├── .czrc ├── .env ├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── dependabot.yml ├── pull_request_template.md └── workflows │ ├── pr-sizing.yaml │ ├── release.yaml │ └── test.yaml ├── .gitignore ├── .pre-commit-config.yaml ├── CODEOWNERS ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md ├── adfinis-charts-repo.yaml ├── charts ├── argo-apps │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── examples │ │ ├── argo-rollouts.yaml │ │ └── argocd-notifications.yaml │ ├── templates │ │ ├── NOTES.txt │ │ └── argo-rollouts.yaml │ └── values.yaml ├── argoconfig │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── templates │ │ ├── _appProject.yaml │ │ ├── _application.yaml │ │ ├── _applicationSet.yaml │ │ └── _helpers.tpl │ └── values.yaml ├── azure-apps │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── examples │ │ ├── azure-workload-identity-webhook.yaml │ │ ├── promitor.yaml │ │ └── secrets-store-csi-driver-provider-azure.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── azure-kv-csi-provider.yaml │ │ ├── azure-workload-identity-webhook.yaml │ │ ├── promitor-resource-discovery.yaml │ │ └── promitor-scraper.yaml │ └── values.yaml ├── back8sup │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── clusterrole.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── configmap.yaml │ │ ├── cronjob.yaml │ │ ├── pvc.yaml │ │ ├── serviceaccount.yaml │ │ └── tests │ │ │ └── job.yaml │ └── values.yaml ├── backup-apps │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── examples │ │ ├── back8sup.yaml │ │ └── barman.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── back8sup.yaml │ │ └── barman.yaml │ └── values.yaml ├── barman │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── examples │ │ └── barman.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── clusterrole.yaml │ │ ├── configmap-barman-backups.yaml │ │ ├── configmap-barman-cron.yaml │ │ ├── configmap-barman.yaml │ │ ├── configmap-entrypoint.yaml │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── prometheus │ │ │ ├── prometheusrules.yaml │ │ │ ├── service-barman-exporter.yaml │ │ │ └── servicemonitor.yaml │ │ ├── pvc.yaml │ │ ├── rolebinding.yaml │ │ ├── secret-pgpass.yaml │ │ └── service.yaml │ └── values.yaml ├── cert-manager-issuers │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── examples │ │ ├── awspcaclusterissuer.yaml │ │ ├── awspcaissuer.yaml │ │ ├── disable-issuers.yaml │ │ ├── letsencrypt-clusterissuers.yaml │ │ ├── selfsigned-singleton-clusterissuer.yaml │ │ └── vault-pki-issuers-in-namespaces.yaml │ ├── logo.png │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── awspcaclusterissuers.yaml │ │ ├── awspcaissuers.yaml │ │ ├── clusterissuers.yaml │ │ └── issuers.yaml │ ├── tests │ │ ├── __snapshot__ │ │ │ ├── awspcaclusterissuers_test.yaml.snap │ │ │ ├── awspcaissuers_test.yaml.snap │ │ │ ├── clusterissuers_test.yaml.snap │ │ │ └── issuers_test.yaml.snap │ │ ├── awspcaclusterissuers_test.yaml │ │ ├── awspcaissuers_test.yaml │ │ ├── clusterissuers_test.yaml │ │ └── issuers_test.yaml │ └── values.yaml ├── cert-manager-monitoring │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── grafana │ │ └── dashboards │ │ │ └── cert-manager.json │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── grafana │ │ │ └── configmap-dashboard.yaml │ │ └── prometheus │ │ │ └── prometheusrule.yaml │ └── values.yaml ├── common │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── _chartref.tpl │ │ ├── _fullname.tpl │ │ ├── _metadata.tpl │ │ ├── _metadata_labels.tpl │ │ ├── _name.tpl │ │ └── _util.tpl │ └── values.yaml ├── csi-secret-provider-class │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ └── secretproviderclass.yaml │ ├── tests │ │ ├── __snapshot__ │ │ │ ├── dummydeployment_test.yaml.snap │ │ │ └── secretproviderclass_test.yaml.snap │ │ ├── dummydeployment_test.yaml │ │ └── secretproviderclass_test.yaml │ └── values.yaml ├── customer-center │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ └── service.yaml │ └── values.yaml ├── hedgedoc │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── database.yaml │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── pvc.yaml │ │ ├── secret.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── servicemonitor.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ └── values.yaml ├── infra-apps │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── examples │ │ ├── argocd.yaml │ │ ├── cert-manager-issuers.yaml │ │ ├── cert-manager-on-aks.yaml │ │ ├── cert-manager.yaml │ │ ├── kubernetes-event-exporter.yaml │ │ ├── kured.yaml │ │ ├── mimir.yaml │ │ ├── nginx-ingress-on-aks.yaml │ │ ├── nginx-ingress.yaml │ │ ├── prometheus.yaml │ │ ├── rbac-manager.yaml │ │ └── velero.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── argocd.yaml │ │ ├── cert-manager-monitoring.yaml │ │ ├── certmgr-issuers.yaml │ │ ├── certmgr.yaml │ │ ├── ingress.yaml │ │ ├── kubernetes-event-exporter.yaml │ │ ├── kured.yaml │ │ ├── mimir.yaml │ │ ├── monitoring.yaml │ │ ├── rbac.yaml │ │ └── velero.yaml │ └── values.yaml ├── keycloak-operator │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ ├── default-values.yaml │ │ └── operand-values.yaml │ ├── crds │ │ ├── keycloakrealmimports.k8s.keycloak.org-v1.yml │ │ └── keycloaks.k8s.keycloak.org-v1.yml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── keycloak │ │ │ ├── keycloak.yaml │ │ │ └── keycloakrealmimport.yaml │ │ └── operator │ │ │ ├── clusterrole.yaml │ │ │ ├── deployment.yaml │ │ │ ├── rolebinding.yaml │ │ │ ├── roles.yaml │ │ │ ├── service.yaml │ │ │ └── serviceaccount.yaml │ ├── tests │ │ ├── __snapshot__ │ │ │ ├── default_test.yaml.snap │ │ │ └── operand_test.yaml.snap │ │ ├── default_test.yaml │ │ └── operand_test.yaml │ └── values.yaml ├── kubernetes-etcd-backup │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── _helpers.tpl │ │ ├── additionalPrometheusRules.yaml │ │ ├── configmap.yaml │ │ ├── cronjob.yaml │ │ ├── prometheusrule.yaml │ │ ├── pvc.yaml │ │ └── secret.yaml │ └── values.yaml ├── logging-apps │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── examples │ │ ├── filebeat.yaml │ │ ├── fluentBit.yaml │ │ ├── fluentd.yaml │ │ ├── loki.yaml │ │ └── promtail.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── filebeat.yaml │ │ ├── fluentBit.yaml │ │ ├── fluentd.yaml │ │ ├── loki-stack.yaml │ │ ├── loki.yaml │ │ └── promtail.yaml │ └── values.yaml ├── misc-apps │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── examples │ │ ├── argocd-apps.yaml │ │ ├── chartmuseum.yaml │ │ ├── goldilocks.yaml │ │ ├── grafana-agent-operator.yaml │ │ ├── keda.yaml │ │ ├── kube-downscaler.yaml │ │ ├── metallb.yaml │ │ ├── opencost.yaml │ │ ├── prometheus-msteams.yaml │ │ ├── reloader.yaml │ │ ├── sentry-kubernetes.yaml │ │ └── signalilo.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── argocd-apps.yaml │ │ ├── chartmuseum.yaml │ │ ├── downscaler.yaml │ │ ├── goldilocks.yaml │ │ ├── grafana-agent-operator.yaml │ │ ├── keda.yaml │ │ ├── metallb.yaml │ │ ├── opencost.yaml │ │ ├── prometheus-msteams.yaml │ │ ├── reloader.yaml │ │ ├── sentry-kubernetes.yaml │ │ └── signalilo.yaml │ └── values.yaml ├── mopsos │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── dashboards │ │ └── mopsos-data.json │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap-dashboard.yaml │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── rollout.yaml │ │ ├── secret.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ ├── tests │ │ ├── __snapshot__ │ │ │ └── deployment_test.yaml.snap │ │ ├── deployment_existingSecret_test.yaml │ │ ├── deployment_test.yaml │ │ ├── secret_basicauthusers_test.yaml │ │ └── secret_existingSecret_test.yaml │ └── values.yaml ├── openshift-etcd-backup │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── _helpers.tpl │ │ ├── additionalPrometheusRules.yaml │ │ ├── ca-inject.yaml │ │ ├── configmap.yaml │ │ ├── cronjob.yaml │ │ ├── prometheusrule.yaml │ │ ├── pvc.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── secret.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── osschallenge │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── job-dbmigrate.yaml │ │ ├── pvc.yaml │ │ ├── secret-backend.yaml │ │ ├── service.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ └── values.yaml ├── rbac-definitions │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── examples │ │ ├── clusterrolebinding.yaml │ │ ├── enabled-and-disabled.yaml │ │ └── namespaceselector.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ └── rbacdefinitions.yaml │ ├── tests │ │ ├── __snapshot__ │ │ │ └── rbacdefinitions_test.yaml.snap │ │ └── rbacdefinitions_test.yaml │ └── values.yaml ├── security-apps │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── examples │ │ ├── dex-k8s-authenticator.yaml │ │ ├── dex.yaml │ │ ├── falco-exporter.yaml │ │ ├── falco.yaml │ │ ├── gangway.yaml │ │ ├── gatekeeper.yaml │ │ ├── kyverno.yaml │ │ ├── neuvector.yaml │ │ ├── oauth2-proxy.yaml │ │ ├── secrets-store-csi-driver.yaml │ │ ├── stackrox.yaml │ │ └── vault-monitoring.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── dex-k8s-authenticator.yaml │ │ ├── dex.yaml │ │ ├── falco-exporter.yaml │ │ ├── falco.yaml │ │ ├── gangway.yaml │ │ ├── gatekeeper.yaml │ │ ├── kyverno-policies.yaml │ │ ├── kyverno.yaml │ │ ├── neuvector.yaml │ │ ├── neuvectorMonitor.yaml │ │ ├── oauth2-proxy.yaml │ │ ├── secrets-store-csi-driver.yaml │ │ ├── stackrox-central-services.yaml │ │ ├── stackrox-secured-cluster-services.yaml │ │ ├── vault-monitoring.yaml │ │ └── vault.yaml │ └── values.yaml ├── storage-apps │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── examples │ │ ├── ceph-csi-cephfs.yaml │ │ ├── ceph-csi-rbd.yaml │ │ ├── csi-driver-smb.yaml │ │ └── minio.yaml │ ├── templates │ │ ├── ceph-csi-cephfs.yaml │ │ ├── ceph-csi-rbd.yaml │ │ ├── csi-driver-smb.yaml │ │ └── minio.yaml │ └── values.yaml ├── tracing-apps │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── examples │ │ ├── jaegerOperator.yaml │ │ └── opentelemetryCollector.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── jaegerOperator.yaml │ │ └── opentelemetryCollector.yaml │ └── values.yaml ├── vault-auth │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── default-values.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── clusterrolebinding.yaml │ │ └── serviceaccount.yaml │ └── values.yaml └── vault-monitoring │ ├── .Chart.yaml.swp │ ├── Chart.yaml │ ├── README.md │ ├── ci │ └── default-values.yaml │ ├── examples │ └── values.yaml │ ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── configmap.yaml │ ├── endpoint.yaml │ ├── prometheusrules.yaml │ ├── secret.yaml │ ├── service.yaml │ └── servicemonitor.yaml │ └── values.yaml ├── docs ├── README.md ├── argocd-app-of-apps.md ├── development.md ├── documentation.md └── images │ └── lunkwill_helm_shirt.png └── hack ├── chart-testing ├── ct-install.yaml └── ct.yaml ├── ci └── github │ ├── setup │ ├── pre-commit.sh │ └── release.sh │ └── steps │ └── update-page.sh ├── config ├── helm-docs │ └── README.md.gotmpl └── update-readme │ ├── README.md.gotmpl │ ├── indexpage.yaml │ └── readme.yaml ├── deploy └── init.sh ├── helm-docs.sh ├── pluto.sh ├── sh ├── _functions.sh ├── deps │ ├── ah.sh │ ├── gomplate.sh │ ├── helm-docs.sh │ ├── helm.sh │ ├── pluto.sh │ ├── pre-commit.sh │ └── yq.sh └── rc.sh ├── update-readme.sh └── update-snapshots.sh /.czrc: -------------------------------------------------------------------------------- 1 | { 2 | "path": "cz-conventional-changelog" 3 | } 4 | -------------------------------------------------------------------------------- /.env: -------------------------------------------------------------------------------- 1 | 2 | # paths 3 | ADFINIS_CHARTS_TMP_BIN=".tmp/bin" 4 | 5 | # settings 6 | ADFINIS_CHARTS_INFRA_NS="argocd" 7 | 8 | # hack tools 9 | ADFINIS_CHARTS_GOMPLATE_VERSION="3.11.7" 10 | ADFINIS_CHARTS_HELM_VERSION="3.14.0" 11 | ADFINIS_CHARTS_HELM_DOCS_VERSION="1.13.0" 12 | ADFINIS_CHARTS_YQ_VERSION="4.40.5" 13 | ADFINIS_CHARTS_PLUTO_VERSION="5.19.0" 14 | ADFINIS_CHARTS_AH_VERSION="1.17.0" 15 | HELM_DOCS_TEMPLATE_FILE="hack/config/helm-docs/README.md.gotmpl" 16 | 17 | # infra tools 18 | ADFINIS_CHARTS_ARGOCD_VERSION="2.9.4" 19 | ADFINIS_CHARTS_KUBE_PROMETHEUS_STACK_VERISON="54.2.2" 20 | ADFINIS_CHARTS_SECRETS_STORE_CSI_DRIVER_VERSION="1.4.1" 21 | ADFINIS_CHARTS_CERT_MANAGER_VERSION="1.15.0" 22 | ADFINIS_CHARTS_RBAC_MANAGER_VERSION="1.8.0" 23 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # we use .gitattributes for linguist for hinting, see: 2 | # 3 | 4 | # generated files 5 | README.md linguist-generated=true 6 | charts/*/charts/README.md linguist-generated=true 7 | charts/*/test//__snapshot__/*.snap linguist-generated=true 8 | 9 | # override smarty/mustache language 10 | charts/*/templates/*.tpl linguist-language=Go 11 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | **Affected chart** 10 | Tell us which chart is affected by the bug. 11 | 12 | **Describe the bug** 13 | A clear and concise description of what the bug is. 14 | 15 | **To Reproduce** 16 | Steps to reproduce the behavior: 17 | 1. Go to '...' 18 | 2. Click on '....' 19 | 3. Scroll down to '....' 20 | 4. See error 21 | 22 | **Expected behavior** 23 | A clear and concise description of what you expected to happen. 24 | 25 | **Logs** 26 | If applicable, add logs or screenshots to help illustrate the problem. 27 | 28 | **Affected version** 29 | Which version of the chart were you using. 30 | 31 | **Values** 32 | Let us know of any specific values you have configured. 33 | 34 | **Environment** 35 | What version of Kubernetes from what vendor are you using. What version of Helm are you using. 36 | * output of `kubernetes version` 37 | * output of `helm vesion` 38 | 39 | **Additional context** 40 | Add any other context about the problem here. 41 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for a chart 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | **Is your feature request related to a problem? Please describe.** 10 | A clear and concise description of what the problem is, e.g. "I'm always frustrated when [...]" 11 | 12 | **Describe the solution you'd like** 13 | A clear and concise description of what you want to happen. 14 | 15 | **Describe alternatives you've considered** 16 | A clear and concise description of any alternative solutions or features you've considered. 17 | 18 | **Affected chart** 19 | If applicable, tell us which chart this request is about. If requesting a new chart, link 20 | other efforts and explain why they do not work for your case. 21 | 22 | **Additional context** 23 | Add any other context or screenshots about the feature request here. 24 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | 2 | version: 2 3 | updates: 4 | 5 | # Maintain dependencies for GitHub Actions 6 | - package-ecosystem: "github-actions" 7 | directory: "/" 8 | schedule: 9 | interval: "daily" 10 | -------------------------------------------------------------------------------- /.github/workflows/pr-sizing.yaml: -------------------------------------------------------------------------------- 1 | ## Reference: https://github.com/pascalgn/size-label-action 2 | --- 3 | name: 'PR Size' 4 | on: 5 | pull_request_target: 6 | types: [opened, synchronize, reopened] 7 | jobs: 8 | size-label: 9 | runs-on: ubuntu-latest 10 | steps: 11 | - name: size-label 12 | uses: "pascalgn/size-label-action@v0.5.5" 13 | env: 14 | GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 15 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .tmp/ 2 | charts/*/charts/ 3 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | - repo: https://github.com/norwoodj/helm-docs 3 | rev: v1.12.0 4 | hooks: 5 | - id: helm-docs 6 | args: 7 | - --template-files=./hack/config/helm-docs/README.md.gotmpl 8 | - repo: local 9 | hooks: 10 | - id: update-readme 11 | name: Update root README.md 12 | language: script 13 | entry: ./hack/update-readme.sh 14 | - id: update-unittest-snapshots 15 | name: Update helm unittests snapshots 16 | language: script 17 | entry: ./hack/update-snapshots.sh 18 | files: "^charts/.*/Chart.yaml" 19 | - repo: https://github.com/pre-commit/pre-commit-hooks 20 | rev: v2.5.0 21 | hooks: 22 | - id: trailing-whitespace 23 | - id: end-of-file-fixer 24 | - id: check-symlinks 25 | - id: check-merge-conflict 26 | - id: check-case-conflict 27 | - id: detect-aws-credentials 28 | args: 29 | - --allow-missing-credentials 30 | - id: detect-private-key 31 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # All helm chart related stuff should belong to the helm charts team 2 | * @adfinis/helm-charts 3 | 4 | # Add specific owners to specific charts where ownership extends above group 5 | /charts/argoconfig @adfinis/helm-charts @hairmare 6 | /charts/back8sup @adfinis/helm-charts @eyenx @tongpu 7 | /charts/caasperli @adfinis/helm-charts @hairmare 8 | /charts/cert-manager-issuers @adfinis/helm-charts @hairmare 9 | /charts/common @adfinis/helm-charts @hairmare 10 | /charts/csi-secret-provider-class @adfinis/helm-charts @hairmare @eyenx 11 | /charts/customer-center @adfinis/helm-charts @adfinis/dev-devops 12 | /charts/osschallenge @adfinis/helm-charts @trowik 13 | /charts/vault-auth @adfinis/helm-charts @eyenx 14 | /charts/vault-monitoring @adfinis/helm-charts @pree @eyenx 15 | /charts/mopsos @adfinis/helm-charts @hairmare @eyenx 16 | /charts/timed @adfinis/helm-charts @adfinis/dev-devops 17 | /charts/osschallenge @adfinis/helm-charts @adfinis/dev-devops 18 | /charts/hedgedoc @adfinis/helm-charts @altesockensuppe @gianklug 19 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Contributions to the Adfinis Helm Charts are very welcome! Have a look at the 4 | open [issues](https://github.com/adfinis/helm-charts/issues) and open 5 | a pull request. See our [docs](./docs/development.md) for how to setup a 6 | development environment. Before writing any code, best discuss your proposed 7 | change in a GitHub issue to see if the proposed change makes sense for the 8 | project. 9 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: help 2 | help: 3 | @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' 4 | 5 | .PHONY: pre-commit 6 | pre-commit: ## Run pre-commit run -a 7 | pre-commit run -a 8 | 9 | .PHONY: helm-docs 10 | helm-docs: ## Run helm-docs 11 | @hack/helm-docs.sh 12 | 13 | .PHONY: update-readme 14 | update-readme: ## Update readme using gomplate 15 | @hack/update-readme.sh 16 | -------------------------------------------------------------------------------- /adfinis-charts-repo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.openshift.io/v1beta1 2 | kind: HelmChartRepository 3 | metadata: 4 | name: adfinis-helm-charts 5 | spec: 6 | name: Adfinis Helm Charts 7 | connectionConfig: 8 | url: https://charts.adfinis.com/ 9 | -------------------------------------------------------------------------------- /charts/argo-apps/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/argo-apps/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: argoconfig 3 | repository: https://charts.adfinis.com 4 | version: 0.9.1 5 | digest: sha256:3d78f4fd2b6073998ef1038735a127469cc403accd13513e8d0000ad02c21016 6 | generated: "2024-01-12T10:04:58.664876275+01:00" 7 | -------------------------------------------------------------------------------- /charts/argo-apps/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: argo-apps 3 | description: Argo CD app-of-apps config for various argo project components 4 | type: application 5 | version: 0.26.0 6 | home: https://github.com/adfinis/helm-charts/tree/main/charts/argo-apps 7 | sources: 8 | - https://github.com/adfinis/helm-charts 9 | maintainers: 10 | - name: adfinis 11 | email: support@adfinis.com 12 | url: https://adfinis.com 13 | dependencies: 14 | - name: argoconfig 15 | version: 0.9.1 16 | repository: https://charts.adfinis.com 17 | annotations: 18 | artifacthub.io/changes: | 19 | - kind: changed 20 | description: | 21 | Remove deprecated Argo CD Notifications App. 22 | 23 | The functionality has been merged into the main Argo CD application. 24 | -------------------------------------------------------------------------------- /charts/argo-apps/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | argoRollouts: 2 | enabled: true 3 | values: 4 | TODO: add values in values.yaml 5 | -------------------------------------------------------------------------------- /charts/argo-apps/examples/argo-rollouts.yaml: -------------------------------------------------------------------------------- 1 | # Argo Rollouts 2 | # 3 | # Set up Argo Rollouts, the progressive delivery controller for Kubernetes. 4 | 5 | argoRollouts: 6 | enabled: true 7 | values: 8 | metrics: 9 | enabled: true 10 | serviceMonitor: 11 | enabled: true 12 | additionalLabels: 13 | k8s.adfinis.com/prometheus: kube-prometheus 14 | dashboard: 15 | enabled: true 16 | -------------------------------------------------------------------------------- /charts/argo-apps/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | The following apps have been provisioned in Argo CD: 2 | {{ if .Values.argoRollouts.enabled }} 3 | * Argo Rollouts 4 | {{ end }} 5 | -------------------------------------------------------------------------------- /charts/argo-apps/values.yaml: -------------------------------------------------------------------------------- 1 | argoconfig: 2 | application: 3 | # -- Optional annotations to add to all Applications metadata. 4 | annotations: {} 5 | 6 | # -- [Argo Rollouts](https://argoproj.github.io/argo-rollouts/) ([example](./examples/argo-rollouts.yaml)) 7 | # @default -- - 8 | argoRollouts: 9 | # -- Enable Argo Rollouts 10 | enabled: false 11 | name: argo-rollouts 12 | # -- Annotations for Argo Rollouts app 13 | annotations: {} 14 | destination: 15 | # -- Namespace 16 | namespace: "infra-argo-rollouts" 17 | # -- Repo URL 18 | # @default -- [repo](https://argoproj.github.io/argo-helm) 19 | repoURL: "https://argoproj.github.io/argo-helm" 20 | # -- Chart 21 | chart: "argo-rollouts" 22 | # -- [argo-rollouts Helm chart](https://github.com/argoproj/argo-helm/tree/main/charts/argo-rollouts) version 23 | targetRevision: "2.38.0" 24 | # -- Helm values 25 | # @default -- [upstream values](https://github.com/argoproj/argo-helm/blob/main/charts/argo-rollouts/values.yaml) 26 | values: {} 27 | -------------------------------------------------------------------------------- /charts/argoconfig/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/argoconfig/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: common 3 | repository: https://charts.adfinis.com 4 | version: 0.0.8 5 | digest: sha256:c6415af229ea28b13072a56d889129c9ab3b581471cec46e4da8b848d7035b2b 6 | generated: "2022-08-04T22:10:54.041045424+02:00" 7 | -------------------------------------------------------------------------------- /charts/argoconfig/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: argoconfig 3 | description: Configure Argo CD AppProjects and Applications 4 | type: library 5 | version: 0.9.1 6 | home: https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/ 7 | sources: 8 | - https://github.com/adfinis/helm-charts/tree/main/charts/argoconfig 9 | maintainers: 10 | - name: adfinis 11 | email: support@adfinis.com 12 | url: https://adfinis.com 13 | dependencies: 14 | - name: common 15 | repository: https://charts.adfinis.com 16 | version: 0.0.8 17 | annotations: 18 | artifacthub.io/changes: | 19 | - kind: changed 20 | description: "Remove empty syncPolicy to fix going out-of-sync in argoCD" 21 | -------------------------------------------------------------------------------- /charts/argoconfig/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | clusters: 2 | defaults: 3 | namespace: ~ 4 | local: 5 | enabled: true 6 | namespace: ~ 7 | appProject: 8 | enabled: true 9 | namespace: ~ 10 | apps: 11 | defaults: 12 | enabled: true 13 | namespace: ~ 14 | source: 15 | repoURL: "https://charts.example.com" 16 | chart: "example" 17 | targetRevision: 'HEAD' 18 | -------------------------------------------------------------------------------- /charts/argoconfig/templates/_appProject.yaml: -------------------------------------------------------------------------------- 1 | {{- define "argoconfig.appProject.tpl" -}} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: AppProject 4 | {{ template "common.metadata" . }} 5 | spec: 6 | clusterResourceWhitelist: [] 7 | destinations: [] 8 | sourceRepos: [] 9 | {{- end }} 10 | {{- define "argoconfig.appProject" -}} 11 | {{- include "common.util.merge" (append . "argoconfig.appProject.tpl") -}} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /charts/argoconfig/templates/_application.yaml: -------------------------------------------------------------------------------- 1 | {{- define "argoconfig.application.tpl" -}} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: Application 4 | {{ template "common.metadata" . }} 5 | {{ if .Values.argoconfig -}} 6 | {{ if .Values.argoconfig.application -}} 7 | {{ if .Values.argoconfig.application.annotations }} 8 | annotations: 9 | {{ toYaml .Values.argoconfig.application.annotations | indent 4 }} 10 | {{ end -}} 11 | {{ end -}} 12 | {{ end -}} 13 | spec: 14 | project: "default" 15 | source: {} 16 | destination: 17 | server: "https://kubernetes.default.svc" 18 | {{- end -}} 19 | {{- define "argoconfig.application" -}} 20 | {{- include "common.util.merge" (append . "argoconfig.application.tpl") -}} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /charts/argoconfig/templates/_applicationSet.yaml: -------------------------------------------------------------------------------- 1 | {{- define "argoconfig.applicationSet.tpl" -}} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: ApplicationSet 4 | {{ template "common.metadata" . }} 5 | spec: 6 | generators: [] 7 | template: {} 8 | {{- end }} 9 | {{- define "argoconfig.applicationSet" -}} 10 | {{- include "common.util.merge" (append . "argoconfig.applicationSet.tpl") -}} 11 | {{- end -}} 12 | -------------------------------------------------------------------------------- /charts/argoconfig/values.yaml: -------------------------------------------------------------------------------- 1 | # library chart values are purely for documentation purposes 2 | 3 | argoconfig: 4 | application: 5 | # -- Optional annotations to add to Application metadata. 6 | annotations: {} 7 | -------------------------------------------------------------------------------- /charts/azure-apps/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/azure-apps/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: argoconfig 3 | repository: https://charts.adfinis.com 4 | version: 0.9.1 5 | digest: sha256:3d78f4fd2b6073998ef1038735a127469cc403accd13513e8d0000ad02c21016 6 | generated: "2024-01-12T10:07:05.660372547+01:00" 7 | -------------------------------------------------------------------------------- /charts/azure-apps/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: azure-apps 3 | description: Argo CD app-of-apps config for Azure applications 4 | type: application 5 | version: 0.15.0 6 | home: https://github.com/adfinis/helm-charts/tree/main/charts/azure-apps 7 | sources: 8 | - https://github.com/adfinis/helm-charts 9 | maintainers: 10 | - name: adfinis 11 | email: support@adfinis.com 12 | url: https://adfinis.com 13 | dependencies: 14 | - name: argoconfig 15 | version: 0.9.1 16 | repository: https://charts.adfinis.com 17 | annotations: 18 | artifacthub.io/changes: | 19 | - kind: changed 20 | description: "update promitor agent scraper to 2.14.0" 21 | links: 22 | - name: "Pull Request" 23 | url: https://github.com/promitor/charts/pull/179 24 | - kind: changed 25 | description: "update promitor agent resource discovery to 0.13.0" 26 | links: 27 | - name: "Pull Request" 28 | url: https://github.com/promitor/charts/pull/179 29 | -------------------------------------------------------------------------------- /charts/azure-apps/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | azureKvCsiProvider: 2 | enabled: true 3 | values: {} 4 | promitorScraper: 5 | enabled: true 6 | values: {} 7 | promitorResourceDiscovery: 8 | enabled: true 9 | values: {} 10 | azureWorkloadIdentityWebhook: 11 | enabled: true 12 | values: {} 13 | -------------------------------------------------------------------------------- /charts/azure-apps/examples/azure-workload-identity-webhook.yaml: -------------------------------------------------------------------------------- 1 | azureWorkloadIdentityWebhook: 2 | enabled: true 3 | project: azure-workload-identity-system 4 | values: 5 | azureTenantID: 6 | -------------------------------------------------------------------------------- /charts/azure-apps/examples/secrets-store-csi-driver-provider-azure.yaml: -------------------------------------------------------------------------------- 1 | azureKvCsiProvider: 2 | enabled: true 3 | project: infra-azure-kv-csi-provider 4 | values: 5 | secrets-store-csi-driver: 6 | # Install RBAC roles and bindings required for K8S Secrets syncing if true 7 | syncSecret: 8 | enabled: true 9 | enableSecretRotation: true 10 | -------------------------------------------------------------------------------- /charts/azure-apps/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | The following apps are available: 2 | {{ if .Values.azureKvCsiProvider.enabled }} 3 | * secrets-store-csi-driver-provider-azure 4 | {{ end }} 5 | {{ if .Values.promitorScraper.enabled }} 6 | * promitor scraper 7 | {{ end }} 8 | {{ if .Values.promitorResourceDiscovery.enabled }} 9 | * promitor resource discovery 10 | {{ end }} 11 | -------------------------------------------------------------------------------- /charts/azure-apps/templates/promitor-scraper.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.promitorScraper.enabled }} 2 | {{ template "argoconfig.application" (list . "azure-apps.promitorScraper") }} 3 | {{ end }} 4 | 5 | {{- define "azure-apps.promitorScraper" -}}{{- $app := unset .Values.promitorScraper "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/back8sup/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/back8sup/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: back8sup 3 | description: Deploy back8sup to a Kubernetes Cluster 4 | type: application 5 | version: 0.4.8 6 | appVersion: v0.7.10 7 | home: https://github.com/adfinis/back8sup 8 | sources: 9 | - https://github.com/adfinis/back8sup 10 | - https://github.com/adfinis/helm-charts/tree/main/charts/back8sup 11 | maintainers: 12 | - name: adfinis 13 | email: support@adfinis.com 14 | url: https://adfinis.com 15 | -------------------------------------------------------------------------------- /charts/back8sup/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | persistence: 2 | enabled: false 3 | -------------------------------------------------------------------------------- /charts/back8sup/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Cronjob for back8sup deployed successfully. 2 | 3 | Please consider triggering a manual backup to verify that back8sup is working: 4 | kubectl create job --from=cronjob/{{ include "back8sup.fullname" . }} back8sup-manual-run 5 | Check if the job ran to completion: 6 | kubectl get job/back8sup-manual-run 7 | And delete the manual job if everything worked fine: 8 | kubectl delete job/back8sup-manual-run 9 | -------------------------------------------------------------------------------- /charts/back8sup/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbacCreate }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | {{- include "back8sup.labels" . | nindent 4 }} 7 | name: {{ include "back8sup.fullname" . }}-cluster-reader 8 | rules: 9 | - apiGroups: 10 | - '*' 11 | resources: 12 | - '*' 13 | verbs: 14 | - get 15 | - list 16 | - nonResourceURLs: 17 | - '*' 18 | verbs: 19 | - get 20 | - list 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/back8sup/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbacCreate }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | labels: 6 | {{- include "back8sup.labels" . | nindent 4 }} 7 | name: {{ include "back8sup.fullname" . }}-cluster-reader 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: {{ include "back8sup.fullname" . }}-cluster-reader 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ include "back8sup.serviceAccountName" . }} 15 | namespace: {{ .Release.Namespace }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/back8sup/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "back8sup.fullname" . }}-config 5 | labels: 6 | {{- include "back8sup.labels" . | nindent 4 }} 7 | data: 8 | {{- toYaml .Values.configMaps | nindent 4 }} 9 | -------------------------------------------------------------------------------- /charts/back8sup/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.persistence.enabled }} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ include "back8sup.fullname" . }} 6 | labels: 7 | {{- include "back8sup.labels" . | nindent 4 }} 8 | spec: 9 | {{- if .Values.persistence.storageClassName }} 10 | storageClassName: {{ .Values.persistence.storageClassName }} 11 | {{- end }} 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: {{ .Values.persistence.size }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/back8sup/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "back8sup.serviceAccountName" . }} 6 | labels: 7 | {{- include "back8sup.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/backup-apps/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/backup-apps/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: argoconfig 3 | repository: https://charts.adfinis.com 4 | version: 0.9.1 5 | digest: sha256:3d78f4fd2b6073998ef1038735a127469cc403accd13513e8d0000ad02c21016 6 | generated: "2024-01-12T10:07:19.752835247+01:00" 7 | -------------------------------------------------------------------------------- /charts/backup-apps/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: backup-apps 3 | description: Argo CD app-of-apps config for backup components 4 | type: application 5 | version: 0.5.1 6 | home: https://github.com/adfinis/helm-charts/tree/main/charts/backup-apps 7 | sources: 8 | - https://github.com/adfinis/helm-charts 9 | maintainers: 10 | - name: adfinis 11 | email: support@adfinis.com 12 | url: https://adfinis.com 13 | dependencies: 14 | - name: argoconfig 15 | version: 0.9.1 16 | repository: https://charts.adfinis.com 17 | annotations: 18 | artifacthub.io/changes: | 19 | - kind: changed 20 | description: "update argoconfig dependency" 21 | links: 22 | - name: Github PR 23 | url: https://github.com/adfinis/helm-charts/pull/1172 24 | -------------------------------------------------------------------------------- /charts/backup-apps/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | barman: 2 | enabled: true 3 | back8sup: 4 | enabled: true 5 | -------------------------------------------------------------------------------- /charts/backup-apps/examples/back8sup.yaml: -------------------------------------------------------------------------------- 1 | back8sup: 2 | enabled: true 3 | values: 4 | configMaps: 5 | config.yaml: | 6 | global: 7 | - pvc 8 | - pv 9 | namespaces: 10 | - name: infra-argocd 11 | kind: 12 | - application 13 | - appprojects 14 | - configmap 15 | - secret 16 | - name: infra-ingress 17 | kind: 18 | - configmap 19 | - secret 20 | -------------------------------------------------------------------------------- /charts/backup-apps/examples/barman.yaml: -------------------------------------------------------------------------------- 1 | barman: 2 | enabled: true 3 | values: 4 | rbac: 5 | create: true 6 | persistence: 7 | data: 8 | size: 10Gi 9 | recover: 10 | enabled: true 11 | size: 5Gi 12 | barman: 13 | backupMethod: postgres 14 | backupOptions: concurrent_backup 15 | backupDir: /var/lib/barman 16 | barmanUser: barman 17 | compression: gzip 18 | retentionPolicy: "RECOVERY WINDOW of 1 MONTH" 19 | lastBackupMaximumAge: "1 day" 20 | backupSchedule: "0 4 * * *" 21 | databaseSlotName: barman 22 | backups: 23 | - retentionPolicy: "RECOVERY WINDOW of 1 MONTH" 24 | backupMethod: postgres 25 | databaseSlotName: barman 26 | lastBackupMaximumAge: "1 day" 27 | postgresql: 28 | host: "postgresql.postgresql.svc.cluster.local" 29 | port: 5432 30 | superUser: postgres 31 | superUserPassword: superpassword 32 | superUserDatabase: postgres 33 | replicationUser: barman 34 | replicationPassword: replicationpassword 35 | namespace: postgresql 36 | serviceaccount: postgresql 37 | -------------------------------------------------------------------------------- /charts/backup-apps/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | The following apps have been provisioned in Argo CD: 2 | {{ if .Values.barman.enabled }} 3 | * Barman 4 | {{ end }} 5 | {{ if .Values.back8sup.enabled }} 6 | * Back8sup 7 | {{ end }} 8 | -------------------------------------------------------------------------------- /charts/backup-apps/templates/back8sup.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.back8sup.enabled }} 2 | {{ template "argoconfig.application" (list . "backup-apps.back8sup") }} 3 | {{ end }} 4 | 5 | {{- define "backup-apps.back8sup" -}}{{- $app := unset .Values.back8sup "enabled" -}}{{- $name := default $app.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/backup-apps/templates/barman.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.barman.enabled }} 2 | {{ template "argoconfig.application" (list . "backup-apps.barman") }} 3 | {{ end }} 4 | 5 | {{- define "backup-apps.barman" -}}{{- $app := unset .Values.barman "enabled" -}}{{- $name := default $app.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/barman/.helmignore: -------------------------------------------------------------------------------- 1 | *.tgz 2 | .vscode 3 | .idea 4 | -------------------------------------------------------------------------------- /charts/barman/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: barman 3 | type: application 4 | description: Chart for Barman PostgreSQL Backup and Recovery Manager 5 | version: 0.10.0 6 | appVersion: "v2.19" 7 | keywords: 8 | - barman 9 | - postgresql 10 | - postgres 11 | home: http://www.pgbarman.org/ 12 | sources: 13 | - https://github.com/2ndquadrant-it/barman 14 | - https://github.com/ubc/barman-docker 15 | - https://github.com/adfinis/helm-charts/tree/main/charts/barman 16 | maintainers: 17 | - name: adfinis 18 | email: support@adfinis.com 19 | url: https://adfinis.com 20 | annotations: 21 | artifacthub.io/changes: | 22 | - kind: added 23 | description: "added init containers for barman deployment" 24 | links: 25 | - name: GitHub PR 26 | url: https://github.com/adfinis/helm-charts/pull/905 27 | -------------------------------------------------------------------------------- /charts/barman/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | kind: ClusterRole 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: barman-backup 6 | rules: 7 | - apiGroups: [""] 8 | resources: 9 | - pods 10 | verbs: 11 | - get 12 | - apiGroups: 13 | - "" 14 | resources: 15 | - pods/exec 16 | verbs: 17 | - create 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/barman/templates/configmap-barman-cron.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "barman.fullname" . }}-cron-config 5 | labels: 6 | {{- include "barman.labels" . | nindent 4 }} 7 | data: 8 | barman: | 9 | {{- range .Values.barman.backups }} 10 | * * * * * barman /usr/local/bin/barman cron 11 | {{- if hasKey . "backupSchedule" }} 12 | {{ .backupSchedule }} barman /usr/local/bin/barman backup {{ .scopeName }} 13 | {{- else }} 14 | {{ $.Values.barman.backupSchedule }} barman /usr/local/bin/barman backup {{ .scopeName }} 15 | {{- end }} 16 | {{- end }} 17 | # required by cron 18 | -------------------------------------------------------------------------------- /charts/barman/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "barman.fullname" . }}-config 5 | labels: 6 | {{- include "barman.labels" . | nindent 4 }} 7 | data: 8 | BARMAN_BACKUP_SCHEDULE: {{ .Values.barman.backupSchedule | quote }} 9 | {{- range $i, $val := .Values.deployment.additionalENVs }} 10 | {{ $i }}: {{ $val }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /charts/barman/templates/prometheus/prometheusrules.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.prometheus.enabled .Values.prometheus.rules.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PrometheusRule 4 | metadata: 5 | name: {{ include "barman.fullname" . }} 6 | {{- if .Values.prometheus.rules.namespace }} 7 | namespace: {{ .Values.prometheus.rules.namespace }} 8 | {{- end }} 9 | labels: 10 | {{- include "barman.labels" . | nindent 4 }} 11 | {{- if .Values.prometheus.rules.selector }} 12 | {{- toYaml .Values.prometheus.rules.selector | nindent 4 }} 13 | {{- end }} 14 | {{- if .Values.prometheus.rules.additionalLabels }} 15 | {{- toYaml .Values.prometheus.rules.additionalLabels | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | groups: 19 | - name: barman 20 | rules: 21 | {{- toYaml .Values.prometheus.rules.spec | nindent 4 }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/barman/templates/prometheus/service-barman-exporter.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.prometheus.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ .Values.prometheus.service.name }} 6 | labels: 7 | {{- include "barman.labels" . | nindent 4 }} 8 | spec: 9 | type: {{ .Values.prometheus.service.type }} 10 | ports: 11 | - port: {{ .Values.prometheus.service.externalPort }} 12 | targetPort: {{ .Values.prometheus.service.internalPort }} 13 | protocol: TCP 14 | name: prom-exporter 15 | selector: 16 | {{- include "barman.selectorLabels" . | nindent 4 }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/barman/templates/prometheus/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.prometheus.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ template "barman.fullname" . }} 6 | labels: 7 | {{- include "barman.labels" . | nindent 4 }} 8 | {{- if .Values.prometheus.serviceMonitor.extraLabels }} 9 | {{- .Values.prometheus.serviceMonitor.extraLabels | toYaml | nindent 4 }} 10 | {{- end }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | {{- include "barman.selectorLabels" . | nindent 6 }} 15 | endpoints: 16 | - targetPort: {{ .Values.prometheus.service.externalPort }} 17 | {{- if .Values.prometheus.serviceMonitor.interval }} 18 | interval: {{ .Values.prometheus.serviceMonitor.interval }} 19 | {{- end }} 20 | path: "/metrics" 21 | {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} 22 | metricRelabelings: 23 | {{- toYaml .Values.prometheus.serviceMonitor.metricRelabelings | nindent 6 }} 24 | {{- end }} 25 | {{- if .Values.prometheus.serviceMonitor.relabelings }} 26 | relabelings: 27 | {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 6 }} 28 | {{- end }} 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /charts/barman/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: postgresqlbarman 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: barman-backup 10 | subjects: 11 | {{- range .Values.barman.backups }} 12 | - kind: ServiceAccount 13 | name: {{ .serviceaccount }} 14 | namespace: {{ .namespace }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/barman/templates/secret-pgpass.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secret.create }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "barman.fullname" . }}-pgpass-secret 6 | labels: 7 | {{- include "barman.labels" . | nindent 4 }} 8 | type: Opaque 9 | stringData: 10 | .pgpass: | 11 | {{- range .Values.barman.backups }} 12 | {{ .postgresql.host }}:{{ .postgresql.port }}:*:{{ .postgresql.superUser }}:{{ .postgresql.superUserPassword }} 13 | {{ .postgresql.host }}:{{ .postgresql.port }}:*:{{ .postgresql.replicationUser }}:{{ .postgresql.replicationPassword }} 14 | {{- end }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/barman/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.service.create }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "barman.fullname" . }} 6 | labels: 7 | {{- include "barman.labels" . | nindent 4 }} 8 | {{- with .Values.service.annotations}} 9 | annotations: {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | spec: 12 | type: {{ .Values.service.type }} 13 | ports: 14 | {{- range .Values.service.ports }} 15 | - port: {{ .port }} 16 | targetPort: {{ .targetPort }} 17 | protocol: {{ .protocol }} 18 | name: {{ .name }} 19 | {{- end }} 20 | selector: 21 | {{- include "barman.selectorLabels" . | nindent 4 }} 22 | {{- if and (eq .Values.service.type "ClusterIP") (.Values.service.clusterIP) }} 23 | clusterIP: {{ .Values.service.clusterIP }} 24 | {{- end }} 25 | {{- with .Values.service.loadBalancerIP }} 26 | loadBalancerIP: {{ . }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: common 3 | repository: https://charts.adfinis.com 4 | version: 0.0.7 5 | digest: sha256:e95765189d69f123b9b9227eb69cea68ac498da85de8f7a217482bbb212a9839 6 | generated: "2022-04-04T12:59:50.338796513+02:00" 7 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cert-manager-issuers 3 | description: Configure cert-manager Issuers and ClusterIssuers via Helm 4 | type: application 5 | version: 0.3.0 6 | # matches apiVersion: cert-manager.io/v1 7 | appVersion: '1' 8 | keywords: 9 | - cert-manager 10 | - tls 11 | home: https://cert-manager.io/docs/configuration/ 12 | icon: https://raw.githubusercontent.com/adfinis/helm-charts/main/charts/cert-manager-issuers/logo.png 13 | sources: 14 | - https://github.com/adfinis/helm-charts/tree/main/charts/cert-manager-issuers 15 | maintainers: 16 | - name: adfinis 17 | email: support@adfinis.com 18 | url: https://adfinis.com 19 | dependencies: 20 | - name: common 21 | repository: https://charts.adfinis.com 22 | version: 0.0.7 23 | annotations: 24 | artifacthub.io/changes: | 25 | - kind: changed 26 | description: "cert-manager-issuers: add AWSPCAClusterIssuer and AWSPCAIssuer" 27 | links: 28 | - name: GitHub PR 29 | url: https://github.com/adfinis/helm-charts/pull/1333 30 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | issuers: 2 | - spec: 3 | selfSigned: {} 4 | - metadata: 5 | name: test-with-name-and-annotations 6 | annotations: 7 | foo: bar 8 | spec: 9 | selfSigned: {} 10 | - metadata: 11 | name: test-with-labels-in-metadata 12 | labels: 13 | foo: bar 14 | spec: 15 | selfSigned: {} 16 | - name: top-level-name-syntax-sugar 17 | spec: 18 | selfSigned: {} 19 | 20 | clusterIssuers: 21 | - spec: 22 | selfSigned: {} 23 | - name: top-level-name-syntax-sugar 24 | spec: 25 | selfSigned: {} 26 | - name: top-level-name-and-metadata 27 | metadata: 28 | annotations: 29 | foo: test 30 | spec: 31 | selfSigned: {} 32 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/examples/awspcaclusterissuer.yaml: -------------------------------------------------------------------------------- 1 | awspcaIssuers: 2 | - name: example 3 | spec: 4 | arn: 5 | region: eu-west-1 6 | secretRef: 7 | namespace: default 8 | name: example 9 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/examples/awspcaissuer.yaml: -------------------------------------------------------------------------------- 1 | awspcaClusterIssuers: 2 | - name: example 3 | spec: 4 | arn: 5 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/examples/disable-issuers.yaml: -------------------------------------------------------------------------------- 1 | # Disable issuers using the enabled flag. 2 | # 3 | # The enabled flag makes it easy to (temporarily) disable a configured issuer. 4 | 5 | issuers: 6 | - name: active-issuer 7 | spec: 8 | selfSigned: {} 9 | - name: disabled-issuer 10 | enabled: false 11 | spec: 12 | selfSigned: {} 13 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/examples/letsencrypt-clusterissuers.yaml: -------------------------------------------------------------------------------- 1 | # Default Let's Encrypt ClusterIssuers 2 | # 3 | # Configures the common letsencrypt-staging and letsencrypt-prod ClusterIssuers 4 | # using a http01 solver that will work well with nginx-ingress. This is what 5 | # most small single-tenant clusters start with. 6 | 7 | _1: &email user@example.com 8 | _2: &solvers 9 | - http01: 10 | ingress: 11 | class: nginx 12 | 13 | clusterIssuers: 14 | - name: letsencrypt-prod 15 | spec: 16 | acme: 17 | email: *email 18 | server: https://acme-v02.api.letsencrypt.org/directory 19 | privateKeySecretRef: 20 | name: letsencrypt-prod-account-key 21 | solvers: *solvers 22 | - name: letsencrypt-staging 23 | spec: 24 | acme: 25 | email: *email 26 | server: https://acme-staging-v02.api.letsencrypt.org/directory 27 | privateKeySecretRef: 28 | name: letsencrypt-staging-account-key 29 | solvers: *solvers 30 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/examples/selfsigned-singleton-clusterissuer.yaml: -------------------------------------------------------------------------------- 1 | # Deploy a singleton selfSigned ClusterIssuer. 2 | # 3 | # You can leave out the name and the chart will use a generated name. Use this format 4 | # when you only want to deploy a single issuer per release of the chart. 5 | 6 | clusterIssuers: 7 | - spec: 8 | selfSigned: {} 9 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/examples/vault-pki-issuers-in-namespaces.yaml: -------------------------------------------------------------------------------- 1 | # Vault PKI in multiple Namespaces. 2 | # 3 | # This config puts Issuers into a couple of different namespaces. You can use this set up if 4 | # you want to provide a bunch of issuers from a centrally managed Helm release that provides 5 | # issuer services in other Namespaces or projects. 6 | 7 | issuers: 8 | - metadata: 9 | name: vault-issuer 10 | namespace: demo-com 11 | spec: 12 | vault: 13 | path: pki_int/sign/example-dot-com 14 | server: https://vault.local 15 | caBundle: "" 16 | # this configuration is incomplete as no authentication methods have been added 17 | auth: {} 18 | - metadata: 19 | name: vault-issuer 20 | namespace: demo-org 21 | spec: 22 | vault: 23 | path: pki_int/sign/example-dot-org 24 | server: https://vault.local 25 | caBundle: "" 26 | # this configuration is incomplete as no authentication methods have been added 27 | auth: {} 28 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/adfinis/helm-charts/cd01e2a0b150cf0944597419af6d2080c267acdb/charts/cert-manager-issuers/logo.png -------------------------------------------------------------------------------- /charts/cert-manager-issuers/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.issuers }} 2 | Deployed Issuers: 3 | {{- range .Values.issuers }} 4 | * {{ include "cert-manager-issuers.name" (dict "data" . "root" $) }} 5 | {{- end }} 6 | {{- end }} 7 | {{- if .Values.clusterIssuers }} 8 | Deployed ClusterIssuers: 9 | {{- range .Values.clusterIssuers }} 10 | * {{ include "cert-manager-issuers.name" (dict "data" . "root" $) }} 11 | {{- end }} 12 | {{- end }} 13 | {{- if .Values.awspcaIssuers }} 14 | Deployed AWSPCAIssuers: 15 | {{- range .Values.awspcaIssuers }} 16 | * {{ include "cert-manager-issuers.name" (dict "data" . "root" $) }} 17 | {{- end }} 18 | {{- end }} 19 | {{- if .Values.awspcaClusterIssuers }} 20 | Deployed AWSPCAClusterIssuers: 21 | {{- range .Values.awspcaClusterIssuers }} 22 | * {{ include "cert-manager-issuers.name" (dict "data" . "root" $) }} 23 | {{- end }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Return the name of an Issuer or ClusterIssuer 4 | */}} 5 | {{- define "cert-manager-issuers.name" -}} 6 | {{- $name := include "common.name" .root }} 7 | {{- with .data }} 8 | {{- if .metadata }} 9 | {{- if .metadata.name }} 10 | {{- $name = .metadata.name }} 11 | {{- end }} 12 | {{- end }} 13 | {{- if .name }} 14 | {{- $name = .name }} 15 | {{- end }} 16 | {{- end }} 17 | {{- $name }} 18 | {{- end -}} 19 | 20 | {{/* 21 | Return a deepmerged metadata block based on common.metadata with local overrides. 22 | */}} 23 | {{- define "cert-manager-issuers.metadata" -}} 24 | {{- $metadata := (include "common.metadata" .root | fromYaml) }} 25 | {{- $name := include "cert-manager-issuers.name" . }} 26 | {{- if .data.metadata }} 27 | {{- $metadata = mergeOverwrite $metadata (dict "metadata" .data.metadata) }} 28 | {{- end }} 29 | {{- mergeOverwrite $metadata (dict "metadata" (dict "name" $name)) | toYaml }} 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/templates/awspcaclusterissuers.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.awspcaClusterIssuers }} 2 | --- 3 | # raw issuer: {{ . | toJson }} 4 | {{- $enabled := printf "%t" .enabled }} 5 | {{- if regexMatch "nil" $enabled }}{{- $enabled = "true" }}{{- end }} 6 | {{- if (eq $enabled "true") }} 7 | apiVersion: awspca.cert-manager.io/v1beta1 8 | kind: AWSPCAClusterIssuer 9 | {{ template "cert-manager-issuers.metadata" (dict "data" . "root" $) }} 10 | spec: 11 | {{- .spec | toYaml | nindent 2 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/templates/awspcaissuers.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.awspcaIssuers }} 2 | --- 3 | # raw issuer: {{ . | toJson }} 4 | {{- $enabled := printf "%t" .enabled }} 5 | {{- if regexMatch "nil" $enabled }}{{- $enabled = "true" }}{{- end }} 6 | {{- if (eq $enabled "true") }} 7 | apiVersion: awspca.cert-manager.io/v1beta1 8 | kind: AWSPCAIssuer 9 | {{ template "cert-manager-issuers.metadata" (dict "data" . "root" $) }} 10 | spec: 11 | {{- .spec | toYaml | nindent 2 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/templates/clusterissuers.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.clusterIssuers }} 2 | --- 3 | # raw issuer: {{ . | toJson }} 4 | {{- $enabled := printf "%t" .enabled }} 5 | {{- if regexMatch "nil" $enabled }}{{- $enabled = "true" }}{{- end }} 6 | {{- if (eq $enabled "true") }} 7 | apiVersion: cert-manager.io/v1 8 | kind: ClusterIssuer 9 | {{ template "cert-manager-issuers.metadata" (dict "data" . "root" $) }} 10 | spec: 11 | {{- .spec | toYaml | nindent 2 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/templates/issuers.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.issuers }} 2 | --- 3 | # raw issuer: {{ . | toJson }} 4 | {{- $enabled := printf "%t" .enabled }} 5 | {{- if regexMatch "nil" $enabled }}{{- $enabled = "true" }}{{- end }} 6 | {{- if (eq $enabled "true") }} 7 | apiVersion: cert-manager.io/v1 8 | kind: Issuer 9 | {{ template "cert-manager-issuers.metadata" (dict "data" . "root" $) }} 10 | spec: 11 | {{- .spec | toYaml | nindent 2 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/tests/__snapshot__/awspcaclusterissuers_test.yaml.snap: -------------------------------------------------------------------------------- 1 | should create a AWSPCAIssuer: 2 | 1: | 3 | apiVersion: awspca.cert-manager.io/v1beta1 4 | kind: AWSPCAClusterIssuer 5 | metadata: 6 | labels: 7 | app.kubernetes.io/app: cert-manager-issuers 8 | app.kubernetes.io/instance: RELEASE-NAME 9 | app.kubernetes.io/managed-by: Helm 10 | app.kubernetes.io/version: "1" 11 | helm.sh/chart: cert-manager-issuers-0.3.0 12 | name: example 13 | spec: 14 | arn: 15 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/tests/__snapshot__/awspcaissuers_test.yaml.snap: -------------------------------------------------------------------------------- 1 | should create a AWSPCAClusterIssuer: 2 | 1: | 3 | apiVersion: awspca.cert-manager.io/v1beta1 4 | kind: AWSPCAIssuer 5 | metadata: 6 | labels: 7 | app.kubernetes.io/app: cert-manager-issuers 8 | app.kubernetes.io/instance: RELEASE-NAME 9 | app.kubernetes.io/managed-by: Helm 10 | app.kubernetes.io/version: "1" 11 | helm.sh/chart: cert-manager-issuers-0.3.0 12 | name: example 13 | spec: 14 | arn: 15 | region: eu-west-1 16 | secretRef: 17 | name: example 18 | namespace: default 19 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/tests/awspcaclusterissuers_test.yaml: -------------------------------------------------------------------------------- 1 | suite: AWSPCAClusterIssuer tests 2 | templates: 3 | - awspcaclusterissuers.yaml 4 | tests: 5 | - it: should create a AWSPCAIssuer 6 | values: 7 | - ../examples/awspcaissuer.yaml 8 | asserts: 9 | - matchSnapshot: {} 10 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/tests/awspcaissuers_test.yaml: -------------------------------------------------------------------------------- 1 | suite: AWSPCAIssuer tests 2 | templates: 3 | - awspcaissuers.yaml 4 | tests: 5 | - it: should create a AWSPCAClusterIssuer 6 | values: 7 | - ../examples/awspcaclusterissuer.yaml 8 | asserts: 9 | - matchSnapshot: {} 10 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/tests/issuers_test.yaml: -------------------------------------------------------------------------------- 1 | suite: issuer tests 2 | templates: 3 | - issuers.yaml 4 | tests: 5 | - it: should match snapshot 6 | values: 7 | - ../ci/default-values.yaml 8 | asserts: 9 | - hasDocuments: 10 | count: 4 11 | - matchSnapshot: {} 12 | - it: should disable issuers 13 | values: 14 | - ../examples/disable-issuers.yaml 15 | asserts: 16 | - hasDocuments: 17 | count: 1 18 | - matchSnapshot: {} 19 | - it: should create namespaced vault issuers 20 | values: 21 | - ../examples/vault-pki-issuers-in-namespaces.yaml 22 | asserts: 23 | - hasDocuments: 24 | count: 2 25 | - documentIndex: 0 26 | equal: 27 | path: metadata.namespace 28 | value: demo-com 29 | - documentIndex: 0 30 | equal: 31 | path: spec.vault.path 32 | value: pki_int/sign/example-dot-com 33 | - documentIndex: 1 34 | equal: 35 | path: metadata.namespace 36 | value: demo-org 37 | - documentIndex: 1 38 | equal: 39 | path: spec.vault.path 40 | value: pki_int/sign/example-dot-org 41 | - matchSnapshot: {} 42 | -------------------------------------------------------------------------------- /charts/cert-manager-issuers/values.yaml: -------------------------------------------------------------------------------- 1 | # -- Array of cert-manager Issuer [configurations](https://cert-manager.io/docs/configuration/) (see [examples](./examples/)) 2 | issuers: [] 3 | 4 | # -- Array of cert-manager ClusterIssuer [configurations](https://cert-manager.io/docs/configuration/) (see [examples](./examples/)) 5 | clusterIssuers: [] 6 | 7 | # -- Array of cert-manager AWSPCAIssuer [configurations](https://github.com/cert-manager/aws-privateca-issuer/tree/main/config//) (see [examples](./examples/)) 8 | awspcaIssuers: [] 9 | 10 | # -- Array of cert-manager AWSPCAClusterIssuer [configurations](https://github.com/cert-manager/aws-privateca-issuer/tree/main/config/) (see [examples](./examples/)) 11 | awspcaClusterIssuers: [] 12 | -------------------------------------------------------------------------------- /charts/cert-manager-monitoring/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cert-manager-monitoring 3 | description: Monitor cert-manager with cert-manager-mixin. 4 | type: application 5 | version: 0.2.0 6 | keywords: 7 | - cert-manager 8 | - tls 9 | - monitoring 10 | home: https://github.com/jetstack/cert-manager/issues/3342 11 | sources: 12 | - https://github.com/adfinis/helm-charts 13 | - https://gitlab.com/uneeq-oss/cert-manager-mixin 14 | - https://github.com/jetstack/cert-manager/pull/3368#issuecomment-949346251 15 | maintainers: 16 | - name: adfinis 17 | email: support@adfinis.com 18 | url: https://adfinis.com 19 | annotations: 20 | artifacthub.io/changes: | 21 | - kind: changed 22 | description: "introduce critical severity for CertManagerCertExpirySoon alert" 23 | -------------------------------------------------------------------------------- /charts/cert-manager-monitoring/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | prometheus: 2 | rule: 3 | additionalLabels: 4 | foo: bar 5 | 6 | grafana: 7 | enabled: true 8 | -------------------------------------------------------------------------------- /charts/cert-manager-monitoring/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Deployed resources: 2 | {{- if and .Values.prometheus.enabled .Values.prometheus.rule.enabled }} 3 | - monitoring.coreos.com/v1/PrometheusRule: {{ include "cert-manager-monitoring.fullname" . }} 4 | {{- end }} 5 | {{- if .Values.grafana.enabled }} 6 | {{- $files := .Files.Glob "grafana/dashboards/*.json" }} 7 | {{- if $files }} 8 | {{- range $path, $fileContents := $files }} 9 | {{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" }} 10 | - v1/ConfigMap: {{ printf "%s-%s" (include "cert-manager-monitoring.fullname" $) $dashboardName | trunc 63 | trimSuffix "-" }} 11 | {{- end }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/cert-manager-monitoring/templates/grafana/configmap-dashboard.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.grafana.enabled }} 2 | {{- $files := .Files.Glob "grafana/dashboards/*.json" }} 3 | {{- if $files }} 4 | {{- range $path, $fileContents := $files }} 5 | {{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" }} 6 | --- 7 | apiVersion: v1 8 | kind: ConfigMap 9 | metadata: 10 | name: {{ printf "%s-%s" (include "cert-manager-monitoring.fullname" $) $dashboardName | trunc 63 | trimSuffix "-" }} 11 | labels: 12 | {{- include "cert-manager-monitoring.labels" $ | nindent 4 }} 13 | {{- if $.Values.grafana.defaultLabel }} 14 | grafana_dashboard: "1" 15 | {{- end }} 16 | {{- if $.Values.grafana.extraLabels }} 17 | {{- $.Values.grafana.extraLabels | toYaml | nindent 4 }} 18 | {{- end }} 19 | {{- if $.Values.grafana.extraAnnotations }} 20 | annotations: 21 | {{- $.Values.grafana.extraAnnotations | toYaml | nindent 4 }} 22 | {{- end }} 23 | data: 24 | {{ $dashboardName }}.json: {{ $.Files.Get $path | toJson }} 25 | {{- end }} 26 | {{- end }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/common/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /charts/common/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: common 3 | description: Common chartbuilding components and helpers, based on incubator/common 4 | type: library 5 | version: 0.0.8 6 | appVersion: 0.0.0 7 | home: https://helm.sh 8 | sources: 9 | - https://github.com/adfinis/helm-charts/tree/main/charts/common 10 | maintainers: 11 | - name: adfinis 12 | email: support@adfinis.com 13 | url: https://adfinis.com 14 | -------------------------------------------------------------------------------- /charts/common/templates/_chartref.tpl: -------------------------------------------------------------------------------- 1 | {{- /* 2 | common.chartref prints a chart name and version. 3 | 4 | It does minimal escaping for use in Kubernetes labels. 5 | 6 | Example output: 7 | 8 | zookeeper-1.2.3 9 | wordpress-3.2.1_20170219 10 | 11 | */ -}} 12 | {{- define "common.chartref" -}} 13 | {{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}} 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /charts/common/templates/_metadata.tpl: -------------------------------------------------------------------------------- 1 | {{- /* 2 | common.metadata creates a standard metadata header. 3 | It creates a 'metadata:' section with name and labels. 4 | */ -}} 5 | {{ define "common.metadata" -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }} 8 | labels: 9 | {{ include "common.labels.standard" . | indent 4 -}} 10 | {{- end -}} 11 | -------------------------------------------------------------------------------- /charts/common/templates/_metadata_labels.tpl: -------------------------------------------------------------------------------- 1 | {{- /* 2 | common.labels.standard prints the standard Helm labels. 3 | 4 | The standard labels are frequently used in metadata. 5 | */ -}} 6 | {{- define "common.labels.standard" -}} 7 | helm.sh/chart: {{ template "common.chartref" . }} 8 | app.kubernetes.io/app: {{ template "common.name" . }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service | quote }} 10 | app.kubernetes.io/instance: {{ .Release.Name | quote }} 11 | {{- if .Chart.AppVersion }} 12 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 13 | {{- end }} 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /charts/common/templates/_name.tpl: -------------------------------------------------------------------------------- 1 | {{- /* 2 | name defines a template for the name of the chart. It should be used for the `app` label. 3 | This is common practice in many Kubernetes manifests, and is not Helm-specific. 4 | 5 | The prevailing wisdom is that names should only contain a-z, 0-9 plus dot (.) and dash (-), and should 6 | not exceed 63 characters. 7 | 8 | Parameters: 9 | 10 | - .Values.nameOverride: Replaces the computed name with this given name 11 | - .Values.namePrefix: Prefix 12 | - .Values.global.namePrefix: Global prefix 13 | - .Values.nameSuffix: Suffix 14 | - .Values.global.nameSuffix: Global suffix 15 | 16 | The applied order is: "global prefix + prefix + name + suffix + global suffix" 17 | 18 | Usage: 'name: "{{- template "common.name" . -}}"' 19 | */ -}} 20 | {{- define "common.name"}} 21 | {{- $global := default (dict) .Values.global -}} 22 | {{- $base := default .Chart.Name .Values.nameOverride -}} 23 | {{- $gpre := default "" $global.namePrefix -}} 24 | {{- $pre := default "" .Values.namePrefix -}} 25 | {{- $suf := default "" .Values.nameSuffix -}} 26 | {{- $gsuf := default "" $global.nameSuffix -}} 27 | {{- $name := print $gpre $pre $base $suf $gsuf -}} 28 | {{- $name | lower | trunc 54 | trimSuffix "-" -}} 29 | {{- end -}} 30 | -------------------------------------------------------------------------------- /charts/common/templates/_util.tpl: -------------------------------------------------------------------------------- 1 | {{- /* 2 | common.util.merge will merge two YAML templates and output the result. 3 | 4 | This takes an array of three values: 5 | - the top context 6 | - the template name of the overrides (destination) 7 | - the template name of the base (source) 8 | 9 | */ -}} 10 | {{- define "common.util.merge" -}} 11 | {{- $top := first . -}} 12 | {{- $overrides := fromYaml (include (index . 1) $top) | default (dict ) -}} 13 | {{- $tpl := fromYaml (include (index . 2) $top) | default (dict ) -}} 14 | {{- toYaml (merge $overrides $tpl) -}} 15 | {{- end -}} 16 | -------------------------------------------------------------------------------- /charts/common/values.yaml: -------------------------------------------------------------------------------- 1 | # empty library chart values for testing 2 | -------------------------------------------------------------------------------- /charts/csi-secret-provider-class/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/csi-secret-provider-class/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: common 3 | repository: https://charts.adfinis.com 4 | version: 0.0.7 5 | digest: sha256:e95765189d69f123b9b9227eb69cea68ac498da85de8f7a217482bbb212a9839 6 | generated: "2022-04-04T13:25:28.296629679+02:00" 7 | -------------------------------------------------------------------------------- /charts/csi-secret-provider-class/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: csi-secret-provider-class 3 | description: A Helm chart to create a SecretProviderClass resource 4 | type: application 5 | version: 0.3.4 6 | appVersion: 0.3.0 7 | home: https://github.com/adfinis/helm-charts/tree/main/charts/csi-secret-provider-class 8 | sources: 9 | - https://github.com/adfinis/helm-charts 10 | maintainers: 11 | - name: adfinis 12 | email: support@adfinis.com 13 | url: https://adfinis.com 14 | dependencies: 15 | - name: common 16 | repository: https://charts.adfinis.com 17 | version: 0.0.7 18 | -------------------------------------------------------------------------------- /charts/csi-secret-provider-class/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | provider: fake 2 | parameters: 3 | foo: bar 4 | secretObjects: 5 | - secretName: test 6 | dummyDeployment: 7 | enabled: false 8 | -------------------------------------------------------------------------------- /charts/csi-secret-provider-class/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | The {{ template "common.fullname" . }} SecretProviderClass was installed. 2 | -------------------------------------------------------------------------------- /charts/csi-secret-provider-class/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | 3 | {{/* 4 | Common labels 5 | */}} 6 | {{- define "csi-secret-provider-class.labels" -}} 7 | helm.sh/chart: {{ include "common.chartref" . }} 8 | {{ include "csi-secret-provider-class.selectorLabels" . }} 9 | {{- if .Chart.AppVersion }} 10 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 11 | {{- end }} 12 | app.kubernetes.io/managed-by: {{ .Release.Service }} 13 | {{- end }} 14 | 15 | {{/* 16 | Selector labels 17 | */}} 18 | {{- define "csi-secret-provider-class.selectorLabels" -}} 19 | app.kubernetes.io/name: {{ include "common.name" . }} 20 | app.kubernetes.io/instance: {{ .Release.Name }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/csi-secret-provider-class/templates/secretproviderclass.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Capabilities.APIVersions.Has "secrets-store.csi.x-k8s.io/v1" }} 2 | apiVersion: secrets-store.csi.x-k8s.io/v1 3 | {{- else }} 4 | apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 5 | {{- end }} 6 | kind: SecretProviderClass 7 | {{ template "common.metadata" $ }} 8 | spec: 9 | provider: {{ required "Specify a valid provider." .Values.provider }} 10 | {{- if .Values.parameters }} 11 | parameters: 12 | {{- tpl .Values.parametersTpl . | nindent 4 }} 13 | {{- end }} 14 | {{- if .Values.secretObjects }} 15 | secretObjects: 16 | {{- tpl .Values.secretObjectsTpl . | nindent 4 }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/csi-secret-provider-class/tests/__snapshot__/secretproviderclass_test.yaml.snap: -------------------------------------------------------------------------------- 1 | should match snapshot: 2 | 1: | 3 | apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 4 | kind: SecretProviderClass 5 | metadata: 6 | labels: 7 | app.kubernetes.io/app: csi-secret-provider-class 8 | app.kubernetes.io/instance: RELEASE-NAME 9 | app.kubernetes.io/managed-by: Helm 10 | app.kubernetes.io/version: 0.3.0 11 | helm.sh/chart: csi-secret-provider-class-0.3.4 12 | name: release-name-csi-secret-provider-class 13 | spec: 14 | parameters: 15 | foo: bar 16 | provider: fake 17 | secretObjects: 18 | - secretName: test 19 | -------------------------------------------------------------------------------- /charts/csi-secret-provider-class/tests/dummydeployment_test.yaml: -------------------------------------------------------------------------------- 1 | suite: deployment tests 2 | templates: 3 | - deployment.yaml 4 | tests: 5 | - it: should match snapshot 6 | values: 7 | - ../ci/default-values.yaml 8 | set: 9 | dummyDeployment.enabled: true 10 | asserts: 11 | - hasDocuments: 12 | count: 1 13 | - matchSnapshot: {} 14 | -------------------------------------------------------------------------------- /charts/csi-secret-provider-class/tests/secretproviderclass_test.yaml: -------------------------------------------------------------------------------- 1 | suite: secretproviderclass tests 2 | templates: 3 | - secretproviderclass.yaml 4 | tests: 5 | - it: should match snapshot 6 | values: 7 | - ../ci/default-values.yaml 8 | asserts: 9 | - hasDocuments: 10 | count: 1 11 | - matchSnapshot: {} 12 | -------------------------------------------------------------------------------- /charts/customer-center/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.sw? 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/customer-center/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: customer-center 3 | description: Chart for Customer-Center application 4 | type: application 5 | version: 0.2.35 6 | appVersion: 3.3.5 7 | keywords: 8 | - customer-center 9 | home: https://github.com/adfinis/customer-center 10 | sources: 11 | - https://github.com/adfinis/customer-center 12 | - https://github.com/adfinis/helm-charts/tree/main/charts/customer-center 13 | maintainers: 14 | - name: adfinis 15 | email: support@adfinis.com 16 | url: https://adfinis.com 17 | annotations: 18 | artifacthub.io/changes: | 19 | - kind: changed 20 | description: "fix: remove duplicate managed-by label" 21 | -------------------------------------------------------------------------------- /charts/customer-center/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | Open following URL to start using Customer-Center: 3 | 4 | {{- range .Values.ingress.hosts }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }} 6 | {{- end }} 7 | 8 | {{- else }} 9 | 10 | You did not enable ingress. Your Customer-Center instance should be available using kubectl port-forward: 11 | 12 | kubectl port-forward service/{{ include "customerCenter.fullname" .}} 7000:{{ .Values.frontend.service.externalPort }} 13 | 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/customer-center/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "customerCenter.fullname" . }} 5 | labels: 6 | {{- include "customerCenter.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: frontend 8 | data: 9 | OIDC_CLIENT_HOST: {{ .Values.auth.oidcUrl | quote }} 10 | OIDC_CLIENT: {{ .Values.auth.oidcClient | quote }} 11 | -------------------------------------------------------------------------------- /charts/customer-center/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "customerCenter.fullname" . }} 5 | labels: 6 | {{- include "customerCenter.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: frontend 8 | spec: 9 | type: {{ .Values.frontend.service.type }} 10 | ports: 11 | - port: {{ .Values.frontend.service.externalPort }} 12 | targetPort: {{ .Values.frontend.service.internalPort }} 13 | protocol: TCP 14 | name: {{ include "customerCenter.fullname" . }} 15 | selector: 16 | {{- include "customerCenter.selectorLabels" . | nindent 4 }} 17 | app.kubernetes.io/component: frontend 18 | -------------------------------------------------------------------------------- /charts/hedgedoc/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/hedgedoc/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: postgresql 3 | repository: https://charts.bitnami.com/bitnami 4 | version: 12.2.1 5 | digest: sha256:ca28b52822f020d68ca02abf492be4e53188d5e68a2190e4fc78c0b37ae4aa65 6 | generated: "2023-02-23T13:45:02.288748722+01:00" 7 | -------------------------------------------------------------------------------- /charts/hedgedoc/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v2 3 | name: hedgedoc 4 | description: Chart for HedgeDoc, a fork of CodiMD 5 | type: application 6 | version: 0.5.3 7 | appVersion: "1.10.2" 8 | icon: https://raw.githubusercontent.com/hedgedoc/hedgedoc-logo/main/LOGOTYPE/PNG/HedgeDoc-Logo%201.png 9 | sources: 10 | - https://github.com/hedgedoc/hedgedoc 11 | maintainers: 12 | - name: adfinis 13 | email: "support@adfinis.com" 14 | url: "https://adfinis.com" 15 | dependencies: 16 | - name: postgresql 17 | version: ~12.2.1 18 | condition: postgresql.enabled 19 | repository: https://charts.bitnami.com/bitnami 20 | annotations: 21 | artifacthub.io/images: | 22 | - name: hedgedoc 23 | image: quay.io/hedgedoc/hedgedoc:1.10.2 24 | artifacthub.io/changes: | 25 | - kind: changed 26 | description: Bumped hedgedoc image tag to 1.10.2 27 | -------------------------------------------------------------------------------- /charts/hedgedoc/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | # disable persistence when testing 2 | hedgedoc: 3 | persistentStorage: 4 | enabled: false 5 | postgresql: 6 | primary: 7 | persistence: 8 | enabled: false 9 | -------------------------------------------------------------------------------- /charts/hedgedoc/templates/database.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "hedgedoc.fullname" . }}-database 5 | labels: 6 | {{- include "hedgedoc.labels" . | nindent 4 }} 7 | data: 8 | {{- if .Values.postgresql.enabled }} 9 | CMD_DB_USERNAME: {{ .Values.postgresql.auth.username | quote }} 10 | CMD_DB_DATABASE: {{ .Values.postgresql.auth.database | quote }} 11 | CMD_DB_HOST: "{{ .Release.Name }}-postgresql" 12 | CMD_DB_PORT: "5432" 13 | CMD_DB_DIALECT: "postgres" 14 | {{- else }} 15 | CMD_DB_USERNAME: {{ .Values.externalDatabase.username | quote }} 16 | CMD_DB_DATABASE: {{ .Values.externalDatabase.database | quote }} 17 | CMD_DB_HOST: {{ .Values.externalDatabase.host | quote }} 18 | CMD_DB_PORT: {{ .Values.externalDatabase.port | quote }} 19 | CMD_DB_DIALECT: {{ .Values.externalDatabase.type | quote }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/hedgedoc/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "hedgedoc.fullname" . }} 6 | labels: 7 | {{- include "hedgedoc.labels" . | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ include "hedgedoc.fullname" . }} 13 | minReplicas: {{ .Values.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.autoscaling.maxReplicas }} 15 | metrics: 16 | {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} 21 | {{- end }} 22 | {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} 23 | - type: Resource 24 | resource: 25 | name: memory 26 | targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/hedgedoc/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hedgedoc.persistentStorage.enabled }} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ template "hedgedoc.fullname" . }} 6 | labels: 7 | app.kubernetes.io/component: pvc 8 | {{- include "hedgedoc.labels" . | nindent 4}} 9 | spec: 10 | accessModes: 11 | {{ range .Values.hedgedoc.persistentStorage.accessModes }} 12 | - {{ . | quote }} 13 | {{ end }} 14 | volumeMode: {{ .Values.hedgedoc.persistentStorage.volumeMode }} 15 | resources: 16 | requests: 17 | storage: {{ default "10G" .Values.hedgedoc.persistentStorage.size | quote }} 18 | storageClassName: {{ .Values.hedgedoc.persistentStorage.storageClass }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/hedgedoc/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.existingSecret }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: hedgedoc-secrets 6 | type: Opaque 7 | data: 8 | {{- if .Values.postgresql.enabled }} 9 | CMD_DB_PASSWORD: {{ .Values.postgresql.auth.password | b64enc | quote }} 10 | {{- else }} 11 | CMD_DB_PASSWORD: {{ .Values.externalDatabase.password | b64enc | quote }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/hedgedoc/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "hedgedoc.fullname" . }} 5 | labels: 6 | {{- include "hedgedoc.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "hedgedoc.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /charts/hedgedoc/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "hedgedoc.serviceAccountName" . }} 6 | labels: 7 | {{- include "hedgedoc.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/hedgedoc/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "hedgedoc.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "hedgedoc.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "hedgedoc.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/infra-apps/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/infra-apps/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: argoconfig 3 | repository: https://charts.adfinis.com 4 | version: 0.9.1 5 | digest: sha256:3d78f4fd2b6073998ef1038735a127469cc403accd13513e8d0000ad02c21016 6 | generated: "2024-01-12T10:08:57.410850714+01:00" 7 | -------------------------------------------------------------------------------- /charts/infra-apps/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: infra-apps 3 | description: Argo CD app-of-apps config for infrastructure components 4 | type: application 5 | version: 0.236.0 6 | home: https://github.com/adfinis/helm-charts/tree/main/charts/infra-apps 7 | sources: 8 | - https://github.com/adfinis/helm-charts 9 | maintainers: 10 | - name: adfinis 11 | email: support@adfinis.com 12 | url: https://adfinis.com 13 | dependencies: 14 | - name: argoconfig 15 | version: 0.9.1 16 | repository: https://charts.adfinis.com 17 | annotations: 18 | artifacthub.io/containsSecurityUpdates: "false" 19 | artifacthub.io/changes: | 20 | - kind: changed 21 | description: | 22 | chore: Update kube-prometheus-stack from 70.7.0 to 72.5.0 23 | links: 24 | - name: Upgrade from 70.x to 71.x 25 | url: https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/UPGRADE.md#from-70x-to-71x 26 | - name: Upgrade from 71.x to 72.x 27 | url: https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/UPGRADE.md#from-71x-to-72x 28 | -------------------------------------------------------------------------------- /charts/infra-apps/examples/cert-manager-issuers.yaml: -------------------------------------------------------------------------------- 1 | # Deploy default Let's Encrypt ClusterIssuers. 2 | # 3 | # More examples may be found in the cert-maager-issuers chart. 4 | 5 | _: &email user@example.com 6 | _: &solvers 7 | - http01: 8 | ingress: 9 | class: nginx 10 | 11 | certManagerIussers: 12 | enabled: true 13 | values: 14 | clusterIssuers: 15 | - name: letsencrypt-prod 16 | spec: 17 | acme: 18 | email: *email 19 | server: https://acme-v02.api.letsencrypt.org/directory 20 | privateKeySecretRef: 21 | name: letsencrypt-prod-account-key 22 | solvers: *solvers 23 | - name: letsencrypt-staging 24 | spec: 25 | acme: 26 | email: *email 27 | server: https://acme-staging-v02.api.letsencrypt.org/directory 28 | privateKeySecretRef: 29 | name: letsencrypt-staging-account-key 30 | solvers: *solvers 31 | -------------------------------------------------------------------------------- /charts/infra-apps/examples/cert-manager-on-aks.yaml: -------------------------------------------------------------------------------- 1 | # cert-manager on AKS 2 | # 3 | # this example can be used to deploy cert-manager on AKS togther with 4 | # nginx-ingress in the infra-ingress namespace. 5 | # For this to work you should deploy nginx-ingress as documented in 6 | # `nginx-ingress-on-aks.yaml` in this folder. 7 | 8 | certManager: 9 | enabled: true 10 | project: default 11 | destination: 12 | server: https://kubernetes.default.svc 13 | namespace: infra-ingress 14 | ignoreDifferences: 15 | # On AKS there is a mutating admission controller that adds the 16 | # expression {"key": "control-plane", "operator": "DoesNotExist"} 17 | # to webhooks. 18 | # We have to ignore this in Argo CD so it does not consider webhooks 19 | # as out of sync all the time. 20 | - group: admissionregistration.k8s.io 21 | kind: ValidatingWebhookConfiguration 22 | jsonPointers: 23 | - /webhooks/0/namespaceSelector/matchExpressions/2 24 | -------------------------------------------------------------------------------- /charts/infra-apps/examples/cert-manager.yaml: -------------------------------------------------------------------------------- 1 | certManager: 2 | enabled: true 3 | values: 4 | rbac: 5 | create: true 6 | -------------------------------------------------------------------------------- /charts/infra-apps/examples/kubernetes-event-exporter.yaml: -------------------------------------------------------------------------------- 1 | # Deploy the opsgenie kubernetes-event-exporter 2 | # 3 | # This configuration dumps all the events to stdout where they can be picked 4 | # up by loki. 5 | 6 | kubeEventExporter: 7 | enabled: true 8 | values: 9 | config: 10 | logLevel: debug 11 | logFormat: pretty 12 | receivers: 13 | - name: "dump" 14 | file: 15 | path: "/dev/stdout" 16 | layout: {} 17 | route: 18 | routes: 19 | - match: 20 | - receiver: "dump" 21 | -------------------------------------------------------------------------------- /charts/infra-apps/examples/kured.yaml: -------------------------------------------------------------------------------- 1 | # Make kured cordon drain and reboot nodes that need it 2 | 3 | kured: 4 | enabled: true 5 | values: 6 | nodeSelector: 7 | # kured only works on/for Linux nodes 8 | kubernetes.io/os: linux 9 | service: 10 | # create service for the metrics endpoint 11 | create: true 12 | metrics: 13 | # create a ServiceMonitor for kube-prometheus-stack 14 | create: true 15 | labels: 16 | prometheus: kube-prometheus 17 | -------------------------------------------------------------------------------- /charts/infra-apps/examples/nginx-ingress-on-aks.yaml: -------------------------------------------------------------------------------- 1 | # nginx-ingress on AKS 2 | # 3 | # Deploys the nginx-ingress component using and external load balancer 4 | # like is the default on AKS. Also marks the ingress as the default so 5 | # it may be used without explicitly specifying it. 6 | 7 | ingressNginx: 8 | enabled: true 9 | project: default 10 | destination: 11 | server: https://kubernetes.default.svc 12 | namespace: infra-ingress 13 | values: 14 | controller: 15 | service: 16 | # this setting is needed on AKS since the cluster is behind an 17 | # external Azure LoadBalancer. 18 | externalTrafficPolicy: Local 19 | ingressClassResource: 20 | default: true 21 | -------------------------------------------------------------------------------- /charts/infra-apps/examples/nginx-ingress.yaml: -------------------------------------------------------------------------------- 1 | # Deploy nginx-ingress with a customer default page 2 | # 3 | # This nxing-ingress example shows how you can specify a custom default 4 | # backend. Also marks the ingress as the default so 5 | # it may be used without explicitly specifying it. 6 | 7 | ingressNginx: 8 | enabled: true 9 | values: 10 | defaultBackend: 11 | enabled: true 12 | image: 13 | repository: gcr.io/google-containers/defaultbackend 14 | tag: "1.4" 15 | ingressClassResource: 16 | default: true 17 | -------------------------------------------------------------------------------- /charts/infra-apps/examples/rbac-manager.yaml: -------------------------------------------------------------------------------- 1 | rbac: 2 | enabled: true 3 | values: {} 4 | -------------------------------------------------------------------------------- /charts/infra-apps/examples/velero.yaml: -------------------------------------------------------------------------------- 1 | velero: 2 | enabled: true 3 | values: 4 | configuration: 5 | backupStorageLocation: 6 | bucket: example 7 | config: 8 | region: us-east-1 9 | s3Url: https://example.com 10 | name: default 11 | provider: aws 12 | credentials: 13 | existingSecret: velero-objectstorage-credentials 14 | initContainers: 15 | - image: velero/velero-plugin-for-aws:v1.1.0 16 | name: velero-plugin-for-aws 17 | volumeMounts: 18 | - mountPath: /target 19 | name: plugins 20 | schedules: 21 | daily: 22 | schedule: 0 1 * * * 23 | template: 24 | ttl: 24h 25 | snapshotsEnabled: false 26 | -------------------------------------------------------------------------------- /charts/infra-apps/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | The following apps have been provisioned in Argo CD: 2 | {{ if .Values.argocd.enabled }} 3 | * Argo CD 4 | {{ end }} 5 | {{ if .Values.certManager.enabled }} 6 | * Cert Manager 7 | {{ end }} 8 | {{ if .Values.ingressNginx.enabled }} 9 | * NGINX Ingress Controller 10 | {{ end }} 11 | {{ if .Values.kubePrometheusStack.enabled }} 12 | * kube-prometheus-stack 13 | {{ end }} 14 | {{ if .Values.rbacManager.enabled }} 15 | * rbac-manager 16 | {{ end }} 17 | {{ if .Values.velero.enabled }} 18 | * Velero 19 | {{ end }} 20 | -------------------------------------------------------------------------------- /charts/infra-apps/templates/kubernetes-event-exporter.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.kubeEventExporter.enabled }} 2 | {{ fail "kube-event-exporter is DEPRECATED, use otel-collector instead" }} 3 | {{ end }} 4 | -------------------------------------------------------------------------------- /charts/keycloak-operator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/keycloak-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: keycloak-operator 3 | description: Deploy Keycloak Operator and Keycloak 4 | type: application 5 | version: 1.5.3 6 | appVersion: "26.2.3" 7 | icon: https://www.keycloak.org/resources/images/logo-stacked.svg 8 | home: https://www.keycloak.org 9 | sources: 10 | - https://github.com/keycloak/keycloak-k8s-resources 11 | - https://github.com/adfinis/helm-charts/tree/main/charts/keycloak-operator 12 | maintainers: 13 | - name: adfinis 14 | email: support@adfinis.com 15 | url: https://adfinis.com 16 | annotations: 17 | artifacthub.io/containsSecurityUpdates: "false" 18 | artifacthub.io/changes: | 19 | - kind: added 20 | description: | 21 | fix: update keycloak from 26.2.2 to 26.2.3 22 | links: 23 | - name: Release notes 24 | url: https://www.keycloak.org/2025/05/keycloak-2623-released 25 | -------------------------------------------------------------------------------- /charts/keycloak-operator/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | operator: 2 | enabled: true 3 | replicaCount: 1 4 | -------------------------------------------------------------------------------- /charts/keycloak-operator/ci/operand-values.yaml: -------------------------------------------------------------------------------- 1 | keycloak: 2 | enabled: true 3 | name: keycloak 4 | features: 5 | enabled: 6 | - account 7 | - admin 8 | - web-authn 9 | disabled: 10 | - js-adapter 11 | - kerberos 12 | http: 13 | httpEnabled: true 14 | hostname: 15 | hostname: keycloak.example.com 16 | strict: true 17 | backchannelDynamic: false 18 | realmimport: 19 | enabled: true 20 | realms: 21 | - id: test 22 | realm: test 23 | keycloakCRName: keycloak 24 | users: 25 | - id: '0' 26 | firstName: Hans 27 | lastName: Wurst 28 | username: "john.sausage" 29 | email: john.sausage@example.com 30 | -------------------------------------------------------------------------------- /charts/keycloak-operator/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.operator.enabled }} 2 | - The Operator has been deployed, view the logs by running this command: 3 | kubectl --namespace {{ .Release.Namespace }} logs deployment/{{ include "keycloak-operator.operator.fullname" . }} 4 | {{- end }} 5 | {{- if .Values.keycloak.enabled }} 6 | - A Keycloak instance has been deployed, connect to it at "{{ .Values.keycloak.hostname.hostname }}" 7 | {{- if .Values.keycloak.realmimport.enabled }} 8 | Additionally the following realms have been imported: 9 | {{- range .Values.keycloak.realmimport.realms }} 10 | * {{ .realm }} 11 | {{- end }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/keycloak-operator/templates/operator/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.operator.enabled }} 2 | {{- if .Values.operator.service.enabled }} 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: {{ include "keycloak-operator.operator.fullname" . }} 7 | labels: 8 | {{- include "keycloak-operator.operator.labels" . | nindent 4 }} 9 | spec: 10 | type: {{ .Values.operator.service.type }} 11 | ports: 12 | - port: {{ .Values.operator.service.port }} 13 | targetPort: http 14 | protocol: TCP 15 | name: http 16 | selector: 17 | {{- include "keycloak-operator.operator.selectorLabels" . | nindent 4 }} 18 | {{- end }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/keycloak-operator/templates/operator/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.operator.enabled }} 2 | {{- if .Values.operator.serviceAccount.create -}} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ include "keycloak-operator.operator.serviceAccountName" . }} 7 | labels: 8 | {{- include "keycloak-operator.operator.labels" . | nindent 4 }} 9 | {{- with .Values.operator.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/keycloak-operator/tests/default_test.yaml: -------------------------------------------------------------------------------- 1 | suite: default Keycloak Operator tests 2 | templates: 3 | - operator/clusterrole.yaml 4 | - operator/deployment.yaml 5 | - operator/rolebinding.yaml 6 | - operator/roles.yaml 7 | - operator/serviceaccount.yaml 8 | - operator/service.yaml 9 | tests: 10 | - it: should match snapshot 11 | values: 12 | - ../ci/default-values.yaml 13 | asserts: 14 | - matchSnapshot: {} 15 | -------------------------------------------------------------------------------- /charts/keycloak-operator/tests/operand_test.yaml: -------------------------------------------------------------------------------- 1 | suite: default Keycloak operand tests 2 | templates: 3 | - keycloak/keycloak.yaml 4 | - keycloak/keycloakrealmimport.yaml 5 | tests: 6 | - it: should match snapshot 7 | values: 8 | - ../ci/operand-values.yaml 9 | asserts: 10 | - matchSnapshot: {} 11 | -------------------------------------------------------------------------------- /charts/kubernetes-etcd-backup/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v2 3 | name: kubernetes-etcd-backup 4 | description: Chart for kubernetes-etcd-backup solution 5 | type: application 6 | version: 1.6.2 7 | appVersion: v1.4.6 8 | keywords: 9 | - kubernetes-etcd-backup 10 | - kubernetes 11 | - backup 12 | - etcd 13 | home: https://github.com/adfinis/kubernetes-etcd-backup 14 | sources: 15 | - https://github.com/adfinis/kubernetes-etcd-backup 16 | maintainers: 17 | - name: adfinis 18 | email: support@adfinis.com 19 | url: https://adfinis.com 20 | annotations: 21 | artifacthub.io/changes: | 22 | - kind: changed 23 | description: | 24 | upgrade kubernetes-etcd-backup image to v1.4.6 25 | links: 26 | - name: kubernetes-etcd-backup release v1.4.4 27 | url: https://github.com/adfinis/kubernetes-etcd-backup/releases/tag/v1.4.4 28 | - name: kubernetes-etcd-backup release v1.4.5 29 | url: https://github.com/adfinis/kubernetes-etcd-backup/releases/tag/v1.4.5 30 | - name: kubernetes-etcd-backup release v1.4.6 31 | url: https://github.com/adfinis/kubernetes-etcd-backup/releases/tag/v1.4.6 32 | -------------------------------------------------------------------------------- /charts/kubernetes-etcd-backup/templates/additionalPrometheusRules.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.monitoring.enabled .Values.monitoring.additionalRules }} 2 | apiVersion: v1 3 | kind: List 4 | metadata: 5 | name: {{ include "kubernetes-etcd-backup.fullname" $ }}-additional-prometheus-rules 6 | items: 7 | {{- if .Values.monitoring.additionalRules }} 8 | {{- range $prometheusRuleName, $prometheusRule := .Values.monitoring.additionalRules }} 9 | - apiVersion: monitoring.coreos.com/v1 10 | kind: PrometheusRule 11 | metadata: 12 | name: {{ include "kubernetes-etcd-backup.fullname" $ }}-{{ $prometheusRuleName }} 13 | labels: 14 | app: {{ include "kubernetes-etcd-backup.fullname" $ }} 15 | spec: 16 | groups: 17 | {{ toYaml $prometheusRule.groups | indent 8 }} 18 | {{- end }} 19 | {{- end }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/kubernetes-etcd-backup/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "kubernetes-etcd-backup.fullname" . }} 5 | labels: 6 | {{- include "kubernetes-etcd-backup.labels" . | nindent 4 }} 7 | data: 8 | ETCD_BACKUP_S3: {{ .Values.persistence.s3.enabled | quote }} 9 | ETCD_BACKUP_SUBDIR: {{ .Values.backup.subdir | quote }} 10 | ETCD_BACKUP_DIRNAME: {{ .Values.backup.dirname | quote }} 11 | ETCD_BACKUP_EXPIRE_TYPE: {{ .Values.backup.expiretype | quote }} 12 | ETCD_BACKUP_KEEP_DAYS: {{ .Values.backup.keepdays | quote }} 13 | ETCD_BACKUP_KEEP_COUNT: {{ .Values.backup.keepcount | quote }} 14 | ETCD_BACKUP_UMASK: {{ .Values.backup.umask | quote }} 15 | ENDPOINT: {{ .Values.etcdConfiguration.endpoint | quote }} 16 | {{- if .Values.etcdConfiguration.insecureSkipTlsVerify }} 17 | ETCDCTL_INSECURE_SKIP_TLS_VERIFY: "true" 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/kubernetes-etcd-backup/templates/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.monitoring.enabled .Values.monitoring.rules.cronjobMonitor (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PrometheusRule 4 | metadata: 5 | name: {{ include "kubernetes-etcd-backup.fullname" . }}-cronjob-monitor 6 | spec: 7 | groups: 8 | - name: cronjob-monitor 9 | rules: 10 | - alert: EtcdBackupCronJobStatusFailed 11 | expr: | 12 | kube_job_status_succeeded{namespace="{{ .Release.Namespace }}"} == 0 13 | labels: 14 | severity: critical 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/kubernetes-etcd-backup/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.persistence.provisioning.enabled }} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ include "kubernetes-etcd-backup.fullname" . }} 6 | labels: 7 | {{- include "kubernetes-etcd-backup.labels" . | nindent 4 }} 8 | spec: 9 | {{- if .Values.persistence.provisioning.storageClass }} 10 | storageClassName: {{ .Values.persistence.provisioning.storageClass }} 11 | {{- end}} 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: {{ .Values.persistence.capacity }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/kubernetes-etcd-backup/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Values.persistence.s3.enabled) (not .Values.persistence.s3.existingSecret) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | labels: 6 | {{- include "kubernetes-etcd-backup.labels" . | nindent 4 }} 7 | name: {{ include "kubernetes-etcd-backup.fullname" . }}-secret 8 | data: 9 | ETCD_BACKUP_S3_NAME: "{{ .Values.persistence.s3.name | b64enc }}" 10 | ETCD_BACKUP_S3_HOST: "{{ .Values.persistence.s3.host | b64enc }}" 11 | ETCD_BACKUP_S3_BUCKET: "{{ .Values.persistence.s3.bucket | b64enc }}" 12 | ETCD_BACKUP_S3_ACCESS_KEY: "{{ .Values.persistence.s3.accessKey | b64enc }}" 13 | ETCD_BACKUP_S3_SECRET_KEY: "{{ .Values.persistence.s3.secretKey | b64enc }}" 14 | type: Opaque 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/logging-apps/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: argoconfig 3 | repository: https://charts.adfinis.com 4 | version: 0.9.1 5 | digest: sha256:3d78f4fd2b6073998ef1038735a127469cc403accd13513e8d0000ad02c21016 6 | generated: "2024-01-12T10:09:11.484600012+01:00" 7 | -------------------------------------------------------------------------------- /charts/logging-apps/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: logging-apps 3 | description: Argo CD app-of-apps config for logging applications 4 | type: application 5 | version: 0.36.0 6 | home: https://github.com/adfinis/helm-charts/tree/main/charts/logging-apps 7 | sources: 8 | - https://github.com/adfinis/helm-charts 9 | maintainers: 10 | - name: adfinis 11 | email: support@adfinis.com 12 | url: https://adfinis.com 13 | dependencies: 14 | - name: argoconfig 15 | version: 0.9.1 16 | repository: https://charts.adfinis.com 17 | annotations: 18 | artifacthub.io/containsSecurityUpdates: "false" 19 | artifacthub.io/changes: | 20 | - kind: changed 21 | description: Fail deprecated loki-stack installations 22 | -------------------------------------------------------------------------------- /charts/logging-apps/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | lokiStack: 2 | enabled: false 3 | values: {} 4 | 5 | loki: 6 | enabled: true 7 | values: {} 8 | 9 | promtail: 10 | enabled: true 11 | values: {} 12 | 13 | filebeat: 14 | enabled: true 15 | values: {} 16 | 17 | fluentd: 18 | enabled: true 19 | values: {} 20 | 21 | fluent-bit: 22 | enabled: true 23 | values: {} 24 | -------------------------------------------------------------------------------- /charts/logging-apps/examples/filebeat.yaml: -------------------------------------------------------------------------------- 1 | filebeat: 2 | enabled: true 3 | project: infra-logging 4 | values: 5 | filebeatConfig: 6 | filebeat.yml: | 7 | filebeat.inputs: 8 | - type: container 9 | paths: 10 | - /var/log/containers/*.log 11 | processors: 12 | - add_kubernetes_metadata: 13 | host: ${NODE_NAME} 14 | matchers: 15 | - logs_path: 16 | logs_path: "/var/log/containers/" 17 | output.elasticsearch: 18 | host: '${NODE_NAME}' 19 | hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' 20 | username: username 21 | password: password 22 | -------------------------------------------------------------------------------- /charts/logging-apps/examples/fluentd.yaml: -------------------------------------------------------------------------------- 1 | fluentd: 2 | enabled: true 3 | project: infra-logging 4 | values: 5 | tls: 6 | enabled: true 7 | existingSecret: mycert 8 | -------------------------------------------------------------------------------- /charts/logging-apps/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | The following apps are available: 2 | {{ if .Values.lokiStack.enabled }} 3 | * loki-stack 4 | {{ end }} 5 | {{ if .Values.filebeat.enabled }} 6 | * filebeat 7 | {{ end }} 8 | {{ if .Values.fluentd.enabled }} 9 | * fluentd 10 | {{ end }} 11 | {{ if .Values.fluentBit.enabled }} 12 | * fluentBit 13 | {{ end }} 14 | -------------------------------------------------------------------------------- /charts/logging-apps/templates/filebeat.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.filebeat.enabled }} 2 | {{ template "argoconfig.application" (list . "logging-apps.filebeat") }} 3 | {{ end }} 4 | 5 | {{- define "logging-apps.filebeat" -}}{{- $app := unset .Values.filebeat "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/logging-apps/templates/fluentBit.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.fluentBit.enabled }} 2 | {{ template "argoconfig.application" (list . "logging-apps.fluentBit") }} 3 | {{ end }} 4 | 5 | {{- define "logging-apps.fluentBit" -}}{{- $app := unset .Values.fluentBit "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/logging-apps/templates/fluentd.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.fluentd.enabled }} 2 | {{ template "argoconfig.application" (list . "logging-apps.fluentd") }} 3 | {{ end }} 4 | 5 | {{- define "logging-apps.fluentd" -}}{{- $app := unset .Values.fluentd "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/logging-apps/templates/loki-stack.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.lokiStack.enabled }} 2 | {{ fail "loki-stack is DEPRECATED, use `loki` and `promtail` individually" }} 3 | {{ end }} 4 | -------------------------------------------------------------------------------- /charts/logging-apps/templates/loki.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.loki.enabled }} 2 | {{ template "argoconfig.application" (list . "logging-apps.loki") }} 3 | {{ end }} 4 | 5 | {{- define "logging-apps.loki" -}}{{- $app := unset .Values.loki "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/logging-apps/templates/promtail.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.promtail.enabled }} 2 | {{ template "argoconfig.application" (list . "logging-apps.promtail") }} 3 | {{ end }} 4 | 5 | {{- define "logging-apps.promtail" -}}{{- $app := unset .Values.promtail "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/misc-apps/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/misc-apps/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: argoconfig 3 | repository: https://charts.adfinis.com 4 | version: 0.9.1 5 | digest: sha256:3d78f4fd2b6073998ef1038735a127469cc403accd13513e8d0000ad02c21016 6 | generated: "2024-01-12T10:09:29.374847197+01:00" 7 | -------------------------------------------------------------------------------- /charts/misc-apps/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: misc-apps 3 | description: Argo CD app-of-apps config for miscellaneous small tools 4 | type: application 5 | version: 0.49.0 6 | home: https://github.com/adfinis/helm-charts/tree/main/charts/misc-apps 7 | sources: 8 | - https://github.com/adfinis/helm-charts 9 | maintainers: 10 | - name: adfinis 11 | email: support@adfinis.com 12 | url: https://adfinis.com 13 | dependencies: 14 | - name: argoconfig 15 | version: 0.9.1 16 | repository: https://charts.adfinis.com 17 | annotations: 18 | artifacthub.io/changes: | 19 | - kind: changed 20 | description: "feat: added goldilocks" 21 | links: 22 | - name: "added goldilocks 4.13.0" 23 | url: https://github.com/FairwindsOps/goldilocks/releases/tag/v4.13.4 24 | -------------------------------------------------------------------------------- /charts/misc-apps/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | argocdApps: 2 | enabled: true 3 | values: 4 | applications: [] 5 | 6 | downscaler: 7 | enabled: true 8 | values: {} 9 | 10 | signalilo: 11 | enabled: true 12 | values: {} 13 | 14 | sentryKubernetes: 15 | enabled: true 16 | values: {} 17 | 18 | metallb: 19 | enabled: true 20 | values: {} 21 | 22 | chartmuseum: 23 | enabled: true 24 | values: {} 25 | 26 | keda: 27 | enabled: true 28 | values: {} 29 | 30 | grafanaAgentOperator: 31 | enabled: true 32 | values: {} 33 | 34 | reloader: 35 | enabled: true 36 | values: {} 37 | 38 | opencost: 39 | enabled: true 40 | values: {} 41 | -------------------------------------------------------------------------------- /charts/misc-apps/examples/argocd-apps.yaml: -------------------------------------------------------------------------------- 1 | argocdApps: 2 | enabled: true 3 | values: 4 | applications: [] 5 | projects: [] 6 | -------------------------------------------------------------------------------- /charts/misc-apps/examples/chartmuseum.yaml: -------------------------------------------------------------------------------- 1 | # chartmuseum with local storage 2 | # 3 | # This example deploys a simple chartmuseum using local storage based on a 4 | # PVC. As such this deployment will just run anywhere as long as you provide 5 | # storage as well as ingress. 6 | 7 | chartmuseum: 8 | enabled: true 9 | project: infra-chartmuseum 10 | values: 11 | resources: 12 | limits: 13 | cpu: 100m 14 | memory: 200Mi 15 | env: 16 | open: 17 | STORAGE: local 18 | persistence: 19 | enabled: true 20 | accessMode: ReadWriteOnce 21 | size: 8Gi 22 | ingress: 23 | enabled: false 24 | annotations: {} 25 | kubernetes.io/ingress.class: nginx 26 | kubernetes.io/tls-acme: "true" 27 | hosts: 28 | - name: charts.example.com 29 | path: / 30 | tls: true 31 | tlsSecret: chartmuseum-tls 32 | -------------------------------------------------------------------------------- /charts/misc-apps/examples/goldilocks.yaml: -------------------------------------------------------------------------------- 1 | goldilocks: 2 | enabled: true 3 | project: infra-goldilocks 4 | values: 5 | dashboard: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /charts/misc-apps/examples/grafana-agent-operator.yaml: -------------------------------------------------------------------------------- 1 | grafanaAgentOperator: 2 | enabled: true 3 | project: infra-grafana-agent 4 | values: {} 5 | -------------------------------------------------------------------------------- /charts/misc-apps/examples/keda.yaml: -------------------------------------------------------------------------------- 1 | # keda watching one single namespace 2 | # 3 | # This example deploys the keda operator watching one single namespace with 4 | # metricsServer & operator podmonitors enabled 5 | 6 | keda: 7 | enabled: true 8 | project: infra-keda 9 | values: 10 | watchNamespace: "myapp" 11 | prometheus: 12 | metricsServer: 13 | enabled: true 14 | podMonitor: 15 | enabled: true 16 | additionalLabels: 17 | k8s.example.com/prometheus: kube-prometheus 18 | operator: 19 | enabled: true 20 | podMonitor: 21 | enabled: true 22 | additionalLabels: 23 | k8s.example.com/prometheus: kube-prometheus 24 | -------------------------------------------------------------------------------- /charts/misc-apps/examples/kube-downscaler.yaml: -------------------------------------------------------------------------------- 1 | downscaler: 2 | enabled: true 3 | project: infra-downscaler 4 | values: 5 | debug: 6 | enable: false 7 | resources: 8 | limits: 9 | cpu: 50m 10 | memory: 200Mi 11 | excludedNamespaces: 12 | - kube-system 13 | - infra-downscaler 14 | -------------------------------------------------------------------------------- /charts/misc-apps/examples/metallb.yaml: -------------------------------------------------------------------------------- 1 | metallb: 2 | enabled: true 3 | project: infra-metallb 4 | values: 5 | psp: 6 | create: false 7 | configInline: 8 | address-pools: 9 | - name: default 10 | protocol: layer2 11 | addresses: 12 | - 192.168.1.10-192.168.1.20 13 | -------------------------------------------------------------------------------- /charts/misc-apps/examples/opencost.yaml: -------------------------------------------------------------------------------- 1 | # Simple opencost deployment that is integrated with Prometheus. 2 | 3 | opencost: 4 | enabled: true 5 | project: infra-opencost 6 | values: 7 | opencost: 8 | metrics: 9 | serviceMonitor: 10 | # prometheus scrapes opencost data via this monitor so we can visualise it 11 | enabled: true 12 | additionalLabels: 13 | k8s.adfinis.com/prometheus: kube-prometheus 14 | prometheus: 15 | # OpenCost consumes metrics from this Prometheus so it can figure out what is 16 | # using resources. 17 | internal: 18 | serviceName: monitoring-prometheus 19 | namespaceName: infra-monitoring 20 | -------------------------------------------------------------------------------- /charts/misc-apps/examples/prometheus-msteams.yaml: -------------------------------------------------------------------------------- 1 | prometheusMsteams: 2 | enabled: true 3 | project: infra-prometheus-msteams 4 | values: 5 | resources: 6 | limits: 7 | cpu: 100m 8 | memory: 200Mi 9 | 10 | connectors: 11 | # in alertmanager, this will be used as http://prometheus-msteams:2000/bar 12 | - bar: https://outlook.office.com/webhook/xxxx/xxxx 13 | # in alertmanager, this will be used as http://prometheus-msteams:2000/foo 14 | - foo: https://outlook.office.com/webhook/xxxx/xxxx 15 | 16 | metrics: 17 | serviceMonitor: 18 | enabled: true 19 | -------------------------------------------------------------------------------- /charts/misc-apps/examples/reloader.yaml: -------------------------------------------------------------------------------- 1 | # reloader watching namespaces labeled with reloader=true and exporting metrics 2 | 3 | reloader: 4 | enabled: true 5 | project: infra-reloader 6 | values: 7 | reloader: 8 | # namespaceSelector 9 | # list of comma separated label selectors, if mulitple are provided they are ANDed 10 | # Example: reloader=enabled,test=true 11 | namespaceSelector: "reloader=true" 12 | serviceMonitor: 13 | enabled: true 14 | -------------------------------------------------------------------------------- /charts/misc-apps/examples/sentry-kubernetes.yaml: -------------------------------------------------------------------------------- 1 | _: &sentryDSN "https://secret@sentry.example.om/id" 2 | 3 | sentryKubernetes: 4 | enabled: true 5 | project: infra-sentry-kubernetes 6 | values: 7 | sentry: 8 | dsn: *sentryDSN 9 | -------------------------------------------------------------------------------- /charts/misc-apps/examples/signalilo.yaml: -------------------------------------------------------------------------------- 1 | signalilo: 2 | enabled: true 3 | project: infra-signalilo 4 | values: 5 | resources: 6 | limits: 7 | cpu: 100m 8 | memory: 200Mi 9 | config: 10 | # needs replacing with a fresh uuid 11 | uuid: 12 | icinga_hostname: kubernetes.default.svc 13 | icinga_url: https://icinga.int.example.com 14 | icinga_username: api-user 15 | icinga_password: secret 16 | alertmanager_bearer_token: secret 17 | extraEnvVars: 18 | - name: SIGNALILO_ICINGA_DEBUG 19 | value: "false" 20 | # the CA of your icinga setup, if needed 21 | - name: SIGNALILO_ICINGA_CA 22 | value: | 23 | -----BEGIN CERTIFICATE----- 24 | -----END CERTIFICATE----- 25 | -------------------------------------------------------------------------------- /charts/misc-apps/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | The following apps are available: 2 | {{ if .Values.downscaler.enabled }} 3 | * kube-downscaler 4 | {{ end }} 5 | {{ if .Values.signalilo.enabled }} 6 | * signalilo 7 | {{ end }} 8 | {{ if .Values.sentryKubernetes.enabled }} 9 | * sentry-kubernetes 10 | {{ end }} 11 | -------------------------------------------------------------------------------- /charts/misc-apps/templates/chartmuseum.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.chartmuseum.enabled }} 2 | {{ template "argoconfig.application" (list . "misc-apps.chartmuseum") }} 3 | {{ end }} 4 | 5 | {{- define "misc-apps.chartmuseum" -}}{{- $app := unset .Values.chartmuseum "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/misc-apps/templates/downscaler.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.downscaler.enabled }} 2 | {{ template "argoconfig.application" (list . "misc-apps.downscaler") }} 3 | {{ end }} 4 | 5 | {{- define "misc-apps.downscaler" -}}{{- $app := unset .Values.downscaler "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/misc-apps/templates/goldilocks.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.goldilocks.enabled }} 2 | {{ template "argoconfig.application" (list . "misc-apps.goldilocks") }} 3 | {{ end }} 4 | 5 | {{- define "misc-apps.goldilocks" -}}{{- $app := unset .Values.goldilocks "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/misc-apps/templates/keda.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.keda.enabled }} 2 | {{ template "argoconfig.application" (list . "misc-apps.keda") }} 3 | {{ end }} 4 | 5 | {{- define "misc-apps.keda" -}}{{- $app := unset .Values.keda "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/misc-apps/templates/metallb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.metallb.enabled }} 2 | {{ template "argoconfig.application" (list . "misc-apps.metallb") }} 3 | {{ end }} 4 | 5 | {{- define "misc-apps.metallb" -}}{{- $app := unset .Values.metallb "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/misc-apps/templates/opencost.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.opencost.enabled }} 2 | {{ template "argoconfig.application" (list . "misc-apps.opencost") }} 3 | {{ end }} 4 | 5 | {{- define "misc-apps.opencost" -}}{{- $app := unset .Values.opencost "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/misc-apps/templates/prometheus-msteams.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.prometheusMsteams.enabled }} 2 | {{ template "argoconfig.application" (list . "misc-apps.prometheusMsteams") }} 3 | {{ end }} 4 | 5 | {{- define "misc-apps.prometheusMsteams" -}}{{- $app := unset .Values.prometheusMsteams "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/misc-apps/templates/reloader.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.reloader.enabled }} 2 | {{ template "argoconfig.application" (list . "misc-apps.reloader") }} 3 | {{ end }} 4 | 5 | {{- define "misc-apps.reloader" -}}{{- $app := unset .Values.reloader "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/misc-apps/templates/sentry-kubernetes.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.sentryKubernetes.enabled }} 2 | {{ template "argoconfig.application" (list . "misc-apps.sentryKubernetes") }} 3 | {{ end }} 4 | 5 | {{- define "misc-apps.sentryKubernetes" -}}{{- $app := unset .Values.sentryKubernetes "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/misc-apps/templates/signalilo.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.signalilo.enabled }} 2 | {{ template "argoconfig.application" (list . "misc-apps.signalilo") }} 3 | {{ end }} 4 | 5 | {{- define "misc-apps.signalilo" -}}{{- $app := unset .Values.signalilo "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/mopsos/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/mopsos/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: grafana 3 | repository: https://grafana.github.io/helm-charts 4 | version: 6.50.2 5 | digest: sha256:a3ab176ecc7ad902009bc6d16b9ff09af4ce23b346cf6605e0635d07712cce3e 6 | generated: "2023-01-24T15:18:57.739723359+01:00" 7 | -------------------------------------------------------------------------------- /charts/mopsos/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: mopsos 3 | description: Deploy Mopsos to a Kubernetes Cluster 4 | type: application 5 | version: 0.6.5 6 | appVersion: "v0.3.7" 7 | kubeVersion: ">= 1.21.0" 8 | home: https://github.com/adfinis/mopsos 9 | sources: 10 | - https://github.com/adfinis/mopsos 11 | - https://github.com/adfinis/helm-charts/tree/main/charts/mopsos 12 | maintainers: 13 | - name: adfinis 14 | email: support@adfinis.com 15 | url: https://adfinis.com 16 | dependencies: 17 | - name: grafana 18 | version: "6.50.2" 19 | repository: https://grafana.github.io/helm-charts 20 | condition: grafana.enabled 21 | annotations: 22 | artifacthub.io/changes: | 23 | - kind: changed 24 | description: "Update Grafana from 6.26.* to 6.50.2" 25 | -------------------------------------------------------------------------------- /charts/mopsos/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | config: 2 | dbprovider: sqlite 3 | dbdsn: "file::memory:?cache-shared" 4 | grafana: 5 | enabled: false 6 | -------------------------------------------------------------------------------- /charts/mopsos/templates/configmap-dashboard.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.grafana.enabled .Values.grafana.sidecar.dashboards.enabled }} 2 | {{- $files := .Files.Glob "dashboards/*.json" }} 3 | {{- if $files }} 4 | {{- range $path, $fileContents := $files }} 5 | {{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" }} 6 | --- 7 | apiVersion: v1 8 | kind: ConfigMap 9 | metadata: 10 | name: {{ printf "%s-%s" (include "mopsos.fullname" $) $dashboardName | trunc 63 | trimSuffix "-" }} 11 | labels: 12 | {{- include "mopsos.labels" $ | nindent 4 }} 13 | {{ $.Values.grafana.sidecar.dashboards.label }}: {{ $.Values.grafana.sidecar.dashboards.labelValue }} 14 | data: 15 | {{ $dashboardName }}.json: {{ $.Files.Get $path | toJson }} 16 | {{- end }} 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/mopsos/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "mopsos.fullname" . }}-config 5 | labels: 6 | {{- include "mopsos.labels" . | nindent 4 }} 7 | data: 8 | MOPSOS_DB_MIGRATE: {{ .Values.config.dbmigrate | quote }} 9 | MOPSOS_DB_PROVIDER: {{ .Values.config.dbprovider | quote }} 10 | MOPSOS_OTEL_COLLECTOR: {{ .Values.config.otelcollector | quote }} 11 | MOPSOS_DEBUG: {{ .Values.config.debug | quote }} 12 | MOPSOS_VERBOSE: {{ .Values.config.verbose | quote }} 13 | -------------------------------------------------------------------------------- /charts/mopsos/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.rollout.enabled }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: {{ include "mopsos.fullname" . }} 6 | labels: 7 | {{- include "mopsos.labels" . | nindent 4 }} 8 | spec: 9 | {{- if not .Values.autoscaling.enabled }} 10 | replicas: {{ .Values.replicaCount }} 11 | {{- end }} 12 | selector: 13 | matchLabels: 14 | {{- include "mopsos.selectorLabels" . | nindent 6 }} 15 | template: 16 | {{- include "mopsos.podTemplateSpec" . | nindent 4 }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/mopsos/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "mopsos.fullname" . }} 6 | labels: 7 | {{- include "mopsos.labels" . | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ include "mopsos.fullname" . }} 13 | minReplicas: {{ .Values.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.autoscaling.maxReplicas }} 15 | metrics: 16 | {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} 21 | {{- end }} 22 | {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} 23 | - type: Resource 24 | resource: 25 | name: memory 26 | targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/mopsos/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "mopsos.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "mopsos.labels" . | nindent 4 }} 10 | {{- with .Values.ingress.annotations }} 11 | annotations: 12 | {{- toYaml . | nindent 4 }} 13 | {{- end }} 14 | spec: 15 | ingressClassName: {{ .Values.ingress.className }} 16 | {{- if .Values.ingress.tls }} 17 | tls: 18 | {{- range .Values.ingress.tls }} 19 | - hosts: 20 | {{- range .hosts }} 21 | - {{ . | quote }} 22 | {{- end }} 23 | secretName: {{ .secretName }} 24 | {{- end }} 25 | {{- end }} 26 | rules: 27 | {{- range .Values.ingress.hosts }} 28 | - host: {{ .host | quote }} 29 | http: 30 | paths: 31 | {{- range .paths }} 32 | - path: {{ .path }} 33 | pathType: {{ .pathType }} 34 | backend: 35 | service: 36 | name: {{ $fullName }} 37 | port: 38 | number: {{ $svcPort }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/mopsos/templates/rollout.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rollout.enabled }} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: Rollout 4 | metadata: 5 | name: {{ include "mopsos.fullname" . }} 6 | labels: 7 | {{- include "mopsos.labels" . | nindent 4 }} 8 | spec: 9 | {{- if not .Values.autoscaling.enabled }} 10 | replicas: {{ .Values.replicaCount }} 11 | {{- end }} 12 | strategy: 13 | {{- tpl .Values.rollout.strategy . | nindent 4 }} 14 | selector: 15 | matchLabels: 16 | {{- include "mopsos.selectorLabels" . | nindent 6 }} 17 | template: 18 | {{- include "mopsos.podTemplateSpec" . | nindent 4 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/mopsos/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.existingSecret }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | labels: 6 | {{- include "mopsos.labels" . | nindent 4 }} 7 | name: {{ include "mopsos.fullname" . }}-secret 8 | data: 9 | MOPSOS_DB_DSN: {{ .Values.config.dbdsn | b64enc }} 10 | {{- if .Values.config.basicauthusers }} 11 | MOPSOS_HTTP_BASIC_AUTH_USERS: {{ .Values.config.basicauthusers | b64enc }} 12 | {{- end }} 13 | type: Opaque 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/mopsos/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "mopsos.fullname" . }} 5 | labels: 6 | {{- include "mopsos.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "mopsos.selectorLabels" . | nindent 4 }} 16 | --- 17 | {{- if and .Values.rollout.enabled (eq .Values.rollout.mode "blueGreen") }} 18 | 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: {{ include "mopsos.fullname" . }}-preview 23 | labels: 24 | {{- include "mopsos.labels" . | nindent 4 }} 25 | spec: 26 | type: {{ .Values.service.type }} 27 | ports: 28 | - port: {{ .Values.service.port }} 29 | targetPort: http 30 | protocol: TCP 31 | name: http 32 | selector: 33 | {{- include "mopsos.selectorLabels" . | nindent 4 }} 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /charts/mopsos/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "mopsos.serviceAccountName" . }} 6 | labels: 7 | {{- include "mopsos.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/mopsos/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "mopsos.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "mopsos.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "mopsos.fullname" . }}:{{ .Values.service.port }}/health'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/mopsos/tests/deployment_existingSecret_test.yaml: -------------------------------------------------------------------------------- 1 | suite: deployment tests with existingSecret set 2 | templates: 3 | - deployment.yaml 4 | tests: 5 | - it: should match snapshot 6 | set: 7 | existingSecret: "mysecret" 8 | asserts: 9 | - hasDocuments: 10 | count: 1 11 | - documentIndex: 0 12 | equal: 13 | path: spec.template.spec.containers[0].envFrom[0].secretRef.name 14 | value: "mysecret" 15 | -------------------------------------------------------------------------------- /charts/mopsos/tests/deployment_test.yaml: -------------------------------------------------------------------------------- 1 | suite: deployment tests 2 | templates: 3 | - deployment.yaml 4 | tests: 5 | - it: should match snapshot 6 | asserts: 7 | - hasDocuments: 8 | count: 1 9 | - matchSnapshot: {} 10 | -------------------------------------------------------------------------------- /charts/mopsos/tests/secret_basicauthusers_test.yaml: -------------------------------------------------------------------------------- 1 | suite: deployment tests 2 | templates: 3 | - secret.yaml 4 | tests: 5 | - it: secret should contain key MOPSOS_HTTP_BASIC_AUTH_USERS 6 | set: 7 | config.dbdsn: "file::memory:?cache-shared" 8 | config.basicauthusers: "cluster1:mysupersecrettoken" 9 | asserts: 10 | - hasDocuments: 11 | count: 1 12 | - documentIndex: 0 13 | equal: 14 | path: data.MOPSOS_HTTP_BASIC_AUTH_USERS 15 | value: "Y2x1c3RlcjE6bXlzdXBlcnNlY3JldHRva2Vu" 16 | -------------------------------------------------------------------------------- /charts/mopsos/tests/secret_existingSecret_test.yaml: -------------------------------------------------------------------------------- 1 | suite: deployment tests 2 | templates: 3 | - secret.yaml 4 | tests: 5 | - it: should not create any secret 6 | set: 7 | existingSecret: "mysecret" 8 | asserts: 9 | - hasDocuments: 10 | count: 0 11 | -------------------------------------------------------------------------------- /charts/openshift-etcd-backup/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: openshift-etcd-backup 3 | description: Chart for openshift-etcd-backup solution 4 | type: application 5 | version: 1.9.6 6 | appVersion: v1.9.6 7 | keywords: 8 | - openshift-etcd-backup 9 | - openshift 10 | - backup 11 | - etcd 12 | home: https://github.com/adfinis/openshift-etcd-backup 13 | sources: 14 | - https://github.com/adfinis/openshift-etcd-backup 15 | - https://github.com/adfinis/helm-charts/tree/main/charts/openshift-etcd-backup 16 | maintainers: 17 | - name: adfinis 18 | email: support@adfinis.com 19 | url: https://adfinis.com 20 | annotations: 21 | artifacthub.io/changes: | 22 | - kind: changed 23 | description: | 24 | upgrade openshift-etcd-backup image to v1.9.6 25 | 26 | * fixed prometheus alert 27 | links: 28 | - name: openshift-etcd-backup release v1.9.6 29 | url: https://github.com/adfinis/openshift-etcd-backup/releases/tag/v1.9.6 30 | -------------------------------------------------------------------------------- /charts/openshift-etcd-backup/templates/additionalPrometheusRules.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.monitoring.enabled .Values.monitoring.additionalRules }} 2 | apiVersion: v1 3 | kind: List 4 | metadata: 5 | name: {{ include "openshift-etcd-backup.fullname" $ }}-additional-prometheus-rules 6 | items: 7 | {{- if .Values.monitoring.additionalRules }} 8 | {{- range $prometheusRuleName, $prometheusRule := .Values.monitoring.additionalRules }} 9 | - apiVersion: monitoring.coreos.com/v1 10 | kind: PrometheusRule 11 | metadata: 12 | name: {{ include "openshift-etcd-backup.fullname" $ }}-{{ $prometheusRuleName }} 13 | labels: 14 | app: {{ include "openshift-etcd-backup.fullname" $ }} 15 | spec: 16 | groups: 17 | {{ toYaml $prometheusRule.groups | indent 8 }} 18 | {{- end }} 19 | {{- end }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/openshift-etcd-backup/templates/ca-inject.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Values.persistence.s3.enabled) (.Values.persistence.s3.ca.enabled) }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "openshift-etcd-backup.fullname" . }}-ca-inject 6 | labels: 7 | {{- include "openshift-etcd-backup.labels" . | nindent 4 }} 8 | config.openshift.io/inject-trusted-cabundle: "true" 9 | data: {} 10 | {{- end}} 11 | -------------------------------------------------------------------------------- /charts/openshift-etcd-backup/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "openshift-etcd-backup.fullname" . }} 5 | labels: 6 | {{- include "openshift-etcd-backup.labels" . | nindent 4 }} 7 | data: 8 | OCP_BACKUP_S3: {{ .Values.persistence.s3.enabled | quote }} 9 | OCP_BACKUP_SUBDIR: {{ .Values.backup.subdir | quote }} 10 | OCP_BACKUP_DIRNAME: {{ .Values.backup.dirname | quote }} 11 | OCP_BACKUP_EXPIRE_TYPE: {{ .Values.backup.expiretype | quote }} 12 | OCP_BACKUP_KEEP_DAYS: {{ .Values.backup.keepdays | quote }} 13 | OCP_BACKUP_KEEP_COUNT: {{ .Values.backup.keepcount | quote }} 14 | OCP_BACKUP_UMASK: {{ .Values.backup.umask | quote }} 15 | -------------------------------------------------------------------------------- /charts/openshift-etcd-backup/templates/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.monitoring.enabled .Values.monitoring.rules.cronjobMonitor (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PrometheusRule 4 | metadata: 5 | name: {{ include "openshift-etcd-backup.fullname" . }}-cronjob-monitor 6 | spec: 7 | groups: 8 | - name: cronjob-monitor 9 | rules: 10 | - alert: EtcdBackupCronJobStatusFailed 11 | expr: | 12 | kube_job_status_failed{namespace="{{ .Release.Namespace }}"} > 0 13 | labels: 14 | severity: critical 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/openshift-etcd-backup/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.persistence.provisioning.enabled }} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ include "openshift-etcd-backup.fullname" . }} 6 | labels: 7 | {{- include "openshift-etcd-backup.labels" . | nindent 4 }} 8 | spec: 9 | {{- if .Values.persistence.provisioning.storageClass }} 10 | storageClassName: {{ .Values.persistence.provisioning.storageClass }} 11 | {{- end}} 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: {{ .Values.persistence.provisioning.capacity }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/openshift-etcd-backup/templates/role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: {{ include "openshift-etcd-backup.fullname" . }}-use-privileged-scc 5 | rules: 6 | - apiGroups: 7 | - security.openshift.io 8 | resources: 9 | - securitycontextconstraints 10 | verbs: 11 | - use 12 | resourceNames: 13 | - privileged 14 | -------------------------------------------------------------------------------- /charts/openshift-etcd-backup/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: {{ include "openshift-etcd-backup.fullname" . }}-sa-privileged 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: {{ include "openshift-etcd-backup.fullname" . }}-use-privileged-scc 9 | subjects: 10 | - kind: ServiceAccount 11 | name: {{ include "openshift-etcd-backup.serviceAccountName" . }} 12 | -------------------------------------------------------------------------------- /charts/openshift-etcd-backup/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Values.persistence.s3.enabled) (not .Values.persistence.s3.existingSecret) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | labels: 6 | {{- include "openshift-etcd-backup.labels" . | nindent 4 }} 7 | name: {{ include "openshift-etcd-backup.fullname" . }}-secret 8 | data: 9 | OCP_BACKUP_S3_NAME: "{{ .Values.persistence.s3.name | b64enc }}" 10 | OCP_BACKUP_S3_HOST: "{{ .Values.persistence.s3.host | b64enc }}" 11 | OCP_BACKUP_S3_BUCKET: "{{ .Values.persistence.s3.bucket | b64enc }}" 12 | OCP_BACKUP_S3_ACCESS_KEY: "{{ .Values.persistence.s3.accessKey | b64enc }}" 13 | OCP_BACKUP_S3_SECRET_KEY: "{{ .Values.persistence.s3.secretKey | b64enc }}" 14 | type: Opaque 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/openshift-etcd-backup/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "openshift-etcd-backup.serviceAccountName" . }} 6 | labels: 7 | {{- include "openshift-etcd-backup.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/osschallenge/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/osschallenge/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: postgresql 3 | repository: https://charts.bitnami.com/bitnami 4 | version: 11.6.23 5 | digest: sha256:059ca3bd858f23cb7b16dda16b3063e9ca25d080bb9ed44d2bb84528980c0fbe 6 | generated: "2022-08-04T14:01:13.17299594+02:00" 7 | -------------------------------------------------------------------------------- /charts/osschallenge/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: osschallenge 3 | description: Chart for OSS-Challenge application 4 | type: application 5 | version: 0.1.6 6 | appVersion: edge 7 | keywords: 8 | - osschallenge 9 | - postgresql 10 | home: https://oss-challenge.ch 11 | sources: 12 | - https://github.com/adfinis/osschallenge 13 | - https://github.com/adfinis/helm-charts/tree/main/charts/osschallenge 14 | maintainers: 15 | - name: adfinis 16 | email: support@adfinis.com 17 | url: https://adfinis.com 18 | dependencies: 19 | - name: postgresql 20 | version: ~11.6.7 21 | repository: https://charts.bitnami.com/bitnami 22 | condition: postgresql.enabled 23 | -------------------------------------------------------------------------------- /charts/osschallenge/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | postgresql: 2 | auth: 3 | password: s3cr3t 4 | persistence: 5 | enabled: false 6 | service: 7 | port: 5432 8 | osschallenge: 9 | settings: 10 | emailPassword: s3cr3t 11 | jobs: 12 | dbmigrate: 13 | enabled: false 14 | persistence: 15 | storageClassName: "default" 16 | enabled: false 17 | -------------------------------------------------------------------------------- /charts/osschallenge/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "osschallenge.fullname" . }} 5 | labels: 6 | {{- include "osschallenge.labels" . | nindent 4 }} 7 | data: 8 | EMAIL_HOST: {{ .Values.osschallenge.settings.emailHost | quote }} 9 | EMAIL_PORT: {{ .Values.osschallenge.settings.emailPort | quote }} 10 | EMAIL_HOST_USER: {{ .Values.osschallenge.settings.emailUser | quote }} 11 | DEFAULT_FROM_EMAIL: {{ .Values.osschallenge.settings.emailFrom | quote }} 12 | DATABASE_NAME: {{ .Values.postgresql.auth.database | quote }} 13 | DATABASE_USER: {{ .Values.postgresql.auth.username | quote }} 14 | DATABASE_PORT: {{ .Values.postgresql.service.port | quote }} 15 | SITE_URL: {{ .Values.osschallenge.settings.siteUrl | quote }} 16 | WAIT_FOR_IT_TIMER: {{ .Values.osschallenge.image.waitForItTimeout | quote }} 17 | {{- if .Values.postgresql.enabled }} 18 | DATABASE_HOST: {{ include "osschallenge.postgresql.fullname" . | quote }} 19 | {{- else }} 20 | DATABASE_HOST: {{ .Values.postgresql.service.host | quote }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/osschallenge/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | apiVersion: networking.k8s.io/v1beta1 3 | kind: Ingress 4 | metadata: 5 | name: {{ include "osschallenge.fullname" . }} 6 | labels: 7 | {{- include "osschallenge.labels" . | nindent 4 }} 8 | {{- with .Values.ingress.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | rules: 14 | {{- range $host := .Values.ingress.hosts }} 15 | - host: {{ $host }} 16 | http: 17 | paths: 18 | - path: / 19 | backend: 20 | serviceName: {{ include "osschallenge.fullname" $ }} 21 | servicePort: {{ $.Values.osschallenge.service.externalPort }} 22 | {{- end -}} 23 | {{- if .Values.ingress.tls }} 24 | tls: 25 | {{ toYaml .Values.ingress.tls | nindent 4 }} 26 | {{- end -}} 27 | {{- end -}} 28 | -------------------------------------------------------------------------------- /charts/osschallenge/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.persistence.enabled -}} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ include "osschallenge.fullname" . }} 6 | labels: 7 | {{- include "osschallenge.labels" . | nindent 4 }} 8 | spec: 9 | {{- if .Values.persistence.storageClassName }} 10 | storageClassName: {{ .Values.persistence.storageClassName }} 11 | {{- end }} 12 | accessModes: 13 | {{ .Values.persistence.accessModes | toYaml | nindent 2 }} 14 | resources: 15 | requests: 16 | storage: {{ .Values.persistence.size }} 17 | {{- end -}} 18 | -------------------------------------------------------------------------------- /charts/osschallenge/templates/secret-backend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ include "osschallenge.fullname" . }} 5 | labels: 6 | {{- include "osschallenge.labels" . | nindent 4 }} 7 | type: Opaque 8 | data: 9 | {{ if .Values.osschallenge.service.secret }} 10 | DJANGO_SECRET_KEY: {{ .Values.osschallenge.settings.secret | b64enc | quote }} 11 | {{ else }} 12 | DJANGO_SECRET_KEY: {{ randAlphaNum 32 | b64enc | quote }} 13 | {{ end }} 14 | EMAIL_HOST_PASSWORD: {{ .Values.osschallenge.settings.emailPassword | b64enc | quote }} 15 | -------------------------------------------------------------------------------- /charts/osschallenge/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "osschallenge.fullname" . }} 5 | labels: 6 | {{- include "osschallenge.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.osschallenge.service.type }} 9 | ports: 10 | - port: {{ .Values.osschallenge.service.externalPort }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "osschallenge.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /charts/osschallenge/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "osschallenge.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "osschallenge.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "osschallenge.fullname" . }}:{{ .Values.osschallenge.service.externalPort }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/rbac-definitions/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/rbac-definitions/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: common 3 | repository: https://charts.adfinis.com 4 | version: 0.0.7 5 | digest: sha256:e95765189d69f123b9b9227eb69cea68ac498da85de8f7a217482bbb212a9839 6 | generated: "2022-04-04T11:59:15.006027376+02:00" 7 | -------------------------------------------------------------------------------- /charts/rbac-definitions/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: rbac-definitions 3 | description: Deploy rbac-manager RBACDefinitions via Helm 4 | type: application 5 | version: 0.1.3 6 | # matches apiVersion: rbacmanager.reactiveops.io/v1beta1 7 | appVersion: "1beta1" 8 | keywords: 9 | - rbac-manager 10 | home: https://rbac-manager.docs.fairwinds.com/rbacdefinitions/ 11 | icon: https://rbac-manager.docs.fairwinds.com/img/rbac-manager-logo.svg 12 | sources: 13 | - https://github.com/adfinis/helm-charts 14 | maintainers: 15 | - name: adfinis 16 | email: support@adfinis.com 17 | url: https://adfinis.com 18 | dependencies: 19 | - name: common 20 | repository: https://charts.adfinis.com 21 | version: 0.0.7 22 | -------------------------------------------------------------------------------- /charts/rbac-definitions/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | rbacDefinitions: 2 | - name: ci-example 3 | rbacBindings: 4 | - name: edit 5 | subjects: 6 | - kind: User 7 | name: ci@example.com 8 | clusterRoleBindings: 9 | - clusterRole: edit 10 | -------------------------------------------------------------------------------- /charts/rbac-definitions/examples/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | # Create clusterrolebindings 2 | rbacDefinitions: 3 | - name: cluster-editors 4 | rbacBindings: 5 | - name: editors 6 | subjects: 7 | - kind: User 8 | name: maxime@example.com 9 | clusterRoleBindings: 10 | - clusterRole: edit 11 | - name: cluster-admins 12 | rbacBindings: 13 | - name: admins 14 | subjects: 15 | - kind: User 16 | name: jane@example.com 17 | clusterRoleBindings: 18 | - clusterRole: cluster-admin 19 | -------------------------------------------------------------------------------- /charts/rbac-definitions/examples/enabled-and-disabled.yaml: -------------------------------------------------------------------------------- 1 | # Create clusterrolebindings 2 | rbacDefinitions: 3 | - name: cluster-editors 4 | enabled: false 5 | rbacBindings: 6 | - name: editors 7 | subjects: 8 | - kind: User 9 | name: maxime@example.com 10 | clusterRoleBindings: 11 | - clusterRole: edit 12 | - name: cluster-admins 13 | enabled: true 14 | rbacBindings: 15 | - name: admins 16 | subjects: 17 | - kind: User 18 | name: jane@example.com 19 | clusterRoleBindings: 20 | - clusterRole: cluster-admin 21 | -------------------------------------------------------------------------------- /charts/rbac-definitions/examples/namespaceselector.yaml: -------------------------------------------------------------------------------- 1 | # Create rolebinding based on a namespaceSelector 2 | rbacDefinitions: 3 | - name: devs-edit 4 | rbacBindings: 5 | - name: devs 6 | subjects: 7 | - kind: Group 8 | name: devs 9 | roleBindings: 10 | - clusterRole: edit 11 | namespaceSelector: 12 | matchLabels: 13 | k8s.example.com/owner: devs 14 | -------------------------------------------------------------------------------- /charts/rbac-definitions/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbacDefinitions }} 2 | Deployed RBACDefinitions: 3 | {{- range .Values.rbacDefinitions }} 4 | {{- $enabled := printf "%t" .enabled }} 5 | {{- if regexMatch "nil" $enabled }}{{- $enabled = "true" }}{{- end }} 6 | {{- if (eq $enabled "true") }} 7 | * {{ include "rbac-definitions.name" (dict "data" . "root" $) }} 8 | {{- end }} 9 | {{- end }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /charts/rbac-definitions/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Return the name of the RBACDefinition 4 | */}} 5 | {{- define "rbac-definitions.name" -}} 6 | {{- $name := include "common.name" .root }} 7 | {{- with .data }} 8 | {{- if .metadata }} 9 | {{- if .metadata.name }} 10 | {{- $name = .metadata.name }} 11 | {{- end }} 12 | {{- end }} 13 | {{- if .name }} 14 | {{- $name = .name }} 15 | {{- end }} 16 | {{- end }} 17 | {{- $name }} 18 | {{- end -}} 19 | 20 | {{/* 21 | Return a deepmerged metadata block based on common.metadata with local overrides. 22 | */}} 23 | {{- define "rbac-definitions.metadata" -}} 24 | {{- $metadata := (include "common.metadata" .root | fromYaml) }} 25 | {{- $name := include "rbac-definitions.name" . }} 26 | {{- if .data.metadata }} 27 | {{- $metadata = mergeOverwrite $metadata (dict "metadata" .data.metadata) }} 28 | {{- end }} 29 | {{- mergeOverwrite $metadata (dict "metadata" (dict "name" $name)) | toYaml }} 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /charts/rbac-definitions/templates/rbacdefinitions.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.rbacDefinitions }} 2 | --- 3 | {{- $enabled := printf "%t" .enabled }} 4 | {{- if regexMatch "nil" $enabled }}{{- $enabled = "true" }}{{- end }} 5 | {{- if (eq $enabled "true") }} 6 | apiVersion: rbacmanager.reactiveops.io/v1beta1 7 | kind: RBACDefinition 8 | {{ template "rbac-definitions.metadata" (dict "data" . "root" $) }} 9 | rbacBindings: 10 | {{- .rbacBindings | toYaml | nindent 2 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/rbac-definitions/values.yaml: -------------------------------------------------------------------------------- 1 | # -- Array of rbac-manager RBACDefinitions [configurations](https://rbac-manager.docs.fairwinds.com/rbacdefinitions/) (see [examples](./examples/)) 2 | rbacDefinitions: [] 3 | -------------------------------------------------------------------------------- /charts/security-apps/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/security-apps/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: argoconfig 3 | repository: https://charts.adfinis.com 4 | version: 0.9.1 5 | digest: sha256:3d78f4fd2b6073998ef1038735a127469cc403accd13513e8d0000ad02c21016 6 | generated: "2024-01-12T10:09:46.670695948+01:00" 7 | -------------------------------------------------------------------------------- /charts/security-apps/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: security-apps 3 | description: Argo CD app-of-apps config for security applications 4 | type: application 5 | version: 0.94.0 6 | home: https://github.com/adfinis/helm-charts/tree/main/charts/security-apps 7 | sources: 8 | - https://github.com/adfinis/helm-charts 9 | maintainers: 10 | - name: adfinis 11 | email: support@adfinis.com 12 | url: https://adfinis.com 13 | dependencies: 14 | - name: argoconfig 15 | version: 0.9.1 16 | repository: https://charts.adfinis.com 17 | annotations: 18 | artifacthub.io/changes: | 19 | - kind: changed 20 | description: | 21 | bump kyverno-policies from 3.2.4 to 3.4.1 22 | -------------------------------------------------------------------------------- /charts/security-apps/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | dex: 2 | enabled: true 3 | values: {} 4 | 5 | vault: 6 | enabled: true 7 | values: {} 8 | 9 | falco: 10 | enabled: true 11 | values: {} 12 | 13 | falcoExporter: 14 | enabled: true 15 | value: {} 16 | 17 | gatekeeper: 18 | enabled: true 19 | values: {} 20 | 21 | vaultMonitoring: 22 | enabled: true 23 | values: {} 24 | 25 | secretsStoreCsiDriver: 26 | enabled: true 27 | values: {} 28 | 29 | neuvector: 30 | enabled: true 31 | values: {} 32 | 33 | neuvectorMonitor: 34 | enabled: true 35 | values: {} 36 | 37 | oauth2-proxy: 38 | enabled: true 39 | values: {} 40 | 41 | kyverno: 42 | enabled: true 43 | values: {} 44 | 45 | kyvernoPolicies: 46 | enabled: true 47 | values: () 48 | -------------------------------------------------------------------------------- /charts/security-apps/examples/falco-exporter.yaml: -------------------------------------------------------------------------------- 1 | falcoExporter: 2 | enabled: true 3 | project: infra-falco 4 | values: 5 | grafanaDashboard: 6 | enabled: true 7 | additionalLabels: 8 | k8s.adfinis.com/prometheus: kube-prometheus 9 | serviceMonitor: 10 | enabled: true 11 | prometheusRules: 12 | enabled: true 13 | -------------------------------------------------------------------------------- /charts/security-apps/examples/falco.yaml: -------------------------------------------------------------------------------- 1 | falco: 2 | enabled: true 3 | project: infra-falco 4 | values: 5 | services: 6 | - name: k8saudit-webhook 7 | ports: 8 | - port: 9765 9 | protocol: TCP 10 | falcosidekick: 11 | enabled: true 12 | -------------------------------------------------------------------------------- /charts/security-apps/examples/gangway.yaml: -------------------------------------------------------------------------------- 1 | gatekeeper: 2 | enabled: true 3 | project: infra-gangway 4 | values: 5 | ingress: 6 | enabled: true 7 | hosts: 8 | - login.example.com 9 | annotations: 10 | kubernetes.io/ingress.class: nginx 11 | config: 12 | clusterName: "k8s" 13 | apiServerURL: "https://api.example.com:6443" 14 | authorizeURL: "https://dex.exmaple.com/auth" 15 | tokenURL: "https://dex.example.com/token" 16 | clientID: "oidc-auth-client" 17 | clientSecret: "Secret" 18 | redirectURL: "https://login.example.com/callback" 19 | scopes: ["openid", "profile", "groups","email", "offline_access"] 20 | usernameClaim: "email" 21 | emailClaim: "email" 22 | sessionSecurityKey: "verySecureKey" 23 | -------------------------------------------------------------------------------- /charts/security-apps/examples/gatekeeper.yaml: -------------------------------------------------------------------------------- 1 | gatekeeper: 2 | enabled: true 3 | project: infra-gatekeeper 4 | values: 5 | logLevel: INFO 6 | -------------------------------------------------------------------------------- /charts/security-apps/examples/kyverno.yaml: -------------------------------------------------------------------------------- 1 | # Simple Kyverno deployment 2 | # 3 | # This prepares everything for enabling Kyverno policies 4 | # but only enables sane defaults and in audit mode and 5 | # not enforce mode. 6 | 7 | kyverno: 8 | enabled: true 9 | values: 10 | replicas: 3 11 | grafana: 12 | # create a ConfigMap containing a Grafana dashboard 13 | enabled: true 14 | 15 | kyvernoPolicies: 16 | enabled: true 17 | values: 18 | # uncomment the following line to enable enforcing policy 19 | #validationFailureAction: Enforce 20 | -------------------------------------------------------------------------------- /charts/security-apps/examples/neuvector.yaml: -------------------------------------------------------------------------------- 1 | # This example deploys a minimal neuvector deployment 2 | 3 | neuvector: 4 | enabled: true 5 | values: 6 | manager: 7 | ingress: 8 | enabled: true 9 | host: neuvector.example.com 10 | containerd: 11 | enabled: true 12 | 13 | neuvectorMonitor: 14 | enabled: true 15 | values: 16 | registry: docker.io 17 | exporter: 18 | enabled: true 19 | image: 20 | repository: neuvector/prometheus-exporter 21 | tag: 4.2.2 22 | # TODO: replace with readonly user 23 | CTRL_USERNAME: admin 24 | CTRL_PASSWORD: admin 25 | -------------------------------------------------------------------------------- /charts/security-apps/examples/oauth2-proxy.yaml: -------------------------------------------------------------------------------- 1 | _: &hostname host.example.com 2 | 3 | oauth2proxy: 4 | enabled: true 5 | values: 6 | config: 7 | clientID: "" 8 | existingSecret: secretname 9 | Custom configuration file: oauth2_proxy.cfg 10 | configFile: |- 11 | provider = "azure" 12 | oidc_issuer_url = "https://sts.windows.net/01234567-8912-3456-7890/" 13 | redirect_url = "https://host.example.com/oauth2/callback" 14 | reverse_proxy = true 15 | email_domains = [ 16 | "example.com" 17 | ] 18 | service: 19 | portNumber: 8080 20 | ingress: 21 | enabled: true 22 | path: /oauth2 23 | pathType: prefix 24 | annotations: 25 | kubernetes.io/ingress.class: nginx 26 | kubernetes.io/tls-acme: "true" 27 | hosts: 28 | - *hostname 29 | tls: 30 | - secretName: host-oauth2-proxy-cert 31 | hosts: 32 | - *hostname 33 | -------------------------------------------------------------------------------- /charts/security-apps/examples/secrets-store-csi-driver.yaml: -------------------------------------------------------------------------------- 1 | secretsStoreCsiDriver: 2 | enabled: true 3 | project: infra-secrets-store-csi 4 | values: 5 | # Install RBAC roles and bindings required for K8S Secrets syncing if true 6 | syncSecret: 7 | enabled: true 8 | enableSecretRotation: true 9 | -------------------------------------------------------------------------------- /charts/security-apps/examples/vault-monitoring.yaml: -------------------------------------------------------------------------------- 1 | vaultMonitoring: 2 | enabled: true 3 | project: infra-vault 4 | values: 5 | vault: 6 | serverName: vault.namespace.svc.cluster.local 7 | ca: | 8 | -----BEGIN CERTIFICATE----- 9 | Example 10 | -----END CERTIFICATE----- 11 | service: 12 | type: ClusterIP 13 | selector: 14 | app.kubernetes.io/name: vault 15 | prometheusRules: 16 | enabled: true 17 | -------------------------------------------------------------------------------- /charts/security-apps/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | The following apps are available: 2 | {{ if .Values.dex.enabled }} 3 | * dex 4 | {{ end }} 5 | {{ if .Values.gangway.enabled }} 6 | * gangway 7 | {{ end }} 8 | {{ if .Values.vault.enabled }} 9 | * vault 10 | {{ end }} 11 | {{ if .Values.falco.enabled }} 12 | * falco 13 | {{ end }} 14 | -------------------------------------------------------------------------------- /charts/security-apps/templates/dex.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.dex.enabled }} 2 | {{ template "argoconfig.application" (list . "security-apps.dex") }} 3 | {{ end }} 4 | 5 | {{- define "security-apps.dex" -}}{{- $app := unset .Values.dex "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/security-apps/templates/falco-exporter.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.falcoExporter.enabled }} 2 | {{ template "argoconfig.application" (list . "security-apps.falcoExporter") }} 3 | {{ end }} 4 | 5 | {{- define "security-apps.falcoExporter" -}}{{- $app := unset .Values.falcoExporter "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/security-apps/templates/falco.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.falco.enabled }} 2 | {{ template "argoconfig.application" (list . "security-apps.falco") }} 3 | {{ end }} 4 | 5 | {{- define "security-apps.falco" -}}{{- $app := unset .Values.falco "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/security-apps/templates/gangway.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.gangway.enabled }} 2 | {{ fail "gangway is DEPRECATED, use dexK8sAuthenticator instead" }} 3 | {{ end }} 4 | -------------------------------------------------------------------------------- /charts/security-apps/templates/gatekeeper.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.gatekeeper.enabled }} 2 | {{ template "argoconfig.application" (list . "security-apps.gatekeeper") }} 3 | {{ end }} 4 | 5 | {{- define "security-apps.gatekeeper" -}}{{- $app := unset .Values.gatekeeper "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/security-apps/templates/kyverno.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.kyverno.enabled }} 2 | {{ template "argoconfig.application" (list . "security-apps.kyverno") }} 3 | {{ end }} 4 | 5 | {{- define "security-apps.kyverno" -}}{{- $app := unset .Values.kyverno "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/security-apps/templates/neuvector.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.neuvector.enabled }} 2 | {{ template "argoconfig.application" (list . "security-apps.neuvector") }} 3 | {{ end }} 4 | 5 | {{- define "security-apps.neuvector" -}}{{- $app := unset .Values.neuvector "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/security-apps/templates/oauth2-proxy.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.oauth2Proxy.enabled }} 2 | {{ template "argoconfig.application" (list . "security-apps.oauth2Proxy") }} 3 | {{ end }} 4 | 5 | {{- define "security-apps.oauth2Proxy" -}}{{- $app := unset .Values.oauth2Proxy "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/security-apps/templates/vault.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.vault.enabled }} 2 | {{ template "argoconfig.application" (list . "security-apps.vault") }} 3 | {{ end }} 4 | 5 | {{- define "security-apps.vault" -}}{{- $app := unset .Values.vault "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/storage-apps/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: argoconfig 3 | repository: https://charts.adfinis.com 4 | version: 0.9.1 5 | digest: sha256:3d78f4fd2b6073998ef1038735a127469cc403accd13513e8d0000ad02c21016 6 | generated: "2024-01-12T10:10:00.372345772+01:00" 7 | -------------------------------------------------------------------------------- /charts/storage-apps/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | cephCsiRbd: 2 | enabled: true 3 | values: {} 4 | 5 | cephCsiCephfs: 6 | enabled: true 7 | values: {} 8 | 9 | minio: 10 | enabled: true 11 | values: {} 12 | -------------------------------------------------------------------------------- /charts/storage-apps/examples/ceph-csi-cephfs.yaml: -------------------------------------------------------------------------------- 1 | cephCsiCephfs: 2 | enabled: true 3 | project: infra-storage 4 | values: 5 | csiConfig: 6 | - clusterID: "myclusterid" 7 | monitors: 8 | - "mon01.example.com" 9 | - "mon02.example.com" 10 | cephFS: 11 | subvolumeGroup: "csi" 12 | -------------------------------------------------------------------------------- /charts/storage-apps/examples/ceph-csi-rbd.yaml: -------------------------------------------------------------------------------- 1 | cephCsiRbd: 2 | enabled: true 3 | project: infra-storage 4 | values: 5 | csiConfig: 6 | - clusterID: "myclusterid" 7 | monitors: 8 | - "mon01.example.com" 9 | - "mon02.example.com" 10 | -------------------------------------------------------------------------------- /charts/storage-apps/examples/csi-driver-smb.yaml: -------------------------------------------------------------------------------- 1 | linux: 2 | enabled: true 3 | windows: 4 | enabled: false 5 | -------------------------------------------------------------------------------- /charts/storage-apps/examples/minio.yaml: -------------------------------------------------------------------------------- 1 | minio: 2 | enabled: true 3 | project: infra-storage 4 | values: 5 | mode: distributed 6 | replicas: 4 7 | persistence: 8 | enabled: true 9 | storageClass: default 10 | size: 10Gi 11 | resources: 12 | requests: 13 | memory: 2Gi 14 | -------------------------------------------------------------------------------- /charts/storage-apps/templates/ceph-csi-cephfs.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.cephCsiCephfs.enabled }} 2 | {{ template "argoconfig.application" (list . "storage-apps.cephCsiCephfs") }} 3 | {{ end }} 4 | 5 | {{- define "storage-apps.cephCsiCephfs" -}}{{- $app := unset .Values.cephCsiCephfs "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/storage-apps/templates/ceph-csi-rbd.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.cephCsiRbd.enabled }} 2 | {{ template "argoconfig.application" (list . "storage-apps.cephCsiRbd") }} 3 | {{ end }} 4 | 5 | {{- define "storage-apps.cephCsiRbd" -}}{{- $app := unset .Values.cephCsiRbd "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/storage-apps/templates/csi-driver-smb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.csiDriverSmb.enabled }} 2 | {{ template "argoconfig.application" (list . "storage-apps.csiDriverSmb") }} 3 | {{ end }} 4 | 5 | {{- define "storage-apps.csiDriverSmb" -}}{{- $app := unset .Values.csiDriverSmb "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/storage-apps/templates/minio.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.minio.enabled }} 2 | {{ template "argoconfig.application" (list . "storage-apps.minio") }} 3 | {{ end }} 4 | 5 | {{- define "storage-apps.minio" -}}{{- $app := unset .Values.minio "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/tracing-apps/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: argoconfig 3 | repository: https://charts.adfinis.com 4 | version: 0.9.1 5 | digest: sha256:3d78f4fd2b6073998ef1038735a127469cc403accd13513e8d0000ad02c21016 6 | generated: "2024-01-12T10:12:14.588521273+01:00" 7 | -------------------------------------------------------------------------------- /charts/tracing-apps/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | jaegerOperator: 2 | enabled: true 3 | values: {} 4 | opentelemetryCollector: 5 | enabled: true 6 | values: {} 7 | -------------------------------------------------------------------------------- /charts/tracing-apps/examples/jaegerOperator.yaml: -------------------------------------------------------------------------------- 1 | jaegerOperator: 2 | enabled: true 3 | values: 4 | resources: 5 | limits: 6 | cpu: 100m 7 | memory: 128Mi 8 | -------------------------------------------------------------------------------- /charts/tracing-apps/examples/opentelemetryCollector.yaml: -------------------------------------------------------------------------------- 1 | # Basic otel-collector installation 2 | # 3 | # See upstream chart values for a bunch of possible values. 4 | 5 | opentelemetryCollector: 6 | enabled: true 7 | values: 8 | serviceMonitor: 9 | enabled: true 10 | extraLabels: 11 | k8s.adfinis.com/prometheus: kube-prometheus 12 | resources: 13 | limits: 14 | cpu: 256m 15 | memory: 512Mi 16 | -------------------------------------------------------------------------------- /charts/tracing-apps/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | The following apps are available: 2 | {{ if .Values.jaegerOperator.enabled }} 3 | * jaeger-operator 4 | {{ end }} 5 | -------------------------------------------------------------------------------- /charts/tracing-apps/templates/jaegerOperator.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.jaegerOperator.enabled }} 2 | {{ template "argoconfig.application" (list . "logging-apps.jaegerOperator") }} 3 | {{ end }} 4 | 5 | {{- define "logging-apps.jaegerOperator" -}}{{- $app := unset .Values.jaegerOperator "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}} 6 | metadata: 7 | name: {{ template "common.fullname" . }}-{{ $name }} 8 | spec: 9 | {{- if $app.project }} 10 | project: {{ $app.project | quote }} 11 | {{- end }} 12 | source: 13 | repoURL: {{ $app.repoURL | quote }} 14 | chart: {{ $app.chart | quote }} 15 | targetRevision: {{ $app.targetRevision | quote }} 16 | helm: 17 | releaseName: {{ $name | quote }} 18 | values: |- 19 | nameOverride: {{ $name | quote }} 20 | {{- $app.values | toYaml | nindent 8 }} 21 | {{- if $app.destination }} 22 | destination: 23 | {{ $app.destination | toYaml | nindent 4 }} 24 | {{- end }} 25 | {{- if $app.syncPolicy }} 26 | syncPolicy: 27 | {{ $app.syncPolicy | toYaml | nindent 4 }} 28 | {{- end }} 29 | {{- if $app.ignoreDifferences }} 30 | ignoreDifferences: 31 | {{ $app.ignoreDifferences | toYaml | nindent 4 }} 32 | {{- end }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /charts/vault-auth/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: vault-auth 3 | home: https://github.com/adfinis/helm-charts/blob/main/charts/vault-auth/README.md 4 | description: A helm chart to install the vault-auth serviceaccount for enabling vault's kubernetes authentication endpoint 5 | version: 0.1.3 6 | appVersion: 0.1.1 7 | maintainers: 8 | - name: adfinis 9 | email: support@adfinis.com 10 | url: https://adfinis.com 11 | -------------------------------------------------------------------------------- /charts/vault-auth/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | serviceAccount: 2 | name: "vault-auth" 3 | -------------------------------------------------------------------------------- /charts/vault-auth/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: {{ include "vault-auth.fullname" . }} 5 | labels: 6 | {{- include "vault-auth.labels" . | nindent 4 }} 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: system:auth-delegator 11 | subjects: 12 | - kind: ServiceAccount 13 | name: {{ .Values.serviceAccount.name }} 14 | namespace: {{ .Release.Namespace }} 15 | -------------------------------------------------------------------------------- /charts/vault-auth/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "vault-auth.serviceAccountName" . }} 6 | labels: 7 | {{- include "vault-auth.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/vault-auth/values.yaml: -------------------------------------------------------------------------------- 1 | serviceAccount: 2 | # Specifies whether a service account should be created 3 | create: true 4 | # Annotations to add to the service account 5 | annotations: {} 6 | # The name of the service account to use. 7 | # If not set and create is true, a name is generated using the fullname template 8 | name: "" 9 | -------------------------------------------------------------------------------- /charts/vault-monitoring/.Chart.yaml.swp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/adfinis/helm-charts/cd01e2a0b150cf0944597419af6d2080c267acdb/charts/vault-monitoring/.Chart.yaml.swp -------------------------------------------------------------------------------- /charts/vault-monitoring/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: vault-monitoring 3 | description: monitor your vault server from within Kubernetes' prometheus 4 | type: application 5 | version: 0.6.0 6 | home: https://github.com/adfinis/helm-charts/tree/main/charts/vault-monitoring 7 | sources: 8 | - https://github.com/adfinis/helm-charts/tree/main/charts/vault-monitoring 9 | maintainers: 10 | - name: adfinis 11 | email: support@adfinis.com 12 | url: https://adfinis.com 13 | annotations: 14 | artifacthub.io/changes: | 15 | - kind: changed 16 | description: "Only create ConfigMap and Endpoint when serviceMonitor.create=true" 17 | -------------------------------------------------------------------------------- /charts/vault-monitoring/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | vault: 2 | serviceMonitor: 3 | create: true 4 | labels: 5 | k8s.example.com/prometheus: kube-prometheus 6 | prometheusRules: 7 | enabled: false 8 | -------------------------------------------------------------------------------- /charts/vault-monitoring/examples/values.yaml: -------------------------------------------------------------------------------- 1 | vault: 2 | serverName: vault.example.com 3 | port: 443 4 | portName: https 5 | ca_path: /etc/vault/ssl/ca.crt 6 | ip: 10.1.2.3 7 | scheme: https 8 | ca: "" 9 | auth: 10 | mount_path: auth/kuberntees 11 | role: metrics 12 | service: 13 | type: ExternalName 14 | selector: {} 15 | serviceMonitor: 16 | authentication: false 17 | labels: 18 | k8s.example.com/prometheus: kube-prometheus 19 | 20 | prometheusRules: 21 | enabled: false 22 | rules: [] 23 | -------------------------------------------------------------------------------- /charts/vault-monitoring/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Values.vault.serviceMonitor.authentication) (.Values.vault.serviceMonitor.create) }} 2 | apiVersion: "v1" 3 | kind: "ConfigMap" 4 | metadata: 5 | name: {{ include "vaultMonitoring.fullname" . }}-config 6 | labels: 7 | {{- include "vaultMonitoring.labels" . | nindent 4 }} 8 | data: 9 | vault-agent.hcl: | 10 | pid_file = "/home/vault/pidfile" 11 | 12 | vault = { 13 | address = "{{ .Values.vault.scheme }}://{{ .Values.vault.serverName }}" 14 | {{- if .Values.vault.ca }} 15 | ca_cert = "{{ .Values.vault.ca_path }}" 16 | {{- end }} 17 | } 18 | 19 | auto_auth { 20 | method "kubernetes" { 21 | mount_path = "{{ .Values.vault.auth.mount_path }}" 22 | config = { 23 | role = "{{ .Values.vault.auth.role }}" 24 | } 25 | } 26 | 27 | sink "file" { 28 | config = { 29 | path = "/home/vault/config-out/.vault-token" 30 | } 31 | } 32 | } 33 | {{- end }} 34 | -------------------------------------------------------------------------------- /charts/vault-monitoring/templates/endpoint.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (eq .Values.vault.service.type "ExternalName") (.Values.vault.serviceMonitor.create) }} 2 | apiVersion: v1 3 | kind: Endpoints 4 | metadata: 5 | labels: 6 | {{- include "vaultMonitoring.labels" . | nindent 4 }} 7 | name: {{ include "vaultMonitoring.name" . }} 8 | subsets: 9 | - addresses: 10 | - ip: {{ .Values.vault.ip }} 11 | ports: 12 | - name: {{ .Values.vault.portName }} 13 | port: {{ .Values.vault.port }} 14 | protocol: TCP 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/vault-monitoring/templates/prometheusrules.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.prometheusRules.enabled }} 2 | --- 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PrometheusRule 5 | metadata: 6 | name: {{ template "vaultMonitoring.name" . }} 7 | {{- if .Values.prometheusRules.namespace }} 8 | namespace: {{ .Values.prometheusRules.namespace }} 9 | {{- end }} 10 | labels: 11 | {{- include "vaultMonitoring.labels" . | nindent 4 }} 12 | {{- if .Values.prometheusRules.labels }} 13 | {{- toYaml .Values.prometheusRules.labels | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | {{- with .Values.prometheusRules.rules }} 17 | groups: 18 | - name: {{ template "vaultMonitoring.name" $ }} 19 | rules: {{ tpl (toYaml .) $ | nindent 8 }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/vault-monitoring/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.vault.ca }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | labels: 6 | {{- include "vaultMonitoring.labels" . | nindent 4 }} 7 | name: {{ include "vaultMonitoring.fullname" . }}-ca-cert 8 | data: 9 | ca.crt: {{ .Values.vault.ca | b64enc }} 10 | type: Opaque 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /charts/vault-monitoring/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.vault.serviceMonitor.create }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "vaultMonitoring.name" . }} 6 | labels: 7 | {{- include "vaultMonitoring.labels" . | nindent 4 }} 8 | spec: 9 | {{- if .Values.vault.service.selector }} 10 | selector: 11 | {{- toYaml .Values.vault.service.selector | nindent 4 }} 12 | {{- end }} 13 | externalName: {{ .Values.vault.serverName }} 14 | ports: 15 | - name: {{ .Values.vault.portName }} 16 | port: {{ .Values.vault.port }} 17 | protocol: TCP 18 | targetPort: {{ .Values.vault.port }} 19 | sessionAffinity: None 20 | type: {{ .Values.vault.service.type }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /docs/README.md: -------------------------------------------------------------------------------- 1 | # Adfinis Helm Charts Documentation 2 | 3 | * [Development](./development.md) 4 | * [Documentation](./documentation.md) 5 | * [Argo CD app-of-apps](./argocd-app-of-apps.md) 6 | -------------------------------------------------------------------------------- /docs/images/lunkwill_helm_shirt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/adfinis/helm-charts/cd01e2a0b150cf0944597419af6d2080c267acdb/docs/images/lunkwill_helm_shirt.png -------------------------------------------------------------------------------- /hack/chart-testing/ct-install.yaml: -------------------------------------------------------------------------------- 1 | target-branch: main 2 | chart-repos: 3 | - adfinis=https://charts.adfinis.com 4 | - bitnami=https://charts.bitnami.com/bitnami 5 | - secrets-store-csi-driver=https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts 6 | - grafana=https://grafana.github.io/helm-charts 7 | excluded-charts: 8 | - common 9 | - argoconfig 10 | -------------------------------------------------------------------------------- /hack/chart-testing/ct.yaml: -------------------------------------------------------------------------------- 1 | target-branch: main 2 | chart-repos: 3 | - adfinis=https://charts.adfinis.com 4 | - bitnami=https://charts.bitnami.com/bitnami 5 | - secrets-store-csi-driver=https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts 6 | - grafana=https://grafana.github.io/helm-charts 7 | additional-commands: 8 | - helm unittest --color {{ .Path }} 9 | - .tmp/bin/ah lint -p {{ .Path }} 10 | - hack/pluto.sh {{ .Path }} 11 | -------------------------------------------------------------------------------- /hack/ci/github/setup/pre-commit.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | set -e 4 | 5 | source hack/sh/rc.sh 6 | 7 | export ADFINIS_CHARTS_TMP_BIN=$RUNNER_WORKSPACE/bin 8 | mkdir -p $ADFINIS_CHARTS_TMP_BIN 9 | 10 | # Install deps 11 | source hack/sh/deps/pre-commit.sh 12 | source hack/sh/deps/helm-docs.sh 13 | source hack/sh/deps/gomplate.sh 14 | echo $ADFINIS_CHARTS_TMP_BIN >> $GITHUB_PATH 15 | 16 | # Set PY 17 | echo "PY=$(python -c 'import hashlib, sys;print(hashlib.sha256(sys.version.encode()+sys.executable.encode()).hexdigest())')" >> $GITHUB_ENV 18 | 19 | # Add our repo for `helm dep build` purposes 20 | helm repo add adfinis https://charts.adfinis.com 21 | -------------------------------------------------------------------------------- /hack/ci/github/setup/release.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | set -e 4 | 5 | source hack/sh/rc.sh 6 | 7 | export ADFINIS_CHARTS_TMP_BIN=$RUNNER_WORKSPACE/bin 8 | mkdir -p $ADFINIS_CHARTS_TMP_BIN 9 | 10 | # Install deps 11 | source hack/sh/deps/gomplate.sh 12 | source hack/sh/deps/yq.sh 13 | echo $ADFINIS_CHARTS_TMP_BIN >> $GITHUB_PATH 14 | -------------------------------------------------------------------------------- /hack/ci/github/steps/update-page.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | source hack/sh/rc.sh 6 | source hack/sh/_functions.sh 7 | 8 | info 'Updating charts repo site...' 9 | 10 | set -x 11 | 12 | gh_pages_worktree=$(mktemp -d) 13 | 14 | git worktree add "$gh_pages_worktree" gh-pages || true 15 | 16 | HELMCHARTS_GOMPLATE_OUTPUT="$gh_pages_worktree/index.md" \ 17 | HELMCHARTS_GOMPLATE_NAME=indexpage \ 18 | hack/update-readme.sh 19 | 20 | cp --force adfinis-charts-repo.yaml "$gh_pages_worktree/adfinis-charts-repo.yaml" 21 | 22 | mkdir --parent "$gh_pages_worktree/docs/images" 23 | cp --force docs/images/lunkwill_helm_shirt.png "$gh_pages_worktree/docs/images/lunkwill_helm_shirt.png" 24 | 25 | pushd "$gh_pages_worktree" > /dev/null 26 | 27 | git add index.md adfinis-charts-repo.yaml docs/images/lunkwill_helm_shirt.png 28 | # abort pages update if no changes detected 29 | `git diff --cached --quiet` && exit 0 30 | git commit --message="Update site" --signoff 31 | 32 | readonly repo_url="https://x-access-token:$CR_TOKEN@github.com/adfinis/helm-charts" 33 | git push "$repo_url" gh-pages 34 | 35 | popd > /dev/null 36 | -------------------------------------------------------------------------------- /hack/config/update-readme/indexpage.yaml: -------------------------------------------------------------------------------- 1 | web: 2 | enabled: true 3 | 4 | chartBaseURL: https://github.com/adfinis/helm-charts/tree/main/charts/ 5 | -------------------------------------------------------------------------------- /hack/config/update-readme/readme.yaml: -------------------------------------------------------------------------------- 1 | web: 2 | enabled: false 3 | 4 | chartBaseURL: "charts/" 5 | -------------------------------------------------------------------------------- /hack/helm-docs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # wrapper to call helm-docs 4 | 5 | set -e 6 | 7 | source hack/sh/rc.sh 8 | source hack/sh/_functions.sh 9 | source hack/sh/deps/helm-docs.sh 10 | 11 | readonly template_file=$HELM_DOCS_TEMPLATE_FILE 12 | 13 | set -x 14 | 15 | [ ! -f $HELM_DOCS_TEMPLATE_FILE ] && echo "Missing template '$HELM_DOCS_TEMPLATE_FILE' bailing out" && exit 1 16 | 17 | helm-docs --template-files=$template_file 18 | -------------------------------------------------------------------------------- /hack/pluto.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # wrapper to call pluto 4 | 5 | set -e 6 | 7 | source hack/sh/rc.sh 8 | source hack/sh/_functions.sh 9 | source hack/sh/deps/pluto.sh 10 | 11 | chart_dir=$1 12 | 13 | [[ -d $chart_dir ]] || err "No chart dir given. Usage: hack/pluto.sh chart/name" 14 | 15 | helm template $chart_dir | pluto detect - 16 | -------------------------------------------------------------------------------- /hack/sh/_functions.sh: -------------------------------------------------------------------------------- 1 | info () { 2 | echo "${1}" 1>&2 3 | } 4 | 5 | err () { 6 | echo "${1}" 1>&2 7 | exit 1 8 | } 9 | -------------------------------------------------------------------------------- /hack/sh/deps/ah.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | set -e 4 | 5 | source hack/sh/rc.sh 6 | source hack/sh/_functions.sh 7 | 8 | readonly ah_target=$ADFINIS_CHARTS_TMP_BIN 9 | readonly ah_version=$ADFINIS_CHARTS_AH_VERSION 10 | readonly ah_bin=$ah_target/ah 11 | 12 | readonly ah_url="https://github.com/artifacthub/hub/releases/download/v$ah_version/ah_${ah_version}_linux_amd64.tar.gz" 13 | 14 | set +e 15 | 16 | if [[ ! -x `which ah` ]]; then 17 | curl -L -o - $ah_url | tar -C $ah_target -zxf - 18 | chmod +x $ah_bin 19 | $ah_bin version 20 | fi 21 | -------------------------------------------------------------------------------- /hack/sh/deps/gomplate.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | set -e 4 | 5 | source hack/sh/_functions.sh 6 | 7 | readonly gomplate_target=$ADFINIS_CHARTS_TMP_BIN 8 | readonly gomplate_version=$ADFINIS_CHARTS_GOMPLATE_VERSION 9 | readonly gomplate_bin=$gomplate_target/gomplate 10 | 11 | readonly gomplate_url="https://github.com/hairyhenderson/gomplate/releases/download/v$gomplate_version/gomplate_linux-amd64" 12 | readonly gomplate_docs="https://gomplate_docs.gomplate.ca/installing/" 13 | 14 | set +e 15 | 16 | if [[ ! -x `which gomplate` ]]; then 17 | curl -L -o $gomplate_bin $gomplate_url 18 | chmod +x $gomplate_bin 19 | [[ ! -x $gomplate_bin ]] && err "Could not install gomplate binary. See $gomplate_docs for info." 20 | fi 21 | -------------------------------------------------------------------------------- /hack/sh/deps/helm-docs.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | set -e 4 | 5 | source hack/sh/_functions.sh 6 | 7 | readonly helm_docs_target=$ADFINIS_CHARTS_TMP_BIN 8 | readonly helm_docs_version=$ADFINIS_CHARTS_HELM_DOCS_VERSION 9 | readonly helm_docs_bin=$helm_docs_target/helm-docs 10 | 11 | readonly helm_docs_url="https://github.com/norwoodj/helm-docs/releases/download/v$helm_docs_version/helm-docs_${helm_docs_version}_Linux_x86_64.tar.gz" 12 | readonly helm_docs_docs="https://github.com/norwoodj/helm-docs/" 13 | 14 | env | grep helm 15 | 16 | set +e 17 | 18 | if [[ ! -x `which helm-docs` ]]; then 19 | curl -L -o - $helm_docs_url | tar -C $helm_docs_target -zxf - 20 | chmod +x $helm_docs_bin 21 | [[ ! -x $helm_docs_bin ]] && err "Could not install helm-docs binary. See $helm_docs_docs for info." 22 | fi 23 | -------------------------------------------------------------------------------- /hack/sh/deps/helm.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | set -e 4 | 5 | source hack/sh/_functions.sh 6 | 7 | readonly helm_target=$ADFINIS_CHARTS_TMP_BIN 8 | readonly helm_version=$ADFINIS_CHARTS_HELM_VERSION 9 | readonly helm_bin=$helm_target/helm 10 | 11 | readonly helm_url="https://get.helm.sh/helm-v$helm_version-linux-amd64.tar.gz" 12 | readonly helm_docs="https://get.helm.sh/" 13 | 14 | set +e 15 | 16 | if [[ ! -x `which helm` ]]; then 17 | curl -L -o - $helm_url | tar -C $helm_target -zxf - 18 | chmod +x $helm_bin 19 | helm plugin install https://github.com/helm-unittest/helm-unittest 20 | [[ ! -x `which helm` ]] && err "Could not install helm binary. See $helm_docs for info." 21 | fi 22 | -------------------------------------------------------------------------------- /hack/sh/deps/pluto.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | set -e 4 | 5 | source hack/sh/_functions.sh 6 | 7 | readonly pluto_target=$ADFINIS_CHARTS_TMP_BIN 8 | readonly pluto_version=$ADFINIS_CHARTS_PLUTO_VERSION 9 | readonly pluto_bin=$pluto_target/pluto 10 | 11 | readonly pluto_url="https://github.com/FairwindsOps/pluto/releases/download/v$pluto_version/pluto_${pluto_version}_linux_amd64.tar.gz" 12 | 13 | set +e 14 | 15 | if [[ ! -x `which pluto` ]]; then 16 | curl -L -o - $pluto_url | tar -C $pluto_target -zxf - 17 | chmod +x $pluto_bin 18 | [[ ! -x `which pluto` ]] && err "Could not install pluto binary." 19 | fi 20 | -------------------------------------------------------------------------------- /hack/sh/deps/pre-commit.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | set +e 4 | 5 | if [[ ! -x `which pre-commit` ]]; then 6 | pip install pre-commit 7 | fi 8 | -------------------------------------------------------------------------------- /hack/sh/deps/yq.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | set -e 4 | 5 | source hack/sh/_functions.sh 6 | 7 | readonly yq_target=$ADFINIS_CHARTS_TMP_BIN 8 | readonly yq_version=$ADFINIS_CHARTS_YQ_VERSION 9 | readonly yq_bin=$yq_target/yq 10 | 11 | readonly yq_url="https://github.com/mikefarah/yq/releases/download/v$yq_version/yq_linux_amd64" 12 | 13 | set +e 14 | 15 | if [[ ! -x `which yq` ]]; then 16 | curl -L -o $yq_bin $yq_url 17 | chmod +x $yq_bin 18 | [[ ! -x $yq_bin ]] && err "Could not install yq binary." 19 | fi 20 | -------------------------------------------------------------------------------- /hack/sh/rc.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source .env 4 | export $(grep -v '#' .env | cut -d= -f1) 5 | 6 | # catch github CI case 7 | [[ ! "0$RUNNER_WORKDIR" = "0" ]] && export ADFINIS_CHARTS_TMP_BIN="$RUNNER_WORKDIR/bin" 8 | 9 | [[ ! -d $ADFINIS_CHARTS_TMP_BIN ]] && mkdir -p $ADFINIS_CHARTS_TMP_BIN 10 | 11 | export PATH=$ADFINIS_CHARTS_TMP_BIN:$PATH 12 | -------------------------------------------------------------------------------- /hack/update-readme.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # gomplate wrapper to update README.md 4 | 5 | set -e 6 | 7 | source hack/sh/rc.sh 8 | source hack/sh/_functions.sh 9 | source hack/sh/deps/helm.sh 10 | source hack/sh/deps/gomplate.sh 11 | 12 | # specify an alternative hack/update-readme/$HELMCHARTS_GOMPLATE_NAME.yaml config 13 | readonly readme_config_name=${HELMCHARTS_GOMPLATE_NAME:-readme} 14 | # where to render the template to, defaults to README.md but can be overridden for generating the GitHub Pages index 15 | readonly output_path=${HELMCHARTS_GOMPLATE_OUTPUT:-README.md} 16 | 17 | set -x 18 | 19 | gomplate -o $output_path -f hack/config/update-readme/README.md.gotmpl \ 20 | -d readme=hack/config/update-readme/$readme_config_name.yaml 21 | -------------------------------------------------------------------------------- /hack/update-snapshots.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # hacky script to update snapshots, used by pre-commit 4 | # 5 | # This script expects a list of all the changed files 6 | # as $@ and will use that to figure out on which charts 7 | # it needs to upate snapshots. 8 | 9 | set -e 10 | 11 | source hack/sh/rc.sh 12 | source hack/sh/_functions.sh 13 | source hack/sh/deps/helm.sh 14 | 15 | set -x 16 | 17 | # grab all charts that where modified 18 | declare -a charts 19 | for file in "$@"; do 20 | charts+=(`echo $file | cut -d/ -f 1-2`) 21 | done 22 | charts=`printf '%s\n' ${charts[@]} | sort -u` 23 | 24 | for chart in $charts; do 25 | # unittest needs deps to work 26 | helm dep build $chart 27 | helm unittest --update-snapshot $chart 28 | done 29 | --------------------------------------------------------------------------------