From d67ca77bae2ea4e2ef5876f37d1f2fffcea9842d Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Wed, 14 Apr 2021 19:14:58 +0200 Subject: [PATCH] Common part of Storage Part 2 (#344) * Prepare Common for different permission schema * Don't use PGID for storage ownership in any case. --- .tools/tests/charts/common-test_spec.rb | 49 ++---- library/common-test/templates/NOTES.txt | 1 - library/common-test/values.yaml | 14 +- library/common/Chart.yaml | 2 +- library/common/templates/_all.tpl | 19 --- library/common/templates/_notes.tpl | 40 ----- library/common/templates/_pvc.tpl | 15 -- library/common/templates/_serviceaccount.tpl | 18 --- .../lib/bitnamiCompat/_affinities.tpl | 114 ------------- .../lib/bitnamiCompat/_ingressBackend.tpl | 63 -------- .../templates/lib/bitnamiCompat/_secrets.tpl | 148 ----------------- .../lib/bitnamiCompat/_tplvalues.tpl | 33 ---- .../common/templates/lib/chart/_warnings.tpl | 37 ----- .../templates/lib/controller/_container.tpl | 27 +--- .../common/templates/lib/controller/_pod.tpl | 29 +--- .../lib/controller/_volumeMounts.tpl | 59 +++++++ .../templates/lib/controller/_volumes.tpl | 33 +++- .../templates/lib/storage/_appStorage.tpl | 76 --------- .../templates/lib/storage/_ixVolumes.tpl | 11 -- .../lib/storage/_mountPermissions.tpl | 86 +++++++--- .../lib/storage/_mountPermissionsJob.tpl | 63 -------- .../templates/lib/storage/_storageclass.tpl | 42 ----- .../templates/lib/validations/_cassandra.tpl | 91 ----------- .../templates/lib/validations/_mariadb.tpl | 122 -------------- .../templates/lib/validations/_mongodb.tpl | 127 --------------- .../templates/lib/validations/_postgresql.tpl | 150 ------------------ .../templates/lib/validations/_redis.tpl | 90 ----------- .../lib/validations/_validations.tpl | 65 -------- library/common/values.yaml | 33 +--- 29 files changed, 182 insertions(+), 1475 deletions(-) delete mode 100644 library/common-test/templates/NOTES.txt delete mode 100644 library/common/templates/_notes.tpl delete mode 100644 library/common/templates/lib/bitnamiCompat/_affinities.tpl delete mode 100644 library/common/templates/lib/bitnamiCompat/_ingressBackend.tpl delete mode 100644 library/common/templates/lib/bitnamiCompat/_secrets.tpl delete mode 100644 library/common/templates/lib/bitnamiCompat/_tplvalues.tpl delete mode 100644 library/common/templates/lib/chart/_warnings.tpl create mode 100644 library/common/templates/lib/controller/_volumeMounts.tpl delete mode 100644 library/common/templates/lib/storage/_appStorage.tpl delete mode 100644 library/common/templates/lib/storage/_ixVolumes.tpl delete mode 100644 library/common/templates/lib/storage/_mountPermissionsJob.tpl delete mode 100644 library/common/templates/lib/storage/_storageclass.tpl delete mode 100644 library/common/templates/lib/validations/_cassandra.tpl delete mode 100644 library/common/templates/lib/validations/_mariadb.tpl delete mode 100644 library/common/templates/lib/validations/_mongodb.tpl delete mode 100644 library/common/templates/lib/validations/_postgresql.tpl delete mode 100644 library/common/templates/lib/validations/_redis.tpl delete mode 100644 library/common/templates/lib/validations/_validations.tpl diff --git a/.tools/tests/charts/common-test_spec.rb b/.tools/tests/charts/common-test_spec.rb index e0ae5e8f7e7..a87d6e62b50 100644 --- a/.tools/tests/charts/common-test_spec.rb +++ b/.tools/tests/charts/common-test_spec.rb @@ -38,36 +38,7 @@ class Test < ChartTest end end - describe 'startAsRoot' do - it 'defaults to false = runAs 568' do - jq('.spec.template.spec.securityContext.runAsUser', resource('Deployment')).must_equal 568 - jq('.spec.template.spec.securityContext.runAsGroup', resource('Deployment')).must_equal 568 - jq('.spec.template.spec.securityContext.fsGroup', resource('Deployment')).must_equal 568 - jq('.spec.template.spec.securityContext.runAsNonRoot', resource('Deployment')).must_equal true - jq('.spec.template.spec.securityContext.supplementalGroups', resource('Deployment')).must_equal [] - end - it 'allow settingsupplementalGroups' do - values = { - supplementalGroups: "5,20" - } - chart.value values - jq('.spec.template.spec.securityContext.runAsUser', resource('Deployment')).must_equal 568 - jq('.spec.template.spec.securityContext.runAsGroup', resource('Deployment')).must_equal 568 - jq('.spec.template.spec.securityContext.fsGroup', resource('Deployment')).must_equal 568 - jq('.spec.template.spec.securityContext.runAsNonRoot', resource('Deployment')).must_equal true - jq('.spec.template.spec.securityContext.supplementalGroups', resource('Deployment')).must_equal [5,20] - end - - it 'can be enabled = runAs nil' do - chart.value startAsRoot: true - jq('.spec.template.spec.securityContext.runAsUser', resource('Deployment')).must_equal nil - jq('.spec.template.spec.securityContext.runAsGroup', resource('Deployment')).must_equal nil - jq('.spec.template.spec.securityContext.runAsNonRoot', resource('Deployment')).must_equal nil - jq('.spec.template.spec.securityContext.fsGroup', resource('Deployment')).must_equal nil - jq('.spec.template.spec.securityContext.supplementalGroups', resource('Deployment')).must_equal nil - end - end describe 'hostNetwork' do it ' hostnetworking default = nil' do @@ -277,43 +248,43 @@ class Test < ChartTest end end - describe 'appVolumeMounts' do - default_name_1 = 'test1' - default_name_2 = 'test2' + describe 'deviceMounts' do + default_name_1 = 'devicemount-test1' + default_name_2 = 'devicemount-test2' default_mountPath_1 = '/test1' default_mountPath_2 = '/test2' empty_dir = {} path = '/tmp' - it 'appVolumeMounts creates VolumeMounts' do + it 'deviceMounts creates VolumeMounts' do jq('.spec.template.spec.containers[0].volumeMounts[0].name', resource('Deployment')).must_equal default_name_1 jq('.spec.template.spec.containers[0].volumeMounts[1].name', resource('Deployment')).must_equal default_name_2 jq('.spec.template.spec.containers[0].volumeMounts[0].mountPath', resource('Deployment')).must_equal default_mountPath_1 jq('.spec.template.spec.containers[0].volumeMounts[1].mountPath', resource('Deployment')).must_equal default_mountPath_2 end - it 'appVolumeMounts creates Volumes' do + it 'deviceMounts creates Volumes' do jq('.spec.template.spec.volumes[0].emptyDir', resource('Deployment')).must_equal empty_dir jq('.spec.template.spec.volumes[1].hostPath.path', resource('Deployment')).must_equal path end end - describe 'additionalAppVolumeMounts' do - default_name_3 = 'test3' - default_name_4 = 'test4' + describe 'customStorage' do + default_name_3 = 'customstorage-test3' + default_name_4 = 'customstorage-test4' default_mountPath_3 = '/test3' default_mountPath_4 = '/test4' empty_dir = {} path = '/tmp' - it 'additionalAppVolumeMounts creates VolumeMounts' do + it 'customStorage creates VolumeMounts' do jq('.spec.template.spec.containers[0].volumeMounts[2].name', resource('Deployment')).must_equal default_name_3 jq('.spec.template.spec.containers[0].volumeMounts[3].name', resource('Deployment')).must_equal default_name_4 jq('.spec.template.spec.containers[0].volumeMounts[2].mountPath', resource('Deployment')).must_equal default_mountPath_3 jq('.spec.template.spec.containers[0].volumeMounts[3].mountPath', resource('Deployment')).must_equal default_mountPath_4 end - it 'additionalAppVolumeMounts creates Volumes' do + it 'customStorage creates Volumes' do jq('.spec.template.spec.volumes[2].emptyDir', resource('Deployment')).must_equal empty_dir jq('.spec.template.spec.volumes[3].hostPath.path', resource('Deployment')).must_equal path end diff --git a/library/common-test/templates/NOTES.txt b/library/common-test/templates/NOTES.txt deleted file mode 100644 index 90f7b653a50..00000000000 --- a/library/common-test/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -{{- include "common.notes.defaultNotes" . -}} diff --git a/library/common-test/values.yaml b/library/common-test/values.yaml index 251793981bb..a0b427a0985 100644 --- a/library/common-test/values.yaml +++ b/library/common-test/values.yaml @@ -56,35 +56,27 @@ additionalIngress: # these values and names are set specifically with the unittests in mind. fixMountPermissions: false -appVolumeMounts: +deviceMounts: test1: enabled: true emptyDir: true - datasetName: "test1" mountPath: "/test1" - hostPathEnabled: false - hostPath: "" + hostPath: "/tmp" test2: enabled: true emptyDir: false - datasetName: "test2" mountPath: "/test2" - hostPathEnabled: true hostPath: "/tmp" # these values and names are set specifically with the unittests in mind. -additionalAppVolumeMounts: +customStorage: - name: "test3" enabled: true emptyDir: true - datasetName: "test3" mountPath: "/test3" - hostPathEnabled: false hostPath: "" - name: "test4" enabled: true emptyDir: false - datasetName: "test4" mountPath: "/test4" - hostPathEnabled: true hostPath: "/tmp" diff --git a/library/common/Chart.yaml b/library/common/Chart.yaml index 8d3a9d0f658..a0193cf61bd 100644 --- a/library/common/Chart.yaml +++ b/library/common/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 kubeVersion: ">=1.16.0-0" name: common -version: 2.2.2 +version: 3.0.0 # upstream_version: appVersion: none description: Function library for TrueCharts diff --git a/library/common/templates/_all.tpl b/library/common/templates/_all.tpl index 9ef03706160..9bb0b3eaf20 100644 --- a/library/common/templates/_all.tpl +++ b/library/common/templates/_all.tpl @@ -1,22 +1,3 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -`SPDX-License-Identifier: Apache-2.0` - -This file is considered to be modified by the TrueCharts Project. -*/}} - - {{/* Main entrypoint for the common library chart. It will render all underlying templates based on the provided values. */}} diff --git a/library/common/templates/_notes.tpl b/library/common/templates/_notes.tpl deleted file mode 100644 index 8d701d8e90c..00000000000 --- a/library/common/templates/_notes.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -`SPDX-License-Identifier: Apache-2.0` - -This file is considered to be modified by the TrueCharts Project. -*/}} - -{{/* -Default NOTES.txt content. -*/}} -{{- define "common.notes.defaultNotes" -}} -{{- $svcPort := .Values.services.main.port.port -}} - echo "use your Ingress URL to connect or find the application URL by running these commands:" - -{{- if contains "NodePort" .Values.services.main.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.services.main.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.names.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ $svcPort }} -{{- else if contains "ClusterIP" .Values.services.main.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ $svcPort }} -{{- end }} -{{- end }} diff --git a/library/common/templates/_pvc.tpl b/library/common/templates/_pvc.tpl index 3cae71c7897..1e00d3e44fa 100644 --- a/library/common/templates/_pvc.tpl +++ b/library/common/templates/_pvc.tpl @@ -33,19 +33,4 @@ of all the entries of the persistence key. {{- include "common.classes.pvc" $ -}} {{- end }} {{- end }} - - {{/* - This is kept seperate, to enable us ot add "persistence" to questions.yaml and keep this out of it - */}} - {{- range $index, $PVC := .Values.backupPersistence }} - {{- if and $PVC.enabled (not (or $PVC.emptyDir $PVC.existingClaim)) -}} - {{- $persistenceValues := $PVC -}} - {{- if not $persistenceValues.nameSuffix -}} - {{- $_ := set $persistenceValues "nameSuffix" "buildinBackup" -}} - {{- end -}} - {{- $_ := set $ "ObjectValues" (dict "persistence" $persistenceValues) -}} - {{- print ("---") | nindent 0 -}} - {{- include "common.classes.pvc" $ -}} - {{- end }} - {{- end }} {{- end }} diff --git a/library/common/templates/_serviceaccount.tpl b/library/common/templates/_serviceaccount.tpl index 959a313662e..a8c0e7903ba 100644 --- a/library/common/templates/_serviceaccount.tpl +++ b/library/common/templates/_serviceaccount.tpl @@ -1,21 +1,3 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -`SPDX-License-Identifier: Apache-2.0` - -This file is considered to be modified by the TrueCharts Project. -*/}} - {{/* The ServiceAccount object to be created. */}} diff --git a/library/common/templates/lib/bitnamiCompat/_affinities.tpl b/library/common/templates/lib/bitnamiCompat/_affinities.tpl deleted file mode 100644 index 84644018592..00000000000 --- a/library/common/templates/lib/bitnamiCompat/_affinities.tpl +++ /dev/null @@ -1,114 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -`SPDX-License-Identifier: Apache-2.0` - -This file is considered to be modified by the TrueCharts Project. -*/}} - -{{/* Currently only used as Bitnami Compatibility layer, may want to integrate more later */}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname - weight: 1 -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/library/common/templates/lib/bitnamiCompat/_ingressBackend.tpl b/library/common/templates/lib/bitnamiCompat/_ingressBackend.tpl deleted file mode 100644 index 7ad3912262e..00000000000 --- a/library/common/templates/lib/bitnamiCompat/_ingressBackend.tpl +++ /dev/null @@ -1,63 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -`SPDX-License-Identifier: Apache-2.0` - -This file is considered to be modified by the TrueCharts Project. -*/}} - -{{/* Currently only used as Bitnami compatibility Layer, needs more integration during the Ingress integration project. */}} - - -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if typeIs "int" .servicePort }} - number: {{ .servicePort }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} diff --git a/library/common/templates/lib/bitnamiCompat/_secrets.tpl b/library/common/templates/lib/bitnamiCompat/_secrets.tpl deleted file mode 100644 index eaa0d57271c..00000000000 --- a/library/common/templates/lib/bitnamiCompat/_secrets.tpl +++ /dev/null @@ -1,148 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -`SPDX-License-Identifier: Apache-2.0` - -This file is considered to be modified by the TrueCharts Project. -*/}} - -{{/* Currently only used as Bitnami Compatibility layer, may want to integrate more later */}} -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} -{{- if $secret }} - {{- if index $secret.data .key }} - {{- $password = index $secret.data .key }} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString | b64enc | quote }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} - {{- else }} - {{- $password = randAlphaNum $passwordLength | b64enc | quote }} - {{- end }} -{{- end -}} -{{- printf "%s" $password -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/library/common/templates/lib/bitnamiCompat/_tplvalues.tpl b/library/common/templates/lib/bitnamiCompat/_tplvalues.tpl deleted file mode 100644 index 8b6df586ec2..00000000000 --- a/library/common/templates/lib/bitnamiCompat/_tplvalues.tpl +++ /dev/null @@ -1,33 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -`SPDX-License-Identifier: Apache-2.0` - -This file is considered to be modified by the TrueCharts Project. -*/}} - -{{/* Currently only used as Bitnami Compatibility layer, may want to integrate more later */}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/library/common/templates/lib/chart/_warnings.tpl b/library/common/templates/lib/chart/_warnings.tpl deleted file mode 100644 index a65a82bffa0..00000000000 --- a/library/common/templates/lib/chart/_warnings.tpl +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -`SPDX-License-Identifier: Apache-2.0` - -This file is considered to be modified by the TrueCharts Project. -*/}} - -{{/* -## We might want to include more repositories in this warnings -## This is mostly used to prevent chart maintainers using "latest" when version is available -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/library/common/templates/lib/controller/_container.tpl b/library/common/templates/lib/controller/_container.tpl index 937e40da7ca..cdd777ab0f3 100644 --- a/library/common/templates/lib/controller/_container.tpl +++ b/library/common/templates/lib/controller/_container.tpl @@ -23,7 +23,6 @@ The main container included in the controller. {{- define "common.controller.mainContainer" -}} - name: {{ include "common.names.fullname" . }} image: "{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}" - {{ include "common.warnings.rollingTag" .Values.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.command }} command: {{ . }} @@ -74,29 +73,13 @@ The main container included in the controller. {{- toYaml . | nindent 12 }} {{- end }} {{- include "common.controller.ports" . | trim | nindent 2 }} + + {{- with (include "common.controller.volumeMounts" . | trim) }} volumeMounts: - {{- range $index, $PVC := .Values.persistence }} - {{- if and ( $PVC.enabled ) ( $PVC.mountPath ) }} - - mountPath: {{ $PVC.mountPath }} - name: {{ $index }} - {{- if $PVC.subPath }} - subPath: {{ $PVC.subPath }} - {{- end }} - {{- end }} - {{- end }} - {{ include "common.storage.allContainerVolumeMounts" . | nindent 2 }} - {{- if .Values.additionalVolumeMounts }} - {{- toYaml .Values.additionalVolumeMounts | nindent 2 }} - {{- end }} - {{- if eq .Values.controllerType "statefulset" }} - {{- range $index, $vct := .Values.volumeClaimTemplates }} - - mountPath: {{ $vct.mountPath }} - name: {{ $vct.name }} - {{- if $vct.subPath }} - subPath: {{ $vct.subPath }} - {{- end }} - {{- end }} + {{- . | nindent 2 }} {{- end }} + + {{- include "common.controller.probes" . | nindent 2 }} resources: {{- with .Values.resources }} diff --git a/library/common/templates/lib/controller/_pod.tpl b/library/common/templates/lib/controller/_pod.tpl index 5645c1b0951..90196a4b5ac 100644 --- a/library/common/templates/lib/controller/_pod.tpl +++ b/library/common/templates/lib/controller/_pod.tpl @@ -1,22 +1,3 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -`SPDX-License-Identifier: Apache-2.0` - -This file is considered to be modified by the TrueCharts Project. -*/}} - - {{- /* The pod definition included in the controller. */ -}} @@ -26,16 +7,8 @@ imagePullSecrets: {{- toYaml . | nindent 2 }} {{- end }} serviceAccountName: {{ include "common.names.serviceAccountName" . }} -securityContext: -{{- if not .Values.startAsRoot }} - runAsUser: {{ .Values.PUID }} - runAsGroup: {{ .Values.PGID }} - fsGroup: {{ .Values.PGID }} - # 5=tty 20=dailout 24=cdrom 44=video 107=render - supplementalGroups: [{{- .Values.supplementalGroups }}] - runAsNonRoot: true -{{- end }} {{- with .Values.podSecurityContext }} +securityContext: {{- toYaml . | nindent 2 }} {{- end }} {{- with .Values.priorityClassName }} diff --git a/library/common/templates/lib/controller/_volumeMounts.tpl b/library/common/templates/lib/controller/_volumeMounts.tpl new file mode 100644 index 00000000000..596b0761b12 --- /dev/null +++ b/library/common/templates/lib/controller/_volumeMounts.tpl @@ -0,0 +1,59 @@ + +{{/* +Volumes included by the controller. +*/}} +{{- define "common.controller.volumeMounts" -}} +{{- range $index, $PVC := .Values.persistence }} +{{- if and ( $PVC.enabled ) ( $PVC.mountPath ) }} +- mountPath: {{ $PVC.mountPath }} + name: {{ $index }} +{{- if $PVC.subPath }} + subPath: {{ $PVC.subPath }} +{{- end }} +{{- end }} +{{- end }} + + +{{ range $name, $dmm := .Values.deviceMounts }} +{{- if $dmm.enabled -}} +{{ if $dmm.name }} + {{ $name = $dmm.name }} +{{ end }} +- name: devicemount-{{ $name }} + mountPath: {{ $dmm.mountPath }} + {{ if $dmm.subPath }} + subPath: {{ $dmm.subPath }} + {{ end }} +{{- end -}} +{{ end }} + +{{ range $name, $csm := .Values.customStorage }} +{{- if $csm.enabled -}} +{{ if $csm.name }} + {{ $name = $csm.name }} +{{ end }} +- name: customstorage-{{ $name }} + mountPath: {{ $csm.mountPath }} + {{ if $csm.subPath }} + subPath: {{ $csm.subPath }} + {{ end }} +{{- end -}} +{{ end }} + + +{{- if .Values.additionalVolumeMounts }} + {{- toYaml .Values.additionalVolumeMounts | nindent 0 }} +{{- end }} + + +{{- if eq .Values.controllerType "statefulset" }} +{{- range $index, $vct := .Values.volumeClaimTemplates }} +- mountPath: {{ $vct.mountPath }} + name: {{ $vct.name }} +{{- if $vct.subPath }} + subPath: {{ $vct.subPath }} +{{- end }} +{{- end }} +{{- end }} + +{{- end -}} diff --git a/library/common/templates/lib/controller/_volumes.tpl b/library/common/templates/lib/controller/_volumes.tpl index 4a96831b41d..33f306f93a7 100644 --- a/library/common/templates/lib/controller/_volumes.tpl +++ b/library/common/templates/lib/controller/_volumes.tpl @@ -46,7 +46,38 @@ Volumes included by the controller. {{- end }} {{- end }} {{- end }} -{{ include "common.storage.allAppVolumes" . | nindent 0 }} + +{{- range $name, $dm := .Values.deviceMounts -}} +{{ if $dm.enabled }} +{{ if $dm.name }} +{{ $name = $dm.name }} +{{ end }} +- name: devicemount-{{ $name }} + {{ if $dm.emptyDir }} + emptyDir: {} + {{- else -}} + hostPath: + path: {{ required "hostPath not set" $dm.hostPath }} + {{ end }} +{{ end }} +{{- end -}} + +{{- range $name, $cs := .Values.customStorage -}} +{{ if $cs.enabled }} +{{ if $cs.name }} +{{ $name = $cs.name }} +{{ end }} +- name: customstorage-{{ $name }} + {{ if $cs.emptyDir }} + emptyDir: {} + {{- else -}} + hostPath: + path: {{ required "hostPath not set" $cs.hostPath }} + {{ end }} +{{ end }} +{{- end -}} + + {{- if .Values.additionalVolumes }} {{- toYaml .Values.additionalVolumes | nindent 0 }} {{- end }} diff --git a/library/common/templates/lib/storage/_appStorage.tpl b/library/common/templates/lib/storage/_appStorage.tpl deleted file mode 100644 index b23369ce863..00000000000 --- a/library/common/templates/lib/storage/_appStorage.tpl +++ /dev/null @@ -1,76 +0,0 @@ -{{/* -Define appVolumeMounts for container -*/}} -{{- define "common.storage.configureAppVolumeMountsInContainer" -}} -{{ range $name, $avm := . }} -{{- if $avm.enabled -}} -{{ if $avm.name }} -{{ $name = $avm.name }} -{{ end }} -- name: {{ $name }} - mountPath: {{ $avm.mountPath }} - {{ if $avm.subPath }} - subPath: {{ $avm.subPath }} - {{ end }} -{{- end -}} -{{ end }} -{{- end -}} - - -{{/* -Define hostPath for appVolumes -*/}} -{{- define "common.storage.configureAppVolumes" -}} -{{- range $name, $av := $.volMounts -}} -{{ if $av.enabled }} -{{ if $av.name }} -{{ $name = $av.name }} -{{ end }} -- name: {{ $name }} - {{ if $av.emptyDir }} - emptyDir: {} - {{- else -}} - hostPath: - {{ if $av.hostPathEnabled }} - path: {{ required "hostPath not set" $av.hostPath }} - {{ else }} - {{- $ixVolDict := dict "datasetName" $av.datasetName "ixVolumes" $.ixVolumes -}} - path: {{ include "common.storage.retrieveHostPathFromiXVolume" $ixVolDict }} - {{ end }} - {{ end }} -{{ end }} -{{- end -}} -{{- end -}} - - -{{/* -Get all volumes configuration -*/}} -{{- define "common.storage.allAppVolumes" -}} - -{{- $volDict := dict "volMounts" .Values.appVolumeMounts "ixVolumes" .Values.ixVolumes -}} -{{- $volExtraDict := dict "volMounts" .Values.additionalAppVolumeMounts "ixVolumes" .Values.ixVolumes -}} - -{{- if .Values.appVolumeMounts -}} -{{- include "common.storage.configureAppVolumes" $volDict | nindent 0 -}} -{{- end -}} -{{- if .Values.additionalAppVolumeMounts -}} -{{- include "common.storage.configureAppVolumes" $volExtraDict | nindent 0 -}} -{{- end -}} - -{{- end -}} - - -{{/* -Get all container volume moutns configuration -*/}} -{{- define "common.storage.allContainerVolumeMounts" -}} - -{{- if .Values.appVolumeMounts -}} -{{- include "common.storage.configureAppVolumeMountsInContainer" .Values.appVolumeMounts | nindent 0 -}} -{{- end -}} -{{- if .Values.additionalAppVolumeMounts -}} -{{- include "common.storage.configureAppVolumeMountsInContainer" .Values.additionalAppVolumeMounts | nindent 0 -}} -{{- end -}} - -{{- end -}} diff --git a/library/common/templates/lib/storage/_ixVolumes.tpl b/library/common/templates/lib/storage/_ixVolumes.tpl deleted file mode 100644 index b2dd66be3d5..00000000000 --- a/library/common/templates/lib/storage/_ixVolumes.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{/* -Retrieve host path from ix volumes based on dataset name -*/}} -{{- define "common.storage.retrieveHostPathFromiXVolume" -}} -{{- range $index, $hostPathConfiguration := $.ixVolumes }} -{{- $dsName := base $hostPathConfiguration.hostPath -}} -{{- if eq $.datasetName $dsName -}} -{{- $hostPathConfiguration.hostPath -}} -{{- end }} -{{- end }} -{{- end -}} diff --git a/library/common/templates/lib/storage/_mountPermissions.tpl b/library/common/templates/lib/storage/_mountPermissions.tpl index 1a0d38a8983..2c33f57ae3d 100644 --- a/library/common/templates/lib/storage/_mountPermissions.tpl +++ b/library/common/templates/lib/storage/_mountPermissions.tpl @@ -5,25 +5,7 @@ before chart installation. {{- define "common.storage.permissions" -}} {{- if .Values.fixMountPermissions }} -{{- if .Values.appVolumeMounts }} -{{- range $name, $vm := .Values.appVolumeMounts -}} -{{- if and $vm.enabled $vm.setPermissions}} -{{- print "---" | nindent 0 -}} - -{{- $VMValues := $vm -}} -{{- if not $VMValues.nameSuffix -}} - {{- $_ := set $VMValues "nameSuffix" $name -}} -{{ end -}} -{{- $_ := set $ "ObjectValues" (dict "appVolumeMounts" $VMValues) -}} - -{{ include "common.storage.permissions.job" $ | nindent 0 }} -{{- end }} -{{- end }} -{{- end }} - - -{{- if .Values.additionalAppVolumeMounts }} -{{- range $index, $avm := .Values.additionalAppVolumeMounts -}} +{{- range $index, $avm := .Values.customStorage -}} {{- if and $avm.enabled $avm.setPermissions}} {{- print "---" | nindent 0 -}} @@ -34,9 +16,69 @@ before chart installation. {{- $_ := set $ "ObjectValues" (dict "appVolumeMounts" $AVMValues) -}} {{ include "common.storage.permissions.job" $ | nindent 0 }} -{{- end }} -{{- end }} -{{- end }} + + +{{- $values := .Values.appVolumeMounts -}} +{{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.appVolumeMounts -}} + {{- $values = . -}} + {{- end -}} +{{ end -}} +{{- $JobName := include "common.names.fullname" . -}} +{{- if hasKey $values "nameSuffix" -}} + {{- $JobName = printf "%v-%v" $JobName $values.nameSuffix -}} +{{ end -}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $JobName }} + labels: + {{- include "common.labels" . | nindent 4 }} + {{- with .Values.controllerLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-10" + "helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation + {{- with .Values.controllerAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "common.labels.selectorLabels" . | nindent 8 }} + spec: + restartPolicy: Never + containers: + - name: set-mount-permissions + image: "alpine:3.3" + command: + - /bin/sh + - -c + - | + chown -R{{ if eq .podSecurityContext.runAsNonRoot false }}{{ print .Values.PUID }}{{ else }}{{ print .podSecurityContext.runAsUser }}{{ end }}:{{ print .podSecurityContext.fsGroup }} {{ print $values.mountPath }} + #args: + # + #securityContext: + # + volumeMounts: + {{- include "common.controller.volumeMounts" . | indent 12 }} + {{- with (include "common.controller.volumes" . | trim) }} + volumes: + {{- . | nindent 8 }} + {{- end }} + + +{{- end }} +{{- end }} + {{- end }} {{- end }} diff --git a/library/common/templates/lib/storage/_mountPermissionsJob.tpl b/library/common/templates/lib/storage/_mountPermissionsJob.tpl deleted file mode 100644 index d47ed946d7c..00000000000 --- a/library/common/templates/lib/storage/_mountPermissionsJob.tpl +++ /dev/null @@ -1,63 +0,0 @@ -{{/* -This template serves as the blueprint for the mountPermissions job that is run -before chart installation. -*/}} -{{- define "common.storage.permissions.job" -}} - -{{- $values := .Values.appVolumeMounts -}} -{{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.appVolumeMounts -}} - {{- $values = . -}} - {{- end -}} -{{ end -}} -{{- $JobName := include "common.names.fullname" . -}} -{{- if hasKey $values "nameSuffix" -}} - {{- $JobName = printf "%v-%v" $JobName $values.nameSuffix -}} -{{ end -}} - -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $JobName }} - labels: - {{- include "common.labels" . | nindent 4 }} - {{- with .Values.controllerLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "-10" - "helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation - {{- with .Values.controllerAnnotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "common.labels.selectorLabels" . | nindent 8 }} - spec: - restartPolicy: Never - containers: - - name: set-mount-permissions - image: "alpine:3.3" - command: - - /bin/sh - - -c - - | - chown -R {{ print .Values.PUID }}:{{ print .Values.PGID }} {{ print $values.mountPath }} - #args: - # - #securityContext: - # - volumeMounts: - {{- include "common.storage.allContainerVolumeMounts" . | indent 12 }} - {{- with (include "common.controller.volumes" . | trim) }} - volumes: - {{- . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/library/common/templates/lib/storage/_storageclass.tpl b/library/common/templates/lib/storage/_storageclass.tpl deleted file mode 100644 index 3f9864dcb37..00000000000 --- a/library/common/templates/lib/storage/_storageclass.tpl +++ /dev/null @@ -1,42 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -`SPDX-License-Identifier: Apache-2.0` - -This file is considered to be modified by the TrueCharts Project. -*/}} - - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/library/common/templates/lib/validations/_cassandra.tpl b/library/common/templates/lib/validations/_cassandra.tpl deleted file mode 100644 index 153273eb982..00000000000 --- a/library/common/templates/lib/validations/_cassandra.tpl +++ /dev/null @@ -1,91 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -`SPDX-License-Identifier: Apache-2.0` - -This file is considered to be modified by the TrueCharts Project. -*/}} - - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (not $existingSecret) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/library/common/templates/lib/validations/_mariadb.tpl b/library/common/templates/lib/validations/_mariadb.tpl deleted file mode 100644 index f21697eb277..00000000000 --- a/library/common/templates/lib/validations/_mariadb.tpl +++ /dev/null @@ -1,122 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -`SPDX-License-Identifier: Apache-2.0` - -This file is considered to be modified by the TrueCharts Project. -*/}} - - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (not $existingSecret) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/library/common/templates/lib/validations/_mongodb.tpl b/library/common/templates/lib/validations/_mongodb.tpl deleted file mode 100644 index d4b3c9728e2..00000000000 --- a/library/common/templates/lib/validations/_mongodb.tpl +++ /dev/null @@ -1,127 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -`SPDX-License-Identifier: Apache-2.0` - -This file is considered to be modified by the TrueCharts Project. -*/}} - - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB(R) required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB(R) values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (not $existingSecret) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/library/common/templates/lib/validations/_postgresql.tpl b/library/common/templates/lib/validations/_postgresql.tpl deleted file mode 100644 index bc83d0b19a7..00000000000 --- a/library/common/templates/lib/validations/_postgresql.tpl +++ /dev/null @@ -1,150 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -`SPDX-License-Identifier: Apache-2.0` - -This file is considered to be modified by the TrueCharts Project. -*/}} - - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - - {{- if and (not $existingSecret) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/library/common/templates/lib/validations/_redis.tpl b/library/common/templates/lib/validations/_redis.tpl deleted file mode 100644 index 72d203dff6f..00000000000 --- a/library/common/templates/lib/validations/_redis.tpl +++ /dev/null @@ -1,90 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -`SPDX-License-Identifier: Apache-2.0` - -This file is considered to be modified by the TrueCharts Project. -*/}} - - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis(TM) required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $existingSecret := include "common.redis.values.existingSecret" . -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $valueKeyRedisPassword := printf "%s%s" $valueKeyPrefix "password" -}} - {{- $valueKeyRedisUsePassword := printf "%s%s" $valueKeyPrefix "usePassword" -}} - - {{- if and (not $existingSecret) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $usePassword := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUsePassword "context" .context) -}} - {{- if eq $usePassword "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Redis Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.redis.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Redis(TM) is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.redis.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} diff --git a/library/common/templates/lib/validations/_validations.tpl b/library/common/templates/lib/validations/_validations.tpl deleted file mode 100644 index 61cf6035aeb..00000000000 --- a/library/common/templates/lib/validations/_validations.tpl +++ /dev/null @@ -1,65 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -`SPDX-License-Identifier: Apache-2.0` - -This file is considered to be modified by the TrueCharts Project. -*/}} - - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/library/common/values.yaml b/library/common/values.yaml index 84725948361..c06d94b6176 100644 --- a/library/common/values.yaml +++ b/library/common/values.yaml @@ -82,12 +82,17 @@ hostNetwork: false enableServiceLinks: true # Configure the Security Context for the Pod -podSecurityContext: {} +podSecurityContext: + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: "OnRootMismatch" # Configure the Security Context for the main container -# PUID and PGID gets added automatically! securityContext: {} + initContainers: [] additionalContainers: [] @@ -241,29 +246,6 @@ persistence: emptyDir: true mountPath: /shared -# Special PVC instance, that does get affected by putting "persistence" into questions.yaml -backupPersistence: - buildinbackup: - enabled: false - nameOverride: buildinbackup - ## configuration data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - ## storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - # subPath: some-subpath - accessMode: ReadWriteOnce - size: 100Gi - ## Set to true to retain the PVC upon helm uninstall - skipuninstall: false - additionalVolumes: [] additionalVolumeMounts: [] @@ -312,7 +294,6 @@ resources: {} PUID: 568 PGID: 568 UMASK: "002" -startAsRoot: false fixMountPermissions: true # appVolumeMounts: