public/helm-charts
1
0
Fork 0
mirror of https://github.com/bjw-s-labs/helm-charts.git synced 2025-07-03 08:37:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

feat(common): Release common 4.0.0 (#398)

Browse source 
Co-authored-by: lab-assistant[bot] <180935599+lab-assistant[bot]@users.noreply.github.com>
This commit is contained in:
Bernd Schorgers 2025-05-16 08:40:39 +02:00
parent 1e210f43e3
commit a01a89cb13
No known key found for this signature in database
327 changed files with 11181 additions and 7330 deletions
Download patch file Download diff file Expand all files Collapse all files

337
docs/app-template/index.md
View file

@ -31,342 +31,7 @@ examples/helm/vaultwarden/values.yaml
## Upgrade instructions
### From 2.x.x to 3.0.x
The main changes from v2.x to v3.x are the removal of the default `main` objects and the introduction of JSON schema validation.
!!! warning
**IMPORTANT** The introduction of the json schema adds additional validations and restrictions on the contents of your chart values.
Things may have been missed during the initial schema creation, so if you run in to any unexpected validation errors please [raise an issue](https://github.com/bjw-s-labs/helm-charts/issues/new?assignees=bjw-s&labels=bug&projects=&template=bug-report.md&title=)
Given the following real-life example values.yaml for app-template v2:
<details>
<summary>Expand</summary>
```yaml
---
defaultPodOptions:
securityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
supplementalGroups:
- 65539
controllers:
main:
containers:
main:
image:
repository: ghcr.io/onedr0p/sabnzbd
tag: latest
pullPolicy: IfNotPresent
service:
main:
ports:
http:
port: 8080
ingress:
media:
enabled: true
className: "ingress-nginx"
hosts:
- host: sabnzbd.bjw-s.dev
paths:
- path: /
service:
name: main
port: http
persistence:
media:
existingClaim: nas-media
globalMounts:
- path: /data/nas-media
```
</details>
The values for app-template v3.x would become this:
```yaml
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/common-3.2.0/charts/library/common/values.schema.json
defaultPodOptions:
enableServiceLinks: true
securityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
supplementalGroups:
- 65539
controllers:
sabnzbd: # this can now be any name you wish
containers:
app: # this can now be any name you wish
image:
repository: ghcr.io/onedr0p/sabnzbd
tag: latest
pullPolicy: IfNotPresent
probes:
liveness:
enabled: true
readiness:
enabled: true
startup:
enabled: true
spec:
failureThreshold: 30
periodSeconds: 5
service:
app: # this can now be any name you wish
controller: sabnzbd
ports:
http:
port: 8080
ingress:
media: # this can now be any name you wish
className: "ingress-nginx"
hosts:
- host: sabnzbd.bjw-s.dev
paths:
- path: /
service:
identifier: app
port: http
persistence:
media:
existingClaim: nas-media
globalMounts:
- path: /data/nas-media
```
#### 🚧 Diff view
<details>
<summary>Expand</summary>
```diff
--- old
+++ new
@@ -1,42 +1,55 @@
---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/common-3.2.0/charts/library/common/values.schema.json
defaultPodOptions:
+ enableServiceLinks: true
securityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
supplementalGroups:
- 65539
controllers:
- main:
+ sabnzbd: # this can now be any name you wish
containers:
- main:
+ app: # this can now be any name you wish
image:
repository: ghcr.io/onedr0p/sabnzbd
tag: latest
pullPolicy: IfNotPresent
+ probes:
+ liveness:
+ enabled: true
+ readiness:
+ enabled: true
+ startup:
+ enabled: true
+ spec:
+ failureThreshold: 30
+ periodSeconds: 5
+
service:
- main:
+ app: # this can now be any name you wish
+ controller: sabnzbd
ports:
http:
port: 8080
ingress:
- media:
- enabled: true
+ media: # this can now be any name you wish
className: "ingress-nginx"
hosts:
- host: sabnzbd.bjw-s.dev
paths:
- path: /
service:
- name: main
+ identifier: app
port: http
persistence:
media:
existingClaim: nas-media
globalMounts:
- path: /data/nas-media
```
</details>
#### Changes in this example
This is not meant as an exhaustive list of changes, but rather a "most common" example.
- The `main` object for controllers, containers, services and ingress has been removed from `values.yaml` and will therefore no longer provide any (both expected and unexpected) default values.
- The `config` object for persistence has been removed from `values.yaml` and will therefore no longer provide any (both expected and unexpected) default values.
- `enableServiceLinks` has been disabled by default. In order to explicitly enable serviceLinks, set the value to `true`.
- `ingress.*.hosts.*.paths.*.service` Service references now require either `name` or `identifier` to be set.
- Persistence items of type `configMap` and `secret` object references now allow either `name` or `identifier` to be set.
### From 1.x.x to 2.0.x
!!! warning
**IMPORTANT** Because a new label has been introduced in the controller labelSelector (which is an immutable field), Deployments cannot be upgraded in place!
[More details](https://www.datree.io/resources/kubernetes-error-codes-field-is-immutable)
!!! info
Some items (Ingress, ports, persistence items, etc) now default to being enabled by default. However, this is not always the case for some of the `items due to overrides in the default `values.yaml`.
[More background](https://github.com/bjw-s-labs/helm-charts/issues/205)
Given the following real-life example values.yaml for app-template v1:
<details>
<summary>Expand</summary>
```yaml
image:
repository: ghcr.io/onedr0p/sabnzbd
tag: latest
pullPolicy: IfNotPresent
podSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
supplementalGroups:
- 65539
service:
main:
ports:
http:
port: 8080
ingress:
media:
enabled: true
ingressClassName: "ingress-nginx"
hosts:
- host: sabnzbd.bjw-s.dev
paths:
- path: /
persistence:
media:
enabled: true
existingClaim: nas-media
globalMounts:
- path: /data/nas-media
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
```
</details>
The values for app-template v2.x would become this:
```yaml
defaultPodOptions:
securityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
supplementalGroups:
- 65539
controllers:
main:
containers:
main:
image:
repository: ghcr.io/onedr0p/sabnzbd
tag: latest
pullPolicy: IfNotPresent
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
service:
main:
ports:
http:
port: 8080
ingress:
media:
enabled: true
className: "ingress-nginx"
hosts:
- host: sabnzbd.bjw-s.dev
paths:
- path: /
service:
name: main
port: http
persistence:
media:
existingClaim: nas-media
globalMounts:
- path: /data/nas-media
```
#### Changes in this example
This is not meant as an exhaustive list of changes, but rather a "most common" example.
- `podSecurityContext` has been moved to `defaultPodOptions.securityContext`. It is also possible to configure this on a controller-specific basis by moving it to `controllers.main.pod.securityContext` instead.
- `image` has been moved to `controllers.main.containers.main.image` so that multiple containers can be configured.
- `ingress.media.ingressClassName` has been renamed to `ingress.main.className`.
- `ingress.media.enabled` can be removed, since items are considered enabled by default (they can still be disabled by adding `enabled: false`).
- `ingress.media.hosts.*.paths.*.service` is now required since there is no more concept of a default "primary" service.
- `persistence.media.mountPath` has been moved to `persistence.media.globalMounts.*.path` to allow multiple mountPaths for the same persistence item.
- `persistence.media.enabled` can be removed, since items are considered enabled by default (they can still be disabled by adding `enabled: false`).
- `probes` has been moved to `controllers.main.containers.main.probes` so that multiple containers can be configured.
Upgrade instructions for major versions can be found [here](upgrade-instructions.md).
## Source code

375
docs/app-template/upgrade-instructions.md Normal file
View file

@ -0,0 +1,375 @@
# Upgrade instructions
## From 3.x.x to 4.0.x
Migrating from v3.x to v4.x introduces a number of breaking changes. Additionally, the minimum required Kubernetes version has been increased to version **1.28.x**.
#### Resource names
The second breaking change is the new and consistent resource naming scheme. See [here](../common-library/resources/names.md) for more information on how the new naming scheme works.
This change may lead to generated resources getting new names, causing resources with the old naming scheme to be removed.
!!! warning
**IMPORTANT** As with any major software version upgrade, please verify that you have a working backup of your data.
#### serviceAccounts
##### Tokens
When creating a serviceAccount in v3, this would always also create a Secret containing a static long-lived Service Account token. Nowadays it is preferable to use short-lived tokens and have Kubernetes manage them automatically.
If a static long-lived token is still required for a serviceAccount, this can be configured by setting the `staticToken` key of the serviceAccount to `true`.
##### Creation
The syntax for creating service accounts has changed. Instead of configuring a `default` serviceAccount and optional `extraServiceAccounts` the syntax has been brought in line with other resources:
```yaml
serviceAccount:
myServiceAccount: {}
mySecondServiceAccount:
staticToken: true
myThirdServiceAccount:
enabled: false
controllers:
main:
serviceAccount:
identifier: myServiceAccount
```
#### Controller labels
The hardcoded `app.kubernetes.io/component` label that is used to target specific controllers has been renamed to `app.kubernetes.io/controller`.
## From 2.x.x to 3.0.x
The main changes from v2.x to v3.x are the removal of the default `main` objects and the introduction of JSON schema validation.
Given the following real-life example values.yaml for app-template v2:
<details>
<summary>Expand</summary>
```yaml
---
defaultPodOptions:
securityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
supplementalGroups:
- 65539
controllers:
main:
containers:
main:
image:
repository: ghcr.io/onedr0p/sabnzbd
tag: latest
pullPolicy: IfNotPresent
service:
main:
ports:
http:
port: 8080
ingress:
media:
enabled: true
className: "ingress-nginx"
hosts:
- host: sabnzbd.bjw-s.dev
paths:
- path: /
service:
name: main
port: http
persistence:
media:
existingClaim: nas-media
globalMounts:
- path: /data/nas-media
```
</details>
The values for app-template v3.x would become this:
```yaml
---
defaultPodOptions:
enableServiceLinks: true
securityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
supplementalGroups:
- 65539
controllers:
sabnzbd: # this can now be any name you wish
containers:
app: # this can now be any name you wish
image:
repository: ghcr.io/onedr0p/sabnzbd
tag: latest
pullPolicy: IfNotPresent
probes:
liveness:
enabled: true
readiness:
enabled: true
startup:
enabled: true
spec:
failureThreshold: 30
periodSeconds: 5
service:
app: # this can now be any name you wish
controller: sabnzbd
ports:
http:
port: 8080
ingress:
media: # this can now be any name you wish
className: "ingress-nginx"
hosts:
- host: sabnzbd.bjw-s.dev
paths:
- path: /
service:
identifier: app
port: http
persistence:
media:
existingClaim: nas-media
globalMounts:
- path: /data/nas-media
```
#### 🚧 Diff view
<details>
<summary>Expand</summary>
```diff
--- old
+++ new
@@ -1,42 +1,55 @@
---
defaultPodOptions:
+ enableServiceLinks: true
securityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
supplementalGroups:
- 65539
controllers:
- main:
+ sabnzbd: # this can now be any name you wish
containers:
- main:
+ app: # this can now be any name you wish
image:
repository: ghcr.io/onedr0p/sabnzbd
tag: latest
pullPolicy: IfNotPresent
+ probes:
+ liveness:
+ enabled: true
+ readiness:
+ enabled: true
+ startup:
+ enabled: true
+ spec:
+ failureThreshold: 30
+ periodSeconds: 5
+
service:
- main:
+ app: # this can now be any name you wish
+ controller: sabnzbd
ports:
http:
port: 8080
ingress:
- media:
- enabled: true
+ media: # this can now be any name you wish
className: "ingress-nginx"
hosts:
- host: sabnzbd.bjw-s.dev
paths:
- path: /
service:
- name: main
+ identifier: app
port: http
persistence:
media:
existingClaim: nas-media
globalMounts:
- path: /data/nas-media
```
</details>
#### Changes in this example
This is not meant as an exhaustive list of changes, but rather a "most common" example.
- The `main` object for controllers, containers, services and ingress has been removed from `values.yaml` and will therefore no longer provide any (both expected and unexpected) default values.
- The `config` object for persistence has been removed from `values.yaml` and will therefore no longer provide any (both expected and unexpected) default values.
- `enableServiceLinks` has been disabled by default. In order to explicitly enable serviceLinks, set the value to `true`.
- `ingress.*.hosts.*.paths.*.service` Service references now require either `name` or `identifier` to be set.
- Persistence items of type `configMap` and `secret` object references now allow either `name` or `identifier` to be set.
## From 1.x.x to 2.0.x
!!! warning
**IMPORTANT** Because a new label has been introduced in the controller labelSelector (which is an immutable field), Deployments cannot be upgraded in place!
[More details](https://www.datree.io/resources/kubernetes-error-codes-field-is-immutable)
!!! info
Some items (Ingress, ports, persistence items, etc) now default to being enabled by default. However, this is not always the case for some of the `items due to overrides in the default `values.yaml`.
[More background](https://github.com/bjw-s-labs/helm-charts/issues/205)
Given the following real-life example values.yaml for app-template v1:
<details>
<summary>Expand</summary>
```yaml
image:
repository: ghcr.io/onedr0p/sabnzbd
tag: latest
pullPolicy: IfNotPresent
podSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
supplementalGroups:
- 65539
service:
main:
ports:
http:
port: 8080
ingress:
media:
enabled: true
ingressClassName: "ingress-nginx"
hosts:
- host: sabnzbd.bjw-s.dev
paths:
- path: /
persistence:
media:
enabled: true
existingClaim: nas-media
globalMounts:
- path: /data/nas-media
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
```
</details>
The values for app-template v2.x would become this:
```yaml
defaultPodOptions:
securityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
supplementalGroups:
- 65539
controllers:
main:
containers:
main:
image:
repository: ghcr.io/onedr0p/sabnzbd
tag: latest
pullPolicy: IfNotPresent
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
service:
main:
ports:
http:
port: 8080
ingress:
media:
enabled: true
className: "ingress-nginx"
hosts:
- host: sabnzbd.bjw-s.dev
paths:
- path: /
service:
name: main
port: http
persistence:
media:
existingClaim: nas-media
globalMounts:
- path: /data/nas-media
```
#### Changes in this example
This is not meant as an exhaustive list of changes, but rather a "most common" example.
- `podSecurityContext` has been moved to `defaultPodOptions.securityContext`. It is also possible to configure this on a controller-specific basis by moving it to `controllers.main.pod.securityContext` instead.
- `image` has been moved to `controllers.main.containers.main.image` so that multiple containers can be configured.
- `ingress.media.ingressClassName` has been renamed to `ingress.main.className`.
- `ingress.media.enabled` can be removed, since items are considered enabled by default (they can still be disabled by adding `enabled: false`).
- `ingress.media.hosts.*.paths.*.service` is now required since there is no more concept of a default "primary" service.
- `persistence.media.mountPath` has been moved to `persistence.media.globalMounts.*.path` to allow multiple mountPaths for the same persistence item.
- `persistence.media.enabled` can be removed, since items are considered enabled by default (they can still be disabled by adding `enabled: false`).
- `probes` has been moved to `controllers.main.containers.main.probes` so that multiple containers can be configured.

84
docs/common-library/howto/default-pod-options.md Normal file
View file

@ -0,0 +1,84 @@
---
hide:
- toc
---
# Setting default Pod options
It is possible to configure default Pod options under the `defaultPodOptions` key. These options will be applied to all Pods specified in the chart values.
To see which fields can be configured, please take a look at the Chart values schema specific to your Common library version. The latest version can be found here: https://github.com/bjw-s-labs/helm-charts/blob/main/charts/library/common/schemas/pod.json
## Default value strategies
### Overwrite
The default strategy for configuring default Pod options is `overwrite`. This means that if a controller has an entry for a default Pod option it will be overwritten entirely by the Pod-specific configuration.
This behavior can be set explicitly by setting `defaultPodOptionsStrategy` to `overwrite`.
An (abbreviated) example of the `overwrite` strategy:
```yaml
defaultPodOptions:
resources:
requests:
memory: 1Gi
cpu: 150m
controllers:
main:
pod:
resources:
requests:
cpu: 100m
containers:
main:
...
```
The expected `resources` field on the `main` Deployment is expected to look like this:
```yaml
resources:
requests:
cpu: 100m
```
### Merge
An alternative strategy for configuring default Pod options is `merge`. This means that if a Pod has an entry for a default Pod option it will be merged with the Pod-specific configuration.
This behavior can be set explicitly by setting `defaultPodOptionsStrategy` to `merge`.
An (abbreviated) example of the `merge` strategy:
```yaml
defaultPodOptionsStrategy: merge
defaultPodOptions:
resources:
requests:
memory: 1Gi
cpu: 150m
controllers:
main:
pod:
resources:
requests:
cpu: 100m
containers:
main:
...
```
The expected `resources` field on the `main` Deployment is expected to look like this:
```yaml
resources:
requests:
memory: 1Gi
cpu: 100m
```

42
docs/common-library/resources/names.md Normal file
View file

@ -0,0 +1,42 @@
# Names
### Configuration
Each resource that can be created by the Common library supports the following fields to control the generated resource name, along with the resource identifier.
All of these fields support the use of Helm templates for advanced naming requirements.
#### forceRename
Override the default resource name entirely.
!!! info
The `forceRename` field is mutually exclusive with the `prefix` and `suffix` fields.
#### prefix
Prefix to prepend to the resource name.
#### suffix
Suffix to append to the resource name. Defaults to the resource identifier if there are multiple enabled items, otherwise it defaults to an empty value.
### Behavior
Assuming a Helm Release with the name `base_name`, the following table gives an overview of how the resource name is generated:
| item key | enabled items | `prefix` | `suffix` | `forceRename` | Generated name |
|----------|---------------|----------|----------|----------------------------|------------------------|
| `id` | 1 | | | `random_name` | `random_name` |
| `id` | 1 | | | `{{ .Release.Namespace }}` | `default` |
| `id` | 1 | | | | `base_name` |
| `id` | 1 | `pfx` | | | `pfx-base_name` |
| `id` | 1 | | `sfx` | | `base_name-sfx` |
| `id` | 2 | | | | `base_name-id` |
| `id` | 1 | `pfx` | `sfx` | | `pfx-base_name-sfx` |
| `id` | 2 | `pfx` | | | `pfx-base_name-id` |
| `id` | 2 | | `sfx` | | `base_name-id-sfx` |
| `id` | 2 | `pfx` | `sfx` | | `pfx-base_name-id-sfx` |
| `id` | 1 | | `sfx` | | `base_name-sfx` |
| `id` | 1 | `pfx` | | | `pfx-base_name` |
| `id` | 1 | `pfx` | `sfx` | | `pfx-base_name-sfx` |

8
docs/common-library/storage/globalOptions.md
View file

@ -45,6 +45,10 @@ Specify if the volume should be mounted read-only
Specifies a sub-path inside the referenced volume instead of its root.
### subPathExpr
Use the `subPathExpr` field to construct `subPath` directory names from downward API environment variables. See the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath-expanded-environment) for more information.
## advancedMounts
Explicitly configure mounts for specific controllers and containers.
@ -86,3 +90,7 @@ Specify if the volume should be mounted read-only
### subPath
Specifies a sub-path inside the referenced volume instead of its root.
### subPathExpr
Use the `subPathExpr` field to construct `subPath` directory names from downward API environment variables. See the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath-expanded-environment) for more information.