feat(common): Release 2.0.0-beta.2 (#176)

This commit is contained in:
Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs 2023-09-14 15:40:49 +02:00 committed by GitHub
parent ed407c00df
commit 9928235b84
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
80 changed files with 1306 additions and 161 deletions

View file

@ -0,0 +1,49 @@
{{/*
This template serves as a blueprint for all networkPolicy objects that are created
within the common library.
*/}}
{{- define "bjw-s.common.class.networkpolicy" -}}
{{- $rootContext := .rootContext -}}
{{- $networkPolicyObject := .object -}}
{{- $labels := merge
($networkPolicyObject.labels | default dict)
(include "bjw-s.common.lib.metadata.allLabels" $rootContext | fromYaml)
-}}
{{- $annotations := merge
($networkPolicyObject.annotations | default dict)
(include "bjw-s.common.lib.metadata.globalAnnotations" $rootContext | fromYaml)
-}}
{{- $podSelector := dict -}}
{{- if (hasKey $networkPolicyObject "podSelector") -}}
{{- $podSelector = $networkPolicyObject.podSelector -}}
{{- else -}}
{{- $podSelector = dict "matchLabels" (merge
($networkPolicyObject.extraSelectorLabels | default dict)
(dict "app.kubernetes.io/component" $networkPolicyObject.controller)
(include "bjw-s.common.lib.metadata.selectorLabels" $rootContext | fromYaml)
) -}}
{{- end -}}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ $networkPolicyObject.name }}
{{- with $labels }}
labels: {{- toYaml . | nindent 4 -}}
{{- end }}
{{- with $annotations }}
annotations: {{- toYaml . | nindent 4 -}}
{{- end }}
spec:
podSelector: {{- toYaml $podSelector | nindent 4 }}
{{- with $networkPolicyObject.policyTypes }}
policyTypes: {{- toYaml . | nindent 4 -}}
{{- end }}
{{- with $networkPolicyObject.rules.ingress }}
ingress: {{- tpl (toYaml .) $rootContext | nindent 4 -}}
{{- end }}
{{- with $networkPolicyObject.rules.egress }}
egress: {{- tpl (toYaml .) $rootContext | nindent 4 -}}
{{- end }}
{{- end -}}

View file

@ -1,58 +0,0 @@
{{- /* TODO: Remove this file */ -}}
{{/* Volumes included by the controller */}}
{{- define "bjw-s.common.lib.container.volumeMounts" -}}
{{- range $persistenceIndex, $persistenceItem := .Values.persistence }}
{{- if $persistenceItem.enabled -}}
{{- if kindIs "slice" $persistenceItem.subPath -}}
{{- if $persistenceItem.mountPath -}}
{{- fail (printf "Cannot use persistence.mountPath with a subPath list (%s)" $persistenceIndex) }}
{{- end -}}
{{- range $subPathIndex, $subPathItem := $persistenceItem.subPath }}
- name: {{ $persistenceIndex }}
subPath: {{ required "subPaths as a list of maps require a path field" $subPathItem.path }}
mountPath: {{ required "subPaths as a list of maps require an explicit mountPath field" $subPathItem.mountPath }}
{{- with $subPathItem.readOnly }}
readOnly: {{ . }}
{{- end }}
{{- with $subPathItem.mountPropagation }}
mountPropagation: {{ . }}
{{- end }}
{{- end -}}
{{- else -}}
{{/* Set the default mountPath to /<name_of_the_peristence_item> */}}
{{- $mountPath := (printf "/%v" $persistenceIndex) -}}
{{- if eq "hostPath" (default "pvc" $persistenceItem.type) -}}
{{- $mountPath = $persistenceItem.hostPath -}}
{{- end -}}
{{/* Use the specified mountPath if provided */}}
{{- with $persistenceItem.mountPath -}}
{{- $mountPath = . -}}
{{- end }}
{{- if ne $mountPath "-" }}
- name: {{ $persistenceIndex }}
mountPath: {{ $mountPath }}
{{- with $persistenceItem.subPath }}
subPath: {{ . }}
{{- end }}
{{- with $persistenceItem.readOnly }}
readOnly: {{ . }}
{{- end }}
{{- with $persistenceItem.mountPropagation }}
mountPropagation: {{ . }}
{{- end }}
{{- end }}
{{- end -}}
{{- end -}}
{{- end }}
{{- if eq .Values.controller.type "statefulset" }}
{{- range $index, $vct := .Values.volumeClaimTemplates }}
- mountPath: {{ $vct.mountPath }}
name: {{ $vct.name }}
{{- if $vct.subPath }}
subPath: {{ $vct.subPath }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}

View file

@ -15,7 +15,7 @@ Return the enabled containers for a controller.
{{- end -}}
{{- if $containerEnabled -}}
{{- $_ := set $enabledContainers $name . -}}
{{- $_ := set $enabledContainers $name $container -}}
{{- end -}}
{{- end -}}
{{- end -}}

View file

@ -0,0 +1,22 @@
{{/*
Validate networkPolicy values
*/}}
{{- define "bjw-s.common.lib.networkpolicy.validate" -}}
{{- $rootContext := .rootContext -}}
{{- $networkpolicyObject := .object -}}
{{- if and (not (hasKey $networkpolicyObject "podSelector")) (empty (get $networkpolicyObject "controller")) -}}
{{- fail (printf "controller reference or podSelector is required for NetworkPolicy. (NetworkPolicy %s)" $networkpolicyObject.identifier) -}}
{{- end -}}
{{- if empty (get $networkpolicyObject "policyTypes") -}}
{{- fail (printf "policyTypes is required for NetworkPolicy. (NetworkPolicy %s)" $networkpolicyObject.identifier) -}}
{{- end -}}
{{- $allowedpolicyTypes := list "Ingress" "Egress" -}}
{{- range $networkpolicyObject.policyTypes -}}
{{- if not (has . $allowedpolicyTypes) -}}
{{- fail (printf "Not a valid policyType for NetworkPolicy. (NetworkPolicy %s, value %s)" $networkpolicyObject.identifier .) -}}
{{- end -}}
{{- end -}}
{{- end -}}

View file

@ -0,0 +1,24 @@
{{/*
Convert networkPolicy values to an object
*/}}
{{- define "bjw-s.common.lib.networkpolicy.valuesToObject" -}}
{{- $rootContext := .rootContext -}}
{{- $identifier := .id -}}
{{- $objectValues := .values -}}
{{- /* Determine and inject the networkPolicy name */ -}}
{{- $objectName := (include "bjw-s.common.lib.chart.names.fullname" $rootContext) -}}
{{- if $objectValues.nameOverride -}}
{{- $objectName = printf "%s-%s" $objectName $objectValues.nameOverride -}}
{{- else -}}
{{- if ne $identifier "main" -}}
{{- $objectName = printf "%s-%s" $objectName $identifier -}}
{{- end -}}
{{- end -}}
{{- $_ := set $objectValues "name" $objectName -}}
{{- $_ := set $objectValues "identifier" $identifier -}}
{{- /* Return the networkPolicy object */ -}}
{{- $objectValues | toYaml -}}
{{- end -}}

View file

@ -19,7 +19,7 @@ runtimeClassName: {{ . | trim }}
schedulerName: {{ . | trim }}
{{- end -}}
{{- with ($controllerObject.pod.securityContext) }}
securityContext: {{ . | trim | nindent 2 }}
securityContext: {{ . | toYaml | nindent 2 }}
{{- end -}}
{{- with ($controllerObject.pod.hostname) }}
hostname: {{ . | trim }}
@ -29,13 +29,13 @@ hostNetwork: {{ $controllerObject.pod.hostNetwork }}
hostPID: {{ $controllerObject.pod.hostPID }}
dnsPolicy: {{ include "bjw-s.common.lib.pod.field.dnsPolicy" (dict "ctx" $ctx) | trim }}
{{- with $controllerObject.pod.dnsConfig }}
dnsConfig: {{ . | trim | nindent 2 }}
dnsConfig: {{ . | toYaml | nindent 2 }}
{{- end -}}
{{- with $controllerObject.pod.hostAliases }}
hostAliases: {{ . | trim | nindent 2 }}
hostAliases: {{ . | toYaml | nindent 2 }}
{{- end -}}
{{- with $controllerObject.pod.imagePullSecrets }}
imagePullSecrets: {{ . | trim | nindent 2 }}
imagePullSecrets: {{ . | toYaml | nindent 2 }}
{{- end -}}
{{- with $controllerObject.pod.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . | trim }}
@ -44,16 +44,16 @@ terminationGracePeriodSeconds: {{ . | trim }}
restartPolicy: {{ . | trim }}
{{- end -}}
{{- with $controllerObject.pod.nodeSelector }}
nodeSelector: {{ . | trim | nindent 2 }}
nodeSelector: {{ . | toYaml | nindent 2 }}
{{- end -}}
{{- with $controllerObject.pod.affinity }}
affinity: {{ . | trim | nindent 2 }}
affinity: {{ . | toYaml | nindent 2 }}
{{- end -}}
{{- with $controllerObject.pod.topologySpreadConstraints }}
topologySpreadConstraints: {{ . | trim | nindent 2 }}
topologySpreadConstraints: {{ . | toYaml | nindent 2 }}
{{- end -}}
{{- with $controllerObject.pod.tolerations }}
tolerations: {{ . | trim | nindent 2 }}
tolerations: {{ . | toYaml | nindent 2 }}
{{- end }}
{{- with (include "bjw-s.common.lib.pod.field.initContainers" (dict "ctx" $ctx) | trim) }}
initContainers: {{ . | nindent 2 }}

View file

@ -6,6 +6,7 @@ Returns the value for containers
{{- $controllerObject := .ctx.controllerObject -}}
{{- /* Default to empty list */ -}}
{{- $orderedContainers := dict -}}
{{- $containers := list -}}
{{- /* Fetch configured containers for this controller */ -}}
@ -19,7 +20,13 @@ Returns the value for containers
{{- /* Generate the Container spec */ -}}
{{- $renderedContainer := include "bjw-s.common.lib.container.spec" (dict "rootContext" $rootContext "controllerObject" $controllerObject "containerObject" $containerObject) | fromYaml -}}
{{- $containers = append $containers $renderedContainer -}}
{{- $containerOrder := (dig "order" 99 $containerValues) -}}
{{- $_ := set $orderedContainers (printf "%v-%s" $containerOrder $key) $renderedContainer -}}
{{- end -}}
{{- range $key, $containerValues := $orderedContainers -}}
{{- $containers = append $containers $containerValues -}}
{{- end -}}
{{- if not (empty $containers) -}}

View file

@ -6,19 +6,34 @@ Returns the value for initContainers
{{- $controllerObject := .ctx.controllerObject -}}
{{- /* Default to empty list */ -}}
{{- $orderedContainers := dict -}}
{{- $containers := list -}}
{{- /* Fetch configured containers for this controller */ -}}
{{- range $key, $containerValues := $controllerObject.initContainers -}}
{{- /* Create object from the container values */ -}}
{{- $containerObject := (include "bjw-s.common.lib.container.valuesToObject" (dict "rootContext" $ "id" $key "values" $containerValues)) | fromYaml -}}
{{- /* Enable container by default, but allow override */ -}}
{{- $containerEnabled := true -}}
{{- if hasKey $containerValues "enabled" -}}
{{- $containerEnabled = $containerValues.enabled -}}
{{- end -}}
{{- /* Perform validations on the Container before rendering */ -}}
{{- include "bjw-s.common.lib.container.validate" (dict "rootContext" $ "object" $containerObject) -}}
{{- if $containerEnabled -}}
{{- /* Create object from the container values */ -}}
{{- $containerObject := (include "bjw-s.common.lib.container.valuesToObject" (dict "rootContext" $ "id" $key "values" $containerValues)) | fromYaml -}}
{{- /* Generate the Container spec */ -}}
{{- $renderedContainer := include "bjw-s.common.lib.container.spec" (dict "rootContext" $rootContext "containerObject" $containerObject) | fromYaml -}}
{{- $containers = append $containers $renderedContainer -}}
{{- /* Perform validations on the Container before rendering */ -}}
{{- include "bjw-s.common.lib.container.validate" (dict "rootContext" $ "object" $containerObject) -}}
{{- /* Generate the Container spec */ -}}
{{- $renderedContainer := include "bjw-s.common.lib.container.spec" (dict "rootContext" $rootContext "containerObject" $containerObject) | fromYaml -}}
{{- $containerOrder := (dig "order" 99 $containerValues) -}}
{{- $_ := set $orderedContainers (printf "%v-%s" $containerOrder $key) $renderedContainer -}}
{{- end -}}
{{- end -}}
{{- range $key, $containerValues := $orderedContainers -}}
{{- $containers = append $containers $containerValues -}}
{{- end -}}
{{- if not (empty $containers) -}}

View file

@ -12,4 +12,5 @@ Secondary entrypoint and primary loader for the common chart
{{- include "bjw-s.common.render.routes" . | nindent 0 -}}
{{- include "bjw-s.common.render.configMaps" . | nindent 0 -}}
{{- include "bjw-s.common.render.secrets" . | nindent 0 -}}
{{- include "bjw-s.common.render.networkpolicies" . | nindent 0 -}}
{{- end -}}

View file

@ -0,0 +1,26 @@
{{/*
Renders the networkPolicy objects required by the chart.
*/}}
{{- define "bjw-s.common.render.networkpolicies" -}}
{{- /* Generate named networkPolicy as required */ -}}
{{- range $key, $networkPolicy := .Values.networkpolicies }}
{{- /* Enable networkPolicy by default, but allow override */ -}}
{{- $networkPolicyEnabled := true -}}
{{- if hasKey $networkPolicy "enabled" -}}
{{- $networkPolicyEnabled = $networkPolicy.enabled -}}
{{- end -}}
{{- if $networkPolicyEnabled -}}
{{- $networkPolicyValues := (mustDeepCopy $networkPolicy) -}}
{{- /* Create object from the raw networkPolicy values */ -}}
{{- $networkPolicyObject := (include "bjw-s.common.lib.networkpolicy.valuesToObject" (dict "rootContext" $ "id" $key "values" $networkPolicyValues)) | fromYaml -}}
{{- /* Perform validations on the networkPolicy before rendering */ -}}
{{- include "bjw-s.common.lib.networkpolicy.validate" (dict "rootContext" $ "object" $networkPolicyObject) -}}
{{/* Include the networkPolicy class */}}
{{- include "bjw-s.common.class.networkpolicy" (dict "rootContext" $ "object" $networkPolicyObject) | nindent 0 -}}
{{- end -}}
{{- end -}}
{{- end -}}