Common part of Storage Part 2 (#344)
* Prepare Common for different permission schema * Don't use PGID for storage ownership in any case.
This commit is contained in:
committed by
GitHub
parent
df05cf8ce6
commit
d67ca77bae
@@ -38,36 +38,7 @@ class Test < ChartTest
|
||||
end
|
||||
end
|
||||
|
||||
describe 'startAsRoot' do
|
||||
it 'defaults to false = runAs 568' do
|
||||
jq('.spec.template.spec.securityContext.runAsUser', resource('Deployment')).must_equal 568
|
||||
jq('.spec.template.spec.securityContext.runAsGroup', resource('Deployment')).must_equal 568
|
||||
jq('.spec.template.spec.securityContext.fsGroup', resource('Deployment')).must_equal 568
|
||||
jq('.spec.template.spec.securityContext.runAsNonRoot', resource('Deployment')).must_equal true
|
||||
jq('.spec.template.spec.securityContext.supplementalGroups', resource('Deployment')).must_equal []
|
||||
end
|
||||
|
||||
it 'allow settingsupplementalGroups' do
|
||||
values = {
|
||||
supplementalGroups: "5,20"
|
||||
}
|
||||
chart.value values
|
||||
jq('.spec.template.spec.securityContext.runAsUser', resource('Deployment')).must_equal 568
|
||||
jq('.spec.template.spec.securityContext.runAsGroup', resource('Deployment')).must_equal 568
|
||||
jq('.spec.template.spec.securityContext.fsGroup', resource('Deployment')).must_equal 568
|
||||
jq('.spec.template.spec.securityContext.runAsNonRoot', resource('Deployment')).must_equal true
|
||||
jq('.spec.template.spec.securityContext.supplementalGroups', resource('Deployment')).must_equal [5,20]
|
||||
end
|
||||
|
||||
it 'can be enabled = runAs nil' do
|
||||
chart.value startAsRoot: true
|
||||
jq('.spec.template.spec.securityContext.runAsUser', resource('Deployment')).must_equal nil
|
||||
jq('.spec.template.spec.securityContext.runAsGroup', resource('Deployment')).must_equal nil
|
||||
jq('.spec.template.spec.securityContext.runAsNonRoot', resource('Deployment')).must_equal nil
|
||||
jq('.spec.template.spec.securityContext.fsGroup', resource('Deployment')).must_equal nil
|
||||
jq('.spec.template.spec.securityContext.supplementalGroups', resource('Deployment')).must_equal nil
|
||||
end
|
||||
end
|
||||
|
||||
describe 'hostNetwork' do
|
||||
it ' hostnetworking default = nil' do
|
||||
@@ -277,43 +248,43 @@ class Test < ChartTest
|
||||
end
|
||||
end
|
||||
|
||||
describe 'appVolumeMounts' do
|
||||
default_name_1 = 'test1'
|
||||
default_name_2 = 'test2'
|
||||
describe 'deviceMounts' do
|
||||
default_name_1 = 'devicemount-test1'
|
||||
default_name_2 = 'devicemount-test2'
|
||||
default_mountPath_1 = '/test1'
|
||||
default_mountPath_2 = '/test2'
|
||||
empty_dir = {}
|
||||
path = '/tmp'
|
||||
|
||||
it 'appVolumeMounts creates VolumeMounts' do
|
||||
it 'deviceMounts creates VolumeMounts' do
|
||||
jq('.spec.template.spec.containers[0].volumeMounts[0].name', resource('Deployment')).must_equal default_name_1
|
||||
jq('.spec.template.spec.containers[0].volumeMounts[1].name', resource('Deployment')).must_equal default_name_2
|
||||
jq('.spec.template.spec.containers[0].volumeMounts[0].mountPath', resource('Deployment')).must_equal default_mountPath_1
|
||||
jq('.spec.template.spec.containers[0].volumeMounts[1].mountPath', resource('Deployment')).must_equal default_mountPath_2
|
||||
end
|
||||
|
||||
it 'appVolumeMounts creates Volumes' do
|
||||
it 'deviceMounts creates Volumes' do
|
||||
jq('.spec.template.spec.volumes[0].emptyDir', resource('Deployment')).must_equal empty_dir
|
||||
jq('.spec.template.spec.volumes[1].hostPath.path', resource('Deployment')).must_equal path
|
||||
end
|
||||
end
|
||||
|
||||
describe 'additionalAppVolumeMounts' do
|
||||
default_name_3 = 'test3'
|
||||
default_name_4 = 'test4'
|
||||
describe 'customStorage' do
|
||||
default_name_3 = 'customstorage-test3'
|
||||
default_name_4 = 'customstorage-test4'
|
||||
default_mountPath_3 = '/test3'
|
||||
default_mountPath_4 = '/test4'
|
||||
empty_dir = {}
|
||||
path = '/tmp'
|
||||
|
||||
it 'additionalAppVolumeMounts creates VolumeMounts' do
|
||||
it 'customStorage creates VolumeMounts' do
|
||||
jq('.spec.template.spec.containers[0].volumeMounts[2].name', resource('Deployment')).must_equal default_name_3
|
||||
jq('.spec.template.spec.containers[0].volumeMounts[3].name', resource('Deployment')).must_equal default_name_4
|
||||
jq('.spec.template.spec.containers[0].volumeMounts[2].mountPath', resource('Deployment')).must_equal default_mountPath_3
|
||||
jq('.spec.template.spec.containers[0].volumeMounts[3].mountPath', resource('Deployment')).must_equal default_mountPath_4
|
||||
end
|
||||
|
||||
it 'additionalAppVolumeMounts creates Volumes' do
|
||||
it 'customStorage creates Volumes' do
|
||||
jq('.spec.template.spec.volumes[2].emptyDir', resource('Deployment')).must_equal empty_dir
|
||||
jq('.spec.template.spec.volumes[3].hostPath.path', resource('Deployment')).must_equal path
|
||||
end
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
{{- include "common.notes.defaultNotes" . -}}
|
||||
@@ -56,35 +56,27 @@ additionalIngress:
|
||||
|
||||
# these values and names are set specifically with the unittests in mind.
|
||||
fixMountPermissions: false
|
||||
appVolumeMounts:
|
||||
deviceMounts:
|
||||
test1:
|
||||
enabled: true
|
||||
emptyDir: true
|
||||
datasetName: "test1"
|
||||
mountPath: "/test1"
|
||||
hostPathEnabled: false
|
||||
hostPath: ""
|
||||
hostPath: "/tmp"
|
||||
test2:
|
||||
enabled: true
|
||||
emptyDir: false
|
||||
datasetName: "test2"
|
||||
mountPath: "/test2"
|
||||
hostPathEnabled: true
|
||||
hostPath: "/tmp"
|
||||
|
||||
# these values and names are set specifically with the unittests in mind.
|
||||
additionalAppVolumeMounts:
|
||||
customStorage:
|
||||
- name: "test3"
|
||||
enabled: true
|
||||
emptyDir: true
|
||||
datasetName: "test3"
|
||||
mountPath: "/test3"
|
||||
hostPathEnabled: false
|
||||
hostPath: ""
|
||||
- name: "test4"
|
||||
enabled: true
|
||||
emptyDir: false
|
||||
datasetName: "test4"
|
||||
mountPath: "/test4"
|
||||
hostPathEnabled: true
|
||||
hostPath: "/tmp"
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
apiVersion: v2
|
||||
kubeVersion: ">=1.16.0-0"
|
||||
name: common
|
||||
version: 2.2.2
|
||||
version: 3.0.0
|
||||
# upstream_version:
|
||||
appVersion: none
|
||||
description: Function library for TrueCharts
|
||||
|
||||
@@ -1,22 +1,3 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
`SPDX-License-Identifier: Apache-2.0`
|
||||
|
||||
This file is considered to be modified by the TrueCharts Project.
|
||||
*/}}
|
||||
|
||||
|
||||
{{/*
|
||||
Main entrypoint for the common library chart. It will render all underlying templates based on the provided values.
|
||||
*/}}
|
||||
|
||||
@@ -1,40 +0,0 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
`SPDX-License-Identifier: Apache-2.0`
|
||||
|
||||
This file is considered to be modified by the TrueCharts Project.
|
||||
*/}}
|
||||
|
||||
{{/*
|
||||
Default NOTES.txt content.
|
||||
*/}}
|
||||
{{- define "common.notes.defaultNotes" -}}
|
||||
{{- $svcPort := .Values.services.main.port.port -}}
|
||||
echo "use your Ingress URL to connect or find the application URL by running these commands:"
|
||||
|
||||
{{- if contains "NodePort" .Values.services.main.type }}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo http://$NODE_IP:$NODE_PORT
|
||||
{{- else if contains "LoadBalancer" .Values.services.main.type }}
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
You can watch the status of by running 'kubectl get svc -w {{ include "common.names.fullname" . }}'
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
|
||||
echo http://$SERVICE_IP:{{ $svcPort }}
|
||||
{{- else if contains "ClusterIP" .Values.services.main.type }}
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||
echo "Visit http://127.0.0.1:8080 to use your application"
|
||||
kubectl port-forward $POD_NAME 8080:{{ $svcPort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -33,19 +33,4 @@ of all the entries of the persistence key.
|
||||
{{- include "common.classes.pvc" $ -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
This is kept seperate, to enable us ot add "persistence" to questions.yaml and keep this out of it
|
||||
*/}}
|
||||
{{- range $index, $PVC := .Values.backupPersistence }}
|
||||
{{- if and $PVC.enabled (not (or $PVC.emptyDir $PVC.existingClaim)) -}}
|
||||
{{- $persistenceValues := $PVC -}}
|
||||
{{- if not $persistenceValues.nameSuffix -}}
|
||||
{{- $_ := set $persistenceValues "nameSuffix" "buildinBackup" -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set $ "ObjectValues" (dict "persistence" $persistenceValues) -}}
|
||||
{{- print ("---") | nindent 0 -}}
|
||||
{{- include "common.classes.pvc" $ -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,21 +1,3 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
`SPDX-License-Identifier: Apache-2.0`
|
||||
|
||||
This file is considered to be modified by the TrueCharts Project.
|
||||
*/}}
|
||||
|
||||
{{/*
|
||||
The ServiceAccount object to be created.
|
||||
*/}}
|
||||
|
||||
@@ -1,114 +0,0 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
`SPDX-License-Identifier: Apache-2.0`
|
||||
|
||||
This file is considered to be modified by the TrueCharts Project.
|
||||
*/}}
|
||||
|
||||
{{/* Currently only used as Bitnami Compatibility layer, may want to integrate more later */}}
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/*
|
||||
Return a soft nodeAffinity definition
|
||||
{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
|
||||
*/}}
|
||||
{{- define "common.affinities.nodes.soft" -}}
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- preference:
|
||||
matchExpressions:
|
||||
- key: {{ .key }}
|
||||
operator: In
|
||||
values:
|
||||
{{- range .values }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
weight: 1
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return a hard nodeAffinity definition
|
||||
{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
|
||||
*/}}
|
||||
{{- define "common.affinities.nodes.hard" -}}
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: {{ .key }}
|
||||
operator: In
|
||||
values:
|
||||
{{- range .values }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return a nodeAffinity definition
|
||||
{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
|
||||
*/}}
|
||||
{{- define "common.affinities.nodes" -}}
|
||||
{{- if eq .type "soft" }}
|
||||
{{- include "common.affinities.nodes.soft" . -}}
|
||||
{{- else if eq .type "hard" }}
|
||||
{{- include "common.affinities.nodes.hard" . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return a soft podAffinity/podAntiAffinity definition
|
||||
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "context" $) -}}
|
||||
*/}}
|
||||
{{- define "common.affinities.pods.soft" -}}
|
||||
{{- $component := default "" .component -}}
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- podAffinityTerm:
|
||||
labelSelector:
|
||||
matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }}
|
||||
{{- if not (empty $component) }}
|
||||
{{ printf "app.kubernetes.io/component: %s" $component }}
|
||||
{{- end }}
|
||||
namespaces:
|
||||
- {{ .context.Release.Namespace | quote }}
|
||||
topologyKey: kubernetes.io/hostname
|
||||
weight: 1
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return a hard podAffinity/podAntiAffinity definition
|
||||
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "context" $) -}}
|
||||
*/}}
|
||||
{{- define "common.affinities.pods.hard" -}}
|
||||
{{- $component := default "" .component -}}
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }}
|
||||
{{- if not (empty $component) }}
|
||||
{{ printf "app.kubernetes.io/component: %s" $component }}
|
||||
{{- end }}
|
||||
namespaces:
|
||||
- {{ .context.Release.Namespace | quote }}
|
||||
topologyKey: kubernetes.io/hostname
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return a podAffinity/podAntiAffinity definition
|
||||
{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
|
||||
*/}}
|
||||
{{- define "common.affinities.pods" -}}
|
||||
{{- if eq .type "soft" }}
|
||||
{{- include "common.affinities.pods.soft" . -}}
|
||||
{{- else if eq .type "hard" }}
|
||||
{{- include "common.affinities.pods.hard" . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -1,63 +0,0 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
`SPDX-License-Identifier: Apache-2.0`
|
||||
|
||||
This file is considered to be modified by the TrueCharts Project.
|
||||
*/}}
|
||||
|
||||
{{/* Currently only used as Bitnami compatibility Layer, needs more integration during the Ingress integration project. */}}
|
||||
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/*
|
||||
Generate backend entry that is compatible with all Kubernetes API versions.
|
||||
|
||||
Usage:
|
||||
{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }}
|
||||
|
||||
Params:
|
||||
- serviceName - String. Name of an existing service backend
|
||||
- servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer.
|
||||
- context - Dict - Required. The context for the template evaluation.
|
||||
*/}}
|
||||
{{- define "common.ingress.backend" -}}
|
||||
{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}}
|
||||
{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}}
|
||||
serviceName: {{ .serviceName }}
|
||||
servicePort: {{ .servicePort }}
|
||||
{{- else -}}
|
||||
service:
|
||||
name: {{ .serviceName }}
|
||||
port:
|
||||
{{- if typeIs "string" .servicePort }}
|
||||
name: {{ .servicePort }}
|
||||
{{- else if typeIs "int" .servicePort }}
|
||||
number: {{ .servicePort }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Print "true" if the API pathType field is supported
|
||||
Usage:
|
||||
{{ include "common.ingress.supportsPathType" . }}
|
||||
*/}}
|
||||
{{- define "common.ingress.supportsPathType" -}}
|
||||
{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}}
|
||||
{{- print "false" -}}
|
||||
{{- else -}}
|
||||
{{- print "true" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -1,148 +0,0 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
`SPDX-License-Identifier: Apache-2.0`
|
||||
|
||||
This file is considered to be modified by the TrueCharts Project.
|
||||
*/}}
|
||||
|
||||
{{/* Currently only used as Bitnami Compatibility layer, may want to integrate more later */}}
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Generate secret name.
|
||||
|
||||
Usage:
|
||||
{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }}
|
||||
|
||||
Params:
|
||||
- existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
|
||||
to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
|
||||
+info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret
|
||||
- defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment.
|
||||
- context - Dict - Required. The context for the template evaluation.
|
||||
*/}}
|
||||
{{- define "common.secrets.name" -}}
|
||||
{{- $name := (include "common.names.fullname" .context) -}}
|
||||
|
||||
{{- if .defaultNameSuffix -}}
|
||||
{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- with .existingSecret -}}
|
||||
{{- if not (typeIs "string" .) -}}
|
||||
{{- with .name -}}
|
||||
{{- $name = . -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- $name = . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- printf "%s" $name -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Generate secret key.
|
||||
|
||||
Usage:
|
||||
{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }}
|
||||
|
||||
Params:
|
||||
- existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
|
||||
to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
|
||||
+info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret
|
||||
- key - String - Required. Name of the key in the secret.
|
||||
*/}}
|
||||
{{- define "common.secrets.key" -}}
|
||||
{{- $key := .key -}}
|
||||
|
||||
{{- if .existingSecret -}}
|
||||
{{- if not (typeIs "string" .existingSecret) -}}
|
||||
{{- if .existingSecret.keyMapping -}}
|
||||
{{- $key = index .existingSecret.keyMapping $.key -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{- printf "%s" $key -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Generate secret password or retrieve one if already created.
|
||||
|
||||
Usage:
|
||||
{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }}
|
||||
|
||||
Params:
|
||||
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
|
||||
- key - String - Required - Name of the key in the secret.
|
||||
- providedValues - List<String> - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
|
||||
- length - int - Optional - Length of the generated random password.
|
||||
- strong - Boolean - Optional - Whether to add symbols to the generated random password.
|
||||
- chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
|
||||
- context - Context - Required - Parent context.
|
||||
*/}}
|
||||
{{- define "common.secrets.passwords.manage" -}}
|
||||
|
||||
{{- $password := "" }}
|
||||
{{- $subchart := "" }}
|
||||
{{- $chartName := default "" .chartName }}
|
||||
{{- $passwordLength := default 10 .length }}
|
||||
{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
|
||||
{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }}
|
||||
{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }}
|
||||
{{- if $secret }}
|
||||
{{- if index $secret.data .key }}
|
||||
{{- $password = index $secret.data .key }}
|
||||
{{- end -}}
|
||||
{{- else if $providedPasswordValue }}
|
||||
{{- $password = $providedPasswordValue | toString | b64enc | quote }}
|
||||
{{- else }}
|
||||
|
||||
{{- if .context.Values.enabled }}
|
||||
{{- $subchart = $chartName }}
|
||||
{{- end -}}
|
||||
|
||||
{{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}}
|
||||
{{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}}
|
||||
{{- $passwordValidationErrors := list $requiredPasswordError -}}
|
||||
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}}
|
||||
|
||||
{{- if .strong }}
|
||||
{{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
|
||||
{{- $password = randAscii $passwordLength }}
|
||||
{{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
|
||||
{{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
|
||||
{{- else }}
|
||||
{{- $password = randAlphaNum $passwordLength | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- printf "%s" $password -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Returns whether a previous generated secret already exists
|
||||
|
||||
Usage:
|
||||
{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }}
|
||||
|
||||
Params:
|
||||
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
|
||||
- context - Context - Required - Parent context.
|
||||
*/}}
|
||||
{{- define "common.secrets.exists" -}}
|
||||
{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }}
|
||||
{{- if $secret }}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -1,33 +0,0 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
`SPDX-License-Identifier: Apache-2.0`
|
||||
|
||||
This file is considered to be modified by the TrueCharts Project.
|
||||
*/}}
|
||||
|
||||
{{/* Currently only used as Bitnami Compatibility layer, may want to integrate more later */}}
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Renders a value that contains template.
|
||||
Usage:
|
||||
{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
|
||||
*/}}
|
||||
{{- define "common.tplvalues.render" -}}
|
||||
{{- if typeIs "string" .value }}
|
||||
{{- tpl .value .context }}
|
||||
{{- else }}
|
||||
{{- tpl (.value | toYaml) .context }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
@@ -1,37 +0,0 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
`SPDX-License-Identifier: Apache-2.0`
|
||||
|
||||
This file is considered to be modified by the TrueCharts Project.
|
||||
*/}}
|
||||
|
||||
{{/*
|
||||
## We might want to include more repositories in this warnings
|
||||
## This is mostly used to prevent chart maintainers using "latest" when version is available
|
||||
*/}}
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Warning about using rolling tag.
|
||||
Usage:
|
||||
{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }}
|
||||
*/}}
|
||||
{{- define "common.warnings.rollingTag" -}}
|
||||
|
||||
{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
|
||||
WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
|
||||
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
|
||||
{{- end }}
|
||||
|
||||
{{- end -}}
|
||||
@@ -23,7 +23,6 @@ The main container included in the controller.
|
||||
{{- define "common.controller.mainContainer" -}}
|
||||
- name: {{ include "common.names.fullname" . }}
|
||||
image: "{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}"
|
||||
{{ include "common.warnings.rollingTag" .Values.image }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
{{- with .Values.command }}
|
||||
command: {{ . }}
|
||||
@@ -74,29 +73,13 @@ The main container included in the controller.
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- include "common.controller.ports" . | trim | nindent 2 }}
|
||||
|
||||
{{- with (include "common.controller.volumeMounts" . | trim) }}
|
||||
volumeMounts:
|
||||
{{- range $index, $PVC := .Values.persistence }}
|
||||
{{- if and ( $PVC.enabled ) ( $PVC.mountPath ) }}
|
||||
- mountPath: {{ $PVC.mountPath }}
|
||||
name: {{ $index }}
|
||||
{{- if $PVC.subPath }}
|
||||
subPath: {{ $PVC.subPath }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{ include "common.storage.allContainerVolumeMounts" . | nindent 2 }}
|
||||
{{- if .Values.additionalVolumeMounts }}
|
||||
{{- toYaml .Values.additionalVolumeMounts | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.controllerType "statefulset" }}
|
||||
{{- range $index, $vct := .Values.volumeClaimTemplates }}
|
||||
- mountPath: {{ $vct.mountPath }}
|
||||
name: {{ $vct.name }}
|
||||
{{- if $vct.subPath }}
|
||||
subPath: {{ $vct.subPath }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- . | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{- include "common.controller.probes" . | nindent 2 }}
|
||||
resources:
|
||||
{{- with .Values.resources }}
|
||||
|
||||
@@ -1,22 +1,3 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
`SPDX-License-Identifier: Apache-2.0`
|
||||
|
||||
This file is considered to be modified by the TrueCharts Project.
|
||||
*/}}
|
||||
|
||||
|
||||
{{- /*
|
||||
The pod definition included in the controller.
|
||||
*/ -}}
|
||||
@@ -26,16 +7,8 @@ imagePullSecrets:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "common.names.serviceAccountName" . }}
|
||||
securityContext:
|
||||
{{- if not .Values.startAsRoot }}
|
||||
runAsUser: {{ .Values.PUID }}
|
||||
runAsGroup: {{ .Values.PGID }}
|
||||
fsGroup: {{ .Values.PGID }}
|
||||
# 5=tty 20=dailout 24=cdrom 44=video 107=render
|
||||
supplementalGroups: [{{- .Values.supplementalGroups }}]
|
||||
runAsNonRoot: true
|
||||
{{- end }}
|
||||
{{- with .Values.podSecurityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.priorityClassName }}
|
||||
|
||||
59
library/common/templates/lib/controller/_volumeMounts.tpl
Normal file
59
library/common/templates/lib/controller/_volumeMounts.tpl
Normal file
@@ -0,0 +1,59 @@
|
||||
|
||||
{{/*
|
||||
Volumes included by the controller.
|
||||
*/}}
|
||||
{{- define "common.controller.volumeMounts" -}}
|
||||
{{- range $index, $PVC := .Values.persistence }}
|
||||
{{- if and ( $PVC.enabled ) ( $PVC.mountPath ) }}
|
||||
- mountPath: {{ $PVC.mountPath }}
|
||||
name: {{ $index }}
|
||||
{{- if $PVC.subPath }}
|
||||
subPath: {{ $PVC.subPath }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{ range $name, $dmm := .Values.deviceMounts }}
|
||||
{{- if $dmm.enabled -}}
|
||||
{{ if $dmm.name }}
|
||||
{{ $name = $dmm.name }}
|
||||
{{ end }}
|
||||
- name: devicemount-{{ $name }}
|
||||
mountPath: {{ $dmm.mountPath }}
|
||||
{{ if $dmm.subPath }}
|
||||
subPath: {{ $dmm.subPath }}
|
||||
{{ end }}
|
||||
{{- end -}}
|
||||
{{ end }}
|
||||
|
||||
{{ range $name, $csm := .Values.customStorage }}
|
||||
{{- if $csm.enabled -}}
|
||||
{{ if $csm.name }}
|
||||
{{ $name = $csm.name }}
|
||||
{{ end }}
|
||||
- name: customstorage-{{ $name }}
|
||||
mountPath: {{ $csm.mountPath }}
|
||||
{{ if $csm.subPath }}
|
||||
subPath: {{ $csm.subPath }}
|
||||
{{ end }}
|
||||
{{- end -}}
|
||||
{{ end }}
|
||||
|
||||
|
||||
{{- if .Values.additionalVolumeMounts }}
|
||||
{{- toYaml .Values.additionalVolumeMounts | nindent 0 }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{- if eq .Values.controllerType "statefulset" }}
|
||||
{{- range $index, $vct := .Values.volumeClaimTemplates }}
|
||||
- mountPath: {{ $vct.mountPath }}
|
||||
name: {{ $vct.name }}
|
||||
{{- if $vct.subPath }}
|
||||
subPath: {{ $vct.subPath }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- end -}}
|
||||
@@ -46,7 +46,38 @@ Volumes included by the controller.
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{ include "common.storage.allAppVolumes" . | nindent 0 }}
|
||||
|
||||
{{- range $name, $dm := .Values.deviceMounts -}}
|
||||
{{ if $dm.enabled }}
|
||||
{{ if $dm.name }}
|
||||
{{ $name = $dm.name }}
|
||||
{{ end }}
|
||||
- name: devicemount-{{ $name }}
|
||||
{{ if $dm.emptyDir }}
|
||||
emptyDir: {}
|
||||
{{- else -}}
|
||||
hostPath:
|
||||
path: {{ required "hostPath not set" $dm.hostPath }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{- end -}}
|
||||
|
||||
{{- range $name, $cs := .Values.customStorage -}}
|
||||
{{ if $cs.enabled }}
|
||||
{{ if $cs.name }}
|
||||
{{ $name = $cs.name }}
|
||||
{{ end }}
|
||||
- name: customstorage-{{ $name }}
|
||||
{{ if $cs.emptyDir }}
|
||||
emptyDir: {}
|
||||
{{- else -}}
|
||||
hostPath:
|
||||
path: {{ required "hostPath not set" $cs.hostPath }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{- if .Values.additionalVolumes }}
|
||||
{{- toYaml .Values.additionalVolumes | nindent 0 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,76 +0,0 @@
|
||||
{{/*
|
||||
Define appVolumeMounts for container
|
||||
*/}}
|
||||
{{- define "common.storage.configureAppVolumeMountsInContainer" -}}
|
||||
{{ range $name, $avm := . }}
|
||||
{{- if $avm.enabled -}}
|
||||
{{ if $avm.name }}
|
||||
{{ $name = $avm.name }}
|
||||
{{ end }}
|
||||
- name: {{ $name }}
|
||||
mountPath: {{ $avm.mountPath }}
|
||||
{{ if $avm.subPath }}
|
||||
subPath: {{ $avm.subPath }}
|
||||
{{ end }}
|
||||
{{- end -}}
|
||||
{{ end }}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Define hostPath for appVolumes
|
||||
*/}}
|
||||
{{- define "common.storage.configureAppVolumes" -}}
|
||||
{{- range $name, $av := $.volMounts -}}
|
||||
{{ if $av.enabled }}
|
||||
{{ if $av.name }}
|
||||
{{ $name = $av.name }}
|
||||
{{ end }}
|
||||
- name: {{ $name }}
|
||||
{{ if $av.emptyDir }}
|
||||
emptyDir: {}
|
||||
{{- else -}}
|
||||
hostPath:
|
||||
{{ if $av.hostPathEnabled }}
|
||||
path: {{ required "hostPath not set" $av.hostPath }}
|
||||
{{ else }}
|
||||
{{- $ixVolDict := dict "datasetName" $av.datasetName "ixVolumes" $.ixVolumes -}}
|
||||
path: {{ include "common.storage.retrieveHostPathFromiXVolume" $ixVolDict }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Get all volumes configuration
|
||||
*/}}
|
||||
{{- define "common.storage.allAppVolumes" -}}
|
||||
|
||||
{{- $volDict := dict "volMounts" .Values.appVolumeMounts "ixVolumes" .Values.ixVolumes -}}
|
||||
{{- $volExtraDict := dict "volMounts" .Values.additionalAppVolumeMounts "ixVolumes" .Values.ixVolumes -}}
|
||||
|
||||
{{- if .Values.appVolumeMounts -}}
|
||||
{{- include "common.storage.configureAppVolumes" $volDict | nindent 0 -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.additionalAppVolumeMounts -}}
|
||||
{{- include "common.storage.configureAppVolumes" $volExtraDict | nindent 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Get all container volume moutns configuration
|
||||
*/}}
|
||||
{{- define "common.storage.allContainerVolumeMounts" -}}
|
||||
|
||||
{{- if .Values.appVolumeMounts -}}
|
||||
{{- include "common.storage.configureAppVolumeMountsInContainer" .Values.appVolumeMounts | nindent 0 -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.additionalAppVolumeMounts -}}
|
||||
{{- include "common.storage.configureAppVolumeMountsInContainer" .Values.additionalAppVolumeMounts | nindent 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
@@ -1,11 +0,0 @@
|
||||
{{/*
|
||||
Retrieve host path from ix volumes based on dataset name
|
||||
*/}}
|
||||
{{- define "common.storage.retrieveHostPathFromiXVolume" -}}
|
||||
{{- range $index, $hostPathConfiguration := $.ixVolumes }}
|
||||
{{- $dsName := base $hostPathConfiguration.hostPath -}}
|
||||
{{- if eq $.datasetName $dsName -}}
|
||||
{{- $hostPathConfiguration.hostPath -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
@@ -5,25 +5,7 @@ before chart installation.
|
||||
{{- define "common.storage.permissions" -}}
|
||||
{{- if .Values.fixMountPermissions }}
|
||||
|
||||
{{- if .Values.appVolumeMounts }}
|
||||
{{- range $name, $vm := .Values.appVolumeMounts -}}
|
||||
{{- if and $vm.enabled $vm.setPermissions}}
|
||||
{{- print "---" | nindent 0 -}}
|
||||
|
||||
{{- $VMValues := $vm -}}
|
||||
{{- if not $VMValues.nameSuffix -}}
|
||||
{{- $_ := set $VMValues "nameSuffix" $name -}}
|
||||
{{ end -}}
|
||||
{{- $_ := set $ "ObjectValues" (dict "appVolumeMounts" $VMValues) -}}
|
||||
|
||||
{{ include "common.storage.permissions.job" $ | nindent 0 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{- if .Values.additionalAppVolumeMounts }}
|
||||
{{- range $index, $avm := .Values.additionalAppVolumeMounts -}}
|
||||
{{- range $index, $avm := .Values.customStorage -}}
|
||||
{{- if and $avm.enabled $avm.setPermissions}}
|
||||
{{- print "---" | nindent 0 -}}
|
||||
|
||||
@@ -34,9 +16,69 @@ before chart installation.
|
||||
{{- $_ := set $ "ObjectValues" (dict "appVolumeMounts" $AVMValues) -}}
|
||||
|
||||
{{ include "common.storage.permissions.job" $ | nindent 0 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{- $values := .Values.appVolumeMounts -}}
|
||||
{{- if hasKey . "ObjectValues" -}}
|
||||
{{- with .ObjectValues.appVolumeMounts -}}
|
||||
{{- $values = . -}}
|
||||
{{- end -}}
|
||||
{{ end -}}
|
||||
{{- $JobName := include "common.names.fullname" . -}}
|
||||
{{- if hasKey $values "nameSuffix" -}}
|
||||
{{- $JobName = printf "%v-%v" $JobName $values.nameSuffix -}}
|
||||
{{ end -}}
|
||||
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ $JobName }}
|
||||
labels:
|
||||
{{- include "common.labels" . | nindent 4 }}
|
||||
{{- with .Values.controllerLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-weight": "-10"
|
||||
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
|
||||
{{- with .Values.controllerAnnotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
{{- with .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "common.labels.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: set-mount-permissions
|
||||
image: "alpine:3.3"
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- |
|
||||
chown -R{{ if eq .podSecurityContext.runAsNonRoot false }}{{ print .Values.PUID }}{{ else }}{{ print .podSecurityContext.runAsUser }}{{ end }}:{{ print .podSecurityContext.fsGroup }} {{ print $values.mountPath }}
|
||||
#args:
|
||||
#
|
||||
#securityContext:
|
||||
#
|
||||
volumeMounts:
|
||||
{{- include "common.controller.volumeMounts" . | indent 12 }}
|
||||
{{- with (include "common.controller.volumes" . | trim) }}
|
||||
volumes:
|
||||
{{- . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,63 +0,0 @@
|
||||
{{/*
|
||||
This template serves as the blueprint for the mountPermissions job that is run
|
||||
before chart installation.
|
||||
*/}}
|
||||
{{- define "common.storage.permissions.job" -}}
|
||||
|
||||
{{- $values := .Values.appVolumeMounts -}}
|
||||
{{- if hasKey . "ObjectValues" -}}
|
||||
{{- with .ObjectValues.appVolumeMounts -}}
|
||||
{{- $values = . -}}
|
||||
{{- end -}}
|
||||
{{ end -}}
|
||||
{{- $JobName := include "common.names.fullname" . -}}
|
||||
{{- if hasKey $values "nameSuffix" -}}
|
||||
{{- $JobName = printf "%v-%v" $JobName $values.nameSuffix -}}
|
||||
{{ end -}}
|
||||
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ $JobName }}
|
||||
labels:
|
||||
{{- include "common.labels" . | nindent 4 }}
|
||||
{{- with .Values.controllerLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-weight": "-10"
|
||||
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
|
||||
{{- with .Values.controllerAnnotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
{{- with .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "common.labels.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: set-mount-permissions
|
||||
image: "alpine:3.3"
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- |
|
||||
chown -R {{ print .Values.PUID }}:{{ print .Values.PGID }} {{ print $values.mountPath }}
|
||||
#args:
|
||||
#
|
||||
#securityContext:
|
||||
#
|
||||
volumeMounts:
|
||||
{{- include "common.storage.allContainerVolumeMounts" . | indent 12 }}
|
||||
{{- with (include "common.controller.volumes" . | trim) }}
|
||||
volumes:
|
||||
{{- . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -1,42 +0,0 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
`SPDX-License-Identifier: Apache-2.0`
|
||||
|
||||
This file is considered to be modified by the TrueCharts Project.
|
||||
*/}}
|
||||
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Return the proper Storage Class
|
||||
{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }}
|
||||
*/}}
|
||||
{{- define "common.storage.class" -}}
|
||||
|
||||
{{- $storageClass := .persistence.storageClass -}}
|
||||
{{- if .global -}}
|
||||
{{- if .global.storageClass -}}
|
||||
{{- $storageClass = .global.storageClass -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $storageClass -}}
|
||||
{{- if (eq "-" $storageClass) -}}
|
||||
{{- printf "storageClassName: \"\"" -}}
|
||||
{{- else }}
|
||||
{{- printf "storageClassName: %s" $storageClass -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
@@ -1,91 +0,0 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
`SPDX-License-Identifier: Apache-2.0`
|
||||
|
||||
This file is considered to be modified by the TrueCharts Project.
|
||||
*/}}
|
||||
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Validate Cassandra required passwords are not empty.
|
||||
|
||||
Usage:
|
||||
{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
|
||||
Params:
|
||||
- secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret"
|
||||
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.validations.values.cassandra.passwords" -}}
|
||||
{{- $existingSecret := include "common.cassandra.values.existingSecret" . -}}
|
||||
{{- $enabled := include "common.cassandra.values.enabled" . -}}
|
||||
{{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}}
|
||||
{{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}}
|
||||
|
||||
{{- if and (not $existingSecret) (eq $enabled "true") -}}
|
||||
{{- $requiredPasswords := list -}}
|
||||
|
||||
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}}
|
||||
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
|
||||
|
||||
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for existingSecret.
|
||||
|
||||
Usage:
|
||||
{{ include "common.cassandra.values.existingSecret" (dict "context" $) }}
|
||||
Params:
|
||||
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.cassandra.values.existingSecret" -}}
|
||||
{{- if .subchart -}}
|
||||
{{- .context.Values.cassandra.dbUser.existingSecret | quote -}}
|
||||
{{- else -}}
|
||||
{{- .context.Values.dbUser.existingSecret | quote -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for enabled cassandra.
|
||||
|
||||
Usage:
|
||||
{{ include "common.cassandra.values.enabled" (dict "context" $) }}
|
||||
*/}}
|
||||
{{- define "common.cassandra.values.enabled" -}}
|
||||
{{- if .subchart -}}
|
||||
{{- printf "%v" .context.Values.cassandra.enabled -}}
|
||||
{{- else -}}
|
||||
{{- printf "%v" (not .context.Values.enabled) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for the key dbUser
|
||||
|
||||
Usage:
|
||||
{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }}
|
||||
Params:
|
||||
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.cassandra.values.key.dbUser" -}}
|
||||
{{- if .subchart -}}
|
||||
cassandra.dbUser
|
||||
{{- else -}}
|
||||
dbUser
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -1,122 +0,0 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
`SPDX-License-Identifier: Apache-2.0`
|
||||
|
||||
This file is considered to be modified by the TrueCharts Project.
|
||||
*/}}
|
||||
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Validate MariaDB required passwords are not empty.
|
||||
|
||||
Usage:
|
||||
{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
|
||||
Params:
|
||||
- secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret"
|
||||
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.validations.values.mariadb.passwords" -}}
|
||||
{{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}}
|
||||
{{- $enabled := include "common.mariadb.values.enabled" . -}}
|
||||
{{- $architecture := include "common.mariadb.values.architecture" . -}}
|
||||
{{- $authPrefix := include "common.mariadb.values.key.auth" . -}}
|
||||
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
|
||||
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
|
||||
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
|
||||
{{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}}
|
||||
|
||||
{{- if and (not $existingSecret) (eq $enabled "true") -}}
|
||||
{{- $requiredPasswords := list -}}
|
||||
|
||||
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}}
|
||||
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
|
||||
|
||||
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
|
||||
{{- if not (empty $valueUsername) -}}
|
||||
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}}
|
||||
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if (eq $architecture "replication") -}}
|
||||
{{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}}
|
||||
{{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for existingSecret.
|
||||
|
||||
Usage:
|
||||
{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }}
|
||||
Params:
|
||||
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.mariadb.values.auth.existingSecret" -}}
|
||||
{{- if .subchart -}}
|
||||
{{- .context.Values.mariadb.auth.existingSecret | quote -}}
|
||||
{{- else -}}
|
||||
{{- .context.Values.auth.existingSecret | quote -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for enabled mariadb.
|
||||
|
||||
Usage:
|
||||
{{ include "common.mariadb.values.enabled" (dict "context" $) }}
|
||||
*/}}
|
||||
{{- define "common.mariadb.values.enabled" -}}
|
||||
{{- if .subchart -}}
|
||||
{{- printf "%v" .context.Values.mariadb.enabled -}}
|
||||
{{- else -}}
|
||||
{{- printf "%v" (not .context.Values.enabled) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for architecture
|
||||
|
||||
Usage:
|
||||
{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }}
|
||||
Params:
|
||||
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.mariadb.values.architecture" -}}
|
||||
{{- if .subchart -}}
|
||||
{{- .context.Values.mariadb.architecture -}}
|
||||
{{- else -}}
|
||||
{{- .context.Values.architecture -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for the key auth
|
||||
|
||||
Usage:
|
||||
{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }}
|
||||
Params:
|
||||
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.mariadb.values.key.auth" -}}
|
||||
{{- if .subchart -}}
|
||||
mariadb.auth
|
||||
{{- else -}}
|
||||
auth
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -1,127 +0,0 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
`SPDX-License-Identifier: Apache-2.0`
|
||||
|
||||
This file is considered to be modified by the TrueCharts Project.
|
||||
*/}}
|
||||
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Validate MongoDB(R) required passwords are not empty.
|
||||
|
||||
Usage:
|
||||
{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
|
||||
Params:
|
||||
- secret - String - Required. Name of the secret where MongoDB(R) values are stored, e.g: "mongodb-passwords-secret"
|
||||
- subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.validations.values.mongodb.passwords" -}}
|
||||
{{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}}
|
||||
{{- $enabled := include "common.mongodb.values.enabled" . -}}
|
||||
{{- $authPrefix := include "common.mongodb.values.key.auth" . -}}
|
||||
{{- $architecture := include "common.mongodb.values.architecture" . -}}
|
||||
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
|
||||
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
|
||||
{{- $valueKeyDatabase := printf "%s.database" $authPrefix -}}
|
||||
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
|
||||
{{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}}
|
||||
{{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}}
|
||||
|
||||
{{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}}
|
||||
|
||||
{{- if and (not $existingSecret) (eq $enabled "true") (eq $authEnabled "true") -}}
|
||||
{{- $requiredPasswords := list -}}
|
||||
|
||||
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}}
|
||||
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
|
||||
|
||||
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
|
||||
{{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }}
|
||||
{{- if and $valueUsername $valueDatabase -}}
|
||||
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}}
|
||||
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if (eq $architecture "replicaset") -}}
|
||||
{{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}}
|
||||
{{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for existingSecret.
|
||||
|
||||
Usage:
|
||||
{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }}
|
||||
Params:
|
||||
- subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.mongodb.values.auth.existingSecret" -}}
|
||||
{{- if .subchart -}}
|
||||
{{- .context.Values.mongodb.auth.existingSecret | quote -}}
|
||||
{{- else -}}
|
||||
{{- .context.Values.auth.existingSecret | quote -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for enabled mongodb.
|
||||
|
||||
Usage:
|
||||
{{ include "common.mongodb.values.enabled" (dict "context" $) }}
|
||||
*/}}
|
||||
{{- define "common.mongodb.values.enabled" -}}
|
||||
{{- if .subchart -}}
|
||||
{{- printf "%v" .context.Values.mongodb.enabled -}}
|
||||
{{- else -}}
|
||||
{{- printf "%v" (not .context.Values.enabled) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for the key auth
|
||||
|
||||
Usage:
|
||||
{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }}
|
||||
Params:
|
||||
- subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.mongodb.values.key.auth" -}}
|
||||
{{- if .subchart -}}
|
||||
mongodb.auth
|
||||
{{- else -}}
|
||||
auth
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for architecture
|
||||
|
||||
Usage:
|
||||
{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }}
|
||||
Params:
|
||||
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.mongodb.values.architecture" -}}
|
||||
{{- if .subchart -}}
|
||||
{{- .context.Values.mongodb.architecture -}}
|
||||
{{- else -}}
|
||||
{{- .context.Values.architecture -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -1,150 +0,0 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
`SPDX-License-Identifier: Apache-2.0`
|
||||
|
||||
This file is considered to be modified by the TrueCharts Project.
|
||||
*/}}
|
||||
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Validate PostgreSQL required passwords are not empty.
|
||||
|
||||
Usage:
|
||||
{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
|
||||
Params:
|
||||
- secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret"
|
||||
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.validations.values.postgresql.passwords" -}}
|
||||
{{- $existingSecret := include "common.postgresql.values.existingSecret" . -}}
|
||||
{{- $enabled := include "common.postgresql.values.enabled" . -}}
|
||||
{{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}}
|
||||
{{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}}
|
||||
|
||||
{{- if and (not $existingSecret) (eq $enabled "true") -}}
|
||||
{{- $requiredPasswords := list -}}
|
||||
|
||||
{{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}}
|
||||
{{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}}
|
||||
|
||||
{{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}}
|
||||
{{- if (eq $enabledReplication "true") -}}
|
||||
{{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}}
|
||||
{{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to decide whether evaluate global values.
|
||||
|
||||
Usage:
|
||||
{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }}
|
||||
Params:
|
||||
- key - String - Required. Field to be evaluated within global, e.g: "existingSecret"
|
||||
*/}}
|
||||
{{- define "common.postgresql.values.use.global" -}}
|
||||
{{- if .context.Values.global -}}
|
||||
{{- if .context.Values.global.postgresql -}}
|
||||
{{- index .context.Values.global.postgresql .key | quote -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for existingSecret.
|
||||
|
||||
Usage:
|
||||
{{ include "common.postgresql.values.existingSecret" (dict "context" $) }}
|
||||
*/}}
|
||||
{{- define "common.postgresql.values.existingSecret" -}}
|
||||
{{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}}
|
||||
|
||||
{{- if .subchart -}}
|
||||
{{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}}
|
||||
{{- else -}}
|
||||
{{- default (.context.Values.existingSecret | quote) $globalValue -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for enabled postgresql.
|
||||
|
||||
Usage:
|
||||
{{ include "common.postgresql.values.enabled" (dict "context" $) }}
|
||||
*/}}
|
||||
{{- define "common.postgresql.values.enabled" -}}
|
||||
{{- if .subchart -}}
|
||||
{{- printf "%v" .context.Values.postgresql.enabled -}}
|
||||
{{- else -}}
|
||||
{{- printf "%v" (not .context.Values.enabled) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for the key postgressPassword.
|
||||
|
||||
Usage:
|
||||
{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }}
|
||||
Params:
|
||||
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.postgresql.values.key.postgressPassword" -}}
|
||||
{{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}}
|
||||
|
||||
{{- if not $globalValue -}}
|
||||
{{- if .subchart -}}
|
||||
postgresql.postgresqlPassword
|
||||
{{- else -}}
|
||||
postgresqlPassword
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
global.postgresql.postgresqlPassword
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for enabled.replication.
|
||||
|
||||
Usage:
|
||||
{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }}
|
||||
Params:
|
||||
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.postgresql.values.enabled.replication" -}}
|
||||
{{- if .subchart -}}
|
||||
{{- printf "%v" .context.Values.postgresql.replication.enabled -}}
|
||||
{{- else -}}
|
||||
{{- printf "%v" .context.Values.replication.enabled -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for the key replication.password.
|
||||
|
||||
Usage:
|
||||
{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }}
|
||||
Params:
|
||||
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.postgresql.values.key.replicationPassword" -}}
|
||||
{{- if .subchart -}}
|
||||
postgresql.replication.password
|
||||
{{- else -}}
|
||||
replication.password
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -1,90 +0,0 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
`SPDX-License-Identifier: Apache-2.0`
|
||||
|
||||
This file is considered to be modified by the TrueCharts Project.
|
||||
*/}}
|
||||
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Validate Redis(TM) required passwords are not empty.
|
||||
|
||||
Usage:
|
||||
{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
|
||||
Params:
|
||||
- secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret"
|
||||
- subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.validations.values.redis.passwords" -}}
|
||||
{{- $existingSecret := include "common.redis.values.existingSecret" . -}}
|
||||
{{- $enabled := include "common.redis.values.enabled" . -}}
|
||||
{{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}}
|
||||
{{- $valueKeyRedisPassword := printf "%s%s" $valueKeyPrefix "password" -}}
|
||||
{{- $valueKeyRedisUsePassword := printf "%s%s" $valueKeyPrefix "usePassword" -}}
|
||||
|
||||
{{- if and (not $existingSecret) (eq $enabled "true") -}}
|
||||
{{- $requiredPasswords := list -}}
|
||||
|
||||
{{- $usePassword := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUsePassword "context" .context) -}}
|
||||
{{- if eq $usePassword "true" -}}
|
||||
{{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}}
|
||||
{{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Redis Auxiliary function to get the right value for existingSecret.
|
||||
|
||||
Usage:
|
||||
{{ include "common.redis.values.existingSecret" (dict "context" $) }}
|
||||
Params:
|
||||
- subchart - Boolean - Optional. Whether Redis(TM) is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.redis.values.existingSecret" -}}
|
||||
{{- if .subchart -}}
|
||||
{{- .context.Values.redis.existingSecret | quote -}}
|
||||
{{- else -}}
|
||||
{{- .context.Values.existingSecret | quote -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right value for enabled redis.
|
||||
|
||||
Usage:
|
||||
{{ include "common.redis.values.enabled" (dict "context" $) }}
|
||||
*/}}
|
||||
{{- define "common.redis.values.enabled" -}}
|
||||
{{- if .subchart -}}
|
||||
{{- printf "%v" .context.Values.redis.enabled -}}
|
||||
{{- else -}}
|
||||
{{- printf "%v" (not .context.Values.enabled) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Auxiliary function to get the right prefix path for the values
|
||||
|
||||
Usage:
|
||||
{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }}
|
||||
Params:
|
||||
- subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
|
||||
*/}}
|
||||
{{- define "common.redis.values.keys.prefix" -}}
|
||||
{{- if .subchart -}}redis.{{- else -}}{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -1,65 +0,0 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
`SPDX-License-Identifier: Apache-2.0`
|
||||
|
||||
This file is considered to be modified by the TrueCharts Project.
|
||||
*/}}
|
||||
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Validate values must not be empty.
|
||||
|
||||
Usage:
|
||||
{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}}
|
||||
{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}}
|
||||
{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
|
||||
|
||||
Validate value params:
|
||||
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
|
||||
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
|
||||
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
|
||||
*/}}
|
||||
{{- define "common.validations.values.multiple.empty" -}}
|
||||
{{- range .required -}}
|
||||
{{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Validate a value must not be empty.
|
||||
|
||||
Usage:
|
||||
{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }}
|
||||
|
||||
Validate value params:
|
||||
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
|
||||
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
|
||||
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
|
||||
- subchart - String - Optional - Name of the subchart that the validated password is part of.
|
||||
*/}}
|
||||
{{- define "common.validations.values.single.empty" -}}
|
||||
{{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }}
|
||||
{{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }}
|
||||
|
||||
{{- if not $value -}}
|
||||
{{- $varname := "my-value" -}}
|
||||
{{- $getCurrentValue := "" -}}
|
||||
{{- if and .secret .field -}}
|
||||
{{- $varname = include "common.utils.fieldToEnvVar" . -}}
|
||||
{{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}}
|
||||
{{- end -}}
|
||||
{{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -82,12 +82,17 @@ hostNetwork: false
|
||||
enableServiceLinks: true
|
||||
|
||||
# Configure the Security Context for the Pod
|
||||
podSecurityContext: {}
|
||||
podSecurityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
fsGroup: 568
|
||||
fsGroupChangePolicy: "OnRootMismatch"
|
||||
|
||||
# Configure the Security Context for the main container
|
||||
# PUID and PGID gets added automatically!
|
||||
securityContext: {}
|
||||
|
||||
|
||||
initContainers: []
|
||||
|
||||
additionalContainers: []
|
||||
@@ -241,29 +246,6 @@ persistence:
|
||||
emptyDir: true
|
||||
mountPath: /shared
|
||||
|
||||
# Special PVC instance, that does get affected by putting "persistence" into questions.yaml
|
||||
backupPersistence:
|
||||
buildinbackup:
|
||||
enabled: false
|
||||
nameOverride: buildinbackup
|
||||
## configuration data Persistent Volume Storage Class
|
||||
## If defined, storageClassName: <storageClass>
|
||||
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
||||
## If undefined (the default) or set to null, no storageClassName spec is
|
||||
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
||||
## GKE, AWS & OpenStack)
|
||||
##
|
||||
## storageClass: "-"
|
||||
##
|
||||
## If you want to reuse an existing claim, you can pass the name of the PVC using
|
||||
## the existingClaim variable
|
||||
# existingClaim: your-claim
|
||||
# subPath: some-subpath
|
||||
accessMode: ReadWriteOnce
|
||||
size: 100Gi
|
||||
## Set to true to retain the PVC upon helm uninstall
|
||||
skipuninstall: false
|
||||
|
||||
additionalVolumes: []
|
||||
|
||||
additionalVolumeMounts: []
|
||||
@@ -312,7 +294,6 @@ resources: {}
|
||||
PUID: 568
|
||||
PGID: 568
|
||||
UMASK: "002"
|
||||
startAsRoot: false
|
||||
fixMountPermissions: true
|
||||
|
||||
# appVolumeMounts:
|
||||
|
||||
Reference in New Issue
Block a user