├── assets ├── icons │ ├── k8s-secret.png │ ├── s3-bucket.png │ ├── generic-app.png │ ├── icon-host-ingress.png │ └── prometheus-msteams.png └── img │ ├── mssql-backup.jpg │ ├── multi-argocd.png │ ├── mssql-grafana.jpg │ ├── mssql-restore.jpg │ └── vault-radius-auth-config.png ├── charts ├── web-app │ ├── Chart.lock │ ├── templates │ │ ├── apm │ │ │ ├── secret.yaml │ │ │ └── configmap.yaml │ │ ├── apigateway │ │ │ └── 3scale-backend.yaml │ │ ├── poddisruptionbudget.yaml │ │ ├── serviceaccount.yaml │ │ ├── tests │ │ │ └── test-connection.yaml │ │ ├── configmap-file.yaml │ │ ├── job.yaml │ │ ├── image-stream.yaml │ │ ├── service.yaml │ │ ├── service-headless.yaml │ │ ├── rbac │ │ │ ├── rolebinding-scc-anyuid.yaml │ │ │ └── rbac-scc-privileged.yaml │ │ ├── ingress.yaml │ │ ├── pvc.yaml │ │ ├── pvc-extra.yaml │ │ ├── secret-env-vars.yaml │ │ ├── hpa.yaml │ │ ├── secret-env-vars-sealed.yaml │ │ ├── route.yaml │ │ ├── _apm_pod_chunks.tpl │ │ ├── deployment.yaml │ │ ├── NOTES.txt │ │ ├── statefulset.yaml │ │ ├── deployment-config.yaml │ │ └── cronjob.yaml │ ├── .helmignore │ ├── README.md │ └── Chart.yaml ├── prometheus-to-msteams │ ├── templates │ │ ├── NOTES.txt │ │ ├── service.yaml │ │ ├── tests │ │ │ └── test-connection.yaml │ │ ├── configmap.yaml │ │ ├── _helpers.tpl │ │ └── deployment.yaml │ ├── values.sample.yaml │ ├── Chart.yaml │ ├── values.yaml │ └── files │ │ └── teams.j2 ├── service-proxy │ ├── values.sample-http-https-with-cacert.yaml │ ├── templates │ │ ├── secret-env-vars.yaml │ │ ├── serviceaccount.yaml │ │ ├── backend │ │ │ └── configmap-ca.yaml │ │ ├── configmap.yaml │ │ ├── tests │ │ │ └── test-connection.yaml │ │ ├── servicemonitor.yaml │ │ ├── service.yaml │ │ ├── hpa.yaml │ │ ├── route.yaml │ │ ├── secret-env-vars-sealed.yaml │ │ ├── route-admin-envoy.yaml │ │ ├── NOTES.txt │ │ ├── ingress.yaml │ │ ├── _helpers.tpl │ │ └── deployment.yaml │ ├── values.sample-http-https.yaml │ ├── .helmignore │ ├── README.md │ ├── values.sample-s3.yaml │ ├── Chart.yaml │ ├── files │ │ └── envoy-modes │ │ │ ├── envoy-redis.yaml │ │ │ ├── envoy-https-passthrough.yaml │ │ │ ├── envoy-http-https.yaml │ │ │ └── envoy-s3.yaml │ └── values.yaml ├── mssql │ ├── Chart.lock │ ├── files │ │ ├── scripts │ │ │ └── entrypoint │ │ │ │ ├── entrypoint.sh │ │ │ │ ├── restore.sh │ │ │ │ └── init.sh │ │ └── sql │ │ │ └── 00_create_db_owner_user.sql │ ├── templates │ │ ├── primary │ │ │ ├── entrypoint-configmap.yaml │ │ │ ├── svc-headless.yaml │ │ │ ├── initialization-configmap.yaml │ │ │ ├── pdb.yaml │ │ │ ├── ingressroutetcp.yaml │ │ │ ├── configmap.yaml │ │ │ └── svc.yaml │ │ ├── rolebinding.yaml │ │ ├── serviceaccount.yaml │ │ ├── metrics-svc.yaml │ │ ├── secrets.yaml │ │ ├── backup │ │ │ ├── persistentvolumeclaim.yaml │ │ │ └── cronjob.yaml │ │ ├── networkpolicy.yaml │ │ └── servicemonitor.yaml │ ├── CONTRIBUTING.md │ ├── Chart.yaml │ ├── values.sample.yaml │ └── README.md ├── docker-daemon-sshd │ ├── templates │ │ ├── secret-ssh-files.yaml │ │ ├── configmap-helper-scripts.yaml │ │ ├── serviceaccount.yaml │ │ ├── endpoints.yaml │ │ ├── servicemonitor.yaml │ │ ├── pvc.yaml │ │ ├── sshd │ │ │ └── servicemonitor.yaml │ │ ├── svc.yaml │ │ ├── tests │ │ │ └── test-connection.yaml │ │ ├── cronjob-cache-cleaner.yaml │ │ ├── docker-client │ │ │ ├── pod-docker-client-example.yaml │ │ │ └── configmap-ssh-files.yaml │ │ ├── ingress.yaml │ │ ├── _helpers.tpl │ │ └── NOTES.txt │ ├── values.example.yaml │ ├── .helmignore │ ├── files │ │ └── scripts │ │ │ ├── prepare-existing-daemon.sh │ │ │ └── install-prometheus-exporter-active-ssh-users.sh │ ├── README.md │ └── Chart.yaml ├── radius-server │ ├── templates │ │ ├── serviceaccount.yaml │ │ ├── tests │ │ │ └── test-connection.yaml │ │ ├── configmap.yaml │ │ ├── service.yaml │ │ ├── ingress.yaml │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ └── deployment.yaml │ ├── .helmignore │ ├── README.md │ ├── Chart.yaml │ └── values.yaml ├── single-page-app │ ├── templates │ │ ├── serviceaccount.yaml │ │ ├── service.yaml │ │ ├── tests │ │ │ └── test-connection.yaml │ │ ├── image-stream.yaml │ │ ├── ingress.yaml │ │ ├── route.yaml │ │ ├── secret-env-vars.yaml │ │ ├── hpa.yaml │ │ ├── NOTES.txt │ │ ├── configmap-nginx.yaml │ │ ├── _helpers.tpl │ │ └── deployment.yaml │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ └── values.schema.json └── external-service │ ├── .helmignore │ ├── values.sample.yaml │ ├── templates │ ├── tests │ │ └── test-connection.yaml │ ├── endpoints.yaml │ ├── service.yaml │ ├── ingress.yaml │ ├── NOTES.txt │ └── _helpers.tpl │ ├── values.sample-multiports.yaml │ ├── README.md │ ├── values.yaml │ └── Chart.yaml ├── .gitignore ├── README.md └── .github └── workflows └── release.yml /assets/icons/k8s-secret.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ElmCompany/helm-charts/HEAD/assets/icons/k8s-secret.png -------------------------------------------------------------------------------- /assets/icons/s3-bucket.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ElmCompany/helm-charts/HEAD/assets/icons/s3-bucket.png -------------------------------------------------------------------------------- /assets/img/mssql-backup.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ElmCompany/helm-charts/HEAD/assets/img/mssql-backup.jpg -------------------------------------------------------------------------------- /assets/img/multi-argocd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ElmCompany/helm-charts/HEAD/assets/img/multi-argocd.png -------------------------------------------------------------------------------- /assets/icons/generic-app.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ElmCompany/helm-charts/HEAD/assets/icons/generic-app.png -------------------------------------------------------------------------------- /assets/img/mssql-grafana.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ElmCompany/helm-charts/HEAD/assets/img/mssql-grafana.jpg -------------------------------------------------------------------------------- /assets/img/mssql-restore.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ElmCompany/helm-charts/HEAD/assets/img/mssql-restore.jpg -------------------------------------------------------------------------------- /assets/icons/icon-host-ingress.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ElmCompany/helm-charts/HEAD/assets/icons/icon-host-ingress.png -------------------------------------------------------------------------------- /assets/icons/prometheus-msteams.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ElmCompany/helm-charts/HEAD/assets/icons/prometheus-msteams.png -------------------------------------------------------------------------------- /assets/img/vault-radius-auth-config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ElmCompany/helm-charts/HEAD/assets/img/vault-radius-auth-config.png -------------------------------------------------------------------------------- /charts/web-app/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: [] 2 | digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 3 | generated: "2024-05-30T21:36:36.73281+03:00" 4 | -------------------------------------------------------------------------------- /charts/prometheus-to-msteams/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Prom2Teams has been installed. Check its status by running: 2 | kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" 3 | -------------------------------------------------------------------------------- /charts/service-proxy/values.sample-http-https-with-cacert.yaml: -------------------------------------------------------------------------------- 1 | proxyMode: http-https 2 | backendService: 3 | address: prometheus-k8s.openshift-monitoring.svc.cluster.local 4 | port: 9091 5 | caCertConfigmap: 6 | name: corporate-ca 7 | -------------------------------------------------------------------------------- /charts/mssql/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: common 3 | repository: https://charts.bitnami.com/bitnami 4 | version: 2.0.3 5 | digest: sha256:94c28dd28ef4b052d798ccfe4282a704bda098e32321c4c2015536ba8054891e 6 | generated: "2022-09-16T21:13:55.460597+03:00" 7 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Created by https://www.toptal.com/developers/gitignore/api/helm 3 | # Edit at https://www.toptal.com/developers/gitignore?templates=helm 4 | 5 | ### Helm ### 6 | # Chart dependencies 7 | **/charts/*.tgz 8 | 9 | # End of https://www.toptal.com/developers/gitignore/api/helm -------------------------------------------------------------------------------- /charts/mssql/files/scripts/entrypoint/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | export MSSQL_TCP_PORT={{ .Values.primary.service.ports.mssql }} 3 | 4 | # tail --pid $$ -F /var/opt/mssql/log/*.log & \ 5 | bash /tmp/entrypoint-scripts/init.sh & \ 6 | /opt/mssql/bin/sqlservr 7 | # in case of mssql 2017 : /opt/mssql/bin/sqlserver 8 | -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/templates/secret-ssh-files.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Secret 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "docker-daemon-sshd.fullname" . }}-ssh-dir 6 | labels: 7 | {{- include "docker-daemon-sshd.labels" . | nindent 4 }} 8 | data: 9 | id_rsa.pub: {{ .Values.sshKeys.public | b64enc }} 10 | -------------------------------------------------------------------------------- /charts/web-app/templates/apm/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.apm.enabled -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: apm-{{ include "web-app.fullname" . }} 6 | labels: 7 | {{- include "web-app.labels" . | nindent 4 }} 8 | data: 9 | ELASTIC_APM_SECRET_TOKEN: {{ .Values.apmProvider.token }} 10 | {{- end }} -------------------------------------------------------------------------------- /charts/web-app/templates/apigateway/3scale-backend.yaml: -------------------------------------------------------------------------------- 1 | {{/* 2 | {{ if .Values.apiGateway.enabled }} 3 | kind: Backend 4 | apiVersion: capabilities.3scale.net/v1beta1 5 | metadata: 6 | name: backend1-sample 7 | namespace: platform-3scale 8 | spec: 9 | {{ toYaml .Values.apiGateway.spec }} 10 | ... 11 | 12 | {{ .end }} 13 | 14 | */}} -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/values.example.yaml: -------------------------------------------------------------------------------- 1 | sshClient: 2 | namespaces: ['test-docker-client'] 3 | dind: 4 | storageDriver: vfs # overlay2 5 | # resources: 6 | # limits: 7 | # cpu: "2000m" 8 | # memory: "4096Mi" 9 | # requests: 10 | # memory: "2048Mi" 11 | persistence: 12 | enabled: true 13 | hostPath: /opt/docker-graph-example 14 | size: 500Gi -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/templates/configmap-helper-scripts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ConfigMap 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "docker-daemon-sshd.fullname" . }}-helper-scripts 6 | labels: 7 | {{- include "docker-daemon-sshd.labels" . | nindent 4 }} 8 | data: 9 | {{- with .Files.Glob "files/scripts/*.sh" }} 10 | {{ tpl .AsConfig $ | indent 2 }} 11 | {{- end }} 12 | 13 | -------------------------------------------------------------------------------- /charts/service-proxy/templates/secret-env-vars.yaml: -------------------------------------------------------------------------------- 1 | {{- with .Values.envVars }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "service-proxy.fullname" $ }}-env-vars 6 | labels: 7 | {{- include "service-proxy.labels" $ | nindent 4 }} 8 | data: 9 | {{- range $key, $value:= . }} 10 | {{ $key }}: {{ $value | toString | b64enc }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/service-proxy/values.sample-http-https.yaml: -------------------------------------------------------------------------------- 1 | # Proxy google.com & expose it in your cluster under goo.apps.mycluster.com 2 | # https-passthrough | http-https 3 | proxyMode: http-https 4 | backendService: 5 | address: google.com 6 | port: 443 7 | route: 8 | enabled: true 9 | host: goo.apps.mycluster.com 10 | adminRoute: 11 | enabled: true 12 | host: goo-envoy-status.apps.mycluster.com 13 | -------------------------------------------------------------------------------- /charts/radius-server/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "radius-server.serviceAccountName" . }} 6 | labels: 7 | {{- include "radius-server.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /charts/web-app/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | name: {{ include "web-app.fullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "web-app.labels" . | nindent 4 }} 8 | spec: 9 | minAvailable: {{ .Values.replicaMinAvailable }} 10 | selector: 11 | matchLabels: 12 | {{- include "web-app.selectorLabels" . | nindent 6 }} -------------------------------------------------------------------------------- /charts/single-page-app/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "single-page-app.serviceAccountName" . }} 6 | labels: 7 | {{- include "single-page-app.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/web-app/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "web-app.serviceAccountName" . }} 6 | labels: 7 | {{- include "web-app.labels" . | nindent 4 }} 8 | {{- if eq (include "web-app.is-job" . ) "true" }} 9 | annotations: 10 | {{- toYaml .Values.job.annotations | nindent 4 }} 11 | {{- end -}} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/service-proxy/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "service-proxy.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "service-proxy.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/web-app/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/radius-server/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/service-proxy/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/external-service/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/single-page-app/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/web-app/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "web-app.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "web-app.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "web-app.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/service-proxy/templates/backend/configmap-ca.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.backendService.caCert }} 2 | --- 3 | apiVersion: v1 4 | data: 5 | kind: ConfigMap 6 | metadata: 7 | namespace: {{ .Release.Namespace }} 8 | name: {{ include "service-proxy.backendServiceCaCertConfigmapName" . }} 9 | labels: 10 | {{- include "service-proxy.labels" . | nindent 4 }} 11 | 12 | data: 13 | {{ .Values.backendService.caCertConfigmap.key }}: | 14 | {{ .Values.backendService.caCert | nindent 4 }} 15 | 16 | {{ end }} -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.existingDockerDaemon.enabled }} 2 | {{- if .Values.serviceAccount.create -}} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ include "docker-daemon-sshd.serviceAccountName" . }} 7 | labels: 8 | {{- include "docker-daemon-sshd.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end }} 14 | {{- end }} -------------------------------------------------------------------------------- /charts/radius-server/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "radius-server.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "radius-server.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "radius-server.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/single-page-app/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "single-page-app.fullname" . }} 5 | labels: 6 | {{- include "single-page-app.labels" . | nindent 4 }} 7 | spec: 8 | ports: 9 | - name: tcp-{{ .Values.port }} 10 | port: {{ .Values.port }} 11 | protocol: TCP 12 | targetPort: {{ .Values.port }} 13 | selector: 14 | {{- include "single-page-app.selectorLabels" . | nindent 4 }} 15 | sessionAffinity: None 16 | type: ClusterIP 17 | -------------------------------------------------------------------------------- /charts/web-app/templates/configmap-file.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.configFile.name -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "web-app.fullname" . }}-file 6 | labels: 7 | {{- include "web-app.labels" . | nindent 4 }} 8 | {{- if eq (include "web-app.is-job" . ) "true" }} 9 | annotations: 10 | {{- toYaml .Values.job.annotations | nindent 4 }} 11 | {{- end }} 12 | data: 13 | {{ .Values.configFile.name }}: | 14 | {{- tpl .Values.configFile.content . | nindent 4 }} 15 | {{- end }} -------------------------------------------------------------------------------- /charts/single-page-app/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "single-page-app.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "single-page-app.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "single-page-app.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/service-proxy/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "service-proxy.fullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "service-proxy.labels" . | nindent 4 }} 8 | data: 9 | {{/* (tpl (.Files.Glob "files/envoy-modes/*.yaml").AsConfig .) | indent 2 */}} 10 | {{- range $path, $_ := (.Files.Glob "files/envoy-modes/*.yaml") }} 11 | {{ trimPrefix "files/envoy-modes/" $path }}: | 12 | {{- tpl ($.Files.Get $path) $ | nindent 4 }} 13 | {{ end }} -------------------------------------------------------------------------------- /charts/service-proxy/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "service-proxy.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "service-proxy.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test 9 | spec: 10 | containers: 11 | - name: wget 12 | image: '{{.Values.image.registry}}/busybox' 13 | command: ['wget'] 14 | args: ['{{ include "service-proxy.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/prometheus-to-msteams/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "prometheus-to-msteams.fullname" . }} 5 | labels: 6 | {{ include "prometheus-to-msteams.labels" . | indent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: 8089 12 | protocol: TCP 13 | name: http 14 | selector: 15 | app.kubernetes.io/name: {{ include "prometheus-to-msteams.name" . }} 16 | app.kubernetes.io/instance: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /charts/radius-server/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "radius-server.fullname" . }} 5 | labels: 6 | {{- include "radius-server.labels" . | nindent 4 }} 7 | data: 8 | clients.conf: | 9 | client healthcheker { 10 | ipaddr = 127.0.0.1/32 11 | secret = healthsecret 12 | } 13 | {{ .Values.authorization.clients | nindent 4 }} 14 | users: | 15 | healthuser Cleartext-Password := "healthpass", MS-CHAP-Use-NTLM-Auth := 0 16 | {{ .Values.authorization.users | nindent 4 }} 17 | 18 | -------------------------------------------------------------------------------- /charts/web-app/templates/job.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq (include "web-app.is-job" . ) "true" }} 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: {{ include "web-app.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | {{- with .Values.job.annotations }} 8 | annotations: 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | labels: 12 | {{- include "web-app.labels" . | nindent 4 }} 13 | spec: 14 | backoffLimit: {{ .Values.job.backoffLimit }} 15 | template: 16 | spec: 17 | {{- include "web-app.pod" . | nindent 6 -}} 18 | 19 | {{ end }} 20 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Elm Helm Charts 2 | Curated applications for Kubernetes which have been developed for specific Elm uses cases, which we believe that are common use cases for other enterprises. 3 | 4 | # Getting Started 5 | 6 | **Set Elm Repo** 7 | ```sh 8 | helm repo add elm https://raw.githubusercontent.com/ElmCompany/helm-charts/gh-pages 9 | helm repo update 10 | ``` 11 | 12 | **Check Generally Available Charts** 13 | 14 | ```sh 15 | helm search repo |grep elm/ 16 | ``` 17 | 18 | # Authors 19 | 20 | - @abdennour 21 | 22 | 23 | # License 24 | 25 | [GNU GPL v3](LICENSE) 26 | -------------------------------------------------------------------------------- /charts/external-service/values.sample.yaml: -------------------------------------------------------------------------------- 1 | externalService: 2 | ports: 3 | - name: http 4 | port: 8081 5 | protocol: TCP 6 | ips: 7 | - 172.16.x.x 8 | service: 9 | type: ClusterIP 10 | ports: 11 | - name: http 12 | port: 8081 13 | targetPort: http 14 | protocol: TCP 15 | 16 | ingress: 17 | enabled: true 18 | annotations: 19 | kubernetes.io/ingress.class: nginx 20 | nginx.ingress.kubernetes.io/service-upstream: "true" 21 | # kubernetes.io/tls-acme: "true" 22 | hosts: 23 | - host: nx.mycompany.com 24 | paths: ["/"] 25 | -------------------------------------------------------------------------------- /charts/service-proxy/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: {{ include "service-proxy.fullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "service-proxy.labels" . | nindent 4 }} 8 | spec: 9 | endpoints: 10 | - interval: 10s 11 | path: /stats/prometheus 12 | port: admin 13 | namespaceSelector: 14 | matchNames: 15 | - {{ .Release.Namespace }} 16 | selector: 17 | matchLabels: 18 | {{- include "service-proxy.selectorLabels" . | nindent 6 }} 19 | -------------------------------------------------------------------------------- /charts/web-app/templates/image-stream.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.deployment.kind "DeploymentConfig" }} 2 | apiVersion: image.openshift.io/v1 3 | kind: ImageStream 4 | metadata: 5 | name: {{ include "web-app.fullname" . }} 6 | labels: 7 | {{- include "web-app.labels" . | nindent 4 }} 8 | spec: 9 | dockerImageRepository: {{ include "web-app.imageRepo" . }} 10 | tags: 11 | - name: {{ .Values.image.tag | quote }} 12 | from: 13 | kind: DockerImage 14 | name: '{{ include "web-app.imageRepo" . }}:{{ .Values.image.tag }}' 15 | lookupPolicy: 16 | local: false 17 | {{- end }} -------------------------------------------------------------------------------- /charts/prometheus-to-msteams/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "prometheus-to-msteams.fullname" . }}-test-connection" 5 | labels: 6 | {{ include "prometheus-to-msteams.labels" . | indent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | "helm.sh/hook-delete-policy": test-success,test-failure 10 | spec: 11 | containers: 12 | - name: wget 13 | image: '{{.Values.image.registry}}/busybox' 14 | command: ['wget'] 15 | args: ['{{ include "prometheus-to-msteams.fullname" . }}:{{ .Values.service.port }}'] 16 | restartPolicy: Never 17 | -------------------------------------------------------------------------------- /charts/service-proxy/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "service-proxy.fullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "service-proxy.labels" . | nindent 4 }} 8 | spec: 9 | type: {{ .Values.service.type }} 10 | ports: 11 | - port: {{ .Values.service.port }} 12 | targetPort: web 13 | protocol: TCP 14 | name: web 15 | - port: {{ .Values.service.adminPort }} 16 | targetPort: admin 17 | protocol: TCP 18 | name: admin 19 | selector: 20 | {{- include "service-proxy.selectorLabels" . | nindent 4 }} 21 | -------------------------------------------------------------------------------- /charts/single-page-app/templates/image-stream.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.deployment.kind "DeploymentConfig" }} 2 | apiVersion: image.openshift.io/v1 3 | kind: ImageStream 4 | metadata: 5 | name: {{ include "single-page-app.fullname" . }} 6 | labels: 7 | {{- include "single-page-app.labels" . | nindent 4 }} 8 | spec: 9 | dockerImageRepository: {{ include "single-page-app.imageRepo" . }} 10 | tags: 11 | - name: {{ (include "single-page-app.imageTag" .) | quote }} 12 | from: 13 | kind: DockerImage 14 | name: '{{ include "single-page-app.imageRepo" . }}:{{ include "single-page-app.imageTag" . }}' 15 | lookupPolicy: 16 | local: false 17 | {{- end }} -------------------------------------------------------------------------------- /charts/external-service/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "external-service.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "external-service.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | {{- if .Values.service.port }} 14 | command: ['wget'] 15 | args: ['{{ include "external-service.fullname" . }}:{{ .Values.service.port }}'] 16 | {{- else }} 17 | command: ["echo"] 18 | args: ["No test available for multi ports"] 19 | {{- end }} 20 | restartPolicy: Never 21 | -------------------------------------------------------------------------------- /charts/external-service/templates/endpoints.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Endpoints 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "external-service.fullname" . }} 6 | labels: 7 | {{- include "external-service.labels" . | nindent 4 }} 8 | subsets: 9 | - addresses: 10 | {{- if .Values.externalService.ip }} 11 | - ip: {{ .Values.externalService.ip }} 12 | {{- end }} 13 | {{- range .Values.externalService.ips }} 14 | - ip: {{ . }} 15 | {{- end }} 16 | ports: 17 | {{- if .Values.externalService.port }} 18 | - port: {{ .Values.externalService.port }} 19 | {{- end }} 20 | {{- with .Values.externalService.ports }} 21 | {{- toYaml . | nindent 4 }} 22 | {{- end }} -------------------------------------------------------------------------------- /charts/radius-server/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "radius-server.fullname" . }} 5 | labels: 6 | {{- include "radius-server.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: radius 12 | name: radius 13 | - port: {{ .Values.service.portAuth }} 14 | targetPort: radius-auth 15 | protocol: UDP 16 | name: radius-auth 17 | - port: {{ .Values.service.portAcc }} 18 | targetPort: radius-acc 19 | protocol: UDP 20 | name: radius-acc 21 | selector: 22 | {{- include "radius-server.selectorLabels" . | nindent 4 }} 23 | -------------------------------------------------------------------------------- /charts/mssql/files/sql/00_create_db_owner_user.sql: -------------------------------------------------------------------------------- 1 | -- Credits for https://stackoverflow.com/a/52484134/747579 2 | {{- if .Values.auth.createLogin }} 3 | USE [master] 4 | GO 5 | CREATE LOGIN [{{ .Values.auth.username }}] WITH PASSWORD=N'$(MSSQL_PASSWORD)' 6 | GO 7 | {{- end }} 8 | {{- if .Values.auth.username }} 9 | USE [master] 10 | GO 11 | CREATE USER [{{ .Values.auth.username }}] FOR LOGIN [{{ .Values.auth.username }}] 12 | GO 13 | {{- end }} 14 | 15 | {{- if and .Values.auth.database .Values.auth.username }} 16 | USE [{{ .Values.auth.database }}] 17 | GO 18 | CREATE USER [{{ .Values.auth.username }}] FOR LOGIN [{{ .Values.auth.username }}] 19 | ALTER ROLE db_owner ADD MEMBER [{{ .Values.auth.username }}] 20 | GO 21 | 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/external-service/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "external-service.fullname" . }} 5 | labels: 6 | {{- include "external-service.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | {{- if .Values.service.port }} 11 | - port: {{ .Values.service.port }} 12 | targetPort: {{ .Values.externalService.port }} 13 | {{- end }} 14 | {{- if .Values.service.ports }} 15 | {{- with .Values.service.ports }} 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | {{- end }} 19 | 20 | 21 | # kind: Service 22 | # apiVersion: v1 23 | # metadata: 24 | # name: nexus 25 | # spec: 26 | # ports: 27 | # - port: 80 28 | # targetPort: 80 -------------------------------------------------------------------------------- /charts/external-service/values.sample-multiports.yaml: -------------------------------------------------------------------------------- 1 | fullnameOverride: git 2 | externalService: 3 | ports: 4 | - name: http 5 | port: 8080 6 | protocol: TCP 7 | - name: ssh 8 | port: 7090 9 | protocol: TCP 10 | ips: 11 | - 172.16.x.x 12 | service: 13 | type: ClusterIP 14 | ports: 15 | - name: http 16 | port: 80 17 | targetPort: http 18 | protocol: TCP 19 | - name: ssh 20 | port: 22 21 | targetPort: ssh 22 | protocol: TCP 23 | 24 | ingress: 25 | enabled: true 26 | annotations: 27 | kubernetes.io/ingress.class: nginx 28 | nginx.ingress.kubernetes.io/rewrite-target: /scm/$1 29 | # kubernetes.io/tls-acme: "true" 30 | hosts: 31 | - host: git.mycompany.com 32 | paths: 33 | - /(.*) -------------------------------------------------------------------------------- /charts/external-service/README.md: -------------------------------------------------------------------------------- 1 | # Overview 2 | 3 | Provisioning k8s service which points to external service ( external IP/Host and external port). 4 | Optionally, you can expose that service thru ingress. 5 | 6 | # Values 7 | 8 | Check default Values of this chart [here]( 9 | https://github.com/ElmCompany/helm-charts/blob/master/charts/external-service/values.yaml) 10 | 11 | # How to install the app 12 | 13 | **Set Elm Repo** 14 | 15 | ```sh 16 | 17 | helm repo add elm https://raw.githubusercontent.com/ElmCompany/helm-charts/gh-pages 18 | helm repo update 19 | ``` 20 | 21 | **Use it** `helm install elm/external-service -f values.sample.yaml` 22 | 23 | # Authors 24 | 25 | This chart is maintained by: 26 | - Abdennour Toumi 27 | 28 | # License 29 | 30 | LGPL v3 -------------------------------------------------------------------------------- /charts/web-app/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq (include "web-app.is-job" . ) "false" }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "web-app.fullname" . }} 6 | labels: 7 | {{- include "web-app.labels" . | nindent 4 }} 8 | spec: 9 | ports: 10 | {{- range $index,$port := ( splitList "@" (include "web-app.ports" . )) }} 11 | - name: tcp-{{ $port }} 12 | port: {{ $port | int }} 13 | protocol: TCP 14 | targetPort: {{ $port | int }} 15 | {{- end }} 16 | 17 | selector: 18 | {{- include "web-app.selectorLabels" . | nindent 4 }} 19 | {{- if eq .Values.deployment.kind "DeploymentConfig" }} 20 | deploymentconfig: {{ include "web-app.fullname" . }} 21 | {{- end }} 22 | sessionAffinity: None 23 | type: ClusterIP 24 | {{- end }} -------------------------------------------------------------------------------- /charts/radius-server/README.md: -------------------------------------------------------------------------------- 1 | # Radius Server Helm Chart 2 | 3 | This chart installs Radius app on top of a kubernetes cluster. 4 | 5 | # Use Case 6 | 7 | We've created this chart in order to simulate the integration between Hashicorp Vault and Radius through the "Radius" auth method. 8 | 9 | 10 | ![](../assets/img/vault-radius-auth-config.png) 11 | 12 | # Values 13 | Defaut values are documented in [values.yaml](values.yaml) 14 | 15 | 16 | Using the default values ( without customization), the default Radius instance allow traffics as following: 17 | - From any IP (0.0.0.0/0) 18 | - Secured with a password `bigsecret` 19 | - For 2 Users (username/password): `user/password` , `bob/test` 20 | 21 | # Authors 22 | 23 | - @abdennour 24 | 25 | # License 26 | 27 | [LICENSE](../LICENSE) 28 | -------------------------------------------------------------------------------- /charts/mssql/templates/primary/entrypoint-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ printf "%s-entrypoint" (include "mssql.primary.fullname" .) }} 5 | namespace: {{ include "common.names.namespace" . | quote }} 6 | labels: {{- include "common.labels.standard" . | nindent 4 }} 7 | app.kubernetes.io/component: primary 8 | {{- if .Values.commonLabels }} 9 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 10 | {{- end }} 11 | {{- if .Values.commonAnnotations }} 12 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 13 | {{- end }} 14 | data: 15 | {{ (tpl (.Files.Glob "files/scripts/entrypoint/*.sh").AsConfig .) | indent 2}} -------------------------------------------------------------------------------- /charts/service-proxy/README.md: -------------------------------------------------------------------------------- 1 | # Overview 2 | Envoy proxy for any service, easy to install & easy to configure. 3 | Ability to proxy: 4 | - https traffic & expose it as http traffic 5 | - S3 endpoint (Cloud or on-prem like MinIO) 6 | 7 | 8 | # Values 9 | 10 | Check default Values of this chart [here]( 11 | https://github.com/ElmCompany/helm-charts/blob/master/charts/service-proxy/values.yaml) 12 | 13 | # How to install the app 14 | 15 | **Set Elm Repo** 16 | 17 | ```sh 18 | 19 | helm repo add elm https://raw.githubusercontent.com/ElmCompany/helm-charts/gh-pages 20 | helm repo update 21 | ``` 22 | 23 | **Use it** `helm install elm/service-proxy -f values.sample-http-https.yaml` 24 | 25 | # Authors 26 | 27 | This chart is maintained by: 28 | - @abdennour 29 | 30 | # License 31 | 32 | LGPL v3 -------------------------------------------------------------------------------- /charts/web-app/templates/service-headless.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq (include "web-app.is-statefulset" . ) "true" }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "web-app.fullname" . }}-headless 6 | labels: 7 | {{- include "web-app.labels" . | nindent 4 }} 8 | spec: 9 | ports: 10 | {{- range $index,$port := ( splitList "@" (include "web-app.ports" . )) }} 11 | - name: tcp-{{ $port }} 12 | port: {{ $port | int }} 13 | protocol: TCP 14 | targetPort: {{ $port | int }} 15 | {{- end }} 16 | 17 | selector: 18 | {{- include "web-app.selectorLabels" . | nindent 4 }} 19 | {{- if eq .Values.deployment.kind "DeploymentConfig" }} 20 | deploymentconfig: {{ include "web-app.fullname" . }} 21 | {{- end }} 22 | sessionAffinity: None 23 | type: ClusterIP 24 | clusterIP: None 25 | {{- end }} -------------------------------------------------------------------------------- /charts/single-page-app/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.ingress.enabled (not .Values.openshift) }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ include "single-page-app.fullname" . }} 6 | labels: 7 | {{- include "single-page-app.labels" . | nindent 4 }} 8 | {{- if .Values.ingress.annotations }} 9 | annotations: 10 | {{- range $key, $value := .Values.ingress.annotations }} 11 | {{ $key }}: {{ $value | quote }} 12 | {{- end }} 13 | {{- end }} 14 | spec: 15 | rules: 16 | - host: "{{ .Values.ingress.host }}" 17 | http: 18 | paths: 19 | - backend: 20 | service: 21 | name: {{ include "single-page-app.fullname" . }} 22 | port: 23 | name: tcp-{{ .Values.port }} 24 | pathType: ImplementationSpecific 25 | {{- end }} -------------------------------------------------------------------------------- /charts/web-app/templates/rbac/rolebinding-scc-anyuid.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.serviceAccount.anyuid }} 2 | {{ if .Values.serviceAccount.create }} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ printf "anyuid-scc-%s" ( include "web-app.fullname" . ) }} 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{- include "web-app.labels" . | nindent 4 }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: system:openshift:scc:anyuid 14 | subjects: 15 | - kind: ServiceAccount 16 | name: {{ include "web-app.serviceAccountName" . }} 17 | namespace: {{ .Release.Namespace }} 18 | {{ else }} 19 | {{- printf "\n serviceAccount.anyuid=true requires non-default serviceAccount. Fix it by setting serviceAccount.create=true" | fail -}} 20 | {{ end }} 21 | {{ end }} -------------------------------------------------------------------------------- /charts/web-app/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (not .Values.openshift) .Values.route.enabled -}} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ include "web-app.fullname" $ }} 6 | {{- with .Values.route.annotations }} 7 | annotations: 8 | {{- toYaml . | nindent 4 }} 9 | {{- end }} 10 | labels: 11 | {{- include "web-app.labels" . | nindent 4 }} 12 | spec: 13 | rules: 14 | {{- range $index,$host := ( splitList "@" (include "web-app.hosts" . )) }} 15 | - host: {{ $host }} 16 | http: 17 | paths: 18 | - backend: 19 | service: 20 | name: {{ include "web-app.fullname" $ }} 21 | port: 22 | name: tcp-{{ $.Values.port }} 23 | pathType: ImplementationSpecific 24 | path: {{ $.Values.route.path }} 25 | {{- end -}} 26 | {{- end -}} -------------------------------------------------------------------------------- /charts/web-app/templates/apm/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.apm.enabled -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: apm-{{ include "web-app.fullname" . }} 6 | labels: 7 | {{- include "web-app.labels" . | nindent 4 }} 8 | data: 9 | ELASTIC_APM_SERVER_URL: {{ .Values.apmProvider.endpoint }} 10 | ELASTIC_APM_ENVIRONMENT: {{ include "web-app.env" . }} 11 | ELASTIC_APM_SERVICE_VERSION: {{ .Values.image.tag }} 12 | ELASTIC_APM_SERVICE_NAME: {{ ternary ( include "web-app.appUniq" . ) (printf "%s-%s" ( include "web-app.project" . ) .Values.apm.appName) (eq .Values.apm.appName "") }} 13 | ELASTIC_APM_LOG_LEVEL: {{ .Values.apm.logLevel }} 14 | {{- if eq .Values.apm.runtime "java" }} 15 | ELASTIC_APM_APPLICATION_PACKAGES: {{ .Values.apm.packages }} 16 | JAVA_OPTS: "{{ include "web-app.apmJavaOpts" . }}" 17 | {{- end }} 18 | 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/templates/endpoints.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.existingDockerDaemon.enabled }} 2 | --- 3 | kind: Endpoints 4 | apiVersion: v1 5 | metadata: 6 | name: {{ include "docker-daemon-sshd.fullname" . }} 7 | labels: 8 | {{- include "docker-daemon-sshd.labels" . | nindent 4 }} 9 | subsets: 10 | - addresses: 11 | - ip: {{ .Values.existingDockerDaemon.ip }} 12 | ports: 13 | - name: sshd 14 | port: {{ .Values.existingDockerDaemon.port }} 15 | protocol: TCP 16 | {{- if .Values.monitoring.enabled }} 17 | - name: metrics 18 | port: {{ .Values.monitoring.port }} 19 | protocol: TCP 20 | {{- end }} 21 | {{- if and .Values.sshd.monitoring.enabled (not (eq .Values.monitoring.port .Values.sshd.monitoring.port)) }} 22 | - name: metrics-sshd 23 | port: {{ .Values.sshd.monitoring.port }} 24 | protocol: TCP 25 | {{- end }} 26 | {{- end }} -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.monitoring.enabled .Values.monitoring.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ include "docker-daemon-sshd.fullname" . }}-docker-daemon 6 | labels: 7 | {{- include "docker-daemon-sshd.labels" . | nindent 4 }} 8 | {{- with .Values.monitoring.serviceMonitor.selector }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | namespace: {{ .Values.monitoring.serviceMonitor.namespace }} 12 | spec: 13 | endpoints: 14 | - interval: {{ .Values.monitoring.serviceMonitor.interval }} 15 | path: {{ .Values.monitoring.serviceMonitor.path }} 16 | port: metrics 17 | namespaceSelector: 18 | matchNames: 19 | - {{ .Release.Namespace }} 20 | selector: 21 | matchLabels: 22 | {{- include "docker-daemon-sshd.selectorLabels" . | nindent 6 }} 23 | {{- end }} -------------------------------------------------------------------------------- /charts/mssql/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | > WE ARE WELCOMING YOUR CONTRIBUTION 2 | 3 | # Microsoft SQL Server Helm Chart 4 | 5 | TODO 6 | 7 | # Design 8 | 9 | - Design it as per Bitnami Helm charts: https://github.com/bitnami/charts/blob/master/bitnami/mssql/values.yaml [ DONE ✅ ] 10 | - Design for `architecture: replication` using this sample: `https://github.com/microsoft/sql-server-samples/blob/master/samples/containers/replication/docker-compose.yml` [ TODO ] 11 | 12 | # Refs 13 | - Implement it as per this chart: https://github.com/microsoft/mssql-docker/blob/master/linux/sample-helm-chart/values.yaml 14 | - Customize entrypoint with init scripts and others: https://github.com/twright-msft/mssql-node-docker-demo-app 15 | 16 | - Persistence for data/logs/backup: https://gist.github.com/dbafromthecold/3dd0330afce4c7d1c08612bf393f9c99 17 | 18 | - Replication : https://medium.com/@gareth.newman/sql-server-replication-on-docker-a-glimpse-into-the-future-46086c7b3f2 -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/files/scripts/prepare-existing-daemon.sh: -------------------------------------------------------------------------------- 1 | {{- if .Values.existingDockerDaemon.enabled }} 2 | #!/bin/bash 3 | adduser {{ .Values.existingDockerDaemon.sshUser }} -g docker 4 | su docker -s /bin/mkdir -p /home/{{ .Values.existingDockerDaemon.sshUser }}/.ssh 5 | chmod 700 /home/{{ .Values.existingDockerDaemon.sshUser }}/.ssh 6 | 7 | su {{ .Values.existingDockerDaemon.sshUser }} -s /bin/touch /home/{{ .Values.existingDockerDaemon.sshUser }}/.ssh/authorized_keys 8 | chmod 600 /home/{{ .Values.existingDockerDaemon.sshUser }}/.ssh/authorized_keys 9 | echo "{{ .Values.sshKeys.public }}" >> /home/{{ .Values.existingDockerDaemon.sshUser }}/.ssh/authorized_keys 10 | 11 | sed -i 's/MaxSessions.*/MaxSessions {{ .Values.existingDockerDaemon.sshMaxSessions }}/g; s/#MaxSessions/MaxSessions/g' /etc/ssh/sshd_config 12 | 13 | systemctl restart sshd 14 | {{- else }} 15 | echo "There will be a script only if you specify existingDockerDaemon.enabled=true" 16 | {{- end }} -------------------------------------------------------------------------------- /charts/single-page-app/templates/route.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.openshift .Values.route.enabled -}} 2 | {{- range $index,$host := ( splitList "@" (include "single-page-app.hosts" . )) }} 3 | --- 4 | apiVersion: route.openshift.io/v1 5 | kind: Route 6 | metadata: 7 | {{- if eq $index 0 }} 8 | name: {{ include "single-page-app.fullname" $ }} 9 | {{- else }} 10 | name: {{ include "single-page-app.fullname" $ }}-extra{{ $index }} 11 | {{- end }} 12 | labels: 13 | {{- include "single-page-app.labels" $ | nindent 4 }} 14 | spec: 15 | host: {{ $host }} 16 | {{- if or (and (eq $index 0) $.Values.route.secure) (and (not (eq $index 0)) ($.Values.route.secureExtraHosts)) }} 17 | tls: 18 | termination: {{ $.Values.route.termination }} 19 | {{- end }} 20 | port: 21 | targetPort: tcp-{{ $.Values.port }} 22 | to: 23 | kind: Service 24 | name: {{ include "single-page-app.fullname" $ }} 25 | weight: 100 26 | wildcardPolicy: None 27 | {{- end }} 28 | {{- end }} -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.existingDockerDaemon.enabled }} 2 | {{- if and .Values.persistence.enabled (not .Values.persistence.hostPath) (not .Values.persistence.existingClaim) -}} 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: {{ include "docker-daemon-sshd.fullname" . }} 7 | labels: 8 | {{- include "docker-daemon-sshd.labels" . | nindent 4 }} 9 | # finalizers: 10 | # - kubernetes.io/pvc-protection 11 | spec: 12 | {{- if .Values.persistence.volumeName }} 13 | volumeName: {{ .Values.persistence.volumeName }} 14 | {{- end }} 15 | accessModes: 16 | - {{ .Values.persistence.accessMode }} 17 | resources: 18 | requests: 19 | storage: {{ .Values.persistence.size }} 20 | {{- if .Values.persistence.storageClass }} 21 | {{- if (eq "-" .Values.persistence.storageClass) }} 22 | storageClassName: "" 23 | {{- else }} 24 | storageClassName: "{{ .Values.persistence.storageClass }}" 25 | {{- end }} 26 | {{- end }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/mssql/templates/primary/svc-headless.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "mssql.primary.fullname" . }}-headless 5 | namespace: {{ include "common.names.namespace" . | quote }} 6 | labels: {{- include "common.labels.standard" . | nindent 4 }} 7 | app.kubernetes.io/component: primary 8 | {{- if .Values.commonLabels }} 9 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 10 | {{- end }} 11 | annotations: 12 | {{- if .Values.commonAnnotations }} 13 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | type: ClusterIP 17 | clusterIP: None 18 | publishNotReadyAddresses: true 19 | ports: 20 | - name: mssql 21 | port: {{ .Values.primary.service.ports.mssql }} 22 | targetPort: mssql 23 | selector: {{ include "common.labels.matchLabels" . | nindent 4 }} 24 | app.kubernetes.io/component: primary -------------------------------------------------------------------------------- /charts/single-page-app/templates/secret-env-vars.yaml: -------------------------------------------------------------------------------- 1 | {{- with .Values.envVars }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "single-page-app.fullname" $ }}-env-vars 6 | labels: 7 | {{- include "single-page-app.labels" $ | nindent 4 }} 8 | data: 9 | {{- range $key, $value:= . }} 10 | {{ $key }}: {{ $value | toString | b64enc }} 11 | {{- end }} 12 | {{- end }} 13 | 14 | 15 | 16 | {{/* 17 | # process .env file 18 | {{- range $line := splitList "\n" .Values.envFile }} 19 | {{- $kv := splitList "=" $line -}} 20 | {{- $k := first $kv -}} 21 | {{- if $k }} 22 | {{ $k }}: {{ last $kv | b64enc | quote }} 23 | {{- end }} 24 | 25 | {{- end }} 26 | # process .env file which extends and overrides 27 | {{- if .Values.extraEnvFile }} 28 | {{- range $line := splitList "\n" .Values.extraEnvFile }} 29 | {{- $kv := splitList "=" $line -}} 30 | {{- $k := first $kv -}} 31 | {{- if $k }} 32 | {{ $k }}: {{ last $kv | b64enc | quote }} 33 | {{- end }} 34 | 35 | {{- end }} 36 | {{- end }} 37 | 38 | */}} -------------------------------------------------------------------------------- /charts/mssql/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceAccount.create .Values.rbac.create }} 2 | apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ printf "%s-scc-anyuid" (include "common.names.fullname" .) }} 6 | namespace: {{ include "common.names.namespace" . | quote }} 7 | labels: {{- include "common.labels.standard" . | nindent 4 }} 8 | {{- if .Values.commonLabels }} 9 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 10 | {{- end }} 11 | {{- if .Values.commonAnnotations }} 12 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 13 | {{- end }} 14 | roleRef: 15 | apiGroup: rbac.authorization.k8s.io 16 | kind: ClusterRole 17 | name: system:openshift:scc:anyuid 18 | subjects: 19 | - kind: ServiceAccount 20 | name: {{ include "mssql.serviceAccountName" . }} 21 | namespace: {{ include "common.names.namespace" . | quote }} 22 | {{- end }} -------------------------------------------------------------------------------- /charts/external-service/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for external-service. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | ### Define port or ports 5 | ### Define ip or ips 6 | externalService: 7 | ip: 8 | port: # 80 9 | # ports: 10 | # - port: 1812 11 | # protocol: UDP 12 | # - port: 1813 13 | # protocol: UDP 14 | ports: [] 15 | # ips: 16 | # - 192.168.44.35 17 | # - 192.168.33.77 18 | ips: [] 19 | service: 20 | type: ClusterIP 21 | port: # 80 22 | 23 | # ports: 24 | # - port: 1812 25 | # targetPort: 1812 26 | # protocol: UDP 27 | # - port: 1813 28 | # targetPort: 1813 29 | # protocol: UDP 30 | ports: [] 31 | ingress: 32 | enabled: false 33 | annotations: 34 | kubernetes.io/ingress.class: nginx 35 | # kubernetes.io/tls-acme: "true" 36 | hosts: 37 | - host: chart-example.local 38 | paths: [] 39 | tls: [] 40 | # - secretName: chart-example-tls 41 | # hosts: 42 | # - chart-example.local 43 | nameOverride: "" 44 | fullnameOverride: "" -------------------------------------------------------------------------------- /charts/mssql/files/scripts/entrypoint/restore.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{- if .Values.backup.enabled }} 4 | export database=$1; 5 | export now=$2; 6 | 7 | if [ -z "$database" ]; then 8 | echo ERROR Database name is not specified at the 1st argument 9 | exit 1 10 | fi 11 | if [ -z "$now" ]; then 12 | echo "ERROR Backup time is not specified as 2nd argument" 13 | exit 1 14 | fi 15 | 16 | backuppath={{ .Values.backup.persistence.mount }}/$database-$now.bak 17 | 18 | if [ -f "${backuppath}" ];then 19 | echo INFO - DB $database Snapshot found! Restoring... 20 | else 21 | echo ERROR - No Snapshot Found under $backuppath 22 | exit 1; 23 | fi 24 | 25 | /opt/mssql-tools/bin/sqlcmd \ 26 | -S {{ include "mssql.primary.fullname" . }}.{{ include "common.names.namespace" $ }}.svc.{{ .Values.clusterDomain }} \ 27 | -U sa -P "$SA_PASSWORD" \ 28 | -e -Q "RESTORE DATABASE $database FROM DISK = '$backuppath'" 29 | {{- else }} 30 | printf "WARN No restore script available because" 31 | echo " .Values.backup.enabled is falsy when you deployed this helm chart" 32 | {{- end }} -------------------------------------------------------------------------------- /charts/service-proxy/values.sample-s3.yaml: -------------------------------------------------------------------------------- 1 | ## Deploy: helm -n test template ntnx-s3 service-proxy -f examples/proxy-s3.yaml | oc -n test apply -f- 2 | ## Validate: oc -n test run aws-cli --rm --tty -i --restart='Never' --image docker.io/amazon/aws-cli:2.8.12 --command /bin/sh -- -c /bin/sh 3 | ## Validate1: (interactive shell of previous): curl http://proxy-minio-s3 4 | ## Validate2: (interactive shell of previous): aws --endpoint http://proxy-minio-s3 s3 ls --profile xx --no-sign-request 5 | ## Validate3: (//) : aws --endpoint http://proxy-minio-s3 s3api list-objects --bucket mybucket-name --profile xx --no-sign-request 6 | # https-passthrough | http-https 7 | proxyMode: s3 8 | fullnameOverride: proxy-minio-s3 9 | backendService: 10 | address: minio.mycompany.com 11 | port: 443 12 | route: 13 | enabled: true 14 | host: s3.apps.mycluster.com 15 | envVars: 16 | AWS_DEFAULT_REGION: us-east-1 17 | 18 | envVarsSealed: 19 | # Sealed with Bitnami SealedSecret 20 | AWS_ACCESS_KEY_ID: AgCU... 21 | # Sealed with Bitnami SealedSecret 22 | AWS_SECRET_ACCESS_KEY: AgAt... -------------------------------------------------------------------------------- /charts/radius-server/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: radius-server 3 | description: Radius Server Helm Chart 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | version: 1.0.0 18 | 19 | # This is the version number of the application being deployed. This version number should be 20 | # incremented each time you make changes to the application. 21 | appVersion: 2.2.9 22 | maintainers: 23 | - name: abdennour 24 | email: atoumi@elm.sa 25 | -------------------------------------------------------------------------------- /charts/single-page-app/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "single-page-app.fullname" . }} 6 | labels: 7 | {{- include "single-page-app.labels" . | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ include "single-page-app.fullname" . }} 13 | minReplicas: {{ .Values.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.autoscaling.maxReplicas }} 15 | metrics: 16 | {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} 21 | {{- end }} 22 | {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} 23 | - type: Resource 24 | resource: 25 | name: memory 26 | targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/mssql/templates/primary/initialization-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if or .Values.auth.database (and .Values.initdbScripts (not .Values.initdbScriptsConfigMap)) }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ printf "%s-init-scripts" (include "mssql.primary.fullname" .) }} 6 | namespace: {{ include "common.names.namespace" . | quote }} 7 | labels: {{- include "common.labels.standard" . | nindent 4 }} 8 | app.kubernetes.io/component: primary 9 | {{- if .Values.commonLabels }} 10 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 11 | {{- end }} 12 | {{- if .Values.commonAnnotations }} 13 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 14 | {{- end }} 15 | data: 16 | {{- if .Values.auth.username }} 17 | {{ (tpl (.Files.Glob "files/sql/00_create_db_owner_user.sql").AsConfig .) | indent 2}} 18 | {{- end }} 19 | {{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} 20 | {{- end }} -------------------------------------------------------------------------------- /charts/prometheus-to-msteams/values.sample.yaml: -------------------------------------------------------------------------------- 1 | fullnameOverride: prom2teams 2 | image: 3 | registry: my-private.registry.lan 4 | prom2teams: 5 | extraEnv: 6 | HTTP_PROXY: my.proxy.lan:8080 7 | connectors: 8 | ############################################### 9 | ### Alertmanager Config for connector "general" 10 | ############################################### 11 | # - name: MSTeams 12 | # webhook_configs: 13 | # - url: "http://prom2teams:8089/v2/general" 14 | # send_resolved: true 15 | general: https://alelmsa.webhook.office.com/webhookb2/xxxx-xxxx-xxx-xxx@xxxxxxxx-xxxx-xxxx-xxxxxxx/IncomingWebhook/xxxx/xx 16 | ############################################### 17 | ### Alertmanager Config for connector "prod" 18 | ############################################### 19 | # - name: MSTeams 20 | # webhook_configs: 21 | # - url: "http://prom2teams:8089/v2/prod" 22 | # send_resolved: true 23 | prod: https://alelmsa.webhook.office.com/webhookb2/yyyy-yyyy-yyy-yyy@yyyyyyyy-yyyy-yyyy-yyyyyyy/IncomingWebhook/yyyy/yy 24 | -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/templates/sshd/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.sshd.monitoring.enabled .Values.sshd.monitoring.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ include "docker-daemon-sshd.fullname" . }}-sshd 6 | labels: 7 | {{- include "docker-daemon-sshd.labels" . | nindent 4 }} 8 | {{- with .Values.sshd.monitoring.serviceMonitor.selector }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | namespace: {{ .Values.sshd.monitoring.serviceMonitor.namespace }} 12 | spec: 13 | endpoints: 14 | - interval: {{ .Values.sshd.monitoring.serviceMonitor.interval }} 15 | path: {{ .Values.sshd.monitoring.serviceMonitor.path }} 16 | {{- if not (eq .Values.monitoring.port .Values.sshd.monitoring.port) }} 17 | port: metrics-sshd 18 | {{- else }} 19 | port: metrics 20 | {{- end }} 21 | namespaceSelector: 22 | matchNames: 23 | - {{ .Release.Namespace }} 24 | selector: 25 | matchLabels: 26 | {{- include "docker-daemon-sshd.selectorLabels" . | nindent 6 }} 27 | {{- end }} -------------------------------------------------------------------------------- /charts/service-proxy/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "service-proxy.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "service-proxy.labels" . | nindent 4 }} 9 | spec: 10 | scaleTargetRef: 11 | apiVersion: apps/v1 12 | kind: Deployment 13 | name: {{ include "service-proxy.fullname" . }} 14 | minReplicas: {{ .Values.autoscaling.minReplicas }} 15 | maxReplicas: {{ .Values.autoscaling.maxReplicas }} 16 | metrics: 17 | {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} 18 | - type: Resource 19 | resource: 20 | name: cpu 21 | targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} 22 | {{- end }} 23 | {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} 24 | - type: Resource 25 | resource: 26 | name: memory 27 | targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} 28 | {{- end }} 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /charts/web-app/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq (include "web-app.is-statefulset" . ) "false" }} 2 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: {{ include "web-app.fullname" . }} 7 | labels: 8 | storage.{{ .Values.companyDomain }}/class: '{{ default "default" (ternary "default" .Values.persistence.storageClass (eq .Values.persistence.storageClass "-")) }}' 9 | {{- include "web-app.labels" . | nindent 4 }} 10 | # finalizers: 11 | # - kubernetes.io/pvc-protection 12 | spec: 13 | {{- if .Values.persistence.volumeName }} 14 | volumeName: {{ .Values.persistence.volumeName }} 15 | {{- end }} 16 | accessModes: 17 | - {{ .Values.persistence.accessMode }} 18 | resources: 19 | requests: 20 | storage: {{ .Values.persistence.size }} 21 | {{- if .Values.persistence.storageClass }} 22 | {{- if (eq "-" .Values.persistence.storageClass) }} 23 | storageClassName: "" 24 | {{- else }} 25 | storageClassName: "{{ .Values.persistence.storageClass }}" 26 | {{- end }} 27 | {{- end }} 28 | {{- end }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/external-service/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: external-service 3 | description: | 4 | Server an External service leveraging the wildcard domains 5 | Also it help as intermediate step towards a full migration to cluster 6 | # A chart can be either an 'application' or a 'library' chart. 7 | # 8 | # Application charts are a collection of templates that can be packaged into versioned archives 9 | # to be deployed. 10 | # 11 | # Library charts provide useful utilities or functions for the chart developer. They're included as 12 | # a dependency of application charts to inject those utilities and functions into the rendering 13 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 14 | type: application 15 | 16 | # This is the chart version. This version number should be incremented each time you make changes 17 | # to the chart and its templates, including the app version. 18 | version: 0.5.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. 22 | appVersion: 1.16.0 23 | -------------------------------------------------------------------------------- /charts/prometheus-to-msteams/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "4.2.0" 3 | version: 0.1.0 4 | name: prometheus-to-teams 5 | description: | 6 | A Helm chart to Send Alerts to MS Teams 7 | 8 | icon: https://raw.githubusercontent.com/ElmCompany/helm-charts/master/assets/icons/prometheus-msteams.png 9 | keywords: 10 | - prometheus 11 | - alertmanager 12 | - msteams 13 | - notification 14 | - observability 15 | - microsoft 16 | - cloudnative 17 | - kubernetes 18 | - openshift 19 | # A chart can be either an 'application' or a 'library' chart. 20 | # 21 | # Application charts are a collection of templates that can be packaged into versioned archives 22 | # to be deployed. 23 | # 24 | # Library charts provide useful utilities or functions for the chart developer. They're included as 25 | # a dependency of application charts to inject those utilities and functions into the rendering 26 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 27 | type: application 28 | 29 | sources: 30 | - https://github.com/idealista/prom2teams.git 31 | 32 | maintainers: 33 | - name: abdennour 34 | -------------------------------------------------------------------------------- /charts/mssql/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | 2 | 3 | {{- if .Values.serviceAccount.create }} 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: {{ include "mssql.serviceAccountName" . }} 8 | namespace: {{ include "common.names.namespace" . | quote }} 9 | labels: {{- include "common.labels.standard" . | nindent 4 }} 10 | {{- if .Values.commonLabels }} 11 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 12 | {{- end }} 13 | annotations: 14 | {{- if .Values.commonAnnotations }} 15 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | {{- if .Values.serviceAccount.annotations }} 18 | {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} 19 | {{- end }} 20 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 21 | {{- if (not .Values.auth.customPasswordFiles) }} 22 | secrets: 23 | - name: {{ template "mssql.secretName" . }} 24 | {{- end }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/templates/svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "docker-daemon-sshd.fullname" . }} 5 | labels: 6 | {{- include "docker-daemon-sshd.labels" . | nindent 4 }} 7 | spec: 8 | ports: 9 | - name: sshd 10 | port: 22 11 | protocol: TCP 12 | targetPort: {{ ternary .Values.existingDockerDaemon.port "sshd" .Values.existingDockerDaemon.enabled }} 13 | {{- if .Values.monitoring.enabled }} 14 | - name: metrics 15 | port: {{ .Values.monitoring.port }} 16 | targetPort: {{ .Values.monitoring.port }} 17 | protocol: TCP 18 | {{- end }} 19 | {{- if and .Values.sshd.monitoring.enabled (not (eq .Values.monitoring.port .Values.sshd.monitoring.port)) }} 20 | - name: metrics-sshd 21 | port: {{ .Values.sshd.monitoring.port }} 22 | targetPort: {{ .Values.sshd.monitoring.port }} 23 | protocol: TCP 24 | {{- end }} 25 | {{- if not .Values.existingDockerDaemon.enabled }} 26 | sessionAffinity: None 27 | type: ClusterIP 28 | selector: 29 | {{- include "docker-daemon-sshd.selectorLabels" . | nindent 4 }} 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /charts/web-app/templates/pvc-extra.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq (include "web-app.is-statefulset" . ) "false" }} 2 | {{ if .Values.extraPersistence.enabled }} 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: {{ include "web-app.fullname" . }}-extra 7 | labels: 8 | storage.{{ .Values.companyDomain }}/class: '{{ default "default" (ternary "default" .Values.extraPersistence.storageClass (eq .Values.extraPersistence.storageClass "-")) }}' 9 | {{- include "web-app.labels" . | nindent 4 }} 10 | 11 | # finalizers: 12 | # - kubernetes.io/pvc-protection 13 | spec: 14 | {{- if .Values.extraPersistence.volumeName }} 15 | volumeName: {{ .Values.extraPersistence.volumeName }} 16 | {{- end }} 17 | accessModes: 18 | - {{ .Values.extraPersistence.accessMode }} 19 | resources: 20 | requests: 21 | storage: {{ .Values.extraPersistence.size }} 22 | {{- if .Values.extraPersistence.storageClass }} 23 | {{- if (eq "-" .Values.extraPersistence.storageClass) }} 24 | storageClassName: "" 25 | {{- else }} 26 | storageClassName: "{{ .Values.extraPersistence.storageClass }}" 27 | {{- end }} 28 | {{- end }} 29 | {{- end }} 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/README.md: -------------------------------------------------------------------------------- 1 | # Overview 2 | By default, this helm charts deploys docker daemon (DinD) on top of kuberentes with sshd enabled & ready to be integrated with any docker client ( CI workload, .. etc). 3 | 4 | Optionally, the helm charts can be used to point to an existing Docker Daemon instead of creating the daemon from scratch. It's done by `existingDockerDaemon.enabled=true`. 5 | 6 | Useful also for accessing remote docker daemon thru ssh : `docker context create remote --docker "host=ssh://USER@SERVICENAME.NAMESPACE"` 7 | 8 | 9 | # Values 10 | 11 | Check default Values of this chart [here]( 12 | https://github.com/ElmCompany/helm-charts/blob/master/charts/docker-daemon-sshd/values.yaml) 13 | 14 | # How to install the app 15 | 16 | **Set Elm Repo** 17 | ```sh 18 | helm repo add elm https://raw.githubusercontent.com/ElmCompany/helm-charts/gh-pages 19 | helm repo update 20 | ``` 21 | 22 | **Use it** `helm install elm/docker-daemon-sshd` 23 | 24 | **Post install** Check the output of `helm status` after installing the chart. 25 | 26 | # Authors 27 | 28 | This chart is maintained by: 29 | - @abdennour 30 | 31 | # License 32 | 33 | LGPL v3 -------------------------------------------------------------------------------- /charts/web-app/templates/secret-env-vars.yaml: -------------------------------------------------------------------------------- 1 | {{- with .Values.envVars }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "web-app.fullname" $ }}-env-vars 6 | labels: 7 | {{- include "web-app.labels" $ | nindent 4 }} 8 | {{- if eq (include "web-app.is-job" $ ) "true" }} 9 | annotations: 10 | {{- toYaml $.Values.job.annotations | nindent 4 }} 11 | {{- end }} 12 | 13 | data: 14 | {{- range $key, $value:= . }} 15 | {{ $key }}: {{ (tpl ($value |toString) $) | b64enc }} 16 | {{- end }} 17 | {{- end }} 18 | 19 | 20 | 21 | {{/* 22 | # process .env file 23 | {{- range $line := splitList "\n" .Values.envFile }} 24 | {{- $kv := splitList "=" $line -}} 25 | {{- $k := first $kv -}} 26 | {{- if $k }} 27 | {{ $k }}: {{ last $kv | b64enc | quote }} 28 | {{- end }} 29 | 30 | {{- end }} 31 | # process .env file which extends and overrides 32 | {{- if .Values.extraEnvFile }} 33 | {{- range $line := splitList "\n" .Values.extraEnvFile }} 34 | {{- $kv := splitList "=" $line -}} 35 | {{- $k := first $kv -}} 36 | {{- if $k }} 37 | {{ $k }}: {{ last $kv | b64enc | quote }} 38 | {{- end }} 39 | 40 | {{- end }} 41 | {{- end }} 42 | 43 | */}} -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "v1" 2 | kind: "Pod" 3 | metadata: 4 | name: {{ include "docker-daemon-sshd.fullname" . }}-test-connection 5 | labels: 6 | {{- include "docker-daemon-sshd.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test 9 | spec: 10 | restartPolicy: Never 11 | containers: 12 | - args: 13 | - cat 14 | lifecycle: 15 | postStart: 16 | exec: 17 | command: 18 | - sh 19 | - {{ .Values.sshClient.mountPath }}/post-start.sh 20 | image: "{{ .Values.sshClient.podExample.repository }}:{{ .Values.sshClient.podExample.tag }}" 21 | name: "docker-client" 22 | tty: true 23 | volumeMounts: 24 | - name: docker-ssh-files 25 | mountPath: {{ .Values.sshClient.mountPath }} 26 | resources: 27 | {{- toYaml .Values.sshClient.podExample.resources | nindent 6 }} 28 | {{- with .Values.sshClient.podExample.imagePullSecrets }} 29 | imagePullSecrets: 30 | {{- toYaml . | nindent 4 }} 31 | {{- end }} 32 | volumes: 33 | - name: docker-ssh-files 34 | configMap: 35 | name: {{ include "docker-daemon-sshd.fullname" . }}-ssh-dir -------------------------------------------------------------------------------- /charts/mssql/templates/primary/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.primary.pdb.create }} 2 | apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ include "mssql.primary.fullname" . }} 6 | namespace: {{ include "common.names.namespace" . | quote }} 7 | labels: {{- include "common.labels.standard" . | nindent 4 }} 8 | app.kubernetes.io/component: primary 9 | {{- if .Values.commonLabels }} 10 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 11 | {{- end }} 12 | {{- if .Values.commonAnnotations }} 13 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | {{- if .Values.primary.pdb.minAvailable }} 17 | minAvailable: {{ .Values.primary.pdb.minAvailable }} 18 | {{- end }} 19 | {{- if .Values.primary.pdb.maxUnavailable }} 20 | maxUnavailable: {{ .Values.primary.pdb.maxUnavailable }} 21 | {{- end }} 22 | selector: 23 | matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} 24 | app.kubernetes.io/component: primary 25 | {{- end }} -------------------------------------------------------------------------------- /charts/service-proxy/templates/route.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.openshift .Values.route.enabled -}} 2 | {{- range $index,$host := ( splitList "@" (include "service-proxy.hosts" . )) }} 3 | --- 4 | apiVersion: route.openshift.io/v1 5 | kind: Route 6 | metadata: 7 | {{- if eq $index 0 }} 8 | name: {{ include "service-proxy.fullname" $ }} 9 | {{- else }} 10 | name: {{ include "service-proxy.fullname" $ }}-extra{{ $index }} 11 | {{- end }} 12 | {{- with $.Values.route.annotations }} 13 | namespace: {{ $.Release.Namespace }} 14 | annotations: 15 | {{- toYaml . | nindent 4 }} 16 | {{- end }} 17 | labels: 18 | {{- include "service-proxy.labels" $ | nindent 4 }} 19 | spec: 20 | host: {{ $host }} 21 | {{- if and (eq $index 0) $.Values.route.secure }} 22 | tls: 23 | termination: {{ $.Values.route.termination }} 24 | {{- end }} 25 | {{- if and (not (eq $index 0)) ($.Values.route.secureExtraHosts) }} 26 | tls: 27 | termination: {{ $.Values.route.termination }} 28 | {{- end }} 29 | port: 30 | targetPort: web 31 | to: 32 | kind: Service 33 | name: {{ include "service-proxy.fullname" $ }} 34 | weight: 100 35 | wildcardPolicy: None 36 | {{- end }} 37 | {{- end }} -------------------------------------------------------------------------------- /charts/service-proxy/templates/secret-env-vars-sealed.yaml: -------------------------------------------------------------------------------- 1 | {{- with .Values.envVarsSealed }} 2 | apiVersion: bitnami.com/v1alpha1 3 | kind: SealedSecret 4 | metadata: 5 | name: {{ include "service-proxy.fullname" $ }}-env-vars-sealed 6 | {{- if not (eq $.Values.sealScope "strict") }} 7 | annotations: 8 | sealedsecrets.bitnami.com/{{ $.Values.sealScope }}: "true" 9 | sealedsecrets.bitnami.com/scope: {{ $.Values.sealScope }} 10 | {{- end }} 11 | labels: 12 | {{- include "service-proxy.labels" $ | nindent 4 }} 13 | spec: 14 | encryptedData: 15 | {{- range $key, $value:= . }} 16 | {{ $key }}: {{ $value | toString }} 17 | {{- end }} 18 | template: 19 | data: null 20 | metadata: 21 | {{- if not (eq $.Values.sealScope "strict") }} 22 | annotations: 23 | sealedsecrets.bitnami.com/{{ $.Values.sealScope }}: "true" 24 | sealedsecrets.bitnami.com/scope: {{ $.Values.sealScope }} 25 | {{- end }} 26 | creationTimestamp: null 27 | name: {{ include "service-proxy.fullname" $ }}-env-vars-sealed 28 | {{- if not (eq $.Values.sealScope "cluster-wide") }} 29 | namespace: {{ $.Release.Namespace }} 30 | {{- end }} 31 | type: Opaque 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /charts/mssql/Chart.yaml: -------------------------------------------------------------------------------- 1 | annotations: 2 | category: Database 3 | apiVersion: v2 4 | appVersion: 2022 5 | dependencies: 6 | - name: common 7 | repository: https://charts.bitnami.com/bitnami 8 | tags: 9 | - bitnami-common 10 | version: 2.0.3 11 | # version: 2.x.x 12 | description: | 13 | Microsoft SQL Server is a DBMS used by many organizations. 14 | Ease Migrating your SQL Servers to Cloud Native by leveraging this Helm chart. 15 | > **DISCLAIMER** 16 | > BY DEPLOYING THIS HELM CHART, YOU ARE ACCEPTING THE [END-USER Licensing Agreement of Microsoft SQL Server](https://go.microsoft.com/fwlink/?LinkId=746388) 17 | 18 | engine: gotpl 19 | home: https://github.com/ElmCompany/helm-charts/tree/master/charts/mssql 20 | icon: https://avatars.githubusercontent.com/u/42203338?s=400&u=4ac258862da8520b17dc9877ff54de6f04569d9f&v=4 21 | keywords: 22 | - mssql 23 | - microsoftsql 24 | - database 25 | - dbms 26 | - sql 27 | - cluster 28 | - high availability 29 | maintainers: 30 | - name: Elm 31 | url: https://github.com/ElmCompany/helm-charts 32 | name: mssql 33 | sources: 34 | - https://github.com/Microsoft/mssql-docker 35 | - https://hub.docker.com/_/microsoft-mssql-server 36 | version: 1.3.6 37 | -------------------------------------------------------------------------------- /charts/web-app/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "web-app.fullname" . }} 6 | labels: 7 | {{- include "web-app.labels" . | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | {{- if eq .Values.deployment.kind "DeploymentConfig" }} 11 | apiVersion: apps.openshift.io/v1 12 | {{- else }} 13 | apiVersion: apps/v1 14 | {{- end }} 15 | kind: {{ .Values.deployment.kind }} 16 | name: {{ include "web-app.fullname" . }} 17 | minReplicas: {{ .Values.autoscaling.minReplicas }} 18 | maxReplicas: {{ .Values.autoscaling.maxReplicas }} 19 | metrics: 20 | - type: Resource 21 | resource: 22 | name: memory 23 | target: 24 | type: Utilization 25 | averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} 26 | - type: Resource 27 | resource: 28 | name: cpu 29 | target: 30 | type: Utilization 31 | # TODO : auto-default it based on env ( prod=50 , dev=85) 32 | averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} 33 | # type: AverageValue 34 | # averageValue: 500m 35 | {{- end }} 36 | -------------------------------------------------------------------------------- /charts/radius-server/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "radius-server.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 5 | apiVersion: networking.k8s.io/v1beta1 6 | {{- else -}} 7 | apiVersion: extensions/v1beta1 8 | {{- end }} 9 | kind: Ingress 10 | metadata: 11 | name: {{ $fullName }} 12 | labels: 13 | {{- include "radius-server.labels" . | nindent 4 }} 14 | {{- with .Values.ingress.annotations }} 15 | annotations: 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | {{- if .Values.ingress.tls }} 20 | tls: 21 | {{- range .Values.ingress.tls }} 22 | - hosts: 23 | {{- range .hosts }} 24 | - {{ . | quote }} 25 | {{- end }} 26 | secretName: {{ .secretName }} 27 | {{- end }} 28 | {{- end }} 29 | rules: 30 | {{- range .Values.ingress.hosts }} 31 | - host: {{ .host | quote }} 32 | http: 33 | paths: 34 | {{- range .paths }} 35 | - path: {{ . }} 36 | backend: 37 | serviceName: {{ $fullName }} 38 | servicePort: {{ $svcPort }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/service-proxy/templates/route-admin-envoy.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.openshift .Values.adminRoute.enabled -}} 2 | {{- range $index,$host := ( splitList "@" (include "service-proxy.adminHosts" . )) }} 3 | --- 4 | apiVersion: route.openshift.io/v1 5 | kind: Route 6 | metadata: 7 | {{- if eq $index 0 }} 8 | name: {{ include "service-proxy.fullname" $ }}-admin 9 | {{- else }} 10 | name: {{ include "service-proxy.fullname" $ }}-admin-extra{{ $index }} 11 | {{- end }} 12 | namespace: {{ $.Release.Namespace }} 13 | {{- with $.Values.adminRoute.annotations }} 14 | annotations: 15 | {{- toYaml . | nindent 4 }} 16 | {{- end }} 17 | labels: 18 | {{- include "service-proxy.labels" $ | nindent 4 }} 19 | spec: 20 | host: {{ $host }} 21 | {{- if and (eq $index 0) $.Values.adminRoute.secure }} 22 | tls: 23 | termination: {{ $.Values.adminRoute.termination }} 24 | {{- end }} 25 | {{- if and (not (eq $index 0)) ($.Values.adminRoute.secureExtraHosts) }} 26 | tls: 27 | termination: {{ $.Values.adminRoute.termination }} 28 | {{- end }} 29 | port: 30 | targetPort: admin 31 | to: 32 | kind: Service 33 | name: {{ include "service-proxy.fullname" $ }} 34 | weight: 100 35 | wildcardPolicy: None 36 | {{- end }} 37 | {{- end }} -------------------------------------------------------------------------------- /charts/web-app/README.md: -------------------------------------------------------------------------------- 1 | # Overview 2 | This chart installs any application on top of kubernetes cluster. 3 | For the time being, it's compatible with Openshift 3.11. 4 | 5 | This is a very generic chart that installs any web app as per the given values. If your app requires: 6 | - a single deployment(pod), 7 | - with a single container 8 | - with a single service port 9 | And optionally: 10 | - or/and exposing a hostname thru route or ingress 11 | - or/and creating/attaching persistence volume claim 12 | - or/and populating environment variables thur secret. 13 | - or/and mounting a single config file 14 | 15 | If so, this chart should answer your needs. 16 | 17 | # Values 18 | 19 | Check default Values of this chart [here](https://github.com/ElmCompany/helm-charts/blob/master/charts/web-app/values.yaml)) 20 | 21 | # How to install the app 22 | 23 | ```sh 24 | helm repo add elm https://raw.githubusercontent.com/ElmCompany/helm-charts/gh-pages 25 | -helm repo update 26 | ``` 27 | 28 | Also this helm chart requires a Helm release name in this format: 29 | `{project}-{app}-{environment}` where environment is "ci", "dev", "qa","staging" or "prod" 30 | 31 | # Authors 32 | 33 | This chart is maintained by: 34 | - @abdennour 35 | 36 | # License 37 | 38 | LGPL v3 -------------------------------------------------------------------------------- /charts/web-app/templates/rbac/rbac-scc-privileged.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.serviceAccount.privileged }} 2 | {{ if .Values.serviceAccount.create }} 3 | --- 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | kind: Role 6 | metadata: 7 | name: {{ printf "privileged-scc-%s" ( include "web-app.fullname" . ) }} 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{- include "web-app.labels" . | nindent 4 }} 11 | rules: 12 | - apiGroups: 13 | - security.openshift.io 14 | resourceNames: 15 | - privileged 16 | resources: 17 | - securitycontextconstraints 18 | verbs: 19 | - use 20 | --- 21 | apiVersion: rbac.authorization.k8s.io/v1 22 | kind: RoleBinding 23 | metadata: 24 | name: {{ printf "privileged-scc-%s" ( include "web-app.fullname" . ) }} 25 | namespace: {{ .Release.Namespace }} 26 | roleRef: 27 | apiGroup: rbac.authorization.k8s.io 28 | kind: Role 29 | name: {{ printf "privileged-scc-%s" ( include "web-app.fullname" . ) }} 30 | subjects: 31 | - kind: ServiceAccount 32 | name: {{ include "web-app.serviceAccountName" . }} 33 | namespace: {{ .Release.Namespace }} 34 | {{ else }} 35 | {{- printf "\n serviceAccount.privileged=true requires non-default serviceAccount. Fix it by setting serviceAccount.create=true" | fail -}} 36 | {{ end }} 37 | {{ end }} -------------------------------------------------------------------------------- /charts/service-proxy/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: service-proxy 3 | description: A Helm chart for Deployed Envoy Proxy with Less Configuration effort 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.2.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "v1.25-latest" 25 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Release Charts 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | - master 8 | - feature/ci 9 | 10 | jobs: 11 | release: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - name: Checkout 15 | uses: actions/checkout@v2 16 | with: 17 | fetch-depth: 0 18 | 19 | - name: Configure Git 20 | run: | 21 | git config user.name "$GITHUB_ACTOR" 22 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 23 | 24 | - name: Install Helm 25 | uses: azure/setup-helm@v1 26 | with: 27 | version: v3.8.1 28 | # https://github.com/helm/chart-releaser-action/issues/74#issuecomment-778787114 29 | - name: Add Helm repositories from dependencies 30 | run: | 31 | helm repo add bitnami https://charts.bitnami.com/bitnami 32 | for dir in $(ls -d charts/*/); do 33 | helm dependency list $dir 2> /dev/null | grep http | awk '{ print "helm repo add " $1 " " $3 }' | while read cmd; do echo $cmd; done 34 | done 35 | - name: Run chart-releaser 36 | uses: helm/chart-releaser-action@v1.4.0 37 | with: 38 | charts_dir: charts 39 | env: 40 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" -------------------------------------------------------------------------------- /charts/external-service/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "external-service.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if not .Values.service.port -}} 5 | {{- $svcPort = (index .Values.service.ports 0).name -}} 6 | {{- end -}} 7 | 8 | apiVersion: networking.k8s.io/v1 9 | kind: Ingress 10 | metadata: 11 | name: {{ $fullName }} 12 | labels: 13 | {{- include "external-service.labels" . | nindent 4 }} 14 | {{- with .Values.ingress.annotations }} 15 | annotations: 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | {{- if .Values.ingress.tls }} 20 | tls: 21 | {{- range .Values.ingress.tls }} 22 | - hosts: 23 | {{- range .hosts }} 24 | - {{ . | quote }} 25 | {{- end }} 26 | secretName: {{ .secretName }} 27 | {{- end }} 28 | {{- end }} 29 | rules: 30 | {{- range .Values.ingress.hosts }} 31 | - host: {{ .host | quote }} 32 | http: 33 | paths: 34 | {{- range .paths }} 35 | - path: {{ . }} 36 | pathType: Prefix 37 | backend: 38 | service: 39 | name: {{ $fullName }} 40 | port: 41 | name: {{ $svcPort }} 42 | {{- end }} 43 | {{- end }} 44 | {{- end }} 45 | -------------------------------------------------------------------------------- /charts/mssql/templates/primary/ingressroutetcp.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | {{- if and (eq .Values.ingress.className "traefik") .Values.ingress.host }} 3 | apiVersion: traefik.containo.us/v1alpha1 4 | kind: IngressRouteTCP 5 | metadata: 6 | name: {{ include "mssql.primary.fullname" . }} 7 | namespace: {{ include "common.names.namespace" . | quote }} 8 | labels: {{- include "common.labels.standard" . | nindent 4 }} 9 | app.kubernetes.io/component: primary 10 | {{- if .Values.commonLabels }} 11 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 12 | {{- end }} 13 | annotations: 14 | {{- if .Values.commonAnnotations }} 15 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 | {{- end }} 17 | {{- if .Values.primary.service.annotations }} 18 | {{- include "common.tplvalues.render" ( dict "value" .Values.primary.service.annotations "context" $ ) | nindent 4 }} 19 | {{- end }} 20 | spec: 21 | entryPoints: 22 | - mssql 23 | routes: 24 | - match: HostSNI(`{{ .Values.ingress.host }}`) 25 | services: 26 | - name: {{ include "mssql.primary.fullname" . }} 27 | port: {{ .Values.primary.service.ports.mssql }} 28 | {{- end }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/mssql/templates/metrics-svc.yaml: -------------------------------------------------------------------------------- 1 | 2 | 3 | {{- if .Values.metrics.enabled }} 4 | apiVersion: v1 5 | kind: Service 6 | metadata: 7 | name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} 8 | namespace: {{ include "common.names.namespace" . | quote }} 9 | labels: {{- include "common.labels.standard" . | nindent 4 }} 10 | {{- if .Values.commonLabels }} 11 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 12 | {{- end }} 13 | app.kubernetes.io/component: metrics 14 | {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} 15 | annotations: 16 | {{- if .Values.metrics.service.annotations }} 17 | {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} 18 | {{- end }} 19 | {{- if .Values.commonAnnotations }} 20 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 21 | {{- end }} 22 | {{- end }} 23 | spec: 24 | type: {{ .Values.metrics.service.type }} 25 | ports: 26 | - port: {{ .Values.metrics.service.port }} 27 | targetPort: metrics 28 | protocol: TCP 29 | name: metrics 30 | selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} 31 | {{- end }} -------------------------------------------------------------------------------- /charts/web-app/templates/secret-env-vars-sealed.yaml: -------------------------------------------------------------------------------- 1 | {{- with .Values.envVarsSealed }} 2 | apiVersion: bitnami.com/v1alpha1 3 | kind: SealedSecret 4 | metadata: 5 | name: {{ include "web-app.fullname" $ }}-env-vars-sealed 6 | {{- if not (eq $.Values.sealScope "strict") }} 7 | annotations: 8 | sealedsecrets.bitnami.com/{{ $.Values.sealScope }}: "true" 9 | sealedsecrets.bitnami.com/scope: {{ $.Values.sealScope }} 10 | {{- if eq (include "web-app.is-job" $ ) "true" }} 11 | {{- toYaml $.Values.job.annotations | nindent 4 }} 12 | {{- end }} 13 | {{- end }} 14 | labels: 15 | {{- include "web-app.labels" $ | nindent 4 }} 16 | spec: 17 | encryptedData: 18 | {{- range $key, $value:= . }} 19 | {{ $key }}: {{ $value | toString }} 20 | {{- end }} 21 | template: 22 | data: null 23 | metadata: 24 | {{- if not (eq $.Values.sealScope "strict") }} 25 | annotations: 26 | sealedsecrets.bitnami.com/{{ $.Values.sealScope }}: "true" 27 | sealedsecrets.bitnami.com/scope: {{ $.Values.sealScope }} 28 | {{- end }} 29 | creationTimestamp: null 30 | name: {{ include "web-app.fullname" $ }}-env-vars-sealed 31 | {{- if not (eq $.Values.sealScope "cluster-wide") }} 32 | namespace: {{ $.Release.Namespace }} 33 | {{- end }} 34 | type: Opaque 35 | {{- end }} 36 | -------------------------------------------------------------------------------- /charts/mssql/templates/primary/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if (include "mssql.primary.createConfigmap" .) }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "mssql.primary.fullname" . }} 6 | namespace: {{ include "common.names.namespace" . | quote }} 7 | labels: {{- include "common.labels.standard" . | nindent 4 }} 8 | app.kubernetes.io/component: primary 9 | {{- if .Values.commonLabels }} 10 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 11 | {{- end }} 12 | {{- if .Values.commonAnnotations }} 13 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 14 | {{- end }} 15 | data: 16 | # https://github.com/microsoft/mssql-docker/blob/master/linux/sample-helm-chart/templates/mssqlconfig.yaml 17 | # More params: https://github.com/Microdust/mssqlserver-docker/blob/master/mssql.conf 18 | mssql.conf: | 19 | [EULA] 20 | accepteula = Y 21 | accepteulaml = Y 22 | 23 | [coredump] 24 | captureminiandfull = true 25 | coredumptype = full 26 | 27 | [hadr] 28 | hadrenabled = 1 29 | 30 | [language] 31 | lcid = 1033 32 | 33 | [filelocation] 34 | defaultdatadir = {{ .Values.primary.persistence.mount }} 35 | defaultlogdir = /var/opt/mssql/log 36 | {{- end -}} -------------------------------------------------------------------------------- /charts/service-proxy/files/envoy-modes/envoy-redis.yaml: -------------------------------------------------------------------------------- 1 | static_resources: 2 | listeners: 3 | - name: redis_listener 4 | address: 5 | socket_address: 6 | address: 0.0.0.0 7 | port_value: {{ .Values.proxyPorts.webPort }} 8 | filter_chains: 9 | - filters: 10 | - name: envoy.filters.network.redis_proxy 11 | typed_config: 12 | "@type": type.googleapis.com/envoy.extensions.filters.network.redis_proxy.v3.RedisProxy 13 | stat_prefix: egress_redis 14 | settings: 15 | op_timeout: 5s 16 | prefix_routes: 17 | catch_all_route: 18 | cluster: {{ include "service-proxy.fullname" . }} 19 | clusters: 20 | - name: {{ include "service-proxy.fullname" . }} 21 | type: STRICT_DNS # static 22 | lb_policy: MAGLEV 23 | load_assignment: 24 | cluster_name: {{ include "service-proxy.fullname" . }} 25 | endpoints: 26 | - lb_endpoints: 27 | - endpoint: 28 | address: 29 | socket_address: 30 | address: {{ required "Redis Backend Service ADDRESS is Required" .Values.backendService.address }} 31 | port_value: {{ .Values.backendService.port }} 32 | admin: 33 | access_log_path: "/dev/null" 34 | address: 35 | socket_address: 36 | address: 0.0.0.0 37 | port_value: {{ .Values.proxyPorts.adminPort }} -------------------------------------------------------------------------------- /charts/web-app/templates/route.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.openshift .Values.route.enabled -}} 2 | {{- range $index,$host := ( splitList "@" (include "web-app.hosts" . )) }} 3 | --- 4 | apiVersion: route.openshift.io/v1 5 | kind: Route 6 | metadata: 7 | {{- if eq $index 0 }} 8 | name: {{ include "web-app.fullname" $ }} 9 | {{- else }} 10 | name: {{ include "web-app.fullname" $ }}-extra{{ $index }} 11 | {{- end }} 12 | annotations: 13 | {{- if or $.Values.autoscaling.enabled (gt (int $.Values.replicaCount) 1) }} 14 | haproxy.router.openshift.io/balance: roundrobin 15 | haproxy.router.openshift.io/disable_cookies: 'true' 16 | {{- end }} 17 | {{- with $.Values.route.annotations }} 18 | {{- toYaml . | nindent 4 }} 19 | {{- end }} 20 | labels: 21 | {{- include "web-app.labels" $ | nindent 4 }} 22 | spec: 23 | host: {{ $host }} 24 | {{- if and (eq $index 0) $.Values.route.secure }} 25 | tls: 26 | termination: {{ $.Values.route.termination }} 27 | {{- end }} 28 | {{- if and (not (eq $index 0)) ($.Values.route.secureExtraHosts) }} 29 | tls: 30 | termination: {{ $.Values.route.termination }} 31 | {{- end }} 32 | path: {{ $.Values.route.path }} 33 | port: 34 | targetPort: tcp-{{ $.Values.port }} 35 | to: 36 | kind: Service 37 | name: {{ include "web-app.fullname" $ }} 38 | weight: 100 39 | wildcardPolicy: None 40 | {{- end }} 41 | {{- end }} -------------------------------------------------------------------------------- /charts/mssql/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq (include "mssql.createSecret" .) "true" }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "common.names.fullname" . }} 6 | namespace: {{ include "common.names.namespace" . | quote }} 7 | labels: {{- include "common.labels.standard" . | nindent 4 }} 8 | {{- if .Values.commonLabels }} 9 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 10 | {{- end }} 11 | {{- if .Values.commonAnnotations }} 12 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 13 | {{- end }} 14 | type: Opaque 15 | data: 16 | mssql-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mssql-root-password" "length" 10 "providedValues" (list "auth.rootPassword") "context" $) }} 17 | mssql-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mssql-password" "length" 10 "providedValues" (list "auth.password") "context" $) }} 18 | {{- if eq .Values.architecture "replication" }} 19 | mssql-replication-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mssql-replication-password" "length" 10 "providedValues" (list "auth.replicationPassword") "context" $) }} 20 | {{- end }} 21 | {{- end }} -------------------------------------------------------------------------------- /charts/service-proxy/files/envoy-modes/envoy-https-passthrough.yaml: -------------------------------------------------------------------------------- 1 | static_resources: 2 | listeners: 3 | - address: 4 | socket_address: 5 | address: 0.0.0.0 6 | port_value: {{ .Values.proxyPorts.webPort }} 7 | filter_chains: 8 | - filters: 9 | - name: envoy.filters.network.tcp_proxy 10 | typed_config: 11 | "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy 12 | cluster: {{ include "service-proxy.fullname" . }} 13 | stat_prefix: https_passthrough 14 | 15 | clusters: 16 | - name: {{ include "service-proxy.fullname" . }} 17 | type: STRICT_DNS 18 | lb_policy: ROUND_ROBIN 19 | load_assignment: 20 | cluster_name: {{ include "service-proxy.fullname" . }} 21 | endpoints: 22 | - lb_endpoints: 23 | - endpoint: 24 | address: 25 | socket_address: 26 | address: {{ required "Backend Service ADDRESS is Required" .Values.backendService.address }} 27 | port_value: {{ .Values.backendService.port }} 28 | transport_socket: 29 | name: envoy.transport_sockets.tls 30 | typed_config: 31 | "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext 32 | sni: {{ .Values.backendService.address }} 33 | admin: 34 | access_log_path: "/dev/null" 35 | address: 36 | socket_address: 37 | address: 0.0.0.0 38 | port_value: {{ .Values.proxyPorts.adminPort }} -------------------------------------------------------------------------------- /charts/prometheus-to-msteams/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- $valid := list "DEBUG" "INFO" "WARNING" "ERROR" "CRITICAL" -}} 2 | {{- if not (has .Values.prom2teams.loglevel $valid) -}} 3 | {{- fail "Invalid log level"}} 4 | {{- end -}} 5 | {{- if and .Values.prom2teams.connector (hasKey .Values.prom2teams.connectors "Connector") -}} 6 | {{- fail "Invalid configuration: prom2teams.connectors can't have a connector named Connector when prom2teams.connector is set"}} 7 | {{- end -}} 8 | {{- if and (not .Values.prom2teams.connector) (not .Values.prom2teams.connectors) -}} 9 | {{- fail "Invalid configuration: At least one connector must be provided"}} 10 | {{- end -}} 11 | apiVersion: v1 12 | kind: ConfigMap 13 | metadata: 14 | name: prom2teams-config 15 | labels: 16 | app.kubernetes.io/managed-by: {{ .Release.Service }} 17 | app.kubernetes.io/instance: {{ .Release.Name }} 18 | data: 19 | config.ini: |- 20 | [HTTP Server] 21 | Host: {{ .Values.prom2teams.host }} 22 | Port: {{ .Values.prom2teams.port }} 23 | [Microsoft Teams] 24 | {{- with .Values.prom2teams.connector }} 25 | Connector: {{ . }} 26 | {{- end }} 27 | {{- range $key, $val := .Values.prom2teams.connectors }} 28 | {{ $key }}: {{ $val }} 29 | {{- end }} 30 | [Group Alerts] 31 | Field: {{ .Values.prom2teams.group_alerts_by }} 32 | [Log] 33 | Level: {{ .Values.prom2teams.loglevel }} 34 | [Template] 35 | Path: {{ .Values.prom2teams.templatepath }} 36 | teams.j2: {{ .Files.Get "files/teams.j2" | quote }} -------------------------------------------------------------------------------- /charts/mssql/templates/backup/persistentvolumeclaim.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.backup.persistence.enabled (not .Values.backup.persistence.existingClaim) }} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ printf "backups-%s" (include "mssql.primary.fullname" .) }} 6 | labels: {{ include "common.labels.matchLabels" . | nindent 4 }} 7 | app.kubernetes.io/component: primary 8 | {{- if .Values.commonLabels }} 9 | {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} 10 | {{- end }} 11 | annotations: 12 | {{- if .Values.backup.persistence.annotations }} 13 | {{- include "common.tplvalues.render" (dict "value" .Values.backup.persistence.annotations "context" $) | nindent 4 }} 14 | {{- end }} 15 | {{- if .Values.commonAnnotations }} 16 | {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | accessModes: 20 | {{- range .Values.backup.persistence.accessModes }} 21 | - {{ . | quote }} 22 | {{- end }} 23 | resources: 24 | requests: 25 | storage: {{ .Values.backup.persistence.size | quote }} 26 | {{- include "common.storage.class" (dict "persistence" .Values.backup.persistence "global" .Values.global) | nindent 2 }} 27 | {{- if .Values.backup.persistence.selector }} 28 | selector: {{- include "common.tplvalues.render" (dict "value" .Values.backup.persistence.selector "context" $) | nindent 4 }} 29 | {{- end -}} 30 | {{- end }} -------------------------------------------------------------------------------- /charts/prometheus-to-msteams/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for prom2teams. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | fullnameOverride: prom2teams 5 | image: 6 | registry: docker.io 7 | repository: idealista/prom2teams 8 | tag: 3.3.0 9 | pullPolicy: IfNotPresent 10 | 11 | resources: 12 | requests: 13 | cpu: 100m 14 | memory: 128Mi 15 | limits: 16 | cpu: 200m 17 | memory: 200Mi 18 | 19 | service: 20 | type: ClusterIP 21 | port: 8089 22 | 23 | prom2teams: 24 | host: 0.0.0.0 25 | port: 8089 26 | connector: 27 | connectors: {} 28 | # group_alerts_by can be one of 29 | # ("name" | "description" | "instance" | "severity" | "status" | "summary" | "fingerprint" | "runbook_url") 30 | group_alerts_by: 31 | # loglevel can be one of (DEBUG | INFO | WARNING | ERROR | CRITICAL) 32 | loglevel: INFO 33 | templatepath: /opt/prom2teams/helmconfig/teams.j2 34 | config: /opt/prom2teams/helmconfig/config.ini 35 | extraEnv: {} 36 | 37 | # Security Context properties 38 | securityContext: 39 | # enabled is a flag to enable Security Context 40 | enabled: false 41 | # runAsUser is the user ID used to run the container 42 | runAsUser: 101 43 | # runAsGroup is the primary group ID used to run all processes within any container of the pod 44 | runAsGroup: 101 45 | # fsGroup is the group ID associated with the container 46 | fsGroup: 101 47 | # readOnlyRootFilesystem is a flag to enable readOnlyRootFilesystem for the Hazelcast security context 48 | readOnlyRootFilesystem: true 49 | -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: docker-daemon-sshd 3 | description: | 4 | Deploy Remote Docker Daemon exposed thru SSH. 5 | 6 | keywords: 7 | - docker 8 | - dind 9 | - dockerindocker 10 | - daemon 11 | - sshd 12 | - dockercontext 13 | - ci 14 | - desktop 15 | - dockerdaemon 16 | - dockercontextssh 17 | # A chart can be either an 'application' or a 'library' chart. 18 | # 19 | # Application charts are a collection of templates that can be packaged into versioned archives 20 | # to be deployed. 21 | # 22 | # Library charts provide useful utilities or functions for the chart developer. They're included as 23 | # a dependency of application charts to inject those utilities and functions into the rendering 24 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 25 | type: application 26 | 27 | 28 | # This is the chart version. This version number should be incremented each time you make changes 29 | # to the chart and its templates, including the app version. 30 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 31 | version: 1.0.9-deprecated 32 | 33 | # This is the version number of the application being deployed. This version number should be 34 | # incremented each time you make changes to the application. Versions are not expected to 35 | # follow Semantic Versioning. They should reflect the version the application is using. 36 | # It is recommended to use it with quotes. 37 | appVersion: "20.10.9" 38 | maintainers: 39 | - name: abdennour 40 | email: github@abdennoor.com 41 | -------------------------------------------------------------------------------- /charts/mssql/values.sample.yaml: -------------------------------------------------------------------------------- 1 | auth: 2 | rootPassword: yJHSYfYHD5 3 | username: demouser 4 | password: bQ7B71VUdz 5 | initdbScripts: 6 | create_demo_db.sql: | 7 | CREATE DATABASE DemoData; 8 | GO 9 | USE DemoData; 10 | CREATE TABLE Products (ID int, ProductName nvarchar(max)); 11 | GO 12 | INSERT INTO [dbo].[Products] ([ID],[ProductName]) VALUES (1,'Bra') 13 | INSERT INTO [dbo].[Products] ([ID],[ProductName]) VALUES (2,'Jija') 14 | INSERT INTO [dbo].[Products] ([ID],[ProductName]) VALUES (3,'Karbaaras') 15 | INSERT INTO [dbo].[Products] ([ID],[ProductName]) VALUES (4,'Toffeh') 16 | INSERT INTO [dbo].[Products] ([ID],[ProductName]) VALUES (4,'Khookh') 17 | GO 18 | SELECT TOP (10) [ID],[ProductName] 19 | FROM [DemoData].[dbo].[Products] 20 | GO 21 | 22 | ### 23 | ##### Backup 24 | backup: 25 | enabled: true 26 | databases: ["DemoData", "my_database"] 27 | cronjob: 28 | # every hour 29 | schedule: "0 * * * *" 30 | persistence: 31 | enabled: true 32 | ##### Monitoring 33 | metrics: 34 | ## @param metrics.enabled Start a side-car prometheus exporter 35 | ## 36 | enabled: true 37 | serviceMonitor: 38 | # !! Make it false if you don't have Prometheus operator, specifically CRD servicemonitor 39 | enabled: true 40 | # !! namespace wheren prometheus operator is running , where its servicemonitor resources deployed 41 | namespace: monitoring 42 | labels: 43 | ### i.e k -n monitoring get servicemonitor -L release 44 | release: monitoring-service 45 | 46 | ingress: 47 | enabled: true 48 | host: db1.labs.k8s.tn -------------------------------------------------------------------------------- /charts/single-page-app/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: single-page-app 3 | description: | 4 | Run Single Page Apps (React, VueJS, AngularJS) on top of Nginx while 5 | accepting configuration as env vars 6 | 7 | icon: https://themes.devops.elm.sa/icons/frontend.png 8 | keywords: 9 | - single-page-app 10 | - react 11 | - angular 12 | - vuejs 13 | - ocp3 14 | - openshift3 15 | - elm 16 | # A chart can be either an 'application' or a 'library' chart. 17 | # 18 | # Application charts are a collection of templates that can be packaged into versioned archives 19 | # to be deployed. 20 | # 21 | # Library charts provide useful utilities or functions for the chart developer. They're included as 22 | # a dependency of application charts to inject those utilities and functions into the rendering 23 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 24 | type: application 25 | 26 | # This is the chart version. This version number should be incremented each time you make changes 27 | # to the chart and its templates, including the app version. 28 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 29 | version: 1.9.0 30 | 31 | # This is the version number of the application being deployed. This version number should be 32 | # incremented each time you make changes to the application. Versions are not expected to 33 | # follow Semantic Versioning. They should reflect the version the application is using. 34 | appVersion: latest 35 | dependencies: [] 36 | maintainers: 37 | - name: abdennour 38 | email: atoumi@elm.sa 39 | - name: ahmed 40 | email: ahalharthi@elm.sa 41 | 42 | -------------------------------------------------------------------------------- /charts/radius-server/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "radius-server.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "radius-server.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "radius-server.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "radius-server.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | echo "Visit http://127.0.0.1:8080 to use your application" 20 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/external-service/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "external-service.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "external-service.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "external-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "external-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | echo "Visit http://127.0.0.1:8080 to use your application" 20 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/web-app/templates/_apm_pod_chunks.tpl: -------------------------------------------------------------------------------- 1 | {{- define "web-app.apmRuntimeDefined" }} 2 | {{- if and .Values.apm.enabled (not (has .Values.apm.runtime .Values.apmProvider.supportedRuntimes)) }} 3 | {{- fail (printf ".Values.apm.runtime must be set . Choose Value from the following: %s" (.Values.apmProvider.supportedRuntimes | join "|")) }} 4 | {{- end }} 5 | {{- end }} 6 | 7 | {{- define "web-app.apmEnvFrom" -}} 8 | - configMapRef: 9 | name: apm-{{ include "web-app.fullname" . }} 10 | - secretRef: 11 | name: apm-{{ include "web-app.fullname" . }} 12 | {{- end -}} 13 | 14 | {{- define "web-app.apmInitContainers" -}} 15 | - name: apm-init 16 | image: {{printf "%s/cloudnative/sidecar-elastic-apm-agent:%s" .Values.image.registry .Values.apm.imageTag }} 17 | command: 18 | - sh 19 | - -c 20 | - >- 21 | cp -r /agents/* /tmp/apm-agents/; 22 | volumeMounts: 23 | - name: apm-agents 24 | # /elastic-apm-agent.jar 25 | mountPath: /tmp/apm-agents 26 | {{- end -}} 27 | 28 | {{- define "web-app.apmVolumeMounts" -}} 29 | - name: apm-agents 30 | mountPath: "{{ include "web-app.apmAgentMountPath" . }}" 31 | {{- end -}} 32 | 33 | {{- define "web-app.apmVolumes" -}} 34 | - name: apm-agents 35 | emptyDir: {} 36 | {{- end -}} 37 | 38 | {{- define "web-app.apmAgentMountPath" }} 39 | {{- printf "/tmp/apm-agents" }} 40 | {{- end }} 41 | 42 | {{- define "web-app.apmJavaOpts" }} 43 | {{- if .Values.envVars.JAVA_OPTS }} 44 | {{- printf "-javaagent:%s/elastic-apm-agent.jar %s" (include "web-app.apmAgentMountPath" . ) (.Values.envVars.JAVA_OPTS | trim) }} 45 | {{- else }} 46 | {{- printf "-javaagent:%s/elastic-apm-agent.jar" (include "web-app.apmAgentMountPath" . ) }} 47 | {{- end }} 48 | {{- end }} -------------------------------------------------------------------------------- /charts/mssql/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.networkPolicy.enabled }} 2 | kind: NetworkPolicy 3 | apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} 4 | metadata: 5 | name: {{ template "common.names.fullname" . }} 6 | namespace: {{ include "common.names.namespace" . | quote }} 7 | labels: {{- include "common.labels.standard" . | nindent 4 }} 8 | {{- if .Values.commonLabels }} 9 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 10 | {{- end }} 11 | {{- if .Values.commonAnnotations }} 12 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 13 | {{- end }} 14 | spec: 15 | podSelector: 16 | matchLabels: 17 | {{- include "common.labels.matchLabels" . | nindent 6 }} 18 | ingress: 19 | # Allow inbound connections 20 | - ports: 21 | - port: {{ .Values.primary.service.ports.mssql }} 22 | {{- if not .Values.networkPolicy.allowExternal }} 23 | from: 24 | - podSelector: 25 | matchLabels: 26 | {{ template "common.names.fullname" . }}-client: "true" 27 | {{- if .Values.networkPolicy.explicitNamespacesSelector }} 28 | namespaceSelector: 29 | {{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} 30 | {{- end }} 31 | - podSelector: 32 | matchLabels: 33 | {{- include "common.labels.matchLabels" . | nindent 14 }} 34 | {{- end }} 35 | {{- if .Values.metrics.enabled }} 36 | # Allow prometheus scrapes 37 | - ports: 38 | - port: {{ .Values.metrics.service.port }} 39 | {{- end }} 40 | {{- end }} -------------------------------------------------------------------------------- /charts/web-app/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.deployment.enabled }} 2 | {{- if eq .Values.deployment.kind "Deployment" }} 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: {{ include "web-app.fullname" . }} 7 | labels: 8 | {{- include "web-app.labels" . | nindent 4 }} 9 | {{- if or .Values.deployment.annotations .Values.autoscaling.enabled }} 10 | annotations: 11 | {{- end }} 12 | {{- if .Values.autoscaling.enabled }} 13 | app.kubernetes.io/horizontal-autoscaled: "true" 14 | {{- end }} 15 | 16 | 17 | spec: 18 | revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }} 19 | {{- if not .Values.autoscaling.enabled }} 20 | replicas: {{ .Values.replicaCount }} 21 | {{- end }} 22 | selector: 23 | matchLabels: 24 | {{- include "web-app.selectorLabels" . | nindent 6 }} 25 | template: 26 | metadata: 27 | annotations: 28 | {{- if .Values.envVars }} 29 | checksum/configenvvars: {{ include (print $.Template.BasePath "/secret-env-vars.yaml") . | sha256sum }} 30 | {{- end }} 31 | {{- if .Values.envVarsSealed }} 32 | checksum/configenvvarssealed: {{ include (print $.Template.BasePath "/secret-env-vars-sealed.yaml") . | sha256sum }} 33 | {{- end }} 34 | {{- if .Values.configFile.name }} 35 | checksum/configfile: {{ include (print $.Template.BasePath "/configmap-file.yaml") . | sha256sum }} 36 | {{- end }} 37 | {{- with .Values.podAnnotations }} 38 | {{- toYaml . | nindent 8 }} 39 | {{- end }} 40 | labels: 41 | {{- include "web-app.selectorLabels" . | nindent 8 }} 42 | spec: 43 | {{- include "web-app.pod" . | nindent 6 -}} 44 | {{- end }} 45 | {{- end }} 46 | -------------------------------------------------------------------------------- /charts/prometheus-to-msteams/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "prometheus-to-msteams.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "prometheus-to-msteams.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "prometheus-to-msteams.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "prometheus-to-msteams.labels" -}} 38 | app.kubernetes.io/name: {{ include "prometheus-to-msteams.name" . }} 39 | helm.sh/chart: {{ include "prometheus-to-msteams.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | release: {{ .Release.Name }} 42 | {{- if .Chart.AppVersion }} 43 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 44 | {{- end }} 45 | app.kubernetes.io/managed-by: {{ .Release.Service }} 46 | {{- end -}} 47 | -------------------------------------------------------------------------------- /charts/single-page-app/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- $kubeclient := "kubectl" }} 2 | {{- if .Values.openshift -}} 3 | {{- $kubeclient = "oc" }} 4 | {{- end }} 5 | 1. Get the application URL by running these commands: 6 | {{- if .Values.route.enabled }} 7 | app is accessible at https://{{ include "single-page-app.host" . }} 8 | {{- end }} 9 | {{- if contains "NodePort" .Values.service.type -}} 10 | export NODE_PORT=$({{ $kubeclient }} get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "single-page-app.fullname" . }}) 11 | export NODE_IP=$({{ $kubeclient }} get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 12 | echo http://$NODE_IP:$NODE_PORT 13 | {{- else if contains "LoadBalancer" .Values.service.type }} 14 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 15 | You can watch the status of by running '{{ $kubeclient }} get --namespace {{ .Release.Namespace }} svc -w {{ include "single-page-app.fullname" . }}' 16 | export SERVICE_IP=$({{ $kubeclient }} get svc --namespace {{ .Release.Namespace }} {{ include "single-page-app.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 17 | echo http://$SERVICE_IP:{{ .Values.service.port }} 18 | {{- else if contains "ClusterIP" .Values.service.type }} 19 | export POD_NAME=$({{ $kubeclient }} get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "single-page-app.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 20 | echo "Visit http://127.0.0.1:8080 to use your application" 21 | {{ $kubeclient }} --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/templates/cronjob-cache-cleaner.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cacheCleaner.enabled }} 2 | apiVersion: {{ .Values.cacheCleaner.apiVersion }} 3 | kind: CronJob 4 | metadata: 5 | name: {{ include "docker-daemon-sshd.fullname" $ }}-cache-cleaner 6 | labels: 7 | {{- include "docker-daemon-sshd.labels" $ | nindent 4 }} 8 | spec: 9 | schedule: "{{ .Values.cacheCleaner.schedule }}" 10 | concurrencyPolicy: Forbid 11 | jobTemplate: 12 | spec: 13 | template: 14 | spec: 15 | {{- with .Values.imagePullSecrets }} 16 | imagePullSecrets: 17 | {{- toYaml . | nindent 12 }} 18 | {{- end }} 19 | containers: 20 | - name: cache-cleaner 21 | image: {{ .Values.cacheCleaner.image.repository }}:{{ .Values.cacheCleaner.image.tag | default .Chart.AppVersion }} 22 | imagePullPolicy: IfNotPresent 23 | volumeMounts: 24 | - name: docker-ssh-files 25 | mountPath: {{ $.Values.sshClient.mountPath }} 26 | command: 27 | - /bin/sh 28 | - -c 29 | - > 30 | sh {{ $.Values.sshClient.mountPath }}/post-start.sh; 31 | {{- if .Values.cacheCleaner.byImageLabel }} 32 | docker image prune -af --filter label={{ .Values.cacheCleaner.byImageLabel }}; 33 | {{- end }} 34 | docker system prune -af --filter "until={{ .Values.cacheCleaner.until }}"; 35 | docker builder prune -af --filter "until={{ .Values.cacheCleaner.until }}"; 36 | volumes: 37 | - name: docker-ssh-files 38 | configMap: 39 | name: {{ include "docker-daemon-sshd.fullname" $ }}-ssh-dir 40 | restartPolicy: OnFailure 41 | 42 | {{- end }} -------------------------------------------------------------------------------- /charts/service-proxy/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "service-proxy.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "service-proxy.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "service-proxy.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "service-proxy.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") 20 | echo "Visit http://127.0.0.1:8080 to use your application" 21 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/web-app/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- $kubeclient := "kubectl" }} 2 | {{- if .Values.openshift -}} 3 | {{- $kubeclient = "oc" }} 4 | {{- end }} 5 | 1. Get the application URL by running these commands: 6 | {{- if .Values.route.enabled }} 7 | app is accessible at https://{{ include "web-app.host" . }} 8 | {{- end }} 9 | {{- if contains "NodePort" .Values.service.type -}} 10 | export NODE_PORT=$({{ $kubeclient }} get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "web-app.fullname" . }}) 11 | export NODE_IP=$({{ $kubeclient }} get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 12 | echo http://$NODE_IP:$NODE_PORT 13 | {{- else if contains "LoadBalancer" .Values.service.type }} 14 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 15 | You can watch the status of by running '{{ $kubeclient }} get --namespace {{ .Release.Namespace }} svc -w {{ include "web-app.fullname" . }}' 16 | export SERVICE_IP=$({{ $kubeclient }} get svc --namespace {{ .Release.Namespace }} {{ include "web-app.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 17 | echo http://$SERVICE_IP:{{ .Values.service.port }} 18 | {{- else if contains "ClusterIP" .Values.service.type }} 19 | export POD_NAME=$({{ $kubeclient }} get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "web-app.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 20 | echo "Visit http://127.0.0.1:8080 to use your application" 21 | {{ $kubeclient }} --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 22 | {{- end }} 23 | 24 | {{- if .Values.envVarsSealed }} 25 | You are providing values for "envVarsSealed": 26 | Make sure that you encrypted it in the right way 27 | {{- end }} -------------------------------------------------------------------------------- /charts/web-app/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: web-app 3 | description: | 4 | This is a very generic helm chart that allows you deploy any Web Application 5 | with couple of features like Observability (APM, PBD, ..etc) like persistence 6 | It allow you also to switch between Pod controllers easilty: Deployment, Statefulset,...etc 7 | 8 | icon: https://raw.githubusercontent.com/ElmCompany/helm-charts/master/assets/icons/generic-app.png 9 | keywords: 10 | - web-app 11 | - pod 12 | - route 13 | - web 14 | - mount 15 | - envvars 16 | - dotenv 17 | - openshift 18 | - ocp3 19 | - openshift3 20 | - apm 21 | - openshift4 22 | # A chart can be either an 'application' or a 'library' chart. 23 | # 24 | # Application charts are a collection of templates that can be packaged into versioned archives 25 | # to be deployed. 26 | # 27 | # Library charts provide useful utilities or functions for the chart developer. They're included as 28 | # a dependency of application charts to inject those utilities and functions into the rendering 29 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 30 | type: application 31 | 32 | # This is the chart version. This version number should be incremented each time you make changes 33 | # to the chart and its templates, including the app version. 34 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 35 | version: 3.2.15 36 | 37 | # This is the version number of the application being deployed. This version number should be 38 | # incremented each time you make changes to the application. Versions are not expected to 39 | # follow Semantic Versioning. They should reflect the version the application is using. 40 | appVersion: 1.16.0 41 | dependencies: [] 42 | 43 | sources: 44 | - https://github.com/ElmCompany/helm-charts.git 45 | 46 | maintainers: 47 | - name: abdennour 48 | email: github@abdennoor.com 49 | -------------------------------------------------------------------------------- /charts/prometheus-to-msteams/files/teams.j2: -------------------------------------------------------------------------------- 1 | {%- set 2 | theme_colors = { 3 | 'resolved' : '2DC72D', 4 | 'critical' : '8C1A1A', 5 | 'severe' : '8C1A1A', 6 | 'warning' : 'FF9A0B', 7 | 'unknown' : 'CCCCCC' 8 | } 9 | -%} 10 | 11 | { 12 | "@type": "MessageCard", 13 | "@context": "http://schema.org/extensions", 14 | "themeColor": "{% if status=='resolved' %} {{ theme_colors.resolved }} {% else %} {{ theme_colors[msg_text.severity] }} {% endif %}", 15 | "summary": "{% if status=='resolved' %}(Resolved) {% endif %}{{ msg_text.summary }}", 16 | "title": "Prometheus alert {% if status=='resolved' %}(Resolved) {% elif status=='unknown' %} (status unknown) {% endif %}", 17 | "sections": [{ 18 | "activityTitle": "{{ msg_text.summary }}", 19 | "facts": [{% if msg_text.name %}{ 20 | "name": "Alert", 21 | "value": "{{ msg_text.name }}" 22 | },{% endif %}{% if msg_text.instance %}{ 23 | "name": "In host", 24 | "value": "{{ msg_text.instance }}" 25 | },{% endif %}{% if msg_text.severity %}{ 26 | "name": "Severity", 27 | "value": "{{ msg_text.severity }}" 28 | },{% endif %}{% if msg_text.description %}{ 29 | "name": "Description", 30 | "value": "{{ msg_text.description }}" 31 | },{% endif %}{ 32 | "name": "Status", 33 | "value": "{{ msg_text.status }}" 34 | }{% if msg_text.extra_labels %}{% for key in msg_text.extra_labels %},{ 35 | "name": "{{ key }}", 36 | "value": "{{ msg_text.extra_labels[key] }}" 37 | }{% endfor %}{% endif %} 38 | {% if msg_text.extra_annotations %}{% for key in msg_text.extra_annotations %},{ 39 | "name": "{{ key }}", 40 | "value": "{{ msg_text.extra_annotations[key] }}" 41 | }{% endfor %}{% endif %}], 42 | "markdown": true 43 | }] 44 | } 45 | -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/templates/docker-client/pod-docker-client-example.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.sshClient.podExample.enabled }} 2 | {{ $namespaces := append .Values.sshClient.namespaces .Release.Namespace }} 3 | {{ range $ns := $namespaces }} 4 | --- 5 | apiVersion: apps/v1 6 | kind: StatefulSet 7 | metadata: 8 | name: {{ include "docker-daemon-sshd.fullname" $ }}-client-example 9 | labels: 10 | {{- include "docker-daemon-sshd.labels" $ | nindent 4 }} 11 | role: docker-client 12 | namespace: {{ $ns }} 13 | annotations: 14 | releaseTime: {{ dateInZone "2006-01-02 15:04:05Z" (now) "UTC"| quote }} 15 | spec: 16 | replicas: 1 17 | serviceName: no-service 18 | selector: 19 | matchLabels: 20 | {{- include "docker-daemon-sshd.selectorLabels" $ | nindent 6 }} 21 | role: docker-client 22 | template: 23 | metadata: 24 | labels: 25 | {{- include "docker-daemon-sshd.selectorLabels" $ | nindent 8 }} 26 | role: docker-client 27 | spec: 28 | containers: 29 | - args: 30 | - cat 31 | lifecycle: 32 | postStart: 33 | exec: 34 | command: 35 | - sh 36 | - {{ $.Values.sshClient.mountPath }}/post-start.sh 37 | image: "{{ $.Values.sshClient.podExample.imageRepository }}:{{ $.Values.sshClient.podExample.imageTag }}" 38 | name: "docker-client" 39 | tty: true 40 | volumeMounts: 41 | - name: docker-ssh-files 42 | mountPath: {{ $.Values.sshClient.mountPath }} 43 | resources: 44 | {{- toYaml $.Values.sshClient.podExample.resources | nindent 10 }} 45 | {{- with $.Values.sshClient.podExample.imagePullSecrets }} 46 | imagePullSecrets: 47 | {{- toYaml . | nindent 8 }} 48 | {{- end }} 49 | volumes: 50 | - name: docker-ssh-files 51 | configMap: 52 | name: {{ include "docker-daemon-sshd.fullname" $ }}-ssh-dir 53 | {{- end }} 54 | {{- end }} 55 | -------------------------------------------------------------------------------- /charts/web-app/templates/statefulset.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.deployment.enabled }} 2 | {{- if eq (include "web-app.is-statefulset" . ) "true" }} 3 | apiVersion: "apps/v1" 4 | kind: StatefulSet 5 | metadata: 6 | name: {{ include "web-app.fullname" . }} 7 | labels: 8 | {{- include "web-app.labels" . | nindent 4 }} 9 | spec: 10 | serviceName: {{ include "web-app.fullname" . }}-headless 11 | {{- if not .Values.autoscaling.enabled }} 12 | replicas: {{ .Values.replicaCount }} 13 | {{- end }} 14 | updateStrategy: 15 | type: {{ .Values.rollout.type }} 16 | selector: 17 | matchLabels: 18 | {{- include "web-app.selectorLabels" . | nindent 6 }} 19 | template: 20 | metadata: 21 | annotations: 22 | {{- if .Values.envVars }} 23 | checksum/configenvvars: {{ include (print $.Template.BasePath "/secret-env-vars.yaml") . | sha256sum }} 24 | {{- end }} 25 | {{- if .Values.envVarsSealed }} 26 | checksum/configenvvarssealed: {{ include (print $.Template.BasePath "/secret-env-vars-sealed.yaml") . | sha256sum }} 27 | {{- end }} 28 | {{- if .Values.configFile.name }} 29 | checksum/configfile: {{ include (print $.Template.BasePath "/configmap-file.yaml") . | sha256sum }} 30 | {{- end }} 31 | {{- with .Values.podAnnotations }} 32 | {{- toYaml . | nindent 8 }} 33 | {{- end }} 34 | labels: 35 | {{- include "web-app.selectorLabels" . | nindent 8 }} 36 | spec: 37 | {{- include "web-app.pod" . | nindent 6 -}} 38 | 39 | {{- if or .Values.volumeClaimTemplates (eq (include "web-app.hasVolumeclaimtemplatesFromPersistence" .) "true") }} 40 | volumeClaimTemplates: 41 | {{- with .Values.volumeClaimTemplates }} 42 | {{- toYaml . | nindent 4 }} 43 | {{- end }} 44 | {{- if eq (include "web-app.hasVolumeclaimtemplatesFromPersistence" .) "true" }} 45 | {{- include "web-app.volumeclaimtemplatesFromPersistence" . | nindent 4 -}} 46 | {{- end }} 47 | {{- end }} {{/*IF ends */}} 48 | 49 | {{- end }} 50 | {{- end }} -------------------------------------------------------------------------------- /charts/mssql/files/scripts/entrypoint/init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts (and .Values.auth.createDatabase .Values.auth.database) }} 3 | # env var : 4 | ### ${SA_PASSWORD} 5 | ### ${MSSQL_DATABASE} 6 | ### ${MSSQL_DATABASE_COLLATE} 7 | ### ${DB_INIT_SCRIPTS_DIR} 8 | 9 | set -e 10 | export DB_INIT_SCRIPTS_DIR=/tmp/docker-entrypoint-initdb.d 11 | 12 | echo "running the setup script .." 13 | sleep 40 14 | 15 | export IS_DB_INITIALIZED={{ .Values.primary.persistence.mount }}/$MSSQL_DATABASE.initialized 16 | export IS_SQLSCRIPTS_INITIALIZED={{ .Values.primary.persistence.mount }}/initsqlscripts.initialized 17 | function db_init() { 18 | {{- if and .Values.auth.createDatabase .Values.auth.database }} 19 | 20 | if [ ! -f "${IS_DB_INITIALIZED}" ]; then 21 | /opt/mssql-tools/bin/sqlcmd -U sa -P "$SA_PASSWORD" -Q "CREATE DATABASE ${MSSQL_DATABASE} COLLATE ${MSSQL_DATABASE_COLLATE}" 22 | if [ "$?" = "0" ]; then 23 | touch ${IS_DB_INITIALIZED} 24 | fi 25 | fi 26 | {{- end }} 27 | {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} 28 | 29 | if [ ! -f "${IS_SQLSCRIPTS_INITIALIZED}" ]; then 30 | for f in $(ls $DB_INIT_SCRIPTS_DIR/*.sql 2> /dev/null); do 31 | echo "- running init db script $f .." 32 | result=$(/opt/mssql-tools/bin/sqlcmd -U sa -P "$SA_PASSWORD" -v MSSQL_PASSWORD="${MSSQL_PASSWORD}" -v MSSQL_DATABASE="${MSSQL_DATABASE}" -i "$f") 33 | echo "- result: $result" 34 | done 35 | if [ "$?" = "0" ]; then 36 | touch ${IS_SQLSCRIPTS_INITIALIZED} 37 | fi 38 | fi 39 | {{- end }} 40 | } 41 | 42 | if [ ! -f "${IS_DB_INITIALIZED}" ] || [ ! -f "${IS_SQLSCRIPTS_INITIALIZED}" ]; then 43 | echo "running init sql scripts .." 44 | for i in {1..50}; 45 | do 46 | db_init; 47 | if [ $? -eq 0 ] 48 | then 49 | echo "\nall sql scripts run is completed!" 50 | break 51 | else 52 | printf "..." 53 | sleep 3 54 | fi 55 | done 56 | fi 57 | {{- end }} -------------------------------------------------------------------------------- /charts/web-app/templates/deployment-config.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.deployment.enabled }} 2 | {{- if eq .Values.deployment.kind "DeploymentConfig" }} 3 | apiVersion: apps.openshift.io/v1 4 | kind: DeploymentConfig 5 | metadata: 6 | name: {{ include "web-app.fullname" . }} 7 | labels: 8 | {{- include "web-app.labels" . | nindent 4 }} 9 | spec: 10 | replicas: {{ .Values.replicaCount }} 11 | revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }} 12 | triggers: 13 | - type: ConfigChange 14 | - imageChangeParams: 15 | automatic: {{ .Values.deployment.triggers.imageStreamChange }} 16 | containerNames: 17 | - {{ include "web-app.fullname" . }} 18 | from: 19 | kind: ImageStreamTag 20 | name: {{ printf "%s:%s" (include "web-app.fullname" .) .Values.image.tag }} 21 | type: ImageChange 22 | selector: 23 | {{- include "web-app.labels" . | nindent 4 }} 24 | deploymentconfig: {{ include "web-app.fullname" . }} 25 | strategy: 26 | activeDeadlineSeconds: 21600 27 | resources: 28 | {{- toYaml .Values.rollout.resources | nindent 6 }} 29 | rollingParams: 30 | intervalSeconds: 1 31 | maxSurge: 25% 32 | maxUnavailable: 25% 33 | timeoutSeconds: 600 34 | updatePeriodSeconds: 1 35 | type: Rolling 36 | template: 37 | metadata: 38 | labels: 39 | {{- include "web-app.labels" . | nindent 8 }} 40 | deploymentconfig: {{ include "web-app.fullname" . }} 41 | annotations: 42 | {{- if .Values.envVars }} 43 | checksum/configenvvars: {{ include (print $.Template.BasePath "/secret-env-vars.yaml") . | sha256sum }} 44 | {{- end }} 45 | {{- if .Values.envVarsSealed }} 46 | checksum/configenvvarssealed: {{ include (print $.Template.BasePath "/secret-env-vars-sealed.yaml") . | sha256sum }} 47 | {{- end }} 48 | {{- if .Values.configFile.name }} 49 | checksum/configfile: {{ include (print $.Template.BasePath "/configmap-file.yaml") . | sha256sum }} 50 | {{- end }} 51 | spec: 52 | {{- include "web-app.pod" . | nindent 6 -}} 53 | test: false 54 | {{- end }} 55 | {{- end }} -------------------------------------------------------------------------------- /charts/radius-server/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "radius-server.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "radius-server.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "radius-server.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "radius-server.labels" -}} 38 | helm.sh/chart: {{ include "radius-server.chart" . }} 39 | {{ include "radius-server.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end -}} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "radius-server.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "radius-server.name" . }} 51 | app.kubernetes.io/instance: {{ .Release.Name }} 52 | {{- end -}} 53 | 54 | {{/* 55 | Create the name of the service account to use 56 | */}} 57 | {{- define "radius-server.serviceAccountName" -}} 58 | {{- if .Values.serviceAccount.create -}} 59 | {{ default (include "radius-server.fullname" .) .Values.serviceAccount.name }} 60 | {{- else -}} 61 | {{ default "default" .Values.serviceAccount.name }} 62 | {{- end -}} 63 | {{- end -}} 64 | -------------------------------------------------------------------------------- /charts/external-service/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "external-service.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "external-service.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "external-service.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "external-service.labels" -}} 38 | helm.sh/chart: {{ include "external-service.chart" . }} 39 | {{ include "external-service.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end -}} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "external-service.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "external-service.name" . }} 51 | app.kubernetes.io/instance: {{ .Release.Name }} 52 | {{- end -}} 53 | 54 | {{/* 55 | Create the name of the service account to use 56 | */}} 57 | {{- define "external-service.serviceAccountName" -}} 58 | {{- if .Values.serviceAccount.create -}} 59 | {{ default (include "external-service.fullname" .) .Values.serviceAccount.name }} 60 | {{- else -}} 61 | {{ default "default" .Values.serviceAccount.name }} 62 | {{- end -}} 63 | {{- end -}} 64 | -------------------------------------------------------------------------------- /charts/radius-server/values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 1 2 | 3 | image: 4 | # image doc: https://hub.docker.com/r/tpdock/radius-server/ 5 | repository: docker.io/tpdock/radius-server 6 | pullPolicy: IfNotPresent 7 | 8 | imagePullSecrets: [] 9 | 10 | authorization: 11 | clients: | 12 | client dockernet { 13 | ipaddr = 172.17.0.0/16 14 | secret = testing123 15 | } 16 | client everyone { 17 | idaddr = 0.0.0.0/0 18 | secret = bigsecret 19 | } 20 | users: | 21 | user Cleartext-Password := "password", MS-CHAP-Use-NTLM-Auth := 0 22 | bob Cleartext-Password := "test" 23 | 24 | nameOverride: "" 25 | fullnameOverride: "" 26 | 27 | serviceAccount: 28 | # Specifies whether a service account should be created 29 | create: true 30 | # Annotations to add to the service account 31 | annotations: {} 32 | # The name of the service account to use. 33 | # If not set and create is true, a name is generated using the fullname template 34 | name: 35 | 36 | podSecurityContext: {} 37 | # fsGroup: 2000 38 | 39 | securityContext: {} 40 | # capabilities: 41 | # drop: 42 | # - ALL 43 | # readOnlyRootFilesystem: true 44 | # runAsNonRoot: true 45 | # runAsUser: 1000 46 | 47 | service: 48 | type: ClusterIP 49 | port: 18120 50 | portAuth: 1812 51 | portAcc: 1813 52 | 53 | ingress: 54 | enabled: false 55 | annotations: {} 56 | # kubernetes.io/ingress.class: nginx 57 | # kubernetes.io/tls-acme: "true" 58 | hosts: 59 | - host: chart-example.local 60 | paths: [] 61 | tls: [] 62 | # - secretName: chart-example-tls 63 | # hosts: 64 | # - chart-example.local 65 | 66 | resources: {} 67 | # We usually recommend not to specify default resources and to leave this as a conscious 68 | # choice for the user. This also increases chances charts run on environments with little 69 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 70 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 71 | # limits: 72 | # cpu: 100m 73 | # memory: 128Mi 74 | # requests: 75 | # cpu: 100m 76 | # memory: 128Mi 77 | 78 | nodeSelector: {} 79 | 80 | tolerations: [] 81 | 82 | affinity: {} 83 | -------------------------------------------------------------------------------- /charts/single-page-app/README.md: -------------------------------------------------------------------------------- 1 | # Overview 2 | Run Single Page Apps (React, VueJS, AngularJS) on top of Nginx while accepting configuration as env vars 3 | This helm chart implements [this architecture reference](https://www.jeffgeerling.com/blog/2018/deploying-react-single-page-web-app-kubernetes) and specifically, the "Method 3 - Rearchitect the way your React app loads config" 4 | 5 | # Prerequisites 6 | 7 | 1. Make sure that your SPA app is refactored for 12factor compliance, and namely app configuration are externalized not baked with the final JS bundle file. 8 | 9 | - **React** sample [here](https://github.com/abdennour/cloudnative-implementation/commit/d1413130cccbecde87dc7bf70f32d1e08d647bc2) 10 | 11 | - **Angular** TODO 12 | 13 | - **Vuejs** TODO 14 | 15 | 2. Base your runtime image on `docker.io/nginxinc/nginx-unprivileged:1.21-alpine`. Example of Dockerfile below 16 | 17 |
show 18 |

19 | 20 | ```Dockerfile 21 | ARG REGISTRY=docker.io 22 | #### STAGES BUILD ### 23 | FROM ${REGISTRY}/node:15-alpine3.13 as dependencies 24 | WORKDIR /code 25 | COPY package.json package-lock.json ./ 26 | RUN npm install 27 | 28 | FROM dependencies as build 29 | COPY . . 30 | RUN npm run build 31 | 32 | #### STAGE RUNTIME ### 33 | FROM ${REGISTRY}/nginxinc/nginx-unprivileged:1.21-alpine as runtime 34 | COPY --from=build --chown=1001:0 /code/build /usr/share/nginx/html 35 | EXPOSE 8080 36 | ``` 37 | 38 |

39 |
40 | 41 | 3. All app env vars are prefixed with a unified prefix: `REACT_APP_*` with React apps, `NG_APP_` with Angular apps,.. so on 42 | 43 | # Values 44 | `image.repository` or `image.stream` is the required value. Otherwise, Check the other default Values of this chart [here](https://github.com/ElmCompany/helm-charts/blob/master/charts/single-page-app/values.yaml) 45 | 46 | # How to install the app 47 | 48 | **Set Elm Repo** 49 | ```sh 50 | helm repo add elm https://raw.githubusercontent.com/ElmCompany/helm-charts/gh-pages 51 | helm repo update 52 | ``` 53 | 54 | **Use it** `helm install elm/single-page-app` 55 | 56 | # Authors 57 | 58 | This chart is maintained by: 59 | 60 | - Abdennour Toumi 61 | - Ahmed Alharthi 62 | 63 | # License 64 | 65 | LGPL v3 -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/files/scripts/install-prometheus-exporter-active-ssh-users.sh: -------------------------------------------------------------------------------- 1 | {{- if .Values.sshd.monitoring.enabled }} 2 | #!/bin/bash 3 | set -ex 4 | ## @usage : 5 | ## bash install-prometheuse-exporter-active-ssh-users.sh 6 | ## or 7 | ## bash install-prometheuse-exporter-active-ssh-users.sh offline 8 | ## $1 offline or not exist 9 | ### if "offline": script will use proxy. 10 | # cert CA 11 | ## TODO - Parametrize HTTP_PROXY if exist 12 | 13 | # download exporter 14 | declare -r owner="stfsy" 15 | declare -r name="prometheus-what-active-users-exporter" 16 | 17 | declare -r latest_release_url=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/${owner}/${name}/releases/latest) 18 | declare -r latest_version=$(echo ${latest_release_url} | awk -F'/' '{print $8}') 19 | declare -r latest_version_name=${name}-${latest_version}-linux-x64 20 | 21 | declare -r shasum_url=https://github.com/${owner}/${name}/releases/download/${latest_version}/sha256sums.txt 22 | declare -r binary_url=https://github.com/${owner}/${name}/releases/download/${latest_version}/${latest_version_name} 23 | 24 | if [ ! -f ${latest_version_name} ]; then 25 | curl -L ${shasum_url} > shasums256.txt 26 | curl -L ${binary_url} > ${latest_version_name} 27 | 28 | declare -r hash_sum_line=$(cat shasums256.txt | grep ${latest_version_name}) 29 | declare -r hash_sum=$(echo ${hash_sum_line} | awk -F' ' '{print $1}') 30 | 31 | echo "${hash_sum} ${latest_version_name}" | sha256sum --check 32 | cp ${latest_version_name} ${name} 33 | rm shasums256.txt 34 | fi 35 | 36 | # install 37 | chmod a+x ${name} 38 | sudo mv ${name} /usr/local/bin/${name} 39 | # validate 40 | /usr/local/bin/${name} --help 41 | 42 | # service 43 | if [ ! -f /etc/systemd/system/${name}.service ]; then 44 | cat > /etc/systemd/system/${name}.service <=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} 5 | {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} 6 | {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} 7 | {{- end }} 8 | {{- end }} 9 | {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} 10 | apiVersion: networking.k8s.io/v1 11 | {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 12 | apiVersion: networking.k8s.io/v1beta1 13 | {{- else -}} 14 | apiVersion: extensions/v1beta1 15 | {{- end }} 16 | kind: Ingress 17 | metadata: 18 | name: {{ $fullName }} 19 | labels: 20 | {{- include "docker-daemon-sshd.labels" . | nindent 4 }} 21 | {{- with .Values.ingress.annotations }} 22 | annotations: 23 | {{- toYaml . | nindent 4 }} 24 | {{- end }} 25 | spec: 26 | {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} 27 | ingressClassName: {{ .Values.ingress.className }} 28 | {{- end }} 29 | {{- if .Values.ingress.tls }} 30 | tls: 31 | {{- range .Values.ingress.tls }} 32 | - hosts: 33 | {{- range .hosts }} 34 | - {{ . | quote }} 35 | {{- end }} 36 | secretName: {{ .secretName }} 37 | {{- end }} 38 | {{- end }} 39 | rules: 40 | {{- range .Values.ingress.hosts }} 41 | - host: {{ .host | quote }} 42 | http: 43 | paths: 44 | {{- range .paths }} 45 | - path: {{ .path }} 46 | {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} 47 | pathType: {{ .pathType }} 48 | {{- end }} 49 | backend: 50 | {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} 51 | service: 52 | name: {{ $fullName }} 53 | port: 54 | number: {{ $svcPort }} 55 | {{- else }} 56 | serviceName: {{ $fullName }} 57 | servicePort: {{ $svcPort }} 58 | {{- end }} 59 | {{- end }} 60 | {{- end }} 61 | {{- end }} 62 | -------------------------------------------------------------------------------- /charts/single-page-app/templates/configmap-nginx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ## These files should be mounted to /etc/nginx/conf.d 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ include "single-page-app.fullname" . }}-nginx 7 | labels: 8 | {{- include "single-page-app.labels" . | nindent 4 }} 9 | data: 10 | default.conf: | 11 | server { 12 | listen {{ .Values.port }}; 13 | server_name localhost; 14 | 15 | #charset koi8-r; 16 | #access_log /var/log/nginx/host.access.log main; 17 | 18 | location / { 19 | root /usr/share/nginx/html; 20 | index index.html index.htm; 21 | {{- if .Values.spa }} 22 | try_files $uri $uri/ /index.html; 23 | {{- end }} 24 | 25 | } 26 | 27 | #error_page 404 /404.html; 28 | 29 | # redirect server error pages to the static page /50x.html 30 | # 31 | error_page 500 502 503 504 /50x.html; 32 | location = /50x.html { 33 | root /usr/share/nginx/html; 34 | } 35 | 36 | # proxy the PHP scripts to Apache listening on 127.0.0.1:80 37 | # 38 | #location ~ \.php$ { 39 | # root html; 40 | # fastcgi_pass 127.0.0.1:9000; 41 | # fastcgi_index index.php; 42 | # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 43 | # include fastcgi_params; 44 | #} 45 | 46 | # deny access to .htaccess files, if Apache's document root 47 | # concurs with nginx's one 48 | # 49 | #location ~ /\.ht { 50 | # deny all; 51 | #} 52 | } 53 | {{- if .Values.webOptimize.gzip }} 54 | gzip.conf: | 55 | gzip on; 56 | gzip_http_version 1.0; 57 | gzip_comp_level 5; # 1-9 58 | gzip_min_length 256; 59 | gzip_proxied any; 60 | gzip_vary on; 61 | 62 | # MIME-types 63 | gzip_types 64 | application/atom+xml 65 | application/javascript 66 | application/json 67 | application/rss+xml 68 | application/vnd.ms-fontobject 69 | application/x-font-ttf 70 | application/x-web-app-manifest+json 71 | application/xhtml+xml 72 | application/xml 73 | font/opentype 74 | image/svg+xml 75 | image/x-icon 76 | text/css 77 | text/plain 78 | text/x-component; 79 | {{- end }} 80 | -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "docker-daemon-sshd.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "docker-daemon-sshd.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "docker-daemon-sshd.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "docker-daemon-sshd.labels" -}} 37 | helm.sh/chart: {{ include "docker-daemon-sshd.chart" . }} 38 | {{ include "docker-daemon-sshd.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "docker-daemon-sshd.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "docker-daemon-sshd.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "docker-daemon-sshd.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "docker-daemon-sshd.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | 64 | 65 | {{- define "docker-daemon-sshd.sshUser" -}} 66 | {{- if .Values.existingDockerDaemon.enabled }} 67 | {{- .Values.existingDockerDaemon.sshUser }} 68 | {{- else }} 69 | {{- print "root" }} 70 | {{- end }} 71 | {{- end }} 72 | -------------------------------------------------------------------------------- /charts/service-proxy/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "service-proxy.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} 5 | {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} 6 | {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} 7 | {{- end }} 8 | {{- end }} 9 | {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} 10 | apiVersion: networking.k8s.io/v1 11 | {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 12 | apiVersion: networking.k8s.io/v1beta1 13 | {{- else -}} 14 | apiVersion: extensions/v1beta1 15 | {{- end }} 16 | kind: Ingress 17 | metadata: 18 | name: {{ $fullName }} 19 | namespace: {{ $.Release.Namespace }} 20 | labels: 21 | {{- include "service-proxy.labels" . | nindent 4 }} 22 | {{- with .Values.ingress.annotations }} 23 | annotations: 24 | {{- toYaml . | nindent 4 }} 25 | {{- end }} 26 | spec: 27 | {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} 28 | ingressClassName: {{ .Values.ingress.className }} 29 | {{- end }} 30 | {{- if .Values.ingress.tls }} 31 | tls: 32 | {{- range .Values.ingress.tls }} 33 | - hosts: 34 | {{- range .hosts }} 35 | - {{ . | quote }} 36 | {{- end }} 37 | secretName: {{ .secretName }} 38 | {{- end }} 39 | {{- end }} 40 | rules: 41 | {{- range .Values.ingress.hosts }} 42 | - host: {{ .host | quote }} 43 | http: 44 | paths: 45 | {{- range .paths }} 46 | - path: {{ .path }} 47 | {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} 48 | pathType: {{ .pathType }} 49 | {{- end }} 50 | backend: 51 | {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} 52 | service: 53 | name: {{ $fullName }} 54 | port: 55 | number: {{ $svcPort }} 56 | {{- else }} 57 | serviceName: {{ $fullName }} 58 | servicePort: {{ $svcPort }} 59 | {{- end }} 60 | {{- end }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /charts/mssql/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ include "common.names.fullname" . }} 6 | namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace }} 7 | labels: {{- include "common.labels.standard" . | nindent 4 }} 8 | {{- if .Values.metrics.serviceMonitor.labels }} 9 | {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} 10 | {{- end }} 11 | {{- if .Values.commonLabels }} 12 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 13 | {{- end }} 14 | annotations: 15 | {{- if .Values.commonAnnotations }} 16 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 17 | {{- end }} 18 | {{- if .Values.metrics.serviceMonitor.annotations }} 19 | {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.annotations "context" $ ) | nindent 4 }} 20 | {{- end }} 21 | spec: 22 | jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} 23 | endpoints: 24 | - port: metrics 25 | {{- if .Values.metrics.serviceMonitor.interval }} 26 | interval: {{ .Values.metrics.serviceMonitor.interval }} 27 | {{- end }} 28 | {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} 29 | scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} 30 | {{- end }} 31 | {{- if .Values.metrics.serviceMonitor.honorLabels }} 32 | honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} 33 | {{- end }} 34 | {{- if .Values.metrics.serviceMonitor.metricRelabelings }} 35 | metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} 36 | {{- end }} 37 | {{- if .Values.metrics.serviceMonitor.relabelings }} 38 | relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} 39 | {{- end }} 40 | namespaceSelector: 41 | matchNames: 42 | - {{ include "common.names.namespace" . | quote }} 43 | selector: 44 | matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} 45 | app.kubernetes.io/component: metrics 46 | {{- if .Values.metrics.serviceMonitor.selector }} 47 | {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} 48 | {{- end }} 49 | {{- end }} -------------------------------------------------------------------------------- /charts/mssql/templates/primary/svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "mssql.primary.fullname" . }} 5 | namespace: {{ include "common.names.namespace" . | quote }} 6 | labels: {{- include "common.labels.standard" . | nindent 4 }} 7 | app.kubernetes.io/component: primary 8 | {{- if .Values.commonLabels }} 9 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 10 | {{- end }} 11 | annotations: 12 | {{- if .Values.commonAnnotations }} 13 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 14 | {{- end }} 15 | {{- if .Values.primary.service.annotations }} 16 | {{- include "common.tplvalues.render" ( dict "value" .Values.primary.service.annotations "context" $ ) | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | type: {{ .Values.primary.service.type }} 20 | {{- if and .Values.primary.service.clusterIP (eq .Values.primary.service.type "ClusterIP") }} 21 | clusterIP: {{ .Values.primary.service.clusterIP }} 22 | {{- end }} 23 | {{- if .Values.primary.service.sessionAffinity }} 24 | sessionAffinity: {{ .Values.primary.service.sessionAffinity }} 25 | {{- end }} 26 | {{- if .Values.primary.service.sessionAffinityConfig }} 27 | sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.sessionAffinityConfig "context" $) | nindent 4 }} 28 | {{- end }} 29 | {{- if or (eq .Values.primary.service.type "LoadBalancer") (eq .Values.primary.service.type "NodePort") }} 30 | externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }} 31 | {{- end }} 32 | {{- if and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerSourceRanges)) }} 33 | loadBalancerSourceRanges: {{ .Values.primary.service.loadBalancerSourceRanges }} 34 | {{- end }} 35 | {{- if and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerIP)) }} 36 | loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }} 37 | {{- end }} 38 | ports: 39 | - name: mssql 40 | port: {{ .Values.primary.service.ports.mssql }} 41 | protocol: TCP 42 | targetPort: mssql 43 | {{- if (and (or (eq .Values.primary.service.type "NodePort") (eq .Values.primary.service.type "LoadBalancer")) .Values.primary.service.nodePorts.mssql) }} 44 | nodePort: {{ .Values.primary.service.nodePorts.mssql }} 45 | {{- else if eq .Values.primary.service.type "ClusterIP" }} 46 | nodePort: null 47 | {{- end }} 48 | {{- if .Values.primary.service.extraPorts }} 49 | {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.extraPorts "context" $) | nindent 4 }} 50 | {{- end }} 51 | selector: {{ include "common.labels.matchLabels" . | nindent 4 }} 52 | app.kubernetes.io/component: primary -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/templates/docker-client/configmap-ssh-files.yaml: -------------------------------------------------------------------------------- 1 | {{ $dockerHost := printf "%s.%s" (include "docker-daemon-sshd.fullname" .) .Release.Namespace }} 2 | {{ $dockerEndpoint := printf "ssh://%s@%s" (include "docker-daemon-sshd.sshUser" .) $dockerHost }} 3 | {{ $namespaces := append .Values.sshClient.namespaces .Release.Namespace }} 4 | {{ range $ns := $namespaces }} 5 | --- 6 | kind: ConfigMap 7 | apiVersion: v1 8 | metadata: 9 | name: {{ include "docker-daemon-sshd.fullname" $ }}-ssh-dir 10 | labels: 11 | {{- include "docker-daemon-sshd.labels" $ | nindent 4 }} 12 | namespace: {{ $ns }} 13 | 14 | data: 15 | id_rsa: {{ $.Values.sshKeys.private | quote }} 16 | id_rsa.pub: {{ $.Values.sshKeys.public }} 17 | auto-select-docker-context.sh: | 18 | #!/bin/sh 19 | function auto_select_remote_docker() 20 | { 21 | DOCKERTIMEOUT=$1 22 | export SELECTED=nothing 23 | docker context ls | while read -r ctx;do 24 | name=$(echo $ctx | awk '{print $1}'); 25 | if [ "${name}" = "NAME" ] || [ "${name}" = "default" ]; then 26 | continue; 27 | fi 28 | echo "Checking health of cloudnative build env ${name} ..." 29 | DOCKER_CONTEXT=${name} timeout -s 9 $DOCKERTIMEOUT docker system info -f '{{`{{ .Name }}`}}'; 30 | if [ $? == "0" ];then 31 | echo "Selecting ${name} ...." 32 | export SELECTED=${name}; 33 | docker context use ${name}; 34 | break; 35 | fi 36 | done 37 | } 38 | 39 | auto_select_remote_docker 9 40 | post-start.sh: | 41 | mkdir -p -m 600 ~/.ssh; 42 | cp -rL {{ $.Values.sshClient.mountPath }}/* ~/.ssh; 43 | chmod 400 ~/.ssh/id_rsa; 44 | docker context create {{ include "docker-daemon-sshd.fullname" $ }} --docker "host={{ $dockerEndpoint }}"; 45 | {{- range $dockerContext := $.Values.dockerClient.extraDockerContextes }} 46 | {{- if not (eq $dockerContext.endpoint $dockerEndpoint ) }} 47 | docker context create {{ $dockerContext.name }} --docker "host={{ $dockerContext.endpoint }}"; 48 | {{- end }} 49 | {{- end }} 50 | {{- if $.Values.sshClient.useContext }} 51 | docker context use {{ include "docker-daemon-sshd.fullname" $ }}; 52 | {{- end }} 53 | {{- if $.Values.sshClient.autoSelectContext }} 54 | sh /tmp/ssh-files/auto-select-docker-context.sh 55 | {{- end }} 56 | {{- if $.Values.sshClient.dockerLoginCmd }} 57 | {{ $.Values.sshClient.dockerLoginCmd }} 58 | {{- end }} 59 | {{- if $.Values.sshClient.postStartCmd }} 60 | {{ $.Values.sshClient.postStartCmd }} 61 | {{- end }} 62 | 63 | config: | 64 | Host {{ $dockerHost }} 65 | StrictHostKeyChecking no 66 | UserKnownHostsFile=/dev/null 67 | {{- range $host := $.Values.sshClient.extraKnownHosts }} 68 | {{- if not (eq $host $dockerHost ) }} 69 | Host {{ $host }} 70 | StrictHostKeyChecking no 71 | UserKnownHostsFile=/dev/null 72 | {{- end }} 73 | {{- end }} 74 | {{- end }} 75 | -------------------------------------------------------------------------------- /charts/service-proxy/files/envoy-modes/envoy-http-https.yaml: -------------------------------------------------------------------------------- 1 | static_resources: 2 | listeners: 3 | - address: 4 | socket_address: 5 | address: 0.0.0.0 6 | port_value: {{ .Values.proxyPorts.webPort }} 7 | filter_chains: 8 | - filters: 9 | - name: envoy.filters.network.http_connection_manager 10 | typed_config: 11 | "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager 12 | codec_type: AUTO 13 | stat_prefix: ingress_http 14 | route_config: 15 | name: local_route 16 | virtual_hosts: 17 | - name: app 18 | domains: 19 | - "*" 20 | routes: 21 | - match: 22 | prefix: "/" 23 | route: 24 | cluster: {{ include "service-proxy.fullname" . }} 25 | auto_host_rewrite: true 26 | internal_redirect_policy: 27 | max_internal_redirects: 10 28 | redirect_response_codes: 29 | - 301 30 | - 302 31 | predicates: 32 | - name: envoy.internal_redirect_predicates.safe_cross_scheme 33 | typed_config: 34 | '@type': type.googleapis.com/envoy.extensions.internal_redirect.safe_cross_scheme.v3.SafeCrossSchemeConfig 35 | allow_cross_scheme_redirect: false 36 | http_filters: 37 | - name: envoy.filters.http.router 38 | typed_config: 39 | "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router 40 | 41 | clusters: 42 | - name: {{ include "service-proxy.fullname" . }} 43 | type: STRICT_DNS 44 | lb_policy: ROUND_ROBIN 45 | load_assignment: 46 | cluster_name: {{ include "service-proxy.fullname" . }} 47 | endpoints: 48 | - lb_endpoints: 49 | - endpoint: 50 | address: 51 | socket_address: 52 | address: {{ required "Backend Service ADDRESS is Required" .Values.backendService.address }} 53 | port_value: {{ .Values.backendService.port }} 54 | transport_socket: 55 | name: envoy.transport_sockets.tls 56 | typed_config: 57 | "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext 58 | {{- if (include "service-proxy.backendServiceHasCaCert" .) }} 59 | common_tls_context: 60 | validation_context: 61 | match_typed_subject_alt_names: 62 | - san_type: DNS 63 | matcher: 64 | exact: {{ .Values.backendService.address }} 65 | trusted_ca: 66 | filename: /tmp/certs/backend-ca.crt 67 | {{- end }} 68 | 69 | admin: 70 | access_log_path: "/dev/null" 71 | address: 72 | socket_address: 73 | address: 0.0.0.0 74 | port_value: {{ .Values.proxyPorts.adminPort }} -------------------------------------------------------------------------------- /charts/docker-daemon-sshd/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Connect to the docker daemon using this command: 2 | ---- 3 | 4 | ``` 5 | docker context create remote --docker "host=ssh://{{ include "docker-daemon-sshd.sshUser" $ }}@{{ include "docker-daemon-sshd.fullname" $ }}.{{ .Release.Namespace }}"; 6 | ``` 7 | 8 | EXAMPLES: 9 | In order to see examples below, make sure to : 10 | - provide at least one namespace in .Values.sshClient.namespaces 11 | - and .Values.sshClient.podExample.enabled to be "true" 12 | 13 | ----- 14 | {{- if .Values.sshClient.podExample.enabled }} 15 | Try to connect to docker clients : 16 | {{ range $ns := .Values.sshClient.namespaces }} 17 | kubectl -n {{ $ns }} exec -it {{ include "docker-daemon-sshd.fullname" $ }}-client-example-0 -c docker-client -- docker ps 18 | {{- end }} 19 | {{- end }} 20 | 21 | ---- 22 | 23 | For any other Pod 'x' in namespace 'y' wants to use this daemon, make sure to do the following : 24 | 25 | 1. namespace 'y' is mentioned in `sshClient.namespaces` array. i.e. sshClient.namespaces=['y'] 26 | 27 | 2. the pod/container 'x' has at least 2 executables : `ssh` client (openssh-client) + docker client (docker ) 28 | i.e. : {{ .Values.sshClient.podExample.imageRepository }}:{{ .Values.sshClient.podExample.imageTag }} 29 | 30 | 3. the pod 'x' define an extra volume from the configMap {{ include "docker-daemon-sshd.fullname" $ }}-ssh-dir 31 | 32 | ``` 33 | volumes: 34 | - name: docker-ssh-files 35 | configMap: 36 | name: {{ include "docker-daemon-sshd.fullname" $ }}-ssh-dir 37 | ``` 38 | 4. the pod/container 'x' mounts the volume as following: 39 | 40 | ``` 41 | - name: docker-ssh-files 42 | mountPath: {{ $.Values.sshClient.mountPath }} 43 | ``` 44 | 45 | 5. the pod/container 'x' lifecycle (postStart) should be : 46 | 47 | ``` 48 | lifecycle: 49 | postStart: 50 | exec: 51 | command: 52 | - sh 53 | - {{ $.Values.sshClient.mountPath }}/post-start.sh 54 | ``` 55 | 56 | {{- if .Values.existingDockerDaemon.enabled }} 57 | ########## 58 | # Prepare Machine {{ .Values.existingDockerDaemon.ip }} where existing daemon running ## 59 | ######## 60 | 61 | kubectl -n {{ .Release.Namespace}} get configmap {{ include "docker-daemon-sshd.fullname" . }}-helper-scripts \ 62 | -o jsonpath='{.data.prepare-existing-daemon\.sh}' > prepare-existing-daemon.sh 63 | scp prepare-existing-daemon.sh {{ .Values.existingDockerDaemon.ip }}:/tmp/ 64 | ssh {{ .Values.existingDockerDaemon.ip }} 65 | > sudo su - 66 | > bash /tmp/prepare-existing-daemon.sh 67 | {{- end }} 68 | 69 | {{- if .Values.sshd.monitoring.enabled }} 70 | kubectl -n {{ .Release.Namespace}} get configmap {{ include "docker-daemon-sshd.fullname" . }}-helper-scripts \ 71 | -o jsonpath='{.data.install-prometheus-exporter-active-ssh-users\.sh}' > install-prometheus-exporter-active-ssh-users.sh 72 | scp install-prometheus-exporter-active-ssh-users.sh {{ .Values.existingDockerDaemon.ip }}:/tmp/ 73 | ssh {{ .Values.existingDockerDaemon.ip }} 74 | > sudo su - 75 | > bash /tmp/install-prometheus-exporter-active-ssh-users.sh 76 | {{- end }} 77 | -------------------------------------------------------------------------------- /charts/prometheus-to-msteams/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "prometheus-to-msteams.fullname" . }} 5 | labels: 6 | {{ include "prometheus-to-msteams.labels" . | indent 4 }} 7 | spec: 8 | replicas: {{ .Values.replicaCount }} 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: {{ include "prometheus-to-msteams.name" . }} 12 | app.kubernetes.io/instance: {{ .Release.Name }} 13 | template: 14 | metadata: 15 | labels: 16 | app.kubernetes.io/name: {{ include "prometheus-to-msteams.name" . }} 17 | app.kubernetes.io/instance: {{ .Release.Name }} 18 | spec: 19 | {{- with .Values.imagePullSecrets }} 20 | imagePullSecrets: 21 | {{- toYaml . | nindent 8 }} 22 | {{- end }} 23 | volumes: 24 | - name: config 25 | configMap: 26 | name: prom2teams-config 27 | containers: 28 | - name: {{ .Chart.Name }} 29 | image: "{{.Values.image.registry}}/{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" 30 | imagePullPolicy: {{ .Values.image.pullPolicy }} 31 | ports: 32 | - name: http 33 | containerPort: 8089 34 | protocol: TCP 35 | volumeMounts: 36 | - name: config 37 | mountPath: /opt/prom2teams/helmconfig/ 38 | env: 39 | - name: APP_CONFIG_FILE 40 | value: {{ .Values.prom2teams.config | quote }} 41 | - name: PROM2TEAMS_PORT 42 | value: {{ .Values.prom2teams.port | quote }} 43 | - name: PROM2TEAMS_HOST 44 | value: {{ .Values.prom2teams.host | quote }} 45 | - name: PROM2TEAMS_CONNECTOR 46 | value: {{ .Values.prom2teams.connector | quote }} 47 | - name: PROM2TEAMS_GROUP_ALERTS_BY 48 | value: {{ .Values.prom2teams.group_alerts_by | quote }} 49 | - name: PROM2TEAMS_LOGLEVEL 50 | value: {{ .Values.prom2teams.loglevel }} 51 | {{- range $key, $value := .Values.prom2teams.extraEnv }} 52 | - name: "{{ $key }}" 53 | value: "{{ $value }}" 54 | {{- end }} 55 | resources: 56 | {{- toYaml .Values.resources | nindent 12 }} 57 | {{- if .Values.securityContext.enabled }} 58 | securityContext: 59 | privileged: false 60 | readOnlyRootFilesystem: false 61 | allowPrivilegeEscalation: false 62 | capabilities: 63 | drop: 64 | - ALL 65 | {{- end }} 66 | {{- with .Values.nodeSelector }} 67 | nodeSelector: 68 | {{- toYaml . | nindent 8 }} 69 | {{- end }} 70 | {{- with .Values.affinity }} 71 | affinity: 72 | {{- toYaml . | nindent 8 }} 73 | {{- end }} 74 | {{- with .Values.tolerations }} 75 | tolerations: 76 | {{- toYaml . | nindent 8 }} 77 | {{- end }} 78 | {{- if .Values.securityContext.enabled }} 79 | securityContext: 80 | runAsNonRoot: {{ if eq (int .Values.securityContext.runAsUser) 0 }}false{{ else }}true{{ end }} 81 | runAsUser: {{ .Values.securityContext.runAsUser }} 82 | runAsGroup: {{ .Values.securityContext.runAsGroup }} 83 | fsGroup: {{ .Values.securityContext.fsGroup }} 84 | {{- end }} 85 | 86 | -------------------------------------------------------------------------------- /charts/service-proxy/files/envoy-modes/envoy-s3.yaml: -------------------------------------------------------------------------------- 1 | static_resources: 2 | listeners: 3 | - address: 4 | socket_address: 5 | address: 0.0.0.0 6 | port_value: {{ .Values.proxyPorts.webPort }} 7 | filter_chains: 8 | - filters: 9 | - name: envoy.filters.network.http_connection_manager 10 | typed_config: 11 | "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager 12 | codec_type: AUTO 13 | stat_prefix: ingress_http 14 | route_config: 15 | name: local_route 16 | virtual_hosts: 17 | - name: app 18 | domains: 19 | - "*" 20 | routes: 21 | - match: 22 | prefix: "/" 23 | route: 24 | cluster: {{ include "service-proxy.fullname" . }} 25 | # auto_host_rewrite: true 26 | # internal_redirect_policy: 27 | # max_internal_redirects: 10 28 | # redirect_response_codes: 29 | # - 301 30 | # - 302 31 | # predicates: 32 | # - name: envoy.internal_redirect_predicates.safe_cross_scheme 33 | # typed_config: 34 | # '@type': type.googleapis.com/envoy.extensions.internal_redirect.safe_cross_scheme.v3.SafeCrossSchemeConfig 35 | # allow_cross_scheme_redirect: false 36 | http_filters: 37 | # docs: https://envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto.html 38 | - name: sigv4-signing 39 | typed_config: 40 | "@type": type.googleapis.com/envoy.extensions.filters.http.aws_request_signing.v3.AwsRequestSigning 41 | service_name: s3 42 | # host_rewrite: s3.amazonaws.com 43 | host_rewrite: {{ required "S3 Endpoint (.backendService.address) is Required" .Values.backendService.address }} 44 | region: us-east-1 45 | use_unsigned_payload: true 46 | match_excluded_headers: 47 | - prefix: x-envoy 48 | - prefix: x-forwarded 49 | - exact: x-amzn-trace-id 50 | - name: envoy.filters.http.router 51 | typed_config: 52 | "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router 53 | 54 | clusters: 55 | - name: {{ include "service-proxy.fullname" . }} 56 | connect_timeout: 0.5s 57 | type: LOGICAL_DNS 58 | # type: STRICT_DNS 59 | lb_policy: ROUND_ROBIN 60 | load_assignment: 61 | cluster_name: {{ include "service-proxy.fullname" . }} 62 | endpoints: 63 | - lb_endpoints: 64 | - endpoint: 65 | address: 66 | socket_address: 67 | address: {{ required "S3 Endpoint (.backendService.address) is Required" .Values.backendService.address }} 68 | port_value: {{ .Values.backendService.port }} 69 | transport_socket: 70 | name: envoy.transport_sockets.tls 71 | typed_config: 72 | "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext 73 | 74 | admin: 75 | access_log_path: "/dev/null" 76 | address: 77 | socket_address: 78 | address: 0.0.0.0 79 | port_value: {{ .Values.proxyPorts.adminPort }} -------------------------------------------------------------------------------- /charts/radius-server/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "radius-server.fullname" . }} 5 | labels: 6 | {{- include "radius-server.labels" . | nindent 4 }} 7 | 8 | spec: 9 | replicas: {{ .Values.replicaCount }} 10 | selector: 11 | matchLabels: 12 | {{- include "radius-server.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "radius-server.selectorLabels" . | nindent 8 }} 17 | annotations: 18 | checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} 19 | spec: 20 | {{- with .Values.imagePullSecrets }} 21 | imagePullSecrets: 22 | {{- toYaml . | nindent 8 }} 23 | {{- end }} 24 | serviceAccountName: {{ include "radius-server.serviceAccountName" . }} 25 | securityContext: 26 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 27 | containers: 28 | - name: {{ .Chart.Name }} 29 | securityContext: 30 | {{- toYaml .Values.securityContext | nindent 12 }} 31 | image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" 32 | imagePullPolicy: {{ .Values.image.pullPolicy }} 33 | env: 34 | - name: POD_IP 35 | valueFrom: 36 | fieldRef: 37 | fieldPath: status.podIP 38 | - name: NAMESPACE 39 | valueFrom: 40 | fieldRef: 41 | fieldPath: metadata.namespace 42 | - name: RADIUS_LISTEN_IP 43 | value: "*" 44 | - name: USERS_FILE 45 | value: "/etc/raddb/users" 46 | - name: RADIUS_CLIENTS 47 | value: "SECRET@0.0.0.0/0,healthsecret@127.0.0.1/32" 48 | ports: 49 | - containerPort: 1812 50 | name: radius-auth 51 | protocol: UDP 52 | - containerPort: 1813 53 | name: radacc-acc 54 | protocol: UDP 55 | - containerPort: 18120 56 | name: radius 57 | protocol: TCP 58 | # radtest user pass 1812 SECRET 59 | # livenessProbe: 60 | readinessProbe: 61 | exec: 62 | command: 63 | - radtest 64 | - healthuser 65 | - healthpass 66 | - 127.0.0.1 67 | - '1812' 68 | - healthsecret 69 | initialDelaySeconds: 15 70 | periodSeconds: 60 71 | resources: 72 | {{- toYaml .Values.resources | nindent 12 }} 73 | volumeMounts: 74 | - name: radius-server-config 75 | mountPath: /etc/raddb/clients.conf 76 | subPath: clients.conf 77 | - name: radius-server-config 78 | mountPath: /etc/raddb/users 79 | subPath: users 80 | volumes: 81 | - name: radius-server-config 82 | configMap: 83 | name: {{ include "radius-server.fullname" . }} 84 | {{- with .Values.nodeSelector }} 85 | nodeSelector: 86 | {{- toYaml . | nindent 8 }} 87 | {{- end }} 88 | {{- with .Values.affinity }} 89 | affinity: 90 | {{- toYaml . | nindent 8 }} 91 | {{- end }} 92 | {{- with .Values.tolerations }} 93 | tolerations: 94 | {{- toYaml . | nindent 8 }} 95 | {{- end }} 96 | -------------------------------------------------------------------------------- /charts/single-page-app/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "single-page-app.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 7 | {{- end }} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "single-page-app.fullname" -}} 15 | {{- if .Values.fullnameOverride }} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 17 | {{- else }} 18 | {{- $name := default .Chart.Name .Values.nameOverride }} 19 | {{- if contains $name .Release.Name }} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 21 | {{- else }} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 23 | {{- end }} 24 | {{- end }} 25 | {{- end }} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "single-page-app.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 32 | {{- end }} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "single-page-app.labels" -}} 38 | helm.sh/chart: {{ include "single-page-app.chart" . }} 39 | {{ include "single-page-app.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end }} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "single-page-app.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "single-page-app.name" . }} 51 | app.kubernetes.io/instance: {{ .Release.Name }} 52 | {{- end }} 53 | 54 | {{/* 55 | Create the name of the service account to use 56 | */}} 57 | {{- define "single-page-app.serviceAccountName" -}} 58 | {{- if .Values.serviceAccount.create }} 59 | {{- default (include "single-page-app.fullname" .) .Values.serviceAccount.name }} 60 | {{- else }} 61 | {{- default "default" .Values.serviceAccount.name }} 62 | {{- end }} 63 | {{- end }} 64 | 65 | 66 | 67 | # {{- if .Values.existingImageStream.name }} 68 | # name: {{ .Values.existingImageStream.name }}:latest 69 | # {{- else }} 70 | # name: {{ include "single-page-app.fullname" . }}:latest 71 | # {{- end }} 72 | 73 | 74 | {{/* 75 | image repo 76 | */}} 77 | {{- define "single-page-app.imageRepo" -}} 78 | {{- if .Values.image.repository }} 79 | {{- .Values.image.repository }} 80 | {{- else }} 81 | {{- printf "%s/%s/%s" .Values.image.stream.registry .Values.image.stream.namespace .Values.image.stream.name }} 82 | {{- end }} 83 | {{- end }} 84 | 85 | {{/* 86 | image tag 87 | */}} 88 | {{- define "single-page-app.imageTag" -}} 89 | {{- if .Values.image.tag }} 90 | {{- .Values.image.tag }} 91 | {{- else }} 92 | {{- .Chart.AppVersion }} 93 | {{- end }} 94 | {{- end }} 95 | 96 | {{/* 97 | host name 98 | */}} 99 | {{- define "single-page-app.host" -}} 100 | {{- if .Values.route.host }} 101 | {{- .Values.route.host }} 102 | {{- else if .Values.route.domain }} 103 | {{- printf "%s-%s.%s" .Release.Namespace .Release.Name .Values.route.domain }} 104 | {{- end }} 105 | {{- end }} 106 | 107 | {{/* 108 | all host names 109 | */}} 110 | {{- define "single-page-app.hosts" -}} 111 | {{- $hosts := prepend .Values.route.extraHosts (include "single-page-app.host" . ) }} 112 | {{- join "@" $hosts }} 113 | {{- end }} -------------------------------------------------------------------------------- /charts/service-proxy/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "service-proxy.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "service-proxy.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "service-proxy.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "service-proxy.labels" -}} 37 | helm.sh/chart: {{ include "service-proxy.chart" . }} 38 | {{ include "service-proxy.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "service-proxy.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "service-proxy.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "service-proxy.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "service-proxy.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | 64 | {{/* 65 | host name 66 | */}} 67 | {{- define "service-proxy.host" -}} 68 | {{- if .Values.route.host }} 69 | {{- .Values.route.host }} 70 | {{- else if .Values.route.domain }} 71 | {{- printf "%s-%s.%s" .Release.Namespace .Release.Name .Values.route.domain }} 72 | {{- end }} 73 | {{- end }} 74 | {{- define "service-proxy.adminHost" -}} 75 | {{- if .Values.adminRoute.host }} 76 | {{- .Values.adminRoute.host }} 77 | {{- else if .Values.adminRoute.domain }} 78 | {{- printf "%s-%s.%s" .Release.Namespace .Release.Name .Values.adminRoute.domain }} 79 | {{- end }} 80 | {{- end }} 81 | 82 | {{/* 83 | all host names 84 | */}} 85 | {{- define "service-proxy.hosts" -}} 86 | {{- $hosts := prepend .Values.route.extraHosts (include "service-proxy.host" . ) }} 87 | {{- join "@" $hosts }} 88 | {{- end }} 89 | 90 | {{- define "service-proxy.adminHosts" -}} 91 | {{- $hosts := prepend .Values.adminRoute.extraHosts (include "service-proxy.adminHost" . ) }} 92 | {{- join "@" $hosts }} 93 | {{- end }} 94 | 95 | {{/* 96 | caCert handling 97 | */}} 98 | {{- define "service-proxy.backendServiceHasCaCert" }} 99 | {{- or .Values.backendService.caCert .Values.backendService.caCertConfigmap.name }} 100 | {{- end}} 101 | 102 | {{- define "service-proxy.backendServiceCaCertConfigmapName" }} 103 | {{- if .Values.backendService.caCert }} 104 | {{- printf "%s-ca" (include "service-proxy.fullname" .) }} 105 | {{- else if .Values.backendService.caCertConfigmap.name }} 106 | {{- .Values.backendService.caCertConfigmap.name }} 107 | {{- end }} 108 | {{- end }} 109 | -------------------------------------------------------------------------------- /charts/web-app/templates/cronjob.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.cronjob.enabled }} 2 | apiVersion: batch/v1 3 | kind: CronJob 4 | metadata: 5 | name: {{ include "web-app.fullname" . }} 6 | labels: 7 | {{- include "web-app.labels" . | nindent 4 }} 8 | spec: 9 | concurrencyPolicy: {{ .Values.cronjob.concurrencyPolicy }} 10 | {{- if .Values.cronjob.failedJobsHistoryLimit }} 11 | failedJobsHistoryLimit: {{ .Values.cronjob.failedJobsHistoryLimit }} 12 | {{- end }} 13 | jobTemplate: 14 | spec: 15 | template: 16 | spec: 17 | {{- if .Values.serviceAccount.create }} 18 | serviceAccount: {{ include "web-app.serviceAccountName" . }} 19 | serviceAccountName: {{ include "web-app.serviceAccountName" . }} 20 | {{- end }} 21 | containers: 22 | - image: '{{ .Values.cronjob.image.repository }}:{{ .Values.cronjob.image.tag }}' 23 | imagePullPolicy: {{ .Values.cronjob.image.pullPolicy }} 24 | {{- with .Values.cronjob.command }} 25 | command: 26 | {{- tpl (toYaml .) $ | nindent 14 }} 27 | {{- end }} 28 | {{- if .Values.cronjob.args }} 29 | args: 30 | {{- toYaml .Values.cronjob.args | nindent 14 }} 31 | {{- end }} 32 | name: job 33 | {{- if .Values.cronjob.runAsUser }} 34 | securityContext: 35 | runAsUser: {{ .Values.cronjob.runAsUser }} 36 | {{- end }} 37 | {{- if .Values.cronjob.mountEnvVars }} 38 | {{- if or .Values.envVars .Values.envVarsSealed }} 39 | envFrom: 40 | {{- end }} 41 | {{- with .Values.envVars }} 42 | - secretRef: 43 | name: {{ include "web-app.fullname" $ }}-env-vars 44 | {{- end }} 45 | {{- with .Values.envVarsSealed }} 46 | - secretRef: 47 | name: {{ include "web-app.fullname" $ }}-env-vars-sealed 48 | {{- end }} 49 | {{- end }} 50 | {{- if or .Values.cronjob.persistentMountPath .Values.cronjob.extraPersistentMountPath }} 51 | volumeMounts: 52 | {{- end }} 53 | {{- if .Values.cronjob.persistentMountPath }} 54 | - mountPath: {{ .Values.cronjob.persistentMountPath }} 55 | name: pvc-1 56 | readOnly: {{ .Values.cronjob.persistentMountReadOnly }} 57 | {{- end }} 58 | {{- if .Values.cronjob.extraPersistentMountPath }} 59 | - mountPath: {{ .Values.cronjob.extraPersistentMountPath }} 60 | name: pvc-2 61 | readOnly: {{ .Values.cronjob.extraPersistentMountReadOnly }} 62 | {{- end }} 63 | # Optional part: 64 | #env: 65 | #- name: PATENT_FOLDER 66 | # value: "/tmp/data/tamm/prod/ownership/" 67 | {{- if .Values.cronjob.image.pullSecret }} 68 | imagePullSecrets: 69 | - name: {{ .Values.cronjob.image.pullSecret }} 70 | {{- end }} 71 | restartPolicy: {{ .Values.cronjob.restartPolicy }} 72 | terminationGracePeriodSeconds: 30 73 | {{- with .Values.cronjob.podSecurityContext }} 74 | securityContext: 75 | {{- toYaml . | nindent 14 }} 76 | {{- end }} 77 | {{- if or .Values.cronjob.persistentMountPath .Values.cronjob.extraPersistentMountPath }} 78 | volumes: 79 | {{- end }} 80 | {{- if .Values.cronjob.persistentMountPath }} 81 | - name: pvc-1 82 | persistentVolumeClaim: 83 | claimName: {{ .Values.persistence.existingClaim | default (include "web-app.fullname" .) }} 84 | {{- end }} 85 | {{- if .Values.cronjob.extraPersistentMountPath }} 86 | - name: pvc-2 87 | persistentVolumeClaim: 88 | claimName: {{ include "web-app.fullname" . }}-extra 89 | {{- end }} 90 | schedule: "{{ .Values.cronjob.schedule | toString }}" 91 | successfulJobsHistoryLimit: 3 92 | {{ end }} 93 | -------------------------------------------------------------------------------- /charts/mssql/templates/backup/cronjob.yaml: -------------------------------------------------------------------------------- 1 | {{- $databases := .Values.backup.databases -}} 2 | {{- if .Values.backup.enabled }} 3 | {{ range $_, $database := $databases }} 4 | {{- $databaseKebab := (regexReplaceAll "\\W+" $database "-" | lower ) -}} 5 | {{ $databaseKebab = (trimSuffix "-" $databaseKebab ) }} 6 | {{ $databaseKebab = (regexReplaceAll "_" $databaseKebab "-" ) }} 7 | --- 8 | apiVersion: {{ include "common.capabilities.cronjob.apiVersion" $ }} 9 | kind: CronJob 10 | metadata: 11 | name: {{ printf "%s-snapshotter-db-%s" (include "common.names.fullname" $) $databaseKebab }} 12 | labels: {{- include "common.labels.standard" $ | nindent 4 }} 13 | {{- if $.Values.commonLabels }} 14 | {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} 15 | {{- end }} 16 | {{- if $.Values.commonAnnotations }} 17 | annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} 18 | {{- end }} 19 | spec: 20 | concurrencyPolicy: Forbid 21 | schedule: {{ $.Values.backup.cronjob.schedule | quote }} 22 | successfulJobsHistoryLimit: {{ $.Values.backup.cronjob.historyLimit }} 23 | jobTemplate: 24 | spec: 25 | template: 26 | metadata: 27 | labels: {{- include "common.labels.standard" $ | nindent 12 }} 28 | app.kubernetes.io/component: snapshotter 29 | {{- if $.Values.backup.cronjob.podAnnotations }} 30 | annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.backup.cronjob.podAnnotations "context" $) | nindent 12 }} 31 | {{- end }} 32 | spec: 33 | {{- if $.Values.backup.cronjob.nodeSelector }} 34 | nodeSelector: {{- toYaml $.Values.backup.cronjob.nodeSelector | nindent 12 }} 35 | {{- end }} 36 | {{- if $.Values.backup.cronjob.tolerations }} 37 | tolerations: {{- toYaml $.Values.backup.cronjob.tolerations | nindent 12 }} 38 | {{- end }} 39 | {{- include "mssql.imagePullSecrets" $ | nindent 10 }} 40 | restartPolicy: OnFailure 41 | {{- if $.Values.backup.cronjob.podSecurityContext.enabled }} 42 | securityContext: {{- omit $.Values.backup.cronjob.podSecurityContext "enabled" | toYaml | nindent 12 }} 43 | {{- end }} 44 | containers: 45 | - name: mssql-snapshotter 46 | image: {{ template "mssql.client.image" $ }} 47 | imagePullPolicy: {{ $.Values.image.pullPolicy | quote }} 48 | {{- if $.Values.backup.cronjob.containerSecurityContext.enabled }} 49 | securityContext: {{- omit $.Values.backup.cronjob.containerSecurityContext "enabled" | toYaml | nindent 16 }} 50 | {{- end }} 51 | command: 52 | - /bin/sh 53 | - -c 54 | - | 55 | export now=$(date +%Y-%m-%d_%Hh%Mm%Ssec) 56 | export database="{{ $database }}" 57 | /opt/mssql-tools/bin/sqlcmd -S {{ include "mssql.primary.fullname" $ }}.{{ include "common.names.namespace" $ }}.svc.{{ $.Values.clusterDomain }} \ 58 | -U sa -P "$SA_PASSWORD" \ 59 | -e -Q \ 60 | {{ (include "common.tplvalues.render" ( dict "value" $.Values.backup.cronjob.commandTemplate "context" $ )) | quote }} 61 | 62 | if [ "$?" = "0" ];then 63 | echo "In the primary DB, restore this snapshot by running:" 64 | echo "# bash /tmp/entrypoint-scripts/restore.sh $database $now" 65 | fi 66 | 67 | env: 68 | - name: SA_PASSWORD 69 | valueFrom: 70 | secretKeyRef: 71 | name: {{ template "mssql.secretName" $ }} 72 | key: mssql-root-password 73 | {{- if $.Values.backup.cronjob.resources }} 74 | resources: {{- toYaml $.Values.backup.cronjob.resources | nindent 16 }} 75 | {{- end }} 76 | {{- end }} 77 | {{- end }} -------------------------------------------------------------------------------- /charts/service-proxy/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "service-proxy.fullname" . }} 5 | labels: 6 | {{- include "service-proxy.labels" . | nindent 4 }} 7 | spec: 8 | {{- if not .Values.autoscaling.enabled }} 9 | replicas: {{ .Values.replicaCount }} 10 | {{- end }} 11 | selector: 12 | matchLabels: 13 | {{- include "service-proxy.selectorLabels" . | nindent 6 }} 14 | template: 15 | metadata: 16 | annotations: 17 | checksum/configfile: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} 18 | {{- with .Values.podAnnotations }} 19 | {{- toYaml . | nindent 8 }} 20 | {{- end }} 21 | labels: 22 | {{- include "service-proxy.selectorLabels" . | nindent 8 }} 23 | spec: 24 | {{- with .Values.imagePullSecrets }} 25 | imagePullSecrets: 26 | {{- toYaml . | nindent 8 }} 27 | {{- end }} 28 | serviceAccountName: {{ include "service-proxy.serviceAccountName" . }} 29 | securityContext: 30 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 31 | containers: 32 | - name: {{ .Chart.Name }} 33 | securityContext: 34 | {{- toYaml .Values.securityContext | nindent 12 }} 35 | image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" 36 | imagePullPolicy: {{ .Values.image.pullPolicy }} 37 | command: ["/usr/local/bin/envoy", "-c /tmp/etc/envoy.yaml"] 38 | volumeMounts: 39 | - name: config 40 | mountPath: /tmp/etc 41 | {{- if (include "service-proxy.backendServiceHasCaCert" .) }} 42 | - name: backend-ca 43 | mountPath: /tmp/certs 44 | {{- end }} 45 | ports: 46 | - name: web 47 | containerPort: {{ .Values.proxyPorts.webPort }} 48 | protocol: TCP 49 | - name: admin 50 | containerPort: {{ .Values.proxyPorts.adminPort }} 51 | protocol: TCP 52 | {{- if or .Values.envVars .Values.envVarsSealed .Values.envFrom }} 53 | envFrom: 54 | {{- end }} 55 | {{- with .Values.envVars }} 56 | - secretRef: 57 | name: {{ include "service-proxy.fullname" $ }}-env-vars 58 | {{- end }} 59 | {{- with .Values.envVarsSealed }} 60 | - secretRef: 61 | name: {{ include "service-proxy.fullname" $ }}-env-vars-sealed 62 | {{- end }} 63 | {{- with .Values.envFrom }} 64 | {{- toYaml . | nindent 12 }} 65 | {{- end }} 66 | livenessProbe: 67 | httpGet: 68 | path: / 69 | port: admin 70 | readinessProbe: 71 | httpGet: 72 | path: / 73 | port: admin 74 | resources: 75 | {{- toYaml .Values.resources | nindent 12 }} 76 | {{- with .Values.nodeSelector }} 77 | nodeSelector: 78 | {{- toYaml . | nindent 8 }} 79 | {{- end }} 80 | {{- with .Values.affinity }} 81 | affinity: 82 | {{- toYaml . | nindent 8 }} 83 | {{- end }} 84 | {{- with .Values.tolerations }} 85 | tolerations: 86 | {{- toYaml . | nindent 8 }} 87 | {{- end }} 88 | volumes: 89 | - name: config 90 | configMap: 91 | name: {{ include "service-proxy.fullname" . }} 92 | defaultMode: 0644 93 | items: 94 | - key: envoy-{{ .Values.proxyMode }}.yaml 95 | path: envoy.yaml 96 | {{- if (include "service-proxy.backendServiceHasCaCert" .) }} 97 | - name: backend-ca 98 | configMap: 99 | name: {{ include "service-proxy.backendServiceCaCertConfigmapName" .}} 100 | defaultMode: 0644 101 | items: 102 | - key: {{ .Values.backendService.caCertConfigmap.key }} 103 | path: backend-ca.crt 104 | {{- end }} -------------------------------------------------------------------------------- /charts/single-page-app/values.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/schema#", 3 | "type": "object", 4 | "properties": { 5 | "affinity": { 6 | "type": "object" 7 | }, 8 | "autoscaling": { 9 | "type": "object", 10 | "properties": { 11 | "enabled": { 12 | "type": "boolean" 13 | }, 14 | "maxReplicas": { 15 | "type": "integer" 16 | }, 17 | "minReplicas": { 18 | "type": "integer" 19 | }, 20 | "targetCPUUtilizationPercentage": { 21 | "type": "integer" 22 | } 23 | } 24 | }, 25 | "deployTriggers": { 26 | "type": "object", 27 | "properties": { 28 | "imageStreamChange": { 29 | "type": "boolean" 30 | } 31 | } 32 | }, 33 | "envVars": { 34 | "type": "object" 35 | }, 36 | "existingImageStream": { 37 | "type": "object", 38 | "properties": { 39 | "tag": { 40 | "type": "string" 41 | } 42 | } 43 | }, 44 | "extraPorts": { 45 | "type": "array" 46 | }, 47 | "fullnameOverride": { 48 | "type": "string" 49 | }, 50 | "image": { 51 | "type": "object", 52 | "properties": { 53 | "pullSecret": { 54 | "type": "string" 55 | } 56 | } 57 | }, 58 | "maxDeploymentRevision": { 59 | "type": "integer" 60 | }, 61 | "nameOverride": { 62 | "type": "string" 63 | }, 64 | "nexus": { 65 | "type": "object", 66 | "properties": { 67 | "fullnameOverride": { 68 | "type": "string" 69 | }, 70 | "host": { 71 | "type": "string" 72 | } 73 | } 74 | }, 75 | "nodeSelector": { 76 | "type": "object" 77 | }, 78 | "openshift": { 79 | "type": "boolean" 80 | }, 81 | "podAnnotations": { 82 | "type": "object" 83 | }, 84 | "podSecurityContext": { 85 | "type": "object" 86 | }, 87 | "port": { 88 | "type": "integer", 89 | "minimum": 1025, 90 | "maximum": 9999 91 | }, 92 | "replicaCount": { 93 | "type": "integer", 94 | "minimum": 0, 95 | "maximum": 6 96 | }, 97 | "resources": { 98 | "type": "object" 99 | }, 100 | "rollout": { 101 | "type": "object", 102 | "properties": { 103 | "resources": { 104 | "type": "object" 105 | } 106 | } 107 | }, 108 | "route": { 109 | "type": "object", 110 | "properties": { 111 | "enabled": { 112 | "type": "boolean" 113 | }, 114 | "extraHosts": { 115 | "type": "array" 116 | } 117 | } 118 | }, 119 | "securityContext": { 120 | "type": "object" 121 | }, 122 | "service": { 123 | "type": "object", 124 | "properties": { 125 | "port": { 126 | "type": "integer" 127 | }, 128 | "type": { 129 | "type": "string" 130 | } 131 | } 132 | }, 133 | "serviceAccount": { 134 | "type": "object", 135 | "properties": { 136 | "annotations": { 137 | "type": "object" 138 | }, 139 | "create": { 140 | "type": "boolean" 141 | }, 142 | "name": { 143 | "type": "string" 144 | } 145 | } 146 | }, 147 | "tolerations": { 148 | "type": "array" 149 | } 150 | } 151 | } 152 | -------------------------------------------------------------------------------- /charts/single-page-app/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.deployment.kind "Deployment" }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: {{ include "single-page-app.fullname" . }} 6 | labels: 7 | {{- include "single-page-app.labels" . | nindent 4 }} 8 | spec: 9 | {{- if not .Values.autoscaling.enabled }} 10 | replicas: {{ .Values.replicaCount }} 11 | {{- end }} 12 | selector: 13 | matchLabels: 14 | {{- include "single-page-app.selectorLabels" . | nindent 6 }} 15 | template: 16 | metadata: 17 | annotations: 18 | checksum/configenvvars: {{ include (print $.Template.BasePath "/secret-env-vars.yaml") . | sha256sum }} 19 | checksum/confignginx: {{ include (print $.Template.BasePath "/configmap-nginx.yaml") . | sha256sum }} 20 | checksum/configscripts: {{ include (print $.Template.BasePath "/configmap-scripts.yaml") . | sha256sum }} 21 | {{- with .Values.podAnnotations }} 22 | {{- toYaml . | nindent 8 }} 23 | {{- end }} 24 | labels: 25 | {{- include "single-page-app.selectorLabels" . | nindent 8 }} 26 | spec: 27 | {{- if .Values.image.repository }} 28 | imagePullSecrets: 29 | - name: {{ .Values.image.pullSecret }} 30 | {{- end }} 31 | {{- if .Values.envVars }} 32 | initContainers: 33 | - name: env-generator 34 | image: '{{ include "single-page-app.imageRepo" . }}:{{ include "single-page-app.imageTag" . }}' 35 | command: 36 | - sh 37 | - /tmp/scripts/envars-to-js-object 38 | args: 39 | - --dest=/tmp/data 40 | {{- if .Values.jsEnvFileGenerator.filename }} 41 | - --dest-filename={{ .Values.jsEnvFileGenerator.filename }} 42 | {{- end }} 43 | - --env-vars-filter={{ .Values.jsEnvFileGenerator.envVarsPrefix }} 44 | {{- if .Values.jsEnvFileGenerator.jsObjectPrefix }} 45 | - --js-object={{ .Values.jsEnvFileGenerator.jsObjectPrefix }} 46 | {{- end }} 47 | - --run-as=job 48 | volumeMounts: 49 | - name: data-env 50 | mountPath: /tmp/data 51 | - name: config-scripts 52 | mountPath: /tmp/scripts 53 | readOnly: true 54 | envFrom: 55 | - secretRef: 56 | name: {{ include "single-page-app.fullname" $ }}-env-vars 57 | {{- end }} 58 | containers: 59 | - name: {{ include "single-page-app.fullname" . }} 60 | imagePullPolicy: Always 61 | image: "{{ include "single-page-app.imageRepo" . }}:{{ include "single-page-app.imageTag" . }}" 62 | ports: 63 | - name: http 64 | containerPort: {{ .Values.port }} 65 | protocol: TCP 66 | resources: 67 | {{- toYaml .Values.resources | nindent 10 }} 68 | {{- with .Values.livenessProbe }} 69 | livenessProbe: 70 | {{- toYaml . | nindent 10 }} 71 | {{- end }} 72 | {{- with .Values.readinessProbe }} 73 | readinessProbe: 74 | {{- toYaml . | nindent 10 }} 75 | {{- end }} 76 | volumeMounts: 77 | - name: data-env 78 | mountPath: {{ .Values.jsEnvFileGenerator.mount }} 79 | - name: config-nginx 80 | mountPath: /etc/nginx/conf.d 81 | readOnly: true 82 | - name: config-scripts 83 | mountPath: /tmp/scripts 84 | readOnly: true 85 | volumes: 86 | - name: data-env 87 | emptyDir: {} 88 | - name: config-nginx 89 | configMap: 90 | defaultMode: 420 91 | name: {{ include "single-page-app.fullname" . }}-nginx 92 | {{- if .Values.envVars }} 93 | - name: config-scripts 94 | configMap: 95 | defaultMode: 420 96 | name: {{ include "single-page-app.fullname" . }}-scripts 97 | # items: 98 | # - key: 99 | # path: 100 | {{- end }} 101 | {{- with .Values.nodeSelector }} 102 | nodeSelector: 103 | {{- toYaml . | nindent 8 }} 104 | {{- end }} 105 | {{- with .Values.affinity }} 106 | affinity: 107 | {{- toYaml . | nindent 8 }} 108 | {{- end }} 109 | {{- with .Values.tolerations }} 110 | tolerations: 111 | {{- toYaml . | nindent 8 }} 112 | {{- end }} 113 | {{- end }} 114 | -------------------------------------------------------------------------------- /charts/mssql/README.md: -------------------------------------------------------------------------------- 1 | # MS SQL Packaged By Elm 2 | Microsoft SQL Server is still used by many organizations. And migration to Cloud native can be a blocked by having this technology. 3 | In order to help organization to lift-shift to Cloud Native, they can run also MS SQL in kubernetes via this Helm chart 4 | 5 | > **DISCLAIMER** 6 | > BY DEPLOYING THIS HELM CHART, YOU ARE ACCEPTING THE [END-USER Licensing Agreement of Microsoft SQL Server](https://go.microsoft.com/fwlink/?LinkId=746388) 7 | 8 | # TL;DR 9 | ```sh 10 | helm repo add elm https://raw.githubusercontent.com/ElmCompany/helm-charts/gh-pages 11 | helm install my-db elm/mssql 12 | ``` 13 | 14 | # Values 15 | 16 | Check default Values of this chart [here](https://github.com/ElmCompany/helm-charts/blob/master/charts/mssql/values.yaml) . 17 | 18 | Hint: It's almost identical to values schema of `bitnami/mysql` helm chart. 19 | 20 | # Features 21 | 22 | 1. Applying Bitnami Helm Chart standards 23 | - Same interface (values.yaml schema ) as such bitnami/mysql helm chart values. 24 | - Ability to specify own registry 25 | - auto-generate passwords in not given 26 | - and more... 27 | 2. Persisting Data 28 | 3. Auto Bootstrapping Database 29 | 4. Auto Bootstraping Database Owner User with given password 30 | 5. Ability to execute initial DB scripts (SQL) 31 | 6. Performance Monitoring - Integrated with Prometheus Operator 32 | 7. Persistence for Backup 33 | 8. Replication Architecture [ TODO ] 34 | 9. TCP ingress for Database (traefik) 35 | 36 | # Backup/restore 37 | 38 | - Enable persistence for backups by setting (.Values.)`backup.persistence.enabled=true` 39 | 40 | 41 | 42 | # Try Sample 43 | 44 | Try with [values.sample.yaml](values.sample.yaml) 45 | - Update `values.sample.yaml` as per your environment 46 | - `helm -n db upgrade db1 elm/mssql -f values.sample.yaml -i --create-namespace` 47 | - Connect to DB using MSSQL client as per guide available at `helm -n db get notes db1` 48 | - Validate in your grafana dashboard 49 | ![](../../assets/img/mssql-grafana.jpg) 50 | 51 | **Take backup** 52 | - Connect to DB using MSSQL client as per guide available at `helm -n db get notes db1` 53 | - Add test data before backup: 54 | ```sh 55 | sqlcmd -S db1-mssql.db.svc.cluster.local -U sa -P "$SA_PASSWORD" -e -Q "USE DemoData 56 | INSERT INTO [dbo].[Products] ([ID],[ProductName]) VALUES (7,'Test backup restore') 57 | GO 58 | " 59 | ``` 60 | - Get backup command from notes: `helm -n db get notes db1` 61 | ```sh 62 | sqlcmd -S db1-mssql.db.svc.cluster.local -U sa -P "$SA_PASSWORD" -e -Q "BACKUP DATABASE [DemoData] TO DISK = N'/var/opt/mssql/backup/DemoData-001.bak' WITH NOFORMAT, NOINIT, NAME = 'DemoDatabackup', SKIP, NOREWIND, NOUNLOAD, STATS = 10" 63 | ``` 64 | - Delete database 65 | ```sh 66 | sqlcmd -S db1-mssql.db.svc.cluster.local -U sa -P "$SA_PASSWORD" -e -Q "USE master 67 | GO 68 | ALTER DATABASE [DemoData] SET SINGLE_USER WITH ROLLBACK IMMEDIATE; 69 | DROP DATABASE [DemoData] 70 | GO 71 | " 72 | ``` 73 | ![](../../assets/img/mssql-backup.jpg) 74 | 75 | 76 | **restore** 77 | 1. list out logical file names and paths inside the backup. 78 | 79 | `sqlcmd -S db1-mssql.db.svc.cluster.local -U sa -P "$SA_PASSWORD" -e -Q 'RESTORE FILELISTONLY FROM DISK = "/var/opt/mssql/backup/DemoData-001.bak"' | tr -s ' ' | cut -d ' ' -f 1-2` 80 | 81 | 2. restore the database 82 | 83 | `sqlcmd -S db1-mssql.db.svc.cluster.local -U sa -P "$SA_PASSWORD" -e -Q 'RESTORE DATABASE DemoData FROM DISK = "/var/opt/mssql/backup/DemoData-001.bak"'` 84 | 85 | > If you are restoring from another MSSQL setup (windows), you must specify new paths for each of the files in the step(1), using `WITH MOVE to , MOVE to , ...` 86 | 87 | ![](../../assets/img/mssql-restore.jpg) 88 | 89 | # Release Notes 90 | 91 | **1.4.0 (planned)** 92 | - Support Repliction architecture (publisher, subscriber, distributor) 93 | - 94 | **1.3.x (latest)** 95 | - Persisting Backups 96 | - Taking backups automatically for the specified databases at the specified time/period. 97 | - Providing restore CLI to restore EASILY backups taken automatically 98 | - Extensive docs in README with e2e example 99 | - Supporting TCP Ingress for Traefik-based ingress controllers. 100 | 101 | **1.2.1** 102 | - Ability to execute initial DB scripts (SQL) [ DONE ✅ ] 103 | - Performance Monitoring - Integrated with Prometheus Operator [ DONE ✅ ] 104 | 105 | **1.0.0** 106 | - First Release 107 | - Applying Bitnami Helm Chart standards [ DONE ✅ ] (Same interface (values.yaml schema ) as such bitnami/mysql .. so on) 108 | - Auto Bootstrapping Database [ DONE ✅ ] 109 | - Auto Bootstraping Database Owner User with given password [ DONE ✅ ] 110 | 111 | 112 | # Authors 113 | 114 | This chart is maintained by: 115 | - @abdennour 116 | 117 | # License 118 | 119 | LGPL v3 120 | -------------------------------------------------------------------------------- /charts/service-proxy/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for service-proxy. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | openshift: true 6 | ### @Section Networking ##### 7 | 8 | # Of one: https-passthrough | http-https | s3 9 | proxyMode: https-passthrough 10 | backendService: 11 | address: 12 | port: 443 13 | caCert: "" 14 | caCertConfigmap: 15 | name: "" 16 | key: service-ca.crt 17 | 18 | proxyPorts: 19 | webPort: 8080 20 | adminPort: 8888 21 | service: 22 | type: ClusterIP 23 | port: 80 24 | adminPort: 8888 25 | 26 | envVars: {} 27 | # @parm envVarsSealed env vars with sealed values 28 | # seal -h https://seal.apps.mycluster.com -n [namespace] -s [ClearValue] 29 | # 30 | envVarsSealed: {} 31 | # @param sealScope scope of secrets sealing in envVarsSealed 32 | sealScope: namespace-wide 33 | 34 | route: 35 | enabled: false 36 | ## domain: wildcardomain.com 37 | ## if you specify domain, the chart will automatically calculate 38 | ## the subdomain , then the full hostname will be subdomain.domain 39 | domain: '' 40 | ## specify the exact hostname as you want 41 | ## without delegating it to the automation 42 | host: '' 43 | extraHosts: [] 44 | ## .Values.route.secure 45 | ## To enable tls for host, set secure: true 46 | secure: true 47 | ## To enable tls for extraHosts, set secureExtraHosts: true 48 | secureExtraHosts: true 49 | ## .Values.route.termination 50 | ## if it's secure, you can choose the termination 51 | termination: edge 52 | ## .Values.route.annotations 53 | # annotations: 54 | # nginx.ingress.kubernetes.io/rewrite-target: /scm/$1 55 | annotations: {} 56 | ## .Values.route.path 57 | # path: /(.*) # useful when rewrite-target used 58 | path: / 59 | adminRoute: 60 | enabled: false 61 | ## domain: wildcarddomain.com 62 | ## if you specify domain, the chart will automatically calculate 63 | ## the subdomain , then the full hostname will be subdomain.domain 64 | domain: '' 65 | ## specify the exact hostname as you want 66 | ## without delegating it to the automation 67 | host: '' 68 | extraHosts: [] 69 | ## .Values.route.secure 70 | ## To enable tls for host, set secure: true 71 | secure: true 72 | ## To enable tls for extraHosts, set secureExtraHosts: true 73 | secureExtraHosts: true 74 | ## .Values.route.termination 75 | ## if it's secure, you can choose the termination 76 | termination: edge 77 | ## .Values.route.annotations 78 | # annotations: 79 | # nginx.ingress.kubernetes.io/rewrite-target: /scm/$1 80 | annotations: {} 81 | ## .Values.route.path 82 | # path: /(.*) # useful when rewrite-target used 83 | path: / 84 | 85 | ingress: 86 | enabled: false 87 | className: "" 88 | annotations: {} 89 | # kubernetes.io/ingress.class: nginx 90 | # kubernetes.io/tls-acme: "true" 91 | hosts: 92 | - host: chart-example.local 93 | paths: 94 | - path: / 95 | pathType: ImplementationSpecific 96 | tls: [] 97 | # - secretName: chart-example-tls 98 | # hosts: 99 | # - chart-example.local 100 | ### @Section Workload ######## 101 | replicaCount: 1 102 | image: 103 | registry: docker.io 104 | repository: envoyproxy/envoy 105 | pullPolicy: IfNotPresent 106 | # Overrides the image tag whose default is the chart appVersion. 107 | tag: "" 108 | 109 | imagePullSecrets: [] 110 | nameOverride: "" 111 | fullnameOverride: "" 112 | 113 | serviceAccount: 114 | # Specifies whether a service account should be created 115 | create: true 116 | # Annotations to add to the service account 117 | annotations: {} 118 | # The name of the service account to use. 119 | # If not set and create is true, a name is generated using the fullname template 120 | name: "" 121 | 122 | podAnnotations: {} 123 | 124 | podSecurityContext: {} 125 | # fsGroup: 2000 126 | 127 | securityContext: {} 128 | # capabilities: 129 | # drop: 130 | # - ALL 131 | # readOnlyRootFilesystem: true 132 | # runAsNonRoot: true 133 | # runAsUser: 1000 134 | 135 | resources: {} 136 | # We usually recommend not to specify default resources and to leave this as a conscious 137 | # choice for the user. This also increases chances charts run on environments with little 138 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 139 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 140 | # limits: 141 | # cpu: 100m 142 | # memory: 128Mi 143 | # requests: 144 | # cpu: 100m 145 | # memory: 128Mi 146 | 147 | autoscaling: 148 | enabled: false 149 | minReplicas: 1 150 | maxReplicas: 100 151 | targetCPUUtilizationPercentage: 80 152 | # targetMemoryUtilizationPercentage: 80 153 | 154 | nodeSelector: {} 155 | 156 | tolerations: [] 157 | 158 | affinity: {} 159 | --------------------------------------------------------------------------------