal/baikal/charts/common/templates/class/_networkPolicy.tpl new file mode 100644 index 0000000..735ea2b --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_networkPolicy.tpl @@ -0,0 +1,185 @@ +{{/* +Blueprint for the NetworkPolicy object +*/}} +{{- define "tc.v1.common.class.networkpolicy" -}} + {{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}} + {{- $networkPolicyName := $fullName -}} + {{- $values := .Values.networkPolicy -}} + + {{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.networkPolicy -}} + {{- $values = . -}} + {{- end -}} + {{- end -}} + {{- $networkpolicyLabels := $values.labels -}} + {{- $networkpolicyAnnotations := $values.annotations -}} + + {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} + {{- $networkPolicyName = printf "%v-%v" $networkPolicyName $values.nameOverride -}} + {{- end }} +--- +kind: NetworkPolicy +apiVersion: {{ include "tc.v1.common.capabilities.networkpolicy.apiVersion" $ }} +metadata: + name: {{ $networkPolicyName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} + {{- $labels := (mustMerge ($networkpolicyLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($networkpolicyAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + podSelector: + {{- if $values.podSelector }} + {{- tpl (toYaml $values.podSelector) $ | nindent 4 }} + {{- else if $values.targetSelector }} + {{- $objectData := dict "targetSelector" $values.targetSelector }} + {{- $selectedPod := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $ "objectData" $objectData)) }} + {{- $selectedPodName := $selectedPod.shortName }} + matchLabels: + {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "pod" "objectName" $selectedPodName) | indent 8 }} + {{- else }} + matchLabels: + {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "" "objectName" "") | indent 8 }} + {{- end }} + + {{- if $values.policyType }} + {{- if eq $values.policyType "ingress" }} + policyTypes: ["Ingress"] + {{- else if eq $values.policyType "egress" }} + policyTypes: ["Egress"] + + {{- else if eq $values.policyType "ingress-egress" }} + policyTypes: ["Ingress", "Egress"] + {{- end -}} + {{- end -}} + + {{- if $values.egress }} + egress: + {{- range $values.egress }} + - to: + {{- range .to -}} + {{- $nss := false -}} + {{- $ipb := false -}} + {{- if .ipBlock -}} + {{- if .ipBlock.cidr -}} + {{- $ipb = true }} + - ipBlock: + cidr: {{ .ipBlock.cidr }} + {{- if .ipBlock.except }} + except: + {{- range .ipBlock.except }} + - {{ . }} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if and ( .namespaceSelector ) ( not $ipb ) -}} + {{- if or ( .namespaceSelector.matchLabels ) ( .namespaceSelector.matchExpressions ) -}} + {{- $nss = true }} + - namespaceSelector: + {{- if .namespaceSelector.matchLabels }} + matchLabels: + {{- .namespaceSelector.matchLabels | toYaml | nindent 12 }} + {{- end -}} + {{- if .namespaceSelector.matchExpressions }} + matchExpressions: + {{- .namespaceSelector.matchExpressions | toYaml | nindent 12 }} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if and ( .podSelector ) ( not $ipb ) -}} + {{- if or ( .podSelector.matchLabels ) ( .podSelector.matchExpressions ) -}} + {{- if $nss }} + podSelector: + {{- else }} + - podSelector: + {{- end -}} + {{- if .podSelector.matchLabels }} + matchLabels: + {{- .podSelector.matchLabels | toYaml | nindent 12 }} + {{- end -}} + {{- if .podSelector.matchExpressions }} + matchExpressions: + {{- .podSelector.matchExpressions | toYaml | nindent 12 }} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- with .ports }} + ports: + {{- . | toYaml | nindent 6 }} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if $values.ingress }} + ingress: + {{- range $values.ingress }} + - from: + {{- range .from -}} + {{- $nss := false -}} + {{- $ipb := false -}} + {{- if .ipBlock -}} + {{- if .ipBlock.cidr -}} + {{- $ipb = true }} + - ipBlock: + cidr: {{ .ipBlock.cidr }} + {{- if .ipBlock.except }} + except: + {{- range .ipBlock.except }} + - {{ . }} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if and ( .namespaceSelector ) ( not $ipb ) -}} + {{- if or ( .namespaceSelector.matchLabels ) ( .namespaceSelector.matchExpressions ) -}} + {{- $nss = true }} + - namespaceSelector: + {{- if .namespaceSelector.matchLabels }} + matchLabels: + {{- .namespaceSelector.matchLabels | toYaml | nindent 12 }} + {{- end -}} + {{- if .namespaceSelector.matchExpressions }} + matchExpressions: + {{- .namespaceSelector.matchExpressions | toYaml | nindent 12 }} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if and ( .podSelector ) ( not $ipb ) -}} + {{- if or ( .podSelector.matchLabels ) ( .podSelector.matchExpressions ) -}} + {{- if $nss }} + podSelector: + {{- else }} + - podSelector: + {{- end }} + {{- if .podSelector.matchLabels }} + matchLabels: + {{- .podSelector.matchLabels | toYaml | nindent 12 }} + {{- end -}} + {{- if .podSelector.matchExpressions }} + matchExpressions: + {{- .podSelector.matchExpressions | toYaml | nindent 12 }} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- with .ports }} + ports: + {{- . | toYaml | nindent 6 }} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_persistentVolume.tpl b/charts/baikal/baikal/charts/common/templates/class/_persistentVolume.tpl new file mode 100644 index 0000000..2305eb7 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_persistentVolume.tpl @@ -0,0 +1,75 @@ +{{/* PersistentVolume Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.pv" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the PV. + labels: The labels of the PV. + annotations: The annotations of the PV. + provisioner: The provisioner to use for the PersistentVolume. + driver: The driver to use for the csi + retain: Whether to retain the PV after deletion. (Default: false) + size: The size of the PersistentVolume. (Default: 1Gi) +*/}} + +{{- define "tc.v1.common.class.pv" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $retain := $rootCtx.Values.global.fallbackDefaults.pvcRetain -}} + {{- if not (kindIs "invalid" $objectData.retain) -}} + {{- $retain = $objectData.retain -}} + {{- end -}} + + {{- $reclaimPolicy := ternary "Retain" "Delete" $retain -}} + + {{- $pvcSize := $rootCtx.Values.global.fallbackDefaults.pvcSize -}} + {{- with $objectData.size -}} + {{- $pvcSize = tpl . $rootCtx -}} + {{- end }} +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ $objectData.name }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- if $retain -}} + {{- $_ := set $annotations "\"helm.sh/resource-policy\"" "keep" -}} + {{- end -}} + {{- $_ := set $annotations "pv.kubernetes.io/provisioned-by" $objectData.provisioner -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + capacity: + storage: {{ $pvcSize }} + persistentVolumeReclaimPolicy: {{ $reclaimPolicy }} + storageClassName: {{ $objectData.name }} + accessModes: + {{- include "tc.v1.common.lib.pvc.accessModes" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Persistent Volume") | trim | nindent 4 -}} + {{- if $objectData.mountOptions }} + mountOptions: + {{- range $opt := $objectData.mountOptions -}} + {{- if $opt.value }} + - {{ printf "%s=%s" (tpl $opt.key $rootCtx) (tpl (include "tc.v1.common.helper.makeIntOrNoop" $opt.value) $rootCtx) }} + {{- else }} + - {{ tpl $opt.key $rootCtx }} + {{- end -}} + {{- end -}} + {{- end -}} + {{- if $objectData.static -}} + {{- if eq "smb" $objectData.static.mode -}} + {{- include "tc.v1.common.lib.storage.smbCSI" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}} + {{- else if eq "nfs" $objectData.static.mode -}} + {{- include "tc.v1.common.lib.storage.nfsCSI" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_podDisruptionBudget.tpl b/charts/baikal/baikal/charts/common/templates/class/_podDisruptionBudget.tpl new file mode 100644 index 0000000..35799b1 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_podDisruptionBudget.tpl @@ -0,0 +1,54 @@ +{{/* poddisruptionbudget Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.podDisruptionBudget" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the podDisruptionBudget. + labels: The labels of the podDisruptionBudget. + annotations: The annotations of the podDisruptionBudget. + data: The data of the podDisruptionBudget. + namespace: The namespace of the podDisruptionBudget. (Optional) +*/}} + +{{- define "tc.v1.common.class.podDisruptionBudget" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Pod Disruption Budget") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- if $objectData.customLabels -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $objectData.customLabels) | trim) }} + {{- . | nindent 6 }} + {{- end -}} + {{- else -}} + {{- $selectedPod := fromJson (include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Pod Disruption Budget")) }} + {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $selectedPod.shortName) | nindent 6 }} + {{- end -}} + {{- if hasKey $objectData "minAvailable" }} + minAvailable: {{ tpl (toString $objectData.minAvailable) $rootCtx }} + {{- end -}} + {{- if hasKey $objectData "maxUnavailable" }} + maxUnavailable: {{ tpl (toString $objectData.maxUnavailable) $rootCtx }} + {{- end -}} + {{- with $objectData.unhealthyPodEvictionPolicy }} + unhealthyPodEvictionPolicy: {{ tpl . $rootCtx }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_priorityClass.tpl b/charts/baikal/baikal/charts/common/templates/class/_priorityClass.tpl new file mode 100644 index 0000000..3b4b845 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_priorityClass.tpl @@ -0,0 +1,40 @@ +{{/* priorityclass Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.priorityclass" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the priorityclass. + labels: The labels of the priorityclass. + annotations: The annotations of the priorityclass. +*/}} + +{{- define "tc.v1.common.class.priorityclass" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $globalDefault := false -}} + {{- if not (kindIs "invalid" $objectData.globalDefault) -}} + {{- $globalDefault = $objectData.globalDefault -}} + {{- end }} +--- +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Priority Class") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +value: {{ $objectData.value | default 1000000 }} +preemptionPolicy: {{ $objectData.preemptionPolicy | default "PreemptLowerPriority" }} +globalDefault: {{ $globalDefault }} +description: {{ $objectData.description | default "No description given" }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_pvc.tpl b/charts/baikal/baikal/charts/common/templates/class/_pvc.tpl new file mode 100644 index 0000000..d161125 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_pvc.tpl @@ -0,0 +1,51 @@ +{{/* PersistentVolumeClaim Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.pvc" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the PVC. + labels: The labels of the PVC. + annotations: The annotations of the PVC. + size: The size of the PVC. (Default: 1Gi) + volumeName: The name of the volume to bind to. (Default: "") + retain: Whether to retain the PVC after deletion. (Default: false) + storageClass: The storage class to use. (Absent) +*/}} + +{{- define "tc.v1.common.class.pvc" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $pvcRetain := $rootCtx.Values.global.fallbackDefaults.pvcRetain -}} + {{- if (kindIs "bool" $objectData.retain) -}} + {{- $pvcRetain = $objectData.retain -}} + {{- end -}} + + {{- $pvcSize := $rootCtx.Values.global.fallbackDefaults.pvcSize -}} + {{- with $objectData.size -}} + {{- $pvcSize = tpl . $rootCtx -}} + {{- end }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Persistent Volume Claim") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- if $pvcRetain -}} + {{- $_ := set $annotations "\"helm.sh/resource-policy\"" "keep" -}} + {{- end -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + {{- include "tc.v1.common.lib.storage.pvc.spec" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_rbac.tpl b/charts/baikal/baikal/charts/common/templates/class/_rbac.tpl new file mode 100644 index 0000000..d5f94a7 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_rbac.tpl @@ -0,0 +1,64 @@ +{{/* RBAC Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.rbac" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the rbac. + labels: The labels of the rbac. + annotations: The annotations of the rbac. + clusterWide: Whether the rbac is cluster wide or not. + rules: The rules of the rbac. + subjects: The subjects of the rbac. +*/}} + +{{- define "tc.v1.common.class.rbac" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ ternary "ClusterRole" "Role" $objectData.clusterWide }} +metadata: + name: {{ $objectData.name }} + {{- if not $objectData.clusterWide }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "RBAC") }} + {{- end }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +rules: + {{- include "tc.v1.common.lib.rbac.rules" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ ternary "ClusterRoleBinding" "RoleBinding" $objectData.clusterWide }} +metadata: + name: {{ $objectData.name }} + {{- if not $objectData.clusterWide }} + namespace: {{ $rootCtx.Release.Namespace }} + {{- end }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ ternary "ClusterRole" "Role" $objectData.clusterWide }} + name: {{ $objectData.name }} +subjects: + {{- include "tc.v1.common.lib.rbac.serviceAccount" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }} + {{- include "tc.v1.common.lib.rbac.subjects" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_route.tpl b/charts/baikal/baikal/charts/common/templates/class/_route.tpl new file mode 100644 index 0000000..7c2ef74 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_route.tpl @@ -0,0 +1,87 @@ +{{/* +This template serves as a blueprint for all Route objects that are created +within the common library. +*/}} +{{- define "tc.v1.common.class.route" -}} +{{- $values := .Values.route -}} +{{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.route -}} + {{- $values = . -}} + {{- end -}} +{{- end -}} + + {{- $routeLabels := $values.labels -}} + {{- $routeAnnotations := $values.annotations -}} + +{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}} +{{- if and (hasKey $values "nameOverride") $values.nameOverride -}} + {{- $fullName = printf "%v-%v" $fullName $values.nameOverride -}} +{{- end -}} +{{- $routeKind := $values.kind | default "HTTPRoute" -}} + +{{/* Get the name of the primary service, if any */}} +{{- $primaryServiceName := (include "tc.v1.common.lib.util.service.primary" (dict "rootCtx" $)) -}} +{{/* Get service values of the primary service, if any */}} +{{- $primaryService := get $.Values.service $primaryServiceName -}} +{{- $defaultServiceName := $fullName -}} + +{{- if and (hasKey $primaryService "nameOverride") $primaryService.nameOverride -}} + {{- $defaultServiceName = printf "%v-%v" $defaultServiceName $primaryService.nameOverride -}} +{{- end -}} +{{- $defaultServicePort := get $primaryService.ports (include "tc.v1.common.lib.util.service.ports.primary" (dict "svcValues" $primaryService "rootCtx" $)) }} + +--- +apiVersion: gateway.networking.k8s.io/v1alpha2 +{{- if and (ne $routeKind "GRPCRoute") (ne $routeKind "HTTPRoute") (ne $routeKind "TCPRoute") (ne $routeKind "TLSRoute") (ne $routeKind "UDPRoute") -}} + {{- fail (printf "Not a valid route kind (%s)" $routeKind) -}} +{{- end }} +kind: {{ $routeKind }} +metadata: + name: {{ $fullName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} + {{- $labels := (mustMerge ($routeLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($routeAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }} + annotations: + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }} + {{- . | nindent 4 }} + {{- end }} +spec: + parentRefs: + {{- range $values.parentRefs }} + - group: {{ default "gateway.networking.k8s.io" .group }} + kind: {{ default "Gateway" .kind }} + name: {{ required (printf "parentRef name is required for %v %v" $routeKind $fullName) .name }} + namespace: {{ required (printf "parentRef namespace is required for %v %v" $routeKind $fullName) .namespace }} + {{- if .sectionName }} + sectionName: {{ .sectionName | quote }} + {{- end }} + {{- end }} + {{- if and (ne $routeKind "TCPRoute") (ne $routeKind "UDPRoute") $values.hostnames }} + hostnames: + {{- with $values.hostnames }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + rules: + {{- range $values.rules }} + - backendRefs: + {{- range .backendRefs }} + - group: {{ default "" .group | quote}} + kind: {{ default "Service" .kind }} + name: {{ default $defaultServiceName .name }} + namespace: {{ default $.Release.Namespace .namespace }} + port: {{ default $defaultServicePort.port .port }} + weight: {{ default 1 .weight }} + {{- end }} + {{- if (eq $routeKind "HTTPRoute") }} + {{- with .matches }} + matches: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/baikal/baikal/charts/common/templates/class/_secret.tpl b/charts/baikal/baikal/charts/common/templates/class/_secret.tpl new file mode 100644 index 0000000..14b2f2a --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_secret.tpl @@ -0,0 +1,58 @@ +{{/* Secret Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.secret" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the secret. + labels: The labels of the secret. + annotations: The annotations of the secret. + type: The type of the secret. + data: The data of the secret. + namespace: The namespace of the secret. (Optional) +*/}} + +{{- define "tc.v1.common.class.secret" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $secretType := "Opaque" -}} + + {{- if eq $objectData.type "certificate" -}} + {{- $secretType = "kubernetes.io/tls" -}} + {{- else if eq $objectData.type "imagePullSecret" -}} + {{- $secretType = "kubernetes.io/dockerconfigjson" -}} + {{- else if $objectData.type -}} + {{- $secretType = $objectData.type -}} + {{- end }} +--- +apiVersion: v1 +kind: Secret +type: {{ $secretType }} +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Secret") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end -}} + {{- if (mustHas $objectData.type (list "certificate" "imagePullSecret")) }} +data: + {{- if eq $objectData.type "certificate" }} + tls.crt: {{ $objectData.data.certificate | trim | b64enc }} + tls.key: {{ $objectData.data.privatekey | trim | b64enc }} + {{- else if eq $objectData.type "imagePullSecret" }} + .dockerconfigjson: {{ $objectData.data | trim | b64enc }} + {{- end -}} + {{- else }} +stringData: + {{- tpl (toYaml $objectData.data) $rootCtx | nindent 2 }} + {{/* This comment is here to add a new line */}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_service.tpl b/charts/baikal/baikal/charts/common/templates/class/_service.tpl new file mode 100644 index 0000000..0c08e8d --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_service.tpl @@ -0,0 +1,123 @@ +{{/* Service Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.service" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: The service data, that will be used to render the Service object. +*/}} + +{{- define "tc.v1.common.class.service" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $svcType := $objectData.type | default $rootCtx.Values.global.fallbackDefaults.serviceType -}} + {{- $_ := set $objectData "annotations" ($objectData.annotations | default dict) -}} + + {{/* Init variables */}} + {{- $hasHTTPSPort := false -}} + {{- $hasHostPort := false -}} + {{- $hostNetwork := false -}} + {{- $podValues := dict -}} + + {{- range $portName, $port := $objectData.ports -}} + {{- if $port.enabled -}} + {{- if eq (tpl ($port.protocol | default "") $rootCtx) "https" -}} + {{- $hasHTTPSPort = true -}} + {{- end -}} + + {{- if and (hasKey $port "hostPort") $port.hostPort -}} + {{- $hasHostPort = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $specialTypes := (list "ExternalName" "ExternalIP") -}} + {{/* External Name / External IP does not rely on any pod values */}} + {{- if not (mustHas $svcType $specialTypes) -}} + {{/* Get Pod Values based on the selector (or the absence of it) */}} + {{- $podValues = fromJson (include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service")) -}} + + {{- if $podValues -}} + {{/* Get Pod hostNetwork configuration */}} + {{- $hostNetwork = include "tc.v1.common.lib.pod.hostNetwork" (dict "rootCtx" $rootCtx "objectData" $podValues) -}} + {{/* When hostNetwork is set on the pod, force ClusterIP, so services wont try to bind the same ports on the host */}} + {{- if or (and (kindIs "bool" $hostNetwork) $hostNetwork) (and (kindIs "string" $hostNetwork) (eq $hostNetwork "true")) -}} + {{- $svcType = "ClusterIP" -}} + {{- end -}} + {{- end -}} + + {{/* When hostPort is defined, force ClusterIP aswell */}} + {{- if $hasHostPort -}} + {{- $svcType = "ClusterIP" -}} + {{- end -}} + {{- end -}} + + {{/* When Stop All is set, force ClusterIP as well */}} + {{- if (include "tc.v1.common.lib.util.stopAll" $rootCtx) -}} + {{- $svcType = "ClusterIP" -}} + {{- end -}} + {{- $_ := set $objectData "type" $svcType -}} + + {{- if eq $objectData.type "LoadBalancer" -}} + {{- include "tc.v1.common.lib.service.loadbalancer.validate" (dict "objectData" $objectData) -}} + {{- include "tc.v1.common.lib.service.integration.metallb" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} + {{- include "tc.v1.common.lib.service.integration.cilium" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} + {{- end -}} + {{- if $hasHTTPSPort -}} + {{- include "tc.v1.common.lib.service.integration.traefik" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml) + (include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "service" "objectName" $objectData.shortName) | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + {{- if eq $objectData.type "ClusterIP" -}} + {{- include "tc.v1.common.lib.service.spec.clusterIP" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}} + {{- else if eq $objectData.type "LoadBalancer" -}} + {{- include "tc.v1.common.lib.service.spec.loadBalancer" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}} + {{- else if eq $objectData.type "NodePort" -}} + {{- include "tc.v1.common.lib.service.spec.nodePort" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}} + {{- else if eq $objectData.type "ExternalName" -}} + {{- include "tc.v1.common.lib.service.spec.externalName" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}} + {{- else if eq $objectData.type "ExternalIP" -}} + {{- include "tc.v1.common.lib.service.spec.externalIP" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}} + {{- end -}} + {{- with (include "tc.v1.common.lib.service.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} + ports: + {{- . | nindent 4 }} + {{- end -}} + {{- if not (mustHas $objectData.type $specialTypes) }} + selector: + {{- if $objectData.selectorLabels }} + {{- tpl (toYaml $objectData.selectorLabels) $rootCtx | nindent 4 }} + {{- else }} + {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $podValues.shortName) | trim | nindent 4 -}} + {{- end }} + {{- end -}} + + {{- if eq $objectData.type "ExternalIP" -}} + {{- $useSlice := true -}} + {{- if kindIs "bool" $objectData.useSlice -}} + {{- $useSlice = $objectData.useSlice -}} + {{- end -}} + {{- if $useSlice -}} + {{- include "tc.v1.common.class.endpointSlice" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} + {{- else -}} + {{- include "tc.v1.common.class.endpoint" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_serviceAccount.tpl b/charts/baikal/baikal/charts/common/templates/class/_serviceAccount.tpl new file mode 100644 index 0000000..209bf0b --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_serviceAccount.tpl @@ -0,0 +1,34 @@ +{{/* Service Account Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.serviceAccount" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the serviceAccount. + labels: The labels of the serviceAccount. + annotations: The annotations of the serviceAccount. + autoMountToken: Whether to mount the ServiceAccount token or not. +*/}} + +{{- define "tc.v1.common.class.serviceAccount" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service Account") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ $objectData.automountServiceAccountToken | default false }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_statefulset.tpl b/charts/baikal/baikal/charts/common/templates/class/_statefulset.tpl new file mode 100644 index 0000000..8de6c39 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_statefulset.tpl @@ -0,0 +1,59 @@ +{{/* StatefulSet Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.deployment" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: The object data to be used to render the StatefulSet. +*/}} + +{{- define "tc.v1.common.class.statefulset" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- include "tc.v1.common.lib.workload.statefulsetValidation" (dict "objectData" $objectData) }} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "StatefulSet") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + {{- include "tc.v1.common.lib.workload.statefulsetSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 2 }} + selector: + matchLabels: + {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | trim | nindent 6 }} + template: + metadata: + {{- $labels := (mustMerge ($objectData.podSpec.labels | default dict) + (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml) + (include "tc.v1.common.lib.metadata.podLabels" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml) + (include "tc.v1.common.lib.metadata.volumeLabels" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml) + (include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 8 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.podSpec.annotations | default dict) + (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml) + (include "tc.v1.common.lib.metadata.podAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 8 }} + {{- end }} + spec: + {{- include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 6 }} + {{- with (include "tc.v1.common.lib.storage.volumeClaimTemplates" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} + volumeClaimTemplates: + {{- . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_storageClass.tpl b/charts/baikal/baikal/charts/common/templates/class/_storageClass.tpl new file mode 100644 index 0000000..f9002aa --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_storageClass.tpl @@ -0,0 +1,59 @@ +{{/* Configmap Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.storageclass" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the storageclass. + labels: The labels of the storageclass. + annotations: The annotations of the storageclass. +*/}} + +{{- define "tc.v1.common.class.storageclass" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $isDefaultClass := false -}} + {{- if (hasKey $objectData "isDefault") -}} + {{- $isDefaultClass = $objectData.isDefault -}} + {{- end -}} + + {{- $allowVolExpand := true -}} + {{- if not (kindIs "invalid" $objectData.allowVolumeExpansion) -}} + {{- $allowVolExpand = $objectData.allowVolumeExpansion -}} + {{- end }} +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: {{ $objectData.name }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- $_ := set $annotations "storageclass.kubernetes.io/is-default-class" ($isDefaultClass | toString) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +provisioner: {{ $objectData.provisioner }} +{{- with $objectData.parameters }} +parameters: {{/* TODO: */}} + {{- range $k, $v := . -}} + {{- $val := tpl $v $rootCtx }} + {{ $k }}: {{ include "tc.v1.common.helper.makeIntOrNoop" $val | quote }} + {{- end -}} +{{- end }} +reclaimPolicy: {{ $objectData.reclaimPolicy | default "Retain" }} +allowVolumeExpansion: {{ $allowVolExpand }} +{{- with $objectData.mountOptions }} +mountOptions: + {{- range $opt := . }} + - {{ tpl $opt $rootCtx }} + {{- end -}} +{{- end }} +volumeBindingMode: {{ $objectData.volumeBindingMode | default "Immediate" }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_validatingWebhookConfiguration.tpl b/charts/baikal/baikal/charts/common/templates/class/_validatingWebhookConfiguration.tpl new file mode 100644 index 0000000..f9f05d4 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_validatingWebhookConfiguration.tpl @@ -0,0 +1,38 @@ +{{/* ValidatingWebhookconfiguration Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.validatingWebhookconfiguration" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the validatingWebhookconfiguration. + labels: The labels of the validatingWebhookconfiguration. + annotations: The annotations of the validatingWebhookconfiguration. + data: The data of the validatingWebhookconfiguration. + namespace: The namespace of the validatingWebhookconfiguration. (Optional) +*/}} + +{{- define "tc.v1.common.class.validatingWebhookconfiguration" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Webhook") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +webhooks: + {{- range $webhook := $objectData.webhooks -}} + {{- include "tc.v1.common.lib.webhook" (dict "webhook" $webhook "rootCtx" $rootCtx) | trim | nindent 4 }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_verticalPodAutoscaler.tpl b/charts/baikal/baikal/charts/common/templates/class/_verticalPodAutoscaler.tpl new file mode 100644 index 0000000..fe4c6d4 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_verticalPodAutoscaler.tpl @@ -0,0 +1,77 @@ +{{/* +This template serves as a blueprint for vertical pod autoscaler objects that are created +using the common library. +*/}} +{{- define "tc.v1.common.class.vpa" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $_ := set $objectData "updatePolicy" ($objectData.updatePolicy | default dict) -}} + {{- $_ := set $objectData "resourcePolicy" ($objectData.resourcePolicy | default dict) }} +--- +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "VPA") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + targetRef: + apiVersion: apps/v1 + kind: {{ $objectData.workload.type }} + name: {{ $objectData.name }} + updatePolicy: + updateMode: {{ $objectData.updatePolicy.updateMode | default "Auto" }} + {{- with $objectData.updatePolicy.minReplicas }} + minReplicas: {{ . }} + {{- end -}} + {{- if $objectData.updatePolicy.evictionRequirements }} + evictionRequirements: + {{- range $req := $objectData.updatePolicy.evictionRequirements }} + - resources: {{ $req.resources | toJson }} + changeRequirement: {{ $req.changeRequirement }} + {{- end -}} + {{- end -}} + {{- if and $objectData.resourcePolicy $objectData.resourcePolicy.containerPolicies }} + resourcePolicy: + containerPolicies: + {{- range $cPol := $objectData.resourcePolicy.containerPolicies }} + - containerName: {{ $cPol.containerName | quote }} + mode: {{ $cPol.mode }} + {{- if eq $cPol.mode "Off" -}}{{- continue -}}{{- end }} + controlledValues: {{ $cPol.controlledValues | default "RequestsAndLimits" }} + {{- if $cPol.controlledResources }} + controlledResources: {{ $cPol.controlledResources | toJson }} + {{- end -}} + {{- with $cPol.minAllowed -}} + {{- include "tc.v1.common.class.vpa.resources" (dict "item" "minAllowed" "resources" $cPol.minAllowed) | nindent 8 -}} + {{- end -}} + {{- with $cPol.maxAllowed -}} + {{- include "tc.v1.common.class.vpa.resources" (dict "item" "maxAllowed" "resources" $cPol.maxAllowed) | nindent 8 -}} + {{- end -}} + + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.class.vpa.resources" -}} + {{- $item := .item -}} + {{- $resources := .resources -}} + + {{ $item }}: + {{- with $resources.cpu }} + cpu: {{ . }} + {{- end -}} + {{- with $resources.memory }} + memory: {{ . }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_volumeSnapshot.tpl b/charts/baikal/baikal/charts/common/templates/class/_volumeSnapshot.tpl new file mode 100644 index 0000000..21d4c33 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_volumeSnapshot.tpl @@ -0,0 +1,46 @@ +{{/* volumesnapshot Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.volumesnapshot" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the volumesnapshot. + labels: The labels of the volumesnapshot. + annotations: The annotations of the volumesnapshot. + namespace: The namespace of the volumesnapshot. (Optional) +*/}} + +{{- define "tc.v1.common.class.volumesnapshot" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} +--- +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshot +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "volumesnapshot") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + {{- with $objectData.volumeSnapshotClassName }} + volumeSnapshotClassName: {{ . }} + {{- end -}} + {{- if $objectData.source }} + source: + {{- with $objectData.source.persistentVolumeClaimName }} + persistentVolumeClaimName: {{ . }} + {{- end -}} + {{- with $objectData.source.volumeSnapshotContentName }} + volumeSnapshotContentName: {{ . }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/_volumeSnapshotClass.tpl b/charts/baikal/baikal/charts/common/templates/class/_volumeSnapshotClass.tpl new file mode 100644 index 0000000..3521ff4 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/_volumeSnapshotClass.tpl @@ -0,0 +1,45 @@ +{{/* volumesnapshotclass Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.volumesnapshotclass" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the volumesnapshotclass. + labels: The labels of the volumesnapshotclass. + annotations: The annotations of the volumesnapshotclass. +*/}} + +{{- define "tc.v1.common.class.volumesnapshotclass" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $isDefault := false -}} + {{- if (kindIs "bool" $objectData.isDefault) -}} + {{- $isDefault = $objectData.isDefault -}} + {{- end }} +--- +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshotClass +metadata: + name: {{ $objectData.name }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) }} + annotations: + snapshot.storage.kubernetes.io/is-default-class: {{ $isDefault | quote }} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + {{- . | nindent 4 }} + {{- end }} +driver: {{ tpl $objectData.driver $rootCtx }} +deletionPolicy: {{ $objectData.deletionPolicy | default "Retain" }} + {{- with $objectData.parameters }} +parameters: + {{- range $k, $v := . }} + {{ tpl $k $rootCtx }}: {{ (tpl ($v | toString) $rootCtx) | quote }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/cert-manager/_certificate.tpl b/charts/baikal/baikal/charts/common/templates/class/cert-manager/_certificate.tpl new file mode 100644 index 0000000..f02bc4a --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/cert-manager/_certificate.tpl @@ -0,0 +1,60 @@ +{{/* Certificate Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.certificate" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the certificate. + labels: The labels of the certificate. + annotations: The annotations of the certificate. + namespace: The namespace of the certificate. (Optional) +*/}} +{{- define "tc.v1.common.class.certificate" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Cert Manager Certificate") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + secretName: {{ $objectData.name }} + dnsNames: + {{- range $h := $objectData.hosts }} + - {{ (tpl $h $rootCtx) | quote }} + {{- end }} + privateKey: + algorithm: ECDSA + size: 256 + rotationPolicy: Always + issuerRef: + name: {{ tpl $objectData.certificateIssuer $rootCtx }} + kind: ClusterIssuer + group: cert-manager.io + {{- if $objectData.certificateSecretTemplate }} + secretTemplate: + {{- $labels := (mustMerge ($objectData.certificateSecretTemplate.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 6 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.certificateSecretTemplate.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 6 }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/cnpg/_backup.tpl b/charts/baikal/baikal/charts/common/templates/class/cnpg/_backup.tpl new file mode 100644 index 0000000..1eb47f7 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/cnpg/_backup.tpl @@ -0,0 +1,41 @@ +{{- define "tc.v1.common.class.cnpg.backup" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{/* Naming */}} + {{- $backupName := printf "%v-backup-%v" $objectData.name $objectData.backupName -}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $backupName "length" 253) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "CNPG Backup") -}} + + {{/* Metadata */}} + {{- $objLabels := $objectData.labels | default dict -}} + {{- $globalBackupLabels := $objectData.backups.labels | default dict -}} + {{- $backupLabels := $objectData.backupLabels | default dict -}} + {{- $backupLabels = mustMerge $backupLabels $objLabels $globalBackupLabels -}} + + {{- $objAnnotations := $objectData.annotations | default dict -}} + {{- $globalBackupAnnotations := $objectData.backups.annotations | default dict -}} + {{- $backupAnnotations := $objectData.backupAnnotations | default dict -}} + {{- $backupAnnotations = mustMerge $backupAnnotations $objAnnotations $globalBackupAnnotations }} + +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Backup +metadata: + name: {{ $backupName }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "CNPG Backup") }} + labels: + cnpg.io/cluster: {{ $objectData.clusterName }} + {{- $labels := (mustMerge $backupLabels (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge $backupAnnotations (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + cluster: + name: {{ $objectData.clusterName }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/cnpg/_cluster.tpl b/charts/baikal/baikal/charts/common/templates/class/cnpg/_cluster.tpl new file mode 100644 index 0000000..2c3dfe2 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/cnpg/_cluster.tpl @@ -0,0 +1,261 @@ +{{- define "tc.v1.common.class.cnpg.cluster" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectData.clusterName "length" 253) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "CNPG Cluster") -}} + + {{/* Initialize variables */}} + {{- $hibernation := "off" -}} + {{- $instances := 2 -}} + {{- $mode := "standalone" -}} + {{- $enableMonitoring := false -}} + {{- $disableDefaultQueries := false -}} + {{- $customQueries := list -}} + {{- $enableSuperUser := true -}} + {{- $inProgress := false -}} + {{- $reusePVC := true -}} + {{- $preloadLibraries := list -}} + {{- $walSize := $rootCtx.Values.global.fallbackDefaults.vctSize -}} + {{- $size := $rootCtx.Values.global.fallbackDefaults.vctSize -}} + {{- $primaryUpdateStrategy := "unsupervised" -}} + {{- $primaryUpdateMethod := "switchover" -}} + {{- $logLevel := "info" -}} + {{- $accessModes := $rootCtx.Values.global.fallbackDefaults.vctAccessModes -}} + {{- $walAccessModes := $rootCtx.Values.global.fallbackDefaults.vctAccessModes -}} + {{- $skipEmptyWalArchiveCheck := $rootCtx.Values.global.fallbackDefaults.cnpg.skipEmptyWalArchiveCheck -}} + + {{/* Make sure keys exist before try to access any sub keys */}} + {{- if not (hasKey $objectData "cluster") -}} + {{- $_ := set $objectData "cluster" dict -}} + {{- end -}} + {{- if not (hasKey $objectData "monitoring") -}} + {{- $_ := set $objectData "monitoring" dict -}} + {{- end -}} + {{- if not (hasKey $objectData "backups") -}} + {{- $_ := set $objectData "backups" dict -}} + {{- end -}} + {{- if not (hasKey $objectData.cluster "storage") -}} + {{- $_ := set $objectData.cluster "storage" dict -}} + {{- end -}} + {{- if not (hasKey $objectData.cluster "walStorage") -}} + {{- $_ := set $objectData.cluster "walStorage" dict -}} + {{- end -}} + {{- if not (hasKey $objectData.cluster "resources") -}} + {{- $_ := set $objectData.cluster "resources" dict -}} + {{- end -}} + {{/* Exclude extra resources */}} + {{- $_ := set $objectData.cluster.resources "excludeExtra" true -}} + + {{/* Metadata */}} + {{- $objLabels := $objectData.labels | default dict -}} + {{- $clusterLabels := $objectData.cluster.labels | default dict -}} + {{- $clusterLabels = mustMerge $clusterLabels $objLabels -}} + + {{- $objAnnotations := $objectData.annotations | default dict -}} + {{- $clusterAnnotations := $objectData.cluster.annotations | default dict -}} + {{- $clusterAnnotations = mustMerge $clusterAnnotations $objAnnotations -}} + + {{- with $objectData.cluster.instances -}} + {{- $instances = . -}} + {{- end -}} + + {{/* Stop All */}} + {{- if or $objectData.hibernate (include "tc.v1.common.lib.util.stopAll" $rootCtx) -}} + {{- $hibernation = "on" -}} + {{- end -}} + + {{/* General */}} + {{- with $objectData.mode -}} + {{- $mode = . -}} + {{- end -}} + + {{- with $objectData.cluster.primaryUpdateStrategy -}} + {{- $primaryUpdateStrategy = . -}} + {{- end -}} + {{- with $objectData.cluster.primaryUpdateMethod -}} + {{- $primaryUpdateMethod = . -}} + {{- end -}} + {{- with $objectData.cluster.logLevel -}} + {{- $logLevel = . -}} + {{- end -}} + + {{/* Monitoring */}} + {{- with $objectData.monitoring -}} + {{- if (kindIs "bool" .enablePodMonitor) -}} + {{- $enableMonitoring = .enablePodMonitor -}} + {{- end -}} + {{- if (kindIs "bool" .disableDefaultQueries) -}} + {{- $disableDefaultQueries = .disableDefaultQueries -}} + {{- end -}} + {{- with .customQueries -}} + {{- $customQueries = . -}} + {{- end -}} + {{- end -}} + + {{/* Superuser */}} + {{- if (kindIs "bool" $objectData.cluster.enableSuperuserAccess) -}} + {{- $enableSuperUser = $objectData.cluster.enableSuperuserAccess -}} + {{- end -}} + + {{/* Node Maintenance Window */}} + {{- if $objectData.cluster.singleNode -}} + {{- $inProgress = true -}} + {{- end -}} + + {{- with $objectData.cluster.nodeMaintenanceWindow -}} + {{- if (kindIs "bool" .inProgress) -}} + {{ $inProgress = .inProgress -}} + {{- end -}} + {{- if (kindIs "bool" .reusePVC) -}} + {{ $reusePVC = .reusePVC -}} + {{- end -}} + {{- end -}} + + {{/* Preload Libraries */}} + {{- if (kindIs "slice" $objectData.cluster.preloadLibraries) -}} + {{- $preloadLibraries = $objectData.cluster.preloadLibraries -}} + {{- end -}} + {{- if eq $objectData.type "timescaledb" -}} + {{- $preloadLibraries = mustAppend $preloadLibraries "timescaledb" -}} + {{- end -}} + {{- if eq $objectData.type "vectors" -}} + {{- $preloadLibraries = mustAppend $preloadLibraries "vectors.so" -}} + {{- end -}} + + {{/* Storage */}} + {{- with $objectData.cluster.storage.size -}} + {{- $size = . -}} + {{- end -}} + + {{- with $objectData.cluster.walStorage.size -}} + {{- $walSize = . -}} + {{- end -}} + + {{- with $objectData.cluster.storage.accessModes -}} + {{- $accessModes = . -}} + {{- end -}} + + {{- with $objectData.cluster.walStorage.accessModes -}} + {{- $walAccessModes = . -}} + {{- end -}} + + {{- with $objectData.cluster.skipEmptyWalArchiveCheck -}} + {{- $skipEmptyWalArchiveCheck = . -}} + {{- end -}} + + {{- $imageName := $objectData.cluster.imageName -}} + {{- if not $imageName -}} + {{/* Ensure version and container tracking */}} + {{- $imageType := ($objectData.type | default "postgres") | camelcase | title -}} + {{- if eq $imageType "Postgres" -}} + {{- $imageType = "" -}} + {{- end -}} + + {{/* Format is [postgresCustomNameVersionImage] */}} + {{- $imageKey := printf "postgres%s%sImage" $imageType $objectData.pgVersion -}} + {{- $imageValue := fromJson (include "tc.v1.common.lib.container.imageSelector" (dict "rootCtx" $rootCtx "objectData" (dict "imageSelector" $imageKey))) -}} + {{- $formatImage := printf "%s:%s" $imageValue.repository $imageValue.tag -}} + + {{- $imageName = $formatImage -}} + {{- end }} + +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: {{ $objectData.clusterName }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "CNPG Cluster") }} + labels: + cnpg.io/reload: "on" + {{- $labels := (mustMerge $clusterLabels (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + {{- . | nindent 4 }} + {{- end }} + annotations: + cnpg.io/hibernation: {{ $hibernation | quote }} + checksum/secrets: {{ toJson $rootCtx.Values.secret | sha256sum }} + {{- if $skipEmptyWalArchiveCheck }} + cnpg.io/skipEmptyWalArchiveCheck: "enabled" + {{- end }} + {{- $annotations := (mustMerge $clusterAnnotations (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + {{- . | nindent 4 }} + {{- end }} +spec: + imageName: {{ $imageName }} + {{/* This ignores `0` on purpose. */}} + postgresUID: {{ $objectData.cluster.postgresUID | default 26 }} + postgresGID: {{ $objectData.cluster.postgresGID | default 26 }} + enableSuperuserAccess: {{ $enableSuperUser }} + primaryUpdateStrategy: {{ $primaryUpdateStrategy }} + primaryUpdateMethod: {{ $primaryUpdateMethod }} + logLevel: {{ $logLevel }} + instances: {{ $instances }} + {{- if or $objectData.cluster.postgresql $preloadLibraries }} + postgresql: + {{- with $objectData.cluster.postgresql }} + parameters: + {{- range $k, $v := . }} + {{ $k }}: {{ tpl $v $rootCtx | quote }} + {{- end -}} + {{- end -}} + {{- with $preloadLibraries }} + shared_preload_libraries: + {{- range $lib := (. | mustUniq) }} + - {{ $lib | quote }} + {{- end -}} + {{- end -}} + {{- end }} + nodeMaintenanceWindow: + inProgress: {{ $inProgress }} + reusePVC: {{ $reusePVC }} + {{- with (include "tc.v1.common.lib.container.resources" (dict "rootCtx" $rootCtx "objectData" $objectData.cluster) | trim) }} + resources: + {{- . | nindent 4 }} + {{- end }} + storage: + pvcTemplate: + {{- $_ := set $objectData.cluster.storage "size" $size -}} + {{- $_ := set $objectData.cluster.storage "accessModes" $accessModes -}} + + {{- include "tc.v1.common.lib.storage.pvc.spec" (dict "rootCtx" $rootCtx "objectData" $objectData.cluster.storage) | trim | nindent 6 }} + walStorage: + pvcTemplate: + {{- $_ := set $objectData.cluster.walStorage "size" $walSize -}} + {{- $_ := set $objectData.cluster.walStorage "accessModes" $walAccessModes -}} + + {{- include "tc.v1.common.lib.storage.pvc.spec" (dict "rootCtx" $rootCtx "objectData" $objectData.cluster.walStorage) | trim | nindent 6 }} + {{- if $enableMonitoring }} + monitoring: + enablePodMonitor: {{ $enableMonitoring }} + disableDefaultQueries: {{ $disableDefaultQueries }} + {{- if $customQueries }} + customQueriesConfigMap: + {{- range $q := $customQueries }} + {{- $name := $q.name -}} + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $rootCtx "objectData" $q + "name" $q.name "caller" "CNPG Cluster" + "key" "monitoring.customQueries")) -}} + + {{- if eq $expandName "true" -}} + {{- $name = (printf "%s-cnpg-%s-%s" $fullname $objectData.shortName $q.name) -}} + {{- end }} + - name: {{ $name }} + key: {{ $q.key | default "custom-queries" }} + {{- end -}} + {{- end -}} + {{- end }} + bootstrap: + {{- if eq $mode "standalone" -}} + {{- include "tc.v1.common.lib.cnpg.cluster.bootstrap.standalone" (dict "rootCtx" $rootCtx "objectData" $objectData) | nindent 4 -}} + {{- else if eq $mode "recovery" -}} + {{- include "tc.v1.common.lib.cnpg.cluster.bootstrap.recovery" (dict "objectData" $objectData) | nindent 4 -}} + {{- include "tc.v1.common.lib.cnpg.cluster.bootstrap.recovery.externalCluster" (dict "rootCtx" $rootCtx "objectData" $objectData) | nindent 2 -}} + {{- end -}} + {{- if $objectData.backups.enabled }} + {{- include "tc.v1.common.lib.cnpg.cluster.backup" (dict "rootCtx" $rootCtx "objectData" $objectData) | nindent 2 -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/cnpg/_pooler.tpl b/charts/baikal/baikal/charts/common/templates/class/cnpg/_pooler.tpl new file mode 100644 index 0000000..b9c39b8 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/cnpg/_pooler.tpl @@ -0,0 +1,57 @@ +{{- define "tc.v1.common.class.cnpg.pooler" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{/* Naming */}} + {{- $poolerName := printf "%s-pooler-%s" $objectData.name $objectData.pooler.type -}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $poolerName "length" 253) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "CNPG Pooler") -}} + + {{/* Metadata */}} + {{- $objLabels := $objectData.labels | default dict -}} + {{- $poolerLabels := $objectData.pooler.labels | default dict -}} + {{- $poolerLabels = mustMerge $poolerLabels $objLabels -}} + + {{- $objAnnotations := $objectData.annotations | default dict -}} + {{- $poolerAnnotations := $objectData.pooler.annotations | default dict -}} + {{- $poolerAnnotations = mustMerge $poolerAnnotations $objAnnotations -}} + + {{- $instances := $objectData.pooler.instances | default 2 -}} + {{/* Stop All */}} + {{- if or $objectData.hibernate (include "tc.v1.common.lib.util.stopAll" $rootCtx) -}} + {{- $instances = 0 -}} + {{- end }} + +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Pooler +metadata: + name: {{ $poolerName }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "CNPG Pooler") }} + labels: + cnpg.io/reload: "on" + {{- $labels := (mustMerge $poolerLabels (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + {{- . | nindent 4 }} + {{- end }} + annotations: + checksum/secrets: {{ toJson $rootCtx.Values.secret | sha256sum }} + {{- $annotations := (mustMerge $poolerAnnotations (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + {{- . | nindent 4 }} + {{- end }} +spec: + cluster: + name: {{ $objectData.clusterName }} + instances: {{ $instances }} + type: {{ $objectData.pooler.type }} + pgbouncer: + poolMode: {{ $objectData.pooler.poolMode | default "session" }} + {{/* https://cloudnative-pg.io/documentation/1.15/connection_pooling/#pgbouncer-configuration-options */}} + {{- with $objectData.pooler.parameters }} + parameters: + {{- range $key, $value := . }} + {{ $key }}: {{ tpl $value $rootCtx | quote }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/cnpg/_scheduledBackup.tpl b/charts/baikal/baikal/charts/common/templates/class/cnpg/_scheduledBackup.tpl new file mode 100644 index 0000000..c541bf5 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/cnpg/_scheduledBackup.tpl @@ -0,0 +1,58 @@ +{{- define "tc.v1.common.class.cnpg.scheduledbackup" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{/* Naming */}} + {{- $backupName := printf "%v-sched-backup-%v" $objectData.name $objectData.backupName -}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $backupName "length" 253) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "CNPG Scheduled Backup") -}} + + {{/* Metadata */}} + {{- $objLabels := $objectData.labels | default dict -}} + {{- $globalBackupLabels := $objectData.backups.labels | default dict -}} + {{- $backupLabels := $objectData.backupLabels | default dict -}} + {{- $backupLabels = mustMerge $backupLabels $objLabels $globalBackupLabels -}} + + {{- $objAnnotations := $objectData.annotations | default dict -}} + {{- $globalBackupAnnotations := $objectData.backups.annotations | default dict -}} + {{- $backupAnnotations := $objectData.backupAnnotations | default dict -}} + {{- $backupAnnotations = mustMerge $backupAnnotations $objAnnotations $globalBackupAnnotations -}} + + {{/* Data */}} + {{- $suspend := false -}} + {{- if (hasKey $objectData.schedData "suspend") -}} + {{- $suspend = $objectData.schedData.suspend -}} + {{- end -}} + {{- if or $objectData.hibernate (include "tc.v1.common.lib.util.stopAll" $rootCtx) -}} + {{- $suspend = true -}} + {{- end -}} + {{- $immediate := false -}} + {{- if (hasKey $objectData.schedData "immediate") -}} + {{- $immediate = $objectData.schedData.immediate -}} + {{- end }} + +--- +apiVersion: postgresql.cnpg.io/v1 +kind: ScheduledBackup +metadata: + name: {{ $backupName }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "CNPG Scheduled Backup") }} + labels: + cnpg.io/cluster: {{ $objectData.clusterName }} + {{- $labels := (mustMerge $backupLabels (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge $backupAnnotations (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + schedule: {{ $objectData.schedData.schedule }} + backupOwnerReference: {{ $objectData.schedData.backupOwnerReference | default "none" }} + suspend: {{ $suspend }} + immediate: {{ $immediate }} + cluster: + name: {{ $objectData.clusterName }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/metrics/_podMonitor.tpl b/charts/baikal/baikal/charts/common/templates/class/metrics/_podMonitor.tpl new file mode 100644 index 0000000..360c7ef --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/metrics/_podMonitor.tpl @@ -0,0 +1,48 @@ +{{- define "tc.v1.common.class.podmonitor" -}} + {{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}} + {{- $podmonitorName := $fullName -}} + {{- $values := .Values.podmonitor -}} + + {{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.metrics -}} + {{- $values = . -}} + {{- end -}} + {{- end -}} + {{- $podmonitorLabels := $values.labels -}} + {{- $podmonitorAnnotations := $values.annotations -}} + + {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} + {{- $podmonitorName = printf "%v-%v" $podmonitorName $values.nameOverride -}} + {{- end }} + +--- +apiVersion: {{ include "tc.v1.common.capabilities.podmonitor.apiVersion" $ }} +kind: PodMonitor +metadata: + name: {{ $podmonitorName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} + {{- $labels := (mustMerge ($podmonitorLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- $annotations := (mustMerge ($podmonitorAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + jobLabel: app.kubernetes.io/name + selector: + {{- if $values.selector }} + {{- tpl (toYaml $values.selector) $ | nindent 4 }} + {{- else }} + {{- $objectData := dict "targetSelector" $values.targetSelector }} + {{- $selectedPod := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $ "objectData" $objectData)) }} + {{- $selectedPodName := $selectedPod.shortName }} + matchLabels: + {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "pod" "objectName" $selectedPodName) | indent 6 }} + {{- end }} + podMetricsEndpoints: + {{- tpl (toYaml $values.endpoints) $ | nindent 4 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/metrics/_prometheusRule.tpl b/charts/baikal/baikal/charts/common/templates/class/metrics/_prometheusRule.tpl new file mode 100644 index 0000000..60564fd --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/metrics/_prometheusRule.tpl @@ -0,0 +1,56 @@ +{{- define "tc.v1.common.class.prometheusrule" -}} + {{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}} + {{- $prometheusruleName := $fullName -}} + {{- $values := .Values.prometheusrule -}} + + {{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.metrics -}} + {{- $values = . -}} + {{- end -}} + {{- end -}} + {{- $prometheusruleLabels := $values.labels -}} + {{- $prometheusruleAnnotations := $values.annotations -}} + + {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} + {{- $prometheusruleName = printf "%v-%v" $prometheusruleName $values.nameOverride -}} + {{- end }} + +--- +apiVersion: {{ include "tc.v1.common.capabilities.prometheusrule.apiVersion" $ }} +kind: PrometheusRule +metadata: + name: {{ $prometheusruleName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} + {{- $labels := (mustMerge ($prometheusruleLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- $annotations := (mustMerge ($prometheusruleAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + groups: + {{- range $name, $groupValues := .groups }} + - name: {{ $prometheusruleName }}-{{ $name }} + rules: + {{- with $groupValues.rules }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $groupValues.additionalrules }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- range $id, $groupValues := .additionalgroups }} + - name: {{ $prometheusruleName }}-{{ if $groupValues.name }}{{ $groupValues.name }}{{ else }}{{ $id }}{{ end }} + rules: + {{- with $groupValues.rules }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $groupValues.additionalrules }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/metrics/_serviceMonitor.tpl b/charts/baikal/baikal/charts/common/templates/class/metrics/_serviceMonitor.tpl new file mode 100644 index 0000000..f98c071 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/metrics/_serviceMonitor.tpl @@ -0,0 +1,48 @@ +{{- define "tc.v1.common.class.servicemonitor" -}} + {{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}} + {{- $servicemonitorName := $fullName -}} + {{- $values := .Values.servicemonitor -}} + + {{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.metrics -}} + {{- $values = . -}} + {{- end -}} + {{- end -}} + {{- $servicemonitorLabels := $values.labels -}} + {{- $servicemonitorAnnotations := $values.annotations -}} + + {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} + {{- $servicemonitorName = printf "%v-%v" $servicemonitorName $values.nameOverride -}} + {{- end }} + +--- +apiVersion: {{ include "tc.v1.common.capabilities.servicemonitor.apiVersion" $ }} +kind: ServiceMonitor +metadata: + name: {{ $servicemonitorName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} + {{- $labels := (mustMerge ($servicemonitorLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- $annotations := (mustMerge ($servicemonitorAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + jobLabel: app.kubernetes.io/name + selector: + {{- if $values.selector }} + {{- tpl (toYaml $values.selector) $ | nindent 4 }} + {{- else }} + {{- $objectData := dict "targetSelector" $values.targetSelector }} + {{- $selectedService := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedServiceValues" (dict "rootCtx" $ "objectData" $objectData)) }} + {{- $selectedServiceName := $selectedService.shortName }} + matchLabels: + {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ "objectType" "service" "objectName" $selectedServiceName) | indent 6 }} + {{- end }} + endpoints: + {{- tpl (toYaml $values.endpoints) $ | nindent 4 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/traefik-middleware/_middleware.tpl b/charts/baikal/baikal/charts/common/templates/class/traefik-middleware/_middleware.tpl new file mode 100644 index 0000000..1ec5b6d --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/traefik-middleware/_middleware.tpl @@ -0,0 +1,46 @@ +{{/* Traefik Middleware Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.traefik.middleware" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the middleware. + labels: The labels of the middleware. + annotations: The annotations of the middleware. + data: The data of the middleware. + namespace: The namespace of the middleware. (Optional) +*/}} + +{{- define "tc.v1.common.class.traefik.middleware" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $typeClassMap := (include "tc.v1.common.lib.traefik.middlewares.map" $) | fromJson -}} + + {{- if not (hasKey $typeClassMap $objectData.type) -}} + {{- fail (printf "Traefik - Middleware [%s] is not supported. Supported middlewares are [%s]" $objectData.type (keys $typeClassMap | join ", ")) -}} + {{- end }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Middleware") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + {{- /* + Nothing goes after the include, each middleware can also render other manifests. + For the same reason indentation must be handled by each middleware. + */ -}} + {{- include (get $typeClassMap $objectData.type) (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/volsync/_replicationDestination.tpl b/charts/baikal/baikal/charts/common/templates/class/volsync/_replicationDestination.tpl new file mode 100644 index 0000000..7ca2322 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/volsync/_replicationDestination.tpl @@ -0,0 +1,68 @@ +{{/* replicationdestination Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.replicationdestination" (dict "rootCtx" $ "objectData" $objectData "volsyncData" $volsyncData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the replicationdestination. + labels: The labels of the replicationdestination. + annotations: The annotations of the replicationdestination. + data: The data of the replicationdestination. + namespace: The namespace of the replicationdestination. (Optional) +*/}} + +{{- define "tc.v1.common.class.replicationdestination" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $volsyncData := .volsyncData -}} + + {{- $cleanupTempPVC := false -}} + {{- $cleanupCachePVC := false -}} + {{- if and (hasKey $volsyncData "cleanupTempPVC") (kindIs "bool" $volsyncData.cleanupTempPVC) -}} + {{- $cleanupTempPVC = $volsyncData.cleanupTempPVC -}} + {{- end -}} + {{- if and (hasKey $volsyncData "cleanupCachePVC") (kindIs "bool" $volsyncData.cleanupCachePVC) -}} + {{- $cleanupCachePVC = $volsyncData.cleanupCachePVC -}} + {{- end -}} + + {{- $copyMethod := $volsyncData.copyMethod | default "Snapshot" -}} + {{- $capacity := $rootCtx.Values.global.fallbackDefaults.pvcSize -}} + {{- if $objectData.size -}} + {{- $capacity = $objectData.size -}} + {{- end -}} + {{- if $volsyncData.dest.capacity -}} + {{- $capacity = $volsyncData.dest.capacity -}} + {{- end }} +--- +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationDestination +metadata: + name: {{ printf "%s-%s-dest" $objectData.name $volsyncData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Replication Destination") }} + {{- $labels := (mustMerge ($volsyncData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($volsyncData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + trigger: + manual: restore-once + {{ $volsyncData.type }}: + repository: {{ $volsyncData.repository }} + copyMethod: {{ $copyMethod }} + capacity: {{ $capacity }} + {{- if eq $copyMethod "Direct" }} + destinationPVC: {{ $objectData.name }} + {{- end }} + cleanupTempPVC: {{ $cleanupTempPVC }} + cleanupCachePVC: {{ $cleanupCachePVC }} + {{- include "tc.v1.common.lib.volsync.storage" (dict "rootCtx" $rootCtx "objectData" $objectData "volsyncData" $volsyncData "target" "dest") | trim | nindent 4 }} + {{- include "tc.v1.common.lib.volsync.cache" (dict "rootCtx" $rootCtx "objectData" $objectData "volsyncData" $volsyncData "target" "dest") | trim | nindent 4 }} + {{- include "tc.v1.common.lib.volsync.moversecuritycontext" (dict "rootCtx" $rootCtx "objectData" $objectData "volsyncData" $volsyncData "target" "dest") | trim | nindent 4 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/class/volsync/_replicationSource.tpl b/charts/baikal/baikal/charts/common/templates/class/volsync/_replicationSource.tpl new file mode 100644 index 0000000..725576a --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/class/volsync/_replicationSource.tpl @@ -0,0 +1,68 @@ +{{/* replicationsource Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.replicationsource" (dict "rootCtx" $ "objectData" $objectData "volsyncData" $volsyncData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the replicationsource. + labels: The labels of the replicationsource. + annotations: The annotations of the replicationsource. + data: The data of the replicationsource. + namespace: The namespace of the replicationsource. (Optional) +*/}} + +{{- define "tc.v1.common.class.replicationsource" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $volsyncData := .volsyncData -}} + + {{- $schedule := "0 0 * * *" -}} + {{- if and $volsyncData.src.trigger $volsyncData.src.trigger.schedule -}} + {{- $schedule = $volsyncData.src.trigger.schedule -}} + {{- end -}} + + {{- $retain := dict "hourly" 6 "daily" 5 "weekly" 4 "monthly" 3 "yearly" 1 -}} + {{- if $volsyncData.src.retain -}} + {{- $items := list "hourly" "daily" "weekly" "monthly" "yearly" -}} + {{- range $item := $items -}} + {{- with get $volsyncData.src.retain $item -}} + {{- $_ := set $retain $item . -}} + {{- end -}} + {{- end -}} + {{- end }} +--- +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: {{ printf "%s-%s" $objectData.name $volsyncData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Replication Source") }} + {{- $labels := (mustMerge ($volsyncData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($volsyncData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + sourcePVC: {{ $objectData.name }} + trigger: + schedule: {{ $schedule }} + {{ $volsyncData.type }}: + repository: {{ $volsyncData.repository }} + copyMethod: {{ $volsyncData.copyMethod | default "Snapshot" }} + pruneIntervalDays: {{ $volsyncData.src.pruneIntervalDays | default 7 }} + unlock: {{ now | date "20060102150405" | quote }} + retain: + hourly: {{ $retain.hourly }} + daily: {{ $retain.daily }} + weekly: {{ $retain.weekly }} + monthly: {{ $retain.monthly }} + yearly: {{ $retain.yearly }} + {{- include "tc.v1.common.lib.volsync.storage" (dict "rootCtx" $rootCtx "objectData" $objectData "volsyncData" $volsyncData "target" "src") | trim | nindent 4 }} + {{- include "tc.v1.common.lib.volsync.cache" (dict "rootCtx" $rootCtx "objectData" $objectData "volsyncData" $volsyncData "target" "src") | trim | nindent 4 }} + {{- include "tc.v1.common.lib.volsync.moversecuritycontext" (dict "rootCtx" $rootCtx "objectData" $objectData "volsyncData" $volsyncData "target" "src") | trim | nindent 4 }} +{{- end }} diff --git a/charts/baikal/baikal/charts/common/templates/helpers/_envDupeCheck.tpl b/charts/baikal/baikal/charts/common/templates/helpers/_envDupeCheck.tpl new file mode 100644 index 0000000..da27c96 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/helpers/_envDupeCheck.tpl @@ -0,0 +1,23 @@ +{{/* Check Env for Duplicates */}} +{{/* Call this template: +{{ include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $ "objectData" $objectData "source" $source "key" $key) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.helper.container.envDupeCheck" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $source := .source -}} + {{- $type := .type -}} + {{- $key := .key -}} + + {{- $dupeEnv := (get $objectData.envDupe $key) -}} + + {{- if $dupeEnv -}} + {{- fail (printf "Container - Environment Variable [%s] in [%s] tried to override the Environment Variable that is already defined in [%s]" $key $source $dupeEnv.source) -}} + {{- end -}} + + {{- $_ := set $objectData.envDupe $key (dict "source" $source) -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/helpers/_getPortRange.tpl b/charts/baikal/baikal/charts/common/templates/helpers/_getPortRange.tpl new file mode 100644 index 0000000..8127fc5 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/helpers/_getPortRange.tpl @@ -0,0 +1,59 @@ +{{/* Returns Lowest and Highest ports assigned to the any container in the pod */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.helpers.securityContext.getPortRange" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.helpers.securityContext.getPortRange" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{ $portRange := (dict "high" 0 "low" 0) }} + + {{- range $name, $service := $rootCtx.Values.service -}} + {{- $selected := false -}} + {{/* If service is enabled... */}} + {{- if $service.enabled -}} + + {{/* If there is a selector */}} + {{- if $service.targetSelector -}} + + {{/* And pod is selected */}} + {{- if eq $service.targetSelector $objectData.shortName -}} + {{- $selected = true -}} + {{- end -}} + + {{- else -}} + {{/* If no selector is defined but pod is primary */}} + {{- if $objectData.primary -}} + {{- $selected = true -}} + {{- end -}} + + {{- end -}} + {{- end -}} + + {{- if $selected -}} + {{- range $name, $portValues := $service.ports -}} + {{- if $portValues.enabled -}} + + {{- $portToCheck := ($portValues.targetPort | default $portValues.port) -}} + {{- if kindIs "string" $portToCheck -}} + {{- $portToCheck = (tpl $portToCheck $rootCtx) | int -}} + {{- end -}} + + {{- if or (not $portRange.low) (lt ($portToCheck | int) ($portRange.low | int)) -}} + {{- $_ := set $portRange "low" $portToCheck -}} + {{- end -}} + + {{- if or (not $portRange.high) (gt ($portToCheck | int) ($portRange.high | int)) -}} + {{- $_ := set $portRange "high" $portToCheck -}} + {{- end -}} + + {{- end -}} + {{- end -}} + {{- end -}} + + {{- end -}} + + {{- $portRange | toJson -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/helpers/_getSelectedPod.tpl b/charts/baikal/baikal/charts/common/templates/helpers/_getSelectedPod.tpl new file mode 100644 index 0000000..c2d7cf9 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/helpers/_getSelectedPod.tpl @@ -0,0 +1,47 @@ +{{/* Service - Get Selected Pod */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.helpers.getSelectedPodValues" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +objectData: The object data of the service +rootCtx: The root context of the chart. +*/}} + +{{- define "tc.v1.common.lib.helpers.getSelectedPodValues" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $caller := .caller -}} + + {{- $podValues := dict -}} + {{- with $objectData.targetSelector -}} + {{- $podValues = mustDeepCopy (get $rootCtx.Values.workload .) -}} + + {{- if not $podValues -}} + {{- fail (printf "%s - Selected pod [%s] is not defined" $caller .) -}} + {{- end -}} + + {{- if not $podValues.enabled -}} + {{- fail (printf "%s - Selected pod [%s] is not enabled" $caller .) -}} + {{- end -}} + + {{/* While we know the shortName from targetSelector, let's set it explicitly + So service can reference this directly, to match the behaviour of a service + without targetSelector defined (assumes "use primary") */}} + {{- $_ := set $podValues "shortName" . -}} + {{- else -}} + + {{/* If no targetSelector is defined, we assume the service is using the primary pod */}} + {{/* Also no need to check for multiple primaries here, it's already done on the workload validation */}} + {{- range $podName, $pod := $rootCtx.Values.workload -}} + {{- if $pod.enabled -}} + {{- if $pod.primary -}} + {{- $podValues = mustDeepCopy $pod -}} + {{/* Set the shortName so service can use this on selector */}} + {{- $_ := set $podValues "shortName" $podName -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- end -}} + + {{/* Return values in Json, to preserve types */}} + {{ $podValues | toJson }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/helpers/_getSelectedService.tpl b/charts/baikal/baikal/charts/common/templates/helpers/_getSelectedService.tpl new file mode 100644 index 0000000..d874222 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/helpers/_getSelectedService.tpl @@ -0,0 +1,47 @@ +{{/* Service - Get Selected Service */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.helpers.getSelectedServiceValues" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +objectData: The object data of the service +rootCtx: The root context of the chart. +*/}} + +{{- define "tc.v1.common.lib.helpers.getSelectedServiceValues" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $caller := .caller -}} + + {{- $serviceValues := dict -}} + {{- with $objectData.targetSelector -}} + {{- $serviceValues = mustDeepCopy (get $rootCtx.Values.service .) -}} + + {{- if not $serviceValues -}} + {{- fail (printf "%s - Selected service [%s] is not defined" $caller .) -}} + {{- end -}} + + {{- if not $serviceValues.enabled -}} + {{- fail (printf "%s - Selected service [%s] is not enabled" $caller .) -}} + {{- end -}} + + {{/* While we know the shortName from targetSelector, let's set it explicitly + So service can reference this directly, to match the behaviour of a service + without targetSelector defined (assumes "use primary") */}} + {{- $_ := set $serviceValues "shortName" . -}} + {{- else -}} + + {{/* If no targetSelector is defined, we assume the service is using the primary service */}} + {{/* Also no need to check for multiple primaries here, it's already done on the service validation */}} + {{- range $serviceName, $service := $rootCtx.Values.service -}} + {{- if $service.enabled -}} + {{- if $service.primary -}} + {{- $serviceValues = mustDeepCopy $service -}} + {{/* Set the shortName so service can use this on selector */}} + {{- $_ := set $serviceValues "shortName" $serviceName -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- end -}} + + {{/* Return values in Json, to preserve types */}} + {{ $serviceValues | toJson }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/helpers/_makeIntOrNoop.tpl b/charts/baikal/baikal/charts/common/templates/helpers/_makeIntOrNoop.tpl new file mode 100644 index 0000000..aec1ddf --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/helpers/_makeIntOrNoop.tpl @@ -0,0 +1,21 @@ +{{- define "tc.v1.common.helper.makeIntOrNoop" -}} + {{- $value := . -}} + + {{/* + - Ints in Helm can be either int, int64 or float64. + - Values that start with zero should not be converted + to int again as this will strip leading zeros. + - Numbers converted to E notation by Helm will + always contain the "e" character. So we only + convert those. + */}} + {{- if and + (mustHas (kindOf $value) (list "int" "int64" "float64")) + (not (hasPrefix "0" ($value | toString))) + (contains "e" ($value | toString | lower)) + -}} + {{- $value | int -}} + {{- else -}} + {{- $value -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/_tc_capabilities.tpl b/charts/baikal/baikal/charts/common/templates/lib/_tc_capabilities.tpl new file mode 100644 index 0000000..df9c5d5 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/_tc_capabilities.tpl @@ -0,0 +1,19 @@ +{{/* Return the appropriate apiVersion for PodMonitor */}} +{{- define "tc.v1.common.capabilities.podmonitor.apiVersion" -}} + {{- print "monitoring.coreos.com/v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for ServiceMonitor */}} +{{- define "tc.v1.common.capabilities.servicemonitor.apiVersion" -}} + {{- print "monitoring.coreos.com/v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for PrometheusRule */}} +{{- define "tc.v1.common.capabilities.prometheusrule.apiVersion" -}} + {{- print "monitoring.coreos.com/v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for NetworkPolicy*/}} +{{- define "tc.v1.common.capabilities.networkpolicy.apiVersion" -}} + {{- print "networking.k8s.io/v1" -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/certificate/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/certificate/_validation.tpl new file mode 100644 index 0000000..9e84d10 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/certificate/_validation.tpl @@ -0,0 +1,49 @@ +{{/* Certificate Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.certificate.validation" (dict "rootCtx" $ "objectData" $objectData) -}} +objectData: + rootCtx: The root context of the chart. + objectData: The Certificate object. +*/}} + +{{- define "tc.v1.common.lib.certificate.validation" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.certificateIssuer -}} + {{- fail "Cert Manager Certificate - Expected non-empty [certificateIssuer]" -}} + {{- end -}} + + {{- if not $objectData.hosts -}} + {{- fail "Cert Manager Certificate - Expected non-empty [hosts]" -}} + {{- end -}} + + {{- if not (kindIs "slice" $objectData.hosts) -}} + {{- fail (printf "Cert Manager Certificate - Expected [hosts] to be a [slice], but got [%s]" (kindOf $objectData.hosts)) -}} + {{- end -}} + + {{- range $h := $objectData.hosts -}} + {{- if not $h -}} + {{- fail "Cert Manager Certificate - Expected non-empty entry in [hosts]" -}} + {{- end -}} + + {{- $host := tpl $h $rootCtx -}} + {{- if (hasPrefix "http://" $host) -}} + {{- fail (printf "Cert Manager Certificate - Expected entry in [hosts] to not start with [http://], but got [%s]" $host) -}} + {{- end -}} + {{- if (hasPrefix "https://" $host) -}} + {{- fail (printf "Cert Manager Certificate - Expected entry in [hosts] to not start with [https://], but got [%s]" $host) -}} + {{- end -}} + {{- if (contains ":" $host) -}} + {{- fail (printf "Cert Manager Certificate - Expected entry in [hosts] to not contain [:], but got [%s]" $host) -}} + {{- end -}} + + {{- with $objectData.certificateSecretTemplate -}} + {{- if and (not .labels) (not .annotations) -}} + {{- fail "Cert Manager Certificate - Expected [certificateSecretTemplate] to have at least one of [labels, annotations]" -}} + {{- end -}} + + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData.certificateSecretTemplate "caller" "Cert Manager Certificate (certificateSecretTemplate)") -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/chart/_check_capabitilies.tpl b/charts/baikal/baikal/charts/common/templates/lib/chart/_check_capabitilies.tpl new file mode 100644 index 0000000..679f1b8 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/chart/_check_capabitilies.tpl @@ -0,0 +1,16 @@ +{{- define "tc.v1.common.check.capabilities" -}} + {{- $helmVersion := semver .Capabilities.HelmVersion.Version -}} + {{- $helmMinVer := semver "3.14.0" -}} + + {{- if .Chart.Annotations -}} + {{- $min := index .Chart.Annotations "truecharts.org/min_helm_version" -}} + {{- if $min -}} + {{/* Apply a relaxed version check */}} + {{- $helmMinVer = semver $min -}} + {{- end -}} + {{- end -}} + + {{- if eq -1 ($helmMinVer | $helmVersion.Compare) -}} + {{- fail (printf "Expected minimum helm version [%s], but found [%s]. Upgrade helm cli tool." $helmMinVer $helmVersion) -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/chart/_names.tpl b/charts/baikal/baikal/charts/common/templates/lib/chart/_names.tpl new file mode 100644 index 0000000..ece50e2 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/chart/_names.tpl @@ -0,0 +1,52 @@ +{{/* Contains functions for generating names */}} + +{{/* Returns the name of the Chart */}} +{{- define "tc.v1.common.lib.chart.names.name" -}} + + {{- .Chart.Name | lower | trunc 63 | trimSuffix "-" -}} + +{{- end -}} + +{{/* Returns the fullname of the Chart */}} +{{- define "tc.v1.common.lib.chart.names.fullname" -}} + + {{- $name := include "tc.v1.common.lib.chart.names.name" . -}} + + {{- if contains $name .Release.Name -}} + {{- $name = .Release.Name -}} + {{- else -}} + {{- $name = printf "%s-%s" .Release.Name $name -}} + {{- end -}} + + {{- $name | lower | trunc 63 | trimSuffix "-" -}} + +{{- end -}} + +{{/* Returns the fqdn of the Chart */}} +{{- define "tc.v1.common.lib.chart.names.fqdn" -}} + + {{- printf "%s.%s" (include "tc.v1.common.lib.chart.names.fullname" .) .Release.Namespace | replace "+" "_" | trunc 63 | trimSuffix "-" -}} + +{{- end -}} + +{{/* Validates names */}} +{{- define "tc.v1.common.lib.chart.names.validation" -}} + + {{- $name := .name -}} + {{- $length := .length -}} + {{- if not $length -}} + {{- $length = 63 -}} + {{- end -}} + + {{- if not (and (mustRegexMatch "^[a-z0-9]((-?[a-z0-9]-?)*[a-z0-9])?$" $name) (le (len $name) $length)) -}} + {{- fail (printf "Name [%s] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most %v characters." $name $length) -}} + {{- end -}} + +{{- end -}} + +{{/* Create chart name and version as used by the chart label */}} +{{- define "tc.v1.common.lib.chart.names.chart" -}} + + {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/chart/_notes.tpl b/charts/baikal/baikal/charts/common/templates/lib/chart/_notes.tpl new file mode 100644 index 0000000..0d4445a --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/chart/_notes.tpl @@ -0,0 +1,38 @@ +{{- define "tc.v1.common.lib.chart.notes" -}} + + {{- include "tc.v1.common.lib.chart.header" . -}} + + {{- include "tc.v1.common.lib.chart.custom" . -}} + + {{- include "tc.v1.common.lib.chart.footer" . -}} + + {{- include "tc.v1.common.lib.chart.warnings" . -}} + +{{- end -}} + +{{- define "tc.v1.common.lib.chart.header" -}} + {{- tpl $.Values.notes.header $ | nindent 0 }} +{{- end -}} + +{{- define "tc.v1.common.lib.chart.custom" -}} + {{- tpl $.Values.notes.custom $ | nindent 0 }} +{{- end -}} + +{{- define "tc.v1.common.lib.chart.footer" -}} + {{- tpl $.Values.notes.footer $ | nindent 0 }} +{{- end -}} + +{{- define "tc.v1.common.lib.chart.warnings" -}} + {{- range $w := $.Values.notes.warnings }} + {{- tpl $w $ | nindent 0 }} + {{- end }} +{{- end -}} + +{{- define "add.warning" -}} + {{- $rootCtx := .rootCtx -}} + {{- $warn := .warn -}} + + {{- $newWarns := $rootCtx.Values.notes.warnings -}} + {{- $newWarns = mustAppend $newWarns $warn -}} + {{- $_ := set $rootCtx.Values.notes "warnings" $newWarns -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/_dbCredentialSecrets.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/_dbCredentialSecrets.tpl new file mode 100644 index 0000000..8555481 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/_dbCredentialSecrets.tpl @@ -0,0 +1,102 @@ +{{- define "tc.v1.common.lib.cnpg.db.credentials.secrets" -}} + {{- $objectData := .objectData -}} + {{- $cnpg := .cnpg -}} + {{- $rootCtx := .rootCtx -}} + + {{- $dbPass := $objectData.password -}} + {{- $auth := printf "%s:%s" $objectData.user $dbPass -}} + + {{/* Double "%" to escape the interpolation and use the template on another printf */}} + {{- $stdTmpl := printf "postgresql://%s@%s-%%s:5432/%s" $auth $objectData.name $objectData.database -}} + {{- $nosslTmpl := printf "postgresql://%s@%s-%%s:5432/%s?sslmode=disable" $auth $objectData.name $objectData.database -}} + {{- $portHostTmpl := printf "%s-%%s:5432" $objectData.name -}} + {{- $hostTmpl := printf "%s-%%s" $objectData.name -}} + {{- $jdbcTmpl := printf "jdbc:postgresql://%s-%%s:5432/%s" $objectData.name $objectData.database -}} + + {{- $rwString := "rw" -}} + {{- $roString := "ro" -}} + {{- $poolEnabled := false -}} + {{- if and $objectData.pooler $objectData.pooler.enabled -}} + {{- $poolEnabled = true -}} + {{- $rwString = "pooler-rw" -}} + {{- $roString = "pooler-ro" -}} + {{- end -}} + + {{- $creds := (dict + "std" (printf $stdTmpl $rwString) + "nossl" (printf $nosslTmpl $rwString) + "portHost" (printf $portHostTmpl $rwString) + "host" (printf $hostTmpl $rwString) + "jdbc" (printf $jdbcTmpl $rwString) + ) -}} + + {{- $credsRO := dict -}} + {{- if and $poolEnabled $objectData.pooler.createRO -}} + {{- $credsRO = (dict + "std" (printf $stdTmpl $roString) + "nossl" (printf $nosslTmpl $roString) + "portHost" (printf $portHostTmpl $roString) + "host" (printf $hostTmpl $roString) + "jdbc" (printf $jdbcTmpl $roString) + ) -}} + {{- end -}} + + {{- with (include "tc.v1.common.lib.cnpg.secret.user" (dict "user" $objectData.user "pass" $dbPass) | fromYaml) -}} + {{- $_ := set $rootCtx.Values.secret (printf "cnpg-%s-user" $objectData.shortName) . -}} + {{- end -}} + + {{- with (include "tc.v1.common.lib.cnpg.secret.urls" (dict "creds" $creds "credsRO" $credsRO) | fromYaml) -}} + {{- $_ := set $rootCtx.Values.secret (printf "cnpg-%s-urls" $objectData.shortName) . -}} + {{- end -}} + + {{/* We need to mutate the actual (cnpg) values here not the copy */}} + {{- if not (hasKey $cnpg "creds") -}} + {{- $_ := set $cnpg "creds" dict -}} + {{- end -}} + + {{- $_ := set $cnpg.creds "password" $dbPass -}} + + {{- $_ := set $cnpg.creds "std" $creds.std -}} + {{- $_ := set $cnpg.creds "nossl" $creds.nossl -}} + {{- $_ := set $cnpg.creds "porthost" $creds.portHost -}} + {{- $_ := set $cnpg.creds "host" $creds.host -}} + {{- $_ := set $cnpg.creds "jdbc" $creds.jdbc -}} + + {{- if and $poolEnabled $objectData.pooler.createRO -}} + {{- $_ := set $cnpg.creds "stdRO" $credsRO.std -}} + {{- $_ := set $cnpg.creds "nosslRO" $credsRO.nossl -}} + {{- $_ := set $cnpg.creds "porthostRO" $credsRO.portHost -}} + {{- $_ := set $cnpg.creds "hostRO" $credsRO.host -}} + {{- $_ := set $cnpg.creds "jdbcRO" $credsRO.jdbc -}} + {{- end -}} + +{{- end -}} + +{{- define "tc.v1.common.lib.cnpg.secret.urls" -}} + {{- $creds := .creds -}} + {{- $credsRO := .credsRO }} +enabled: true +data: + std: {{ $creds.std }} + nossl: {{ $creds.nossl }} + porthost: {{ $creds.portHost }} + host: {{ $creds.host }} + jdbc: {{ $creds.jdbc }} + {{- if $credsRO }} + stdRO: {{ $credsRO.std }} + nosslRO: {{ $credsRO.nossl }} + porthostRO: {{ $credsRO.portHost }} + hostRO: {{ $credsRO.host }} + jdbcRO: {{ $credsRO.jdbc }} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.cnpg.secret.user" -}} + {{- $user := .user -}} + {{- $pass := .pass }} +enabled: true +type: kubernetes.io/basic-auth +data: + username: {{ $user }} + password: {{ $pass }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/_poolerMetrics.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/_poolerMetrics.tpl new file mode 100644 index 0000000..22a1913 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/_poolerMetrics.tpl @@ -0,0 +1,10 @@ +{{- define "tc.v1.common.lib.cnpg.metrics.pooler" -}} +{{- $poolerName := .poolerName }} +enabled: true +type: podmonitor +selector: + matchLabels: + cnpg.io/poolerName: {{ $poolerName }} +endpoints: + - port: metrics +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/backup/_spawner.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/backup/_spawner.tpl new file mode 100644 index 0000000..91ab9ed --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/backup/_spawner.tpl @@ -0,0 +1,14 @@ +{{- define "tc.v1.common.lib.cnpg.spawner.backups" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- range $backup := $objectData.backups.manualBackups -}} + {{- $_ := set $objectData "backupName" $backup.name -}} + {{- $_ := set $objectData "backupLabels" $backup.labels -}} + {{- $_ := set $objectData "backupAnnotations" $backup.annotations -}} + + {{- include "tc.v1.common.lib.cnpg.backup.validation" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} + {{- include "tc.v1.common.class.cnpg.backup" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/backup/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/backup/_validation.tpl new file mode 100644 index 0000000..20903f8 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/backup/_validation.tpl @@ -0,0 +1,7 @@ +{{- define "tc.v1.common.lib.cnpg.backup.validation" -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.backupName -}} + {{- fail "CNPG Backup - Expected non-empty [name] in [backups.manualBackups] entry" -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/barmanObjectStore/_getData.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/barmanObjectStore/_getData.tpl new file mode 100644 index 0000000..6cffbdb --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/barmanObjectStore/_getData.tpl @@ -0,0 +1,46 @@ +{{- define "tc.v1.common.lib.cnpg.cluster.barmanObjectStoreConfig.getData" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $type := .type -}} + + {{- $serverName := $objectData.clusterName -}} + {{- $destinationPath := "" -}} + {{- $creds := dict -}} + {{- $key := "" -}} + + {{- if eq $type "recovery" -}} + {{- $creds = (get $rootCtx.Values.credentials $objectData.recovery.credentials) -}} + {{- include "tc.v1.common.lib.credentials.validation" (dict "rootCtx" $rootCtx "caller" "CNPG BarmanObjectStore" "credName" $objectData.recovery.credentials) -}} + {{- $destinationPath = $objectData.recovery.destinationPath -}} + {{- $key = "recovery" -}} + + {{- if $objectData.recovery.serverName -}} + {{- $serverName = $objectData.recovery.serverName -}} + {{- end -}} + {{- if $objectData.recovery.revision -}} + {{- $serverName = printf "%s-r%s" $serverName $objectData.recovery.revision -}} + {{- end -}} + + {{- else if eq $type "backup" -}} + {{- $creds = (get $rootCtx.Values.credentials $objectData.backups.credentials) -}} + {{- include "tc.v1.common.lib.credentials.validation" (dict "rootCtx" $rootCtx "caller" "CNPG BarmanObjectStore" "credName" $objectData.backups.credentials) -}} + {{- $destinationPath = $objectData.backups.destinationPath -}} + {{- $key = "backups" -}} + + {{- if $objectData.backups.serverName -}} + {{- $serverName = $objectData.backups.serverName -}} + {{- end -}} + {{- if $objectData.backups.revision -}} + {{- $serverName = printf "%s-r%s" $serverName $objectData.backups.revision -}} + {{- end -}} + {{- end -}} + + {{- $data := (dict + "serverName" $serverName + "destinationPath" $destinationPath + "creds" $creds + "key" $key + ) -}} + + {{- $data | toYaml -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/barmanObjectStore/_s3.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/barmanObjectStore/_s3.tpl new file mode 100644 index 0000000..51424df --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/barmanObjectStore/_s3.tpl @@ -0,0 +1,38 @@ +{{- define "tc.v1.common.lib.cnpg.cluster.barmanObjectStoreConfig.s3" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $type := .type -}} + {{- $data := .data -}} + + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}} + {{- $secretName := (printf "%s-cnpg-%s-provider-%s-s3-creds" $fullname $objectData.shortName $type) -}} + + {{- $calcData := include "tc.v1.common.lib.cnpg.cluster.barmanObjectStoreConfig.getData" (dict + "rootCtx" $rootCtx "objectData" $objectData "type" $type) | fromYaml + -}} + + {{- $serverName := $calcData.serverName -}} + {{- $destinationPath := $calcData.destinationPath -}} + {{- $endpointURL := $calcData.creds.url -}} + {{- $bucket := $calcData.creds.bucket -}} + {{- $path := $calcData.creds.path -}} + {{- $key := $calcData.key -}} + + {{- if not $destinationPath -}} + {{- if $path -}} + {{- $destinationPath = (printf "s3://%s/%s/%s/cnpg" $bucket ($path | trimSuffix "/") $rootCtx.Release.Name) -}} + {{- else -}} + {{- $destinationPath = (printf "s3://%s/%s/cnpg" $bucket $rootCtx.Release.Name) -}} + {{- end -}} + {{- end }} +endpointURL: {{ $endpointURL }} +destinationPath: {{ $destinationPath }} +serverName: {{ $serverName }} +s3Credentials: + accessKeyId: + name: {{ $secretName }} + key: ACCESS_KEY_ID + secretAccessKey: + name: {{ $secretName }} + key: ACCESS_SECRET_KEY +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/cluster/_backup.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/cluster/_backup.tpl new file mode 100644 index 0000000..7287480 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/cluster/_backup.tpl @@ -0,0 +1,43 @@ +{{- define "tc.v1.common.lib.cnpg.cluster.backup" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $compression := "bzip2" -}} + {{- if and $objectData.backups.compression (not $objectData.backups.compression.enabled) -}} + {{- $compression = "" -}} + {{- end -}} + + {{- $encryption := "" -}} + {{- if and $objectData.backups.encryption $objectData.backups.encryption.enabled -}} + {{- $encryption = "AES256" -}} + {{- end }} +backup: + {{- with $objectData.backups.target }} + target: {{ . }} + {{- end }} + retentionPolicy: {{ $objectData.backups.retentionPolicy }} + barmanObjectStore: + data: + jobs: {{ $objectData.backups.jobs | default 2 }} + {{- with $compression }} + compression: {{ . }} + {{- end -}} + {{- with $encryption }} + encryption: {{ . }} + {{- end -}} + {{- if or $compression $encryption }} + wal: + {{- with $compression }} + compression: {{ . }} + {{- end -}} + {{- with $encryption }} + encryption: {{ . }} + {{- end -}} + {{- end -}} + {{/* Fetch provider data */}} + {{/* Get the creds defined in backup.$provider */}} + {{- $creds := (get $rootCtx.Values.credentials $objectData.backups.credentials) -}} + {{- include "tc.v1.common.lib.credentials.validation" (dict "rootCtx" $rootCtx "caller" "CNPG Backup" "credName" $objectData.backups.credentials) -}} + + {{- include (printf "tc.v1.common.lib.cnpg.cluster.barmanObjectStoreConfig.%s" $creds.type) (dict "rootCtx" $rootCtx "objectData" $objectData "data" $creds "type" "backup") | nindent 4 -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/cluster/_boostrapRecovery.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/cluster/_boostrapRecovery.tpl new file mode 100644 index 0000000..77a5dcd --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/cluster/_boostrapRecovery.tpl @@ -0,0 +1,25 @@ +{{/* Recovery Template, called when mode is recovery */}} +{{- define "tc.v1.common.lib.cnpg.cluster.bootstrap.recovery" }} + {{- $objectData := .objectData }} +recovery: + secret: + name: {{ printf "%s-user" $objectData.clusterName }} + database: {{ $objectData.database }} + owner: {{ $objectData.user }} + {{- if eq $objectData.recovery.method "backup" }} + backup: + name: {{ $objectData.recovery.backupName }} + {{- else if eq $objectData.recovery.method "object_store" -}} + {{- $serverName := $objectData.recovery.serverName | default $objectData.clusterName -}} + {{- if $objectData.recovery.revision -}} + {{- $serverName = printf "%s-r%s" $serverName $objectData.recovery.revision -}} + {{- end }} + source: {{ $serverName }} + {{- end -}} + {{- if $objectData.recovery.pitrTarget -}} + {{- with $objectData.recovery.pitrTarget.time }} + recoveryTarget: + targetTime: {{ . | quote }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/cluster/_bootstrapRecoveryExternalCluster.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/cluster/_bootstrapRecoveryExternalCluster.tpl new file mode 100644 index 0000000..bea693c --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/cluster/_bootstrapRecoveryExternalCluster.tpl @@ -0,0 +1,22 @@ +{{/* Recovery from externalClusters Template, called when mode is recovery */}} +{{- define "tc.v1.common.lib.cnpg.cluster.bootstrap.recovery.externalCluster" }} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if eq $objectData.recovery.method "object_store" }} +externalClusters: + {{- $serverName := $objectData.recovery.serverName | default $objectData.clusterName -}} + {{- if $objectData.recovery.revision -}} + {{- $serverName = printf "%s-r%s" $serverName $objectData.recovery.revision -}} + {{- end }} + - name: {{ $serverName }} + barmanObjectStore: + + {{/* Fetch provider data */}} + {{/* Get the creds defined in backup.$provider */}} + {{- $creds := (get $rootCtx.Values.credentials $objectData.recovery.credentials) -}} + {{- include "tc.v1.common.lib.credentials.validation" (dict "rootCtx" $rootCtx "caller" "CNPG Recovery External Cluster" "credName" $objectData.recovery.credentials) -}} + + {{- include (printf "tc.v1.common.lib.cnpg.cluster.barmanObjectStoreConfig.%s" $creds.type) (dict "rootCtx" $rootCtx "objectData" $objectData "data" $creds "type" "recovery") | nindent 6 -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/cluster/_bootstrapStandalone.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/cluster/_bootstrapStandalone.tpl new file mode 100644 index 0000000..99eb240 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/cluster/_bootstrapStandalone.tpl @@ -0,0 +1,78 @@ +{{- define "tc.v1.common.lib.cnpg.cluster.bootstrap.standalone" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $initdb := dict -}} + {{- $postInitSQL := list -}} + {{- $postInitTemplateSQL := list -}} + {{- $postInitApplicationSQL := list -}} + {{- $dataChecksums := true -}} + {{- if not (hasKey $objectData.cluster "initdb") -}} + {{- $_ := set $objectData.cluster "initdb" dict -}} + {{- end -}} + + {{- if (kindIs "bool" $objectData.cluster.initdb.dataChecksums) -}} + {{- $dataChecksums = $objectData.cluster.initdb.dataChecksums -}} + {{- end -}} + + {{/* PostInitApplicationSQL */}} + {{- if eq $objectData.type "timescaledb" -}} + {{- $postInitApplicationSQL = concat $postInitApplicationSQL (list + "CREATE EXTENSION IF NOT EXISTS timescaledb;") -}} + {{- end -}} + {{- if eq $objectData.type "postgis" -}} + {{- $postInitApplicationSQL = concat $postInitApplicationSQL (list + "CREATE EXTENSION IF NOT EXISTS postgis;" + "CREATE EXTENSION IF NOT EXISTS postgis_topology;" + "CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;" + "CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;") -}} + {{- end }} + + {{- if eq $objectData.type "vectors" -}} + {{- $postInitApplicationSQL = concat $postInitApplicationSQL (list + "CREATE EXTENSION IF NOT EXISTS vectors;") -}} + {{- end -}} + + {{- if $objectData.cluster.initdb -}} + {{- $postInitApplicationSQL = concat $postInitApplicationSQL ( $objectData.cluster.initdb.postInitApplicationSQL | default list ) -}} + {{- $postInitSQL = concat $postInitSQL ( $objectData.cluster.initdb.postInitSQL | default list ) -}} + {{- $postInitTemplateSQL = concat $postInitTemplateSQL ( $objectData.cluster.initdb.postInitTemplateSQL | default list ) -}} + {{- end -}} + +initdb: + secret: + name: {{ printf "%s-user" $objectData.clusterName }} + database: {{ $objectData.database }} + owner: {{ $objectData.user }} + dataChecksums: {{ $dataChecksums }} + {{- with $objectData.cluster.initdb.encoding }} + encoding: {{ . }} + {{- end -}} + {{- with $objectData.cluster.initdb.localeCollate }} + localeCollate: {{ . }} + {{- end -}} + {{- with $objectData.cluster.initdb.localeCtype }} + localeCtype: {{ . }} + {{- end -}} + {{- with $objectData.cluster.initdb.walSegmentSize }} + walSegmentSize: {{ . }} + {{- end -}} + {{- if $postInitApplicationSQL }} + postInitApplicationSQL: + {{- range $v := $postInitApplicationSQL }} + - {{ tpl $v $rootCtx | quote }} + {{- end -}} + {{- end -}} + {{- if $postInitSQL }} + postInitSQL: + {{- range $v := $postInitSQL }} + - {{ tpl $v $rootCtx | quote }} + {{- end -}} + {{- end -}} + {{- if $postInitTemplateSQL }} + postInitTemplateSQL: + {{- range $v := $postInitTemplateSQL }} + - {{ tpl $v $rootCtx | quote }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/cluster/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/cluster/_validation.tpl new file mode 100644 index 0000000..b0ea878 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/cluster/_validation.tpl @@ -0,0 +1,146 @@ +{{- define "tc.v1.common.lib.cnpg.cluster.validation" -}} + {{- $objectData := .objectData -}} + + {{- $requiredKeys := (list "database" "user" "password") -}} + {{- range $key := $requiredKeys -}} + {{- if not (get $objectData $key) -}} + {{- fail (printf "CNPG - Expected a non-empty [%s] key" $key) -}} + {{- end -}} + {{- end -}} + + {{/* Kinda imposibble to happen, as we explicitly set it to string on the spawner */}} + {{- if not (kindIs "string" $objectData.pgVersion) -}} + {{/* We must ensure that this is a string, as it is used in image selector that require a string */}} + {{- fail (printf "CNPG - Expected [pgVersion] to be a string, but got [%s]" (kindOf $objectData.pgVersion)) -}} + {{- end -}} + + {{- $validVersions := (list "15" "16") -}} + {{- if not (mustHas $objectData.pgVersion $validVersions) -}} + {{- fail (printf "CNPG - Expected [pgVersion] to be one of [%s], but got [%s]" (join ", " $validVersions) $objectData.pgVersion) -}} + {{- end -}} + + {{- if (hasKey $objectData "hibernate") -}} + {{- if not (kindIs "bool" $objectData.hibernate) -}} + {{- fail (printf "CNPG - Expected [hibernate] to be a boolean, but got [%s]" (kindOf $objectData.hibernate)) -}} + {{- end -}} + {{- end -}} + + {{- if (hasKey $objectData "instances") -}} + {{- if lt ($objectData.instances | int) 1 -}} + {{- fail (printf "CNPG - Expected [instances] to be greater than 0, but got [%d]" ($objectData.instances | int)) -}} + {{- end -}} + {{- end -}} + + {{- if (hasKey $objectData "mode") -}} + {{- $validModes := (list "standalone" "replica" "recovery") -}} + {{- if not (mustHas $objectData.mode $validModes) -}} + {{- fail (printf "CNPG Cluster - Expected [mode] to be one of [%s], but got [%s]" (join ", " $validModes) $objectData.mode) -}} + {{- end -}} + {{- end -}} + + {{- if (hasKey $objectData "type") -}} + {{- $validTypes := (list "postgres" "postgis" "timescaledb" "vectors") -}} + {{- if not (mustHas $objectData.type $validTypes) -}} + {{- fail (printf "CNPG Cluster - Expected [type] to be one of [%s], but got [%s]" (join ", " $validTypes) $objectData.type) -}} + {{- end -}} + {{- end -}} + + {{- if (hasKey $objectData "cluster") -}} + {{- if (hasKey $objectData.cluster "logLevel") -}} + {{- $validLevels := (list "error" "warning" "info" "debug" "trace") -}} + {{- if not (mustHas $objectData.cluster.logLevel $validLevels) -}} + {{- fail (printf "CNPG Cluster - Expected [cluster.logLevel] to be one of [%s], but got [%s]" (join ", " $validLevels) $objectData.cluster.logLevel) -}} + {{- end -}} + {{- end -}} + + {{- if (hasKey $objectData.cluster "primaryUpdateStrategy") -}} + {{- $validStrategies := (list "supervised" "unsupervised") -}} + {{- if not (mustHas $objectData.cluster.primaryUpdateStrategy $validStrategies) -}} + {{- fail (printf "CNPG Cluster - Expected [cluster.primaryUpdateStrategy] to be one of [%s], but got [%s]" (join ", " $validStrategies) $objectData.cluster.primaryUpdateStrategy) -}} + {{- end -}} + {{- end -}} + + {{- if (hasKey $objectData.cluster "primaryUpdateMethod") -}} + {{- $validMethods := (list "switchover" "restart") -}} + {{- if not (mustHas $objectData.cluster.primaryUpdateMethod $validMethods) -}} + {{- fail (printf "CNPG Cluster - Expected [cluster.primaryUpdateMethod] to be one of [%s], but got [%s]" (join ", " $validMethods) $objectData.cluster.primaryUpdateMethod) -}} + {{- end -}} + {{- end -}} + + {{- if (hasKey $objectData.cluster "initdb") -}} + {{- with $objectData.cluster.initdb.walSegmentSize -}} + {{- if not (mustHas (kindOf .) (list "int" "int64" "float64")) -}} + {{- fail (printf "CNPG Cluster - Expected [cluster.initdb.walSegmentSize] to be an integer, but got [%s]" (kindOf .)) -}} + {{- end -}} + {{- if or (lt (. | int) 1) (gt (. | int) 1024) -}} + {{- fail (printf "CNPG Cluster - Expected [cluster.initdb.walSegmentSize] to be between 1 and 1024, but got [%d]" (. | int)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if eq $objectData.mode "recovery" -}} + {{- if not $objectData.recovery -}} + {{- fail "CNPG Recovery - Expected a non-empty [recovery] key" -}} + {{- end -}} + + {{- $validMethods := (list "backup" "object_store" "pg_basebackup") -}} + {{- if not (mustHas $objectData.recovery.method $validMethods) -}} + {{- fail (printf "CNPG Recovery - Expected [recovery.method] to be one of [%s], but got [%s]" (join ", " $validMethods) $objectData.recovery.method) -}} + {{- end -}} + {{- if eq $objectData.recovery.method "backup" -}} + {{- if not $objectData.recovery.backupName -}} + {{- fail "CNPG Recovery - Expected a non-empty [recovery.backupName] key" -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if and $objectData.recovery $objectData.recovery.revision -}} + {{- if not (kindIs "string" $objectData.recovery.revision) -}} + {{- fail (printf "CNPG Recovery - Expected [recovery.revision] to be a string, got [%s]" (kindOf $objectData.recovery.revision)) -}} + {{- end -}} + {{- end -}} + + {{- if and $objectData.backups $objectData.backups.revision -}} + {{- if not (kindIs "string" $objectData.backups.revision) -}} + {{- fail (printf "CNPG Backup - Expected [backups.revision] to be a string, got [%s]" (kindOf $objectData.backups.revision)) -}} + {{- end -}} + {{- end -}} + + {{- if (hasKey $objectData "backups") -}} + {{- if and $objectData.backups.enabled $objectData.backups.target -}} + {{- $validTargets := (list "primary" "prefer-standby") -}} + {{- if not (mustHas $objectData.backups.target $validTargets) -}} + {{- fail (printf "CNPG Backup - Expected [backups.target] to be one of [%s], but got [%s]" (join ", " $validTargets) $objectData.backups.target) -}} + {{- end -}} + + {{- $regexPolicy := "^[1-9][0-9]*[dwm]$" -}} {{/* Copied from upstream */}} + {{- if not (mustRegexMatch $regexPolicy $objectData.backups.retentionPolicy) -}} + {{- fail (printf "CNPG Backup - Expected [backups.retentionPolicy] to match regex [%s], got [%s]" $regexPolicy $objectData.backups.retentionPolicy) -}} + {{- end -}} + + {{- if eq $objectData.mode "recovery" -}} + {{- $serverNameBackup := $objectData.backups.serverName | default $objectData.clusterName -}} + {{- $serverNameRecovery := $objectData.recovery.serverName | default $objectData.clusterName -}} + + {{- if $objectData.backups.revision -}} + {{- $serverNameBackup = printf "%s-r%s" $serverNameBackup $objectData.backups.revision -}} + {{- end -}} + + {{- if $objectData.recovery.revision -}} + {{- $serverNameRecovery = printf "%s-r%s" $serverNameRecovery $objectData.recovery.revision -}} + {{- end -}} + + {{- if eq $serverNameBackup $serverNameRecovery -}} + {{- if $objectData.backups.serverName -}} + {{- fail (printf "CNPG Backup/Recovery - [backups.serverName] and [backups.revision] cannot match [recovery.serverName] and [recovery.revision] when in recovery mode and backup is enabled, for CNPG cluster [%s]" $objectData.clusterName) -}} + {{- else -}} + {{- fail (printf "CNPG Backup/Recovery - [backups.revision] cannot match [recovery.revision] when in recovery mode and backup is enabled, for CNPG cluster [%s]" $objectData.clusterName) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/pooler/_spawner.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/pooler/_spawner.tpl new file mode 100644 index 0000000..e081487 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/pooler/_spawner.tpl @@ -0,0 +1,41 @@ +{{- define "tc.v1.common.lib.cnpg.spawner.pooler" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if not (hasKey $objectData "pooler") -}} + {{- $_ := set $objectData "pooler" dict -}} + {{- end -}} + + {{- $monitoring := false -}} + {{- if (hasKey $objectData "monitoring") -}} + {{- if (kindIs "bool" $objectData.monitoring.enablePodMonitor) -}} + {{- $monitoring := $objectData.monitoring.enablePodMonitor -}} + {{- end -}} + {{- end -}} + + {{- $_ := set $objectData.pooler "type" "rw" -}} + {{/* Validate Pooler */}} + {{- include "tc.v1.common.lib.cnpg.pooler.validation" (dict "objectData" $objectData) -}} + + {{/* Create the RW Pooler object */}} + {{- include "tc.v1.common.class.cnpg.pooler" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} + + {{- if $monitoring -}} {{/* TODO: Unit tests for Pooler Metrics */}} + {{- $poolerMetrics := include "tc.v1.common.lib.cnpg.metrics.pooler" (dict "poolerName" (printf "%s-rw" $objectData.name)) | fromYaml -}} + {{- $_ := set $.Values.metrics (printf "cnpg-%s-rw" $objectData.shortName) $poolerMetrics -}} + {{- end -}} + + {{- if $objectData.pooler.createRO -}} + {{- $_ := set $objectData.pooler "type" "ro" -}} + + {{/* Validate Pooler */}} + {{- include "tc.v1.common.lib.cnpg.pooler.validation" (dict "objectData" $objectData) -}} + {{/* Create the RO Pooler object */}} + {{- include "tc.v1.common.class.cnpg.pooler" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} + + {{- if $monitoring -}} {{/* TODO: Unit tests for Pooler Metrics */}} + {{- $poolerMetrics := include "tc.v1.common.lib.cnpg.metrics.pooler" (dict "poolerName" (printf "%s-rw" $objectData.name)) | fromYaml -}} + {{- $_ := set $.Values.metrics (printf "cnpg-%s-ro" $objectData.shortName) $poolerMetrics -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/pooler/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/pooler/_validation.tpl new file mode 100644 index 0000000..b590318 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/pooler/_validation.tpl @@ -0,0 +1,21 @@ +{{- define "tc.v1.common.lib.cnpg.pooler.validation" -}} + {{- $objectData := .objectData -}} + + {{- $validTypes := (list "rw" "ro") -}} + {{- if not (mustHas $objectData.pooler.type $validTypes) -}} + {{- fail (printf "CNPG Pooler - Expected [type] to be one one of [%s], but got [%s]" (join ", " $validTypes) $objectData.pooler.type) -}} + {{- end -}} + + {{- if (hasKey $objectData.pooler "instances") -}} + {{- if lt ($objectData.pooler.instances | int) 1 -}} + {{- fail (printf "CNPG Pooler - Expected [instances] to be greater than 0, but got [%d]" ($objectData.instances | int)) -}} + {{- end -}} + {{- end -}} + + {{- $validPgModes := (list "session" "transaction") -}} + {{- if $objectData.pooler.poolMode -}} + {{- if not (mustHas $objectData.pooler.poolMode $validPgModes) -}} + {{- fail (printf "CNPG Pooler - Expected [poolMode] to be one of [%s], but got [%s]" (join ", " $validPgModes) $objectData.pooler.poolMode) -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/providers/_providerSecretSpawner.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/providers/_providerSecretSpawner.tpl new file mode 100644 index 0000000..3e2db80 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/providers/_providerSecretSpawner.tpl @@ -0,0 +1,33 @@ +{{- define "tc.v1.common.lib.cnpg.provider.secret.spawner" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $type := .type -}} + + {{- if not $type -}} + {{- fail "CNPG Provider Secret Spawner - No [type] was given" -}} + {{- end -}} + + {{- $provider := "" -}} + {{- $creds := dict -}} + {{- if eq $type "backup" -}} + {{- if not $objectData.backups.credentials -}} + {{- fail "CNPG Recovery Provider Secret Spawner - Expected [backups.credentials] to be defined on [backup] mode" -}} + {{- end -}} + {{/* Get the creds defined in backup.$provider */}} + {{- $creds = (get $rootCtx.Values.credentials $objectData.backups.credentials) -}} + {{- include "tc.v1.common.lib.credentials.validation" (dict "rootCtx" $rootCtx "caller" "CNPG Backup" "credName" $objectData.backups.credentials) -}} + {{- $provider = $creds.type -}} + {{- else if eq $type "recovery" -}} + {{- if not $objectData.recovery.credentials -}} + {{- fail "CNPG Recovery Provider Secret Spawner - Expected [recovery.credentials] to be defined on [recovery] mode" -}} + {{- end -}} + {{/* Get the creds defined in recovery.$provider */}} + {{- $creds = (get $rootCtx.Values.credentials $objectData.recovery.credentials) -}} + {{- include "tc.v1.common.lib.credentials.validation" (dict "rootCtx" $rootCtx "caller" "CNPG Backup" "credName" $objectData.recovery.credentials) -}} + {{- $provider = $creds.type -}} + {{- end -}} + + {{- with (include (printf "tc.v1.common.lib.cnpg.provider.%s.secret" $provider) (dict "creds" $creds) | fromYaml) -}} + {{- $_ := set $rootCtx.Values.secret (printf "cnpg-%s-provider-%s-%s-creds" $objectData.shortName $type $provider) . -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/providers/_s3.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/providers/_s3.tpl new file mode 100644 index 0000000..34f51d2 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/providers/_s3.tpl @@ -0,0 +1,7 @@ +{{- define "tc.v1.common.lib.cnpg.provider.s3.secret" -}} +{{- $creds := .creds }} +enabled: true +data: + ACCESS_KEY_ID: {{ $creds.accessKey | default "" | quote }} + ACCESS_SECRET_KEY: {{ $creds.secretKey | default "" | quote }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/scheduledBackup/_spawner.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/scheduledBackup/_spawner.tpl new file mode 100644 index 0000000..9688241 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/scheduledBackup/_spawner.tpl @@ -0,0 +1,18 @@ +{{- define "tc.v1.common.lib.cnpg.spawner.scheduledBackups" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- range $schedBackup := $objectData.backups.scheduledBackups -}} + {{- $_ := set $objectData "backupName" $schedBackup.name -}} + {{- $_ := set $objectData "backupLabels" $schedBackup.labels -}} + {{- $_ := set $objectData "backupAnnotations" $schedBackup.annotations -}} + + {{/* Make a copy of the objectData */}} + {{- $newObjectData := mustDeepCopy $objectData -}} + {{/* Add the scheduled backup data */}} + {{- $_ := set $newObjectData "schedData" $schedBackup -}} + + {{- include "tc.v1.common.lib.cnpg.scheduledBackup.validation" (dict "objectData" $newObjectData) }} + {{- include "tc.v1.common.class.cnpg.scheduledbackup" (dict "rootCtx" $rootCtx "objectData" $newObjectData) -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/cnpg/scheduledBackup/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/cnpg/scheduledBackup/_validation.tpl new file mode 100644 index 0000000..8138b86 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/cnpg/scheduledBackup/_validation.tpl @@ -0,0 +1,30 @@ +{{- define "tc.v1.common.lib.cnpg.scheduledBackup.validation" -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.backupName -}} + {{- fail "CNPG Scheduled Backup - Expected non-empty [name] in [backups.scheduledBackups] entry" -}} + {{- end -}} + + {{- if not $objectData.schedData.schedule -}} + {{- fail "CNPG Scheduled Backup - Expected non-empty [schedule] in [backups.scheduledBackups] entry" -}} + {{- end -}} + + {{- if (hasKey $objectData.schedData "backupOwnerReference") -}} + {{- $validOwnerRefs := (list "none" "self" "cluster") -}} + {{- if not (mustHas $objectData.schedData.backupOwnerReference $validOwnerRefs) -}} + {{- fail (printf "CNPG Scheduled Backup - Expected [backupOwnerReference] in [backups.scheduledBackups] entry to be one of [%s], but got [%s]" (join ", " $validOwnerRefs) $objectData.schedData.backupOwnerReference) -}} + {{- end -}} + {{- end -}} + + {{- if (hasKey $objectData.schedData "immediate") -}} + {{- if not (kindIs "bool" $objectData.schedData.immediate) -}} + {{- fail (printf "CNPG Scheduled Backup - Expected [immediate] in [backups.scheduledBackups] entry to be a boolean, but got [%s]" (kindOf $objectData.schedData.immediate)) -}} + {{- end -}} + {{- end -}} + + {{- if (hasKey $objectData.schedData "suspend") -}} + {{- if not (kindIs "bool" $objectData.schedData.suspend) -}} + {{- fail (printf "CNPG Scheduled Backup - Expected [suspend] in [backups.scheduledBackups] entry to be a boolean, but got [%s]" (kindOf $objectData.schedData.suspend)) -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/configmap/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/configmap/_validation.tpl new file mode 100644 index 0000000..e7d09c0 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/configmap/_validation.tpl @@ -0,0 +1,21 @@ +{{/* Configmap Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.configmap.validation" (dict "objectData" $objectData) -}} +objectData: + labels: The labels of the configmap. + annotations: The annotations of the configmap. + data: The data of the configmap. +*/}} + +{{- define "tc.v1.common.lib.configmap.validation" -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.data -}} + {{- fail "ConfigMap - Expected non-empty [data]" -}} + {{- end -}} + + {{- if not (kindIs "map" $objectData.data) -}} + {{- fail (printf "ConfigMap - Expected [data] to be a dictionary, but got [%v]" (kindOf $objectData.data)) -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/_args.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/_args.tpl new file mode 100644 index 0000000..afe3825 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/_args.tpl @@ -0,0 +1,22 @@ +{{/* Returns args list */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.args" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.args" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- range $key := (list "args" "extraArgs") -}} + {{- with (get $objectData $key) -}} + {{- if kindIs "string" . }} +- {{ tpl . $rootCtx | quote }} + {{- else if kindIs "slice" . -}} + {{- range $arg := . }} +- {{ tpl $arg $rootCtx | quote }} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/_command.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/_command.tpl new file mode 100644 index 0000000..1a83eb8 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/_command.tpl @@ -0,0 +1,18 @@ +{{/* Returns command list */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.command" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.command" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if kindIs "string" $objectData.command }} +- {{ tpl $objectData.command $rootCtx | quote }} + {{- else if kindIs "slice" $objectData.command -}} + {{- range $objectData.command }} +- {{ tpl . $rootCtx | quote }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/_env.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/_env.tpl new file mode 100644 index 0000000..01233a5 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/_env.tpl @@ -0,0 +1,93 @@ +{{/* Returns Env */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.env" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.env" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- range $k, $v := $objectData.env -}} + {{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "env" "key" $k) }} +- name: {{ $k | quote }} + {{- if not (kindIs "map" $v) -}} + {{- $value := "" -}} + {{- if not (kindIs "invalid" $v) -}} {{/* Only tpl non-empty values */}} + {{- $value = $v -}} + {{- if kindIs "string" $v -}} + {{- $value = tpl $v $rootCtx -}} + {{- end -}} + {{- end }} + value: {{ include "tc.v1.common.helper.makeIntOrNoop" $value | quote }} + {{- else if kindIs "map" $v }} + valueFrom: + {{- $refs := (list "configMapKeyRef" "secretKeyRef" "fieldRef") -}} + {{- if or (ne (len ($v | keys)) 1) (not (mustHas ($v | keys | first) $refs)) -}} + {{- fail (printf "Container - Expected [env] with a ref to have one of [%s], but got [%s]" (join ", " $refs) (join ", " ($v | keys | sortAlpha))) -}} + {{- end -}} + + {{- $name := "" -}} + + + {{- range $key := (list "configMapKeyRef" "secretKeyRef") -}} + {{- if hasKey $v $key }} + {{ $key }}: + {{- $obj := get $v $key -}} + {{- if not $obj.name -}} + {{- fail (printf "Container - Expected non-empty [env.%s.name]" $key) -}} + {{- end -}} + + {{- if not $obj.key -}} + {{- fail (printf "Container - Expected non-empty [env.%s.key]" $key) -}} + {{- end }} + key: {{ $obj.key | quote }} + + {{- $name = tpl $obj.name $rootCtx -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $rootCtx "objectData" $obj + "name" $k "caller" "Container" + "key" "env")) -}} + + {{- if eq $expandName "true" -}} + {{- $item := ($key | trimSuffix "KeyRef" | lower) -}} + + {{- $data := (get $rootCtx.Values $item) -}} + {{- $data = (get $data $name) -}} + + {{- if not $data -}} + {{- fail (printf "Container - Expected in [env] the referenced %s [%s] to be defined" ($item | camelcase | title) $name) -}} + {{- end -}} + + {{- $found := false -}} + {{- range $k, $v := $data.data -}} + {{- if eq $k $obj.key -}} + {{- $found = true -}} + {{- end -}} + {{- end -}} + + {{- if not $found -}} + {{- fail (printf "Container - Expected in [env] the referenced key [%s] in %s [%s] to be defined" $obj.key ($item | camelcase | title) $name) -}} + {{- end -}} + + {{- $name = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $name) -}} + {{- end }} + name: {{ $name | quote }} + {{- end -}} + {{- end -}} + + {{- if hasKey $v "fieldRef" }} + fieldRef: + {{- if not $v.fieldRef.fieldPath -}} + {{- fail "Container - Expected non-empty [env.fieldRef.fieldPath]" -}} + {{- end }} + fieldPath: {{ $v.fieldRef.fieldPath | quote }} + {{- if $v.fieldRef.apiVersion }} + apiVersion: {{ $v.fieldRef.apiVersion | quote }} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/_envFrom.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/_envFrom.tpl new file mode 100644 index 0000000..213e0fd --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/_envFrom.tpl @@ -0,0 +1,59 @@ +{{/* Returns Env From */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.envFrom" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.envFrom" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $refs := (list "configMapRef" "secretRef") -}} + {{- range $envFrom := $objectData.envFrom -}} + {{- if and (not $envFrom.secretRef) (not $envFrom.configMapRef) -}} + {{- fail (printf "Container - Expected [envFrom] entry to have one of [%s]" (join ", " $refs)) -}} + {{- end -}} + + {{- if and $envFrom.secretRef $envFrom.configMapRef -}} + {{- fail (printf "Container - Expected [envFrom] entry to have only one of [%s], but got both" (join ", " $refs)) -}} + {{- end -}} + + {{- range $ref := $refs -}} + {{- with (get $envFrom $ref) -}} + {{- if not .name -}} + {{- fail (printf "Container - Expected non-empty [envFrom.%s.name]" $ref) -}} + {{- end -}} + + {{- $objectName := tpl .name $rootCtx -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $rootCtx "objectData" . + "name" $ref "caller" "Container" + "key" "envFrom")) -}} + + {{- if eq $expandName "true" -}} + {{- $object := dict -}} + {{- $source := "" -}} + {{- if eq $ref "configMapRef" -}} + {{- $object = (get $rootCtx.Values.configmap $objectName) -}} + {{- $source = "ConfigMap" -}} + {{- else if eq $ref "secretRef" -}} + {{- $object = (get $rootCtx.Values.secret $objectName) -}} + {{- $source = "Secret" -}} + {{- end -}} + + {{- if not $object -}} + {{- fail (printf "Container - Expected %s [%s] defined in [envFrom] to exist" $source $objectName) -}} + {{- end -}} + {{- range $k, $v := $object.data -}} + {{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" (printf "%s - %s" $source $objectName) "key" $k) -}} + {{- end -}} + + {{- $objectName = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $objectName) -}} + {{- end }} +- {{ $ref }}: + name: {{ $objectName | quote }} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/_envList.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/_envList.tpl new file mode 100644 index 0000000..df491a4 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/_envList.tpl @@ -0,0 +1,23 @@ +{{/* Returns Env List */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.envList" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.envList" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- range $env := $objectData.envList -}} + {{- if not $env.name -}} + {{- fail "Container - Expected non-empty [envList.name]" -}} + {{- end -}} {{/* Empty value is valid */}} + {{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "envList" "key" $env.name) -}} + {{- $value := $env.value -}} + {{- if kindIs "string" $env.value -}} + {{- $value = tpl $env.value $rootCtx -}} + {{- end }} +- name: {{ $env.name | quote }} + value: {{ include "tc.v1.common.helper.makeIntOrNoop" $value | quote }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/_fixedEnv.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/_fixedEnv.tpl new file mode 100644 index 0000000..a25887e --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/_fixedEnv.tpl @@ -0,0 +1,97 @@ +{{/* Returns Fixed Env */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.fixedEnv" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.fixedEnv" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{/* Avoid nil pointers */}} + {{- if not (hasKey $objectData "fixedEnv") -}} + {{- $_ := set $objectData "fixedEnv" dict -}} + {{- end -}} + + {{- $nvidiaCaps := $rootCtx.Values.containerOptions.NVIDIA_CAPS -}} + + {{- if $objectData.fixedEnv.NVIDIA_CAPS -}} + {{- $nvidiaCaps = $objectData.fixedEnv.NVIDIA_CAPS -}} + {{- end -}} + + {{- if not (deepEqual $nvidiaCaps (mustUniq $nvidiaCaps)) -}} + {{- fail (printf "Container - Expected [fixedEnv.NVIDIA_CAPS] to have only unique values, but got [%s]" (join ", " $nvidiaCaps)) -}} + {{- end -}} + + {{- $caps := (list "all" "compute" "utility" "graphics" "video") -}} + {{- range $cap := $nvidiaCaps -}} + {{- if not (mustHas $cap $caps) -}} + {{- fail (printf "Container - Expected [fixedEnv.NVIDIA_CAPS] entry to be one of [%s], but got [%s]" (join ", " $caps) $cap) -}} + {{- end -}} + {{- end -}} + + {{- $secContext := fromJson (include "tc.v1.common.lib.container.securityContext.calculate" (dict "rootCtx" $rootCtx "objectData" $objectData)) -}} + + {{- $fixed := list -}} + {{- $TZ := $objectData.fixedEnv.TZ | default $rootCtx.Values.TZ -}} + {{- $UMASK := $objectData.fixedEnv.UMASK | default $rootCtx.Values.securityContext.container.UMASK -}} + {{- $PUID := $objectData.fixedEnv.PUID | default $rootCtx.Values.securityContext.container.PUID -}} + {{- if and (not (kindIs "invalid" $objectData.fixedEnv.PUID)) (eq (int $objectData.fixedEnv.PUID) 0) -}} + {{- $PUID = $objectData.fixedEnv.PUID -}} + {{- end -}} + {{/* calculatedFSGroup is passed from the pod */}} + {{- $PGID := $objectData.calculatedFSGroup -}} + + {{- $fixed = mustAppend $fixed (dict "k" "TZ" "v" $TZ) -}} + {{- $fixed = mustAppend $fixed (dict "k" "UMASK" "v" $UMASK) -}} + {{- $fixed = mustAppend $fixed (dict "k" "UMASK_SET" "v" $UMASK) -}} + + {{- $nvidia := false -}} + {{- if eq (include "tc.v1.common.lib.container.resources.hasGPU" (dict "rootCtx" $rootCtx "objectData" $objectData "gpuType" "nvidia.com/gpu")) "true" -}} + {{- $nvidia = true -}} + {{- end -}} + + {{- if and ($rootCtx.Values.resources) ($rootCtx.Values.resources.limits) -}} + {{- range $k, $v := $rootCtx.Values.resources.limits -}} + {{- if and (eq $k "nvidia.com/gpu") (gt ($v | int) 0) -}} + {{- $nvidia = true -}} + {{- break -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if and ($objectData.resources) ($objectData.resources.limits) -}} + {{- range $k, $v := $objectData.resources.limits -}} + {{- if and (eq $k "nvidia.com/gpu") (gt ($v | int) 0) -}} + {{- $nvidia = true -}} + {{- break -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if $nvidia -}} + {{- $fixed = mustAppend $fixed (dict "k" "NVIDIA_DRIVER_CAPABILITIES" "v" (join "," $nvidiaCaps)) -}} + {{- else -}} + {{- $fixed = mustAppend $fixed (dict "k" "NVIDIA_VISIBLE_DEVICES" "v" "void") -}} + {{- end -}} + + {{/* If running as root and PUID is set (0 or greater), set related envs */}} + {{- if and (or (eq (int $secContext.runAsUser) 0) (eq (int $secContext.runAsGroup) 0)) (ge (int $PUID) 0) -}} + {{- $fixed = mustAppend $fixed (dict "k" "PUID" "v" $PUID) -}} + {{- $fixed = mustAppend $fixed (dict "k" "USER_ID" "v" $PUID) -}} + {{- $fixed = mustAppend $fixed (dict "k" "UID" "v" $PUID) -}} + {{- $fixed = mustAppend $fixed (dict "k" "PGID" "v" $PGID) -}} + {{- $fixed = mustAppend $fixed (dict "k" "GROUP_ID" "v" $PGID) -}} + {{- $fixed = mustAppend $fixed (dict "k" "GID" "v" $PGID) -}} + {{- end -}} + {{/* If rootFS is readOnly OR does not as root, let s6 containers to know that fs is readonly */}} + {{- if or $secContext.readOnlyRootFilesystem $secContext.runAsNonRoot -}} + {{- $fixed = mustAppend $fixed (dict "k" "S6_READ_ONLY_ROOT" "v" "1") -}} + {{- end -}} + + {{- range $env := $fixed -}} + {{- include "tc.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "fixedEnv" "key" $env.k) }} +- name: {{ $env.k | quote }} + value: {{ (include "tc.v1.common.helper.makeIntOrNoop" $env.v) | quote }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/_imageSelector.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/_imageSelector.tpl new file mode 100644 index 0000000..8308841 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/_imageSelector.tpl @@ -0,0 +1,42 @@ +{{/* Returns the image dictionary */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.imageSelector" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.imageSelector" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $imageObj := dict -}} + + {{- $selector := "image" -}} + {{- with $objectData.imageSelector -}} + {{- $selector = tpl . $rootCtx -}} + {{- end -}} + + {{- if hasKey $rootCtx.Values $selector -}} + {{- $imageObj = get $rootCtx.Values $selector -}} + {{- else -}} + {{- fail (printf "Container - Expected [.Values.%s] to exist" $selector) -}} + {{- end -}} + + {{- if not $imageObj.repository -}} + {{- fail (printf "Container - Expected non-empty [.Values.%s.repository]" $selector) -}} + {{- end -}} + + {{- if not $imageObj.tag -}} + {{- fail (printf "Container - Expected non-empty [.Values.%s.tag]" $selector) -}} + {{- end -}} + + {{- if not $imageObj.pullPolicy -}} + {{- $_ := set $imageObj "pullPolicy" "IfNotPresent" -}} + {{- end -}} + + {{- $policies := (list "IfNotPresent" "Always" "Never") -}} + {{- if not (mustHas $imageObj.pullPolicy $policies) -}} + {{- fail (printf "Container - Expected [.Values.%s.pullPolicy] to be one of [%s], but got [%s]" $selector (join ", " $policies) $imageObj.pullPolicy) -}} + {{- end -}} + + {{- $imageObj | toJson -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/_lifecycle.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/_lifecycle.tpl new file mode 100644 index 0000000..2e2e9b9 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/_lifecycle.tpl @@ -0,0 +1,37 @@ +{{/* Returns lifecycle */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.lifecycle" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.lifecycle" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $hooks := (list "preStop" "postStart") -}} + {{- $types := (list "exec" "http" "https") -}} + {{- with $objectData.lifecycle -}} + {{- range $hook, $hookValues := . -}} + {{- if not (mustHas $hook $hooks) -}} + {{- fail (printf "Container - Expected [lifecycle] [hook] to be one of [%s], but got [%s]" (join ", " $hooks) $hook) -}} + {{- end -}} + + {{- if not $hookValues.type -}} + {{- fail "Container - Expected non-empty [lifecycle] [type]" -}} + {{- end -}} + + {{- if not (mustHas $hookValues.type $types) -}} + {{- fail (printf "Container - Expected [lifecycle] [type] to be one of [%s], but got [%s]" (join ", " $types) $hookValues.type) -}} + {{- end }} +{{ $hook }}: + {{- if eq $hookValues.type "exec" -}} + {{- include "tc.v1.common.lib.container.actions.exec" (dict "rootCtx" $rootCtx "objectData" $hookValues "caller" "lifecycle") | trim | nindent 2 -}} + {{- else if mustHas $hookValues.type (list "http" "https") -}} + {{- include "tc.v1.common.lib.container.actions.httpGet" (dict "rootCtx" $rootCtx "objectData" $hookValues "caller" "lifecycle") | trim | nindent 2 -}} + {{- end -}} + + {{- end -}} + {{- end -}} + + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/_ports.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/_ports.tpl new file mode 100644 index 0000000..932fe27 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/_ports.tpl @@ -0,0 +1,132 @@ +{{/* Returns ports list */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.ports" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.ports" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $portsByName := dict -}} + + {{- range $serviceName, $serviceValues := $rootCtx.Values.service -}} + {{- $podSelected := false -}} + {{/* If service is enabled... */}} + {{- if $serviceValues.enabled -}} + + {{/* If there is a selector */}} + {{- if $serviceValues.targetSelector -}} + + {{/* And pod is selected */}} + {{- if eq $serviceValues.targetSelector $objectData.podShortName -}} + {{- $podSelected = true -}} + {{- end -}} + + {{- else -}} + {{/* If no selector is defined but pod is primary */}} + {{- if $objectData.podPrimary -}} + {{- $podSelected = true -}} + {{- end -}} + + {{- end -}} + {{- end -}} + + {{- if $podSelected -}} + {{- range $portName, $portValues := $serviceValues.ports -}} + {{- $containerSelected := false -}} + + {{/* If service is enabled... */}} + {{- if $portValues.enabled -}} + {{/* If there is a selector */}} + {{- if $portValues.targetSelector -}} + + {{/* And container is selected */}} + {{- if eq $portValues.targetSelector $objectData.shortName -}} + {{- $containerSelected = true -}} + {{- end -}} + + {{- else -}} + {{/* If no selector is defined but container is primary */}} + {{- if $objectData.primary -}} + {{- $containerSelected = true -}} + {{- end -}} + + {{- end -}} + {{- end -}} + + {{/* If the container is selected render port */}} + {{- if $containerSelected -}} + {{- $containerPort := $portValues.targetPort | default $portValues.port -}} + {{- if kindIs "string" $containerPort -}} + {{- $containerPort = (tpl $containerPort $rootCtx) -}} + {{- end -}} + + {{- $tcpProtocols := (list "tcp" "http" "https") -}} + {{- $protocol := tpl ($portValues.protocol | default $rootCtx.Values.global.fallbackDefaults.serviceProtocol) $rootCtx -}} + {{- if mustHas $protocol $tcpProtocols -}} + {{- $protocol = "tcp" -}} + {{- end }} +- name: {{ $portName }} + containerPort: {{ $containerPort }} + protocol: {{ $protocol | upper }} + {{- with $portValues.hostPort }} + hostPort: {{ . }} + {{- else }} + hostPort: null + {{- end -}} + {{- $_ := set $portsByName $portName (dict "containerPort" (toString $containerPort) "serviceName" $serviceName) -}} + {{- end -}} + + {{- end -}} + {{- end -}} + {{- end -}} + + {{- include "tc.v1.common.lib.container.ports.detectSortingIssues" (dict "portsByName" $portsByName "rootCtx" $rootCtx) -}} + +{{- end -}} +{{/* Turning hostNetwork on, it creates hostPort automatically and turning it back off does not remove them. Setting hostPort explicitly to null will remove them. + There are still cases that hostPort is not removed, for example, if you have a TCP and UDP port with the same number. Only the TCPs hostPort will be removed. + Also note that setting hostPort to null always, it will NOT affect hostNetwork, as it will still create the hostPorts. + It only helps to remove them when hostNetwork is turned off. +*/}} + + +{{- define "tc.v1.common.lib.container.ports.detectSortingIssues" -}} + {{- $rootCtx := .rootCtx -}} + {{- $portsByName := .portsByName -}} + + {{- $portCounts := dict -}} + {{- range $name, $portValues := $portsByName -}} + {{- $count := 1 -}} + {{- $port := (get $portValues "containerPort") -}} + {{- if hasKey $portCounts $port -}} + {{- $count = add1 (get $portCounts $port) -}} + {{- end -}} + {{- $_ := set $portCounts $port $count -}} + {{- end -}} + + {{- $sorted := keys $portsByName | sortAlpha -}} + {{- range $idx, $name := $sorted -}} + {{- $portValues := (get $portsByName $name) -}} + {{- $port := $portValues.containerPort -}} + {{- if eq (get $portCounts $port) 1 -}} + {{- continue -}} + {{- end -}} + + {{- if lt $idx (sub (len $sorted) 1) -}} + {{- $nextPort := (get $portsByName (index $sorted (add1 $idx))).containerPort -}} + {{- if ne $port $nextPort -}} + {{- $portNamesUsingNum := list -}} + {{- range $name, $p := $portsByName -}} + {{- if eq $p.containerPort $port -}} + {{- $portNamesUsingNum = mustAppend $portNamesUsingNum $name -}} + {{- end -}} + {{- end -}} + {{- fail (printf "Port number [%s] is used by multiple ports [%s] in the service [%s] but their names are not adjacent when sorted alphabetically (Other ports in this container sorted: [%s]). This can cause issues with Kubernetes port updates." $port (join ", " $portNamesUsingNum) $portValues.serviceName (join ", " (keys $portsByName | sortAlpha))) -}} + {{- end -}} + {{- $_ := set $portCounts $port 1 -}} + {{- end -}} + + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/_primaryValidation.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/_primaryValidation.tpl new file mode 100644 index 0000000..6928a78 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/_primaryValidation.tpl @@ -0,0 +1,40 @@ +{{/* Containers Basic Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.primaryValidation" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +*/}} +{{- define "tc.v1.common.lib.container.primaryValidation" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{/* Initialize values */}} + {{- $hasPrimary := false -}} + {{- $hasEnabled := false -}} + + {{/* Go over the contaienrs */}} + {{- range $name, $container := $objectData.podSpec.containers -}} + + {{/* If container is enabled */}} + {{- if $container.enabled -}} + {{- $hasEnabled = true -}} + + {{/* And container is primary */}} + {{- if and (hasKey $container "primary") ($container.primary) -}} + + {{/* Fail if there is already a primary container */}} + {{- if $hasPrimary -}} + {{- fail "Container - Only one container can be primary per workload" -}} + {{- end -}} + + {{- $hasPrimary = true -}} + + {{- end -}} + {{- end -}} + + {{- end -}} + + {{/* Require at least one primary container, if any enabled */}} + {{- if and $hasEnabled (not $hasPrimary) -}} + {{- fail "Container - At least one enabled container must be primary per workload" -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/_probes.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/_probes.tpl new file mode 100644 index 0000000..53f0cfe --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/_probes.tpl @@ -0,0 +1,105 @@ +{{/* Returns Probes */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.probes" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.probes" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $probeNames := (list "liveness" "readiness" "startup") -}} + {{- $probeTypes := (list "http" "https" "tcp" "grpc" "exec") -}} + + {{- if not $objectData.probes -}} + {{- fail "Container - Expected non-empty [probes]" -}} + {{- end -}} + + {{- range $key := $probeNames -}} + {{- if not (get $objectData.probes $key) -}} + {{- fail (printf "Container - Expected [probes.%s] to be defined" $key) -}} + {{- end -}} + {{- end -}} + + {{- $probes := $objectData.probes -}} + {{- $diagMode := eq (include "tc.v1.common.lib.util.diagnosticMode" (dict "rootCtx" $rootCtx)) "true" -}} + {{- if $diagMode -}} + {{- $probes = dict -}} + {{- end -}} + + {{- range $probeName, $probe := $probes -}} + + {{- if not (mustHas $probeName $probeNames) -}} + {{- fail (printf "Container - Expected probe to be one of [%s], but got [%s]" (join ", " $probeNames) $probeName) -}} + {{- end -}} + + {{- $isEnabled := true -}} + {{- if kindIs "bool" $probe.enabled -}} + {{- $isEnabled = $probe.enabled -}} + {{- end -}} + + {{- if $isEnabled -}} + + {{- $probeType := $rootCtx.Values.global.fallbackDefaults.probeType -}} + + {{- with $probe.type -}} + {{- $probeType = tpl . $rootCtx -}} + {{- end -}} + + {{- if not (mustHas $probeType $probeTypes) -}} + {{- fail (printf "Container - Expected probe type to be one of [%s], but got [%s]" (join ", " $probeTypes) $probeType) -}} + {{- end }} +{{ $probeName }}Probe: + {{- if (mustHas $probeType (list "http" "https")) -}} + {{- include "tc.v1.common.lib.container.actions.httpGet" (dict "rootCtx" $rootCtx "objectData" $probe "caller" "probes") | trim | nindent 2 -}} + {{- else if eq $probeType "tcp" -}} + {{- include "tc.v1.common.lib.container.actions.tcpSocket" (dict "rootCtx" $rootCtx "objectData" $probe "caller" "probes") | trim | nindent 2 -}} + {{- else if eq $probeType "grpc" -}} + {{- include "tc.v1.common.lib.container.actions.grpc" (dict "rootCtx" $rootCtx "objectData" $probe "caller" "probes") | trim | nindent 2 -}} + {{- else if eq $probeType "exec" -}} + {{- include "tc.v1.common.lib.container.actions.exec" (dict "rootCtx" $rootCtx "objectData" $probe "caller" "probes") | trim | nindent 2 -}} + {{- end -}} + + {{- include "tc.v1.common.lib.container.probeTimeouts" (dict "rootCtx" $rootCtx "objectData" $probe "probeName" $probeName) | trim | nindent 2 -}} + + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* Returns Probe Timeouts */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.probeTimeouts" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.probeTimeouts" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $probeName := .probeName -}} + + {{- $timeouts := mustDeepCopy (get $rootCtx.Values.global.fallbackDefaults.probeTimeouts $probeName) -}} + + {{- if $objectData.spec -}} {{/* Overwrite with defined timeouts */}} + {{- $timeouts = mustMergeOverwrite $timeouts $objectData.spec -}} + {{- end -}} + + {{- $keys := (list "initialDelaySeconds" "failureThreshold" "successThreshold" "timeoutSeconds" "periodSeconds") -}} + {{- range $key := $keys -}} + {{- $number := get $timeouts $key -}} + {{- if not (mustHas (kindOf $number) (list "float64" "int" "int64")) -}} + {{- fail (printf "Container - Expected [probes] [%s] to be a number, but got [%v]" $key $number) -}} + {{- end -}} + {{- end -}} + + {{- if mustHas $probeName (list "liveness" "startup") -}} + {{- if ne (int $timeouts.successThreshold) 1 -}} + {{- fail (printf "Container - Expected [probes] [successThreshold] to be 1 on [%s] probe" $probeName) -}} + {{- end -}} + {{- end }} + +initialDelaySeconds: {{ $timeouts.initialDelaySeconds }} +failureThreshold: {{ $timeouts.failureThreshold }} +successThreshold: {{ $timeouts.successThreshold }} +timeoutSeconds: {{ $timeouts.timeoutSeconds }} +periodSeconds: {{ $timeouts.periodSeconds }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/_resources.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/_resources.tpl new file mode 100644 index 0000000..7bbdebf --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/_resources.tpl @@ -0,0 +1,165 @@ +{{/* Returns Resources */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.resources" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.resources" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $resources := mustDeepCopy $rootCtx.Values.resources -}} + + {{- if $objectData.resources -}} + {{- $resources = mustMergeOverwrite $resources $objectData.resources -}} + {{- end -}} + + {{/* We use the objectData instead of $resources, + as we only allow this flag on the container level */}} + {{- if not (hasKey $objectData "resources") -}} + {{- $_ := set $objectData "resources" dict -}} + {{- end -}} + {{- if not (hasKey $objectData.resources "excludeExtra") -}} + {{- $_ := set $objectData.resources "excludeExtra" false -}} + {{- end -}} + + {{- include "tc.v1.common.lib.container.resources.validation" (dict "resources" $resources) }} +requests: + cpu: {{ $resources.requests.cpu }} + memory: {{ $resources.requests.memory }} + {{- if $resources.limits }} +limits: + {{- with $resources.limits.cpu }} {{/* Passing 0, will not render it, meaning unlimited */}} + cpu: {{ . }} + {{- end -}} + {{- with $resources.limits.memory }} {{/* Passing 0, will not render it, meaning unlimited */}} + memory: {{ . }} + {{- end -}} + {{- if not $objectData.resources.excludeExtra -}} + {{- range $k, $v := (omit $resources.limits "cpu" "memory") }} {{/* Omit cpu and memory, as they are handled above */}} + {{- if or (not $v) (eq (toString $v) "0") -}} + {{- continue -}} + {{- end }} + {{ $k }}: {{ $v }} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + + +{{- define "tc.v1.common.lib.resources.validation.data" -}} + {{/* CPU: https://regex101.com/r/D4HouI/1 */}} + {{/* MEM: https://regex101.com/r/NNPV2D/1 */}} + {{- $regex := (dict + "cpu" "^(0\\.[1-9]|[1-9][0-9]*)(\\.[0-9]|m?)$" + "memory" "^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$" + ) -}} + + {{- $errorMsg := (dict + "cpu" "(Plain Integer - eg. 1), (Float - eg. 0.5), (Milicpu - eg. 500m)" + "memory" "(Suffixed with E/P/T/G/M/K - eg. 1G), (Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi), (Plain Integer in bytes - eg. 1024), (Exponent - eg. 134e6)" + ) -}} + + {{- $data := (dict "regex" $regex "errorMsg" $errorMsg) -}} + + {{- $data | toJson -}} +{{- end -}} + +{{/* Validates resources to match a pattern */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.resources.validation" (dict "resources" $resources) }} +rootCtx: The root context of the chart. +resources: The resources object +*/}} +{{- define "tc.v1.common.lib.container.resources.validation" -}} + {{- $resources := .resources -}} + {{- $data := (include "tc.v1.common.lib.resources.validation.data" .) | fromJson -}} + {{- $regex := $data.regex -}} + {{- $errorMsg := $data.errorMsg -}} + + {{- $resourceTypes := (list "cpu" "memory") -}} + + {{- range $category := (list "requests") -}} {{/* We can also add "limits" here if we want to require them */}} + {{- if not (get $resources $category) -}} + {{- fail (printf "Container - Expected non-empty [resources.%s]" $category) -}} + {{- end -}} + + {{- range $type := $resourceTypes -}} + {{- if not (get (get $resources $category) $type) -}} + {{- fail (printf "Container - Expected non-empty [resources.%s.%s]" $category $type) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- range $key := (list "requests" "limits") -}} + {{- $resourceCategory := (get $resources $key) -}} + {{- if $resourceCategory -}} + + {{- range $type := $resourceTypes -}} + {{- $resourceValue := (get $resourceCategory $type) -}} + {{- if $resourceValue -}} {{/* Only try to match defined values */}} + {{- if not (mustRegexMatch (get $regex $type) (toString $resourceValue)) -}} + {{- fail (printf "Container - Expected [resources.%s.%s] to have one of the following formats [%s], but got [%s]" $key $type (get $errorMsg $type) $resourceValue) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.pod.resources.hasGPU" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $gpuType := .gpuType -}} + + {{- $types := (list "nvidia.com/gpu" "amd.com/gpu" "gpu.intel.com/i915") -}} + {{- if $gpuType -}} + {{- $types = (list $gpuType) -}} + {{- end -}} + + {{- $gpu := false -}} + + {{- if and ($rootCtx.Values.resources) ($rootCtx.Values.resources.limits) -}} + {{- range $t := $types -}} + {{- if gt ((get $rootCtx.Values.resources.limits $t) | int) 0 -}} + {{- $gpu = true -}} + {{- break -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if $objectData.podSpec -}} + {{- range $k, $v := $objectData.podSpec.containers -}} + {{- if not $v.enabled -}} + {{- continue -}} + {{- end -}} + + {{- range $t := $types -}} + {{- if eq (include "tc.v1.common.lib.container.resources.hasGPU" (dict "rootCtx" $rootCtx "objectData" $v "gpuType" $t)) "true" -}} + {{- $gpu = true -}} + {{- break -}} + {{- end -}} + {{- end -}} + + {{- end -}} + {{- end -}} + + {{- $gpu | toString -}} +{{- end -}} + +{{- define "tc.v1.common.lib.container.resources.hasGPU" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $gpuType := .gpuType -}} + + {{- $gpu := false -}} + + {{- if and ($objectData.resources) ($objectData.resources.limits) -}} + {{- if gt ((get $objectData.resources.limits $gpuType) | int) 0 -}} + {{- $gpu = true -}} + {{- end -}} + {{- end -}} + + {{- $gpu | toString -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/_securityContext.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/_securityContext.tpl new file mode 100644 index 0000000..d1af253 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/_securityContext.tpl @@ -0,0 +1,185 @@ +{{/* Returns Container Security Context */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.securityContext" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.securityContext" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{/* Initialize from the "global" options */}} + {{- $secContext := fromJson (include "tc.v1.common.lib.container.securityContext.calculate" (dict "rootCtx" $rootCtx "objectData" $objectData)) }} +runAsNonRoot: {{ $secContext.runAsNonRoot }} +runAsUser: {{ $secContext.runAsUser }} +runAsGroup: {{ $secContext.runAsGroup }} +readOnlyRootFilesystem: {{ $secContext.readOnlyRootFilesystem }} +allowPrivilegeEscalation: {{ $secContext.allowPrivilegeEscalation }} +privileged: {{ $secContext.privileged }} +seccompProfile: + type: {{ $secContext.seccompProfile.type }} + {{- if eq $secContext.seccompProfile.type "Localhost" }} + localhostProfile: {{ $secContext.seccompProfile.profile }} + {{- end }} +capabilities: + {{- if $secContext.capabilities.add }} + add: + {{- range $secContext.capabilities.add }} + - {{ . }} + {{- end -}} + {{- else }} + add: [] + {{- end -}} + {{- if $secContext.capabilities.drop }} + drop: + {{- range $secContext.capabilities.drop }} + - {{ . }} + {{- end -}} + {{- else }} + drop: [] + {{- end -}} +{{- end -}} + +{{/* Calculates Container Security Context */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.securityContext.calculate" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.securityContext.calculate" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $mustPrivileged := false -}} + {{- range $persistenceName, $persistenceValues := $rootCtx.Values.persistence -}} + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $rootCtx "objectData" $persistenceValues + "name" $persistenceName "caller" "Security Context" + "key" "persistence")) -}} + {{- if (eq $enabled "true") -}} + {{- if eq $persistenceValues.type "device" -}} + {{- $volume := (fromJson (include "tc.v1.common.lib.container.volumeMount.isSelected" (dict "persistenceName" $persistenceName "persistenceValues" $persistenceValues "objectData" $objectData "key" "persistence"))) -}} + {{- if $volume -}} {{/* If a volume is returned, it means that the container has an assigned device */}} + {{- $mustPrivileged = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if not $rootCtx.Values.securityContext.container -}} + {{- fail "Container - Expected non-empty [.Values.securityContext.container]" -}} + {{- end -}} + + {{/* Initialize from the "global" options */}} + {{- $secContext := mustDeepCopy $rootCtx.Values.securityContext.container -}} + + {{/* Override with containers options */}} + {{- with $objectData.securityContext -}} + {{- $secContext = mustMergeOverwrite $secContext . -}} + {{- end -}} + + {{/* Validations, as we might endup with null values after merge */}} + {{- range $key := (list "runAsUser" "runAsGroup") -}} + {{- $value := (get $secContext $key) -}} + {{- if not (mustHas (kindOf $value) (list "float64" "int" "int64")) -}} + {{- fail (printf "Container - Expected [securityContext.%s] to be [int], but got [%v] of type [%s]" $key $value (kindOf $value)) -}} + {{- end -}} + {{- end -}} + + {{- if or (eq (int $secContext.runAsUser) 0) (eq (int $secContext.runAsGroup) 0) -}} + {{- $_ := set $secContext "runAsNonRoot" false -}} + {{- else -}} + {{- $_ := set $secContext "runAsNonRoot" true -}} + {{- end -}} + + {{- if $secContext.privileged -}} {{/* When privileged is true, allowPrivilegeEscalation is required */}} + {{- $_ := set $secContext "allowPrivilegeEscalation" true -}} + {{- end -}} + + {{- if $mustPrivileged -}} + {{- $_ := set $secContext "privileged" true -}} + {{- $_ := set $secContext "allowPrivilegeEscalation" true -}} + {{- $_ := set $secContext "runAsNonRoot" false -}} + {{- $_ := set $secContext "runAsUser" 0 -}} + {{- $_ := set $secContext "runAsGroup" 0 -}} + {{- end -}} + + {{- range $key := (list "privileged" "allowPrivilegeEscalation" "runAsNonRoot" "readOnlyRootFilesystem") -}} + {{- $value := (get $secContext $key) -}} + {{- if not (kindIs "bool" $value) -}} + {{- fail (printf "Container - Expected [securityContext.%s] to be [bool], but got [%s] of type [%s]" $key $value (kindOf $value)) -}} + {{- end -}} + {{- end -}} + + {{- if not $secContext.seccompProfile -}} + {{- fail "Container - Expected [securityContext.seccompProfile] to be defined" -}} + {{- end -}} + + {{- $profiles := (list "RuntimeDefault" "Localhost" "Unconfined") -}} + {{- if not (mustHas $secContext.seccompProfile.type $profiles) -}} + {{- fail (printf "Container - Expected [securityContext.seccompProfile] to be one of [%s], but got [%s]" (join ", " $profiles) $secContext.seccompProfile.type) -}} + {{- end -}} + + {{- if eq $secContext.seccompProfile.type "Localhost" -}} + {{- if not $secContext.seccompProfile.profile -}} + {{- fail "Container - Expected [securityContext.seccompProfile.profile] to be defined on type [Localhost]" -}} + {{- end -}} + {{- end -}} + + {{- if not $secContext.capabilities -}} + {{- fail "Container - Expected [securityContext.capabilities] to be defined" -}} + {{- end -}} + + {{- $tempObjectData := (dict "shortName" $objectData.podShortName "primary" $objectData.podPrimary) -}} + {{- $portRange := fromJson (include "tc.v1.common.lib.helpers.securityContext.getPortRange" (dict "rootCtx" $rootCtx "objectData" $tempObjectData)) -}} + {{- if and $portRange.low (le (int $portRange.low) 1024) -}} {{/* If a container wants to bind a port <= 1024 add NET_BIND_SERVICE */}} + {{- $addCap := $secContext.capabilities.add -}} + {{- if not (mustHas "NET_BIND_SERIVCE" $addCap) -}} + {{- $addCap = mustAppend $addCap "NET_BIND_SERVICE" -}} + {{- end -}} + {{- $_ := set $secContext.capabilities "add" $addCap -}} + {{- end -}} + + {{/* + Most containers that run as root, is because it has to chown + files before switching to another user. + Lets add automatically the CHOWN cap. + */}} + {{- if eq (int $secContext.runAsUser) 0 -}} + + {{- if not (kindIs "bool" $secContext.capabilities.disableS6Caps) -}} + {{- fail (printf "Container - Expected [securityContext.capabilities.disableS6Caps] to be [bool], but got [%s] of type [%s]" $secContext.capabilities.disableS6Caps (kindOf $secContext.capabilities.disableS6Caps)) -}} + {{- end -}} + + {{- $addCap := $secContext.capabilities.add -}} + + {{- if not $secContext.capabilities.disableS6Caps -}} + {{- $addCap = mustAppend $addCap "CHOWN" -}} + {{- $addCap = mustAppend $addCap "SETUID" -}} + {{- $addCap = mustAppend $addCap "SETGID" -}} + {{- $addCap = mustAppend $addCap "FOWNER" -}} + {{- $addCap = mustAppend $addCap "DAC_OVERRIDE" -}} + {{- end -}} + + {{- $_ := set $secContext.capabilities "add" $addCap -}} + {{- end -}} + + {{- range $key := (list "add" "drop") -}} + {{- $item := (get $secContext.capabilities $key) -}} + {{- if not (kindIs "slice" $item) -}} + {{- fail (printf "Container - Expected [securityContext.capabilities.%s] to be [list], but got [%s]" $key (kindOf $item)) -}} + {{- end -}} + + {{- range $item -}} + {{- if not (kindIs "string" .) -}} + {{- fail (printf "Container - Expected items of [securityContext.capabilities.%s] to be [string], but got [%s]" $key (kindOf .)) -}} + {{- end -}} + {{- end -}} + + {{- if not (deepEqual (mustUniq $item) $item) -}} + {{- fail (printf "Container - Expected items of [securityContext.capabilities.%s] to be unique, but got [%s]" $key (join ", " $item)) -}} + {{- end -}} + {{- end -}} + + {{- $secContext | toJson -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/_termination.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/_termination.tpl new file mode 100644 index 0000000..29f4d6a --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/_termination.tpl @@ -0,0 +1,33 @@ +{{/* Returns termination */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.termination" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.termination" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $termination := (dict "messagePath" "" "messagePolicy" "") -}} + + {{- with $objectData.termination -}} + {{- with .messagePath -}} + {{- $_ := set $termination "messagePath" (tpl . $rootCtx) -}} + {{- end -}} + + {{- with .messagePolicy -}} + + {{- $policy := (tpl . $rootCtx) -}} + + {{- $policies := (list "File" "FallbackToLogsOnError") -}} + {{- if not (mustHas $policy $policies) -}} + {{- fail (printf "Container - Expected [termination.messagePolicy] to be one of [%s], but got [%s]" (join ", " $policies) $policy) -}} + {{- end -}} + + {{- $_ := set $termination "messagePolicy" $policy -}} + {{- end -}} + + {{- end -}} + + {{- $termination | toJson -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/_volumeMounts.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/_volumeMounts.tpl new file mode 100644 index 0000000..84b3cb6 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/_volumeMounts.tpl @@ -0,0 +1,156 @@ +{{/* Returns volumeMount list */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.volumeMount" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.volumeMount" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $volMounts := list -}} + + {{- $codeServerIgnoredTypes := (list "configmap" "secret" "vct") -}} + + {{- range $persistenceName, $persistenceValues := $rootCtx.Values.persistence -}} + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $rootCtx "objectData" $persistenceValues + "name" $persistenceName "caller" "Volume Mount" + "key" "persistence")) -}} + + {{/* TLDR: Enabled + Not VCT without STS */}} + {{- if and (eq $enabled "true") (not (and (eq $persistenceValues.type "vct") (ne $objectData.podType "StatefulSet"))) -}} + {{/* Dont try to mount configmap/sercet/vct to codeserver */}} + {{- if not (and (eq $objectData.shortName "codeserver") (mustHas $persistenceValues.type $codeServerIgnoredTypes)) -}} + {{- $volMount := (include "tc.v1.common.lib.container.volumeMount.isSelected" (dict + "rootCtx" $rootCtx "persistenceName" $persistenceName "persistenceValues" $persistenceValues "objectData" $objectData + )) | fromJson -}} + {{- if $volMount -}} + {{- $volMounts = mustAppend $volMounts $volMount -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- range $volMount := $volMounts -}} + {{/* Expand values */}} + {{- $_ := set $volMount "mountPath" (tpl $volMount.mountPath $rootCtx) -}} + {{- $_ := set $volMount "subPath" (tpl $volMount.subPath $rootCtx) -}} + {{- $_ := set $volMount "mountPropagation" (tpl $volMount.mountPropagation $rootCtx) -}} + + {{- if not $volMount.mountPath -}} + {{- fail (printf "Persistence - Expected non-empty [mountPath]") -}} + {{- end -}} + + {{- if not (hasPrefix "/" $volMount.mountPath) -}} + {{- fail (printf "Persistence - Expected [mountPath] to start with a forward slash [/]") -}} + {{- end -}} + + {{- $propagationTypes := (list "None" "HostToContainer" "Bidirectional") -}} + {{- if and $volMount.mountPropagation (not (mustHas $volMount.mountPropagation $propagationTypes)) -}} + {{- fail (printf "Persistence - Expected [mountPropagation] to be one of [%s], but got [%s]" (join ", " $propagationTypes) $volMount.mountPropagation) -}} + {{- end -}} + + {{- if not (kindIs "bool" $volMount.readOnly) -}} + {{- fail (printf "Persistence - Expected [readOnly] to be [boolean], but got [%s]" (kindOf $volMount.readOnly)) -}} + {{- end }} +- name: {{ $volMount.name }} + mountPath: {{ $volMount.mountPath }} + readOnly: {{ $volMount.readOnly }} + {{- with $volMount.subPath }} + subPath: {{ . }} + {{- end -}} + {{- with $volMount.mountPropagation }} + mountPropagation: {{ . }} + {{- end -}} + {{- end -}} + +{{- end -}} + +{{- define "tc.v1.common.lib.container.volumeMount.isSelected" -}} + {{- $persistenceName := .persistenceName -}} + {{- $persistenceValues := .persistenceValues -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{/* Initialize from the default values */}} + {{- $volMount := dict -}} + {{- if eq $persistenceValues.type "vct" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}} + {{- $persistenceName = printf "%s-%s" $fullname $persistenceName -}} + {{- end -}} + {{- $_ := set $volMount "name" $persistenceName -}} + {{- if eq $persistenceValues.type "device" -}} {{/* On devices use the hostPath as default if mountpath is not defined */}} + {{- $_ := set $volMount "mountPath" ($persistenceValues.mountPath | default $persistenceValues.hostPath | default "") -}} + {{- else -}} + {{- $_ := set $volMount "mountPath" ($persistenceValues.mountPath | default "") -}} + {{- end -}} + {{- $_ := set $volMount "subPath" ($persistenceValues.subPath | default "") -}} + {{- $_ := set $volMount "readOnly" ($persistenceValues.readOnly | default false) -}} + {{- $_ := set $volMount "mountPropagation" ($persistenceValues.mountPropagation | default "") -}} + + {{- $return := false -}} + {{/* If targetSelectAll is set, means all pods/containers */}} {{/* targetSelectAll does not make sense for vct */}} + {{- if and $persistenceValues.targetSelectAll (ne $persistenceValues.type "vct") -}} + {{- $return = true -}} + {{/* Set custom path on autopermissions container */}} + {{- if and (eq $objectData.shortName "autopermissions") $persistenceValues.autoPermissions -}} + {{- if $persistenceValues.autoPermissions.enabled -}} + {{- $return = true -}} + {{- $_ := set $volMount "mountPath" (printf "/mounts/%v" $persistenceName) -}} + {{- end -}} + {{- end -}} + + {{/* If the container is the autopermission */}} + {{- else if (eq $objectData.shortName "autopermissions") -}} + {{- if $persistenceValues.autoPermissions -}} + {{- if $persistenceValues.autoPermissions.enabled -}} + {{- $return = true -}} + {{- $_ := set $volMount "mountPath" (printf "/mounts/%v" $persistenceName) -}} + {{- end -}} + {{- end -}} + + {{/* Else if selector is defined */}} + {{- else if $persistenceValues.targetSelector -}} + {{- if not (kindIs "map" $persistenceValues.targetSelector) -}} + {{- fail (printf "Persistence - Expected [targetSelector] to be a [dict] but got [%s]" (kindOf $persistenceValues.targetSelector)) -}} + {{- end -}} + + {{/* If pod is selected */}} + {{- if mustHas $objectData.podShortName ($persistenceValues.targetSelector | keys) -}} + {{- $selectorValues := (get $persistenceValues.targetSelector $objectData.podShortName) -}} + {{- if not (kindIs "map" $selectorValues) -}} + {{- fail (printf "Persistence - Expected [targetSelector.%s] to be a [dict], but got [%s]" $objectData.podShortName (kindOf $selectorValues)) -}} + {{- end -}} + + {{- if not $selectorValues -}} + {{- fail (printf "Persistence - Expected non-empty [targetSelector.%s]" $objectData.podShortName) -}} + {{- end -}} + + {{/* If container is selected */}} + {{- if or (mustHas $objectData.shortName ($selectorValues | keys)) (eq $objectData.shortName "codeserver") -}} + {{/* Merge with values that might be set for the specific container */}} + {{- $fetchedSelectorValues := (get $selectorValues $objectData.shortName) -}} + {{- if and (eq $objectData.shortName "codeserver") (not $fetchedSelectorValues) -}} + {{- $fetchedSelectorValues = (get $selectorValues ($selectorValues | keys | first)) -}} + {{- end -}} + {{- $volMount = mustMergeOverwrite $volMount $fetchedSelectorValues -}} + {{- $return = true -}} + {{- end -}} + {{- end -}} + + {{/* if its the codeserver */}} + {{- else if (eq $objectData.shortName "codeserver") -}} + {{- $return = true -}} + + {{/* Else if not selector, but pod and container is primary */}} + {{- else if and $objectData.podPrimary $objectData.primary -}} + {{- $return = true -}} + {{- end -}} + + {{- if $return -}} {{/* If it's selected, return the volumeMount */}} + {{- $volMount | toJson -}} + {{- else -}} {{/* Else return an empty dict */}} + {{- dict | toJson -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/probe-lifecycle-actions/_exec.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/probe-lifecycle-actions/_exec.tpl new file mode 100644 index 0000000..2413dea --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/probe-lifecycle-actions/_exec.tpl @@ -0,0 +1,18 @@ +{{/* Returns exec action */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.actions.exec" (dict "rootCtx" $ "objectData" $objectData "caller" $caller) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.actions.exec" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $caller := .caller -}} + + {{- if not $objectData.command -}} + {{- fail (printf "Container - Expected non-empty [%s] [command] on [exec] type" $caller) -}} + {{- end }} +exec: + command: + {{- include "tc.v1.common.lib.container.command" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 4}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/probe-lifecycle-actions/_grpc.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/probe-lifecycle-actions/_grpc.tpl new file mode 100644 index 0000000..e4170ec --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/probe-lifecycle-actions/_grpc.tpl @@ -0,0 +1,23 @@ +{{/* Returns grpc action */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.actions.tcpSocket" (dict "rootCtx" $ "objectData" $objectData "caller" $caller) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.actions.grpc" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $caller := .caller -}} + + {{- if not $objectData.port -}} + {{- fail (printf "Container - Expected non-empty [%s] [port] on [grpc] type" $caller) -}} + {{- end -}} + + {{- $port := $objectData.port -}} + + {{- if kindIs "string" $port -}} + {{- $port = tpl $port $rootCtx -}} + {{- end }} +grpc: + port: {{ $port }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/probe-lifecycle-actions/_httpGet.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/probe-lifecycle-actions/_httpGet.tpl new file mode 100644 index 0000000..d6c1221 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/probe-lifecycle-actions/_httpGet.tpl @@ -0,0 +1,53 @@ +{{/* Returns httpGet action */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.actions.httpGet" (dict "rootCtx" $ "objectData" $objectData "caller" $caller) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.actions.httpGet" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $caller := .caller -}} + + {{- if not $objectData.port -}} + {{- fail (printf "Container - Expected non-empty [%s] [port] on [http] type" $caller) -}} + {{- end -}} + + {{- $port := $objectData.port -}} + {{- $path := "/" -}} + {{- $scheme := "http" -}} + + {{- if kindIs "string" $port -}} + {{- $port = tpl $port $rootCtx -}} + {{- end -}} + + {{- with $objectData.path -}} + {{- $path = tpl . $rootCtx -}} + {{- end -}} + + {{- if not (hasPrefix "/" $path) -}} + {{- fail (printf "Container - Expected [%s] [path] to start with a forward slash [/] on [http] type" $caller) -}} + {{- end -}} + + {{- with $objectData.type -}} + {{- $scheme = tpl . $rootCtx -}} + {{- end }} +httpGet: + {{- with $objectData.host }} + host: {{ tpl . $rootCtx }} + {{- end }} + port: {{ $port }} + path: {{ $path }} + scheme: {{ $scheme | upper }} + {{- with $objectData.httpHeaders }} + httpHeaders: + {{- range $name, $value := . }} + {{- if not $value -}} + {{- fail "Container - Expected non-empty [value] on [httpHeaders]" -}} + {{- end }} + - name: {{ $name }} + value: {{ tpl (toString $value) $rootCtx | quote }} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/container/probe-lifecycle-actions/_tcpSocket.tpl b/charts/baikal/baikal/charts/common/templates/lib/container/probe-lifecycle-actions/_tcpSocket.tpl new file mode 100644 index 0000000..dc2df7d --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/container/probe-lifecycle-actions/_tcpSocket.tpl @@ -0,0 +1,23 @@ +{{/* Returns tcpSocket action */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.container.actions.tcpSocket" (dict "rootCtx" $ "objectData" $objectData "caller" $caller) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the container. +*/}} +{{- define "tc.v1.common.lib.container.actions.tcpSocket" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $caller := .caller -}} + + {{- if not $objectData.port -}} + {{- fail (printf "Container - Expected non-empty [%s] [port] on [tcp] type" $caller) -}} + {{- end -}} + + {{- $port := $objectData.port -}} + + {{- if kindIs "string" $port -}} + {{- $port = tpl $port $rootCtx -}} + {{- end }} +tcpSocket: + port: {{ $port }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/credentials/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/credentials/_validation.tpl new file mode 100644 index 0000000..18ae903 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/credentials/_validation.tpl @@ -0,0 +1,31 @@ +{{- define "tc.v1.common.lib.credentials.validation" -}} + {{- $rootCtx := .rootCtx -}} + {{- $caller := .caller -}} + {{- $credName := .credName -}} + + {{- $credentials := get $rootCtx.Values.credentials $credName -}} + + {{- if not $credentials -}} + {{- fail (printf "%s - Expected credentials [%s] to be defined in [credentials] which currently contains [%s] keys" $caller $credName (keys $rootCtx.Values.credentials | join ", ")) -}} + {{- end -}} + + {{- $validCredTypes := list "s3" -}} + {{- if $credentials.type -}} {{/* Remove this if check if more types are supported in future */}} + {{- if not (mustHas $credentials.type $validCredTypes) -}} + {{- fail (printf "%s - Expected [type] in [credentials.%s] to be one of [%s], but got [%s]" $caller $credName (join ", " $validCredTypes) $credentials.type) -}} + {{- end -}} + {{- end -}} + + {{- $reqFields := list "url" "bucket" "encrKey" "accessKey" "secretKey" -}} + {{- range $key := $reqFields -}} + {{- if not (get $credentials $key) -}} + {{- fail (printf "VolSync - Expected non-empty [%s] in [credentials.%s]" $key $credName) -}} + {{- end -}} + {{- end -}} + + {{- $url := get $credentials "url" -}} + {{- if and (not (hasPrefix "http://" $url)) (not (hasPrefix "https://" $url)) -}} + {{- fail (printf "%s - Expected [url] in [credentials.%s] to start with [http://] or [https://]. It was observed that sometimes can cause issues if it does not. Got [%s]" $caller $credName $url) -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/dependencies/_clickhouseInjector.tpl b/charts/baikal/baikal/charts/common/templates/lib/dependencies/_clickhouseInjector.tpl new file mode 100644 index 0000000..c94fec6 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/dependencies/_clickhouseInjector.tpl @@ -0,0 +1,45 @@ +{{/* + This template generates a random password and ensures it persists across updates/edits to the chart +*/}} +{{- define "tc.v1.common.dependencies.clickhouse.secret" -}} + +{{- if .Values.clickhouse.enabled -}} + {{/* Use with custom-set password */}} + {{- $dbPass := .Values.clickhouse.password -}} + + {{/* Prepare data */}} + {{- $dbHost := printf "%v-%v" .Release.Name "clickhouse" -}} + {{- $portHost := printf "%v:8123" $dbHost -}} + {{- $ping := printf "http://%v/ping" $portHost -}} + {{- $url := printf "http://%v:%v@%v/%v" .Values.clickhouse.clickhouseUsername $dbPass $portHost .Values.clickhouse.clickhouseDatabase -}} + {{- $jdbc := printf "jdbc:ch://%v/%v" $portHost -}} + + {{/* Append some values to clickhouse.creds, so apps using the dep, can use them */}} + {{- $_ := set .Values.clickhouse.creds "plain" ($dbHost | quote) -}} + {{- $_ := set .Values.clickhouse.creds "plainhost" ($dbHost | quote) -}} + {{- $_ := set .Values.clickhouse.creds "clickhousePassword" ($dbPass | quote) -}} + {{- $_ := set .Values.clickhouse.creds "plainport" ($portHost | quote) -}} + {{- $_ := set .Values.clickhouse.creds "plainporthost" ($portHost | quote) -}} + {{- $_ := set .Values.clickhouse.creds "ping" ($ping | quote) -}} + {{- $_ := set .Values.clickhouse.creds "complete" ($url | quote) -}} + {{- $_ := set .Values.clickhouse.creds "jdbc" ($jdbc | quote) -}} + +{{/* Create the secret (Comment also plays a role on correct formatting) */}} +enabled: true +expandObjectName: false +data: + clickhouse-password: {{ $dbPass }} + plainhost: {{ $dbHost }} + plainporthost: {{ $portHost }} + ping: {{ $ping }} + url: {{ $url }} + jdbc: {{ $jdbc }} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.dependencies.clickhouse.injector" -}} + {{- $secret := include "tc.v1.common.dependencies.clickhouse.secret" . | fromYaml -}} + {{- if $secret -}} + {{- $_ := set .Values.secret ( printf "%s-%s" .Release.Name "clickhousecreds" ) $secret -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/dependencies/_dbWait.tpl b/charts/baikal/baikal/charts/common/templates/lib/dependencies/_dbWait.tpl new file mode 100644 index 0000000..e287c4e --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/dependencies/_dbWait.tpl @@ -0,0 +1,406 @@ +{{- define "tc.v1.common.lib.deps.wait" -}} + {{- if .Values.redis.enabled -}} + {{- $container := include "tc.v1.common.lib.deps.wait.redis" $ | fromYaml -}} + {{- if $container -}} + {{- range .Values.workload -}} + {{- if not (hasKey .podSpec "initContainers") -}} + {{- $_ := set .podSpec "initContainers" dict -}} + {{- end -}} + {{- $_ := set .podSpec.initContainers "redis-wait" $container -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if .Values.mariadb.enabled -}} + {{- $container := include "tc.v1.common.lib.deps.wait.mariadb" $ | fromYaml -}} + {{- if $container -}} + {{- range .Values.workload -}} + {{- if not (hasKey .podSpec "initContainers") -}} + {{- $_ := set .podSpec "initContainers" dict -}} + {{- end -}} + {{- $_ := set .podSpec.initContainers "mariadb-wait" $container -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if .Values.mongodb.enabled -}} + {{- $container := include "tc.v1.common.lib.deps.wait.mongodb" $ | fromYaml -}} + {{- if $container -}} + {{- range .Values.workload -}} + {{- if not (hasKey .podSpec "initContainers") -}} + {{- $_ := set .podSpec "initContainers" dict -}} + {{- end -}} + {{- $_ := set .podSpec.initContainers "mongodb-wait" $container -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if .Values.clickhouse.enabled -}} + {{- $container := include "tc.v1.common.lib.deps.wait.clickhouse" $ | fromYaml -}} + {{- if $container -}} + {{- range .Values.workload -}} + {{- if not (hasKey .podSpec "initContainers") -}} + {{- $_ := set .podSpec "initContainers" dict -}} + {{- end -}} + {{- $_ := set .podSpec.initContainers "clickhouse-wait" $container -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if .Values.solr.enabled -}} + {{- $container := include "tc.v1.common.lib.deps.wait.solr" $ | fromYaml -}} + {{- if $container -}} + {{- range .Values.workload -}} + {{- if not (hasKey .podSpec "initContainers") -}} + {{- $_ := set .podSpec "initContainers" dict -}} + {{- end -}} + {{- $_ := set .podSpec.initContainers "solr-wait" $container -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $result := false -}} + {{- range .Values.cnpg -}} + {{- if .enabled -}} + {{- $result = true -}} + {{- end -}} + {{- end -}} + + {{- if $result -}} + {{- $container := include "tc.v1.common.lib.deps.wait.cnpg" $ | fromYaml -}} + {{- if $container -}} + {{- range $.Values.workload -}} + {{- if not (hasKey .podSpec "initContainers") -}} + {{- $_ := set .podSpec "initContainers" dict -}} + {{- end -}} + {{- $_ := set .podSpec.initContainers "cnpg-wait" $container -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.deps.wait.redis" -}} +enabled: true +type: system +imageSelector: redisClientImage +securityContext: + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + privileged: false + seccompProfile: + type: RuntimeDefault + capabilities: + add: [] + drop: + - ALL +resources: + excludeExtra: true + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 500m + memory: 512Mi +env: + REDIS_HOST: + secretKeyRef: + expandObjectName: false + name: '{{ printf "%s-%s" .Release.Name "rediscreds" }}' + key: plainhost + REDIS_PASSWORD: "{{ .Values.redis.password }}" + REDIS_PORT: "6379" +command: + - "/bin/sh" + - "-c" + - | + /bin/bash <<'EOF' + echo "Executing DB waits..." + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"; + export LIVE=false; + until "$LIVE"; + do + response=$( + timeout -s 3 2 \ + redis-cli \ + -h "$REDIS_HOST" \ + -p "$REDIS_PORT" \ + ping + ) + if [ "$response" == "PONG" ] || [ "$response" == "LOADING Redis is loading the dataset in memory" ]; then + LIVE=true + echo "$response" + echo "Redis Responded, ending initcontainer and starting main container(s)..." + else + echo "$response" + echo "Redis not responding... Sleeping for 10 sec..." + sleep 10 + fi; + done + EOF +{{- end -}} + +{{- define "tc.v1.common.lib.deps.wait.mariadb" -}} +enabled: true +type: system +imageSelector: mariadbClientImage +securityContext: + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + privileged: false + seccompProfile: + type: RuntimeDefault + capabilities: + add: [] + drop: + - ALL +resources: + excludeExtra: true + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 500m + memory: 512Mi +env: + MARIADB_HOST: + secretKeyRef: + expandObjectName: false + name: '{{ printf "%s-%s" .Release.Name "mariadbcreds" }}' + key: plainhost + MARIADB_ROOT_PASSWORD: "{{ .Values.mariadb.rootPassword }}" +command: + - "/bin/sh" + - "-c" + - | + /bin/bash <<'EOF' + echo "Executing DB waits..." + until + mysqladmin -uroot -h"${MARIADB_HOST}" -p"${MARIADB_ROOT_PASSWORD}" ping \ + && mysqladmin -uroot -h"${MARIADB_HOST}" -p"${MARIADB_ROOT_PASSWORD}" status; + do sleep 2; + done + EOF +{{- end -}} + +{{- define "tc.v1.common.lib.deps.wait.mongodb" -}} +enabled: true +type: system +imageSelector: mongodbClientImage +securityContext: + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + privileged: false + seccompProfile: + type: RuntimeDefault + capabilities: + add: [] + drop: + - ALL +resources: + excludeExtra: true + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 500m + memory: 512Mi +env: + MONGODB_HOST: + secretKeyRef: + expandObjectName: false + name: '{{ printf "%s-%s" .Release.Name "mongodbcreds" }}' + key: plainhost + MONGODB_DATABASE: "{{ .Values.mongodb.mongodbDatabase }}" +command: + - "/bin/sh" + - "-c" + - | + /bin/bash <<'EOF' + echo "Executing DB waits..." + until + HOME=/config && echo "db.runCommand(\"ping\")" | mongosh --host ${MONGODB_HOST} --port 27017 ${MONGODB_DATABASE} --quiet; + do sleep 2; + done + EOF +{{- end -}} + +{{- define "tc.v1.common.lib.deps.wait.clickhouse" -}} +enabled: true +type: system +imageSelector: wgetImage +securityContext: + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + privileged: false + seccompProfile: + type: RuntimeDefault + capabilities: + add: [] + drop: + - ALL +resources: + excludeExtra: true + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 500m + memory: 512Mi +env: + CLICKHOUSE_PING: + secretKeyRef: + expandObjectName: false + name: '{{ printf "%s-%s" .Release.Name "clickhousecreds" }}' + key: ping +command: + - "/bin/sh" +args: + - "-c" + - | + echo "Executing DB waits..." + until wget --quiet --tries=1 --spider "${CLICKHOUSE_PING}"; do + echo "ClickHouse - no response. Sleeping 2 seconds..." + sleep 2 + done + echo "ClickHouse - accepting connections" +{{- end -}} + +{{- define "tc.v1.common.lib.deps.wait.solr" -}} +enabled: true +type: system +imageSelector: wgetImage +securityContext: + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + privileged: false + seccompProfile: + type: RuntimeDefault + capabilities: + add: [] + drop: + - ALL +resources: + excludeExtra: true + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 500m + memory: 512Mi +env: + SOLR_HOST: + secretKeyRef: + expandObjectName: false + name: '{{ printf "%s-%s" .Release.Name "solrcreds" }}' + key: plainhost + SOLR_CORES: "{{ .Values.solr.solrCores }}" + SOLR_ENABLE_AUTHENTICATION: "{{ .Values.solr.solrEnableAuthentication }}" + SOLR_ADMIN_USERNAME: "{{ .Values.solr.solrUsername }}" + SOLR_ADMIN_PASSWORD: + secretKeyRef: + expandObjectName: false + name: '{{ printf "%s-%s" .Release.Name "solrcreds" }}' + key: solr-password + +command: + - "/bin/sh" +args: + - "-c" + - | + echo "Executing DB waits..." + if [ "$SOLR_ENABLE_AUTHENTICATION" == "yes" ]; then + until curl --fail --user "${SOLR_ADMIN_USERNAME}":"${SOLR_ADMIN_PASSWORD}" "${SOLR_HOST}":8983/solr/"${SOLR_CORES}"/admin/ping; do + echo "Solr is not responding... Sleeping 2 seconds..." + sleep 2 + done + else + until curl --fail "${SOLR_HOST}":8983/solr/"${SOLR_CORES}"/admin/ping; do + echo "Solr is not responding... Sleeping 2 seconds..." + sleep 2 + done + fi +{{- end -}} + +{{- define "tc.v1.common.lib.deps.wait.cnpg" -}} +enabled: true +type: system +imageSelector: postgresClientImage +securityContext: + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + privileged: false + seccompProfile: + type: RuntimeDefault + capabilities: + add: [] + drop: + - ALL +resources: + excludeExtra: true + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 500m + memory: 512Mi +command: + - "/bin/sh" + - "-c" + - | + /bin/sh <<'EOF' +{{- range $name, $cnpg := .Values.cnpg -}} + {{- if $cnpg.enabled }} + echo "Executing DB waits..." + {{- $cnpgName := include "tc.v1.common.lib.chart.names.fullname" $ -}} + {{- $cnpgName = printf "%v-cnpg-%v" $cnpgName $name -}} + + {{/* Wait RW CNPG */}} + {{- include "cnpg.wait.script" (dict "url" (printf "%s-rw" $cnpgName) "user" .user "db" .database "on" "CNPG RW") | nindent 4 -}} + + {{- if and $cnpg.pooler $cnpg.pooler.enabled -}} + {{/* Wait RW Pooler */}} + {{- include "cnpg.wait.script" (dict "url" (printf "%s-pooler-rw" $cnpgName) "user" .user "db" .database "on" "CNPG Pooler RW") | nindent 4 -}} + + {{/* Wait RO Pooler */}} + {{- if $cnpg.pooler.createRO -}} + {{- include "cnpg.wait.script" (dict "url" (printf "%s-pooler-ro" $cnpgName) "user" .user "db" .database "on" "CNPG Pooler RO") | nindent 4 -}} + {{- end -}} + + {{- end -}} + {{- end -}} +{{- end }} + echo "Done executing DB waits..." + EOF +{{- end -}} + +{{- define "cnpg.wait.script" -}} + {{- $url := .url -}} + {{- $user := .user -}} + {{- $db := .db -}} + {{- $on := .on -}} +echo "Testing Database availability on [{{ $on }}]" +until + echo "Testing database on url: [{{ $url }}]" + pg_isready -U {{ $user }} -d {{ $db }} -h {{ $url }} + do sleep 5 +done +echo "Database available on url: [{{ $url }}]" +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/dependencies/_mariadbInjector.tpl b/charts/baikal/baikal/charts/common/templates/lib/dependencies/_mariadbInjector.tpl new file mode 100644 index 0000000..935519b --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/dependencies/_mariadbInjector.tpl @@ -0,0 +1,56 @@ +{{/* +This template generates a random password and ensures it persists across updates/edits to the chart +*/}} +{{- define "tc.v1.common.dependencies.mariadb.secret" -}} + +{{- if .Values.mariadb.enabled -}} + {{/* Use custom-set password */}} + {{- $dbPass := .Values.mariadb.password -}} + + {{/* Use custom-set root-password */}} + {{- $rootPass := .Values.mariadb.rootPassword -}} + + {{/* Prepare data */}} + {{- $dbhost := printf "%v-%v" .Release.Name "mariadb" -}} + {{- $portHost := printf "%v:3306" $dbhost -}} + {{- $complete := printf "sql://%v:%v@%v/%v" .Values.mariadb.mariadbUsername $dbPass $portHost .Values.mariadb.mariadbDatabase -}} + {{- $urlnossl := printf "sql://%v:%v@%v/%v?sslmode=disable" .Values.mariadb.mariadbUsername $dbPass $portHost .Values.mariadb.mariadbDatabase -}} + {{- $jdbc := printf "jdbc:sqlserver://%v/%v" $portHost .Values.mariadb.mariadbDatabase -}} + {{- $jdbcMySQL := printf "jdbc:mysql://%v/%v" $portHost .Values.mariadb.mariadbDatabase -}} + {{- $jdbcMariaDB := printf "jdbc:mariadb://%v/%v" $portHost .Values.mariadb.mariadbDatabase -}} + + {{/* Append some values to mariadb.creds, so apps using the dep, can use them */}} + {{- $_ := set .Values.mariadb.creds "mariadbPassword" ($dbPass | quote) -}} + {{- $_ := set .Values.mariadb.creds "mariadbRootPassword" ($rootPass | quote) -}} + {{- $_ := set .Values.mariadb.creds "plain" ($dbhost | quote) -}} + {{- $_ := set .Values.mariadb.creds "plainhost" ($dbhost | quote) -}} + {{- $_ := set .Values.mariadb.creds "plainport" ($portHost | quote) -}} + {{- $_ := set .Values.mariadb.creds "plainporthost" ($portHost | quote) -}} + {{- $_ := set .Values.mariadb.creds "complete" ($complete | quote) -}} + {{- $_ := set .Values.mariadb.creds "urlnossl" ($urlnossl | quote) -}} + {{- $_ := set .Values.mariadb.creds "jdbc" ($jdbc | quote) -}} + {{- $_ := set .Values.mariadb.creds "jdbcmysql" ($jdbcMySQL | quote) -}} + {{- $_ := set .Values.mariadb.creds "jdbcmariadb" ($jdbcMariaDB | quote) -}} + +{{/* Create the secret (Comment also plays a role on correct formatting) */}} +enabled: true +expandObjectName: false +data: + mariadb-password: {{ $dbPass }} + mariadb-root-password: {{ $rootPass }} + url: {{ $complete }} + urlnossl: {{ $urlnossl }} + plainporthost: {{ $portHost }} + plainhost: {{ $dbhost }} + jdbc: {{ $jdbc }} + jdbc-mysql: {{ $jdbcMySQL }} + jdbc-mariadb: {{ $jdbcMariaDB }} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.dependencies.mariadb.injector" -}} + {{- $secret := include "tc.v1.common.dependencies.mariadb.secret" . | fromYaml -}} + {{- if $secret -}} + {{- $_ := set .Values.secret (printf "%s-%s" .Release.Name "mariadbcreds") $secret -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/dependencies/_mongodbInjector.tpl b/charts/baikal/baikal/charts/common/templates/lib/dependencies/_mongodbInjector.tpl new file mode 100644 index 0000000..b3cbdda --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/dependencies/_mongodbInjector.tpl @@ -0,0 +1,53 @@ +{{/* +This template generates a random password and ensures it persists across updates/edits to the chart +*/}} +{{- define "tc.v1.common.dependencies.mongodb.secret" -}} + +{{- if .Values.mongodb.enabled -}} + {{/* Use custom-set password */}} + {{- $dbPass := .Values.mongodb.password -}} + + {{/* Use custom-set root-password */}} + {{- $rootPass := .Values.mongodb.rootPassword -}} + + {{/* Prepare data */}} + {{- $dbhost := printf "%v-%v" .Release.Name "mongodb" -}} + {{- $portHost := printf "%v:27017" $dbhost -}} + {{- $jdbc := printf "jdbc:mongodb://%v/%v" $portHost .Values.mongodb.mongodbDatabase -}} + {{- $url := printf "mongodb://%v:%v@%v/%v" .Values.mongodb.mongodbUsername $dbPass $portHost .Values.mongodb.mongodbDatabase -}} + {{- $urlssl := printf "%v?ssl=true" $url -}} + {{- $urltls := printf "%v?tls=true" $url -}} + + {{/* Append some values to mongodb.creds, so apps using the dep, can use them */}} + {{- $_ := set .Values.mongodb.creds "mongodbPassword" ($dbPass | quote) -}} + {{- $_ := set .Values.mongodb.creds "mongodbRootPassword" ($rootPass | quote) -}} + {{- $_ := set .Values.mongodb.creds "plain" ($dbhost | quote) -}} + {{- $_ := set .Values.mongodb.creds "plainhost" ($dbhost | quote) -}} + {{- $_ := set .Values.mongodb.creds "plainport" ($portHost | quote) -}} + {{- $_ := set .Values.mongodb.creds "plainporthost" ($portHost | quote) -}} + {{- $_ := set .Values.mongodb.creds "complete" ($url | quote) -}} + {{- $_ := set .Values.mongodb.creds "urlssl" ($urlssl | quote) -}} + {{- $_ := set .Values.mongodb.creds "urltls" ($urltls | quote) -}} + {{- $_ := set .Values.mongodb.creds "jdbc" ($jdbc | quote) -}} + +{{/* Create the secret (Comment also plays a role on correct formatting) */}} +enabled: true +expandObjectName: false +data: + mongodb-password: {{ $dbPass }} + mongodb-root-password: {{ $rootPass }} + url: {{ $url }} + urlssl: {{ $urlssl }} + urltls: {{ $urltls }} + jdbc: {{ $jdbc }} + plainhost: {{ $dbhost }} + plainporthost: {{ $portHost }} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.dependencies.mongodb.injector" -}} + {{- $secret := include "tc.v1.common.dependencies.mongodb.secret" . | fromYaml -}} + {{- if $secret -}} + {{- $_ := set .Values.secret (printf "%s-%s" .Release.Name "mongodbcreds") $secret -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/dependencies/_redisInjector.tpl b/charts/baikal/baikal/charts/common/templates/lib/dependencies/_redisInjector.tpl new file mode 100644 index 0000000..e500b40 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/dependencies/_redisInjector.tpl @@ -0,0 +1,48 @@ +{{/* +This template generates a random password and ensures it persists across updates/edits to the chart +*/}} +{{- define "tc.v1.common.dependencies.redis.secret" -}} + +{{- if .Values.redis.enabled -}} + {{- $dbIndex := .Values.redis.redisDatabase | default "0" -}} + {{/* Use with custom-set password */}} + {{- $dbPass := .Values.redis.password -}} + + {{- $redisUser := .Values.redis.redisUsername -}} + {{- if not $redisUser -}}{{/* If you try to print a nil value it will print as [nil] */}} + {{- $redisUser = "" -}} + {{- end -}} + {{/* Prepare data */}} + {{- $dbHost := printf "%v-%v" .Release.Name "redis" -}} + {{- $portHost := printf "%v:6379" $dbHost -}} + {{- $url := printf "redis://%v:%v@%v/%v" $redisUser $dbPass $portHost $dbIndex -}} + {{- $hostPass := printf "%v:%v@%v" $redisUser $dbPass $dbHost -}} + + {{/* Append some values to redis.creds, so apps using the dep, can use them */}} + {{- $_ := set .Values.redis.creds "redisPassword" ($dbPass | quote) -}} + {{- $_ := set .Values.redis.creds "plain" ($dbHost | quote) -}} + {{- $_ := set .Values.redis.creds "plainhost" ($dbHost | quote) -}} + {{- $_ := set .Values.redis.creds "plainport" ($portHost | quote) -}} + {{- $_ := set .Values.redis.creds "plainporthost" ($portHost | quote) -}} + {{- $_ := set .Values.redis.creds "plainhostpass" ($hostPass | quote) -}} + {{- $_ := set .Values.redis.creds "url" ($url | quote) -}} + +{{/* Create the secret (Comment also plays a role on correct formatting) */}} +enabled: true +expandObjectName: false +data: + redis-password: {{ $dbPass }} + plain: {{ $dbHost }} + url: {{ $url }} + plainhostpass: {{ $hostPass }} + plainporthost: {{ $portHost }} + plainhost: {{ $dbHost }} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.dependencies.redis.injector" -}} + {{- $secret := include "tc.v1.common.dependencies.redis.secret" . | fromYaml -}} + {{- if $secret -}} + {{- $_ := set .Values.secret (printf "%s-%s" .Release.Name "rediscreds") $secret -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/dependencies/_solrInjector.tpl b/charts/baikal/baikal/charts/common/templates/lib/dependencies/_solrInjector.tpl new file mode 100644 index 0000000..357122a --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/dependencies/_solrInjector.tpl @@ -0,0 +1,37 @@ +{{/* +This template generates a random password and ensures it persists across updates/edits to the chart +*/}} +{{- define "tc.v1.common.dependencies.solr.secret" -}} + +{{- if .Values.solr.enabled -}} + {{/* Use with custom-set password */}} + {{- $solrPass := .Values.solr.password -}} + + {{/* Prepare data */}} + {{- $dbHost := printf "%v-%v" .Release.Name "solr" -}} + {{- $portHost := printf "%v:8983" $dbHost -}} + {{- $url := printf "http://%v:%v@%v/url/%v" .Values.solr.solrUsername $solrPass $portHost .Values.solr.solrCores -}} + + {{/* Append some values to solr.creds, so apps using the dep, can use them */}} + {{- $_ := set .Values.solr.creds "solrPassword" ($solrPass | quote) -}} + {{- $_ := set .Values.solr.creds "plain" ($dbHost | quote) -}} + {{- $_ := set .Values.solr.creds "plainhost" ($dbHost | quote) -}} + {{- $_ := set .Values.solr.creds "portHost" ($portHost | quote) -}} + {{- $_ := set .Values.solr.creds "url" ($url | quote) -}} + +{{/* Create the secret (Comment also plays a role on correct formatting) */}} +enabled: true +expandObjectName: false +data: + solr-password: {{ $solrPass }} + url: {{ $url }} + plainhost: {{ $dbHost }} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.dependencies.solr.injector" -}} + {{- $secret := include "tc.v1.common.dependencies.solr.secret" . | fromYaml -}} + {{- if $secret -}} + {{- $_ := set .Values.secret (printf "%s-%s" .Release.Name "solrcreds") $secret -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/endpoint/_addresses.tpl b/charts/baikal/baikal/charts/common/templates/lib/endpoint/_addresses.tpl new file mode 100644 index 0000000..c80950a --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/endpoint/_addresses.tpl @@ -0,0 +1,20 @@ +{{/* Endpoint - addresses */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.endpoint.addresses" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The object data of the service +*/}} + +{{- define "tc.v1.common.lib.endpoint.addresses" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.externalIP -}} + {{- fail "EndpointSlice - Expected non-empty [externalIP]" -}} + {{- end -}} + + {{- if not (kindIs "string" $objectData.externalIP) -}} {{/* Only single IP is supported currently on this lib */}} + {{- fail (printf "EndpointSlice - Expected [externalIP] to be a [string], but got [%s]" (kindOf $objectData.externalIP)) -}} + {{- end }} + - ip: {{ tpl $objectData.externalIP $rootCtx }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/endpoint/_ports.tpl b/charts/baikal/baikal/charts/common/templates/lib/endpoint/_ports.tpl new file mode 100644 index 0000000..de9761f --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/endpoint/_ports.tpl @@ -0,0 +1,40 @@ +{{/* Endpoint - Ports */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.endpoint.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The object data of the service +*/}} + +{{- define "tc.v1.common.lib.endpoint.ports" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $tcpProtocols := (list "tcp" "http" "https") -}} + {{- range $name, $portValues := $objectData.ports -}} + {{- if $portValues.enabled -}} + {{- $protocol := $rootCtx.Values.global.fallbackDefaults.serviceProtocol -}} {{/* Default to fallback protocol, if no protocol is defined */}} + {{- $port := $portValues.targetPort | default $portValues.port -}} + + {{/* Expand targetPort */}} + {{- if (kindIs "string" $port) -}} + {{- $port = (tpl $port $rootCtx) -}} + {{- end -}} + {{- $port = int $port -}} + + {{- with $portValues.protocol -}} + {{- $protocol = tpl . $rootCtx -}} + + {{- if mustHas $protocol $tcpProtocols -}} + {{- $protocol = "tcp" -}} + {{- end -}} + {{- end }} +- name: {{ $name }} + port: {{ $port }} + protocol: {{ $protocol | upper }} + {{- with $portValues.appProtocol }} + appProtocol: {{ tpl . $rootCtx | lower }} + {{- end -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/endpointSlice/_endpoints.tpl b/charts/baikal/baikal/charts/common/templates/lib/endpointSlice/_endpoints.tpl new file mode 100644 index 0000000..38d81e5 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/endpointSlice/_endpoints.tpl @@ -0,0 +1,21 @@ +{{/* EndpointSlice - endpoints */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.endpointslice.endpoints" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The object data of the service +*/}} + +{{- define "tc.v1.common.lib.endpointslice.endpoints" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.externalIP -}} + {{- fail "EndpointSlice - Expected non-empty [externalIP]" -}} + {{- end -}} + + {{- if not (kindIs "string" $objectData.externalIP) -}} {{/* Only single IP is supported currently on this lib */}} + {{- fail (printf "EndpointSlice - Expected [externalIP] to be a [string], but got [%s]" (kindOf $objectData.externalIP)) -}} + {{- end }} +- addresses: + - {{ tpl $objectData.externalIP $rootCtx }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/endpointSlice/_ports.tpl b/charts/baikal/baikal/charts/common/templates/lib/endpointSlice/_ports.tpl new file mode 100644 index 0000000..726b96d --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/endpointSlice/_ports.tpl @@ -0,0 +1,40 @@ +{{/* EndpointSlice - Ports */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.endpointslice.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The object data of the service +*/}} + +{{- define "tc.v1.common.lib.endpointslice.ports" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $tcpProtocols := (list "tcp" "http" "https") -}} + {{- range $name, $portValues := $objectData.ports -}} + {{- if $portValues.enabled -}} + {{- $protocol := $rootCtx.Values.global.fallbackDefaults.serviceProtocol -}} {{/* Default to fallback protocol, if no protocol is defined */}} + {{- $port := $portValues.targetPort | default $portValues.port -}} + + {{/* Expand targetPort */}} + {{- if (kindIs "string" $port) -}} + {{- $port = (tpl $port $rootCtx) -}} + {{- end -}} + {{- $port = int $port -}} + + {{- with $portValues.protocol -}} + {{- $protocol = tpl . $rootCtx -}} + + {{- if mustHas $protocol $tcpProtocols -}} + {{- $protocol = "tcp" -}} + {{- end -}} + {{- end }} +- name: {{ $name }} + port: {{ $port }} + protocol: {{ $protocol | upper }} + {{- with $portValues.appProtocol }} + appProtocol: {{ tpl . $rootCtx | lower }} + {{- end -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/hpa/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/hpa/_validation.tpl new file mode 100644 index 0000000..a8195df --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/hpa/_validation.tpl @@ -0,0 +1,360 @@ +{{- define "tc.v1.common.lib.hpa.validation" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $minReplicas := 1 -}} + {{- with $objectData.minReplicas -}} + {{- if not (mustHas (kindOf $objectData.minReplicas) (list "int" "int64" "float64")) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.minReplicas] to be an integer, but got [%s]" $objectData.hpaName (kindOf $objectData.minReplicas)) -}} + {{- end -}} + {{- $minReplicas = $objectData.minReplicas -}} + {{- end -}} + + {{- $maxReplicas := 3 -}} + {{- with $objectData.maxReplicas -}} + {{- if not (mustHas (kindOf $objectData.maxReplicas) (list "int" "int64" "float64")) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.maxReplicas] to be an integer, but got [%s]" $objectData.hpaName (kindOf $objectData.maxReplicas)) -}} + {{- end -}} + {{- $maxReplicas = $objectData.maxReplicas -}} + {{- end -}} + + {{- $_ := set $objectData "minReplicas" $minReplicas -}} + {{- $_ := set $objectData "maxReplicas" $maxReplicas -}} + + {{- if lt $maxReplicas $minReplicas -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.minReplicas] to be less than [hpa.%s.maxReplicas], but got [%d] and [%d]" $objectData.hpaName $objectData.hpaName ($minReplicas | int) ($maxReplicas | int)) -}} + {{- end -}} + + {{- if $objectData.behavior -}} + {{- if $objectData.behavior.scaleUp -}} + {{- include "tc.v1.common.lib.hpa.validation.behavior" (dict "objectData" $objectData "rootCtx" $rootCtx "data" $objectData.behavior.scaleUp "key" "scaleUp") -}} + {{- end -}} + {{- if $objectData.behavior.scaleDown -}} + {{- include "tc.v1.common.lib.hpa.validation.behavior" (dict "objectData" $objectData "rootCtx" $rootCtx "data" $objectData.behavior.scaleDown "key" "scaleDown") -}} + {{- end -}} + {{- end -}} + + {{- if $objectData.metrics -}} + {{- include "tc.v1.common.lib.hpa.validation.metrics" (dict "objectData" $objectData "rootCtx" $rootCtx "data" $objectData.metrics) -}} + {{- end -}} + +{{- end -}} + +{{- define "tc.v1.common.lib.hpa.validation.behavior" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $data := .data -}} + {{- $key := .key -}} + + {{- if $data.selectPolicy -}} + {{- $validSelectPolicies := list "Max" "Min" "Disabled" -}} + {{- if not (mustHas $data.selectPolicy $validSelectPolicies) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.behavior.%s.selectPolicy] to be one of [%s], but got [%s]" $objectData.hpaName $key (join ", " $validSelectPolicies) $data.selectPolicy) -}} + {{- end -}} + {{- end -}} + + {{- if $data.stabilizationWindowSeconds -}} + {{- if not (mustHas (kindOf $data.stabilizationWindowSeconds) (list "int" "int64" "float64")) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.behavior.%s.stabilizationWindowSeconds] to be an integer, but got [%s]" $objectData.hpaName $key (kindOf $data.stabilizationWindowSeconds)) -}} + {{- end -}} + {{- end -}} + + {{- if $data.policies -}} + {{- if not (kindIs "slice" $data.policies) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.behavior.%s.policies] to be a list, but got [%s]" $objectData.hpaName $key (kindOf $data.policies)) -}} + {{- end -}} + + {{- $validPolicies := list "Pods" "Percent" -}} + {{- range $idx, $policy := $data.policies -}} + {{- if not (kindIs "map" $policy) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.behavior.%s.policies.%d] to be a map, but got [%s]" $objectData.hpaName $key $idx (kindOf $policy)) -}} + {{- end -}} + + {{- if not (mustHas $policy.type $validPolicies) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.behavior.%s.policies.%d.type] to be one of [%s], but got [%s]" $objectData.hpaName $key $idx (join ", " $validPolicies) $policy.type) -}} + {{- end -}} + + {{- if not (mustHas (kindOf $policy.value) (list "int" "int64" "float64")) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.behavior.%s.policies.%d.value] to be an integer, but got [%s]" $objectData.hpaName $key $idx (kindOf $policy.value)) -}} + {{- end -}} + + {{- if not (mustHas (kindOf $policy.periodSeconds) (list "int" "int64" "float64")) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.behavior.%s.policies.%d.periodSeconds] to be an integer, but got [%s]" $objectData.hpaName $key $idx (kindOf $policy.periodSeconds)) -}} + {{- end -}} + + {{- if le ($policy.value | int) 0 -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.behavior.%s.policies.%d.value] to be greater than 0, but got [%v]" $objectData.hpaName $key $idx $policy.value) -}} + {{- end -}} + + {{- if or (lt ($policy.periodSeconds | int) 1) (gt ($policy.periodSeconds | int) 1800) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.behavior.%s.policies.%d.periodSeconds] to be between 1 and 1800, but got [%v]" $objectData.hpaName $key $idx $policy.periodSeconds) -}} + {{- end -}} + + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.hpa.validation.metrics" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- if not (kindIs "slice" $objectData.metrics) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics] to be a list, but got [%s]" $objectData.hpaName (kindOf $objectData.metrics)) -}} + {{- end -}} + + {{- range $idx, $metric := $objectData.metrics -}} + {{- if not (kindIs "map" $metric) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d] to be a map, but got [%s]" $objectData.hpaName $idx (kindOf $metric)) -}} + {{- end -}} + + {{- if not (mustHas $metric.type (list "Resource" "Pods" "Object" "External" "ContainerResource")) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.type] to be one of [Resource, Pods, Object, External, ContainerResource], but got [%s]" $objectData.hpaName $idx $metric.type) -}} + {{- end -}} + + {{- if eq $metric.type "Resource" -}} + {{- include "tc.v1.common.lib.hpa.validation.metrics.resource" (dict "objectData" $objectData "rootCtx" $rootCtx "metric" $metric "idx" $idx) -}} + {{- else if eq $metric.type "Pods" -}} + {{- include "tc.v1.common.lib.hpa.validation.metrics.pods" (dict "objectData" $objectData "rootCtx" $rootCtx "metric" $metric "idx" $idx) -}} + {{- else if eq $metric.type "Object" -}} + {{- include "tc.v1.common.lib.hpa.validation.metrics.object" (dict "objectData" $objectData "rootCtx" $rootCtx "metric" $metric "idx" $idx) -}} + {{- else if eq $metric.type "External" -}} + {{- include "tc.v1.common.lib.hpa.validation.metrics.external" (dict "objectData" $objectData "rootCtx" $rootCtx "metric" $metric "idx" $idx) -}} + {{- else if eq $metric.type "ContainerResource" -}} + {{- include "tc.v1.common.lib.hpa.validation.metrics.containerResource" (dict "objectData" $objectData "rootCtx" $rootCtx "metric" $metric "idx" $idx) -}} + {{- end -}} + + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.hpa.validation.metrics.resource" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $metric := .metric -}} + {{- $idx := .idx -}} + + {{- if not (kindIs "map" $metric.resource) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.resource] to be a map, but got [%s]" $objectData.hpaName $idx (kindOf $metric.resource)) -}} + {{- end -}} + + {{- $validNames := list "cpu" "memory" -}} + {{- if not (mustHas $metric.resource.name $validNames) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.resource.name] to be one of [%s], but got [%s]" $objectData.hpaName $idx (join ", " $validNames) $metric.resource.name) -}} + {{- end -}} + + {{- include "tc.v1.common.lib.hpa.validation.metrics.metric.target" (dict "objectData" $objectData "rootCtx" $rootCtx "metric" $metric.resource "key" "resource" "idx" $idx) -}} +{{- end -}} + +{{- define "tc.v1.common.lib.hpa.validation.metrics.containerResource" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $metric := .metric -}} + {{- $idx := .idx -}} + + {{- if not (kindIs "map" $metric.containerResource) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.containerResource] to be a map, but got [%s]" $objectData.hpaName $idx (kindOf $metric.containerResource)) -}} + {{- end -}} + + {{- $validNames := list "cpu" "memory" -}} + {{- if not (mustHas $metric.containerResource.name $validNames) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.containerResource.name] to be one of [%s], but got [%s]" $objectData.hpaName $idx (join ", " $validNames) $metric.containerResource.name) -}} + {{- end -}} + + {{- if not (mustHas $metric.containerResource.container $objectData.containerNames) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.containerResource.container] to be one of [%s], but got [%s]" $objectData.hpaName $idx (join ", " $objectData.containerNames) $metric.containerResource.container) -}} + {{- end -}} + + {{- include "tc.v1.common.lib.hpa.validation.metrics.metric.target" (dict "objectData" $objectData "rootCtx" $rootCtx "metric" $metric.containerResource "key" "containerResource" "idx" $idx) -}} +{{- end -}} + +{{- define "tc.v1.common.lib.hpa.validation.metrics.pods" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $metric := .metric -}} + {{- $idx := .idx -}} + + {{- if not (kindIs "map" $metric.pods) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.pods] to be a map, but got [%s]" $objectData.hpaName $idx (kindOf $metric.pods)) -}} + {{- end -}} + + {{- if not (kindIs "map" $metric.pods.metric) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.pods.metric] to be a map, but got [%s]" $objectData.hpaName $idx (kindOf $metric.pods.metric)) -}} + {{- end -}} + + {{- if or (not $metric.pods.metric.name) (not (kindIs "string" $metric.pods.metric.name)) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.pods.metric.name] to be a string, but got [%s]" $objectData.hpaName $idx (kindOf $metric.pods.metric.name)) -}} + {{- end -}} + + {{- if not (kindIs "map" $metric.pods.target) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.pods.target] to be a map, but got [%s]" $objectData.hpaName $idx (kindOf $metric.pods.target)) -}} + {{- end -}} + + {{- if not (mustHas (kindOf $metric.pods.target.averageValue) (list "int" "int64" "float64" "string")) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.pods.target.averageValue] to be an integer or string, but got [%s]" $objectData.hpaName $idx (kindOf $metric.pods.target.averageValue)) -}} + {{- end -}} + + {{- if $metric.pods.metric.selector -}} + {{- include "tc.v1.common.lib.hpa.validation.metric.selector" (dict "objectData" $objectData "rootCtx" $rootCtx "data" $metric.pods "key" "pods" "idx" $idx) -}} + {{- end -}} + +{{- end -}} + +{{- define "tc.v1.common.lib.hpa.validation.metric.selector" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $data := .data -}} + {{- $key := .key -}} + {{- $idx := .idx -}} + + {{- if not (kindIs "map" $data.metric.selector) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.%s.metric.selector] to be a map, but got [%s]" $objectData.hpaName $idx $key (kindOf $data.metric.selector)) -}} + {{- end -}} + + {{- if not (kindIs "map" $data.metric.selector.matchLabels) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.%s.metric.selector.matchLabels] to be a map, but got [%s]" $objectData.hpaName $idx $key (kindOf $data.metric.selector.matchLabels)) -}} + {{- end -}} + + {{- range $k, $v := $data.metric.selector.matchLabels -}} + {{- if not (kindIs "string" $k) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.%s.metric.selector.matchLabels] to have string keys, but got [%s]" $objectData.hpaName $idx $key (kindOf $k)) -}} + {{- end -}} + + {{- if not (kindIs "string" $v) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.%s.metric.selector.matchLabels.%s] to be a string, but got [%s]" $objectData.hpaName $idx $key $k (kindOf $v)) -}} + {{- end -}} + {{- end -}} + +{{- end -}} + +{{- define "tc.v1.common.lib.hpa.validation.metrics.object" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $metric := .metric -}} + {{- $idx := .idx -}} + + {{- if not (kindIs "map" $metric.object) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.object] to be a map, but got [%s]" $objectData.hpaName $idx (kindOf $metric.object)) -}} + {{- end -}} + + {{- if not (kindIs "map" $metric.object.metric) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.object.metric] to be a map, but got [%s]" $objectData.hpaName $idx (kindOf $metric.object.metric)) -}} + {{- end -}} + + {{- if or (not $metric.object.metric.name) (not (kindIs "string" $metric.object.metric.name)) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.object.metric.name] to be a string, but got [%s]" $objectData.hpaName $idx (kindOf $metric.object.metric.name)) -}} + {{- end -}} + + {{- if not (kindIs "map" $metric.object.target) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.object.target] to be a map, but got [%s]" $objectData.hpaName $idx (kindOf $metric.object.target)) -}} + {{- end -}} + + {{- $validTypes := list "AverageValue" "Value" -}} + {{- if not (mustHas $metric.object.target.type $validTypes) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.object.target.type] to be one of [%s], but got [%s]" $objectData.hpaName $idx (join ", " $validTypes) $metric.object.target.type) -}} + {{- end -}} + + {{- if eq $metric.object.target.type "AverageValue" -}} + {{- if not (mustHas (kindOf $metric.object.target.averageValue) (list "int" "int64" "float64" "string")) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.object.target.averageValue] to be an integer or string, but got [%s]" $objectData.hpaName $idx (kindOf $metric.object.target.averageValue)) -}} + {{- end -}} + {{- else if eq $metric.object.target.type "Value" -}} + {{- if not (mustHas (kindOf $metric.object.target.value) (list "int" "int64" "float64" "string")) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.object.target.value] to be an integer or string, but got [%s]" $objectData.hpaName $idx (kindOf $metric.object.target.value)) -}} + {{- end -}} + {{- end -}} + + {{- if $metric.object.metric.selector -}} + {{- include "tc.v1.common.lib.hpa.validation.metric.selector" (dict "objectData" $objectData "rootCtx" $rootCtx "data" $metric.object "key" "object" "idx" $idx) -}} + {{- end -}} + + {{- if not (kindIs "map" $metric.object.describedObject) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.object.describedObject] to be a map, but got [%s]" $objectData.hpaName $idx (kindOf $metric.object.describedObject)) -}} + {{- end -}} + + {{- if or (not $metric.object.describedObject.name) (not (kindIs "string" $metric.object.describedObject.name)) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.object.describedObject.name] to be a string, but got [%s]" $objectData.hpaName $idx (kindOf $metric.object.describedObject.name)) -}} + {{- end -}} + + {{- if or (not $metric.object.describedObject.kind) (not (kindIs "string" $metric.object.describedObject.kind)) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.object.describedObject.kind] to be a string, but got [%s]" $objectData.hpaName $idx (kindOf $metric.object.describedObject.kind)) -}} + {{- end -}} + + {{- if or (not $metric.object.describedObject.apiVersion) (not (kindIs "string" $metric.object.describedObject.apiVersion)) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.object.describedObject.apiVersion] to be a string, but got [%s]" $objectData.hpaName $idx (kindOf $metric.object.describedObject.apiVersion)) -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.hpa.validation.metrics.external" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $metric := .metric -}} + {{- $idx := .idx -}} + + {{- if not (kindIs "map" $metric.external) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.external] to be a map, but got [%s]" $objectData.hpaName $idx (kindOf $metric.external)) -}} + {{- end -}} + + {{- if not (kindIs "map" $metric.external.metric) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.external.metric] to be a map, but got [%s]" $objectData.hpaName $idx (kindOf $metric.external.metric)) -}} + {{- end -}} + + {{- if or (not $metric.external.metric.name) (not (kindIs "string" $metric.external.metric.name)) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.external.metric.name] to be a string, but got [%s]" $objectData.hpaName $idx (kindOf $metric.external.metric.name)) -}} + {{- end -}} + + {{- if not (kindIs "map" $metric.external.target) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.external.target] to be a map, but got [%s]" $objectData.hpaName $idx (kindOf $metric.external.target)) -}} + {{- end -}} + + {{- $validTypes := list "AverageValue" "Value" -}} + {{- if not (mustHas $metric.external.target.type $validTypes) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.external.target.type] to be one of [%s], but got [%s]" $objectData.hpaName $idx (join ", " $validTypes) $metric.external.target.type) -}} + {{- end -}} + + {{- if eq $metric.external.target.type "AverageValue" -}} + {{- if not (mustHas (kindOf $metric.external.target.averageValue) (list "int" "int64" "float64" "string")) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.external.target.averageValue] to be an integer or string, but got [%s]" $objectData.hpaName $idx (kindOf $metric.external.target.averageValue)) -}} + {{- end -}} + {{- else if eq $metric.external.target.type "Value" -}} + {{- if not (mustHas (kindOf $metric.external.target.value) (list "int" "int64" "float64" "string")) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.external.target.value] to be an integer or string, but got [%s]" $objectData.hpaName $idx (kindOf $metric.external.target.value)) -}} + {{- end -}} + {{- end -}} + + {{- if $metric.external.metric.selector -}} + {{- include "tc.v1.common.lib.hpa.validation.metric.selector" (dict "objectData" $objectData "rootCtx" $rootCtx "data" $metric.external "key" "external" "idx" $idx) -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.hpa.validation.metrics.metric.target" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $data := .metric -}} + {{- $key := .key -}} + {{- $idx := .idx -}} + + {{- if not (kindIs "map" $data.target) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.%s.target] to be a map, but got [%s]" $objectData.hpaName $idx $key (kindOf $data.target)) -}} + {{- end -}} + + {{- $validTargetTypes := list "AverageValue" "Utilization" -}} + {{- if not (mustHas $data.target.type $validTargetTypes) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.%s.target.type] to be one of [%s], but got [%s]" $objectData.hpaName $idx $key (join ", " $validTargetTypes) $data.target.type) -}} + {{- end -}} + + {{- if eq $data.target.type "AverageValue" -}} + {{- if not (mustHas (kindOf $data.target.averageValue) (list "int" "int64" "float64" "string")) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.%s.target.averageValue] to be an integer or string, but got [%s]" $objectData.hpaName $idx $key (kindOf $data.target.averageValue)) -}} + {{- end -}} + {{- else if eq $data.target.type "Utilization" -}} + {{- if not (mustHas (kindOf $data.target.averageUtilization) (list "int" "int64" "float64")) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.%s.target.averageUtilization] to be an integer, but got [%s]" $objectData.hpaName $idx $key (kindOf $data.target.averageUtilization)) -}} + {{- end -}} + {{- end -}} + + {{- if $data.target.value -}} + {{- if not (mustHas (kindOf $data.target.value) (list "int" "int64" "float64" "string")) -}} + {{- fail (printf "Horizontal Pod Autoscaler - Expected [hpa.%s.metrics.%d.%s.target.value] to be an integer or string, but got [%s]" $objectData.hpaName $idx $key (kindOf $data.target.value)) -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/imagePullSecret/_createData.tpl b/charts/baikal/baikal/charts/common/templates/lib/imagePullSecret/_createData.tpl new file mode 100644 index 0000000..5ebef01 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/imagePullSecret/_createData.tpl @@ -0,0 +1,43 @@ +{{/* Configmap Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.imagePullSecret.createData" (dict "objectData" $objectData "root" $rootCtx) -}} +rootCtx: The root context of the chart. +objectData: + data: The data of the imagePullSecret. +*/}} + +{{- define "tc.v1.common.lib.imagePullSecret.createData" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $registrySecret := dict -}} + + {{/* Auth is b64encoded and then the whole secret is b64encoded */}} + {{- $auth := printf "%s:%s" (tpl $objectData.data.username $rootCtx) (tpl $objectData.data.password $rootCtx) | b64enc -}} + + {{- $registry := dict -}} + {{- with $objectData.data -}} + {{- $registry = (dict "username" (tpl .username $rootCtx) "password" (tpl .password $rootCtx) + "email" (tpl .email $rootCtx) "auth" $auth) -}} + {{- end -}} + + {{- $registryKey := tpl $objectData.data.registry $rootCtx -}} + {{- $_ := set $registrySecret "auths" (dict $registryKey $registry) -}} + + {{/* + This should result in something like this: + { + "auths": { + "$registry": { + "username": "$username", + "password": "$password", + "email": "$email", + "auth": "($username:$password) base64" + } + } +} +*/}} + + {{/* Return the registrySecret as Json */}} + {{- $registrySecret | toJson -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/imagePullSecret/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/imagePullSecret/_validation.tpl new file mode 100644 index 0000000..3162c83 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/imagePullSecret/_validation.tpl @@ -0,0 +1,27 @@ +{{/* Configmap Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.imagePullSecret.validation" (dict "objectData" $objectData) -}} +objectData: + labels: The labels of the imagePullSecret. + annotations: The annotations of the imagePullSecret. + data: The data of the imagePullSecret. +*/}} + +{{- define "tc.v1.common.lib.imagePullSecret.validation" -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.data -}} + {{- fail "Image Pull Secret - Expected non-empty [data]" -}} + {{- end -}} + + {{- if not (kindIs "map" $objectData.data) -}} + {{- fail (printf "Image Pull Secret - Expected [data] to be a dictionary, but got [%v]" (kindOf $objectData.data)) -}} + {{- end -}} + + {{- range $key := (list "username" "password" "registry" "email") -}} + {{- if not (get $objectData.data $key) -}} + {{- fail (printf "Image Pull Secret - Expected non-empty [%s]" $key) -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/ingress/_serviceData.tpl b/charts/baikal/baikal/charts/common/templates/lib/ingress/_serviceData.tpl new file mode 100644 index 0000000..3190dbf --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/ingress/_serviceData.tpl @@ -0,0 +1,35 @@ +{{- define "tc.v1.common.lib.ingress.backend.data" -}} + {{- $rootCtx := .rootCtx -}} + {{- $svcData := .svcData -}} + {{- $override := .override -}} + + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}} + + {{- with $override -}} + {{- $name := .name -}} + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $rootCtx "objectData" . "name" $name + "caller" "Ingress" "key" "overrideService" + )) -}} + + {{/* Init */}} + {{- $expName := $name -}} + + {{/* Expand if needed */}} + {{- if eq $expandName "true" -}} + {{/* But first check if the svc is primary */}} + {{- $svc := (get $rootCtx.Values.service $name) | default dict -}} + + {{- if $svc.primary -}} {{/* If primary, use fullname */}} + {{- $expName = $fullname -}} + {{- else -}} {{/* If not primary, use fullname + name */}} + {{- $expName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{- end -}} + + {{- $svcData = (dict "name" $expName "port" .port) -}} + {{- end -}} + + {{- $svcData | toYaml -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/ingress/_targetSelector.tpl b/charts/baikal/baikal/charts/common/templates/lib/ingress/_targetSelector.tpl new file mode 100644 index 0000000..91a1e02 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/ingress/_targetSelector.tpl @@ -0,0 +1,90 @@ +{{/* Returns the selected service or fallback to primary */}} +{{- define "tc.v1.common.lib.ingress.targetSelector" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $selectedService := (dict "name" "" "port" 0) -}} + {{- $svcData := dict -}} + {{- $portData := dict -}} + {{- $svcName := "" -}} + {{- $portName := "" -}} + + {{- if $objectData.targetSelector -}} + {{/* We have validation that only 1 key is allowed */}} + {{- $svcName = ($objectData.targetSelector | keys | mustFirst) -}} + {{- $portName = (get $objectData.targetSelector $svcName) -}} + {{- $svcData = (get $rootCtx.Values.service $svcName) -}} + + {{- if not $svcData -}} + {{- fail (printf "Ingress - Expected targeted service [%s] to exist" $svcName) -}} + {{- end -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $rootCtx "objectData" $svcData + "name" $svcName "caller" "Ingress" + "key" "ingress")) -}} + + {{- if ne $enabled "true" -}} + {{- fail (printf "Ingress - Expected targeted service [%s] to be enabled" $svcName) -}} + {{- end -}} + + {{- else -}} + {{/* Find the primary service */}} + {{- range $name, $service := $rootCtx.Values.service -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $rootCtx "objectData" $service + "name" $name "caller" "Ingress" + "key" "ingress")) -}} + + {{/* Check if its enabled */}} + {{- if eq $enabled "true" -}} + + {{- if $service.primary -}} + {{- $svcName = $name -}} + {{- $svcData = $service -}} + + {{/* Find the primary port */}} + {{- range $name, $port := $svcData.ports -}} + {{- if $port.primary -}} + {{- $portName = $name -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if not $svcData -}} + {{- fail "Ingress - Expected [targetSelector] or a primary service to exist" -}} + {{- end -}} + + {{- end -}} + + {{- $portData = (get $svcData.ports $portName) -}} + {{- if not $portData -}} + {{- fail (printf "Ingress - Expected targeted service [%s] to have port [%s]" $svcName $portName) -}} + {{- end -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $rootCtx "objectData" $portData + "name" $portName "caller" "Ingress" + "key" "ingress")) -}} + + {{- if ne $enabled "true" -}} + {{- fail (printf "Ingress - Expected targeted service port [%s] to be enabled" $portName) -}} + {{- end -}} + + {{- $expandedSvcName := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}} + {{- if not $svcData.primary -}} + {{- $expandedSvcName = printf "%s-%s" $expandedSvcName $svcName -}} + {{- end -}} + + {{- $protocol := default "http" -}} + {{- if eq $portData.protocol "https" -}} + {{- $protocol = "https" -}} + {{- end -}} + + {{- $selectedService = (dict "name" $expandedSvcName "port" (tpl ($portData.port | toString) $rootCtx) "protocol" $protocol) -}} + + {{- $selectedService | toYaml -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/ingress/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/ingress/_validation.tpl new file mode 100644 index 0000000..1b03836 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/ingress/_validation.tpl @@ -0,0 +1,189 @@ +{{/* Ingress Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.ingress.validation" (dict "rootCtx" $ "objectData" $objectData) -}} +objectData: + rootCtx: The root context of the chart. + objectData: The Ingress object. +*/}} + +{{- define "tc.v1.common.lib.ingress.validation" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if $objectData.targetSelector -}} + {{- if not (kindIs "map" $objectData.targetSelector) -}} + {{- fail (printf "Ingress - Expected [targetSelector] to be a [map], but got [%s]" (kindOf $objectData.targetSelector)) -}} + {{- end -}} + + {{- $selectors := $objectData.targetSelector | keys | len -}} + {{- if (gt $selectors 1) -}} + {{ fail (printf "Ingress - Expected [targetSelector] to have exactly one key, but got [%d]" $selectors) -}} + {{- end -}} + + {{- range $k, $v := $objectData.targetSelector -}} + {{- if not $v -}} + {{- fail (printf "Ingress - Expected [targetSelector.%s] to have a value" $k) -}} + {{- end -}} + + {{- if not (kindIs "string" $v) -}} + {{- fail (printf "Ingress - Expected [targetSelector.%s] to be a [string], but got [%s]" $k (kindOf $v)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if $objectData.ingressClassName -}} + {{- $icn := tpl $objectData.ingressClassName $rootCtx -}} + {{- if eq $icn "tc-stopped" -}} + {{- fail "Ingress - Expected [ingressClassName] to not be [tc-stopped], this is reserved for internal use" -}} + {{- end -}} + {{- end -}} + + {{- if not $objectData.hosts -}} + {{- fail "Ingress - Expected non-empty [hosts]" -}} + {{- end -}} + + {{- if not (kindIs "slice" $objectData.hosts) -}} + {{- fail (printf "Ingress - Expected [hosts] to be a [slice], but got [%s]" (kindOf $objectData.hosts)) -}} + {{- end -}} + + {{- range $h := $objectData.hosts -}} + {{- if not $h.host -}} + {{- fail "Ingress - Expected non-empty [hosts.host]" -}} + {{- end -}} + + {{- $host := tpl $h.host $rootCtx -}} + {{- if (hasPrefix "http://" $host) -}} + {{- fail (printf "Ingress - Expected [hosts.host] to not start with [http://], but got [%s]" $host) -}} + {{- end -}} + {{- if (hasPrefix "https://" $host) -}} + {{- fail (printf "Ingress - Expected [hosts.host] to not start with [https://], but got [%s]" $host) -}} + {{- end -}} + {{- if (contains ":" $host) -}} + {{- fail (printf "Ingress - Expected [hosts.host] to not contain [:], but got [%s]" $host) -}} + {{- end -}} + + {{- if and $h.paths (not (kindIs "slice" $h.paths)) -}} + {{- fail (printf "Ingress - Expected [hosts.paths] to be a [slice], but got [%s]" (kindOf $h.paths)) -}} + {{- end -}} + + {{- range $p := $h.paths -}} + {{- $pathType := "Prefix" -}} + {{- if $p.pathType -}} + {{- $pathType = tpl $p.pathType $rootCtx -}} + {{- end -}} + + {{- $validPathTypes := (list "Prefix" "Exact" "ImplementationSpecific") -}} + {{- if not (mustHas $pathType $validPathTypes) -}} + {{- fail (printf "Ingress - Expected [hosts.paths.pathType] to be one of [%s], but got [%s]" (join ", " $validPathTypes) $pathType) -}} + {{- end -}} + + {{- $path := tpl ($p.path | default "/") $rootCtx -}} + {{- $prefixSlashTypes := (list "Prefix" "Exact") -}} + {{- if (mustHas $pathType $prefixSlashTypes) -}} + {{- if and $path (not (hasPrefix "/" $path)) -}} + {{- fail (printf "Ingress - Expected [hosts.paths.path] to start with [/], but got [%s]" $path) -}} + {{- end -}} + {{- end -}} + + {{/* If at least one thing in overrideService is defined... */}} + {{- with $p.overrideService -}} + {{- if not .name -}} + {{- fail "Ingress - Expected non-empty [hosts.paths.overrideService.name]" -}} + {{- end -}} + {{- if not .port -}} + {{- fail "Ingress - Expected non-empty [hosts.paths.overrideService.port]" -}} + {{- end -}} + {{- end -}} + + {{- end -}} + {{- end -}} + + {{- range $t := $objectData.tls -}} + {{- if not $t.hosts -}} + {{- fail "Ingress - Expected non-empty [tls.hosts]" -}} + {{- end -}} + + {{- if not (kindIs "slice" $t.hosts) -}} + {{- fail (printf "Ingress - Expected [tls.hosts] to be a [slice], but got [%s]" (kindOf $t.hosts)) -}} + {{- end -}} + + {{- range $h := $t.hosts -}} + {{- if not $h -}} + {{- fail "Ingress - Expected non-empty entry in [tls.hosts]" -}} + {{- end -}} + + {{- $host := tpl $h $rootCtx -}} + {{- if (hasPrefix "http://" $host) -}} + {{- fail (printf "Ingress - Expected entry in [tls.hosts] to not start with [http://], but got [%s]" $host) -}} + {{- end -}} + {{- if (hasPrefix "https://" $host) -}} + {{- fail (printf "Ingress - Expected entry in [tls.hosts] to not start with [https://], but got [%s]" $host) -}} + {{- end -}} + {{- if (contains ":" $host) -}} + {{- fail (printf "Ingress - Expected entry in [tls.hosts] to not contain [:], but got [%s]" $host) -}} + {{- end -}} + {{- end -}} + + {{- $certOptions := (list "secretName" "certificateIssuer" "clusterCertificate") -}} + {{- $optsSet := list -}} + {{- range $opt := $certOptions -}} + {{- if (get $t $opt) -}} + {{- $optsSet = mustAppend $optsSet $opt -}} + {{- end -}} + {{- end -}} + + {{- if gt ($optsSet | len) 1 -}} + {{- fail (printf "Ingress - Expected only one of [%s] to be set, but got [%s]" (join ", " $certOptions) (join ", " $optsSet)) -}} + {{- end -}} + + {{- end -}} + +{{- end -}} + +{{/* Ingress Primary Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.ingress.primaryValidation" $ -}} +*/}} +{{- define "tc.v1.common.lib.ingress.primaryValidation" -}} + {{- $result := (include "tc.v1.common.lib.ingress.hasPrimary" $) | fromJson -}} + + {{/* Require at least one primary ingress, if any enabled */}} + {{- if and $result.hasEnabled (not $result.hasPrimary) -}} + {{- fail "Ingress - At least one enabled ingress must be primary" -}} + {{- end -}} + +{{- end -}} + +{{- define "tc.v1.common.lib.ingress.hasPrimary" -}} + + {{/* Initialize values */}} + {{- $hasPrimary := false -}} + {{- $hasEnabled := false -}} + + {{- range $name, $ingress := $.Values.ingress -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $ingress + "name" $name "caller" "Ingress" + "key" "ingress")) -}} + + {{/* If ingress is enabled */}} + {{- if eq $enabled "true" -}} + {{- $hasEnabled = true -}} + + {{/* And ingress is primary */}} + {{- if and (hasKey $ingress "primary") ($ingress.primary) -}} + {{/* Fail if there is already a primary ingress */}} + {{- if $hasPrimary -}} + {{- fail "Ingress - Only one ingress can be primary" -}} + {{- end -}} + + {{- $hasPrimary = true -}} + + {{- end -}} + + {{- end -}} + {{- end -}} + + {{- (dict "hasPrimary" $hasPrimary "hasEnabled" $hasEnabled) | toJson -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/_certManager.tpl b/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/_certManager.tpl new file mode 100644 index 0000000..2df0cdb --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/_certManager.tpl @@ -0,0 +1,29 @@ +{{- define "tc.v1.common.lib.ingress.integration.certManager" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $certManager := $objectData.integrations.certManager -}} + + {{- if $certManager.enabled -}} + {{- include "tc.v1.common.lib.ingress.integration.certManager.validate" (dict "objectData" $objectData) -}} + + {{- $_ := set $objectData.annotations "cert-manager.io/cluster-issuer" $certManager.certificateIssuer -}} + {{- $_ := set $objectData.annotations "cert-manager.io/private-key-rotation-policy" "Always" -}} + + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.ingress.integration.certManager.validate" -}} + {{- $objectData := .objectData -}} + + {{- $certManager := $objectData.integrations.certManager -}} + + {{- if not $certManager.certificateIssuer -}} + {{- fail "Ingress - Expected a non-empty [integrations.certManager.certificateIssuer]" -}} + {{- end -}} + + {{- if not (kindIs "string" $certManager.certificateIssuer) -}} + {{- fail (printf "Ingress - Expected [integrations.certManager.certificateIssuer] to be a [string], but got [%s]" (kindOf $certManager.certificateIssuer)) -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/_homepage.tpl b/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/_homepage.tpl new file mode 100644 index 0000000..9a400c8 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/_homepage.tpl @@ -0,0 +1,119 @@ +{{- define "tc.v1.common.lib.ingress.integration.homepage" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $homepage := $objectData.integrations.homepage -}} + {{- if and $homepage $homepage.enabled -}} + {{- if not (hasKey $homepage "widget") -}} + {{- $_ := set $objectData.integrations.homepage "widget" dict -}} + {{- end -}} + + {{- $widEnabled := true -}} + {{- if and (hasKey $homepage.widget "enabled") (kindIs "bool" $homepage.widget.enabled) -}} + {{- $widEnabled = $homepage.widget.enabled -}} + {{- end -}} + + {{- include "tc.v1.common.lib.ingress.integration.homepage.validation" (dict "objectData" $objectData) -}} + + {{- $name := $homepage.name | default ($rootCtx.Release.Name | camelcase | title) -}} + {{- $desc := $homepage.description | default $rootCtx.Chart.Description -}} + {{- $icon := $homepage.icon | default $rootCtx.Chart.Icon -}} + {{- $defaultType := $rootCtx.Chart.Name | lower -}} + {{/* Remove any non-characters from the default type */}} + {{- $defaultType = regexReplaceAll "\\W+" $defaultType "" -}} + {{- $type := $homepage.widget.type | default $defaultType -}} + {{- $url := $homepage.widget.url -}} + {{- $version := $homepage.widget.version | default 1 | toString -}} + {{- $href := $homepage.href -}} + + {{- if not $href -}} + {{- $fHost := $objectData.hosts | mustFirst -}} + {{- $fPath := $fHost.paths | mustFirst -}} + {{- $host := tpl $fHost.host $rootCtx -}} + {{- $path := tpl $fPath.path $rootCtx -}} + + {{- $href = printf "https://%s/%s" $host ($path | trimPrefix "/") -}} + {{- end -}} + + {{- if not $url -}} + {{- $svc := $objectData.selectedService.name -}} + {{- $port := $objectData.selectedService.port -}} + {{- $prot := $objectData.selectedService.protocol -}} + {{- $ns := include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Ingress") -}} + + {{- $url = printf "%s://%s.%s.svc:%s" $prot $svc $ns $port -}} + {{- end -}} + + {{- $_ := set $objectData.annotations "gethomepage.dev/enabled" "true" -}} + {{- $_ := set $objectData.annotations "gethomepage.dev/name" (tpl $name $rootCtx) -}} + {{- $_ := set $objectData.annotations "gethomepage.dev/href" (tpl $href $rootCtx) -}} + {{- $_ := set $objectData.annotations "gethomepage.dev/description" (tpl $desc $rootCtx) -}} + {{- $_ := set $objectData.annotations "gethomepage.dev/icon" (tpl $icon $rootCtx) -}} + {{- with $homepage.group -}} + {{- $_ := set $objectData.annotations "gethomepage.dev/group" (tpl . $rootCtx) -}} + {{- end -}} + + {{- with $homepage.weight -}} + {{- $_ := set $objectData.annotations "gethomepage.dev/weight" (. | toString) -}} + {{- end -}} + + {{- $selector := printf "app.kubernetes.io/instance=%s,pod.lifecycle in (permanent)" $rootCtx.Release.Name -}} + {{- with $homepage.podSelector -}} + {{- $selector = (printf "pod.name in (%s),pod.lifecycle in (permanent)" (join "," .)) -}} + {{- end -}} + {{- $_ := set $objectData.annotations "gethomepage.dev/pod-selector" $selector -}} + + {{- if $widEnabled -}} + {{- $_ := set $objectData.annotations "gethomepage.dev/widget.type" (tpl $type $rootCtx) -}} + {{- $_ := set $objectData.annotations "gethomepage.dev/widget.version" (tpl $version $rootCtx) -}} + + {{- with $url -}} + {{- $_ := set $objectData.annotations "gethomepage.dev/widget.url" (tpl $url $rootCtx) -}} + {{- end -}} + + {{- if $homepage.widget.custom -}} + {{- range $k, $v := $homepage.widget.custom -}} + {{- if $v -}} + {{- $_ := set $objectData.annotations (printf "gethomepage.dev/widget.%s" $k) (tpl $v $rootCtx | toString) -}} + {{- end -}} + {{- end -}} + {{- range $homepage.widget.customkv -}} + {{- if .value -}} + {{- $_ := set $objectData.annotations (printf "gethomepage.dev/widget.%s" .key ) (tpl .value $rootCtx | toString) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- end -}} + + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.ingress.integration.homepage.validation" -}} + {{- $objectData := .objectData -}} + + {{- $homepage := $objectData.integrations.homepage -}} + + {{- with $homepage.podSelector -}} + {{- if not (kindIs "slice" .) -}} + {{- fail (printf "Ingress - Expected [integrations.homepage.podSelector] to be a [slice], but got [%s]" (kindOf .)) -}} + {{- end -}} + {{- end -}} + + {{- if $homepage.widget.custom -}} + {{- if not (kindIs "map" $homepage.widget.custom) -}} + {{- fail (printf "Ingress - Expected [integrations.homepage.widget.custom] to be a [map], but got [%s]" (kindOf $homepage.widget.custom)) -}} + {{- end -}} + {{- end -}} + + {{- if $homepage.widget.customkv -}} + {{- if not (kindIs "slice" $homepage.widget.customkv) -}} + {{- fail (printf "Ingress - Expected [integrations.homepage.widget.customkv] to be a [slice], but got [%s]" (kindOf $homepage.widget.customkv)) -}} + {{- end -}} + {{- range $item := $homepage.widget.customkv -}} + {{- if not $item.key -}} + {{- fail "Ingress - Expected non-empty [key] in [integrations.homepage.widget.customkv]" -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/_nginx.tpl b/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/_nginx.tpl new file mode 100644 index 0000000..8c53b1b --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/_nginx.tpl @@ -0,0 +1,32 @@ +{{- define "tc.v1.common.lib.ingress.integration.nginx" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $nginx := $objectData.integrations.nginx -}} + + {{- if $nginx.enabled -}} + + {{/* ipWhiteList */}} + {{- if $nginx.ipWhitelist -}} + {{- include "tc.v1.common.lib.ingress.integration.nginx.ipWhitelist" (dict "objectData" $objectData "whiteList" $nginx.ipWhitelist) -}} + {{- end -}} + + {{/* themePark */}} + {{- if and $nginx.themePark $nginx.themePark.enabled -}} + {{- include "tc.v1.common.lib.ingress.integration.nginx.themePark" (dict "objectData" $objectData "themePark" $nginx.themePark) -}} + {{- end -}} + + {{/* Auth */}} + {{- $validAuthTypes := (list "authentik" "authelia") -}} + {{- if and $nginx.auth $nginx.auth.type -}} + {{- if eq $nginx.auth.type "authentik" -}} + {{- include "tc.v1.common.lib.ingress.integration.nginx.auth.authentik" (dict "objectData" $objectData "auth" $nginx.auth) -}} + {{- else if eq $nginx.auth.type "authelia" -}} + {{- include "tc.v1.common.lib.ingress.integration.nginx.auth.authelia" (dict "objectData" $objectData "auth" $nginx.auth) -}} + {{- else -}} + {{- fail (printf "Ingress - Expected [integrations.nginx.auth.type] to be one of [%s], but got [%s]" (join ", " $validAuthTypes) $nginx.auth.type) -}} + {{- end -}} + {{- end -}} + + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/_traefik.tpl b/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/_traefik.tpl new file mode 100644 index 0000000..41ecb6f --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/_traefik.tpl @@ -0,0 +1,112 @@ +{{- define "tc.v1.common.lib.ingress.integration.traefik" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}} + {{- $ingMiddlewares := $rootCtx.Values.ingressMiddlewares -}} + {{- if $ingMiddlewares -}} + {{- $ingMiddlewares = $ingMiddlewares.traefik | default dict -}} + {{- end -}} + + {{- $traefik := $objectData.integrations.traefik -}} + {{- $enabled := "false" -}} + {{- if and (hasKey $traefik "enabled") (kindIs "bool" $traefik.enabled) -}} + {{- $enabled = $traefik.enabled | toString -}} + {{- end -}} + + {{- if eq $enabled "true" -}} + {{- include "tc.v1.common.lib.ingress.integration.traefik.validate" (dict "objectData" $objectData) -}} + {{- $namespace := include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Traefik Integration") -}} + + {{- $entrypoints := $traefik.entrypoints | default (list "websecure") -}} + {{- $middlewares := list -}} + + {{/* Add the user, common and chart middlewares */}} + {{- if $rootCtx.Values.global.traefik.commonMiddlewares -}} + {{- $middlewares = concat $middlewares $rootCtx.Values.global.traefik.commonMiddlewares -}} + {{- end -}} + + {{- if $traefik.chartMiddlewares -}} + {{- $middlewares = concat $middlewares $traefik.chartMiddlewares -}} + {{- end -}} + + {{- if $traefik.middlewares -}} + {{- $middlewares = concat $middlewares $traefik.middlewares -}} + {{- end -}} + + {{/* Make sure we dont have dupes */}} + {{- if not (deepEqual (mustUniq $entrypoints) $entrypoints) -}} + {{- fail (printf "Ingress - Combined traefik entrypoints contain duplicates [%s]" (join ", " $entrypoints)) -}} + {{- end -}} + + {{- $formattedMiddlewares := list -}} + {{- range $mid := $middlewares -}} + {{- $midNamespace := include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $mid "caller" "Traefik Integration") -}} + + {{- $midName := $mid.name -}} + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $rootCtx "objectData" $mid + "name" $mid.name "caller" "Traefik Integration" + "key" "middlewares")) -}} + + {{/* + Note: if the middleware defined in ingressMiddlewares.traefik has expandObjectName: false, + it has to also be set to false here + */}} + {{- if eq $expandName "true" -}} + {{- if eq $namespace $midNamespace -}} + {{- if not (hasKey $ingMiddlewares $mid.name) -}} + {{- fail (printf "Ingress - Traefik Middleware [%s] is not defined under [ingressMiddlewares.traefik]" $mid.name) -}} + {{- end -}} + {{- end -}} + + {{- $midName = (printf "%s-%s" $fullname $mid.name) -}} + {{- end -}} + + {{/* Format middleware */}} + {{- $formattedMiddlewares = mustAppend $formattedMiddlewares (printf "%s-%s@kubernetescrd" $midNamespace $midName) -}} + {{- end -}} + + {{- if $formattedMiddlewares -}} + {{/* Make sure we do not have dupes */}} + {{- if not (deepEqual (mustUniq $formattedMiddlewares) $formattedMiddlewares) -}} + {{- fail (printf "Ingress - Combined traefik middlewares contain duplicates [%s]" (join ", " $formattedMiddlewares)) -}} + {{- end -}} + {{- end -}} + + {{- $_ := set $objectData.annotations "traefik.ingress.kubernetes.io/router.entrypoints" (join "," $entrypoints) -}} + {{- if $formattedMiddlewares -}} + {{- $_ := set $objectData.annotations "traefik.ingress.kubernetes.io/router.middlewares" (join "," $formattedMiddlewares) -}} + {{- end -}} + + {{- if or $traefik.forceTLS (mustHas "websecure" $entrypoints) -}} + {{- $_ := set $objectData.annotations "traefik.ingress.kubernetes.io/router.tls" "true" -}} + {{- end -}} + + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.ingress.integration.traefik.validate" -}} + {{- $objectData := .objectData -}} + + {{- $traefik := $objectData.integrations.traefik -}} + + {{- if $traefik.entrypoints -}} + {{- if not (kindIs "slice" $traefik.entrypoints) -}} + {{- fail (printf "Ingress - Expected [integrations.traefik.entrypoints] to be a [slice], but got [%s]" (kindOf $traefik.entrypoints)) -}} + {{- end -}} + {{- end -}} + + {{- if $traefik.middlewares -}} + {{- if not (kindIs "slice" $traefik.middlewares) -}} + {{- fail (printf "Ingress - Expected [integrations.traefik.middlewares] to be a [slice], but got [%s]" (kindOf $traefik.middlewares)) -}} + {{- end -}} + {{- end -}} + + {{- if $traefik.chartMiddlewares -}} + {{- if not (kindIs "slice" $traefik.chartMiddlewares) -}} + {{- fail (printf "Ingress - Expected [integrations.traefik.chartMiddlewares] to be a [slice], but got [%s]" (kindOf $traefik.chartMiddlewares)) -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/nginx/_auth.tpl b/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/nginx/_auth.tpl new file mode 100644 index 0000000..52562b9 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/nginx/_auth.tpl @@ -0,0 +1,53 @@ +{{- define "tc.v1.common.lib.ingress.integration.nginx.auth.authentik" -}} + {{- $objectData := .objectData -}} + {{- $auth := .auth -}} + + {{- if and $auth.respondHeaders (not (kindIs "slice" $auth.responseHeaders)) -}} + {{- fail (printf "Ingress - Expected [integrations.nginx.auth.responseHeaders] to be a [slice], but got [%s]" (kindOf $auth.responseHeaders)) -}} + {{- end -}} + + {{- $respHeaders := ($auth.responseHeaders | default (list + "Set-Cookie" + "X-authentik-username" + "X-authentik-groups" + "X-authentik-entitlements" + "X-authentik-email" + "X-authentik-name" + "X-authentik-uid" + )) -}} + + {{- if or (not $auth.internalHost) (not $auth.externalHost) -}} + {{- fail "Ingress - Expected [integrations.nginx.auth.internalHost] and [integrations.nginx.auth.externalHost] to be set" -}} + {{- end -}} + + {{- $_ := set $objectData.annotations "nginx.ingress.kubernetes.io/auth-method" "GET" -}} + {{- $_ := set $objectData.annotations "nginx.ingress.kubernetes.io/auth-response-headers" (join "," $respHeaders) -}} + {{- $_ := set $objectData.annotations "nginx.ingress.kubernetes.io/auth-snippet" "proxy_set_header X-Forwarded-Host $http_host;" -}} + {{- $_ := set $objectData.annotations "nginx.ingress.kubernetes.io/auth-url" (printf "http://%s/outpost.goauthentik.io/auth/nginx" $auth.internalHost) -}} + {{- $_ := set $objectData.annotations "nginx.ingress.kubernetes.io/auth-signin" (printf "https://%s/outpost.goauthentik.io/start?rd=$scheme://$http_host$escaped_request_uri" $auth.externalHost) -}} +{{- end -}} + +{{- define "tc.v1.common.lib.ingress.integration.nginx.auth.authelia" -}} + {{- $objectData := .objectData -}} + {{- $auth := .auth -}} + + {{- if and $auth.respondHeaders (not (kindIs "slice" $auth.responseHeaders)) -}} + {{- fail (printf "Ingress - Expected [integrations.nginx.auth.responseHeaders] to be a [slice], but got [%s]" (kindOf $auth.responseHeaders)) -}} + {{- end -}} + + {{- $respHeaders := ($auth.responseHeaders | default (list + "Remote-User" + "Remote-Name" + "Remote-Groups" + "Remote-Email" + )) -}} + + {{- if or (not $auth.internalHost) (not $auth.externalHost) -}} + {{- fail "Ingress - Expected [integrations.nginx.auth.internalHost] and [integrations.nginx.auth.externalHost] to be set" -}} + {{- end -}} + + {{- $_ := set $objectData.annotations "nginx.ingress.kubernetes.io/auth-method" "GET" -}} + {{- $_ := set $objectData.annotations "nginx.ingress.kubernetes.io/auth-url" (printf "http://%s/api/verify" $auth.internalHost) -}} + {{- $_ := set $objectData.annotations "nginx.ingress.kubernetes.io/auth-response-headers" (join "," $respHeaders) -}} + {{- $_ := set $objectData.annotations "nginx.ingress.kubernetes.io/auth-signin" (printf "https://%s?rm=$request_method" $auth.externalHost) -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/nginx/_ipWhiteList.tpl b/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/nginx/_ipWhiteList.tpl new file mode 100644 index 0000000..f7e958b --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/nginx/_ipWhiteList.tpl @@ -0,0 +1,12 @@ +{{- define "tc.v1.common.lib.ingress.integration.nginx.ipWhitelist" -}} + {{- $objectData := .objectData -}} + {{- $whiteList := .whiteList -}} + + {{- if not (kindIs "slice" $whiteList) -}} + {{- fail (printf "Ingress - Expected [integrations.nginx.ipWhitelist] to be a [slice], but got [%s]" (kindOf $whiteList)) -}} + {{- end -}} + + {{- if $whiteList -}} + {{- $_ := set $objectData.annotations "nginx.ingress.kubernetes.io/whitelist-source-range" (join "," $whiteList) -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/nginx/_themePark.tpl b/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/nginx/_themePark.tpl new file mode 100644 index 0000000..81e4e7f --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/ingress/integrations/nginx/_themePark.tpl @@ -0,0 +1,18 @@ +{{- define "tc.v1.common.lib.ingress.integration.nginx.themePark" -}} + {{- $objectData := .objectData -}} + {{- $theme := .themePark -}} + {{- if and $theme $theme.enabled (not (kindIs "string" $theme.css)) -}} + {{- fail (printf "Ingress - Expected [integrations.nginx.themepark.css] to be a [string], but got [%s]" (kindOf $theme.css)) -}} + {{- end -}} + + {{- $snippet := (list + "proxy_set_header Accept-Encoding \"\";" + "sub_filter" + "''" + (printf "'" $theme.css) + "';" + "sub_filter_once on;" + ) -}} + + {{- $_ := set $objectData.annotations "nginx.ingress.kubernetes.io/configuration-snippet" (join "\n" $snippet) -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/metadata/_allAnnotations.tpl b/charts/baikal/baikal/charts/common/templates/lib/metadata/_allAnnotations.tpl new file mode 100644 index 0000000..a00703f --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/metadata/_allAnnotations.tpl @@ -0,0 +1,9 @@ +{{/* Annotations that are added to all objects */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.metadata.allAnnotations" $ }} +*/}} +{{- define "tc.v1.common.lib.metadata.allAnnotations" -}} + {{/* Currently empty but can add later, if needed */}} +{{- include "tc.v1.common.lib.metadata.globalAnnotations" . }} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/metadata/_allLabels.tpl b/charts/baikal/baikal/charts/common/templates/lib/metadata/_allLabels.tpl new file mode 100644 index 0000000..3346f79 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/metadata/_allLabels.tpl @@ -0,0 +1,15 @@ +{{/* Labels that are added to all objects */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.metadata.allLabels" $ }} +*/}} +{{- define "tc.v1.common.lib.metadata.allLabels" -}} +helm.sh/chart: {{ include "tc.v1.common.lib.chart.names.chart" . }} +helm-revision: {{ .Release.Revision | quote }} +app.kubernetes.io/name: {{ include "tc.v1.common.lib.chart.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app: {{ include "tc.v1.common.lib.chart.names.chart" . }} +release: {{ .Release.Name }} +{{- include "tc.v1.common.lib.metadata.globalLabels" . }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/metadata/_globalAnnotations.tpl b/charts/baikal/baikal/charts/common/templates/lib/metadata/_globalAnnotations.tpl new file mode 100644 index 0000000..1133783 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/metadata/_globalAnnotations.tpl @@ -0,0 +1,6 @@ +{{/* Returns the global annotations */}} +{{- define "tc.v1.common.lib.metadata.globalAnnotations" -}} + + {{- include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" .Values.global.annotations) -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/metadata/_globalLabels.tpl b/charts/baikal/baikal/charts/common/templates/lib/metadata/_globalLabels.tpl new file mode 100644 index 0000000..672f522 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/metadata/_globalLabels.tpl @@ -0,0 +1,6 @@ +{{/* Returns the global labels */}} +{{- define "tc.v1.common.lib.metadata.globalLabels" -}} + + {{- include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" .Values.global.labels) -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/metadata/_namespace.tpl b/charts/baikal/baikal/charts/common/templates/lib/metadata/_namespace.tpl new file mode 100644 index 0000000..7e6a193 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/metadata/_namespace.tpl @@ -0,0 +1,26 @@ +{{- define "tc.v1.common.lib.metadata.namespace" -}} + {{- $caller := .caller -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $namespace := $rootCtx.Release.Namespace -}} + + {{- with $rootCtx.Values.global.namespace -}} + {{- $namespace = tpl . $rootCtx -}} + {{- end -}} + + {{- with $rootCtx.Values.namespace -}} + {{- $namespace = tpl . $rootCtx -}} + {{- end -}} + + {{- with $objectData.namespace -}} + {{- $namespace = tpl . $rootCtx -}} + {{- end -}} + + {{- if not (and (mustRegexMatch "^[a-z0-9]((-?[a-z0-9]-?)*[a-z0-9])?$" $namespace) (le (len $namespace) 63)) -}} + {{- fail (printf "%s - Namespace [%s] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters." $caller $namespace) -}} + {{- end -}} + + {{- $namespace -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/metadata/_podAnnotations.tpl b/charts/baikal/baikal/charts/common/templates/lib/metadata/_podAnnotations.tpl new file mode 100644 index 0000000..abe460b --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/metadata/_podAnnotations.tpl @@ -0,0 +1,15 @@ +{{/* Annotations that are added to podSpec */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.metadata.podAnnotations" $ }} +*/}} +{{- define "tc.v1.common.lib.metadata.podAnnotations" -}} +checksum/persistence: {{ toJson $.Values.persistence | sha256sum }} +checksum/services: {{ toJson $.Values.service | sha256sum }} +checksum/configmaps: {{ toJson $.Values.configmap | sha256sum }} +checksum/secrets: {{ toJson $.Values.secret | sha256sum }} +checksum/cnpg: {{ toJson $.Values.cnpg | sha256sum }} +checksum/mariadb: {{ toJson $.Values.mariadb | sha256sum }} +checksum/redis: {{ toJson $.Values.redis | sha256sum }} +checksum/solr: {{ toJson $.Values.solr | sha256sum }} +checksum/mongodb: {{ toJson $.Values.mongodb | sha256sum }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/metadata/_podLabels.tpl b/charts/baikal/baikal/charts/common/templates/lib/metadata/_podLabels.tpl new file mode 100644 index 0000000..0f6b537 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/metadata/_podLabels.tpl @@ -0,0 +1,26 @@ +{{/* Labels that are added to podSpec */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.metadata.podLabels" $ }} +*/}} +{{- define "tc.v1.common.lib.metadata.podLabels" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $type := $objectData.type -}} + + {{- $label := "" -}} + {{- $fleeting := (list "CronJob" "Job") -}} + {{- if (mustHas $type $fleeting) -}} + {{- $label = "fleeting" -}} + {{- end -}} + + {{- $permanent := (list "Deployment" "StatefulSet" "DaemonSet") -}} + {{- if (mustHas $type $permanent) -}} + {{- $label = "permanent" -}} + {{- end -}} + + {{- if not $label -}} + {{- fail "PodLabels - Template used in a place that is not designed to be used" -}} + {{- end }} +pod.lifecycle: {{ $label }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/metadata/_render.tpl b/charts/baikal/baikal/charts/common/templates/lib/metadata/_render.tpl new file mode 100644 index 0000000..9e5f3d9 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/metadata/_render.tpl @@ -0,0 +1,37 @@ +{{/* Renders a dict of labels */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) }} +{{ include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) }} +*/}} + +{{- define "tc.v1.common.lib.metadata.render" -}} + {{- $labels := .labels -}} + {{- $annotations := .annotations -}} + {{- $rootCtx := .rootCtx -}} + + {{- $seenLabels := list -}} + {{- $seenAnnotations := list -}} + + {{- with $labels -}} + {{- range $k, $v := . -}} + {{- if and $k $v -}} + {{- if not (mustHas $k $seenLabels) }} +{{ $k }}: {{ tpl $v $rootCtx | quote }} + {{- $seenLabels = mustAppend $seenLabels $k -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- with $annotations -}} + {{- range $k, $v := . -}} + {{- if and $k $v -}} + {{- if not (mustHas $k $seenAnnotations) }} +{{ $k }}: {{ tpl $v $rootCtx | quote }} + {{- $seenAnnotations = mustAppend $seenAnnotations $k -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/metadata/_selectorLabels.tpl b/charts/baikal/baikal/charts/common/templates/lib/metadata/_selectorLabels.tpl new file mode 100644 index 0000000..aaf09be --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/metadata/_selectorLabels.tpl @@ -0,0 +1,16 @@ +{{/* Labels that are used on selectors */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" $objectType "objectName" $objectName) }} +podName is the "shortName" of the pod. The one you define in the .Values.workload +*/}} +{{- define "tc.v1.common.lib.metadata.selectorLabels" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectType := .objectType -}} + {{- $objectName := .objectName }} + +{{- if and $objectType $objectName }} +{{ printf "%s.name" $objectType }}: {{ $objectName }} +{{- end }} +app.kubernetes.io/name: {{ include "tc.v1.common.lib.chart.names.name" $rootCtx }} +app.kubernetes.io/instance: {{ $rootCtx.Release.Name }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/metadata/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/metadata/_validation.tpl new file mode 100644 index 0000000..b80f374 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/metadata/_validation.tpl @@ -0,0 +1,22 @@ +{{/* Metadata Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" $caller) -}} +objectData: + labels: The labels of the configmap. + annotations: The annotations of the configmap. + data: The data of the configmap. +*/}} + +{{- define "tc.v1.common.lib.metadata.validation" -}} + {{- $objectData := .objectData -}} + {{- $caller := .caller -}} + + {{- if and $objectData.labels (not (kindIs "map" $objectData.labels)) -}} + {{- fail (printf "%s - Expected [labels] to be a dictionary, but got [%v]" $caller (kindOf $objectData.labels)) -}} + {{- end -}} + + {{- if and $objectData.annotations (not (kindIs "map" $objectData.annotations)) -}} + {{- fail (printf "%s - Expected [annotations] to be a dictionary, but got [%v]" $caller (kindOf $objectData.annotations)) -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/metadata/_volumeLabels.tpl b/charts/baikal/baikal/charts/common/templates/lib/metadata/_volumeLabels.tpl new file mode 100644 index 0000000..8a1f507 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/metadata/_volumeLabels.tpl @@ -0,0 +1,16 @@ +{{/* Labels that are added to podSpec */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.metadata.volumeLabels" $ }} +*/}} +{{- define "tc.v1.common.lib.metadata.volumeLabels" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $selectedVolumes := (include "tc.v1.common.lib.pod.volumes.selected" (dict "rootCtx" $rootCtx "objectData" $objectData)) | fromJson }} + + {{- $names := list -}} + {{- range $volume := $selectedVolumes.pvc -}} + {{- $names = mustAppend $names $volume.shortName -}} + {{- end }} + +truecharts.org/pvc: {{ $names | join "_" | quote }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_affinity.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_affinity.tpl new file mode 100644 index 0000000..6a76123 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_affinity.tpl @@ -0,0 +1,161 @@ +{{/* Returns pod affinity */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.affinity" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.affinity" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $affinity := dict -}} + + {{/* Initialize from the "global" option */}} + {{- with $rootCtx.Values.podOptions.affinity -}} + {{- $affinity = . -}} + {{- end -}} + + {{/* Override with pods option */}} + {{- with $objectData.podSpec.affinity -}} + {{- $affinity = . -}} + {{- end -}} + + {{/* If default affinity is enabled and its one of this types, then merge it with user input */}} + {{- $validTypes := (list "Deployment" "StatefulSet") -}} + {{- if and (mustHas $objectData.type $validTypes) $rootCtx.Values.podOptions.defaultAffinity }} + {{- $defaultAffinity := (include "tc.v1.common.lib.pod.defaultAffinity" (dict "rootCtx" $rootCtx "objectData" $objectData) | fromYaml) -}} + {{- $defaultAffinity = $defaultAffinity | default dict -}} + {{/* Merge user input overwriting the default */}} + {{- $affinity = mustMergeOverwrite $defaultAffinity $affinity -}} + {{- end -}} + + {{- include "tc.v1.common.lib.pod.affinity.validation" (dict "rootCtx" $rootCtx "objectData" $affinity) -}} + + {{- if $affinity.nodeAffinity }} +nodeAffinity: + {{- fail "TODO: not implemented" -}} + {{- end -}} + + {{- if $affinity.podAffinity }} +podAffinity: + {{- include "tc.v1.common.lib.pod.podAffinityOrPodAntiAffinity" (dict "rootCtx" $rootCtx "data" $affinity.podAffinity) | nindent 2 -}} + {{- end -}} + + {{- if $affinity.podAntiAffinity }} +podAntiAffinity: + {{- include "tc.v1.common.lib.pod.podAffinityOrPodAntiAffinity" (dict "rootCtx" $rootCtx "data" $affinity.podAntiAffinity) | nindent 2 -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.pod.podAffinityOrPodAntiAffinity" -}} + {{- $rootCtx := .rootCtx -}} + {{- $data := .data -}} + + {{- if $data -}} + {{- if $data.requiredDuringSchedulingIgnoredDuringExecution }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- range $term := $data.requiredDuringSchedulingIgnoredDuringExecution }} + - {{ include "tc.v1.common.lib.pod.podAffinityTerm" (dict "rootCtx" $rootCtx "data" $term) | trim | nindent 6 }} + {{- end -}} + {{- end -}} + + {{- if $data.preferredDuringSchedulingIgnoredDuringExecution }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- range $term := $data.preferredDuringSchedulingIgnoredDuringExecution }} + - weight: {{ $term.weight }} + podAffinityTerm: + {{- include "tc.v1.common.lib.pod.podAffinityTerm" (dict "rootCtx" $rootCtx "data" $term.podAffinityTerm) | nindent 10 }} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.pod.podAffinityTerm" -}} + {{- $rootCtx := .rootCtx -}} + {{- $data := .data -}} + + {{- if $data }} +topologyKey: {{ $data.topologyKey }} + + {{- if $data.matchLabelKeys }} +matchLabelKeys: + {{- range $data.matchLabelKeys }} + - {{ . }} + {{- end -}} + {{- end -}} + + {{- if $data.mismatchLabelKeys }} +mismatchLabelKeys: + {{- range $data.mismatchLabelKeys }} + - {{ . }} + {{- end -}} + {{- end -}} + + {{- if $data.namespaces }} +namespaces: + {{- range $data.namespaces }} + - {{ . }} + {{- end -}} + {{- end -}} + + {{- if $data.labelSelector }} +labelSelector: + {{- include "tc.v1.common.lib.pod.labelSelector" (dict "rootCtx" $rootCtx "data" $data.labelSelector) | nindent 2 -}} + {{- end -}} + + {{- if $data.namespaceSelector }} +namespaceSelector: + {{- include "tc.v1.common.lib.pod.labelSelector" (dict "rootCtx" $rootCtx "data" $data.namespaceSelector) | nindent 2 -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.pod.labelSelector" -}} + {{- $rootCtx := .rootCtx -}} + {{- $data := .data }} + + {{- if $data.matchExpressions -}} +matchExpressions: + {{- range $expression := $data.matchExpressions }} + - key: {{ $expression.key }} + operator: {{ $expression.operator }} + {{- if mustHas $expression.operator (list "In" "NotIn") }} + values: + {{- range $expression.values }} + - {{ . }} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- if $data.matchLabels -}} +matchLabels: + {{- range $key, $value := $data.matchLabels }} + {{ $key }}: {{ $value }} + {{- end -}} + {{- end -}} +{{- end -}} + + +{{- define "tc.v1.common.lib.pod.defaultAffinity" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $selectedVolumes := (include "tc.v1.common.lib.pod.volumes.selected" (dict "rootCtx" $rootCtx "objectData" $objectData)) | fromJson }} + + {{- $names := list -}} + {{- range $volume := $selectedVolumes.pvc -}} + {{- $names = mustAppend $names $volume.shortName -}} + {{- end }} + + {{- if $names }} +podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: kubernetes.io/hostname + labelSelector: + matchExpressions: + - key: truecharts.org/pvc + operator: In + values: + - {{ $names | join "_" }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_affinityValidation.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_affinityValidation.tpl new file mode 100644 index 0000000..6c6b5d6 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_affinityValidation.tpl @@ -0,0 +1,174 @@ +{{- define "tc.v1.common.lib.pod.affinity.validation" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if $objectData.podAffinity -}} + {{- include "tc.v1.common.lib.pod.affinity.validation.podAffinityOrPodAntiAffinity" (dict "rootCtx" $rootCtx "data" $objectData.podAffinity "key" "podAffinity") -}} + {{- end -}} + + {{- if $objectData.podAntiAffinity -}} + {{- include "tc.v1.common.lib.pod.affinity.validation.podAffinityOrPodAntiAffinity" (dict "rootCtx" $rootCtx "data" $objectData.podAntiAffinity "key" "podAntiAffinity") -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.pod.affinity.validation.podAffinityOrPodAntiAffinity" -}} + {{- $rootCtx := .rootCtx -}} + {{- $data := .data -}} + {{- $key := .key -}} + + {{- if $data -}} + {{- if and (not $data.requiredDuringSchedulingIgnoredDuringExecution) (not $data.preferredDuringSchedulingIgnoredDuringExecution) -}} + {{- fail (printf "Affinity - Expected at least one of requiredDuringSchedulingIgnoredDuringExecution or preferredDuringSchedulingIgnoredDuringExecution in [affinity.%s]" $key) -}} + {{- end -}} + + {{- if $data.requiredDuringSchedulingIgnoredDuringExecution -}} + {{- $itemData := $data.requiredDuringSchedulingIgnoredDuringExecution -}} + {{- if not (kindIs "slice" $itemData) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.requiredDuringSchedulingIgnoredDuringExecution] to be a slice but got [%s]" $key (kindOf $itemData)) -}} + {{- end -}} + + {{- range $idx, $item := $itemData -}} + {{- include "tc.v1.common.lib.pod.affinity.validation.podAffinityTerm" (dict "rootCtx" $rootCtx "data" $item "key" (printf "%s.requiredDuringSchedulingIgnoredDuringExecution.%d" $key $idx)) -}} + {{- end -}} + {{- end -}} + + {{- if $data.preferredDuringSchedulingIgnoredDuringExecution -}} + {{- $itemData := $data.preferredDuringSchedulingIgnoredDuringExecution -}} + + {{- if not (kindIs "slice" $itemData) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.preferredDuringSchedulingIgnoredDuringExecution] to be a slice but got [%s]" $key (kindOf $itemData)) -}} + {{- end -}} + + {{- range $idx, $item := $itemData -}} + {{- if not (mustHas (kindOf $item.weight) (list "int" "int64" "float64")) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.preferredDuringSchedulingIgnoredDuringExecution.%d.weight] to be a number but got [%s]" $key $idx (kindOf $item.weight)) -}} + {{- end -}} + + {{- if or (gt ($item.weight | int) 100) (lt ($item.weight | int) 0) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.preferredDuringSchedulingIgnoredDuringExecution.%d.weight] to be between 0 and 100 but got [%d]" $key $idx ($item.weight | int)) -}} + {{- end -}} + + {{- if not $item.podAffinityTerm -}} + {{- fail (printf "Affinity - Expected [affinity.%s.preferredDuringSchedulingIgnoredDuringExecution.%d.podAffinityTerm] to be defined" $key $idx) -}} + {{- end -}} + + {{- include "tc.v1.common.lib.pod.affinity.validation.podAffinityTerm" (dict "rootCtx" $rootCtx "data" $item.podAffinityTerm "key" (printf "%s.preferredDuringSchedulingIgnoredDuringExecution.%d.podAffinityTerm" $key $idx)) -}} + {{- end -}} + {{- end -}} + + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.pod.affinity.validation.podAffinityTerm" -}} + {{- $rootCtx := .rootCtx -}} + {{- $data := .data -}} + {{- $key := .key -}} + + {{- if not (kindIs "string" $data.topologyKey) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.topologyKey] to be a string but got [%s]" $key (kindOf $data.topologyKey)) -}} + {{- end -}} + + {{- if $data.matchLabelKeys -}} + {{- if not (kindIs "slice" $data.matchLabelKeys) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.matchLabelKeys] to be a slice but got [%s]" $key (kindOf $data.matchLabelKeys)) -}} + {{- end -}} + + {{- range $idx, $value := $data.matchLabelKeys -}} + {{- if not (kindIs "string" $value) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.matchLabelKeys.%d] to be a string but got [%s]" $key $idx (kindOf $value)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if $data.mismatchLabelKeys -}} + {{- if not (kindIs "slice" $data.mismatchLabelKeys) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.mismatchLabelKeys] to be a slice but got [%s]" $key (kindOf $data.mismatchLabelKeys)) -}} + {{- end -}} + + {{- range $idx, $value := $data.mismatchLabelKeys -}} + {{- if not (kindIs "string" $value) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.mismatchLabelKeys.%d] to be a string but got [%s]" $key $idx (kindOf $value)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if $data.namespaces -}} + {{- if not (kindIs "slice" $data.namespaces) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.namespaces] to be a slice but got [%s]" $key (kindOf $data.namespaces)) -}} + {{- end -}} + + {{- range $idx, $value := $data.namespaces -}} + {{- if not (kindIs "string" $value) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.namespaces.%d] to be a string but got [%s]" $key $idx (kindOf $value)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if $data.labelSelector -}} + {{- include "tc.v1.common.lib.pod.affinity.validation.labelSelector" (dict "rootCtx" $rootCtx "key" (printf "%s.labelSelector" $key) "data" $data.labelSelector) -}} + {{- end -}} + + {{- if $data.namespaceSelector -}} + {{- include "tc.v1.common.lib.pod.affinity.validation.labelSelector" (dict "rootCtx" $rootCtx "key" (printf "%s.namespaceSelector" $key) "data" $data.namespaceSelector) -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.pod.affinity.validation.labelSelector" -}} + {{- $rootCtx := .rootCtx -}} + {{- $key := .key -}} + {{- $data := .data -}} + + {{- if not (kindIs "map" $data) -}} + {{- fail (printf "Affinity - Expected [affinity.%s] to be a map but got [%s]" $key (kindOf $data)) -}} + {{- end -}} + + {{- if $data.matchLabels -}} + {{- if not (kindIs "map" $data.matchLabels) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.matchLabels] to be a map but got [%s]" $key (kindOf $data.matchLabels)) -}} + {{- end -}} + + {{- range $key, $value := $data.matchLabels -}} + {{- if not (kindIs "string" $value) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.matchLabels.%s] to be a string but got [%s]" $key $key (kindOf $value)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if $data.matchExpressions }} + {{- if not (kindIs "slice" $data.matchExpressions) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.matchExpressions] to be a slice but got [%s]" $key (kindOf $data.matchExpressions)) -}} + {{- end -}} + + {{- $validOperators := list "In" "NotIn" "Exists" "DoesNotExist" -}} + {{- range $idx, $exp := $data.matchExpressions -}} + {{- if not (kindIs "map" $exp) -}} + {{- fail (printf "Affinity - Expected item of [affinity.%s.matchExpressions.%d] to be a map but got [%s]" $key $idx (kindOf $exp)) -}} + {{- end -}} + + {{- if not (mustHas $exp.operator $validOperators) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.matchExpressions.%d.operator] to be one of [%s] but got [%s]" $key $idx (join ", " $validOperators) $exp.operator) -}} + {{- end -}} + + {{- if not (kindIs "string" $exp.key) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.matchExpressions.%d.key] to be a string but got [%s]" $key $idx (kindOf $exp.key)) -}} + {{- end -}} + + {{- if and (mustHas $exp.operator (list "In" "NotIn")) (not (kindIs "slice" $exp.values)) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.matchExpressions.%d.values] to be a slice but got [%s]" $key $idx (kindOf $exp.values)) -}} + {{- end -}} + + {{- if and (mustHas $exp.operator (list "Exists" "DoesNotExist")) $exp.values -}} + {{- fail (printf "Affinity - Expected [affinity.%s.matchExpressions.%d.values] to be empty when operator is Exists or DoesNotExist but got [%v]" $key $idx ($exp.values)) -}} + {{- else if not $exp.values -}} + {{- fail (printf "Affinity - Expected [affinity.%s.matchExpressions.%d.values] to be defined when operator is In or NotIn but got [%s]" $key $idx (kindOf $exp.values)) -}} + {{- end -}} + + {{- range $vIdx, $value := $exp.values -}} + {{- if not (kindIs "string" $value) -}} + {{- fail (printf "Affinity - Expected [affinity.%s.matchExpressions.%d.values.%d] to be a string but got [%s]" $key $idx $vIdx (kindOf $value)) -}} + {{- end -}} + {{- end -}} + + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_autoMountServiceAccountToken.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_autoMountServiceAccountToken.tpl new file mode 100644 index 0000000..f6cc5ff --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_autoMountServiceAccountToken.tpl @@ -0,0 +1,24 @@ +{{/* Returns automountServiceAccountToken */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.automountServiceAccountToken" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.automountServiceAccountToken" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $automount := false -}} + + {{/* Initialize from the "global" option */}} + {{- if (kindIs "bool" $rootCtx.Values.podOptions.automountServiceAccountToken) -}} + {{- $automount = $rootCtx.Values.podOptions.automountServiceAccountToken -}} + {{- end -}} + + {{/* Override with pod's option */}} + {{- if (kindIs "bool" $objectData.podSpec.automountServiceAccountToken) -}} + {{- $automount = $objectData.podSpec.automountServiceAccountToken -}} + {{- end -}} + + {{- $automount -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_container.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_container.tpl new file mode 100644 index 0000000..90f51fa --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_container.tpl @@ -0,0 +1,62 @@ +{{/* Returns Container */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.container" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.container" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $imageObj := fromJson (include "tc.v1.common.lib.container.imageSelector" (dict "rootCtx" $rootCtx "objectData" $objectData)) -}} + {{- $termination := fromJson (include "tc.v1.common.lib.container.termination" (dict "rootCtx" $rootCtx "objectData" $objectData)) }} +- name: {{ $objectData.name }} + image: {{ printf "%s:%s" $imageObj.repository $imageObj.tag }} + imagePullPolicy: {{ $imageObj.pullPolicy }} + tty: {{ $objectData.tty | default false }} + stdin: {{ $objectData.stdin | default false }} + {{- with (include "tc.v1.common.lib.container.command" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} + command: + {{- . | nindent 4 }} + {{- end -}} + {{- with (include "tc.v1.common.lib.container.args" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} + args: + {{- . | nindent 4 }} + {{- end -}} + {{- with $termination.messagePath }} + terminationMessagePath: {{ . }} + {{- end -}} + {{- with $termination.messagePolicy }} + terminationMessagePolicy: {{ . }} + {{- end -}} + {{- with (include "tc.v1.common.lib.container.lifecycle" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} + lifecycle: + {{- . | nindent 4 }} + {{- end -}} + {{- with (include "tc.v1.common.lib.container.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} + ports: + {{- . | nindent 4 }} + {{- end -}} + {{- with (include "tc.v1.common.lib.container.volumeMount" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} + volumeMounts: + {{- . | nindent 4 }} + {{- end -}} + {{- include "tc.v1.common.lib.container.probes" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}} + {{- with (include "tc.v1.common.lib.container.resources" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} + resources: + {{- . | nindent 4 }} + {{- end }} + securityContext: + {{- include "tc.v1.common.lib.container.securityContext" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 4 }} + {{- /* Create a dict for storing env's so it can be checked for dupes */ -}} + {{- $_ := set $objectData "envDupe" dict -}} + {{- with (include "tc.v1.common.lib.container.envFrom" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} + envFrom: + {{- . | nindent 4 }} + {{- end }} + env: + {{- include "tc.v1.common.lib.container.fixedEnv" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 4 -}} + {{- include "tc.v1.common.lib.container.env" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 4 -}} + {{- include "tc.v1.common.lib.container.envList" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 4 -}} + {{- $_ := unset $objectData "envDupe" -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_containerSpawner.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_containerSpawner.tpl new file mode 100644 index 0000000..a1108ea --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_containerSpawner.tpl @@ -0,0 +1,36 @@ +{{/* Containers */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.containerSpawner" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.containerSpawner" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- include "tc.v1.common.lib.container.primaryValidation" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} + + {{- range $containerName, $containerValues := $objectData.podSpec.containers -}} + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $rootCtx "objectData" $containerValues + "name" $containerName "caller" "Container" + "key" "containers")) -}} + + {{- if eq $enabled "true" -}} + {{- $container := (mustDeepCopy $containerValues) -}} + {{- $name := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}} + {{- if not $container.primary -}} + {{- $name = printf "%s-%s" $name $containerName -}} + {{- end -}} + + {{- $_ := set $container "name" $name -}} + {{- $_ := set $container "shortName" $containerName -}} + {{- $_ := set $container "podShortName" $objectData.shortName -}} + {{- $_ := set $container "podPrimary" $objectData.primary -}} + {{- $_ := set $container "podType" $objectData.type -}} + {{/* Created from the pod.securityContext, used by fixedEnv */}} + {{- $_ := set $container "calculatedFSGroup" $objectData.podSpec.calculatedFSGroup -}} + {{- include "tc.v1.common.lib.pod.container" (dict "rootCtx" $rootCtx "objectData" $container) | trim | nindent 0 -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_dns.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_dns.tpl new file mode 100644 index 0000000..1f4ccfa --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_dns.tpl @@ -0,0 +1,90 @@ +{{/* Returns DNS Policy and Config */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.dns" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.dns" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $policy := "ClusterFirst" -}} + {{- $config := dict -}} + + {{/* Initialize from the "global" option */}} + {{- with $rootCtx.Values.podOptions.dnsPolicy -}} + {{- $policy = . -}} + {{- end -}} + + {{- with $rootCtx.Values.podOptions.dnsConfig -}} + {{- $config = . -}} + {{- end -}} + + {{/* Override with pod's option */}} + {{- with $objectData.podSpec.dnsPolicy -}} + {{- $policy = . -}} + {{- end -}} + + {{- with $objectData.podSpec.dnsConfig -}} + {{- $config = . -}} + {{- end -}} + + {{/* Expand policy */}} + {{- $policy = (tpl $policy $rootCtx) -}} + + {{/* If hostNetwork is enabled, then use ClusterFirstWithHostNet */}} + {{- $hostNet := include "tc.v1.common.lib.pod.hostNetwork" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} + {{- if or (and (kindIs "string" $hostNet) (eq $hostNet "true")) (and (kindIs "bool" $hostNet) $hostNet) -}} + {{- $policy = "ClusterFirstWithHostNet" -}} + {{- end -}} + + {{- $policies := (list "ClusterFirst" "ClusterFirstWithHostNet" "Default" "None") -}} + {{- if not (mustHas $policy $policies) -}} + {{- fail (printf "Expected [dnsPolicy] to be one of [%s], but got [%s]" (join ", " $policies) $policy) -}} + {{- end -}} + + {{/* When policy is set to None all keys are required */}} + {{- if eq $policy "None" -}} + + {{- range $key := (list "nameservers" "searches" "options") -}} + {{- if not (get $config $key) -}} + {{- fail (printf "Expected non-empty [dnsConfig.%s] with [dnsPolicy] set to [None]." $key) -}} + {{- end -}} + {{- end -}} + + {{- end }} +dnsPolicy: {{ $policy }} + {{- if or $config.nameservers $config.options $config.searches }} +dnsConfig: + {{- with $config.nameservers -}} + {{- if gt (len .) 3 -}} + {{- fail (printf "Expected no more than [3] [dnsConfig.nameservers], but got [%v]" (len .)) -}} + {{- end }} + nameservers: + {{- range . }} + - {{ tpl . $rootCtx }} + {{- end -}} + {{- end -}} + + {{- with $config.searches -}} + {{- if gt (len .) 6 -}} + {{- fail (printf "Expected no more than [6] [dnsConfig.searches], but got [%v]" (len .)) -}} + {{- end }} + searches: + {{- range . }} + - {{ tpl . $rootCtx }} + {{- end -}} + {{- end -}} + + {{- with $config.options }} + options: + {{- range . }} + - name: {{ tpl .name $rootCtx }} + {{- with .value }} + value: {{ tpl . $rootCtx | quote }} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_enableServiceLinks.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_enableServiceLinks.tpl new file mode 100644 index 0000000..4d4864e --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_enableServiceLinks.tpl @@ -0,0 +1,24 @@ +{{/* Returns enableServiceLinks */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.enableServiceLinks" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.enableServiceLinks" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $enableServiceLinks := false -}} + + {{/* Initialize from the "global" option */}} + {{- if (kindIs "bool" $rootCtx.Values.podOptions.enableServiceLinks) -}} + {{- $enableServiceLinks = $rootCtx.Values.podOptions.enableServiceLinks -}} + {{- end -}} + + {{/* Override with pod's option */}} + {{- if (kindIs "bool" $objectData.podSpec.enableServiceLinks) -}} + {{- $enableServiceLinks = $objectData.podSpec.enableServiceLinks -}} + {{- end -}} + + {{- $enableServiceLinks -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_hostAliases.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_hostAliases.tpl new file mode 100644 index 0000000..0b4a541 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_hostAliases.tpl @@ -0,0 +1,37 @@ +{{/* Returns Host Aliases */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.hostAliases" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.hostAliases" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $aliases := list -}} + + {{/* Initialize from the "global" option */}} + {{- with $rootCtx.Values.podOptions.hostAliases -}} + {{- $aliases = . -}} + {{- end -}} + + {{/* Override with pod's option */}} + {{- with $objectData.podSpec.hostAliases -}} + {{- $aliases = . -}} + {{- end -}} + + {{- range $aliases -}} + {{- if not .ip -}} + {{- fail (printf "Expected non-empty [ip] value on [hostAliases].") -}} + {{- end -}} + + {{- if not .hostnames -}} + {{- fail (printf "Expected non-empty [hostames] list on [hostAliases].") -}} + {{- end }} +- ip: {{ tpl .ip $rootCtx }} + hostnames: + {{- range .hostnames }} + - {{ tpl . $rootCtx }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_hostIPC.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_hostIPC.tpl new file mode 100644 index 0000000..3065d23 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_hostIPC.tpl @@ -0,0 +1,24 @@ +{{/* Returns Host IPC */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.hostIPC" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.hostIPC" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $hostIPC := false -}} + + {{/* Initialize from the "global" option */}} + {{- if (kindIs "bool" $rootCtx.Values.podOptions.hostIPC) -}} + {{- $hostIPC = $rootCtx.Values.podOptions.hostIPC -}} + {{- end -}} + + {{/* Override with pods option */}} + {{- if (kindIs "bool" $objectData.podSpec.hostIPC) -}} + {{- $hostIPC = $objectData.podSpec.hostIPC -}} + {{- end -}} + + {{- $hostIPC -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_hostNetwork.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_hostNetwork.tpl new file mode 100644 index 0000000..1159c64 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_hostNetwork.tpl @@ -0,0 +1,24 @@ +{{/* Returns Host Network */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.hostNetwork" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.hostNetwork" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $hostNet := false -}} + + {{/* Initialize from the "global" option */}} + {{- if (kindIs "bool" $rootCtx.Values.podOptions.hostNetwork) -}} + {{- $hostNet = $rootCtx.Values.podOptions.hostNetwork -}} + {{- end -}} + + {{/* Override with pod's option */}} + {{- if (kindIs "bool" $objectData.podSpec.hostNetwork) -}} + {{- $hostNet = $objectData.podSpec.hostNetwork -}} + {{- end -}} + + {{- $hostNet -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_hostPID.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_hostPID.tpl new file mode 100644 index 0000000..5859ec2 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_hostPID.tpl @@ -0,0 +1,24 @@ +{{/* Returns Host PID */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.hostPID" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.hostPID" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $hostPID := false -}} + + {{/* Initialize from the "global" option */}} + {{- if (kindIs "bool" $rootCtx.Values.podOptions.hostPID) -}} + {{- $hostPID = $rootCtx.Values.podOptions.hostPID -}} + {{- end -}} + + {{/* Override with pods option */}} + {{- if (kindIs "bool" $objectData.podSpec.hostPID) -}} + {{- $hostPID = $objectData.podSpec.hostPID -}} + {{- end -}} + + {{- $hostPID -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_hostUsers.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_hostUsers.tpl new file mode 100644 index 0000000..b6e85ea --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_hostUsers.tpl @@ -0,0 +1,28 @@ +{{/* Returns Host Users */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.hostPID" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.hostUsers" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $hostUsers := false -}} + + {{- if $objectData.podSpec.calculatedHostUsers -}} + {{- $hostUsers = true -}} + {{- end -}} + + {{/* Override from the "global" option */}} + {{- if (kindIs "bool" $rootCtx.Values.podOptions.hostUsers) -}} + {{- $hostUsers = $rootCtx.Values.podOptions.hostUsers -}} + {{- end -}} + + {{/* Override with pods option */}} + {{- if (kindIs "bool" $objectData.podSpec.hostUsers) -}} + {{- $hostUsers = $objectData.podSpec.hostUsers -}} + {{- end -}} + + {{- $hostUsers -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_hostname.tpl.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_hostname.tpl.tpl new file mode 100644 index 0000000..f68769d --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_hostname.tpl.tpl @@ -0,0 +1,22 @@ +{{/* Returns Host Name */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.hostname" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.hostname" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $hostname := "" -}} + + {{- with $objectData.podSpec.hostname -}} + {{- $hostname = tpl . $rootCtx -}} + {{- end -}} + + {{- if $hostname -}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $hostname) -}} + {{- end -}} + + {{- $hostname -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_imagePullSecret.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_imagePullSecret.tpl new file mode 100644 index 0000000..87b4c0f --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_imagePullSecret.tpl @@ -0,0 +1,42 @@ +{{/* Returns Image Pull Secret List */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.imagePullSecret" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.imagePullSecret" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $imgPullSecrets := list -}} + + {{- range $name, $imgPull := $rootCtx.Values.imagePullSecret -}} + {{- $pullName := (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $name) -}} + + {{- if $imgPull.existingSecret -}} + {{- $pullName = $imgPull.existingSecret -}} + {{- end -}} + + {{- if $imgPull.enabled -}} + {{/* If targetSelectAll is true */}} + {{- if $imgPull.targetSelectAll -}} + {{- $imgPullSecrets = mustAppend $imgPullSecrets $pullName -}} + + {{/* Else if targetSelector is a list */}} + {{- else if (kindIs "slice" $imgPull.targetSelector) -}} + {{- if (mustHas $objectData.shortName $imgPull.targetSelector) -}} + {{- $imgPullSecrets = mustAppend $imgPullSecrets $pullName -}} + {{- end -}} + + {{/* If not targetSelectAll or targetSelector, but is the primary pod */}} + {{- else if $objectData.primary -}} + {{- $imgPullSecrets = mustAppend $imgPullSecrets $pullName -}} + {{- end -}} + + {{- end -}} + {{- end -}} + + {{- range $imgPullSecrets }} +- name: {{ . }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_initContainerSpawner.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_initContainerSpawner.tpl new file mode 100644 index 0000000..7aa581b --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_initContainerSpawner.tpl @@ -0,0 +1,83 @@ +{{/* Init Containers */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.initContainerSpawner" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.initContainerSpawner" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $initContainers := (dict "system" list + "init" list + "install" list + "upgrade" list) -}} + + {{- $types := (list "system" "init" "install" "upgrade") -}} + + {{- $mergedContainers := $objectData.podSpec.initContainers -}} + + {{- range $containerName, $containerValues := $mergedContainers -}} + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $rootCtx "objectData" $containerValues + "name" $containerName "caller" "Init Container" + "key" "initContainers")) -}} + + {{- if eq $enabled "true" -}} + + {{- if not ($containerValues.type) -}} + {{- fail "InitContainer - Expected non-empty [type]" -}} + {{- end -}} + + {{- $containerType := tpl $containerValues.type $rootCtx -}} + {{- if not (mustHas $containerType $types) -}} + {{- fail (printf "InitContainer - Expected [type] to be one of [%s], but got [%s]" (join ", " $types) $containerType) -}} + {{- end -}} + + {{- $container := (mustDeepCopy $containerValues) -}} + {{- $name := printf "%s-%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $containerType $containerName -}} + + {{- $_ := set $container "name" $name -}} + {{- $_ := set $container "shortName" $containerName -}} + {{- $_ := set $container "podShortName" $objectData.shortName -}} + {{- $_ := set $container "podPrimary" $objectData.primary -}} + {{- $_ := set $container "podType" $objectData.type -}} + + {{/* Remove keys that do not apply on init containers */}} + {{- $_ := set $container "lifecycle" dict -}} + {{- $_ := set $container "probes" dict -}} + {{/* Template expects probes dict defined even if enabled */}} + {{- $_ := set $container.probes "liveness" (dict "enabled" false) -}} + {{- $_ := set $container.probes "readiness" (dict "enabled" false) -}} + {{- $_ := set $container.probes "startup" (dict "enabled" false) -}} + + {{/* Created from the pod.securityContext, used by fixedEnv */}} + {{- $_ := set $container "calculatedFSGroup" $objectData.podSpec.calculatedFSGroup -}} + + {{/* Append to list of containers based on type */}} + {{- $tempContainers := (get $initContainers $containerType) -}} + {{- $_ := set $initContainers $containerType (mustAppend $tempContainers $container) -}} + {{- end -}} + {{- end -}} + + {{- if $rootCtx.Release.IsInstall -}} + {{- range $container := (get $initContainers "install") -}} + {{- include "tc.v1.common.lib.pod.container" (dict "rootCtx" $rootCtx "objectData" $container) -}} + {{- end -}} + {{- end -}} + + {{- if $rootCtx.Release.IsUpgrade -}} + {{- range $container := (get $initContainers "upgrade") -}} + {{- include "tc.v1.common.lib.pod.container" (dict "rootCtx" $rootCtx "objectData" $container) -}} + {{- end -}} + {{- end -}} + + {{- range $container := (get $initContainers "system") -}} + {{- include "tc.v1.common.lib.pod.container" (dict "rootCtx" $rootCtx "objectData" $container) -}} + {{- end -}} + + {{- range $container := (get $initContainers "init") -}} + {{- include "tc.v1.common.lib.pod.container" (dict "rootCtx" $rootCtx "objectData" $container) -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_nodeSelector.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_nodeSelector.tpl new file mode 100644 index 0000000..b0b4b95 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_nodeSelector.tpl @@ -0,0 +1,33 @@ +{{/* Returns Node Selector */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.nodeSelector" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.nodeSelector" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $selectors := dict -}} + + {{/* Initialize from the "global" option */}} + {{- with $rootCtx.Values.podOptions.nodeSelector -}} + {{- $selectors = . -}} + {{- end -}} + + {{/* Override with pods option */}} + {{- with $objectData.podSpec.nodeSelector -}} + {{- $selectors = . -}} + {{- end -}} + + {{- if and (include "tc.v1.common.lib.util.stopAll" $rootCtx) (eq $objectData.type "DaemonSet") }} +"non-existing": "true" + {{ else }} + {{- range $k, $v := $selectors -}} + {{- if not $v -}} + {{- else }} +{{ $k }}: {{ tpl $v $rootCtx | quote }} + {{- end -}} + {{- end -}} + {{ end }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_podSecurityContext.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_podSecurityContext.tpl new file mode 100644 index 0000000..878c2f4 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_podSecurityContext.tpl @@ -0,0 +1,145 @@ +{{/* Returns Pod Security Context */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.securityContext" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.securityContext" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if not $rootCtx.Values.securityContext.pod -}} + {{- fail "Pod - Expected non-empty [securityContext.pod]" -}} + {{- end -}} + + {{/* Initialize from the "global" option */}} + {{- $secContext := mustDeepCopy $rootCtx.Values.securityContext.pod -}} + + {{/* Override with pods option */}} + {{- with $objectData.podSpec.securityContext -}} + {{- $secContext = mustMergeOverwrite $secContext . -}} + {{- end -}} + + {{- $gpu := (include "tc.v1.common.lib.pod.resources.hasGPU" (dict "rootCtx" $rootCtx "objectData" $objectData)) -}} + + {{- $deviceGroups := (list 5 10 20 24) -}} + {{- $deviceAdded := false -}} + {{- $hostUsers := false -}} + {{- $hostUserPersistence := (list "configmap" "secret" "emptyDir" "downwardAPI" "projected") -}} + + {{- range $persistenceName, $persistenceValues := $rootCtx.Values.persistence -}} + {{- $podSelected := false -}} + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $rootCtx "objectData" $persistenceValues + "name" $persistenceName "caller" "Pod Security Context" + "key" "persistence")) -}} + {{- if (eq $enabled "true") -}} + {{- if $persistenceValues.targetSelectAll -}} + {{- $podSelected = true -}} + {{- else if and $persistenceValues.targetSelector (kindIs "map" $persistenceValues.targetSelector) -}} + {{- if mustHas $objectData.shortName ($persistenceValues.targetSelector | keys) -}} + {{- $podSelected = true -}} + {{- end -}} + {{- else if $objectData.primary -}} + {{- $podSelected = true -}} + {{- end -}} + {{- end -}} + + {{- if $podSelected -}} + {{- if eq $persistenceValues.type "device" -}} + {{- $deviceAdded = true -}} + {{- end -}} + + {{- if not (mustHas $persistenceValues.type $hostUserPersistence) -}} + {{- $hostUsers = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{/* Make sure no host "things" are used */}} + {{- $hostNet := (eq (include "tc.v1.common.lib.pod.hostNetwork" (dict "rootCtx" $rootCtx "objectData" $objectData)) "true") -}} + {{- $hostPID := (eq (include "tc.v1.common.lib.pod.hostPID" (dict "rootCtx" $rootCtx "objectData" $objectData)) "true") -}} + {{- $hostIPC := (eq (include "tc.v1.common.lib.pod.hostIPC" (dict "rootCtx" $rootCtx "objectData" $objectData)) "true") -}} + {{- if or $hostIPC $hostNet $hostPID -}} + {{- $hostUsers = true -}} + {{- end }} + + {{- range $containerName, $containerValues := $objectData.podSpec.containers -}} + {{- $secContContainer := fromJson (include "tc.v1.common.lib.container.securityContext.calculate" (dict "rootCtx" $rootCtx "objectData" $containerValues)) }} + {{- if or $secContContainer.allowPrivilegeEscalation $secContContainer.privileged $secContContainer.capabilities.add + (not $secContContainer.readOnlyRootFilesystem) (not $secContContainer.runAsNonRoot) + (lt ($secContContainer.runAsUser | int) 1) (lt ($secContContainer.runAsGroup | int) 1) -}} + {{- $hostUsers = true -}} + {{- end -}} + {{- end -}} + + {{- if eq $gpu "true" -}} + {{- $_ := set $secContext "supplementalGroups" (concat $secContext.supplementalGroups (list 44 107)) -}} + {{- $hostUsers = true -}} + {{- end -}} + + {{- if $deviceAdded -}} + {{- $_ := set $secContext "supplementalGroups" (concat $secContext.supplementalGroups $deviceGroups) -}} + {{- $hostUsers = true -}} + {{- end -}} + + {{- $_ := set $secContext "supplementalGroups" (concat $secContext.supplementalGroups (list 568)) -}} + + {{- if not (deepEqual $secContext.supplementalGroups (mustUniq $secContext.supplementalGroups)) -}} + {{- fail (printf "Pod - Expected [supplementalGroups] to have only unique values, but got [%s]" (join ", " $secContext.supplementalGroups)) -}} + {{- end -}} + + {{- $portRange := fromJson (include "tc.v1.common.lib.helpers.securityContext.getPortRange" (dict "rootCtx" $rootCtx "objectData" $objectData)) -}} + {{/* If a container wants to bind a port <= 1024 change the unprivileged_port_start */}} + {{- if and $portRange.low (le (int $portRange.low) 1024) -}} + {{/* That sysctl is not supported when hostNet is enabled */}} + {{- if ne (include "tc.v1.common.lib.pod.hostNetwork" (dict "rootCtx" $rootCtx "objectData" $objectData)) "true" -}} + {{- $_ := set $secContext "sysctls" (mustAppend $secContext.sysctls (dict "name" "net.ipv4.ip_unprivileged_port_start" "value" (printf "%v" $portRange.low))) -}} + {{- end -}} + {{- end -}} + + {{- if or (kindIs "invalid" $secContext.fsGroup) (eq (toString $secContext.fsGroup) "") -}} + {{- fail "Pod - Expected non-empty [fsGroup]" -}} + {{- end -}} + + {{/* Used by the fixedEnv template */}} + {{- $_ := set $objectData.podSpec "calculatedFSGroup" $secContext.fsGroup -}} + + {{- if not $secContext.fsGroupChangePolicy -}} + {{- fail "Pod - Expected non-empty [fsGroupChangePolicy]" -}} + {{- end -}} + + {{- $policies := (list "Always" "OnRootMismatch") -}} + {{- if not (mustHas $secContext.fsGroupChangePolicy $policies) -}} + {{- fail (printf "Pod - Expected [fsGroupChangePolicy] to be one of [%s], but got [%s]" (join ", " $policies) $secContext.fsGroupChangePolicy) -}} + {{- end }} +fsGroup: {{ include "tc.v1.common.helper.makeIntOrNoop" $secContext.fsGroup }} +fsGroupChangePolicy: {{ $secContext.fsGroupChangePolicy }} + {{- with $secContext.supplementalGroups }} +supplementalGroups: + {{- range . }} + - {{ include "tc.v1.common.helper.makeIntOrNoop" . }} + {{- end -}} + {{- else }} +supplementalGroups: [] + {{- end -}} + {{- with $secContext.sysctls }} +sysctls: + {{- $hostUsers = true -}} + {{- range . }} + {{- if not .name -}} + {{- fail "Pod - Expected non-empty [name] in [sysctls]" -}} + {{- end -}} + {{- if not .value -}} + {{- fail "Pod - Expected non-empty [value] in [sysctls]" -}} + {{- end }} + - name: {{ tpl .name $rootCtx | quote }} + value: {{ tpl .value $rootCtx | quote }} + {{- end -}} + {{- else }} +sysctls: [] + {{- end -}} + + {{/* Used by _hostUsers.tpl */}} + {{- $_ := set $objectData.podSpec "calculatedHostUsers" $hostUsers -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_priorityClassName.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_priorityClassName.tpl new file mode 100644 index 0000000..aaf15ac --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_priorityClassName.tpl @@ -0,0 +1,24 @@ +{{/* Returns Priority Class Name */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.priorityClassName" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.priorityClassName" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $className := "" -}} + + {{/* Initialize from the "global" option */}} + {{- with $rootCtx.Values.podOptions.priorityClassName -}} + {{- $className = tpl . $rootCtx -}} + {{- end -}} + + {{/* Override with pod's option */}} + {{- with $objectData.podSpec.priorityClassName -}} + {{- $className = tpl . $rootCtx -}} + {{- end -}} + + {{- $className -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_restartPolicy.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_restartPolicy.tpl new file mode 100644 index 0000000..388a560 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_restartPolicy.tpl @@ -0,0 +1,44 @@ +{{/* Returns Restart Policy */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.restartPolicy" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.restartPolicy" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $policy := "Always" -}} + + {{- $jobTypes := (list "Job" "CronJob") -}} + {{- if mustHas $objectData.type $jobTypes -}} + {{- $policy = "OnFailure" -}} + {{- end -}} + + {{/* Initialize from the "defaults" */}} + {{- with $rootCtx.Values.podOptions.restartPolicy -}} + {{- $policy = tpl . $rootCtx -}} + {{- end -}} + + {{/* Override from the pod values, if defined */}} + {{- with $objectData.podSpec.restartPolicy -}} + {{- $policy = tpl . $rootCtx -}} + {{- end -}} + + {{- $policies := (list "Never" "Always" "OnFailure") -}} + {{- if not (mustHas $policy $policies) -}} + {{- fail (printf "Expected [restartPolicy] to be one of [%s] but got [%s]" (join ", " $policies) $policy) -}} + {{- end -}} + + {{- $types := (list "Deployment" "DaemonSet" "StatefulSet") -}} + {{- if and (ne "Always" $policy) (mustHas $objectData.type $types) -}} + {{- fail (printf "Expected [restartPolicy] to be [Always] for [%s] but got [%s]" $objectData.type $policy) -}} + {{- end -}} + + {{- if and (eq "Always" $policy) (mustHas $objectData.type $jobTypes) -}} + {{- $cronPolicies := mustWithout $policies "Always" -}} + {{- fail (printf "Expected [restartPolicy] to be one of [%s] for [%s] but got [%s]" (join ", " $cronPolicies) $objectData.type $policy) -}} + {{- end -}} + + {{- $policy -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_runtimeClassName.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_runtimeClassName.tpl new file mode 100644 index 0000000..fd54cb0 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_runtimeClassName.tpl @@ -0,0 +1,24 @@ +{{/* Returns Runtime Class Name */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.runtimeClassName" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.runtimeClassName" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $runtime := "" -}} + + {{/* Initialize from the "defaults" */}} + {{- with $rootCtx.Values.podOptions.runtimeClassName -}} + {{- $runtime = tpl . $rootCtx -}} + {{- end -}} + + {{/* Override from the pod values, if defined */}} + {{- with $objectData.podSpec.runtimeClassName -}} + {{- $runtime = tpl . $rootCtx -}} + {{- end -}} + + {{- $runtime -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_schedulerName.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_schedulerName.tpl new file mode 100644 index 0000000..0b84582 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_schedulerName.tpl @@ -0,0 +1,24 @@ +{{/* Returns Scheduler Name */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.schedulerName" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.schedulerName" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $scheduler := "" -}} + + {{/* Initialize from the "global" option */}} + {{- with $rootCtx.Values.podOptions.schedulerName -}} + {{- $scheduler = tpl . $rootCtx -}} + {{- end -}} + + {{/* Override with pod's option */}} + {{- with $objectData.podSpec.schedulerName -}} + {{- $scheduler = tpl . $rootCtx -}} + {{- end -}} + + {{- $scheduler -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_serviceAccountName.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_serviceAccountName.tpl new file mode 100644 index 0000000..8c14d86 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_serviceAccountName.tpl @@ -0,0 +1,63 @@ +{{/* Returns Service Account Name */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.serviceAccountName" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.serviceAccountName" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{/* Check if an explicit service account name is specified in podSpec */}} + {{- with $objectData.podSpec.serviceAccountName -}} + {{- $objectName := tpl . $rootCtx -}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName) -}} + {{- $objectName -}} + {{- else -}} + {{/* If not, use the auto-generated service account name */}} + {{- include "tc.v1.common.lib.pod.serviceAccountName.auto" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.pod.serviceAccountName.auto" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $saName := "default" -}} + {{- $saNameCount := 0 -}} + + {{- range $name, $serviceAccount := $rootCtx.Values.serviceAccount -}} + {{- $tempName := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}} + + {{- if not $serviceAccount.primary -}} + {{- $tempName = (printf "%s-%s" $tempName $name) -}} + {{- end -}} + + {{- if $serviceAccount.enabled -}} + {{/* If targetSelectAll is true */}} + {{- if $serviceAccount.targetSelectAll -}} + {{- $saName = $tempName -}} + {{- $saNameCount = add1 $saNameCount -}} + + {{/* Else if targetSelector is a list */}} + {{- else if (kindIs "slice" $serviceAccount.targetSelector) -}} + {{- if (mustHas $objectData.shortName $serviceAccount.targetSelector) -}} + {{- $saName = $tempName -}} + {{- $saNameCount = add1 $saNameCount -}} + {{- end -}} + + {{/* If not targetSelectAll or targetSelector, but is the primary pod */}} + {{- else if $objectData.primary -}} + {{- $saName = $tempName -}} + {{- $saNameCount = add1 $saNameCount -}} + {{- end -}} + + {{- end -}} + {{- end -}} + + {{- if gt $saNameCount 1 -}} + {{- fail (printf "Expected at most 1 ServiceAccount to be assigned on a pod [%s]. But [%v] were assigned" $objectData.shortName $saNameCount) -}} + {{- end -}} + + {{- $saName -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_shareProcessNamespace.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_shareProcessNamespace.tpl new file mode 100644 index 0000000..1a2bd11 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_shareProcessNamespace.tpl @@ -0,0 +1,24 @@ +{{/* Returns Share Process Namespace */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.shareProcessNamespace" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.shareProcessNamespace" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $shareProcessNamespace := false -}} + + {{/* Initialize from the "global" option */}} + {{- if (kindIs "bool" $rootCtx.Values.podOptions.shareProcessNamespace) -}} + {{- $shareProcessNamespace = $rootCtx.Values.podOptions.shareProcessNamespace -}} + {{- end -}} + + {{/* Override with pods option */}} + {{- if (kindIs "bool" $objectData.podSpec.shareProcessNamespace) -}} + {{- $shareProcessNamespace = $objectData.podSpec.shareProcessNamespace -}} + {{- end -}} + + {{- $shareProcessNamespace -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_terminationGracePeriodSeconds.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_terminationGracePeriodSeconds.tpl new file mode 100644 index 0000000..c92eeaa --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_terminationGracePeriodSeconds.tpl @@ -0,0 +1,29 @@ +{{/* Returns Termination Grace Period Seconds */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.terminationGracePeriodSeconds" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.terminationGracePeriodSeconds" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $gracePeriod := "" -}} + + {{/* Initialize from the "global" option */}} + {{- with $rootCtx.Values.podOptions.terminationGracePeriodSeconds -}} + {{- $gracePeriod = . -}} + {{- end -}} + + {{/* Override with pod's option */}} + {{- with $objectData.podSpec.terminationGracePeriodSeconds -}} + {{- $gracePeriod = . -}} + {{- end -}} + + {{/* Expand tpl */}} + {{- if (kindIs "string" $gracePeriod) -}} + {{- $gracePeriod = tpl $gracePeriod $rootCtx -}} + {{- end -}} + + {{- $gracePeriod -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_tolerations.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_tolerations.tpl new file mode 100644 index 0000000..ca735d9 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_tolerations.tpl @@ -0,0 +1,67 @@ +{{/* Returns Tolerations */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.tolerations" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.tolerations" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $tolerations := list -}} + + {{/* Initialize from the "global" option */}} + {{- with $rootCtx.Values.podOptions.tolerations -}} + {{- $tolerations = . -}} + {{- end -}} + + {{/* Override from the "pod" option */}} + {{- with $objectData.podSpec.tolerations -}} + {{- $tolerations = . -}} + {{- end -}} + + {{- range $tolerations -}} + {{/* Expand values */}} + {{- $operator := (tpl (.operator | default "") $rootCtx) -}} + {{- $key := (tpl (.key | default "") $rootCtx) -}} + {{- $value := (tpl (.value | default "") $rootCtx) -}} + {{- $effect := (tpl (.effect | default "") $rootCtx) -}} + {{- $tolSeconds := .tolerationSeconds -}} + + {{- $operators := (list "Exists" "Equal") -}} + {{- if not (mustHas $operator $operators) -}} + {{- fail (printf "Expected [tolerations.operator] to be one of [%s] but got [%s]" (join ", " $operators) $operator) -}} + {{- end -}} + + {{- if and (eq $operator "Equal") (or (not $key) (not $value)) -}} + {{- fail "Expected non-empty [tolerations.key] and [tolerations.value] with [tolerations.operator] set to [Equal]" -}} + {{- end -}} + + {{- if and (eq $operator "Exists") $value -}} + {{- fail (printf "Expected empty [tolerations.value] with [tolerations.operator] set to [Exists], but got [%s]" $value) -}} + {{- end -}} + + {{- $effects := (list "NoExecute" "NoSchedule" "PreferNoSchedule") -}} + {{- if and $effect (not (mustHas $effect $effects)) -}} + {{- fail (printf "Expected [tolerations.effect] to be one of [%s], but got [%s]" (join ", " $effects) $effect) -}} + {{- end -}} + + {{- if and (not (kindIs "invalid" $tolSeconds)) (not (mustHas (kindOf $tolSeconds) (list "int" "int64" "float64"))) -}} + {{- fail (printf "Expected [tolerations.tolerationSeconds] to be a number, but got [%v]" $tolSeconds) -}} + {{- end }} +- operator: {{ $operator }} + {{- with $key }} + key: {{ $key }} + {{- end -}} + {{- with $effect }} + effect: {{ $effect }} + {{- end -}} + {{- with $value }} + value: {{ . }} + {{- end -}} + {{- if (mustHas (kindOf $tolSeconds) (list "int" "int64" "float64")) }} + tolerationSeconds: {{ $tolSeconds }} + {{- end -}} + + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_topologySpreadConstraints .tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_topologySpreadConstraints .tpl new file mode 100644 index 0000000..66c018f --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_topologySpreadConstraints .tpl @@ -0,0 +1,37 @@ +{{/* Returns topologySpreadConstraints */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.topologySpreadConstraints" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.topologySpreadConstraints" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $constraints := list -}} + + {{/* Initialize from the "global" option */}} + {{- with $rootCtx.Values.podOptions.topologySpreadConstraints -}} + {{- $constraints = . -}} + {{- end -}} + + {{/* Override with pods option */}} + {{- with $objectData.podSpec.topologySpreadConstraints -}} + {{- $constraints = . -}} + {{- end -}} + + {{- $validTypes := (list "Deployment" "StatefulSet") -}} + {{- if and (mustHas $objectData.type $validTypes) $rootCtx.Values.podOptions.defaultSpread }} +- maxSkew: 1 + whenUnsatisfiable: ScheduleAnyway + topologyKey: {{ default "kubernetes.io/hostname" $rootCtx.Values.global.fallbackDefaults.topologyKey }} + labelSelector: + matchLabels: + {{- include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "pod" "objectName" $objectData.shortName) | indent 6 }} + nodeAffinityPolicy: Honor + nodeTaintsPolicy: Honor + {{- end -}} + {{- with $constraints -}} {{/* TODO: Template this, so we can add some validation around easy to make mistakes. Low Prio */}} + {{- . | toYaml | nindent 0 }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/_volumes.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/_volumes.tpl new file mode 100644 index 0000000..1d54621 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/_volumes.tpl @@ -0,0 +1,122 @@ +{{/* Returns Volumes */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.volumes" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.pod.volumes" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $selectedVolumes := (include "tc.v1.common.lib.pod.volumes.selected" (dict "rootCtx" $rootCtx "objectData" $objectData)) | fromJson -}} + + {{- range $type, $volumes := $selectedVolumes -}} + {{- range $volume := $volumes -}} + {{- include (printf "tc.v1.common.lib.pod.volume.%s" $type) (dict "rootCtx" $rootCtx "objectData" $volume) | trim | nindent 0 -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.pod.volumes.checkRWO" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $persistence := .persistence -}} + {{- $type := .type -}} + {{- $name := .name -}} + + {{/* Only check accessModes if persistence is one of those types */}} + {{- $typesWithAccessMode := (list "pvc") -}} + {{- if (mustHas $type $typesWithAccessMode) -}} + {{- $modes := include "tc.v1.common.lib.pvc.accessModes" (dict "rootCtx" $rootCtx + "objectData" $persistence "caller" "Volumes") | fromYamlArray + -}} + + {{- $hasRWO := include "tc.v1.common.lib.pod.volumes.hasRWO" (dict "modes" $modes) -}} + + {{- if eq $hasRWO "true" -}} + {{- if eq $objectData.type "DaemonSet" -}} + {{- fail "Expected [accessMode] to not be [ReadWriteOnce] when used on a [DaemonSet]" -}} + + {{- else if and (mustHas $objectData.type (list "Deployment" "StatefulSet")) (gt (($objectData.replicas| default 1) | int) 1) -}} + {{- include "add.warning" (dict "rootCtx" $rootCtx + "warn" (printf "WARNING: The [accessModes] on volume [%s] is set to [ReadWriteOnce] when on a [Deployment] with more than 1 replica" $name)) + -}} + {{- end -}} + {{- end -}} + + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.pod.volumes.hasRWO" -}} + {{- $modes := .modes -}} + {{- $hasRWO := false -}} + {{- range $m := $modes -}} + {{- if eq $m "ReadWriteOnce" -}} + {{- $hasRWO = true -}} + {{- break -}} + {{- end -}} + {{- end -}} + {{- $hasRWO -}} +{{- end -}} + +{{- define "tc.v1.common.lib.pod.volumes.selected" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $selectedVolumes := dict + "pvc" list + "secret" list + "configmap" list + "emptyDir" list + "hostPath" list + "nfs" list + "iscsi" list + "projected" list + "device" list + -}} + + {{- range $name, $persistenceValues := $rootCtx.Values.persistence -}} + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $rootCtx "objectData" $persistenceValues + "name" $name "caller" "Volumes" + "key" "persistence")) + -}} + + {{- if (ne $enabled "true") -}}{{- continue -}}{{- end -}} + {{- $persistence := (mustDeepCopy $persistenceValues) -}} + {{- $_ := set $persistence "shortName" $name -}} + + {{- $selected := false -}} + + {{- if $persistence.targetSelectAll -}} + {{- $selected = true -}} + {{- else if eq $objectData.shortName "autopermissions" -}} + {{- if and $persistence.autoPermissions $persistence.autoPermissions.enabled -}} + {{- $selected = true -}} + {{- end -}} + {{- else if $persistence.targetSelector -}} + {{- if not (kindIs "map" $persistence.targetSelector) -}} + {{- fail (printf "Persistence - Expected [targetSelector] to be [dict], but got [%s]" (kindOf $persistence.targetSelector)) -}} + {{- end -}} + + {{- if (mustHas $objectData.shortName (keys $persistence.targetSelector)) -}} + {{- $selected = true -}} + {{- end -}} + {{- else if $objectData.primary -}} + {{- $selected = true -}} + {{- end -}} + + {{- if not $selected -}}{{- continue -}}{{- end -}} + + {{- $type := ($persistence.type | default $rootCtx.Values.global.fallbackDefaults.persistenceType) -}} + {{- if eq $type "vct" -}}{{- continue -}}{{- end -}} + + {{- include "tc.v1.common.lib.pod.volumes.checkRWO" (dict + "rootCtx" $rootCtx "objectData" $objectData "persistence" $persistence "type" $type "name" $name) + -}} + + {{- $_ := set $selectedVolumes $type (mustAppend (index $selectedVolumes $type) $persistence) -}} + {{- end -}} + + {{- $selectedVolumes | toJson -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_configmap.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_configmap.tpl new file mode 100644 index 0000000..833fc7e --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_configmap.tpl @@ -0,0 +1,71 @@ +{{/* Returns ConfigMap Volume */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.volume.configmap" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the volume. +*/}} +{{- define "tc.v1.common.lib.pod.volume.configmap" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.objectName -}} + {{- fail "Persistence - Expected non-empty [objectName] on [configmap] type" -}} + {{- end -}} + + {{- $objectName := tpl $objectData.objectName $rootCtx -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $rootCtx "objectData" $objectData + "name" $objectData.shortName "caller" "ConfigMap" + "key" "configmap")) -}} + + {{- if eq $expandName "true" -}} + {{- $object := (get $rootCtx.Values.configmap $objectName) -}} + {{- if and (not $object) (not $objectData.optional) -}} + {{- fail (printf "Persistence - Expected configmap [%s] defined in [objectName] to exist" $objectName) -}} + {{- end -}} + + {{- $objectName = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $objectName) -}} + {{- end -}} + + {{- $optional := false -}} + {{- if hasKey $objectData "optional" -}} + {{- if not (kindIs "bool" $objectData.optional) -}} + {{- fail (printf "Persistence - Expected [optional] to be [bool], but got [%s]" (kindOf $objectData.optional)) -}} + {{- end -}} + {{- $optional = $objectData.optional -}} + {{- end -}} + + {{- $defMode := "" -}} + {{- if (and $objectData.defaultMode (not (kindIs "string" $objectData.defaultMode))) -}} + {{- fail (printf "Persistence - Expected [defaultMode] to be [string], but got [%s]" (kindOf $objectData.defaultMode)) -}} + {{- end -}} + + {{- with $objectData.defaultMode -}} + {{- $defMode = tpl $objectData.defaultMode $rootCtx -}} + {{- end -}} + + {{- if and $defMode (not (mustRegexMatch "^[0-9]{4}$" $defMode)) -}} + {{- fail (printf "Persistence - Expected [defaultMode] to have be in format of [\"0777\"], but got [%q]" $defMode) -}} + {{- end }} +- name: {{ $objectData.shortName }} + configMap: + name: {{ $objectName }} + {{- with $defMode }} + defaultMode: {{ . }} + {{- end }} + optional: {{ $optional }} + {{- with $objectData.items }} + items: + {{- range . -}} + {{- if not .key -}} + {{- fail "Persistence - Expected non-empty [items.key]" -}} + {{- end -}} + {{- if not .path -}} + {{- fail "Persistence - Expected non-empty [items.path]" -}} + {{- end }} + - key: {{ tpl .key $rootCtx }} + path: {{ tpl .path $rootCtx }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_device.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_device.tpl new file mode 100644 index 0000000..b39192f --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_device.tpl @@ -0,0 +1,53 @@ +{{/* Returns device (hostPath) Volume */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.volume.device" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the volume. +*/}} +{{- define "tc.v1.common.lib.pod.volume.device" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $hostPathType := "" -}} + {{- if $objectData.hostPathType -}} + {{- $hostPathType = tpl $objectData.hostPathType $rootCtx -}} + {{- end -}} + + {{- if not $objectData.hostPath -}} + {{- fail "Persistence - Expected non-empty [hostPath] on [device] type" -}} + {{- end -}} + {{- $hostPath := tpl $objectData.hostPath $rootCtx -}} + + {{- if not (hasPrefix "/" $hostPath) -}} + {{- fail "Persistence - Expected [hostPath] to start with a forward slash [/] on [device] type" -}} + {{- end -}} + + {{- $charDevices := (list "tty") -}} + {{- if not $hostPathType -}} + {{- range $char := $charDevices -}} + {{- if hasPrefix (printf "/dev/%v" $char) $hostPath -}} + {{- $hostPathType = "CharDevice" -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $blockDevices := (list "sd" "hd" "nvme") -}} + {{- if not $hostPathType -}} + {{- range $block := $blockDevices -}} + {{- if hasPrefix (printf "/dev/%v" $block) $hostPath -}} + {{- $hostPathType = "BlockDevice" -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $types := (list "DirectoryOrCreate" "Directory" "FileOrCreate" "File" "Socket" "CharDevice" "BlockDevice") -}} + {{- if and $hostPathType (not (mustHas $hostPathType $types)) -}} + {{- fail (printf "Persistence - Expected [hostPathType] to be one of [%s], but got [%s]" (join ", " $types) $hostPathType) -}} + {{- end }} +- name: {{ $objectData.shortName }} + hostPath: + path: {{ $hostPath }} + {{- with $hostPathType }} + type: {{ $hostPathType }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_emptyDir.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_emptyDir.tpl new file mode 100644 index 0000000..cdf0bc1 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_emptyDir.tpl @@ -0,0 +1,45 @@ +{{/* Returns emptyDir Volume */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.volume.emptyDir" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the volume. +*/}} +{{- define "tc.v1.common.lib.pod.volume.emptyDir" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $medium := "" -}} + {{- $size := "" -}} + {{- with $objectData.medium -}} + {{- $medium = tpl . $rootCtx -}} + {{- end -}} + {{- with $objectData.size -}} + {{- $size = tpl . $rootCtx -}} + {{- end -}} + + {{- if $size -}} + {{/* Size: https://regex101.com/r/NNPV2D/1 */}} + {{- if not (mustRegexMatch "^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$" (toString $size)) -}} + {{- $formats := "(Suffixed with E/P/T/G/M/K - eg. 1G), (Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi), (Plain Integer in bytes - eg. 1024), (Exponent - eg. 134e6)" -}} + {{- fail (printf "Persistence Expected [size] to have one of the following formats [%s], but got [%s]" $formats $size) -}} + {{- end -}} + {{- else if eq $medium "Memory" -}} + {{- $size = $rootCtx.Values.resources.limits.memory -}} + {{- end -}} + + {{- if and $medium (ne $medium "Memory") -}} + {{- fail (printf "Persistence - Expected [medium] to be one of [\"\", Memory], but got [%s] on [emptyDir] type" $medium) -}} + {{- end }} +- name: {{ $objectData.shortName }} + {{- if or $medium $size }} + emptyDir: + {{- if $medium }} + medium: {{ $medium }} + {{- end -}} + {{- if $size }} + sizeLimit: {{ $size }} + {{- end -}} + {{- else }} + emptyDir: {} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_hostPath.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_hostPath.tpl new file mode 100644 index 0000000..0cdea18 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_hostPath.tpl @@ -0,0 +1,35 @@ +{{/* Returns hostPath Volume */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.volume.hostPath" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the volume. +*/}} +{{- define "tc.v1.common.lib.pod.volume.hostPath" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $hostPathType := "" -}} + {{- if $objectData.hostPathType -}} + {{- $hostPathType = tpl $objectData.hostPathType $rootCtx -}} + {{- end -}} + + {{- if not $objectData.hostPath -}} + {{- fail "Persistence - Expected non-empty [hostPath] on [hostPath] type" -}} + {{- end -}} + {{- $hostPath := tpl $objectData.hostPath $rootCtx -}} + + {{- if not (hasPrefix "/" $hostPath) -}} + {{- fail "Persistence - Expected [hostPath] to start with a forward slash [/] on [hostPath] type" -}} + {{- end -}} + + {{- $types := (list "DirectoryOrCreate" "Directory" "FileOrCreate" "File" "Socket" "CharDevice" "BlockDevice") -}} + {{- if and $hostPathType (not (mustHas $hostPathType $types)) -}} + {{- fail (printf "Persistence - Expected [hostPathType] to be one of [%s], but got [%s]" (join ", " $types) $hostPathType) -}} + {{- end }} +- name: {{ $objectData.shortName }} + hostPath: + path: {{ $hostPath }} + {{- with $hostPathType }} + type: {{ $hostPathType }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_iscsi.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_iscsi.tpl new file mode 100644 index 0000000..3769ef6 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_iscsi.tpl @@ -0,0 +1,75 @@ +{{/* Returns iscsi Volume */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.volume.iscsi" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the volume. +*/}} +{{- define "tc.v1.common.lib.pod.volume.iscsi" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.iscsi -}} + {{- fail "Persistence - Expected non-empty [iscsi] object on [iscsi] type" -}} + {{- end -}} + + {{- with $objectData.iscsi.fsType -}} + {{- $validFSTypes := (list "ext4" "xfs" "ntfs") -}} + {{- $fsType := tpl . $rootCtx -}} + {{- if not (mustHas $fsType $validFSTypes) -}} + {{- fail (printf "Persistence - Expected [fsType] on [iscsi] type to be one of [%s], but got [%s]" (join ", " $validFSTypes) $fsType) -}} + {{- end -}} + {{- end -}} + + {{- if not $objectData.iscsi.targetPortal -}} + {{- fail "Persistence - Expected non-empty [targetPortal] on [iscsi] type" -}} + {{- end -}} + + {{- if not $objectData.iscsi.iqn -}} + {{- fail "Persistence - Expected non-empty [iqn] on [iscsi] type" -}} + {{- end -}} + + {{- if (kindIs "invalid" $objectData.iscsi.lun) -}} + {{- fail "Persistence - Expected non-empty [lun] on [iscsi] type" -}} + {{- end -}} + {{- $lun := $objectData.iscsi.lun -}} + {{- if (kindIs "string" $lun) -}} + {{- $lun = tpl $lun $rootCtx | float64 -}} + {{- end -}} + + {{- $authSession := false -}} + {{- $authDiscovery := false -}} + {{- if $objectData.iscsi.authSession -}} + {{- $authSession = true -}} + {{- end -}} + {{- if $objectData.iscsi.authDiscovery -}} + {{- $authDiscovery = true -}} + {{- end }} + +- name: {{ $objectData.shortName }} + iscsi: + targetPortal: {{ tpl $objectData.iscsi.targetPortal $rootCtx }} + {{- with $objectData.iscsi.portals }} + portals: + {{- range $portal := . }} + - {{ tpl $portal $rootCtx | quote }} + {{- end -}} + {{- end }} + iqn: {{ tpl $objectData.iscsi.iqn $rootCtx }} + lun: {{ include "tc.v1.common.helper.makeIntOrNoop" $lun }} + {{- with $objectData.iscsi.iscsiInterface }} + iscsiInterface: {{ tpl . $rootCtx }} + {{- end -}} + {{- with $objectData.iscsi.initiatorName }} + initiatorName: {{ tpl . $rootCtx }} + {{- end -}} + {{- with $objectData.iscsi.fsType }} + fsType: {{ tpl . $rootCtx }} + {{- end }} + chapAuthSession: {{ $authSession }} + chapAuthDiscovery: {{ $authDiscovery }} + {{- if or $authSession $authDiscovery -}} + {{- $secretName := (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $objectData.shortName) }} + secretRef: + name: {{ $secretName }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_nfs.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_nfs.tpl new file mode 100644 index 0000000..18b4113 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_nfs.tpl @@ -0,0 +1,27 @@ +{{/* Returns NFS Volume */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.volume.nfs" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the volume. +*/}} +{{- define "tc.v1.common.lib.pod.volume.nfs" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.path -}} + {{- fail "Persistence - Expected non-empty [path] on [nfs] type" -}} + {{- end -}} + + {{- $path := tpl $objectData.path $rootCtx -}} + {{- if not (hasPrefix "/" $path) -}} + {{- fail "Persistence - Expected [path] to start with a forward slash [/] on [nfs] type" -}} + {{- end -}} + + {{- if not $objectData.server -}} + {{- fail "Persistence - Expected non-empty [server] on [nfs] type" -}} + {{- end }} +- name: {{ $objectData.shortName }} + nfs: + path: {{ $path }} + server: {{ tpl $objectData.server $rootCtx }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_projected.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_projected.tpl new file mode 100644 index 0000000..979125e --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_projected.tpl @@ -0,0 +1,181 @@ +{{/* Returns projected Volume */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.volume.projected" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the volume. +*/}} +{{- define "tc.v1.common.lib.pod.volume.projected" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.sources -}} + {{- fail "Persistence - Expected non-empty [sources] on [projected] type" -}} + {{- end -}} + + {{- $defMode := "" -}} + {{- if (and $objectData.defaultMode (not (kindIs "string" $objectData.defaultMode))) -}} + {{- fail (printf "Persistence - Expected [defaultMode] to be [string], but got [%s]" (kindOf $objectData.defaultMode)) -}} + {{- end -}} + + {{- with $objectData.defaultMode -}} + {{- $defMode = tpl $objectData.defaultMode $rootCtx -}} + {{- end -}} + + {{- if and $defMode (not (mustRegexMatch "^[0-9]{4}$" $defMode)) -}} + {{- fail (printf "Persistence - Expected [defaultMode] to have be in format of [\"0777\"], but got [%q]" $defMode) -}} + {{- end -}} + {{- $allowedSources := (list "clusterTrustBundle" "configMap" "downwardAPI" "secret" "serviceAccountToken") }} +- name: {{ $objectData.shortName }} + projected: + {{- with $defMode }} + defaultMode: {{ . }} + {{- end }} + sources: + {{- range $source := $objectData.sources -}} + {{- if gt ($source | keys | len) 1 -}} + {{- fail "Persistence - Expected only one source type per item in [projected] volume" -}} + {{- end -}} + + {{- $k := $source | keys | first -}} + {{- $v := (get $source $k) -}} + + {{- if eq $k "serviceAccountToken" }} + {{- include "tc.v1.common.lib.pod.volume.projected.serviceAccountToken" (dict "rootCtx" $rootCtx "source" $v) | nindent 6 }} + {{- else if or (eq $k "secret") (eq $k "configMap") }} + {{- include "tc.v1.common.lib.pod.volume.projected.cm-secret" (dict "rootCtx" $rootCtx "source" $v "type" $k) | nindent 6 }} + {{- else if eq $k "downwardAPI" }} + {{- include "tc.v1.common.lib.pod.volume.projected.downwardAPI" (dict "rootCtx" $rootCtx "source" $v) | nindent 6 }} + {{- else if eq $k "clusterTrustBundle" }} + {{- include "tc.v1.common.lib.pod.volume.projected.clusterTrustBundle" (dict "rootCtx" $rootCtx "source" $v) | nindent 6 }} + {{- else -}} + {{- fail (printf "Persistence - Invalid source type [%s] for projected. Valid sources are [%s]" $k (join ", " $allowedSources)) -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.pod.volume.projected.serviceAccountToken" -}} + {{- $rootCtx := .rootCtx -}} + {{- $source := .source -}} + + {{- if hasKey $source "expirationSeconds" -}} + {{- if lt ($source.expirationSeconds | int) 600 -}} + {{- fail (printf "Persistence - Expected [expirationSeconds] to be greater than 600 seconds, but got [%v]" $source.expirationSeconds) -}} + {{- end -}} + {{- end -}} + + {{- if not $source.path -}} + {{- fail "Persistence - Expected non-empty [path] on [serviceAccountToken] type" -}} + {{- end -}} +- serviceAccountToken: + {{- with $source.audience }} + audience: {{ tpl . $rootCtx }} + {{- end -}} + {{- with $source.expirationSeconds }} + expirationSeconds: {{ . }} + {{- end }} + path: {{ tpl $source.path $rootCtx }} +{{- end -}} + +{{- define "tc.v1.common.lib.pod.volume.projected.downwardAPI" -}} + {{- $rootCtx := .rootCtx -}} + {{- $source := .source -}} + + {{- if not (kindIs "map" $source) -}} + {{- fail (printf "Persistence - Expected [downwardAPI] in [sources] to be a map on [downwardAPI] type, but got [%s]" (kindOf $source)) -}} + {{- end -}} + + {{- if not $source.items -}} + {{- fail "Persistence - Expected non-empty [items] on [downwardAPI] type" -}} + {{- end }} +- downwardAPI: + items: + {{- $allowedItems := (list "fieldRef" "resourceFieldRef") }} + {{- range $item := $source.items -}} + {{- if not $item.path -}} + {{- fail "Persistence - Expected non-empty [path] on item in [downwardAPI] type" -}} + {{- end }} + - path: {{ tpl $item.path $rootCtx }} + {{- if hasKey $item "fieldRef" }} + {{- if not $item.fieldRef.fieldPath -}} + {{- fail "Persistence - Expected non-empty [fieldPath] under [fieldRef] on item in [downwardAPI] type" -}} + {{- end }} + fieldRef: + {{- with $item.fieldRef.apiVersion }} + apiVersion: {{ tpl . $rootCtx }} + {{- end }} + fieldPath: {{ tpl $item.fieldRef.fieldPath $rootCtx }} + {{- else if hasKey $item "resourceFieldRef" }} + {{- if not $item.resourceFieldRef.containerName -}} + {{- fail "Persistence - Expected non-empty [containerName] under [resourceFieldRef] on item in [downwardAPI] type" -}} + {{- end -}} + {{- if not $item.resourceFieldRef.resource -}} + {{- fail "Persistence - Expected non-empty [resource] under [resourceFieldRef] on item in [downwardAPI] type" -}} + {{- end }} + resourceFieldRef: + resource: {{ tpl $item.resourceFieldRef.resource $rootCtx }} + containerName: {{ tpl $item.resourceFieldRef.containerName $rootCtx }} + {{- if hasKey $item.resourceFieldRef "divisor" }} + divisor: {{ $item.resourceFieldRef.divisor }} + {{- end -}} + {{- else -}} + {{- fail (printf "Persistence - Expected item in downwardAPI to have one of [%s] keys. But found [%s]" (join ", " $allowedItems) (join ", " ($item | keys | sortAlpha))) -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.pod.volume.projected.cm-secret" -}} + {{- $rootCtx := .rootCtx -}} + {{- $source := .source -}} + {{- $type := .type -}} + + {{- if not $source.objectName -}} + {{- fail (printf "Persistence - Expected non-empty [objectName] on [%s] type" $type) -}} + {{- end -}} + + {{- if not $source.items -}} + {{- fail (printf "Persistence - Expected non-empty [items] on [%s] type" $type) -}} + {{- end -}} + + {{- if not (kindIs "slice" $source.items) -}} + {{- fail (printf "Persistence - Expected [items] to be a slice on [%s] type, but got [%s]" $type (kindOf $source.items)) -}} + {{- end -}} + + {{- $objectName := tpl $source.objectName $rootCtx -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $rootCtx "objectData" $source + "name" $source.objectName "caller" "Persistence - Projected" + "key" "persistence")) -}} + {{- $ltype := $type | lower -}} + {{- if eq $expandName "true" -}} + {{- $object := (get (get $rootCtx.Values $ltype) $objectName) -}} + {{- if and (not $object) (not $source.optional) -}} + {{- fail (printf "Persistence - Expected %s [%s] defined in [objectName] to exist" $ltype $objectName) -}} + {{- end -}} + + {{- $objectName = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $objectName) -}} + {{- end }} +- {{ $type }}: + name: {{ $objectName }} + {{- if hasKey $source "optional" }} + optional: {{ $source.optional }} + {{- end }} + items: + {{- range $item := $source.items -}} + {{- if not $item.key -}} + {{- fail (printf "Persistence - Expected non-empty [key] on item in [%s] type" $type) -}} + {{- end -}} + {{- if not $item.path -}} + {{- fail (printf "Persistence - Expected non-empty [path] on item in [%s] type" $type) -}} + {{- end }} + - key: {{ tpl $item.key $rootCtx }} + path: {{ tpl $item.path $rootCtx }} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.pod.volume.projected.clusterTrustBundle" -}} + {{- $rootCtx := .rootCtx -}} + {{- $source := .source -}} + + {{- fail "Persistence - Key [clusterTrustBundle] is not yet implemented in [projected type]" -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_pvc.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_pvc.tpl new file mode 100644 index 0000000..1f93e96 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_pvc.tpl @@ -0,0 +1,18 @@ +{{/* Returns PVC Volume */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.volume.pvc" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the volume. +*/}} +{{- define "tc.v1.common.lib.pod.volume.pvc" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $pvcName := include "tc.v1.common.lib.storage.pvc.name" (dict "rootCtx" $rootCtx "objectName" $objectData.shortName "objectData" $objectData) -}} + {{- with $objectData.existingClaim -}} + {{- $pvcName = tpl . $rootCtx -}} + {{- end }} +- name: {{ $objectData.shortName }} + persistentVolumeClaim: + claimName: {{ $pvcName }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_secret.tpl b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_secret.tpl new file mode 100644 index 0000000..ab8678f --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/pod/volumes/_secret.tpl @@ -0,0 +1,71 @@ +{{/* Returns Secret Volume */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pod.volume.secret" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the volume. +*/}} +{{- define "tc.v1.common.lib.pod.volume.secret" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.objectName -}} + {{- fail "Persistence - Expected non-empty [objectName] on [secret] type" -}} + {{- end -}} + + {{- $objectName := tpl $objectData.objectName $rootCtx -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $rootCtx "objectData" $objectData + "name" $objectData.shortName "caller" "Secret" + "key" "secret")) -}} + + {{- if eq $expandName "true" -}} + {{- $object := (get $rootCtx.Values.secret $objectName) -}} + {{- if and (not $object) (not $objectData.optional) -}} + {{- fail (printf "Persistence - Expected secret [%s] defined in [objectName] to exist" $objectName) -}} + {{- end -}} + + {{- $objectName = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $objectName) -}} + {{- end -}} + + {{- $optional := false -}} + {{- if hasKey $objectData "optional" -}} + {{- if not (kindIs "bool" $objectData.optional) -}} + {{- fail (printf "Persistence - Expected [optional] to be [bool], but got [%s]" (kindOf $objectData.optional)) -}} + {{- end -}} + {{- $optional = $objectData.optional -}} + {{- end -}} + + {{- $defMode := "" -}} + {{- if (and $objectData.defaultMode (not (kindIs "string" $objectData.defaultMode))) -}} + {{- fail (printf "Persistence - Expected [defaultMode] to be [string], but got [%s]" (kindOf $objectData.defaultMode)) -}} + {{- end -}} + + {{- with $objectData.defaultMode -}} + {{- $defMode = tpl $objectData.defaultMode $rootCtx -}} + {{- end -}} + + {{- if and $defMode (not (mustRegexMatch "^[0-9]{4}$" $defMode)) -}} + {{- fail (printf "Persistence - Expected [defaultMode] to have be in format of [\"0777\"], but got [%q]" $defMode) -}} + {{- end }} +- name: {{ $objectData.shortName }} + secret: + secretName: {{ $objectName }} + {{- with $defMode }} + defaultMode: {{ . }} + {{- end }} + optional: {{ $optional }} + {{- with $objectData.items }} + items: + {{- range . -}} + {{- if not .key -}} + {{- fail "Persistence - Expected non-empty [items.key]" -}} + {{- end -}} + {{- if not .path -}} + {{- fail "Persistence - Expected non-empty [items.path]" -}} + {{- end }} + - key: {{ tpl .key $rootCtx }} + path: {{ tpl .path $rootCtx }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/podDistruptionBudget/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/podDistruptionBudget/_validation.tpl new file mode 100644 index 0000000..b92fc57 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/podDistruptionBudget/_validation.tpl @@ -0,0 +1,52 @@ +{{/* Metadata Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.podDisruptionBudget.validation" (dict "objectData" $objectData "caller" $caller) -}} +objectData: + labels: The labels of the configmap. + annotations: The annotations of the configmap. + data: The data of the configmap. +*/}} + +{{- define "tc.v1.common.lib.podDisruptionBudget.validation" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if and $objectData.targetSelector (not (kindIs "string" $objectData.targetSelector)) -}} + {{- fail (printf "Pod Disruption Budget - Expected [targetSelector] to be [string], but got [%s]" (kindOf $objectData.targetSelector)) -}} + {{- end -}} + + {{- if and (not $objectData.targetSelector) (not $objectData.customLabels) -}} + {{- fail (printf "Pod Disruption Budget - Expected one of [targetSelector, customLabels] to be defined in [podDisruptionBudget.%s]" $objectData.shortName) -}} + {{- end -}} + + {{- if and $objectData.targetSelector $objectData.customLabels -}} + {{- fail (printf "Pod Disruption Budget - Expected only one of [targetSelector, customLabels] to be defined in [podDisruptionBudget.%s]" $objectData.shortName) -}} + {{- end -}} + + {{- with $objectData.unhealthyPodEvictionPolicy -}} + {{- $policies := (list "IfHealthyBudget" "AlwaysAllow") -}} + {{- if not (mustHas (tpl . $rootCtx) $policies) -}} + {{- fail (printf "Pod Disruption Budget - Expected [unhealthyPodEvictionPolicy] to be one of [%s], but got [%s]" (join ", " $policies) .) -}} + {{- end -}} + {{- end -}} + + {{- $hasKey := false -}} + {{- $keys := (list "minAvailable" "maxUnavailable") -}} + {{- range $key := $keys -}} + {{- if hasKey $objectData $key -}} + {{- $hasKey = true -}} + {{- if kindIs "invalid" (get $objectData $key) -}} + {{- fail (printf "Pod Disruption Budget - Expected the defined key [%v] in [podDisruptionBudget.%s] to not be empty" $key $objectData.shortName) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if and ($objectData.minAvailable) ($objectData.maxUnavailable) -}} + {{- fail (printf "Pod Disruption Budget - Expected one of [%s] to be defined in [podDisruptionBudget.%s], but got both" (join ", " $keys) $objectData.shortName) -}} + {{- end -}} + + {{- if not $hasKey -}} + {{- fail (printf "Pod Disruption Budget - Expected at least one of [%s] to be defined in [podDisruptionBudget.%s]" (join ", " $keys) $objectData.shortName) -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/priorityClass/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/priorityClass/_validation.tpl new file mode 100644 index 0000000..446e6f1 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/priorityClass/_validation.tpl @@ -0,0 +1,11 @@ +{{- define "tc.v1.common.lib.priorityclass.validation" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $validPolicies := (list "PreemptLowerPriority" "Never") -}} + {{- if $objectData.preemptionPolicy -}} + {{- if not (mustHas $objectData.preemptionPolicy $validPolicies) -}} + {{- fail (printf "Priority Class - Expected [preemptionPolicy] to be one of [%s], but got [%s]" (join ", " $validPolicies) $objectData.preemptionPolicy) -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/rbac/_getServiceAccounts.tpl b/charts/baikal/baikal/charts/common/templates/lib/rbac/_getServiceAccounts.tpl new file mode 100644 index 0000000..61a2305 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/rbac/_getServiceAccounts.tpl @@ -0,0 +1,52 @@ +{{/* Returns Service Account List for rbac */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.rbac.serviceAccount" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the RBAC. +*/}} +{{/* Parses service accounts, and checks if RBAC have selected any of them */}} +{{- define "tc.v1.common.lib.rbac.serviceAccount" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $serviceAccounts := list -}} + + {{- range $name, $serviceAccount := $rootCtx.Values.serviceAccount -}} + {{- $saName := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}} + + {{- if $serviceAccount.enabled -}} + + {{- if not $serviceAccount.primary -}} + {{- $saName = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $name) -}} + {{- end -}} + + {{/* If allServiceAccounts is true */}} + {{- if $objectData.allServiceAccounts -}} + {{- $serviceAccounts = mustAppend $serviceAccounts $saName -}} + + {{/* Else if serviceAccounts is a list */}} + {{- else if (kindIs "slice" $objectData.serviceAccounts) -}} + {{- if (mustHas $name $objectData.serviceAccounts) -}} + {{- $serviceAccounts = mustAppend $serviceAccounts $saName -}} + {{- end -}} + + {{/* If not "allServiceAccounts" or "serviceAccounts", assign the primary service account to rbac */}} + {{- else if $serviceAccount.primary -}} + {{- if $objectData.primary -}} + {{- $serviceAccounts = mustAppend $serviceAccounts $saName -}} + {{- end -}} + {{- end -}} + + {{- end -}} + {{- end -}} + + {{- if not $serviceAccounts -}} + {{- fail "RBAC - Expected at least one serviceAccount to be assigned. Assign one using [allServiceAccounts (boolean), serviceAccounts (list)]" -}} + {{- end -}} + + {{- range $serviceAccounts }} +- kind: ServiceAccount + name: {{ . }} + namespace: {{ $rootCtx.Release.Namespace }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/rbac/_rules.tpl b/charts/baikal/baikal/charts/common/templates/lib/rbac/_rules.tpl new file mode 100644 index 0000000..54813d1 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/rbac/_rules.tpl @@ -0,0 +1,70 @@ +{{/* Returns Rules for rbac */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.rbac.rules" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the RBAC. +*/}} +{{/* Parses service accounts, and checks if RBAC have selected any of them */}} +{{- define "tc.v1.common.lib.rbac.rules" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.rules -}} + {{- fail "RBAC - Expected non-empty [rbac.rules]" -}} + {{- end -}} + + {{- range $objectData.rules -}} + {{- if not .apiGroups -}} + {{- fail "RBAC - Expected non-empty [rbac.rules.apiGroups]" -}} + {{- end -}} + {{- if not .resources -}} + {{- fail "RBAC - Expected non-empty [rbac.rules.resources]" -}} + {{- end -}} + {{- if not .verbs -}} + {{- fail "RBAC - Expected non-empty [rbac.rules.verbs]" -}} + {{- end -}} + + {{- /* apiGroups */}} +- apiGroups: + {{- range .apiGroups }} + - {{ tpl . $rootCtx | quote }} + {{- end -}} + {{- /* resources */}} + resources: + {{- range .resources -}} + {{- if not . -}} + {{- fail "RBAC - Expected non-empty entry in [rbac.rules.resources]" -}} + {{- end }} + - {{ tpl . $rootCtx | quote }} + {{- end -}} + {{- /* resourceNames */}} + {{- if .resourceNames }} + resourceNames: + {{- range .resourceNames -}} + {{- if not . -}} + {{- fail "RBAC - Expected non-empty entry in [rbac.rules.resourceNames]" -}} + {{- end }} + - {{ tpl . $rootCtx | quote }} + {{- end -}} + {{- end -}} + {{- /* nonResourceURLs */}} + {{- if .nonResourceURLs }} + nonResourceURLs: + {{- range .nonResourceURLs }} + {{- if not . -}} + {{- fail "RBAC - Expected non-empty entry in [rbac.rules.nonResourceURLs]" -}} + {{- end }} + - {{ tpl . $rootCtx | quote }} + {{- end -}} + {{- end -}} + {{- /* verbs */}} + verbs: + {{- range .verbs -}} + {{- if not . -}} + {{- fail "RBAC - Expected non-empty entry in [rbac.rules.verbs]" -}} + {{- end }} + - {{ tpl . $rootCtx | quote }} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/rbac/_subjects.tpl b/charts/baikal/baikal/charts/common/templates/lib/rbac/_subjects.tpl new file mode 100644 index 0000000..89af224 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/rbac/_subjects.tpl @@ -0,0 +1,17 @@ +{{/* Returns Subjects for rbac */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.rbac.subjects" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the RBAC. +*/}} +{{/* Parses service accounts, and checks if RBAC have selected any of them */}} +{{- define "tc.v1.common.lib.rbac.subjects" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- range $objectData.subjects }} +- kind: {{ tpl (required "RBAC - Expected non-empty [rbac.subjects.kind]" .kind) $rootCtx | quote }} + name: {{ tpl (required "RBAC - Expected non-empty [rbac.subjects.name]" .name) $rootCtx | quote }} + apiGroup: {{ tpl (required "RBAC - Expected non-empty [rbac.subjects.apiGroup]" .apiGroup) $rootCtx | quote }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/rbac/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/rbac/_validation.tpl new file mode 100644 index 0000000..81f7ca8 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/rbac/_validation.tpl @@ -0,0 +1,38 @@ +{{/* RBAC Primary Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.rbac.primaryValidation" $ -}} +*/}} + +{{- define "tc.v1.common.lib.rbac.primaryValidation" -}} + + {{/* Initialize values */}} + {{- $hasPrimary := false -}} + {{- $hasEnabled := false -}} + + {{- range $name, $rbac := .Values.rbac -}} + + {{/* If rbac is enabled */}} + {{- if $rbac.enabled -}} + {{- $hasEnabled = true -}} + + {{/* And rbac is primary */}} + {{- if and (hasKey $rbac "primary") ($rbac.primary) -}} + + {{/* Fail if there is already a primary rbac */}} + {{- if $hasPrimary -}} + {{- fail "RBAC - Only one rbac can be primary" -}} + {{- end -}} + + {{- $hasPrimary = true -}} + + {{- end -}} + + {{- end -}} + {{- end -}} + + {{/* Require at least one primary rbac, if any enabled */}} + {{- if and $hasEnabled (not $hasPrimary) -}} + {{- fail "RBAC - At least one enabled rbac must be primary" -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/secret/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/secret/_validation.tpl new file mode 100644 index 0000000..109093c --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/secret/_validation.tpl @@ -0,0 +1,31 @@ +{{/* Secret Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.secret.validation" (dict "objectData" $objectData) -}} +objectData: + labels: The labels of the secret. + annotations: The annotations of the secret. + data: The data of the secret. +*/}} + +{{- define "tc.v1.common.lib.secret.validation" -}} + {{- $objectData := .objectData -}} + + {{- if $objectData.stringData -}} + {{- fail "Secret - Key [stringData] is not supported" -}} + {{- end -}} + + {{- if ne $objectData.type "kubernetes.io/service-account-token" -}} + {{- if and (not $objectData.data) -}} + {{- fail "Secret - Expected non-empty [data]" -}} + {{- end -}} + + {{- if and $objectData.data (not (kindIs "map" $objectData.data)) -}} + {{- fail (printf "Secret - Expected [data] to be a dictionary, but got [%v]" (kindOf $objectData.data)) -}} + {{- end -}} + + {{- if and (hasKey $objectData "type") (not $objectData.type) -}} + {{- fail (printf "Secret - Expected non-empty [type] key") -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/_ports.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/_ports.tpl new file mode 100644 index 0000000..521a7fc --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/_ports.tpl @@ -0,0 +1,63 @@ +{{/* Service - Ports */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.service.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The object data of the service +*/}} + +{{- define "tc.v1.common.lib.service.ports" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $tcpProtocols := (list "tcp" "http" "https") -}} + {{- range $name, $portValues := $objectData.ports -}} + {{- if $portValues.enabled -}} + {{- $protocol := $rootCtx.Values.global.fallbackDefaults.serviceProtocol -}} {{/* Default to fallback protocol, if no protocol is defined */}} + {{- $port := $portValues.port -}} + {{- $targetPort := $portValues.targetPort -}} + {{- $nodePort := $portValues.nodePort -}} + + {{/* Expand port */}} + {{- if (kindIs "string" $port) -}} + {{- $port = (tpl $port $rootCtx) -}} + {{- end -}} + {{- $port = int $port -}} + + {{/* Expand targetPort */}} + {{- if (kindIs "string" $targetPort) -}} + {{- $targetPort = tpl $targetPort $rootCtx -}} + {{- end -}} + {{- $targetPort = int $targetPort -}} + + {{/* Expand nodePort */}} + {{- if (kindIs "string" $nodePort) -}} + {{- $nodePort = tpl $nodePort $rootCtx -}} + {{- end -}} + {{- $nodePort = int $nodePort -}} + + {{- with $portValues.protocol -}} + {{- $protocol = tpl . $rootCtx -}} + + {{- if mustHas $protocol $tcpProtocols -}} + {{- $protocol = "tcp" -}} + {{- end -}} + {{- end }} +- name: {{ $name }} + port: {{ $port }} + protocol: {{ $protocol | upper }} + targetPort: {{ $targetPort | default $port }} {{/* If no targetPort, default to port */}} + {{- if (eq $objectData.type "NodePort") -}} + {{- if not $nodePort -}} + {{- fail "Service - Expected non-empty [nodePort] on NodePort service type" -}} + {{- end -}} + + {{- $minNodePort := int $rootCtx.Values.global.minNodePort -}} + {{- if (lt $nodePort $minNodePort) -}} + {{- fail (printf "Service - Expected [nodePort] to be higher than [%v], but got [%v]" $minNodePort $nodePort) -}} + {{- end }} + nodePort: {{ $nodePort }} + {{- end -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/_validation.tpl new file mode 100644 index 0000000..10fcf36 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/_validation.tpl @@ -0,0 +1,161 @@ +{{/* Service Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.service.validation" (dict "objectData" $objectData) -}} +objectData: + rootCtx: The root context of the chart. + objectData: The service object. +*/}} + +{{- define "tc.v1.common.lib.service.validation" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if and $objectData.targetSelector (not (kindIs "string" $objectData.targetSelector)) -}} + {{- fail (printf "Service - Expected [targetSelector] to be [string], but got [%s]" (kindOf $objectData.targetSelector)) -}} + {{- end -}} + + {{- $svcTypes := (list "ClusterIP" "LoadBalancer" "NodePort" "ExternalName" "ExternalIP") -}} + {{- if and $objectData.type (not (mustHas $objectData.type $svcTypes)) -}} + {{- fail (printf "Service - Expected [type] to be one of [%s] but got [%s]" (join ", " $svcTypes) $objectData.type) -}} + {{- end -}} + + {{- $hasEnabledPort := false -}} + {{- if ne $objectData.type "ExternalName" -}} + {{- range $name, $port := $objectData.ports -}} + {{- $enabled := "false" -}} + + {{- if not (kindIs "invalid" $port.enabled) -}} + {{- $enabled = (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $rootCtx "objectData" $port + "name" $name "caller" "Service Validation Util" + "key" "port")) -}} + {{- end -}} + + {{- if eq $enabled "true" -}} + {{- $hasEnabledPort = true -}} + + {{- if and $port.targetSelector (not (kindIs "string" $port.targetSelector)) -}} + {{- fail (printf "Service - Expected [port.targetSelector] to be [string], but got [%s]" (kindOf $port.targetSelector)) -}} + {{- end -}} + + {{- if not $port.port -}} + {{- fail (printf "Service - Expected non-empty [port.port]") -}} + {{- end -}} + + {{- $protocolTypes := (list "tcp" "udp" "http" "https") -}} + {{- if $port.protocol -}} + {{- if not (mustHas (tpl $port.protocol $rootCtx) $protocolTypes) -}} + {{- fail (printf "Service - Expected [port.protocol] to be one of [%s] but got [%s]" (join ", " $protocolTypes) $port.protocol) -}} + {{- end -}} + {{- end -}} + + {{- end -}} + {{- end -}} + + {{- if not $hasEnabledPort -}} + {{- fail "Service - Expected enabled service to have at least one port" -}} + {{- end -}} + {{- end -}} + +{{- end -}} + +{{/* Service Primary Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.service.primaryValidation" $ -}} +*/}} + +{{- define "tc.v1.common.lib.service.primaryValidation" -}} + {{- $result := (include "tc.v1.common.lib.service.hasPrimary" $) | fromJson -}} + + {{/* Require at least one primary service, if any enabled */}} + {{- if and $result.hasEnabled (not $result.hasPrimary) -}} + {{- fail "Service - At least one enabled service must be primary" -}} + {{- end -}} + +{{- end -}} + +{{- define "tc.v1.common.lib.service.hasPrimary" -}} + {{- $objectData := .objectData -}} + + {{- $hasPrimary := false -}} + {{- $hasEnabled := false -}} + + {{- range $name, $service := $.Values.service -}} + {{- $enabled := "false" -}} + + {{- if not (kindIs "invalid" $service.enabled) -}} + {{- $enabled = (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $service + "name" $name "caller" "Service Validation Util" + "key" "service")) -}} + {{- end -}} + + {{- if eq $enabled "true" -}} + {{- $hasEnabled = true -}} + + {{/* And service is primary */}} + {{- if and (hasKey $service "primary") ($service.primary) -}} + {{/* Fail if there is already a primary service */}} + {{- if $hasPrimary -}} + {{- fail "Service - Only one service can be primary" -}} + {{- end -}} + + {{- $hasPrimary = true -}} + + {{- include "tc.v1.common.lib.servicePort.primaryValidation" (dict "objectData" $service.ports) -}} + + {{- end -}} + + {{- end -}} + {{- end -}} + + {{- (dict "hasPrimary" $hasPrimary "hasEnabled" $hasEnabled) | toJson -}} +{{- end -}} + + +{{/* Service Port Primary Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.service.primaryValidation" (dict "objectData" $objectData -}} +objectData: + The ports of the service. +*/}} +{{- define "tc.v1.common.lib.servicePort.primaryValidation" -}} + {{- $objectData := .objectData -}} + {{- $result := (include "tc.v1.common.lib.servicePort.hasPrimary" (dict "objectData" $objectData)) | fromJson -}} + + {{/* Require at least one primary service, if any enabled */}} + {{- if and $result.hasEnabled (not $result.hasPrimary) -}} + {{- fail "Service - At least one enabled port in service must be primary" -}} + {{- end -}} + +{{- end -}} + +{{- define "tc.v1.common.lib.servicePort.hasPrimary" -}} + {{- $objectData := .objectData -}} + + {{- $hasPrimary := false -}} + {{- $hasEnabled := false -}} + + {{- range $name, $port := $objectData -}} + + {{/* If service is enabled */}} + {{- if $port.enabled -}} + {{- $hasEnabled = true -}} + + {{/* And service is primary */}} + {{- if and (hasKey $port "primary") ($port.primary) -}} + + {{/* Fail if there is already a primary port */}} + {{- if $hasPrimary -}} + {{- fail "Service - Only one port per service can be primary" -}} + {{- end -}} + + {{- $hasPrimary = true -}} + + {{- end -}} + + {{- end -}} + {{- end -}} + + {{- (dict "hasPrimary" $hasPrimary "hasEnabled" $hasEnabled) | toJson -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/integrations/_cilium.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/integrations/_cilium.tpl new file mode 100644 index 0000000..bf373e4 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/integrations/_cilium.tpl @@ -0,0 +1,33 @@ +{{- define "tc.v1.common.lib.service.integration.cilium" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $_ := set $objectData "integrations" ($objectData.integrations | default dict) -}} + {{- $cilium := $objectData.integrations.cilium -}} + + {{- if $cilium.enabled -}} + {{- include "tc.v1.common.lib.service.integration.validate" (dict "objectData" $objectData "integration" $cilium) -}} + + {{- if and $cilium.sharedKey (ne $objectData.externalTrafficPolicy "Local") -}} + {{/* If externalTrafficPolicy is not set or is not Local, add the shared key as annotation */}} + {{- $_ := set $objectData.annotations "lbipam.cilium.io/sharing-key" $cilium.sharedKey -}} + {{- end -}} + + {{- $ips := list -}} + + {{/* Handle loadBalancerIP (single) */}} + {{- if $objectData.loadBalancerIP -}} + {{- $ips = mustAppend $ips (tpl $objectData.loadBalancerIP $rootCtx) -}} + {{- end -}} + + {{/* Handle loadBalancerIPs (multiple) */}} + {{- range $ip := $objectData.loadBalancerIPs -}} + {{- $ips = mustAppend $ips (tpl $ip $rootCtx) -}} + {{- end -}} + + {{- if $ips -}} + {{- $_ := set $objectData.annotations "lbipam.cilium.io/ips" (join "," $ips) -}} + {{- end -}} + + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/integrations/_metallb.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/integrations/_metallb.tpl new file mode 100644 index 0000000..8977694 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/integrations/_metallb.tpl @@ -0,0 +1,38 @@ +{{- define "tc.v1.common.lib.service.integration.metallb" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $_ := set $objectData "integrations" ($objectData.integrations | default dict) -}} + {{- $metallb := $objectData.integrations.metallb -}} + + {{- if $metallb.enabled -}} + {{- include "tc.v1.common.lib.service.integration.validate" (dict "objectData" $objectData "integration" $metallb) -}} + + {{ $sharedKey := (include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service")) }} + {{- if $metallb.sharedKey -}} + {{- $sharedKey = $metallb.sharedKey -}} + {{- end -}} + + {{/* If externalTrafficPolicy is not set or is not Local, add the shared key as annotation */}} + {{- if ne $objectData.externalTrafficPolicy "Local" -}} + {{- $_ := set $objectData.annotations "metallb.io/allow-shared-ip" $sharedKey -}} + {{- end -}} + + {{- $ips := list -}} + + {{/* Handle loadBalancerIP (single) */}} + {{- if $objectData.loadBalancerIP -}} + {{- $ips = mustAppend $ips (tpl $objectData.loadBalancerIP $rootCtx) -}} + {{- end -}} + + {{/* Handle loadBalancerIPs (multiple) */}} + {{- range $ip := $objectData.loadBalancerIPs -}} + {{- $ips = mustAppend $ips (tpl $ip $rootCtx) -}} + {{- end -}} + + {{- if $ips -}} + {{- $_ := set $objectData.annotations "metallb.io/loadBalancerIPs" (join "," $ips) -}} + {{- end -}} + + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/integrations/_traefik.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/integrations/_traefik.tpl new file mode 100644 index 0000000..e8b64b8 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/integrations/_traefik.tpl @@ -0,0 +1,12 @@ +{{- define "tc.v1.common.lib.service.integration.traefik" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $_ := set $objectData "integrations" ($objectData.integrations | default dict) -}} + {{- $traefik := $objectData.integrations.traefik -}} + + {{- if $traefik.enabled -}} + {{- $_ := set $objectData.annotations "traefik.ingress.kubernetes.io/service.serversscheme" "https" -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/integrations/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/integrations/_validation.tpl new file mode 100644 index 0000000..bf438c0 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/integrations/_validation.tpl @@ -0,0 +1,25 @@ +{{- define "tc.v1.common.lib.service.integration.validate" -}} + {{- $objectData := .objectData -}} + {{- $integration := .integration -}} + + {{- if and $integration.sharedKey (eq $objectData.externalTrafficPolicy "Local") -}} + {{- fail (printf "Service - [sharedKey], cannot both be used together with [externalTrafficPolicy] set to [Local]" ) -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.service.loadbalancer.validate" -}} + {{- $objectData := .objectData -}} + + {{- if and $objectData.loadBalancerIPs (not (kindIs "slice" $objectData.loadBalancerIPs)) -}} + {{- fail (printf "Service - Expected [loadBalancerIPs] to be a slice, but got [%s]" (kindOf $objectData.loadBalancerIPs)) -}} + {{- end -}} + + {{- if and $objectData.loadBalancerIP (not (kindIs "string" $objectData.loadBalancerIP)) -}} + {{- fail (printf "Service - Expected [loadBalancerIP] to be a string, but got [%s]" (kindOf $objectData.loadBalancerIP)) -}} + {{- end -}} + + {{- if and $objectData.loadBalancerIP $objectData.loadBalancerIPs -}} + {{- fail "Service - Expected one of [loadBalancerIP, loadBalancerIPs] to be defined but got both" -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_cluster_ip.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_cluster_ip.tpl new file mode 100644 index 0000000..97c8a37 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_cluster_ip.tpl @@ -0,0 +1,16 @@ +{{/* Service - clusterIP */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.service.clusterIP" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The service object data +*/}} + +{{- define "tc.v1.common.lib.service.clusterIP" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} + + {{- with $objectData.clusterIP }} +clusterIP: {{ tpl . $rootCtx }} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_externalIPs.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_externalIPs.tpl new file mode 100644 index 0000000..fd53714 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_externalIPs.tpl @@ -0,0 +1,17 @@ +{{/* Service - externalIPs */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.service.externalIPs" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The service object data +*/}} + +{{- define "tc.v1.common.lib.service.externalIPs" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- with $objectData.externalIPs -}} + {{- range . }} +- {{ tpl . $rootCtx }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_externalTrafficPolicy.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_externalTrafficPolicy.tpl new file mode 100644 index 0000000..23c2851 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_externalTrafficPolicy.tpl @@ -0,0 +1,22 @@ +{{/* Service - externalTrafficPolicy */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.service.externalTrafficPolicy" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The service object data +*/}} + +{{- define "tc.v1.common.lib.service.externalTrafficPolicy" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} + + {{- with $objectData.externalTrafficPolicy }} + {{- $policy := tpl . $rootCtx -}} + {{- $policies := (list "Cluster" "Local") -}} + + {{- if not (mustHas $policy $policies) -}} + {{- fail (printf "Service - Expected [externalTrafficPolicy] to be one of [%s], but got [%s]" (join ", " $policies) $policy) -}} + {{- end }} +externalTrafficPolicy: {{ $policy }} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_ipFamily.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_ipFamily.tpl new file mode 100644 index 0000000..61228af --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_ipFamily.tpl @@ -0,0 +1,38 @@ +{{/* Service - ipFamily */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.service.ipFamily" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The service object data +*/}} + +{{- define "tc.v1.common.lib.service.ipFamily" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- with $objectData.ipFamilyPolicy -}} + {{- $famPolicy := tpl . $rootCtx -}} + + {{- $stacks := (list "SingleStack" "PreferDualStack" "RequireDualStack") -}} + {{- if not (mustHas $famPolicy $stacks) -}} + {{- fail (printf "Service - Expected [ipFamilyPolicy] to be one of [%s], but got [%s]" (join ", " $stacks) $famPolicy) -}} + {{- end }} +ipFamilyPolicy: {{ $famPolicy }} + {{- end -}} + + {{- if and $objectData.ipFamilies (not (kindIs "slice" $objectData.ipFamilies)) -}} + {{- fail (printf "Service - Expected [ipFamilies] to be a list, but got a [%s]" (kindOf $objectData.ipFamilies)) -}} + {{- end -}} + + {{- with $objectData.ipFamilies }} +ipFamilies: + {{- range . }} + {{- $ipFam := tpl . $rootCtx -}} + + {{- $stacks := (list "IPv4" "IPv6") -}} + {{- if not (mustHas $ipFam $stacks) -}} + {{- fail (printf "Service - Expected [ipFamilies] to be one of [%s], but got [%s]" (join ", " $stacks) $ipFam) -}} + {{- end }} + - {{ $ipFam }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_publishNotReadyAddresses.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_publishNotReadyAddresses.tpl new file mode 100644 index 0000000..6f9626e --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_publishNotReadyAddresses.tpl @@ -0,0 +1,19 @@ +{{/* Service - publishNotReadyAddresses */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.service.publishNotReadyAddresses" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The service object data +*/}} + +{{- define "tc.v1.common.lib.service.publishNotReadyAddresses" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} + + {{- $publishAddr := false -}} + + {{- if (kindIs "bool" $objectData.publishNotReadyAddresses) -}} + {{- $publishAddr = $objectData.publishNotReadyAddresses -}} + {{- end -}} + + {{- $publishAddr -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_sessionAffinity.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_sessionAffinity.tpl new file mode 100644 index 0000000..a4a36b7 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeConfig/_sessionAffinity.tpl @@ -0,0 +1,42 @@ +{{/* Service - Session Affinity */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.service.sessionAffinity" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The service object data +*/}} + +{{- define "tc.v1.common.lib.service.sessionAffinity" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- with $objectData.sessionAffinity -}} + {{- $affinity := tpl . $rootCtx -}} + {{- $affinities := (list "ClientIP" "None") -}} + {{- if not (mustHas $affinity $affinities) -}} + {{- fail (printf "Service - Expected [sessionAffinity] to be one of [%s], but got [%s]" (join ", " $affinities) $affinity) -}} + {{- end }} +sessionAffinity: {{ $affinity }} + {{- if eq $affinity "ClientIP" -}} + {{- with $objectData.sessionAffinityConfig -}} + {{- with .clientIP -}} + + {{- $timeout := .timeoutSeconds -}} + {{- if kindIs "string" $timeout -}} + {{- $timeout = tpl $timeout $rootCtx -}} + {{- end -}} + + {{- $timeout = int $timeout -}} + {{- if and $timeout (mustHas (kindOf $timeout) (list "float64" "int64" "int")) -}} + {{- if or (lt $timeout 0) (gt $timeout 86400) -}} + {{- fail (printf "Service - Expected [sessionAffinityConfig.clientIP.timeoutSeconds] to be between [0 - 86400], but got [%v]" $timeout) -}} + {{- end }} +sessionAffinityConfig: + clientIP: + timeoutSeconds: {{ $timeout }} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeSpecs/_clusterIP.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeSpecs/_clusterIP.tpl new file mode 100644 index 0000000..9b45d4f --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeSpecs/_clusterIP.tpl @@ -0,0 +1,21 @@ +{{/* Service - ClusterIP Spec */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.service.spec.clusterIP" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The service object data +*/}} + +{{- define "tc.v1.common.lib.service.spec.clusterIP" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} + +type: ClusterIP +publishNotReadyAddresses: {{ include "tc.v1.common.lib.service.publishNotReadyAddresses" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim }} + {{- with (include "tc.v1.common.lib.service.externalIPs" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} +externalIPs: + {{- . | nindent 2 }} + {{- end -}} + {{- include "tc.v1.common.lib.service.sessionAffinity" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} + {{- include "tc.v1.common.lib.service.clusterIP" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} + {{- include "tc.v1.common.lib.service.ipFamily" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeSpecs/_externalIP.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeSpecs/_externalIP.tpl new file mode 100644 index 0000000..e43e446 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeSpecs/_externalIP.tpl @@ -0,0 +1,19 @@ +{{/* Service - ExternalIP Spec */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.service.spec.externalIP" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The service object data +*/}} + +{{- define "tc.v1.common.lib.service.spec.externalIP" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} + +publishNotReadyAddresses: {{ include "tc.v1.common.lib.service.publishNotReadyAddresses" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim }} + {{- with (include "tc.v1.common.lib.service.externalIPs" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} +externalIPs: + {{- . | nindent 2 }} + {{- end -}} + {{- include "tc.v1.common.lib.service.sessionAffinity" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} + {{- include "tc.v1.common.lib.service.externalTrafficPolicy" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeSpecs/_externalName.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeSpecs/_externalName.tpl new file mode 100644 index 0000000..730e8ed --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeSpecs/_externalName.tpl @@ -0,0 +1,26 @@ +{{/* Service - ExternalName Spec */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.service.spec.externalName" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The service object data +*/}} + +{{- define "tc.v1.common.lib.service.spec.externalName" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} + + {{- if not $objectData.externalName -}} + {{- fail "Service - Expected non-empty [externalName] on ExternalName service type." -}} + {{- end }} + +type: ExternalName +externalName: {{ tpl $objectData.externalName $rootCtx }} +publishNotReadyAddresses: {{ include "tc.v1.common.lib.service.publishNotReadyAddresses" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim }} + {{- with (include "tc.v1.common.lib.service.externalIPs" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} +externalIPs: + {{- . | nindent 2 }} + {{- end }} + {{- include "tc.v1.common.lib.service.sessionAffinity" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} + {{- include "tc.v1.common.lib.service.clusterIP" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} + {{- include "tc.v1.common.lib.service.externalTrafficPolicy" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeSpecs/_loadBalancer.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeSpecs/_loadBalancer.tpl new file mode 100644 index 0000000..780225d --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeSpecs/_loadBalancer.tpl @@ -0,0 +1,29 @@ +{{/* Service - LoadBalancer Spec */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.service.spec.loadBalancer" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The service object data +*/}} + +{{- define "tc.v1.common.lib.service.spec.loadBalancer" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} + +type: LoadBalancer +allocateLoadBalancerNodePorts: {{ $objectData.allocateLoadBalancerNodePorts | default false }} +publishNotReadyAddresses: {{ include "tc.v1.common.lib.service.publishNotReadyAddresses" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim }} + {{- with (include "tc.v1.common.lib.service.externalIPs" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} +externalIPs: + {{- . | nindent 2 }} + {{- end -}} + {{- with $objectData.loadBalancerSourceRanges }} +loadBalancerSourceRanges: + {{- range . }} + - {{ tpl . $rootCtx }} + {{- end -}} + {{- end -}} + {{- include "tc.v1.common.lib.service.clusterIP" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} + {{- include "tc.v1.common.lib.service.ipFamily" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} + {{- include "tc.v1.common.lib.service.externalTrafficPolicy" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} + {{- include "tc.v1.common.lib.service.sessionAffinity" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeSpecs/_nodePort.tpl b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeSpecs/_nodePort.tpl new file mode 100644 index 0000000..a6bb34f --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/service/serviceTypeSpecs/_nodePort.tpl @@ -0,0 +1,22 @@ +{{/* Service - NodePort Spec */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.service.spec.nodePort" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The service object data +*/}} + +{{- define "tc.v1.common.lib.service.spec.nodePort" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} + +type: NodePort +publishNotReadyAddresses: {{ include "tc.v1.common.lib.service.publishNotReadyAddresses" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim }} + {{- with (include "tc.v1.common.lib.service.externalIPs" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} +externalIPs: + {{- . | nindent 2 }} + {{- end -}} + {{- include "tc.v1.common.lib.service.sessionAffinity" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} + {{- include "tc.v1.common.lib.service.clusterIP" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} + {{- include "tc.v1.common.lib.service.ipFamily" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} + {{- include "tc.v1.common.lib.service.externalTrafficPolicy" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 0 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/serviceAccount/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/serviceAccount/_validation.tpl new file mode 100644 index 0000000..6c82b2c --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/serviceAccount/_validation.tpl @@ -0,0 +1,38 @@ +{{/* Service Account Primary Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.serviceAccount.primaryValidation" $ -}} +*/}} + +{{- define "tc.v1.common.lib.serviceAccount.primaryValidation" -}} + + {{/* Initialize values */}} + {{- $hasPrimary := false -}} + {{- $hasEnabled := false -}} + + {{- range $name, $serviceAccount := .Values.serviceAccount -}} + + {{/* If service account is enabled */}} + {{- if $serviceAccount.enabled -}} + {{- $hasEnabled = true -}} + + {{/* And service account is primary */}} + {{- if and (hasKey $serviceAccount "primary") ($serviceAccount.primary) -}} + + {{/* Fail if there is already a primary service account */}} + {{- if $hasPrimary -}} + {{- fail "Service Account - Only one service account can be primary" -}} + {{- end -}} + + {{- $hasPrimary = true -}} + + {{- end -}} + + {{- end -}} + {{- end -}} + + {{/* Require at least one primary service account, if any enabled */}} + {{- if and $hasEnabled (not $hasPrimary) -}} + {{- fail "Service Account - At least one enabled service account must be primary" -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/storage/_accessModes.tpl b/charts/baikal/baikal/charts/common/templates/lib/storage/_accessModes.tpl new file mode 100644 index 0000000..eb4be8b --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/storage/_accessModes.tpl @@ -0,0 +1,32 @@ +{{/* PVC - Access Modes */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.pvc.accessModes" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The object data of the pvc +*/}} + +{{- define "tc.v1.common.lib.pvc.accessModes" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $caller := .caller -}} + + {{- $accessModes := $objectData.accessModes -}} + + {{- if kindIs "string" $accessModes -}} + {{- $accessModes = (list $accessModes) -}} + {{- end -}} + + {{- if not $accessModes -}} + {{- $accessModes = $rootCtx.Values.global.fallbackDefaults.accessModes -}} + {{- end -}} + + {{- $validAccessModes := (list "ReadWriteOnce" "ReadOnlyMany" "ReadWriteMany" "ReadWriteOncePod") -}} + + {{- range $accessModes -}} + {{- $mode := tpl . $rootCtx -}} + {{- if not (mustHas $mode $validAccessModes) -}} + {{- fail (printf "%s - Expected [accessModes] entry to be one of [%s], but got [%s]" $caller (join ", " $validAccessModes) $mode) -}} + {{- end }} +- {{ $mode }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/storage/_iscsiChap.tpl b/charts/baikal/baikal/charts/common/templates/lib/storage/_iscsiChap.tpl new file mode 100644 index 0000000..166bd45 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/storage/_iscsiChap.tpl @@ -0,0 +1,43 @@ +{{- define "tc.v1.common.lib.storage.iscsi.chap" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $data := dict -}} + + {{- if $objectData.iscsi.authSession -}} + {{- with $objectData.iscsi.authSession.username -}} + {{- $_ := set $data "node.session.auth.username" (tpl . $rootCtx) -}} + {{- end -}} + + {{- with $objectData.iscsi.authSession.password -}} + {{- $_ := set $data "node.session.auth.password" (tpl . $rootCtx) -}} + {{- end -}} + + {{- with $objectData.iscsi.authSession.usernameInitiator -}} + {{- $_ := set $data "node.session.auth.username_in" (tpl . $rootCtx) -}} + {{- end -}} + + {{- with $objectData.iscsi.authSession.passwordInitiator -}} + {{- $_ := set $data "node.session.auth.password_in" (tpl . $rootCtx) -}} + {{- end -}} + {{- end -}} + + {{- if $objectData.iscsi.authDiscovery -}} + {{- with $objectData.iscsi.authDiscovery.username -}} + {{- $_ := set $data "discovery.sendtargets.auth.username" (tpl . $rootCtx) -}} + {{- end -}} + + {{- with $objectData.iscsi.authDiscovery.password -}} + {{- $_ := set $data "discovery.sendtargets.auth.password" (tpl . $rootCtx) -}} + {{- end -}} + + {{- with $objectData.iscsi.authDiscovery.usernameInitiator -}} + {{- $_ := set $data "discovery.sendtargets.auth.username_in" (tpl . $rootCtx) -}} + {{- end -}} + + {{- with $objectData.iscsi.authDiscovery.passwordInitiator -}} + {{- $_ := set $data "discovery.sendtargets.auth.password_in" (tpl . $rootCtx) -}} + {{- end -}} + {{- end -}} + + {{- $data | toJson -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/storage/_nfsCSI.tpl b/charts/baikal/baikal/charts/common/templates/lib/storage/_nfsCSI.tpl new file mode 100644 index 0000000..f3f9c01 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/storage/_nfsCSI.tpl @@ -0,0 +1,21 @@ +{{/* NFS CSI */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.storage.nfsCSI" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + driver: The name of the driver. + server: The server address. + share: The share to the NFS share. +*/}} +{{- define "tc.v1.common.lib.storage.nfsCSI" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} +csi: + driver: {{ $objectData.static.driver }} + {{- /* Create a unique handle, server/share#release-app-volumeName */}} + volumeHandle: {{ printf "%s%s#%s" $objectData.static.server $objectData.static.share $objectData.name }} + volumeAttributes: + server: {{ tpl $objectData.static.server $rootCtx }} + share: {{ tpl $objectData.static.share $rootCtx }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/storage/_smbCSI.tpl b/charts/baikal/baikal/charts/common/templates/lib/storage/_smbCSI.tpl new file mode 100644 index 0000000..522ead3 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/storage/_smbCSI.tpl @@ -0,0 +1,23 @@ +{{/* SMB CSI */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.storage.smbCSI" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + driver: The name of the driver. + server: The server address. + share: The share to the SMB share. +*/}} +{{- define "tc.v1.common.lib.storage.smbCSI" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} +csi: + driver: {{ $objectData.static.driver }} + {{- /* Create a unique handle, server/share#release-app-volumeName */}} + volumeHandle: {{ printf "%s/%s#%s" $objectData.static.server $objectData.static.share $objectData.name }} + volumeAttributes: + source: {{ printf "//%v/%v" (tpl $objectData.static.server $rootCtx) (tpl $objectData.static.share $rootCtx) }} + nodeStageSecretRef: + name: {{ $objectData.name }} + namespace: {{ $rootCtx.Release.Namespace }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/storage/_storageClassName.tpl b/charts/baikal/baikal/charts/common/templates/lib/storage/_storageClassName.tpl new file mode 100644 index 0000000..237b909 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/storage/_storageClassName.tpl @@ -0,0 +1,39 @@ +{{/* PVC - Storage Class Name */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.storage.storageClassName" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: The object data of the pvc +*/}} +{{- define "tc.v1.common.lib.storage.storageClassName" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $caller := .caller -}} + + {{/* + If storageClass is defined on the objectData: + * "-" returns "", which means requesting a PV without class + * Else return the original defined storageClass + + Else if there is a storageClass defined in Values.global.fallbackDefaults.storageClass, return this + + In any other case, return nothing + */}} + + {{- $className := "" -}} + {{- if $objectData.storageClass -}} + {{- $storageClass := (tpl $objectData.storageClass $rootCtx) -}} + + {{- if eq "-" $storageClass -}} + {{- $className = "\"\"" -}} + {{- else -}} + {{- $className = tpl $storageClass $rootCtx -}} + {{- end -}} + + {{- else if $rootCtx.Values.global.fallbackDefaults.storageClass -}} + + {{- $className = tpl $rootCtx.Values.global.fallbackDefaults.storageClass $rootCtx -}} + + {{- end -}} + + {{- $className -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/storage/_storageClassValidation.tpl b/charts/baikal/baikal/charts/common/templates/lib/storage/_storageClassValidation.tpl new file mode 100644 index 0000000..5ddfc2c --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/storage/_storageClassValidation.tpl @@ -0,0 +1,28 @@ +{{- define "tc.v1.common.lib.storageclass.validation" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.provisioner -}} + {{- fail "Storage Class - Expected non-empty [provisioner]" -}} + {{- end -}} + + {{- if (hasKey $objectData "isDefault") -}} + {{- if not (kindIs "bool" $objectData.isDefault) -}} + {{- fail (printf "Storage Class - Expected [isDefault] to be [boolean], but got [%s]" (kindOf $objectData.isDefault)) -}} + {{- end -}} + {{- end -}} + + {{- $validPolicies := (list "Retain" "Delete") -}} + {{- if $objectData.reclaimPolicy -}} + {{- if not (mustHas $objectData.reclaimPolicy $validPolicies) -}} + {{- fail (printf "Storage Class - Expected [reclaimPolicy] to be one of [%s], but got [%s]" (join ", " $validPolicies) $objectData.reclaimPolicy) -}} + {{- end -}} + {{- end -}} + + {{- $validBindModes := (list "WaitForFirstConsumer" "Immediate") -}} + {{- if $objectData.volumeBindingMode -}} + {{- if not (mustHas $objectData.volumeBindingMode $validBindModes) -}} + {{- fail (printf "Storage Class - Expected [volumeBindingMode] to be one of [%s], but got [%s]" (join ", " $validBindModes) $objectData.volumeBindingMode) -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/storage/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/storage/_validation.tpl new file mode 100644 index 0000000..8c8276a --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/storage/_validation.tpl @@ -0,0 +1,44 @@ +{{/* Persistence Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.persistence.validation" (dict "objectData" $objectData) -}} +objectData: + rootCtx: The root context of the chart. + objectData: The persistence object. +*/}} + +{{- define "tc.v1.common.lib.persistence.validation" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $types := (list "pvc" "vct" "emptyDir" "nfs" "iscsi" "hostPath" "secret" "configmap" "device" "projected") -}} + {{- if not (mustHas $objectData.type $types) -}} + {{- fail (printf "Persistence - Expected [type] to be one of [%s], but got [%s]" (join ", " $types) $objectData.type) -}} + {{- end -}} + + {{- if and $objectData.static $objectData.static.mode -}} + {{- $validModes := (list "disabled" "smb" "nfs" "custom") -}} + {{- if not (mustHas $objectData.static.mode $validModes) -}} + {{- fail (printf "Persistence - Expected [static.mode] to be one of [%s], but got [%s]" (join ", " $validModes) $objectData.static.mode) -}} + {{- end -}} + {{- end -}} + + {{- if $objectData.dataSource -}} + {{- if not $objectData.dataSource.name -}} + {{- fail "Persistence - Expected [dataSource.name] to be non-empty" -}} + {{- end -}} + + {{- if not $objectData.dataSource.kind -}} + {{- fail "Persistence - Expected [dataSource.kind] to be non-empty" -}} + {{- end -}} + + {{- $validKinds := (list "VolumeSnapshot" "PersistentVolumeClaim") -}} + {{- if not (mustHas $objectData.dataSource.kind $validKinds) -}} + {{- fail (printf "Persistence - Expected [dataSource.kind] to be one of [%s], but got [%s]" (join ", " $validKinds) $objectData.dataSource.kind) -}} + {{- end -}} + {{- end -}} + + {{- if and $objectData.targetSelector (not (kindIs "map" $objectData.targetSelector)) -}} + {{- fail (printf "Persistence - Expected [targetSelector] to be [dict], but got [%s]" (kindOf $objectData.targetSelector)) -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/storage/_validationCsiNFS.tpl b/charts/baikal/baikal/charts/common/templates/lib/storage/_validationCsiNFS.tpl new file mode 100644 index 0000000..46f9e1e --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/storage/_validationCsiNFS.tpl @@ -0,0 +1,44 @@ +{{/* Validate NFS CSI */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.storage.nfsCSI.validation" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + driver: The name of the driver. + mountOptions: The mount options. + server: The server address. + share: The share to the NFS share. +*/}} +{{- define "tc.v1.common.lib.storage.nfsCSI.validation" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $required := (list "server" "share") -}} + {{- range $item := $required -}} + {{- if not (get $objectData.static $item) -}} + {{- fail (printf "NFS CSI - Expected [%v] to be non-empty" $item) -}} + {{- end -}} + {{- end -}} + + {{- if not (hasPrefix "/" $objectData.static.share) -}} + {{- fail "NFS CSI - Expected [share] to start with [/]" -}} + {{- end -}} + + {{/* TODO: Allow only specific opts / set specific opts by default? + {{- $validOpts := list -}} */}} + {{- range $opt := $objectData.mountOptions -}} + {{- if not (kindIs "map" $opt) -}} + {{- fail (printf "NFS CSI - Expected [mountOption] item to be a dict, but got [%s]" (kindOf $opt)) -}} + {{- end -}} + {{- if not $opt.key -}} + {{- fail "NFS CSI - Expected key in [mountOptions] to be non-empty" -}} + {{- end -}} + + {{/* + {{- $key := tpl $opt.key $rootCtx -}} + {{- if not (mustHas $key $validOpts) -}} + {{- fail (printf "NFS CSI - Expected [mountOptions] to be one of [%v], but got [%v]" (join ", " $validOpts) $opt) -}} + {{- end -}} + */}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/storage/_validationCsiSMB.tpl b/charts/baikal/baikal/charts/common/templates/lib/storage/_validationCsiSMB.tpl new file mode 100644 index 0000000..48298fd --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/storage/_validationCsiSMB.tpl @@ -0,0 +1,48 @@ +{{/* Validate SMB CSI */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.storage.smbCSI.validation" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + driver: The name of the driver. + mountOptions: The mount options. + server: The server address. + share: The share to the SMB share. +*/}} +{{- define "tc.v1.common.lib.storage.smbCSI.validation" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $required := (list "server" "share" "username" "password") -}} + {{- range $item := $required -}} + {{- if not (get $objectData.static $item) -}} + {{- fail (printf "SMB CSI - Expected [%v] to be non-empty" $item) -}} + {{- end -}} + {{- end -}} + + {{- if hasPrefix "//" $objectData.static.server -}} + {{- fail "SMB CSI - Did not expect [server] to start with [//]" -}} + {{- end -}} + + {{- if hasPrefix "/" $objectData.static.share -}} + {{- fail "SMB CSI - Did not expect [share] to start with [/]" -}} + {{- end -}} + + {{/* TODO: Allow only specific opts? / set specific opts by default? + {{- $validOpts := list -}} */}} + {{- range $opt := $objectData.mountOptions -}} + {{- if not (kindIs "map" $opt) -}} + {{- fail (printf "SMB CSI - Expected [mountOption] item to be a dict, but got [%s]" (kindOf $opt)) -}} + {{- end -}} + {{- if not $opt.key -}} + {{- fail "SMB CSI - Expected key in [mountOptions] to be non-empty" -}} + {{- end -}} + + {{/* + {{- $key := tpl $opt.key $rootCtx -}} + {{- if not (mustHas $key $validOpts) -}} + {{- fail (printf "SMB CSI - Expected [mountOptions] to be one of [%v], but got [%v]" (join ", " $validOpts) $opt) -}} + {{- end -}} + */}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/storage/_validationVolumeSnapshot.tpl b/charts/baikal/baikal/charts/common/templates/lib/storage/_validationVolumeSnapshot.tpl new file mode 100644 index 0000000..dc6e3fd --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/storage/_validationVolumeSnapshot.tpl @@ -0,0 +1,29 @@ +{{/* volumeSnapshot Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.volumesnapshot.validation" (dict "objectData" $objectData) -}} +objectData: + rootCtx: The root context of the chart. + objectData: The volumesnapshot object. +*/}} + +{{- define "tc.v1.common.lib.volumesnapshot.validation" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.source -}} + {{- fail "Volume Snapshot - Expected non empty [source]" -}} + {{- end -}} + + {{- $sourceTypes := (list "volumeSnapshotContentName" "persistentVolumeClaimName") -}} + {{- $sourceCount := 0 -}} + {{- range $t := $sourceTypes -}} + {{- if (get $objectData.source $t) -}} + {{- $sourceCount = add1 $sourceCount -}} + {{- end -}} + {{- end -}} + + {{- if ne $sourceCount 1 -}} + {{- fail (printf "Volume Snapshot - Expected exactly one of the valid source types [%s]. Found [%d]" (join ", " $sourceTypes) $sourceCount) -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/storage/_validationVolumeSnapshotClass.tpl b/charts/baikal/baikal/charts/common/templates/lib/storage/_validationVolumeSnapshotClass.tpl new file mode 100644 index 0000000..ea804b0 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/storage/_validationVolumeSnapshotClass.tpl @@ -0,0 +1,15 @@ +{{- define "tc.v1.common.lib.volumesnapshotclass.validation" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $validPolicies := (list "Retain" "Delete") -}} + {{- if $objectData.deletionPolicy -}} + {{- if not (mustHas $objectData.deletionPolicy $validPolicies) -}} + {{- fail (printf "Volume Snapshot Class - Expected [deletionPolicy] to be one of [%s], but got [%s]" (join ", " $validPolicies) $objectData.deletionPolicy) -}} + {{- end -}} + {{- end -}} + + {{- if not $objectData.driver -}} + {{- fail "Volume Snapshot Class - Expected non empty [driver]" -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/storage/_volumeClaimTemplates.tpl b/charts/baikal/baikal/charts/common/templates/lib/storage/_volumeClaimTemplates.tpl new file mode 100644 index 0000000..52fe6e4 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/storage/_volumeClaimTemplates.tpl @@ -0,0 +1,70 @@ +{{/* Returns Volume Claim Templates */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.storage.volumeClaimTemplates" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.storage.volumeClaimTemplates" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- range $name, $vctValues := $rootCtx.Values.persistence -}} + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $rootCtx "objectData" $vctValues + "name" $name "caller" "Volume Claim Templates" + "key" "persistence")) -}} + + {{- if and (eq $enabled "true") (eq $vctValues.type "vct") -}} + {{- $vct := (mustDeepCopy $vctValues) -}} + + {{- $selected := false -}} + {{- $_ := set $vct "shortName" $name -}} + + {{- include "tc.v1.common.lib.persistence.validation" (dict "objectData" $vct) -}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $vct.shortName) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $vct "caller" "Volume Claim Templates") -}} + + {{/* If targetSelector is set, check if pod is selected */}} + {{- if $vct.targetSelector -}} + {{- if (mustHas $objectData.shortName (keys $vct.targetSelector)) -}} + {{- $selected = true -}} + {{- end -}} + + {{/* If no targetSelector is set or targetSelectAll, check if pod is primary */}} + {{- else -}} + {{- if $objectData.primary -}} + {{- $selected = true -}} + {{- end -}} + {{- end -}} + + {{/* If pod selected */}} + {{- if $selected -}} + {{- $vctSize := $rootCtx.Values.global.fallbackDefaults.vctSize -}} + {{- with $vct.size -}} + {{- $vctSize = tpl . $rootCtx -}} + {{- end -}} + {{- $_ := set $vct "size" $vctSize -}} + + {{- $vctAccessModes := $rootCtx.Values.global.fallbackDefaults.vctAccessModes -}} + {{- with $vct.accessModes -}} + {{- $vctAccessModes = . -}} + {{- end -}} + {{- $_ := set $vct "accessModes" $vctAccessModes }} +- metadata: + name: {{ include "tc.v1.common.lib.storage.pvc.name" (dict "rootCtx" $rootCtx "objectName" $vct.shortName "objectData" $vct) }} + {{- $labels := $vct.labels | default dict -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 6 }} + {{- end -}} + {{- $annotations := $vct.annotations | default dict -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 6 }} + {{- end }} + spec: + {{- include "tc.v1.common.lib.storage.pvc.spec" (dict "rootCtx" $rootCtx "objectData" $vct) | trim | nindent 4 }} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/storage/pvc/_name.tpl b/charts/baikal/baikal/charts/common/templates/lib/storage/pvc/_name.tpl new file mode 100644 index 0000000..97f3d74 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/storage/pvc/_name.tpl @@ -0,0 +1,51 @@ +{{/* Returns Persitent Volume Claim name*/}} +{{/* Call this template: +{{ include "tc.v1.common.lib.storage.pvc.name" (dict "rootCtx" $ "objectName" $objectName "objectData" $objectData) }} +objectName: the base name of the object without any alteration or sanitation +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.storage.pvc.name" -}} +{{- $rootCtx := .rootCtx -}} +{{- $objectName := .objectName -}} +{{- $objectData := .objectData -}} +{{- $hashValues := "" -}} + + {{- $renderedName := (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $objectName) -}} + {{/* Perform validations */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $renderedName) -}} + + {{- $modes := (list "smb" "nfs") -}} + {{- if $objectData.static -}} + {{- if and $objectData.static.mode (mustHas $objectData.static.mode $modes) -}} + + {{- $size := $objectData.size | default $rootCtx.Values.global.fallbackDefaults.pvcSize -}} + + {{/* Create a unique name taking into account server and share, + without this, changing one of those values is not possible */}} + + {{- $hashValues = (printf "%s-%s-%s" $size $objectData.static.server $objectData.static.share) -}} + {{- if $objectData.domain -}} + {{- $hashValues = (printf "%s-%s" $hashValues $objectData.domain) -}} + {{- end -}} + + {{- else if eq $objectData.static.mode "custom" -}} + {{- $hashValues = (printf "%s-%v" $size $objectData.csi) -}} + {{- end -}} + {{- end -}} + + {{/* Create a hash from the dataSource settings to ensure a new PVC is created when a dataSource is set*/}} + {{- if $objectData.dataSource -}} + {{- $hashValues = (printf "%s-%s-%s" $hashValues $objectData.dataSource.kind $objectData.dataSource.name) -}} + {{- end -}} + + {{- $objectName = $renderedName -}} + {{- if $hashValues -}} + {{- $hash := adler32sum $hashValues -}} + {{- $objectName = (printf "%s-%v" $renderedName $hash) -}} + {{- end -}} + + {{/* Return the new objectName */}} + {{- $objectName -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/storage/pvc/_spec.tpl b/charts/baikal/baikal/charts/common/templates/lib/storage/pvc/_spec.tpl new file mode 100644 index 0000000..e60efcf --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/storage/pvc/_spec.tpl @@ -0,0 +1,45 @@ +{{/* Returns Persitant Volume Claim Spec*/}} +{{/* Call this template: +{{ include "tc.v1.common.lib.storage.pvc.spec" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.storage.pvc.spec" -}} +{{- $rootCtx := .rootCtx -}} +{{- $objectData := .objectData -}} + +{{- $size := $rootCtx.Values.global.fallbackDefaults.pvcSize -}} +{{- with $objectData.size -}} + {{- $size = tpl . $rootCtx -}} +{{- end }} + +accessModes: + {{- include "tc.v1.common.lib.pvc.accessModes" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "PVC") | trim | nindent 2 }} +resources: + requests: + storage: {{ $size }} + {{- with $objectData.volumeName }} +volumeName: {{ tpl . $rootCtx }} + {{- end -}} + {{- with (include "tc.v1.common.lib.storage.storageClassName" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "PVC") | trim) }} +storageClassName: {{ . }} + {{- end -}} + {{- with $objectData.dataSource -}} + {{- $sourceName := .name -}} + {{- if eq .kind "PersistentVolumeClaim" -}} + {{- with get $rootCtx.persistence $sourceName -}} + {{- $sourceName := (include "tc.v1.common.lib.storage.pvc.name" (dict "rootCtx" $rootCtx "objectName" $sourceName "objectData" .)) -}} + {{- end -}} + {{- end }} +dataSource: + kind: {{ .kind }} + name: {{ $sourceName }} + {{- end -}} + +{{- with $objectData.dataSourceRef }} +dataSourceRef: + kind: {{ .kind }} + name: {{ .name }} + apiGroup: {{ .apiGroup }} +{{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/_middlewares.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/_middlewares.tpl new file mode 100644 index 0000000..d9479d4 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/_middlewares.tpl @@ -0,0 +1,58 @@ +{{- define "tc.v1.common.lib.traefik.middlewares.map" -}} + {{- $typeClassMap := dict + "add-prefix" "tc.v1.common.class.traefik.middleware.addPrefix" + "basic-auth" "tc.v1.common.class.traefik.middleware.basicAuth" + "buffering" "tc.v1.common.class.traefik.middleware.buffering" + "chain" "tc.v1.common.class.traefik.middleware.chain" + "compress" "tc.v1.common.class.traefik.middleware.compress" + "content-type" "tc.v1.common.class.traefik.middleware.contentType" + "forward-auth" "tc.v1.common.class.traefik.middleware.forwardAuth" + "headers" "tc.v1.common.class.traefik.middleware.headers" + "ip-allow-list" "tc.v1.common.class.traefik.middleware.ipAllowList" + "rate-limit" "tc.v1.common.class.traefik.middleware.rateLimit" + "redirect-regex" "tc.v1.common.class.traefik.middleware.redirectRegex" + "redirect-scheme" "tc.v1.common.class.traefik.middleware.redirectScheme" + "replace-path" "tc.v1.common.class.traefik.middleware.replacePath" + "replace-path-regex" "tc.v1.common.class.traefik.middleware.replacePathRegex" + "retry" "tc.v1.common.class.traefik.middleware.retry" + "strip-prefix" "tc.v1.common.class.traefik.middleware.stripPrefix" + "strip-prefix-regex" "tc.v1.common.class.traefik.middleware.stripPrefixRegex" + + "plugin-bouncer" "tc.v1.common.class.traefik.middleware.pluginBouncer" + "plugin-geoblock" "tc.v1.common.class.traefik.middleware.pluginGeoblock" + "plugin-mod-security" "tc.v1.common.class.traefik.middleware.pluginModSecurity" + "plugin-real-ip" "tc.v1.common.class.traefik.middleware.pluginRealIP" + "plugin-rewrite-response-headers" "tc.v1.common.class.traefik.middleware.pluginRewriteResponseHeaders" + "plugin-theme-park" "tc.v1.common.class.traefik.middleware.pluginThemePark" + -}} + + {{- $typeClassMap | toJson -}} +{{- end -}} + +{{/* Only render if its not and has a value of 0 or greater */}} +{{- define "tc.v1.common.class.traefik.middleware.helper.int" -}} + {{- $key := .key -}} + {{- $value := .value -}} + + {{- if and (not (kindIs "invalid" $value)) (ge ($value | int) 0) -}} + {{- $key }}: {{ $value }} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.class.traefik.middleware.helper.bool" -}} + {{- $key := .key -}} + {{- $value := .value | toString -}} + + {{- if or (eq $value "true") (eq $value "false") -}} + {{- $key }}: {{ $value }} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.class.traefik.middleware.helper.string" -}} + {{- $key := .key -}} + {{- $value := .value | toString -}} + + {{- if and $value (ne $value "") -}} + {{- $key }}: {{ $value | quote }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/_validation.tpl new file mode 100644 index 0000000..0442663 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/_validation.tpl @@ -0,0 +1,23 @@ +{{/* Middleware Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.traefik.middleware.validation" (dict "objectData" $objectData) -}} +objectData: + labels: The labels of the middleware. + annotations: The annotations of the middleware. + data: The data of the middleware. +*/}} + +{{- define "tc.v1.common.lib.traefik.middleware.validation" -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.type -}} + {{- fail "Middleware - Expected [type] to be set" -}} + {{- end -}} + + {{- if $objectData.data -}} + {{- if not (kindIs "map" $objectData.data) -}} + {{- fail (printf "Middleware - Expected [data] to be a dictionary, but got [%v]" (kindOf $objectData.data)) -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_addPrefix.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_addPrefix.tpl new file mode 100644 index 0000000..61e8480 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_addPrefix.tpl @@ -0,0 +1,12 @@ +{{- define "tc.v1.common.class.traefik.middleware.addPrefix" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{- if not $mw.prefix -}} + {{- fail "Middleware (add-prefix) - Expected [prefix] to be set" -}} + {{- end }} + addPrefix: + prefix: {{ $mw.prefix }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_basicAuth.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_basicAuth.tpl new file mode 100644 index 0000000..a9352df --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_basicAuth.tpl @@ -0,0 +1,35 @@ +{{- define "tc.v1.common.class.traefik.middleware.basicAuth" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}} + {{- $mw := $objectData.data -}} + + {{- $secret := $mw.secret | default "" -}} + {{- $users := list -}} + {{- $secretData := dict -}} + + {{- if and $mw.users $mw.secret -}} + {{- fail "Middleware (basic-auth) - Expected either [users] or [secret] to be set, but not both" -}} + {{- end -}} + {{- if and (not $mw.users) (not $mw.secret) -}} + {{- fail "Middleware (basic-auth) - Expected at least one of [users] or [secret] to be set" -}} + {{- end -}} + + {{- if $mw.users -}} + {{- $secret = $objectData.name -}} + {{- range $userData := $mw.users -}} + {{- $users = append $users (htpasswd $userData.username $userData.password) -}} + {{- end -}} + {{- $secretData = (dict + "name" $objectData.name + "labels" ($objectData.labels | default dict) + "annotations" ($objectData.annotations | default dict) + "data" (dict "users" ($users | join "\n"))) -}} + {{- end }} + basicAuth: + secret: {{ $secret }} +{{- if $secretData -}} + {{- include "tc.v1.common.class.secret" (dict "rootCtx" $rootCtx "objectData" $secretData) -}} +{{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_buffering.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_buffering.tpl new file mode 100644 index 0000000..b56fbf3 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_buffering.tpl @@ -0,0 +1,12 @@ +{{- define "tc.v1.common.class.traefik.middleware.buffering" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data }} + buffering: + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "maxRequestBodyBytes" "value" $mw.maxRequestBodyBytes) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "memRequestBodyBytes" "value" $mw.memRequestBodyBytes) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "maxResponseBodyBytes" "value" $mw.maxResponseBodyBytes) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "memResponseBodyBytes" "value" $mw.memResponseBodyBytes) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "retryExpression" "value" $mw.retryExpression) | nindent 4 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_chain.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_chain.tpl new file mode 100644 index 0000000..a916691 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_chain.tpl @@ -0,0 +1,25 @@ +{{- define "tc.v1.common.class.traefik.middleware.chain" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.middlewares -}} + {{- fail "Middleware (chain) - Expected [middlewares] to be set" -}} + {{- end }} + chain: + middlewares: + {{- range $m := $mw.middlewares -}} + {{- $objectName := $m.name -}} + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $m "key" "middlewares" + "name" $objectName "caller" "Middleware (chain)" + )) -}} + + {{- if eq $expandName "true" -}} + {{- $objectName = (printf "%s-%s" $fullname $objectName) -}} + {{- end }} + - name: {{ $objectName }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_compress.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_compress.tpl new file mode 100644 index 0000000..b908b83 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_compress.tpl @@ -0,0 +1,7 @@ +{{- define "tc.v1.common.class.traefik.middleware.compress" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data }} + compress: {} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_contentType.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_contentType.tpl new file mode 100644 index 0000000..da994bc --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_contentType.tpl @@ -0,0 +1,7 @@ +{{- define "tc.v1.common.class.traefik.middleware.contentType" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data }} + contentType: {} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_forwardAuth.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_forwardAuth.tpl new file mode 100644 index 0000000..1c79728 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_forwardAuth.tpl @@ -0,0 +1,58 @@ +{{- define "tc.v1.common.class.traefik.middleware.forwardAuth" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{- if hasKey $mw "trustForwardHeader" -}} + {{- if not (kindIs "bool" $mw.trustForwardHeader) -}} + {{- fail (printf "Middleware (forward-auth) - Expected [trustForwardHeader] to be a boolean, but got [%s]" (kindOf $mw.trustForwardHeader)) -}} + {{- end -}} + {{- end -}} + + {{- if and $mw.tls (hasKey $mw.tls "insecureSkipVerify") -}} + {{- if not (kindIs "bool" $mw.tls.insecureSkipVerify) -}} + {{- fail (printf "Middleware (forward-auth) - Expected [tls.insecureSkipVerify] to be a boolean, but got [%s]" (kindOf $mw.tls.insecureSkipVerify)) -}} + {{- end -}} + {{- end -}} + + {{- if $mw.authResponseHeaders -}} + {{- if not (kindIs "slice" $mw.authResponseHeaders) -}} + {{- fail (printf "Middleware (forward-auth) - Expected [authResponseHeaders] to be a list, but got [%s]" (kindOf $mw.authResponseHeaders)) -}} + {{- end -}} + {{- end -}} + + {{- with $mw.authRequestHeaders -}} + {{- if not (kindIs "slice" $mw.authRequestHeaders) -}} + {{- fail (printf "Middleware (forward-auth) - Expected [authRequestHeaders] to be a list, but got [%s]" (kindOf $mw.authRequestHeaders)) -}} + {{- end -}} + {{- end -}} + + {{- if not $mw.address -}} + {{- fail "Middleware (forward-auth) - Expected [address] to be set" -}} + {{- end }} + forwardAuth: + address: {{ $mw.address }} + trustForwardHeader: {{ $mw.trustForwardHeader }} + + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "authResponseHeadersRegex" "value" $mw.authResponseHeadersRegex) | nindent 4 }} + + {{- if $mw.authResponseHeaders }} + authResponseHeaders: + {{- range $mw.authResponseHeaders }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.authRequestHeaders }} + authRequestHeaders: + {{- range $mw.authRequestHeaders }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.tls }} + tls: + insecureSkipVerify: {{ $mw.tls.insecureSkipVerify }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_headers.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_headers.tpl new file mode 100644 index 0000000..a39b3b7 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_headers.tpl @@ -0,0 +1,128 @@ +{{- define "tc.v1.common.class.traefik.middleware.headers" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data }} + headers: + {{- if $mw.customRequestHeaders }} + customRequestHeaders: + {{- range $k, $v := $mw.customRequestHeaders }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end -}} + + {{- if $mw.customResponseHeaders }} + customResponseHeaders: + {{- range $k, $v := $mw.customResponseHeaders }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end -}} + + {{- if hasKey $mw "accessControlAllowCredentials" }} + accessControlAllowCredentials: {{ $mw.accessControlAllowCredentials }} + {{- end -}} + + {{- if $mw.accessControlAllowHeaders }} + accessControlAllowHeaders: + {{- range $mw.accessControlAllowHeaders }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.accessControlAllowMethods }} + accessControlAllowMethods: + {{- range $mw.accessControlAllowMethods }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.accessControlAllowOriginList }} + accessControlAllowOriginList: + {{- range $mw.accessControlAllowOriginList }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.accessControlAllowOriginListRegex }} + accessControlAllowOriginListRegex: + {{- range $mw.accessControlAllowOriginListRegex }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.accessControlExposeHeaders }} + accessControlExposeHeaders: + {{- range $mw.accessControlExposeHeaders }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.accessControlMaxAge }} + accessControlMaxAge: {{ $mw.accessControlMaxAge }} + {{- end -}} + + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "addVaryHeader" "value" $mw.addVaryHeader) | nindent 4 }} + + {{- if $mw.allowedHosts }} + allowedHosts: + {{- range $mw.allowedHosts }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.hostsProxyHeaders }} + hostsProxyHeaders: + {{- range $mw.hostsProxyHeaders }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.sslProxyHeaders }} + sslProxyHeaders: + {{- range $k, $v := $mw.sslProxyHeaders }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end -}} + + {{- if $mw.stsSeconds }} + stsSeconds: {{ $mw.stsSeconds }} + {{- end -}} + + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "stsIncludeSubdomains" "value" $mw.stsIncludeSubdomains) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "stsPreload" "value" $mw.stsPreload) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "forceSTSHeader" "value" $mw.forceSTSHeader) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "frameDeny" "value" $mw.frameDeny) | nindent 4 }} + + {{- if $mw.customFrameOptionsValue }} + customFrameOptionsValue: {{ $mw.customFrameOptionsValue }} + {{- end -}} + + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "contentTypeNosniff" "value" $mw.contentTypeNosniff) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "browserXssFilter" "value" $mw.browserXssFilter) | nindent 4 }} + + {{- if $mw.customBrowserXSSValue }} + customBrowserXSSValue: {{ $mw.customBrowserXSSValue }} + {{- end -}} + + {{- if $mw.contentSecurityPolicy }} + contentSecurityPolicy: {{ $mw.contentSecurityPolicy }} + {{- end -}} + + {{- if $mw.contentSecurityPolicyReportOnly }} + contentSecurityPolicyReportOnly: {{ $mw.contentSecurityPolicyReportOnly }} + {{- end -}} + + {{- if $mw.publicKey }} + publicKey: {{ $mw.publicKey }} + {{- end -}} + + {{- if $mw.referrerPolicy }} + referrerPolicy: {{ $mw.referrerPolicy }} + {{- end -}} + + {{- if $mw.permissionsPolicy }} + permissionsPolicy: {{ $mw.permissionsPolicy }} + {{- end -}} + + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "isDevelopment" "value" $mw.isDevelopment) | nindent 4 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_ipAllowList.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_ipAllowList.tpl new file mode 100644 index 0000000..ff7fba7 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_ipAllowList.tpl @@ -0,0 +1,38 @@ +{{- define "tc.v1.common.class.traefik.middleware.ipAllowList" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{- if $mw.sourceRange -}} + {{- if not (kindIs "slice" $mw.sourceRange) -}} + {{- fail (printf "Middleware (ip-allow-list) - Expected [sourceRange] to be a list, but got [%s]" (kindOf $mw.sourceRange)) -}} + {{- end -}} + {{- end -}} + + {{- if $mw.ipStrategy -}} + {{- if $mw.ipStrategy.excludedIPs -}} + {{- if not (kindIs "slice" $mw.ipStrategy.excludedIPs) -}} + {{- fail (printf "Middleware (ip-allow-list) - Expected [ipStrategy.excludedIPs] to be a list, but got [%s]" (kindOf $mw.ipStrategy.excludedIPs)) -}} + {{- end -}} + {{- end -}} + {{- end }} + ipAllowList: + {{- if $mw.sourceRange }} + sourceRange: + {{- range $mw.sourceRange }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.ipStrategy }} + ipStrategy: + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "depth" "value" $mw.ipStrategy.depth) | nindent 6 }} + {{- if $mw.ipStrategy.excludedIPs }} + excludedIPs: + {{- range $mw.ipStrategy.excludedIPs }} + - {{ . | quote }} + {{- end }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginBouncer.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginBouncer.tpl new file mode 100644 index 0000000..bcffed4 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginBouncer.tpl @@ -0,0 +1,70 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginBouncer" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "bouncer" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + {{- if not (hasKey $mw "enabled") -}} + {{- fail "Middleware (plugin-bouncer) - Expected [enabled] to be set" -}} + {{- end -}} + {{- if not (kindIs "bool" $mw.enabled) -}} + {{- fail (printf "Middleware (plugin-bouncer) - Expected [enabled] to be a boolean, but got [%s]" (kindOf $mw.enabled)) -}} + {{- end }} + plugin: + {{ $mwName }}: + enabled: {{ $mw.enabled }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "logLevel" "value" $mw.logLevel) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "updateIntervalSeconds" "value" $mw.updateIntervalSeconds) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "updateMaxFailure" "value" $mw.updateMaxFailure) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "defaultDecisionSeconds" "value" $mw.defaultDecisionSeconds) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "httpTimeoutSeconds" "value" $mw.httpTimeoutSeconds) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecMode" "value" $mw.crowdsecMode) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "crowdsecAppsecEnabled" "value" $mw.crowdsecAppsecEnabled) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecAppsecHost" "value" $mw.crowdsecAppsecHost) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "crowdsecAppsecFailureBlock" "value" $mw.crowdsecAppsecFailureBlock) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "crowdsecAppsecUnreachableBlock" "value" $mw.crowdsecAppsecUnreachableBlock) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiKey" "value" $mw.crowdsecLapiKey) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiHost" "value" $mw.crowdsecLapiHost) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiScheme" "value" $mw.crowdsecLapiScheme) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "crowdsecLapiTLSInsecureVerify" "value" $mw.crowdsecLapiTLSInsecureVerify) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecCapiMachineId" "value" $mw.crowdsecCapiMachineId) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecCapiPassword" "value" $mw.crowdsecCapiPassword) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "forwardedHeadersCustomName" "value" $mw.forwardedHeadersCustomName) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "remediationHeadersCustomName" "value" $mw.remediationHeadersCustomName) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "redisCacheEnabled" "value" $mw.redisCacheEnabled) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "redisCacheHost" "value" $mw.redisCacheHost) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "redisCachePassword" "value" $mw.redisCachePassword) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "redisCacheDatabase" "value" $mw.redisCacheDatabase) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiTLSCertificateAuthority" "value" $mw.crowdsecLapiTLSCertificateAuthority) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiTLSCertificateBouncer" "value" $mw.crowdsecLapiTLSCertificateBouncer) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiTLSCertificateBouncerKey" "value" $mw.crowdsecLapiTLSCertificateBouncerKey) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "captchaProvider" "value" $mw.captchaProvider) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "captchaSiteKey" "value" $mw.captchaSiteKey) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "captchaSecretKey" "value" $mw.captchaSecretKey) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "captchaGracePeriodSeconds" "value" $mw.captchaGracePeriodSeconds) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "captchaHTMLFilePath" "value" $mw.captchaHTMLFilePath) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "banHTMLFilePath" "value" $mw.banHTMLFilePath) | nindent 6 }} + {{- if $mw.crowdsecCapiScenarios }} + crowdsecCapiScenarios: + {{- range $mw.crowdsecCapiScenarios }} + - {{ . | quote }} + {{- end }} + {{- end -}} + {{- if $mw.forwardedHeadersTrustedIPs }} + forwardedHeadersTrustedIPs: + {{- range $mw.forwardedHeadersTrustedIPs }} + - {{ . | quote }} + {{- end }} + {{- end -}} + {{- if $mw.clientTrustedIPs }} + clientTrustedIPs: + {{- range $mw.clientTrustedIPs }} + - {{ . | quote }} + {{- end }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginGeoblock.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginGeoblock.tpl new file mode 100644 index 0000000..50cdbb6 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginGeoblock.tpl @@ -0,0 +1,37 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginGeoblock" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "GeoBlock" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + {{- if not $mw.api -}} + {{- fail "Middleware (plugin-geoblock) - Expected [api] to be set" -}} + {{- end -}} + {{- if not $mw.countries -}} + {{- fail "Middleware (plugin-geoblock) - Expected [countries] to be set" -}} + {{- end }} + plugin: + {{ $mwName }}: + api: {{ $mw.api }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "allowLocalRequests" "value" $mw.allowLocalRequests) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "logLocalRequests" "value" $mw.logLocalRequests) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "logAllowedRequests" "value" $mw.logAllowedRequests) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "logApiRequests" "value" $mw.logApiRequests) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "apiTimeoutMs" "value" $mw.apiTimeoutMs) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "cacheSize" "value" $mw.cacheSize) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "forceMonthlyUpdate" "value" $mw.forceMonthlyUpdate) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "allowUnknownCountries" "value" $mw.allowUnknownCountries) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "unknownCountryApiResponse" "value" $mw.unknownCountryApiResponse) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "blackListMode" "value" $mw.blackListMode) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "silentStartUp" "value" $mw.silentStartUp) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "addCountryHeader" "value" $mw.addCountryHeader) | nindent 6 }} + countries: + {{- range $mw.countries }} + - {{ . | quote }} + {{- end }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginModSecurity.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginModSecurity.tpl new file mode 100644 index 0000000..1e4aaa8 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginModSecurity.tpl @@ -0,0 +1,21 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginModSecurity" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "traefik-modsecurity-plugin" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + + {{- if not $mw.modSecurityUrl -}} + {{- fail "Middleware (modsecurity) - Expected [modSecurityUrl] to be set" -}} + {{- end }} + plugin: + {{ $mwName }}: + modSecurityUrl: {{ $mw.modSecurityUrl }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "timeoutMillis" "value" $mw.timeoutMillis) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "maxBodySize" "value" $mw.maxBodySize) | nindent 6 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginRealIP.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginRealIP.tpl new file mode 100644 index 0000000..5f7bd7e --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginRealIP.tpl @@ -0,0 +1,22 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginRealIP" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "traefik-real-ip" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + + {{- if not $mw.excludednets -}} + {{- fail "Middleware (real-ip) - Expected [excludednets] to be set" -}} + {{- end }} + plugin: + {{ $mwName }}: + excludednets: + {{- range $mw.excludednets }} + - {{ . | quote }} + {{- end }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginRewriteResponseHeaders.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginRewriteResponseHeaders.tpl new file mode 100644 index 0000000..be82a99 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginRewriteResponseHeaders.tpl @@ -0,0 +1,40 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginRewriteResponseHeaders" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "rewriteResponseHeaders" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + + {{- if not $mw.rewrites -}} + {{- fail "Middleware (rewrite-response-headers) - Expected [rewrites] to be set" -}} + {{- end }} + + {{- if not (kindIs "slice" $mw.rewrites) -}} + {{- fail (printf "Middleware (rewrite-response-headers) - Expected [rewrites] to be a list, but got [%s]" (kindOf $mw.rewrites)) -}} + {{- end }} + + {{- range $index, $config := $mw.rewrites -}} + {{- if not $config.header -}} + {{- fail (printf "Middleware (rewrite-response-headers) - Expected [header] to be set for rewrite [%v]" $index) -}} + {{- end -}} + {{- if not $config.regex -}} + {{- fail (printf "Middleware (rewrite-response-headers) - Expected [regex] to be set for rewrite [%v]" $index) -}} + {{- end -}} + {{- if not $config.replacement -}} + {{- fail (printf "Middleware (rewrite-response-headers) - Expected [replacement] to be set for rewrite [%v]" $index) -}} + {{- end -}} + {{- end }} + plugin: + {{ $mwName }}: + rewrites: + {{- range $index, $rewriteResponseHeader := $mw.rewrites }} + - header: {{ $rewriteResponseHeader.header }} + regex: {{ $rewriteResponseHeader.regex | quote }} + replacement: {{ $rewriteResponseHeader.replacement | quote }} + {{- end }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginThemePark.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginThemePark.tpl new file mode 100644 index 0000000..da3eee7 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_pluginThemePark.tpl @@ -0,0 +1,30 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginThemePark" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "traefik-themepark" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + + {{- if not $mw.app -}} + {{- fail "Middleware (themepark) - Expected [app] to be set" -}} + {{- end -}} + {{- if not $mw.theme -}} + {{- fail "Middleware (themepark) - Expected [theme] to be set" -}} + {{- end }} + plugin: + {{ $mwName }}: + app: {{ $mw.app }} + theme: {{ $mw.theme }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "baseUrl" "value" $mw.baseUrl) | nindent 6 }} + {{- if $mw.addons }} + addons: + {{- range $mw.addons }} + - {{ . | quote }} + {{- end }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_rateLimit.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_rateLimit.tpl new file mode 100644 index 0000000..5fad37d --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_rateLimit.tpl @@ -0,0 +1,13 @@ +{{- define "tc.v1.common.class.traefik.middleware.rateLimit" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{- if and (not $mw.average) (not $mw.burst) -}} + {{- fail "Middleware (rate-limit) - Expected either [average] or [burst] to be set" -}} + {{- end }} + rateLimit: + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "average" "value" $mw.average) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "burst" "value" $mw.burst) | nindent 4 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_redirectRegex.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_redirectRegex.tpl new file mode 100644 index 0000000..cde75e7 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_redirectRegex.tpl @@ -0,0 +1,22 @@ +{{- define "tc.v1.common.class.traefik.middleware.redirectRegex" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.regex -}} + {{- fail "Middleware (redirect-regex) - Expected [regex] to be set" -}} + {{- end -}} + {{- if not $mw.replacement -}} + {{- fail "Middleware (redirect-regex) - Expected [replacement] to be set" -}} + {{- end -}} + + {{- if hasKey $mw "permanent" -}} + {{- if not (kindIs "bool" $mw.permanent) -}} + {{- fail (printf "Middleware (redirect-regex) - Expected [permanent] to be a boolean, but got [%s]" (kindOf $mw.permanent)) -}} + {{- end -}} + {{- end }} + redirectRegex: + regex: {{ $mw.regex }} + replacement: {{ $mw.replacement }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "permanent" "value" $mw.permanent) | nindent 4 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_redirectScheme.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_redirectScheme.tpl new file mode 100644 index 0000000..8f8a062 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_redirectScheme.tpl @@ -0,0 +1,18 @@ +{{- define "tc.v1.common.class.traefik.middleware.redirectScheme" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.scheme -}} + {{- fail "Middleware (redirect-scheme) - Expected [scheme] to be set" -}} + {{- end -}} + + {{- if hasKey $mw "permanent" -}} + {{- if not (kindIs "bool" $mw.permanent) -}} + {{- fail (printf "Middleware (redirect-scheme) - Expected [permanent] to be a boolean, but got [%s]" (kindOf $mw.permanent)) -}} + {{- end -}} + {{- end }} + redirectScheme: + scheme: {{ $mw.scheme }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "permanent" "value" $mw.permanent) | nindent 4 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_replacePath.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_replacePath.tpl new file mode 100644 index 0000000..b7db73e --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_replacePath.tpl @@ -0,0 +1,11 @@ +{{- define "tc.v1.common.class.traefik.middleware.replacePath" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.path -}} + {{- fail "Middleware (replace-path) - Expected [path] to be set" -}} + {{- end }} + replacePath: + path: {{ $mw.path }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_replacePathRegex.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_replacePathRegex.tpl new file mode 100644 index 0000000..a2416b9 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_replacePathRegex.tpl @@ -0,0 +1,15 @@ +{{- define "tc.v1.common.class.traefik.middleware.replacePathRegex" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.regex -}} + {{- fail "Middleware (replace-path-regex) - Expected [regex] to be set" -}} + {{- end -}} + {{- if not $mw.replacement -}} + {{- fail "Middleware (replace-path-regex) - Expected [replacement] to be set" -}} + {{- end }} + replacePathRegex: + regex: {{ $mw.regex }} + replacement: {{ $mw.replacement }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_retry.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_retry.tpl new file mode 100644 index 0000000..76d8b58 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_retry.tpl @@ -0,0 +1,12 @@ +{{- define "tc.v1.common.class.traefik.middleware.retry" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.attempts -}} + {{- fail "Middleware (retry) - Expected [attempts] to be set" -}} + {{- end }} + retry: + attempts: {{ $mw.attempts }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "initialInterval" "value" $mw.initialInterval) | nindent 4 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_stripPrefix.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_stripPrefix.tpl new file mode 100644 index 0000000..55a733c --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_stripPrefix.tpl @@ -0,0 +1,21 @@ +{{- define "tc.v1.common.class.traefik.middleware.stripPrefix" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.prefix -}} + {{- fail "Middleware (strip-prefix) - Expected [prefix] to be set" -}} + {{- end -}} + + {{- if hasKey $mw "forceSlash" -}} + {{- if not (kindIs "bool" $mw.forceSlash) -}} + {{- fail (printf "Middleware (strip-prefix) - Expected [forceSlash] to be a boolean, but got [%s]" (kindOf $mw.forceSlash)) -}} + {{- end -}} + {{- end }} + stripPrefix: + prefix: + {{- range $mw.prefix }} + - {{ . | quote }} + {{- end -}} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "forceSlash" "value" $mw.forceSlash) | nindent 4 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_stripPrefixRegex.tpl b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_stripPrefixRegex.tpl new file mode 100644 index 0000000..9d49959 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/traefik/middlewares/_stripPrefixRegex.tpl @@ -0,0 +1,14 @@ +{{- define "tc.v1.common.class.traefik.middleware.stripPrefixRegex" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.regex -}} + {{- fail "Middleware (strip-prefix-regex) - Expected [regex] to be set" -}} + {{- end }} + stripPrefixRegex: + regex: + {{- range $mw.regex }} + - {{ . | quote }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/util/_autoperms.tpl b/charts/baikal/baikal/charts/common/templates/lib/util/_autoperms.tpl new file mode 100644 index 0000000..d380120 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/util/_autoperms.tpl @@ -0,0 +1,141 @@ +{{/* Contains the auto-permissions job */}} +{{- define "tc.v1.common.lib.util.autoperms" -}} + +{{- $permAllowedTypes := (list "hostPath" "emptyDir" "nfs") -}} +{{/* If you change this path, you must change it under _volumeMounts.tpl too*/}} +{{- $basePath := "/mounts" -}} + +{{/* Init an empty dict to hold data */}} +{{- $mounts := dict -}} + +{{/* Go over persistence and gather needed data */}} +{{- range $name, $mount := .Values.persistence -}} + {{- if and $mount.enabled $mount.autoPermissions -}} + {{/* If autoPermissions is enabled...*/}} + {{- if $mount.autoPermissions.enabled -}} + {{- if or $mount.autoPermissions.chown $mount.autoPermissions.chmod -}} + {{- $type := $.Values.global.fallbackDefaults.persistenceType -}} + {{- if $mount.type -}} + {{- $type = $mount.type -}} + {{- end -}} + + {{- if not (mustHas $type $permAllowedTypes) -}} + {{- fail (printf "Auto Permissions - Allowed persistent types for auto permissions are [%v], but got [%v] on [%v]" (join ", " $permAllowedTypes) $type $name) -}} + {{- end -}} + + {{- if $mount.readOnly -}} + {{- fail (printf "Auto Permissions - You cannot change permissions/ownership automatically on [%v] with readOnly enabled" $name) -}} + {{- end -}} + + {{/* Add some data regarding what actions to perform */}} + {{- $_ := set $mounts $name $mount.autoPermissions -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- if $mounts }} +enabled: true +type: Job +annotations: + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "3" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed +podSpec: + restartPolicy: Never + containers: + # If you change this name, you must change it under _volumeMounts.tpl + autopermissions: + enabled: true + primary: true + imageSelector: alpineImage + securityContext: + runAsNonRoot: false + runAsUser: 0 + capabilities: + disableS6Caps: true + add: + - CHOWN + - DAC_OVERRIDE + - FOWNER + resources: + excludeExtra: true + limits: + cpu: 2000m + memory: 2Gi + probes: + liveness: + type: exec + command: + - cat + - /tmp/healthy + readiness: + type: exec + command: + - cat + - /tmp/healthy + startup: + type: exec + command: + - cat + - /tmp/healthy + command: + - /bin/sh + - -c + args: + - | + echo "Starting auto permissions job..." + touch /tmp/healthy + + echo "Automatically correcting ownership and permissions..." + + {{- range $name, $vol := $mounts }} + {{- $mountPath := (printf "%v/%v" $basePath $name) -}} + + {{- $user := "" -}} + {{- if $vol.user -}} + {{- $user = $vol.user -}} + {{- end -}} + + {{- $group := $.Values.securityContext.pod.fsGroup -}} + {{- if $vol.group -}} + {{- $group = $vol.group -}} + {{- end -}} + + {{- $r := "" -}} + {{- if $vol.recursive -}} + {{- $r = "-R" -}} + {{- end -}} + + {{/* Permissions */}} + {{- if $vol.chmod }} + echo "Automatically correcting permissions for {{ $mountPath }}..." + before=$(stat -c "%a" {{ $mountPath }}) + chmod {{ $r }} {{ $vol.chmod }} {{ $mountPath }} || echo "Failed setting permissions using chmod..." + echo "Permissions before: [$before]" + echo "Permissions after: [$(stat -c "%a" {{ $mountPath }})]" + echo "" + {{- end -}} + + {{/* Ownership */}} + {{- if $vol.chown }} + echo "Automatically correcting ownership for {{ $mountPath }}..." + before=$(stat -c "%u:%g" {{ $mountPath }}) + chown {{ $r }} -f {{ $user }}:{{ $group }} {{ $mountPath }} || echo "Failed setting ownership using chown..." + + echo "Ownership before: [$before]" + echo "Ownership after: [$(stat -c "%u:%g" {{ $mountPath }})]" + echo "" + {{- end -}} + {{- end }} + echo "Finished auto permissions job..." +{{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.util.autoperms.job" -}} + {{- $job := (include "tc.v1.common.lib.util.autoperms" $) | fromYaml -}} + {{- if $job -}} + # If you change this name, you must change it under _volumes.tpl + {{- $_ := set $.Values.workload "autopermissions" $job -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/util/_chartcontext.tpl b/charts/baikal/baikal/charts/common/templates/lib/util/_chartcontext.tpl new file mode 100644 index 0000000..567dd6e --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/util/_chartcontext.tpl @@ -0,0 +1,211 @@ +{{/* Returns the primary Workload object */}} +{{- define "tc.v1.common.lib.util.chartcontext" -}} + + {{/* Prepare an empty object so it the chartcontext.data util behave properly */}} + {{- $objectData := (dict + "override" dict + "targetSelector" dict + "path" "" + ) -}} + + {{- $context := (include "tc.v1.common.lib.util.chartcontext.data" (dict "rootCtx" $ "objectData" $objectData) | fromYaml) -}} + + {{- $_ := set $.Values "chartContext" $context -}} + + {{/* This flag is only used in CI/Unit Tests so we can confirm that $context is correctly generated */}} + {{- if $.Values.createChartContextConfigmap -}} + {{- $_ := set $.Values.configmap "chart-context" (dict + "enabled" true + "data" $context + ) -}} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.lib.util.chartcontext.data" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{/* Create defaults */}} + {{- $protocol := "http" -}} + {{- $host := "127.0.0.1" -}} + {{- $port := "443" -}} + {{- $path := "/" -}} + {{- $podCIDR := "172.16.0.0/16" -}} + {{- $svcCIDR := "172.17.0.0/16" -}} + + {{- if $rootCtx.Values.global.podCIDR -}} + {{- $podCIDR = $rootCtx.Values.global.podCIDR -}} + {{- end -}} + + {{- if $rootCtx.Values.global.svcCIDR -}} + {{- $svcCIDR = $rootCtx.Values.global.svcCIDR -}} + {{- end -}} + + {{/* TODO: Find ways to implement CIDR detection */}} + + {{/* If there is ingress, get data from the primary */}} + {{- $primaryIngressName := include "tc.v1.common.lib.util.ingress.primary" (dict "rootCtx" $rootCtx) -}} + {{- $selectedIngress := (get $rootCtx.Values.ingress $primaryIngressName) -}} + + {{- with $objectData.targetSelector -}} + {{- if .ingress -}} + {{- $ing := (get $rootCtx.Values.ingress .ingress) -}} + {{- if $ing -}} + {{- $selectedIngress = $ing -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- with $selectedIngress -}} + {{- $firstHost := list -}} + {{- if (kindIs "slice" .hosts) -}} + {{- $firstHost = ((.hosts | default list) | mustFirst) -}} + {{- end -}} + {{- if $firstHost -}} + {{- if $firstHost.host -}} + {{- $host = tpl $firstHost.host $rootCtx -}} + {{- end -}} + + {{- $firstPath := list -}} + {{- if (kindIs "slice" $firstHost.paths) -}} + {{- $firstPath = (($firstHost.paths | default list) | mustFirst) -}} + {{- end -}} + {{- if $firstPath -}} + {{- $path = $firstPath.path -}} + {{- end -}} + {{- end -}} + + {{- if and .integrations .integrations.traefik -}} + {{- $enabled := true -}} + {{- if and (hasKey .integrations.traefik "enabled") (kindIs "bool" .integrations.traefik.enabled) -}} + {{- $enabled = .integrations.traefik.enabled -}} + {{- end -}} + + {{- if $enabled -}} + {{- $entrypoints := (.integrations.traefik.entrypoints | default (list "websecure")) -}} + {{- if kindIs "slice" $entrypoints -}} + {{- if mustHas "websecure" $entrypoints -}} + {{- $port = "443" -}} + {{- else if mustHas "web" $entrypoints -}} + {{- $port = "80" -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if and .integrations .integrations.certManager .integrations.certManager.enabled -}} + {{- $protocol = "https" -}} + {{- $port = "443" -}} + {{- end -}} + + {{- $tls := ((.tls | default list) | mustFirst) -}} + {{- if (or $tls.secretName $tls.certificateIssuer $tls.clusterCertificate) -}} + {{- $protocol = "https" -}} + {{- $port = "443" -}} + {{- end -}} + {{- end -}} + + {{/* If there is no ingress, we have to use service */}} + {{- if not $selectedIngress -}} + {{- $primaryServiceName := include "tc.v1.common.lib.util.service.primary" (dict "rootCtx" $rootCtx) -}} + {{- $selectedService := (get $rootCtx.Values.service $primaryServiceName) -}} + + {{- with $objectData.targetSelector -}} + {{- if .service -}} + {{- $svc := (get $rootCtx.Values.service .service) -}} + {{- if $svc -}} + {{- $selectedService = $svc -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $primaryPort := dict -}} + {{- if $selectedService -}} + {{- $primaryPortName := include "tc.v1.common.lib.util.service.ports.primary" (dict "rootCtx" $rootCtx "svcValues" $selectedService) -}} + {{- $selectedPort := dict -}} + {{- if $selectedService.ports -}} {{/* eg, ExternalName does not require ports */}} + {{- $selectedPort = (get $selectedService.ports $primaryPortName) -}} + {{- end -}} + + {{- with $objectData.targetSelector -}} + {{- if .port -}} + {{- $port := (get $selectedService.ports .port) -}} + {{- if $port -}} + {{- $selectedPort = $port -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if not $selectedPort -}} + {{- $portName := ($selectedService.ports | keys | sortAlpha | mustFirst) -}} + {{- if $selectedService.ports -}} {{/* eg, ExternalName does not require ports */}} + {{- $selectedPort = (get $selectedService.ports $portName) -}} + {{- end -}} + {{- end -}} + + {{- $port = tpl ($selectedPort.port | toString) $rootCtx -}} + + {{- if mustHas $selectedPort.protocol (list "http" "https") -}} + {{- $protocol = $selectedPort.protocol -}} + {{- else -}} + {{- $protocol = "http" -}} + {{- end -}} + + {{- if eq $selectedService.type "LoadBalancer" -}} + {{- if (kindIs "string" $selectedService.loadBalancerIP) -}} + {{- with $selectedService.loadBalancerIP -}} + {{- $host = tpl . $rootCtx | toString -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{/* Overrides */}} + {{- with $objectData.override -}} + {{- if .protocol -}} + {{- $protocol = .protocol -}} + {{- end -}} + + {{- if .host -}} + {{- $host = .host -}} + {{- end -}} + + {{- if .port -}} + {{- $port = .port -}} + {{- end -}} + {{- end -}} + + {{- with $objectData.path -}} + {{- $path = . -}} + {{- end -}} + + {{/* URL Will not include the path. */}} + {{- $url := printf "%s://%s:%s" $protocol $host $port -}} + {{- $urlWithPortAndPath := printf "%s://%s:%s%s" $protocol $host $port $path -}} + + {{/* Clean up the URL */}} + {{- $port = $port | toString -}} + {{- if eq $port "443" -}} + {{- $url = $url | trimSuffix ":443" -}} + {{- $url = $url | replace $protocol "https" -}} + {{- $urlWithPortAndPath = $urlWithPortAndPath | replace $protocol "https" -}} + {{- $protocol = "https" -}} + {{- end -}} + + {{- if eq $port "80" -}} + {{- $url = $url | trimSuffix ":80" -}} + {{- $url = $url | replace $protocol "http" -}} + {{- $urlWithPortAndPath = $urlWithPortAndPath | replace $protocol "http" -}} + {{- $protocol = "http" -}} + {{- end -}} + + {{- $context := (dict + "podCIDR" $podCIDR "svcCIDR" $svcCIDR + "appUrl" $url "appUrlWithPortAndPath" $urlWithPortAndPath + "appHost" $host "appPort" $port + "appPath" $path "appProtocol" $protocol + ) -}} + + {{- $context | toJson -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/util/_diagnosticMode.tpl b/charts/baikal/baikal/charts/common/templates/lib/util/_diagnosticMode.tpl new file mode 100644 index 0000000..f12228b --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/util/_diagnosticMode.tpl @@ -0,0 +1,29 @@ +{{- define "tc.v1.common.lib.util.diagnosticMode" -}} + {{- $rootCtx := .rootCtx -}} + + {{- $diagMode := "" -}} + + {{- $itemsToCheck := (list $rootCtx.Values $rootCtx.Values.global) -}} + + {{- range $item := $itemsToCheck -}} + {{- if hasKey $item "diagnosticMode" -}} + {{- if not (kindIs "map" $item.diagnosticMode) -}} + {{- fail (printf "Diagnostic Mode - Expected [diagnosticMode] to be a map, but got [%s]" (kindOf $item.diagnosticMode)) -}} + {{- end -}} + {{- if hasKey $item.diagnosticMode "enabled" -}} + {{- if not (kindIs "bool" $item.diagnosticMode.enabled) -}} + {{- fail (printf "Diagnostic Mode - Expected [diagnosticMode.enabled] to be a bool, but got [%s]" (kindOf $item.diagnosticMode.enabled)) -}} + {{- end -}} + {{- end -}} + + {{/* Ignore if its not true as we want any item + that is true to apply regardless of the order + */}} + {{- if $item.diagnosticMode.enabled -}} + {{- $diagMode = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $diagMode | toString -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/util/_enabled.tpl b/charts/baikal/baikal/charts/common/templates/lib/util/_enabled.tpl new file mode 100644 index 0000000..0fb7aeb --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/util/_enabled.tpl @@ -0,0 +1,29 @@ +{{- define "tc.v1.common.lib.util.enabled" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $key := .key -}} + {{- $name := (.name | toString) -}} + {{- $caller := .caller -}} + + {{- $enabled := false -}} + {{- if not (hasKey $objectData "enabled") -}} + {{- fail (printf "%s - Expected the key [enabled] in [%s.%s] to exist" $caller $key $name) -}} + {{- end -}} + + {{- if (kindIs "invalid" $objectData.enabled) -}} + {{- fail (printf "%s - Expected the defined key [enabled] in [%s.%s] to not be empty" $caller $key $name) -}} + {{- end -}} + {{- $enabled = $objectData.enabled -}} + + {{- if kindIs "string" $enabled -}} + {{- $enabled = tpl $enabled $rootCtx -}} + {{- if eq $enabled "true" -}} + {{- $enabled = true -}} + {{- else if eq $enabled "false" -}} + {{- $enabled = false -}} + {{- end -}} + {{- end -}} + + {{/* NOTE: Always treat the returned result as string */}} + {{- $enabled -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/util/_expandName.tpl b/charts/baikal/baikal/charts/common/templates/lib/util/_expandName.tpl new file mode 100644 index 0000000..44e23f8 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/util/_expandName.tpl @@ -0,0 +1,30 @@ +{{- define "tc.v1.common.lib.util.expandName" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $key := .key -}} + {{- $name := (.name | toString) -}} + {{- $caller := .caller -}} + + {{- $expandName := true -}} + {{- if (hasKey $objectData "expandObjectName") -}} + {{- if not (kindIs "invalid" $objectData.expandObjectName) -}} + {{- $expandName = $objectData.expandObjectName -}} + {{- else -}} + {{- fail (printf "%s - Expected the defined key [expandObjectName] in [%s.%s] to not be empty" $caller $key $name) -}} + {{- end -}} + {{- end -}} + + {{- if kindIs "string" $expandName -}} + {{- $expandName = tpl $expandName $rootCtx -}} + + {{/* After tpl it becomes a string, not a bool */}} + {{- if eq $expandName "true" -}} + {{- $expandName = true -}} + {{- else if eq $expandName "false" -}} + {{- $expandName = false -}} + {{- end -}} + {{- end -}} + + {{/* NOTE: Always treat the returned result as string */}} + {{- $expandName -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/util/_metadataList.tpl b/charts/baikal/baikal/charts/common/templates/lib/util/_metadataList.tpl new file mode 100644 index 0000000..0a05ab5 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/util/_metadataList.tpl @@ -0,0 +1,20 @@ +{{- define "tc.v1.common.lib.util.metaListToDict" -}} + {{- $objectData := .objectData -}} + {{- $annoList := $objectData.annotationsList -}} + {{- $labelList := $objectData.labelsList -}} + + {{- if not $objectData.annotations -}} + {{- $_ := set $objectData "annotations" dict -}} + {{- end -}} + {{- if not $objectData.labels -}} + {{- $_ := set $objectData "labels" dict -}} + {{- end -}} + + {{- range $a := $annoList -}} + {{- $_ := set $objectData.annotations $a.name $a.value -}} + {{- end -}} + + {{- range $l := $labelList -}} + {{- $_ := set $objectData.labels $l.name $l.value -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/util/_primary_certificate.tpl b/charts/baikal/baikal/charts/common/templates/lib/util/_primary_certificate.tpl new file mode 100644 index 0000000..fabc2b3 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/util/_primary_certificate.tpl @@ -0,0 +1,23 @@ +{{/* Return the name of the primary Cert object */}} +{{- define "tc.v1.common.lib.util.cert.primary" -}} + {{- $Certs := $.Values.cert -}} + + {{- $enabledCerts := dict -}} + {{- range $name, $cert := $Certs -}} + {{- if $cert.enabled -}} + {{- $_ := set $enabledCerts $name . -}} + {{- end -}} + {{- end -}} + + {{- $result := "" -}} + {{- range $name, $cert := $enabledCerts -}} + {{- if and (hasKey $cert "primary") $cert.primary -}} + {{- $result = $name -}} + {{- end -}} + {{- end -}} + + {{- if not $result -}} + {{- $result = keys $Certs | first -}} + {{- end -}} + {{- $result -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/util/_primary_cnpg.tpl b/charts/baikal/baikal/charts/common/templates/lib/util/_primary_cnpg.tpl new file mode 100644 index 0000000..07ea0c0 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/util/_primary_cnpg.tpl @@ -0,0 +1,23 @@ +{{/* Return the name of the primary cnpg object */}} +{{- define "tc.v1.common.lib.util.cnpg.primary" -}} + {{- $cnpgs := .Values.cnpg -}} + + {{- $enabledcnpges := dict -}} + {{- range $name, $cnpg := $cnpgs -}} + {{- if $cnpg.enabled -}} + {{- $_ := set $enabledcnpges $name . -}} + {{- end -}} + {{- end -}} + + {{- $result := "" -}} + {{- range $name, $cnpg := $enabledcnpges -}} + {{- if and (hasKey $cnpg "primary") $cnpg.primary -}} + {{- $result = $name -}} + {{- end -}} + {{- end -}} + + {{- if not $result -}} + {{- $result = keys $enabledcnpges | first -}} + {{- end -}} + {{- $result -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/util/_primary_ingress.tpl b/charts/baikal/baikal/charts/common/templates/lib/util/_primary_ingress.tpl new file mode 100644 index 0000000..ff0cd52 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/util/_primary_ingress.tpl @@ -0,0 +1,30 @@ +{{/* Return the name of the enabled primary ingress object */}} +{{- define "tc.v1.common.lib.util.ingress.primary" -}} + {{- $rootCtx := .rootCtx -}} + + {{- $result := "" -}} + {{- range $name, $ingress := $rootCtx.Values.ingress -}} + {{- $enabled := "false" -}} + + {{- if not (kindIs "invalid" $ingress.enabled) -}} + {{- $enabled = (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $rootCtx "objectData" $ingress + "name" $name "caller" "Primary Ingress Util" + "key" "ingress")) -}} + {{- end -}} + + {{- if eq $enabled "true" -}} + {{- if $ingress.primary -}} + {{/* + While this will overwrite if there are + more than 1 primary ingress, its not an issue + as there is validation down the line that will + fail if there are more than 1 primary ingress + */}} + {{- $result = $name -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $result -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/util/_primary_metrics.tpl b/charts/baikal/baikal/charts/common/templates/lib/util/_primary_metrics.tpl new file mode 100644 index 0000000..f085399 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/util/_primary_metrics.tpl @@ -0,0 +1,30 @@ +{{/* Return the name of the primary metrics object */}} +{{- define "tc.v1.common.lib.util.metrics.primary" -}} + {{- $metrics := .Values.metrics -}} + + {{- $enabledMetrics := dict -}} + {{- range $name, $metrics := $metrics -}} + {{- if $metrics.enabled -}} + {{- $_ := set $enabledMetrics $name $metrics -}} + {{- end -}} + {{- end -}} + + {{- $result := "" -}} + {{- range $name, $metrics := $enabledMetrics -}} + {{- if (hasKey $metrics "primary") -}} + {{- if $metrics.primary -}} + {{- if $result -}} + {{- fail "More than one metrics are set as primary. This is not supported." -}} + {{- end -}} + {{- $result = $name -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if not $result -}} + {{- if eq (len $enabledMetrics) 1 -}} + {{- $result = keys $enabledMetrics | mustFirst -}} + {{- end -}} + {{- end -}} + {{- $result -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/util/_primary_port.tpl b/charts/baikal/baikal/charts/common/templates/lib/util/_primary_port.tpl new file mode 100644 index 0000000..1ba09bf --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/util/_primary_port.tpl @@ -0,0 +1,32 @@ +{{/* A dict containing .values and .serviceName is passed when this function is called */}} +{{/* Return the primary port for a given Service object. */}} +{{- define "tc.v1.common.lib.util.service.ports.primary" -}} + {{- $rootCtx := .rootCtx -}} + {{- $svcValues := .svcValues -}} + + {{- $result := "" -}} + {{- range $name, $port := $svcValues.ports -}} + {{- $enabled := "false" -}} + + {{- if not (kindIs "invalid" $port.enabled) -}} + {{- $enabled = (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $rootCtx "objectData" $port + "name" $name "caller" "Primary Port Util" + "key" ".ports.$portname.enabled")) -}} + {{- end -}} + + {{- if eq $enabled "true" -}} + {{- if $port.primary -}} + {{/* + While this will overwrite if there are + more than 1 primary port, its not an issue + as there is validation down the line that will + fail if there are more than 1 primary port + */}} + {{- $result = $name -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $result -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/util/_primary_route.tpl b/charts/baikal/baikal/charts/common/templates/lib/util/_primary_route.tpl new file mode 100644 index 0000000..04da801 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/util/_primary_route.tpl @@ -0,0 +1,23 @@ +{{/* Return the name of the primary route object */}} +{{- define "tc.v1.common.lib.util.route.primary" -}} + {{- $routees := $.Values.route -}} + + {{- $enabledroutees := dict -}} + {{- range $name, $route := $routees -}} + {{- if $route.enabled -}} + {{- $_ := set $enabledroutees $name . -}} + {{- end -}} + {{- end -}} + + {{- $result := "" -}} + {{- range $name, $route := $enabledroutees -}} + {{- if and (hasKey $route "primary") $route.primary -}} + {{- $result = $name -}} + {{- end -}} + {{- end -}} + + {{- if not $result -}} + {{- $result = keys $enabledroutees | first -}} + {{- end -}} + {{- $result -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/util/_primary_service.tpl b/charts/baikal/baikal/charts/common/templates/lib/util/_primary_service.tpl new file mode 100644 index 0000000..1972134 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/util/_primary_service.tpl @@ -0,0 +1,30 @@ +{{/* Returns the primary service object */}} +{{- define "tc.v1.common.lib.util.service.primary" -}} + {{- $rootCtx := .rootCtx -}} + + {{- $result := "" -}} + {{- range $name, $service := $rootCtx.Values.service -}} + {{- $enabled := "false" -}} + + {{- if not (kindIs "invalid" $service.enabled) -}} + {{- $enabled = (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $rootCtx "objectData" $service + "name" $name "caller" "Primary service Util" + "key" "service")) -}} + {{- end -}} + + {{- if eq $enabled "true" -}} + {{- if $service.primary -}} + {{/* + While this will overwrite if there are + more than 1 primary service, its not an issue + as there is validation down the line that will + fail if there are more than 1 primary service + */}} + {{- $result = $name -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $result -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/util/_primary_workload.tpl b/charts/baikal/baikal/charts/common/templates/lib/util/_primary_workload.tpl new file mode 100644 index 0000000..b24836b --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/util/_primary_workload.tpl @@ -0,0 +1,35 @@ +{{/* Returns the primary Workload object */}} +{{- define "tc.v1.common.lib.util.workload.primary" -}} + {{- $Workloads := .workload -}} + + {{- $enabledWorkloads := dict -}} + {{- range $name, $Workload := $Workloads -}} + {{- if $Workload.enabled -}} + {{- $_ := set $enabledWorkloads $name $Workload -}} + {{- end -}} + {{- end -}} + + {{- $result := "" -}} + {{- range $name, $Workload := $enabledWorkloads -}} + {{- if (hasKey $Workload "primary") -}} + {{- if $Workload.primary -}} + {{- if $result -}} + {{- fail "More than one Workloads are set as primary. This is not supported." -}} + {{- end -}} + {{- $result = $name -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if not $result -}} + {{- if eq (len $enabledWorkloads) 1 -}} + {{- $result = keys $enabledWorkloads | mustFirst -}} + {{- else -}} + {{- if $enabledWorkloads -}} + {{- fail "At least one Workload must be set as primary" -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $result -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/util/_stopAll.tpl b/charts/baikal/baikal/charts/common/templates/lib/util/_stopAll.tpl new file mode 100644 index 0000000..a545c8d --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/util/_stopAll.tpl @@ -0,0 +1,10 @@ +{{- define "tc.v1.common.lib.util.stopAll" -}} + {{- $rootCtx := . -}} + + {{- $stop := "" -}} + {{- if $rootCtx.Values.global.stopAll -}} + {{- $stop = true -}} + {{- end -}} + + {{- $stop -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/volsync/_cache.tpl b/charts/baikal/baikal/charts/common/templates/lib/volsync/_cache.tpl new file mode 100644 index 0000000..a3cdcb3 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/volsync/_cache.tpl @@ -0,0 +1,21 @@ +{{- define "tc.v1.common.lib.volsync.cache" -}} + {{- $creds := .creds -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $volsyncData := .volsyncData -}} + {{- $target := get $volsyncData .target -}} + +cacheCapacity: {{ $target.cacheCapacity | default "10Gi" }} + + {{- with $target.cacheStorageClassName }} +cacheStorageClassName: {{ $target.cacheStorageClassName }} + {{- end -}} + + {{- with $target.cacheAccessModes }} +cacheAccessModes: + {{- range . }} + - {{ . }} + {{- end }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/volsync/_moverSecurityContext.tpl b/charts/baikal/baikal/charts/common/templates/lib/volsync/_moverSecurityContext.tpl new file mode 100644 index 0000000..f86162d --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/volsync/_moverSecurityContext.tpl @@ -0,0 +1,28 @@ +{{- define "tc.v1.common.lib.volsync.moversecuritycontext" -}} + {{- $creds := .creds -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $volsyncData := .volsyncData -}} + {{- $target := get $volsyncData .target -}} + + {{- $sec := dict + "runAsUser" $rootCtx.Values.securityContext.container.runAsUser + "runAsGroup" $rootCtx.Values.securityContext.container.runAsGroup + "fsGroup" $rootCtx.Values.securityContext.pod.fsGroup + -}} + + {{- if $target.moverSecurityContext -}} + {{- $items := list "runAsUser" "runAsGroup" "fsGroup" -}} + {{- range $item := $items -}} + {{- if hasKey $target.moverSecurityContext $item -}} + {{- $_ := set $sec $item (get $target.moverSecurityContext $item) -}} + {{- end -}} + {{- end -}} + {{- end }} + +moverSecurityContext: + runAsUser: {{ $sec.runAsUser }} + runAsGroup: {{ $sec.runAsGroup }} + fsGroup: {{ $sec.fsGroup }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/volsync/_storage.tpl b/charts/baikal/baikal/charts/common/templates/lib/volsync/_storage.tpl new file mode 100644 index 0000000..dd03e1f --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/volsync/_storage.tpl @@ -0,0 +1,37 @@ +{{- define "tc.v1.common.lib.volsync.storage" -}} + {{- $creds := .creds -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + {{- $volsyncData := .volsyncData -}} + {{- $target := get $volsyncData .target -}} + + {{- $accessModes := $rootCtx.Values.global.fallbackDefaults.accessModes -}} + {{- if $objectData.accessModes }} + {{- $accessModes = $objectData.accessModes }} + {{- end }} + {{- if $target.accessModes }} + {{- $accessModes = $target.accessModes }} + {{- end }} + + {{- $storageClassName := $rootCtx.Values.global.fallbackDefaults.storageClass -}} + {{- if $objectData.storageClass }} + {{- $storageClassName = $objectData.storageClass }} + {{- end }} + {{- if $target.storageClassName }} + {{- $storageClassName = $target.storageClassName }} + {{- end }} + + {{- with $storageClassName }} +storageClassName: {{ . }} + {{- end }} + +accessModes: + {{- range $accessModes }} + - {{ . }} + {{- end }} + + {{- with $target.volumeSnapshotClassName }} +volumeSnapshotClassName: {{ . }} + {{- end }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/volsync/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/volsync/_validation.tpl new file mode 100644 index 0000000..ce13811 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/volsync/_validation.tpl @@ -0,0 +1,35 @@ +{{- define "tc.v1.common.lib.volsync.validation" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- if not $objectData.name -}} + {{- fail "VolSync - Expected non-empty [name]" -}} + {{- end -}} + + {{- if not $objectData.type -}} + {{- fail "VolSync - Expected non-empty [type]" -}} + {{- end -}} + + {{- $validTypes := list "restic" -}} + {{- if not (mustHas $objectData.type $validTypes) -}} + {{- fail (printf "VolSync - Expected [type] to be one of [%s], but got [%s]" (join ", " $validTypes) $objectData.type) -}} + {{- end -}} + + {{- if not $objectData.credentials -}} + {{- fail "VolSync - Expected non-empty [credentials]" -}} + {{- end -}} + + {{- if not (kindIs "string" $objectData.credentials) -}} + {{- fail (printf "VolSync - Expected [credentials] to be a string, but got [%s]" (kindOf $objectData.credentials)) -}} + {{- end -}} + + {{- include "tc.v1.common.lib.credentials.validation" (dict "rootCtx" $rootCtx "caller" "VolSync" "credName" $objectData.credentials) -}} + + {{- $copyMethods := list "Clone" "Direct" "Snapshot" -}} + {{- if $objectData.copyMethod -}} + {{- if not (mustHas $objectData.copyMethod $copyMethods) -}} + {{- fail (printf "VolSync - Expected [copyMethod] to be one of [%s], but got [%s]" (join ", " $copyMethods) $objectData.copyMethod) -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/vpa/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/vpa/_validation.tpl new file mode 100644 index 0000000..2ede292 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/vpa/_validation.tpl @@ -0,0 +1,115 @@ +{{- define "tc.v1.common.lib.vpa.validation" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $updPolicy := $objectData.updatePolicy -}} + {{- if $updPolicy -}} + {{- if not (kindIs "map" $updPolicy) -}} + {{- fail (printf "Vertical Pod Autoscaler - Expected [vpa.%s.updatePolicy] to be a dictionary, but got [%s]" $objectData.vpaName (kindOf $updPolicy)) -}} + {{- end -}} + + {{- $validModes := list "Auto" "Off" "Initial" "Recreate" -}} + {{- if and $updPolicy.updateMode (not (mustHas $updPolicy.updateMode $validModes)) -}} + {{- fail (printf "Vertical Pod Autoscaler - Value [%s] on [vpa.%s.updatePolicy.updateMode] is not valid. Must be one of [%s]" $updPolicy.updateMode $objectData.vpaName (join ", " $validModes)) -}} + {{- end -}} + + {{- if and $updPolicy.minReplicas (le ($updPolicy.minReplicas | int) 0) -}} + {{- fail (printf "Vertical Pod Autoscaler - Value [%v] on [vpa.%s.updatePolicy.minReplicas] must be greater than 0." $updPolicy.minReplicas $objectData.vpaName) -}} + {{- end -}} + + {{- if $updPolicy.evictionRequirements -}} + {{- if not (kindIs "slice" $updPolicy.evictionRequirements) -}} + {{- fail (printf "Vertical Pod Autoscaler - Value on [vpa.%s.updatePolicy.evictionRequirements] must be a list, but got [%s]" $objectData.vpaName (kindOf $updPolicy.evictionRequirements)) -}} + {{- end -}} + {{- range $idx, $req := $updPolicy.evictionRequirements -}} + {{- if not (kindIs "map" $req) -}} + {{- fail (printf "Vertical Pod Autoscaler - Value on [vpa.%s.updatePolicy.evictionRequirements.%d] must be a map, but got [%s]" $objectData.vpaName $idx (kindOf $req)) -}} + {{- end -}} + + {{- if not $req.resources -}} + {{- fail (printf "Vertical Pod Autoscaler - Value on [vpa.%s.updatePolicy.evictionRequirements.%d.resources] is required." $objectData.vpaName $idx) -}} + {{- end -}} + + {{- if not (kindIs "slice" $req.resources) -}} + {{- fail (printf "Vertical Pod Autoscaler - Value on [vpa.%s.updatePolicy.evictionRequirements.%d.resources] must be a list, but got [%s]" $objectData.vpaName $idx (kindOf $req.resources)) -}} + {{- end -}} + + {{- $validResources := (list "cpu" "memory") -}} + {{- range $x, $r := $req.resources -}} + {{- if not (mustHas $r $validResources) -}} + {{- fail (printf "Vertical Pod Autoscaler - Value [%s] on [vpa.%s.updatePolicy.evictionRequirements.%d.resources.%d] is not valid. Must be one of [%s]" $r $objectData.vpaName $idx $x (join ", " $validResources)) -}} + {{- end -}} + {{- end -}} + + {{- $validReq := (list "TargetHigherThanRequests" "TargetLowerThanRequests") -}} + {{- if not (mustHas $req.changeRequirement $validReq) -}} + {{- fail (printf "Vertical Pod Autoscaler - Value [%s] on [vpa.%s.updatePolicy.evictionRequirements.%d.changeRequirement] is not valid. Must be one of [%s]" $req.changeRequirement $objectData.vpaName $idx (join ", " $validReq)) -}} + {{- end -}} + + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $resPolicy := $objectData.resourcePolicy -}} + {{- if and $resPolicy $resPolicy.containerPolicies -}} + {{- if not (kindIs "slice" $resPolicy.containerPolicies) -}} + {{- fail (printf "Vertical Pod Autoscaler - Value on [vpa.%s.resourcePolicy.containerPolicies] must be a list, but got [%s]" $objectData.vpaName (kindOf $resPolicy.containerPolicies)) -}} + {{- end -}} + + {{- $validModes := (list "Auto" "Off") -}} + {{- range $idx, $cPol := $resPolicy.containerPolicies -}} + {{- if not (kindIs "map" $cPol) -}} + {{- fail (printf "Vertical Pod Autoscaler - Expected [vpa.%s.resourcePolicy.containerPolicies.%d] to be a dictionary, but got [%s]" $objectData.vpaName $idx (kindOf $cPol)) -}} + {{- end -}} + + {{- $validContainers := mustAppend $objectData.containerNames "*" -}} + {{- if not (mustHas $cPol.containerName $validContainers) -}} + {{- fail (printf "Vertical Pod Autoscaler - Value [%s] on [vpa.%s.resourcePolicy.containerPolicies.%d.containerName] is not valid. Must be one of [%s]" $cPol.containerName $objectData.vpaName $idx (join ", " $validContainers)) -}} + {{- end -}} + + {{- if and $cPol.mode (not (mustHas $cPol.mode $validModes)) -}} + {{- fail (printf "Vertical Pod Autoscaler - Value [%s] on [vpa.%s.resourcePolicy.containerPolicies.%d.mode] is not valid. Must be one of [%s]" $cPol.mode $objectData.vpaName $idx (join ", " $validModes)) -}} + {{- end -}} + + {{- if $cPol.controlledResources -}} + {{- if not (kindIs "slice" $cPol.controlledResources) -}} + {{- fail (printf "Vertical Pod Autoscaler - Expected [vpa.%s.resourcePolicy.containerPolicies.%d.controlledResources] to be a list, but got [%s]" $objectData.vpaName $idx (kindOf $cPol.controlledResources)) -}} + {{- end -}} + + {{- $validRes := (list "cpu" "memory") -}} + {{- range $x, $r := $cPol.controlledResources -}} + {{- if not (mustHas $r $validRes) -}} + {{- fail (printf "Vertical Pod Autoscaler - Value [%s] on [vpa.%s.resourcePolicy.containerPolicies.%d.controlledResources.%d] is not valid. Must be one of [%s]" $r $objectData.vpaName $idx $x (join ", " $validRes)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if $cPol.controlledValues -}} + {{- $validVals := (list "RequestsAndLimits" "RequestsOnly") -}} + {{- if not (mustHas $cPol.controlledValues $validVals) -}} + {{- fail (printf "Vertical Pod Autoscaler - Value [%s] on [vpa.%s.resourcePolicy.containerPolicies.%d.controlledValues] is not valid. Must be one of [%s]" $cPol.controlledValues $objectData.vpaName $idx (join ", " $validVals)) -}} + {{- end -}} + {{- end -}} + + {{- $data := (include "tc.v1.common.lib.resources.validation.data" .) | fromJson -}} + {{- $regex := $data.regex -}} + {{- $errorMsg := $data.errorMsg -}} + + {{- $items := (list "minAllowed" "maxAllowed") -}} + {{- range $item := $items -}} + {{- if not (get $cPol $item) -}}{{- continue -}}{{- end -}} + + {{- if not (kindIs "map" (get $cPol $item)) -}} + {{- fail (printf "Vertical Pod Autoscaler - Expected [vpa.%s.resourcePolicy.containerPolicies.%d.%s] to be a dictionary, but got [%s]" $objectData.vpaName $idx $item (kindOf (get $cPol $item))) -}} + {{- end -}} + + {{- range $k, $v := (get $cPol $item) -}} + {{- if not (mustRegexMatch (get $regex $k) (toString $v)) -}} + {{- fail (printf "Vertical Pod Autoscaler - Expected [vpa.%s.resourcePolicy.containerPolicies.%d.%s.%s] to have one of the following formats [%s], but got [%s]" $objectData.vpaName $idx $item $k (get $errorMsg $k) $v) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/webhook/_admissionReviewVersions.tpl b/charts/baikal/baikal/charts/common/templates/lib/webhook/_admissionReviewVersions.tpl new file mode 100644 index 0000000..ff4a81d --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/webhook/_admissionReviewVersions.tpl @@ -0,0 +1,8 @@ +{{- define "tc.v1.common.lib.webhook.admissionReviewVersions" -}} + {{- $admissionReviewVersions := .admissionReviewVersions -}} + {{- $rootCtx := .rootCtx }} +admissionReviewVersions: + {{- range $admissionReviewVersions }} + - {{ tpl . $rootCtx }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/webhook/_clientConfig.tpl b/charts/baikal/baikal/charts/common/templates/lib/webhook/_clientConfig.tpl new file mode 100644 index 0000000..14b2444 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/webhook/_clientConfig.tpl @@ -0,0 +1,22 @@ +{{- define "tc.v1.common.lib.webhook.clientConfig" -}} + {{- $clientConfig := .clientConfig -}} + {{- $rootCtx := .rootCtx }} +clientConfig: + {{- if $clientConfig.caBundle }} + caBundle: {{ tpl $clientConfig.caBundle $rootCtx | quote }} + {{- end -}} + {{- if $clientConfig.url }} + url: {{ tpl $clientConfig.url $rootCtx | quote }} + {{- end -}} + {{- if $clientConfig.service }} + service: + name: {{ tpl $clientConfig.service.name $rootCtx }} + namespace: {{ tpl $clientConfig.service.namespace $rootCtx }} + {{- with $clientConfig.service.path }} + path: {{ tpl . $rootCtx | quote }} + {{- end -}} + {{- with $clientConfig.service.port }} + port: {{ tpl . $rootCtx }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/webhook/_rules.tpl b/charts/baikal/baikal/charts/common/templates/lib/webhook/_rules.tpl new file mode 100644 index 0000000..dfa1952 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/webhook/_rules.tpl @@ -0,0 +1,26 @@ +{{- define "tc.v1.common.lib.webhook.rules" -}} + {{- $rules := .rules -}} + {{- $rootCtx := .rootCtx }} +rules: + {{- range $rule := $rules }} + - apiVersions: + {{- range $rule.apiVersions }} + - {{ tpl . $rootCtx | quote }} + {{- end }} + apiGroups: + {{- range $rule.apiGroups }} + - {{ tpl . $rootCtx | quote }} + {{- end }} + operations: + {{- range $rule.operations }} + - {{ tpl . $rootCtx | quote }} + {{- end }} + resources: + {{- range $rule.resources }} + - {{ tpl . $rootCtx | quote }} + {{- end -}} + {{- with $rule.scope }} + scope: {{ tpl . $rootCtx | quote }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/webhook/_validation.tpl b/charts/baikal/baikal/charts/common/templates/lib/webhook/_validation.tpl new file mode 100644 index 0000000..bf794e1 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/webhook/_validation.tpl @@ -0,0 +1,152 @@ +{{- define "tc.v1.common.lib.webhook.validation" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- if not $objectData.type -}} + {{- fail (printf "Webhook - Expected [type] in [webhook.%v] to not be empty" $objectData.shortName) -}} + {{- end -}} + + {{- $type := tpl $objectData.type $rootCtx -}} + {{- $types := (list "validating" "mutating") -}} + {{- if not (mustHas $type $types) -}} + {{- fail (printf "Webhook - Expected [type] in [webhook.%v] to be one of [%s], but got [%v]" $objectData.shortName (join ", " $types) $type) -}} + {{- end -}} + + {{- if not $objectData.webhooks -}} + {{- fail (printf "Webhook - Expected [webhooks] in [webhook.%v] to not be empty" $objectData.shortName) -}} + {{- end -}} + + {{- if not (kindIs "slice" $objectData.webhooks) -}} + {{- fail (printf "Webhook - Expected [webhooks] in [webhook.%v] to be a list, but got [%v]" $objectData.shortName (kindOf $objectData.webhooks)) -}} + {{- end -}} + + {{- range $webhook := $objectData.webhooks -}} + {{- if not $webhook.name -}} + {{- fail (printf "Webhook - Expected [name] in [webhook.%v] to not be empty" $objectData.shortName) -}} + {{- end -}} + + {{- $webhookName := tpl $webhook.name $rootCtx -}} + + {{- if not $webhook.admissionReviewVersions -}} + {{- fail (printf "Webhook - Expected [admissionReviewVersions] in [webhook.%v.%v] to not be empty" $objectData.shortName $webhookName) -}} + {{- end -}} + + {{- range $adm := $webhook.admissionReviewVersions -}} + {{- if not (kindIs "string" $adm) -}} + {{- fail (printf "Webhook - Expected [admissionReviewVersions] in [webhook.%v.%v] to be a string" $objectData.shortName $webhookName) -}} + {{- end -}} + {{- end -}} + + {{- if not $webhook.clientConfig -}} + {{- fail (printf "Webhook - Expected [clientConfig] in [webhook.%v.%v] to not be empty" $objectData.shortName $webhookName) -}} + {{- end -}} + + {{- with $webhook.clientConfig -}} + {{- if and .url .service -}} + {{- fail (printf "Webhook - Expected either [url] or [service] in [webhook.%v.%v] to be defined, but got both" $objectData.shortName $webhookName) -}} + {{- end -}} + + {{- $service := .service -}} + + {{- if $service -}} + {{- if not $service.name -}} + {{- fail (printf "Webhook - Expected [service.name] in [webhook.%v.%v] to not be empty" $objectData.shortName $webhookName) -}} + {{- end -}} + + {{- if not $service.namespace -}} + {{- fail (printf "Webhook - Expected [service.namespace] in [webhook.%v.%v] to not be empty" $objectData.shortName $webhookName) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if not $webhook.rules -}} + {{- fail (printf "Webhook - Expected [rules] in [webhook.%v.%v] to not be empty" $objectData.shortName $webhookName) -}} + {{- end -}} + + {{- if not (kindIs "slice" $webhook.rules) -}} + {{- fail (printf "Webhook - Expected [rules] in [webhook.%v.%v] to be a list, but got [%v]" $objectData.shortName $webhookName (kindOf $webhook.rules)) -}} + {{- end -}} + + {{- range $rule := $webhook.rules -}} + {{- if not $rule.apiGroups -}} + {{- fail (printf "Webhook - Expected [apiGroups] in [webhook.%v.%v] to not be empty" $objectData.shortName $webhookName) -}} + {{- end -}} + + {{- if not $rule.apiVersions -}} + {{- fail (printf "Webhook - Expected [apiVersions] in [webhook.%v.%v] to not be empty" $objectData.shortName $webhookName) -}} + {{- end -}} + + {{- if not $rule.operations -}} + {{- fail (printf "Webhook - Expected [operations] in [webhook.%v.%v] to not be empty" $objectData.shortName $webhookName) -}} + {{- end -}} + + {{- if not $rule.resources -}} + {{- fail (printf "Webhook - Expected [resources] in [webhook.%v.%v] to not be empty" $objectData.shortName $webhookName) -}} + {{- end -}} + + {{- $scopes := (list "Cluster" "Namespaced" "*") -}} + {{- with $rule.scope -}} + {{- $scope := tpl . $rootCtx -}} + {{- if not (mustHas $scope $scopes) -}} + {{- fail (printf "Webhook - Expected [scope] in [webhook.%v.%v] to be one of [%s], but got [%v]" $objectData.shortName $webhookName (join ", " $scopes) $scope) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- with $webhook.failurePolicy -}} + {{- $policy := tpl . $rootCtx -}} + {{- $failPolicies := (list "Ignore" "Fail") -}} + {{- if not (mustHas $policy $failPolicies) -}} + {{- fail (printf "Webhook - Expected [failurePolicy] in [webhook.%v.%v] to be one of [%s], but got [%v]" $objectData.shortName $webhookName (join ", " $failPolicies) $policy) -}} + {{- end -}} + {{- end -}} + + {{- with $webhook.matchPolicy -}} + {{- $policy := tpl . $rootCtx -}} + {{- $matchPolicies := (list "Exact" "Equivalent") -}} + {{- if not (mustHas $policy $matchPolicies) -}} + {{- fail (printf "Webhook - Expected [matchPolicy] in [webhook.%v.%v] to be one of [%s], but got [%v]" $objectData.shortName $webhookName (join ", " $matchPolicies) $policy) -}} + {{- end -}} + {{- end -}} + + {{- if and (eq $type "validating") $webhook.reinvocationPolicy -}} + {{- fail (printf "Webhook - Expected [mutating] type in [webhook.%v.%v] when [reinvocationPolicy] is defined" $objectData.shortName $webhookName) -}} + {{- end -}} + + {{- if and (eq $type "mutating") $webhook.reinvocationPolicy -}} + {{- $policy := tpl $webhook.reinvocationPolicy $rootCtx -}} + {{- $reinvPolicies := (list "Never" "IfNeeded") -}} + {{- if not (mustHas $policy $reinvPolicies) -}} + {{- fail (printf "Webhook - Expected [reinvocationPolicy] in [webhook.%v.%v] to be one of [%s], but got [%v]" $objectData.shortName $webhookName (join ", " $reinvPolicies) $policy) -}} + {{- end -}} + {{- end -}} + + {{- with $webhook.sideEffects -}} + {{- $effect := tpl . $rootCtx -}} + {{- $sideEffects := (list "None" "NoneOnDryRun") -}} + {{- if not (mustHas $effect $sideEffects) -}} + {{- fail (printf "Webhook - Expected [sideEffects] in [webhook.%v.%v] to be one of [%s], but got [%v]" $objectData.shortName $webhookName (join ", " $sideEffects) $effect) -}} + {{- end -}} + {{- end -}} + + {{- if (hasKey $webhook "timeoutSeconds") -}} + {{- if (kindIs "invalid" $webhook.timeoutSeconds) -}} + {{- fail (printf "Webhook - Expected the defined key [timeoutSeconds] in [webhook.%v.%v] to not be empty" $objectData.shortName $webhookName) -}} + {{- end -}} + + {{- if not (mustHas (kindOf $webhook.timeoutSeconds) (list "int" "int64" "float64")) -}} + {{- fail (printf "Webhook - Expected [timeoutSeconds] in [webhook.%v.%v] to be an integer, but got [%v]" $objectData.shortName $webhookName (kindOf $webhook.timeoutSeconds)) -}} + {{- end -}} + + {{- if (lt (int $webhook.timeoutSeconds) 1) -}} + {{- fail (printf "Webhook - Expected [timeoutSeconds] in [webhook.%v.%v] to be greater than 0, but got [%v]" $objectData.shortName $webhookName $webhook.timeoutSeconds) -}} + {{- end -}} + + {{- if (gt (int $webhook.timeoutSeconds) 30) -}} + {{- fail (printf "Webhook - Expected [timeoutSeconds] in [webhook.%v.%v] to be less than 30, but got [%v]" $objectData.shortName $webhookName $webhook.timeoutSeconds) -}} + {{- end -}} + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/webhook/_webhook.tpl b/charts/baikal/baikal/charts/common/templates/lib/webhook/_webhook.tpl new file mode 100644 index 0000000..f49ea21 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/webhook/_webhook.tpl @@ -0,0 +1,31 @@ +{{- define "tc.v1.common.lib.webhook" -}} + {{- $webhook := .webhook -}} + {{- $rootCtx := .rootCtx }} +- name: {{ tpl $webhook.name $rootCtx }} + {{- with $webhook.failurePolicy }} + failurePolicy: {{ tpl . $rootCtx }} + {{- end -}} + {{- with $webhook.matchPolicy }} + matchPolicy: {{ tpl . $rootCtx }} + {{- end -}} + {{- with $webhook.reinvocationPolicy }} + reinvocationPolicy: {{ tpl . $rootCtx }} + {{- end -}} + {{- with $webhook.sideEffects }} + sideEffects: {{ tpl . $rootCtx }} + {{- end -}} + {{- with $webhook.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end -}} + {{- include "tc.v1.common.lib.webhook.admissionReviewVersions" (dict "rootCtx" $rootCtx "admissionReviewVersions" $webhook.admissionReviewVersions) | trim | nindent 2 -}} + {{- include "tc.v1.common.lib.webhook.clientConfig" (dict "rootCtx" $rootCtx "clientConfig" $webhook.clientConfig) | trim | nindent 2 -}} + {{- include "tc.v1.common.lib.webhook.rules" (dict "rootCtx" $rootCtx "rules" $webhook.rules) | trim | nindent 2 -}} + {{- with $webhook.namespaceSelector }} + namespaceSelector: + {{- tpl (toYaml $webhook.namespaceSelector) $rootCtx | nindent 2 -}} + {{- end -}} + {{- with $webhook.objectSelector }} + objectSelector: + {{- tpl (toYaml $webhook.objectSelector) $rootCtx | nindent 2 -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/workload/_cronjobSpec.tpl b/charts/baikal/baikal/charts/common/templates/lib/workload/_cronjobSpec.tpl new file mode 100644 index 0000000..cd1f1a0 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/workload/_cronjobSpec.tpl @@ -0,0 +1,31 @@ +{{/* CronJob Spec */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.workload.cronjobSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: + schedule: The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. + concurrencyPolicy: Allow, Forbid, or Replace. Defaults to Allow. + failedJobsHistoryLimit: The number of failed finished jobs to retain. Defaults to 1. + successfulJobsHistoryLimit: The number of successful finished jobs to retain. Defaults to 3. + startingDeadlineSeconds: Optional deadline in seconds for starting the job if it misses scheduled time for any reason. Defaults to nil. + timezone: The timezone name. Defaults to .Values.TZ + +jobSpec data +*/}} +{{- define "tc.v1.common.lib.workload.cronjobSpec" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $suspend := $objectData.suspend | default false -}} + {{- if (include "tc.v1.common.lib.util.stopAll" $rootCtx) -}} + {{- $suspend = true -}} + {{- end }} +timeZone: {{ (tpl ($objectData.timezone | default $rootCtx.Values.TZ) $rootCtx) | quote }} +schedule: {{ (tpl $objectData.schedule $rootCtx) | quote }} +concurrencyPolicy: {{ $objectData.concurrencyPolicy | default "Forbid" }} +failedJobsHistoryLimit: {{ $objectData.failedJobsHistoryLimit | default 1 }} +successfulJobsHistoryLimit: {{ $objectData.successfulJobsHistoryLimit | default 3 }} +startingDeadlineSeconds: {{ $objectData.startingDeadlineSeconds | default 600 }} +suspend: {{ $suspend }} +jobTemplate: + spec: + {{- include "tc.v1.common.lib.workload.jobSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) | indent 4 }} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/workload/_daemonsetSpec.tpl b/charts/baikal/baikal/charts/common/templates/lib/workload/_daemonsetSpec.tpl new file mode 100644 index 0000000..c177719 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/workload/_daemonsetSpec.tpl @@ -0,0 +1,30 @@ +{{/* DaemonSet Spec */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.workload.daemonsetSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: + revisionHistoryLimit: The number of old ReplicaSets to retain to allow rollback. + strategy: The daemonset strategy to use to replace existing pods with new ones. +*/}} +{{- define "tc.v1.common.lib.workload.daemonsetSpec" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- include "tc.v1.common.lib.workload.components.strategyType" (dict + "rootCtx" $rootCtx "objectData" $objectData + "defaultStrategy" "RollingUpdate" "resource" "DaemonSet" + ) }} +revisionHistoryLimit: {{ $objectData.revisionHistoryLimit | default 3 }} +updateStrategy: + type: {{ $objectData.strategy }} + {{- if and (eq $objectData.strategy "RollingUpdate") $objectData.rollingUpdate -}} + {{ if (or (hasKey $objectData.rollingUpdate "maxUnavailable") (hasKey $objectData.rollingUpdate "maxSurge")) }} + rollingUpdate: + {{- if hasKey $objectData.rollingUpdate "maxUnavailable" }} + maxUnavailable: {{ $objectData.rollingUpdate.maxUnavailable }} + {{- end -}} + {{- if hasKey $objectData.rollingUpdate "maxSurge" }} + maxSurge: {{ $objectData.rollingUpdate.maxSurge }} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/workload/_deploymentSpec.tpl b/charts/baikal/baikal/charts/common/templates/lib/workload/_deploymentSpec.tpl new file mode 100644 index 0000000..0672381 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/workload/_deploymentSpec.tpl @@ -0,0 +1,39 @@ +{{/* Deployment Spec */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.workload.deploymentSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: + replicas: The number of replicas. + revisionHistoryLimit: The number of old ReplicaSets to retain to allow rollback. + strategy: The deployment strategy to use to replace existing pods with new ones. +*/}} +{{- define "tc.v1.common.lib.workload.deploymentSpec" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- include "tc.v1.common.lib.workload.components.strategyType" (dict + "rootCtx" $rootCtx "objectData" $objectData + "defaultStrategy" "Recreate" "resource" "Deployment" + ) -}} + {{- $replicas := 1 -}} + {{- if hasKey $objectData "replicas" -}} + {{- $replicas = $objectData.replicas -}} + {{- end -}} + {{- if (include "tc.v1.common.lib.util.stopAll" $rootCtx) -}} + {{- $replicas = 0 -}} + {{- end }} +replicas: {{ $replicas }} +revisionHistoryLimit: {{ $objectData.revisionHistoryLimit | default 3 }} +strategy: + type: {{ $objectData.strategy }} + {{- if and (eq $objectData.strategy "RollingUpdate") $objectData.rollingUpdate -}} + {{ if (or (hasKey $objectData.rollingUpdate "maxUnavailable") (hasKey $objectData.rollingUpdate "maxSurge")) }} + rollingUpdate: + {{- if hasKey $objectData.rollingUpdate "maxUnavailable" }} + maxUnavailable: {{ $objectData.rollingUpdate.maxUnavailable }} + {{- end -}} + {{- if hasKey $objectData.rollingUpdate "maxSurge" }} + maxSurge: {{ $objectData.rollingUpdate.maxSurge }} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/workload/_jobSpec.tpl b/charts/baikal/baikal/charts/common/templates/lib/workload/_jobSpec.tpl new file mode 100644 index 0000000..bca25f6 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/workload/_jobSpec.tpl @@ -0,0 +1,31 @@ +{{/* Job Spec */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.workload.jobSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: + backoffLimit: The number of retries before marking this job failed. Defaults to 6. + completions: The desired number of successfully finished pods the job should be run with. Defaults to 1. + parallelism: The maximum desired number of pods the job should run at any given time. Defaults to 1. + activeDeadlineSeconds: Specifies the duration in seconds relative to the startTime that the job may be active before the system tries to terminate it; value must be positive integer. If set to nil, the job is never terminated due to timeout. + ttlSecondsAfterFinished: TTLSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the TTLAfterFinished feature. + completionMode: CompletionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`. +*/}} +{{- define "tc.v1.common.lib.workload.jobSpec" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $parallelism := 1 -}} + {{- if hasKey $objectData "parallelism" -}} + {{- $parallelism = $objectData.parallelism -}} + {{- end -}} + {{- if (include "tc.v1.common.lib.util.stopAll" $rootCtx) -}} + {{- $parallelism = 0 -}} + {{- end }} +backoffLimit: {{ $objectData.backoffLimit | default 5 }} +completionMode: {{ $objectData.completionMode | default "NonIndexed" }} +completions: {{ $objectData.completions | default nil }} +parallelism: {{ $parallelism }} +ttlSecondsAfterFinished: {{ $objectData.ttlSecondsAfterFinished | default 120 }} + {{- with $objectData.activeDeadlineSeconds }} +activeDeadlineSeconds: {{ . }} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/workload/_pod.tpl b/charts/baikal/baikal/charts/common/templates/lib/workload/_pod.tpl new file mode 100644 index 0000000..cb4b521 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/workload/_pod.tpl @@ -0,0 +1,71 @@ +{{/* Pod Spec */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.workload.pod" (dict "rootCtx" $ "objectData" $objectData) }} +rootCtx: The root context of the chart. +objectData: The object data to be used to render the Pod. +*/}} +{{- define "tc.v1.common.lib.workload.pod" -}} + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData }} +serviceAccountName: {{ include "tc.v1.common.lib.pod.serviceAccountName" (dict "rootCtx" $rootCtx "objectData" $objectData) }} +automountServiceAccountToken: {{ include "tc.v1.common.lib.pod.automountServiceAccountToken" (dict "rootCtx" $rootCtx "objectData" $objectData) }} +runtimeClassName: {{ include "tc.v1.common.lib.pod.runtimeClassName" (dict "rootCtx" $rootCtx "objectData" $objectData) }} + {{- with (include "tc.v1.common.lib.pod.imagePullSecret" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} +imagePullSecrets: + {{- . | nindent 2 }} + {{- end }} +hostNetwork: {{ include "tc.v1.common.lib.pod.hostNetwork" (dict "rootCtx" $rootCtx "objectData" $objectData) }} +hostPID: {{ include "tc.v1.common.lib.pod.hostPID" (dict "rootCtx" $rootCtx "objectData" $objectData) }} +hostIPC: {{ include "tc.v1.common.lib.pod.hostIPC" (dict "rootCtx" $rootCtx "objectData" $objectData) }} +shareProcessNamespace: {{ include "tc.v1.common.lib.pod.shareProcessNamespace" (dict "rootCtx" $rootCtx "objectData" $objectData) }} +enableServiceLinks: {{ include "tc.v1.common.lib.pod.enableServiceLinks" (dict "rootCtx" $rootCtx "objectData" $objectData) }} +restartPolicy: {{ include "tc.v1.common.lib.pod.restartPolicy" (dict "rootCtx" $rootCtx "objectData" $objectData) }} + {{- with (include "tc.v1.common.lib.pod.schedulerName" (dict "rootCtx" $rootCtx "objectData" $objectData)) }} +schedulerName: {{ . }} + {{- end -}} + {{- with (include "tc.v1.common.lib.pod.priorityClassName" (dict "rootCtx" $rootCtx "objectData" $objectData)) }} +priorityClassName: {{ . }} + {{- end -}} + {{- with (include "tc.v1.common.lib.pod.nodeSelector" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} +nodeSelector: + {{- . | nindent 2 }} + {{- end -}} + {{- with (include "tc.v1.common.lib.pod.affinity" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} +affinity: + {{- . | nindent 2 }} + {{- end -}} + {{- with (include "tc.v1.common.lib.pod.topologySpreadConstraints" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} +topologySpreadConstraints: + {{- . | nindent 2 }} + {{- end -}} + {{- with (include "tc.v1.common.lib.pod.hostAliases" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} +hostAliases: + {{- . | nindent 2 }} + {{- end -}} + {{- with (include "tc.v1.common.lib.pod.hostname" (dict "rootCtx" $rootCtx "objectData" $objectData)) }} +hostname: {{ . }} + {{- end -}} + {{- include "tc.v1.common.lib.pod.dns" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} + {{- with (include "tc.v1.common.lib.pod.terminationGracePeriodSeconds" (dict "rootCtx" $rootCtx "objectData" $objectData)) }} +terminationGracePeriodSeconds: {{ . }} + {{- end -}} + {{- with (include "tc.v1.common.lib.pod.tolerations" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} +tolerations: + {{- . | nindent 2 }} + {{- end }} +securityContext: + {{- include "tc.v1.common.lib.pod.securityContext" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }} +hostUsers: {{ include "tc.v1.common.lib.pod.hostUsers" (dict "rootCtx" $rootCtx "objectData" $objectData) }} + {{- if $objectData.podSpec.containers }} +containers: + {{- include "tc.v1.common.lib.pod.containerSpawner" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}} + {{- end -}} + {{- if $objectData.podSpec.initContainers }} +initContainers: + {{- include "tc.v1.common.lib.pod.initContainerSpawner" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}} + {{- end -}} + {{- with (include "tc.v1.common.lib.pod.volumes" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} +volumes: + {{- . | nindent 2 }} +{{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/workload/_statefulsetSpec.tpl b/charts/baikal/baikal/charts/common/templates/lib/workload/_statefulsetSpec.tpl new file mode 100644 index 0000000..bd26f33 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/workload/_statefulsetSpec.tpl @@ -0,0 +1,40 @@ +{{/* StatefulSet Spec */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.workload.statefulsetSpec" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: + replicas: The number of replicas. + revisionHistoryLimit: The number of old ReplicaSets to retain to allow rollback. + strategy: The statefulset strategy to use to replace existing pods with new ones. +*/}} +{{- define "tc.v1.common.lib.workload.statefulsetSpec" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- include "tc.v1.common.lib.workload.components.strategyType" (dict + "rootCtx" $rootCtx "objectData" $objectData + "defaultStrategy" "RollingUpdate" "resource" "StatefulSet" + ) -}} + {{- $replicas := 1 -}} + {{- if hasKey $objectData "replicas" -}} + {{- $replicas = $objectData.replicas -}} + {{- end -}} + {{- if (include "tc.v1.common.lib.util.stopAll" $rootCtx) -}} + {{- $replicas = 0 -}} + {{- end }} +replicas: {{ $replicas }} +revisionHistoryLimit: {{ $objectData.revisionHistoryLimit | default 3 }} +serviceName: {{ $objectData.name }} +updateStrategy: + type: {{ $objectData.strategy }} + {{- if and (eq $objectData.strategy "RollingUpdate") $objectData.rollingUpdate -}} + {{- if (or (hasKey $objectData.rollingUpdate "maxUnavailable") (hasKey $objectData.rollingUpdate "partition")) }} + rollingUpdate: + {{- if hasKey $objectData.rollingUpdate "maxUnavailable" }} + maxUnavailable: {{ $objectData.rollingUpdate.maxUnavailable }} + {{- end -}} + {{- if hasKey $objectData.rollingUpdate "partition" }} + partition: {{ $objectData.rollingUpdate.partition }} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/workload/components/_strategyType.tpl b/charts/baikal/baikal/charts/common/templates/lib/workload/components/_strategyType.tpl new file mode 100644 index 0000000..99fdcea --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/workload/components/_strategyType.tpl @@ -0,0 +1,71 @@ +{{/* Call this template: +{{ include "tc.v1.common.lib.workload.components.strategyType" (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: + replicas: The number of replicas. + strategy: The deployment strategy to use to replace existing pods with new ones. +*/}} +{{- define "tc.v1.common.lib.workload.components.strategyType" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + {{- $defaultStrategy := .defaultStrategy -}} + {{- $resource := .resource -}} + {{- $strategy := $objectData.strategy | default $defaultStrategy -}} + + {{- $replicas := 1 -}} + {{- if hasKey $objectData "replicas" -}} + {{- $replicas = $objectData.replicas -}} + {{- end -}} + {{- $replicas = $replicas | int -}} + + {{- $volsRWO := list -}} + {{- range $name, $persistence := $rootCtx.Values.persistence }} + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $rootCtx "objectData" $persistence + "name" $name "caller" "Volumes" + "key" "persistence")) -}} + + {{- if (ne $enabled "true") -}}{{- continue -}}{{- end -}} + + {{- $type := ($persistence.type | default $rootCtx.Values.global.fallbackDefaults.persistenceType) -}} + {{- $typesWithAccessMode := (list "pvc") -}} + + {{- if (mustHas $type $typesWithAccessMode) -}} + {{- $modes := include "tc.v1.common.lib.pvc.accessModes" (dict "rootCtx" $rootCtx + "objectData" $persistence "caller" "Volumes") | fromYamlArray + -}} + + {{- $hasRWO := include "tc.v1.common.lib.pod.volumes.hasRWO" (dict "modes" $modes) -}} + {{- if ne $hasRWO "true" -}}{{- continue -}}{{- end -}} + {{- $volsRWO = mustAppend $volsRWO $name -}} + {{- end -}} + {{- end -}} + + {{/* If there are any RWO vols, do some checks and add warnings */}} + {{- if gt (len $volsRWO) 0 -}} + {{/* RWO + replicas > 1 is a no-no */}} + {{- if gt $replicas 1 -}} + {{- include "add.warning" (dict "rootCtx" $rootCtx "warn" (printf + "WARNING: The [accessModes] on volume(s) [%s] is set to [ReadWriteOnce] with a more than 1 replica. This is not stables" (join "," $volsRWO) + )) -}} + {{- else -}} + {{/* DaemonSets and StatefulSets can have RWO with 1 replica under their supported strategies (OnDelete, RollingUpdate) */}} + + {{- if eq $resource "Deployment" -}} + + {{/* On Deployments with single replicas, warn if strategy is not recreate */}} + {{- if eq $strategy "Recreate" -}} + {{- include "add.warning" (dict "rootCtx" $rootCtx "warn" (printf + "WARNING: The [accessModes] on volume(s) [%s] is set to [ReadWriteOnce] with a single replica and an strategy of [%s]. %s" + (join "," $volsRWO) $strategy "This is not stable, defaulting to [Recreate] strategy" + )) -}} + {{- end -}} + {{- $strategy = "Recreate" -}} + + {{- end -}} + {{- end -}} + {{- end -}} + + {{/* Update strategy */}} + {{- $_ := set $objectData "strategy" $strategy -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_cronjobValidation.tpl b/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_cronjobValidation.tpl new file mode 100644 index 0000000..26604a0 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_cronjobValidation.tpl @@ -0,0 +1,29 @@ +{{/* CronJob Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.workload.cronjobValidation" (dict "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: + completionMode: The completionMode of the object. + completions: The completions of the object. + parallelism: The parallelism of the object. +*/}} +{{- define "tc.v1.common.lib.workload.cronjobValidation" -}} + {{- $objectData := .objectData -}} + + {{- if $objectData.concurrencyPolicy -}} + {{- $concurrencyPolicy := $objectData.concurrencyPolicy -}} + + {{- $policies := (list "Allow" "Forbid" "Replace") -}} + {{- if not (mustHas $concurrencyPolicy $policies) -}} + {{- fail (printf "CronJob - Expected [concurrencyPolicy] to be one of [%s], but got [%v]" (join ", " $policies) $concurrencyPolicy) -}} + {{- end -}} + + {{- end -}} + + {{- if not $objectData.schedule -}} + {{- fail "CronJob - Expected non-empty [schedule]" -}} + {{- end -}} + + {{/* CronJob contains a job inside, so we validate job values too */}} + {{- include "tc.v1.common.lib.workload.jobValidation" (dict "objectData" $objectData) -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_daemonsetValidation.tpl b/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_daemonsetValidation.tpl new file mode 100644 index 0000000..1283a03 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_daemonsetValidation.tpl @@ -0,0 +1,30 @@ +{{/* DaemonSet Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.workload.daemonsetValidation" (dict "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: + strategy: The strategy of the object. + rollingUpdate: The rollingUpdate of the object. +*/}} +{{- define "tc.v1.common.lib.workload.daemonsetValidation" -}} + {{- $objectData := .objectData -}} + + {{- if $objectData.strategy -}} + {{- $strategy := $objectData.strategy -}} + + {{- $strategies := (list "OnDelete" "RollingUpdate") -}} + {{- if not (mustHas $strategy $strategies) -}} + {{- fail (printf "DaemonSet - Expected [strategy] to be one of [%s], but got [%v]" (join ", " $strategies) $strategy) -}} + {{- end -}} + + {{- end -}} + + {{- if $objectData.rollingUpdate -}} + {{- $rollUp := $objectData.rollingUpdate -}} + + {{- if and $rollUp (not (kindIs "map" $rollUp)) -}} + {{- fail (printf "DaemonSet - Expected [rollingUpdate] to be a dictionary, but got [%v]" (kindOf $rollUp)) -}} + {{- end -}} + + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_deploymentValidation.tpl b/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_deploymentValidation.tpl new file mode 100644 index 0000000..293d9f2 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_deploymentValidation.tpl @@ -0,0 +1,30 @@ +{{/* Deployment Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.workload.deploymentValidation" (dict "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: + strategy: The strategy of the object. + rollingUpdate: The rollingUpdate of the object. +*/}} +{{- define "tc.v1.common.lib.workload.deploymentValidation" -}} + {{- $objectData := .objectData -}} + + {{- if $objectData.strategy -}} + {{- $strategy := $objectData.strategy -}} + + {{- $strategies := (list "Recreate" "RollingUpdate") -}} + {{- if not (mustHas $strategy $strategies) -}} + {{- fail (printf "Deployment - Expected [strategy] to be one of [%s], but got [%v]" (join ", " $strategies) $strategy) -}} + {{- end -}} + + {{- end -}} + + {{- if $objectData.rollingUpdate -}} + {{- $rollUp := $objectData.rollingUpdate -}} + + {{- if and $rollUp (not (kindIs "map" $rollUp)) -}} + {{- fail (printf "Deployment - Expected [rollingUpdate] to be a dictionary, but got [%v]" (kindOf $rollUp)) -}} + {{- end -}} + + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_jobValidation.tpl b/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_jobValidation.tpl new file mode 100644 index 0000000..a68027e --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_jobValidation.tpl @@ -0,0 +1,32 @@ +{{/* Job Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.workload.jobValidation" (dict "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: + completionMode: The completionMode of the object. + completions: The completions of the object. + parallelism: The parallelism of the object. +*/}} +{{- define "tc.v1.common.lib.workload.jobValidation" -}} + {{- $objectData := .objectData -}} + + {{- if $objectData.completionMode -}} + {{- $completionMode := $objectData.completionMode -}} + + {{- if not (mustHas $completionMode (list "Indexed" "NonIndexed")) -}} + {{- fail (printf "Job - Expected [completionMode] to be one of [Indexed, NonIndexed], but got [%v]" $completionMode) -}} + {{- end -}} + + {{- if eq $completionMode "Indexed" -}} + {{- if not $objectData.completions -}} + {{- fail "Job - Expected [completions] to be set when [completionMode] is set to [Indexed]" -}} + {{- end -}} + + {{- if not $objectData.parallelism -}} + {{- fail "Job - Expected [parallelism] to be set when [completionMode] is set to [Indexed]" -}} + {{- end -}} + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_statefusetValidation.tpl b/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_statefusetValidation.tpl new file mode 100644 index 0000000..4bfd4b2 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_statefusetValidation.tpl @@ -0,0 +1,30 @@ +{{/* StatefulSet Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.workload.statefulsetValidation" (dict "objectData" $objectData) -}} +rootCtx: The root context of the chart. +objectData: + strategy: The strategy of the object. + rollingUpdate: The rollingUpdate of the object. +*/}} +{{- define "tc.v1.common.lib.workload.statefulsetValidation" -}} + {{- $objectData := .objectData -}} + + {{- if $objectData.strategy -}} + {{- $strategy := $objectData.strategy -}} + + {{- $strategies := (list "OnDelete" "RollingUpdate") -}} + {{- if not (mustHas $strategy $strategies) -}} + {{- fail (printf "StatefulSet - Expected [strategy] to be one of [%s], but got [%v]" (join ", " $strategies) $strategy) -}} + {{- end -}} + + {{- end -}} + + {{- if $objectData.rollingUpdate -}} + {{- $rollUp := $objectData.rollingUpdate -}} + + {{- if and $rollUp (not (kindIs "map" $rollUp)) -}} + {{- fail (printf "StatefulSet - Expected [rollingUpdate] to be a dictionary, but got [%v]" (kindOf $rollUp)) -}} + {{- end -}} + + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_workloadValidation.tpl b/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_workloadValidation.tpl new file mode 100644 index 0000000..052def5 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/lib/workload/validation/_workloadValidation.tpl @@ -0,0 +1,43 @@ +{{/* Workload Basic Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.workload.primaryValidation" $ -}} +*/}} +{{- define "tc.v1.common.lib.workload.primaryValidation" -}} + + {{/* Initialize values */}} + {{- $hasPrimary := false -}} + {{- $hasEnabled := false -}} + + {{/* Go over workload */}} + {{- range $name, $workload := .Values.workload -}} + + {{/* If workload is enabled */}} + {{- if $workload.enabled -}} + + {{- $types := (list "Deployment" "StatefulSet" "DaemonSet" "Job" "CronJob") -}} + {{- if not (mustHas $workload.type $types) -}} + {{- fail (printf "Workload - Expected [type] to be one of [%s], but got [%s]" (join ", " $types) $workload.type) -}} + {{- end -}} + + {{- $hasEnabled = true -}} + + {{/* And workload is primary */}} + {{- if $workload.primary -}} + {{/* Fail if there is already a primary workload */}} + {{- if $hasPrimary -}} + {{- fail "Workload - Only one workload can be primary" -}} + {{- end -}} + + {{- $hasPrimary = true -}} + + {{- end -}} + {{- end -}} + + {{- end -}} + + {{/* Require at one primary workload, if any enabled */}} + {{- if and $hasEnabled (not $hasPrimary) -}} + {{- fail "Workload - One enabled workload must be primary" -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/loader/_all.tpl b/charts/baikal/baikal/charts/common/templates/loader/_all.tpl new file mode 100644 index 0000000..2983499 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/loader/_all.tpl @@ -0,0 +1,8 @@ +{{/* Main entrypoint for the library */}} +{{- define "tc.v1.common.loader.all" -}} + + {{- include "tc.v1.common.loader.init" . -}} + + {{- include "tc.v1.common.loader.apply" . -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/loader/_apply.tpl b/charts/baikal/baikal/charts/common/templates/loader/_apply.tpl new file mode 100644 index 0000000..20a634d --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/loader/_apply.tpl @@ -0,0 +1,79 @@ +{{/* Loads all spawners */}} +{{- define "tc.v1.common.loader.apply" -}} + + {{/* Inject custom tpl files, as defined in values.yaml */}} + {{- include "tc.v1.common.spawner.extraTpl" . | nindent 0 -}} + + {{/* Ensure automatic permissions containers are injected */}} + {{- include "tc.v1.common.lib.util.autoperms.job" $ -}} + + {{/* Make sure there are not any YAML errors */}} + {{- include "tc.v1.common.values.validate" .Values -}} + + {{/* Render ConfigMap(s) */}} + {{- include "tc.v1.common.spawner.configmap" . | nindent 0 -}} + + {{/* Render priorityclass(s) */}} + {{- include "tc.v1.common.spawner.priorityclass" . | nindent 0 -}} + + {{/* Render Secret(s) */}} + {{- include "tc.v1.common.spawner.secret" . | nindent 0 -}} + + {{/* Render Image Pull Secrets(s) */}} + {{- include "tc.v1.common.spawner.imagePullSecret" . | nindent 0 -}} + + {{/* Render Service Accounts(s) */}} + {{- include "tc.v1.common.spawner.serviceAccount" . | nindent 0 -}} + + {{/* Render RBAC(s) */}} + {{- include "tc.v1.common.spawner.rbac" . | nindent 0 -}} + + {{/* Render Workload(s) */}} + {{- include "tc.v1.common.spawner.workload" . | nindent 0 -}} + + {{/* Render Services(s) */}} + {{- include "tc.v1.common.spawner.service" . | nindent 0 -}} + + {{/* Render storageClass(s) */}} + {{- include "tc.v1.common.spawner.storageclass" . | nindent 0 -}} + + {{/* Render PVC(s) */}} + {{- include "tc.v1.common.spawner.pvc" . | nindent 0 -}} + + {{/* Render volumeSnapshot(s) */}} + {{- include "tc.v1.common.spawner.volumesnapshot" . | nindent 0 -}} + + {{/* Render volumeSnapshotClass(s) */}} + {{- include "tc.v1.common.spawner.volumesnapshotclass" . | nindent 0 -}} + + {{/* Render Middleware(s) */}} + {{- include "tc.v1.common.spawner.traefik.middleware" . | nindent 0 -}} + + {{/* Render ingress(s) */}} + {{- include "tc.v1.common.spawner.ingress" . | nindent 0 -}} + + {{/* Render Gateway API Route(s) */}} + {{- include "tc.v1.common.spawner.routes" . | nindent 0 -}} + + {{/* Render Horizontal Pod Autoscalers(s) */}} + {{- include "tc.v1.common.spawner.hpa" . | nindent 0 -}} + + {{/* Render Networkpolicy(s) */}} + {{- include "tc.v1.common.spawner.networkpolicy" . | nindent 0 -}} + + {{/* Render podDisruptionBudget(s) */}} + {{- include "tc.v1.common.spawner.podDisruptionBudget" . | nindent 0 -}} + + {{/* Render webhook(s) */}} + {{- include "tc.v1.common.spawner.webhook" . | nindent 0 -}} + + {{/* Render Prometheus Metrics(s) */}} + {{- include "tc.v1.common.spawner.metrics" . | nindent 0 -}} + + {{/* Render Cert-Manager Certificates(s) */}} + {{- include "tc.v1.common.spawner.certificate" . | nindent 0 -}} + + {{/* Render Vertical Pod Autoscaler */}} + {{ include "tc.v1.common.spawner.vpa" . | nindent 0 -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/loader/_init.tpl b/charts/baikal/baikal/charts/common/templates/loader/_init.tpl new file mode 100644 index 0000000..6a2f78e --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/loader/_init.tpl @@ -0,0 +1,53 @@ +{{/* Initialiaze values of the chart */}} +{{- define "tc.v1.common.loader.init" -}} + + {{- include "tc.v1.common.check.capabilities" . -}} + + {{/* Merge chart values and the common chart defaults */}} + {{- include "tc.v1.common.values.init" . -}} + + {{/* Ensure TrueCharts chart context information is available */}} + {{- include "tc.v1.common.lib.util.chartcontext" . -}} + + {{/* Autogenerate postgresql passwords if needed */}} + {{- include "tc.v1.common.spawner.cnpg" . }} + + {{/* Autogenerate redis passwords if needed */}} + {{- include "tc.v1.common.dependencies.redis.injector" . }} + + {{/* Autogenerate mariadb passwords if needed */}} + {{- include "tc.v1.common.dependencies.mariadb.injector" . }} + + {{/* Autogenerate mongodb passwords if needed */}} + {{- include "tc.v1.common.dependencies.mongodb.injector" . }} + + {{/* Autogenerate clickhouse passwords if needed */}} + {{- include "tc.v1.common.dependencies.clickhouse.injector" . }} + + {{/* Autogenerate solr passwords if needed */}} + {{- include "tc.v1.common.dependencies.solr.injector" . }} + + {{/* Enable code-server add-on if required */}} + {{- if .Values.addons.codeserver.enabled }} + {{- include "tc.v1.common.addon.codeserver" . }} + {{- end -}} + + {{/* Enable gluetun add-on if required */}} + {{- if and .Values.addons.gluetun .Values.addons.gluetun.enabled -}} + {{- include "tc.v1.common.addon.gluetun" . }} + {{- end -}} + + {{/* Enable tailscale add-on if required */}} + {{- if and .Values.addons.tailscale .Values.addons.tailscale.enabled -}} + {{- include "tc.v1.common.addon.tailscale" . }} + {{- end -}} + + {{/* Enable netshoot add-on if required */}} + {{- if and .Values.addons.netshoot .Values.addons.netshoot.enabled }} + {{- include "tc.v1.common.addon.netshoot" . }} + {{- end -}} + + {{/* Append database wait containers to pods */}} + {{- include "tc.v1.common.lib.deps.wait" $ }} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_cnpg.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_cnpg.tpl new file mode 100644 index 0000000..40a0b11 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_cnpg.tpl @@ -0,0 +1,76 @@ +{{/* Renders the cnpg objects required by the chart */}} +{{- define "tc.v1.common.spawner.cnpg" -}} + + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{- range $name, $cnpg := $.Values.cnpg -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $cnpg + "name" $name "caller" "CNPG" + "key" "cnpg")) -}} + + {{/* Create a copy */}} + {{- $objectData := mustDeepCopy $cnpg -}} + {{- $objectName := printf "%s-cnpg-%s" $fullname $name -}} + + {{/* Set the name */}} + {{- $_ := set $objectData "name" $objectName -}} + {{/* Short name is the one that defined on the chart*/}} + {{- $_ := set $objectData "shortName" $name -}} + {{/* Set the cluster name */}} + {{- $_ := set $objectData "clusterName" $objectData.name -}} + + {{- if eq $enabled "true" -}} + + {{/* Handle version string */}} + {{- $pgVersion := ($objectData.pgVersion | default $.Values.global.fallbackDefaults.cnpg.pgVersion) | toString -}} + + {{/* Set the updated pgVersion version to objectData */}} + {{- $_ := set $objectData "pgVersion" $pgVersion -}} + + {{/* allow for injecting major upgrade code */}} + {{- if $objectData.upgradeMajor -}} + {{/* TODO: actually handle postgres version updates here */}} + {{- end -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Handle Backups/ScheduledBackups */}} + {{- if and (hasKey $objectData "backups") $objectData.backups.enabled -}} + + {{/* Create Backups */}} + {{- include "tc.v1.common.lib.cnpg.spawner.backups" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{/* Create ScheduledBackups */}} + {{- include "tc.v1.common.lib.cnpg.spawner.scheduledBackups" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{/* Create secret for backup store */}} + {{- include "tc.v1.common.lib.cnpg.provider.secret.spawner" (dict "rootCtx" $ "objectData" $objectData "type" "backup") -}} + {{- end -}} + + {{/* Handle Pooler(s) */}} + {{- if and $objectData.pooler $objectData.pooler.enabled -}} + {{- include "tc.v1.common.lib.cnpg.spawner.pooler" (dict "rootCtx" $ "objectData" $objectData) -}} + {{- end -}} + + {{/* Handle Cluster */}} + {{/* Validate Cluster */}} + {{- include "tc.v1.common.lib.cnpg.cluster.validation" (dict "objectData" $objectData) -}} + + {{- if and (eq $objectData.mode "recovery") (eq $objectData.recovery.method "object_store") -}} + {{/* Create secret for recovery store */}} + {{- include "tc.v1.common.lib.cnpg.provider.secret.spawner" (dict "rootCtx" $ "objectData" $objectData "type" "recovery") -}} + {{- end -}} + + {{/* Create the Cluster object */}} + {{- include "tc.v1.common.class.cnpg.cluster" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{/* TODO: Create configmaps for cluster.monitoring.customQueries */}} + + {{/* Handle DB Credentials Secret, will also inject creds to cnpg.creds */}} + {{- include "tc.v1.common.lib.cnpg.db.credentials.secrets" (dict "rootCtx" $ "cnpg" $cnpg "objectData" $objectData) -}} + {{- end -}} + + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_configmap.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_configmap.tpl new file mode 100644 index 0000000..eb3f4a0 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_configmap.tpl @@ -0,0 +1,50 @@ +{{/* Configmap Spawwner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.configmap" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.configmap" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{- range $name, $configmap := .Values.configmap -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $configmap + "name" $name "caller" "ConfigMap" + "key" "configmap")) -}} + + {{- if eq $enabled "true" -}} + + {{/* Create a copy of the configmap */}} + {{- $objectData := (mustDeepCopy $configmap) -}} + + {{- $objectName := $name -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $objectData + "name" $name "caller" "ConfigMap" + "key" "configmap")) -}} + + {{- if eq $expandName "true" -}} + {{- $objectName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Perform validations */}} {{/* Configmaps have a max name length of 253 */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName "length" 253) -}} + {{- include "tc.v1.common.lib.configmap.validation" (dict "objectData" $objectData) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "ConfigMap") -}} + + {{/* Set the name of the configmap */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.configmap" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_extraTpl.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_extraTpl.tpl new file mode 100644 index 0000000..701fb04 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_extraTpl.tpl @@ -0,0 +1,13 @@ +{{- define "tc.v1.common.spawner.extraTpl" -}} + {{- range $item := .Values.extraTpl }} + {{- if not $item -}} + {{- fail "Extra tpl - Expected non-empty [extraTpl] item" -}} + {{- end }} +--- + {{- if kindIs "string" $item }} + {{- tpl $item $ | nindent 0 }} + {{- else }} + {{- tpl ($item | toYaml) $ | nindent 0 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_horizontalPodAutoscaler.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_horizontalPodAutoscaler.tpl new file mode 100644 index 0000000..a88ebaa --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_horizontalPodAutoscaler.tpl @@ -0,0 +1,69 @@ +{{/* horizontal Pod Autoscaler Spawner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.hpa" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.hpa" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + {{- range $name, $hpa := .Values.hpa -}} + {{- $enabledHPA := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $hpa + "name" $name "caller" "Horizontal Pod Autoscaler" + "key" "hpa")) -}} + + {{- if ne $enabledHPA "true" -}}{{- continue -}}{{- end -}} + + {{- $objectData := (mustDeepCopy $hpa) -}} + {{- $_ := set $objectData "hpaName" $name -}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $name) -}} + + {{- range $workloadName, $workload := $.Values.workload -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $workload + "name" $name "caller" "hpa" + "key" "workload")) -}} + + {{- if ne $enabled "true" -}}{{- continue -}}{{- end -}} + {{- $containerNames := list -}} + {{- range $cName, $c := $workload.podSpec.containers -}} + {{- $enabledContainer := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $c + "name" $cName "caller" "Vertical Pod Autoscaler" + "key" "workload.podSpec.containers")) -}} + {{- if ne $enabledContainer "true" -}}{{- continue -}}{{- end -}} + {{- $containerNames = mustAppend $containerNames $cName -}} + {{- end -}} + {{- $_ := set $objectData "containerNames" $containerNames -}} + {{- include "tc.v1.common.lib.hpa.validation" (dict "objectData" $objectData "rootCtx" $) -}} + + {{/* Create a copy of the workload */}} + {{- $_ := set $objectData "workload" (mustDeepCopy $workload) -}} + + {{/* Generate the name of the hpa */}} + {{- $objectName := $fullname -}} + {{- if not $objectData.workload.primary -}} + {{- $objectName = printf "%s-%s" $fullname $workloadName -}} + {{- end -}} + + {{/* Perform validations */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Horizontal Pod Autoscaler") -}} + + {{/* Set the name of the workload */}} + {{- $_ := set $objectData "name" $objectName -}} + + {{/* Short name is the one that defined on the chart, used on selectors */}} + {{- $_ := set $objectData "shortName" $workloadName -}} + + {{- if or (not $objectData.targetSelector) (mustHas $workloadName $objectData.targetSelector) -}} + {{/* Call class to create the object */}} + {{- $types := (list "Deployment" "StatefulSet" "DaemonSet") -}} + {{- if (mustHas $objectData.workload.type $types) -}} + {{- include "tc.v1.common.class.hpa" (dict "rootCtx" $ "objectData" $objectData) -}} + {{- end -}} + {{- end -}} + + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_imagePullSecret.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_imagePullSecret.tpl new file mode 100644 index 0000000..5dfb309 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_imagePullSecret.tpl @@ -0,0 +1,51 @@ +{{/* Image Pull Secrets Spawner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.imagePullSecret" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.imagePullSecret" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{- range $name, $imgPullSecret := .Values.imagePullSecret -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $imgPullSecret + "name" $name "caller" "Image Pull Secret" + "key" "imagePullSecret")) -}} + + {{- if $imgPullSecret.existingSecret -}} + {{- continue -}} + {{- end -}} + {{- if eq $enabled "true" -}} + + {{/* Create a copy of the configmap */}} + {{- $objectData := (mustDeepCopy $imgPullSecret) -}} + + {{- $objectName := (printf "%s-%s" $fullname $name) -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Perform validations */}} {{/* Secrets have a max name length of 253 */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName "length" 253) -}} + {{- include "tc.v1.common.lib.imagePullSecret.validation" (dict "objectData" $objectData) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Image Pull Secret") -}} + {{- $data := include "tc.v1.common.lib.imagePullSecret.createData" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{/* Update the data */}} + {{- $_ := set $objectData "data" $data -}} + + {{/* Set the type to Image Pull Secret */}} + {{- $_ := set $objectData "type" "imagePullSecret" -}} + + {{/* Set the name of the image pull secret */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.secret" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_ingress.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_ingress.tpl new file mode 100644 index 0000000..8f79130 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_ingress.tpl @@ -0,0 +1,90 @@ +{{/* Ingress Spawwner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.ingress" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.ingress" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{/* Validate that only 1 primary exists */}} + {{- include "tc.v1.common.lib.ingress.primaryValidation" $ -}} + + {{- range $name, $ingress := .Values.ingress -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $ingress + "name" $name "caller" "Ingress" + "key" "ingress")) -}} + + {{- if and (eq $enabled "false") ($ingress.required) -}} + {{- fail (printf "Ingress - Expected ingress [%s] to be enabled. This chart is designed to work only with ingress enabled." $name) -}} + {{- end -}} + + {{- if eq $enabled "true" -}} + + {{/* Create a copy of the ingress */}} + {{- $objectData := (mustDeepCopy $ingress) -}} + + {{/* Init object name */}} + {{- $objectName := $name -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $objectData + "name" $name "caller" "Ingress" + "key" "ingress")) -}} + + {{- if eq $expandName "true" -}} + {{/* Expand the name of the service if expandName resolves to true */}} + {{- $objectName = $fullname -}} + {{- end -}} + + {{- if and (eq $expandName "true") (not $objectData.primary) -}} + {{/* If the ingress is not primary append its name to fullname */}} + {{- $objectName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Perform validations */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName "length" 253) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Ingress") -}} + {{- include "tc.v1.common.lib.ingress.validation" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{/* Set the name of the ingress */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.ingress" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- $hasCertIssuer := false -}} + {{- if $objectData.integrations -}} + {{- if and $objectData.integrations.certManager $objectData.integrations.certManager.enabled -}} + {{- $hasCertIssuer = true -}} + {{- end -}} + {{- end -}} + + {{- if not $hasCertIssuer -}} + {{- range $idx, $tlsData := $objectData.tls -}} + {{- if $tlsData.certificateIssuer -}} + {{- $certName := printf "%s-tls-%d" $objectData.name ($idx | int) -}} + + {{- $certObjData := (dict + "name" $certName "shortName" $name + "hosts" $tlsData.hosts + "certificateIssuer" $tlsData.certificateIssuer + ) -}} + + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $certName) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $certObjData "caller" "Ingress (certificateIssuer)") -}} + {{- include "tc.v1.common.lib.certificate.validation" (dict "rootCtx" $ "objectData" $certObjData) -}} + + {{/* Create the certificate with the certData */}} + {{- include "tc.v1.common.class.certificate" (dict "rootCtx" $ "objectData" $certObjData) -}} + + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_metrics.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_metrics.tpl new file mode 100644 index 0000000..7d72777 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_metrics.tpl @@ -0,0 +1,28 @@ +{{/* Renders the Ingress objects required by the chart */}} +{{- define "tc.v1.common.spawner.metrics" -}} + {{/* Generate named metricses as required */}} + {{- range $name, $metrics := .Values.metrics -}} + {{- if $metrics.enabled -}} + {{- $metricsValues := $metrics -}} + + {{/* set defaults */}} + {{- if and (not $metricsValues.nameOverride) (ne $name (include "tc.v1.common.lib.util.metrics.primary" $)) -}} + {{- $_ := set $metricsValues "nameOverride" $name -}} + {{- end -}} + + {{- $_ := set $ "ObjectValues" (dict "metrics" $metricsValues) -}} + {{- if eq $metricsValues.type "podmonitor" -}} + {{- include "tc.v1.common.class.podmonitor" $ -}} + {{- else if eq $metricsValues.type "servicemonitor" -}} + {{- include "tc.v1.common.class.servicemonitor" $ -}} + {{- else -}} + {{/* TODO: Add Fail case */}} + {{- end -}} + + {{- if $metricsValues.PrometheusRule -}} + {{- include "tc.v1.common.class.prometheusrule" $ -}} + {{- end -}} + + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_networkPolicy.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_networkPolicy.tpl new file mode 100644 index 0000000..46e4ea2 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_networkPolicy.tpl @@ -0,0 +1,19 @@ +{{/* +Renders the networkPolicy objects required by the chart. +*/}} +{{- define "tc.v1.common.spawner.networkpolicy" -}} + {{/* Generate named networkpolicy as required */}} + {{- range $name, $networkPolicy := .Values.networkPolicy -}} + {{- if $networkPolicy.enabled -}} + {{- $networkPolicyValues := $networkPolicy -}} + + {{/* set the default nameOverride to the networkpolicy name */}} + {{- if not $networkPolicyValues.nameOverride -}} + {{- $_ := set $networkPolicyValues "nameOverride" $name -}} + {{- end -}} + + {{- $_ := set $ "ObjectValues" (dict "networkPolicy" $networkPolicyValues) -}} + {{- include "tc.v1.common.class.networkpolicy" $ -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_podDisruptionBudget.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_podDisruptionBudget.tpl new file mode 100644 index 0000000..053e33f --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_podDisruptionBudget.tpl @@ -0,0 +1,50 @@ +{{/* poddisruptionbudget Spawwner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.podDisruptionBudget" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.podDisruptionBudget" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{- range $name, $pdb := .Values.podDisruptionBudget -}} + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $pdb + "name" $name "caller" "Pod Disruption Budget" + "key" "podDisruptionBudget")) -}} + + {{- if eq $enabled "true" -}} + + {{/* Create a copy of the poddisruptionbudget */}} + {{- $objectData := (mustDeepCopy $pdb) -}} + + {{- $objectName := $name -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $objectData + "name" $name "caller" "Pod Disruption Budget" + "key" "podDisruptionBudget")) -}} + + {{- if eq $expandName "true" -}} + {{- $objectName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Perform validations */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Pod Disruption Budget") -}} + + {{/* Set the name of the poddisruptionbudget */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{- include "tc.v1.common.lib.podDisruptionBudget.validation" (dict "objectData" $objectData "rootCtx" $) -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.podDisruptionBudget" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_priorityClass.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_priorityClass.tpl new file mode 100644 index 0000000..97a5d13 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_priorityClass.tpl @@ -0,0 +1,51 @@ +{{/* Priority Class Spawner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.priorityclass" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.priorityclass" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{- range $name, $priorityclass := .Values.priorityClass -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $priorityclass + "name" $name "caller" "Priority Class" + "key" "priorityClass")) -}} + + {{- if eq $enabled "true" -}} + + {{/* Create a copy of the priorityclass */}} + {{- $objectData := (mustDeepCopy $priorityclass) -}} + + {{- $objectName := $name -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $objectData + "name" $name "caller" "Priority Class" + "key" "priorityClass")) -}} + + {{- if eq $expandName "true" -}} + {{- $objectName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Perform validations */}} {{/* priorityclasss have a max name length of 253 */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName "length" 253) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "priorityclass") -}} + + {{/* Set the name of the priorityclass */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* Validate */}} + {{- include "tc.v1.common.lib.priorityclass.validation" (dict "rootCtx" $ "objectData" $objectData) -}} + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.priorityclass" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_pvc.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_pvc.tpl new file mode 100644 index 0000000..b4b3b06 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_pvc.tpl @@ -0,0 +1,192 @@ +{{/* PVC Spawner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.pvc" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.pvc" -}} + + {{- range $name, $persistence := .Values.persistence -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $persistence + "name" $name "caller" "Persistence" + "key" "persistence")) -}} + + {{- if eq $enabled "true" -}} + + {{/* Create a copy of the persistence */}} + {{- $objectData := (mustDeepCopy $persistence) -}} + + {{- $_ := set $objectData "type" ($objectData.type | default $.Values.global.fallbackDefaults.persistenceType) -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Perform general validations */}} + {{- include "tc.v1.common.lib.persistence.validation" (dict "rootCtx" $ "objectData" $objectData) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Persistence") -}} + + {{/* Only spawn PVC if its enabled and any type of "pvc" */}} + {{- $types := (list "pvc") -}} + {{- if and (mustHas $objectData.type $types) (not $objectData.existingClaim) -}} + + {{/* Set the name of the PVC */}} + {{- $_ := set $objectData "name" (include "tc.v1.common.lib.storage.pvc.name" (dict "rootCtx" $ "objectName" $name "objectData" $objectData)) -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{- if and $objectData.static $objectData.static.mode (ne $objectData.static.mode "disabled") -}} + {{- $_ := set $objectData "storageClass" ($objectData.storageClass | default $objectData.name) -}} + {{- $_ := set $objectData "volumeName" $objectData.name -}} + + {{- if eq $objectData.static.mode "smb" -}} + {{/* Validate SMB CSI */}} + {{- include "tc.v1.common.lib.storage.smbCSI.validation" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- $_ := set $objectData "provisioner" "smb.csi.k8s.io" -}} + {{- $_ := set $objectData.static "driver" "smb.csi.k8s.io" -}} + + {{/* Create secret with creds */}} + {{- $secretData := (dict + "name" $objectData.name + "labels" ($objectData.labels | default dict) + "annotations" ($objectData.annotations | default dict) + "data" (dict "username" $objectData.static.username "password" $objectData.static.password) + ) -}} + {{- with $objectData.domain -}} + {{- $_ := set $secretData.data "domain" . -}} + {{- end -}} + {{- include "tc.v1.common.class.secret" (dict "rootCtx" $ "objectData" $secretData) -}} + + {{- else if eq $objectData.static.mode "nfs" -}} + {{/* Validate NFS CSI */}} + {{- include "tc.v1.common.lib.storage.nfsCSI.validation" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- $_ := set $objectData "provisioner" "nfs.csi.k8s.io" -}} + {{- $_ := set $objectData.static "driver" "nfs.csi.k8s.io" -}} + + {{- else if eq $objectData.static.mode "custom" -}} + + {{- $_ := set $objectData "provisioner" $objectData.static.provisioner -}} + {{- $_ := set $objectData.static "driver" $objectData.static.driver -}} + + {{- end -}} + + {{/* Create the PV */}} + {{- include "tc.v1.common.class.pv" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- else if $objectData.volumeName -}} + + {{- $_ := set $objectData "storageClass" ($objectData.storageClass | default $objectData.name) -}} + + {{- end -}} + + {{/* Create VolSync objects */}} + {{- range $volsync := $objectData.volsync -}} + {{- $srcEnabled := eq (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $volsync.src + "name" $volsync.name "caller" "VolSync Source" + "key" "volsync")) "true" -}} + {{- $destEnabled := eq (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $volsync.dest + "name" $volsync.name "caller" "VolSync Destination" + "key" "volsync")) "true" -}} + + {{- if or $srcEnabled $destEnabled -}} + {{- $volsyncData := (mustDeepCopy $volsync) -}} + + {{- include "tc.v1.common.lib.volsync.validation" (dict "objectData" $volsyncData "rootCtx" $) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $volsyncData "caller" "PVC - VolSync") -}} + + {{/* Create Secret for VolSync */}} + {{- $volsyncSecretName := printf "%s-volsync-%s" $objectData.name $volsyncData.name -}} + {{- $_ := set $volsyncData "repository" $volsyncSecretName -}} + + {{- $credentials := get $.Values.credentials $volsync.credentials -}} + + {{/* Only amazon needs the https:// trimmed, anything else requires it */}} + {{- $url := $credentials.url -}} + {{- if hasPrefix "https://s3." $url -}} + {{- $url = trimPrefix "https://" $url -}} + {{- end -}} + + {{- $baseRepo := printf "s3:%s/%s" $url $credentials.bucket -}} + {{- $repoSuffix := printf "%s/volsync/%s-volsync-%s" $.Release.Name $objectData.shortName $volsyncData.name -}} + {{- $resticrepository := printf "%s/%s" $baseRepo $repoSuffix -}} + {{- if $credentials.path -}} + {{- $resticrepository = printf "%s/%s/%s" $baseRepo ($credentials.path | trimSuffix "/") $repoSuffix -}} + {{- end -}} + + {{- $volsyncSecretData := (dict + "name" $volsyncSecretName + "labels" ($volsync.labels | default dict) + "annotations" ($volsync.annotations | default dict) + "data" (dict + "RESTIC_REPOSITORY" $resticrepository + "RESTIC_PASSWORD" $credentials.encrKey + "AWS_ACCESS_KEY_ID" $credentials.accessKey + "AWS_SECRET_ACCESS_KEY" $credentials.secretKey + ) + ) -}} + + {{- include "tc.v1.common.class.secret" (dict "rootCtx" $ "objectData" $volsyncSecretData) -}} + {{/* Create VolSync resources*/}} + {{- if $srcEnabled -}} + {{- include "tc.v1.common.class.replicationsource" (dict "rootCtx" $ "objectData" $objectData "volsyncData" $volsyncData) -}} + {{- end -}} + + {{- if $destEnabled -}} + {{- include "tc.v1.common.class.replicationdestination" (dict "rootCtx" $ "objectData" $objectData "volsyncData" $volsyncData) -}} + + {{/* modify PVC if enabled */}} + {{- $destname := printf "%s-%s-dest" $objectData.name $volsyncData.name -}} + {{- $datasourceref := dict "kind" "ReplicationDestination" "apiGroup" "volsync.backube" "name" $destname -}} + {{- $_ := set $objectData "dataSourceRef" $datasourceref -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.pvc" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{/* Create VolumeSnapshots */}} + {{- range $volSnap := $objectData.volumeSnapshots -}} + + {{/* Create a copy of the volumesnapshot */}} + {{- $volSnapData := (mustDeepCopy $volSnap) -}} + {{/* PVC FullName - Snapshot Name*/}} + {{- $snapshotName := printf "%s-%s" $objectData.name $volSnap.name -}} + + {{/* Perform validations */}} {{/* volumesnapshots have a max name length of 253 */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $snapshotName "length" 253) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $volSnapData "caller" "PVC - Volume Snapshot") -}} + + {{/* Set the name of the volumesnapshot */}} + {{- $_ := set $volSnapData "name" $snapshotName -}} + {{- $_ := set $volSnapData "shortName" $volSnap.name -}} + {{- $_ := set $volSnapData "source" (dict "persistentVolumeClaimName" $objectData.name) -}} + + {{- include "tc.v1.common.lib.volumesnapshot.validation" (dict "objectData" $volSnapData) -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.volumesnapshot" (dict "rootCtx" $ "objectData" $volSnapData) -}} + {{- end -}} + {{- end -}} + + {{- if eq $objectData.type "iscsi" -}} + {{- if or $objectData.iscsi.authSession $objectData.iscsi.authDiscovery -}} + {{/* Set the name of the PVC */}} + {{- $_ := set $objectData "name" (include "tc.v1.common.lib.storage.pvc.name" (dict "rootCtx" $ "objectName" $name "objectData" $objectData)) -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{- $secretData := (dict + "name" $objectData.name + "labels" ($objectData.labels | default dict) + "annotations" ($objectData.annotations | default dict) + "type" "kubernetes.io/iscsi-chap" + "data" (include "tc.v1.common.lib.storage.iscsi.chap" (dict "rootCtx" $ "objectData" $objectData) | fromJson) + ) -}} + {{- include "tc.v1.common.class.secret" (dict "rootCtx" $ "objectData" $secretData) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_rbac.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_rbac.tpl new file mode 100644 index 0000000..1ead85d --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_rbac.tpl @@ -0,0 +1,50 @@ +{{/* RBAC Spawner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.rbac" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.rbac" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{/* Primary validation for enabled rbacs. */}} + {{- include "tc.v1.common.lib.rbac.primaryValidation" $ -}} + + {{- range $name, $rbac := .Values.rbac -}} + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $rbac + "name" $name "caller" "RBAC" + "key" "rbac")) -}} + + {{- if eq $enabled "true" -}} + + {{/* Create a copy of the configmap */}} + {{- $objectData := (mustDeepCopy $rbac) -}} + + {{- $objectName := $fullname -}} + {{- if not $objectData.primary -}} + {{- $objectName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Perform validations */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "RBAC") -}} + + {{/* Set the name of the rbac */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* If clusteWide key does not exist, assume false */}} + {{- if not (hasKey $objectData "clusterWide") -}} + {{- $_ := set $objectData "clusterWide" false -}} + {{- end -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.rbac" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_route.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_route.tpl new file mode 100644 index 0000000..5ecf210 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_route.tpl @@ -0,0 +1,18 @@ +{{/* Renders the Route objects required by the chart */}} +{{- define "tc.v1.common.spawner.routes" -}} + {{- /* Generate named routes as required */ -}} + {{- range $name, $route := .Values.route }} + {{- if $route.enabled -}} + {{- $routeValues := $route -}} + + {{/* set defaults */}} + {{- if and (not $routeValues.nameOverride) (ne $name (include "tc.v1.common.lib.util.route.primary" $)) -}} + {{- $_ := set $routeValues "nameOverride" $name -}} + {{- end -}} + + {{- $_ := set $ "ObjectValues" (dict "route" $routeValues) -}} + {{- include "tc.v1.common.class.route" $ | nindent 0 -}} + {{- $_ := unset $.ObjectValues "route" -}} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_secret.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_secret.tpl new file mode 100644 index 0000000..08b5168 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_secret.tpl @@ -0,0 +1,49 @@ +{{/* Secret Spawwner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.secret" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.secret" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{- range $name, $secret := .Values.secret -}} + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $secret + "name" $name "caller" "Secret" + "key" "secret")) -}} + + {{- if eq $enabled "true" -}} + + {{/* Create a copy of the secret */}} + {{- $objectData := (mustDeepCopy $secret) -}} + + {{- $objectName := $name -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $objectData + "name" $name "caller" "Secret" + "key" "secret")) -}} + + {{- if eq $expandName "true" -}} + {{- $objectName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Perform validations */}} {{/* Secrets have a max name length of 253 */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName "length" 253) -}} + {{- include "tc.v1.common.lib.secret.validation" (dict "objectData" $objectData) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Secret") -}} + + {{/* Set the name of the secret */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.secret" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_service.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_service.tpl new file mode 100644 index 0000000..8d03e8b --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_service.tpl @@ -0,0 +1,73 @@ +{{/* Service Spawner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.service" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.service" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{/* Primary validation for enabled service. */}} + {{- include "tc.v1.common.lib.service.primaryValidation" $ -}} + {{/* Initialize with existing URLs or an empty list */}} + {{- $allUrls := $.Values.chartContext.internalUrls | default list -}} + + {{- range $name, $service := .Values.service -}} + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $service + "name" $name "caller" "Service" + "key" "service")) -}} + + {{- if ne $enabled "true" -}}{{- continue -}}{{- end -}} + + {{/* Create a copy of the configmap */}} + {{- $objectData := (mustDeepCopy $service) -}} + {{- $namespace := (include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $ "objectData" $service "caller" "Service")) -}} + + {{/* Init object name */}} + {{- $objectName := $name -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $objectData + "name" $name "caller" "Service" + "key" "service")) -}} + + {{- if eq $expandName "true" -}} + {{/* Expand the name of the service if expandName resolves to true */}} + {{- $objectName = $fullname -}} + {{- end -}} + + {{- if and (eq $expandName "true") (not $objectData.primary) -}} + {{/* If the service is not primary append its name to fullname */}} + {{- $objectName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Perform validations */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Service") -}} + {{- include "tc.v1.common.lib.service.validation" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{/* Set the name of the service */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* Now iterate over the ports in the service */}} + {{- range $port := $service.ports -}} + {{- $enabledP := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $port + "name" $name "caller" "service" + "key" "port")) -}} + {{- if ne $enabledP "true" -}}{{- continue -}}{{- end -}} + {{- $internalUrl := (printf "%s.%s.svc.cluster.local:%s" $objectName $namespace $port.port) -}} + {{/* Append URLS */}} + {{- $allUrls = mustAppend $allUrls $internalUrl -}} + {{- end -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.service" (dict "rootCtx" $ "objectData" $objectData) -}} + {{- end -}} + + {{/* Update internalUrls after the loop */}} + {{- $_ := set $.Values.chartContext "internalUrls" $allUrls -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_serviceAccount.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_serviceAccount.tpl new file mode 100644 index 0000000..e1ab3a5 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_serviceAccount.tpl @@ -0,0 +1,45 @@ +{{/* Service Account Spawner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.serviceAccount" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.serviceAccount" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{/* Primary validation for enabled service accounts. */}} + {{- include "tc.v1.common.lib.serviceAccount.primaryValidation" $ -}} + + {{- range $name, $serviceAccount := .Values.serviceAccount -}} + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $serviceAccount + "name" $name "caller" "Service Account" + "key" "serviceAccount")) -}} + + {{- if eq $enabled "true" -}} + + {{/* Create a copy of the configmap */}} + {{- $objectData := (mustDeepCopy $serviceAccount) -}} + + {{- $objectName := $fullname -}} + {{- if not $objectData.primary -}} + {{- $objectName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Perform validations */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Service Account") -}} + + {{/* Set the name of the service account */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.serviceAccount" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_storageClass.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_storageClass.tpl new file mode 100644 index 0000000..dbbf511 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_storageClass.tpl @@ -0,0 +1,51 @@ +{{/* Configmap Spawwner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.storageclass" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.storageclass" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{- range $name, $storageclass := .Values.storageClass -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $storageclass + "name" $name "caller" "Storage Class" + "key" "storageClass")) -}} + + {{- if eq $enabled "true" -}} + + {{/* Create a copy of the storageclass */}} + {{- $objectData := (mustDeepCopy $storageclass) -}} + + {{- $objectName := $name -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $objectData + "name" $name "caller" "Storage Class" + "key" "storageClass")) -}} + + {{- if eq $expandName "true" -}} + {{- $objectName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Perform validations */}} {{/* Configmaps have a max name length of 253 */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName "length" 253) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "StorageClass") -}} + + {{/* Set the name of the storageclass */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* Validate */}} + {{- include "tc.v1.common.lib.storageclass.validation" (dict "rootCtx" $ "objectData" $objectData) -}} + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.storageclass" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_verticalPodAutoscaler.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_verticalPodAutoscaler.tpl new file mode 100644 index 0000000..4b1ea84 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_verticalPodAutoscaler.tpl @@ -0,0 +1,70 @@ +{{/* Vertical Pod Autoscaler Spawner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.vpa" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.vpa" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + {{- range $name, $vpa := .Values.vpa -}} + {{- $enabledVPA := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $vpa + "name" $name "caller" "Vertical Pod Autoscaler" + "key" "vpa")) -}} + + {{- if ne $enabledVPA "true" -}}{{- continue -}}{{- end -}} + + {{- $objectData := (mustDeepCopy $vpa) -}} + {{- $_ := set $objectData "vpaName" $name -}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $name) -}} + + {{- range $workloadName, $workload := $.Values.workload -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $workload + "name" $name "caller" "Vertical Pod Autoscaler" + "key" "workload")) -}} + + {{- if ne $enabled "true" -}}{{- continue -}}{{- end -}} + + {{- $containerNames := list -}} + {{- range $cName, $c := $workload.podSpec.containers -}} + {{- $enabledContainer := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $c + "name" $cName "caller" "Vertical Pod Autoscaler" + "key" "workload.podSpec.containers")) -}} + {{- if ne $enabledContainer "true" -}}{{- continue -}}{{- end -}} + {{- $containerNames = mustAppend $containerNames $cName -}} + {{- end -}} + {{- $_ := set $objectData "containerNames" $containerNames -}} + {{- include "tc.v1.common.lib.vpa.validation" (dict "objectData" $objectData "rootCtx" $) -}} + + {{/* Create a copy of the workload */}} + {{- $_ := set $objectData "workload" (mustDeepCopy $workload) -}} + + {{/* Generate the name of the vpa */}} + {{- $objectName := $fullname -}} + {{- if not $objectData.workload.primary -}} + {{- $objectName = printf "%s-%s" $fullname $workloadName -}} + {{- end -}} + + {{/* Perform validations */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Vertical Pod Autoscaler") -}} + + {{/* Set the name of the workload */}} + {{- $_ := set $objectData "name" $objectName -}} + + {{/* Short name is the one that defined on the chart, used on selectors */}} + {{- $_ := set $objectData "shortName" $workloadName -}} + + {{- if or (not $objectData.targetSelector) (mustHas $workloadName $objectData.targetSelector) -}} + {{/* Call class to create the object */}} + {{- $types := (list "Deployment" "StatefulSet" "DaemonSet") -}} + {{- if (mustHas $objectData.workload.type $types) -}} + {{- include "tc.v1.common.class.vpa" (dict "rootCtx" $ "objectData" $objectData) -}} + {{- end -}} + {{- end -}} + + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_volumeSnapshot.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_volumeSnapshot.tpl new file mode 100644 index 0000000..d8309df --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_volumeSnapshot.tpl @@ -0,0 +1,50 @@ +{{/* volumesnapshot Spawwner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.volumesnapshot" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.volumesnapshot" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{- range $name, $volumesnapshot := .Values.volumeSnapshots -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $volumesnapshot + "name" $name "caller" "Volume Snapshot" + "key" "volumeSnapshots")) -}} + + {{- if eq $enabled "true" -}} + + {{/* Create a copy of the volumesnapshot */}} + {{- $objectData := (mustDeepCopy $volumesnapshot) -}} + + {{- $objectName := $name -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $objectData + "name" $name "caller" "Volume Snapshot" + "key" "volumeSnapshots")) -}} + + {{- if eq $expandName "true" -}} + {{- $objectName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Perform validations */}} {{/* volumesnapshots have a max name length of 253 */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName "length" 253) -}} + {{- include "tc.v1.common.lib.volumesnapshot.validation" (dict "objectData" $objectData) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "VolumeSnapshot") -}} + + {{/* Set the name of the volumesnapshot */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.volumesnapshot" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_volumeSnapshotClass.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_volumeSnapshotClass.tpl new file mode 100644 index 0000000..693651b --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_volumeSnapshotClass.tpl @@ -0,0 +1,50 @@ +{{/* volumesnapshotclass Spawwner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.volumesnapshotclass" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.volumesnapshotclass" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{- range $name, $volumesnapshotclass := .Values.volumeSnapshotClass -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $volumesnapshotclass + "name" $name "caller" "Volume Snapshot Class" + "key" "volumeSnapshotClass")) -}} + + {{- if eq $enabled "true" -}} + + {{/* Create a copy of the volumesnapshotclass */}} + {{- $objectData := (mustDeepCopy $volumesnapshotclass) -}} + + {{- $objectName := $name -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $objectData + "name" $name "caller" "Volume Snapshot Class" + "key" "volumeSnapshotClass")) -}} + + {{- if eq $expandName "true" -}} + {{- $objectName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Perform validations */}} {{/* volumesnapshotclasss have a max name length of 253 */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName "length" 253) -}} + {{- include "tc.v1.common.lib.volumesnapshotclass.validation" (dict "objectData" $objectData) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Volume Snapshot Class") -}} + + {{/* Set the name of the volumesnapshotclass */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.volumesnapshotclass" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_webhook.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_webhook.tpl new file mode 100644 index 0000000..1f7d318 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_webhook.tpl @@ -0,0 +1,56 @@ +{{/* MutatingWebhookConfiguration Spawwner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.webhook" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.webhook" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{- range $name, $mutatingWebhookConfiguration := .Values.webhook -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $mutatingWebhookConfiguration + "name" $name "caller" "Webhook" + "key" "webhook")) -}} + + {{- if eq $enabled "true" -}} + + {{/* Create a copy of the mutatingWebhookConfiguration */}} + {{- $objectData := (mustDeepCopy $mutatingWebhookConfiguration) -}} + + {{- $objectName := $name -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $objectData + "name" $name "caller" "Webhook" + "key" "webhook")) -}} + + {{- if eq $expandName "true" -}} + {{- $objectName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Perform validations */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Webhook") -}} + + {{/* Set the name of the MutatingWebhookConfiguration */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{- include "tc.v1.common.lib.webhook.validation" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- $type := tpl $objectData.type $ -}} + {{/* Call class to create the object */}} + {{- if eq $type "validating" -}} + {{- include "tc.v1.common.class.validatingWebhookconfiguration" (dict "rootCtx" $ "objectData" $objectData) -}} + {{- else if eq $type "mutating" -}} + {{- include "tc.v1.common.class.mutatingWebhookConfiguration" (dict "rootCtx" $ "objectData" $objectData) -}} + {{- end -}} + + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/_workload.tpl b/charts/baikal/baikal/charts/common/templates/spawner/_workload.tpl new file mode 100644 index 0000000..1f5b17f --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/_workload.tpl @@ -0,0 +1,64 @@ +{{/* Workload Spawner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.workload" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.workload" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{/* Primary validation for enabled workload. */}} + {{- include "tc.v1.common.lib.workload.primaryValidation" $ -}} + + {{- range $name, $workload := .Values.workload -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $workload + "name" $name "caller" "Workload" + "key" "workload")) -}} + + {{- if eq $enabled "true" -}} + + {{/* Create a copy of the workload */}} + {{- $objectData := (mustDeepCopy $workload) -}} + + {{/* Generate the name of the workload */}} + {{- $objectName := $fullname -}} + {{- if not $objectData.primary -}} + {{- $objectName = printf "%s-%s" $fullname $name -}} + {{- end -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Perform validations */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Workload") -}} + + {{/* Set the name of the workload */}} + {{- $_ := set $objectData "name" $objectName -}} + + {{/* Short name is the one that defined on the chart, used on selectors */}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* Set the podSpec so it doesn't fail on nil pointer */}} + {{- if not (hasKey $objectData "podSpec") -}} + {{- fail "Workload - Expected [podSpec] key to exist" -}} + {{- end -}} + + {{/* Call class to create the object */}} + {{- if eq $objectData.type "Deployment" -}} + {{- include "tc.v1.common.class.deployment" (dict "rootCtx" $ "objectData" $objectData) -}} + {{- else if eq $objectData.type "StatefulSet" -}} + {{- include "tc.v1.common.class.statefulset" (dict "rootCtx" $ "objectData" $objectData) -}} + {{- else if eq $objectData.type "DaemonSet" -}} + {{- include "tc.v1.common.class.daemonset" (dict "rootCtx" $ "objectData" $objectData) -}} + {{- else if eq $objectData.type "Job" -}} + {{- include "tc.v1.common.class.job" (dict "rootCtx" $ "objectData" $objectData) -}} + {{- else if eq $objectData.type "CronJob" -}} + {{- include "tc.v1.common.class.cronjob" (dict "rootCtx" $ "objectData" $objectData) -}} + {{- end -}} + + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/cert-manager/_certificate.tpl b/charts/baikal/baikal/charts/common/templates/spawner/cert-manager/_certificate.tpl new file mode 100644 index 0000000..98d8e2c --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/cert-manager/_certificate.tpl @@ -0,0 +1,50 @@ +{{/* Certificate Spawner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.priorityclass" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.certificate" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{- range $name, $cert := .Values.certificate -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $cert + "name" $name "caller" "Cert Manager Certificate" + "key" "certificate")) -}} + {{- if eq $enabled "true" -}} + {{- $objectData := (mustDeepCopy $cert) -}} + + {{- $objectName := $name -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $objectData + "name" $name "caller" "Cert Manager Certificate" + "key" "certificate")) -}} + + {{- if eq $expandName "true" -}} + {{- $objectName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{/* If a certificateSecretTemplate is defined, adjust name */}} + {{- if $objectData.certificateSecretTemplate }} + {{- $objectName = printf "certificate-issuer-%s" $name -}} + {{- end -}} + + {{- include "tc.v1.common.lib.util.metaListToDict" (dict "objectData" $objectData) -}} + + {{/* Perform validations */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName "length" 253) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Cert Manager Certificate") -}} + {{- include "tc.v1.common.lib.certificate.validation" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{/* Set the name of the secret */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.certificate" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/spawner/traefik/_middleware.tpl b/charts/baikal/baikal/charts/common/templates/spawner/traefik/_middleware.tpl new file mode 100644 index 0000000..e45a926 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/spawner/traefik/_middleware.tpl @@ -0,0 +1,121 @@ +{{/* Traefik Middleware Spawner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.configmap" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.traefik.middleware" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + {{- if not .Values.ingressMiddlewares -}} + {{- $_ := set $.Values "ingressMiddlewares" dict -}} + {{- end -}} + {{- if not .Values.ingressMiddlewares.traefik -}} + {{- $_ := set $.Values.ingressMiddlewares "traefik" dict -}} + {{- end -}} + + {{- $filteredMiddlewares := dict -}} + {{- $hasIngressEnabled := false -}} + {{/* Go over all ingresses and get their defined middlewares */}} + {{- range $ingName, $ing := $.Values.ingress -}} + {{- $enabledIng := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $ing + "name" $ingName "caller" "Ingress" + "key" "ingress")) -}} + + {{/* Skip disabled ingresses or ingresses without traefik integration */}} + {{- if ne $enabledIng "true" -}}{{- continue -}}{{- end -}} + {{- if not $ing.integrations -}} + {{- $_ := set $ing "integrations" dict -}} + {{- end -}} + {{- if not $ing.integrations.traefik -}} + {{- $_ := set $ing.integrations "traefik" dict -}} + {{- end -}} + {{- $traefik := $ing.integrations.traefik -}} + {{- $enabledTraefikIntegration := "false" -}} + {{- if and (hasKey $traefik "enabled") (kindIs "bool" $traefik.enabled) -}} + {{- $enabledTraefikIntegration = $traefik.enabled | toString -}} + {{- end -}} + {{- if ne $enabledTraefikIntegration "true" }}{{- continue -}}{{- end -}} + + {{- $hasIngressEnabled = true -}} + + {{/* User middlewares */}} + {{- if and $traefik.middlewares (not (kindIs "slice" $traefik.middlewares)) -}}{{- continue -}}{{- end -}} + {{- range $mw := $traefik.middlewares -}} + {{- if $mw.namespace -}}{{- continue -}}{{- end -}} + {{- $_ := set $filteredMiddlewares $mw.name "user-mw" -}} + {{- end -}} + + {{/* Chart middlewares */}} + {{- if and $traefik.chartMiddlewares (not (kindIs "slice" $traefik.chartMiddlewares)) -}}{{- continue -}}{{- end -}} + {{- range $mw := $traefik.chartMiddlewares -}} + {{- if $mw.namespace -}}{{- continue -}}{{- end -}} + {{- $_ := set $filteredMiddlewares $mw.name "chart-mw" -}} + {{- end -}} + + {{- end -}} + + {{- if $hasIngressEnabled -}} + {{/* Global Middlewares */}} + {{- range $mw := $.Values.global.traefik.commonMiddlewares -}} + {{- if $mw.namespace -}}{{- continue -}}{{- end -}} + {{- $_ := set $filteredMiddlewares $mw.name "global-mw" -}} + {{- end -}} + {{- end -}} + + {{- range $name, $middleware := $.Values.ingressMiddlewares.traefik -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $middleware + "name" $name "caller" "Middleware" + "key" "middlewares")) + -}} + + {{- if ne $enabled "true" -}} + {{- $indexedMid := get $filteredMiddlewares $name -}} + {{- if not $indexedMid -}}{{- continue -}}{{- end -}} + + {{/* + If current middleware manifest is in the middlewares listed under one of the above sections + Forcefully enable it/render it. + */}} + {{- $enabled = "true" -}} + + {{- if eq $indexedMid "user-mw" -}} + {{- include "add.warning" (dict "rootCtx" $ "warn" (printf + "WARNING: Because middleware [%s] was used in an ingress under traefik integration, it was forcefully enabled." + )) -}} + {{- end -}} + {{- end -}} + + {{- if eq $enabled "true" -}} + {{/* Create a copy of the middleware */}} + {{- $objectData := (mustDeepCopy $middleware) -}} + + {{- $objectName := $name -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $objectData + "name" $name "caller" "Middleware" + "key" "middlewares")) -}} + + {{- if eq $expandName "true" -}} + {{- $objectName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{/* Perform validations */}} {{/* Middleware have a max name length of 253 */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName "length" 253) -}} + {{- include "tc.v1.common.lib.traefik.middleware.validation" (dict "objectData" $objectData) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Middleware") -}} + + {{/* Set the name of the middleware */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.traefik.middleware" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/values/_init.tpl b/charts/baikal/baikal/charts/common/templates/values/_init.tpl new file mode 100644 index 0000000..f36747d --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/values/_init.tpl @@ -0,0 +1,31 @@ +{{/* Merge chart values and the common chart defaults */}} +{{/* The ".common" is the name of the library */}} +{{/* Call this template: +{{ include "tc.v1.common.values.init" $ }} +*/}} + +{{- define "tc.v1.common.values.init" -}} + {{- if .Values.common -}} + {{- $commonValues := mustDeepCopy .Values.common -}} + {{- $chartValues := mustDeepCopy (omit .Values "common") -}} + {{- $mergedValues := mustMergeOverwrite $commonValues $chartValues -}} + {{- range $name, $dependencyValues := .Values.dependencies -}} + {{ $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $dependencyValues + "name" $name "caller" "dependency" + "key" "dependencies")) }} + {{- if eq $enabled "true" -}} + {{- $dependencyValues := omit $dependencyValues "global " -}} + {{- $dependencyValues := omit $dependencyValues "securityContext " -}} + {{- $dependencyValues := omit $dependencyValues "podOptions " -}} + {{- $mergedValues = mustMergeOverwrite $mergedValues $dependencyValues -}} + {{- end -}} + {{- range $mergedValues.addons -}} + {{- if .enabled -}} + {{- $mergedValues = mustMergeOverwrite $mergedValues . -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- $_ := set . "Values" (mustDeepCopy $mergedValues) -}} + {{- end -}} +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/templates/values/_validate.tpl b/charts/baikal/baikal/charts/common/templates/values/_validate.tpl new file mode 100644 index 0000000..3d4f7a1 --- /dev/null +++ b/charts/baikal/baikal/charts/common/templates/values/_validate.tpl @@ -0,0 +1,32 @@ +{{/* Validates any object that it does not contain helm errors */}} +{{/* This usually can happen after merging values from an include that did not render correcly */}} +{{/* Any object will be passed to "toYaml" */}} +{{/* Call this template: +{{ include "tc.v1.common.values.validate" . }} +*/}} +{{- define "tc.v1.common.values.validate" -}} + {{- $allValues := (toYaml .) -}} + + {{- if contains "error converting YAML to JSON" $allValues -}} + {{/* Print values to show values with the error included. */}} + {{/* Ideally we would want to extract the error only, but because it usually contains ":", + It gets parsed as dict and it cant regex matched it afterwards */}} + + {{- fail (printf "%s \n %s \n\n %s \n %v \n %s \n\n %s" + "Chart - Values contain an error that may be a result of merging. Make sure you don't have any invalid YAML characters starting a value." + "Renderd Values containing the error:" + "=============================================================================================" + $allValues + "=============================================================================================" + "See error above values." + ) -}} + {{- end -}} + + {{/* Catch update related issues */}} + {{- if .addons -}} + {{- if .addons.vpn -}} + {{- fail (printf "Your current Common-Chart version does not support [.Values.addons.vpn] please use [.Values.addons.tailscale] or [.Values.addons.gluetun] instead") }} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/charts/baikal/baikal/charts/common/values.yaml b/charts/baikal/baikal/charts/common/values.yaml new file mode 100644 index 0000000..4c8b781 --- /dev/null +++ b/charts/baikal/baikal/charts/common/values.yaml @@ -0,0 +1,1365 @@ +# -- Global values +global: + # -- Set additional global labels + labels: {} + # -- Set additional global annotations + annotations: {} + # -- Set a global namespace + # TODO: Currently some objects do not support this + namespace: "" + diagnosticMode: + enabled: false + fallbackDefaults: + # -- Define a storageClassName that will be used for all PVCs + # Can be overruled per PVC + storageClass: + # -- Default probe type + probeType: http + # -- Default Service Protocol + serviceProtocol: tcp + # -- Default Service Type + serviceType: ClusterIP + # -- Default persistence type + persistenceType: pvc + # -- Default Retain PVC + pvcRetain: false + # -- Default PVC Size + pvcSize: 100Gi + # -- Default VCT Size + vctSize: 100Gi + # -- Default PVC Access Modes + accessModes: + - ReadWriteOnce + # -- Default VCT Access Modes + vctAccessModes: + - ReadWriteOnce + # -- Default probe timeouts + probeTimeouts: + liveness: + initialDelaySeconds: 12 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + readiness: + initialDelaySeconds: 10 + periodSeconds: 12 + timeoutSeconds: 5 + failureThreshold: 4 + successThreshold: 2 + startup: + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 60 + successThreshold: 1 + # -- Define a postgresql version for CNPG + # will be used for all CNPG objects + # Can be overruled per CNPG objects + + # -- Define a topologyKey for default topologySpreadConstraints + # Will be used when defaultSpread: true + topologyKey: kubernetes.io/hostname + cnpg: + pgVersion: 16 + skipEmptyWalArchiveCheck: true + traefik: + commonMiddlewares: + - name: tc-basic-secure-headers + # -- Minimum nodePort value + minNodePort: 9000 + # -- Enable to stop most pods and containers including cnpg + # does not include stand-alone pods + stopAll: false + +# -- Explicitly set a namespace for this chart only +namespace: "" + +image: + repository: ghcr.io/traefik/whoami + pullPolicy: IfNotPresent + tag: v1.11.0@sha256:200689790a0a0ea48ca45992e0450bc26ccab5307375b41c84dfc4f2475937ab + +chartContext: + appUrl: "" + podCIDR: "" + svcCIDR: "" + +# -- Security Context +securityContext: + # -- Container security context for all containers + # Can be overruled per container + container: + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + privileged: false + seccompProfile: + type: RuntimeDefault + capabilities: + add: [] + drop: + - ALL + # When set to false, it will automatically + # add CHOWN, SETUID, SETGID, FOWNER, DAC_OVERRIDE + # capabilities ONLY when container runs as ROOT + disableS6Caps: false + # -- PUID for all containers + # Can be overruled per container + PUID: 568 + # -- UMASK for all containers + # Can be overruled per container + UMASK: "0022" + # -- Pod security context for all pods + # Can be overruled per pod + pod: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: [] + sysctls: [] + +# -- Resources +# Can be overruled per container +resources: + limits: + cpu: 1000m + memory: 1500Mi + requests: + cpu: 100m + memory: 250Mi + +containerOptions: + NVIDIA_CAPS: + - all + +# -- Options for all pods +# Can be overruled per pod +podOptions: + enableServiceLinks: false + hostNetwork: false + hostPID: false + hostIPC: false + # If this key exists, takes precedence over the automated calculation + # hostUsers: false + shareProcessNamespace: false + affinity: {} + dnsPolicy: ClusterFirst + dnsConfig: + options: + - name: ndots + value: "1" + hostAliases: [] + nodeSelector: + kubernetes.io/arch: "amd64" + # -- Used to enforce a good spread for Deployments and StatefulSets by default + defaultSpread: true + defaultAffinity: true + topologySpreadConstraints: [] + tolerations: [] + schedulerName: "" + priorityClassName: "" + runtimeClassName: "" + automountServiceAccountToken: false + terminationGracePeriodSeconds: 60 + +# -- (docs/workload/README.md) +workload: + main: + enabled: true + primary: true + type: Deployment + dbWait: true + podSpec: + containers: + main: + enabled: true + primary: true + imageSelector: image + probes: + liveness: + enabled: true + type: "{{ .Values.service.main.ports.main.protocol }}" + port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}" + readiness: + enabled: true + type: "{{ .Values.service.main.ports.main.protocol }}" + port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}" + startup: + enabled: true + type: "{{ .Values.service.main.ports.main.protocol }}" + port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}" + +# -- Timezone used everywhere applicable +TZ: UTC + +# -- Diagnostic Mode +diagnosticMode: + enabled: false + +# -- Vertical pod autoscaler +vpa: + main: + enabled: false + targetSelector: [] + # updatePolicy: + # updateMode: auto + resourcePolicy: + containerPolicies: + - containerName: "*" + minAllowed: + cpu: 50m + memory: 50Mi + maxAllowed: + cpu: 8000m + memory: 20Gi + controlledResources: ["cpu", "memory"] + +# -- Horizontal pod autoscaler +hpa: + main: + enabled: false + targetSelector: [] + # minReplicas: 1 + # maxReplicas: 3 + + # metrics: # Optional, list of metric specs + # - type: Resource # Can be Resource, Pods, Object, External, or ContainerResource + # resource: + # name: cpu + # target: + # type: Utilization # Or Value / AverageValue + # averageUtilization: 50 + + # - type: Resource + # resource: + # name: memory + # target: + # type: AverageValue + # averageValue: 500Mi + + # behavior: # Optional: controls scaling behavior + # scaleUp: + # stabilizationWindowSeconds: 0 + # policies: + # - type: Percent + # value: 100 + # periodSeconds: 15 + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 4 + # periodSeconds: 60 + +# -- (docs/service/README.md) +service: + main: + ## Integration stuff + # integration: + # metallb: + # enabled: false + ## Optional to set shared key manually, otherwise set to namespace + # sharedKey: "" + # + # cilium: + # enabled: false + ## Optional to set shared key manually, otherwise ignored (namespace sharing) + # sharedKey: "" + # + # traefik: + # enabled: false + enabled: true + primary: true + ports: + main: + enabled: true + primary: true + protocol: http + +credentials: + {} + # mys3: + # type: s3 + # url: "" + # path: "" + # bucket: "" + # accessKey: "" + # secretKey: "" + # ## Is used in cases where things are encrypted by a backup utility + # encrKey: "" + +ingressMiddlewares: + traefik: + tc-basic-secure-headers: + enabled: false + type: headers + data: + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + accessControlMaxAge: 100 + stsSeconds: 63072000 + forceSTSHeader: true + contentTypeNosniff: true + browserXssFilter: true + referrerPolicy: same-origin + customRequestHeaders: + X-Forwarded-Proto: "https" +# basic-auth: +# enabled: true +# type: basicAuth +# data: +# # middleware specific data ie +# users: +# - username: user1 +# password: password1 +# some-other-middleware: +# enabled: true +# type: someOtherMiddleware +# data: +# # middleware specific data ie +# someOtherMiddlewareData: someOtherMiddlewareData + +# -- (docs/persistence/README.md) +persistence: + shared: + enabled: true + type: emptyDir + mountPath: /shared + targetSelectAll: true + varlogs: + enabled: true + type: emptyDir + mountPath: /var/logs + medium: Memory + targetSelectAll: true + varrun: + enabled: true + type: emptyDir + mountPath: /var/run + medium: Memory + targetSelectAll: true + tmp: + enabled: true + type: emptyDir + mountPath: /tmp + medium: Memory + targetSelectAll: true + devshm: + enabled: true + type: emptyDir + mountPath: /dev/shm + medium: Memory + targetSelectAll: true +# backupexample: +# ## the default backup path, is the credential path suffixed by the releasename, volsync and both the pvc and volsync names +# enabled: true +# type: pvc +# mountPath: /backedup +# targetSelectAll: true +# volsync: +# - name: mybackup +# ## TODO: other options +# type: restic +# credentials: mys3 +# dest: +# enabled: true +# src: +# enabled: true +# iscsi: +# enabled: true +# type: iscsi +# mountPath: /dev/shm +# iscsi: +# targetPortal: 10.0.2.15:3260 +# portals: ['10.0.2.16:3260', '10.0.2.17:3260'] #optional +# iqn: iqn.2001-04.com.example:storage.kube.sys1.xyz +# lun: 0 +# fsType: ext4 #Optional +# iscsiInterface: default #Optional +# initiatorName: iqn.1994-05.com.redhat:node1 #Optional +# authSession: +# username: "someusername" +# password: "somepassword" +# usernameInitiator: "someusernameInitiator" +# passwordInitiator: "somepasswordInitiator" +# authDiscovery: +# username: "someusername" +# password: "somepassword" +# usernameInitiator: "someusernameInitiator" +# passwordInitiator: "somepasswordInitiator" +# vct: +# enabled: true +# type: vct +# mountPath: /shared +# dynamic-pvc: +# enabled: true +# type: pvc +# mountPath: /shared +# targetSelectAll: true +# dynamic-pvc-dataSource: +# enabled: true +# type: pvc +# mountPath: /shared +# targetSelectAll: true +# dataSource: +# kind: "PersistentVolumeClaim" +# name: "existingPVC" +# existing-claim: +# enabled: true +# type: pvc +# existingClaim: "someclaim" +# mountPath: /shared +# targetSelectAll: true +# existingpv-pvc: +# enabled: true +# type: pvc +# mountPath: /shared +# targetSelectAll: true +# volumeName: "somePV" +# static-nfs-pvc: +# enabled: true +# type: pvc +# mountPath: /shared +# targetSelectAll: true +# static: +# mode: nfs +# server: "/someserver" +# share: "someshare" +# static-smb-pvc: +# enabled: true +# type: pvc +# mountPath: /shared +# targetSelectAll: true +# static: +# mode: smb +# server: "/someserver" +# share: "someshare" +# domain: "somedomain" +# user: "someuser" +# password: "somepass" +# static-custom-pvc: +# enabled: true +# type: pvc +# mountPath: /shared +# targetSelectAll: true +# static: +# mode: custom +# provisioner: "some.provisioner" +# driver: "somedriver" +# # Custom CSI definition here +# csi: {} +# example-volumesnapshot: +# enabled: true +# type: pvc +# mountPath: /shared +# targetSelectAll: true +# volumeSnapshots: +# - name: "mysnapshot" +# volumeSnapshotClassName: "mysnapshotclass" (optional) + +volumeSnapshotClass: {} +volumeSnapshots: {} +# volumeSnapshots: +# mysnapshot: +# volumeSnapshotClassName: "mycustomsnapshot" (optional) +# source: +# # pick one +# persistentVolumeClaimName: "mypvcname" (does not get altered) +# volumeSnapshotContentName: "mysnapshotname" + +# -- (docs/imagePullSecrets.md) +imagePullSecret: {} + +# -- (docs/configmap.md) +configmap: {} + +# -- (docs/secret.md) +secret: {} + +# -- (docs/serviceAccount.md) +serviceAccount: {} + +# -- (docs/rbac.md) +rbac: {} + +# NOTES.txt +notes: + header: | + # Thank you for installing {{ .Chart.Name }} by TrueCharts. + # custom: "{{ toYaml $.Values }}" + custom: | + {{- if .Values.chartContext.appUrl }} + ## Connecting externally + You can use this Chart by opening the following links in your browser: + - {{ toYaml .Values.chartContext.appUrl }} + {{- end }} + + {{ if .Chart.Dependencies }} + ## Dependencies for {{ .Chart.Name }} + + {{- range .Chart.Dependencies }} + - Chart: {{ .Repository }}/{{ .Name }} + Version: {{ .Version }} + {{- end }} + {{- end }} + + + {{- if .Values.chartContext.internalUrls }} + ## Connecting Internally + + You can reach this chart inside your cluster, using the following service URLS: + {{- range $url := .Values.chartContext.internalUrls -}} + - {{ $url }} + {{- end }} + {{- end }} + + ## Sources for {{ .Chart.Name }} + + {{- range .Chart.Sources }} + - {{ . }} + {{- end -}} + + {{- $link := .Chart.Annotations.docs -}} + {{- if not $link -}} + {{- $link = .Chart.Home -}} + {{- end }} + + See more for **{{ $.Chart.Name }}** at ({{ $link }}) + footer: | + ## Documentation + Please check out the TrueCharts documentation on: + https://truecharts.org + + OpenSource can only exist with your help, please consider supporting TrueCharts: + https://truecharts.org/sponsor + warnings: [] + +#### +## +## TrueCharts Specific Root Objects +## +#### + +gluetunImage: + repository: tccr.io/tccr/gluetun + tag: v3.40.0@sha256:a8189e29155e0f8142be1500ae068a92b189b1b25abbba036321e74d6389bf2b + pullPolicy: IfNotPresent + +netshootImage: + repository: tccr.io/tccr/netshoot + tag: v0.14.0@sha256:28ede4317d22391e7d89a15eb78dc2afc3587ece02c76c983dde7239a0e43679 + pullPolicy: IfNotPresent + +tailscaleImage: + repository: tccr.io/tccr/tailscale + tag: v1.86.2@sha256:7694928c789a246fe2fb58e10dd604f66b18b4ef961409095b689f7762523ed1 + pullPolicy: IfNotPresent + +codeserverImage: + repository: tccr.io/tccr/code-server + tag: v4.103.1@sha256:b754400a938e74eaaf07fa6fb9b64a24a4e6c5d88c94f914748b202f1fb57ce6 + pullPolicy: IfNotPresent + +alpineImage: + repository: tccr.io/tccr/alpine + tag: v3.22.1 + pullPolicy: IfNotPresent + +scratchImage: + repository: tccr.io/tccr/scratch + tag: latest@sha256:4aef9dbf99ea2a8857ed4ce9d9bf79d330b79044884c7374e392445d122ec746 + pullPolicy: IfNotPresent + +kubectlImage: + repository: tccr.io/tccr/kubectl + tag: latest@sha256:b16dca4e8ec1c9128a8b7712ebd3713f69d3dd24d622799a482e7ce3929a702b + pullPolicy: IfNotPresent + +wgetImage: + repository: tccr.io/tccr/wget + tag: v1.0.0@sha256:961566b0149f766abfaa82326aad9c3089e3311eca5d4910ff2d4faf70ddbb10 + pullPolicy: IfNotPresent + +yqImage: + pullPolicy: IfNotPresent + repository: docker.io/mikefarah/yq + tag: 4.47.1@sha256:b9285dd3b0bea3c34d0c54415dd48d767dabd9644d489bd6e253660847b58419 + +postgresClientImage: + repository: tccr.io/tccr/db-wait-postgres + tag: v1.1.0@sha256:182687540102534aeb28fce4d124274e81a849a43556214977c378ae2a580b35 + pullPolicy: IfNotPresent + +mariadbClientImage: + repository: tccr.io/tccr/db-wait-mariadb + tag: v1.1.0@sha256:bd60b6087bacaf5e697243f764065ea5d04da1af703b2009be3752c1aede6d32 + pullPolicy: IfNotPresent + +redisClientImage: + repository: tccr.io/tccr/db-wait-redis + tag: v1.1.0@sha256:14c792c5d2faf5b5c7f8325e387700d70571bf930d321de81483aa704c198e40 + pullPolicy: IfNotPresent + +mongodbClientImage: + repository: tccr.io/tccr/db-wait-mongodb + tag: v1.2.0@sha256:fe22e616bd3facd3d2e959cfaae9795a8503c8fb6bb90487a14dfd14cbd3ffe3 + pullPolicy: IfNotPresent + +postgres15Image: + repository: ghcr.io/cloudnative-pg/postgresql + tag: "15.13" + pullPolicy: IfNotPresent + +postgres16Image: + repository: ghcr.io/cloudnative-pg/postgresql + tag: "16.9" + pullPolicy: IfNotPresent + +postgresPostgis15Image: + repository: ghcr.io/cloudnative-pg/postgis + tag: "15-3.4" + pullPolicy: IfNotPresent + +postgresPostgis16Image: + repository: ghcr.io/cloudnative-pg/postgis + tag: "16-3.4" + pullPolicy: IfNotPresent + +postgresVectors15Image: + repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs + tag: "15.7-v0.2.1" + pullPolicy: IfNotPresent + +postgresVectors16Image: + repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs + tag: "16.3-v0.2.1" + pullPolicy: IfNotPresent + +# -- OpenVPN specific configuration +# @default -- See below +openvpnImage: + # -- Specify the openvpn client image + repository: tccr.io/tccr/openvpn-client + # -- Specify the openvpn client image tag + tag: latest@sha256:9bfdf50791d6e51056e31c03f73c9db329b2b72e7746155cfdc63e0c8b49b55a + # -- Specify the openvpn client image pull policy + pullPolicy: IfNotPresent + +# -- WireGuard specific configuration +# @default -- See below +wireguardImage: + # -- Specify the WireGuard image + repository: tccr.io/tccr/wireguard + # -- Specify the WireGuard image tag + tag: v1.0.20210914@sha256:683b8b74d64ebd07f9955147539834c2a4b60fee51d2a36fa76b9aba689601bf + # -- Specify the WireGuard image pull policy + pullPolicy: IfNotPresent + +# -- Configure the ingresses for the chart here. +# Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress. +# @default -- See below +ingress: + main: + # -- Enables or disables the ingress + enabled: false + # -- Make this the primary ingress (used in probes, notes, etc...). + # If there is more than 1 ingress, make sure that only 1 ingress is marked as primary. + primary: true + # -- Ensure this ingress is always enabled. + required: false + # expandObjectName: false + # -- Provide additional labels which may be required. + labels: {} + # -- Provide additional annotations which may be required. + annotations: {} + # -- Set the ingressClass that is used for this ingress. + # Requires Kubernetes >=1.19 + ingressClassName: "" + # Defaults to primary service and primary port + # targetSelector: + # # service: port + # main: main + ## Configure the hosts for the ingress + hosts: [] + # - # -- Host address. Helm template can be passed. + # host: chart-example.local + # ## Configure the paths for the host + # paths: + # - # -- Path. Helm template can be passed. + # path: / + # # -- Ignored if not kubeVersion >= 1.14-0 + # pathType: Prefix + # # -- Overrides the service reference for this path, by default the selector is honored + # overrideService: + # # -- Overrides the service name reference for this path + # name: + # # -- Overrides the service port reference for this path + # port: + # -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template. + # Gets ignored when clusterIssuer is filled + tls: [] + # - secretName: chart-example-tls + # certificateIssuer: "" + # hosts: + # - chart-example.local + integrations: + certManager: + enabled: false + certificateIssuer: "" + traefik: + enabled: false + # Default to websecure + entrypoints: + - websecure + # Ensures tls annotation is set + forceTLS: true + middlewares: [] + # - name: my-middleware + # # Optional, by default will try to + # # "lookup" the namespace based on the name + # namespace: "" + nginx: + enabled: false + themepark: + enabled: false + css: "" + ipWhitelist: [] + auth: + # empty to disable, options: "authentik" or "authelia" + type: "" + # Internal Domain name + port to reach the auth provider, excluding http(s) + internalHost: "" + # External (ingress) Domain name to reach the auth provider, excluding http(s) + externalHost: "" + # Optional: override default response headers + responseHeaders: [] + homepage: + enabled: false + # Default: chart name + name: "" + # Default: chart description + description: "" + # Default: no group + group: "" + # Default: chart icon + icon: "" + widget: + # Default: chartname + type: "" + # Default to ingress host 0 + url: "" + custom: + # somesetting: some value + customkv: + # - key: some key + # value: some value + +certificate: {} +# main: +# enabled: false +# certificateIssuer: someissuer +# hosts: +# - somehost +# # Optional +# certificateSecretTemplate: +# labels: {} +# annotations: {} + +# -- BETA: Configure the gateway routes for the chart here. +# Additional routes can be added by adding a dictionary key similar to the 'main' route. +# Please be aware that this is an early beta of this feature, TrueCharts does not guarantee this actually works. +# Being BETA this can/will change in the future without notice, please do not use unless you want to take that risk +# [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2) +# @default -- See below +route: + main: + # -- Enables or disables the route + enabled: false + # -- Set the route kind + # Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute + kind: HTTPRoute + # -- Provide additional annotations which may be required. + annotations: {} + # -- Provide additional labels which may be required. + labels: {} + # -- Configure the resource the route attaches to. + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: + namespace: + sectionName: + # -- Host addresses + hostnames: [] + # -- Configure rules for routing. Defaults to the primary service. + rules: + - backendRefs: + - group: "" + kind: Service + name: + namespace: + port: + weight: 1 + ## Configure conditions used for matching incoming requests. Only for HTTPRoutes + matches: + - path: + type: PathPrefix + value: / + +podDisruptionBudget: + main: + enabled: false + # -- Custom Selector Labels + # customLabels: + # customKey: customValue + # maxUnavailable: 1 + # minAvailable: 1 + targetSelector: main + +webhook: + validating: + enabled: false + type: validating + webhooks: [] + mutating: + enabled: false + type: mutating + webhooks: [] + +priorityClass: {} +# priorityClass: +# example: +# provisioner: some.provisioner.io +# enabled: true +# value: 1000000 +# preemptionPolicy: PreemptLowerPriority +# globalDefault: false +# description: "some description" + +# # -- create storageClasses on demand +storageClass: {} +# storageClass: +# example: +# provisioner: some.provisioner.io +# enabled: true +# isDefaultClass: false +# parameters: {} +# reclaimPolicy: retain +# allowVolumeExpansion: true +# volumeBindingMode: Immediate +# mountOptions: [] + +metrics: + main: + enabled: false + primary: true + # options: servicemonitor, podmonitor + type: "servicemonitor" + # defaults to selectorLabels + selector: {} + endpoints: + - port: main + interval: 5s + scrapeTimeout: 5s + path: / + honorLabels: false + prometheusRule: + enabled: false + groups: {} + # somegroup: + # # list of rules + # rules: [] + # # list to support adding rules via the SCALE GUI without overwrithing the rules + # additionalrules: [] + # List to support adding groups using the SCALE GUI + additionalgroups: + # - name: "somegroup" + # # list of rules + # rules: [] + # # list to support adding rules via the SCALE GUI without overwrithing the rules + # additionalrules: [] + +# -- The common chart supports several add-ons. These can be configured under this key. +# @default -- See below +addons: + gluetun: + enabled: false + targetSelector: + - main + secret: + # vpn-conf: + # basePath: /gluetun/wireguard + # data: + # # Effective path /gluetun/wireguard/wg0.conf + # wg0.conf: | + # some conf + # wg1.conf: | + # some conf + # scripts: + # basePath: /gluetun/scripts + # defaultMode: "0777" + # data: + # # Effective path /gluetun/scripts/up.sh + # up.sh: | + # some conf + container: + enabled: true + imageSelector: gluetunImage + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + resources: + excludeExtra: true + securityContext: + runAsUser: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + runAsGroup: 568 + capabilities: + add: + - NET_ADMIN + - NET_RAW + - MKNOD + env: + DOT: "off" + DNS_KEEP_NAMESERVER: "on" + FIREWALL: "off" + FIREWALL_OUTBOUND_SUBNETS: "" + FIREWALL_INPUT_PORTS: "" + + # -- Tailscale specific configuration + # @default -- See below + # See more info for the configuration + # https://github.com/tailscale/tailscale/blob/main/docs/k8s/run.sh + tailscale: + enabled: false + targetSelector: + - main + # -- you can directly specify the config file here + config: "" + container: + enabled: true + imageSelector: "tailscaleImage" + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + command: + - /usr/local/bin/containerboot + resources: + excludeExtra: true + env: + # Set KUBE_SECRET to empty string to force tailscale + # to use the filesystem for state tracking. + # With secret for state tracking you can't always + # know if the app that uses this sidecard will + # use a custom ServiceAccount and will lead to falure. + TS_KUBE_SECRET: "" + TS_SOCKET: /var/run/tailscale/tailscaled.sock + TS_STATE_DIR: /var/lib/tailscale/state + TS_USERSPACE: true + TS_AUTH_ONCE: true + TS_ACCEPT_DNS: false + TS_AUTH_KEY: "" + TS_TAILSCALED_EXTRA_ARGS: "" + TS_EXTRA_ARGS: "" + TS_SOCKS5_SERVER: "" + TS_DEST_IP: "" + TS_ROUTES: "" + TS_OUTBOUND_HTTP_PROXY_LISTEN: "" + securityContext: + capabilities: + add: + - NET_ADMIN + - NET_RAW + + # -- Auth key to connect to the VPN Service + authkey: "" + # As a sidecar, it should only need to run in userspace + userspace: true + auth_once: true + accept_dns: false + routes: "" + dest_ip: "" + sock5_server: "" + extra_args: "" + daemon_extra_args: "" + outbound_http_proxy_listen: "" + # -- Annotations for tailscale sidecar + annotations: {} + + # -- The common library supports adding a code-server add-on to access files. It can be configured under this key. + # @default -- See values.yaml + codeserver: + enabled: false + # -- Enable running a code-server container in the pod + container: + enabled: true + probes: + liveness: + enabled: true + port: 12321 + path: "/" + readiness: + enabled: true + port: 12321 + path: "/" + startup: + enabled: true + port: 12321 + path: "/" + imageSelector: "codeserverImage" + resources: + excludeExtra: true + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + args: + - "--port" + - "12321" + - "/" + - --auth + - none + # - --user-data-dir + # - "/config/.vscode" + # -- Select a workload to add the addon to + targetSelector: + - "main" + + service: + # -- Enable a service for the code-server add-on. + enabled: true + type: ClusterIP + # Specify the default port information + ports: + codeserver: + enabled: true + primary: true + protocol: http + port: 12321 + targetPort: 12321 + + ingress: + # -- Enable an ingress for the code-server add-on. + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + labels: {} + hosts: + - host: code.chart-example.local + paths: + - path: / + # Ignored if not kubeVersion >= 1.14-0 + pathType: Prefix + tls: [] + + netshoot: + # -- Enable running a netshoot container in the pod + enabled: false + container: + enabled: true + command: + - /bin/sh + - -c + - sleep infinity + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + imageSelector: "netshootImage" + resources: + excludeExtra: true + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + capabilities: + add: + - NET_ADMIN + - NET_RAW + +dependencies: + +########################################################################## +# This section contains some pre-config for frequently used dependencies # +########################################################################## + +cnpg: + main: + enabled: false + primary: true + # -- Puts the cnpg cluster in hibernation mode + hibernate: false + # Additional Labels and annotations for all cnpg objects + labels: {} + annotations: {} + + # Type of the CNPG database. Available types: + # * `postgres` + # * `postgis` + # * `timescaledb` + # * `vectors` + type: postgres + + # Version of Postgresql to use, changes cluster naming scheme + # * `15` + # * `16` + pgVersion: 16 + + # Cluster mode of operation. Available modes: + # * `standalone` - default mode. Creates new or updates an existing CNPG cluster. + # * `replica` - Creates a replica cluster from an existing CNPG cluster. # TODO + # * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup. + mode: standalone + + # Database details + database: "app" + user: "app" + password: "PLACEHOLDERPASSWORD" + + # Database cluster configuration + cluster: + # Additional Labels and annotations for cnpg cluster + labels: {} + annotations: {} + + # Number of instances + instances: 2 + + # set to true on single-node clusters to allow PVCs to be kept on instance restart + singleNode: false + + ## set to configure the skipEmptyWalArchiveCheck annotation + # skipEmptyWalArchiveCheck: true + # # -- storage size for the data pvc's + # # Follows the same spec as .Values.Persistence type=PVC + # storage: + # size: "256Gi" + # # -- storage size for the wal pvc's + # # Follows the same spec as .Values.Persistence type=PVC + # walStorage: + # size: "256Gi" + # -- Gets scaled to 0 if hibernation is true + ## See .Values.resources for more info + # resources: + + # Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been + # successfully updated. It can be switchover (default) or in-place (restart). + primaryUpdateMethod: switchover + + # Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been + # successfully updated: it can be automated (unsupervised - default) or manual (supervised) + # Example of rolling update strategy: + # - unsupervised: automated update of the primary once all + # replicas have been upgraded (default) + # - supervised: requires manual supervision to perform + # the switchover of the primary + # -- change to supervised to disable unsupervised updates + primaryUpdateStrategy: unsupervised + + # The instances' log level, one of the following values: error, warning, info (default), debug, trace + logLevel: info + + # The configuration for the CA and related certificates + # See: https://cloudnative-pg.io/documentation/current/api_reference/#CertificatesConfiguration + certificates: + + # When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password. + # If the secret is not present, the operator will automatically create one. + # When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created, + # and then blank the password of the postgres user by setting it to NULL. + + # enableSuperuserAccess: true + + # Configuration of the PostgreSQL server + # See: https://cloudnative-pg.io/documentation/current/api_reference/#PostgresConfiguration + postgresql: + + # BootstrapInitDB is the configuration of the bootstrap process when initdb is used + # See: https://cloudnative-pg.io/documentation/current/bootstrap/ + # See: https://cloudnative-pg.io/documentation/current/api_reference/#bootstrapinitdb + initdb: {} + # postInitSQL: + # - CREATE EXTENSION IF NOT EXISTS vector; + # postInitApplicationSQL: + # - CREATE EXTENSION IF NOT EXISTS someextension; + # -- set to enable prometheus metrics + monitoring: + enablePodMonitor: false + disableDefaultQueries: false + customQueries: [] + # - name: "pg_cache_hit_ratio" + # expandObjectName: true + # key: "custom-key" (defaults to "custom-queries") + # query: "SELECT current_database() as datname, sum(heap_blks_hit) / (sum(heap_blks_hit) + sum(heap_blks_read)) as ratio FROM pg_statio_user_tables;" + # metrics: + # - datname: + # usage: "LABEL" + # description: "Name of the database database" + # - ratio: + # usage: GAUGE + # description: "Cache hit ratio" + # Recovery settings if the chosen mode is `recovery`. + recovery: + ## + # Backup Recovery Method + # Available recovery methods: + # * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace. + # * `object_store` - Recovers a CNPG cluster from a barman object store (PITR supported). + # * `pg_basebackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to + # migrate databases to CloudNativePG, even from outside Kubernetes. # TODO + method: object_store + ## set a revision to append to the serverName to ensure restore and backup dont target the same thing + # revision: 1 + + # override serverName in recovery obkect + servername: "" + + ## Point in time recovery target. Specify one of the following: + pitrTarget: + # Time in RFC3339 format + time: "" + + # Name of the backup to recover from. Required if method is `backup`. + backupName: "" + + # Object Store Recovery Method + clusterName: "" + + # Overrides the provider specific default path. Defaults to: + # S3: s3:// + # Azure: https://..core.windows.net/ + # Google: gs:// + destinationPath: "" + + # Database cluster backup configuration + backups: + # You need to configure backups manually, so backups are disabled by default. + enabled: false + + encryption: + enabled: false + ## set a revision to append to the serverName to ensure restore and backup dont target the same thing + # revision: 1 + + # override serverName in recovery obkect + servername: "" + + # Overrides the provider specific default path. Defaults to: + # S3: s3:// + # Azure: https://..core.windows.net/ + # Google: gs:// + destinationPath: "" + + # default: primary, other option prefer-standby + target: "" + + # name of credentials in .Values.Credentials + credentials: "" + + scheduledBackups: + - name: daily-backup + schedule: "0 0 0 * * *" + backupOwnerReference: self + immediate: true + suspend: false + + retentionPolicy: "30d" + + # - Manual list of backups + manualBackups: [] + # - name: today + # labels: {} + # annotations: {} + # - name: beforeUpgrade + # labels: {} + # annotations: {} + + # Database cluster PgBouncer configuration + pooler: + enabled: false + # -- enable to create extra pgbouncer for readonly access + createRO: false + poolMode: session + # -- Gets scaled to 0 if hibernation is true + instances: 2 + # parameters: + # max_client_conn: "1000" + # default_pool_size: "25" + labels: {} + annotations: {} + + # -- contains credentials and urls output by generator + creds: {} + +# -- Redis dependency configuration +# @default -- See below +redis: + enabled: false + includeCommon: false + password: "PLACEHOLDERPASSWORD" + # -- can be used to make an easy accessible note which URLS to use to access the DB. + creds: {} + secret: + credentials: + enabled: false + +# -- mariadb dependency configuration +# @default -- See below +mariadb: + enabled: false + includeCommon: false + password: "PLACEHOLDERPASSWORD" + rootPassword: "PLACEHOLDERROOTPASSWORD" + # -- can be used to make an easy accessable note which URLS to use to access the DB. + creds: {} + +# -- mongodb dependency configuration +# @default -- See below +mongodb: + enabled: false + includeCommon: false + password: "PLACEHOLDERPASSWORD" + rootPassword: "PLACEHOLDERROOTPASSWORD" + # -- can be used to make an easy accessable note which URLS to use to access the DB. + creds: {} + +# -- clickhouse dependency configuration +# @default -- See below +clickhouse: + enabled: false + includeCommon: false + password: "PLACEHOLDERPASSWORD" + # -- can be used to make an easy accessable note which URLS to use to access the DB. + creds: {} + +# -- solr dependency configuration +# @default -- See below +solr: + enabled: false + includeCommon: false + password: "PLACEHOLDERPASSWORD" + solrCores: 1 + solrEnableAuthentication: "no" + # -- can be used to make an easy accessable note which URLS to use to access the DB. + creds: {} + +# -- List of extra objects to deploy with the release +extraTpl: [] diff --git a/charts/baikal/baikal/templates/common.yaml b/charts/baikal/baikal/templates/common.yaml new file mode 100644 index 0000000..78d963f --- /dev/null +++ b/charts/baikal/baikal/templates/common.yaml @@ -0,0 +1,2 @@ +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.all" . }} diff --git a/charts/baikal/baikal/values.yaml b/charts/baikal/baikal/values.yaml new file mode 100644 index 0000000..832853c --- /dev/null +++ b/charts/baikal/baikal/values.yaml @@ -0,0 +1,31 @@ +image: + pullPolicy: IfNotPresent + repository: docker.io/ckulka/baikal + tag: 0.10.1-nginx@sha256:434bdd162247cc6aa6f878c9b4dce6216e39e79526b980453b13812d5f8ebf4b +persistence: + config: + enabled: true + mountPath: /var/www/baikal/config + specific: + enabled: true + mountPath: /var/www/baikal/Specific + +securityContext: + container: + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsUser: 0 +service: + main: + ports: + main: + port: 10293 + protocol: http + targetPort: 80 +workload: + main: + podSpec: + containers: + main: + env: + BAIKAL_SKIP_CHOWN: false diff --git a/manifests/baikal/values.yaml b/manifests/baikal/values.yaml new file mode 100644 index 0000000..a73533c --- /dev/null +++ b/manifests/baikal/values.yaml @@ -0,0 +1,27 @@ +image: + repository: ckulka/baikal + tag: latest + pullPolicy: IfNotPresent + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: true + className: traefik + hosts: + - host: baikal.dvirlabs.com + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - baikal.dvirlabs.com + +persistence: + enabled: true + size: 5Gi + storageClass: nfs-client # or longhorn, depending on what you use + +resources: {}