├── .gitattributes
├── .github
├── ISSUE_TEMPLATE
│ ├── bug_report.md
│ └── feature_request.md
└── workflows
│ ├── release-docker-image.yml.bak
│ ├── release-helm-chart.yml.bak
│ └── release.yml
├── .gitignore
├── .gitlab-ci.yml
├── LICENSE
├── README.md
├── charts
└── csghub
│ ├── .helmignore
│ ├── Chart.lock
│ ├── Chart.yaml
│ ├── EDITION_GUIDE.md
│ ├── charts
│ ├── casdoor
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── templates
│ │ │ ├── _helpers.tpl
│ │ │ ├── configmap.yaml
│ │ │ ├── deployment.yaml
│ │ │ ├── ingress.yaml
│ │ │ ├── job.yaml
│ │ │ ├── secret.yaml
│ │ │ └── service.yaml
│ │ └── values.yaml
│ ├── coredns
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── templates
│ │ │ ├── _helpers.tpl
│ │ │ ├── configmap.yaml
│ │ │ ├── deployment.yaml
│ │ │ └── service.yaml
│ │ └── values.yaml
│ ├── dataflow
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── templates
│ │ │ ├── _helpers.tpl
│ │ │ ├── configmap.yaml
│ │ │ ├── service.yaml
│ │ │ └── statefulset.yaml
│ │ └── values.yaml
│ ├── fluentd
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── README.md
│ │ ├── dashboards
│ │ │ └── fluentd.json
│ │ ├── templates
│ │ │ ├── NOTES.txt
│ │ │ ├── _helpers.tpl
│ │ │ ├── _pod.tpl
│ │ │ ├── clusterrole.yaml
│ │ │ ├── clusterrolebinding.yaml
│ │ │ ├── configmap-dashboards.yaml
│ │ │ ├── daemonset.yaml
│ │ │ ├── deployment.yaml
│ │ │ ├── files.conf
│ │ │ │ ├── prometheus.yaml
│ │ │ │ └── systemd.yaml
│ │ │ ├── fluentd-configurations-cm.yaml
│ │ │ ├── hpa.yaml
│ │ │ ├── ingress.yaml
│ │ │ ├── podsecuritypolicy.yaml
│ │ │ ├── prometheusrules.yaml
│ │ │ ├── service.yaml
│ │ │ ├── serviceaccount.yaml
│ │ │ ├── servicemonitor.yaml
│ │ │ ├── statefulset.yaml
│ │ │ └── tests
│ │ │ │ └── test-connection.yaml
│ │ └── values.yaml
│ ├── gitaly
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── templates
│ │ │ ├── _helpers.tpl
│ │ │ ├── configmap.yaml
│ │ │ ├── service.yaml
│ │ │ └── statefulset.yaml
│ │ └── values.yaml
│ ├── gitlab-shell
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── templates
│ │ │ ├── _helpers.tpl
│ │ │ ├── configmap.yaml
│ │ │ ├── job.yaml
│ │ │ ├── role.yaml
│ │ │ ├── roleBinding.yaml
│ │ │ ├── service.yaml
│ │ │ ├── serviceAccount.yaml
│ │ │ └── statefulset.yaml
│ │ └── values.yaml
│ ├── ingress-nginx
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── OWNERS
│ │ ├── README.md
│ │ ├── README.md.gotmpl
│ │ ├── ci
│ │ │ ├── admission-webhooks-cert-manager-values.yaml
│ │ │ ├── controller-configmap-addheaders-values.yaml
│ │ │ ├── controller-configmap-proxyheaders-values.yaml
│ │ │ ├── controller-configmap-values.yaml
│ │ │ ├── controller-daemonset-metrics-values.yaml
│ │ │ ├── controller-daemonset-podannotations-values.yaml
│ │ │ ├── controller-daemonset-values.yaml
│ │ │ ├── controller-deployment-metrics-values.yaml
│ │ │ ├── controller-deployment-podannotations-values.yaml
│ │ │ ├── controller-deployment-values.yaml
│ │ │ ├── controller-hpa-values.yaml
│ │ │ ├── controller-ingressclass-values.yaml
│ │ │ ├── controller-service-internal-values.yaml
│ │ │ └── controller-service-values.yaml
│ │ ├── templates
│ │ │ ├── NOTES.txt
│ │ │ ├── _helpers.tpl
│ │ │ ├── _params.tpl
│ │ │ ├── admission-webhooks
│ │ │ │ ├── cert-manager.yaml
│ │ │ │ ├── job-patch
│ │ │ │ │ ├── clusterrole.yaml
│ │ │ │ │ ├── clusterrolebinding.yaml
│ │ │ │ │ ├── job-createSecret.yaml
│ │ │ │ │ ├── job-patchWebhook.yaml
│ │ │ │ │ ├── networkpolicy.yaml
│ │ │ │ │ ├── role.yaml
│ │ │ │ │ ├── rolebinding.yaml
│ │ │ │ │ └── serviceaccount.yaml
│ │ │ │ └── validating-webhook.yaml
│ │ │ ├── clusterrole.yaml
│ │ │ ├── clusterrolebinding.yaml
│ │ │ ├── controller-configmap-addheaders.yaml
│ │ │ ├── controller-configmap-proxyheaders.yaml
│ │ │ ├── controller-configmap-tcp.yaml
│ │ │ ├── controller-configmap-udp.yaml
│ │ │ ├── controller-configmap.yaml
│ │ │ ├── controller-daemonset.yaml
│ │ │ ├── controller-deployment.yaml
│ │ │ ├── controller-hpa.yaml
│ │ │ ├── controller-ingressclass-aliases.yaml
│ │ │ ├── controller-ingressclass.yaml
│ │ │ ├── controller-keda.yaml
│ │ │ ├── controller-networkpolicy.yaml
│ │ │ ├── controller-poddisruptionbudget.yaml
│ │ │ ├── controller-prometheusrule.yaml
│ │ │ ├── controller-role.yaml
│ │ │ ├── controller-rolebinding.yaml
│ │ │ ├── controller-secret.yaml
│ │ │ ├── controller-service-internal.yaml
│ │ │ ├── controller-service-metrics.yaml
│ │ │ ├── controller-service-webhook.yaml
│ │ │ ├── controller-service.yaml
│ │ │ ├── controller-serviceaccount.yaml
│ │ │ ├── controller-servicemonitor.yaml
│ │ │ ├── default-backend-deployment.yaml
│ │ │ ├── default-backend-extra-configmaps.yaml
│ │ │ ├── default-backend-hpa.yaml
│ │ │ ├── default-backend-networkpolicy.yaml
│ │ │ ├── default-backend-poddisruptionbudget.yaml
│ │ │ ├── default-backend-service.yaml
│ │ │ └── default-backend-serviceaccount.yaml
│ │ └── values.yaml
│ ├── minio
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── templates
│ │ │ ├── _helpers.tpl
│ │ │ ├── configmap.yaml
│ │ │ ├── ingress.yaml
│ │ │ ├── job.yaml
│ │ │ ├── secret.yaml
│ │ │ ├── service.yaml
│ │ │ └── statefulset.yaml
│ │ ├── tests
│ │ │ └── secret_test.yaml
│ │ └── values.yaml
│ ├── nats
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── templates
│ │ │ ├── _helpers.tpl
│ │ │ ├── configmap.yaml
│ │ │ ├── service.yaml
│ │ │ └── statefulset.yaml
│ │ └── values.yaml
│ ├── postgresql
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── templates
│ │ │ ├── _helpers.tpl
│ │ │ ├── configmap.yaml
│ │ │ ├── job.yaml
│ │ │ ├── secret.yaml
│ │ │ ├── service.yaml
│ │ │ └── statefulset.yaml
│ │ └── values.yaml
│ ├── redis
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── templates
│ │ │ ├── secret.yaml
│ │ │ ├── service.yaml
│ │ │ └── statefulset.yaml
│ │ └── values.yaml
│ ├── registry
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── templates
│ │ │ ├── _helpers.tpl
│ │ │ ├── configmap.yaml
│ │ │ ├── deployment.yaml
│ │ │ ├── ingress.yaml
│ │ │ ├── secret.yaml
│ │ │ └── service.yaml
│ │ ├── tests
│ │ │ └── secret_test.yaml
│ │ └── values.yaml
│ ├── reloader
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── README.md
│ │ ├── templates
│ │ │ ├── NOTES.txt
│ │ │ ├── _helpers.tpl
│ │ │ ├── clusterrole.yaml
│ │ │ ├── clusterrolebinding.yaml
│ │ │ ├── deployment.yaml
│ │ │ ├── networkpolicy.yaml
│ │ │ ├── poddisruptionbudget.yaml
│ │ │ ├── podmonitor.yaml
│ │ │ ├── role.yaml
│ │ │ ├── rolebinding.yaml
│ │ │ ├── secret.yaml
│ │ │ ├── service.yaml
│ │ │ ├── serviceaccount.yaml
│ │ │ ├── servicemonitor.yaml
│ │ │ └── verticalpodautoscaler.yaml
│ │ ├── tests
│ │ │ └── deployment_test.yaml
│ │ ├── values.schema.json
│ │ └── values.yaml
│ ├── starship
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── charts
│ │ │ ├── agentic
│ │ │ │ ├── .helmignore
│ │ │ │ ├── Chart.yaml
│ │ │ │ ├── templates
│ │ │ │ │ ├── _helpers.tpl
│ │ │ │ │ ├── deployment.yaml
│ │ │ │ │ └── service.yaml
│ │ │ │ └── values.yaml
│ │ │ ├── billing
│ │ │ │ ├── .helmignore
│ │ │ │ ├── Chart.yaml
│ │ │ │ ├── templates
│ │ │ │ │ ├── _helpers.tpl
│ │ │ │ │ ├── configmap.yaml
│ │ │ │ │ ├── deployment.yaml
│ │ │ │ │ └── service.yaml
│ │ │ │ └── values.yaml
│ │ │ ├── frontend
│ │ │ │ ├── .helmignore
│ │ │ │ ├── Chart.yaml
│ │ │ │ ├── templates
│ │ │ │ │ ├── _helpers.tpl
│ │ │ │ │ ├── configmap.yaml
│ │ │ │ │ ├── deployment.yaml
│ │ │ │ │ ├── ingress.yaml
│ │ │ │ │ └── service.yaml
│ │ │ │ └── values.yaml
│ │ │ ├── megalinter-server
│ │ │ │ ├── .helmignore
│ │ │ │ ├── Chart.yaml
│ │ │ │ ├── templates
│ │ │ │ │ ├── _helpers.tpl
│ │ │ │ │ ├── deployment.yaml
│ │ │ │ │ └── service.yaml
│ │ │ │ └── values.yaml
│ │ │ ├── megalinter-worker
│ │ │ │ ├── .helmignore
│ │ │ │ ├── Chart.yaml
│ │ │ │ ├── templates
│ │ │ │ │ ├── _helpers.tpl
│ │ │ │ │ └── deployment.yaml
│ │ │ │ └── values.yaml
│ │ │ ├── secscan
│ │ │ │ ├── .helmignore
│ │ │ │ ├── Chart.yaml
│ │ │ │ ├── templates
│ │ │ │ │ └── deployment.yaml
│ │ │ │ └── values.yaml
│ │ │ ├── web
│ │ │ │ ├── .helmignore
│ │ │ │ ├── Chart.yaml
│ │ │ │ ├── templates
│ │ │ │ │ ├── _helpers.tpl
│ │ │ │ │ ├── configmap-init.yaml
│ │ │ │ │ ├── configmap-ng.yaml
│ │ │ │ │ ├── configmap.yaml
│ │ │ │ │ ├── job.yaml
│ │ │ │ │ ├── service.yaml
│ │ │ │ │ └── statefulset.yaml
│ │ │ │ └── values.yaml
│ │ │ └── worker
│ │ │ │ ├── .helmignore
│ │ │ │ ├── Chart.yaml
│ │ │ │ ├── templates
│ │ │ │ └── deployment.yaml
│ │ │ │ └── values.yaml
│ │ ├── templates
│ │ │ └── _starship.tpl
│ │ └── values.yaml
│ └── temporal
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── templates
│ │ ├── _helpers.tpl
│ │ ├── configmap.yaml
│ │ ├── deployment.yaml
│ │ ├── ingress.yaml
│ │ ├── secret.yaml
│ │ └── service.yaml
│ │ └── values.yaml
│ ├── examples
│ ├── values-ce.yaml
│ ├── values-ee-no-starship.yaml
│ └── values-ee.yaml
│ ├── html
│ ├── 404.html
│ ├── 500.html
│ ├── 502.html
│ ├── 503.html
│ └── deploy.html
│ ├── scripts
│ ├── 01_promote_root.sql
│ ├── 02_seed_space_resources.sql
│ └── 05_seed_tag_categories.sql
│ ├── templates
│ ├── NOTES.txt
│ ├── autoscaler.yaml
│ ├── configmap-accounting.yaml
│ ├── configmap-argo.yaml
│ ├── configmap-error-page.yaml
│ ├── configmap-gateway-moderation.yaml
│ ├── configmap-gateway-rproxy.yaml
│ ├── configmap-knative.yaml
│ ├── configmap-lws.yaml
│ ├── configmap-portal.yaml
│ ├── configmap-runner-init.yaml
│ ├── configmap-runner.yaml
│ ├── configmap-server-init.yaml
│ ├── configmap-server.yaml
│ ├── configmap-space.yaml
│ ├── deployment-accounting.yaml
│ ├── deployment-dataviewer.yaml
│ ├── deployment-gateway.yaml
│ ├── deployment-mirror.yaml
│ ├── deployment-notification.yaml
│ ├── deployment-portal.yaml
│ ├── deployment-runner.yaml
│ ├── deployment-server.yaml
│ ├── deployment-user.yaml
│ ├── helpers
│ │ ├── _annotations.tpl
│ │ ├── _capabilities.tpl
│ │ ├── _csghub.tpl
│ │ ├── _database.tpl
│ │ ├── _deprecated.tpl
│ │ ├── _domain.tpl
│ │ ├── _gitaly.tpl
│ │ ├── _image.tpl
│ │ ├── _ingress.tpl
│ │ ├── _labels.tpl
│ │ ├── _names.tpl
│ │ ├── _objectStore.tpl
│ │ ├── _portal.tpl
│ │ ├── _ports.tpl
│ │ ├── _proxy.tpl
│ │ ├── _redis.tpl
│ │ ├── _registry.tpl
│ │ └── _starship.tpl
│ ├── ingress.yaml
│ ├── job-runner.yaml
│ ├── job-server.yaml
│ ├── namespace.yaml
│ ├── pdb.yaml
│ └── services.yaml
│ ├── tests
│ ├── configmap_test.yaml
│ ├── deployment_test.yaml
│ ├── examples_test.yaml
│ ├── gitaly_test.yaml
│ └── ingress_test.yaml
│ └── values.yaml
├── ct.yaml
├── deploy
├── argo
│ ├── argo.yaml
│ └── rbac.yaml
├── knative
│ ├── kourier.yaml
│ ├── serving-core.yaml
│ ├── serving-crds.yaml
│ ├── serving-default-domain.yaml
│ └── serving-hpa.yaml
└── lws
│ └── manifests.yaml
├── lintconf.yaml
└── quick_install.sh
/.gitattributes:
--------------------------------------------------------------------------------
1 | **/*.tar.gz filter=lfs diff=lfs merge=lfs -text
2 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: Create a report to help us improve
4 | title: ''
5 | labels: ''
6 | assignees: ''
7 |
8 | ---
9 |
10 | **Describe the bug**
11 | A clear and concise description of what the bug is.
12 |
13 | **To Reproduce**
14 | Steps to reproduce the behavior:
15 | 1. Go to '...'
16 | 2. Click on '....'
17 | 3. Scroll down to '....'
18 | 4. See error
19 |
20 | **Expected behavior**
21 | A clear and concise description of what you expected to happen.
22 |
23 | **Screenshots**
24 | If applicable, add screenshots to help explain your problem.
25 |
26 | **Desktop (please complete the following information):**
27 | - OS: [e.g. iOS]
28 | - Browser [e.g. chrome, safari]
29 | - Version [e.g. 22]
30 |
31 | **Smartphone (please complete the following information):**
32 | - Device: [e.g. iPhone6]
33 | - OS: [e.g. iOS8.1]
34 | - Browser [e.g. stock browser, safari]
35 | - Version [e.g. 22]
36 |
37 | **Additional context**
38 | Add any other context about the problem here.
39 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Feature request
3 | about: Suggest an idea for this project
4 | title: ''
5 | labels: ''
6 | assignees: ''
7 |
8 | ---
9 |
10 | **Is your feature request related to a problem? Please describe.**
11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
12 |
13 | **Describe the solution you'd like**
14 | A clear and concise description of what you want to happen.
15 |
16 | **Describe alternatives you've considered**
17 | A clear and concise description of any alternative solutions or features you've considered.
18 |
19 | **Additional context**
20 | Add any other context or screenshots about the feature request here.
21 |
--------------------------------------------------------------------------------
/.github/workflows/release-docker-image.yml.bak:
--------------------------------------------------------------------------------
1 | name: Release Docker Images
2 |
3 | on:
4 | push:
5 | tags:
6 | - 'v\d+\.\d+\.\d+'
7 |
8 | jobs:
9 | build:
10 | permissions:
11 | contents: write
12 | runs-on: self-hosted
13 |
14 | steps:
15 | - name: Checkout
16 | uses: actions/checkout@v4
17 | with:
18 | fetch-depth: 1
19 | lfs: true
20 |
21 | - name: Cache Prune
22 | run: |
23 | docker system prune -f
24 |
25 | - name: Set up QEMU
26 | uses: docker/setup-qemu-action@v3
27 |
28 | - name: Set up Docker Buildx
29 | uses: docker/setup-buildx-action@v3
30 |
31 | - name: Login ACR
32 | uses: docker/login-action@v3
33 | with:
34 | username: ${{ secrets.ACR_USERNAME }}
35 | password: ${{ secrets.ACR_PASSWORD }}
36 | registry: ${{ secrets.ACR_REGISTRY }}
37 |
38 | - name: Extract Docker metadata (tags, labels)
39 | id: meta
40 | uses: docker/metadata-action@v5
41 | with:
42 | images: |
43 | ${{ secrets.ACR_REGISTRY }}/opencsg_public/omnibus-csghub
44 |
45 | - name: Build and push Docker image
46 | uses: docker/build-push-action@v6
47 | with:
48 | context: ./docker
49 | file: ./docker/Dockerfile
50 | push: true
51 | provenance: false
52 | tags: ${{ steps.meta.outputs.tags }}
53 | platforms: linux/amd64,linux/arm64
--------------------------------------------------------------------------------
/.github/workflows/release-helm-chart.yml.bak:
--------------------------------------------------------------------------------
1 | name: Release CSGHub Helm Chart
2 |
3 | on:
4 | push:
5 | tags:
6 | - 'v[0-9]+.[0-9]+.[0-9]+-ce'
7 |
8 | jobs:
9 | package:
10 | permissions:
11 | contents: write
12 | runs-on: ubuntu-latest
13 |
14 | steps:
15 | - name: Checkout
16 | uses: actions/checkout@v4
17 | with:
18 | fetch-depth: 0
19 | lfs: true
20 |
21 | - name: Configure Git
22 | run: |
23 | git config user.name "$GITHUB_ACTOR"
24 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
25 |
26 | - name: Install Helm
27 | uses: azure/setup-helm@v4
28 |
29 | - name: Run chart-releaser
30 | uses: helm/chart-releaser-action@v1.6.0
31 | with:
32 | charts_dir: helm/charts
33 | env:
34 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .idea
2 | .kube
3 | tls.*
4 | *.crt
5 | *.key
6 | **/.kube/*
7 | .DS_Store
8 | *.tgz
9 | __snapshot__
10 | .debug/
11 | .codesouler
--------------------------------------------------------------------------------
/.gitlab-ci.yml:
--------------------------------------------------------------------------------
1 | workflow:
2 | rules:
3 | - if: $CI_COMMIT_TAG =~ /^v\d+.\d+.\d+$/
4 |
5 | stages:
6 | - package
7 | - publish
8 |
9 | variables:
10 | CHART_NAME: "csghub"
11 | CHART_PATH: "charts/csghub"
12 | HELM_REGISTRY: "https://charts.opencsg.com/repository/csghub"
13 |
14 | package:
15 | stage: package
16 | image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/helmpack/chart-testing:v3.13.0
17 | script:
18 | - |
19 | helm package "$CHART_PATH" -d ./
20 | curl -v -u "${HELM_REGISTRY_USER}":"${HELM_REGISTRY_PASSWORD}" \
21 | --upload-file *.tgz \
22 | "${HELM_REGISTRY}"
23 | artifacts:
24 | paths:
25 | - "*.tgz"
26 | expire_in: 1 week
27 |
28 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Repository Purpose Update
2 |
3 | Effective immediately, from version `v1.9.0` this repository will be dedicated exclusively to managing **CSGHub Helm Charts**.
4 |
5 | ## Key Changes
6 | ### 1. Docker Installation Removed
7 |
8 | As the Docker installation method now only requires the image, related documentation and resources have been removed from this repository.
9 |
10 | For the latest installation guide, please refer to:
11 |
12 | - 📚 [CSGHub Documentation Center](https://opencsg.com/docs/csghub/101/install/summary)
13 |
14 | ### 2. Historical Documentation
15 |
16 | Legacy documentation can still be accessed via the `release-*` branches.
17 |
18 | ## Support & Assistance
19 |
20 | If you encounter any issues with:
21 | - Version upgrades
22 | - Data migration
23 |
24 | Please [create an issue](https://github.com/OpenCSGs/csghub-charts/issues) for technical support.
25 |
26 |
27 | _Thank you for your continued support!_
28 |
29 | ---
30 | _The CSGHub Support Team_
--------------------------------------------------------------------------------
/charts/csghub/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 | tests/
--------------------------------------------------------------------------------
/charts/csghub/Chart.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: ingress-nginx
3 | repository: file://charts/ingress-nginx
4 | version: 4.12.0
5 | - name: fluentd
6 | repository: file://charts/fluentd
7 | version: 0.5.2
8 | - name: postgresql
9 | repository: file://charts/postgresql
10 | version: 15.10.0
11 | - name: gitaly
12 | repository: file://charts/gitaly
13 | version: 17.5.0
14 | - name: minio
15 | repository: file://charts/minio
16 | version: 2024.7.15
17 | - name: redis
18 | repository: file://charts/redis
19 | version: 7.2.5
20 | - name: registry
21 | repository: file://charts/registry
22 | version: 2.8.3
23 | - name: coredns
24 | repository: file://charts/coredns
25 | version: 1.11.1
26 | - name: nats
27 | repository: file://charts/nats
28 | version: 2.10.16
29 | - name: temporal
30 | repository: file://charts/temporal
31 | version: 1.25.1
32 | - name: casdoor
33 | repository: file://charts/casdoor
34 | version: 1.799.0
35 | - name: gitlab-shell
36 | repository: file://charts/gitlab-shell
37 | version: 17.5.0
38 | - name: dataflow
39 | repository: file://charts/dataflow
40 | version: 1.4.0
41 | - name: starship
42 | repository: file://charts/starship
43 | version: 0.1.9
44 | - name: reloader
45 | repository: file://charts/reloader
46 | version: 2.1.4
47 | digest: sha256:afabaf5a23022bf7d7dd2fb2741986ba0c75670e6efe9b24c6811b9617083f8b
48 | generated: "2025-07-02T18:56:01.183295+08:00"
49 |
--------------------------------------------------------------------------------
/charts/csghub/charts/casdoor/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/casdoor/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: casdoor
3 | home: https://casdoor.org/
4 | sources:
5 | - https://github.com/casdoor/casdoor
6 | maintainers:
7 | - name: OpenCSG Inc.
8 | email: support@opencsg.com
9 |
10 | # A chart can be either an 'application' or a 'library' chart.
11 | #
12 | # Application charts are a collection of templates that can be packaged into versioned archives
13 | # to be deployed.
14 | #
15 | # Library charts provide useful utilities or functions for the chart developer. They're included as
16 | # a dependency of application charts to inject those utilities and functions into the rendering
17 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
18 | type: application
19 |
20 | # This is the chart version. This version number should be incremented each time you make changes
21 | # to the chart and its templates, including the app version.
22 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
23 | version: 1.799.0
24 |
25 | # This is the version number of the application being deployed. This version number should be
26 | # incremented each time you make changes to the application. Versions are not expected to
27 | # follow Semantic Versioning. They should reflect the version the application is using.
28 | # It is recommended to use it with quotes.
29 | appVersion: "1.799.0"
30 |
--------------------------------------------------------------------------------
/charts/csghub/charts/casdoor/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the internal domain for casdoor
8 | */}}
9 | {{- define "casdoor.internal.domain" -}}
10 | {{- include "common.names.custom" (list . "casdoor") }}
11 | {{- end }}
12 |
13 | {{/*
14 | Define the internal port for casdoor
15 | */}}
16 | {{- define "casdoor.internal.port" -}}
17 | {{- $port := "8000" }}
18 | {{- if hasKey .Values.global "casdoor" }}
19 | {{- if hasKey .Values.global.casdoor "service" }}
20 | {{- if hasKey .Values.global.casdoor.service "port" }}
21 | {{- $port = .Values.global.casdoor.service.port }}
22 | {{- end }}
23 | {{- end }}
24 | {{- end }}
25 | {{- $port | toString -}}
26 | {{- end }}
27 |
28 | {{/*
29 | Define the internal endpoint for casdoor
30 | */}}
31 | {{- define "casdoor.internal.endpoint" -}}
32 | {{- printf "http://%s:%s" (include "casdoor.internal.domain" .) (include "casdoor.internal.port" .) -}}
33 | {{- end }}
34 |
35 | {{/*
36 | Define the external http domain for casdoor
37 | */}}
38 | {{- define "casdoor.external.domain" -}}
39 | {{- include "global.domain" (list . "casdoor") }}
40 | {{- end }}
41 |
42 | {{/*
43 | Define the external endpoint for casdoor
44 | */}}
45 | {{- define "casdoor.external.endpoint" -}}
46 | {{- $domain := include "casdoor.external.domain" . }}
47 | {{- if eq .Values.global.ingress.service.type "NodePort" }}
48 | {{- if .Values.global.ingress.tls.enabled -}}
49 | {{- printf "https://%s:%s" $domain "30443" -}}
50 | {{- else }}
51 | {{- printf "http://%s:%s" $domain "30080" -}}
52 | {{- end }}
53 | {{- else }}
54 | {{- if .Values.global.ingress.tls.enabled -}}
55 | {{- printf "https://%s" $domain -}}
56 | {{- else }}
57 | {{- printf "http://%s" $domain -}}
58 | {{- end }}
59 | {{- end }}
60 | {{- end }}
61 |
62 | {{/*
63 | Random Password for which password not set
64 | */}}
65 | {{- define "casdoor.initPass" -}}
66 | {{- printf "%s@%s" (now | date "15/04") . | sha256sum | b64enc | trunc 24 -}}
67 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/casdoor/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.enabled }}
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | spec:
14 | type: {{ .Values.service.type }}
15 | ports:
16 | - port: {{ .Values.service.port }}
17 | targetPort: 8000
18 | protocol: TCP
19 | name: casdoor
20 | selector:
21 | {{- include "common.labels.selector" . | nindent 4 }}
22 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/coredns/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/coredns/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: coredns
3 | description: CoreDNS is a DNS server/forwarder, written in Go, that chains plugins. Each plugin performs a (DNS) function.
4 | home: https://coredns.io/
5 | icon: https://coredns.io/images/CoreDNS_Colour_Horizontal.png
6 | sources:
7 | - https://github.com/coredns/coredns
8 |
9 | # A chart can be either an 'application' or a 'library' chart.
10 | #
11 | # Application charts are a collection of templates that can be packaged into versioned archives
12 | # to be deployed.
13 | #
14 | # Library charts provide useful utilities or functions for the chart developer. They're included as
15 | # a dependency of application charts to inject those utilities and functions into the rendering
16 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
17 | type: application
18 |
19 | # This is the chart version. This version number should be incremented each time you make changes
20 | # to the chart and its templates, including the app version.
21 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
22 | version: 1.11.1
23 |
24 | # This is the version number of the application being deployed. This version number should be
25 | # incremented each time you make changes to the application. Versions are not expected to
26 | # follow Semantic Versioning. They should reflect the version the application is using.
27 | # It is recommended to use it with quotes.
28 | appVersion: "1.11.1"
29 |
--------------------------------------------------------------------------------
/charts/csghub/charts/coredns/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the ip of coredns within kube-system
8 | */}}
9 | {{- define "system.coredns.ip" -}}
10 | {{- $kubeDNSClusterIP := ""}}
11 | {{- $kubeDNS := (lookup "v1" "Service" "kube-system" "kube-dns") }}
12 | {{- if not $kubeDNS }}
13 | {{- $kubeDNS = (lookup "v1" "Service" "kube-system" "coredns") }}
14 | {{- end }}
15 | {{- if $kubeDNS }}
16 | {{- $kubeDNSClusterIP = $kubeDNS.spec.clusterIP }}
17 | {{- $kubeDNSClusterIP -}}
18 | {{- end }}
19 | {{- end }}
20 |
21 | {{/*
22 | Define the ip of coredns self-managed
23 | */}}
24 | {{- define "coredns.csghub" -}}
25 | {{- $kubeDNSClusterIP := include "system.coredns.ip" . }}
26 | {{- $csghubDNSClusterIP := regexReplaceAll "[0-9]+$" $kubeDNSClusterIP "166" }}
27 | {{- $csghubDNSClusterIP -}}
28 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/coredns/templates/configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if and .Values.enabled }}
7 | apiVersion: v1
8 | kind: ConfigMap
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | data:
14 | corefile: |
15 | .:53 {
16 | {{- range .Values.global.deploy.knative.serving.services }}
17 | forward {{ printf "%s.%s." $.Values.global.deploy.namespace .domain }} /etc/resolv.conf
18 | {{- end }}
19 | forward . {{ include "system.coredns.ip" . }}
20 | log
21 | errors
22 | cache 30
23 | reload
24 | loadbalance
25 | }
26 | {{- range .Values.global.deploy.knative.serving.services }}
27 | {{ .domain }}:53 {
28 | file /var/opt/coredns/{{ .domain }}
29 | log
30 | errors
31 | }
32 | {{- end }}
33 | {{- range .Values.global.deploy.knative.serving.services }}
34 | {{ .domain }}: |
35 | {{- $domain := (printf "%s.%s." $.Values.global.deploy.namespace .domain) }}
36 | $ORIGIN {{ $domain }}
37 | @ 3600 IN SOA ns1.{{ $domain }} admin.{{ $domain }} (
38 | 2022042401 ; Serial
39 | 3600 ; Refresh
40 | 1800 ; Retry
41 | 604800 ; Expire
42 | 86400 ; Minimum TTL
43 | )
44 | * 3600 IN A {{ include "rproxy.nginx.ip" . }}
45 | {{- end }}
46 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/coredns/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if and .Values.enabled }}
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | spec:
14 | type: {{ .Values.service.type }}
15 | clusterIP: {{ include "coredns.csghub" . }}
16 | ports:
17 | - port: {{ .Values.service.port }}
18 | targetPort: 53
19 | protocol: TCP
20 | name: coredns-tcp
21 | - port: {{ .Values.service.port }}
22 | targetPort: 53
23 | protocol: UDP
24 | name: coredns-udp
25 | selector:
26 | {{- include "common.labels.selector" . | nindent 4 }}
27 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/dataflow/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/dataflow/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: dataflow
3 | description: Dataflow is a dataset processing tool that provides dataset support for model training and fine-tuning
4 | home: https://opencsg.com
5 | maintainers:
6 | - name: OpenCSG Inc.
7 | email: support@opencsg.com
8 |
9 | # A chart can be either an 'application' or a 'library' chart.
10 | #
11 | # Application charts are a collection of templates that can be packaged into versioned archives
12 | # to be deployed.
13 | #
14 | # Library charts provide useful utilities or functions for the chart developer. They're included as
15 | # a dependency of application charts to inject those utilities and functions into the rendering
16 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
17 | type: application
18 |
19 | # This is the chart version. This version number should be incremented each time you make changes
20 | # to the chart and its templates, including the app version.
21 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
22 | version: 1.4.0
23 |
24 | # This is the version number of the application being deployed. This version number should be
25 | # incremented each time you make changes to the application. Versions are not expected to
26 | # follow Semantic Versioning. They should reflect the version the application is using.
27 | # It is recommended to use it with quotes.
28 | appVersion: "v1.4.3-ee"
29 |
--------------------------------------------------------------------------------
/charts/csghub/charts/dataflow/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the internal domain for dataflow
8 | */}}
9 | {{- define "dataflow.internal.domain" -}}
10 | {{- include "common.names.custom" (list . "dataflow") }}
11 | {{- end }}
12 |
13 | {{/*
14 | Define the internal port for dataflow
15 | */}}
16 | {{- define "dataflow.internal.port" -}}
17 | {{- $port := "8000" }}
18 | {{- if hasKey .Values.global "dataflow" }}
19 | {{- if hasKey .Values.global.dataflow "service" }}
20 | {{- if hasKey .Values.global.dataflow.service "port" }}
21 | {{- $port = .Values.global.dataflow.service.port | toString }}
22 | {{- end }}
23 | {{- end }}
24 | {{- end }}
25 | {{- $port -}}
26 | {{- end }}
27 |
28 | {{/*
29 | Define the internal endpoint for dataflow
30 | */}}
31 | {{- define "dataflow.internal.endpoint" -}}
32 | {{- printf "http://%s:%s" (include "dataflow.internal.domain" .) (include "dataflow.internal.port" .) }}
33 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/dataflow/templates/configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.global.dataflow.enabled }}
7 | {{- $pgConfig := include "csghub.postgresql.config" (dict "service" .Values "global" .) | fromYaml }}
8 | apiVersion: v1
9 | kind: ConfigMap
10 | metadata:
11 | name: {{ include "common.names.custom" . }}
12 | namespace: {{ .Release.Namespace }}
13 | labels: {{ include "common.labels" . | nindent 4 }}
14 | data:
15 | CSGHUB_ENDPOINT: "{{ include "csghub.external.endpoint" . }}"
16 | DATA_DIR: "/data"
17 | MAX_WORKERS: "99"
18 | RAY_ADDRESS: "auto"
19 | RAY_ENABLE: "false"
20 | RAY_LOG_DIR: "/var/log/dataflow"
21 | API_SERVER: "0.0.0.0"
22 | API_PORT: "8000"
23 | ENABLE_OPENTELEMETRY: "false"
24 | {{- with .Values.openAI }}
25 | AZURE_OPENAI_ENDPOINT: {{ .endpoint }}
26 | AZURE_OPENAI_API_KEY: {{ .apiKey }}
27 | OPENAI_API_VERSION: {{ .apiVersion }}
28 | AZURE_MODEL: {{ .model }}
29 | {{- end }}
30 | DATABASE_HOSTNAME: {{ $pgConfig.host }}
31 | DATABASE_PORT: {{ $pgConfig.port | quote }}
32 | DATABASE_USERNAME: {{ $pgConfig.user }}
33 | DATABASE_PASSWORD: {{ $pgConfig.password | quote }}
34 | DATABASE_DB: {{ $pgConfig.database }}
35 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/dataflow/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.global.dataflow.enabled }}
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | spec:
14 | clusterIP: None
15 | ports:
16 | - port: {{ .Values.service.port }}
17 | targetPort: 8000
18 | protocol: TCP
19 | name: dataflow
20 | selector:
21 | {{- include "common.labels.selector" . | nindent 4 }}
22 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | appVersion: v1.16.2
3 | description: A Helm chart for Kubernetes
4 | home: https://www.fluentd.org/
5 | icon: https://www.fluentd.org/images/miscellany/fluentd-logo_2x.png
6 | maintainers:
7 | - email: eduardo@treasure-data.com
8 | name: edsiper
9 | - email: diogo.filipe.tomas.guerra@cern.ch
10 | name: dioguerra
11 | name: fluentd
12 | sources:
13 | - https://github.com/fluent/fluentd/
14 | - https://github.com/fluent/fluentd-kubernetes-daemonset
15 | version: 0.5.2
16 |
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | Get Fluentd build information by running these commands:
2 |
3 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "fluentd.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
4 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 24231:24231
5 | curl http://127.0.0.1:24231/metrics
6 |
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/clusterrole.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.rbac.create -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | name: {{ include "fluentd.fullname" . }}
6 | labels:
7 | {{- include "fluentd.labels" . | nindent 4 }}
8 | rules:
9 | - apiGroups:
10 | - ""
11 | resources:
12 | - pods
13 | - namespaces
14 | verbs:
15 | - get
16 | - list
17 | - watch
18 | {{- if and .Values.podSecurityPolicy.enabled (semverCompare "<1.25-0" .Capabilities.KubeVersion.GitVersion) }}
19 | - apiGroups:
20 | - policy
21 | resourceNames:
22 | - {{ include "fluentd.fullname" . }}
23 | resources:
24 | - podsecuritypolicies
25 | verbs:
26 | - use
27 | {{- end }}
28 | {{- end -}}
29 |
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/clusterrolebinding.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.rbac.create -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRoleBinding
4 | metadata:
5 | name: {{ include "fluentd.fullname" . }}
6 | labels:
7 | {{- include "fluentd.labels" . | nindent 4 }}
8 | roleRef:
9 | apiGroup: rbac.authorization.k8s.io
10 | kind: ClusterRole
11 | name: {{ include "fluentd.fullname" . }}
12 | subjects:
13 | - kind: ServiceAccount
14 | name: {{ include "fluentd.serviceAccountName" . }}
15 | namespace: {{ .Release.Namespace }}
16 | {{- end -}}
17 |
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/configmap-dashboards.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.dashboards.enabled -}}
2 | {{- range $path, $_ := .Files.Glob "dashboards/*.json" }}
3 | apiVersion: v1
4 | kind: ConfigMap
5 | metadata:
6 | name: dashboard-{{ trimSuffix ".json" (base $path) }}-{{ include "fluentd.shortReleaseName" $ }}
7 | namespace: {{ $.Values.dashboards.namespace | default $.Release.Namespace }}
8 | labels:
9 | {{- include "fluentd.labels" $ | nindent 4 }}
10 | {{- range $key, $val := $.Values.dashboards.labels }}
11 | {{ $key }}: {{ $val }}
12 | {{- end }}
13 | data:
14 | {{ base $path }}: |-
15 | {{- $.Files.Get $path | nindent 4 }}
16 | ---
17 | {{- end }}
18 | {{- end -}}
19 |
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/daemonset.yaml:
--------------------------------------------------------------------------------
1 | {{- if eq .Values.kind "DaemonSet" }}
2 | apiVersion: apps/v1
3 | kind: DaemonSet
4 | metadata:
5 | name: {{ include "fluentd.fullname" . }}
6 | labels:
7 | {{- include "fluentd.labels" . | nindent 4 }}
8 | {{- with .Values.labels }}
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 | {{- with .Values.annotations }}
12 | annotations:
13 | {{- toYaml . | nindent 4 }}
14 | {{- end }}
15 | spec:
16 | selector:
17 | matchLabels:
18 | {{- include "fluentd.selectorLabels" . | nindent 6 }}
19 | {{- with .Values.updateStrategy }}
20 | updateStrategy:
21 | {{- toYaml . | nindent 4 }}
22 | {{- end }}
23 | {{- with .Values.minReadySeconds }}
24 | minReadySeconds: {{ . }}
25 | {{- end }}
26 | template:
27 | metadata:
28 | annotations:
29 | checksum/config: {{ include (print $.Template.BasePath "/fluentd-configurations-cm.yaml") . | sha256sum }}
30 | {{- with .Values.podAnnotations }}
31 | {{- toYaml . | nindent 8 }}
32 | {{- end }}
33 | labels:
34 | {{- include "fluentd.selectorLabels" . | nindent 8 }}
35 | {{- with .Values.podLabels }}
36 | {{- toYaml . | nindent 8 }}
37 | {{- end }}
38 | spec:
39 | {{- include "fluentd.pod" . | nindent 6 }}
40 | {{- end }}
41 |
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/deployment.yaml:
--------------------------------------------------------------------------------
1 | {{- if eq .Values.kind "Deployment" }}
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: {{ include "fluentd.fullname" . }}
6 | labels:
7 | {{- include "fluentd.labels" . | nindent 4 }}
8 | {{- with .Values.labels }}
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 | {{- with .Values.annotations }}
12 | annotations:
13 | {{- toYaml . | nindent 4 }}
14 | {{- end }}
15 | spec:
16 | replicas: {{ .Values.replicaCount }}
17 | {{- with .Values.updateStrategy }}
18 | strategy:
19 | {{- toYaml . | nindent 4 }}
20 | {{- end }}
21 | selector:
22 | matchLabels:
23 | {{- include "fluentd.selectorLabels" . | nindent 6 }}
24 | {{- with .Values.minReadySeconds }}
25 | minReadySeconds: {{ . }}
26 | {{- end }}
27 | template:
28 | metadata:
29 | annotations:
30 | checksum/config: {{ include (print $.Template.BasePath "/fluentd-configurations-cm.yaml") . | sha256sum }}
31 | {{- with .Values.podAnnotations }}
32 | {{- toYaml . | nindent 8 }}
33 | {{- end }}
34 | labels:
35 | {{- include "fluentd.selectorLabels" . | nindent 8 }}
36 | {{- with .Values.podLabels }}
37 | {{- toYaml . | nindent 8 }}
38 | {{- end }}
39 | spec:
40 | {{- include "fluentd.pod" . | nindent 6 }}
41 | {{- end }}
42 |
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/files.conf/prometheus.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | labels:
5 | {{- include "fluentd.labels" . | nindent 4 }}
6 | name: fluentd-prometheus-conf-{{ include "fluentd.shortReleaseName" . }}
7 | data:
8 | prometheus.conf: |-
9 |
10 | @type prometheus
11 | @id in_prometheus
12 | bind "0.0.0.0"
13 | port 24231
14 | metrics_path "/metrics"
15 |
16 |
17 |
18 | @type prometheus_monitor
19 | @id in_prometheus_monitor
20 |
21 |
22 |
23 | @type prometheus_output_monitor
24 | @id in_prometheus_output_monitor
25 |
26 |
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/fluentd-configurations-cm.yaml:
--------------------------------------------------------------------------------
1 | {{- if not .Values.extraFilesConfigMapNameOverride }}
2 | ---
3 | apiVersion: v1
4 | kind: ConfigMap
5 | metadata:
6 | name: fluentd-config-{{ include "fluentd.shortReleaseName" . }}
7 | labels:
8 | {{- include "fluentd.labels" . | nindent 4 }}
9 | data:
10 | {{- range $key, $value := .Values.fileConfigs }}
11 | {{$key }}: |-
12 | {{- $value | nindent 4 }}
13 | {{- end }}
14 | {{- end }}
15 |
16 | {{- if not .Values.mainConfigMapNameOverride }}
17 | ---
18 | apiVersion: v1
19 | kind: ConfigMap
20 | metadata:
21 | name: fluentd-main-{{ include "fluentd.shortReleaseName" . }}
22 | labels:
23 | {{- include "fluentd.labels" . | nindent 4 }}
24 | data:
25 | fluent.conf: |-
26 | # do not collect fluentd logs to avoid infinite loops.
27 |
33 |
34 | @include config.d/*.conf
35 | {{- range $key := .Values.configMapConfigs }}
36 | {{- print "@include " $key ".d/*" | nindent 4 }}
37 | {{- end }}
38 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if and ( eq .Values.kind "Deployment" ) .Values.autoscaling.enabled }}
2 | apiVersion: {{ include "fluentd.hpa.apiVersion" . }}
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "fluentd.fullname" . }}
6 | labels:
7 | {{- include "fluentd.labels" . | nindent 4 }}
8 | spec:
9 | {{- if .Values.autoscaling.behavior }}
10 | behavior:
11 | {{- toYaml .Values.autoscaling.behavior | nindent 4 }}
12 | {{- end }}
13 | scaleTargetRef:
14 | apiVersion: apps/v1
15 | kind: Deployment
16 | name: {{ include "fluentd.fullname" . }}
17 | minReplicas: {{ .Values.autoscaling.minReplicas }}
18 | maxReplicas: {{ .Values.autoscaling.maxReplicas }}
19 | metrics:
20 | {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
21 | - type: Resource
22 | resource:
23 | name: cpu
24 | target:
25 | averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
26 | type: Utilization
27 | {{- end }}
28 | {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
29 | - type: Resource
30 | resource:
31 | name: memory
32 | target:
33 | averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
34 | type: Utilization
35 | {{- end }}
36 | {{- if .Values.autoscaling.customRules -}}
37 | {{- toYaml .Values.autoscaling.customRules | nindent 4}}
38 | {{- end -}}
39 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/ingress.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.ingress.enabled -}}
2 | {{- $fullName := include "fluentd.fullname" . -}}
3 | apiVersion: networking.k8s.io/v1
4 | kind: Ingress
5 | metadata:
6 | name: {{ include "fluentd.fullname" . }}
7 | labels:
8 | {{- include "fluentd.labels" . | nindent 4 }}
9 | {{- with .Values.labels }}
10 | {{- toYaml . | nindent 4 }}
11 | {{- end }}
12 | {{- with .Values.ingress.annotations }}
13 | annotations:
14 | {{- toYaml . | nindent 4 }}
15 | {{- end }}
16 | spec:
17 | {{- if .Values.ingress.tls }}
18 | tls:
19 | {{- range .Values.ingress.tls }}
20 | - hosts:
21 | {{- range .hosts }}
22 | - {{ . | quote }}
23 | {{- end }}
24 | {{- with .secretName }}
25 | secretName: {{ . }}
26 | {{- end }}
27 | {{- end }}
28 | {{- end }}
29 | rules:
30 | {{- range .Values.ingress.hosts }}
31 | - http:
32 | paths:
33 | - path: /
34 | pathType: Prefix
35 | backend:
36 | service:
37 | name: {{ $fullName }}
38 | port:
39 | number: {{ .port }}
40 | {{ if .host -}}
41 | host: {{ .host | quote }}
42 | {{- end -}}
43 | {{- end -}}
44 | {{- end -}}
45 |
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/podsecuritypolicy.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.podSecurityPolicy.enabled (semverCompare "<1.25-0" .Capabilities.KubeVersion.GitVersion) -}}
2 | apiVersion: policy/v1beta1
3 | kind: PodSecurityPolicy
4 | metadata:
5 | name: {{ include "fluentd.fullname" . }}
6 | labels:
7 | {{- include "fluentd.labels" . | nindent 4 }}
8 | {{- if .Values.podSecurityPolicy.annotations }}
9 | annotations:
10 | {{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
11 | {{- end }}
12 | spec:
13 | privileged: false
14 | allowPrivilegeEscalation: false
15 | requiredDropCapabilities:
16 | - ALL
17 | hostNetwork: false
18 | hostIPC: false
19 | hostPID: false
20 | volumes:
21 | - 'configMap'
22 | - 'secret'
23 | - 'hostPath'
24 | {{- if .Values.persistence.enabled }}
25 | - 'persistentVolumeClaim'
26 | {{- end }}
27 | runAsUser:
28 | rule: 'RunAsAny'
29 | seLinux:
30 | rule: 'RunAsAny'
31 | supplementalGroups:
32 | rule: 'MustRunAs'
33 | ranges:
34 | - min: 1
35 | max: 65535
36 | fsGroup:
37 | rule: 'MustRunAs'
38 | ranges:
39 | - min: 1
40 | max: 65535
41 | readOnlyRootFilesystem: false
42 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/prometheusrules.yaml:
--------------------------------------------------------------------------------
1 | {{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) .Values.metrics.prometheusRule.enabled }}
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: PrometheusRule
4 | metadata:
5 | name: {{ template "fluentd.fullname" . }}
6 | {{- if .Values.metrics.prometheusRule.namespace }}
7 | namespace: {{ .Values.metrics.prometheusRule.namespace }}
8 | {{- end }}
9 | labels:
10 | {{- include "fluentd.labels" . | nindent 4 }}
11 | {{- with .Values.metrics.prometheusRule.additionalLabels }}
12 | {{- toYaml . | nindent 4 }}
13 | {{- end }}
14 | spec:
15 | {{- with .Values.metrics.prometheusRule.rules }}
16 | groups:
17 | - name: {{ template "fluentd.fullname" $ }}
18 | rules:
19 | {{- toYaml . | nindent 4 }}
20 | {{- end }}
21 | {{- end }}
22 |
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.service.enabled -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: {{ include "fluentd.fullname" . }}
6 | labels:
7 | {{- include "fluentd.labels" . | nindent 4 }}
8 | {{- with .Values.service.annotations }}
9 | annotations:
10 | {{- toYaml . | nindent 4 }}
11 | {{- end }}
12 | spec:
13 | type: {{ .Values.service.type }}
14 | {{- if .Values.service.loadBalancerIP }}
15 | loadBalancerIP: {{ .Values.service.loadBalancerIP }}
16 | {{- end }}
17 | {{- if .Values.service.externalTrafficPolicy }}
18 | externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
19 | {{- end }}
20 | ports:
21 | - port: 24231
22 | targetPort: metrics
23 | protocol: TCP
24 | name: metrics
25 | {{- if .Values.service.ports }}
26 | {{- range $port := .Values.service.ports }}
27 | - name: {{ $port.name }}
28 | port: {{ $port.containerPort }}
29 | targetPort: {{ $port.containerPort }}
30 | protocol: {{ $port.protocol }}
31 | {{- end }}
32 | {{- end }}
33 | selector:
34 | {{- include "fluentd.selectorLabels" . | nindent 4 }}
35 | {{- end -}}
36 |
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.serviceAccount.create -}}
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | metadata:
5 | name: {{ include "fluentd.serviceAccountName" . }}
6 | labels:
7 | {{- include "fluentd.labels" . | nindent 4 }}
8 | {{- with .Values.serviceAccount.annotations }}
9 | annotations:
10 | {{- toYaml . | nindent 4 }}
11 | {{- end }}
12 | {{- end -}}
13 |
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/servicemonitor.yaml:
--------------------------------------------------------------------------------
1 | {{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) .Values.metrics.serviceMonitor.enabled }}
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: ServiceMonitor
4 | metadata:
5 | name: {{ template "fluentd.fullname" . }}
6 | {{- with .Values.metrics.serviceMonitor.namespace }}
7 | namespace: {{ . }}
8 | {{- end }}
9 | labels:
10 | {{- include "fluentd.labels" . | nindent 4 }}
11 | {{- with .Values.metrics.serviceMonitor.additionalLabels }}
12 | {{- toYaml . | nindent 4 }}
13 | {{- end }}
14 | spec:
15 | jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | default .Release.Name }}
16 | endpoints:
17 | - port: metrics
18 | path: /metrics
19 | {{- with .Values.metrics.serviceMonitor.interval }}
20 | interval: {{ . }}
21 | {{- end }}
22 | {{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
23 | scrapeTimeout: {{ . }}
24 | {{- end }}
25 | {{- if .Values.metrics.serviceMonitor.metricRelabelings }}
26 | metricRelabelings:
27 | {{ tpl (toYaml .Values.metrics.serviceMonitor.metricRelabelings | indent 6) . }}
28 | {{- end }}
29 | {{- if .Values.metrics.serviceMonitor.relabelings }}
30 | relabelings:
31 | {{ toYaml .Values.metrics.serviceMonitor.relabelings | indent 6 }}
32 | {{- end }}
33 | {{- if .Values.metrics.serviceMonitor.namespaceSelector }}
34 | namespaceSelector:
35 | {{ toYaml .Values.metrics.serviceMonitor.namespaceSelector | indent 4 -}}
36 | {{ else }}
37 | namespaceSelector:
38 | matchNames:
39 | - {{ .Release.Namespace }}
40 | {{- end }}
41 | selector:
42 | matchLabels:
43 | {{- include "fluentd.selectorLabels" . | nindent 6 }}
44 | {{- end }}
45 |
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/statefulset.yaml:
--------------------------------------------------------------------------------
1 | {{- if eq .Values.kind "StatefulSet" }}
2 | apiVersion: apps/v1
3 | kind: StatefulSet
4 | metadata:
5 | name: {{ include "fluentd.fullname" . }}
6 | labels:
7 | {{- include "fluentd.labels" . | nindent 4 }}
8 | {{- with .Values.labels }}
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 | {{- with .Values.annotations }}
12 | annotations:
13 | {{- toYaml . | nindent 4 }}
14 | {{- end }}
15 | spec:
16 | replicas: {{ .Values.replicaCount }}
17 | serviceName: {{ include "fluentd.fullname" . }}
18 | {{- with .Values.updateStrategy }}
19 | updateStrategy:
20 | {{- toYaml . | nindent 4 }}
21 | {{- end }}
22 | selector:
23 | matchLabels:
24 | {{- include "fluentd.selectorLabels" . | nindent 6 }}
25 | {{- with .Values.minReadySeconds }}
26 | minReadySeconds: {{ . }}
27 | {{- end }}
28 | template:
29 | metadata:
30 | annotations:
31 | checksum/config: {{ include (print $.Template.BasePath "/fluentd-configurations-cm.yaml") . | sha256sum }}
32 | {{- with .Values.podAnnotations }}
33 | {{- toYaml . | nindent 8 }}
34 | {{- end }}
35 | labels:
36 | {{- include "fluentd.selectorLabels" . | nindent 8 }}
37 | {{- with .Values.podLabels }}
38 | {{- toYaml . | nindent 8 }}
39 | {{- end }}
40 | spec:
41 | {{- include "fluentd.pod" . | nindent 6 }}
42 | {{- if or .Values.persistence.enabled }}
43 | volumeClaimTemplates:
44 | {{- if or .Values.persistence.enabled }}
45 | - metadata:
46 | name: {{ include "fluentd.fullname" . }}-buffer
47 | spec:
48 | accessModes: {{ or .Values.global.persistence.accessMode .Values.persistence.accessMode }}
49 | resources:
50 | requests:
51 | storage: {{ .Values.persistence.size }}
52 | storageClassName: {{ or .Values.global.persistence.storageClass .Values.persistence.storageClass }}
53 | {{- end }}
54 | {{- end }}
55 | {{- end }}
56 |
--------------------------------------------------------------------------------
/charts/csghub/charts/fluentd/templates/tests/test-connection.yaml:
--------------------------------------------------------------------------------
1 | {{/*
2 | Target the very simple case where
3 | fluentd is deployed with the default values
4 | If the fluentd config is overriden and the metrics server removed
5 | this will fail.
6 | */}}
7 | {{ if empty .Values.service.ports }}
8 | apiVersion: v1
9 | kind: Pod
10 | metadata:
11 | name: "{{ include "fluentd.fullname" . }}-test-connection"
12 | labels:
13 | {{- include "fluentd.labels" . | nindent 4 }}
14 | annotations:
15 | "helm.sh/hook": test-success
16 | spec:
17 | containers:
18 | - name: wget
19 | image: busybox
20 | command:
21 | - sh
22 | - -c
23 | - |
24 | set -e
25 | # Give fluentd some time to start up
26 | while :; do nc -vz {{ include "fluentd.fullname" . }}:24231 && break; sleep 1; done
27 | wget '{{ include "fluentd.fullname" . }}:24231/metrics'
28 | restartPolicy: Never
29 | {{ end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/gitaly/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/gitaly/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: gitaly
3 | description: Gitaly is a Git RPC service for handling all the git calls made by GitLab
4 | home: https://gitlab.com/gitlab-org/gitaly
5 | icon: https://www.gitlab.com/assets/logo-8f4c937b2a5d6eac1ef0ebadbe13ec029e932e7eaafcbbfedd99bab2fcda260.svg
6 | keywords:
7 | - gitlab
8 | - gitaly
9 | sources:
10 | - https://gitlab.com/gitlab-org/gitaly
11 |
12 | # A chart can be either an 'application' or a 'library' chart.
13 | #
14 | # Application charts are a collection of templates that can be packaged into versioned archives
15 | # to be deployed.
16 | #
17 | # Library charts provide useful utilities or functions for the chart developer. They're included as
18 | # a dependency of application charts to inject those utilities and functions into the rendering
19 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
20 | type: application
21 |
22 | # This is the chart version. This version number should be incremented each time you make changes
23 | # to the chart and its templates, including the app version.
24 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
25 | version: 17.5.0
26 |
27 | # This is the version number of the application being deployed. This version number should be
28 | # incremented each time you make changes to the application. Versions are not expected to
29 | # follow Semantic Versioning. They should reflect the version the application is using.
30 | # It is recommended to use it with quotes.
31 | appVersion: "v17.5.0"
32 |
--------------------------------------------------------------------------------
/charts/csghub/charts/gitaly/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the internal domain for gitaly
8 | */}}
9 | {{- define "gitaly.internal.domain" -}}
10 | {{- include "common.names.custom" (list . "gitaly") }}
11 | {{- end }}
12 |
13 | {{/*
14 | Define the internal port for gitaly
15 | */}}
16 | {{- define "gitaly.internal.port" -}}
17 | {{- $port := "8075" }}
18 | {{- if hasKey .Values.global "gitaly" }}
19 | {{- if hasKey .Values.global.gitaly "service" }}
20 | {{- if hasKey .Values.global.gitaly.service "port" }}
21 | {{- $port = .Values.global.gitaly.service.port }}
22 | {{- end }}
23 | {{- end }}
24 | {{- end }}
25 | {{- $port | toString -}}
26 | {{- end }}
27 |
28 | {{/*
29 | Define the internal token for gitaly
30 | */}}
31 | {{- define "gitaly.internal.token" -}}
32 | {{- printf "%s@1234!" .Release.Name | b64enc -}}
33 | {{- end }}
34 |
35 | {{/*
36 | Define the internal endpoint for gitaly
37 | */}}
38 | {{- define "gitaly.internal.endpoint" -}}
39 | {{- printf "http://%s:%s" (include "gitaly.internal.domain" .) (include "gitaly.internal.port" .) -}}
40 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/gitaly/templates/configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.global.gitaly.enabled }}
7 | apiVersion: v1
8 | kind: ConfigMap
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | data:
14 | config.toml: |
15 | ## Gitaly configuration (default)
16 | # The directory where Gitaly's executables are stored
17 | bin_dir = "/usr/local/bin"
18 |
19 | # listen on a TCP socket. This is insecure (no authentication)
20 | listen_addr = "0.0.0.0:8075"
21 |
22 | # Git executable settings
23 | [git]
24 | use_bundled_binaries = true
25 |
26 | # storage configuration, expected in $HOME
27 | [[storage]]
28 | name = "default"
29 | path = "/var/opt/gitaly/repositories"
30 |
31 | [logging]
32 | format = "json"
33 | level = {{ .Values.logging.level | quote }}
34 | dir = "/var/log/gitaly"
35 |
36 | [auth]
37 | token = {{ include "gitaly.internal.token" . | quote }}
38 |
39 | [gitlab]
40 | # # URL of the GitLab server.
41 | url = {{ printf "http://%s:%s" (include "common.names.custom" (list . "server")) (include "csghub.svc.port" "server") | quote }}
42 | # # 'relative_url_root' is only needed if a UNIX socket is used in 'url' and GitLab is configured to
43 | # # use a relative path. For example, '/gitlab'.
44 | # relative_url_root = '/'
45 | # # Path of the file containing the secret token used to authenticate with GitLab. Use either 'secret_token' or 'secret'
46 | # # but not both.
47 | # secret_file = "/opt/gitaly/.gitlab_shell_secret"
48 | # # Secret token used to authenticate with GitLab.
49 | secret = "signing-key"
50 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/gitaly/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.global.gitaly.enabled }}
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | spec:
14 | clusterIP: None
15 | ports:
16 | - port: {{ .Values.service.port }}
17 | targetPort: 8075
18 | protocol: TCP
19 | name: gitaly
20 | selector:
21 | {{- include "common.labels.selector" . | nindent 4 }}
22 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/gitlab-shell/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/gitlab-shell/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: gitlab-shell
3 | description: SSH access for GitLab
4 | home: https://about.gitlab.com
5 | icon: https://www.gitlab.com/assets/logo-8f4c937b2a5d6eac1ef0ebadbe13ec029e932e7eaafcbbfedd99bab2fcda260.svg
6 | keywords:
7 | - gitlab
8 | - ssh
9 | maintainers:
10 | - name: GitLab Inc
11 | email: support@gitlab.com
12 | sources:
13 | - https://gitlab.com/gitlab-org/gitlab-shell
14 |
15 | # A chart can be either an 'application' or a 'library' chart.
16 | #
17 | # Application charts are a collection of templates that can be packaged into versioned archives
18 | # to be deployed.
19 | #
20 | # Library charts provide useful utilities or functions for the chart developer. They're included as
21 | # a dependency of application charts to inject those utilities and functions into the rendering
22 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
23 | type: application
24 |
25 | # This is the chart version. This version number should be incremented each time you make changes
26 | # to the chart and its templates, including the app version.
27 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
28 | version: 17.5.0
29 |
30 | # This is the version number of the application being deployed. This version number should be
31 | # incremented each time you make changes to the application. Versions are not expected to
32 | # follow Semantic Versioning. They should reflect the version the application is using.
33 | # It is recommended to use it with quotes.
34 | appVersion: "v17.5.0"
35 |
--------------------------------------------------------------------------------
/charts/csghub/charts/gitlab-shell/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the internal domain for gitlab-shell
8 | */}}
9 | {{- define "gitlab-shell.internal.domain" -}}
10 | {{- include "common.names.custom" (list . "gitlab-shell") }}
11 | {{- end }}
12 |
13 | {{/*
14 | Define the internal port for gitlab-shell
15 | */}}
16 | {{- define "gitlab-shell.internal.port" -}}
17 | {{- $port := "22" }}
18 | {{- if hasKey .Values.global "gitlabShell" }}
19 | {{- if hasKey .Values.global.gitlabShell "service" }}
20 | {{- if hasKey .Values.global.gitlabShell.service "port" }}
21 | {{- $port = .Values.global.gitlabShell.service.port }}
22 | {{- end }}
23 | {{- end }}
24 | {{- end }}
25 | {{- $port | toString -}}
26 | {{- end }}
27 |
28 | {{/*
29 | Define the internal endpoint for gitlab-shell
30 | */}}
31 | {{- define "gitlab-shell.internal.endpoint" -}}
32 | {{- printf "http://%s:%s" (include "gitlab-shell.internal.domain" .) (include "gitlab-shell.internal.port" .) -}}
33 | {{- end }}
34 |
35 | {{/*
36 | Define the external port for gitlab-shell
37 | */}}
38 | {{- define "gitlab-shell.external.port" -}}
39 | {{- if eq .Values.global.ingress.service.type "NodePort" }}
40 | {{- "30022" | toString }}
41 | {{- else }}
42 | {{- "22" | toString }}
43 | {{- end }}
44 | {{- end }}
45 |
--------------------------------------------------------------------------------
/charts/csghub/charts/gitlab-shell/templates/job.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if and .Values.enabled .Values.serviceAccount.create }}
7 | apiVersion: batch/v1
8 | kind: Job
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | annotations:
14 | helm.sh/hook: post-install, post-upgrade
15 | helm.sh/hook-weight: "1"
16 | helm.sh/hook-delete-policy: before-hook-creation
17 | spec:
18 | ttlSecondsAfterFinished: 1200
19 | backoffLimit: 4
20 | activeDeadlineSeconds: 1200
21 | template:
22 | metadata:
23 | name: {{ include "common.names.custom" . }}
24 | labels: {{ include "common.labels" . | nindent 8 }}
25 | spec:
26 | {{- if .Values.serviceAccount.create }}
27 | serviceAccountName: {{ include "common.names.custom" . }}
28 | automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
29 | {{- end }}
30 | restartPolicy: OnFailure
31 | {{- with (or .Values.global.image.pullSecrets .Values.image.pullSecrets) }}
32 | imagePullSecrets:
33 | {{- range . }}
34 | - name: {{ . }}
35 | {{- end }}
36 | {{- end }}
37 | containers:
38 | {{- $_ := set .Values.image "registry" "docker.io" }}
39 | - name: kubectl
40 | image: {{ include "image.fixed.prefix" (list . "bitnami/kubectl:latest" )}}
41 | imagePullPolicy: {{ .Values.image.pullPolicy }}
42 | command: [ "/bin/sh", "-c" ]
43 | args:
44 | - |
45 | kubectl patch configmap {{ printf "%s-ingress-nginx-tcp" .Release.Name }} \
46 | --namespace {{ .Release.Namespace }} \
47 | --type merge \
48 | --patch '{"data":{"22":"{{ printf "%s/%s:22" .Release.Namespace (include "gitlab-shell.internal.domain" .) }}"}}' \
49 | || echo $?
50 | {{- end }}
51 |
--------------------------------------------------------------------------------
/charts/csghub/charts/gitlab-shell/templates/role.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if and .Values.enabled .Values.serviceAccount.create }}
7 | apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
8 | kind: Role
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | rules:
13 | - apiGroups: [""]
14 | resources: ["configmaps"]
15 | verbs: ["get", "list", "watch", "patch"]
16 | {{- end }}
17 |
--------------------------------------------------------------------------------
/charts/csghub/charts/gitlab-shell/templates/roleBinding.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if and .Values.enabled .Values.serviceAccount.create }}
7 | apiVersion: rbac.authorization.k8s.io/v1
8 | kind: RoleBinding
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | subjects:
13 | - kind: ServiceAccount
14 | name: {{ include "common.names.custom" . }}
15 | namespace: {{ .Release.Namespace }}
16 | roleRef:
17 | kind: Role
18 | name: {{ include "common.names.custom" . }}
19 | apiGroup: rbac.authorization.k8s.io
20 | {{- end }}
21 |
--------------------------------------------------------------------------------
/charts/csghub/charts/gitlab-shell/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.enabled }}
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | annotations: {{ .Values.annotations | toYaml | nindent 4 }}
14 | spec:
15 | clusterIP: None
16 | ports:
17 | - port: {{ .Values.service.port }}
18 | targetPort: 22
19 | protocol: TCP
20 | name: gitlab-shell
21 | selector:
22 | {{- include "common.labels.selector" . | nindent 4 }}
23 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/gitlab-shell/templates/serviceAccount.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if and .Values.enabled .Values.serviceAccount.create }}
7 | apiVersion: v1
8 | kind: ServiceAccount
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *~
18 | # Various IDEs
19 | .project
20 | .idea/
21 | *.tmproj
22 | .vscode/
23 | __snapshot__
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/Chart.yaml:
--------------------------------------------------------------------------------
1 | annotations:
2 | artifacthub.io/changes: |
3 | - 'CI: Fix chart testing. (#12258)'
4 | - Update Ingress-Nginx version controller-v1.12.0
5 | artifacthub.io/prerelease: "false"
6 | apiVersion: v2
7 | appVersion: 1.12.0
8 | description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
9 | load balancer
10 | home: https://github.com/kubernetes/ingress-nginx
11 | icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
12 | keywords:
13 | - ingress
14 | - nginx
15 | kubeVersion: '>=1.21.0-0'
16 | maintainers:
17 | - name: cpanato
18 | - name: Gacko
19 | - name: strongjz
20 | - name: tao12345666333
21 | name: ingress-nginx
22 | sources:
23 | - https://github.com/kubernetes/ingress-nginx
24 | version: 4.12.0
25 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/OWNERS:
--------------------------------------------------------------------------------
1 | # See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
2 |
3 | labels:
4 | - area/helm
5 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/ci/admission-webhooks-cert-manager-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | image:
3 | repository: ingress-controller/controller
4 | tag: 1.0.0-dev
5 | digest: null
6 |
7 | service:
8 | type: ClusterIP
9 |
10 | admissionWebhooks:
11 | certManager:
12 | enabled: true
13 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/ci/controller-configmap-addheaders-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | image:
3 | repository: ingress-controller/controller
4 | tag: 1.0.0-dev
5 | digest: null
6 |
7 | service:
8 | type: ClusterIP
9 |
10 | addHeaders:
11 | X-Frame-Options: deny
12 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/ci/controller-configmap-proxyheaders-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | image:
3 | repository: ingress-controller/controller
4 | tag: 1.0.0-dev
5 | digest: null
6 |
7 | service:
8 | type: ClusterIP
9 |
10 | proxySetHeaders:
11 | X-Forwarded-Proto: https
12 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/ci/controller-configmap-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | image:
3 | repository: ingress-controller/controller
4 | tag: 1.0.0-dev
5 | digest: null
6 |
7 | service:
8 | type: ClusterIP
9 |
10 | config:
11 | use-proxy-protocol: "true"
12 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/ci/controller-daemonset-metrics-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | image:
3 | repository: ingress-controller/controller
4 | tag: 1.0.0-dev
5 | digest: null
6 |
7 | service:
8 | type: ClusterIP
9 |
10 | kind: DaemonSet
11 |
12 | metrics:
13 | enabled: true
14 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/ci/controller-daemonset-podannotations-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | image:
3 | repository: ingress-controller/controller
4 | tag: 1.0.0-dev
5 | digest: null
6 |
7 | service:
8 | type: ClusterIP
9 |
10 | kind: DaemonSet
11 |
12 | podAnnotations:
13 | prometheus.io/scrape: "true"
14 | prometheus.io/port: "10254"
15 | prometheus.io/scheme: http
16 | prometheus.io/path: /metrics
17 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/ci/controller-daemonset-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | image:
3 | repository: ingress-controller/controller
4 | tag: 1.0.0-dev
5 | digest: null
6 |
7 | service:
8 | type: ClusterIP
9 |
10 | kind: DaemonSet
11 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/ci/controller-deployment-metrics-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | image:
3 | repository: ingress-controller/controller
4 | tag: 1.0.0-dev
5 | digest: null
6 |
7 | service:
8 | type: ClusterIP
9 |
10 | kind: Deployment
11 |
12 | metrics:
13 | enabled: true
14 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/ci/controller-deployment-podannotations-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | image:
3 | repository: ingress-controller/controller
4 | tag: 1.0.0-dev
5 | digest: null
6 |
7 | service:
8 | type: ClusterIP
9 |
10 | kind: Deployment
11 |
12 | podAnnotations:
13 | prometheus.io/scrape: "true"
14 | prometheus.io/port: "10254"
15 | prometheus.io/scheme: http
16 | prometheus.io/path: /metrics
17 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/ci/controller-deployment-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | image:
3 | repository: ingress-controller/controller
4 | tag: 1.0.0-dev
5 | digest: null
6 |
7 | service:
8 | type: ClusterIP
9 |
10 | kind: Deployment
11 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/ci/controller-hpa-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | image:
3 | repository: ingress-controller/controller
4 | tag: 1.0.0-dev
5 | digest: null
6 |
7 | service:
8 | type: ClusterIP
9 |
10 | autoscaling:
11 | enabled: true
12 | behavior:
13 | scaleDown:
14 | stabilizationWindowSeconds: 300
15 | policies:
16 | - type: Pods
17 | value: 1
18 | periodSeconds: 180
19 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/ci/controller-ingressclass-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | image:
3 | repository: ingress-controller/controller
4 | tag: 1.0.0-dev
5 | digest: null
6 |
7 | service:
8 | type: ClusterIP
9 |
10 | ingressClassResource:
11 | name: custom-nginx
12 | default: true
13 | controllerValue: k8s.io/custom-nginx
14 |
15 | watchIngressWithoutClass: true
16 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/ci/controller-service-internal-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | image:
3 | repository: ingress-controller/controller
4 | tag: 1.0.0-dev
5 | digest: null
6 |
7 | service:
8 | type: ClusterIP
9 |
10 | internal:
11 | enabled: true
12 | annotations:
13 | service.beta.kubernetes.io/aws-load-balancer-internal: "true"
14 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/ci/controller-service-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | image:
3 | repository: ingress-controller/controller
4 | tag: 1.0.0-dev
5 | digest: null
6 |
7 | service:
8 | type: NodePort
9 |
10 | nodePorts:
11 | tcp:
12 | 9000: 30090
13 | udp:
14 | 9001: 30091
15 |
16 | portNamePrefix: port
17 |
18 | tcp:
19 | 9000: default/test:8080
20 |
21 | udp:
22 | 9001: default/test:8080
23 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
6 | annotations:
7 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
9 | labels:
10 | {{- include "ingress-nginx.labels" . | nindent 4 }}
11 | app.kubernetes.io/component: admission-webhook
12 | {{- with .Values.controller.admissionWebhooks.patch.labels }}
13 | {{- toYaml . | nindent 4 }}
14 | {{- end }}
15 | rules:
16 | - apiGroups:
17 | - admissionregistration.k8s.io
18 | resources:
19 | - validatingwebhookconfigurations
20 | verbs:
21 | - get
22 | - update
23 | {{- end }}
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRoleBinding
4 | metadata:
5 | name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
6 | annotations:
7 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
9 | labels:
10 | {{- include "ingress-nginx.labels" . | nindent 4 }}
11 | app.kubernetes.io/component: admission-webhook
12 | {{- with .Values.controller.admissionWebhooks.patch.labels }}
13 | {{- toYaml . | nindent 4 }}
14 | {{- end }}
15 | roleRef:
16 | apiGroup: rbac.authorization.k8s.io
17 | kind: ClusterRole
18 | name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
19 | subjects:
20 | - kind: ServiceAccount
21 | name: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
22 | namespace: {{ include "ingress-nginx.namespace" . }}
23 | {{- end }}
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.networkPolicy.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
2 | apiVersion: networking.k8s.io/v1
3 | kind: NetworkPolicy
4 | metadata:
5 | name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
6 | namespace: {{ include "ingress-nginx.namespace" . }}
7 | annotations:
8 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
9 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
10 | labels:
11 | {{- include "ingress-nginx.labels" . | nindent 4 }}
12 | app.kubernetes.io/component: admission-webhook
13 | {{- with .Values.controller.admissionWebhooks.patch.labels }}
14 | {{- toYaml . | nindent 4 }}
15 | {{- end }}
16 | spec:
17 | podSelector:
18 | matchLabels:
19 | {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
20 | app.kubernetes.io/component: admission-webhook
21 | policyTypes:
22 | - Ingress
23 | - Egress
24 | egress:
25 | - {}
26 | {{- end }}
27 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: Role
4 | metadata:
5 | name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
6 | namespace: {{ include "ingress-nginx.namespace" . }}
7 | annotations:
8 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
9 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
10 | labels:
11 | {{- include "ingress-nginx.labels" . | nindent 4 }}
12 | app.kubernetes.io/component: admission-webhook
13 | {{- with .Values.controller.admissionWebhooks.patch.labels }}
14 | {{- toYaml . | nindent 4 }}
15 | {{- end }}
16 | rules:
17 | - apiGroups:
18 | - ""
19 | resources:
20 | - secrets
21 | verbs:
22 | - get
23 | - create
24 | {{- end }}
25 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: RoleBinding
4 | metadata:
5 | name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
6 | namespace: {{ include "ingress-nginx.namespace" . }}
7 | annotations:
8 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
9 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
10 | labels:
11 | {{- include "ingress-nginx.labels" . | nindent 4 }}
12 | app.kubernetes.io/component: admission-webhook
13 | {{- with .Values.controller.admissionWebhooks.patch.labels }}
14 | {{- toYaml . | nindent 4 }}
15 | {{- end }}
16 | roleRef:
17 | apiGroup: rbac.authorization.k8s.io
18 | kind: Role
19 | name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
20 | subjects:
21 | - kind: ServiceAccount
22 | name: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
23 | namespace: {{ include "ingress-nginx.namespace" . }}
24 | {{- end }}
25 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.serviceAccount.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | metadata:
5 | name: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
6 | namespace: {{ include "ingress-nginx.namespace" . }}
7 | annotations:
8 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
9 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
10 | labels:
11 | {{- include "ingress-nginx.labels" . | nindent 4 }}
12 | app.kubernetes.io/component: admission-webhook
13 | {{- with .Values.controller.admissionWebhooks.patch.labels }}
14 | {{- toYaml . | nindent 4 }}
15 | {{- end }}
16 | automountServiceAccountToken: {{ .Values.controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken }}
17 | {{- end }}
18 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/clusterrolebinding.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.rbac.create (not .Values.rbac.scope) -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRoleBinding
4 | metadata:
5 | labels:
6 | {{- include "ingress-nginx.labels" . | nindent 4 }}
7 | {{- with .Values.controller.labels }}
8 | {{- toYaml . | nindent 4 }}
9 | {{- end }}
10 | name: {{ include "ingress-nginx.fullname" . }}
11 | roleRef:
12 | apiGroup: rbac.authorization.k8s.io
13 | kind: ClusterRole
14 | name: {{ include "ingress-nginx.fullname" . }}
15 | subjects:
16 | - kind: ServiceAccount
17 | name: {{ template "ingress-nginx.serviceAccountName" . }}
18 | namespace: {{ include "ingress-nginx.namespace" . }}
19 | {{- end }}
20 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controller.addHeaders -}}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | labels:
6 | {{- include "ingress-nginx.labels" . | nindent 4 }}
7 | app.kubernetes.io/component: controller
8 | {{- with .Values.controller.labels }}
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 | name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers
12 | namespace: {{ include "ingress-nginx.namespace" . }}
13 | data: {{ toYaml .Values.controller.addHeaders | nindent 2 }}
14 | {{- end }}
15 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controller.proxySetHeaders -}}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | labels:
6 | {{- include "ingress-nginx.labels" . | nindent 4 }}
7 | app.kubernetes.io/component: controller
8 | {{- with .Values.controller.labels }}
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 | name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
12 | namespace: {{ include "ingress-nginx.namespace" . }}
13 | data: {{ toYaml .Values.controller.proxySetHeaders | nindent 2 }}
14 | {{- end }}
15 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/controller-configmap-tcp.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.tcp -}}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | labels:
6 | {{- include "ingress-nginx.labels" . | nindent 4 }}
7 | app.kubernetes.io/component: controller
8 | {{- with .Values.controller.labels }}
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 | {{- if .Values.controller.tcp.annotations }}
12 | annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }}
13 | {{- end }}
14 | name: {{ include "ingress-nginx.fullname" . }}-tcp
15 | namespace: {{ include "ingress-nginx.namespace" . }}
16 | data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }}
17 | {{- end }}
18 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/controller-configmap-udp.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.udp -}}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | labels:
6 | {{- include "ingress-nginx.labels" . | nindent 4 }}
7 | app.kubernetes.io/component: controller
8 | {{- with .Values.controller.labels }}
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 | {{- if .Values.controller.udp.annotations }}
12 | annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }}
13 | {{- end }}
14 | name: {{ include "ingress-nginx.fullname" . }}-udp
15 | namespace: {{ include "ingress-nginx.namespace" . }}
16 | data: {{ tpl (toYaml .Values.udp) . | nindent 2 }}
17 | {{- end }}
18 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/controller-configmap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | labels:
5 | {{- include "ingress-nginx.labels" . | nindent 4 }}
6 | app.kubernetes.io/component: controller
7 | {{- with .Values.controller.labels }}
8 | {{- toYaml . | nindent 4 }}
9 | {{- end }}
10 | {{- if .Values.controller.configAnnotations }}
11 | annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }}
12 | {{- end }}
13 | name: {{ include "ingress-nginx.controller.fullname" . }}
14 | namespace: {{ include "ingress-nginx.namespace" . }}
15 | data:
16 | {{- if .Values.controller.allowSnippetAnnotations }}
17 | allow-snippet-annotations: "true"
18 | {{- end }}
19 | {{- if .Values.controller.addHeaders }}
20 | add-headers: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers
21 | {{- end }}
22 | {{- if .Values.controller.proxySetHeaders }}
23 | proxy-set-headers: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
24 | {{- end }}
25 | {{- if .Values.dhParam }}
26 | ssl-dh-param: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.controller.fullname" . }}
27 | {{- end }}
28 | {{- range $key, $value := .Values.controller.config }}
29 | {{- $key | nindent 2 }}: {{ tpl (toString $value) $ | quote }}
30 | {{- end }}
31 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/controller-hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if and (eq .Values.controller.kind "Deployment") .Values.controller.autoscaling.enabled (not .Values.controller.keda.enabled) -}}
2 | apiVersion: {{ ternary "autoscaling/v2" "autoscaling/v2beta2" (.Capabilities.APIVersions.Has "autoscaling/v2") }}
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | {{- with .Values.controller.autoscaling.annotations }}
6 | annotations: {{ toYaml . | nindent 4 }}
7 | {{- end }}
8 | labels:
9 | {{- include "ingress-nginx.labels" . | nindent 4 }}
10 | app.kubernetes.io/component: controller
11 | {{- with .Values.controller.labels }}
12 | {{- toYaml . | nindent 4 }}
13 | {{- end }}
14 | name: {{ include "ingress-nginx.controller.fullname" . }}
15 | namespace: {{ include "ingress-nginx.namespace" . }}
16 | spec:
17 | scaleTargetRef:
18 | apiVersion: apps/v1
19 | kind: Deployment
20 | name: {{ include "ingress-nginx.controller.fullname" . }}
21 | minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
22 | maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
23 | metrics:
24 | {{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
25 | - type: Resource
26 | resource:
27 | name: memory
28 | target:
29 | type: Utilization
30 | averageUtilization: {{ . }}
31 | {{- end }}
32 | {{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
33 | - type: Resource
34 | resource:
35 | name: cpu
36 | target:
37 | type: Utilization
38 | averageUtilization: {{ . }}
39 | {{- end }}
40 | {{- with .Values.controller.autoscalingTemplate }}
41 | {{- toYaml . | nindent 2 }}
42 | {{- end }}
43 | {{- with .Values.controller.autoscaling.behavior }}
44 | behavior:
45 | {{- toYaml . | nindent 4 }}
46 | {{- end }}
47 | {{- end }}
48 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/controller-ingressclass-aliases.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controller.ingressClassResource.enabled -}}
2 | {{- range .Values.controller.ingressClassResource.aliases }}
3 | ---
4 | apiVersion: networking.k8s.io/v1
5 | kind: IngressClass
6 | metadata:
7 | labels:
8 | {{- include "ingress-nginx.labels" $ | nindent 4 }}
9 | app.kubernetes.io/component: controller
10 | {{- with $.Values.controller.labels }}
11 | {{- toYaml . | nindent 4 }}
12 | {{- end }}
13 | name: {{ . }}
14 | {{- if $.Values.controller.ingressClassResource.annotations }}
15 | annotations: {{ toYaml $.Values.controller.ingressClassResource.annotations | nindent 4 }}
16 | {{- end }}
17 | spec:
18 | controller: {{ $.Values.controller.ingressClassResource.controllerValue }}
19 | {{- with $.Values.controller.ingressClassResource.parameters }}
20 | parameters: {{ toYaml . | nindent 4 }}
21 | {{- end }}
22 | {{- end }}
23 | {{- end }}
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/controller-ingressclass.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controller.ingressClassResource.enabled -}}
2 | apiVersion: networking.k8s.io/v1
3 | kind: IngressClass
4 | metadata:
5 | labels:
6 | {{- include "ingress-nginx.labels" . | nindent 4 }}
7 | app.kubernetes.io/component: controller
8 | {{- with .Values.controller.labels }}
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 | name: {{ .Values.controller.ingressClassResource.name }}
12 | {{- if or .Values.controller.ingressClassResource.default .Values.controller.ingressClassResource.annotations }}
13 | annotations:
14 | {{- if .Values.controller.ingressClassResource.default }}
15 | ingressclass.kubernetes.io/is-default-class: "true"
16 | {{- end }}
17 | {{- if .Values.controller.ingressClassResource.annotations }}
18 | {{- toYaml .Values.controller.ingressClassResource.annotations | nindent 4 }}
19 | {{- end }}
20 | {{- end }}
21 | spec:
22 | controller: {{ .Values.controller.ingressClassResource.controllerValue }}
23 | {{- with .Values.controller.ingressClassResource.parameters }}
24 | parameters: {{ toYaml . | nindent 4 }}
25 | {{- end }}
26 | {{- end }}
27 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/controller-networkpolicy.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controller.networkPolicy.enabled }}
2 | apiVersion: networking.k8s.io/v1
3 | kind: NetworkPolicy
4 | metadata:
5 | labels:
6 | {{- include "ingress-nginx.labels" . | nindent 4 }}
7 | app.kubernetes.io/component: controller
8 | {{- with .Values.controller.labels }}
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 | name: {{ include "ingress-nginx.controller.fullname" . }}
12 | namespace: {{ include "ingress-nginx.namespace" . }}
13 | spec:
14 | podSelector:
15 | matchLabels:
16 | {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
17 | app.kubernetes.io/component: controller
18 | policyTypes:
19 | - Ingress
20 | - Egress
21 | ingress:
22 | - ports:
23 | {{- range $key, $value := .Values.controller.containerPort }}
24 | - protocol: TCP
25 | port: {{ $value }}
26 | {{- end }}
27 | {{- if .Values.controller.metrics.enabled }}
28 | - protocol: TCP
29 | port: {{ .Values.controller.metrics.port }}
30 | {{- end }}
31 | {{- if .Values.controller.admissionWebhooks.enabled }}
32 | - protocol: TCP
33 | port: {{ .Values.controller.admissionWebhooks.port }}
34 | {{- end }}
35 | {{- range $key, $value := .Values.tcp }}
36 | - protocol: TCP
37 | port: {{ $key }}
38 | {{- end }}
39 | {{- range $key, $value := .Values.udp }}
40 | - protocol: UDP
41 | port: {{ $key }}
42 | {{- end }}
43 | egress:
44 | - {}
45 | {{- end }}
46 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml:
--------------------------------------------------------------------------------
1 | # PDB is not supported for DaemonSets.
2 | # https://github.com/kubernetes/kubernetes/issues/108124
3 | {{- if eq .Values.controller.kind "Deployment" }}
4 | {{- $replicas := .Values.controller.replicaCount }}
5 | {{- if and .Values.controller.autoscaling.enabled (not .Values.controller.keda.enabled) }}
6 | {{- $replicas = .Values.controller.autoscaling.minReplicas }}
7 | {{- else if and .Values.controller.keda.enabled (not .Values.controller.autoscaling.enabled) }}
8 | {{- $replicas = .Values.controller.keda.minReplicas }}
9 | {{- end }}
10 | {{- if gt ($replicas | int) 1 }}
11 | apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }}
12 | kind: PodDisruptionBudget
13 | metadata:
14 | labels:
15 | {{- include "ingress-nginx.labels" . | nindent 4 }}
16 | app.kubernetes.io/component: controller
17 | {{- with .Values.controller.labels }}
18 | {{- toYaml . | nindent 4 }}
19 | {{- end }}
20 | name: {{ include "ingress-nginx.controller.fullname" . }}
21 | namespace: {{ include "ingress-nginx.namespace" . }}
22 | {{- if .Values.controller.annotations }}
23 | annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
24 | {{- end }}
25 | spec:
26 | selector:
27 | matchLabels:
28 | {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
29 | app.kubernetes.io/component: controller
30 | {{- if and .Values.controller.minAvailable (not (hasKey .Values.controller "maxUnavailable")) }}
31 | minAvailable: {{ .Values.controller.minAvailable }}
32 | {{- else if .Values.controller.maxUnavailable }}
33 | maxUnavailable: {{ .Values.controller.maxUnavailable }}
34 | {{- end }}
35 | {{- if .Values.controller.unhealthyPodEvictionPolicy }}
36 | unhealthyPodEvictionPolicy: {{ .Values.controller.unhealthyPodEvictionPolicy }}
37 | {{- end }}
38 | {{- end }}
39 | {{- end }}
40 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/controller-prometheusrule.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled -}}
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: PrometheusRule
4 | metadata:
5 | name: {{ include "ingress-nginx.controller.fullname" . }}
6 | {{- if .Values.controller.metrics.prometheusRule.namespace }}
7 | namespace: {{ .Values.controller.metrics.prometheusRule.namespace }}
8 | {{- else }}
9 | namespace: {{ include "ingress-nginx.namespace" . }}
10 | {{- end }}
11 | labels:
12 | {{- include "ingress-nginx.labels" . | nindent 4 }}
13 | app.kubernetes.io/component: controller
14 | {{- if .Values.controller.metrics.prometheusRule.additionalLabels }}
15 | {{- toYaml .Values.controller.metrics.prometheusRule.additionalLabels | nindent 4 }}
16 | {{- end }}
17 | {{- if .Values.controller.metrics.prometheusRule.annotations }}
18 | annotations: {{ toYaml .Values.controller.metrics.prometheusRule.annotations | nindent 4 }}
19 | {{- end }}
20 | spec:
21 | {{- if .Values.controller.metrics.prometheusRule.rules }}
22 | groups:
23 | - name: {{ template "ingress-nginx.name" . }}
24 | rules: {{- toYaml .Values.controller.metrics.prometheusRule.rules | nindent 4 }}
25 | {{- end }}
26 | {{- end }}
27 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/controller-rolebinding.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.rbac.create -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: RoleBinding
4 | metadata:
5 | labels:
6 | {{- include "ingress-nginx.labels" . | nindent 4 }}
7 | app.kubernetes.io/component: controller
8 | {{- with .Values.controller.labels }}
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 | name: {{ include "ingress-nginx.fullname" . }}
12 | namespace: {{ include "ingress-nginx.namespace" . }}
13 | roleRef:
14 | apiGroup: rbac.authorization.k8s.io
15 | kind: Role
16 | name: {{ include "ingress-nginx.fullname" . }}
17 | subjects:
18 | - kind: ServiceAccount
19 | name: {{ template "ingress-nginx.serviceAccountName" . }}
20 | namespace: {{ include "ingress-nginx.namespace" . }}
21 | {{- end }}
22 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/controller-secret.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.dhParam -}}
2 | apiVersion: v1
3 | kind: Secret
4 | metadata:
5 | labels:
6 | {{- include "ingress-nginx.labels" . | nindent 4 }}
7 | app.kubernetes.io/component: controller
8 | {{- with .Values.controller.labels }}
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 | name: {{ include "ingress-nginx.controller.fullname" . }}
12 | namespace: {{ include "ingress-nginx.namespace" . }}
13 | data:
14 | dhparam.pem: {{ .Values.dhParam }}
15 | {{- end }}
16 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/controller-service-webhook.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controller.admissionWebhooks.enabled -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | {{- if .Values.controller.admissionWebhooks.service.annotations }}
6 | annotations: {{ toYaml .Values.controller.admissionWebhooks.service.annotations | nindent 4 }}
7 | {{- end }}
8 | labels:
9 | {{- include "ingress-nginx.labels" . | nindent 4 }}
10 | app.kubernetes.io/component: controller
11 | {{- with .Values.controller.labels }}
12 | {{- toYaml . | nindent 4 }}
13 | {{- end }}
14 | name: {{ include "ingress-nginx.controller.fullname" . }}-admission
15 | namespace: {{ include "ingress-nginx.namespace" . }}
16 | spec:
17 | type: {{ .Values.controller.admissionWebhooks.service.type }}
18 | {{- if .Values.controller.admissionWebhooks.service.clusterIP }}
19 | clusterIP: {{ .Values.controller.admissionWebhooks.service.clusterIP }}
20 | {{- end }}
21 | {{- if .Values.controller.admissionWebhooks.service.externalIPs }}
22 | externalIPs: {{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | nindent 4 }}
23 | {{- end }}
24 | {{- if .Values.controller.admissionWebhooks.service.loadBalancerIP }}
25 | loadBalancerIP: {{ .Values.controller.admissionWebhooks.service.loadBalancerIP }}
26 | {{- end }}
27 | {{- if .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges }}
28 | loadBalancerSourceRanges: {{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | nindent 4 }}
29 | {{- end }}
30 | ports:
31 | - name: https-webhook
32 | port: {{ .Values.controller.admissionWebhooks.service.servicePort }}
33 | targetPort: webhook
34 | {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
35 | appProtocol: https
36 | {{- end }}
37 | selector:
38 | {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
39 | app.kubernetes.io/component: controller
40 | {{- end }}
41 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/controller-serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | {{- if or .Values.serviceAccount.create -}}
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | metadata:
5 | labels:
6 | {{- include "ingress-nginx.labels" . | nindent 4 }}
7 | app.kubernetes.io/component: controller
8 | {{- with .Values.controller.labels }}
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 | name: {{ template "ingress-nginx.serviceAccountName" . }}
12 | namespace: {{ include "ingress-nginx.namespace" . }}
13 | {{- if .Values.serviceAccount.annotations }}
14 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }}
15 | {{- end }}
16 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
17 | {{- end }}
18 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/default-backend-extra-configmaps.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.defaultBackend.enabled }}
2 | {{- range .Values.defaultBackend.extraConfigMaps }}
3 | ---
4 | apiVersion: v1
5 | kind: ConfigMap
6 | metadata:
7 | labels:
8 | {{- include "ingress-nginx.labels" $ | nindent 4 }}
9 | app.kubernetes.io/component: default-backend
10 | {{- with $.Values.defaultBackend.labels }}
11 | {{- toYaml . | nindent 4 }}
12 | {{- end }}
13 | {{- with .labels }}
14 | {{- toYaml . | nindent 4 }}
15 | {{- end }}
16 | name: {{ .name }}
17 | namespace: {{ include "ingress-nginx.namespace" $ }}
18 | data:
19 | {{- with .data }}
20 | {{- toYaml . | nindent 2 }}
21 | {{- end }}
22 | {{- end }}
23 | {{- end }}
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/default-backend-hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.defaultBackend.enabled .Values.defaultBackend.autoscaling.enabled }}
2 | apiVersion: {{ ternary "autoscaling/v2" "autoscaling/v2beta2" (.Capabilities.APIVersions.Has "autoscaling/v2") }}
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | {{- with .Values.defaultBackend.autoscaling.annotations }}
6 | annotations: {{ toYaml . | nindent 4 }}
7 | {{- end }}
8 | labels:
9 | {{- include "ingress-nginx.labels" . | nindent 4 }}
10 | app.kubernetes.io/component: default-backend
11 | {{- with .Values.defaultBackend.labels }}
12 | {{- toYaml . | nindent 4 }}
13 | {{- end }}
14 | name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
15 | namespace: {{ include "ingress-nginx.namespace" . }}
16 | spec:
17 | scaleTargetRef:
18 | apiVersion: apps/v1
19 | kind: Deployment
20 | name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
21 | minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
22 | maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
23 | metrics:
24 | {{- with .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
25 | - type: Resource
26 | resource:
27 | name: memory
28 | target:
29 | type: Utilization
30 | averageUtilization: {{ . }}
31 | {{- end }}
32 | {{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
33 | - type: Resource
34 | resource:
35 | name: cpu
36 | target:
37 | type: Utilization
38 | averageUtilization: {{ . }}
39 | {{- end }}
40 | {{- end }}
41 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/default-backend-networkpolicy.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.defaultBackend.enabled .Values.defaultBackend.networkPolicy.enabled }}
2 | apiVersion: networking.k8s.io/v1
3 | kind: NetworkPolicy
4 | metadata:
5 | labels:
6 | {{- include "ingress-nginx.labels" . | nindent 4 }}
7 | app.kubernetes.io/component: default-backend
8 | {{- with .Values.defaultBackend.labels }}
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 | name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
12 | namespace: {{ include "ingress-nginx.namespace" . }}
13 | spec:
14 | podSelector:
15 | matchLabels:
16 | {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
17 | app.kubernetes.io/component: default-backend
18 | policyTypes:
19 | - Ingress
20 | - Egress
21 | ingress:
22 | - ports:
23 | - protocol: TCP
24 | port: {{ .Values.defaultBackend.port }}
25 | {{- end }}
26 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.defaultBackend.enabled -}}
2 | {{- $replicas := .Values.defaultBackend.replicaCount }}
3 | {{- if .Values.defaultBackend.autoscaling.enabled }}
4 | {{- $replicas = .Values.defaultBackend.autoscaling.minReplicas }}
5 | {{- end }}
6 | {{- if gt ($replicas | int) 1 }}
7 | apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }}
8 | kind: PodDisruptionBudget
9 | metadata:
10 | labels:
11 | {{- include "ingress-nginx.labels" . | nindent 4 }}
12 | app.kubernetes.io/component: default-backend
13 | {{- with .Values.defaultBackend.labels }}
14 | {{- toYaml . | nindent 4 }}
15 | {{- end }}
16 | name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
17 | namespace: {{ include "ingress-nginx.namespace" . }}
18 | spec:
19 | selector:
20 | matchLabels:
21 | {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
22 | app.kubernetes.io/component: default-backend
23 | {{- if and .Values.defaultBackend.minAvailable (not (hasKey .Values.defaultBackend "maxUnavailable")) }}
24 | minAvailable: {{ .Values.defaultBackend.minAvailable }}
25 | {{- else if .Values.defaultBackend.maxUnavailable }}
26 | maxUnavailable: {{ .Values.defaultBackend.maxUnavailable }}
27 | {{- end }}
28 | {{- if .Values.defaultBackend.unhealthyPodEvictionPolicy }}
29 | unhealthyPodEvictionPolicy: {{ .Values.defaultBackend.unhealthyPodEvictionPolicy }}
30 | {{- end }}
31 | {{- end }}
32 | {{- end }}
33 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/default-backend-service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.defaultBackend.enabled -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | {{- if .Values.defaultBackend.service.annotations }}
6 | annotations: {{ toYaml .Values.defaultBackend.service.annotations | nindent 4 }}
7 | {{- end }}
8 | labels:
9 | {{- include "ingress-nginx.labels" . | nindent 4 }}
10 | app.kubernetes.io/component: default-backend
11 | {{- with .Values.defaultBackend.labels }}
12 | {{- toYaml . | nindent 4 }}
13 | {{- end }}
14 | name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
15 | namespace: {{ include "ingress-nginx.namespace" . }}
16 | spec:
17 | type: {{ .Values.defaultBackend.service.type }}
18 | {{- if .Values.defaultBackend.service.clusterIP }}
19 | clusterIP: {{ .Values.defaultBackend.service.clusterIP }}
20 | {{- end }}
21 | {{- if .Values.defaultBackend.service.externalIPs }}
22 | externalIPs: {{ toYaml .Values.defaultBackend.service.externalIPs | nindent 4 }}
23 | {{- end }}
24 | {{- if .Values.defaultBackend.service.loadBalancerIP }}
25 | loadBalancerIP: {{ .Values.defaultBackend.service.loadBalancerIP }}
26 | {{- end }}
27 | {{- if .Values.defaultBackend.service.loadBalancerSourceRanges }}
28 | loadBalancerSourceRanges: {{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | nindent 4 }}
29 | {{- end }}
30 | ports:
31 | - name: http
32 | port: {{ .Values.defaultBackend.service.servicePort }}
33 | protocol: TCP
34 | targetPort: http
35 | {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
36 | appProtocol: http
37 | {{- end }}
38 | selector:
39 | {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
40 | app.kubernetes.io/component: default-backend
41 | {{- end }}
42 |
--------------------------------------------------------------------------------
/charts/csghub/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create -}}
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | metadata:
5 | labels:
6 | {{- include "ingress-nginx.labels" . | nindent 4 }}
7 | app.kubernetes.io/component: default-backend
8 | {{- with .Values.defaultBackend.labels }}
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 | name: {{ include "ingress-nginx.defaultBackend.serviceAccountName" . }}
12 | namespace: {{ include "ingress-nginx.namespace" . }}
13 | automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }}
14 | {{- end }}
15 |
--------------------------------------------------------------------------------
/charts/csghub/charts/minio/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/minio/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: minio
3 | description: Object storage server built for cloud applications and devops.
4 | home: https://minio.io
5 | icon: https://www.minio.io/img/logo_160x160.png
6 | sources:
7 | - https://github.com/minio/minio
8 | maintainers:
9 | - name: OpenCSG Inc.
10 | email: support@opencsg.com
11 |
12 | # A chart can be either an 'application' or a 'library' chart.
13 | #
14 | # Application charts are a collection of templates that can be packaged into versioned archives
15 | # to be deployed.
16 | #
17 | # Library charts provide useful utilities or functions for the chart developer. They're included as
18 | # a dependency of application charts to inject those utilities and functions into the rendering
19 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
20 | type: application
21 |
22 | # This is the chart version. This version number should be incremented each time you make changes
23 | # to the chart and its templates, including the app version.
24 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
25 | version: 2024.7.15
26 |
27 | # This is the version number of the application being deployed. This version number should be
28 | # incremented each time you make changes to the application. Versions are not expected to
29 | # follow Semantic Versioning. They should reflect the version the application is using.
30 | # It is recommended to use it with quotes.
31 | appVersion: "RELEASE.2024-07-15T19-02-30Z"
32 |
--------------------------------------------------------------------------------
/charts/csghub/charts/minio/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the internal domain for minio
8 | */}}
9 | {{- define "minio.internal.domain" -}}
10 | {{- include "common.names.custom" (list . "minio") }}
11 | {{- end }}
12 |
13 | {{/*
14 | Define the internal port for minio
15 | */}}
16 | {{- define "minio.internal.port" -}}
17 | {{- $port := "9000" }}
18 | {{- if hasKey .Values.global "minio" }}
19 | {{- if hasKey .Values.global.minio "service" }}
20 | {{- if hasKey .Values.global.minio.service "port" }}
21 | {{- $port = .Values.global.minio.service.port }}
22 | {{- end }}
23 | {{- end }}
24 | {{- end }}
25 | {{- $port | toString -}}
26 | {{- end }}
27 |
28 | {{/*
29 | Define the internal endpoint for minio
30 | */}}
31 | {{- define "minio.internal.endpoint" -}}
32 | {{- printf "http://%s:%s" (include "minio.internal.domain" .) (include "minio.internal.port" .) -}}
33 | {{- end }}
34 |
35 | {{/*
36 | Define the external domain for minio
37 | */}}
38 | {{- define "minio.external.domain" -}}
39 | {{- include "global.domain" (list . "minio") }}
40 | {{- end }}
41 |
42 | {{/*
43 | Define the external endpoint for minio
44 | */}}
45 | {{- define "minio.external.endpoint" -}}
46 | {{- $domain := include "minio.external.domain" . }}
47 | {{- if eq .Values.global.ingress.service.type "NodePort" }}
48 | {{- if .Values.global.ingress.tls.enabled -}}
49 | {{- printf "https://%s:%s" $domain "30443" -}}
50 | {{- else }}
51 | {{- printf "http://%s:%s" $domain "30080" -}}
52 | {{- end }}
53 | {{- else }}
54 | {{- if .Values.global.ingress.tls.enabled -}}
55 | {{- printf "https://%s" $domain -}}
56 | {{- else }}
57 | {{- printf "http://%s" $domain -}}
58 | {{- end }}
59 | {{- end }}
60 | {{- end }}
61 |
--------------------------------------------------------------------------------
/charts/csghub/charts/minio/templates/configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.global.objectStore.enabled }}
7 | apiVersion: v1
8 | kind: ConfigMap
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | data:
14 | initialize.sh: |
15 | #!/bin/bash
16 | set -eu
17 | # Create alias
18 | ALIAS="myMinio"
19 | {{ printf "mc alias set $ALIAS %s $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD" (include "minio.internal.endpoint" .) }}
20 |
21 | # Apply region
22 | {{- $REGION := .Values.region | default "cn-north-1" }}
23 | mc admin config set "$ALIAS" region name={{ $REGION }}
24 | mc admin service restart "$ALIAS" --quiet
25 |
26 | set +e
27 | {{- $ARGS := "" }}
28 | {{- if $.Values.buckets.versioning }}
29 | {{- $ARGS = printf "--region=%s --ignore-existing --with-versioning" $REGION }}
30 | {{- else }}
31 | {{- $ARGS = printf "--region=%s --ignore-existing" $REGION }}
32 | {{- end }}
33 | # Create buckets
34 | {{- range $BUCKET := .Values.buckets.defaults }}
35 | {{- printf "mc mb %s $ALIAS/%s" $ARGS $BUCKET | nindent 4 }}
36 | {{- end }}
37 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/minio/templates/secret.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.global.objectStore.enabled }}
7 | {{- $objectStoreConfig := include "chart.objectStoreConfig" (dict "service" .Values "global" .) | fromYaml }}
8 | apiVersion: v1
9 | kind: Secret
10 | metadata:
11 | name: {{ include "common.names.custom" . }}
12 | namespace: {{ .Release.Namespace }}
13 | labels: {{ include "common.labels" . | nindent 4 }}
14 | annotations:
15 | helm.sh/resource-policy: keep
16 | type: Opaque
17 | data:
18 | MINIO_ROOT_USER: {{ $objectStoreConfig.accessKey | b64enc }}
19 | MINIO_ROOT_PASSWORD: {{ $objectStoreConfig.secretKey | b64enc}}
20 | {{- end }}
21 |
--------------------------------------------------------------------------------
/charts/csghub/charts/minio/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.global.objectStore.enabled }}
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | spec:
14 | clusterIP: None
15 | ports:
16 | - port: {{ .Values.service.ports.api }}
17 | targetPort: 9000
18 | protocol: TCP
19 | name: api
20 | {{- if .Values.ui.enabled }}
21 | - port: {{ .Values.service.ports.console }}
22 | targetPort: 9001
23 | protocol: TCP
24 | name: console
25 | {{- end }}
26 | selector:
27 | {{- include "common.labels.selector" . | nindent 4 }}
28 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/minio/tests/secret_test.yaml:
--------------------------------------------------------------------------------
1 | suite: minio secrets test
2 | templates:
3 | - secret.yaml
4 | tests:
5 | - it: should render minio secret right
6 | templates:
7 | - secret.yaml
8 | set:
9 | global.objectStore.enabled: true
10 | release:
11 | name: csghub
12 | namespace: csghub
13 | asserts:
14 | - equal:
15 | path: data["MINIO_ROOT_USER"]
16 | value: "minio"
17 | decodeBase64: true
18 |
--------------------------------------------------------------------------------
/charts/csghub/charts/nats/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/nats/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: nats
3 | description: NATS is a simple, secure and performant communications system for digital systems, services and devices. NATS is part of the Cloud Native Computing Foundation (CNCF). NATS has over 40 client language implementations, and its server can run on-premise, in the cloud, at the edge, and even on a Raspberry Pi. NATS can secure and simplify design and operation of modern distributed systems.
4 | home: https://nats.io/
5 | sources:
6 | - https://github.com/nats-io/nats-server
7 |
8 | # A chart can be either an 'application' or a 'library' chart.
9 | #
10 | # Application charts are a collection of templates that can be packaged into versioned archives
11 | # to be deployed.
12 | #
13 | # Library charts provide useful utilities or functions for the chart developer. They're included as
14 | # a dependency of application charts to inject those utilities and functions into the rendering
15 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
16 | type: application
17 |
18 | # This is the chart version. This version number should be incremented each time you make changes
19 | # to the chart and its templates, including the app version.
20 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
21 | version: 2.10.16
22 |
23 | # This is the version number of the application being deployed. This version number should be
24 | # incremented each time you make changes to the application. Versions are not expected to
25 | # follow Semantic Versioning. They should reflect the version the application is using.
26 | # It is recommended to use it with quotes.
27 | appVersion: "2.10.16"
28 |
--------------------------------------------------------------------------------
/charts/csghub/charts/nats/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | apiVersion: v1
7 | kind: Service
8 | metadata:
9 | name: {{ include "common.names.custom" . }}
10 | namespace: {{ .Release.Namespace }}
11 | labels: {{ include "common.labels" . | nindent 4 }}
12 | spec:
13 | type: {{ .Values.service.type }}
14 | ports:
15 | - port: {{ .Values.service.ports.api }}
16 | targetPort: 4222
17 | protocol: TCP
18 | name: api
19 | - port: {{ .Values.service.ports.cluster }}
20 | targetPort: 6222
21 | protocol: TCP
22 | name: cluster
23 | - port: {{ .Values.service.ports.monitor }}
24 | targetPort: 8222
25 | protocol: TCP
26 | name: monitor
27 | selector:
28 | {{- include "common.labels.selector" . | nindent 4 }}
--------------------------------------------------------------------------------
/charts/csghub/charts/postgresql/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/postgresql/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: postgresql
3 | description: PostgreSQL (Postgres) is an open source object-relational database known
4 | for reliability and data integrity. ACID-compliant, it supports foreign keys, joins,
5 | views, triggers and stored procedures.
6 | home: https://postgresql.org
7 | icon: https://www.postgresql.org/media/img/about/press/elephant.png
8 | sources:
9 | - https://postgresql.org
10 | maintainers:
11 | - name: OpenCSG Inc.
12 | email: support@opencsg.com
13 |
14 | # A chart can be either an 'application' or a 'library' chart.
15 | #
16 | # Application charts are a collection of templates that can be packaged into versioned archives
17 | # to be deployed.
18 | #
19 | # Library charts provide useful utilities or functions for the chart developer. They're included as
20 | # a dependency of application charts to inject those utilities and functions into the rendering
21 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
22 | type: application
23 |
24 | # This is the chart version. This version number should be incremented each time you make changes
25 | # to the chart and its templates, including the app version.
26 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
27 | version: 15.10.0
28 |
29 | # This is the version number of the application being deployed. This version number should be
30 | # incremented each time you make changes to the application. Versions are not expected to
31 | # follow Semantic Versioning. They should reflect the version the application is using.
32 | # It is recommended to use it with quotes.
33 | appVersion: "15.10"
34 |
--------------------------------------------------------------------------------
/charts/csghub/charts/postgresql/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the internal domain for postgresql
8 | */}}
9 | {{- define "postgresql.internal.domain" -}}
10 | {{- include "common.names.custom" (list . "postgresql") }}
11 | {{- end }}
12 |
13 | {{/*
14 | Define the internal port for postgresql
15 | */}}
16 | {{- define "postgresql.internal.port" -}}
17 | {{- $port := "5432" }}
18 | {{- if hasKey .Values.global "postgresql" }}
19 | {{- if hasKey .Values.global.postgresql "service" }}
20 | {{- if hasKey .Values.global.postgresql.service "port" }}
21 | {{- $port = .Values.global.postgresql.service.port }}
22 | {{- end }}
23 | {{- end }}
24 | {{- end }}
25 | {{- $port | toString -}}
26 | {{- end }}
27 |
28 | {{/*
29 | Random Password for which password not set
30 | */}}
31 | {{- define "postgresql.initPass" -}}
32 | {{- printf "%s@%s" (now | date "15/04") . | b64enc | sha256sum | trunc 16 -}}
33 | {{- end }}
34 |
35 | {{/*
36 | Define a custom urlencode function.
37 | */}}
38 | {{- define "postgresql.encode" -}}
39 | {{- $value := . -}}
40 | {{- $value | replace "@" "%40" | replace ":" "%3A" -}}
41 | {{- end -}}
--------------------------------------------------------------------------------
/charts/csghub/charts/postgresql/templates/secret.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.global.postgresql.enabled }}
7 | apiVersion: v1
8 | kind: Secret
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | annotations:
14 | helm.sh/resource-policy: keep
15 | type: Opaque
16 | data:
17 | {{- $secretData := (lookup "v1" "Secret" .Release.Namespace (include "common.names.custom" .)).data }}
18 | {{- range $database := (append .Values.databases "postgres") }}
19 | {{- $username := $database -}}
20 | {{- $password := include "postgresql.initPass" $database | b64enc }}
21 | {{- if $secretData }}
22 | {{- $secretPassword := index $secretData $username }}
23 | {{- if $secretPassword }}
24 | {{- $password = $secretPassword }}
25 | {{- end }}
26 | {{- end }}
27 | {{- if and $username $password }}
28 | {{ $username }}: {{ $password }}
29 | {{- end }}
30 | {{- end }}
31 | {{- end }}
32 |
--------------------------------------------------------------------------------
/charts/csghub/charts/postgresql/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.global.postgresql.enabled }}
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | spec:
14 | clusterIP: None
15 | ports:
16 | - port: {{ .Values.service.port }}
17 | targetPort: 5432
18 | protocol: TCP
19 | name: postgresql
20 | selector:
21 | {{- include "common.labels.selector" . | nindent 4 }}
22 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/redis/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/redis/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: redis
3 | description: Redis(R) is an open source, advanced key-value store. It is often referred
4 | to as a data structure server since keys can contain strings, hashes, lists, sets
5 | and sorted sets.
6 | home: https://redis.io/
7 | icon: https://redis.io/wp-content/uploads/2024/04/Logotype.svg?auto=webp&quality=85,75&width=120
8 | sources:
9 | - https://github.com/redis/redis
10 | maintainers:
11 | - name: OpenCSG Inc.
12 | email: support@opencsg.com
13 |
14 | # A chart can be either an 'application' or a 'library' chart.
15 | #
16 | # Application charts are a collection of templates that can be packaged into versioned archives
17 | # to be deployed.
18 | #
19 | # Library charts provide useful utilities or functions for the chart developer. They're included as
20 | # a dependency of application charts to inject those utilities and functions into the rendering
21 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
22 | type: application
23 |
24 | # This is the chart version. This version number should be incremented each time you make changes
25 | # to the chart and its templates, including the app version.
26 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
27 | version: 7.2.5
28 |
29 | # This is the version number of the application being deployed. This version number should be
30 | # incremented each time you make changes to the application. Versions are not expected to
31 | # follow Semantic Versioning. They should reflect the version the application is using.
32 | # It is recommended to use it with quotes.
33 | appVersion: "7.2.5"
34 |
--------------------------------------------------------------------------------
/charts/csghub/charts/redis/templates/secret.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.global.redis.enabled }}
7 | apiVersion: v1
8 | kind: Secret
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | annotations:
14 | helm.sh/resource-policy: keep
15 | type: Opaque
16 | data:
17 | {{- $password := include "csghub.redis.password" . | b64enc }}
18 | {{- $secretData := (lookup "v1" "Secret" .Release.Namespace (include "common.names.custom" .)).data }}
19 | {{- if $secretData }}
20 | {{- $secretPass := index $secretData "REDIS_PASSWD" }}
21 | {{- if $secretPass }}
22 | {{- $password = $secretPass }}
23 | {{- end }}
24 | {{- end }}
25 | REDIS_PASSWD: {{ $password | quote }}
26 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/redis/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.global.redis.enabled }}
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | spec:
14 | clusterIP: None
15 | ports:
16 | - port: {{ .Values.service.port }}
17 | targetPort: 6379
18 | protocol: TCP
19 | name: redis
20 | selector:
21 | {{- include "common.labels.selector" . | nindent 4 }}
22 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/registry/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/registry/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: registry
3 | description: Distribution implementation for storing and distributing of container images and artifacts
4 | home: https://distribution.github.io/distribution/
5 | icon: https://distribution.github.io/distribution/brand.svg
6 | sources:
7 | - https://github.com/distribution/distribution
8 | maintainers:
9 | - name: OpenCSG Inc.
10 | email: support@opencsg.com
11 |
12 | # A chart can be either an 'application' or a 'library' chart.
13 | #
14 | # Application charts are a collection of templates that can be packaged into versioned archives
15 | # to be deployed.
16 | #
17 | # Library charts provide useful utilities or functions for the chart developer. They're included as
18 | # a dependency of application charts to inject those utilities and functions into the rendering
19 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
20 | type: application
21 |
22 | # This is the chart version. This version number should be incremented each time you make changes
23 | # to the chart and its templates, including the app version.
24 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
25 | version: 2.8.3
26 |
27 | # This is the version number of the application being deployed. This version number should be
28 | # incremented each time you make changes to the application. Versions are not expected to
29 | # follow Semantic Versioning. They should reflect the version the application is using.
30 | # It is recommended to use it with quotes.
31 | appVersion: "2.8.3"
32 |
--------------------------------------------------------------------------------
/charts/csghub/charts/registry/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the external domain for registry
8 | */}}
9 | {{- define "registry.external.domain" -}}
10 | {{- include "global.domain" (list . "registry") }}
11 | {{- end }}
12 |
13 | {{/*
14 | Define the external endpoint for registry
15 | */}}
16 | {{- define "registry.external.endpoint" -}}
17 | {{- $domain := include "registry.external.domain" . }}
18 | {{- if eq .Values.global.ingress.service.type "NodePort" }}
19 | {{- if eq (include "global.ingress.tls.enabled" .) "true" }}
20 | {{- printf "%s:%s" $domain "30443" -}}
21 | {{- else }}
22 | {{- printf "%s:%s" $domain "30080" -}}
23 | {{- end }}
24 | {{- else }}
25 | {{- printf "%s" $domain -}}
26 | {{- end }}
27 | {{- end }}
28 |
29 | {{/*
30 | Random Password for which password not set
31 | */}}
32 | {{- define "registry.initPass" -}}
33 | {{- printf "%s@%s" (now | date "15/04") . | b64enc | sha256sum | trunc 16 -}}
34 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/registry/templates/configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if and .Values.global.registry.enabled .Values.global.deploy.enabled }}
7 | {{- $objectStoreConfig := include "chart.objectStoreConfig" (dict "service" .Values "global" .) | fromYaml }}
8 | apiVersion: v1
9 | kind: ConfigMap
10 | metadata:
11 | name: {{ include "common.names.custom" . }}
12 | namespace: {{ .Release.Namespace }}
13 | labels: {{ include "common.labels" . | nindent 4 }}
14 | data:
15 | REGISTRY_AUTH: "htpasswd"
16 | REGISTRY_AUTH_HTPASSWD_REALM: "Registry Realm"
17 | REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
18 | REGISTRY_STORAGE: s3
19 | REGISTRY_STORAGE_REDIRECT_DISABLE: "true"
20 | REGISTRY_STORAGE_S3_REGIONENDPOINT: {{ $objectStoreConfig.endpoint }}
21 | {{- if not .Values.global.objectStore.enabled }}
22 | REGISTRY_STORAGE_S3_ACCESSKEY: {{ $objectStoreConfig.accessKey }}
23 | REGISTRY_STORAGE_S3_SECRETKEY: {{ $objectStoreConfig.secretKey }}
24 | {{- end }}
25 | REGISTRY_STORAGE_S3_REGION: {{ $objectStoreConfig.region }}
26 | REGISTRY_STORAGE_S3_BUCKET: {{ $objectStoreConfig.bucket }}
27 | REGISTRY_STORAGE_S3_ENCRYPT: {{ $objectStoreConfig.encrypt | quote }}
28 | REGISTRY_STORAGE_S3_SECURE: {{ $objectStoreConfig.secure | quote }}
29 | REGISTRY_STORAGE_S3_FORCEPATHSTYLE: {{ $objectStoreConfig.pathStyle | quote }}
30 | {{- end }}
31 |
--------------------------------------------------------------------------------
/charts/csghub/charts/registry/templates/secret.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- $registryConfig := include "chart.registryConfig" (dict "service" .Values "global" .) | fromYaml }}
7 | {{- if and .Values.global.registry.enabled .Values.global.deploy.enabled }}
8 | apiVersion: v1
9 | kind: Secret
10 | metadata:
11 | name: {{ include "common.names.custom" . }}
12 | namespace: {{ .Release.Namespace }}
13 | labels: {{ include "common.labels" . | nindent 4 }}
14 | annotations:
15 | helm.sh/resource-policy: keep
16 | type: Opaque
17 | data:
18 | htpasswd: {{ $registryConfig.htpasswd | b64enc }}
19 | REGISTRY_USERNAME: {{ $registryConfig.username | b64enc }}
20 | REGISTRY_PASSWORD: {{ $registryConfig.password | b64enc }}
21 | {{- end }}
22 | ---
23 | apiVersion: v1
24 | kind: Secret
25 | metadata:
26 | name: {{ include "common.names.custom" (list . "registry-docker-config") }}
27 | {{- if .Values.global.deploy.mergingNamespace }}
28 | namespace: {{ .Values.global.deploy.namespace }}
29 | {{- else }}
30 | namespace: {{ .Values.global.deploy.imageBuilder.namespace }}
31 | {{- end }}
32 | labels: {{ include "common.labels" . | nindent 4 }}
33 | annotations:
34 | helm.sh/resource-policy: keep
35 | type: kubernetes.io/dockerconfigjson
36 | data:
37 | .dockerconfigjson: {{ printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" $registryConfig.repository $registryConfig.username $registryConfig.password (printf "%s:%s" $registryConfig.username $registryConfig.password | b64enc) | b64enc }}
38 |
39 |
40 |
--------------------------------------------------------------------------------
/charts/csghub/charts/registry/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if and .Values.global.registry.enabled .Values.global.deploy.enabled }}
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | spec:
14 | type: {{ .Values.service.type }}
15 | ports:
16 | - port: 5000
17 | targetPort: 5000
18 | protocol: TCP
19 | name: registry
20 | selector:
21 | {{- include "common.labels.selector" . | nindent 4 }}
22 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/registry/tests/secret_test.yaml:
--------------------------------------------------------------------------------
1 | suite: registry secrets test
2 | templates:
3 | - secret.yaml
4 | tests:
5 | - it: should render registry secret right
6 | templates:
7 | - secret.yaml
8 | set:
9 | global.registry.enabled: true
10 | global.deploy.enabled: true
11 | registry.username: "registry666"
12 | registry.password: "registry@2025!"
13 | release:
14 | name: csghub
15 | namespace: csghub
16 | documentSelector:
17 | path: metadata.name
18 | value: csghub-registry
19 | asserts:
20 | - equal:
21 | path: data["REGISTRY_USERNAME"]
22 | value: "registry666"
23 | decodeBase64: true
24 | - equal:
25 | path: data["REGISTRY_PASSWORD"]
26 | value: "registry@2025!"
27 | decodeBase64: true
28 |
29 | - it: should render registry-docker-config secret right
30 | templates:
31 | - secret.yaml
32 | set:
33 | global.registry.enabled: true
34 | global.deploy.enabled: true
35 | global.ingress.domain: "opencsg-poc.com"
36 | registry.username: "registry666"
37 | registry.password: "registry@2025!"
38 | release:
39 | name: csghub
40 | namespace: csghub
41 | documentSelector:
42 | path: metadata.name
43 | value: csghub-registry-docker-config
44 | asserts:
45 | - matchRegex:
46 | path: data[".dockerconfigjson"]
47 | pattern: '"registry.opencsg-poc.com":{"username":"registry666","password":"registry@2025!",'
48 | decodeBase64: true
49 |
50 |
--------------------------------------------------------------------------------
/charts/csghub/charts/reloader/.helmignore:
--------------------------------------------------------------------------------
1 | # OWNERS file for Kubernetes
2 | OWNERS
3 |
--------------------------------------------------------------------------------
/charts/csghub/charts/reloader/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | appVersion: v1.4.4
3 | description: Reloader chart that runs on kubernetes
4 | home: https://github.com/stakater/Reloader
5 | icon: https://raw.githubusercontent.com/stakater/Reloader/master/assets/web/reloader-round-100px.png
6 | keywords:
7 | - Reloader
8 | - kubernetes
9 | maintainers:
10 | - email: hello@stakater.com
11 | name: Stakater
12 | - email: rasheed@stakater.com
13 | name: rasheedamir
14 | - email: faizan@stakater.com
15 | name: faizanahmad055
16 | name: reloader
17 | sources:
18 | - https://github.com/stakater/Reloader
19 | version: 2.1.4
20 |
--------------------------------------------------------------------------------
/charts/csghub/charts/reloader/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | - For a `Deployment` called `foo` have a `ConfigMap` called `foo-configmap`. Then add this annotation to main metadata of your `Deployment`
2 | {{ .Values.reloader.custom_annotations.configmap | default "configmap.reloader.stakater.com/reload" }}: "foo-configmap"
3 |
4 | - For a `Deployment` called `foo` have a `Secret` called `foo-secret`. Then add this annotation to main metadata of your `Deployment`
5 | {{ .Values.reloader.custom_annotations.secret | default "secret.reloader.stakater.com/reload" }}: "foo-secret"
6 |
7 | - After successful installation, your pods will get rolling updates when a change in data of configmap or secret will happen.
8 |
--------------------------------------------------------------------------------
/charts/csghub/charts/reloader/templates/clusterrolebinding.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.reloader.watchGlobally (.Values.reloader.rbac.enabled) }}
2 | {{- if (.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1") }}
3 | apiVersion: rbac.authorization.k8s.io/v1
4 | {{ else }}
5 | apiVersion: rbac.authorization.k8s.io/v1beta1
6 | {{- end }}
7 | kind: ClusterRoleBinding
8 | metadata:
9 | annotations:
10 | {{ include "reloader-helm3.annotations" . | indent 4 }}
11 | labels:
12 | {{ include "reloader-labels.chart" . | indent 4 }}
13 | {{- if .Values.reloader.rbac.labels }}
14 | {{ toYaml .Values.reloader.rbac.labels | indent 4 }}
15 | {{- end }}
16 | {{- if .Values.reloader.matchLabels }}
17 | {{ toYaml .Values.reloader.matchLabels | indent 4 }}
18 | {{- end }}
19 | name: {{ template "reloader-fullname" . }}-role-binding
20 | roleRef:
21 | apiGroup: rbac.authorization.k8s.io
22 | kind: ClusterRole
23 | name: {{ template "reloader-fullname" . }}-role
24 | subjects:
25 | - kind: ServiceAccount
26 | name: {{ template "reloader-serviceAccountName" . }}
27 | namespace: {{ .Values.namespace | default .Release.Namespace }}
28 | {{- end }}
29 |
--------------------------------------------------------------------------------
/charts/csghub/charts/reloader/templates/networkpolicy.yaml:
--------------------------------------------------------------------------------
1 | {{- if and ( .Values.reloader.netpol.enabled ) }}
2 | apiVersion: networking.k8s.io/v1
3 | kind: NetworkPolicy
4 | metadata:
5 | annotations:
6 | {{ include "reloader-helm3.annotations" . | indent 4 }}
7 | labels:
8 | {{ include "reloader-labels.chart" . | indent 4 }}
9 | {{- if .Values.reloader.matchLabels }}
10 | {{ toYaml .Values.reloader.matchLabels | indent 4 }}
11 | {{- end }}
12 | name: {{ template "reloader-fullname" . }}
13 | namespace: {{ .Values.namespace | default .Release.Namespace }}
14 | spec:
15 | podSelector:
16 | matchLabels:
17 | app: {{ template "reloader-fullname" . }}
18 | release: {{ .Release.Name | quote }}
19 | {{- if .Values.reloader.matchLabels }}
20 | {{ toYaml .Values.reloader.matchLabels | indent 6 }}
21 | {{- end }}
22 | policyTypes:
23 | - Ingress
24 | - Egress
25 | ingress:
26 | - ports:
27 | - port: http
28 | {{- with .Values.reloader.netpol.from}}
29 | from:
30 | {{- toYaml .| nindent 8 }}
31 | {{- end }}
32 | egress:
33 | - ports:
34 | - port: 443
35 | {{- with .Values.reloader.netpol.to}}
36 | to:
37 | {{- toYaml .| nindent 8 }}
38 | {{- end }}
39 | {{- end }}
40 |
--------------------------------------------------------------------------------
/charts/csghub/charts/reloader/templates/poddisruptionbudget.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.reloader.podDisruptionBudget.enabled }}
2 | apiVersion: policy/v1
3 | kind: PodDisruptionBudget
4 | metadata:
5 | name: {{ template "reloader-fullname" . }}
6 | namespace: {{ .Values.namespace | default .Release.Namespace }}
7 | spec:
8 | {{- if .Values.reloader.podDisruptionBudget.maxUnavailable }}
9 | maxUnavailable: {{ .Values.reloader.podDisruptionBudget.maxUnavailable }}
10 | {{- end }}
11 | {{- if and .Values.reloader.podDisruptionBudget.minAvailable (not .Values.reloader.podDisruptionBudget.maxUnavailable)}}
12 | minAvailable: {{ .Values.reloader.podDisruptionBudget.minAvailable }}
13 | {{- end }}
14 | selector:
15 | matchLabels:
16 | app: {{ template "reloader-fullname" . }}
17 | {{- end }}
18 |
--------------------------------------------------------------------------------
/charts/csghub/charts/reloader/templates/rolebinding.yaml:
--------------------------------------------------------------------------------
1 | {{- if and (not (.Values.reloader.watchGlobally)) (.Values.reloader.rbac.enabled) }}
2 | {{- if (.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1") }}
3 | apiVersion: rbac.authorization.k8s.io/v1
4 | {{ else }}
5 | apiVersion: rbac.authorization.k8s.io/v1beta1
6 | {{- end }}
7 | kind: RoleBinding
8 | metadata:
9 | annotations:
10 | {{ include "reloader-helm3.annotations" . | indent 4 }}
11 | labels:
12 | {{ include "reloader-labels.chart" . | indent 4 }}
13 | {{- if .Values.reloader.rbac.labels }}
14 | {{ toYaml .Values.reloader.rbac.labels | indent 4 }}
15 | {{- end }}
16 | {{- if .Values.reloader.matchLabels }}
17 | {{ toYaml .Values.reloader.matchLabels | indent 4 }}
18 | {{- end }}
19 | name: {{ template "reloader-fullname" . }}-role-binding
20 | namespace: {{ .Values.namespace | default .Release.Namespace }}
21 | roleRef:
22 | apiGroup: rbac.authorization.k8s.io
23 | kind: Role
24 | name: {{ template "reloader-fullname" . }}-role
25 | subjects:
26 | - kind: ServiceAccount
27 | name: {{ template "reloader-serviceAccountName" . }}
28 | namespace: {{ .Values.namespace | default .Release.Namespace }}
29 | {{- end }}
30 |
--------------------------------------------------------------------------------
/charts/csghub/charts/reloader/templates/secret.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.reloader.deployment.env.secret -}}
2 | apiVersion: v1
3 | kind: Secret
4 | metadata:
5 | name: {{ template "reloader-fullname" . }}
6 | namespace: {{ .Values.namespace | default .Release.Namespace }}
7 | type: Opaque
8 | data:
9 | {{ if .Values.reloader.deployment.env.secret.ALERT_ON_RELOAD -}}
10 | ALERT_ON_RELOAD: {{ .Values.reloader.deployment.env.secret.ALERT_ON_RELOAD | b64enc | quote }}
11 | {{ end }}
12 | {{- if .Values.reloader.deployment.env.secret.ALERT_SINK -}}
13 | ALERT_SINK: {{ .Values.reloader.deployment.env.secret.ALERT_SINK | b64enc | quote }}
14 | {{ end }}
15 | {{- if .Values.reloader.deployment.env.secret.ALERT_WEBHOOK_URL -}}
16 | ALERT_WEBHOOK_URL: {{ .Values.reloader.deployment.env.secret.ALERT_WEBHOOK_URL | b64enc | quote }}
17 | {{ end }}
18 | {{- if .Values.reloader.deployment.env.secret.ALERT_ADDITIONAL_INFO -}}
19 | ALERT_ADDITIONAL_INFO: {{ .Values.reloader.deployment.env.secret.ALERT_ADDITIONAL_INFO | b64enc | quote }}
20 | {{ end }}
21 | {{ end }}
22 |
--------------------------------------------------------------------------------
/charts/csghub/charts/reloader/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.reloader.service }}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | annotations:
6 | {{ include "reloader-helm3.annotations" . | indent 4 }}
7 | {{- if .Values.reloader.service.annotations }}
8 | {{ toYaml .Values.reloader.service.annotations | indent 4 }}
9 | {{- end }}
10 | labels:
11 | {{ include "reloader-labels.chart" . | indent 4 }}
12 | {{- if .Values.reloader.service.labels }}
13 | {{ toYaml .Values.reloader.service.labels | indent 4 }}
14 | {{- end }}
15 | name: {{ template "reloader-fullname" . }}
16 | namespace: {{ .Values.namespace | default .Release.Namespace }}
17 | spec:
18 | selector:
19 | {{- if .Values.reloader.deployment.labels }}
20 | {{ toYaml .Values.reloader.deployment.labels | indent 4 }}
21 | {{- end }}
22 | {{- if .Values.reloader.matchLabels }}
23 | {{ toYaml .Values.reloader.matchLabels | indent 4 }}
24 | {{- end }}
25 | ports:
26 | - port: {{ .Values.reloader.service.port }}
27 | name: http
28 | protocol: TCP
29 | targetPort: http
30 | {{- end }}
31 |
--------------------------------------------------------------------------------
/charts/csghub/charts/reloader/templates/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.reloader.serviceAccount.create }}
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | {{- if .Values.global.imagePullSecrets }}
5 | imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 2 }}
6 | {{- end }}
7 | {{- if hasKey .Values.reloader.serviceAccount "automountServiceAccountToken" }}
8 | automountServiceAccountToken: {{ .Values.reloader.serviceAccount.automountServiceAccountToken }}
9 | {{- end }}
10 | metadata:
11 | annotations:
12 | {{ include "reloader-helm3.annotations" . | indent 4 }}
13 | {{- if .Values.reloader.serviceAccount.annotations }}
14 | {{ toYaml .Values.reloader.serviceAccount.annotations | indent 4 }}
15 | {{- end }}
16 | labels:
17 | {{ include "reloader-labels.chart" . | indent 4 }}
18 | {{- if .Values.reloader.serviceAccount.labels }}
19 | {{ toYaml .Values.reloader.serviceAccount.labels | indent 4 }}
20 | {{- end }}
21 | {{- if .Values.reloader.matchLabels }}
22 | {{ toYaml .Values.reloader.matchLabels | indent 4 }}
23 | {{- end }}
24 | name: {{ template "reloader-serviceAccountName" . }}
25 | namespace: {{ .Values.namespace | default .Release.Namespace }}
26 | {{- end }}
27 |
--------------------------------------------------------------------------------
/charts/csghub/charts/reloader/templates/verticalpodautoscaler.yaml:
--------------------------------------------------------------------------------
1 | {{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1") (.Values.reloader.verticalPodAutoscaler.enabled) }}
2 | apiVersion: autoscaling.k8s.io/v1
3 | kind: VerticalPodAutoscaler
4 | metadata:
5 | name: {{ template "reloader-fullname" . }}
6 | namespace: {{ .Values.namespace | default .Release.Namespace }}
7 | labels:
8 | {{- include "reloader-labels.chart" . | nindent 4 }}
9 | spec:
10 | {{- with .Values.reloader.verticalPodAutoscaler.recommenders }}
11 | recommenders:
12 | {{- toYaml . | nindent 4 }}
13 | {{- end }}
14 | resourcePolicy:
15 | containerPolicies:
16 | - containerName: {{ template "reloader-fullname" . }}
17 | {{- with .Values.reloader.verticalPodAutoscaler.controlledResources }}
18 | controlledResources:
19 | {{- toYaml . | nindent 8 }}
20 | {{- end }}
21 | {{- if .Values.reloader.verticalPodAutoscaler.controlledValues }}
22 | controlledValues: {{ .Values.reloader.verticalPodAutoscaler.controlledValues }}
23 | {{- end }}
24 | {{- if .Values.reloader.verticalPodAutoscaler.maxAllowed }}
25 | maxAllowed:
26 | {{ toYaml .Values.reloader.verticalPodAutoscaler.maxAllowed | nindent 8 }}
27 | {{- end }}
28 | {{- if .Values.reloader.verticalPodAutoscaler.minAllowed }}
29 | minAllowed:
30 | {{ toYaml .Values.reloader.verticalPodAutoscaler.minAllowed | nindent 8 }}
31 | {{- end }}
32 | targetRef:
33 | apiVersion: apps/v1
34 | kind: Deployment
35 | name: {{ template "reloader-fullname" . }}
36 | {{- with .Values.reloader.verticalPodAutoscaler.updatePolicy }}
37 | updatePolicy:
38 | {{- toYaml . | nindent 4 }}
39 | {{- end }}
40 | {{- end }}
41 |
--------------------------------------------------------------------------------
/charts/csghub/charts/reloader/values.schema.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "http://json-schema.org/schema#",
3 | "type": "object",
4 | "properties": {
5 | "reloader": {
6 | "type": "object",
7 | "properties": {
8 | "reloadStrategy": {
9 | "type": "string",
10 | "enum": [
11 | "default",
12 | "env-vars",
13 | "annotations"
14 | ]
15 | }
16 | }
17 | }
18 | }
19 | }
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: starship
3 | description: AI-based code intelligent generation, only scanning the application
4 | home: https://opencsg.com
5 | sources:
6 | - https://git-devops.opencsg.com/product/starship
7 | maintainers:
8 | - name: OpenCSG Inc.
9 | email: support@opencsg.com
10 |
11 | # A chart can be either an 'application' or a 'library' chart.
12 | #
13 | # Application charts are a collection of templates that can be packaged into versioned archives
14 | # to be deployed.
15 | #
16 | # Library charts provide useful utilities or functions for the chart developer. They're included as
17 | # a dependency of application charts to inject those utilities and functions into the rendering
18 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
19 | type: application
20 |
21 | # This is the chart version. This version number should be incremented each time you make changes
22 | # to the chart and its templates, including the app version.
23 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
24 | version: 0.1.9
25 |
26 | # This is the version number of the application being deployed. This version number should be
27 | # incremented each time you make changes to the application. Versions are not expected to
28 | # follow Semantic Versioning. They should reflect the version the application is using.
29 | # It is recommended to use it with quotes.
30 | appVersion: "v0.1.9"
31 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/agentic/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/agentic/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: agentic
3 | description: Responsible for financial and starship-agentic processing, monitoring transactions and generating related reports.
4 | home: https://opencsg.com
5 | sources:
6 | - https://git-devops.opencsg.com/product/starship/crmaestro/-/tree/main/agentic
7 | maintainers:
8 | - name: OpenCSG Inc.
9 | email: support@opencsg.com
10 |
11 | # A chart can be either an 'application' or a 'library' chart.
12 | #
13 | # Application charts are a collection of templates that can be packaged into versioned archives
14 | # to be deployed.
15 | #
16 | # Library charts provide useful utilities or functions for the chart developer. They're included as
17 | # a dependency of application charts to inject those utilities and functions into the rendering
18 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
19 | type: application
20 |
21 | # This is the chart version. This version number should be incremented each time you make changes
22 | # to the chart and its templates, including the app version.
23 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
24 | version: 0.1.9
25 |
26 | # This is the version number of the application being deployed. This version number should be
27 | # incremented each time you make changes to the application. Versions are not expected to
28 | # follow Semantic Versioning. They should reflect the version the application is using.
29 | # It is recommended to use it with quotes.
30 | appVersion: "v0.1.9"
31 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/agentic/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the internal domain for agentic
8 | */}}
9 | {{- define "agentic.internal.domain" -}}
10 | {{- include "common.names.custom" (list . "agentic") }}
11 | {{- end }}
12 |
13 | {{/*
14 | Define the internal port for agentic
15 | */}}
16 | {{- define "agentic.internal.port" -}}
17 | {{- $port := "8000" }}
18 | {{- if hasKey .Values.global "agentic" }}
19 | {{- if hasKey .Values.global.agentic "service" }}
20 | {{- if hasKey .Values.global.agentic.service "port" }}
21 | {{- $port = .Values.global.agentic.service.port }}
22 | {{- end }}
23 | {{- end }}
24 | {{- end }}
25 | {{- $port | toString -}}
26 | {{- end }}
27 |
28 | {{/*
29 | Define the internal endpoint for agentic
30 | */}}
31 | {{- define "agentic.internal.endpoint" -}}
32 | {{- printf "http://%s:%s" (include "agentic.internal.domain" .) (include "agentic.internal.port" .) -}}
33 | {{- end }}
34 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/agentic/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if include "starship.enabled" . }}
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | spec:
14 | type: {{ .Values.service.type }}
15 | ports:
16 | - port: {{ .Values.service.port }}
17 | targetPort: 8000
18 | protocol: TCP
19 | name: agentic
20 | selector:
21 | {{- include "common.labels.selector" . | nindent 4 }}
22 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/billing/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/billing/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: billing
3 | description: Starship's independent billing system.
4 | home: https://opencsg.com
5 | sources:
6 | - https://git-devops.opencsg.com/product/starship/crmaestro
7 | maintainers:
8 | - name: OpenCSG Inc.
9 | email: support@opencsg.com
10 |
11 | # A chart can be either an 'application' or a 'library' chart.
12 | #
13 | # Application charts are a collection of templates that can be packaged into versioned archives
14 | # to be deployed.
15 | #
16 | # Library charts provide useful utilities or functions for the chart developer. They're included as
17 | # a dependency of application charts to inject those utilities and functions into the rendering
18 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
19 | type: application
20 |
21 | # This is the chart version. This version number should be incremented each time you make changes
22 | # to the chart and its templates, including the app version.
23 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
24 | version: 0.0.0
25 |
26 | # This is the version number of the application being deployed. This version number should be
27 | # incremented each time you make changes to the application. Versions are not expected to
28 | # follow Semantic Versioning. They should reflect the version the application is using.
29 | # It is recommended to use it with quotes.
30 | appVersion: "0.0.0"
31 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/billing/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the internal domain for billing
8 | */}}
9 | {{- define "billing.internal.domain" -}}
10 | {{- include "common.names.custom" (list . "billing") }}
11 | {{- end }}
12 |
13 | {{/*
14 | Define the internal port for billing
15 | */}}
16 | {{- define "billing.internal.port" -}}
17 | {{- $port := "8080" }}
18 | {{- if hasKey .Values.global "billing" }}
19 | {{- if hasKey .Values.global.billing "service" }}
20 | {{- if hasKey .Values.global.billing.service "port" }}
21 | {{- $port = .Values.global.billing.service.port }}
22 | {{- end }}
23 | {{- end }}
24 | {{- end }}
25 | {{- $port | toString -}}
26 | {{- end }}
27 |
28 | {{/*
29 | Define the internal endpoint for billing
30 | */}}
31 | {{- define "billing.internal.endpoint" -}}
32 | {{- printf "http://%s:%s" (include "billing.internal.domain" .) (include "billing.internal.port" .) -}}
33 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/billing/templates/configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.enabled }}
7 | apiVersion: v1
8 | kind: ConfigMap
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | data:
14 | config.sh: |
15 | #!/bin/sh
16 | mkdir -p /app/config
17 | cat < /app/config/config.yaml
18 | nats: $NATS_URL
19 | pub:
20 | addr: :8080
21 | key: ''
22 | sub:
23 | streams:
24 | - name: accountingNotifyStream
25 | consumers:
26 | - durable_name: starship-billing-durable-consumer
27 | webhook:
28 | url: http://{{ include "web.internal.domain" . }}:{{ include "web.internal.port" . }}/api/v1/platforms/billing-events/
29 | key: 'key'
30 | EOF
31 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/billing/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.enabled }}
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | spec:
14 | type: {{ .Values.service.type }}
15 | ports:
16 | - port: {{ .Values.service.port }}
17 | targetPort: 8080
18 | protocol: TCP
19 | name: billing
20 | selector:
21 | {{- include "common.labels.selector" . | nindent 4 }}
22 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/frontend/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/frontend/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: frontend
3 | description: Starship's front-end display application.
4 | home: https://opencsg.com
5 | sources:
6 | - https://git-devops.opencsg.com/product/starship/Starship-Frontend
7 | maintainers:
8 | - name: OpenCSG Inc.
9 | email: support@opencsg.com
10 |
11 | # A chart can be either an 'application' or a 'library' chart.
12 | #
13 | # Application charts are a collection of templates that can be packaged into versioned archives
14 | # to be deployed.
15 | #
16 | # Library charts provide useful utilities or functions for the chart developer. They're included as
17 | # a dependency of application charts to inject those utilities and functions into the rendering
18 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
19 | type: application
20 |
21 | # This is the chart version. This version number should be incremented each time you make changes
22 | # to the chart and its templates, including the app version.
23 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
24 | version: 1.2.1
25 |
26 | # This is the version number of the application being deployed. This version number should be
27 | # incremented each time you make changes to the application. Versions are not expected to
28 | # follow Semantic Versioning. They should reflect the version the application is using.
29 | # It is recommended to use it with quotes.
30 | appVersion: "v1.2.1"
31 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/frontend/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the internal domain for frontend
8 | */}}
9 | {{- define "frontend.internal.domain" -}}
10 | {{- include "common.names.custom" (list . "frontend") }}
11 | {{- end }}
12 |
13 | {{/*
14 | Define the internal port for frontend
15 | */}}
16 | {{- define "frontend.internal.port" -}}
17 | {{- $port := "80" }}
18 | {{- if hasKey .Values.global "frontend" }}
19 | {{- if hasKey .Values.global.frontend "service" }}
20 | {{- if hasKey .Values.global.frontend.service "port" }}
21 | {{- $port = .Values.global.frontend.service.port }}
22 | {{- end }}
23 | {{- end }}
24 | {{- end }}
25 | {{- $port | toString -}}
26 | {{- end }}
27 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/frontend/templates/configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.enabled }}
7 | apiVersion: v1
8 | kind: ConfigMap
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | data:
14 | config.js: |
15 | window.envConfig = {
16 | VITE_APP_BASE_WEB: {{ include "starship.external.endpoint" . | squote }},
17 | VITE_APP_BASE_API: {{ include "starship.external.api.endpoint" . | squote }},
18 | VITE_APP_LOGIN_URL: {{ printf "%s/login/oauth/authorize?client_id=922b009c161d8efb3422&response_type=code&redirect_uri=%s/api/v1/account/casdoor/login/callback&scope=profile&state=casdoor" (include "casdoor.external.endpoint" .) (include "starship.external.api.endpoint" .) | squote }}
19 | };
20 | default.conf: |
21 | server {
22 | listen 80;
23 | server_name {{ include "starship.external.domain" . }};
24 |
25 |
26 | # 上传文件大小限制
27 | client_max_body_size 3000m;
28 | # 开启gzip压缩
29 | gzip on;
30 | gzip_disable "MSIE [1-6].";
31 | gzip_vary on;
32 | gzip_proxied any;
33 | gzip_comp_level 6;
34 | gzip_buffers 16 8k;
35 | gzip_http_version 1.0;
36 | gzip_min_length 256;
37 | gzip_types application/atom+xml application/geo+json application/javascript application/x-javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/xhtml+xml application/xml font/eot font/otf font/ttf image/svg+xml text/css text/javascript text/plain text/xml;
38 |
39 | location / {
40 | root /usr/share/nginx/html;
41 | index index.html;
42 | try_files $uri /index.html;
43 | }
44 |
45 | location @router {
46 | rewrite ^.*$ /index.html last;
47 | }
48 | }
49 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/frontend/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.enabled }}
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | spec:
14 | type: {{ .Values.service.type }}
15 | ports:
16 | - port: {{ .Values.service.port }}
17 | targetPort: 80
18 | protocol: TCP
19 | name: portal
20 | selector:
21 | {{- include "common.labels.selector" . | nindent 4 }}
22 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/megalinter-server/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/megalinter-server/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: megalinter-server
3 | description: MegaLinter Server is a centralized, server-based solution for running MegaLinter, a powerful linter aggregator that automatically detects and fixes issues in your source code, documentation, and infrastructure files. It supports 100+ linters across multiple languages, formats, and tools, ensuring consistent code quality and adherence to best practices.
4 |
5 | # A chart can be either an 'application' or a 'library' chart.
6 | #
7 | # Application charts are a collection of templates that can be packaged into versioned archives
8 | # to be deployed.
9 | #
10 | # Library charts provide useful utilities or functions for the chart developer. They're included as
11 | # a dependency of application charts to inject those utilities and functions into the rendering
12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
13 | type: application
14 |
15 | # This is the chart version. This version number should be incremented each time you make changes
16 | # to the chart and its templates, including the app version.
17 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
18 | version: 0.0.0
19 |
20 | # This is the version number of the application being deployed. This version number should be
21 | # incremented each time you make changes to the application. Versions are not expected to
22 | # follow Semantic Versioning. They should reflect the version the application is using.
23 | # It is recommended to use it with quotes.
24 | appVersion: "beta"
25 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/megalinter-server/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the internal domain for megalinter-server
8 | */}}
9 | {{- define "megalinter-server.internal.domain" -}}
10 | {{- include "common.names.custom" (list . "megalinter-server") }}
11 | {{- end }}
12 |
13 | {{/*
14 | Define the internal port for megalinter-server
15 | */}}
16 | {{- define "megalinter-server.internal.port" -}}
17 | {{- $port := "8000" }}
18 | {{- if hasKey .Values.global "megalinterServer" }}
19 | {{- if hasKey .Values.global.megalinterServer "service" }}
20 | {{- if hasKey .Values.global.megalinterServer.service "port" }}
21 | {{- $port = .Values.global.megalinterServer.service.port }}
22 | {{- end }}
23 | {{- end }}
24 | {{- end }}
25 | {{- $port | toString -}}
26 | {{- end }}
27 |
28 | {{/*
29 | Define the internal endpoint for megalinter-server
30 | */}}
31 | {{- define "megalinter-server.internal.endpoint" -}}
32 | {{- printf "http://%s:%s" (include "megalinter-server.internal.domain" .) (include "megalinter-server.internal.port" .) -}}
33 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/megalinter-server/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.enabled }}
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | spec:
14 | type: {{ .Values.service.type }}
15 | ports:
16 | - port: {{ .Values.service.port }}
17 | targetPort: 9000
18 | protocol: TCP
19 | name: ml-server
20 | selector:
21 | {{- include "common.labels.selector" . | nindent 4 }}
22 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/megalinter-worker/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/megalinter-worker/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: megalinter-worker
3 | description: A lightweight component of MegaLinter Server that executes linting jobs in distributed environments.
4 |
5 | # A chart can be either an 'application' or a 'library' chart.
6 | #
7 | # Application charts are a collection of templates that can be packaged into versioned archives
8 | # to be deployed.
9 | #
10 | # Library charts provide useful utilities or functions for the chart developer. They're included as
11 | # a dependency of application charts to inject those utilities and functions into the rendering
12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
13 | type: application
14 |
15 | # This is the chart version. This version number should be incremented each time you make changes
16 | # to the chart and its templates, including the app version.
17 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
18 | version: 8.0.0
19 |
20 | # This is the version number of the application being deployed. This version number should be
21 | # incremented each time you make changes to the application. Versions are not expected to
22 | # follow Semantic Versioning. They should reflect the version the application is using.
23 | # It is recommended to use it with quotes.
24 | appVersion: "v8.0.0"
25 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/megalinter-worker/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the internal domain for megalinter-worker
8 | */}}
9 | {{- define "megalinter-worker.internal.domain" -}}
10 | {{- include "common.names.custom" (list . "megalinter-worker") }}
11 | {{- end }}
12 |
13 | {{/*
14 | Define the internal port for megalinter-worker
15 | */}}
16 | {{- define "megalinter-worker.internal.port" -}}
17 | {{- $port := "8000" }}
18 | {{- if hasKey .Values.global "megalinterWorker" }}
19 | {{- if hasKey .Values.global.megalinterWorker "service" }}
20 | {{- if hasKey .Values.global.megalinterWorker.service "port" }}
21 | {{- $port = .Values.global.megalinterWorker.service.port }}
22 | {{- end }}
23 | {{- end }}
24 | {{- end }}
25 | {{- $port | toString -}}
26 | {{- end }}
27 |
28 | {{/*
29 | Define the internal endpoint for megalinter-worker
30 | */}}
31 | {{- define "megalinter-worker.internal.endpoint" -}}
32 | {{- printf "http://%s:%s" (include "megalinter-worker.internal.domain" .) (include "megalinter-worker.internal.port" .) -}}
33 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/secscan/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/secscan/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: secscan
3 |
4 | # A chart can be either an 'application' or a 'library' chart.
5 | #
6 | # Application charts are a collection of templates that can be packaged into versioned archives
7 | # to be deployed.
8 | #
9 | # Library charts provide useful utilities or functions for the chart developer. They're included as
10 | # a dependency of application charts to inject those utilities and functions into the rendering
11 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
12 | type: application
13 |
14 | # This is the chart version. This version number should be incremented each time you make changes
15 | # to the chart and its templates, including the app version.
16 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
17 | version: 0.0.0
18 |
19 | # This is the version number of the application being deployed. This version number should be
20 | # incremented each time you make changes to the application. Versions are not expected to
21 | # follow Semantic Versioning. They should reflect the version the application is using.
22 | # It is recommended to use it with quotes.
23 | appVersion: "latest"
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/web/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/web/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: web
3 | description: Responsible for processing all Starship API requests and scheduling tasks.
4 | home: https://opencsg.com
5 | sources:
6 | - https://git-devops.opencsg.com/product/starship/crmaestro/-/tree/main/codegpt
7 | maintainers:
8 | - name: OpenCSG Inc.
9 | email: support@opencsg.com
10 |
11 | # A chart can be either an 'application' or a 'library' chart.
12 | #
13 | # Application charts are a collection of templates that can be packaged into versioned archives
14 | # to be deployed.
15 | #
16 | # Library charts provide useful utilities or functions for the chart developer. They're included as
17 | # a dependency of application charts to inject those utilities and functions into the rendering
18 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
19 | type: application
20 |
21 | # This is the chart version. This version number should be incremented each time you make changes
22 | # to the chart and its templates, including the app version.
23 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
24 | version: 0.1.9
25 |
26 | # This is the version number of the application being deployed. This version number should be
27 | # incremented each time you make changes to the application. Versions are not expected to
28 | # follow Semantic Versioning. They should reflect the version the application is using.
29 | # It is recommended to use it with quotes.
30 | appVersion: "v0.1.9"
31 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/web/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the internal domain for web
8 | */}}
9 | {{- define "web.internal.domain" -}}
10 | {{- include "common.names.custom" (list . "web") }}
11 | {{- end }}
12 |
13 | {{/*
14 | Define the internal port for web
15 | */}}
16 | {{- define "web.internal.port" -}}
17 | {{- $port := "8000" }}
18 | {{- if hasKey .Values.global "web" }}
19 | {{- if hasKey .Values.global.web "service" }}
20 | {{- if hasKey .Values.global.web.service "port" }}
21 | {{- $port = .Values.global.web.service.port }}
22 | {{- end }}
23 | {{- end }}
24 | {{- end }}
25 | {{- $port | toString -}}
26 | {{- end }}
27 |
28 | {{/*
29 | Define the internal endpoint for web
30 | */}}
31 | {{- define "web.internal.endpoint" -}}
32 | {{- printf "http://%s:%s" (include "web.internal.domain" .) (include "web.internal.port" .) -}}
33 | {{- end }}
34 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/web/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if include "starship.enabled" . }}
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | spec:
14 | type: {{ .Values.service.type }}
15 | ports:
16 | - port: {{ .Values.service.port }}
17 | targetPort: 8000
18 | protocol: TCP
19 | name: web
20 | - port: 80
21 | targetPort: 80
22 | protocol: TCP
23 | name: nginx
24 | selector:
25 | {{- include "common.labels.selector" . | nindent 4 }}
26 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/worker/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/charts/worker/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: worker
3 | description: Responsible for processing all Starship API requests and scheduling tasks.
4 | home: https://opencsg.com
5 | sources:
6 | - https://git-devops.opencsg.com/product/starship/crmaestro/-/tree/main/codegpt
7 | maintainers:
8 | - name: OpenCSG Inc.
9 | email: support@opencsg.com
10 |
11 | # A chart can be either an 'application' or a 'library' chart.
12 | #
13 | # Application charts are a collection of templates that can be packaged into versioned archives
14 | # to be deployed.
15 | #
16 | # Library charts provide useful utilities or functions for the chart developer. They're included as
17 | # a dependency of application charts to inject those utilities and functions into the rendering
18 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
19 | type: application
20 |
21 | # This is the chart version. This version number should be incremented each time you make changes
22 | # to the chart and its templates, including the app version.
23 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
24 | version: 0.1.9
25 |
26 | # This is the version number of the application being deployed. This version number should be
27 | # incremented each time you make changes to the application. Versions are not expected to
28 | # follow Semantic Versioning. They should reflect the version the application is using.
29 | # It is recommended to use it with quotes.
30 | appVersion: "v0.1.9"
31 |
--------------------------------------------------------------------------------
/charts/csghub/charts/starship/templates/_starship.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the external domain for starship
8 | */}}
9 | {{- define "starship.external.domain" -}}
10 | {{- $domain := include "global.domain" (list . "starship") }}
11 | {{- if hasKey .Values.global.ingress "useTop" }}
12 | {{- if .Values.global.ingress.useTop }}
13 | {{- $domain = .Values.global.ingress.domain }}
14 | {{- end }}
15 | {{- end }}
16 | {{- $domain -}}
17 | {{- end }}
18 |
19 | {{/*
20 | Define the external api domain for starship
21 | */}}
22 | {{- define "starship.external.api.domain" -}}
23 | {{- $domain := include "global.domain" (list . "starship-api") }}
24 | {{- $domain -}}
25 | {{- end }}
26 |
27 | {{/*
28 | Define the external endpoint for starship
29 | */}}
30 | {{- define "starship.external.endpoint" -}}
31 | {{- $domain := include "starship.external.domain" . }}
32 | {{- if eq .Values.global.ingress.service.type "NodePort" }}
33 | {{- if .Values.global.ingress.tls.enabled -}}
34 | {{- printf "https://%s:%s" $domain "30443" -}}
35 | {{- else }}
36 | {{- printf "http://%s:%s" $domain "30080" -}}
37 | {{- end }}
38 | {{- else }}
39 | {{- if .Values.global.ingress.tls.enabled -}}
40 | {{- printf "https://%s" $domain -}}
41 | {{- else }}
42 | {{- printf "http://%s" $domain -}}
43 | {{- end }}
44 | {{- end }}
45 | {{- end }}
46 |
47 | {{/*
48 | Define the external endpoint for starship
49 | */}}
50 | {{- define "starship.external.api.endpoint" -}}
51 | {{- $domain := include "starship.external.api.domain" . }}
52 | {{- if eq .Values.global.ingress.service.type "NodePort" }}
53 | {{- if .Values.global.ingress.tls.enabled -}}
54 | {{- printf "https://%s:%s" $domain "30443" -}}
55 | {{- else }}
56 | {{- printf "http://%s:%s" $domain "30080" -}}
57 | {{- end }}
58 | {{- else }}
59 | {{- if .Values.global.ingress.tls.enabled -}}
60 | {{- printf "https://%s" $domain -}}
61 | {{- else }}
62 | {{- printf "http://%s" $domain -}}
63 | {{- end }}
64 | {{- end }}
65 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/temporal/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/csghub/charts/temporal/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: temporal
3 | description: Temporal is a durable execution platform that enables developers to build scalable applications without sacrificing productivity or reliability. The Temporal server executes units of application logic called Workflows in a resilient manner that automatically handles intermittent failures, and retries failed operations.
4 | home: https://temporal.io/
5 | sources:
6 | - https://github.com/temporalio/temporal
7 |
8 | # A chart can be either an 'application' or a 'library' chart.
9 | #
10 | # Application charts are a collection of templates that can be packaged into versioned archives
11 | # to be deployed.
12 | #
13 | # Library charts provide useful utilities or functions for the chart developer. They're included as
14 | # a dependency of application charts to inject those utilities and functions into the rendering
15 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
16 | type: application
17 |
18 | # This is the chart version. This version number should be incremented each time you make changes
19 | # to the chart and its templates, including the app version.
20 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
21 | version: 1.25.1
22 |
23 | # This is the version number of the application being deployed. This version number should be
24 | # incremented each time you make changes to the application. Versions are not expected to
25 | # follow Semantic Versioning. They should reflect the version the application is using.
26 | # It is recommended to use it with quotes.
27 | appVersion: "1.25.1"
28 |
--------------------------------------------------------------------------------
/charts/csghub/charts/temporal/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the internal domain for temporal
8 | */}}
9 | {{- define "temporal.internal.domain" -}}
10 | {{- include "common.names.custom" (list . "temporal") }}
11 | {{- end }}
12 |
13 | {{/*
14 | Define the internal port for temporal
15 | */}}
16 | {{- define "temporal.internal.port" -}}
17 | {{- $port := "7233" }}
18 | {{- if hasKey .Values.global "temporal" }}
19 | {{- if hasKey .Values.global.temporal "service" }}
20 | {{- if hasKey .Values.global.temporal.service "port" }}
21 | {{- $port = .Values.global.temporal.service.port }}
22 | {{- end }}
23 | {{- end }}
24 | {{- end }}
25 | {{- $port | toString -}}
26 | {{- end }}
27 |
28 | {{/*
29 | Define the internal endpoint for temporal
30 | */}}
31 | {{- define "temporal.internal.endpoint" -}}
32 | {{- printf "%s:%s" (include "temporal.internal.domain" .) (include "temporal.internal.port" .) -}}
33 | {{- end }}
34 |
35 | {{/*
36 | Define the external domain for temporal
37 | */}}
38 | {{- define "temporal.external.domain" -}}
39 | {{- include "global.domain" (list . "temporal") }}
40 | {{- end }}
41 |
42 | {{/*
43 | Define the external endpoint for temporal
44 | */}}
45 | {{- define "temporal.external.endpoint" -}}
46 | {{- $domain := include "temporal.external.domain" . }}
47 | {{- if eq .Values.global.ingress.service.type "NodePort" }}
48 | {{- if .Values.global.ingress.tls.enabled -}}
49 | {{- printf "https://%s:%s" $domain "30443" -}}
50 | {{- else }}
51 | {{- printf "http://%s:%s" $domain "30080" -}}
52 | {{- end }}
53 | {{- else }}
54 | {{- if .Values.global.ingress.tls.enabled -}}
55 | {{- printf "https://%s" $domain -}}
56 | {{- else }}
57 | {{- printf "http://%s" $domain -}}
58 | {{- end }}
59 | {{- end }}
60 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/temporal/templates/configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.enabled }}
7 | {{- $pgConfig := include "csghub.postgresql.config" (dict "service" .Values "global" .) | fromYaml }}
8 | apiVersion: v1
9 | kind: ConfigMap
10 | metadata:
11 | name: {{ include "common.names.custom" . }}
12 | namespace: {{ .Release.Namespace }}
13 | labels: {{ include "common.labels" . | nindent 4 }}
14 | data:
15 | DB: "postgres12"
16 | DEFAULT_NAMESPACE_RETENTION: "7d"
17 | DBNAME: {{ $pgConfig.database }}
18 | DB_PORT: {{ $pgConfig.port | quote }}
19 | POSTGRES_SEEDS: {{ $pgConfig.host }}
20 | POSTGRES_USER: {{ $pgConfig.user }}
21 | POSTGRES_PWD: {{ $pgConfig.password }}
22 | VISIBILITY_DBNAME: {{ printf "%s_visibility" $pgConfig.database }}
23 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/temporal/templates/ingress.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if and .Values.enabled (and .Values.ingress.enabled .Values.ui.enabled) }}
7 | apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
8 | kind: Ingress
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | annotations:
14 | {{- include "common.annotations.ingress.nginx" (dict "auth" (dict "secret" (include "common.names.custom" .) "realm" "Authentication Required - temporal") "custom" .Values.ingress.annotations) | nindent 4 }}
15 | spec:
16 | ingressClassName: {{ .Values.global.ingress.className | default "nginx" }}
17 | {{- if eq (include "global.ingress.tls.enabled" .) "true" }}
18 | tls:
19 | - hosts:
20 | - {{ include "temporal.external.domain" . }}
21 | {{- $secret := coalesce (include "global.ingress.tls.secret" .) .Values.ingress.tls.secretName }}
22 | {{- if $secret }}
23 | secretName: {{ $secret }}
24 | {{- else }}
25 | {{ fail "Temporal-UI ingress TLS is enabled but no secretName is provided." }}
26 | {{- end }}
27 | {{- end }}
28 | rules:
29 | - host: {{ include "temporal.external.domain" . }}
30 | http:
31 | paths:
32 | - path: /
33 | pathType: Prefix
34 | backend:
35 | {{- if eq (include "common.capabilities.ingress.apiVersion" .) "networking.k8s.io/v1" }}
36 | service:
37 | name: {{ include "common.names.custom" . }}
38 | port:
39 | number: 8080
40 | {{- else }}
41 | serviceName: {{ include "common.names.custom" . }}
42 | servicePort: 8080
43 | {{- end }}
44 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/temporal/templates/secret.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if and .Values.enabled .Values.ingress.enabled }}
7 | {{- $secretData := (lookup "v1" "Secret" .Release.Namespace (include "common.names.custom" .)).data -}}
8 | {{- $username := .Values.authentication.username -}}
9 | {{- $password := or .Values.authentication.password (randAlpha 15) -}}
10 | {{- $htpasswd := htpasswd $username $password }}
11 | {{- if $secretData }}
12 | {{- $secretUsername := index $secretData "TEMPORAL_USERNAME" }}
13 | {{- if $secretUsername }}
14 | {{- $username = $secretUsername | b64dec }}
15 | {{- end }}
16 | {{- $secretPassword := index $secretData "TEMPORAL_PASSWORD" }}
17 | {{- if $secretPassword }}
18 | {{- $password = $secretPassword | b64dec }}
19 | {{- end }}
20 | {{- $secretAuth := index $secretData "auth" }}
21 | {{- if $secretAuth }}
22 | {{- $htpasswd = $secretAuth | b64dec }}
23 | {{- end }}
24 | {{- end -}}
25 | apiVersion: v1
26 | kind: Secret
27 | metadata:
28 | name: {{ include "common.names.custom" . }}
29 | namespace: {{ .Release.Namespace }}
30 | labels: {{ include "common.labels" . | nindent 4 }}
31 | annotations:
32 | helm.sh/resource-policy: keep
33 | type: Opaque
34 | data:
35 | TEMPORAL_USERNAME: {{ $username | b64enc }}
36 | TEMPORAL_PASSWORD: {{ $password | b64enc }}
37 | auth: {{ $htpasswd | b64enc }}
38 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/charts/temporal/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.enabled }}
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" . | nindent 4 }}
13 | spec:
14 | type: {{ .Values.service.type }}
15 | ports:
16 | - port: {{ .Values.service.port }}
17 | targetPort: 7233
18 | protocol: TCP
19 | name: temporal
20 | - port: 8080
21 | targetPort: 8080
22 | protocol: TCP
23 | name: temporal-ui
24 | selector:
25 | {{- include "common.labels.selector" . | nindent 4 }}
26 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/examples/values-ce.yaml:
--------------------------------------------------------------------------------
1 | # Example values file for Community Edition (CE) deployment
2 | # This configuration will deploy CSGHub CE without Starship components
3 |
4 | global:
5 | # Set edition to CE
6 | edition: "ce"
7 |
8 | image:
9 | #registry: "opencsg-registry.cn-beijing.cr.aliyuncs.com"
10 | # Base tag without suffix - will become v1.8.0-ce automatically
11 | tag: "v1.8.0"
12 | pullPolicy: "IfNotPresent"
13 |
14 | ingress:
15 | domain: "csghub-ce.example.com"
16 | tls:
17 | enabled: false
18 |
19 | # External services configuration (optional)
20 | postgresql:
21 | enabled: true
22 |
23 | redis:
24 | enabled: true
25 |
26 | objectStore:
27 | enabled: true
28 |
29 | # Starship configuration - will be ignored in CE edition
30 | starship:
31 | # This setting will be ignored since global.edition is "ce"
32 | enabled: true
33 |
34 | # Resource configurations
35 | postgresql:
36 | persistence:
37 | size: 50Gi
38 |
39 | minio:
40 | persistence:
41 | size: 100Gi
42 |
43 | gitaly:
44 | persistence:
45 | size: 200Gi
46 |
47 | # Component-specific configurations
48 | csghub:
49 | server:
50 | replicas: 1
51 |
52 | portal:
53 | replicas: 1
54 |
55 |
--------------------------------------------------------------------------------
/charts/csghub/examples/values-ee-no-starship.yaml:
--------------------------------------------------------------------------------
1 | # Example values file for Enterprise Edition (EE) deployment WITHOUT Starship
2 | # This configuration will deploy CSGHub EE but disable Starship components
3 |
4 | global:
5 | # Set edition to EE
6 | edition: "ee"
7 |
8 | image:
9 | #registry: "opencsg-registry.cn-beijing.cr.aliyuncs.com"
10 | # Base tag without suffix - will become v1.8.0-ee automatically
11 | tag: "v1.8.0"
12 | pullPolicy: "IfNotPresent"
13 |
14 | ingress:
15 | domain: "csghub-ee-no-starship.example.com"
16 | tls:
17 | enabled: false
18 |
19 | # External services configuration (optional)
20 | postgresql:
21 | enabled: true
22 |
23 | redis:
24 | enabled: true
25 |
26 | objectStore:
27 | enabled: true
28 |
29 | # Resource configurations
30 | postgresql:
31 | persistence:
32 | size: 50Gi
33 |
34 | minio:
35 | persistence:
36 | size: 100Gi
37 |
38 | gitaly:
39 | persistence:
40 | size: 200Gi
41 |
42 |
43 | # Starship configuration - explicitly disable even in EE
44 | starship:
45 | # Set to false to disable Starship even in EE edition
46 | enabled: false
47 |
48 | # Csghub Component-specific configurations
49 | csghub:
50 | server:
51 | replicas: 1
52 |
53 | portal:
54 | replicas: 1
55 |
--------------------------------------------------------------------------------
/charts/csghub/examples/values-ee.yaml:
--------------------------------------------------------------------------------
1 | # Example values file for Enterprise Edition (EE) deployment
2 | # This configuration will deploy CSGHub EE with Starship components
3 |
4 | global:
5 | # Set edition to EE
6 | edition: "ee"
7 |
8 | image:
9 | #registry: "opencsg-registry.cn-beijing.cr.aliyuncs.com"
10 | # Base tag without suffix - will become v1.8.0-ee automatically
11 | tag: "v1.8.0"
12 | pullPolicy: "IfNotPresent"
13 |
14 | ingress:
15 | domain: "csghub-ee.example.com"
16 | tls:
17 | enabled: false
18 |
19 | # External services configuration (optional)
20 | postgresql:
21 | enabled: true
22 |
23 | redis:
24 | enabled: true
25 |
26 | objectStore:
27 | enabled: true
28 |
29 | # Starship OAuth configuration (for EE)
30 | starship:
31 | oauth:
32 | issuer: "https://gitlab.example.com"
33 | clientId: "your-client-id"
34 | clientSecret: "your-client-secret"
35 |
36 | # Starship configuration - explicitly enable for EE
37 | starship:
38 | # Must be explicitly set to true for Starship to be deployed
39 | enabled: true
40 |
41 | # Starship-specific configurations
42 | web:
43 | openai:
44 | model: "gpt-4"
45 | api:
46 | base: "https://api.openai.com/v1"
47 | version: "2024-06-01"
48 | key: "" # Set via environment variable or secret
49 |
50 | persistence:
51 | size: 10Gi
52 | accessMode: ["ReadWriteMany"]
53 |
54 | # Resource configurations
55 | postgresql:
56 | persistence:
57 | size: 50Gi
58 |
59 | minio:
60 | persistence:
61 | size: 100Gi
62 |
63 | gitaly:
64 | persistence:
65 | size: 200Gi
66 |
67 | # Csghub Component-specific configurations
68 | csghub:
69 | server:
70 | replicas: 1
71 |
72 | portal:
73 | replicas: 1
74 |
75 |
--------------------------------------------------------------------------------
/charts/csghub/scripts/01_promote_root.sql:
--------------------------------------------------------------------------------
1 | --
2 | -- Record Timestamp
3 | --
4 | SELECT now() as "Execute Timestamp";
5 |
6 | --
7 | -- PostgreSQL database dump
8 | --
9 | SET exit_on_error = on;
10 | SET statement_timeout = 0;
11 | SET lock_timeout = 0;
12 | SET idle_in_transaction_session_timeout = 0;
13 | SET client_encoding = 'UTF8';
14 | SET standard_conforming_strings = on;
15 | SET check_function_bodies = false;
16 | SET xmloption = content;
17 | SET client_min_messages = warning;
18 | SET row_security = off;
19 |
20 | --
21 | -- Set Default Schema for All Tables
22 | --
23 |
24 | SELECT pg_catalog.set_config('search_path', 'public', false);
25 |
26 | --
27 | -- Type: Trigger; Schema: public; Owner: csghub_server
28 | --
29 | -- Create Trigger Function
30 | CREATE OR REPLACE FUNCTION promote_root_to_admin ()
31 | RETURNS TRIGGER
32 | AS $$
33 | BEGIN
34 | IF NEW.username = 'root' THEN
35 | UPDATE
36 | public.users
37 | SET
38 | role_mask = 'admin'
39 | WHERE
40 | username = 'root';
41 |
42 | -- After update Drop all
43 | EXECUTE 'DROP TRIGGER IF EXISTS trigger_promote_root_to_admin ON public.users';
44 | EXECUTE 'DROP FUNCTION IF EXISTS promote_root_to_admin()';
45 | END IF;
46 | RETURN NEW;
47 | END;
48 | $$
49 | LANGUAGE plpgsql
50 | VOLATILE;
51 |
52 | -- Create Trigger
53 | CREATE OR REPLACE TRIGGER trigger_promote_root_to_admin
54 | AFTER INSERT ON public.users
55 | FOR EACH ROW
56 | EXECUTE FUNCTION promote_root_to_admin ();
57 |
--------------------------------------------------------------------------------
/charts/csghub/scripts/02_seed_space_resources.sql:
--------------------------------------------------------------------------------
1 | --
2 | -- Record Timestamp
3 | --
4 | SELECT now() as "Execute Timestamp";
5 |
6 | --
7 | -- PostgreSQL database dump
8 | --
9 | SET exit_on_error = on;
10 | SET statement_timeout = 0;
11 | SET lock_timeout = 0;
12 | SET idle_in_transaction_session_timeout = 0;
13 | SET client_encoding = 'UTF8';
14 | SET standard_conforming_strings = on;
15 | SET check_function_bodies = false;
16 | SET xmloption = content;
17 | SET client_min_messages = warning;
18 | SET row_security = off;
19 |
20 | --
21 | -- Set Default Schema for All Tables
22 | --
23 |
24 | SELECT pg_catalog.set_config('search_path', 'public', false);
25 |
26 | --
27 | -- Seed Data for Name: space_resources; Type: TABLE DATA; Schema: public; Owner: csghub_server
28 | --
29 |
30 | WITH selected_cluster AS (
31 | SELECT
32 | cluster_id
33 | FROM
34 | public.cluster_infos
35 | LIMIT 1)
36 | INSERT INTO public.space_resources (id, name, resources, cluster_id)
37 | VALUES
38 | (1, 'CPU basic · 0.5 vCPU · 1 GB', '{ "cpu": { "type": "Intel", "num": "0.5" }, "memory": "1Gi" }', ( SELECT cluster_id FROM selected_cluster)),
39 | (2, 'CPU basic · 2 vCPU · 4 GB', '{ "cpu": { "type": "Intel", "num": "2" }, "memory": "4Gi" }', ( SELECT cluster_id FROM selected_cluster))
40 | ON CONFLICT (id)
41 | DO UPDATE SET
42 | name = EXCLUDED.name,
43 | resources = EXCLUDED.resources,
44 | cluster_id = EXCLUDED.cluster_id;
45 |
46 | --
47 | -- Name: space_resources_id_seq; Type: SEQUENCE SET; Schema: public; Owner: csghub_server
48 | --
49 |
50 | SELECT
51 | pg_catalog.setval('public.space_resources_id_seq', (
52 | SELECT
53 | MAX(id)
54 | FROM public.space_resources), TRUE);
55 |
--------------------------------------------------------------------------------
/charts/csghub/scripts/05_seed_tag_categories.sql:
--------------------------------------------------------------------------------
1 | --
2 | -- Record Timestamp
3 | --
4 | SELECT now() as "Execute Timestamp";
5 |
6 | --
7 | -- PostgreSQL database dump
8 | --
9 | SET exit_on_error = on;
10 | SET statement_timeout = 0;
11 | SET lock_timeout = 0;
12 | SET idle_in_transaction_session_timeout = 0;
13 | SET client_encoding = 'UTF8';
14 | SET standard_conforming_strings = on;
15 | SET check_function_bodies = false;
16 | SET xmloption = content;
17 | SET client_min_messages = warning;
18 | SET row_security = off;
19 |
20 | --
21 | -- Set Default Schema for All Tables
22 | --
23 |
24 | SELECT pg_catalog.set_config('search_path', 'public', false);
25 |
26 | --
27 | -- Seed Data for Name: tag_categories; Type: TABLE DATA; Schema: public; Owner: csghub_server
28 | --
29 |
30 | INSERT INTO public.tag_categories(name, scope, show_name, enabled)
31 | VALUES
32 | ('task', 'model', '任务','t'),
33 | ('license', 'model', '许可证','t'),
34 | ('framework', 'model', '框架','t'),
35 | ('task', 'dataset', '任务','t'),
36 | ('license', 'dataset', '许可证','t'),
37 | ('size', 'dataset', '大小','f'),
38 | ('license', 'code', '许可证','t'),
39 | ('language', 'model', '语言','t'),
40 | ('language', 'dataset', '语言','t'),
41 | ('language', 'code', ' ','f'),
42 | ('language', 'space', ' ','f'),
43 | ('license', 'space', ' ','f'),
44 | ('industry', 'model', '行业','f'),
45 | ('industry', 'dataset', ' ','f'),
46 | ('industry', 'code', ' ','f'),
47 | ('industry', 'space', ' ','f'),
48 | ('resource', 'model', ' ','f'),
49 | ('runtime_framework', 'model', ' ','f'),
50 | ('evaluation', 'dataset', ' ','f')
51 | ON CONFLICT (name, scope)
52 | DO UPDATE SET
53 | show_name = EXCLUDED.show_name,
54 | enabled = EXCLUDED.enabled;
55 |
--------------------------------------------------------------------------------
/charts/csghub/templates/configmap-accounting.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | apiVersion: v1
7 | kind: ConfigMap
8 | metadata:
9 | name: {{ include "common.names.custom" (list . "accounting")}}
10 | namespace: {{ .Release.Namespace }}
11 | labels: {{ include "common.labels" (dict "context" . "service" "accounting") | nindent 4 }}
12 | data:
13 | OPENCSG_ACCOUNTING_SERVER_PORT: {{ include "csghub.svc.port" "accounting" | quote }}
14 | OPENCSG_ACCOUNTING_FEE_EVENT_SUBJECT: "accounting.fee.>"
15 | OPENCSG_ACCOUNTING_NOTIFY_NOBALANCE_SUBJECT: "accounting.notify.nobalance"
16 | OPENCSG_ACCOUNTING_MSG_FETCH_TIMEOUTINSEC: "5"
17 | OPENCSG_ACCOUNTING_CHARGING_ENABLE: "true"
18 |
--------------------------------------------------------------------------------
/charts/csghub/templates/configmap-error-page.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | apiVersion: v1
7 | kind: ConfigMap
8 | metadata:
9 | name: {{ include "common.names.custom" (list . "custom-error-pages")}}
10 | namespace: {{ .Release.Namespace }}
11 | labels: {{ include "common.labels" (dict "context" . "service" "custom-error-pages") | nindent 4 }}
12 | data:
13 | {{- $currentScope := . }}
14 | {{- range $path, $_ := .Files.Glob "html/*.html" }}
15 | {{- with $currentScope }}
16 | {{- base $path | nindent 2 }}: |
17 | {{- .Files.Get $path | nindent 4 }}
18 | {{- end }}
19 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/templates/configmap-gateway-moderation.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.global.moderation.enabled }}
7 | apiVersion: v1
8 | kind: ConfigMap
9 | metadata:
10 | name: {{ include "common.names.custom" (list . "gateway-moderation") }}
11 | namespace: {{ .Release.Namespace }}
12 | labels: {{ include "common.labels" (dict "context" . "service" "gateway") | nindent 4 }}
13 | data:
14 | STARHUB_SERVER_SENSITIVE_CHECK_ENABLE: "true"
15 | STARHUB_SERVER_SENSITIVE_CHECK_ACCESS_KEY_ID: {{ .Values.global.moderation.accessKeyId }}
16 | STARHUB_SERVER_SENSITIVE_CHECK_ACCESS_KEY_SECRET: {{ .Values.global.moderation.accessKeySecret }}
17 | STARHUB_SERVER_SENSITIVE_CHECK_REGION: {{ .Values.global.moderation.region }}
18 | {{- end }}
19 |
--------------------------------------------------------------------------------
/charts/csghub/templates/configmap-server-init.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | apiVersion: v1
7 | kind: ConfigMap
8 | metadata:
9 | name: {{ include "common.names.custom" (list . "server-init") }}
10 | namespace: {{ .Release.Namespace }}
11 | labels: {{ include "common.labels" (dict "context" . "service" "server-init") | nindent 4 }}
12 | data:
13 | {{- $currentScope := . }}
14 | {{- range $path, $_ := .Files.Glob "scripts/*.sql" }}
15 | {{- with $currentScope }}
16 | {{- base $path | nindent 2 }}: |
17 | {{- .Files.Get $path | nindent 4 }}
18 | {{- end }}
19 | {{- end }}
20 |
--------------------------------------------------------------------------------
/charts/csghub/templates/configmap-space.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if and .Values.global.deploy.enabled .Values.global.deploy.autoConfigure }}
7 | {{- $registryConfig := include "chart.registryConfig" (dict "service" .Values.csghub.runner "global" .) | fromYaml }}
8 | apiVersion: v1
9 | kind: ConfigMap
10 | metadata:
11 | name: {{ include "common.names.custom" (list . "runner-space") }}
12 | namespace: {{ .Release.Namespace }}
13 | labels: {{ include "common.labels" (dict "context" . "service" "runner-space") | nindent 4 }}
14 | data:
15 | space-app.yaml: |
16 | apiVersion: v1
17 | kind: Namespace
18 | metadata:
19 | name: {{ .Values.global.deploy.namespace }}
20 | labels:
21 | kubernetes.io/metadata.name: {{ .Values.global.deploy.namespace }}
22 | ---
23 | apiVersion: v1
24 | kind: Secret
25 | metadata:
26 | name: {{ include "common.names.custom" (list . "registry-docker-config") }}
27 | namespace: {{ .Values.global.deploy.namespace }}
28 | annotations:
29 | helm.sh/resource-policy: keep
30 | type: kubernetes.io/dockerconfigjson
31 | data:
32 | .dockerconfigjson: {{ printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" $registryConfig.repository $registryConfig.username $registryConfig.password (printf "%s:%s" $registryConfig.username $registryConfig.password | b64enc) | b64enc }}
33 | ---
34 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/templates/helpers/_annotations.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Common deployment annotations
8 | */}}
9 | {{- define "common.annotations.deployment" -}}
10 | {{- with .Values.annotations }}
11 | {{- toYaml . }}
12 | {{- end }}
13 | {{- end -}}
14 |
15 | {{/*
16 | Resource dependencies annotation
17 | This is used to indicate which resources this component depends on
18 | */}}
19 | {{- define "common.annotations.dependencies" -}}
20 | {{- if .dependencies }}
21 | resource.dependencies/deployments: |
22 | {{- range .dependencies }}
23 | {{ . }}
24 | {{- end }}
25 | {{- end }}
26 | {{- end -}}
27 |
28 | {{/*
29 | Standard ingress annotations for nginx
30 | */}}
31 | {{- define "common.annotations.ingress.nginx" -}}
32 | nginx.ingress.kubernetes.io/enable-cors: "true"
33 | {{- if .auth }}
34 | nginx.ingress.kubernetes.io/auth-type: basic
35 | nginx.ingress.kubernetes.io/auth-secret: {{ .auth.secret }}
36 | nginx.ingress.kubernetes.io/auth-realm: {{ .auth.realm | default "Authentication Required" | quote }}
37 | {{- end }}
38 | {{- with .custom }}
39 | {{- toYaml . }}
40 | {{- end }}
41 | {{- end -}}
42 |
43 | {{/*
44 | Helm hook annotations for jobs
45 | */}}
46 | {{- define "common.annotations.helm.hooks" -}}
47 | {{- if .preInstall }}
48 | "helm.sh/hook": pre-install,pre-upgrade
49 | {{- else if .postInstall }}
50 | "helm.sh/hook": post-install,post-upgrade
51 | {{- end }}
52 | {{- if .deletePolicy }}
53 | "helm.sh/hook-delete-policy": {{ .deletePolicy }}
54 | {{- else }}
55 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
56 | {{- end }}
57 | {{- end -}}
58 |
--------------------------------------------------------------------------------
/charts/csghub/templates/helpers/_deprecated.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{ define "common.checkDeprecated" }}
7 |
8 | {{- if hasKey .Values.dataflow "enabled" }}
9 | {{ fail "ERROR: 'dataflow.enabled' is deprecated. Please use 'global.dataflow.enabled' instead." }}
10 | {{- end }}
11 |
12 | {{- if hasKey .Values.global "deployment" }}
13 | {{ fail "ERROR: 'global.deployment' is deprecated. Please use 'global.deploy' instead." }}
14 | {{- end }}
15 |
16 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/templates/helpers/_domain.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the external domain
8 | */}}
9 | {{- define "global.domain" -}}
10 | {{- $ctx := index . 0 }}
11 | {{- $subDomain := index . 1 }}
12 | {{- if hasKey $ctx.Values.global "ingress" }}
13 | {{- if hasKey $ctx.Values.global.ingress "domain" }}
14 | {{- $domain := $ctx.Values.global.ingress.domain }}
15 | {{- if $domain }}
16 | {{- printf "%s.%s" $subDomain $domain }}
17 | {{- else }}
18 | {{ fail "A valid domain entry (like example.com) is required!" }}
19 | {{- end }}
20 | {{- else }}
21 | {{ fail "Global domain is not defined!" }}
22 | {{- end }}
23 | {{- end }}
24 | {{- end }}
25 |
26 | {{- define "cluster.domain" -}}
27 | {{- $clusterDomain := "" -}}
28 | {{- $kubeDNS := (lookup "v1" "ConfigMap" "kube-system" "kube-dns") }}
29 | {{- if $kubeDNS }}
30 | {{- if $kubeDNS.data.domain }}
31 | {{- $clusterDomain = $kubeDNS.data.domain }}
32 | {{- end }}
33 | {{- end -}}
34 | {{- if not $clusterDomain }}
35 | {{- $coreDNS := (lookup "v1" "ConfigMap" "kube-system" "coredns") }}
36 | {{- if $coreDNS }}
37 | {{- if $coreDNS.data.Corefile }}
38 | {{- if contains "cluster.local" $coreDNS.data.Corefile }}
39 | {{- $clusterDomain = "cluster.local" }}
40 | {{- end }}
41 | {{- end }}
42 | {{- end }}
43 | {{- end -}}
44 | {{- if not $clusterDomain }}
45 | {{- $clusterDomain = "cluster.local" }}
46 | {{- end -}}
47 | {{- $clusterDomain -}}
48 | {{- end -}}
--------------------------------------------------------------------------------
/charts/csghub/templates/helpers/_ingress.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define if Ingress TLS enabled
8 | */}}
9 | {{- define "global.ingress.tls.enabled" -}}
10 | {{- $enabled := false }}
11 | {{- if hasKey .Values.global.ingress "tls" }}
12 | {{- if hasKey .Values.global.ingress.tls "enabled" }}
13 | {{- $enabled = .Values.global.ingress.tls.enabled }}
14 | {{- end }}
15 | {{- end }}
16 | {{- $enabled }}
17 | {{- end }}
18 |
19 | {{/*
20 | Define if Ingress TLS secret
21 | */}}
22 | {{- define "global.ingress.tls.secret" -}}
23 | {{- $secret := "" }}
24 | {{- if hasKey .Values.global.ingress "tls" }}
25 | {{- if hasKey .Values.global.ingress.tls "secretName" }}
26 | {{- if .Values.global.ingress.tls.secretName }}
27 | {{- $secret = .Values.global.ingress.tls.secretName }}
28 | {{- end }}
29 | {{- end }}
30 | {{- end }}
31 | {{- $secret }}
32 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/templates/helpers/_labels.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Kubernetes standard labels
8 | */}}
9 | {{- define "common.labels" -}}
10 | {{- $ctx := . }}
11 | {{- $customLabels := dict -}}
12 | {{- $service := "" -}}
13 | {{- $selectorOnly := false -}}
14 |
15 |
16 | {{- /* parse arguments */ -}}
17 | {{- if hasKey . "context" -}}
18 | {{- $ctx = .context -}}
19 | {{- $customLabels = .customLabels | default dict -}}
20 | {{- $service = .service | default "" -}}
21 | {{- $selectorOnly = .selector | default false -}}
22 | {{- end -}}
23 |
24 | {{- /* base labels */ -}}
25 | app.kubernetes.io/instance: {{ $ctx.Release.Name }}
26 |
27 | {{- if $service }}
28 | app.kubernetes.io/name: {{ $service }}
29 | {{- else }}
30 | app.kubernetes.io/name: {{ include "common.names.name" $ctx }}
31 | {{- end }}
32 |
33 | {{- if not $selectorOnly }}
34 | app.kubernetes.io/managed-by: {{ $ctx.Release.Service }}
35 | helm.sh/chart: {{ include "common.names.chart" $ctx }}
36 | {{- with $ctx.Chart.AppVersion }}
37 | app.kubernetes.io/version: {{ . | quote }}
38 | {{- end }}
39 | {{- end }}
40 |
41 | {{- /* custom labels */ -}}
42 | {{- range $key, $value := $customLabels }}
43 | {{ $key }}: {{ $value | quote }}
44 | {{- end -}}
45 | {{- end -}}
46 |
47 | {{- /*
48 | Selector labels
49 | */}}
50 | {{- define "common.labels.selector" -}}
51 | {{ include "common.labels" (dict "selector" true "context" .) }}
52 | {{- end -}}
53 |
54 | {{- /*
55 | Service Selector labels
56 | */}}
57 | {{- define "common.serviceSelectorLabels" -}}
58 | {{ include "common.labels" (dict "selector" true "service" .service "context" .context) }}
59 | {{- end -}}
60 |
61 | {{- /*
62 | Define matched labels for network policies
63 | */}}
64 | {{- define "common.labels.selector.netpol" -}}
65 | app.kubernetes.io/instance: {{ .Release.Name }}
66 | {{- end -}}
--------------------------------------------------------------------------------
/charts/csghub/templates/helpers/_portal.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the internal domain for portal
8 | */}}
9 | {{- define "portal.internal.domain" -}}
10 | {{- include "common.names.custom" (list . "portal") }}
11 | {{- end }}
12 |
13 | {{/*
14 | Define the internal port for portal
15 | */}}
16 | {{- define "portal.internal.port" -}}
17 | {{ include "csghub.svc.port" "portal" }}
18 | {{- end }}
19 |
20 | {{/*
21 | Define the internal endpoint for portal
22 | */}}
23 | {{- define "portal.internal.endpoint" -}}
24 | {{- printf "http://%s:%s" (include "portal.internal.domain" .) (include "portal.internal.port" .) -}}
25 | {{- end }}
26 |
27 | {{/*
28 | Define the external domain for portal
29 | */}}
30 | {{- define "portal.external.domain" -}}
31 | {{- include "global.domain" (list . "portal") }}
32 | {{- end }}
33 |
34 | {{/*
35 | Define the external endpoint for portal
36 | */}}
37 | {{- define "portal.external.endpoint" -}}
38 | {{- $domain := include "portal.external.domain" . }}
39 | {{- if eq .Values.global.ingress.service.type "NodePort" }}
40 | {{- if .Values.global.ingress.tls.enabled -}}
41 | {{- printf "https://%s:%s" $domain "30443" -}}
42 | {{- else }}
43 | {{- printf "http://%s:%s" $domain "30080" -}}
44 | {{- end }}
45 | {{- else }}
46 | {{- if .Values.global.ingress.tls.enabled -}}
47 | {{- printf "https://%s" $domain -}}
48 | {{- else }}
49 | {{- printf "http://%s" $domain -}}
50 | {{- end }}
51 | {{- end }}
52 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/templates/helpers/_ports.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Get the port number by service name
8 | */}}
9 | {{- define "csghub.svc.port" -}}
10 | {{- $serviceType := . -}}
11 | {{- $portMap := dict
12 | "server" 8080
13 | "user" 8080
14 | "accounting" 8086
15 | "aigateway" 8084
16 | "dataviewer" 8093
17 | "moderation" 8089
18 | "notification" 8095
19 | "rproxy" 8083
20 | "runner" 8082
21 | "portal" 8090
22 | -}}
23 |
24 | {{- if not (hasKey $portMap $serviceType) -}}
25 | {{- $validTypes := keys $portMap | sortAlpha | join ", " -}}
26 | {{- fail (printf "Invalid service type '%s'. Valid values: %s" $serviceType $validTypes) -}}
27 | {{- end -}}
28 |
29 | {{- get $portMap $serviceType -}}
30 | {{- end -}}
--------------------------------------------------------------------------------
/charts/csghub/templates/helpers/_proxy.tpl:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{/*
7 | Define the ip of proxy nginx service self-managed
8 | */}}
9 | {{- define "rproxy.nginx.ip" -}}
10 | {{- $ip := include "system.coredns.ip" . }}
11 | {{- $nip := regexReplaceAll "[0-9]+$" $ip "149" }}
12 | {{- $nip -}}
13 | {{- end }}
14 |
--------------------------------------------------------------------------------
/charts/csghub/templates/namespace.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.global.deploy.enabled }}
7 | apiVersion: v1
8 | kind: Namespace
9 | metadata:
10 | name: {{ .Values.global.deploy.namespace }}
11 | labels:
12 | kubernetes.io/metadata.name: {{ .Values.global.deploy.namespace }}
13 | {{- include "common.labels" (dict "context" . "service" "runner") | nindent 4 }}
14 | annotations:
15 | helm.sh/resource-policy: keep
16 | {{- if not .Values.global.deploy.mergingNamespace }}
17 | ---
18 | apiVersion: v1
19 | kind: Namespace
20 | metadata:
21 | name: {{ .Values.global.deploy.imageBuilder.namespace }}
22 | labels:
23 | kubernetes.io/metadata.name: {{ .Values.global.deploy.imageBuilder.namespace }}
24 | {{- include "common.labels" (dict "context" . "service" "runner") | nindent 4 }}
25 | annotations:
26 | helm.sh/resource-policy: keep
27 | {{- end }}
28 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/templates/pdb.yaml:
--------------------------------------------------------------------------------
1 | {{- /*
2 | Copyright OpenCSG, Inc. All Rights Reserved.
3 | SPDX-License-Identifier: APACHE-2.0
4 | */}}
5 |
6 | {{- if .Values.global.pdb.create }}
7 | apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
8 | kind: PodDisruptionBudget
9 | metadata:
10 | name: {{ include "common.names.custom" . }}
11 | namespace: {{ .Release.Namespace }}
12 | labels:
13 | {{- include "common.labels" . | nindent 4 }}
14 | spec:
15 | {{- if .Values.global.pdb.minAvailable }}
16 | minAvailable: {{ .Values.global.pdb.minAvailable }}
17 | {{- end }}
18 | {{- if or .Values.global.pdb.maxUnavailable ( not .Values.global.pdb.minAvailable ) }}
19 | maxUnavailable: {{ .Values.global.pdb.maxUnavailable | default 1 }}
20 | {{- end }}
21 | selector:
22 | matchLabels:
23 | app.kubernetes.io/instance: {{ .Release.Name }}
24 | {{- end }}
--------------------------------------------------------------------------------
/charts/csghub/tests/configmap_test.yaml:
--------------------------------------------------------------------------------
1 | suite: csghub configmap test
2 | templates:
3 | - configmap-space.yaml
4 | tests:
5 | - it: should render registry-docker-config secret right
6 | set:
7 | global.registry.enabled: true
8 | global.deploy.enabled: true
9 | global.deploy.autoConfigure: true
10 | global.ingress.domain: "opencsg-poc.com"
11 | csghub.runner.registry.username: "registry666"
12 | csghub.runner.registry.password: "registry@2025!"
13 | release:
14 | name: csghub
15 | namespace: csghub
16 | asserts:
17 | - matchRegex:
18 | path: data["space-app.yaml"]
19 | pattern: 'eyJhdXRocyI6eyJyZWdpc3RyeS5vcGVuY3NnLXBvYy5jb20iOnsidXNlcm5hbWUiOiJyZWdpc3RyeTY2NiIsInBhc3N3b3JkIjoicmVnaXN0cnlAMjAyNSEiLCJhdXRoIjoiY21WbmFYTjBjbmsyTmpZNmNtVm5hWE4wY25sQU1qQXlOU0U9In19fQ=='
20 |
21 |
--------------------------------------------------------------------------------
/charts/csghub/tests/deployment_test.yaml:
--------------------------------------------------------------------------------
1 | suite: image test
2 | templates:
3 | - deployment-gateway.yaml
4 | - deployment-server.yaml
5 | - deployment-portal.yaml
6 | - deployment-mirror.yaml
7 | - deployment-accounting.yaml
8 | - deployment-user.yaml
9 | - deployment-notification.yaml
10 | - deployment-runner.yaml
11 | - configmap-server.yaml
12 | - configmap-runner.yaml
13 | - configmap-proxy-nginx.
14 | - configmap-gateway-rproxy.yaml
15 | - configmap-gateway-moderation.yaml
16 | - configmap-portal.yaml
17 | - configmap-accounting.yaml
18 | tests:
19 | - it: global image should work and default ee
20 | templates:
21 | - deployment-gateway.yaml
22 | - deployment-server.yaml
23 | - deployment-portal.yaml
24 | - deployment-mirror.yaml
25 | - deployment-accounting.yaml
26 | - deployment-user.yaml
27 | - deployment-notification.yaml
28 | - deployment-runner.yaml
29 | set:
30 | global.image.tag: "v1.8.0"
31 | asserts:
32 | - matchRegex:
33 | path: spec.template.spec.containers[0].image
34 | pattern: v1.8.0-ee$
35 |
36 | - it: service-level image tag should not work when global.image.tag is set
37 | templates:
38 | - deployment-gateway.yaml
39 | - deployment-server.yaml
40 | - deployment-portal.yaml
41 | - deployment-mirror.yaml
42 | - deployment-accounting.yaml
43 | - deployment-user.yaml
44 | - deployment-notification.yaml
45 | - deployment-runner.yaml
46 | set:
47 | global.image.tag: "v1.8.0"
48 | csghub:
49 | aigateway:
50 | image:
51 | tag: "v1.8.1"
52 | asserts:
53 | - matchRegex:
54 | path: spec.template.spec.containers[0].image
55 | pattern: v1.8.0-ee$
--------------------------------------------------------------------------------
/charts/csghub/tests/examples_test.yaml:
--------------------------------------------------------------------------------
1 | ## tests for examples/
2 | suite: examples test
3 | tests:
4 | - it: should render values-ee.yaml right
5 | values:
6 | - ../examples/values-ee.yaml
7 | release:
8 | name: csghub
9 | namespace: csghub
10 | asserts:
11 | - containsDocument:
12 | kind: StatefulSet
13 | name: csghub-web
14 | apiVersion: apps/v1
15 | namespace: csghub
16 | template: charts/starship/charts/web/templates/statefulset.yaml
17 | - containsDocument:
18 | kind: Deployment
19 | name: csghub-frontend
20 | apiVersion: apps/v1
21 | namespace: csghub
22 | template: charts/starship/charts/frontend/templates/deployment.yaml
23 | - containsDocument:
24 | kind: Deployment
25 | name: csghub-billing
26 | apiVersion: apps/v1
27 | namespace: csghub
28 | template: charts/starship/charts/billing/templates/deployment.yaml
29 | - containsDocument:
30 | kind: Deployment
31 | name: csghub-agentic
32 | apiVersion: apps/v1
33 | namespace: csghub
34 | template: charts/starship/charts/agentic/templates/deployment.yaml
35 | - containsDocument:
36 | kind: Deployment
37 | name: csghub-worker
38 | apiVersion: apps/v1
39 | namespace: csghub
40 | template: charts/starship/charts/worker/templates/deployment.yaml
41 |
42 |
--------------------------------------------------------------------------------
/charts/csghub/tests/gitaly_test.yaml:
--------------------------------------------------------------------------------
1 | suite: gitaly test
2 | tests:
3 | - it: should render gitaly configmap right
4 | templates:
5 | - charts/gitaly/templates/configmap.yaml
6 | set:
7 | global.gitaly.enabled: true
8 | release:
9 | name: csghub
10 | asserts:
11 | - matchRegex:
12 | path: data["config.toml"]
13 | pattern: "listen_addr = \"0.0.0.0:8075\""
14 | - matchRegex:
15 | path: data["config.toml"]
16 | pattern: "token = \"Y3NnaHViQDEyMzQh\""
17 |
18 | - it: gitlab_shell_secrets should match gitaly token
19 | templates:
20 | - charts/gitlab-shell/templates/configmap.yaml
21 | set:
22 | global.gitaly.enabled: true
23 | release:
24 | name: csghub
25 | asserts:
26 | - matchRegex:
27 | path: data[".gitlab_shell_secret"]
28 | pattern: "Y3NnaHViQDEyMzQh"
29 |
--------------------------------------------------------------------------------
/ct.yaml:
--------------------------------------------------------------------------------
1 | remote: origin
2 | target-branch: main-ee
3 | chart-dirs:
4 | - helm/charts/csghub
5 | chart-repos:
6 | helm-extra-args: --timeout 600s
7 | check-version-increment: true
8 | validate-maintainers: false
9 | lint-conf: lintconf.yaml
10 |
11 |
--------------------------------------------------------------------------------
/lintconf.yaml:
--------------------------------------------------------------------------------
1 | rules:
2 | colons:
3 | max-spaces-before: -1
4 | max-spaces-after: 1
5 | commas:
6 | max-spaces-before: -1
7 | min-spaces-after: 1
8 | max-spaces-after: 1
9 | comments: disable
10 | comments-indentation: disable
11 | document-start: disable
12 | empty-lines:
13 | max: 3
14 | max-start: 0
15 | max-end: 0
16 | hyphens:
17 | max-spaces-after: 1
18 | indentation:
19 | spaces: consistent
20 | indent-sequences: true
21 | check-multi-line-strings: false
22 | key-duplicates: enable
23 | line-length:
24 | max: 150
25 | allow-non-breakable-words: true
26 | allow-non-breakable-inline-mappings: false
27 | new-line-at-end-of-file: disable
28 | trailing-spaces: enable
29 | truthy:
30 | allowed-values: ['true', 'false']
31 | check-keys: false
32 |
33 |
--------------------------------------------------------------------------------