diff --git a/azure-pipelines-gated.yml b/azure-pipelines-gated.yml index fbeec709..947ac2be 100644 --- a/azure-pipelines-gated.yml +++ b/azure-pipelines-gated.yml @@ -21,17 +21,29 @@ jobs: strategy: maxParallel: 5 matrix: - Helm_3_19_2_single: - HelmVersion: "3.19.2" + Helm_3_19_5_single: + HelmVersion: "3.19.5" TestType: single - Helm_3_19_2_multi: - HelmVersion: "3.19.2" + Helm_3_19_5_multi: + HelmVersion: "3.19.5" TestType: multi - Helm_4_0_1_single: - HelmVersion: "4.0.1" + Helm_3_20_0_single: + HelmVersion: "3.20.0" TestType: single - Helm_4_0_1_multi: - HelmVersion: "4.0.1" + Helm_3_20_0_multi: + HelmVersion: "3.20.0" + TestType: multi + Helm_4_0_5_single: + HelmVersion: "4.0.5" + TestType: single + Helm_4_0_5_multi: + HelmVersion: "4.0.5" + TestType: multi + Helm_4_1_0_single: + HelmVersion: "4.1.0" + TestType: single + Helm_4_1_0_multi: + HelmVersion: "4.1.0" TestType: multi steps: diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 6192e838..d2d1a26c 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -37,6 +37,30 @@ jobs: Helm_3_19_2_multi: HelmVersion: "3.19.2" TestType: multi + Helm_3_19_3_single: + HelmVersion: "3.19.3" + TestType: single + Helm_3_19_3_multi: + HelmVersion: "3.19.3" + TestType: multi + Helm_3_19_4_single: + HelmVersion: "3.19.4" + TestType: single + Helm_3_19_4_multi: + HelmVersion: "3.19.4" + TestType: multi + Helm_3_19_5_single: + HelmVersion: "3.19.5" + TestType: single + Helm_3_19_5_multi: + HelmVersion: "3.19.5" + TestType: multi + Helm_3_20_0_single: + HelmVersion: "3.20.0" + TestType: single + Helm_3_20_0_multi: + HelmVersion: "3.20.0" + TestType: multi Helm_4_0_0_single: HelmVersion: "4.0.0" TestType: single @@ -49,6 +73,36 @@ jobs: Helm_4_0_1_multi: HelmVersion: "4.0.1" TestType: multi + Helm_4_0_2_single: + HelmVersion: "4.0.2" + TestType: single + Helm_4_0_2_multi: + HelmVersion: "4.0.2" + TestType: multi + Helm_4_0_3_single: + HelmVersion: "4.0.3" + TestType: single + Helm_4_0_3_multi: + HelmVersion: "4.0.3" + TestType: multi + Helm_4_0_4_single: + HelmVersion: "4.0.4" + TestType: single + Helm_4_0_4_multi: + HelmVersion: "4.0.4" + TestType: multi + Helm_4_0_5_single: + HelmVersion: "4.0.5" + TestType: single + Helm_4_0_5_multi: + HelmVersion: "4.0.5" + TestType: multi + Helm_4_1_0_single: + HelmVersion: "4.1.0" + TestType: single + Helm_4_1_0_multi: + HelmVersion: "4.1.0" + TestType: multi steps: - template: azure-pipelines-test.yml # Template reference parameters: diff --git a/hull/CHANGELOG.md b/hull/CHANGELOG.md index 8e7fbdba..5e9a6d41 100644 --- a/hull/CHANGELOG.md +++ b/hull/CHANGELOG.md @@ -1,8 +1,11 @@ # Changelog -## [1.35.0] +## [1.35.1] CHANGES: -- initial K8S 1.35 release -- deprecating 1.32 release +- support subchart usecases with HULL. First, the parsing of HULL relevant fields for transformations has been extended to all of `.Values` instead of `.Values.hull`. This means that HULL transformations in sections outside of `.Values.hull`, such as subchart configurations and `.Values.global`, are now also handled and the result is available for further processing. When adding the `hull.yaml` to a subcharts `templates/zzz` folder in a HULL based parent chart, it becomes possible to use transformations that involve shared data under `.Values.global` and make the result available to parent and sub charts. + +FIXES: + +- due to [changes made to Helm 3 versions](https://github.com/helm/helm/issues/30587), the behavior for accessing undefined values has changed for specific Helm 3 versions starting with 3.19.5+ and 3.20+. The named versions (and potentially all following Helm 3 patches) exhibit the Helm 4 behavior which leads to an error if an undefined field is accessed. Tests were adapted to differentiate concrete Helm 3 versions and set correct expectations. diff --git a/hull/Chart.yaml b/hull/Chart.yaml index 2b19d30b..fb79eeac 100644 --- a/hull/Chart.yaml +++ b/hull/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: hull -version: "1.35.0" +version: "1.35.1" description: HULL - Helm Uniform Layer Library type: library keywords: diff --git a/hull/HISTORY.md b/hull/HISTORY.md index 295a3bc4..7f6c436d 100644 --- a/hull/HISTORY.md +++ b/hull/HISTORY.md @@ -1,5 +1,15 @@ # History +## [1.35.1] + +CHANGES: + +- support subchart usecases with HULL. First, the parsing of HULL relevant fields for transformations has been extended to all of `.Values` instead of `.Values.hull`. This means that HULL transformations in sections outside of `.Values.hull`, such as subchart configurations and `.Values.global`, are now also handled and the result is available for further processing. When adding the `hull.yaml` to a subcharts `templates/zzz` folder in a HULL based parent chart, it becomes possible to use transformations that involve shared data under `.Values.global` and make the result available to parent and sub charts. + +FIXES: + +- due to [changes made to Helm 3 versions](https://github.com/helm/helm/issues/30587), the behavior for accessing undefined values has changed for specific Helm 3 versions starting with 3.19.5+ and 3.20+. The named versions (and potentially all following Helm 3 patches) exhibit the Helm 4 behavior which leads to an error if an undefined field is accessed. Tests were adapted to differentiate concrete Helm 3 versions and set correct expectations. + ## [1.35.0] CHANGES: diff --git a/hull/README.md b/hull/README.md index 50cffaee..990ba76e 100644 --- a/hull/README.md +++ b/hull/README.md @@ -30,19 +30,18 @@ However, note that minor (however potentially chart-breaking) differences were i field_string: "some_text" # string text field_int: 123 # number field_bool: true # boolean - field_unset: - field_dict: + field_unset: + field_dict: key_1: value_1 ``` - The behavior of Helm 3, when accessing such a field's property value, was to treat it as an empty string value from observation. This means, the key value pair exists in the `.Values` object tree and it's value is empty and of string type. With Helm 4 on the other hand, the field is absent from the object tree and accessing it will lead to an error. + The behavior of Helm 3, when accessing such a field's property value, was to treat it as an empty string value from observation. This means, the key value pair exists in the `.Values` object tree and it's value is empty and of string type. With Helm 4 on the other hand, the field is absent from the object tree and accessing it will lead to an error. Both aspects should typically be less relevant for HULL based charts, however it shall be documented here to avoid confusion. More detailed information can be found in the [related Helm issue](https://github.com/helm/helm/issues/31344). **Your feedback on this project is valued, hence please comment or start a discussion in the `Issues` section or create feature wishes and bug reports. Thank you!** -The HULL library chart idea is partly inspired by the [common]( -https://github.com/helm/charts/tree/master/incubator/common) Helm chart concept and for testing +The HULL library chart idea is partly inspired by the [common](https://github.com/helm/charts/tree/master/incubator/common) Helm chart concept and for testing [![Gauge Badge](https://gauge.org/Gauge_Badge.svg)](https://gauge.org). @@ -155,7 +154,7 @@ hull: # HULL is configured via subchart key 'hull' This is the example constituting as `hull-demo`'s `values.yaml`, if you download the latest `hull-demo` release and execute: -```bash +```yaml helm template hull-demo-.tgz ``` @@ -195,7 +194,7 @@ Concentrate on what is needed to specify Kubernetes objects without having to ad For all Kubernetes object types supported by HULL, **full configurational access to the Kubernetes object types properties is directly available**. This relieves chart maintainers from having to add missing configuration options one by one and the Helm chart users from forking the Helm chart to add just the properties they need for their configuration. Only updating the HULL chart to a newer version with matching Kubernetes API version is required to enable configuration of properties added to Kubernetes objects meanwhile in newer API versions. The HULL charts are versioned to reflect the minimal Kubernetes API versions supported by them. - For more details refer to the documentation on [Architecture Overview](/hull/files/doc/architecture.md). + For more details refer to the documentation on [Architecture Overview](/hull/files/doc/architecture.md). ### Unified interface for defining and configuring Helm charts backed by JSON schema @@ -207,14 +206,16 @@ The single interface of the HULL library is used to both create and configure ob **Uniform and rich metadata is automatically attached to all objects created by the HULL library.** -- Kubernetes standard labels as defined for [Kubernetes](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/) and [Helm](https://helm.sh/docs/chart_best_practices/labels/#standard-labels) are added to all objects metadata automatically. -- Additional custom labels and annotations metadata can be set hierarchically for: - - all created Kubernetes objects or - - all created Kubernetes objects of a given type or - - a group of objects of different object types or - - any individual Kubernetes object. +Kubernetes standard labels as defined for [Kubernetes](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/) and [Helm](https://helm.sh/docs/chart_best_practices/labels/#standard-labels) are added to all objects metadata automatically. + +Additional custom labels and annotations metadata can be set hierarchically for: + +- all created Kubernetes objects or +- all created Kubernetes objects of a given type or +- a group of objects of different object types or +- any individual Kubernetes object. - For more details on metadata overwriting refer to the advanced example below. +For more details on metadata overwriting refer to the advanced example below. ### Flexible and comfortable integration of ConfigMaps and Secrets into your Helm chart @@ -280,7 +281,7 @@ Installing or upgrading a chart using HULL follows the standard procedures for e ## First Examples -Using the nginx deployment example from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#creating-a-deployment) as something we want to create with our HULL based Helm chart: +Using the nginx deployment example from the Kubernetes documentation [for nginx](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#creating-a-deployment) as something we want to create with our HULL based Helm chart: ```yaml apiVersion: apps/v1 diff --git a/hull/files/doc/setup.md b/hull/files/doc/setup.md index 89dab2cf..9ebc0daa 100644 --- a/hull/files/doc/setup.md +++ b/hull/files/doc/setup.md @@ -25,6 +25,8 @@ To manually add the HULL library chart to an existing Helm chart: - copy all the files from the folder `/files/templates` to your parent charts `/templates` folder. + ⚠️ **If you plan on combining HULL with generic Helm template files, it is advised to put the `hull.yaml` into a subfolder named `zzz`. Due to the order in which Helm reads and processes templates, the `hull.yaml` in a folder with the highest alphanumerical name will be processed first and the modifications to the `.Values` are active afterwards. This will allow external templates to use HULL processed `values.yaml` fields. See [Subcharts and generic Helm templates](subcharts_generic_templates.md) for details** ⚠️ + ⚠️ **Generally it is required to have the single `hull.yaml` or the individual files from `/files/templates` HULL library functions render the objects specified under the key `hull.objects` in the parent charts `/templates` folder! As of this moment Helm only considers files in the parent charts `/templates` folder for rendering. Consider adding this step to your build pipeline when creating releases of your Helm chart which include HULL.** ⚠️ ⚠️ **There are indications that when a single file in the parent Helm charts `/templates` folder contains many objects to render this impacts performance negatively when run against a real Kubernetes cluster. The time it takes to `helm template`, `helm update` or `helm install` appears to be significantly longer when using one instead of several files. The reason for this is unclear and the behavior looks unneeded and fixable in Helm, it should not matter for processing if objects are read from many or a single template. But right now this would require a fix in Helm itself which is currently out of scope. To workaround this problem (or if you anyway like to have multiple files per object type for rendering) you can alternatively select to use the multiple files per object type from `/files/templates` instead of `hull.yaml` from the HULL charts root folder for rendering!** ⚠️ diff --git a/hull/files/doc/subcharts_generic_templates.md b/hull/files/doc/subcharts_generic_templates.md new file mode 100644 index 00000000..7f3102e5 --- /dev/null +++ b/hull/files/doc/subcharts_generic_templates.md @@ -0,0 +1,390 @@ +# Combining HULL with regular Helm charts + +If you have added HULL to your Helm chart, some advanced options open up which allow to combine the HULL workflow with additional Helm templates or subcharts. The following sections aim to give an overview of what is possible. + +## Using additional templates with HULL + +See the below flow for the difference between regular object rendering using template files and the HULL-based object rendering from a modified `values.yaml`: + +```code + /templates output + + + ┌─────────────┐ ┌─────────────┐ + │ hull.yaml │ │ hull.yaml │ + │ │ │ │ + read & transform │ ┌───────┐ │ │ │ + ┌───────────│─┼trigger│ │ │ │ +┌───────▼────────┐ │ └───────┘ │ │ │ +│ │ │ │ │ ┌───────┐ │ +│ values.yaml │ │ │ │ │ YAML │ │ +│ │ │ │ │ └──▲────┘ │ +└───────┬────────┘ │ │ │ │ │ + │ │ │ │ │ │ + │ │ │ │ │ │ + └───────────┼─────────────┼───────┼─────┘ │ + write objects │ │ │ │ + └─────────────┘ └─────────────┘ + ┌─────────────┐ ┌─────────────┐ + │ redis.yaml │ │ redis.yaml │ +┌────────────────┐ │ │ │ │ +│ │ │ ┌───────┐ │ adapt │ ┌───────┐ │ +│ values.yaml │ │ │ YAML ┼───┼───────┼──► YAML │ │ +│ │ │ └──┬────┘ │ │ └───────┘ │ +└───────▲────────┘ │ │ │ │ │ + │ └────┼────────┘ └─────────────┘ + │ read values │ + └────────────────┘ +``` + +Within [the in-depth analysis](https://github.com/vidispine/hull/issues/367) of the topic it became obvious, that during rendering process of HULL, the Helm charts `.Values` context is manipulated in memory and remains in the manipulated state if templates are processed after `hull.yaml`. + +Helm reads in the templates it finds in the `/templates` folder in a defined order. Template files that are placed in folders are read before those that are directly placed in `/templates` and generally the files are read in reverse alphanumerical fashion. + +Utilizing this knowledge of the processing order - and the fact, that executing the `hull.yaml` changes the `.Values` for all templates being read afterwards - it is possible to inject HULL functionality into regular templates. + +Note that, if you plan to add templates to a HULL based chart, you should copy the `hull.yaml` not to the `/templates` folder directly but within a subfolder that comes last in alphanumerical order (recommended is `/template/zzz/hull.yaml`). This way it is guaranteed to be read first. + +An example HULL-based chart setup could look like this: + +```code +| README.md +| Chart.yaml +| values.yaml +| charts +|-| hull +| templates +|-| gateway.yaml +|-| zzz +|-|-| hull.yaml +``` + +In detail, the setup contains a HULL based chart with an additional template `gateway.yaml`: + +```yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/3328 + gateway.networking.k8s.io/bundle-version: v1.3.0 + gateway.networking.k8s.io/channel: experimental + creationTimestamp: null + name: referencegrants.gateway.networking.k8s.io +spec: + group: gateway.networking.k8s.io + names: + categories: + - gateway-api + kind: ReferenceGrant + listKind: ReferenceGrantList + plural: referencegrants + shortNames: + - refgrant + singular: referencegrant + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + ReferenceGrant identifies kinds of resources in other namespaces that are + trusted to reference the specified kinds of resources in the same namespace + as the policy. + + Each ReferenceGrant can be used to represent a unique trust relationship. + Additional Reference Grants can be used to add to the set of trusted + sources of inbound references for the namespace they are defined within. + + All cross-namespace references in Gateway API (with the exception of cross-namespace + Gateway-route attachment) require a ReferenceGrant. + + ReferenceGrant is a form of runtime verification allowing users to assert + which cross-namespace object references are permitted. Implementations that + support ReferenceGrant MUST NOT permit cross-namespace references which have + no grant, and MUST respond to the removal of a grant by revoking the access + that the grant allowed. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + default: {{ .Values.hull.config.specific.the_value_target }} +``` + +The minimal example `values.yaml` has this content: + +```yaml +hull: + config: + specific: + the_version_source: 1.2.3.4.5 + the_value_target: _HT*hull.config.specific.the_version_source +``` + +Assuming that the presence of the `zzz/hull.yaml` file has no effect on rendering `gateway.yaml`, the last line is expected to be resolved to the unprocessed reference it points to: + +```yaml + default: _HT*hull.config.specific.the_version_source +``` + +However, with included `zzz/hull.yaml` the outcome of the last line in `gateway.yaml` changes to: + +```yaml + default: 1.2.3.4.5 +``` + +This means that the source `.Values` have been manipulated by the functions triggered in `zzz/hull.yaml` so that the HULL transformation `_HT*hull.config.specific.the_version_source` has been transformed to the actual value the Get transformation points too. + +Using this method it becomes possible now to put HULL logic into the `values.yaml` fields and to utilize it by referencing them. + +## Using additional subcharts with HULL + +The power of HULL transformations can also be extended to subcharts included in a HULL based parent chart to a certain degree. + +In general, Helm strictly prevents access to a parent charts context when a subchart is rendered. The notable exception to this rule is the `global` key in the `values.yaml`. By design, all properties put under the `global` key are accessible by subcharts at the same key under `global`. In other words, when handing over the subchart context to the subchart rendering process, the `global` dictionary is added to the subcharts `.Values` context. + +Importantly though, any manipulation done via `hull.yaml` functions in the parent chart (as described in the previous chapter), is not being passed to the subchart's `.Values` when the subchart is rendered. Presumably this is due to the fact that Helm evaluates subcharts before the parent chart so the `hull.yaml` cannot manipulate the data being passed. + +The caveat is, To enable HULL processing within a subchart, it is required to add the `zzz/hull.yaml` folder and file to the subchart `/templates` in the same manner as in the previous scenario. If that is possible, the rendering of HULL transformations is activated for the subchart. + +The scope of transformations within a subchart is local to the subchart as mentioned but includes access to fields in the `global` scope as well, allowing to use parent- and subchart wide logic when it the logic is constrained to the `global` section. + +**Note that it is not needed to add the `hull` chart as a dependency to your subcharts, the presence as a dependency of the parent chart is sufficient. The reason is that `hull.yaml` only triggers functions and the scope of functions is always global. Therefore, all functions can be called from the parents `hull` depencency when triggered in a subchart.** + +To illustrate this with a full example, consider the following parent and two subcharts layout: + +```code +| README.md +| Chart.yaml +| values.yaml +| charts +|-| hull +|-| kube-state-metrics +|-|-| templates +|-|-|-| zzz +|-|-|-|-| hull.yaml +|-| prometheus-postgres-exporter +|-|-| templates +|-|-|-| zzz +|-|-|-|-| hull.yaml +| templates +|-| hull.yaml +``` + +This example includes the [`kube-state-metrics`](https://artifacthub.io/packages/helm/prometheus-community/kube-state-metrics) and [`prometheus-postgres-exporter`](https://artifacthub.io/packages/helm/prometheus-community/prometheus-postgres-exporter) Helm charts as random real-life subchart examples. Both charts have been modified by inclusion of the `/templates/zzz/hull.yaml` as described. + +The `values.yaml` contains the following lines: + +```yaml +################################################### +### CONFIG +global: + service_type: NodePort + number_111: 111 + number_222: 222 + number_333: 333 + ref_number: _HT*global.another_number + another_number: 333 + boolean_true: true + an_ip: 123.345.431.543 + test_annotations: + annotation_1: Global Annotation 1 + annotation_2: Global Annotation 2 + +kube-state-metrics: + test_number: 999 + ip_number: _HT*global.an_ip + local_type: LoadBalancer + service: + annotations: _HT*global.test_annotations + type: _HT*global.service_type + port: _HT*global.ref_number + clusterIP: _HT*ip_number + ipDualStack: + enabled: _HT*global.boolean_true + + +prometheus-postgres-exporter: + local_type: LoadBalancer + local_annotations: + annotation_3: Local Annotation 1 + annotation_4: Local Annotation 2 + service: + annotations: |- + _HT! + { + {{ $annot := _HT*global.test_annotations | merge _HT*local_annotations }} + {{ range $key, $value := $annot }} + {{ $key }}: {{ $value }}, + {{ end }} + } + type: _HT*local_type + port: _HT*global.ref_number + targetPort: _HT*global.number_333 + +hull: + config: + specific: + boolean_true: _HT*global.boolean_true + new_port: _HT*global.number_111 + fixed_number: 12345 + ################################################### + + ################################################### + ### OBJECTS + objects: + + # INGRESS + ingress: + + test-global: + rules: + first_host: + host: host.one.com + http: + paths: + standard: + path: /standard + pathType: ImplementationSpecific + backend: + service: + name: service1_standard + port: + number: _HT*hull.config.specific.new_port +``` + +After `helm template`'ing the Helm chart the following files are part of the rendered output. Each highligted file comes with an explanation of how and why the structures were created as they are: + +1. `kube-state-metrics/templates/service.yaml` + + ```yaml + --- + # Source: hull-test/charts/kube-state-metrics/templates/service.yaml + apiVersion: v1 + kind: Service + metadata: + name: release-name-kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-7.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2.18.0" + annotations: + prometheus.io/scrape: 'true' + annotation_1: Global Annotation 1 + annotation_2: Global Annotation 2 + spec: + type: "NodePort" + ipFamilies: + - IPv6 + - IPv4 + ipFamilyPolicy: PreferDualStack + ports: + - name: http + protocol: TCP + port: 333 + targetPort: http + + clusterIP: "123.345.431.543" + selector: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: release-name + ``` + + Explanation: + + - the `spec.port` has value 333 from source field `global.another_number` as the result of accessing field `_HT*global.ref_number` where field `global.ref_number` itself references `_HT*global.another_number`. Two redirections have been processed to obtain the actual rendered value. + - the `spec.clusterIP` has also been resolved via indirection to the subchart local property `_HT*ip_number` which in turns access `global` field `an_ip` + - the `metadata.annotations` are retrieved from `global` `annotations` dictionary. + - the `spec.type` was set accessing subchart local property `local_type` + - the `spec.ipFamilies` and `spec.ipFamilyPolicy` fields have been created by evaluation of the `_HT*global.boolean_true` field reference in the `kube-state-metrics.service.ipDualStack.enabled` property. + +2. `prometheus-postgres-exporter/templates/service.yaml` + + ```yaml + --- + # Source: hull-test/charts/prometheus-postgres-exporter/templates/service.yaml + apiVersion: v1 + kind: Service + metadata: + name: release-name-prometheus-postgres-exporter + namespace: default + annotations: + annotation_1: Global Annotation 1 + annotation_2: Global Annotation 2 + annotation_3: Local Annotation 1 + annotation_4: Local Annotation 2 + labels: + helm.sh/chart: prometheus-postgres-exporter-7.0.0 + app.kubernetes.io/name: prometheus-postgres-exporter + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "v0.17.1" + spec: + type: LoadBalancer + ports: + - port: 333 + targetPort: 333 + protocol: TCP + name: http + selector: + app.kubernetes.io/name: prometheus-postgres-exporter + app.kubernetes.io/instance: release-name + + ``` + + Explanation: + + - the `spec.port` has value 333 from source field `global.another_number` as the result of accessing field `_HT*global.ref_number` where field `global.ref_number` itself references `_HT*global.another_number`. Two redirections have been processed to obtain the actual rendered value. + - the `spec.targetPort` has value 333 from source field `global.number_333` as the result of accessing field `_HT*global.number_333`. + - the `metadata.annotations` are retrieved from merging the entries of `global.test_annotations` dictionary with the subchart local `local_annotations` dictionary. + - the `spec.type` was set accessing subchart local property `local_type` + +3. `hull.yaml` (excerpt) + + ```yaml + --- + # Source: hull-test/templates/hull.yaml + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + labels: + app.kubernetes.io/component: test-global + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: hull-test + app.kubernetes.io/part-of: undefined + app.kubernetes.io/version: 1.35.0 + helm.sh/chart: hull-test-1.35.0 + name: release-name-hull-test-test-global + namespace: default + spec: + rules: + - host: host.one.com + http: + paths: + - backend: + service: + name: release-name-hull-test-service1_standard + port: + number: 111 + path: /standard + pathType: ImplementationSpecific + ``` + + Explanation: + + - the `port.number` field has inherited value ´111´ from first accessing `hull.config.specific.new_port` which further references `global.number_111` for the actual integer value. + +To summarize, the examples above demonstrates various possibilities how the HULL mechanism can help foster efficient chart configuration even in the context of regular Helm templates or subcharts. \ No newline at end of file diff --git a/hull/files/mkdocs/src/CHANGELOG.md b/hull/files/mkdocs/src/CHANGELOG.md deleted file mode 100644 index 8e7fbdba..00000000 --- a/hull/files/mkdocs/src/CHANGELOG.md +++ /dev/null @@ -1,8 +0,0 @@ -# Changelog - -## [1.35.0] - -CHANGES: - -- initial K8S 1.35 release -- deprecating 1.32 release diff --git a/hull/files/mkdocs/src/CHANGELOG.md b/hull/files/mkdocs/src/CHANGELOG.md new file mode 120000 index 00000000..79b747ae --- /dev/null +++ b/hull/files/mkdocs/src/CHANGELOG.md @@ -0,0 +1 @@ +../../../CHANGELOG.md \ No newline at end of file diff --git a/hull/files/mkdocs/src/HISTORY.md b/hull/files/mkdocs/src/HISTORY.md deleted file mode 100644 index 295a3bc4..00000000 --- a/hull/files/mkdocs/src/HISTORY.md +++ /dev/null @@ -1,531 +0,0 @@ -# History - -## [1.35.0] - -CHANGES: - -- initial K8S 1.35 release -- deprecating 1.32 release - -## [1.34.2] - -FIXES: - -- fixed inconsistency in usage of ConfigMap `binaryData` entries. Previously, it was possible to provide the binary data via the `binaryData` entries' value dictionary `path` property when it is stored in an external file or directly as a string value to the `binaryData` entries key, omitting the dictionary structure in the value. To restore the symmetry in usage with a value dictionary, it is now possible to alternatively use the `inline` property in the value dictionary to submit `binaryData` entries, this works the same way as using a string value for the `binaryData` directly. - -CHANGES: - -- ensured compatibility with Helm v4 major releases. It is expected that the vast majority of HULL based use cases is unaffected by the major version of the Helm binary used to manage the chart. See the information in the `README.md` about the existing differences between Helm v3 and Helm v4 which _may_ affect HULL based charts as well. To accomodate for these differences, some tests were relaxed or made context aware to the hosting Helm binaries major version. -- added optional boolean parameter `preEncoded` to Secret `data` entries. If set, the value read from the `inline` property or from an external file with path `path` will not be Base64 encoded by HULL. Instead, if `preEncoded` is set to `true`, the corresponding data content is expected to already be Base64 encoded and HULL will skip auto-encoding it. Setting `preEncoded` to `true` foremost allows to import Base64 encoded (binary) data as from a Secret `data` entry into a pod. Note that when `preEncoded` is set to `true`, the data must be correctly Base64 encoded, otherwise the Kubernetes API will not accept it. The `preEncoded` property applies to Secret `data` only and is ignored on ConfigMap `data` entries. Thanks Armin [sanarena](https://github.com/sanarena) for the feature request! -- added convenient way to replace a customizable string pattern with double opening and closing curly braces in the rendered final YAML. This is especially helpful when packaging `customresource` objects which in its spec may contain templating expressions using double curly braces, popular examples are CRDs for [External Secrets Operator](https://external-secrets.io/latest/) and [Kyverno](https://kyverno.io/). Since these applications have their own templating engine included, their CustomResources typically contain double curly braces. Using this last minute string replacement technique, it becomes possible to execute HULL transformations on such content containing templating expressions partially targeted for Helm and partially targeted for the downstream application. The post-render string replacement of the downstream applications double curly braces allows for a clear separation of the templating stages. To enable the feature, set both `hull.config.general.postRender.globalStringReplacements.openingDoubleCurlyBraces.enabled` and `hull.config.general.postRender.globalStringReplacements.closingDoubleCurlyBraces.enabled` to `true`. Then, whenever down stream double curly braces need replacing in the rendered result, use `{+{` for opening and `}+}` for closing double curly braces and the placeholders will be replaced with `{{` and `}}` respectively last-minute before submittal to the Kubernetes API. If needed, the placeholder values can be customized in the `hull.config.general.postRender.globalStringReplacements` chart configuration. - -## [1.34.1] - -CHANGES: - -- added optional parameters `NOTEMPLATING` and `SERIALIZATION` to `hull.util.tools.virtualdata.data.glob` transformation. The parameters match the behavior of `noTemplating` and `serialization` which are available for processing individual ConfigMap or Secret `data` values. Used with the `hull.util.tools.virtualdata.data.glob` transformation, templating can be skipped and/or serialization performed on all external files captured via the given glob. Thanks [ievgenii-shepeliuk](https://github.com/ievgenii-shepeliuk) for the feature request. - -## [1.34.0] - -FIXES: - -- fixed error thrown due to calculation of hashsums attempted on `secret` and `configmap` object content when the object instance is implicitly disabled. Setting `enabled: false` in the corresponding `_HULL_OBJECT_TYPE_DEFAULT_` instance will implicitly disable rendering for instances which in this case don't explicitly set `enabled: true`. Now, when a `volumeMount` has property `hashsumAnnotation` set to `true` and the targeted `configmap` or `secret` is either implicitly or explicitly disabled in the chart, the calculation of the hashsum is skipped and no errors are thrown. - -CHANGES: - -- initial K8S 1.34 release -- deprecating 1.31 release -- deprecating `endpoint` object type in accordance with [Kubernetes deprecation](https://kubernetes.io/blog/2025/04/24/endpoints-deprecation/). `endpoint` remains as a configurable object type for the time being but tests for `endpoint` are removed because they fail linting starting with Kubernetes JSON schema version 1.34. - -## [1.33.0] - -CHANGES: - -- initial K8S 1.33 release -- deprecating 1.30 release - -## [1.32.3] - -FIXES: - -- fix CronJob schema missing allowed property `timeZone` as reported [here in this issue](https://github.com/vidispine/hull/issues/360). Thanks for reporting [seniorquico](https://github.com/seniorquico)! - -## [1.32.2] - -FIXES: - -- added schema validation of Gateway API objects created in tests so they are validated properly -- corrected version of created ReferenceGrant objects from `v1` to `v1alpha2` -- fixed Gateway API incorrect schema in field `hostnames` by changing it to an array -- fixed usage of HULL transformations in all fields of Gateway API schema objects in `values.schema.json`. Additional JSON schema properties targeting regular, non-HULL transformation inputs (`pattern`, `default`, `enum`, `minLength` and `maxLength` for strings, `format`, `minimum` and `maximum` for integers) were also applied to the `_HT` inputs which broke usage of them. Solved by strictly separating inputs between `_HT` HULL transformation strings and regular inputs using the `anyOf` property. Thanks to [ievgenii-shepeliuk](https://github.com/ievgenii-shepeliuk) for raising the issue [here in the issues](https://github.com/vidispine/hull/issues/354) - -## [1.32.1] - -CHANGES: - -- added Gateway API objects in version 1.2.0-experimental as main object types to HULL: `backendlbpolicy`, `backendtlspolicy`, `gatewayclass`, `gateway`, `grpcroute`, `httproute`, `referencegrant`, `tcproute`, `tlsroute` and `udproute`. This should make it more comfortable to use them opposed to specifying them using the generic `customresource` object type. Thanks to suggestion from [ievgenii-shepeliuk](https://github.com/ievgenii-shepeliuk) made [in the comments](https://github.com/vidispine/hull/issues/345) -- introducing `sources` feature for pods (`pod` level in the workload specifications) and containers (`initContainers` and `containers` levels in the workload specifications). Using `sources` enables global defaulting of pod and container properties and flexible sharing plus stacking of sets of properties for both pods and containers. Potential usages range from globally enforcing workload security settings, specifying shared minimum or special resource requirements or harmonization of all pods and containers in a chart. See the [chart design guide](/hull/files/doc/chart_design.md) for details. This also closes issues [Add sharedContainers feature](https://github.com/vidispine/hull/issues/305) and [Default security settings](https://github.com/vidispine/hull/issues/310). -- added configurable multi-pass rendering of HULL transformations. This enables forward referencing of values in the YAML tree which was previously not possible. For example, using only a single HULL transformation rendering pass, a field `.Values.hull.config.specific.field_a: _HT*hull.config.specific.field_b`, where `_HT*hull.config.specific.field_b: _HT*hull.config.specific.field_c`, will resolve `field_a` to literal string `_HT*hull.config.specific.field_c`. This is the case because at the time when `field_a` is resolved the value of `field_b` is not yet resolved due to the alphanumeric order of HULL transformation processing. With the new multi-pass default of `hull.config.general.render: 3`, the `field_a: _HT*hull.config.specific.field_c` value is fully resolved to the referenced value of `_HT*hull.config.specific.field_c` in the second pass. - -## [1.31.2] - -FIXES: - -- fixed printed empty string when referencing multi-line strings including line breaks using `_HT*`. Referenced strings via `_HT*` are now bytewise interpreted and printed including newlines using `printf "%s" ($value | quote)` instead of just `$value`. This transports original string as they are literally specified. -- partially fixed referencing large numbers in their original form. Previously if a string contains large numbers > 999999 or values resembling scientific notation, any reference via `_HT*` to the source field interpreted the strings as numbers and converted them to usually undesired scientific notation, changing their value and meaning. Side effect of using `printf "%s" ($value | quote)` for string references, all strings are now transported unchanged. Essentially this makes the [JSON hack mentioned in this issue](https://github.com/vidispine/hull/issues/262) obsolete when the source value is in string form. - -CHANGES: - -- using `tpl` transformations with `_HT!` now allows in-place serialization of the result using `toJson`, `toPrettyJson`, `toRawJson`, `toYaml` or `toString`. This adds another serialization possibility besides the existing `_HT/` include and `_HT*` get transformation result serialization capabilities. Thanks [ievgenii-shepeliuk](https://github.com/ievgenii-shepeliuk) for the [feature request](https://github.com/vidispine/hull/issues/339). -- made previously required dictionary wrapping of array contents for include/`_HT/` transformations obsolete by correctly making use of to `fromYamlArray` Helm function. If an array was to be returned by a `_HT/` transformation, previously it was needed to wrap it in a dictionary and grab the result from the chosen dictionary key. For example, an transformation like `_HT/result/hull.transformation.do.something` would essentially return an array if the include produces a dictionary with a key `result` that has an array value. Starting with this version, it is possible to call `_HT/hull.transformation.do.something` and the resulting include can directly produce the array. -- restructured documentation on transformations in the `hull/doc/transformation.md` file and removed references to obsolete legacy syntax for transformations. - -## [1.31.1] - -FIXES: - -- fixed follow-up problem with a previous fix for calculation of `hashsumAnnotation` for ConfigMaps or Secrets. In an unlikely case, where a ConfigMap or Secret object has no `data` property set and is then disabled, an unintended error was thrown. ConfigMaps or Secrets with no actual `data` properties can now be disabled without the `hashsumAnnotation` functionality failing. - -CHANGES: - -- added include shortform transformation `_HT/` to the allowed transformations that can be used within `_HT!` tpl transformations. Similar to using the `_HT*` get syntax within `_HT!` transformations, the `_HT/` include syntax is now embeddable as well. To delimit the `_HT/` arguments from the rest of the `_HT!` content, the `_HT/` block must have a clear ending suffix `/TH_`, similar to bashs `if`/`fi` style. For example, the following syntax now executes the include function within the tpl content: `_HT!{{- printf "%s-%s" _HT/hull.metadata.name:COMPONENT:"tpl-include"/TH_ "example" -}}` -- added possibility to override individual object instance namespaces by setting an optional `namespaceOverride` property on the object instance. CAUTION: creating objects in multiple namespaces _may_ go against Helm principles since normally all objects are created only in the release namespace! -- added more example `values.yaml` files to `files/examples` and updated outdated ones - -## [1.31.0] - -CHANGES: - -- initial K8S 1.31 release -- deprecating 1.28 release - -## [1.30.5] - -FIXES: - -- fixed issue with using `_HT*` get transformation path syntax within `_HT!` tpl functions when there is an overlap in the paths of the `_HT*` expressions. Since expressions were resolved in order of appearance this could lead to unexpected results where parts of longer expressions were incorrectly overwritten. For example, having get expressions `_HT*hull.config.specific.path.api` and `_HT*hull.config.specific.path.api-user.password` could lead to `_HT*hull.config.specific.path.api` being resolved incorrectly in the latter expresison leaving `-user.password` as an invalid remainder. By sorting the found expressions by descending length instead of order of appearance, it is guaranteed that the longer paths are resolved correctly before any shorter paths that may have an overlap. -- fixed rendering error in case a Secret or ConfigMap that was referred to via the `hashsumAnnotation` feature was set to `enabled: false`. Disabled ConfigMaps or Secrets are now ignored for the calculation of hashsums. - -## [1.30.4] - -FIXES: - -- fixed unwanted fields being merged when using the `sources` feature. When adding multiple sources, the intermediate results were not only merged into the target object but were also added to the sources themselves permanently. If `_HULL_OBJECT_TYPE_DEFAULT_` is in the sources list, this could lead to unwanted fields merged back into object instances that did not have sources specified and only inherited from `_HULL_OBJECT_TYPE_DEFAULT_` implicitly. - -## [1.30.3] - -FIXES: - -- If HULL errors are detected during processing, the processing is not stopped immediately. Instead, all errors are collected and printed after all objects were processed, making it easier to fix multiple problems in one go. -- Multiple HULL errors in one fields value are detectable now and can be shown. Previously only one error per field value was supported. - -CHANGES: - -- allow combination of bool and include transformations using extended `_HT?/` prefix. Include functions in Helm can only return string values [details in this Helm issue](https://github.com/helm/helm/issues/11231) so it is not possible to set a boolean value via retrieving the result of an include function triggered by `_HT/` include. Using `_HT?/` this is possible now, when the include returns a literal `true` or `false` this is treated as a boolean value using this syntax. See the [transformation documentation](/hull/files/doc/transformations.md) for a detailed explanation and examples. -- allow usage of `_HT*` get transformation path syntax within `_HT!` tpl functions and `_HT?` bool transformations to reference `values.yaml` fields. Opposed to a more implementation heavy extension of `_HT*` to add more flexibility, this solution combines full Go templating flexibility while retaining a concise way of referencing fields in the `values.yaml` via `_HT*` syntax. Additionally, in the case, where only one templating operation is required, the extended `_HT!*` prefix allows to omit the double curly brace wrapping for even more conciseness. To e.g. reference and lower case and trim a `.yaml` suffix of a `values.yaml` field, this expression may be used: `field: _HT!* _HT*hull.config.specific.source | lower | trimSuffix ".yaml"` -- due to the introduction of combined transformations with two characters after `_HT` (`_HT?/` and `_HT!*`), the syntax for `_HT**` with added serialization instructions has been changed too so that `_HT**toJson|hull.config.specific.abc` is the valid syntax now. The former legal form, `_HT*toJson|*hull.config.specific.abc`, is still usable but considered legacy from now on. - -## [1.30.2] - -CHANGES: - -- allow to force render an otherwise disabled object using `hull.object.base.xyz` include by setting FORCE_ENABLED to true. This opens up the possibility to define object instance templates in HULL which are not deployed by HULL itself (by setting `enabled: false`). Instead, the object template can be rendered to a ConfigMap as a full-fledged Kubernetes YAML object which for example can serve as an object template the underlying application creates instances from. - -## [1.30.1] - -FIXES: - -- fix default RoleBinding between default Role and default ServiceAccount. Since namespace was not set for the default ServiceAccount reference, the default RBAC RoleBinding did not apply to the default ServiceAccount as intended. - -CHANGES: - -- add possibility to access array items in `_HT*` via using the item index for arrays instead of a dictionary key for dictionaries in the dotted path. Accessing into multiple nested arrays is possible like for example `_HT*hull.config.specific.outer-list.0.inner-list.1.key`. Related feature issue is [this one](https://github.com/vidispine/hull/issues/306) -- improve debugging broken YAML errors by including all available info in the generated error message. The error message now contains the actual YAML error and the reference to the specific object type and instance which could not be rendered. -- started adding reusable helper functions for use with `_HT/` in `_util_tools.tpl`. Populating the `data` for a Secret or ConfigMap with external files matching a GLOB pattern can be achieved by using `hull.util.tools.virtualdata.data.glob`. With `hull.util.tools.file.get`, the contents of an external file can be loaded conveniently outside of the ConfigMap and Secret `data` context. Thanks [ievgenii-shepeliuk](https://github.com/ievgenii-shepeliuk) for the ideas [in this isue](https://github.com/vidispine/hull/issues/311) - -## [1.30.0] - -CHANGES: - -- initial K8S 1.30 release -- deprecating 1.27 release - -## [1.29.7] - -CHANGES: - -- added possibility to get values from the charts root with notation `_HT**` - -## [1.29.6] - -CHANGES: - -- added possibility to access the current object instance key and object type in `_HT*` transformations by using special keys `§OBJECT_INSTANCE_KEY§` and `§OBJECT_TYPE§` in the dotted path - -## [1.29.5] - -FIXES: - -- fixed `OBJECT_INSTANCE_KEY` and `OBJECT_TYPE` not existing in context of `_HT?` boolean transformations. Access to `OBJECT_INSTANCE_KEY` and `OBJECT_TYPE` is now provided same as in context of `_HT!` and `_HT/` transformations -- fixed inability to use `OBJECT_INSTANCE_KEY` and `OBJECT_TYPE` for `_HULL_OBJECT_TYPE_DEFAULT_` instances in context of `_HT/` include transformations. This fix allows to combine `postRender` replacements in content created by `_HT/` transformations on a `_HULL_OBJECT_TYPE_DEFAULT_` instance - -## [1.29.4] - -FIXES: - -- fixed problem with running both HULL transformations and `tpl` on `path` content in ConfigMaps and Secrets. After loading the external files content, decide whether to run HULL transformations or `tpl` based on HULL transformation prefix presence -- fixed checks for `virtualFolderDataPathExists` and `virtualFolderDataInlineValid` in the case of Secrets. Due to the Base64 encoding of data any error signaling strings weren't properly detected. With added Base64 decoding of the content for secrets the error checks now work for both ConfigMaps and Secrets -- make all keys within `.Values` available for reference in Secret and ConfigMap `data` `inline` and `path` content templating. Due to obsolete code, all other keys than `hull` were removed from the parent charts `.Values` context when being passed to ConfigMap and Secret for template processing. Thanks again [khmarochos](https://github.com/khmarochos) for pointing out the problem [in this isue](https://github.com/vidispine/hull/issues/288) - -## [1.29.3] - -CHANGES: - -- avoid rendering of empty collections. All `annotations`, `labels` and several other fields, which are explicitly handled by HULL, now are fully omitted if they resolve to empty dictionaries or arrays. This changed behaviour can be reverted by individually choosing to render `emptyAnnotations`, `emptyLabels`, `emptyTemplateAnnotations`, `emptyTemplateLabels` and/or `emptyHullObjects` under `config.global.render`. This default behavior change is in favor of improving compatibility with tools that potentially auto-prune empty collection fields like ArgoCD and thus may have syncing issues with empty collections. In terms of severity this change is considered non-breaking. Down the line, Kubernetes treats missing and empty collection fields in the same way. Note that per the schema, some collection fields are required (`containers` in `pod` and `paths` in `ingress` `rules`) and omitting them or leaving them empty now violates the Kubernetes schema. However, in these cases Kubernetes also verifies that at least one element is in the collection on deployment so the problem only shows earlier. Thanks [alexrimlin](https://github.com/alexrimlin) for the suggestion! - -## [1.29.2] - -CHANGES: - -- removed hardcoded `type: Opaque` and allow to freely set type of Secrets, thanks [khmarochos](https://github.com/khmarochos) for [PR](https://github.com/vidispine/hull/pull/275) -- enabled specification of `configmap` and `secret` `data` inline` fields as dictionaries or lists and added implicit and explicit serialization to `configmap` and `secret` `data` entries. Implicit and automatic serialization takes place for files ending with `.json`(`toPrettyJson`) and files ending with`.yaml` and `.yml`(`toYaml`) if the`inline` content is a dictionary or a list. Explicit serialization is possible using the new `serialization` property for `data` elements and can be applied to dictionary, list and string `inline` entries and string `path` contents. Thanks [khmarochos](https://github.com/khmarochos) for the idea [in this report](https://github.com/vidispine/hull/issues/267) -- added optional serialization arguments to `_HT/` and `_HT*` to serialize dictioanry and lists `toJson`, `toPrettyJson`, `toRawJson`, `toString` or `toYaml`, also thanks [khmarochos](https://github.com/khmarochos) for the idea [in this report](https://github.com/vidispine/hull/issues/267) -- added optional `postRender` option to inject object instance key or object name strings into rendered object YAML. This enables very efficient specification of multiple identical object instances via the `sources` and `_HULL_OBJECT_TYPE_DEFAULT_` feature and last-minute insertion of the actual object instance key or name into the rendered YAML string. Handle with caution since this can invalidate the YAML structure! -- added error checks in HULL to prevent common configuration errors by failing the Helm command. By default verify `image` specifications exist and are valid for all `containers`, files pointed to via `path` physically exist and all tree elements in a `_HT*` references are resolvable - -FIXES: - -- fixed hashsumAnnotation calculation of secrets incorrectly being done on Base64 encoded value instead of decoded value -- centralized `configmap` and `secret` functionality and tests to guarantee exact same handling whether content is defined `inline` or in a file with `path`. Code difference between `secret` and `configmap` reduced to only late base64 value encoding in the case of secrets. -- improve code in helper functions, thanks [JuryA](https://github.com/JuryA) for [PR](https://github.com/vidispine/hull/pull/277) - -## [1.29.1] - -CHANGES: - -- removed all required field definitions from values.schema.json. Validating required fields is helpful on the output side because it indicates which fields are important in the rendered output but on input side side they block the full potential of efficient defaulting. When present, The JSON schema demands that required fields are added to all individual instances of an object - even when a source or _HULL_OBJECT_TYPE_DEFAULT_ has already set them appropriately and concisely. This leads often to unnecessary bloat and complexity in the values.yaml and therefore the usage of required fields in the JSON schema was dropped favor of cleaner chart design. -- added tests to solidify expectations on workarounds for YAML parser issues with large numbers (unwanted rendering in scientific notation, unwanted interpretation of strings as scientific notation). The issues mentioned [in this report](https://github.com/vidispine/hull/issues/262) cannot be solved in HULL but the tests should from now on indicate if something has changed in Helm about the applicability of the workarounds, thanks [seniorquico](https://github.com/seniorquico) - -FIXES: - -- fixed bug where imagePullSecrets cannot be overwritten with empty list, thanks [khmarochos](https://github.com/khmarochos) - -## [1.29.0] - -CHANGES: - -- initial K8S 1.29 release -- deprecating 1.26 release - -## [1.28.6] - -FIXES: - -- fix still broken CronJob rendering which is now in line with the rendering style of other object types - -## [1.28.5] - -FIXES: - -- fix broken _HULL_OBJECT_TYPE_DEFAULT_ defaulting of CronJobs properties where all values from _HULL_OBJECT_TYPE_DEFAULT_ or sources where not merged to rendered CronJob instances -- fix missing rendering of embedded Job Kubernetes properties in a Cronjobs jobTemplate where any Kubernetes property of an embedded Job was missing from the rendered output - -## [1.28.4] - -FIXES: - -- fix sources feature not properly working for non-pod based object types -- fix OBJECT_INSTANCE_KEY handling causes error for calls to hull.util.transformation.tpl originating outside of hull.util.transformation - -## [1.28.3] - -CHANGES: - -- introducing more flexible mechanism to populate default values for object intances. It is possible to opt to load default values from zero to multiple object instances by using new hull.base.v1 property sources. All referenced object instances are merged in the provided order to allow sharing definitions between object instances and object types. The default behavior to merge default values from _HULL_OBJECT_TYPE_DEFAULT_ remains intact. - -FIXES: - -- added icon to Chart.yaml to fix linter warning -- fail with speaking error message instead of hard to decode error message when path elements in get transformations are not found - -## [1.28.2] - -FIXES: - -- extend loosening of schema type to env fields. User input of type float, integer or boolean is now allowed and on rendering a late to string conversion is taking place to guarantee the Kubernetes schema is not violated demanding string values. - -## [1.28.1] - -FIXES: - -- loosen schema types of image tag, annotation and label values. For image tag values user input of type float or integer and for annotation and label values user input of type float, integer and boolean is allowed. On rendering a late to string conversion is taking place to guarantee the Kubernetes schema is not violated demanding string values. Reasoning behind is that for these fields correct quoting of user input is often missing in case of values which are interpreted as non-strings. Allowing a flexible input type and late guaranteed conversion to string helps avoid unncessary and unexpected errors due to user input. -- drop kubeVersion from Chart.yaml to support running hull-demo in lower version clusters, kubeVersion field does not seem to have relevance for hull as a library chart but is copied over to hull-demo Chart.yaml - -## [1.28.0] - -CHANGES: - -- initial K8S 1.28 release -- deprecating 1.25 release -- allow to use implicitly set OBJECT_INSTANCE_KEY and OBJECT_TYPE context variables for accessing an object instance's key and type as strings in the context of transformations executed within an object instance's specification. - -## [1.27.1] - -CHANGES: - -- allow to set an explicit namespaceOverride via chart configuration on the object instances rendered. This is helpful for usage with helm template command so that rendered templates contain a namespace and can be used directly in GitOps style declarative workflows. If no namespaceOverride is provided, the namespace is now still always added to the object instances and falls back to the release namespace. - -## [1.27.0] - -CHANGES: - -- initial K8S 1.27 release -- deprecating 1.24 release - -## [1.26.2] - -CHANGES: - -- by adding property hashsumAnnotation: true to a pods volumeMount, env or envFrom referencing a ConfigMap or Secret, a pod restart can be enforced in case of changed contents. This works by calculation of a hashsum of the contents and adding it to the pods template annotations. This is recommended practice as documented in the [Helm documentation](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments) in order to handle applications that require restarts on certain configuration changes. - -## [1.26.1] - -CHANGES: - -- add metadataNameOverride possibility to Hull.Object.Base to allow setting an object instance metadata.name that is different from the implicit component key. This enables special use-cases where e.g. the definition of a custom resource instance is done in the chart's values.yaml under a fixed key and the CustomResources actual instance name - maybe playing an important role for the operator functionality - is only set at deployment time dynamically - -## [1.26.0] - -CHANGES: - -- initial K8S 1.26 release -- deprecating 1.23 release -- build and release hull-demo chart for easy demoing and bootstrapping HULL based Helm Charts - -FIXES: - -- improved schema structure for centrally defined probe configurations ([PR](https://github.com/vidispine/hull/pull/202), thanks [matthias4217](https://github.com/matthias4217)) -- fix merging order for tests with additional overlay values.yamls - -## [1.25.10] - -FIXES: - -- when a dictionary structure contains a _HULL_TRANSFORMATION_ key for producing dynamically rendered key-value content and additional static keys side-by-side, transformations were not being correctly processed for the structures beneath the static key contents -- some minor documentation fixes (links in main README.md, broken structures) - -## [1.25.9] - -FIXES: - -- fixed incorrect schema structure for imagePullPolicy enums (thanks [matthias4217](https://github.com/matthias4217)) - -## [1.25.8] - -FIXES: - -- fixed general linter error due to bad whitespace chomping between YAML objects, this did not affect template rendering however () -- added strict linting to test cases, now all cases must not emit linting WARNINGs or ERRORs to be considered successful - -## [1.25.7] - -FIXES: - -- extend transformation scope from objects spec to Values.hull when computing initial transformations, fixes cases with first transformation resolving to another transformation which is then not resolved itself -- speed up rendering by only run transformations once on complete Values.hull dictionary instead of running it once for each object type - -## [1.25.6] - -FIXES: - -- render emtpy string instead of `` when ConfigMap or Secret inline input is nil pointer - -CHANGES: - -- add debug option renderNilWhenInlineIsNil to print out `` instead of empty string when an inline value resolves to a nil pointer -- add debug option renderPathMissingWhenPathIsNonExistent to print out information about a missing file for a path value instead of an empty string when a path value does not resolve to an actual file - -## [1.25.5] - -CHANGES: - -- changed transformation notation for include for better readability - -FIXES: - -- fixed and improve include transformation - -## [1.25.4] - -CHANGES: - -- add new include transformation and short form to allow compact usage of includes with minimum typing in values.yaml. - -FIXES: - -- quote versions in Chart.yaml () - -## [1.25.3] - -CHANGES: - -- for ConfigMap and Secret data, inline specification now always has precedence over path specification to make sure that content can always be overwritten at configuration time if required -- add active property to allow selecting amongst multiple volume definitions if they exist, eg. if a volume is defaulting to an emptyDir and is to be made a persistentVolumeClaim, the value of the active property (if specified) declares the concrete volume to render, otherwise Kubernetes will not accept multiple volume type definitions for a volume. - -## [1.25.2] - -CHANGES: - -- remove required property for endpoints and selector in ServiceMonitors from schema to allow better defaulting - -## [1.25.1] - -CHANGES: - -- add debug option renderBrokenHullGetTransformationReferences which allows to render HULL charts containing broken Get transformation references with non existing keys. By rendering these transformations with an informative placeholder instead of failing the chart rendering the broken references can be traced and fixed more easily before finishing writing the chart -- allows to use placeholder § to escape dots within key names so GET references also work when dots are within key names - -## [1.25.0] - -CHANGES: - -- initial K8S 1.25 release -- deprecating 1.22 release -- removed PodSecurityPolicy - -## [1.24.1] - -CHANGES: - -- improve intro documentation and add KH quote -- add Helm 3.9.0 to tests -- add option noObjectNamePrefixes to remove all object name prefixes globally - -## [1.24.0] - -CHANGES: - -- initial K8S 1.24 release -- deprecating 1.21 release -- added option to include ConfigMap binaryData from external path - -## [1.23.4] - -CHANGES: - -- added new objects Namespace, EndpointSlice and LimitRange - -- update documentation - -FIXES: - -- disabling RBAC did not prevent rendering of Roles and ClusterRoles - -## [1.23.3] - -CHANGES: - -- added transformation pattern to array fields from ServiceMonitor definition -- update documentation - -FIXES: - -- HULL rules must be dictionary for roles in values.yaml - -## [1.23.2] - -CHANGES: - -- get transformation can now return complex dictionaries and array types -- introduce selector transformation and _HT& shortcut - -FIXES: - -- use fixed name template lower-case 'release-name' for helm template command compatibility with Helm 3.8. Previous versions created upper case 'RELEASE-NAME' by default for Release.Name which is changed to lowercase 'release-name' with Helm 3.8 - -## [1.23.1] - -CHANGES: - -- allow to choose between rendering to single file or multiple files per object type to potentially eliminate performance penalty due to having one file only -- add test environments for both single and multi file usage -- add two example values.yamls - -FIXES: - -- allow using 63 instead of 54 chars for a fullname and name override -- remove dots end of labels and names - -## [1.23.0] - -CHANGES: - -- initial K8S 1.23 release -- deprecating 1.20 release - -## [1.22.13] - -FIXES: - -- changed probe port schema to anyOf to avoid clash when using oneOf transformation or string - -## [1.22.12] - -FIXES: - -- allow mixed transform only when dictionary is returned from transformation and other keys exist besides transformation trigger - -## [1.22.11] - -CHANGES: - -- added tests for get transformation results -- make every object field subjectable to string transformations irrelevant of input type by large scale extension of JSON schema - -FIXES: - -- using a get transformation to poulate Configmap/Secret contents produced bad -character sequences - -## [1.22.10] - -CHANGES: - -- added short forms for transformations -- documentation improved - -## [1.22.9] - -CHANGES: - -- fix enabled properties allowed on policyrules in roles, envfrom and tls in ingresses -- allow shorter form of (index . "$") to access parent context - -## [1.22.8] - -CHANGES: - -- add hull.util.transformation.bool transformation - -- BREAKING! change fields for registry population to overwrite any explicit registry fields - -## [1.22.7] - -CHANGES: - -- add CHANGELOG.md -- add ingressclass objects as main objects -- allow to specify rules in roles key-value based instead of as an array (array also supported) -- add unit tests for ClusterRole and ClusterRoleBindings - -FIXES: - -- clusterrole and clusterrolebinding objects with enabled=false or nulled were rendering incorrectly as empty objects -- cronjob pods must not have selector set - -## [1.22.6] - -CHANGES: - -- allow enabled property on all key-value pair HULL objects -- allow to use string as input for enabled property in order to use HULL transformations on enabled properties diff --git a/hull/files/mkdocs/src/HISTORY.md b/hull/files/mkdocs/src/HISTORY.md new file mode 120000 index 00000000..7dba89c9 --- /dev/null +++ b/hull/files/mkdocs/src/HISTORY.md @@ -0,0 +1 @@ +../../../HISTORY.md \ No newline at end of file diff --git a/hull/files/test/HULL/env/default/default.properties b/hull/files/test/HULL/env/default/default.properties index 98281a7a..e01bfed6 100644 --- a/hull/files/test/HULL/env/default/default.properties +++ b/hull/files/test/HULL/env/default/default.properties @@ -24,3 +24,6 @@ csv_delimiter = , # Allows steps to be written in multiline allow_multiline_step = false + +#helm_binary = /home/georg/helm_4 +#helm_binary = helm \ No newline at end of file diff --git a/hull/files/test/HULL/sources/cases/ingress/values_external_templates.hull.yaml b/hull/files/test/HULL/sources/cases/ingress/values_external_templates.hull.yaml new file mode 100644 index 00000000..8c21f4c8 --- /dev/null +++ b/hull/files/test/HULL/sources/cases/ingress/values_external_templates.hull.yaml @@ -0,0 +1,5 @@ +hull: + config: + specific: + the_version_source: 1.2.3.4.5 + the_value_target: _HT*hull.config.specific.the_version_source \ No newline at end of file diff --git a/hull/files/test/HULL/sources/cases/ingress/values_subcharts.hull.yaml b/hull/files/test/HULL/sources/cases/ingress/values_subcharts.hull.yaml new file mode 100644 index 00000000..53372283 --- /dev/null +++ b/hull/files/test/HULL/sources/cases/ingress/values_subcharts.hull.yaml @@ -0,0 +1,92 @@ +################################ +### Example values.yaml with all features applied +################################ + +################################################### +### CONFIG +global: + service_type: NodePort + number_111: 111 + number_222: 222 + number_333: 333 + ref_number: _HT*global.another_number + another_number: 333 + boolean_true: true + an_ip: 123.345.431.543 + test_annotations: + annotation_1: Global Annotation 1 + annotation_2: Global Annotation 2 + +kube-state-metrics: + test_number: 999 + ip_number: _HT*global.an_ip + local_type: LoadBalancer + service: + annotations: _HT*global.test_annotations + type: _HT*global.service_type + port: _HT*global.ref_number + clusterIP: _HT*ip_number + ipDualStack: + enabled: _HT*global.boolean_true + + +prometheus-postgres-exporter: + local_type: LoadBalancer + local_annotations: + annotation_3: Local Annotation 1 + annotation_4: Local Annotation 2 + service: + annotations: |- + _HT! + { + {{ $annot := _HT*global.test_annotations | merge _HT*local_annotations }} + {{ range $key, $value := $annot }} + {{ $key }}: {{ $value }}, + {{ end }} + } + type: _HT*local_type + port: _HT*global.ref_number + targetPort: _HT*global.number_333 + +hull: + config: +# general: +# data: {} +# metadata: +# labels: +# custom: +# general_custom_label_1: General Custom Label 1 +# general_custom_label_2: General Custom Label 2 +# general_custom_label_3: General Custom Label 3 +# annotations: +# custom: +# general_custom_annotation_1: General Custom Annotation 1 +# general_custom_annotation_2: General Custom Annotation 2 +# general_custom_annotation_3: General Custom Annotation 3 + specific: + boolean_true: _HT*global.boolean_true + new_port: _HT*global.number_111 + fixed_number: 12345 + ################################################### + + ################################################### + ### OBJECTS + objects: + + # INGRESS + ingress: + + test-global: + rules: + first_host: + host: host.one.com + http: + paths: + standard: + path: /standard + pathType: ImplementationSpecific + backend: + service: + name: service1_standard + port: + number: _HT*hull.config.specific.new_port diff --git a/hull/files/test/HULL/sources/chartmods/externaltemplates/templates/gateway.yaml b/hull/files/test/HULL/sources/chartmods/externaltemplates/templates/gateway.yaml new file mode 100644 index 00000000..2b2af204 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/externaltemplates/templates/gateway.yaml @@ -0,0 +1,55 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/3328 + gateway.networking.k8s.io/bundle-version: v1.3.0 + gateway.networking.k8s.io/channel: experimental + creationTimestamp: null + name: referencegrants.gateway.networking.k8s.io +spec: + group: gateway.networking.k8s.io + names: + categories: + - gateway-api + kind: ReferenceGrant + listKind: ReferenceGrantList + plural: referencegrants + shortNames: + - refgrant + singular: referencegrant + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + ReferenceGrant identifies kinds of resources in other namespaces that are + trusted to reference the specified kinds of resources in the same namespace + as the policy. + + Each ReferenceGrant can be used to represent a unique trust relationship. + Additional Reference Grants can be used to add to the set of trusted + sources of inbound references for the namespace they are defined within. + + All cross-namespace references in Gateway API (with the exception of cross-namespace + Gateway-route attachment) require a ReferenceGrant. + + ReferenceGrant is a form of runtime verification allowing users to assert + which cross-namespace object references are permitted. Implementations that + support ReferenceGrant MUST NOT permit cross-namespace references which have + no grant, and MUST respond to the removal of a grant by revoking the access + that the grant allowed. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + default: {{ .Values.hull.config.specific.the_value_target }} diff --git a/hull/files/test/HULL/sources/chartmods/externaltemplates/templates/hull.yaml b/hull/files/test/HULL/sources/chartmods/externaltemplates/templates/hull.yaml new file mode 100644 index 00000000..e69de29b diff --git a/hull/files/test/HULL/sources/chartmods/externaltemplates/templates/zzz/hull.yaml b/hull/files/test/HULL/sources/chartmods/externaltemplates/templates/zzz/hull.yaml new file mode 100644 index 00000000..17392446 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/externaltemplates/templates/zzz/hull.yaml @@ -0,0 +1 @@ +{{- include "hull.objects.prepare.all" (dict "HULL_ROOT_KEY" "hull" "ROOT_CONTEXT" $) }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/Chart.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/Chart.yaml new file mode 100644 index 00000000..34972f30 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/Chart.yaml @@ -0,0 +1,37 @@ +# Basic chart description and version +apiVersion: v2 +name: hull-test +version: .0 +kubeVersion: ".0 - .0" +description: hull-test +type: application +keywords: + - "hull" + - "test" +home: https://vidispine.github.io/hull +sources: + - https://vidispine.github.io/hull + - https://github.com/vidispine/hull/blob/gh-pages/hull.png +dependencies: + - name: hull + version: ".0" + repository: "https://vidispine.github.io/hull" + - name: kube-state-metrics + version: 7.1.0 + repository: "https://prometheus-community.github.io/helm-charts" + - name: prometheus-postgres-exporter + version: 7.0.0 + repository: "https://prometheus-community.github.io/helm-charts" +maintainers: + - name: testperson1 + email: person1@test.com + url: https://person1.com + - name: testperson2 + email: person2@test.com + url: https://person2.com +icon: https://github.com/vidispine/hull/blob/gh-pages/hull.png +appVersion: .0 +deprecated: True +annotations: + test1: test1 + test2: test2 \ No newline at end of file diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/.helmignore b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/Chart.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/Chart.yaml new file mode 100644 index 00000000..9cd93e85 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/Chart.yaml @@ -0,0 +1,29 @@ +annotations: + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Chart Source + url: https://github.com/prometheus-community/helm-charts +apiVersion: v2 +appVersion: 2.18.0 +description: Install kube-state-metrics to generate and expose cluster-level metrics +home: https://github.com/kubernetes/kube-state-metrics/ +keywords: +- metric +- monitoring +- prometheus +- kubernetes +maintainers: +- email: tariq.ibrahim@mulesoft.com + name: tariq1890 + url: https://github.com/tariq1890 +- email: manuel@rueg.eu + name: mrueg + url: https://github.com/mrueg +- email: david@0xdc.me + name: dotdc + url: https://github.com/dotdc +name: kube-state-metrics +sources: +- https://github.com/kubernetes/kube-state-metrics/ +type: application +version: 7.1.0 diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/README.md b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/README.md new file mode 100644 index 00000000..9348d4c0 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/README.md @@ -0,0 +1,87 @@ +# kube-state-metrics Helm Chart + +Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). + +## Usage + +The chart is distributed as an [OCI Artifact](https://helm.sh/docs/topics/registries/) as well as via a traditional [Helm Repository](https://helm.sh/docs/topics/chart_repository/). + +- OCI Artifact: `oci://ghcr.io/prometheus-community/charts/kube-state-metrics` +- Helm Repository: `https://prometheus-community.github.io/helm-charts` with chart `kube-state-metrics` + +The installation instructions use the OCI registry. Refer to the [`helm repo`]([`helm repo`](https://helm.sh/docs/helm/helm_repo/)) command documentation for information on installing charts via the traditional repository. + +### Install Chart + +```console +helm install [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/kube-state-metrics [flags] +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +### Uninstall Chart + +```console +helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +### Upgrading Chart + +```console +helm upgrade [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/kube-state-metrics [flags] +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +#### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics + +You can upgrade in-place: + +1. [upgrade](#upgrading-chart) your existing release name using the new chart repository + +## Upgrading to v6.0.0 + +This version drops support for deprecated Pod Security Policy resources. + +## Upgrading to v3.0.0 + +v3.0.0 includes kube-state-metrics v2.0, see the [changelog](https://github.com/kubernetes/kube-state-metrics/blob/release-2.0/CHANGELOG.md) for major changes on the application-side. + +The upgraded chart now the following changes: + +- Dropped support for helm v2 (helm v3 or later is required) +- collectors key was renamed to resources +- namespace key was renamed to namespaces + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: + +```console +helm show values oci://ghcr.io/prometheus-community/charts/kube-state-metrics +``` + +### kube-rbac-proxy + +You can enable `kube-state-metrics` endpoint protection using `kube-rbac-proxy`. By setting `kubeRBACProxy.enabled: true`, this chart will deploy one RBAC proxy container per endpoint (metrics & telemetry). +To authorize access, authenticate your requests (via a `ServiceAccount` for example) with a `ClusterRole` attached such as: + +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kube-state-metrics-read +rules: + - apiGroups: [ "" ] + resources: ["services/kube-state-metrics"] + verbs: + - get +``` + +See [kube-rbac-proxy examples](https://github.com/brancz/kube-rbac-proxy/tree/master/examples/resource-attributes) for more details. diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/NOTES.txt b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/NOTES.txt new file mode 100644 index 00000000..3589c24e --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/NOTES.txt @@ -0,0 +1,23 @@ +kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. +The exposed metrics can be found here: +https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics + +The metrics are exported on the HTTP endpoint /metrics on the listening port. +In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics + +They are served either as plaintext or protobuf depending on the Accept header. +They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. + +{{- if .Values.kubeRBACProxy.enabled}} + +kube-rbac-proxy endpoint protections is enabled: +- Metrics endpoints are now HTTPS +- Ensure that the client authenticates the requests (e.g. via service account) with the following role permissions: +``` +rules: + - apiGroups: [ "" ] + resources: ["services/{{ template "kube-state-metrics.fullname" . }}"] + verbs: + - get +``` +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/_helpers.tpl b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/_helpers.tpl new file mode 100644 index 00000000..c8cfa56b --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/_helpers.tpl @@ -0,0 +1,186 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "kube-state-metrics.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kube-state-metrics.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kube-state-metrics.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "kube-state-metrics.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kube-state-metrics.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Generate basic labels +*/}} +{{- define "kube-state-metrics.labels" }} +helm.sh/chart: {{ template "kube-state-metrics.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: metrics +app.kubernetes.io/part-of: {{ template "kube-state-metrics.name" . }} +{{- include "kube-state-metrics.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if .Values.customLabels }} +{{ tpl (toYaml .Values.customLabels) . }} +{{- end }} +{{- if .Values.releaseLabel }} +release: {{ .Release.Name }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kube-state-metrics.selectorLabels" }} +{{- if .Values.selectorOverride }} +{{ toYaml .Values.selectorOverride }} +{{- else }} +app.kubernetes.io/name: {{ include "kube-state-metrics.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} +{{- end }} + +{{/* Sets default scrape limits for servicemonitor */}} +{{- define "servicemonitor.scrapeLimits" -}} +{{- with .sampleLimit }} +sampleLimit: {{ . }} +{{- end }} +{{- with .targetLimit }} +targetLimit: {{ . }} +{{- end }} +{{- with .labelLimit }} +labelLimit: {{ . }} +{{- end }} +{{- with .labelNameLengthLimit }} +labelNameLengthLimit: {{ . }} +{{- end }} +{{- with .labelValueLengthLimit }} +labelValueLengthLimit: {{ . }} +{{- end }} +{{- end -}} + +{{/* Sets default scrape limits for scrapeconfig */}} +{{- define "scrapeconfig.scrapeLimits" -}} +{{- with .sampleLimit }} +sampleLimit: {{ . }} +{{- end }} +{{- with .targetLimit }} +targetLimit: {{ . }} +{{- end }} +{{- with .labelLimit }} +labelLimit: {{ . }} +{{- end }} +{{- with .labelNameLengthLimit }} +labelNameLengthLimit: {{ . }} +{{- end }} +{{- with .labelValueLengthLimit }} +labelValueLengthLimit: {{ . }} +{{- end }} +{{- end -}} + +{{/* +Formats imagePullSecrets. Input is (dict "Values" .Values "imagePullSecrets" .{specific imagePullSecrets}) +*/}} +{{- define "kube-state-metrics.imagePullSecrets" -}} +{{- range (concat .Values.global.imagePullSecrets .imagePullSecrets) }} + {{- if eq (typeOf .) "map[string]interface {}" }} +- {{ toYaml . | trim }} + {{- else }} +- name: {{ . }} + {{- end }} +{{- end }} +{{- end -}} + +{{/* +The image to use for kube-state-metrics +*/}} +{{- define "kube-state-metrics.image" -}} +{{- if .Values.image.sha }} +{{- if .Values.global.imageRegistry }} +{{- printf "%s/%s:%s@%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }} +{{- else }} +{{- printf "%s/%s:%s@%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }} +{{- end }} +{{- else }} +{{- if .Values.global.imageRegistry }} +{{- printf "%s/%s:%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} +{{- else }} +{{- printf "%s/%s:%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +The image to use for kubeRBACProxy +*/}} +{{- define "kubeRBACProxy.image" -}} +{{- if .Values.kubeRBACProxy.image.sha }} +{{- if .Values.global.imageRegistry }} +{{- printf "%s/%s:%s@%s" .Values.global.imageRegistry .Values.kubeRBACProxy.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.kubeRBACProxy.image.tag) .Values.kubeRBACProxy.image.sha }} +{{- else }} +{{- printf "%s/%s:%s@%s" .Values.kubeRBACProxy.image.registry .Values.kubeRBACProxy.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.kubeRBACProxy.image.tag) .Values.kubeRBACProxy.image.sha }} +{{- end }} +{{- else }} +{{- if .Values.global.imageRegistry }} +{{- printf "%s/%s:%s" .Values.global.imageRegistry .Values.kubeRBACProxy.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.kubeRBACProxy.image.tag) }} +{{- else }} +{{- printf "%s/%s:%s" .Values.kubeRBACProxy.image.registry .Values.kubeRBACProxy.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.kubeRBACProxy.image.tag) }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +The name of the ConfigMap for the customResourceState config. +*/}} +{{- define "kube-state-metrics.crsConfigMapName" -}} + {{- if ne .Values.customResourceState.name "" }} + {{- .Values.customResourceState.name }} + {{- else }} + {{- template "kube-state-metrics.fullname" . }}-customresourcestate-config + {{- end }} +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/ciliumnetworkpolicy.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/ciliumnetworkpolicy.yaml new file mode 100644 index 00000000..025cd47a --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/ciliumnetworkpolicy.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.networkPolicy.enabled (eq .Values.networkPolicy.flavor "cilium") }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + {{- if .Values.annotations }} + annotations: + {{ toYaml .Values.annotations | nindent 4 }} + {{- end }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +spec: + endpointSelector: + matchLabels: + {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} + egress: + {{- if and .Values.networkPolicy.cilium .Values.networkPolicy.cilium.kubeApiServerSelector }} + {{ toYaml .Values.networkPolicy.cilium.kubeApiServerSelector | nindent 6 }} + {{- else }} + - toEntities: + - kube-apiserver + {{- end }} + ingress: + - toPorts: + - ports: + - port: {{ .Values.service.port | quote }} + protocol: TCP + {{- if .Values.selfMonitor.enabled }} + - port: {{ .Values.selfMonitor.telemetryPort | default 8081 | quote }} + protocol: TCP + {{ end }} +{{ end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/clusterrolebinding.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..cf9f628d --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/clusterrolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + name: {{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- if .Values.rbac.useExistingRole }} + name: {{ .Values.rbac.useExistingRole }} +{{- else }} + name: {{ template "kube-state-metrics.fullname" . }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.serviceAccountName" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end -}} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/crs-configmap.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/crs-configmap.yaml new file mode 100644 index 00000000..e64c4a7b --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/crs-configmap.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.customResourceState.enabled .Values.customResourceState.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "kube-state-metrics.crsConfigMapName" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + {{- if .Values.annotations }} + annotations: + {{ toYaml .Values.annotations | nindent 4 }} + {{- end }} +data: + {{ .Values.customResourceState.key }}: | + {{- toYaml .Values.customResourceState.config | nindent 4 }} +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/deployment.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/deployment.yaml new file mode 100644 index 00000000..d7679f3e --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/deployment.yaml @@ -0,0 +1,374 @@ +apiVersion: apps/v1 +{{- if .Values.autosharding.enabled }} +kind: StatefulSet +{{- else }} +kind: Deployment +{{- end }} +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} + replicas: {{ .Values.replicas }} + {{- if not .Values.autosharding.enabled }} + strategy: + type: {{ .Values.updateStrategy | default "RollingUpdate" }} + {{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- if .Values.autosharding.enabled }} + serviceName: {{ template "kube-state-metrics.fullname" . }} + volumeClaimTemplates: [] + {{- end }} + template: + metadata: + labels: + {{- include "kube-state-metrics.labels" . | indent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.podAnnotations }} + annotations: + {{ toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} + spec: + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} + hostNetwork: {{ .Values.hostNetwork }} + serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.initContainers }} + initContainers: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: {{ toYaml .Values.dnsConfig | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy }} + containers: + {{- $servicePort := ternary .Values.kubeRBACProxy.port (.Values.service.port | default 8080) .Values.kubeRBACProxy.enabled}} + {{- $telemetryPort := ternary 9091 (.Values.selfMonitor.telemetryPort | default 8081) .Values.kubeRBACProxy.enabled}} + - name: {{ template "kube-state-metrics.name" . }} + {{- if .Values.autosharding.enabled }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.env }} + {{- toYaml .Values.env | nindent 8 }} + {{- end }} + {{ else }} + {{- if .Values.env }} + env: + {{- toYaml .Values.env | nindent 8 }} + {{- end }} + {{- end }} + args: + {{- if .Values.extraArgs }} + {{- .Values.extraArgs | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.kubeRBACProxy.enabled }} + - --host=127.0.0.1 + {{- end }} + - --port={{ $servicePort }} + {{- if .Values.collectors }} + - --resources={{ .Values.collectors | join "," }} + {{- end }} + {{- if .Values.metricLabelsAllowlist }} + - --metric-labels-allowlist={{ .Values.metricLabelsAllowlist | join "," }} + {{- end }} + {{- if .Values.metricAnnotationsAllowList }} + - --metric-annotations-allowlist={{ .Values.metricAnnotationsAllowList | join "," }} + {{- end }} + {{- if .Values.metricAllowlist }} + - --metric-allowlist={{ .Values.metricAllowlist | join "," }} + {{- end }} + {{- if .Values.metricDenylist }} + - --metric-denylist={{ .Values.metricDenylist | join "," }} + {{- end }} + {{- $namespaces := list }} + {{- if .Values.namespaces }} + {{- range $ns := join "," .Values.namespaces | split "," }} + {{- $namespaces = append $namespaces (tpl $ns $) }} + {{- end }} + {{- end }} + {{- if .Values.releaseNamespace }} + {{- $namespaces = append $namespaces ( include "kube-state-metrics.namespace" . ) }} + {{- end }} + {{- if $namespaces }} + - --namespaces={{ $namespaces | mustUniq | join "," }} + {{- end }} + {{- if .Values.namespacesDenylist }} + - --namespaces-denylist={{ tpl (.Values.namespacesDenylist | join ",") $ }} + {{- end }} + {{- if .Values.autosharding.enabled }} + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) + {{- end }} + {{- if .Values.kubeconfig.enabled }} + - --kubeconfig=/opt/k8s/.kube/config + {{- end }} + {{- if .Values.kubeRBACProxy.enabled }} + - --telemetry-host=127.0.0.1 + - --telemetry-port={{ $telemetryPort }} + {{- else }} + {{- if .Values.selfMonitor.telemetryHost }} + - --telemetry-host={{ .Values.selfMonitor.telemetryHost }} + {{- end }} + {{- if .Values.selfMonitor.telemetryPort }} + - --telemetry-port={{ $telemetryPort }} + {{- end }} + {{- end }} + {{- if .Values.customResourceState.enabled }} + - --custom-resource-state-config-file=/etc/customresourcestate/{{ .Values.customResourceState.key }} + {{- end }} + {{- if or (.Values.kubeconfig.enabled) (.Values.customResourceState.enabled) (.Values.volumeMounts) }} + volumeMounts: + {{- if .Values.kubeconfig.enabled }} + - name: kubeconfig + mountPath: /opt/k8s/.kube/ + readOnly: true + {{- end }} + {{- if .Values.customResourceState.enabled }} + - name: customresourcestate-config + mountPath: /etc/customresourcestate + readOnly: true + {{- end }} + {{- if .Values.volumeMounts }} +{{ toYaml .Values.volumeMounts | indent 8 }} + {{- end }} + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ include "kube-state-metrics.image" . }} + {{- if eq .Values.kubeRBACProxy.enabled false }} + ports: + - containerPort: {{ .Values.service.port | default 8080}} + name: http + - containerPort: {{ $telemetryPort }} + name: metrics + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + httpGet: + {{- if .Values.hostNetwork }} + host: 127.0.0.1 + {{- end }} + httpHeaders: + {{- range $_, $header := .Values.startupProbe.httpGet.httpHeaders }} + - name: {{ $header.name }} + value: {{ $header.value }} + {{- end }} + path: /healthz + port: http + {{- if .Values.kubeRBACProxy.enabled }} + scheme: HTTPS + {{- else }} + scheme: {{ upper .Values.startupProbe.httpGet.scheme }} + {{- end }} + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + {{- end }} + livenessProbe: + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + {{- if .Values.hostNetwork }} + host: 127.0.0.1 + {{- end }} + httpHeaders: + {{- range $_, $header := .Values.livenessProbe.httpGet.httpHeaders }} + - name: {{ $header.name }} + value: {{ $header.value }} + {{- end }} + path: /livez + port: http + {{- if .Values.kubeRBACProxy.enabled }} + scheme: HTTPS + {{- else }} + scheme: {{ upper .Values.livenessProbe.httpGet.scheme }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + readinessProbe: + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + httpGet: + {{- if .Values.hostNetwork }} + host: 127.0.0.1 + {{- end }} + httpHeaders: + {{- range $_, $header := .Values.readinessProbe.httpGet.httpHeaders }} + - name: {{ $header.name }} + value: {{ $header.value }} + {{- end }} + path: /readyz + port: metrics + {{- if .Values.kubeRBACProxy.enabled }} + scheme: HTTPS + {{- else }} + scheme: {{ upper .Values.readinessProbe.httpGet.scheme }} + {{- end }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + resources: +{{ toYaml .Values.resources | indent 10 }} +{{- if .Values.containerSecurityContext }} + securityContext: +{{ toYaml .Values.containerSecurityContext | indent 10 }} +{{- end }} + {{- if .Values.kubeRBACProxy.enabled }} + - name: kube-rbac-proxy-http + args: + {{- if .Values.kubeRBACProxy.extraArgs }} + {{- .Values.kubeRBACProxy.extraArgs | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.kubeRBACProxy.ignoreProbePaths }} + - --ignore-paths=/livez,/readyz + {{- end }} + - --secure-listen-address=:{{ .Values.service.port | default 8080}} + - --upstream=http://127.0.0.1:{{ $servicePort }}/ + - --proxy-endpoints-port={{ .Values.kubeRBACProxy.proxyEndpointsPort | default 8888 }} + - --config-file=/etc/kube-rbac-proxy-config/config-file.yaml + volumeMounts: + - name: kube-rbac-proxy-config + mountPath: /etc/kube-rbac-proxy-config + {{- with .Values.kubeRBACProxy.volumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} + imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }} + image: {{ include "kubeRBACProxy.image" . }} + ports: + - containerPort: {{ .Values.service.port | default 8080}} + name: http + - containerPort: {{ .Values.kubeRBACProxy.proxyEndpointsPort | default 8888 }} + name: http-healthz + readinessProbe: + httpGet: + scheme: HTTPS + port: http-healthz + path: /healthz + initialDelaySeconds: 5 + timeoutSeconds: 5 + {{- if .Values.kubeRBACProxy.resources }} + resources: +{{ toYaml .Values.kubeRBACProxy.resources | indent 10 }} +{{- end }} +{{- if .Values.kubeRBACProxy.containerSecurityContext }} + securityContext: +{{ toYaml .Values.kubeRBACProxy.containerSecurityContext | indent 10 }} +{{- end }} + {{- if .Values.selfMonitor.enabled }} + - name: kube-rbac-proxy-telemetry + args: + {{- if .Values.kubeRBACProxy.extraArgs }} + {{- .Values.kubeRBACProxy.extraArgs | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.kubeRBACProxy.ignoreProbePaths }} + - --ignore-paths=/livez,/readyz + {{- end }} + - --secure-listen-address=:{{ .Values.selfMonitor.telemetryPort | default 8081 }} + - --upstream=http://127.0.0.1:{{ $telemetryPort }}/ + - --proxy-endpoints-port=8889 + - --config-file=/etc/kube-rbac-proxy-config/config-file.yaml + volumeMounts: + - name: kube-rbac-proxy-config + mountPath: /etc/kube-rbac-proxy-config + {{- with .Values.kubeRBACProxy.volumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} + imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }} + image: {{ include "kubeRBACProxy.image" . }} + ports: + - containerPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }} + name: metrics + - containerPort: 8889 + name: metrics-healthz + readinessProbe: + httpGet: + scheme: HTTPS + port: metrics-healthz + path: healthz + initialDelaySeconds: 5 + timeoutSeconds: 5 + {{- if .Values.kubeRBACProxy.resources }} + resources: +{{ toYaml .Values.kubeRBACProxy.resources | indent 10 }} +{{- end }} +{{- if .Values.kubeRBACProxy.containerSecurityContext }} + securityContext: +{{ toYaml .Values.kubeRBACProxy.containerSecurityContext | indent 10 }} +{{- end }} + {{- end }} + {{- end }} + {{- with .Values.containers }} + {{- toYaml . | nindent 6 }} + {{- end }} +{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- include "kube-state-metrics.imagePullSecrets" (dict "Values" .Values "imagePullSecrets" .Values.imagePullSecrets) | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: + {{- if kindIs "map" .Values.affinity }} + {{- toYaml .Values.affinity | nindent 8 }} + {{- else }} + {{- tpl .Values.affinity $ | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ tpl (toYaml .) $ | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ tpl (toYaml .) $ | indent 8 }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: +{{ toYaml .Values.topologySpreadConstraints | indent 8 }} + {{- end }} + {{- if or (.Values.kubeconfig.enabled) (.Values.customResourceState.enabled) (.Values.volumes) (.Values.kubeRBACProxy.enabled) }} + volumes: + {{- if .Values.kubeconfig.enabled}} + - name: kubeconfig + secret: + secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig + {{- end }} + {{- if .Values.kubeRBACProxy.enabled}} + - name: kube-rbac-proxy-config + configMap: + name: {{ template "kube-state-metrics.fullname" . }}-rbac-config + {{- end }} + {{- if .Values.customResourceState.enabled}} + - name: customresourcestate-config + configMap: + name: {{ template "kube-state-metrics.crsConfigMapName" . }} + {{- end }} + {{- if .Values.volumes }} +{{ toYaml .Values.volumes | indent 8 }} + {{- end }} + {{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/extra-manifests.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/extra-manifests.yaml new file mode 100644 index 00000000..567f7bf3 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/extra-manifests.yaml @@ -0,0 +1,4 @@ +{{ range .Values.extraManifests }} +--- +{{ tpl (toYaml .) $ }} +{{ end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/kubeconfig-secret.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/kubeconfig-secret.yaml new file mode 100644 index 00000000..6af00845 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/kubeconfig-secret.yaml @@ -0,0 +1,12 @@ +{{- if .Values.kubeconfig.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} +type: Opaque +data: + config: '{{ .Values.kubeconfig.secret }}' +{{- end -}} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/networkpolicy.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/networkpolicy.yaml new file mode 100644 index 00000000..abe292a7 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/networkpolicy.yaml @@ -0,0 +1,43 @@ +{{- if and .Values.networkPolicy.enabled (eq .Values.networkPolicy.flavor "kubernetes") }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + {{- if .Values.annotations }} + annotations: + {{ toYaml .Values.annotations | nindent 4 }} + {{- end }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +spec: + {{- if .Values.networkPolicy.egress }} + ## Deny all egress by default + egress: + {{- toYaml .Values.networkPolicy.egress | nindent 4 }} + {{- end }} + ingress: + {{- if .Values.networkPolicy.ingress }} + {{- toYaml .Values.networkPolicy.ingress | nindent 4 }} + {{- else }} + ## Allow ingress on default ports by default + - ports: + - port: http + protocol: TCP + {{- if .Values.selfMonitor.enabled }} + {{- $telemetryPort := ternary 9091 (.Values.selfMonitor.telemetryPort | default 8081) .Values.kubeRBACProxy.enabled}} + - port: {{ $telemetryPort }} + protocol: TCP + {{- end }} + {{- end }} + podSelector: + {{- if .Values.networkPolicy.podSelector }} + {{- toYaml .Values.networkPolicy.podSelector | nindent 4 }} + {{- else }} + matchLabels: + {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} + {{- end }} + policyTypes: + - Ingress + - Egress +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/pdb.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/pdb.yaml new file mode 100644 index 00000000..2d1e64b2 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/pdb.yaml @@ -0,0 +1,14 @@ +{{- if .Values.podDisruptionBudget -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} +{{ toYaml .Values.podDisruptionBudget | indent 2 }} +{{- end -}} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/rbac-configmap.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/rbac-configmap.yaml new file mode 100644 index 00000000..671dc9d6 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/rbac-configmap.yaml @@ -0,0 +1,22 @@ +{{- if .Values.kubeRBACProxy.enabled}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "kube-state-metrics.fullname" . }}-rbac-config + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + {{- if .Values.annotations }} + annotations: + {{ toYaml .Values.annotations | nindent 4 }} + {{- end }} +data: + config-file.yaml: |+ + authorization: + resourceAttributes: + namespace: {{ template "kube-state-metrics.namespace" . }} + apiVersion: v1 + resource: services + subresource: {{ template "kube-state-metrics.fullname" . }} + name: {{ template "kube-state-metrics.fullname" . }} +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/role.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/role.yaml new file mode 100644 index 00000000..4b6537b1 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/role.yaml @@ -0,0 +1,236 @@ +{{- if and (eq .Values.rbac.create true) (not .Values.rbac.useExistingRole) -}} +{{- range (ternary (join "," .Values.namespaces | split "," ) (list "") (eq $.Values.rbac.useClusterRole false)) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +{{- if eq $.Values.rbac.useClusterRole false }} +kind: Role +{{- else }} +kind: ClusterRole +{{- end }} +metadata: + labels: + {{- include "kube-state-metrics.labels" $ | indent 4 }} + name: {{ template "kube-state-metrics.fullname" $ }} +{{- if eq $.Values.rbac.useClusterRole false }} + namespace: {{ . }} +{{- end }} +rules: +{{ if has "certificatesigningrequests" $.Values.collectors }} +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] +{{ end -}} +{{ if has "configmaps" $.Values.collectors }} +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] +{{ end -}} +{{ if has "cronjobs" $.Values.collectors }} +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] +{{ end -}} +{{ if has "daemonsets" $.Values.collectors }} +- apiGroups: ["apps"] + resources: + - daemonsets + verbs: ["list", "watch"] +{{ end -}} +{{ if has "deployments" $.Values.collectors }} +- apiGroups: ["apps"] + resources: + - deployments + verbs: ["list", "watch"] +{{ end -}} +{{ if has "endpoints" $.Values.collectors }} +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] +{{ end -}} +{{ if has "endpointslices" $.Values.collectors }} +- apiGroups: ["discovery.k8s.io"] + resources: + - endpointslices + verbs: ["list", "watch"] +{{ end -}} +{{ if has "horizontalpodautoscalers" $.Values.collectors }} +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{ if has "ingresses" $.Values.collectors }} +- apiGroups: ["networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] +{{ end -}} +{{ if has "jobs" $.Values.collectors }} +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] +{{ end -}} +{{ if has "leases" $.Values.collectors }} +- apiGroups: ["coordination.k8s.io"] + resources: + - leases + verbs: ["list", "watch"] +{{ end -}} +{{ if has "limitranges" $.Values.collectors }} +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] +{{ end -}} +{{ if has "mutatingwebhookconfigurations" $.Values.collectors }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if has "namespaces" $.Values.collectors }} +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] +{{ end -}} +{{ if has "networkpolicies" $.Values.collectors }} +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] +{{ end -}} +{{ if has "ingressclasses" $.Values.collectors }} +- apiGroups: ["networking.k8s.io"] + resources: + - ingressclasses + verbs: ["list", "watch"] +{{ end -}} +{{ if has "clusterrolebindings" $.Values.collectors }} +- apiGroups: ["rbac.authorization.k8s.io"] + resources: + - clusterrolebindings + verbs: ["list", "watch"] +{{ end -}} +{{ if has "clusterroles" $.Values.collectors }} +- apiGroups: ["rbac.authorization.k8s.io"] + resources: + - clusterroles + verbs: ["list", "watch"] +{{ end -}} +{{ if has "roles" $.Values.collectors }} +- apiGroups: ["rbac.authorization.k8s.io"] + resources: + - roles + verbs: ["list", "watch"] +{{ end -}} +{{ if has "nodes" $.Values.collectors }} +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] +{{ end -}} +{{ if has "persistentvolumeclaims" $.Values.collectors }} +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] +{{ end -}} +{{ if has "persistentvolumes" $.Values.collectors }} +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] +{{ end -}} +{{ if has "poddisruptionbudgets" $.Values.collectors }} +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] +{{ end -}} +{{ if has "pods" $.Values.collectors }} +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] +{{ end -}} +{{ if has "replicasets" $.Values.collectors }} +- apiGroups: ["apps"] + resources: + - replicasets + verbs: ["list", "watch"] +{{ end -}} +{{ if has "replicationcontrollers" $.Values.collectors }} +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] +{{ end -}} +{{ if has "resourcequotas" $.Values.collectors }} +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] +{{ end -}} +{{ if has "secrets" $.Values.collectors }} +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] +{{ end -}} +{{ if has "services" $.Values.collectors }} +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] +{{ end -}} +{{ if has "statefulsets" $.Values.collectors }} +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] +{{ end -}} +{{ if has "storageclasses" $.Values.collectors }} +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] +{{ end -}} +{{ if has "validatingwebhookconfigurations" $.Values.collectors }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if has "volumeattachments" $.Values.collectors }} +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] +{{ end -}} +{{- if $.Values.kubeRBACProxy.enabled }} +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: + - subjectaccessreviews + verbs: ["create"] +{{- end }} +{{- if $.Values.customResourceState.enabled }} +- apiGroups: ["apiextensions.k8s.io"] + resources: + - customresourcedefinitions + verbs: ["list", "watch"] +{{- end }} +{{ if $.Values.rbac.extraRules }} +{{ toYaml $.Values.rbac.extraRules }} +{{ end }} +{{- end -}} +{{- end -}} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/rolebinding.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/rolebinding.yaml new file mode 100644 index 00000000..330651b7 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/rolebinding.yaml @@ -0,0 +1,24 @@ +{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}} +{{- range (join "," $.Values.namespaces) | split "," }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "kube-state-metrics.labels" $ | indent 4 }} + name: {{ template "kube-state-metrics.fullname" $ }} + namespace: {{ . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +{{- if (not $.Values.rbac.useExistingRole) }} + name: {{ template "kube-state-metrics.fullname" $ }} +{{- else }} + name: {{ $.Values.rbac.useExistingRole }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.serviceAccountName" $ }} + namespace: {{ template "kube-state-metrics.namespace" $ }} +{{- end -}} +{{- end -}} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/scrapeconfig.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/scrapeconfig.yaml new file mode 100644 index 00000000..028f3d18 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/scrapeconfig.yaml @@ -0,0 +1,60 @@ +{{- if .Values.prometheus.scrapeconfig.enabled }} +apiVersion: monitoring.coreos.com/v1alpha1 +kind: ScrapeConfig +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + {{- with .Values.prometheus.scrapeconfig.additionalLabels }} + {{- tpl (toYaml . | nindent 4) $ }} + {{- end }} + {{- with .Values.prometheus.scrapeconfig.annotations }} + annotations: + {{- tpl (toYaml . | nindent 4) $ }} + {{- end }} +spec: + {{- include "scrapeconfig.scrapeLimits" .Values.prometheus.scrapeconfig | indent 2 }} + staticConfigs: + - targets: + - {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc:{{ .Values.service.port }} + {{- if .Values.prometheus.scrapeconfig.staticConfigLabels}} + labels: + {{- with .Values.prometheus.scrapeconfig.staticConfigLabels }} + {{- tpl (toYaml . | nindent 8) $ }} + {{- end }} + {{- end }} +{{- if .Values.prometheus.scrapeconfig.jobName }} + jobName: {{ .Values.prometheus.scrapeconfig.jobName }} +{{- end }} +{{- if .Values.prometheus.scrapeconfig.honorLabels }} + honorLabels: true +{{- end }} +{{- if .Values.prometheus.scrapeconfig.scrapeInterval }} + scrapeInterval: {{ .Values.prometheus.scrapeconfig.scrapeInterval }} +{{- end }} +{{- if .Values.prometheus.scrapeconfig.scrapeTimeout }} + scrapeTimeout: {{ .Values.prometheus.scrapeconfig.scrapeTimeout }} +{{- end }} +{{- if .Values.prometheus.scrapeconfig.proxyUrl }} + proxyUrl: {{ .Values.prometheus.scrapeconfig.proxyUrl }} +{{- end }} +{{- if .Values.prometheus.scrapeconfig.enableHttp2 }} + enableHttp2: {{ .Values.prometheus.scrapeconfig.enableHttp2 }} +{{- end }} +{{- if .Values.prometheus.scrapeconfig.metricRelabelings }} + metricRelabelings: + {{- toYaml .Values.prometheus.scrapeconfig.metricRelabelings | nindent 4 }} +{{- end }} +{{- if .Values.prometheus.scrapeconfig.relabelings }} + relabelings: + {{- toYaml .Values.prometheus.scrapeconfig.relabelings | nindent 4 }} +{{- end }} +{{- if .Values.prometheus.scrapeconfig.scheme }} + scheme: {{ .Values.prometheus.scrapeconfig.scheme }} +{{- end }} +{{- if .Values.prometheus.scrapeconfig.tlsConfig }} + tlsConfig: + {{- toYaml (.Values.prometheus.scrapeconfig.tlsConfig ) | nindent 4 }} +{{- end }} +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/service.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/service.yaml new file mode 100644 index 00000000..4bfa7df3 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/service.yaml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + annotations: + {{- if .Values.prometheusScrape }} + prometheus.io/scrape: '{{ .Values.prometheusScrape }}' + {{- end }} + {{- if .Values.service.annotations }} + {{- toYaml .Values.service.annotations | nindent 4 }} + {{- end }} +spec: + type: "{{ .Values.service.type }}" + {{- if .Values.service.ipDualStack.enabled }} + ipFamilies: {{ toYaml .Values.service.ipDualStack.ipFamilies | nindent 4 }} + ipFamilyPolicy: {{ .Values.service.ipDualStack.ipFamilyPolicy }} + {{- end }} + ports: + - name: http + protocol: TCP + port: {{ .Values.service.port | default 8080}} + {{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + targetPort: http + {{ if .Values.selfMonitor.enabled }} + - name: metrics + protocol: TCP + port: {{ .Values.selfMonitor.telemetryPort | default 8081 }} + targetPort: metrics + {{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }} + nodePort: {{ .Values.selfMonitor.telemetryNodePort }} + {{- end }} + {{ end }} +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" +{{- end }} +{{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} +{{- if .Values.autosharding.enabled }} + clusterIP: None +{{- else if .Values.service.clusterIP }} + clusterIP: "{{ .Values.service.clusterIP }}" +{{- end }} + selector: + {{- include "kube-state-metrics.selectorLabels" . | indent 4 }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/serviceaccount.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/serviceaccount.yaml new file mode 100644 index 00000000..c302bc7c --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +metadata: + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + name: {{ template "kube-state-metrics.serviceAccountName" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- if .Values.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +{{- end }} +{{- if or .Values.serviceAccount.imagePullSecrets .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- include "kube-state-metrics.imagePullSecrets" (dict "Values" .Values "imagePullSecrets" .Values.serviceAccount.imagePullSecrets) | indent 2 }} +{{- end }} +{{- end -}} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/servicemonitor.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/servicemonitor.yaml new file mode 100644 index 00000000..99d7fa92 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/servicemonitor.yaml @@ -0,0 +1,120 @@ +{{- if .Values.prometheus.monitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + {{- with .Values.prometheus.monitor.additionalLabels }} + {{- tpl (toYaml . | nindent 4) $ }} + {{- end }} + {{- with .Values.prometheus.monitor.annotations }} + annotations: + {{- tpl (toYaml . | nindent 4) $ }} + {{- end }} +spec: + jobLabel: {{ default "app.kubernetes.io/name" .Values.prometheus.monitor.jobLabel }} + {{- with .Values.prometheus.monitor.targetLabels }} + targetLabels: + {{- toYaml . | trim | nindent 4 }} + {{- end }} + {{- with .Values.prometheus.monitor.podTargetLabels }} + podTargetLabels: + {{- toYaml . | trim | nindent 4 }} + {{- end }} + {{- include "servicemonitor.scrapeLimits" .Values.prometheus.monitor | indent 2 }} + {{- if .Values.prometheus.monitor.namespaceSelector }} + namespaceSelector: + matchNames: + {{- with .Values.prometheus.monitor.namespaceSelector }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + selector: + matchLabels: + {{- with .Values.prometheus.monitor.selectorOverride }} + {{- toYaml . | nindent 6 }} + {{- else }} + {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} + {{- end }} + endpoints: + - port: http + {{- if or .Values.prometheus.monitor.http.interval .Values.prometheus.monitor.interval }} + interval: {{ .Values.prometheus.monitor.http.interval | default .Values.prometheus.monitor.interval }} + {{- end }} + {{- if or .Values.prometheus.monitor.http.scrapeTimeout .Values.prometheus.monitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.prometheus.monitor.http.scrapeTimeout | default .Values.prometheus.monitor.scrapeTimeout }} + {{- end }} + {{- if or .Values.prometheus.monitor.http.proxyUrl .Values.prometheus.monitor.proxyUrl }} + proxyUrl: {{ .Values.prometheus.monitor.http.proxyUrl | default .Values.prometheus.monitor.proxyUrl }} + {{- end }} + {{- if or .Values.prometheus.monitor.http.enableHttp2 .Values.prometheus.monitor.enableHttp2 }} + enableHttp2: {{ .Values.prometheus.monitor.http.enableHttp2 | default .Values.prometheus.monitor.enableHttp2 }} + {{- end }} + {{- if or .Values.prometheus.monitor.http.honorLabels .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} + {{- if or .Values.prometheus.monitor.http.metricRelabelings .Values.prometheus.monitor.metricRelabelings }} + metricRelabelings: + {{- toYaml (.Values.prometheus.monitor.http.metricRelabelings | default .Values.prometheus.monitor.metricRelabelings) | nindent 8 }} + {{- end }} + {{- if or .Values.prometheus.monitor.http.relabelings .Values.prometheus.monitor.relabelings }} + relabelings: + {{- toYaml (.Values.prometheus.monitor.http.relabelings | default .Values.prometheus.monitor.relabelings) | nindent 8 }} + {{- end }} + {{- if or .Values.prometheus.monitor.http.scheme .Values.prometheus.monitor.scheme }} + scheme: {{ .Values.prometheus.monitor.http.scheme | default .Values.prometheus.monitor.scheme }} + {{- end }} + {{- if or .Values.prometheus.monitor.http.tlsConfig .Values.prometheus.monitor.tlsConfig }} + tlsConfig: + {{- toYaml (.Values.prometheus.monitor.http.tlsConfig | default .Values.prometheus.monitor.tlsConfig) | nindent 8 }} + {{- end }} + {{- if or .Values.prometheus.monitor.http.bearerTokenFile .Values.prometheus.monitor.bearerTokenFile }} + bearerTokenFile: {{ .Values.prometheus.monitor.http.bearerTokenFile | default .Values.prometheus.monitor.bearerTokenFile }} + {{- end }} + {{- with (.Values.prometheus.monitor.http.bearerTokenSecret | default .Values.prometheus.monitor.bearerTokenSecret) }} + bearerTokenSecret: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.selfMonitor.enabled }} + - port: metrics + {{- if or .Values.prometheus.monitor.metrics.interval .Values.prometheus.monitor.interval }} + interval: {{ .Values.prometheus.monitor.metrics.interval | default .Values.prometheus.monitor.interval }} + {{- end }} + {{- if or .Values.prometheus.monitor.metrics.scrapeTimeout .Values.prometheus.monitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.prometheus.monitor.metrics.scrapeTimeout | default .Values.prometheus.monitor.scrapeTimeout }} + {{- end }} + {{- if or .Values.prometheus.monitor.metrics.proxyUrl .Values.prometheus.monitor.proxyUrl }} + proxyUrl: {{ .Values.prometheus.monitor.metrics.proxyUrl | default .Values.prometheus.monitor.proxyUrl }} + {{- end }} + {{- if or .Values.prometheus.monitor.metrics.enableHttp2 .Values.prometheus.monitor.enableHttp2 }} + enableHttp2: {{ .Values.prometheus.monitor.metrics.enableHttp2 | default .Values.prometheus.monitor.enableHttp2 }} + {{- end }} + {{- if or .Values.prometheus.monitor.metrics.honorLabels .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} + {{- if or .Values.prometheus.monitor.metrics.metricRelabelings .Values.prometheus.monitor.metricRelabelings }} + metricRelabelings: + {{- toYaml (.Values.prometheus.monitor.metrics.metricRelabelings | default .Values.prometheus.monitor.metricRelabelings) | nindent 8 }} + {{- end }} + {{- if or .Values.prometheus.monitor.metrics.relabelings .Values.prometheus.monitor.relabelings }} + relabelings: + {{- toYaml (.Values.prometheus.monitor.metrics.relabelings | default .Values.prometheus.monitor.relabelings) | nindent 8 }} + {{- end }} + {{- if or .Values.prometheus.monitor.metrics.scheme .Values.prometheus.monitor.scheme }} + scheme: {{ .Values.prometheus.monitor.metrics.scheme | default .Values.prometheus.monitor.scheme }} + {{- end }} + {{- if or .Values.prometheus.monitor.metrics.tlsConfig .Values.prometheus.monitor.tlsConfig }} + tlsConfig: + {{- toYaml (.Values.prometheus.monitor.metrics.tlsConfig | default .Values.prometheus.monitor.tlsConfig) | nindent 8 }} + {{- end }} + {{- if or .Values.prometheus.monitor.metrics.bearerTokenFile .Values.prometheus.monitor.bearerTokenFile }} + bearerTokenFile: {{ .Values.prometheus.monitor.metrics.bearerTokenFile | default .Values.prometheus.monitor.bearerTokenFile }} + {{- end }} + {{- with (.Values.prometheus.monitor.metrics.bearerTokenSecret | default .Values.prometheus.monitor.bearerTokenSecret) }} + bearerTokenSecret: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/stsdiscovery-role.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/stsdiscovery-role.yaml new file mode 100644 index 00000000..489de147 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/stsdiscovery-role.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} + resources: + - statefulsets + verbs: + - get + - list + - watch +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/stsdiscovery-rolebinding.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/stsdiscovery-rolebinding.yaml new file mode 100644 index 00000000..73b37a4f --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/stsdiscovery-rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.serviceAccountName" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/verticalpodautoscaler.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/verticalpodautoscaler.yaml new file mode 100644 index 00000000..f46305b5 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/verticalpodautoscaler.yaml @@ -0,0 +1,44 @@ +{{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1") (.Values.verticalPodAutoscaler.enabled) }} +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} +spec: + {{- with .Values.verticalPodAutoscaler.recommenders }} + recommenders: + {{- toYaml . | nindent 4 }} + {{- end }} + resourcePolicy: + containerPolicies: + - containerName: {{ template "kube-state-metrics.name" . }} + {{- with .Values.verticalPodAutoscaler.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.verticalPodAutoscaler.controlledValues }} + controlledValues: {{ .Values.verticalPodAutoscaler.controlledValues }} + {{- end }} + {{- if .Values.verticalPodAutoscaler.maxAllowed }} + maxAllowed: + {{ toYaml .Values.verticalPodAutoscaler.maxAllowed | nindent 8 }} + {{- end }} + {{- if .Values.verticalPodAutoscaler.minAllowed }} + minAllowed: + {{ toYaml .Values.verticalPodAutoscaler.minAllowed | nindent 8 }} + {{- end }} + targetRef: + apiVersion: apps/v1 + {{- if .Values.autosharding.enabled }} + kind: StatefulSet + {{- else }} + kind: Deployment + {{- end }} + name: {{ template "kube-state-metrics.fullname" . }} + {{- with .Values.verticalPodAutoscaler.updatePolicy }} + updatePolicy: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/zzz/hull.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/zzz/hull.yaml new file mode 100644 index 00000000..17392446 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/templates/zzz/hull.yaml @@ -0,0 +1 @@ +{{- include "hull.objects.prepare.all" (dict "HULL_ROOT_KEY" "hull" "ROOT_CONTEXT" $) }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/values.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/values.yaml new file mode 100644 index 00000000..43d2aec9 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/kube-state-metrics-7.1.0/values.yaml @@ -0,0 +1,611 @@ +# Default values for kube-state-metrics. +prometheusScrape: true +image: + registry: registry.k8s.io + repository: kube-state-metrics/kube-state-metrics + # If unset use v + .Charts.appVersion + tag: "" + sha: "" + pullPolicy: IfNotPresent + +imagePullSecrets: [] +# - name: "image-pull-secret" + +global: + # To help compatibility with other charts which use global.imagePullSecrets. + # Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). + # global: + # imagePullSecrets: + # - name: pullSecret1 + # - name: pullSecret2 + # or + # global: + # imagePullSecrets: + # - pullSecret1 + # - pullSecret2 + imagePullSecrets: [] + # + # Allow parent charts to override registry hostname + imageRegistry: "" + +# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data +# will be automatically sharded across <.Values.replicas> pods using the built-in +# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding +# This is an experimental feature and there are no stability guarantees. +autosharding: + enabled: false + +replicas: 1 + +# Change the deployment strategy when autosharding is disabled. +# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +# The default is "RollingUpdate" as per Kubernetes defaults. +# During a release, 'RollingUpdate' can lead to two running instances for a short period of time while 'Recreate' can create a small gap in data. +# updateStrategy: Recreate + +# Number of old history to retain to allow rollback +# Default Kubernetes value is set to 10 +revisionHistoryLimit: 10 + +# List of additional cli arguments to configure kube-state-metrics +# for example: --enable-gzip-encoding, --log-file, etc. +# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/main/docs/developer/cli-arguments.md +extraArgs: [] + +# If false then the user will opt out of automounting API credentials. +automountServiceAccountToken: true + +service: + port: 8080 + # Default to clusterIP for backward compatibility + type: ClusterIP + ipDualStack: + enabled: false + ipFamilies: ["IPv6", "IPv4"] + ipFamilyPolicy: "PreferDualStack" + nodePort: 0 + loadBalancerIP: "" + # Only allow access to the loadBalancerIP from these IPs + loadBalancerSourceRanges: [] + clusterIP: "" + annotations: {} + +## Additional labels to add to all resources +customLabels: {} + # app: kube-state-metrics + +## Override selector labels +selectorOverride: {} + +## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box +releaseLabel: false + +hostNetwork: false + +rbac: + # If true, create & use RBAC resources + create: true + + # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here. + # useExistingRole: your-existing-role + + # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to) + useClusterRole: true + + # Add permissions for CustomResources' apiGroups in Role/ClusterRole. Should be used in conjunction with Custom Resource State Metrics configuration + # Example: + # - apiGroups: ["monitoring.coreos.com"] + # resources: ["prometheuses"] + # verbs: ["list", "watch"] + extraRules: [] + +# Configure kube-rbac-proxy. When enabled, creates one kube-rbac-proxy container per exposed HTTP endpoint (metrics and telemetry if enabled). +# The requests are served through the same service but requests are then HTTPS. +kubeRBACProxy: + enabled: false + image: + registry: quay.io + repository: brancz/kube-rbac-proxy + tag: v0.20.2 + sha: "" + pullPolicy: IfNotPresent + + # This set --ignore-paths=/livez,/readyz to kubeRBACProxy container args + # to allow the pod probes working properly with kubeRBACProxy enabled. + ignoreProbePaths: true + + # List of additional cli arguments to configure kube-rbac-prxy + # for example: --tls-cipher-suites, --log-file, etc. + # all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage + extraArgs: [] + + ## Specify security settings for a Container + ## Allows overrides and additional options compared to (Pod) securityContext + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + containerSecurityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + + # Configure specific upstream port for kube-state-metrics container + port: 9090 + # Configure specific proxy endpoints port + # This port is for healthz on readinessProbe kube-rbac-proxy-http container + proxyEndpointsPort: 8888 + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + + ## volumeMounts enables mounting custom volumes in rbac-proxy containers + ## Useful for TLS certificates and keys + volumeMounts: [] + # - mountPath: /etc/tls + # name: kube-rbac-proxy-tls + # readOnly: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created, require rbac true + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + # Reference to one or more secrets to be used when pulling images + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + imagePullSecrets: [] + # ServiceAccount annotations. + # Use case: AWS EKS IAM roles for service accounts + # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html + annotations: {} + # If false then the user will opt out of automounting API credentials. + automountServiceAccountToken: true + +# Additional Environment variables +env: [] + # - name: GOMAXPROCS + # valueFrom: + # resourceFieldRef: + # resource: limits.cpu + +prometheus: + monitor: + enabled: false + annotations: {} + additionalLabels: {} + namespace: "" + namespaceSelector: [] + jobLabel: "" + targetLabels: [] + podTargetLabels: [] + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 + + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + selectorOverride: {} + + ## kube-state-metrics endpoint + http: + interval: "" + scrapeTimeout: "" + proxyUrl: "" + ## Whether to enable HTTP2 for servicemonitor + enableHttp2: false + honorLabels: false + metricRelabelings: [] + relabelings: [] + scheme: "" + ## File to read bearer token for scraping targets + bearerTokenFile: "" + ## Secret to mount to read bearer token for scraping targets. The secret needs + ## to be in the same namespace as the service monitor and accessible by the + ## Prometheus Operator + bearerTokenSecret: {} + # name: secret-name + # key: key-name + tlsConfig: {} + + ## selfMonitor endpoint + metrics: + interval: "" + scrapeTimeout: "" + proxyUrl: "" + ## Whether to enable HTTP2 for servicemonitor + enableHttp2: false + honorLabels: false + metricRelabelings: [] + relabelings: [] + scheme: "" + ## File to read bearer token for scraping targets + bearerTokenFile: "" + ## Secret to mount to read bearer token for scraping targets. The secret needs + ## to be in the same namespace as the service monitor and accessible by the + ## Prometheus Operator + bearerTokenSecret: {} + # name: secret-name + # key: key-name + tlsConfig: {} + ## Create a scrapeConfig resource for scraping the kube-state-metrics service. Use this instead of serviceMonitor + ## to have more instances of kube-state-metrics safety. + scrapeconfig: + ## To avoid duplicate metrics, first disable the serviceMonitor creation via prometheus.monitor.enabled=false + enabled: false + annotations: {} + additionalLabels: {} + jobName: kube-state-metrics + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 + + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + + ## StaticConfigLabels defines the labels to be used in the Prometheus static configuration for scraping. + staticConfigLabels: {} + scrapeInterval: "" + scrapeTimeout: "" + proxyUrl: "" + ## Whether to enable HTTP2 for scrapeconfig + enableHttp2: false + honorLabels: true + metricRelabelings: [] + relabelings: [] + scheme: "" + tlsConfig: {} + +## Configure network policy for kube-state-metrics +networkPolicy: + enabled: false + # networkPolicy.flavor -- Flavor of the network policy to use. + # Can be: + # * kubernetes for networking.k8s.io/v1/NetworkPolicy + # * cilium for cilium.io/v2/CiliumNetworkPolicy + flavor: kubernetes + + ## Configure the cilium network policy kube-apiserver selector + # cilium: + # kubeApiServerSelector: + # - toEntities: + # - kube-apiserver + + # egress: + # - {} + # ingress: + # - {} + # podSelector: + # matchLabels: + # app.kubernetes.io/name: kube-state-metrics + +securityContext: + enabled: true + runAsGroup: 65534 + runAsUser: 65534 + fsGroup: 65534 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + +## Specify security settings for a Container +## Allows overrides and additional options compared to (Pod) securityContext +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +containerSecurityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +## Affinity settings for pod assignment +## Can be defined as either a dict or string. String is useful for `tpl` templating. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +affinity: {} +# affinity: | +# podAntiAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# - labelSelector: +# matchLabels: +# {{- include "kube-state-metrics.selectorLabels" . | indent 10 }} +# topologyKey: kubernetes.io/hostname + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +## Topology spread constraints for pod assignment +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +topologySpreadConstraints: [] + +# Annotations to be added to the deployment/statefulset +annotations: {} + +# Labels to be added to the deployment/statefulset +labels: {} + +# Annotations to be added to the pod +podAnnotations: {} + +# Labels to be added to the pod +podLabels: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: "" + +# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} + +# Comma-separated list of metrics to be exposed. +# This list comprises of exact metric names and/or regex patterns. +# The allowlist and denylist are mutually exclusive. +metricAllowlist: [] + +# Comma-separated list of metrics not to be enabled. +# This list comprises of exact metric names and/or regex patterns. +# The allowlist and denylist are mutually exclusive. +metricDenylist: [] + +# Comma-separated list of additional Kubernetes label keys that will be used in the resource's +# labels metric. By default the metric contains only name and namespace labels. +# To include additional labels, provide a list of resource names in their plural form and Kubernetes +# label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'. +# A single '*' can be provided per resource instead to allow any labels, but that has +# severe performance implications (Example: '=pods=[*]'). +metricLabelsAllowlist: [] + # - namespaces=[k8s-label-1,k8s-label-n] + +# Comma-separated list of Kubernetes annotations keys that will be used in the resource' +# labels metric. By default the metric contains only name and namespace labels. +# To include additional annotations provide a list of resource names in their plural form and Kubernetes +# annotation keys you would like to allow for them (Example: '=namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...)'. +# A single '*' can be provided per resource instead to allow any annotations, but that has +# severe performance implications (Example: '=pods=[*]'). +metricAnnotationsAllowList: [] + # - pods=[k8s-annotation-1,k8s-annotation-n] + +# Available collectors for kube-state-metrics. +# By default, all available resources are enabled, comment out to disable. +collectors: + - certificatesigningrequests + - configmaps + - cronjobs + - daemonsets + - deployments + - endpointslices + - horizontalpodautoscalers + - ingresses + - jobs + - leases + - limitranges + - mutatingwebhookconfigurations + - namespaces + - networkpolicies + - nodes + - persistentvolumeclaims + - persistentvolumes + - poddisruptionbudgets + - pods + - replicasets + - replicationcontrollers + - resourcequotas + - secrets + - services + - statefulsets + - storageclasses + - validatingwebhookconfigurations + - volumeattachments + # - ingressclasses + # - clusterrolebindings + # - clusterroles + # - roles + +# Enabling kubeconfig will pass the --kubeconfig argument to the container +kubeconfig: + enabled: false + # base64 encoded kube-config file + secret: + +# Enabling support for customResourceState, will create a configMap including your config that will be read from kube-state-metrics +customResourceState: + # Whether to enable support for CustomResourceStateMetrics. + enabled: false + + # Whether to create the ConfigMap that holds the config. + create: true + + # Name of the ConfigMap that holds the config. If empty, name will be generated based on the release name. + name: "" + + # ConfigMap key that holds the config. + key: config.yaml + + # Definition of the CustomResourceStateMetrics. Add (Cluster)Role permissions to list/watch the resources defined in the config to rbac.extraRules. + config: {} + +# Enable only the release namespace for collecting resources. By default all namespaces are collected. +# If releaseNamespace and namespaces are both set a merged list will be collected. +releaseNamespace: false + +# Comma-separated list(string) or yaml list of namespaces to be enabled for collecting resources. By default all namespaces are collected. +namespaces: "" + +# Comma-separated list of namespaces not to be enabled. If namespaces and namespaces-denylist are both set, +# only namespaces that are excluded in namespaces-denylist will be used. +namespacesDenylist: "" + +## Override the deployment namespace +## +namespaceOverride: "" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + +# Enable self metrics configuration for service and Service Monitor +# Default values for telemetry configuration can be overridden +# If you set telemetryNodePort, you must also set service.type to NodePort +selfMonitor: + enabled: false + # telemetryHost: 0.0.0.0 + # telemetryPort: 8081 + # telemetryNodePort: 0 + +# Enable vertical pod autoscaler support for kube-state-metrics +verticalPodAutoscaler: + enabled: false + + # Recommender responsible for generating recommendation for the object. + # List should be empty (then the default recommender will generate the recommendation) + # or contain exactly one recommender. + # recommenders: [] + # - name: custom-recommender-performance + + # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + controlledResources: [] + # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits. + # controlledValues: RequestsAndLimits + + # Define the max allowed resources for the pod + maxAllowed: {} + # cpu: 200m + # memory: 100Mi + # Define the min allowed resources for the pod + minAllowed: {} + # cpu: 200m + # memory: 100Mi + + # updatePolicy: + # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction + # minReplicas: 1 + # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates + # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto". + # updateMode: Auto + +# volumeMounts are used to add custom volume mounts to deployment. +# See example below +volumeMounts: [] +# - mountPath: /etc/config +# name: config-volume + +# volumes are used to add custom volumes to deployment +# See example below +volumes: [] +# - configMap: +# name: cm-for-volume +# name: config-volume + +# Extra manifests to deploy as an array +extraManifests: [] + # - apiVersion: v1 + # kind: ConfigMap + # metadata: + # labels: + # name: prometheus-extra + # data: + # extra-data: "value" + +## Containers allows injecting additional containers. +containers: [] + # - name: crd-init + # image: kiwigrid/k8s-sidecar:latest + +## InitContainers allows injecting additional initContainers. +initContainers: [] + # - name: crd-sidecar + # image: kiwigrid/k8s-sidecar:latest + +## dnsPolicy allows to change the default DNS configuration for the pod +## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy +dnsPolicy: ClusterFirst + +## dnsConfig allows setting up specific DNS configuration for the pod +## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config +dnsConfig: {} + +## Settings for startup, liveness and readiness probes +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ +## + +## Startup probe can optionally be enabled. +## +startupProbe: + enabled: false + failureThreshold: 3 + httpGet: + httpHeaders: [] + scheme: http + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + +## Liveness probe +## +livenessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: [] + scheme: http + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + +## Readiness probe +## +readinessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: [] + scheme: http + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/.helmignore b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/.helmignore new file mode 100644 index 00000000..2846d361 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj + +ci/ diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/Chart.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/Chart.yaml new file mode 100644 index 00000000..2e7a3839 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +appVersion: v0.17.1 +description: A Helm chart for prometheus postgres-exporter +home: https://github.com/prometheus-community/postgres_exporter +keywords: +- postgresql +- prometheus +- exporter +maintainers: +- email: gianrubio@gmail.com + name: gianrubio + url: https://github.com/gianrubio +- email: zanhsieh@gmail.com + name: zanhsieh + url: https://github.com/zanhsieh +- email: rootsandtrees@posteo.de + name: zeritti + url: https://github.com/zeritti +name: prometheus-postgres-exporter +sources: +- https://github.com/prometheus-community/postgres_exporter +type: application +version: 7.0.0 diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/README.md b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/README.md new file mode 100644 index 00000000..cc810901 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/README.md @@ -0,0 +1,152 @@ +# Prometheus Postgres Exporter + +Prometheus exporter for [PostgreSQL](https://www.postgresql.org/about/servers/) server metrics. + +This chart bootstraps a Prometheus [Postgres exporter](https://github.com/prometheus-community/postgres_exporter) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.16+ +- Helm 3+ + +## Get Repository Info + +```console +helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +helm install [RELEASE_NAME] prometheus-community/prometheus-postgres-exporter +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +helm upgrade [RELEASE_NAME] prometheus-community/prometheus-postgres-exporter --install +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### To 7.0.0 + +Labels and selectors have been replaced following [Helm 3 label and annotation best practices](https://helmsh/docs/chart_best_practices/labels/): + +| Previous | Current | +|---------------------|------------------------------| +| app | app.kubernetes.io/name | +| chart | helm.sh/chart | +| [none] | app.kubernetes.io/version | +| heritage | [none] | +| release | app.kubernetes.io/instance | + +As the change is affecting immutable selector labels, the deployment must be deleted before upgrading the release, e.g.: + +```console +kubectl delete deploy -l app=prometheus-postgres-exporter --cascade=orphan +``` + +Once the resources have been deleted, you can upgrade the release: + +```console +helm upgrade -i RELEASE_NAME prometheus-community/prometheus-postgres-exporter +``` + +### To 6.0.0 + +Image repository has been split into two values: the new `image.registry` value and the already existing `image.repository` value. No change is required when using the default for `image.repository`. If you have previously modified field `image.repository`, please, set the two fields accordingly. + +### To 5.0.0 + +Deprecated options `auto-discover-databases`, `constantLabels`, `exclude-databases` & `include-databases` has been removed. +Deprecated custom query config has been removed. +Deprecated PodSecurityPolicy and K8S beta API versions have been removed. +Chart.yaml appVersion field is used as default image tag. +Labels are templated now. +Add default securityContext and PodSecurityContext. +LivenessProbe timeout has been raised to 3. + +### To 4.6.0 + +This release adds functionality to template the variables inside `config.datasource` by means of allowing the `tpl` function in the resources that make use of it. This functionality is useful when you want to do sub-charting (e.g. in a postgres chart) and you want to avoid the duplication of variables inside `config.datasource`. + +Compared to the previous release (4.5.0) the only thing that changed is the fact that you can no longer leave the `config.datasource.host` variable blank. Leaving it blank could cause errors with the `tpl` function. However, the default value was changed to `''` so this error is not expected to happen. + +### To 4.0.0 + +This release removes the `pg_database` query from `config.queries` as it has been converted to a built-in collector +in postgres_exporter v0.11.0. Any customizations to the removed query are now rendered useless and thus should be removed. + +### To 3.0.0 + +This release introduces changes to accommodate Postgres 13 or newer versions by default. +Older Postgres instances have now to overwrite the `pg_stat_statements` query of `config.queries` with following +selection: + +```postgresql +SELECT t2.rolname, + t3.datname, + queryid, + calls, + total_time / 1000 as total_time_seconds, + min_time / 1000 as min_time_seconds, + max_time / 1000 as max_time_seconds, + mean_time / 1000 as mean_time_seconds, + stddev_time / 1000 as stddev_time_seconds, + rows, + shared_blks_hit, + shared_blks_read, + shared_blks_dirtied, + shared_blks_written, + local_blks_hit, + local_blks_read, + local_blks_dirtied, + local_blks_written, + temp_blks_read, + temp_blks_written, + blk_read_time / 1000 as blk_read_time_seconds, + blk_write_time / 1000 as blk_write_time_seconds +FROM pg_stat_statements t1 + JOIN pg_roles t2 ON (t1.userid = t2.oid) + JOIN pg_database t3 ON (t1.dbid = t3.oid) +WHERE t2.rolname != 'rdsadmin' + AND queryid IS NOT NULL ` +``` + +### To 2.0.0 + +The primary change in 2.0.0 is the Chart API from v1 to v2. This now requires Helm3. +Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. +Use the workaround below to upgrade from versions previous to 2.0.0. The following example assumes that the release name +is prometheus-postgres-exporter: + +```console +kubectl patch deployment prometheus-postgres-exporter --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' +``` + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). +To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run this command: + +```console +helm show values prometheus-community/prometheus-postgres-exporter +``` diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/NOTES.txt b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/NOTES.txt new file mode 100644 index 00000000..a7bce03d --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/NOTES.txt @@ -0,0 +1,15 @@ +1. Get the application URL by running these commands: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus-postgres-exporter.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "prometheus-postgres-exporter.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus-postgres-exporter.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus-postgres-exporter.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:9187 --namespace {{ .Release.Namespace }} +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/_helpers.tpl b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/_helpers.tpl new file mode 100644 index 00000000..56ae00e2 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/_helpers.tpl @@ -0,0 +1,79 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "prometheus-postgres-exporter.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "prometheus-postgres-exporter.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "prometheus-postgres-exporter.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "prometheus-postgres-exporter.labels" -}} +helm.sh/chart: {{ include "prometheus-postgres-exporter.chart" . }} +{{ include "prometheus-postgres-exporter.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if .Values.commonLabels}} +{{ toYaml .Values.commonLabels }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "prometheus-postgres-exporter.selectorLabels" -}} +app.kubernetes.io/name: {{ include "prometheus-postgres-exporter.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "prometheus-postgres-exporter.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "prometheus-postgres-exporter.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Define the prometheus-postgres-exporter.namespace template if set with namespaceOverride or .Release.Namespace is set +*/}} +{{- define "prometheus-postgres-exporter.namespace" -}} + {{- default .Release.Namespace .Values.namespaceOverride -}} +{{- end }} + +{{/* +Set DATA_SOURCE_URI environment variable +*/}} +{{- define "prometheus-postgres-exporter.data_source_uri" -}} +{{ printf "%s:%d/%s?sslmode=%s&%s" (tpl .Values.config.datasource.host .) (tpl .Values.config.datasource.port . | int) (tpl .Values.config.datasource.database .) (tpl .Values.config.datasource.sslmode .) (tpl .Values.config.datasource.extraParams .) | trimSuffix "&" | quote }} +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/configmap.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/configmap.yaml new file mode 100644 index 00000000..d0054cfc --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.config.postgresExporter }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "prometheus-postgres-exporter.fullname" . }} + namespace: {{ include "prometheus-postgres-exporter.namespace" . }} + labels: + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} +data: + postgres_exporter.yml: | + {{ tpl .Values.config.postgresExporter . | nindent 4 }} +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/deployment.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/deployment.yaml new file mode 100644 index 00000000..904dcb77 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/deployment.yaml @@ -0,0 +1,208 @@ +{{- if and .Values.config.datasource.passwordSecret .Values.config.datasource.password -}} +{{ fail (printf "ERROR: only one of .Values.config.datasource.passwordSecret and .Values.config.datasource.password must be defined") }} +{{- end -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "prometheus-postgres-exporter.fullname" . }} + namespace: {{ include "prometheus-postgres-exporter.namespace" . }} + labels: + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} + {{- with .Values.deployment.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.deployment.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "prometheus-postgres-exporter.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "prometheus-postgres-exporter.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + {{- with .Values.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} + serviceAccountName: {{ template "prometheus-postgres-exporter.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- if .Values.initContainers }} + initContainers: +{{ toYaml .Values.initContainers | indent 8 }} +{{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - name: {{ template "prometheus-postgres-exporter.name" . }} + args: + - "--config.file=/etc/postgres_exporter.yml" + - "--web.listen-address=:{{ .Values.service.targetPort }}" + {{- if .Values.config.disableCollectorDatabase }} + - "--no-collector.database" + {{- end }} + {{- if .Values.config.disableCollectorBgwriter }} + - "--no-collector.stat_bgwriter" + {{- end }} + {{- if .Values.config.disableDefaultMetrics }} + - "--disable-default-metrics" + {{- end }} + {{- if .Values.config.disableSettingsMetrics }} + - "--disable-settings-metrics" + {{- end }} + {{- if .Values.config.logLevel }} + - "--log.level={{ .Values.config.logLevel }}" + {{- end}} + {{- if .Values.config.logFormat }} + - "--log.format={{ .Values.config.logFormat }}" + {{- end}} + {{- if .Values.config.extraArgs }} + {{- .Values.config.extraArgs | toYaml | nindent 10 }} + {{- end }} + env: + {{- if .Values.config.datasourceSecret }} + - name: DATA_SOURCE_NAME + valueFrom: + secretKeyRef: + name: {{ tpl .Values.config.datasourceSecret.name . }} + key: {{ tpl .Values.config.datasourceSecret.key . }} + {{- else }} + - name: DATA_SOURCE_URI + value: {{ template "prometheus-postgres-exporter.data_source_uri" . }} + {{- if .Values.config.datasource.userSecret }} + - name: DATA_SOURCE_USER + valueFrom: + secretKeyRef: + name: {{ tpl .Values.config.datasource.userSecret.name . }} + key: {{ tpl .Values.config.datasource.userSecret.key . }} + {{- else }} + {{- if .Values.config.datasource.userFile }} + - name: DATA_SOURCE_USER_FILE + value: {{ tpl .Values.config.datasource.userFile . }} + {{- else }} + - name: DATA_SOURCE_USER + value: {{ tpl .Values.config.datasource.user . }} + {{- end }} + {{- end }} + {{- if .Values.config.datasource.pgpassfile }} + - name: PGPASSFILE + value: {{ tpl .Values.config.datasource.pgpassfile . }} + - name: DATA_SOURCE_PASS + value: "" + {{- else }} + {{- if .Values.config.datasource.passwordFile }} + - name: DATA_SOURCE_PASS_FILE + value: {{ tpl .Values.config.datasource.passwordFile . }} + {{- else }} + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + {{- if .Values.config.datasource.passwordSecret }} + name: {{ tpl .Values.config.datasource.passwordSecret.name . }} + key: {{ tpl .Values.config.datasource.passwordSecret.key . }} + {{- else }} + name: {{ template "prometheus-postgres-exporter.fullname" . }} + key: data_source_password + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.extraEnvs }} + {{- if kindIs "map" . }} + {{- range $name, $value := . }} + - name: {{ $name }} + value: {{ tpl $value $ | quote }} + {{- end }} + {{- end }} + {{- if kindIs "slice" . -}} + {{ toYaml . | nindent 10 }} + {{- end }} + {{- end }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.command }} + command: + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.service.targetPort }} + protocol: TCP + {{- with .Values.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + {{- if or .Values.config.postgresExporter .Values.config.existingSecret.enabled }} + - name: postgres-exporter + mountPath: /etc/postgres_exporter.yml + subPath: postgres_exporter.yml + {{- end }} + {{- with .Values.extraVolumeMounts }} + {{ toYaml . | nindent 12 }} + {{- end }} +{{- with .Values.extraContainers }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- if .Values.hostAliases }} + hostAliases: +{{ toYaml .Values.hostAliases | indent 8 }} +{{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} +{{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} +{{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + {{- if .Values.config.postgresExporter }} + - configMap: + defaultMode: 420 + name: {{ template "prometheus-postgres-exporter.fullname" . }} + name: postgres-exporter + {{- else if .Values.config.existingSecret.enabled }} + - secret: + defaultMode: 420 + secretName: {{ .Values.config.existingSecret.name }} + name: postgres-exporter + {{ end}} + + {{- with .Values.extraVolumes }} + {{ toYaml . | nindent 6 }} + {{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/extra-manifests.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/extra-manifests.yaml new file mode 100644 index 00000000..567f7bf3 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/extra-manifests.yaml @@ -0,0 +1,4 @@ +{{ range .Values.extraManifests }} +--- +{{ tpl (toYaml .) $ }} +{{ end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/networkpolicy.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/networkpolicy.yaml new file mode 100644 index 00000000..b3579ac5 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/networkpolicy.yaml @@ -0,0 +1,21 @@ +{{- if .Values.networkPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "prometheus-postgres-exporter.fullname" . }} + namespace: {{ include "prometheus-postgres-exporter.namespace" . }} + labels: + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} + {{- if .Values.networkPolicy.labels }} + {{ toYaml .Values.networkPolicy.labels | indent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "prometheus-postgres-exporter.selectorLabels" . | nindent 6 }} + policyTypes: + - Ingress + ingress: + - ports: + - port: {{ .Values.service.targetPort }} +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/pdb.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/pdb.yaml new file mode 100644 index 00000000..f72676f8 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/pdb.yaml @@ -0,0 +1,14 @@ +{{- if .Values.podDisruptionBudget.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ template "prometheus-postgres-exporter.fullname" . }} + namespace: {{ include "prometheus-postgres-exporter.namespace" . }} + labels: + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} +spec: + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + selector: + matchLabels: + {{- include "prometheus-postgres-exporter.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/prometheusrule.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/prometheusrule.yaml new file mode 100644 index 00000000..88e933e2 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/prometheusrule.yaml @@ -0,0 +1,18 @@ +{{- if .Values.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "prometheus-postgres-exporter.fullname" . }} + namespace: {{ .Values.prometheusRule.namespace | default (include "prometheus-postgres-exporter.namespace" .) }} + labels: + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} +{{- with .Values.prometheusRule.additionalLabels }} +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- with .Values.prometheusRule.rules }} + groups: + - name: {{ template "prometheus-postgres-exporter.name" $ }} + rules: {{ tpl (toYaml .) $ | nindent 8 }} +{{- end }} +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/role.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/role.yaml new file mode 100644 index 00000000..6353b1ad --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/role.yaml @@ -0,0 +1,9 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "prometheus-postgres-exporter.fullname" . }} + namespace: {{ include "prometheus-postgres-exporter.namespace" . }} + labels: + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/rolebinding.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/rolebinding.yaml new file mode 100644 index 00000000..4167181c --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/rolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "prometheus-postgres-exporter.fullname" . }} + namespace: {{ include "prometheus-postgres-exporter.namespace" . }} + labels: + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "prometheus-postgres-exporter.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "prometheus-postgres-exporter.serviceAccountName" . }} +{{- end -}} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/secrets.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/secrets.yaml new file mode 100644 index 00000000..bc20e587 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/secrets.yaml @@ -0,0 +1,12 @@ +{{- if not (or .Values.config.datasource.passwordSecret .Values.config.datasourceSecret .Values.config.datasource.passwordFile ) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "prometheus-postgres-exporter.fullname" . }} + namespace: {{ include "prometheus-postgres-exporter.namespace" . }} + labels: + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} +type: Opaque +data: + data_source_password: {{ tpl (.Values.config.datasource.password | default "somepaswword") . | b64enc }} +{{- end -}} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/service.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/service.yaml new file mode 100644 index 00000000..f912a02a --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "prometheus-postgres-exporter.fullname" . }} + namespace: {{ include "prometheus-postgres-exporter.namespace" . }} + {{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels | trim | indent 4 }} +{{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + protocol: TCP + name: {{ .Values.service.name }} + selector: + {{- include "prometheus-postgres-exporter.selectorLabels" . | nindent 4 }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/serviceaccount.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/serviceaccount.yaml new file mode 100644 index 00000000..e8ffc32f --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} +metadata: + name: {{ template "prometheus-postgres-exporter.serviceAccountName" . }} + namespace: {{ include "prometheus-postgres-exporter.namespace" . }} + labels: + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} + {{- if .Values.serviceAccount.annotations }} + annotations: + {{ toYaml .Values.serviceAccount.annotations }} + {{- end }} +{{- end -}} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/servicemonitor.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/servicemonitor.yaml new file mode 100644 index 00000000..edaf626a --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/servicemonitor.yaml @@ -0,0 +1,103 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: +{{- if .Values.serviceMonitor.labels }} + labels: + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} +{{ toYaml .Values.serviceMonitor.labels | indent 4}} +{{- end }} + name: {{ template "prometheus-postgres-exporter.fullname" . }} + namespace: {{ .Values.serviceMonitor.namespace | default (include "prometheus-postgres-exporter.namespace" .) }} +spec: +{{- if .Values.serviceMonitor.multipleTarget.enabled }} + endpoints: + {{- range .Values.serviceMonitor.multipleTarget.targets }} + - path: /probe + port: {{ $.Values.service.name }} + {{- if $.Values.serviceMonitor.interval }} + interval: {{ $.Values.serviceMonitor.interval }} + {{- end }} + {{- if $.Values.serviceMonitor.timeout }} + scrapeTimeout: {{ $.Values.serviceMonitor.timeout }} + {{- end }} + {{- if $.Values.serviceMonitor.scheme }} + scheme: {{ $.Values.serviceMonitor.scheme }} + {{- end }} + {{- with $.Values.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 6 }} + {{- end }} + metricRelabelings: + - action: replace + replacement: {{ .endpoint }} + sourceLabels: [instance] + targetLabel: instance + - action: replace + replacement: {{ .name }} + sourceLabels: [target] + targetLabel: target + {{- if $.Values.serviceMonitor.metricRelabelings -}} + {{ toYaml $.Values.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if $.Values.serviceMonitor.relabelings }} + relabelings: {{ toYaml $.Values.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + params: + target: + {{- if .databaseName }} + - {{ .endpoint }}:{{ .port | default 5432 }}/{{ .databaseName | default "" }} + {{- else }} + - {{ .endpoint }}:{{ .port | default 5432 }} + {{- end }} + {{- if $.Values.serviceMonitor.multipleTarget.sharedAuthModule.enabled }} + auth_module: + - {{ $.Values.serviceMonitor.multipleTarget.sharedAuthModule.name }} + {{- else }} + auth_module: + - client.{{ .name }} + {{- end }} + {{- end }} +{{- end }} +{{- if not .Values.serviceMonitor.multipleTarget.enabled }} + endpoints: + - port: {{ .Values.service.name }} +{{- if .Values.serviceMonitor.interval }} + interval: {{ .Values.serviceMonitor.interval }} +{{- end }} +{{- if .Values.serviceMonitor.telemetryPath }} + path: {{ .Values.serviceMonitor.telemetryPath }} +{{- end }} +{{- if .Values.serviceMonitor.scheme }} + scheme: {{ .Values.serviceMonitor.scheme }} +{{- end }} +{{- if .Values.serviceMonitor.timeout }} + scrapeTimeout: {{ .Values.serviceMonitor.timeout }} +{{- end }} +{{- if .Values.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ toYaml .Values.serviceMonitor.metricRelabelings | indent 4 }} +{{- end }} +{{- if .Values.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.serviceMonitor.relabelings | nindent 4 }} +{{- end }} +{{- with .Values.serviceMonitor.tlsConfig }} + tlsConfig: +{{- toYaml . | nindent 6 }} +{{- end }} +{{- end }} + jobLabel: {{ template "prometheus-postgres-exporter.fullname" . }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "prometheus-postgres-exporter.selectorLabels" . | nindent 6 }} +{{- if .Values.serviceMonitor.targetLabels }} + targetLabels: +{{- range .Values.serviceMonitor.targetLabels }} + - {{ . }} +{{- end }} +{{- end }} +{{- end }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/zzz/hull.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/zzz/hull.yaml new file mode 100644 index 00000000..17392446 --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/templates/zzz/hull.yaml @@ -0,0 +1 @@ +{{- include "hull.objects.prepare.all" (dict "HULL_ROOT_KEY" "hull" "ROOT_CONTEXT" $) }} diff --git a/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/values.yaml b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/values.yaml new file mode 100644 index 00000000..28e3738f --- /dev/null +++ b/hull/files/test/HULL/sources/chartmods/subcharts/charts/prometheus-postgres-exporter-7.0.0/values.yaml @@ -0,0 +1,302 @@ +replicaCount: 1 + +image: + registry: quay.io + repository: prometheuscommunity/postgres-exporter + # if not set appVersion field from Chart.yaml is used + tag: "" + pullPolicy: IfNotPresent + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + +command: [] + +service: + type: ClusterIP + port: 80 + targetPort: 9187 + name: http + labels: {} + annotations: {} + +automountServiceAccountToken: false + +serviceMonitor: + # When set true then use a ServiceMonitor to configure scraping + enabled: false + # Set the namespace the ServiceMonitor should be deployed + # namespace: monitoring + # Set how frequently Prometheus should scrape + # interval: 30s + # Set path to cloudwatch-exporter telemtery-path + # telemetryPath: /metrics + # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator + # labels: + # Set timeout for scrape + # timeout: 10s + # Set of labels to transfer from the Kubernetes Service onto the target + # targetLabels: [] + # MetricRelabelConfigs to apply to samples before ingestion + # metricRelabelings: [] + # Set relabel_configs as per https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + # relabelings: [] + # HTTP scheme to use for scraping. For example `http` or `https`. Default is `http`. + # scheme: http + # TLS configuration to use when scraping the metric endpoint by Prometheus. + # tlsConfig: {} + + # Use multipleTarget mode + multipleTarget: + enabled: false + # Use the same auth module for every target + # The config file should have a section like [$name] + sharedAuthModule: + enabled: false + name: "" + + # Define each target's endpoint and name + # When not using sharedAuthModule the config file should have one authModule for each target with key "client.$name" + targets: [] + # - endpoint: pg01.local + # name: pg01 (there needs to exist an authModule with key "client.pg01" if not using sharedAuthModule) + # port: default 5432 + # databaseName: default '' (Set the database name to connect to) + +prometheusRule: + enabled: false + additionalLabels: {} + namespace: "" + rules: [] + ## These are just examples rules, please adapt them to your needs. + ## Make sure to constraint the rules to the current prometheus-postgres-exporter service. + # - alert: HugeReplicationLag + # expr: pg_replication_lag{service="{{ template "prometheus-postgres-exporter.fullname" . }}"} / 3600 > 1 + # for: 1m + # labels: + # severity: critical + # annotations: + # description: replication for {{ template "prometheus-postgres-exporter.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + # summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + +priorityClassName: "" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + # Add annotations to the ServiceAccount, useful for EKS IAM Roles for Service Accounts or Google Workload Identity. + annotations: {} + +# Force namespace of namespaced resources +namespaceOverride: "" + +# Add a default ingress to allow namespace access to service.targetPort +# Helpful if other NetworkPolicies are configured in the namespace +networkPolicy: + # Specifies whether a NetworkPolicy should be created + enabled: false + # Set labels for the NetworkPolicy + labels: {} + +# The securityContext of the pod. +# See https://kubernetes.io/docs/concepts/policy/security-context/ for more. +podSecurityContext: + runAsGroup: 1001 + runAsUser: 1001 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + +# The securityContext of the container. +# See https://kubernetes.io/docs/concepts/policy/security-context/ for more. +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + +hostAliases: [] + # Set Host Aliases as per https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ + # - ip: "127.0.0.1" + # hostnames: + # - "foo.local" + # - "bar.local" + +config: + ## The datasource properties on config are passed through helm tpl function. + ## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function + datasource: + # Specify one of both datasource or datasourceSecret + host: '' + user: postgres + # Specify userFile if DB username is stored in a file. + # For example, to use with vault-injector from Hashicorp + userFile: '' + userSecret: {} + # Secret name + # name: + # User key inside secret + # key: + # Only one of password, passwordFile, passwordSecret and pgpassfile can be specified + password: + # Specify passwordFile if DB password is stored in a file. + # For example, to use with vault-injector from Hashicorp + passwordFile: '' + # Specify passwordSecret if DB password is stored in secret. + passwordSecret: {} + # Secret name + # name: + # Password key inside secret + # key: + pgpassfile: '' + # If pgpassfile is set, it is used to initialize the PGPASSFILE environment variable. + # See https://www.postgresql.org/docs/14/libpq-pgpass.html for more info. + port: "5432" + database: '' + sslmode: disable + extraParams: '' + datasourceSecret: {} + # Specifies if datasource should be sourced from secret value in format: postgresql://login:password@hostname:port/dbname?sslmode=disable + # Multiple Postgres databases can be configured by comma separated postgres connection strings + # Secret name + # name: + # Connection string key inside secret + # key: + disableCollectorDatabase: false + disableCollectorBgwriter: false + disableDefaultMetrics: false + disableSettingsMetrics: false + + # possible values debug, info, warn, error, fatal + logLevel: "" + # possible values logfmt, json + logFormat: "" + extraArgs: [] + + # postgres_exporter.yml + postgresExporter: "" + # auth_modules: + # first: + # type: userpass + # userpass: + # username: first + # password: firstpass + # options: + # sslmode: disable + + # define an existing secret to be mounted as the config file + # needs to have the key 'postgres_exporter.yml' + existingSecret: + enabled: false + name: "" + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +annotations: {} + +podLabels: {} + +# Configurable probes. If TLS client authentication is enabled at the exporter, TCP probe must be used. +livenessProbe: + httpGet: + path: / + port: http + scheme: HTTP + # tcpSocket: + # port: http + timeoutSeconds: 3 + +readinessProbe: + httpGet: + path: / + port: http + scheme: HTTP + # tcpSocket: + # port: http + timeoutSeconds: 1 + +# Labels and annotations to attach to the deployment resource +deployment: + labels: {} + annotations: {} + +# ExtraEnvs +extraEnvs: [] + # - name: EXTRA_ENV + # value: value + # - name: POD_NAMESPACE + # valueFrom: + # fieldRef: + # fieldPath: metadata.namespace + +# Init containers, e. g. for secrets creation before the exporter +initContainers: [] + # - name: + # image: + # volumeMounts: + # - name: creds + # mountPath: /creds + +# Additional sidecar containers, e. g. for a database proxy, such as Google's cloudsql-proxy +extraContainers: [] + +# Additional volumes, e. g. for secrets used in an extraContainer +extraVolumes: [] +# Uncomment for mounting custom ca-certificates +# - name: ssl-certs +# secret: +# defaultMode: 420 +# items: +# - key: ca-certificates.crt +# path: ca-certificates.crt +# secretName: ssl-certs + +# Additional volume mounts +extraVolumeMounts: [] +# Uncomment for mounting custom ca-certificates file into container +# - name: ssl-certs +# mountPath: /etc/ssl/certs/ca-certificates.crt +# subPath: ca-certificates.crt + +## Extra manifests to deploy as an array +extraManifests: [] + # - apiVersion: v1 + # kind: ConfigMap + # metadata: + # labels: + # name: postgres-exporter-extra + # data: + # extra-data: "value" + +podDisruptionBudget: + enabled: false + maxUnavailable: 1 diff --git a/hull/files/test/HULL/specs/concepts/prepare.cpt b/hull/files/test/HULL/specs/concepts/prepare.cpt index 945f2cee..533dd0ef 100644 --- a/hull/files/test/HULL/specs/concepts/prepare.cpt +++ b/hull/files/test/HULL/specs/concepts/prepare.cpt @@ -2,18 +2,27 @@ * Fill data store with kind and case -# Prepare test case for kind with test chart and values file including suites +# Prepare test case for kind with test chart and values file including suites and chartmods -* Fill data store with kind , case , chart and suites +* Fill data store with kind , case , chart and suites and chartmods * Clean the test execution folder * Copy folders to test execution folder +# Prepare test case for kind with test chart and values file including suites + +* Prepare test case for kind with test chart and values file including suites and chartmods "" + # Prepare default test case for this kind with test chart and values file including suites -* Fill data store with chart and suites +* Fill data store with chart and suites and chartmods "" * Clean the test execution folder * Copy folders to test execution folder +# Prepare default test case for this kind with test chart and values file including suites and chartmods + +* Fill data store with chart and suites and chartmods +* Clean the test execution folder +* Copy folders to test execution folder # Prepare test case for kind with test chart and values file * Prepare test case for kind with test chart and values file including suites "" @@ -22,6 +31,10 @@ * Prepare test case for kind with test chart "hull-test" and values file including suites "" +# Prepare test case for kind and values file with chartmods + +* Prepare test case for kind with test chart "hull-test" and values file "values_file" including suites "" and chartmods + # Prepare test case for kind and values file including suites * Prepare test case for kind with test chart "hull-test" and values file including suites @@ -53,17 +66,32 @@ # Lint and Render to namespace * Lint and Render values file "values.hull.yaml" to namespace +# Render to namespace +* Render values file "values.hull.yaml" to namespace + # Lint and Render * Lint and Render to namespace "default" +# Render +* Render to namespace "default" + # Lint and Render values file * Lint the templates for values file to namespace "default" * Render the templates for values file to test execution folder and namespace "default" * Fill data store with rendered objects +# Render values file +* Render the templates for values file to test execution folder and namespace "default" +* Fill data store with rendered objects + # Lint and Render values file to namespace * Lint the templates for values file to namespace * Render the templates for values file to test execution folder and namespace * Fill data store with rendered objects +# Render values file to namespace +* Render the templates for values file to test execution folder and namespace +* Fill data store with rendered objects + + diff --git a/hull/files/test/HULL/specs/configmap.spec b/hull/files/test/HULL/specs/configmap.spec index b229ee77..e5eeecd7 100644 --- a/hull/files/test/HULL/specs/configmap.spec +++ b/hull/files/test/HULL/specs/configmap.spec @@ -72,14 +72,14 @@ Test creation of objects and features. * Test Object has key "data§key_with_dots_in_it" with value "hello dots!" ## Undefined Handling -* Begin Tests for Helm version "3" +* Begin Tests for Helm versions regex "^(?!3\\.19\\.5$)(?!3\\.20\\.[0-9]$)(3)\\.\\d+\\.\\d+$" * Lint and Render values file "values_undefined.hull.yaml" * Set test object to "release-name-hull-test-test-get-undefined-variants" * Test Object has key "data§bool_undefined" with value "" * Test Object has key "data§string_undefined" with value "" * Test Object has key "data§number_undefined" with value "" * End Tests for specific Helm version -* Begin Tests for Helm version "4" +* Begin Tests for Helm versions regex "^(3\\.19\\.5|3\\.20\\.\\d+|4\\.\\d+\\.\\d+)$" * Fail to render the templates for additional values file "values_undefined.hull.yaml" to test execution folder because error contains "[HULL failed with error HULL-GET-TRANSFORMATION-REFERENCE-INVALID: Element bool_undefined in path hull.config.specific.bool_undefined was not found]" * Fail to render the templates for additional values file "values_undefined.hull.yaml" to test execution folder because error contains "[HULL failed with error HULL-GET-TRANSFORMATION-REFERENCE-INVALID: Element number_undefined in path hull.config.specific.number_undefined was not found]" * Fail to render the templates for additional values file "values_undefined.hull.yaml" to test execution folder because error contains "[HULL failed with error HULL-GET-TRANSFORMATION-REFERENCE-INVALID: Element string_undefined in path hull.config.specific.string_undefined was not found]" diff --git a/hull/files/test/HULL/specs/ingress.spec b/hull/files/test/HULL/specs/ingress.spec index 11cb0ba5..8bcc788c 100644 --- a/hull/files/test/HULL/specs/ingress.spec +++ b/hull/files/test/HULL/specs/ingress.spec @@ -48,6 +48,40 @@ Test creation of objects and features. * Set test object to "release-name-hull-test-stream" * Test Object has key "metadata§annotations§ingress.kubernetes.io/rewrite-target" with value "/dash" +## External templates +* Prepare default test case for this kind with test chart "hull-test" and values file "values" including suites "" and chartmods "externaltemplates" +* Lint and Render values file "values_external_templates.hull.yaml" + +* Set test object to "referencegrants.gateway.networking.k8s.io" of kind "CustomResourceDefinition" +* Test Object has key "spec§versions§0§schema§openAPIV3Schema§properties§apiVersion§default" with value "1.2.3.4.5" + +## Subchart shared global variables +* Prepare default test case for this kind with test chart "hull-test" and values file "values_subcharts" including suites "" and chartmods "subcharts" +* Lint and Render values file "values_subcharts.hull.yaml" + +* Set test object to "release-name-hull-test-test-global" +* Test Object has key "spec§rules§0§http§paths§0§backend§service§port§number" with integer value "111" + +* Set test object to "release-name-kube-state-metrics" of kind "Service" +* Test Object has key "spec§ports§0§port" with integer value "333" +* Test Object has key "spec§type" with value "NodePort" +* Test Object has key "metadata§annotations§annotation_1" with value "Global Annotation 1" +* Test Object has key "metadata§annotations§annotation_2" with value "Global Annotation 2" +* Test Object has key "spec§clusterIP" with value "123.345.431.543" +* Test Object has key "spec§ipFamilies§0" with value "IPv6" +* Test Object has key "spec§ipFamilies§1" with value "IPv4" +* Test Object has key "spec§ipFamilyPolicy" with value "PreferDualStack" + +* Set test object to "release-name-prometheus-postgres-exporter" of kind "Service" +* Test Object has key "spec§ports§0§port" with integer value "333" +* Test Object has key "spec§type" with value "LoadBalancer" +* Test Object has key "metadata§annotations§annotation_1" with value "Global Annotation 1" +* Test Object has key "metadata§annotations§annotation_2" with value "Global Annotation 2" +* Test Object has key "metadata§annotations§annotation_3" with value "Local Annotation 1" +* Test Object has key "metadata§annotations§annotation_4" with value "Local Annotation 2" +* Test Object has key "spec§ports§0§targetPort" with integer value "333" + + ___ * Clean the test execution folder \ No newline at end of file diff --git a/hull/files/test/HULL/specs/secret.spec b/hull/files/test/HULL/specs/secret.spec index 7c2ecea9..679b58f8 100644 --- a/hull/files/test/HULL/specs/secret.spec +++ b/hull/files/test/HULL/specs/secret.spec @@ -72,14 +72,14 @@ Test creation of objects and features. * Test Object has key "data§key_with_dots_in_it" with Base64 encoded value of "hello dots!" ## Undefined Handling -* Begin Tests for Helm version "3" +* Begin Tests for Helm versions regex "^(?!3\\.19\\.5$)(?!3\\.20\\.[0-9]$)(3)\\.\\d+\\.\\d+$" * Lint and Render values file "values_undefined.hull.yaml" * Set test object to "release-name-hull-test-test-get-undefined-variants" * Test Object has key "data§bool_undefined" with Base64 encoded value of "" * Test Object has key "data§string_undefined" with Base64 encoded value of "" * Test Object has key "data§number_undefined" with Base64 encoded value of "" * End Tests for specific Helm version -* Begin Tests for Helm version "4" +* Begin Tests for Helm versions regex "^(3\\.19\\.5|3\\.20\\.\\d+|4\\.\\d+\\.\\d+)$" * Fail to render the templates for additional values file "values_undefined.hull.yaml" to test execution folder because error contains "[HULL failed with error HULL-GET-TRANSFORMATION-REFERENCE-INVALID: Element bool_undefined in path hull.config.specific.bool_undefined was not found]" * Fail to render the templates for additional values file "values_undefined.hull.yaml" to test execution folder because error contains "[HULL failed with error HULL-GET-TRANSFORMATION-REFERENCE-INVALID: Element number_undefined in path hull.config.specific.number_undefined was not found]" * Fail to render the templates for additional values file "values_undefined.hull.yaml" to test execution folder because error contains "[HULL failed with error HULL-GET-TRANSFORMATION-REFERENCE-INVALID: Element string_undefined in path hull.config.specific.string_undefined was not found]" diff --git a/hull/files/test/HULL/step_impl/tools.py b/hull/files/test/HULL/step_impl/tools.py index 1c26ded3..27eb4e9d 100644 --- a/hull/files/test/HULL/step_impl/tools.py +++ b/hull/files/test/HULL/step_impl/tools.py @@ -32,16 +32,20 @@ def fill_data_store_with_kind_and_case(kind, case): data_store.scenario.kind = kind data_store.scenario.case = case.lower() -@step("Fill data store with chart and suites ") -def fill_data_store_with_chart_and_suites(chart, suites): +@step("Fill data store with chart and suites and chartmods ") +def fill_data_store_with_chart_and_suites_and_chartmods(chart, suites, chartmods): if SKIPPING_TESTS: return data_store.scenario.chart = chart - s = list() + suites_list = list() if not suites == "": - s = suites.split(',') - s.append("basic") - data_store.scenario.suites = s + suites_list = suites.split(',') + suites_list.append("basic") + data_store.scenario.suites = suites_list + chartmods_list = list() + if not chartmods == "": + chartmods_list = chartmods.split(',') + data_store.scenario.chartmods = chartmods_list def fill_data_store_with_environment_info(): if SKIPPING_TESTS: @@ -59,12 +63,12 @@ def fill_data_store_with_environment_info(): data_store.scenario.environment[BASIC_OBJECTS_COUNT] = int(yaml.safe_load(file)['basic']) -@step("Fill data store with kind , case , chart and suites ") -def fill_data_store(kind, case, chart, suites): +@step("Fill data store with kind , case , chart and suites and chartmods ") +def fill_data_store(kind, case, chart, suites, chartmods): if SKIPPING_TESTS: return fill_data_store_with_kind_and_case(kind, case) - fill_data_store_with_chart_and_suites(chart, suites) + fill_data_store_with_chart_and_suites_and_chartmods(chart, suites, chartmods) fill_data_store_with_environment_info() @step("Copy folders to test execution folder") @@ -73,17 +77,17 @@ def copy_folders_to_TEST_EXECUTION_FOLDER(): return copy_the_test_suites_source_folders_to_TEST_EXECUTION_FOLDER() copy_the_test_source_folder_to_TEST_EXECUTION_FOLDER() - copy_the_test_chart_folders_to(data_store.scenario.case, data_store.scenario.chart) + copy_the_test_chart_folders_to(data_store.scenario.case, data_store.scenario.chart, data_store.scenario.chartmods) copy_the_hull_chart_files_to_test_execution_folder() @step("Copy the test source folder to test execution folder") def copy_the_test_source_folder_to_TEST_EXECUTION_FOLDER(): if SKIPPING_TESTS: return - copy_the_test_chart_folders_to(data_store.scenario.case, data_store.scenario.chart) + copy_the_test_chart_folders_to(data_store.scenario.case, data_store.scenario.chart, data_store.scenario.chartmods) @step("Copy the test source folder for case and chart to test execution folder") -def copy_the_test_chart_folders_to(case, chart): +def copy_the_test_chart_folders_to(case, chart, chartmods): if SKIPPING_TESTS: return dir_path = os.path.dirname(os.path.realpath(__file__)) @@ -93,6 +97,9 @@ def copy_the_test_chart_folders_to(case, chart): try: copytree(src_path_case, dst_path) copytree(src_path_chart, dst_path) + for chartmod in chartmods: + src_path_chartmod = os.path.join(dir_path,'./../sources/chartmods/', chartmod) + copytree(src_path_chartmod, dst_path, overwrite=True) except Exception as e: print(f"Failed to copy {src_path_case} and {src_path_chart} to {dst_path}", e.__str__, "occurred.") assert False @@ -143,7 +150,6 @@ def copy_the_suite_source_folder_for_case_and_chart_and_suite_to_TEST_EXECUTION_ assert False assert True - @step("Clean the test execution folder") def delete_the_TEST_EXECUTION_FOLDER(): if SKIPPING_TESTS: @@ -652,6 +658,17 @@ def begin_tests_for_helm_version(helm_version): SKIPPING_TESTS = not response.strip("'").startswith(f"v{helm_version}") print('STDOUT:\n', response) +@step("Begin Tests for Helm versions regex ") +def begin_tests_for_helm_versions_regex(regex): + global SKIPPING_TESTS + args = (HELM_BINARY, "version", "--template='{{.Version}}'") + popen = subprocess.run(args, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + response = popen.stdout.decode("utf-8").replace("\n",os.linesep) + compiled = re.compile(regex) + SKIPPING_TESTS = not compiled.match(response.strip("'")[1:]) + print(f'STDOUT:\nHelm Version {response} was checked against regex {regex}, skipping tests: {SKIPPING_TESTS}') + + @step("End Tests for specific Helm version") def end_tests_for_helm_version(): global SKIPPING_TESTS @@ -751,16 +768,16 @@ def render_chart(case, chart, values_files, namespace): print('STDERR:\n', popen.stderr.decode("utf-8").replace("\n",os.linesep) if popen.stderr is not None else "") return popen -def copytree(src, dst, symlinks=False, ignore=None): +def copytree(src, dst, overwrite=False, symlinks=False, ignore=None): if not os.path.exists(dst): os.makedirs(dst) for item in os.listdir(src): s = os.path.join(src, item) d = os.path.join(dst, item) if os.path.isdir(s): - copytree(s, d, symlinks, ignore) + copytree(s, d, overwrite, symlinks, ignore) else: - if not os.path.exists(d) or os.stat(s).st_mtime - os.stat(d).st_mtime > 1: + if not os.path.exists(d) or overwrite or os.stat(s).st_mtime - os.stat(d).st_mtime > 1: copyfile(os.path.dirname(s), os.path.basename(s), os.path.dirname(d)) def copy_yaml(src_dir, src_filename, dst_path): @@ -789,10 +806,23 @@ def copyfile(src_dir, src_filename, dst_dir): def get_objects(case, chart): dir_path = os.path.dirname(os.path.realpath(__file__)) rendered_files_folder = os.path.join(dir_path, TEST_EXECUTION_FOLDER, 'case', case, 'rendered', chart, 'templates') - rendered_file_path = os.path.join(dir_path, TEST_EXECUTION_FOLDER, 'case', case, 'rendered', chart, 'templates', 'hull.yaml') - + rendered_files = [] + for entry in os.listdir(rendered_files_folder): + if os.path.isfile(os.path.join(rendered_files_folder, entry)): + rendered_files.append(entry) + if os.path.isdir(os.path.join(rendered_files_folder, entry)): + for subentry in os.listdir(os.path.join(rendered_files_folder, entry)): + rendered_files.append(os.path.join(rendered_files_folder, entry, subentry)) + + if os.path.exists(os.path.join(dir_path, TEST_EXECUTION_FOLDER, 'case', case, 'rendered', chart, 'charts')): + additional_folders = os.path.join(dir_path, TEST_EXECUTION_FOLDER, 'case', case, 'rendered', chart, 'charts') + for folder in os.listdir(additional_folders): + if os.path.isdir(os.path.join(additional_folders, folder, 'templates')): + for additional_rendered_file in os.listdir(os.path.join(additional_folders, folder, 'templates')): + rendered_files.append(os.path.join(additional_folders, folder, 'templates', additional_rendered_file)) + items = [] - for file in os.listdir(rendered_files_folder): + for file in rendered_files: with open(os.path.join(rendered_files_folder, file), encoding='utf-8', newline='\n') as file_in: item = None diff --git a/hull/templates/_objects.tpl b/hull/templates/_objects.tpl index 4a5d53e9..02bd6f8a 100644 --- a/hull/templates/_objects.tpl +++ b/hull/templates/_objects.tpl @@ -93,7 +93,6 @@ metadata: {{- $allObjects = merge $allObjects (dict "ClusterRoleBinding" (dict "HULL_TEMPLATE" $template "API_VERSION" "rbac.authorization.k8s.io/v1" "PARENT_TEMPLATE" "this.emptynamespace")) }} {{- $allObjects = merge $allObjects (dict "Role" (dict "HULL_TEMPLATE" $template "API_VERSION" "rbac.authorization.k8s.io/v1" "DYNAMIC_FIELDS" (dict "rules" "hull.object.base.role.rules"))) }} {{- $allObjects = merge $allObjects (dict "ClusterRole" (dict "HULL_TEMPLATE" $template "API_VERSION" "rbac.authorization.k8s.io/v1" "PARENT_TEMPLATE" "this.emptynamespace" "DYNAMIC_FIELDS" (dict "rules" "hull.object.base.role.rules"))) }} -{{- /* {{- /* ### Load custom objects @@ -117,12 +116,24 @@ metadata: {{- $hullRootKey := default "hull" (index . "HULL_ROOT_KEY") -}} {{- $rootContext := (index . "ROOT_CONTEXT") -}} {{- $allObjects := (index . "HULL_OBJECTS") -}} -{{- $rendered := include "hull.util.transformation" (dict "PARENT_CONTEXT" $rootContext "SOURCE" $rootContext.Values.hull "HULL_ROOT_KEY" $hullRootKey "SOURCE_PATH" (list "hull")) | fromYaml }} -{{- if gt ((index $rootContext.Values $hullRootKey).config.general.render.passes | int) 1 -}} -{{- range $i, $e := untilStep 1 ((index $rootContext.Values $hullRootKey).config.general.render.passes | int) 1 -}} -{{- $rendered = include "hull.util.transformation" (dict "PARENT_CONTEXT" $rootContext "SOURCE" $rootContext.Values.hull "HULL_ROOT_KEY" $hullRootKey "SOURCE_PATH" (list "hull")) | fromYaml }} +{{- $renderPasses := dig "config" "general" "render" "passes" 3 (default dict (index $rootContext.Values $hullRootKey)) -}} +{{- $transformationScope := $rootContext.Values -}} +{{- $transformationScopeKey := "Values" -}} +{{- $rendered := include "hull.util.transformation" (dict "PARENT_CONTEXT" $rootContext "SOURCE" $transformationScope "HULL_ROOT_KEY" $hullRootKey "SOURCE_PATH" (list $transformationScopeKey)) | fromYaml }} +{{- if gt ($renderPasses | int) 1 -}} +{{- range $i, $e := untilStep 1 ($renderPasses | int) 1 -}} +{{- $rendered = include "hull.util.transformation" (dict "PARENT_CONTEXT" $rootContext "SOURCE" $transformationScope "HULL_ROOT_KEY" $hullRootKey "SOURCE_PATH" (list $transformationScopeKey)) | fromYaml }} {{- end -}} {{- end -}} + +{{- /* +### Set to true to render debug info +*/ -}} +{{- if false }} +type: {{ typeOf $transformationScope }} +scopeKey: {{ $transformationScopeKey }} +{{ $rootContext | toYaml }} +{{- else -}} {{- $errorMessages := "" }} {{- range $objectType, $objectTypeSpec := $allObjects }} {{- $lowerObjectType := $objectType | lower }} @@ -134,6 +145,11 @@ metadata: {{- if (hasKey $objectTypeSpec "API_VERSION") }} {{- $apiVersion = $objectTypeSpec.API_VERSION }} {{- end }} + +{{- /* +### If we dont have any hull root key we skip the rest. hull.yaml may just be used to render transformations +*/ -}} +{{- if (hasKey $rootContext.Values $hullRootKey) }} {{- $enabledDefault := (index (index $rootContext.Values $hullRootKey).objects $lowerObjectType)._HULL_OBJECT_TYPE_DEFAULT_.enabled -}} {{- $hullTemplate := "" }} {{- if (hasKey $objectTypeSpec "HULL_TEMPLATE") }} @@ -234,4 +250,6 @@ metadata: {{- if (ne $errorMessages "") -}} {{- fail $errorMessages -}} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/hull/templates/_util_transformations.tpl b/hull/templates/_util_transformations.tpl index 2f0b1444..cb6b4e1e 100644 --- a/hull/templates/_util_transformations.tpl +++ b/hull/templates/_util_transformations.tpl @@ -18,7 +18,7 @@ {{- $shortForms = set $shortForms "_HT^" (list "hull.util.transformation.makefullname" "COMPONENT") -}} {{- $shortForms = set $shortForms "_HT&" (list "hull.util.transformation.selector" "COMPONENT") -}} {{- $shortForms = set $shortForms "_HT/" (list "hull.util.transformation.include" "CONTENT") -}} -{{- if typeIs "map[string]interface {}" $source -}} +{{- if (or (typeIs "map[string]interface {}" $source) (typeIs "chartutil.Values" $source) (typeIs "common.Values" $source)) -}} {{- range $key,$value := $source -}} {{- $sourcePathKey := append $sourcePath $key }} {{- if typeIs "map[string]interface {}" $value -}} @@ -202,6 +202,35 @@ +{{- /* +| Purpose: +| +| Get object instance key and object type values +| +| Interface: +| +| PARENT_CONTEXT: The Parent charts context +| REFERENCE: The key in dot-notation for which the value should be retrieved +| +*/ -}} +{{- define "hull.util.transformation.getobjectvalues" -}} +{{- $parent := (index . "PARENT_CONTEXT") -}} +{{- $hullRootKey := default "hull" (index . "HULL_ROOT_KEY") -}} +{{- $sourcePath := default list (index . "SOURCE_PATH") -}} +{{- $result := dict "OBJECT_TYPE" "" "OBJECT_INSTANCE_KEY" "" -}} +{{- if (gt (len $sourcePath) 4) -}} +{{- if (eq (index $sourcePath 1) $hullRootKey) -}} +{{- if (eq (index $sourcePath 2) "objects") -}} +{{- $_ := set $result "OBJECT_TYPE" (index $sourcePath 3) -}} +{{- $_ := set $result "OBJECT_INSTANCE_KEY" (index $sourcePath 4) -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- toYaml $result -}} +{{- end -}} + + + {{- /* | Purpose: | @@ -222,15 +251,11 @@ {{- $key := (index . "KEY") -}} {{- $reference := (index . "REFERENCE") -}} {{- $sourcePath := default list (index . "SOURCE_PATH") -}} +{{- $hullRootKey := default "hull" (index . "HULL_ROOT_KEY") -}} {{- $returnTemplateString := default false (index . "RETURN_TEMPLATE_STRING") -}} -{{- $objectType := "" -}} -{{- $objectInstanceKey := "" -}} -{{- if (gt (len $sourcePath) 3) -}} -{{ if (eq (index $sourcePath 1) "objects") -}} -{{- $objectType = index $sourcePath 2 -}} -{{- $objectInstanceKey = index $sourcePath 3 -}} -{{- end -}} -{{- end -}} +{{- $objectValues := (include "hull.util.transformation.getobjectvalues" .) | fromYaml -}} +{{- $objectType := index $objectValues "OBJECT_TYPE" -}} +{{- $objectInstanceKey := index $objectValues "OBJECT_INSTANCE_KEY" -}} {{- $templateString := "(index . \"$\").Values" }} {{- $current := $parent.Values -}} {{- if hasPrefix "*" $reference -}} @@ -310,10 +335,10 @@ {{- if $returnTemplateString -}} {{- include "hull.util.error.message" (dict "ERROR_TYPE" "HULL-GET-TRANSFORMATION-REFERENCE-INVALID" "ERROR_MESSAGE" $details) -}} {{- else -}} -{{- if $parent.Values.hull.config.general.debug.renderBrokenHullGetTransformationReferences -}} +{{- if dig "config" "general" "debug" "renderBrokenHullGetTransformationReferences" true (default dict (index $parent.Values $hullRootKey)) -}} {{ $key }}: BROKEN-HULL-GET-TRANSFORMATION-REFERENCE:Element {{ $brokenPart }} in path {{ $reference }} was not found {{- else }} -{{- if $parent.Values.hull.config.general.errorChecks.hullGetTransformationReferenceValid -}} +{{- if dig "config" "general" "errorChecks" "hullGetTransformationReferenceValid" true (default dict (index $parent.Values $hullRootKey)) -}} {{- $key }}: {{ include "hull.util.error.message" (dict "ERROR_TYPE" "HULL-GET-TRANSFORMATION-REFERENCE-INVALID" "ERROR_MESSAGE" $details) -}} {{- else -}} {{- $key }}: "" @@ -486,15 +511,11 @@ {{- $key := (index . "KEY") -}} {{- $content := (index . "CONTENT") -}} {{- $parent := (index . "PARENT_CONTEXT") -}} +{{- $hullRootKey := default "hull" (index . "HULL_ROOT_KEY") -}} {{- $sourcePath := default list (index . "SOURCE_PATH") -}} -{{- $objectType := "" -}} -{{- $objectInstanceKey := "" -}} -{{- if (gt (len $sourcePath) 3) -}} -{{ if (eq (index $sourcePath 1) "objects") -}} -{{- $objectType = index $sourcePath 2 -}} -{{- $objectInstanceKey = index $sourcePath 3 -}} -{{- end -}} -{{- end -}} +{{- $objectValues := (include "hull.util.transformation.getobjectvalues" .) | fromYaml -}} +{{- $objectType := index $objectValues "OBJECT_TYPE" -}} +{{- $objectInstanceKey := index $objectValues "OBJECT_INSTANCE_KEY" -}} {{- $serializer := "" }} {{- $getValue := include "hull.util.transformation.serialize.get" (dict "VALUE" $content) | fromYaml -}} {{- $serializer := "" -}} @@ -613,17 +634,13 @@ {{- $key := (index . "KEY") -}} {{- $content := (index . "CONTENT") -}} {{- $parent := (index . "PARENT_CONTEXT") -}} +{{- $hullRootKey := default "hull" (index . "HULL_ROOT_KEY") -}} {{- $sourcePath := default list (index . "SOURCE_PATH") -}} {{- $returnTemplateString := default false (index . "RETURN_TEMPLATE_STRING") -}} {{- $serializer := "" -}} -{{- $objectType := "" -}} -{{- $objectInstanceKey := "" -}} -{{- if (gt (len $sourcePath) 3) -}} -{{ if (eq (index $sourcePath 1) "objects") -}} -{{- $objectType = index $sourcePath 2 -}} -{{- $objectInstanceKey = index $sourcePath 3 -}} -{{- end -}} -{{- end -}} +{{- $objectValues := (include "hull.util.transformation.getobjectvalues" .) | fromYaml -}} +{{- $objectType := index $objectValues "OBJECT_TYPE" -}} +{{- $objectInstanceKey := index $objectValues "OBJECT_INSTANCE_KEY" -}} {{- $parts := regexSplit ":" ($content | trim) -1 -}} {{- $parentContextSubmitted := false -}} {{- $resultKey := "" -}}