[Common] Cert and Storage rework (#191)
* Add IX-Cert to Common and: - split storage - merge custom into common chart * Integrate most of the Bitnami Common Chart into ours
This commit is contained in:
committed by
kjeld Schouten-Lebbing
parent
14c9d393b5
commit
236ec00b2d
@@ -4,7 +4,7 @@ for chart in charts/*; do
|
||||
maxchartversion=$(cat ${chart}/${maxfolderversion}/Chart.yaml | grep "^version: " | awk -F" " '{ print $2 }')
|
||||
chartname=$(basename ${chart})
|
||||
echo "Processing: ${chart} - folder: ${maxfolderversion} - version: ${maxchartversion}"
|
||||
helm dependency update ${chart}/${maxfolderversion}
|
||||
helm dependency update --skip-refresh ${chart}/${maxfolderversion}
|
||||
if [ "${maxfolderversion}" != "${maxchartversion}" ]; then
|
||||
mv -f ${chart}/${maxfolderversion} ${chart}/${maxchartversion}
|
||||
echo "renamed ${chart}/${maxfolderversion} to ${chart}/${maxchartversion}"
|
||||
|
||||
@@ -22,5 +22,13 @@
|
||||
"definitions/nodeIP": {
|
||||
"stable": {"min": "20.12-ALPHA"},
|
||||
"nightlies": {"min": "20.12-MASTER"}
|
||||
},
|
||||
"definitions/certificate": {
|
||||
"stable": {"min": "21.02-ALPHA"},
|
||||
"nightlies": {"min": "21.02-MASTER"}
|
||||
},
|
||||
"definitions/certificateAuthority": {
|
||||
"stable": {"min": "21.02-ALPHA"},
|
||||
"nightlies": {"min": "21.02-MASTER"}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
apiVersion: v2
|
||||
kubeVersion: ">=1.16.0-0"
|
||||
name: common
|
||||
version: 1.3.2
|
||||
# upstream_version:
|
||||
version: 1.4.0
|
||||
# upstream_version: 3.0.1
|
||||
# appVersion:
|
||||
description: Function library for TrueCharts
|
||||
type: library
|
||||
|
||||
@@ -31,10 +31,11 @@ Main entrypoint for the common library chart. It will render all underlying temp
|
||||
{{- end -}}
|
||||
{{- print "---" | nindent 0 -}}
|
||||
{{ include "common.service" . | nindent 0 }}
|
||||
{{ include "common.custom.appService" . | nindent 0 }}
|
||||
{{ include "common.appService" . | nindent 0 }}
|
||||
{{- print "---" | nindent 0 -}}
|
||||
{{ include "common.ingress" . | nindent 0 }}
|
||||
{{- print "---" | nindent 0 -}}
|
||||
{{ include "common.custom.appIngress" . | nindent 0 }}
|
||||
{{ include "common.custom.mountpermissions" . | nindent 0 }}
|
||||
{{ include "common.appIngress" . | nindent 0 }}
|
||||
{{ include "common.storage.permissions" . | nindent 0 }}
|
||||
{{ include "common.resources.cert.secret" . | nindent 0 }}
|
||||
{{- end -}}
|
||||
|
||||
@@ -1,73 +0,0 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/*
|
||||
Return the target Kubernetes version
|
||||
*/}}
|
||||
{{- define "common.capabilities.kubeVersion" -}}
|
||||
{{- if .Values.global }}
|
||||
{{- if .Values.global.kubeVersion }}
|
||||
{{- .Values.global.kubeVersion -}}
|
||||
{{- else }}
|
||||
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
|
||||
{{- end -}}
|
||||
{{- else }}
|
||||
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the appropriate apiVersion for deployment.
|
||||
*/}}
|
||||
{{- define "common.capabilities.deployment.apiVersion" -}}
|
||||
{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- print "extensions/v1beta1" -}}
|
||||
{{- else -}}
|
||||
{{- print "apps/v1" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the appropriate apiVersion for statefulset.
|
||||
*/}}
|
||||
{{- define "common.capabilities.statefulset.apiVersion" -}}
|
||||
{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- print "apps/v1beta1" -}}
|
||||
{{- else -}}
|
||||
{{- print "apps/v1" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the appropriate apiVersion for ingress.
|
||||
*/}}
|
||||
{{- define "common.capabilities.ingress.apiVersion" -}}
|
||||
{{- if .Values.ingress -}}
|
||||
{{- if .Values.ingress.apiVersion -}}
|
||||
{{- .Values.ingress.apiVersion -}}
|
||||
{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- print "extensions/v1beta1" -}}
|
||||
{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- print "networking.k8s.io/v1beta1" -}}
|
||||
{{- else -}}
|
||||
{{- print "networking.k8s.io/v1" -}}
|
||||
{{- end }}
|
||||
{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- print "extensions/v1beta1" -}}
|
||||
{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- print "networking.k8s.io/v1beta1" -}}
|
||||
{{- else -}}
|
||||
{{- print "networking.k8s.io/v1" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Returns true if the used Helm version is 3.3+.
|
||||
A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure.
|
||||
This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error.
|
||||
**To be removed when the catalog's minimun Helm version is 3.3**
|
||||
*/}}
|
||||
{{- define "common.capabilities.supportsHelmVersion" -}}
|
||||
{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -1,18 +0,0 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Kubernetes standard labels
|
||||
*/}}
|
||||
{{- define "common.labels.standard" -}}
|
||||
app.kubernetes.io/name: {{ include "common.names.name" . }}
|
||||
helm.sh/chart: {{ include "common.names.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
|
||||
*/}}
|
||||
{{- define "common.labels.matchLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "common.names.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
@@ -1,32 +0,0 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "common.names.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "common.names.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "common.names.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -35,6 +35,6 @@ spec:
|
||||
requests:
|
||||
storage: {{ required (printf "size is required for PVC %v" $pvcName) $values.size | quote }}
|
||||
{{- if $values.storageClass }}
|
||||
storageClassName: {{ if (eq "-" $values.storageClass) }}""{{- else }}{{ $values.storageClass | quote }}{{- end }}
|
||||
storageClassName: {{ include "common.storage.class" . }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{{/*
|
||||
Renders the additioanl authForward objects from appAuthForward
|
||||
*/}}
|
||||
{{- define "common.custom.classes.appAuthForward" -}}
|
||||
{{- define "common.classes.appAuthForward" -}}
|
||||
{{- /* Generate TrueNAS SCALE app services as required v1 */ -}}
|
||||
{{- $values := .Values.appIngress -}}
|
||||
{{- if hasKey . "ObjectValues" -}}
|
||||
@@ -2,7 +2,7 @@
|
||||
This template serves as a blueprint for all appIngress objects that are created
|
||||
within the common library.
|
||||
*/}}
|
||||
{{- define "common.custom.classes.appIngressHTTP" -}}
|
||||
{{- define "common.classes.appIngressHTTP" -}}
|
||||
{{- $values := .Values.appIngress -}}
|
||||
{{- if hasKey . "ObjectValues" -}}
|
||||
{{- with .ObjectValues.appIngress -}}
|
||||
@@ -47,8 +47,11 @@ spec:
|
||||
- {{ .host | quote }}
|
||||
{{- end }}
|
||||
{{- if eq $values.certType "selfsigned" -}}
|
||||
secretName:
|
||||
{{ else if eq $values.certType "existingcert" }}
|
||||
secretName: {{ $values.existingcert }}
|
||||
{{ else if eq $values.certType "ixcert" }}
|
||||
secretName: {{ include "common.names.fullname" . }}-ix-cert
|
||||
{{ else if eq $values.certType "wildcard" }}
|
||||
secretName: wildcardcert
|
||||
{{ else }}
|
||||
@@ -2,7 +2,7 @@
|
||||
This template serves as a blueprint for all appIngressTCP objects that are created
|
||||
within the common library.
|
||||
*/}}
|
||||
{{- define "common.custom.classes.appIngressTCP" -}}
|
||||
{{- define "common.classes.appIngressTCP" -}}
|
||||
{{- $values := .Values.appIngress -}}
|
||||
{{- if hasKey . "ObjectValues" -}}
|
||||
{{- with .ObjectValues.appIngress -}}
|
||||
@@ -48,8 +48,11 @@ spec:
|
||||
- {{ .host | quote }}
|
||||
{{- end }}
|
||||
{{- if eq $values.certType "selfsigned" -}}
|
||||
secretName:
|
||||
{{ else if eq $values.certType "existingcert" }}
|
||||
secretName: {{ $values.existingcert }}
|
||||
{{ else if eq $values.certType "ixcert" }}
|
||||
secretName: {{ include "common.names.fullname" . }}-ix-cert
|
||||
{{ else if eq $values.certType "wildcard" }}
|
||||
secretName: wildcardcert
|
||||
{{ else }}
|
||||
@@ -2,7 +2,7 @@
|
||||
This template serves as a blueprint for all appIngressTCP objects that are created
|
||||
within the common library.
|
||||
*/}}
|
||||
{{- define "common.custom.classes.appIngressUDP" -}}
|
||||
{{- define "common.classes.appIngressUDP" -}}
|
||||
{{- $values := .Values.appIngress -}}
|
||||
{{- if hasKey . "ObjectValues" -}}
|
||||
{{- with .ObjectValues.appIngress -}}
|
||||
@@ -1,3 +1,5 @@
|
||||
## Currently only used as Bitnami Compatibility layer, may want to integrate more later
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/*
|
||||
@@ -1,3 +1,6 @@
|
||||
## Currently only used as Bitnami compatibility Layer, needs more integration during the Ingress integration project.
|
||||
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/*
|
||||
@@ -1,3 +1,4 @@
|
||||
## Currently only used as Bitnami Compatibility layer, may want to integrate more later
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Generate secret name.
|
||||
@@ -1,3 +1,5 @@
|
||||
## Currently only used as Bitnami Compatibility layer, may want to integrate more later
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Renders a value that contains template.
|
||||
@@ -69,7 +69,9 @@ Return the appropriate apiVersion for Ingress objects.
|
||||
*/}}
|
||||
|
||||
{{- define "common.capabilities.ingress.apiVersion" -}}
|
||||
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
{{- if .Values.ingress.apiVersion -}}
|
||||
{{- .Values.ingress.apiVersion -}}
|
||||
{{- else if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
{{- print "extensions/v1beta1" -}}
|
||||
{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
{{- print "networking.k8s.io/v1beta1" -}}
|
||||
@@ -90,3 +92,37 @@ Waiting on https://github.com/helm/helm/pull/8608
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
*/}}
|
||||
|
||||
{{/*
|
||||
Return the appropriate apiVersion for RBAC resources.
|
||||
*/}}
|
||||
{{- define "common.capabilities.rbac.apiVersion" -}}
|
||||
{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
|
||||
{{- else -}}
|
||||
{{- print "rbac.authorization.k8s.io/v1" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the appropriate apiVersion for CRDs.
|
||||
*/}}
|
||||
{{- define "common.capabilities.crd.apiVersion" -}}
|
||||
{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- print "apiextensions.k8s.io/v1beta1" -}}
|
||||
{{- else -}}
|
||||
{{- print "apiextensions.k8s.io/v1" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Returns true if the used Helm version is 3.3+.
|
||||
A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure.
|
||||
This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error.
|
||||
**To be removed when the catalog's minimun Helm version is 3.3**
|
||||
*/}}
|
||||
{{- define "common.capabilities.supportsHelmVersion" -}}
|
||||
{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -12,7 +12,11 @@ Return the proper image name
|
||||
{{- $registryName = .global.imageRegistry -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if $registryName }}
|
||||
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s:%s" $repositoryName $tag -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
@@ -17,3 +17,21 @@ Selector labels shared across objects.
|
||||
app.kubernetes.io/name: {{ include "common.names.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
## Bitnami Compatibility links
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Kubernetes standard labels
|
||||
*/}}
|
||||
{{- define "common.labels.standard" -}}
|
||||
{{ include "common.labels" . }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
|
||||
*/}}
|
||||
{{- define "common.labels.matchLabels" -}}
|
||||
{{ include "common.labels.selectorLabels" . }}
|
||||
{{- end -}}
|
||||
|
||||
@@ -1,9 +1,10 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "common.names.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
@@ -11,17 +12,18 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "common.names.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
|
||||
@@ -1,3 +1,6 @@
|
||||
## We might want to include more repositories in this warnings
|
||||
## This is mostly used to prevent chart maintainers using "latest" when version is available
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Warning about using rolling tag.
|
||||
@@ -3,7 +3,8 @@ The main container included in the controller.
|
||||
*/ -}}
|
||||
{{- define "common.controller.mainContainer" -}}
|
||||
- name: {{ include "common.names.fullname" . }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||
image: "{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}"
|
||||
{{ include "common.warnings.rollingTag" .Values.image }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
{{- with .Values.command }}
|
||||
command: {{ . }}
|
||||
@@ -64,7 +65,7 @@ The main container included in the controller.
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- include "common.custom.configuredAppVolumeMounts" . | indent 2 }}
|
||||
{{- include "common.storage.configuredAppVolumeMounts" . | indent 2 }}
|
||||
{{- if .Values.additionalVolumeMounts }}
|
||||
{{- toYaml .Values.additionalVolumeMounts | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -25,7 +25,7 @@ Volumes included by the controller.
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- include "common.custom.configuredAppVolumes" . }}
|
||||
{{- include "common.storage.configuredAppVolumes" . }}
|
||||
{{- if .Values.additionalVolumes }}
|
||||
{{- toYaml .Values.additionalVolumes | nindent 0 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{{/*
|
||||
Renders the additioanl Service objects from appAdditionalServices
|
||||
*/}}
|
||||
{{- define "common.custom.appService" -}}
|
||||
{{- define "common.appService" -}}
|
||||
{{- /* Generate TrueNAS SCALE app services as required v1 */ -}}
|
||||
{{- if and .Values.appAdditionalServicesEnabled .Values.appAdditionalServices -}}
|
||||
{{- range $name, $srv := .Values.appAdditionalServices }}
|
||||
@@ -1,7 +1,7 @@
|
||||
{{/*
|
||||
Renders the additional ingress objects from appIngress
|
||||
*/}}
|
||||
{{- define "common.custom.appIngress" -}}
|
||||
{{- define "common.appIngress" -}}
|
||||
{{- /* Generate TrueNAS SCALE app services as required v1 */ -}}
|
||||
{{- if .Values.appIngress -}}
|
||||
{{- range $name, $ingr := .Values.appIngress }}
|
||||
@@ -14,19 +14,19 @@ Renders the additional ingress objects from appIngress
|
||||
{{- $_ := set $ "ObjectValues" (dict "appIngress" $ingressValues) -}}
|
||||
{{- if $ingressValues.type -}}
|
||||
{{- if eq $ingressValues.type "UDP" -}}
|
||||
{{- include "common.custom.classes.appIngressUDP" $ }}
|
||||
{{- include "common.classes.appIngressUDP" $ }}
|
||||
{{- else if eq $ingressValues.type "TCP" -}}
|
||||
{{- include "common.custom.classes.appIngressTCP" $ }}
|
||||
{{- include "common.classes.appIngressTCP" $ }}
|
||||
{{- else }}
|
||||
{{- include "common.custom.classes.appIngressHTTP" $ }}
|
||||
{{- include "common.classes.appIngressHTTP" $ }}
|
||||
{{- if $ingressValues.authForwardURL }}
|
||||
{{- include "common.custom.classes.appAuthForward" $ }}
|
||||
{{- include "common.classes.appAuthForward" $ }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
{{- include "common.custom.classes.appIngressHTTP" $ }}
|
||||
{{- include "common.classes.appIngressHTTP" $ }}
|
||||
{{- if $ingressValues.authForwardURL }}
|
||||
{{- include "common.custom.classes.appAuthForward" $ }}
|
||||
{{- include "common.classes.appAuthForward" $ }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
32
library/common/templates/lib/resources/_certHelpers.tpl
Normal file
32
library/common/templates/lib/resources/_certHelpers.tpl
Normal file
@@ -0,0 +1,32 @@
|
||||
{{/*
|
||||
Retrieve true/false if certificate is configured
|
||||
*/}}
|
||||
{{- define "common.resources.cert.available" -}}
|
||||
{{- if .Values.certificate -}}
|
||||
{{- $values := (. | mustDeepCopy) -}}
|
||||
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
|
||||
{{- template "common.resources.cert_present" $values -}}
|
||||
{{- else -}}
|
||||
{{- false -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Retrieve public key of certificate
|
||||
*/}}
|
||||
{{- define "common.resources.cert.publicKey" -}}
|
||||
{{- $values := (. | mustDeepCopy) -}}
|
||||
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}}
|
||||
{{ include "common.resources.cert" $values }}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Retrieve private key of certificate
|
||||
*/}}
|
||||
{{- define "common.resources.cert.privateKey" -}}
|
||||
{{- $values := (. | mustDeepCopy) -}}
|
||||
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
|
||||
{{ include "common.resources.cert" $values }}
|
||||
{{- end -}}
|
||||
14
library/common/templates/lib/resources/_certSecret.yaml
Normal file
14
library/common/templates/lib/resources/_certSecret.yaml
Normal file
@@ -0,0 +1,14 @@
|
||||
{{- define "common.resources.cert.secret" -}}
|
||||
{{ if eq (include "common.resources.cert.available" .) "true" }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}-ix-cert
|
||||
labels: {{ include "common.labels" . | nindent 4 }}
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
tls.crt: {{ (include "common.resources.cert.publicKey" .) | toString | b64enc | quote }}
|
||||
tls.key: {{ (include "common.resources.cert.privateKey" .) | toString | b64enc | quote }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
24
library/common/templates/lib/resources/_certs.tpl
Normal file
24
library/common/templates/lib/resources/_certs.tpl
Normal file
@@ -0,0 +1,24 @@
|
||||
{{/*
|
||||
Retrieve true/false if certificate is available in ixCertificates
|
||||
*/}}
|
||||
{{- define "common.resources.cert_present" -}}
|
||||
{{- $values := . -}}
|
||||
{{- hasKey $values.Values.ixCertificates ($values.commonCertOptions.certKeyName | toString) -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Retrieve certificate from variable name
|
||||
*/}}
|
||||
{{- define "common.resources.cert" -}}
|
||||
{{- $values := . -}}
|
||||
{{- $certKey := ($values.commonCertOptions.certKeyName | toString) -}}
|
||||
{{- if hasKey $values.Values.ixCertificates $certKey -}}
|
||||
{{- $cert := get $values.Values.ixCertificates $certKey -}}
|
||||
{{- if $values.commonCertOptions.publicKey -}}
|
||||
{{ $cert.certificate }}
|
||||
{{- else -}}
|
||||
{{ $cert.privatekey }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -1,19 +1,7 @@
|
||||
{{/*
|
||||
Retrieve host path from ix volumes based on dataset name
|
||||
*/}}
|
||||
{{- define "common.custom.retrieveHostPathFromiXVolume" -}}
|
||||
{{- range $index, $hostPathConfiguration := $.ixVolumes }}
|
||||
{{- $dsName := base $hostPathConfiguration.hostPath -}}
|
||||
{{- if eq $.datasetName $dsName -}}
|
||||
{{- $hostPathConfiguration.hostPath -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Define appVolumeMounts for container
|
||||
*/}}
|
||||
{{- define "common.custom.configuredAppVolumeMounts" -}}
|
||||
{{- define "common.storage.configuredAppVolumeMounts" -}}
|
||||
{{- if .Values.appVolumeMounts }}
|
||||
{{- range $name, $avm := .Values.appVolumeMounts -}}
|
||||
{{- if $avm.enabled }}
|
||||
@@ -30,7 +18,7 @@ Define appVolumeMounts for container
|
||||
{{/*
|
||||
Define hostPath for appVolumes
|
||||
*/}}
|
||||
{{- define "common.custom.configuredAppVolumes" -}}
|
||||
{{- define "common.storage.configuredAppVolumes" -}}
|
||||
{{- if .Values.appVolumeMounts }}
|
||||
{{- range $name, $av := .Values.appVolumeMounts -}}
|
||||
{{- if $av.enabled }}
|
||||
@@ -43,7 +31,7 @@ Define hostPath for appVolumes
|
||||
path: {{ required "hostPath not set" $av.hostPath }}
|
||||
{{- else }}
|
||||
{{- $volDict := dict "datasetName" $av.datasetName "ixVolumes" $.Values.ixVolumes -}}
|
||||
path: {{ include "common.custom.retrieveHostPathFromiXVolume" $volDict }}
|
||||
path: {{ include "common.storage.retrieveHostPathFromiXVolume" $volDict }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
11
library/common/templates/lib/storage/_ixVolumes.tpl
Normal file
11
library/common/templates/lib/storage/_ixVolumes.tpl
Normal file
@@ -0,0 +1,11 @@
|
||||
{{/*
|
||||
Retrieve host path from ix volumes based on dataset name
|
||||
*/}}
|
||||
{{- define "common.storage.retrieveHostPathFromiXVolume" -}}
|
||||
{{- range $index, $hostPathConfiguration := $.ixVolumes }}
|
||||
{{- $dsName := base $hostPathConfiguration.hostPath -}}
|
||||
{{- if eq $.datasetName $dsName -}}
|
||||
{{- $hostPathConfiguration.hostPath -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
@@ -2,7 +2,7 @@
|
||||
This template serves as the blueprint for the mountPermissions job that is run
|
||||
before chart installation.
|
||||
*/}}
|
||||
{{- define "common.custom.mountpermissions" -}}
|
||||
{{- define "common.storage.permissions" -}}
|
||||
{{- if and .Values.appVolumeMounts .Values.fixMountPermissions }}
|
||||
{{- range $name, $avm := .Values.appVolumeMounts -}}
|
||||
{{- if and $avm.enabled $avm.setPermissions}}
|
||||
@@ -14,7 +14,7 @@ before chart installation.
|
||||
{{ end -}}
|
||||
{{- $_ := set $ "ObjectValues" (dict "appVolumeMounts" $VMValues) -}}
|
||||
|
||||
{{ include "common.custom.mountpermissions.job" $ | nindent 0 }}
|
||||
{{ include "common.storage.permissions.job" $ | nindent 0 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -2,7 +2,7 @@
|
||||
This template serves as the blueprint for the mountPermissions job that is run
|
||||
before chart installation.
|
||||
*/}}
|
||||
{{- define "common.custom.mountpermissions.job" -}}
|
||||
{{- define "common.storage.permissions.job" -}}
|
||||
|
||||
{{- $values := .Values.appVolumeMounts -}}
|
||||
{{- if hasKey . "ObjectValues" -}}
|
||||
@@ -55,7 +55,7 @@ spec:
|
||||
#securityContext:
|
||||
#
|
||||
volumeMounts:
|
||||
{{- include "common.custom.configuredAppVolumeMounts" . | indent 12 }}
|
||||
{{- include "common.storage.configuredAppVolumeMounts" . | indent 12 }}
|
||||
{{- with (include "common.controller.volumes" . | trim) }}
|
||||
volumes:
|
||||
{{- . | nindent 8 }}
|
||||
Reference in New Issue
Block a user