├── .github └── workflows │ └── release.yml ├── .gitignore ├── IndexationOutils.md ├── README.md ├── ToolsIndex.md └── charts ├── argo-cd ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── ingress.yaml │ ├── network-policy.yaml │ ├── networkpolicy-ingress.yaml │ ├── rolebinding-controller.yaml │ ├── rolebinding-server.yaml │ ├── secret-cluster.yaml │ └── secret.yaml ├── values.schema.json └── values.yaml ├── argo-workflows ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── ingress.yaml │ ├── network-policy.yaml │ ├── networkpolicy-ingress.yaml │ ├── role-binding.yaml │ ├── role.yaml │ └── serviceaccount.yaml ├── values.schema.json └── values.yaml ├── blazingsql ├── .helmignore ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── configmap-git.yaml │ ├── configmap-s3.yaml │ ├── configmap-vault.yaml │ ├── deployment.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ ├── pvc.yaml │ ├── role-binding.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── tests │ │ └── test-connection.yaml ├── values.schema.json └── values.yaml ├── cloudshell ├── .helmignore ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── configmap-git.yaml │ ├── configmap-s3.yaml │ ├── configmap-vault.yaml │ ├── delete.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ ├── role-binding-delete-job.yaml │ ├── role-binding.yaml │ ├── service.yaml │ ├── serviceaccount-delete-job.yaml │ ├── serviceaccount.yaml │ ├── statefulSet.yaml │ └── tests │ │ └── test-connection.yaml ├── values.schema.json └── values.yaml ├── dask ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ └── networkpolicy.yaml ├── values.schema.json └── values.yaml ├── data-profiler ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── configmap-s3.yaml │ ├── deployment.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ └── service.yaml ├── values.schema.json └── values.yaml ├── delta-sharing-server ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── configmap-coresite.yaml │ ├── configmap-nginx.yaml │ ├── configmap.yaml │ ├── deployment.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ └── service.yaml ├── values.schema.json └── values.yaml ├── elastic ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── discovery-secret.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ └── networkpolicy.yaml ├── values.schema.json └── values.yaml ├── fastai ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── configmap-git.yaml │ ├── configmap-s3.yaml │ ├── configmap-vault.yaml │ ├── deployment.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ ├── pvc.yaml │ ├── role-binding.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── tests │ │ └── test-connection.yaml ├── values.schema.json └── values.yaml ├── hive-metastore ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── configmap.yaml │ ├── deployment.yaml │ ├── discovery-secret.yaml │ ├── networkpolicy.yaml │ └── service.yaml ├── values.schema.json └── values.yaml ├── jena ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── deployment.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ ├── pvc.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── tests │ │ └── test-connection.yaml ├── values.schema.json └── values.yaml ├── jupyter ├── .helmignore ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── configmap-coresite.yaml │ ├── configmap-git.yaml │ ├── configmap-hive.yaml │ ├── configmap-mlflow.yaml │ ├── configmap-s3.yaml │ ├── configmap-sparkconf.yaml │ ├── configmap-vault.yaml │ ├── ingress-sparkui.yaml │ ├── ingress-user.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ ├── pvc.yaml │ ├── role-binding.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ ├── statefulset.yaml │ └── tests │ │ └── test-connection.yaml ├── values.schema.json └── values.yaml ├── kafka ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ └── discovery-secret.yaml ├── values.schema.json └── values.yaml ├── label-studio ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── deployment.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ └── service.yaml ├── values.schema.json └── values.yaml ├── lakefs ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ └── networkpolicy.yaml ├── values.schema.json └── values.yaml ├── library-chart ├── Chart.yaml └── templates │ ├── _configmaps.tpl │ ├── _ingress.tpl │ ├── _interactive_services.tpl │ ├── _labels.tpl │ ├── _names.tpl │ └── _serviceaccounts.tpl ├── mariadb ├── Chart.yaml ├── templates │ ├── NOTES.txt │ └── discovery-secret.yaml ├── values.schema.json └── values.yaml ├── mlflow ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── configmap-s3.yaml │ ├── deployment.yaml │ ├── discovery-secret.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ └── service.yaml ├── values.schema.json └── values.yaml ├── mongodb ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── discovery-secret.yaml │ └── networkpolicy.yaml ├── values.schema.json └── values.yaml ├── neo4j ├── .helmignore ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── deployment.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ ├── pvc.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── tests │ │ └── test-connection.yaml ├── values.schema.json └── values.yaml ├── nocodb ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── deployment.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ ├── pvc.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── tests │ │ └── test-connection.yaml ├── values.schema.json └── values.yaml ├── openrefine ├── .helmignore ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── deployment.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ ├── pvc.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── tests │ │ └── test-connection.yaml ├── values.schema.json └── values.yaml ├── pgadmin ├── .helmignore ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── configmap.yaml │ ├── deployment.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── tests │ │ └── test-connection.yaml ├── values.schema.json └── values.yaml ├── pinot ├── .helmignore ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ └── ingress.yaml ├── values.schema.json └── values.yaml ├── postgresql ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── configmap-init.yaml │ ├── discovery-secret.yaml │ └── networkpolicy.yaml ├── values.schema.json └── values.yaml ├── rapidsai ├── .helmignore ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── configmap-coresite.yaml │ ├── configmap-git.yaml │ ├── configmap-hive.yaml │ ├── configmap-s3.yaml │ ├── configmap-sparkconf.yaml │ ├── configmap-vault.yaml │ ├── ingress-sparkui.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ ├── pvc.yaml │ ├── role-binding.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ ├── statefulset.yaml │ └── tests │ │ └── test-connection.yaml ├── values.schema.json └── values.yaml ├── redash ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── ingress.yaml │ └── secrets.yaml ├── values.schema.json └── values.yaml ├── rstudio ├── .helmignore ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── configmap-coresite.yaml │ ├── configmap-git.yaml │ ├── configmap-hive.yaml │ ├── configmap-s3.yaml │ ├── configmap-sparkconf.yaml │ ├── configmap-vault.yaml │ ├── ingress-sparkui.yaml │ ├── ingress-user.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ ├── pvc.yaml │ ├── role-binding.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ ├── statefulset.yaml │ └── tests │ │ └── test-connection.yaml ├── values.schema.json └── values.yaml ├── spark-history ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── configmap-coresite.yaml │ ├── configmap-s3.yaml │ ├── deployment.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ ├── role-binding.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── tests │ │ └── test-connection.yaml ├── values.schema.json └── values.yaml ├── spark-thrift-server ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── configmap-coresite.yaml │ ├── configmap-hive.yaml │ ├── configmap-s3.yaml │ ├── configmap-sparkconf.yaml │ ├── discovery-secret.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ ├── role-binding.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── statefulset.yaml ├── values.schema.json └── values.yaml ├── superset ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── _discovery.tpl │ └── ingress.yaml ├── values.schema.json └── values.yaml ├── tensorflow ├── .helmignore ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── configmap-git.yaml │ ├── configmap-s3.yaml │ ├── configmap-vault.yaml │ ├── deployment.yaml │ ├── ingress-tensorboard.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ ├── pvc.yaml │ ├── role-binding.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── tests │ │ └── test-connection.yaml ├── values.schema.json └── values.yaml ├── trino ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── configmap-catalog.yaml │ ├── configmap-coordinator.yaml │ ├── configmap-hdfs.yaml │ ├── configmap-worker.yaml │ ├── deployment-coordinator.yaml │ ├── deployment-worker.yaml │ ├── discovery-secret.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ └── service.yaml ├── values.schema.json └── values.yaml ├── ubuntu ├── .helmignore ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── deployment.yaml │ ├── ingress-user.yaml │ ├── ingress.yaml │ ├── networkpolicy-ingress.yaml │ ├── networkpolicy.yaml │ ├── pvc.yaml │ ├── role-binding.yaml │ ├── secret-git.yaml │ ├── secret-s3.yaml │ ├── secret-vault.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── tests │ │ └── test-connection.yaml ├── values.schema.json └── values.yaml └── vscode ├── .helmignore ├── Chart.yaml ├── templates ├── NOTES.txt ├── configmap-git.yaml ├── configmap-s3.yaml ├── configmap-vault.yaml ├── deployment.yaml ├── ingress-user.yaml ├── ingress.yaml ├── networkpolicy-ingress.yaml ├── networkpolicy.yaml ├── pvc.yaml ├── role-binding.yaml ├── service.yaml ├── serviceaccount.yaml └── tests │ └── test-connection.yaml ├── values.schema.json └── values.yaml /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Release Charts 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | release: 10 | # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions 11 | # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token 12 | permissions: 13 | contents: write 14 | runs-on: ubuntu-latest 15 | steps: 16 | - name: Checkout 17 | uses: actions/checkout@v2 18 | with: 19 | fetch-depth: 0 20 | 21 | - name: Configure Git 22 | run: | 23 | git config user.name "$GITHUB_ACTOR" 24 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 25 | - name: Install Helm 26 | uses: azure/setup-helm@v1 27 | with: 28 | version: v3.8.1 29 | 30 | - name: Run chart-releaser 31 | uses: helm/chart-releaser-action@v1.4.0 32 | env: 33 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 34 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.tgz 2 | index.yaml 3 | Chart.lock 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Helm charts Datascience (Deprecated) 2 | 3 | There are some news catalogs you must use with Onyxia : 4 | - [Interactives services](https://github.com/InseeFrLab/helm-charts-datascience-internal) 5 | - [Databases](https://github.com/InseeFrLab/helm-charts-databases) 6 | - [Automation](https://github.com/InseeFrLab/helm-charts-automation) 7 | 8 | This repository will be archived 9 | 10 | 11 | 12 | 13 | 14 | 15 | This collection of Helm Charts is tailored for datascientists ! 16 | It is primarly designed to work with [Onyxia](https://github.com/inseefrlab/onyxia) but also works as a standalone Helm repository. 17 | See the other repository ([Helm charts](https://github.com/inseefrlab/helm-charts)) for infrastructure focused charts. 18 | 19 | To use the repo on helm (version 3+) : 20 | ``` 21 | helm repo add inseefrlab-datascience https://inseefrlab.github.io/helm-charts-datascience 22 | ``` 23 | 24 | The repo is also browsable directly https://inseefrlab.github.io/helm-charts-datascience/index.yaml 25 | 26 | Contributions are welcome, feel free to open issues or submit pull requests :) 27 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | - Your username is : **admin** 5 | - Your password is : **{{ .Values.secret.password }}** 6 | 7 | *NOTES about deletion :* 8 | 9 | - **You can safely delete this chart and recreate one later** 10 | - The running apps managed by argo-cd will keep running 11 | - The description of the runnings apps managed by argo-cd will be persist inside the kubernetes store (etcd) 12 | - Only change on the remote gitops repository will not be sync to your runnings apps. -------------------------------------------------------------------------------- /charts/argo-cd/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Create argocd server name and version as used by the chart label. 3 | */}} 4 | {{- define "argo.server.fullname" -}} 5 | {{- printf "%s-%s" (include "library-chart.fullname" .) (index .Values "argo-cd" "server" "name") | trunc 63 | trimSuffix "-" -}} 6 | {{- end -}} 7 | 8 | {{/* 9 | Create controller name and version as used by the chart label. 10 | */}} 11 | {{- define "argo.controller.fullname" -}} 12 | {{- printf "%s-%s" (include "library-chart.fullname" .) (index .Values "argo-cd" "controller" "name") | trunc 63 | trimSuffix "-" -}} 13 | {{- end -}} 14 | 15 | {{/* 16 | Create the name of the controller service account to use 17 | */}} 18 | {{- define "argo.controllerServiceAccountName" -}} 19 | {{- if (index .Values "argo-cd" "controller" "serviceAccount" "create") -}} 20 | {{ default (include "argo.controller.fullname" .) (index .Values "argo-cd" "controller" "serviceAccount" "name") }} 21 | {{- else -}} 22 | {{ default "default" (index .Values "argo-cd" "controller" "serviceAccount" "name") }} 23 | {{- end -}} 24 | {{- end -}} 25 | 26 | {{/* 27 | Create the name of the ArgoCD server service account to use 28 | */}} 29 | {{- define "argo.serverServiceAccountName" -}} 30 | {{- if (index .Values "argo-cd" "server" "serviceAccount" "create") -}} 31 | {{ default (include "argo.server.fullname" .) (index .Values "argo-cd" "server" "serviceAccount" "name") }} 32 | {{- else -}} 33 | {{ default "default" (index .Values "argo-cd" "server" "serviceAccount" "name") }} 34 | {{- end -}} 35 | {{- end -}} 36 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ .Release.Name }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | annotations: 9 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 10 | spec: 11 | ingressClassName: {{ .Values.ingress.ingressClassName | quote }} 12 | {{- if .Values.ingress.tls }} 13 | tls: 14 | - hosts: 15 | - {{ .Values.ingress.hostname | quote }} 16 | {{- end }} 17 | rules: 18 | - host: {{ .Values.ingress.hostname | quote }} 19 | http: 20 | paths: 21 | - path: / 22 | pathType: Prefix 23 | backend: 24 | service: 25 | name: {{ template "argo.server.fullname" . }} 26 | port: 27 | number: {{ index .Values "argo-cd" "server" "service" "servicePortHttps"}} 28 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-cd/templates/network-policy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: {{ .Release.Name }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | spec: 9 | podSelector: 10 | matchLabels: 11 | app.kubernetes.io/instance: {{ .Release.Name }} 12 | ingress: 13 | - from: 14 | - podSelector: {} 15 | policyTypes: 16 | - Ingress 17 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-cd/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-cd/templates/rolebinding-controller.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: {{ template "argo.controller.fullname" . }}-cluster-role 5 | namespace: {{ .Release.Namespace }} 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: admin 10 | subjects: 11 | - kind: ServiceAccount 12 | name: {{ template "argo.controllerServiceAccountName" . }} 13 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /charts/argo-cd/templates/rolebinding-server.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: {{ template "argo.server.fullname" . }}-cluster-role 5 | namespace: {{ .Release.Namespace }} 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: admin 10 | subjects: 11 | - kind: ServiceAccount 12 | name: {{ template "argo.serverServiceAccountName" . }} 13 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /charts/argo-cd/templates/secret-cluster.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | type: Opaque 4 | metadata: 5 | name: {{ .Release.Name }}-cluster 6 | labels: 7 | argocd.argoproj.io/secret-type: cluster 8 | data: 9 | config: eyJ0bHNDbGllbnRDb25maWciOnsiaW5zZWN1cmUiOmZhbHNlfX0= 10 | name: aW5jbHVzdGVyCg== 11 | namespaces: {{ .Release.Namespace | b64enc }} 12 | server: {{ .Values.apiserver | b64enc }} 13 | -------------------------------------------------------------------------------- /charts/argo-workflows/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | - Your workflow must use this service account : **{{ .Values.serviceAccount.name }}** 5 | 6 | *NOTES about deletion :* 7 | 8 | - **You can safely delete this chart and recreate one later** 9 | - The description of the workflow managed by argo-workflow including logs will be persist inside the kubernetes store 10 | - Scheduled workload will not be executed after deletion -------------------------------------------------------------------------------- /charts/argo-workflows/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ .Release.Name }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | annotations: 9 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 10 | spec: 11 | ingressClassName: {{ .Values.ingress.ingressClassName | quote }} 12 | {{- if .Values.ingress.tls }} 13 | tls: 14 | - hosts: 15 | - {{ .Values.ingress.hostname | quote }} 16 | {{- end }} 17 | rules: 18 | - host: {{ .Values.ingress.hostname | quote }} 19 | http: 20 | paths: 21 | - path: / 22 | pathType: Prefix 23 | backend: 24 | service: 25 | name: {{ .Release.Name }}-server 26 | port: 27 | number: {{ index .Values "argo-workflows" "server" "servicePort" }} 28 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-workflows/templates/network-policy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: {{ .Release.Name }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | spec: 9 | podSelector: 10 | matchLabels: 11 | app.kubernetes.io/instance: {{ .Release.Name }} 12 | ingress: 13 | - from: 14 | - podSelector: {} 15 | policyTypes: 16 | - Ingress 17 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-workflows/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-workflows/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ .Values.serviceAccount.roleBinding}} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: {{ .Values.serviceAccount.role}} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ .Values.serviceAccount.name}} 15 | namespace: {{ .Release.Namespace }} 16 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-workflows/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ .Values.serviceAccount.role}} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | rules: 9 | # pod get/watch is used to identify the container IDs of the current pod 10 | # pod patch is used to annotate the step's outputs back to controller (e.g. artifact location) 11 | - apiGroups: 12 | - "" 13 | resources: 14 | - pods 15 | verbs: 16 | - get 17 | - watch 18 | - patch 19 | # logs get/watch are used to get the pods logs for script outputs, and for log archival 20 | - apiGroups: 21 | - "" 22 | resources: 23 | - pods/log 24 | verbs: 25 | - get 26 | - watch 27 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-workflows/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name}} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/argo-workflows/values.yaml: -------------------------------------------------------------------------------- 1 | ingress: 2 | enabled: true 3 | tls: true 4 | ingressClassName: "" 5 | annotations: [] 6 | # kubernetes.io/tls-acme: "true" 7 | hostname: chart-example.local 8 | # - secretName: chart-example-tls 9 | # hosts: 10 | # - chart-example.local 11 | 12 | security: 13 | allowlist: 14 | enabled: true 15 | ip: "0.0.0.0/0" 16 | networkPolicy: 17 | enabled: true 18 | from: [] 19 | 20 | serviceAccount: 21 | create: true 22 | name: workflow 23 | role: workflow 24 | roleBinding: workflow 25 | 26 | argo-workflows: 27 | createAggregateRoles: false 28 | singleNamespace: true 29 | workflow: 30 | serviceAccount: 31 | create: true # Specifies whether a service account should be created 32 | annotations: {} 33 | name: "argo-workflows" # Service account which is used to run workflows 34 | controller: 35 | workflowNamespaces: [] 36 | replicas: 1 37 | #containerRuntimeExecutor: k8sapi 38 | clusterWorkflowTemplates: 39 | enabled: false 40 | 41 | server: 42 | enabled: true 43 | clusterWorkflowTemplates: 44 | enabled: false 45 | 46 | extraArgs: 47 | #- --auth-mode=sso 48 | - --auth-mode=server 49 | 50 | ingress: 51 | enabled: false -------------------------------------------------------------------------------- /charts/blazingsql/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/blazingsql/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to this jupyter with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | - Your access token is **{{ .Values.security.password }}** 5 | {{- if .Values.persistence.enabled }} 6 | - The following path **{{ .Values.persistence.path }}** is a persistant volume with a size of **{{ .Values.persistence.size }}** 7 | {{- end }} 8 | 9 | *NOTES about deletion :* 10 | 11 | {{- if .Values.persistence.enabled }} 12 | - The volume associated with the following path **{{ .Values.persistence.path }}** will be deleted 13 | {{- end }} 14 | - So, you should save your code to an external git repository 15 | - So, You should save your data to an external data repository like S3 16 | - You can easily create a new blazingsql service, clone your code and install again some librairies you need -------------------------------------------------------------------------------- /charts/blazingsql/templates/configmap-git.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapGit" . }} -------------------------------------------------------------------------------- /charts/blazingsql/templates/configmap-s3.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapS3" . }} 2 | -------------------------------------------------------------------------------- /charts/blazingsql/templates/configmap-vault.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapVault" . }} -------------------------------------------------------------------------------- /charts/blazingsql/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.blazingsql.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/blazingsql/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/blazingsql/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/blazingsql/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | spec: 9 | accessModes: 10 | - {{ .Values.persistence.accessMode | quote }} 11 | resources: 12 | requests: 13 | storage: {{ .Values.persistence.size | quote }} 14 | {{- if .Values.persistence.storageClass }} 15 | {{- if (eq "-" .Values.persistence.storageClass) }} 16 | storageClassName: "" 17 | {{- else }} 18 | storageClassName: "{{ .Values.persistence.storageClass }}" 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/blazingsql/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | {{- if .Values.kubernetes.enabled -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ include "library-chart.serviceAccountName" . }} 7 | labels: 8 | {{- include "library-chart.labels" . | nindent 4 }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: {{ .Values.kubernetes.role}} 13 | subjects: 14 | - kind: ServiceAccount 15 | name: {{ include "library-chart.serviceAccountName" . }} 16 | namespace: {{ .Release.Namespace }} 17 | {{- end }} 18 | {{- end }} -------------------------------------------------------------------------------- /charts/blazingsql/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | {{- if .Values.networking.clusterIP }} 10 | clusterIP: {{ .Values.networking.clusterIP }} 11 | {{- end }} 12 | ports: 13 | - port: {{ .Values.networking.blazingsql.port }} 14 | targetPort: http 15 | protocol: TCP 16 | name: http 17 | selector: 18 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 19 | -------------------------------------------------------------------------------- /charts/blazingsql/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/blazingsql/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "library-chart.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "library-chart.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/cloudshell/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/cloudshell/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cloudshell 3 | description: Datalab shell (ubuntu with webssh) 4 | icon: https://minio.lab.sspcloud.fr/projet-onyxia/assets/servicesImg/Onyxia.png 5 | keyworks: 6 | - Shell 7 | home: https://datalab.sspcloud.fr 8 | sources: 9 | - https://github.com/InseeFrLab/shelly 10 | - https://github.com/InseeFrLab/helm-charts-datascience/tree/master/charts/cloudshell 11 | # A chart can be either an 'application' or a 'library' chart. 12 | # 13 | # Application charts are a collection of templates that can be packaged into versioned archives 14 | # to be deployed. 15 | # 16 | # Library charts provide useful utilities or functions for the chart developer. They're included as 17 | # a dependency of application charts to inject those utilities and functions into the rendering 18 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 19 | type: application 20 | 21 | # This is the chart version. This version number should be incremented each time you make changes 22 | # to the chart and its templates, including the app version. 23 | version: 4.3.0 24 | 25 | # This is the version number of the application being deployed. This version number should be 26 | # incremented each time you make changes to the application. 27 | appVersion: latest 28 | 29 | dependencies: 30 | - name: library-chart 31 | version: 2.0.20 32 | repository: https://inseefrlab.github.io/helm-charts-datascience 33 | -------------------------------------------------------------------------------- /charts/cloudshell/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to this cloudshell with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | {{- if .Values.persistence.enabled }} 5 | - The following path **{{ .Values.persistence.mountPath }}** is a persistant volume with a size of **{{ .Values.persistence.size }}** 6 | {{- end }} 7 | - Only one instance of {{ .Chart.Name }} can be started in a project. 8 | 9 | *NOTES about deletion :* 10 | 11 | - **You can safely delete this chart and recreate one later** 12 | {{- if .Values.persistence.enabled }} 13 | - The volume associated with the following path **{{ .Values.persistence.mountPath }}** will be not be deleted 14 | - If you start a cloudshell, it will reuse this volume silently. 15 | - If you want to delete this volume definitily : `kubectl delete pvc data-{{ include "library-chart.fullname" . }}-0` 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/cloudshell/templates/configmap-git.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapGit" . }} 2 | -------------------------------------------------------------------------------- /charts/cloudshell/templates/configmap-s3.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapS3" . }} 2 | -------------------------------------------------------------------------------- /charts/cloudshell/templates/configmap-vault.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapVault" . }} 2 | -------------------------------------------------------------------------------- /charts/cloudshell/templates/delete.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.deleteJob.enabled }} 2 | apiVersion: batch/v1 3 | kind: CronJob 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | schedule: {{ .Values.deleteJob.schedule }} 8 | jobTemplate: 9 | spec: 10 | template: 11 | spec: 12 | serviceAccountName: {{ include "library-chart.serviceAccountName" . }}-delete 13 | containers: 14 | - name: delete 15 | image: inseefrlab/ubuntu-vnc 16 | imagePullPolicy: IfNotPresent 17 | command: 18 | - /bin/sh 19 | - -c 20 | - helm delete {{ .Release.Name }} 21 | restartPolicy: OnFailure 22 | {{- end }} -------------------------------------------------------------------------------- /charts/cloudshell/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.cloudshell.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | ingressClassName: {{ .Values.ingress.ingressClassName | quote }} 14 | {{- if .Values.ingress.tls }} 15 | tls: 16 | - hosts: 17 | - {{ .Values.ingress.hostname | quote }} 18 | {{- end }} 19 | rules: 20 | - host: {{ .Values.ingress.hostname | quote }} 21 | http: 22 | paths: 23 | - path: / 24 | pathType: Prefix 25 | backend: 26 | service: 27 | name: {{ $fullName }} 28 | port: 29 | number: {{ $svcPort }} 30 | {{- end }} -------------------------------------------------------------------------------- /charts/cloudshell/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/cloudshell/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/cloudshell/templates/role-binding-delete-job.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.deleteJob.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }}-delete 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: admin 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ include "library-chart.serviceAccountName" . }}-delete 15 | namespace: {{ .Release.Namespace }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/cloudshell/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | {{- if .Values.kubernetes.enable -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ include "library-chart.serviceAccountName" . }} 7 | labels: 8 | {{- include "library-chart.labels" . | nindent 4 }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: {{ .Values.kubernetes.role}} 13 | subjects: 14 | - kind: ServiceAccount 15 | name: {{ include "library-chart.serviceAccountName" . }} 16 | namespace: {{ .Release.Namespace }} 17 | {{- end }} 18 | {{- end }} -------------------------------------------------------------------------------- /charts/cloudshell/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | ports: 10 | - port: {{ .Values.networking.cloudshell.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /charts/cloudshell/templates/serviceaccount-delete-job.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.deleteJob.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }}-delete 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/cloudshell/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/cloudshell/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "library-chart.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "library-chart.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/dask/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to the dask dashboard with your browser on this [link](https://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | - You can connect to the scheduler : 5 | ``` 6 | from dask.distributed import Client 7 | client = Client('{{ template "library-chart.fullname" . }}-scheduler:8786') 8 | ``` 9 | 10 | *NOTES about deletion :* 11 | 12 | - **You can safely delete this chart and recreate one later** 13 | -------------------------------------------------------------------------------- /charts/dask/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $svcPort := .Values.dask.webUI.servicePort -}} 3 | apiVersion: networking.k8s.io/v1 4 | kind: Ingress 5 | metadata: 6 | name: {{ .Release.Name }} 7 | labels: 8 | app: {{ template "library-chart.fullname" . }}-scheduler 9 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 10 | release: "{{ .Release.Name }}" 11 | heritage: "{{ .Release.Service }}" 12 | annotations: 13 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 14 | spec: 15 | {{- if .Values.ingress.tls }} 16 | tls: 17 | - hosts: 18 | - {{ .Values.ingress.hostname | quote }} 19 | {{- end }} 20 | rules: 21 | - host: {{ .Values.ingress.hostname | quote }} 22 | http: 23 | paths: 24 | - path: / 25 | pathType: Prefix 26 | backend: 27 | service: 28 | name: {{ template "library-chart.fullname" . }}-scheduler 29 | port: 30 | number: {{ $svcPort }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /charts/dask/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | release: {{ .Release.Name | quote }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/dask/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | release: {{ .Release.Name | quote }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/dask/values.yaml: -------------------------------------------------------------------------------- 1 | dask: 2 | scheduler: 3 | image: 4 | repository: "inseefrlab/rapidsai" 5 | tag: "latest" 6 | resources: 7 | limits: 8 | cpu: 1.8 9 | memory: 6G 10 | requests: 11 | cpu: 1.8 12 | memory: 6G 13 | worker: 14 | image: 15 | repository: "inseefrlab/rapidsai" 16 | tag: "latest" 17 | dask_worker: "dask-worker" 18 | replicas: 3 # Number of workers. 19 | resources: 20 | limits: 21 | cpu: 1 22 | memory: 6G 23 | requests: 24 | cpu: 1 25 | memory: 6G 26 | webUI: 27 | ingress: 28 | enabled: false 29 | jupyter: 30 | enabled: false 31 | 32 | security: 33 | allowlist: 34 | enabled: true 35 | ip: "0.0.0.0/0" 36 | networkPolicy: 37 | enabled: true 38 | from: [] 39 | 40 | ingress: 41 | enabled: true 42 | tls: true 43 | annotations: 44 | kubernetes.io/ingress.class: nginx 45 | # kubernetes.io/tls-acme: "true" 46 | hostname: chart-example.local 47 | # - secretName: chart-example-tls 48 | # hosts: 49 | # - chart-example.local -------------------------------------------------------------------------------- /charts/data-profiler/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: data-profiler 3 | description: data-profiler uses pandas data profiling package to generate a report of your dataset. 4 | icon: https://minio.lab.sspcloud.fr/projet-onyxia/assets/servicesImg/data-profiler.png 5 | keyworks: 6 | - BI 7 | home: https://datalab.sspcloud.fr/ 8 | sources: 9 | - https://github.com/InseeFrLab/data-profiler 10 | - https://github.com/InseeFrLab/helm-charts-datascience/tree/master/charts/data-profiler 11 | # A chart can be either an 'application' or a 'library' chart. 12 | # 13 | # Application charts are a collection of templates that can be packaged into versioned archives 14 | # to be deployed. 15 | # 16 | # Library charts provide useful utilities or functions for the chart developer. They're included as 17 | # a dependency of application charts to inject those utilities and functions into the rendering 18 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 19 | type: application 20 | 21 | # This is the chart version. This version number should be incremented each time you make changes 22 | # to the chart and its templates, including the app version. 23 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 24 | version: 0.2.0 25 | 26 | # This is the version number of the application being deployed. This version number should be 27 | # incremented each time you make changes to the application. Versions are not expected to 28 | # follow Semantic Versioning. They should reflect the version the application is using. 29 | appVersion: 1 30 | dependencies: 31 | - name: library-chart 32 | version: 2.0.20 33 | repository: https://inseefrlab.github.io/helm-charts-datascience -------------------------------------------------------------------------------- /charts/data-profiler/templates/NOTES.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/InseeFrLab/helm-charts-datascience/cb01026ddc100124628233e40f64d22819ec9d8e/charts/data-profiler/templates/NOTES.txt -------------------------------------------------------------------------------- /charts/data-profiler/templates/configmap-s3.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapS3" . }} -------------------------------------------------------------------------------- /charts/data-profiler/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/data-profiler/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/data-profiler/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/data-profiler/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | {{- if .Values.networking.clusterIP }} 10 | clusterIP: {{ .Values.networking.clusterIP }} 11 | {{- end }} 12 | ports: 13 | - port: {{ .Values.networking.port }} 14 | targetPort: http 15 | protocol: TCP 16 | name: http 17 | selector: 18 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 19 | -------------------------------------------------------------------------------- /charts/delta-sharing-server/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - Start annotate with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | -------------------------------------------------------------------------------- /charts/delta-sharing-server/templates/configmap-coresite.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapCoreSite" . }} -------------------------------------------------------------------------------- /charts/delta-sharing-server/templates/configmap-nginx.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.sidecar.proxy.subrequest.enabled -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }}-nginx 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | data: 9 | nginx.conf: | 10 | error_log /dev/stdout info; 11 | events { 12 | worker_connections 4096; 13 | } 14 | 15 | http { 16 | 17 | server { 18 | listen 80; 19 | 20 | location / { 21 | auth_request /auth; 22 | auth_request_set $auth_status $upstream_status; 23 | proxy_pass http://localhost:8080; 24 | } 25 | 26 | location = /auth { 27 | internal; 28 | proxy_pass {{ .Values.sidecar.proxy.subrequest.authService }}; 29 | proxy_pass_request_body off; 30 | proxy_set_header Content-Length ""; 31 | proxy_set_header X-Original-URI $request_uri; 32 | proxy_set_header Authorization $http_authorization; 33 | } 34 | } 35 | } 36 | {{- end -}} -------------------------------------------------------------------------------- /charts/delta-sharing-server/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/delta-sharing-server/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/delta-sharing-server/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/delta-sharing-server/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | ports: 10 | - port: {{ .Values.networking.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /charts/elastic/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- $pvcList := list }} 2 | {{- $replicas := int .Values.elasticsearch.replicas }} 3 | {{- range $e, $i := until $replicas }} 4 | {{- $pvcList = append $pvcList (printf "%s-%s-%d" "elasticsearch-master" "elasticsearch-master" $i) }} 5 | {{- end }} 6 | {{- if .Values.ingress.enabled }} 7 | - You can connect to the kibana with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 8 | {{- end }} 9 | - You connect to elastic from inside the datalab at this url : **http://elasticsearch-master:{{ .Values.elasticsearch.httpPort }}** 10 | - Each of the {{ .Values.elasticsearch.replicas }} nodes has a persistent volume with a size of **{{ .Values.elasticsearch.volumeClaimTemplate.resources.requests.storage }}** 11 | - Only one cluster of {{ .Chart.Name }} can be started in a project 12 | 13 | *NOTES about deletion :* 14 | 15 | - **You can safely delete this chart and recreate one later** 16 | - Data volumes will not be deleted 17 | - If you start a new {{ .Chart.Name }}, it will reuse those volumes silently. 18 | - If you want to delete those volume definitily : `kubectl delete pvc {{ join " " $pvcList }}` 19 | 20 | -------------------------------------------------------------------------------- /charts/elastic/templates/discovery-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.elasticsearch.discoverable.allow }} 2 | {{- $fullname := .Chart.Name | default "elasticOverrideFullname" }} 3 | {{- $secretName := printf "%s-%s" "discoverable" $fullname -}} 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ $secretName }} 8 | annotations: 9 | onyxia/discovery: "elastic" 10 | type: Opaque 11 | data: 12 | elastic-service: {{ "elasticsearch-master" | b64enc | quote }} 13 | elastic-port: {{ .Values.elasticsearch.httpPort | toString | default ".Values.elasticsearch.httpPort" | b64enc | quote }} 14 | elastic-name: {{ printf "%s" $fullname | b64enc | quote }} 15 | {{- end -}} -------------------------------------------------------------------------------- /charts/elastic/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $svcPort := .Values.kibana.service.port -}} 3 | apiVersion: networking.k8s.io/v1 4 | kind: Ingress 5 | metadata: 6 | name: {{ .Release.Name }}-kibana 7 | labels: 8 | {{- include "library-chart.labels" . | nindent 4 }} 9 | annotations: 10 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 11 | spec: 12 | {{- if .Values.ingress.tls }} 13 | tls: 14 | - hosts: 15 | - {{ .Values.ingress.hostname | quote }} 16 | {{- end }} 17 | rules: 18 | - host: {{ .Values.ingress.hostname | quote }} 19 | http: 20 | paths: 21 | - path: / 22 | pathType: Prefix 23 | backend: 24 | service: 25 | name: {{ .Release.Name }}-kibana 26 | port: 27 | number: {{ $svcPort }} 28 | {{- end }} -------------------------------------------------------------------------------- /charts/elastic/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | release: {{ .Release.Name | quote }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/elastic/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | release: {{ .Release.Name | quote }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/elastic/values.yaml: -------------------------------------------------------------------------------- 1 | elasticsearch: 2 | image: elasticsearch 3 | esJavaOpts: -Xmx8g -Xms8g 4 | replicas: 3 5 | resources: 6 | limits: 7 | memory: 10Gi 8 | requests: 9 | memory: 10Gi 10 | sysctlInitContainer: 11 | enabled: false 12 | volumeClaimTemplate: 13 | accessModes: ["ReadWriteOnce"] 14 | resources: 15 | requests: 16 | storage: 30Gi 17 | discoverable: 18 | allow: true 19 | 20 | kibana: 21 | image: kibana 22 | 23 | ingress: 24 | enabled: true 25 | tls: true 26 | annotations: 27 | kubernetes.io/ingress.class: nginx 28 | # kubernetes.io/tls-acme: "true" 29 | hostname: chart-example.local 30 | # - secretName: chart-example-tls 31 | # hosts: 32 | # - chart-example.local 33 | security: 34 | allowlist: 35 | enabled: true 36 | ip: "0.0.0.0/0" 37 | networkPolicy: 38 | enabled: true 39 | from: 40 | - ipBlock: 41 | cidr: 10.233.103.0/32 42 | - ipBlock: 43 | cidr: 10.233.111.0/32 -------------------------------------------------------------------------------- /charts/fastai/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to this jupyter with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | - Your access token is **{{ .Values.security.password }}** 5 | {{- if .Values.persistence.enabled }} 6 | - The following path **{{ .Values.persistence.mountPath }}** is a persistant volume with a size of **{{ .Values.persistence.size }}** 7 | {{- end }} 8 | 9 | *NOTES about deletion :* 10 | 11 | {{- if .Values.persistence.enabled }} 12 | - The volume associated with the following path **{{ .Values.persistence.mountPath }}** will be deleted 13 | {{- end }} 14 | - So, you should save your code to an external git repository 15 | - So, You should save your data to an external data repository like S3 16 | - You can easily create a new {{ .Chart.Name }} service, clone your code and install again some librairies you need -------------------------------------------------------------------------------- /charts/fastai/templates/configmap-git.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapGit" . }} 2 | -------------------------------------------------------------------------------- /charts/fastai/templates/configmap-s3.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapS3" . }} 2 | -------------------------------------------------------------------------------- /charts/fastai/templates/configmap-vault.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapVault" . }} 2 | -------------------------------------------------------------------------------- /charts/fastai/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.fastai.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/fastai/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/fastai/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/fastai/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | spec: 9 | accessModes: 10 | - {{ .Values.persistence.accessMode | quote }} 11 | resources: 12 | requests: 13 | storage: {{ .Values.persistence.size | quote }} 14 | {{- if .Values.persistence.storageClass }} 15 | {{- if (eq "-" .Values.persistence.storageClass) }} 16 | storageClassName: "" 17 | {{- else }} 18 | storageClassName: "{{ .Values.persistence.storageClass }}" 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/fastai/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | {{- if .Values.kubernetes.enabled -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ include "library-chart.serviceAccountName" . }} 7 | labels: 8 | {{- include "library-chart.labels" . | nindent 4 }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: {{ .Values.kubernetes.role}} 13 | subjects: 14 | - kind: ServiceAccount 15 | name: {{ include "library-chart.serviceAccountName" . }} 16 | namespace: {{ .Release.Namespace }} 17 | {{- end }} 18 | {{- end }} -------------------------------------------------------------------------------- /charts/fastai/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | {{- if .Values.networking.clusterIP }} 10 | clusterIP: {{ .Values.networking.clusterIP }} 11 | {{- end }} 12 | ports: 13 | - port: {{ .Values.networking.fastai.port }} 14 | targetPort: http 15 | protocol: TCP 16 | name: http 17 | selector: 18 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 19 | -------------------------------------------------------------------------------- /charts/fastai/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/fastai/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "library-chart.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "library-chart.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/hive-metastore/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | - The default path for the internal tables is : **{{ .Values.service.warehouseDir }}** 2 | - This service is only available from inside the datalab. 3 | - The url is : **thrift://{{ include "library-chart.fullname" . }}:9083** 4 | - Some other services discover this url automatically and a config file is written. 5 | ![hive](https://minio.lab.sspcloud.fr/projet-onyxia/assets/servicesImg/hive-discovery.png) 6 | - Only one instance of {{ .Chart.Name }} can be started in a project 7 | 8 | *NOTES about deletion :* 9 | 10 | - **You can safely delete this chart and recreate one later** 11 | - Data volumes in the associated postgresql will not be deleted 12 | - If you start a new {{ .Chart.Name }}, it will reuse this volume silently. 13 | - If you want to delete this volume definitily : `kubectl delete pvc data-{{ .Values.postgresql.fullnameOverride }}-0` 14 | -------------------------------------------------------------------------------- /charts/hive-metastore/templates/discovery-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.discoverable.allow }} 2 | {{- $fullname := (include "library-chart.fullname" .) -}} 3 | {{- $secretName := printf "%s-%s" "discoverable" $fullname -}} 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ $secretName }} 8 | annotations: 9 | onyxia/discovery: "hive" 10 | type: Opaque 11 | data: 12 | hive-service: {{ (include "library-chart.fullname" .) | b64enc | quote }} 13 | hive-endpoint: {{ .Values.s3.endpoint | default ".Values.s3.endpoint" | b64enc | quote }} 14 | {{- end -}} -------------------------------------------------------------------------------- /charts/hive-metastore/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/hive-metastore/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | {{- if .Values.networking.clusterIP }} 10 | clusterIP: {{ .Values.networking.clusterIP }} 11 | {{- end }} 12 | ports: 13 | - port: {{ .Values.networking.port }} 14 | targetPort: thrift 15 | protocol: TCP 16 | name: thrift 17 | selector: 18 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 19 | -------------------------------------------------------------------------------- /charts/jena/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: jena 3 | description: Apache Jena Fuseki is a SPARQL server. 4 | icon: https://minio.lab.sspcloud.fr/projet-onyxia/assets/servicesImg/jena.png 5 | keyworks: 6 | - RDF 7 | - Triplestore 8 | - Linked Data 9 | home: https://jena.apache.org/jena 10 | sources: 11 | - https://github.com/InseeFrLab/helm-charts-datascience/tree/master/charts/jena 12 | - https://github.com/stain/jena-docker 13 | # A chart can be either an 'application' or a 'library' chart. 14 | # 15 | # Application charts are a collection of templates that can be packaged into versioned archives 16 | # to be deployed. 17 | # 18 | # Library charts provide useful utilities or functions for the chart developer. They're included as 19 | # a dependency of application charts to inject those utilities and functions into the rendering 20 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 21 | type: application 22 | 23 | # This is the chart version. This version number should be incremented each time you make changes 24 | # to the chart and its templates, including the app version. 25 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 26 | version: 3.1.0 27 | 28 | # This is the version number of the application being deployed. This version number should be 29 | # incremented each time you make changes to the application. Versions are not expected to 30 | # follow Semantic Versioning. They should reflect the version the application is using. 31 | appVersion: latest 32 | 33 | dependencies: 34 | - name: library-chart 35 | version: 2.0.20 36 | repository: https://inseefrlab.github.io/helm-charts-datascience -------------------------------------------------------------------------------- /charts/jena/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to Jena with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | - The login is **admin** 5 | - The password is **{{ .Values.security.password }}** 6 | 7 | *NOTES about deletion :* 8 | 9 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 10 | - The volume associated with the following path **{{ .Values.persistence.mountPath }}** will be deleted 11 | - So, you will lose your data 12 | {{- end }} 13 | {{- if .Values.persistence.existingClaim }} 14 | - **You can safely delete this chart and recreate one later** 15 | - The volume associated with the following path **{{ .Values.persistence.mountPath }}** will not be deleted 16 | {{- end }} -------------------------------------------------------------------------------- /charts/jena/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.jena.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/jena/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/jena/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/jena/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | spec: 9 | accessModes: 10 | - {{ .Values.persistence.accessMode | quote }} 11 | resources: 12 | requests: 13 | storage: {{ .Values.persistence.size | quote }} 14 | {{- if .Values.persistence.storageClass }} 15 | {{- if (eq "-" .Values.persistence.storageClass) }} 16 | storageClassName: "" 17 | {{- else }} 18 | storageClassName: "{{ .Values.persistence.storageClass }}" 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/jena/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | ports: 10 | - port: {{ .Values.networking.jena.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /charts/jena/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/jena/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "library-chart.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "library-chart.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/jupyter/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/jupyter/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to this jupyter with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | {{- if .Values.spark.sparkui }} 5 | - When the spark driver is running, you can connect to the spark-ui with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.sparkHostname }}) 6 | {{- end }} 7 | - Your access token is **{{ .Values.security.password }}** 8 | 9 | {{- if .Values.ingress.enabled }} 10 | {{- if .Values.networking.user.enabled }} 11 | - You can connect to your custom port on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.userHostname }}) 12 | If you don't run your custom service you will get a 502 bad gateway error. 13 | {{- end }} 14 | {{- end }} 15 | 16 | *NOTES about deletion :* 17 | 18 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 19 | - The volume associated with the following path **{{ .Values.persistence.mountPath }}** will be deleted 20 | - So, you should save your code to an external git repository 21 | - So, You should save your data to an external data repository like S3 22 | - You can easily create a new {{ .Chart.Name }} service, clone your code and install again some librairies you need 23 | {{- end }} -------------------------------------------------------------------------------- /charts/jupyter/templates/configmap-coresite.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapCoreSite" . }} -------------------------------------------------------------------------------- /charts/jupyter/templates/configmap-git.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapGit" . }} -------------------------------------------------------------------------------- /charts/jupyter/templates/configmap-hive.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapHive" . }} -------------------------------------------------------------------------------- /charts/jupyter/templates/configmap-mlflow.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapMLFlow" . }} -------------------------------------------------------------------------------- /charts/jupyter/templates/configmap-s3.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapS3" . }} -------------------------------------------------------------------------------- /charts/jupyter/templates/configmap-sparkconf.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapSparkConf" . }} -------------------------------------------------------------------------------- /charts/jupyter/templates/configmap-vault.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapVault" . }} -------------------------------------------------------------------------------- /charts/jupyter/templates/ingress-sparkui.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- if .Values.spark.sparkui -}} 3 | {{- $fullName := include "library-chart.fullname" . -}} 4 | {{- $svcPort := .Values.networking.sparkui.port -}} 5 | apiVersion: networking.k8s.io/v1 6 | kind: Ingress 7 | metadata: 8 | name: {{ $fullName }}-sparkui 9 | labels: 10 | {{- include "library-chart.labels" . | nindent 4 }} 11 | annotations: 12 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 13 | spec: 14 | {{- if .Values.ingress.tls }} 15 | tls: 16 | - hosts: 17 | - {{ .Values.ingress.sparkHostname | quote }} 18 | {{- end }} 19 | rules: 20 | - host: {{ .Values.ingress.sparkHostname | quote }} 21 | http: 22 | paths: 23 | - path: / 24 | pathType: Prefix 25 | backend: 26 | service: 27 | name: {{ $fullName }} 28 | port: 29 | number: {{ $svcPort }} 30 | {{- end }} 31 | {{- end }} -------------------------------------------------------------------------------- /charts/jupyter/templates/ingress-user.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{ if .Values.networking.user.enabled }} 3 | {{- $fullName := include "library-chart.fullname" . -}} 4 | {{- $svcPort := .Values.networking.user.port -}} 5 | apiVersion: networking.k8s.io/v1 6 | kind: Ingress 7 | metadata: 8 | name: {{ $fullName }}-user 9 | labels: 10 | {{- include "library-chart.labels" . | nindent 4 }} 11 | annotations: 12 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 13 | spec: 14 | {{- if .Values.ingress.tls }} 15 | tls: 16 | - hosts: 17 | - {{ .Values.ingress.userHostname | quote }} 18 | {{- end }} 19 | rules: 20 | - host: {{ .Values.ingress.userHostname | quote }} 21 | http: 22 | paths: 23 | - path: / 24 | pathType: Prefix 25 | backend: 26 | service: 27 | name: {{ $fullName }} 28 | port: 29 | number: {{ $svcPort }} 30 | {{- end }} 31 | {{- end }} -------------------------------------------------------------------------------- /charts/jupyter/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.jupyter.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }}-ui 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/jupyter/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/jupyter/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/jupyter/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | spec: 9 | accessModes: 10 | - {{ .Values.persistence.accessMode | quote }} 11 | resources: 12 | requests: 13 | storage: {{ .Values.persistence.size | quote }} 14 | {{- if .Values.persistence.storageClass }} 15 | {{- if (eq "-" .Values.persistence.storageClass) }} 16 | storageClassName: "" 17 | {{- else }} 18 | storageClassName: "{{ .Values.persistence.storageClass }}" 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/jupyter/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | {{- if .Values.kubernetes.enabled -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ include "library-chart.serviceAccountName" . }} 7 | labels: 8 | {{- include "library-chart.labels" . | nindent 4 }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: {{ .Values.kubernetes.role}} 13 | subjects: 14 | - kind: ServiceAccount 15 | name: {{ include "library-chart.serviceAccountName" . }} 16 | namespace: {{ .Release.Namespace }} 17 | {{- end }} 18 | {{- end }} -------------------------------------------------------------------------------- /charts/jupyter/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | {{- if .Values.networking.clusterIP }} 10 | clusterIP: {{ .Values.networking.clusterIP }} 11 | {{- end }} 12 | ports: 13 | - port: {{ .Values.networking.jupyter.port }} 14 | targetPort: http 15 | protocol: TCP 16 | name: http 17 | {{- if .Values.spark.sparkui }} 18 | - port: {{ .Values.networking.sparkui.port }} 19 | targetPort: 4040 20 | protocol: TCP 21 | name: sparkui 22 | {{- end }} 23 | {{ if .Values.networking.user.enabled }} 24 | - port: {{ .Values.networking.user.port }} 25 | targetPort: {{ .Values.networking.user.port }} 26 | protocol: TCP 27 | name: user 28 | {{- end }} 29 | selector: 30 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 31 | -------------------------------------------------------------------------------- /charts/jupyter/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/jupyter/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "library-chart.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "library-chart.fullname" . }}:{{ .Values.networking.jupyter.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/kafka/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- $replicaCount := int .Values.kafka.replicaCount }} 2 | {{- $portNumber := int .Values.kafka.service.port }} 3 | {{- $fullname := include "library-chart.fullname" . }} 4 | {{- $pvcList := list }} 5 | {{- $kafkaList := list }} 6 | {{- range $e, $i := until $replicaCount }} 7 | {{- $pvcList = append $pvcList (printf "data-%s-%d" $fullname $i) }} 8 | {{- $kafkaList = append $kafkaList (printf "%s-%d.%s-headless:%d" $fullname $i $fullname $portNumber) }} 9 | {{- end }} 10 | - You can connect to this kafka only within the cluster itself. 11 | - the connection string is : 12 | ``` 13 | **{{ (include "kafkaList" .)}}** 14 | ``` 15 | - example for producer python : 16 | 17 | ``` 18 | from confluent_kafka import Producer 19 | import socket 20 | 21 | conf = {'bootstrap.servers': "{{ (include "kafkaList" .) }}", 22 | 'client.id': socket.gethostname()} 23 | 24 | producer = Producer(conf) 25 | ``` 26 | 27 | *NOTES about deletion :* 28 | 29 | - **You can safely delete this chart and recreate one later** 30 | - Data volumes will not be deleted 31 | - If you start a new {{ .Chart.Name }}, it will reuse those volumes silently. 32 | - If you want to delete those volume definitily : `kubectl delete pvc {{ join " " $pvcList }}` -------------------------------------------------------------------------------- /charts/kafka/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{- define "kafkaList" -}} 2 | {{- $replicaCount := int .Values.kafka.replicaCount }} 3 | {{- $portNumber := int .Values.kafka.service.port }} 4 | {{- $fullname := include "library-chart.fullname" . }} 5 | {{- $kafkaList := list }} 6 | {{- range $e, $i := until $replicaCount }} 7 | {{- $kafkaList = append $kafkaList (printf "%s-%d.%s-headless:%d" $fullname $i $fullname $portNumber) }} 8 | {{- end }} 9 | {{- printf "%s" (join "," $kafkaList) -}} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /charts/kafka/templates/discovery-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.kafka.discoverable.allow }} 2 | {{- $fullname := include "common.names.fullname" . }} 3 | {{- $secretName := printf "%s-%s" "discoverable" $fullname -}} 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ $secretName }} 8 | annotations: 9 | onyxia/discovery: "kafka" 10 | type: Opaque 11 | data: 12 | kafka-service: {{ (include "kafkaList" .) | b64enc | quote }} 13 | {{- end -}} -------------------------------------------------------------------------------- /charts/kafka/values.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/schema#", 3 | "type": "object", 4 | "properties": { 5 | "kafka": { 6 | "description": "postgres specific configuration", 7 | "type": "object", 8 | "properties": { 9 | "replicaCount": { 10 | "description": "number of worker", 11 | "type": "integer", 12 | "default": 3 13 | }, 14 | "persistence": { 15 | "description": "Configuration for persistence", 16 | "type": "object", 17 | "properties": { 18 | "enabled": { 19 | "type": "boolean", 20 | "description": "Create a persistent volume", 21 | "default": true 22 | }, 23 | "size": { 24 | "type": "string", 25 | "title": "Persistent volume size", 26 | "description": "Size of the persistent volume", 27 | "default": "10Gi", 28 | "form": true, 29 | "render": "slider", 30 | "sliderMin": 1, 31 | "sliderMax": 100, 32 | "sliderStep": 1, 33 | "sliderUnit": "Gi", 34 | "hidden": { 35 | "value": false, 36 | "path": "kafka/persistence/enabled" 37 | } 38 | } 39 | } 40 | } 41 | } 42 | } 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /charts/kafka/values.yaml: -------------------------------------------------------------------------------- 1 | kafka: 2 | fullnameOverride: kafka 3 | replicaCount: 3 4 | discoverable: 5 | allow: true 6 | 7 | fullnameOverride: kafka 8 | 9 | -------------------------------------------------------------------------------- /charts/label-studio/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - Start annotate with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | - Your username is **{{ .Values.security.username }}** 5 | - Your password is **{{ .Values.security.password }}** -------------------------------------------------------------------------------- /charts/label-studio/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | ingressClassName: {{ .Values.ingress.ingressClassName | quote }} 14 | {{- if .Values.ingress.tls }} 15 | tls: 16 | - hosts: 17 | - {{ .Values.ingress.hostname | quote }} 18 | {{- end }} 19 | rules: 20 | - host: {{ .Values.ingress.hostname | quote }} 21 | http: 22 | paths: 23 | - path: / 24 | pathType: Prefix 25 | backend: 26 | service: 27 | name: {{ $fullName }} 28 | port: 29 | number: {{ $svcPort }} 30 | {{- end }} -------------------------------------------------------------------------------- /charts/label-studio/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/label-studio/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/label-studio/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | {{- if .Values.networking.clusterIP }} 10 | clusterIP: {{ .Values.networking.clusterIP }} 11 | {{- end }} 12 | ports: 13 | - port: {{ .Values.networking.port }} 14 | targetPort: http 15 | protocol: TCP 16 | name: http 17 | selector: 18 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 19 | -------------------------------------------------------------------------------- /charts/lakefs/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to the lakeFS UI with your browser on this [link](https://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | 5 | *NOTES about deletion :* 6 | 7 | - **You can safely delete this chart and recreate one later** 8 | - Data volumes in the associated postgresql will not be deleted 9 | - If you start a new {{ .Chart.Name }}, it will reuse this volume silently. 10 | - If you want to delete this volume definitely : `kubectl delete pvc data-{{ .Values.postgresql.fullnameOverride }}-0` 11 | -------------------------------------------------------------------------------- /charts/lakefs/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/lakefs/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/lakefs/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/library-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: library-chart 3 | version: 2.3.0 4 | type: library 5 | -------------------------------------------------------------------------------- /charts/library-chart/templates/_ingress.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | 3 | {{/* 4 | ingress annotations 5 | */}} 6 | {{- define "library-chart.ingress.annotations" -}} 7 | {{- with .Values.ingress.annotations }} 8 | {{- toYaml . }} 9 | {{- end }} 10 | {{- if .Values.security.allowlist.enabled }} 11 | nginx.ingress.kubernetes.io/whitelist-source-range: {{ .Values.security.allowlist.ip }} 12 | {{- end }} 13 | {{- end }} 14 | 15 | {{- define "library-chart.ingress.hostname" -}} 16 | {{- if .Values.ingress.generate }} 17 | {{- printf "%s" .Values.ingress.userHostname }} 18 | {{- else }} 19 | {{- printf "%s" .Values.ingress.hostname }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/library-chart/templates/_labels.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | 3 | {{/* 4 | Common labels 5 | */}} 6 | {{- define "library-chart.labels" -}} 7 | helm.sh/chart: {{ include "library-chart.chart" . }} 8 | {{ include "library-chart.selectorLabels" . }} 9 | {{- if .Chart.AppVersion }} 10 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 11 | {{- end }} 12 | app.kubernetes.io/managed-by: {{ .Release.Service }} 13 | {{- end }} 14 | 15 | {{/* 16 | Selector labels 17 | */}} 18 | {{- define "library-chart.selectorLabels" -}} 19 | app.kubernetes.io/name: {{ include "library-chart.name" . }} 20 | app.kubernetes.io/instance: {{ .Release.Name }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/library-chart/templates/_names.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | 3 | {{/* 4 | Expand the name of the chart. 5 | */}} 6 | {{- define "library-chart.name" -}} 7 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 8 | {{- end }} 9 | 10 | {{/* 11 | Create a default fully qualified app name. 12 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 13 | If release name contains chart name it will be used as a full name. 14 | */}} 15 | {{- define "library-chart.fullname" -}} 16 | {{- if .Values.fullnameOverride }} 17 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 18 | {{- else }} 19 | {{- $name := default .Chart.Name .Values.nameOverride }} 20 | {{- if contains $name .Release.Name }} 21 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 22 | {{- else }} 23 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 24 | {{- end }} 25 | {{- end }} 26 | {{- end }} 27 | 28 | {{/* 29 | Create chart name and version as used by the chart label. 30 | */}} 31 | {{- define "library-chart.chart" -}} 32 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 33 | {{- end }} 34 | -------------------------------------------------------------------------------- /charts/library-chart/templates/_serviceaccounts.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | 3 | {{/* 4 | Create the name of the service account to use 5 | */}} 6 | {{- define "library-chart.serviceAccountName" -}} 7 | {{- if .Values.serviceAccount.create }} 8 | {{- default (include "library-chart.fullname" .) .Values.serviceAccount.name }} 9 | {{- else }} 10 | {{- default "default" .Values.serviceAccount.name }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/mariadb/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 2 | - You can connect to this mariadb only within the cluster itself on this url : mysql://{{ template "common.names.fullname" . }}:{{ .Values.mariadb.primary.service.ports.mysql }} 3 | - The database name is **{{ .Values.mariadb.auth.database }}** 4 | - The username is **{{ .Values.mariadb.auth.username }}** 5 | - The password is **{{ .Values.mariadb.auth.password }}** 6 | - The admin username is mariadb and password is **{{ .Values.mariadb.auth.rootPassword }}** 7 | -------------------------------------------------------------------------------- /charts/mariadb/templates/discovery-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.discoverable.allow }} 2 | {{- $fullname := include "common.names.fullname" . }} 3 | {{- $secretName := printf "%s-%s" "discoverable" $fullname -}} 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ $secretName }} 8 | annotations: 9 | onyxia/discovery: "mariadb" 10 | type: Opaque 11 | data: 12 | mariadb-service: {{ (include "common.names.fullname" .) | b64enc | quote }} 13 | mariadb-password: {{ .Values.mariadb.auth.rootPassword | default ".Values.mariadb.auth.rootPassword" | b64enc | quote }} 14 | password: {{ .Values.mariadb.auth.password | default ".Values.mariadb.auth.password" | b64enc | quote }} 15 | mariadb-username: {{ .Values.mariadb.auth.username | default ".Values.mariadb.auth.username" | b64enc | quote }} 16 | mariadb-database: {{ .Values.mariadb.auth.database | default ".Values.mariadb.auth.database" | b64enc | quote }} 17 | mariadb-port: {{ .Values.mariadb.primary.service.ports.mysql | quote }} 18 | {{- end -}} 19 | -------------------------------------------------------------------------------- /charts/mariadb/values.yaml: -------------------------------------------------------------------------------- 1 | mariadb: 2 | image: 3 | tag: "10.5.15" 4 | pullPolicy: IfNotPresent 5 | auth: 6 | rootPassword: "" 7 | database: my_database 8 | username: "" 9 | password: "" 10 | existingSecret: "" 11 | volumePermissions: 12 | enabled: true 13 | primary: 14 | existingConfigmap: "" 15 | resources: 16 | limits: {} 17 | requests: 18 | memory: 512Mi 19 | cpu: 1000m 20 | service: 21 | ports: 22 | mysql: 3306 23 | 24 | discoverable: 25 | allow: true 26 | 27 | -------------------------------------------------------------------------------- /charts/mlflow/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to the mlflow UI with your browser on this [link](https://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | 5 | *NOTES about deletion :* 6 | 7 | - **You can safely delete this chart and recreate one later** 8 | - Data volumes in the associated postgresql will not be deleted 9 | - If you start a new {{ .Chart.Name }}, it will reuse this volume silently. 10 | - If you want to delete this volume definitely : `kubectl delete pvc data-{{ .Values.postgresql.fullnameOverride }}-0` 11 | -------------------------------------------------------------------------------- /charts/mlflow/templates/configmap-s3.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapS3" . }} -------------------------------------------------------------------------------- /charts/mlflow/templates/discovery-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.discoverable.allow }} 2 | {{- $fullname := (include "library-chart.fullname" .) -}} 3 | {{- $secretName := printf "%s-%s" "discoverable" $fullname -}} 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ $secretName }} 8 | annotations: 9 | onyxia/discovery: "mlflow" 10 | type: Opaque 11 | data: 12 | {{ if .Values.ingress.enabled }} 13 | uri: {{ printf "https://%s" .Values.ingress.hostname | b64enc | quote }} 14 | {{ else }} 15 | uri: {{ printf "http://%s" $fullname | b64enc | quote }} 16 | {{ end }} 17 | {{- end -}} -------------------------------------------------------------------------------- /charts/mlflow/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/mlflow/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/mlflow/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/mlflow/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | {{- if .Values.networking.clusterIP }} 10 | clusterIP: {{ .Values.networking.clusterIP }} 11 | {{- end }} 12 | ports: 13 | - port: {{ .Values.networking.port }} 14 | targetPort: http 15 | protocol: TCP 16 | name: http 17 | selector: 18 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 19 | -------------------------------------------------------------------------------- /charts/mongodb/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- $replicaCount := int .Values.mongodb.replicaCount }} 2 | {{- $portNumber := int .Values.mongodb.service.port }} 3 | {{- $fullname := include "library-chart.fullname" . }} 4 | {{- $user := .Values.mongodb.auth.username }} 5 | {{- $password := .Values.mongodb.auth.password }} 6 | {{- $rootPassword := .Values.mongodb.auth.rootPassword }} 7 | {{- $db := .Values.mongodb.auth.database }} 8 | {{- $pvcList := list }} 9 | {{- $mongoList := list }} 10 | {{- range $e, $i := until $replicaCount }} 11 | {{- $pvcList = append $pvcList (printf "datadir-%s-%d" $fullname $i) }} 12 | {{- $mongoList = append $mongoList (printf "%s-%d.%s-headless:%d" $fullname $i $fullname $portNumber) }} 13 | {{- end }} 14 | - the connection string is : 15 | 16 | **`mongodb://{{ $user }}:{{ $password }}@{{ (include "mongoList" .)}}/{{ $db }}?authSource{{ $db }}`** 17 | - example for python : 18 | 19 | ``` 20 | from pymongo import MongoClient 21 | client = MongoClient('mongodb://{{ $user }}:{{ $password }}@{{ (include "mongoList" .) }}/{{ $db }}?authSource{{ $db }}') 22 | db=client.{{ $db }} 23 | ``` 24 | - example for mongosh : 25 | 26 | * as user in {{ $db }} 27 | `mongo -u {{ $user }} -p {{ $password }} --authenticationDatabase {{ $db }}` 28 | * as root 29 | `mongo -u root -p {{ $rootPassword }}` 30 | 31 | *NOTES about deletion :* 32 | 33 | - **You can safely delete this chart and recreate one later** 34 | - Data volumes will not be deleted 35 | - If you start a new {{ .Chart.Name }}, it will reuse those volumes silently. 36 | - If you want to delete those volume definitily : `kubectl delete pvc {{ join " " $pvcList }}` -------------------------------------------------------------------------------- /charts/mongodb/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{- define "mongoList" -}} 2 | {{- $replicaCount := int .Values.mongodb.replicaCount }} 3 | {{- $portNumber := int .Values.mongodb.service.port }} 4 | {{- $fullname := include "library-chart.fullname" . }} 5 | {{- $mongoList := list }} 6 | {{- range $e, $i := until $replicaCount }} 7 | {{- $mongoList = append $mongoList (printf "%s-%d.%s-headless:%d" $fullname $i $fullname $portNumber) }} 8 | {{- end }} 9 | {{- printf "%s" (join "," $mongoList) -}} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /charts/mongodb/templates/discovery-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.mongodb.discoverable.allow }} 2 | {{- $fullname := include "library-chart.fullname" . }} 3 | {{- $secretName := printf "%s-%s" "discoverable" $fullname -}} 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ $secretName }} 8 | annotations: 9 | onyxia/discovery: "mongodb" 10 | type: Opaque 11 | data: 12 | mongodb-service: {{ (include "mongoList" .) | b64enc | quote }} 13 | mongodb-name: {{ printf "%s" $fullname | b64enc | quote }} 14 | {{- if .Values.mongodb.auth.password }} 15 | mongodb-password: {{ .Values.mongodb.auth.password | b64enc | quote }} 16 | {{- end }} 17 | {{- if .Values.mongodb.auth.password }} 18 | mongodb-username: {{ .Values.mongodb.auth.username | b64enc | quote }} 19 | {{- end }} 20 | {{- if .Values.mongodb.auth.database }} 21 | mongodb-database: {{ .Values.mongodb.auth.database | b64enc | quote }} 22 | {{- end }} 23 | {{- if .Values.mongodb.auth.rootPassword }} 24 | mongodb-rootPassword: {{ .Values.mongodb.auth.rootPassword | b64enc | quote }} 25 | {{- end }} 26 | 27 | {{- end -}} -------------------------------------------------------------------------------- /charts/mongodb/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/mongodb/values.yaml: -------------------------------------------------------------------------------- 1 | mongodb: 2 | resources: {} 3 | fullnameOverride: mongodb 4 | architecture: replicaset 5 | image: 6 | tag: "4.4" 7 | auth: 8 | rootPassword: changeme 9 | username: username 10 | password: changeme 11 | database: defaultdb 12 | replicaCount: 2 13 | discoverable: 14 | allow: true 15 | fullnameOverride: mongodb 16 | security: 17 | networkPolicy: 18 | enabled: true 19 | -------------------------------------------------------------------------------- /charts/neo4j/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/neo4j/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to this neo4j with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostnameUI }}) 3 | {{- end }} 4 | - The username is **neo4j** 5 | - The password is **{{ .Values.security.password }}** 6 | 7 | *NOTES about deletion :* 8 | 9 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 10 | - The volume associated with the following path **{{ .Values.persistence.mountPath }}** will be deleted 11 | - So, you will lose your data 12 | {{- end }} 13 | {{- if .Values.persistence.existingClaim }} 14 | - **You can safely delete this chart and recreate one later** 15 | - The volume associated with the following path **{{ .Values.persistence.mountPath }}** will not be deleted 16 | {{- end }} 17 | 18 | -------------------------------------------------------------------------------- /charts/neo4j/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPortUI := .Values.networking.neo4jUI.port -}} 4 | {{- $svcPortBolt := .Values.networking.neo4jBolt.port -}} 5 | apiVersion: networking.k8s.io/v1 6 | kind: Ingress 7 | metadata: 8 | name: {{ $fullName }} 9 | labels: 10 | {{- include "library-chart.labels" . | nindent 4 }} 11 | {{- with .Values.ingress.annotations }} 12 | annotations: 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | {{- if .Values.ingress.tls }} 17 | tls: 18 | - hosts: 19 | - {{ .Values.ingress.hostnameUI | quote }} 20 | - {{ .Values.ingress.hostnameBolt | quote }} 21 | {{- end }} 22 | rules: 23 | - host: {{ .Values.ingress.hostnameUI | quote }} 24 | http: 25 | paths: 26 | - path: / 27 | pathType: Prefix 28 | backend: 29 | service: 30 | name: {{ $fullName }} 31 | port: 32 | number: {{ $svcPortUI }} 33 | - host: {{ .Values.ingress.hostnameBolt | quote }} 34 | http: 35 | paths: 36 | - path: / 37 | pathType: Prefix 38 | backend: 39 | service: 40 | name: {{ $fullName }} 41 | port: 42 | number: {{ $svcPortBolt }} 43 | {{- end }} -------------------------------------------------------------------------------- /charts/neo4j/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/neo4j/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/neo4j/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | spec: 9 | accessModes: 10 | - {{ .Values.persistence.accessMode | quote }} 11 | resources: 12 | requests: 13 | storage: {{ .Values.persistence.size | quote }} 14 | {{- if .Values.persistence.storageClass }} 15 | {{- if (eq "-" .Values.persistence.storageClass) }} 16 | storageClassName: "" 17 | {{- else }} 18 | storageClassName: "{{ .Values.persistence.storageClass }}" 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/neo4j/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | ports: 10 | - port: {{ .Values.networking.neo4jUI.port }} 11 | targetPort: ui 12 | protocol: TCP 13 | name: ui 14 | - port: {{ .Values.networking.neo4jBolt.port }} 15 | targetPort: bolt 16 | protocol: TCP 17 | name: bolt 18 | selector: 19 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 20 | -------------------------------------------------------------------------------- /charts/neo4j/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/neo4j/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "library-chart.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "library-chart.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/nocodb/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: nocodb 3 | description: NocoDB is an open source NoCode platform that turns any database into a smart spreadsheet 4 | icon: https://minio.lab.sspcloud.fr/projet-onyxia/assets/servicesImg/nocodb.png 5 | keyworks: 6 | - Tool 7 | - Data 8 | home: https://www.nocodb.com/ 9 | sources: 10 | - https://github.com/InseeFrLab/helm-charts-datascience/tree/master/charts/nocodb 11 | - https://hub.docker.com/r/nocodb/nocodb 12 | # A chart can be either an 'application' or a 'library' chart. 13 | # 14 | # Application charts are a collection of templates that can be packaged into versioned archives 15 | # to be deployed. 16 | # 17 | # Library charts provide useful utilities or functions for the chart developer. They're included as 18 | # a dependency of application charts to inject those utilities and functions into the rendering 19 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 20 | type: application 21 | 22 | # This is the chart version. This version number should be incremented each time you make changes 23 | # to the chart and its templates, including the app version. 24 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 25 | version: 0.2.0 26 | 27 | # This is the version number of the application being deployed. This version number should be 28 | # incremented each time you make changes to the application. Versions are not expected to 29 | # follow Semantic Versioning. They should reflect the version the application is using. 30 | appVersion: latest 31 | 32 | dependencies: 33 | - name: library-chart 34 | version: 2.0.20 35 | repository: https://inseefrlab.github.io/helm-charts-datascience 36 | -------------------------------------------------------------------------------- /charts/nocodb/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to nocodb with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | 5 | *NOTES about deletion :* 6 | 7 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 8 | - The volume associated with the following path **{{ .Values.persistence.mountPath }}** will be deleted 9 | - So, you will lose your data 10 | {{- end }} 11 | {{- if .Values.persistence.existingClaim }} 12 | - **You can safely delete this chart and recreate one later** 13 | - The volume associated with the following path **{{ .Values.persistence.mountPath }}** will not be deleted 14 | {{- end }} -------------------------------------------------------------------------------- /charts/nocodb/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.nocodb.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/nocodb/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/nocodb/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/nocodb/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | spec: 9 | accessModes: 10 | - {{ .Values.persistence.accessMode | quote }} 11 | resources: 12 | requests: 13 | storage: {{ .Values.persistence.size | quote }} 14 | {{- if .Values.persistence.storageClass }} 15 | {{- if (eq "-" .Values.persistence.storageClass) }} 16 | storageClassName: "" 17 | {{- else }} 18 | storageClassName: "{{ .Values.persistence.storageClass }}" 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/nocodb/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | ports: 10 | - port: {{ .Values.networking.nocodb.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /charts/nocodb/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/nocodb/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "library-chart.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "library-chart.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/openrefine/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/openrefine/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to openrefine with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | 5 | *NOTES about deletion :* 6 | 7 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 8 | - The volume associated with the following path **{{ .Values.persistence.mountPath }}** will be deleted 9 | - So, you will lose your data 10 | {{- end }} 11 | {{- if .Values.persistence.existingClaim }} 12 | - **You can safely delete this chart and recreate one later** 13 | - The volume associated with the following path **{{ .Values.persistence.mountPath }}** will not be deleted 14 | {{- end }} -------------------------------------------------------------------------------- /charts/openrefine/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.openrefine.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | ingressClassName: {{ .Values.ingress.ingressClassName | quote }} 14 | {{- if .Values.ingress.tls }} 15 | tls: 16 | - hosts: 17 | - {{ .Values.ingress.hostname | quote }} 18 | {{- end }} 19 | rules: 20 | - host: {{ .Values.ingress.hostname | quote }} 21 | http: 22 | paths: 23 | - path: / 24 | pathType: Prefix 25 | backend: 26 | service: 27 | name: {{ $fullName }} 28 | port: 29 | number: {{ $svcPort }} 30 | {{- end }} -------------------------------------------------------------------------------- /charts/openrefine/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/openrefine/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/openrefine/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | spec: 9 | accessModes: 10 | - {{ .Values.persistence.accessMode | quote }} 11 | resources: 12 | requests: 13 | storage: {{ .Values.persistence.size | quote }} 14 | {{- if .Values.persistence.storageClass }} 15 | {{- if (eq "-" .Values.persistence.storageClass) }} 16 | storageClassName: "" 17 | {{- else }} 18 | storageClassName: "{{ .Values.persistence.storageClass }}" 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/openrefine/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | ports: 10 | - port: {{ .Values.networking.openrefine.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /charts/openrefine/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/openrefine/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "library-chart.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "library-chart.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/pgadmin/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/pgadmin/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to this pgadmin with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | - Your login is **{{ .Values.security.mail }}** 5 | - Your password is **{{ .Values.security.password }}** 6 | 7 | *NOTES about deletion :* 8 | 9 | - **You can safely delete this chart and recreate one later** 10 | - There is no data volume 11 | -------------------------------------------------------------------------------- /charts/pgadmin/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | 3 | {{- define "pgadmin.configmap" -}} 4 | {{ printf "{" }} 5 | {{ printf "\"Servers\": {" | indent 2 }} 6 | {{- $virgule := 0 }} 7 | {{- $namespace:= .Release.Namespace }} 8 | {{- range $index, $secret := (lookup "v1" "Secret" $namespace "").items }} 9 | {{- if (index $secret "metadata" "annotations") }} 10 | {{- if and (index $secret "metadata" "annotations" "onyxia/discovery") (eq "postgres" (index $secret "metadata" "annotations" "onyxia/discovery" | toString)) }} 11 | {{- $service:= ( index $secret.data "postgres-service" | default "") | b64dec }} 12 | {{- $username:= ( index $secret.data "postgres-username") | b64dec }} 13 | {{- $password:= ( index $secret.data "postgres-password") | b64dec }} 14 | {{- $database:= ( index $secret.data "postgres-database") | b64dec }} 15 | {{- $port:= ( index $secret.data "postgres-port") }} 16 | {{- if $virgule }} 17 | {{ printf "," }} 18 | {{- end }} 19 | {{ printf "\"%d\" :{" $index | indent 4}} 20 | {{ printf "\"Name\": \"%s\"," $service | indent 6}} 21 | {{ printf "\"Group\": \"Autodiscovery\"," | indent 6}} 22 | {{ printf "\"Port\": %d," (int $port) | indent 6}} 23 | {{ printf "\"Host\": \"%s\"," $service | indent 6}} 24 | {{ printf "\"Username\": \"%s\"," $username | indent 6}} 25 | {{ printf "\"SSLMode\": \"prefer\"," | indent 6 }} 26 | {{ printf "\"MaintenanceDB\": \"%s\"" $database | indent 6}} 27 | {{- $virgule = 1}} 28 | {{ printf "}" | indent 4}} 29 | {{- end }} 30 | {{- end }} 31 | {{- end }} 32 | {{ printf "}" | indent 2}} 33 | {{ printf "}" }} 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /charts/pgadmin/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.discovery.postgres -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | data: 9 | servers.json: |- 10 | {{- include "pgadmin.configmap" . | nindent 4 }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /charts/pgadmin/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/pgadmin/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/pgadmin/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/pgadmin/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /charts/pgadmin/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/pgadmin/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "library-chart.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "library-chart.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/pinot/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/pinot/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: pinot 3 | description: Realtime distributed OLAP datastore, designed to answer OLAP queries with low latency 4 | icon: https://minio.lab.sspcloud.fr/projet-onyxia/assets/servicesImg/pinot.png 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.2.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "1.16.0" 25 | dependencies: 26 | - name: pinot 27 | version: 0.2.4 28 | repository: https://raw.githubusercontent.com/apache/pinot/master/kubernetes/helm 29 | enabled: true 30 | -------------------------------------------------------------------------------- /charts/pinot/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | pinot is running at {{ .Values.ingress.hostname }} 2 | good luck! -------------------------------------------------------------------------------- /charts/pinot/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /charts/pinot/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ template "pinot.controller.headless" .Subcharts.pinot }} 6 | {{- with .Values.ingress.annotations }} 7 | annotations: 8 | {{- toYaml . | nindent 4 }} 9 | {{- end }} 10 | spec: 11 | {{- if .Values.ingress.tls }} 12 | tls: 13 | - hosts: 14 | - {{ .Values.ingress.hostname | quote }} 15 | {{- end }} 16 | rules: 17 | - host: {{ .Values.ingress.hostname | quote }} 18 | http: 19 | paths: 20 | - path: / 21 | pathType: Prefix 22 | backend: 23 | service: 24 | name: {{ template "pinot.controller.headless" .Subcharts.pinot }} 25 | port: 26 | name: {{ .Values.pinot.controller.service.name }} 27 | {{- end }} -------------------------------------------------------------------------------- /charts/postgresql/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 2 | - You can connect to this postgres only within the cluster itself on this url : postgresql://{{ template "common.names.fullname" . }}:{{ .Values.postgresql.global.postgresql.service.ports.postgresql }} 3 | - The database name is **{{ .Values.postgresql.auth.database }}** 4 | - The username is **{{ .Values.postgresql.auth.username }}** 5 | - The password is **{{ .Values.postgresql.auth.password }}** 6 | - The admin username is postgres and password is **{{ .Values.postgresql.auth.postgresPassword }}** 7 | -------------------------------------------------------------------------------- /charts/postgresql/templates/configmap-init.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | data: 8 | {{- if .Values.postgresql.extensions.postgis }} 9 | enable-extensions.sh: | 10 | #!/bin/sh 11 | export PGPASSWORD=$POSTGRES_PASSWORD 12 | psql -U postgres -d $POSTGRES_DB -c "CREATE EXTENSION postgis;" 13 | psql -U postgres -d $POSTGRES_DB -c "CREATE EXTENSION postgis_topology;" 14 | {{ else }} 15 | enable-extensions.sh: | 16 | #!/bin/sh 17 | echo "No additional extensions created." 18 | {{- end -}} -------------------------------------------------------------------------------- /charts/postgresql/templates/discovery-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.discoverable.allow }} 2 | {{- $fullname := include "common.names.fullname" . }} 3 | {{- $secretName := printf "%s-%s" "discoverable" $fullname -}} 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ $secretName }} 8 | annotations: 9 | onyxia/discovery: "postgres" 10 | type: Opaque 11 | data: 12 | postgres-service: {{ (include "common.names.fullname" .) | b64enc | quote }} 13 | postgres-password: {{ .Values.postgresql.auth.postgresPassword | default ".Values.postgresql.auth.postgresPassword" | b64enc | quote }} 14 | password: {{ .Values.postgresql.auth.password | default ".Values.postgresql.auth.password" | b64enc | quote }} 15 | postgres-username: {{ .Values.postgresql.auth.username | default ".Values.postgresql.auth.username" | b64enc | quote }} 16 | postgres-database: {{ .Values.postgresql.auth.database | default ".Values.postgresql.auth.database" | b64enc | quote }} 17 | postgres-port: {{ .Values.postgresql.containerPorts.postgresql | quote }} 18 | {{- end -}} 19 | -------------------------------------------------------------------------------- /charts/postgresql/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/postgresql/values.yaml: -------------------------------------------------------------------------------- 1 | postgresql: 2 | image: 3 | tag: "14" 4 | pullPolicy: IfNotPresent 5 | global: 6 | postgresql: 7 | service: 8 | ports: 9 | postgresql: 5432 10 | auth: 11 | postgresPassword: "" 12 | username: "" 13 | password: "" 14 | database: "" 15 | extensions: 16 | postgis: false 17 | primary: 18 | initdb: 19 | scriptsConfigMap: '{{ include "library-chart.fullname" . }}' 20 | 21 | discoverable: 22 | allow: true 23 | 24 | security: 25 | networkPolicy: 26 | enabled: true -------------------------------------------------------------------------------- /charts/rapidsai/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/rapidsai/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to this jupyter with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | {{- if .Values.spark.sparkui }} 5 | - When the spark driver is running, you can connect to the spark-ui with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.sparkHostname }}) 6 | {{- end }} 7 | - Your access token is **{{ .Values.security.password }}** 8 | 9 | *NOTES about deletion :* 10 | 11 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 12 | - The volume associated with the following path **{{ .Values.persistence.mountPath }}** will be deleted 13 | - So, you should save your code to an external git repository 14 | - So, You should save your data to an external data repository like S3 15 | - You can easily create a new {{ .Chart.Name }} service, clone your code and install again some librairies you need 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/rapidsai/templates/configmap-coresite.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapCoreSite" . }} -------------------------------------------------------------------------------- /charts/rapidsai/templates/configmap-git.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapGit" . }} 2 | -------------------------------------------------------------------------------- /charts/rapidsai/templates/configmap-hive.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapHive" . }} -------------------------------------------------------------------------------- /charts/rapidsai/templates/configmap-s3.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapS3" . }} 2 | -------------------------------------------------------------------------------- /charts/rapidsai/templates/configmap-sparkconf.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapSparkConf" . }} -------------------------------------------------------------------------------- /charts/rapidsai/templates/configmap-vault.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapVault" . }} 2 | -------------------------------------------------------------------------------- /charts/rapidsai/templates/ingress-sparkui.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- if .Values.spark.sparkui -}} 3 | {{- $fullName := include "library-chart.fullname" . -}} 4 | {{- $svcPort := .Values.networking.sparkui.port -}} 5 | apiVersion: networking.k8s.io/v1 6 | kind: Ingress 7 | metadata: 8 | name: {{ $fullName }}-sparkui 9 | labels: 10 | {{- include "library-chart.labels" . | nindent 4 }} 11 | annotations: 12 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 13 | spec: 14 | {{- if .Values.ingress.tls }} 15 | tls: 16 | - hosts: 17 | - {{ .Values.ingress.sparkHostname | quote }} 18 | {{- end }} 19 | rules: 20 | - host: {{ .Values.ingress.sparkHostname | quote }} 21 | http: 22 | paths: 23 | - path: / 24 | pathType: Prefix 25 | backend: 26 | service: 27 | name: {{ $fullName }} 28 | port: 29 | number: {{ $svcPort }} 30 | {{- end }} 31 | {{- end }} -------------------------------------------------------------------------------- /charts/rapidsai/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.rapidsai.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/rapidsai/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/rapidsai/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/rapidsai/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | spec: 9 | accessModes: 10 | - {{ .Values.persistence.accessMode | quote }} 11 | resources: 12 | requests: 13 | storage: {{ .Values.persistence.size | quote }} 14 | {{- if .Values.persistence.storageClass }} 15 | {{- if (eq "-" .Values.persistence.storageClass) }} 16 | storageClassName: "" 17 | {{- else }} 18 | storageClassName: "{{ .Values.persistence.storageClass }}" 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/rapidsai/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | {{- if .Values.kubernetes.enabled -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ include "library-chart.serviceAccountName" . }} 7 | labels: 8 | {{- include "library-chart.labels" . | nindent 4 }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: {{ .Values.kubernetes.role}} 13 | subjects: 14 | - kind: ServiceAccount 15 | name: {{ include "library-chart.serviceAccountName" . }} 16 | namespace: {{ .Release.Namespace }} 17 | {{- end }} 18 | {{- end }} -------------------------------------------------------------------------------- /charts/rapidsai/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | {{- if .Values.networking.clusterIP }} 10 | clusterIP: {{ .Values.networking.clusterIP }} 11 | {{- end }} 12 | ports: 13 | - port: {{ .Values.networking.rapidsai.port }} 14 | targetPort: http 15 | protocol: TCP 16 | name: http 17 | {{- if .Values.spark.sparkui }} 18 | - port: {{ .Values.networking.sparkui.port }} 19 | targetPort: 4040 20 | protocol: TCP 21 | name: sparkui 22 | {{- end }} 23 | selector: 24 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 25 | -------------------------------------------------------------------------------- /charts/rapidsai/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/rapidsai/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "library-chart.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "library-chart.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/redash/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to redash with your browser on this [link](https://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | 5 | *NOTES about deletion :* 6 | 7 | - **You can safely delete this chart and recreate one later** 8 | - Data volumes in the associated postgresql will not be deleted 9 | - If you start a new {{ .Chart.Name }}, it will reuse this volume silently. 10 | - If you want to delete this volume definitely : `kubectl delete pvc data-{{ .Values.postgresql.fullnameOverride }}-0` 11 | -------------------------------------------------------------------------------- /charts/redash/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.redash.service.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | {{- with .Values.ingress.annotations }} 11 | annotations: 12 | {{- toYaml . | nindent 4 }} 13 | {{- end }} 14 | spec: 15 | {{- if .Values.ingress.tls }} 16 | tls: 17 | - hosts: 18 | - {{ .Values.ingress.hostname | quote }} 19 | {{- end }} 20 | rules: 21 | - host: {{ .Values.ingress.hostname | quote }} 22 | http: 23 | paths: 24 | - path: / 25 | pathType: Prefix 26 | backend: 27 | service: 28 | name: {{ $fullName }} 29 | port: 30 | number: {{ $svcPort }} 31 | {{- end }} -------------------------------------------------------------------------------- /charts/redash/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: redash-postgres 5 | type: Opaque 6 | data: 7 | connectionString: {{ printf "postgresql://%s:%s@%s:5432/%s" .Values.global.postgresql.postgresqlUsername .Values.global.postgresql.postgresqlPassword .Values.postgresql.fullnameOverride .Values.global.postgresql.postgresqlDatabase| b64enc | quote }} -------------------------------------------------------------------------------- /charts/redash/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | postgresql: 3 | postgresqlDatabase: "redash" 4 | postgresqlUsername: "admin" 5 | postgresqlPassword: "changeme" 6 | 7 | postgresql: 8 | image: 9 | tag: "12" 10 | fullnameOverride: "redash-db" 11 | 12 | ingress: 13 | enabled: true 14 | tls: true 15 | annotations: 16 | kubernetes.io/ingress.class: nginx 17 | # kubernetes.io/tls-acme: "true" 18 | hostname: chart-example.local 19 | # - secretName: chart-example-tls 20 | # hosts: 21 | # - chart-example.local 22 | 23 | redash: 24 | image: 25 | repository: redash/redash 26 | tag: 10.0.0.b50363 27 | externalPostgreSQLSecret: 28 | name: redash-postgres 29 | key: connectionString 30 | redash: 31 | cookieSecret: changeme 32 | secretKey: changeme 33 | postgresql: 34 | enabled: false 35 | existingSecret: toto 36 | -------------------------------------------------------------------------------- /charts/rstudio/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/rstudio/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: rstudio 3 | description: R Studio is the reference environment / IDE for programming with R, a programming language used for data processing and statistical analysis. You can use it for spark. 4 | icon: https://minio.lab.sspcloud.fr/projet-onyxia/assets/servicesImg/rstudio.png 5 | keywords: 6 | - R 7 | - IDE 8 | home: https://www.rstudio.com/ 9 | sources: 10 | - https://github.com/InseeFrLab/rstudio 11 | - https://github.com/InseeFrLab/helm-charts-datascience/tree/master/charts/rstudio 12 | - https://github.com/rocker-org/rocker 13 | # A chart can be either an 'application' or a 'library' chart. 14 | # 15 | # Application charts are a collection of templates that can be packaged into versioned archives 16 | # to be deployed. 17 | # 18 | # Library charts provide useful utilities or functions for the chart developer. They're included as 19 | # a dependency of application charts to inject those utilities and functions into the rendering 20 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 21 | type: application 22 | 23 | # This is the chart version. This version number should be incremented each time you make changes 24 | # to the chart and its templates, including the app version. 25 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 26 | version: 6.5.0 27 | 28 | dependencies: 29 | - name: library-chart 30 | version: 2.1.0 31 | repository: https://inseefrlab.github.io/helm-charts-datascience 32 | -------------------------------------------------------------------------------- /charts/rstudio/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to this rstudio with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | {{- if .Values.spark.sparkui }} 5 | - When the spark driver is running, you can connect to the spark-ui with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.sparkHostname }}) 6 | {{- end }} 7 | - The login is **rstudio** 8 | - The password is **{{ .Values.security.password }}** 9 | 10 | {{- if .Values.ingress.enabled }} 11 | {{- if .Values.networking.user.enabled }} 12 | - You can connect to your custom port on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.userHostname }}) 13 | If you don't run your custom service you will get a 502 bad gateway error. 14 | {{- end }} 15 | {{- end }} 16 | 17 | *NOTES about deletion :* 18 | 19 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 20 | - The volume associated with the following path **{{ .Values.persistence.mountPath }}** will be deleted 21 | - So, you should save your code to an external git repository 22 | - So, You should save your data to an external data repository like S3 23 | - You can easily create a new {{ .Chart.Name }} service, clone your code and install again some librairies you need 24 | {{- end }} -------------------------------------------------------------------------------- /charts/rstudio/templates/configmap-coresite.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapCoreSite" . }} -------------------------------------------------------------------------------- /charts/rstudio/templates/configmap-git.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapGit" . }} 2 | -------------------------------------------------------------------------------- /charts/rstudio/templates/configmap-hive.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapHive" . }} -------------------------------------------------------------------------------- /charts/rstudio/templates/configmap-s3.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapS3" . }} -------------------------------------------------------------------------------- /charts/rstudio/templates/configmap-sparkconf.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapSparkConf" . }} -------------------------------------------------------------------------------- /charts/rstudio/templates/configmap-vault.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapVault" . }} -------------------------------------------------------------------------------- /charts/rstudio/templates/ingress-sparkui.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- if .Values.spark.sparkui -}} 3 | {{- $fullName := include "library-chart.fullname" . -}} 4 | {{- $svcPort := .Values.networking.sparkui.port -}} 5 | apiVersion: networking.k8s.io/v1 6 | kind: Ingress 7 | metadata: 8 | name: {{ $fullName }}-sparkui 9 | labels: 10 | {{- include "library-chart.labels" . | nindent 4 }} 11 | annotations: 12 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 13 | spec: 14 | {{- if .Values.ingress.tls }} 15 | tls: 16 | - hosts: 17 | - {{ .Values.ingress.sparkHostname | quote }} 18 | {{- end }} 19 | rules: 20 | - host: {{ .Values.ingress.sparkHostname | quote }} 21 | http: 22 | paths: 23 | - path: / 24 | pathType: Prefix 25 | backend: 26 | service: 27 | name: {{ $fullName }} 28 | port: 29 | number: {{ $svcPort }} 30 | {{- end }} 31 | {{- end }} -------------------------------------------------------------------------------- /charts/rstudio/templates/ingress-user.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{ if .Values.networking.user.enabled }} 3 | {{- $fullName := include "library-chart.fullname" . -}} 4 | {{- $svcPort := .Values.networking.user.port -}} 5 | apiVersion: networking.k8s.io/v1 6 | kind: Ingress 7 | metadata: 8 | name: {{ $fullName }}-user 9 | labels: 10 | {{- include "library-chart.labels" . | nindent 4 }} 11 | annotations: 12 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 13 | spec: 14 | {{- if .Values.ingress.tls }} 15 | tls: 16 | - hosts: 17 | - {{ .Values.ingress.userHostname | quote }} 18 | {{- end }} 19 | rules: 20 | - host: {{ .Values.ingress.userHostname | quote }} 21 | http: 22 | paths: 23 | - path: / 24 | pathType: Prefix 25 | backend: 26 | service: 27 | name: {{ $fullName }} 28 | port: 29 | number: {{ $svcPort }} 30 | {{- end }} 31 | {{- end }} -------------------------------------------------------------------------------- /charts/rstudio/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.rstudio.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/rstudio/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/rstudio/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/rstudio/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | spec: 9 | accessModes: 10 | - {{ .Values.persistence.accessMode | quote }} 11 | resources: 12 | requests: 13 | storage: {{ .Values.persistence.size | quote }} 14 | {{- if .Values.persistence.storageClass }} 15 | {{- if (eq "-" .Values.persistence.storageClass) }} 16 | storageClassName: "" 17 | {{- else }} 18 | storageClassName: "{{ .Values.persistence.storageClass }}" 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/rstudio/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | {{- if .Values.kubernetes.enable -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ include "library-chart.serviceAccountName" . }} 7 | labels: 8 | {{- include "library-chart.labels" . | nindent 4 }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: {{ .Values.kubernetes.role}} 13 | subjects: 14 | - kind: ServiceAccount 15 | name: {{ include "library-chart.serviceAccountName" . }} 16 | namespace: {{ .Release.Namespace }} 17 | {{- end }} 18 | {{- end }} -------------------------------------------------------------------------------- /charts/rstudio/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | {{- if .Values.networking.clusterIP }} 10 | clusterIP: {{ .Values.networking.clusterIP }} 11 | {{- end }} 12 | ports: 13 | - port: {{ .Values.networking.rstudio.port }} 14 | targetPort: http 15 | protocol: TCP 16 | name: http 17 | {{- if .Values.spark.sparkui }} 18 | - port: {{ .Values.networking.sparkui.port }} 19 | targetPort: 4040 20 | protocol: TCP 21 | name: sparkui 22 | {{- end }} 23 | {{ if .Values.networking.user.enabled }} 24 | - port: {{ .Values.networking.user.port }} 25 | targetPort: {{ .Values.networking.user.port }} 26 | protocol: TCP 27 | name: user 28 | {{- end }} 29 | selector: 30 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 31 | -------------------------------------------------------------------------------- /charts/rstudio/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/rstudio/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "library-chart.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "library-chart.fullname" . }}:{{ .Values.networking.rstudio.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/spark-history/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: spark-history 3 | description: Spark history help you to review logs of your spark applications. 4 | icon: https://minio.lab.sspcloud.fr/projet-onyxia/assets/servicesImg/spark.png 5 | keyworks: 6 | - spark 7 | - distributed 8 | home: https://spark.apache.org/ 9 | sources: 10 | - https://github.com/InseeFrLab/jupyter-datascience 11 | - https://github.com/InseeFrLab/helm-charts-datascience/tree/master/charts/spark-history 12 | # A chart can be either an 'application' or a 'library' chart. 13 | # 14 | # Application charts are a collection of templates that can be packaged into versioned archives 15 | # to be deployed. 16 | # 17 | # Library charts provide useful utilities or functions for the chart developer. They're included as 18 | # a dependency of application charts to inject those utilities and functions into the rendering 19 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 20 | type: application 21 | 22 | # This is the chart version. This version number should be incremented each time you make changes 23 | # to the chart and its templates, including the app version. 24 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 25 | version: 4.1.0 26 | 27 | # This is the version number of the application being deployed. This version number should be 28 | # incremented each time you make changes to the application. Versions are not expected to 29 | # follow Semantic Versioning. They should reflect the version the application is using. 30 | appVersion: latest 31 | dependencies: 32 | - name: library-chart 33 | version: 2.0.20 34 | repository: https://inseefrlab.github.io/helm-charts-datascience -------------------------------------------------------------------------------- /charts/spark-history/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to the spark history with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | {{- if .Values.spark.directory }} 5 | - the log's directory is **{{ .Values.spark.directory }}** 6 | {{- end }} -------------------------------------------------------------------------------- /charts/spark-history/templates/configmap-coresite.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapCoreSite" . }} -------------------------------------------------------------------------------- /charts/spark-history/templates/configmap-s3.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapS3" . }} -------------------------------------------------------------------------------- /charts/spark-history/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/spark-history/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/spark-history/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/spark-history/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | {{- if .Values.kubernetes.enable -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ include "library-chart.serviceAccountName" . }} 7 | labels: 8 | {{- include "library-chart.labels" . | nindent 4 }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: {{ .Values.kubernetes.role}} 13 | subjects: 14 | - kind: ServiceAccount 15 | name: {{ include "library-chart.serviceAccountName" . }} 16 | namespace: {{ .Release.Namespace }} 17 | {{- end }} 18 | {{- end }} -------------------------------------------------------------------------------- /charts/spark-history/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | {{- if .Values.networking.clusterIP }} 10 | clusterIP: {{ .Values.networking.clusterIP }} 11 | {{- end }} 12 | ports: 13 | - port: {{ .Values.networking.port }} 14 | targetPort: http 15 | protocol: TCP 16 | name: http 17 | selector: 18 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 19 | -------------------------------------------------------------------------------- /charts/spark-history/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/spark-history/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "library-chart.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "library-chart.fullname" . }}:{{ .Values.networking.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/spark-thrift-server/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to the spark UI with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | - The spark thrift service is only available from inside the datalab. 5 | - The url is : **thrift://{{ include "library-chart.fullname" . }}:10000** 6 | 7 | *NOTES about deletion :* 8 | 9 | - **You can safely delete this chart and recreate one later** 10 | - There is no data volume -------------------------------------------------------------------------------- /charts/spark-thrift-server/templates/configmap-coresite.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapCoreSite" . }} -------------------------------------------------------------------------------- /charts/spark-thrift-server/templates/configmap-hive.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapHive" . }} 2 | -------------------------------------------------------------------------------- /charts/spark-thrift-server/templates/configmap-s3.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapS3" . }} 2 | -------------------------------------------------------------------------------- /charts/spark-thrift-server/templates/configmap-sparkconf.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapSparkConf" . }} -------------------------------------------------------------------------------- /charts/spark-thrift-server/templates/discovery-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.discoverable.allow }} 2 | {{- $fullname := include "library-chart.fullname" . -}} 3 | {{- $secretName := printf "%s-%s" "discoverable" $fullname -}} 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ $secretName }} 8 | annotations: 9 | onyxia/discovery: "spark-thrift-server" 10 | type: Opaque 11 | data: 12 | thrift-service: {{ printf "%s" $fullname | b64enc | quote }} 13 | thrift-port: {{ print .Values.networking.port | b64enc | quote }} 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /charts/spark-thrift-server/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.sparkui.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }}-ui 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/spark-thrift-server/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/spark-thrift-server/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/spark-thrift-server/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | {{- if .Values.kubernetes.enable -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ include "library-chart.serviceAccountName" . }} 7 | labels: 8 | {{- include "library-chart.labels" . | nindent 4 }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: {{ .Values.kubernetes.role}} 13 | subjects: 14 | - kind: ServiceAccount 15 | name: {{ include "library-chart.serviceAccountName" . }} 16 | namespace: {{ .Release.Namespace }} 17 | {{- end }} 18 | {{- end }} -------------------------------------------------------------------------------- /charts/spark-thrift-server/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | {{- if .Values.networking.clusterIP }} 10 | clusterIP: {{ .Values.networking.clusterIP }} 11 | {{- end }} 12 | ports: 13 | - port: {{ .Values.networking.port }} 14 | targetPort: thrift 15 | protocol: TCP 16 | name: thrift 17 | - port: {{ .Values.networking.sparkui.port }} 18 | targetPort: sparkui 19 | protocol: TCP 20 | name: sparkui 21 | selector: 22 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 23 | -------------------------------------------------------------------------------- /charts/spark-thrift-server/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/superset/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to superset with your browser on this [link](https://{{ .Values.ingress.hostname }}) 3 | - The login is **{{ .Values.superset.init.adminUser.username }}** 4 | - The password is **{{ .Values.superset.init.adminUser.password }}** 5 | {{- end }} 6 | 7 | 8 | **This chart is an alpha release, use it with caution** -------------------------------------------------------------------------------- /charts/superset/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | apiVersion: networking.k8s.io/v1 4 | kind: Ingress 5 | metadata: 6 | name: {{ $fullName }} 7 | labels: 8 | {{- include "library-chart.labels" . | nindent 4 }} 9 | {{- with .Values.ingress.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | spec: 14 | ingressClassName: {{ .Values.ingress.ingressClassName | quote }} 15 | {{- if .Values.ingress.tls }} 16 | tls: 17 | - hosts: 18 | - {{ .Values.ingress.hostname | quote }} 19 | {{- end }} 20 | rules: 21 | - host: {{ .Values.ingress.hostname | quote }} 22 | http: 23 | paths: 24 | - path: / 25 | pathType: Prefix 26 | backend: 27 | service: 28 | name: {{ $fullName }} 29 | port: 30 | number: 8088 31 | {{- end }} -------------------------------------------------------------------------------- /charts/tensorflow/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/tensorflow/templates/configmap-git.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapGit" . }} -------------------------------------------------------------------------------- /charts/tensorflow/templates/configmap-s3.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapS3" . }} -------------------------------------------------------------------------------- /charts/tensorflow/templates/configmap-vault.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapVault" . }} -------------------------------------------------------------------------------- /charts/tensorflow/templates/ingress-tensorboard.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- if .Values.service.tensorboard -}} 3 | {{- $fullName := include "library-chart.fullname" . -}} 4 | {{- $svcPort := .Values.networking.tensorboard.port -}} 5 | apiVersion: networking.k8s.io/v1 6 | kind: Ingress 7 | metadata: 8 | name: {{ $fullName }}-tensorboard 9 | labels: 10 | {{- include "library-chart.labels" . | nindent 4 }} 11 | annotations: 12 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 13 | spec: 14 | {{- if .Values.ingress.tls }} 15 | tls: 16 | - hosts: 17 | - {{ .Values.ingress.tensorboardHostname | quote }} 18 | {{- end }} 19 | rules: 20 | - host: {{ .Values.ingress.tensorboardHostname | quote }} 21 | http: 22 | paths: 23 | - path: / 24 | pathType: Prefix 25 | backend: 26 | service: 27 | name: {{ $fullName }} 28 | port: 29 | number: {{ $svcPort }} 30 | {{- end }} 31 | {{- end }} -------------------------------------------------------------------------------- /charts/tensorflow/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.tensorflow.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }}-ui 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/tensorflow/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/tensorflow/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/tensorflow/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | spec: 9 | accessModes: 10 | - {{ .Values.persistence.accessMode | quote }} 11 | resources: 12 | requests: 13 | storage: {{ .Values.persistence.size | quote }} 14 | {{- if .Values.persistence.storageClass }} 15 | {{- if (eq "-" .Values.persistence.storageClass) }} 16 | storageClassName: "" 17 | {{- else }} 18 | storageClassName: "{{ .Values.persistence.storageClass }}" 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/tensorflow/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | {{- if .Values.kubernetes.enable -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ include "library-chart.serviceAccountName" . }} 7 | labels: 8 | {{- include "library-chart.labels" . | nindent 4 }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: {{ .Values.kubernetes.role}} 13 | subjects: 14 | - kind: ServiceAccount 15 | name: {{ include "library-chart.serviceAccountName" . }} 16 | namespace: {{ .Release.Namespace }} 17 | {{- end }} 18 | {{- end }} -------------------------------------------------------------------------------- /charts/tensorflow/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | {{- if .Values.networking.clusterIP }} 10 | clusterIP: {{ .Values.networking.clusterIP }} 11 | {{- end }} 12 | ports: 13 | - port: {{ .Values.networking.tensorflow.port }} 14 | targetPort: http 15 | protocol: TCP 16 | name: http 17 | {{- if .Values.service.tensorboard }} 18 | - port: {{ .Values.networking.tensorboard.port }} 19 | targetPort: 6006 20 | protocol: TCP 21 | name: tensorboard 22 | {{- end }} 23 | selector: 24 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 25 | -------------------------------------------------------------------------------- /charts/tensorflow/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tensorflow/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "library-chart.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "library-chart.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/trino/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: trino 3 | description: Fast distributed SQL query engine for big data analytics 4 | keywords: 5 | - SQL 6 | - distributed 7 | - python 8 | # A chart can be either an 'application' or a 'library' chart. 9 | # 10 | # Application charts are a collection of templates that can be packaged into versioned archives 11 | # to be deployed. 12 | # 13 | # Library charts provide useful utilities or functions for the chart developer. They're included as 14 | # a dependency of application charts to inject those utilities and functions into the rendering 15 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 16 | type: application 17 | 18 | # This is the chart version. This version number should be incremented each time you make changes 19 | # to the chart and its templates, including the app version. 20 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 21 | 22 | version: 3.2.0 23 | 24 | 25 | # This is the version number of the application being deployed. This version number should be 26 | # incremented each time you make changes to the application. Versions are not expected to 27 | # follow Semantic Versioning. They should reflect the version the application is using. 28 | appVersion: "355" 29 | icon: https://minio.lab.sspcloud.fr/projet-onyxia/assets/servicesImg/trino.png 30 | home: https://trino.io/ 31 | sources: 32 | - https://github.com/trinodb/charts 33 | - https://github.com/trinodb/trino/tree/master/core/docker 34 | 35 | dependencies: 36 | - name: library-chart 37 | version: 2.0.20 38 | repository: https://inseefrlab.github.io/helm-charts-datascience 39 | -------------------------------------------------------------------------------- /charts/trino/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to the trino UI with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- else if contains "NodePort" .Values.service.type }} 4 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "library-chart.fullname" . }}) 5 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 6 | echo http://$NODE_IP:$NODE_PORT 7 | {{- else if contains "LoadBalancer" .Values.service.type }} 8 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 9 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "library-chart.fullname" . }}' 10 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "library-chart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 11 | echo http://$SERVICE_IP:{{ .Values.networking.port }} 12 | {{- else if contains "ClusterIP" .Values.service.type }} 13 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "library-chart.fullname" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 14 | echo "Visit http://127.0.0.1:8080 to use your application" 15 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 16 | {{- end }} 17 | - The login is **{{ .Values.security.username }}** 18 | - The password is **{{ .Values.security.password }}** 19 | -------------------------------------------------------------------------------- /charts/trino/templates/configmap-hdfs.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapCoreSite" . }} -------------------------------------------------------------------------------- /charts/trino/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/trino/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/trino/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/trino/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | ports: 10 | - port: {{ .Values.networking.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 16 | component: coordinator 17 | -------------------------------------------------------------------------------- /charts/ubuntu/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/ubuntu/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: ubuntu 3 | description: Ubuntu with a graphical user interface. 4 | icon: https://minio.lab.sspcloud.fr/projet-onyxia/assets/servicesImg/ubuntu.png 5 | keywords: 6 | - Linux 7 | - Tool 8 | home: https://www.ubuntu-fr.org/ 9 | sources: 10 | - https://github.com/InseeFrLab/ubuntu-vnc 11 | - https://github.com/InseeFrLab/helm-charts-datascience/tree/master/charts/ubuntu 12 | # A chart can be either an 'application' or a 'library' chart. 13 | # 14 | # Application charts are a collection of templates that can be packaged into versioned archives 15 | # to be deployed. 16 | # 17 | # Library charts provide useful utilities or functions for the chart developer. They're included as 18 | # a dependency of application charts to inject those utilities and functions into the rendering 19 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 20 | type: application 21 | 22 | # This is the chart version. This version number should be incremented each time you make changes 23 | # to the chart and its templates, including the app version. 24 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 25 | version: 5.4.6 26 | 27 | # This is the version number of the application being deployed. This version number should be 28 | # incremented each time you make changes to the application. Versions are not expected to 29 | # follow Semantic Versioning. They should reflect the version the application is using. 30 | appVersion: latest 31 | 32 | dependencies: 33 | - name: library-chart 34 | version: 1.5.25 35 | repository: https://inseefrlab.github.io/helm-charts-interactive-services 36 | -------------------------------------------------------------------------------- /charts/ubuntu/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to this ubuntu within your browser at this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/vnc.html) 3 | {{- end }} 4 | - You will need this service password to access the service: **{{ .Values.security.password }}** 5 | *It usually never changes except if you or a member of your project requested it to*. 6 | 7 | {{- if .Values.ingress.enabled }} 8 | {{- if .Values.networking.user.enabled }} 9 | - You can connect to your custom port on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.userHostname }}) 10 | If you don't run your custom service you will get a 502 bad gateway error. 11 | {{- end }} 12 | {{- end }} -------------------------------------------------------------------------------- /charts/ubuntu/templates/ingress-user.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{ if .Values.networking.user.enabled }} 3 | {{- $fullName := include "library-chart.fullname" . -}} 4 | {{- $svcPort := .Values.networking.user.port -}} 5 | apiVersion: networking.k8s.io/v1 6 | kind: Ingress 7 | metadata: 8 | name: {{ $fullName }}-user 9 | labels: 10 | {{- include "library-chart.labels" . | nindent 4 }} 11 | annotations: 12 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 13 | spec: 14 | ingressClassName: {{ .Values.ingress.ingressClassName | quote }} 15 | {{- if .Values.ingress.tls }} 16 | tls: 17 | - hosts: 18 | - {{ .Values.ingress.userHostname | quote }} 19 | {{- end }} 20 | rules: 21 | - host: {{ .Values.ingress.userHostname | quote }} 22 | http: 23 | paths: 24 | - path: / 25 | pathType: Prefix 26 | backend: 27 | service: 28 | name: {{ $fullName }} 29 | port: 30 | number: {{ $svcPort }} 31 | {{- end }} 32 | {{- end }} -------------------------------------------------------------------------------- /charts/ubuntu/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.ubuntu.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" 12 | nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" 13 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 14 | spec: 15 | ingressClassName: {{ .Values.ingress.ingressClassName | quote }} 16 | {{- if .Values.ingress.tls }} 17 | tls: 18 | - hosts: 19 | - {{ .Values.ingress.hostname | quote }} 20 | {{- end }} 21 | rules: 22 | - host: {{ .Values.ingress.hostname | quote }} 23 | http: 24 | paths: 25 | - path: / 26 | pathType: Prefix 27 | backend: 28 | service: 29 | name: {{ $fullName }} 30 | port: 31 | number: {{ $svcPort }} 32 | {{- end }} -------------------------------------------------------------------------------- /charts/ubuntu/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/ubuntu/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/ubuntu/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | spec: 9 | accessModes: 10 | - {{ .Values.persistence.accessMode | quote }} 11 | resources: 12 | requests: 13 | storage: {{ .Values.persistence.size | quote }} 14 | {{- if .Values.persistence.storageClass }} 15 | {{- if (eq "-" .Values.persistence.storageClass) }} 16 | storageClassName: "" 17 | {{- else }} 18 | storageClassName: "{{ .Values.persistence.storageClass }}" 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/ubuntu/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | {{- if .Values.kubernetes.enable -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ include "library-chart.serviceAccountName" . }} 7 | labels: 8 | {{- include "library-chart.labels" . | nindent 4 }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: {{ .Values.kubernetes.role}} 13 | subjects: 14 | - kind: ServiceAccount 15 | name: {{ include "library-chart.serviceAccountName" . }} 16 | namespace: {{ .Release.Namespace }} 17 | {{- end }} 18 | {{- end }} -------------------------------------------------------------------------------- /charts/ubuntu/templates/secret-git.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.secretGit" . }} 2 | -------------------------------------------------------------------------------- /charts/ubuntu/templates/secret-s3.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.secretS3" . }} 2 | -------------------------------------------------------------------------------- /charts/ubuntu/templates/secret-vault.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.secretVault" . }} 2 | -------------------------------------------------------------------------------- /charts/ubuntu/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | ports: 10 | - port: {{ .Values.networking.ubuntu.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | {{ if .Values.networking.user.enabled }} 15 | - port: {{ .Values.networking.user.port }} 16 | targetPort: {{ .Values.networking.user.port }} 17 | protocol: TCP 18 | name: user 19 | {{- end }} 20 | selector: 21 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 22 | -------------------------------------------------------------------------------- /charts/ubuntu/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/ubuntu/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "library-chart.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "library-chart.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/vscode/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/vscode/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | - You can connect to this vscode with your browser on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}) 3 | {{- end }} 4 | - Your access token is **{{ .Values.security.password }}** 5 | 6 | {{- if .Values.ingress.enabled }} 7 | {{- if .Values.networking.user.enabled }} 8 | - You can connect to your custom port on this [link](http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.userHostname }}) 9 | If you don't run your custom service you will get a 502 bad gateway error. 10 | {{- end }} 11 | {{- end }} -------------------------------------------------------------------------------- /charts/vscode/templates/configmap-git.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapGit" . }} 2 | -------------------------------------------------------------------------------- /charts/vscode/templates/configmap-s3.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapS3" . }} 2 | -------------------------------------------------------------------------------- /charts/vscode/templates/configmap-vault.yaml: -------------------------------------------------------------------------------- 1 | {{ include "library-chart.configMapVault" . }} 2 | -------------------------------------------------------------------------------- /charts/vscode/templates/ingress-user.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{ if .Values.networking.user.enabled }} 3 | {{- $fullName := include "library-chart.fullname" . -}} 4 | {{- $svcPort := .Values.networking.user.port -}} 5 | apiVersion: networking.k8s.io/v1 6 | kind: Ingress 7 | metadata: 8 | name: {{ $fullName }}-user 9 | labels: 10 | {{- include "library-chart.labels" . | nindent 4 }} 11 | annotations: 12 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 13 | spec: 14 | {{- if .Values.ingress.tls }} 15 | tls: 16 | - hosts: 17 | - {{ .Values.ingress.userHostname | quote }} 18 | {{- end }} 19 | rules: 20 | - host: {{ .Values.ingress.userHostname | quote }} 21 | http: 22 | paths: 23 | - path: / 24 | pathType: Prefix 25 | backend: 26 | service: 27 | name: {{ $fullName }} 28 | port: 29 | number: {{ $svcPort }} 30 | {{- end }} 31 | {{- end }} -------------------------------------------------------------------------------- /charts/vscode/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "library-chart.fullname" . -}} 3 | {{- $svcPort := .Values.networking.vscode.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "library-chart.labels" . | nindent 4 }} 10 | annotations: 11 | {{- include "library-chart.ingress.annotations" . | nindent 4 }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.hostname | quote }} 17 | {{- end }} 18 | rules: 19 | - host: {{ .Values.ingress.hostname | quote }} 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: {{ $fullName }} 27 | port: 28 | number: {{ $svcPort }} 29 | {{- end }} -------------------------------------------------------------------------------- /charts/vscode/templates/networkpolicy-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | {{- if .Values.ingress.enabled -}} 3 | kind: NetworkPolicy 4 | apiVersion: networking.k8s.io/v1 5 | metadata: 6 | name: {{ include "library-chart.fullname" . }}-2 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 11 | ingress: 12 | - from: 13 | {{- toYaml .Values.security.networkPolicy.from | nindent 4 }} 14 | policyTypes: 15 | - Ingress 16 | {{- end }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/vscode/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.security.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | {{- include "library-chart.selectorLabels" . | nindent 6 }} 10 | ingress: 11 | - from: 12 | - podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/vscode/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "library-chart.fullname" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | spec: 9 | accessModes: 10 | - {{ .Values.persistence.accessMode | quote }} 11 | resources: 12 | requests: 13 | storage: {{ .Values.persistence.size | quote }} 14 | {{- if .Values.persistence.storageClass }} 15 | {{- if (eq "-" .Values.persistence.storageClass) }} 16 | storageClassName: "" 17 | {{- else }} 18 | storageClassName: "{{ .Values.persistence.storageClass }}" 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/vscode/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | {{- if .Values.kubernetes.enable -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ include "library-chart.serviceAccountName" . }} 7 | labels: 8 | {{- include "library-chart.labels" . | nindent 4 }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: {{ .Values.kubernetes.role}} 13 | subjects: 14 | - kind: ServiceAccount 15 | name: {{ include "library-chart.serviceAccountName" . }} 16 | namespace: {{ .Release.Namespace }} 17 | {{- end }} 18 | {{- end }} -------------------------------------------------------------------------------- /charts/vscode/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "library-chart.fullname" . }} 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.networking.type }} 9 | ports: 10 | - port: {{ .Values.networking.vscode.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | {{ if .Values.networking.user.enabled }} 15 | - port: {{ .Values.networking.user.port }} 16 | targetPort: {{ .Values.networking.user.port }} 17 | protocol: TCP 18 | name: user 19 | {{- end }} 20 | selector: 21 | {{- include "library-chart.selectorLabels" . | nindent 4 }} 22 | -------------------------------------------------------------------------------- /charts/vscode/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "library-chart.serviceAccountName" . }} 6 | labels: 7 | {{- include "library-chart.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/vscode/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "library-chart.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "library-chart.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "library-chart.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | --------------------------------------------------------------------------------