mirror of
https://github.com/truenas/charts.git
synced 2026-04-24 02:20:15 +08:00
5b1abdd839
* fix
* fix
* some more
* somefixs
* whops
* initial structure
* finish up configmap
* secret class
* runtest secret
* move files arround
* ignore
* make clear on call template that need root context
* imagePullSecret (minus targetSelector)
* move out of the way
* clean up comment
* deployment basic spec
* daemonset basic spec
* statefulset spec
* split file
* docs
* update values
* job spec
* job docs
* cronJob basic spec
* job in cron test
* add common version
* podsepc
* whoopsis
* selectorlabels and pod metadata
* job and cron pod metadata
* update docs
* consistent order
* get ready for pod
* first targetSelector
* remove todo
* update docs
* add hostnet and enableservicelinks
* update selector logic
* update docs
* add tests for restartpolicy
* schedulerName
* priorityclassname
* hostname
* termperiodsec
* nodeselector
* add fail case
* host aliases
* dns policy
* dns config
* tolerations
* serviceaccoutn class, spawner, saname selector
* add pod todo
* update some tests
* add runtimeclassname
* controllers -> workload and plurar to singular
* require at least 1 primary on enabled SAs
* fix script
* remove wrong comment
* update naming scheme
* update rbac values ref
* rbac docs
* rbac's
* append short name, for future use
* update comments
* initial service wireframe
* shorten line
* simplify labels and update tests
* service selectors
* simplify error messages
* finish clusterIP type
* loadbalancer
* noedport
* externalname
* external ip
* update service
* fix highlighting
* session affinity
* add comment
* update comments
* service ports
* fix indentation
* externalname can have no ports
* fixup externalIP
* add pvc class and spawner and tests
* add nfs and emptyDir vols
* example
* extend docs a bit
* not create pvc if existing claim is set
* helm... you are dumb really. how this fixes an unrelated test
* add configmap
* add secret vol
* add pvc vol
* add hostpath
* finish volumes
* initial podsec
* podsec context with some todo's to check
* automatic sysctls
* remove todo
* update doc struct
* split docs
* split service docs
* initial container plumbing
* fix tests
* fix test
* rename to class
* command and args
* termination
* add lifecycle
* int value from tpl
* another case
* fix service protocol tpl
* update readme
* ports
* update todo
* cleanup values a bit
* only add sysctl when port is bellow 1024
* whops, thats a different range
* update avlue
* move some old docs to the "to be deleted" dir
* externalinteface validation
* update an error message and apply externalinterface annotations to workloads
* external interfaces
* TZ - TIMEZONE
* update rdoc
* reduce code duple
* device vol type
* initial certificate plumbing
* update comments
* finish secret creation of certificate
* cert dosc
* volumeMounts
* scale certs
* doc
* add tests for volMounts
* values updates
* update todo
* add test case
* remove some todo
* update todos
* vct
* remove tdoo
* restore default
* rename function
* make selectorlabels a bit better
* trim
* some cleanup
* update some ci values
* update ci
* rollingup defaults
* rename dir
* fix nil pointers
* check the same strategy var
* whops
* fix tests
* typo
* not a good day for copy paste
* move check
* move another check
* fix some tests for upcoming probes
* one mroe
* split docs
* add default probes for `main` and docs
* add probes and some ci testruns
* whops
* fix an edge case
* add an error for edge case
* runtests
* runtest updaets
* update
* check if podvalues exist first
* force types
* force only one of the 2
* quote labels and annotaions values
* job/cron have auto gen selectors
* remove false test
* fix maxsureg
* fix end
* different fix
* fix some tests
* fix rollUp
* try to fix 3.9.4 helm
* move file to helpers
* use capital types in probes and lifecycle
* Revert "use capital types in probes and lifecycle"
This reverts commit 380ebd5f1f.
* typo
* use lowercase for protocol everywhere
* rbac runtest
* prune old
* add resources
* add resources
* fix rbc
* fix sa naming in pod
* fix test
* 44 suppl group on gpu
* remove todo
* extract function in another file
* whops
* add securityContext implementation
* add fail cases
* add rest of the tests
* remove todo
* envFrom
* minify
* env list
* add env
* add envdupe check tests
* add fixed envs
* replace containers with callers
* add callers
* add initContainer
* add init run test
* reset default test val
* add name tests
* add some more tests
* rename
* validate workload type only if enabled
* lint fix for 3.9.4
* add tpl on init enabled
* whops
* fix init
* echo
* echo
* args...
* list
* comment out disabled persistences
* fix some typos and improve resources `requests` requirement
* improve docs a bit
* require name,description,version,type
* add some wording regarding what Helm Template column means
* add title as requirement
* remove scheduler
* remove priority class name
* remove nfs + externalIP
* remove LB
* remove STS & VCT
* fix a test
* remove nodeselector
* remove DS
* remove pvc
* remove todo
* conditionally print the type, as we might want to use the template to select all objects inthe chart
* add some docs
* docs for notes
* add `tls.` in the certificate secret, according to k8s docs
* add some basic docs around the rest of the options
* clean values.yaml
* catch an edge case
* remove externalName
* set autmountSA on SA to false
* add note about the automountSA
workload
| Key | Type | Required | Helm Template | Default | Description |
|---|---|---|---|---|---|
| workload | dict |
❌ | ❌ | {} |
Define the workload as dicts |
| workload.[workload-name] | dict |
✅ | ❌ | {} |
Holds workload definition |
| workload.[workload-name].enabled | boolean |
✅ | ❌ | false |
Enables or Disables the workload |
| workload.[workload-name].primary | boolean |
✅ | ❌ | false |
Sets the workload as primary |
| workload.[workload-name].labels | dict |
❌ | ✅ (On value only) | {} |
Additional labels for workload |
| workload.[workload-name].annotations | dict |
❌ | ✅ (On value only) | {} |
Additional annotations for workload |
| workload.[workload-name].type | string |
✅ | ❌ | "" |
Define the kind of the workload (Deployment, CronJob, Job) |
| workload.[workload-name].podSpec | dict |
✅ | ❌ | {} |
Holds the pod definition |
| workload.[workload-name].podSpec.labels | dict |
❌ | ✅ (On value only) | {} |
Additional Pod Labels |
| workload.[workload-name].podSpec.annotations | dict |
❌ | ✅ (On value only) | {} |
Pod Annotations |
| workload.[workload-name].podSpec.automountServiceAccountToken | boolean |
❌ | ❌ | {{ .Values.podOptions.automountServiceAccoutnToken }} (false) |
Pod's automountServiceAccountToken |
| workload.[workload-name].podSpec.hostNetwork | boolean |
❌ | ❌ | {{ .Values.podOptions.hostNetwork }} (false) |
Pod's hostNetwork |
| workload.[workload-name].podSpec.enableServiceLinks | boolean |
❌ | ❌ | {{ .Values.podOptions.enableServiceLinks }} (false) |
Pod's enableServiceLinks |
| workload.[workload-name].podSpec.restartPolicy | string |
❌ | ✅ | {{ .Values.podOptions.restartPolicy }} (Always) |
Pod's restartPolicy. (Always, Never, OnFailure) |
| workload.[workload-name].podSpec.hostname | string |
❌ | ✅ | "" |
Pod's hostname |
| workload.[workload-name].podSpec.terminationGracePeriodSeconds | int |
❌ | ✅ | {{ .Values.podOptions.terminationGracePeriodSeconds }} (120) |
Pod's terminationGracePeriodSeconds |
| workload.[workload-name].podSpec.hostAliases | list |
❌ | ❌ | Pod's host aliases | |
| workload.[workload-name].podSpec.hostAliases.ip | string |
❌ | ✅ | Value for ip in hosts aliases |
|
| workload.[workload-name].podSpec.hostAliases.hostnames | list |
❌ | ❌ | Hostnames for the ip in hosts aliases |
|
| workload.[workload-name].podSpec.hostAliases.hostnames.[host-name] | string |
❌ | ✅ | [Value] for hostnames for the ip in hosts aliases |
|
| workload.[workload-name].podSpec.dnsPolicy | string |
❌ | ✅ | {{ .Values.podOptions.dnsPolicy }} (ClusterFirst) |
Pod's DNS Policy (ClusterFirst, ClusterFirstWithHostNet, Default, None). |
| workload.[workload-name].podSpec.tolerations | list |
❌ | ❌ | {{ .Values.podOptions.tolerations }} ([]) |
Pod's Tolerations |
| workload.[workload-name].podSpec.tolerations.operator | string |
✅ | ✅ | Toleration's operator (Equal, Exists) |
|
| workload.[workload-name].podSpec.tolerations.key | string |
❌/✅ | ✅ | Toleration's key. Required only when operator = Equal |
|
| workload.[workload-name].podSpec.tolerations.value | string |
❌/✅ | ✅ | Toleration's value. Required only when operator = Equal |
|
| workload.[workload-name].podSpec.tolerations.effect | string |
❌ | ✅ | Toleration's effect.(NoExecute, NoSchedule, PreferNoSchedule) |
|
| workload.[workload-name].podSpec.tolerations.tolerationSeconds | int |
❌ | ❌ | Toleration's tolerationSeconds. |
|
| workload.[workload-name].podSpec.runtimeClassName | string |
❌ | ✅ | {{ .Values.podOptions.runtimeClassName }} ("") |
Pod's runtimeClassName |
| workload.[workload-name].podSpec.securityContext | dict |
❌ | ❌ | {{ .Values.securityContext.pod }} |
Pod's securityContext |
| workload.[workload-name].podSpec.securityContext.fsGroup | int |
❌ | ❌ | 568 |
Pod's fsGroup |
| workload.[workload-name].podSpec.securityContext.fsGroupChangePolicy | string |
❌ | ❌ | OnRootMismatch |
Pod's fsGroupChangePolicy (Always, OnRootMismatch) |
| workload.[workload-name].podSpec.securityContext.supplementalGroups | list |
❌ | ❌ | [] |
Pod's supplementalGroups (list of int) |
| workload.[workload-name].podSpec.securityContext.sysctls | list |
❌ | ❌ | [] |
Pod's sysctls |
| workload.[workload-name].podSpec.securityContext.sysctls.name | string |
✅ | ✅ | "" |
name of the sysctl |
| workload.[workload-name].podSpec.securityContext.sysctls.value | string |
✅ | ✅ | "" |
value of the sysctl |
| workload.[workload-name].podSpec.containers | dict |
❌ | ❌ | {} |
Define container(s) |
| workload.[workload-name].podSpec.initContainers | dict |
❌ | ❌ | {} |
Define initContainer(s) |
Notes
dnsPolicyis set automatically toClusterFirstWithHostNetwhenhostNetworkistrue>runtimeClassNamewill ignore any value set and use the.Values.global.ixChartContext.nvidiaRuntimeClassName, if a GPU is assigned to a container and Scale Middleware sets.Values.global.ixChartContext.addNvidiaRuntimeClasstotrue. Note that it will only set theruntimeClassNameon the pod that this container belongs to. sysctlnet.ipv4.ip_unprivileged_port_startwill be automatically set to the lowesttargetPort(orportif targetPort is not defined) number assigned to the pod. sysctlnet.ipv4.ping_group_rangewill be automatically set to the lowest and highesttargetPort(orportif targetPort is not defined) number assigned to the pod.
Appears in:
.Values.workload
Naming scheme:
- Primary:
$FullName(release-name-chart-name) - Non-Primary:
$FullName-$WorkloadName(release-name-chart-name-workload-name)
Those are the common
keysfor all workloads. Additional keys, information and examples, see on the specific kind of workload
Additional keys, information and examples for
workload.[workload-name].podSpec.containers.
Examples:
workload:
workload-name:
enabled: true
primary: true
labels:
key: value
annotations:
key: value
podSpec:
labels:
key: value
annotations:
key: value
automountServiceAccountToken: true
hostNetwork: false
enableServiceLinks: false
hostname: some-hostname
terminationGracePeriodSeconds: 100
hostAliases:
- ip: 10.10.10.100
hostnames:
- myserver.local
- storage.local
- ip: 10.10.10.101
hostnames:
- myotherserver.local
- backups.local
dnsPolicy: ClusterFirst
dnsConfig:
nameservers:
- 1.1.1.1
- 1.0.0.1
searches:
- ns1.svc.cluster-domain.example
- my.dns.search.suffix
options:
- name: ndots
value: "2"
- name: edns0
tolerations:
- operator: Exists
effect: NoExecute
tolerationSeconds: 3600
runtimeClassName: some-runtime-class
securityContext:
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups:
- 568
sysctls:
- name: net.ipv4.ip_local_port_range
value: 1024 65535