├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── PULL_REQUEST_TEMPLATE.md ├── changelog-configuration.json ├── changelog.sh ├── helm-docs-footer.gotmpl.md ├── helm-docs-header.gotmpl.md └── workflows │ ├── changelog.yml │ ├── lint.yml │ ├── release.yml │ └── test.yml ├── .gitignore ├── CODEOWNERS ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.gotmpl ├── README.md ├── appuio ├── cloud-portal │ ├── .helmignore │ ├── Chart.yaml │ ├── Makefile │ ├── README.gotmpl.md │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── route.yaml │ │ ├── service.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── data-cube-curation │ ├── .helmignore │ ├── Chart.yaml │ ├── README.gotmpl.md │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── secrets.yaml │ │ ├── service.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ └── values.yaml ├── exoip │ ├── .helmignore │ ├── Chart.yaml │ ├── README.gotmpl.md │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── daemonset.yaml │ │ └── secret.yaml │ └── values.yaml ├── generic │ ├── .helmignore │ ├── Chart.yaml │ ├── README.gotmpl.md │ ├── README.md │ ├── templates │ │ ├── _helpers.tpl │ │ └── generic.yaml │ ├── test │ │ ├── main_test.go │ │ └── template_test.go │ └── values.yaml ├── haproxy-2.5.1.tgz ├── haproxy │ ├── .helmignore │ ├── Chart.yaml │ ├── Dockerfile │ ├── README.gotmpl.md │ ├── README.md │ ├── files │ │ └── galera-check.sh │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── _tplvalues.tpl │ │ ├── configmap-galera-checkscript.yaml │ │ ├── configmap-galera.yaml │ │ ├── configmap-galerak8s.yaml │ │ ├── configmap-ldap-tls.yaml │ │ ├── configmap-redisk8s.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── metrics-backend-svc.yaml │ │ ├── metrics-svc.yaml │ │ ├── pdb.yaml │ │ ├── prometheusrule.yaml │ │ ├── secret-check-auth-redisk8s.yaml │ │ ├── service.yaml │ │ ├── servicemonitor.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ └── values.yaml ├── k8up │ ├── .helmignore │ ├── README.md │ ├── old.Chart.yaml │ ├── rbac-kustomize │ │ └── kustomization.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── prometheus │ │ │ ├── prometheusrule.yaml │ │ │ └── servicemonitor.yaml │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── mariadb-galera │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.gotmpl.md │ ├── README.md │ ├── ci │ │ └── values-production-with-rbac.yaml │ ├── files │ │ └── docker-entrypoint-initdb.d │ │ │ └── README.md │ ├── hack │ │ └── failover-testing │ │ │ ├── Readme.md │ │ │ ├── client.sh │ │ │ ├── deny-traffic-to-node.sh │ │ │ ├── fill.sql │ │ │ ├── monitor.sh │ │ │ └── values.yaml │ ├── icon.png │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── extra-list.yaml │ │ ├── headless-svc.yaml │ │ ├── initialization-configmap.yaml │ │ ├── metrics-svc.yaml │ │ ├── pdb.yaml │ │ ├── prometheusrules.yaml │ │ ├── recreate-script.yaml │ │ ├── recreate.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── secrets.yaml │ │ ├── serviceaccount.yaml │ │ ├── servicemonitor.yaml │ │ ├── statefulset.yaml │ │ ├── svc.yaml │ │ └── tls-secrets.yaml │ ├── values.schema.json │ └── values.yaml ├── maxscale │ ├── .helmignore │ ├── Chart.yaml │ ├── README.gotmpl.md │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── secret.yaml │ │ ├── service-masteronly.yaml │ │ └── service-rwsplit.yaml │ └── values.yaml ├── metrics-server │ ├── Chart.yaml │ ├── README.gotmpl.md │ ├── README.md │ ├── ci │ │ └── ci-values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── aggregated-metrics-reader-cluster-role.yaml │ │ ├── auth-delegator-crb.yaml │ │ ├── cluster-role.yaml │ │ ├── metric-server-service.yaml │ │ ├── metrics-api-service.yaml │ │ ├── metrics-server-crb.yaml │ │ ├── metrics-server-deployment.yaml │ │ ├── metrics-server-serviceaccount.yaml │ │ ├── pdb.yaml │ │ ├── psp.yaml │ │ ├── role-binding.yaml │ │ └── tests │ │ │ └── test-version.yaml │ └── values.yaml ├── openshift-oauth-proxy │ ├── .helmignore │ ├── Chart.yaml │ ├── README.gotmpl.md │ ├── README.md │ ├── templates │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── route.yaml │ │ ├── secret.yaml │ │ ├── service.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── openshift-route │ ├── .helmignore │ ├── Chart.yaml │ ├── README.gotmpl.md │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ └── route.yaml │ └── values.yaml ├── prometheus-blackbox-exporter │ ├── Chart.yaml │ ├── README.gotmpl.md │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ └── service.yaml │ └── values.yaml ├── redis │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.gotmpl.md │ ├── README.md │ ├── ci │ │ ├── default-values.yaml │ │ ├── extra-flags-values.yaml │ │ └── production-sentinel-values.yaml │ ├── hack │ │ └── redis-failover-scripts │ │ │ ├── Readme.md │ │ │ ├── deny-redis-traffic-to-node-0-networkpolicy.yaml │ │ │ ├── deny-redis-traffic-to-node-1-networkpolicy.yaml │ │ │ ├── deny-redis-traffic-to-node-2-networkpolicy.yaml │ │ │ ├── fill_cluster.sh │ │ │ ├── monitor.sh │ │ │ ├── random_keys.lua │ │ │ └── values-sentinel.yaml │ ├── logo.png │ ├── node_ready.lua │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap-scripts.yaml │ │ ├── configmap.yaml │ │ ├── headless-svc.yaml │ │ ├── health-configmap.yaml │ │ ├── metrics-prometheus.yaml │ │ ├── metrics-sentinel-prometheus.yaml │ │ ├── metrics-sentinel-svc.yaml │ │ ├── metrics-svc.yaml │ │ ├── networkpolicy.yaml │ │ ├── pdb.yaml │ │ ├── prometheusrule.yaml │ │ ├── psp.yaml │ │ ├── recreate-script.yaml │ │ ├── recreate.yaml │ │ ├── redis-master-statefulset.yaml │ │ ├── redis-master-svc.yaml │ │ ├── redis-node-statefulset.yaml │ │ ├── redis-role.yaml │ │ ├── redis-rolebinding.yaml │ │ ├── redis-serviceaccount.yaml │ │ ├── redis-slave-statefulset.yaml │ │ ├── redis-slave-svc.yaml │ │ ├── redis-with-sentinel-svc.yaml │ │ └── secret.yaml │ ├── values.schema.json │ └── values.yaml ├── secret │ ├── .helmignore │ ├── Chart.yaml │ ├── README.gotmpl.md │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── secret-deprecated.yaml │ │ └── secret.yaml │ ├── test │ │ ├── main_test.go │ │ ├── secret_array_test.go │ │ ├── secret_object_test.go │ │ └── testdata │ │ │ ├── secret-array.yaml │ │ │ └── secret-object.yaml │ └── values.yaml ├── signalilo │ ├── .helmignore │ ├── Chart.yaml │ ├── README.gotmpl.md │ ├── README.md │ ├── templates │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── pull-secret.yaml │ │ ├── secret.yaml │ │ ├── service.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── snappass │ ├── .helmignore │ ├── Chart.yaml │ ├── Makefile │ ├── README.gotmpl.md │ ├── README.md │ ├── requirements.lock │ ├── requirements.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── secret-redis.yaml │ │ ├── secret.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ ├── test │ │ ├── deployment_test.go │ │ ├── main_test.go │ │ ├── redis_secret_test.go │ │ └── secret_test.go │ └── values.yaml ├── stardog-userrole-operator │ ├── .helmignore │ ├── Chart.yaml │ ├── README.gotmpl.md │ ├── README.md │ ├── crd │ │ ├── databases.yaml │ │ ├── organizations.yaml │ │ ├── stardoginstance.yaml │ │ ├── stardogrole.yaml │ │ └── stardoguser.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── clusterrole.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── deployment.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── service.yaml │ │ └── serviceaccount.yaml │ ├── test │ │ ├── clusterrole_test.go │ │ ├── clusterrolebinding_test.go │ │ ├── deployment_test.go │ │ ├── main_test.go │ │ ├── role_test.go │ │ ├── rolebinding_test.go │ │ ├── service_test.go │ │ └── serviceaccount_test.go │ └── values.yaml ├── stardog │ ├── .helmignore │ ├── Chart.yaml │ ├── Makefile │ ├── README.gotmpl.md │ ├── README.md │ ├── files │ │ ├── jmx-exporter.yaml │ │ ├── log4j2.xml │ │ ├── stardog-wrapper.sh │ │ └── stardog.properties │ ├── requirements.lock │ ├── requirements.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── cronjob.yaml │ │ ├── ingress.yaml │ │ ├── jmx-exporter-configmap.yaml │ │ ├── monitoring │ │ │ ├── stardog-java-rules.yaml │ │ │ ├── stardog-rules.yaml │ │ │ ├── stardog-servicemonitor.yaml │ │ │ └── zookeeper-rules.yaml │ │ ├── pdb.yaml │ │ ├── post-install-job.yaml │ │ ├── pull-secret.yaml │ │ ├── s3-secret.yaml │ │ ├── service.yaml │ │ ├── statefulset.yaml │ │ ├── tests │ │ │ └── test-connection.yaml │ │ └── user-pw-secret.yaml │ ├── test │ │ ├── backup_test.go │ │ ├── main_test.go │ │ ├── postinstall_test.go │ │ ├── pull_secret_test.go │ │ ├── statefulset_test.go │ │ └── user_pw_secret_test.go │ └── values.yaml └── trifid │ ├── .helmignore │ ├── Chart.yaml │ ├── README.gotmpl.md │ ├── README.md │ ├── templates │ ├── _helpers.tpl │ ├── deployment.yaml │ ├── ingress.yaml │ ├── pdb.yaml │ ├── secret.yaml │ ├── service.yaml │ └── serviceaccount.yaml │ ├── test │ ├── deployment_test.go │ ├── main_test.go │ └── secret_test.go │ └── values.yaml ├── go.mod ├── go.sum ├── readme.go ├── renovate.json └── tools.go /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: "[chart-name] SUMMARY" 5 | labels: bug 6 | assignees: '' 7 | 8 | --- 9 | 10 | ## Describe the bug 11 | 12 | A clear and concise description of what the bug is. 13 | 14 | ## Additional context 15 | 16 | Add any other context about the problem here. 17 | 18 | ## To Reproduce 19 | 20 | Steps to reproduce the behavior: 21 | 1. ... 22 | 23 | ## Logs 24 | 25 | If applicable, add logs to help explain your problem. 26 | ```console 27 | 28 | ``` 29 | 30 | ## Expected behavior 31 | 32 | A clear and concise description of what you expected to happen. 33 | 34 | **Environment (please complete the following information):** 35 | - Chart: latest 36 | - Helm: v3 37 | - Kubernetes API: v1.21 38 | - Distribution (Openshift, Rancher, etc.): Plain K8s 39 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: "[chart-name] SUMMARY" 5 | labels: enhancement 6 | assignees: '' 7 | 8 | --- 9 | 10 | ## Summary 11 | 12 | **As** role name\ 13 | **I want** a feature or functionality\ 14 | **So that** I get certain business value 15 | 16 | ## Context 17 | 18 | Add more information here. You are completely free regarding form and length. 19 | 20 | ## Out of Scope 21 | 22 | * List aspects that are explicitly not part of this feature 23 | 24 | ## Further links 25 | 26 | * URLs of relevant Git repositories, PRs, Issues, etc. 27 | 28 | ## Acceptance criteria 29 | 30 | * Given a precondition, when an action happens, then expect a result 31 | 32 | 35 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 9 | 10 | #### What this PR does / why we need it: 11 | 12 | * Short summary 13 | 14 | #### Checklist 15 | 16 | - [ ] Chart Version bumped 17 | - [ ] I have run `make docs` 18 | - [ ] Variables are documented in the values.yaml using the format required by [Helm-Docs](https://github.com/norwoodj/helm-docs#valuesyaml-metadata). 19 | - [ ] PR contains the label that identifies the chart, e.g. `chart/` 20 | - [ ] PR contains the label that identifies the type of change, which is one of 21 | [ `bug`, `enhancement`, `documentation`, `change`, `breaking`, `dependency` ] 22 | -------------------------------------------------------------------------------- /.github/changelog-configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "pr_template": "- ${{TITLE}} (#${{NUMBER}})", 3 | "categories": [ 4 | { 5 | "title": "## 🚀 Features", 6 | "labels": [ 7 | "enhancement" 8 | ], 9 | "exhaustive": true 10 | }, 11 | { 12 | "title": "## 🛠️ Minor Changes", 13 | "labels": [ 14 | "change" 15 | ], 16 | "exhaustive": true 17 | }, 18 | { 19 | "title": "## 🔎 Breaking Changes", 20 | "labels": [ 21 | "breaking" 22 | ], 23 | "exhaustive": true 24 | }, 25 | { 26 | "title": "## 🐛 Fixes", 27 | "labels": [ 28 | "bug" 29 | ], 30 | "exhaustive": true 31 | }, 32 | { 33 | "title": "## 📄 Documentation", 34 | "labels": [ 35 | "documentation" 36 | ], 37 | "exhaustive": true 38 | }, 39 | { 40 | "title": "## 🔗 Dependency Updates", 41 | "labels": [ 42 | "dependency" 43 | ], 44 | "exhaustive": true 45 | } 46 | ], 47 | "ignore_labels": [ 48 | "ignore" 49 | ], 50 | "template": "${{CATEGORIZED_COUNT}} changes since ${{FROM_TAG}}\n\n${{CHANGELOG}}", 51 | "tag_resolver": { 52 | "filter": { 53 | "pattern": "" 54 | }, 55 | "transformer": { 56 | "pattern": "", 57 | "target": "$1" 58 | } 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /.github/changelog.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Tag format from source: refs/tags/chart-1.2.3 4 | 5 | # Remove "refs/tags/" 6 | tag="${GITHUB_REF##*/}" 7 | 8 | # Remove SemVer at the end 9 | chart=$(echo ${tag} | grep --perl-regexp --only-matching '^([a-zA-Z0-9-]+)(?![0-9.]+)') 10 | 11 | tagPattern="${chart}-(.+)" 12 | chartLabel="chart/${chart}" 13 | 14 | echo ::group::Configuring changelog generator 15 | jq '.tag_resolver.filter.pattern="'$tagPattern'" | .tag_resolver.transformer.pattern="'$tagPattern'" | .categories[].labels += ["'$chartLabel'"]' \ 16 | .github/changelog-configuration.json | tee .github/configuration.json 17 | echo ::endgroup:: 18 | -------------------------------------------------------------------------------- /.github/helm-docs-footer.gotmpl.md: -------------------------------------------------------------------------------- 1 | 2 | {{ template "chart.sourcesSection" . }} 3 | 4 | {{ template "chart.requirementsSection" . }} 5 | 6 | 9 | [resource-units]: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes 10 | [prometheus-operator]: https://github.com/coreos/prometheus-operator 11 | -------------------------------------------------------------------------------- /.github/helm-docs-header.gotmpl.md: -------------------------------------------------------------------------------- 1 | {{ template "chart.header" . }} 2 | {{ template "chart.deprecationWarning" . }} 3 | 4 | {{ template "chart.badgesSection" . }} 5 | 6 | {{ template "chart.description" . }} 7 | 8 | {{ template "chart.homepageLine" . }} 9 | 10 | ## Installation 11 | 12 | ```bash 13 | helm repo add appuio https://charts.appuio.ch 14 | helm install {{ template "chart.name" . }} appuio/{{ template "chart.name" . }} 15 | ``` 16 | -------------------------------------------------------------------------------- /.github/workflows/changelog.yml: -------------------------------------------------------------------------------- 1 | name: Changelog 2 | 3 | on: 4 | release: 5 | types: 6 | - created 7 | 8 | jobs: 9 | edit-release: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v2 13 | with: 14 | fetch-depth: 0 15 | 16 | - name: Prepare changelog config 17 | run: .github/changelog.sh 18 | 19 | - name: Build changelog from PRs with labels 20 | id: build_changelog 21 | uses: mikepenz/release-changelog-builder-action@v2 22 | with: 23 | configuration: ".github/configuration.json" 24 | # PreReleases still get a changelog, but the next full release gets a diff since the last full release, 25 | # combining possible changelogs of all previous PreReleases in between. 26 | # PreReleases show a partial changelog since last PreRelease. 27 | ignorePreReleases: "${{ !contains(github.ref, '-rc') }}" 28 | env: 29 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 30 | 31 | - name: Update release 32 | uses: tubone24/update_release@v1.3.1 33 | env: 34 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 35 | with: 36 | body: ${{ steps.build_changelog.outputs.changelog }} 37 | -------------------------------------------------------------------------------- /.github/workflows/lint.yml: -------------------------------------------------------------------------------- 1 | name: Lint 2 | 3 | on: 4 | pull_request: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | unit-tests: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v2 13 | - name: Determine Go version from go.mod 14 | run: echo "GO_VERSION=$(grep "go 1." go.mod | cut -d " " -f 2)" >> $GITHUB_ENV 15 | - uses: actions/setup-go@v2 16 | with: 17 | go-version: ${{ env.GO_VERSION }} 18 | - uses: actions/cache@v4 19 | with: 20 | path: ~/go/pkg/mod 21 | key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} 22 | restore-keys: | 23 | ${{ runner.os }}-go- 24 | - name: Run all linters 25 | run: make lint 26 | 27 | docs: 28 | runs-on: ubuntu-latest 29 | steps: 30 | - name: Checkout 31 | uses: actions/checkout@v2 32 | - name: Generate Chart documentation 33 | run: make docs 34 | - name: Check if documentation is on par with Chart changes 35 | run: git diff --exit-code 36 | 37 | chart-versions: 38 | runs-on: ubuntu-latest 39 | steps: 40 | - uses: actions/checkout@v2 41 | with: 42 | fetch-depth: '0' 43 | - name: Verify chart versions have been updated 44 | run: make lint:versions 45 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Release Charts 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | gh-pages: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: Checkout 13 | uses: actions/checkout@v2 14 | with: 15 | fetch-depth: '0' 16 | 17 | - name: Configure Git 18 | run: | 19 | git config user.name "$GITHUB_ACTOR" 20 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 21 | - name: Prepare charts 22 | run: make prepare 23 | - name: Run chart-releaser 24 | uses: helm/chart-releaser-action@v1.3.0 25 | with: 26 | charts_dir: appuio 27 | charts_repo_url: https://charts.appuio.ch 28 | env: 29 | CR_TOKEN: "${{ secrets.RELEASE_PAT }}" 30 | -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: Test 2 | 3 | on: 4 | pull_request: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | unit: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: Checkout 13 | uses: actions/checkout@v2 14 | - name: Determine Go version from go.mod 15 | run: echo "GO_VERSION=$(grep "go 1." go.mod | cut -d " " -f 2)" >> $GITHUB_ENV 16 | - uses: actions/setup-go@v2 17 | with: 18 | go-version: ${{ env.GO_VERSION }} 19 | - uses: actions/cache@v4 20 | with: 21 | path: ~/go/pkg/mod 22 | key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} 23 | restore-keys: | 24 | ${{ runner.os }}-go- 25 | - name: Run Chart unit tests 26 | run: make prepare test 27 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | **/charts/*.tgz 2 | /**/.idea 3 | 4 | .github/configuration.json 5 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Code owners of APPUiO Helm charts 2 | 3 | # As a Code owner, you are requested for Pull Request reviews 4 | 5 | # Used by VSHN as part of product offering 6 | /appuio/mariadb-galera @appuio/schedar 7 | /appuio/redis @appuio/schedar 8 | /appuio/generic @appuio/schedar 9 | /appuio/haproxy @appuio/schedar 10 | 11 | # Other charts 12 | /appuio/signalilo @simu 13 | /appuio/maxscale @appuio/pollux 14 | /appuio/exoip @appuio/pollux 15 | 16 | # Stardog 17 | /appuio/stardog @appuio/nunki 18 | /appuio/stardog-userrole-operator @appuio/nunki 19 | 20 | 21 | # Contributed charts 22 | /appuio/data-cube-curation @ludovicm67 23 | /appuio/trifid @ludovicm67 24 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2020, VSHN AG, info@vshn.ch 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | * Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | * Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | 14 | * Neither the name of the copyright holder nor the names of its 15 | contributors may be used to endorse or promote products derived from 16 | this software without specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 22 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 24 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 25 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 26 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- /appuio/cloud-portal/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /appuio/cloud-portal/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cloud-portal 3 | description: APPUiO Cloud Portal (Web Frontend) 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.4.1 19 | 20 | # Update this value by running `make prepare` as it takes it from values.yaml. 21 | appVersion: v0.2.1 22 | 23 | keywords: 24 | - appuio 25 | - openshift 26 | icon: https://docs.appuio.cloud/user/_images/appuio.svg 27 | home: https://appuio.cloud 28 | sources: 29 | - https://github.com/appuio/cloud-portal 30 | -------------------------------------------------------------------------------- /appuio/cloud-portal/Makefile: -------------------------------------------------------------------------------- 1 | MAKEFLAGS += --warn-undefined-variables 2 | SHELL := bash 3 | .SHELLFLAGS := -eu -o pipefail -c 4 | .DEFAULT_GOAL := help 5 | .DELETE_ON_ERROR: 6 | .SUFFIXES: 7 | 8 | # git tag of the version to fetch 9 | # defaults to tag specified in values.yaml, as this gets maintained by renovate 10 | APP_VERSION ?= $(shell grep -E "^ tag: " values.yaml | cut -d " " -f 4 | sed s/\"//g) 11 | 12 | SED_BIN := sed 13 | 14 | .PHONY: help 15 | help: ## Show this help 16 | @grep -E -h '\s##\s' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = "(: ).*?## "}; {gsub(/\\:/,":",$$1)}; {printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' 17 | 18 | .PHONY: appVersion 19 | appVersion: ## Replaces "appVersion" in Chart.yaml with 'image.tag' from values.yaml 20 | $(SED_BIN) -i -e 's/^appVersion.*/appVersion: $(APP_VERSION)/' Chart.yaml 21 | 22 | # 23 | # "Interface" for parent Makefile 24 | # 25 | prepare: appVersion ## Prepare helm chart 26 | -------------------------------------------------------------------------------- /appuio/cloud-portal/README.gotmpl.md: -------------------------------------------------------------------------------- 1 | 6 | 7 | {{ template "chart.valuesSection" . }} 8 | -------------------------------------------------------------------------------- /appuio/cloud-portal/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cloud-portal.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "cloud-portal.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "cloud-portal.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cloud-portal.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") 20 | echo "Visit http://127.0.0.1:8080 to use your application" 21 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /appuio/cloud-portal/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "cloud-portal.fullname" . }}-frontend 6 | labels: 7 | {{- include "cloud-portal.labels" . | nindent 4 }} 8 | data: 9 | config.json: | 10 | {{- toJson .Values.portal.config | nindent 4 }} 11 | {{- if .Values.portal.env }} 12 | --- 13 | apiVersion: v1 14 | kind: ConfigMap 15 | metadata: 16 | name: {{ include "cloud-portal.fullname" . }}-env 17 | labels: 18 | {{- include "cloud-portal.labels" . | nindent 4 }} 19 | data: 20 | {{- toYaml .Values.portal.env | nindent 2 }} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /appuio/cloud-portal/templates/route.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.route.enabled -}} 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: "{{ default (include "cloud-portal.fullname" .) .Values.route.name }}" 6 | labels: 7 | {{- include "cloud-portal.labels" . | nindent 4 }} 8 | {{- with .Values.route.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | host: {{ .Values.route.host }} 14 | port: 15 | targetPort: http 16 | tls: 17 | insecureEdgeTerminationPolicy: Redirect 18 | termination: edge 19 | to: 20 | kind: Service 21 | name: {{ include "cloud-portal.fullname" . }} 22 | weight: 100 23 | wildcardPolicy: None 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /appuio/cloud-portal/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "cloud-portal.fullname" . }} 5 | labels: 6 | {{- include "cloud-portal.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "cloud-portal.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /appuio/cloud-portal/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "cloud-portal.serviceAccountName" . }} 6 | labels: 7 | {{- include "cloud-portal.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /appuio/data-cube-curation/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /appuio/data-cube-curation/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: data-cube-curation 3 | description: RDF Data Cube curation service 4 | 5 | version: 0.3.1 6 | appVersion: 0.6.1 7 | home: https://github.com/zazuko/data-cube-curation 8 | -------------------------------------------------------------------------------- /appuio/data-cube-curation/README.gotmpl.md: -------------------------------------------------------------------------------- 1 | 6 | 7 | {{ template "chart.valuesSection" . }} 8 | -------------------------------------------------------------------------------- /appuio/data-cube-curation/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "data-cube-curation.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "data-cube-curation.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "data-cube-curation.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "data-cube-curation.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | echo "Visit http://127.0.0.1:8080 to use your application" 20 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /appuio/data-cube-curation/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "data-cube-curation.fullname" . }} 5 | labels: 6 | {{- include "data-cube-curation.labels" . | nindent 4 }} 7 | data: 8 | baseURI: {{ include "data-cube-curation.baseURI" . | quote }} 9 | s3Endpoint: {{ required "A valid dataCubeCuration.s3.endpoint entry is required!" .Values.dataCubeCuration.s3.endpoint | quote }} 10 | s3Bucket: {{ required "A valid dataCubeCuration.s3.bucket entry is required!" .Values.dataCubeCuration.s3.bucket | quote }} 11 | gitlabPipeline: {{ required "A valid dataCubeCuration.gitlab.pipeline entry is required!" .Values.dataCubeCuration.gitlab.pipeline | quote }} 12 | gitlabPipelineBranch: {{ required "A valid dataCubeCuration.gitlab.branch entry is required!" .Values.dataCubeCuration.gitlab.branch | quote }} 13 | authIssuer: {{ required "A valid dataCubeCuration.auth.issuer entry is required!" .Values.dataCubeCuration.auth.issuer | quote }} 14 | authClientId: {{ required "A valid dataCubeCuration.auth.clientId entry is required!" .Values.dataCubeCuration.auth.clientId | quote }} 15 | authAudience: {{ required "A valid dataCubeCuration.auth.audience entry is required!" .Values.dataCubeCuration.auth.audience | quote }} 16 | {{- if .Values.dataCubeCuration.auth.accessRequest }} 17 | authAccessRequest: {{ .Values.dataCubeCuration.auth.accessRequest | quote }} 18 | {{- end }} 19 | {{- if .Values.dataCubeCuration.debug }} 20 | debug: {{ .Values.dataCubeCuration.debug | quote }} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /appuio/data-cube-curation/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "data-cube-curation.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 5 | apiVersion: networking.k8s.io/v1beta1 6 | {{- else -}} 7 | apiVersion: extensions/v1beta1 8 | {{- end }} 9 | kind: Ingress 10 | metadata: 11 | name: {{ $fullName }} 12 | labels: 13 | {{- include "data-cube-curation.labels" . | nindent 4 }} 14 | {{- with .Values.ingress.annotations }} 15 | annotations: 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | {{- if .Values.ingress.tls }} 20 | tls: 21 | {{- range .Values.ingress.tls }} 22 | - hosts: 23 | {{- range .hosts }} 24 | - {{ . | quote }} 25 | {{- end }} 26 | secretName: {{ .secretName }} 27 | {{- end }} 28 | {{- end }} 29 | rules: 30 | {{- range .Values.ingress.hosts }} 31 | - host: {{ .host | quote }} 32 | http: 33 | paths: 34 | {{- range .paths }} 35 | - path: {{ . }} 36 | backend: 37 | serviceName: {{ $fullName }} 38 | servicePort: {{ $svcPort }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /appuio/data-cube-curation/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "data-cube-curation.fullname" . }} 5 | labels: 6 | {{- include "data-cube-curation.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "data-cube-curation.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /appuio/data-cube-curation/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "data-cube-curation.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "data-cube-curation.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "data-cube-curation.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /appuio/exoip/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /appuio/exoip/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | appVersion: "v0.4.3" 4 | description: Deploy exoip as a DaemonSet 5 | name: exoip 6 | version: 1.0.4 7 | maintainers: 8 | - name: APPUiO Team 9 | email: info@appuio.ch 10 | -------------------------------------------------------------------------------- /appuio/exoip/README.gotmpl.md: -------------------------------------------------------------------------------- 1 | 6 | 7 | {{ template "chart.valuesSection" . }} 8 | -------------------------------------------------------------------------------- /appuio/exoip/README.md: -------------------------------------------------------------------------------- 1 | # exoip 2 | 3 | ![Version: 1.0.4](https://img.shields.io/badge/Version-1.0.4-informational?style=flat-square) ![AppVersion: v0.4.3](https://img.shields.io/badge/AppVersion-v0.4.3-informational?style=flat-square) 4 | 5 | Deploy exoip as a DaemonSet 6 | 7 | ## Installation 8 | 9 | ```bash 10 | helm repo add appuio https://charts.appuio.ch 11 | helm install exoip appuio/exoip 12 | ``` 13 | 18 | 19 | ## Values 20 | 21 | | Key | Type | Default | Description | 22 | |-----|------|---------|-------------| 23 | | affinity | object | `{}` | | 24 | | exoscaleApiEndpoint | string | `"https://api.exoscale.ch/compute"` | | 25 | | fullnameOverride | string | `""` | | 26 | | image.pullPolicy | string | `"IfNotPresent"` | | 27 | | image.repository | string | `"docker.io/exoscale/exoip"` | | 28 | | image.tag | string | `"v0.4.3"` | | 29 | | nameOverride | string | `""` | | 30 | | nodeSelector | object | `{}` | | 31 | | peerGroup | string | `"kubernetes1-ingress"` | | 32 | | resources | object | `{}` | | 33 | | tolerations | list | `[]` | | 34 | 35 | 38 | [resource-units]: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes 39 | [prometheus-operator]: https://github.com/coreos/prometheus-operator 40 | -------------------------------------------------------------------------------- /appuio/exoip/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | exoip deployed. 2 | 3 | Try http://{{ .Values.eip }}/ to access 4 | -------------------------------------------------------------------------------- /appuio/exoip/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "exoip.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "exoip.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "exoip.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /appuio/exoip/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | type: Opaque 5 | metadata: 6 | name: {{ include "exoip.fullname" . }}-credentials 7 | labels: 8 | app.kubernetes.io/name: {{ include "exoip.name" . }} 9 | helm.sh/chart: {{ include "exoip.chart" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/managed-by: {{ .Release.Service }} 12 | data: 13 | exoscale_api_key: {{ required "Exoscale API key is required" .Values.exoscaleApiKey | b64enc | quote }} 14 | exoscale_api_secret: {{ required "Exoscale API secret is required" .Values.exoscaleApiSecret | b64enc | quote }} 15 | -------------------------------------------------------------------------------- /appuio/exoip/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default values for exoip. 3 | # This is a YAML-formatted file. 4 | # Declare variables to be passed into your templates. 5 | 6 | image: 7 | repository: docker.io/exoscale/exoip 8 | tag: v0.4.3 9 | pullPolicy: IfNotPresent 10 | 11 | nameOverride: "" 12 | fullnameOverride: "" 13 | 14 | ### Required settings 15 | # IP address to use 16 | # eip: '' 17 | 18 | # Exoscale credentials 19 | # exoscaleApiKey: '' 20 | # exoscaleApiSecret: '' 21 | 22 | # Name of the security group the peers are in 23 | peerGroup: 'kubernetes1-ingress' 24 | ### End of required settings 25 | 26 | # Exoscale API endpoint to use 27 | exoscaleApiEndpoint: 'https://api.exoscale.ch/compute' 28 | 29 | resources: {} 30 | # We usually recommend not to specify default resources and to leave this as a conscious 31 | # choice for the user. This also increases chances charts run on environments with little 32 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 33 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 34 | # limits: 35 | # cpu: 100m 36 | # memory: 128Mi 37 | # requests: 38 | # cpu: 100m 39 | # memory: 128Mi 40 | 41 | nodeSelector: {} 42 | tolerations: [] 43 | affinity: {} 44 | -------------------------------------------------------------------------------- /appuio/generic/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /appuio/generic/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: generic 3 | version: 0.1.2 4 | description: A Helm chart to create generic Kubernetes resources 5 | icon: https://kubernetes.io/images/wheel.svg 6 | maintainers: 7 | - name: APPUiO Team 8 | email: info@appuio.ch 9 | -------------------------------------------------------------------------------- /appuio/generic/README.gotmpl.md: -------------------------------------------------------------------------------- 1 | 6 | 7 | ## Configuration 8 | 9 | The following table lists the configurable parameters chart. For default values and examples, consult `values.yaml`. 10 | 11 | | Parameter | Description | 12 | | --- | --- | 13 | | `resources` | List of resources in string format. Allows to use templating. | 14 | 15 | > **Tip**: You can use the default [values.yaml](values.yaml) 16 | 17 | ## Templating 18 | 19 | The resource strings allow to use Go templating like regular Helm charts. 20 | Make sure you use the root context `$` form instead of `.` (see [docs](https://helm.sh/docs/chart_template_guide/variables/)). 21 | 22 | The following named templates are provided as helpers: 23 | * `generic.name` - Expand the name of the chart (truncated to 63 characters) 24 | * `generic.fullname` - Default fully qualified app name 25 | * `generic.chart` - Chart name and version 26 | * `generic.labels` - Common labels 27 | * `generic.selectorLabels` - Selector (name and instance) labels 28 | -------------------------------------------------------------------------------- /appuio/generic/README.md: -------------------------------------------------------------------------------- 1 | # generic 2 | 3 | ![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) 4 | 5 | A Helm chart to create generic Kubernetes resources 6 | 7 | ## Installation 8 | 9 | ```bash 10 | helm repo add appuio https://charts.appuio.ch 11 | helm install generic appuio/generic 12 | ``` 13 | 18 | 19 | ## Configuration 20 | 21 | The following table lists the configurable parameters chart. For default values and examples, consult `values.yaml`. 22 | 23 | | Parameter | Description | 24 | | --- | --- | 25 | | `resources` | List of resources in string format. Allows to use templating. | 26 | 27 | > **Tip**: You can use the default [values.yaml](values.yaml) 28 | 29 | ## Templating 30 | 31 | The resource strings allow to use Go templating like regular Helm charts. 32 | Make sure you use the root context `$` form instead of `.` (see [docs](https://helm.sh/docs/chart_template_guide/variables/)). 33 | 34 | The following named templates are provided as helpers: 35 | * `generic.name` - Expand the name of the chart (truncated to 63 characters) 36 | * `generic.fullname` - Default fully qualified app name 37 | * `generic.chart` - Chart name and version 38 | * `generic.labels` - Common labels 39 | * `generic.selectorLabels` - Selector (name and instance) labels 40 | 41 | 44 | [resource-units]: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes 45 | [prometheus-operator]: https://github.com/coreos/prometheus-operator 46 | -------------------------------------------------------------------------------- /appuio/generic/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "generic.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "generic.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "generic.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "generic.labels" -}} 37 | helm.sh/chart: {{ include "generic.chart" . }} 38 | {{ include "generic.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "generic.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "generic.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | -------------------------------------------------------------------------------- /appuio/generic/templates/generic.yaml: -------------------------------------------------------------------------------- 1 | {{ range .Values.resources }} 2 | {{ tpl . $ }} 3 | --- 4 | {{- end }} 5 | -------------------------------------------------------------------------------- /appuio/generic/test/main_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | var ( 4 | helmChartPath = ".." 5 | releaseName = "test-release" 6 | ) 7 | -------------------------------------------------------------------------------- /appuio/generic/test/template_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "strings" 5 | "testing" 6 | 7 | "github.com/gruntwork-io/terratest/modules/helm" 8 | "github.com/gruntwork-io/terratest/modules/k8s" 9 | "github.com/gruntwork-io/terratest/modules/random" 10 | "github.com/stretchr/testify/assert" 11 | "github.com/stretchr/testify/require" 12 | corev1 "k8s.io/api/core/v1" 13 | ) 14 | 15 | func Test_Generic_Should_Render_Pod(t *testing.T) { 16 | namespaceName := "medieval-" + strings.ToLower(random.UniqueId()) 17 | options := &helm.Options{ 18 | KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), 19 | } 20 | 21 | output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{}) 22 | 23 | secret := &corev1.Secret{} 24 | err := helm.UnmarshalK8SYamlE(t, output, &secret) 25 | require.NoError(t, err) 26 | assert.Equal(t, "example-secret", secret.Name) 27 | assert.Equal(t, "secret", secret.StringData["some"]) 28 | assert.Empty(t, secret.Namespace) 29 | } 30 | -------------------------------------------------------------------------------- /appuio/generic/values.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | # Simple resource example 3 | - | 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: example-secret 8 | stringData: 9 | some: secret 10 | # Example with templated values 11 | - | 12 | apiVersion: v1 13 | kind: Service 14 | metadata: 15 | name: {{ include "generic.fullname" $ }} 16 | labels: 17 | {{- include "generic.labels" $ | nindent 4 }} 18 | spec: 19 | type: ClusterIP 20 | ports: 21 | - port: 8080 22 | targetPort: http 23 | {{- with .Values.protocol }} 24 | protocol: {{ . }} 25 | {{- end }} 26 | name: http 27 | selector: 28 | {{- include "generic.selectorLabels" $ | nindent 4 }} 29 | -------------------------------------------------------------------------------- /appuio/haproxy-2.5.1.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appuio/charts/114d2de27c063ac82ed46f633e5edac6972925ab/appuio/haproxy-2.5.1.tgz -------------------------------------------------------------------------------- /appuio/haproxy/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /appuio/haproxy/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: 2.7.3 3 | description: A Helm chart for HAProxy which can be customized by a config map. 4 | name: haproxy 5 | version: 2.6.0 6 | maintainers: 7 | - name: APPUiO Team 8 | email: info@appuio.ch 9 | -------------------------------------------------------------------------------- /appuio/haproxy/Dockerfile: -------------------------------------------------------------------------------- 1 | from haproxytech/haproxy-debian:2.8.3 2 | 3 | RUN curl -o mysql.deb https://dev.mysql.com/get/mysql-apt-config_0.8.26-1_all.deb || exit 1 \ 4 | dpkg -i mysql.deb || exit 1 ; \ 5 | apt-get update || exit 1 ; \ 6 | apt-get install -y default-mysql-client || exit 1 ; \ 7 | rm -rf /var/lib/apt/lists/* mysql.deb ; -------------------------------------------------------------------------------- /appuio/haproxy/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range $.Values.ingress.paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}{{ . }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "haproxy.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get svc -w {{ include "haproxy.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "haproxy.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "haproxy.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | echo "Visit http://127.0.0.1:{{ .Values.service.port }} to use your application" 20 | kubectl port-forward $POD_NAME {{ .Values.service.port }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /appuio/haproxy/templates/_tplvalues.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Renders a value that contains template. 4 | Usage: 5 | {{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} 6 | */}} 7 | {{- define "common.tplvalues.render" -}} 8 | {{- if typeIs "string" .value }} 9 | {{- tpl .value .context }} 10 | {{- else }} 11 | {{- tpl (.value | toYaml) .context }} 12 | {{- end }} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /appuio/haproxy/templates/configmap-galera-checkscript.yaml: -------------------------------------------------------------------------------- 1 | {{- if or (eq .Values.haproxy.config "galera") (eq .Values.haproxy.config "galerak8s") }} 2 | 3 | kind: ConfigMap 4 | apiVersion: v1 5 | metadata: 6 | labels: 7 | app.kubernetes.io/name: {{ include "haproxy.name" . }} 8 | helm.sh/chart: {{ include "haproxy.chart" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/managed-by: {{ .Release.Service }} 11 | name: haproxy-script 12 | data: 13 | script.sh: |- 14 | {{ range .Files.Lines "files/galera-check.sh" }} 15 | {{ . | indent 2 }} 16 | {{- end}} 17 | {{- end}} -------------------------------------------------------------------------------- /appuio/haproxy/templates/configmap-ldap-tls.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.haproxy.config "ldap-tls" }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: "{{ include "haproxy.fullname" . }}-ldap-tls" 6 | labels: 7 | app.kubernetes.io/name: {{ include "haproxy.name" . }} 8 | helm.sh/chart: {{ include "haproxy.chart" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/managed-by: {{ .Release.Service }} 11 | data: 12 | haproxy.cfg: | 13 | global 14 | log stdout format raw local0 15 | maxconn 2048 16 | tune.bufsize 400000 17 | tune.ssl.default-dh-param 2048 18 | 19 | defaults 20 | log global 21 | option dontlognull 22 | timeout connect 5s 23 | timeout client 10s 24 | timeout server 10s 25 | timeout check 15s 26 | timeout check 15s 27 | 28 | {{- include "haproxy.metricsConfig" . | nindent 4 }} 29 | 30 | frontend frontend 31 | bind *:{{ .Values.haproxy.frontendPort }} 32 | mode tcp 33 | option tcplog 34 | default_backend backend 35 | 36 | backend backend 37 | server ldap {{ .Values.haproxy.ldapTls.backend }} ssl verify required ca-file {{ .Values.haproxy.ldapTls.certificatePath }} 38 | {{- end }} 39 | -------------------------------------------------------------------------------- /appuio/haproxy/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "haproxy.fullname" . -}} 3 | {{- $ingressPaths := .Values.ingress.paths -}} 4 | apiVersion: extensions/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | app.kubernetes.io/name: {{ include "haproxy.name" . }} 10 | helm.sh/chart: {{ include "haproxy.chart" . }} 11 | app.kubernetes.io/instance: {{ .Release.Name }} 12 | app.kubernetes.io/managed-by: {{ .Release.Service }} 13 | {{- with .Values.ingress.annotations }} 14 | annotations: 15 | {{- toYaml . | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | {{- if .Values.ingress.tls }} 19 | tls: 20 | {{- range .Values.ingress.tls }} 21 | - hosts: 22 | {{- range .hosts }} 23 | - {{ . | quote }} 24 | {{- end }} 25 | secretName: {{ .secretName }} 26 | {{- end }} 27 | {{- end }} 28 | rules: 29 | {{- range .Values.ingress.hosts }} 30 | - host: {{ . | quote }} 31 | http: 32 | paths: 33 | {{- range $ingressPaths }} 34 | - path: {{ . }} 35 | backend: 36 | serviceName: {{ $fullName }} 37 | servicePort: {{ .Values.haproxy.frontendPort }} 38 | {{- end }} 39 | {{- end }} 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /appuio/haproxy/templates/metrics-backend-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if (or .Values.haproxy.redisk8s.metrics.enabled .Values.haproxy.galerak8s.metrics.enabled .Values.haproxy.galera.metrics.enabled) }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "haproxy.fullname" . }}-metrics-backend 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | app.kubernetes.io/name: {{ include "haproxy.name" . }}-metrics 9 | helm.sh/chart: {{ include "haproxy.chart" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/managed-by: {{ .Release.Service }} 12 | app.kubernetes.io/component: "metrics-backend" 13 | spec: 14 | type: ClusterIP 15 | ports: 16 | - name: metrics 17 | port: 9090 18 | targetPort: metrics-backend 19 | selector: 20 | app.kubernetes.io/name: {{ include "haproxy.name" . }} 21 | app.kubernetes.io/instance: {{ .Release.Name }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /appuio/haproxy/templates/metrics-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "haproxy.fullname" . }}-metrics 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | app.kubernetes.io/name: {{ include "haproxy.name" . }} 9 | helm.sh/chart: {{ include "haproxy.chart" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/managed-by: {{ .Release.Service }} 12 | app.kubernetes.io/component: "metrics" 13 | {{- if .Values.metrics.service.labels -}} 14 | {{- toYaml .Values.metrics.service.labels | nindent 4 }} 15 | {{- end -}} 16 | {{- if .Values.metrics.service.annotations }} 17 | annotations: {{- toYaml .Values.metrics.service.annotations | nindent 4 }} 18 | {{- end }} 19 | spec: 20 | type: {{ .Values.metrics.service.type }} 21 | {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} 22 | loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} 23 | {{- end }} 24 | ports: 25 | - name: metrics 26 | port: 9000 27 | targetPort: metrics 28 | selector: 29 | app.kubernetes.io/name: {{ include "haproxy.name" . }} 30 | app.kubernetes.io/instance: {{ .Release.Name }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /appuio/haproxy/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | 2 | {{- if .Values.podDisruptionBudget.create }} 3 | apiVersion: policy/v1 4 | kind: PodDisruptionBudget 5 | metadata: 6 | name: {{ include "haproxy.fullname" . }} 7 | labels: 8 | app.kubernetes.io/name: {{ include "haproxy.name" . }} 9 | helm.sh/chart: {{ include "haproxy.chart" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/managed-by: {{ .Release.Service }} 12 | spec: 13 | {{- if .Values.podDisruptionBudget.minAvailable }} 14 | minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} 15 | {{- end }} 16 | {{- if .Values.podDisruptionBudget.maxUnavailable }} 17 | maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} 18 | {{- end }} 19 | selector: 20 | matchLabels: 21 | app.kubernetes.io/name: {{ template "haproxy.name" . }} 22 | app.kubernetes.io/instance: {{ .Release.Name }} 23 | {{- end }} -------------------------------------------------------------------------------- /appuio/haproxy/templates/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PrometheusRule 4 | metadata: 5 | name: {{ template "haproxy.fullname" . }} 6 | {{- if .Values.metrics.prometheusRule.namespace }} 7 | namespace: {{ .Values.metrics.prometheusRule.namespace }} 8 | {{- else }} 9 | namespace: {{ .Release.Namespace | quote }} 10 | {{- end }} 11 | labels: 12 | app.kubernetes.io/name: {{ include "haproxy.name" . }} 13 | helm.sh/chart: {{ include "haproxy.chart" . }} 14 | app.kubernetes.io/instance: {{ .Release.Name }} 15 | app.kubernetes.io/managed-by: {{ .Release.Service }} 16 | {{- with .Values.metrics.prometheusRule.additionalLabels }} 17 | {{- toYaml . | nindent 4 }} 18 | {{- end }} 19 | spec: 20 | {{- with .Values.metrics.prometheusRule.rules }} 21 | groups: 22 | - name: {{ template "haproxy.name" $ }} 23 | rules: {{- tpl (toYaml .) $ | nindent 8 }} 24 | {{- end }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /appuio/haproxy/templates/secret-check-auth-redisk8s.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (eq .Values.haproxy.config "redisk8s") .Values.haproxy.redisk8s.check.enabled }} 2 | {{- if (empty .Values.haproxy.check.existingSecret.name) }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ include "haproxy.fullname" . }}-check-auth 7 | namespace: {{ .Release.Namespace | quote }} 8 | labels: 9 | app.kubernetes.io/name: {{ include "haproxy.name" . }} 10 | helm.sh/chart: {{ include "haproxy.chart" . }} 11 | app.kubernetes.io/instance: {{ .Release.Name }} 12 | app.kubernetes.io/managed-by: {{ .Release.Service }} 13 | type: Opaque 14 | data: 15 | {{- if not (empty .Values.haproxy.redisk8s.check.redis.auth ) }} 16 | auth-credentials: {{ .Values.haproxy.redisk8s.check.redis.auth | b64enc | quote }} 17 | {{- end }} 18 | {{- end }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /appuio/haproxy/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "haproxy.fullname" . }} 5 | labels: 6 | app.kubernetes.io/name: {{ include "haproxy.name" . }} 7 | helm.sh/chart: {{ include "haproxy.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.port }} 14 | targetPort: {{ .Values.haproxy.frontendPort }} 15 | protocol: TCP 16 | name: frontend 17 | {{- if and (or .Values.haproxy.redisk8s.metrics.exposeLoadbalancer .Values.haproxy.galerak8s.metrics.exposeLoadbalancer .Values.haproxy.galera.metrics.exposeLoadbalancer) (or .Values.haproxy.redisk8s.metrics.enabled .Values.haproxy.galerak8s.metrics.enabled .Values.haproxy.galera.metrics.enabled) }} 18 | - port: 9090 19 | targetPort: metrics-backend 20 | protocol: TCP 21 | name: metrics-backend 22 | {{- end }} 23 | {{- if .Values.service.additionalPorts }} 24 | {{ toYaml .Values.service.additionalPorts | indent 4 }} 25 | {{- end }} 26 | selector: 27 | app.kubernetes.io/name: {{ include "haproxy.name" . }} 28 | app.kubernetes.io/instance: {{ .Release.Name }} 29 | 30 | -------------------------------------------------------------------------------- /appuio/haproxy/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | {{- if and (.Values.metrics.enabled) (.Values.metrics.serviceMonitor.enabled) }} 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | name: {{ include "haproxy.fullname" . }} 7 | {{- if .Values.metrics.serviceMonitor.namespace }} 8 | namespace: {{ .Values.metrics.serviceMonitor.namespace }} 9 | {{- else }} 10 | namespace: {{ .Release.Namespace | quote }} 11 | {{- end }} 12 | labels: 13 | app.kubernetes.io/name: {{ include "haproxy.name" . }} 14 | helm.sh/chart: {{ include "haproxy.chart" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | app.kubernetes.io/managed-by: {{ .Release.Service }} 17 | {{- range $key, $value := .Values.metrics.serviceMonitor.selector }} 18 | {{ $key }}: {{ $value | quote }} 19 | {{- end }} 20 | spec: 21 | endpoints: 22 | - port: metrics 23 | {{- if .Values.metrics.serviceMonitor.interval }} 24 | interval: {{ .Values.metrics.serviceMonitor.interval }} 25 | {{- end }} 26 | {{- if .Values.metrics.serviceMonitor.relabelings }} 27 | relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }} 28 | {{- end }} 29 | {{- if .Values.metrics.serviceMonitor.metricRelabelings }} 30 | metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} 31 | {{- end }} 32 | selector: 33 | matchLabels: 34 | app.kubernetes.io/name: {{ template "haproxy.name" . }} 35 | app.kubernetes.io/instance: {{ .Release.Name }} 36 | namespaceSelector: 37 | matchNames: 38 | - {{ .Release.Namespace }} 39 | {{- end -}} 40 | -------------------------------------------------------------------------------- /appuio/haproxy/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "haproxy.fullname" . }}-test-connection" 5 | labels: 6 | app.kubernetes.io/name: {{ include "haproxy.name" . }} 7 | helm.sh/chart: {{ include "haproxy.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | annotations: 11 | "helm.sh/hook": test-success 12 | spec: 13 | containers: 14 | - name: wget 15 | image: busybox 16 | command: ['wget'] 17 | args: ['{{ include "haproxy.fullname" . }}:{{ .Values.service.port }}'] 18 | restartPolicy: Never 19 | -------------------------------------------------------------------------------- /appuio/k8up/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | 23 | *kustomize*/ 24 | Makefile 25 | *gotmpl* 26 | test/ 27 | -------------------------------------------------------------------------------- /appuio/k8up/old.Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: Kubernetes and OpenShift Backup Operator based on restic 3 | name: k8up 4 | home: https://k8up.io/ 5 | keywords: 6 | - backup 7 | - operator 8 | - restic 9 | version: 2.0.5 10 | appVersion: v2.3.2 11 | sources: 12 | - https://github.com/k8up-io/k8up 13 | maintainers: 14 | - name: APPUiO Team 15 | email: info@appuio.ch 16 | -------------------------------------------------------------------------------- /appuio/k8up/rbac-kustomize/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - github.com/k8up-io/k8up/config/rbac?ref=v2.3.2 3 | 4 | namePrefix: PREFIX- 5 | namespace: "{{ .Release.Namespace }}" 6 | 7 | commonLabels: 8 | replace: LABELS 9 | -------------------------------------------------------------------------------- /appuio/k8up/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | ##################### 2 | ! Attention ! 3 | ##################### 4 | 5 | This Helm chart does not include CRDs. 6 | Please make sure you have installed or upgraded the necessary CRDs as instructed in the Chart README. 7 | 8 | ##################### 9 | -------------------------------------------------------------------------------- /appuio/k8up/templates/prometheus/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.serviceMonitor.enabled -}} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ include "k8up.fullname" . }}-monitor 6 | namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace }} 7 | labels: 8 | {{- include "k8up.labels" . | nindent 4 }} 9 | {{- with .Values.metrics.serviceMonitor.additionalLabels }} 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | endpoints: 14 | - port: http 15 | interval: {{ .Values.metrics.serviceMonitor.scrapeInterval }} 16 | selector: 17 | matchLabels: 18 | {{- include "k8up.selectorLabels" . | nindent 6 }} 19 | {{- if .Values.metrics.serviceMonitor.namespace }} 20 | namespaceSelector: 21 | matchNames: 22 | - {{ .Release.Namespace }} 23 | {{- end }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /appuio/k8up/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "k8up.fullname" . }}-metrics 5 | labels: 6 | {{ include "k8up.labels" . | indent 4 }} 7 | spec: 8 | type: {{ .Values.metrics.service.type }} 9 | ports: 10 | - name: http 11 | port: {{ .Values.metrics.service.port }} 12 | targetPort: http 13 | {{- if eq .Values.metrics.service.type "NodePort" }} 14 | nodePort: {{ .Values.metrics.service.nodePort }} 15 | {{- end }} 16 | selector: 17 | {{- include "k8up.selectorLabels" . | nindent 4 }} 18 | -------------------------------------------------------------------------------- /appuio/k8up/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "k8up.serviceAccountName" . }} 6 | labels: 7 | {{ include "k8up.labels" . | indent 4 }} 8 | {{- end -}} 9 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | 23 | hack/ 24 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: common 3 | repository: https://raw.githubusercontent.com/bitnami/charts/defb094c658024e4aa8245622dab202874880cbc/bitnami/ 4 | version: 1.15.1 5 | digest: sha256:76450f70ef67b89d955bfb644f899d17edbcec9ad0208d686bc4cd11f006d7ae 6 | generated: "2022-06-10T00:59:32.675836+02:00" 7 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/Chart.yaml: -------------------------------------------------------------------------------- 1 | annotations: 2 | category: Database 3 | apiVersion: v2 4 | appVersion: 10.5.12 5 | dependencies: 6 | - name: common 7 | # Pinned to index.yaml before upstream cleanup (see: https://github.com/bitnami/charts/pull/10530) 8 | repository: https://raw.githubusercontent.com/bitnami/charts/defb094c658024e4aa8245622dab202874880cbc/bitnami/ 9 | tags: 10 | - bitnami-common 11 | version: 1.x.x 12 | description: MariaDB Galera is a multi-master database cluster solution for synchronous replication and high availability. 13 | engine: gotpl 14 | home: https://github.com/appuio/charts/tree/master/appuio/mariadb-galera 15 | icon: https://raw.githubusercontent.com/appuio/charts/master/appuio/mariadb-galera/icon.png 16 | keywords: 17 | - mariadb 18 | - mysql 19 | - database 20 | - sql 21 | - prometheus 22 | - galera 23 | maintainers: 24 | - name: APPUiO Team 25 | email: info@appuio.ch 26 | name: mariadb-galera 27 | sources: 28 | - https://github.com/bitnami/bitnami-docker-mariadb-galera 29 | - https://github.com/prometheus/mysqld_exporter 30 | - https://mariadb.org 31 | version: 1.2.6 32 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/README.gotmpl.md: -------------------------------------------------------------------------------- 1 | 6 | 7 | {{ template "chart.valuesSection" . }} 8 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/ci/values-production-with-rbac.yaml: -------------------------------------------------------------------------------- 1 | # Test values file for generating all of the yaml and check that 2 | # the rendering is correct 3 | 4 | usePasswordFiles: true 5 | 6 | metrics: 7 | enabled: true 8 | 9 | podDisruptionBudget: 10 | create: true 11 | 12 | extraEnvVars: |- 13 | - name: TEST 14 | value: {{ include "common.names.fullname" . | quote }} 15 | 16 | extraEnvVarsSecret: example-secret 17 | extraEnvVarsCM: example-cm 18 | 19 | rbac: 20 | create: true 21 | 22 | serviceAccount: 23 | create: true 24 | name: mariadb-galera-service-account 25 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/files/docker-entrypoint-initdb.d/README.md: -------------------------------------------------------------------------------- 1 | You can copy here your custom .sh, .sql or .sql.gz file so they are executed during the first boot of the image. 2 | 3 | More info in the [bitnami-docker-mariadb-galera](https://github.com/bitnami/bitnami-docker-mariadb-galera#initializing-a-new-instance) repository. 4 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/hack/failover-testing/Readme.md: -------------------------------------------------------------------------------- 1 | # MariaDB Galera Failover Experiments 2 | 3 | Scripts and random notes for galera failover experiments. 4 | 5 | ## Files 6 | 7 | - `client.sh (ip)` Start a mysql client shell to the cluster. 8 | - `monitor.sh` Reports status changes for all nodes in a cluster. 9 | - `values.yaml` Helm values for a simple galera cluster. 10 | - `fill.sql` Adds a table with 100'000'000 (one hundred million) rows. 11 | - `deny-traffic-to-node.sh (remove) node_id` Deny network traffic to a single node. 12 | 13 | ## Resources 14 | 15 | - https://mariadb.com/kb/en/what-is-mariadb-galera-cluster/ 16 | - https://github.com/bitnami/charts/pull/6769 Optimize mariadb galera cluster split-brain detection 17 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/hack/failover-testing/client.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eu 3 | 4 | kubectl run mariadb-client \ 5 | --rm --tty -i --restart='Never' \ 6 | --namespace default \ 7 | --labels="role=client" \ 8 | --image docker.io/bitnami/mariadb-galera:10.5.12-debian-10-r1 \ 9 | --command -- \ 10 | mysql -h ${1:-mariadb} -P 3306 -uroot \ 11 | -p$(kubectl get secret --namespace default mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) \ 12 | my_database \ 13 | ||: 14 | 15 | kubectl delete pod/mariadb-client ||: 16 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/hack/failover-testing/deny-traffic-to-node.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eu 3 | 4 | action=apply 5 | 6 | if [[ $# -eq 0 ]] ; then 7 | echo 'Usage: $0 (remove) NODE_ID' 8 | exit 3 9 | fi 10 | 11 | if [[ $# -eq 2 && "$1" == "remove" ]] ; then 12 | action=delete 13 | shift 14 | fi 15 | 16 | kubectl $action -f- <<- YAML 17 | apiVersion: networking.k8s.io/v1 18 | kind: NetworkPolicy 19 | metadata: 20 | name: deny-mariadb-traffic-node-$1 21 | spec: 22 | podSelector: 23 | matchLabels: 24 | app.kubernetes.io/name: mariadb-galera 25 | statefulset.kubernetes.io/pod-name: mariadb-$1 26 | # Exception for test-client 27 | ingress: 28 | - from: 29 | - podSelector: 30 | matchLabels: 31 | role: client 32 | egress: 33 | - to: 34 | - podSelector: 35 | matchLabels: 36 | role: client 37 | 38 | policyTypes: 39 | - Ingress 40 | - Egress 41 | YAML 42 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/hack/failover-testing/fill.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE if not exists rand_numbers(number INT); 2 | 3 | insert into rand_numbers ( number ) select rand() from ( 4 | select 0 as i 5 | union select 1 union select 2 union select 3 6 | union select 4 union select 5 union select 6 7 | union select 7 union select 8 union select 9 8 | ) as t1, ( 9 | select 0 as i 10 | union select 1 union select 2 union select 3 11 | union select 4 union select 5 union select 6 12 | union select 7 union select 8 union select 9 13 | ) as t2, ( 14 | select 0 as i 15 | union select 1 union select 2 union select 3 16 | union select 4 union select 5 union select 6 17 | union select 7 union select 8 union select 9 18 | ) as t3, ( 19 | select 0 as i 20 | union select 1 union select 2 union select 3 21 | union select 4 union select 5 union select 6 22 | union select 7 union select 8 union select 9 23 | ) as t4, ( 24 | select 0 as i 25 | union select 1 union select 2 union select 3 26 | union select 4 union select 5 union select 6 27 | union select 7 union select 8 union select 9 28 | ) as t5, ( 29 | select 0 as i 30 | union select 1 union select 2 union select 3 31 | union select 4 union select 5 union select 6 32 | union select 7 union select 8 union select 9 33 | ) as t6, ( 34 | select 0 as i 35 | union select 1 union select 2 union select 3 36 | union select 4 union select 5 union select 6 37 | union select 7 union select 8 union select 9 38 | ) as t7, ( 39 | select 0 as i 40 | union select 1 union select 2 union select 3 41 | union select 4 union select 5 union select 6 42 | union select 7 union select 8 union select 9 43 | ) as t8; 44 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/hack/failover-testing/monitor.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo Monitoring nodes 4 | 5 | declare -A last_state=() 6 | 7 | while : 8 | do 9 | for i in {0..2} 10 | do 11 | node=mariadb-$i 12 | response=$( 13 | # kubectl exec ${node} -- sh -c 'mysqladmin status -u"${MARIADB_ROOT_USER}" -p"${MARIADB_ROOT_PASSWORD}"' 2>&1 14 | (kubectl exec ${node} -- sh -c 'mysql -Nb -u"${MARIADB_ROOT_USER}" -p"${MARIADB_ROOT_PASSWORD}" -e "select node_name from mysql.wsrep_cluster_members;"' | tr '\n' ',') 2>&1 15 | ) 16 | if [ "$response" != "${last_state[$node]}" ] 17 | then 18 | echo "### $(date +%R:%S): Node $node state changed" 19 | echo "'${last_state[$node]}' -> '$response'" 20 | last_state[$node]=$response 21 | fi 22 | done 23 | done 24 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/hack/failover-testing/values.yaml: -------------------------------------------------------------------------------- 1 | fullnameOverride: mariadb 2 | extraEnvVars: 3 | - name: MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP 4 | value: "no" 5 | startupProbe: 6 | enabled: true 7 | # Allow up to 20 minutes for DB to initialize 8 | failureThreshold: 108 9 | initialDelaySeconds: 10 10 | livenessProbe: 11 | initialDelaySeconds: 10 12 | metrics: 13 | enabled: false 14 | extraFlags: 15 | - --exporter.log_slow_filter 16 | - --collect.engine_innodb_status 17 | serviceMonitor: 18 | enabled: true 19 | interval: 10s 20 | scrapeTimeout: 3s 21 | relabelings: 22 | - sourceLabels: [__address__] 23 | targetLabel: service_level 24 | replacement: standard 25 | persistence: 26 | enabled: true 27 | podDisruptionBudget: 28 | create: true 29 | minAvailable: "" 30 | maxUnavailable: 1 31 | rootUser: 32 | forcePassword: true 33 | password: "G076VpoTDOOFLnEQ0ns" 34 | galera: 35 | mariabackup: 36 | password: "G076VpoTDOOFLnEQ0ns" 37 | forcePassword: true 38 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appuio/charts/114d2de27c063ac82ed46f633e5edac6972925ab/appuio/mariadb-galera/icon.png -------------------------------------------------------------------------------- /appuio/mariadb-galera/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{ if and (or (.Files.Glob "files/my.cnf") .Values.mariadbConfiguration) (not .Values.configurationConfigMap) }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ printf "%s-configuration" (include "common.names.fullname" .) }} 6 | labels: {{- include "common.labels.standard" . | nindent 4 }} 7 | data: 8 | {{- if (.Files.Glob "files/my.cnf") }} 9 | {{ (.Files.Glob "files/my.cnf").AsConfig | indent 2 }} 10 | {{- else if .Values.mariadbConfiguration }} 11 | my.cnf: | 12 | {{ .Values.mariadbConfiguration | indent 4 }} 13 | {{- end }} 14 | {{ end }} 15 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/templates/extra-list.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.extraDeploy }} 2 | --- 3 | {{ include "common.tplvalues.render" (dict "value" . "context" $) }} 4 | {{- end }} 5 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/templates/headless-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ printf "%s-headless" (include "common.names.fullname" .) }} 5 | labels: {{- include "common.labels.standard" . | nindent 4 }} 6 | {{- if .Values.service.headless.annotations }} 7 | annotations: {{- include "common.tplvalues.render" (dict "value" .Values.service.headless.annotations "context" $) | nindent 4 }} 8 | {{- end }} 9 | spec: 10 | type: ClusterIP 11 | clusterIP: None 12 | ports: 13 | - name: galera 14 | port: 4567 15 | targetPort: galera 16 | - name: ist 17 | port: 4568 18 | targetPort: ist 19 | - name: sst 20 | port: 4444 21 | targetPort: sst 22 | selector: {{- include "common.labels.matchLabels" . | nindent 4 }} 23 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/templates/initialization-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ printf "%s-init-scripts" (include "common.names.fullname" .) }} 6 | labels: {{- include "common.labels.standard" . | nindent 4 }} 7 | {{- if and (.Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz") (not .Values.initdbScriptsConfigMap) }} 8 | binaryData: 9 | {{- $root := . }} 10 | {{- range $path, $bytes := .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} 11 | {{ base $path }}: {{ $root.Files.Get $path | b64enc | quote }} 12 | {{- end }} 13 | {{- end }} 14 | data: 15 | {{- if and (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}") (not .Values.initdbScriptsConfigMap) }} 16 | {{ (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}").AsConfig | indent 2 }} 17 | {{- end }} 18 | {{- with .Values.initdbScripts }} 19 | {{ toYaml . | indent 2 }} 20 | {{- end }} 21 | {{ end }} 22 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/templates/metrics-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} 6 | labels: {{- include "common.labels.standard" . | nindent 4 }} 7 | {{- if .Values.metrics.service.annotations }} 8 | annotations: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} 9 | {{- end }} 10 | spec: 11 | type: {{ .Values.metrics.service.type }} 12 | ports: 13 | - name: metrics 14 | port: {{ .Values.metrics.service.port }} 15 | targetPort: metrics 16 | selector: {{- include "common.labels.matchLabels" . | nindent 4 }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podDisruptionBudget.create }} 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ template "common.names.fullname" . }} 6 | labels: {{- include "common.labels.standard" . | nindent 4 }} 7 | spec: 8 | {{- if .Values.podDisruptionBudget.minAvailable }} 9 | minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} 10 | {{- end }} 11 | {{- if .Values.podDisruptionBudget.maxUnavailable }} 12 | maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} 13 | {{- end }} 14 | selector: 15 | matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/templates/prometheusrules.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.metrics.enabled .Values.metrics.prometheusRules.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PrometheusRule 4 | metadata: 5 | name: {{ template "common.names.fullname" . }} 6 | labels: {{- include "common.labels.standard" . | nindent 4 }} 7 | {{- toYaml .Values.metrics.prometheusRules.selector | nindent 4 }} 8 | spec: 9 | groups: 10 | - name: {{ include "common.names.fullname" . }} 11 | rules: 12 | {{- toYaml .Values.metrics.prometheusRules.rules | nindent 6 }} 13 | {{- end }} 14 | 15 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/templates/recreate-script.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.forceUpdate }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ printf "%s-sts-deleter" (include "common.names.fullname" .) }} 6 | annotations: 7 | "helm.sh/hook": pre-upgrade 8 | "helm.sh/hook-weight": "-6" 9 | labels: {{- include "common.labels.standard" . | nindent 4 }} 10 | data: 11 | delete.sh: | 12 | #!/bin/bash 13 | 14 | set -eo pipefail 15 | 16 | name="{{ printf "%s" (include "common.names.fullname" .) }}" 17 | namespace="{{ .Release.Namespace }}" 18 | 19 | # Check if delete is necessary 20 | found=$(kubectl -n "$namespace" get sts "$name" -o json --ignore-not-found) 21 | 22 | size="{{ .Values.persistence.size }}" 23 | foundsize=$(echo -En "$found" | jq -r '.spec.volumeClaimTemplates[] | select(.metadata.name=="data") | .spec.resources.requests.storage') 24 | 25 | if [[ $foundsize != "$size" ]]; then 26 | kubectl -n "$namespace" delete sts "$name" --cascade=orphan --ignore-not-found --wait=true 27 | # There is a consistency issue. It seems that it is not guaranteed that the helm controller sees the deletion before noticing the job completion. 28 | # It is generally hard to find clear consistency guarantees of the Kubernetes API server. 29 | # My hope is that an additional read forces the delete to be committed. 30 | while kubectl -n "$namespace" get sts "$name" > /dev/null 2>&1; do sleep 1; done 31 | sleep 2 # Let's wait a bit to reduce the race condition likelihood if I'm wrong. 32 | fi 33 | {{- end }} 34 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceAccount.create .Values.rbac.create }} 2 | apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} 3 | kind: Role 4 | metadata: 5 | name: {{ template "common.names.fullname" . }} 6 | labels: {{- include "common.labels.standard" . | nindent 4 }} 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - endpoints 12 | verbs: 13 | - get 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceAccount.create .Values.rbac.create }} 2 | kind: RoleBinding 3 | apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} 4 | metadata: 5 | name: {{ template "common.names.fullname" . }} 6 | labels: {{- include "common.labels.standard" . | nindent 4 }} 7 | subjects: 8 | - kind: ServiceAccount 9 | name: {{ template "mariadb-galera.serviceAccountName" . }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: Role 13 | name: {{ template "common.names.fullname" . }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if (include "mariadb-galera.createSecret" .) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "common.names.fullname" . }} 6 | labels: {{- include "common.labels.standard" . | nindent 4 }} 7 | type: Opaque 8 | data: 9 | mariadb-root-password: {{ default (randAlphaNum 10) .Values.rootUser.password | b64enc | quote }} 10 | mariadb-password: {{ default (randAlphaNum 10) .Values.db.password | b64enc | quote }} 11 | mariadb-galera-mariabackup-password: {{ default (randAlphaNum 10) .Values.galera.mariabackup.password | b64enc | quote }} 12 | {{- if and .Values.ldap.enabled .Values.ldap.bindpw }} 13 | ldap-bindpw: {{ .Values.ldap.bindpw | b64enc | quote }} 14 | {{- end }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "mariadb-galera.serviceAccountName" . }} 6 | labels: {{- include "common.labels.standard" . | nindent 4 }} 7 | {{- end }} 8 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ template "common.names.fullname" . }} 6 | {{- if .Values.metrics.serviceMonitor.namespace }} 7 | namespace: {{ .Values.metrics.serviceMonitor.namespace }} 8 | {{- end }} 9 | labels: {{- include "common.labels.standard" . | nindent 4 }} 10 | {{- range $key, $value := .Values.metrics.serviceMonitor.selector }} 11 | {{ $key }}: {{ $value | quote }} 12 | {{- end }} 13 | spec: 14 | selector: 15 | matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} 16 | endpoints: 17 | - port: metrics 18 | {{- if .Values.metrics.serviceMonitor.interval }} 19 | interval: {{ .Values.metrics.serviceMonitor.interval }} 20 | {{- end }} 21 | {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} 22 | scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} 23 | {{- end }} 24 | {{- if .Values.metrics.serviceMonitor.relabelings }} 25 | relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} 26 | {{- end }} 27 | {{- if .Values.metrics.serviceMonitor.metricRelabelings }} 28 | metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} 29 | {{- end }} 30 | namespaceSelector: 31 | matchNames: 32 | - {{ .Release.Namespace }} 33 | {{- end }} 34 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/templates/svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "common.names.fullname" . }} 5 | labels: {{- include "common.labels.standard" . | nindent 4 }} 6 | {{- if .Values.service.annotations }} 7 | annotations: {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} 8 | {{- end }} 9 | spec: 10 | type: {{ .Values.service.type }} 11 | {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} 12 | loadBalancerIP: {{ .Values.service.loadBalancerIP }} 13 | {{- end }} 14 | {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} 15 | loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} 16 | {{- end }} 17 | {{- if .Values.service.externalIPs }} 18 | externalIPs: {{- toYaml .Values.service.externalIPs | nindent 4 }} 19 | {{- end }} 20 | {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} 21 | clusterIP: {{ .Values.service.clusterIP }} 22 | {{- end }} 23 | ports: 24 | - name: mysql 25 | port: {{ .Values.service.port }} 26 | targetPort: mysql 27 | {{- if and .Values.service.nodePort (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) }} 28 | nodePort: {{ .Values.service.nodePort }} 29 | {{- else if eq .Values.service.type "ClusterIP" }} 30 | nodePort: null 31 | {{- end }} 32 | selector: {{- include "common.labels.matchLabels" . | nindent 4 }} 33 | -------------------------------------------------------------------------------- /appuio/mariadb-galera/templates/tls-secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if (include "mariadb-galera.createTlsSecret" . )}} 2 | {{- $ca := genCA "mariadb-galera-internal-ca" 365 }} 3 | {{- $releaseNamespace := .Release.Namespace }} 4 | {{- $clusterDomain := .Values.clusterDomain }} 5 | {{- $fullname := include "common.names.fullname" . }} 6 | {{- $serviceName := include "common.names.fullname" . }} 7 | {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} 8 | {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) $fullname }} 9 | {{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} 10 | apiVersion: v1 11 | kind: Secret 12 | metadata: 13 | name: {{ include "common.names.fullname" . }}-crt 14 | labels: {{- include "common.labels.standard" . | nindent 4 }} 15 | {{- if .Values.commonLabels }} 16 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 17 | {{- end }} 18 | {{- if .Values.commonAnnotations }} 19 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 20 | {{- end }} 21 | type: kubernetes.io/tls 22 | data: 23 | ca.crt: {{ $ca.Cert | b64enc | quote }} 24 | tls.crt: {{ $crt.Cert | b64enc | quote }} 25 | tls.key: {{ $crt.Key | b64enc | quote }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /appuio/maxscale/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /appuio/maxscale/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | name: maxscale 4 | version: 2.0.1 5 | appVersion: "6.4.8" 6 | description: MaxScale Helm Chart 7 | home: "https://mariadb.com/products/technology/maxscale" 8 | maintainers: 9 | - name: APPUiO Team 10 | email: info@appuio.ch 11 | -------------------------------------------------------------------------------- /appuio/maxscale/README.gotmpl.md: -------------------------------------------------------------------------------- 1 | 6 | 7 | {{ template "chart.valuesSection" . }} 8 | -------------------------------------------------------------------------------- /appuio/maxscale/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Maxscale has been deployed and can be accessed by using 2 | 3 | {{ include "maxscale.fullname" . }} 4 | 5 | as the MySQL hostname. 6 | -------------------------------------------------------------------------------- /appuio/maxscale/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "maxscale.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "maxscale.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "maxscale.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Get the password secret. 36 | */}} 37 | {{- define "maxscale.secretName" -}} 38 | {{- if .Values.existingSecret -}} 39 | {{- printf "%s" .Values.existingSecret -}} 40 | {{- else -}} 41 | {{- printf "%s" (include "maxscale.fullname" .) -}} 42 | {{- end -}} 43 | {{- end -}} 44 | -------------------------------------------------------------------------------- /appuio/maxscale/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.existingSecret }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "maxscale.fullname" . }} 6 | labels: 7 | app.kubernetes.io/name: {{ include "maxscale.name" . }} 8 | helm.sh/chart: {{ include "maxscale.chart" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/managed-by: {{ .Release.Service }} 11 | data: 12 | service-password: {{ .Values.servicePassword | b64enc | quote }} 13 | monitor-password: {{ .Values.monitorPassword | b64enc | quote }} 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /appuio/maxscale/templates/service-masteronly.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "maxscale.fullname" . }}-masteronly 5 | labels: 6 | app.kubernetes.io/name: {{ include "maxscale.name" . }} 7 | helm.sh/chart: {{ include "maxscale.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | spec: 11 | type: ClusterIP 12 | ports: 13 | - name: master-only 14 | port: 3306 15 | targetPort: 3306 16 | selector: 17 | app.kubernetes.io/name: {{ include "maxscale.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | -------------------------------------------------------------------------------- /appuio/maxscale/templates/service-rwsplit.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "maxscale.fullname" . }}-rwsplit 5 | labels: 6 | app.kubernetes.io/name: {{ include "maxscale.name" . }} 7 | helm.sh/chart: {{ include "maxscale.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | spec: 11 | type: ClusterIP 12 | ports: 13 | - name: rw-split 14 | port: 3306 15 | targetPort: 3307 16 | selector: 17 | app.kubernetes.io/name: {{ include "maxscale.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | -------------------------------------------------------------------------------- /appuio/metrics-server/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 0.3.7 3 | description: Metrics Server is a cluster-wide aggregator of resource usage data. 4 | type: application 5 | name: metrics-server 6 | version: 2.12.1 7 | keywords: 8 | - metrics-server 9 | home: https://github.com/kubernetes-incubator/metrics-server 10 | sources: 11 | - https://github.com/kubernetes-incubator/metrics-server 12 | maintainers: 13 | - name: APPUiO Team 14 | email: info@appuio.ch 15 | -------------------------------------------------------------------------------- /appuio/metrics-server/ci/ci-values.yaml: -------------------------------------------------------------------------------- 1 | # CI is running on GKE, which already ships metrics-server. This cause 2 | # conflicts on the apiService resource. 3 | 4 | apiService: 5 | create: false 6 | -------------------------------------------------------------------------------- /appuio/metrics-server/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | The metric server has been deployed. 2 | {{ if .Values.apiService.create }} 3 | In a few minutes you should be able to list metrics using the following 4 | command: 5 | 6 | kubectl get --raw "/apis/metrics.k8s.io/v1beta1/nodes" 7 | {{ else }} 8 | NOTE: You have disabled the API service creation for this release. The metrics 9 | API will not work with this release unless you configure the metrics API 10 | service outside of this Helm chart. 11 | {{- end -}} 12 | -------------------------------------------------------------------------------- /appuio/metrics-server/templates/aggregated-metrics-reader-cluster-role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | kind: ClusterRole 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: system:{{ template "metrics-server.name" . }}-aggregated-reader 6 | labels: 7 | app: {{ template "metrics-server.name" . }} 8 | chart: {{ template "metrics-server.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | rbac.authorization.k8s.io/aggregate-to-view: "true" 12 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 13 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 14 | rules: 15 | - apiGroups: ["metrics.k8s.io"] 16 | resources: ["pods","nodes"] 17 | verbs: ["get", "list", "watch"] 18 | {{- end -}} 19 | -------------------------------------------------------------------------------- /appuio/metrics-server/templates/auth-delegator-crb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: {{ template "metrics-server.fullname" . }}:system:auth-delegator 6 | labels: 7 | app: {{ template "metrics-server.name" . }} 8 | chart: {{ template "metrics-server.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: system:auth-delegator 15 | subjects: 16 | - kind: ServiceAccount 17 | name: {{ template "metrics-server.serviceAccountName" . }} 18 | namespace: {{ .Release.Namespace }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /appuio/metrics-server/templates/cluster-role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: system:{{ template "metrics-server.fullname" . }} 6 | labels: 7 | app: {{ template "metrics-server.name" . }} 8 | chart: {{ template "metrics-server.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | rules: 12 | - apiGroups: 13 | - "" 14 | resources: 15 | - pods 16 | - nodes 17 | - nodes/stats 18 | - namespaces 19 | verbs: 20 | - get 21 | - list 22 | - watch 23 | {{- if .Values.rbac.pspEnabled }} 24 | - apiGroups: 25 | - extensions 26 | - policy 27 | resources: 28 | - podsecuritypolicies 29 | resourceNames: 30 | - privileged-{{ template "metrics-server.fullname" . }} 31 | verbs: 32 | - use 33 | {{- end -}} 34 | {{- end -}} 35 | -------------------------------------------------------------------------------- /appuio/metrics-server/templates/metric-server-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "metrics-server.fullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "metrics-server.name" . }} 8 | chart: {{ template "metrics-server.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | {{- with .Values.service.labels -}} 12 | {{ toYaml . | nindent 4 }} 13 | {{- end }} 14 | annotations: 15 | {{- toYaml .Values.service.annotations | trim | nindent 4 }} 16 | spec: 17 | ports: 18 | - port: {{ .Values.service.port }} 19 | protocol: TCP 20 | targetPort: https 21 | selector: 22 | app: {{ template "metrics-server.name" . }} 23 | release: {{ .Release.Name }} 24 | type: {{ .Values.service.type }} 25 | 26 | -------------------------------------------------------------------------------- /appuio/metrics-server/templates/metrics-api-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.apiService.create -}} 2 | apiVersion: apiregistration.k8s.io/v1beta1 3 | kind: APIService 4 | metadata: 5 | name: v1beta1.metrics.k8s.io 6 | labels: 7 | app: {{ template "metrics-server.name" . }} 8 | chart: {{ template "metrics-server.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | spec: 12 | service: 13 | name: {{ template "metrics-server.fullname" . }} 14 | namespace: {{ .Release.Namespace }} 15 | group: metrics.k8s.io 16 | version: v1beta1 17 | insecureSkipTLSVerify: true 18 | groupPriorityMinimum: 100 19 | versionPriority: 100 20 | {{- end -}} 21 | -------------------------------------------------------------------------------- /appuio/metrics-server/templates/metrics-server-crb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: system:{{ template "metrics-server.fullname" . }} 6 | labels: 7 | app: {{ template "metrics-server.name" . }} 8 | chart: {{ template "metrics-server.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: system:{{ template "metrics-server.fullname" . }} 15 | subjects: 16 | - kind: ServiceAccount 17 | name: {{ template "metrics-server.serviceAccountName" . }} 18 | namespace: {{ .Release.Namespace }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /appuio/metrics-server/templates/metrics-server-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "metrics-server.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "metrics-server.name" . }} 9 | chart: {{ template "metrics-server.chart" . }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /appuio/metrics-server/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podDisruptionBudget.enabled -}} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | labels: 6 | app: {{ template "metrics-server.name" . }} 7 | chart: {{ template "metrics-server.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | name: {{ template "metrics-server.fullname" . }} 11 | namespace: {{ .Release.Namespace }} 12 | 13 | spec: 14 | {{- if .Values.podDisruptionBudget.minAvailable }} 15 | minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} 16 | {{- end }} 17 | {{- if .Values.podDisruptionBudget.maxUnavailable }} 18 | maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} 19 | {{- end }} 20 | selector: 21 | matchLabels: 22 | app: {{ template "metrics-server.name" . }} 23 | {{- end -}} -------------------------------------------------------------------------------- /appuio/metrics-server/templates/psp.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.pspEnabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: privileged-{{ template "metrics-server.fullname" . }} 6 | spec: 7 | allowedCapabilities: 8 | - '*' 9 | fsGroup: 10 | rule: RunAsAny 11 | privileged: true 12 | runAsUser: 13 | rule: RunAsAny 14 | seLinux: 15 | rule: RunAsAny 16 | supplementalGroups: 17 | rule: RunAsAny 18 | volumes: 19 | - '*' 20 | hostPID: true 21 | hostIPC: true 22 | hostNetwork: true 23 | hostPorts: 24 | - min: 1 25 | max: 65536 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /appuio/metrics-server/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ template "metrics-server.fullname" . }}-auth-reader 6 | namespace: kube-system 7 | labels: 8 | app: {{ template "metrics-server.name" . }} 9 | chart: {{ template "metrics-server.chart" . }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: Role 15 | name: extension-apiserver-authentication-reader 16 | subjects: 17 | - kind: ServiceAccount 18 | name: {{ template "metrics-server.serviceAccountName" . }} 19 | namespace: {{ .Release.Namespace }} 20 | {{- end -}} 21 | -------------------------------------------------------------------------------- /appuio/metrics-server/templates/tests/test-version.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: {{ template "metrics-server.fullname" . }}-test 5 | labels: 6 | app: {{ template "metrics-server.name" . }} 7 | chart: {{ template "metrics-server.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | annotations: 11 | "helm.sh/hook": test-success 12 | spec: 13 | containers: 14 | - name: wget 15 | image: "{{ .Values.testImage.repository }}:{{ .Values.testImage.tag }}" 16 | imagePullPolicy: {{ .Values.testImage.pullPolicy }} 17 | command: ['/bin/sh'] 18 | args: 19 | - -c 20 | - 'wget -qO- https://{{ include "metrics-server.fullname" . }}:{{ .Values.service.port }}/version | grep -F {{ .Values.image.tag }}' 21 | {{- if .Values.imagePullSecrets }} 22 | imagePullSecrets: 23 | {{- range .Values.imagePullSecrets }} 24 | - name: {{ . }} 25 | {{- end }} 26 | {{- end }} 27 | restartPolicy: Never 28 | -------------------------------------------------------------------------------- /appuio/openshift-oauth-proxy/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /appuio/openshift-oauth-proxy/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: OpenShift oauth-proxy 3 | name: openshift-oauth-proxy 4 | version: 0.2.3 5 | appVersion: 1.1.0 6 | maintainers: 7 | - name: APPUiO Team 8 | email: info@appuio.ch 9 | -------------------------------------------------------------------------------- /appuio/openshift-oauth-proxy/README.gotmpl.md: -------------------------------------------------------------------------------- 1 | 6 | 7 | {{ template "chart.valuesSection" . }} 8 | -------------------------------------------------------------------------------- /appuio/openshift-oauth-proxy/README.md: -------------------------------------------------------------------------------- 1 | # openshift-oauth-proxy 2 | 3 | ![Version: 0.2.3](https://img.shields.io/badge/Version-0.2.3-informational?style=flat-square) ![AppVersion: 1.1.0](https://img.shields.io/badge/AppVersion-1.1.0-informational?style=flat-square) 4 | 5 | OpenShift oauth-proxy 6 | 7 | ## Installation 8 | 9 | ```bash 10 | helm repo add appuio https://charts.appuio.ch 11 | helm install openshift-oauth-proxy appuio/openshift-oauth-proxy 12 | ``` 13 | 18 | 19 | ## Values 20 | 21 | | Key | Type | Default | Description | 22 | |-----|------|---------|-------------| 23 | | extraArgs | string | `nil` | Extra arguments to pass to the oauth-proxy | 24 | | image.pullPolicy | string | `"IfNotPresent"` | | 25 | | image.repository | string | `"docker.io/openshift/oauth-proxy"` | | 26 | | image.tag | string | `"v1.1.0"` | | 27 | | proxy.openshiftSar | string | `"{\"resource\": \"namespaces\", \"verb\": \"get\"}"` | OpenShift Subject Access Review | 28 | | proxy.upstream | string | `"http://localhost:9090"` | Upstream url | 29 | | resources.limits.cpu | string | `"200m"` | | 30 | | resources.limits.memory | string | `"128Mi"` | | 31 | | resources.requests.cpu | string | `"50m"` | | 32 | | resources.requests.memory | string | `"32Mi"` | | 33 | | route.annotations | object | `{"kubernetes.io/tls-acme":"true"}` | Add annotations to route | 34 | | route.host | string | `""` | Define route host | 35 | | route.tls | bool | `true` | Enable tls for the route | 36 | 37 | 40 | [resource-units]: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes 41 | [prometheus-operator]: https://github.com/coreos/prometheus-operator 42 | -------------------------------------------------------------------------------- /appuio/openshift-oauth-proxy/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "openshift-oauth-proxy.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "openshift-oauth-proxy.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "openshift-oauth-proxy.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /appuio/openshift-oauth-proxy/templates/route.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | kind: Route 3 | metadata: 4 | {{ if .Values.route.annotations }} 5 | annotations: 6 | {{ toYaml .Values.route.annotations | indent 4 }} 7 | {{ end }} 8 | labels: 9 | app: {{ template "openshift-oauth-proxy.name" $ }} 10 | chart: {{ template "openshift-oauth-proxy.chart" $ }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | name: {{ template "openshift-oauth-proxy.fullname" $ }} 14 | spec: 15 | {{ if .Values.route.host }} 16 | host: {{ .Values.route.host }} 17 | {{ end }} 18 | port: 19 | targetPort: http 20 | to: 21 | kind: Service 22 | name: {{ template "openshift-oauth-proxy.fullname" $ }} 23 | weight: 100 24 | wildcardPolicy: None 25 | {{ if .Values.route.tls }} 26 | tls: 27 | insecureEdgeTerminationPolicy: Redirect 28 | termination: edge 29 | {{ end }} 30 | -------------------------------------------------------------------------------- /appuio/openshift-oauth-proxy/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | labels: 5 | app: {{ template "openshift-oauth-proxy.name" $ }} 6 | chart: {{ template "openshift-oauth-proxy.chart" $ }} 7 | release: {{ .Release.Name }} 8 | heritage: {{ .Release.Service }} 9 | name: {{ template "openshift-oauth-proxy.fullname" $ }} 10 | type: Opaque 11 | data: 12 | cookie-secret: {{ randAlphaNum 32 | b64enc | quote }} 13 | -------------------------------------------------------------------------------- /appuio/openshift-oauth-proxy/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "openshift-oauth-proxy.fullname" $ }} 5 | labels: 6 | app: {{ template "openshift-oauth-proxy.name" $ }} 7 | chart: {{ template "openshift-oauth-proxy.chart" $ }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | spec: 11 | ports: 12 | - name: http 13 | port: 8080 14 | protocol: TCP 15 | targetPort: http 16 | selector: 17 | app: {{ template "openshift-oauth-proxy.name" $ }} 18 | chart: {{ template "openshift-oauth-proxy.chart" $ }} 19 | release: {{ .Release.Name }} 20 | heritage: {{ .Release.Service }} 21 | type: ClusterIP 22 | -------------------------------------------------------------------------------- /appuio/openshift-oauth-proxy/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: {{ template "openshift-oauth-proxy.fullname" $ }} 5 | annotations: 6 | serviceaccounts.openshift.io/oauth-redirectreference.alertmanager-main: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"{{ template "openshift-oauth-proxy.fullname" $ }}"}}' 7 | -------------------------------------------------------------------------------- /appuio/openshift-oauth-proxy/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | image: 3 | repository: docker.io/openshift/oauth-proxy 4 | tag: v1.1.0 5 | pullPolicy: IfNotPresent 6 | 7 | # -- Extra arguments to pass to the oauth-proxy 8 | extraArgs: 9 | # - name: openshift-delegate-urls 10 | # value: '{"/": {"resource": "namespaces", "verb": "get"}}' 11 | 12 | proxy: 13 | # -- Upstream url 14 | upstream: http://localhost:9090 15 | # -- OpenShift Subject Access Review 16 | openshiftSar: '{"resource": "namespaces", "verb": "get"}' 17 | 18 | route: 19 | # -- Add annotations to route 20 | annotations: 21 | kubernetes.io/tls-acme: "true" 22 | # -- Enable tls for the route 23 | tls: true 24 | # -- Define route host 25 | host: "" 26 | 27 | resources: 28 | requests: 29 | memory: "32Mi" 30 | cpu: "50m" 31 | limits: 32 | memory: "128Mi" 33 | cpu: "200m" 34 | -------------------------------------------------------------------------------- /appuio/openshift-route/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /appuio/openshift-route/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "v1" 3 | description: A Helm chart for OpenShift that simply creates a Route object 4 | name: openshift-route 5 | version: 1.1.4 6 | -------------------------------------------------------------------------------- /appuio/openshift-route/README.gotmpl.md: -------------------------------------------------------------------------------- 1 | 6 | 7 | This chart requires that `service.name` is set (`--set service.name=my-backend-service`). 8 | 9 | {{ template "chart.valuesSection" . }} 10 | -------------------------------------------------------------------------------- /appuio/openshift-route/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL: 2 | {{- if $.Values.host }} 3 | http{{ if $.Values.tls }}s{{ end }}://{{ $.Values.host }} 4 | {{- else }} 5 | # Your hostname will be auto-generated by OpenShift. Get it after creation: 6 | oc get route {{ include "openshift-route.fullname" . }} 7 | {{- end }} 8 | -------------------------------------------------------------------------------- /appuio/openshift-route/templates/route.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: {{ include "openshift-route.fullname" . }} 6 | labels: 7 | {{ include "openshift-route.labels" . | indent 4 }} 8 | {{- with .Values.labels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | {{- with .Values.annotations }} 12 | annotations: 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | host: {{ .Values.host }} 17 | path: {{ .Values.path }} 18 | wildcardPolicy: {{ .Values.wildcardPolicy }} 19 | port: 20 | targetPort: {{ .Values.service.targetPort }} 21 | {{- if .Values.tls.enabled }} 22 | tls: 23 | {{- with .Values.tls }} 24 | termination: {{ .termination }} 25 | insecureEdgeTerminationPolicy: {{ .insecureEdgeTerminationPolicy }} 26 | {{- with .key }} 27 | key: | 28 | {{ . | indent 6 }} 29 | {{- end }} 30 | {{- with .certificate }} 31 | certificate: | 32 | {{ . | indent 6 }} 33 | {{- end }} 34 | {{- with .caCertificate }} 35 | caCertificate: | 36 | {{ . | nindent 6 }} 37 | {{- end }} 38 | {{- with .destinationCACertificate }} 39 | destinationCACertificate: | 40 | {{ . | nindent 6 }} 41 | {{- end }} 42 | {{- end}} 43 | {{- end }} 44 | to: 45 | kind: Service 46 | name: {{ required "A valid .Values.service.name entry required!" .Values.service.name }} 47 | weight: {{ .Values.service.weight }} 48 | {{- with .Values.alternateBackends }} 49 | alternateBackends: 50 | {{- toYaml . | nindent 4 }} 51 | {{- end }} 52 | {{ include "chart.helmRouteFix" . }} 53 | -------------------------------------------------------------------------------- /appuio/prometheus-blackbox-exporter/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Prometheus Blackbox Exporter 3 | name: prometheus-blackbox-exporter 4 | version: 0.3.1 5 | appVersion: v0.17.0 6 | home: https://github.com/prometheus/blackbox_exporter 7 | sources: 8 | - https://github.com/prometheus/blackbox_exporter 9 | keywords: 10 | - prometheus 11 | - blackbox 12 | - monitoring 13 | maintainers: 14 | - name: APPUiO Team 15 | email: info@appuio.ch 16 | -------------------------------------------------------------------------------- /appuio/prometheus-blackbox-exporter/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | See https://github.com/prometheus/blackbox_exporter/ for how to configure Prometheus and the Blackbox Exporter. 2 | -------------------------------------------------------------------------------- /appuio/prometheus-blackbox-exporter/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "prometheus-blackbox-exporter.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "prometheus-blackbox-exporter.fullname" -}} 14 | {{- if .Values.fullnameOverride -}} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 16 | {{- else -}} 17 | {{- $name := default .Chart.Name .Values.nameOverride -}} 18 | {{- if contains $name .Release.Name -}} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 20 | {{- else -}} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 22 | {{- end -}} 23 | {{- end -}} 24 | {{- end -}} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "prometheus-blackbox-exporter.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 31 | {{- end -}} 32 | -------------------------------------------------------------------------------- /appuio/prometheus-blackbox-exporter/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.config }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "prometheus-blackbox-exporter.fullname" . }} 6 | labels: 7 | chart: {{ template "prometheus-blackbox-exporter.chart" . }} 8 | app: {{ template "prometheus-blackbox-exporter.name" . }} 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | data: 12 | blackbox.yaml: | 13 | {{ toYaml .Values.config | indent 4 }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /appuio/prometheus-blackbox-exporter/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $serviceName := include "prometheus-blackbox-exporter.fullname" . -}} 3 | {{- $servicePort := .Values.service.port -}} 4 | apiVersion: extensions/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: {{ template "prometheus-blackbox-exporter.fullname" . }} 8 | labels: 9 | app: {{ template "prometheus-blackbox-exporter.name" . }} 10 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | annotations: 14 | {{ toYaml .Values.ingress.annotations | indent 4 }} 15 | spec: 16 | rules: 17 | {{- range $host := .Values.ingress.hosts }} 18 | - host: {{ $host }} 19 | http: 20 | paths: 21 | - path: / 22 | backend: 23 | serviceName: {{ $serviceName }} 24 | servicePort: {{ $servicePort }} 25 | {{- end -}} 26 | {{- if .Values.ingress.tls }} 27 | tls: 28 | {{ toYaml .Values.ingress.tls | indent 4 }} 29 | {{- end -}} 30 | {{- end -}} -------------------------------------------------------------------------------- /appuio/prometheus-blackbox-exporter/templates/service.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: {{ template "prometheus-blackbox-exporter.fullname" . }} 5 | labels: 6 | chart: {{ template "prometheus-blackbox-exporter.chart" . }} 7 | app: {{ template "prometheus-blackbox-exporter.name" . }} 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - name: http 14 | port: {{ .Values.service.port }} 15 | protocol: TCP 16 | {{- if .Values.service.externalIPs }} 17 | externalIPs: 18 | {{ toYaml .Values.service.externalIPs | indent 4 }} 19 | {{- end }} 20 | selector: 21 | app: {{ template "prometheus-blackbox-exporter.name" . }} 22 | release: "{{ .Release.Name }}" 23 | -------------------------------------------------------------------------------- /appuio/redis/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | 23 | hack/ 24 | -------------------------------------------------------------------------------- /appuio/redis/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: common 3 | repository: https://raw.githubusercontent.com/bitnami/charts/defb094c658024e4aa8245622dab202874880cbc/bitnami/ 4 | version: 1.15.1 5 | digest: sha256:76450f70ef67b89d955bfb644f899d17edbcec9ad0208d686bc4cd11f006d7ae 6 | generated: "2022-06-10T00:58:40.801311+02:00" 7 | -------------------------------------------------------------------------------- /appuio/redis/Chart.yaml: -------------------------------------------------------------------------------- 1 | annotations: 2 | category: Database 3 | apiVersion: v2 4 | appVersion: 6.2.1 5 | dependencies: 6 | - name: common 7 | # Pinned to index.yaml before upstream cleanup (see: https://github.com/bitnami/charts/pull/10530) 8 | repository: https://raw.githubusercontent.com/bitnami/charts/defb094c658024e4aa8245622dab202874880cbc/bitnami/ 9 | tags: 10 | - bitnami-common 11 | version: 1.x.x 12 | description: Open source, advanced key-value store. It is often referred to as a data 13 | structure server since keys can contain strings, hashes, lists, sets and sorted 14 | sets. 15 | home: https://github.com/appuio/charts/tree/master/appuio/redis 16 | icon: https://github.com/appuio/charts/blob/master/appuio/redis/logo.png 17 | keywords: 18 | - redis 19 | - keyvalue 20 | - database 21 | maintainers: 22 | - name: APPUiO Team 23 | email: info@appuio.ch 24 | name: redis 25 | sources: 26 | - https://github.com/bitnami/bitnami-docker-redis 27 | - http://redis.io/ 28 | version: 1.3.7 29 | -------------------------------------------------------------------------------- /appuio/redis/README.gotmpl.md: -------------------------------------------------------------------------------- 1 | 6 | 7 | {{ template "chart.valuesSection" . }} 8 | -------------------------------------------------------------------------------- /appuio/redis/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | # Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. 2 | -------------------------------------------------------------------------------- /appuio/redis/ci/extra-flags-values.yaml: -------------------------------------------------------------------------------- 1 | master: 2 | extraFlags: 3 | - --maxmemory-policy allkeys-lru 4 | persistence: 5 | enabled: false 6 | slave: 7 | extraFlags: 8 | - --maxmemory-policy allkeys-lru 9 | persistence: 10 | enabled: false 11 | usePassword: false 12 | -------------------------------------------------------------------------------- /appuio/redis/hack/redis-failover-scripts/Readme.md: -------------------------------------------------------------------------------- 1 | # Redis Failover Experiments 2 | 3 | Scripts and random notes for redis sentinel failover experiments. 4 | 5 | ## Files 6 | 7 | - `values-sentinel.yaml` Helm values for a simple redis cluster with sentinels enabled. 8 | - `monitor.sh` Reports status changes for all nodes in a cluster. 9 | - `fill_cluster.sh` Fills a redis cluster with random keys. Takes the id of the current master node as the first argument. 10 | - `random_keys.lua` Used for `fill_cluster.sh`. 11 | - `deny-redis-traffic-to-node-*-networkpolicy.yaml` Deny network traffic to a single node. 12 | 13 | ## Resources 14 | 15 | >> Is it OK to wait until 'master_link_status' becomes 'up', and 'master_sync_in_progress' becomes '0' and 'master_last_io_seconds' becomes >= 0? 16 | > If you have no reason to believe something has gone haywire, this ought to tell you that the initial sync process has completed, yes. 17 | - https://groups.google.com/g/redis-db/c/JPvnyfUWx_Q?pli=1 18 | 19 | - https://lzone.de/cheat-sheet/Redis%20Sentinel 20 | -------------------------------------------------------------------------------- /appuio/redis/hack/redis-failover-scripts/deny-redis-traffic-to-node-0-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: deny-redis-traffic-node-0 5 | spec: 6 | podSelector: 7 | matchLabels: 8 | release: redis-test-cluster 9 | statefulset.kubernetes.io/pod-name: redis-test-cluster-node-0 10 | # Exception for test-client 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | role: client 16 | egress: 17 | - to: 18 | - podSelector: 19 | matchLabels: 20 | role: client 21 | 22 | policyTypes: 23 | - Ingress 24 | - Egress 25 | -------------------------------------------------------------------------------- /appuio/redis/hack/redis-failover-scripts/deny-redis-traffic-to-node-1-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: deny-redis-traffic-node-1 5 | spec: 6 | podSelector: 7 | matchLabels: 8 | release: redis-test-cluster 9 | statefulset.kubernetes.io/pod-name: redis-test-cluster-node-1 10 | # Exception for test-client 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | role: client 16 | egress: 17 | - to: 18 | - podSelector: 19 | matchLabels: 20 | role: client 21 | 22 | policyTypes: 23 | - Ingress 24 | - Egress 25 | -------------------------------------------------------------------------------- /appuio/redis/hack/redis-failover-scripts/deny-redis-traffic-to-node-2-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: deny-redis-traffic-node-2 5 | spec: 6 | podSelector: 7 | matchLabels: 8 | release: redis-test-cluster 9 | statefulset.kubernetes.io/pod-name: redis-test-cluster-node-2 10 | # Exception for test-client 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | role: client 16 | egress: 17 | - to: 18 | - podSelector: 19 | matchLabels: 20 | role: client 21 | 22 | policyTypes: 23 | - Ingress 24 | - Egress 25 | -------------------------------------------------------------------------------- /appuio/redis/hack/redis-failover-scripts/fill_cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | node=redis-test-cluster-node-$1 6 | 7 | kubectl cp scratchspace/random_keys.lua ${node}:/tmp/random_keys.lua -credis; 8 | 9 | for i in {0..1000} 10 | do 11 | kubectl exec ${node} -it -c redis -- 2>/dev/null redis-cli -h localhost -p 6379 -a $REDIS_PASSWORD --eval /tmp/random_keys.lua 12 | kubectl exec ${node} -it -c redis -- 2>/dev/null redis-cli -h localhost -p 6379 -a $REDIS_PASSWORD dbsize 13 | done 14 | -------------------------------------------------------------------------------- /appuio/redis/hack/redis-failover-scripts/monitor.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo Monitoring nodes 4 | 5 | declare -A last_state=() 6 | 7 | while : 8 | do 9 | for i in {0..2} 10 | do 11 | node=redis-test-cluster-node-$i 12 | response=$( 13 | kubectl exec ${node} -c redis -- redis-cli -h localhost -p 6379 --no-auth-warning -a $REDIS_PASSWORD --eval /health/node_ready.lua 2>&1 14 | ) 15 | if [ "$response" != "${last_state[$node]}" ] 16 | then 17 | echo "### $(date +%R:%S): Node $node state changed" 18 | echo "'${last_state[$node]}' -> '$response'" 19 | last_state[$node]=$response 20 | fi 21 | done 22 | done 23 | -------------------------------------------------------------------------------- /appuio/redis/hack/redis-failover-scripts/random_keys.lua: -------------------------------------------------------------------------------- 1 | local random_string = function(length) 2 | local res = "" 3 | for i = 1, length do 4 | res = res .. string.char(math.random(97, 122)) 5 | end 6 | return res 7 | end 8 | 9 | -- Seeds random 10 | -- https://redis.io/commands/eval#selective-replication-of-commands 11 | redis.replicate_commands() 12 | 13 | for _ = 1, 100000, 1 do 14 | local str = random_string(10) 15 | redis.call("SET", "RAND_"..str.."key", str); 16 | end 17 | 18 | return redis.status_reply("ok") 19 | -------------------------------------------------------------------------------- /appuio/redis/hack/redis-failover-scripts/values-sentinel.yaml: -------------------------------------------------------------------------------- 1 | password: Fbma0DPVG7 2 | cluster: 3 | slaveCount: 3 4 | podDisruptionBudget: 5 | enabled: true 6 | minAvailable: "" 7 | maxUnavailable: 1 8 | slave: 9 | podAnnotations: 10 | restart: Wed Aug 18 15:29:07 CEST 2021 11 | persistence: 12 | size: 16Gi 13 | readinessProbe: 14 | initialDelaySeconds: 30 15 | sentinel: 16 | enabled: true 17 | staticID: true 18 | downAfterMilliseconds: 3000 19 | failoverTimeout: 5000 20 | resources: 21 | requests: 22 | cpu: 100m 23 | memory: 32Mi 24 | limits: 25 | cpu: 200m 26 | memory: 64Mi 27 | -------------------------------------------------------------------------------- /appuio/redis/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appuio/charts/114d2de27c063ac82ed46f633e5edac6972925ab/appuio/redis/logo.png -------------------------------------------------------------------------------- /appuio/redis/node_ready.lua: -------------------------------------------------------------------------------- 1 | local raw_state = redis.call("info", "replication") 2 | 3 | local split = function(text, delim) 4 | return text:gmatch("[^"..delim.."]+") 5 | end 6 | 7 | local collect = function(iter) 8 | local elements = {} 9 | for s in iter do table.insert(elements, s); end 10 | return elements 11 | end 12 | 13 | local has_prefix = function(text, prefix) 14 | return text:find(prefix, 1, true) == 1 15 | end 16 | 17 | local replication_state = {} 18 | for s in split(raw_state, "\r\n") do 19 | (function(s) 20 | if has_prefix(s,"#") then 21 | return 22 | end 23 | 24 | local kv = collect(split(s, ":")) 25 | replication_state[kv[1]] = kv[2] 26 | end)(s) 27 | end 28 | 29 | local isSlave = replication_state["role"] == "slave" 30 | local isMasterLinkDown = replication_state["master_link_status"] == "down" 31 | local isSyncing = replication_state["master_sync_in_progress"] == "1" 32 | 33 | if isSlave and isMasterLinkDown then 34 | if isSyncing then 35 | return redis.error_reply("node is syncing") 36 | else 37 | return redis.error_reply("link to master down") 38 | end 39 | end 40 | 41 | return redis.status_reply("ready") 42 | -------------------------------------------------------------------------------- /appuio/redis/templates/headless-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "redis.fullname" . }}-headless 5 | namespace: {{ .Release.Namespace | quote }} 6 | labels: 7 | app: {{ template "redis.name" . }} 8 | chart: {{ template "redis.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | spec: 12 | type: ClusterIP 13 | clusterIP: None 14 | {{- if .Values.sentinel.enabled }} 15 | publishNotReadyAddresses: true 16 | {{- end }} 17 | ports: 18 | - name: tcp-redis 19 | port: {{ .Values.redisPort }} 20 | targetPort: redis 21 | {{- if .Values.sentinel.enabled }} 22 | - name: tcp-sentinel 23 | port: {{ .Values.sentinel.port }} 24 | targetPort: redis-sentinel 25 | {{- end }} 26 | selector: 27 | app: {{ template "redis.name" . }} 28 | release: {{ .Release.Name }} 29 | -------------------------------------------------------------------------------- /appuio/redis/templates/metrics-prometheus.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Values.metrics.enabled) (.Values.metrics.serviceMonitor.enabled) }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ template "redis.fullname" . }} 6 | {{- if .Values.metrics.serviceMonitor.namespace }} 7 | namespace: {{ .Values.metrics.serviceMonitor.namespace }} 8 | {{- else }} 9 | namespace: {{ .Release.Namespace | quote }} 10 | {{- end }} 11 | labels: 12 | app: {{ template "redis.name" . }} 13 | chart: {{ template "redis.chart" . }} 14 | release: {{ .Release.Name }} 15 | heritage: {{ .Release.Service }} 16 | {{- range $key, $value := .Values.metrics.serviceMonitor.selector }} 17 | {{ $key }}: {{ $value | quote }} 18 | {{- end }} 19 | spec: 20 | endpoints: 21 | - port: metrics 22 | {{- if .Values.metrics.serviceMonitor.interval }} 23 | interval: {{ .Values.metrics.serviceMonitor.interval }} 24 | {{- end }} 25 | {{- if .Values.metrics.serviceMonitor.relabelings }} 26 | relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }} 27 | {{- end }} 28 | {{- if .Values.metrics.serviceMonitor.metricRelabelings }} 29 | metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} 30 | {{- end }} 31 | selector: 32 | matchLabels: 33 | app: {{ template "redis.name" . }} 34 | release: {{ .Release.Name }} 35 | app.kubernetes.io/component: "metrics" 36 | namespaceSelector: 37 | matchNames: 38 | - {{ .Release.Namespace }} 39 | {{- end -}} 40 | -------------------------------------------------------------------------------- /appuio/redis/templates/metrics-sentinel-prometheus.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.sentinel.enabled .Values.sentinel.metrics.enabled .Values.sentinel.metrics.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ include "redis.fullname" . }}-sentinel-metrics 6 | {{- if .Values.sentinel.metrics.serviceMonitor.namespace }} 7 | namespace: {{ .Values.sentinel.metrics.serviceMonitor.namespace }} 8 | {{- else }} 9 | namespace: {{ .Release.Namespace | quote }} 10 | {{- end }} 11 | labels: 12 | app: {{ include "redis.name" . }} 13 | chart: {{ include "redis.chart" . }} 14 | release: {{ .Release.Name }} 15 | heritage: {{ .Release.Service }} 16 | {{- range $key, $value := .Values.sentinel.metrics.serviceMonitor.selector }} 17 | {{ $key }}: {{ $value | quote }} 18 | {{- end }} 19 | spec: 20 | endpoints: 21 | - port: sentinelmetrics 22 | {{- if .Values.sentinel.metrics.serviceMonitor.interval }} 23 | interval: {{ .Values.sentinel.metrics.serviceMonitor.interval }} 24 | {{- end }} 25 | selector: 26 | matchLabels: 27 | app: {{ include "redis.name" . }} 28 | release: {{ .Release.Name }} 29 | app.kubernetes.io/component: "sentinel-metrics" 30 | namespaceSelector: 31 | matchNames: 32 | - {{ .Release.Namespace }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /appuio/redis/templates/metrics-sentinel-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.sentinel.enabled .Values.sentinel.metrics.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "redis.fullname" . }}-sentinel-metrics 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | app: {{ include "redis.name" . }} 9 | chart: {{ include "redis.chart" . }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | app.kubernetes.io/component: "sentinel-metrics" 13 | {{- if .Values.sentinel.metrics.service.labels -}} 14 | {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.metrics.service.labels "context" $) | nindent 4 }} 15 | {{- end -}} 16 | {{- if .Values.sentinel.metrics.service.annotations }} 17 | annotations: {{- toYaml .Values.sentinel.metrics.service.annotations | nindent 4 }} 18 | {{- end }} 19 | spec: 20 | type: {{ .Values.sentinel.metrics.service.type }} 21 | {{- if eq .Values.sentinel.metrics.service.type "LoadBalancer" }} 22 | externalTrafficPolicy: {{ .Values.sentinel.metrics.service.externalTrafficPolicy }} 23 | {{- end }} 24 | {{- if and (eq .Values.sentinel.metrics.service.type "LoadBalancer") .Values.sentinel.metrics.service.loadBalancerIP }} 25 | loadBalancerIP: {{ .Values.sentinel.metrics.service.loadBalancerIP }} 26 | {{- end }} 27 | ports: 28 | - port: {{ .Values.sentinel.metrics.service.port }} 29 | targetPort: sentinelmetrics 30 | protocol: TCP 31 | name: sentinelmetrics 32 | selector: 33 | app: {{ include "redis.name" . }} 34 | release: {{ .Release.Name }} 35 | {{- end }} 36 | -------------------------------------------------------------------------------- /appuio/redis/templates/metrics-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "redis.fullname" . }}-metrics 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | app: {{ template "redis.name" . }} 9 | chart: {{ template "redis.chart" . }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | app.kubernetes.io/component: "metrics" 13 | {{- if .Values.metrics.service.labels -}} 14 | {{- toYaml .Values.metrics.service.labels | nindent 4 }} 15 | {{- end -}} 16 | {{- if .Values.metrics.service.annotations }} 17 | annotations: {{- toYaml .Values.metrics.service.annotations | nindent 4 }} 18 | {{- end }} 19 | spec: 20 | type: {{ .Values.metrics.service.type }} 21 | {{ if eq .Values.metrics.service.type "LoadBalancer" }} 22 | externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy }} 23 | {{- end }} 24 | {{ if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} 25 | loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} 26 | {{- end }} 27 | ports: 28 | - name: metrics 29 | port: 9121 30 | targetPort: metrics 31 | selector: 32 | app: {{ template "redis.name" . }} 33 | release: {{ .Release.Name }} 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /appuio/redis/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podDisruptionBudget.enabled }} 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ template "redis.fullname" . }} 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | app: {{ template "redis.name" . }} 9 | chart: {{ template "redis.chart" . }} 10 | spec: 11 | {{- if .Values.podDisruptionBudget.minAvailable }} 12 | minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} 13 | {{- end }} 14 | {{- if .Values.podDisruptionBudget.maxUnavailable }} 15 | maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} 16 | {{- end }} 17 | selector: 18 | matchLabels: 19 | app: {{ template "redis.name" . }} 20 | chart: {{ template "redis.chart" . }} 21 | release: {{ .Release.Name }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /appuio/redis/templates/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PrometheusRule 4 | metadata: 5 | name: {{ template "redis.fullname" . }} 6 | {{- if .Values.metrics.prometheusRule.namespace }} 7 | namespace: {{ .Values.metrics.prometheusRule.namespace }} 8 | {{- else }} 9 | namespace: {{ .Release.Namespace | quote }} 10 | {{- end }} 11 | labels: 12 | app: {{ template "redis.name" . }} 13 | chart: {{ template "redis.chart" . }} 14 | release: {{ .Release.Name | quote }} 15 | heritage: {{ .Release.Service | quote }} 16 | {{- with .Values.metrics.prometheusRule.additionalLabels }} 17 | {{- toYaml . | nindent 4 }} 18 | {{- end }} 19 | spec: 20 | {{- with .Values.metrics.prometheusRule.rules }} 21 | groups: 22 | - name: {{ template "redis.name" $ }} 23 | rules: {{- tpl (toYaml .) $ | nindent 8 }} 24 | {{- end }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /appuio/redis/templates/psp.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podSecurityPolicy.create }} 2 | apiVersion: {{ template "podSecurityPolicy.apiVersion" . }} 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ template "redis.fullname" . }} 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | app: {{ template "redis.name" . }} 9 | chart: {{ template "redis.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | allowPrivilegeEscalation: false 14 | fsGroup: 15 | rule: 'MustRunAs' 16 | ranges: 17 | - min: {{ .Values.securityContext.fsGroup }} 18 | max: {{ .Values.securityContext.fsGroup }} 19 | hostIPC: false 20 | hostNetwork: false 21 | hostPID: false 22 | privileged: false 23 | readOnlyRootFilesystem: false 24 | requiredDropCapabilities: 25 | - ALL 26 | runAsUser: 27 | rule: 'MustRunAs' 28 | ranges: 29 | - min: {{ .Values.containerSecurityContext.runAsUser }} 30 | max: {{ .Values.containerSecurityContext.runAsUser }} 31 | seLinux: 32 | rule: 'RunAsAny' 33 | supplementalGroups: 34 | rule: 'MustRunAs' 35 | ranges: 36 | - min: {{ .Values.containerSecurityContext.runAsUser }} 37 | max: {{ .Values.containerSecurityContext.runAsUser }} 38 | volumes: 39 | - 'configMap' 40 | - 'secret' 41 | - 'emptyDir' 42 | - 'persistentVolumeClaim' 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /appuio/redis/templates/recreate-script.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.sentinel.enabled .Values.sentinel.forceUpdate }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ printf "%s-sts-deleter" (include "common.names.fullname" .) }} 6 | annotations: 7 | "helm.sh/hook": pre-upgrade 8 | "helm.sh/hook-weight": "-6" 9 | labels: 10 | app: {{ template "redis.name" . }} 11 | chart: {{ template "redis.chart" . }} 12 | release: {{ .Release.Name }} 13 | heritage: {{ .Release.Service }} 14 | data: 15 | delete.sh: | 16 | !/bin/bash 17 | 18 | set -eo pipefail 19 | 20 | name="{{ printf "%s-node" (include "common.names.fullname" .) }}" 21 | namespace="{{ .Release.Namespace }}" 22 | 23 | # Check if delete is necessary 24 | found=$(kubectl -n "$namespace" get sts "$name" -o json --ignore-not-found) 25 | 26 | size="{{ .Values.slave.persistence.size }}" 27 | foundsize=$(echo -En "$found" | jq -r '.spec.volumeClaimTemplates[] | select(.metadata.name=="redis-data") | .spec.resources.requests.storage') 28 | 29 | if [[ $foundsize != "$size" ]]; then 30 | kubectl -n "$namespace" delete sts "$name" --cascade=orphan --ignore-not-found --wait=true 31 | # There is a consistency issue. It seems that it is not guaranteed that the helm controller sees the deletion before noticing the job completion. 32 | # It is generally hard to find clear consistency guarantees of the Kubernetes API server. 33 | # My hope is that an additional read forces the delete to be committed. 34 | while kubectl -n "$namespace" get sts "$name" > /dev/null 2>&1; do sleep 1; done 35 | sleep 2 # Let's wait a bit to reduce the race condition likelihood if I'm wrong. 36 | fi 37 | {{- end }} 38 | -------------------------------------------------------------------------------- /appuio/redis/templates/redis-master-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.sentinel.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "redis.fullname" . }}-master 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | app: {{ template "redis.name" . }} 9 | chart: {{ template "redis.chart" . }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | {{- if .Values.master.service.labels -}} 13 | {{- toYaml .Values.master.service.labels | nindent 4 }} 14 | {{- end -}} 15 | {{- if .Values.master.service.annotations }} 16 | annotations: {{- toYaml .Values.master.service.annotations | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | type: {{ .Values.master.service.type }} 20 | {{ if eq .Values.master.service.type "LoadBalancer" }} 21 | externalTrafficPolicy: {{ .Values.master.service.externalTrafficPolicy }} 22 | {{- end }} 23 | {{- if and (eq .Values.master.service.type "LoadBalancer") .Values.master.service.loadBalancerIP }} 24 | loadBalancerIP: {{ .Values.master.service.loadBalancerIP }} 25 | {{- end }} 26 | {{- if and (eq .Values.master.service.type "LoadBalancer") .Values.master.service.loadBalancerSourceRanges }} 27 | loadBalancerSourceRanges: 28 | {{- with .Values.master.service.loadBalancerSourceRanges }} 29 | {{- toYaml . | nindent 4 }} 30 | {{- end }} 31 | {{- end }} 32 | ports: 33 | - name: tcp-redis 34 | port: {{ .Values.master.service.port }} 35 | targetPort: redis 36 | {{- if .Values.master.service.nodePort }} 37 | nodePort: {{ .Values.master.service.nodePort }} 38 | {{- end }} 39 | selector: 40 | app: {{ template "redis.name" . }} 41 | release: {{ .Release.Name }} 42 | role: master 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /appuio/redis/templates/redis-role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} 3 | kind: Role 4 | metadata: 5 | name: {{ template "redis.fullname" . }} 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | app: {{ template "redis.name" . }} 9 | chart: {{ template "redis.chart" . }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | rules: 13 | {{- if .Values.podSecurityPolicy.create }} 14 | - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}'] 15 | resources: ['podsecuritypolicies'] 16 | verbs: ['use'] 17 | resourceNames: [{{ template "redis.fullname" . }}] 18 | {{- end -}} 19 | {{- if .Values.rbac.role.rules }} 20 | {{- toYaml .Values.rbac.role.rules | nindent 2 }} 21 | {{- end -}} 22 | {{- end -}} 23 | -------------------------------------------------------------------------------- /appuio/redis/templates/redis-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ template "redis.fullname" . }} 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | app: {{ template "redis.name" . }} 9 | chart: {{ template "redis.chart" . }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: Role 15 | name: {{ template "redis.fullname" . }} 16 | subjects: 17 | - kind: ServiceAccount 18 | name: {{ template "redis.serviceAccountName" . }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /appuio/redis/templates/redis-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "redis.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | app: {{ template "redis.name" . }} 9 | chart: {{ template "redis.chart" . }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | {{- if .Values.serviceAccount.annotations }} 13 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 14 | {{- end }} 15 | {{- end -}} 16 | -------------------------------------------------------------------------------- /appuio/redis/templates/redis-slave-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.cluster.enabled (not .Values.sentinel.enabled) }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "redis.fullname" . }}-slave 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | app: {{ template "redis.name" . }} 9 | chart: {{ template "redis.chart" . }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | {{- if .Values.slave.service.labels -}} 13 | {{- toYaml .Values.slave.service.labels | nindent 4 }} 14 | {{- end -}} 15 | {{- if .Values.slave.service.annotations }} 16 | annotations: {{- toYaml .Values.slave.service.annotations | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | type: {{ .Values.slave.service.type }} 20 | {{ if eq .Values.slave.service.type "LoadBalancer" }} 21 | externalTrafficPolicy: {{ .Values.slave.service.externalTrafficPolicy }} 22 | {{- end }} 23 | {{- if and (eq .Values.slave.service.type "LoadBalancer") .Values.slave.service.loadBalancerIP }} 24 | loadBalancerIP: {{ .Values.slave.service.loadBalancerIP }} 25 | {{- end }} 26 | {{- if and (eq .Values.slave.service.type "LoadBalancer") .Values.slave.service.loadBalancerSourceRanges }} 27 | loadBalancerSourceRanges: 28 | {{- with .Values.slave.service.loadBalancerSourceRanges }} 29 | {{- toYaml . | nindent 4 }} 30 | {{- end }} 31 | {{- end }} 32 | ports: 33 | - name: tcp-redis 34 | port: {{ .Values.slave.service.port }} 35 | targetPort: redis 36 | {{- if .Values.slave.service.nodePort }} 37 | nodePort: {{ .Values.slave.service.nodePort }} 38 | {{- end }} 39 | selector: 40 | app: {{ template "redis.name" . }} 41 | release: {{ .Release.Name }} 42 | role: slave 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /appuio/redis/templates/redis-with-sentinel-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.sentinel.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "redis.fullname" . }} 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | app: {{ template "redis.name" . }} 9 | chart: {{ template "redis.chart" . }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | {{- if .Values.sentinel.service.labels }} 13 | {{- toYaml .Values.sentinel.service.labels | nindent 4 }} 14 | {{- end }} 15 | {{- if .Values.sentinel.service.annotations }} 16 | annotations: {{- toYaml .Values.sentinel.service.annotations | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | type: {{ .Values.sentinel.service.type }} 20 | {{ if eq .Values.sentinel.service.type "LoadBalancer" }} 21 | externalTrafficPolicy: {{ .Values.sentinel.service.externalTrafficPolicy }} 22 | {{- end }} 23 | {{ if eq .Values.sentinel.service.type "LoadBalancer" -}} {{ if .Values.sentinel.service.loadBalancerIP }} 24 | loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }} 25 | {{ end -}} 26 | {{- end -}} 27 | ports: 28 | - name: tcp-redis 29 | port: {{ .Values.sentinel.service.redisPort }} 30 | targetPort: redis 31 | {{- if .Values.sentinel.service.redisNodePort }} 32 | nodePort: {{ .Values.sentinel.service.redisNodePort }} 33 | {{- end }} 34 | - name: tcp-sentinel 35 | port: {{ .Values.sentinel.service.sentinelPort }} 36 | targetPort: redis-sentinel 37 | {{- if .Values.sentinel.service.sentinelNodePort }} 38 | nodePort: {{ .Values.sentinel.service.sentinelNodePort }} 39 | {{- end }} 40 | selector: 41 | app: {{ template "redis.name" . }} 42 | release: {{ .Release.Name }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /appuio/redis/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.usePassword (not .Values.existingSecret) -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "redis.fullname" . }} 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | app: {{ template "redis.name" . }} 9 | chart: {{ template "redis.chart" . }} 10 | release: "{{ .Release.Name }}" 11 | heritage: "{{ .Release.Service }}" 12 | type: Opaque 13 | data: 14 | redis-password: {{ include "redis.password" . | b64enc | quote }} 15 | {{- end -}} 16 | -------------------------------------------------------------------------------- /appuio/secret/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | 23 | Makefile 24 | *gotmpl* 25 | test/ 26 | -------------------------------------------------------------------------------- /appuio/secret/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: Deploy arbitrary secrets 3 | type: application 4 | name: secret 5 | version: 1.1.0 6 | maintainers: 7 | - name: APPUiO Team 8 | email: info@appuio.ch 9 | -------------------------------------------------------------------------------- /appuio/secret/README.gotmpl.md: -------------------------------------------------------------------------------- 1 | 6 | 7 | Note: Properties suffixed with `Templates` support template functions and variables. 8 | All standard Helm functions are available (https://helm.sh/docs/chart_template_guide/function_list/). 9 | 10 | {{ template "chart.valuesSection" . }} 11 | 12 | ## Upgrade configuration syntax 13 | 14 | From version `1.1.0` onwards, the type of `secrets` changed from array to object to better support deep-merging behaviour of hierarchical configuration management tools. 15 | Specifying `secrets` as an array is deprecated. 16 | The changes are backwards compatible, altough you will note some default label changes. 17 | 18 | Going forward, `secrets` is now an object by default. 19 | Each key of `secrets` is the `metadata.name` of a secret. 20 | 21 | To upgrade to the new structure, take the value of `secrets[*].name` and make it a key. 22 | Given the example below, restructure the `name` and rename `values` to `stringData`: 23 | ```yaml 24 | secrets: 25 | - name: db-creds 26 | values: 27 | db-host: mysql 28 | ``` 29 | to 30 | ```yaml 31 | secrets: 32 | db-creds: 33 | stringData: 34 | db-host: mysql 35 | ``` 36 | The additional fields `.type` and `.labels` also need to be moved beneath the new name key (given example: `db-creds`). 37 | v1.2 also now supports additional fields, see the example in `values.yaml`. 38 | -------------------------------------------------------------------------------- /appuio/secret/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if kindIs "slice" .Values.secrets }} 2 | *** Warning *** 3 | You have configured the parameter `secrets` using arrays, which is deprecated. 4 | Please change `secrets` to a key-value object. 5 | See more details in the chart README. 6 | {{- end -}} 7 | -------------------------------------------------------------------------------- /appuio/secret/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "secret.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "secret.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "secret.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "secret.labels" -}} 37 | helm.sh/chart: {{ include "secret.chart" . }} 38 | app.kubernetes.io/name: {{ include "secret.name" . }} 39 | app.kubernetes.io/instance: {{ .Release.Name }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end }} 45 | -------------------------------------------------------------------------------- /appuio/secret/templates/secret-deprecated.yaml: -------------------------------------------------------------------------------- 1 | {{- if kindIs "slice" .Values.secrets }} 2 | {{- range .Values.secrets }} 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | type: {{ default "Opaque" .type }} 7 | metadata: 8 | name: {{ .name }} 9 | labels: 10 | {{- include "secret.labels" $ | nindent 4 }} 11 | {{- with .labels }} 12 | {{- toYaml . | nindent 4 }} 13 | {{- end }} 14 | stringData: 15 | {{- toYaml .values | nindent 2 -}} 16 | {{- end -}} 17 | {{- end -}} 18 | -------------------------------------------------------------------------------- /appuio/secret/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if kindIs "map" .Values.secrets }} 2 | {{- range $name, $value := .Values.secrets }} 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | type: {{ default "Opaque" .type }} 7 | metadata: 8 | labels: 9 | {{- include "secret.labels" $ | nindent 4 }} 10 | {{- with .labels }} 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- with .annotations }} 14 | annotations: 15 | {{- toYaml . | nindent 4 }} 16 | {{- end }} 17 | {{- if .nameTemplate }} 18 | name: {{ tpl .nameTemplate $ }} 19 | {{- else }} 20 | name: {{ $name }} 21 | {{- end }} 22 | {{- if .stringData }} 23 | stringData: 24 | {{- toYaml .stringData | nindent 2 -}} 25 | {{- range $key, $template := .stringDataTemplates }} 26 | {{ $key }}: {{ tpl $template $ | toYaml | indent 2 }} 27 | {{- end }} 28 | {{- end }} 29 | {{- if .data }} 30 | data: 31 | {{- toYaml .data | nindent 2 }} 32 | {{- end }} 33 | {{- end -}} 34 | {{- end -}} 35 | -------------------------------------------------------------------------------- /appuio/secret/test/main_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | var ( 4 | helmChartPath = ".." 5 | releaseName = "test-release" 6 | ) 7 | -------------------------------------------------------------------------------- /appuio/secret/test/secret_array_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/gruntwork-io/terratest/modules/helm" 7 | "github.com/stretchr/testify/assert" 8 | corev1 "k8s.io/api/core/v1" 9 | ) 10 | 11 | var tplSecretDeprecated = []string{"templates/secret-deprecated.yaml"} 12 | 13 | func TestSecret_ArraySyntax(t *testing.T) { 14 | options := &helm.Options{ 15 | ValuesFiles: []string{"testdata/secret-array.yaml"}, 16 | } 17 | 18 | output := helm.RenderTemplate(t, options, helmChartPath, releaseName, tplSecretDeprecated) 19 | 20 | secret := corev1.Secret{} 21 | helm.UnmarshalK8SYaml(t, output, &secret) 22 | 23 | assert.Equal(t, "foo-secret", secret.Name) 24 | assert.Equal(t, "database", secret.Labels["app"]) 25 | assert.Equal(t, "file", secret.StringData["static"]) 26 | } 27 | -------------------------------------------------------------------------------- /appuio/secret/test/secret_object_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/gruntwork-io/terratest/modules/helm" 7 | "github.com/stretchr/testify/assert" 8 | corev1 "k8s.io/api/core/v1" 9 | ) 10 | 11 | var tplSecret = []string{"templates/secret.yaml"} 12 | 13 | func TestSecret_ObjectSyntax(t *testing.T) { 14 | options := &helm.Options{ 15 | ValuesFiles: []string{"testdata/secret-object.yaml"}, 16 | SetValues: map[string]string{ 17 | "external": "foo", 18 | }, 19 | } 20 | 21 | output := helm.RenderTemplate(t, options, helmChartPath, releaseName, tplSecret) 22 | 23 | secret := corev1.Secret{} 24 | helm.UnmarshalK8SYaml(t, output, &secret) 25 | 26 | assert.Equal(t, "foo-secret", secret.Name) 27 | assert.Equal(t, "database", secret.Labels["app"]) 28 | assert.Equal(t, "github", secret.Annotations["app.kubernetes.io/source"]) 29 | assert.Equal(t, "file", secret.StringData["static"]) 30 | assert.Equal(t, "App", secret.StringData["dynamic"]) 31 | assert.NotNil(t, secret.Data["base64"]) 32 | } 33 | -------------------------------------------------------------------------------- /appuio/secret/test/testdata/secret-array.yaml: -------------------------------------------------------------------------------- 1 | secrets: 2 | - name: foo-secret 3 | labels: 4 | app: database 5 | values: 6 | static: file 7 | -------------------------------------------------------------------------------- /appuio/secret/test/testdata/secret-object.yaml: -------------------------------------------------------------------------------- 1 | secrets: 2 | app: 3 | labels: 4 | app: database 5 | annotations: 6 | app.kubernetes.io/source: "github" 7 | nameTemplate: '{{ .Values.external }}-secret' 8 | stringData: 9 | static: file 10 | stringDataTemplates: 11 | dynamic: '{{ title "app" }}' 12 | data: 13 | base64: aGVsbG8= 14 | -------------------------------------------------------------------------------- /appuio/secret/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # -- Dict with key/values. Each key is the name of the secret. 3 | # Each value may contain an object with `.nameTemplate`, `.type`, `.stringData`, `.data`, `.labels`, `.annotations`. 4 | # If `.nameTemplate` is not given, the key name is used. 5 | # You can pass additional templates to `.stringDataTemplates` and `.nameTemplate`. 6 | # See an example in `values.yaml`. 7 | secrets: {} 8 | # secrets: 9 | # my-secret-name: 10 | # nameTemplate: '{{ .Values.fullnameOverride | default .Release.Name }}-suffix' # optional 11 | # stringData: 12 | # my-user: example 13 | # my-file: | 14 | # [section] 15 | # config = value 16 | # stringDataTemplates: 17 | # my-template: | 18 | # date={{ now }} 19 | # my-name: '{{ .Values.secrets.database.name }}' 20 | # data: 21 | # my-key: some-base64-encoded-string 22 | # labels: # optional 23 | # app: database 24 | # annotations: # optional 25 | # my-annotation: a string value 26 | -------------------------------------------------------------------------------- /appuio/signalilo/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /appuio/signalilo/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Alertmanager to Icinga2 bridge 3 | name: signalilo 4 | home: https://git.vshn.net/vshn/signalilo 5 | keywords: 6 | - prometheus 7 | - alertmanager 8 | - webhook 9 | - icinga2 10 | version: 0.12.1 11 | appVersion: v0.14.0 12 | sources: 13 | - https://git.vshn.net/vshn/signalilo 14 | maintainers: 15 | - name: APPUiO Team 16 | email: info@appuio.ch 17 | -------------------------------------------------------------------------------- /appuio/signalilo/templates/pull-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (not .Values.image.existingPullSecret) .Values.image.password }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "signalilo.fullname" . }}-pullsecret 6 | labels: 7 | app.kubernetes.io/name: {{ include "signalilo.name" . }} 8 | helm.sh/chart: {{ include "signalilo.chart" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/managed-by: {{ .Release.Service }} 11 | type: kubernetes.io/dockerconfigjson 12 | data: 13 | .dockerconfigjson: {{ template "signalilo.imagePullSecret" . }} 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /appuio/signalilo/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if or (not .Values.config.icinga_password_secret) (not .Values.config.alertmanager_bearer_token_secret) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "signalilo.fullname" . }} 6 | labels: 7 | app.kubernetes.io/name: {{ include "signalilo.name" . }} 8 | helm.sh/chart: {{ include "signalilo.chart" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/managed-by: {{ .Release.Service }} 11 | data: 12 | {{- if not .Values.config.icinga_password_secret }} 13 | icinga_password: {{ required ".Values.config.icinga_password is required" .Values.config.icinga_password | b64enc | quote }} 14 | {{- end }} 15 | {{- if not .Values.config.alertmanager_bearer_token_secret }} 16 | alertmanager_bearer_token: {{ required ".Values.config.alertmanager_bearer_token is required" .Values.config.alertmanager_bearer_token | b64enc | quote }} 17 | {{- end }} 18 | {{- end -}} 19 | -------------------------------------------------------------------------------- /appuio/signalilo/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "signalilo.fullname" . }} 5 | labels: 6 | app.kubernetes.io/name: {{ include "signalilo.name" . }} 7 | helm.sh/chart: {{ include "signalilo.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | spec: 11 | type: ClusterIP 12 | ports: 13 | - name: http 14 | port: 80 15 | protocol: TCP 16 | targetPort: http 17 | selector: 18 | app.kubernetes.io/name: {{ include "signalilo.name" . }} 19 | app.kubernetes.io/instance: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /appuio/signalilo/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "signalilo.serviceAccountName" . }} 6 | labels: 7 | {{- include "signalilo.labels" . | nindent 4 }} 8 | annotations: 9 | {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /appuio/snappass/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | test/ 24 | README.md 25 | -------------------------------------------------------------------------------- /appuio/snappass/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: snappass 3 | description: A Helm chart for SnapPass 4 | version: 1.0.0 5 | appVersion: v1.4.2 6 | sources: 7 | - https://github.com/pinterest/snappass 8 | home: https://github.com/pinterest/snappass 9 | -------------------------------------------------------------------------------- /appuio/snappass/Makefile: -------------------------------------------------------------------------------- 1 | MAKEFLAGS += --warn-undefined-variables 2 | SHELL := bash 3 | .SHELLFLAGS := -eu -o pipefail -c 4 | .DEFAULT_GOAL := help 5 | .DELETE_ON_ERROR: 6 | .SUFFIXES: 7 | 8 | .PHONY: help 9 | help: ## Show this help 10 | @grep -E -h '\s##\s' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = "(: ).*?## "}; {gsub(/\\:/,":",$$1)}; {printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' 11 | 12 | # 13 | # "Interface" for parent Makefile 14 | # 15 | prepare: ## Build dependencies for this chart - pinned to index.yaml before upstream cleanup (see: https://github.com/bitnami/charts/pull/10530) 16 | helm repo add bitnami https://raw.githubusercontent.com/bitnami/charts/defb094c658024e4aa8245622dab202874880cbc/bitnami/ 17 | helm dep build 18 | -------------------------------------------------------------------------------- /appuio/snappass/README.gotmpl.md: -------------------------------------------------------------------------------- 1 | 6 | 7 | {{ template "chart.valuesSection" . }} 8 | -------------------------------------------------------------------------------- /appuio/snappass/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: redis 3 | repository: https://raw.githubusercontent.com/bitnami/charts/defb094c658024e4aa8245622dab202874880cbc/bitnami/ 4 | version: 10.7.4 5 | digest: sha256:7e7842fb969db4fb54d3a34dd2fd8f906330f7a20fe05e0445f8ee1a93e07365 6 | generated: "2022-06-10T00:47:10.568495+02:00" 7 | -------------------------------------------------------------------------------- /appuio/snappass/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: redis 3 | version: 10.7.4 4 | # Pinned to index.yaml before upstream cleanup (see: https://github.com/bitnami/charts/pull/10530) 5 | repository: https://raw.githubusercontent.com/bitnami/charts/defb094c658024e4aa8245622dab202874880cbc/bitnami/ 6 | condition: redis.enabled 7 | -------------------------------------------------------------------------------- /appuio/snappass/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "snappass.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "snappass.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "snappass.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "snappass.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | echo "Visit http://127.0.0.1:5000 to use your application" 20 | kubectl port-forward $POD_NAME 5000 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /appuio/snappass/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "snappass.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{ include "snappass.labels" . | indent 4 }} 10 | {{- with .Values.ingress.annotations }} 11 | annotations: 12 | {{- toYaml . | nindent 4 }} 13 | {{- end }} 14 | spec: 15 | {{- if .Values.ingress.tls }} 16 | tls: 17 | {{- range .Values.ingress.tls }} 18 | - hosts: 19 | {{- range .hosts }} 20 | - {{ . | quote }} 21 | {{- end }} 22 | secretName: {{ .secretName }} 23 | {{- end }} 24 | {{- end }} 25 | rules: 26 | {{- range .Values.ingress.hosts }} 27 | - host: {{ .host | quote }} 28 | http: 29 | paths: 30 | {{- range .paths }} 31 | - path: {{ . }} 32 | pathType: ImplementationSpecific 33 | backend: 34 | service: 35 | name: {{ $fullName }} 36 | port: 37 | number: {{ $svcPort }} 38 | {{- end }} 39 | {{- end }} 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /appuio/snappass/templates/secret-redis.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.redis.enabled }} 2 | {{- $redis := .Values.snappass.redis -}} 3 | {{- if not $redis.existingSecret }} 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: "{{ include "snappass.fullname" . }}-redis" 8 | labels: 9 | {{- include "snappass.labels" . | nindent 4 }} 10 | type: Opaque 11 | data: 12 | redis-password: {{ $redis.password | b64enc }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /appuio/snappass/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- $snappass := .Values.snappass -}} 2 | {{- if not $snappass.existingSecret }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ include "snappass.fullname" . }} 7 | labels: 8 | {{- include "snappass.labels" . | nindent 4 }} 9 | type: Opaque 10 | data: 11 | secretKey: {{ if $snappass.secretKey }}{{ $snappass.secretKey | b64enc }}{{ else }}{{ randAlphaNum 40 | b64enc }}{{ end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /appuio/snappass/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "snappass.fullname" . }} 5 | labels: 6 | {{ include "snappass.labels" . | indent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | app.kubernetes.io/name: {{ include "snappass.name" . }} 16 | app.kubernetes.io/instance: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /appuio/snappass/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "snappass.serviceAccountName" . }} 6 | labels: 7 | {{ include "snappass.labels" . | indent 4 }} 8 | {{- end -}} 9 | -------------------------------------------------------------------------------- /appuio/snappass/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "snappass.fullname" . }}-test-connection" 5 | labels: 6 | {{ include "snappass.labels" . | indent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "snappass.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /appuio/snappass/test/main_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | var ( 4 | helmChartPath = ".." 5 | releaseName = "test-release" 6 | ) 7 | -------------------------------------------------------------------------------- /appuio/snappass/test/redis_secret_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "testing" 5 | 6 | corev1 "k8s.io/api/core/v1" 7 | 8 | "github.com/stretchr/testify/assert" 9 | 10 | "github.com/gruntwork-io/terratest/modules/helm" 11 | ) 12 | 13 | var tplSecretRedis = []string{"templates/secret-redis.yaml"} 14 | 15 | func Test_Secret_Should_UseValuesRedisPassword(t *testing.T) { 16 | redisPassword := "xyHpnHNruMGGC9XfsKwZ7ArPqZytxvP468YDMGHFH3rgCJdq87YLGAY47rAAppXr" 17 | 18 | options := &helm.Options{ 19 | SetValues: map[string]string{ 20 | "redis.enabled": "false", 21 | "snappass.redis.password": redisPassword, 22 | }, 23 | } 24 | 25 | output := helm.RenderTemplate(t, options, helmChartPath, releaseName, tplSecretRedis) 26 | 27 | secret := corev1.Secret{} 28 | helm.UnmarshalK8SYaml(t, output, &secret) 29 | 30 | data := secret.Data 31 | assert.Equal(t, redisPassword, string(data["redis-password"]), "Secret does not use the redis password from the values") 32 | } 33 | -------------------------------------------------------------------------------- /appuio/snappass/test/secret_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "testing" 5 | 6 | corev1 "k8s.io/api/core/v1" 7 | 8 | "github.com/stretchr/testify/assert" 9 | 10 | "github.com/gruntwork-io/terratest/modules/helm" 11 | ) 12 | 13 | var tplSecret = []string{"templates/secret.yaml"} 14 | 15 | func Test_Secret_Should_UseValuesSecretKey(t *testing.T) { 16 | secretKey := "xyHpnHNruMGGC9XfsKwZ7ArPqZytxvP468YDMGHFH3rgCJdq87YLGAY47rAAppXr" 17 | 18 | options := &helm.Options{ 19 | SetValues: map[string]string{ 20 | "snappass.secretKey": secretKey, 21 | }, 22 | } 23 | 24 | output := helm.RenderTemplate(t, options, helmChartPath, releaseName, tplSecret) 25 | 26 | secret := corev1.Secret{} 27 | helm.UnmarshalK8SYaml(t, output, &secret) 28 | 29 | data := secret.Data 30 | assert.Equal(t, secretKey, string(data["secretKey"]), "Secret does not use the secretKey from the values") 31 | } 32 | -------------------------------------------------------------------------------- /appuio/stardog-userrole-operator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /appuio/stardog-userrole-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: stardog-userrole-operator 3 | version: 0.3.0 4 | appVersion: 0.3.0 5 | description: Stardog User and Role Operator 6 | sources: 7 | - https://github.com/vshn/stardog-userrole-operator 8 | keywords: 9 | - stardog 10 | - operator 11 | - appuio 12 | - user 13 | - role 14 | maintainers: 15 | - name: APPUiO Team 16 | email: info@appuio.ch 17 | -------------------------------------------------------------------------------- /appuio/stardog-userrole-operator/README.gotmpl.md: -------------------------------------------------------------------------------- 1 | 6 | 7 | {{ template "chart.valuesSection" . }} 8 | -------------------------------------------------------------------------------- /appuio/stardog-userrole-operator/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.config.clusterAccess.enabled }} 2 | # enabled by default by can be disabled 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRoleBinding 5 | metadata: 6 | name: {{ include "stardog-userrole-operator.fullname" . }}-manager 7 | labels: 8 | {{ include "stardog-userrole-operator.labels" . | indent 4 }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: {{ include "stardog-userrole-operator.fullname" . }}-manager 13 | subjects: 14 | - kind: ServiceAccount 15 | name: {{ template "stardog-userrole-operator.serviceAccountName" . }} 16 | namespace: {{ .Release.Namespace }} 17 | {{- end -}} 18 | {{- if .Values.metrics.proxy.enabled }} 19 | --- 20 | apiVersion: rbac.authorization.k8s.io/v1 21 | kind: ClusterRoleBinding 22 | metadata: 23 | name: {{ include "stardog-userrole-operator.fullname" . }}-proxy 24 | labels: 25 | {{ include "stardog-userrole-operator.labels" . | indent 4 }} 26 | roleRef: 27 | apiGroup: rbac.authorization.k8s.io 28 | kind: ClusterRole 29 | name: {{ include "stardog-userrole-operator.fullname" . }}-proxy 30 | subjects: 31 | - kind: ServiceAccount 32 | name: {{ template "stardog-userrole-operator.serviceAccountName" . }} 33 | namespace: {{ .Release.Namespace }} 34 | {{- end -}} 35 | -------------------------------------------------------------------------------- /appuio/stardog-userrole-operator/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.leaderElection.enabled -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ include "stardog-userrole-operator.fullname" . }}-leader-election 6 | labels: 7 | {{ include "stardog-userrole-operator.labels" . | indent 4 }} 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - configmaps 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - create 18 | - update 19 | - patch 20 | - delete 21 | - apiGroups: 22 | - "" 23 | resources: 24 | - configmaps/status 25 | verbs: 26 | - get 27 | - update 28 | - patch 29 | - apiGroups: 30 | - "" 31 | resources: 32 | - events 33 | verbs: 34 | - create 35 | - patch 36 | {{- end -}} 37 | -------------------------------------------------------------------------------- /appuio/stardog-userrole-operator/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.leaderElection.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ include "stardog-userrole-operator.fullname" . }}-leader-election 6 | labels: 7 | {{ include "stardog-userrole-operator.labels" . | indent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: {{ include "stardog-userrole-operator.fullname" . }}-leader-election 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ template "stardog-userrole-operator.serviceAccountName" . }} 15 | namespace: {{ .Release.Namespace }} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /appuio/stardog-userrole-operator/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.service.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "stardog-userrole-operator.fullname" . }}-metrics 6 | labels: 7 | {{ include "stardog-userrole-operator.labels" . | indent 4 }} 8 | spec: 9 | type: ClusterIP 10 | ports: 11 | {{- if .Values.metrics.service.enabled }} 12 | - name: metrics 13 | port: {{ .Values.metrics.service.port }} 14 | targetPort: metrics 15 | {{- end }} 16 | {{- if .Values.metrics.proxy.enabled }} 17 | - name: https 18 | port: {{ .Values.metrics.proxy.port }} 19 | targetPort: https 20 | {{- end }} 21 | selector: 22 | {{ include "stardog-userrole-operator.selectorLabels" . | indent 4 }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /appuio/stardog-userrole-operator/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "stardog-userrole-operator.serviceAccountName" . }} 6 | labels: 7 | {{ include "stardog-userrole-operator.labels" . | indent 4 }} 8 | {{- end -}} 9 | -------------------------------------------------------------------------------- /appuio/stardog-userrole-operator/test/main_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | var ( 4 | helmChartPath = ".." 5 | releaseName = "test-release" 6 | ) 7 | -------------------------------------------------------------------------------- /appuio/stardog-userrole-operator/test/role_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "fmt" 5 | "github.com/gruntwork-io/terratest/modules/helm" 6 | "github.com/stretchr/testify/assert" 7 | "github.com/stretchr/testify/require" 8 | v1 "k8s.io/api/rbac/v1" 9 | "testing" 10 | ) 11 | 12 | var ( 13 | tplRole = []string{"templates/role.yaml"} 14 | ) 15 | 16 | func Test_Role_GivenLeaderElectionTrue_ThenRenderTemplate(t *testing.T) { 17 | expectedName := releaseName + "-stardog-userrole-operator-leader-election" 18 | options := &helm.Options{ 19 | SetValues: map[string]string{ 20 | "leaderElection.enabled": fmt.Sprintf("%s", "true"), 21 | }, 22 | } 23 | 24 | role := renderRole(t, options, false) 25 | 26 | assert.Equal(t, expectedName, role.Name, "Role does not use configured name") 27 | } 28 | 29 | func Test_Role_GivenDefaultValues_ThenRenderNothing(t *testing.T) { 30 | renderRole(t, &helm.Options{}, true) 31 | } 32 | 33 | func renderRole(t *testing.T, options *helm.Options, wantErr bool) *v1.Role { 34 | output, err := helm.RenderTemplateE(t, options, helmChartPath, releaseName, tplRole) 35 | if wantErr { 36 | require.Error(t, err) 37 | return nil 38 | } 39 | require.NoError(t, err) 40 | role := v1.Role{} 41 | helm.UnmarshalK8SYaml(t, output, &role) 42 | return &role 43 | } 44 | -------------------------------------------------------------------------------- /appuio/stardog-userrole-operator/test/rolebinding_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "fmt" 5 | "github.com/gruntwork-io/terratest/modules/helm" 6 | "github.com/stretchr/testify/assert" 7 | "github.com/stretchr/testify/require" 8 | v1 "k8s.io/api/rbac/v1" 9 | "testing" 10 | ) 11 | 12 | var ( 13 | tplRoleBinding = []string{"templates/rolebinding.yaml"} 14 | ) 15 | 16 | func Test_RoleBinding_GivenElectionLeader_ThenRenderTemplate(t *testing.T) { 17 | expectedName := releaseName + "-stardog-userrole-operator-leader-election" 18 | expectedRoleRef := releaseName + "-stardog-userrole-operator-leader-election" 19 | expectedSAName := releaseName + "-stardog-userrole-operator" 20 | options := &helm.Options{ 21 | SetValues: map[string]string{ 22 | "leaderElection.enabled": fmt.Sprintf("%s", "true"), 23 | }, 24 | } 25 | 26 | roleBinding := renderRoleBinding(t, options, false) 27 | 28 | assert.Equal(t, expectedName, roleBinding.Name, "RoleBinding does not use configured name") 29 | assert.Equal(t, expectedRoleRef, roleBinding.RoleRef.Name, "RoleRef does not use configured name") 30 | assert.Equal(t, expectedSAName, roleBinding.Subjects[0].Name, "ServiceAccount does not use configured name") 31 | } 32 | 33 | func Test_RoleBinding_GivenDefaultValues_ThenRenderNothing(t *testing.T) { 34 | renderRoleBinding(t, &helm.Options{}, true) 35 | } 36 | 37 | func renderRoleBinding(t *testing.T, options *helm.Options, wantErr bool) *v1.RoleBinding { 38 | output, err := helm.RenderTemplateE(t, options, helmChartPath, releaseName, tplRoleBinding) 39 | if wantErr { 40 | require.Error(t, err) 41 | return nil 42 | } 43 | require.NoError(t, err) 44 | roleBinding := v1.RoleBinding{} 45 | helm.UnmarshalK8SYaml(t, output, &roleBinding) 46 | return &roleBinding 47 | } 48 | -------------------------------------------------------------------------------- /appuio/stardog-userrole-operator/test/serviceaccount_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "github.com/stretchr/testify/assert" 5 | "github.com/stretchr/testify/require" 6 | corev1 "k8s.io/api/core/v1" 7 | "testing" 8 | 9 | "github.com/gruntwork-io/terratest/modules/helm" 10 | ) 11 | 12 | var ( 13 | tplServiceAccount = []string{"templates/serviceaccount.yaml"} 14 | ) 15 | 16 | func Test_ServiceAccount_ShouldNotRender_IfDisabled(t *testing.T) { 17 | options := &helm.Options{ 18 | SetValues: map[string]string{ 19 | "serviceAccount.create": "false", 20 | }, 21 | } 22 | 23 | renderServiceAccount(t, options, true) 24 | } 25 | 26 | func Test_ServiceAccount_ShouldRender_ByDefault(t *testing.T) { 27 | want := releaseName + "-stardog-userrole-operator" 28 | options := &helm.Options{} 29 | 30 | sa := renderServiceAccount(t, options, false) 31 | assert.Equal(t, want, sa.Name, "ServiceAccount does use configured name") 32 | } 33 | 34 | func Test_ServiceAccount_ShouldRender_CustomName(t *testing.T) { 35 | want := "test" 36 | options := &helm.Options{ 37 | SetValues: map[string]string{ 38 | "serviceAccount.name": want, 39 | }, 40 | } 41 | 42 | sa := renderServiceAccount(t, options, false) 43 | 44 | assert.Equal(t, want, sa.Name, "ServiceAccount does use configured name") 45 | } 46 | 47 | func renderServiceAccount(t *testing.T, options *helm.Options, wantErr bool) *corev1.ServiceAccount { 48 | output, err := helm.RenderTemplateE(t, options, helmChartPath, releaseName, tplServiceAccount) 49 | if wantErr { 50 | require.Error(t, err) 51 | return nil 52 | } 53 | require.NoError(t, err) 54 | sa := corev1.ServiceAccount{} 55 | helm.UnmarshalK8SYaml(t, output, &sa) 56 | return &sa 57 | } 58 | -------------------------------------------------------------------------------- /appuio/stardog-userrole-operator/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | registry: ghcr.io 3 | repository: vshn/stardog-userrole-operator 4 | tag: v0.3.0 5 | pullPolicy: Always 6 | 7 | imagePullSecrets: [] 8 | 9 | replicaCount: 1 10 | # nameOverride: "" 11 | # fullnameOverride: "" 12 | 13 | leaderElection: 14 | # -- Enable leader election for multiple replicas 15 | enabled: false 16 | 17 | serviceAccount: 18 | # Specifies whether a service account should be created 19 | create: true 20 | # The name of the service account to use. 21 | # If not set and create is true, a name is generated using the fullname template 22 | # name: stardog-operator 23 | 24 | config: 25 | clusterAccess: 26 | # -- Enable cluster access to operator 27 | enabled: true 28 | env: 29 | # -- Reconciliation frequency of CRD 30 | RECONCILIATION_FREQUENCY: "30s" 31 | # -- Reconciliation frequency of CRD on error 32 | RECONCILIATION_FREQUENCY_ON_ERROR: "5m" 33 | # -- Which environments should be skipped during reconciliation of Namespaced CRD 34 | # -- Currently: StardogUser, StardogRole and StardogInstance CRD 35 | # -- semicolon separated ex: "stardog-test;stardog-prod" 36 | DISABLED_ENVIRONMENTS: "" 37 | 38 | resources: 39 | limits: 40 | cpu: 100m 41 | memory: 100Mi 42 | requests: 43 | cpu: 30m 44 | memory: 20Mi 45 | 46 | metrics: 47 | service: 48 | enabled: true 49 | port: 8080 50 | proxy: 51 | # -- Proxy image 52 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.12.0 53 | # -- Enable metrics via service behind a authenticated proxy 54 | enabled: false 55 | port: 8443 56 | -------------------------------------------------------------------------------- /appuio/stardog/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | test/ 23 | -------------------------------------------------------------------------------- /appuio/stardog/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: stardog 3 | version: 0.26.5 4 | appVersion: 10.2.2 5 | description: Stardog is the world’s leading knowledge graph platform for the enterprise. Stardog makes it fast and easy to turn enterprise data into knowledge. 6 | home: "https://www.stardog.com/" 7 | icon: https://d33wubrfki0l68.cloudfront.net/img/c920235ff153186ab17617ce2bce193d867fa80c/stardog-logo.png 8 | maintainers: 9 | - name: APPUiO Team 10 | email: info@appuio.ch 11 | -------------------------------------------------------------------------------- /appuio/stardog/Makefile: -------------------------------------------------------------------------------- 1 | MAKEFLAGS += --warn-undefined-variables 2 | SHELL := bash 3 | .SHELLFLAGS := -eu -o pipefail -c 4 | .DEFAULT_GOAL := help 5 | .DELETE_ON_ERROR: 6 | .SUFFIXES: 7 | 8 | .PHONY: help 9 | help: ## Show this help 10 | @grep -E -h '\s##\s' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = "(: ).*?## "}; {gsub(/\\:/,":",$$1)}; {printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' 11 | 12 | # 13 | # "Interface" for parent Makefile 14 | # 15 | prepare: 16 | helm repo add bitnami-b661ad0 https://raw.githubusercontent.com/bitnami/charts/b661ad0e6e3277fc5b5b2db197cba47174693712/bitnami/ 17 | helm dep build 18 | -------------------------------------------------------------------------------- /appuio/stardog/files/jmx-exporter.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | startDelaySeconds: 10 3 | hostPort: 127.0.0.1:5833 4 | ssl: false 5 | lowercaseOutputName: true 6 | lowercaseOutputLabelNames: true 7 | rules: 8 | - pattern: Stardog<00=databases, 01=(.+?), name=(.+)><>(Count|Value) 9 | name: stardog_database_$2 10 | labels: 11 | database: $1 12 | - pattern: Stardog<>Value 13 | name: stardog_dbms_mem_$1 14 | - pattern: .* 15 | -------------------------------------------------------------------------------- /appuio/stardog/files/stardog.properties: -------------------------------------------------------------------------------- 1 | watchdog.enabled=false 2 | logging.audit.enabled=true 3 | logging.audit.type=text 4 | logging.audit.file=/dev/stdout 5 | -------------------------------------------------------------------------------- /appuio/stardog/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: zookeeper 3 | repository: https://raw.githubusercontent.com/bitnami/charts/b661ad0e6e3277fc5b5b2db197cba47174693712/bitnami/ 4 | version: 9.2.7 5 | digest: sha256:e5ba4bc039eda05c1daac5dc85e821d146cd6b94e94f6a9533ceaa9b5c06cd90 6 | generated: "2024-04-16T17:56:12.691938401+02:00" 7 | -------------------------------------------------------------------------------- /appuio/stardog/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: zookeeper 3 | version: 9.2.7 4 | repository: https://raw.githubusercontent.com/bitnami/charts/b661ad0e6e3277fc5b5b2db197cba47174693712/bitnami/ 5 | condition: zookeeper.enabled 6 | -------------------------------------------------------------------------------- /appuio/stardog/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | http{{ if $.Values.ingress.tls.enabled }}s{{ end }}://{{ .Values.ingress.host }} 4 | {{- else }} 5 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "stardog.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 6 | echo "Visit http://127.0.0.1:5820 to use Stardog" 7 | kubectl port-forward $POD_NAME 5820:5820 8 | {{- end }} 9 | -------------------------------------------------------------------------------- /appuio/stardog/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "stardog.fullname" . }}-config 5 | labels: 6 | app.kubernetes.io/name: {{ include "stardog.name" . }} 7 | helm.sh/chart: {{ include "stardog.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | data: 11 | {{- (.Files.Glob "files/*.xml").AsConfig | nindent 2 }} 12 | 13 | {{- (.Files.Glob "files/*.sh").AsConfig | nindent 2 }} 14 | 15 | {{- (.Files.Glob "files/stardog.properties").AsConfig | nindent 2 }} 16 | {{- .Values.stardog.config | nindent 4 }} 17 | {{- if .Values.zookeeper.enabled -}} 18 | pack.enabled=true 19 | pack.zookeeper.address={{ template "stardog.zookeeperConnection" . }} 20 | pack.session.timeout={{ .Values.zookeeper.sessionTimeout }} 21 | pack.curator.retry.count=42 22 | pack.node.join.retry.count=42 23 | {{- if .Values.zookeeper.auth.enabled }} 24 | pack.zookeeper.auth=$ZOOKEEPER_USERNAME:$ZOOKEEPER_PASSWORD 25 | {{- end }} 26 | {{- end }} 27 | 28 | {{- if .Values.metrics.enabled }} 29 | metrics.enabled=true 30 | metrics.reporter=jmx 31 | metrics.jmx.remote.access=true 32 | {{- end }} 33 | 34 | {{- if .Values.memory.spilling_max_file_length }} 35 | spilling.max.file.length={{ .Values.memory.spilling_max_file_length }} 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /appuio/stardog/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- $ingress := .Values.ingress -}} 2 | {{- if $ingress.enabled -}} 3 | {{- $fullName := include "stardog.fullname" . -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | app.kubernetes.io/name: {{ include "stardog.name" . }} 10 | helm.sh/chart: {{ include "stardog.chart" . }} 11 | app.kubernetes.io/instance: {{ .Release.Name }} 12 | app.kubernetes.io/managed-by: {{ .Release.Service }} 13 | {{- with $ingress.annotations }} 14 | annotations: 15 | {{- toYaml . | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | {{- if $ingress.tls.enabled }} 19 | tls: 20 | - hosts: 21 | - {{ $ingress.host }} 22 | {{- if $ingress.tls.secretName }} 23 | secretName: {{ $ingress.tls.secretName }} 24 | {{- else }} 25 | secretName: {{ $fullName }}-tls 26 | {{- end }} 27 | {{- end }} 28 | rules: 29 | - host: {{ $ingress.host }} 30 | http: 31 | paths: 32 | - path: / 33 | pathType: Prefix 34 | backend: 35 | service: 36 | name: {{ $fullName }} 37 | port: 38 | name: stardog 39 | {{- end }} 40 | -------------------------------------------------------------------------------- /appuio/stardog/templates/jmx-exporter-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "stardog.fullname" . }}-jmx-exporter 6 | labels: 7 | app.kubernetes.io/name: {{ include "stardog.name" . }} 8 | helm.sh/chart: {{ include "stardog.chart" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/managed-by: {{ .Release.Service }} 11 | data: 12 | {{- (.Files.Glob "files/jmx-exporter.yaml").AsConfig | nindent 2 }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /appuio/stardog/templates/monitoring/stardog-java-rules.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.prometheusOperator }} 2 | {{- $ns_selector := printf "namespace=\"%s\"" .Release.Namespace }} 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PrometheusRule 5 | metadata: 6 | name: {{ include "stardog.fullname" . }}-java-rules 7 | labels: 8 | app.kubernetes.io/name: {{ include "stardog.name" . }} 9 | helm.sh/chart: {{ include "stardog.chart" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/managed-by: {{ .Release.Service }} 12 | role: alert-rules 13 | spec: 14 | groups: 15 | 16 | - name: Memory Usage 17 | rules: 18 | - alert: JavaLowHeapMemory 19 | expr: dbms_memory_heap_max{ {{ $ns_selector }} } - dbms_memory_heap_used{ {{ $ns_selector }} } < 128 * 1024 * 1024 20 | for: 1m 21 | annotations: 22 | summary: Java Low Heap Memory 23 | description: Less than 128M of heap memory is available ({{ "{{" }} $value {{ "}}" }}). 24 | labels: 25 | env: {{ .Release.Name }} 26 | app: stardog 27 | severity: warning 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /appuio/stardog/templates/monitoring/stardog-servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.prometheusOperator }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ include "stardog.fullname" . }} 6 | labels: 7 | app.kubernetes.io/name: {{ include "stardog.name" . }} 8 | helm.sh/chart: {{ include "stardog.chart" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/managed-by: {{ .Release.Service }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | app.kubernetes.io/name: {{ include "stardog.name" . }} 15 | endpoints: 16 | - basicAuth: 17 | password: 18 | name: {{ include "stardog.fullname" . }}-user-passwords 19 | key: admin 20 | username: 21 | # unless there is a cleaner way of doing this, the name "admin" must be stored in a secret: 22 | name: {{ template "stardog.fullname" . }}-admin-username 23 | key: adminusername 24 | {{- if .Values.metrics.serviceMonitor.interval }} 25 | interval: {{ quote .Values.metrics.serviceMonitor.interval }} 26 | {{- end }} 27 | path: /admin/status/prometheus 28 | port: stardog 29 | {{- if .Values.metrics.serviceMonitor.timeout }} 30 | scrapeTimeout: {{ quote .Values.metrics.serviceMonitor.timeout }} 31 | {{- end }} 32 | jobLabel: app.kubernetes.io/instance 33 | podTargetLabels: 34 | - app.kubernetes.io/component 35 | - app.kubernetes.io/name 36 | --- 37 | apiVersion: v1 38 | kind: Secret 39 | metadata: 40 | name: {{ include "stardog.fullname" . }}-admin-username 41 | labels: 42 | app.kubernetes.io/name: {{ include "stardog.name" . }} 43 | helm.sh/chart: {{ include "stardog.chart" . }} 44 | app.kubernetes.io/instance: {{ .Release.Name }} 45 | app.kubernetes.io/managed-by: {{ .Release.Service }} 46 | stringData: 47 | adminusername: admin 48 | {{- end }} 49 | -------------------------------------------------------------------------------- /appuio/stardog/templates/monitoring/zookeeper-rules.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.metrics.prometheusOperator .Values.zookeeper.enabled }} 2 | {{- $ns_selector := printf "namespace=\"%s\"" .Release.Namespace }} 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PrometheusRule 5 | metadata: 6 | name: {{ include "stardog.fullname" . }}-zookeeper-rules 7 | labels: 8 | app.kubernetes.io/name: {{ include "stardog.name" . }} 9 | helm.sh/chart: {{ include "stardog.chart" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/managed-by: {{ .Release.Service }} 12 | role: alert-rules 13 | {{- include "prometheusRules.extraLabels" .Values.metrics.zookeeperRules.extraLabels | indent 4 }} 14 | spec: 15 | groups: 16 | - name: zookeeper 17 | rules: 18 | - alert: ZooKeeperPodsNotReady 19 | expr: kube_statefulset_status_replicas_ready{ {{ $ns_selector }}, statefulset="{{ include "stardog.zookeeper.fullname" . }}" } != {{ .Values.zookeeper.replicaCount }} 20 | for: 10m 21 | annotations: 22 | summary: Pods of ZooKeeper StatefulSet not ready 23 | description: Only {{ "{{" }} $value {{ "}}" }} of {{ .Values.zookeeper.replicaCount }} ZooKeeper pods are ready in namespace {{ "{{" }} $labels.namespace {{ "}}" }}. 24 | labels: 25 | env: {{ .Release.Name }} 26 | app: zookeeper 27 | severity: "{{ "{{ if lt $value 2.0 }}" }}critical{{ "{{ else }}" }}warning{{ "{{ end }}" }}" 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /appuio/stardog/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if (gt (.Values.replicaCount | int) 1) }} 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ include "stardog.fullname" . }} 6 | spec: 7 | maxUnavailable: 1 8 | selector: 9 | matchLabels: 10 | app.kubernetes.io/name: {{ include "stardog.name" . }} 11 | app.kubernetes.io/instance: {{ .Release.Name }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /appuio/stardog/templates/pull-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (not .Values.image.existingPullSecret) .Values.image.password }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "stardog.fullname" . }}-pullsecret 6 | labels: 7 | app.kubernetes.io/name: {{ include "stardog.name" . }} 8 | helm.sh/chart: {{ include "stardog.chart" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/managed-by: {{ .Release.Service }} 11 | type: kubernetes.io/dockerconfigjson 12 | data: 13 | .dockerconfigjson: {{ template "stardog.imagePullSecret" . }} 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /appuio/stardog/templates/s3-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.stardog.backup.databases }} 2 | {{- if not .Values.stardog.backup.s3CredentialsExistingSecret }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ include "stardog.fullname" . }}-backup-s3-credentials 7 | labels: 8 | app.kubernetes.io/name: {{ include "stardog.name" . }} 9 | helm.sh/chart: {{ include "stardog.chart" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/managed-by: {{ .Release.Service }} 12 | data: 13 | s3-access-key: {{ required "An access key is required to make backups" .Values.stardog.backup.s3AccessKey | b64enc | quote }} 14 | s3-secret-key: {{ required "A secret key is required to make backups" .Values.stardog.backup.s3SecretKey | b64enc | quote }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /appuio/stardog/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "stardog.fullname" . }} 5 | labels: 6 | app.kubernetes.io/name: {{ include "stardog.name" . }} 7 | helm.sh/chart: {{ include "stardog.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | spec: 11 | type: ClusterIP 12 | ports: 13 | - name: stardog 14 | port: 5820 15 | targetPort: stardog 16 | {{- if .Values.metrics.enabled }} 17 | - name: metrics 18 | port: 80 19 | targetPort: metrics 20 | {{- end }} 21 | selector: 22 | app.kubernetes.io/name: {{ include "stardog.name" . }} 23 | app.kubernetes.io/component: server 24 | app.kubernetes.io/instance: {{ .Release.Name }} 25 | -------------------------------------------------------------------------------- /appuio/stardog/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "stardog.fullname" . }}-test-connection" 5 | labels: 6 | app.kubernetes.io/name: {{ include "stardog.name" . }} 7 | helm.sh/chart: {{ include "stardog.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | annotations: 11 | "helm.sh/hook": test-success 12 | spec: 13 | containers: 14 | - name: wget 15 | image: busybox 16 | command: ['wget'] 17 | args: ['http://{{ include "stardog.fullname" . }}:5820'] 18 | restartPolicy: Never 19 | -------------------------------------------------------------------------------- /appuio/stardog/templates/user-pw-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ include "stardog.fullname" . }}-user-passwords 5 | labels: 6 | app.kubernetes.io/name: {{ include "stardog.name" . }} 7 | helm.sh/chart: {{ include "stardog.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | data: 11 | admin: {{ required "A password for the stardog admin is required" .Values.stardog.adminPassword | b64enc | quote }} 12 | {{ range .Values.stardog.users }} 13 | {{ .name }}: {{ .password | b64enc | quote }} 14 | {{end}} 15 | -------------------------------------------------------------------------------- /appuio/stardog/test/main_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | var ( 4 | helmChartPath = ".." 5 | adminPassword = "something" 6 | releaseName = "test-release" 7 | ) 8 | -------------------------------------------------------------------------------- /appuio/stardog/test/postinstall_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "testing" 5 | 6 | batchv1 "k8s.io/api/batch/v1" 7 | 8 | "github.com/gruntwork-io/terratest/modules/helm" 9 | "github.com/stretchr/testify/assert" 10 | ) 11 | 12 | var tplPostInstallJob = []string{"templates/post-install-job.yaml"} 13 | 14 | func Test_PostInstallJob_GivenReplicaCount_WhenZero_ThenDoNotRenderJob(t *testing.T) { 15 | options := &helm.Options{ 16 | SetValues: map[string]string{ 17 | "stardog.adminPassword": adminPassword, 18 | "replicaCount": "0", 19 | }, 20 | } 21 | 22 | output, err := helm.RenderTemplateE(t, options, helmChartPath, releaseName, tplPostInstallJob) 23 | 24 | assert.Error(t, err) 25 | assert.Equal(t, "", output) 26 | } 27 | 28 | func Test_PostInstallJob_GivenReplicaCount_WhenGreaterThanZero_ThenRenderJob(t *testing.T) { 29 | options := &helm.Options{ 30 | SetValues: map[string]string{ 31 | "stardog.adminPassword": adminPassword, 32 | "replicaCount": "1", 33 | }, 34 | } 35 | 36 | output := helm.RenderTemplate(t, options, helmChartPath, releaseName, tplPostInstallJob) 37 | 38 | job := batchv1.Job{} 39 | helm.UnmarshalK8SYaml(t, output, &job) 40 | 41 | assert.NotEmpty(t, job.Spec) 42 | } 43 | -------------------------------------------------------------------------------- /appuio/stardog/test/pull_secret_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "testing" 5 | 6 | corev1 "k8s.io/api/core/v1" 7 | 8 | "github.com/gruntwork-io/terratest/modules/helm" 9 | "github.com/stretchr/testify/assert" 10 | ) 11 | 12 | var tplPullSecret = []string{"templates/pull-secret.yaml"} 13 | 14 | func Test_PullSecret(t *testing.T) { 15 | registryUserName := "superhero" 16 | registryPassword := "supersecret" 17 | 18 | options := &helm.Options{ 19 | SetValues: map[string]string{ 20 | "image.username": registryUserName, 21 | "image.password": registryPassword, 22 | "stardog.adminPassword": adminPassword, 23 | }, 24 | } 25 | 26 | output := helm.RenderTemplate(t, options, helmChartPath, releaseName, tplPullSecret) 27 | 28 | secret := corev1.Secret{} 29 | helm.UnmarshalK8SYaml(t, output, &secret) 30 | 31 | assert.NotEmpty(t, secret.Data[".dockerconfigjson"]) 32 | } 33 | -------------------------------------------------------------------------------- /appuio/stardog/test/user_pw_secret_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "testing" 5 | 6 | corev1 "k8s.io/api/core/v1" 7 | 8 | "github.com/gruntwork-io/terratest/modules/helm" 9 | "github.com/stretchr/testify/assert" 10 | ) 11 | 12 | var tplUserPwSecret = []string{"templates/user-pw-secret.yaml"} 13 | 14 | func Test_UserPwSecret_ShouldThrowError_IfNotGiven(t *testing.T) { 15 | 16 | options := &helm.Options{} 17 | 18 | _, err := helm.RenderTemplateE(t, options, helmChartPath, releaseName, tplUserPwSecret) 19 | assert.Error(t, err) 20 | } 21 | 22 | func Test_UserPwSecret_ShouldListGivenUsers(t *testing.T) { 23 | user1 := "user1" 24 | user2 := "user2" 25 | pw1 := "password1" 26 | pw2 := "password2" 27 | 28 | options := &helm.Options{ 29 | SetValues: map[string]string{ 30 | "stardog.users[0].name": user1, 31 | "stardog.users[0].password": pw1, 32 | "stardog.users[1].name": user2, 33 | "stardog.users[1].password": pw2, 34 | "stardog.adminPassword": adminPassword, 35 | }, 36 | } 37 | 38 | output := helm.RenderTemplate(t, options, helmChartPath, releaseName, tplUserPwSecret) 39 | 40 | secret := corev1.Secret{} 41 | helm.UnmarshalK8SYaml(t, output, &secret) 42 | 43 | assert.Equal(t, adminPassword, string(secret.Data["admin"])) 44 | assert.Equal(t, pw1, string(secret.Data[user1])) 45 | assert.Equal(t, pw2, string(secret.Data[user2])) 46 | } 47 | -------------------------------------------------------------------------------- /appuio/trifid/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | test/ 24 | -------------------------------------------------------------------------------- /appuio/trifid/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: trifid 3 | description: Trifid provides a lightweight and easy way to access Linked Data URIs via HTTP. 4 | version: 2.0.2 5 | appVersion: 2.3.7 6 | home: "https://github.com/zazuko/trifid" 7 | sources: 8 | - https://github.com/zazuko/trifid 9 | -------------------------------------------------------------------------------- /appuio/trifid/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "trifid.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | apiVersion: networking.k8s.io/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | {{- include "trifid.labels" . | nindent 4 }} 10 | {{- with .Values.ingress.annotations }} 11 | annotations: 12 | {{- toYaml . | nindent 4 }} 13 | {{- end }} 14 | spec: 15 | {{- if .Values.ingress.tls }} 16 | tls: 17 | {{- range .Values.ingress.tls }} 18 | - hosts: 19 | {{- range .hosts }} 20 | - {{ . | quote }} 21 | {{- end }} 22 | secretName: {{ .secretName }} 23 | {{- end }} 24 | {{- end }} 25 | rules: 26 | {{- range .Values.ingress.hosts }} 27 | - host: {{ .host | quote }} 28 | http: 29 | paths: 30 | {{- range .paths }} 31 | - path: {{ . }} 32 | pathType: ImplementationSpecific 33 | backend: 34 | service: 35 | name: {{ $fullName }} 36 | port: 37 | number: {{ $svcPort }} 38 | {{- end }} 39 | {{- end }} 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /appuio/trifid/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.pdb.enabled }} 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ include "trifid.fullname" . }} 6 | labels: 7 | {{- include "trifid.labels" . | nindent 4 }} 8 | spec: 9 | minAvailable: {{ .Values.pdb.minAvailable }} 10 | selector: 11 | matchLabels: 12 | {{- include "trifid.selectorLabels" . | nindent 6 }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /appuio/trifid/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- $endpoint := .Values.trifid.sparql.endpoint -}} 2 | {{- if not $endpoint.secretName }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ include "trifid.fullname" . }} 7 | labels: 8 | {{- include "trifid.labels" . | nindent 4 }} 9 | type: Opaque 10 | data: 11 | username: {{ $endpoint.username | b64enc }} 12 | password: {{ $endpoint.password | b64enc }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /appuio/trifid/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "trifid.fullname" . }} 5 | labels: 6 | {{- include "trifid.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "trifid.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /appuio/trifid/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "trifid.serviceAccountName" . }} 6 | labels: 7 | {{ include "trifid.labels" . | nindent 4 }} 8 | {{- end -}} 9 | -------------------------------------------------------------------------------- /appuio/trifid/test/main_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | var ( 4 | helmChartPath = ".." 5 | releaseName = "test-release" 6 | ) 7 | -------------------------------------------------------------------------------- /appuio/trifid/test/secret_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "testing" 5 | 6 | corev1 "k8s.io/api/core/v1" 7 | 8 | "github.com/stretchr/testify/assert" 9 | 10 | "github.com/gruntwork-io/terratest/modules/helm" 11 | ) 12 | 13 | var tplSecret = []string{"templates/secret.yaml"} 14 | 15 | func Test_Secret_Should_UseValuesEndpointCredentials(t *testing.T) { 16 | username := "admin" 17 | password := "xyHpnHNruMGGC9XfsKwZ7ArPqZytxvP468YDMGHFH3rgCJdq87YLGAY47rAAppXr" 18 | 19 | options := &helm.Options{ 20 | SetValues: map[string]string{ 21 | "trifid.sparql.endpoint.username": username, 22 | "trifid.sparql.endpoint.password": password, 23 | }, 24 | } 25 | 26 | output := helm.RenderTemplate(t, options, helmChartPath, releaseName, tplSecret) 27 | 28 | secret := corev1.Secret{} 29 | helm.UnmarshalK8SYaml(t, output, &secret) 30 | 31 | data := secret.Data 32 | assert.Equal(t, username, string(data["username"]), "Secret does not use the endpoint username from the values") 33 | assert.Equal(t, password, string(data["password"]), "Secret does not use the endpoint password from the values") 34 | } 35 | -------------------------------------------------------------------------------- /appuio/trifid/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for trifid. 2 | trifid: 3 | sparql: 4 | endpoint: 5 | url: https://appuio.ch 6 | username: user 7 | password: pass 8 | # secretName: # name of an existing secret 9 | 10 | replicaCount: 2 11 | 12 | image: 13 | repository: docker.io/zazuko/trifid 14 | tag: 2.3.7 15 | pullPolicy: IfNotPresent 16 | 17 | imagePullSecrets: [] 18 | nameOverride: "" 19 | fullnameOverride: "" 20 | 21 | serviceAccount: 22 | # Specifies whether a service account should be created 23 | create: false 24 | # The name of the service account to use. 25 | # If not set and create is true, a name is generated using the fullname template 26 | name: 27 | 28 | podSecurityContext: 29 | # fsGroup: 2000 30 | 31 | securityContext: 32 | capabilities: 33 | drop: 34 | - ALL 35 | runAsNonRoot: true 36 | runAsUser: 1000 37 | readOnlyRootFilesystem: true 38 | 39 | pdb: 40 | enabled: true 41 | minAvailable: 1 42 | 43 | service: 44 | type: ClusterIP 45 | port: 80 46 | 47 | ingress: 48 | enabled: false 49 | annotations: 50 | {} 51 | # kubernetes.io/ingress.class: nginx 52 | # kubernetes.io/tls-acme: "true" 53 | hosts: 54 | - host: chart-example.local 55 | paths: [] 56 | tls: [] 57 | # - secretName: chart-example-tls 58 | # hosts: 59 | # - chart-example.local 60 | 61 | resources: 62 | requests: 63 | cpu: 500m 64 | memory: 256Mi 65 | limits: 66 | cpu: 1000m 67 | memory: 512Mi 68 | 69 | nodeSelector: {} 70 | 71 | tolerations: [] 72 | 73 | extraEnv: 74 | {} 75 | # VARIABLE_NAME: value 76 | -------------------------------------------------------------------------------- /readme.go: -------------------------------------------------------------------------------- 1 | //go:build readme 2 | // +build readme 3 | 4 | package main 5 | 6 | import ( 7 | "bufio" 8 | "fmt" 9 | "os" 10 | "path/filepath" 11 | "strings" 12 | "text/template" 13 | ) 14 | 15 | func main() { 16 | // Get Template filename 17 | t, err := template.ParseFiles(os.Args[1]) 18 | if err != nil { 19 | fmt.Println(err) 20 | return 21 | } 22 | // Get Target filename 23 | f, err := os.Create(os.Args[2]) 24 | defer f.Close() 25 | if err != nil { 26 | fmt.Println(err) 27 | return 28 | } 29 | chartsDir := os.Args[3] 30 | 31 | files, _ := filepath.Glob("**/*/Chart.yaml") 32 | var charts []map[string]string 33 | for _, file := range files { 34 | charts = append(charts, map[string]string{ 35 | "name": strings.Split(file, "/")[1], 36 | "dir": chartsDir, 37 | "version": extractVersion(file), 38 | }) 39 | } 40 | err = t.Execute(f, map[string]interface{}{ 41 | "charts": charts, 42 | }) 43 | if err != nil { 44 | fmt.Println(err) 45 | return 46 | } 47 | } 48 | 49 | func extractVersion(filepath string) string { 50 | f, err := os.Open(filepath) 51 | if err != nil { 52 | fmt.Println(err) 53 | return "" 54 | } 55 | defer f.Close() 56 | scanner := bufio.NewScanner(f) 57 | for scanner.Scan() { 58 | line := scanner.Text() 59 | if strings.HasPrefix(line, "version: ") { 60 | version := strings.TrimPrefix(line, "version: ") 61 | return version 62 | } 63 | } 64 | return "" 65 | } 66 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": [ 3 | "config:base", 4 | ":gitSignOff", 5 | ":disableDependencyDashboard" 6 | ], 7 | "bumpVersion": "minor", 8 | "helm-values": { 9 | "fileMatch": ["(^|/)values\\.yaml$"] 10 | }, 11 | "packageRules": [ 12 | { 13 | "packagePatterns": ["^k8s.io", "^sigs.k8s.io"], 14 | "enabled": false 15 | } 16 | ], 17 | "postUpdateOptions": [ 18 | "gomodTidy" 19 | ], 20 | "labels": [ 21 | "dependency" 22 | ], 23 | "prBodyNotes": [ 24 | "- [ ] PR contains the label that identifies the chart, e.g. `chart/`" 25 | ], 26 | "ignorePaths": [ 27 | "**/appuio/k8up/**" 28 | ] 29 | } 30 | -------------------------------------------------------------------------------- /tools.go: -------------------------------------------------------------------------------- 1 | //go:build tools 2 | 3 | // Package tools is a place to put any tooling dependencies as imports. 4 | // Go modules will be forced to download and install them. 5 | package tools 6 | 7 | import ( 8 | // helm-docs 9 | _ "github.com/norwoodj/helm-docs/cmd/helm-docs" 10 | ) 11 | --------------------------------------------------------------------------------