From 5aae8cafdb9133a8e0cc9dbf464659a96d3f3ab7 Mon Sep 17 00:00:00 2001 From: Cyril Jouve Date: Thu, 7 Dec 2023 17:35:30 +0100 Subject: [PATCH] [distribution] new chart --- charts/distribution/.helmignore | 23 ++ charts/distribution/Chart.lock | 6 + charts/distribution/Chart.yaml | 18 + charts/distribution/README.md | 100 +++++ charts/distribution/templates/_helpers.tpl | 13 + charts/distribution/templates/configmap.yaml | 25 ++ charts/distribution/templates/deployment.yaml | 143 +++++++ charts/distribution/templates/ingress.yaml | 53 +++ .../templates/persistentvolumeclaim.yaml | 23 ++ charts/distribution/templates/service.yaml | 49 +++ .../templates/serviceaccount.yaml | 12 + .../templates/servicemonitor.yaml | 39 ++ charts/distribution/values.yaml | 348 ++++++++++++++++++ 13 files changed, 852 insertions(+) create mode 100644 charts/distribution/.helmignore create mode 100644 charts/distribution/Chart.lock create mode 100644 charts/distribution/Chart.yaml create mode 100644 charts/distribution/README.md create mode 100644 charts/distribution/templates/_helpers.tpl create mode 100644 charts/distribution/templates/configmap.yaml create mode 100644 charts/distribution/templates/deployment.yaml create mode 100644 charts/distribution/templates/ingress.yaml create mode 100644 charts/distribution/templates/persistentvolumeclaim.yaml create mode 100644 charts/distribution/templates/service.yaml create mode 100644 charts/distribution/templates/serviceaccount.yaml create mode 100644 charts/distribution/templates/servicemonitor.yaml create mode 100644 charts/distribution/values.yaml diff --git a/charts/distribution/.helmignore b/charts/distribution/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/distribution/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/distribution/Chart.lock b/charts/distribution/Chart.lock new file mode 100644 index 0000000..08e0e2b --- /dev/null +++ b/charts/distribution/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + version: 2.13.3 +digest: sha256:6fbdc8a525f6f9f98ec4ac5d11b049993f2e5800fd2f44b3abb3b00b74936ee0 +generated: "2023-12-07T13:25:57.872831+01:00" diff --git a/charts/distribution/Chart.yaml b/charts/distribution/Chart.yaml new file mode 100644 index 0000000..357fcee --- /dev/null +++ b/charts/distribution/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: distribution +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: 2.8.3 +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + version: 2.x.x +sources: +- https://github.com/jouve/charts +- https://github.com/distribution/distribution/ +maintainers: +- name: jouve + url: https://github.com/jouve +annotations: + artifacthub.io/license: GPL-3.0-or-later diff --git a/charts/distribution/README.md b/charts/distribution/README.md new file mode 100644 index 0000000..f7dfac0 --- /dev/null +++ b/charts/distribution/README.md @@ -0,0 +1,100 @@ +# distribution + +## usage + +```console +helm repo add jouve https://jouve.github.io/charts/ +helm install mailpit jouve/distribution +``` + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | + +### Distribution parameters + +| Name | Description | Value | +| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------- | +| `image.registry` | image registry | `docker.io` | +| `image.repository` | image repository | `distribution/distribution` | +| `image.tag` | image tag (immutable tags are recommended) | `2.8.3` | +| `image.digest` | image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | +| `image.pullPolicy` | image pull policy | `IfNotPresent` | +| `image.pullSecrets` | image pull secrets | `[]` | +| `configYml` | Registry config.yml | `{}` | +| `persistence.enabled` | Enable persistence using Persistent Volume Claims | `true` | +| `persistence.mountPath` | Path to mount the volume at. | `/var/lib/registry` | +| `persistence.subPath` | The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services | `""` | +| `persistence.storageClass` | Storage class of backing PVC | `""` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `persistence.labels` | Persistent Volume Claim labels | `{}` | +| `persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | +| `persistence.size` | Size of data volume | `8Gi` | +| `persistence.existingClaim` | The name of an existing PVC to use for persistence | `""` | +| `persistence.selector` | Selector to match an existing Persistent Volume for WordPress data PVC | `{}` | +| `persistence.dataSource` | Custom PVC data source | `{}` | +| `ingress.enabled` | Enable ingress | `false` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingress.hostname` | Default host for the ingress record | `hostname.local` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingress.path` | Default path for the ingress record | `/` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | +| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | +| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | +| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | +| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | +| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | +| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `true` | +| `service.type` | service type | `ClusterIP` | +| `service.nodePorts` | Node ports to expose | `{}` | +| `service.clusterIP` | service Cluster IP | `""` | +| `service.loadBalancerIP` | service Load Balancer IP | `""` | +| `service.loadBalancerSourceRanges` | service Load Balancer sources | `[]` | +| `service.externalTrafficPolicy` | service external traffic policy | `Cluster` | +| `service.annotations` | Additional custom annotations for service | `{}` | +| `service.extraPorts` | Extra ports to expose in service (normally used with the `sidecars` value) | `[]` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `metrics.enabled` | Enable the export of Prometheus metrics | `false` | +| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `metrics.serviceMonitor.annotations` | Additional custom annotations for the ServiceMonitor | `{}` | +| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `autoscaling.enabled` | Enable autoscaling for %%MAIN_OBJECT_BLOCK%% | `false` | +| `autoscaling.minReplicas` | Minimum number of replicas | `""` | +| `autoscaling.maxReplicas` | Maximum number of replicas | `""` | +| `autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `autoscaling.targetMemory` | Target Memory utilization percentage | `""` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `podSecurityContext.enabled` | Enabled pods' Security Context | `true` | +| `podSecurityContext.fsGroup` | Set pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set containers' Security Context runAsNonRoot | `true` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set containers' Security Context runAsNonRoot | `false` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | diff --git a/charts/distribution/templates/_helpers.tpl b/charts/distribution/templates/_helpers.tpl new file mode 100644 index 0000000..94fd2ce --- /dev/null +++ b/charts/distribution/templates/_helpers.tpl @@ -0,0 +1,13 @@ +{{/* +Create the name of the service account to use +usage: {{ template "common.names.serviceAccountName" (dict "serviceAccountRoot" .Values.serviceAccount "context" .) }} +*/}} +{{- define "common.names.serviceAccountName" -}} +{{- if .serviceAccountRoot.name -}} +{{ tpl .serviceAccountRoot.name .context }} +{{- else if .serviceAccountRoot.create -}} +{{ template "common.names.fullname" .context }} +{{- else -}} +default +{{- end -}} +{{- end -}} diff --git a/charts/distribution/templates/configmap.yaml b/charts/distribution/templates/configmap.yaml new file mode 100644 index 0000000..b66b716 --- /dev/null +++ b/charts/distribution/templates/configmap.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" . ) | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 4 }} + {{- end }} +data: + config.yml: | + {{- $config := include "common.tplvalues.render" (dict "value" .Values.configYml "context" .) | fromYaml }} + {{- if hasKey $config "storage" | not | and .Values.persistence.enabled }} + {{- $config := merge + $config + (dict + "storage" (dict + "filesystem" (dict + "rootdirectory" "/var/lib/registry" + ) + ) + ) + -}} + {{- end }} + {{- $config | toYaml | nindent 4 }} diff --git a/charts/distribution/templates/deployment.yaml b/charts/distribution/templates/deployment.yaml new file mode 100644 index 0000000..0d2a838 --- /dev/null +++ b/charts/distribution/templates/deployment.yaml @@ -0,0 +1,143 @@ +apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" . ) | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + {{- with .Values.updateStrategy }} + strategy: {{- toYaml . | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.podLabels .Values.commonLabels) "context" .) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + annotations: + checksum/config: {{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" .) }} + {{- with .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "common.names.serviceAccountName" (dict "serviceAccountRoot" .Values.serviceAccount "context" .) }} + {{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image) "context" .) | nindent 6 -}} + {{- with .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" . "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" . "context" $) | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} + {{- end }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . | quote }} + {{- end }} + {{- with .Values.schedulerName }} + schedulerName: {{ . | quote }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- with .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} + initContainers: + {{- with .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} + {{- end }} + containers: + - name: main + image: {{ template "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + {{- with .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- with .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ template "common.tplvalues.render" (dict "value" . "context" $) }} + {{- end }} + {{- with .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ template "common.tplvalues.render" (dict "value" . "context" $) }} + {{- end }} + {{- with .Values.resources }} + resources: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: 5000 + {{- if not .Values.diagnosticMode.enabled }} + {{- with .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12 }} + {{- else }} + #livenessProbe: {} + {{- end }} + {{- with .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12 }} + {{- else }} + #readinessProbe: {} + {{- end }} + {{- with .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12 }} + {{- else }} + #startupProbe: {} + {{- end }} + {{- end }} + {{- with .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: etc + mountPath: /etc/docker/registry + - name: registry + mountPath: {{ .Values.persistence.mountPath }} + {{- with .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12 }} + {{- end }} + {{- with .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: etc + configMap: + name: {{ template "common.names.fullname" . }} + - name: registry + persistentVolumeClaim: + claimName: {{ with .Values.persistence.existingClaim }}{{ . }}{{ else }}{{ template "common.names.fullname" . }}{{ end }} + {{- with .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} + {{- end }} diff --git a/charts/distribution/templates/ingress.yaml b/charts/distribution/templates/ingress.yaml new file mode 100644 index 0000000..1444461 --- /dev/null +++ b/charts/distribution/templates/ingress.yaml @@ -0,0 +1,53 @@ +{{- if .Values.ingress.enabled }} +apiVersion: {{ template "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" . ) | nindent 4 }} + {{- with list .Values.ingress.annotations .Values.commonAnnotations | dict "context" . "values" | include "common.tplvalues.merge" | fromYaml }} + annotations: {{- . | toYaml | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ingress.hostname }} + - host: {{ .Values.ingress.hostname }} + http: + paths: + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} + {{- with .Values.ingress.extraPaths }} + {{- include "common.tplvalues.render" (dict . "context" $) | nindent 10 }} + {{- end }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- with .Values.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} + tls: + {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} + - hosts: + - {{ .Values.ingress.hostname | quote }} + secretName: {{ template "common.names.fullname" . }}-tls + {{- end }} + {{- with .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/distribution/templates/persistentvolumeclaim.yaml b/charts/distribution/templates/persistentvolumeclaim.yaml new file mode 100644 index 0000000..3fd47fa --- /dev/null +++ b/charts/distribution/templates/persistentvolumeclaim.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" . ) | nindent 4 }} + {{- with include "common.tplvalues.merge" (dict "values" (list .Values.persistence.annotations .Values.commonAnnotations) "context" .) | fromYaml }} + annotations: {{- . | toYaml | nindent 4 }} + {{- end }} +spec: + accessModes: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.accessModes "context" $) | nindent 4 }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- with .Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} + {{- end }} + {{- with .Values.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} +{{- end -}} diff --git a/charts/distribution/templates/service.yaml b/charts/distribution/templates/service.yaml new file mode 100644 index 0000000..5373397 --- /dev/null +++ b/charts/distribution/templates/service.yaml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" . ) | nindent 4 }} + {{- with include "common.tplvalues.merge" (dict "values" (list .Values.service.annotations .Values.commonAnnotations) "context" .) | fromYaml }} + annotations: {{- . | toYaml | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- with .Values.service.sessionAffinity }} + sessionAffinity: {{ . }} + {{- end }} + {{- with .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} + {{- end }} + {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - name: http + port: 80 + targetPort: http + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) .Values.service.nodePorts.http }} + nodePort: {{ .Values.service.nodePorts.http }} + {{- end }} + - name: metrics + port: 5001 + targetPort: metrics + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) .Values.service.nodePorts.http }} + nodePort: {{ .Values.service.nodePorts.http }} + {{- end }} + {{- with .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.podLabels .Values.commonLabels) "context" .) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} diff --git a/charts/distribution/templates/serviceaccount.yaml b/charts/distribution/templates/serviceaccount.yaml new file mode 100644 index 0000000..04a6ce7 --- /dev/null +++ b/charts/distribution/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "common.names.serviceAccountName" (dict "serviceAccountRoot" .Values.serviceAccount "context" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- with include "common.tplvalues.merge" (dict "values" (list .Values.serviceAccount.annotations .Values.commonAnnotations) "context" .) | fromYaml }} + annotations: {{- . | toYaml | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/distribution/templates/servicemonitor.yaml b/charts/distribution/templates/servicemonitor.yaml new file mode 100644 index 0000000..136186e --- /dev/null +++ b/charts/distribution/templates/servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.tplvalues.merge" (dict "values" .Values.metrics.serviceMonitor.labels .Values.commonLabels "context" .) | nindent 4 }} + {{- with include "common.tplvalues.merge" (dict "values" (list .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations) "context" .) | fromYaml }} + annotations: {{- . | toYaml | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + {{- with .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: metrics + path: /metrics + {{- with .Values.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" . "context" $) | nindent 8 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" . "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/charts/distribution/values.yaml b/charts/distribution/values.yaml new file mode 100644 index 0000000..90407b2 --- /dev/null +++ b/charts/distribution/values.yaml @@ -0,0 +1,348 @@ +## @section Global parameters + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + +## @section Distribution parameters + +## distribution image +## ref: https://hub.docker.com/r/distribution/distribution/tags +## @param image.registry image registry +## @param image.repository image repository +## @param image.tag image tag (immutable tags are recommended) +## @param image.digest image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) +## @param image.pullPolicy image pull policy +## @param image.pullSecrets image pull secrets +## +image: + registry: docker.io + repository: distribution/distribution + tag: 2.8.3 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + +## @param configYml [object] Registry config.yml +configYml: + version: 0.1 + log: + level: debug + http: + addr: :5000 + debug: + addr: :5001 + prometheus: + enabled: true + path: /metrics + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable persistence using Persistent Volume Claims + ## + enabled: true + ## @param persistence.mountPath Path to mount the volume at. + ## + mountPath: /var/lib/registry + ## @param persistence.subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services + ## + subPath: "" + ## @param persistence.storageClass Storage class of backing PVC + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param persistence.annotations Persistent Volume Claim annotations + ## + annotations: {} + ## @param persistence.labels Persistent Volume Claim labels + ## + labels: {} + ## @param persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size Size of data volume + ## + size: 8Gi + ## @param persistence.existingClaim The name of an existing PVC to use for persistence + ## + existingClaim: "" + ## @param persistence.selector Selector to match an existing Persistent Volume for WordPress data PVC + ## If set, the PVC can't have a PV dynamically provisioned for it + selector: {} + ## @param persistence.dataSource Custom PVC data source + ## + dataSource: {} + +## ingress parameters +## ref: http://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress + ## + enabled: false + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.hostname Default host for the ingress record + ## + hostname: hostname.local + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + ## + path: / + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + annotations: {} + ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + extraHosts: [] + ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host + extraPaths: [] + ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + extraTls: [] + ## @param ingress.secrets Custom TLS certificates as secrets + ## NOTE: 'key' and 'certificate' are expected in PEM format + ## NOTE: 'name' should line up with a 'secretName' set further up + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + secrets: [] + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + extraRules: [] + +## ServiceAccount configuration +## +serviceAccount: + ## @param serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template) + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## + automountServiceAccountToken: true + +## service parameters +## +service: + ## @param service.type service type + ## + type: ClusterIP + ## @param service.nodePorts Node ports to expose + ## NOTE: choose port between <30000-32767> + ## + nodePorts: {} + ## @param service.clusterIP service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.loadBalancerIP service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Additional custom annotations for service + ## + annotations: {} + ## @param service.extraPorts Extra ports to expose in service (normally used with the `sidecars` value) + ## + extraPorts: [] + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## Prometheus metrics +## +metrics: + ## @param metrics.enabled Enable the export of Prometheus metrics + ## + enabled: false + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor + ## + annotations: {} + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + +## Autoscaling configuration +## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +## @param autoscaling.enabled Enable autoscaling for %%MAIN_OBJECT_BLOCK%% +## @param autoscaling.minReplicas Minimum number of replicas +## @param autoscaling.maxReplicas Maximum number of replicas +## @param autoscaling.targetCPU Target CPU utilization percentage +## @param autoscaling.targetMemory Target Memory utilization percentage +## +autoscaling: + enabled: false + minReplicas: "" + maxReplicas: "" + targetCPU: "" + targetMemory: "" + +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + +## Configure Pods Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enabled pods' Security Context +## @param podSecurityContext.fsGroup Set pod's Security Context fsGroup +## +podSecurityContext: + enabled: true + fsGroup: 1001 + +## Configure Container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled containers' Security Context +## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set containers' Security Context runAsNonRoot +## @param containerSecurityContext.readOnlyRootFilesystem Set containers' Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + readOnlyRootFilesystem: false + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity