mirror of
https://github.com/bjw-s-labs/helm-charts.git
synced 2025-07-04 00:47:04 +02:00
feat(common): Release 3.5.0 (#357)
Co-authored-by: Lawrence Gil <lawrence.gil@assemblyglobal.com>
This commit is contained in:
Bernd Schorgers
GitHub
parent
5a722abfa9
commit
90e6b9e7cf
42 changed files with 1092 additions and 164 deletions
|
|
@ -31,8 +31,12 @@ metadata:
|
|||
{{- printf "%s: %s" $key (tpl $value $rootContext | toYaml ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with $configMapObject.data }}
|
||||
data:
|
||||
{{- with $configMapObject.data }}
|
||||
{{- tpl (toYaml .) $rootContext | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with $configMapObject.binaryData }}
|
||||
binaryData:
|
||||
{{- tpl (toYaml .) $rootContext | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
|
|||
40
charts/library/common/templates/classes/_role.tpl
Normal file
40
charts/library/common/templates/classes/_role.tpl
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
{{/*
|
||||
This template serves as a blueprint for generating Role objects in Kubernetes.
|
||||
*/}}
|
||||
{{- define "bjw-s.common.class.rbac.Role" -}}
|
||||
{{- $rootContext := .rootContext -}}
|
||||
{{- $roleObject := .object -}}
|
||||
|
||||
{{- $labels := merge
|
||||
($roleObject.labels | default dict)
|
||||
(include "bjw-s.common.lib.metadata.allLabels" $rootContext | fromYaml)
|
||||
-}}
|
||||
{{- $annotations := merge
|
||||
($roleObject.annotations | default dict)
|
||||
(include "bjw-s.common.lib.metadata.globalAnnotations" $rootContext | fromYaml)
|
||||
-}}
|
||||
{{- $rules := "" -}}
|
||||
{{- with $roleObject.rules -}}
|
||||
{{- $rules = (toYaml . ) | trim -}}
|
||||
{{- end -}}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
{{ with $roleObject.type -}}
|
||||
kind: {{ . }}
|
||||
{{ end -}}
|
||||
metadata:
|
||||
name: {{ $roleObject.name }}
|
||||
{{- with $labels }}
|
||||
labels: {{- toYaml . | nindent 4 -}}
|
||||
{{- end }}
|
||||
{{- with $annotations }}
|
||||
annotations: {{- toYaml . | nindent 4 -}}
|
||||
{{- end }}
|
||||
{{ if eq $roleObject.type "Role" -}}
|
||||
namespace: {{ $rootContext.Release.Namespace }}
|
||||
{{- end -}}
|
||||
{{ with $rules }}
|
||||
rules: {{- tpl . $rootContext | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
{{- end -}}
|
||||
68
charts/library/common/templates/classes/_rolebinding.tpl
Normal file
68
charts/library/common/templates/classes/_rolebinding.tpl
Normal file
|
|
@ -0,0 +1,68 @@
|
|||
{{/*
|
||||
This template serves as a blueprint for generating RoleBinding objects in Kubernetes.
|
||||
*/}}
|
||||
{{- define "bjw-s.common.class.rbac.roleBinding" -}}
|
||||
{{- $rootContext := .rootContext -}}
|
||||
{{- $roleBindingObject := .object -}}
|
||||
|
||||
{{- $labels := merge
|
||||
($roleBindingObject.labels | default dict)
|
||||
(include "bjw-s.common.lib.metadata.allLabels" $rootContext | fromYaml)
|
||||
-}}
|
||||
{{- $annotations := merge
|
||||
($roleBindingObject.annotations | default dict)
|
||||
(include "bjw-s.common.lib.metadata.globalAnnotations" $rootContext | fromYaml)
|
||||
-}}
|
||||
{{- $subjects := list -}}
|
||||
{{- with $roleBindingObject.subjects -}}
|
||||
{{- range $subject := . -}}
|
||||
{{- if hasKey . "identifier" -}}
|
||||
{{- $subject := include "bjw-s.common.lib.serviceAccount.getByIdentifier" (dict "rootContext" $rootContext "id" .identifier) | fromYaml -}}
|
||||
{{- $subject = pick $subject "name" -}}
|
||||
{{- $_ := set $subject "kind" "ServiceAccount" -}}
|
||||
{{- $_ := set $subject "namespace" $rootContext.Release.Namespace -}}
|
||||
{{- $subjects = mustAppend $subjects $subject -}}
|
||||
{{- else -}}
|
||||
{{- $subject := dict "name" .name "kind" .kind "namespace" .namespace -}}
|
||||
{{- $subjects = mustAppend $subjects $subject -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $subjects = $subjects | uniq | toYaml -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $role := dict -}}
|
||||
{{- with $roleBindingObject.roleRef -}}
|
||||
{{- if hasKey . "identifier" -}}
|
||||
{{- $role = include "bjw-s.common.lib.rbac.role.getByIdentifier" (dict "rootContext" $rootContext "id" .identifier) | fromYaml -}}
|
||||
{{- else -}}
|
||||
{{- $_ := set $role "name" .name -}}
|
||||
{{- $_ := set $role "type" .kind -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
{{ with $roleBindingObject.type -}}
|
||||
kind: {{ . }}
|
||||
{{ end -}}
|
||||
metadata:
|
||||
name: {{ $roleBindingObject.name }}
|
||||
{{- with $labels }}
|
||||
labels: {{- toYaml . | nindent 4 -}}
|
||||
{{- end }}
|
||||
{{- with $annotations }}
|
||||
annotations: {{- toYaml . | nindent 4 -}}
|
||||
{{- end }}
|
||||
{{ if eq $roleBindingObject.type "RoleBinding" -}}
|
||||
namespace: {{ $rootContext.Release.Namespace }}
|
||||
{{- end }}
|
||||
roleRef:
|
||||
kind: {{ $role.type }}
|
||||
name: {{ $role.name }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{ with $subjects -}}
|
||||
subjects: {{- tpl . $rootContext | nindent 2 }}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
|
@ -60,6 +60,9 @@ spec:
|
|||
{{- else }}
|
||||
type: {{ $svcType }}
|
||||
{{- end }}
|
||||
{{- if $serviceObject.internalTrafficPolicy }}
|
||||
internalTrafficPolicy: {{ $serviceObject.internalTrafficPolicy }}
|
||||
{{- end }}
|
||||
{{- if $serviceObject.externalTrafficPolicy }}
|
||||
externalTrafficPolicy: {{ $serviceObject.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -32,5 +32,5 @@ metadata:
|
|||
{{- end }}
|
||||
{{- end }}
|
||||
secrets:
|
||||
- name: {{ include "bjw-s.common.lib.chart.names.fullname" $rootContext }}-sa-token
|
||||
- name: {{ get (include "bjw-s.common.lib.secret.getByIdentifier" (dict "rootContext" $rootContext "id" (printf "%s-sa-token" $serviceAccountObject.identifier) ) | fromYaml) "name"}}
|
||||
{{- end -}}
|
||||
|
|
|
|||
|
|
@ -1,15 +1,17 @@
|
|||
{{/*
|
||||
Convert configMap values to an object
|
||||
Convert values to an object
|
||||
*/}}
|
||||
{{- define "bjw-s.common.lib.configMap.valuesToObject" -}}
|
||||
{{- define "bjw-s.common.lib.valuesToObject" -}}
|
||||
{{- $rootContext := .rootContext -}}
|
||||
{{- $identifier := .id -}}
|
||||
{{- $objectValues := .values -}}
|
||||
|
||||
{{- /* Determine and inject the configMap name */ -}}
|
||||
{{- /* Determine and inject the name */ -}}
|
||||
{{- $objectName := (include "bjw-s.common.lib.chart.names.fullname" $rootContext) -}}
|
||||
|
||||
{{- if $objectValues.nameOverride -}}
|
||||
{{- if $objectValues.forceRename -}}
|
||||
{{- $objectName = tpl $objectValues.forceRename $rootContext -}}
|
||||
{{- else if $objectValues.nameOverride -}}
|
||||
{{- $override := tpl $objectValues.nameOverride $rootContext -}}
|
||||
{{- if not (eq $objectName $override) -}}
|
||||
{{- $objectName = printf "%s-%s" $objectName $override -}}
|
||||
|
|
@ -19,9 +21,9 @@ Convert configMap values to an object
|
|||
{{- $objectName = printf "%s-%s" $objectName $identifier -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $_ := set $objectValues "name" $objectName -}}
|
||||
{{- $_ := set $objectValues "identifier" $identifier -}}
|
||||
|
||||
{{- /* Return the configMap object */ -}}
|
||||
{{- /* Return the object */ -}}
|
||||
{{- $objectValues | toYaml -}}
|
||||
{{- end -}}
|
||||
|
|
@ -7,6 +7,6 @@ Return a configMap Object by its Identifier.
|
|||
|
||||
{{- $configMapValues := dig $identifier nil $rootContext.Values.configMaps -}}
|
||||
{{- if not (empty $configMapValues) -}}
|
||||
{{- include "bjw-s.common.lib.configMap.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $configMapValues) -}}
|
||||
{{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $configMapValues) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
|
|||
|
|
@ -4,4 +4,8 @@ Validate configMap values
|
|||
{{- define "bjw-s.common.lib.configMap.validate" -}}
|
||||
{{- $rootContext := .rootContext -}}
|
||||
{{- $configMapValues := .object -}}
|
||||
|
||||
{{- if and (empty (get $configMapValues "data")) (empty (get $configMapValues "binaryData")) -}}
|
||||
{{- fail (printf "No data or binaryData specified for configMap. (configMap: %s)" $configMapValues.identifier) }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
|
|||
|
|
@ -3,9 +3,21 @@ Returns the value for serviceAccountName
|
|||
*/ -}}
|
||||
{{- define "bjw-s.common.lib.pod.field.serviceAccountName" -}}
|
||||
{{- $rootContext := .ctx.rootContext -}}
|
||||
{{- $controllerObject := .ctx.controllerObject -}}
|
||||
|
||||
{{- $serviceAccountValues := (mustDeepCopy $rootContext.Values.serviceAccount) -}}
|
||||
{{- $serviceAccountObject := (include "bjw-s.common.lib.serviceAccount.valuesToObject" (dict "rootContext" $rootContext "id" "default" "values" $serviceAccountValues)) | fromYaml -}}
|
||||
{{- $serviceAccountObject.name -}}
|
||||
{{- $serviceAccountName := "default" -}}
|
||||
|
||||
{{- if (get (include "bjw-s.common.lib.serviceAccount.getByIdentifier" (dict "rootContext" $rootContext "id" "default") | fromYaml) "create") -}}
|
||||
{{- $serviceAccountName = get (include "bjw-s.common.lib.serviceAccount.getByIdentifier" (dict "rootContext" $rootContext "id" "default") | fromYaml) "name" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- with $controllerObject.serviceAccount -}}
|
||||
{{- if hasKey . "identifier" -}}
|
||||
{{- $serviceAccountName = get (include "bjw-s.common.lib.serviceAccount.getByIdentifier" (dict "rootContext" $rootContext "id" .identifier) | fromYaml) "name" -}}
|
||||
{{- else if hasKey . "name" -}}
|
||||
{{- $serviceAccountName = .name -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $serviceAccountName -}}
|
||||
|
||||
{{- end -}}
|
||||
|
|
|
|||
|
|
@ -1,27 +0,0 @@
|
|||
{{/*
|
||||
Convert raw resource values to an object
|
||||
*/}}
|
||||
{{- define "bjw-s.common.lib.rawResource.valuesToObject" -}}
|
||||
{{- $rootContext := .rootContext -}}
|
||||
{{- $identifier := .id -}}
|
||||
{{- $objectValues := .values -}}
|
||||
|
||||
{{- /* Determine and inject the raw resource name */ -}}
|
||||
{{- $objectName := (include "bjw-s.common.lib.chart.names.fullname" $rootContext) -}}
|
||||
|
||||
{{- if $objectValues.nameOverride -}}
|
||||
{{- $override := tpl $objectValues.nameOverride $rootContext -}}
|
||||
{{- if not (eq $objectName $override) -}}
|
||||
{{- $objectName = printf "%s-%s" $objectName $override -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- if not (eq $objectName $identifier) -}}
|
||||
{{- $objectName = printf "%s-%s" $objectName $identifier -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set $objectValues "name" $objectName -}}
|
||||
{{- $_ := set $objectValues "identifier" $identifier -}}
|
||||
|
||||
{{- /* Return the raw resource object */ -}}
|
||||
{{- $objectValues | toYaml -}}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
{{/*
|
||||
Return a Role Object by its Identifier.
|
||||
*/}}
|
||||
{{- define "bjw-s.common.lib.rbac.role.getByIdentifier" -}}
|
||||
{{- $rootContext := .rootContext -}}
|
||||
{{- $identifier := .id -}}
|
||||
|
||||
{{- $roleValues := dig $identifier nil $rootContext.Values.rbac.roles -}}
|
||||
{{- if not (empty $roleValues) -}}
|
||||
{{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $roleValues) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
18
charts/library/common/templates/lib/role/_validate.tpl
Normal file
18
charts/library/common/templates/lib/role/_validate.tpl
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
{{/*
|
||||
Validate Role values
|
||||
*/}}
|
||||
{{- define "bjw-s.common.lib.rbac.role.validate" -}}
|
||||
{{- $rootContext := .rootContext -}}
|
||||
{{- $roleValues := .object -}}
|
||||
{{- $type := required "The role needs to have an explicitly declared type" $roleValues.type -}}
|
||||
{{- $typeList := list "Role" "ClusterRole" -}}
|
||||
{{- $rules := $roleValues.rules -}}
|
||||
|
||||
{{- if not (mustHas $type $typeList) -}}
|
||||
{{- fail (printf "You selected: `%s`. Type must be one of:\n%s\n" $type ($typeList|toYaml)) -}}
|
||||
{{- end -}}
|
||||
{{- if not $rules -}}
|
||||
{{- fail "Rules can't be empty" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
{{/*
|
||||
Return a RoleBinding Object by its Identifier.
|
||||
*/}}
|
||||
{{- define "bjw-s.common.lib.rbac.roleBinding.getByIdentifier" -}}
|
||||
{{- $rootContext := .rootContext -}}
|
||||
{{- $identifier := .id -}}
|
||||
|
||||
{{- $roleBindingValues := dig $identifier nil $rootContext.Values.rbac.bindings -}}
|
||||
{{- if not (empty $roleBindingValues) -}}
|
||||
{{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $roleBindingValues) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
{{/*
|
||||
Validate RoleBinding values
|
||||
*/}}
|
||||
{{- define "bjw-s.common.lib.rbac.roleBinding.validate" -}}
|
||||
{{- $rootContext := .rootContext -}}
|
||||
{{- $roleBindingValues := .object -}}
|
||||
{{- $type := required "The binding needs to have an explicitly declared type" $roleBindingValues.type -}}
|
||||
{{- $typeList := list "RoleBinding" "ClusterRoleBinding" -}}
|
||||
{{- $subjects := $roleBindingValues.subjects -}}
|
||||
{{- $roleRef := required "A roleRef is required" $roleBindingValues.roleRef -}}
|
||||
|
||||
{{- if not (mustHas $type $typeList) -}}
|
||||
{{- fail (printf "You selected: `%s`. Type must be one of:\n%s\n" $type ($typeList|toYaml)) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not (hasKey $roleRef "identifier") -}}
|
||||
{{- $name := required "If not using identifier roleRef must have a `name` key" $roleRef.name -}}
|
||||
{{- $name := required "If not using identifier roleRef must have a `kind` key" $roleRef.kind -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range $subject := $subjects -}}
|
||||
{{- if not (hasKey . "identifier") -}}
|
||||
{{- if not (hasKey . "name") -}}
|
||||
{{- $name := required "If not using identifier a subject must have a `name` key" .name -}}
|
||||
{{- else if not (hasKey . "namespace") -}}
|
||||
{{- $namespace := required "If not using identifier a subject must have a `namespace` key" .namespace -}}
|
||||
{{- else if not (hasKey . "kind") -}}
|
||||
{{- $kind := required "If not using identifier a subject must have a `kind` key" .kind -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
@ -7,6 +7,6 @@ Return a secret Object by its Identifier.
|
|||
|
||||
{{- $secretValues := dig $identifier nil $rootContext.Values.secrets -}}
|
||||
{{- if not (empty $secretValues) -}}
|
||||
{{- include "bjw-s.common.lib.secret.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $secretValues) -}}
|
||||
{{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $secretValues) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
|
|||
|
|
@ -1,27 +0,0 @@
|
|||
{{/*
|
||||
Convert Secret values to an object
|
||||
*/}}
|
||||
{{- define "bjw-s.common.lib.secret.valuesToObject" -}}
|
||||
{{- $rootContext := .rootContext -}}
|
||||
{{- $identifier := .id -}}
|
||||
{{- $objectValues := .values -}}
|
||||
|
||||
{{- /* Determine and inject the Secret name */ -}}
|
||||
{{- $objectName := (include "bjw-s.common.lib.chart.names.fullname" $rootContext) -}}
|
||||
|
||||
{{- if $objectValues.nameOverride -}}
|
||||
{{- $override := tpl $objectValues.nameOverride $rootContext -}}
|
||||
{{- if not (eq $objectName $override) -}}
|
||||
{{- $objectName = printf "%s-%s" $objectName $override -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- if not (eq $objectName $identifier) -}}
|
||||
{{- $objectName = printf "%s-%s" $objectName $identifier -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set $objectValues "name" $objectName -}}
|
||||
{{- $_ := set $objectValues "identifier" $identifier -}}
|
||||
|
||||
{{- /* Return the Secret object */ -}}
|
||||
{{- $objectValues | toYaml -}}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
{{/*
|
||||
Return a ServiceAccount Object by its Identifier.
|
||||
*/}}
|
||||
{{- define "bjw-s.common.lib.serviceAccount.getByIdentifier" -}}
|
||||
{{- $rootContext := .rootContext -}}
|
||||
{{- $identifier := .id -}}
|
||||
{{- if eq $identifier "default" -}}
|
||||
{{- include "bjw-s.common.lib.serviceAccount.valuesToObject" (dict "rootContext" $rootContext "id" "default" "values" $rootContext.Values.serviceAccount) -}}
|
||||
{{- else -}}
|
||||
{{- $serviceAccountValues := dig "extraServiceAccounts" $identifier nil $rootContext.Values.serviceAccount -}}
|
||||
{{- if not (empty $serviceAccountValues) -}}
|
||||
{{- include "bjw-s.common.lib.serviceAccount.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $serviceAccountValues) -}}
|
||||
{{- else -}}
|
||||
{{- fail (printf "No ServiceAccount configured with identifier: %s" $identifier) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
@ -7,17 +7,19 @@ Convert ServiceAccount values to an object
|
|||
{{- $objectValues := .values -}}
|
||||
|
||||
{{- /* Determine and inject the serviceAccount name */ -}}
|
||||
{{- $serviceAccountName := "" -}}
|
||||
{{- $defaultServiceAccountName := "default" -}}
|
||||
{{- if $objectValues.create -}}
|
||||
{{- $defaultServiceAccountName = (include "bjw-s.common.lib.chart.names.fullname" $rootContext) -}}
|
||||
{{- $defaultServiceAccountName := (include "bjw-s.common.lib.chart.names.fullname" $rootContext) -}}
|
||||
|
||||
{{- $objectName := $defaultServiceAccountName -}}
|
||||
|
||||
{{- with $objectValues.name -}}
|
||||
{{- $objectName = . -}}
|
||||
{{- end -}}
|
||||
{{- if and (ne $identifier "default") (not $objectValues.name) -}}
|
||||
{{- $objectName = printf "%s-%s" $defaultServiceAccountName $identifier -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $serviceAccountName = default $defaultServiceAccountName $objectValues.name -}}
|
||||
|
||||
{{- $_ := set $objectValues "name" $serviceAccountName -}}
|
||||
{{- $_ := set $objectValues "name" $objectName -}}
|
||||
{{- $_ := set $objectValues "identifier" $identifier -}}
|
||||
|
||||
{{- /* Return the serviceAccount object */ -}}
|
||||
{{- $objectValues | toYaml -}}
|
||||
{{- end -}}
|
||||
|
|
|
|||
|
|
@ -18,4 +18,5 @@ Secondary entrypoint and primary loader for the common chart
|
|||
{{- include "bjw-s.common.render.secrets" . | nindent 0 -}}
|
||||
{{- include "bjw-s.common.render.networkpolicies" . | nindent 0 -}}
|
||||
{{- include "bjw-s.common.render.rawResources" . | nindent 0 -}}
|
||||
{{- include "bjw-s.common.render.rbac" . | nindent 0 -}}
|
||||
{{- end -}}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@
|
|||
Renders the configMap objects required by the chart.
|
||||
*/}}
|
||||
{{- define "bjw-s.common.render.configMaps" -}}
|
||||
{{- $rootContext := $ -}}
|
||||
|
||||
{{- /* Generate named configMaps as required */ -}}
|
||||
{{- range $key, $configMap := .Values.configMaps }}
|
||||
{{- /* Enable configMap by default, but allow override */ -}}
|
||||
|
|
@ -14,7 +16,7 @@ Renders the configMap objects required by the chart.
|
|||
{{- $configMapValues := (mustDeepCopy $configMap) -}}
|
||||
|
||||
{{- /* Create object from the raw configMap values */ -}}
|
||||
{{- $configMapObject := (include "bjw-s.common.lib.configMap.valuesToObject" (dict "rootContext" $ "id" $key "values" $configMapValues)) | fromYaml -}}
|
||||
{{- $configMapObject := (include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $configMapValues)) | fromYaml -}}
|
||||
|
||||
{{- /* Perform validations on the configMap before rendering */ -}}
|
||||
{{- include "bjw-s.common.lib.configMap.validate" (dict "rootContext" $ "object" $configMapObject) -}}
|
||||
|
|
@ -37,21 +39,25 @@ Renders configMap objects required by the chart from a folder in the repo's path
|
|||
{{- $_ := set $topLevelFolders (dir $path) "" -}}
|
||||
{{- end -}}
|
||||
{{- $top_level_folder_list := keys $topLevelFolders | sortAlpha -}}
|
||||
|
||||
{{/* Iterate over the top level folders */}}
|
||||
{{ range $path := $top_level_folder_list }}
|
||||
{{- $filesContentNoFormat := ($.Files.Glob (printf "%s/*" $path)) -}}
|
||||
{{- $filesContent := dict -}}
|
||||
{{- $binaryFilesContent := dict -}}
|
||||
{{- range $file_name, $content := $filesContentNoFormat -}}
|
||||
{{- $key := base $file_name -}}
|
||||
{{- if contains ".escape" $key -}}
|
||||
{{- $key := $key | replace ".escape" "" -}}
|
||||
{{- $filesContent = merge $filesContent (dict $key (($.Files.Get $file_name) | replace "{{" "{{ `{{` }}")) -}}
|
||||
{{- else if contains ".binary" $key -}}
|
||||
{{- $key := $key | replace ".binary" "" -}}
|
||||
{{- $binaryFilesContent = merge $binaryFilesContent (dict $key ($.Files.Get $file_name | b64enc )) -}}
|
||||
{{- else -}}
|
||||
{{- $filesContent = merge $filesContent (dict $key ($.Files.Get $file_name)) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $configMapValues := dict "enabled" true "labels" dict "annotations" dict "data" $filesContent -}}
|
||||
|
||||
{{- $configMapValues := dict "enabled" true "labels" dict "annotations" dict "data" $filesContent "binaryData" $binaryFilesContent -}}
|
||||
{{- $existingConfigMaps := (get $rootValues "configMaps"| default dict) -}}
|
||||
{{- $mergedConfigMaps := deepCopy $existingConfigMaps | merge (dict (base $path) $configMapValues) -}}
|
||||
{{- $rootValues := merge $rootValues (dict "configMaps" $mergedConfigMaps) -}}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@
|
|||
Renders the controller objects required by the chart.
|
||||
*/}}
|
||||
{{- define "bjw-s.common.render.controllers" -}}
|
||||
{{- $rootContext := $ -}}
|
||||
|
||||
{{- /* Generate named controller objects as required */ -}}
|
||||
{{- range $key, $controller := .Values.controllers -}}
|
||||
{{- /* Enable controller by default, but allow override */ -}}
|
||||
|
|
@ -14,31 +16,31 @@ Renders the controller objects required by the chart.
|
|||
{{- $controllerValues := $controller -}}
|
||||
|
||||
{{- /* Create object from the raw controller values */ -}}
|
||||
{{- $controllerObject := (include "bjw-s.common.lib.controller.valuesToObject" (dict "rootContext" $ "id" $key "values" $controllerValues)) | fromYaml -}}
|
||||
{{- $controllerObject := (include "bjw-s.common.lib.controller.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $controllerValues)) | fromYaml -}}
|
||||
|
||||
{{- /* Perform validations on the controller before rendering */ -}}
|
||||
{{- include "bjw-s.common.lib.controller.validate" (dict "rootContext" $ "object" $controllerObject) -}}
|
||||
{{- include "bjw-s.common.lib.controller.validate" (dict "rootContext" $rootContext "object" $controllerObject) -}}
|
||||
|
||||
{{- if eq $controllerObject.type "deployment" -}}
|
||||
{{- $deploymentObject := (include "bjw-s.common.lib.deployment.valuesToObject" (dict "rootContext" $ "id" $key "values" $controllerObject)) | fromYaml -}}
|
||||
{{- include "bjw-s.common.lib.deployment.validate" (dict "rootContext" $ "object" $deploymentObject) -}}
|
||||
{{- include "bjw-s.common.class.deployment" (dict "rootContext" $ "object" $deploymentObject) | nindent 0 -}}
|
||||
{{- $deploymentObject := (include "bjw-s.common.lib.deployment.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $controllerObject)) | fromYaml -}}
|
||||
{{- include "bjw-s.common.lib.deployment.validate" (dict "rootContext" $rootContext "object" $deploymentObject) -}}
|
||||
{{- include "bjw-s.common.class.deployment" (dict "rootContext" $rootContext "object" $deploymentObject) | nindent 0 -}}
|
||||
{{- else if eq $controllerObject.type "cronjob" -}}
|
||||
{{- $cronjobObject := (include "bjw-s.common.lib.cronjob.valuesToObject" (dict "rootContext" $ "id" $key "values" $controllerObject)) | fromYaml -}}
|
||||
{{- include "bjw-s.common.lib.cronjob.validate" (dict "rootContext" $ "object" $cronjobObject) -}}
|
||||
{{- include "bjw-s.common.class.cronjob" (dict "rootContext" $ "object" $cronjobObject) | nindent 0 -}}
|
||||
{{- $cronjobObject := (include "bjw-s.common.lib.cronjob.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $controllerObject)) | fromYaml -}}
|
||||
{{- include "bjw-s.common.lib.cronjob.validate" (dict "rootContext" $rootContext "object" $cronjobObject) -}}
|
||||
{{- include "bjw-s.common.class.cronjob" (dict "rootContext" $rootContext "object" $cronjobObject) | nindent 0 -}}
|
||||
{{- else if eq $controllerObject.type "daemonset" -}}
|
||||
{{- $daemonsetObject := (include "bjw-s.common.lib.daemonset.valuesToObject" (dict "rootContext" $ "id" $key "values" $controllerObject)) | fromYaml -}}
|
||||
{{- include "bjw-s.common.lib.daemonset.validate" (dict "rootContext" $ "object" $daemonsetObject) -}}
|
||||
{{- include "bjw-s.common.class.daemonset" (dict "rootContext" $ "object" $daemonsetObject) | nindent 0 -}}
|
||||
{{- $daemonsetObject := (include "bjw-s.common.lib.daemonset.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $controllerObject)) | fromYaml -}}
|
||||
{{- include "bjw-s.common.lib.daemonset.validate" (dict "rootContext" $rootContext "object" $daemonsetObject) -}}
|
||||
{{- include "bjw-s.common.class.daemonset" (dict "rootContext" $rootContext "object" $daemonsetObject) | nindent 0 -}}
|
||||
{{- else if eq $controllerObject.type "statefulset" -}}
|
||||
{{- $statefulsetObject := (include "bjw-s.common.lib.statefulset.valuesToObject" (dict "rootContext" $ "id" $key "values" $controllerObject)) | fromYaml -}}
|
||||
{{- include "bjw-s.common.lib.statefulset.validate" (dict "rootContext" $ "object" $statefulsetObject) -}}
|
||||
{{- include "bjw-s.common.class.statefulset" (dict "rootContext" $ "object" $statefulsetObject) | nindent 0 -}}
|
||||
{{- $statefulsetObject := (include "bjw-s.common.lib.statefulset.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $controllerObject)) | fromYaml -}}
|
||||
{{- include "bjw-s.common.lib.statefulset.validate" (dict "rootContext" $rootContext "object" $statefulsetObject) -}}
|
||||
{{- include "bjw-s.common.class.statefulset" (dict "rootContext" $rootContext "object" $statefulsetObject) | nindent 0 -}}
|
||||
{{- else if eq $controllerObject.type "job" -}}
|
||||
{{- $jobObject := (include "bjw-s.common.lib.job.valuesToObject" (dict "rootContext" $ "id" $key "values" $controllerObject)) | fromYaml -}}
|
||||
{{- include "bjw-s.common.lib.job.validate" (dict "rootContext" $ "object" $jobObject) -}}
|
||||
{{- include "bjw-s.common.class.job" (dict "rootContext" $ "object" $jobObject) | nindent 0 -}}
|
||||
{{- $jobObject := (include "bjw-s.common.lib.job.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $controllerObject)) | fromYaml -}}
|
||||
{{- include "bjw-s.common.lib.job.validate" (dict "rootContext" $rootContext "object" $jobObject) -}}
|
||||
{{- include "bjw-s.common.class.job" (dict "rootContext" $rootContext "object" $jobObject) | nindent 0 -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,9 @@
|
|||
Renders other arbirtrary objects required by the chart.
|
||||
*/}}
|
||||
{{- define "bjw-s.common.render.rawResources" -}}
|
||||
{{- /* Generate pvc as required */ -}}
|
||||
{{- $rootContext := $ -}}
|
||||
|
||||
{{- /* Generate raw resources as required */ -}}
|
||||
{{- range $key, $resource := .Values.rawResources -}}
|
||||
{{- /* Enable by default, but allow override */ -}}
|
||||
{{- $resourceEnabled := true -}}
|
||||
|
|
@ -14,7 +16,7 @@ Renders other arbirtrary objects required by the chart.
|
|||
{{- $resourceValues := (mustDeepCopy $resource) -}}
|
||||
|
||||
{{- /* Create object from the raw resource values */ -}}
|
||||
{{- $resourceObject := (include "bjw-s.common.lib.rawResource.valuesToObject" (dict "rootContext" $ "id" $key "values" $resourceValues)) | fromYaml -}}
|
||||
{{- $resourceObject := (include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $resourceValues)) | fromYaml -}}
|
||||
|
||||
{{- /* Perform validations on the resource before rendering */ -}}
|
||||
{{- include "bjw-s.common.lib.rawResource.validate" (dict "rootContext" $ "object" $resourceValues) -}}
|
||||
|
|
|
|||
67
charts/library/common/templates/render/_rbac.tpl
Normal file
67
charts/library/common/templates/render/_rbac.tpl
Normal file
|
|
@ -0,0 +1,67 @@
|
|||
{{/*
|
||||
Renders RBAC objects required by the chart.
|
||||
*/}}
|
||||
{{- define "bjw-s.common.render.rbac" -}}
|
||||
{{- $rootContext := . -}}
|
||||
{{- include "bjw-s.common.render.rbac.roles" (dict "rootContext" $rootContext) -}}
|
||||
|
||||
{{- include "bjw-s.common.render.rbac.roleBindings" (dict "rootContext" $rootContext) -}}
|
||||
|
||||
{{ end }}
|
||||
|
||||
{{/*
|
||||
Renders RBAC Role objects required by the chart.
|
||||
*/}}
|
||||
{{- define "bjw-s.common.render.rbac.roles" -}}
|
||||
{{- $rootContext := .rootContext -}}
|
||||
{{- /* Generate named Roles as required */ -}}
|
||||
{{- range $key, $role := $rootContext.Values.rbac.roles }}
|
||||
{{- /* Enable role by default, but allow override */ -}}
|
||||
{{- $roleEnabled := true -}}
|
||||
{{- if hasKey $role "enabled" -}}
|
||||
{{- $roleEnabled = $role.enabled -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $roleEnabled -}}
|
||||
{{- $roleValues := (mustDeepCopy $role) -}}
|
||||
|
||||
{{- /* Create object from the raw role values */ -}}
|
||||
{{- $roleObject := (include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $roleValues)) | fromYaml -}}
|
||||
|
||||
{{- /* Perform validations on the role before rendering */ -}}
|
||||
{{- include "bjw-s.common.lib.rbac.role.validate" (dict "rootContext" $rootContext "object" $roleObject) -}}
|
||||
|
||||
{{/* Include the role class */}}
|
||||
{{- include "bjw-s.common.class.rbac.Role" (dict "rootContext" $rootContext "object" $roleObject) | nindent 0 -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Renders RBAC RoleBinding objects required by the chart.
|
||||
*/}}
|
||||
{{- define "bjw-s.common.render.rbac.roleBindings" -}}
|
||||
{{- $rootContext := .rootContext -}}
|
||||
{{- range $key, $roleBinding := $rootContext.Values.rbac.bindings }}
|
||||
{{- /* Enable RoleBinding by default, but allow override */ -}}
|
||||
{{- $roleBindingEnabled := true -}}
|
||||
{{- if hasKey $roleBinding "enabled" -}}
|
||||
{{- $roleBindingEnabled = $roleBinding.enabled -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $roleBindingEnabled -}}
|
||||
{{- $roleBindingValues := (mustDeepCopy $roleBinding) -}}
|
||||
|
||||
{{- /* Create object from the raw RoleBinding values */ -}}
|
||||
{{- $roleBindingObject := (include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $roleBindingValues)) | fromYaml -}}
|
||||
|
||||
{{- /* Perform validations on the RoleBinding before rendering */ -}}
|
||||
{{- include "bjw-s.common.lib.rbac.roleBinding.validate" (dict "rootContext" $rootContext "object" $roleBindingObject) -}}
|
||||
|
||||
{{/* Include the RoleBinding class */}}
|
||||
{{- include "bjw-s.common.class.rbac.roleBinding" (dict "rootContext" $rootContext "object" $roleBindingObject) | nindent 0 -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
@ -2,6 +2,8 @@
|
|||
Renders the Secret objects required by the chart.
|
||||
*/}}
|
||||
{{- define "bjw-s.common.render.secrets" -}}
|
||||
{{- $rootContext := $ -}}
|
||||
|
||||
{{- /* Generate named Secrets as required */ -}}
|
||||
{{- range $key, $secret := .Values.secrets }}
|
||||
{{- /* Enable Secret by default, but allow override */ -}}
|
||||
|
|
@ -14,7 +16,7 @@ Renders the Secret objects required by the chart.
|
|||
{{- $secretValues := (mustDeepCopy $secret) -}}
|
||||
|
||||
{{- /* Create object from the raw Secret values */ -}}
|
||||
{{- $secretObject := (include "bjw-s.common.lib.secret.valuesToObject" (dict "rootContext" $ "id" $key "values" $secretValues)) | fromYaml -}}
|
||||
{{- $secretObject := (include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $secretValues)) | fromYaml -}}
|
||||
|
||||
{{- /* Perform validations on the Secret before rendering */ -}}
|
||||
{{- include "bjw-s.common.lib.secret.validate" (dict "rootContext" $ "object" $secretObject) -}}
|
||||
|
|
|
|||
|
|
@ -11,10 +11,39 @@ Renders the serviceAccount object required by the chart.
|
|||
{{- /* Perform validations on the ServiceAccount before rendering */ -}}
|
||||
{{- include "bjw-s.common.lib.serviceAccount.validate" (dict "rootContext" $ "object" $serviceAccountObject) -}}
|
||||
|
||||
{{- /* Create a service account secret */ -}}
|
||||
{{- $_ := set .Values.secrets (printf "%s-sa-token" $serviceAccountObject.identifier) (dict "enabled" true "annotations" (dict "kubernetes.io/service-account.name" $serviceAccountObject.name) "type" "kubernetes.io/service-account-token") -}}
|
||||
|
||||
{{/* Include the serviceAccount class */}}
|
||||
{{- include "bjw-s.common.class.serviceAccount" (dict "rootContext" $ "object" $serviceAccountObject) | nindent 0 -}}
|
||||
|
||||
{{- /* Create a service account secret */ -}}
|
||||
{{- $_ := set .Values.secrets "sa-token" (dict "enabled" true "annotations" (dict "kubernetes.io/service-account.name" $serviceAccountObject.name) "type" "kubernetes.io/service-account-token") -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- /* Generate named serviceAccount objects as required */ -}}
|
||||
{{- with .Values.serviceAccount.extraServiceAccounts -}}
|
||||
{{- range $key, $serviceAccount := . -}}
|
||||
{{- $serviceAccountEnabled := true -}}
|
||||
{{- if hasKey $serviceAccount "create" -}}
|
||||
{{- $serviceAccountEnabled = $serviceAccount.create -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $serviceAccountEnabled -}}
|
||||
{{- $serviceAccountValues := $serviceAccount -}}
|
||||
|
||||
{{- /* Create object from the raw ServiceAccount values */ -}}
|
||||
{{- $serviceAccountObject := (include "bjw-s.common.lib.serviceAccount.valuesToObject" (dict "rootContext" $ "id" $key "values" $serviceAccountValues)) | fromYaml -}}
|
||||
|
||||
{{- /* Perform validations on the ServiceAccount before rendering */ -}}
|
||||
{{- include "bjw-s.common.lib.serviceAccount.validate" (dict "rootContext" $ "object" $serviceAccountObject) -}}
|
||||
|
||||
{{- /* Create a service account secret */ -}}
|
||||
{{- $_ := set $.Values.secrets (printf "%s-sa-token" $serviceAccountObject.identifier) (dict "enabled" true "annotations" (dict "kubernetes.io/service-account.name" $serviceAccountObject.name) "type" "kubernetes.io/service-account-token") -}}
|
||||
|
||||
{{/* Include the serviceAccount class */}}
|
||||
{{- include "bjw-s.common.class.serviceAccount" (dict "rootContext" $ "object" $serviceAccountObject) | nindent 0 -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue