diff --git a/.github/ct-install-config/chart_schema.yaml b/.github/ct-install-config/chart_schema.yaml index 59bbdd47b4..bf9c1d981e 100644 --- a/.github/ct-install-config/chart_schema.yaml +++ b/.github/ct-install-config/chart_schema.yaml @@ -1,5 +1,4 @@ name: str(required=True) -title: str(required=True) description: str(required=True) version: str(required=True) type: str(required=True) @@ -17,7 +16,8 @@ condition: str(required=False) keywords: list(str(), required=False) tags: str(required=False) maintainers: list(include('maintainer')) -annotations: map(str(), str(), required=False) +annotations: + title: str(required=True) --- maintainer: name: str() diff --git a/.github/ct-install-config/charts-ct-install.yaml b/.github/ct-install-config/charts-ct-install.yaml new file mode 100644 index 0000000000..cd5652ebd0 --- /dev/null +++ b/.github/ct-install-config/charts-ct-install.yaml @@ -0,0 +1,15 @@ +remote: origin +target-branch: master +helm-extra-args: --timeout 600s +# This is too verbose, contains the rendered k8s objects +# helm-extra-args: --timeout 600s --debug +chart-yaml-schema: .github/ct-install-config/chart_schema.yaml +debug: false +# Also test upgrade on each app/ci-values +upgrade: true +chart-dirs: + - library/ix-dev/enterprise + - library/ix-dev/community +excluded-charts: + - library/common-test + - library/common diff --git a/.github/ct-install-config/charts-ct-lint.yaml b/.github/ct-install-config/charts-ct-lint.yaml new file mode 100644 index 0000000000..1747268800 --- /dev/null +++ b/.github/ct-install-config/charts-ct-lint.yaml @@ -0,0 +1,14 @@ +remote: origin +target-branch: master +helm-extra-args: --timeout 600s --debug +lint-conf: .github/ct-install-config/lint-conf.yaml +chart-yaml-schema: .github/ct-install-config/chart_schema.yaml +# Check that the version in Chart.yaml is incremented +check-version-increment: true +debug: true +chart-dirs: + - library/ix-dev/enterprise + - library/ix-dev/community +excluded-charts: + - library/common-test + - library/common diff --git a/.github/ct-install-config/ct-install.yaml b/.github/ct-install-config/common-ct-install.yaml similarity index 63% rename from .github/ct-install-config/ct-install.yaml rename to .github/ct-install-config/common-ct-install.yaml index 45121f564e..66e4ba55df 100644 --- a/.github/ct-install-config/ct-install.yaml +++ b/.github/ct-install-config/common-ct-install.yaml @@ -1,8 +1,11 @@ remote: origin target-branch: master +# Print helm debug output, contains the rendered k8s objects helm-extra-args: --timeout 600s --debug chart-yaml-schema: .github/ct-install-config/chart_schema.yaml +debug: true chart-dirs: - library - - charts +charts: + - library/common-test excluded-charts: [] diff --git a/.github/ct-install-config/ct-lint.yaml b/.github/ct-install-config/common-ct-lint.yaml similarity index 50% rename from .github/ct-install-config/ct-lint.yaml rename to .github/ct-install-config/common-ct-lint.yaml index 6dc691ffe1..16b1bbb925 100644 --- a/.github/ct-install-config/ct-lint.yaml +++ b/.github/ct-install-config/common-ct-lint.yaml @@ -1,7 +1,13 @@ remote: origin target-branch: master helm-extra-args: --timeout 600s --debug +lint-conf: .github/ct-install-config/lint-conf.yaml chart-yaml-schema: .github/ct-install-config/chart_schema.yaml +# Check that the version in Chart.yaml is incremented +check-version-increment: true +debug: true chart-dirs: - library +charts: + - library/common-test excluded-charts: [] diff --git a/.github/workflows/charts_tests.yaml b/.github/workflows/charts_tests.yaml new file mode 100644 index 0000000000..ff2f6ae09c --- /dev/null +++ b/.github/workflows/charts_tests.yaml @@ -0,0 +1,124 @@ +name: Charts Tests + +on: + pull_request: + paths: + - library/** + - '!library/common' + - '!library/common-test' + - .github/ct-install-config/** + - '!.github/ct-install-config/common*' + - .github/workflows/charts_test.yaml + +jobs: + lint: + name: Lint Charts + runs-on: ubuntu-22.04 + strategy: + fail-fast: false + matrix: + helm-version: + - v3.9.4 + - v3.10.3 + - v3.11.1 + steps: + - name: Checkout + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + with: + # Depth 0 is required for chart-testing to work properly + fetch-depth: 0 + + - name: Install Helm + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # tag=v3 + with: + version: ${{ matrix.helm-version }} + + - uses: actions/setup-python@2c3dd9e7e29afd70cc0950079bde6c979d1f69f9 # tag=v4 + with: + python-version: "3.10" + + - name: Set up chart-testing + uses: helm/chart-testing-action@afea100a513515fbd68b0e72a7bb0ae34cb62aec # tag=v2.3.1 + + - name: Run chart-testing (lint) + id: lint + run: | + ct lint --config .github/ct-install-config/charts-ct-lint.yaml + + install: + needs: + - lint + name: Install Charts + runs-on: ubuntu-22.04 + strategy: + fail-fast: false + matrix: + # We run tests on k3s version of latest SCALE release, SCALE nightly and manually defined "latest" + k3s-version: + - v1.25.3+k3s1 + # We run tests on Helm version of latest SCALE release, SCALE nightly and manually defined "latest" + helm-version: + - v3.9.4 + - v3.11.1 + + steps: + - name: Checkout + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + with: + # Depth 0 is required for chart-testing to work properly + fetch-depth: 0 + + - name: Install Helm + uses: azure/setup-helm@f382f75448129b3be48f8121b9857be18d815a82 # tag=v3 + with: + version: ${{ matrix.helm-version }} + + - uses: actions/setup-python@2c3dd9e7e29afd70cc0950079bde6c979d1f69f9 # tag=v4 + with: + python-version: "3.10" + + - name: Set up chart-testing + uses: helm/chart-testing-action@afea100a513515fbd68b0e72a7bb0ae34cb62aec # tag=v2.3.1 + + - name: Create k3d cluster - Attempt 1/3 + continue-on-error: true + id: createc1 + uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + version: ${{ matrix.k3s-version }} + # Flags found here https://github.com/k3d-io/k3d + k3d-args: --k3s-arg --disable=metrics-server@server:* + + - name: Wait 10 second to retry + if: steps.createc1.outcome=='failure' + run: | + sleep 10 + - name: Create k3d cluster - Attempt 2/3 + continue-on-error: true + if: steps.createc1.outcome=='failure' + id: createc2 + uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + version: ${{ matrix.k3s-version }} + # Flags found here https://github.com/k3d-io/k3d + k3d-args: --k3s-arg --disable=metrics-server@server:* + + - name: Wait 10 second to retry + if: steps.createc2.outcome=='failure' + run: | + sleep 10 + - name: Create k3d cluster - Attempt 3/3 + id: createc3 + if: steps.createc2.outcome=='failure' + uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + version: ${{ matrix.k3s-version }} + # Flags found here https://github.com/k3d-io/k3d + k3d-args: --k3s-arg --disable=metrics-server@server:* + + - name: Run chart-testing (install) + run: | + ct install --config .github/ct-install-config/charts-ct-install.yaml diff --git a/.github/workflows/common_library_tests.yaml b/.github/workflows/common_library_tests.yaml index fb403e9dee..c05ad4f149 100644 --- a/.github/workflows/common_library_tests.yaml +++ b/.github/workflows/common_library_tests.yaml @@ -3,7 +3,10 @@ name: Common Library Tests on: pull_request: paths: - - library/** + - library/common/ + - library/common-test/ + - .github/ct-install-config/common*.yaml + - '!.github/ct-install-config/charts*' - .github/workflows/common_library_tests.yaml jobs: @@ -21,7 +24,8 @@ jobs: - name: Checkout uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 with: - fetch-depth: 1 + # Depth 0 is required for chart-testing to work properly + fetch-depth: 0 - name: Install Helm uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # tag=v3 @@ -38,10 +42,7 @@ jobs: - name: Run chart-testing (lint) id: lint run: | - ct lint --config .github/ct-install-config/ct-lint.yaml \ - --lint-conf .github/ct-install-config/lint-conf.yaml \ - --charts library/common-test \ - --debug + ct lint --config .github/ct-install-config/common-ct-lint.yaml unittest: needs: @@ -61,7 +62,8 @@ jobs: - name: Checkout uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 with: - fetch-depth: 1 + # Depth 0 is required for chart-testing to work properly + fetch-depth: 0 - name: Install Helm uses: azure/setup-helm@f382f75448129b3be48f8121b9857be18d815a82 # tag=v3 @@ -111,7 +113,8 @@ jobs: - name: Checkout uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 with: - fetch-depth: 1 + # Depth 0 is required for chart-testing to work properly + fetch-depth: 0 - name: Install Helm uses: azure/setup-helm@f382f75448129b3be48f8121b9857be18d815a82 # tag=v3 @@ -164,33 +167,14 @@ jobs: # Flags found here https://github.com/k3d-io/k3d k3d-args: --k3s-arg --disable=metrics-server@server:* - # Install Kail to grab logs from tests, as there are cases ct-install fail to output logs - - name: Install Kail - run: | - export KAIL_VERSION=v0.16.1 - wget https://github.com/boz/kail/releases/download/${KAIL_VERSION}/kail_${KAIL_VERSION}_linux_amd64.tar.gz - tar -xvzf kail_${KAIL_VERSION}_linux_amd64.tar.gz - chmod +x kail - - name: Run chart-testing (install) run: | + # This is done to improve speed of the tests, so we can run tests in parallel # Move all ci values on a temp location (or skip if already moved from another matrix job) mv library/common-test/ci library/common-test/runtests || echo "Nothing to move" # Move one values.yaml to the correct location to run the test mv -f library/common-test/runtests/${{ matrix.values }} library/common-test/values.yaml - # Stat kail on the background to grab logs from tests - ./kail --ignore-ns kube-system >> /tmp/output.log & - # Actually run the test - ct install --config .github/ct-install-config/ct-install.yaml \ - --charts library/common-test \ - --debug || (echo -e "\n\n--===PODLOGS===--\n\n" && \ - cat /tmp/output.log && \ - rm -f /tmp/output.log && exit 1) - - kill $! - echo -e "\n\n--===PODLOGS===--\n\n" - cat /tmp/output.log - rm -f /tmp/output.log + ct install --config .github/ct-install-config/common-ct-install.yaml diff --git a/create_app.sh b/create_app.sh new file mode 100755 index 0000000000..67e42f4d53 --- /dev/null +++ b/create_app.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +VERSION="v4.31.1" +BINARY="yq_linux_amd64" +YQ_PATH="/tmp/yq" +BASE_PATH="library/ix-dev" + +if [[ ! -f "$YQ_PATH" ]]; then + wget "https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}" -O "$YQ_PATH" && \ + chmod +x "$YQ_PATH" +fi + +function check_args(){ + local arg=$1 + if [[ -z "$arg" ]]; then + echo "Error: $2 not specified" + exit 1 + fi +} + +function copy_app() { + local train=$1 + local app=$2 + + # Check arguments have values + check_args "$train" + check_args "$app" + + # Grab version from Chart.yaml + version=$("$YQ_PATH" '.version' "$BASE_PATH/$train/$app/Chart.yaml") + check_args "$version" + + # Make sure directories exist + mkdir -p "$train/$app/$version" + + helm dependency update "$BASE_PATH/$train/$app" + # Copy files over + rsync --archive --delete "$BASE_PATH/$train/$app/" "$train/$app/$version" + # Rename values.yaml to ix_values.yaml + mv "$train/$app/$version/values.yaml" "$train/$app/$version/ix_values.yaml" + + # Remove CI directory from the versioned app + rm -r "$train/$app/$version/ci" + + # Grab icon and categories from Chart.yaml + icon=$("$YQ_PATH" '.icon' "$BASE_PATH/$train/$app/Chart.yaml") + check_args "$icon" + categories=$("$YQ_PATH" '.keywords' "$BASE_PATH/$train/$app/Chart.yaml") + check_args "$categories" + + # Create item.yaml + echo "" > "$train/$app/item.yaml" + ICON="$icon" "$YQ_PATH" '.icon_url = env(ICON)' --inplace "$train/$app/item.yaml" + CATEGORIES="$categories" "$YQ_PATH" '.categories = env(CATEGORIES)' --inplace "$train/$app/item.yaml" + +} + +# TODO: Call this function for each changed app +copy_app "$1" "$2" diff --git a/library/common-test/Chart.yaml b/library/common-test/Chart.yaml index d8cf6a8a58..f8bea64689 100644 --- a/library/common-test/Chart.yaml +++ b/library/common-test/Chart.yaml @@ -1,5 +1,6 @@ name: common-test -title: Common Library Chart Testing +annotations: + title: Common Library Chart Testing version: 1.0.0 apiVersion: v2 appVersion: v1.0.0 @@ -10,7 +11,7 @@ type: application icon: https://localhost/icon dependencies: - name: common - repository: file://../common/1.0.0 + repository: file://../common version: ~1.0.0 maintainers: - name: truenas diff --git a/library/common-test/ci/cron-values.yaml b/library/common-test/ci/cron-values.yaml index 19f80d5048..51ee4c6165 100644 --- a/library/common-test/ci/cron-values.yaml +++ b/library/common-test/ci/cron-values.yaml @@ -20,6 +20,7 @@ workload: primary: true type: CronJob schedule: "*/1 * * * *" + ttlSecondsAfterFinished: 0 podSpec: restartPolicy: OnFailure containers: diff --git a/library/common-test/ci/job-values.yaml b/library/common-test/ci/job-values.yaml index 4e56a52bd9..2e83839af9 100644 --- a/library/common-test/ci/job-values.yaml +++ b/library/common-test/ci/job-values.yaml @@ -19,6 +19,7 @@ workload: enabled: true primary: true type: Job + ttlSecondsAfterFinished: 0 podSpec: restartPolicy: Never containers: diff --git a/library/common-test/tests/container/envFixed_test .yaml b/library/common-test/tests/container/envFixed_test.yaml similarity index 86% rename from library/common-test/tests/container/envFixed_test .yaml rename to library/common-test/tests/container/envFixed_test.yaml index 438a095c56..fd0f7a0047 100644 --- a/library/common-test/tests/container/envFixed_test .yaml +++ b/library/common-test/tests/container/envFixed_test.yaml @@ -221,7 +221,7 @@ tests: - container-name1 image: *image TZ: Europe/London - containerOptions: + resources: NVIDIA_CAPS: - compute - video @@ -260,7 +260,7 @@ tests: - name: S6_READ_ONLY_ROOT value: "1" - - it: should create the correct fixed envs with GPU and overrided on container level + - it: should create the correct fixed envs with GPU and overridden on container level set: scaleGPU: - gpu: @@ -270,7 +270,7 @@ tests: - container-name1 image: *image TZ: Europe/London - containerOptions: + resources: NVIDIA_CAPS: - compute - video @@ -312,6 +312,60 @@ tests: - name: S6_READ_ONLY_ROOT value: "1" + - it: should create the correct fixed envs with PUID set to 0 on container level + set: + image: *image + workload: + workload-name: + enabled: true + primary: true + type: Deployment + podSpec: + containers: + container-name1: + enabled: true + primary: true + imageSelector: image + probes: *probes + fixedEnv: + PUID: 0 + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + asserts: + - documentIndex: &deploymentDoc 0 + isKind: + of: Deployment + - documentIndex: *deploymentDoc + isAPIVersion: + of: apps/v1 + - documentIndex: *deploymentDoc + isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: PUID + value: "0" + - name: USER_ID + value: "0" + - name: UID + value: "0" + - name: PGID + value: "568" + - name: GROUP_ID + value: "568" + - name: GID + value: "568" + - name: S6_READ_ONLY_ROOT + value: "1" + # Failures - it: it should fail with NVIDIA_CAPS having invalid values set: diff --git a/library/common-test/tests/container/image_test.yaml b/library/common-test/tests/container/image_test.yaml index 248b013751..365663766d 100644 --- a/library/common-test/tests/container/image_test.yaml +++ b/library/common-test/tests/container/image_test.yaml @@ -7,11 +7,11 @@ tests: imageDictToUse: image image: &image repository: nginx - tag: 1.19.0 + tag: "1.19.0" pullPolicy: IfNotPresent imageGPU: repository: some-gpu-image - tag: 5.20.0 + tag: "5.20" pullPolicy: Always workload: workload-name: @@ -53,7 +53,7 @@ tests: isSubset: path: spec.template.spec.containers[1] content: - image: some-gpu-image:5.20.0 + image: some-gpu-image:5.20 imagePullPolicy: Always # Failures @@ -121,7 +121,7 @@ tests: set: image: repository: nginx - tag: 1.19.0 + tag: "1.19.0" pullPolicy: invalid workload: workload-name: @@ -136,4 +136,25 @@ tests: imageSelector: image asserts: - failedTemplate: - errorMessage: Container - Expected <.Values.image.pullPolicy> to be one of [IfNotPresent, Always, Never], but got [invalid] + errorMessage: Container - Expected <.Values.image.pullPolicy> to be one of [IfNotPresent, Always, Never], but got [invalid] + + - it: should fail with tag not string on selected image + set: + image: + repository: nginx + tag: 1.19 + pullPolicy: invalid + workload: + workload-name: + enabled: true + primary: true + type: Deployment + podSpec: + containers: + container-name1: + enabled: true + primary: true + imageSelector: image + asserts: + - failedTemplate: + errorMessage: Container - Expected <.Values.image.tag> to be string, but got [float64] diff --git a/library/common-test/tests/container/resources_test.yaml b/library/common-test/tests/container/resources_test.yaml index a4fc2104d0..6dbb6349c9 100644 --- a/library/common-test/tests/container/resources_test.yaml +++ b/library/common-test/tests/container/resources_test.yaml @@ -632,9 +632,8 @@ tests: - it: should fail with empty requests set: image: *image - containerOptions: - resources: - requests: + resources: + requests: workload: workload-name1: enabled: true @@ -654,10 +653,9 @@ tests: - it: should fail with empty requests.cpu set: image: *image - containerOptions: - resources: - requests: - cpu: "" + resources: + requests: + cpu: "" workload: workload-name1: enabled: true @@ -677,11 +675,10 @@ tests: - it: should fail with empty requests.memory set: image: *image - containerOptions: - resources: - requests: - cpu: 10m - memory: "" + resources: + requests: + cpu: 10m + memory: "" workload: workload-name1: enabled: true @@ -701,11 +698,10 @@ tests: - it: should fail with invalid format in requests.cpu set: image: *image - containerOptions: - resources: - requests: - cpu: 10MB - memory: 50Mi + resources: + requests: + cpu: 10MB + memory: 50Mi workload: workload-name1: enabled: true @@ -725,14 +721,13 @@ tests: - it: should fail with invalid format in limits.cpu set: image: *image - containerOptions: - resources: - requests: - cpu: 10m - memory: 50Mi - limits: - cpu: 10MB - memory: 8Gi + resources: + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 10MB + memory: 8Gi workload: workload-name1: enabled: true @@ -752,14 +747,13 @@ tests: - it: should fail with invalid format in requests.memory set: image: *image - containerOptions: - resources: - requests: - cpu: 10m - memory: 50MB - limits: - cpu: 4000m - memory: 8Gi + resources: + requests: + cpu: 10m + memory: 50MB + limits: + cpu: 4000m + memory: 8Gi workload: workload-name1: enabled: true @@ -779,14 +773,13 @@ tests: - it: should fail with invalid format in limits.memory set: image: *image - containerOptions: - resources: - requests: - cpu: 10m - memory: 50Mi - limits: - cpu: 4000m - memory: 8GB + resources: + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 4000m + memory: 8GB workload: workload-name1: enabled: true diff --git a/library/common-test/tests/container/volumeMounts_test.yaml b/library/common-test/tests/container/volumeMounts_test.yaml index bb26c8995a..e72fcefcc7 100644 --- a/library/common-test/tests/container/volumeMounts_test.yaml +++ b/library/common-test/tests/container/volumeMounts_test.yaml @@ -37,6 +37,7 @@ tests: primary: false type: Job podSpec: + restartPolicy: Never containers: container-name1: enabled: true @@ -121,6 +122,7 @@ tests: primary: false type: Job podSpec: + restartPolicy: Never containers: container-name1: enabled: true @@ -193,6 +195,7 @@ tests: primary: false type: Job podSpec: + restartPolicy: Never containers: container-name1: enabled: true @@ -274,6 +277,7 @@ tests: primary: false type: Job podSpec: + restartPolicy: Never containers: container-name1: enabled: true @@ -354,6 +358,7 @@ tests: primary: false type: Job podSpec: + restartPolicy: Never containers: container-name1: enabled: true diff --git a/library/common-test/tests/cronjob/metadata_test.yaml b/library/common-test/tests/cronjob/metadata_test.yaml index e707913f46..0cf3623d61 100644 --- a/library/common-test/tests/cronjob/metadata_test.yaml +++ b/library/common-test/tests/cronjob/metadata_test.yaml @@ -30,6 +30,7 @@ tests: annotation1: "{{ .Values.annotation1 }}" annotation2: annotation2 podSpec: + restartPolicy: Never labels: pod-label1: pod-label1 pod-label2: "{{ .Values.label2 }}" diff --git a/library/common-test/tests/cronjob/spec_test.yaml b/library/common-test/tests/cronjob/spec_test.yaml index 6f75456779..6109554664 100644 --- a/library/common-test/tests/cronjob/spec_test.yaml +++ b/library/common-test/tests/cronjob/spec_test.yaml @@ -10,7 +10,8 @@ tests: primary: true type: CronJob schedule: "* * * * *" - podSpec: {} + podSpec: + restartPolicy: Never asserts: - documentIndex: &cronJobDoc 0 isKind: @@ -59,7 +60,8 @@ tests: parallelism: 5 ttlSecondsAfterFinished: 100 activeDeadlineSeconds: 100 - podSpec: {} + podSpec: + restartPolicy: Never asserts: - documentIndex: *cronJobDoc isSubset: diff --git a/library/common-test/tests/cronjob/validation_test.yaml b/library/common-test/tests/cronjob/validation_test.yaml index 77c1771fb0..d4ced44920 100644 --- a/library/common-test/tests/cronjob/validation_test.yaml +++ b/library/common-test/tests/cronjob/validation_test.yaml @@ -28,6 +28,20 @@ tests: - failedTemplate: errorMessage: CronJob - Expected non-empty + - it: should fail with restartPolicy set to Always + set: + workload: + workload-name: + enabled: true + primary: true + type: CronJob + schedule: "* * * * *" + restartPolicy: Always + podSpec: {} + asserts: + - failedTemplate: + errorMessage: Expected to be one of [Indexed, NonIndexed], but got [not-a-mode] - - - it: should fail with completionMode to Indexed and no completions + - it: should fail with invalid completionMode set: workload: workload-name: enabled: true primary: true type: Job - completionMode: Indexed - completions: + completionMode: not-a-mode podSpec: {} asserts: - failedTemplate: - errorMessage: Job - Expected to be set when is set to [Indexed] + errorMessage: Job - Expected to be one of [Indexed, NonIndexed], but got [not-a-mode] + + - it: should fail with restartPolicy set to Always + set: + workload: + workload-name: + enabled: true + primary: true + type: Job + restartPolicy: Always + podSpec: {} + asserts: + - failedTemplate: + errorMessage: Expected in values on type - - it: should fail with empty ixVolumes + - it: should fail with wrong ixVolumes set: workload: some-workload: @@ -105,8 +144,8 @@ tests: type: Deployment podSpec: {} ixVolumes: - - /mnt/pool/ix-applications/ix-wrong-app - - /mnt/pool/ix-applications/ix-other-app + - hostPath: /mnt/pool/ix-applications/ix-wrong-app + - hostPath: /mnt/pool/ix-applications/ix-other-app persistence: volume1: enabled: true @@ -114,7 +153,7 @@ tests: datasetName: ix-app asserts: - failedTemplate: - errorMessage: Persistence - Expected [ix-app] to exist on list, but list contained [/mnt/pool/ix-applications/ix-wrong-app, /mnt/pool/ix-applications/ix-other-app] on type + errorMessage: Persistence - Expected [ix-app] to exist on list, but list contained [ix-wrong-app, ix-other-app] on type - it: should fail with invalid hostPathType set: @@ -125,7 +164,7 @@ tests: type: Deployment podSpec: {} ixVolumes: - - /mnt/pool/ix-applications/ix-app + - hostPath: /mnt/pool/ix-applications/ix-app persistence: volume1: enabled: true diff --git a/library/common-test/tests/service/metadata_test.yaml b/library/common-test/tests/service/metadata_test.yaml index 0854c5fc1b..365620f3d0 100644 --- a/library/common-test/tests/service/metadata_test.yaml +++ b/library/common-test/tests/service/metadata_test.yaml @@ -70,7 +70,7 @@ tests: app.kubernetes.io/version: *appVer app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: common-test - service.name: release-name-common-test + service.name: my-service1 g_label1: global_label1 g_label2: global_label2 label1: label1 @@ -82,7 +82,7 @@ tests: equal: path: metadata.labels value: - service.name: release-name-common-test-my-service2 + service.name: my-service2 app: common-test-1.0.0 app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm diff --git a/library/common-test/tests/service/node_port_test.yaml b/library/common-test/tests/service/node_port_test.yaml index a0377ac7ae..6ddcd309f6 100644 --- a/library/common-test/tests/service/node_port_test.yaml +++ b/library/common-test/tests/service/node_port_test.yaml @@ -49,6 +49,56 @@ tests: app.kubernetes.io/name: common-test pod.name: my-workload + - it: should pass with type NodePort and hostnetwork enabled + set: + service: + my-service: + enabled: true + primary: true + type: NodePort + ports: + port-name: + enabled: true + primary: true + port: 12345 + nodePort: 30000 + workload: + my-workload: + enabled: true + primary: true + type: Deployment + podSpec: + hostNetwork: true + asserts: + - documentIndex: &serviceDoc 1 + isKind: + of: Service + - documentIndex: *serviceDoc + isAPIVersion: + of: v1 + - documentIndex: *serviceDoc + equal: + path: metadata.name + value: release-name-common-test + - documentIndex: *serviceDoc + equal: + path: spec + value: + type: ClusterIP + publishNotReadyAddresses: false + ports: + - name: port-name + port: 12345 + protocol: TCP + targetPort: 12345 + selector: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: common-test + pod.name: my-workload + - documentIndex: *serviceDoc + isNull: + path: spec.ports[0].nodePort + - it: should pass with type NodePort and available options set set: some_ip: 172.16.20.35 diff --git a/library/common-test/tests/workload/names_test.yaml b/library/common-test/tests/workload/names_test.yaml index 34eb780350..1565a2d21d 100644 --- a/library/common-test/tests/workload/names_test.yaml +++ b/library/common-test/tests/workload/names_test.yaml @@ -15,12 +15,14 @@ tests: primary: false type: CronJob schedule: "*/1 * * * *" - podSpec: {} + podSpec: + restartPolicy: Never job-workload-name: enabled: true primary: false type: Job - podSpec: {} + podSpec: + restartPolicy: Never asserts: - documentIndex: &cronJobDoc 0 isKind: diff --git a/library/common/1.0.0/Chart.yaml b/library/common/Chart.yaml similarity index 81% rename from library/common/1.0.0/Chart.yaml rename to library/common/Chart.yaml index 591a2254bb..6193e575b8 100644 --- a/library/common/1.0.0/Chart.yaml +++ b/library/common/Chart.yaml @@ -1,10 +1,11 @@ apiVersion: v2 -title: Common Library Chart name: common description: A library chart for iX Official Catalog type: library version: 1.0.0 appVersion: v1 +annotations: + title: Common Library Chart maintainers: - name: truenas url: https://www.truenas.com/ diff --git a/library/common/1.0.0/README.md b/library/common/README.md similarity index 100% rename from library/common/1.0.0/README.md rename to library/common/README.md diff --git a/library/common/1.0.0/docs/README.md b/library/common/docs/README.md similarity index 67% rename from library/common/1.0.0/docs/README.md rename to library/common/docs/README.md index 6b09e5d49d..0b8a0da87f 100644 --- a/library/common/1.0.0/docs/README.md +++ b/library/common/docs/README.md @@ -95,31 +95,28 @@ All of the below values are applied on all pods/containers, but can be overridde This is so, you can have a single point to define the values from the scale UI, but still have the ability to override them on the pod/container level, in case you need to. -| Key | Type | Required | Helm Template | Default | Description | -| :------------------------------------------------- | :-------: | :------: | :-----------: | :-------: | :--------------------------------------------------------------------- | -| .Values.TZ | `string` | ✅ | ❌ | See below | Timezone that is used everywhere applicable | -| .Values.PUID | `int` | ✅ | ❌ | See below | PUID (Only applied when running as root) | -| .Values.UMASK | `string` | ✅ | ❌ | See below | UMASK | -| .Values.NVIDIA_CAPS | `list` | ✅ | ❌ | See below | NVIDIA_CAPS (Only applied when scaleGPU is passed) | -| .Values.containerOptions | `dict` | ✅ | ❌ | See below | Options that apply to all containers | -| .Values.containerOptions.resources | `dict` | ✅ | ❌ | See below | Resources | -| .Values.containerOptions.resources.limits | `dict` | ✅ | ❌ | See below | Resources | -| .Values.containerOptions.resources.limits.cpu | `string` | ✅ | ❌ | See below | Resources | -| .Values.containerOptions.resources.limits.memory | `string` | ✅ | ❌ | See below | Resources | -| .Values.containerOptions.resources.requests | `dict` | ✅ | ❌ | See below | Resources | -| .Values.containerOptions.resources.requests.cpu | `string` | ✅ | ❌ | See below | Resources | -| .Values.containerOptions.resources.requests.memory | `string` | ✅ | ❌ | See below | Resources | -| .Values.podOptions | `dict` | ✅ | ❌ | See below | Options that apply to all pods | -| .Values.podOptions.enableServiceLinks | `boolean` | ✅ | ❌ | See below | enableServiceLinks | -| .Values.podOptions.hostNetwork | `boolean` | ✅ | ❌ | See below | hostNetwork | -| .Values.podOptions.restartPolicy | `string` | ✅ | ❌ | See below | restartPolicy | -| .Values.podOptions.dnsPolicy | `string` | ✅ | ❌ | See below | dnsPolicy | -| .Values.podOptions.dnsConfig | `list` | ✅ | ❌ | See below | dnsConfig | -| .Values.podOptions.hostAliases | `list` | ✅ | ❌ | See below | hostAliases | -| .Values.podOptions.tolerations | `list` | ✅ | ❌ | See below | tolerations | -| .Values.podOptions.runtimeClassName | `string` | ✅ | ❌ | See below | runtimeClassName (value in ixChartContext will always take precedence) | -| .Values.podOptions.automountServiceAccountToken | `boolean` | ✅ | ❌ | See below | automountServiceAccountToken | -| .Values.podOptions.terminationGracePeriodSeconds | `int` | ✅ | ❌ | See below | terminationGracePeriodSeconds | +| Key | Type | Required | Helm Template | Default | Description | +| :----------------------------------------------- | :-------: | :------: | :-----------: | :-------: | :--------------------------------------------------------------------- | +| .Values.TZ | `string` | ✅ | ❌ | See below | Timezone that is used everywhere applicable | +| .Values.resources | `dict` | ✅ | ❌ | See below | Resources | +| .Values.resources.limits | `dict` | ✅ | ❌ | See below | Resources | +| .Values.resources.limits.cpu | `string` | ✅ | ❌ | See below | Resources | +| .Values.resources.limits.memory | `string` | ✅ | ❌ | See below | Resources | +| .Values.resources.requests | `dict` | ✅ | ❌ | See below | Resources | +| .Values.resources.requests.cpu | `string` | ✅ | ❌ | See below | Resources | +| .Values.resources.requests.memory | `string` | ✅ | ❌ | See below | Resources | +| .Values.resources.NVIDIA_CAPS | `list` | ✅ | ❌ | See below | NVIDIA_CAPS (Only applied when scaleGPU is passed) | +| .Values.podOptions | `dict` | ✅ | ❌ | See below | Options that apply to all pods | +| .Values.podOptions.enableServiceLinks | `boolean` | ✅ | ❌ | See below | enableServiceLinks | +| .Values.podOptions.hostNetwork | `boolean` | ✅ | ❌ | See below | hostNetwork | +| .Values.podOptions.restartPolicy | `string` | ✅ | ❌ | See below | restartPolicy | +| .Values.podOptions.dnsPolicy | `string` | ✅ | ❌ | See below | dnsPolicy | +| .Values.podOptions.dnsConfig | `list` | ✅ | ❌ | See below | dnsConfig | +| .Values.podOptions.hostAliases | `list` | ✅ | ❌ | See below | hostAliases | +| .Values.podOptions.tolerations | `list` | ✅ | ❌ | See below | tolerations | +| .Values.podOptions.runtimeClassName | `string` | ✅ | ❌ | See below | runtimeClassName (value in ixChartContext will always take precedence) | +| .Values.podOptions.automountServiceAccountToken | `boolean` | ✅ | ❌ | See below | automountServiceAccountToken | +| .Values.podOptions.terminationGracePeriodSeconds | `int` | ✅ | ❌ | See below | terminationGracePeriodSeconds | @@ -129,18 +126,15 @@ Defaults: ```yaml TZ: UTC -PUID: 568 -UMASK: "002" -NVIDIA_CAPS: - - all -containerOptions: - resources: - limits: - cpu: 4000m - memory: 8Gi - requests: - cpu: 10m - memory: 50Mi +resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi + NVIDIA_CAPS: + - all podOptions: enableServiceLinks: false hostNetwork: false @@ -165,27 +159,29 @@ All of the below values are applied on all pods/containers, but can be overridde This is so, you can have a single point to define the values from the scale UI, but still have the ability to override them on the pod/container level, in case you need to. -| Key | Type | Required | Helm Template | Default | Description | -| :--------------------------------------------------------- | :-------: | :------: | :-----------: | :-------: | :------------------------------ | -| .Values.securityContext | `dict` | ✅ | ❌ | See below | Security Context | -| .Values.securityContext.container | `dict` | ✅ | ❌ | See below | Security Context for containers | -| .Values.securityContext.container.runAsNonRoot | `boolean` | ✅ | ❌ | See below | | -| .Values.securityContext.container.runAsUser | `int` | ✅ | ❌ | See below | | -| .Values.securityContext.container.runAsGroup | `int` | ✅ | ❌ | See below | | -| .Values.securityContext.container.readOnlyRootFilesystem | `boolean` | ✅ | ❌ | See below | | -| .Values.securityContext.container.allowPrivilegeEscalation | `boolean` | ✅ | ❌ | See below | | -| .Values.securityContext.container.privileged | `boolean` | ✅ | ❌ | See below | | -| .Values.securityContext.container.seccompProfile | `dict` | ✅ | ❌ | See below | | -| .Values.securityContext.container.seccompProfile.type | `string` | ✅ | ❌ | See below | | -| .Values.securityContext.container.seccompProfile.profile | `string` | ✅ | ❌ | See below | | -| .Values.securityContext.container.capabilities | `dict` | ✅ | ❌ | See below | | -| .Values.securityContext.container.capabilities.add | `list` | ✅ | ❌ | See below | | -| .Values.securityContext.container.capabilities.drop | `list` | ✅ | ❌ | See below | | -| .Values.securityContext.pod | `dict` | ✅ | ❌ | See below | Security Context for pods | -| .Values.securityContext.pod.fsGroup | `int` | ✅ | ❌ | See below | | -| .Values.securityContext.pod.fsGroupChangePolicy | `string` | ✅ | ❌ | See below | | -| .Values.securityContext.pod.supplementalGroup | `list` | ✅ | ❌ | See below | | -| .Values.securityContext.pod.sysctls | `list` | ✅ | ❌ | See below | | +| Key | Type | Required | Helm Template | Default | Description | +| :--------------------------------------------------------- | :-------: | :------: | :-----------: | :-------: | :--------------------------------------- | +| .Values.securityContext | `dict` | ✅ | ❌ | See below | Security Context | +| .Values.securityContext.container | `dict` | ✅ | ❌ | See below | Security Context for containers | +| .Values.securityContext.container.PUID | `int` | ✅ | ❌ | See below | PUID (Only applied when running as root) | +| .Values.securityContext.container.UMASK | `string` | ✅ | ❌ | See below | UMASK | +| .Values.securityContext.container.runAsNonRoot | `boolean` | ✅ | ❌ | See below | | +| .Values.securityContext.container.runAsUser | `int` | ✅ | ❌ | See below | | +| .Values.securityContext.container.runAsGroup | `int` | ✅ | ❌ | See below | | +| .Values.securityContext.container.readOnlyRootFilesystem | `boolean` | ✅ | ❌ | See below | | +| .Values.securityContext.container.allowPrivilegeEscalation | `boolean` | ✅ | ❌ | See below | | +| .Values.securityContext.container.privileged | `boolean` | ✅ | ❌ | See below | | +| .Values.securityContext.container.seccompProfile | `dict` | ✅ | ❌ | See below | | +| .Values.securityContext.container.seccompProfile.type | `string` | ✅ | ❌ | See below | | +| .Values.securityContext.container.seccompProfile.profile | `string` | ✅ | ❌ | See below | | +| .Values.securityContext.container.capabilities | `dict` | ✅ | ❌ | See below | | +| .Values.securityContext.container.capabilities.add | `list` | ✅ | ❌ | See below | | +| .Values.securityContext.container.capabilities.drop | `list` | ✅ | ❌ | See below | | +| .Values.securityContext.pod | `dict` | ✅ | ❌ | See below | Security Context for pods | +| .Values.securityContext.pod.fsGroup | `int` | ✅ | ❌ | See below | | +| .Values.securityContext.pod.fsGroupChangePolicy | `string` | ✅ | ❌ | See below | | +| .Values.securityContext.pod.supplementalGroup | `list` | ✅ | ❌ | See below | | +| .Values.securityContext.pod.sysctls | `list` | ✅ | ❌ | See below | | @@ -196,6 +192,8 @@ securityContext: # -- Container security context for all containers # Can be overruled per container container: + PUID: 568 + UMASK: "002" runAsNonRoot: true runAsUser: 568 runAsGroup: 568 @@ -244,15 +242,15 @@ image: You can define additional images using the following convention: ```yaml -imageWorker: +workerImage: repository: "" tag: "" pullPolicy: IfNotPresent ``` -There isn't anything special in the above format, it's just a convention. +There isn't anything special in the above format (`nameImage`), it's just a convention. It's also a format that some external tools can use for automatic image updates. -For example, `Renovate` +For example, [Renovate](https://docs.renovatebot.com/modules/manager/helm-values/#additional-information) --- diff --git a/library/common/1.0.0/docs/configmap.md b/library/common/docs/configmap.md similarity index 100% rename from library/common/1.0.0/docs/configmap.md rename to library/common/docs/configmap.md diff --git a/library/common/1.0.0/docs/container/README.md b/library/common/docs/container/README.md similarity index 66% rename from library/common/1.0.0/docs/container/README.md rename to library/common/docs/container/README.md index c8fed28d51..187a824101 100644 --- a/library/common/1.0.0/docs/container/README.md +++ b/library/common/docs/container/README.md @@ -2,13 +2,14 @@ Assume every key below has a prefix of `workload.[workload-name].podSpec`. -| Key | Type | Required | Helm Template | Default | Description | -| :---------------------------------- | :-------: | :------: | :-----------: | :-----: | :-------------------------------- | -| containers.[container-name] | `dict` | ✅ | ❌ | `{}` | Define the container as dict | -| containers.[container-name].enabled | `boolean` | ✅ | ❌ | `false` | Enables or Disables the container | -| containers.[container-name].primary | `boolean` | ✅ | ❌ | `false` | Sets the container as primary | -| containers.[container-name].stdin | `boolean` | ❌ | ❌ | `false` | whether to enable stdin or not | -| containers.[container-name].tty | `boolean` | ❌ | ❌ | `false` | whether to enable tty or not | +| Key | Type | Required | Helm Template | Default | Description | +| :---------------------------------------- | :-------: | :------: | :-----------: | :-----: | :-------------------------------- | +| containers.[container-name] | `dict` | ✅ | ❌ | `{}` | Define the container as dict | +| containers.[container-name].enabled | `boolean` | ✅ | ❌ | `false` | Enables or Disables the container | +| containers.[container-name].imageSelector | `string` | ✅ | ✅ | `image` | Defines the image dict to use | +| containers.[container-name].primary | `boolean` | ✅ | ❌ | `false` | Sets the container as primary | +| containers.[container-name].stdin | `boolean` | ❌ | ❌ | `false` | whether to enable stdin or not | +| containers.[container-name].tty | `boolean` | ❌ | ❌ | `false` | whether to enable tty or not | --- @@ -53,6 +54,7 @@ workload: container-name: enabled: true primary: true + imageSelector: image stdin: true tty: true ``` @@ -62,7 +64,7 @@ workload: | Key | Type | Required | Helm Template | Default | Description | | :-------------------------------------- | :-------: | :------: | :-----------: | :-----: | :----------------------------------------------------- | | initContainers.[container-name] | `dict` | ✅ | ❌ | `{}` | Define the initContainer as dict | -| initContainers.[container-name].enabled | `boolean` | ✅ | ✅ | `false` | Enables or Disables the initContainer | +| initContainers.[container-name].enabled | `boolean` | ✅ | ✅ | `false` | Enables or Disables the initContainer | | initContainers.[container-name].type | `string` | ✅ | ✅ | `{}` | Define the type initContainer (init, install, upgrade) | > Supports all keys from [container](container.md) diff --git a/library/common/1.0.0/docs/container/args.md b/library/common/docs/container/args.md similarity index 100% rename from library/common/1.0.0/docs/container/args.md rename to library/common/docs/container/args.md diff --git a/library/common/1.0.0/docs/container/command.md b/library/common/docs/container/command.md similarity index 100% rename from library/common/1.0.0/docs/container/command.md rename to library/common/docs/container/command.md diff --git a/library/common/1.0.0/docs/container/env.md b/library/common/docs/container/env.md similarity index 100% rename from library/common/1.0.0/docs/container/env.md rename to library/common/docs/container/env.md diff --git a/library/common/1.0.0/docs/container/envFrom.md b/library/common/docs/container/envFrom.md similarity index 100% rename from library/common/1.0.0/docs/container/envFrom.md rename to library/common/docs/container/envFrom.md diff --git a/library/common/1.0.0/docs/container/envList.md b/library/common/docs/container/envList.md similarity index 100% rename from library/common/1.0.0/docs/container/envList.md rename to library/common/docs/container/envList.md diff --git a/library/common/1.0.0/docs/container/fixedEnv.md b/library/common/docs/container/fixedEnv.md similarity index 53% rename from library/common/1.0.0/docs/container/fixedEnv.md rename to library/common/docs/container/fixedEnv.md index 1294ffdca5..6236c502ad 100644 --- a/library/common/1.0.0/docs/container/fixedEnv.md +++ b/library/common/docs/container/fixedEnv.md @@ -2,13 +2,13 @@ Assume every key below has a prefix of `workload.[workload-name].podSpec.containers.[container-name]`. -| Key | Type | Required | Helm Template | Default | Description | -| :------------------- | :------: | :------: | :-----------: | :------------------------------------------: | :---------------------------------------------------------------------------- | -| fixedEnv | `dict` | ❌ | ❌ | `{}` | Override fixed Envs for the container | -| fixedEnv.TZ | `string` | ❌ | ❌ | `{{ .Values.TZ }}` | Override default TZ for the container | -| fixedEnv.UMASK | `string` | ❌ | ❌ | `{{ .Values.containerOptions.UMASK }}` | Override the default UMASK for the container (Applies to UMASK and UMASK_SET) | -| fixedEnv.PUID | `string` | ❌ | ❌ | `{{ .Values.containerOptions.PUID }}` | Override the default PUID for the container (Applies to PUID. USER_ID, UID) | -| fixedEnv.NVIDIA_CAPS | `list` | ❌ | ❌ | `{{ .Values.containerOptions.NVIDIA_CAPS }}` | Override the default NVIDIA_CAPS for the container, each entry is a string | +| Key | Type | Required | Helm Template | Default | Description | +| :------------------- | :------: | :------: | :-----------: | :---------------------------------------------: | :---------------------------------------------------------------------------- | +| fixedEnv | `dict` | ❌ | ❌ | `{}` | Override fixed Envs for the container | +| fixedEnv.TZ | `string` | ❌ | ❌ | `{{ .Values.TZ }}` | Override default TZ for the container | +| fixedEnv.UMASK | `string` | ❌ | ❌ | `{{ .Values.securityContext.container.UMASK }}` | Override the default UMASK for the container (Applies to UMASK and UMASK_SET) | +| fixedEnv.PUID | `string` | ❌ | ❌ | `{{ .Values.securityContext.container.PUID }}` | Override the default PUID for the container (Applies to PUID. USER_ID, UID) | +| fixedEnv.NVIDIA_CAPS | `list` | ❌ | ❌ | `{{ .Values.resources.NVIDIA_CAPS }}` | Override the default NVIDIA_CAPS for the container, each entry is a string | > Environment variables in `fixedEnv` will be scanned for duplicate keys > between other secrets/configmaps/env/envList and will throw an error if it finds any. @@ -20,14 +20,14 @@ Notes: By default it will set the following environment variables: - TZ: `{{ .Values.TZ }}` (or the value set in the container level under `fixedEnv`) -- UMASK: `{{ .Values.containerOptions.UMASK }}` (or the value set in the container level under `fixedEnv`) -- UMASK_SET: `{{ .Values.containerOptions.UMASK }}` (or the value set in the container level under `fixedEnv`) +- UMASK: `{{ .Values.securityContext.container.UMASK }}` (or the value set in the container level under `fixedEnv`) +- UMASK_SET: `{{ .Values.securityContext.container.UMASK }}` (or the value set in the container level under `fixedEnv`) - S6_READ_ONLY_ROOT: `1` (Only when `readOnlyRootFilesystem` or `runAsNonRoot` is `true`) -- PUID, USER_ID, UID: `{{ .Values.containerOptions.PUID }}` (or the value set in the container level under `fixedEnv`) +- PUID, USER_ID, UID: `{{ .Values.securityContext.container.PUID }}` (or the value set in the container level under `fixedEnv`) - Only when `runAsUser` or `runAsGroup` is `0` -- PGID, GROUP_ID, GID: To the `fsGroup` set for the pod (Either the default or the overrided value) +- PGID, GROUP_ID, GID: To the `fsGroup` set for the pod (Either the default or the overridden value) - Only when `runAsUser` or `runAsGroup` is `0` -- NVIDIA_DRIVER_CAPABILITIES: `{{ .Values.containerOptions.NVIDIA_CAPS }}` (or the value set in the container level under `fixedEnv`) +- NVIDIA_DRIVER_CAPABILITIES: `{{ .Values.resources.NVIDIA_CAPS }}` (or the value set in the container level under `fixedEnv`) - Only when `scaleGPU` is assigned to the container --- diff --git a/library/common/1.0.0/docs/container/lifecycle.md b/library/common/docs/container/lifecycle.md similarity index 100% rename from library/common/1.0.0/docs/container/lifecycle.md rename to library/common/docs/container/lifecycle.md diff --git a/library/common/1.0.0/docs/container/probes.md b/library/common/docs/container/probes.md similarity index 100% rename from library/common/1.0.0/docs/container/probes.md rename to library/common/docs/container/probes.md diff --git a/library/common/1.0.0/docs/container/resources.md b/library/common/docs/container/resources.md similarity index 69% rename from library/common/1.0.0/docs/container/resources.md rename to library/common/docs/container/resources.md index 87fb1ddbf0..7b5d82af2e 100644 --- a/library/common/1.0.0/docs/container/resources.md +++ b/library/common/docs/container/resources.md @@ -4,15 +4,15 @@ Assume every key below has a prefix of `workload.[workload-name].podSpec.contain | Key | Type | Required | Helm Template | Default | Description | | :------------------------ | :------: | :------: | :-----------: | :--------------------------------------------------------: | :------------------------------------------- | -| resources | `dict` | ✅ | ❌ | `{{ .Values.containerOptions.resources }}` | Define resources for the container | -| resources.requests | `dict` | ✅ | ❌ | `{{ .Values.containerOptions.resources.requests }}` | Define the requests for the container | -| resources.requests.cpu | `string` | ✅ | ❌ | `{{ .Values.containerOptions.resources.requests.cpu }}` | Define the requests.cpu for the container | -| resources.requests.memory | `string` | ✅ | ❌ | `{{ .Values.containerOptions.resources.requests.memory }}` | Define the requests.memory for the container | -| resources.limits | `dict` | ❌ | ❌ | `{{ .Values.containerOptions.resources.limits }}` | Define the limits for the container | -| resources.limits.cpu | `string` | ❌ | ❌ | `{{ .Values.containerOptions.resources.limits.cpu }}` | Define the limits.cpu for the container | -| resources.limits.memory | `string` | ❌ | ❌ | `{{ .Values.containerOptions.resources.limits.memory }}` | Define the limits.memory for the container | +| resources | `dict` | ✅ | ❌ | `{{ .Values.resources }}` | Define resources for the container | +| resources.requests | `dict` | ✅ | ❌ | `{{ .Values.resources.requests }}` | Define the requests for the container | +| resources.requests.cpu | `string` | ✅ | ❌ | `{{ .Values.resources.requests.cpu }}` | Define the requests.cpu for the container | +| resources.requests.memory | `string` | ✅ | ❌ | `{{ .Values.resources.requests.memory }}` | Define the requests.memory for the container | +| resources.limits | `dict` | ❌ | ❌ | `{{ .Values.resources.limits }}` | Define the limits for the container | +| resources.limits.cpu | `string` | ❌ | ❌ | `{{ .Values.resources.limits.cpu }}` | Define the limits.cpu for the container | +| resources.limits.memory | `string` | ❌ | ❌ | `{{ .Values.resources.limits.memory }}` | Define the limits.memory for the container | -> Each value that is not defined in the `resources` under the container level, it will get replaced with the value defined `.Values.containerOptions.resources`. +> Each value that is not defined in the `resources` under the container level, it will get replaced with the value defined `.Values.resources`. > `requests` is **required**, because without it, kubernetes uses the `limits` as the `requests`. Which can lead pods to be evicted when they reach their `limits` or not even scheduled. > `limits` is **optional**, can be set to "unlimited" by setting it's values (`cpu` and `memory`) to `0`. diff --git a/library/common/1.0.0/docs/container/securityContext.md b/library/common/docs/container/securityContext.md similarity index 97% rename from library/common/1.0.0/docs/container/securityContext.md rename to library/common/docs/container/securityContext.md index ded58166b8..4b0a9e452c 100644 --- a/library/common/1.0.0/docs/container/securityContext.md +++ b/library/common/docs/container/securityContext.md @@ -57,3 +57,10 @@ workload: drop: - ALL ``` + +--- + +Notes: + +When setting capabilities for containers, remember to **NOT** include `CAP_` prefix. +For example, `CAP_NET_ADMIN` should be `NET_ADMIN`. diff --git a/library/common/1.0.0/docs/container/termination.md b/library/common/docs/container/termination.md similarity index 100% rename from library/common/1.0.0/docs/container/termination.md rename to library/common/docs/container/termination.md diff --git a/library/common/1.0.0/docs/imagePullSecret.md b/library/common/docs/imagePullSecret.md similarity index 100% rename from library/common/1.0.0/docs/imagePullSecret.md rename to library/common/docs/imagePullSecret.md diff --git a/library/common/1.0.0/docs/notes.md b/library/common/docs/notes.md similarity index 100% rename from library/common/1.0.0/docs/notes.md rename to library/common/docs/notes.md diff --git a/library/common/1.0.0/docs/persistence/README.md b/library/common/docs/persistence/README.md similarity index 100% rename from library/common/1.0.0/docs/persistence/README.md rename to library/common/docs/persistence/README.md diff --git a/library/common/1.0.0/docs/persistence/configmap.md b/library/common/docs/persistence/configmap.md similarity index 100% rename from library/common/1.0.0/docs/persistence/configmap.md rename to library/common/docs/persistence/configmap.md diff --git a/library/common/1.0.0/docs/persistence/device.md b/library/common/docs/persistence/device.md similarity index 100% rename from library/common/1.0.0/docs/persistence/device.md rename to library/common/docs/persistence/device.md diff --git a/library/common/1.0.0/docs/persistence/emptyDir.md b/library/common/docs/persistence/emptyDir.md similarity index 100% rename from library/common/1.0.0/docs/persistence/emptyDir.md rename to library/common/docs/persistence/emptyDir.md diff --git a/library/common/1.0.0/docs/persistence/hostPath.md b/library/common/docs/persistence/hostPath.md similarity index 100% rename from library/common/1.0.0/docs/persistence/hostPath.md rename to library/common/docs/persistence/hostPath.md diff --git a/library/common/1.0.0/docs/persistence/ixVolume.md b/library/common/docs/persistence/ixVolume.md similarity index 100% rename from library/common/1.0.0/docs/persistence/ixVolume.md rename to library/common/docs/persistence/ixVolume.md diff --git a/library/common/1.0.0/docs/persistence/secret.md b/library/common/docs/persistence/secret.md similarity index 100% rename from library/common/1.0.0/docs/persistence/secret.md rename to library/common/docs/persistence/secret.md diff --git a/library/common/1.0.0/docs/rbac.md b/library/common/docs/rbac.md similarity index 100% rename from library/common/1.0.0/docs/rbac.md rename to library/common/docs/rbac.md diff --git a/library/common/1.0.0/docs/scaleCertificate.md b/library/common/docs/scaleCertificate.md similarity index 100% rename from library/common/1.0.0/docs/scaleCertificate.md rename to library/common/docs/scaleCertificate.md diff --git a/library/common/1.0.0/docs/scaleExternalInterface.md b/library/common/docs/scaleExternalInterface.md similarity index 100% rename from library/common/1.0.0/docs/scaleExternalInterface.md rename to library/common/docs/scaleExternalInterface.md diff --git a/library/common/1.0.0/docs/scaleGPU.md b/library/common/docs/scaleGPU.md similarity index 100% rename from library/common/1.0.0/docs/scaleGPU.md rename to library/common/docs/scaleGPU.md diff --git a/library/common/1.0.0/docs/secret.md b/library/common/docs/secret.md similarity index 100% rename from library/common/1.0.0/docs/secret.md rename to library/common/docs/secret.md diff --git a/library/common/1.0.0/docs/service/ClusterIP.md b/library/common/docs/service/ClusterIP.md similarity index 100% rename from library/common/1.0.0/docs/service/ClusterIP.md rename to library/common/docs/service/ClusterIP.md diff --git a/library/common/1.0.0/docs/service/NodePort.md b/library/common/docs/service/NodePort.md similarity index 100% rename from library/common/1.0.0/docs/service/NodePort.md rename to library/common/docs/service/NodePort.md diff --git a/library/common/1.0.0/docs/service/README.md b/library/common/docs/service/README.md similarity index 100% rename from library/common/1.0.0/docs/service/README.md rename to library/common/docs/service/README.md diff --git a/library/common/1.0.0/docs/serviceAccount.md b/library/common/docs/serviceAccount.md similarity index 100% rename from library/common/1.0.0/docs/serviceAccount.md rename to library/common/docs/serviceAccount.md diff --git a/library/common/1.0.0/docs/workload/README.md b/library/common/docs/workload/README.md similarity index 100% rename from library/common/1.0.0/docs/workload/README.md rename to library/common/docs/workload/README.md diff --git a/library/common/1.0.0/docs/workload/cronjob.md b/library/common/docs/workload/cronjob.md similarity index 100% rename from library/common/1.0.0/docs/workload/cronjob.md rename to library/common/docs/workload/cronjob.md diff --git a/library/common/1.0.0/docs/workload/deployment.md b/library/common/docs/workload/deployment.md similarity index 100% rename from library/common/1.0.0/docs/workload/deployment.md rename to library/common/docs/workload/deployment.md diff --git a/library/common/1.0.0/docs/workload/job.md b/library/common/docs/workload/job.md similarity index 100% rename from library/common/1.0.0/docs/workload/job.md rename to library/common/docs/workload/job.md diff --git a/library/common/templates/app_functions/_permissions.tpl b/library/common/templates/app_functions/_permissions.tpl new file mode 100644 index 0000000000..da83b29fe8 --- /dev/null +++ b/library/common/templates/app_functions/_permissions.tpl @@ -0,0 +1,54 @@ +{{/* Returns an init container that fixes permissions */}} +{{/* Call this template: +{{ include "ix.v1.common.app.permissions" (dict "UID" 568 "GID" 568 "type" "init") }} + +type (optional): init or install (default: install) +UID: UID to change permissions to +GID: GID to change permissions to +*/}} +{{- define "ix.v1.common.app.permissions" -}} + {{- $type := .type | default "install" -}} + {{- $containerName := .containerName | default "permissions" -}} + {{- $UID := .UID -}} + {{- $GID := .GID -}} + + {{- if (kindIs "invalid" $type) -}} + {{- fail "Permissions Container - [type] cannot be empty" -}} + {{- end -}} + {{- if (kindIs "invalid" $containerName) -}} + {{- fail "Permissions Container - [containerName] cannot be empty" -}} + {{- end -}} + {{- if (kindIs "invalid" $GID) -}} + {{- fail "Permissions Container - [GID] cannot be empty" -}} + {{- end -}} + {{- if (kindIs "invalid" $UID) -}} + {{- fail "Permissions Container - [UID] cannot be empty" -}} + {{- end }} + +{{ $containerName }}: + enabled: true + type: {{ $type }} + imageSelector: bashImage + resources: + limits: + cpu: 1000m + memory: 512Mi + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + capabilities: + add: + - CHOWN + command: bash + args: + - -c + - | + echo "Changing ownership to {{ $UID }}:{{ $GID }} on the following directories:" + ls -la /mnt/directories + chown -R {{ $UID }}:{{ $GID }} /mnt/directories + echo "Finished changing ownership" + echo "Permissions after changing ownership:" + ls -la /mnt/directories +{{- end -}} diff --git a/library/common/templates/app_functions/_postgres.tpl b/library/common/templates/app_functions/_postgres.tpl new file mode 100644 index 0000000000..d2d7a9952a --- /dev/null +++ b/library/common/templates/app_functions/_postgres.tpl @@ -0,0 +1,102 @@ +{{/* Returns a postgres pod with init container for fixing permissions +and a pre-upgrade job to backup the database */}} +{{/* Call this template: +{{ include "ix.v1.common.app.postgres" (dict "name" "postgres" "secretName" "postgres-creds" "backupPath" "/postgres_backup" "resources" .Values.resources) }} + +name (optional): Name of the postgres pod/container (default: postgres) +secretName (required): Name of the secret containing the postgres credentials +backupPath (optional): Path to store the backup, it's the container's path (default: /postgres_backup) +resources (required): Resources for the postgres container +*/}} +{{- define "ix.v1.common.app.postgres" -}} + {{- $name := .name | default "postgres" -}} + {{- $secretName := (required "Postgres - Secret Name is required" .secretName) -}} + {{- $backupPath := .backupPath | default "/postgres_backup" -}} + {{- $resources := (required "Postgres - Resources are required" .resources) }} +{{ $name }}: + enabled: true + type: Deployment + podSpec: + containers: + {{ $name }}: + enabled: true + primary: true + imageSelector: postgresImage + securityContext: + runAsUser: 999 + runAsGroup: 999 + readOnlyRootFilesystem: false + resources: + limits: + cpu: {{ $resources.limits.cpu }} + memory: {{ $resources.limits.memory }} + envFrom: + - secretRef: + name: {{ $secretName }} + probes: + liveness: + enabled: true + type: exec + command: + - sh + - -c + - "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done" + readiness: + enabled: true + type: exec + command: + - sh + - -c + - "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done" + startup: + enabled: true + type: exec + command: + - sh + - -c + - "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done" + initContainers: + {{- include "ix.v1.common.app.permissions" (dict "UID" 999 "GID" 999) | nindent 6 }} +postgresbackup: + enabled: true + type: Job + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded + podSpec: + restartPolicy: Never + containers: + postgresbackup: + enabled: true + primary: true + imageSelector: postgresImage + securityContext: + runAsUser: 999 + runAsGroup: 999 + readOnlyRootFilesystem: false + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + resources: + limits: + cpu: 2000m + memory: 2Gi + envFrom: + - secretRef: + name: {{ $secretName }} + command: + - sh + - -c + - | + until pg_isready -U ${POSTGRES_USER} -h ${POSTGRES_HOST}; do sleep 2; done + echo "Creating backup of ${POSTGRES_DB} database" + pg_dump --dbname=${POSTGRES_URL} --file {{ $backupPath }}/${POSTGRES_DB}_$(date +%Y-%m-%d_%H-%M-%S).sql || echo "Failed to create backup" + echo "Backup finished" + initContainers: + {{- include "ix.v1.common.app.permissions" (dict "UID" 999 "GID" 999 "type" "init") | nindent 6 }} +{{- end -}} diff --git a/library/common/1.0.0/templates/class/_configmap.tpl b/library/common/templates/class/_configmap.tpl similarity index 100% rename from library/common/1.0.0/templates/class/_configmap.tpl rename to library/common/templates/class/_configmap.tpl diff --git a/library/common/1.0.0/templates/class/_cronjob.tpl b/library/common/templates/class/_cronjob.tpl similarity index 100% rename from library/common/1.0.0/templates/class/_cronjob.tpl rename to library/common/templates/class/_cronjob.tpl diff --git a/library/common/1.0.0/templates/class/_deployment.tpl b/library/common/templates/class/_deployment.tpl similarity index 100% rename from library/common/1.0.0/templates/class/_deployment.tpl rename to library/common/templates/class/_deployment.tpl diff --git a/library/common/1.0.0/templates/class/_job.tpl b/library/common/templates/class/_job.tpl similarity index 100% rename from library/common/1.0.0/templates/class/_job.tpl rename to library/common/templates/class/_job.tpl diff --git a/library/common/1.0.0/templates/class/_networkAttachmentDefinition.tpl b/library/common/templates/class/_networkAttachmentDefinition.tpl similarity index 100% rename from library/common/1.0.0/templates/class/_networkAttachmentDefinition.tpl rename to library/common/templates/class/_networkAttachmentDefinition.tpl diff --git a/library/common/1.0.0/templates/class/_rbac.tpl b/library/common/templates/class/_rbac.tpl similarity index 100% rename from library/common/1.0.0/templates/class/_rbac.tpl rename to library/common/templates/class/_rbac.tpl diff --git a/library/common/1.0.0/templates/class/_secret.tpl b/library/common/templates/class/_secret.tpl similarity index 100% rename from library/common/1.0.0/templates/class/_secret.tpl rename to library/common/templates/class/_secret.tpl diff --git a/library/common/1.0.0/templates/class/_service.tpl b/library/common/templates/class/_service.tpl similarity index 85% rename from library/common/1.0.0/templates/class/_service.tpl rename to library/common/templates/class/_service.tpl index dba5f6db51..751e0bfccd 100644 --- a/library/common/1.0.0/templates/class/_service.tpl +++ b/library/common/templates/class/_service.tpl @@ -24,6 +24,11 @@ objectData: The service data, that will be used to render the Service object. {{- if $podValues -}} {{/* Get Pod hostNetwork configuration */}} {{- $hostNetwork = include "ix.v1.common.lib.pod.hostNetwork" (dict "rootCtx" $rootCtx "objectData" $podValues) -}} + + {{/* When hostNetwork is set on the pod, force ClusterIP, so services wont try to bind the same ports on the host */}} + {{- if or (and (kindIs "bool" $hostNetwork) $hostNetwork) (and (kindIs "string" $hostNetwork) (eq $hostNetwork "true")) -}} + {{- $svcType = "ClusterIP" -}} + {{- end -}} {{- end -}} {{- range $portName, $port := $objectData.ports -}} @@ -34,15 +39,11 @@ objectData: The service data, that will be used to render the Service object. {{- end -}} {{- end -}} - {{/* When hostNetwork is set on the pod, force ClusterIP, so services wont try to bind the same ports on the host */}} - {{- if or (and (kindIs "bool" $hostNetwork) $hostNetwork) (and (kindIs "string" $hostNetwork) (eq $hostNetwork "true")) -}} - {{- $svcType = "ClusterIP" -}} - {{- end -}} - {{/* When hostPort is defined, force ClusterIP aswell */}} {{- if $hasHostPort -}} {{- $svcType = "ClusterIP" -}} - {{- end }} + {{- end -}} + {{- $_ := set $objectData "type" $svcType }} --- apiVersion: v1 @@ -50,7 +51,7 @@ kind: Service metadata: name: {{ $objectData.name }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "ix.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml) - (include "ix.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "service" "objectName" $objectData.name) | fromYaml)) -}} + (include "ix.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "service" "objectName" $objectData.shortName) | fromYaml)) -}} {{- with (include "ix.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: {{- . | nindent 4 }} @@ -61,9 +62,9 @@ metadata: {{- . | nindent 4 }} {{- end }} spec: - {{- if eq $svcType "ClusterIP" -}} + {{- if eq $objectData.type "ClusterIP" -}} {{- include "ix.v1.common.lib.service.spec.clusterIP" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}} - {{- else if eq $svcType "NodePort" -}} + {{- else if eq $objectData.type "NodePort" -}} {{- include "ix.v1.common.lib.service.spec.nodePort" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 -}} {{- end -}} {{- with (include "ix.v1.common.lib.service.ports" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim) }} diff --git a/library/common/1.0.0/templates/class/_serviceAccount.tpl b/library/common/templates/class/_serviceAccount.tpl similarity index 100% rename from library/common/1.0.0/templates/class/_serviceAccount.tpl rename to library/common/templates/class/_serviceAccount.tpl diff --git a/library/common/1.0.0/templates/helpers/_envDupeCheck.tpl b/library/common/templates/helpers/_envDupeCheck.tpl similarity index 100% rename from library/common/1.0.0/templates/helpers/_envDupeCheck.tpl rename to library/common/templates/helpers/_envDupeCheck.tpl diff --git a/library/common/1.0.0/templates/helpers/_getPortRange.tpl b/library/common/templates/helpers/_getPortRange.tpl similarity index 100% rename from library/common/1.0.0/templates/helpers/_getPortRange.tpl rename to library/common/templates/helpers/_getPortRange.tpl diff --git a/library/common/1.0.0/templates/helpers/_getSelectedPod.tpl b/library/common/templates/helpers/_getSelectedPod.tpl similarity index 100% rename from library/common/1.0.0/templates/helpers/_getSelectedPod.tpl rename to library/common/templates/helpers/_getSelectedPod.tpl diff --git a/library/common/1.0.0/templates/lib/certificate/_getData.tpl b/library/common/templates/lib/certificate/_getData.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/certificate/_getData.tpl rename to library/common/templates/lib/certificate/_getData.tpl diff --git a/library/common/1.0.0/templates/lib/certificate/_validation.tpl b/library/common/templates/lib/certificate/_validation.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/certificate/_validation.tpl rename to library/common/templates/lib/certificate/_validation.tpl diff --git a/library/common/1.0.0/templates/lib/chart/_names.tpl b/library/common/templates/lib/chart/_names.tpl similarity index 92% rename from library/common/1.0.0/templates/lib/chart/_names.tpl rename to library/common/templates/lib/chart/_names.tpl index f8f6c944a8..e5ec98a9b9 100644 --- a/library/common/1.0.0/templates/lib/chart/_names.tpl +++ b/library/common/templates/lib/chart/_names.tpl @@ -27,7 +27,7 @@ {{- $name := .name -}} - {{- if not (mustRegexMatch "^[a-z0-9]([a-z0-9-]){1,61}[a-z0-9]$" $name) -}} + {{- if not (mustRegexMatch "^[a-z0-9]([a-z0-9]-?|-?[a-z0-9]){0,61}[a-z0-9]$" $name) -}} {{- fail (printf "Name [%s] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters." $name) -}} {{- end -}} diff --git a/library/common/1.0.0/templates/lib/chart/_notes.tpl b/library/common/templates/lib/chart/_notes.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/chart/_notes.tpl rename to library/common/templates/lib/chart/_notes.tpl diff --git a/library/common/1.0.0/templates/lib/configmap/_validation.tpl b/library/common/templates/lib/configmap/_validation.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/configmap/_validation.tpl rename to library/common/templates/lib/configmap/_validation.tpl diff --git a/library/common/1.0.0/templates/lib/container/_args.tpl b/library/common/templates/lib/container/_args.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/_args.tpl rename to library/common/templates/lib/container/_args.tpl diff --git a/library/common/1.0.0/templates/lib/container/_command.tpl b/library/common/templates/lib/container/_command.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/_command.tpl rename to library/common/templates/lib/container/_command.tpl diff --git a/library/common/1.0.0/templates/lib/container/_env.tpl b/library/common/templates/lib/container/_env.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/_env.tpl rename to library/common/templates/lib/container/_env.tpl diff --git a/library/common/1.0.0/templates/lib/container/_envFrom.tpl b/library/common/templates/lib/container/_envFrom.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/_envFrom.tpl rename to library/common/templates/lib/container/_envFrom.tpl diff --git a/library/common/1.0.0/templates/lib/container/_envList.tpl b/library/common/templates/lib/container/_envList.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/_envList.tpl rename to library/common/templates/lib/container/_envList.tpl diff --git a/library/common/1.0.0/templates/lib/container/_fixedEnv.tpl b/library/common/templates/lib/container/_fixedEnv.tpl similarity index 91% rename from library/common/1.0.0/templates/lib/container/_fixedEnv.tpl rename to library/common/templates/lib/container/_fixedEnv.tpl index fbafca6318..7e20359746 100644 --- a/library/common/1.0.0/templates/lib/container/_fixedEnv.tpl +++ b/library/common/templates/lib/container/_fixedEnv.tpl @@ -13,7 +13,7 @@ objectData: The object data to be used to render the container. {{- $_ := set $objectData "fixedEnv" dict -}} {{- end -}} - {{- $nvidiaCaps := $rootCtx.Values.containerOptions.NVIDIA_CAPS -}} + {{- $nvidiaCaps := $rootCtx.Values.resources.NVIDIA_CAPS -}} {{- if $objectData.fixedEnv.NVIDIA_CAPS -}} {{- $nvidiaCaps = $objectData.fixedEnv.NVIDIA_CAPS -}} @@ -34,8 +34,13 @@ objectData: The object data to be used to render the container. {{- $fixed := list -}} {{- $TZ := $objectData.fixedEnv.TZ | default $rootCtx.Values.TZ -}} - {{- $UMASK := $objectData.fixedEnv.UMASK | default $rootCtx.Values.containerOptions.UMASK -}} - {{- $PUID := $objectData.fixedEnv.PUID | default $rootCtx.Values.containerOptions.PUID -}} + {{- $UMASK := $objectData.fixedEnv.UMASK | default $rootCtx.Values.securityContext.container.UMASK -}} + + {{- $PUID := $objectData.fixedEnv.PUID | default $rootCtx.Values.securityContext.container.PUID -}} + {{- if and (not (kindIs "invalid" $objectData.fixedEnv.PUID)) (eq (int $objectData.fixedEnv.PUID) 0) -}} + {{- $PUID = $objectData.fixedEnv.PUID -}} + {{- end -}} + {{/* calculatedFSGroup is passed from the pod */}} {{- $PGID := $objectData.calculatedFSGroup -}} diff --git a/library/common/1.0.0/templates/lib/container/_imageSelector.tpl b/library/common/templates/lib/container/_imageSelector.tpl similarity index 88% rename from library/common/1.0.0/templates/lib/container/_imageSelector.tpl rename to library/common/templates/lib/container/_imageSelector.tpl index 6e7f95dfac..4397628824 100644 --- a/library/common/1.0.0/templates/lib/container/_imageSelector.tpl +++ b/library/common/templates/lib/container/_imageSelector.tpl @@ -29,6 +29,10 @@ objectData: The object data to be used to render the container. {{- fail (printf "Container - Expected non-empty <.Values.%s.tag>" $selector) -}} {{- end -}} + {{- if not (kindIs "string" $imageObj.tag) -}} + {{- fail (printf "Container - Expected <.Values.%s.tag> to be string, but got [%s]" $selector (kindOf $imageObj.tag)) -}} + {{- end -}} + {{- if not $imageObj.pullPolicy -}} {{- $_ := set $imageObj "pullPolicy" "IfNotPresent" -}} {{- end -}} diff --git a/library/common/1.0.0/templates/lib/container/_lifecycle.tpl b/library/common/templates/lib/container/_lifecycle.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/_lifecycle.tpl rename to library/common/templates/lib/container/_lifecycle.tpl diff --git a/library/common/1.0.0/templates/lib/container/_ports.tpl b/library/common/templates/lib/container/_ports.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/_ports.tpl rename to library/common/templates/lib/container/_ports.tpl diff --git a/library/common/1.0.0/templates/lib/container/_primaryValidation.tpl b/library/common/templates/lib/container/_primaryValidation.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/_primaryValidation.tpl rename to library/common/templates/lib/container/_primaryValidation.tpl diff --git a/library/common/1.0.0/templates/lib/container/_probes.tpl b/library/common/templates/lib/container/_probes.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/_probes.tpl rename to library/common/templates/lib/container/_probes.tpl diff --git a/library/common/1.0.0/templates/lib/container/_resources.tpl b/library/common/templates/lib/container/_resources.tpl similarity index 98% rename from library/common/1.0.0/templates/lib/container/_resources.tpl rename to library/common/templates/lib/container/_resources.tpl index ef6b00f4e1..9386478be1 100644 --- a/library/common/1.0.0/templates/lib/container/_resources.tpl +++ b/library/common/templates/lib/container/_resources.tpl @@ -8,7 +8,7 @@ objectData: The object data to be used to render the container. {{- $rootCtx := .rootCtx -}} {{- $objectData := .objectData -}} - {{- $resources := $rootCtx.Values.containerOptions.resources -}} + {{- $resources := $rootCtx.Values.resources -}} {{- if $objectData.resources -}} {{- $resources = mustMergeOverwrite $resources $objectData.resources -}} diff --git a/library/common/1.0.0/templates/lib/container/_securityContext.tpl b/library/common/templates/lib/container/_securityContext.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/_securityContext.tpl rename to library/common/templates/lib/container/_securityContext.tpl diff --git a/library/common/1.0.0/templates/lib/container/_termination.tpl b/library/common/templates/lib/container/_termination.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/_termination.tpl rename to library/common/templates/lib/container/_termination.tpl diff --git a/library/common/1.0.0/templates/lib/container/_volumeMounts.tpl b/library/common/templates/lib/container/_volumeMounts.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/_volumeMounts.tpl rename to library/common/templates/lib/container/_volumeMounts.tpl diff --git a/library/common/1.0.0/templates/lib/container/probe-lifecycle-actions/_exec.tpl b/library/common/templates/lib/container/probe-lifecycle-actions/_exec.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/probe-lifecycle-actions/_exec.tpl rename to library/common/templates/lib/container/probe-lifecycle-actions/_exec.tpl diff --git a/library/common/1.0.0/templates/lib/container/probe-lifecycle-actions/_grpc.tpl b/library/common/templates/lib/container/probe-lifecycle-actions/_grpc.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/probe-lifecycle-actions/_grpc.tpl rename to library/common/templates/lib/container/probe-lifecycle-actions/_grpc.tpl diff --git a/library/common/1.0.0/templates/lib/container/probe-lifecycle-actions/_httpGet.tpl b/library/common/templates/lib/container/probe-lifecycle-actions/_httpGet.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/probe-lifecycle-actions/_httpGet.tpl rename to library/common/templates/lib/container/probe-lifecycle-actions/_httpGet.tpl diff --git a/library/common/1.0.0/templates/lib/container/probe-lifecycle-actions/_tcpSocket.tpl b/library/common/templates/lib/container/probe-lifecycle-actions/_tcpSocket.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/probe-lifecycle-actions/_tcpSocket.tpl rename to library/common/templates/lib/container/probe-lifecycle-actions/_tcpSocket.tpl diff --git a/library/common/1.0.0/templates/lib/externalInterface/_validation.tpl b/library/common/templates/lib/externalInterface/_validation.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/externalInterface/_validation.tpl rename to library/common/templates/lib/externalInterface/_validation.tpl diff --git a/library/common/1.0.0/templates/lib/imagePullSecret/_createData.tpl b/library/common/templates/lib/imagePullSecret/_createData.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/imagePullSecret/_createData.tpl rename to library/common/templates/lib/imagePullSecret/_createData.tpl diff --git a/library/common/1.0.0/templates/lib/imagePullSecret/_validation.tpl b/library/common/templates/lib/imagePullSecret/_validation.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/imagePullSecret/_validation.tpl rename to library/common/templates/lib/imagePullSecret/_validation.tpl diff --git a/library/common/1.0.0/templates/lib/metadata/_allAnnotations.tpl b/library/common/templates/lib/metadata/_allAnnotations.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/metadata/_allAnnotations.tpl rename to library/common/templates/lib/metadata/_allAnnotations.tpl diff --git a/library/common/1.0.0/templates/lib/metadata/_allLabels.tpl b/library/common/templates/lib/metadata/_allLabels.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/metadata/_allLabels.tpl rename to library/common/templates/lib/metadata/_allLabels.tpl diff --git a/library/common/1.0.0/templates/lib/metadata/_externalInterfaceAnnotations.tpl b/library/common/templates/lib/metadata/_externalInterfaceAnnotations.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/metadata/_externalInterfaceAnnotations.tpl rename to library/common/templates/lib/metadata/_externalInterfaceAnnotations.tpl diff --git a/library/common/1.0.0/templates/lib/metadata/_globalAnnotations.tpl b/library/common/templates/lib/metadata/_globalAnnotations.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/metadata/_globalAnnotations.tpl rename to library/common/templates/lib/metadata/_globalAnnotations.tpl diff --git a/library/common/1.0.0/templates/lib/metadata/_globalLabels.tpl b/library/common/templates/lib/metadata/_globalLabels.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/metadata/_globalLabels.tpl rename to library/common/templates/lib/metadata/_globalLabels.tpl diff --git a/library/common/1.0.0/templates/lib/metadata/_podAnnotations.tpl b/library/common/templates/lib/metadata/_podAnnotations.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/metadata/_podAnnotations.tpl rename to library/common/templates/lib/metadata/_podAnnotations.tpl diff --git a/library/common/1.0.0/templates/lib/metadata/_podLabels.tpl b/library/common/templates/lib/metadata/_podLabels.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/metadata/_podLabels.tpl rename to library/common/templates/lib/metadata/_podLabels.tpl diff --git a/library/common/1.0.0/templates/lib/metadata/_render.tpl b/library/common/templates/lib/metadata/_render.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/metadata/_render.tpl rename to library/common/templates/lib/metadata/_render.tpl diff --git a/library/common/1.0.0/templates/lib/metadata/_selectorLabels.tpl b/library/common/templates/lib/metadata/_selectorLabels.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/metadata/_selectorLabels.tpl rename to library/common/templates/lib/metadata/_selectorLabels.tpl diff --git a/library/common/1.0.0/templates/lib/metadata/_validation.tpl b/library/common/templates/lib/metadata/_validation.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/metadata/_validation.tpl rename to library/common/templates/lib/metadata/_validation.tpl diff --git a/library/common/1.0.0/templates/lib/pod/_autoMountServiceAccountToken.tpl b/library/common/templates/lib/pod/_autoMountServiceAccountToken.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/pod/_autoMountServiceAccountToken.tpl rename to library/common/templates/lib/pod/_autoMountServiceAccountToken.tpl diff --git a/library/common/1.0.0/templates/lib/pod/_container.tpl b/library/common/templates/lib/pod/_container.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/pod/_container.tpl rename to library/common/templates/lib/pod/_container.tpl diff --git a/library/common/1.0.0/templates/lib/pod/_containerSpawner.tpl b/library/common/templates/lib/pod/_containerSpawner.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/pod/_containerSpawner.tpl rename to library/common/templates/lib/pod/_containerSpawner.tpl diff --git a/library/common/1.0.0/templates/lib/pod/_dns.tpl b/library/common/templates/lib/pod/_dns.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/pod/_dns.tpl rename to library/common/templates/lib/pod/_dns.tpl diff --git a/library/common/1.0.0/templates/lib/pod/_enableServiceLinks.tpl b/library/common/templates/lib/pod/_enableServiceLinks.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/pod/_enableServiceLinks.tpl rename to library/common/templates/lib/pod/_enableServiceLinks.tpl diff --git a/library/common/1.0.0/templates/lib/pod/_hostAliases.tpl b/library/common/templates/lib/pod/_hostAliases.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/pod/_hostAliases.tpl rename to library/common/templates/lib/pod/_hostAliases.tpl diff --git a/library/common/1.0.0/templates/lib/pod/_hostNetwork.tpl b/library/common/templates/lib/pod/_hostNetwork.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/pod/_hostNetwork.tpl rename to library/common/templates/lib/pod/_hostNetwork.tpl diff --git a/library/common/1.0.0/templates/lib/pod/_hostname.tpl.tpl b/library/common/templates/lib/pod/_hostname.tpl.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/pod/_hostname.tpl.tpl rename to library/common/templates/lib/pod/_hostname.tpl.tpl diff --git a/library/common/1.0.0/templates/lib/pod/_imagePullSecret.tpl b/library/common/templates/lib/pod/_imagePullSecret.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/pod/_imagePullSecret.tpl rename to library/common/templates/lib/pod/_imagePullSecret.tpl diff --git a/library/common/1.0.0/templates/lib/pod/_initContainerSpawner.tpl b/library/common/templates/lib/pod/_initContainerSpawner.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/pod/_initContainerSpawner.tpl rename to library/common/templates/lib/pod/_initContainerSpawner.tpl diff --git a/library/common/1.0.0/templates/lib/pod/_podSecurityContext.tpl b/library/common/templates/lib/pod/_podSecurityContext.tpl similarity index 93% rename from library/common/1.0.0/templates/lib/pod/_podSecurityContext.tpl rename to library/common/templates/lib/pod/_podSecurityContext.tpl index 5a7225b864..589fcc9b24 100644 --- a/library/common/1.0.0/templates/lib/pod/_podSecurityContext.tpl +++ b/library/common/templates/lib/pod/_podSecurityContext.tpl @@ -25,21 +25,21 @@ objectData: The object data to be used to render the Pod. TODO: Unit Test the above cases */}} - {{- $addSupplemental := list -}} + {{- $gpuAdded := false -}} {{- range $GPUValues := $rootCtx.Values.scaleGPU -}} {{/* If there is a selector and pod is selected */}} {{- if $GPUValues.targetSelector -}} {{- if mustHas $objectData.shortName ($GPUValues.targetSelector | keys) -}} - {{- $addSupplemental = mustAppend $addSupplemental 44 -}} + {{- $gpuAdded = true -}} {{- end -}} {{/* If there isn't a selector, but pod is primary */}} {{- else if $objectData.primary -}} - {{- $addSupplemental = mustAppend $addSupplemental 44 -}} + {{- $gpuAdded = true -}} {{- end -}} {{- end -}} - {{- if $addSupplemental -}} - {{- $_ := set $secContext "supplementalGroups" (concat $secContext.supplementalGroups $addSupplemental) -}} + {{- if $gpuAdded -}} + {{- $_ := set $secContext "supplementalGroups" (concat $secContext.supplementalGroups (list 44)) -}} {{- end -}} {{- $portRange := fromJson (include "ix.v1.common.lib.helpers.securityContext.getPortRange" (dict "rootCtx" $rootCtx "objectData" $objectData)) -}} diff --git a/library/common/1.0.0/templates/lib/pod/_restartPolicy.tpl b/library/common/templates/lib/pod/_restartPolicy.tpl similarity index 82% rename from library/common/1.0.0/templates/lib/pod/_restartPolicy.tpl rename to library/common/templates/lib/pod/_restartPolicy.tpl index 2c1277e59e..335d6e8f1d 100644 --- a/library/common/1.0.0/templates/lib/pod/_restartPolicy.tpl +++ b/library/common/templates/lib/pod/_restartPolicy.tpl @@ -30,5 +30,10 @@ objectData: The object data to be used to render the Pod. {{- fail (printf "Expected [%s] to exist on list, but list contained [%s] on type" $datasetName (join ", " $rootCtx.Values.ixVolumes )) -}} + {{- if eq $datasetName (base $normalizedHostPath.hostPath) -}} + {{- $found = true -}} + {{- $hostPath = $normalizedHostPath.hostPath -}} {{- end -}} {{- end -}} + {{- if not $found -}} {{/* If we go over the ixVolumes and we dont find a match, fail */}} + {{- $datasets := list -}} + {{- range $rootCtx.Values.ixVolumes -}} + {{- $datasets = mustAppend $datasets (base .hostPath) -}} + {{- end -}} + {{- fail (printf "Persistence - Expected [%s] to exist on list, but list contained [%s] on type" $datasetName (join ", " $datasets)) -}} + {{- end -}} + {{- if not (hasPrefix "/" $hostPath) -}} {{- fail "Persistence - Expected normalized path from to start with a forward slash [/] on type" -}} {{- end -}} diff --git a/library/common/1.0.0/templates/lib/pod/volumes/_secret.tpl b/library/common/templates/lib/pod/volumes/_secret.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/pod/volumes/_secret.tpl rename to library/common/templates/lib/pod/volumes/_secret.tpl diff --git a/library/common/1.0.0/templates/lib/rbac/_getServiceAccounts.tpl b/library/common/templates/lib/rbac/_getServiceAccounts.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/rbac/_getServiceAccounts.tpl rename to library/common/templates/lib/rbac/_getServiceAccounts.tpl diff --git a/library/common/1.0.0/templates/lib/rbac/_rules.tpl b/library/common/templates/lib/rbac/_rules.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/rbac/_rules.tpl rename to library/common/templates/lib/rbac/_rules.tpl diff --git a/library/common/1.0.0/templates/lib/rbac/_subjects.tpl b/library/common/templates/lib/rbac/_subjects.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/rbac/_subjects.tpl rename to library/common/templates/lib/rbac/_subjects.tpl diff --git a/library/common/1.0.0/templates/lib/rbac/_validation.tpl b/library/common/templates/lib/rbac/_validation.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/rbac/_validation.tpl rename to library/common/templates/lib/rbac/_validation.tpl diff --git a/library/common/1.0.0/templates/lib/secret/_validation.tpl b/library/common/templates/lib/secret/_validation.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/secret/_validation.tpl rename to library/common/templates/lib/secret/_validation.tpl diff --git a/library/common/1.0.0/templates/lib/service/_ports.tpl b/library/common/templates/lib/service/_ports.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/service/_ports.tpl rename to library/common/templates/lib/service/_ports.tpl diff --git a/library/common/1.0.0/templates/lib/service/_validation.tpl b/library/common/templates/lib/service/_validation.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/service/_validation.tpl rename to library/common/templates/lib/service/_validation.tpl diff --git a/library/common/1.0.0/templates/lib/service/serviceTypeConfig/_cluster_ip.tpl b/library/common/templates/lib/service/serviceTypeConfig/_cluster_ip.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/service/serviceTypeConfig/_cluster_ip.tpl rename to library/common/templates/lib/service/serviceTypeConfig/_cluster_ip.tpl diff --git a/library/common/1.0.0/templates/lib/service/serviceTypeConfig/_externalIPs.tpl b/library/common/templates/lib/service/serviceTypeConfig/_externalIPs.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/service/serviceTypeConfig/_externalIPs.tpl rename to library/common/templates/lib/service/serviceTypeConfig/_externalIPs.tpl diff --git a/library/common/1.0.0/templates/lib/service/serviceTypeConfig/_externalTrafficPolicy.tpl b/library/common/templates/lib/service/serviceTypeConfig/_externalTrafficPolicy.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/service/serviceTypeConfig/_externalTrafficPolicy.tpl rename to library/common/templates/lib/service/serviceTypeConfig/_externalTrafficPolicy.tpl diff --git a/library/common/1.0.0/templates/lib/service/serviceTypeConfig/_ipFamily.tpl b/library/common/templates/lib/service/serviceTypeConfig/_ipFamily.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/service/serviceTypeConfig/_ipFamily.tpl rename to library/common/templates/lib/service/serviceTypeConfig/_ipFamily.tpl diff --git a/library/common/1.0.0/templates/lib/service/serviceTypeConfig/_publishNotReadyAddresses.tpl b/library/common/templates/lib/service/serviceTypeConfig/_publishNotReadyAddresses.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/service/serviceTypeConfig/_publishNotReadyAddresses.tpl rename to library/common/templates/lib/service/serviceTypeConfig/_publishNotReadyAddresses.tpl diff --git a/library/common/1.0.0/templates/lib/service/serviceTypeConfig/_sessionAffinity.tpl b/library/common/templates/lib/service/serviceTypeConfig/_sessionAffinity.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/service/serviceTypeConfig/_sessionAffinity.tpl rename to library/common/templates/lib/service/serviceTypeConfig/_sessionAffinity.tpl diff --git a/library/common/1.0.0/templates/lib/service/serviceTypeSpecs/_clusterIP.tpl b/library/common/templates/lib/service/serviceTypeSpecs/_clusterIP.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/service/serviceTypeSpecs/_clusterIP.tpl rename to library/common/templates/lib/service/serviceTypeSpecs/_clusterIP.tpl diff --git a/library/common/1.0.0/templates/lib/service/serviceTypeSpecs/_nodePort.tpl b/library/common/templates/lib/service/serviceTypeSpecs/_nodePort.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/service/serviceTypeSpecs/_nodePort.tpl rename to library/common/templates/lib/service/serviceTypeSpecs/_nodePort.tpl diff --git a/library/common/1.0.0/templates/lib/serviceAccount/_validation.tpl b/library/common/templates/lib/serviceAccount/_validation.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/serviceAccount/_validation.tpl rename to library/common/templates/lib/serviceAccount/_validation.tpl diff --git a/library/common/1.0.0/templates/lib/storage/_validation.tpl b/library/common/templates/lib/storage/_validation.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/storage/_validation.tpl rename to library/common/templates/lib/storage/_validation.tpl diff --git a/library/common/1.0.0/templates/lib/workload/_cronjobSpec.tpl b/library/common/templates/lib/workload/_cronjobSpec.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/workload/_cronjobSpec.tpl rename to library/common/templates/lib/workload/_cronjobSpec.tpl diff --git a/library/common/1.0.0/templates/lib/workload/_deployementSpec.tpl b/library/common/templates/lib/workload/_deployementSpec.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/workload/_deployementSpec.tpl rename to library/common/templates/lib/workload/_deployementSpec.tpl diff --git a/library/common/1.0.0/templates/lib/workload/_jobSpec.tpl b/library/common/templates/lib/workload/_jobSpec.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/workload/_jobSpec.tpl rename to library/common/templates/lib/workload/_jobSpec.tpl diff --git a/library/common/1.0.0/templates/lib/workload/_pod.tpl b/library/common/templates/lib/workload/_pod.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/workload/_pod.tpl rename to library/common/templates/lib/workload/_pod.tpl diff --git a/library/common/1.0.0/templates/lib/workload/validation/_cronjobValidation.tpl b/library/common/templates/lib/workload/validation/_cronjobValidation.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/workload/validation/_cronjobValidation.tpl rename to library/common/templates/lib/workload/validation/_cronjobValidation.tpl diff --git a/library/common/1.0.0/templates/lib/workload/validation/_deploymentValidation.tpl b/library/common/templates/lib/workload/validation/_deploymentValidation.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/workload/validation/_deploymentValidation.tpl rename to library/common/templates/lib/workload/validation/_deploymentValidation.tpl diff --git a/library/common/1.0.0/templates/lib/workload/validation/_jobValidation.tpl b/library/common/templates/lib/workload/validation/_jobValidation.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/workload/validation/_jobValidation.tpl rename to library/common/templates/lib/workload/validation/_jobValidation.tpl diff --git a/library/common/1.0.0/templates/lib/workload/validation/_workloadValidation.tpl b/library/common/templates/lib/workload/validation/_workloadValidation.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/workload/validation/_workloadValidation.tpl rename to library/common/templates/lib/workload/validation/_workloadValidation.tpl diff --git a/library/common/1.0.0/templates/loader/_all.tpl b/library/common/templates/loader/_all.tpl similarity index 100% rename from library/common/1.0.0/templates/loader/_all.tpl rename to library/common/templates/loader/_all.tpl diff --git a/library/common/1.0.0/templates/loader/_apply.tpl b/library/common/templates/loader/_apply.tpl similarity index 90% rename from library/common/1.0.0/templates/loader/_apply.tpl rename to library/common/templates/loader/_apply.tpl index c04339eaa4..2cb4291d92 100644 --- a/library/common/1.0.0/templates/loader/_apply.tpl +++ b/library/common/templates/loader/_apply.tpl @@ -1,6 +1,9 @@ {{/* Loads all spawners */}} {{- define "ix.v1.common.loader.apply" -}} + {{/* Make sure there are not any YAML errors */}} + {{- include "ix.v1.common.values.validate" .Values -}} + {{/* Render ConfigMap(s) */}} {{- include "ix.v1.common.spawner.configmap" . | nindent 0 -}} diff --git a/library/common/1.0.0/templates/loader/_init.tpl b/library/common/templates/loader/_init.tpl similarity index 100% rename from library/common/1.0.0/templates/loader/_init.tpl rename to library/common/templates/loader/_init.tpl diff --git a/library/common/1.0.0/templates/spawner/_certificate.tpl b/library/common/templates/spawner/_certificate.tpl similarity index 100% rename from library/common/1.0.0/templates/spawner/_certificate.tpl rename to library/common/templates/spawner/_certificate.tpl diff --git a/library/common/1.0.0/templates/spawner/_configmap.tpl b/library/common/templates/spawner/_configmap.tpl similarity index 100% rename from library/common/1.0.0/templates/spawner/_configmap.tpl rename to library/common/templates/spawner/_configmap.tpl diff --git a/library/common/1.0.0/templates/spawner/_externalInterface.tpl b/library/common/templates/spawner/_externalInterface.tpl similarity index 100% rename from library/common/1.0.0/templates/spawner/_externalInterface.tpl rename to library/common/templates/spawner/_externalInterface.tpl diff --git a/library/common/1.0.0/templates/spawner/_imagePullSecret.tpl b/library/common/templates/spawner/_imagePullSecret.tpl similarity index 100% rename from library/common/1.0.0/templates/spawner/_imagePullSecret.tpl rename to library/common/templates/spawner/_imagePullSecret.tpl diff --git a/library/common/1.0.0/templates/spawner/_rbac.tpl b/library/common/templates/spawner/_rbac.tpl similarity index 100% rename from library/common/1.0.0/templates/spawner/_rbac.tpl rename to library/common/templates/spawner/_rbac.tpl diff --git a/library/common/1.0.0/templates/spawner/_secret.tpl b/library/common/templates/spawner/_secret.tpl similarity index 100% rename from library/common/1.0.0/templates/spawner/_secret.tpl rename to library/common/templates/spawner/_secret.tpl diff --git a/library/common/1.0.0/templates/spawner/_service.tpl b/library/common/templates/spawner/_service.tpl similarity index 100% rename from library/common/1.0.0/templates/spawner/_service.tpl rename to library/common/templates/spawner/_service.tpl diff --git a/library/common/1.0.0/templates/spawner/_serviceAccount.tpl b/library/common/templates/spawner/_serviceAccount.tpl similarity index 100% rename from library/common/1.0.0/templates/spawner/_serviceAccount.tpl rename to library/common/templates/spawner/_serviceAccount.tpl diff --git a/library/common/1.0.0/templates/spawner/_workload.tpl b/library/common/templates/spawner/_workload.tpl similarity index 100% rename from library/common/1.0.0/templates/spawner/_workload.tpl rename to library/common/templates/spawner/_workload.tpl diff --git a/library/common/1.0.0/templates/values/_init.tpl b/library/common/templates/values/_init.tpl similarity index 100% rename from library/common/1.0.0/templates/values/_init.tpl rename to library/common/templates/values/_init.tpl diff --git a/library/common/templates/values/_validate.tpl b/library/common/templates/values/_validate.tpl new file mode 100644 index 0000000000..578f1c9312 --- /dev/null +++ b/library/common/templates/values/_validate.tpl @@ -0,0 +1,18 @@ +{{/* Validates any object that it does not contain helm errors */}} +{{/* This usually can happen after merging values from an include that did not render correcly */}} +{{/* Any object will be passed to "toYaml" */}} +{{/* Call this template: +{{ include "ix.v1.common.values.validate" . }} +*/}} +{{- define "ix.v1.common.values.validate" -}} + {{- $allValues := (toYaml .) -}} + + {{- if contains "error converting YAML to JSON" $allValues -}} + {{/* Print values to show values with the error included. */}} + {{/* Ideally we would want to extract the error only, but because it usually contains ":", + It gets parsed as dict and it cant regex matched it afterwards */}} + + {{- fail (printf "Chart - Values contain an error that may be a result of merging. Values containing the error: \n\n %v \n\n See error above values." $allValues) -}} + {{- end -}} + +{{- end -}} diff --git a/library/common/1.0.0/values.yaml b/library/common/values.yaml similarity index 85% rename from library/common/1.0.0/values.yaml rename to library/common/values.yaml index 3581b1986c..b0ad70630c 100644 --- a/library/common/1.0.0/values.yaml +++ b/library/common/values.yaml @@ -36,9 +36,21 @@ image: tag: "" pullPolicy: IfNotPresent +bashImage: + repository: bash + tag: "4.4.23" + pullPolicy: IfNotPresent + +postgresImage: + repository: postgres + tag: "15.2" + pullPolicy: IfNotPresent + # -- (docs/README.md) securityContext: container: + PUID: 568 + UMASK: "002" runAsNonRoot: true runAsUser: 568 runAsGroup: 568 @@ -58,18 +70,15 @@ securityContext: sysctls: [] # -- (docs/README.md) -containerOptions: - PUID: 568 - UMASK: "002" +resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi NVIDIA_CAPS: - all - resources: - limits: - cpu: 4000m - memory: 8Gi - requests: - cpu: 10m - memory: 50Mi # -- (docs/README.md) podOptions: @@ -90,15 +99,15 @@ podOptions: # -- (docs/notes.md) notes: header: | - # Welcome to SCALE - Thank you for installing <{{ .Chart.Name }}>. + # Welcome to TrueNAS SCALE + Thank you for installing {{ .Chart.Annotations.title }} App. # custom: "{{ toYaml $.Values }}" custom: "" footer: | # Documentation - Documentation for this chart can be found at ... + Documentation for this app can be found at https://docs.ixsystems.com. # Bug reports - If you find a bug in this chart, please file an issue at ... + If you find a bug in this app, please file an issue at https://jira.ixsystems.com # -- Timezone used everywhere applicable TZ: UTC