From 98e924d4eca5d1afaab1f020c87f56f95b8ca586 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Mon, 5 Dec 2022 13:06:59 +0200 Subject: [PATCH] restructure directories a bit --- .../lib/container/_securityContext.tpl | 48 ++++++------------- .../{probeTemplates => probes}/_custom.tpl | 0 .../{probeTemplates => probes}/_exec.tpl | 0 .../{probeTemplates => probes}/_grpc.tpl | 0 .../{probeTemplates => probes}/_httpGet.tpl | 0 .../{probeTemplates => probes}/_tcp.tpl | 0 .../{probeTemplates => probes}/_timeouts.tpl | 0 .../{probeTemplates => probes}/_udp.tpl | 0 .../lib/{chart => general}/_annotations.tpl | 0 .../lib/{chart => general}/_capabilities.tpl | 0 .../lib/{chart => general}/_labels.tpl | 0 .../lib/{chart => general}/_names.tpl | 0 .../lib/{controller => general}/_pod.tpl | 0 .../lib/{controller => pod}/_container.tpl | 0 .../templates/lib/{chart => pod}/_dns.tpl | 0 .../lib/{chart => pod}/_hostAliases.tpl | 0 .../lib/{chart => pod}/_nodeSelector.tpl | 0 .../lib/{chart => pod}/_podAnnotations.tpl | 0 .../lib/{chart => pod}/_podLabels.tpl | 0 .../templates/lib/pod/_podSecurityContext.tpl | 19 ++++++++ .../lib/{chart => pod}/_tolerations.tpl | 0 .../lib/{controller => pod}/_volumes.tpl | 0 .../service}/_endpoints.tpl | 0 .../service}/_externalIPs.tpl | 0 .../service}/_sessionAffinity.tpl | 0 25 files changed, 33 insertions(+), 34 deletions(-) rename library/common/1.0.0/templates/lib/container/{probeTemplates => probes}/_custom.tpl (100%) rename library/common/1.0.0/templates/lib/container/{probeTemplates => probes}/_exec.tpl (100%) rename library/common/1.0.0/templates/lib/container/{probeTemplates => probes}/_grpc.tpl (100%) rename library/common/1.0.0/templates/lib/container/{probeTemplates => probes}/_httpGet.tpl (100%) rename library/common/1.0.0/templates/lib/container/{probeTemplates => probes}/_tcp.tpl (100%) rename library/common/1.0.0/templates/lib/container/{probeTemplates => probes}/_timeouts.tpl (100%) rename library/common/1.0.0/templates/lib/container/{probeTemplates => probes}/_udp.tpl (100%) rename library/common/1.0.0/templates/lib/{chart => general}/_annotations.tpl (100%) rename library/common/1.0.0/templates/lib/{chart => general}/_capabilities.tpl (100%) rename library/common/1.0.0/templates/lib/{chart => general}/_labels.tpl (100%) rename library/common/1.0.0/templates/lib/{chart => general}/_names.tpl (100%) rename library/common/1.0.0/templates/lib/{controller => general}/_pod.tpl (100%) rename library/common/1.0.0/templates/lib/{controller => pod}/_container.tpl (100%) rename library/common/1.0.0/templates/lib/{chart => pod}/_dns.tpl (100%) rename library/common/1.0.0/templates/lib/{chart => pod}/_hostAliases.tpl (100%) rename library/common/1.0.0/templates/lib/{chart => pod}/_nodeSelector.tpl (100%) rename library/common/1.0.0/templates/lib/{chart => pod}/_podAnnotations.tpl (100%) rename library/common/1.0.0/templates/lib/{chart => pod}/_podLabels.tpl (100%) create mode 100644 library/common/1.0.0/templates/lib/pod/_podSecurityContext.tpl rename library/common/1.0.0/templates/lib/{chart => pod}/_tolerations.tpl (100%) rename library/common/1.0.0/templates/lib/{controller => pod}/_volumes.tpl (100%) rename library/common/1.0.0/templates/{class/serviceTemplates => lib/service}/_endpoints.tpl (100%) rename library/common/1.0.0/templates/{class/serviceTemplates => lib/service}/_externalIPs.tpl (100%) rename library/common/1.0.0/templates/{class/serviceTemplates => lib/service}/_sessionAffinity.tpl (100%) diff --git a/library/common/1.0.0/templates/lib/container/_securityContext.tpl b/library/common/1.0.0/templates/lib/container/_securityContext.tpl index 48479179c5..4a81359577 100644 --- a/library/common/1.0.0/templates/lib/container/_securityContext.tpl +++ b/library/common/1.0.0/templates/lib/container/_securityContext.tpl @@ -1,20 +1,20 @@ {{/* Security Context included by the container */}} {{- define "ix.v1.common.container.securityContext" -}} -{{- $secContext := .secCont -}} -{{- $podSecContext := .podSecCont -}} -{{- $root := .root -}} -{{/* Check that they are set as booleans to prevent typos */}} -{{- with $secContext -}} - {{- if or (not (kindIs "bool" .runAsNonRoot)) (not (kindIs "bool" .privileged)) (not (kindIs "bool" .readOnlyRootFilesystem)) (not (kindIs "bool" .allowPrivilegeEscalation)) -}} - {{- fail "One or more of the following are not set as booleans (runAsNonRoot, privileged, readOnlyRootFilesystem, allowPrivilegeEscalation)" -}} - {{- end -}} -{{- end -}} -{{/* Only run as root if it's explicitly defined */}} -{{- if or (not $podSecContext.runAsUser) (not $podSecContext.runAsGroup) -}} - {{- if $secContext.runAsNonRoot -}} - {{- fail "You are trying to run as root (user or group), but runAsNonRoot is set to true" -}} + {{- $secContext := .secCont -}} + {{- $podSecContext := .podSecCont -}} + {{- $root := .root -}} + {{/* Check that they are set as booleans to prevent typos */}} + {{- with $secContext -}} + {{- if or (not (kindIs "bool" .runAsNonRoot)) (not (kindIs "bool" .privileged)) (not (kindIs "bool" .readOnlyRootFilesystem)) (not (kindIs "bool" .allowPrivilegeEscalation)) -}} + {{- fail "One or more of the following are not set as booleans (runAsNonRoot, privileged, readOnlyRootFilesystem, allowPrivilegeEscalation)" -}} + {{- end -}} + {{- end -}} +{{/* Only run as root if it's explicitly defined */}} + {{- if or (not $podSecContext.runAsUser) (not $podSecContext.runAsGroup) -}} + {{- if $secContext.runAsNonRoot -}} + {{- fail "You are trying to run as root (user or group), but runAsNonRoot is set to true" -}} + {{- end -}} {{- end -}} -{{- end -}} runAsNonRoot: {{ $secContext.runAsNonRoot }} readOnlyRootFilesystem: {{ $secContext.readOnlyRootFilesystem }} allowPrivilegeEscalation: {{ $secContext.allowPrivilegeEscalation }} @@ -41,23 +41,3 @@ capabilities: drop: [] {{- end }} {{- end -}} - -{{/* A dict podSecContext is expected with keys line runAsUser */}} -{{- define "ix.v1.common.container.podSecurityContext" -}} -{{- $podSecCont := .podSecCont -}} -runAsUser: {{ required " value is required." $podSecCont.runAsUser }} -runAsGroup: {{ required " value is required." $podSecCont.runAsGroup }} -fsGroup: {{ required " value is required." $podSecCont.fsGroup }} -{{- with $podSecCont.supplementalGroups }} -supplementalGroups: - {{- range . }} - - {{ . }} - {{- end -}} -{{- end -}} -{{- with $podSecCont.fsGroupChangePolicy -}} - {{- if not (has . (list "Always" "OnRootMismatch")) -}} - {{- fail "Invalid option for fsGroupChangePolicy. Valid options are and ." -}} - {{- end }} -fsGroupChangePolicy: {{ . }} -{{- end -}} -{{- end -}} diff --git a/library/common/1.0.0/templates/lib/container/probeTemplates/_custom.tpl b/library/common/1.0.0/templates/lib/container/probes/_custom.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/probeTemplates/_custom.tpl rename to library/common/1.0.0/templates/lib/container/probes/_custom.tpl diff --git a/library/common/1.0.0/templates/lib/container/probeTemplates/_exec.tpl b/library/common/1.0.0/templates/lib/container/probes/_exec.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/probeTemplates/_exec.tpl rename to library/common/1.0.0/templates/lib/container/probes/_exec.tpl diff --git a/library/common/1.0.0/templates/lib/container/probeTemplates/_grpc.tpl b/library/common/1.0.0/templates/lib/container/probes/_grpc.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/probeTemplates/_grpc.tpl rename to library/common/1.0.0/templates/lib/container/probes/_grpc.tpl diff --git a/library/common/1.0.0/templates/lib/container/probeTemplates/_httpGet.tpl b/library/common/1.0.0/templates/lib/container/probes/_httpGet.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/probeTemplates/_httpGet.tpl rename to library/common/1.0.0/templates/lib/container/probes/_httpGet.tpl diff --git a/library/common/1.0.0/templates/lib/container/probeTemplates/_tcp.tpl b/library/common/1.0.0/templates/lib/container/probes/_tcp.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/probeTemplates/_tcp.tpl rename to library/common/1.0.0/templates/lib/container/probes/_tcp.tpl diff --git a/library/common/1.0.0/templates/lib/container/probeTemplates/_timeouts.tpl b/library/common/1.0.0/templates/lib/container/probes/_timeouts.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/probeTemplates/_timeouts.tpl rename to library/common/1.0.0/templates/lib/container/probes/_timeouts.tpl diff --git a/library/common/1.0.0/templates/lib/container/probeTemplates/_udp.tpl b/library/common/1.0.0/templates/lib/container/probes/_udp.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/container/probeTemplates/_udp.tpl rename to library/common/1.0.0/templates/lib/container/probes/_udp.tpl diff --git a/library/common/1.0.0/templates/lib/chart/_annotations.tpl b/library/common/1.0.0/templates/lib/general/_annotations.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/chart/_annotations.tpl rename to library/common/1.0.0/templates/lib/general/_annotations.tpl diff --git a/library/common/1.0.0/templates/lib/chart/_capabilities.tpl b/library/common/1.0.0/templates/lib/general/_capabilities.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/chart/_capabilities.tpl rename to library/common/1.0.0/templates/lib/general/_capabilities.tpl diff --git a/library/common/1.0.0/templates/lib/chart/_labels.tpl b/library/common/1.0.0/templates/lib/general/_labels.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/chart/_labels.tpl rename to library/common/1.0.0/templates/lib/general/_labels.tpl diff --git a/library/common/1.0.0/templates/lib/chart/_names.tpl b/library/common/1.0.0/templates/lib/general/_names.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/chart/_names.tpl rename to library/common/1.0.0/templates/lib/general/_names.tpl diff --git a/library/common/1.0.0/templates/lib/controller/_pod.tpl b/library/common/1.0.0/templates/lib/general/_pod.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/controller/_pod.tpl rename to library/common/1.0.0/templates/lib/general/_pod.tpl diff --git a/library/common/1.0.0/templates/lib/controller/_container.tpl b/library/common/1.0.0/templates/lib/pod/_container.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/controller/_container.tpl rename to library/common/1.0.0/templates/lib/pod/_container.tpl diff --git a/library/common/1.0.0/templates/lib/chart/_dns.tpl b/library/common/1.0.0/templates/lib/pod/_dns.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/chart/_dns.tpl rename to library/common/1.0.0/templates/lib/pod/_dns.tpl diff --git a/library/common/1.0.0/templates/lib/chart/_hostAliases.tpl b/library/common/1.0.0/templates/lib/pod/_hostAliases.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/chart/_hostAliases.tpl rename to library/common/1.0.0/templates/lib/pod/_hostAliases.tpl diff --git a/library/common/1.0.0/templates/lib/chart/_nodeSelector.tpl b/library/common/1.0.0/templates/lib/pod/_nodeSelector.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/chart/_nodeSelector.tpl rename to library/common/1.0.0/templates/lib/pod/_nodeSelector.tpl diff --git a/library/common/1.0.0/templates/lib/chart/_podAnnotations.tpl b/library/common/1.0.0/templates/lib/pod/_podAnnotations.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/chart/_podAnnotations.tpl rename to library/common/1.0.0/templates/lib/pod/_podAnnotations.tpl diff --git a/library/common/1.0.0/templates/lib/chart/_podLabels.tpl b/library/common/1.0.0/templates/lib/pod/_podLabels.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/chart/_podLabels.tpl rename to library/common/1.0.0/templates/lib/pod/_podLabels.tpl diff --git a/library/common/1.0.0/templates/lib/pod/_podSecurityContext.tpl b/library/common/1.0.0/templates/lib/pod/_podSecurityContext.tpl new file mode 100644 index 0000000000..946508994a --- /dev/null +++ b/library/common/1.0.0/templates/lib/pod/_podSecurityContext.tpl @@ -0,0 +1,19 @@ +{{/* A dict podSecContext is expected with keys line runAsUser */}} +{{- define "ix.v1.common.container.podSecurityContext" -}} + {{- $podSecCont := .podSecCont -}} +runAsUser: {{ required " value is required." $podSecCont.runAsUser }} +runAsGroup: {{ required " value is required." $podSecCont.runAsGroup }} +fsGroup: {{ required " value is required." $podSecCont.fsGroup }} + {{- with $podSecCont.supplementalGroups }} +supplementalGroups: + {{- range . }} + - {{ . }} + {{- end -}} + {{- end -}} + {{- with $podSecCont.fsGroupChangePolicy -}} + {{- if not (has . (list "Always" "OnRootMismatch")) -}} + {{- fail "Invalid option for fsGroupChangePolicy. Valid options are and ." -}} + {{- end }} +fsGroupChangePolicy: {{ . }} + {{- end -}} +{{- end -}} diff --git a/library/common/1.0.0/templates/lib/chart/_tolerations.tpl b/library/common/1.0.0/templates/lib/pod/_tolerations.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/chart/_tolerations.tpl rename to library/common/1.0.0/templates/lib/pod/_tolerations.tpl diff --git a/library/common/1.0.0/templates/lib/controller/_volumes.tpl b/library/common/1.0.0/templates/lib/pod/_volumes.tpl similarity index 100% rename from library/common/1.0.0/templates/lib/controller/_volumes.tpl rename to library/common/1.0.0/templates/lib/pod/_volumes.tpl diff --git a/library/common/1.0.0/templates/class/serviceTemplates/_endpoints.tpl b/library/common/1.0.0/templates/lib/service/_endpoints.tpl similarity index 100% rename from library/common/1.0.0/templates/class/serviceTemplates/_endpoints.tpl rename to library/common/1.0.0/templates/lib/service/_endpoints.tpl diff --git a/library/common/1.0.0/templates/class/serviceTemplates/_externalIPs.tpl b/library/common/1.0.0/templates/lib/service/_externalIPs.tpl similarity index 100% rename from library/common/1.0.0/templates/class/serviceTemplates/_externalIPs.tpl rename to library/common/1.0.0/templates/lib/service/_externalIPs.tpl diff --git a/library/common/1.0.0/templates/class/serviceTemplates/_sessionAffinity.tpl b/library/common/1.0.0/templates/lib/service/_sessionAffinity.tpl similarity index 100% rename from library/common/1.0.0/templates/class/serviceTemplates/_sessionAffinity.tpl rename to library/common/1.0.0/templates/lib/service/_sessionAffinity.tpl