├── .gitignore ├── mongodb ├── .helmignore ├── templates │ ├── configmap.yaml │ ├── NOTES.txt │ └── secret.yaml └── Chart.yaml ├── nessus ├── .helmignore ├── README.md ├── templates │ ├── NOTES.txt │ ├── secret.yaml │ └── service.yaml └── Chart.yaml ├── osf-web ├── templates │ └── .gitkeep ├── requirements.yaml ├── requirements.lock ├── values.yaml └── Chart.yaml ├── redis ├── .helmignore ├── templates │ ├── secret.yaml │ └── networkpolicy.yaml └── Chart.yaml ├── share-web ├── templates │ └── .gitkeep ├── requirements.yaml ├── requirements.lock ├── values.yaml └── Chart.yaml ├── cerebro ├── README.md ├── Chart.yaml └── templates │ └── _helpers.tpl ├── osf-preprints ├── templates │ └── .gitkeep ├── requirements.yaml ├── requirements.lock ├── values.yaml └── Chart.yaml ├── osf-reviews ├── templates │ └── .gitkeep ├── requirements.yaml ├── requirements.lock ├── values.yaml └── Chart.yaml ├── osf-web-mirage ├── templates │ └── .gitkeep ├── requirements.yaml ├── values.yaml └── Chart.yaml ├── pgbouncer ├── .helmignore ├── README.md ├── templates │ ├── NOTES.txt │ ├── configmap.yaml │ ├── secret.yaml │ ├── service.yaml │ └── pdb.yaml └── Chart.yaml ├── rabbitmq ├── .helmignore ├── templates │ ├── serviceaccount.yaml │ ├── role.yaml │ └── rolebinding.yaml └── Chart.yaml ├── share ├── templates │ ├── NOTES.txt │ ├── pg-secret.yaml │ ├── secret.yaml │ ├── web-pdb.yaml │ ├── web-service.yaml │ ├── worker-pdb.yaml │ └── indexer-pdb.yaml ├── files │ └── robots.txt ├── .helmignore ├── requirements.lock ├── Chart.yaml └── requirements.yaml ├── echoheaders ├── README.md ├── Chart.yaml ├── templates │ ├── service.yaml │ └── _helpers.tpl └── values.yaml ├── wb ├── files │ └── robots.txt ├── requirements.lock ├── requirements.yaml ├── .helmignore ├── templates │ ├── secret.yaml │ ├── pdb.yaml │ ├── certificate-networkpolicy.yaml │ └── hpa.yaml └── Chart.yaml ├── elasticsearch ├── Makefile ├── examples │ ├── config │ │ ├── watcher_encryption_key │ │ └── values.yaml │ ├── multi │ │ ├── master.yaml │ │ ├── test │ │ │ └── goss.yaml │ │ └── Makefile │ ├── openshift │ │ ├── values.yaml │ │ ├── Makefile │ │ ├── test │ │ │ └── goss.yaml │ │ └── README.md │ ├── migration │ │ ├── data.yaml │ │ ├── Makefile │ │ ├── client.yaml │ │ └── master.yaml │ ├── microk8s │ │ └── Makefile │ ├── minikube │ │ ├── Makefile │ │ └── values.yaml │ ├── default │ │ ├── Makefile │ │ ├── rolling_upgrade.sh │ │ └── README.md │ ├── docker-for-mac │ │ ├── Makefile │ │ ├── values.yaml │ │ └── README.md │ ├── networkpolicy │ │ └── Makefile │ ├── upgrade │ │ ├── values.yaml │ │ ├── README.md │ │ ├── test │ │ │ └── goss.yaml │ │ └── Makefile │ └── kubernetes-kind │ │ ├── Makefile │ │ ├── values.yaml │ │ └── values-local-path.yaml ├── Chart.yaml └── templates │ ├── secret-cert.yaml │ ├── poddisruptionbudget.yaml │ ├── NOTES.txt │ ├── podsecuritypolicy.yaml │ ├── serviceaccount.yaml │ ├── rolebinding.yaml │ ├── role.yaml │ └── secret.yaml ├── jenkins ├── files │ └── robots.txt ├── templates │ ├── serviceaccount.yaml │ ├── secret.yaml │ ├── agent-networkpolicy.yaml │ ├── clusterrolebinding.yaml │ └── clusterrole.yaml ├── .helmignore └── Chart.yaml ├── mfr ├── files │ └── robots.txt ├── Chart.yaml ├── requirements.lock ├── requirements.yaml ├── .helmignore └── templates │ ├── secret.yaml │ ├── service.yaml │ ├── pdb.yaml │ ├── certificate-networkpolicy.yaml │ └── worker-pdb.yaml ├── osf ├── files │ ├── api-robots.txt │ ├── admin-robots.txt │ └── web-robots.txt ├── README.md ├── Chart.yaml ├── .helmignore ├── templates │ ├── certificate-networkpolicy.yaml │ ├── api-pdb.yaml │ ├── web-pdb.yaml │ ├── api-service.yaml │ ├── web-service.yaml │ ├── task-pdb.yaml │ ├── admin-pdb.yaml │ ├── worker-pdb.yaml │ ├── admin-service.yaml │ ├── api-hpa.yaml │ └── web-hpa.yaml └── requirements.lock ├── sharejs ├── files │ └── robots.txt ├── templates │ ├── NOTES.txt │ ├── service.yaml │ ├── pdb.yaml │ └── hpa.yaml ├── requirements.yaml ├── requirements.lock ├── .helmignore └── Chart.yaml ├── osf-pigeon ├── files │ └── robots.txt ├── Chart.yaml └── templates │ ├── secret.yaml │ ├── service.yaml │ ├── pdb.yaml │ ├── certificate-networkpolicy.yaml │ └── hpa.yaml ├── triton-share ├── files │ └── robots.txt ├── Chart.yaml ├── requirements.yaml ├── requirements.lock ├── .helmignore └── templates │ ├── tests │ └── test-connection.yaml │ ├── service.yaml │ └── certificate-networkpolicy.yaml ├── osf-graveyvalet ├── files │ └── robots.txt ├── Chart.yaml └── templates │ ├── service.yaml │ ├── pdb.yaml │ ├── certificate-networkpolicy.yaml │ └── hpa.yaml ├── http-redirect ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── service.yaml │ └── ingress.yaml ├── README.md └── Chart.yaml ├── hubot ├── templates │ ├── NOTES.txt │ ├── service.yaml │ ├── pdb.yaml │ ├── hpa.yaml │ └── secret.yaml ├── files │ └── scripts │ │ └── health-check.js ├── requirements.yaml ├── requirements.lock ├── .helmignore └── Chart.yaml ├── ember ├── files │ └── robots.txt ├── .helmignore ├── Chart.yaml └── templates │ ├── service.yaml │ ├── pdb.yaml │ └── hpa.yaml ├── angular-osf ├── files │ └── robots.txt ├── Chart.yaml └── templates │ ├── service.yaml │ ├── pdb.yaml │ └── hpa.yaml ├── elastic-stack ├── Chart.yaml ├── requirements.yaml ├── requirements.lock └── .helmignore ├── nginx ├── Chart.yaml ├── .helmignore └── templates │ ├── tests │ └── test-connection.yaml │ └── service.yaml ├── prerender ├── requirements.yaml ├── requirements.lock ├── .helmignore ├── Chart.yaml └── templates │ ├── secret.yaml │ ├── service.yaml │ ├── pdb.yaml │ └── hpa.yaml ├── bitnami-common ├── values.yaml ├── .helmignore ├── templates │ ├── _warnings.tpl │ └── _labels.tpl └── Chart.yaml ├── maintenance ├── files │ └── 503.json ├── .helmignore ├── Chart.yaml └── templates │ ├── _helpers.tpl │ ├── service.yaml │ ├── pdb.yaml │ └── hpa.yaml ├── ingress-nginx ├── ci │ ├── deployment-default-values.yaml │ ├── controller-custom-ingressclass-flags.yaml │ ├── deployment-nodeport-values.yaml │ ├── deployment-psp-values.yaml │ ├── deployment-webhook-values.yaml │ ├── deamonset-webhook-values.yaml │ ├── daemonset-nodeport-values.yaml │ ├── deamonset-default-values.yaml │ ├── daemonset-extra-modules.yaml │ ├── deployment-extra-modules.yaml │ ├── deployment-tcp-values.yaml │ ├── deployment-metrics-values.yaml │ ├── deployment-autoscaling-values.yaml │ ├── deamonset-metrics-values.yaml │ ├── deployment-webhook-and-psp-values.yaml │ ├── deamonset-psp-values.yaml │ ├── deamonset-webhook-and-psp-values.yaml │ ├── deployment-customconfig-values.yaml │ ├── daemonset-tcp-values.yaml │ ├── deployment-tcp-udp-values.yaml │ ├── deployment-headers-values.yaml │ ├── daemonset-tcp-udp-values.yaml │ ├── daemonset-customconfig-values.yaml │ ├── daemonset-headers-values.yaml │ ├── deployment-autoscaling-behavior-values.yaml │ ├── deployment-internal-lb-values.yaml │ ├── daemonset-internal-lb-values.yaml │ ├── deployment-customnodeport-values.yaml │ ├── deployment-tcp-udp-configMapNamespace-values.yaml │ ├── deployment-podannotations-values.yaml │ ├── daemonset-customnodeport-values.yaml │ ├── daemonset-podannotations-values.yaml │ ├── daemonset-tcp-udp-configMapNamespace-values.yaml │ └── deployment-webhook-resources-values.yaml ├── OWNERS ├── templates │ ├── dh-param-secret.yaml │ ├── controller-configmap-addheaders.yaml │ ├── controller-configmap-tcp.yaml │ ├── controller-configmap-udp.yaml │ ├── default-backend-serviceaccount.yaml │ ├── clusterrolebinding.yaml │ ├── controller-serviceaccount.yaml │ ├── admission-webhooks │ │ └── job-patch │ │ │ └── serviceaccount.yaml │ ├── controller-rolebinding.yaml │ └── controller-configmap-proxyheaders.yaml └── .helmignore ├── postgresql-ha ├── templates │ ├── extra-list.yaml │ ├── ldap-secrets.yaml │ ├── metrics-configmap.yaml │ └── pgpool │ │ └── secrets.yaml └── .helmignore ├── kibana ├── Chart.yaml ├── .helmignore └── templates │ ├── service.yaml │ └── _helpers.tpl ├── elasticsearch-old ├── templates │ ├── service-account.yaml │ ├── master-svc.yaml │ ├── clusterrole.yaml │ ├── clusterrolebinding.yaml │ ├── data-pdb.yaml │ ├── client-pdb.yaml │ ├── master-pdb.yaml │ └── secret.yaml └── Chart.yaml ├── tls-certificates ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ └── secretlist.yaml ├── .helmignore └── values.yaml ├── sentry ├── requirements.lock ├── requirements.yaml ├── .helmignore ├── Chart.yaml └── templates │ └── secret.yaml ├── nginx-ingress ├── templates │ ├── serviceaccount.yaml │ ├── tcp-configmap.yaml │ ├── udp-configmap.yaml │ ├── headers-configmap.yaml │ ├── rolebinding.yaml │ ├── clusterrolebinding.yaml │ └── controller-configmap.yaml ├── .helmignore └── Chart.yaml ├── osf-cas ├── requirements.lock ├── requirements.yaml ├── .helmignore ├── Chart.yaml ├── templates │ ├── pdb.yaml │ ├── service.yaml │ ├── certificate-networkpolicy.yaml │ └── hpa.yaml └── files │ └── apache │ └── shibboleth │ ├── localLogout.html │ └── partialLogout.html ├── gcloud-sqlproxy ├── Chart.yaml ├── templates │ ├── secrets.yaml │ ├── svc.yaml │ ├── _helpers.tpl │ └── networkpolicy.yaml └── .helmignore ├── flower ├── .helmignore ├── Chart.yaml └── templates │ └── service.yaml ├── postgresql ├── templates │ ├── configmap.yaml │ └── secret.yaml ├── Chart.yaml └── files │ └── supervisord.conf ├── barman ├── Chart.yaml └── templates │ ├── secret.yaml │ └── _helpers.tpl ├── cert-manager ├── Chart.yaml └── templates │ ├── NOTES.txt │ ├── webhook-psp-clusterrole.yaml │ ├── psp-clusterrole.yaml │ ├── cainjector-psp-clusterrole.yaml │ ├── webhook-psp-clusterrolebinding.yaml │ └── psp-clusterrolebinding.yaml └── .travis.yml /.gitignore: -------------------------------------------------------------------------------- 1 | charts/ -------------------------------------------------------------------------------- /mongodb/.helmignore: -------------------------------------------------------------------------------- 1 | .git 2 | -------------------------------------------------------------------------------- /nessus/.helmignore: -------------------------------------------------------------------------------- 1 | .git 2 | -------------------------------------------------------------------------------- /nessus/README.md: -------------------------------------------------------------------------------- 1 | # Nessus -------------------------------------------------------------------------------- /osf-web/templates/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /redis/.helmignore: -------------------------------------------------------------------------------- 1 | .git 2 | -------------------------------------------------------------------------------- /share-web/templates/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cerebro/README.md: -------------------------------------------------------------------------------- 1 | # cerebro 2 | -------------------------------------------------------------------------------- /nessus/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | ... -------------------------------------------------------------------------------- /osf-preprints/templates/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /osf-reviews/templates/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /osf-web-mirage/templates/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /pgbouncer/.helmignore: -------------------------------------------------------------------------------- 1 | .git 2 | -------------------------------------------------------------------------------- /pgbouncer/README.md: -------------------------------------------------------------------------------- 1 | # PgBouncer -------------------------------------------------------------------------------- /pgbouncer/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | ... -------------------------------------------------------------------------------- /rabbitmq/.helmignore: -------------------------------------------------------------------------------- 1 | .git 2 | -------------------------------------------------------------------------------- /share/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | TODO -------------------------------------------------------------------------------- /echoheaders/README.md: -------------------------------------------------------------------------------- 1 | # Echoheaders Helm Chart 2 | -------------------------------------------------------------------------------- /wb/files/robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: / 3 | -------------------------------------------------------------------------------- /elasticsearch/Makefile: -------------------------------------------------------------------------------- 1 | include ../helpers/common.mk 2 | -------------------------------------------------------------------------------- /jenkins/files/robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: / 3 | -------------------------------------------------------------------------------- /mfr/files/robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: / 3 | -------------------------------------------------------------------------------- /osf/files/api-robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: / 3 | -------------------------------------------------------------------------------- /share/files/robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: / 3 | -------------------------------------------------------------------------------- /sharejs/files/robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: / 3 | -------------------------------------------------------------------------------- /osf-pigeon/files/robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: / 3 | -------------------------------------------------------------------------------- /osf/files/admin-robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: / 3 | -------------------------------------------------------------------------------- /triton-share/files/robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: / 3 | -------------------------------------------------------------------------------- /elasticsearch/examples/config/watcher_encryption_key: -------------------------------------------------------------------------------- 1 | supersecret 2 | -------------------------------------------------------------------------------- /osf-graveyvalet/files/robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: / 3 | -------------------------------------------------------------------------------- /http-redirect/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | The http-redirect has been installed. 2 | -------------------------------------------------------------------------------- /hubot/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Check your chat service at type: 2 | 3 | hubot ping 4 | -------------------------------------------------------------------------------- /ember/files/robots.txt: -------------------------------------------------------------------------------- 1 | # http://www.robotstxt.org 2 | User-agent: * 3 | Disallow: / 4 | -------------------------------------------------------------------------------- /osf/files/web-robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: / 3 | Disallow: *?view_only= 4 | -------------------------------------------------------------------------------- /angular-osf/files/robots.txt: -------------------------------------------------------------------------------- 1 | # http://www.robotstxt.org 2 | User-agent: * 3 | Disallow: / 4 | -------------------------------------------------------------------------------- /sharejs/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{/* TODO */}} 3 | -------------------------------------------------------------------------------- /elasticsearch/examples/multi/master.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | clusterName: "multi" 3 | nodeGroup: "master" 4 | 5 | roles: 6 | - master 7 | -------------------------------------------------------------------------------- /elastic-stack/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: elastic-stack 4 | version: 0.1.1 5 | -------------------------------------------------------------------------------- /nginx/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: nginx 5 | version: 0.1.3 6 | -------------------------------------------------------------------------------- /triton-share/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: triton-share 5 | version: 0.2.0 6 | -------------------------------------------------------------------------------- /osf-web/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: ember 3 | version: 0.7.1 4 | repository: https://centerforopenscience.github.io/helm-charts/ 5 | -------------------------------------------------------------------------------- /osf-reviews/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: ember 3 | version: 0.7.0 4 | repository: https://centerforopenscience.github.io/helm-charts/ 5 | -------------------------------------------------------------------------------- /share-web/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: ember 3 | version: 0.7.0 4 | repository: https://centerforopenscience.github.io/helm-charts/ 5 | -------------------------------------------------------------------------------- /osf-preprints/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: ember 3 | version: 0.7.0 4 | repository: https://centerforopenscience.github.io/helm-charts/ 5 | -------------------------------------------------------------------------------- /osf-web-mirage/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: ember 3 | version: 0.7.1 4 | repository: https://centerforopenscience.github.io/helm-charts/ 5 | -------------------------------------------------------------------------------- /hubot/files/scripts/health-check.js: -------------------------------------------------------------------------------- 1 | module.exports = function(robot) { 2 | robot.router.get('/healthz', (req, res) => { 3 | res.json({ok: 200}); 4 | }); 5 | }; 6 | -------------------------------------------------------------------------------- /osf/README.md: -------------------------------------------------------------------------------- 1 | ## OSF 2 | Includes 3 | - Celery/Beat 4 | - ElasticSearch 5 | - Flower 6 | - Worker 7 | - OSF Admin 8 | - OSF API 9 | - OSF Web 10 | - PostgreSQL 11 | - RabbitMQ 12 | - ShareJS 13 | -------------------------------------------------------------------------------- /hubot/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: redis 3 | version: 1.1.3 4 | repository: https://centerforopenscience.github.io/helm-charts/ 5 | condition: redis.enabled, redis.postgresql.enabled 6 | -------------------------------------------------------------------------------- /prerender/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: redis 3 | version: 1.1.3 4 | repository: https://centerforopenscience.github.io/helm-charts/ 5 | condition: redis.enabled, global.redis.enabled 6 | -------------------------------------------------------------------------------- /sharejs/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: mongodb 3 | version: 0.5.0 4 | repository: https://centerforopenscience.github.io/helm-charts/ 5 | condition: mongodb.enabled, global.mongodb.enabled 6 | -------------------------------------------------------------------------------- /elasticsearch/examples/openshift/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | securityContext: 4 | runAsUser: null 5 | 6 | podSecurityContext: 7 | fsGroup: null 8 | runAsUser: null 9 | 10 | sysctlInitContainer: 11 | enabled: false 12 | -------------------------------------------------------------------------------- /bitnami-common/values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright VMware, Inc. 2 | # SPDX-License-Identifier: APACHE-2.0 3 | 4 | ## bitnami/common 5 | ## It is required by CI/CD tools and processes. 6 | ## @skip exampleValue 7 | ## 8 | exampleValue: common-chart 9 | -------------------------------------------------------------------------------- /maintenance/files/503.json: -------------------------------------------------------------------------------- 1 | { 2 | "errors": [ 3 | { 4 | "status": "503", 5 | "title": "Service Unavailable - Maintenance", 6 | "detail": "The OSF is down for maintenance. Please try again shortly." 7 | } 8 | ] 9 | } -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-default-values.yaml: -------------------------------------------------------------------------------- 1 | # Left blank to test default values 2 | controller: 3 | image: 4 | repository: ingress-controller/controller 5 | tag: 1.0.0-dev 6 | digest: null 7 | service: 8 | type: ClusterIP 9 | -------------------------------------------------------------------------------- /ingress-nginx/ci/controller-custom-ingressclass-flags.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | watchIngressWithoutClass: true 3 | ingressClassResource: 4 | name: custom-nginx 5 | enabled: true 6 | default: true 7 | controllerValue: "k8s.io/custom-nginx" 8 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-nodeport-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: ingress-controller/controller 4 | tag: 1.0.0-dev 5 | digest: null 6 | admissionWebhooks: 7 | enabled: false 8 | service: 9 | type: NodePort 10 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-psp-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: ingress-controller/controller 4 | tag: 1.0.0-dev 5 | digest: null 6 | service: 7 | type: ClusterIP 8 | 9 | podSecurityPolicy: 10 | enabled: true 11 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-webhook-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: ingress-controller/controller 4 | tag: 1.0.0-dev 5 | digest: null 6 | admissionWebhooks: 7 | enabled: true 8 | service: 9 | type: ClusterIP 10 | -------------------------------------------------------------------------------- /elastic-stack/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: elasticsearch 3 | version: 0.5.3 4 | repository: https://centerforopenscience.github.io/helm-charts/ 5 | - name: kibana 6 | version: 0.2.1 7 | repository: https://centerforopenscience.github.io/helm-charts/ 8 | -------------------------------------------------------------------------------- /postgresql-ha/templates/extra-list.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright VMware, Inc. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- range .Values.extraDeploy }} 7 | --- 8 | {{ include "common.tplvalues.render" (dict "value" . "context" $) }} 9 | {{- end }} 10 | -------------------------------------------------------------------------------- /triton-share/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: elasticsearch 3 | version: 0.5.3 4 | repository: https://centerforopenscience.github.io/helm-charts/ 5 | condition: elasticsearch6.enabled, global.elasticsearch6.enabled 6 | alias: elasticsearch6 7 | -------------------------------------------------------------------------------- /hubot/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: redis 3 | repository: https://centerforopenscience.github.io/helm-charts/ 4 | version: 1.1.3 5 | digest: sha256:34b1b3879f7f92df7d0f85a1cddf596c898d151b411503ff4127329ad49f0d56 6 | generated: 2023-01-24T17:11:39.53331-05:00 7 | -------------------------------------------------------------------------------- /share-web/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: ember 3 | repository: https://centerforopenscience.github.io/helm-charts/ 4 | version: 0.7.0 5 | digest: sha256:c8e6f9f84c14261d4aed3fa25e7749766ba2be31f8c4edad0728c52eb912ed26 6 | generated: 2023-01-24T17:11:44.093-05:00 7 | -------------------------------------------------------------------------------- /ingress-nginx/OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md 2 | 3 | approvers: 4 | - ingress-nginx-helm-maintainers 5 | 6 | reviewers: 7 | - ingress-nginx-helm-reviewers 8 | 9 | labels: 10 | - area/helm 11 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deamonset-webhook-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | kind: DaemonSet 3 | image: 4 | repository: ingress-controller/controller 5 | tag: 1.0.0-dev 6 | digest: null 7 | admissionWebhooks: 8 | enabled: true 9 | service: 10 | type: ClusterIP 11 | -------------------------------------------------------------------------------- /kibana/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Elasticsearch visualization platform 3 | name: kibana 4 | version: 0.2.1 5 | icon: https://static-www.elastic.co/assets/bltf11265439e44d327/logo-elastic-kibana-lt.svg?q=890 6 | sources: 7 | - https://www.elastic.co/products/kibana 8 | -------------------------------------------------------------------------------- /osf-reviews/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: ember 3 | repository: https://centerforopenscience.github.io/helm-charts/ 4 | version: 0.7.0 5 | digest: sha256:c8e6f9f84c14261d4aed3fa25e7749766ba2be31f8c4edad0728c52eb912ed26 6 | generated: 2023-01-24T17:12:47.057139-05:00 7 | -------------------------------------------------------------------------------- /osf-web/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: ember 3 | repository: https://centerforopenscience.github.io/helm-charts/ 4 | version: 0.7.1 5 | digest: sha256:2bd98e36e457d4dfbdf817562cb40027b5ea935ed538c0e43c3dabb927e9deab 6 | generated: "2024-02-02T13:33:32.130468-05:00" 7 | -------------------------------------------------------------------------------- /prerender/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: redis 3 | repository: https://centerforopenscience.github.io/helm-charts/ 4 | version: 1.1.3 5 | digest: sha256:3777d4881a654892274d64334cffbfdf042b2e05f94f6fcfefca6ed4ad9c8b0a 6 | generated: 2023-01-24T17:12:27.613875-05:00 7 | -------------------------------------------------------------------------------- /sharejs/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: mongodb 3 | repository: https://centerforopenscience.github.io/helm-charts/ 4 | version: 0.5.0 5 | digest: sha256:31fb1ae76602be1302cb1e25a2269841e5099a9b6746428e4aa74765ea2c982f 6 | generated: 2023-01-24T17:12:42.48148-05:00 7 | -------------------------------------------------------------------------------- /ingress-nginx/ci/daemonset-nodeport-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | kind: DaemonSet 3 | image: 4 | repository: ingress-controller/controller 5 | tag: 1.0.0-dev 6 | digest: null 7 | admissionWebhooks: 8 | enabled: false 9 | service: 10 | type: NodePort 11 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deamonset-default-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | kind: DaemonSet 3 | image: 4 | repository: ingress-controller/controller 5 | tag: 1.0.0-dev 6 | digest: null 7 | admissionWebhooks: 8 | enabled: false 9 | service: 10 | type: ClusterIP 11 | -------------------------------------------------------------------------------- /osf-preprints/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: ember 3 | repository: https://centerforopenscience.github.io/helm-charts/ 4 | version: 0.7.0 5 | digest: sha256:c8e6f9f84c14261d4aed3fa25e7749766ba2be31f8c4edad0728c52eb912ed26 6 | generated: 2023-01-24T17:12:56.806013-05:00 7 | -------------------------------------------------------------------------------- /ingress-nginx/ci/daemonset-extra-modules.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | kind: DaemonSet 3 | image: 4 | repository: ingress-controller/controller 5 | tag: 1.0.0-dev 6 | service: 7 | type: ClusterIP 8 | extraModules: 9 | - name: opentelemetry 10 | image: busybox 11 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-extra-modules.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: ingress-controller/controller 4 | tag: 1.0.0-dev 5 | digest: null 6 | service: 7 | type: ClusterIP 8 | extraModules: 9 | - name: opentelemetry 10 | image: busybox 11 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-tcp-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: ingress-controller/controller 4 | tag: 1.0.0-dev 5 | digest: null 6 | service: 7 | type: ClusterIP 8 | 9 | tcp: 10 | 9000: "default/test:8080" 11 | 9001: "default/test:8080" 12 | -------------------------------------------------------------------------------- /triton-share/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: elasticsearch 3 | repository: https://centerforopenscience.github.io/helm-charts/ 4 | version: 0.5.3 5 | digest: sha256:e1adc61b430958e8bd0f16a0a5bc76516dc605fcd7b2fdb2e0a9127f56c5caca 6 | generated: 2023-01-24T17:11:59.194148-05:00 7 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-metrics-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: ingress-controller/controller 4 | tag: 1.0.0-dev 5 | digest: null 6 | admissionWebhooks: 7 | enabled: false 8 | metrics: 9 | enabled: true 10 | service: 11 | type: ClusterIP 12 | -------------------------------------------------------------------------------- /elasticsearch/examples/migration/data.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | replicas: 2 3 | 4 | esMajorVersion: 6 5 | 6 | extraEnvs: 7 | - name: discovery.zen.ping.unicast.hosts 8 | value: "my-release-elasticsearch-discovery" 9 | 10 | clusterName: "elasticsearch" 11 | nodeGroup: "data" 12 | 13 | roles: 14 | - data 15 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-autoscaling-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: ingress-controller/controller 4 | tag: 1.0.0-dev 5 | digest: null 6 | autoscaling: 7 | enabled: true 8 | admissionWebhooks: 9 | enabled: false 10 | service: 11 | type: ClusterIP 12 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deamonset-metrics-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | kind: DaemonSet 3 | image: 4 | repository: ingress-controller/controller 5 | tag: 1.0.0-dev 6 | digest: null 7 | admissionWebhooks: 8 | enabled: false 9 | metrics: 10 | enabled: true 11 | service: 12 | type: ClusterIP 13 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-webhook-and-psp-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: ingress-controller/controller 4 | tag: 1.0.0-dev 5 | digest: null 6 | admissionWebhooks: 7 | enabled: true 8 | service: 9 | type: ClusterIP 10 | 11 | podSecurityPolicy: 12 | enabled: true 13 | -------------------------------------------------------------------------------- /ingress-nginx/templates/dh-param-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- with .Values.dhParam -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "ingress-nginx.controller.fullname" $ }} 6 | labels: 7 | {{- include "ingress-nginx.labels" $ | nindent 4 }} 8 | data: 9 | dhparam.pem: {{ . }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /elasticsearch/examples/microk8s/Makefile: -------------------------------------------------------------------------------- 1 | default: test 2 | 3 | RELEASE := helm-es-microk8s 4 | TIMEOUT := 1200s 5 | 6 | install: 7 | helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ 8 | 9 | test: install 10 | helm test $(RELEASE) 11 | 12 | purge: 13 | helm del $(RELEASE) 14 | -------------------------------------------------------------------------------- /elasticsearch/examples/minikube/Makefile: -------------------------------------------------------------------------------- 1 | default: test 2 | 3 | RELEASE := helm-es-minikube 4 | TIMEOUT := 1200s 5 | 6 | install: 7 | helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ 8 | 9 | test: install 10 | helm test $(RELEASE) 11 | 12 | purge: 13 | helm del $(RELEASE) 14 | -------------------------------------------------------------------------------- /elasticsearch/examples/default/Makefile: -------------------------------------------------------------------------------- 1 | default: test 2 | 3 | include ../../../helpers/examples.mk 4 | 5 | RELEASE := helm-es-default 6 | TIMEOUT := 1200s 7 | 8 | install: 9 | helm upgrade --wait --timeout=$(TIMEOUT) --install $(RELEASE) ../../ 10 | 11 | test: install goss 12 | 13 | purge: 14 | helm del $(RELEASE) 15 | -------------------------------------------------------------------------------- /elasticsearch/examples/openshift/Makefile: -------------------------------------------------------------------------------- 1 | default: test 2 | 3 | include ../../../helpers/examples.mk 4 | 5 | RELEASE := elasticsearch 6 | 7 | install: 8 | helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ 9 | 10 | test: install goss 11 | 12 | purge: 13 | helm del $(RELEASE) 14 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deamonset-psp-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | kind: DaemonSet 3 | image: 4 | repository: ingress-controller/controller 5 | tag: 1.0.0-dev 6 | digest: null 7 | admissionWebhooks: 8 | enabled: false 9 | service: 10 | type: ClusterIP 11 | 12 | podSecurityPolicy: 13 | enabled: true 14 | -------------------------------------------------------------------------------- /elasticsearch/examples/docker-for-mac/Makefile: -------------------------------------------------------------------------------- 1 | default: test 2 | 3 | RELEASE := helm-es-docker-for-mac 4 | TIMEOUT := 1200s 5 | 6 | install: 7 | helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ 8 | 9 | test: install 10 | helm test $(RELEASE) 11 | 12 | purge: 13 | helm del $(RELEASE) 14 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | kind: DaemonSet 3 | image: 4 | repository: ingress-controller/controller 5 | tag: 1.0.0-dev 6 | digest: null 7 | admissionWebhooks: 8 | enabled: true 9 | service: 10 | type: ClusterIP 11 | 12 | podSecurityPolicy: 13 | enabled: true 14 | -------------------------------------------------------------------------------- /echoheaders/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: echoheaders 2 | apiVersion: v1 3 | version: 0.3.0 4 | description: Echoheaders server for testing 5 | maintainers: 6 | - name: Matt Frazier 7 | email: matt@cos.io 8 | url: https://github.com/mfraezz 9 | - name: Matt Clark 10 | email: mattclark@cos.io 11 | url: https://github.com/mattclark 12 | -------------------------------------------------------------------------------- /redis/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "redis.fullname" . }} 5 | labels: 6 | {{- include "redis.labels.standard" . | nindent 4 }} 7 | type: Opaque 8 | data: 9 | {{- range $key, $val := .Values.secretEnvs }} 10 | {{ $key }}: {{ $val | b64enc | quote }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-customconfig-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: ingress-controller/controller 4 | tag: 1.0.0-dev 5 | digest: null 6 | config: 7 | use-proxy-protocol: "true" 8 | allowSnippetAnnotations: false 9 | admissionWebhooks: 10 | enabled: false 11 | service: 12 | type: ClusterIP 13 | -------------------------------------------------------------------------------- /elasticsearch-old/templates/service-account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | app: {{ template "elasticsearch.name" . }} 6 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 7 | heritage: {{ .Release.Service }} 8 | release: {{ .Release.Name }} 9 | name: {{ template "elasticsearch.fullname" . }} 10 | -------------------------------------------------------------------------------- /ingress-nginx/ci/daemonset-tcp-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | kind: DaemonSet 3 | image: 4 | repository: ingress-controller/controller 5 | tag: 1.0.0-dev 6 | digest: null 7 | admissionWebhooks: 8 | enabled: false 9 | service: 10 | type: ClusterIP 11 | 12 | tcp: 13 | 9000: "default/test:8080" 14 | 9001: "default/test:8080" 15 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-tcp-udp-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: ingress-controller/controller 4 | tag: 1.0.0-dev 5 | digest: null 6 | admissionWebhooks: 7 | enabled: false 8 | service: 9 | type: ClusterIP 10 | 11 | tcp: 12 | 9000: "default/test:8080" 13 | 14 | udp: 15 | 9001: "default/test:8080" 16 | -------------------------------------------------------------------------------- /elasticsearch/examples/networkpolicy/Makefile: -------------------------------------------------------------------------------- 1 | default: test 2 | 3 | include ../../../helpers/examples.mk 4 | 5 | RELEASE := helm-es-networkpolicy 6 | TIMEOUT := 1200s 7 | 8 | install: 9 | helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ 10 | 11 | test: install goss 12 | 13 | purge: 14 | helm del $(RELEASE) 15 | -------------------------------------------------------------------------------- /tls-certificates/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Creates a list of TLS certificates to be used by nginx-ingress 3 | name: tls-certificates 4 | version: 0.1.0 5 | keywords: 6 | - tls 7 | - certificates 8 | maintainers: 9 | - name: Barrett Harber 10 | email: barrett@cos.io 11 | url: https://github.com/binoculars 12 | engine: gotpl 13 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-headers-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: ingress-controller/controller 4 | tag: 1.0.0-dev 5 | digest: null 6 | admissionWebhooks: 7 | enabled: false 8 | addHeaders: 9 | X-Frame-Options: deny 10 | proxySetHeaders: 11 | X-Forwarded-Proto: https 12 | service: 13 | type: ClusterIP 14 | -------------------------------------------------------------------------------- /ingress-nginx/ci/daemonset-tcp-udp-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | kind: DaemonSet 3 | image: 4 | repository: ingress-controller/controller 5 | tag: 1.0.0-dev 6 | digest: null 7 | admissionWebhooks: 8 | enabled: false 9 | service: 10 | type: ClusterIP 11 | 12 | tcp: 13 | 9000: "default/test:8080" 14 | 15 | udp: 16 | 9001: "default/test:8080" 17 | -------------------------------------------------------------------------------- /ingress-nginx/ci/daemonset-customconfig-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: ingress-controller/controller 4 | tag: 1.0.0-dev 5 | digest: null 6 | kind: DaemonSet 7 | allowSnippetAnnotations: false 8 | admissionWebhooks: 9 | enabled: false 10 | service: 11 | type: ClusterIP 12 | 13 | config: 14 | use-proxy-protocol: "true" 15 | -------------------------------------------------------------------------------- /elasticsearch/examples/upgrade/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | clusterName: upgrade 3 | # Rolling upgrade doesn't work when upgrading from clusters with security disabled. 4 | # This is because nodes with security enabled can't join a cluster with security disabled. 5 | # Every nodes need to be recreated at the same time so they can recreate a cluster with security enabled 6 | updateStrategy: OnDelete 7 | -------------------------------------------------------------------------------- /ingress-nginx/ci/daemonset-headers-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | kind: DaemonSet 3 | image: 4 | repository: ingress-controller/controller 5 | tag: 1.0.0-dev 6 | digest: null 7 | admissionWebhooks: 8 | enabled: false 9 | addHeaders: 10 | X-Frame-Options: deny 11 | proxySetHeaders: 12 | X-Forwarded-Proto: https 13 | service: 14 | type: ClusterIP 15 | -------------------------------------------------------------------------------- /jenkins/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "jenkins.fullname" . }} 6 | labels: 7 | app: {{ template "jenkins.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /mfr/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: mfr 4 | version: 0.9.3 5 | keywords: 6 | - renderer 7 | sources: 8 | - https://github.com/centerforopenscience/modular-file-renderer 9 | maintainers: 10 | - name: Matt Frazier 11 | email: matt@cos.io 12 | url: https://github.com/mfraezz 13 | engine: gotpl 14 | tillerVersion: '>=2.7.0' 15 | -------------------------------------------------------------------------------- /rabbitmq/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbacEnabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "rabbitmq.fullname" . }} 6 | labels: 7 | app: {{ template "rabbitmq.name" . }} 8 | chart: {{ template "rabbitmq.chart" . }} 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /elasticsearch/examples/multi/test/goss.yaml: -------------------------------------------------------------------------------- 1 | http: 2 | https://localhost:9200/_cluster/health: 3 | status: 200 4 | timeout: 2000 5 | allow-insecure: true 6 | username: elastic 7 | password: "{{ .Env.ELASTIC_PASSWORD }}" 8 | body: 9 | - "green" 10 | - '"cluster_name":"multi"' 11 | - '"number_of_nodes":9' 12 | - '"number_of_data_nodes":3' 13 | -------------------------------------------------------------------------------- /osf/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: The Open Science Framework (OSF) 3 | name: osf 4 | version: 0.21.0 5 | keywords: 6 | - open 7 | - science 8 | sources: 9 | - https://github.com/CenterForOpenScience/osf.io 10 | maintainers: 11 | - name: Matt Frazier 12 | email: matt@cos.io 13 | url: https://github.com/mfraezz 14 | engine: gotpl 15 | tillerVersion: '>=2.7.0' 16 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | autoscaling: 3 | enabled: true 4 | behavior: 5 | scaleDown: 6 | stabilizationWindowSeconds: 300 7 | policies: 8 | - type: Pods 9 | value: 1 10 | periodSeconds: 180 11 | admissionWebhooks: 12 | enabled: false 13 | service: 14 | type: ClusterIP 15 | -------------------------------------------------------------------------------- /sentry/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: postgresql 3 | repository: https://centerforopenscience.github.io/helm-charts/ 4 | version: 0.11.1 5 | - name: redis 6 | repository: https://centerforopenscience.github.io/helm-charts/ 7 | version: 1.1.3 8 | digest: sha256:1b0eaf64ca9d033d26ee3acc4646c4d92e7f44026290479621cafe48f086b71b 9 | generated: 2023-01-24T17:12:31.961801-05:00 10 | -------------------------------------------------------------------------------- /sentry/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: postgresql 3 | version: 0.11.1 4 | repository: https://centerforopenscience.github.io/helm-charts/ 5 | condition: postgresql.enabled, global.postgresql.enabled 6 | - name: redis 7 | version: 1.1.3 8 | repository: https://centerforopenscience.github.io/helm-charts/ 9 | condition: redis.enabled, global.redis.enabled 10 | -------------------------------------------------------------------------------- /wb/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: maintenance 3 | repository: https://centerforopenscience.github.io/helm-charts/ 4 | version: 0.2.0 5 | - name: redis 6 | repository: https://centerforopenscience.github.io/helm-charts/ 7 | version: 1.1.3 8 | digest: sha256:252b9835080950ac504357281f207b11ac4d401e5962f451548c38e38d0a8b8d 9 | generated: 2023-01-24T17:11:53.481645-05:00 10 | -------------------------------------------------------------------------------- /wb/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: maintenance 3 | version: 0.2.0 4 | repository: https://centerforopenscience.github.io/helm-charts/ 5 | condition: maintenance.enabled, global.maintenance.enabled 6 | - name: redis 7 | version: 1.1.3 8 | repository: https://centerforopenscience.github.io/helm-charts/ 9 | condition: redis.enabled, global.redis.enabled 10 | -------------------------------------------------------------------------------- /mfr/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: maintenance 3 | repository: https://centerforopenscience.github.io/helm-charts/ 4 | version: 0.2.0 5 | - name: rabbitmq 6 | repository: https://centerforopenscience.github.io/helm-charts/ 7 | version: 6.9.1 8 | digest: sha256:643780ebc32233b9794515bc03f8e99bfb2dca7797a3003dfd29d23a8a9e61b2 9 | generated: "2025-08-20T15:54:00.287611-04:00" 10 | -------------------------------------------------------------------------------- /elastic-stack/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: elasticsearch 3 | repository: https://centerforopenscience.github.io/helm-charts/ 4 | version: 0.5.3 5 | - name: kibana 6 | repository: https://centerforopenscience.github.io/helm-charts/ 7 | version: 0.2.1 8 | digest: sha256:2d69961a40957fc19a41ea7ddc73dff617b1647fb33d151e728e5b1601fe8d6d 9 | generated: 2023-01-24T17:12:03.913507-05:00 10 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-internal-lb-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: ingress-controller/controller 4 | tag: 1.0.0-dev 5 | digest: null 6 | admissionWebhooks: 7 | enabled: false 8 | service: 9 | type: ClusterIP 10 | internal: 11 | enabled: true 12 | annotations: 13 | service.beta.kubernetes.io/aws-load-balancer-internal: "true" 14 | -------------------------------------------------------------------------------- /mfr/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: maintenance 3 | version: 0.2.0 4 | repository: https://centerforopenscience.github.io/helm-charts/ 5 | condition: maintenance.enabled, global.maintenance.enabled 6 | - name: rabbitmq 7 | repository: https://centerforopenscience.github.io/helm-charts/ 8 | version: 6.9.1 9 | condition: rabbitmq.enabled, global.rabbitmq.enabled 10 | -------------------------------------------------------------------------------- /nginx-ingress/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app: {{ template "nginx-ingress.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | name: {{ template "nginx-ingress.fullname" . }} 11 | {{- end -}} 12 | -------------------------------------------------------------------------------- /osf-cas/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: maintenance 3 | repository: https://centerforopenscience.github.io/helm-charts/ 4 | version: 0.2.0 5 | - name: postgresql 6 | repository: https://centerforopenscience.github.io/helm-charts/ 7 | version: 0.11.1 8 | digest: sha256:1954603e9d2ecfdd0c91d6e593aa4c70028b07f3672f86aa675979083fcd05b9 9 | generated: 2023-01-24T17:12:21.536895-05:00 10 | -------------------------------------------------------------------------------- /osf-cas/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: maintenance 3 | version: 0.2.0 4 | repository: https://centerforopenscience.github.io/helm-charts/ 5 | condition: maintenance.enabled, global.maintenance.enabled 6 | - name: postgresql 7 | version: 0.11.1 8 | repository: https://centerforopenscience.github.io/helm-charts/ 9 | condition: postgresql.enabled, global.postgresql.enabled 10 | -------------------------------------------------------------------------------- /tls-certificates/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Add the following to your ingress: 2 | 3 | ```yaml 4 | 5 | ingress: 6 | hosts: 7 | {{- range $i, $key := keys .Values.certificates }} 8 | - 9 | {{- end }} 10 | tls: 11 | {{- range $i, $key := keys .Values.certificates }} 12 | - secretName: {{ $key }}-tls 13 | hosts: 14 | - 15 | {{- end }} 16 | 17 | ``` -------------------------------------------------------------------------------- /elasticsearch/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Official Elastic helm chart for Elasticsearch 3 | home: https://github.com/elastic/helm-charts 4 | maintainers: 5 | - email: helm-charts@elastic.co 6 | name: Elastic 7 | name: elasticsearch 8 | version: 8.5.1 9 | appVersion: 8.5.1 10 | sources: 11 | - https://github.com/elastic/elasticsearch 12 | icon: https://helm.elastic.co/icons/elasticsearch.png 13 | -------------------------------------------------------------------------------- /elasticsearch/examples/migration/Makefile: -------------------------------------------------------------------------------- 1 | PREFIX := helm-es-migration 2 | 3 | data: 4 | helm upgrade --wait --timeout=$(TIMEOUT) --install --values data.yaml $(PREFIX)-data ../../ 5 | 6 | master: 7 | helm upgrade --wait --timeout=$(TIMEOUT) --install --values master.yaml $(PREFIX)-master ../../ 8 | 9 | client: 10 | helm upgrade --wait --timeout=$(TIMEOUT) --install --values client.yaml $(PREFIX)-client ../../ 11 | -------------------------------------------------------------------------------- /ingress-nginx/ci/daemonset-internal-lb-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | kind: DaemonSet 3 | image: 4 | repository: ingress-controller/controller 5 | tag: 1.0.0-dev 6 | digest: null 7 | admissionWebhooks: 8 | enabled: false 9 | service: 10 | type: ClusterIP 11 | internal: 12 | enabled: true 13 | annotations: 14 | service.beta.kubernetes.io/aws-load-balancer-internal: "true" 15 | -------------------------------------------------------------------------------- /osf-web/values.yaml: -------------------------------------------------------------------------------- 1 | enabled: true 2 | 3 | ember: 4 | nameOverride: osf-web 5 | replicaCount: 1 6 | 7 | image: 8 | repository: quay.io/centerforopenscience/osf-web 9 | tag: develop 10 | pullPolicy: Always 11 | 12 | resources: {} 13 | 14 | nginx: 15 | image: 16 | repository: nginx 17 | tag: alpine 18 | pullPolicy: Always 19 | 20 | resources: {} 21 | 22 | configFiles: {} 23 | -------------------------------------------------------------------------------- /elasticsearch/examples/migration/client.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | replicas: 2 3 | 4 | clusterName: "elasticsearch" 5 | nodeGroup: "client" 6 | 7 | esMajorVersion: 6 8 | 9 | roles: [] 10 | 11 | volumeClaimTemplate: 12 | accessModes: ["ReadWriteOnce"] 13 | storageClassName: "standard" 14 | resources: 15 | requests: 16 | storage: 1Gi # Currently needed till pvcs are made optional 17 | 18 | persistence: 19 | enabled: false 20 | -------------------------------------------------------------------------------- /osf-web-mirage/values.yaml: -------------------------------------------------------------------------------- 1 | enabled: true 2 | 3 | ember: 4 | nameOverride: osf-web 5 | replicaCount: 1 6 | 7 | image: 8 | repository: quay.io/centerforopenscience/osf-web 9 | tag: develop 10 | pullPolicy: Always 11 | 12 | resources: {} 13 | 14 | nginx: 15 | image: 16 | repository: nginx 17 | tag: alpine 18 | pullPolicy: Always 19 | 20 | resources: {} 21 | 22 | configFiles: {} 23 | -------------------------------------------------------------------------------- /share-web/values.yaml: -------------------------------------------------------------------------------- 1 | enabled: true 2 | 3 | ember: 4 | nameOverride: share-web 5 | replicaCount: 1 6 | 7 | image: 8 | repository: quay.io/centerforopenscience/share-web 9 | tag: develop 10 | pullPolicy: Always 11 | 12 | resources: {} 13 | 14 | nginx: 15 | image: 16 | repository: nginx 17 | tag: alpine 18 | pullPolicy: Always 19 | 20 | resources: {} 21 | 22 | configFiles: {} 23 | -------------------------------------------------------------------------------- /gcloud-sqlproxy/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: gcloud-sqlproxy 2 | apiVersion: v1 3 | version: 0.4.0 4 | description: Google Cloud SQL Proxy 5 | keywords: 6 | - google 7 | - cloud 8 | - postgresql 9 | - mysql 10 | - sql 11 | - sqlproxy 12 | home: https://cloud.google.com/sql/docs/postgres/sql-proxy 13 | sources: 14 | - https://github.com/rimusz/charts 15 | maintainers: 16 | - name: Rimas Mocevicius 17 | email: rmocius@gmail.com 18 | engine: gotpl 19 | -------------------------------------------------------------------------------- /osf-reviews/values.yaml: -------------------------------------------------------------------------------- 1 | enabled: true 2 | 3 | ember: 4 | nameOverride: osf-reviews 5 | replicaCount: 1 6 | 7 | image: 8 | repository: quay.io/centerforopenscience/osf-reviews 9 | tag: develop 10 | pullPolicy: Always 11 | 12 | resources: {} 13 | 14 | nginx: 15 | image: 16 | repository: nginx 17 | tag: alpine 18 | pullPolicy: Always 19 | 20 | resources: {} 21 | 22 | configFiles: {} 23 | -------------------------------------------------------------------------------- /wb/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /angular-osf/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: An Angular application for the Open Science Framework 3 | name: angular-osf 4 | version: 0.0.4 5 | keywords: 6 | - angular 7 | maintainers: 8 | - name: Matt Frazier 9 | email: matt@cos.io 10 | url: https://github.com/mfraezz 11 | - name: Uditi Mehta 12 | email: uditi@cos.io 13 | url: https://github.com/uditijmehta 14 | engine: gotpl 15 | tillerVersion: '>=2.7.0' 16 | -------------------------------------------------------------------------------- /ember/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /flower/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /gcloud-sqlproxy/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "gcloud-sqlproxy.fullname" . }} 5 | labels: 6 | app: {{ template "gcloud-sqlproxy.name" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | type: Opaque 11 | data: 12 | credentials.json: |- 13 | {{ .Values.serviceAccountKey }} 14 | -------------------------------------------------------------------------------- /hubot/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /jenkins/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /kibana/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /mfr/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /osf-cas/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /osf-preprints/values.yaml: -------------------------------------------------------------------------------- 1 | enabled: true 2 | 3 | ember: 4 | nameOverride: osf-preprints 5 | replicaCount: 1 6 | 7 | image: 8 | repository: quay.io/centerforopenscience/osf-preprints 9 | tag: develop 10 | pullPolicy: Always 11 | 12 | resources: {} 13 | 14 | nginx: 15 | image: 16 | repository: nginx 17 | tag: alpine 18 | pullPolicy: Always 19 | 20 | resources: {} 21 | 22 | configFiles: {} 23 | -------------------------------------------------------------------------------- /osf/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /sentry/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /share/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /sharejs/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /maintenance/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /prerender/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /gcloud-sqlproxy/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /nginx-ingress/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /postgresql-ha/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /tls-certificates/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-customnodeport-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: ingress-controller/controller 4 | tag: 1.0.0-dev 5 | digest: null 6 | admissionWebhooks: 7 | enabled: false 8 | service: 9 | type: NodePort 10 | nodePorts: 11 | tcp: 12 | 9000: 30090 13 | udp: 14 | 9001: 30091 15 | 16 | tcp: 17 | 9000: "default/test:8080" 18 | 19 | udp: 20 | 9001: "default/test:8080" 21 | -------------------------------------------------------------------------------- /mongodb/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "mongodb.fullname" . }} 5 | labels: 6 | app: {{ template "mongodb.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | data: 11 | {{- range $key, $value := .Values.configEnvs }} 12 | {{ $key }}: {{ $value | quote }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /nginx/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /osf-pigeon/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: osf-pigeon 4 | version: 0.1.0 5 | sources: 6 | - https://github.com/CenterForOpenScience/osf-pigeon/ 7 | maintainers: 8 | - name: Matt Frazier 9 | email: matt@cos.io 10 | url: https://github.com/mfraezz 11 | - name: Matt Clark 12 | email: mattclark@cos.io 13 | url: https://github.com/mattclark 14 | engine: gotpl 15 | tillerVersion: '>=2.7.0' 16 | -------------------------------------------------------------------------------- /ingress-nginx/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /triton-share/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /bitnami-common/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /elastic-stack/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | 23 | NOTES.txt -------------------------------------------------------------------------------- /http-redirect/README.md: -------------------------------------------------------------------------------- 1 | # http-redirect 2 | 3 | [http-redirect](https://github.com/CenterForOpenScience/helm-charts/tree/master/http-redirect) is an HTTP to HTTPS redirect nginx server that uses ConfigMap to store the nginx configuration. 4 | 5 | 6 | 7 | ## TL;DR; 8 | 9 | ```console 10 | $ helm install http-redirect 11 | ``` 12 | 13 | ## Introduction 14 | 15 | TBD... -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: ingress-controller/controller 4 | tag: 1.0.0-dev 5 | digest: null 6 | admissionWebhooks: 7 | enabled: false 8 | service: 9 | type: ClusterIP 10 | tcp: 11 | configMapNamespace: default 12 | udp: 13 | configMapNamespace: default 14 | 15 | tcp: 16 | 9000: "default/test:8080" 17 | 18 | udp: 19 | 9001: "default/test:8080" 20 | -------------------------------------------------------------------------------- /pgbouncer/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "pgbouncer.fullname" . }} 5 | labels: 6 | app: {{ template "pgbouncer.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | data: 11 | {{- range $key, $value := .Values.configEnvs }} 12 | {{ $key }}: {{ $value | quote }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /elasticsearch/templates/secret-cert.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.createCert }} 2 | apiVersion: v1 3 | kind: Secret 4 | type: kubernetes.io/tls 5 | metadata: 6 | name: {{ template "elasticsearch.uname" . }}-certs 7 | labels: 8 | app: {{ template "elasticsearch.uname" . }} 9 | chart: "{{ .Chart.Name }}" 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | data: 13 | {{ ( include "elasticsearch.gen-certs" . ) | indent 2 }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-podannotations-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: ingress-controller/controller 4 | tag: 1.0.0-dev 5 | digest: null 6 | admissionWebhooks: 7 | enabled: false 8 | metrics: 9 | enabled: true 10 | service: 11 | type: ClusterIP 12 | podAnnotations: 13 | prometheus.io/path: /metrics 14 | prometheus.io/port: "10254" 15 | prometheus.io/scheme: http 16 | prometheus.io/scrape: "true" 17 | -------------------------------------------------------------------------------- /osf-graveyvalet/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: osf-gravyvalet 4 | version: 0.1.0 5 | sources: 6 | - https://github.com/CenterForOpenScience/osf-gravyvalet/ 7 | maintainers: 8 | - name: Matt Frazier 9 | email: matt@cos.io 10 | url: https://github.com/mfraezz 11 | - name: Matt Clark 12 | email: mattclark@cos.io 13 | url: https://github.com/mattclark 14 | engine: gotpl 15 | tillerVersion: '>=2.7.0' 16 | -------------------------------------------------------------------------------- /flower/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Celery Flower 3 | name: flower 4 | version: 0.3.1 5 | keywords: 6 | - celery 7 | - flower 8 | sources: 9 | - https://github.com/CenterForOpenScience/osf.io 10 | maintainers: 11 | - name: Matt Frazier 12 | email: matt@cos.io 13 | url: https://github.com/mfraezz 14 | - name: Matt Clark 15 | email: mattclark@cos.io 16 | url: https://github.com/mattclark 17 | engine: gotpl 18 | tillerVersion: '>=2.7.0' 19 | -------------------------------------------------------------------------------- /sentry/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Sentry is a cross-platform crash reporting and aggregation platform. 3 | name: sentry 4 | version: 0.3.2 5 | appVersion: 8.22.0 6 | keywords: 7 | - debugging 8 | - logging 9 | sources: 10 | - https://github.com/getsentry/sentry 11 | home: https://sentry.io/ 12 | icon: https://sentry.io/_static/getsentry/images/branding/png/sentry-glyph-black.png 13 | maintainers: 14 | - name: rothgar 15 | email: justin@linux.com 16 | -------------------------------------------------------------------------------- /sentry/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "sentry.fullname" . }} 5 | labels: 6 | {{- include "sentry.labels.standard" . | nindent 4 }} 7 | type: Opaque 8 | data: 9 | {{- range $key, $value := .Values.secretEnvs }} 10 | {{ $key }}: {{ toString $value | b64enc | quote }} 11 | {{- end }} 12 | {{- range $key, $value := .Values.secretFiles }} 13 | {{ $key }}: {{ $value | b64enc | quote }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /sharejs/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: ShareJS wiki application for the Open Science Framework 3 | name: sharejs 4 | version: 0.4.0 5 | sources: 6 | - https://github.com/CenterForOpenScience/sharejs 7 | maintainers: 8 | - name: Matt Frazier 9 | email: matt@cos.io 10 | url: https://github.com/mfraezz 11 | - name: Matt Clark 12 | email: mattclark@cos.io 13 | url: https://github.com/mattclark 14 | engine: gotpl 15 | tillerVersion: '>=2.7.0' 16 | -------------------------------------------------------------------------------- /http-redirect/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: http-redirect 2 | apiVersion: v1 3 | version: 0.4.1 4 | description: An HTTP to HTTPS redirect nginx server that uses ConfigMap to store the nginx configuration. 5 | keywords: 6 | - ingress 7 | - nginx 8 | - redirect 9 | maintainers: 10 | - name: Matt Frazier 11 | email: matt@cos.io 12 | url: https://github.com/mfraezz 13 | - name: Matt Clark 14 | email: mattclark@cos.io 15 | url: https://github.com/mattclark 16 | engine: gotpl 17 | -------------------------------------------------------------------------------- /ingress-nginx/ci/daemonset-customnodeport-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | kind: DaemonSet 3 | image: 4 | repository: ingress-controller/controller 5 | tag: 1.0.0-dev 6 | digest: null 7 | admissionWebhooks: 8 | enabled: false 9 | 10 | service: 11 | type: NodePort 12 | nodePorts: 13 | tcp: 14 | 9000: 30090 15 | udp: 16 | 9001: 30091 17 | 18 | tcp: 19 | 9000: "default/test:8080" 20 | 21 | udp: 22 | 9001: "default/test:8080" 23 | -------------------------------------------------------------------------------- /osf-cas/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Central Authentication Service 3 | name: osf-cas 4 | version: 0.2.0 5 | keywords: 6 | - authentication 7 | sources: 8 | - https://github.com/CenterForOpenScience/osf-cas 9 | maintainers: 10 | - name: Matt Frazier 11 | email: matt@cos.io 12 | url: https://github.com/mfraezz 13 | - name: Matt Clark 14 | email: mattclark@cos.io 15 | url: https://github.com/mattclark 16 | engine: gotpl 17 | tillerVersion: '>=2.7.0' 18 | -------------------------------------------------------------------------------- /ingress-nginx/ci/daemonset-podannotations-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | kind: DaemonSet 3 | image: 4 | repository: ingress-controller/controller 5 | tag: 1.0.0-dev 6 | digest: null 7 | admissionWebhooks: 8 | enabled: false 9 | metrics: 10 | enabled: true 11 | service: 12 | type: ClusterIP 13 | podAnnotations: 14 | prometheus.io/path: /metrics 15 | prometheus.io/port: "10254" 16 | prometheus.io/scheme: http 17 | prometheus.io/scrape: "true" 18 | -------------------------------------------------------------------------------- /ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | kind: DaemonSet 3 | image: 4 | repository: ingress-controller/controller 5 | tag: 1.0.0-dev 6 | digest: null 7 | admissionWebhooks: 8 | enabled: false 9 | service: 10 | type: ClusterIP 11 | tcp: 12 | configMapNamespace: default 13 | udp: 14 | configMapNamespace: default 15 | 16 | tcp: 17 | 9000: "default/test:8080" 18 | 19 | udp: 20 | 9001: "default/test:8080" 21 | -------------------------------------------------------------------------------- /nginx-ingress/templates/tcp-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.tcp }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | labels: 6 | app: {{ template "nginx-ingress.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 8 | component: "{{ .Values.controller.name }}" 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | name: {{ template "nginx-ingress.fullname" . }}-tcp 12 | data: 13 | {{ toYaml .Values.tcp | indent 2 }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /nginx-ingress/templates/udp-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.udp }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | labels: 6 | app: {{ template "nginx-ingress.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 8 | component: "{{ .Values.controller.name }}" 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | name: {{ template "nginx-ingress.fullname" . }}-udp 12 | data: 13 | {{ toYaml .Values.udp | indent 2 }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /rabbitmq/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbacEnabled }} 2 | kind: Role 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ template "rabbitmq.fullname" . }}-endpoint-reader 6 | labels: 7 | app: {{ template "rabbitmq.name" . }} 8 | chart: {{ template "rabbitmq.chart" . }} 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | rules: 12 | - apiGroups: [""] 13 | resources: ["endpoints"] 14 | verbs: ["get"] 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /elasticsearch/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.maxUnavailable }} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "elasticsearch.uname" . }}-pdb" 10 | spec: 11 | maxUnavailable: {{ .Values.maxUnavailable }} 12 | selector: 13 | matchLabels: 14 | app: "{{ template "elasticsearch.uname" . }}" 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /maintenance/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Center For Open Science Maintenance Pages 3 | name: maintenance 4 | version: 0.2.0 5 | keywords: 6 | - maintenance 7 | sources: 8 | - https://github.com/centerforopenscience/osf.io 9 | maintainers: 10 | - name: Matt Frazier 11 | email: matt@cos.io 12 | url: https://github.com/mfraezz 13 | - name: Matt Clark 14 | email: mattclark@cos.io 15 | url: https://github.com/mattclark 16 | engine: gotpl 17 | tillerVersion: '>=2.7.0' 18 | -------------------------------------------------------------------------------- /mongodb/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | MongoDB can be accessed via port 27017 on the following DNS name from within your cluster: 2 | {{ template "mongodb.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local 3 | 4 | To connect to your database run the following command: 5 | 6 | kubectl run {{ template "mongodb.fullname" . }}-client --rm --tty -i --image bitnami/mongodb --command -- mongo --host {{ template "mongodb.fullname" . }} {{- if .Values.mongodbRootPassword }} -p {{ .Values.mongodbRootPassword }}{{- end -}} 7 | 8 | -------------------------------------------------------------------------------- /prerender/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Prerender service 3 | name: prerender 4 | version: 0.6.0 5 | keywords: 6 | - prerender 7 | - chrome 8 | - preprints 9 | sources: 10 | - https://github.com/CenterForOpenScience/prerender 11 | maintainers: 12 | - name: Matt Frazier 13 | email: matt@cos.io 14 | url: https://github.com/mfraezz 15 | - name: Matt Clark 16 | email: mattclark@cos.io 17 | url: https://github.com/mattclark 18 | engine: gotpl 19 | tillerVersion: '>=2.7.0' 20 | -------------------------------------------------------------------------------- /osf-web/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Open Science Framework main Ember application 3 | name: osf-web 4 | version: 0.6.0 5 | keywords: 6 | - open 7 | - science 8 | sources: 9 | - https://github.com/CenterForOpenScience/ember-osf-web 10 | maintainers: 11 | - name: Matt Frazier 12 | email: matt@cos.io 13 | url: https://github.com/mfraezz 14 | - name: Matt Clark 15 | email: mattclark@cos.io 16 | url: https://github.com/mattclark 17 | engine: gotpl 18 | tillerVersion: '>=2.7.0' 19 | -------------------------------------------------------------------------------- /share/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: elasticsearch 3 | repository: https://centerforopenscience.github.io/helm-charts/ 4 | version: 0.5.3 5 | - name: postgresql 6 | repository: https://centerforopenscience.github.io/helm-charts/ 7 | version: 0.11.1 8 | - name: rabbitmq 9 | repository: https://centerforopenscience.github.io/helm-charts/ 10 | version: 6.9.1 11 | digest: sha256:132d7b16cdef4c1c08b670ad6021bdef0dd5a52f8f16cd2ae65b42b884e563d3 12 | generated: 2023-01-24T17:13:01.347186-05:00 13 | -------------------------------------------------------------------------------- /elasticsearch/examples/upgrade/README.md: -------------------------------------------------------------------------------- 1 | # Upgrade 2 | 3 | This example will deploy a 3 node Elasticsearch cluster chart using an old chart 4 | version, then upgrade it. 5 | 6 | 7 | ## Usage 8 | 9 | * Deploy and upgrade Elasticsearch chart with the default values: `make install` 10 | 11 | 12 | ## Testing 13 | 14 | You can also run [goss integration tests][] using `make test`. 15 | 16 | 17 | [goss integration tests]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/upgrade/test/goss.yaml 18 | -------------------------------------------------------------------------------- /postgresql/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "postgresql.fullname" . }} 5 | labels: 6 | app: {{ template "postgresql.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | data: 11 | {{- range $key, $value := merge .Values.configs ((.Files.Glob "files/*").AsConfig | fromYaml) }} 12 | {{ $key }}: |- 13 | {{ $value | indent 4 }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /share-web/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: SHARE Ember application 3 | name: share-web 4 | version: 0.4.0 5 | keywords: 6 | - open 7 | - science 8 | - preprints 9 | sources: 10 | - https://github.com/CenterForOpenScience/ember-share 11 | maintainers: 12 | - name: Michael Haselton 13 | email: michael@cos.io 14 | url: https://github.com/icereval 15 | - name: Barrett Harber 16 | email: barrett@cos.io 17 | url: https://github.com/binoculars 18 | engine: gotpl 19 | tillerVersion: '>=2.7.0' 20 | -------------------------------------------------------------------------------- /echoheaders/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: {{ template "name" . }} 6 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 7 | heritage: {{ .Release.Service }} 8 | release: {{ .Release.Name }} 9 | name: {{ template "fullname" . }} 10 | spec: 11 | ports: 12 | - name: http 13 | port: 80 14 | targetPort: 8080 15 | protocol: TCP 16 | selector: 17 | app: {{ template "name" . }} 18 | release: {{ .Release.Name }} 19 | type: ClusterIP 20 | -------------------------------------------------------------------------------- /osf-web-mirage/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Open Science Framework main Ember application 3 | name: osf-web-mirage 4 | version: 0.6.1 5 | keywords: 6 | - open 7 | - science 8 | sources: 9 | - https://github.com/CenterForOpenScience/ember-osf-web 10 | maintainers: 11 | - name: Matt Frazier 12 | email: matt@cos.io 13 | url: https://github.com/mfraezz 14 | - name: Matt Clark 15 | email: mattclark@cos.io 16 | url: https://github.com/mattclark 17 | engine: gotpl 18 | tillerVersion: '>=2.7.0' 19 | -------------------------------------------------------------------------------- /nginx-ingress/templates/headers-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.controller.headers }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | labels: 6 | app: {{ template "nginx-ingress.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 8 | component: "{{ .Values.controller.name }}" 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | name: {{ template "nginx-ingress.fullname" . }}-custom-headers 12 | data: 13 | {{ toYaml .Values.controller.headers | indent 2 }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /elasticsearch/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Watch all cluster members come up. 2 | $ kubectl get pods --namespace={{ .Release.Namespace }} -l app={{ template "elasticsearch.uname" . }} -w 3 | 2. Retrieve elastic user's password. 4 | $ kubectl get secrets --namespace={{ .Release.Namespace }} {{ template "elasticsearch.uname" . }}-credentials -ojsonpath='{.data.password}' | base64 -d 5 | {{- if .Values.tests.enabled }} 6 | 3. Test cluster health using Helm test. 7 | $ helm --namespace={{ .Release.Namespace }} test {{ .Release.Name }} 8 | {{- end -}} 9 | -------------------------------------------------------------------------------- /ember/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A base ember application for the Open Science Framework 3 | name: ember 4 | version: 0.7.1 5 | keywords: 6 | - authentication 7 | sources: 8 | - https://github.com/CenterForOpenScience/docker-library/tree/master/ember-base 9 | maintainers: 10 | - name: Matt Frazier 11 | email: matt@cos.io 12 | url: https://github.com/mfraezz 13 | - name: Matt Clark 14 | email: mattclark@cos.io 15 | url: https://github.com/mattclark 16 | engine: gotpl 17 | tillerVersion: '>=2.7.0' 18 | -------------------------------------------------------------------------------- /hubot/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Hubot chatbot 3 | name: hubot 4 | version: 0.3.0 5 | icon: https://hubot.github.com/assets/images/layout/hubot-avatar@2x.png 6 | keywords: 7 | - chat 8 | - hubot 9 | sources: 10 | - https://github.com/CenterForOpenScience/hubot 11 | maintainers: 12 | - name: Matt Frazier 13 | email: matt@cos.io 14 | url: https://github.com/mfraezz 15 | - name: Matt Clark 16 | email: mattclark@cos.io 17 | url: https://github.com/mattclark 18 | engine: gotpl 19 | tillerVersion: '>=2.7.0' 20 | -------------------------------------------------------------------------------- /barman/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: barman 2 | apiVersion: v1 3 | version: 0.3.0 4 | description: Barman 5 | keywords: 6 | - barman 7 | - postgresql 8 | - postgres 9 | home: http://www.pgbarman.org/ 10 | icon: http://www.pgbarman.org/wp-content/uploads/2012/06/logo1.png 11 | sources: 12 | - https://github.com/kubernetes/charts 13 | maintainers: 14 | - name: Matt Frazier 15 | email: matt@cos.io 16 | url: https://github.com/mfraezz 17 | - name: Matt Clark 18 | email: mattclark@cos.io 19 | url: https://github.com/mattclark 20 | engine: gotpl 21 | -------------------------------------------------------------------------------- /elasticsearch/examples/default/rolling_upgrade.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash -x 2 | 3 | kubectl proxy || true & 4 | 5 | make & 6 | PROC_ID=$! 7 | 8 | while kill -0 "$PROC_ID" >/dev/null 2>&1; do 9 | echo "PROCESS IS RUNNING" 10 | if curl --fail 'http://localhost:8001/api/v1/proxy/namespaces/default/services/elasticsearch-master:9200/_search' ; then 11 | echo "cluster is healthy" 12 | else 13 | echo "cluster not healthy!" 14 | exit 1 15 | fi 16 | sleep 1 17 | done 18 | echo "PROCESS TERMINATED" 19 | exit 0 20 | -------------------------------------------------------------------------------- /osf-preprints/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Open Science Framework Preprints Ember application 3 | name: osf-preprints 4 | version: 0.6.0 5 | keywords: 6 | - open 7 | - science 8 | - preprints 9 | sources: 10 | - https://github.com/CenterForOpenScience/ember-osf-preprints 11 | maintainers: 12 | - name: Matt Frazier 13 | email: matt@cos.io 14 | url: https://github.com/mfraezz 15 | - name: Matt Clark 16 | email: mattclark@cos.io 17 | url: https://github.com/mattclark 18 | engine: gotpl 19 | tillerVersion: '>=2.7.0' 20 | -------------------------------------------------------------------------------- /share/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: SHARE 3 | name: share 4 | version: 0.6.3 5 | keywords: 6 | - open 7 | - science 8 | sources: 9 | - https://github.com/CenterForOpenScience/share 10 | maintainers: 11 | - name: Gao Pan 12 | email: gao@cos.io 13 | url: https://github.com/gpan7628 14 | - name: Matt Frazier 15 | email: matt@cos.io 16 | url: https://github.com/mfraezz 17 | - name: Uditi Mehta 18 | email: uditi@cos.io 19 | url: https://github.com/uditijmehta 20 | engine: gotpl 21 | tillerVersion: '>=2.7.0' 22 | -------------------------------------------------------------------------------- /pgbouncer/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: pgbouncer 2 | apiVersion: v1 3 | version: 0.2.0 4 | appVersion: 1.8.1 5 | description: PgBouncer - lightweight connection pooler for PostgreSQL 6 | keywords: 7 | - postgresql 8 | - pgbouncer 9 | home: https://pgbouncer.github.io/ 10 | icon: https://www.postgresql.org/media/img/about/press/elephant.png 11 | engine: gotpl 12 | maintainers: 13 | - name: Matt Frazier 14 | email: matt@cos.io 15 | url: https://github.com/mfraezz 16 | - name: Matt Clark 17 | email: mattclark@cos.io 18 | url: https://github.com/mattclark 19 | -------------------------------------------------------------------------------- /jenkins/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.master.useSecurity }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "jenkins.fullname" . }} 6 | labels: 7 | app: {{ template "jenkins.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | type: Opaque 12 | data: 13 | admin-password: {{ .Values.master.adminPassword | default (randAlphaNum 10) | b64enc | quote }} 14 | admin-user: {{ .Values.master.adminUser | b64enc | quote }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /ingress-nginx/templates/controller-configmap-addheaders.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.controller.addHeaders -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | labels: 6 | {{- include "ingress-nginx.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: controller 8 | {{- with .Values.controller.labels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers 12 | namespace: {{ .Release.Namespace }} 13 | data: {{ toYaml .Values.controller.addHeaders | nindent 2 }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /ingress-nginx/ci/deployment-webhook-resources-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | service: 3 | type: ClusterIP 4 | admissionWebhooks: 5 | enabled: true 6 | createSecretJob: 7 | resources: 8 | limits: 9 | cpu: 10m 10 | memory: 20Mi 11 | requests: 12 | cpu: 10m 13 | memory: 20Mi 14 | patchWebhookJob: 15 | resources: 16 | limits: 17 | cpu: 10m 18 | memory: 20Mi 19 | requests: 20 | cpu: 10m 21 | memory: 20Mi 22 | patch: 23 | enabled: true 24 | -------------------------------------------------------------------------------- /share/templates/pg-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Values.tls.enabled) (.Values.tls.postgresql.enabled) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ .Release.Name }}-postgresql-certs 6 | labels: 7 | app: {{ template "share.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | type: Opaque 12 | data: 13 | {{- range $key, $value := .Values.tls.postgresql.files }} 14 | {{ $key }}: {{ $value | b64enc | quote }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /wb/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "wb.fullname" . }} 5 | labels: 6 | app: {{ template "wb.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | type: Opaque 11 | data: 12 | {{- range $key, $value := .Values.secretEnvs }} 13 | {{ $key }}: {{ $value | b64enc | quote }} 14 | {{- end }} 15 | {{- range $key, $value := .Values.secretFiles }} 16 | {{ $key }}: {{ $value | b64enc | quote }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /elasticsearch/examples/kubernetes-kind/Makefile: -------------------------------------------------------------------------------- 1 | default: test 2 | 3 | RELEASE := helm-es-kind 4 | TIMEOUT := 1200s 5 | 6 | install: 7 | helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ 8 | 9 | install-local-path: 10 | kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml 11 | helm upgrade --wait --timeout=$(TIMEOUT) --install --values values-local-path.yaml $(RELEASE) ../../ 12 | 13 | test: install 14 | helm test $(RELEASE) 15 | 16 | purge: 17 | helm del $(RELEASE) 18 | -------------------------------------------------------------------------------- /elasticsearch/templates/podsecuritypolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podSecurityPolicy.create -}} 2 | {{- $fullName := include "elasticsearch.uname" . -}} 3 | apiVersion: policy/v1beta1 4 | kind: PodSecurityPolicy 5 | metadata: 6 | name: {{ default $fullName .Values.podSecurityPolicy.name | quote }} 7 | labels: 8 | heritage: {{ .Release.Service | quote }} 9 | release: {{ .Release.Name | quote }} 10 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 11 | app: {{ $fullName | quote }} 12 | spec: 13 | {{ toYaml .Values.podSecurityPolicy.spec | indent 2 }} 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /mfr/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "mfr.fullname" . }} 5 | labels: 6 | app: {{ template "mfr.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | type: Opaque 11 | data: 12 | {{- range $key, $value := .Values.secretEnvs }} 13 | {{ $key }}: {{ $value | b64enc | quote }} 14 | {{- end }} 15 | {{- range $key, $value := .Values.secretFiles }} 16 | {{ $key }}: {{ $value | b64enc | quote }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /share/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "share.fullname" . }} 5 | labels: 6 | app: {{ template "share.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | type: Opaque 11 | data: 12 | {{- range $key, $value := .Values.secretEnvs }} 13 | {{ $key }}: {{ $value | b64enc | quote }} 14 | {{- end }} 15 | {{- range $key, $value := .Values.secretFiles }} 16 | {{ $key }}: {{ $value | b64enc | quote }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /gcloud-sqlproxy/templates/svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "gcloud-sqlproxy.fullname" . }} 5 | labels: 6 | app: {{ template "gcloud-sqlproxy.name" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | spec: 11 | ports: 12 | - name: sqlproxy 13 | protocol: TCP 14 | port: {{ .Values.cloudsql.port }} 15 | targetPort: sqlproxy 16 | selector: 17 | app: {{ template "gcloud-sqlproxy.name" . }} 18 | release: {{ .Release.Name }} 19 | -------------------------------------------------------------------------------- /mongodb/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: mongodb 2 | apiVersion: v1 3 | version: 0.5.0 4 | appVersion: 3.4.9 5 | description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. 6 | keywords: 7 | - mongodb 8 | - database 9 | - nosql 10 | home: https://mongodb.org 11 | icon: https://bitnami.com/assets/stacks/mongodb/img/mongodb-stack-220x234.png 12 | sources: 13 | - https://github.com/bitnami/bitnami-docker-mongodb 14 | maintainers: 15 | - name: Bitnami 16 | email: containers@bitnami.com 17 | engine: gotpl 18 | -------------------------------------------------------------------------------- /mongodb/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "mongodb.fullname" . }} 5 | labels: 6 | app: {{ template "mongodb.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | type: Opaque 11 | data: 12 | {{- range $key, $value := .Values.secretEnvs }} 13 | {{ $key }}: {{ $value | b64enc | quote }} 14 | {{- end }} 15 | {{- range $key, $value := .Values.tls.files }} 16 | certs-{{ $key }}: {{ $value | b64enc | quote }} 17 | {{- end }} -------------------------------------------------------------------------------- /osf-reviews/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Open Science Framework Reviews/Moderation Ember application 3 | name: osf-reviews 4 | version: 0.6.0 5 | keywords: 6 | - open 7 | - science 8 | - preprints 9 | - reviews 10 | - moderation 11 | sources: 12 | - https://github.com/CenterForOpenScience/ember-osf-reviews 13 | maintainers: 14 | - name: Matt Frazier 15 | email: matt@cos.io 16 | url: https://github.com/mfraezz 17 | - name: Matt Clark 18 | email: mattclark@cos.io 19 | url: https://github.com/mattclark 20 | engine: gotpl 21 | tillerVersion: '>=2.7.0' 22 | -------------------------------------------------------------------------------- /redis/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: redis 2 | apiVersion: v1 3 | version: 1.1.3 4 | appVersion: 4.0.6 5 | description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. 6 | keywords: 7 | - redis 8 | - keyvalue 9 | - database 10 | home: http://redis.io/ 11 | icon: https://bitnami.com/assets/stacks/redis/img/redis-stack-220x234.png 12 | sources: 13 | - https://github.com/bitnami/bitnami-docker-redis 14 | maintainers: 15 | - name: bitnami-bot 16 | email: containers@bitnami.com 17 | engine: gotpl 18 | -------------------------------------------------------------------------------- /cert-manager/Chart.yaml: -------------------------------------------------------------------------------- 1 | annotations: 2 | artifacthub.io/prerelease: "false" 3 | apiVersion: v1 4 | appVersion: v1.7.0 5 | description: A Helm chart for cert-manager 6 | home: https://github.com/jetstack/cert-manager 7 | icon: https://raw.githubusercontent.com/jetstack/cert-manager/master/logo/logo.png 8 | keywords: 9 | - cert-manager 10 | - kube-lego 11 | - letsencrypt 12 | - tls 13 | maintainers: 14 | - email: cert-manager-maintainers@googlegroups.com 15 | name: cert-manager-maintainers 16 | name: cert-manager 17 | sources: 18 | - https://github.com/jetstack/cert-manager 19 | version: v1.7.0 20 | -------------------------------------------------------------------------------- /pgbouncer/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "pgbouncer.fullname" . }} 5 | labels: 6 | app: {{ template "pgbouncer.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | type: Opaque 11 | data: 12 | {{- range $key, $value := .Values.secretEnvs }} 13 | {{ $key }}: {{ $value | b64enc | quote }} 14 | {{- end }} 15 | {{- range $key, $value := .Values.secretFiles }} 16 | {{ $key }}: {{ $value | b64enc | quote }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /prerender/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "prerender.fullname" . }} 5 | labels: 6 | app: {{ template "prerender.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | type: Opaque 11 | data: 12 | {{- range $key, $value := .Values.secretEnvs }} 13 | {{ $key }}: {{ $value | b64enc | quote }} 14 | {{- end }} 15 | {{- range $key, $value := .Values.secretFiles }} 16 | {{ $key }}: {{ $value | b64enc | quote }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /share/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: elasticsearch 3 | version: 0.5.3 4 | repository: https://centerforopenscience.github.io/helm-charts/ 5 | condition: elasticsearch.enabled, global.elasticsearch.enabled 6 | - name: postgresql 7 | version: 0.11.1 8 | repository: https://centerforopenscience.github.io/helm-charts/ 9 | condition: postgresql.enabled, global.postgresql.enabled 10 | - name: rabbitmq 11 | version: 6.9.1 12 | repository: https://centerforopenscience.github.io/helm-charts/ 13 | condition: rabbitmq.enabled, global.rabbitmq.enabled 14 | -------------------------------------------------------------------------------- /elasticsearch/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | {{- $fullName := include "elasticsearch.uname" . -}} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: "{{ template "elasticsearch.serviceAccount" . }}" 7 | annotations: 8 | {{- with .Values.rbac.serviceAccountAnnotations }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | labels: 12 | heritage: {{ .Release.Service | quote }} 13 | release: {{ .Release.Name | quote }} 14 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 15 | app: {{ $fullName | quote }} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /osf-pigeon/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "osf-pigeon.fullname" . }} 5 | labels: 6 | app: {{ template "osf-pigeon.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | type: Opaque 11 | data: 12 | {{- range $key, $value := .Values.secretEnvs }} 13 | {{ $key }}: {{ $value | b64enc | quote }} 14 | {{- end }} 15 | {{- range $key, $value := .Values.secretFiles }} 16 | {{ $key }}: {{ $value | b64enc | quote }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /cerebro/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: cerebro 2 | home: https://github.com/lmenezes/cerebro 3 | apiVersion: v1 4 | version: 0.4.0 5 | description: cerebro is an open source(MIT License) elasticsearch web admin tool built using Scala, Play Framework, AngularJS and Bootstrap. 6 | icon: https://github.com/lmenezes/cerebro/raw/master/public/img/logo.png 7 | sources: 8 | - https://github.com/lmenezes/cerebro 9 | maintainers: 10 | - name: Matt Frazier 11 | email: matt@cos.io 12 | url: https://github.com/mfraezz 13 | - name: Matt Clark 14 | email: mattclark@cos.io 15 | url: https://github.com/mattclark 16 | -------------------------------------------------------------------------------- /elasticsearch/examples/migration/master.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Temporarily set to 3 so we can scale up/down the old a new cluster 3 | # one at a time whilst always keeping 3 masters running 4 | replicas: 1 5 | 6 | esMajorVersion: 6 7 | 8 | extraEnvs: 9 | - name: discovery.zen.ping.unicast.hosts 10 | value: "my-release-elasticsearch-discovery" 11 | 12 | clusterName: "elasticsearch" 13 | nodeGroup: "master" 14 | 15 | roles: 16 | - master 17 | 18 | volumeClaimTemplate: 19 | accessModes: ["ReadWriteOnce"] 20 | storageClassName: "standard" 21 | resources: 22 | requests: 23 | storage: 4Gi 24 | -------------------------------------------------------------------------------- /elasticsearch/examples/openshift/test/goss.yaml: -------------------------------------------------------------------------------- 1 | http: 2 | https://localhost:9200/_cluster/health: 3 | status: 200 4 | timeout: 2000 5 | username: elastic 6 | password: "{{ .Env.ELASTIC_PASSWORD }}" 7 | body: 8 | - "green" 9 | - '"number_of_nodes":3' 10 | - '"number_of_data_nodes":3' 11 | 12 | https://localhost:9200: 13 | status: 200 14 | timeout: 2000 15 | username: elastic 16 | password: "{{ .Env.ELASTIC_PASSWORD }}" 17 | body: 18 | - '"number" : "8.5.1"' 19 | - '"cluster_name" : "elasticsearch"' 20 | - "You Know, for Search" 21 | -------------------------------------------------------------------------------- /barman/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "barman.fullname" . }} 5 | labels: 6 | app: {{ template "barman.fullname" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | type: Opaque 11 | data: 12 | {{- range $key, $value := .Values.backups }} 13 | barman.d-{{ $key }}.conf: {{ $value.conf | b64enc | quote }} 14 | {{- end }} 15 | {{- range $key, $value := .Values.tls.files }} 16 | certs-{{ $key }}: {{ $value | b64enc | quote }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /echoheaders/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /elasticsearch/examples/minikube/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Permit co-located instances for solitary minikube virtual machines. 3 | antiAffinity: "soft" 4 | 5 | # Shrink default JVM heap. 6 | esJavaOpts: "-Xmx128m -Xms128m" 7 | 8 | # Allocate smaller chunks of memory per pod. 9 | resources: 10 | requests: 11 | cpu: "100m" 12 | memory: "512M" 13 | limits: 14 | cpu: "1000m" 15 | memory: "512M" 16 | 17 | # Request smaller persistent volumes. 18 | volumeClaimTemplate: 19 | accessModes: [ "ReadWriteOnce" ] 20 | storageClassName: "standard" 21 | resources: 22 | requests: 23 | storage: 100M 24 | -------------------------------------------------------------------------------- /rabbitmq/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: rabbitmq 3 | version: 6.9.1 4 | appVersion: 3.8.0 5 | description: Open source message broker software that implements the Advanced Message Queuing Protocol (AMQP) 6 | keywords: 7 | - rabbitmq 8 | - message queue 9 | - AMQP 10 | home: https://www.rabbitmq.com 11 | icon: https://bitnami.com/assets/stacks/rabbitmq/img/rabbitmq-stack-220x234.png 12 | sources: 13 | - https://github.com/bitnami/bitnami-docker-rabbitmq 14 | maintainers: 15 | - name: Bitnami 16 | email: containers@bitnami.com 17 | - name: desaintmartin 18 | email: cedric@desaintmartin.fr 19 | engine: gotpl 20 | -------------------------------------------------------------------------------- /barman/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "barman.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "barman.fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /cerebro/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "cerebro.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "cerebro.fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /elasticsearch/examples/docker-for-mac/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Permit co-located instances for solitary minikube virtual machines. 3 | antiAffinity: "soft" 4 | 5 | # Shrink default JVM heap. 6 | esJavaOpts: "-Xmx128m -Xms128m" 7 | 8 | # Allocate smaller chunks of memory per pod. 9 | resources: 10 | requests: 11 | cpu: "100m" 12 | memory: "512M" 13 | limits: 14 | cpu: "1000m" 15 | memory: "512M" 16 | 17 | # Request smaller persistent volumes. 18 | volumeClaimTemplate: 19 | accessModes: [ "ReadWriteOnce" ] 20 | storageClassName: "hostpath" 21 | resources: 22 | requests: 23 | storage: 100M 24 | -------------------------------------------------------------------------------- /elasticsearch/examples/kubernetes-kind/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Permit co-located instances for solitary minikube virtual machines. 3 | antiAffinity: "soft" 4 | 5 | # Shrink default JVM heap. 6 | esJavaOpts: "-Xmx128m -Xms128m" 7 | 8 | # Allocate smaller chunks of memory per pod. 9 | resources: 10 | requests: 11 | cpu: "100m" 12 | memory: "512M" 13 | limits: 14 | cpu: "1000m" 15 | memory: "512M" 16 | 17 | # Request smaller persistent volumes. 18 | volumeClaimTemplate: 19 | accessModes: [ "ReadWriteOnce" ] 20 | storageClassName: "local-path" 21 | resources: 22 | requests: 23 | storage: 100M 24 | -------------------------------------------------------------------------------- /nessus/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "nessus.fullname" . }} 5 | labels: 6 | app: {{ template "nessus.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | type: Opaque 11 | data: 12 | {{- if .Values.docker.imageCredentials.enabled }} 13 | .dockerconfigjson: {{ template "nessus.docker.imagePullSecret" . }} 14 | {{- end }} 15 | {{- range $key, $value := .Values.tls.files }} 16 | tls-{{ $key }}: {{ $value | b64enc | quote }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /elasticsearch/examples/kubernetes-kind/values-local-path.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Permit co-located instances for solitary minikube virtual machines. 3 | antiAffinity: "soft" 4 | 5 | # Shrink default JVM heap. 6 | esJavaOpts: "-Xmx128m -Xms128m" 7 | 8 | # Allocate smaller chunks of memory per pod. 9 | resources: 10 | requests: 11 | cpu: "100m" 12 | memory: "512M" 13 | limits: 14 | cpu: "1000m" 15 | memory: "512M" 16 | 17 | # Request smaller persistent volumes. 18 | volumeClaimTemplate: 19 | accessModes: [ "ReadWriteOnce" ] 20 | storageClassName: "local-path" 21 | resources: 22 | requests: 23 | storage: 100M 24 | -------------------------------------------------------------------------------- /maintenance/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "maintenance.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "maintenance.fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /elasticsearch-old/templates/master-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: {{ template "elasticsearch.name" . }} 6 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 7 | component: "{{ .Values.master.name }}" 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | name: {{ template "elasticsearch.master.fullname" . }} 11 | spec: 12 | clusterIP: None 13 | ports: 14 | - port: 9300 15 | targetPort: 9300 16 | selector: 17 | app: {{ template "elasticsearch.name" . }} 18 | component: "{{ .Values.master.name }}" 19 | release: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /elasticsearch/examples/multi/Makefile: -------------------------------------------------------------------------------- 1 | default: test 2 | 3 | include ../../../helpers/examples.mk 4 | 5 | PREFIX := helm-es-multi 6 | RELEASE := helm-es-multi-master 7 | TIMEOUT := 1200s 8 | 9 | install: 10 | helm upgrade --wait --timeout=$(TIMEOUT) --install --values master.yaml $(PREFIX)-master ../../ 11 | helm upgrade --wait --timeout=$(TIMEOUT) --install --values data.yaml $(PREFIX)-data ../../ 12 | helm upgrade --wait --timeout=$(TIMEOUT) --install --values client.yaml $(PREFIX)-client ../../ 13 | 14 | test: install goss 15 | 16 | purge: 17 | helm del $(PREFIX)-master 18 | helm del $(PREFIX)-data 19 | helm del $(PREFIX)-client 20 | -------------------------------------------------------------------------------- /flower/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "fullname" . }} 5 | labels: 6 | app: {{ template "name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.externalPort }} 14 | targetPort: {{ .Values.service.internalPort }} 15 | protocol: TCP 16 | name: {{ .Values.service.name }} 17 | selector: 18 | app: {{ template "name" . }} 19 | release: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /http-redirect/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "http-redirect.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "http-redirect.fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /kibana/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "fullname" . }} 5 | labels: 6 | app: {{ template "name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.externalPort }} 14 | targetPort: {{ .Values.service.internalPort }} 15 | protocol: TCP 16 | name: {{ .Values.service.name }} 17 | selector: 18 | app: {{ template "name" . }} 19 | release: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /tls-certificates/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for tls-certificates. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | certificates: {} 6 | # name: 7 | # crt: |- 8 | # -----BEGIN CERTIFICATE----- 9 | # 10 | # -----END CERTIFICATE----- 11 | # -----BEGIN CERTIFICATE----- 12 | # 13 | # -----END CERTIFICATE----- 14 | # -----BEGIN CERTIFICATE----- 15 | # 16 | # -----END CERTIFICATE----- 17 | # key: |- 18 | # -----BEGIN RSA PRIVATE KEY----- 19 | # 20 | # -----END RSA PRIVATE KEY----- -------------------------------------------------------------------------------- /gcloud-sqlproxy/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "gcloud-sqlproxy.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "gcloud-sqlproxy.fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /rabbitmq/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbacEnabled }} 2 | kind: RoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ template "rabbitmq.fullname" . }}-endpoint-reader 6 | labels: 7 | app: {{ template "rabbitmq.name" . }} 8 | chart: {{ template "rabbitmq.chart" . }} 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | subjects: 12 | - kind: ServiceAccount 13 | name: {{ template "rabbitmq.fullname" . }} 14 | roleRef: 15 | apiGroup: rbac.authorization.k8s.io 16 | kind: Role 17 | name: {{ template "rabbitmq.fullname" . }}-endpoint-reader 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /nginx-ingress/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: nginx-ingress 2 | apiVersion: v1 3 | version: 0.11.1 4 | appVersion: 0.10.2 5 | description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. 6 | icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png 7 | keywords: 8 | - ingress 9 | - nginx 10 | sources: 11 | - https://github.com/kubernetes/ingress-nginx 12 | maintainers: 13 | - name: jackzampolin 14 | email: jack.zampolin@gmail.com 15 | - name: mgoodness 16 | email: mgoodness@gmail.com 17 | - name: chancez 18 | email: chance.zibolski@coreos.com 19 | engine: gotpl 20 | -------------------------------------------------------------------------------- /tls-certificates/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "tls-certificates.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "tls-certificates.fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /mfr/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "mfr.fullname" . }} 5 | labels: 6 | app: {{ template "mfr.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.externalPort }} 14 | targetPort: {{ .Values.service.internalPort }} 15 | protocol: TCP 16 | name: {{ .Values.service.name }} 17 | selector: 18 | app: {{ template "mfr.name" . }} 19 | release: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /elasticsearch/examples/upgrade/test/goss.yaml: -------------------------------------------------------------------------------- 1 | http: 2 | https://localhost:9200/_cluster/health: 3 | status: 200 4 | username: elastic 5 | password: "{{ .Env.ELASTIC_PASSWORD }}" 6 | allow-insecure: true 7 | timeout: 2000 8 | body: 9 | - "green" 10 | - '"number_of_nodes":3' 11 | - '"number_of_data_nodes":3' 12 | 13 | https://localhost:9200: 14 | status: 200 15 | username: elastic 16 | password: "{{ .Env.ELASTIC_PASSWORD }}" 17 | allow-insecure: true 18 | timeout: 2000 19 | body: 20 | - '"number" : "8.5.1"' 21 | - '"cluster_name" : "upgrade"' 22 | - "You Know, for Search" 23 | -------------------------------------------------------------------------------- /nginx/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "nginx.fullname" . }}-test-connection" 5 | labels: 6 | app.kubernetes.io/name: {{ include "nginx.name" . }} 7 | helm.sh/chart: {{ include "nginx.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | annotations: 11 | "helm.sh/hook": test-success 12 | spec: 13 | containers: 14 | - name: wget 15 | image: busybox 16 | command: ['wget'] 17 | args: ['{{ include "nginx.fullname" . }}:{{ .Values.service.port }}'] 18 | restartPolicy: Never 19 | -------------------------------------------------------------------------------- /ember/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "ember.fullname" . }} 5 | labels: 6 | app: {{ template "ember.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.externalPort }} 14 | targetPort: {{ .Values.service.internalPort }} 15 | protocol: TCP 16 | name: {{ .Values.service.name }} 17 | selector: 18 | app: {{ template "ember.name" . }} 19 | release: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /hubot/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "hubot.fullname" . }} 5 | labels: 6 | app: {{ template "hubot.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.externalPort }} 14 | targetPort: {{ .Values.service.internalPort }} 15 | protocol: TCP 16 | name: {{ .Values.service.name }} 17 | selector: 18 | app: {{ template "hubot.name" . }} 19 | release: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /ingress-nginx/templates/controller-configmap-tcp.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.tcp -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | labels: 6 | {{- include "ingress-nginx.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: controller 8 | {{- with .Values.controller.labels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | {{- if .Values.controller.tcp.annotations }} 12 | annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }} 13 | {{- end }} 14 | name: {{ include "ingress-nginx.fullname" . }}-tcp 15 | namespace: {{ .Release.Namespace }} 16 | data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /ingress-nginx/templates/controller-configmap-udp.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.udp -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | labels: 6 | {{- include "ingress-nginx.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: controller 8 | {{- with .Values.controller.labels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | {{- if .Values.controller.udp.annotations }} 12 | annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }} 13 | {{- end }} 14 | name: {{ include "ingress-nginx.fullname" . }}-udp 15 | namespace: {{ .Release.Namespace }} 16 | data: {{ tpl (toYaml .Values.udp) . | nindent 2 }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /jenkins/templates/agent-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.networkPolicy.enabled .Values.agent.enabled }} 2 | kind: NetworkPolicy 3 | apiVersion: {{ .Values.networkPolicy.apiVersion }} 4 | metadata: 5 | name: {{ template "jenkins.agent.fullname" . }} 6 | labels: 7 | app: {{ template "jenkins.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | component: {{ .Values.agent.name }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | podSelector: 14 | matchLabels: 15 | # DefaultDeny 16 | "jenkins/{{ template "jenkins.agent.fullname" . }}": "true" 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /nessus/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: nessus 2 | apiVersion: v1 3 | version: 0.4.2 4 | appVersion: 7.1.2 5 | description: Nessus Vulnerability Scanner 6 | keywords: 7 | - nessus 8 | - security 9 | home: https://www.tenable.com/products/nessus-vulnerability-scanner 10 | icon: https://static.tenable.com/press/logos/products/Nessus-FullColor-RGB-logo.png 11 | sources: 12 | - https://github.com/CenterForOpenScience/docker-library/tree/master/nessus 13 | maintainers: 14 | - name: Matt Frazier 15 | email: matt@cos.io 16 | url: https://github.com/mfraezz 17 | - name: Matt Clark 18 | email: mattclark@cos.io 19 | url: https://github.com/mattclark 20 | engine: gotpl 21 | -------------------------------------------------------------------------------- /pgbouncer/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "pgbouncer.fullname" . }} 5 | labels: 6 | app: {{ template "pgbouncer.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.externalPort }} 14 | targetPort: {{ .Values.service.name }} 15 | protocol: TCP 16 | name: {{ .Values.service.name }} 17 | selector: 18 | app: {{ template "pgbouncer.name" . }} 19 | release: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /sharejs/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "sharejs.fullname" . }} 5 | labels: 6 | app: {{ template "sharejs.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.externalPort }} 14 | targetPort: {{ .Values.service.internalPort }} 15 | protocol: TCP 16 | name: {{ .Values.service.name }} 17 | selector: 18 | app: {{ template "sharejs.name" . }} 19 | release: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /angular-osf/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "angular.fullname" . }} 5 | labels: 6 | app: {{ template "angular.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.externalPort }} 14 | targetPort: {{ .Values.service.internalPort }} 15 | protocol: TCP 16 | name: {{ .Values.service.name }} 17 | selector: 18 | app: {{ template "angular.name" . }} 19 | release: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /jenkins/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: jenkins 2 | home: https://jenkins.io/ 3 | apiVersion: v1 4 | version: 0.11.2 5 | appVersion: 2.67.0 6 | description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based projects as well as arbitrary scripts. 7 | sources: 8 | - https://github.com/jenkinsci/jenkins 9 | - https://github.com/jenkinsci/docker-jnlp-slave 10 | maintainers: 11 | - name: lachie83 12 | email: lachlan.evenson@microsoft.com 13 | - name: viglesiasce 14 | email: viglesias@google.com 15 | icon: https://wiki.jenkins-ci.org/download/attachments/2916393/logo.png 16 | -------------------------------------------------------------------------------- /jenkins/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | labels: 6 | app: {{ template "jenkins.name" .}} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | name: {{ template "jenkins.fullname" . }} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: {{ template "jenkins.fullname" . }} 15 | subjects: 16 | - kind: ServiceAccount 17 | name: {{ template "jenkins.fullname" . }} 18 | namespace: {{ .Release.Namespace }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /cert-manager/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | cert-manager {{ .Chart.AppVersion }} has been deployed successfully! 2 | 3 | In order to begin issuing certificates, you will need to set up a ClusterIssuer 4 | or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer). 5 | 6 | More information on the different types of issuers and how to configure them 7 | can be found in our documentation: 8 | 9 | https://cert-manager.io/docs/configuration/ 10 | 11 | For information on how to configure cert-manager to automatically provision 12 | Certificates for Ingress resources, take a look at the `ingress-shim` 13 | documentation: 14 | 15 | https://cert-manager.io/docs/usage/ingress/ 16 | -------------------------------------------------------------------------------- /ingress-nginx/templates/default-backend-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | {{- include "ingress-nginx.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: default-backend 8 | {{- with .Values.defaultBackend.labels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} 12 | namespace: {{ .Release.Namespace }} 13 | automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /prerender/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "prerender.fullname" . }} 5 | labels: 6 | app: {{ template "prerender.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.externalPort }} 14 | targetPort: {{ .Values.service.internalPort }} 15 | protocol: TCP 16 | name: {{ .Values.service.name }} 17 | selector: 18 | app: {{ template "prerender.name" . }} 19 | release: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /wb/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: WaterButler is a Python web application for interacting with various file storage services via a single RESTful API 3 | name: wb 4 | version: 0.9.1 5 | keywords: 6 | - files 7 | - storage 8 | - streaming 9 | sources: 10 | - https://github.com/CenterForOpenScience/waterbutler 11 | maintainers: 12 | - name: Matt Frazier 13 | email: matt@cos.io 14 | url: https://github.com/mfraezz 15 | - name: Gao Pan 16 | email: gao@cos.io 17 | url: https://github.com/gpan7628 18 | - name: Uditi Mehta 19 | email: uditi@cos.io 20 | url: https://github.com/uditijmehta 21 | engine: gotpl 22 | tillerVersion: '>=2.7.0' 23 | -------------------------------------------------------------------------------- /echoheaders/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for echoserver. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | image: 6 | repository: "gcr.io/google_containers/echoserver" 7 | tag: "1.5" 8 | pullPolicy: "IfNotPresent" 9 | 10 | resources: 11 | # limits: 12 | # cpu: 100m 13 | # memory: 128Mi 14 | # requests: 15 | # cpu: 100m 16 | # memory: 128Mi 17 | 18 | ingress: 19 | enabled: false 20 | annotations: {} 21 | # kubernetes.io/ingress.class: nginx 22 | tls: [] 23 | # - hosts: 24 | # - echo.exmaple.com 25 | # secretName: example-com-tls 26 | rules: [] 27 | # - host: echo.example.com 28 | -------------------------------------------------------------------------------- /osf-pigeon/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "osf-pigeon.fullname" . }} 5 | labels: 6 | app: {{ template "osf-pigeon.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.externalPort }} 14 | targetPort: {{ .Values.service.internalPort }} 15 | protocol: TCP 16 | name: {{ .Values.service.name }} 17 | selector: 18 | app: {{ template "osf-pigeon.name" . }} 19 | release: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /elasticsearch-old/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app: {{ template "elasticsearch.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | name: {{ template "elasticsearch.fullname" . }} 11 | rules: 12 | - nonResourceURLs: 13 | - / 14 | verbs: 15 | - get 16 | - apiGroups: 17 | - "" 18 | resources: 19 | - endpoints 20 | verbs: 21 | - get 22 | - apiGroups: 23 | - apps 24 | resources: 25 | - statefulsets/status 26 | verbs: 27 | - get 28 | {{- end -}} 29 | -------------------------------------------------------------------------------- /maintenance/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "maintenance.fullname" . }} 5 | labels: 6 | app: {{ template "maintenance.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.externalPort }} 14 | targetPort: {{ .Values.service.internalPort }} 15 | protocol: TCP 16 | name: {{ .Values.service.name }} 17 | selector: 18 | app: {{ template "maintenance.name" . }} 19 | release: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /nginx-ingress/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | labels: 6 | app: {{ template "nginx-ingress.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | name: {{ template "nginx-ingress.fullname" . }} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: Role 14 | name: {{ template "nginx-ingress.fullname" . }} 15 | subjects: 16 | - kind: ServiceAccount 17 | name: {{ template "nginx-ingress.fullname" . }} 18 | namespace: {{ .Release.Namespace }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /cert-manager/templates/webhook-psp-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.podSecurityPolicy.enabled }} 2 | kind: ClusterRole 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ template "webhook.fullname" . }}-psp 6 | labels: 7 | app: {{ include "webhook.name" . }} 8 | app.kubernetes.io/name: {{ include "webhook.name" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/component: "webhook" 11 | {{- include "labels" . | nindent 4 }} 12 | rules: 13 | - apiGroups: ['policy'] 14 | resources: ['podsecuritypolicies'] 15 | verbs: ['use'] 16 | resourceNames: 17 | - {{ template "webhook.fullname" . }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /triton-share/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "triton-share.fullname" . }}-test-connection" 5 | labels: 6 | app.kubernetes.io/name: {{ include "triton-share.name" . }} 7 | helm.sh/chart: {{ include "triton-share.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | annotations: 11 | "helm.sh/hook": test-success 12 | spec: 13 | containers: 14 | - name: wget 15 | image: busybox 16 | command: ['wget'] 17 | args: ['{{ include "triton-share.fullname" . }}:{{ .Values.service.port }}'] 18 | restartPolicy: Never 19 | -------------------------------------------------------------------------------- /osf-graveyvalet/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "osf-gravyvalet.fullname" . }} 5 | labels: 6 | app: {{ template "osf-gravyvalet.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.externalPort }} 14 | targetPort: {{ .Values.service.internalPort }} 15 | protocol: TCP 16 | name: {{ .Values.service.name }} 17 | selector: 18 | app: {{ template "osf-gravyvalet.name" . }} 19 | release: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /wb/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "wb.fullname" . }}" 10 | labels: 11 | app: {{ template "wb.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | heritage: {{ .Release.Service }} 14 | release: {{ .Release.Name }} 15 | spec: 16 | selector: 17 | matchLabels: 18 | app: {{ template "wb.name" . }} 19 | release: {{ .Release.Name }} 20 | minAvailable: {{ .Values.budget.minAvailable }} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /cert-manager/templates/psp-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.podSecurityPolicy.enabled }} 2 | kind: ClusterRole 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ template "cert-manager.fullname" . }}-psp 6 | labels: 7 | app: {{ include "cert-manager.name" . }} 8 | app.kubernetes.io/name: {{ include "cert-manager.name" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/component: "controller" 11 | {{- include "labels" . | nindent 4 }} 12 | rules: 13 | - apiGroups: ['policy'] 14 | resources: ['podsecuritypolicies'] 15 | verbs: ['use'] 16 | resourceNames: 17 | - {{ template "cert-manager.fullname" . }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /mfr/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "mfr.fullname" . }}" 10 | labels: 11 | app: {{ template "mfr.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | heritage: {{ .Release.Service }} 14 | release: {{ .Release.Name }} 15 | spec: 16 | selector: 17 | matchLabels: 18 | app: {{ template "mfr.name" . }} 19 | release: {{ .Release.Name }} 20 | minAvailable: {{ .Values.budget.minAvailable }} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /elasticsearch-old/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | labels: 6 | app: {{ template "elasticsearch.name" .}} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | name: {{ template "elasticsearch.fullname" . }} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: {{ template "elasticsearch.fullname" . }} 15 | subjects: 16 | - kind: ServiceAccount 17 | name: {{ template "elasticsearch.fullname" . }} 18 | namespace: {{ .Release.Namespace }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /ember/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "ember.fullname" . }}" 10 | labels: 11 | app: {{ template "ember.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | heritage: {{ .Release.Service }} 14 | release: {{ .Release.Name }} 15 | spec: 16 | selector: 17 | matchLabels: 18 | app: {{ template "ember.name" . }} 19 | release: {{ .Release.Name }} 20 | minAvailable: {{ .Values.budget.minAvailable }} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /hubot/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "hubot.fullname" . }}" 10 | labels: 11 | app: {{ template "hubot.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | heritage: {{ .Release.Service }} 14 | release: {{ .Release.Name }} 15 | spec: 16 | selector: 17 | matchLabels: 18 | app: {{ template "hubot.name" . }} 19 | release: {{ .Release.Name }} 20 | minAvailable: {{ .Values.budget.minAvailable }} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /nginx-ingress/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | labels: 6 | app: {{ template "nginx-ingress.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | name: {{ template "nginx-ingress.fullname" . }} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: {{ template "nginx-ingress.fullname" . }} 15 | subjects: 16 | - kind: ServiceAccount 17 | name: {{ template "nginx-ingress.fullname" . }} 18 | namespace: {{ .Release.Namespace }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /osf-cas/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "cas.fullname" . }}" 10 | labels: 11 | app: {{ template "cas.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | heritage: {{ .Release.Service }} 14 | release: {{ .Release.Name }} 15 | spec: 16 | selector: 17 | matchLabels: 18 | app: {{ template "cas.name" . }} 19 | release: {{ .Release.Name }} 20 | minAvailable: {{ .Values.budget.minAvailable }} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /elasticsearch-old/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: elasticsearch 2 | home: https://www.elastic.co/products/elasticsearch 3 | apiVersion: v1 4 | version: 0.5.3 5 | description: Flexible and powerful open source, distributed real-time search and analytics 6 | engine. 7 | icon: https://static-www.elastic.co/assets/blteb1c97719574938d/logo-elastic-elasticsearch-lt.svg 8 | sources: 9 | - https://www.elastic.co/products/elasticsearch 10 | - https://github.com/jetstack/elasticsearch-pet 11 | - https://github.com/giantswarm/kubernetes-elastic-stack 12 | - https://github.com/GoogleCloudPlatform/elasticsearch-docker 13 | maintainers: 14 | - name: Matt Frazier 15 | email: matt@cos.io 16 | - name: Matt Clark 17 | email: mattclark@cos.io 18 | -------------------------------------------------------------------------------- /osf-cas/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "cas.fullname" . }} 5 | labels: 6 | app: {{ template "cas.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | sessionAffinity: {{ .Values.service.sessionAffinity }} 13 | ports: 14 | - port: {{ .Values.service.externalPort }} 15 | targetPort: {{ .Values.service.internalPort }} 16 | protocol: TCP 17 | name: {{ .Values.service.name }} 18 | selector: 19 | app: {{ template "cas.name" . }} 20 | release: {{ .Release.Name }} 21 | -------------------------------------------------------------------------------- /triton-share/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "triton-share.fullname" . }} 5 | labels: 6 | app.kubernetes.io/name: {{ include "triton-share.name" . }} 7 | helm.sh/chart: {{ include "triton-share.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.port }} 14 | targetPort: http 15 | protocol: TCP 16 | name: http 17 | selector: 18 | app.kubernetes.io/name: {{ include "triton-share.name" . }} 19 | app.kubernetes.io/instance: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /wb/templates/certificate-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and .Values.networkPolicy.enabled .Values.certificate.enabled) }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: "{{ template "wb.certificate.fullname" . }}" 6 | labels: 7 | app: {{ template "wb.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | component: "{{ .Values.certificate.name }}" 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | policyTypes: 14 | - Ingress 15 | podSelector: 16 | matchExpressions: 17 | - {key: acme.cert-manager.io/http01-solver, operator: Exists} 18 | ingress: 19 | - from: [] 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /http-redirect/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: {{ template "http-redirect.name" . }} 6 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 7 | heritage: {{ .Release.Service }} 8 | release: {{ .Release.Name }} 9 | name: {{ template "http-redirect.fullname" . }} 10 | spec: 11 | {{- if .Values.service.clusterIP }} 12 | clusterIP: "{{ .Values.service.clusterIP }}" 13 | {{- end }} 14 | ports: 15 | - port: {{ .Values.service.externalPort }} 16 | targetPort: {{ .Values.service.internalPort }} 17 | selector: 18 | app: {{ template "http-redirect.name" . }} 19 | release: {{ .Release.Name }} 20 | type: {{ .Values.service.type }} 21 | -------------------------------------------------------------------------------- /mfr/templates/certificate-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and .Values.networkPolicy.enabled .Values.certificate.enabled) }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: "{{ template "mfr.certificate.fullname" . }}" 6 | labels: 7 | app: {{ template "mfr.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | component: "{{ .Values.certificate.name }}" 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | policyTypes: 14 | - Ingress 15 | podSelector: 16 | matchExpressions: 17 | - {key: acme.cert-manager.io/http01-solver, operator: Exists} 18 | ingress: 19 | - from: [] 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /sharejs/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "sharejs.fullname" . }}" 10 | labels: 11 | app: {{ template "sharejs.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | heritage: {{ .Release.Service }} 14 | release: {{ .Release.Name }} 15 | spec: 16 | selector: 17 | matchLabels: 18 | app: {{ template "sharejs.name" . }} 19 | release: {{ .Release.Name }} 20 | minAvailable: {{ .Values.budget.minAvailable }} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /angular-osf/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "angular.fullname" . }}" 10 | labels: 11 | app: {{ template "angular.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | heritage: {{ .Release.Service }} 14 | release: {{ .Release.Name }} 15 | spec: 16 | selector: 17 | matchLabels: 18 | app: {{ template "angular.name" . }} 19 | release: {{ .Release.Name }} 20 | minAvailable: {{ .Values.budget.minAvailable }} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /jenkins/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app: {{ template "jenkins.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | name: {{ template "jenkins.fullname" . }} 11 | rules: 12 | - apiGroups: 13 | - "" 14 | resources: 15 | - pods 16 | verbs: 17 | - get 18 | - list 19 | - watch 20 | - create 21 | - delete 22 | - apiGroups: 23 | - "" 24 | resources: 25 | - pods/exec 26 | - pods/log 27 | verbs: 28 | - get 29 | {{- end -}} 30 | -------------------------------------------------------------------------------- /osf-cas/templates/certificate-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and .Values.networkPolicy.enabled .Values.certificate.enabled) }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: "{{ template "cas.certificate.fullname" . }}" 6 | labels: 7 | app: {{ template "cas.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | component: "{{ .Values.certificate.name }}" 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | policyTypes: 14 | - Ingress 15 | podSelector: 16 | matchExpressions: 17 | - {key: acme.cert-manager.io/http01-solver, operator: Exists} 18 | ingress: 19 | - from: [] 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /elasticsearch-old/templates/data-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.data.budget.maxUnavailable -}} 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: "{{ template "elasticsearch.data.fullname" . }}" 6 | labels: 7 | app: {{ template "elasticsearch.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 9 | component: "{{ .Values.data.name }}" 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | app: {{ template "elasticsearch.name" . }} 16 | component: "{{ .Values.data.name }}" 17 | release: {{ .Release.Name }} 18 | maxUnavailable: {{ .Values.data.budget.maxUnavailable }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /http-redirect/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | labels: 6 | app: {{ template "http-redirect.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | name: {{ template "http-redirect.fullname" . }} 11 | {{- if .Values.ingress.annotations }} 12 | annotations: 13 | {{- toYaml .Values.ingress.annotations | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | defaultBackend: 17 | service: 18 | name: {{ template "http-redirect.fullname" . }} 19 | port: 20 | number: {{ .Values.service.externalPort }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /osf-pigeon/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "osf-pigeon.fullname" . }}" 10 | labels: 11 | app: {{ template "osf-pigeon.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | heritage: {{ .Release.Service }} 14 | release: {{ .Release.Name }} 15 | spec: 16 | selector: 17 | matchLabels: 18 | app: {{ template "osf-pigeon.name" . }} 19 | release: {{ .Release.Name }} 20 | minAvailable: {{ .Values.budget.minAvailable }} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /pgbouncer/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "pgbouncer.fullname" . }}" 10 | labels: 11 | app: {{ template "pgbouncer.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | heritage: {{ .Release.Service }} 14 | release: {{ .Release.Name }} 15 | spec: 16 | selector: 17 | matchLabels: 18 | app: {{ template "pgbouncer.name" . }} 19 | release: {{ .Release.Name }} 20 | minAvailable: {{ .Values.budget.minAvailable }} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /prerender/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "prerender.fullname" . }}" 10 | labels: 11 | app: {{ template "prerender.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | heritage: {{ .Release.Service }} 14 | release: {{ .Release.Name }} 15 | spec: 16 | selector: 17 | matchLabels: 18 | app: {{ template "prerender.name" . }} 19 | release: {{ .Release.Name }} 20 | minAvailable: {{ .Values.budget.minAvailable }} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /elasticsearch/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | {{- $fullName := include "elasticsearch.uname" . -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ $fullName | quote }} 7 | labels: 8 | heritage: {{ .Release.Service | quote }} 9 | release: {{ .Release.Name | quote }} 10 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 11 | app: {{ $fullName | quote }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: "{{ template "elasticsearch.serviceAccount" . }}" 15 | namespace: {{ .Release.Namespace | quote }} 16 | roleRef: 17 | kind: Role 18 | name: {{ $fullName | quote }} 19 | apiGroup: rbac.authorization.k8s.io 20 | {{- end -}} 21 | -------------------------------------------------------------------------------- /ingress-nginx/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.rbac.create (not .Values.rbac.scope) -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | labels: 6 | {{- include "ingress-nginx.labels" . | nindent 4 }} 7 | {{- with .Values.controller.labels }} 8 | {{- toYaml . | nindent 4 }} 9 | {{- end }} 10 | name: {{ include "ingress-nginx.fullname" . }} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: {{ include "ingress-nginx.fullname" . }} 15 | subjects: 16 | - kind: ServiceAccount 17 | name: {{ template "ingress-nginx.serviceAccountName" . }} 18 | namespace: {{ .Release.Namespace | quote }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /maintenance/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "maintenance.fullname" . }}" 10 | labels: 11 | app: {{ template "maintenance.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | heritage: {{ .Release.Service }} 14 | release: {{ .Release.Name }} 15 | spec: 16 | selector: 17 | matchLabels: 18 | app: {{ template "maintenance.name" . }} 19 | release: {{ .Release.Name }} 20 | minAvailable: {{ .Values.budget.minAvailable }} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /osf/templates/certificate-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and .Values.networkPolicy.enabled (or .Values.admin.certificate.enabled .Values.api.certificate.enabled .Values.web.certificate.enabled ) ) }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: "{{ template "cas.fullname" . }}-cert" 6 | labels: 7 | app: {{ template "cas.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | policyTypes: 13 | - Ingress 14 | podSelector: 15 | matchExpressions: 16 | - {key: acme.cert-manager.io/http01-solver, operator: Exists} 17 | ingress: 18 | - from: [] 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /elasticsearch-old/templates/client-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.client.budget.maxUnavailable -}} 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: "{{ template "elasticsearch.client.fullname" . }}" 6 | labels: 7 | app: {{ template "elasticsearch.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 9 | component: "{{ .Values.client.name }}" 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | app: {{ template "elasticsearch.name" . }} 16 | component: "{{ .Values.client.name }}" 17 | release: {{ .Release.Name }} 18 | maxUnavailable: {{ .Values.client.budget.maxUnavailable }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /elasticsearch-old/templates/master-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.master.budget.maxUnavailable -}} 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: "{{ template "elasticsearch.master.fullname" . }}" 6 | labels: 7 | app: {{ template "elasticsearch.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 9 | component: "{{ .Values.master.name }}" 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | app: {{ template "elasticsearch.name" . }} 16 | component: "{{ .Values.master.name }}" 17 | release: {{ .Release.Name }} 18 | maxUnavailable: {{ .Values.master.budget.maxUnavailable }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /kibana/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | 18 | {{/* 19 | Used to add environment variables from a parent chart 20 | */}} 21 | {{- define "kibana.env" }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /osf-pigeon/templates/certificate-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and .Values.networkPolicy.enabled .Values.certificate.enabled) }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: "{{ template "osf-pigeon.certificate.fullname" . }}" 6 | labels: 7 | app: {{ template "osf-pigeon.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | component: "{{ .Values.certificate.name }}" 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | policyTypes: 14 | - Ingress 15 | podSelector: 16 | matchExpressions: 17 | - {key: acme.cert-manager.io/http01-solver, operator: Exists} 18 | ingress: 19 | - from: [] 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /postgresql/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: postgresql 2 | apiVersion: v1 3 | version: 0.11.1 4 | description: Object-relational database management system (ORDBMS) with an emphasis 5 | on extensibility and on standards-compliance. 6 | engine: gotpl 7 | home: https://www.postgresql.org/ 8 | icon: https://www.postgresql.org/media/img/about/press/elephant.png 9 | keywords: 10 | - postgresql 11 | - postgres 12 | - database 13 | - sql 14 | maintainers: 15 | - name: Matt Frazier 16 | email: matt@cos.io 17 | url: https://github.com/mfraezz 18 | - name: Matt Clark 19 | email: mattclark@cos.io 20 | url: https://github.com/mattclark 21 | sources: 22 | - https://github.com/kubernetes/charts 23 | - https://github.com/docker-library/postgres 24 | -------------------------------------------------------------------------------- /ingress-nginx/templates/controller-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if or .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | {{- include "ingress-nginx.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: controller 8 | {{- with .Values.controller.labels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | name: {{ template "ingress-nginx.serviceAccountName" . }} 12 | namespace: {{ .Release.Namespace }} 13 | {{- if .Values.serviceAccount.annotations }} 14 | annotations: 15 | {{ toYaml .Values.serviceAccount.annotations | indent 4 }} 16 | {{- end }} 17 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /osf-graveyvalet/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "osf-gravyvalet.fullname" . }}" 10 | labels: 11 | app: {{ template "osf-gravyvalet.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | heritage: {{ .Release.Service }} 14 | release: {{ .Release.Name }} 15 | spec: 16 | selector: 17 | matchLabels: 18 | app: {{ template "osf-gravyvalet.name" . }} 19 | release: {{ .Release.Name }} 20 | minAvailable: {{ .Values.budget.minAvailable }} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /osf-graveyvalet/templates/certificate-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and .Values.networkPolicy.enabled .Values.certificate.enabled) }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: "{{ template "osf-gravyvalet.certificate.fullname" . }}" 6 | labels: 7 | app: {{ template "osf-gravyvalet.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | component: "{{ .Values.certificate.name }}" 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | policyTypes: 14 | - Ingress 15 | podSelector: 16 | matchExpressions: 17 | - {key: acme.cert-manager.io/http01-solver, operator: Exists} 18 | ingress: 19 | - from: [] 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /postgresql/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "postgresql.fullname" . }} 5 | labels: 6 | app: {{ template "postgresql.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | type: Opaque 11 | data: 12 | {{- if .Values.metrics.customMetrics }} 13 | custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | b64enc | quote }} 14 | {{- end }} 15 | {{- range $key, $value := .Values.secrets }} 16 | {{ $key }}: {{ $value | b64enc | quote }} 17 | {{- end }} 18 | {{- range $key, $value := .Values.tls.files }} 19 | certs-{{ $key }}: {{ $value | b64enc | quote }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /nginx-ingress/templates/controller-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | app: {{ template "nginx-ingress.name" . }} 6 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 7 | component: "{{ .Values.controller.name }}" 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | name: {{ template "nginx-ingress.controller.fullname" . }} 11 | data: 12 | enable-vts-status: "{{ .Values.controller.stats.enabled }}" 13 | {{- if .Values.controller.headers }} 14 | proxy-set-headers: {{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-custom-headers 15 | {{- end }} 16 | {{- if .Values.controller.config }} 17 | {{ toYaml .Values.controller.config | indent 2 }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /bitnami-common/templates/_warnings.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright VMware, Inc. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | {{/* 8 | Warning about using rolling tag. 9 | Usage: 10 | {{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} 11 | */}} 12 | {{- define "common.warnings.rollingTag" -}} 13 | 14 | {{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} 15 | WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. 16 | +info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ 17 | {{- end }} 18 | 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /cert-manager/templates/cainjector-psp-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cainjector.enabled }} 2 | {{- if .Values.global.podSecurityPolicy.enabled }} 3 | kind: ClusterRole 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | metadata: 6 | name: {{ template "cainjector.fullname" . }}-psp 7 | labels: 8 | app: {{ include "cainjector.name" . }} 9 | app.kubernetes.io/name: {{ include "cainjector.name" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/component: "cainjector" 12 | {{- include "labels" . | nindent 4 }} 13 | rules: 14 | - apiGroups: ['policy'] 15 | resources: ['podsecuritypolicies'] 16 | verbs: ['use'] 17 | resourceNames: 18 | - {{ template "cainjector.fullname" . }} 19 | {{- end }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /elasticsearch/examples/upgrade/Makefile: -------------------------------------------------------------------------------- 1 | default: test 2 | 3 | include ../../../helpers/examples.mk 4 | 5 | CHART := elasticsearch 6 | RELEASE := helm-es-upgrade 7 | FROM := 7.17.1 # upgrade from versions before 7.17.1 isn't compatible with 8.x 8 | 9 | install: 10 | ../../../helpers/upgrade.sh --chart $(CHART) --release $(RELEASE) --from $(FROM) 11 | # Rolling upgrade doesn't work when upgrading from clusters with security disabled. 12 | # This is because nodes with security enabled can't join a cluster with security disabled. 13 | # Every nodes need to be recreated at the same time so they can recreate a cluster with security enabled 14 | kubectl delete pod --selector=app=upgrade-master 15 | 16 | test: install goss 17 | 18 | purge: 19 | helm del $(RELEASE) 20 | -------------------------------------------------------------------------------- /postgresql-ha/templates/ldap-secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright VMware, Inc. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if .Values.ldap.enabled }} 7 | apiVersion: v1 8 | kind: Secret 9 | metadata: 10 | name: {{ include "postgresql-ha.ldap" . }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | {{- if .Values.commonAnnotations }} 14 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 15 | {{- end }} 16 | type: Opaque 17 | data: 18 | bind-password: {{ (include "postgresql-ha.ldapPassword" .) | b64enc | quote }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /wb/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.horizontalPodAutoscaler.enabled -}} 2 | apiVersion: autoscaling/v1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "wb.fullname" . }} 6 | labels: 7 | app: {{ template "wb.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | scaleTargetRef: 13 | apiVersion: apps/v1 14 | kind: Deployment 15 | name: {{ template "wb.fullname" . }} 16 | minReplicas: {{ .Values.replicaCount }} 17 | maxReplicas: {{ .Values.horizontalPodAutoscaler.maxReplicas }} 18 | targetCPUUtilizationPercentage: {{ .Values.horizontalPodAutoscaler.targetCPUUtilizationPercentage }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /osf-cas/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.horizontalPodAutoscaler.enabled -}} 2 | apiVersion: autoscaling/v1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "cas.fullname" . }} 6 | labels: 7 | app: {{ template "cas.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | scaleTargetRef: 13 | apiVersion: apps/v1 14 | kind: Deployment 15 | name: {{ template "cas.fullname" . }} 16 | minReplicas: {{ .Values.replicaCount }} 17 | maxReplicas: {{ .Values.horizontalPodAutoscaler.maxReplicas }} 18 | targetCPUUtilizationPercentage: {{ .Values.horizontalPodAutoscaler.targetCPUUtilizationPercentage }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /elasticsearch/examples/default/README.md: -------------------------------------------------------------------------------- 1 | # Default 2 | 3 | This example deploy a 3 nodes Elasticsearch 8.5.1 cluster using 4 | [default values][]. 5 | 6 | 7 | ## Usage 8 | 9 | * Deploy Elasticsearch chart with the default values: `make install` 10 | 11 | * You can now setup a port forward to query Elasticsearch API: 12 | 13 | ``` 14 | kubectl port-forward svc/elasticsearch-master 9200 15 | curl localhost:9200/_cat/indices 16 | ``` 17 | 18 | 19 | ## Testing 20 | 21 | You can also run [goss integration tests][] using `make test` 22 | 23 | 24 | [goss integration tests]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/default/test/goss.yaml 25 | [default values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/values.yaml 26 | -------------------------------------------------------------------------------- /ember/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.horizontalPodAutoscaler.enabled -}} 2 | apiVersion: autoscaling/v1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "ember.fullname" . }} 6 | labels: 7 | app: {{ template "ember.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | scaleTargetRef: 13 | apiVersion: apps/v1 14 | kind: Deployment 15 | name: {{ template "ember.fullname" . }} 16 | minReplicas: {{ .Values.replicaCount }} 17 | maxReplicas: {{ .Values.horizontalPodAutoscaler.maxReplicas }} 18 | targetCPUUtilizationPercentage: {{ .Values.horizontalPodAutoscaler.targetCPUUtilizationPercentage }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /gcloud-sqlproxy/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.networkPolicy.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: {{ template "gcloud-sqlproxy.fullname" . }} 6 | labels: 7 | app: {{ template "gcloud-sqlproxy.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | podSelector: 13 | matchLabels: 14 | app: {{ template "gcloud-sqlproxy.name" . }} 15 | release: {{ .Release.Name }} 16 | ingress: 17 | - ports: 18 | - port: {{ .Values.cloudsql.port }} 19 | protocol: TCP 20 | egress: 21 | {{- toYaml .Values.networkPolicy.egress | nindent 4 }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /hubot/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.horizontalPodAutoscaler.enabled -}} 2 | apiVersion: autoscaling/v1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "hubot.fullname" . }} 6 | labels: 7 | app: {{ template "hubot.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | scaleTargetRef: 13 | apiVersion: apps/v1 14 | kind: Deployment 15 | name: {{ template "hubot.fullname" . }} 16 | minReplicas: {{ .Values.replicaCount }} 17 | maxReplicas: {{ .Values.horizontalPodAutoscaler.maxReplicas }} 18 | targetCPUUtilizationPercentage: {{ .Values.horizontalPodAutoscaler.targetCPUUtilizationPercentage }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "ingress-nginx.fullname" . }}-admission 6 | namespace: {{ .Release.Namespace }} 7 | annotations: 8 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade 9 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 10 | labels: 11 | {{- include "ingress-nginx.labels" . | nindent 4 }} 12 | app.kubernetes.io/component: admission-webhook 13 | {{- with .Values.controller.admissionWebhooks.patch.labels }} 14 | {{- toYaml . | nindent 4 }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /bitnami-common/templates/_labels.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright VMware, Inc. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{/* vim: set filetype=mustache: */}} 7 | {{/* 8 | Kubernetes standard labels 9 | */}} 10 | {{- define "common.labels.standard" -}} 11 | app.kubernetes.io/name: {{ include "common.names.name" . }} 12 | helm.sh/chart: {{ include "common.names.chart" . }} 13 | app.kubernetes.io/instance: {{ .Release.Name }} 14 | app.kubernetes.io/managed-by: {{ .Release.Service }} 15 | {{- end -}} 16 | 17 | {{/* 18 | Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector 19 | */}} 20 | {{- define "common.labels.matchLabels" -}} 21 | app.kubernetes.io/name: {{ include "common.names.name" . }} 22 | app.kubernetes.io/instance: {{ .Release.Name }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /ingress-nginx/templates/controller-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | labels: 6 | {{- include "ingress-nginx.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: controller 8 | {{- with .Values.controller.labels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | name: {{ include "ingress-nginx.fullname" . }} 12 | namespace: {{ .Release.Namespace }} 13 | roleRef: 14 | apiGroup: rbac.authorization.k8s.io 15 | kind: Role 16 | name: {{ include "ingress-nginx.fullname" . }} 17 | subjects: 18 | - kind: ServiceAccount 19 | name: {{ template "ingress-nginx.serviceAccountName" . }} 20 | namespace: {{ .Release.Namespace | quote }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /postgresql/files/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | nodaemon=true 3 | 4 | [program:postgres] 5 | autorestart=true 6 | command=bash entrypoint.sh postgres 7 | stderr_logfile=/dev/stderr 8 | stderr_logfile_maxbytes=0 9 | stdout_logfile=/dev/stdout 10 | stdout_logfile_maxbytes=0 11 | 12 | [program:repmgrd] 13 | autostart=false 14 | autorestart=true 15 | startretries=999 16 | command=bash entrypoint.sh repmgrd --monitoring-history 17 | stderr_logfile=/dev/stderr 18 | stderr_logfile_maxbytes=0 19 | stdout_logfile=/dev/stdout 20 | stdout_logfile_maxbytes=0 21 | 22 | [program:cleanup] 23 | autorestart=false 24 | startsecs=0 25 | command=bash entrypoint.sh cleanup 26 | stderr_logfile=/dev/stderr 27 | stderr_logfile_maxbytes=0 28 | stdout_logfile=/dev/stdout 29 | stdout_logfile_maxbytes=0 30 | -------------------------------------------------------------------------------- /postgresql-ha/templates/metrics-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright VMware, Inc. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} 7 | apiVersion: v1 8 | kind: ConfigMap 9 | metadata: 10 | name: {{ include "postgresql.metricsCM" . }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | {{- if .Values.commonAnnotations }} 14 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 15 | {{- end }} 16 | data: 17 | custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /sharejs/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.horizontalPodAutoscaler.enabled -}} 2 | apiVersion: autoscaling/v1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "sharejs.fullname" . }} 6 | labels: 7 | app: {{ template "sharejs.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | scaleTargetRef: 13 | apiVersion: apps/v1 14 | kind: Deployment 15 | name: {{ template "sharejs.fullname" . }} 16 | minReplicas: {{ .Values.replicaCount }} 17 | maxReplicas: {{ .Values.horizontalPodAutoscaler.maxReplicas }} 18 | targetCPUUtilizationPercentage: {{ .Values.horizontalPodAutoscaler.targetCPUUtilizationPercentage }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /triton-share/templates/certificate-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and .Values.networkPolicy.enabled .Values.certificate.enabled) }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: "{{ template "triton-share.certificate.fullname" . }}" 6 | labels: 7 | app.kubernetes.io/name: {{ include "triton-share.name" . }} 8 | helm.sh/chart: {{ include "triton-share.chart" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/managed-by: {{ .Release.Service }} 11 | component: "{{ .Values.certificate.name }}" 12 | spec: 13 | policyTypes: 14 | - Ingress 15 | podSelector: 16 | matchExpressions: 17 | - {key: acme.cert-manager.io/http01-solver, operator: Exists} 18 | ingress: 19 | - from: [] 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: generic 2 | 3 | dist: trusty 4 | sudo: false 5 | 6 | env: 7 | global: 8 | - HELM_VERSION="v2.12.3" 9 | 10 | install: 11 | - wget http://storage.googleapis.com/kubernetes-helm/helm-${HELM_VERSION}-linux-amd64.tar.gz -O /tmp/helm.tar.gz 12 | - tar xzf /tmp/helm.tar.gz -C /tmp --strip-components=1 13 | - chmod +x /tmp/helm 14 | 15 | before_script: 16 | - /tmp/helm init --client-only --stable-repo-url https://charts.helm.sh/stable 17 | - /tmp/helm repo add stable https://charts.helm.sh/stable 18 | - /tmp/helm repo add cos https://centerforopenscience.github.io/helm-charts/ 19 | - | 20 | for chart in $(find . -name 'requirements.yaml'); do 21 | /tmp/helm dep build $(dirname ${chart}) 22 | done 23 | 24 | script: 25 | - /tmp/helm lint */ 26 | -------------------------------------------------------------------------------- /angular-osf/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.horizontalPodAutoscaler.enabled -}} 2 | apiVersion: autoscaling/v1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "angular.fullname" . }} 6 | labels: 7 | app: {{ template "angular.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | scaleTargetRef: 13 | apiVersion: apps/v1 14 | kind: Deployment 15 | name: {{ template "angular.fullname" . }} 16 | minReplicas: {{ .Values.replicaCount }} 17 | maxReplicas: {{ .Values.horizontalPodAutoscaler.maxReplicas }} 18 | targetCPUUtilizationPercentage: {{ .Values.horizontalPodAutoscaler.targetCPUUtilizationPercentage }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /elasticsearch/examples/docker-for-mac/README.md: -------------------------------------------------------------------------------- 1 | # Docker for Mac 2 | 3 | This example deploy a 3 nodes Elasticsearch 8.5.1 cluster on [Docker for Mac][] 4 | using [custom values][]. 5 | 6 | Note that this configuration should be used for test only and isn't recommended 7 | for production. 8 | 9 | 10 | ## Usage 11 | 12 | * Deploy Elasticsearch chart with the default values: `make install` 13 | 14 | * You can now setup a port forward to query Elasticsearch API: 15 | 16 | ``` 17 | kubectl port-forward svc/elasticsearch-master 9200 18 | curl localhost:9200/_cat/indices 19 | ``` 20 | 21 | 22 | [custom values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/docker-for-mac/values.yaml 23 | [docker for mac]: https://docs.docker.com/docker-for-mac/kubernetes/ 24 | -------------------------------------------------------------------------------- /prerender/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.horizontalPodAutoscaler.enabled -}} 2 | apiVersion: autoscaling/v1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "prerender.fullname" . }} 6 | labels: 7 | app: {{ template "prerender.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | scaleTargetRef: 13 | apiVersion: apps/v1 14 | kind: Deployment 15 | name: {{ template "prerender.fullname" . }} 16 | minReplicas: {{ .Values.replicaCount }} 17 | maxReplicas: {{ .Values.horizontalPodAutoscaler.maxReplicas }} 18 | targetCPUUtilizationPercentage: {{ .Values.horizontalPodAutoscaler.targetCPUUtilizationPercentage }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /osf-pigeon/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.horizontalPodAutoscaler.enabled -}} 2 | apiVersion: autoscaling/v1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "osf-pigeon.fullname" . }} 6 | labels: 7 | app: {{ template "osf-pigeon.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | scaleTargetRef: 13 | apiVersion: apps/v1 14 | kind: Deployment 15 | name: {{ template "osf-pigeon.fullname" . }} 16 | minReplicas: {{ .Values.replicaCount }} 17 | maxReplicas: {{ .Values.horizontalPodAutoscaler.maxReplicas }} 18 | targetCPUUtilizationPercentage: {{ .Values.horizontalPodAutoscaler.targetCPUUtilizationPercentage }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /hubot/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "hubot.fullname" . }} 5 | labels: 6 | app: {{ template "hubot.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | type: Opaque 11 | data: 12 | {{- if .Values.redis.enabled }} 13 | REDIS_URL: {{ printf "redis://:%s@%s:6379/0" .Values.redis.redisPassword (include "redis.fullname" .) | b64enc | quote }} 14 | {{- end }} 15 | {{- range $key, $value := .Values.secretEnvs }} 16 | {{ $key }}: {{ $value | b64enc | quote }} 17 | {{- end }} 18 | {{- range $key, $value := .Values.secretFiles }} 19 | {{ $key | replace "/" "-" }}: {{ $value | b64enc | quote }} 20 | {{- end }} 21 | 22 | -------------------------------------------------------------------------------- /maintenance/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.horizontalPodAutoscaler.enabled -}} 2 | apiVersion: autoscaling/v1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "maintenance.fullname" . }} 6 | labels: 7 | app: {{ template "maintenance.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | scaleTargetRef: 13 | apiVersion: apps/v1 14 | kind: Deployment 15 | name: {{ template "maintenance.fullname" . }} 16 | minReplicas: {{ .Values.replicaCount }} 17 | maxReplicas: {{ .Values.horizontalPodAutoscaler.maxReplicas }} 18 | targetCPUUtilizationPercentage: {{ .Values.horizontalPodAutoscaler.targetCPUUtilizationPercentage }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /bitnami-common/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright VMware, Inc. 2 | # SPDX-License-Identifier: APACHE-2.0 3 | 4 | annotations: 5 | category: Infrastructure 6 | licenses: Apache-2.0 7 | apiVersion: v2 8 | # Please make sure that version and appVersion are always the same. 9 | appVersion: 2.6.0 10 | description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. 11 | home: https://bitnami.com 12 | icon: https://bitnami.com/downloads/logos/bitnami-mark.png 13 | keywords: 14 | - common 15 | - helper 16 | - template 17 | - function 18 | - bitnami 19 | maintainers: 20 | - name: VMware, Inc. 21 | url: https://github.com/bitnami/charts 22 | name: common 23 | sources: 24 | - https://github.com/bitnami/charts 25 | type: library 26 | version: 2.6.0 27 | -------------------------------------------------------------------------------- /elasticsearch/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | {{- $fullName := include "elasticsearch.uname" . -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: Role 5 | metadata: 6 | name: {{ $fullName | quote }} 7 | labels: 8 | heritage: {{ .Release.Service | quote }} 9 | release: {{ .Release.Name | quote }} 10 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 11 | app: {{ $fullName | quote }} 12 | rules: 13 | - apiGroups: 14 | - extensions 15 | resources: 16 | - podsecuritypolicies 17 | resourceNames: 18 | {{- if eq .Values.podSecurityPolicy.name "" }} 19 | - {{ $fullName | quote }} 20 | {{- else }} 21 | - {{ .Values.podSecurityPolicy.name | quote }} 22 | {{- end }} 23 | verbs: 24 | - use 25 | {{- end -}} 26 | -------------------------------------------------------------------------------- /elasticsearch/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secret.enabled -}} 2 | {{- $passwordValue := (randAlphaNum 16) | b64enc | quote }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ template "elasticsearch.uname" . }}-credentials 7 | labels: 8 | heritage: {{ .Release.Service | quote }} 9 | release: {{ .Release.Name | quote }} 10 | chart: "{{ .Chart.Name }}" 11 | app: "{{ template "elasticsearch.uname" . }}" 12 | {{- range $key, $value := .Values.labels }} 13 | {{ $key }}: {{ $value | quote }} 14 | {{- end }} 15 | type: Opaque 16 | data: 17 | username: {{ "elastic" | b64enc }} 18 | {{- if .Values.secret.password }} 19 | password: {{ .Values.secret.password | b64enc }} 20 | {{- else }} 21 | password: {{ $passwordValue }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /osf/templates/api-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.api.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "osf.api.fullname" . }}" 10 | labels: 11 | app: {{ template "osf.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | component: "{{ .Values.api.name }}" 14 | heritage: {{ .Release.Service }} 15 | release: {{ .Release.Name }} 16 | spec: 17 | selector: 18 | matchLabels: 19 | app: {{ template "osf.name" . }} 20 | component: "{{ .Values.api.name }}" 21 | release: {{ .Release.Name }} 22 | minAvailable: {{ .Values.api.budget.minAvailable }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /osf/templates/web-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.web.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "osf.web.fullname" . }}" 10 | labels: 11 | app: {{ template "osf.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | component: "{{ .Values.web.name }}" 14 | heritage: {{ .Release.Service }} 15 | release: {{ .Release.Name }} 16 | spec: 17 | selector: 18 | matchLabels: 19 | app: {{ template "osf.name" . }} 20 | component: "{{ .Values.web.name }}" 21 | release: {{ .Release.Name }} 22 | minAvailable: {{ .Values.web.budget.minAvailable }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /cert-manager/templates/webhook-psp-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.podSecurityPolicy.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: {{ template "webhook.fullname" . }}-psp 6 | labels: 7 | app: {{ include "webhook.name" . }} 8 | app.kubernetes.io/name: {{ include "webhook.name" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/component: "webhook" 11 | {{- include "labels" . | nindent 4 }} 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: {{ template "webhook.fullname" . }}-psp 16 | subjects: 17 | - kind: ServiceAccount 18 | name: {{ template "webhook.serviceAccountName" . }} 19 | namespace: {{ .Release.Namespace }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /osf/templates/api-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.api.enabled -}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "osf.api.fullname" . }} 6 | labels: 7 | app: {{ template "osf.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | component: "{{ .Values.api.name }}" 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | type: {{ .Values.api.service.type }} 14 | ports: 15 | - port: {{ .Values.api.service.externalPort }} 16 | targetPort: {{ .Values.api.service.internalPort }} 17 | protocol: TCP 18 | name: {{ .Values.api.service.name }} 19 | selector: 20 | app: {{ template "osf.name" . }} 21 | component: "{{ .Values.api.name }}" 22 | release: {{ .Release.Name }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /osf/templates/web-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.web.enabled -}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "osf.web.fullname" . }} 6 | labels: 7 | app: {{ template "osf.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | component: "{{ .Values.web.name }}" 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | spec: 13 | type: {{ .Values.web.service.type }} 14 | ports: 15 | - port: {{ .Values.web.service.externalPort }} 16 | targetPort: {{ .Values.web.service.internalPort }} 17 | protocol: TCP 18 | name: {{ .Values.web.service.name }} 19 | selector: 20 | app: {{ template "osf.name" . }} 21 | component: "{{ .Values.web.name }}" 22 | release: {{ .Release.Name }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /tls-certificates/templates/secretlist.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: SecretList 3 | items: 4 | {{- $app := include "tls-certificates.name" . -}} 5 | {{- $chart := printf "%s-%s" .Chart.Name (.Chart.Version | replace "+" "_") -}} 6 | {{- $release := .Release.Name -}} 7 | {{- $service := .Release.Service -}} 8 | {{- range $key, $value := .Values.certificates }} 9 | - apiVersion: v1 10 | kind: Secret 11 | metadata: 12 | name: {{ $key }}-tls 13 | labels: 14 | app: {{ $app }} 15 | chart: {{ $chart }} 16 | release: {{ $release }} 17 | heritage: {{ $service }} 18 | component: {{ $key }} 19 | type: Opaque 20 | data: 21 | tls.crt: {{ $value.crt | b64enc | quote }} 22 | tls.key: {{ $value.key | b64enc | quote }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /nessus/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "nessus.fullname" . }} 5 | labels: 6 | app: {{ template "nessus.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | annotations: 11 | {{- range $key, $value := .Values.service.annotations }} 12 | {{ $key }}: {{ $value | quote }} 13 | {{- end }} 14 | spec: 15 | type: {{ .Values.service.type }} 16 | ports: 17 | - port: {{ .Values.service.externalPort }} 18 | targetPort: {{ .Values.service.internalPort }} 19 | protocol: TCP 20 | name: {{ .Values.service.name }} 21 | selector: 22 | app: {{ template "nessus.name" . }} 23 | release: {{ .Release.Name }} 24 | -------------------------------------------------------------------------------- /osf/templates/task-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.task.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "osf.task.fullname" . }}" 10 | labels: 11 | app: {{ template "osf.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | component: "{{ .Values.task.name }}" 14 | heritage: {{ .Release.Service }} 15 | release: {{ .Release.Name }} 16 | spec: 17 | selector: 18 | matchLabels: 19 | app: {{ template "osf.name" . }} 20 | component: "{{ .Values.task.name }}" 21 | release: {{ .Release.Name }} 22 | minAvailable: {{ .Values.task.budget.minAvailable }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /share/templates/web-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.web.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "share.web.fullname" . }}" 10 | labels: 11 | app: {{ template "share.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | component: "{{ .Values.web.name }}" 14 | heritage: {{ .Release.Service }} 15 | release: {{ .Release.Name }} 16 | spec: 17 | selector: 18 | matchLabels: 19 | app: {{ template "share.name" . }} 20 | component: "{{ .Values.web.name }}" 21 | release: {{ .Release.Name }} 22 | minAvailable: {{ .Values.web.budget.minAvailable }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /osf-cas/files/apache/shibboleth/localLogout.html: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 7 | 8 | 9 | 10 | Local Logout 11 | 12 | 13 | 14 | 15 | 16 | Logo 17 | 18 |

Local Logout

19 | 20 | Status of Local Logout: 21 | 22 |

23 | 24 | You MUST close your browser to complete the logout process. 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /osf-graveyvalet/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.horizontalPodAutoscaler.enabled -}} 2 | apiVersion: autoscaling/v1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "osf-gravyvalet.fullname" . }} 6 | labels: 7 | app: {{ template "osf-gravyvalet.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | scaleTargetRef: 13 | apiVersion: apps/v1 14 | kind: Deployment 15 | name: {{ template "osf-gravyvalet.fullname" . }} 16 | minReplicas: {{ .Values.replicaCount }} 17 | maxReplicas: {{ .Values.horizontalPodAutoscaler.maxReplicas }} 18 | targetCPUUtilizationPercentage: {{ .Values.horizontalPodAutoscaler.targetCPUUtilizationPercentage }} 19 | {{- end -}} 20 | 21 | -------------------------------------------------------------------------------- /osf/templates/admin-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.admin.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "osf.admin.fullname" . }}" 10 | labels: 11 | app: {{ template "osf.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | component: "{{ .Values.admin.name }}" 14 | heritage: {{ .Release.Service }} 15 | release: {{ .Release.Name }} 16 | spec: 17 | selector: 18 | matchLabels: 19 | app: {{ template "osf.name" . }} 20 | component: "{{ .Values.admin.name }}" 21 | release: {{ .Release.Name }} 22 | minAvailable: {{ .Values.admin.budget.minAvailable }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /ingress-nginx/templates/controller-configmap-proxyheaders.yaml: -------------------------------------------------------------------------------- 1 | {{- if or .Values.controller.proxySetHeaders .Values.controller.headers -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | labels: 6 | {{- include "ingress-nginx.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: controller 8 | {{- with .Values.controller.labels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers 12 | namespace: {{ .Release.Namespace }} 13 | data: 14 | {{- if .Values.controller.proxySetHeaders }} 15 | {{ toYaml .Values.controller.proxySetHeaders | indent 2 }} 16 | {{ else if and .Values.controller.headers (not .Values.controller.proxySetHeaders) }} 17 | {{ toYaml .Values.controller.headers | indent 2 }} 18 | {{- end }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /mfr/templates/worker-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.worker.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "mfr.worker.fullname" . }}" 10 | labels: 11 | app: {{ template "mfr.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | component: "{{ .Values.worker.name }}" 14 | heritage: {{ .Release.Service }} 15 | release: {{ .Release.Name }} 16 | spec: 17 | selector: 18 | matchLabels: 19 | app: {{ template "mfr.name" . }} 20 | component: "{{ .Values.worker.name }}" 21 | release: {{ .Release.Name }} 22 | minAvailable: {{ .Values.worker.budget.minAvailable }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /nginx/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "nginx.fullname" . }} 5 | labels: 6 | app.kubernetes.io/name: {{ include "nginx.name" . }} 7 | helm.sh/chart: {{ include "nginx.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | annotations: 11 | {{- range $key, $value := .Values.service.annotations }} 12 | {{ $key }}: {{ $value | quote }} 13 | {{- end }} 14 | spec: 15 | type: {{ .Values.service.type }} 16 | ports: 17 | - port: {{ .Values.service.port }} 18 | targetPort: http 19 | protocol: TCP 20 | name: http 21 | selector: 22 | app.kubernetes.io/name: {{ include "nginx.name" . }} 23 | app.kubernetes.io/instance: {{ .Release.Name }} 24 | -------------------------------------------------------------------------------- /osf-cas/files/apache/shibboleth/partialLogout.html: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 7 | 8 | 9 | 10 | Partial Logout 11 | 12 | 13 | 14 | 15 | 16 | Logo 17 | 18 |

Partial Logout

19 | 20 |

You remain logged into one or more applications accessed during your session. 21 | To complete the logout process, please close/exit your browser completely.

22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /osf/templates/worker-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.worker.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "osf.worker.fullname" . }}" 10 | labels: 11 | app: {{ template "osf.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | component: "{{ .Values.worker.name }}" 14 | heritage: {{ .Release.Service }} 15 | release: {{ .Release.Name }} 16 | spec: 17 | selector: 18 | matchLabels: 19 | app: {{ template "osf.name" . }} 20 | component: "{{ .Values.worker.name }}" 21 | release: {{ .Release.Name }} 22 | minAvailable: {{ .Values.worker.budget.minAvailable }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /share/templates/web-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.web.enabled -}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "share.web.fullname" . }} 6 | labels: 7 | app: {{ template "share.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | component: "{{ .Values.web.name }}" 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | type: {{ .Values.web.service.type }} 14 | ports: 15 | - port: {{ .Values.web.service.externalPort }} 16 | targetPort: {{ .Values.web.service.internalPort }} 17 | protocol: TCP 18 | name: {{ .Values.web.service.name }} 19 | selector: 20 | app: {{ template "share.name" . }} 21 | component: "{{ .Values.web.name }}" 22 | release: {{ .Release.Name }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /cert-manager/templates/psp-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.podSecurityPolicy.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: {{ template "cert-manager.fullname" . }}-psp 6 | labels: 7 | app: {{ include "cert-manager.name" . }} 8 | app.kubernetes.io/name: {{ include "cert-manager.name" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/component: "controller" 11 | {{- include "labels" . | nindent 4 }} 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: {{ template "cert-manager.fullname" . }}-psp 16 | subjects: 17 | - kind: ServiceAccount 18 | name: {{ template "cert-manager.serviceAccountName" . }} 19 | namespace: {{ .Release.Namespace }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /elasticsearch-old/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if or .Values.tls.enabled .Values.searchguard.enabled -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | labels: 6 | app: {{ template "elasticsearch.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | name: {{ template "elasticsearch.fullname" . }} 11 | type: Opaque 12 | data: 13 | {{- if .Values.tls.enabled }} 14 | {{- range $key, $value := .Values.tls.files }} 15 | tls-{{ $key | replace "/" "-" }}: {{ $value | b64enc | quote }} 16 | {{- end }} 17 | {{- end }} 18 | {{- if .Values.searchguard.enabled }} 19 | {{- range $key, $value := .Values.searchguard.files }} 20 | sg-{{ $key | replace "/" "-" }}: {{ $value | b64enc | quote }} 21 | {{- end }} 22 | {{- end }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /osf/templates/admin-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.admin.enabled -}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "osf.admin.fullname" . }} 6 | labels: 7 | app: {{ template "osf.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | component: "{{ .Values.admin.name }}" 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | type: {{ .Values.admin.service.type }} 14 | ports: 15 | - port: {{ .Values.admin.service.externalPort }} 16 | targetPort: {{ .Values.admin.service.internalPort }} 17 | protocol: TCP 18 | name: {{ .Values.admin.service.name }} 19 | selector: 20 | app: {{ template "osf.name" . }} 21 | component: "{{ .Values.admin.name }}" 22 | release: {{ .Release.Name }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /elasticsearch/examples/config/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | clusterName: "config" 3 | replicas: 1 4 | 5 | extraEnvs: 6 | - name: ELASTIC_PASSWORD 7 | valueFrom: 8 | secretKeyRef: 9 | name: elastic-config-credentials 10 | key: password 11 | 12 | # This is just a dummy file to make sure that 13 | # the keystore can be mounted at the same time 14 | # as a custom elasticsearch.yml 15 | esConfig: 16 | elasticsearch.yml: | 17 | xpack.security.enabled: true 18 | path.data: /usr/share/elasticsearch/data 19 | 20 | keystore: 21 | - secretName: elastic-config-secret 22 | - secretName: elastic-config-slack 23 | - secretName: elastic-config-custom-path 24 | items: 25 | - key: slack_url 26 | path: xpack.notification.slack.account.otheraccount.secure_url 27 | 28 | secret: 29 | enabled: false 30 | -------------------------------------------------------------------------------- /share/templates/worker-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.worker.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "share.worker.fullname" . }}" 10 | labels: 11 | app: {{ template "share.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | component: "{{ .Values.worker.name }}" 14 | heritage: {{ .Release.Service }} 15 | release: {{ .Release.Name }} 16 | spec: 17 | selector: 18 | matchLabels: 19 | app: {{ template "share.name" . }} 20 | component: "{{ .Values.worker.name }}" 21 | release: {{ .Release.Name }} 22 | minAvailable: {{ .Values.worker.budget.minAvailable }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /osf/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: elasticsearch-old 3 | repository: https://centerforopenscience.github.io/helm-charts/ 4 | version: 0.5.3 5 | - name: elasticsearch-old 6 | repository: https://centerforopenscience.github.io/helm-charts/ 7 | version: 0.5.3 8 | - name: maintenance 9 | repository: https://centerforopenscience.github.io/helm-charts/ 10 | version: 0.2.0 11 | - name: postgresql 12 | repository: https://charts.helm.sh/stable 13 | version: 0.11.1 14 | - name: rabbitmq 15 | repository: https://centerforopenscience.github.io/helm-charts/ 16 | version: 6.9.1 17 | - name: redis 18 | repository: https://centerforopenscience.github.io/helm-charts/ 19 | version: 1.1.3 20 | digest: sha256:cae7da8fdb07f290786fccd993b80bde30242bf61e829fe421b8d52fe113730e 21 | generated: "2024-02-02T12:52:01.633524-05:00" 22 | -------------------------------------------------------------------------------- /osf/templates/api-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.api.horizontalPodAutoscaler.enabled -}} 2 | apiVersion: autoscaling/v1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "osf.api.fullname" . }} 6 | labels: 7 | app: {{ template "osf.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | component: "{{ .Values.api.name }}" 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | scaleTargetRef: 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | name: {{ template "osf.api.fullname" . }} 17 | minReplicas: {{ .Values.api.replicaCount }} 18 | maxReplicas: {{ .Values.api.horizontalPodAutoscaler.maxReplicas }} 19 | targetCPUUtilizationPercentage: {{ .Values.api.horizontalPodAutoscaler.targetCPUUtilizationPercentage }} 20 | {{- end -}} 21 | -------------------------------------------------------------------------------- /osf/templates/web-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.web.horizontalPodAutoscaler.enabled -}} 2 | apiVersion: autoscaling/v1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "osf.web.fullname" . }} 6 | labels: 7 | app: {{ template "osf.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | component: "{{ .Values.web.name }}" 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | scaleTargetRef: 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | name: {{ template "osf.web.fullname" . }} 17 | minReplicas: {{ .Values.web.replicaCount }} 18 | maxReplicas: {{ .Values.web.horizontalPodAutoscaler.maxReplicas }} 19 | targetCPUUtilizationPercentage: {{ .Values.web.horizontalPodAutoscaler.targetCPUUtilizationPercentage }} 20 | {{- end -}} 21 | -------------------------------------------------------------------------------- /share/templates/indexer-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.indexer.budget.minAvailable -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" -}} 3 | apiVersion: policy/v1 4 | {{- else}} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: "{{ template "share.indexer.fullname" . }}" 10 | labels: 11 | app: {{ template "share.name" . }} 12 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 13 | component: "{{ .Values.indexer.name }}" 14 | heritage: {{ .Release.Service }} 15 | release: {{ .Release.Name }} 16 | spec: 17 | selector: 18 | matchLabels: 19 | app: {{ template "share.name" . }} 20 | component: "{{ .Values.indexer.name }}" 21 | release: {{ .Release.Name }} 22 | minAvailable: {{ .Values.indexer.budget.minAvailable }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /elasticsearch/examples/openshift/README.md: -------------------------------------------------------------------------------- 1 | # OpenShift 2 | 3 | This example deploy a 3 nodes Elasticsearch 8.5.1 cluster on [OpenShift][] 4 | using [custom values][]. 5 | 6 | ## Usage 7 | 8 | * Deploy Elasticsearch chart with the default values: `make install` 9 | 10 | * You can now setup a port forward to query Elasticsearch API: 11 | 12 | ``` 13 | kubectl port-forward svc/elasticsearch-master 9200 14 | curl localhost:9200/_cat/indices 15 | ``` 16 | 17 | ## Testing 18 | 19 | You can also run [goss integration tests][] using `make test` 20 | 21 | 22 | [custom values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/openshift/values.yaml 23 | [goss integration tests]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/openshift/test/goss.yaml 24 | [openshift]: https://www.openshift.com/ 25 | -------------------------------------------------------------------------------- /postgresql-ha/templates/pgpool/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright VMware, Inc. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if (include "postgresql-ha.pgpoolCreateSecret" .) }} 7 | apiVersion: v1 8 | kind: Secret 9 | metadata: 10 | name: {{ include "postgresql-ha.pgpool" . }} 11 | namespace: {{ include "common.names.namespace" . | quote }} 12 | labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | app.kubernetes.io/component: pgpool 14 | {{- if .Values.commonAnnotations }} 15 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | type: Opaque 18 | data: 19 | admin-password: {{ (include "postgresql-ha.pgpoolAdminPassword" .) | b64enc | quote }} 20 | {{- end -}} 21 | -------------------------------------------------------------------------------- /redis/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.networkPolicy.enabled }} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ template "redis.fullname" . }} 6 | labels: 7 | {{- include "redis.labels.standard" . | nindent 4 }} 8 | spec: 9 | podSelector: 10 | matchLabels: 11 | app: {{ template "redis.name" . }} 12 | ingress: 13 | # Allow inbound connections 14 | - ports: 15 | - port: 6379 16 | {{- if not .Values.networkPolicy.allowExternal }} 17 | from: 18 | - podSelector: 19 | matchLabels: 20 | {{ template "redis.fullname" . }}-client: "true" 21 | {{- end }} 22 | {{- if .Values.metrics.enabled }} 23 | # Allow prometheus scrapes for metrics 24 | - ports: 25 | - port: 9121 26 | {{- end }} 27 | {{- end }} 28 | --------------------------------------------------------------------------------