mirror of
https://github.com/bjw-s-labs/helm-charts.git
synced 2025-07-04 00:47:04 +02:00
feat(common): Release 2.0.0-beta.2 (#176)
This commit is contained in:
parent
ed407c00df
commit
9928235b84
80 changed files with 1306 additions and 161 deletions
49
charts/library/common/templates/classes/_networkpolicy.tpl
Normal file
49
charts/library/common/templates/classes/_networkpolicy.tpl
Normal file
|
@ -0,0 +1,49 @@
|
|||
{{/*
|
||||
This template serves as a blueprint for all networkPolicy objects that are created
|
||||
within the common library.
|
||||
*/}}
|
||||
{{- define "bjw-s.common.class.networkpolicy" -}}
|
||||
{{- $rootContext := .rootContext -}}
|
||||
{{- $networkPolicyObject := .object -}}
|
||||
|
||||
{{- $labels := merge
|
||||
($networkPolicyObject.labels | default dict)
|
||||
(include "bjw-s.common.lib.metadata.allLabels" $rootContext | fromYaml)
|
||||
-}}
|
||||
{{- $annotations := merge
|
||||
($networkPolicyObject.annotations | default dict)
|
||||
(include "bjw-s.common.lib.metadata.globalAnnotations" $rootContext | fromYaml)
|
||||
-}}
|
||||
{{- $podSelector := dict -}}
|
||||
{{- if (hasKey $networkPolicyObject "podSelector") -}}
|
||||
{{- $podSelector = $networkPolicyObject.podSelector -}}
|
||||
{{- else -}}
|
||||
{{- $podSelector = dict "matchLabels" (merge
|
||||
($networkPolicyObject.extraSelectorLabels | default dict)
|
||||
(dict "app.kubernetes.io/component" $networkPolicyObject.controller)
|
||||
(include "bjw-s.common.lib.metadata.selectorLabels" $rootContext | fromYaml)
|
||||
) -}}
|
||||
{{- end -}}
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ $networkPolicyObject.name }}
|
||||
{{- with $labels }}
|
||||
labels: {{- toYaml . | nindent 4 -}}
|
||||
{{- end }}
|
||||
{{- with $annotations }}
|
||||
annotations: {{- toYaml . | nindent 4 -}}
|
||||
{{- end }}
|
||||
spec:
|
||||
podSelector: {{- toYaml $podSelector | nindent 4 }}
|
||||
{{- with $networkPolicyObject.policyTypes }}
|
||||
policyTypes: {{- toYaml . | nindent 4 -}}
|
||||
{{- end }}
|
||||
{{- with $networkPolicyObject.rules.ingress }}
|
||||
ingress: {{- tpl (toYaml .) $rootContext | nindent 4 -}}
|
||||
{{- end }}
|
||||
{{- with $networkPolicyObject.rules.egress }}
|
||||
egress: {{- tpl (toYaml .) $rootContext | nindent 4 -}}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -1,58 +0,0 @@
|
|||
{{- /* TODO: Remove this file */ -}}
|
||||
|
||||
{{/* Volumes included by the controller */}}
|
||||
{{- define "bjw-s.common.lib.container.volumeMounts" -}}
|
||||
{{- range $persistenceIndex, $persistenceItem := .Values.persistence }}
|
||||
{{- if $persistenceItem.enabled -}}
|
||||
{{- if kindIs "slice" $persistenceItem.subPath -}}
|
||||
{{- if $persistenceItem.mountPath -}}
|
||||
{{- fail (printf "Cannot use persistence.mountPath with a subPath list (%s)" $persistenceIndex) }}
|
||||
{{- end -}}
|
||||
{{- range $subPathIndex, $subPathItem := $persistenceItem.subPath }}
|
||||
- name: {{ $persistenceIndex }}
|
||||
subPath: {{ required "subPaths as a list of maps require a path field" $subPathItem.path }}
|
||||
mountPath: {{ required "subPaths as a list of maps require an explicit mountPath field" $subPathItem.mountPath }}
|
||||
{{- with $subPathItem.readOnly }}
|
||||
readOnly: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $subPathItem.mountPropagation }}
|
||||
mountPropagation: {{ . }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{/* Set the default mountPath to /<name_of_the_peristence_item> */}}
|
||||
{{- $mountPath := (printf "/%v" $persistenceIndex) -}}
|
||||
{{- if eq "hostPath" (default "pvc" $persistenceItem.type) -}}
|
||||
{{- $mountPath = $persistenceItem.hostPath -}}
|
||||
{{- end -}}
|
||||
{{/* Use the specified mountPath if provided */}}
|
||||
{{- with $persistenceItem.mountPath -}}
|
||||
{{- $mountPath = . -}}
|
||||
{{- end }}
|
||||
{{- if ne $mountPath "-" }}
|
||||
- name: {{ $persistenceIndex }}
|
||||
mountPath: {{ $mountPath }}
|
||||
{{- with $persistenceItem.subPath }}
|
||||
subPath: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $persistenceItem.readOnly }}
|
||||
readOnly: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $persistenceItem.mountPropagation }}
|
||||
mountPropagation: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if eq .Values.controller.type "statefulset" }}
|
||||
{{- range $index, $vct := .Values.volumeClaimTemplates }}
|
||||
- mountPath: {{ $vct.mountPath }}
|
||||
name: {{ $vct.name }}
|
||||
{{- if $vct.subPath }}
|
||||
subPath: {{ $vct.subPath }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -15,7 +15,7 @@ Return the enabled containers for a controller.
|
|||
{{- end -}}
|
||||
|
||||
{{- if $containerEnabled -}}
|
||||
{{- $_ := set $enabledContainers $name . -}}
|
||||
{{- $_ := set $enabledContainers $name $container -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
{{/*
|
||||
Validate networkPolicy values
|
||||
*/}}
|
||||
{{- define "bjw-s.common.lib.networkpolicy.validate" -}}
|
||||
{{- $rootContext := .rootContext -}}
|
||||
{{- $networkpolicyObject := .object -}}
|
||||
|
||||
{{- if and (not (hasKey $networkpolicyObject "podSelector")) (empty (get $networkpolicyObject "controller")) -}}
|
||||
{{- fail (printf "controller reference or podSelector is required for NetworkPolicy. (NetworkPolicy %s)" $networkpolicyObject.identifier) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty (get $networkpolicyObject "policyTypes") -}}
|
||||
{{- fail (printf "policyTypes is required for NetworkPolicy. (NetworkPolicy %s)" $networkpolicyObject.identifier) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $allowedpolicyTypes := list "Ingress" "Egress" -}}
|
||||
{{- range $networkpolicyObject.policyTypes -}}
|
||||
{{- if not (has . $allowedpolicyTypes) -}}
|
||||
{{- fail (printf "Not a valid policyType for NetworkPolicy. (NetworkPolicy %s, value %s)" $networkpolicyObject.identifier .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,24 @@
|
|||
{{/*
|
||||
Convert networkPolicy values to an object
|
||||
*/}}
|
||||
{{- define "bjw-s.common.lib.networkpolicy.valuesToObject" -}}
|
||||
{{- $rootContext := .rootContext -}}
|
||||
{{- $identifier := .id -}}
|
||||
{{- $objectValues := .values -}}
|
||||
|
||||
{{- /* Determine and inject the networkPolicy name */ -}}
|
||||
{{- $objectName := (include "bjw-s.common.lib.chart.names.fullname" $rootContext) -}}
|
||||
|
||||
{{- if $objectValues.nameOverride -}}
|
||||
{{- $objectName = printf "%s-%s" $objectName $objectValues.nameOverride -}}
|
||||
{{- else -}}
|
||||
{{- if ne $identifier "main" -}}
|
||||
{{- $objectName = printf "%s-%s" $objectName $identifier -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set $objectValues "name" $objectName -}}
|
||||
{{- $_ := set $objectValues "identifier" $identifier -}}
|
||||
|
||||
{{- /* Return the networkPolicy object */ -}}
|
||||
{{- $objectValues | toYaml -}}
|
||||
{{- end -}}
|
|
@ -19,7 +19,7 @@ runtimeClassName: {{ . | trim }}
|
|||
schedulerName: {{ . | trim }}
|
||||
{{- end -}}
|
||||
{{- with ($controllerObject.pod.securityContext) }}
|
||||
securityContext: {{ . | trim | nindent 2 }}
|
||||
securityContext: {{ . | toYaml | nindent 2 }}
|
||||
{{- end -}}
|
||||
{{- with ($controllerObject.pod.hostname) }}
|
||||
hostname: {{ . | trim }}
|
||||
|
@ -29,13 +29,13 @@ hostNetwork: {{ $controllerObject.pod.hostNetwork }}
|
|||
hostPID: {{ $controllerObject.pod.hostPID }}
|
||||
dnsPolicy: {{ include "bjw-s.common.lib.pod.field.dnsPolicy" (dict "ctx" $ctx) | trim }}
|
||||
{{- with $controllerObject.pod.dnsConfig }}
|
||||
dnsConfig: {{ . | trim | nindent 2 }}
|
||||
dnsConfig: {{ . | toYaml | nindent 2 }}
|
||||
{{- end -}}
|
||||
{{- with $controllerObject.pod.hostAliases }}
|
||||
hostAliases: {{ . | trim | nindent 2 }}
|
||||
hostAliases: {{ . | toYaml | nindent 2 }}
|
||||
{{- end -}}
|
||||
{{- with $controllerObject.pod.imagePullSecrets }}
|
||||
imagePullSecrets: {{ . | trim | nindent 2 }}
|
||||
imagePullSecrets: {{ . | toYaml | nindent 2 }}
|
||||
{{- end -}}
|
||||
{{- with $controllerObject.pod.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ . | trim }}
|
||||
|
@ -44,16 +44,16 @@ terminationGracePeriodSeconds: {{ . | trim }}
|
|||
restartPolicy: {{ . | trim }}
|
||||
{{- end -}}
|
||||
{{- with $controllerObject.pod.nodeSelector }}
|
||||
nodeSelector: {{ . | trim | nindent 2 }}
|
||||
nodeSelector: {{ . | toYaml | nindent 2 }}
|
||||
{{- end -}}
|
||||
{{- with $controllerObject.pod.affinity }}
|
||||
affinity: {{ . | trim | nindent 2 }}
|
||||
affinity: {{ . | toYaml | nindent 2 }}
|
||||
{{- end -}}
|
||||
{{- with $controllerObject.pod.topologySpreadConstraints }}
|
||||
topologySpreadConstraints: {{ . | trim | nindent 2 }}
|
||||
topologySpreadConstraints: {{ . | toYaml | nindent 2 }}
|
||||
{{- end -}}
|
||||
{{- with $controllerObject.pod.tolerations }}
|
||||
tolerations: {{ . | trim | nindent 2 }}
|
||||
tolerations: {{ . | toYaml | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with (include "bjw-s.common.lib.pod.field.initContainers" (dict "ctx" $ctx) | trim) }}
|
||||
initContainers: {{ . | nindent 2 }}
|
||||
|
|
|
@ -6,6 +6,7 @@ Returns the value for containers
|
|||
{{- $controllerObject := .ctx.controllerObject -}}
|
||||
|
||||
{{- /* Default to empty list */ -}}
|
||||
{{- $orderedContainers := dict -}}
|
||||
{{- $containers := list -}}
|
||||
|
||||
{{- /* Fetch configured containers for this controller */ -}}
|
||||
|
@ -19,7 +20,13 @@ Returns the value for containers
|
|||
|
||||
{{- /* Generate the Container spec */ -}}
|
||||
{{- $renderedContainer := include "bjw-s.common.lib.container.spec" (dict "rootContext" $rootContext "controllerObject" $controllerObject "containerObject" $containerObject) | fromYaml -}}
|
||||
{{- $containers = append $containers $renderedContainer -}}
|
||||
|
||||
{{- $containerOrder := (dig "order" 99 $containerValues) -}}
|
||||
{{- $_ := set $orderedContainers (printf "%v-%s" $containerOrder $key) $renderedContainer -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range $key, $containerValues := $orderedContainers -}}
|
||||
{{- $containers = append $containers $containerValues -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not (empty $containers) -}}
|
||||
|
|
|
@ -6,19 +6,34 @@ Returns the value for initContainers
|
|||
{{- $controllerObject := .ctx.controllerObject -}}
|
||||
|
||||
{{- /* Default to empty list */ -}}
|
||||
{{- $orderedContainers := dict -}}
|
||||
{{- $containers := list -}}
|
||||
|
||||
{{- /* Fetch configured containers for this controller */ -}}
|
||||
{{- range $key, $containerValues := $controllerObject.initContainers -}}
|
||||
{{- /* Create object from the container values */ -}}
|
||||
{{- $containerObject := (include "bjw-s.common.lib.container.valuesToObject" (dict "rootContext" $ "id" $key "values" $containerValues)) | fromYaml -}}
|
||||
{{- /* Enable container by default, but allow override */ -}}
|
||||
{{- $containerEnabled := true -}}
|
||||
{{- if hasKey $containerValues "enabled" -}}
|
||||
{{- $containerEnabled = $containerValues.enabled -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- /* Perform validations on the Container before rendering */ -}}
|
||||
{{- include "bjw-s.common.lib.container.validate" (dict "rootContext" $ "object" $containerObject) -}}
|
||||
{{- if $containerEnabled -}}
|
||||
{{- /* Create object from the container values */ -}}
|
||||
{{- $containerObject := (include "bjw-s.common.lib.container.valuesToObject" (dict "rootContext" $ "id" $key "values" $containerValues)) | fromYaml -}}
|
||||
|
||||
{{- /* Generate the Container spec */ -}}
|
||||
{{- $renderedContainer := include "bjw-s.common.lib.container.spec" (dict "rootContext" $rootContext "containerObject" $containerObject) | fromYaml -}}
|
||||
{{- $containers = append $containers $renderedContainer -}}
|
||||
{{- /* Perform validations on the Container before rendering */ -}}
|
||||
{{- include "bjw-s.common.lib.container.validate" (dict "rootContext" $ "object" $containerObject) -}}
|
||||
|
||||
{{- /* Generate the Container spec */ -}}
|
||||
{{- $renderedContainer := include "bjw-s.common.lib.container.spec" (dict "rootContext" $rootContext "containerObject" $containerObject) | fromYaml -}}
|
||||
|
||||
{{- $containerOrder := (dig "order" 99 $containerValues) -}}
|
||||
{{- $_ := set $orderedContainers (printf "%v-%s" $containerOrder $key) $renderedContainer -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range $key, $containerValues := $orderedContainers -}}
|
||||
{{- $containers = append $containers $containerValues -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not (empty $containers) -}}
|
||||
|
|
|
@ -12,4 +12,5 @@ Secondary entrypoint and primary loader for the common chart
|
|||
{{- include "bjw-s.common.render.routes" . | nindent 0 -}}
|
||||
{{- include "bjw-s.common.render.configMaps" . | nindent 0 -}}
|
||||
{{- include "bjw-s.common.render.secrets" . | nindent 0 -}}
|
||||
{{- include "bjw-s.common.render.networkpolicies" . | nindent 0 -}}
|
||||
{{- end -}}
|
||||
|
|
26
charts/library/common/templates/render/_networkpolicies.tpl
Normal file
26
charts/library/common/templates/render/_networkpolicies.tpl
Normal file
|
@ -0,0 +1,26 @@
|
|||
{{/*
|
||||
Renders the networkPolicy objects required by the chart.
|
||||
*/}}
|
||||
{{- define "bjw-s.common.render.networkpolicies" -}}
|
||||
{{- /* Generate named networkPolicy as required */ -}}
|
||||
{{- range $key, $networkPolicy := .Values.networkpolicies }}
|
||||
{{- /* Enable networkPolicy by default, but allow override */ -}}
|
||||
{{- $networkPolicyEnabled := true -}}
|
||||
{{- if hasKey $networkPolicy "enabled" -}}
|
||||
{{- $networkPolicyEnabled = $networkPolicy.enabled -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $networkPolicyEnabled -}}
|
||||
{{- $networkPolicyValues := (mustDeepCopy $networkPolicy) -}}
|
||||
|
||||
{{- /* Create object from the raw networkPolicy values */ -}}
|
||||
{{- $networkPolicyObject := (include "bjw-s.common.lib.networkpolicy.valuesToObject" (dict "rootContext" $ "id" $key "values" $networkPolicyValues)) | fromYaml -}}
|
||||
|
||||
{{- /* Perform validations on the networkPolicy before rendering */ -}}
|
||||
{{- include "bjw-s.common.lib.networkpolicy.validate" (dict "rootContext" $ "object" $networkPolicyObject) -}}
|
||||
|
||||
{{/* Include the networkPolicy class */}}
|
||||
{{- include "bjw-s.common.class.networkpolicy" (dict "rootContext" $ "object" $networkPolicyObject) | nindent 0 -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
Loading…
Add table
Add a link
Reference in a new issue