├── charts ├── other │ ├── app-template │ │ ├── values.yaml │ │ ├── LICENSE │ │ ├── values.schema.json │ │ ├── templates │ │ │ └── common.yaml │ │ ├── .helmignore │ │ └── Chart.yaml │ └── multus │ │ ├── values.yaml │ │ └── Chart.yaml ├── library │ └── common │ │ ├── LICENSE │ │ ├── test-chart │ │ ├── values.yaml │ │ ├── ci │ │ │ ├── .gitignore │ │ │ ├── no-service.yaml │ │ │ ├── cronjob-values.yaml │ │ │ └── basic-values.yaml │ │ ├── values.schema.json │ │ ├── testFiles │ │ │ ├── escaped │ │ │ │ └── test_2.yaml │ │ │ ├── envFile │ │ │ │ └── envfile │ │ │ └── binary │ │ │ │ └── helm.jpg │ │ ├── unittests │ │ │ ├── _values │ │ │ │ ├── controllers_main_default_container.yaml │ │ │ │ ├── service_main_default.yaml │ │ │ │ ├── ingress_main_default_hosts.yaml │ │ │ │ └── rbac_values.yaml │ │ │ ├── secret │ │ │ │ ├── validation_test.yaml │ │ │ │ ├── field_fromFolder_escaped_test.yaml │ │ │ │ └── metadata_annotations_test.yaml │ │ │ ├── configmap │ │ │ │ ├── validation_test.yaml │ │ │ │ └── field_fromFolder_escaped_test.yaml │ │ │ ├── pod │ │ │ │ ├── validations_test.yaml │ │ │ │ ├── field_volumes_nfs_test.yaml │ │ │ │ ├── field_volumes_custom_test.yaml │ │ │ │ ├── field_replicas_test.yaml │ │ │ │ ├── field_hostPID_test.yaml │ │ │ │ ├── field_hostIPC_test.yaml │ │ │ │ ├── field_dnsPolicy_test.yaml │ │ │ │ ├── field_volumes_hostpath_test.yaml │ │ │ │ ├── field_enableServiceLinks_test.yaml │ │ │ │ ├── field_hostNetwork_test.yaml │ │ │ │ └── field_shareProcessNamespace_test.yaml │ │ │ ├── service │ │ │ │ ├── field_ports_appProtocol_test.yaml │ │ │ │ ├── field_internalTrafficPolicy_test.yaml │ │ │ │ ├── field_ports_targetPort_test.yaml │ │ │ │ ├── field_externalName_test.yaml │ │ │ │ ├── field_externalTrafficPolicy_test.yaml │ │ │ │ ├── field_allocateLoadBalancerNodePorts_test.yaml │ │ │ │ ├── field_trafficDistribution_test.yaml │ │ │ │ └── metadata_annotations_test.yaml │ │ │ ├── job │ │ │ │ ├── metadata_jobTemplate_annotations_test.yaml │ │ │ │ ├── field_parallelism_test.yaml │ │ │ │ ├── field_suspend_test.yaml │ │ │ │ ├── metadata_jobTemplate_labels_test.yaml │ │ │ │ ├── field_backoffLimit_test.yaml │ │ │ │ ├── field_ttlSecondsAfterFinished_test.yaml │ │ │ │ ├── field_restartPolicy_test.yaml │ │ │ │ └── metadata_annotations_test.yaml │ │ │ ├── misc │ │ │ │ └── nameoverride_test.yaml │ │ │ ├── rbac │ │ │ │ ├── role_test.yaml │ │ │ │ └── metadata_annotations_test.yaml │ │ │ ├── route │ │ │ │ └── field_rule_name_test.yaml │ │ │ ├── cronjob │ │ │ │ ├── metadata_jobTemplate_annotations_test.yaml │ │ │ │ ├── field_suspend_test.yaml │ │ │ │ ├── field_parallelism_test.yaml │ │ │ │ ├── metadata_jobTemplate_labels_test.yaml │ │ │ │ ├── field_failedJobsHistory_test.yaml │ │ │ │ ├── field_concurrencyPolicy_test.yaml │ │ │ │ ├── field_successfulJobsHistory_test.yaml │ │ │ │ ├── field_ttlSecondsAfterFinished_test.yaml │ │ │ │ └── field_restartPolicy_test.yaml │ │ │ ├── container │ │ │ │ ├── field_tty_test.yaml │ │ │ │ ├── field_stdin_test.yaml │ │ │ │ ├── field_restartpolicy_test.yaml │ │ │ │ ├── validations_test.yaml │ │ │ │ ├── field_ports_test.yaml │ │ │ │ └── field_workingdir_test.yaml │ │ │ ├── serviceMonitor │ │ │ │ ├── presence_test.yaml │ │ │ │ ├── field_targetLabels_test.yaml │ │ │ │ └── field_serviceName_test.yaml │ │ │ ├── networkpolicy │ │ │ │ ├── field_rules_test.yaml │ │ │ │ ├── validations_test.yaml │ │ │ │ └── field_podselector_test.yaml │ │ │ ├── persistence │ │ │ │ └── validations_test.yaml │ │ │ ├── ingress │ │ │ │ └── fiield_defaultBackend_test.yaml │ │ │ ├── pvc │ │ │ │ ├── field_storageclass.yaml │ │ │ │ └── presence_test.yaml │ │ │ ├── daemonset │ │ │ │ ├── field_revisionhistorylimit_test.yaml │ │ │ │ └── metadata_annotations_test.yaml │ │ │ ├── statefulset │ │ │ │ ├── field_revisionhistorylimit_test.yaml │ │ │ │ └── metadata_annotations_test.yaml │ │ │ ├── deployment │ │ │ │ ├── field_revisionhistorylimit_test.yaml │ │ │ │ └── metadata_annotations_test.yaml │ │ │ ├── controller │ │ │ │ └── presence_test.yaml │ │ │ ├── chart │ │ │ │ └── validations_test.yaml │ │ │ └── serviceAccount │ │ │ │ └── metadata_annotations_test.yaml │ │ ├── Chart.yaml │ │ ├── templates │ │ │ └── common.yaml │ │ └── .helmignore │ │ ├── templates │ │ ├── loader │ │ │ ├── _init.tpl │ │ │ ├── _all.tpl │ │ │ └── _generate.tpl │ │ ├── lib │ │ │ ├── daemonset │ │ │ │ ├── _validate.tpl │ │ │ │ └── _valuesToObject.tpl │ │ │ ├── serviceAccount │ │ │ │ ├── _validate.tpl │ │ │ │ ├── _getByIdentifier.tpl │ │ │ │ └── _enabled_serviceaccounts.tpl │ │ │ ├── metadata │ │ │ │ ├── _selectorLabels.tpl │ │ │ │ ├── _globalLabels.tpl │ │ │ │ ├── _globalAnnotations.tpl │ │ │ │ └── _allLabels.tpl │ │ │ ├── role │ │ │ │ ├── _validate.tpl │ │ │ │ ├── _getByIdentifier.tpl │ │ │ │ └── _enabled_roles.tpl │ │ │ ├── container │ │ │ │ ├── fields │ │ │ │ │ ├── _image.tpl │ │ │ │ │ ├── _args.tpl │ │ │ │ │ ├── _command.tpl │ │ │ │ │ └── _name.tpl │ │ │ │ └── _validate.tpl │ │ │ ├── chart │ │ │ │ ├── _defaultKeepNonNullValue.tpl │ │ │ │ ├── _getMapItemsWithKey.tpl │ │ │ │ ├── _validate.tpl │ │ │ │ └── _kahn.tpl │ │ │ ├── routes │ │ │ │ ├── _getByIdentifier.tpl │ │ │ │ ├── _autoDetectService.tpl │ │ │ │ └── _enabled_routes.tpl │ │ │ ├── deployment │ │ │ │ ├── _valuesToObject.tpl │ │ │ │ └── _validate.tpl │ │ │ ├── poddisruptionpolicy │ │ │ │ └── _validate.tpl │ │ │ ├── job │ │ │ │ ├── _validate.tpl │ │ │ │ └── _valuesToObject.tpl │ │ │ ├── service │ │ │ │ ├── _getByIdentifier.tpl │ │ │ │ ├── _getPortNumberByName.tpl │ │ │ │ ├── _autoDetectController.tpl │ │ │ │ ├── _enabled_ports.tpl │ │ │ │ ├── _enabled_services.tpl │ │ │ │ └── _primary_port.tpl │ │ │ ├── ingress │ │ │ │ ├── _getByIdentifier.tpl │ │ │ │ ├── _autoDetectService.tpl │ │ │ │ ├── _validate.tpl │ │ │ │ └── _enabled_ingresses.tpl │ │ │ ├── cronjob │ │ │ │ ├── _validate.tpl │ │ │ │ └── _valuesToObject.tpl │ │ │ ├── pvc │ │ │ │ ├── _getByIdentifier.tpl │ │ │ │ ├── _enabled_roles.tpl │ │ │ │ └── _enabled_pvcs.tpl │ │ │ ├── common │ │ │ │ ├── _valuesToObject.tpl │ │ │ │ └── _imageSpecificationToImage.tpl │ │ │ ├── secret │ │ │ │ ├── _getByIdentifier.tpl │ │ │ │ ├── _validate.tpl │ │ │ │ └── _enabled_secrets.tpl │ │ │ ├── configMap │ │ │ │ ├── _getByIdentifier.tpl │ │ │ │ ├── _enabled_configmaps.tpl │ │ │ │ └── _validate.tpl │ │ │ ├── rawResource │ │ │ │ ├── _getByIdentifier.tpl │ │ │ │ └── _enabled_rawResources.tpl │ │ │ ├── rolebinding │ │ │ │ ├── _getByIdentifier.tpl │ │ │ │ ├── _enabled_roleBindings.tpl │ │ │ │ └── _validate.tpl │ │ │ ├── networkpolicy │ │ │ │ ├── _getByIdentifier.tpl │ │ │ │ ├── _enabled_networkpolicies.tpl │ │ │ │ └── _validate.tpl │ │ │ ├── serviceMonitor │ │ │ │ ├── _getByIdentifier.tpl │ │ │ │ ├── _autoDetectService.tpl │ │ │ │ ├── _validate.tpl │ │ │ │ └── _enabled_servicemonitors.tpl │ │ │ ├── controller │ │ │ │ ├── _metadata.tpl │ │ │ │ ├── _enabled_controllers.tpl │ │ │ │ ├── _enabled_containers.tpl │ │ │ │ ├── _getByIdentifier.tpl │ │ │ │ └── _validate.tpl │ │ │ ├── filesFolders │ │ │ │ ├── _parseEnvFile.tpl │ │ │ │ └── _isBinaryFile.tpl │ │ │ ├── statefulset │ │ │ │ ├── _valuesToObject.tpl │ │ │ │ └── _validate.tpl │ │ │ └── pod │ │ │ │ ├── fields │ │ │ │ ├── _dnsPolicy.tpl │ │ │ │ └── _serviceAccountName.tpl │ │ │ │ └── metadata │ │ │ │ └── _labels.tpl │ │ ├── values │ │ │ └── _init.tpl │ │ ├── render │ │ │ ├── _pvcs.tpl │ │ │ ├── _rawResources.tpl │ │ │ ├── _routes.tpl │ │ │ ├── _ingresses.tpl │ │ │ ├── _services.tpl │ │ │ ├── _networkpolicies.tpl │ │ │ └── _serviceMonitors.tpl │ │ └── classes │ │ │ ├── _rawResource.tpl │ │ │ ├── _configmap.tpl │ │ │ ├── _role.tpl │ │ │ ├── _serviceAccount.tpl │ │ │ └── _secret.tpl │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ └── schemas │ │ ├── serviceAccount.json │ │ ├── rawResource.json │ │ └── secret.json └── mod.just ├── docs ├── overrides │ └── main.html ├── index.md ├── app-template │ ├── howto │ │ ├── index.md │ │ ├── helm-templates.md │ │ └── multiple-subpath.md │ └── examples │ │ ├── index.md │ │ ├── qbittorrent-gluetun.md │ │ └── home-assistant-codeserver.md ├── common-library │ ├── howto │ │ └── index.md │ └── storage │ │ ├── permissions.md │ │ └── types │ │ ├── custom.md │ │ ├── nfs-share.md │ │ ├── image.md │ │ ├── emptyDir.md │ │ ├── secret.md │ │ ├── configmap.md │ │ └── hostPath.md ├── stylesheets │ └── extra.css ├── requirements.txt └── mod.just ├── .vscode ├── extensions.json └── settings.json ├── .gitignore ├── .ci ├── repo-config.yaml ├── ct │ ├── ct.yaml │ └── chart_schema.yaml └── pre-commit │ └── config.yaml ├── Justfile ├── .editorconfig ├── examples ├── flux │ ├── helmrepository.yaml │ └── README.md ├── helm │ └── README.md └── kustomize │ ├── kustomization.yaml │ └── README.md ├── .yamlfmt.yaml ├── .yamllint.yml ├── .github ├── renovate.json5 ├── renovate │ └── custom-managers.json5 └── workflows │ └── codeql.yml └── .mise.toml /charts/other/app-template/values.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /charts/library/common/LICENSE: -------------------------------------------------------------------------------- 1 | ../../../LICENSE -------------------------------------------------------------------------------- /charts/library/common/test-chart/values.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /charts/other/app-template/LICENSE: -------------------------------------------------------------------------------- 1 | ../../../LICENSE -------------------------------------------------------------------------------- /charts/library/common/test-chart/ci/.gitignore: -------------------------------------------------------------------------------- 1 | test-values.yaml 2 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/values.schema.json: -------------------------------------------------------------------------------- 1 | ../values.schema.json -------------------------------------------------------------------------------- /docs/overrides/main.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} {% block announce %}{% endblock %} 2 | -------------------------------------------------------------------------------- /.vscode/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | "recommendations": ["editorconfig.editorconfig", "bluebrown.yamlfmt"] 3 | } 4 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "[yaml]": { 3 | "editor.defaultFormatter": "bluebrown.yamlfmt" 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | hide: 3 | - navigation 4 | - toc 5 | --- 6 | 7 | --8<-- 8 | README.md 9 | --8<-- 10 | -------------------------------------------------------------------------------- /docs/app-template/howto/index.md: -------------------------------------------------------------------------------- 1 | # How to... 2 | 3 | Here you can find information on how to accomplish specific scenario's. 4 | -------------------------------------------------------------------------------- /docs/common-library/howto/index.md: -------------------------------------------------------------------------------- 1 | # How to... 2 | 3 | Here you can find information on how to accomplish specific scenario's. 4 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/testFiles/escaped/test_2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | test: 3 | test: "{{ .Values.global.random.nonExistentKey }}" 4 | -------------------------------------------------------------------------------- /docs/app-template/examples/index.md: -------------------------------------------------------------------------------- 1 | # Examples 2 | 3 | Here you can find some examples for more complex app-template configurations. 4 | -------------------------------------------------------------------------------- /docs/stylesheets/extra.css: -------------------------------------------------------------------------------- 1 | /* Maximum space for text block */ 2 | .md-grid { 3 | max-width: 100%; /* 100% to stretch to full-width */ 4 | } 5 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/testFiles/envFile/envfile: -------------------------------------------------------------------------------- 1 | ENVVAL1=value1 2 | ENVVAL2=value2 3 | ENVVAL3="double-quoted string" 4 | ENVVAL4='single-quoted string' 5 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled Helm chart dependencies 2 | charts/**/Chart.lock 3 | charts/**/charts/ 4 | 5 | # Testing 6 | __snapshot__/ 7 | 8 | # Docs 9 | _site/ 10 | -------------------------------------------------------------------------------- /.ci/repo-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | excluded-charts-lint: [] 3 | 4 | excluded-charts-install: 5 | - other/app-template 6 | - other/multus 7 | 8 | excluded-charts-release: [] 9 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/testFiles/binary/helm.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bjw-s-labs/helm-charts/HEAD/charts/library/common/test-chart/testFiles/binary/helm.jpg -------------------------------------------------------------------------------- /charts/other/app-template/values.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$ref": "https://raw.githubusercontent.com/bjw-s-labs/helm-charts/common-4.5.0/charts/library/common/values.schema.json" 3 | } 4 | -------------------------------------------------------------------------------- /docs/requirements.txt: -------------------------------------------------------------------------------- 1 | mkdocs~=1.5,>=1.5.3 2 | mkdocs-material~=9.4 3 | mkdocs-material-extensions~=1.2 4 | pygments~=2.16 5 | pymdown-extensions~=10.2 6 | mkdocs-minify-plugin~=0.7 7 | -------------------------------------------------------------------------------- /docs/mod.just: -------------------------------------------------------------------------------- 1 | set shell := ["bash", "-euo", "pipefail", "-c"] 2 | 3 | serve: 4 | mkdocs serve -c -f .ci/mkdocs/mkdocs.yml 5 | 6 | install_prereqs: 7 | pip install -r docs/requirements.txt 8 | -------------------------------------------------------------------------------- /Justfile: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env -S just --justfile 2 | 3 | set quiet := true 4 | set shell := ['bash', '-euo', 'pipefail', '-c'] 5 | 6 | mod chart "charts" 7 | 8 | [private] 9 | default: 10 | just -l 11 | -------------------------------------------------------------------------------- /docs/app-template/examples/qbittorrent-gluetun.md: -------------------------------------------------------------------------------- 1 | How to deploy qBittorrent with a gluetun VPN sidecar. 2 | 3 | ```yaml linenums="1" 4 | --8<-- 5 | examples/helm/qbittorrent/values.yaml 6 | --8<-- 7 | ``` 8 | -------------------------------------------------------------------------------- /docs/app-template/examples/home-assistant-codeserver.md: -------------------------------------------------------------------------------- 1 | How to deploy Home-Assistant with a code-server sidecar. 2 | 3 | ```yaml linenums="1" 4 | --8<-- 5 | examples/helm/home-assistant/values.yaml 6 | --8<-- 7 | ``` 8 | -------------------------------------------------------------------------------- /charts/library/common/templates/loader/_init.tpl: -------------------------------------------------------------------------------- 1 | {{- define "bjw-s.common.loader.init" -}} 2 | {{- /* Merge the local chart values and the common chart defaults */ -}} 3 | {{- include "bjw-s.common.values.init" . }} 4 | {{- end -}} 5 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*] 4 | charset = utf-8 5 | end_of_line = lf 6 | indent_size = 2 7 | indent_style = space 8 | insert_final_newline = true 9 | trim_trailing_whitespace = true 10 | 11 | [*.md] 12 | max_line_length = off 13 | -------------------------------------------------------------------------------- /docs/common-library/storage/permissions.md: -------------------------------------------------------------------------------- 1 | # Permissions 2 | 3 | Charts do not modify file or folder permissions on volumes out of the box. 4 | 5 | This means that you will have to make sure that your storage can be written to 6 | by the application. 7 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/_values/controllers_main_default_container.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | controllers: 3 | main: 4 | containers: 5 | main: 6 | image: 7 | repository: ghcr.io/mendhak/http-https-echo 8 | tag: 31 9 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/_values/service_main_default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=../../../common/values.schema.json 3 | service: 4 | main: 5 | controller: main 6 | ports: 7 | http: 8 | port: 8081 9 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/daemonset/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate DaemonSet values 3 | */}} 4 | {{- define "bjw-s.common.lib.daemonset.validate" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $daemonsetValues := .object -}} 7 | {{- end -}} 8 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/serviceAccount/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate ServiceAccount values 3 | */}} 4 | {{- define "bjw-s.common.lib.serviceAccount.validate" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $serviceAccountValues := .object -}} 7 | {{- end -}} 8 | -------------------------------------------------------------------------------- /examples/flux/helmrepository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: bjw-s-helm-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://bjw-s-labs.github.io/helm-charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/metadata/_selectorLabels.tpl: -------------------------------------------------------------------------------- 1 | {{/* Selector labels shared across objects */}} 2 | {{- define "bjw-s.common.lib.metadata.selectorLabels" -}} 3 | app.kubernetes.io/name: {{ include "bjw-s.common.lib.chart.names.name" . }} 4 | app.kubernetes.io/instance: {{ .Release.Name }} 5 | {{- end -}} 6 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/ci/no-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=../../../common/values.schema.json 3 | controllers: 4 | main: 5 | containers: 6 | main: 7 | image: 8 | repository: ghcr.io/mendhak/http-https-echo 9 | tag: 31 10 | pullPolicy: IfNotPresent 11 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/metadata/_globalLabels.tpl: -------------------------------------------------------------------------------- 1 | {{- define "bjw-s.common.lib.metadata.globalLabels" -}} 2 | {{- with .Values.global.labels }} 3 | {{- range $k, $v := . }} 4 | {{- $name := $k }} 5 | {{- $value := tpl $v $ }} 6 | {{ $name }}: {{ quote $value }} 7 | {{- end }} 8 | {{- end }} 9 | {{- end -}} 10 | -------------------------------------------------------------------------------- /.ci/ct/ct.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | chart-yaml-schema: .ci/ct/chart_schema.yaml 3 | lint-conf: .yamllint.yml 4 | 5 | remote: origin 6 | target-branch: main 7 | 8 | helm-extra-args: --timeout 600s 9 | 10 | chart-dirs: 11 | - charts/library 12 | - charts/apps 13 | - charts/other 14 | 15 | chart-repos: 16 | - bjw-s=https://bjw-s-labs.github.io/helm-charts 17 | -------------------------------------------------------------------------------- /.yamlfmt.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | formatter: 3 | type: basic 4 | disable_alias_key_correction: true 5 | eof_newline: true 6 | force_array_style: block 7 | include_document_start: true 8 | indent: 2 9 | indentless_arrays: false 10 | line_ending: lf 11 | retain_line_breaks_single: true 12 | scan_folded_as_literal: true 13 | trim_trailing_whitespace: true 14 | -------------------------------------------------------------------------------- /charts/other/multus/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | cni-plugins: 3 | image: 4 | repository: ghcr.io/home-operations/cni-plugins 5 | tag: 1.9.0 6 | resources: {} 7 | 8 | multus: 9 | image: 10 | repository: ghcr.io/k8snetworkplumbingwg/multus-cni 11 | tag: v4.2.3 12 | resources: {} 13 | 14 | cni: 15 | netPath: /etc/cni/net.d 16 | binPath: /opt/cni/bin 17 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v2 3 | description: A helper chart that is used to test the common library chart 4 | name: common-test 5 | version: 1.0.0 6 | kubeVersion: ">=1.28.0-0" 7 | maintainers: 8 | - name: bjw-s 9 | email: me@bjw-s.dev 10 | dependencies: 11 | - name: common 12 | repository: file://../ 13 | version: ">0.0.0-0" 14 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/_values/ingress_main_default_hosts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=../../../common/values.schema.json 3 | ingress: 4 | main: 5 | hosts: 6 | - host: "chart-example.local" 7 | paths: 8 | - path: / 9 | service: 10 | name: RELEASE-NAME 11 | port: 8081 12 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/role/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate Role values 3 | */}} 4 | {{- define "bjw-s.common.lib.rbac.role.validate" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $roleValues := .object -}} 7 | {{- $rules := $roleValues.rules -}} 8 | 9 | {{- if not $rules -}} 10 | {{- fail "Rules can't be empty" -}} 11 | {{- end -}} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /examples/flux/README.md: -------------------------------------------------------------------------------- 1 | # Deployment example using a Flux HelmRelease 2 | 3 | ### Prerequisites 4 | 5 | Make sure that the [`bjws-helm-charts` HelmRepository](helmrepository.yaml) is added to your cluster. 6 | 7 | ### Deployment 8 | 9 | When you add the [HelmRelease](helmrelease.yaml) to your cluster, Flux will automatically render and 10 | apply the rendered manifest(s) to your cluster. 11 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/daemonset/_valuesToObject.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Convert DaemonSet values to an object 3 | */}} 4 | {{- define "bjw-s.common.lib.daemonset.valuesToObject" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $objectValues := .values -}} 8 | 9 | {{- /* Return the DaemonSet object */ -}} 10 | {{- $objectValues | toYaml -}} 11 | {{- end -}} 12 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/metadata/_globalAnnotations.tpl: -------------------------------------------------------------------------------- 1 | {{/* Common annotations shared across objects */}} 2 | {{- define "bjw-s.common.lib.metadata.globalAnnotations" -}} 3 | {{- with .Values.global.annotations }} 4 | {{- range $k, $v := . }} 5 | {{- $name := $k }} 6 | {{- $value := tpl $v $ }} 7 | {{ $name }}: {{ quote $value }} 8 | {{- end }} 9 | {{- end }} 10 | {{- end -}} 11 | -------------------------------------------------------------------------------- /.yamllint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | rules: 5 | brackets: 6 | max-spaces-inside: 1 7 | min-spaces-inside: 0 8 | comments: 9 | require-starting-space: true 10 | min-spaces-from-content: 1 11 | indentation: 12 | spaces: consistent 13 | indent-sequences: consistent 14 | check-multi-line-strings: false 15 | line-length: disable 16 | quoted-strings: 17 | quote-type: any 18 | required: false 19 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/container/fields/_image.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Image used by the container. 3 | */}} 4 | {{- define "bjw-s.common.lib.container.field.image" -}} 5 | {{- $ctx := .ctx -}} 6 | {{- $rootContext := $ctx.rootContext -}} 7 | {{- $containerObject := $ctx.containerObject -}} 8 | 9 | {{- include "bjw-s.common.lib.imageSpecificationToImage" (dict "rootContext" $rootContext "imageSpec" $containerObject.image) -}} 10 | {{- end -}} 11 | -------------------------------------------------------------------------------- /charts/library/common/templates/loader/_all.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Main entrypoint for the common library chart. It will render all underlying templates based on the provided values. 3 | */}} 4 | {{- define "bjw-s.common.loader.all" -}} 5 | {{- /* Generate chart and dependency values */ -}} 6 | {{- include "bjw-s.common.loader.init" . -}} 7 | 8 | {{- /* Generate remaining objects */ -}} 9 | {{- include "bjw-s.common.loader.generate" . -}} 10 | {{- end -}} 11 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/_values/rbac_values.yaml: -------------------------------------------------------------------------------- 1 | serviceAccount: 2 | default: {} 3 | 4 | rbac: 5 | roles: 6 | defaultRole: 7 | type: Role 8 | rules: 9 | - apiGroups: [ "" ] 10 | resources: [ "pods" ] 11 | verbs: [ "get", "list" ] 12 | 13 | bindings: 14 | defaultBinding: 15 | type: RoleBinding 16 | roleRef: 17 | identifier: defaultRole 18 | subjects: 19 | - identifier: default 20 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/chart/_defaultKeepNonNullValue.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the value or the specified default if the given value is null. 3 | */}} 4 | {{- define "bjw-s.common.lib.defaultKeepNonNullValue" -}} 5 | {{- $value := .value -}} 6 | {{- $default := required "default value is required" .default -}} 7 | 8 | {{- if eq nil $value -}} 9 | {{- $default | toYaml -}} 10 | {{- else -}} 11 | {{- $value | toYaml -}} 12 | {{- end -}} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/library/common/templates/values/_init.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Merge the local chart values and the common chart defaults 3 | */}} 4 | {{- define "bjw-s.common.values.init" -}} 5 | {{- if .Values.common -}} 6 | {{- $defaultValues := deepCopy .Values.common -}} 7 | {{- $userValues := deepCopy (omit .Values "common") -}} 8 | {{- $mergedValues := mustMergeOverwrite $defaultValues $userValues -}} 9 | {{- $_ := set . "Values" (deepCopy $mergedValues) -}} 10 | {{- end -}} 11 | {{- end -}} 12 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/ci/cronjob-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=../../../common/values.schema.json 3 | controllers: 4 | main: 5 | type: cronjob 6 | cronjob: 7 | timeZone: UTC 8 | schedule: "*/20 * * * *" 9 | containers: 10 | main: 11 | image: 12 | repository: ghcr.io/mendhak/http-https-echo 13 | tag: 31 14 | pullPolicy: IfNotPresent 15 | 16 | configMaps: 17 | config: 18 | enabled: true 19 | data: 20 | test: value 1 21 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/routes/_getByIdentifier.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return a Route object by its Identifier. 3 | */}} 4 | {{- define "bjw-s.common.lib.route.getByIdentifier" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | 8 | {{- $enabledRoutes := (include "bjw-s.common.lib.route.enabledRoutes" (dict "rootContext" $rootContext) | fromYaml ) }} 9 | 10 | {{- if (hasKey $enabledRoutes $identifier) -}} 11 | {{- get $enabledRoutes $identifier | toYaml -}} 12 | {{- end -}} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /.github/renovate.json5: -------------------------------------------------------------------------------- 1 | { 2 | extends: [ 3 | "github>bjw-s/renovate-config", 4 | "github>bjw-s/renovate-config:automerge-github-actions", 5 | "github>bjw-s-labs/helm-charts//.github/renovate/custom-managers.json5", 6 | ], 7 | packageRules: [ 8 | { 9 | description: "Auto merge minors and patches for mise packages", 10 | matchManagers: ["mise"], 11 | automerge: true, 12 | automergeType: "pr", 13 | matchUpdateTypes: ["minor", "patch"], 14 | ignoreTests: false, 15 | }, 16 | ], 17 | } 18 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/deployment/_valuesToObject.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Convert Deployment values to an object 3 | */}} 4 | {{- define "bjw-s.common.lib.deployment.valuesToObject" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $objectValues := .values -}} 8 | 9 | {{- $strategy := default "Recreate" $objectValues.strategy -}} 10 | {{- $_ := set $objectValues "strategy" $strategy -}} 11 | 12 | {{- /* Return the Deployment object */ -}} 13 | {{- $objectValues | toYaml -}} 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/metadata/_allLabels.tpl: -------------------------------------------------------------------------------- 1 | {{/* Common labels shared across objects */}} 2 | {{- define "bjw-s.common.lib.metadata.allLabels" -}} 3 | helm.sh/chart: {{ include "bjw-s.common.lib.chart.names.chart" . }} 4 | {{ include "bjw-s.common.lib.metadata.selectorLabels" . }} 5 | {{- if .Chart.AppVersion }} 6 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 7 | {{- end }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | {{ include "bjw-s.common.lib.metadata.globalLabels" . }} 10 | {{- end -}} 11 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/poddisruptionpolicy/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate PodDisruptionBudget values 3 | */}} 4 | {{- define "bjw-s.common.lib.podDisruptionBudget.validate" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $podDisruptionBudgetObject := .object -}} 7 | 8 | {{- if empty (get $podDisruptionBudgetObject "controller") -}} 9 | {{- fail (printf "controller reference is required for PodDisruptionBudget. (PodDisruptionBudget %s)" $podDisruptionBudgetObject.identifier) -}} 10 | {{- end -}} 11 | {{- end -}} 12 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/job/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate job values 3 | */}} 4 | {{- define "bjw-s.common.lib.job.validate" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $jobValues := .object -}} 7 | 8 | {{- $allowedRestartPolicy := list "Never" "OnFailure" -}} 9 | {{- if not (has $jobValues.pod.restartPolicy $allowedRestartPolicy) -}} 10 | {{- fail (printf "Not a valid restart policy for Job (controller: %s, strategy: %s)" $jobValues.identifier $jobValues.pod.restartPolicy) -}} 11 | {{- end -}} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/service/_getByIdentifier.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return a service Object by its Identifier. 3 | */}} 4 | {{- define "bjw-s.common.lib.service.getByIdentifier" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $enabledServices := (include "bjw-s.common.lib.service.enabledServices" (dict "rootContext" $rootContext) | fromYaml ) }} 8 | 9 | {{- if (hasKey $enabledServices $identifier) -}} 10 | {{- get $enabledServices $identifier | toYaml -}} 11 | {{- end -}} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /charts/other/app-template/templates/common.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{- include "bjw-s.common.loader.init" . }} 3 | 4 | {{- define "app-template.hardcodedValues" -}} 5 | # Set the nameOverride based on the release name if no override has been set 6 | {{ if not .Values.global.nameOverride }} 7 | global: 8 | nameOverride: "{{ .Release.Name }}" 9 | {{ end }} 10 | {{- end -}} 11 | {{- $_ := mergeOverwrite .Values (include "app-template.hardcodedValues" . | fromYaml) -}} 12 | 13 | {{/* Render the templates */}} 14 | {{ include "bjw-s.common.loader.generate" . }} 15 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/deployment/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate Deployment values 3 | */}} 4 | {{- define "bjw-s.common.lib.deployment.validate" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $deploymentValues := .object -}} 7 | 8 | {{- if and (ne $deploymentValues.strategy "Recreate") (ne $deploymentValues.strategy "RollingUpdate") -}} 9 | {{- fail (printf "Not a valid strategy type for Deployment. (controller: %s, strategy: %s)" $deploymentValues.identifier $deploymentValues.strategy) }} 10 | {{- end -}} 11 | {{- end -}} 12 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/ingress/_getByIdentifier.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return an Ingress Object by its Identifier. 3 | */}} 4 | {{- define "bjw-s.common.lib.ingress.getByIdentifier" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | 8 | {{- $enabledIngresses := (include "bjw-s.common.lib.ingress.enabledIngresses" (dict "rootContext" $rootContext) | fromYaml ) }} 9 | 10 | {{- if (hasKey $enabledIngresses $identifier) -}} 11 | {{- get $enabledIngresses $identifier | toYaml -}} 12 | {{- end -}} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/templates/common.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{- include "bjw-s.common.loader.init" . }} 3 | 4 | {{- define "app-template.hardcodedValues" -}} 5 | # Set the nameOverride based on the release name if no override has been set 6 | {{ if not .Values.global.nameOverride }} 7 | global: 8 | nameOverride: "{{ .Release.Name }}" 9 | {{ end }} 10 | {{- end -}} 11 | {{- $_ := mergeOverwrite .Values (include "app-template.hardcodedValues" . | fromYaml) -}} 12 | 13 | {{/* Render the templates */}} 14 | {{ include "bjw-s.common.loader.generate" . }} 15 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/cronjob/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate CronJob values 3 | */}} 4 | {{- define "bjw-s.common.lib.cronjob.validate" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $cronjobValues := .object -}} 7 | 8 | {{- if and (ne $cronjobValues.pod.restartPolicy "Never") (ne $cronjobValues.pod.restartPolicy "OnFailure") -}} 9 | {{- fail (printf "Not a valid restartPolicy type for CronJob. (controller: %s, restartPolicy: %s)" $cronjobValues.identifier $cronjobValues.pod.restartPolicy) }} 10 | {{- end -}} 11 | {{- end -}} 12 | -------------------------------------------------------------------------------- /examples/helm/README.md: -------------------------------------------------------------------------------- 1 | # Deployment example using Helm 2 | 3 | ### Prerequisites 4 | 5 | Makre sure the Helm repository is installed as follows: 6 | 7 | ```console 8 | helm repo add bjw-s https://bjw-s-labs.github.io/helm-charts 9 | helm repo update 10 | ``` 11 | 12 | ### Deployment 13 | 14 | In order to deploy the manifest for this example, issue the 15 | following command: 16 | 17 | ```console 18 | helm install vaultwarden bjw-s/app-template --namespace default --values values.yaml 19 | ``` 20 | 21 | This will apply the rendered manifest(s) to your cluster. 22 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/chart/_getMapItemsWithKey.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Returns the items in a map that have a certain key 3 | */}} 4 | {{- define "bjw-s.common.lib.getMapItemsWithKey" -}} 5 | {{- $map := .map -}} 6 | {{- $keyToFind := .key -}} 7 | {{- $output := dict -}} 8 | 9 | {{- if not (empty $keyToFind) -}} 10 | {{- range $key, $item := $map -}} 11 | {{- if not (empty (dig $keyToFind nil $item)) -}} 12 | {{- $_ := set $output $key $item -}} 13 | {{- end -}} 14 | {{- end -}} 15 | {{- end -}} 16 | {{- $output | toYaml -}} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/other/multus/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v2 3 | description: A Helm chart for the Multus CNI CustomResourceDefinition 4 | name: multus 5 | version: 1.1.0 6 | appVersion: 4.2.2 7 | maintainers: 8 | - name: bjw-s 9 | email: me@bjw-s.dev 10 | sources: 11 | - https://github.com/k8snetworkplumbingwg/multus-cni 12 | dependencies: 13 | - name: common 14 | repository: https://bjw-s-labs.github.io/helm-charts 15 | version: 4.5.0 16 | annotations: 17 | artifacthub.io/changes: |- 18 | - kind: changed 19 | description: |- 20 | Update cni-plugins to v1.9.0 21 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/serviceAccount/_getByIdentifier.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return a ServiceAccount Object by its Identifier. 3 | */}} 4 | {{- define "bjw-s.common.lib.serviceAccount.getByIdentifier" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $enabledServiceAccounts := (include "bjw-s.common.lib.serviceAccount.enabledServiceAccounts" (dict "rootContext" $rootContext) | fromYaml ) }} 8 | 9 | {{- if (hasKey $enabledServiceAccounts $identifier) -}} 10 | {{- get $enabledServiceAccounts $identifier | toYaml -}} 11 | {{- end -}} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /.github/renovate/custom-managers.json5: -------------------------------------------------------------------------------- 1 | { 2 | $schema: "https://docs.renovatebot.com/renovate-schema.json", 3 | customManagers: [ 4 | { 5 | customType: "regex", 6 | description: "Process common lib json schema references", 7 | fileMatch: ["\\.json$"], 8 | matchStrings: [ 9 | "https:\\/\\/raw.githubusercontent.com\\/bjw-s-labs\\/helm-charts\\/(?\\S+?)-(?[\\d\\.]+?)\\/\\S+", 10 | ], 11 | datasourceTemplate: "helm", 12 | versioningTemplate: "semver", 13 | registryUrlTemplate: "https://bjw-s-labs.github.io/helm-charts" 14 | }, 15 | ], 16 | } 17 | -------------------------------------------------------------------------------- /examples/kustomize/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | helmCharts: 5 | - name: app-template 6 | repo: https://bjw-s-labs.github.io/helm-charts/ 7 | # this example is not automatically updated, so be sure to use the latest chart version 8 | version: 4.5.0 9 | releaseName: &releaseName vaultwarden 10 | namespace: &releaseNamespace default 11 | valuesFile: values.yaml 12 | commonAnnotations: 13 | meta.helm.sh/release-name: *releaseName 14 | meta.helm.sh/release-namespace: *releaseNamespace 15 | commonLabels: 16 | app.kubernetes.io/managed-by: Helm 17 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/secret/validation_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: secret - validations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: no files found in basePath should fail 10 | set: 11 | secretsFromFolder: 12 | enabled: true 13 | basePath: ci/configMapsFolder 14 | asserts: 15 | - failedTemplate: 16 | errorMessage: "No usable files found in the folder ci/configMapsFolder" 17 | -------------------------------------------------------------------------------- /.ci/pre-commit/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # See https://pre-commit.com for more information 3 | exclude: | 4 | (?x)^( 5 | .github\/actions\/.*\/dist\/.* 6 | )$ 7 | 8 | repos: 9 | - repo: https://github.com/pre-commit/pre-commit-hooks 10 | rev: v4.0.1 11 | hooks: 12 | - id: trailing-whitespace 13 | - id: end-of-file-fixer 14 | - id: fix-byte-order-marker 15 | - id: mixed-line-ending 16 | - id: check-merge-conflict 17 | - id: check-case-conflict 18 | 19 | - repo: https://github.com/Lucas-C/pre-commit-hooks 20 | rev: v1.1.10 21 | hooks: 22 | - id: remove-crlf 23 | - id: remove-tabs 24 | -------------------------------------------------------------------------------- /charts/library/common/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | # OWNERS file for Kubernetes 24 | OWNERS 25 | # helm-docs templates 26 | *.gotmpl 27 | 28 | # Schema files 29 | schemas/ 30 | 31 | # Test files 32 | test-chart/ 33 | unittests/ 34 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/configmap/validation_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: configmap - validations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: no files found in basePath should fail 10 | set: 11 | configMapsFromFolder: 12 | enabled: true 13 | basePath: ci/configMapsFolder 14 | asserts: 15 | - failedTemplate: 16 | errorMessage: "No usable files found in the folder ci/configMapsFolder" 17 | -------------------------------------------------------------------------------- /examples/kustomize/README.md: -------------------------------------------------------------------------------- 1 | # Deployment example using Kustomize 2 | 3 | ### Deployment 4 | 5 | #### Build 6 | 7 | In order to view the resulting manifest for this example through Kustomize, issue 8 | the following command: 9 | 10 | ```console 11 | kubectl kustomize --enable-helm . 12 | ``` 13 | 14 | This will print the rendered manifest(s) to your console. 15 | 16 | #### Apply 17 | 18 | In order to deploy the manifest for this example through Kustomize, issue the 19 | following command: 20 | 21 | ```console 22 | kubectl kustomize --enable-helm . | kubectl apply -f - 23 | ``` 24 | 25 | This will apply the rendered manifest(s) to your cluster. 26 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | # OWNERS file for Kubernetes 24 | OWNERS 25 | # helm-docs templates 26 | *.gotmpl 27 | 28 | # Schema files 29 | schemas/ 30 | 31 | # Test files 32 | test-chart/ 33 | unittests/ 34 | -------------------------------------------------------------------------------- /charts/other/app-template/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | # OWNERS file for Kubernetes 24 | OWNERS 25 | 26 | # helm-docs templates 27 | *.gotmpl 28 | 29 | # Schema files 30 | schemas/ 31 | 32 | # Test files 33 | test-chart/ 34 | unittests/ 35 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/job/_valuesToObject.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Convert job values to an object 3 | */}} 4 | {{- define "bjw-s.common.lib.job.valuesToObject" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $objectValues := .values -}} 8 | 9 | {{- if not (hasKey $objectValues "pod") -}} 10 | {{- $_ := set $objectValues "pod" dict -}} 11 | {{- end -}} 12 | 13 | {{- $restartPolicy := default "Never" $objectValues.pod.restartPolicy -}} 14 | {{- $_ := set $objectValues.pod "restartPolicy" $restartPolicy -}} 15 | 16 | {{- /* Return the Job object */ -}} 17 | {{- $objectValues | toYaml -}} 18 | {{- end -}} 19 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/pvc/_getByIdentifier.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return a PVC object by its Identifier. 3 | */}} 4 | {{- define "bjw-s.common.lib.pvc.getByIdentifier" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $enabledPVCs := (include "bjw-s.common.lib.pvc.enabledPVCs" (dict "rootContext" $rootContext) | fromYaml ) }} 8 | 9 | {{- if (hasKey $enabledPVCs $identifier) -}} 10 | {{- $objectValues := get $enabledPVCs $identifier -}} 11 | {{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" (len $enabledPVCs)) -}} 12 | {{- end -}} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/common/_valuesToObject.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Convert values to an object 3 | */}} 4 | {{- define "bjw-s.common.lib.valuesToObject" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $objectValues := .values -}} 8 | {{- $itemCount := .itemCount -}} 9 | 10 | {{- $objectName := (include "bjw-s.common.lib.determineResourceNameFromValues" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" $itemCount)) -}} 11 | 12 | {{- $_ := set $objectValues "name" $objectName -}} 13 | {{- $_ := set $objectValues "identifier" $identifier -}} 14 | 15 | {{- $objectValues | toYaml -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/role/_getByIdentifier.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return a Role Object by its Identifier. 3 | */}} 4 | {{- define "bjw-s.common.lib.rbac.role.getByIdentifier" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $enabledRoles := (include "bjw-s.common.lib.rbac.role.enabledRoles" (dict "rootContext" $rootContext) | fromYaml ) }} 8 | 9 | {{- if (hasKey $enabledRoles $identifier) -}} 10 | {{- $objectValues := get $enabledRoles $identifier -}} 11 | {{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" (len $enabledRoles)) -}} 12 | {{- end -}} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/secret/_getByIdentifier.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return a secret Object by its Identifier. 3 | */}} 4 | {{- define "bjw-s.common.lib.secret.getByIdentifier" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $enabledSecrets := (include "bjw-s.common.lib.secret.enabledSecrets" (dict "rootContext" $rootContext) | fromYaml ) }} 8 | 9 | {{- if (hasKey $enabledSecrets $identifier) -}} 10 | {{- $objectValues := get $enabledSecrets $identifier -}} 11 | {{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" (len $enabledSecrets)) -}} 12 | {{- end -}} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/service/_getPortNumberByName.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return a service port number by name for a Service object 3 | */}} 4 | {{- define "bjw-s.common.lib.service.getPortNumberByName" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .serviceID -}} 7 | {{- $portName := .portName -}} 8 | 9 | {{- $service := include "bjw-s.common.lib.service.getByIdentifier" (dict "rootContext" $rootContext "id" $identifier) | fromYaml -}} 10 | 11 | {{- if $service -}} 12 | {{ $servicePort := dig "ports" $portName "port" nil $service -}} 13 | {{- if not (eq $servicePort nil) -}} 14 | {{- $servicePort -}} 15 | {{- end -}} 16 | {{- end -}} 17 | {{- end -}} 18 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/pod/validations_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: service - validations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: automatic Service Account determination should fail when >1 Service Account is enabled 10 | set: 11 | serviceAccount: 12 | mySA: {} 13 | mySA2: {} 14 | asserts: 15 | - failedTemplate: 16 | errorMessage: "serviceAccount field is required because automatic Service Account detection is not possible. (controller: main)" 17 | -------------------------------------------------------------------------------- /.mise.toml: -------------------------------------------------------------------------------- 1 | [env] 2 | _.python.venv = { path = ".venv", create = true } 3 | JUST_UNSTABLE = "1" 4 | 5 | [settings] 6 | experimental = true 7 | pipx_uvx = true 8 | python.uv_venv_auto = true 9 | 10 | [tools] 11 | python = "3.14.2" # Required for documentation generation 12 | rust = "1.92.0" # Required for schematools 13 | "aqua:astral-sh/uv" = "0.9.18" 14 | "aqua:casey/just" = "1.45.0" 15 | "aqua:google/yamlfmt" = "0.20.0" 16 | "aqua:helm" = "3.19.4" 17 | "aqua:helm/chart-testing" = "3.14.0" 18 | "aqua:mikefarah/yq" = "4.50.1" 19 | "cargo:schematools-cli" = "0.22.0" 20 | "pipx:yamllint" = "1.37.1" 21 | "pipx:yamale" = "6.1.0" 22 | 23 | [hooks] 24 | postinstall = "uv pip install --upgrade -r {{config_root}}/docs/requirements.txt" 25 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/service/_autoDetectController.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Autodetects the controller for a Service object 3 | */}} 4 | {{- define "bjw-s.common.lib.service.autoDetectController" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $serviceObject := .object -}} 7 | {{- $enabledControllers := (include "bjw-s.common.lib.controller.enabledControllers" (dict "rootContext" $rootContext) | fromYaml ) -}} 8 | 9 | {{- if eq 1 (len $enabledControllers) -}} 10 | {{- if (empty (dig "controller" nil $serviceObject)) -}} 11 | {{- $_ := set $serviceObject "controller" ($enabledControllers | keys | first) -}} 12 | {{- end -}} 13 | {{- end -}} 14 | {{- $serviceObject | toYaml -}} 15 | {{- end -}} 16 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/configMap/_getByIdentifier.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return a configMap Object by its Identifier. 3 | */}} 4 | {{- define "bjw-s.common.lib.configMap.getByIdentifier" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $enabledConfigMaps := (include "bjw-s.common.lib.configMap.enabledConfigmaps" (dict "rootContext" $rootContext) | fromYaml ) }} 8 | 9 | {{- if (hasKey $enabledConfigMaps $identifier) -}} 10 | {{- $objectValues := get $enabledConfigMaps $identifier -}} 11 | {{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" (len $enabledConfigMaps)) -}} 12 | {{- end -}} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/rawResource/_getByIdentifier.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return a RawResource Object by its Identifier. 3 | */}} 4 | {{- define "bjw-s.common.lib.rawResource.getByIdentifier" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $enabledRawResources := (include "bjw-s.common.lib.rawResource.enabledRawResources" (dict "rootContext" $rootContext) | fromYaml ) }} 8 | 9 | {{- if (hasKey $enabledRawResources $identifier) -}} 10 | {{- $objectValues := get $enabledRawResources $identifier -}} 11 | {{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" (len $enabledRawResources)) -}} 12 | {{- end -}} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/rolebinding/_getByIdentifier.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return a RoleBinding Object by its Identifier. 3 | */}} 4 | {{- define "bjw-s.common.lib.rbac.roleBinding.getByIdentifier" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $enabledRoleBindings := (include "bjw-s.common.lib.rbac.roleBinding.enabledRoleBindings" (dict "rootContext" $rootContext) | fromYaml ) }} 8 | 9 | {{- if (hasKey $enabledRoleBindings $identifier) -}} 10 | {{- $objectValues := get $enabledRoleBindings $identifier -}} 11 | {{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" (len $enabledRoleBindings)) -}} 12 | {{- end -}} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/container/fields/_args.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Args used by the container. 3 | */}} 4 | {{- define "bjw-s.common.lib.container.field.args" -}} 5 | {{- $ctx := .ctx -}} 6 | {{- $containerObject := $ctx.containerObject -}} 7 | {{- $argValues := get $containerObject "args" -}} 8 | 9 | {{- /* Default to empty list */ -}} 10 | {{- $args := list -}} 11 | 12 | {{- /* See if an override is desired */ -}} 13 | {{- if not (empty $argValues) -}} 14 | {{- if kindIs "string" $argValues -}} 15 | {{- $args = append $args $argValues -}} 16 | {{- else -}} 17 | {{- $args = $argValues -}} 18 | {{- end -}} 19 | {{- end -}} 20 | 21 | {{- if not (empty $args) -}} 22 | {{- $args | toYaml -}} 23 | {{- end -}} 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/networkpolicy/_getByIdentifier.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return a NetworkPolicy object by its Identifier. 3 | */}} 4 | {{- define "bjw-s.common.lib.networkpolicy.getByIdentifier" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $enabledNetworkPolicies := (include "bjw-s.common.lib.networkpolicy.enabledNetworkPolicies" (dict "rootContext" $rootContext) | fromYaml ) }} 8 | 9 | {{- if (hasKey $enabledNetworkPolicies $identifier) -}} 10 | {{- $objectValues := get $enabledNetworkPolicies $identifier -}} 11 | {{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" (len $enabledNetworkPolicies)) -}} 12 | {{- end -}} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/service/_enabled_ports.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the enabled ports for a given Service object. 3 | */}} 4 | {{- define "bjw-s.common.lib.service.enabledPorts" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $serviceObject := .serviceObject -}} 7 | 8 | {{- $enabledPorts := dict -}} 9 | 10 | {{- range $name, $port := $serviceObject.ports -}} 11 | {{- if kindIs "map" $port -}} 12 | {{- $portEnabled := true -}} 13 | {{- if hasKey $port "enabled" -}} 14 | {{- $portEnabled = $port.enabled -}} 15 | {{- end -}} 16 | {{- if $portEnabled -}} 17 | {{- $_ := set $enabledPorts $name . -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{- end -}} 21 | {{- $enabledPorts | toYaml -}} 22 | {{- end -}} 23 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/serviceMonitor/_getByIdentifier.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return a ServiceMonitor Object by its Identifier. 3 | */}} 4 | {{- define "bjw-s.common.lib.serviceMonitor.getByIdentifier" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $enabledServiceMonitors := (include "bjw-s.common.lib.serviceMonitor.enabledServiceMonitors" (dict "rootContext" $rootContext) | fromYaml ) }} 8 | 9 | {{- if (hasKey $enabledServiceMonitors $identifier) -}} 10 | {{- $objectValues := get $enabledServiceMonitors $identifier -}} 11 | {{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" (len $enabledServiceMonitors)) -}} 12 | {{- end -}} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/service/field_ports_appProtocol_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: service - fields - ports - appProtocol 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | - ../_values/service_main_default.yaml 9 | tests: 10 | - it: appProtocol can be configured 11 | set: 12 | service.main.ports.http.appProtocol: kubernetes.io/h2c 13 | documentSelector: 14 | path: $[?(@.kind == "Service")].metadata.name 15 | value: release-name 16 | asserts: 17 | - equal: 18 | path: spec.ports[0].appProtocol 19 | value: kubernetes.io/h2c 20 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/controller/_metadata.tpl: -------------------------------------------------------------------------------- 1 | {{- define "bjw-s.common.lib.controller.metadata.labels" -}} 2 | {{- 3 | $labels := ( 4 | merge 5 | (.Values.controller.labels | default dict) 6 | (include "bjw-s.common.lib.metadata.allLabels" $ | fromYaml) 7 | ) 8 | -}} 9 | {{- with $labels -}} 10 | {{- toYaml . -}} 11 | {{- end -}} 12 | {{- end -}} 13 | 14 | {{- define "bjw-s.common.lib.controller.metadata.annotations" -}} 15 | {{- 16 | $annotations := ( 17 | merge 18 | (.Values.controller.annotations | default dict) 19 | (include "bjw-s.common.lib.metadata.globalAnnotations" $ | fromYaml) 20 | ) 21 | -}} 22 | {{- with $annotations -}} 23 | {{- toYaml . -}} 24 | {{- end -}} 25 | {{- end -}} 26 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/pvc/_enabled_roles.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the enabled roles. 3 | */}} 4 | {{- define "bjw-s.common.lib.rbac.role.enabledRoles" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $enabledRoles := dict -}} 7 | 8 | {{- range $name, $role := $rootContext.Values.rbac.roles -}} 9 | {{- if kindIs "map" $role -}} 10 | {{- /* Enable Role by default, but allow override */ -}} 11 | {{- $roleEnabled := true -}} 12 | {{- if hasKey $role "enabled" -}} 13 | {{- $roleEnabled = $role.enabled -}} 14 | {{- end -}} 15 | 16 | {{- if $roleEnabled -}} 17 | {{- $_ := set $enabledRoles $name . -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{- $enabledRoles | toYaml -}} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/role/_enabled_roles.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the enabled roles. 3 | */}} 4 | {{- define "bjw-s.common.lib.rbac.role.enabledRoles" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $enabledRoles := dict -}} 7 | 8 | {{- range $name, $role := $rootContext.Values.rbac.roles -}} 9 | {{- if kindIs "map" $role -}} 10 | {{- /* Enable Role by default, but allow override */ -}} 11 | {{- $roleEnabled := true -}} 12 | {{- if hasKey $role "enabled" -}} 13 | {{- $roleEnabled = $role.enabled -}} 14 | {{- end -}} 15 | 16 | {{- if $roleEnabled -}} 17 | {{- $_ := set $enabledRoles $name . -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{- $enabledRoles | toYaml -}} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/filesFolders/_parseEnvFile.tpl: -------------------------------------------------------------------------------- 1 | {{- define "bjw-s.common.lib.filesFolders.parseEnvFile" -}} 2 | {{- $content := .content -}} 3 | {{- $result := dict -}} 4 | 5 | {{- range $line := splitList "\n" $content -}} 6 | {{- $line = trim $line -}} 7 | {{- /* Skip empty lines and comments */ -}} 8 | {{- if and (ne $line "") (not (hasPrefix $line "#")) -}} 9 | {{- $keyValue := splitList "=" $line -}} 10 | {{- if ge (len $keyValue) 2 -}} 11 | {{- $key := index $keyValue 0 | trim -}} 12 | {{- $value := index $keyValue 1 | replace "\"" "" | replace "'" "" | trim -}} 13 | {{- $_ := set $result $key $value -}} 14 | {{- end -}} 15 | {{- end -}} 16 | {{- end -}} 17 | 18 | {{- $result | toYaml -}} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/secret/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate secret from folder values 3 | */}} 4 | {{- define "bjw-s.common.lib.secret.fromFolder.validate" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $basePath := required "If you're using `secretsFromFolder` you need to specify a `basePath` key" (trimSuffix "/" .basePath) -}} 7 | {{- $filteredPaths := $rootContext.Files.Glob (printf "%s/**" $basePath) -}} 8 | {{- $folders := dict -}} 9 | 10 | {{- range $path, $_ := $filteredPaths -}} 11 | {{- $_ := set $folders (dir $path) "" -}} 12 | {{- end -}} 13 | {{- $folders = keys $folders | uniq | sortAlpha -}} 14 | 15 | {{- if empty $folders -}} 16 | {{- fail (printf "No usable files found in the folder %s" $basePath) }} 17 | {{- end -}} 18 | {{- end -}} 19 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/common/_imageSpecificationToImage.tpl: -------------------------------------------------------------------------------- 1 | 2 | {{/* 3 | Translate an imageSpecification to an image string. 4 | */}} 5 | {{- define "bjw-s.common.lib.imageSpecificationToImage" -}} 6 | {{- $rootContext := .rootContext -}} 7 | {{- $imageSpec := .imageSpec -}} 8 | 9 | {{- $imageRepo := tpl $imageSpec.repository $rootContext -}} 10 | {{- $imageTag := tpl (default "" $imageSpec.tag) $rootContext -}} 11 | {{- $imageDigest := tpl (default "" $imageSpec.digest) $rootContext -}} 12 | 13 | {{- $image := $imageRepo -}} 14 | {{- if $imageTag -}} 15 | {{- $image = printf "%s:%s" $image $imageTag -}} 16 | {{- end -}} 17 | {{- if $imageDigest -}} 18 | {{- $image = printf "%s@%s" $image $imageDigest -}} 19 | {{- end -}} 20 | {{- $image -}} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/service/field_internalTrafficPolicy_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: service - fields - internalTrafficPolicy 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | - ../_values/service_main_default.yaml 9 | tests: 10 | - it: internalTrafficPolicy can be configured 11 | set: 12 | service: 13 | main: 14 | internalTrafficPolicy: Local 15 | documentSelector: 16 | path: $[?(@.kind == "Service")].metadata.name 17 | value: release-name 18 | asserts: 19 | - equal: 20 | path: spec.internalTrafficPolicy 21 | value: Local 22 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/service/field_ports_targetPort_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: service - fields - ports - targetPort 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | - ../_values/service_main_default.yaml 9 | tests: 10 | - it: targetPort can be configured 11 | set: 12 | service: 13 | main: 14 | ports: 15 | http: 16 | targetPort: 80 17 | documentSelector: 18 | path: $[?(@.kind == "Service")].metadata.name 19 | value: release-name 20 | asserts: 21 | - equal: 22 | path: spec.ports[0].targetPort 23 | value: 80 24 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/secret/_enabled_secrets.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the enabled secrets. 3 | */}} 4 | {{- define "bjw-s.common.lib.secret.enabledSecrets" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $enabledSecrets := dict -}} 7 | 8 | {{- range $identifier, $secret := $rootContext.Values.secrets -}} 9 | {{- if kindIs "map" $secret -}} 10 | {{- /* Enable Secret by default, but allow override */ -}} 11 | {{- $secretEnabled := true -}} 12 | {{- if hasKey $secret "enabled" -}} 13 | {{- $secretEnabled = $secret.enabled -}} 14 | {{- end -}} 15 | 16 | {{- if $secretEnabled -}} 17 | {{- $_ := set $enabledSecrets $identifier . -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{- $enabledSecrets | toYaml -}} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/container/fields/_command.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Command used by the container. 3 | */}} 4 | {{- define "bjw-s.common.lib.container.field.command" -}} 5 | {{- $ctx := .ctx -}} 6 | {{- $containerObject := $ctx.containerObject -}} 7 | {{- $commandValues := get $containerObject "command" -}} 8 | 9 | {{- /* Default to empty list */ -}} 10 | {{- $command := list -}} 11 | 12 | {{- /* See if an override is desired */ -}} 13 | {{- if not (empty $commandValues) -}} 14 | {{- if kindIs "string" $commandValues -}} 15 | {{- $command = append $command $commandValues -}} 16 | {{- else -}} 17 | {{- $command = $commandValues -}} 18 | {{- end -}} 19 | {{- end -}} 20 | 21 | {{- if not (empty $command) -}} 22 | {{- $command | toYaml -}} 23 | {{- end -}} 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/container/fields/_name.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Name used by the container. 3 | */}} 4 | {{- define "bjw-s.common.lib.container.field.name" -}} 5 | {{- $ctx := .ctx -}} 6 | {{- $rootContext := $ctx.rootContext -}} 7 | {{- $containerObject := $ctx.containerObject -}} 8 | 9 | {{- /* Default to container identifier */ -}} 10 | {{- $name := $containerObject.identifier -}} 11 | 12 | {{- /* See if an override is desired */ -}} 13 | {{- if hasKey $containerObject "nameOverride" -}} 14 | {{- $option := get $containerObject "nameOverride" -}} 15 | {{- if not (empty $option) -}} 16 | {{- $name = $option -}} 17 | {{- end -}} 18 | {{- end -}} 19 | 20 | {{- /* Parse any templates */ -}} 21 | {{- $name = tpl $name $rootContext -}} 22 | 23 | {{- $name | toYaml -}} 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/configMap/_enabled_configmaps.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the enabled configMaps. 3 | */}} 4 | {{- define "bjw-s.common.lib.configMap.enabledConfigmaps" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $enabledSecrets := dict -}} 7 | 8 | {{- range $identifier, $secret := $rootContext.Values.configMaps -}} 9 | {{- if kindIs "map" $secret -}} 10 | {{- /* Enable Secret by default, but allow override */ -}} 11 | {{- $secretEnabled := true -}} 12 | {{- if hasKey $secret "enabled" -}} 13 | {{- $secretEnabled = $secret.enabled -}} 14 | {{- end -}} 15 | 16 | {{- if $secretEnabled -}} 17 | {{- $_ := set $enabledSecrets $identifier . -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{- $enabledSecrets | toYaml -}} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /charts/library/common/templates/render/_pvcs.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Renders the Persistent Volume Claim objects required by the chart 3 | */}} 4 | {{- define "bjw-s.common.render.pvcs" -}} 5 | {{- $rootContext := $ -}} 6 | 7 | {{- /* Generate pvc as required */ -}} 8 | {{- $enabledPVCs := (include "bjw-s.common.lib.pvc.enabledPVCs" (dict "rootContext" $rootContext) | fromYaml ) -}} 9 | {{- range $identifier := keys $enabledPVCs -}} 10 | {{- /* Generate object from the raw persistence values */ -}} 11 | {{- $pvcObject := (include "bjw-s.common.lib.pvc.getByIdentifier" (dict "rootContext" $rootContext "id" $identifier) | fromYaml) -}} 12 | 13 | {{- /* Include the PVC class */ -}} 14 | {{- include "bjw-s.common.class.pvc" (dict "rootContext" $rootContext "object" $pvcObject) | nindent 0 -}} 15 | {{- end -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/job/metadata_jobTemplate_annotations_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: job - jobTemplate - metadata - annotations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main: 10 | type: job 11 | tests: 12 | - it: jobTemplate metadata should pass 13 | set: 14 | controllers.main.pod.annotations: 15 | test_annotation: test 16 | documentSelector: 17 | path: $[?(@.kind == "Job")].metadata.name 18 | value: release-name 19 | asserts: 20 | - equal: 21 | path: spec.template.metadata.annotations 22 | value: 23 | test_annotation: test 24 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/rolebinding/_enabled_roleBindings.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the enabled RoleBindings. 3 | */}} 4 | {{- define "bjw-s.common.lib.rbac.roleBinding.enabledRoleBindings" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $enabledRoleBindings := dict -}} 7 | 8 | {{- range $name, $role := $rootContext.Values.rbac.bindings -}} 9 | {{- if kindIs "map" $role -}} 10 | {{- /* Enable Role by default, but allow override */ -}} 11 | {{- $roleEnabled := true -}} 12 | {{- if hasKey $role "enabled" -}} 13 | {{- $roleEnabled = $role.enabled -}} 14 | {{- end -}} 15 | 16 | {{- if $roleEnabled -}} 17 | {{- $_ := set $enabledRoleBindings $name . -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{- $enabledRoleBindings | toYaml -}} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /charts/library/common/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v2 3 | name: common 4 | description: Function library for Helm charts 5 | type: library 6 | version: 4.5.0 7 | kubeVersion: ">=1.28.0-0" 8 | keywords: 9 | - common 10 | - library 11 | home: https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common 12 | maintainers: 13 | - name: bjw-s 14 | email: me@bjw-s.dev 15 | sources: 16 | - https://github.com/bjw-s-labs/helm-charts 17 | annotations: 18 | artifacthub.io/changes: |- 19 | - kind: added 20 | description: |- 21 | Add support for named route rules. 22 | - kind: added 23 | description: |- 24 | Allow creating PodDisruptionBudget Objects for controllers. 25 | - kind: added 26 | description: |- 27 | Allow defining experimental CORS and externalAuth filters in HTTPRoutes. 28 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/statefulset/_valuesToObject.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Convert StatefulSet values to an object 3 | */}} 4 | {{- define "bjw-s.common.lib.statefulset.valuesToObject" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $objectValues := .values -}} 8 | {{- $itemCount := .itemCount -}} 9 | 10 | {{- $objectName := (include "bjw-s.common.lib.determineResourceNameFromValues" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" $itemCount)) -}} 11 | 12 | {{- $_ := set $objectValues "name" $objectName -}} 13 | {{- $_ := set $objectValues "identifier" $identifier -}} 14 | 15 | {{- $strategy := default "RollingUpdate" $objectValues.strategy -}} 16 | {{- $_ := set $objectValues "strategy" $strategy -}} 17 | 18 | {{- $objectValues | toYaml -}} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/service/field_externalName_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: service - fields - externalName 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | - ../_values/service_main_default.yaml 9 | tests: 10 | - it: externalName can be configured for ExternalName service 11 | set: 12 | service: 13 | main: 14 | type: ExternalName 15 | externalName: my.database.example.com 16 | documentSelector: 17 | path: $[?(@.kind == "Service")].metadata.name 18 | value: release-name 19 | asserts: 20 | - equal: 21 | path: spec.externalName 22 | value: my.database.example.com 23 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/controller/_enabled_controllers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the enabled controllers. 3 | */}} 4 | {{- define "bjw-s.common.lib.controller.enabledControllers" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $enabledControllers := dict -}} 7 | 8 | {{- range $name, $controller := $rootContext.Values.controllers -}} 9 | {{- if kindIs "map" $controller -}} 10 | {{- /* Enable by default, but allow override */ -}} 11 | {{- $controllerEnabled := true -}} 12 | {{- if hasKey $controller "enabled" -}} 13 | {{- $controllerEnabled = $controller.enabled -}} 14 | {{- end -}} 15 | 16 | {{- if $controllerEnabled -}} 17 | {{- $_ := set $enabledControllers $name . -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{- $enabledControllers | toYaml -}} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/misc/nameoverride_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: misc - global nameOverride test 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: default name is set to release name 10 | asserts: 11 | - containsDocument: 12 | apiVersion: apps/v1 13 | kind: Deployment 14 | name: release-name 15 | any: true 16 | 17 | - it: global.nameOverride can be set 18 | set: 19 | global.nameOverride: custom-name 20 | asserts: 21 | - containsDocument: 22 | apiVersion: apps/v1 23 | kind: Deployment 24 | name: release-name-custom-name 25 | any: true 26 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/rawResource/_enabled_rawResources.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the enabled raw resources. 3 | */}} 4 | {{- define "bjw-s.common.lib.rawResource.enabledRawResources" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $enabledRawResources := dict -}} 7 | 8 | {{- range $name, $resource := $rootContext.Values.rawResources -}} 9 | {{- if kindIs "map" $resource -}} 10 | {{- /* Enable Raw Resource by default, but allow override */ -}} 11 | {{- $resourceEnabled := true -}} 12 | {{- if hasKey $resource "enabled" -}} 13 | {{- $resourceEnabled = $resource.enabled -}} 14 | {{- end -}} 15 | 16 | {{- if $resourceEnabled -}} 17 | {{- $_ := set $enabledRawResources $name . -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{- $enabledRawResources | toYaml -}} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/rbac/role_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: rbac - role tests 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/rbac_values.yaml 8 | tests: 9 | - it: Role should be namespaced 10 | documentSelector: 11 | path: $[?(@.kind == "Role")].metadata.name 12 | value: release-name 13 | asserts: 14 | - exists: 15 | path: metadata.namespace 16 | 17 | - it: ClusterRole should not be namespaced 18 | set: 19 | rbac.roles.defaultRole: 20 | type: ClusterRole 21 | documentSelector: 22 | path: $[?(@.kind == "ClusterRole")].metadata.name 23 | value: release-name 24 | asserts: 25 | - notExists: 26 | path: metadata.namespace 27 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/ci/basic-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=../../../common/values.schema.json 3 | controllers: 4 | main: 5 | containers: 6 | main: 7 | image: 8 | repository: ghcr.io/mendhak/http-https-echo 9 | tag: 31 10 | pullPolicy: IfNotPresent 11 | 12 | probes: 13 | liveness: 14 | enabled: true 15 | readiness: 16 | enabled: true 17 | startup: 18 | enabled: true 19 | 20 | ingress: 21 | main: 22 | hosts: 23 | - host: "test.local" 24 | paths: 25 | - path: / 26 | tls: 27 | - hosts: 28 | - "test.local" 29 | 30 | service: 31 | main: 32 | ports: 33 | http: 34 | port: 8080 35 | 36 | persistence: 37 | media: 38 | type: persistentVolumeClaim 39 | accessMode: ReadWriteOnce 40 | size: 1Gi 41 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/pod/field_volumes_nfs_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: pod - fields - volumes (nfs) 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: nfs persistence type should pass 10 | set: 11 | persistence: 12 | nfs: 13 | type: nfs 14 | server: 10.10.0.8 15 | path: /tank/nas/library 16 | documentSelector: 17 | path: $[?(@.kind == "Deployment")].metadata.name 18 | value: release-name 19 | asserts: 20 | - equal: 21 | path: spec.template.spec.volumes[0] 22 | value: 23 | name: nfs 24 | nfs: 25 | path: /tank/nas/library 26 | server: 10.10.0.8 27 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/route/field_rule_name_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: route - fields - rule name 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: rule name is rendered for HTTPRoute 10 | set: 11 | route.main: 12 | parentRefs: 13 | - name: parentName 14 | namespace: parentNamespace 15 | rules: 16 | - name: rule-one 17 | backendRefs: 18 | - name: my-service 19 | port: 8080 20 | documentSelector: 21 | path: $[?(@.kind == "HTTPRoute")].metadata.name 22 | value: release-name 23 | asserts: 24 | - equal: 25 | path: spec.rules[0].name 26 | value: rule-one 27 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/networkpolicy/_enabled_networkpolicies.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the enabled NetworkPolicies. 3 | */}} 4 | {{- define "bjw-s.common.lib.networkpolicy.enabledNetworkPolicies" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $enabledNetworkPolicies := dict -}} 7 | 8 | {{- range $name, $networkPolicy := $rootContext.Values.networkpolicies -}} 9 | {{- if kindIs "map" $networkPolicy -}} 10 | {{- /* Enable by default, but allow override */ -}} 11 | {{- $networkPolicyEnabled := true -}} 12 | {{- if hasKey $networkPolicy "enabled" -}} 13 | {{- $networkPolicyEnabled = $networkPolicy.enabled -}} 14 | {{- end -}} 15 | 16 | {{- if $networkPolicyEnabled -}} 17 | {{- $_ := set $enabledNetworkPolicies $name . -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{- $enabledNetworkPolicies | toYaml -}} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /charts/library/common/templates/render/_rawResources.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Renders other arbirtrary objects required by the chart. 3 | */}} 4 | {{- define "bjw-s.common.render.rawResources" -}} 5 | {{- $rootContext := $ -}} 6 | 7 | {{- /* Generate raw resources as required */ -}} 8 | {{- $enabledRawResources := (include "bjw-s.common.lib.rawResource.enabledRawResources" (dict "rootContext" $rootContext) | fromYaml ) -}} 9 | {{- range $identifier := keys $enabledRawResources -}} 10 | {{- /* Generate object from the raw resource values */ -}} 11 | {{- $rawResourceObject := (include "bjw-s.common.lib.rawResource.getByIdentifier" (dict "rootContext" $rootContext "id" $identifier) | fromYaml) -}} 12 | 13 | {{- /* Include the raw resource class */ -}} 14 | {{- include "bjw-s.common.class.rawResource" (dict "rootContext" $rootContext "object" $rawResourceObject) | nindent 0 -}} 15 | {{- end -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/cronjob/metadata_jobTemplate_annotations_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: cronjob - jobTemplate - metadata - annotations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main: 10 | type: cronjob 11 | cronjob: 12 | schedule: "*/20 * * * *" 13 | tests: 14 | - it: jobTemplate metadata should pass 15 | set: 16 | controllers.main.pod.annotations: 17 | test_annotation: test 18 | documentSelector: 19 | path: $[?(@.kind == "CronJob")].metadata.name 20 | value: release-name 21 | asserts: 22 | - equal: 23 | path: spec.jobTemplate.spec.template.metadata.annotations 24 | value: 25 | test_annotation: test 26 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/controller/_enabled_containers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the enabled containers for a controller. 3 | */}} 4 | {{- define "bjw-s.common.lib.controller.enabledContainers" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $controllerObject := .controllerObject -}} 7 | 8 | {{- $enabledContainers := dict -}} 9 | {{- range $name, $container := $controllerObject.containers -}} 10 | {{- if kindIs "map" $container -}} 11 | {{- /* Enable container by default, but allow override */ -}} 12 | {{- $containerEnabled := true -}} 13 | {{- if hasKey $container "enabled" -}} 14 | {{- $containerEnabled = $container.enabled -}} 15 | {{- end -}} 16 | 17 | {{- if $containerEnabled -}} 18 | {{- $_ := set $enabledContainers $name $container -}} 19 | {{- end -}} 20 | {{- end -}} 21 | {{- end -}} 22 | 23 | {{- $enabledContainers | toYaml -}} 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/pod/fields/_dnsPolicy.tpl: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Returns the value for dnsPolicy 3 | */ -}} 4 | {{- define "bjw-s.common.lib.pod.field.dnsPolicy" -}} 5 | {{- $ctx := .ctx -}} 6 | {{- $controllerObject := $ctx.controllerObject -}} 7 | 8 | {{- /* Default to "ClusterFirst" */ -}} 9 | {{- $dnsPolicy := "ClusterFirst" -}} 10 | 11 | {{- /* Get hostNetwork value "" */ -}} 12 | {{- $hostNetwork:= include "bjw-s.common.lib.pod.getOption" (dict "ctx" $ctx "option" "hostNetwork") -}} 13 | {{- if (eq $hostNetwork "true") -}} 14 | {{- $dnsPolicy = "ClusterFirstWithHostNet" -}} 15 | {{- end -}} 16 | 17 | {{- /* See if an override is desired */ -}} 18 | {{- $override := include "bjw-s.common.lib.pod.getOption" (dict "ctx" $ctx "option" "dnsPolicy") -}} 19 | 20 | {{- if not (empty $override) -}} 21 | {{- $dnsPolicy = $override -}} 22 | {{- end -}} 23 | 24 | {{- $dnsPolicy -}} 25 | {{- end -}} 26 | -------------------------------------------------------------------------------- /charts/other/app-template/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v2 3 | description: A common powered chart template. This can be useful for small projects that don't have their own chart. 4 | name: app-template 5 | version: 4.5.0 6 | kubeVersion: ">=1.28.0-0" 7 | maintainers: 8 | - name: bjw-s 9 | email: me@bjw-s.dev 10 | dependencies: 11 | - name: common 12 | repository: https://bjw-s-labs.github.io/helm-charts 13 | version: 4.5.0 14 | sources: 15 | - https://github.com/bjw-s-labs/helm-charts 16 | annotations: 17 | artifacthub.io/changes: |- 18 | - kind: changed 19 | description: |- 20 | Upgraded the common library to v4.5.0 21 | links: 22 | - name: Upgrade notes 23 | url: https://bjw-s-labs.github.io/helm-charts/docs/app-template/upgrade-instructions/ 24 | - name: Detailed release notes 25 | url: https://github.com/bjw-s-labs/helm-charts/releases/tag/common-4.5.0 26 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/pvc/_enabled_pvcs.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the enabled PVCs. 3 | */}} 4 | {{- define "bjw-s.common.lib.pvc.enabledPVCs" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $enabledPVCs := dict -}} 7 | 8 | {{- range $identifier, $persistenceItem := $rootContext.Values.persistence -}} 9 | {{- if kindIs "map" $persistenceItem -}} 10 | {{- /* Enable PVC by default, but allow override */ -}} 11 | {{- $pvcEnabled := true -}} 12 | {{- if hasKey $persistenceItem "enabled" -}} 13 | {{- $pvcEnabled = $persistenceItem.enabled -}} 14 | {{- end -}} 15 | 16 | {{- if and $pvcEnabled (eq (default "persistentVolumeClaim" $persistenceItem.type) "persistentVolumeClaim") (not $persistenceItem.existingClaim) -}} 17 | {{- $_ := set $enabledPVCs $identifier . -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{- $enabledPVCs | toYaml -}} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/job/field_parallelism_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: job - fields - parallelism 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main.type: job 10 | tests: 11 | - it: default configuration should pass 12 | documentSelector: 13 | path: $[?(@.kind == "Job")].metadata.name 14 | value: release-name 15 | asserts: 16 | - notExists: 17 | path: spec.parallelism 18 | 19 | - it: custom configuration should pass 20 | set: 21 | controllers.main.job.parallelism: 3 22 | documentSelector: 23 | path: $[?(@.kind == "Job")].metadata.name 24 | value: release-name 25 | asserts: 26 | - equal: 27 | path: spec.parallelism 28 | value: 3 29 | -------------------------------------------------------------------------------- /charts/library/common/schemas/serviceAccount.json: -------------------------------------------------------------------------------- 1 | { 2 | "instance": { 3 | "allOf": [ 4 | { "$ref": "definitions.json#/resourceIdentifier" }, 5 | { 6 | "type": "object", 7 | "additionalProperties": false, 8 | "properties": { 9 | "forceRename": {}, 10 | "prefix": {}, 11 | "suffix": {}, 12 | "enabled": { 13 | "description": "Set to false to disable the ServiceAccount.", 14 | "type": "boolean", 15 | "default": true 16 | }, 17 | "annotations": { "$ref": "definitions.json#/annotations" }, 18 | "labels": { "$ref": "definitions.json#/labels" }, 19 | "staticToken": { 20 | "description": "Set to true to create a long-lived static token for the ServiceAccount.", 21 | "type": "boolean", 22 | "default": false 23 | } 24 | } 25 | } 26 | ] 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/controller/_getByIdentifier.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return a controller object by its Identifier. 3 | */}} 4 | {{- define "bjw-s.common.lib.controller.getByIdentifier" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $enabledControllers := (include "bjw-s.common.lib.controller.enabledControllers" (dict "rootContext" $rootContext) | fromYaml ) }} 8 | 9 | {{- if (hasKey $enabledControllers $identifier) -}} 10 | {{- $objectValues := get $enabledControllers $identifier -}} 11 | 12 | {{- /* Default the controller type to Deployment */ -}} 13 | {{- if empty (dig "type" nil $objectValues) -}} 14 | {{- $_ := set $objectValues "type" "deployment" -}} 15 | {{- end -}} 16 | 17 | {{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" (len $enabledControllers)) -}} 18 | {{- end -}} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/job/field_suspend_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: job - fields - suspend 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main.type: job 10 | tests: 11 | - it: default configuration should pass 12 | documentSelector: 13 | path: $[?(@.kind == "Job")].metadata.name 14 | value: release-name 15 | asserts: 16 | - equal: 17 | path: spec.suspend 18 | value: false 19 | 20 | - it: custom configuration should pass 21 | set: 22 | controllers.main.job.suspend: true 23 | documentSelector: 24 | path: $[?(@.kind == "Job")].metadata.name 25 | value: release-name 26 | asserts: 27 | - equal: 28 | path: spec.suspend 29 | value: true 30 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/job/metadata_jobTemplate_labels_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: job - jobTemplate - metadata - labels 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main: 10 | type: job 11 | tests: 12 | - it: jobTemplate metadata should pass 13 | set: 14 | controllers.main.pod.labels: 15 | test_label: test 16 | documentSelector: 17 | path: $[?(@.kind == "Job")].metadata.name 18 | value: release-name 19 | asserts: 20 | - equal: 21 | path: spec.template.metadata.labels 22 | value: 23 | app.kubernetes.io/controller: main 24 | app.kubernetes.io/instance: RELEASE-NAME 25 | app.kubernetes.io/name: RELEASE-NAME 26 | test_label: test 27 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/container/field_tty_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: container - fields - tty 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: default should pass 10 | documentSelector: 11 | path: $[?(@.kind == "Deployment")].metadata.name 12 | value: release-name 13 | asserts: 14 | - notExists: 15 | path: spec.template.spec.containers[0].tty 16 | 17 | - it: custom tty should pass 18 | set: 19 | controllers.main.containers: 20 | main: 21 | tty: true 22 | documentSelector: 23 | path: $[?(@.kind == "Deployment")].metadata.name 24 | value: release-name 25 | asserts: 26 | - equal: 27 | path: spec.template.spec.containers[0].tty 28 | value: true 29 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/job/field_backoffLimit_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: job - fields - backoffLimit 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main.type: job 10 | tests: 11 | - it: default configuration should pass 12 | documentSelector: 13 | path: $[?(@.kind == "Job")].metadata.name 14 | value: release-name 15 | asserts: 16 | - equal: 17 | path: spec.backoffLimit 18 | value: 6 19 | 20 | - it: custom configuration should pass 21 | set: 22 | controllers.main.job.backoffLimit: 3 23 | documentSelector: 24 | path: $[?(@.kind == "Job")].metadata.name 25 | value: release-name 26 | asserts: 27 | - equal: 28 | path: spec.backoffLimit 29 | value: 3 30 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/cronjob/_valuesToObject.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Convert Cronjob values to an object 3 | */}} 4 | {{- define "bjw-s.common.lib.cronjob.valuesToObject" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $identifier := .id -}} 7 | {{- $objectValues := .values -}} 8 | {{- $itemCount := .itemCount -}} 9 | 10 | {{- $objectName := (include "bjw-s.common.lib.determineResourceNameFromValues" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" $itemCount)) -}} 11 | 12 | {{- $_ := set $objectValues "name" $objectName -}} 13 | {{- $_ := set $objectValues "identifier" $identifier -}} 14 | 15 | {{- if not (hasKey $objectValues "pod") -}} 16 | {{- $_ := set $objectValues "pod" dict -}} 17 | {{- end -}} 18 | 19 | {{- $restartPolicy := default "Never" $objectValues.pod.restartPolicy -}} 20 | {{- $_ := set $objectValues.pod "restartPolicy" $restartPolicy -}} 21 | 22 | {{- $objectValues | toYaml -}} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/container/field_stdin_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: container - fields - stdin 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: default should pass 10 | documentSelector: 11 | path: $[?(@.kind == "Deployment")].metadata.name 12 | value: release-name 13 | asserts: 14 | - notExists: 15 | path: spec.template.spec.containers[0].stdin 16 | 17 | - it: custom stdin should pass 18 | set: 19 | controllers.main.containers: 20 | main: 21 | stdin: true 22 | documentSelector: 23 | path: $[?(@.kind == "Deployment")].metadata.name 24 | value: release-name 25 | asserts: 26 | - equal: 27 | path: spec.template.spec.containers[0].stdin 28 | value: true 29 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/ingress/_autoDetectService.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Autodetects the service for an Ingress object 3 | */}} 4 | {{- define "bjw-s.common.lib.ingress.autoDetectService" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $ingressObject := .object -}} 7 | {{- $enabledServices := (include "bjw-s.common.lib.service.enabledServices" (dict "rootContext" $rootContext) | fromYaml ) -}} 8 | 9 | {{- if eq 1 (len $enabledServices) -}} 10 | {{- range $ingressObject.hosts -}} 11 | {{- range .paths -}} 12 | {{- if not (has "service" (keys .)) -}} 13 | {{- $_ := set . "service" (dict "identifier" ($enabledServices | keys | first)) -}} 14 | {{- else if and (not .service.name) (not .service.identifier) -}} 15 | {{- $_ := set .service "identifier" ($enabledServices | keys | first) -}} 16 | {{- end -}} 17 | {{- end -}} 18 | {{- end -}} 19 | {{- end -}} 20 | 21 | {{- $ingressObject | toYaml -}} 22 | {{- end -}} 23 | -------------------------------------------------------------------------------- /docs/common-library/storage/types/custom.md: -------------------------------------------------------------------------------- 1 | --- 2 | hide: 3 | - toc 4 | --- 5 | 6 | # Custom 7 | 8 | When you wish to specify a custom volume, you can use the `custom` type. 9 | This can be used for example to mount configMap or Secret objects. 10 | 11 | See the [Kubernetes docs](https://kubernetes.io/docs/concepts/storage/volumes/) 12 | for more information. 13 | 14 | | Field | Mandatory | Docs / Description | 15 | | ------------ | --------- | -------------------------------- | 16 | | `volumeSpec` | Yes | Define the raw Volume spec here. | 17 | 18 | ## Minimal configuration 19 | 20 | ```yaml 21 | persistence: 22 | config: 23 | enabled: true 24 | type: custom 25 | volumeSpec: 26 | downwardAPI: 27 | items: 28 | - path: "labels" 29 | fieldRef: 30 | fieldPath: metadata.labels 31 | - path: "annotations" 32 | fieldRef: 33 | fieldPath: metadata.annotations 34 | ``` 35 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/serviceMonitor/_autoDetectService.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Autodetects the service for a ServiceMonitors object 3 | */}} 4 | {{- define "bjw-s.common.lib.serviceMonitor.autoDetectService" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $serviceMonitorObject := .object -}} 7 | {{- $enabledServices := (include "bjw-s.common.lib.service.enabledServices" (dict "rootContext" $rootContext) | fromYaml ) -}} 8 | 9 | {{- if eq 1 (len $enabledServices) -}} 10 | {{- if and 11 | (empty (dig "selector" nil $serviceMonitorObject)) 12 | (empty (dig "serviceName" nil $serviceMonitorObject)) 13 | (empty (dig "service" "name" nil $serviceMonitorObject)) 14 | (empty (dig "service" "identifier" nil $serviceMonitorObject)) 15 | -}} 16 | {{- $_ := set $serviceMonitorObject "service" (dict "identifier" ($enabledServices | keys | first)) -}} 17 | {{- end -}} 18 | {{- end -}} 19 | 20 | {{- $serviceMonitorObject | toYaml -}} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/job/field_ttlSecondsAfterFinished_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: job - fields - ttlSecondsAfterFinished 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main.type: job 10 | tests: 11 | - it: default configuration should pass 12 | documentSelector: 13 | path: $[?(@.kind == "Job")].metadata.name 14 | value: release-name 15 | asserts: 16 | - notExists: 17 | path: spec.ttlSecondsAfterFinished 18 | 19 | - it: custom configuration should pass 20 | set: 21 | controllers.main.job.ttlSecondsAfterFinished: 3600 22 | documentSelector: 23 | path: $[?(@.kind == "Job")].metadata.name 24 | value: release-name 25 | asserts: 26 | - equal: 27 | path: spec.ttlSecondsAfterFinished 28 | value: 3600 29 | -------------------------------------------------------------------------------- /docs/common-library/storage/types/nfs-share.md: -------------------------------------------------------------------------------- 1 | --- 2 | hide: 3 | - toc 4 | --- 5 | 6 | # NFS Share 7 | 8 | To mount an NFS share to your Pod you can either pre-create a persistentVolumeClaim 9 | referring to it, or you can specify an inline NFS volume: 10 | 11 | !!! note 12 | 13 | Mounting an NFS share this way does not allow for specifying mount options. 14 | If you require these, you must create a PVC to mount the share. 15 | 16 | | Field | Mandatory | Docs / Description | 17 | | -------- | --------- | ------------------------------------------ | 18 | | `server` | Yes | Host name or IP address of the NFS server. | 19 | | `path` | Yes | The path on the server to mount. | 20 | 21 | ## Minimal configuration 22 | 23 | ```yaml 24 | persistence: 25 | config: 26 | enabled: true 27 | type: nfs 28 | server: 10.10.0.8 29 | path: /tank/nas/library 30 | ``` 31 | 32 | This will mount the NFS share `/tank/nas/library` on server `10.10.0.8` to `/config`. 33 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/job/field_restartPolicy_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: job - fields - restartPolicy 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main.type: job 10 | tests: 11 | - it: default configuration should pass 12 | documentSelector: 13 | path: $[?(@.kind == "Job")].metadata.name 14 | value: release-name 15 | asserts: 16 | - equal: 17 | path: spec.template.spec.restartPolicy 18 | value: Never 19 | 20 | - it: custom configuration should pass 21 | set: 22 | controllers.main.pod.restartPolicy: OnFailure 23 | documentSelector: 24 | path: $[?(@.kind == "Job")].metadata.name 25 | value: release-name 26 | asserts: 27 | - equal: 28 | path: spec.template.spec.restartPolicy 29 | value: OnFailure 30 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/serviceMonitor/presence_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: serviceMonitor - presence 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: a serviceMonitor is not created by default 10 | asserts: 11 | - not: true 12 | containsDocument: 13 | kind: ServiceMonitor 14 | apiVersion: monitoring.coreos.com/v1 15 | name: RELEASE-NAME 16 | any: true 17 | 18 | - it: a serviceMonitor is not created when disabled 19 | set: 20 | serviceMonitor: 21 | main: 22 | enabled: false 23 | serviceName: test 24 | asserts: 25 | - not: true 26 | containsDocument: 27 | kind: ServiceMonitor 28 | apiVersion: monitoring.coreos.com/v1 29 | name: RELEASE-NAME 30 | any: true 31 | -------------------------------------------------------------------------------- /charts/library/common/templates/render/_routes.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Renders the Route objects required by the chart 3 | */}} 4 | {{- define "bjw-s.common.render.routes" -}} 5 | {{- $rootContext := $ -}} 6 | 7 | {{- /* Generate named routes as required */ -}} 8 | {{- $enabledRoutes := (include "bjw-s.common.lib.route.enabledRoutes" (dict "rootContext" $rootContext) | fromYaml ) -}} 9 | {{- range $identifier := keys $enabledRoutes -}} 10 | {{- /* Generate object from the raw route values */ -}} 11 | {{- $routeObject := (include "bjw-s.common.lib.route.getByIdentifier" (dict "rootContext" $rootContext "id" $identifier) | fromYaml) -}} 12 | 13 | {{- /* Perform validations on the Route before rendering */ -}} 14 | {{- include "bjw-s.common.lib.route.validate" (dict "rootContext" $rootContext "object" $routeObject) -}} 15 | 16 | {{- /* Include the Route class */ -}} 17 | {{- include "bjw-s.common.class.route" (dict "rootContext" $rootContext "object" $routeObject) | nindent 0 -}} 18 | {{- end -}} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/container/field_restartpolicy_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: container - fields - restartPolicy 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: default should pass 10 | documentSelector: 11 | path: $[?(@.kind == "Deployment")].metadata.name 12 | value: release-name 13 | asserts: 14 | - notExists: 15 | path: spec.template.spec.containers[0].restartPolicy 16 | 17 | - it: custom restartPolicy should pass 18 | set: 19 | controllers.main.containers: 20 | main: 21 | restartPolicy: Always 22 | documentSelector: 23 | path: $[?(@.kind == "Deployment")].metadata.name 24 | value: release-name 25 | asserts: 26 | - equal: 27 | path: spec.template.spec.containers[0].restartPolicy 28 | value: Always 29 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/networkpolicy/field_rules_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: networkPolicy - fields - rules 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: networkpolicy rules are passed through 10 | set: 11 | networkpolicies: 12 | main: 13 | controller: main 14 | policyTypes: 15 | - Ingress 16 | - Egress 17 | rules: 18 | ingress: 19 | - {} 20 | egress: 21 | - {} 22 | documentSelector: 23 | path: $[?(@.kind == "NetworkPolicy")].metadata.name 24 | value: release-name 25 | asserts: 26 | - equal: 27 | path: spec.ingress 28 | value: 29 | - {} 30 | - equal: 31 | path: spec.egress 32 | value: 33 | - {} 34 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/cronjob/field_suspend_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: cronjob - fields - suspend 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main.type: cronjob 10 | controllers.main.cronjob.schedule: "*/20 * * * *" 11 | tests: 12 | - it: default configuration should pass 13 | documentSelector: 14 | path: $[?(@.kind == "CronJob")].metadata.name 15 | value: release-name 16 | asserts: 17 | - equal: 18 | path: spec.suspend 19 | value: false 20 | 21 | - it: custom configuration should pass 22 | set: 23 | controllers.main.cronjob.suspend: true 24 | documentSelector: 25 | path: $[?(@.kind == "CronJob")].metadata.name 26 | value: release-name 27 | asserts: 28 | - equal: 29 | path: spec.suspend 30 | value: true 31 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/cronjob/field_parallelism_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: cronjob - fields - parallelism 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main.type: cronjob 10 | controllers.main.cronjob.schedule: "*/20 * * * *" 11 | tests: 12 | - it: default configuration should pass 13 | documentSelector: 14 | path: $[?(@.kind == "CronJob")].metadata.name 15 | value: release-name 16 | asserts: 17 | - notExists: 18 | path: spec.parallelism 19 | 20 | - it: custom configuration should pass 21 | set: 22 | controllers.main.cronjob.parallelism: 3 23 | documentSelector: 24 | path: $[?(@.kind == "CronJob")].metadata.name 25 | value: release-name 26 | asserts: 27 | - equal: 28 | path: spec.jobTemplate.spec.parallelism 29 | value: 3 30 | -------------------------------------------------------------------------------- /docs/common-library/storage/types/image.md: -------------------------------------------------------------------------------- 1 | --- 2 | hide: 3 | - toc 4 | --- 5 | 6 | # Image 7 | 8 | !!! warning 9 | **IMPORTANT** This feature requires Kubernetes version >= 1.33 and a compatible container runtime! 10 | 11 | When you want to mount the contents of an OCI object (a container image or artifact) 12 | you will want to use the `image` persistence type. 13 | 14 | See the [Kubernetes docs](https://kubernetes.io/docs/concepts/storage/volumes/#image) 15 | for more information. 16 | 17 | | Field | Mandatory | Docs / Description | 18 | | ------------ | --------- | ---------------------------------- | 19 | | `image` | Yes | OCI artifact reference to be used. | 20 | | `pullPolicy` | No | Configure the image pull behavior. | 21 | 22 | ## Minimal configuration 23 | 24 | ```yaml 25 | persistence: 26 | config: 27 | type: image 28 | image: quay.io/crio/artifact:v2 29 | ``` 30 | 31 | This will create an image volume based on the `quay.io/crio/artifact:v2` OCI artifact and mount it to `/config`. 32 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/cronjob/metadata_jobTemplate_labels_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: cronjob - jobTemplate - metadata - labels 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main: 10 | type: cronjob 11 | cronjob: 12 | schedule: "*/20 * * * *" 13 | tests: 14 | - it: jobTemplate metadata should pass 15 | set: 16 | controllers.main.pod.labels: 17 | test_label: test 18 | documentSelector: 19 | path: $[?(@.kind == "CronJob")].metadata.name 20 | value: release-name 21 | asserts: 22 | - equal: 23 | path: spec.jobTemplate.spec.template.metadata.labels 24 | value: 25 | app.kubernetes.io/controller: main 26 | app.kubernetes.io/instance: RELEASE-NAME 27 | app.kubernetes.io/name: RELEASE-NAME 28 | test_label: test 29 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/routes/_autoDetectService.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Autodetects the service for a Route object 3 | */}} 4 | {{- define "bjw-s.common.lib.route.autoDetectService" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $routeObject := .object -}} 7 | {{- $enabledServices := (include "bjw-s.common.lib.service.enabledServices" (dict "rootContext" $rootContext) | fromYaml ) -}} 8 | 9 | {{- if eq 1 (len $enabledServices) -}} 10 | {{- if empty $routeObject.rules -}} 11 | {{- $_ := set $routeObject "rules" (list (dict "backendRefs" (list dict))) -}} 12 | {{- end -}} 13 | 14 | {{- range $routeObject.rules -}} 15 | {{- range .backendRefs }} 16 | {{- $backendRef := . -}} 17 | {{- if and (empty (dig "name" nil $backendRef)) (empty (dig "identifier" nil $backendRef)) -}} 18 | {{- $_ := set $backendRef "identifier" ($enabledServices | keys | first) -}} 19 | {{- end -}} 20 | {{- end -}} 21 | {{- end -}} 22 | {{- end -}} 23 | 24 | {{- $routeObject | toYaml -}} 25 | {{- end -}} 26 | -------------------------------------------------------------------------------- /charts/library/common/templates/render/_ingresses.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Renders the Ingress objects required by the chart. 3 | */}} 4 | {{- define "bjw-s.common.render.ingresses" -}} 5 | {{- $rootContext := $ -}} 6 | 7 | {{- /* Generate Ingresses as required */ -}} 8 | {{- $enabledIngresses := (include "bjw-s.common.lib.ingress.enabledIngresses" (dict "rootContext" $rootContext) | fromYaml ) -}} 9 | {{- range $identifier := keys $enabledIngresses -}} 10 | {{- /* Generate object from the raw persistence values */ -}} 11 | {{- $ingressObject := (include "bjw-s.common.lib.ingress.getByIdentifier" (dict "rootContext" $rootContext "id" $identifier) | fromYaml) -}} 12 | 13 | {{- /* Perform validations on the Ingress before rendering */ -}} 14 | {{- include "bjw-s.common.lib.ingress.validate" (dict "rootContext" $rootContext "object" $ingressObject) -}} 15 | 16 | {{- /* Include the ingress class */ -}} 17 | {{- include "bjw-s.common.class.ingress" (dict "rootContext" $ "object" $ingressObject) | nindent 0 -}} 18 | {{- end -}} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/ingress/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate Ingress values 3 | */}} 4 | {{- define "bjw-s.common.lib.ingress.validate" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $ingressObject := .object -}} 7 | 8 | {{- $enabledServices := (include "bjw-s.common.lib.service.enabledServices" (dict "rootContext" $rootContext) | fromYaml ) -}} 9 | 10 | {{/* Verify automatic service detection */}} 11 | {{- if not (eq 1 (len $enabledServices)) -}} 12 | {{- range $ingressObject.hosts -}} 13 | {{- $host := . -}} 14 | {{- range $host.paths -}} 15 | {{- $path := . -}} 16 | {{- if or (not (has "service" (keys .))) (and (not $path.service.name) (not $path.service.identifier)) -}} 17 | {{- fail (printf "Either service.name or service.identifier is required because automatic Service detection is not possible. (ingress: %s, host: %s, path: %s)" $ingressObject.identifier $host.host $path.path ) -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{- end -}} 21 | {{- end -}} 22 | 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /charts/library/common/templates/render/_services.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Renders the Service objects required by the chart. 3 | */}} 4 | {{- define "bjw-s.common.render.services" -}} 5 | {{- $rootContext := $ -}} 6 | 7 | {{- /* Generate named Services as required */ -}} 8 | {{- $enabledServices := (include "bjw-s.common.lib.service.enabledServices" (dict "rootContext" $rootContext) | fromYaml ) -}} 9 | {{- range $identifier := keys $enabledServices -}} 10 | {{- /* Generate object from the raw service values */ -}} 11 | {{- $serviceObject := (include "bjw-s.common.lib.service.getByIdentifier" (dict "rootContext" $rootContext "id" $identifier) | fromYaml) -}} 12 | 13 | {{- /* Perform validations on the Service before rendering */ -}} 14 | {{- include "bjw-s.common.lib.service.validate" (dict "rootContext" $rootContext "object" $serviceObject) -}} 15 | 16 | {{- /* Include the Service class */ -}} 17 | {{- include "bjw-s.common.class.service" (dict "rootContext" $rootContext "object" $serviceObject) | nindent 0 -}} 18 | {{- end -}} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/serviceMonitor/field_targetLabels_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: serviceMonitor - field - targetLabels 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: targetLabels can be configured 10 | set: 11 | serviceMonitor: 12 | main: 13 | serviceName: "{{ .Release.Name }}" 14 | endpoints: 15 | - port: http 16 | scheme: http 17 | path: /metrics 18 | interval: 1m 19 | scrapeTimeout: 10s 20 | targetLabels: 21 | - testlabel1 22 | - testlabel2 23 | documentSelector: 24 | path: $[?(@.kind == "ServiceMonitor")].metadata.name 25 | value: release-name 26 | asserts: 27 | - equal: 28 | path: spec.targetLabels 29 | value: 30 | - testlabel1 31 | - testlabel2 32 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/cronjob/field_failedJobsHistory_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: cronjob - fields - failedJobsHistory 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main.type: cronjob 10 | controllers.main.cronjob.schedule: "*/20 * * * *" 11 | tests: 12 | - it: default configuration should pass 13 | documentSelector: 14 | path: $[?(@.kind == "CronJob")].metadata.name 15 | value: release-name 16 | asserts: 17 | - equal: 18 | path: spec.failedJobsHistoryLimit 19 | value: 1 20 | 21 | - it: custom configuration should pass 22 | set: 23 | controllers.main.cronjob.failedJobsHistory: 2 24 | documentSelector: 25 | path: $[?(@.kind == "CronJob")].metadata.name 26 | value: release-name 27 | asserts: 28 | - equal: 29 | path: spec.failedJobsHistoryLimit 30 | value: 2 31 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/cronjob/field_concurrencyPolicy_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: cronjob - fields - concurrencyPolicy 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main.type: cronjob 10 | controllers.main.cronjob.schedule: "*/20 * * * *" 11 | tests: 12 | - it: default configuration should pass 13 | documentSelector: 14 | path: $[?(@.kind == "CronJob")].metadata.name 15 | value: release-name 16 | asserts: 17 | - equal: 18 | path: spec.concurrencyPolicy 19 | value: Forbid 20 | 21 | - it: custom configuration should pass 22 | set: 23 | controllers.main.cronjob.concurrencyPolicy: Test 24 | documentSelector: 25 | path: $[?(@.kind == "CronJob")].metadata.name 26 | value: release-name 27 | asserts: 28 | - equal: 29 | path: spec.concurrencyPolicy 30 | value: Test 31 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/cronjob/field_successfulJobsHistory_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: cronjob - fields - successfulJobsHistory 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main.type: cronjob 10 | controllers.main.cronjob.schedule: "*/20 * * * *" 11 | tests: 12 | - it: default configuration should pass 13 | documentSelector: 14 | path: $[?(@.kind == "CronJob")].metadata.name 15 | value: release-name 16 | asserts: 17 | - equal: 18 | path: spec.successfulJobsHistoryLimit 19 | value: 1 20 | 21 | - it: custom configuration should pass 22 | set: 23 | controllers.main.cronjob.successfulJobsHistory: 3 24 | documentSelector: 25 | path: $[?(@.kind == "CronJob")].metadata.name 26 | value: release-name 27 | asserts: 28 | - equal: 29 | path: spec.successfulJobsHistoryLimit 30 | value: 3 31 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/serviceMonitor/field_serviceName_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: serviceMonitor - fields - serviceName 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: a templated service can be configured 10 | set: 11 | serviceMonitor: 12 | main: 13 | serviceName: "{{ .Release.Name }}" 14 | endpoints: 15 | - port: http 16 | scheme: http 17 | path: /metrics 18 | interval: 1m 19 | scrapeTimeout: 10s 20 | documentSelector: 21 | path: $[?(@.kind == "ServiceMonitor")].metadata.name 22 | value: release-name 23 | asserts: 24 | - equal: 25 | path: spec.selector.matchLabels 26 | value: 27 | app.kubernetes.io/instance: RELEASE-NAME 28 | app.kubernetes.io/name: RELEASE-NAME 29 | app.kubernetes.io/service: RELEASE-NAME 30 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/networkpolicy/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate networkPolicy values 3 | */}} 4 | {{- define "bjw-s.common.lib.networkpolicy.validate" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $networkpolicyObject := .object -}} 7 | 8 | {{- if and (not (hasKey $networkpolicyObject "podSelector")) (empty (get $networkpolicyObject "controller")) -}} 9 | {{- fail (printf "controller reference or podSelector is required for NetworkPolicy. (NetworkPolicy %s)" $networkpolicyObject.identifier) -}} 10 | {{- end -}} 11 | 12 | {{- if empty (get $networkpolicyObject "policyTypes") -}} 13 | {{- fail (printf "policyTypes is required for NetworkPolicy. (NetworkPolicy %s)" $networkpolicyObject.identifier) -}} 14 | {{- end -}} 15 | 16 | {{- $allowedpolicyTypes := list "Ingress" "Egress" -}} 17 | {{- range $networkpolicyObject.policyTypes -}} 18 | {{- if not (has . $allowedpolicyTypes) -}} 19 | {{- fail (printf "Not a valid policyType for NetworkPolicy. (NetworkPolicy %s, value %s)" $networkpolicyObject.identifier .) -}} 20 | {{- end -}} 21 | {{- end -}} 22 | {{- end -}} 23 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/cronjob/field_ttlSecondsAfterFinished_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: cronjob - fields - ttlSecondsAfterFinished 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main.type: cronjob 10 | controllers.main.cronjob.schedule: "*/20 * * * *" 11 | tests: 12 | - it: default configuration should pass 13 | documentSelector: 14 | path: $[?(@.kind == "CronJob")].metadata.name 15 | value: release-name 16 | asserts: 17 | - notExists: 18 | path: spec.jobTemplate.spec.ttlSecondsAfterFinished 19 | 20 | - it: custom configuration should pass 21 | set: 22 | controllers.main.cronjob.ttlSecondsAfterFinished: 3600 23 | documentSelector: 24 | path: $[?(@.kind == "CronJob")].metadata.name 25 | value: release-name 26 | asserts: 27 | - equal: 28 | path: spec.jobTemplate.spec.ttlSecondsAfterFinished 29 | value: 3600 30 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/persistence/validations_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: persistence - validations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: configmap persistence type with invalid identifier reference should fail 10 | set: 11 | persistence: 12 | configmap: 13 | type: configMap 14 | identifier: doesNotExist 15 | asserts: 16 | - failedTemplate: 17 | errorMessage: "No configmap found with this identifier. (persistence item 'configmap', identifier 'doesNotExist')" 18 | 19 | - it: secret persistence type with invalid identifier reference should fail 20 | set: 21 | persistence: 22 | secret: 23 | type: secret 24 | identifier: doesNotExist 25 | asserts: 26 | - failedTemplate: 27 | errorMessage: "No secret found with this identifier. (persistence item 'secret', identifier 'doesNotExist')" 28 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/ingress/fiield_defaultBackend_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: ingress - fields - defaultBackend 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/ingress_main_default_hosts.yaml 8 | - ../_values/service_main_default.yaml 9 | - ../_values/controllers_main_default_container.yaml 10 | tests: 11 | - it: with defaultBackend should pass 12 | set: 13 | ingress.main: 14 | defaultBackend: 15 | resource: 16 | apiGroup: k8s.example.com 17 | kind: StorageBucket 18 | name: static-assets 19 | documentSelector: 20 | path: $[?(@.kind == "Ingress")].metadata.name 21 | value: release-name 22 | asserts: 23 | - equal: 24 | path: spec.defaultBackend 25 | value: 26 | resource: 27 | apiGroup: k8s.example.com 28 | kind: StorageBucket 29 | name: static-assets 30 | - notExists: 31 | path: spec.rules 32 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/cronjob/field_restartPolicy_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: cronjob - fields - restartPolicy 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main.type: cronjob 10 | controllers.main.cronjob.schedule: "*/20 * * * *" 11 | tests: 12 | - it: default configuration should pass 13 | documentSelector: 14 | path: $[?(@.kind == "CronJob")].metadata.name 15 | value: release-name 16 | asserts: 17 | - equal: 18 | path: spec.jobTemplate.spec.template.spec.restartPolicy 19 | value: Never 20 | 21 | - it: custom configuration should pass 22 | set: 23 | controllers.main.pod.restartPolicy: OnFailure 24 | documentSelector: 25 | path: $[?(@.kind == "CronJob")].metadata.name 26 | value: release-name 27 | asserts: 28 | - equal: 29 | path: spec.jobTemplate.spec.template.spec.restartPolicy 30 | value: OnFailure 31 | -------------------------------------------------------------------------------- /charts/library/common/templates/render/_networkpolicies.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Renders the networkPolicy objects required by the chart. 3 | */}} 4 | {{- define "bjw-s.common.render.networkpolicies" -}} 5 | {{- $rootContext := $ -}} 6 | 7 | {{- /* Generate networkPolicy as required */ -}} 8 | {{- $enabledNetworkPolicies := (include "bjw-s.common.lib.networkpolicy.enabledNetworkPolicies" (dict "rootContext" $rootContext) | fromYaml ) -}} 9 | {{- range $identifier := keys $enabledNetworkPolicies -}} 10 | {{- /* Generate object from the raw persistence values */ -}} 11 | {{- $networkPolicyObject := (include "bjw-s.common.lib.networkpolicy.getByIdentifier" (dict "rootContext" $rootContext "id" $identifier) | fromYaml) -}} 12 | 13 | {{- /* Perform validations on the networkPolicy before rendering */ -}} 14 | {{- include "bjw-s.common.lib.networkpolicy.validate" (dict "rootContext" $ "object" $networkPolicyObject) -}} 15 | 16 | {{- /* Include the networkPolicy class */ -}} 17 | {{- include "bjw-s.common.class.networkpolicy" (dict "rootContext" $ "object" $networkPolicyObject) | nindent 0 -}} 18 | {{- end -}} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/container/validations_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: container - validations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: image repository is required 10 | set: 11 | controllers: 12 | main: 13 | containers: 14 | test: 15 | image: 16 | repository: "" 17 | tag: "test" 18 | asserts: 19 | - failedTemplate: 20 | errorMessage: "No image repository specified for container. (controller main, container test)" 21 | 22 | - it: image tag is required 23 | set: 24 | controllers: 25 | main: 26 | containers: 27 | test: 28 | image: 29 | repository: test 30 | tag: "" 31 | asserts: 32 | - failedTemplate: 33 | errorMessage: "No image tag or digest specified for container. (controller main, container test)" 34 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/container/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate container values 3 | */}} 4 | {{- define "bjw-s.common.lib.container.validate" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $controllerObject := .controllerObject -}} 7 | {{- $containerObject := .containerObject -}} 8 | 9 | {{- if not (kindIs "map" $containerObject.image) -}} 10 | {{- fail (printf "Image required to be a dictionary with repository and tag fields. (controller %s, container %s)" $controllerObject.identifier $containerObject.identifier) }} 11 | {{- end -}} 12 | 13 | {{- if empty (dig "image" "repository" nil $containerObject) -}} 14 | {{- fail (printf "No image repository specified for container. (controller %s, container %s)" $controllerObject.identifier $containerObject.identifier) }} 15 | {{- end -}} 16 | 17 | {{- if and (empty (dig "image" "tag" nil $containerObject)) (empty (dig "image" "digest" nil $containerObject)) -}} 18 | {{- fail (printf "No image tag or digest specified for container. (controller %s, container %s)" $controllerObject.identifier $containerObject.identifier) }} 19 | {{- end -}} 20 | {{- end -}} 21 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/filesFolders/_isBinaryFile.tpl: -------------------------------------------------------------------------------- 1 | {{- define "bjw-s.common.lib.filesFolders.isBinaryFile" -}} 2 | {{- $rootContext := .rootContext -}} 3 | {{- $filePath := .file -}} 4 | {{- $looksBinary := false -}} 5 | {{- $binaryExtensions := list 6 | "png" "jpg" "jpeg" "gif" "bmp" "tiff" "ico" "svg" 7 | "mp4" "mp3" "wav" "flac" "avi" "mov" "mkv" 8 | "pdf" "doc" "docx" "xls" "xlsx" "ppt" "pptx" 9 | "zip" "tar" "gz" "bz2" "7z" 10 | -}} 11 | {{- $extension := lower (trimPrefix "." (base (ext $filePath))) -}} 12 | {{- if has $extension $binaryExtensions -}} 13 | {{- $looksBinary = true -}} 14 | {{- end -}} 15 | 16 | {{- if not $looksBinary -}} 17 | {{- $fileContent := ($rootContext.Files.Get $filePath) -}} 18 | 19 | {{- $nul := printf "%c" 0 -}} 20 | {{- $hasNull := contains $fileContent $nul -}} 21 | {{- $hasCtl := regexMatch "[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]" $fileContent -}} 22 | {{- $cannotStringify := empty (toYaml $fileContent) -}} 23 | {{- $looksBinary := or $hasNull $hasCtl $cannotStringify -}} 24 | {{- end -}} 25 | 26 | {{- $looksBinary -}} 27 | {{- end -}} 28 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/chart/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate global chart values 3 | */}} 4 | {{- define "bjw-s.common.lib.chart.validate" -}} 5 | {{- $rootContext := . -}} 6 | 7 | {{- /* Validate persistence values */ -}} 8 | {{- range $persistenceKey, $persistenceValues := .Values.persistence }} 9 | {{- $persistenceEnabled := true -}} 10 | {{- if hasKey $persistenceValues "enabled" -}} 11 | {{- $persistenceEnabled = $persistenceValues.enabled -}} 12 | {{- end -}} 13 | 14 | {{- if $persistenceEnabled -}} 15 | {{- /* Make sure that any advancedMounts controller references actually resolve */ -}} 16 | {{- range $key, $advancedMount := $persistenceValues.advancedMounts -}} 17 | {{- $mountController := include "bjw-s.common.lib.controller.getByIdentifier" (dict "rootContext" $rootContext "id" $key) -}} 18 | {{- if empty $mountController -}} 19 | {{- fail (printf "No enabled controller found with this identifier. (persistence item: '%s', controller: '%s')" $persistenceKey $key) -}} 20 | {{- end -}} 21 | {{- end -}} 22 | {{- end -}} 23 | {{- end -}} 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/pod/field_volumes_custom_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: pod - fields - volumes (custom) 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: custom persistence type should pass 10 | set: 11 | persistence: 12 | custom-mount: 13 | enabled: true 14 | type: custom 15 | volumeSpec: 16 | downwardAPI: 17 | items: 18 | - path: "labels" 19 | fieldRef: 20 | fieldPath: metadata.labels 21 | documentSelector: 22 | path: $[?(@.kind == "Deployment")].metadata.name 23 | value: release-name 24 | asserts: 25 | - equal: 26 | path: spec.template.spec.volumes[0] 27 | value: 28 | name: custom-mount 29 | downwardAPI: 30 | items: 31 | - fieldRef: 32 | fieldPath: metadata.labels 33 | path: labels 34 | -------------------------------------------------------------------------------- /charts/library/common/schemas/rawResource.json: -------------------------------------------------------------------------------- 1 | { 2 | "instance": { 3 | "allOf": [ 4 | { "$ref": "definitions.json#/resourceIdentifier" }, 5 | { 6 | "type": "object", 7 | "additionalProperties": false, 8 | "properties": { 9 | "forceRename": {}, 10 | "prefix": {}, 11 | "suffix": {}, 12 | "enabled": { 13 | "description": "Set to false to disable the resource.", 14 | "type": "boolean", 15 | "default": true 16 | }, 17 | "apiVersion": { 18 | "description": "apiVersion of the resource.", 19 | "type": "string" 20 | }, 21 | "kind": { 22 | "description": "Kind of the resource.", 23 | "type": "string" 24 | }, 25 | "annotations": { "$ref": "definitions.json#/annotations" }, 26 | "labels": { "$ref": "definitions.json#/labels" }, 27 | "spec": { 28 | "description": "Contents of the raw resource to be rendered." 29 | } 30 | }, 31 | "required": ["apiVersion", "kind", "spec"] 32 | } 33 | ] 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /docs/common-library/storage/types/emptyDir.md: -------------------------------------------------------------------------------- 1 | --- 2 | hide: 3 | - toc 4 | --- 5 | 6 | # Empty Dir 7 | 8 | Sometimes you need to share some data between containers, or need some 9 | scratch space. That is where an emptyDir can come in. 10 | 11 | See the [Kubernetes docs](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) 12 | for more information. 13 | 14 | | Field | Mandatory | Docs / Description | 15 | | ----------- | --------- | ---------------------------------------------------------------------------------------------------------------- | 16 | | `medium` | No | Set this to `Memory` to mount a tmpfs (RAM-backed filesystem) instead of the storage medium that backs the node. | 17 | | `sizeLimit` | No | If the `SizeMemoryBackedVolumes` feature gate is enabled, you can specify a size for memory backed volumes. | 18 | 19 | ## Minimal configuration 20 | 21 | ```yaml 22 | persistence: 23 | config: 24 | enabled: true 25 | type: emptyDir 26 | ``` 27 | 28 | This will create an ephemeral emptyDir volume and mount it to `/config`. 29 | -------------------------------------------------------------------------------- /charts/library/common/templates/render/_serviceMonitors.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Renders the serviceMonitor object required by the chart. 3 | */}} 4 | {{- define "bjw-s.common.render.serviceMonitors" -}} 5 | {{- $rootContext := $ -}} 6 | 7 | {{- /* Generate named serviceMonitors as required */ -}} 8 | {{- $enabledServiceMonitors := (include "bjw-s.common.lib.serviceMonitor.enabledServiceMonitors" (dict "rootContext" $rootContext) | fromYaml ) -}} 9 | {{- range $identifier := keys $enabledServiceMonitors -}} 10 | {{- /* Generate object from the raw serviceMonitor values */ -}} 11 | {{- $serviceMonitorObject := (include "bjw-s.common.lib.serviceMonitor.getByIdentifier" (dict "rootContext" $rootContext "id" $identifier) | fromYaml) -}} 12 | 13 | {{- /* Perform validations on the ServiceMonitor before rendering */ -}} 14 | {{- include "bjw-s.common.lib.serviceMonitor.validate" (dict "rootContext" $rootContext "object" $serviceMonitorObject) -}} 15 | 16 | {{- /* Include the ServiceMonitor class */ -}} 17 | {{- include "bjw-s.common.class.serviceMonitor" (dict "rootContext" $rootContext "object" $serviceMonitorObject) | nindent 0 -}} 18 | {{- end -}} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /.ci/ct/chart_schema.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: str() 3 | home: str(required=False) 4 | version: str() 5 | apiVersion: str() 6 | appVersion: any(str(), num(), required=False) 7 | description: str(required=False) 8 | keywords: list(str(), required=False) 9 | sources: list(str(), required=False) 10 | maintainers: list(include('maintainer'), required=False) 11 | dependencies: list(include('dependency'), required=False) 12 | icon: str(required=False) 13 | engine: str(required=False) 14 | condition: str(required=False) 15 | tags: str(required=False) 16 | deprecated: bool(required=False) 17 | kubeVersion: str(required=False) 18 | annotations: map(str(), str(), required=True) 19 | type: str(required=False) 20 | --- 21 | maintainer: 22 | name: str() 23 | email: str(required=False) 24 | url: str(required=False) 25 | --- 26 | dependency: 27 | name: str() 28 | version: str() 29 | repository: str(required=False) 30 | condition: str(required=False) 31 | tags: list(str(), required=False) 32 | enabled: bool(required=False) 33 | import-values: any(list(str()), list(include('import-value')), required=False) 34 | alias: str(required=False) 35 | --- 36 | import-value: 37 | child: str() 38 | parent: str() 39 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/container/field_ports_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: container - fields - ports 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: default should pass 10 | documentSelector: 11 | path: $[?(@.kind == "Deployment")].metadata.name 12 | value: release-name 13 | asserts: 14 | - notExists: 15 | path: spec.template.spec.containers[0].ports 16 | 17 | - it: custom port should pass 18 | set: 19 | controllers: 20 | main: 21 | containers: 22 | main: 23 | ports: 24 | - containerPort: 8080 25 | name: http 26 | protocol: TCP 27 | documentSelector: 28 | path: $[?(@.kind == "Deployment")].metadata.name 29 | value: release-name 30 | asserts: 31 | - equal: 32 | path: spec.template.spec.containers[0].ports[0] 33 | value: 34 | containerPort: 8080 35 | name: http 36 | protocol: TCP 37 | -------------------------------------------------------------------------------- /docs/app-template/howto/helm-templates.md: -------------------------------------------------------------------------------- 1 | --- 2 | hide: 3 | - toc 4 | --- 5 | 6 | # Helm templates 7 | 8 | Some fields in the common library `values.yaml` allow the use of Helm templates for their values. 9 | This is often indicated by a remark similar to `Helm template enabled` in the field description. 10 | 11 | This feature allows you to set the value of that key to the output of the given Helm template. 12 | 13 | ## Example 14 | 15 | Given the following `values.yaml` 16 | 17 | ```yaml 18 | containers: 19 | subcleaner: 20 | name: subcleaner 21 | 22 | image: 23 | repository: k8s.gcr.io/git-sync/git-sync 24 | tag: {{.Chart.AppVersion}} 25 | 26 | args: 27 | - --repo=https://github.com/KBlixt/subcleaner.git 28 | - --branch=master 29 | - --depth=1 30 | - --root=/add-ons/subcleaner 31 | ``` 32 | 33 | This would render as follows: 34 | 35 | ```yaml 36 | containers: 37 | subcleaner: 38 | name: subcleaner 39 | 40 | image: 41 | repository: k8s.gcr.io/git-sync/git-sync 42 | tag: v3.6.2 43 | 44 | args: 45 | - --repo=https://github.com/KBlixt/subcleaner.git 46 | - --branch=master 47 | - --depth=1 48 | - --root=/add-ons/subcleaner 49 | ``` 50 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/pod/field_replicas_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: pod - fields - replicas 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: default should pass 10 | documentSelector: 11 | path: $[?(@.kind == "Deployment")].metadata.name 12 | value: release-name 13 | asserts: 14 | - equal: 15 | path: spec.replicas 16 | value: 1 17 | 18 | - it: nil should pass 19 | set: 20 | controllers.main.replicas: null 21 | documentSelector: 22 | path: $[?(@.kind == "Deployment")].metadata.name 23 | value: release-name 24 | asserts: 25 | - documentIndex: 0 26 | notExists: 27 | path: spec.replicas 28 | 29 | - it: custom replicas should pass 30 | set: 31 | controllers.main.replicas: 3 32 | documentSelector: 33 | path: $[?(@.kind == "Deployment")].metadata.name 34 | value: release-name 35 | asserts: 36 | - documentIndex: 0 37 | equal: 38 | path: spec.replicas 39 | value: 3 40 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/chart/_kahn.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Implementation of Kahn's algorithm based on 3 | https://en.wikipedia.org/wiki/Topological_sorting#Kahn's_algorithm 4 | 5 | source: https://github.com/dastrobu/helm-charts/blob/main/environment-variables/templates/_kahn.tpl 6 | */}} 7 | {{- define "bjw-s.common.lib.kahn" -}} 8 | {{- $graph := .graph -}} 9 | {{- if empty $graph -}} 10 | {{- $_ := set . "out" list -}} 11 | {{- else -}} 12 | {{- $S := list -}} 13 | 14 | {{- range $node, $edges := $graph -}} 15 | {{- if empty $edges -}} 16 | {{- $S = append $S $node -}} 17 | {{- end -}} 18 | {{- end -}} 19 | 20 | {{- if empty $S -}} 21 | {{- fail (printf "graph is cyclic or has bad edge definitions. Remaining graph is:\n%s" ( .graph | toYaml ) ) }} 22 | {{- end -}} 23 | 24 | {{- $n := first $S -}} 25 | {{- $_ := unset $graph $n -}} 26 | 27 | {{- range $node, $edges := $graph -}} 28 | {{- $_ := set $graph $node ( without $edges $n ) -}} 29 | {{- end -}} 30 | 31 | {{- $args := dict "graph" $graph "out" list -}} 32 | {{- include "bjw-s.common.lib.kahn" $args -}} 33 | {{- $_ = set . "out" ( concat ( list $n ) $args.out ) -}} 34 | {{- end -}} 35 | {{- end }} 36 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/serviceMonitor/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate serviceMonitor values 3 | */}} 4 | {{- define "bjw-s.common.lib.serviceMonitor.validate" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $serviceMonitorObject := .object -}} 7 | 8 | {{- $enabledServices := (include "bjw-s.common.lib.service.enabledServices" (dict "rootContext" $rootContext) | fromYaml ) -}} 9 | 10 | {{/* Verify automatic controller detection */}} 11 | {{- if not (eq 1 (len $enabledServices)) -}} 12 | {{- if and 13 | (empty (dig "selector" nil $serviceMonitorObject)) 14 | (empty (dig "serviceName" nil $serviceMonitorObject)) 15 | (empty (dig "service" "name" nil $serviceMonitorObject)) 16 | (empty (dig "service" "identifier" nil $serviceMonitorObject)) 17 | -}} 18 | {{- fail (printf "Either service.name or service.identifier is required because automatic Service detection is not possible. (serviceMonitor: %s)" $serviceMonitorObject.identifier ) -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{- if not $serviceMonitorObject.endpoints -}} 23 | {{- fail (printf "endpoints are required for serviceMonitor with key \"%v\"" $serviceMonitorObject.identifier) -}} 24 | {{- end -}} 25 | {{- end -}} 26 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/routes/_enabled_routes.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the enabled routes. 3 | */}} 4 | {{- define "bjw-s.common.lib.route.enabledRoutes" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $enabledRoutes := dict -}} 7 | 8 | {{- range $name, $route := $rootContext.Values.route -}} 9 | {{- if kindIs "map" $route -}} 10 | {{- /* Enable Route by default, but allow override */ -}} 11 | {{- $routeEnabled := true -}} 12 | {{- if hasKey $route "enabled" -}} 13 | {{- $routeEnabled = $route.enabled -}} 14 | {{- end -}} 15 | 16 | {{- if $routeEnabled -}} 17 | {{- $_ := set $enabledRoutes $name . -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{- range $identifier, $objectValues := $enabledRoutes -}} 23 | {{- $object := include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" (len $enabledRoutes)) | fromYaml -}} 24 | {{- $object = include "bjw-s.common.lib.route.autoDetectService" (dict "rootContext" $rootContext "object" $object) | fromYaml -}} 25 | {{- $_ := set $enabledRoutes $identifier $object -}} 26 | {{- end -}} 27 | 28 | {{- $enabledRoutes | toYaml -}} 29 | {{- end -}} 30 | -------------------------------------------------------------------------------- /docs/common-library/storage/types/secret.md: -------------------------------------------------------------------------------- 1 | --- 2 | hide: 3 | - toc 4 | --- 5 | 6 | # Secret 7 | 8 | In order to mount a Secret to a mount point within the Pod you can use the 9 | `secret` type persistence item. 10 | 11 | | Field | Mandatory | Docs / Description | 12 | | ------------- | --------- | -------------------------------------------------------------------------- | 13 | | `name` | No | Which Secret should be mounted. Supports Helm templating. | 14 | | `identifier` | No | Reference a Secret from the `secrets` key by its identifier. | 15 | | `defaultMode` | No | The default file access permission bit. | 16 | | `items` | No | Specify item-specific configuration. Will be passed 1:1 to the volumeSpec. | 17 | 18 | Either `name` or `identifier` is required. 19 | 20 | !!! note 21 | 22 | Even if not specified, the Secret will be read-only. 23 | 24 | ## Minimal configuration 25 | 26 | ```yaml 27 | persistence: 28 | config: 29 | enabled: true 30 | type: secret 31 | name: mySecret 32 | ``` 33 | 34 | This will mount the contents of the pre-existing `mySecret` Secret to `/config`. 35 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/service/field_externalTrafficPolicy_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: service - fields - externalTrafficPolicy 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | - ../_values/service_main_default.yaml 9 | tests: 10 | - it: externalTrafficPolicy can be configured for NodePort service 11 | set: 12 | service: 13 | main: 14 | type: NodePort 15 | externalTrafficPolicy: Local 16 | documentSelector: 17 | path: $[?(@.kind == "Service")].metadata.name 18 | value: release-name 19 | asserts: 20 | - equal: 21 | path: spec.externalTrafficPolicy 22 | value: Local 23 | 24 | - it: externalTrafficPolicy can be configured for LoadBalancer service 25 | set: 26 | service: 27 | main: 28 | type: LoadBalancer 29 | externalTrafficPolicy: Local 30 | documentSelector: 31 | path: $[?(@.kind == "Service")].metadata.name 32 | value: release-name 33 | asserts: 34 | - equal: 35 | path: spec.externalTrafficPolicy 36 | value: Local 37 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/ingress/_enabled_ingresses.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the enabled Ingresses. 3 | */}} 4 | {{- define "bjw-s.common.lib.ingress.enabledIngresses" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $enabledIngress := dict -}} 7 | 8 | {{- range $name, $ingress := $rootContext.Values.ingress -}} 9 | {{- if kindIs "map" $ingress -}} 10 | {{- /* Enable by default, but allow override */ -}} 11 | {{- $ingressEnabled := true -}} 12 | {{- if hasKey $ingress "enabled" -}} 13 | {{- $ingressEnabled = $ingress.enabled -}} 14 | {{- end -}} 15 | 16 | {{- if $ingressEnabled -}} 17 | {{- $_ := set $enabledIngress $name . -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{- range $identifier, $objectValues := $enabledIngress -}} 23 | {{- $object := include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" (len $enabledIngress)) | fromYaml -}} 24 | {{- $object = include "bjw-s.common.lib.ingress.autoDetectService" (dict "rootContext" $rootContext "object" $object) | fromYaml -}} 25 | {{- $_ := set $enabledIngress $identifier $object -}} 26 | {{- end -}} 27 | 28 | {{- $enabledIngress | toYaml -}} 29 | {{- end -}} 30 | -------------------------------------------------------------------------------- /docs/app-template/howto/multiple-subpath.md: -------------------------------------------------------------------------------- 1 | --- 2 | hide: 3 | - toc 4 | --- 5 | 6 | # Multiple subPaths for 1 volume 7 | 8 | It is possible to mount multiple subPaths from the same volume to a 9 | container. This can be achieved by specifying `subPath` with a list 10 | instead of a string. 11 | 12 | ## Example 13 | 14 | ```yaml 15 | persistence: 16 | config: 17 | type: configMap 18 | name: my-configMap 19 | advancedMounts: 20 | main: # (1)! 21 | main: # (2)! 22 | - path: /data/config.yaml 23 | readOnly: false 24 | subPath: config.yaml 25 | - path: /data/secondConfigFile.yaml 26 | readOnly: false 27 | subPath: secondConfigFile.yaml 28 | second-container: # (3)! 29 | - path: /appdata/config 30 | readOnly: true 31 | second-controller: # (4)! 32 | main: # (5)! 33 | - path: /data/config.yaml 34 | readOnly: false 35 | subPath: config.yaml 36 | ``` 37 | 38 | 1. the controller with the "main" identifier 39 | 2. the container with the "main" identifier 40 | 3. the container with the "second-container" identifier 41 | 4. the controller with the "second-controller" identifier 42 | 5. the container with the "main" identifier 43 | -------------------------------------------------------------------------------- /docs/common-library/storage/types/configmap.md: -------------------------------------------------------------------------------- 1 | --- 2 | hide: 3 | - toc 4 | --- 5 | 6 | # ConfigMap 7 | 8 | In order to mount a configMap to a mount point within the Pod you can use the 9 | `configMap` type persistence item. 10 | 11 | | Field | Mandatory | Docs / Description | 12 | | ------------- | --------- | -------------------------------------------------------------------------- | 13 | | `name` | No | Which configMap should be mounted. Supports Helm templating. | 14 | | `identifier` | No | Reference a configMap from the `configMaps` key by its identifier. | 15 | | `defaultMode` | No | The default file access permission bit. | 16 | | `items` | No | Specify item-specific configuration. Will be passed 1:1 to the volumeSpec. | 17 | 18 | Either `name` or `identifier` is required. 19 | 20 | !!! note 21 | 22 | Even if not specified, the configMap will be read-only. 23 | 24 | ## Minimal configuration 25 | 26 | ```yaml 27 | persistence: 28 | config: 29 | enabled: true 30 | type: configMap 31 | name: mySettings 32 | ``` 33 | 34 | This will mount the contents of the pre-existing `mySettings` configMap to `/config`. 35 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/statefulset/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate StatefulSet values 3 | */}} 4 | {{- define "bjw-s.common.lib.statefulset.validate" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $statefulsetValues := .object -}} 7 | 8 | {{- if and (ne $statefulsetValues.strategy "OnDelete") (ne $statefulsetValues.strategy "RollingUpdate") -}} 9 | {{- fail (printf "Not a valid strategy type for StatefulSet. (controller: %s, strategy: %s)" $statefulsetValues.identifier $statefulsetValues.strategy) -}} 10 | {{- end -}} 11 | 12 | {{- if not (empty (dig "statefulset" "volumeClaimTemplates" "" $statefulsetValues)) -}} 13 | {{- range $index, $volumeClaimTemplate := $statefulsetValues.statefulset.volumeClaimTemplates -}} 14 | {{- if empty (get . "size") -}} 15 | {{- fail (printf "size is required for volumeClaimTemplate. (controller: %s, volumeClaimTemplate: %s)" $statefulsetValues.identifier $volumeClaimTemplate.name) -}} 16 | {{- end -}} 17 | 18 | {{- if empty (get . "accessMode") -}} 19 | {{- fail (printf "accessMode is required for volumeClaimTemplate. (controller: %s, volumeClaimTemplate: %s)" $statefulsetValues.identifier $volumeClaimTemplate.name) -}} 20 | {{- end -}} 21 | {{- end -}} 22 | {{- end -}} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/pod/field_hostPID_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: pod - fields - hostPID 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: default should pass 10 | documentSelector: 11 | path: $[?(@.kind == "Deployment")].metadata.name 12 | value: release-name 13 | asserts: 14 | - equal: 15 | path: spec.template.spec.hostPID 16 | value: false 17 | 18 | - it: hostPID disabled should pass 19 | set: 20 | defaultPodOptions: 21 | hostPID: false 22 | documentSelector: 23 | path: $[?(@.kind == "Deployment")].metadata.name 24 | value: release-name 25 | asserts: 26 | - equal: 27 | path: spec.template.spec.hostPID 28 | value: false 29 | 30 | - it: hostPID enabled should pass 31 | set: 32 | defaultPodOptions: 33 | hostPID: true 34 | documentSelector: 35 | path: $[?(@.kind == "Deployment")].metadata.name 36 | value: release-name 37 | asserts: 38 | - equal: 39 | path: spec.template.spec.hostPID 40 | value: true 41 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/configMap/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate configMap values 3 | */}} 4 | {{- define "bjw-s.common.lib.configMap.validate" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $configMapValues := .object -}} 7 | {{- $identifier := .id -}} 8 | 9 | {{- if and (empty (get $configMapValues "data")) (empty (get $configMapValues "binaryData")) -}} 10 | {{- fail (printf "No data or binaryData specified for configMap. (configMap: %s)" $configMapValues.identifier) }} 11 | {{- end -}} 12 | {{- end -}} 13 | 14 | {{/* 15 | Validate configMap from folder values 16 | */}} 17 | {{- define "bjw-s.common.lib.configMap.fromFolder.validate" -}} 18 | {{- $rootContext := .rootContext -}} 19 | {{- $basePath := required "If you're using `configMapsFromFolder` you need to specify a `basePath` key" (trimSuffix "/" .basePath) -}} 20 | {{- $filteredPaths := $rootContext.Files.Glob (printf "%s/**" $basePath) -}} 21 | {{- $folders := dict -}} 22 | 23 | {{- range $path, $_ := $filteredPaths -}} 24 | {{- $_ := set $folders (dir $path) "" -}} 25 | {{- end -}} 26 | {{- $folders = keys $folders | uniq | sortAlpha -}} 27 | 28 | {{- if empty $folders -}} 29 | {{- fail (printf "No usable files found in the folder %s" $basePath) }} 30 | {{- end -}} 31 | {{- end -}} 32 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/serviceAccount/_enabled_serviceaccounts.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the enabled serviceAccounts. 3 | */}} 4 | {{- define "bjw-s.common.lib.serviceAccount.enabledServiceAccounts" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $enabledServiceAccounts := dict -}} 7 | 8 | {{- range $identifier, $serviceAccount := $rootContext.Values.serviceAccount -}} 9 | {{- if kindIs "map" $serviceAccount -}} 10 | {{- /* Enable Service by default, but allow override */ -}} 11 | {{- $serviceAccountEnabled := true -}} 12 | {{- if hasKey $serviceAccount "enabled" -}} 13 | {{- $serviceAccountEnabled = $serviceAccount.enabled -}} 14 | {{- end -}} 15 | 16 | {{- if $serviceAccountEnabled -}} 17 | {{- $_ := set $enabledServiceAccounts $identifier . -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{- range $identifier, $objectValues := $enabledServiceAccounts -}} 23 | {{- $object := include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" (len $enabledServiceAccounts)) | fromYaml -}} 24 | {{- $_ := set $enabledServiceAccounts $identifier $object -}} 25 | {{- end -}} 26 | 27 | {{- $enabledServiceAccounts | toYaml -}} 28 | {{- end -}} 29 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/service/field_allocateLoadBalancerNodePorts_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: service - fields - allocateLoadBalancerNodePorts 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | - ../_values/service_main_default.yaml 9 | tests: 10 | - it: allocateLoadBalancerNodePorts can be set to true 11 | set: 12 | service: 13 | main: 14 | type: LoadBalancer 15 | allocateLoadBalancerNodePorts: true 16 | documentSelector: 17 | path: $[?(@.kind == "Service")].metadata.name 18 | value: release-name 19 | asserts: 20 | - equal: 21 | path: spec.allocateLoadBalancerNodePorts 22 | value: true 23 | 24 | - it: allocateLoadBalancerNodePorts can be set to false 25 | set: 26 | service: 27 | main: 28 | type: LoadBalancer 29 | allocateLoadBalancerNodePorts: false 30 | documentSelector: 31 | path: $[?(@.kind == "Service")].metadata.name 32 | value: release-name 33 | asserts: 34 | - equal: 35 | path: spec.allocateLoadBalancerNodePorts 36 | value: false 37 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/pod/field_hostIPC_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: pod - fields - hostIPC 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: default should pass 10 | documentSelector: 11 | path: $[?(@.kind == "Deployment")].metadata.name 12 | value: release-name 13 | asserts: 14 | - equal: 15 | path: spec.template.spec.hostIPC 16 | value: false 17 | 18 | - it: hostIPC disabled should pass 19 | set: 20 | defaultPodOptions: 21 | hostIPC: false 22 | documentSelector: 23 | path: $[?(@.kind == "Deployment")].metadata.name 24 | value: release-name 25 | asserts: 26 | - equal: 27 | path: spec.template.spec.hostIPC 28 | value: false 29 | 30 | - it: hostIPC enabled should pass 31 | set: 32 | defaultPodOptions: 33 | hostIPC: true 34 | documentSelector: 35 | path: $[?(@.kind == "Deployment")].metadata.name 36 | value: release-name 37 | asserts: 38 | - documentIndex: 0 39 | equal: 40 | path: spec.template.spec.hostIPC 41 | value: true 42 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/networkpolicy/validations_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: networkPolicy - validations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | networkpolicies: 10 | main: 11 | controller: "" 12 | rules: {} 13 | tests: 14 | - it: networkpolicy requires either controller reference or podSelector 15 | asserts: 16 | - failedTemplate: 17 | errorMessage: "controller reference or podSelector is required for NetworkPolicy. (NetworkPolicy main)" 18 | 19 | - it: policyTypes is required 20 | set: 21 | networkpolicies: 22 | main: 23 | controller: main 24 | policyTypes: [] 25 | asserts: 26 | - failedTemplate: 27 | errorMessage: "policyTypes is required for NetworkPolicy. (NetworkPolicy main)" 28 | 29 | - it: policyTypes values check 30 | set: 31 | networkpolicies: 32 | main: 33 | controller: main 34 | policyTypes: 35 | - test 36 | asserts: 37 | - failedTemplate: 38 | errorMessage: "Not a valid policyType for NetworkPolicy. (NetworkPolicy main, value test)" 39 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/pod/field_dnsPolicy_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: pod - fields - dnsPolicy 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: default should pass 10 | documentSelector: 11 | path: $[?(@.kind == "Deployment")].metadata.name 12 | value: release-name 13 | asserts: 14 | - equal: 15 | path: spec.template.spec.dnsPolicy 16 | value: ClusterFirst 17 | 18 | - it: hostNetwork enabled should pass 19 | set: 20 | defaultPodOptions: 21 | hostNetwork: true 22 | documentSelector: 23 | path: $[?(@.kind == "Deployment")].metadata.name 24 | value: release-name 25 | asserts: 26 | - equal: 27 | path: spec.template.spec.dnsPolicy 28 | value: ClusterFirstWithHostNet 29 | 30 | - it: custom dnsPolicy should pass 31 | set: 32 | defaultPodOptions: 33 | dnsPolicy: None 34 | documentSelector: 35 | path: $[?(@.kind == "Deployment")].metadata.name 36 | value: release-name 37 | asserts: 38 | - equal: 39 | path: spec.template.spec.dnsPolicy 40 | value: None 41 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/pod/field_volumes_hostpath_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: pod - fields - volumes (hostPath) 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | persistence: 10 | hostpathmounts: 11 | type: hostPath 12 | hostPath: "/tmp1" 13 | tests: 14 | - it: hostPath should pass 15 | documentSelector: 16 | path: $[?(@.kind == "Deployment")].metadata.name 17 | value: release-name 18 | asserts: 19 | - equal: 20 | path: spec.template.spec.volumes[0] 21 | value: 22 | name: hostpathmounts 23 | hostPath: 24 | path: /tmp1 25 | 26 | - it: hostPath with type should pass 27 | set: 28 | persistence: 29 | hostpathmounts: 30 | hostPathType: "Directory" 31 | documentSelector: 32 | path: $[?(@.kind == "Deployment")].metadata.name 33 | value: release-name 34 | asserts: 35 | - equal: 36 | path: spec.template.spec.volumes[0] 37 | value: 38 | name: hostpathmounts 39 | hostPath: 40 | path: /tmp1 41 | type: Directory 42 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/container/field_workingdir_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: container - fields - workingDir 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: default should pass 10 | documentSelector: 11 | path: $[?(@.kind == "Deployment")].metadata.name 12 | value: release-name 13 | asserts: 14 | - notExists: 15 | path: spec.template.spec.containers[0].workingDir 16 | 17 | - it: string should pass 18 | set: 19 | controllers.main.containers.main.workingDir: /work 20 | documentSelector: 21 | path: $[?(@.kind == "Deployment")].metadata.name 22 | value: release-name 23 | asserts: 24 | - equal: 25 | path: spec.template.spec.containers[0].workingDir 26 | value: /work 27 | 28 | - it: quoted string should pass 29 | set: 30 | controllers.main.containers.main.workingDir: "/work" 31 | documentSelector: 32 | path: $[?(@.kind == "Deployment")].metadata.name 33 | value: release-name 34 | asserts: 35 | - equal: 36 | path: spec.template.spec.containers[0].workingDir 37 | value: /work 38 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/service/_enabled_services.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the enabled services. 3 | */}} 4 | {{- define "bjw-s.common.lib.service.enabledServices" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $enabledServices := dict -}} 7 | 8 | {{- range $identifier, $objectValues := $rootContext.Values.service -}} 9 | {{- if kindIs "map" $objectValues -}} 10 | {{- /* Enable Service by default, but allow override */ -}} 11 | {{- $serviceEnabled := true -}} 12 | {{- if hasKey $objectValues "enabled" -}} 13 | {{- $serviceEnabled = $objectValues.enabled -}} 14 | {{- end -}} 15 | 16 | {{- if $serviceEnabled -}} 17 | {{- $_ := set $enabledServices $identifier $objectValues -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{- range $identifier, $objectValues := $enabledServices -}} 23 | {{- $object := include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" (len $enabledServices)) | fromYaml -}} 24 | {{- $object = include "bjw-s.common.lib.service.autoDetectController" (dict "rootContext" $rootContext "object" $object) | fromYaml -}} 25 | {{- $_ := set $enabledServices $identifier $object -}} 26 | {{- end -}} 27 | 28 | {{- $enabledServices | toYaml -}} 29 | {{- end -}} 30 | -------------------------------------------------------------------------------- /charts/library/common/templates/classes/_rawResource.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | This template serves as a blueprint for all raw resource objects that are created 3 | within the common library. 4 | */}} 5 | {{- define "bjw-s.common.class.rawResource" -}} 6 | {{- $rootContext := .rootContext -}} 7 | {{- $resourceObject := .object -}} 8 | 9 | {{- $labels := merge 10 | ($resourceObject.labels | default dict) 11 | (include "bjw-s.common.lib.metadata.allLabels" $rootContext | fromYaml) 12 | -}} 13 | {{- $annotations := merge 14 | ($resourceObject.annotations | default dict) 15 | (include "bjw-s.common.lib.metadata.globalAnnotations" $rootContext | fromYaml) 16 | -}} 17 | --- 18 | apiVersion: {{ $resourceObject.apiVersion }} 19 | kind: {{ $resourceObject.kind }} 20 | metadata: 21 | name: {{ $resourceObject.name }} 22 | {{- with $labels }} 23 | labels: 24 | {{- range $key, $value := . }} 25 | {{- printf "%s: %s" $key (tpl $value $rootContext | toYaml ) | nindent 4 }} 26 | {{- end }} 27 | {{- end }} 28 | {{- with $annotations }} 29 | annotations: 30 | {{- range $key, $value := . }} 31 | {{- printf "%s: %s" $key (tpl $value $rootContext | toYaml ) | nindent 4 }} 32 | {{- end }} 33 | {{- end }} 34 | {{- with $resourceObject.spec }} 35 | {{- tpl (toYaml .) $rootContext | nindent 0 }} 36 | {{- end }} 37 | {{- end -}} 38 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/service/field_trafficDistribution_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: service - fields - trafficDistribution 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | - ../_values/service_main_default.yaml 9 | tests: 10 | - it: trafficDistribution can be configured in Kubernetes >= v1.33 11 | capabilities: 12 | majorVersion: 1 13 | minorVersion: 33 14 | set: 15 | service: 16 | main: 17 | trafficDistribution: PreferClose 18 | documentSelector: 19 | path: $[?(@.kind == "Service")].metadata.name 20 | value: release-name 21 | asserts: 22 | - equal: 23 | path: spec.trafficDistribution 24 | value: PreferClose 25 | 26 | - it: trafficDistribution can not be configured in Kubernetes < v1.33 27 | capabilities: 28 | majorVersion: 1 29 | minorVersion: 32 30 | set: 31 | service: 32 | main: 33 | trafficDistribution: PreferClose 34 | documentSelector: 35 | path: $[?(@.kind == "Service")].metadata.name 36 | value: release-name 37 | asserts: 38 | - notExists: 39 | path: spec.trafficDistribution 40 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/pod/field_enableServiceLinks_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: pod - fields - enableServiceLinks 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: default should pass 10 | documentSelector: 11 | path: $[?(@.kind == "Deployment")].metadata.name 12 | value: release-name 13 | asserts: 14 | - equal: 15 | path: spec.template.spec.enableServiceLinks 16 | value: false 17 | 18 | - it: enabled in defaultPodOptions should pass 19 | set: 20 | defaultPodOptions.enableServiceLinks: true 21 | documentSelector: 22 | path: $[?(@.kind == "Deployment")].metadata.name 23 | value: release-name 24 | asserts: 25 | - equal: 26 | path: spec.template.spec.enableServiceLinks 27 | value: true 28 | 29 | - it: enabled in pod options should pass 30 | set: 31 | controllers.main.pod.enableServiceLinks: true 32 | documentSelector: 33 | path: $[?(@.kind == "Deployment")].metadata.name 34 | value: release-name 35 | asserts: 36 | - equal: 37 | path: spec.template.spec.enableServiceLinks 38 | value: true 39 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/pod/field_hostNetwork_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: pod - fields - hostNetwork 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: default should pass 10 | documentSelector: 11 | path: $[?(@.kind == "Deployment")].metadata.name 12 | value: release-name 13 | asserts: 14 | - equal: 15 | path: spec.template.spec.hostNetwork 16 | value: false 17 | 18 | - it: hostNetwork disabled should pass 19 | set: 20 | defaultPodOptions: 21 | hostNetwork: false 22 | documentSelector: 23 | path: $[?(@.kind == "Deployment")].metadata.name 24 | value: release-name 25 | asserts: 26 | - equal: 27 | path: spec.template.spec.hostNetwork 28 | value: false 29 | 30 | - it: hostNetwork enabled should pass 31 | set: 32 | defaultPodOptions: 33 | hostNetwork: true 34 | documentSelector: 35 | path: $[?(@.kind == "Deployment")].metadata.name 36 | value: release-name 37 | asserts: 38 | - documentIndex: 0 39 | equal: 40 | path: spec.template.spec.hostNetwork 41 | value: true 42 | -------------------------------------------------------------------------------- /docs/common-library/storage/types/hostPath.md: -------------------------------------------------------------------------------- 1 | --- 2 | hide: 3 | - toc 4 | --- 5 | 6 | # Host path 7 | 8 | In order to mount a path from the node where the Pod is running you can use a 9 | `hostPath` type persistence item. 10 | 11 | This can also be used to mount an attached USB device to a Pod. Note that 12 | this will most likely also require setting an elevated `securityContext`. 13 | 14 | See the [Kubernetes docs](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) 15 | for more information. 16 | 17 | | Field | Mandatory | Docs / Description | 18 | | -------------- | --------- | ----------------------------------------------------------------------------------------------------------------- | 19 | | `hostPath` | Yes | Which path on the host should be mounted. | 20 | | `hostPathType` | No | Specifying a hostPathType adds a check before trying to mount the path. See Kubernetes documentation for options. | 21 | 22 | ## Minimal configuration 23 | 24 | ```yaml 25 | persistence: 26 | config: 27 | enabled: true 28 | type: hostPath 29 | hostPath: /dev 30 | ``` 31 | 32 | This will mount the `/dev` folder from the underlying host to `/dev` in the container. 33 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/pvc/field_storageclass.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: pvc - fields - storageclass 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | persistence.config: 10 | accessMode: ReadWriteOnce 11 | size: 1Gi 12 | 13 | tests: 14 | - it: default should pass 15 | documentSelector: 16 | path: $[?(@.kind == "PersistentVolumeClaim")].metadata.name 17 | value: release-name 18 | asserts: 19 | - notExists: 20 | path: spec.storageClassName 21 | 22 | - it: custom should pass 23 | set: 24 | persistence.config: 25 | storageClass: custom 26 | documentSelector: 27 | path: $[?(@.kind == "PersistentVolumeClaim")].metadata.name 28 | value: release-name 29 | asserts: 30 | - equal: 31 | path: spec.storageClassName 32 | value: custom 33 | 34 | - it: empty should pass 35 | set: 36 | persistence.config: 37 | storageClass: "-" 38 | documentSelector: 39 | path: $[?(@.kind == "PersistentVolumeClaim")].metadata.name 40 | value: release-name 41 | asserts: 42 | - equal: 43 | path: spec.storageClassName 44 | value: "" 45 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/daemonset/field_revisionhistorylimit_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: daemonset - fields - revisionHistoryLimit 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main.type: daemonset 10 | tests: 11 | - it: default should pass 12 | documentSelector: 13 | path: $[?(@.kind == "DaemonSet")].metadata.name 14 | value: release-name 15 | asserts: 16 | - equal: 17 | path: spec.revisionHistoryLimit 18 | value: 3 19 | 20 | - it: custom revisionHistoryLimit 21 | set: 22 | controllers.main: 23 | revisionHistoryLimit: 8 24 | documentSelector: 25 | path: $[?(@.kind == "DaemonSet")].metadata.name 26 | value: release-name 27 | asserts: 28 | - equal: 29 | path: spec.revisionHistoryLimit 30 | value: 8 31 | 32 | - it: explicit revisionHistoryLimit 0 should pass 33 | set: 34 | controllers.main: 35 | revisionHistoryLimit: 0 36 | documentSelector: 37 | path: $[?(@.kind == "DaemonSet")].metadata.name 38 | value: release-name 39 | asserts: 40 | - equal: 41 | path: spec.revisionHistoryLimit 42 | value: 0 43 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/statefulset/field_revisionhistorylimit_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: statefulset - fields - revisionHistoryLimit 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main.type: statefulset 10 | tests: 11 | - it: default should pass 12 | documentSelector: 13 | path: $[?(@.kind == "StatefulSet")].metadata.name 14 | value: release-name 15 | asserts: 16 | - equal: 17 | path: spec.revisionHistoryLimit 18 | value: 3 19 | 20 | - it: custom revisionHistoryLimit 21 | set: 22 | controllers.main: 23 | revisionHistoryLimit: 8 24 | documentSelector: 25 | path: $[?(@.kind == "StatefulSet")].metadata.name 26 | value: release-name 27 | asserts: 28 | - equal: 29 | path: spec.revisionHistoryLimit 30 | value: 8 31 | 32 | - it: explicit revisionHistoryLimit 0 should pass 33 | set: 34 | controllers.main: 35 | revisionHistoryLimit: 0 36 | documentSelector: 37 | path: $[?(@.kind == "StatefulSet")].metadata.name 38 | value: release-name 39 | asserts: 40 | - equal: 41 | path: spec.revisionHistoryLimit 42 | value: 0 43 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/deployment/field_revisionhistorylimit_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: deployment - fields - revisionHistoryLimit 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main.type: deployment 10 | tests: 11 | - it: default should pass 12 | documentSelector: 13 | path: $[?(@.kind == "Deployment")].metadata.name 14 | value: release-name 15 | asserts: 16 | - equal: 17 | path: spec.revisionHistoryLimit 18 | value: 3 19 | 20 | - it: custom revisionHistoryLimit should pass 21 | set: 22 | controllers.main: 23 | revisionHistoryLimit: 8 24 | documentSelector: 25 | path: $[?(@.kind == "Deployment")].metadata.name 26 | value: release-name 27 | asserts: 28 | - equal: 29 | path: spec.revisionHistoryLimit 30 | value: 8 31 | 32 | - it: explicit revisionHistoryLimit 0 should pass 33 | set: 34 | controllers.main: 35 | revisionHistoryLimit: 0 36 | documentSelector: 37 | path: $[?(@.kind == "Deployment")].metadata.name 38 | value: release-name 39 | asserts: 40 | - equal: 41 | path: spec.revisionHistoryLimit 42 | value: 0 43 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/service/_primary_port.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the primary port for a given Service object. 3 | */}} 4 | {{- define "bjw-s.common.lib.service.primaryPort" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $serviceObject := .serviceObject -}} 7 | {{- $result := "" -}} 8 | 9 | {{- /* Loop over all enabled ports that explicitly define a port */ -}} 10 | {{- $enabledPorts := include "bjw-s.common.lib.service.enabledPorts" (dict "rootContext" $rootContext "serviceObject" $serviceObject) | fromYaml }} 11 | {{- $filteredPorts := dict -}} 12 | {{- range $name, $port := $enabledPorts -}} 13 | {{- if hasKey $port "port" -}} 14 | {{- $_ := set $filteredPorts $name $port -}} 15 | {{- end -}} 16 | {{- end -}} 17 | 18 | {{- /* Determine the port that has been marked as primary */ -}} 19 | {{- range $name, $port := $filteredPorts -}} 20 | {{- if and (hasKey $port "primary") $port.primary -}} 21 | {{- $result = $port -}} 22 | {{- end -}} 23 | {{- end -}} 24 | 25 | {{- /* Return the first port (alphabetically) if none has been explicitly marked as primary */ -}} 26 | {{- if not $result -}} 27 | {{- $firstPortKey := keys $filteredPorts | sortAlpha | first -}} 28 | {{- if $firstPortKey -}} 29 | {{- $result = get $filteredPorts $firstPortKey -}} 30 | {{- end -}} 31 | {{- end -}} 32 | 33 | {{- $result | toYaml -}} 34 | {{- end -}} 35 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/pod/field_shareProcessNamespace_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: pod - fields - shareProcessNamespace 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: shareProcessNamespace should not be present by default 10 | documentSelector: 11 | path: $[?(@.kind == "Deployment")].metadata.name 12 | value: release-name 13 | asserts: 14 | - notExists: 15 | path: spec.template.spec.shareProcessNamespace 16 | 17 | - it: shareProcessNamespace disabled should pass 18 | set: 19 | defaultPodOptions: 20 | shareProcessNamespace: false 21 | documentSelector: 22 | path: $[?(@.kind == "Deployment")].metadata.name 23 | value: release-name 24 | asserts: 25 | - equal: 26 | path: spec.template.spec.shareProcessNamespace 27 | value: false 28 | 29 | - it: shareProcessNamespace enabled should pass 30 | set: 31 | defaultPodOptions: 32 | shareProcessNamespace: true 33 | documentSelector: 34 | path: $[?(@.kind == "Deployment")].metadata.name 35 | value: release-name 36 | asserts: 37 | - equal: 38 | path: spec.template.spec.shareProcessNamespace 39 | value: true 40 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/controller/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate controller values 3 | */}} 4 | {{- define "bjw-s.common.lib.controller.validate" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $controllerValues := .object -}} 7 | 8 | {{- $allowedControllerTypes := list "deployment" "daemonset" "statefulset" "cronjob" "job" -}} 9 | {{- if not (has $controllerValues.type $allowedControllerTypes) -}} 10 | {{- fail (printf "Not a valid controller.type (%s)" $controllerValues.type) -}} 11 | {{- end -}} 12 | 13 | {{- $enabledContainers := include "bjw-s.common.lib.controller.enabledContainers" (dict "rootContext" $rootContext "controllerObject" $controllerValues) | fromYaml }} 14 | {{- /* Validate at least one container is enabled */ -}} 15 | {{- if not $enabledContainers -}} 16 | {{- fail (printf "No containers enabled for controller (%s)" $controllerValues.identifier) -}} 17 | {{- end -}} 18 | 19 | {{- $enabledServiceAccounts := (include "bjw-s.common.lib.serviceAccount.enabledServiceAccounts" (dict "rootContext" $rootContext) | fromYaml ) }} 20 | {{- if not (has "serviceAccount" (keys $controllerValues)) -}} 21 | {{- if (gt (len $enabledServiceAccounts) 1) -}} 22 | {{- fail (printf "serviceAccount field is required because automatic Service Account detection is not possible. (controller: %s)" $controllerValues.identifier ) -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/controller/presence_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: controller - presence 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: default should pass 10 | asserts: 11 | - containsDocument: 12 | apiVersion: apps/v1 13 | kind: Deployment 14 | name: release-name 15 | any: true 16 | 17 | - it: multiple controllers should pass 18 | set: 19 | controllers: 20 | second: 21 | containers: 22 | main: 23 | image: 24 | repository: ghcr.io/mendhak/http-https-echo 25 | tag: 31 26 | asserts: 27 | - containsDocument: 28 | apiVersion: apps/v1 29 | kind: Deployment 30 | name: release-name-main 31 | any: true 32 | - containsDocument: 33 | apiVersion: apps/v1 34 | kind: Deployment 35 | name: release-name-second 36 | any: true 37 | 38 | - it: disabled should pass 39 | set: 40 | controllers.main.enabled: false 41 | asserts: 42 | - not: true 43 | containsDocument: 44 | apiVersion: apps/v1 45 | kind: Deployment 46 | name: release-name 47 | any: true 48 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/serviceMonitor/_enabled_servicemonitors.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the enabled serviceMonitors. 3 | */}} 4 | {{- define "bjw-s.common.lib.serviceMonitor.enabledServiceMonitors" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $enabledServiceMonitors := dict -}} 7 | 8 | {{- range $identifier, $serviceMonitor := $rootContext.Values.serviceMonitor -}} 9 | {{- if kindIs "map" $serviceMonitor -}} 10 | {{- /* Enable serviceMonitors by default, but allow override */ -}} 11 | {{- $serviceMonitorEnabled := true -}} 12 | {{- if hasKey $serviceMonitor "enabled" -}} 13 | {{- $serviceMonitorEnabled = $serviceMonitor.enabled -}} 14 | {{- end -}} 15 | 16 | {{- if $serviceMonitorEnabled -}} 17 | {{- $_ := set $enabledServiceMonitors $identifier . -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{- range $identifier, $objectValues := $enabledServiceMonitors -}} 23 | {{- $object := include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $objectValues "itemCount" (len $enabledServiceMonitors)) | fromYaml -}} 24 | {{- $object = include "bjw-s.common.lib.serviceMonitor.autoDetectService" (dict "rootContext" $rootContext "object" $object) | fromYaml -}} 25 | {{- $_ := set $enabledServiceMonitors $identifier $object -}} 26 | {{- end -}} 27 | 28 | {{- $enabledServiceMonitors | toYaml -}} 29 | {{- end -}} 30 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/rbac/metadata_annotations_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: rbac - metadata - annotations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/rbac_values.yaml 8 | tests: 9 | - it: no annotations are set by default 10 | documentSelector: 11 | path: $[?(@.kind == "Role")].metadata.name 12 | value: release-name 13 | asserts: 14 | - notExists: 15 | path: metadata.annotations 16 | 17 | - it: custom annotations 18 | set: 19 | rbac.roles.defaultRole.annotations: 20 | test_annotation: test 21 | documentSelector: 22 | path: $[?(@.kind == "Role")].metadata.name 23 | value: release-name 24 | asserts: 25 | - equal: 26 | path: metadata.annotations 27 | value: 28 | test_annotation: test 29 | 30 | - it: custom annotations mixed with global annotations 31 | set: 32 | global.annotations: 33 | global_annotation: test 34 | rbac.roles.defaultRole.annotations: 35 | test_annotation: test 36 | documentSelector: 37 | path: $[?(@.kind == "Role")].metadata.name 38 | value: release-name 39 | asserts: 40 | - equal: 41 | path: metadata.annotations 42 | value: 43 | global_annotation: test 44 | test_annotation: test 45 | -------------------------------------------------------------------------------- /charts/mod.just: -------------------------------------------------------------------------------- 1 | set quiet := true 2 | set shell := ["bash", "-euo", "pipefail", "-c"] 3 | 4 | # Static vars 5 | export REPO_CONFIG_FILE := justfile_dir() + "/.ci/repo-config.yaml" 6 | 7 | [private] 8 | default: 9 | just -l chart 10 | 11 | [doc('Test a chart')] 12 | test CHART GLOB="**/*_test.yaml": 13 | #!/usr/bin/env bash 14 | set -euo pipefail 15 | CHART_DIR="{{ justfile_dir() }}/charts/{{CHART}}" 16 | [ -d "$CHART_DIR" ] 17 | CHART_TYPE="$(yq eval '.type // "application"' "$CHART_DIR/Chart.yaml")" 18 | if [ "$CHART_TYPE" = "library" ]; then 19 | CHART_TEST_DIR="$CHART_DIR/test-chart" 20 | else 21 | CHART_TEST_DIR="$CHART_DIR" 22 | fi 23 | [ -d "$CHART_TEST_DIR" ] 24 | echo "Testing chart: $CHART_DIR (type=$CHART_TYPE) in $CHART_TEST_DIR" 25 | cp "$CHART_DIR/values.schema.json" "$CHART_DIR/values.schema.bak" 26 | trap 'mv "$CHART_DIR/values.schema.bak" "$CHART_DIR/values.schema.json"' EXIT 27 | schematools-cli process dereference "$CHART_DIR/values.schema.json" --to-file "$CHART_DIR/values.schema.json" 28 | ( cd "$CHART_TEST_DIR" && helm dep update ) 29 | ( cd "$CHART_TEST_DIR" && helm unittest --color -f "unittests/{{GLOB}}" . 2> >(grep -v 'found symbolic link' >&2)) 30 | 31 | [doc('Clean up chart dependency artifacts (Chart.lock files and nested charts/ dirs)')] 32 | cleanup: 33 | @find charts/ -mindepth 1 -type f -name 'Chart.lock' -print0 | xargs -0 rm -f 34 | @find charts/ -mindepth 1 -type d -name charts -print0 | xargs -0 rm -rf 35 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/chart/validations_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: chart - validations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: advancedMounts invalid controller reference should fail 10 | set: 11 | persistence: 12 | data: 13 | type: configMap 14 | name: myConfigMap 15 | advancedMounts: 16 | test: 17 | main: 18 | - path: /data/config.yaml 19 | readOnly: false 20 | mountPropagation: HostToContainer 21 | subPath: config.yaml 22 | asserts: 23 | - failedTemplate: 24 | errorMessage: "No enabled controller found with this identifier. (persistence item: 'data', controller: 'test')" 25 | 26 | - it: advancedMounts for disabled persistence should not fail 27 | set: 28 | persistence: 29 | data: 30 | enabled: false 31 | type: configMap 32 | name: myConfigMap 33 | advancedMounts: 34 | test: 35 | main: 36 | - path: /data/config.yaml 37 | readOnly: false 38 | mountPropagation: HostToContainer 39 | subPath: config.yaml 40 | asserts: 41 | - notFailedTemplate: {} 42 | -------------------------------------------------------------------------------- /charts/library/common/templates/classes/_configmap.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | This template serves as a blueprint for all configMap objects that are created 3 | within the common library. 4 | */}} 5 | {{- define "bjw-s.common.class.configMap" -}} 6 | {{- $rootContext := .rootContext -}} 7 | {{- $configMapObject := .object -}} 8 | 9 | {{- $labels := merge 10 | ($configMapObject.labels | default dict) 11 | (include "bjw-s.common.lib.metadata.allLabels" $rootContext | fromYaml) 12 | -}} 13 | {{- $annotations := merge 14 | ($configMapObject.annotations | default dict) 15 | (include "bjw-s.common.lib.metadata.globalAnnotations" $rootContext | fromYaml) 16 | -}} 17 | --- 18 | apiVersion: v1 19 | kind: ConfigMap 20 | metadata: 21 | name: {{ $configMapObject.name }} 22 | {{- with $labels }} 23 | labels: 24 | {{- range $key, $value := . }} 25 | {{- printf "%s: %s" $key (tpl $value $rootContext | toYaml ) | nindent 4 }} 26 | {{- end }} 27 | {{- end }} 28 | {{- with $annotations }} 29 | annotations: 30 | {{- range $key, $value := . }} 31 | {{- printf "%s: %s" $key (tpl $value $rootContext | toYaml ) | nindent 4 }} 32 | {{- end }} 33 | {{- end }} 34 | namespace: {{ $rootContext.Release.Namespace }} 35 | {{- with $configMapObject.data }} 36 | data: 37 | {{- tpl (toYaml .) $rootContext | nindent 2 }} 38 | {{- end }} 39 | {{- with $configMapObject.binaryData }} 40 | binaryData: 41 | {{- tpl (toYaml .) $rootContext | nindent 2 }} 42 | {{- end }} 43 | {{- end -}} 44 | -------------------------------------------------------------------------------- /charts/library/common/templates/loader/_generate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Secondary entrypoint and primary loader for the common chart 3 | */}} 4 | {{- define "bjw-s.common.loader.generate" -}} 5 | {{- $rootContext := $ -}} 6 | 7 | {{- /* Run global chart validations */ -}} 8 | {{- include "bjw-s.common.lib.chart.validate" $rootContext -}} 9 | 10 | {{- /* Build the templates */ -}} 11 | {{- include "bjw-s.common.render.pvcs" $rootContext | nindent 0 -}} 12 | {{- include "bjw-s.common.render.serviceAccount" $rootContext | nindent 0 -}} 13 | {{- include "bjw-s.common.render.configMaps.fromFolder" $rootContext | nindent 0 -}} 14 | {{- include "bjw-s.common.render.configMaps" $rootContext | nindent 0 -}} 15 | {{- include "bjw-s.common.render.secrets.fromFolder" $rootContext | nindent 0 -}} 16 | {{- include "bjw-s.common.render.controllers" $rootContext | nindent 0 -}} 17 | {{- include "bjw-s.common.render.services" $rootContext | nindent 0 -}} 18 | {{- include "bjw-s.common.render.ingresses" $rootContext | nindent 0 -}} 19 | {{- include "bjw-s.common.render.serviceMonitors" $rootContext | nindent 0 -}} 20 | {{- include "bjw-s.common.render.routes" $rootContext | nindent 0 -}} 21 | {{- include "bjw-s.common.render.secrets" $rootContext | nindent 0 -}} 22 | {{- include "bjw-s.common.render.networkpolicies" $rootContext | nindent 0 -}} 23 | {{- include "bjw-s.common.render.rawResources" $rootContext | nindent 0 -}} 24 | {{- include "bjw-s.common.render.rbac" $rootContext | nindent 0 -}} 25 | {{- end -}} 26 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/pod/metadata/_labels.tpl: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Returns the value for labels 3 | */ -}} 4 | {{- define "bjw-s.common.lib.pod.metadata.labels" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $controllerObject := .controllerObject -}} 7 | 8 | {{- /* Default labels */ -}} 9 | {{- $labels := merge 10 | (dict "app.kubernetes.io/controller" $controllerObject.identifier) 11 | -}} 12 | 13 | {{- /* Include global labels if specified */ -}} 14 | {{- if $rootContext.Values.global.propagateGlobalMetadataToPods -}} 15 | {{- $labels = merge 16 | (include "bjw-s.common.lib.metadata.globalLabels" $rootContext | fromYaml) 17 | $labels 18 | -}} 19 | {{- end -}} 20 | 21 | {{- /* Fetch the Pod selectorLabels */ -}} 22 | {{- $selectorLabels := include "bjw-s.common.lib.metadata.selectorLabels" $rootContext | fromYaml -}} 23 | {{- if not (empty $selectorLabels) -}} 24 | {{- $labels = merge 25 | $selectorLabels 26 | $labels 27 | -}} 28 | {{- end -}} 29 | 30 | {{- /* Fetch the configured labels */ -}} 31 | {{- $ctx := dict "rootContext" $rootContext "controllerObject" $controllerObject -}} 32 | {{- $podlabels := (include "bjw-s.common.lib.pod.getOption" (dict "ctx" $ctx "option" "labels")) | fromYaml -}} 33 | {{- if not (empty $podlabels) -}} 34 | {{- $labels = merge 35 | $podlabels 36 | $labels 37 | -}} 38 | {{- end -}} 39 | 40 | {{- if not (empty $labels) -}} 41 | {{- $labels | toYaml -}} 42 | {{- end -}} 43 | {{- end -}} 44 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/job/metadata_annotations_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: job - metadata - annotations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main: 10 | type: job 11 | tests: 12 | - it: no annotations are set by default 13 | documentSelector: 14 | path: $[?(@.kind == "Job")].metadata.name 15 | value: release-name 16 | asserts: 17 | - notExists: 18 | path: metadata.annotations 19 | 20 | - it: custom annotations 21 | set: 22 | controllers.main.annotations: 23 | test_annotation: test 24 | documentSelector: 25 | path: $[?(@.kind == "Job")].metadata.name 26 | value: release-name 27 | asserts: 28 | - equal: 29 | path: metadata.annotations 30 | value: 31 | test_annotation: test 32 | 33 | - it: custom annotations mixed with global annotations 34 | set: 35 | global.annotations: 36 | global_annotation: test 37 | controllers.main.annotations: 38 | test_annotation: test 39 | documentSelector: 40 | path: $[?(@.kind == "Job")].metadata.name 41 | value: release-name 42 | asserts: 43 | - equal: 44 | path: metadata.annotations 45 | value: 46 | global_annotation: test 47 | test_annotation: test 48 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/service/metadata_annotations_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: service - metadata - annotations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | - ../_values/service_main_default.yaml 9 | tests: 10 | - it: no annotations are set by default 11 | documentSelector: 12 | path: $[?(@.kind == "Service")].metadata.name 13 | value: release-name 14 | asserts: 15 | - notExists: 16 | path: metadata.annotations 17 | 18 | - it: custom annotations 19 | set: 20 | service.main.annotations: 21 | test_annotation: test 22 | documentSelector: 23 | path: $[?(@.kind == "Service")].metadata.name 24 | value: release-name 25 | asserts: 26 | - equal: 27 | path: metadata.annotations 28 | value: 29 | test_annotation: test 30 | 31 | - it: custom annotations mixed with global annotations 32 | set: 33 | global.annotations: 34 | global_annotation: test 35 | service.main.annotations: 36 | test_annotation: test 37 | documentSelector: 38 | path: $[?(@.kind == "Service")].metadata.name 39 | value: release-name 40 | asserts: 41 | - equal: 42 | path: metadata.annotations 43 | value: 44 | global_annotation: test 45 | test_annotation: test 46 | -------------------------------------------------------------------------------- /charts/library/common/templates/classes/_role.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | This template serves as a blueprint for generating Role objects in Kubernetes. 3 | */}} 4 | {{- define "bjw-s.common.class.rbac.Role" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $roleObject := .object -}} 7 | 8 | {{- $labels := merge 9 | ($roleObject.labels | default dict) 10 | (include "bjw-s.common.lib.metadata.allLabels" $rootContext | fromYaml) 11 | -}} 12 | {{- $annotations := merge 13 | ($roleObject.annotations | default dict) 14 | (include "bjw-s.common.lib.metadata.globalAnnotations" $rootContext | fromYaml) 15 | -}} 16 | {{- $rules := "" -}} 17 | {{- with $roleObject.rules -}} 18 | {{- $rules = (toYaml . ) | trim -}} 19 | {{- end -}} 20 | --- 21 | apiVersion: rbac.authorization.k8s.io/v1 22 | {{ with $roleObject.type -}} 23 | kind: {{ . }} 24 | {{ end -}} 25 | metadata: 26 | name: {{ $roleObject.name }} 27 | {{- with $labels }} 28 | labels: 29 | {{- range $key, $value := . }} 30 | {{- printf "%s: %s" $key (tpl $value $rootContext | toYaml ) | nindent 4 }} 31 | {{- end }} 32 | {{- end }} 33 | {{- with $annotations }} 34 | annotations: 35 | {{- range $key, $value := . }} 36 | {{- printf "%s: %s" $key (tpl $value $rootContext | toYaml ) | nindent 4 }} 37 | {{- end }} 38 | {{- end }} 39 | {{- if eq $roleObject.type "Role" }} 40 | namespace: {{ $rootContext.Release.Namespace }} 41 | {{- end }} 42 | {{- with $rules }} 43 | rules: {{- tpl . $rootContext | nindent 2 }} 44 | {{- end }} 45 | {{- end -}} 46 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/secret/field_fromFolder_escaped_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 4 | suite: secret - fields - secretsFromFolder - escaped 5 | templates: 6 | - common.yaml 7 | values: 8 | - ../_values/controllers_main_default_container.yaml 9 | set: 10 | secretsFromFolder: 11 | enabled: true 12 | basePath: testFiles/escaped 13 | tests: 14 | - it: Trying to render invalid template leads to failure when escaped is unset 15 | asserts: 16 | - failedTemplate: {} 17 | 18 | - it: Trying to render invalid template leads to failure when escaped is disabled 19 | set: 20 | secretsFromFolder: 21 | overrides: 22 | escaped: 23 | fileAttributeOverrides: 24 | test_2.yaml: 25 | escaped: false 26 | asserts: 27 | - failedTemplate: {} 28 | 29 | - it: escaped enabled 30 | set: 31 | secretsFromFolder: 32 | overrides: 33 | escaped: 34 | fileAttributeOverrides: 35 | test_2.yaml: 36 | escaped: true 37 | asserts: 38 | - documentSelector: 39 | path: $[?(@.kind == "Secret")].metadata.name 40 | value: release-name 41 | equal: 42 | path: stringData 43 | value: 44 | test_2.yaml: |- 45 | --- 46 | test: 47 | test: "{{ .Values.global.random.nonExistentKey }}" 48 | -------------------------------------------------------------------------------- /charts/library/common/templates/classes/_serviceAccount.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | This template serves as a blueprint for ServiceAccount objects that are created 3 | using the common library. 4 | */}} 5 | {{- define "bjw-s.common.class.serviceAccount" -}} 6 | {{- $rootContext := .rootContext -}} 7 | {{- $serviceAccountObject := .object -}} 8 | 9 | {{- $labels := merge 10 | ($serviceAccountObject.labels | default dict) 11 | (include "bjw-s.common.lib.metadata.allLabels" $rootContext | fromYaml) 12 | -}} 13 | {{- $annotations := merge 14 | ($serviceAccountObject.annotations | default dict) 15 | (include "bjw-s.common.lib.metadata.globalAnnotations" $rootContext | fromYaml) 16 | -}} 17 | --- 18 | apiVersion: v1 19 | kind: ServiceAccount 20 | metadata: 21 | name: {{ $serviceAccountObject.name }} 22 | {{- with $labels }} 23 | labels: 24 | {{- range $key, $value := . }} 25 | {{- printf "%s: %s" $key (tpl $value $rootContext | toYaml ) | nindent 4 }} 26 | {{- end }} 27 | {{- end }} 28 | {{- with $annotations }} 29 | annotations: 30 | {{- range $key, $value := . }} 31 | {{- printf "%s: %s" $key (tpl $value $rootContext | toYaml ) | nindent 4 }} 32 | {{- end }} 33 | {{- end }} 34 | namespace: {{ $rootContext.Release.Namespace }} 35 | {{- if $serviceAccountObject.staticToken }} 36 | secrets: 37 | - name: {{ get (include "bjw-s.common.lib.secret.getByIdentifier" (dict "rootContext" $rootContext "id" (printf "%s-sa-token" $serviceAccountObject.identifier) ) | fromYaml) "name"}} 38 | {{- end }} 39 | {{- end -}} 40 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/rolebinding/_validate.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Validate RoleBinding values 3 | */}} 4 | {{- define "bjw-s.common.lib.rbac.rolebinding.validate" -}} 5 | {{- $rootContext := .rootContext -}} 6 | {{- $roleBindingValues := .object -}} 7 | {{- $rules := $roleBindingValues.rules -}} 8 | 9 | {{/* Verify permutations for RoleBinding subjects */}} 10 | {{- if and (not (empty $roleBindingValues.subjects)) (not (empty $roleBindingValues.roleRef)) -}} 11 | {{- $subjectTypes := list "User" "Group" "ServiceAccount" -}} 12 | {{- $subjectTypeCount := 0 -}} 13 | {{- range $roleBindingValues.subjects -}} 14 | {{- if hasKey . "kind" -}} 15 | {{- if dict $subjectTypes has .kind -}} 16 | {{- $subjectTypeCount = add $subjectTypeCount 1 -}} 17 | {{- else -}} 18 | {{- fail (printf "Invalid subject kind '%s' in RoleBinding '%s'. Valid kinds are: %s" .kind $roleBindingValues.identifier (join ", " $subjectTypes)) -}} 19 | {{- end -}} 20 | {{- else -}} 21 | {{- fail (printf "Subject kind is required in RoleBinding '%s'" $roleBindingValues.identifier) -}} 22 | {{- end -}} 23 | {{- end -}} 24 | 25 | {{- if eq $subjectTypeCount 0 -}} 26 | {{- fail (printf "At least one subject with a valid kind is required in RoleBinding '%s'" $roleBindingValues.identifier) -}} 27 | {{- end -}} 28 | 29 | {{- else -}} 30 | {{- fail (printf "subjects and roleRef are required for RoleBinding with key \"%v\"" $roleBindingValues.identifier) -}} 31 | {{- end -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/networkpolicy/field_podselector_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: networkPolicy - fields - podSelector 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: networkpolicy targets the correct controller by default 10 | set: 11 | networkpolicies: 12 | main: 13 | controller: main 14 | policyTypes: 15 | - Ingress 16 | - Egress 17 | rules: {} 18 | documentSelector: 19 | path: $[?(@.kind == "NetworkPolicy")].metadata.name 20 | value: release-name 21 | asserts: 22 | - equal: 23 | path: spec.podSelector 24 | value: 25 | matchLabels: 26 | app.kubernetes.io/controller: main 27 | app.kubernetes.io/instance: RELEASE-NAME 28 | app.kubernetes.io/name: RELEASE-NAME 29 | 30 | - it: networkpolicy targets supports custom podSelector 31 | set: 32 | networkpolicies: 33 | main: 34 | controller: main 35 | policyTypes: 36 | - Ingress 37 | - Egress 38 | podSelector: {} 39 | rules: {} 40 | documentSelector: 41 | path: $[?(@.kind == "NetworkPolicy")].metadata.name 42 | value: release-name 43 | asserts: 44 | - equal: 45 | path: spec.podSelector 46 | value: {} 47 | -------------------------------------------------------------------------------- /charts/library/common/templates/lib/pod/fields/_serviceAccountName.tpl: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Returns the value for serviceAccountName 3 | */ -}} 4 | {{- define "bjw-s.common.lib.pod.field.serviceAccountName" -}} 5 | {{- $rootContext := .ctx.rootContext -}} 6 | {{- $controllerObject := .ctx.controllerObject -}} 7 | 8 | {{- $enabledServiceAccounts := (include "bjw-s.common.lib.serviceAccount.enabledServiceAccounts" (dict "rootContext" $rootContext) | fromYaml ) }} 9 | {{- $serviceAccountName := "default" -}} 10 | 11 | {{- if not (has "serviceAccount" (keys $controllerObject)) -}} 12 | {{- if (eq (len $enabledServiceAccounts) 1) -}} 13 | {{- $serviceAccountName = ($enabledServiceAccounts | keys | first) -}} 14 | {{- end -}} 15 | {{- else -}} 16 | {{- if hasKey $controllerObject.serviceAccount "identifier" -}} 17 | {{- $subject := (include "bjw-s.common.lib.serviceAccount.getByIdentifier" (dict "rootContext" $rootContext "id" $controllerObject.serviceAccount.identifier) | fromYaml) -}} 18 | 19 | {{- if not $subject }} 20 | {{- fail (printf "No enabled ServiceAccount found with this identifier. (controller: '%s', identifier: '%s')" $controllerObject.identifier $controllerObject.serviceAccount.identifier) -}} 21 | {{- end -}} 22 | 23 | {{- $serviceAccountName = get $subject "name" -}} 24 | {{- else if hasKey $controllerObject.serviceAccount "name" -}} 25 | {{- $serviceAccountName = $controllerObject.serviceAccount.name -}} 26 | {{- end -}} 27 | {{- end -}} 28 | {{- $serviceAccountName -}} 29 | {{- end -}} 30 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/daemonset/metadata_annotations_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: daemonset - metadata - annotations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main: 10 | type: daemonset 11 | tests: 12 | - it: no annotations are set by default 13 | documentSelector: 14 | path: $[?(@.kind == "DaemonSet")].metadata.name 15 | value: release-name 16 | asserts: 17 | - notExists: 18 | path: metadata.annotations 19 | 20 | - it: custom annotations 21 | set: 22 | controllers.main.annotations: 23 | test_annotation: test 24 | documentSelector: 25 | path: $[?(@.kind == "DaemonSet")].metadata.name 26 | value: release-name 27 | asserts: 28 | - equal: 29 | path: metadata.annotations 30 | value: 31 | test_annotation: test 32 | 33 | - it: custom annotations mixed with global annotations 34 | set: 35 | global.annotations: 36 | global_annotation: test 37 | controllers.main.annotations: 38 | test_annotation: test 39 | documentSelector: 40 | path: $[?(@.kind == "DaemonSet")].metadata.name 41 | value: release-name 42 | asserts: 43 | - equal: 44 | path: metadata.annotations 45 | value: 46 | global_annotation: test 47 | test_annotation: test 48 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/deployment/metadata_annotations_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: deployment - metadata - annotations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main: 10 | type: deployment 11 | tests: 12 | - it: no annotations are set by default 13 | documentSelector: 14 | path: $[?(@.kind == "Deployment")].metadata.name 15 | value: release-name 16 | asserts: 17 | - notExists: 18 | path: metadata.annotations 19 | 20 | - it: custom annotations 21 | set: 22 | controllers.main.annotations: 23 | test_annotation: test 24 | documentSelector: 25 | path: $[?(@.kind == "Deployment")].metadata.name 26 | value: release-name 27 | asserts: 28 | - equal: 29 | path: metadata.annotations 30 | value: 31 | test_annotation: test 32 | 33 | - it: custom annotations mixed with global annotations 34 | set: 35 | global.annotations: 36 | global_annotation: test 37 | controllers.main.annotations: 38 | test_annotation: test 39 | documentSelector: 40 | path: $[?(@.kind == "Deployment")].metadata.name 41 | value: release-name 42 | asserts: 43 | - equal: 44 | path: metadata.annotations 45 | value: 46 | global_annotation: test 47 | test_annotation: test 48 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/secret/metadata_annotations_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: secret - metadata - annotations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | secrets: 10 | secret: 11 | stringData: 12 | test: test 13 | tests: 14 | - it: no annotations are set by default 15 | documentSelector: 16 | path: $[?(@.kind == "Secret")].metadata.name 17 | value: release-name 18 | asserts: 19 | - notExists: 20 | path: metadata.annotations 21 | 22 | - it: custom annotations 23 | set: 24 | secrets.secret.annotations: 25 | test_annotation: test 26 | documentSelector: 27 | path: $[?(@.kind == "Secret")].metadata.name 28 | value: release-name 29 | asserts: 30 | - equal: 31 | path: metadata.annotations 32 | value: 33 | test_annotation: test 34 | 35 | - it: custom annotations mixed with global annotations 36 | set: 37 | global.annotations: 38 | global_annotation: test 39 | secrets.secret.annotations: 40 | test_annotation: test 41 | documentSelector: 42 | path: $[?(@.kind == "Secret")].metadata.name 43 | value: release-name 44 | asserts: 45 | - equal: 46 | path: metadata.annotations 47 | value: 48 | global_annotation: test 49 | test_annotation: test 50 | -------------------------------------------------------------------------------- /charts/library/common/templates/classes/_secret.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | This template serves as a blueprint for all Secret objects that are created 3 | within the common library. 4 | */}} 5 | {{- define "bjw-s.common.class.secret" -}} 6 | {{- $rootContext := .rootContext -}} 7 | {{- $secretObject := .object -}} 8 | 9 | {{- $labels := merge 10 | ($secretObject.labels | default dict) 11 | (include "bjw-s.common.lib.metadata.allLabels" $rootContext | fromYaml) 12 | -}} 13 | {{- $annotations := merge 14 | ($secretObject.annotations | default dict) 15 | (include "bjw-s.common.lib.metadata.globalAnnotations" $rootContext | fromYaml) 16 | -}} 17 | 18 | {{- $stringData := "" -}} 19 | {{- with $secretObject.stringData -}} 20 | {{- $stringData = (toYaml $secretObject.stringData) | trim -}} 21 | {{- end -}} 22 | --- 23 | apiVersion: v1 24 | kind: Secret 25 | {{- with $secretObject.type }} 26 | type: {{ . }} 27 | {{- end }} 28 | metadata: 29 | name: {{ $secretObject.name }} 30 | {{- with $labels }} 31 | labels: 32 | {{- range $key, $value := . }} 33 | {{- printf "%s: %s" $key (tpl $value $rootContext | toYaml ) | nindent 4 }} 34 | {{- end }} 35 | {{- end }} 36 | {{- with $annotations }} 37 | annotations: 38 | {{- range $key, $value := . }} 39 | {{- printf "%s: %s" $key (tpl $value $rootContext | toYaml ) | nindent 4 }} 40 | {{- end }} 41 | {{- end }} 42 | namespace: {{ $rootContext.Release.Namespace }} 43 | {{- with $stringData }} 44 | stringData: {{- tpl $stringData $rootContext | nindent 2 }} 45 | {{- end }} 46 | {{- end -}} 47 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/statefulset/metadata_annotations_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: statefulset - metadata - annotations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | controllers.main: 10 | type: statefulset 11 | tests: 12 | - it: no annotations are set by default 13 | documentSelector: 14 | path: $[?(@.kind == "StatefulSet")].metadata.name 15 | value: release-name 16 | asserts: 17 | - notExists: 18 | path: metadata.annotations 19 | 20 | - it: custom annotations 21 | set: 22 | controllers.main.annotations: 23 | test_annotation: test 24 | documentSelector: 25 | path: $[?(@.kind == "StatefulSet")].metadata.name 26 | value: release-name 27 | asserts: 28 | - equal: 29 | path: metadata.annotations 30 | value: 31 | test_annotation: test 32 | 33 | - it: custom annotations mixed with global annotations 34 | set: 35 | global.annotations: 36 | global_annotation: test 37 | controllers.main.annotations: 38 | test_annotation: test 39 | documentSelector: 40 | path: $[?(@.kind == "StatefulSet")].metadata.name 41 | value: release-name 42 | asserts: 43 | - equal: 44 | path: metadata.annotations 45 | value: 46 | global_annotation: test 47 | test_annotation: test 48 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/configmap/field_fromFolder_escaped_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 4 | suite: configmap - fields - configMapsFromFolder - escaped 5 | templates: 6 | - common.yaml 7 | values: 8 | - ../_values/controllers_main_default_container.yaml 9 | set: 10 | configMapsFromFolder: 11 | enabled: true 12 | basePath: testFiles/escaped 13 | tests: 14 | - it: Trying to render invalid template leads to failure when escaped is unset 15 | asserts: 16 | - failedTemplate: {} 17 | 18 | - it: Trying to render invalid template leads to failure when escaped is disabled 19 | set: 20 | configMapsFromFolder: 21 | configMapsOverrides: 22 | escaped: 23 | fileAttributeOverrides: 24 | test_2.yaml: 25 | escaped: false 26 | asserts: 27 | - failedTemplate: {} 28 | 29 | - it: escaped enabled 30 | set: 31 | configMapsFromFolder: 32 | configMapsOverrides: 33 | escaped: 34 | fileAttributeOverrides: 35 | test_2.yaml: 36 | escaped: true 37 | asserts: 38 | - documentSelector: 39 | path: $[?(@.kind == "ConfigMap")].metadata.name 40 | value: release-name 41 | equal: 42 | path: data 43 | value: 44 | test_2.yaml: |- 45 | --- 46 | test: 47 | test: "{{ .Values.global.random.nonExistentKey }}" 48 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/pvc/presence_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: pvc - presence 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | tests: 9 | - it: pvc is enabled by default 10 | set: 11 | persistence.test: 12 | type: persistentVolumeClaim 13 | suffix: test 14 | accessMode: ReadWriteOnce 15 | size: 1Gi 16 | asserts: 17 | - containsDocument: 18 | kind: PersistentVolumeClaim 19 | apiVersion: v1 20 | name: release-name-test 21 | any: true 22 | 23 | - it: pvc can be explicitly enabled 24 | set: 25 | persistence.test: 26 | type: persistentVolumeClaim 27 | enabled: true 28 | suffix: test 29 | accessMode: ReadWriteOnce 30 | size: 1Gi 31 | asserts: 32 | - containsDocument: 33 | kind: PersistentVolumeClaim 34 | apiVersion: v1 35 | name: release-name-test 36 | any: true 37 | 38 | - it: pvc can be disabled 39 | set: 40 | persistence.test: 41 | type: persistentVolumeClaim 42 | enabled: false 43 | suffix: test 44 | accessMode: ReadWriteOnce 45 | size: 1Gi 46 | asserts: 47 | - not: true 48 | containsDocument: 49 | kind: PersistentVolumeClaim 50 | apiVersion: v1 51 | name: release-name-test 52 | any: true 53 | -------------------------------------------------------------------------------- /charts/library/common/test-chart/unittests/serviceAccount/metadata_annotations_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json 3 | suite: serviceAccount - metadata - annotations 4 | templates: 5 | - common.yaml 6 | values: 7 | - ../_values/controllers_main_default_container.yaml 8 | set: 9 | serviceAccount: 10 | main: {} 11 | tests: 12 | - it: no annotations are set by default 13 | documentSelector: 14 | path: $[?(@.kind == "ServiceAccount")].metadata.name 15 | value: release-name 16 | asserts: 17 | - notExists: 18 | path: metadata.annotations 19 | 20 | - it: custom annotations 21 | set: 22 | serviceAccount.main.annotations: 23 | test_annotation: test 24 | documentSelector: 25 | path: $[?(@.kind == "ServiceAccount")].metadata.name 26 | value: release-name 27 | asserts: 28 | - equal: 29 | path: metadata.annotations 30 | value: 31 | test_annotation: test 32 | 33 | - it: custom annotations mixed with global annotations 34 | set: 35 | global.annotations: 36 | global_annotation: test 37 | serviceAccount.main.annotations: 38 | test_annotation: test 39 | documentSelector: 40 | path: $[?(@.kind == "ServiceAccount")].metadata.name 41 | value: release-name 42 | asserts: 43 | - equal: 44 | path: metadata.annotations 45 | value: 46 | global_annotation: test 47 | test_annotation: test 48 | -------------------------------------------------------------------------------- /charts/library/common/schemas/secret.json: -------------------------------------------------------------------------------- 1 | { 2 | "instance": { 3 | "allOf": [ 4 | { "$ref": "definitions.json#/resourceIdentifier" }, 5 | { 6 | "type": "object", 7 | "additionalProperties": false, 8 | "properties": { 9 | "forceRename": {}, 10 | "prefix": {}, 11 | "suffix": {}, 12 | "enabled": { 13 | "description": "Set to false to disable the Secret.", 14 | "type": "boolean", 15 | "default": true 16 | }, 17 | "includeInChecksum": { 18 | "description": "Set to true to include this Secret in the checksum calculation for rolling updates.", 19 | "type": "boolean", 20 | "default": true 21 | }, 22 | "includeChecksumInControllers": { 23 | "description": "Specify a list of controller identifiers for which to include this Secret in the checksum calculation for rolling updates.", 24 | "type": "array" 25 | }, 26 | "annotations": { "$ref": "definitions.json#/annotations" }, 27 | "labels": { "$ref": "definitions.json#/labels" }, 28 | "type": { 29 | "description": "Secret type.", 30 | "type": "string" 31 | }, 32 | "stringData": { 33 | "description": "Secret stringData content. Helm templates are supported.", 34 | "type": "object", 35 | "additionalProperties": { "type": "string" } 36 | } 37 | }, 38 | "required": ["stringData"] 39 | } 40 | ] 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /.github/workflows/codeql.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json 3 | name: "CodeQL check" 4 | 5 | on: 6 | workflow_dispatch: 7 | pull_request: 8 | branches: 9 | - main 10 | push: 11 | branches: 12 | - main 13 | schedule: 14 | - cron: "30 6 * * *" 15 | 16 | permissions: 17 | contents: read 18 | 19 | jobs: 20 | analyze: 21 | name: Analyze (${{ matrix.language }}) 22 | runs-on: ubuntu-latest 23 | 24 | permissions: 25 | security-events: write 26 | packages: read 27 | actions: read 28 | contents: read 29 | 30 | strategy: 31 | fail-fast: false 32 | matrix: 33 | include: 34 | - language: actions 35 | build-mode: none 36 | source-root: . 37 | 38 | steps: 39 | - name: Checkout 40 | id: checkout 41 | uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 42 | with: 43 | persist-credentials: false 44 | 45 | - name: Initialize CodeQL 46 | id: initialize 47 | uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 48 | with: 49 | languages: ${{ matrix.language }} 50 | build-mode: ${{ matrix.build-mode }} 51 | source-root: ${{ matrix.source-root }} 52 | 53 | - name: Perform CodeQL Analysis 54 | id: analyze 55 | uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 56 | with: 57 | category: "/language:${{matrix.language}}" 58 | --------------------------------------------------------------------------------