From 6d3bf5c29ce082e0a662d5f1bab0ce24a3bb3c87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E1=97=AA=D1=94=CE=BD=CE=B9=CE=B7=20=E1=97=B7=CF=85=D0=BD?= =?UTF-8?q?=CA=9F?= Date: Wed, 16 Dec 2020 10:03:15 -0500 Subject: [PATCH] [common] 2.0.0 (#316) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs <6213398+bjw-s@users.noreply.github.com> --- .github/ct.yaml | 1 + .github/renovate.json | 27 ---- .github/renovate.json5 | 89 +++++++++++++ .github/workflows/lint-test.yaml | 12 +- .github/workflows/release.yaml | 17 ++- charts/common-test/Chart.yaml | 14 ++ charts/common-test/ci/basic-values.yaml | 11 ++ charts/common-test/ci/codeserver-values.yaml | 27 ++++ charts/common-test/templates/common.yaml | 1 + charts/common/CHANGELOG.md | 29 +++++ charts/common/Chart.yaml | 2 +- charts/common/README.md | 4 + charts/common/templates/_all.tpl | 7 +- charts/common/templates/_daemonset.tpl | 45 +------ charts/common/templates/_deployment.tpl | 45 +------ charts/common/templates/_statefulset.tpl | 35 +---- .../addons/code-server/_codeserver.tpl | 44 +++++++ .../addons/code-server/_container.tpl | 40 ++++++ .../addons/vpn/openvpn/_container.tpl | 2 +- .../addons/vpn/wireguard/_container.tpl | 2 +- charts/common/templates/classes/_ingress.tpl | 10 ++ .../templates/lib/chart/_capabilities.tpl | 28 ++-- .../templates/lib/controller/_container.tpl | 8 +- .../common/templates/lib/controller/_pod.tpl | 53 ++++++++ .../templates/lib/controller/_probes.tpl | 42 +++--- charts/common/values.yaml | 123 ++++++++++++++++-- 26 files changed, 509 insertions(+), 209 deletions(-) delete mode 100644 .github/renovate.json create mode 100644 .github/renovate.json5 create mode 100644 charts/common-test/Chart.yaml create mode 100644 charts/common-test/ci/basic-values.yaml create mode 100644 charts/common-test/ci/codeserver-values.yaml create mode 100644 charts/common-test/templates/common.yaml create mode 100644 charts/common/CHANGELOG.md create mode 100644 charts/common/templates/addons/code-server/_codeserver.tpl create mode 100644 charts/common/templates/addons/code-server/_container.tpl create mode 100644 charts/common/templates/lib/controller/_pod.tpl diff --git a/.github/ct.yaml b/.github/ct.yaml index e261d52b..284f9074 100644 --- a/.github/ct.yaml +++ b/.github/ct.yaml @@ -5,6 +5,7 @@ chart-dirs: - charts excluded-charts: - common + - common-test chart-repos: - bitnami=https://charts.bitnami.com/bitnami - k8s-at-home=https://k8s-at-home.com/charts diff --git a/.github/renovate.json b/.github/renovate.json deleted file mode 100644 index c194f891..00000000 --- a/.github/renovate.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "enabled": true, - "commitMessagePrefix": "[{{{parentDir}}}]", - "branchTopic": "{{{parentDir}}}-{{{depNameSanitized}}}-{{{newMajor}}}{{#if isPatch}}.{{{newMinor}}}{{/if}}.x{{#if isLockfileUpdate}}-lockfile{{/if}}", - "assigneesFromCodeOwners": true, - "reviewersFromCodeOwners": true, - "suppressNotifications": ["prIgnoreNotification"], - "rebaseWhen": "conflicted", - "helm-values": { - "enabled": false - }, - "helmv3": { - "fileMatch": ["charts/.+/Chart\\.yaml$"] - }, - "packageRules": [ - { - "updateTypes": ["major"], - "bumpVersion": "major", - "labels": ["dependency/major"] - }, - { - "updateTypes": ["minor", "patch"], - "bumpVersion": "minor", - "labels": ["dependency/minor"] - } - ] -} diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 00000000..4ca083e8 --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,89 @@ +{ + "enabled": true, + "dependencyDashboard": true, + "dependencyDashboardTitle": "Renovate Dashboard", + "commitMessagePrefix": "[{{{parentDir}}}]", + "branchTopic": "{{{parentDir}}}-{{{depNameSanitized}}}-{{{newMajor}}}{{#if isPatch}}.{{{newMinor}}}{{/if}}.x{{#if isLockfileUpdate}}-lockfile{{/if}}", + "assigneesFromCodeOwners": true, + "reviewersFromCodeOwners": true, + "suppressNotifications": ["prIgnoreNotification"], + "rebaseWhen": "conflicted", + "prConcurrentLimit": 5, + "helm-values": { + "enabled": false + }, + "helmv3": { + "fileMatch": ["charts/.+/Chart\\.yaml$"] + }, + "packageRules": [ + // + // Common library dep + // + { + "datasources": ["helmv3"], + "updateTypes": ["major"], + "bumpVersion": "major", + "labels": ["dependency/major"], + "packageNames": [ + "common" + ] + }, + { + "datasources": ["helmv3"], + "updateTypes": ["minor"], + "bumpVersion": "minor", + "labels": ["dependency/minor"], + "packageNames": [ + "common" + ] + }, + { + "datasources": ["helmv3"], + "updateTypes": ["patch"], + "bumpVersion": "patch", + "labels": ["dependency/patch"], + "packageNames": [ + "common" + ] + }, + // + // Other library deps + // + { + "datasources": ["helmv3"], + "updateTypes": ["major"], + "bumpVersion": "major", + "labels": ["dependency/major"], + "excludePackageNames": [ + "common" + ], + "schedule": [ + "every 3 months on the first day of the month" + ] + }, + { + "datasources": ["helmv3"], + "updateTypes": ["minor"], + "bumpVersion": "minor", + "labels": ["dependency/minor"], + "excludePackageNames": [ + "common" + ], + "schedule": [ + "every 2 months on the first day of the month" + ] + }, + { + "datasources": ["helmv3"], + "updateTypes": ["patch"], + "bumpVersion": "patch", + "labels": ["dependency/patch"], + "excludePackageNames": [ + "common" + ], + "schedule": [ + "every 1 months on the first day of the month" + ] + } + ] +} diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 43216ce2..b7a1c18a 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -31,6 +31,11 @@ jobs: echo "::set-output name=changed::true" fi + changed_unfiltered=$(ct list-changed --config .github/ct.yaml --excluded-charts "") + if [[ $(grep -E "^charts/common(-test)?$" <<< "$changed_unfiltered") ]]; then + echo "::set-output name=common::true" + fi + - name: Run chart-testing (lint) id: lint run: ct lint --config .github/ct.yaml @@ -38,8 +43,13 @@ jobs: - name: Create kind cluster uses: helm/kind-action@v1.1.0 - if: steps.list-changed.outputs.changed == 'true' + if: steps.list-changed.outputs.changed == 'true' || steps.list-changed.outputs.common == 'true' - name: Run chart-testing (install) run: ct install --config .github/ct.yaml if: steps.list-changed.outputs.changed == 'true' + + - name: Run chart-testing (common-test) + run: | + ct install --config .github/ct.yaml --charts 'charts/common-test' + if: steps.list-changed.outputs.common == 'true' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index dcb5617c..30316403 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - name: Block concurrent releases + - name: Block concurrent jobs uses: softprops/turnstyle@v1 with: continue-after-seconds: 180 @@ -23,6 +23,13 @@ jobs: needs: pre-release runs-on: ubuntu-latest steps: + - name: Block concurrent jobs + uses: softprops/turnstyle@v1 + with: + continue-after-seconds: 180 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Checkout uses: actions/checkout@v2 with: @@ -52,6 +59,13 @@ jobs: needs: release runs-on: ubuntu-latest steps: + - name: Block concurrent jobs + uses: softprops/turnstyle@v1 + with: + continue-after-seconds: 180 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Checkout uses: actions/checkout@v2 with: @@ -66,6 +80,7 @@ jobs: - name: Commit and push timestamp updates run: | if [[ -f index.yaml ]]; then + git pull export generated_date=$(date --utc +%FT%T.%9NZ) sed -i -e "s/^generated:.*/generated: \"$generated_date\"/" index.yaml git add index.yaml diff --git a/charts/common-test/Chart.yaml b/charts/common-test/Chart.yaml new file mode 100644 index 00000000..e37ec330 --- /dev/null +++ b/charts/common-test/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v2 +name: common-test +description: Helper chart to test different use cases of the common library +version: 1.0.0 +keywords: + - k8s-at-home + - common +home: https://github.com/k8s-at-home/charts/tree/master/charts/common-test +maintainers: + - name: bjw-s + email: me@bjw-s.dev +dependencies: + - name: common + repository: file://../common diff --git a/charts/common-test/ci/basic-values.yaml b/charts/common-test/ci/basic-values.yaml new file mode 100644 index 00000000..55d4876a --- /dev/null +++ b/charts/common-test/ci/basic-values.yaml @@ -0,0 +1,11 @@ +image: + repository: b4bz/homer + tag: latest + pullPolicy: IfNotPresent + +service: + port: + port: 8080 + +ingress: + enabled: true diff --git a/charts/common-test/ci/codeserver-values.yaml b/charts/common-test/ci/codeserver-values.yaml new file mode 100644 index 00000000..3034f367 --- /dev/null +++ b/charts/common-test/ci/codeserver-values.yaml @@ -0,0 +1,27 @@ +image: + repository: b4bz/homer + tag: latest + pullPolicy: IfNotPresent + +service: + port: + port: 8080 + +ingress: + enabled: true + +persistence: + config: + enabled: true + emptyDir: true + mountPath: /www/assets + +addons: + codeserver: + enabled: true + workingDir: "/www/assets" + ingress: + enabled: true + volumeMounts: + - name: config + mountPath: /www/assets diff --git a/charts/common-test/templates/common.yaml b/charts/common-test/templates/common.yaml new file mode 100644 index 00000000..a6613c2c --- /dev/null +++ b/charts/common-test/templates/common.yaml @@ -0,0 +1 @@ +{{ include "common.all" . }} diff --git a/charts/common/CHANGELOG.md b/charts/common/CHANGELOG.md new file mode 100644 index 00000000..5b249ca9 --- /dev/null +++ b/charts/common/CHANGELOG.md @@ -0,0 +1,29 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [2.0.0] + +### Changed + +- :warning: Updated `probes` logic to support custom probes, it is now possible to set your own custom probes by setting the `probes.[liveness|readiness|startup].custom` value to `true` and configuring them. Default is `false`. +- :warning: `addon.vpn.imagePullPolicy` is now `addon.vpn.[openvpn|wireguard].image.pullPolicy`. Default is `IfNotPresent` +- [code-server](https://github.com/cdr/code-server) is now an `addon` like `vpn`. This enables a code-server container inside the pod which allows you to modify a configuration in a volume attached to the pod. Default for `addons.codeserver.enabled` is `false` +- Added `envFrom` for more configuration with environment variables +- Added `dnsConfig` to be configurable +- Added support for 1.19+ ingress spec +- Added this [CHANGELOG.md](CHANGELOG.md) + +### Fixed + +- `nameOverride` and `fullNameOverride` not in `values.yaml` + +## [1.7.0] + +This is the last version before starting this changelog. All sorts of cool stuff was changed, but only `git log` remembers what that was :slightly_frowning_face: + +[2.0.0]: https://github.com/k8s-at-home/charts/tree/common-2.0.0/charts/common + +[1.7.0]: https://github.com/k8s-at-home/charts/tree/common-1.7.0/charts/common diff --git a/charts/common/Chart.yaml b/charts/common/Chart.yaml index e1a2a31c..31b840b5 100644 --- a/charts/common/Chart.yaml +++ b/charts/common/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: common description: Function library for k8s-at-home charts type: library -version: 1.7.0 +version: 2.0.0 keywords: - k8s-at-home - common diff --git a/charts/common/README.md b/charts/common/README.md index eba4cbd8..9291a820 100644 --- a/charts/common/README.md +++ b/charts/common/README.md @@ -10,6 +10,10 @@ Since a lot of charts follow the same pattern this library was built to reduce m This chart provides common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. +## :star2: Changelog + +Please refer to [CHANGELOG.md](CHANGELOG.md) for an overview of notable changes to the chart. **This is especially important for major version updates!** + ## TL;DR When using one of the many charts that uses this library be sure to view this [values.yaml](./values.yaml) for configuration options. Any setting here can be used to define what values your helm deployment will use. diff --git a/charts/common/templates/_all.tpl b/charts/common/templates/_all.tpl index 57b4f4b9..0a4555e5 100644 --- a/charts/common/templates/_all.tpl +++ b/charts/common/templates/_all.tpl @@ -5,7 +5,12 @@ Main entrypoint for the common library chart. It will render all underlying temp {{- /* Merge the local chart values and the common chart defaults */ -}} {{- include "common.values.setup" . }} - {{- /* Enable OpenVPN VPN add-on if required */ -}} + {{- /* Enable code-server add-on if required */ -}} + {{- if .Values.addons.codeserver.enabled }} + {{- include "common.addon.codeserver" . }} + {{- end -}} + + {{- /* Enable VPN add-on if required */ -}} {{- if .Values.addons.vpn.enabled }} {{- include "common.addon.vpn" . }} {{- end -}} diff --git a/charts/common/templates/_daemonset.tpl b/charts/common/templates/_daemonset.tpl index 035f1b66..db624217 100644 --- a/charts/common/templates/_daemonset.tpl +++ b/charts/common/templates/_daemonset.tpl @@ -29,48 +29,5 @@ spec: labels: {{- include "common.labels.selectorLabels" . | nindent 8 }} spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "common.names.serviceAccountName" . }} - {{- with .Values.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.hostNetwork }} - hostNetwork: {{ . }} - {{- end }} - {{- with .Values.dnsPolicy }} - dnsPolicy: {{ . }} - {{- end }} - {{- with .Values.initContainers }} - initContainers: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - {{- include "common.controller.mainContainer" . | nindent 6 }} - {{- with .Values.additionalContainers }} - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with (include "common.controller.volumes" . | trim) }} - volumes: - {{- . | nindent 6 }} - {{- end }} - {{- with .Values.hostAliases }} - hostAliases: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} + {{- include "common.controller.pod" . | nindent 6 }} {{- end }} diff --git a/charts/common/templates/_deployment.tpl b/charts/common/templates/_deployment.tpl index 0a695e0a..d93503e9 100644 --- a/charts/common/templates/_deployment.tpl +++ b/charts/common/templates/_deployment.tpl @@ -34,48 +34,5 @@ spec: labels: {{- include "common.labels.selectorLabels" . | nindent 8 }} spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "common.names.serviceAccountName" . }} - {{- with .Values.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.hostNetwork }} - hostNetwork: {{ . }} - {{- end }} - {{- with .Values.dnsPolicy }} - dnsPolicy: {{ . }} - {{- end }} - {{- with .Values.initContainers }} - initContainers: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - {{- include "common.controller.mainContainer" . | nindent 6 }} - {{- with .Values.additionalContainers }} - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with (include "common.controller.volumes" . | trim) }} - volumes: - {{- . | nindent 6 }} - {{- end }} - {{- with .Values.hostAliases }} - hostAliases: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} + {{- include "common.controller.pod" . | nindent 6 }} {{- end }} diff --git a/charts/common/templates/_statefulset.tpl b/charts/common/templates/_statefulset.tpl index a692d408..5984a3c6 100644 --- a/charts/common/templates/_statefulset.tpl +++ b/charts/common/templates/_statefulset.tpl @@ -35,38 +35,5 @@ spec: labels: {{- include "common.labels.selectorLabels" . | nindent 8 }} spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "common.names.serviceAccountName" . }} - {{- with .Values.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.initContainers }} - initContainers: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - {{- include "common.controller.mainContainer" . | nindent 6 }} - {{- with .Values.additionalContainers }} - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with (include "common.controller.volumes" . | trim) }} - volumes: - {{- . | nindent 6 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} + {{- include "common.controller.pod" . | nindent 6 }} {{- end }} diff --git a/charts/common/templates/addons/code-server/_codeserver.tpl b/charts/common/templates/addons/code-server/_codeserver.tpl new file mode 100644 index 00000000..8cbb4c54 --- /dev/null +++ b/charts/common/templates/addons/code-server/_codeserver.tpl @@ -0,0 +1,44 @@ +{{/* +Template to render code-server addon +It will include / inject the required templates based on the given values. +*/}} +{{- define "common.addon.codeserver" -}} +{{- if .Values.addons.codeserver.enabled -}} + {{/* Append the code-server container to the additionalContainers */}} + {{- $container := include "common.addon.codeserver.container" . | fromYaml -}} + {{- if $container -}} + {{- $additionalContainers := append .Values.additionalContainers $container -}} + {{- $_ := set .Values "additionalContainers" $additionalContainers -}} + {{- end -}} + + {{/* Add the code-server service */}} + {{- if .Values.addons.codeserver.service.enabled -}} + {{- print ("---") | nindent 0 -}} + {{- $serviceValues := .Values.addons.codeserver.service -}} + {{- if not $serviceValues.nameSuffix -}} + {{- $_ := set $serviceValues "nameSuffix" "codeserver" -}} + {{ end -}} + {{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}} + {{- include "common.classes.service" $ -}} + {{- $_ := unset $ "ObjectValues" -}} + {{- end -}} + + {{/* Add the code-server ingress */}} + {{- if .Values.addons.codeserver.ingress.enabled -}} + {{- print ("---") | nindent 0 -}} + {{- $ingressValues := .Values.addons.codeserver.ingress -}} + {{- if not $ingressValues.nameSuffix -}} + {{- $_ := set $ingressValues "nameSuffix" "codeserver" -}} + {{ end -}} + + {{/* Determine the target service name & port */}} + {{- $svcName := printf "%v-%v" (include "common.names.fullname" .) .Values.addons.codeserver.service.nameSuffix -}} + {{- $_ := set $ingressValues "serviceName" $svcName -}} + {{- $_ := set $ingressValues "servicePort" .Values.addons.codeserver.service.port.port -}} + + {{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}} + {{- include "common.classes.ingress" $ -}} + {{- $_ := unset $ "ObjectValues" -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/common/templates/addons/code-server/_container.tpl b/charts/common/templates/addons/code-server/_container.tpl new file mode 100644 index 00000000..4d0f727c --- /dev/null +++ b/charts/common/templates/addons/code-server/_container.tpl @@ -0,0 +1,40 @@ +{{/* +The code-server sidecar container to be inserted. +*/}} +{{- define "common.addon.codeserver.container" -}} +{{- if lt (len .Values.addons.codeserver.volumeMounts) 1 }} +{{- fail "At least 1 volumeMount is required for codeserver container" }} +{{- end -}} +name: codeserver +image: "{{ .Values.addons.codeserver.image.repository }}:{{ .Values.addons.codeserver.image.tag }}" +imagePullPolicy: {{ .Values.addons.codeserver.pullPolicy }} +{{- with .Values.addons.codeserver.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.addons.codeserver.env }} +env: +{{- range $k, $v := . }} + - name: {{ $k }} + value: {{ $v | quote }} +{{- end }} +{{- end }} +ports: +- name: {{ .Values.addons.codeserver.service.port.name }} + containerPort: {{ .Values.addons.codeserver.service.port.port }} + protocol: TCP +args: +- "--port" +- "{{ .Values.addons.codeserver.service.port.port }}" +- "--auth" +- "none" +- {{ .Values.addons.codeserver.workingDir | default (first .Values.addons.codeserver.volumeMounts).mountPath }} +{{- with .Values.addons.codeserver.volumeMounts }} +volumeMounts: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.addons.codeserver.resources }} +resources: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/charts/common/templates/addons/vpn/openvpn/_container.tpl b/charts/common/templates/addons/vpn/openvpn/_container.tpl index d091ab87..9742a524 100644 --- a/charts/common/templates/addons/vpn/openvpn/_container.tpl +++ b/charts/common/templates/addons/vpn/openvpn/_container.tpl @@ -4,7 +4,7 @@ The OpenVPN sidecar container to be inserted. {{- define "common.addon.openvpn.container" -}} name: openvpn image: "{{ .Values.addons.vpn.openvpn.image.repository }}:{{ .Values.addons.vpn.openvpn.image.tag }}" -imagePullPolicy: {{ .Values.addons.vpn.imagePullPolicy }} +imagePullPolicy: {{ .Values.addons.vpn.openvpn.pullPolicy }} {{- with .Values.addons.vpn.securityContext }} securityContext: {{- toYaml . | nindent 2 }} diff --git a/charts/common/templates/addons/vpn/wireguard/_container.tpl b/charts/common/templates/addons/vpn/wireguard/_container.tpl index e996cf99..13154639 100644 --- a/charts/common/templates/addons/vpn/wireguard/_container.tpl +++ b/charts/common/templates/addons/vpn/wireguard/_container.tpl @@ -4,7 +4,7 @@ The Wireguard sidecar container to be inserted. {{- define "common.addon.wireguard.container" -}} name: wireguard image: "{{ .Values.addons.vpn.wireguard.image.repository }}:{{ .Values.addons.vpn.wireguard.image.tag }}" -imagePullPolicy: {{ .Values.addons.vpn.imagePullPolicy }} +imagePullPolicy: {{ .Values.addons.vpn.wireguard.pullPolicy }} {{- with .Values.addons.vpn.securityContext }} securityContext: {{- toYaml . | nindent 2 }} diff --git a/charts/common/templates/classes/_ingress.tpl b/charts/common/templates/classes/_ingress.tpl index acf8814d..b59a324e 100644 --- a/charts/common/templates/classes/_ingress.tpl +++ b/charts/common/templates/classes/_ingress.tpl @@ -43,9 +43,19 @@ spec: paths: {{- range .paths }} - path: {{ .path }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + pathType: Prefix + {{- end }} backend: + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + service: + name: {{ $svcName }} + port: + number: {{ $svcPort }} + {{- else }} serviceName: {{ $svcName }} servicePort: {{ $svcPort }} + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/common/templates/lib/chart/_capabilities.tpl b/charts/common/templates/lib/chart/_capabilities.tpl index 05a8c6d7..a9cdd411 100644 --- a/charts/common/templates/lib/chart/_capabilities.tpl +++ b/charts/common/templates/lib/chart/_capabilities.tpl @@ -2,10 +2,10 @@ Return the appropriate apiVersion for DaemonSet objects. */}} {{- define "common.capabilities.daemonset.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} +{{- if .Capabilities.APIVersions.Has "apps/v1/DaemonSet" -}} {{- print "apps/v1" -}} +{{- else -}} +{{- print "extensions/v1beta1" -}} {{- end -}} {{- end -}} @@ -13,10 +13,10 @@ Return the appropriate apiVersion for DaemonSet objects. Return the appropriate apiVersion for Deployment objects. */}} {{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} +{{- if .Capabilities.APIVersions.Has "apps/v1/Deployment" -}} {{- print "apps/v1" -}} +{{- else -}} +{{- print "extensions/v1beta1" -}} {{- end -}} {{- end -}} @@ -24,10 +24,10 @@ Return the appropriate apiVersion for Deployment objects. Return the appropriate apiVersion for StatefulSet objects. */}} {{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1beta1" -}} -{{- else -}} +{{- if .Capabilities.APIVersions.Has "apps/v1/StatefulSet" -}} {{- print "apps/v1" -}} +{{- else -}} +{{- print "apps/v1beta1" -}} {{- end -}} {{- end -}} @@ -35,9 +35,11 @@ Return the appropriate apiVersion for StatefulSet objects. Return the appropriate apiVersion for Ingress objects. */}} {{- define "common.capabilities.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} +{{- print "networking.k8s.io/v1" -}} +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} {{- print "networking.k8s.io/v1beta1" -}} -{{- end -}} +{{- else -}} +{{- print "extensions/v1beta1" -}} +{{- end }} {{- end -}} diff --git a/charts/common/templates/lib/controller/_container.tpl b/charts/common/templates/lib/controller/_container.tpl index 4fbc9ceb..2284bae9 100644 --- a/charts/common/templates/lib/controller/_container.tpl +++ b/charts/common/templates/lib/controller/_container.tpl @@ -19,6 +19,10 @@ The main container included in the controller. value: {{ $value | quote }} {{- end }} {{- end }} + {{- with .Values.envFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} {{- include "common.controller.ports" . | trim | nindent 2 }} volumeMounts: {{- range $index, $PVC := .Values.persistence }} @@ -30,9 +34,7 @@ The main container included in the controller. {{- if .Values.additionalVolumeMounts }} {{- toYaml .Values.additionalVolumeMounts | nindent 2 }} {{- end }} - - {{- include "common.controller.probes.tcpSocket" . | nindent 2 }} - + {{- include "common.controller.probes" . | nindent 2 }} {{- with .Values.resources }} resources: {{- toYaml . | nindent 4 }} diff --git a/charts/common/templates/lib/controller/_pod.tpl b/charts/common/templates/lib/controller/_pod.tpl new file mode 100644 index 00000000..1cb3701e --- /dev/null +++ b/charts/common/templates/lib/controller/_pod.tpl @@ -0,0 +1,53 @@ +{{- /* +The pod definition included in the controller. +*/ -}} +{{- define "common.controller.pod" -}} +{{- with .Values.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +serviceAccountName: {{ include "common.names.serviceAccountName" . }} +{{- with .Values.podSecurityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.hostNetwork }} +hostNetwork: {{ . }} +{{- end }} +{{- with .Values.dnsPolicy }} +dnsPolicy: {{ . }} +{{- end }} +{{- with .Values.dnsConfig }} +dnsConfig: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.initContainers }} +initContainers: + {{- toYaml . | nindent 2 }} +{{- end }} +containers: + {{- include "common.controller.mainContainer" . | nindent 0 }} + {{- with .Values.additionalContainers }} + {{- toYaml . | nindent 0 }} + {{- end }} +{{- with (include "common.controller.volumes" . | trim) }} +volumes: + {{- . | nindent 0 }} +{{- end }} +{{- with .Values.hostAliases }} +hostAliases: +{{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.nodeSelector }} +nodeSelector: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.affinity }} +affinity: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.tolerations }} +tolerations: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/charts/common/templates/lib/controller/_probes.tpl b/charts/common/templates/lib/controller/_probes.tpl index ef194ed5..a07a66ba 100644 --- a/charts/common/templates/lib/controller/_probes.tpl +++ b/charts/common/templates/lib/controller/_probes.tpl @@ -1,29 +1,21 @@ {{/* -Liveness/readiness/startup probes based on tcpSocket checks. +Probes selection logic. */}} -{{- define "common.controller.probes.tcpSocket" -}} -{{- if .Values.probes.liveness.enabled -}} -livenessProbe: - tcpSocket: - port: {{ .Values.service.port.name }} - initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }} - failureThreshold: {{ .Values.probes.liveness.failureThreshold }} - timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }} -{{- end }} -{{- if .Values.probes.readiness.enabled }} -readinessProbe: - tcpSocket: - port: {{ .Values.service.port.name }} - initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }} - failureThreshold: {{ .Values.probes.readiness.failureThreshold }} - timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }} -{{- end }} -{{- if .Values.probes.startup.enabled }} -startupProbe: - tcpSocket: - port: {{ .Values.service.port.name }} - initialDelaySeconds: {{ .Values.probes.startup.initialDelaySeconds }} - failureThreshold: {{ .Values.probes.startup.failureThreshold }} - periodSeconds: {{ .Values.probes.startup.periodSeconds }} +{{- define "common.controller.probes" -}} +{{- $svcPort := .Values.service.port.name -}} +{{- range $probeName, $probe := .Values.probes }} + {{- if $probe.enabled -}} + {{- "" | nindent 0 }} + {{- $probeName }}Probe: + {{- if $probe.custom -}} + {{- $probe.spec | toYaml | nindent 2 }} + {{- else }} + {{- "tcpSocket:" | nindent 2 }} + {{- printf "port: %v" $svcPort | nindent 4 }} + {{- printf "initialDelaySeconds: %v" $probe.spec.initialDelaySeconds | nindent 2 }} + {{- printf "failureThreshold: %v" $probe.spec.failureThreshold | nindent 2 }} + {{- printf "timeoutSeconds: %v" $probe.spec.timeoutSeconds | nindent 2 }} + {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/common/values.yaml b/charts/common/values.yaml index d2bf1408..a6ddb7e1 100644 --- a/charts/common/values.yaml +++ b/charts/common/values.yaml @@ -15,6 +15,9 @@ strategy: # Override the default args args: [] +nameOverride: "" +fullnameOverride: "" + # Set annotations on the pod podAnnotations: {} @@ -28,33 +31,64 @@ serviceAccount: name: "" env: {} +# TZ: UTC + +envFrom: [] +# - configMapRef: +# name: config-map-name +# - secretRef: +# name: secret-name # When using hostNetwork make sure you set dnsPolicy to ClusterFirstWithHostNet hostNetwork: false dnsPolicy: ClusterFirst +# Optional DNS settings, configuring the ndots option may resolve +# nslookup issues on some Kubernetes setups. +# dnsConfig: +# options: +# - name: ndots +# value: "1" + initContainers: [] additionalContainers: [] -# Probes configuration +## Probes configuration probes: liveness: enabled: true - initialDelaySeconds: 30 - failureThreshold: 5 - timeoutSeconds: 10 + ## Set this to true if you wish to specify your own livenessProbe + custom: false + ## The spec field contains the values for the default livenessProbe. + ## If you selected custom: true, this field holds the definition of the livenessProbe. + spec: + initialDelaySeconds: 30 + failureThreshold: 5 + timeoutSeconds: 10 + readiness: enabled: true - initialDelaySeconds: 30 - failureThreshold: 5 - timeoutSeconds: 10 + ## Set this to true if you wish to specify your own readinessProbe + custom: false + ## The spec field contains the values for the default readinessProbe. + ## If you selected custom: true, this field holds the definition of the readinessProbe. + spec: + initialDelaySeconds: 30 + failureThreshold: 5 + timeoutSeconds: 10 + startup: enabled: false - initialDelaySeconds: 5 - failureThreshold: 30 - periodSeconds: 10 + ## Set this to true if you wish to specify your own startupProbe + custom: false + ## The spec field contains the values for the default startupProbe. + ## If you selected custom: true, this field holds the definition of the startupProbe. + spec: + initialDelaySeconds: 5 + failureThreshold: 30 + periodSeconds: 10 service: enabled: true @@ -150,7 +184,7 @@ persistence: # subPath: some-subpath accessMode: ReadWriteOnce size: 1Gi - ## Do not delete the pvc upon helm uninstall + ## Set to true to retain the PVC upon helm uninstall skipuninstall: false # Create an emptyDir volume to share between all containers @@ -178,6 +212,8 @@ hostAliases: [] # - "www.example.com" addons: + + # Enable running a VPN in the pod to route traffic through a VPN vpn: enabled: false @@ -188,6 +224,7 @@ addons: openvpn: image: repository: dperson/openvpn-client + pullPolicy: IfNotPresent tag: latest # Credentials to connect to the VPN Service (used with -a) @@ -200,10 +237,9 @@ addons: wireguard: image: repository: k8sathome/wireguard + pullPolicy: IfNotPresent tag: 1.0.20200827 - imagePullPolicy: IfNotPresent - # Set the VPN container securityContext securityContext: capabilities: @@ -265,3 +301,64 @@ addons: # protocol: UDP # - port: 53 # protocol: TCP + + # Enable running a code-server container in the pod to access files + codeserver: + enabled: false + + image: + repository: codercom/code-server + pullPolicy: IfNotPresent + tag: 3.7.4 + + # Specify a list of volumes that get mounted in the code-server container. + # At least 1 volumeMount is required! + volumeMounts: [] + # - name: config + # mountPath: /data/config + + # Specify the working dir that will be opened when code-server starts + # If not given, the app will default to the mountpah of the first specified volumeMount + workingDir: "" + + service: + enabled: true + type: ClusterIP + # Specify the default port information + port: + port: 12321 + name: codeserver + protocol: TCP + targetPort: codeserver + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + + ingress: + enabled: false + nameSuffix: codeserver + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + hosts: + - host: code.chart-example.local + paths: + - path: / + # Ignored if not kubeVersion >= 1.14-0 + pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - code.chart-example.local + + securityContext: + runAsUser: 0