mirror of https://github.com/truenas/charts.git synced 2026-04-24 02:20:15 +08:00

Files

Stavros Kois 5b1abdd839 NAS-118930 / 23.10 / Improve/Refactor Common Library (#917 )

* fix

* fix

* some more

* somefixs

* whops

* initial structure

* finish up configmap

* secret class

* runtest secret

* move files arround

* ignore

* make clear on call template that need root context

* imagePullSecret (minus targetSelector)

* move out of the way

* clean up comment

* deployment basic spec

* daemonset basic spec

* statefulset spec

* split file

* docs

* update values

* job spec

* job docs

* cronJob basic spec

* job in cron test

* add common version

* podsepc

* whoopsis

* selectorlabels and pod metadata

* job and cron pod metadata

* update docs

* consistent order

* get ready for pod

* first targetSelector

* remove todo

* update docs

* add hostnet and enableservicelinks

* update selector logic

* update docs

* add tests for restartpolicy

* schedulerName

* priorityclassname

* hostname

* termperiodsec

* nodeselector

* add fail case

* host aliases

* dns policy

* dns config

* tolerations

* serviceaccoutn class, spawner, saname selector

* add pod todo

* update some tests

* add runtimeclassname

* controllers -> workload and plurar to singular

* require at least 1 primary on enabled SAs

* fix script

* remove wrong comment

* update naming scheme

* update rbac values ref

* rbac docs

* rbac's

* append short name, for future use

* update comments

* initial service wireframe

* shorten line

* simplify labels and update tests

* service selectors

* simplify error messages

* finish clusterIP type

* loadbalancer

* noedport

* externalname

* external ip

* update service

* fix highlighting

* session affinity

* add comment

* update comments

* service ports

* fix indentation

* externalname can have no ports

* fixup externalIP

* add pvc class and spawner and tests

* add nfs and emptyDir vols

* example

* extend docs a bit

* not create pvc if existing claim is set

* helm... you are dumb really. how this fixes an unrelated test

* add configmap

* add secret vol

* add pvc vol

* add hostpath

* finish volumes

* initial podsec

* podsec context with some todo's to check

* automatic sysctls

* remove todo

* update doc struct

* split docs

* split service docs

* initial container plumbing

* fix tests

* fix test

* rename to class

* command and args

* termination

* add lifecycle

* int value from tpl

* another case

* fix service protocol tpl

* update readme

* ports

* update todo

* cleanup values a bit

* only add sysctl when port is bellow 1024

* whops, thats a different range

* update avlue

* move some old docs to the "to be deleted" dir

* externalinteface validation

* update an error message and apply externalinterface annotations to workloads

* external interfaces

* TZ - TIMEZONE

* update rdoc

* reduce code duple

* device vol type

* initial certificate plumbing

* update comments

* finish secret creation of certificate

* cert dosc

* volumeMounts

* scale certs

* doc

* add tests for volMounts

* values updates

* update todo

* add test case

* remove some todo

* update todos

* vct

* remove tdoo

* restore default

* rename function

* make selectorlabels a bit better

* trim

* some cleanup

* update some ci values

* update ci

* rollingup defaults

* rename dir

* fix nil pointers

* check the same strategy var

* whops

* fix tests

* typo

* not a good day for copy paste

* move check

* move another check

* fix some tests for upcoming probes

* one mroe

* split docs

* add default probes for `main` and docs

* add probes and some ci testruns

* whops

* fix an edge case

* add an error for edge case

* runtests

* runtest updaets

* update

* check if podvalues exist first

* force types

* force only one of the 2

* quote labels and annotaions values

* job/cron have auto gen selectors

* remove false test

* fix maxsureg

* fix end

* different fix

* fix some tests

* fix rollUp

* try to fix 3.9.4 helm

* move file to helpers

* use capital types in probes and lifecycle

* Revert "use capital types in probes and lifecycle"

This reverts commit 380ebd5f1f.

* typo

* use lowercase for protocol everywhere

* rbac runtest

* prune old

* add resources

* add resources

* fix rbc

* fix sa naming in pod

* fix test

* 44 suppl group on gpu

* remove todo

* extract function in another file

* whops

* add securityContext implementation

* add fail cases

* add rest of the tests

* remove todo

* envFrom

* minify

* env list

* add env

* add envdupe check tests

* add fixed envs

* replace containers with callers

* add callers

* add initContainer

* add init run test

* reset default test val

* add  name tests

* add some more tests

* rename

* validate workload type only if enabled

* lint fix for 3.9.4

* add tpl on init enabled

* whops

* fix init

* echo

* echo

* args...

* list

* comment out disabled persistences

* fix some typos and improve resources `requests` requirement

* improve docs a bit

* require name,description,version,type

* add some wording regarding what Helm Template column means

* add title as requirement

* remove scheduler

* remove priority class name

* remove nfs + externalIP

* remove LB

* remove STS & VCT

* fix a test

* remove nodeselector

* remove DS

* remove pvc

* remove todo

* conditionally print the type, as we might want to use the template to select all objects inthe chart

* add some docs

* docs for notes

* add `tls.` in the certificate secret, according to k8s docs

* add some basic docs around the rest of the options

* clean values.yaml

* catch an edge case

* remove externalName

* set autmountSA on SA to false

* add note about the automountSA

2023-02-20 15:23:33 +02:00

container

NAS-118930 / 23.10 / Improve/Refactor Common Library (#917 )

2023-02-20 15:23:33 +02:00

persistence

NAS-118930 / 23.10 / Improve/Refactor Common Library (#917 )

2023-02-20 15:23:33 +02:00

service

NAS-118930 / 23.10 / Improve/Refactor Common Library (#917 )

2023-02-20 15:23:33 +02:00

workload

NAS-118930 / 23.10 / Improve/Refactor Common Library (#917 )

2023-02-20 15:23:33 +02:00

configmap.md

NAS-118930 / 23.10 / Improve/Refactor Common Library (#917 )

2023-02-20 15:23:33 +02:00

imagePullSecret.md

NAS-118930 / 23.10 / Improve/Refactor Common Library (#917 )

2023-02-20 15:23:33 +02:00

notes.md

NAS-118930 / 23.10 / Improve/Refactor Common Library (#917 )

2023-02-20 15:23:33 +02:00

rbac.md

NAS-118930 / 23.10 / Improve/Refactor Common Library (#917 )

2023-02-20 15:23:33 +02:00

README.md

NAS-118930 / 23.10 / Improve/Refactor Common Library (#917 )

2023-02-20 15:23:33 +02:00

scaleCertificate.md

NAS-118930 / 23.10 / Improve/Refactor Common Library (#917 )

2023-02-20 15:23:33 +02:00

scaleExternalInterface.md

NAS-118930 / 23.10 / Improve/Refactor Common Library (#917 )

2023-02-20 15:23:33 +02:00

scaleGPU.md

NAS-118930 / 23.10 / Improve/Refactor Common Library (#917 )

2023-02-20 15:23:33 +02:00

secret.md

NAS-118930 / 23.10 / Improve/Refactor Common Library (#917 )

2023-02-20 15:23:33 +02:00

serviceAccount.md

NAS-118930 / 23.10 / Improve/Refactor Common Library (#917 )

2023-02-20 15:23:33 +02:00

README.md

Common Chart Documentation

Global and Defaults

This options should not need to be changed per chart.

Key	Type	Required	Helm Template	Default	Description
.Values.global.labels	`dict`	❌	✅ (On value only)	`{}`	Additional Labels that apply to all objects
.Values.global.annotations	`dict`	❌	✅ (On value only)	`{}`	Additional Annotations that apply to all objects
.Values.global.minNodePort	`int`	✅	❌	`9000`	Minimum Node Port Allowed
.Values.fallbackDefaults.probeType	`string`	✅	❌	`http`	Default probe type when not defined in the container level
.Values.fallbackDefaults.serviceProtocol	`string`	✅	❌	`tcp`	Default service protocol when not defined in the service
.Values.fallbackDefaults.serviceType	`string`	✅	❌	`ClusterIP`	Default service type when not defined in the service
.Values.fallbackDefaults.persistenceType	`string`	✅	❌	`emptyDir`	Default persistence type when not defined in the persistence
.Values.fallbackDefaults.probeTimeouts	`dict`	✅	❌	See below	Default probe timeouts if not defined in the container
.Values.fallbackDefaults.probeTimeouts.[probe]	`dict`	✅	❌	See below	Default probe timeouts if not defined in the container
.Values.fallbackDefaults.probeTimeouts.[probe].initialDelaySeconds	`int`	✅	❌	See below	Default initialDelaySeconds if not defined in the container
.Values.fallbackDefaults.probeTimeouts.[probe].periodSeconds	`int`	✅	❌	See below	Default periodSeconds if not defined in the container
.Values.fallbackDefaults.probeTimeouts.[probe].timeoutSeconds	`int`	✅	❌	See below	Default timeoutSeconds if not defined in the container
.Values.fallbackDefaults.probeTimeouts.[probe].failureThreshold	`int`	✅	❌	See below	Default failureThreshold if not defined in the container
.Values.fallbackDefaults.probeTimeouts.[probe].successThreshold	`int`	✅	❌	See below	Default successThreshold if not defined in the container

Default probe timeouts:

probeTimeouts:
  liveness:
    initialDelaySeconds: 10
    periodSeconds: 10
    timeoutSeconds: 5
    failureThreshold: 5
    successThreshold: 1
  readiness:
    initialDelaySeconds: 10
    periodSeconds: 10
    timeoutSeconds: 5
    failureThreshold: 5
    successThreshold: 2
  startup:
    initialDelaySeconds: 10
    periodSeconds: 5
    timeoutSeconds: 2
    failureThreshold: 60
    successThreshold: 1

Examples:

global:
  labels:
    key: value
    keytpl: "{{ .Values.some.value }}"
  annotations:
    key: value
    keytpl: "{{ .Values.some.value }}"
  minNodePort: 9000

faillbackDefaults:
  probeType: http
  serviceProtocol: tcp
  serviceType: ClusterIP
  persistenceType: emptyDir
  probeTimeouts:
    liveness:
      initialDelaySeconds: 10
      periodSeconds: 10
      timeoutSeconds: 5
      failureThreshold: 5
      successThreshold: 1
    readiness:
      initialDelaySeconds: 10
      periodSeconds: 10
      timeoutSeconds: 5
      failureThreshold: 5
      successThreshold: 2
    startup:
      initialDelaySeconds: 10
      periodSeconds: 5
      timeoutSeconds: 2
      failureThreshold: 60
      successThreshold: 1

Global Values that apply on pods/containers

All of the below values are applied on all pods/containers, but can be overridden on the pod/container level. This is so, you can have a single point to define the values from the scale UI, but still have the ability to override them on the pod/container level, in case you need to.

Key	Type	Required	Helm Template	Default	Description
.Values.TZ	`string`	✅	❌	See below	Timezone that is used everywhere applicable
.Values.PUID	`int`	✅	❌	See below	PUID (Only applied when running as root)
.Values.UMASK	`string`	✅	❌	See below	UMASK
.Values.NVIDIA_CAPS	`list`	✅	❌	See below	NVIDIA_CAPS (Only applied when scaleGPU is passed)
.Values.containerOptions	`dict`	✅	❌	See below	Options that apply to all containers
.Values.containerOptions.resources	`dict`	✅	❌	See below	Resources
.Values.containerOptions.resources.limits	`dict`	✅	❌	See below	Resources
.Values.containerOptions.resources.limits.cpu	`string`	✅	❌	See below	Resources
.Values.containerOptions.resources.limits.memory	`string`	✅	❌	See below	Resources
.Values.containerOptions.resources.requests	`dict`	✅	❌	See below	Resources
.Values.containerOptions.resources.requests.cpu	`string`	✅	❌	See below	Resources
.Values.containerOptions.resources.requests.memory	`string`	✅	❌	See below	Resources
.Values.podOptions	`dict`	✅	❌	See below	Options that apply to all pods
.Values.podOptions.enableServiceLinks	`boolean`	✅	❌	See below	enableServiceLinks
.Values.podOptions.hostNetwork	`boolean`	✅	❌	See below	hostNetwork
.Values.podOptions.restartPolicy	`string`	✅	❌	See below	restartPolicy
.Values.podOptions.dnsPolicy	`string`	✅	❌	See below	dnsPolicy
.Values.podOptions.dnsConfig	`list`	✅	❌	See below	dnsConfig
.Values.podOptions.hostAliases	`list`	✅	❌	See below	hostAliases
.Values.podOptions.tolerations	`list`	✅	❌	See below	tolerations
.Values.podOptions.runtimeClassName	`string`	✅	❌	See below	runtimeClassName (value in ixChartContext will always take precedence)
.Values.podOptions.automountServiceAccountToken	`boolean`	✅	❌	See below	automountServiceAccountToken
.Values.podOptions.terminationGracePeriodSeconds	`int`	✅	❌	See below	terminationGracePeriodSeconds

Defaults:

TZ: UTC
PUID: 568
UMASK: "002"
NVIDIA_CAPS:
  - all
containerOptions:
  resources:
    limits:
      cpu: 4000m
      memory: 8Gi
    requests:
      cpu: 10m
      memory: 50Mi
podOptions:
  enableServiceLinks: false
  hostNetwork: false
  restartPolicy: Always
  dnsPolicy: ClusterFirst
  dnsConfig:
    options:
      - name: ndots
        value: "2"
  hostAliases: []
  tolerations: []
  runtimeClassName: ""
  automountServiceAccountToken: false
  terminationGracePeriodSeconds: 120

Global Security Context

Key	Type	Required	Helm Template	Default	Description
.Values.securityContext	`dict`	✅	❌	See below	Security Context
.Values.securityContext.container	`dict`	✅	❌	See below	Security Context for containers
.Values.securityContext.container.runAsNonRoot	`boolean`	✅	❌	See below
.Values.securityContext.container.runAsUser	`int`	✅	❌	See below
.Values.securityContext.container.runAsGroup	`int`	✅	❌	See below
.Values.securityContext.container.readOnlyRootFilesystem	`boolean`	✅	❌	See below
.Values.securityContext.container.allowPrivilegeEscalation	`boolean`	✅	❌	See below
.Values.securityContext.container.privileged	`boolean`	✅	❌	See below
.Values.securityContext.container.seccompProfile	`dict`	✅	❌	See below
.Values.securityContext.container.seccompProfile.type	`string`	✅	❌	See below
.Values.securityContext.container.seccompProfile.profile	`string`	✅	❌	See below
.Values.securityContext.container.capabilities	`dict`	✅	❌	See below
.Values.securityContext.container.capabilities.add	`list`	✅	❌	See below
.Values.securityContext.container.capabilities.drop	`list`	✅	❌	See below
.Values.securityContext.pod	`dict`	✅	❌	See below	Security Context for pods
.Values.securityContext.pod.fsGroup	`int`	✅	❌	See below
.Values.securityContext.pod.fsGroupChangePolicy	`string`	✅	❌	See below
.Values.securityContext.pod.supplementalGroup	`list`	✅	❌	See below
.Values.securityContext.pod.sysctls	`list`	✅	❌	See below

Defaults:

securityContext:
  # -- Container security context for all containers
  # Can be overruled per container
  container:
    runAsNonRoot: true
    runAsUser: 568
    runAsGroup: 568
    readOnlyRootFilesystem: true
    allowPrivilegeEscalation: false
    privileged: false
    seccompProfile:
      type: RuntimeDefault
    capabilities:
      add: []
      drop:
        - ALL
  # -- Pod security context for all pods
  # Can be overruled per pod
  pod:
    fsGroup: 568
    fsGroupChangePolicy: OnRootMismatch
    supplementalGroups: []
    sysctls: []

Images

Key	Type	Required	Helm Template	Default	Description
.Values.image	`dict`	✅	❌	See below	Image
.Values.image.repository	`string`	✅	❌	See below	Image Repository
.Values.image.tag	`string`	✅	❌	See below	Image Tag
.Values.image.pullPolicy	`string`	✅	❌	See below	Image Pull Policy

Defaults:

image:
  repository: ""
  tag: ""
  pullPolicy: IfNotPresent

You can define additional images using the following convention:

imageWorker:
  repository: ""
  tag: ""
  pullPolicy: IfNotPresent

There isn't anything special in the above format, it's just a convention. It's also a format that some external tools can use for automatic image updates. For example, Renovate

Additional Documentation:

Notes:

This applies across all the documentation:

Helm Template:
- ❌ means that the value is not templated
- ✅ means that the value is templated, for example instead of a hardcoded value, you can set it to {{ .Values.some.value }}. and it will be replaced by the value contained in .Values.some.value at the installation/upgrade time.