├── .gitignore ├── .gitlab-ci.yml ├── .helmignore ├── CHANGELOG.md ├── Chart.yaml ├── LICENSE ├── README.md ├── docs ├── ADDITIONAL_FEATURES.md └── samples │ ├── certificates.yml │ ├── cronjobs.values.yml │ ├── issuers.yml │ ├── web-app.values.yml │ └── whoami │ ├── app-deployment.values.yml │ ├── app-statefulset.values.yml │ ├── app-with-certs.yml │ └── app-with-volumes.values.yml ├── templates ├── NOTES.txt ├── certificate.yml ├── configmap.yml ├── cronjob.yml ├── deployment.yml ├── extra.yml ├── helm-hooks.yml ├── helpers │ ├── _affinities.tpl │ ├── _app.tpl │ ├── _capabilities.tpl │ ├── _configmaps.tpl │ ├── _deprecations.tpl │ ├── _ingress.tpl │ ├── _pod.tpl │ ├── _secrets.tpl │ ├── _tplvalues.tpl │ ├── _volumes.tpl │ └── _workloads.tpl ├── hpa.yaml ├── ingress.yml ├── issuer.yml ├── istiodestinationrule.yml ├── istiogateway.yml ├── istiovirtualservice.yml ├── job.yml ├── pdb.yaml ├── pvc.yml ├── secret.yml ├── serviceaccount.yml ├── servicemonitor.yml ├── statefulset.yml ├── svc.yml ├── traefikingressroute.yml ├── traefikmiddleware.yml ├── traefikserverstransport.yml ├── traefikservice.yml └── traefiktls.yml └── values.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | tmp/ 3 | test*.yml 4 | private/ 5 | values-test.yaml 6 | -------------------------------------------------------------------------------- /.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | include: 2 | - project: 'apps/gitlab-ci-templates' 3 | ref: v1 4 | file: 'push-helm.gitlab-ci.yml' 5 | -------------------------------------------------------------------------------- /.helmignore: -------------------------------------------------------------------------------- 1 | README.md 2 | .idea/ 3 | .git* 4 | tmp 5 | *.tgz 6 | docs/ 7 | samples/ -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## 2.8.3 - December 26, 2024 4 | * feature: Made `progressDeadlineSeconds` configurable in deployments 5 | 6 | ## 2.8.2 - December 09, 2024 7 | * feature: Implemented support for SealedSecrets ([#77](https://github.com/nixys/nxs-universal-chart/issues/77)) 8 | * feature: Added cronjob suspend parameter 9 | * docs update 10 | 11 | ## 2.8.1 - August 30, 2024 12 | * feature: Added the ability to set k8s version, helm version, API versions of k8s-resources via values.yaml (global.helmVersion etc.) 13 | * feature: Added the ability to set tolerations at the level of all deployed workloads. It's important to note that tolerations at the level of a specific resource will override global tolerations 14 | * fix: Fixed syntax errors in _app.tpl that caused lines to stick together (helpers.app.selectorLabels, helpers.app.genericSelectorLabels) 15 | * fix: Fixed template for Istio DestinationRule: added conditions to check if subsets and exportTo are set in values.yaml 16 | 17 | ## 2.8.0 - August 06, 2024 18 | * feature: Implemented native support for Istio resources. ([#71]https://github.com/nixys/nxs-universal-chart/issues/71) 19 | * docs update 20 | 21 | ## 2.7.0 - June 06, 2024 22 | * feature: Implemented native support for Traefik resources. ([#68]https://github.com/nixys/nxs-universal-chart/issues/68) 23 | * feature: BinaryData configmaps ([#67](https://github.com/nixys/nxs-universal-chart/pull/67)) 24 | * fix: jobsGeneral.labels not specified in template ([#69](https://github.com/nixys/nxs-universal-chart/issues/69)) 25 | * TODO: Add readme to new resources 26 | 27 | ## 2.6.0 - March 15, 2024 28 | * feature: Better rendering for ConfigMap resources, added support for b64 encoded strings for easier setting of values via CLI. 29 | * feature: Support for certmanager custom resources ([#48](https://github.com/nixys/nxs-universal-chart/issues/48)) 30 | * feature: Support loadBalancerClass, allocateLoadBalancerNodePorts and externalTrafficPolicy for LoadBalancer type services ([#63](https://github.com/nixys/nxs-universal-chart/issues/63)) 31 | * fix: PVC name rendering ([#64](https://github.com/nixys/nxs-universal-chart/issues/64)) 32 | * TODO: Add readme to new resources 33 | 34 | ## 2.5.1 - January 10, 2024 35 | * feature: add priorityClassName as option for every workload 36 | * fix: statefulset typos 37 | 38 | ## 2.5.0 - November 17, 2023 39 | * feature: add affinity as general option for every resourse 40 | * fix: added missing options to readme 41 | * fix: attaching pvc to existing pv 42 | 43 | ## 2.4.1 - August 23, 2023 44 | * fix: render serviceaccount names 45 | * fix: merging env if both general and container envs are used ([#50](https://github.com/nixys/nxs-universal-chart/issues/50)) 46 | * fix: deploymentsGeneral.annotation applying to deployment ([#49](https://github.com/nixys/nxs-universal-chart/issues/49)) 47 | 48 | 49 | ## 2.4.0 - July 21, 2023 50 | * feature: add Service Account workload to create serviceaccount and coresponding roles/clusterroles with bindings 51 | * fix: default container and init-container names 52 | * docs update 53 | * feature: add emptyDir type in `volumes` 54 | 55 | ## 2.3.0 - Mar 07, 2023 56 | 57 | * feature: add typed volumes via generic and workloads generals parameter `volumes` 58 | * feature: add labels form workload `extraSelectorLabels` parameter to pod affinity preset 59 | * feature: add generic and workloads generals parameter `volumeMounts` 60 | * deprecation: generic and workloads generals parameter `extraVolumeMounts` is marked as deprecated 61 | * fix: increased affinity weight for "soft" rules 62 | 63 | ## 2.2.1 - Unreleased 64 | * feature: add `Certificate` and `Issuser/ClusterIssuer` rendering ([cert-manager](https://cert-manager.io/docs/reference/api-docs) resources) 65 | 66 | ## 2.2.0 - Feb 20, 2023 67 | 68 | * changed license to Apache2.0 69 | * feature: add StatefilSet workload 70 | * feature: add `startupProbe` to containers 71 | * feature: add generic parameter `usePredefinedAffinity` for enable/disable predefined affinity usage in workloads (`true` by default) 72 | * feature: add workloads parameter `usePredefinedAffinity` for enable/disable predefined affinity usage (not used by default) 73 | * feature: add `env`, `envsFromConfigmap`, `envsFromSecret`, `envFrom`, `envConfigmaps`, `envSecrets` parameters to workloads generals 74 | * deprecation: generic parameter `usePredefinedAffinity` will change default value to `false` in version 3.0 75 | * improvement: pod template moved to helper 76 | * docs update 77 | 78 | ## 2.1.4 - Aug 29, 2022 79 | 80 | * feature: add clusterIP parameter for service 81 | 82 | ## 2.1.3 - Aug 1, 2022 83 | 84 | * fix: rolled back parameter `servicemonitors` and marked as deprecated 85 | 86 | ## 2.1.2 - Aug 1, 2022 87 | 88 | * fix: parameter `servicemonitors` has been renamed to `serviceMonitors` 89 | 90 | ## 2.1.1 - Jul 18, 2022 91 | 92 | * fix: templating for ingress hostnames with empty values 93 | 94 | ## 2.1.0 - Jul 14, 2022 95 | 96 | * fix: quotes to string values in ConfigMap 97 | * fix: for random container name by lowercase 98 | * feature: add templating for ingress hostnames 99 | * feature: add generic parameter `extraImagePullSecrets` for workloads 100 | * feature: add workloads parameter `extraImagePullSecrets` 101 | * deprecation: workloads parameter `imagePullSecrets` is marked as deprecated 102 | * docs update 103 | 104 | ## 2.0.1 - Jun 9, 2022 105 | 106 | * added `defaultImagePullPolicy` 107 | * docs minor fix 108 | 109 | ## 2.0.0 - May 30, 2022 110 | 111 | * feature: add HPA support 112 | * feature: add PDB support 113 | * using `maps` instead of `list` for declare manifests 114 | * docs update 115 | * samples update 116 | 117 | ## 1.0.6 - May 6, 2022 118 | 119 | * fix nindent for `securityContext` 120 | 121 | ## 1.0.5 - May 5, 2022 122 | 123 | * feature: add template for workloads images 124 | * fix `securityContext` for pod and container levels 125 | * set default protocol TCP for service port 126 | * set default service port name 127 | * doc update 128 | 129 | ## 1.0.4 - April 15, 2022 130 | 131 | * fix Service nodePort 132 | 133 | ## 1.0.3 - April 12, 2022 134 | 135 | * fix helm hooks annotations custom annotations 136 | 137 | ## 1.0.2 - April 5, 2022 138 | 139 | * fix helm hooks annotations for PVC 140 | 141 | ## 1.0.1 - April 4, 2022 142 | 143 | * fix servicemonitor's selector rendering 144 | -------------------------------------------------------------------------------- /Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: Nixys universal Helm chart for deploy your apps to Kubernetes 3 | name: universal-chart 4 | version: 2.8.1 5 | maintainers: 6 | - name: Roman Andreev 7 | email: r.andreev@nixys.io 8 | - name: Anton Zhideev 9 | email: a.zhideev@nixys.io 10 | - name: Evgenii Tereshkov 11 | email: evg.krsk@gmail.com 12 | - name: Sergey Lavrinenko 13 | email: s@lavr.me 14 | - name: Viktor Sokhan 15 | email: v.sokhan@nixys.io 16 | - name: Ruslan Gainanov 17 | email: gromrx1@gmail.com 18 | - name: Artem Danielyan 19 | email: a.danielyan@nixys.io 20 | - name: Roman Emelyanov 21 | email: r.emelyanov@nixys.io -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | https://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | Copyright 2021 Nixys 179 | 180 | Licensed under the Apache License, Version 2.0 (the "License"); 181 | you may not use this file except in compliance with the License. 182 | You may obtain a copy of the License at 183 | 184 | https://www.apache.org/licenses/LICENSE-2.0 185 | 186 | Unless required by applicable law or agreed to in writing, software 187 | distributed under the License is distributed on an "AS IS" BASIS, 188 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 189 | See the License for the specific language governing permissions and 190 | limitations under the License. -------------------------------------------------------------------------------- /docs/ADDITIONAL_FEATURES.md: -------------------------------------------------------------------------------- 1 | ## Configuration and installation details 2 | 3 | ### Using private registries 4 | 5 | To use images from private registers, add your ".dockerauthconfig" to `imagePullSecrets` in the common block. This will 6 | create secrets that include auth from the register and will be used in all workloads. 7 | 8 | ```yaml 9 | imagePullSecrets: 10 | my-registry: | 11 | {"auths":{"registry.org":{"auth":"cnd1c2VyOnNlY3VyZVBANXM="}}} 12 | some-private-hub: b64:eyJhdXRocyI6eyJyZWdpc3RyeS5vcmciOnsiYXV0aCI6ImNuZDFjMlZ5T25ObFkzVnlaVkJBTlhNPSJ9fX0= 13 | ``` 14 | 15 | If a secrets with registry credentials already was added to namespace, you can use `generic.extraImagePullSecrets` to 16 | add pull secrets to all your workloads or `extraImagePullSecrets` directly in the workload like in Kubernetes manifest 17 | by specifying names of the corresponding secrets. 18 | 19 | ```yaml 20 | generic: 21 | extraImagePullSecrets: 22 | - name: my-registry-secret-name 23 | ``` 24 | 25 | ```yaml 26 | deployments: 27 | my-app: 28 | ... 29 | extraImagePullSecrets: 30 | - name: my-registry-secret-name 31 | ... 32 | ``` 33 | 34 | ### Secrets features 35 | 36 | Working with the secrets data you can use values with the next types: 37 | 38 | * string - usual string values will be encoded to base64 string 39 | * base64 encoded string with `b64:` prefix - value will be used as is without prefix 40 | * json - json will be encoded to base64 string 41 | 42 | #### Secret from string 43 | 44 | Values file: 45 | 46 | ```yaml 47 | secrets: 48 | secret-file: 49 | data: 50 | api.key: "JFczZwReBkJFczZwReBkJFczZwReBkJFczZwReBk" 51 | extra-envs: 52 | data: 53 | BAR: foo 54 | ``` 55 | 56 | `--set` analog: 57 | 58 | ```bash 59 | --set "secrets.secret-file.data.api\.key=$SOME_ENV_WITH_STRING" 60 | --set "secrets.extra-envs.data.BAR=foo" 61 | ``` 62 | 63 | #### Secret from base64 encoded string 64 | 65 | Values file: 66 | 67 | ```yaml 68 | secrets: 69 | secret-file: 70 | data: 71 | api.key: "b64:SkZjelp3UmVCa0pGY3pad1JlQmtKRmN6WndSZUJrSkZjelp3UmVCaw==" 72 | ``` 73 | 74 | `--set` analog: 75 | 76 | ```bash 77 | --set "secrets.secret-file.data.api\.key=b64:$(echo -n $SOME_ENV|base64 -w0)" 78 | ``` 79 | 80 | #### Secret from json 81 | 82 | Values file: 83 | 84 | ```yaml 85 | secrets: 86 | json-file: 87 | data: 88 | file.json: { 89 | "arg": "value" 90 | } 91 | ``` 92 | 93 | `--set` analog: 94 | 95 | ```bash 96 | --set "secrets.json-file.data.file\.json=$(printf %q $(cat file.json))" 97 | ``` 98 | 99 | or 100 | 101 | ```bash 102 | --set-file "secrets.json-file.data.file\.json=path/to/file.json" 103 | ``` 104 | 105 | #### SealedSecret 106 | 107 | Strings for SealedSecret are encrypted and not encoded to base64. To encrypt secret use `kubeseal` CLI: 108 | 109 | ```bash 110 | kubeseal --raw --scope=namespace-wide --namespace=yournamespace --from-file=yoursecret.txt 111 | ``` 112 | 113 | Values file: 114 | 115 | ```yaml 116 | sealedSecrets: 117 | secretname: 118 | encryptedData: 119 | FOO: "encrypted-secret-string" 120 | ``` 121 | 122 | `--set` analog: 123 | 124 | ```bash 125 | --set "sealedSecrets.secretname.encryptedData.FOO=$SOME_ENV_WITH_STRING" 126 | ``` 127 | 128 | ### Values Templating features 129 | 130 | You can use go-templates as part of your values. 131 | 132 | > **Note** 133 | > Use single quotes to escape strings containing templates to avoid manifest generation errors. 134 | 135 | #### Example 1 136 | 137 | Add a pod annotation wih the check sum of the application configuration. 138 | 139 | ```yaml 140 | deployments: 141 | api: 142 | podAnnotations: 143 | checksum/app-cfg: '{{ include "helpers.workload.checksum" (index $.Values.configMaps "app-config") }}' 144 | ``` 145 | 146 | #### Example 2 147 | 148 | Specify docker images via the `--set` flag for multiple deployments. 149 | 150 | ```yaml 151 | deployments: 152 | app1: 153 | containers: 154 | - name: app1 155 | image: '{{ $.Values.imageRepo1 }}/{{ $.Values.imageApp1 }}' 156 | imageTag: '{{ $.Values.imageTagApp1 }}' 157 | ... 158 | app2: 159 | containers: 160 | - name: app1 161 | image: '{{ $.Values.imageRepo2 }}/{{ $.Values.imageApp2 }}' 162 | imageTag: '{{ $.Values.imageTagApp2 }}' 163 | ``` 164 | 165 | Create release with `--set` flag 166 | 167 | ```bash 168 | helm install my-apps nixys/universal-chart -f values.yaml --set imageRepo1=reg.app.com,imageRepo2=reg.app.net,imageApp1=my-app1,imageTagApp1=v1,imageApp2=my-app2,imageTagApp2=v2 169 | ``` 170 | 171 | #### Example 3 172 | 173 | Add `defaultURL` parameter to values and use it in ingress template. 174 | 175 | ```yaml 176 | ingresses: 177 | my-app: 178 | ... 179 | hosts: 180 | - hostname: '{{ $.Values.defaultURL }}' 181 | paths: 182 | - serviceName: nginx 183 | servicePort: 8080 184 | ``` 185 | 186 | Create release with `--set` flag 187 | 188 | ```bash 189 | helm install my-app nixys/universal-chart -f values.yaml --set defaultURL=demo.my-app.com 190 | ``` 191 | 192 | #### Example 4 193 | 194 | Deploy of `NetworkPolicy` using `extraDeploy`. 195 | 196 | ```yaml 197 | extraDeploy: 198 | net-pol: |- 199 | apiVersion: networking.k8s.io/v1 200 | kind: NetworkPolicy 201 | metadata: 202 | name: {{ include "helpers.app.fullname" (dict "name" "nw-policy" "context" $) }} 203 | namespace: {{ .Release.Namespace | quote }} 204 | spec: 205 | podSelector: 206 | matchLabels: 207 | role: db 208 | policyTypes: 209 | - Ingress 210 | - Egress 211 | ingress: 212 | - from: 213 | - ipBlock: 214 | cidr: 172.17.0.0/16 215 | except: 216 | - 172.17.1.0/24 217 | - namespaceSelector: 218 | matchLabels: 219 | project: myproject 220 | - podSelector: 221 | matchLabels: 222 | role: frontend 223 | ports: 224 | - protocol: TCP 225 | port: 6379 226 | egress: 227 | - to: 228 | - ipBlock: 229 | cidr: 10.0.0.0/24 230 | ports: 231 | - protocol: TCP 232 | port: 5978 233 | ``` 234 | -------------------------------------------------------------------------------- /docs/samples/certificates.yml: -------------------------------------------------------------------------------- 1 | 2 | generic: 3 | # labels: 4 | # general-label1: general-label-value 5 | # annotations: 6 | # general-annotation1: general-annotation-value 7 | 8 | issuerType: ClusterIssuer 9 | 10 | certificates: 11 | sample-certificate: 12 | secretName: sample-certificate 13 | commonName: example.com 14 | issuerRef: 15 | originalName: selfsigned-issuer 16 | kind: ClusterIssuer 17 | group: cert-manager.io 18 | sample-certificate2: 19 | subject: 20 | organizations: 21 | - jetstack 22 | dnsNames: 23 | - example.com 24 | - www.example.com 25 | secretTemplate: 26 | annotations: 27 | www.example.com: example-annotation 28 | labels: 29 | www.example.com: example-label 30 | isCA: "true" 31 | issuerRef: 32 | originalName: selfsigned-issuer 33 | kind: "{{ .Values.issuerType }}" 34 | # group: cert-manager.io 35 | 36 | ###### 37 | ## run with: 38 | ## helm template w --values ./samples/configmap-only.yml ./charts/universal-chart/. --debug 39 | ## 40 | ## result should be: 41 | ###### -------------------------------------------------------------------------------- /docs/samples/cronjobs.values.yml: -------------------------------------------------------------------------------- 1 | cronJobsGeneral: 2 | enableAffinity: false 3 | env: 4 | - name: WORKLOAD_TYPE 5 | value: CronJob 6 | 7 | cronJobs: 8 | 9 | mailing: 10 | schedule: "00 05 * * *" 11 | containers: 12 | - command: send-mail 13 | volumeMounts: 14 | - mountPath: /app/issues-mailing.conf 15 | name: config 16 | subPath: issues-mailing.conf 17 | volumes: 18 | - name: config 19 | type: secret 20 | originalName: app-config 21 | restartPolicy: OnFailure 22 | 23 | flush-cache: 24 | schedule: "00 * * * *" 25 | containers: 26 | - command: flush-cache 27 | volumeMounts: 28 | - mountPath: /app/main.conf 29 | name: config 30 | subPath: main.conf 31 | volumes: 32 | - name: config 33 | type: secret 34 | originalName: app-config 35 | restartPolicy: OnFailure 36 | 37 | report: 38 | schedule: "00 2 7 * *" 39 | containers: 40 | - command: make-report 41 | volumeMounts: 42 | - mountPath: /app/main.conf 43 | name: config 44 | subPath: main.conf 45 | volumes: 46 | - name: config 47 | type: secret 48 | originalName: app-config 49 | restartPolicy: OnFailure -------------------------------------------------------------------------------- /docs/samples/issuers.yml: -------------------------------------------------------------------------------- 1 | 2 | generic: 3 | # labels: 4 | # general-label1: general-label-value 5 | # annotations: 6 | # general-annotation1: general-annotation-value 7 | 8 | issuerType: ClusterIssuer 9 | 10 | # certificates: 11 | # sample-certificate: 12 | # secretName: sample-certificate 13 | # commonName: example.com 14 | # isCA: "true" 15 | # issuerRef: 16 | # originalName: selfsigned-issuer 17 | # kind: "{{ .Values.issuerType }}" 18 | 19 | secrets: 20 | ca-key-pair: 21 | data: 22 | tls.crt: |- 23 | -----BEGIN CERTIFICATE----- 24 | MIIC+TCCAeGgAwIBAgIJAKPGwKDl/5HnMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNV 25 | BAMMCGpvc2h2YW5sMB4XDTE5MDgyMjE2MDU1OFoXDTI5MDgxOTE2MDU1OFowEzER 26 | MA8GA1UEAwwIam9zaHZhbmwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB 27 | AQCwhSB/qW6/kLb2zpu+EJvD9wHFaq+QA/0JH/Lllyo7zAFx+HHq+COAbk+C8B4t 28 | /HUEsns5RL09CZ+X4j6pbJFdKduPxXu5ZVYnkxYpUDU7yg7OSKSZzTnIZ723sMs0 29 | R6jYn/Drj4xXMJEfHUDqYeSWlZr3qi1EFa0c7fVDxH+4xtZtNNFOjH7c6D/vWkIg 30 | WQUxiwusse6KMOWjDnv/4Vrjel2QgUYUbHCyeZHmcti+K0LWCfo/Rg6PulwrbDkh 31 | jmOgYt30pdhX0OZkAuklfUDHfp8bjbCoI2taYABA6AKjKsO35LAEU79CL1mLVHuZ 32 | ACI5Ujija3VPWVHSwmJPJyuxAgMBAAGjUDBOMB0GA1UdDgQWBBQml5dTAZixFKhj 33 | 93wucRWhao/tQjAfBgNVHSMEGDAWgBQml5dTAZixFKhj93wucRWhao/tQjAMBgNV 34 | HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB+klkRNJUKBLX8yYkyuU2RHcBv 35 | GhmmDjJIsOJHZsoYXdLlG1pZNFjjPaOL8vh44Vl98RhEZBHsLT1KMbp1su6Cqj0r 36 | UG1kpRBef+IOMT4MU7vRICi7UOlRLp1Wp0F8la3hPOcRb2yOfFqXXyZWXf4t0B45 37 | tHi+ZCNHB9FxjSRycbGYVk+TKpvhJaSYNMGJ3dxDKaP7+Dx3XcK6sAnIAkhyI8aj 38 | NU+mw8/tmRkP4In/kXAR+Ri0qUmHj/vwvnk4Km7ZUy1FYH8DMeS5Nksn+/uHlRxR 39 | V7Dnn039TRmgKbAqN72gKNLo5cZ+y/YqDAYHYrn98SQT9JDgtI/K/ATpW8dX 40 | -----END CERTIFICATE----- 41 | tls.key: |- 42 | -----BEGIN RSA PRIVATE KEY----- 43 | MIIEowIBAAKCAQEAsIUgf6luv5C29s6bvhCbw/cBxWqvkAP9CR/y5ZcqO8wBcfhx 44 | 6vgjgG5PgvAeLfx1BLJ7OUS9PQmfl+I+qWyRXSnbj8V7uWVWJ5MWKVA1O8oOzkik 45 | mc05yGe9t7DLNEeo2J/w64+MVzCRHx1A6mHklpWa96otRBWtHO31Q8R/uMbWbTTR 46 | Tox+3Og/71pCIFkFMYsLrLHuijDlow57/+Fa43pdkIFGFGxwsnmR5nLYvitC1gn6 47 | P0YOj7pcK2w5IY5joGLd9KXYV9DmZALpJX1Ax36fG42wqCNrWmAAQOgCoyrDt+Sw 48 | BFO/Qi9Zi1R7mQAiOVI4o2t1T1lR0sJiTycrsQIDAQABAoIBACENHDOrFth5kTiP 49 | IOwqke/UXRmIy0yM4qEFwWYpsre1kAO2ACZ9xa/zd6HNsejsX0C85oOnkkNOfPpk 50 | W1U/xcwK3ViDIpJpHgOU785WfVEvmSwYv/EoUwxqGES/rpygWkYNVH/WxfFBX7rS 51 | sGfyYmmro3OCAq2/3UUQbR7+OOfwy3HwTu0QunEJpEme6Ewsub0g8SLjvpJcHvSm 52 | OBSJIrr/TcpTHN5OsXuVnENUjWpARdPOSkDVGmkBny2iVTDIROsFneuEFu6+W9jj 53 | heoXM7g3nA46iKzu3GF0EhK8Y3Z4fxN64DdmcAZzaiMo0RUjKVLUjmYPHE1YfU+p 54 | 2CXowMECgYEA182iNvPI0UYViHynXJrSswV+q9SE+oV/tSfRQCFSllWGw+62nTbW 55 | o5zh/TCAoUMSRmAOgLJYMKeFuIgoLJ17ZoZ3tSW3NUm2diOIOHz+q41C3904kS39 56 | 9+bAmVkZHP9VKK8C+i/mzNfJGGdBZtb0ykS3kw9B1LwgOz708EyqRCkCgYEA0WZP 57 | o1v18gWkL+agP1o8Mwx4OfZS7wJcq4gLgQhca/iJKmcLtDSxqBGrBxQZ4Y22k9su 58 | sLUk4BhliU3obQBMiGm0kHLuAHAQ6boufA1Bpf3vTWGJHRF4LxRl776jL8Qr8Vzq 59 | ZTEPmcDtOHib7pob5gb3H8bThXyHftfqEnyjXEkCgYEAvOCt6YrVaNT+Y8c2dEbN 60 | wwI8LAiFmv7dF6ER9B82OX4BxdtY2aD1m53j7cZVzs71X8MS7nEp3uvAjhIdl27+ 61 | Ym2uuE2aXHl3yU6wG0DLZTruHSFyMR8f+altSMpCwK55ynHjGTZzuzXiPAmjpG7f 62 | MWmTgpMH+znsu+4OU4PGQoECgYAcjuGJm/8c9NwBlGiCe2H+bFLxRMDmy+GrmzBG 63 | dsd0Cj9awxb7irw3+cDjhEBLXLJr09a4Ttwqm+ktIqzyQLovWItBsAr5kE8eMUAp 64 | tv0fEFTUrtquVjWX5iZI3i0PVKfRkSR+jIReKcuwifJqRiZL5uNJOCqc5/DqwbOw 65 | tcLp0QKBgEptL5IMtJNDBpWnYf7AyAPasDVDOZLHMPdi/go6+cJgiRkLakwyJcWr 66 | SnPHmSlQ4hIn4c+5melpCXWIjIKD+cq9qOlfBdmikXodUCjjYBc6uFCT+5dd1c8G 67 | bRBP9CmZOF/HNpst0H1zxMwW+Py9CegGxagFBzLsUo87LVGhtTQY 68 | -----END RSA PRIVATE KEY----- 69 | 70 | issuers: 71 | ca-issuer: 72 | # kind: Issuer 73 | ca: 74 | secretName: ca-key-pair 75 | # originalSecretName: selfsigned-issuer 76 | selfsigned-issuer: 77 | kind: "{{ .Values.issuerType }}" 78 | selfSigned: {} 79 | letsencrypt-staging: 80 | kind: "{{ .Values.issuerType }}" 81 | acme: 82 | # The ACME server URL 83 | server: https://acme-staging-v02.api.letsencrypt.org/directory 84 | # Email address used for ACME registration 85 | email: user@example.com 86 | # Name of a secret used to store the ACME account private key 87 | privateKeySecretRef: 88 | name: letsencrypt-staging 89 | # Enable the HTTP-01 challenge provider 90 | solvers: 91 | - http01: 92 | ingress: 93 | class: nginx 94 | ###### 95 | ## run with: 96 | ## helm template w --values ./samples/configmap-only.yml ./charts/universal-chart/. --debug 97 | ## 98 | ## result should be: 99 | ###### -------------------------------------------------------------------------------- /docs/samples/web-app.values.yml: -------------------------------------------------------------------------------- 1 | releasePrefix: "-" 2 | 3 | # --set "envs.BAR=foo,envs.TEST=true" 4 | envs: 5 | BAR: foo 6 | TEST: "true" 7 | 8 | # --set "envsString=$ENVS_STRING" 9 | envsString: | 10 | BAR2: foo2 11 | TEST2: "false" 12 | 13 | # --set "secretEnvs.FOO=bar" 14 | secretEnvs: 15 | FOO: bar 16 | 17 | # --set "secretEnvsString=$SECRET_ENVS_STRING" 18 | secretEnvsString: | 19 | FOO2: BAR2 20 | PASS: someP@s5 21 | 22 | imagePullSecrets: 23 | registry.org: | 24 | {"auths":{"registry.org":{"auth":"cnd1c2VyOnNlY3VyZVBANXM="}}} 25 | registry.org-rw: b64:eyJhdXRocyI6eyJyZWdpc3RyeS5vcmciOnsiYXV0aCI6ImNuZDFjMlZ5T25ObFkzVnlaVkJBTlhNPSJ9fX0= 26 | 27 | # --set "generic.extraImagePullSecrets[0].name=$EXISTING_IMAGE_PULL_SECRET_NAME_ADD" 28 | generic: 29 | extraImagePullSecrets: 30 | - name: existing-registry-secret 31 | 32 | defaultImage: registry.org/my-app 33 | defaultImageTag: latest 34 | 35 | ingresses: 36 | web.app.ru: 37 | annotations: 38 | nginx.ingress.kubernetes.io/ssl-redirect: "true" 39 | nginx.ingress.kubernetes.io/proxy-body-size: "128m" 40 | certManager: 41 | issuerType: cluster-issuer 42 | issuerName: letsencrypt 43 | hosts: 44 | - paths: 45 | - serviceName: nginx 46 | servicePort: 8080 47 | 48 | services: 49 | nginx: 50 | type: "NodePort" 51 | ports: 52 | - name: api 53 | protocol: TCP 54 | port: 8080 55 | nodePort: 30036 56 | extraSelectorLabels: 57 | app: my-app 58 | 59 | 60 | deploymentsGeneral: 61 | extraVolumes: 62 | - name: extra-app-vol2 63 | persistentVolumeClaim: 64 | claimName: extra-app-pvc2 65 | volumeMounts: 66 | - name: extra-app-vol2 67 | mountPath: /var/app/data 68 | 69 | deployments: 70 | api: 71 | labels: {} 72 | podLabels: {} 73 | podAnnotations: 74 | checksum/api-key: '{{ include "helpers.workload.checksum" (index $.Values.secrets "secret-files") }}' 75 | replicas: 2 76 | extraSelectorLabels: 77 | app: my-app 78 | serviceAccountName: deployer 79 | affinity: 80 | nodeAffinity: 81 | requiredDuringSchedulingIgnoredDuringExecution: 82 | nodeSelectorTerms: 83 | - matchExpressions: 84 | - key: node-role 85 | operator: In 86 | values: 87 | - prod 88 | containers: 89 | - env: 90 | - name: MY_ENV 91 | value: "1234" 92 | envSecrets: 93 | - secret-envs 94 | envConfigmaps: 95 | - envs 96 | volumeMounts: 97 | - name: secret-files 98 | mountPath: /var/lib/secret 99 | - name: app-pvc 100 | mountPath: /var/www/html/files 101 | - name: main-nginx-config 102 | mountPath: /etc/nginx/nginx.conf 103 | subPath: nginx.conf 104 | volumes: 105 | - name: secret-files 106 | type: secret 107 | - name: app-pvc 108 | type: pvc 109 | - type: configMap 110 | name: main-nginx-config 111 | defaultMode: 420 112 | items: 113 | - key: nginx.conf 114 | path: nginx.conf 115 | 116 | configMaps: 117 | main-nginx-config: 118 | data: 119 | nginx.conf: | 120 | worker_processes 1; 121 | load_module modules/ngx_http_js_module.so; 122 | 123 | events { 124 | worker_connections 1024; 125 | } 126 | bindata: 127 | binaryData: 128 | file: UEsDBBQAAAAIAFhZsFjEyxqSEAAAABcAAAAEABwAdGVzdFVUCQADSIdFZkiHRWZ1eAsAAQToAwAABOgDAAAzNDIxMjQxNAIjExAGMbgAUEsBAh4DFAAAAAgAWFmwWMTLGpIQAAAAFwAAAAQAGAAAAAAAAQAAALSBAAAAAHRlc3RVVAUAA0iHRWZ1eAsAAQToAwAABOgDAABQSwUGAAAAAAEAAQBKAAAATgAAAAAA 129 | 130 | 131 | secrets: 132 | # --set "secrets.secret-files.data.api\.key=$SOME_ENV" 133 | secret-files: 134 | data: 135 | api.key: |- 136 | JFczZwReBkJFczZwReBkJFczZwReBkJFczZwReBk 137 | 138 | # All PVSs will be added to `volumes` block in each workload excluding hooks 139 | pvcs: 140 | app-data: 141 | accessModes: 142 | - ReadWriteOnce 143 | - ReadWriteMany 144 | size: 1Gi 145 | 146 | 147 | serviceAccount: 148 | deployer: {} 149 | 150 | #servicemonitors: 151 | #- endpoints: 152 | # - interval: 30s 153 | # port: exporter 154 | # path: /metrics 155 | # extraSelectorLabels: 156 | # app: my-app 157 | # labels: 158 | # foo: foo 159 | 160 | hooks: 161 | migration-up: 162 | containers: 163 | - image: registry.app.ru/app-migration 164 | nodeSelector: 165 | kind: infrastructure-apps 166 | args: 167 | - migrate 168 | - up 169 | envFrom: 170 | - secretRef: 171 | name: server-env -------------------------------------------------------------------------------- /docs/samples/whoami/app-deployment.values.yml: -------------------------------------------------------------------------------- 1 | services: 2 | app-web: 3 | type: ClusterIP 4 | ports: 5 | - name: web 6 | protocol: TCP 7 | port: 80 8 | targetPort: 8080 9 | 10 | deployments: 11 | app: 12 | securityContext: 13 | runAsUser: 1000 14 | runAsGroup: 3000 15 | fsGroup: 2000 16 | containers: 17 | - name: app 18 | image: containous/whoami 19 | imageTag: v1.5.0 20 | resources: 21 | limits: 22 | cpu: 10m 23 | memory: 128Mi 24 | requests: 25 | cpu: 1m 26 | memory: 64Mi 27 | args: 28 | - --port 29 | - "8080" 30 | ports: 31 | - name: web 32 | containerPort: 8080 33 | securityContext: 34 | allowPrivilegeEscalation: false 35 | readOnlyRootFilesystem: true 36 | -------------------------------------------------------------------------------- /docs/samples/whoami/app-statefulset.values.yml: -------------------------------------------------------------------------------- 1 | statefulSetsGeneral: 2 | usePredefinedAffinity: false 3 | 4 | services: 5 | app-web: 6 | type: ClusterIP 7 | ports: 8 | - name: web 9 | protocol: TCP 10 | port: 80 11 | targetPort: 8080 12 | 13 | statefulSets: 14 | app: 15 | serviceName: app-web 16 | securityContext: 17 | runAsUser: 1000 18 | runAsGroup: 3000 19 | fsGroup: 2000 20 | containers: 21 | - name: app 22 | image: containous/whoami 23 | imageTag: v1.5.0 24 | resources: 25 | limits: 26 | cpu: 10m 27 | memory: 128Mi 28 | requests: 29 | cpu: 1m 30 | memory: 64Mi 31 | args: 32 | - --port 33 | - "8080" 34 | ports: 35 | - name: web 36 | containerPort: 8080 37 | securityContext: 38 | allowPrivilegeEscalation: false 39 | readOnlyRootFilesystem: true 40 | 41 | -------------------------------------------------------------------------------- /docs/samples/whoami/app-with-certs.yml: -------------------------------------------------------------------------------- 1 | deploymentsGeneral: 2 | enableAffinity: false # default is true 3 | 4 | # nameOverride: whoami 5 | 6 | deployments: 7 | whoami: 8 | securityContext: 9 | runAsUser: 1000 10 | runAsGroup: 3000 11 | fsGroup: 2000 12 | containers: 13 | - name: whoami 14 | image: containous/whoami 15 | imageTag: v1.5.0 16 | resources: 17 | limits: 18 | cpu: 10m 19 | memory: 128Mi 20 | requests: 21 | cpu: 1m 22 | memory: 64Mi 23 | args: 24 | - --port 25 | - "8080" 26 | ports: 27 | - name: web 28 | containerPort: 8080 29 | securityContext: 30 | allowPrivilegeEscalation: false 31 | readOnlyRootFilesystem: true 32 | 33 | services: 34 | whoami-web: 35 | type: ClusterIP 36 | ports: 37 | - name: web 38 | protocol: TCP 39 | port: 80 40 | targetPort: 8080 41 | 42 | ingresses: 43 | whoami.example.com: 44 | hosts: 45 | - paths: 46 | - serviceName: whoami-web 47 | servicePort: web 48 | certManager: 49 | issuerType: issuer 50 | issuerName: selfsigned-ca-issuer 51 | # originalIssuerName: letsencrypt 52 | 53 | issuerType: ClusterIssuer 54 | 55 | issuers: 56 | selfsigned-issuer: 57 | kind: "{{ .Values.issuerType }}" 58 | selfSigned: {} 59 | selfsigned-ca-issuer: 60 | ca: 61 | secretName: selfsigned-ca 62 | 63 | certificates: 64 | selfsigned-ca: 65 | isCA: true 66 | commonName: selfsigned-ca 67 | privateKey: 68 | algorithm: ECDSA 69 | size: 256 70 | issuerRef: 71 | name: selfsigned-issuer 72 | kind: "{{ .Values.issuerType }}" 73 | 74 | # helm install f ./charts/universal-chart --values ./samples/whoami-with-certs.yml 75 | # -------------------------------------------------------------------------------- /docs/samples/whoami/app-with-volumes.values.yml: -------------------------------------------------------------------------------- 1 | deploymentsGeneral: 2 | enableAffinity: false # default is true 3 | 4 | nameOverride: app 5 | 6 | 7 | services: 8 | app-web: 9 | type: ClusterIP 10 | ports: 11 | - name: web 12 | protocol: TCP 13 | port: 80 14 | targetPort: 8080 15 | 16 | 17 | deployments: 18 | app: 19 | securityContext: 20 | runAsUser: 1000 21 | runAsGroup: 3000 22 | fsGroup: 2000 23 | containers: 24 | - name: app 25 | image: containous/whoami 26 | imageTag: v1.5.0 27 | resources: 28 | limits: 29 | cpu: 10m 30 | memory: 128Mi 31 | requests: 32 | cpu: 1m 33 | memory: 64Mi 34 | args: 35 | - --port 36 | - "8080" 37 | ports: 38 | - name: web 39 | containerPort: 8080 40 | securityContext: 41 | allowPrivilegeEscalation: false 42 | readOnlyRootFilesystem: true 43 | volumeMounts: 44 | - name: uuid 45 | mountPath: /uuid 46 | volumes: 47 | - name: uuid 48 | type: emptyDir 49 | # sizeLimit: 1Mi 50 | # medium: Memory 51 | -------------------------------------------------------------------------------- /templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- include "helpers.deprecation.chartname" $ }} 2 | {{- include "helpers.deprecation.notice" $ }} 3 | {{- include "helpers.deprecation.workload.imagePullSecrets" $ }} 4 | {{- include "helpers.deprecation.serviceMonitors" $ }} -------------------------------------------------------------------------------- /templates/certificate.yml: -------------------------------------------------------------------------------- 1 | {{- if $.Capabilities.APIVersions.Has "cert-manager.io/v1" }} 2 | {{- range $name, $cert := .Values.certificates }} 3 | {{- if not (.disabled | default false) }} 4 | 5 | --- 6 | kind: Certificate 7 | apiVersion: cert-manager.io/v1 8 | metadata: 9 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 10 | labels: 11 | {{- include "helpers.app.labels" $ | nindent 4 }} 12 | spec: 13 | {{- with .subject }} 14 | subject: 15 | {{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} 16 | {{- end }} 17 | {{- with .literalSubject }} 18 | literalSubject: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 19 | {{- end }} 20 | {{- with .commonName }} 21 | commonName: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 22 | {{- end }} 23 | {{- with .duration }} 24 | duration: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 25 | {{- end }} 26 | {{- with .renewBefore }} 27 | renewBefore: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 28 | {{- end }} 29 | {{- if .dnsNames }} 30 | dnsNames: 31 | {{- range .dnsNames }} 32 | - {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 33 | {{- end }} 34 | {{- end }} 35 | {{- if .ipAddresses }} 36 | ipAddresses: 37 | {{- range .ipAddresses }} 38 | - {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 39 | {{- end }} 40 | {{- end }} 41 | {{- if .uris }} 42 | uris: 43 | {{- range .uris }} 44 | - {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 45 | {{- end }} 46 | {{- end }} 47 | {{- if .emailAddresses }} 48 | emailAddresses: 49 | {{- range .emailAddresses }} 50 | - {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 51 | {{- end }} 52 | {{- end }} 53 | {{- with .secretName }} 54 | secretName: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 55 | {{- else }} 56 | secretName: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 57 | {{- end }} 58 | secretTemplate: 59 | {{- if or (.secretTemplate).annotations ($.Values.generic).annotations }} 60 | annotations: 61 | {{- $_ := include "helpers.tplvalues.render" (dict "value" (default dict (.secretTemplate).annotations) "context" $) }} 62 | {{- include "helpers.app.annotations" (dict "value" $_ "context" $) | nindent 6 -}} 63 | {{- end }} 64 | labels: 65 | {{- include "helpers.app.labels" $ | nindent 6 }} 66 | {{- with (.secretTemplate).labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 6 }}{{- end }} 67 | {{- with .keystores }} 68 | keystores: 69 | {{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} 70 | {{- end }} 71 | {{- with .issuerRef }} 72 | issuerRef: 73 | {{- with .originalName }} 74 | name: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 75 | {{- else }} 76 | name: {{ include "helpers.app.fullname" (dict "name" .name "context" $) }} 77 | {{- end }} 78 | {{- with .kind }} 79 | kind: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 80 | {{- end }} 81 | {{- with .group }} 82 | group: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 83 | {{- end }} 84 | {{- end }} 85 | {{- with .isCA }} 86 | isCA: {{ . }} 87 | {{- end }} 88 | {{- if .usages }} 89 | usages: 90 | {{- range .usages }} 91 | - {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 92 | {{- end }} 93 | {{- end }} 94 | {{- with .privateKey }} 95 | privateKey: 96 | {{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} 97 | {{- end }} 98 | {{- with .encodeUsagesInRequest }} 99 | encodeUsagesInRequest: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 100 | {{- end }} 101 | {{- with .revisionHistoryLimit }} 102 | revisionHistoryLimit: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 103 | {{- end }} 104 | {{- with .additionalOutputFormats }} 105 | additionalOutputFormats: 106 | {{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} 107 | {{- end }} 108 | {{- end }} 109 | {{- end }} 110 | {{- end }} 111 | -------------------------------------------------------------------------------- /templates/configmap.yml: -------------------------------------------------------------------------------- 1 | {{- if or (not (empty .Values.envs)) (not (empty .Values.envsString)) }} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ include "helpers.app.fullname" (dict "name" "envs" "context" $) }} 7 | namespace: {{ .Release.Namespace | quote }} 8 | labels: {{- include "helpers.app.labels" $ | nindent 4 }} 9 | annotations: {{- include "helpers.app.defaultHookAnnotations" $ | nindent 4 }} 10 | data: 11 | {{- include "helpers.configmaps.renderConfigMap" (dict "value" .Values.envs) | indent 2 }} 12 | {{- include "helpers.configmaps.renderConfigMap" (dict "value" .Values.envsString) | indent 2 }} 13 | {{- end }} 14 | 15 | {{- range $cName, $val := .Values.configMaps -}} 16 | {{- if not (eq $cName "envs") }} 17 | --- 18 | apiVersion: v1 19 | kind: ConfigMap 20 | metadata: 21 | name: {{ include "helpers.app.fullname" (dict "name" $cName "context" $) }} 22 | namespace: {{ $.Release.Namespace | quote }} 23 | labels: 24 | {{- include "helpers.app.labels" $ | nindent 4 }} 25 | {{- with $val.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{ end }} 26 | annotations: 27 | {{- if $val.annotations }} 28 | {{- $_ := include "helpers.tplvalues.render" (dict "value" $val.annotations "context" $) }} 29 | {{- include "helpers.app.annotations" (dict "value" $_ "context" $) | nindent 4 -}} 30 | {{- else }} 31 | {{- include "helpers.app.defaultHookAnnotations" $ | nindent 4 }} 32 | {{- end }} 33 | {{- if and $val.data $val.binaryData }}{{- fail "Cannot set both data and binaryData in single ConfigMap" }} {{- end }} 34 | {{- if $val.data }} 35 | data: 36 | {{- include "helpers.configmaps.renderConfigMap" ( dict "value" $val.data "context" $ ) | nindent 2 }} 37 | {{- else if $val.binaryData }} 38 | binaryData: 39 | {{- include "helpers.configmaps.renderConfigMap" ( dict "value" $val.binaryData "context" $ ) | nindent 2 }} 40 | {{- end -}} 41 | {{- end -}} 42 | {{- end -}} 43 | -------------------------------------------------------------------------------- /templates/cronjob.yml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cronJobs -}} 2 | {{- $general := $.Values.cronJobsGeneral -}} 3 | {{- $cronJobs := list -}} 4 | {{- if kindIs "string" .Values.cronJobs -}} 5 | {{- $cronJobs = fromYaml .Values.cronJobs -}} 6 | {{- else if kindIs "map" .Values.cronJobs -}} 7 | {{- $cronJobs = .Values.cronJobs -}} 8 | {{- end -}} 9 | {{- range $name, $job := $cronJobs }} 10 | {{- $cjName := include "helpers.app.fullname" (dict "name" $name "context" $) }} 11 | --- 12 | apiVersion: {{ include "helpers.capabilities.cronJob.apiVersion" $ }} 13 | kind: CronJob 14 | metadata: 15 | name: {{ $cjName }} 16 | namespace: {{ $.Release.Namespace | quote }} 17 | labels: 18 | {{- include "helpers.app.labels" $ | nindent 4 }} 19 | {{- with $general.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 20 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 21 | annotations: 22 | {{- include "helpers.app.genericAnnotations" $ | indent 4 }} 23 | {{- with $general.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 24 | {{- with .annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 25 | spec: 26 | suspend: {{ default false .suspend }} 27 | schedule: {{ include "helpers.tplvalues.render" (dict "value" .schedule "context" $) | quote }} 28 | {{- if .singleOnly }} 29 | concurrencyPolicy: Forbid 30 | {{- end }} 31 | {{- if .startingDeadlineSeconds }} 32 | startingDeadlineSeconds: {{ .startingDeadlineSeconds }} 33 | {{- else if $general.startingDeadlineSeconds }} 34 | startingDeadlineSeconds: {{ $general.startingDeadlineSeconds }} 35 | {{- end }} 36 | {{- if .successfulJobsHistoryLimit }} 37 | successfulJobsHistoryLimit: {{ .successfulJobsHistoryLimit }} 38 | {{- else if $general.successfulJobsHistoryLimit }} 39 | successfulJobsHistoryLimit: {{ $general.successfulJobsHistoryLimit }} 40 | {{- end }} 41 | {{- if .failedJobsHistoryLimit }} 42 | failedJobsHistoryLimit: {{ .failedJobsHistoryLimit }} 43 | {{- else if $general.failedJobsHistoryLimit }} 44 | failedJobsHistoryLimit: {{ $general.failedJobsHistoryLimit }} 45 | {{- end }} 46 | jobTemplate: 47 | spec: 48 | {{- if .parallelism }} 49 | parallelism: {{ .parallelism }} 50 | {{- else if $general.parallelism }} 51 | parallelism: {{ $general.parallelism }} 52 | {{- end }} 53 | {{- if .completions }} 54 | completions: {{ .completions }} 55 | {{- else if $general.completions }} 56 | completions: {{ $general.completions }} 57 | {{- end }} 58 | {{- if .activeDeadlineSeconds }} 59 | activeDeadlineSeconds: {{ .activeDeadlineSeconds }} 60 | {{- else if $general.activeDeadlineSeconds }} 61 | activeDeadlineSeconds: {{ $general.activeDeadlineSeconds }} 62 | {{- end }} 63 | {{- if .backoffLimit }} 64 | backoffLimit: {{ .backoffLimit }} 65 | {{- else if $general.backoffLimit }} 66 | backoffLimit: {{ $general.backoffLimit }} 67 | {{- end }} 68 | {{- if .ttlSecondsAfterFinished }} 69 | ttlSecondsAfterFinished: {{ .ttlSecondsAfterFinished }} 70 | {{- else if $general.ttlSecondsAfterFinished }} 71 | ttlSecondsAfterFinished: {{ $general.ttlSecondsAfterFinished }} 72 | {{- end }} 73 | template: 74 | metadata: 75 | labels: 76 | {{- with $.Values.generic.podLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 12 }}{{- end }} 77 | {{- with .podLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 12 }}{{- end }} 78 | annotations: 79 | {{- with $.Values.generic.podAnnotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 12 }}{{- end }} 80 | {{- with .podAnnotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 12 }}{{- end }} 81 | spec: 82 | {{- include "helpers.pod" (dict "value" . "general" $general "name" $name "context" $) | indent 10 }} 83 | restartPolicy: {{ .restartPolicy | default "Never" }} 84 | {{- if .commandDurationAlert }} 85 | --- 86 | apiVersion: monitoring.coreos.com/v1 87 | kind: PrometheusRule 88 | metadata: 89 | name: cronjob-{{ $cjName }} 90 | labels: 91 | prometheus: k8s 92 | role: alert-rules 93 | namespace: nxs-monitoring 94 | spec: 95 | groups: 96 | - name: "cronJobs_rules" 97 | interval: 1m # period check for alerts 98 | rules: 99 | - alert: "cronjob-{{ $cjName }}-too-long-execution" 100 | expr: '((time() - kube_job_status_start_time{namespace="{{ $.Release.Namespace }}", job_name=~"{{ $cjName }}-.*"}) and kube_job_status_active{namespace="{{ $.Release.Namespace }}", job_name=~"{{ $cjName }}-.*"} == 1) > {{ .commandDurationAlert }}' 101 | for: 3m 102 | labels: 103 | severity: warning 104 | annotations: 105 | message: "CronJob {{ $.Release.Namespace }}/{{ $cjName }} is taking more than {{ .commandDurationAlert }} to complete" 106 | {{- end }} 107 | {{- end }} 108 | {{- end }} 109 | -------------------------------------------------------------------------------- /templates/deployment.yml: -------------------------------------------------------------------------------- 1 | {{- $general := $.Values.deploymentsGeneral -}} 2 | {{- range $name, $d := .Values.deployments }} 3 | {{- if not (.disabled | default false) }} 4 | --- 5 | apiVersion: {{ include "helpers.capabilities.deployment.apiVersion" $ }} 6 | kind: Deployment 7 | metadata: 8 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 9 | namespace: {{ $.Release.Namespace }} 10 | labels: 11 | {{- include "helpers.app.labels" $ | nindent 4 }} 12 | {{- with $general.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 13 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 14 | annotations: 15 | {{- include "helpers.app.genericAnnotations" $ | indent 4 }} 16 | {{- with $general.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 17 | {{- with .annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 18 | spec: 19 | replicas: {{ .replicas | default 1 }} 20 | {{- with .strategy }} 21 | strategy: {{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} 22 | {{- end }} 23 | progressDeadlineSeconds: {{ .progressDeadlineSeconds | default 600 }} 24 | selector: 25 | matchLabels: 26 | {{- include "helpers.app.selectorLabels" $ | nindent 6 }} 27 | {{- with .extraSelectorLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 6 }}{{- end }} 28 | template: 29 | metadata: 30 | labels: 31 | {{- include "helpers.app.selectorLabels" $ | nindent 8 }} 32 | {{- with .extraSelectorLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 33 | {{- with $.Values.generic.podLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 34 | {{- with .podLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 35 | annotations: 36 | {{- with $.Values.generic.podAnnotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 37 | {{- with .podAnnotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 38 | spec: 39 | {{- include "helpers.pod" (dict "value" . "general" $general "name" $name "extraLabels" .extraSelectorLabels "context" $) | indent 6 }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /templates/extra.yml: -------------------------------------------------------------------------------- 1 | {{- range $key, $val := .Values.extraDeploy }} 2 | --- 3 | {{ include "helpers.tplvalues.render" (dict "value" $val "context" $) }} 4 | {{- end }} -------------------------------------------------------------------------------- /templates/helm-hooks.yml: -------------------------------------------------------------------------------- 1 | {{- if .Values.hooks -}} 2 | {{- $general := $.Values.hooksGeneral -}} 3 | {{- $hooks := list -}} 4 | {{- if kindIs "string" .Values.hooks -}} 5 | {{- $hooks = fromYaml .Values.hooks -}} 6 | {{- else if kindIs "map" .Values.hooks -}} 7 | {{- $hooks = .Values.hooks -}} 8 | {{- end -}} 9 | {{- range $name, $hook := $hooks }} 10 | {{- $hookName := include "helpers.app.fullname" (dict "name" $name "context" $) }} 11 | --- 12 | apiVersion: batch/v1 13 | kind: Job 14 | metadata: 15 | name: {{ $hookName }} 16 | labels: 17 | {{- include "helpers.app.labels" $ | nindent 4 }} 18 | {{- with $general.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 19 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 20 | annotations: 21 | "helm.sh/hook": {{ .kind | default "pre-install,pre-upgrade" | quote }} 22 | "helm.sh/hook-weight": {{ .weight | default "5" | quote }} 23 | "helm.sh/hook-delete-policy": {{ .deletePolicy | default "before-hook-creation" | quote }} 24 | {{- include "helpers.app.genericAnnotations" $ | indent 4 }} 25 | {{- with $general.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 26 | {{- with .annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 27 | spec: 28 | {{- if .parallelism }} 29 | parallelism: {{ .parallelism }} 30 | {{- else if $general.parallelism }} 31 | parallelism: {{ $general.parallelism }} 32 | {{- end }} 33 | {{- if .completions }} 34 | completions: {{ .completions }} 35 | {{- else if $general.completions }} 36 | completions: {{ $general.completions }} 37 | {{- end }} 38 | {{- if .activeDeadlineSeconds }} 39 | activeDeadlineSeconds: {{ .activeDeadlineSeconds }} 40 | {{- else if $general.activeDeadlineSeconds }} 41 | activeDeadlineSeconds: {{ $general.activeDeadlineSeconds }} 42 | {{- end }} 43 | {{- if .backoffLimit }} 44 | backoffLimit: {{ .backoffLimit }} 45 | {{- else if $general.backoffLimit }} 46 | backoffLimit: {{ $general.backoffLimit }} 47 | {{- end }} 48 | {{- if .ttlSecondsAfterFinished }} 49 | ttlSecondsAfterFinished: {{ .ttlSecondsAfterFinished }} 50 | {{- else if $general.ttlSecondsAfterFinished }} 51 | ttlSecondsAfterFinished: {{ $general.ttlSecondsAfterFinished }} 52 | {{- end }} 53 | template: 54 | metadata: 55 | name: {{ $hookName }} 56 | labels: 57 | {{- with $.Values.generic.podLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 58 | {{- with .podLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 59 | annotations: 60 | {{- with $.Values.generic.podAnnotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 61 | {{- with .podAnnotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 62 | spec: 63 | {{- include "helpers.pod" (dict "value" . "general" $general "name" $name "context" $) | indent 6 }} 64 | restartPolicy: {{ .restartPolicy | default "Never" }} 65 | {{- end -}} 66 | {{- end -}} -------------------------------------------------------------------------------- /templates/helpers/_affinities.tpl: -------------------------------------------------------------------------------- 1 | {{- define "helpers.affinities.nodes.soft" -}} 2 | {{- $ctx := .context -}} 3 | preferredDuringSchedulingIgnoredDuringExecution: 4 | - weight: 1 5 | preference: 6 | matchExpressions: 7 | - key: {{ include "helpers.tplvalues.render" (dict "value" .key "context" $ctx) }} 8 | operator: In 9 | values: 10 | {{- range .values }} 11 | {{- if typeIs "string" . }} 12 | - {{ include "helpers.tplvalues.render" (dict "value" . "context" $ctx) | quote }} 13 | {{- else }} 14 | - {{ include "helpers.tplvalues.render" (dict "value" . "context" $ctx) }} 15 | {{- end }} 16 | {{- end }} 17 | {{- end -}} 18 | 19 | {{- define "helpers.affinities.nodes.hard" -}} 20 | {{- $ctx := .context -}} 21 | requiredDuringSchedulingIgnoredDuringExecution: 22 | nodeSelectorTerms: 23 | - matchExpressions: 24 | - key: {{ include "helpers.tplvalues.render" (dict "value" .key "context" $ctx) }} 25 | operator: In 26 | values: 27 | {{- range .values }} 28 | {{- if typeIs "string" . }} 29 | - {{ include "helpers.tplvalues.render" (dict "value" . "context" $ctx) | quote }} 30 | {{- else }} 31 | - {{ include "helpers.tplvalues.render" (dict "value" . "context" $ctx) }} 32 | {{- end }} 33 | {{- end }} 34 | {{- end -}} 35 | 36 | {{- define "helpers.affinities.nodes" -}} 37 | {{- with .type -}} 38 | {{- if eq . "soft" }} 39 | {{- include "helpers.affinities.nodes.soft" $ -}} 40 | {{- else if eq . "hard" }} 41 | {{- include "helpers.affinities.nodes.hard" $ -}} 42 | {{- end -}} 43 | {{- else -}} 44 | {} 45 | {{- end -}} 46 | {{- end -}} 47 | 48 | {{- define "helpers.affinities.pods" -}} 49 | {{- with .type -}} 50 | {{- if eq . "soft" }} 51 | {{- include "helpers.affinities.pods.soft" $ -}} 52 | {{- else if eq . "hard" }} 53 | {{- include "helpers.affinities.pods.hard" $ -}} 54 | {{- end -}} 55 | {{- else -}} 56 | {} 57 | {{- end -}} 58 | {{- end -}} 59 | 60 | 61 | {{- define "helpers.affinities.pods.soft" -}} 62 | {{- $component := default "" .component -}} 63 | preferredDuringSchedulingIgnoredDuringExecution: 64 | - weight: 100 65 | podAffinityTerm: 66 | {{- include "helpers.affinities.pods.labelSelector" $ | nindent 4 }} 67 | {{- end -}} 68 | 69 | {{- define "helpers.affinities.pods.hard" -}} 70 | requiredDuringSchedulingIgnoredDuringExecution: 71 | - {{- include "helpers.affinities.pods.labelSelector" $ | nindent 2 }} 72 | {{- end -}} 73 | 74 | {{- define "helpers.affinities.pods.labelSelector" -}} 75 | {{- $extraLabels := default "" .extraLabels -}} 76 | labelSelector: 77 | matchLabels: 78 | {{- (include "helpers.app.selectorLabels" .context) | nindent 4 }} 79 | {{- with $extraLabels }} 80 | {{ toYaml . }} 81 | {{- end }} 82 | namespaces: 83 | - {{ .context.Release.Namespace | quote }} 84 | topologyKey: kubernetes.io/hostname 85 | {{- end -}} 86 | -------------------------------------------------------------------------------- /templates/helpers/_app.tpl: -------------------------------------------------------------------------------- 1 | {{- define "helpers.app.name" -}} 2 | {{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 3 | {{- end -}} 4 | 5 | {{/* 6 | Create chart name and version as used by the chart label. 7 | */}} 8 | {{- define "helpers.app.chart" -}} 9 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 10 | {{- end -}} 11 | 12 | {{/* 13 | Create a default fully qualified app name. 14 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 15 | If release name contains chart name it will be used as a full name. 16 | */}} 17 | {{- define "helpers.app.fullname" -}} 18 | {{- if .name -}} 19 | {{- if .context.Values.releasePrefix -}} 20 | {{- printf "%s-%s" .context.Values.releasePrefix .name | trunc 63 | trimAll "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" (include "helpers.app.name" .context) .name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- else -}} 25 | {{- include "helpers.app.name" .context -}} 26 | {{- end -}} 27 | {{- end -}} 28 | 29 | {{- define "helpers.app.labels" -}} 30 | {{ include "helpers.app.selectorLabels" . }} 31 | helm.sh/chart: {{ include "helpers.app.chart" . }} 32 | app.kubernetes.io/managed-by: {{ .Release.Service }} 33 | {{- if .Chart.AppVersion }} 34 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 35 | {{- end }} 36 | {{- with .Values.generic.labels }} 37 | {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 38 | {{- end }} 39 | {{- end }} 40 | 41 | {{- define "helpers.app.selectorLabels" -}} 42 | app.kubernetes.io/name: {{ include "helpers.app.name" . }} 43 | app.kubernetes.io/instance: {{ .Release.Name }} 44 | {{ include "helpers.app.genericSelectorLabels" $ }} 45 | {{- end }} 46 | 47 | {{- define "helpers.app.genericSelectorLabels" -}} 48 | {{- with .Values.generic.extraSelectorLabels }} 49 | {{ include "helpers.tplvalues.render" (dict "value" . "context" .) }} 50 | {{- end }} 51 | {{- end }} 52 | 53 | {{- define "helpers.app.genericAnnotations" -}} 54 | {{- with .Values.generic.annotations }} 55 | {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 56 | {{- end }} 57 | {{- end }} 58 | 59 | {{/* 60 | For a backward compatibility 61 | TODO: remove it in version 3.x.x, use defaultHookAnnotations 62 | */}} 63 | {{- define "helpers.app.hooksAnnotations" -}} 64 | {{ include "helpers.app.defaultHookAnnotations" .context | fromYaml }} 65 | {{- end }} 66 | 67 | {{/* 68 | Template for default hook annotations for configmaps and secrets 69 | */}} 70 | {{- define "helpers.app.defaultHookAnnotations" -}} 71 | {{- with .Values.generic.hookAnnotations }} 72 | {{- include "helpers.tplvalues.render" ( dict "value" . "context" $ ) }} 73 | {{- end }} 74 | {{- end }} 75 | 76 | {{/* 77 | Merge the user defined annotations and the common hook annotations 78 | */}} 79 | {{- define "helpers.app.annotations" -}} 80 | {{- $defaultHookValues := include "helpers.app.defaultHookAnnotations" .context | fromYaml }} 81 | {{- $genericAnnotations := include "helpers.app.genericAnnotations" .context | fromYaml }} 82 | {{- $userValues := .value | fromYaml }} 83 | {{- $mergedValues := mustMergeOverwrite $defaultHookValues $userValues $genericAnnotations }} 84 | {{- $mergedValues | toYaml -}} 85 | {{- end -}} -------------------------------------------------------------------------------- /templates/helpers/_capabilities.tpl: -------------------------------------------------------------------------------- 1 | {{- define "helpers.capabilities.helmVersion" -}} 2 | {{- if .Values.global }} 3 | {{- if .Values.global.helmVersion }} 4 | {{- .Values.global.helmVersion -}} 5 | {{- else -}} 6 | {{- if typeIs "string" .Capabilities.KubeVersion -}} 7 | {{- "v2" -}} 8 | {{- else -}} 9 | {{- "v3" -}} 10 | {{- end -}} 11 | {{- end -}} 12 | {{- else }} 13 | {{- if typeIs "string" .Capabilities.KubeVersion -}} 14 | {{- "v2" -}} 15 | {{- else -}} 16 | {{- "v3" -}} 17 | {{- end -}} 18 | {{- end -}} 19 | {{- end -}} 20 | 21 | {{- define "helpers.capabilities.kubeVersion" -}} 22 | {{- if .Values.global }} 23 | {{- if .Values.global.kubeVersion }} 24 | {{- .Values.global.kubeVersion -}} 25 | {{- else }} 26 | {{- if semverCompare "<3" (include "helpers.capabilities.helmVersion" $) -}} 27 | {{- default .Capabilities.KubeVersion .Values.kubeVersion -}} 28 | {{- else -}} 29 | {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} 30 | {{- end -}} 31 | {{- end -}} 32 | {{- else }} 33 | {{- if .Capabilities.KubeVersion.Version -}} 34 | {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} 35 | {{- else -}} 36 | {{- default .Capabilities.KubeVersion .Values.kubeVersion -}} 37 | {{- end -}} 38 | {{- end -}} 39 | {{- end -}} 40 | 41 | {{- define "helpers.capabilities.cronJob.apiVersion" -}} 42 | {{- if .Values.global }} 43 | {{- if .Values.global.apiVersions.cronJob }} 44 | {{- .Values.global.apiVersions.cronJob -}} 45 | {{- else if semverCompare "<1.21-0" (include "helpers.capabilities.kubeVersion" $) -}} 46 | {{- print "batch/v1beta1" -}} 47 | {{- else -}} 48 | {{- print "batch/v1" -}} 49 | {{- end -}} 50 | {{- else if semverCompare "<1.21-0" (include "helpers.capabilities.kubeVersion" $) -}} 51 | {{- print "batch/v1beta1" -}} 52 | {{- else -}} 53 | {{- print "batch/v1" -}} 54 | {{- end -}} 55 | {{- end -}} 56 | 57 | {{- define "helpers.capabilities.deployment.apiVersion" -}} 58 | {{- if .Values.global }} 59 | {{- if .Values.global.apiVersions.deployment }} 60 | {{- .Values.global.apiVersions.deployment -}} 61 | {{- else if semverCompare "<1.14-0" (include "helpers.capabilities.kubeVersion" $) -}} 62 | {{- print "extensions/v1beta1" -}} 63 | {{- else -}} 64 | {{- print "apps/v1" -}} 65 | {{- end -}} 66 | {{- else if semverCompare "<1.14-0" (include "helpers.capabilities.kubeVersion" $) -}} 67 | {{- print "extensions/v1beta1" -}} 68 | {{- else -}} 69 | {{- print "apps/v1" -}} 70 | {{- end -}} 71 | {{- end -}} 72 | 73 | {{- define "helpers.capabilities.statefulSet.apiVersion" -}} 74 | {{- if .Values.global }} 75 | {{- if .Values.global.apiVersions.statefulSet }} 76 | {{- .Values.global.apiVersions.statefulSet -}} 77 | {{- else if semverCompare "<1.14-0" (include "helpers.capabilities.kubeVersion" $) -}} 78 | {{- print "apps/v1beta1" -}} 79 | {{- else -}} 80 | {{- print "apps/v1" -}} 81 | {{- end -}} 82 | {{- else if semverCompare "<1.14-0" (include "helpers.capabilities.kubeVersion" $) -}} 83 | {{- print "apps/v1beta1" -}} 84 | {{- else -}} 85 | {{- print "apps/v1" -}} 86 | {{- end -}} 87 | {{- end -}} 88 | 89 | {{- define "helpers.capabilities.ingress.apiVersion" -}} 90 | {{- if .Values.global }} 91 | {{- if .Values.global.apiVersions.ingress }} 92 | {{- .Values.global.apiVersions.ingress -}} 93 | {{- else if semverCompare "<1.14-0" (include "helpers.capabilities.kubeVersion" $) -}} 94 | {{- print "extensions/v1beta1" -}} 95 | {{- else if semverCompare "<1.19-0" (include "helpers.capabilities.kubeVersion" $) -}} 96 | {{- print "networking.k8s.io/v1beta1" -}} 97 | {{- else -}} 98 | {{- print "networking.k8s.io/v1" -}} 99 | {{- end -}} 100 | {{- else if semverCompare "<1.14-0" (include "helpers.capabilities.kubeVersion" $) -}} 101 | {{- print "extensions/v1beta1" -}} 102 | {{- else if semverCompare "<1.19-0" (include "helpers.capabilities.kubeVersion" $) -}} 103 | {{- print "networking.k8s.io/v1beta1" -}} 104 | {{- else -}} 105 | {{- print "networking.k8s.io/v1" -}} 106 | {{- end -}} 107 | {{- end -}} 108 | 109 | {{- define "helpers.capabilities.pdb.apiVersion" -}} 110 | {{- if .Values.global }} 111 | {{- if .Values.global.apiVersions.pdb }} 112 | {{- .Values.global.apiVersions.pdb -}} 113 | {{- else if semverCompare "<1.21-0" (include "helpers.capabilities.kubeVersion" $) -}} 114 | {{- print "policy/v1beta1" -}} 115 | {{- else -}} 116 | {{- print "policy/v1" -}} 117 | {{- end -}} 118 | {{- else if semverCompare "<1.21-0" (include "helpers.capabilities.kubeVersion" $) -}} 119 | {{- print "policy/v1beta1" -}} 120 | {{- else -}} 121 | {{- print "policy/v1" -}} 122 | {{- end -}} 123 | {{- end -}} 124 | 125 | {{- define "helpers.capabilities.traefik.apiVersion" -}} 126 | {{- if .Values.global }} 127 | {{- if .Values.global.apiVersions.traefik }} 128 | {{- .Values.global.apiVersions.traefik -}} 129 | {{- else if .Capabilities.APIVersions.Has "traefik.io/v1alpha1" -}} 130 | {{- print "traefik.io/v1alpha1" -}} 131 | {{- else if .Capabilities.APIVersions.Has "traefik.containo.us/v1alpha1" -}} 132 | {{- print "traefik.containo.us/v1alpha1" -}} 133 | {{- end -}} 134 | {{- else if .Capabilities.APIVersions.Has "traefik.io/v1alpha1" -}} 135 | {{- print "traefik.io/v1alpha1" -}} 136 | {{- else if .Capabilities.APIVersions.Has "traefik.containo.us/v1alpha1" -}} 137 | {{- print "traefik.containo.us/v1alpha1" -}} 138 | {{- end -}} 139 | {{- end -}} 140 | 141 | {{- define "helpers.capabilities.istiogateway.apiVersion" -}} 142 | {{- if .Values.global }} 143 | {{- if .Values.global.apiVersions.istioGateway }} 144 | {{- .Values.global.apiVersions.istioGateway -}} 145 | {{- else if .Capabilities.APIVersions.Has "networking.istio.io/v1" -}} 146 | {{- print "networking.istio.io/v1" -}} 147 | {{- end -}} 148 | {{- else if .Capabilities.APIVersions.Has "networking.istio.io/v1" -}} 149 | {{- print "networking.istio.io/v1" -}} 150 | {{- end -}} 151 | {{- end -}} 152 | 153 | {{- define "helpers.capabilities.istiovirtualservice.apiVersion" -}} 154 | {{- if .Values.global }} 155 | {{- if .Values.global.apiVersions.istioVirtualService }} 156 | {{- .Values.global.apiVersions.istioVirtualService -}} 157 | {{- else if .Capabilities.APIVersions.Has "networking.istio.io/v1" -}} 158 | {{- print "networking.istio.io/v1" -}} 159 | {{- end -}} 160 | {{- else if .Capabilities.APIVersions.Has "networking.istio.io/v1" -}} 161 | {{- print "networking.istio.io/v1" -}} 162 | {{- end -}} 163 | {{- end -}} 164 | 165 | {{- define "helpers.capabilities.istiodestinationrule.apiVersion" -}} 166 | {{- if .Values.global }} 167 | {{- if .Values.global.apiVersions.istioDestinationRule }} 168 | {{- .Values.global.apiVersions.istioDestinationRule -}} 169 | {{- else if .Capabilities.APIVersions.Has "networking.istio.io/v1" -}} 170 | {{- print "networking.istio.io/v1" -}} 171 | {{- end -}} 172 | {{- else if .Capabilities.APIVersions.Has "networking.istio.io/v1" -}} 173 | {{- print "networking.istio.io/v1" -}} 174 | {{- end -}} 175 | {{- end -}} 176 | -------------------------------------------------------------------------------- /templates/helpers/_configmaps.tpl: -------------------------------------------------------------------------------- 1 | {{- define "helpers.configmaps.decode" -}} 2 | {{if hasPrefix "b64:" .value}}{{trimPrefix "b64:" .value | b64dec | quote }}{{else}}{{ quote .value }}{{- end }} 3 | {{- end -}} 4 | 5 | 6 | {{- define "helpers.configmaps.renderConfigMap" -}} 7 | {{- $v := dict -}} 8 | {{- if typeIs "string" .value -}} 9 | {{- $v = fromYaml .value -}} 10 | {{- else if kindIs "map" .value -}} 11 | {{- $v = .value -}} 12 | {{- end -}} 13 | {{- range $key, $value := $v }} 14 | {{- if eq (typeOf $value) "float64" }} 15 | {{ printf "%s: %s" $key (include "helpers.configmaps.decode" (dict "value" $value)) }} 16 | {{- else if empty $value }} 17 | {{ printf "%s: %s" $key ("" | quote) }} 18 | {{- else if kindIs "string" $value }} 19 | {{ printf "%s: %s" $key (include "helpers.configmaps.decode" (dict "value" $value)) }} 20 | {{- else }} 21 | {{ $key }}: {{$value | toJson | quote }} 22 | {{- end -}} 23 | {{- end -}} 24 | {{- end -}} 25 | 26 | {{- define "helpers.configmaps.includeEnv" -}} 27 | {{- $ctx := .context -}} 28 | {{- $s := dict -}} 29 | {{- if typeIs "string" .value -}} 30 | {{- $s = fromYaml .value -}} 31 | {{- else if kindIs "map" .value -}} 32 | {{- $s = .value -}} 33 | {{- end -}} 34 | {{- range $sName, $envKeys := $s -}} 35 | {{- range $i, $envKey := $envKeys }} 36 | {{- if kindIs "string" $envKey }} 37 | - name: {{ $envKey }} 38 | valueFrom: 39 | configMapKeyRef: 40 | name: {{ include "helpers.app.fullname" (dict "name" $sName "context" $ctx) }} 41 | key: {{ $envKey }} 42 | {{- else if kindIs "map" $envKey -}} 43 | {{- range $keyName, $key := $envKey }} 44 | - name: {{ $keyName }} 45 | valueFrom: 46 | configMapKeyRef: 47 | name: {{ include "helpers.app.fullname" (dict "name" $sName "context" $ctx) }} 48 | key: {{ $key }} 49 | {{- end -}} 50 | {{- end -}} 51 | {{- end -}} 52 | {{- end -}} 53 | {{- end -}} 54 | 55 | {{- define "helpers.configmaps.includeEnvConfigmap" -}} 56 | {{- $ctx := .context -}} 57 | {{- range $i, $sName := .value }} 58 | - configMapRef: 59 | name: {{ include "helpers.app.fullname" (dict "name" $sName "context" $ctx) }} 60 | {{- end -}} 61 | {{- end -}} -------------------------------------------------------------------------------- /templates/helpers/_deprecations.tpl: -------------------------------------------------------------------------------- 1 | {{- define "helpers.deprecation.chartname" -}} 2 | ** NOTICE ** 3 | 4 | We are currently changing name of our chart from universal-chart to nxs-universal-chart. 5 | 6 | Prior to release of 3.0 both versions will be supported. 7 | {{ end }} 8 | 9 | {{- define "helpers.deprecation.notice" -}} 10 | ** NOTICE ** 11 | 12 | Option `extraVolumeMounts` for generics and workloads generals has been renamed to `volumeMounts` and will be removed in the version 3.0. 13 | Please use `volumeMounts` instead. 14 | 15 | Option `imagePullSecrets` for workloads deprecated and will be removed in the version 3.0. 16 | Please use `extraImagePullSecrets` instead. 17 | 18 | Option `servicemonitors` has been renamed to `serviceMonitors` and will be removed in the version 3.0. 19 | Please use `serviceMonitors` instead. 20 | 21 | ** WARNING ** 22 | 23 | Option `generic.usePredefinedAffinity` will change default value to `false` in the version 3.0. 24 | Please set this option in your values file or use `usePredefinedAffinity` in workloads generals. 25 | {{- end }} 26 | 27 | 28 | {{- define "helpers.deprecation.workload.imagePullSecrets" -}} 29 | {{- range $name, $wkl := .Values.deployments }}{{- if $wkl.imagePullSecrets }} 30 | 31 | ** WARNING ** 32 | 33 | You use deprecated option `imagePullSecrets` for deployment "{{$name}}". Please use `extraImagePullSecrets` instead. 34 | {{- end }}{{ end }} 35 | {{- range $name, $wkl := .Values.hooks }}{{- if $wkl.imagePullSecrets }} 36 | 37 | ** WARNING ** 38 | 39 | You use deprecated option `imagePullSecrets` for hook "{{$name}}". Please use `extraImagePullSecrets` instead. 40 | {{- end }}{{ end }} 41 | {{- range $name, $wkl := .Values.cronJobs }}{{- if $wkl.imagePullSecrets }} 42 | 43 | ** WARNING ** 44 | 45 | You use deprecated option `imagePullSecrets` for cronjob "{{$name}}". Please use `extraImagePullSecrets` instead. 46 | {{- end }}{{ end }} 47 | {{- range $name, $wkl := .Values.jobs }}{{- if $wkl.imagePullSecrets }} 48 | 49 | ** WARNING ** 50 | 51 | You use deprecated option `imagePullSecrets` for job "{{$name}}". Please use `extraImagePullSecrets` instead. 52 | {{- end }}{{ end }} 53 | {{ end }} 54 | 55 | {{- define "helpers.deprecation.serviceMonitors" -}} 56 | {{- if .Values.servicemonitors }} 57 | 58 | ** WARNING ** 59 | 60 | You use deprecated option `servicemonitors`. Please use `serviceMonitors` instead. 61 | {{- end }} 62 | {{ end }} 63 | 64 | {{- define "helpers.deprecation.extraVolumeMounts" -}} 65 | {{- if .Values.generic.extraVolumeMounts }} 66 | 67 | ** WARNING ** 68 | 69 | You use deprecated option `generic.extraVolumeMounts`. Please use `generic.volumeMounts` instead. 70 | {{- end }} 71 | {{- if .Values.deploymentsGeneral.extraVolumeMounts }} 72 | 73 | ** WARNING ** 74 | 75 | You use deprecated option `deploymentsGeneral.extraVolumeMounts`. Please use `deploymentsGeneral.volumeMounts` instead. 76 | {{- end }} 77 | {{- if .Values.statefulSetsGeneral.extraVolumeMounts }} 78 | 79 | ** WARNING ** 80 | 81 | You use deprecated option `statefulSetsGeneral.extraVolumeMounts`. Please use `statefulSetsGeneral.volumeMounts` instead. 82 | {{- end }} 83 | {{- if .Values.hooksGeneral.extraVolumeMounts }} 84 | 85 | ** WARNING ** 86 | 87 | You use deprecated option `hooksGeneral.extraVolumeMounts`. Please use `hooksGeneral.volumeMounts` instead. 88 | {{- end }} 89 | {{- if .Values.cronJobsGeneral.extraVolumeMounts }} 90 | 91 | ** WARNING ** 92 | 93 | You use deprecated option `cronJobsGeneral.extraVolumeMounts`. Please use `cronJobsGeneral.volumeMounts` instead. 94 | {{- end }} 95 | {{- if .Values.jobsGeneral.extraVolumeMounts }} 96 | 97 | ** WARNING ** 98 | 99 | You use deprecated option `jobsGeneral.extraVolumeMounts`. Please use `jobsGeneral.volumeMounts` instead. 100 | {{- end }} 101 | {{ end }} 102 | -------------------------------------------------------------------------------- /templates/helpers/_ingress.tpl: -------------------------------------------------------------------------------- 1 | {{- define "helpers.ingress.backend" -}} 2 | {{- $apiVersion := (include "helpers.capabilities.ingress.apiVersion" .context) -}} 3 | {{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} 4 | serviceName: {{ .serviceName }} 5 | servicePort: {{ .servicePort }} 6 | {{- else -}} 7 | service: 8 | name: {{ .serviceName }} 9 | port: 10 | {{- if typeIs "string" .servicePort }} 11 | name: {{ .servicePort }} 12 | {{- else if typeIs "float64" .servicePort }} 13 | number: {{ .servicePort }} 14 | {{- else if typeIs "int64" .servicePort }} 15 | number: {{ .servicePort }} 16 | {{- end }} 17 | {{- end -}} 18 | {{- end -}} 19 | 20 | {{- define "helpers.ingress.supportsPathType" -}} 21 | {{- not (semverCompare "<1.18-0" (include "helpers.capabilities.kubeVersion" .)) -}} 22 | {{- end -}} 23 | 24 | {{- define "helpers.ingress.supportsIngressClass" -}} 25 | {{- not (semverCompare "<1.18-0" (include "helpers.capabilities.kubeVersion" .)) -}} 26 | {{- end -}} 27 | -------------------------------------------------------------------------------- /templates/helpers/_pod.tpl: -------------------------------------------------------------------------------- 1 | {{- define "helpers.pod" -}} 2 | {{- $ := .context -}} 3 | {{- $general := .general -}} 4 | {{- $extraLabels := .extraLabels -}} 5 | {{- $usePredefinedAffinity := $.Values.generic.usePredefinedAffinity -}} 6 | {{- if (ne $general.usePredefinedAffinity nil) }}{{ $usePredefinedAffinity = $general.usePredefinedAffinity }}{{ end -}} 7 | {{- $name := .name -}} 8 | {{- with .value -}} 9 | {{- if .serviceAccountName }} 10 | serviceAccountName: {{- include "helpers.tplvalues.render" (dict "value" .serviceAccountName "context" $) | nindent 2 }} 11 | {{- else if $.Values.generic.serviceAccountName }} 12 | serviceAccountName: {{- include "helpers.tplvalues.render" (dict "value" $.Values.generic.serviceAccountName "context" $) | nindent 2 }} 13 | {{- end }} 14 | {{- if .hostAliases }} 15 | hostAliases: {{- include "helpers.tplvalues.render" (dict "value" .hostAliases "context" $) | nindent 2 }} 16 | {{- else if $.Values.generic.hostAliases }} 17 | hostAliases: {{- include "helpers.tplvalues.render" (dict "value" $.Values.generic.hostAliases "context" $) | nindent 2 }} 18 | {{- end }} 19 | {{- if .affinity }} 20 | affinity: {{- include "helpers.tplvalues.render" ( dict "value" .affinity "context" $) | nindent 2 }} 21 | {{- else if $general.affinity }} 22 | affinity: {{- include "helpers.tplvalues.render" ( dict "value" $general.affinity "context" $) | nindent 2 }} 23 | {{- else if $usePredefinedAffinity }} 24 | affinity: 25 | nodeAffinity: {{- include "helpers.affinities.nodes" (dict "type" $.Values.nodeAffinityPreset.type "key" $.Values.nodeAffinityPreset.key "values" $.Values.nodeAffinityPreset.values "context" $) | nindent 4 }} 26 | podAffinity: {{- include "helpers.affinities.pods" (dict "type" $.Values.podAffinityPreset "extraLabels" $extraLabels "context" $) | nindent 4 }} 27 | podAntiAffinity: {{- include "helpers.affinities.pods" (dict "type" $.Values.podAntiAffinityPreset "extraLabels" $extraLabels "context" $) | nindent 4 }} 28 | {{- end }} 29 | {{- if .priorityClassName }} 30 | priorityClassName: {{ .priorityClassName }} 31 | {{- else if $.Values.generic.priorityClassName }} 32 | priorityClassName: {{ $.Values.generic.priorityClassName }} 33 | {{- end }} 34 | {{- if .dnsPolicy }} 35 | dnsPolicy: {{ .dnsPolicy }} 36 | {{- else if $.Values.generic.dnsPolicy }} 37 | dnsPolicy: {{ $.Values.generic.dnsPolicy }} 38 | {{- end }} 39 | {{- with .nodeSelector }} 40 | nodeSelector: {{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 2 }} 41 | {{- end }} 42 | 43 | {{- $combined := .tolerations | default ( $.Values.generic.tolerations | default list ) }} 44 | {{- if $combined }} 45 | tolerations: 46 | {{- include "helpers.tplvalues.render" (dict "value" $combined "context" $) | nindent 2 }} 47 | {{- end }} 48 | 49 | {{- with .securityContext }} 50 | securityContext: {{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 2 }} 51 | {{- end }} 52 | {{ if or $.Values.imagePullSecrets $.Values.generic.extraImagePullSecrets .extraImagePullSecrets .imagePullSecrets }} 53 | imagePullSecrets: 54 | {{- range $sName, $v := $.Values.imagePullSecrets }} 55 | - name: {{ $sName }} 56 | {{- end }} 57 | {{- with .imagePullSecrets }}{{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 0 }}{{- end }} 58 | {{- with .extraImagePullSecrets }}{{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 0 }}{{- end }} 59 | {{- with $.Values.generic.extraImagePullSecrets }}{{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 0 }}{{- end }} 60 | {{- end }} 61 | {{- if .terminationGracePeriodSeconds }} 62 | terminationGracePeriodSeconds: {{ .terminationGracePeriodSeconds }} 63 | {{- end }} 64 | {{- with .initContainers}} 65 | initContainers: 66 | {{- range . }} 67 | {{- with .name }} 68 | - name: {{ include "helpers.tplvalues.render" ( dict "value" . "context" $) }} 69 | {{- else }} 70 | - name: {{ printf "%s-init-%s" $name (lower (randAlphaNum 5)) }} 71 | {{- end }} 72 | {{- $image := $.Values.defaultImage }}{{ with .image }}{{ $image = include "helpers.tplvalues.render" ( dict "value" . "context" $) }}{{ end }} 73 | {{- $imageTag := $.Values.defaultImageTag }}{{ with .imageTag }}{{ $imageTag = include "helpers.tplvalues.render" ( dict "value" . "context" $) }}{{ end }} 74 | image: {{ $image }}:{{ $imageTag }} 75 | imagePullPolicy: {{ .imagePullPolicy | default $.Values.defaultImagePullPolicy }} 76 | {{- with .securityContext }} 77 | securityContext: {{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 4 }} 78 | {{- end }} 79 | {{- if $.Values.diagnosticMode.enabled }} 80 | args: {{- include "helpers.tplvalues.render" ( dict "value" $.Values.diagnosticMode.args "context" $) | nindent 2 }} 81 | {{- else if .args }} 82 | args: {{- include "helpers.tplvalues.render" ( dict "value" .args "context" $) | nindent 2 }} 83 | {{- end }} 84 | {{- if $.Values.diagnosticMode.enabled }} 85 | command: {{- include "helpers.tplvalues.render" ( dict "value" $.Values.diagnosticMode.command "context" $) | nindent 2 }} 86 | {{- else if .command }} 87 | {{- if typeIs "string" .command }} 88 | command: {{ printf "[\"%s\"]" (join ("\", \"") (without (splitList " " .command) "" )) }} 89 | {{- else }} 90 | command: {{- include "helpers.tplvalues.render" ( dict "value" .command "context" $) | nindent 2 }} 91 | {{- end }} 92 | {{- end }} 93 | {{- include "helpers.workloads.envs" (dict "value" . "context" $) | indent 2 }} 94 | {{- include "helpers.workloads.envsFrom" (dict "value" . "context" $) | indent 2 }} 95 | {{- with .ports }} 96 | ports: {{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 2 }} 97 | {{- end }} 98 | {{- with .lifecycle }} 99 | lifecycle: {{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 4 }} 100 | {{- end }} 101 | {{- with .startupProbe }} 102 | startupProbe: {{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 4 }} 103 | {{- end }} 104 | {{- with .livenessProbe }} 105 | livenessProbe: {{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 4 }} 106 | {{- end }} 107 | {{- with .readinessProbe }} 108 | readinessProbe: {{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 4 }} 109 | {{- end }} 110 | {{- with .resources }} 111 | resources: {{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 4 }} 112 | {{- end }} 113 | volumeMounts: {{- include "helpers.volumes.renderVolumeMounts" (dict "value" . "general" $general "context" $) | nindent 2 }} 114 | {{- end }}{{- end }} 115 | containers: 116 | {{- range .containers }} 117 | {{- with .name }} 118 | - name: {{ include "helpers.tplvalues.render" ( dict "value" . "context" $) }} 119 | {{- else }} 120 | - name: {{ printf "%s-%s" $name (lower (randAlphaNum 5)) }} 121 | {{- end }} 122 | {{- $image := $.Values.defaultImage }}{{ with .image }}{{ $image = include "helpers.tplvalues.render" ( dict "value" . "context" $) }}{{ end }} 123 | {{- $imageTag := $.Values.defaultImageTag }}{{ with .imageTag }}{{ $imageTag = include "helpers.tplvalues.render" ( dict "value" . "context" $) }}{{ end }} 124 | image: {{ $image }}:{{ $imageTag }} 125 | imagePullPolicy: {{ .imagePullPolicy | default $.Values.defaultImagePullPolicy }} 126 | {{- with .securityContext }} 127 | securityContext: {{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 4 }} 128 | {{- end }} 129 | {{- if $.Values.diagnosticMode.enabled }} 130 | args: {{- include "helpers.tplvalues.render" ( dict "value" $.Values.diagnosticMode.args "context" $) | nindent 2 }} 131 | {{- else if .args }} 132 | args: {{- include "helpers.tplvalues.render" ( dict "value" .args "context" $) | nindent 2 }} 133 | {{- end }} 134 | {{- if $.Values.diagnosticMode.enabled }} 135 | command: {{- include "helpers.tplvalues.render" ( dict "value" $.Values.diagnosticMode.command "context" $) | nindent 2 }} 136 | {{- else if .command }} 137 | {{- if typeIs "string" .command }} 138 | command: {{ printf "[\"%s\"]" (join ("\", \"") (without (splitList " " .command) "" )) }} 139 | {{- else }} 140 | command: {{- include "helpers.tplvalues.render" ( dict "value" .command "context" $) | nindent 2 }} 141 | {{- end }} 142 | {{- end }} 143 | {{- include "helpers.workloads.envs" (dict "value" . "general" $general "context" $) | indent 2 }} 144 | {{- include "helpers.workloads.envsFrom" (dict "value" . "general" $general "context" $) | indent 2 }} 145 | {{- with .ports }} 146 | ports: {{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 2 }} 147 | {{- end }} 148 | {{- with .lifecycle }} 149 | lifecycle: {{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 4 }} 150 | {{- end }} 151 | {{- with .startupProbe }} 152 | startupProbe: {{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 4 }} 153 | {{- end }} 154 | {{- with .livenessProbe }} 155 | livenessProbe: {{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 4 }} 156 | {{- end }} 157 | {{- with .readinessProbe }} 158 | readinessProbe: {{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 4 }} 159 | {{- end }} 160 | {{- with .resources }} 161 | resources: {{- include "helpers.tplvalues.render" ( dict "value" . "context" $) | nindent 4 }} 162 | {{- end }} 163 | volumeMounts: {{- include "helpers.volumes.renderVolumeMounts" (dict "value" . "general" $general "context" $) | nindent 2 }} 164 | {{- end }} 165 | volumes: {{- include "helpers.volumes.renderVolume" (dict "value" . "general" $general "context" $) -}} 166 | {{- end -}} 167 | {{- end -}} 168 | -------------------------------------------------------------------------------- /templates/helpers/_secrets.tpl: -------------------------------------------------------------------------------- 1 | {{- define "helpers.secrets.includeEnv" -}} 2 | {{- $ctx := .context -}} 3 | {{- $s := dict -}} 4 | {{- if typeIs "string" .value -}} 5 | {{- $s = fromYaml .value -}} 6 | {{- else if kindIs "map" .value -}} 7 | {{- $s = .value -}} 8 | {{- end -}} 9 | {{- range $sName, $envKeys := $s -}} 10 | {{- range $i, $envKey := $envKeys }} 11 | {{- if kindIs "string" $envKey }} 12 | - name: {{ $envKey }} 13 | valueFrom: 14 | secretKeyRef: 15 | name: {{ include "helpers.app.fullname" (dict "name" $sName "context" $ctx) }} 16 | key: {{ $envKey }} 17 | {{- else if kindIs "map" $envKey -}} 18 | {{- range $keyName, $key := $envKey }} 19 | - name: {{ $keyName }} 20 | valueFrom: 21 | secretKeyRef: 22 | name: {{ include "helpers.app.fullname" (dict "name" $sName "context" $ctx) }} 23 | key: {{ $key }} 24 | {{- end -}} 25 | {{- end -}} 26 | {{- end -}} 27 | {{- end -}} 28 | {{- end -}} 29 | 30 | {{- define "helpers.secrets.includeEnvSecret" -}} 31 | {{- $ctx := .context -}} 32 | {{- range $i, $sName := .value }} 33 | - secretRef: 34 | name: {{ include "helpers.app.fullname" (dict "name" $sName "context" $ctx) }} 35 | {{- end -}} 36 | {{- end -}} 37 | 38 | {{- define "helpers.secrets.encode" -}} 39 | {{if hasPrefix "b64:" .value}}{{trimPrefix "b64:" .value}}{{else}}{{toString .value|b64enc}}{{end}} 40 | {{- end -}} 41 | 42 | {{- define "helpers.secrets.render" -}} 43 | {{- $v := dict -}} 44 | {{- if kindIs "string" .value -}} 45 | {{- $v = fromYaml .value }} 46 | {{- else -}} 47 | {{- $v = .value }} 48 | {{- end -}} 49 | {{- range $key, $value := $v }} 50 | {{- if kindIs "string" $value }} 51 | {{ printf "%s: %s" $key (include "helpers.secrets.encode" (dict "value" $value)) }} 52 | {{- else }} 53 | {{ $key }}: {{$value | toJson | b64enc }} 54 | {{- end -}} 55 | {{- end -}} 56 | {{- end -}} 57 | 58 | {{- define "helpers.secrets.renderSealed" -}} 59 | {{- $v := dict -}} 60 | {{- if kindIs "string" .value -}} 61 | {{- $v = fromYaml .value }} 62 | {{- else -}} 63 | {{- $v = .value }} 64 | {{- end -}} 65 | {{- range $key, $value := $v }} 66 | {{ printf "%s: %s" $key $value }} 67 | {{- end -}} 68 | {{- end -}} -------------------------------------------------------------------------------- /templates/helpers/_tplvalues.tpl: -------------------------------------------------------------------------------- 1 | {{- define "helpers.tplvalues.render" -}} 2 | {{- if typeIs "string" .value }} 3 | {{- tpl .value .context }} 4 | {{- else }} 5 | {{- tpl (.value | toYaml) .context }} 6 | {{- end }} 7 | {{- end -}} 8 | -------------------------------------------------------------------------------- /templates/helpers/_volumes.tpl: -------------------------------------------------------------------------------- 1 | {{- define "helpers.volumes.typed" -}} 2 | {{- $ctx := .context -}} 3 | {{- range .volumes -}} 4 | {{- if eq .type "configMap" }} 5 | - name: {{ .name }} 6 | configMap: 7 | {{- with .originalName }} 8 | name: {{ . }} 9 | {{- else }} 10 | name: {{ include "helpers.app.fullname" (dict "name" .name "context" $ctx) }} 11 | {{- end }} 12 | {{- with .defaultMode }} 13 | defaultMode: {{ . }} 14 | {{- end }} 15 | {{- with .items }} 16 | items: {{- include "helpers.tplvalues.render" (dict "value" . "context" $ctx) | nindent 4 }} 17 | {{- end }} 18 | {{- else if eq .type "secret" }} 19 | - name: {{ .name }} 20 | secret: 21 | {{- with .originalName }} 22 | secretName: {{ . }} 23 | {{- else }} 24 | secretName: {{ include "helpers.app.fullname" (dict "name" .name "context" $ctx) }} 25 | {{- end }} 26 | {{- with .items }} 27 | items: {{- include "helpers.tplvalues.render" (dict "value" . "context" $ctx) | nindent 4 }} 28 | {{- end }} 29 | {{- else if eq .type "pvc" }} 30 | - name: {{ .name }} 31 | persistentVolumeClaim: 32 | {{- with .originalName }} 33 | claimName: {{ . }} 34 | {{- else }} 35 | claimName: {{ include "helpers.app.fullname" (dict "name" .name "context" $ctx) }} 36 | {{- end }} 37 | {{- else if eq .type "emptyDir" }} 38 | - name: {{ .name }} 39 | {{- if or .sizeLimit .medium }} 40 | emptyDir: 41 | {{- if .sizeLimit }} 42 | sizeLimit: {{ .sizeLimit }} 43 | {{- end }} 44 | {{- if .medium }} 45 | medium: {{ .medium }} 46 | {{- end }} 47 | {{- else }} 48 | emptyDir: {} 49 | {{- end }} 50 | {{- end }} 51 | {{- end }} 52 | {{- end }} 53 | 54 | {{- define "helpers.volumes.renderVolume" -}} 55 | {{- $ctx := .context -}} 56 | {{- $general := .general -}} 57 | {{- $val := .value -}} 58 | {{- if or (or $val.volumes $val.extraVolumes) (or (or $general.extraVolumes $ctx.Values.generic.extraVolumes) (or $general.volumes $ctx.Values.generic.volumes)) }} 59 | {{ with $val.volumes }}{{ include "helpers.volumes.typed" ( dict "volumes" . "context" $ctx) }}{{ end }} 60 | {{ with $general.volumes }}{{ include "helpers.volumes.typed" ( dict "volumes" . "context" $ctx) }}{{ end }} 61 | {{ with $ctx.Values.generic.volumes }}{{ include "helpers.volumes.typed" ( dict "volumes" . "context" $ctx) }}{{ end }} 62 | {{ with $val.extraVolumes }}{{ include "helpers.tplvalues.render" ( dict "value" . "context" $ctx) }}{{ end }} 63 | {{ with $general.extraVolumes }}{{ include "helpers.tplvalues.render" ( dict "value" . "context" $ctx) }}{{ end }} 64 | {{ with $ctx.Values.generic.extraVolumes }}{{ include "helpers.tplvalues.render" ( dict "value" . "context" $ctx) }}{{ end }} 65 | {{- else }} 66 | [] 67 | {{- end }} 68 | {{- end }} 69 | 70 | {{- define "helpers.volumes.renderVolumeMounts" -}} 71 | {{- $ctx := .context -}} 72 | {{- $general := .general -}} 73 | {{- $val := .value -}} 74 | {{- if or (or $val.volumeMounts $general.extraVolumeMounts) (or $ctx.Values.generic.extraVolumeMounts (or $general.volumeMounts $ctx.Values.generic.volumeMounts)) -}} 75 | {{ with $val.volumeMounts }}{{ include "helpers.tplvalues.render" ( dict "value" . "context" $ctx) }}{{ end }} 76 | {{ with $general.volumeMounts }}{{ include "helpers.tplvalues.render" ( dict "value" . "context" $ctx) }}{{ end }} 77 | {{ with $general.extraVolumeMounts }}{{ include "helpers.tplvalues.render" ( dict "value" . "context" $ctx) }}{{ end }} 78 | {{ with $ctx.Values.generic.volumeMounts }}{{ include "helpers.tplvalues.render" ( dict "value" . "context" $ctx) }}{{ end }} 79 | {{ with $ctx.Values.generic.extraVolumeMounts }}{{ include "helpers.tplvalues.render" ( dict "value" . "context" $ctx) }}{{ end }} 80 | {{- else }} 81 | [] 82 | {{- end }} 83 | {{- end }} 84 | -------------------------------------------------------------------------------- /templates/helpers/_workloads.tpl: -------------------------------------------------------------------------------- 1 | {{- define "helpers.workloads.envs" -}} 2 | {{- $ctx := .context -}} 3 | {{- $general := .general -}} 4 | {{- $v := .value -}} 5 | {{- if or (or (or $v.envsFromConfigmap $v.envsFromSecret) $v.env) (or (or $general.envsFromConfigmap $general.envsFromSecret) $general.env)}} 6 | env: 7 | {{ with $general.envsFromConfigmap }}{{- include "helpers.configmaps.includeEnv" ( dict "value" . "context" $ctx) }}{{- end }} 8 | {{ with $v.envsFromConfigmap }}{{- include "helpers.configmaps.includeEnv" ( dict "value" . "context" $ctx) }}{{- end }} 9 | {{ with $general.envsFromSecret }}{{- include "helpers.secrets.includeEnv" ( dict "value" . "context" $ctx) }}{{- end }} 10 | {{ with $v.envsFromSecret }}{{- include "helpers.secrets.includeEnv" ( dict "value" . "context" $ctx) }}{{- end }} 11 | {{ with $general.env }}{{- include "helpers.tplvalues.render" ( dict "value" . "context" $ctx) }}{{- end }} 12 | {{ with $v.env }}{{- include "helpers.tplvalues.render" ( dict "value" . "context" $ctx) }}{{- end }} 13 | {{- end }} 14 | {{- end }} 15 | 16 | {{- define "helpers.workloads.envsFrom" -}} 17 | {{- $ctx := .context -}} 18 | {{- $general := .general -}} 19 | {{- $v := .value -}} 20 | {{- if or (or (or $v.envConfigmaps $v.envSecrets) $v.envFrom) (or (or $general.envConfigmaps $general.envSecrets) $general.envFrom)}} 21 | envFrom: 22 | {{ with $general.envConfigmaps }}{{- include "helpers.configmaps.includeEnvConfigmap" ( dict "value" . "context" $ctx) }}{{- end }} 23 | {{ with $v.envConfigmaps }}{{- include "helpers.configmaps.includeEnvConfigmap" ( dict "value" . "context" $ctx) }}{{- end }} 24 | {{ with $general.envSecrets }}{{- include "helpers.secrets.includeEnvSecret" ( dict "value" . "context" $ctx) }}{{- end }} 25 | {{ with $v.envSecrets }}{{- include "helpers.secrets.includeEnvSecret" ( dict "value" . "context" $ctx) }}{{- end }} 26 | {{ with $general.envFrom }}{{- include "helpers.tplvalues.render" ( dict "value" . "context" $ctx) }}{{- end }} 27 | {{ with $v.envFrom }}{{- include "helpers.tplvalues.render" ( dict "value" . "context" $ctx) }}{{- end }} 28 | {{- end }} 29 | {{- end }} 30 | 31 | {{- define "helpers.workload.checksum" -}} 32 | {{ . | toString | sha256sum }} 33 | {{- end -}} -------------------------------------------------------------------------------- /templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- range $name, $hpa := .Values.hpas }} 2 | --- 3 | kind: HorizontalPodAutoscaler 4 | apiVersion: {{ .apiVersion | default "autoscaling/v2beta1" }} 5 | metadata: 6 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 7 | namespace: {{ $.Release.Namespace | quote }} 8 | labels: 9 | {{- include "helpers.app.labels" $ | nindent 4 }} 10 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 11 | annotations: 12 | {{- with .annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 13 | spec: 14 | {{- with .scaleTargetRef }} 15 | scaleTargetRef: 16 | apiVersion: {{ .apiVersion | default "apps/v1" }} 17 | kind: {{ .kind | default "Deployment" }} 18 | name: {{ include "helpers.app.fullname" (dict "name" .name "context" $) }} 19 | {{- end }} 20 | minReplicas: {{ .minReplicas | default "2" }} 21 | maxReplicas: {{ .maxReplicas | default "3" }} 22 | metrics: 23 | {{- if not (empty .targetCPU) }} 24 | - type: Resource 25 | resource: 26 | name: cpu 27 | targetAverageUtilization: {{ .targetCPU }} 28 | {{- end }} 29 | {{- if not (empty .targetMemory) }} 30 | - type: Resource 31 | resource: 32 | name: memory 33 | targetAverageUtilization: {{ .targetMemory }} 34 | {{- end }} 35 | {{- if .metrics }} 36 | {{- toYaml .metrics | nindent 4 }} 37 | {{- end }} 38 | {{- end -}} 39 | -------------------------------------------------------------------------------- /templates/ingress.yml: -------------------------------------------------------------------------------- 1 | {{- range $host, $ing := .Values.ingresses }} 2 | --- 3 | apiVersion: {{ include "helpers.capabilities.ingress.apiVersion" $ }} 4 | kind: Ingress 5 | metadata: 6 | name: {{ include "helpers.app.fullname" (dict "name" ($ing.name | default $host) "context" $) }} 7 | namespace: {{ $.Release.Namespace | quote }} 8 | labels: 9 | {{- include "helpers.app.labels" $ | nindent 4 }} 10 | {{- with $ing.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 11 | annotations: 12 | {{- include "helpers.app.genericAnnotations" $ | indent 4 }} 13 | {{- with $ing.certManager }} 14 | kubernetes.io/tls-acme: "true" 15 | {{- if or .issuerName .originalIssuerName }} 16 | {{- if .originalIssuerName }} 17 | cert-manager.io/{{ .issuerType | default "cluster-issuer" }}: {{ include "helpers.tplvalues.render" (dict "value" .originalIssuerName "context" $) }} 18 | {{- else }} 19 | cert-manager.io/{{ .issuerType | default "cluster-issuer" }}: {{ include "helpers.app.fullname" (dict "name" .issuerName "context" $) }} 20 | {{- end }} {{/* end if .originalIssuerName */}} 21 | {{- end }} {{/* end if or .issuerName .originalIssuerName */}} 22 | {{- end }} {{/* end $ing.certManager */}} 23 | {{- with $ing.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 24 | spec: 25 | {{- if and (eq "true" (include "helpers.ingress.supportsIngressClass" $)) ($ing.ingressClassName) }} 26 | ingressClassName: {{ $ing.ingressClassName }} 27 | {{- end }} 28 | rules: 29 | {{- range $ing.hosts }} 30 | - {{ if .hostname -}} 31 | host: {{ include "helpers.tplvalues.render" (dict "value" .hostname "context" $) }} 32 | {{- else -}} 33 | host: {{ $host }} 34 | {{- end }} 35 | http: 36 | paths: 37 | {{- range .paths }} 38 | - path: {{ default "/" .path }} 39 | {{- if eq "true" (include "helpers.ingress.supportsPathType" $) }} 40 | pathType: {{ default "Prefix" .pathType }} 41 | {{- end }} 42 | backend: 43 | {{- include "helpers.ingress.backend" (dict "serviceName" (include "helpers.app.fullname" (dict "name" .serviceName "context" $)) "servicePort" .servicePort "context" $) | nindent 10 }} 44 | {{- end }} 45 | {{- end }} 46 | {{- if or $ing.certManager $ing.extraTls }} 47 | tls: 48 | {{- if $ing.certManager }} 49 | - hosts: 50 | {{- range $ing.hosts }} 51 | {{- if .hostname }} 52 | - {{ include "helpers.tplvalues.render" (dict "value" .hostname "context" $) }} 53 | {{- else }} 54 | - {{ $host }} 55 | {{- end }} 56 | {{- end }} 57 | secretName: {{ .tlsName | default (include "helpers.app.fullname" (dict "name" ($ing.name | default $host) "context" $)) }}-tls 58 | {{- end }} 59 | {{- if .extraTls }} 60 | {{- include "helpers.tplvalues.render" ( dict "value" .extraTls "context" $ ) | nindent 2 }} 61 | {{- end }} 62 | {{- end }} 63 | {{- end -}} 64 | -------------------------------------------------------------------------------- /templates/issuer.yml: -------------------------------------------------------------------------------- 1 | {{- if $.Capabilities.APIVersions.Has "cert-manager.io/v1" }} 2 | {{- range $name, $iss := .Values.issuers }} 3 | {{- if not (.disabled | default false) }} 4 | {{- $_ := include "helpers.tplvalues.render" (dict "value" .kind "context" $) }} 5 | {{- $kind := ternary "ClusterIssuer" "Issuer" (eq $_ "ClusterIssuer") }} 6 | 7 | --- 8 | kind: {{ $kind }} 9 | apiVersion: cert-manager.io/v1 10 | metadata: 11 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 12 | labels: 13 | {{- include "helpers.app.labels" $ | nindent 4 }} 14 | spec: 15 | {{- with .acme }} 16 | acme: 17 | {{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} 18 | {{- end }} 19 | {{- with .ca }} 20 | ca: 21 | {{- with .originalSecretName }} 22 | secretName: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 23 | {{- else }} 24 | secretName: {{ include "helpers.app.fullname" (dict "name" .secretName "context" $) }} 25 | {{- end }} 26 | {{- if .crlDistributionPoints }} 27 | crlDistributionPoints: 28 | {{- range .crlDistributionPoints }} 29 | - {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 30 | {{- end }} 31 | {{- end }} 32 | {{- if .ocspServers }} 33 | ocspServers: 34 | {{- range .ocspServers }} 35 | - {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 36 | {{- end }} 37 | {{- end }} 38 | {{- end }} 39 | {{- with .vault }} 40 | vault: 41 | {{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} 42 | {{- end }} 43 | {{- if kindIs "map" .selfSigned }} 44 | selfSigned: 45 | {{- include "helpers.tplvalues.render" (dict "value" .selfSigned "context" $) | nindent 4 }} 46 | {{- end }} 47 | {{- with .venafi }} 48 | venafi: 49 | {{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} 50 | {{- end }} 51 | {{- end }} {{/* end if not .disabled */}} 52 | {{- end }} {{/* end range */}} 53 | {{- end }} -------------------------------------------------------------------------------- /templates/istiodestinationrule.yml: -------------------------------------------------------------------------------- 1 | {{- range $host, $destinationrule := .Values.istiodestinationrules }} 2 | --- 3 | apiVersion: {{ include "helpers.capabilities.istiodestinationrule.apiVersion" $ }} 4 | kind: DestinationRule 5 | metadata: 6 | name: {{ include "helpers.app.fullname" (dict "name" ($destinationrule.name | default $host) "context" $) }} 7 | namespace: {{ $.Release.Namespace | quote }} 8 | labels: 9 | {{- include "helpers.app.labels" $ | nindent 4 }} 10 | {{- with $destinationrule.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 11 | annotations: 12 | {{- include "helpers.app.genericAnnotations" $ | indent 4 }} 13 | {{- with $destinationrule.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 14 | spec: 15 | host: {{ $destinationrule.host | quote }} 16 | trafficPolicy: 17 | {{- with $destinationrule.trafficPolicy }} 18 | {{- toYaml . | nindent 4 }} 19 | {{- end }} 20 | {{- if $destinationrule.subsets }} 21 | subsets: 22 | {{- range $subset := $destinationrule.subsets }} 23 | - name: {{ $subset.name }} 24 | labels: 25 | {{- range $key, $value := $subset.labels }} 26 | {{ $key }}: {{ $value | quote }} 27 | {{- end }} 28 | trafficPolicy: 29 | {{- with $subset.trafficPolicy }} 30 | {{- toYaml . | nindent 8 }} 31 | {{- end }} 32 | {{- end }} 33 | {{- end }} 34 | {{- if $destinationrule.exportTo }} 35 | exportTo: 36 | {{- range $exportTo := $destinationrule.exportTo }} 37 | - {{ $exportTo | quote }} 38 | {{- end }} 39 | {{- end }} 40 | {{- with $destinationrule.workloadSelector }} 41 | workloadSelector: 42 | matchLabels: 43 | {{- range $key, $value := .matchLabels }} 44 | {{ $key }}: {{ $value | quote }} 45 | {{- end }} 46 | {{- end }} 47 | {{- end }} -------------------------------------------------------------------------------- /templates/istiogateway.yml: -------------------------------------------------------------------------------- 1 | {{- range $host, $gateway := .Values.istiogateways }} 2 | --- 3 | apiVersion: {{ include "helpers.capabilities.istiogateway.apiVersion" $ }} 4 | kind: Gateway 5 | metadata: 6 | name: {{ include "helpers.app.fullname" (dict "name" ($gateway.name | default $host) "context" $) }} 7 | namespace: {{ $.Release.Namespace | quote }} 8 | labels: 9 | {{- include "helpers.app.labels" $ | nindent 4 }} 10 | {{- with $gateway.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 11 | annotations: 12 | {{- include "helpers.app.genericAnnotations" $ | indent 4 }} 13 | {{- with $gateway.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 14 | spec: 15 | selector: 16 | {{- include "helpers.tplvalues.render" (dict "value" $gateway.selector "context" $) | nindent 4 }} 17 | servers: 18 | {{- range $gateway.servers }} 19 | - hosts: 20 | {{- range .hosts }} 21 | - {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 22 | {{- end }} 23 | port: 24 | name: {{ .port.name }} 25 | number: {{ .port.number }} 26 | protocol: {{ .port.protocol }} 27 | {{- with .tls }} 28 | tls: 29 | {{- toYaml . | nindent 6 }} 30 | {{- end }} {{/* end with .tls */}} 31 | {{- end }} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /templates/istiovirtualservice.yml: -------------------------------------------------------------------------------- 1 | {{- range $host, $virtualservice := .Values.istiovirtualservices }} 2 | --- 3 | apiVersion: {{ include "helpers.capabilities.istiovirtualservice.apiVersion" $ }} 4 | kind: VirtualService 5 | metadata: 6 | name: {{ include "helpers.app.fullname" (dict "name" ($virtualservice.name | default $host) "context" $) }} 7 | namespace: {{ $.Release.Namespace | quote }} 8 | labels: 9 | {{- include "helpers.app.labels" $ | nindent 4 }} 10 | {{- with $virtualservice.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 11 | annotations: 12 | {{- include "helpers.app.genericAnnotations" $ | indent 4 }} 13 | {{- with $virtualservice.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 14 | spec: 15 | hosts: 16 | {{- range $virtualservice.hosts }} 17 | - {{ . | quote }} 18 | {{- end }} 19 | gateways: 20 | {{- range $virtualservice.gateways }} 21 | - {{ . | quote }} 22 | {{- end }} 23 | http: 24 | {{- range $httpRoute := $virtualservice.http }} 25 | - name: {{ $httpRoute.name | default "" | quote }} 26 | {{- with $httpRoute.match }} 27 | match: 28 | {{- toYaml . | nindent 8 }} 29 | {{- end }} 30 | {{- with $httpRoute.route }} 31 | route: 32 | {{- toYaml . | nindent 8 }} 33 | {{- end }} 34 | {{- with $httpRoute.retries }} 35 | retries: 36 | {{- toYaml . | nindent 8 }} 37 | {{- end }} 38 | {{- with $httpRoute.fault }} 39 | fault: 40 | {{- toYaml . | nindent 8 }} 41 | {{- end }} 42 | {{- with $httpRoute.timeout }} 43 | timeout: {{ . }} 44 | {{- end }} 45 | {{- with $httpRoute.rewrite }} 46 | rewrite: 47 | {{- toYaml . | nindent 8 }} 48 | {{- end }} 49 | {{- with $httpRoute.corsPolicy }} 50 | corsPolicy: 51 | {{- toYaml . | nindent 8 }} 52 | {{- end }} 53 | {{- end }} 54 | {{- if $virtualservice.tls }} 55 | tls: 56 | {{- range $virtualservice.tls }} 57 | - match: 58 | {{- if .match }} 59 | {{- toYaml .match | nindent 8 }} 60 | {{- end }} 61 | route: 62 | {{- if .route }} 63 | {{- toYaml .route | nindent 8 }} 64 | {{- end }} 65 | {{- end }} 66 | {{- end }} 67 | {{- if $virtualservice.tcp }} 68 | tcp: 69 | {{- range $tcpRoute := . }} 70 | - {{- toYaml $tcpRoute | nindent 6 }} 71 | {{- end }} 72 | {{- end }} {{/* end with $virtualservice.tcp */}} 73 | {{- with $virtualservice.exportTo }} 74 | exportTo: 75 | {{- toYaml . | nindent 4 }} 76 | {{- end }} {{/* end with $virtualservice.exportTo */}} 77 | {{- end }} 78 | -------------------------------------------------------------------------------- /templates/job.yml: -------------------------------------------------------------------------------- 1 | {{- if .Values.jobs -}} 2 | {{- $general := $.Values.jobsGeneral -}} 3 | {{- $jobs := list -}} 4 | {{- if kindIs "string" .Values.jobs -}} 5 | {{- $jobs = fromYaml .Values.jobs -}} 6 | {{- else if kindIs "map" .Values.jobs -}} 7 | {{- $jobs = .Values.jobs -}} 8 | {{- end -}} 9 | {{- range $name, $job := $jobs }} 10 | {{- $jobName := include "helpers.app.fullname" (dict "name" $name "context" $) }} 11 | --- 12 | apiVersion: batch/v1 13 | kind: Job 14 | metadata: 15 | name: {{ $jobName }} 16 | namespace: {{ $.Release.Namespace | quote }} 17 | labels: 18 | {{- include "helpers.app.labels" $ | nindent 4 }} 19 | {{- with $general.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 20 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 21 | annotations: 22 | {{- include "helpers.app.genericAnnotations" $ | indent 4 }} 23 | {{- with $general.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 24 | {{- with .annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 25 | spec: 26 | {{- if .parallelism }} 27 | parallelism: {{ .parallelism }} 28 | {{- else if $general.parallelism }} 29 | parallelism: {{ $general.parallelism }} 30 | {{- end }} 31 | {{- if .completions }} 32 | completions: {{ .completions }} 33 | {{- else if $general.completions }} 34 | completions: {{ $general.completions }} 35 | {{- end }} 36 | {{- if .activeDeadlineSeconds }} 37 | activeDeadlineSeconds: {{ .activeDeadlineSeconds }} 38 | {{- else if $general.activeDeadlineSeconds }} 39 | activeDeadlineSeconds: {{ $general.activeDeadlineSeconds }} 40 | {{- end }} 41 | {{- if .backoffLimit }} 42 | backoffLimit: {{ .backoffLimit }} 43 | {{- else if $general.backoffLimit }} 44 | backoffLimit: {{ $general.backoffLimit }} 45 | {{- end }} 46 | {{- if .ttlSecondsAfterFinished }} 47 | ttlSecondsAfterFinished: {{ .ttlSecondsAfterFinished }} 48 | {{- else if $general.ttlSecondsAfterFinished }} 49 | ttlSecondsAfterFinished: {{ $general.ttlSecondsAfterFinished }} 50 | {{- end }} 51 | template: 52 | metadata: 53 | labels: 54 | {{- with $.Values.generic.podLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 55 | {{- with .podLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 56 | annotations: 57 | {{- with $.Values.generic.podAnnotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 58 | {{- with .podAnnotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 59 | spec: 60 | {{- include "helpers.pod" (dict "value" . "general" $general "name" $name "context" $) | indent 6 }} 61 | restartPolicy: {{ .restartPolicy | default "Never" }} 62 | {{- if .commandDurationAlert }} 63 | --- 64 | apiVersion: monitoring.coreos.com/v1 65 | kind: PrometheusRule 66 | metadata: 67 | name: job-{{ $jobName }} 68 | labels: 69 | prometheus: k8s 70 | role: alert-rules 71 | namespace: nxs-monitoring 72 | spec: 73 | groups: 74 | - name: "jobs_rules" 75 | interval: 1m # period check for alerts 76 | rules: 77 | - alert: "job-{{ $jobName }}-too-long-execution" 78 | expr: '((time() - kube_job_status_start_time{namespace="{{ $.Release.Namespace }}", job_name=~"{{ $jobName }}-.*"}) and kube_job_status_active{namespace="{{ $.Release.Namespace }}", job_name=~"{{ $jobName }}-.*"} == 1) > {{ .commandDurationAlert }}' 79 | for: 3m 80 | labels: 81 | severity: warning 82 | annotations: 83 | message: "Job {{ $.Release.Namespace }}/{{ $jobName }} is taking more than {{ .commandDurationAlert }} to complete" 84 | {{- end }} 85 | {{- end }} 86 | {{- end }} 87 | -------------------------------------------------------------------------------- /templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- range $name, $pdb := .Values.pdbs }} 2 | --- 3 | kind: PodDisruptionBudget 4 | apiVersion: {{ include "helpers.capabilities.pdb.apiVersion" $ }} 5 | metadata: 6 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 7 | namespace: {{ $.Release.Namespace | quote }} 8 | labels: 9 | {{- include "helpers.app.labels" $ | nindent 4 }} 10 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 11 | spec: 12 | {{- if not (empty .minAvailable) }} 13 | minAvailable: {{ .minAvailable }} 14 | {{- else }} 15 | {{- if not (empty .maxUnavailable) }} 16 | maxUnavailable: {{ .maxUnavailable }} 17 | {{- end }} 18 | {{- end }} 19 | selector: 20 | matchLabels: 21 | {{- include "helpers.app.selectorLabels" $ | nindent 6 }} 22 | {{- with $.Values.generic.extraSelectorLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 6 }}{{- end -}} 23 | {{- with .extraSelectorLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 6 }}{{- end -}} 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /templates/pvc.yml: -------------------------------------------------------------------------------- 1 | {{- range $name, $p := .Values.pvcs }} 2 | --- 3 | kind: PersistentVolumeClaim 4 | apiVersion: v1 5 | metadata: 6 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 7 | namespace: {{ $.Release.Namespace }} 8 | labels: 9 | {{- include "helpers.app.labels" $ | nindent 4 }} 10 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 11 | annotations: 12 | {{- with .annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 13 | spec: 14 | accessModes: {{- include "helpers.tplvalues.render" ( dict "value" .accessModes "context" $ ) | nindent 4 }} 15 | {{- with .volumeMode }} 16 | volumeMode: {{ . }} 17 | {{- end }} 18 | {{- with .volumeName}} 19 | volumeName: {{ . }} 20 | {{- end }} 21 | resources: 22 | requests: 23 | storage: {{ .size | default "1Gi" }} 24 | {{- with .storageClassName }} 25 | storageClassName: {{ . }} 26 | {{- end }} 27 | {{- with .selector }} 28 | {{- include "helpers.tplvalues.render" ( dict "value" . "context" $ ) | nindent 4 }} 29 | {{- end }} 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /templates/secret.yml: -------------------------------------------------------------------------------- 1 | {{- if or (not (empty .Values.secretEnvs)) (not (empty .Values.secretEnvsString)) }} 2 | --- 3 | kind: Secret 4 | apiVersion: v1 5 | type: Opaque 6 | metadata: 7 | name: {{ include "helpers.app.fullname" (dict "name" "secret-envs" "context" $) }} 8 | namespace: {{ .Release.Namespace | quote }} 9 | labels: {{- include "helpers.app.labels" $ | nindent 4 }} 10 | annotations: {{- include "helpers.app.defaultHookAnnotations" $ | nindent 4 }} 11 | data: 12 | {{- include "helpers.secrets.render" (dict "value" .Values.secretEnvsString) | indent 2 }} 13 | {{- include "helpers.secrets.render" (dict "value" .Values.secretEnvs) | indent 2 }} 14 | {{- end }} 15 | 16 | {{- range $sName, $val := .Values.secrets -}} 17 | {{- if not (eq $sName "secret-envs") }} 18 | --- 19 | apiVersion: v1 20 | kind: Secret 21 | type: {{ $val.type | default "Opaque" }} 22 | metadata: 23 | name: {{ include "helpers.app.fullname" (dict "name" $sName "context" $) }} 24 | namespace: {{ $.Release.Namespace | quote }} 25 | labels: 26 | {{- include "helpers.app.labels" $ | nindent 4 }} 27 | {{- with $val.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{ end }} 28 | annotations: 29 | {{- if $val.annotations }} 30 | {{- $_ := include "helpers.tplvalues.render" (dict "value" $val.annotations "context" $) }} 31 | {{- include "helpers.app.annotations" (dict "value" $_ "context" $) | nindent 4 -}} 32 | {{- else }} 33 | {{- include "helpers.app.defaultHookAnnotations" $ | nindent 4 }} 34 | {{- end }} 35 | data: 36 | {{- include "helpers.secrets.render" (dict "value" $val.data) | indent 2 }} 37 | {{- end }} 38 | {{- end }} 39 | 40 | {{- range $name, $value := .Values.imagePullSecrets }} 41 | --- 42 | apiVersion: v1 43 | kind: Secret 44 | type: kubernetes.io/dockerconfigjson 45 | metadata: 46 | name: {{ $name }} 47 | namespace: {{ $.Release.Namespace | quote }} 48 | labels: {{- include "helpers.app.labels" $ | nindent 4 }} 49 | annotations: {{- include "helpers.app.defaultHookAnnotations" $ | nindent 4 }} 50 | data: 51 | {{- include "helpers.secrets.render" (dict "value" (printf ".dockerconfigjson: %v" $value)) | indent 2 }} 52 | {{- end }} 53 | 54 | {{- range $sName, $val := .Values.sealedSecrets -}} 55 | --- 56 | apiVersion: bitnami.com/v1alpha1 57 | kind: SealedSecret 58 | metadata: 59 | name: {{ include "helpers.app.fullname" (dict "name" $sName "context" $) }} 60 | namespace: {{ $.Release.Namespace | quote }} 61 | labels: 62 | {{- include "helpers.app.labels" $ | nindent 4 }} 63 | {{- with $val.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{ end }} 64 | annotations: 65 | {{- include "helpers.app.defaultHookAnnotations" $ | nindent 4 }} 66 | {{- with $val.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{ end }} 67 | spec: 68 | encryptedData: 69 | {{- include "helpers.secrets.renderSealed" (dict "value" $val.encryptedData) | indent 4 }} 70 | template: 71 | metadata: 72 | name: {{ include "helpers.app.fullname" (dict "name" $sName "context" $) }} 73 | namespace: {{ $.Release.Namespace | quote }} 74 | labels: 75 | {{- include "helpers.app.labels" $ | nindent 8 }} 76 | {{- with $val.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{ end }} 77 | annotations: 78 | {{- with $val.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{ end }} 79 | {{- end }} -------------------------------------------------------------------------------- /templates/serviceaccount.yml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount -}} 2 | {{- $general := $.Values.serviceAccountGeneral -}} 3 | {{- $serviceAccount := list -}} 4 | {{- if kindIs "string" .Values.serviceAccount -}} 5 | {{- $serviceAccount = fromYaml .Values.serviceAccount -}} 6 | {{- else if kindIs "map" .Values.serviceAccount -}} 7 | {{- $serviceAccount = .Values.serviceAccount -}} 8 | {{- end -}} 9 | {{- range $name, $val := $serviceAccount }} 10 | --- 11 | apiVersion: v1 12 | kind: ServiceAccount 13 | metadata: 14 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 15 | namespace: {{ $.Release.Namespace | quote }} 16 | labels: 17 | {{- include "helpers.app.labels" $ | nindent 4 }} 18 | {{- with $general.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 19 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 20 | annotations: 21 | {{- include "helpers.app.genericAnnotations" $ | indent 4 }} 22 | {{- with $general.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 23 | {{- with .annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 24 | 25 | {{- if .role }} 26 | {{- if .role.rules }} 27 | --- 28 | apiVersion: rbac.authorization.k8s.io/v1 29 | kind: Role 30 | metadata: 31 | name: {{ include "helpers.app.fullname" (dict "name" $val.role.name "context" $) }} 32 | namespace: {{ $.Release.Namespace | quote }} 33 | labels: 34 | {{- include "helpers.app.labels" $ | nindent 4 }} 35 | {{- with $general.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 36 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 37 | annotations: 38 | {{- include "helpers.app.genericAnnotations" $ | indent 4 }} 39 | {{- with $general.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 40 | {{- with .annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 41 | rules: 42 | {{ include "helpers.tplvalues.render" ( dict "value" $val.role.rules "context" $ )}} 43 | --- 44 | apiVersion: rbac.authorization.k8s.io/v1 45 | kind: RoleBinding 46 | metadata: 47 | name: {{ include "helpers.app.fullname" (dict "name" $val.role.name "context" $) }} 48 | namespace: {{ $.Release.Namespace | quote }} 49 | labels: 50 | {{- include "helpers.app.labels" $ | nindent 4 }} 51 | {{- with $general.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 52 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 53 | annotations: 54 | {{- include "helpers.app.genericAnnotations" $ | indent 4 }} 55 | {{- with $general.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 56 | {{- with .annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 57 | roleRef: 58 | apiGroup: rbac.authorization.k8s.io 59 | kind: Role 60 | name: {{ include "helpers.app.fullname" (dict "name" $val.role.name "context" $) }} 61 | subjects: 62 | - kind: ServiceAccount 63 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 64 | namespace: {{ $.Release.Namespace | quote }} 65 | {{- else }} 66 | --- 67 | apiVersion: rbac.authorization.k8s.io/v1 68 | kind: RoleBinding 69 | metadata: 70 | name: {{ include "helpers.app.fullname" (dict "name" $val.role.name "context" $) }} 71 | namespace: {{ $.Release.Namespace | quote }} 72 | labels: 73 | {{- include "helpers.app.labels" $ | nindent 4 }} 74 | {{- with $general.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 75 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 76 | annotations: 77 | {{- include "helpers.app.genericAnnotations" $ | indent 4 }} 78 | {{- with $general.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 79 | {{- with .annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 80 | roleRef: 81 | apiGroup: rbac.authorization.k8s.io 82 | kind: Role 83 | name: {{ $val.role.name }} 84 | subjects: 85 | - kind: ServiceAccount 86 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 87 | namespace: {{ $.Release.Namespace | quote }} 88 | {{- end }} 89 | {{- end }} 90 | {{- if .clusterRole }} 91 | {{- if .clusterRole.rules }} 92 | --- 93 | apiVersion: rbac.authorization.k8s.io/v1 94 | kind: ClusterRole 95 | metadata: 96 | name: {{ include "helpers.app.fullname" (dict "name" $val.clusterRole.name "context" $) }} 97 | labels: 98 | {{- include "helpers.app.labels" $ | nindent 4 }} 99 | {{- with $general.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 100 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 101 | annotations: 102 | {{- include "helpers.app.genericAnnotations" $ | indent 4 }} 103 | {{- with $general.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 104 | {{- with .annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 105 | rules: 106 | {{ include "helpers.tplvalues.render" ( dict "value" $val.clusterRole.rules "context" $ )}} 107 | --- 108 | apiVersion: rbac.authorization.k8s.io/v1 109 | kind: ClusterRoleBinding 110 | metadata: 111 | name: {{ include "helpers.app.fullname" (dict "name" $val.clusterRole.name "context" $) }} 112 | labels: 113 | {{- include "helpers.app.labels" $ | nindent 4 }} 114 | {{- with $general.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 115 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 116 | annotations: 117 | {{- include "helpers.app.genericAnnotations" $ | indent 4 }} 118 | {{- with $general.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 119 | {{- with .annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 120 | roleRef: 121 | apiGroup: rbac.authorization.k8s.io 122 | kind: ClusterRole 123 | name: {{ include "helpers.app.fullname" (dict "name" $val.clusterRole.name "context" $) }} 124 | subjects: 125 | - kind: ServiceAccount 126 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 127 | namespace: {{ $.Release.Namespace | quote }} 128 | {{- else }} 129 | --- 130 | apiVersion: rbac.authorization.k8s.io/v1 131 | kind: ClusterRoleBinding 132 | metadata: 133 | name: {{ include "helpers.app.fullname" (dict "name" $val.clusterRole.name "context" $) }} 134 | labels: 135 | {{- include "helpers.app.labels" $ | nindent 4 }} 136 | {{- with $general.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 137 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 138 | annotations: 139 | {{- include "helpers.app.genericAnnotations" $ | indent 4 }} 140 | {{- with $general.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 141 | {{- with .annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 142 | roleRef: 143 | apiGroup: rbac.authorization.k8s.io 144 | kind: ClusterRole 145 | name: {{ $val.clusterRole.name }} 146 | subjects: 147 | - kind: ServiceAccount 148 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 149 | namespace: {{ $.Release.Namespace | quote }} 150 | {{- end }} 151 | {{- end }} 152 | {{- end }} 153 | {{- end }} 154 | 155 | 156 | -------------------------------------------------------------------------------- /templates/servicemonitor.yml: -------------------------------------------------------------------------------- 1 | {{- range $name, $sm := .Values.serviceMonitors }} 2 | --- 3 | kind: ServiceMonitor 4 | apiVersion: monitoring.coreos.com/v1 5 | metadata: 6 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 7 | namespace: {{ $.Release.Namespace | quote }} 8 | labels: 9 | {{- include "helpers.app.labels" $ | nindent 4 }} 10 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 11 | spec: 12 | endpoints: 13 | {{- include "helpers.tplvalues.render" (dict "value" .endpoints "context" $) | nindent 4 }} 14 | selector: 15 | matchLabels: 16 | {{- include "helpers.app.selectorLabels" $ | nindent 6 }} 17 | {{- with $.Values.generic.extraSelectorLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 6 }}{{- end -}} 18 | {{- with .extraSelectorLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 6 }}{{- end -}} 19 | {{- end }} 20 | 21 | {{- range $name, $sm := .Values.servicemonitors }} 22 | --- 23 | kind: ServiceMonitor 24 | apiVersion: monitoring.coreos.com/v1 25 | metadata: 26 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 27 | namespace: {{ $.Release.Namespace | quote }} 28 | labels: 29 | {{- include "helpers.app.labels" $ | nindent 4 }} 30 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 31 | spec: 32 | endpoints: 33 | {{- include "helpers.tplvalues.render" (dict "value" .endpoints "context" $) | nindent 4 }} 34 | selector: 35 | matchLabels: 36 | {{- include "helpers.app.selectorLabels" $ | nindent 6 }} 37 | {{- with $.Values.generic.extraSelectorLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 6 }}{{- end -}} 38 | {{- with .extraSelectorLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 6 }}{{- end -}} 39 | {{- end }} 40 | -------------------------------------------------------------------------------- /templates/statefulset.yml: -------------------------------------------------------------------------------- 1 | {{- $general := $.Values.statefulSetsGeneral -}} 2 | {{- range $name, $sts := .Values.statefulSets }} 3 | {{- if not (.disabled | default false) }} 4 | --- 5 | apiVersion: {{ include "helpers.capabilities.statefulSet.apiVersion" $ }} 6 | kind: StatefulSet 7 | metadata: 8 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 9 | namespace: {{ $.Release.Namespace }} 10 | labels: 11 | {{- include "helpers.app.labels" $ | nindent 4 }} 12 | {{- with $general.labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 13 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 14 | annotations: 15 | {{- include "helpers.app.genericAnnotations" $ | indent 4 }} 16 | {{- with .annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 17 | spec: 18 | replicas: {{ .replicas | default 1 }} 19 | {{- with .strategy }} 20 | strategy: {{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} 21 | {{- end }} 22 | serviceName: {{ include "helpers.app.fullname" (dict "name" .serviceName "context" $) }} 23 | {{- with .minReadySeconds }}minReadySeconds: {{ . }}{{- end }} 24 | selector: 25 | matchLabels: 26 | {{- include "helpers.app.selectorLabels" $ | nindent 6 }} 27 | {{- with .extraSelectorLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 6 }}{{- end }} 28 | template: 29 | metadata: 30 | labels: 31 | {{- include "helpers.app.selectorLabels" $ | nindent 8 }} 32 | {{- with .extraSelectorLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 33 | {{- with $.Values.generic.podLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 34 | {{- with .podLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 35 | annotations: 36 | {{- with $.Values.generic.podAnnotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 37 | {{- with .podAnnotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}{{- end }} 38 | spec: 39 | {{- include "helpers.pod" (dict "value" . "general" $general "name" $name "extraLabels" .extraSelectorLabels "context" $) | indent 6 }} 40 | {{- with .volumeClaimTemplates }} 41 | volumeClaimTemplates: 42 | {{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} 43 | {{- end }} 44 | {{- end }} 45 | {{- end }} 46 | -------------------------------------------------------------------------------- /templates/svc.yml: -------------------------------------------------------------------------------- 1 | {{- range $name, $s := $.Values.services }} 2 | --- 3 | kind: Service 4 | apiVersion: v1 5 | metadata: 6 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 7 | namespace: {{ $.Release.Namespace | quote }} 8 | labels: 9 | {{- include "helpers.app.labels" $ | nindent 4 }} 10 | {{- with .labels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 11 | annotations: 12 | {{- with $.Values.generic.annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 13 | {{- with .annotations }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 14 | spec: 15 | {{- if not (empty .clusterIP ) }} 16 | clusterIP: {{ .clusterIP }} 17 | {{- end }} 18 | {{- if not (empty .type) }} 19 | type: {{ .type }} 20 | {{- if eq .type "LoadBalancer" }} 21 | {{- if not (empty .loadBalancerIP) }} 22 | loadBalancerIP: {{ .loadBalancerIP }} 23 | {{- end }} 24 | {{- if not (empty .loadBalancerClass) }} 25 | loadBalancerClass: {{ .loadBalancerClass }} 26 | {{- end }} 27 | {{- if not ( or (.allocateLoadBalancerNodePorts) (eq (.allocateLoadBalancerNodePorts | toString) "") ) }} 28 | allocateLoadBalancerNodePorts: false 29 | {{- end }} 30 | {{- if empty .externalTrafficPolicy }} 31 | externalTrafficPolicy: "Cluster" 32 | {{- else }} 33 | externalTrafficPolicy: {{ .externalTrafficPolicy }} 34 | {{- end }} 35 | {{- if .loadBalancerSourceRanges }} 36 | loadBalancerSourceRanges: 37 | {{- toYaml .loadBalancerSourceRanges | nindent 4 }} 38 | {{- end }} 39 | {{- else if (eq .type "NodePort") }} 40 | {{- if empty .externalTrafficPolicy }} 41 | externalTrafficPolicy: "Cluster" 42 | {{- else }} 43 | externalTrafficPolicy: {{ .externalTrafficPolicy }} 44 | {{- end }} 45 | {{- if not (empty .healthCheckNodePort) }} 46 | healthCheckNodePort: {{ .healthCheckNodePort }} 47 | {{- end }} 48 | {{- end }} 49 | {{- if .externalIPs }} 50 | externalIPs: {{- toYaml .externalIPs | nindent 4 }} 51 | {{- end }} 52 | {{- end }} 53 | ports: 54 | {{- range .ports }} 55 | - name: {{ .name | default $name}} 56 | protocol: {{ .protocol | default "TCP"}} 57 | port: {{ .port }} 58 | {{- if not (empty .targetPort) }} 59 | targetPort: {{ .targetPort }} 60 | {{- end }} 61 | {{- if not (empty .nodePort) }} 62 | nodePort: {{ .nodePort }} 63 | {{- end }} 64 | {{- end }} 65 | selector: 66 | {{- include "helpers.app.selectorLabels" $ | nindent 4 }} 67 | {{- with .extraSelectorLabels }}{{- include "helpers.tplvalues.render" (dict "value" . "context" $) | nindent 4 }}{{- end }} 68 | {{- end }} 69 | -------------------------------------------------------------------------------- /templates/traefikingressroute.yml: -------------------------------------------------------------------------------- 1 | {{- if or ($.Capabilities.APIVersions.Has "traefik.io/v1alpha1") ($.Capabilities.APIVersions.Has "traefik.containo.us/v1alpha1") }} 2 | {{- range $name, $ingressroutes := .Values.ingressroutes }} 3 | --- 4 | kind: IngressRoute 5 | apiVersion: {{ include "helpers.capabilities.traefik.apiVersion" $ }} 6 | metadata: 7 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 8 | labels: 9 | {{- include "helpers.app.labels" $ | nindent 4 }} 10 | spec: 11 | entryPoints: 12 | {{- range .entryPoints }} 13 | - {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 14 | {{- end }} 15 | routes: 16 | {{- range $matchname, $routes := $ingressroutes.routes }} 17 | - kind: Rule 18 | match: {{ $matchname }} 19 | {{- with .priority }} 20 | priority: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 21 | {{- end }} 22 | {{- if .middlewares }} 23 | middlewares: 24 | {{- range $mdlwr := .middlewares }} 25 | - name: {{ include "helpers.tplvalues.render" (dict "value" $mdlwr.name "context" $) }} 26 | {{- with $mdlwr.namespace}} 27 | namespace: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 28 | {{- end }} 29 | {{- end }} 30 | {{- end }} 31 | services: 32 | {{- range $svcname, $svc := .services }} 33 | - name: {{ include "helpers.tplvalues.render" (dict "value" $svcname "context" $) }} 34 | {{- with $svc.namespace}} 35 | namespace: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 36 | {{- end }} 37 | {{- with $svc.passHostHeader}} 38 | passHostHeader: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 39 | {{- end }} 40 | {{- with $svc.kind}} 41 | kind: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 42 | {{- end }} 43 | {{- with $svc.port}} 44 | port: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 45 | {{- end }} 46 | {{- with $svc.responseForwardingflushInterval}} 47 | responseForwarding: 48 | flushInterval: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 49 | {{- end }} 50 | {{- with $svc.scheme}} 51 | scheme: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 52 | {{- end }} 53 | {{- with $svc.serversTransport}} 54 | serversTransport: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 55 | {{- end }} 56 | {{- with $svc.stickyCookie}} 57 | sticky: 58 | cookie: 59 | {{- with .httpOnly }} 60 | httpOnly: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 61 | {{- end }} 62 | {{- with .name }} 63 | name: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 64 | {{- end }} 65 | {{- with .secure }} 66 | secure: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 67 | {{- end }} 68 | {{- with .sameSite }} 69 | sameSite: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 70 | {{- end }} 71 | {{- with .maxAge }} 72 | maxAge: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 73 | {{- end }} 74 | {{- end }} 75 | {{- with $svc.strategy}} 76 | strategy: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 77 | {{- end }} 78 | {{- with $svc.weight}} 79 | weight: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 80 | {{- end }} 81 | {{- with $svc.nativeLB}} 82 | nativeLB: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 83 | {{- end }} 84 | {{- end }} 85 | {{- end }} 86 | {{- with .tls }} 87 | tls: 88 | {{- with .secretName }} 89 | secretName: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 90 | {{- end }} 91 | {{- with .store }} 92 | store: 93 | name: {{ include "helpers.tplvalues.render" (dict "value" .name "context" $) }} 94 | {{- with .namespace}} 95 | namespace: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 96 | {{- end }} 97 | {{- end }} 98 | {{- with .options }} 99 | options: 100 | name: {{ include "helpers.tplvalues.render" (dict "value" .name "context" $) }} 101 | {{- with .namespace}} 102 | namespace: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 103 | {{- end }} 104 | {{- end }} 105 | {{- with .certResolver }} 106 | certResolver: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 107 | {{- end }} 108 | {{- with .domains }} 109 | domains: 110 | {{- include "helpers.tplvalues.render" ( dict "value" . "context" $ ) | nindent 4 }} 111 | {{- end }} 112 | {{- end }} 113 | {{- end }} 114 | {{- end }} 115 | 116 | 117 | 118 | 119 | 120 | 121 | {{- if or ($.Capabilities.APIVersions.Has "traefik.io/v1alpha1") ($.Capabilities.APIVersions.Has "traefik.containo.us/v1alpha1") }} 122 | {{- range $name, $ingressroutestcp := .Values.ingressroutesTCP }} 123 | --- 124 | kind: IngressRouteTCP 125 | apiVersion: {{ include "helpers.capabilities.traefik.apiVersion" $ }} 126 | metadata: 127 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 128 | labels: 129 | {{- include "helpers.app.labels" $ | nindent 4 }} 130 | spec: 131 | entryPoints: 132 | {{- range .entryPoints }} 133 | - {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 134 | {{- end }} 135 | routes: 136 | {{- range $matchname, $routes := $ingressroutestcp.routes }} 137 | - kind: Rule 138 | match: {{ $matchname }} 139 | {{- with .priority }} 140 | priority: {{ . }} 141 | {{- end }} 142 | {{- if .middlewares }} 143 | middlewares: 144 | {{- range $mdlwr := .middlewares }} 145 | - name: {{ include "helpers.tplvalues.render" (dict "value" $mdlwr.name "context" $) }} 146 | {{- with $mdlwr.namespace}} 147 | namespace: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 148 | {{- end }} 149 | {{- end }} 150 | {{- end }} 151 | services: 152 | {{- range $svcname, $svc := .services }} 153 | - name: {{ include "helpers.tplvalues.render" (dict "value" $svcname "context" $) }} 154 | {{- with $svc.namespace}} 155 | namespace: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 156 | {{- end }} 157 | {{- with $svc.passHostHeader}} 158 | passHostHeader: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 159 | {{- end }} 160 | {{- with $svc.port}} 161 | port: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 162 | {{- end }} 163 | {{- with $svc.responseForwardingflushInterval}} 164 | responseForwarding: 165 | flushInterval: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 166 | {{- end }} 167 | {{- with $svc.scheme}} 168 | scheme: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 169 | {{- end }} 170 | {{- with $svc.serversTransport}} 171 | serversTransport: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 172 | {{- end }} 173 | {{- with $svc.stickyCookie}} 174 | sticky: 175 | cookie: 176 | {{- with .httpOnly }} 177 | httpOnly: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 178 | {{- end }} 179 | {{- with .name }} 180 | name: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 181 | {{- end }} 182 | {{- with .secure }} 183 | secure: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 184 | {{- end }} 185 | {{- with .sameSite }} 186 | sameSite: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 187 | {{- end }} 188 | {{- with .maxAge }} 189 | maxAge: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 190 | {{- end }} 191 | {{- end }} 192 | {{- with $svc.strategy}} 193 | strategy: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 194 | {{- end }} 195 | {{- with $svc.weight}} 196 | weight: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 197 | {{- end }} 198 | {{- with $svc.nativeLB}} 199 | nativeLB: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 200 | {{- end }} 201 | {{- end }} 202 | {{- end }} 203 | {{- with .tls }} 204 | tls: 205 | {{- with .secretName }} 206 | secretName: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 207 | {{- end }} 208 | {{- with .store }} 209 | store: 210 | name: {{ include "helpers.tplvalues.render" (dict "value" .name "context" $) }} 211 | {{- with .namespace}} 212 | namespace: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 213 | {{- end }} 214 | {{- end }} 215 | {{- with .options }} 216 | options: 217 | name: {{ include "helpers.tplvalues.render" (dict "value" .name "context" $) }} 218 | {{- with .namespace}} 219 | namespace: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 220 | {{- end }} 221 | {{- end }} 222 | {{- with .certResolver }} 223 | certResolver: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 224 | {{- end }} 225 | {{- with .domains }} 226 | domains: 227 | {{- include "helpers.tplvalues.render" ( dict "value" . "context" $ ) | nindent 4 }} 228 | {{- end }} 229 | {{- with .passthrough }} 230 | passthrough: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 231 | {{- end }} 232 | {{- end }} 233 | {{- end }} 234 | {{- end }} 235 | 236 | {{- if or ($.Capabilities.APIVersions.Has "traefik.io/v1alpha1") ($.Capabilities.APIVersions.Has "traefik.containo.us/v1alpha1") }} 237 | {{- range $name, $ingressroutesudp := .Values.ingressroutesUDP }} 238 | --- 239 | kind: IngressRouteUDP 240 | apiVersion: {{ include "helpers.capabilities.traefik.apiVersion" $ }} 241 | metadata: 242 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 243 | labels: 244 | {{- include "helpers.app.labels" $ | nindent 4 }} 245 | spec: 246 | entryPoints: 247 | {{- range .entryPoints }} 248 | - {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 249 | {{- end }} 250 | routes: 251 | - services: 252 | {{- range $svcname, $svc := $ingressroutesudp.routes }} 253 | - name: {{ include "helpers.tplvalues.render" (dict "value" $svcname "context" $) }} 254 | {{- with $svc.namespace}} 255 | namespace: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 256 | {{- end }} 257 | {{- with $svc.passHostHeader}} 258 | passHostHeader: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 259 | {{- end }} 260 | {{- with $svc.port}} 261 | port: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 262 | {{- end }} 263 | {{- end }} 264 | {{- end }} 265 | {{- end }} 266 | 267 | 268 | -------------------------------------------------------------------------------- /templates/traefikmiddleware.yml: -------------------------------------------------------------------------------- 1 | {{- if or ($.Capabilities.APIVersions.Has "traefik.io/v1alpha1") ($.Capabilities.APIVersions.Has "traefik.containo.us/v1alpha1") }} 2 | {{- range $name, $middlewares := .Values.middlewares }} 3 | --- 4 | kind: Middleware 5 | apiVersion: {{ include "helpers.capabilities.traefik.apiVersion" $ }} 6 | metadata: 7 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 8 | labels: 9 | {{- include "helpers.app.labels" $ | nindent 4 }} 10 | spec: 11 | {{- include "helpers.tplvalues.render" ( dict "value" . "context" $ ) | nindent 2 }} 12 | {{- end }} 13 | {{- end }} 14 | 15 | {{- if or ($.Capabilities.APIVersions.Has "traefik.io/v1alpha1") ($.Capabilities.APIVersions.Has "traefik.containo.us/v1alpha1") }} 16 | {{- range $name, $middlewares := .Values.middlewaresTCP }} 17 | --- 18 | kind: MiddlewareTCP 19 | apiVersion: {{ include "helpers.capabilities.traefik.apiVersion" $ }} 20 | metadata: 21 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 22 | labels: 23 | {{- include "helpers.app.labels" $ | nindent 4 }} 24 | spec: 25 | {{- include "helpers.tplvalues.render" ( dict "value" . "context" $ ) | nindent 2 }} 26 | {{- end }} 27 | {{- end }} -------------------------------------------------------------------------------- /templates/traefikserverstransport.yml: -------------------------------------------------------------------------------- 1 | {{- if or ($.Capabilities.APIVersions.Has "traefik.io/v1alpha1") ($.Capabilities.APIVersions.Has "traefik.containo.us/v1alpha1") }} 2 | {{- range $name, $serverstransport := .Values.ServersTransport }} 3 | --- 4 | kind: ServersTransport 5 | apiVersion: {{ include "helpers.capabilities.traefik.apiVersion" $ }} 6 | metadata: 7 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 8 | labels: 9 | {{- include "helpers.app.labels" $ | nindent 4 }} 10 | spec: 11 | {{- include "helpers.tplvalues.render" ( dict "value" . "context" $ ) | nindent 2 }} 12 | {{- end }} 13 | {{- end }} 14 | 15 | {{- if or ($.Capabilities.APIVersions.Has "traefik.io/v1alpha1") ($.Capabilities.APIVersions.Has "traefik.containo.us/v1alpha1") }} 16 | {{- range $name, $serverstransport := .Values.ServersTransportTCP }} 17 | --- 18 | kind: ServersTransportTCP 19 | apiVersion: {{ include "helpers.capabilities.traefik.apiVersion" $ }} 20 | metadata: 21 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 22 | labels: 23 | {{- include "helpers.app.labels" $ | nindent 4 }} 24 | spec: 25 | {{- include "helpers.tplvalues.render" ( dict "value" . "context" $ ) | nindent 2 }} 26 | {{- end }} 27 | {{- end }} -------------------------------------------------------------------------------- /templates/traefikservice.yml: -------------------------------------------------------------------------------- 1 | {{- if or ($.Capabilities.APIVersions.Has "traefik.io/v1alpha1") ($.Capabilities.APIVersions.Has "traefik.containo.us/v1alpha1") }} 2 | {{- range $name, $traefikservices := .Values.traefikservices }} 3 | --- 4 | kind: TraefikService 5 | apiVersion: {{ include "helpers.capabilities.traefik.apiVersion" $ }} 6 | metadata: 7 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 8 | labels: 9 | {{- include "helpers.app.labels" $ | nindent 4 }} 10 | spec: 11 | {{- include "helpers.tplvalues.render" ( dict "value" . "context" $ ) | nindent 2 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /templates/traefiktls.yml: -------------------------------------------------------------------------------- 1 | {{- if or ($.Capabilities.APIVersions.Has "traefik.io/v1alpha1") ($.Capabilities.APIVersions.Has "traefik.containo.us/v1alpha1") }} 2 | {{- range $name, $tlsopt := .Values.TLSOptions }} 3 | --- 4 | kind: TLSOption 5 | apiVersion: {{ include "helpers.capabilities.traefik.apiVersion" $ }} 6 | metadata: 7 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 8 | labels: 9 | {{- include "helpers.app.labels" $ | nindent 4 }} 10 | spec: 11 | {{- with .minVersion }} 12 | minVersion: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 13 | {{- end }} 14 | {{- with .minVersion }} 15 | maxVersion: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 16 | {{- end }} 17 | {{- with .curvePreferences }} 18 | curvePreferences: 19 | {{- include "helpers.tplvalues.render" ( dict "value" . "context" $ ) | nindent 4 }} 20 | {{- end }} 21 | {{- with .cipherSuites }} 22 | cipherSuites: 23 | {{- include "helpers.tplvalues.render" ( dict "value" . "context" $ ) | nindent 4 }} 24 | {{- end }} 25 | {{- with .clientAuth }} 26 | clientAuth: 27 | {{- include "helpers.tplvalues.render" ( dict "value" . "context" $ ) | nindent 4 }} 28 | {{- end }} 29 | {{- with .sniStrict }} 30 | sniStrict: {{ include "helpers.tplvalues.render" ( dict "value" . "context" $ ) }} 31 | {{- end }} 32 | {{- with .alpnProtocols }} 33 | alpnProtocols: 34 | {{- include "helpers.tplvalues.render" ( dict "value" . "context" $ ) | nindent 4 }} 35 | {{- end }} 36 | {{- end }} 37 | {{- end }} 38 | 39 | {{- if or ($.Capabilities.APIVersions.Has "traefik.io/v1alpha1") ($.Capabilities.APIVersions.Has "traefik.containo.us/v1alpha1") }} 40 | {{- range $name, $tlsstore := .Values.TLSStores }} 41 | --- 42 | kind: TLSStore 43 | apiVersion: {{ include "helpers.capabilities.traefik.apiVersion" $ }} 44 | metadata: 45 | name: {{ include "helpers.app.fullname" (dict "name" $name "context" $) }} 46 | labels: 47 | {{- include "helpers.app.labels" $ | nindent 4 }} 48 | spec: 49 | {{- if .certificates }} 50 | certificates: 51 | {{- range .certificates }} 52 | - secretName: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 53 | {{- end }} 54 | {{- end }} 55 | {{- with .defaultCertificate }} 56 | defaultCertificate: 57 | secretName: {{ include "helpers.tplvalues.render" (dict "value" . "context" $) }} 58 | {{- end }} 59 | {{- with .defaultGeneratedCert }} 60 | defaultGeneratedCert: 61 | {{- include "helpers.tplvalues.render" ( dict "value" . "context" $ ) | nindent 4 }} 62 | {{- end }} 63 | {{- end }} 64 | {{- end }} 65 | -------------------------------------------------------------------------------- /values.yaml: -------------------------------------------------------------------------------- 1 | # generic - values that uses by all nxs-universal-chart templates 2 | generic: 3 | labels: {} 4 | # general-label: general-label-value 5 | annotations: {} 6 | # general-annotation: general-annotation-value 7 | hookAnnotations: {} 8 | #helm.sh/hook: "pre-install,pre-upgrade" 9 | # helm.sh/hook-weight: "-999" 10 | # helm.sh/hook-delete-policy: before-hook-creation 11 | # helm.sh/resource-policy: keep 12 | # default annotation that will be added to configmaps and secrets 13 | # docs: https://helm.sh/docs/topics/charts_hooks/ 14 | # necessary this default hooks if it used in other hooks, see a note 15 | # https://github.com/helm/helm/issues/2622#issuecomment-526519546 16 | # but the resources with hooks currently not tracked or managed as part of the release 17 | # i.e. configmap with helm-hooks will not removed when release has removed 18 | # https://helm.sh/docs/topics/charts_hooks/#hook-resources-are-not-managed-with-corresponding-releases 19 | extraSelectorLabels: {} 20 | # label: special 21 | podLabels: {} 22 | # pod-label: some 23 | podAnnotations: {} 24 | # checksum/envs: '{{ include "helpers.workload.checksum" (printf "%s%s" $.Values.envs $.Values.envsString) }}' 25 | # checksum/secret-envs: '{{ include "helpers.workload.checksum" (printf "%s%s" $.Values.secretEnvs $.Values.secretEnvsString) }}' 26 | # pod-annotation: true 27 | extraVolumes: [] 28 | #- name: cache 29 | # emptyDir: {} 30 | extraImagePullSecrets: [] 31 | #- name: regcred 32 | usePredefinedAffinity: true 33 | 34 | # Predefined Affinity block 35 | # Pod affinity preset 36 | # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity 37 | # Allowed values: soft, hard, nil 38 | podAffinityPreset: soft 39 | 40 | # Pod anti-affinity preset 41 | # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity 42 | # Allowed values: soft, hard, nil 43 | podAntiAffinityPreset: soft 44 | 45 | # Node affinity preset 46 | # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity 47 | nodeAffinityPreset: 48 | # Node affinity type 49 | # Allowed values: soft, hard 50 | type: "" 51 | # Node label key to match 52 | # E.g. 53 | # key: "kubernetes.io/e2e-az-name" 54 | key: "" 55 | # Node label values to match 56 | # E.g. 57 | # values: 58 | # - e2e-az1 59 | # - e2e-az2 60 | values: [] 61 | 62 | # Release name used by default. To make it empty use "-" 63 | releasePrefix: "" 64 | 65 | # --set "envs.FOO=bar,envs.TEST=true" 66 | envs: {} 67 | # BAR: foo 68 | # TEST: true 69 | 70 | # --set "envsString=$ENVS_STRING" 71 | envsString: "" 72 | #envsString: | 73 | # BAR2: foo2 74 | 75 | # --set "secretEnvs.FOO=bar" 76 | secretEnvs: {} 77 | # FOO: bar 78 | 79 | # --set "secretEnvsString=$SECRET_ENVS_STRING" 80 | secretEnvsString: "" 81 | #secretEnvsString: | 82 | # FOO: BAR 83 | 84 | imagePullSecrets: {} 85 | # registry.org: | 86 | # {"auths":{"registry.org":{"auth":"cnd1c2VyOnNlY3VyZVBANXM="}}} 87 | # registry.org-rw: b64:eyJhdXRocyI6eyJyZWdpc3RyeS5vcmciOnsiYXV0aCI6ImNuZDFjMlZ5T25ObFkzVnlaVkJBTlhNPSJ9fX0= 88 | 89 | diagnosticMode: 90 | enabled: false 91 | command: ["sleep"] 92 | args: ["infinity"] 93 | 94 | defaultImage: nginx 95 | defaultImageTag: latest 96 | defaultImagePullPolicy: "IfNotPresent" 97 | 98 | ingresses: {} 99 | # nixys.io: 100 | # annotations: 101 | # nginx.ingress.kubernetes.io/ssl-redirect: "true" 102 | # nginx.ingress.kubernetes.io/proxy-body-size: "128m" 103 | # certManager: 104 | # issuerType: cluster-issuer 105 | # issuerName: letsencrypt 106 | # hosts: 107 | # - paths: 108 | # - serviceName: nginx 109 | # servicePort: http 110 | # nixys.org: 111 | # annotations: 112 | # nginx.ingress.kubernetes.io/ssl-redirect: "true" 113 | # hosts: 114 | # - paths: 115 | # - path: /api 116 | # servicePort: api 117 | # - hostname: nixys.com 118 | # paths: 119 | # - path: /api 120 | # servicePort: api 121 | # extraTls: 122 | # - hosts: 123 | # - nixys.com 124 | # - nixys.org 125 | # secretName: "nixys-tls" 126 | 127 | 128 | services: {} 129 | # nginx: 130 | # clusterIP: None 131 | # ports: 132 | # - name: http 133 | # protocol: TCP 134 | # port: 8080 135 | # extraSelectorLabels: 136 | # app: my-nginx 137 | 138 | 139 | 140 | deploymentsGeneral: {} 141 | deployments: {} 142 | # nginx: 143 | # labels: {} 144 | # podLabels: {} 145 | # podAnnotations: 146 | # checksum/api-key: '{{ include "helpers.workload.checksum" $.Values.secrets.webadmin }}' 147 | # replicas: 2 148 | # extraSelectorLabels: 149 | # app: my-nginx 150 | # serviceAccountName: deployer 151 | # #affinity: 152 | # # nodeAffinity: 153 | # # requiredDuringSchedulingIgnoredDuringExecution: 154 | # # nodeSelectorTerms: 155 | # # - matchExpressions: 156 | # # - key: node-role 157 | # # operator: In 158 | # # values: 159 | # # - prod 160 | # containers: 161 | # - name: nginx 162 | # #image: nginx 163 | # #imageTag: 1.19 164 | # #imagePullPolicy: Always 165 | # env: 166 | # - name: MY_ENV 167 | # value: "1234" 168 | # - name: QTE 169 | # value: safn8 170 | # envsFromSecret: 171 | # webadmin: 172 | # - JAVA_OPTS: JVM_OPTS 173 | # - QWE 174 | # envSecrets: 175 | # - secret-envs 176 | # envsFromConfigmap: 177 | # some-cm: 178 | # - LEL: LOL 179 | # envConfigmaps: 180 | # - envs 181 | # #ports: 182 | # #- name: http 183 | # # containerPort: 8080 184 | # volumeMounts: 185 | # - name: secret-file 186 | # mountPath: /var/lib/secret 187 | # - name: app-pvc 188 | # mountPath: /var/www/html/files 189 | # volumes: 190 | # - name: secret-file 191 | # type: secret 192 | # - name: app-data 193 | # type: pvc 194 | 195 | statefulSetsGeneral: {} 196 | statefulSets: {} 197 | 198 | serviceAccount: {} 199 | # firstaccount: 200 | # role: 201 | # name: test-role 202 | # rules: 203 | # - apiGroups: 204 | # - "" 205 | # - apps 206 | # - extensions 207 | # resources: 208 | # - replicasets 209 | # - pods 210 | # - deployments 211 | # verbs: 212 | # - list 213 | # - watch 214 | # - create 215 | # - update 216 | # - get 217 | # - delete 218 | # clusterRole: 219 | # name: view 220 | # secondaccount: {} 221 | # thirdaccount: 222 | # clusterRole: 223 | # name: thirdaccountclusterrole 224 | # rules: 225 | # - apiGroups: ["stable.example.com"] 226 | # resources: ["crontabs"] 227 | # verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] 228 | 229 | secrets: {} 230 | # --set "secrets.secret-file.data.api\.key=$SOME_ENV" 231 | #secret-file: 232 | # data: 233 | # api.key: |- 234 | # JFczZwReBkJFczZwReBkJFczZwReBkJFczZwReBk 235 | ## --set "secrets.test1.labels.blah=blah,secrets.test1.data.BAR=foo" 236 | #test1: 237 | # labels: 238 | # blah: blah 239 | # data: 240 | # BAR: foo 241 | ## --set-file "secrets.domain-tls.type=kubernetes.io\/tls,secrets.domain-tls.data.tls\.crt=path/to/tls.crt,secrets.domain-tls.data.tls\.key=path/to/tls.key" 242 | #nixys-tls: 243 | # type: kubernetes.io/tls 244 | # data: 245 | # tls.crt: |- 246 | # -----BEGIN CERTIFICATE----- 247 | # MIIC2DCCAcCgAwIBAgIBATANBgkqh 248 | # -----END CERTIFICATE----- 249 | # tls.key: |- 250 | # -----BEGIN RSA PRIVATE KEY----- 251 | # MIIEowIBAAKCAQEA1//LmU7tdWt/fgbqh1Feh+JFczZwReBkkyW 252 | # -----END RSA PRIVATE KEY----- 253 | ## --set "secrets.json-file.data.file\.json=$(printf %q $(cat file.json))" 254 | ## --set-file "secrets.json-file.data.file\.json=path/to/file.json" 255 | #json-file: 256 | # data: 257 | # file.json: { 258 | # "arg": "value" 259 | # } 260 | 261 | sealedSecrets: {} 262 | # test: 263 | # encryptedData: 264 | # foo: Yy3LvlaCgEWV50VrNY4Aow/X 265 | # bar: |- 266 | # fjVmoxIulUKX5IAserbCpw/Y 267 | 268 | configMaps: {} 269 | #some-cm: 270 | # labels: 271 | # kek: lol 272 | # data: 273 | # LOL: kek 274 | #json-file: 275 | # data: 276 | # file.json: { 277 | # "arg": "value" 278 | # } 279 | 280 | # All PVSs will be added to `volumes` block in each workload excluding hooks 281 | pvcs: {} 282 | # app-data: 283 | # accessModes: 284 | # - ReadWriteOnce 285 | # - ReadWriteMany 286 | # size: 8Gi 287 | 288 | hooksGeneral: {} 289 | hooks: {} 290 | # migration-up: 291 | # containers: 292 | # - image: registry.app.ru/app-migration 293 | # args: 294 | # - up 295 | # envFrom: 296 | # - secretRef: 297 | # name: server-env 298 | 299 | cronJobsGeneral: {} 300 | cronJobs: {} 301 | # generate-data: 302 | # schedule: "*/5 * * * *" 303 | # command: "php yii crontab/generate-data" 304 | # singleOnly: true 305 | # commandDurationAlert: 600 306 | # commandMaxDuration: 800 307 | # volumeMounts: 308 | # - name: secret-file 309 | # mountPath: /etc/app 310 | # readOnly: true 311 | # volumes: 312 | # - name: secret-file 313 | # type: secret 314 | # items: 315 | # - key: app.conf 316 | # mode: 0600 317 | # path: app.conf 318 | # auto-sender: 319 | # schedule: "*/5 * * * *" 320 | # command: "php yii crontab/auto-sender" 321 | 322 | jobsGeneral: {} 323 | jobs: {} 324 | # refresh-cache: 325 | # command: "php yii crontab/refresh-cache" 326 | # commandDurationAlert: 30 327 | # commandMaxDuration: 60 328 | 329 | serviceAccountGeneral: {} 330 | # annotations: 331 | # test: test2 332 | 333 | serviceMonitors: {} 334 | # app-sm: 335 | # endpoints: 336 | # - interval: 30s 337 | # port: exporter 338 | # path: /metrics 339 | # extraSelectorLabels: 340 | # app: nginx 341 | # labels: 342 | # foo: foo 343 | 344 | extraDeploy: {} 345 | # net-pol: |- 346 | # apiVersion: networking.k8s.io/v1 347 | # kind: NetworkPolicy 348 | # metadata: 349 | # name: {{ include "helpers.app.fullname" (dict "name" "nw-policy" "context" $) }} 350 | # namespace: {{ .Release.Namespace | quote }} 351 | # spec: 352 | # podSelector: 353 | # matchLabels: 354 | # role: db 355 | # policyTypes: 356 | # - Ingress 357 | # - Egress 358 | # ingress: 359 | # - from: 360 | # - ipBlock: 361 | # cidr: 172.17.0.0/16 362 | # except: 363 | # - 172.17.1.0/24 364 | # - namespaceSelector: 365 | # matchLabels: 366 | # project: myproject 367 | # - podSelector: 368 | # matchLabels: 369 | # role: frontend 370 | # ports: 371 | # - protocol: TCP 372 | # port: 6379 373 | # egress: 374 | # - to: 375 | # - ipBlock: 376 | # cidr: 10.0.0.0/24 377 | # ports: 378 | # - protocol: TCP 379 | # port: 5978 380 | 381 | 382 | 383 | ingressroutes: {} 384 | # test: 385 | # entryPoints: 386 | # - test 387 | # routes: 388 | # Host(`prod-vault.ru`): 389 | # priority: 10 390 | # services: 391 | # vault-active: 392 | # port: 8200 393 | # serversTransport: vault 394 | # responseForwardingflushInterval: 10ms 395 | # stickyCookie: 396 | # httpOnly: true 397 | # name: cookie 398 | # secure: true 399 | # sameSite: none 400 | # maxAge: 42 401 | # vault-active-2: 402 | # port: 8201 403 | # serversTransport: vault 404 | # responseForwardingflushInterval: 10ms 405 | # stickyCookie: 406 | # httpOnly: false 407 | # name: cookie-2 408 | # secure: false 409 | # sameSite: none 410 | # maxAge: 42 411 | # weight: 12 412 | # passHostHeader: true 413 | # middlewares: 414 | # - name: middleware1 415 | # namespace: default 416 | # - name: test 417 | # tls: 418 | # secretName: supersecret 419 | # store: 420 | # name: storetets 421 | # namespace: default 422 | # options: 423 | # name: opt 424 | # namespace: default 425 | # certResolver: foo 426 | # domains: 427 | # - main: example.net 428 | # sans: 429 | # - a.example.net 430 | # - b.example.net 431 | 432 | middlewares: {} 433 | # testmdw: 434 | # ipWhiteList: 435 | # sourceRange: 436 | # - 192.144.48.8 437 | # - 192.144.48.9 438 | # - 10.220.250.247 439 | # test-2: 440 | # redirectScheme: 441 | # permanent: true 442 | # scheme: https 443 | 444 | ingressroutesUDP: {} 445 | # test: 446 | # entryPoints: 447 | # - test 448 | # routes: 449 | # vault-active: 450 | # port: 8200 451 | # vault-passive: 452 | # port: 8201 453 | # weight: 12 454 | 455 | traefikservices: {} 456 | # test: 457 | # mirroring: 458 | # name: svc1 459 | # port: 80 460 | # mirrors: 461 | # - name: svc2 462 | # port: 80 463 | # percent: 20 464 | # - name: svc3 465 | # kind: TraefikService 466 | # percent: 15 467 | # test2: 468 | # weighted: 469 | # services: 470 | # - name: whoami1 471 | # kind: Service 472 | # port: 80 473 | # weight: 1 474 | # sticky: 475 | # cookie: 476 | # name: lvl2 477 | # - name: whoami2 478 | # kind: Service 479 | # weight: 1 480 | # port: 80 481 | # sticky: 482 | # cookie: 483 | # name: lvl2 484 | # sticky: 485 | # cookie: 486 | # name: lvl1 487 | 488 | TLSOptions: {} 489 | # testopt: 490 | # minVersion: VersionTLS12 491 | # maxVersion: VersionTLS13 492 | # curvePreferences: 493 | # - CurveP521 494 | # - CurveP384 495 | # cipherSuites: 496 | # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 497 | # - TLS_RSA_WITH_AES_256_GCM_SHA384 498 | # clientAuth: 499 | # secretNames: 500 | # - secret-ca1 501 | # - secret-ca2 502 | # clientAuthType: VerifyClientCertIfGiven 503 | # sniStrict: true 504 | # alpnProtocols: 505 | # - foobar 506 | 507 | TLSStores: {} 508 | # teststore: 509 | # certificates: 510 | # - foo 511 | # - bar 512 | # defaultCertificate: secret 513 | # defaultGeneratedCert: 514 | # resolver: myresolver 515 | # domain: 516 | # main: example.org 517 | # sans: 518 | # - foo.example.org 519 | # - bar.example.org 520 | 521 | 522 | ServersTransport: {} 523 | # test: 524 | # serverName: foobar 525 | # insecureSkipVerify: true 526 | # rootCAsSecrets: 527 | # - foobar 528 | # - foobar 529 | # certificatesSecrets: 530 | # - foobar 531 | # - foobar 532 | # maxIdleConnsPerHost: 1 533 | # forwardingTimeouts: 534 | # dialTimeout: 42s 535 | # responseHeaderTimeout: 42s 536 | # idleConnTimeout: 42s 537 | # peerCertURI: foobar 538 | # disableHTTP2: true 539 | # spiffe: 540 | # ids: 541 | # - spiffe://trust-domain/id1 542 | # - spiffe://trust-domain/id2 543 | # trustDomain: "spiffe://trust-domain" 544 | 545 | ServersTransportTCP: {} 546 | # testtc: 547 | # dialTimeout: 42s 548 | # dialKeepAlive: 42s 549 | # terminationDelay: 42s 550 | # tls: 551 | # serverName: foobar 552 | # insecureSkipVerify: true 553 | # peerCertURI: foobar 554 | # rootCAsSecrets: 555 | # - foobar 556 | # - foobar 557 | # certificatesSecrets: 558 | # - foobar 559 | # - foobar 560 | # spiffe: 561 | # ids: 562 | # - spiffe://trust-domain/id1 563 | # - spiffe://trust-domain/id2 564 | # trustDomain: "spiffe://trust-domain" 565 | 566 | istiogateways: {} 567 | # nginx: 568 | # name: nginx-gateway 569 | # selector: 570 | # istio: ingress 571 | # servers: 572 | # - port: 573 | # number: 80 574 | # name: http 575 | # protocol: HTTP 576 | # hosts: 577 | # - "nginx.example.com" 578 | 579 | istiovirtualservices: {} 580 | # nginx: 581 | # name: nginx-virtualservice 582 | # gateways: 583 | # - nginx-gateway 584 | # hosts: 585 | # - "nginx.example.com" 586 | # http: 587 | # - match: 588 | # - uri: 589 | # prefix: "/" 590 | # route: 591 | # - destination: 592 | # host: nginx-service.default.svc.cluster.local 593 | # port: 594 | # number: 80 595 | 596 | istiodestinationrules: {} 597 | # nginx: 598 | # name: nginx-destinationrule 599 | # host: "nginx-service.default.svc.cluster.local" 600 | # trafficPolicy: 601 | # loadBalancer: 602 | # simple: ROUND_ROBIN 603 | # connectionPool: 604 | # http: 605 | # http1MaxPendingRequests: 500 606 | # maxRequestsPerConnection: 50 607 | # outlierDetection: 608 | # consecutiveGatewayErrors: 3 609 | # interval: 5s 610 | # baseEjectionTime: 15s 611 | # subsets: 612 | # - name: v1 613 | # labels: 614 | # app: nginx 615 | # trafficPolicy: 616 | # loadBalancer: 617 | # simple: LEAST_CONN 618 | # connectionPool: 619 | # tcp: 620 | # maxConnections: 200 621 | # - name: v2 622 | # labels: 623 | # version: v2 624 | # trafficPolicy: 625 | # loadBalancer: 626 | # simple: RANDOM 627 | # connectionPool: 628 | # http: 629 | # http2MaxRequests: 2000 630 | # exportTo: 631 | # - "." 632 | # - "another-namespace" --------------------------------------------------------------------------------