public/helm-charts
1
0
Fork 0
mirror of https://github.com/bjw-s-labs/helm-charts.git synced 2025-07-04 08:57:04 +02:00
Code Issues Projects Releases Packages Wiki Activity

feat(common)!: Release version 0.2.0

Browse source 
- 🛑 BREAKING - Removed support for the openvpn and wireguard VPN types.
- Update container versions
- Added support for adding serviceMonitors to services.
- ConfigMap checksum logic now only looks at ConfigMap data
- Explicitly convert defaultMode to decimal notation in code-server addon.
This commit is contained in:
Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs 2022-09-14 10:18:51 +02:00 committed by GitHub
parent 5deacc33ba
commit 4d09009bf8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
28 changed files with 248 additions and 508 deletions
Download patch file Download diff file Expand all files Collapse all files

14
charts/library/common/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
name: common
description: Function library for Helm charts
type: library
version: 0.1.0
version: 0.2.0
kubeVersion: ">=1.16.0-0"
keywords:
- common
@ -13,5 +13,15 @@ maintainers:
email: me@bjw-s.dev
annotations:
artifacthub.io/changes: |-
- kind: removed
description: BREAKING - Removed support for the `openvpn` and `wireguard` VPN types.
- kind: added
description: Added support for adding serviceMonitors to services.
- kind: changed
description: Initial version
description: ConfigMap checksum logic now only looks at ConfigMap data
- kind: changed
description: Explicitly convert defaultMode to decimal notation in code-server addon.
- kind: changed
description: Updated gluetun image to v3.31.1
- kind: changed
description: Updated code-server image to v4.7.0

25
charts/library/common/README.md
View file

@ -1,6 +1,6 @@
# common
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square)
![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square)
Function library for Helm charts
@ -29,7 +29,7 @@ Include this chart as a dependency in your `Chart.yaml` e.g.
# Chart.yaml
dependencies:
- name: common
version: 0.1.0
version: 0.2.0
repository: https://bjw-s.github.io/helm-charts/
```
@ -61,7 +61,7 @@ N/A
| addons.codeserver.git.deployKeySecret | string | `""` | Existing secret containing SSH private key The chart expects it to be present under the `id_rsa` key. |
| addons.codeserver.image.pullPolicy | string | `"IfNotPresent"` | Specify the code-server image pull policy |
| addons.codeserver.image.repository | string | `"ghcr.io/coder/code-server"` | Specify the code-server image |
| addons.codeserver.image.tag | string | `"4.5.1"` | Specify the code-server image tag |
| addons.codeserver.image.tag | string | `"4.7.0"` | Specify the code-server image tag |
| addons.codeserver.ingress.enabled | bool | `false` | Enable an ingress for the code-server add-on. |
| addons.codeserver.ingress.ingressClassName | string | `nil` | Set the ingressClass that is used for this ingress. Requires Kubernetes >=1.19 |
| addons.codeserver.service.enabled | bool | `true` | Enable a service for the code-server add-on. |
@ -83,7 +83,7 @@ N/A
| addons.promtail.logs | list | `[]` | The paths to logs on the volume |
| addons.promtail.loki | string | `""` | The URL to Loki |
| addons.promtail.volumeMounts | list | `[]` | Specify a list of volumes that get mounted in the promtail container. At least 1 volumeMount is required! |
| addons.vpn | object | See values.yaml | The common chart supports adding a VPN add-on. It can be configured under this key. For more info, check out [our docs](https://bjw-s.github.io/helm-charts/docs/common-library/common-library-add-ons/#wireguard-vpn) |
| addons.vpn | object | See values.yaml | The common chart supports adding a VPN add-on. It can be configured under this key. |
| addons.vpn.args | list | `[]` | Override the args for the vpn sidecar container |
| addons.vpn.configFile | string | `nil` | Provide a customized vpn configuration file to be used by the VPN. |
| addons.vpn.configFileSecret | string | `nil` | Reference an existing secret that contains the VPN configuration file The chart expects it to be present under the `vpnConfigfile` key. |
@ -92,26 +92,16 @@ N/A
| addons.vpn.gluetun | object | See below | Gluetun specific configuration -- Make sure to read the [documentation](https://github.com/qdm12/gluetun/wiki) to see how to configure this addon! |
| addons.vpn.gluetun.image.pullPolicy | string | `"IfNotPresent"` | Specify the Gluetun image pull policy |
| addons.vpn.gluetun.image.repository | string | `"docker.io/qmcgaw/gluetun"` | Specify the Gluetun image |
| addons.vpn.gluetun.image.tag | string | `"v3.30.0"` | Specify the Gluetun image tag |
| addons.vpn.gluetun.image.tag | string | `"v3.31.1"` | Specify the Gluetun image tag |
| addons.vpn.livenessProbe | object | `{}` | Optionally specify a livenessProbe, e.g. to check if the connection is still being protected by the VPN |
| addons.vpn.networkPolicy.annotations | object | `{}` | Provide additional annotations which may be required. |
| addons.vpn.networkPolicy.egress | string | `nil` | The egress configuration for your network policy, All outbound traffic from the pod will be blocked unless specified here. [[ref]](https://kubernetes.io/docs/concepts/services-networking/network-policies/) [[recipes]](https://github.com/ahmetb/kubernetes-network-policy-recipes) |
| addons.vpn.networkPolicy.enabled | bool | `false` | If set to true, will deploy a network policy that blocks all outbound traffic except traffic specified as allowed |
| addons.vpn.networkPolicy.labels | object | `{}` | Provide additional labels which may be required. |
| addons.vpn.networkPolicy.podSelectorLabels | object | `{}` | Provide additional podSelector labels which may be required. |
| addons.vpn.openvpn | object | See below | OpenVPN specific configuration |
| addons.vpn.openvpn.auth | string | `nil` | Credentials to connect to the VPN Service (used with -a) |
| addons.vpn.openvpn.authSecret | string | `nil` | Optionally specify an existing secret that contains the credentials. Credentials should be stored under the `VPN_AUTH` key |
| addons.vpn.openvpn.image.pullPolicy | string | `"IfNotPresent"` | Specify the openvpn client image pull policy |
| addons.vpn.openvpn.image.repository | string | `"dperson/openvpn-client"` | Specify the openvpn client image |
| addons.vpn.openvpn.image.tag | string | `"latest"` | Specify the openvpn client image tag |
| addons.vpn.scripts | object | See values.yaml | Provide custom up/down scripts that can be used by the vpn configuration. |
| addons.vpn.securityContext | object | See values.yaml | Set the VPN container securityContext |
| addons.vpn.type | string | `"openvpn"` | Specify the VPN type. Valid options are `openvpn`, `wireguard` and `gluetun`. |
| addons.vpn.wireguard | object | See below | WireGuard specific configuration |
| addons.vpn.wireguard.image.pullPolicy | string | `"IfNotPresent"` | Specify the WireGuard image pull policy |
| addons.vpn.wireguard.image.repository | string | `"ghcr.io/k8s-at-home/wireguard"` | Specify the WireGuard image |
| addons.vpn.wireguard.image.tag | string | `"v1.0.20210914"` | Specify the WireGuard image tag |
| addons.vpn.type | string | `"gluetun"` | Specify the VPN type. Valid options are `gluetun`. |
| affinity | object | `{}` | Defines affinity constraint rules. [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) |
| args | list | `[]` | Override the args for the default container |
| automountServiceAccountToken | bool | `true` | Specifies whether a service account token should be automatically mounted. |
@ -210,6 +200,9 @@ N/A
| service.main.ipFamilies | list | `[]` | The ip families that should be used. Options: IPv4, IPv6 |
| service.main.ipFamilyPolicy | string | `nil` | Specify the ip policy. Options: SingleStack, PreferDualStack, RequireDualStack |
| service.main.labels | object | `{}` | Provide additional labels which may be required. |
| service.main.monitor | object | See below | Configure a serviceMonitor for this Service. |
| service.main.monitor.enabled | bool | `false` | Enables or disables the serviceMonitor. |
| service.main.monitor.endpoints | list | See values.yaml | Configures the endpoints for the serviceMonitor. |
| service.main.nameOverride | string | `nil` | Override the name suffix that is used for this service |
| service.main.ports | object | See below | Configure the Service port information here. Additional ports can be added by adding a dictionary key similar to the 'http' service. |
| service.main.ports.http.enabled | bool | `true` | Enables or disables the port |

2
charts/library/common/README_CONFIG.md.gotmpl
View file

@ -21,7 +21,7 @@ Include this chart as a dependency in your `Chart.yaml` e.g.
# Chart.yaml
dependencies:
- name: common
version: 0.1.0
version: {{ template "chart.version" . }}
repository: {{ template "custom.helm.url" }}
```

22
charts/library/common/templates/_service.tpl
View file

@ -3,7 +3,7 @@ Renders the Service objects required by the chart.
*/}}
{{- define "common.service" -}}
{{- /* Generate named services as required */ -}}
{{- range $name, $service := .Values.service }}
{{- range $name, $service := .Values.service -}}
{{- if $service.enabled -}}
{{- $serviceValues := $service -}}
@ -12,10 +12,24 @@ Renders the Service objects required by the chart.
{{- $_ := set $serviceValues "nameOverride" $name -}}
{{ end -}}
{{/* Include the Service class */}}
{{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}}
{{- include "common.classes.service" $ }}
{{- end }}
{{- end }}
{{- include "common.classes.service" $ | nindent 0 -}}
{{/* Include a serviceMonitor if required */}}
{{- if $service.monitor.enabled | default false -}}
{{- $_ := set $ "ObjectValues" (dict "serviceMonitor" $serviceValues.monitor) -}}
{{- $_ := set $.ObjectValues.serviceMonitor "nameOverride" $serviceValues.nameOverride -}}
{{- $serviceName := include "common.names.fullname" $ -}}
{{- if and (hasKey $serviceValues "nameOverride") $serviceValues.nameOverride -}}
{{- $serviceName = printf "%v-%v" $serviceName $serviceValues.nameOverride -}}
{{ end -}}
{{- $_ := set $.ObjectValues.serviceMonitor "serviceName" $serviceName -}}
{{- include "common.classes.serviceMonitor" $ | nindent 0 -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end }}
{{/*

2
charts/library/common/templates/addons/code-server/_volume.tpl
View file

@ -9,7 +9,7 @@ secret:
{{- else }}
secretName: {{ include "common.names.fullname" . }}-deploykey
{{- end }}
defaultMode: 256
defaultMode: {{ "0400" | toDecimal }}
items:
- key: id_rsa
path: id_rsa

4
charts/library/common/templates/addons/vpn/_vpn.tpl
View file

@ -5,11 +5,11 @@ It will include / inject the required templates based on the given values.
{{- define "common.addon.vpn" -}}
{{- if .Values.addons.vpn.enabled -}}
{{- if eq "openvpn" .Values.addons.vpn.type -}}
{{- include "common.addon.openvpn" . }}
{{- fail "The 'openvpn' VPN type is no longer supported. Please migrate to the 'gluetun' type." . }}
{{- end -}}
{{- if eq "wireguard" .Values.addons.vpn.type -}}
{{- include "common.addon.wireguard" . }}
{{- fail "The 'wireguard' VPN type is no longer supported. Please migrate to the 'gluetun' type." . }}
{{- end -}}
{{- if eq "gluetun" .Values.addons.vpn.type -}}

17
charts/library/common/templates/addons/vpn/openvpn/_addon.tpl
View file

@ -1,17 +0,0 @@
{{/*
Template to render OpenVPN addon. It will add the container to the list of additionalContainers
and add a credentials secret if speciffied.
*/}}
{{- define "common.addon.openvpn" -}}
{{/* Append the openVPN container to the additionalContainers */}}
{{- $container := include "common.addon.openvpn.container" . | fromYaml -}}
{{- if $container -}}
{{- $_ := set .Values.additionalContainers "addon-openvpn" $container -}}
{{- end -}}
{{/* Include the secret if not empty */}}
{{- $secret := include "common.addon.openvpn.secret" . -}}
{{- if $secret -}}
{{- $secret | nindent 0 -}}
{{- end -}}
{{- end -}}

66
charts/library/common/templates/addons/vpn/openvpn/_container.tpl
View file

@ -1,66 +0,0 @@
{{/*
The OpenVPN sidecar container to be inserted.
*/}}
{{- define "common.addon.openvpn.container" -}}
name: openvpn
image: "{{ .Values.addons.vpn.openvpn.image.repository }}:{{ .Values.addons.vpn.openvpn.image.tag }}"
imagePullPolicy: {{ .Values.addons.vpn.openvpn.pullPolicy }}
{{- with .Values.addons.vpn.securityContext }}
securityContext:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.addons.vpn.env }}
env:
{{- . | toYaml | nindent 2 }}
{{- end }}
{{- with .Values.addons.vpn.envFrom }}
envFrom:
{{- . | toYaml | nindent 2 }}
{{- end }}
{{- with .Values.addons.vpn.args }}
args:
{{- . | toYaml | nindent 2 }}
{{- end }}
{{- if or .Values.addons.vpn.openvpn.auth .Values.addons.vpn.openvpn.authSecret }}
envFrom:
- secretRef:
{{- if .Values.addons.vpn.openvpn.authSecret }}
name: {{ .Values.addons.vpn.openvpn.authSecret }}
{{- else }}
name: {{ include "common.names.fullname" . }}-openvpn
{{- end }}
{{- end }}
{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }}
volumeMounts:
{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret }}
- name: vpnconfig
mountPath: /vpn/vpn.conf
subPath: vpnConfigfile
{{- end }}
{{- if .Values.addons.vpn.scripts.up }}
- name: vpnscript
mountPath: /vpn/up.sh
subPath: up.sh
{{- end }}
{{- if .Values.addons.vpn.scripts.down }}
- name: vpnscript
mountPath: /vpn/down.sh
subPath: down.sh
{{- end }}
{{- if .Values.persistence.shared.enabled }}
- mountPath: {{ .Values.persistence.shared.mountPath }}
name: shared
{{- end }}
{{- with .Values.addons.vpn.additionalVolumeMounts }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- with .Values.addons.vpn.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 2 }}
{{- end -}}
{{- with .Values.addons.vpn.resources }}
resources:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end -}}

16
charts/library/common/templates/addons/vpn/openvpn/_secret.tpl
View file

@ -1,16 +0,0 @@
{{/*
The OpenVPN credentials secrets to be included.
*/}}
{{- define "common.addon.openvpn.secret" -}}
{{- with .Values.addons.vpn.openvpn.auth }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" $ }}-openvpn
labels: {{- include "common.labels" $ | nindent 4 }}
annotations: {{- include "common.annotations" $ | nindent 4 }}
data:
VPN_AUTH: {{ . | b64enc }}
{{- end -}}
{{- end -}}

11
charts/library/common/templates/addons/vpn/wireguard/_addon.tpl
View file

@ -1,11 +0,0 @@
{{/*
Template to render Wireguard addon. It will add the container to the list of additionalContainers.
*/}}
*/}}
{{- define "common.addon.wireguard" -}}
{{/* Append the Wireguard container to the additionalContainers */}}
{{- $container := fromYaml (include "common.addon.wireguard.container" .) -}}
{{- if $container -}}
{{- $_ := set .Values.additionalContainers "addon-wireguard" $container -}}
{{- end -}}
{{- end -}}

57
charts/library/common/templates/addons/vpn/wireguard/_container.tpl
View file

@ -1,57 +0,0 @@
{{/*
The Wireguard sidecar container to be inserted.
*/}}
{{- define "common.addon.wireguard.container" -}}
name: wireguard
image: "{{ .Values.addons.vpn.wireguard.image.repository }}:{{ .Values.addons.vpn.wireguard.image.tag }}"
imagePullPolicy: {{ .Values.addons.vpn.wireguard.pullPolicy }}
{{- with .Values.addons.vpn.securityContext }}
securityContext:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.addons.vpn.env }}
env:
{{- . | toYaml | nindent 2 }}
{{- end }}
{{- with .Values.addons.vpn.envFrom }}
envFrom:
{{- . | toYaml | nindent 2 }}
{{- end }}
{{- with .Values.addons.vpn.args }}
args:
{{- . | toYaml | nindent 2 }}
{{- end }}
{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }}
volumeMounts:
{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret }}
- name: vpnconfig
mountPath: /etc/wireguard/wg0.conf
subPath: vpnConfigfile
{{- end }}
{{- if .Values.addons.vpn.scripts.up }}
- name: vpnscript
mountPath: /config/up.sh
subPath: up.sh
{{- end }}
{{- if .Values.addons.vpn.scripts.down }}
- name: vpnscript
mountPath: /config/down.sh
subPath: down.sh
{{- end }}
{{- if .Values.persistence.shared.enabled }}
- mountPath: {{ .Values.persistence.shared.mountPath }}
name: shared
{{- end }}
{{- with .Values.addons.vpn.additionalVolumeMounts }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- with .Values.addons.vpn.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 2 }}
{{- end -}}
{{- with .Values.addons.vpn.resources }}
resources:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end -}}

8
charts/library/common/templates/classes/_service.tpl
View file

@ -21,9 +21,11 @@ apiVersion: v1
kind: Service
metadata:
name: {{ $serviceName }}
{{- with (merge ($values.labels | default dict) (include "common.labels" $ | fromYaml)) }}
labels: {{- toYaml . | nindent 4 }}
{{- end }}
labels:
app.kubernetes.io/service: {{ $serviceName }}
{{- with (merge ($values.labels | default dict) (include "common.labels" $ | fromYaml)) }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- if eq ( $primaryPort.protocol | default "" ) "HTTPS" }}
traefik.ingress.kubernetes.io/service.serversscheme: https

30
charts/library/common/templates/classes/_serviceMonitor.tpl Normal file
View file

@ -0,0 +1,30 @@
{{- define "common.classes.serviceMonitor" -}}
{{- $values := dict -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.serviceMonitor -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- $serviceMonitorName := include "common.names.fullname" . -}}
{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
{{- $serviceMonitorName = printf "%v-%v" $serviceMonitorName $values.nameOverride -}}
{{ end -}}
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ $serviceMonitorName }}
{{- with (merge ($values.labels | default dict) (include "common.labels" $ | fromYaml)) }}
labels: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with (merge ($values.annotations | default dict) (include "common.annotations" $ | fromYaml)) }}
annotations: {{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
app.kubernetes.io/service: {{ $values.serviceName }}
{{- include "common.labels.selectorLabels" . | nindent 6 }}
endpoints: {{- toYaml (required (printf "endpoints are required for serviceMonitor %v" $serviceMonitorName) $values.endpoints) | nindent 4 }}
{{- end }}

6
charts/library/common/templates/lib/chart/_annotations.tpl
View file

@ -15,13 +15,13 @@
{{- tpl (toYaml .Values.podAnnotations) . | nindent 0 -}}
{{- end -}}
{{- $configMapsFound := false -}}
{{- $configMapsFound := dict -}}
{{- range $name, $configmap := .Values.configmap -}}
{{- if $configmap.enabled -}}
{{- $configMapsFound = true -}}
{{- $_ := set $configMapsFound $name (toYaml $configmap.data | sha256sum) -}}
{{- end -}}
{{- end -}}
{{- if $configMapsFound -}}
{{- printf "checksum/config: %v" (include ("common.configmap") . | sha256sum) | nindent 0 -}}
{{- printf "checksum/config: %v" (toYaml $configMapsFound | sha256sum) | nindent 0 -}}
{{- end -}}
{{- end -}}

51
charts/library/common/values.yaml
View file

@ -277,6 +277,20 @@ service:
# -- Provide additional labels which may be required.
labels: {}
# -- Configure a serviceMonitor for this Service.
# @default -- See below
monitor:
# -- Enables or disables the serviceMonitor.
enabled: false
# -- Configures the endpoints for the serviceMonitor.
# @default -- See values.yaml
endpoints:
- port: http
scheme: http
path: /metrics
interval: 1m
scrapeTimeout: 10s
# -- Configure the Service port information here.
# Additional ports can be added by adding a dictionary key similar to the 'http' service.
# @default -- See below
@ -477,42 +491,13 @@ resources: {}
addons:
# -- The common chart supports adding a VPN add-on. It can be configured under this key.
# For more info, check out [our docs](https://bjw-s.github.io/helm-charts/docs/common-library/common-library-add-ons/#wireguard-vpn)
# @default -- See values.yaml
vpn:
# -- Enable running a VPN in the pod to route traffic through a VPN
enabled: false
# -- Specify the VPN type. Valid options are `openvpn`, `wireguard` and `gluetun`.
type: openvpn
# -- OpenVPN specific configuration
# @default -- See below
openvpn:
image:
# -- Specify the openvpn client image
repository: dperson/openvpn-client
# -- Specify the openvpn client image tag
tag: latest
# -- Specify the openvpn client image pull policy
pullPolicy: IfNotPresent
# -- Credentials to connect to the VPN Service (used with -a)
auth: # "user;password"
# -- Optionally specify an existing secret that contains the credentials.
# Credentials should be stored under the `VPN_AUTH` key
authSecret: # my-vpn-secret
# -- WireGuard specific configuration
# @default -- See below
wireguard:
image:
# -- Specify the WireGuard image
repository: ghcr.io/k8s-at-home/wireguard
# -- Specify the WireGuard image tag
tag: v1.0.20210914
# -- Specify the WireGuard image pull policy
pullPolicy: IfNotPresent
# -- Specify the VPN type. Valid options are `gluetun`.
type: gluetun
# -- Gluetun specific configuration
# -- Make sure to read the [documentation](https://github.com/qdm12/gluetun/wiki) to see how to configure this addon!
@ -522,7 +507,7 @@ addons:
# -- Specify the Gluetun image
repository: docker.io/qmcgaw/gluetun
# -- Specify the Gluetun image tag
tag: v3.30.0
tag: v3.31.1
# -- Specify the Gluetun image pull policy
pullPolicy: IfNotPresent
@ -619,7 +604,7 @@ addons:
# -- Specify the code-server image
repository: ghcr.io/coder/code-server
# -- Specify the code-server image tag
tag: 4.5.1
tag: 4.7.0
# -- Specify the code-server image pull policy
pullPolicy: IfNotPresent