diff --git a/.gitignore b/.gitignore index fa5eb19f..81bba96e 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,5 @@ repository/ data temp +charts/ +Chart.lock diff --git a/dotnet/Chart.yaml b/dotnet/Chart.yaml index 0d32d668..aaed4b3e 100644 --- a/dotnet/Chart.yaml +++ b/dotnet/Chart.yaml @@ -1,5 +1,8 @@ -apiVersion: v1 +apiVersion: v2 description: .NET Core Helm Chart name: dotnet -version: 8.1.0 - +version: 9.0.0 +dependencies: + - name: libchart + version: 0.1.0 + repository: file://../libchart diff --git a/dotnet/templates/NOTES.txt b/dotnet/templates/NOTES.txt index 6808df52..bbf96a91 100644 --- a/dotnet/templates/NOTES.txt +++ b/dotnet/templates/NOTES.txt @@ -4,16 +4,16 @@ http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "dotnet.name" . }}) + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "java.name" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ template "dotnet.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "dotnet.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + You can watch the status of by running 'kubectl get svc -w {{ template "libchart.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "libchart.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "dotnet.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "libchart.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:80 {{- end }} diff --git a/dotnet/templates/_helpers.tpl b/dotnet/templates/_helpers.tpl deleted file mode 100644 index 16bf987f..00000000 --- a/dotnet/templates/_helpers.tpl +++ /dev/null @@ -1,30 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "dotnet.name" -}} -{{- default .Release.Name .Values.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "dotnet.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "dotnet.metaLabels" -}} -app.kubernetes.io/name: {{ template "dotnet.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/component: {{ default (include "dotnet.name" .) .Values.appComponent }} -app.kubernetes.io/version: {{ .Values.appVersion }} -app.kubernetes.io/part-of: {{ default (include "dotnet.name" .) .Values.appPartOf }} -app.kubernetes.io/managed-by: helm -helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -{{- end -}} - -{{- define "dotnet.selectorLabels" -}} -app.kubernetes.io/name: {{ template "dotnet.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/version: {{ .Values.appVersion }} -{{- end -}} \ No newline at end of file diff --git a/dotnet/templates/cm-certificate.yaml b/dotnet/templates/cm-certificate.yaml index 80afc1a6..c714ee04 100644 --- a/dotnet/templates/cm-certificate.yaml +++ b/dotnet/templates/cm-certificate.yaml @@ -1,36 +1,3 @@ -{{- $hosts := .Values.cert.hosts -}} - -{{- if and .Values.istio.enabled (.Values.istio.ingress.enabled) }} -{{ $hosts = .Values.istio.ingress.hosts }} -{{- else if .Values.ingress.enabled }} -{{ $hosts = .Values.ingress.hosts }} +{{- if .Values.cert.enabled -}} +{{- include "libchart.cm-certificate.tpl" . }} {{- end }} - -{{- if and .Values.cert.enabled ($hosts) }} - -apiVersion: {{ .Values.certmanagerApiVersion }} -kind: Certificate -metadata: - name: {{ template "dotnet.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "dotnet.metaLabels" . | nindent 4 }} - annotations: -{{ toYaml .Values.cert.annotations | indent 4 }} -spec: -{{- if .Values.cert.secretName }} - secretName: {{ .Values.cert.secretName }} -{{- else }} - secretName: {{ template "dotnet.name" . }} -{{- end }} -{{- if .Values.cert.duration }} - duration: {{ .Values.cert.duration }} -{{- end }} - renewBefore: {{ .Values.cert.renewBefore }} - commonName: {{ index $hosts 0 }} - dnsNames: -{{ $hosts | toYaml | indent 4 }} - issuerRef: - name: {{ .Values.cert.issuer | default "letsencrypt-prod" }} - kind: {{ .Values.cert.issuerKind | default "ClusterIssuer" }} -{{- end }} \ No newline at end of file diff --git a/dotnet/templates/deployment.yaml b/dotnet/templates/deployment.yaml index 486044f9..942aa8a5 100644 --- a/dotnet/templates/deployment.yaml +++ b/dotnet/templates/deployment.yaml @@ -1,131 +1,3 @@ -{{- if .Capabilities.APIVersions.Has "apps/v1" }} -apiVersion: apps/v1 -{{ else }} -apiVersion: apps/v1beta1 +{{ if eq .Values.deployKind "deployment" }} +{{- include "libchart.deployment.tpl" . -}} {{- end }} -kind: Deployment -metadata: - name: {{ template "dotnet.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "dotnet.metaLabels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "dotnet.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "dotnet.metaLabels" . | nindent 8 }} - {{- if .Values.podLabels }} - {{ toYaml .Values.podLabels | nindent 8 }} - {{- end -}} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range $pullSecret := .Values.image.pullSecrets }} - - name: {{ $pullSecret }} - {{- end }} -{{- end }} - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: Always - {{- if or (.Values.volumeMounts) (.Values.csi) }} - volumeMounts: - {{- if .Values.volumeMounts }} -{{ toYaml .Values.volumeMounts | indent 12 }} - {{- end }} - {{- if .Values.csi }} - - name: {{ .Values.csi.name }} - mountPath: {{ .Values.csi.mountPath | quote }} - readOnly: true - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.service.targetPort | default 8080 }} - protocol: TCP - {{ if .Values.extraPorts }} - {{ toYaml .Values.extraPorts | nindent 12 }} - {{- end }} -{{- if and (.Values.liveness) (.Values.liveness.enabled) }} - livenessProbe: - httpGet: - path: {{ .Values.liveness.path | default "/" }} - port: {{ .Values.liveness.port | default 8080 }} - initialDelaySeconds: {{ .Values.liveness.delay | default 15 }} - timeoutSeconds: {{ .Values.liveness.timeout | default 15 }} - periodSeconds: {{ .Values.liveness.periodSeconds | default 15 }} -{{- end }} -{{- if and (.Values.readiness) (.Values.readiness.enabled) }} - readinessProbe: - httpGet: - path: {{ .Values.readiness.path | default "/" }} - port: {{ .Values.readiness.port | default 8080 }} - initialDelaySeconds: {{ .Values.readiness.delay | default 15 }} - timeoutSeconds: {{ .Values.readiness.timeout | default 15 }} - periodSeconds: {{ .Values.readiness.periodSeconds | default 15 }} -{{- end }} - env: - - name: APP_ENV - value: {{ .Values.appEnv }} - {{- if .Values.secrets }} -{{ toYaml .Values.secrets | indent 10 }} - {{- end }} - {{- if .Values.environment }} -{{ toYaml .Values.environment | indent 10 }} - {{- end }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - - {{- if or .Values.affinity .Values.podAntiAffinity }} - affinity: - {{- with .Values.affinity }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if eq .Values.podAntiAffinity "hard" }} - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: "{{ .Values.podAntiAffinityTopologyKey }}" - labelSelector: - matchLabels: - {{- include "dotnet.selectorLabels" . | nindent 18 }} - {{- else if eq .Values.podAntiAffinity "soft" }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: "{{ .Values.podAntiAffinityTopologyKey }}" - labelSelector: - matchLabels: - {{- include "dotnet.selectorLabels" . | nindent 20 }} - {{- end }} - {{- end }} - - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if or (.Values.volumes) (.Values.csi) }} - volumes: - {{- if .Values.volumes }} -{{ toYaml .Values.volumes | indent 8 }} - {{- end }} - {{- if .Values.csi }} - - name: {{ .Values.csi.name }} - persistentVolumeClaim: - claimName: {{ .Values.csi.name }} - {{ end }} - {{ end }} diff --git a/dotnet/templates/hpa.yaml b/dotnet/templates/hpa.yaml new file mode 100644 index 00000000..1a9351cf --- /dev/null +++ b/dotnet/templates/hpa.yaml @@ -0,0 +1,3 @@ +{{- if .Values.autoscaling.enabled }} +{{- include "libchart.hpa.tpl" . }} +{{- end }} diff --git a/dotnet/templates/ingress.yaml b/dotnet/templates/ingress.yaml index 346e3c30..25c77bfb 100644 --- a/dotnet/templates/ingress.yaml +++ b/dotnet/templates/ingress.yaml @@ -1,40 +1,3 @@ {{- if .Values.ingress.enabled -}} -{{- $name := include "dotnet.name" . -}} -{{- $ingressPath := .Values.ingress.path -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "dotnet.metaLabels" . | nindent 4 }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $ingressPath }} - backend: - serviceName: {{ $name }} - servicePort: http - {{- end }} +{{- include "libchart.ingress.tpl" . -}} {{- end }} diff --git a/dotnet/templates/pod-disruption-budget.yaml b/dotnet/templates/pod-disruption-budget.yaml index e083d1b1..c00e2856 100644 --- a/dotnet/templates/pod-disruption-budget.yaml +++ b/dotnet/templates/pod-disruption-budget.yaml @@ -1,16 +1,3 @@ {{- if .Values.podDisruptionBudget -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "dotnet.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "dotnet.metaLabels" . | nindent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "dotnet.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Values.appVersion }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end -}} \ No newline at end of file +{{- include "libchart.pdb.tpl" . -}} +{{- end }} diff --git a/dotnet/templates/pv-secrets-store-csi-pv.yaml b/dotnet/templates/pv-secrets-store-csi-pv.yaml index ffbc5153..0dab4e4b 100644 --- a/dotnet/templates/pv-secrets-store-csi-pv.yaml +++ b/dotnet/templates/pv-secrets-store-csi-pv.yaml @@ -1,32 +1,3 @@ {{- if .Values.csi -}} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ .Values.csi.name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "dotnet.metaLabels" . | nindent 4 }} -spec: - capacity: - storage: {{ .Values.csi.storage | default "10Mi" | quote }} - accessModes: - - ReadOnlyMany - persistentVolumeReclaimPolicy: Retain - storageClassName: {{ .Values.csi.storageClassName | quote}} - csi: - driver: secrets-store.csi.k8s.com - readOnly: true - volumeHandle: kv - volumeAttributes: - providerName: {{ .Values.csi.providerName | quote}} - usePodIdentity: {{ .Values.csi.usePodIdentity | default "false" | quote }} - keyvaultName: {{ .Values.csi.keyvaultName | quote}} - objects: | - array: -{{ toYaml .Values.csi.array | indent 10 }} - resourceGroup: {{ .Values.csi.resourceGroup | quote}} - subscriptionId: {{ .Values.csi.subscriptionId | quote}} - tenantId: {{ .Values.csi.tenantId | quote}} - nodePublishSecretRef: - name: secrets-store-creds -{{- end -}} \ No newline at end of file +{{- include "libchart.pv-secrets-store-csi-pv.tpl" . }} +{{- end -}} diff --git a/dotnet/templates/pv-secrets-store-csi-pvc.yaml b/dotnet/templates/pv-secrets-store-csi-pvc.yaml index 79a0c90c..7560ad1a 100644 --- a/dotnet/templates/pv-secrets-store-csi-pvc.yaml +++ b/dotnet/templates/pv-secrets-store-csi-pvc.yaml @@ -1,17 +1,3 @@ {{- if .Values.csi -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ .Values.csi.name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "dotnet.metaLabels" . | nindent 4 }} -spec: - accessModes: - - ReadOnlyMany - resources: - requests: - storage: {{ .Values.csi.storage | default "10Mi" | quote }} - volumeName: {{ .Values.csi.name }} - storageClassName: {{ .Values.csi.storageClassName| quote}} -{{- end -}} \ No newline at end of file +{{- include "libchart.pv-secrets-store-csi-pvc.tpl" . }} +{{- end -}} diff --git a/dotnet/templates/service-account.yaml b/dotnet/templates/service-account.yaml new file mode 100644 index 00000000..402b6356 --- /dev/null +++ b/dotnet/templates/service-account.yaml @@ -0,0 +1 @@ +{{- include "libchart.serviceAccount.tpl" . -}} diff --git a/dotnet/templates/service.yaml b/dotnet/templates/service.yaml index bae7281c..5e1be494 100644 --- a/dotnet/templates/service.yaml +++ b/dotnet/templates/service.yaml @@ -1,19 +1 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "dotnet.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "dotnet.metaLabels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort | default "http" }} - protocol: TCP - name: {{ .Values.service.name | default "http" }} - {{ if .Values.service.extraPorts }} - {{ toYaml .Values.service.extraPorts | nindent 4 }} - {{- end }} - selector: - {{- include "dotnet.selectorLabels" . | nindent 4 }} +{{- include "libchart.service.tpl" . -}} diff --git a/dotnet/templates/servicemonitor.yaml b/dotnet/templates/servicemonitor.yaml index 67b76d05..fe21688f 100644 --- a/dotnet/templates/servicemonitor.yaml +++ b/dotnet/templates/servicemonitor.yaml @@ -2,19 +2,17 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ template "dotnet.name" . }} + name: {{ template "libchart.name" . }} namespace: {{ .Release.Namespace }} labels: - {{- include "dotnet.metaLabels" . | nindent 4 }} + {{- include "libchart.labels" . | nindent 4 }} {{- if .Values.metrics.enabled }} prometheus: {{ .Values.metrics.prometheusInstance }} {{- end }} spec: selector: matchLabels: - app.kubernetes.io/name: {{ template "dotnet.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Values.appVersion }} + {{- include "libchart.selectorLabels" . | nindent 6 }} endpoints: {{- if .Values.metrics.endpoints }} {{ toYaml .Values.metrics.endpoints | indent 4 }} diff --git a/dotnet/templates/statefulset.yaml b/dotnet/templates/statefulset.yaml new file mode 100644 index 00000000..cf389c3c --- /dev/null +++ b/dotnet/templates/statefulset.yaml @@ -0,0 +1,3 @@ +{{ if eq .Values.deployKind "statefulset" }} +{{- include "libchart.statefulset.tpl" . -}} +{{- end }} diff --git a/dotnet/templates/traefik-v2-ingress-route.yaml b/dotnet/templates/traefik-v2-ingress-route.yaml new file mode 100644 index 00000000..907b7114 --- /dev/null +++ b/dotnet/templates/traefik-v2-ingress-route.yaml @@ -0,0 +1,19 @@ +{{- if .Values.traefikV2.enabled }} +{{- $name := include "libchart.name" . }} +{{- $labels := include "libchart.labels" . }} +{{ range $i := .Values.traefikV2.ingressRoutes }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: "{{ $name }}-{{ $i.name }}" + {{- if $i.annotations }} + annotations: + {{ toYaml $i.annotations | nindent 4 }} + {{- end }} + labels: + {{- $labels | nindent 4 }} +spec: + {{- toYaml $i.spec | nindent 2 }} +{{- end }} +{{- end }} diff --git a/dotnet/templates/traefik-v2-middleware.yaml b/dotnet/templates/traefik-v2-middleware.yaml new file mode 100644 index 00000000..f3acb18d --- /dev/null +++ b/dotnet/templates/traefik-v2-middleware.yaml @@ -0,0 +1,15 @@ +{{- if .Values.traefikV2.enabled }} +{{- $name := include "jalibchartva.name" . }} +{{- $labels := include "libchart.metaLabels" . }} +{{ range $i := .Values.traefikV2.middlewares }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: "{{ $name }}-{{ $i.name }}" + labels: + {{- $labels | nindent 4 }} +spec: + {{- toYaml $i.spec | nindent 2 }} +{{- end }} +{{- end }} diff --git a/dotnet/values.yaml b/dotnet/values.yaml index eb8e2023..fa8c0641 100644 --- a/dotnet/values.yaml +++ b/dotnet/values.yaml @@ -1,11 +1,11 @@ -# Default values for dotnet. +# Default values for chart. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 name: "" -appEnv: production +# javaOptions: appVersion: v1 image: @@ -15,14 +15,29 @@ image: # - secret1 # - secret2 +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podLabels: {} -podDisruptionBudget: {} - # maxUnavailable: 1 - # minAvailable: 2 securityContext: runAsNonRoot: true + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsUser: 1000 + # fsGroup: 2000 environment: {} secrets: {} @@ -48,6 +63,46 @@ csi: {} # objectType: key # objectVersion: "" +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +podDisruptionBudget: {} + # maxUnavailable: 1 + # minAvailable: 2 + +## Pod affinity +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAntiAffinity: soft +podAntiAffinityTopologyKey: "kubernetes.io/hostname" + +## Custom Affinity settings +## Defining 'affinity' will disable any podAntiAffinity settings. +## If you still need anti-affinity, you must include the configuration here. +affinity: {} + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +extraContainerPorts: [] + liveness: port: 8080 enabled: true @@ -61,6 +116,7 @@ readiness: timeout: 15 periodSeconds: 15 +# Service service: type: ClusterIP port: 80 @@ -68,6 +124,7 @@ service: name: http extraPorts: [] +# Ingress ingress: enabled: false annotations: {} @@ -81,11 +138,16 @@ ingress: # hosts: # - chart-example.local +traefikV2: + enabled: false + annotations: {} + middlewares: [] + ingressRoutes: [] + istio: enabled: false ingress: enabled: false - # gatewayName: appname-gw gateways: [] hosts: - chart-example.local @@ -94,36 +156,6 @@ istio: httpsRedirect: false # secretName: chart-example-tls -extraPorts: [] - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -## Pod affinity -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -podAntiAffinity: soft -podAntiAffinityTopologyKey: "kubernetes.io/hostname" - -## Custom Affinity settings -## Defining 'affinity' will disable any podAntiAffinity settings. -## If you still need anti-affinity, you must include the configuration here. -affinity: {} - -# We need to set targetPort (Where metrics are hosted) so that it can be collected on the outside of the SMESH metrics: enabled: true prometheusInstance: default # Select the default prometheus instance. @@ -143,7 +175,7 @@ cert: hosts: [] issuer: letsencrypt-prod issuerKind: ClusterIssuer - # secretName: dotnet-appname-tls + # secretName: java-appname-tls # duration: 2160h # 90d (Maximum 90d) renewBefore: 360h0m0s # 15d @@ -160,4 +192,7 @@ volumes: [] # - key: ssh-pub-key # path: id_rsa.pub -certmanagerApiVersion: cert-manager.io/v1alpha2 +deployKind: deployment + +autoscaling: + enabled: false diff --git a/golang/Chart.lock b/golang/Chart.lock new file mode 100644 index 00000000..b98034fc --- /dev/null +++ b/golang/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: libchart + repository: file://../libchart + version: 0.1.0 +digest: sha256:e35a15b496d3f45163e2f993af8ab76d90ce6f0f9949d452bcd7461746840e5f +generated: "2021-04-05T19:44:52.693708282+02:00" diff --git a/golang/Chart.yaml b/golang/Chart.yaml index 581d4d9a..a4551d9b 100644 --- a/golang/Chart.yaml +++ b/golang/Chart.yaml @@ -1,4 +1,8 @@ -apiVersion: v1 +apiVersion: v2 description: golan Helm Chart name: golang -version: 12.1.0 +version: 13.0.0 +dependencies: + - name: libchart + version: 0.1.0 + repository: file://../libchart diff --git a/golang/templates/NOTES.txt b/golang/templates/NOTES.txt index f2804444..bbf96a91 100644 --- a/golang/templates/NOTES.txt +++ b/golang/templates/NOTES.txt @@ -4,16 +4,16 @@ http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "golang.fullname" . }}) + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "java.name" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ template "golang.-istio.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "golang.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + You can watch the status of by running 'kubectl get svc -w {{ template "libchart.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "libchart.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "golang.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "libchart.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:80 {{- end }} diff --git a/golang/templates/_helpers.tpl b/golang/templates/_helpers.tpl deleted file mode 100644 index 881931e6..00000000 --- a/golang/templates/_helpers.tpl +++ /dev/null @@ -1,30 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "golang.name" -}} -{{- default .Release.Name .Values.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "golang.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "golang.metaLabels" -}} -app.kubernetes.io/name: {{ template "golang.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/component: {{ default (include "golang.name" .) .Values.appComponent }} -app.kubernetes.io/version: {{ .Values.appVersion }} -app.kubernetes.io/part-of: {{ default (include "golang.name" .) .Values.appPartOf }} -app.kubernetes.io/managed-by: helm -helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -{{- end -}} - -{{- define "golang.selectorLabels" -}} -app.kubernetes.io/name: {{ template "golang.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/version: {{ .Values.appVersion }} -{{- end -}} \ No newline at end of file diff --git a/golang/templates/cm-certificate.yaml b/golang/templates/cm-certificate.yaml index d167b6aa..c714ee04 100644 --- a/golang/templates/cm-certificate.yaml +++ b/golang/templates/cm-certificate.yaml @@ -1,36 +1,3 @@ -{{- $hosts := .Values.cert.hosts -}} - -{{- if and .Values.istio.enabled (.Values.istio.ingress.enabled) }} -{{ $hosts = .Values.istio.ingress.hosts }} -{{- else if .Values.ingress.enabled }} -{{ $hosts = .Values.ingress.hosts }} +{{- if .Values.cert.enabled -}} +{{- include "libchart.cm-certificate.tpl" . }} {{- end }} - -{{- if and .Values.cert.enabled ($hosts) }} - -apiVersion: {{ .Values.certmanagerApiVersion }} -kind: Certificate -metadata: - name: {{ template "golang.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "golang.metaLabels" . | nindent 4 }} - annotations: -{{ toYaml .Values.cert.annotations | indent 4 }} -spec: -{{- if .Values.cert.secretName }} - secretName: {{ .Values.cert.secretName }} -{{- else }} - secretName: {{ template "golang.name" . }} -{{- end }} -{{- if .Values.cert.duration }} - duration: {{ .Values.cert.duration }} -{{- end }} - renewBefore: {{ .Values.cert.renewBefore }} - commonName: {{ index $hosts 0 }} - dnsNames: -{{ $hosts | toYaml | indent 4 }} - issuerRef: - name: {{ .Values.cert.issuer | default "letsencrypt-prod" }} - kind: {{ .Values.cert.issuerKind | default "ClusterIssuer" }} -{{- end }} \ No newline at end of file diff --git a/golang/templates/deployment.yaml b/golang/templates/deployment.yaml index 85d453db..942aa8a5 100644 --- a/golang/templates/deployment.yaml +++ b/golang/templates/deployment.yaml @@ -1,131 +1,3 @@ -{{- if .Capabilities.APIVersions.Has "apps/v1" }} -apiVersion: apps/v1 -{{ else }} -apiVersion: apps/v1beta1 +{{ if eq .Values.deployKind "deployment" }} +{{- include "libchart.deployment.tpl" . -}} {{- end }} -kind: Deployment -metadata: - name: {{ template "golang.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "golang.metaLabels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "golang.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "golang.metaLabels" . | nindent 8 }} - {{- if .Values.podLabels }} - {{ toYaml .Values.podLabels | nindent 8 }} - {{- end -}} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range $pullSecret := .Values.image.pullSecrets }} - - name: {{ $pullSecret }} - {{- end }} -{{- end }} - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: Always - {{- if or (.Values.volumeMounts) (.Values.csi) }} - volumeMounts: - {{- if .Values.volumeMounts }} -{{ toYaml .Values.volumeMounts | indent 12 }} - {{- end }} - {{- if .Values.csi }} - - name: {{ .Values.csi.name }} - mountPath: {{ .Values.csi.mountPath | quote }} - readOnly: true - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.service.targetPort | default 8080 }} - protocol: TCP - {{ if .Values.extraPorts }} - {{ toYaml .Values.extraPorts | nindent 12 }} - {{- end }} -{{- if and (.Values.liveness) (.Values.liveness.enabled) }} - livenessProbe: - httpGet: - path: {{ .Values.liveness.path | default "/" }} - port: {{ .Values.liveness.port | default 8080 }} - initialDelaySeconds: {{ .Values.liveness.delay | default 15 }} - timeoutSeconds: {{ .Values.liveness.timeout | default 15 }} - periodSeconds: {{ .Values.liveness.periodSeconds | default 15 }} -{{- end }} -{{- if and (.Values.readiness) (.Values.readiness.enabled) }} - readinessProbe: - httpGet: - path: {{ .Values.readiness.path | default "/" }} - port: {{ .Values.readiness.port | default 8080 }} - initialDelaySeconds: {{ .Values.readiness.delay | default 15 }} - timeoutSeconds: {{ .Values.readiness.timeout | default 15 }} - periodSeconds: {{ .Values.readiness.periodSeconds | default 15 }} -{{- end }} - env: - - name: APP_ENV - value: {{ .Values.appEnv }} - {{- if .Values.secrets }} -{{ toYaml .Values.secrets | indent 10 }} - {{- end }} - {{- if .Values.environment }} -{{ toYaml .Values.environment | indent 10 }} - {{- end }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - - {{- if or .Values.affinity .Values.podAntiAffinity }} - affinity: - {{- with .Values.affinity }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if eq .Values.podAntiAffinity "hard" }} - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: "{{ .Values.podAntiAffinityTopologyKey }}" - labelSelector: - matchLabels: - {{- include "golang.selectorLabels" . | nindent 18 }} - {{- else if eq .Values.podAntiAffinity "soft" }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: "{{ .Values.podAntiAffinityTopologyKey }}" - labelSelector: - matchLabels: - {{- include "golang.selectorLabels" . | nindent 20 }} - {{- end }} - {{- end }} - - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if or (.Values.volumes) (.Values.csi) }} - volumes: - {{- if .Values.volumes }} -{{ toYaml .Values.volumes | indent 8 }} - {{- end }} - {{- if .Values.csi }} - - name: {{ .Values.csi.name }} - persistentVolumeClaim: - claimName: {{ .Values.csi.name }} - {{ end }} - {{ end }} diff --git a/golang/templates/hpa.yaml b/golang/templates/hpa.yaml new file mode 100644 index 00000000..1a9351cf --- /dev/null +++ b/golang/templates/hpa.yaml @@ -0,0 +1,3 @@ +{{- if .Values.autoscaling.enabled }} +{{- include "libchart.hpa.tpl" . }} +{{- end }} diff --git a/golang/templates/ingress.yaml b/golang/templates/ingress.yaml index 3c00448c..25c77bfb 100644 --- a/golang/templates/ingress.yaml +++ b/golang/templates/ingress.yaml @@ -1,40 +1,3 @@ {{- if .Values.ingress.enabled -}} -{{- $name := include "golang.name" . -}} -{{- $ingressPath := .Values.ingress.path -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "golang.metaLabels" . | nindent 4 }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $ingressPath }} - backend: - serviceName: {{ $name }} - servicePort: http - {{- end }} +{{- include "libchart.ingress.tpl" . -}} {{- end }} diff --git a/golang/templates/pod-disruption-budget.yaml b/golang/templates/pod-disruption-budget.yaml index 05771d85..c00e2856 100644 --- a/golang/templates/pod-disruption-budget.yaml +++ b/golang/templates/pod-disruption-budget.yaml @@ -1,14 +1,3 @@ {{- if .Values.podDisruptionBudget -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "golang.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "golang.metaLabels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "golang.selectorLabels" . | nindent 6 }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end -}} \ No newline at end of file +{{- include "libchart.pdb.tpl" . -}} +{{- end }} diff --git a/golang/templates/pv-secrets-store-csi-pv.yaml b/golang/templates/pv-secrets-store-csi-pv.yaml index 183701e3..0dab4e4b 100644 --- a/golang/templates/pv-secrets-store-csi-pv.yaml +++ b/golang/templates/pv-secrets-store-csi-pv.yaml @@ -1,32 +1,3 @@ {{- if .Values.csi -}} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ .Values.csi.name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "golang.metaLabels" . | nindent 4 }} -spec: - capacity: - storage: {{ .Values.csi.storage | default "10Mi" | quote }} - accessModes: - - ReadOnlyMany - persistentVolumeReclaimPolicy: Retain - storageClassName: {{ .Values.csi.storageClassName | quote}} - csi: - driver: secrets-store.csi.k8s.com - readOnly: true - volumeHandle: kv - volumeAttributes: - providerName: {{ .Values.csi.providerName | quote}} - usePodIdentity: {{ .Values.csi.usePodIdentity | default "false" | quote }} - keyvaultName: {{ .Values.csi.keyvaultName | quote}} - objects: | - array: -{{ toYaml .Values.csi.array | indent 10 }} - resourceGroup: {{ .Values.csi.resourceGroup | quote}} - subscriptionId: {{ .Values.csi.subscriptionId | quote}} - tenantId: {{ .Values.csi.tenantId | quote}} - nodePublishSecretRef: - name: secrets-store-creds -{{- end -}} \ No newline at end of file +{{- include "libchart.pv-secrets-store-csi-pv.tpl" . }} +{{- end -}} diff --git a/golang/templates/pv-secrets-store-csi-pvc.yaml b/golang/templates/pv-secrets-store-csi-pvc.yaml index a41bb7fb..7560ad1a 100644 --- a/golang/templates/pv-secrets-store-csi-pvc.yaml +++ b/golang/templates/pv-secrets-store-csi-pvc.yaml @@ -1,17 +1,3 @@ {{- if .Values.csi -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ .Values.csi.name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "golang.metaLabels" . | nindent 4 }} -spec: - accessModes: - - ReadOnlyMany - resources: - requests: - storage: {{ .Values.csi.storage | default "10Mi" | quote }} - volumeName: {{ .Values.csi.name }} - storageClassName: {{ .Values.csi.storageClassName| quote}} -{{- end -}} \ No newline at end of file +{{- include "libchart.pv-secrets-store-csi-pvc.tpl" . }} +{{- end -}} diff --git a/golang/templates/service-account.yaml b/golang/templates/service-account.yaml new file mode 100644 index 00000000..402b6356 --- /dev/null +++ b/golang/templates/service-account.yaml @@ -0,0 +1 @@ +{{- include "libchart.serviceAccount.tpl" . -}} diff --git a/golang/templates/service.yaml b/golang/templates/service.yaml index e3f6b871..5e1be494 100644 --- a/golang/templates/service.yaml +++ b/golang/templates/service.yaml @@ -1,19 +1 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "golang.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "golang.metaLabels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort | default "http" }} - protocol: TCP - name: {{ .Values.service.name | default "http" }} - {{ if .Values.service.extraPorts }} - {{ toYaml .Values.service.extraPorts | nindent 4 }} - {{- end }} - selector: - {{- include "golang.selectorLabels" . | nindent 4 }} \ No newline at end of file +{{- include "libchart.service.tpl" . -}} diff --git a/golang/templates/servicemonitor.yaml b/golang/templates/servicemonitor.yaml index 5b6af357..fe21688f 100644 --- a/golang/templates/servicemonitor.yaml +++ b/golang/templates/servicemonitor.yaml @@ -2,17 +2,17 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ template "golang.name" . }} + name: {{ template "libchart.name" . }} namespace: {{ .Release.Namespace }} labels: - {{- include "golang.metaLabels" . | nindent 4 }} + {{- include "libchart.labels" . | nindent 4 }} {{- if .Values.metrics.enabled }} prometheus: {{ .Values.metrics.prometheusInstance }} {{- end }} spec: selector: matchLabels: - {{- include "golang.selectorLabels" . | nindent 6 }} + {{- include "libchart.selectorLabels" . | nindent 6 }} endpoints: {{- if .Values.metrics.endpoints }} {{ toYaml .Values.metrics.endpoints | indent 4 }} diff --git a/golang/templates/statefulset.yaml b/golang/templates/statefulset.yaml new file mode 100644 index 00000000..cf389c3c --- /dev/null +++ b/golang/templates/statefulset.yaml @@ -0,0 +1,3 @@ +{{ if eq .Values.deployKind "statefulset" }} +{{- include "libchart.statefulset.tpl" . -}} +{{- end }} diff --git a/golang/templates/traefik-v2-ingress-route.yaml b/golang/templates/traefik-v2-ingress-route.yaml new file mode 100644 index 00000000..907b7114 --- /dev/null +++ b/golang/templates/traefik-v2-ingress-route.yaml @@ -0,0 +1,19 @@ +{{- if .Values.traefikV2.enabled }} +{{- $name := include "libchart.name" . }} +{{- $labels := include "libchart.labels" . }} +{{ range $i := .Values.traefikV2.ingressRoutes }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: "{{ $name }}-{{ $i.name }}" + {{- if $i.annotations }} + annotations: + {{ toYaml $i.annotations | nindent 4 }} + {{- end }} + labels: + {{- $labels | nindent 4 }} +spec: + {{- toYaml $i.spec | nindent 2 }} +{{- end }} +{{- end }} diff --git a/golang/templates/traefik-v2-middleware.yaml b/golang/templates/traefik-v2-middleware.yaml new file mode 100644 index 00000000..f3acb18d --- /dev/null +++ b/golang/templates/traefik-v2-middleware.yaml @@ -0,0 +1,15 @@ +{{- if .Values.traefikV2.enabled }} +{{- $name := include "jalibchartva.name" . }} +{{- $labels := include "libchart.metaLabels" . }} +{{ range $i := .Values.traefikV2.middlewares }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: "{{ $name }}-{{ $i.name }}" + labels: + {{- $labels | nindent 4 }} +spec: + {{- toYaml $i.spec | nindent 2 }} +{{- end }} +{{- end }} diff --git a/golang/values.yaml b/golang/values.yaml index 890cd3a1..fa8c0641 100644 --- a/golang/values.yaml +++ b/golang/values.yaml @@ -1,11 +1,11 @@ -# Default values for golang-istio. +# Default values for chart. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 name: "" -appEnv: production +# javaOptions: appVersion: v1 image: @@ -15,14 +15,29 @@ image: # - secret1 # - secret2 +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podLabels: {} -podDisruptionBudget: {} - # maxUnavailable: 1 - # minAvailable: 2 securityContext: runAsNonRoot: true + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsUser: 1000 + # fsGroup: 2000 environment: {} secrets: {} @@ -48,6 +63,46 @@ csi: {} # objectType: key # objectVersion: "" +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +podDisruptionBudget: {} + # maxUnavailable: 1 + # minAvailable: 2 + +## Pod affinity +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAntiAffinity: soft +podAntiAffinityTopologyKey: "kubernetes.io/hostname" + +## Custom Affinity settings +## Defining 'affinity' will disable any podAntiAffinity settings. +## If you still need anti-affinity, you must include the configuration here. +affinity: {} + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +extraContainerPorts: [] + liveness: port: 8080 enabled: true @@ -61,6 +116,7 @@ readiness: timeout: 15 periodSeconds: 15 +# Service service: type: ClusterIP port: 80 @@ -68,6 +124,7 @@ service: name: http extraPorts: [] +# Ingress ingress: enabled: false annotations: {} @@ -81,11 +138,16 @@ ingress: # hosts: # - chart-example.local +traefikV2: + enabled: false + annotations: {} + middlewares: [] + ingressRoutes: [] + istio: enabled: false ingress: enabled: false - # gatewayName: appname-gw gateways: [] hosts: - chart-example.local @@ -94,36 +156,6 @@ istio: httpsRedirect: false # secretName: chart-example-tls -extraPorts: [] - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -## Pod affinity -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -podAntiAffinity: soft -podAntiAffinityTopologyKey: "kubernetes.io/hostname" - -## Custom Affinity settings -## Defining 'affinity' will disable any podAntiAffinity settings. -## If you still need anti-affinity, you must include the configuration here. -affinity: {} - -# We need to set targetPort (Where metrics are hosted) so that it can be collected on the outside of the SMESH metrics: enabled: true prometheusInstance: default # Select the default prometheus instance. @@ -132,8 +164,8 @@ metrics: prometheusIstioMtlsEnabled: true # endpoints: - # - targetPort: 8080 - # path: /metrics + # - targetPort: 8080 + # path: /metrics alertRules: [] @@ -143,7 +175,7 @@ cert: hosts: [] issuer: letsencrypt-prod issuerKind: ClusterIssuer - # secretName: golang-appname-tls + # secretName: java-appname-tls # duration: 2160h # 90d (Maximum 90d) renewBefore: 360h0m0s # 15d @@ -160,4 +192,7 @@ volumes: [] # - key: ssh-pub-key # path: id_rsa.pub -certmanagerApiVersion: cert-manager.io/v1alpha2 +deployKind: deployment + +autoscaling: + enabled: false diff --git a/helm-package.sh b/helm-package.sh index 779d68b0..92d733ec 100755 --- a/helm-package.sh +++ b/helm-package.sh @@ -9,6 +9,6 @@ PUBLISH_DIR=$1 for chart in */Chart.yaml; do chart=$(dirname $chart) - helm package $chart -d ${PUBLISH_DIR} + helm package $chart -u -d ${PUBLISH_DIR} done diff --git a/helm-test.sh b/helm-test.sh index 906d61d3..11498594 100755 --- a/helm-test.sh +++ b/helm-test.sh @@ -4,9 +4,12 @@ set -u set -e set -o pipefail +rm -rf data temp + for chart in */Chart.yaml; do chart=$(dirname $chart) + helm dep update $chart helm lint $chart [ ! -z "$(echo $chart | egrep '(dotnet|golang|java|nodejs|web)')" ] && { [ -d data ] && rm -rf data diff --git a/java/Chart.yaml b/java/Chart.yaml index 99dc7454..d9649ade 100644 --- a/java/Chart.yaml +++ b/java/Chart.yaml @@ -1,4 +1,8 @@ -apiVersion: v1 +apiVersion: v2 description: Java Helm Chart name: java -version: 5.2.0 +version: 6.0.0 +dependencies: + - name: libchart + version: 0.1.0 + repository: file://../libchart diff --git a/java/templates/NOTES.txt b/java/templates/NOTES.txt index 450617e6..bbf96a91 100644 --- a/java/templates/NOTES.txt +++ b/java/templates/NOTES.txt @@ -9,11 +9,11 @@ echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ template "java.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "java.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + You can watch the status of by running 'kubectl get svc -w {{ template "libchart.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "libchart.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "java.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "libchart.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:80 {{- end }} diff --git a/java/templates/_helpers.tpl b/java/templates/_helpers.tpl deleted file mode 100644 index fbe5c61a..00000000 --- a/java/templates/_helpers.tpl +++ /dev/null @@ -1,30 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "java.name" -}} -{{- default .Release.Name .Values.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "java.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "java.metaLabels" -}} -app.kubernetes.io/name: {{ template "java.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/component: {{ default (include "java.name" .) .Values.appComponent }} -app.kubernetes.io/version: {{ .Values.appVersion }} -app.kubernetes.io/part-of: {{ default (include "java.name" .) .Values.appPartOf }} -app.kubernetes.io/managed-by: helm -helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -{{- end -}} - -{{- define "java.selectorLabels" -}} -app.kubernetes.io/name: {{ template "java.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/version: {{ .Values.appVersion }} -{{- end -}} \ No newline at end of file diff --git a/java/templates/alert-rules.yaml b/java/templates/alert-rules.yaml index f72ca334..f82d62c7 100644 --- a/java/templates/alert-rules.yaml +++ b/java/templates/alert-rules.yaml @@ -2,10 +2,10 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: - name: {{ template "java.name" . }} + name: {{ template "libchart.name" . }} namespace: {{ .Release.Namespace }} labels: - {{- include "java.metaLabels" . | nindent 4 }} + {{- include "libchart.labels" . | nindent 4 }} alertmanager: {{ .Values.alertManager | default "default" }} spec: groups: diff --git a/java/templates/cm-certificate.yaml b/java/templates/cm-certificate.yaml index b9a0307e..c714ee04 100644 --- a/java/templates/cm-certificate.yaml +++ b/java/templates/cm-certificate.yaml @@ -1,36 +1,3 @@ -{{- $hosts := .Values.cert.hosts -}} - -{{- if and .Values.istio.enabled (.Values.istio.ingress.enabled) }} -{{ $hosts = .Values.istio.ingress.hosts }} -{{- else if .Values.ingress.enabled }} -{{ $hosts = .Values.ingress.hosts }} +{{- if .Values.cert.enabled -}} +{{- include "libchart.cm-certificate.tpl" . }} {{- end }} - -{{- if and .Values.cert.enabled ($hosts) }} - -apiVersion: {{ .Values.certmanagerApiVersion }} -kind: Certificate -metadata: - name: {{ template "java.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "java.metaLabels" . | nindent 4 }} - annotations: -{{ toYaml .Values.cert.annotations | indent 4 }} -spec: -{{- if .Values.cert.secretName }} - secretName: {{ .Values.cert.secretName }} -{{- else }} - secretName: {{ template "java.name" . }} -{{- end }} -{{- if .Values.cert.duration }} - duration: {{ .Values.cert.duration }} -{{- end }} - renewBefore: {{ .Values.cert.renewBefore }} - commonName: {{ index $hosts 0 }} - dnsNames: -{{ $hosts | toYaml | indent 4 }} - issuerRef: - name: {{ .Values.cert.issuer | default "letsencrypt-prod" }} - kind: {{ .Values.cert.issuerKind | default "ClusterIssuer" }} -{{- end }} \ No newline at end of file diff --git a/java/templates/deployment.yaml b/java/templates/deployment.yaml index 367ba537..942aa8a5 100644 --- a/java/templates/deployment.yaml +++ b/java/templates/deployment.yaml @@ -1,136 +1,3 @@ {{ if eq .Values.deployKind "deployment" }} - -{{- if .Capabilities.APIVersions.Has "apps/v1" }} -apiVersion: apps/v1 -{{ else }} -apiVersion: apps/v1beta1 -{{- end }} -kind: Deployment -metadata: - name: {{ template "java.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "java.metaLabels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "java.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "java.metaLabels" . | nindent 8 }} - {{- if .Values.podLabels }} - {{ toYaml .Values.podLabels | nindent 8 }} - {{- end -}} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range $pullSecret := .Values.image.pullSecrets }} - - name: {{ $pullSecret }} - {{- end }} -{{- end }} - serviceAccountName: {{ .Values.serviceAccountName }} - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: Always - {{- if or (.Values.volumeMounts) (.Values.csi) }} - volumeMounts: - {{- if .Values.volumeMounts }} -{{ toYaml .Values.volumeMounts | indent 12 }} - {{- end }} - {{- if .Values.csi }} - - name: {{ .Values.csi.name }} - mountPath: {{ .Values.csi.mountPath | quote }} - readOnly: true - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.service.targetPort | default 8080 }} - protocol: TCP - {{ if .Values.extraPorts }} - {{ toYaml .Values.extraPorts | nindent 12 }} - {{- end }} -{{- if and (.Values.liveness) (.Values.liveness.enabled) }} - livenessProbe: - httpGet: - path: {{ .Values.liveness.path | default "/" }} - port: {{ .Values.liveness.port | default 8080 }} - initialDelaySeconds: {{ .Values.liveness.delay | default 15 }} - timeoutSeconds: {{ .Values.liveness.timeout | default 15 }} - periodSeconds: {{ .Values.liveness.periodSeconds | default 15 }} -{{- end }} -{{- if and (.Values.readiness) (.Values.readiness.enabled) }} - readinessProbe: - httpGet: - path: {{ .Values.readiness.path | default "/" }} - port: {{ .Values.readiness.port | default 8080 }} - initialDelaySeconds: {{ .Values.readiness.delay | default 15 }} - timeoutSeconds: {{ .Values.readiness.timeout | default 15 }} - periodSeconds: {{ .Values.readiness.periodSeconds | default 15 }} -{{- end }} - env: -{{- if .Values.javaOptions }} - - name: JAVA_OPTIONS - value: {{ .Values.javaOptions }} -{{- end}} - {{- if .Values.secrets }} -{{ toYaml .Values.secrets | indent 10 }} - {{- end }} - {{- if .Values.environment }} -{{ toYaml .Values.environment | indent 10 }} - {{- end }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if or .Values.affinity .Values.podAntiAffinity }} - affinity: - {{- with .Values.affinity }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if eq .Values.podAntiAffinity "hard" }} - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: "{{ .Values.podAntiAffinityTopologyKey }}" - labelSelector: - matchLabels: - {{- include "java.selectorLabels" . | nindent 18 }} - {{- else if eq .Values.podAntiAffinity "soft" }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: "{{ .Values.podAntiAffinityTopologyKey }}" - labelSelector: - matchLabels: - {{- include "java.selectorLabels" . | nindent 20 }} - {{- end }} - {{- end }} - - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if or (.Values.volumes) (.Values.csi) }} - volumes: - {{- if .Values.volumes }} -{{ toYaml .Values.volumes | indent 8 }} - {{- end }} - {{- if .Values.csi }} - - name: {{ .Values.csi.name }} - persistentVolumeClaim: - claimName: {{ .Values.csi.name }} - {{ end }} - {{ end }} +{{- include "libchart.deployment.tpl" . -}} {{- end }} diff --git a/java/templates/gateway.yaml b/java/templates/gateway.yaml index 2f5856d5..2467c29a 100644 --- a/java/templates/gateway.yaml +++ b/java/templates/gateway.yaml @@ -3,9 +3,9 @@ apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: - name: {{ template "java.name" . }}-gateway + name: {{ template "libchart.name" . }}-gateway labels: - {{- include "java.metaLabels" . | nindent 4 }} + {{- include "libchart.labels" . | nindent 4 }} spec: selector: istio: ingressgateway # use Istio default gateway implementation @@ -36,7 +36,7 @@ spec: {{- if .Values.istio.ingress.tls.secretName }} credentialName: "{{ .Values.istio.ingress.tls.secretName }}" {{- else }} - credentialName: "{{ template "java.name" . }}" + credentialName: "{{ template "libchart.name" . }}" {{- end }} {{- end }} diff --git a/java/templates/hpa.yaml b/java/templates/hpa.yaml new file mode 100644 index 00000000..1a9351cf --- /dev/null +++ b/java/templates/hpa.yaml @@ -0,0 +1,3 @@ +{{- if .Values.autoscaling.enabled }} +{{- include "libchart.hpa.tpl" . }} +{{- end }} diff --git a/java/templates/ingress.yaml b/java/templates/ingress.yaml index 31fc3a09..25c77bfb 100644 --- a/java/templates/ingress.yaml +++ b/java/templates/ingress.yaml @@ -1,39 +1,3 @@ {{- if .Values.ingress.enabled -}} -{{- $name := include "java.name" . -}} -{{- $ingressPath := .Values.ingress.path -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $name }} - labels: - {{- include "java.metaLabels" . | nindent 4 }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $ingressPath }} - backend: - serviceName: {{ $name }} - servicePort: http - {{- end }} +{{- include "libchart.ingress.tpl" . -}} {{- end }} diff --git a/java/templates/istio-egress-serviceentry-http.yaml b/java/templates/istio-egress-serviceentry-http.yaml index 237c728a..eced4a73 100644 --- a/java/templates/istio-egress-serviceentry-http.yaml +++ b/java/templates/istio-egress-serviceentry-http.yaml @@ -1,5 +1,5 @@ -{{- $name := include "java.name" . }} -{{- $labels := include "java.metaLabels" . }} +{{- $name := include "libchart.name" . }} +{{- $labels := include "libchart.labels" . }} {{- $namespace := .Release.Namespace}} {{- if .Values.egress }} @@ -26,4 +26,4 @@ spec: location: MESH_EXTERNAL {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/java/templates/istio-egress-serviceentry-https.yaml b/java/templates/istio-egress-serviceentry-https.yaml index d6e8430e..9abedb0f 100644 --- a/java/templates/istio-egress-serviceentry-https.yaml +++ b/java/templates/istio-egress-serviceentry-https.yaml @@ -1,5 +1,5 @@ -{{- $name := include "java.name" . }} -{{- $labels := include "java.metaLabels" . }} +{{- $name := include "libchart.name" . }} +{{- $labels := include "libchart.labels" . }} {{- $namespace := .Release.Namespace}} {{- if .Values.egress }} @@ -26,4 +26,4 @@ spec: location: MESH_EXTERNAL {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/java/templates/istio-egress-serviceentry-tcp.yaml b/java/templates/istio-egress-serviceentry-tcp.yaml index 1aedd9f7..bc5d28ee 100644 --- a/java/templates/istio-egress-serviceentry-tcp.yaml +++ b/java/templates/istio-egress-serviceentry-tcp.yaml @@ -1,8 +1,8 @@ {{- if .Values.egress }} -{{- $name := include "java.name" . }} -{{- $labels := include "java.metaLabels" . }} -{{- $chart := include "java.chart" . }} +{{- $name := include "libchart.name" . }} +{{- $labels := include "libchart.labels" . }} +{{- $chart := include "libchart.chart" . }} {{- $namespace := .Release.Namespace}} {{- $release := .Release }} {{- $values := .Values }} @@ -31,4 +31,4 @@ spec: {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/java/templates/istio-egress-serviceentry.yaml b/java/templates/istio-egress-serviceentry.yaml index da007e9e..038589ca 100644 --- a/java/templates/istio-egress-serviceentry.yaml +++ b/java/templates/istio-egress-serviceentry.yaml @@ -1,6 +1,6 @@ {{- if .Values.egress }} -{{- $name := include "java.name" . }} -{{- $chart := include "java.chart" . }} +{{- $name := include "libchart.name" . }} +{{- $chart := include "libchart.chart" . }} {{- $release := .Release }} {{- $values := .Values }} @@ -11,7 +11,7 @@ kind: ServiceEntry metadata: name: "{{ $name }}-{{ $entry.name }}-http" labels: - {{- include "java.metaLabels" . | nindent 4 }} + {{- include "libchart.labels" . | nindent 4 }} spec: hosts: {{- range $t := $entry.targets }} @@ -34,7 +34,7 @@ kind: ServiceEntry metadata: name: "{{ $name }}-{{ $entry.name }}-https" labels: - {{- include "java.metaLabels" . | nindent 4 }} + {{- include "libchart.metaLabels" . | nindent 4 }} spec: hosts: {{- range $t := $entry.targets }} @@ -50,4 +50,4 @@ spec: {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/java/templates/istio-egress-virtualservice-http.yaml b/java/templates/istio-egress-virtualservice-http.yaml index ba178968..ecaa01c2 100644 --- a/java/templates/istio-egress-virtualservice-http.yaml +++ b/java/templates/istio-egress-virtualservice-http.yaml @@ -1,5 +1,5 @@ -{{- $name := include "java.name" . }} -{{- $labels := include "java.metaLabels" . }} +{{- $name := include "libchart.name" . }} +{{- $labels := include "libchart.labels" . }} {{- $namespace := .Release.Namespace}} {{- if .Values.egress }} @@ -28,4 +28,4 @@ spec: weight: 100 {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/java/templates/istio-egress-virtualservice-https.yaml b/java/templates/istio-egress-virtualservice-https.yaml index 61e6f670..0f7ae891 100644 --- a/java/templates/istio-egress-virtualservice-https.yaml +++ b/java/templates/istio-egress-virtualservice-https.yaml @@ -1,5 +1,5 @@ -{{- $name := include "java.name" . }} -{{- $labels := include "java.metaLabels" . }} +{{- $name := include "libchart.name" . }} +{{- $labels := include "libchart.labels" . }} {{- $namespace := .Release.Namespace}} {{- if .Values.egress }} @@ -33,4 +33,4 @@ spec: weight: 100 {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/java/templates/istio-mtls.yaml b/java/templates/istio-mtls.yaml index ea2081a0..ca414e42 100644 --- a/java/templates/istio-mtls.yaml +++ b/java/templates/istio-mtls.yaml @@ -5,10 +5,10 @@ metadata: name: {{ .Release.Name}}-mtls namespace: {{ .Release.Namespace }} labels: - {{- include "java.metaLabels" . | nindent 4 }} + {{- include "libchart.labels" . | nindent 4 }} spec: - host: {{ template "java.name" . }} + host: {{ template "libchart.name" . }} trafficPolicy: tls: mode: ISTIO_MUTUAL -{{- end }} \ No newline at end of file +{{- end }} diff --git a/java/templates/istio-serviceentry.yaml b/java/templates/istio-serviceentry.yaml index a67554f1..8434d352 100644 --- a/java/templates/istio-serviceentry.yaml +++ b/java/templates/istio-serviceentry.yaml @@ -1,8 +1,8 @@ {{- if .Values.istio.serviceentry }} -{{- $name := include "java.name" . }} -{{- $labels := include "java.metaLabels" . }} -{{- $chart := include "java.chart" . }} +{{- $name := include "libchart.name" . }} +{{- $labels := include "libchart.labels" . }} +{{- $chart := include "libchart.chart" . }} {{- $namespace := .Release.Namespace}} {{- $release := .Release }} {{- $values := .Values }} @@ -20,4 +20,4 @@ spec: {{- toYaml $serviceentry.spec | nindent 2 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/java/templates/istio-virtualservice.yaml b/java/templates/istio-virtualservice.yaml index e3b949c3..df95ce06 100644 --- a/java/templates/istio-virtualservice.yaml +++ b/java/templates/istio-virtualservice.yaml @@ -1,8 +1,8 @@ {{- if .Values.istio.virtualservice }} -{{- $name := include "java.name" . }} -{{- $labels := include "java.metaLabels" . }} -{{- $chart := include "java.chart" . }} +{{- $name := include "libchart.name" . }} +{{- $labels := include "libchart.labels" . }} +{{- $chart := include "libchart.chart" . }} {{- $namespace := .Release.Namespace}} {{- $release := .Release }} {{- $values := .Values }} @@ -20,4 +20,4 @@ spec: {{- toYaml $virtualservice.spec | nindent 2 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/java/templates/pod-disruption-budget.yaml b/java/templates/pod-disruption-budget.yaml index df7c54c4..c00e2856 100644 --- a/java/templates/pod-disruption-budget.yaml +++ b/java/templates/pod-disruption-budget.yaml @@ -1,14 +1,3 @@ {{- if .Values.podDisruptionBudget -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "java.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "java.metaLabels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "java.selectorLabels" . | nindent 6 }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end -}} \ No newline at end of file +{{- include "libchart.pdb.tpl" . -}} +{{- end }} diff --git a/java/templates/pv-secrets-store-csi-pv.yaml b/java/templates/pv-secrets-store-csi-pv.yaml index 497316da..0dab4e4b 100644 --- a/java/templates/pv-secrets-store-csi-pv.yaml +++ b/java/templates/pv-secrets-store-csi-pv.yaml @@ -1,32 +1,3 @@ {{- if .Values.csi -}} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ .Values.csi.name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "java.metaLabels" . | nindent 4 }} -spec: - capacity: - storage: {{ .Values.csi.storage | default "10Mi" | quote }} - accessModes: - - ReadOnlyMany - persistentVolumeReclaimPolicy: Retain - storageClassName: {{ .Values.csi.storageClassName | quote}} - csi: - driver: secrets-store.csi.k8s.com - readOnly: true - volumeHandle: kv - volumeAttributes: - providerName: {{ .Values.csi.providerName | quote}} - usePodIdentity: {{ .Values.csi.usePodIdentity | default "false" | quote }} - keyvaultName: {{ .Values.csi.keyvaultName | quote}} - objects: | - array: -{{ toYaml .Values.csi.array | indent 10 }} - resourceGroup: {{ .Values.csi.resourceGroup | quote}} - subscriptionId: {{ .Values.csi.subscriptionId | quote}} - tenantId: {{ .Values.csi.tenantId | quote}} - nodePublishSecretRef: - name: secrets-store-creds -{{- end -}} \ No newline at end of file +{{- include "libchart.pv-secrets-store-csi-pv.tpl" . }} +{{- end -}} diff --git a/java/templates/pv-secrets-store-csi-pvc.yaml b/java/templates/pv-secrets-store-csi-pvc.yaml index f35f2eb6..7560ad1a 100644 --- a/java/templates/pv-secrets-store-csi-pvc.yaml +++ b/java/templates/pv-secrets-store-csi-pvc.yaml @@ -1,17 +1,3 @@ {{- if .Values.csi -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ .Values.csi.name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "java.metaLabels" . | nindent 4 }} -spec: - accessModes: - - ReadOnlyMany - resources: - requests: - storage: {{ .Values.csi.storage | default "10Mi" | quote }} - volumeName: {{ .Values.csi.name }} - storageClassName: {{ .Values.csi.storageClassName| quote}} -{{- end -}} \ No newline at end of file +{{- include "libchart.pv-secrets-store-csi-pvc.tpl" . }} +{{- end -}} diff --git a/java/templates/service-account.yaml b/java/templates/service-account.yaml new file mode 100644 index 00000000..402b6356 --- /dev/null +++ b/java/templates/service-account.yaml @@ -0,0 +1 @@ +{{- include "libchart.serviceAccount.tpl" . -}} diff --git a/java/templates/service.yaml b/java/templates/service.yaml index 6117a7a4..5e1be494 100644 --- a/java/templates/service.yaml +++ b/java/templates/service.yaml @@ -1,19 +1 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "java.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "java.metaLabels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort | default "http" }} - protocol: TCP - name: {{ .Values.service.name | default "http" }} - {{ if .Values.service.extraPorts }} - {{ toYaml .Values.service.extraPorts | nindent 4 }} - {{- end }} - selector: - {{- include "java.selectorLabels" . | nindent 4 }} \ No newline at end of file +{{- include "libchart.service.tpl" . -}} diff --git a/java/templates/servicemonitor.yaml b/java/templates/servicemonitor.yaml index f8573642..fe21688f 100644 --- a/java/templates/servicemonitor.yaml +++ b/java/templates/servicemonitor.yaml @@ -2,17 +2,17 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ template "java.name" . }} + name: {{ template "libchart.name" . }} namespace: {{ .Release.Namespace }} labels: - {{- include "java.metaLabels" . | nindent 4 }} + {{- include "libchart.labels" . | nindent 4 }} {{- if .Values.metrics.enabled }} prometheus: {{ .Values.metrics.prometheusInstance }} {{- end }} spec: selector: matchLabels: - {{- include "java.selectorLabels" . | nindent 6 }} + {{- include "libchart.selectorLabels" . | nindent 6 }} endpoints: {{- if .Values.metrics.endpoints }} {{ toYaml .Values.metrics.endpoints | indent 4 }} diff --git a/java/templates/statefulset.yaml b/java/templates/statefulset.yaml index db3e2978..cf389c3c 100644 --- a/java/templates/statefulset.yaml +++ b/java/templates/statefulset.yaml @@ -1,112 +1,3 @@ -{{- if eq .Values.deployKind "statefulset" }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "java.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "java.metaLabels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - serviceName: {{ template "java.name" . }} - selector: - matchLabels: - {{- include "java.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "java.metaLabels" . | nindent 8 }} - {{- if .Values.podLabels }} - {{ toYaml .Values.podLabels | nindent 8 }} - {{- end -}} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range $pullSecret := .Values.image.pullSecrets }} - - name: {{ $pullSecret }} - {{- end }} -{{- end }} - serviceAccountName: {{ .Values.serviceAccountName }} - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: Always - {{- if or (.Values.volumeMounts) (.Values.csi) }} - volumeMounts: - {{- if .Values.volumeMounts }} -{{ toYaml .Values.volumeMounts | indent 12 }} - {{- end }} - {{- if .Values.csi }} - - name: {{ .Values.csi.name }} - mountPath: {{ .Values.csi.mountPath | quote }} - readOnly: true - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.service.targetPort | default 8080 }} - protocol: TCP - {{ if .Values.extraPorts }} - {{ toYaml .Values.extraPorts | nindent 12 }} - {{- end }} -{{- if and (.Values.liveness) (.Values.liveness.enabled) }} - livenessProbe: - httpGet: - path: {{ .Values.liveness.path | default "/" }} - port: {{ .Values.liveness.port | default 8080 }} - initialDelaySeconds: {{ .Values.liveness.delay | default 15 }} - timeoutSeconds: {{ .Values.liveness.timeout | default 15 }} - periodSeconds: {{ .Values.liveness.periodSeconds | default 15 }} -{{- end }} -{{- if and (.Values.readiness) (.Values.readiness.enabled) }} - readinessProbe: - httpGet: - path: {{ .Values.readiness.path | default "/" }} - port: {{ .Values.readiness.port | default 8080 }} - initialDelaySeconds: {{ .Values.readiness.delay | default 15 }} - timeoutSeconds: {{ .Values.readiness.timeout | default 15 }} - periodSeconds: {{ .Values.readiness.periodSeconds | default 15 }} -{{- end }} - env: -{{- if .Values.javaOptions }} - - name: JAVA_OPTIONS - value: {{ .Values.javaOptions }} -{{- end}} - {{- if .Values.secrets }} -{{ toYaml .Values.secrets | indent 10 }} - {{- end }} - {{- if .Values.environment }} -{{ toYaml .Values.environment | indent 10 }} - {{- end }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if or (.Values.volumes) (.Values.csi) }} - volumes: - {{- if .Values.volumes }} -{{ toYaml .Values.volumes | indent 8 }} - {{- end }} - {{- if .Values.csi }} - - name: {{ .Values.csi.name }} - persistentVolumeClaim: - claimName: {{ .Values.csi.name }} - {{ end }} - {{ end }} +{{ if eq .Values.deployKind "statefulset" }} +{{- include "libchart.statefulset.tpl" . -}} {{- end }} diff --git a/java/templates/traefik-v2-ingress-route.yaml b/java/templates/traefik-v2-ingress-route.yaml index 9e852dc3..907b7114 100644 --- a/java/templates/traefik-v2-ingress-route.yaml +++ b/java/templates/traefik-v2-ingress-route.yaml @@ -1,6 +1,6 @@ {{- if .Values.traefikV2.enabled }} -{{- $name := include "java.name" . }} -{{- $labels := include "java.metaLabels" . }} +{{- $name := include "libchart.name" . }} +{{- $labels := include "libchart.labels" . }} {{ range $i := .Values.traefikV2.ingressRoutes }} --- apiVersion: traefik.containo.us/v1alpha1 diff --git a/java/templates/traefik-v2-middleware.yaml b/java/templates/traefik-v2-middleware.yaml index 0ea9bed4..f3acb18d 100644 --- a/java/templates/traefik-v2-middleware.yaml +++ b/java/templates/traefik-v2-middleware.yaml @@ -1,6 +1,6 @@ {{- if .Values.traefikV2.enabled }} -{{- $name := include "java.name" . }} -{{- $labels := include "java.metaLabels" . }} +{{- $name := include "jalibchartva.name" . }} +{{- $labels := include "libchart.metaLabels" . }} {{ range $i := .Values.traefikV2.middlewares }} --- apiVersion: traefik.containo.us/v1alpha1 diff --git a/java/templates/virtualservice.yaml b/java/templates/virtualservice.yaml index a8e5061f..932b3f68 100644 --- a/java/templates/virtualservice.yaml +++ b/java/templates/virtualservice.yaml @@ -2,10 +2,10 @@ apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: - name: {{ template "java.name" . }} + name: {{ template "libchart.name" . }} namespace: {{ .Release.Namespace }} labels: - {{- include "java.metaLabels" . | nindent 4 }} + {{- include "libchart.labels" . | nindent 4 }} spec: hosts: {{- range .Values.istio.ingress.hosts }} @@ -17,7 +17,7 @@ spec: - "{{ . }}" {{- end }} {{- else }} - - "{{ template "java.name" . }}-gateway" + - "{{ template "libchart.name" . }}-gateway" {{- end }} http: - match: @@ -27,6 +27,6 @@ spec: - destination: port: number: {{ .Values.service.port }} # can be omitted if its the only port for reviews - host: "{{ template "java.name" . }}.{{ .Release.Namespace }}.svc.cluster.local" + host: "{{ template "libchart.name" . }}.{{ .Release.Namespace }}.svc.cluster.local" weight: 100 {{- end }} diff --git a/java/values.yaml b/java/values.yaml index dcf0fa11..211fdabd 100644 --- a/java/values.yaml +++ b/java/values.yaml @@ -1,4 +1,4 @@ -# Default values for java. +# Default values for libchart. # This is a YAML-formatted file. # Declare variables to be passed into your templates. @@ -15,16 +15,30 @@ image: # - secret1 # - secret2 +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podLabels: {} -podDisruptionBudget: {} - # maxUnavailable: 1 - # minAvailable: 2 - -serviceAccountName: default + securityContext: runAsNonRoot: true - + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsUser: 1000 + # fsGroup: 2000 + environment: {} secrets: {} @@ -49,6 +63,46 @@ csi: {} # objectType: key # objectVersion: "" +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +podDisruptionBudget: {} + # maxUnavailable: 1 + # minAvailable: 2 + +## Pod affinity +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAntiAffinity: soft +podAntiAffinityTopologyKey: "kubernetes.io/hostname" + +## Custom Affinity settings +## Defining 'affinity' will disable any podAntiAffinity settings. +## If you still need anti-affinity, you must include the configuration here. +affinity: {} + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +extraContainerPorts: [] + liveness: port: 8080 enabled: true @@ -62,6 +116,7 @@ readiness: timeout: 15 periodSeconds: 15 +# Service service: type: ClusterIP port: 80 @@ -69,6 +124,7 @@ service: name: http extraPorts: [] +# Ingress ingress: enabled: false annotations: {} @@ -81,7 +137,7 @@ ingress: # - secretName: chart-example-tls # hosts: # - chart-example.local - + traefikV2: enabled: false annotations: {} @@ -100,36 +156,6 @@ istio: httpsRedirect: false # secretName: chart-example-tls -extraPorts: [] - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -## Pod affinity -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -podAntiAffinity: soft -podAntiAffinityTopologyKey: "kubernetes.io/hostname" - -## Custom Affinity settings -## Defining 'affinity' will disable any podAntiAffinity settings. -## If you still need anti-affinity, you must include the configuration here. -affinity: {} - -# We need to set targetPort (Where metrics are hosted) so that it can be collected on the outside of the SMESH metrics: enabled: true prometheusInstance: default # Select the default prometheus instance. @@ -166,6 +192,7 @@ volumes: [] # - key: ssh-pub-key # path: id_rsa.pub -certmanagerApiVersion: cert-manager.io/v1alpha2 - deployKind: deployment + +autoscaling: + enabled: false diff --git a/libchart/.helmignore b/libchart/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/libchart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/libchart/Chart.yaml b/libchart/Chart.yaml new file mode 100644 index 00000000..58a77644 --- /dev/null +++ b/libchart/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: libchart +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: library + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/libchart/templates/NOTES.txt b/libchart/templates/NOTES.txt new file mode 100644 index 00000000..e4583cb7 --- /dev/null +++ b/libchart/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "libchart.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "libchart.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "libchart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "libchart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/libchart/templates/_cm-certificate.tpl b/libchart/templates/_cm-certificate.tpl new file mode 100644 index 00000000..6b9b8c9f --- /dev/null +++ b/libchart/templates/_cm-certificate.tpl @@ -0,0 +1,38 @@ +{{- define "libchart.cm-certificate.tpl" -}} +{{- $hosts := .Values.cert.hosts -}} + +{{- if and .Values.istio.enabled (.Values.istio.ingress.enabled) }} +{{ $hosts = .Values.istio.ingress.hosts }} +{{- else if .Values.ingress.enabled }} +{{ $hosts = .Values.ingress.hosts }} +{{- end }} + +{{- if and .Values.cert.enabled ($hosts) }} + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "libchart.name" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "libchart.labels" . | nindent 4 }} + annotations: +{{ toYaml .Values.cert.annotations | indent 4 }} +spec: +{{- if .Values.cert.secretName }} + secretName: {{ .Values.cert.secretName }} +{{- else }} + secretName: {{ template "libchart.name" . }} +{{- end }} +{{- if .Values.cert.duration }} + duration: {{ .Values.cert.duration }} +{{- end }} + renewBefore: {{ .Values.cert.renewBefore }} + commonName: {{ index $hosts 0 }} + dnsNames: +{{ $hosts | toYaml | indent 4 }} + issuerRef: + name: {{ .Values.cert.issuer | default "letsencrypt-prod" }} + kind: {{ .Values.cert.issuerKind | default "ClusterIssuer" }} +{{- end }} +{{- end }} diff --git a/libchart/templates/_deployment.tpl b/libchart/templates/_deployment.tpl new file mode 100644 index 00000000..5a46af07 --- /dev/null +++ b/libchart/templates/_deployment.tpl @@ -0,0 +1,28 @@ +{{- define "libchart.deployment.tpl" }} +{{- if eq .Values.deployKind "deployment" }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "libchart.name" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "libchart.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "libchart.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "libchart.labels" . | nindent 8 }} + spec: + {{- include "libchart.pod" . | nindent 6 -}} +{{- end }} +{{- end }} diff --git a/libchart/templates/_helpers.tpl b/libchart/templates/_helpers.tpl new file mode 100644 index 00000000..6847d84a --- /dev/null +++ b/libchart/templates/_helpers.tpl @@ -0,0 +1,69 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "libchart.name" -}} +{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "libchart.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "libchart.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "libchart.versionLabel" }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "libchart.labels" -}} +helm.sh/chart: {{ include "libchart.chart" . }} +{{ include "libchart.selectorLabels" . }} +{{ include "libchart.versionLabel" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: {{ default (include "libchart.name" .) .Values.appPartOf }} +app.kubernetes.io/component: {{ default (include "libchart.name" .) .Values.appComponent }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "libchart.selectorLabels" -}} +{{ include "libchart.versionLabel" . }} +app.kubernetes.io/name: {{ include "libchart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "libchart.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "libchart.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/libchart/templates/_hpa.tpl b/libchart/templates/_hpa.tpl new file mode 100644 index 00000000..41a7bc12 --- /dev/null +++ b/libchart/templates/_hpa.tpl @@ -0,0 +1,28 @@ +{{- define "libchart.hpa.tpl" }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "libchart.name" . }} + labels: + {{- include "libchart.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "libchart.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/libchart/templates/_ingress.tpl b/libchart/templates/_ingress.tpl new file mode 100644 index 00000000..497f1339 --- /dev/null +++ b/libchart/templates/_ingress.tpl @@ -0,0 +1,39 @@ +{{- define "libchart.ingress.tpl" }} +{{- $name := include "libchart.name" . -}} +{{- $ingressPath := .Values.ingress.path -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $name }} + labels: + {{- include "libchart.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $name }} + servicePort: http + {{- end }} +{{- end }} diff --git a/libchart/templates/_pdb.tpl b/libchart/templates/_pdb.tpl new file mode 100644 index 00000000..718c1419 --- /dev/null +++ b/libchart/templates/_pdb.tpl @@ -0,0 +1,16 @@ +{{- define "libchart.pdb.tpl" -}} +{{- if .Values.podDisruptionBudget -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "libchart.name" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "libchart.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "libchart.selectorLabels" . | nindent 6 }} + {{ toYaml .Values.podDisruptionBudget | nindent 2 }} +{{- end -}} +{{- end -}} diff --git a/libchart/templates/_pod.tpl b/libchart/templates/_pod.tpl new file mode 100644 index 00000000..a794cfc4 --- /dev/null +++ b/libchart/templates/_pod.tpl @@ -0,0 +1,115 @@ +{{- define "libchart.pod" -}} +{{- if .Values.image.pullSecrets }} +imagePullSecrets: +{{ range $s := .Values.image.pullSecrets }} + - name: {{ $s }} +{{- end }} +{{- end }} +serviceAccountName: {{ include "libchart.serviceAccountName" . }} +securityContext: + {{- toYaml .Values.securityContext | nindent 2 }} +containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: Always + {{- if .Values.command }} + command: + {{ toYaml .Values.command | nindent 6 }} + {{- end }} + {{- if .Values.args }} + args: + {{ toYaml .Values.args | nindent 6 }} + {{- end }} + {{- if or (.Values.volumeMounts) (.Values.csi) }} + volumeMounts: + {{- if .Values.volumeMounts }} + {{ toYaml .Values.volumeMounts | nindent 6 }} + {{- end }} + {{- if .Values.csi }} + - name: {{ .Values.csi.name }} + mountPath: {{ .Values.csi.mountPath | quote }} + readOnly: true + {{- end }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.service.targetPort | default 8080 }} + protocol: TCP + {{ if .Values.extraContainerPorts }} + {{ toYaml .Values.extraContainerPorts | nindent 6 }} + {{- end }} + {{- if and (.Values.liveness) (.Values.liveness.enabled) }} + livenessProbe: + httpGet: + path: {{ .Values.liveness.path | default "/" }} + port: {{ .Values.liveness.port | default 8080 }} + initialDelaySeconds: {{ .Values.liveness.delay | default 15 }} + timeoutSeconds: {{ .Values.liveness.timeout | default 15 }} + periodSeconds: {{ .Values.liveness.periodSeconds | default 15 }} + {{- end }} + {{- if and (.Values.readiness) (.Values.readiness.enabled) }} + readinessProbe: + httpGet: + path: {{ .Values.readiness.path | default "/" }} + port: {{ .Values.readiness.port | default 8080 }} + initialDelaySeconds: {{ .Values.readiness.delay | default 15 }} + timeoutSeconds: {{ .Values.readiness.timeout | default 15 }} + periodSeconds: {{ .Values.readiness.periodSeconds | default 15 }} + {{- end }} + env: + {{- if .Values.secrets }} + {{ toYaml .Values.secrets | nindent 6 }} + {{- end }} + {{- if .Values.environment }} + {{ toYaml .Values.environment | nindent 6 }} + {{- end }} + resources: + {{ toYaml .Values.resources | nindent 6 }} + +{{- with .Values.nodeSelector }} +nodeSelector: + {{ toYaml . | nindent 4 }} +{{- end }} + +{{- if or .Values.affinity .Values.podAntiAffinity }} +affinity: +{{- with .Values.affinity }} + {{- toYaml . | nindent 4 }} +{{- end }} +{{- if eq .Values.podAntiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: "{{ .Values.podAntiAffinityTopologyKey }}" + labelSelector: + matchLabels: + {{- include "libchart.selectorLabels" . | nindent 12 }} +{{- else if eq .Values.podAntiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.podAntiAffinityTopologyKey }}" + labelSelector: + matchLabels: + {{- include "libchart.selectorLabels" . | nindent 14 }} +{{- end }} +{{- end }} + +{{- with .Values.tolerations }} +tolerations: + {{ toYaml . | nindent 2 }} +{{- end }} + +{{- if or (.Values.volumes) (.Values.csi) }} +volumes: + {{- if .Values.volumes }} + {{ toYaml .Values.volumes | nindent 2 }} + {{- end }} + {{- if .Values.csi }} + - name: {{ .Values.csi.name }} + persistentVolumeClaim: + claimName: {{ .Values.csi.name }} + {{- end }} +{{- end }} + +{{- end }} diff --git a/libchart/templates/_pv-secrets-store-csi-pv.tpl b/libchart/templates/_pv-secrets-store-csi-pv.tpl new file mode 100644 index 00000000..e1293f80 --- /dev/null +++ b/libchart/templates/_pv-secrets-store-csi-pv.tpl @@ -0,0 +1,32 @@ +{{- define "libchart.pv-secrets-store-csi-pv.tpl" -}} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ .Values.csi.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "libchart.labels" . | nindent 4 }} +spec: + capacity: + storage: {{ .Values.csi.storage | default "10Mi" | quote }} + accessModes: + - ReadOnlyMany + persistentVolumeReclaimPolicy: Retain + storageClassName: {{ .Values.csi.storageClassName | quote}} + csi: + driver: secrets-store.csi.k8s.com + readOnly: true + volumeHandle: kv + volumeAttributes: + providerName: {{ .Values.csi.providerName | quote}} + usePodIdentity: {{ .Values.csi.usePodIdentity | default "false" | quote }} + keyvaultName: {{ .Values.csi.keyvaultName | quote}} + objects: | + array: +{{ toYaml .Values.csi.array | indent 8 }} + resourceGroup: {{ .Values.csi.resourceGroup | quote}} + subscriptionId: {{ .Values.csi.subscriptionId | quote}} + tenantId: {{ .Values.csi.tenantId | quote}} + nodePublishSecretRef: + name: secrets-store-creds +{{- end -}} diff --git a/libchart/templates/_pv-secrets-store-csi-pvc.tpl b/libchart/templates/_pv-secrets-store-csi-pvc.tpl new file mode 100644 index 00000000..d5cc8fae --- /dev/null +++ b/libchart/templates/_pv-secrets-store-csi-pvc.tpl @@ -0,0 +1,17 @@ +{{- define "libchart.pv-secrets-store-csi-pvc.tpl" -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Values.csi.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "libchart.labels" . | nindent 4 }} +spec: + accessModes: + - ReadOnlyMany + resources: + requests: + storage: {{ .Values.csi.storage | default "10Mi" | quote }} + volumeName: {{ .Values.csi.name }} + storageClassName: {{ .Values.csi.storageClassName| quote}} +{{- end -}} diff --git a/libchart/templates/_service.tpl b/libchart/templates/_service.tpl new file mode 100644 index 00000000..600de8ac --- /dev/null +++ b/libchart/templates/_service.tpl @@ -0,0 +1,21 @@ +{{- define "libchart.service.tpl" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "libchart.name" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "libchart.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort | default "http" }} + protocol: TCP + name: {{ .Values.service.name | default "http" }} + {{ if .Values.service.extraPorts }} + {{ toYaml .Values.service.extraPorts | nindent 4 }} + {{- end }} + selector: + {{- include "libchart.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/libchart/templates/_serviceaccount.tpl b/libchart/templates/_serviceaccount.tpl new file mode 100644 index 00000000..eca2c778 --- /dev/null +++ b/libchart/templates/_serviceaccount.tpl @@ -0,0 +1,15 @@ +{{- define "libchart.serviceAccount.tpl" }} +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "libchart.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "libchart.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/libchart/templates/_statefulset.tpl b/libchart/templates/_statefulset.tpl new file mode 100644 index 00000000..58cd1a1d --- /dev/null +++ b/libchart/templates/_statefulset.tpl @@ -0,0 +1,31 @@ +{{- define "libchart.statefulset.tpl" }} +{{- if eq .Values.deployKind "statefulset" }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "libchart.name" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "libchart.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + serviceName: {{ template "libchart.name" . }} + selector: + matchLabels: + {{- include "libchart.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "libchart.labels" . | nindent 8 }} + {{- if .Values.podLabels }} + {{ toYaml .Values.podLabels | nindent 8 }} + {{- end -}} + {{- if .Values.podAnnotations }} + annotations: + {{ toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} + spec: + spec: + {{- include "libchart.pod" . | nindent 6 -}} +{{- end }} +{{- end }} diff --git a/libchart/templates/tests/test-connection.yaml b/libchart/templates/tests/test-connection.yaml new file mode 100644 index 00000000..f6c42453 --- /dev/null +++ b/libchart/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "libchart.fullname" . }}-test-connection" + labels: + {{- include "libchart.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "libchart.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/libchart/values.yaml b/libchart/values.yaml new file mode 100644 index 00000000..2b5ea6ef --- /dev/null +++ b/libchart/values.yaml @@ -0,0 +1,196 @@ +# Default values for libchart. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +name: "" + +appVersion: v1 + +image: + repository: "" + tag: "" + # pullSecrets: + # - secret1 + # - secret2 + +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +securityContext: + runAsNonRoot: true + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsUser: 1000 + # fsGroup: 2000 + +environment: {} +secrets: {} + +csi: {} +# name: secret-pv +# storage: 20Mi +# mountPath: /mnt/secrets-store +# providerName: azure +# usePodIdentity: false +# keyvaultName: mazevault-test +# resourceGroup: resGroup +# subscriptionId: subId +# tenantId: tenantId +# storageClassName: mazecsistorage +# array: +# - | +# objectName: secret1 +# objectType: secret +# objectVersion: "" +# - | +# objectName: key1 +# objectType: key +# objectVersion: "" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +podDisruptionBudget: {} + # maxUnavailable: 1 + # minAvailable: 2 + +## Pod affinity +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAntiAffinity: soft +podAntiAffinityTopologyKey: "kubernetes.io/hostname" + +## Custom Affinity settings +## Defining 'affinity' will disable any podAntiAffinity settings. +## If you still need anti-affinity, you must include the configuration here. +affinity: {} + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +extraContainerPorts: [] + +liveness: + port: 8080 + enabled: true + delay: 15 + timeout: 15 + periodSeconds: 15 +readiness: + port: 8080 + enabled: true + delay: 15 + timeout: 15 + periodSeconds: 15 + +# Service +service: + type: ClusterIP + port: 80 + targetPort: 8080 + name: http + extraPorts: [] + +# Ingress +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +traefikV2: + enabled: false + annotations: {} + middlewares: [] + ingressRoutes: [] + +istio: + enabled: false + ingress: + enabled: false + gateways: [] + hosts: + - chart-example.local + tls: + enabled: true + httpsRedirect: false + # secretName: chart-example-tls + +metrics: + enabled: true + prometheusInstance: default # Select the default prometheus instance. + + prometheusIstioSecret: default + prometheusIstioMtlsEnabled: true + + # endpoints: + # - targetPort: 8080 + # path: /metrics + +alertRules: [] + +cert: + enabled: true + annotations: {} + hosts: [] + issuer: letsencrypt-prod + issuerKind: ClusterIssuer + # secretName: chart-example-tls + # duration: 2160h # 90d (Maximum 90d) + renewBefore: 360h0m0s # 15d + +volumeMounts: [] +# - name: secret-volume +# mountPath: /app/secrets +# readOnly: true + +volumes: [] +# - name: secret-volume +# secret: +# secretName: custom-secret +# items: +# - key: ssh-pub-key +# path: id_rsa.pub + +autoscaling: + enabled: false diff --git a/nodejs/Chart.lock b/nodejs/Chart.lock new file mode 100644 index 00000000..de0b8760 --- /dev/null +++ b/nodejs/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: libchart + repository: file://../libchart + version: 0.1.0 +digest: sha256:e35a15b496d3f45163e2f993af8ab76d90ce6f0f9949d452bcd7461746840e5f +generated: "2021-04-05T19:44:31.578537705+02:00" diff --git a/nodejs/Chart.yaml b/nodejs/Chart.yaml index 62b97d3e..63dc3702 100644 --- a/nodejs/Chart.yaml +++ b/nodejs/Chart.yaml @@ -1,4 +1,8 @@ -apiVersion: v1 +apiVersion: v2 description: Node.js Helm Chart name: nodejs -version: 12.1.0 +version: 13.0.0 +dependencies: + - name: libchart + version: 0.1.0 + repository: file://../libchart diff --git a/nodejs/templates/NOTES.txt b/nodejs/templates/NOTES.txt index 1c486797..bbf96a91 100644 --- a/nodejs/templates/NOTES.txt +++ b/nodejs/templates/NOTES.txt @@ -4,16 +4,16 @@ http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "nodejs.name" . }}) + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "java.name" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ template "nodejs.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "nodejs.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + You can watch the status of by running 'kubectl get svc -w {{ template "libchart.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "libchart.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "nodejs.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "libchart.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:80 {{- end }} diff --git a/nodejs/templates/_helpers.tpl b/nodejs/templates/_helpers.tpl deleted file mode 100644 index d3cd43cc..00000000 --- a/nodejs/templates/_helpers.tpl +++ /dev/null @@ -1,30 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nodejs.name" -}} -{{- default .Release.Name .Values.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nodejs.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "nodejs.metaLabels" -}} -app.kubernetes.io/name: {{ template "nodejs.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/component: {{ default (include "nodejs.name" .) .Values.appComponent }} -app.kubernetes.io/version: {{ .Values.appVersion }} -app.kubernetes.io/part-of: {{ default (include "nodejs.name" .) .Values.appPartOf }} -app.kubernetes.io/managed-by: helm -helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -{{- end -}} - -{{- define "nodejs.selectorLabels" -}} -app.kubernetes.io/name: {{ template "nodejs.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/version: {{ .Values.appVersion }} -{{- end -}} \ No newline at end of file diff --git a/nodejs/templates/cm-certificate.yaml b/nodejs/templates/cm-certificate.yaml index 6d250117..c714ee04 100644 --- a/nodejs/templates/cm-certificate.yaml +++ b/nodejs/templates/cm-certificate.yaml @@ -1,36 +1,3 @@ -{{- $hosts := .Values.cert.hosts -}} - -{{- if and .Values.istio.enabled (.Values.istio.ingress.enabled) }} -{{ $hosts = .Values.istio.ingress.hosts }} -{{- else if .Values.ingress.enabled }} -{{ $hosts = .Values.ingress.hosts }} +{{- if .Values.cert.enabled -}} +{{- include "libchart.cm-certificate.tpl" . }} {{- end }} - -{{- if and .Values.cert.enabled ($hosts) }} - -apiVersion: {{ .Values.certmanagerApiVersion }} -kind: Certificate -metadata: - name: {{ template "nodejs.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "nodejs.metaLabels" . | nindent 4 }} - annotations: -{{ toYaml .Values.cert.annotations | indent 4 }} -spec: -{{- if .Values.cert.secretName }} - secretName: {{ .Values.cert.secretName }} -{{- else }} - secretName: {{ template "nodejs.name" . }} -{{- end }} -{{- if .Values.cert.duration }} - duration: {{ .Values.cert.duration }} -{{- end }} - renewBefore: {{ .Values.cert.renewBefore }} - commonName: {{ index $hosts 0 }} - dnsNames: -{{ $hosts | toYaml | indent 4 }} - issuerRef: - name: {{ .Values.cert.issuer | default "letsencrypt-prod" }} - kind: {{ .Values.cert.issuerKind | default "ClusterIssuer" }} -{{- end }} \ No newline at end of file diff --git a/nodejs/templates/deployment.yaml b/nodejs/templates/deployment.yaml index 25bdea20..942aa8a5 100644 --- a/nodejs/templates/deployment.yaml +++ b/nodejs/templates/deployment.yaml @@ -1,130 +1,3 @@ -{{- if .Capabilities.APIVersions.Has "apps/v1" }} -apiVersion: apps/v1 -{{ else }} -apiVersion: apps/v1beta1 +{{ if eq .Values.deployKind "deployment" }} +{{- include "libchart.deployment.tpl" . -}} {{- end }} -kind: Deployment -metadata: - name: {{ template "nodejs.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "nodejs.metaLabels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "nodejs.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "nodejs.metaLabels" . | nindent 8 }} - {{- if .Values.podLabels }} - {{ toYaml .Values.podLabels | nindent 8 }} - {{- end -}}{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range $pullSecret := .Values.image.pullSecrets }} - - name: {{ $pullSecret }} - {{- end }} -{{- end }} - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: Always - {{- if or (.Values.volumeMounts) (.Values.csi) }} - volumeMounts: - {{- if .Values.volumeMounts }} -{{ toYaml .Values.volumeMounts | indent 12 }} - {{- end }} - {{- if .Values.csi }} - - name: {{ .Values.csi.name }} - mountPath: {{ .Values.csi.mountPath | quote }} - readOnly: true - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.service.targetPort | default 8080 }} - protocol: TCP - {{ if .Values.extraPorts }} - {{ toYaml .Values.extraPorts | nindent 12 }} - {{- end }} -{{- if and (.Values.liveness) (.Values.liveness.enabled) }} - livenessProbe: - httpGet: - path: {{ .Values.liveness.path | default "/" }} - port: {{ .Values.liveness.port | default 8080 }} - initialDelaySeconds: {{ .Values.liveness.delay | default 15 }} - timeoutSeconds: {{ .Values.liveness.timeout | default 15 }} - periodSeconds: {{ .Values.liveness.periodSeconds | default 15 }} -{{- end }} -{{- if and (.Values.readiness) (.Values.readiness.enabled) }} - readinessProbe: - httpGet: - path: {{ .Values.readiness.path | default "/" }} - port: {{ .Values.readiness.port | default 8080 }} - initialDelaySeconds: {{ .Values.readiness.delay | default 15 }} - timeoutSeconds: {{ .Values.readiness.timeout | default 15 }} - periodSeconds: {{ .Values.readiness.periodSeconds | default 15 }} -{{- end }} - env: - - name: APP_ENV - value: {{ .Values.appEnv }} - {{- if .Values.secrets }} -{{ toYaml .Values.secrets | indent 10 }} - {{- end }} - {{- if .Values.environment }} -{{ toYaml .Values.environment | indent 10 }} - {{- end }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - - {{- if or .Values.affinity .Values.podAntiAffinity }} - affinity: - {{- with .Values.affinity }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if eq .Values.podAntiAffinity "hard" }} - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: "{{ .Values.podAntiAffinityTopologyKey }}" - labelSelector: - matchLabels: - {{- include "nodejs.selectorLabels" . | nindent 18 }} - {{- else if eq .Values.podAntiAffinity "soft" }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: "{{ .Values.podAntiAffinityTopologyKey }}" - labelSelector: - matchLabels: - {{- include "nodejs.selectorLabels" . | nindent 20 }} - {{- end }} - {{- end }} - - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if or (.Values.volumes) (.Values.csi) }} - volumes: - {{- if .Values.volumes }} -{{ toYaml .Values.volumes | indent 8 }} - {{- end }} - {{- if .Values.csi }} - - name: {{ .Values.csi.name }} - persistentVolumeClaim: - claimName: {{ .Values.csi.name }} - {{ end }} - {{ end }} diff --git a/nodejs/templates/hpa.yaml b/nodejs/templates/hpa.yaml new file mode 100644 index 00000000..1a9351cf --- /dev/null +++ b/nodejs/templates/hpa.yaml @@ -0,0 +1,3 @@ +{{- if .Values.autoscaling.enabled }} +{{- include "libchart.hpa.tpl" . }} +{{- end }} diff --git a/nodejs/templates/ingress.yaml b/nodejs/templates/ingress.yaml index 7dac7ab0..25c77bfb 100644 --- a/nodejs/templates/ingress.yaml +++ b/nodejs/templates/ingress.yaml @@ -1,40 +1,3 @@ {{- if .Values.ingress.enabled -}} -{{- $name := include "nodejs.name" . -}} -{{- $ingressPath := .Values.ingress.path -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "nodejs.metaLabels" . | nindent 4 }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $ingressPath }} - backend: - serviceName: {{ $name }} - servicePort: http - {{- end }} +{{- include "libchart.ingress.tpl" . -}} {{- end }} diff --git a/nodejs/templates/pod-disruption-budget.yaml b/nodejs/templates/pod-disruption-budget.yaml index dc553e5c..c00e2856 100644 --- a/nodejs/templates/pod-disruption-budget.yaml +++ b/nodejs/templates/pod-disruption-budget.yaml @@ -1,14 +1,3 @@ {{- if .Values.podDisruptionBudget -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "nodejs.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "nodejs.metaLabels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "nodejs.selectorLabels" . | nindent 6 }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end -}} \ No newline at end of file +{{- include "libchart.pdb.tpl" . -}} +{{- end }} diff --git a/nodejs/templates/pv-secrets-store-csi-pv.yaml b/nodejs/templates/pv-secrets-store-csi-pv.yaml index 4ee4837f..0dab4e4b 100644 --- a/nodejs/templates/pv-secrets-store-csi-pv.yaml +++ b/nodejs/templates/pv-secrets-store-csi-pv.yaml @@ -1,32 +1,3 @@ {{- if .Values.csi -}} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ .Values.csi.name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "nodejs.metaLabels" . | nindent 4 }} -spec: - capacity: - storage: {{ .Values.csi.storage | default "10Mi" | quote }} - accessModes: - - ReadOnlyMany - persistentVolumeReclaimPolicy: Retain - storageClassName: {{ .Values.csi.storageClassName | quote}} - csi: - driver: secrets-store.csi.k8s.com - readOnly: true - volumeHandle: kv - volumeAttributes: - providerName: {{ .Values.csi.providerName | quote}} - usePodIdentity: {{ .Values.csi.usePodIdentity | default "false" | quote }} - keyvaultName: {{ .Values.csi.keyvaultName | quote}} - objects: | - array: -{{ toYaml .Values.csi.array | indent 10 }} - resourceGroup: {{ .Values.csi.resourceGroup | quote}} - subscriptionId: {{ .Values.csi.subscriptionId | quote}} - tenantId: {{ .Values.csi.tenantId | quote}} - nodePublishSecretRef: - name: secrets-store-creds -{{- end -}} \ No newline at end of file +{{- include "libchart.pv-secrets-store-csi-pv.tpl" . }} +{{- end -}} diff --git a/nodejs/templates/pv-secrets-store-csi-pvc.yaml b/nodejs/templates/pv-secrets-store-csi-pvc.yaml index 576ac5e6..7560ad1a 100644 --- a/nodejs/templates/pv-secrets-store-csi-pvc.yaml +++ b/nodejs/templates/pv-secrets-store-csi-pvc.yaml @@ -1,17 +1,3 @@ {{- if .Values.csi -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ .Values.csi.name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "nodejs.metaLabels" . | nindent 4 }} -spec: - accessModes: - - ReadOnlyMany - resources: - requests: - storage: {{ .Values.csi.storage | default "10Mi" | quote }} - volumeName: {{ .Values.csi.name }} - storageClassName: {{ .Values.csi.storageClassName| quote}} -{{- end -}} \ No newline at end of file +{{- include "libchart.pv-secrets-store-csi-pvc.tpl" . }} +{{- end -}} diff --git a/nodejs/templates/service-account.yaml b/nodejs/templates/service-account.yaml new file mode 100644 index 00000000..402b6356 --- /dev/null +++ b/nodejs/templates/service-account.yaml @@ -0,0 +1 @@ +{{- include "libchart.serviceAccount.tpl" . -}} diff --git a/nodejs/templates/service.yaml b/nodejs/templates/service.yaml index d3f1be90..5e1be494 100644 --- a/nodejs/templates/service.yaml +++ b/nodejs/templates/service.yaml @@ -1,19 +1 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "nodejs.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "nodejs.metaLabels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort | default "http" }} - protocol: TCP - name: {{ .Values.service.name | default "http" }} - {{ if .Values.service.extraPorts }} - {{ toYaml .Values.service.extraPorts | nindent 4 }} - {{- end }} - selector: - {{- include "nodejs.selectorLabels" . | nindent 4 }} \ No newline at end of file +{{- include "libchart.service.tpl" . -}} diff --git a/nodejs/templates/servicemonitor.yaml b/nodejs/templates/servicemonitor.yaml index c8e7ac8a..fe21688f 100644 --- a/nodejs/templates/servicemonitor.yaml +++ b/nodejs/templates/servicemonitor.yaml @@ -2,17 +2,17 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ template "nodejs.name" . }} + name: {{ template "libchart.name" . }} namespace: {{ .Release.Namespace }} labels: - {{- include "nodejs.metaLabels" . | nindent 4 }} + {{- include "libchart.labels" . | nindent 4 }} {{- if .Values.metrics.enabled }} prometheus: {{ .Values.metrics.prometheusInstance }} {{- end }} spec: selector: matchLabels: - {{- include "nodejs.selectorLabels" . | nindent 6 }} + {{- include "libchart.selectorLabels" . | nindent 6 }} endpoints: {{- if .Values.metrics.endpoints }} {{ toYaml .Values.metrics.endpoints | indent 4 }} diff --git a/nodejs/templates/statefulset.yaml b/nodejs/templates/statefulset.yaml new file mode 100644 index 00000000..cf389c3c --- /dev/null +++ b/nodejs/templates/statefulset.yaml @@ -0,0 +1,3 @@ +{{ if eq .Values.deployKind "statefulset" }} +{{- include "libchart.statefulset.tpl" . -}} +{{- end }} diff --git a/nodejs/templates/traefik-v2-ingress-route.yaml b/nodejs/templates/traefik-v2-ingress-route.yaml new file mode 100644 index 00000000..907b7114 --- /dev/null +++ b/nodejs/templates/traefik-v2-ingress-route.yaml @@ -0,0 +1,19 @@ +{{- if .Values.traefikV2.enabled }} +{{- $name := include "libchart.name" . }} +{{- $labels := include "libchart.labels" . }} +{{ range $i := .Values.traefikV2.ingressRoutes }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: "{{ $name }}-{{ $i.name }}" + {{- if $i.annotations }} + annotations: + {{ toYaml $i.annotations | nindent 4 }} + {{- end }} + labels: + {{- $labels | nindent 4 }} +spec: + {{- toYaml $i.spec | nindent 2 }} +{{- end }} +{{- end }} diff --git a/nodejs/templates/traefik-v2-middleware.yaml b/nodejs/templates/traefik-v2-middleware.yaml new file mode 100644 index 00000000..f3acb18d --- /dev/null +++ b/nodejs/templates/traefik-v2-middleware.yaml @@ -0,0 +1,15 @@ +{{- if .Values.traefikV2.enabled }} +{{- $name := include "jalibchartva.name" . }} +{{- $labels := include "libchart.metaLabels" . }} +{{ range $i := .Values.traefikV2.middlewares }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: "{{ $name }}-{{ $i.name }}" + labels: + {{- $labels | nindent 4 }} +spec: + {{- toYaml $i.spec | nindent 2 }} +{{- end }} +{{- end }} diff --git a/nodejs/values.yaml b/nodejs/values.yaml index a957246d..fa8c0641 100644 --- a/nodejs/values.yaml +++ b/nodejs/values.yaml @@ -1,11 +1,11 @@ -# Default values for nodejs. +# Default values for chart. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 name: "" -appEnv: production +# javaOptions: appVersion: v1 image: @@ -15,15 +15,30 @@ image: # - secret1 # - secret2 +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podLabels: {} -podDisruptionBudget: {} - # maxUnavailable: 1 - # minAvailable: 2 securityContext: runAsNonRoot: true - + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsUser: 1000 + # fsGroup: 2000 + environment: {} secrets: {} @@ -48,6 +63,46 @@ csi: {} # objectType: key # objectVersion: "" +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +podDisruptionBudget: {} + # maxUnavailable: 1 + # minAvailable: 2 + +## Pod affinity +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAntiAffinity: soft +podAntiAffinityTopologyKey: "kubernetes.io/hostname" + +## Custom Affinity settings +## Defining 'affinity' will disable any podAntiAffinity settings. +## If you still need anti-affinity, you must include the configuration here. +affinity: {} + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +extraContainerPorts: [] + liveness: port: 8080 enabled: true @@ -60,13 +115,16 @@ readiness: delay: 15 timeout: 15 periodSeconds: 15 - + +# Service service: type: ClusterIP port: 80 targetPort: 8080 + name: http extraPorts: [] +# Ingress ingress: enabled: false annotations: {} @@ -80,11 +138,16 @@ ingress: # hosts: # - chart-example.local +traefikV2: + enabled: false + annotations: {} + middlewares: [] + ingressRoutes: [] + istio: enabled: false ingress: enabled: false - # gatewayName: appname-gw gateways: [] hosts: - chart-example.local @@ -93,40 +156,10 @@ istio: httpsRedirect: false # secretName: chart-example-tls -extraPorts: [] - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -## Pod affinity -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -podAntiAffinity: soft -podAntiAffinityTopologyKey: "kubernetes.io/hostname" - -## Custom Affinity settings -## Defining 'affinity' will disable any podAntiAffinity settings. -## If you still need anti-affinity, you must include the configuration here. -affinity: {} - -# We need to set targetPort (Where metrics are hosted) so that it can be collected on the outside of the SMESH metrics: enabled: true prometheusInstance: default # Select the default prometheus instance. - + prometheusIstioSecret: default prometheusIstioMtlsEnabled: true @@ -142,7 +175,7 @@ cert: hosts: [] issuer: letsencrypt-prod issuerKind: ClusterIssuer - # secretName: nodejs-appname-tls + # secretName: java-appname-tls # duration: 2160h # 90d (Maximum 90d) renewBefore: 360h0m0s # 15d @@ -159,4 +192,7 @@ volumes: [] # - key: ssh-pub-key # path: id_rsa.pub -certmanagerApiVersion: cert-manager.io/v1alpha2 \ No newline at end of file +deployKind: deployment + +autoscaling: + enabled: false diff --git a/policy/deny.rego b/policy/deny.rego index dc927b49..2468d67a 100644 --- a/policy/deny.rego +++ b/policy/deny.rego @@ -5,38 +5,36 @@ import data.kubernetes name = input.metadata.name deny[msg] { - kubernetes.is_deployment - not input.spec.template.spec.securityContext.runAsNonRoot + kubernetes.is_deployment + not input.spec.template.spec.securityContext.runAsNonRoot - msg = sprintf("Containers must not run as root in Deployment %s", [name]) + msg = sprintf("Containers must not run as root in Deployment %s", [name]) } podSelectors { - input.metadata.labels["app.kubernetes.io/name"] == input.spec.selector.matchLabels["app.kubernetes.io/name"] - input.metadata.labels["app.kubernetes.io/instance"] == input.spec.selector.matchLabels["app.kubernetes.io/instance"] - input.metadata.labels["app.kubernetes.io/version"] == input.spec.selector.matchLabels["app.kubernetes.io/version"] + input.metadata.labels["app.kubernetes.io/name"] == input.spec.selector.matchLabels["app.kubernetes.io/name"] + input.metadata.labels["app.kubernetes.io/instance"] == input.spec.selector.matchLabels["app.kubernetes.io/instance"] } deny[msg] { - kubernetes.is_deployment - not podSelectors + kubernetes.is_deployment + not podSelectors - msg = sprintf("Deployment %s must provide have correct labels for pod selectors", [name]) + msg = sprintf("Deployment %s must provide have correct labels for pod selectors", [name]) } svcSelectors { - input.metadata.labels["app.kubernetes.io/name"] == input.spec.selector["app.kubernetes.io/name"] - input.metadata.labels["app.kubernetes.io/instance"] == input.spec.selector["app.kubernetes.io/instance"] - input.metadata.labels["app.kubernetes.io/version"] == input.spec.selector["app.kubernetes.io/version"] + input.metadata.labels["app.kubernetes.io/name"] == input.spec.selector["app.kubernetes.io/name"] + input.metadata.labels["app.kubernetes.io/instance"] == input.spec.selector["app.kubernetes.io/instance"] } deny[msg] { - kubernetes.is_service - not svcSelectors - msg = sprintf("Service %s must provide have correct labels for pod selectors", [name]) + kubernetes.is_service + not svcSelectors + msg = sprintf("Service %s must provide have correct labels for pod selectors", [name]) } deny[msg] { - not input.metadata.namespace - msg = sprintf("Object should be namespaced %s", [name]) -} \ No newline at end of file + not input.metadata.namespace + msg = sprintf("Object should be namespaced %s", [name]) +} diff --git a/policy/labels.rego b/policy/labels.rego index 9ac39922..8a2d0629 100644 --- a/policy/labels.rego +++ b/policy/labels.rego @@ -5,16 +5,15 @@ import data.kubernetes name = input.metadata.name labels { - input.metadata.labels["app.kubernetes.io/name"] - input.metadata.labels["app.kubernetes.io/instance"] - input.metadata.labels["app.kubernetes.io/version"] - input.metadata.labels["app.kubernetes.io/component"] - input.metadata.labels["app.kubernetes.io/part-of"] - input.metadata.labels["app.kubernetes.io/managed-by"] + input.metadata.labels["app.kubernetes.io/name"] + input.metadata.labels["app.kubernetes.io/instance"] + input.metadata.labels["app.kubernetes.io/component"] + input.metadata.labels["app.kubernetes.io/part-of"] + input.metadata.labels["app.kubernetes.io/managed-by"] } deny[msg] { - kubernetes.is_deployment - not labels - msg = sprintf("%s must include Kubernetes recommended labels: https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels ", [name]) + kubernetes.is_deployment + not labels + msg = sprintf("%s must include Kubernetes recommended labels: https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels ", [name]) } diff --git a/web/Chart.yaml b/web/Chart.yaml index 2b5a1a19..0f62abd6 100644 --- a/web/Chart.yaml +++ b/web/Chart.yaml @@ -1,5 +1,9 @@ -apiVersion: v1 +apiVersion: v2 appVersion: "1.0" description: Helm chart for deployment of web servers name: web -version: 9.2.0 +version: 10.0.0 +dependencies: + - name: libchart + version: 0.1.0 + repository: file://../libchart diff --git a/web/templates/NOTES.txt b/web/templates/NOTES.txt index ff463a2c..bbf96a91 100644 --- a/web/templates/NOTES.txt +++ b/web/templates/NOTES.txt @@ -4,16 +4,16 @@ http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "web.fullname" . }}) + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "java.name" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ template "web.-istio.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "web.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + You can watch the status of by running 'kubectl get svc -w {{ template "libchart.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "libchart.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "web.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "libchart.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:80 {{- end }} diff --git a/web/templates/_helpers.tpl b/web/templates/_helpers.tpl deleted file mode 100644 index adcbeff1..00000000 --- a/web/templates/_helpers.tpl +++ /dev/null @@ -1,30 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "web.name" -}} -{{- default .Release.Name .Values.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "web.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "web.metaLabels" -}} -app.kubernetes.io/name: {{ template "web.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/component: {{ default (include "web.name" .) .Values.appComponent }} -app.kubernetes.io/version: {{ .Values.appVersion }} -app.kubernetes.io/part-of: {{ default (include "web.name" .) .Values.appPartOf }} -app.kubernetes.io/managed-by: helm -helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -{{- end -}} - -{{- define "web.selectorLabels" -}} -app.kubernetes.io/name: {{ template "web.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/version: {{ .Values.appVersion }} -{{- end -}} \ No newline at end of file diff --git a/web/templates/cm-certificate.yaml b/web/templates/cm-certificate.yaml index 8fab2351..c714ee04 100644 --- a/web/templates/cm-certificate.yaml +++ b/web/templates/cm-certificate.yaml @@ -1,36 +1,3 @@ -{{- $hosts := .Values.cert.hosts -}} - -{{- if and .Values.istio.enabled (.Values.istio.ingress.enabled) }} -{{ $hosts = .Values.istio.ingress.hosts }} -{{- else if .Values.ingress.enabled }} -{{ $hosts = .Values.ingress.hosts }} +{{- if .Values.cert.enabled -}} +{{- include "libchart.cm-certificate.tpl" . }} {{- end }} - -{{- if and .Values.cert.enabled ($hosts) }} - -apiVersion: {{ .Values.certmanagerApiVersion }} -kind: Certificate -metadata: - name: {{ template "web.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "web.metaLabels" . | nindent 4 }} - annotations: -{{ toYaml .Values.cert.annotations | indent 4 }} -spec: -{{- if .Values.cert.secretName }} - secretName: {{ .Values.cert.secretName }} -{{- else }} - secretName: {{ template "web.name" . }} -{{- end }} -{{- if .Values.cert.duration }} - duration: {{ .Values.cert.duration }} -{{- end }} - renewBefore: {{ .Values.cert.renewBefore }} - commonName: {{ index $hosts 0 }} - dnsNames: -{{ $hosts | toYaml | indent 4 }} - issuerRef: - name: {{ .Values.cert.issuer | default "letsencrypt-prod" }} - kind: {{ .Values.cert.issuerKind | default "ClusterIssuer" }} -{{- end }} \ No newline at end of file diff --git a/web/templates/deployment.yaml b/web/templates/deployment.yaml index e369dbf5..942aa8a5 100644 --- a/web/templates/deployment.yaml +++ b/web/templates/deployment.yaml @@ -1,132 +1,3 @@ -{{- if .Capabilities.APIVersions.Has "apps/v1" }} -apiVersion: apps/v1 -{{ else }} -apiVersion: apps/v1beta1 +{{ if eq .Values.deployKind "deployment" }} +{{- include "libchart.deployment.tpl" . -}} {{- end }} -kind: Deployment -metadata: - name: {{ template "web.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "web.metaLabels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "web.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "web.metaLabels" . | nindent 8 }} - {{- if .Values.podLabels }} - {{ toYaml .Values.podLabels | nindent 8 }} - {{- end -}} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if not (typeIs "string" .Values.image) }} -{{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range $pullSecret := .Values.image.pullSecrets }} - - name: {{ $pullSecret }} - {{- end }} -{{- end }} -{{- end }} - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} - containers: - - name: {{ .Chart.Name }} - {{- if typeIs "string" .Values.image }} - image: "{{ .Values.image }}" - {{- else }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- end }} - imagePullPolicy: Always - {{- if or (.Values.volumeMounts) (.Values.csi) }} - volumeMounts: - {{- if .Values.volumeMounts }} -{{ toYaml .Values.volumeMounts | indent 10 }} - {{- end }} - {{- if .Values.csi }} - - name: {{ .Values.csi.name }} - mountPath: {{ .Values.csi.mountPath | quote }} - readOnly: true - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.service.targetPort | default 80 }} - protocol: TCP - {{ if .Values.extraPorts }} - {{ toYaml .Values.extraPorts | nindent 12 }} - {{- end }} -{{- if and (.Values.liveness) (.Values.liveness.enabled) }} - livenessProbe: - httpGet: - path: {{ .Values.liveness.path | default "/" }} - port: {{ .Values.liveness.port | default 80 }} - initialDelaySeconds: {{ .Values.liveness.delay | default 15 }} - timeoutSeconds: {{ .Values.liveness.timeout | default 15 }} - periodSeconds: {{ .Values.liveness.periodSeconds | default 15 }} -{{- end }} -{{- if and (.Values.readiness) (.Values.readiness.enabled) }} - readinessProbe: - httpGet: - path: {{ .Values.readiness.path | default "/" }} - port: {{ .Values.readiness.port | default 80 }} - initialDelaySeconds: {{ .Values.readiness.delay | default 15 }} - timeoutSeconds: {{ .Values.readiness.timeout | default 15 }} - periodSeconds: {{ .Values.readiness.periodSeconds | default 15 }} -{{- end }} - {{- if or (.Values.environment) }} - env: -{{ toYaml .Values.environment | indent 12}} - {{- end }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - - {{- if or .Values.affinity .Values.podAntiAffinity }} - affinity: - {{- with .Values.affinity }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if eq .Values.podAntiAffinity "hard" }} - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: "{{ .Values.podAntiAffinityTopologyKey }}" - labelSelector: - matchLabels: - {{- include "web.selectorLabels" . | nindent 18 }} - {{- else if eq .Values.podAntiAffinity "soft" }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: "{{ .Values.podAntiAffinityTopologyKey }}" - labelSelector: - matchLabels: - {{- include "web.selectorLabels" . | nindent 20 }} - {{- end }} - {{- end }} - - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if or (.Values.volumes) (.Values.csi) }} - volumes: - {{- if .Values.volumes }} -{{ toYaml .Values.volumes | indent 8 }} - {{- end }} - {{- if .Values.csi }} - - name: {{ .Values.csi.name }} - persistentVolumeClaim: - claimName: {{ .Values.csi.name }} - {{ end }} - {{ end }} diff --git a/web/templates/hpa.yaml b/web/templates/hpa.yaml new file mode 100644 index 00000000..1a9351cf --- /dev/null +++ b/web/templates/hpa.yaml @@ -0,0 +1,3 @@ +{{- if .Values.autoscaling.enabled }} +{{- include "libchart.hpa.tpl" . }} +{{- end }} diff --git a/web/templates/ingress.yaml b/web/templates/ingress.yaml index 814ae837..25c77bfb 100644 --- a/web/templates/ingress.yaml +++ b/web/templates/ingress.yaml @@ -1,52 +1,3 @@ {{- if .Values.ingress.enabled -}} -{{- $name := include "web.name" . -}} -{{- $ingressPath := .Values.ingress.path -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "web.metaLabels" . | nindent 4 }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . }} - {{- end }} - {{- if .secretName }} - secretName: {{ .secretName }} - {{- else }} - secretName: {{ $name }} - {{- end }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $ingressPath }} - backend: - serviceName: {{ $name }} - servicePort: http - {{- if $.Values.ingress.extraServices }} - {{- range $.Values.ingress.extraServices.paths }} - - path: {{ .path }} - backend: - serviceName: {{ .backend.serviceName }} - servicePort: {{ .backend.servicePort }} - {{- end }} - {{- end }} - {{- end }} +{{- include "libchart.ingress.tpl" . -}} {{- end }} diff --git a/web/templates/pod-disruption-budget.yaml b/web/templates/pod-disruption-budget.yaml index 8ef59d59..c00e2856 100644 --- a/web/templates/pod-disruption-budget.yaml +++ b/web/templates/pod-disruption-budget.yaml @@ -1,14 +1,3 @@ {{- if .Values.podDisruptionBudget -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "web.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "web.metaLabels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "web.selectorLabels" . | nindent 8 }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end -}} \ No newline at end of file +{{- include "libchart.pdb.tpl" . -}} +{{- end }} diff --git a/web/templates/pv-secrets-store-csi-pv.yaml b/web/templates/pv-secrets-store-csi-pv.yaml index 66033d04..0dab4e4b 100644 --- a/web/templates/pv-secrets-store-csi-pv.yaml +++ b/web/templates/pv-secrets-store-csi-pv.yaml @@ -1,32 +1,3 @@ {{- if .Values.csi -}} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ .Values.csi.name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "web.metaLabels" . | nindent 4 }} -spec: - capacity: - storage: {{ .Values.csi.storage | default "10Mi" | quote }} - accessModes: - - ReadOnlyMany - persistentVolumeReclaimPolicy: Retain - storageClassName: {{ .Values.csi.storageClassName | quote}} - csi: - driver: secrets-store.csi.k8s.com - readOnly: true - volumeHandle: kv - volumeAttributes: - providerName: {{ .Values.csi.providerName | quote}} - usePodIdentity: {{ .Values.csi.usePodIdentity | default "false" | quote }} - keyvaultName: {{ .Values.csi.keyvaultName | quote}} - objects: | - array: -{{ toYaml .Values.csi.array | indent 10 }} - resourceGroup: {{ .Values.csi.resourceGroup | quote}} - subscriptionId: {{ .Values.csi.subscriptionId | quote}} - tenantId: {{ .Values.csi.tenantId | quote}} - nodePublishSecretRef: - name: secrets-store-creds -{{- end -}} \ No newline at end of file +{{- include "libchart.pv-secrets-store-csi-pv.tpl" . }} +{{- end -}} diff --git a/web/templates/pv-secrets-store-csi-pvc.yaml b/web/templates/pv-secrets-store-csi-pvc.yaml index e969bcdd..7560ad1a 100644 --- a/web/templates/pv-secrets-store-csi-pvc.yaml +++ b/web/templates/pv-secrets-store-csi-pvc.yaml @@ -1,17 +1,3 @@ {{- if .Values.csi -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ .Values.csi.name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "web.metaLabels" . | nindent 4 }} -spec: - accessModes: - - ReadOnlyMany - resources: - requests: - storage: {{ .Values.csi.storage | default "10Mi" | quote }} - volumeName: {{ .Values.csi.name }} - storageClassName: {{ .Values.csi.storageClassName| quote}} -{{- end -}} \ No newline at end of file +{{- include "libchart.pv-secrets-store-csi-pvc.tpl" . }} +{{- end -}} diff --git a/web/templates/service-account.yaml b/web/templates/service-account.yaml new file mode 100644 index 00000000..402b6356 --- /dev/null +++ b/web/templates/service-account.yaml @@ -0,0 +1 @@ +{{- include "libchart.serviceAccount.tpl" . -}} diff --git a/web/templates/service.yaml b/web/templates/service.yaml index 18757b67..5e1be494 100644 --- a/web/templates/service.yaml +++ b/web/templates/service.yaml @@ -1,19 +1 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "web.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "web.metaLabels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort | default "http" }} - protocol: TCP - name: {{ .Values.service.name | default "http" }} - {{ if .Values.service.extraPorts }} - {{ toYaml .Values.service.extraPorts | nindent 4 }} - {{- end }} - selector: - {{- include "web.selectorLabels" . | nindent 4 }} \ No newline at end of file +{{- include "libchart.service.tpl" . -}} diff --git a/web/templates/servicemonitor.yaml b/web/templates/servicemonitor.yaml index 66c679d3..fe21688f 100644 --- a/web/templates/servicemonitor.yaml +++ b/web/templates/servicemonitor.yaml @@ -2,17 +2,17 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ template "web.name" . }} + name: {{ template "libchart.name" . }} namespace: {{ .Release.Namespace }} labels: - {{- include "web.metaLabels" . | nindent 4 }} + {{- include "libchart.labels" . | nindent 4 }} {{- if .Values.metrics.enabled }} prometheus: {{ .Values.metrics.prometheusInstance }} {{- end }} spec: selector: matchLabels: - {{- include "web.selectorLabels" . | nindent 8 }} + {{- include "libchart.selectorLabels" . | nindent 6 }} endpoints: {{- if .Values.metrics.endpoints }} {{ toYaml .Values.metrics.endpoints | indent 4 }} diff --git a/web/templates/statefulset.yaml b/web/templates/statefulset.yaml new file mode 100644 index 00000000..cf389c3c --- /dev/null +++ b/web/templates/statefulset.yaml @@ -0,0 +1,3 @@ +{{ if eq .Values.deployKind "statefulset" }} +{{- include "libchart.statefulset.tpl" . -}} +{{- end }} diff --git a/web/templates/traefik-v2-ingress-route.yaml b/web/templates/traefik-v2-ingress-route.yaml new file mode 100644 index 00000000..907b7114 --- /dev/null +++ b/web/templates/traefik-v2-ingress-route.yaml @@ -0,0 +1,19 @@ +{{- if .Values.traefikV2.enabled }} +{{- $name := include "libchart.name" . }} +{{- $labels := include "libchart.labels" . }} +{{ range $i := .Values.traefikV2.ingressRoutes }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: "{{ $name }}-{{ $i.name }}" + {{- if $i.annotations }} + annotations: + {{ toYaml $i.annotations | nindent 4 }} + {{- end }} + labels: + {{- $labels | nindent 4 }} +spec: + {{- toYaml $i.spec | nindent 2 }} +{{- end }} +{{- end }} diff --git a/web/templates/traefik-v2-middleware.yaml b/web/templates/traefik-v2-middleware.yaml new file mode 100644 index 00000000..f3acb18d --- /dev/null +++ b/web/templates/traefik-v2-middleware.yaml @@ -0,0 +1,15 @@ +{{- if .Values.traefikV2.enabled }} +{{- $name := include "jalibchartva.name" . }} +{{- $labels := include "libchart.metaLabels" . }} +{{ range $i := .Values.traefikV2.middlewares }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: "{{ $name }}-{{ $i.name }}" + labels: + {{- $labels | nindent 4 }} +spec: + {{- toYaml $i.spec | nindent 2 }} +{{- end }} +{{- end }} diff --git a/web/values.yaml b/web/values.yaml index 13ef86b6..fa8c0641 100644 --- a/web/values.yaml +++ b/web/values.yaml @@ -1,15 +1,13 @@ -# Default values for web. +# Default values for chart. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 name: "" +# javaOptions: appVersion: v1 - -# Full image repository with tag, needed for Flux automation -# image: "my.repo.io/my/image:my-tag" image: repository: "" tag: "" @@ -17,18 +15,31 @@ image: # - secret1 # - secret2 +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podLabels: {} -podDisruptionBudget: {} - # maxUnavailable: 1 - # minAvailable: 2 securityContext: runAsNonRoot: true + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsUser: 1000 + # fsGroup: 2000 environment: {} -# - name: APP_ENV -# value: "production" secrets: {} csi: {} @@ -52,25 +63,68 @@ csi: {} # objectType: key # objectVersion: "" +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +podDisruptionBudget: {} + # maxUnavailable: 1 + # minAvailable: 2 + +## Pod affinity +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAntiAffinity: soft +podAntiAffinityTopologyKey: "kubernetes.io/hostname" + +## Custom Affinity settings +## Defining 'affinity' will disable any podAntiAffinity settings. +## If you still need anti-affinity, you must include the configuration here. +affinity: {} + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +extraContainerPorts: [] + liveness: + port: 8080 enabled: true - port: 80 delay: 15 timeout: 15 periodSeconds: 15 readiness: + port: 8080 enabled: true - port: 80 delay: 15 timeout: 15 periodSeconds: 15 +# Service service: type: ClusterIP port: 80 - targetPort: 80 + targetPort: 8080 + name: http extraPorts: [] +# Ingress ingress: enabled: false annotations: {} @@ -83,17 +137,17 @@ ingress: # - secretName: chart-example-tls # hosts: # - chart-example.local - extraServices: {} - # paths: - # - path: /api - # backend: - # serviceName: some-other-backend - # servicePort: 81 + +traefikV2: + enabled: false + annotations: {} + middlewares: [] + ingressRoutes: [] + istio: enabled: false ingress: enabled: false - # gatewayName: appname-gw gateways: [] hosts: - chart-example.local @@ -102,36 +156,6 @@ istio: httpsRedirect: false # secretName: chart-example-tls -extraPorts: [] - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -## Pod affinity -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -podAntiAffinity: soft -podAntiAffinityTopologyKey: "kubernetes.io/hostname" - -## Custom Affinity settings -## Defining 'affinity' will disable any podAntiAffinity settings. -## If you still need anti-affinity, you must include the configuration here. -affinity: {} - -# We need to set targetPort (Where metrics are hosted) so that it can be collected on the outside of the SMESH metrics: enabled: true prometheusInstance: default # Select the default prometheus instance. @@ -151,8 +175,8 @@ cert: hosts: [] issuer: letsencrypt-prod issuerKind: ClusterIssuer - # secretName: web-appname-tls - # duration: 1440h + # secretName: java-appname-tls + # duration: 2160h # 90d (Maximum 90d) renewBefore: 360h0m0s # 15d volumeMounts: [] @@ -168,4 +192,7 @@ volumes: [] # - key: ssh-pub-key # path: id_rsa.pub -certmanagerApiVersion: cert-manager.io/v1alpha2 +deployKind: deployment + +autoscaling: + enabled: false