Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-09 02:37:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Delete template directory (#36457)

Browse Source 
Signed-off-by: Carlos Rodríguez Hernández <carlos.rodriguez-hernandez@broadcom.com>
This commit is contained in:
Carlos Rodríguez Hernández
2026-02-06 08:58:54 +01:00
committed by GitHub
parent 58cfc4ede8
commit 1830f18e1d
27 changed files with 0 additions and 2497 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
template/.helmignore
View File

@@ -1,25 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
# img folder
img/
# Changelog
CHANGELOG.md

21
template/CHART_NAME/.helmignore
View File

@@ -1,21 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

34
template/CHART_NAME/Chart.yaml
View File

@@ -1,34 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
annotations:
licenses: Apache-2.0
apiVersion: v2
appVersion: %%UPSTREAM_PROJECT_VERSION%%
dependencies:
- condition: SUBCHART_NAME.enabled
name: SUBCHART_NAME
repository: oci://registry-1.docker.io/bitnamicharts
version: %%MAJOR_SUBCHART_VERSION_(A.X.X)%%
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
tags:
- bitnami-common
version: 2.x.x
description: %%DESCRIPTION%%
home: https://bitnami.com
icon: https://dyltqmyl993wv.cloudfront.net/assets/stacks/%%IMAGE_NAME%%/img/%%IMAGE_NAME%%-stack-220x234.png
keywords:
- %%UPSTREAM_PROJECT_KEYWORD%%
- %%UPSTREAM_PROJECT_KEYWORD%%
- ...
maintainers:
- name: Broadcom, Inc. All Rights Reserved.
url: https://github.com/bitnami/charts
name: %%CHART_NAME%%
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/%%IMAGE_NAME%%
- https://github.com/bitnami/containers/tree/main/bitnami/%%IMAGE_NAME%%
- %%UPSTREAM_PROJECT_SOURCE_CODE_URL%%
- ...
version: 0.1.0

260
template/CHART_NAME/README.md
View File

@@ -1,260 +0,0 @@
<!--- app-name: %%CHART_NAME%% -->
# %%CHART_NAME%%
%%DESCRIPTION%% (check existing examples)
## TL;DR
```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/%%CHART_NAME%%
```
## Why use Bitnami Secure Images?
Those are hardened, minimal CVE images built and maintained by Bitnami. Bitnami Secure Images are based on the cloud-optimized, security-hardened enterprise [OS Photon Linux](https://vmware.github.io/photon/). Why choose BSI images?
- Hardened secure images of popular open source software with Near-Zero Vulnerabilities
- Vulnerability Triage & Prioritization with VEX Statements, KEV and EPSS Scores
- Compliance focus with FIPS, STIG, and air-gap options, including secure bill of materials (SBOM)
- Software supply chain provenance attestation through in-toto
- First class support for the internets favorite Helm charts
Each image comes with valuable security metadata. You can view the metadata in [our public catalog here](https://app-catalog.vmware.com/bitnami/apps). Note: Some data is only available with [commercial subscriptions to BSI](https://bitnami.com/).
![Alt text](https://github.com/bitnami/containers/blob/main/BSI%20UI%201.png?raw=true "Application details")
![Alt text](https://github.com/bitnami/containers/blob/main/BSI%20UI%202.png?raw=true "Packaging report")
If you are looking for our previous generation of images based on Debian Linux, please see the [Bitnami Legacy registry](https://hub.docker.com/u/bitnamilegacy).
## Introduction
%%INTRODUCTION%% (check existing examples)
## Prerequisites
- Kubernetes 1.23+
- Helm 3.8.0+
- PV provisioner support in the underlying infrastructure
- ReadWriteMany volumes for deployment scaling
## Installing the Chart
To install the chart with the release name `my-release`:
```console
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/%%CHART_NAME%%
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The command deploys %%CHART_NAME%% on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Configuration and installation details
### [Rolling VS Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### External database support
%%IF NEEDED%%
You may want to have %%CHART_NAME%% connect to an external database rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalDatabase` parameter](#parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. Here is an example:
```console
mariadb.enabled=false
externalDatabase.host=myexternalhost
externalDatabase.user=myuser
externalDatabase.password=mypassword
externalDatabase.database=mydatabase
externalDatabase.port=3306
```
### Ingress
%%IF NEEDED%%
This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `ingress.enabled` to `true`.
The most common scenario is to have one host name mapped to the deployment. In this case, the `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host.
However, it is also possible to have more than one host. To facilitate this, the `ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `ingress.extraTLS` parameter (if available) can also be used to add the TLS configuration for extra hosts.
> NOTE: For each host specified in the `ingress.extraHosts` parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers.
Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists.
[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/).
### Securing traffic using TLS
TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the cluster:
- `tls.enabled`: Enable TLS support. Defaults to `false`
- `tls.existingSecret`: Name of the secret that contains the certificates. No defaults.
- `tls.certFilename`: Certificate filename. No defaults.
- `tls.certKeyFilename`: Certificate key filename. No defaults.
- `tls.certCAFilename`: CA Certificate filename. No defaults.
For example:
First, create the secret with the certificates files:
```console
kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem
```
Then, use the following parameters:
```console
tls.enabled="true"
tls.existingSecret="certificates-tls-secret"
tls.certFilename="cert.pem"
tls.certKeyFilename="cert.key"
tls.certCAFilename="ca.pem"
```
### %%OTHER_SECTIONS%%
### Additional environment variables
In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property.
```yaml
%%CHART_NAME%%:
extraEnvVars:
- name: LOG_LEVEL
value: error
```
Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values.
### Sidecars
If additional containers are needed in the same pod as %%CHART_NAME%% (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter.
```yaml
sidecars:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
```
If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below:
```yaml
service:
extraPorts:
- name: extraPort
port: 11311
targetPort: 11311
```
> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers.
If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example:
```yaml
initContainers:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
```
Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).
### Pod affinity
This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters.
### Prometheus metrics
This chart can be integrated with Prometheus by setting `metrics.enabled` to `true`. %% EXPLAIN INTEGRATION. CHECK OTHER EXAMPLES %%. It will have the necessary annotations to be automatically scraped by Prometheus.
#### Prometheus requirements
It is necessary to have a working installation of Prometheus or Prometheus Operator for the integration to work. Install the [Bitnami Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/prometheus) or the [Bitnami Kube Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus) to easily have a working Prometheus in your cluster.
#### Integration with Prometheus Operator
The chart can deploy `ServiceMonitor` objects for integration with Prometheus Operator installations. To do so, set the value `metrics.serviceMonitor.enabled=true`. Ensure that the Prometheus Operator `CustomResourceDefinitions` are installed in the cluster or it will fail with the following error:
```text
no matches for kind "ServiceMonitor" in version "monitoring.coreos.com/v1"
```
Install the [Bitnami Kube Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus) for having the necessary CRDs and the Prometheus Operator.
### Backup and restore
To back up and restore Helm chart deployments on Kubernetes, you need to back up the persistent volumes from the source deployment and attach them to a new deployment using [Velero](https://velero.io/), a Kubernetes backup/restore tool. Find the instructions for using Velero in [this guide](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-backup-restore-deployments-velero-index.html).
## Persistence
The [Bitnami %%CHART_NAME%%](https://github.com/bitnami/containers/tree/main/bitnami/%%CHART_NAME%%) image stores the %%CHART_NAME%% data and configurations at the `/bitnami` path of the container. Persistent Volume Claims are used to keep the data across deployments.
If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/).
## Parameters
See <https://github.com/bitnami/readme-generator-for-helm> to create the table
The above parameters map to the env variables defined in [bitnami/%%CHART_NAME%%](https://github.com/bitnami/containers/tree/main/bitnami/%%CHART_NAME%%). For more information please refer to the [bitnami/%%CHART_NAME%%](https://github.com/bitnami/containers/tree/main/bitnami/%%CHART_NAME%%) image documentation.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install my-release \
--set %%CHART_NAME%%Username=admin \
--set %%CHART_NAME%%Password=password \
--set mariadb.auth.rootPassword=secretpassword \
oci://REGISTRY_NAME/REPOSITORY_NAME/%%CHART_NAME%%
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the %%CHART_NAME%% administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/%%CHART_NAME%%
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/blob/main/template/CHART_NAME/values.yaml)
## Troubleshooting
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
## License
Copyright &copy; 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
<http://www.apache.org/licenses/LICENSE-2.0>
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

39
template/CHART_NAME/templates/NOTES.txt
View File

@@ -1,39 +0,0 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
NOTICE: Starting August 28th, 2025, only a limited subset of images/charts will remain available for free. Backup will be available for some time at the 'Bitnami Legacy' repository. More info at https://github.com/bitnami/containers/issues/83267
** Please be patient while the chart is being deployed **
{{- if .Values.diagnosticMode.enabled }}
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
Get the list of pods by executing:
kubectl get pods --namespace {{ include "common.names.namespace" . | quote }} -l app.kubernetes.io/instance={{ .Release.Name }}
Access the pod you want to debug by executing
kubectl exec --namespace {{ include "common.names.namespace" . | quote }} -ti <NAME OF THE POD> -- bash
In order to replicate the container startup scripts execute this command:
%%ENTRYPOINT and CMD from main container%%
{{- else }}
%%Instructions to access the application depending on the serviceType and other considerations%%
{{- end }}
{{- include "common.warnings.rollingTag" .Values.%%MAIN_OBJECT_BLOCK%%.image }}
{{- include "common.warnings.rollingTag" .Values.%%OTHER_OBJECT_BLOCK%%.image }}
{{- include "common.warnings.rollingTag" .Values.defaultInitContainers.volumePermissions.image }}
{{- include "common.warnings.resources" (dict "sections" (list "%%MAIN_OBJECT_BLOCK%%" "%%OTHER_OBJECT_BLOCK%%." "defaultInitContainers.volumePermissions") "context" .) }}
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.%%MAIN_OBJECT_BLOCK%%.image .Values.%%OTHER_OBJECT_BLOCK%%.image .Values.defaultInitContainers.volumePermissions.image) "context" .) }}
{{- include "common.errors.insecureImages" (dict "images" (list .Values.%%MAIN_OBJECT_BLOCK%%.image .Values.%%OTHER_OBJECT_BLOCK%%.image .Values.defaultInitContainers.volumePermissions.image) "context" .) }}
{{- include "%%TEMPLATE_NAME%%.validateValues" . }}

61
template/CHART_NAME/templates/_helpers.tpl
View File

@@ -1,61 +0,0 @@
{{/*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/*
Return the proper %%MAIN_OBJECT_BLOCK%% image name
*/}}
{{- define "%%TEMPLATE_NAME%%.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.%%MAIN_OBJECT_BLOCK%%.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "%%TEMPLATE_NAME%%.volumePermissions.image" -}}
{{- include "common.images.image" ( dict "imageRoot" .Values.defaultInitContainers.volumePermissions.image "global" .Values.global ) -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "%%TEMPLATE_NAME%%.imagePullSecrets" -}}
{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.%%MAIN_OBJECT_BLOCK%%.image .Values.%%SECONDARY_OBJECT_BLOCK%%.image .Values.defaultInitContainers.volumePermissions.image) "context" $) -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "%%TEMPLATE_NAME%%.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return true if cert-manager required annotations for TLS signed certificates are set in the Ingress annotations
Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
*/}}
{{- define "%%TEMPLATE_NAME%%.ingress.certManagerRequest" -}}
{{ if or (hasKey . "cert-manager.io/cluster-issuer") (hasKey . "cert-manager.io/issuer") }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Compile all warnings into a single message.
*/}}
{{- define "%%TEMPLATE_NAME%%.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "%%TEMPLATE_NAME%%.validateValues.foo" .) -}}
{{- $messages := append $messages (include "%%TEMPLATE_NAME%%.validateValues.bar" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message -}}
{{- end -}}
{{- end -}}

41
template/CHART_NAME/templates/_init_containers.tpl
View File

@@ -1,41 +0,0 @@
{{/*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Returns an init-container that changes the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node
*/}}
{{- define "%%TEMPLATE_NAME%%.defaultInitContainers.volumePermissions" -}}
{{- $componentValues := index .context.Values .component -}}
- name: volume-permissions
image: {{ include "%%TEMPLATE_NAME%%.volumePermissions.image" . }}
imagePullPolicy: {{ .context.Values.defaultInitContainers.volumePermissions.image.pullPolicy | quote }}
{{- if .context.Values.defaultInitContainers.volumePermissions.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .context.Values.defaultInitContainers.volumePermissions.containerSecurityContext "context" .context) | nindent 4 }}
{{- end }}
{{- if .context.Values.defaultInitContainers.volumePermissions.resources }}
resources: {{- toYaml .context.Values.defaultInitContainers.volumePermissions.resources | nindent 4 }}
{{- else if ne .context.Values.defaultInitContainers.volumePermissions.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .context.Values.defaultInitContainers.volumePermissions.resourcesPreset) | nindent 4 }}
{{- end }}
command:
- /bin/bash
args:
- -ec
- |
mkdir -p {{ .context.Values.persistence.mountPath }}
{{- if eq ( toString ( .context.Values.defaultInitContainers.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
find {{ .context.Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R $(id -u):$(id -G | cut -d " " -f2)
{{- else }}
find {{ .context.Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ $componentValues.containerSecurityContext.runAsUser }}:{{ $componentValues.podSecurityContext.fsGroup }}
{{- end }}
volumeMounts:
- name: data
mountPath: {{ .context.Values.persistence.mountPath }}
{{- if .context.Values.persistence.subPath }}
subPath: {{ .context.Values.persistence.subPath }}
{{- end }}
{{- end -}}

22
template/CHART_NAME/templates/clusterrolebinding.yaml
View File

@@ -1,22 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
name: {{ template "common.names.fullname" . }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "common.names.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "%%TEMPLATE_NAME%%.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}

18
template/CHART_NAME/templates/configmap.yaml
View File

@@ -1,18 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
%%CONFIG_FILE_NAME%%: |
# Config file

159
template/CHART_NAME/templates/daemonset.yaml
View File

@@ -1,159 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if or .Values.%%MAIN_OBJECT_BLOCK%%.daemonsetAnnotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.daemonsetAnnotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy }}
updateStrategy: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels) "context" .) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
template:
metadata:
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
spec:
{{- include "%%TEMPLATE_NAME%%.imagePullSecrets" . | nindent 6 }}
serviceAccountName: {{ template "%%TEMPLATE_NAME%%.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.%%MAIN_OBJECT_BLOCK%%.automountServiceAccountToken }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.affinity }}
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAntiAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.type "key" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.key "values" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.tolerations "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName }}
priorityClassName: {{ .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName | quote }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext.enabled }}
securityContext: {{- omit .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }}
{{- end }}
initContainers:
{{- if and .Values.defaultInitContainers.volumePermissions.enabled .Values.persistence.enabled }}
{{- include "%%TEMPLATE_NAME%%.defaultInitContainers.volumePermissions" (dict "context" . "component" "%%MAIN_OBJECT_BLOCK%%") | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: %%CONTAINER_NAME%%
image: {{ template "%%TEMPLATE_NAME%%.image" . }}
imagePullPolicy: {{ .Values.%%MAIN_OBJECT_BLOCK%%.image.pullPolicy }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.%%MAIN_OBJECT_BLOCK%%.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.%%MAIN_OBJECT_BLOCK%%.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: foo
value: bar
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret "context" $) }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.http }}
- name: https
containerPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.https }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraContainerPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraContainerPorts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.resources }}
resources: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.resources | nindent 12 }}
{{- else if ne .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset) | nindent 12 }}
{{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe "enabled") "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe "enabled") "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- end }}
volumeMounts:
- name: data
mountPath: {{ .Values.persistence.mountPath }}
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
readOnly: true
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ default (include "common.names.fullname" .) .Values.persistence.existingClaim }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes "context" $) | nindent 8 }}
{{- end }}

175
template/CHART_NAME/templates/deployment.yaml
View File

@@ -1,175 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if or .Values.%%MAIN_OBJECT_BLOCK%%.deploymentAnnotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.deploymentAnnotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.hpa.enabled }}
replicas: {{ .Values.%%MAIN_OBJECT_BLOCK%%.replicaCount }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy }}
strategy: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels) "context" .) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
template:
metadata:
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
spec:
{{- include "%%TEMPLATE_NAME%%.imagePullSecrets" . | nindent 6 }}
serviceAccountName: {{ template "%%TEMPLATE_NAME%%.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.%%MAIN_OBJECT_BLOCK%%.automountServiceAccountToken }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.affinity }}
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAntiAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.type "key" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.key "values" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.tolerations "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName }}
priorityClassName: {{ .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName | quote }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.schedulerName }}
schedulerName: {{ .Values.%%MAIN_OBJECT_BLOCK%%.schedulerName | quote }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext.enabled }}
securityContext: {{- omit .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }}
{{- end }}
initContainers:
{{- if and .Values.defaultInitContainers.volumePermissions.enabled .Values.persistence.enabled }}
{{- include "%%TEMPLATE_NAME%%.defaultInitContainers.volumePermissions" (dict "context" . "component" "%%MAIN_OBJECT_BLOCK%%") | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: %%CONTAINER_NAME%%
image: {{ template "%%TEMPLATE_NAME%%.image" . }}
imagePullPolicy: {{ .Values.%%MAIN_OBJECT_BLOCK%%.image.pullPolicy }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.%%MAIN_OBJECT_BLOCK%%.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.%%MAIN_OBJECT_BLOCK%%.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.%%MAIN_OBJECT_BLOCK%%.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: foo
value: bar
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.resources }}
resources: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.resources | nindent 12 }}
{{- else if ne .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset) | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.http }}
- name: https
containerPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.https }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraContainerPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraContainerPorts "context" $) | nindent 12 }}
{{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe "enabled") "context" $) | nindent 12 }}
%%httpGet || command || etc%%
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe "enabled") "context" $) | nindent 12 }}
%%httpGet || command || etc%%
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.%%MAIN_OBJECT_BLOCK%%.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.startupProbe "enabled") "context" $) | nindent 12 }}
%%httpGet || command || etc%%
{{- end }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: {{ .Values.persistence.mountPath }}
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ default (include "common.names.fullname" .) .Values.persistence.existingClaim }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes "context" $) | nindent 8 }}
{{- end }}

9
template/CHART_NAME/templates/extra-list.yaml
View File

@@ -1,9 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

41
template/CHART_NAME/templates/hpa.yaml
View File

@@ -1,41 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.hpa.enabled }}
apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
name: {{ include "common.names.fullname" . }}
minReplicas: {{ .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.hpa.minReplicas }}
maxReplicas: {{ .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.hpa.maxReplicas }}
metrics:
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.hpa.targetMemory }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.hpa.targetMemory }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.hpa.targetCPU }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.hpa.targetCPU }}
{{- end }}
{{- end }}

56
template/CHART_NAME/templates/ingress.yaml
View File

@@ -1,56 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.ingress.enabled }}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if or .Values.ingress.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.ingress.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.ingressClassName }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
{{- end }}
rules:
{{- if .Values.ingress.hostname }}
- host: {{ .Values.ingress.hostname }}
http:
paths:
{{- if .Values.ingress.extraPaths }}
{{- toYaml .Values.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ .Values.ingress.path }}
pathType: {{ .Values.ingress.pathType }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- range .Values.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default "/" .path }}
pathType: {{ default "ImplementationSpecific" .pathType }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.ingress.extraRules }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }}
{{- end }}
{{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
tls:
{{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }}
- hosts:
- {{ .Values.ingress.hostname | quote }}
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
{{- end }}
{{- if .Values.ingress.extraTls }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

72
template/CHART_NAME/templates/networkpolicy.yaml
View File

@@ -1,72 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.networkPolicy.enabled }}
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
policyTypes:
- Ingress
- Egress
egress:
{{- if .Values.networkPolicy.allowExternalEgress }}
- {}
{{- else }}
- ports:
# Allow dns resolution
- port: 53
protocol: UDP
- port: 53
protocol: TCP
{{- if .Values.networkPolicy.extraEgress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
ingress:
- ports:
- port: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.http }}
- port: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.https }}
{{- range .Values.%%MAIN_OBJECT_BLOCK%%.extraContainerPorts }}
- port: {{ .containerPort }}
{{- end }}
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
{{- if .Values.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "common.names.fullname" . }}-client: "true"
{{- end }}
{{- if .Values.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.networkPolicy.extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}

28
template/CHART_NAME/templates/pdb.yaml
View File

@@ -1,28 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.pdb.create }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.pdb.minAvailable }}
minAvailable: {{ .Values.%%MAIN_OBJECT_BLOCK%%.pdb.minAvailable }}
{{- end }}
{{- if or .Values.%%MAIN_OBJECT_BLOCK%%.pdb.maxUnavailable ( not .Values.%%MAIN_OBJECT_BLOCK%%.pdb.minAvailable ) }}
maxUnavailable: {{ .Values.%%MAIN_OBJECT_BLOCK%%.pdb.maxUnavailable | default 1 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels ) "context" . ) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- end }}

33
template/CHART_NAME/templates/pvc.yaml
View File

@@ -1,33 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if or .Values.persistence.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.persistence.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.selector }}
selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.persistence.dataSource }}
dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 4 }}
{{- end }}
{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }}
{{- end -}}

28
template/CHART_NAME/templates/role.yaml
View File

@@ -1,28 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{ if .Values.rbac.create }}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
# TODO: Update resources and verbs to the proper values for the application cases
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
{{- if .Values.rbac.rules }}
{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }}
{{- end }}
{{- end }}

18
template/CHART_NAME/templates/secret.yaml
View File

@@ -1,18 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
password-key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "password-key" "providedValues" (list "password-value") "context" $) }}

19
template/CHART_NAME/templates/service-account.yaml
View File

@@ -1,19 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "%%TEMPLATE_NAME%%.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.serviceAccount.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}

54
template/CHART_NAME/templates/service.yaml
View File

@@ -1,54 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if or .Values.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.service.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
ports:
- name: %%PORT_NAME%%
port: {{ .Values.service.ports.http }}
{{- if not (eq .Values.service.ports.http .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.http) }}
targetPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.http }}
{{- end }}
protocol: bar
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }}
nodePort: {{ .Values.service.nodePorts.http }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels) "context" .) | fromYaml }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%

51
template/CHART_NAME/templates/servicemonitor.yaml
View File

@@ -1,51 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }}
{{- $labels := include "common.tplvalues.merge" (dict "values" (list .Values.metrics.serviceMonitor.labels .Values.commonLabels) "context" .) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if or .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
{{- if .Values.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
endpoints:
- port: tcp-metrics
path: "/metrics"
{{- if .Values.metrics.serviceMonitor.tlsConfig }}
scheme: https
tlsConfig: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.tlsConfig "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "common.names.namespace" . | quote }}
{{- end }}

205
template/CHART_NAME/templates/statefulset.yaml
View File

@@ -1,205 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if or .Values.%%MAIN_OBJECT_BLOCK%%.statefulsetAnnotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.statefulsetAnnotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.hpa.enabled }}
replicas: {{ .Values.%%MAIN_OBJECT_BLOCK%%.replicaCount }}
{{- end }}
podManagementPolicy: {{ .Values.podManagementPolicy | quote }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels) "context" .) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
serviceName: {{ template "common.names.fullname" . }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy }}
updateStrategy: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy | nindent 4 }}
{{- end }}
template:
metadata:
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
spec:
{{- include "%%TEMPLATE_NAME%%.imagePullSecrets" . | nindent 6 }}
serviceAccountName: {{ template "%%TEMPLATE_NAME%%.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.%%MAIN_OBJECT_BLOCK%%.automountServiceAccountToken }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.affinity }}
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAntiAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.type "key" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.key "values" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.tolerations "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName }}
priorityClassName: {{ .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName | quote }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.schedulerName }}
schedulerName: {{ .Values.%%MAIN_OBJECT_BLOCK%%.schedulerName | quote }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext.enabled }}
securityContext: {{- omit .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }}
{{- end }}
initContainers:
{{- if and .Values.defaultInitContainers.volumePermissions.enabled .Values.persistence.enabled }}
{{- include "%%TEMPLATE_NAME%%.defaultInitContainers.volumePermissions" (dict "context" . "component" "%%MAIN_OBJECT_BLOCK%%") | nindent 8 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: %%CONTAINER_NAME%%
image: {{ template "%%TEMPLATE_NAME%%.image" . }}
imagePullPolicy: {{ .Values.%%MAIN_OBJECT_BLOCK%%.image.pullPolicy }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.%%MAIN_OBJECT_BLOCK%%.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.%%MAIN_OBJECT_BLOCK%%.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: foo
value: bar
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.resources }}
resources: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.resources | nindent 12 }}
{{- else if ne .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset) | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.http }}
- name: https
containerPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.https }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraContainerPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraContainerPorts "context" $) | nindent 12 }}
{{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe "enabled") "context" $) | nindent 12 }}
%%httpGet || command || etc%%
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe "enabled") "context" $) | nindent 12 }}
%%httpGet || command || etc%%
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.%%MAIN_OBJECT_BLOCK%%.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.startupProbe "enabled") "context" $) | nindent 12 }}
%%httpGet || command || etc%%
{{- end }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: {{ .Values.persistence.mountPath }}
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
readOnly: true
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ default (include "common.names.fullname" .) .Values.persistence.existingClaim }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: data
{{- if or .Values.persistence.annotations .Values.commonAnnotations }}
{{- $claimAnnotations := include "common.tplvalues.merge" (dict "values" .Values.persistence.annotations .Values.commonAnnotations "context" .) | fromYaml }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $ ) | nindent 10 }}
{{- end }}
{{- if .Values.commonLabels }}
labels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.dataSource }}
dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 10 }}
{{- end }}
{{- if .Values.persistence.selector }}
selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }}
{{- end }}
{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }}
{{- end }}

46
template/CHART_NAME/templates/tls-secret.yaml
View File

@@ -1,46 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.ingress.enabled }}
{{- if .Values.ingress.secrets }}
{{- range .Values.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ include "common.names.namespace" $ | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
---
{{- end }}
{{- end }}
{{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
{{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
{{- $ca := genCA "%%COMPONENT_NAME%%-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}

44
template/CHART_NAME/templates/vpa.yaml
View File

@@ -1,44 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.vpa.enabled }}
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: %%COMPONENT_NAME%%
{{- if or .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.vpa.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
resourcePolicy:
containerPolicies:
- containerName: %%MAIN_OBJECT_BLOCK%%
{{- with .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.vpa.controlledResources }}
controlledResources:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.vpa.maxAllowed }}
maxAllowed:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.vpa.minAllowed }}
minAllowed:
{{- toYaml . | nindent 8 }}
{{- end }}
targetRef:
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
name: {{ include "common.names.fullname" . }}
{{- if .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.vpa.updatePolicy }}
updatePolicy:
{{- with .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.vpa.updatePolicy.updateMode }}
updateMode: {{ . }}
{{- end }}
{{- end }}
{{- end }}

896
template/CHART_NAME/values.yaml
View File

@@ -1,896 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
global:
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## @param global.imageRegistry Global Docker Image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
##
imageRegistry: ""
imagePullSecrets: []
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
##
defaultStorageClass: ""
## Security parameters
## @param global.security.allowInsecureImages Allows skipping image verification
##
security:
allowInsecureImages: false
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
openshift:
adaptSecurityContext: auto
## @param global.compatibility.omitEmptySeLinuxOptions If set to true, removes the seLinuxOptions from the securityContexts when it is set to an empty object
##
omitEmptySeLinuxOptions: false
## @section Common parameters
## @param kubeVersion Override Kubernetes version reported by .Capabilities
##
kubeVersion: ""
## @param apiVersions Override Kubernetes API versions reported by .Capabilities
##
apiVersions: []
## @param nameOverride String to partially override common.names.name
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname
##
fullnameOverride: ""
## @param namespaceOverride String to fully override common.names.namespace
##
namespaceOverride: ""
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param clusterDomain Kubernetes cluster domain name
##
clusterDomain: cluster.local
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []
## Diagnostic mode
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
## @param diagnosticMode.command Command to override all containers in the chart release
## @param diagnosticMode.args Args to override all containers in the chart release
##
diagnosticMode:
enabled: false
command:
- sleep
args:
- infinity
## @section %%MAIN_CONTAINER%% Parameters
##
## %%MAIN_CONTAINER/POD_DESCRIPTION%%
##
%%MAIN_OBJECT_BLOCK%%:
## Bitnami %%MAIN_CONTAINER%% image
## ref: https://hub.docker.com/r/bitnami/%%IMAGE_NAME%%/tags/
## @param %%MAIN_OBJECT_BLOCK%%.image.registry [default: REGISTRY_NAME] %%MAIN_CONTAINER%% image registry
## @param %%MAIN_OBJECT_BLOCK%%.image.repository [default: REPOSITORY_NAME/%%IMAGE_NAME%%] %%MAIN_CONTAINER%% image repository
## @skip %%MAIN_OBJECT_BLOCK%%.image.tag %%MAIN_CONTAINER%% image tag (immutable tags are recommended)
## @param %%MAIN_OBJECT_BLOCK%%.image.digest %%MAIN_CONTAINER%% image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
## @param %%MAIN_OBJECT_BLOCK%%.image.pullPolicy %%MAIN_CONTAINER%% image pull policy
## @param %%MAIN_OBJECT_BLOCK%%.image.pullSecrets %%MAIN_CONTAINER%% image pull secrets
## @param %%MAIN_OBJECT_BLOCK%%.image.debug Enable %%MAIN_CONTAINER%% image debug mode
##
image:
registry: docker.io
repository: bitnami/%%IMAGE_NAME%%
tag: %%IMAGE_TAG%%
digest: ""
## Specify a imagePullPolicy
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
debug: false
## @param %%MAIN_OBJECT_BLOCK%%.replicaCount Number of %%MAIN_CONTAINER_NAME%% replicas to deploy
##
replicaCount: 1
## @param %%MAIN_OBJECT_BLOCK%%.containerPorts.http %%MAIN_CONTAINER_NAME%% HTTP container port
## @param %%MAIN_OBJECT_BLOCK%%.containerPorts.https %%MAIN_CONTAINER_NAME%% HTTPS container port
##
containerPorts:
http: 80
https: 443
## @param %%MAIN_OBJECT_BLOCK%%.extraContainerPorts Optionally specify extra list of additional ports for %%MAIN_CONTAINER_NAME%% containers
## e.g:
## extraContainerPorts:
## - name: myservice
## containerPort: 9090
##
extraContainerPorts: []
## Configure extra options for %%MAIN_CONTAINER_NAME%% containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.enabled Enable livenessProbe on %%MAIN_CONTAINER_NAME%% containers
## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: foo
periodSeconds: bar
timeoutSeconds: foo
failureThreshold: bar
successThreshold: foo
## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.enabled Enable readinessProbe on %%MAIN_CONTAINER_NAME%% containers
## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: foo
periodSeconds: bar
timeoutSeconds: foo
failureThreshold: bar
successThreshold: foo
## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.enabled Enable startupProbe on %%MAIN_CONTAINER_NAME%% containers
## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.periodSeconds Period seconds for startupProbe
## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.failureThreshold Failure threshold for startupProbe
## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: foo
periodSeconds: bar
timeoutSeconds: foo
failureThreshold: bar
successThreshold: foo
## @param %%MAIN_OBJECT_BLOCK%%.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param %%MAIN_OBJECT_BLOCK%%.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param %%MAIN_OBJECT_BLOCK%%.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## %%MAIN_CONTAINER_NAME%% resource requests and limits
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param %%MAIN_OBJECT_BLOCK%%.resourcesPreset Set %%MAIN_CONTAINER_NAME%% container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if %%MAIN_OBJECT_BLOCK%%.resources is set (%%MAIN_OBJECT_BLOCK%%.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param %%MAIN_OBJECT_BLOCK%%.resources Set %%MAIN_CONTAINER_NAME%% container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param %%MAIN_OBJECT_BLOCK%%.podSecurityContext.enabled Enable %%MAIN_CONTAINER_NAME%% pods' Security Context
## @param %%MAIN_OBJECT_BLOCK%%.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for %%MAIN_CONTAINER_NAME%% pods
## @param %%MAIN_OBJECT_BLOCK%%.podSecurityContext.sysctls Set kernel settings using the sysctl interface for %%MAIN_CONTAINER_NAME%% pods
## @param %%MAIN_OBJECT_BLOCK%%.podSecurityContext.supplementalGroups Set filesystem extra groups for %%MAIN_CONTAINER_NAME%% pods
## @param %%MAIN_OBJECT_BLOCK%%.podSecurityContext.fsGroup Set fsGroup in %%MAIN_CONTAINER_NAME%% pods' Security Context
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% container' Security Context
## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in %%MAIN_CONTAINER_NAME%% container
## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.runAsUser Set runAsUser in %%MAIN_CONTAINER_NAME%% container' Security Context
## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.runAsGroup Set runAsGroup in %%MAIN_CONTAINER_NAME%% container' Security Context
## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.runAsNonRoot Set runAsNonRoot in %%MAIN_CONTAINER_NAME%% container' Security Context
## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in %%MAIN_CONTAINER_NAME%% container' Security Context
## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.privileged Set privileged in %%MAIN_CONTAINER_NAME%% container' Security Context
## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in %%MAIN_CONTAINER_NAME%% container' Security Context
## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.capabilities.drop List of capabilities to be dropped in %%MAIN_CONTAINER_NAME%% container
## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.seccompProfile.type Set seccomp profile in %%MAIN_CONTAINER_NAME%% container
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
readOnlyRootFilesystem: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
%%OTHER_PARAMETERS_RELATED_TO_THIS_CONTAINER/POD%%
## @param %%MAIN_OBJECT_BLOCK%%.existingConfigmap The name of an existing ConfigMap with your custom configuration for %%MAIN_CONTAINER_NAME%%
##
existingConfigmap: ""
## @param %%MAIN_OBJECT_BLOCK%%.command Override default %%MAIN_CONTAINER_NAME%% container command (useful when using custom images)
##
command: []
## @param %%MAIN_OBJECT_BLOCK%%.args Override default %%MAIN_CONTAINER_NAME%% container args (useful when using custom images)
##
args: []
## @param %%MAIN_OBJECT_BLOCK%%.automountServiceAccountToken Mount Service Account token in %%MAIN_CONTAINER_NAME%% pods
##
automountServiceAccountToken: false
## @param %%MAIN_OBJECT_BLOCK%%.hostAliases %%MAIN_CONTAINER_NAME%% pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param %%MAIN_OBJECT_BLOCK%%.daemonsetAnnotations Annotations for %%MAIN_CONTAINER_NAME%% daemonset
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
daemonsetAnnotations: {}
## @param %%MAIN_OBJECT_BLOCK%%.deploymentAnnotations Annotations for %%MAIN_CONTAINER_NAME%% deployment
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
deploymentAnnotations: {}
## @param %%MAIN_OBJECT_BLOCK%%.statefulsetAnnotations Annotations for %%MAIN_CONTAINER_NAME%% statefulset
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
statefulsetAnnotations: {}
## @param %%MAIN_OBJECT_BLOCK%%.podLabels Extra labels for %%MAIN_CONTAINER_NAME%% pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param %%MAIN_OBJECT_BLOCK%%.podAnnotations Annotations for %%MAIN_CONTAINER_NAME%% pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param %%MAIN_OBJECT_BLOCK%%.podAffinityPreset Pod affinity preset. Ignored if `%%MAIN_OBJECT_BLOCK%%.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param %%MAIN_OBJECT_BLOCK%%.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `%%MAIN_OBJECT_BLOCK%%.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node %%MAIN_OBJECT_BLOCK%%.affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param %%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.type Node affinity preset type. Ignored if `%%MAIN_OBJECT_BLOCK%%.affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param %%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.key Node label key to match. Ignored if `%%MAIN_OBJECT_BLOCK%%.affinity` is set
##
key: ""
## @param %%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.values Node label values to match. Ignored if `%%MAIN_OBJECT_BLOCK%%.affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param %%MAIN_OBJECT_BLOCK%%.affinity Affinity for %%MAIN_CONTAINER_NAME%% pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: `%%MAIN_OBJECT_BLOCK%%.podAffinityPreset`, `%%MAIN_OBJECT_BLOCK%%.podAntiAffinityPreset`, and `%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset` will be ignored when it's set
##
affinity: {}
## @param %%MAIN_OBJECT_BLOCK%%.nodeSelector Node labels for %%MAIN_CONTAINER_NAME%% pods assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param %%MAIN_OBJECT_BLOCK%%.tolerations Tolerations for %%MAIN_CONTAINER_NAME%% pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## ONLY FOR DEPLOYMENTS:
## @param %%MAIN_OBJECT_BLOCK%%.updateStrategy.type %%MAIN_CONTAINER_NAME%% deployment strategy type
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## ONLY FOR STATEFULSETS:
## @param %%MAIN_OBJECT_BLOCK%%.updateStrategy.type %%MAIN_CONTAINER_NAME%% statefulset strategy type
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
## ONLY FOR DEPLOYMENTS:
## Can be set to RollingUpdate or Recreate
## ONLY FOR STATEFULSETS:
## Can be set to RollingUpdate or OnDelete
##
type: RollingUpdate
## ONLY FOR STATEFULSETS:
## @param %%MAIN_OBJECT_BLOCK%%.podManagementPolicy Pod management policy for %%MAIN_CONTAINER_NAME%% statefulset
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
##
podManagementPolicy: OrderedReady
## @param %%MAIN_OBJECT_BLOCK%%.priorityClassName %%MAIN_CONTAINER_NAME%% pods' priorityClassName
##
priorityClassName: ""
## @param %%MAIN_OBJECT_BLOCK%%.topologySpreadConstraints Topology Spread Constraints for %%MAIN_CONTAINER_NAME%% pod assignment spread across your cluster among failure-domains
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
##
topologySpreadConstraints: []
## @param %%MAIN_OBJECT_BLOCK%%.schedulerName Name of the k8s scheduler (other than default) for %%MAIN_CONTAINER_NAME%% pods
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param %%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds Seconds %%MAIN_CONTAINER_NAME%% pods need to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: ""
## @param %%MAIN_OBJECT_BLOCK%%.lifecycleHooks for %%MAIN_CONTAINER_NAME%% containers to automate configuration before or after startup
##
lifecycleHooks: {}
## @param %%MAIN_OBJECT_BLOCK%%.extraEnvVars Array with extra environment variables to add to %%MAIN_CONTAINER_NAME%% containers
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param %%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for %%MAIN_CONTAINER_NAME%% containers
##
extraEnvVarsCM: ""
## @param %%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret Name of existing Secret containing extra env vars for %%MAIN_CONTAINER_NAME%% containers
##
extraEnvVarsSecret: ""
## @param %%MAIN_OBJECT_BLOCK%%.extraVolumes Optionally specify extra list of additional volumes for the %%MAIN_CONTAINER_NAME%% pods
##
extraVolumes: []
## @param %%MAIN_OBJECT_BLOCK%%.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the %%MAIN_CONTAINER_NAME%% containers
##
extraVolumeMounts: []
## @param %%MAIN_OBJECT_BLOCK%%.sidecars Add additional sidecar containers to the %%MAIN_CONTAINER_NAME%% pods
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param %%MAIN_OBJECT_BLOCK%%.initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pods
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
## @param %%MAIN_OBJECT_BLOCK%%.pdb.create Enable/disable a Pod Disruption Budget creation
## @param %%MAIN_OBJECT_BLOCK%%.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param %%MAIN_OBJECT_BLOCK%%.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `%%MAIN_OBJECT_BLOCK%%.pdb.minAvailable` and `%%MAIN_OBJECT_BLOCK%%.pdb.maxUnavailable` are empty.
##
pdb:
create: true
minAvailable: ""
maxUnavailable: ""
## Autoscaling configuration
## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/
##
autoscaling:
## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.vpa.enabled Enable VPA for %%MAIN_CONTAINER_NAME%% pods
## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.vpa.annotations Annotations for VPA resource
## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod
## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod
##
vpa:
enabled: false
annotations: {}
controlledResources: []
maxAllowed: {}
minAllowed: {}
## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy
## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
## Possible values are "Off", "Initial", "Recreate", and "Auto".
##
updatePolicy:
updateMode: Auto
## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.hpa.enabled Enable HPA for %%MAIN_CONTAINER_NAME%% pods
## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.hpa.minReplicas Minimum number of replicas
## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.hpa.maxReplicas Maximum number of replicas
## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.hpa.targetCPU Target CPU utilization percentage
## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.hpa.targetMemory Target Memory utilization percentage
##
hpa:
enabled: false
minReplicas: 1
maxReplicas: 3
targetCPU: 75
targetMemory: ""
## %%SECONDARY_CONTAINER/POD_DESCRIPTION%%
##
%%SECONDARY_OBJECT_BLOCK%%:
%%SAME_STRUCTURE_AS_THE_MAIN_CONTAINER/POD%%
## %%OTHERS_CONTAINER/POD_DESCRIPTION%%
##
%%OTHER_OBJECT_BLOCK%%:
%%SAME_STRUCTURE_AS_THE_MAIN_CONTAINER/POD%%
## @section Traffic Exposure Parameters
##
## %%MAIN_CONTAINER_NAME%% service parameters
##
service:
## @param service.type %%MAIN_CONTAINER_NAME%% service type
##
type: LoadBalancer
## @param service.ports.http %%MAIN_CONTAINER_NAME%% service HTTP port
## @param service.ports.https %%MAIN_CONTAINER_NAME%% service HTTPS port
##
ports:
http: 80
https: 443
## Node ports to expose
## @param service.nodePorts.http Node port for HTTP
## @param service.nodePorts.https Node port for HTTPS
## NOTE: choose port between <30000-32767>
##
nodePorts:
http: ""
https: ""
## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
##
annotations: {}
## @param service.extraPorts Extra ports to expose in %%MAIN_CONTAINER_NAME%% service (normally used with the `sidecars` value)
##
extraPorts: []
## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `networkPolicy.allowExternal` is true.
##
addExternalClientAccess: true
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `networkPolicy.allowExternal` is true.
## e.g:
## ingressPodMatchLabels:
## my-client: "true"
#
ingressPodMatchLabels: {}
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true.
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true.
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## %%MAIN_CONTAINER_NAME%% ingress parameters
## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
## @param ingress.enabled Enable ingress record generation for %%MAIN_CONTAINER_NAME%%
##
enabled: false
## @param ingress.pathType Ingress path type
##
pathType: ImplementationSpecific
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.hostname Default host for the ingress record
##
hostname: %%COMPONENT_NAME%%.local
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: ""
## @param ingress.path Default path for the ingress record
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
##
path: /
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations: {}
## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
## You can:
## - Use the `ingress.secrets` parameter to create this TLS secret
## - Rely on cert-manager to create it by setting the corresponding annotations
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
##
tls: false
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
## e.g:
## extraHosts:
## - name: %%COMPONENT_NAME%%.local
## path: /
##
extraHosts: []
## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
## e.g:
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
extraPaths: []
## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## e.g:
## extraTls:
## - hosts:
## - %%COMPONENT_NAME%%.local
## secretName: %%COMPONENT_NAME%%.local-tls
##
extraTls: []
## @param ingress.secrets Custom TLS certificates as secrets
## NOTE: 'key' and 'certificate' are expected in PEM format
## NOTE: 'name' should line up with a 'secretName' set further up
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## e.g:
## secrets:
## - name: %%COMPONENT_NAME%%.local-tls
## key: |-
## -----BEGIN RSA PRIVATE KEY-----
## ...
## -----END RSA PRIVATE KEY-----
## certificate: |-
## -----BEGIN CERTIFICATE-----
## ...
## -----END CERTIFICATE-----
##
secrets: []
## @param ingress.extraRules Additional rules to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
## e.g:
## extraRules:
## - host: example.local
## http:
## path: /
## backend:
## service:
## name: example-svc
## port:
## name: http
##
extraRules: []
## @section Persistence Parameters
##
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
##
persistence:
## @param persistence.enabled Enable persistence using Persistent Volume Claims
##
enabled: true
## @param persistence.mountPath Path to mount the volume at.
##
mountPath: /bitnami/%%MAIN_OBJECT_BLOCK%%/data
## @param persistence.subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services
##
subPath: ""
## @param persistence.storageClass Storage class of backing PVC
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param persistence.annotations Persistent Volume Claim annotations
##
annotations: {}
## @param persistence.accessModes Persistent Volume Access Modes
##
accessModes:
- ReadWriteOnce
## @param persistence.size Size of data volume
##
size: 8Gi
## @param persistence.dataSource Custom PVC data source
##
dataSource: {}
## @param persistence.existingClaim The name of an existing PVC to use for persistence
##
existingClaim: ""
## @param persistence.selector Selector to match an existing Persistent Volume for WordPress data PVC
## If set, the PVC can't have a PV dynamically provisioned for it
## E.g.
## selector:
## matchLabels:
## app: my-app
##
selector: {}
## @section Default init containers Parameters
defaultInitContainers:
## 'volume-permissions' init container
## Changes the owner and group of the persistent volume mount(s) point(s) to runAsUser:fsGroup values
## based on the *podSecurityContext/*containerSecurityContext parameters
##
volumePermissions:
## @param defaultInitContainers.volumePermissions.enabled Enable init container that adapts the owner/group of the PV mount(s) point(s)
##
enabled: false
## OS Shell + Utility image
## ref: https://hub.docker.com/r/bitnami/os-shell
## @param defaultInitContainers.volumePermissions.image.registry [default: REGISTRY_NAME] "volume-permissions" init-containers' image registry
## @param defaultInitContainers.volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] "volume-permissions" init-containers' image repository
## @skip defaultInitContainers.volumePermissions.image.tag "volume-permissions" init-containers' image tag (immutable tags are recommended)
## @param defaultInitContainers.volumePermissions.image.digest "volume-permissions" init-containers' image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param defaultInitContainers.volumePermissions.image.pullPolicy "volume-permissions" init-containers' image pull policy
## @param defaultInitContainers.volumePermissions.image.pullSecrets "volume-permissions" init-containers' image pull secrets
##
image:
registry: docker.io
repository: bitnami/os-shell
tag: 12-debian-12-r46
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Configure "volume-permissions" init-container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param defaultInitContainers.volumePermissions.containerSecurityContext.enabled Enabled "volume-permissions" init-containers' Security Context
## @param defaultInitContainers.volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in "volume-permissions" init-containers
## @param defaultInitContainers.volumePermissions.containerSecurityContext.runAsUser Set runAsUser in "volume-permissions" init-containers' Security Context
## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
## @param defaultInitContainers.volumePermissions.containerSecurityContext.privileged Set privileged in "volume-permissions" init-containers' Security Context
## @param defaultInitContainers.volumePermissions.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in "volume-permissions" init-containers' Security Context
## @param defaultInitContainers.volumePermissions.containerSecurityContext.capabilities.add List of capabilities to be added in "volume-permissions" init-containers
## @param defaultInitContainers.volumePermissions.containerSecurityContext.capabilities.drop List of capabilities to be dropped in "volume-permissions" init-containers
## @param defaultInitContainers.volumePermissions.containerSecurityContext.seccompProfile.type Set seccomp profile in "volume-permissions" init-containers
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 0
privileged: false
allowPrivilegeEscalation: false
capabilities:
add: []
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## "volume-permissions" init container resource requests and limits
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param defaultInitContainers.volumePermissions.resourcesPreset Set "volume-permissions" init container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if defaultInitContainers.volumePermissions.resources is set (defaultInitContainers.volumePermissions.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param defaultInitContainers.volumePermissions.resources Set "volume-permissions" init container requests and limits for different resources like CPU or memory (essential for production workloads)
## E.g:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## @section Other Parameters
##
## RBAC configuration
##
rbac:
## @param rbac.create Specifies whether RBAC resources should be created
##
create: false
## @param rbac.rules Custom RBAC rules to set
## e.g:
## rules:
## - apiGroups:
## - ""
## resources:
## - pods
## verbs:
## - get
## - list
##
rules: []
## ServiceAccount configuration
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
## @param serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
name: ""
## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
##
annotations: {}
## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
##
automountServiceAccountToken: true
## Prometheus metrics
##
metrics:
## @param metrics.enabled Enable the export of Prometheus metrics
##
enabled: false
## Prometheus Operator ServiceMonitor configuration
##
serviceMonitor:
## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
##
enabled: false
## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
##
namespace: ""
## @param metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor
##
annotations: {}
## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
##
labels: {}
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus
##
jobLabel: ""
## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
##
honorLabels: false
## @param metrics.serviceMonitor.tlsConfig [object] TLS configuration used for scrape endpoints used by Prometheus
##
tlsConfig: {}
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
## e.g:
## interval: 10s
##
interval: ""
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
## e.g:
## scrapeTimeout: 10s
##
scrapeTimeout: ""
## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
##
metricRelabelings: []
## @param metrics.serviceMonitor.relabelings Specify general relabeling
##
relabelings: []
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
## selector:
## prometheus: my-prometheus
##
selector: {}
## %%SUBCHART_CONTAINER/POD_DESCRIPTION%%
##
%%SUBCHART_NAME%%:
enabled: false
%%OTHER_PARAMETERS_RELATED_TO_THIS_SUBCHART%%

42
template/README.md
View File

@@ -1,42 +0,0 @@
# Bitnami Charts Template
This directory contains a basic scaffolding to serve as the basis for creating a new chart.
Some of the items that need to be implemented are:
- commonAnnotations
- commonLabels
- imagePullSecret
- extraDeploy
- resources.requests
- resources.limits
- livenessProbe
- readinessProbe
- customLivenessProbe
- customReadinessProbe
- podLabels
- affinity
- nodeSelector
- tolerations (that would override the default one)
- daemonsetAnnotations
- deploymentAnnotations
- statefulsetAnnotations
- podAnnotations
- priorityClassName
- lifecycleHooks
- sidecars
- initContainers
- extraEnvVars
- extraEnvVarsCM
- extraEnvVarsSecret
- command (which would override the default one)
- args (which would override the default one)
- extraVolumes
- extraVolumeMounts
- updateStrategy
- podSecurityContext
- containerSecurityContext
Also it is necessary to use the `bitnami/common` chart to standardize some of the above items.
:warning: Take into account this is just an example to follow, depending on the specific use case you will need to remove, add or modify those templates, beyond replacing the placeholders `%%FOO%%`