d14d826b26
The current copyright refers to a non-existent group "openstack helm authors" with often out-of-date references that are confusing when adding a new file to the repo. This change removes all references to this copyright by the non-existent group and any blank lines underneath. Change-Id: I1882738cf9757c5350a8533876fd37b5920b5235
199 lines
7.1 KiB
Smarty
199 lines
7.1 KiB
Smarty
{{/*
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/}}
|
|
|
|
{{/*
|
|
abstract: |
|
|
Returns a container definition for use with the kubernetes-entrypoint image
|
|
from stackanetes.
|
|
values: |
|
|
images:
|
|
tags:
|
|
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
|
|
pull_policy: IfNotPresent
|
|
local_registry:
|
|
active: true
|
|
exclude:
|
|
- dep_check
|
|
dependencies:
|
|
dynamic:
|
|
common:
|
|
local_image_registry:
|
|
jobs:
|
|
- calico-image-repo-sync
|
|
services:
|
|
- endpoint: node
|
|
service: local_image_registry
|
|
static:
|
|
calico_node:
|
|
services:
|
|
- endpoint: internal
|
|
service: etcd
|
|
custom_resources:
|
|
- apiVersion: argoproj.io/v1alpha1
|
|
kind: Workflow
|
|
name: wf-example
|
|
fields:
|
|
- key: "status.phase"
|
|
value: "Succeeded"
|
|
endpoints:
|
|
local_image_registry:
|
|
namespace: docker-registry
|
|
hosts:
|
|
default: localhost
|
|
node: localhost
|
|
etcd:
|
|
hosts:
|
|
default: etcd
|
|
# NOTE (portdirect): if the stanza, or a portion of it, under `pod` is not
|
|
# specififed then the following will be used as defaults:
|
|
# pod:
|
|
# security_context:
|
|
# kubernetes_entrypoint:
|
|
# container:
|
|
# kubernetes_entrypoint:
|
|
# runAsUser: 65534
|
|
# readOnlyRootFilesystem: true
|
|
# allowPrivilegeEscalation: false
|
|
pod:
|
|
security_context:
|
|
kubernetes_entrypoint:
|
|
container:
|
|
kubernetes_entrypoint:
|
|
runAsUser: 0
|
|
readOnlyRootFilesystem: false
|
|
usage: |
|
|
{{ tuple . "calico_node" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" }}
|
|
return: |
|
|
- name: init
|
|
image: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
|
|
imagePullPolicy: IfNotPresent
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: false
|
|
runAsUser: 0
|
|
|
|
env:
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: metadata.name
|
|
- name: NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: metadata.namespace
|
|
- name: INTERFACE_NAME
|
|
value: eth0
|
|
- name: PATH
|
|
value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/
|
|
- name: DEPENDENCY_SERVICE
|
|
value: "default:etcd,docker-registry:localhost"
|
|
- name: DEPENDENCY_JOBS
|
|
value: "calico-image-repo-sync"
|
|
- name: DEPENDENCY_DAEMONSET
|
|
value: ""
|
|
- name: DEPENDENCY_CONTAINER
|
|
value: ""
|
|
- name: DEPENDENCY_POD_JSON
|
|
value: ""
|
|
- name: DEPENDENCY_CUSTOM_RESOURCE
|
|
value: "[{\"apiVersion\":\"argoproj.io/v1alpha1\",\"kind\":\"Workflow\",\"namespace\":\"default\",\"name\":\"wf-example\",\"fields\":[{\"key\":\"status.phase\",\"value\":\"Succeeded\"}]}]"
|
|
command:
|
|
- kubernetes-entrypoint
|
|
volumeMounts:
|
|
[]
|
|
*/}}
|
|
|
|
{{- define "helm-toolkit.snippets.kubernetes_entrypoint_init_container._default_security_context" -}}
|
|
Values:
|
|
pod:
|
|
security_context:
|
|
kubernetes_entrypoint:
|
|
container:
|
|
kubernetes_entrypoint:
|
|
runAsUser: 65534
|
|
readOnlyRootFilesystem: true
|
|
allowPrivilegeEscalation: false
|
|
{{- end -}}
|
|
|
|
{{- define "helm-toolkit.snippets.kubernetes_entrypoint_init_container" -}}
|
|
{{- $envAll := index . 0 -}}
|
|
{{- $component := index . 1 -}}
|
|
{{- $mounts := index . 2 -}}
|
|
|
|
{{- $_ := set $envAll.Values "__kubernetes_entrypoint_init_container" dict -}}
|
|
{{- $_ := set $envAll.Values.__kubernetes_entrypoint_init_container "deps" dict -}}
|
|
{{- if and ($envAll.Values.images.local_registry.active) (ne $component "image_repo_sync") -}}
|
|
{{- if eq $component "pod_dependency" -}}
|
|
{{- $_ := include "helm-toolkit.utils.merge" ( tuple $envAll.Values.__kubernetes_entrypoint_init_container.deps ( index $envAll.Values.pod_dependency ) $envAll.Values.dependencies.dynamic.common.local_image_registry ) -}}
|
|
{{- else -}}
|
|
{{- $_ := include "helm-toolkit.utils.merge" ( tuple $envAll.Values.__kubernetes_entrypoint_init_container.deps ( index $envAll.Values.dependencies.static $component ) $envAll.Values.dependencies.dynamic.common.local_image_registry ) -}}
|
|
{{- end -}}
|
|
{{- else -}}
|
|
{{- if eq $component "pod_dependency" -}}
|
|
{{- $_ := set $envAll.Values.__kubernetes_entrypoint_init_container "deps" ( index $envAll.Values.pod_dependency ) -}}
|
|
{{- else -}}
|
|
{{- $_ := set $envAll.Values.__kubernetes_entrypoint_init_container "deps" ( index $envAll.Values.dependencies.static $component ) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
{{- $deps := $envAll.Values.__kubernetes_entrypoint_init_container.deps }}
|
|
{{- range $deps.custom_resources }}
|
|
{{- $_ := set . "namespace" $envAll.Release.Namespace -}}
|
|
{{- end -}}
|
|
{{- $default_security_context := include "helm-toolkit.snippets.kubernetes_entrypoint_init_container._default_security_context" . | fromYaml }}
|
|
{{- $patchedEnvAll := mergeOverwrite $default_security_context $envAll }}
|
|
- name: init
|
|
{{ tuple $envAll "dep_check" | include "helm-toolkit.snippets.image" | indent 2 }}
|
|
{{- dict "envAll" $patchedEnvAll "application" "kubernetes_entrypoint" "container" "kubernetes_entrypoint" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 2 }}
|
|
env:
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: metadata.name
|
|
- name: NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: metadata.namespace
|
|
- name: INTERFACE_NAME
|
|
value: eth0
|
|
- name: PATH
|
|
value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/
|
|
- name: DEPENDENCY_SERVICE
|
|
value: "{{ tuple $deps.services $envAll | include "helm-toolkit.utils.comma_joined_service_list" }}"
|
|
{{- if $deps.jobs -}}
|
|
{{- if kindIs "string" (index $deps.jobs 0) }}
|
|
- name: DEPENDENCY_JOBS
|
|
value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.jobs }}"
|
|
{{- else }}
|
|
- name: DEPENDENCY_JOBS_JSON
|
|
value: {{- toJson $deps.jobs | quote -}}
|
|
{{- end -}}
|
|
{{- end }}
|
|
- name: DEPENDENCY_DAEMONSET
|
|
value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.daemonset }}"
|
|
- name: DEPENDENCY_CONTAINER
|
|
value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.container }}"
|
|
- name: DEPENDENCY_POD_JSON
|
|
value: {{ if $deps.pod }}{{ toJson $deps.pod | quote }}{{ else }}""{{ end }}
|
|
- name: DEPENDENCY_CUSTOM_RESOURCE
|
|
value: {{ if $deps.custom_resources }}{{ toJson $deps.custom_resources | quote }}{{ else }}""{{ end }}
|
|
command:
|
|
- kubernetes-entrypoint
|
|
volumeMounts:
|
|
{{ toYaml $mounts | indent 4 }}
|
|
{{- end -}}
|