├── cr.yaml ├── charts ├── k8s-image-swapper │ ├── templates │ │ ├── NOTES.txt │ │ ├── configmap.yaml │ │ ├── cert-manager-issuer.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── pdb.yaml │ │ ├── extraManifests.yaml │ │ ├── job-patch │ │ │ ├── role.yaml │ │ │ ├── serviceaccount.yaml │ │ │ ├── rolebinding.yaml │ │ │ ├── clusterrolebinding.yaml │ │ │ ├── clusterrole.yaml │ │ │ ├── psp.yaml │ │ │ ├── job-createSecret.yaml │ │ │ └── job-patchWebhook.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── clusterrole.yaml │ │ ├── cert-manager-cert.yaml │ │ ├── tests │ │ │ └── test-connection.yaml │ │ ├── hpa.yaml │ │ ├── mutatingWebhookConfiguration.yaml │ │ ├── _helpers.tpl │ │ └── deployment.yaml │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── values.yaml │ └── values.schema.json └── httpbingo │ ├── templates │ ├── serviceaccount.yaml │ ├── service.yaml │ ├── tests │ │ └── test-connection.yaml │ ├── hpa.yaml │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── deployment.yaml │ └── ingress.yaml │ ├── .helmignore │ ├── Chart.yaml │ ├── values.yaml │ └── README.md ├── .gitignore ├── .github ├── dependabot.yml ├── workflows │ ├── auto-approve.yml │ ├── conventional-label.yaml │ ├── pre-commit.yml │ ├── auto-merge.yml │ ├── helm-docs.yml │ ├── lint-test.yaml │ └── release.yaml ├── release.yml ├── FUNDING.yml └── pull_request_template.md ├── ct.yaml ├── Makefile ├── .pre-commit-config.yaml ├── README.md ├── LICENSE └── CODE_OF_CONDUCT.md /cr.yaml: -------------------------------------------------------------------------------- 1 | sign: false 2 | key: "" 3 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Helm chart automated files 2 | /charts/*/charts 3 | .idea 4 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "github-actions" 4 | directory: "/" 5 | target-branch: "main" 6 | schedule: 7 | interval: "weekly" 8 | -------------------------------------------------------------------------------- /ct.yaml: -------------------------------------------------------------------------------- 1 | # See https://github.com/helm/chart-testing#configuration 2 | remote: origin 3 | target-branch: main 4 | chart-dirs: 5 | - charts 6 | chart-repos: 7 | - bitnami=https://charts.bitnami.com/bitnami 8 | helm-extra-args: --timeout 600s 9 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | 2 | .PHONY: pre-commit 3 | pre-commit: 4 | pre-commit run --all-files 5 | 6 | 7 | .PHONY: helm-docs 8 | helm-docs: 9 | helm-docs 10 | 11 | 12 | .PHONY: tools-macos 13 | tools-macos: 14 | brew install pre-commit norwoodj/tap/helm-docs 15 | 16 | .PHONY: prep 17 | prep: helm-docs pre-commit 18 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "k8s-image-swapper.fullname" . }} 5 | labels: 6 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 7 | data: 8 | {{- if .Values.config }} 9 | config.yaml: | 10 | {{ toYaml .Values.config | indent 4 }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /.github/workflows/auto-approve.yml: -------------------------------------------------------------------------------- 1 | name: Auto approve 2 | 3 | on: 4 | pull_request_target 5 | 6 | jobs: 7 | auto-approve: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - uses: hmarr/auto-approve-action@v4 11 | if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]' 12 | with: 13 | github-token: "${{ secrets.GITHUB_TOKEN }}" 14 | -------------------------------------------------------------------------------- /.github/workflows/conventional-label.yaml: -------------------------------------------------------------------------------- 1 | on: 2 | pull_request_target: 3 | types: [ opened, edited ] 4 | 5 | name: conventional-release-labels 6 | jobs: 7 | label: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - uses: bcoe/conventional-release-labels@v1 11 | with: 12 | type_labels: '{"feat": "feature", "fix": "bugfix", "breaking": "breaking-change"}' 13 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/cert-manager-issuer.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.certmanager.enabled (not .Values.certmanager.issuerName) -}} 2 | apiVersion: cert-manager.io/v1 3 | kind: Issuer 4 | metadata: 5 | name: {{ include "k8s-image-swapper.fullname" . }}-issuer 6 | labels: 7 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 8 | spec: 9 | selfSigned: {} 10 | {{- end -}} 11 | -------------------------------------------------------------------------------- /charts/httpbingo/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "httpbingo.serviceAccountName" . }} 6 | labels: 7 | {{- include "httpbingo.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /.github/workflows/pre-commit.yml: -------------------------------------------------------------------------------- 1 | name: pre-commit 2 | 3 | on: 4 | pull_request: 5 | push: 6 | branches: [main] 7 | 8 | jobs: 9 | pre-commit: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v4 13 | with: 14 | fetch-depth: 0 15 | - uses: actions/setup-python@v5.1.1 16 | - uses: actions/setup-node@v4.0.3 17 | - uses: pre-commit/action@v3.0.1 18 | env: 19 | SKIP: helm-docs 20 | -------------------------------------------------------------------------------- /charts/httpbingo/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "httpbingo.fullname" . }} 5 | labels: 6 | {{- include "httpbingo.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "httpbingo.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /charts/httpbingo/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/httpbingo/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "httpbingo.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "httpbingo.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "httpbingo.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "k8s-image-swapper.fullname" . }} 5 | labels: 6 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: https 12 | protocol: TCP 13 | name: https 14 | selector: 15 | {{- include "k8s-image-swapper.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "k8s-image-swapper.serviceAccountName" . }} 6 | labels: 7 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | imagePullSecrets: 13 | {{ toYaml .Values.imagePullSecrets | indent 2 }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /.github/release.yml: -------------------------------------------------------------------------------- 1 | changelog: 2 | exclude: 3 | labels: 4 | - ignore-for-release 5 | authors: 6 | - octocat 7 | categories: 8 | - title: 🧨 Breaking Changes 9 | labels: 10 | - Semver-Major 11 | - breaking-change 12 | - title: 🎉 Features 13 | labels: 14 | - Semver-Minor 15 | - feature 16 | - title: 🐛 Bug Fixes 17 | labels: 18 | - Semver-Minor 19 | - bugfix 20 | - title: 🛠 Other Changes 21 | labels: 22 | - "*" 23 | -------------------------------------------------------------------------------- /.github/workflows/auto-merge.yml: -------------------------------------------------------------------------------- 1 | name: Auto-Merge 2 | on: 3 | pull_request_target 4 | 5 | jobs: 6 | enable-auto-merge: 7 | runs-on: ubuntu-latest 8 | 9 | # if: github.event.pull_request.user.login == 'dependabot[bot]' && contains(github.event.pull_request.labels.*.name, 'dependencies') 10 | steps: 11 | - uses: alexwilson/enable-github-automerge-action@main 12 | if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]' 13 | with: 14 | github-token: "${{ secrets.GITHUB_TOKEN }}" 15 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.pdb.enabled }} 2 | apiVersion: {{ .Capabilities.APIVersions.Has "policy/v1" | ternary "policy/v1" "policy/v1beta1" }} 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ include "k8s-image-swapper.fullname" . }} 6 | labels: 7 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 8 | spec: 9 | minAvailable: {{ .Values.pdb.minAvailable }} 10 | selector: 11 | matchLabels: 12 | app.kubernetes.io/name: {{ include "k8s-image-swapper.fullname" . }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/extraManifests.yaml: -------------------------------------------------------------------------------- 1 | {{ range .Values.extraManifests }} 2 | {{- if eq "string" ( kindOf . ) }} 3 | {{/* If manifest is a string, convert it back and forth from yaml to ensure good syntax */}} 4 | {{- . | fromYaml | toYaml }} 5 | {{- else }} 6 | {{- . | toYaml }} 7 | {{- end }} 8 | --- 9 | {{ end }} 10 | 11 | {{ range .Values.extraManifestsTemplated }} 12 | {{- if eq "string" ( kindOf . ) }} 13 | {{- tpl . $ }} 14 | {{- else }} 15 | {{- tpl ( . | toYaml ) $ }} 16 | {{- end }} 17 | --- 18 | {{ end }} 19 | -------------------------------------------------------------------------------- /charts/httpbingo/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: httpbingo 3 | description: A reasonably complete and well-tested golang port of httpbin, with zero dependencies outside the go stdlib. 4 | type: application 5 | version: 0.1.1 6 | appVersion: "v2.2.2" 7 | home: https://github.com/estahn/charts/tree/main/charts/httpbingo 8 | keywords: 9 | - httpbin 10 | - tests 11 | maintainers: 12 | - email: enrico.stahn@gmail.com 13 | name: estahn 14 | annotations: 15 | artifacthub.io/changes: | 16 | - "Update README.md" 17 | artifacthub.io/images: | 18 | - name: go-httpbin 19 | image: mccutchen/go-httpbin:v2.2.2 20 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/job-patch/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.patch.enabled .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ include "k8s-image-swapper.fullname" . }}-patch 6 | annotations: 7 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade 8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 9 | labels: 10 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 11 | rules: 12 | - apiGroups: 13 | - "" 14 | resources: 15 | - secrets 16 | verbs: 17 | - get 18 | - create 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | - repo: https://github.com/norwoodj/helm-docs 3 | rev: v1.11.0 4 | hooks: 5 | - id: helm-docs 6 | - repo: https://github.com/pre-commit/pre-commit-hooks 7 | rev: v4.0.1 8 | hooks: 9 | - id: trailing-whitespace 10 | - id: check-added-large-files 11 | - id: check-json 12 | - id: pretty-format-json 13 | args: ['--autofix', '--top-keys', 'type'] 14 | - id: check-merge-conflict 15 | - id: check-symlinks 16 | - id: check-yaml 17 | exclude: ^charts/.+/templates/ 18 | - id: detect-private-key 19 | - id: check-merge-conflict 20 | - id: check-executables-have-shebangs 21 | - id: end-of-file-fixer 22 | - id: mixed-line-ending 23 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/job-patch/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.patch.enabled .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "k8s-image-swapper.fullname" . }}-patch 6 | labels: 7 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 8 | annotations: 9 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade 10 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 11 | {{- with .Values.serviceAccount.annotations }} 12 | {{- toYaml . | nindent 4 }} 13 | {{- end }} 14 | imagePullSecrets: 15 | {{ toYaml .Values.imagePullSecrets | indent 2 }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: [estahn] 4 | patreon: # Replace with a single Patreon username 5 | open_collective: # Replace with a single Open Collective username 6 | ko_fi: # Replace with a single Ko-fi username 7 | tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel 8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry 9 | liberapay: # Replace with a single Liberapay username 10 | issuehunt: # Replace with a single IssueHunt username 11 | otechie: # Replace with a single Otechie username 12 | custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] 13 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secretReader.enabled -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: {{ include "k8s-image-swapper.fullname" . }} 6 | labels: 7 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: {{ include "k8s-image-swapper.fullname" . }} 16 | subjects: 17 | - kind: ServiceAccount 18 | name: {{ include "k8s-image-swapper.fullname" . }} 19 | namespace: {{ .Release.Namespace }} 20 | {{- end -}} 21 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: k8s-image-swapper 3 | description: Mirror images into your own registry and swap image references automatically. 4 | type: application 5 | version: 1.10.3 6 | appVersion: 1.5.10 7 | home: https://github.com/estahn/charts/tree/main/charts/k8s-image-swapper 8 | keywords: 9 | - kubernetes 10 | - kubernetes-webhook 11 | - golang 12 | - mutating-webhook 13 | maintainers: 14 | - email: enrico.stahn@gmail.com 15 | name: estahn 16 | annotations: 17 | artifacthub.io/changes: | 18 | - "Add webhook timeoutSeconds to allow configuration how long the api server should wait for webhook" 19 | artifacthub.io/images: | 20 | - name: k8s-image-webhook 21 | image: ghcr.io/estahn/k8s-image-swapper:1.5.10 22 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | ## Purpose 2 | 3 | 4 | 5 | ## Changes 6 | 7 | 13 | 14 | ## Testing 15 | 16 | 17 | 18 | ## Code Author Checklist 19 | 20 | - [ ] Bump the chart version (`Chart.yaml` -> `version`) 21 | - [ ] JSON Schema updated (`values.schema.json`) 22 | - [ ] Update `README.md` via [helm-docs](https://github.com/norwoodj/helm-docs) (or `make prep`) 23 | - [ ] Run `pre-commit run --all-files` via [pre-commit](https://pre-commit.com/) (or `make prep`) 24 | - [ ] Update Artifacthub annotation (`Chart.yaml` -> `artifacthub.io/changes`, `artifacthub.io/images`) 25 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/job-patch/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.patch.enabled .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ include "k8s-image-swapper.fullname" . }}-patch 6 | annotations: 7 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade 8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 9 | labels: 10 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: Role 14 | name: {{ include "k8s-image-swapper.fullname" . }}-patch 15 | subjects: 16 | - kind: ServiceAccount 17 | name: {{ include "k8s-image-swapper.fullname" . }}-patch 18 | namespace: {{ .Release.Namespace }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/job-patch/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.patch.enabled .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: {{ include "k8s-image-swapper.fullname" . }}-patch 6 | annotations: 7 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade 8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 9 | labels: 10 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: {{ include "k8s-image-swapper.fullname" . }}-patch 15 | subjects: 16 | - kind: ServiceAccount 17 | name: {{ include "k8s-image-swapper.fullname" . }}-patch 18 | namespace: {{ .Release.Namespace }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /.github/workflows/helm-docs.yml: -------------------------------------------------------------------------------- 1 | name: Update helm-docs 2 | 3 | on: pull_request 4 | 5 | env: 6 | HELM_DOCS_VERSION: "1.11.0" 7 | 8 | jobs: 9 | helm-docs: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v4 13 | with: 14 | fetch-depth: 0 15 | - name: Install binaries 16 | run: | 17 | mkdir -p $GITHUB_WORKSPACE/bin 18 | echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH 19 | curl -sSL https://github.com/norwoodj/helm-docs/releases/download/v${{env.HELM_DOCS_VERSION}}/helm-docs_${{env.HELM_DOCS_VERSION}}_Linux_x86_64.tar.gz | tar xvfz - --overwrite -C $GITHUB_WORKSPACE/bin 20 | 21 | - run: helm-docs 22 | 23 | - uses: stefanzweifel/git-auto-commit-action@v5 24 | with: 25 | file_pattern: 'charts/**/README.md' 26 | commit_message: 'docs: update helm-docs' 27 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secretReader.enabled -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ include "k8s-image-swapper.fullname" . }} 6 | labels: 7 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | rules: 13 | - apiGroups: 14 | - "" 15 | resources: 16 | - secrets 17 | {{- if .Values.secretReader.secretNames }} 18 | resourceNames: 19 | {{- toYaml .Values.secretReader.secretNames | nindent 6 }} 20 | {{- end }} 21 | verbs: 22 | - watch 23 | - get 24 | - apiGroups: 25 | - "" 26 | resources: 27 | - serviceaccounts 28 | verbs: 29 | - get 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # estahn's Helm Chart Repository 2 | 3 | [![](https://github.com/estahn/charts/workflows/Release%20Charts/badge.svg)](https://github.com/estahn/charts/actions) 4 | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/estahn)](https://artifacthub.io/packages/search?repo=estahn) 5 | 6 | ## Usage 7 | 8 | [Helm](https://helm.sh) must be installed to use the charts. 9 | Please refer to Helm's [documentation](https://helm.sh/docs/) to get started. 10 | 11 | Once Helm is set up properly, add the helm chart repository with: 12 | 13 | ```bash 14 | helm repo add estahn https://estahn.github.io/charts/ 15 | ``` 16 | 17 | List available charts with: 18 | 19 | ```bash 20 | helm search repo estahn 21 | ``` 22 | 23 | Deploy stuff! 24 | 25 | ## Charts 26 | 27 | See [artifact hub](https://artifacthub.io/packages/search?user=estahn) for a complete list. 28 | 29 | ## Contributing 30 | 31 | See [CONTRIBUTING.md](https://github.com/estahn/charts/blob/main/CONTRIBUTING.md) 32 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/cert-manager-cert.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.certmanager.enabled -}} 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: {{ include "k8s-image-swapper.fullname" . }}-cert 6 | labels: 7 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 8 | spec: 9 | secretName: {{ include "k8s-image-swapper.fullname" . }}-cert 10 | commonName: {{ printf "%s.%s.svc" (include "k8s-image-swapper.fullname" .) .Release.Namespace }} 11 | dnsNames: 12 | - {{ printf "%s.%s.svc.%s" (include "k8s-image-swapper.fullname" .) .Release.Namespace .Values.clusterSuffix }} 13 | - {{ printf "%s.%s.svc" (include "k8s-image-swapper.fullname" .) .Release.Namespace }} 14 | - {{ printf "%s.%s" (include "k8s-image-swapper.fullname" .) .Release.Namespace }} 15 | - {{ include "k8s-image-swapper.fullname" . }} 16 | issuerRef: 17 | name: {{ default (printf "%s-%s" (include "k8s-image-swapper.fullname" .) "issuer") .Values.certmanager.issuerName }} 18 | {{- end -}} 19 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.test.enabled }} 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: "{{ include "k8s-image-swapper.fullname" . }}-test-connection" 6 | labels: 7 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 8 | annotations: 9 | "helm.sh/hook": test 10 | spec: 11 | containers: 12 | - name: wget 13 | image: {{ .Values.test.image }} 14 | command: ['wget'] 15 | args: 16 | - --no-check-certificate 17 | - -O- 18 | - 'https://{{ include "k8s-image-swapper.fullname" . }}:{{ .Values.service.port }}' 19 | restartPolicy: Never 20 | {{- with .Values.test.nodeSelector }} 21 | nodeSelector: 22 | {{- toYaml . | nindent 8 }} 23 | {{- end }} 24 | {{- with .Values.test.affinity }} 25 | affinity: 26 | {{- toYaml . | nindent 8 }} 27 | {{- end }} 28 | {{- with .Values.test.tolerations }} 29 | tolerations: 30 | {{- toYaml . | nindent 8 }} 31 | {{- end }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /charts/httpbingo/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "httpbingo.fullname" . }} 6 | labels: 7 | {{- include "httpbingo.labels" . | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ include "httpbingo.fullname" . }} 13 | minReplicas: {{ .Values.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.autoscaling.maxReplicas }} 15 | metrics: 16 | {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} 21 | {{- end }} 22 | {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} 23 | - type: Resource 24 | resource: 25 | name: memory 26 | targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Enrico Stahn 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/job-patch/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.patch.enabled .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ include "k8s-image-swapper.fullname" . }}-patch 6 | annotations: 7 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade 8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 9 | labels: 10 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 11 | rules: 12 | - apiGroups: 13 | - admissionregistration.k8s.io 14 | resources: 15 | - mutatingwebhookconfigurations 16 | verbs: 17 | - get 18 | - update 19 | {{- if .Values.podSecurityPolicy.enabled }} 20 | {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} 21 | {{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} 22 | - apiGroups: ['policy'] 23 | {{- else }} 24 | - apiGroups: ['extensions'] 25 | {{- end }} 26 | resources: ['podsecuritypolicies'] 27 | verbs: ['use'] 28 | resourceNames: 29 | - {{ template "k8s-image-swapper.fullname" . }} 30 | {{- end }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.autoscaling.enabled }} 2 | apiVersion: {{ .Capabilities.APIVersions.Has "autoscaling/v2" | ternary "autoscaling/v2" "autoscaling/v2beta2" }} 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "k8s-image-swapper.fullname" . }} 6 | labels: 7 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ include "k8s-image-swapper.fullname" . }} 13 | minReplicas: {{ .Values.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.autoscaling.maxReplicas }} 15 | metrics: 16 | {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | target: 21 | type: Utilization 22 | averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} 23 | {{- end }} 24 | {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} 25 | - type: Resource 26 | resource: 27 | name: memory 28 | target: 29 | type: Utilization 30 | averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} 31 | {{- end }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /.github/workflows/lint-test.yaml: -------------------------------------------------------------------------------- 1 | name: Lint and Test Charts 2 | 3 | on: pull_request 4 | 5 | jobs: 6 | lint-test: 7 | runs-on: ubuntu-latest 8 | steps: 9 | - name: Checkout 10 | uses: actions/checkout@v4 11 | with: 12 | fetch-depth: 0 13 | 14 | - name: Set up Helm 15 | uses: azure/setup-helm@v4 16 | with: 17 | version: v3.4.1 18 | 19 | # Python is required because `ct lint` runs Yamale (https://github.com/23andMe/Yamale) and 20 | # yamllint (https://github.com/adrienverge/yamllint) which require Python 21 | - name: Set up Python 22 | uses: actions/setup-python@v5.1.1 23 | with: 24 | python-version: 3.7 25 | 26 | - name: Set up chart-testing 27 | uses: helm/chart-testing-action@v2.6.1 28 | 29 | - name: Run chart-testing (list-changed) 30 | id: list-changed 31 | run: | 32 | changed=$(ct list-changed --config ct.yaml) 33 | if [[ -n "$changed" ]]; then 34 | echo "::set-output name=changed::true" 35 | fi 36 | 37 | - name: Run chart-testing (lint) 38 | run: ct lint --config ct.yaml 39 | 40 | - name: Create kind cluster 41 | uses: helm/kind-action@v1.10.0 42 | if: steps.list-changed.outputs.changed == 'true' 43 | 44 | - name: Run chart-testing (install) 45 | run: ct install --config ct.yaml 46 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/mutatingWebhookConfiguration.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: admissionregistration.k8s.io/v1 2 | kind: MutatingWebhookConfiguration 3 | metadata: 4 | name: {{ template "k8s-image-swapper.fullname" . }} 5 | labels: 6 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 7 | {{- if .Values.certmanager.enabled }} 8 | annotations: 9 | cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "k8s-image-swapper.fullname" . }}-cert 10 | {{- end }} 11 | webhooks: 12 | - name: k8s-image-swapper.github.io 13 | timeoutSeconds: {{ .Values.webhook.timeoutSeconds }} 14 | failurePolicy: {{ .Values.webhook.failurePolicy }} 15 | reinvocationPolicy: {{ .Values.webhook.reinvocationPolicy }} 16 | namespaceSelector: 17 | {{- toYaml .Values.webhook.namespaceSelector | nindent 6 }} 18 | objectSelector: 19 | {{- toYaml .Values.webhook.objectSelector | nindent 6 }} 20 | rules: 21 | - apiGroups: 22 | - "*" 23 | apiVersions: 24 | - "*" 25 | resources: 26 | - pods 27 | operations: 28 | - CREATE 29 | - UPDATE 30 | clientConfig: 31 | {{- if not .Values.dev.enabled }} 32 | service: 33 | namespace: {{ .Release.Namespace }} 34 | name: {{ template "k8s-image-swapper.fullname" $ }} 35 | path: /webhook 36 | {{- else }} 37 | url: {{ .Values.dev.webhookURL }} 38 | caBundle: "" 39 | {{- end }} 40 | admissionReviewVersions: ["v1beta1"] 41 | sideEffects: None 42 | -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- 1 | name: Release Charts 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | 8 | jobs: 9 | release: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: Checkout 13 | uses: actions/checkout@v4 14 | with: 15 | fetch-depth: 0 16 | 17 | - name: Configure Git 18 | run: | 19 | git config user.name "$GITHUB_ACTOR" 20 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 21 | 22 | - name: Install Helm 23 | uses: azure/setup-helm@v4 24 | with: 25 | version: v3.4.1 26 | 27 | # Optional step if GPG signing is used 28 | - name: Prepare GPG key 29 | run: | 30 | gpg_dir=.cr-gpg 31 | mkdir "$gpg_dir" 32 | 33 | keyring="$gpg_dir/secring.gpg" 34 | base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring" 35 | 36 | passphrase_file="$gpg_dir/passphrase" 37 | echo "$GPG_PASSPHRASE" > "$passphrase_file" 38 | 39 | echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV" 40 | echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV" 41 | env: 42 | GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}" 43 | GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}" 44 | 45 | - name: Add dependency chart repos 46 | run: | 47 | helm repo add bitnami https://charts.bitnami.com/bitnami 48 | 49 | - name: Run chart-releaser 50 | uses: helm/chart-releaser-action@v1.6.0 51 | with: 52 | charts_dir: charts 53 | config: cr.yaml 54 | env: 55 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 56 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/job-patch/psp.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.patch.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ include "k8s-image-swapper.fullname" . }}-patch 6 | annotations: 7 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade 8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 9 | labels: 10 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 11 | {{- if .Values.global.rbac.pspAnnotations }} 12 | annotations: 13 | {{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} 14 | {{- end }} 15 | spec: 16 | privileged: false 17 | # Required to prevent escalations to root. 18 | # allowPrivilegeEscalation: false 19 | # This is redundant with non-root + disallow privilege escalation, 20 | # but we can provide it for defense in depth. 21 | #requiredDropCapabilities: 22 | # - ALL 23 | # Allow core volume types. 24 | volumes: 25 | - 'configMap' 26 | - 'emptyDir' 27 | - 'projected' 28 | - 'secret' 29 | - 'downwardAPI' 30 | - 'persistentVolumeClaim' 31 | hostNetwork: false 32 | hostIPC: false 33 | hostPID: false 34 | runAsUser: 35 | # Permits the container to run with root privileges as well. 36 | rule: 'RunAsAny' 37 | seLinux: 38 | # This policy assumes the nodes are using AppArmor rather than SELinux. 39 | rule: 'RunAsAny' 40 | supplementalGroups: 41 | rule: 'MustRunAs' 42 | ranges: 43 | # Forbid adding the root group. 44 | - min: 0 45 | max: 65535 46 | fsGroup: 47 | rule: 'MustRunAs' 48 | ranges: 49 | # Forbid adding the root group. 50 | - min: 0 51 | max: 65535 52 | readOnlyRootFilesystem: false 53 | {{- end }} 54 | -------------------------------------------------------------------------------- /charts/httpbingo/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "httpbingo.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "httpbingo.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "httpbingo.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "httpbingo.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") 20 | echo "Visit http://127.0.0.1:8080 to use your application" 21 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/httpbingo/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "httpbingo.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "httpbingo.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "httpbingo.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "httpbingo.labels" -}} 37 | helm.sh/chart: {{ include "httpbingo.chart" . }} 38 | {{ include "httpbingo.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "httpbingo.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "httpbingo.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "httpbingo.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "httpbingo.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /charts/httpbingo/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "httpbingo.fullname" . }} 5 | labels: 6 | {{- include "httpbingo.labels" . | nindent 4 }} 7 | spec: 8 | {{- if not .Values.autoscaling.enabled }} 9 | replicas: {{ .Values.replicaCount }} 10 | {{- end }} 11 | selector: 12 | matchLabels: 13 | {{- include "httpbingo.selectorLabels" . | nindent 6 }} 14 | template: 15 | metadata: 16 | {{- with .Values.podAnnotations }} 17 | annotations: 18 | {{- toYaml . | nindent 8 }} 19 | {{- end }} 20 | labels: 21 | {{- include "httpbingo.selectorLabels" . | nindent 8 }} 22 | spec: 23 | {{- with .Values.imagePullSecrets }} 24 | imagePullSecrets: 25 | {{- toYaml . | nindent 8 }} 26 | {{- end }} 27 | serviceAccountName: {{ include "httpbingo.serviceAccountName" . }} 28 | securityContext: 29 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 30 | containers: 31 | - name: {{ .Chart.Name }} 32 | securityContext: 33 | {{- toYaml .Values.securityContext | nindent 12 }} 34 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" 35 | imagePullPolicy: {{ .Values.image.pullPolicy }} 36 | ports: 37 | - name: http 38 | containerPort: 8080 39 | protocol: TCP 40 | livenessProbe: 41 | httpGet: 42 | path: / 43 | port: http 44 | readinessProbe: 45 | httpGet: 46 | path: / 47 | port: http 48 | resources: 49 | {{- toYaml .Values.resources | nindent 12 }} 50 | {{- with .Values.nodeSelector }} 51 | nodeSelector: 52 | {{- toYaml . | nindent 8 }} 53 | {{- end }} 54 | {{- with .Values.affinity }} 55 | affinity: 56 | {{- toYaml . | nindent 8 }} 57 | {{- end }} 58 | {{- with .Values.tolerations }} 59 | tolerations: 60 | {{- toYaml . | nindent 8 }} 61 | {{- end }} 62 | -------------------------------------------------------------------------------- /charts/httpbingo/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for httpbingo. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: mccutchen/go-httpbin 9 | pullPolicy: IfNotPresent 10 | # Overrides the image tag whose default is the chart appVersion. 11 | tag: "" 12 | 13 | imagePullSecrets: [] 14 | nameOverride: "" 15 | fullnameOverride: "" 16 | 17 | serviceAccount: 18 | # Specifies whether a service account should be created 19 | create: true 20 | # Annotations to add to the service account 21 | annotations: {} 22 | # The name of the service account to use. 23 | # If not set and create is true, a name is generated using the fullname template 24 | name: "" 25 | 26 | podAnnotations: {} 27 | 28 | podSecurityContext: {} 29 | # fsGroup: 2000 30 | 31 | securityContext: {} 32 | # capabilities: 33 | # drop: 34 | # - ALL 35 | # readOnlyRootFilesystem: true 36 | # runAsNonRoot: true 37 | # runAsUser: 1000 38 | 39 | service: 40 | type: ClusterIP 41 | port: 80 42 | 43 | ingress: 44 | enabled: false 45 | className: "" 46 | annotations: {} 47 | # kubernetes.io/ingress.class: nginx 48 | # kubernetes.io/tls-acme: "true" 49 | hosts: 50 | - host: chart-example.local 51 | paths: 52 | - path: / 53 | pathType: ImplementationSpecific 54 | tls: [] 55 | # - secretName: chart-example-tls 56 | # hosts: 57 | # - chart-example.local 58 | 59 | resources: {} 60 | # We usually recommend not to specify default resources and to leave this as a conscious 61 | # choice for the user. This also increases chances charts run on environments with little 62 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 63 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 64 | # limits: 65 | # cpu: 100m 66 | # memory: 128Mi 67 | # requests: 68 | # cpu: 100m 69 | # memory: 128Mi 70 | 71 | autoscaling: 72 | enabled: false 73 | minReplicas: 1 74 | maxReplicas: 100 75 | targetCPUUtilizationPercentage: 80 76 | # targetMemoryUtilizationPercentage: 80 77 | 78 | nodeSelector: {} 79 | 80 | tolerations: [] 81 | 82 | affinity: {} 83 | -------------------------------------------------------------------------------- /charts/httpbingo/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "httpbingo.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} 5 | {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} 6 | {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} 7 | {{- end }} 8 | {{- end }} 9 | {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} 10 | apiVersion: networking.k8s.io/v1 11 | {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 12 | apiVersion: networking.k8s.io/v1beta1 13 | {{- else -}} 14 | apiVersion: extensions/v1beta1 15 | {{- end }} 16 | kind: Ingress 17 | metadata: 18 | name: {{ $fullName }} 19 | labels: 20 | {{- include "httpbingo.labels" . | nindent 4 }} 21 | {{- with .Values.ingress.annotations }} 22 | annotations: 23 | {{- toYaml . | nindent 4 }} 24 | {{- end }} 25 | spec: 26 | {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} 27 | ingressClassName: {{ .Values.ingress.className }} 28 | {{- end }} 29 | {{- if .Values.ingress.tls }} 30 | tls: 31 | {{- range .Values.ingress.tls }} 32 | - hosts: 33 | {{- range .hosts }} 34 | - {{ . | quote }} 35 | {{- end }} 36 | secretName: {{ .secretName }} 37 | {{- end }} 38 | {{- end }} 39 | rules: 40 | {{- range .Values.ingress.hosts }} 41 | - host: {{ .host | quote }} 42 | http: 43 | paths: 44 | {{- range .paths }} 45 | - path: {{ .path }} 46 | {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} 47 | pathType: {{ .pathType }} 48 | {{- end }} 49 | backend: 50 | {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} 51 | service: 52 | name: {{ $fullName }} 53 | port: 54 | number: {{ $svcPort }} 55 | {{- else }} 56 | serviceName: {{ $fullName }} 57 | servicePort: {{ $svcPort }} 58 | {{- end }} 59 | {{- end }} 60 | {{- end }} 61 | {{- end }} 62 | -------------------------------------------------------------------------------- /charts/httpbingo/README.md: -------------------------------------------------------------------------------- 1 | # httpbingo 2 | 3 | ![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.2.2](https://img.shields.io/badge/AppVersion-v2.2.2-informational?style=flat-square) 4 | 5 | A reasonably complete and well-tested golang port of httpbin, with zero dependencies outside the go stdlib. 6 | 7 | **Homepage:** 8 | 9 | ## Maintainers 10 | 11 | | Name | Email | Url | 12 | | ---- | ------ | --- | 13 | | estahn | | | 14 | 15 | ## Values 16 | 17 | | Key | Type | Default | Description | 18 | |-----|------|---------|-------------| 19 | | affinity | object | `{}` | | 20 | | autoscaling.enabled | bool | `false` | | 21 | | autoscaling.maxReplicas | int | `100` | | 22 | | autoscaling.minReplicas | int | `1` | | 23 | | autoscaling.targetCPUUtilizationPercentage | int | `80` | | 24 | | fullnameOverride | string | `""` | | 25 | | image.pullPolicy | string | `"IfNotPresent"` | | 26 | | image.repository | string | `"mccutchen/go-httpbin"` | | 27 | | image.tag | string | `""` | | 28 | | imagePullSecrets | list | `[]` | | 29 | | ingress.annotations | object | `{}` | | 30 | | ingress.className | string | `""` | | 31 | | ingress.enabled | bool | `false` | | 32 | | ingress.hosts[0].host | string | `"chart-example.local"` | | 33 | | ingress.hosts[0].paths[0].path | string | `"/"` | | 34 | | ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | 35 | | ingress.tls | list | `[]` | | 36 | | nameOverride | string | `""` | | 37 | | nodeSelector | object | `{}` | | 38 | | podAnnotations | object | `{}` | | 39 | | podSecurityContext | object | `{}` | | 40 | | replicaCount | int | `1` | | 41 | | resources | object | `{}` | | 42 | | securityContext | object | `{}` | | 43 | | service.port | int | `80` | | 44 | | service.type | string | `"ClusterIP"` | | 45 | | serviceAccount.annotations | object | `{}` | | 46 | | serviceAccount.create | bool | `true` | | 47 | | serviceAccount.name | string | `""` | | 48 | | tolerations | list | `[]` | | 49 | 50 | ---------------------------------------------- 51 | Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) 52 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/job-patch/job-createSecret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.patch.enabled }} 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: {{ include "k8s-image-swapper.fullname" . }}-patch-create 6 | annotations: 7 | "helm.sh/hook": pre-install,pre-upgrade 8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 9 | labels: 10 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 11 | spec: 12 | {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} 13 | # Alpha feature since k8s 1.12 14 | ttlSecondsAfterFinished: 0 15 | {{- end }} 16 | template: 17 | metadata: 18 | name: {{ include "k8s-image-swapper.serviceAccountName" . }}-create 19 | {{- with .Values.patch.podAnnotations }} 20 | annotations: 21 | {{ toYaml . | indent 8 }} 22 | {{- end }} 23 | labels: 24 | {{- include "k8s-image-swapper.labels" . | nindent 8 }} 25 | spec: 26 | {{- if .Values.patch.priorityClassName }} 27 | priorityClassName: {{ .Values.patch.priorityClassName }} 28 | {{- end }} 29 | containers: 30 | - name: create 31 | {{- if .Values.patch.image.sha }} 32 | image: {{ .Values.patch.image.repository }}:{{ .Values.patch.image.tag }}@sha256:{{ .Values.patch.image.sha }} 33 | {{- else }} 34 | image: {{ .Values.patch.image.repository }}:{{ .Values.patch.image.tag }} 35 | {{- end }} 36 | imagePullPolicy: {{ .Values.patch.image.pullPolicy }} 37 | args: 38 | - create 39 | - --host={{ template "k8s-image-swapper.fullname" . }},{{ template "k8s-image-swapper.fullname" . }}.{{ .Release.Namespace }}.svc 40 | - --namespace={{ .Release.Namespace }} 41 | - --secret-name={{ template "k8s-image-swapper.fullname" . }} 42 | resources: 43 | {{ toYaml .Values.patch.resources | indent 12 }} 44 | restartPolicy: OnFailure 45 | serviceAccountName: {{ template "k8s-image-swapper.fullname" . }}-patch 46 | {{- with .Values.patch.nodeSelector }} 47 | nodeSelector: 48 | {{ toYaml . | indent 8 }} 49 | {{- end }} 50 | {{- with .Values.patch.affinity }} 51 | affinity: 52 | {{ toYaml . | indent 8 }} 53 | {{- end }} 54 | {{- with .Values.patch.tolerations }} 55 | tolerations: 56 | {{ toYaml . | indent 8 }} 57 | {{- end }} 58 | securityContext: 59 | runAsGroup: 2000 60 | runAsNonRoot: true 61 | runAsUser: 2000 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/job-patch/job-patchWebhook.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.patch.enabled }} 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: {{ include "k8s-image-swapper.fullname" . }}-patch 6 | annotations: 7 | "helm.sh/hook": post-install,post-upgrade 8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 9 | labels: 10 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 11 | spec: 12 | {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} 13 | # Alpha feature since k8s 1.12 14 | ttlSecondsAfterFinished: 0 15 | {{- end }} 16 | template: 17 | metadata: 18 | name: {{ include "k8s-image-swapper.fullname" . }}-patch 19 | {{- with .Values.patch.podAnnotations }} 20 | annotations: 21 | {{ toYaml . | indent 8 }} 22 | {{- end }} 23 | labels: 24 | {{- include "k8s-image-swapper.labels" . | nindent 8 }} 25 | spec: 26 | {{- if .Values.patch.priorityClassName }} 27 | priorityClassName: {{ .Values.patch.priorityClassName }} 28 | {{- end }} 29 | containers: 30 | - name: patch 31 | {{- if .Values.patch.image.sha }} 32 | image: {{ .Values.patch.image.repository }}:{{ .Values.patch.image.tag }}@sha256:{{ .Values.patch.image.sha }} 33 | {{- else }} 34 | image: {{ .Values.patch.image.repository }}:{{ .Values.patch.image.tag }} 35 | {{- end }} 36 | imagePullPolicy: {{ .Values.patch.image.pullPolicy }} 37 | args: 38 | - patch 39 | - --webhook-name={{ template "k8s-image-swapper.fullname" . }} 40 | - --namespace={{ .Release.Namespace }} 41 | - --secret-name={{ template "k8s-image-swapper.fullname" . }} 42 | - --patch-validating=false 43 | - --patch-failure-policy={{ .Values.webhook.failurePolicy }} 44 | resources: 45 | {{ toYaml .Values.patch.resources | indent 12 }} 46 | restartPolicy: OnFailure 47 | serviceAccountName: {{ template "k8s-image-swapper.fullname" . }}-patch 48 | {{- with .Values.patch.nodeSelector }} 49 | nodeSelector: 50 | {{ toYaml . | indent 8 }} 51 | {{- end }} 52 | {{- with .Values.patch.affinity }} 53 | affinity: 54 | {{ toYaml . | indent 8 }} 55 | {{- end }} 56 | {{- with .Values.patch.tolerations }} 57 | tolerations: 58 | {{ toYaml . | indent 8 }} 59 | {{- end }} 60 | securityContext: 61 | runAsGroup: 2000 62 | runAsNonRoot: true 63 | runAsUser: 2000 64 | {{- end }} 65 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "k8s-image-swapper.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "k8s-image-swapper.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "k8s-image-swapper.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "k8s-image-swapper.labels" -}} 37 | helm.sh/chart: {{ include "k8s-image-swapper.chart" . }} 38 | {{ include "k8s-image-swapper.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- if .Values.commonLabels }} 44 | {{- range $index, $content := .Values.commonLabels }} 45 | {{ $index }}: {{ tpl $content $ }} 46 | {{- end }} 47 | {{- end }} 48 | {{- end }} 49 | 50 | {{/* 51 | Selector labels 52 | */}} 53 | {{- define "k8s-image-swapper.selectorLabels" -}} 54 | app.kubernetes.io/name: {{ include "k8s-image-swapper.name" . }} 55 | app.kubernetes.io/instance: {{ .Release.Name }} 56 | {{- if contains "/job-patch/" .Template.Name }} 57 | app.kubernetes.io/component: job-patch 58 | {{- else }} 59 | app.kubernetes.io/component: app 60 | {{- end }} 61 | {{- end }} 62 | 63 | {{/* 64 | Create the name of the service account to use 65 | */}} 66 | {{- define "k8s-image-swapper.serviceAccountName" -}} 67 | {{- if .Values.serviceAccount.create }} 68 | {{- default (include "k8s-image-swapper.fullname" .) .Values.serviceAccount.name }} 69 | {{- else }} 70 | {{- default "default" .Values.serviceAccount.name }} 71 | {{- end }} 72 | {{- end }} 73 | 74 | {{/* 75 | Return the target Kubernetes version 76 | */}} 77 | {{- define "k8s-image-swapper.kubeVersion" -}} 78 | {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} 79 | {{- end -}} 80 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "k8s-image-swapper.fullname" . }} 5 | labels: 6 | {{- include "k8s-image-swapper.labels" . | nindent 4 }} 7 | {{- with .Values.deployment.annotations }} 8 | annotations: 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | spec: 12 | {{- if not .Values.autoscaling.enabled }} 13 | replicas: {{ .Values.replicaCount }} 14 | {{- end }} 15 | selector: 16 | matchLabels: 17 | {{- include "k8s-image-swapper.selectorLabels" . | nindent 6 }} 18 | template: 19 | metadata: 20 | annotations: 21 | checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} 22 | {{- with .Values.podAnnotations }} 23 | {{- toYaml . | nindent 8 }} 24 | {{- end }} 25 | labels: 26 | {{- include "k8s-image-swapper.labels" . | nindent 8 }} 27 | spec: 28 | {{- with .Values.imagePullSecrets }} 29 | imagePullSecrets: 30 | {{- toYaml . | nindent 8 }} 31 | {{- end }} 32 | {{- if .Values.hostNetwork }} 33 | hostNetwork: {{ .Values.hostNetwork }} 34 | {{- end }} 35 | serviceAccountName: {{ include "k8s-image-swapper.serviceAccountName" . }} 36 | securityContext: 37 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 38 | containers: 39 | - name: {{ .Chart.Name }} 40 | securityContext: 41 | {{- toYaml .Values.securityContext | nindent 12 }} 42 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" 43 | imagePullPolicy: {{ .Values.image.pullPolicy }} 44 | {{- if or .Values.awsSecretName .Values.extraEnv }} 45 | env: 46 | {{- if .Values.awsSecretName }} 47 | - name: AWS_ACCESS_KEY_ID 48 | valueFrom: 49 | secretKeyRef: 50 | name: {{ .Values.awsSecretName }} 51 | key: {{ .Values.awsSecretKeys.accessKeyID }} 52 | - name: AWS_SECRET_ACCESS_KEY 53 | valueFrom: 54 | secretKeyRef: 55 | name: {{ .Values.awsSecretName }} 56 | key: {{ .Values.awsSecretKeys.secretAccessKey }} 57 | {{- end }} 58 | {{- with .Values.extraEnv }} 59 | {{- toYaml . | nindent 12 }} 60 | {{- end }} 61 | {{- end }} 62 | args: 63 | - --config=/.k8s-image-swapper.yaml 64 | {{- if .Values.certmanager.enabled }} 65 | - --tls-cert-file=/usr/local/certificates/tls.crt 66 | - --tls-key-file=/usr/local/certificates/tls.key 67 | {{- else }} 68 | - --tls-cert-file=/usr/local/certificates/cert 69 | - --tls-key-file=/usr/local/certificates/key 70 | {{- end }} 71 | - --listen-address=:{{ .Values.containerPort }} 72 | ports: 73 | - name: https 74 | containerPort: {{ .Values.containerPort }} 75 | protocol: TCP 76 | livenessProbe: 77 | httpGet: 78 | path: / 79 | port: https 80 | scheme: HTTPS 81 | readinessProbe: 82 | httpGet: 83 | path: / 84 | port: https 85 | scheme: HTTPS 86 | resources: 87 | {{- toYaml .Values.resources | nindent 12 }} 88 | volumeMounts: 89 | - name: {{ include "k8s-image-swapper.fullname" . }} 90 | subPath: config.yaml 91 | mountPath: /.k8s-image-swapper.yaml 92 | readOnly: true 93 | - mountPath: /tmp 94 | name: tmp 95 | {{- if or .Values.patch.enabled .Values.certmanager.enabled }} 96 | - name: webhook-cert 97 | mountPath: "/usr/local/certificates/" 98 | readOnly: true 99 | {{- end }} 100 | volumes: 101 | - name: {{ include "k8s-image-swapper.fullname" . }} 102 | configMap: 103 | name: {{ include "k8s-image-swapper.fullname" . }} 104 | - name: tmp 105 | {{- toYaml .Values.cacheVolume | nindent 10 }} 106 | {{- if .Values.patch.enabled }} 107 | - name: webhook-cert 108 | secret: 109 | secretName: {{ template "k8s-image-swapper.fullname". }} 110 | {{- end }} 111 | {{- if .Values.certmanager.enabled }} 112 | - name: webhook-cert 113 | secret: 114 | secretName: {{ template "k8s-image-swapper.fullname". }}-cert 115 | {{- end }} 116 | {{- with .Values.nodeSelector }} 117 | nodeSelector: 118 | {{- toYaml . | nindent 8 }} 119 | {{- end }} 120 | {{- with .Values.affinity }} 121 | affinity: 122 | {{- toYaml . | nindent 8 }} 123 | {{- end }} 124 | {{- with .Values.tolerations }} 125 | tolerations: 126 | {{- toYaml . | nindent 8 }} 127 | {{- end }} 128 | {{- if .Values.deployment.priorityClassName }} 129 | priorityClassName: {{ .Values.deployment.priorityClassName }} 130 | {{- end }} 131 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/README.md: -------------------------------------------------------------------------------- 1 | # k8s-image-swapper 2 | 3 | ![Version: 1.10.3](https://img.shields.io/badge/Version-1.10.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.5.10](https://img.shields.io/badge/AppVersion-1.5.10-informational?style=flat-square) 4 | 5 | Mirror images into your own registry and swap image references automatically. 6 | 7 | **Homepage:** 8 | 9 | ## Maintainers 10 | 11 | | Name | Email | Url | 12 | | ---- | ------ | --- | 13 | | estahn | | | 14 | 15 | ## Values 16 | 17 | | Key | Type | Default | Description | 18 | |-----|------|---------|-------------| 19 | | affinity | object | `{}` | | 20 | | autoscaling.enabled | bool | `false` | | 21 | | autoscaling.maxReplicas | int | `100` | | 22 | | autoscaling.minReplicas | int | `1` | | 23 | | autoscaling.targetCPUUtilizationPercentage | int | `80` | | 24 | | awsSecretKeys | object | `{"accessKeyID":"aws_access_key_id","secretAccessKey":"aws_secret_access_key"}` | Specify which keys to pull from the .awsSecretName secret for the associated environment variables. | 25 | | awsSecretKeys.accessKeyID | string | `"aws_access_key_id"` | If using Hashicorp Vault Operator w/ AWS engine, use `access_key` | 26 | | awsSecretKeys.secretAccessKey | string | `"aws_secret_access_key"` | If using Hashicorp Vault Operator w/ AWS engine, use `secret_key` | 27 | | awsSecretName | string | `""` | If set, the secret will be used as environment variables, see awsSecretKeys. | 28 | | cacheVolume | object | `{"emptyDir":{}}` | The type of volume to be used for caching images | 29 | | certmanager.enabled | bool | `false` | Should cert-manager be used to issue the certificate use by the k8s-image-swapper endpoints | 30 | | certmanager.issuerName | string | `""` | If set, the name of the cert-manager issuer to use to issue the cert, otherwise a self-signed issuer will be created | 31 | | clusterSuffix | string | `"cluster.local"` | The DNS suffix of cluster addresses | 32 | | commonLabels | object | `{}` | Labels that will be added on all the resources (not in selectors) | 33 | | config.dryRun | bool | `true` | | 34 | | config.logFormat | string | `"console"` | | 35 | | config.logLevel | string | `"debug"` | | 36 | | config.source.filters[0].jmespath | string | `"obj.metadata.namespace == 'kube-system'"` | | 37 | | config.target.aws.accountId | string | `"12345678"` | | 38 | | config.target.aws.region | string | `"ap-southeast-2"` | | 39 | | containerPort | int | `8443` | | 40 | | deployment.annotations | object | `{}` | | 41 | | deployment.priorityClassName | string | `""` | | 42 | | dev.enabled | bool | `false` | | 43 | | dev.webhookURL | string | `"https://xxx.ngrok.io"` | | 44 | | extraEnv | list | `[]` | Additional environment variables to be defined on the container Follows the same syntax as containers.env in a Pod v1 API | 45 | | extraManifests | list | `[]` | Additional manifests to be deployed Can be either a full object OR a string containing valid YAML | 46 | | extraManifestsTemplated | list | `[]` | Additional manifests to be deployed. These will be passed through the templating engine Useful if you need to use values from this chart in your manifests | 47 | | fullnameOverride | string | `""` | | 48 | | hostNetwork | bool | `false` | | 49 | | image.pullPolicy | string | `"IfNotPresent"` | | 50 | | image.repository | string | `"ghcr.io/estahn/k8s-image-swapper"` | | 51 | | image.tag | string | `""` | | 52 | | imagePullSecrets | list | `[]` | | 53 | | kubeVersionOverride | string | `""` | | 54 | | nameOverride | string | `""` | | 55 | | nodeSelector | object | `{}` | | 56 | | patch.enabled | bool | `true` | | 57 | | patch.image.pullPolicy | string | `"IfNotPresent"` | | 58 | | patch.image.repository | string | `"k8s.gcr.io/ingress-nginx/kube-webhook-certgen"` | | 59 | | patch.image.tag | string | `"v1.3.0"` | | 60 | | patch.nodeSelector | object | `{}` | | 61 | | patch.podAnnotations | object | `{}` | | 62 | | patch.priorityClassName | string | `""` | | 63 | | patch.resources | object | `{}` | | 64 | | pdb.enabled | bool | `false` | | 65 | | pdb.minAvailable | string | `"1"` | | 66 | | podAnnotations | object | `{}` | | 67 | | podSecurityContext | object | `{}` | | 68 | | podSecurityPolicy.enabled | bool | `false` | | 69 | | rbac.create | bool | `true` | | 70 | | replicaCount | int | `1` | | 71 | | resources | object | `{}` | | 72 | | secretReader.enabled | bool | `false` | | 73 | | secretReader.secretNames | list | `[]` | | 74 | | securityContext | object | `{}` | | 75 | | service.port | int | `443` | | 76 | | service.type | string | `"ClusterIP"` | | 77 | | serviceAccount.annotations | object | `{}` | | 78 | | serviceAccount.create | bool | `true` | | 79 | | serviceAccount.name | string | `""` | | 80 | | test.affinity | object | `{}` | Set affinity for the test pod | 81 | | test.enabled | bool | `true` | Should the test be included with the release | 82 | | test.image | string | `"busybox"` | The image to use for running the test | 83 | | test.nodeSelector | object | `{}` | Set a node selector for the test pod | 84 | | test.tolerations | list | `[]` | Set tolerations for the test pod | 85 | | tolerations | list | `[]` | | 86 | | webhook.failurePolicy | string | `"Ignore"` | | 87 | | webhook.namespaceSelector | object | `{}` | | 88 | | webhook.objectSelector | object | `{}` | | 89 | | webhook.reinvocationPolicy | string | `"Never"` | | 90 | | webhook.timeoutSeconds | int | `10` | | 91 | 92 | ---------------------------------------------- 93 | Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) 94 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | We as members, contributors, and leaders pledge to make participation in our 6 | community a harassment-free experience for everyone, regardless of age, body 7 | size, visible or invisible disability, ethnicity, sex characteristics, gender 8 | identity and expression, level of experience, education, socio-economic status, 9 | nationality, personal appearance, race, religion, or sexual identity 10 | and orientation. 11 | 12 | We pledge to act and interact in ways that contribute to an open, welcoming, 13 | diverse, inclusive, and healthy community. 14 | 15 | ## Our Standards 16 | 17 | Examples of behavior that contributes to a positive environment for our 18 | community include: 19 | 20 | * Demonstrating empathy and kindness toward other people 21 | * Being respectful of differing opinions, viewpoints, and experiences 22 | * Giving and gracefully accepting constructive feedback 23 | * Accepting responsibility and apologizing to those affected by our mistakes, 24 | and learning from the experience 25 | * Focusing on what is best not just for us as individuals, but for the 26 | overall community 27 | 28 | Examples of unacceptable behavior include: 29 | 30 | * The use of sexualized language or imagery, and sexual attention or 31 | advances of any kind 32 | * Trolling, insulting or derogatory comments, and personal or political attacks 33 | * Public or private harassment 34 | * Publishing others' private information, such as a physical or email 35 | address, without their explicit permission 36 | * Other conduct which could reasonably be considered inappropriate in a 37 | professional setting 38 | 39 | ## Enforcement Responsibilities 40 | 41 | Community leaders are responsible for clarifying and enforcing our standards of 42 | acceptable behavior and will take appropriate and fair corrective action in 43 | response to any behavior that they deem inappropriate, threatening, offensive, 44 | or harmful. 45 | 46 | Community leaders have the right and responsibility to remove, edit, or reject 47 | comments, commits, code, wiki edits, issues, and other contributions that are 48 | not aligned to this Code of Conduct, and will communicate reasons for moderation 49 | decisions when appropriate. 50 | 51 | ## Scope 52 | 53 | This Code of Conduct applies within all community spaces, and also applies when 54 | an individual is officially representing the community in public spaces. 55 | Examples of representing our community include using an official e-mail address, 56 | posting via an official social media account, or acting as an appointed 57 | representative at an online or offline event. 58 | 59 | ## Enforcement 60 | 61 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 62 | reported to the community leaders responsible for enforcement at 63 | [enrico.stahn@gmail.com](mailto:enrico.stahn@gmail.com). 64 | All complaints will be reviewed and investigated promptly and fairly. 65 | 66 | All community leaders are obligated to respect the privacy and security of the 67 | reporter of any incident. 68 | 69 | ## Enforcement Guidelines 70 | 71 | Community leaders will follow these Community Impact Guidelines in determining 72 | the consequences for any action they deem in violation of this Code of Conduct: 73 | 74 | ### 1. Correction 75 | 76 | **Community Impact**: Use of inappropriate language or other behavior deemed 77 | unprofessional or unwelcome in the community. 78 | 79 | **Consequence**: A private, written warning from community leaders, providing 80 | clarity around the nature of the violation and an explanation of why the 81 | behavior was inappropriate. A public apology may be requested. 82 | 83 | ### 2. Warning 84 | 85 | **Community Impact**: A violation through a single incident or series 86 | of actions. 87 | 88 | **Consequence**: A warning with consequences for continued behavior. No 89 | interaction with the people involved, including unsolicited interaction with 90 | those enforcing the Code of Conduct, for a specified period of time. This 91 | includes avoiding interactions in community spaces as well as external channels 92 | like social media. Violating these terms may lead to a temporary or 93 | permanent ban. 94 | 95 | ### 3. Temporary Ban 96 | 97 | **Community Impact**: A serious violation of community standards, including 98 | sustained inappropriate behavior. 99 | 100 | **Consequence**: A temporary ban from any sort of interaction or public 101 | communication with the community for a specified period of time. No public or 102 | private interaction with the people involved, including unsolicited interaction 103 | with those enforcing the Code of Conduct, is allowed during this period. 104 | Violating these terms may lead to a permanent ban. 105 | 106 | ### 4. Permanent Ban 107 | 108 | **Community Impact**: Demonstrating a pattern of violation of community 109 | standards, including sustained inappropriate behavior, harassment of an 110 | individual, or aggression toward or disparagement of classes of individuals. 111 | 112 | **Consequence**: A permanent ban from any sort of public interaction within 113 | the community. 114 | 115 | ## Attribution 116 | 117 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], 118 | version 2.0, available at 119 | [https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0]. 120 | 121 | Community Impact Guidelines were inspired by 122 | [Mozilla's code of conduct enforcement ladder][Mozilla CoC]. 123 | 124 | For answers to common questions about this code of conduct, see the FAQ at 125 | [https://www.contributor-covenant.org/faq][FAQ]. Translations are available 126 | at [https://www.contributor-covenant.org/translations][translations]. 127 | 128 | [homepage]: https://www.contributor-covenant.org 129 | [v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html 130 | [Mozilla CoC]: https://github.com/mozilla/diversity 131 | [FAQ]: https://www.contributor-covenant.org/faq 132 | [translations]: https://www.contributor-covenant.org/translations 133 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for k8s-image-swapper. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: ghcr.io/estahn/k8s-image-swapper 9 | pullPolicy: IfNotPresent 10 | # Overrides the image tag whose default is the chart appVersion. 11 | tag: "" 12 | 13 | containerPort: 8443 14 | 15 | kubeVersionOverride: "" 16 | 17 | imagePullSecrets: [] 18 | nameOverride: "" 19 | fullnameOverride: "" 20 | 21 | # -- Labels that will be added on all the resources (not in selectors) 22 | commonLabels: {} 23 | 24 | serviceAccount: 25 | # Specifies whether a service account should be created 26 | create: true 27 | # Annotations to add to the service account 28 | annotations: {} 29 | # The name of the service account to use. 30 | # If not set and create is true, a name is generated using the fullname template 31 | name: "" 32 | 33 | rbac: 34 | create: true 35 | 36 | deployment: 37 | # Annotations to add to the deployment 38 | annotations: {} 39 | priorityClassName: "" 40 | 41 | # If true, create & use Pod Security Policy resources 42 | # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ 43 | podSecurityPolicy: 44 | enabled: false 45 | 46 | podAnnotations: {} 47 | 48 | podSecurityContext: 49 | {} 50 | # fsGroup: 2000 51 | 52 | securityContext: 53 | {} 54 | # capabilities: 55 | # drop: 56 | # - ALL 57 | # readOnlyRootFilesystem: true 58 | # runAsNonRoot: true 59 | # runAsUser: 1000 60 | 61 | service: 62 | type: ClusterIP 63 | port: 443 64 | 65 | resources: 66 | {} 67 | # We usually recommend not to specify default resources and to leave this as a conscious 68 | # choice for the user. This also increases chances charts run on environments with little 69 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 70 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 71 | # limits: 72 | # cpu: 100m 73 | # memory: 128Mi 74 | # requests: 75 | # cpu: 100m 76 | # memory: 128Mi 77 | 78 | autoscaling: 79 | enabled: false 80 | minReplicas: 1 81 | maxReplicas: 100 82 | targetCPUUtilizationPercentage: 80 83 | # targetMemoryUtilizationPercentage: 80 84 | 85 | pdb: 86 | enabled: false 87 | minAvailable: "1" 88 | 89 | nodeSelector: {} 90 | 91 | tolerations: [] 92 | 93 | affinity: {} 94 | 95 | hostNetwork: false 96 | 97 | # Will generate the TLS certificate and patch the webhook 98 | patch: 99 | enabled: true 100 | image: 101 | repository: k8s.gcr.io/ingress-nginx/kube-webhook-certgen 102 | tag: v1.3.0 103 | pullPolicy: IfNotPresent 104 | priorityClassName: "" 105 | podAnnotations: {} 106 | nodeSelector: {} 107 | resources: {} 108 | 109 | # You can use cert-manager to handle TLS cert creation and putting it into webhook cfg 110 | certmanager: 111 | # -- Should cert-manager be used to issue the certificate use by the k8s-image-swapper endpoints 112 | enabled: false 113 | # -- If set, the name of the cert-manager issuer to use to issue the cert, otherwise a self-signed issuer will be created 114 | issuerName: "" 115 | 116 | webhook: 117 | failurePolicy: Ignore 118 | reinvocationPolicy: Never 119 | timeoutSeconds: 10 120 | namespaceSelector: {} 121 | objectSelector: {} 122 | 123 | # -- If set, the secret will be used as environment variables, see awsSecretKeys. 124 | awsSecretName: "" 125 | # -- Specify which keys to pull from the .awsSecretName secret for the associated environment variables. 126 | awsSecretKeys: 127 | # -- If using Hashicorp Vault Operator w/ AWS engine, use `access_key` 128 | accessKeyID: "aws_access_key_id" 129 | # -- If using Hashicorp Vault Operator w/ AWS engine, use `secret_key` 130 | secretAccessKey: "aws_secret_access_key" 131 | 132 | # Private registries are supported via imagePullSecrets on Pods and ServiceAccounts. 133 | # k8s-image-swapper requires to read the secret containing the docker authentication details 134 | # and therefore needs to be granted additional permissions. By default the ClusterRole provides 135 | # access to all secrets in the cluster. By providing secret names via `secretReader.secretNames` 136 | # the access can be reduced to specific secrets. 137 | secretReader: 138 | enabled: false 139 | secretNames: [] 140 | 141 | config: 142 | dryRun: true 143 | 144 | logLevel: debug 145 | logFormat: console 146 | 147 | source: 148 | # Filters provide control over what pods will be processed. 149 | # By default all pods will be processed. If a condition matches, the pod will NOT be processed. 150 | # For query language details see https://jmespath.org/ 151 | filters: 152 | - jmespath: "obj.metadata.namespace == 'kube-system'" 153 | 154 | target: 155 | aws: 156 | accountId: "12345678" 157 | region: ap-southeast-2 158 | 159 | dev: 160 | enabled: false 161 | webhookURL: https://xxx.ngrok.io 162 | 163 | # -- Additional environment variables to be defined on the container 164 | # Follows the same syntax as containers.env in a Pod v1 API 165 | extraEnv: [] 166 | 167 | # -- Additional manifests to be deployed 168 | # Can be either a full object OR a string containing valid YAML 169 | extraManifests: [] 170 | 171 | # -- Additional manifests to be deployed. These will be passed through the templating engine 172 | # Useful if you need to use values from this chart in your manifests 173 | extraManifestsTemplated: [] 174 | # - kind: ConfigMap 175 | # metadata: 176 | # name: "{{ .Release.Name }}-extra-config" 177 | # data: 178 | # key: value 179 | 180 | # -- The DNS suffix of cluster addresses 181 | clusterSuffix: cluster.local 182 | 183 | test: 184 | # -- Should the test be included with the release 185 | enabled: true 186 | # -- Set affinity for the test pod 187 | affinity: {} 188 | # -- The image to use for running the test 189 | image: busybox 190 | # -- Set a node selector for the test pod 191 | nodeSelector: {} 192 | # -- Set tolerations for the test pod 193 | tolerations: [] 194 | 195 | # -- The type of volume to be used for caching images 196 | cacheVolume: 197 | emptyDir: {} 198 | -------------------------------------------------------------------------------- /charts/k8s-image-swapper/values.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "type": "object", 3 | "$schema": "http://json-schema.org/schema#", 4 | "properties": { 5 | "affinity": { 6 | "type": "object" 7 | }, 8 | "autoscaling": { 9 | "type": "object", 10 | "properties": { 11 | "enabled": { 12 | "type": "boolean" 13 | }, 14 | "maxReplicas": { 15 | "type": "integer" 16 | }, 17 | "minReplicas": { 18 | "type": "integer" 19 | }, 20 | "targetCPUUtilizationPercentage": { 21 | "type": "integer" 22 | } 23 | } 24 | }, 25 | "awsSecretKeys": { 26 | "type": "object", 27 | "additionalProperties": false, 28 | "description": "Specify which keys to pull from the .awsSecretName secret for the associated environment variables.", 29 | "properties": { 30 | "accessKeyID": { 31 | "type": "string", 32 | "default": "aws_access_key_id" 33 | }, 34 | "secretAccessKey": { 35 | "type": "string", 36 | "default": "aws_secret_access_key" 37 | } 38 | } 39 | }, 40 | "awsSecretName": { 41 | "type": "string" 42 | }, 43 | "cacheVolume": { 44 | "type": "object" 45 | }, 46 | "certmanager": { 47 | "type": "object", 48 | "properties": { 49 | "enabled": { 50 | "type": "boolean" 51 | }, 52 | "issuerName": { 53 | "type": "string" 54 | } 55 | } 56 | }, 57 | "clusterSuffix": { 58 | "type": "string" 59 | }, 60 | "commonLabels": { 61 | "type": "object" 62 | }, 63 | "config": { 64 | "type": "object", 65 | "properties": { 66 | "dryRun": { 67 | "type": "boolean" 68 | }, 69 | "logFormat": { 70 | "type": "string" 71 | }, 72 | "logLevel": { 73 | "type": "string" 74 | }, 75 | "source": { 76 | "type": "object", 77 | "properties": { 78 | "filters": { 79 | "type": "array", 80 | "items": { 81 | "type": "object", 82 | "properties": { 83 | "jmespath": { 84 | "type": "string" 85 | } 86 | } 87 | } 88 | } 89 | } 90 | }, 91 | "target": { 92 | "type": "object", 93 | "properties": { 94 | "aws": { 95 | "type": "object", 96 | "properties": { 97 | "accountId": { 98 | "type": "string" 99 | }, 100 | "region": { 101 | "type": "string" 102 | } 103 | } 104 | } 105 | } 106 | } 107 | } 108 | }, 109 | "containerPort": { 110 | "type": "integer" 111 | }, 112 | "deployment": { 113 | "type": "object", 114 | "properties": { 115 | "annotations": { 116 | "type": "object" 117 | }, 118 | "priorityClassName": { 119 | "type": "string" 120 | } 121 | } 122 | }, 123 | "dev": { 124 | "type": "object", 125 | "properties": { 126 | "enabled": { 127 | "type": "boolean" 128 | }, 129 | "webhookURL": { 130 | "type": "string" 131 | } 132 | } 133 | }, 134 | "extraEnv": { 135 | "type": "array", 136 | "items": {} 137 | }, 138 | "extraManifests": { 139 | "type": "array", 140 | "items": { 141 | "anyOf": [ 142 | { 143 | "type": "object" 144 | }, 145 | { 146 | "type": "string" 147 | } 148 | ] 149 | } 150 | }, 151 | "extraManifestsTemplated": { 152 | "type": "array", 153 | "items": { 154 | "anyOf": [ 155 | { 156 | "type": "object" 157 | }, 158 | { 159 | "type": "string" 160 | } 161 | ] 162 | } 163 | }, 164 | "fullnameOverride": { 165 | "type": "string" 166 | }, 167 | "hostNetwork": { 168 | "type": "boolean" 169 | }, 170 | "image": { 171 | "type": "object", 172 | "properties": { 173 | "pullPolicy": { 174 | "type": "string" 175 | }, 176 | "repository": { 177 | "type": "string" 178 | }, 179 | "tag": { 180 | "type": "string" 181 | } 182 | } 183 | }, 184 | "imagePullSecrets": { 185 | "type": "array", 186 | "items": {} 187 | }, 188 | "nameOverride": { 189 | "type": "string" 190 | }, 191 | "nodeSelector": { 192 | "type": "object" 193 | }, 194 | "patch": { 195 | "type": "object", 196 | "properties": { 197 | "enabled": { 198 | "type": "boolean" 199 | }, 200 | "image": { 201 | "type": "object", 202 | "properties": { 203 | "pullPolicy": { 204 | "type": "string" 205 | }, 206 | "repository": { 207 | "type": "string" 208 | }, 209 | "tag": { 210 | "type": "string" 211 | } 212 | } 213 | }, 214 | "nodeSelector": { 215 | "type": "object" 216 | }, 217 | "podAnnotations": { 218 | "type": "object" 219 | }, 220 | "priorityClassName": { 221 | "type": "string" 222 | }, 223 | "resources": { 224 | "type": "object" 225 | } 226 | } 227 | }, 228 | "pdb": { 229 | "type": "object", 230 | "properties": { 231 | "enabled": { 232 | "type": "boolean" 233 | }, 234 | "minAvailable": { 235 | "type": "string" 236 | } 237 | } 238 | }, 239 | "podAnnotations": { 240 | "type": "object" 241 | }, 242 | "podSecurityContext": { 243 | "type": "object" 244 | }, 245 | "podSecurityPolicy": { 246 | "type": "object", 247 | "properties": { 248 | "enabled": { 249 | "type": "boolean" 250 | } 251 | } 252 | }, 253 | "rbac": { 254 | "type": "object", 255 | "properties": { 256 | "create": { 257 | "type": "boolean" 258 | } 259 | } 260 | }, 261 | "replicaCount": { 262 | "type": "integer" 263 | }, 264 | "resources": { 265 | "type": "object" 266 | }, 267 | "secretReader": { 268 | "type": "object", 269 | "additionalProperties": false, 270 | "properties": { 271 | "enabled": { 272 | "type": "boolean" 273 | }, 274 | "secretNames": { 275 | "type": "array", 276 | "items": { 277 | "type": "string" 278 | } 279 | } 280 | } 281 | }, 282 | "securityContext": { 283 | "type": "object" 284 | }, 285 | "service": { 286 | "type": "object", 287 | "properties": { 288 | "type": { 289 | "type": "string" 290 | }, 291 | "port": { 292 | "type": "integer" 293 | } 294 | } 295 | }, 296 | "serviceAccount": { 297 | "type": "object", 298 | "properties": { 299 | "annotations": { 300 | "type": "object" 301 | }, 302 | "create": { 303 | "type": "boolean" 304 | }, 305 | "name": { 306 | "type": "string" 307 | } 308 | } 309 | }, 310 | "test": { 311 | "type": "object", 312 | "properties": { 313 | "affinity": { 314 | "type": "object" 315 | }, 316 | "enabled": { 317 | "type": "boolean" 318 | }, 319 | "image": { 320 | "type": "string" 321 | }, 322 | "nodeSelector": { 323 | "type": "object" 324 | }, 325 | "tolerations": { 326 | "type": "array" 327 | } 328 | } 329 | }, 330 | "tolerations": { 331 | "type": "array", 332 | "items": {} 333 | }, 334 | "webhook": { 335 | "type": "object", 336 | "properties": { 337 | "failurePolicy": { 338 | "type": "string" 339 | }, 340 | "reinvocationPolicy": { 341 | "type": "string" 342 | }, 343 | "timeoutSeconds": { 344 | "type": "integer" 345 | } 346 | } 347 | } 348 | } 349 | } 350 | --------------------------------------------------------------------------------