public/helm-charts
1
0
Fork 0
mirror of https://github.com/bjw-s-labs/helm-charts.git synced 2025-07-06 09:37:42 +02:00
Code Issues Projects Releases Packages Wiki Activity

feat(common): Release v4.1.2 (#430)

Browse source 
Signed-off-by: Dan Manners <daniel.a.manners@gmail.com>
Co-authored-by: Daniel Manners <daniel.a.manners@gmail.com>
This commit is contained in:
Bernd Schorgers 2025-06-23 15:47:18 +02:00
parent de383dc580
commit 42354af45b
No known key found for this signature in database
69 changed files with 1431 additions and 668 deletions
Download patch file Download diff file Expand all files Collapse all files

9
charts/library/common/Chart.yaml
View file

@ -3,7 +3,7 @@ apiVersion: v2
name: common
description: Function library for Helm charts
type: library
version: 4.1.1
version: 4.1.2
kubeVersion: ">=1.28.0-0"
keywords:
- common
@ -16,9 +16,12 @@ sources:
- https://github.com/bjw-s-labs/helm-charts
annotations:
artifacthub.io/changes: |-
- kind: changed
description: |-
Improved and standardized descriptions for JSONSchema properties.
- kind: fixed
description: |-
Fixed an edge-case bug where specifying a merge defaultPodOptionsStrategy could crash the chart.
Fixed Route validation when relying on automatic Service detection when multiple services are present.
- kind: fixed
description: |-
Fixed Route automatic service detection if there are no rules defined.
Fixed namespace validation when setting non-ServiceAccount subject in RoleBinding.

4
charts/library/common/README.md
View file

@ -1,6 +1,6 @@
# common
![Version: 4.1.1](https://img.shields.io/badge/Version-4.1.1-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square)
![Version: 4.1.2](https://img.shields.io/badge/Version-4.1.2-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square)
Function library for Helm charts
@ -31,7 +31,7 @@ Include this chart as a dependency in your `Chart.yaml` e.g.
# Chart.yaml
dependencies:
- name: common
version: 4.1.1
version: 4.1.2
repository: https://bjw-s-labs.github.io/helm-charts/
```

11
charts/library/common/schemas/configmap.json
View file

@ -1,7 +1,7 @@
{
"instance": {
"allOf": [
{ "$ref": "definitions.json#/resourceIdentifier" },
{"$ref": "definitions.json#/resourceIdentifier"},
{
"type": "object",
"additionalProperties": false,
@ -10,10 +10,12 @@
"prefix": {},
"suffix": {},
"enabled": {
"description": "Set to false to disable the ConfigMap.",
"type": "boolean",
"default": true
},
"includeInChecksum": {
"description": "Set to true to include this ConfigMap in the checksum calculation for rolling updates.",
"type": "boolean",
"default": true
},
@ -24,22 +26,21 @@
"$ref": "definitions.json#/labels"
},
"data": {
"description": "ConfigMap data content. Helm templates are supported.",
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"binaryData": {
"description": "ConfigMap binaryData content.",
"type": "object",
"additionalProperties": {
"type": "string"
}
}
},
"oneOf": [
{"required": ["data"]},
{"required": ["binaryData"]}
]
"oneOf": [{"required": ["data"]}, {"required": ["binaryData"]}]
}
]
}

31
charts/library/common/schemas/containers.json
View file

@ -5,85 +5,102 @@
"properties": {
"enabled": {
"description": "Set to false to disable the container.",
"type": "boolean",
"default": true
},
"args": {
"description": "Arguments for the container entrypoint.",
"$ref": "#/args"
},
"command": {
"description": "Command for the container entrypoint.",
"$ref": "#/command"
},
"dependsOn": {
"description": "Specify container dependencies to determine render order.",
"oneOf": [
{
"type": "array",
"items": {"type": "string"}
},
{"type": "array", "items": {"type": "string"}},
{"type": "string"}
]
},
"env": {
"description": "Environment variables for the container.",
"$ref": "#/env"
},
"envFrom": {
"description": "Secrets and/or ConfigMaps to load as environment variables.",
"$ref": "#/envFrom"
},
"image": {
"description": "Image configuration for the container.",
"$ref": "#/image"
},
"lifecycle": {
"description": "Lifecycle event hooks for the container.",
"$ref": "k8s-api.json#/core.v1.Lifecycle"
},
"nameOverride": {
"description": "Override the container name.",
"type": "string"
},
"ports": {
"description": "Ports to expose from the container.",
"type": "array",
"items": {
"$ref": "k8s-api.json#/core.v1.ContainerPort"
}
"items": {"$ref": "k8s-api.json#/core.v1.ContainerPort"}
},
"probes": {
"description": "Probe settings for the container.",
"type": "object",
"additionalProperties": false,
"properties": {
"liveness": {
"description": "Liveness probe configuration.",
"$ref": "#/probe"
},
"readiness": {
"description": "Readiness probe configuration.",
"$ref": "#/probe"
},
"startup": {
"description": "Startup probe configuration.",
"$ref": "#/probe"
}
}
},
"resources": {
"description": "Resource requests and limits for the container.",
"$ref": "k8s-api.json#/core.v1.ResourceRequirements"
},
"restartPolicy": {
"description": "Restart policy for the container.",
"type": "string"
},
"securityContext": {
"description": "Security context for the container.",
"$ref": "k8s-api.json#/core.v1.ContainerSecurityContext"
},
"stdin": {
"description": "Keep the standard input open on the container.",
"type": "boolean",
"default": false
},
"terminationMessagePath": {
"description": "Path for the container's termination message file.",
"type": "string"
},
"terminationMessagePolicy": {
"description": "How the container's termination message should be populated. Supported values: 'File', 'FallbackToLogsOnError'.",
"type": "string",
"enum": ["File", "FallbackToLogsOnError"]
},
"tty": {
"description": "Allocate a TTY for the container.",
"type": "boolean",
"default": false
},
"workingDir": {
"description": "Working directory for the container.",
"type": "string"
}
}

169
charts/library/common/schemas/controllers.json
View file

@ -1,7 +1,7 @@
{
"instance": {
"allOf": [
{ "$ref": "definitions.json#/resourceIdentifier" },
{"$ref": "definitions.json#/resourceIdentifier"},
{
"type": "object",
"additionalProperties": false,
@ -10,112 +10,96 @@
"prefix": {},
"suffix": {},
"enabled": {
"description": "Set to false to disable the controller.",
"type": "boolean",
"default": true
},
"type": {
"description": "Controller type. Supported values: deployment, daemonset, statefulset, cronjob, job.",
"type": "string",
"enum": [
"deployment",
"statefulset",
"daemonset",
"cronjob",
"job"
],
"enum": ["deployment", "statefulset", "daemonset", "cronjob", "job"],
"default": "deployment"
},
"annotations": {
"$ref": "definitions.json#/annotations"
},
"labels": {
"$ref": "definitions.json#/labels"
},
"annotations": {"$ref": "definitions.json#/annotations"},
"labels": {"$ref": "definitions.json#/labels"},
"pod": {
"description": "Pod-level options for this controller.",
"$ref": "pod.json#/options"
},
"replicas": {
"type": [
"integer",
"null"
],
"description": "Number of desired pods. Set to null when using a HorizontalPodAutoscaler.",
"type": ["integer", "null"],
"default": 1
},
"revisionHistoryLimit": {
"description": "ReplicaSet revision history limit.",
"type": "integer"
},
"rollingUpdate": {
"description": "Controller upgrade strategy options.",
"type": "object"
},
"strategy": {
"description": "Controller upgrade strategy.",
"type": "string"
},
"cronjob": {
"description": "CronJob-specific options. Required when type is cronjob.",
"$ref": "#/cronjob"
},
"job": {
"description": "Job-specific options. Required when type is job.",
"$ref": "#/job"
},
"statefulset": {
"description": "StatefulSet-specific options. Required when type is statefulset.",
"$ref": "#/statefulset"
},
"applyDefaultContainerOptionsToInitContainers": {
"description": "Apply defaultContainerOptions to initContainers.",
"type": "boolean",
"default": true
},
"defaultContainerOptionsStrategy": {
"description": "Strategy for default container options.\noverwrite: use container-level options if set.\nmerge: merge container-level options with defaults.",
"type": "string",
"default": "overwrite",
"enum": [
"overwrite",
"merge"
]
"enum": ["overwrite", "merge"]
},
"defaultContainerOptions": {
"description": "Default options for all (init)Containers. Each can be overridden on a container level.",
"type": "object",
"additionalProperties": false,
"properties": {
"args": {
"$ref": "containers.json#/args"
},
"command": {
"$ref": "containers.json#/command"
},
"env": {
"$ref": "containers.json#/env"
},
"envFrom": {
"$ref": "containers.json#/envFrom"
},
"image": {
"$ref": "containers.json#/image"
},
"resources": {
"$ref": "k8s-api.json#/core.v1.ResourceRequirements"
},
"securityContext": {
"$ref": "k8s-api.json#/core.v1.ContainerSecurityContext"
}
"args": {"$ref": "containers.json#/args"},
"command": {"$ref": "containers.json#/command"},
"env": {"$ref": "containers.json#/env"},
"envFrom": {"$ref": "containers.json#/envFrom"},
"image": {"$ref": "containers.json#/image"},
"resources": {"$ref": "k8s-api.json#/core.v1.ResourceRequirements"},
"securityContext": {"$ref": "k8s-api.json#/core.v1.ContainerSecurityContext"}
}
},
"initContainers": {
"description": "InitContainers as dictionary items.",
"type": "object",
"additionalProperties": {
"$ref": "containers.json#/container"
}
"additionalProperties": {"$ref": "containers.json#/container"}
},
"containers": {
"description": "Containers as dictionary items.",
"type": "object",
"additionalProperties": {
"$ref": "containers.json#/container"
}
"additionalProperties": {"$ref": "containers.json#/container"}
},
"serviceAccount": {
"description": "ServiceAccount used by the controller.",
"type": "object",
"properties": {
"name": {
"description": "Reference a serviceAccount by its name. Helm templates are supported.",
"type": "string"
},
"identifier": {
"description": "Reference a serviceAccount configured in this chart by its key.",
"type": "string"
}
}
@ -134,24 +118,16 @@
"not": {
"anyOf": [
{
"required": [
"statefulset"
]
"required": ["statefulset"]
},
{
"required": [
"cronjob"
]
"required": ["cronjob"]
},
{
"required": [
"job"
]
"required": ["job"]
},
{
"required": [
"daemonset"
]
"required": ["daemonset"]
}
]
}
@ -164,27 +140,19 @@
"const": "statefulset"
}
},
"required": [
"type"
]
"required": ["type"]
},
"then": {
"not": {
"anyOf": [
{
"required": [
"cronjob"
]
"required": ["cronjob"]
},
{
"required": [
"job"
]
"required": ["job"]
},
{
"required": [
"daemonset"
]
"required": ["daemonset"]
}
]
}
@ -197,9 +165,7 @@
"const": "cronjob"
}
},
"required": [
"type"
]
"required": ["type"]
},
"then": {
"allOf": [
@ -207,27 +173,19 @@
"not": {
"anyOf": [
{
"required": [
"statefulset"
]
"required": ["statefulset"]
},
{
"required": [
"job"
]
"required": ["job"]
},
{
"required": [
"daemonset"
]
"required": ["daemonset"]
}
]
}
},
{
"required": [
"cronjob"
]
"required": ["cronjob"]
}
]
}
@ -239,27 +197,19 @@
"const": "job"
}
},
"required": [
"type"
]
"required": ["type"]
},
"then": {
"not": {
"anyOf": [
{
"required": [
"statefulset"
]
"required": ["statefulset"]
},
{
"required": [
"cronjob"
]
"required": ["cronjob"]
},
{
"required": [
"daemonset"
]
"required": ["daemonset"]
}
]
}
@ -283,18 +233,12 @@
"properties": {
"whenDeleted": {
"type": "string",
"enum": [
"Delete",
"Retain"
],
"enum": ["Delete", "Retain"],
"default": "Retain"
},
"whenScaled": {
"type": "string",
"enum": [
"Delete",
"Retain"
],
"enum": ["Delete", "Retain"],
"default": "Retain"
}
}
@ -366,10 +310,7 @@
"type": "string"
}
},
"required": [
"name",
"size"
]
"required": ["name", "size"]
},
"cronjob": {
@ -416,9 +357,7 @@
"type": "integer"
}
},
"required": [
"schedule"
]
"required": ["schedule"]
},
"job": {

28
charts/library/common/schemas/definitions.json
View file

@ -3,38 +3,36 @@
"type": "object",
"properties": {
"forceRename": {
"type": "string",
"description": "Override the default resource name. This field is mutually exclusive with the prefix and suffix fields."
"description": "Override the default resource name. Mutually exclusive with prefix and suffix.",
"type": "string"
},
"prefix": {
"description": "Prefix to prepend to the resource name. Mutually exclusive with forceRename.",
"type": "string",
"description": "Prefix to prepend to the resource name. This field is mutually exclusive with the forceRename field.",
"default": ""
},
"suffix": {
"type": "string",
"description": "Suffix to append to the resource name. Defaults to the resource identifier if there are multiple items, otherwise it defaults to empty. This field is mutually exclusive with the forceRename field."
"description": "Suffix to append to the resource name. Defaults to the resource identifier if there are multiple items, otherwise empty. Mutually exclusive with forceRename.",
"type": "string"
}
},
"not" : {
"anyOf" : [
{"required" : ["forceRename", "suffix"]},
{"required" : ["forceRename", "prefix"]}
"not": {
"anyOf": [
{"required": ["forceRename", "suffix"]},
{"required": ["forceRename", "prefix"]}
]
}
},
"annotations": {
"description": "Annotations to set on the item.",
"type": ["object", "null"],
"additionalProperties": {
"type": ["string", "null"]
}
"additionalProperties": {"type": ["string", "null"]}
},
"labels": {
"description": "Labels to set on the item.",
"type": ["object", "null"],
"additionalProperties": {
"type": ["string", "null"]
}
"additionalProperties": {"type": ["string", "null"]}
}
}

42
charts/library/common/schemas/envVars.json
View file

@ -1,29 +1,40 @@
{
"envVarName": {
"description": "Environment variable name.",
"type": "string"
},
"envVarValue": {
"description": "Environment variable value.",
"type": ["string", "number", "boolean", "null"]
},
"envVarListItem": {
"description": "Environment variable as a name/value pair.",
"type": "object",
"additionalProperties": false,
"properties": {
"name": {"type": "string"},
"name": {"$ref": "#/envVarName"},
"value": {"$ref": "#/envVarValue"}
},
"required": ["name", "value"]
},
"envVarItem": {
"description": "Define an environment variable value as a dictionary item with optional dependencies.",
"type": "object",
"additionalProperties": false,
"properties": {
"value": {"$ref": "#/envVarValue"},
"dependsOn": {"$ref": "#/envVarDependsOn"}
"dependsOn": {
"$ref": "#/envVarDependsOn"
}
},
"required": ["value"]
},
"valueFromListItem": {
"description": "Define an environment variable using valueFrom syntax.",
"oneOf": [
{"$ref": "#/valueFromListItemExplicit"},
{"$ref": "#/valueFromListItemImplicit"}
@ -31,20 +42,22 @@
},
"valueFromListItemExplicit": {
"description": "Explicit valueFrom environment variable.",
"type": "object",
"additionalProperties": false,
"properties": {
"name": {"type": "string"},
"name": {"$ref": "#/envVarName"},
"valueFrom": {"$ref": "#/valueFromOptions"}
},
"required": ["name", "valueFrom"]
},
"valueFromListItemImplicit": {
"description": "Implicit valueFrom environment variable.",
"type": "object",
"additionalProperties": false,
"properties": {
"name": {"type": "string"},
"name": {"$ref": "#/envVarName"},
"fieldRef": {"$ref": "#/fieldRefSelector"},
"resourceFieldRef": {"$ref": "#/resourceFieldRefSelector"},
"secretKeyRef": {"$ref": "#/objectKeySelector"},
@ -87,10 +100,12 @@
"oneOf": [
{"$ref": "#/valueFromItemExplicit"},
{"$ref": "#/valueFromItemImplicit"}
]
],
"description": "Define an environment variable using valueFrom syntax (map style)."
},
"valueFromItemExplicit": {
"description": "Explicit valueFrom environment variable.",
"type": "object",
"additionalProperties": false,
"properties": {
@ -101,6 +116,7 @@
},
"valueFromItemImplicit": {
"description": "Implicit valueFrom environment variable.",
"type": "object",
"additionalProperties": false,
"properties": {
@ -144,6 +160,7 @@
"valueFromOptions": {
"type": "object",
"description": "Set the valueFrom options for the environment variable.",
"oneOf": [
{"$ref": "#/fieldRef"},
{"$ref": "#/resourceFieldRef"},
@ -153,6 +170,7 @@
},
"secretKeyRef": {
"description": "Reference a key from a Secret using secretKeyRef syntax.",
"type": "object",
"additionalProperties": false,
"properties": {
@ -162,6 +180,7 @@
},
"configMapKeyRef": {
"description": "Reference a key from a ConfigMap using configMapKeyRef syntax.",
"type": "object",
"additionalProperties": false,
"properties": {
@ -171,6 +190,7 @@
},
"fieldRef": {
"description": "Reference a field from the pod spec using fieldRef syntax.",
"type": "object",
"additionalProperties": false,
"properties": {
@ -180,13 +200,16 @@
},
"fieldRefSelector": {
"description": "Selector for a fieldRef.",
"type": "object",
"additionalProperties": false,
"properties": {
"apiVersion": {
"description": "Set the API version for the fieldRef.",
"type": "string"
},
"fieldPath": {
"description": "Set the field path for the fieldRef.",
"type": "string"
}
},
@ -194,6 +217,7 @@
},
"resourceFieldRef": {
"description": "Reference a resource field from the pod spec using resourceFieldRef syntax.",
"type": "object",
"additionalProperties": false,
"properties": {
@ -203,16 +227,20 @@
},
"resourceFieldRefSelector": {
"description": "Selector for a resourceFieldRef.",
"type": "object",
"additionalProperties": false,
"properties": {
"containerName": {
"description": "Set the container name for the resource field reference.",
"type": "string"
},
"divisor": {
"description": "Set the divisor for the resource field reference.",
"oneOf": [{"type": "string"}, {"type": "number"}]
},
"resource": {
"description": "Set the resource name for the resource field reference.",
"type": "string"
}
},
@ -220,6 +248,7 @@
},
"envVarDependsOn": {
"description": "Specify other environment variables that the environment variable depends on.",
"oneOf": [
{"type": "string"},
{
@ -230,13 +259,16 @@
},
"objectKeySelector": {
"description": "Selector for a key in a Secret or ConfigMap.",
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"description": "Set the name of the Secret or ConfigMap.",
"type": "string"
},
"key": {
"description": "Set the key within the Secret or ConfigMap.",
"type": "string"
}
},

63
charts/library/common/schemas/ingress.json
View file

@ -1,7 +1,7 @@
{
"instance": {
"allOf": [
{ "$ref": "definitions.json#/resourceIdentifier" },
{"$ref": "definitions.json#/resourceIdentifier"},
{
"type": "object",
"additionalProperties": false,
@ -10,32 +10,29 @@
"prefix": {},
"suffix": {},
"enabled": {
"description": "Set to false to disable the Ingress.",
"type": "boolean",
"default": true
},
"annotations": {
"$ref": "definitions.json#/annotations"
},
"annotations": {"$ref": "definitions.json#/annotations"},
"labels": {"$ref": "definitions.json#/labels"},
"className": {
"description": "Set the ingressClass used for this Ingress.",
"type": "string"
},
"defaultBackend": {
"description": "Set the defaultBackend for this Ingress. This disables any other rules.",
"$ref": "k8s-api.json#/networking.v1.ingressBackend"
},
"hosts": {
"description": "Configure the hosts for the Ingress.",
"type": "array",
"items": {
"$ref": "#/hostEntry"
}
},
"labels": {
"$ref": "definitions.json#/labels"
"items": {"$ref": "#/hostEntry"}
},
"tls": {
"description": "Configure TLS for the Ingress.",
"type": "array",
"items": {
"$ref": "#/tlsEntry"
}
"items": {"$ref": "#/tlsEntry"}
}
}
}
@ -46,20 +43,18 @@
"additionalProperties": false,
"properties": {
"host": {
"description": "Set the host address. Helm templates are supported.",
"type": "string"
},
"paths": {
"description": "Configure the paths for the host.",
"type": "array",
"title": "paths",
"items": {
"additionalProperties": false,
"properties": {
"path": {
"type": "string"
},
"pathType": {
"type": "string",
"default": "Prefix"
},
"path": {"type": "string"},
"pathType": {"type": "string", "default": "Prefix"},
"service": {
"oneOf": [
{"$ref": "#/serviceReferenceByName"},
@ -68,9 +63,7 @@
}
},
"required": ["path"]
},
"title": "paths",
"type": "array"
}
}
},
"required": ["host", "paths"]
@ -80,12 +73,12 @@
"additionalProperties": false,
"properties": {
"hosts": {
"description": "Set the hosts for the TLS entry. Helm templates are supported.",
"type": "array",
"items": {
"type": ["string"]
}
"items": {"type": ["string"]}
},
"secretName": {
"description": "Set the secretName for the TLS entry. Helm templates are supported.",
"type": "string"
}
},
@ -96,12 +89,8 @@
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string"
},
"port": {
"type": ["integer"]
}
"name": {"type": "string"},
"port": {"type": ["integer"]}
},
"required": ["name", "port"]
},
@ -110,12 +99,8 @@
"type": "object",
"additionalProperties": false,
"properties": {
"identifier": {
"type": "string"
},
"port": {
"type": ["string", "integer"]
}
"identifier": {"type": "string"},
"port": {"type": ["string", "integer"]}
}
}
}

20
charts/library/common/schemas/networkpolicy.json
View file

@ -1,7 +1,7 @@
{
"instance": {
"allOf": [
{ "$ref": "definitions.json#/resourceIdentifier" },
{"$ref": "definitions.json#/resourceIdentifier"},
{
"type": "object",
"additionalProperties": false,
@ -11,26 +11,26 @@
"prefix": {},
"suffix": {},
"enabled": {
"description": "Set to false to disable the NetworkPolicy.",
"type": "boolean",
"default": true
},
"annotations": {
"$ref": "definitions.json#/annotations"
},
"annotations": {"$ref": "definitions.json#/annotations"},
"controller": {
"description": "Controller this NetworkPolicy should target.",
"type": "string"
},
"labels": {
"$ref": "definitions.json#/labels"
"labels": {"$ref": "definitions.json#/labels"},
"podSelector": {
"description": "Custom podSelector for the NetworkPolicy. Takes precedence over targeting a controller."
},
"podSelector": {},
"policyTypes": {
"description": "Policy types for the NetworkPolicy.",
"type": "array",
"items": {
"type": "string"
}
"items": {"type": "string"}
},
"rules": {
"description": "Ingress and egress rules for the NetworkPolicy.",
"type": "object",
"additionalProperties": false,

33
charts/library/common/schemas/persistence.json
View file

@ -14,7 +14,7 @@
"persistentVolumeClaimItem": {
"allOf": [
{ "$ref": "definitions.json#/resourceIdentifier" },
{"$ref": "definitions.json#/resourceIdentifier"},
{
"type": "object",
"additionalProperties": false,
@ -28,37 +28,50 @@
"suffix": {},
"enabled": {
"type": "boolean",
"default": true
"default": true,
"description": "Set to false to disable the persistence item."
},
"accessMode": {
"type": "string"
"type": "string",
"description": "AccessMode for the persistent volume. Make sure to select an access mode that is supported by your storage provider!\nSee https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes"
},
"annotations": {
"$ref": "definitions.json#/annotations"
},
"dataSource": {
"$ref": "#/dataSourceReference"
"$ref": "#/dataSourceReference",
"description": "The optional data source for the persistentVolumeClaim.\nSee https://kubernetes.io/docs/concepts/storage/persistent-volumes/#volume-populators-and-data-sources"
},
"dataSourceRef": {
"$ref": "#/dataSourceReference"
"$ref": "#/dataSourceReference",
"description": "The optional volume populator for the persistentVolumeClaim.\nSee https://kubernetes.io/docs/concepts/storage/persistent-volumes/#volume-populators-and-data-sources"
},
"labels": {
"$ref": "definitions.json#/labels"
},
"retain": {
"type": "boolean"
"type": "boolean",
"description": "Set to true to retain the PVC upon helm uninstall."
},
"size": {
"type": "string"
"type": "string",
"description": "The amount of storage that is requested for the persistent volume."
},
"storageClass": {
"type": "string"
"type": "string",
"description": "Storage Class for the config volume.\nIf set to '-', dynamic provisioning is disabled.\nIf set to something else, the given storageClass is used.\nIf undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner."
},
"volumeName": {
"type": "string"
},
"advancedMounts": {"$ref": "#/advancedMounts"},
"globalMounts": {"$ref": "#/globalMounts"}
"advancedMounts": {
"$ref": "#/advancedMounts",
"description": "Explicitly configure mounts for specific controllers and containers.\nSee https://bjw-s-labs.github.io/helm-charts/docs/common-library/storage/globalOptions/#advancedmounts"
},
"globalMounts": {
"$ref": "#/globalMounts",
"description": "Configure mounts to all controllers and containers.\nBy default the persistence item will be mounted to /<name_of_the_peristence_item>.\nSee https://bjw-s-labs.github.io/helm-charts/docs/common-library/storage/globalOptions/#globalmounts"
}
},
"required": ["accessMode", "size"]
}

69
charts/library/common/schemas/pod.json
View file

@ -5,55 +5,67 @@
"properties": {
"affinity": {
"type": "object",
"$ref": "k8s-api.json#/core.v1.Affinity"
"$ref": "k8s-api.json#/core.v1.Affinity",
"description": "Set affinity constraint rules. Helm templates can be used.\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity"
},
"annotations": {
"$ref": "definitions.json#/annotations"
},
"automountServiceAccountToken": {
"type": "boolean",
"default": true
"default": true,
"description": "Set to true to automatically mount the service account token."
},
"dnsConfig": {
"type": "object",
"$ref": "k8s-api.json#/core.v1.PodDNSConfig"
"$ref": "k8s-api.json#/core.v1.PodDNSConfig",
"description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
},
"dnsPolicy": {
"type": "string"
"type": "string",
"description": "Configure the Pod DNS policy. Defaults to 'ClusterFirst' if hostNetwork is false and 'ClusterFirstWithHostNet' if hostNetwork is true."
},
"enableServiceLinks": {
"type": "boolean",
"default": false
"default": false,
"description": "Enable/disable the generation of environment variables for services.\nSee https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service"
},
"hostAliases": {
"type": "array",
"items": {
"$ref": "k8s-api.json#/core.v1.HostAlias"
}
},
"description": "Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames.\nSee https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/"
},
"hostIPC": {
"type": "boolean",
"default": false
"default": false,
"description": "Set to true to use the host's ipc namespace."
},
"hostNetwork": {
"type": "boolean",
"default": false
"default": false,
"description": "Set to false to disable host networking on the Pod. When using hostNetwork, make sure you set dnsPolicy to 'ClusterFirstWithHostNet'"
},
"hostPID": {
"type": "boolean",
"default": false
"default": false,
"description": "Set to true to use the host's pid namespace."
},
"hostUsers": {
"type": ["boolean", "null"]
"type": ["boolean", "null"],
"description": "Set to false to create a new userns for the Pod. (Requires Kubernetes 1.29 or newer)"
},
"hostname": {
"type": "string"
"type": "string",
"description": "Set the Pod's hostname."
},
"imagePullSecrets": {
"type": "array",
"items": {
"$ref": "k8s-api.json#/core.v1.LocalObjectReference"
}
},
"description": "Set image pull secrets."
},
"labels": {
"$ref": "definitions.json#/annotations"
@ -62,44 +74,55 @@
"type": "object",
"additionalProperties": {
"type": ["string"]
}
},
"description": "Node selection constraint.\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector"
},
"priorityClassName": {
"type": "string"
"type": "string",
"description": "Custom priority class for different treatment by the scheduler."
},
"resources": {
"$ref": "k8s-api.json#/core.v1.ResourceRequirements"
"$ref": "k8s-api.json#/core.v1.ResourceRequirements",
"description": "Set the resource requests / limits for the Pod. (Requires Kubernetes 1.32 or newer)"
},
"restartPolicy": {
"type": "string"
"type": "string",
"description": "Set container restart policy. Defaults to 'Always'. When controller.type is 'cronjob' it defaults to 'Never'."
},
"runtimeClassName": {
"type": "string"
"type": "string",
"description": "Set a runtimeClassName other than the default one (ie: `nvidia`)."
},
"schedulerName": {
"type": "string"
"type": "string",
"description": "Set a custom scheduler name."
},
"securityContext": {
"$ref": "k8s-api.json#/core.v1.PodSecurityContext"
"$ref": "k8s-api.json#/core.v1.PodSecurityContext",
"description": "Configure the Security Context for the Pod."
},
"shareProcessNamespace": {
"type": ["boolean", "null"],
"default": false
"default": false,
"description": "Allows sharing process namespace between containers in a Pod.\nSee https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/"
},
"terminationGracePeriodSeconds": {
"type": ["integer", "null"]
"type": ["integer", "null"],
"description": "Duration in seconds the pod needs to terminate gracefully.\nSee https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle"
},
"tolerations": {
"type": "array",
"items": {
"$ref": "k8s-api.json#/core.v1.Toleration"
}
},
"description": "Specify taint tolerations.\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/"
},
"topologySpreadConstraints": {
"type": "array",
"items": {
"$ref": "k8s-api.json#/core.v1.TopologySpreadConstraint"
}
},
"description": "Defines topologySpreadConstraint rules.\nSee https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/"
}
}
}

17
charts/library/common/schemas/rawResource.json
View file

@ -1,7 +1,7 @@
{
"instance": {
"allOf": [
{ "$ref": "definitions.json#/resourceIdentifier" },
{"$ref": "definitions.json#/resourceIdentifier"},
{
"type": "object",
"additionalProperties": false,
@ -10,22 +10,23 @@
"prefix": {},
"suffix": {},
"enabled": {
"description": "Set to false to disable the resource.",
"type": "boolean",
"default": true
},
"apiVersion": {
"description": "apiVersion of the resource.",
"type": "string"
},
"kind": {
"description": "Kind of the resource.",
"type": "string"
},
"annotations": {
"$ref": "definitions.json#/annotations"
},
"labels": {
"$ref": "definitions.json#/labels"
},
"spec": {}
"annotations": {"$ref": "definitions.json#/annotations"},
"labels": {"$ref": "definitions.json#/labels"},
"spec": {
"description": "Contents of the raw resource to be rendered."
}
},
"required": ["apiVersion", "kind", "spec"]
}

57
charts/library/common/schemas/rbac.json
View file

@ -1,7 +1,7 @@
{
"role": {
"allOf": [
{ "$ref": "definitions.json#/resourceIdentifier" },
{"$ref": "definitions.json#/resourceIdentifier"},
{
"type": "object",
"additionalProperties": false,
@ -11,15 +11,14 @@
"suffix": {},
"enabled": {
"type": "boolean",
"default": true
"default": true,
"description": "Set to false to disable the Role or ClusterRole."
},
"type": {
"type": "string",
"enum": [
"Role",
"ClusterRole"
],
"default": "Role"
"enum": ["Role", "ClusterRole"],
"default": "Role",
"description": "Set the type of RBAC resource. Supported values: Role, ClusterRole."
},
"annotations": {
"$ref": "definitions.json#/annotations"
@ -28,7 +27,8 @@
"$ref": "definitions.json#/labels"
},
"rules": {
"type": "array"
"type": "array",
"description": "Set the rules for the Role or ClusterRole."
}
},
"required": ["type", "rules"]
@ -38,7 +38,7 @@
"roleBinding": {
"allOf": [
{ "$ref": "definitions.json#/resourceIdentifier" },
{"$ref": "definitions.json#/resourceIdentifier"},
{
"type": "object",
"additionalProperties": false,
@ -48,15 +48,14 @@
"suffix": {},
"enabled": {
"type": "boolean",
"default": true
"default": true,
"description": "Set to false to disable the RoleBinding or ClusterRoleBinding."
},
"type": {
"type": "string",
"enum": [
"RoleBinding",
"ClusterRoleBinding"
],
"default": "RoleBinding"
"enum": ["RoleBinding", "ClusterRoleBinding"],
"default": "RoleBinding",
"description": "Set the type of RBAC binding. Supported values: RoleBinding, ClusterRoleBinding."
},
"annotations": {
"$ref": "definitions.json#/annotations"
@ -66,19 +65,20 @@
},
"roleRef": {
"type": "object",
"description": "Reference the Role or ClusterRole to bind to.",
"properties": {
"identifier": {
"type": "string"
"type": "string",
"description": "Reference an Role or ClusterRole configured in this chart by its key."
},
"name": {
"type": "string"
"type": "string",
"description": "Reference a Role or ClusterRole by its name. Helm template enabled."
},
"kind": {
"type": "string",
"enum": [
"Role",
"ClusterRole"
]
"description": "The kind of the referenced object. Supported values: Role, ClusterRole.",
"enum": ["Role", "ClusterRole"]
}
},
"oneOf": [
@ -88,25 +88,30 @@
},
"subjects": {
"type": "array",
"description": "Set the subjects for the RoleBinding or ClusterRoleBinding.",
"items": {
"type": "object",
"properties": {
"identifier": {
"type": "string"
"type": "string",
"description": "Reference a serviceAccount configured in this chart by its key."
},
"name": {
"type": "string"
"type": "string",
"description": "Reference an subject by its name."
},
"kind": {
"type": "string"
"type": "string",
"description": "The kind of the referenced subject. Supported values: ServiceAccount, User, Group."
},
"namespace": {
"type": "string"
"type": "string",
"description": "The namespace of the referenced subject. Do not define if kind is User or Group."
}
},
"oneOf": [
{"required": ["identifier"]},
{"required": ["name", "kind", "namespace"]}
{"required": ["name", "kind"]}
]
}
}

94
charts/library/common/schemas/route.json
View file

@ -1,7 +1,7 @@
{
"instance": {
"allOf": [
{ "$ref": "definitions.json#/resourceIdentifier" },
{"$ref": "definitions.json#/resourceIdentifier"},
{
"type": "object",
"additionalProperties": false,
@ -10,95 +10,77 @@
"prefix": {},
"suffix": {},
"enabled": {
"description": "Set to false to disable the Route.",
"type": "boolean",
"default": true
},
"annotations": {
"$ref": "definitions.json#/annotations"
},
"labels": {
"$ref": "definitions.json#/labels"
},
"annotations": {"$ref": "definitions.json#/annotations"},
"labels": {"$ref": "definitions.json#/labels"},
"hostnames": {
"description": "Host addresses for the Route. Helm templates are supported.",
"type": "array",
"items": {"type": "string"}
},
"kind": {
"description": "Route kind. Supported values: GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute.",
"type": "string",
"enum": ["GRPCRoute", "HTTPRoute", "TCPRoute", "TLSRoute", "UDPRoute"]
"enum": [
"GRPCRoute",
"HTTPRoute",
"TCPRoute",
"TLSRoute",
"UDPRoute"
]
},
"parentRefs": {
"description": "Resource the Route attaches to.",
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"group": {
"type": "string"
},
"kind": {
"type": "string"
},
"namespace": {
"type": "string"
},
"name": {
"type": "string"
},
"sectionName": {
"type": "string"
},
"port": {
"type": "integer"
}
"group": {"type": "string"},
"kind": {"type": "string"},
"namespace": {"type": "string"},
"name": {"type": "string"},
"sectionName": {"type": "string"},
"port": {"type": "integer"}
},
"required": ["name"]
}
},
"rules": {
"description": "Rules for routing. Defaults to the primary service.",
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"backendRefs": {
"description": "Backend references.",
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"group": {
"type": "string"
},
"kind": {
"type": "string"
},
"namespace": {
"type": "string"
},
"group": {"type": "string"},
"kind": {"type": "string"},
"namespace": {"type": "string"},
"name": {
"type": "string",
"description": "A reference to a backend Service name."
"description": "Reference to a backend Service name.",
"type": "string"
},
"identifier": {
"type": "string",
"description": "A reference to a service identifier that is defined within the chart values."
"description": "Reference to a service identifier defined within the chart values.",
"type": "string"
},
"port": {
"type": ["string", "integer"]
},
"weight": {
"type": "integer"
}
"port": {"type": ["string", "integer"]},
"weight": {"type": "integer"}
}
}
},
"matches": {
"description": "Match rules.",
"type": "array",
"items": {
"type": "object",
@ -108,26 +90,24 @@
"type": "object",
"additionalProperties": false,
"properties": {
"type": {
"type": "string"
},
"value": {
"type": "string"
}
"type": {"type": "string"},
"value": {"type": "string"}
}
}
}
}
},
"filters": {
"description": "Filters for the route.",
"type": "array",
"items": {}
},
"sessionPersistence": {
"description": "SessionPersistence defines the desired state of SessionPersistence",
"description": "SessionPersistence defines the desired state of SessionPersistence.",
"type": "object"
},
"timeouts": {
"description": "Timeouts for the route.",
"type": "object"
}
}

18
charts/library/common/schemas/secret.json
View file

@ -1,7 +1,7 @@
{
"instance": {
"allOf": [
{ "$ref": "definitions.json#/resourceIdentifier" },
{"$ref": "definitions.json#/resourceIdentifier"},
{
"type": "object",
"additionalProperties": false,
@ -10,27 +10,25 @@
"prefix": {},
"suffix": {},
"enabled": {
"description": "Set to false to disable the Secret.",
"type": "boolean",
"default": true
},
"includeInChecksum": {
"description": "Set to true to include this Secret in the checksum calculation for rolling updates.",
"type": "boolean",
"default": true
},
"annotations": {
"$ref": "definitions.json#/annotations"
},
"labels": {
"$ref": "definitions.json#/labels"
},
"annotations": {"$ref": "definitions.json#/annotations"},
"labels": {"$ref": "definitions.json#/labels"},
"type": {
"description": "Secret type.",
"type": "string"
},
"stringData": {
"description": "Secret stringData content. Helm templates are supported.",
"type": "object",
"additionalProperties": {
"type": "string"
}
"additionalProperties": {"type": "string"}
}
},
"required": ["stringData"]

88
charts/library/common/schemas/service.json
View file

@ -1,7 +1,7 @@
{
"instance": {
"allOf": [
{ "$ref": "definitions.json#/resourceIdentifier" },
{"$ref": "definitions.json#/resourceIdentifier"},
{
"type": "object",
"additionalProperties": false,
@ -10,84 +10,67 @@
"prefix": {},
"suffix": {},
"enabled": {
"description": "Set to false to disable the Service.",
"type": "boolean",
"default": true
},
"annotations": {
"$ref": "definitions.json#/annotations"
},
"labels": {
"$ref": "definitions.json#/labels"
},
"annotations": {"$ref": "definitions.json#/annotations"},
"labels": {"$ref": "definitions.json#/labels"},
"type": {
"type": "string"
},
"clusterIP": {
"type": "string"
},
"externalName": {
"type": "string"
},
"loadBalancerIP": {
"type": "string"
"description": "Service type. Supported values: ClusterIP, NodePort, LoadBalancer, ExternalName.",
"type": "string",
"enum": ["ClusterIP", "NodePort", "LoadBalancer", "ExternalName"]
},
"clusterIP": {"type": "string"},
"externalName": {"type": "string"},
"loadBalancerIP": {"type": "string"},
"loadBalancerSourceRanges": {
"type": "array",
"items": {"type": "string"}
},
"loadBalancerClass": {
"type": "string"
},
"loadBalancerClass": {"type": "string"},
"internalTrafficPolicy": {
"description": "internalTrafficPolicy for the Service. Supported values: Cluster, Local.\nSee https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/",
"type": "string",
"enum": ["Cluster", "Local"]
},
"externalTrafficPolicy": {
"description": "externalTrafficPolicy for the Service. Supported values: Cluster, Local.\nSee https://kubernetes.io/docs/tutorials/services/source-ip/",
"type": "string",
"enum": ["Cluster", "Local"]
},
"allocateLoadBalancerNodePorts": {
"type": "boolean"
},
"sessionAffinity": {
"type": "string",
"enum": ["None", "ClientIP"]
},
"sessionAffinityConfig": {
"type": "object"
},
"externalIPs": {
"type": "array",
"items": {"type": "string"}
},
"publishNotReadyAddresses": {
"type": "boolean"
},
"allocateLoadBalancerNodePorts": {"type": "boolean"},
"sessionAffinity": {"type": "string", "enum": ["None", "ClientIP"]},
"sessionAffinityConfig": {"type": "object"},
"externalIPs": {"type": "array", "items": {"type": "string"}},
"publishNotReadyAddresses": {"type": "boolean"},
"ipFamilyPolicy": {
"description": "ipFamilyPolicy for the Service. Supported values: SingleStack, PreferDualStack, RequireDualStack.",
"type": "string",
"enum": ["SingleStack", "PreferDualStack", "RequireDualStack"]
},
"ipFamilies": {
"description": "IP families for the Service. Supported values: IPv4, IPv6.",
"type": "array",
"items": {
"type": "string",
"enum": ["IPv4", "IPv6"]
}
"items": {"type": "string", "enum": ["IPv4", "IPv6"]}
},
"ports": {
"type": "object",
"additionalProperties": {
"$ref": "#/servicePort"
}
"controller": {
"description": "Controller this Service should target.",
"type": "string"
},
"primary": {
"description": "Set to true to make this the primary Service for the controller (used in probes, notes, etc). Only one Service can be marked as primary.",
"type": "boolean",
"default": false
},
"controller": {
"type": "string"
"extraSelectorLabels": {
"description": "Additional match labels for the Service selector."
},
"extraSelectorLabels": {}
"ports": {
"description": "Service port(s) configuration.",
"type": "object",
"additionalProperties": {"$ref": "#/servicePort"}
}
},
"required": []
}
@ -99,27 +82,34 @@
"additionalProperties": false,
"properties": {
"enabled": {
"description": "Set to false to disable the port.",
"type": "boolean",
"default": true
},
"primary": {
"description": "Set to true to make this the primary port (used in probes, notes, etc).\nOnly one port can be marked as primary.",
"type": "boolean",
"default": false
},
"port": {
"description": "Port name / number.",
"type": ["string", "integer"]
},
"protocol": {
"description": "Port protocol. Supported values: HTTP, HTTPS, TCP, UDP.\nHTTP and HTTPS spawn a TCP service and are used for internal URL and name generation.",
"type": "string",
"enum": ["HTTP", "HTTPS", "TCP", "UDP"]
},
"targetPort": {
"description": "Set the targetPort if you want the Service port to differ from the application port. If set, this value is used in the container definition instead of 'port'.\nNamed ports are not supported for this field.",
"type": ["string", "integer"]
},
"nodePort": {
"description": "nodePort value for LoadBalancer and NodePort Service types.\nSee https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport",
"type": ["string", "integer"]
},
"appProtocol": {
"description": "appProtocol value for the port.\nSee https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol",
"type": "string"
}
},

12
charts/library/common/schemas/serviceAccount.json
View file

@ -1,7 +1,7 @@
{
"instance": {
"allOf": [
{ "$ref": "definitions.json#/resourceIdentifier" },
{"$ref": "definitions.json#/resourceIdentifier"},
{
"type": "object",
"additionalProperties": false,
@ -10,16 +10,14 @@
"prefix": {},
"suffix": {},
"enabled": {
"description": "Set to false to disable the ServiceAccount.",
"type": "boolean",
"default": true
},
"annotations": {
"$ref": "definitions.json#/annotations"
},
"labels": {
"$ref": "definitions.json#/labels"
},
"annotations": {"$ref": "definitions.json#/annotations"},
"labels": {"$ref": "definitions.json#/labels"},
"staticToken": {
"description": "Set to true to create a long-lived static token for the ServiceAccount.",
"type": "boolean",
"default": false
}

38
charts/library/common/schemas/serviceMonitor.json
View file

@ -10,22 +10,16 @@
"prefix": {},
"suffix": {},
"enabled": {
"description": "Whether this ServiceMonitor is enabled or not.",
"description": "Set to false to disable the ServiceMonitor.",
"type": "boolean",
"default": true
},
"annotations": {
"$ref": "definitions.json#/annotations"
},
"labels": {
"$ref": "definitions.json#/labels"
},
"annotations": {"$ref": "definitions.json#/annotations"},
"labels": {"$ref": "definitions.json#/labels"},
"endpoints": {
"description": "A list of endpoints allowed as part of this ServiceMonitor.",
"description": "Endpoints allowed as part of this ServiceMonitor.",
"type": "array",
"items": {
"type": "object"
}
"items": {"type": "object"}
},
"selector": {
"description": "Selector to select Endpoints objects.",
@ -35,9 +29,7 @@
"matchLabels": {
"description": "matchLabels is a map of {key,value} pairs. The requirements are ANDed.",
"type": "object",
"additionalProperties": {
"type": "string"
}
"additionalProperties": {"type": "string"}
},
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
@ -58,39 +50,35 @@
}
},
"service": {
"description": "Which service to monitor. Either 'serviceName' or 'service' must be specified.",
"description": "Service to monitor. Either 'serviceName' or 'service' must be specified.",
"oneOf": [
{
"description": "A reference to a Service name. Helm templates can be used.",
"description": "Reference to a Service name. Helm templates are supported.",
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string"
}
"name": {"type": "string"}
},
"required": ["name"]
},
{
"description": "A reference to a service identifier that is defined within the chart values.",
"description": "Reference to a service identifier defined within the chart values.",
"type": "object",
"additionalProperties": false,
"properties": {
"identifier": {
"type": "string"
}
"identifier": {"type": "string"}
},
"required": ["identifier"]
}
]
},
"serviceName": {
"description": "A reference to a Service name to monitor. Helm templates can be used. Deprecated in favor of 'service'.",
"description": "Reference to a Service name to monitor. Helm templates are supported. Deprecated in favor of 'service'.",
"type": "string",
"deprecated": true
},
"targetLabels": {
"description": "TargetLabels transfers labels from the Kubernetes Service onto the created metrics.",
"description": "Transfers labels from the Kubernetes Service onto the created metrics.",
"type": "array"
}
},

9
charts/library/common/templates/classes/_rolebinding.tpl
View file

@ -25,7 +25,16 @@ This template serves as a blueprint for generating RoleBinding objects in Kubern
{{- $_ := set $subject "kind" "ServiceAccount" -}}
{{- $_ := set $subject "namespace" $rootContext.Release.Namespace -}}
{{- $subjects = mustAppend $subjects $subject -}}
{{- else if eq .kind "Group" -}}
{{- $subject := dict "name" .name "kind" .kind -}}
{{- $subjects = mustAppend $subjects $subject -}}
{{- else if eq .kind "User" -}}
{{- $subject := dict "name" .name "kind" .kind -}}
{{- $subjects = mustAppend $subjects $subject -}}
{{- else -}}
{{- if not .namespace }}
{{- fail (printf "No namespace provided for subject '%s'. Please provide a namespace." $roleBindingObject.name) -}}
{{- end -}}
{{- $subject := dict "name" .name "kind" .kind "namespace" .namespace -}}
{{- $subjects = mustAppend $subjects $subject -}}
{{- end -}}

32
charts/library/common/templates/lib/rolebinding/_validate.tpl Normal file
View file

@ -0,0 +1,32 @@
{{/*
Validate RoleBinding values
*/}}
{{- define "bjw-s.common.lib.rbac.rolebinding.validate" -}}
{{- $rootContext := .rootContext -}}
{{- $roleBindingValues := .object -}}
{{- $rules := $roleBindingValues.rules -}}
{{/* Verify permutations for RoleBinding subjects */}}
{{- if and (not (empty $roleBindingValues.subjects)) (not (empty $roleBindingValues.roleRef)) -}}
{{- $subjectTypes := list "User" "Group" "ServiceAccount" -}}
{{- $subjectTypeCount := 0 -}}
{{- range $roleBindingValues.subjects -}}
{{- if hasKey . "kind" -}}
{{- if dict $subjectTypes has .kind -}}
{{- $subjectTypeCount = add $subjectTypeCount 1 -}}
{{- else -}}
{{- fail (printf "Invalid subject kind '%s' in RoleBinding '%s'. Valid kinds are: %s" .kind $roleBindingValues.identifier (join ", " $subjectTypes)) -}}
{{- end -}}
{{- else -}}
{{- fail (printf "Subject kind is required in RoleBinding '%s'" $roleBindingValues.identifier) -}}
{{- end -}}
{{- end -}}
{{- if eq $subjectTypeCount 0 -}}
{{- fail (printf "At least one subject with a valid kind is required in RoleBinding '%s'" $roleBindingValues.identifier) -}}
{{- end -}}
{{- else -}}
{{- fail (printf "subjects and roleRef are required for RoleBinding with key \"%v\"" $roleBindingValues.identifier) -}}
{{- end -}}
{{- end -}}

5
charts/library/common/templates/lib/routes/_validate.tpl
View file

@ -9,6 +9,10 @@ Validate Route values
{{/* Verify automatic Service detection */}}
{{- if not (eq 1 (len $enabledServices)) -}}
{{- if empty $routeObject.rules -}}
{{- fail (printf "An explicit rule is required because automatic Service detection is not possible. (route: %s)" $routeObject.identifier) -}}
{{- end -}}
{{- range $routeObject.rules -}}
{{- $rule := . -}}
{{- range $rule.backendRefs }}
@ -27,7 +31,6 @@ Validate Route values
{{- end }}
{{/* Route Rules */}}
{{- range $routeObject.rules }}
{{- if and (.filters) (.backendRefs) }}
{{- range .filters }}

10
charts/library/common/test-chart/Chart.yaml
View file

@ -5,9 +5,9 @@ name: common-test
version: 1.0.0
kubeVersion: ">=1.28.0-0"
maintainers:
- name: bjw-s
email: me@bjw-s.dev
- name: bjw-s
email: me@bjw-s.dev
dependencies:
- name: common
repository: file://../
version: ">0.0.0-0"
- name: common
repository: file://../
version: ">0.0.0-0"

51
charts/library/common/test-chart/ci/advanced-values.yaml
View file

@ -23,8 +23,8 @@ controllers:
a-container:
dependsOn:
- main
- third-container
- main
- third-container
image:
repository: ghcr.io/mendhak/http-https-echo
tag: 31
@ -60,15 +60,15 @@ service:
ingress:
main:
hosts:
- host: "test.local"
paths:
- path: /
service:
identifier: main
port: http
- host: "test.local"
paths:
- path: /
service:
identifier: main
port: http
tls:
- hosts:
- "test.local"
- hosts:
- "test.local"
configMaps:
config:
@ -80,19 +80,24 @@ persistence:
type: configMap
identifier: config
advancedMounts:
main: # the controller with the "main" identifier
main: # the container with the "main" identifier
- path: /data/config.yaml
readOnly: false
subPath: config.yaml
second-container: # the container with the "second-container" identifier
- path: /appdata/config
readOnly: true
second-controller: # the controller with the "second-controller" identifier
main: # the container with the "main" identifier
- path: /data/config.yaml
readOnly: false
subPath: config.yaml
main:
# the controller with the "main" identifier
main:
# the container with the "main" identifier
- path: /data/config.yaml
readOnly: false
subPath: config.yaml
second-container:
# the container with the "second-container" identifier
- path: /appdata/config
readOnly: true
second-controller:
# the controller with the "second-controller" identifier
main:
# the container with the "main" identifier
- path: /data/config.yaml
readOnly: false
subPath: config.yaml
rawResources:
unsupportedPDB:

10
charts/library/common/test-chart/ci/basic-values.yaml
View file

@ -20,12 +20,12 @@ controllers:
ingress:
main:
hosts:
- host: "test.local"
paths:
- path: /
- host: "test.local"
paths:
- path: /
tls:
- hosts:
- "test.local"
- hosts:
- "test.local"
service:
main:

36
charts/library/common/test-chart/ci/vaultwarden-example.yaml
View file

@ -36,23 +36,23 @@ ingress:
# -- Enable and configure ingress settings for the chart under this key.
main:
hosts:
- host: chart-example.local
paths:
- path: /
pathType: Prefix
service:
name: main
port: http
- path: /notifications/hub/negotiate
pathType: Prefix
service:
name: main
port: http
- path: /notifications/hub
pathType: Prefix
service:
name: main
port: websocket
- host: chart-example.local
paths:
- path: /
pathType: Prefix
service:
name: main
port: http
- path: /notifications/hub/negotiate
pathType: Prefix
service:
name: main
port: http
- path: /notifications/hub
pathType: Prefix
service:
name: main
port: websocket
# -- Configure persistence settings for the chart under this key.
persistence:
@ -61,4 +61,4 @@ persistence:
accessMode: ReadWriteOnce
size: 1Gi
globalMounts:
- path: /config
- path: /config

8
charts/library/common/test-chart/unittests/_values/rbac_values.yaml
View file

@ -6,9 +6,9 @@ rbac:
defaultRole:
type: Role
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list"]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list" ]
bindings:
defaultBinding:
@ -16,4 +16,4 @@ rbac:
roleRef:
identifier: defaultRole
subjects:
- identifier: default
- identifier: default

34
charts/library/common/test-chart/unittests/rbac/presence_test.yaml
View file

@ -1,9 +1,10 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
suite: rbac - presence
templates:
- common.yaml
tests:
- it: role and rolebinding can be configured are not created by default
- it: role and rolebinding are not created by default
asserts:
- not: true
containsDocument:
@ -25,7 +26,9 @@ tests:
value: release-name
equal:
path: rules[0].verbs
value: ["get", "list"]
value:
- "get"
- "list"
- documentSelector:
path: $[?(@.kind == "RoleBinding")].metadata.name
value: release-name
@ -60,13 +63,22 @@ tests:
rbac.roles.customRole:
type: ClusterRole
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["get", "list", "watch"]
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "get"
- "list"
- "watch"
asserts:
- documentSelector:
path: $[?(@.kind == "ClusterRole")].metadata.name
value: release-name-customrole
equal:
path: rules[0].verbs
value: ["get", "list", "watch"]
- containsDocument:
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
any: true
name: release-name-defaultrole
- containsDocument:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
any: true
name: release-name-customrole

26
charts/library/common/test-chart/unittests/rbac/role_test.yaml Normal file
View file

@ -0,0 +1,26 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
suite: rbac - role tests
templates:
- common.yaml
values:
- ../_values/rbac_values.yaml
tests:
- it: Role should be namespaced
documentSelector:
path: $[?(@.kind == "Role")].metadata.name
value: release-name
asserts:
- exists:
path: metadata.namespace
- it: ClusterRole should not be namespaced
set:
rbac.roles.defaultRole:
type: ClusterRole
documentSelector:
path: $[?(@.kind == "ClusterRole")].metadata.name
value: release-name
asserts:
- notExists:
path: metadata.namespace

84
charts/library/common/test-chart/unittests/rbac/rolebinding_test.yaml Normal file
View file

@ -0,0 +1,84 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
suite: rbac - rolebinding tests
templates:
- common.yaml
set:
rbac:
bindings:
defaultBinding:
enabled: true
type: RoleBinding
roleRef:
name: defaultBinding
kind: Role
subjects:
- kind: Group
name: oidc:/default-group
- kind: User
name: default-username
- kind: ServiceAccount
name: default
namespace: default
tests:
- it: RoleBinding should be namespaced
documentSelector:
path: $[?(@.kind == "RoleBinding")].metadata.name
value: release-name
asserts:
- exists:
path: metadata.namespace
- it: ClusterRoleBinding should not be namespaced
set:
rbac.bindings.defaultBinding:
type: ClusterRoleBinding
documentSelector:
path: $[?(@.kind == "ClusterRoleBinding")].metadata.name
value: release-name
asserts:
- notExists:
path: metadata.namespace
- it: subject must be a valid group
documentSelector:
path: $[?(@.kind == "RoleBinding")].metadata.name
value: release-name
asserts:
- equal:
path: subjects[0].kind
value: Group
- equal:
path: subjects[0].name
value: oidc:/default-group
- notExists:
path: subjects[0].namespace
- it: subject must be a valid user
documentSelector:
path: $[?(@.kind == "RoleBinding")].metadata.name
value: release-name
asserts:
- equal:
path: subjects[1].kind
value: User
- equal:
path: subjects[1].name
value: default-username
- notExists:
path: subjects[0].namespace
- it: subject must be a valid user
documentSelector:
path: $[?(@.kind == "RoleBinding")].metadata.name
value: release-name
asserts:
- equal:
path: subjects[2].kind
value: ServiceAccount
- equal:
path: subjects[2].name
value: default
- equal:
path: subjects[2].namespace
value: default

1
charts/library/common/test-chart/unittests/route/field_hostnames_test.yaml
View file

@ -5,6 +5,7 @@ templates:
- common.yaml
values:
- ../_values/controllers_main_default_container.yaml
- ../_values/service_main_default.yaml
tests:
- it: hostnames shouldn't be used for TCPRoutes and UDPRoutes
set:

1
charts/library/common/test-chart/unittests/route/field_parentRefs_test.yaml
View file

@ -5,6 +5,7 @@ templates:
- common.yaml
values:
- ../_values/controllers_main_default_container.yaml
- ../_values/service_main_default.yaml
tests:
- it: setting gateway should pass
set:

1
charts/library/common/test-chart/unittests/route/metadata_annotations_test.yaml
View file

@ -5,6 +5,7 @@ templates:
- common.yaml
values:
- ../_values/controllers_main_default_container.yaml
- ../_values/service_main_default.yaml
set:
route.main.parentRefs:
- name: test

1
charts/library/common/test-chart/unittests/route/metadata_labels_test.yaml
View file

@ -5,6 +5,7 @@ templates:
- common.yaml
values:
- ../_values/controllers_main_default_container.yaml
- ../_values/service_main_default.yaml
set:
route.main.parentRefs:
- name: test

1
charts/library/common/test-chart/unittests/route/metadata_name_test.yaml
View file

@ -5,6 +5,7 @@ templates:
- common.yaml
values:
- ../_values/controllers_main_default_container.yaml
- ../_values/service_main_default.yaml
set:
route.main:
parentRefs:

1
charts/library/common/test-chart/unittests/route/presence_test.yaml
View file

@ -5,6 +5,7 @@ templates:
- common.yaml
values:
- ../_values/controllers_main_default_container.yaml
- ../_values/service_main_default.yaml
tests:
- it: an HTTPRoute is not created by default
asserts:

21
charts/library/common/test-chart/unittests/route/validations_test.yaml
View file

@ -78,3 +78,24 @@ tests:
asserts:
- failedTemplate:
errorMessage: "Either name or identifier is required because automatic Service detection is not possible. (route: main)"
- it: automatic service and port reference should fail with absent rules field and when >1 service is enabled
set:
service:
main:
controller: main
ports:
ui:
port: 8082
second:
controller: main
ports:
ui:
port: 8082
route.main:
parentRefs:
- name: parentName
namespace: parentNamespace
asserts:
- failedTemplate:
errorMessage: "An explicit rule is required because automatic Service detection is not possible. (route: main)"

12
charts/library/common/values.schema.json
View file

@ -1,6 +1,6 @@
{
"$schema": "http://json-schema.org/draft-07/schema",
"$id": "https://raw.githubusercontent.com/bjw-s-labs/helm-charts/common-4.1.1/charts/library/common/values.schema.json",
"$id": "https://raw.githubusercontent.com/bjw-s-labs/helm-charts/common-4.1.2/charts/library/common/values.schema.json",
"type": "object",
"properties": {
"global": {
@ -8,14 +8,14 @@
"type": "object",
"properties": {
"nameOverride": {
"description": "Override the chart name",
"description": "Set the chart name",
"type": [
"string",
"null"
]
},
"fullnameOverride": {
"description": "Override the chart fullname definition",
"description": "Set the chart fullname definition",
"type": [
"string",
"null"
@ -27,7 +27,7 @@
"default": false
},
"propagateGlobalMetadataToPods": {
"description": "Propagate global metadata to Pod labels",
"description": "Set to true to propagate global metadata to Pod labels.",
"type": "boolean",
"default": false
},
@ -44,7 +44,7 @@
}
},
"defaultPodOptionsStrategy": {
"description": "Set the strategy for the default pod options.\noverwrite: If pod-level options are set, use those instead of the defaults.\nmerge: If pod-level options are set, merge them with the defaults.",
"description": "Set the strategy for the default pod options. Defaults to overwrite.\noverwrite: If pod-level options are set, use those instead of the defaults.\nmerge: If pod-level options are set, merge them with the defaults.",
"type": "string",
"default": "overwrite",
"enum": [
@ -53,7 +53,7 @@
]
},
"defaultPodOptions": {
"description": "Define defaults for pod-level configuration options",
"description": "Set default options for all controllers / pods here. Each of these options can be overridden on a controller level.",
"type": "object",
"$ref": "schemas/pod.json#/options"
},

4
charts/library/common/values.yaml
View file

@ -866,3 +866,7 @@ rbac:
# - kind: ServiceAccount
# name: test
# namespace: "{{ .Release.Namespace }}"
# - kind: Group
# name: oidc:/test-user
# - kind: User
# name: username